First commit

master
Mauro Mugnaini 3 years ago
commit f0b380456c

@ -0,0 +1,310 @@
Originale
Permalink
Blame
Cronologia
European Union Public Licence v. 1.2
EUPL © the European Union 2007, 2016
This European Union Public Licence (the 'EUPL') applies to the Work (as defined
below) which is provided under the terms of this Licence. Any use of the Work,
other than as authorised under this Licence is prohibited (to the extent such
use is covered by a right of the copyright holder of the Work).
The Work is provided under the terms of this Licence when the Licensor (as
defined below) has placed the following notice immediately following the copyright
notice for the Work:
Licensed under the EUPL
or has expressed by any other means his willingness to license under the EUPL.
1. Definitions
In this Licence, the following terms have the following meaning:
— 'The Licence': this Licence.
— 'The Original Work': the work or software distributed or communicated by
the Licensor under this Licence, available as Source Code and also as Executable
Code as the case may be.
— 'Derivative Works': the works or software that could be created by the Licensee,
based upon the Original Work or modifications thereof. This Licence does not
define the extent of modification or dependence on the Original Work required
in order to classify a work as a Derivative Work; this extent is determined
by copyright law applicable in the country mentioned in Article 15.
— 'The Work': the Original Work or its Derivative Works.
— 'The Source Code': the human-readable form of the Work which is the most
convenient for people to study and modify.
— 'The Executable Code': any code which has generally been compiled and which
is meant to be interpreted by a computer as a program.
— 'The Licensor': the natural or legal person that distributes or communicates
the Work under the Licence.
— 'Contributor(s)': any natural or legal person who modifies the Work under
the Licence, or otherwise contributes to the creation of a Derivative Work.
— 'The Licensee' or 'You': any natural or legal person who makes any usage
of the Work under the terms of the Licence.
— 'Distribution' or 'Communication': any act of selling, giving, lending,
renting, distributing, communicating, transmitting, or otherwise making available,
online or offline, copies of the Work or providing access to its essential
functionalities at the disposal of any other natural or legal person.
2. Scope of the rights granted by the Licence
The Licensor hereby grants You a worldwide, royalty-free, non-exclusive, sublicensable
licence to do the following, for the duration of copyright vested in the Original
Work:
— use the Work in any circumstance and for all usage,
— reproduce the Work,
— modify the Work, and make Derivative Works based upon the Work,
— communicate to the public, including the right to make available or display
the Work or copies thereof to the public and perform publicly, as the case
may be, the Work,
— distribute the Work or copies thereof,
— lend and rent the Work or copies thereof,
— sublicense rights in the Work or copies thereof.
Those rights can be exercised on any media, supports and formats, whether
now known or later invented, as far as the applicable law permits so.
In the countries where moral rights apply, the Licensor waives his right to
exercise his moral right to the extent allowed by law in order to make effective
the licence of the economic rights here above listed.
The Licensor grants to the Licensee royalty-free, non-exclusive usage rights
to any patents held by the Licensor, to the extent necessary to make use of
the rights granted on the Work under this Licence.
3. Communication of the Source Code
The Licensor may provide the Work either in its Source Code form, or as Executable
Code. If the Work is provided as Executable Code, the Licensor provides in
addition a machine-readable copy of the Source Code of the Work along with
each copy of the Work that the Licensor distributes or indicates, in a notice
following the copyright notice attached to the Work, a repository where the
Source Code is easily and freely accessible for as long as the Licensor continues
to distribute or communicate the Work.
4. Limitations on copyright
Nothing in this Licence is intended to deprive the Licensee of the benefits
from any exception or limitation to the exclusive rights of the rights owners
in the Work, of the exhaustion of those rights or of other applicable limitations
thereto.
5. Obligations of the Licensee
The grant of the rights mentioned above is subject to some restrictions and
obligations imposed on the Licensee. Those obligations are the following:
Attribution right: The Licensee shall keep intact all copyright, patent or
trademarks notices and all notices that refer to the Licence and to the disclaimer
of warranties. The Licensee must include a copy of such notices and a copy
of the Licence with every copy of the Work he/she distributes or communicates.
The Licensee must cause any Derivative Work to carry prominent notices stating
that the Work has been modified and the date of modification.
Copyleft clause: If the Licensee distributes or communicates copies of the
Original Works or Derivative Works, this Distribution or Communication will
be done under the terms of this Licence or of a later version of this Licence
unless the Original Work is expressly distributed only under this version
of the Licence — for example by communicating 'EUPL v. 1.2 only'. The Licensee
(becoming Licensor) cannot offer or impose any additional terms or conditions
on the Work or Derivative Work that alter or restrict the terms of the Licence.
Compatibility clause: If the Licensee Distributes or Communicates Derivative
Works or copies thereof based upon both the Work and another work licensed
under a Compatible Licence, this Distribution or Communication can be done
under the terms of this Compatible Licence. For the sake of this clause, 'Compatible
Licence' refers to the licences listed in the appendix attached to this Licence.
Should the Licensee's obligations under the Compatible Licence conflict with
his/her obligations under this Licence, the obligations of the Compatible
Licence shall prevail.
Provision of Source Code: When distributing or communicating copies of the
Work, the Licensee will provide a machine-readable copy of the Source Code
or indicate a repository where this Source will be easily and freely available
for as long as the Licensee continues to distribute or communicate the Work.
Legal Protection: This Licence does not grant permission to use the trade
names, trademarks, service marks, or names of the Licensor, except as required
for reasonable and customary use in describing the origin of the Work and
reproducing the content of the copyright notice.
6. Chain of Authorship
The original Licensor warrants that the copyright in the Original Work granted
hereunder is owned by him/her or licensed to him/her and that he/she has the
power and authority to grant the Licence.
Each Contributor warrants that the copyright in the modifications he/she brings
to the Work are owned by him/her or licensed to him/her and that he/she has
the power and authority to grant the Licence.
Each time You accept the Licence, the original Licensor and subsequent Contributors
grant You a licence to their contributions to the Work, under the terms of
this Licence.
7. Disclaimer of Warranty
The Work is a work in progress, which is continuously improved by numerous
Contributors. It is not a finished work and may therefore contain defects
or 'bugs' inherent to this type of development.
For the above reason, the Work is provided under the Licence on an 'as is'
basis and without warranties of any kind concerning the Work, including without
limitation merchantability, fitness for a particular purpose, absence of defects
or errors, accuracy, non-infringement of intellectual property rights other
than copyright as stated in Article 6 of this Licence.
This disclaimer of warranty is an essential part of the Licence and a condition
for the grant of any rights to the Work.
8. Disclaimer of Liability
Except in the cases of wilful misconduct or damages directly caused to natural
persons, the Licensor will in no event be liable for any direct or indirect,
material or moral, damages of any kind, arising out of the Licence or of the
use of the Work, including without limitation, damages for loss of goodwill,
work stoppage, computer failure or malfunction, loss of data or any commercial
damage, even if the Licensor has been advised of the possibility of such damage.
However, the Licensor will be liable under statutory product liability laws
as far such laws apply to the Work.
9. Additional agreements
While distributing the Work, You may choose to conclude an additional agreement,
defining obligations or services consistent with this Licence. However, if
accepting obligations, You may act only on your own behalf and on your sole
responsibility, not on behalf of the original Licensor or any other Contributor,
and only if You agree to indemnify, defend, and hold each Contributor harmless
for any liability incurred by, or claims asserted against such Contributor
by the fact You have accepted any warranty or additional liability.
10. Acceptance of the Licence
The provisions of this Licence can be accepted by clicking on an icon 'I agree'
placed under the bottom of a window displaying the text of this Licence or
by affirming consent in any other similar way, in accordance with the rules
of applicable law. Clicking on that icon indicates your clear and irrevocable
acceptance of this Licence and all of its terms and conditions.
Similarly, you irrevocably accept this Licence and all of its terms and conditions
by exercising any rights granted to You by Article 2 of this Licence, such
as the use of the Work, the creation by You of a Derivative Work or the Distribution
or Communication by You of the Work or copies thereof.
11. Information to the public
In case of any Distribution or Communication of the Work by means of electronic
communication by You (for example, by offering to download the Work from a
remote location) the distribution channel or media (for example, a website)
must at least provide to the public the information requested by the applicable
law regarding the Licensor, the Licence and the way it may be accessible,
concluded, stored and reproduced by the Licensee.
12. Termination of the Licence
The Licence and the rights granted hereunder will terminate automatically
upon any breach by the Licensee of the terms of the Licence.
Such a termination will not terminate the licences of any person who has received
the Work from the Licensee under the Licence, provided such persons remain
in full compliance with the Licence.
13. Miscellaneous
Without prejudice of Article 9 above, the Licence represents the complete
agreement between the Parties as to the Work.
If any provision of the Licence is invalid or unenforceable under applicable
law, this will not affect the validity or enforceability of the Licence as
a whole. Such provision will be construed or reformed so as necessary to make
it valid and enforceable.
The European Commission may publish other linguistic versions or new versions
of this Licence or updated versions of the Appendix, so far this is required
and reasonable, without reducing the scope of the rights granted by the Licence.
New versions of the Licence will be published with a unique version number.
All linguistic versions of this Licence, approved by the European Commission,
have identical value. Parties can take advantage of the linguistic version
of their choice.
14. Jurisdiction
Without prejudice to specific agreement between parties,
— any litigation resulting from the interpretation of this License, arising
between the European Union institutions, bodies, offices or agencies, as a
Licensor, and any Licensee, will be subject to the jurisdiction of the Court
of Justice of the European Union, as laid down in article 272 of the Treaty
on the Functioning of the European Union,
— any litigation arising between other parties and resulting from the interpretation
of this License, will be subject to the exclusive jurisdiction of the competent
court where the Licensor resides or conducts its primary business.
15. Applicable Law
Without prejudice to specific agreement between parties,
— this Licence shall be governed by the law of the European Union Member State
where the Licensor has his seat, resides or has his registered office,
— this licence shall be governed by Belgian law if the Licensor has no seat,
residence or registered office inside a European Union Member State.
Appendix
'Compatible Licences' according to Article 5 EUPL are:
— GNU General Public License (GPL) v. 2, v. 3
— GNU Affero General Public License (AGPL) v. 3
— Open Software License (OSL) v. 2.1, v. 3.0
— Eclipse Public License (EPL) v. 1.0
— CeCILL v. 2.0, v. 2.1
— Mozilla Public Licence (MPL) v. 2
— GNU Lesser General Public Licence (LGPL) v. 2.1, v. 3
— Creative Commons Attribution-ShareAlike v. 3.0 Unported (CC BY-SA 3.0) for
works other than software
— European Union Public Licence (EUPL) v. 1.1, v. 1.2
— Québec Free and Open-Source Licence — Reciprocity (LiLiQ-R) or Strong Reciprocity
(LiLiQ-R+).
The European Commission may update this Appendix to later versions of the
above licences without producing a new version of the EUPL, as long as they
provide the rights granted in Article 2 of this Licence and protect the covered
Source Code from exclusive appropriation.
All other changes or additions to this Appendix require the production of
a new EUPL version.

@ -0,0 +1,9 @@
---
env : "dev"
keycloak_server : "accounts.{{ env }}.d4science.org"
keycloak_baseurl: "https://{{keycloak_server}}"
d4science_realm_name: "d4scienceee"
d4science_realm_url: "{{ keycloak_baseurl }}/auth/admin/realms/{{ d4science_realm_name }}"
d4science_realm_theme: "d4science"
ldap_server: "ldap.pre.d4science.org"
orchestrator_baseUrl: "https://orchestrator.d4science.org/api/workflow/"

@ -0,0 +1,12 @@
---
keycloak_username: ""
keycloak_password: ""
eosc_clientId: ""
eosc_clientSecret: ""
linkedin_clientId: ""
linkedin_clientSecret: ""
google_clientId: ""
google_clientSecret: ""
recaptcha_key: ""
recaptcha_secret: ""
ldap_credential: ""

@ -0,0 +1,36 @@
$ANSIBLE_VAULT;1.1;AES256
65633233343737346434623733613537313636366164336637656434633362643536316430306666
3739373234636662646637663163336136386566386631370a623038336435643031643865656637
62386663643066346330376630353333636663363433623831656534613833383835613466636565
6363366661663039630a376133303438373864613035663136323834656530633636636637353032
62633435326661626131356535313832613134633631393264383039396161633561343738643965
37643665643639636165653137353038396536633138313563316165663334393038383239653461
30333834656664633564656363396633303636616436353766326566643437373535343530616662
65333963393738623966623138356562356539363637316133656565346638346265366633373362
62653239323665633032353765313862396135623231393932623630303965303563633835613437
39316365343235303765623132323861323139613064326565643031303063646461613633643431
31306363363437393334633761316265393264613465323466376365346266373335343139646532
37336635366363383230353238333339326635663635373234373233346361653964323266663365
31623434656661353735636263333761313062363439346633393830383733636362373761666430
66343732333066383264663632343838663631336266363066616562386333346661633234363035
63333762353235326638323662396661643037376664333764393739643534363861316431643963
61323061386466623562383862316261313430376361666132623863373265646266366439646239
33393630336431346330383834353734373539303731653237613664643463366262356462336262
33326337653335653033373537366431623666613639343338313566306134386366613937333830
30336532386333633436383738373439663466653862316264356438653061373362336666393736
35373130316638353234373434616232326565393866366133303039656463356161326531353065
63636637313233623661356633343038623464656430643339353934333737363936363738663462
62333431303139666562653836616633636535336264396530306637326362663631643061616232
33326534333338366132313230396266333438303133653862616435633138346237386631363936
64646432616364636336373737346436653566326439663364653030613538373631653931333236
63343735306665636532353932323239366366613732303564303737393734303639666631303837
62616665376634353337396334353431386334653031633366393762366635366462396265396331
38663137343462613438616636376163613462376631343566363263383435656363363162343864
36343936386362363263333034666534383032663431393562303934343232303063386134663633
66636366373835326132626138646165376431646566393834346164613065646234626333333337
34353231616136623263306563383063316530353234333334666664313366623137393665326434
35313432373034366335313237376539376133383665623537313835373566313036383863653539
35313435663364646533376461386435363131663766353165616562336536623734623961613031
34383930653961346233333135363363363930383337643964396432353663643535316163373935
66656663303632653935333936343666613663346437663037336235646361363733386538373738
646164323961613266623033646532653830

@ -0,0 +1,3 @@
{
"clientRole" : false, "name" : "Infrastructure-Client", "description" : "Infrastructure-Client role"
}

@ -0,0 +1,3 @@
{
"clientRole" : false, "name" : "Infrastructure-Manager", "description" : "Infrastructure-Manager role"
}

@ -0,0 +1,30 @@
---
galaxy_info:
author: Mauro Mugnaini
description: Devop
company: Nubisware S.r.l.
issue_tracker_url: https://redmine-s2i2s.isti.cnr.it/projects/provisioning
license: EUPL 1.2+
min_ansible_version: 2.8
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
platforms:
- name: Ubuntu
versions:
- bionic
- name: EL
versions:
- 7
- 8
galaxy_tags:
- keycloak
- d4science
- realm
dependencies:

@ -0,0 +1,246 @@
---
- name: "Getting Token for service access on Keycloak"
uri:
url: "{{ keycloak_baseurl }}/auth/realms/master/protocol/openid-connect/token"
method: POST
body_format: form-urlencoded
body:
username: "{{ keycloak_username }}"
password: "{{ keycloak_password }}"
grant_type: "password"
client_id: "admin-cli"
register: keycloak_token
run_once: True
- name: "Find out, if realm {{ d4science_realm_name }} exists on Keycloak"
uri:
url: "{{ d4science_realm_url }}"
method: GET
status_code:
- 200
- 404
headers:
Accept: "application/json"
Authorization: "Bearer {{ keycloak_token.json.access_token }}"
register: d4science_realm_check
run_once: True
- name: "Create and configure d4science realm named: {{ d4science_realm_name }}"
vars:
authorization: "Bearer {{ keycloak_token.json.access_token }}"
block:
- name: "Create new {{ d4science_realm_name }} realm on Keycloak"
uri:
url: "{{ keycloak_baseurl }}/auth/admin/realms"
method: POST
body: "{{ lookup('template', 'd4science_realm.json.j2') }}"
body_format: "json"
status_code:
- 201
headers:
Content-type: "application/json"
Accept: "application/json"
Authorization: "{{ authorization }}"
register: d4science_realm_create
- name: "Getting {{ d4science_realm_name }} registration flow executions"
uri:
url: "{{ d4science_realm_url }}/authentication/flows/registration/executions"
method: GET
status_code:
- 200
headers:
Accept: "application/json"
Authorization: "{{ authorization }}"
register: registration_executions
- name: "Enabling ReCaptcha registration flow executions"
uri:
url: "{{d4science_realm_url}}/authentication/flows/registration/executions"
method: PUT
body: "{'id':'{{ registration_executions.json | json_query(query_id) }}','requirement':'REQUIRED','providerId': 'registration-recaptcha-action' }"
body_format: "json"
status_code:
- 204
headers:
Content-type: "application/json"
Accept: "application/json"
Authorization: "{{ authorization }}"
vars:
query_id: "[?providerId == 'registration-recaptcha-action'] | [0].id"
- name: "Configuring ReCaptcha"
uri:
url: "{{d4science_realm_url}}/authentication/executions/{{ registration_executions.json | json_query(query_id) }}/config"
method: POST
body: "{'alias':'reCaptcha','config':{'secret':'{{ recaptcha_secret }}','site.key':'{{ recaptcha_key }}','useRecaptchaNet':'false'}}"
body_format: "json"
status_code:
- 201
headers:
Content-type: "application/json"
Accept: "application/json"
Authorization: "{{ authorization }}"
vars:
query_id: "[?providerId == 'registration-recaptcha-action'] | [0].id"
- name: "Adding Infrastructure-Manager realm role"
uri:
url: "{{d4science_realm_url}}/roles"
method: POST
body: "{{ lookup('file', 'infrastructure-manager_role.json') }}"
body_format: "json"
status_code:
- 201
headers:
Content-type: "application/json"
Accept: "application/json"
Authorization: "{{ authorization }}"
- name: "Adding Infrastructure-Client realm role"
uri:
url: "{{d4science_realm_url}}/roles"
method: POST
body: "{{ lookup('file', 'infrastructure-client_role.json') }}"
body_format: "json"
status_code:
- 201
headers:
Content-type: "application/json"
Accept: "application/json"
Authorization: "{{ authorization }}"
- name: "Adding orchestrator client to realm"
uri:
url: "{{ d4science_realm_url }}/clients"
method: POST
body: "{{ lookup('template', 'orchestrator_client.json.j2') }}"
body_format: "json"
status_code:
- 201
headers:
Content-type: "application/json"
Accept: "application/json"
Authorization: "{{ authorization }}"
register: orchestrator_client_create
- name: "Adding lr62_portal client to realm"
uri:
url: "{{ d4science_realm_url }}/clients"
method: POST
body: "{{ lookup('template', 'lr62_portal_client.json.j2') }}"
body_format: "json"
status_code:
- 201
headers:
Content-type: "application/json"
Accept: "application/json"
Authorization: "{{ authorization }}"
register: lr62_client_create
- name: "Getting orchestrator service-account-user"
uri:
url: "{{ d4science_realm_url }}/clients/{{ orchestrator_client_create.location.split('/').pop() }}/service-account-user"
method: GET
status_code:
- 200
headers:
Accept: "application/json"
Authorization: "{{ authorization }}"
register: orchestrator_sau
- name: "Getting lr62_portal service-account-user"
uri:
url: "{{ d4science_realm_url }}/clients/{{ lr62_client_create.location.split('/').pop() }}/service-account-user"
method: GET
status_code:
- 200
headers:
Accept: "application/json"
Authorization: "{{ authorization }}"
register: lr62_sau
- name: "Getting {{ d4science_realm_name }} realm roles"
uri:
url: "{{ d4science_realm_url }}/roles"
method: GET
status_code:
- 200
headers:
Accept: "application/json"
Authorization: "{{ authorization }}"
register: d4s_realm_roles
- name: "Assigning infrastructure-manager role to orchestrator SAU"
uri:
url: "{{ d4science_realm_url }}/users/{{ orchestrator_sau.json.id }}/role-mappings/realm"
method: POST
body: "{{ d4s_realm_roles.json | json_query(\"[?name == 'Infrastructure-Manager']\") }}"
body_format: "json"
status_code:
- 204
headers:
Content-type: "application/json"
Accept: "application/json"
Authorization: "{{ authorization }}"
register: lr62_client_create
- name: "Assigning infrastructure-client role to lr62_portal SAU"
uri:
url: "{{ d4science_realm_url }}/users/{{ lr62_sau.json.id }}/role-mappings/realm"
method: POST
body: "{{ d4s_realm_roles.json | json_query(query) }}"
body_format: "json"
status_code:
- 204
headers:
Content-type: "application/json"
Accept: "application/json"
Authorization: "{{ authorization }}"
register: lr62_client_create
vars:
query: "[?name == 'Infrastructure-Client']"
- name: "Getting realm-management client by clientId"
uri:
url: "{{ d4science_realm_url }}/clients?clientId=realm-management"
method: GET
status_code:
- 200
headers:
Accept: "application/json"
Authorization: "{{ authorization }}"
register: realm_management_client
- name: "Getting realm-management client roles"
uri:
url: "{{ d4science_realm_url }}/clients/{{ realm_management_client.json[0].id }}/roles"
method: GET
status_code:
- 200
headers:
Accept: "application/json"
Authorization: "{{ authorization }}"
register: realm_management_roles
- name: "Assigning realm-management roles to orchestrator SAU"
uri:
url: "{{ d4science_realm_url }}/users/{{ orchestrator_sau.json.id }}/role-mappings/clients/{{ realm_management_client.json[0].id }}"
method: POST
body: "{{ realm_management_roles.json | json_query(query) }}"
body_format: "json"
status_code:
- 204
headers:
Content-type: "application/json"
Accept: "application/json"
Authorization: "{{ authorization }}"
vars:
query: "[?contains([`manage-users`, `view-users`, `manage-clients`, `query-clients`, `query-users`], name)]"
run_once: True
when: "d4science_realm_check.status == 404"

@ -0,0 +1,623 @@
{
"id": "{{ d4science_realm_name }}",
"realm": "{{ d4science_realm_name }}",
"displayName": "D4Science Accounts {{ env }}",
"displayNameHtml": "<h2>D4Science {{ env }}</h2><p>Welcome</p>",
"notBefore": 0,
"revokeRefreshToken": false,
"refreshTokenMaxReuse": 0,
"accessTokenLifespan": 300,
"accessTokenLifespanForImplicitFlow": 900,
"ssoSessionIdleTimeout": 1800,
"ssoSessionMaxLifespan": 36000,
"ssoSessionIdleTimeoutRememberMe": 0,
"ssoSessionMaxLifespanRememberMe": 0,
"offlineSessionIdleTimeout": 2592000,
"offlineSessionMaxLifespanEnabled": false,
"offlineSessionMaxLifespan": 5184000,
"clientSessionIdleTimeout": 0,
"clientSessionMaxLifespan": 0,
"accessCodeLifespan": 60,
"accessCodeLifespanUserAction": 300,
"accessCodeLifespanLogin": 1800,
"actionTokenGeneratedByAdminLifespan": 43200,
"actionTokenGeneratedByUserLifespan": 300,
"enabled": true,
"sslRequired": "external",
"registrationAllowed": true,
"registrationEmailAsUsername": false,
"rememberMe": true,
"verifyEmail": true,
"loginWithEmailAllowed": true,
"duplicateEmailsAllowed": false,
"resetPasswordAllowed": true,
"editUsernameAllowed": false,
"bruteForceProtected": true,
"permanentLockout": false,
"maxFailureWaitSeconds": 900,
"minimumQuickLoginWaitSeconds": 60,
"waitIncrementSeconds": 60,
"quickLoginCheckMilliSeconds": 1000,
"maxDeltaTimeSeconds": 43200,
"failureFactor": 30,
"defaultRoles": [
"offline_access",
"uma_authorization"
],
"requiredCredentials": [
"password"
],
"passwordPolicy": "length(8)",
"browserSecurityHeaders": {
"contentSecurityPolicyReportOnly": "",
"xContentTypeOptions": "nosniff",
"xRobotsTag": "none",
"xFrameOptions": "ALLOW-FROM https://www.google.com",
"contentSecurityPolicy": "frame-src 'self' https://www.google.com;",
"xXSSProtection": "1; mode=block",
"strictTransportSecurity": "max-age=31536000; includeSubDomains"
},
"smtpServer": {
"host": "localhost",
"from": "noreply@d4science.org",
"starttls": "",
"auth": "",
"ssl": ""
},
"loginTheme": "{{ d4science_realm_theme }}",
"accountTheme": "{{ d4science_realm_theme }}",
"adminTheme": "{{ d4science_realm_theme }}",
"eventsListeners": [
"orchestrator-event-publisher",
"jboss-logging",
"email"
],
"identityProviders": [
{
"alias": "eosc-oidc",
"displayName": "Academic / other account",
"providerId": "oidc",
"enabled": true,
"updateProfileFirstLoginMode": "on",
"trustEmail": true,
"storeToken": false,
"addReadTokenRoleOnCreate": false,
"authenticateByDefault": false,
"linkOnly": false,
"firstBrokerLoginFlowAlias": "first broker login",
"config": {
"userInfoUrl": "https://aai.eosc-portal.eu/oidc/userinfo",
"validateSignature": "true",
"clientId": "{{ eosc_clientId }}",
"tokenUrl": "https://aai.eosc-portal.eu/oidc/token",
"jwksUrl": "https://aai.eosc-portal.eu/oidc/jwk",
"issuer": "https://aai.eosc-portal.eu/oidc/",
"useJwksUrl": "false",
"publicKeySignatureVerifier": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjCaIg7INT8AGjPYS7Kmg\nO0K0+axSzCVIlnqHZ8M1hKBfXd4QxZajrqLnwza2yzCGcHNC2aNIYzKm/D2oCx2R\nGzemcgKkcxOznNg2+0H4xlx86FbpVv4VZRXzPqIoc/CU5uyGdR5d58CtOMKhCecS\ny8q3vQ9fnhtLPqYFslLpL+u+3vvcur1rJn/a5GB9th55Lwmq9OyzlAeupbVP1q0A\nI92R1UGUswEPotBFk+a6IVfzToNK7zPdw02IAO/wVDUN1x0Baewm1t8KfviV8m41\nJmjmnUg4p/vLzfA/VKAFqtzwxZCKMkxtu7JwODiIRehMCz4AKBTvvi2k97aMHY+Y\nXQIDAQAB\n-----END PUBLIC KEY-----",
"authorizationUrl": "https://aai.eosc-portal.eu/oidc/authorize",
"clientAuthMethod": "client_secret_post",
"syncMode": "IMPORT",
"clientSecret": "{{ eosc_clientSecret }}",
"defaultScope": "openid profile email",
"guiOrder" : "1"
}
},
{
"alias": "linkedin",
"providerId": "linkedin",
"enabled": true,
"updateProfileFirstLoginMode": "on",
"trustEmail": true,
"storeToken": false,
"addReadTokenRoleOnCreate": false,
"authenticateByDefault": false,
"linkOnly": false,
"firstBrokerLoginFlowAlias": "first broker login",
"config": {
"syncMode": "IMPORT",
"clientSecret": "{{ linkedin_clientSecret }}",
"clientId": "{{ linkedin_clientId }}",
"useJwksUrl": "true",
"guiOrder" : "2"
}
},
{
"alias": "google",
"providerId": "google",
"enabled": true,
"updateProfileFirstLoginMode": "on",
"trustEmail": true,
"storeToken": false,
"addReadTokenRoleOnCreate": false,
"authenticateByDefault": false,
"linkOnly": false,
"firstBrokerLoginFlowAlias": "first broker login",
"config": {
"syncMode": "IMPORT",
"clientSecret": "{{ google_clientSecret }}",
"clientId": "{{ google_clientId }}",
"useJwksUrl": "true",
"guiOrder" : "3"
}
}
],
"identityProviderMappers": [
{
"name": "username from email importer",
"identityProviderAlias": "google",
"identityProviderMapper": "username-from-idp-email-mapper",
"config": {
"syncMode": "INHERIT"
}
},
{
"name": "username from email importer",
"identityProviderAlias": "eosc-oidc",
"identityProviderMapper": "username-from-idp-email-mapper",
"config": {
"syncMode": "INHERIT",
"auto-resolve": "true"
}
},
{
"name": "picture importer",
"identityProviderAlias": "linkedin",
"identityProviderMapper": "linkedin-user-attribute-mapper",
"config": {
"syncMode": "INHERIT",
"jsonField": "picture",
"attribute": "picture",
"userAttribute": "picture"
}
},
{
"name": "avatar",
"identityProviderAlias": "linkedin",
"identityProviderMapper": "avatar-importer",
"config": {
"use-libravatar": "true",
"syncMode": "INHERIT"
}
},
{
"name": "picture importer",
"identityProviderAlias": "eosc-oidc",
"identityProviderMapper": "oidc-user-attribute-idp-mapper",
"config": {
"syncMode": "INHERIT",
"claim": "picture",
"user.attribute": "picture"
}
},
{
"name": "picture",
"identityProviderAlias": "google",
"identityProviderMapper": "google-user-attribute-mapper",
"config": {
"syncMode": "INHERIT",
"jsonField": "picture",
"userAttribute": "picture"
}
},
{
"name": "avatar",
"identityProviderAlias": "google",
"identityProviderMapper": "avatar-importer",
"config": {
"use-libravatar": "true",
"syncMode": "INHERIT"
}
},
{
"name": "profilePicture importer",
"identityProviderAlias": "linkedin",
"identityProviderMapper": "linkedin-user-attribute-mapper",
"config": {
"syncMode": "INHERIT",
"jsonField": "profilePicture.displayImage",
"userAttribute": "linkedin-profilePicture"
}
},
{
"name": "avatar",
"identityProviderAlias": "eosc-oidc",
"identityProviderMapper": "avatar-importer",
"config": {
"use-libravatar": "true",
"syncMode": "INHERIT"
}
},
{
"name": "username from email importer",
"identityProviderAlias": "linkedin",
"identityProviderMapper": "username-from-idp-email-mapper",
"config": {
"syncMode": "INHERIT",
"auto-resolve": "true"
}
}
],
"components": {
"org.keycloak.storage.UserStorageProvider": [
{
"name": "{{ ldap_server }}",
"providerId": "ldap",
"subComponents": {
"org.keycloak.storage.ldap.mappers.LDAPStorageMapper": [
{
"name": "first name",
"providerId": "user-attribute-ldap-mapper",
"subComponents": {},
"config": {
"ldap.attribute": [
"givenName"
],
"is.mandatory.in.ldap": [
"true"
],
"is.binary.attribute": [
"false"
],
"read.only": [
"false"
],
"always.read.value.from.ldap": [
"true"
],
"user.model.attribute": [
"firstName"
]
}
},
{
"name": "email",
"providerId": "user-attribute-ldap-mapper",
"subComponents": {},
"config": {
"ldap.attribute": [
"mail"
],
"is.mandatory.in.ldap": [
"false"
],
"read.only": [
"false"
],
"always.read.value.from.ldap": [
"false"
],
"user.model.attribute": [
"email"
]
}
},
{
"name": "username",
"providerId": "user-attribute-ldap-mapper",
"subComponents": {},
"config": {
"ldap.attribute": [
"uid"
],
"is.mandatory.in.ldap": [
"true"
],
"is.binary.attribute": [
"false"
],
"always.read.value.from.ldap": [
"false"
],
"read.only": [
"true"
],
"user.model.attribute": [
"username"
]
}
},
{
"name": "d4science-groups",
"providerId": "group-ldap-mapper",
"subComponents": {},
"config": {
"membership.attribute.type": [
"DN"
],
"group.name.ldap.attribute": [
"cn"
],
"membership.user.ldap.attribute": [
"uid"
],
"preserve.group.inheritance": [
"true"
],
"groups.dn": [
"ou=Groups,o=D4Science,ou=Organizations,dc=d4science,dc=org"
],
"mapped.group.attributes": [
"gidNumber"
],
"mode": [
"LDAP_ONLY"
],
"user.roles.retrieve.strategy": [
"LOAD_GROUPS_BY_MEMBER_ATTRIBUTE"
],
"ignore.missing.groups": [
"false"
],
"membership.ldap.attribute": [
"member"
],
"group.object.classes": [
"groupofnames,posixGroup,top"
],
"memberof.ldap.attribute": [
"memberOf"
],
"drop.non.existing.groups.during.sync": [
"true"
]
}
},
{
"name": "fullname",
"providerId": "full-name-ldap-mapper",
"subComponents": {},
"config": {
"read.only": [
"false"
],
"write.only": [
"true"
],
"ldap.full.name.attribute": [
"cn"
]
}
},
{
"name": "last name",
"providerId": "user-attribute-ldap-mapper",
"subComponents": {},
"config": {
"ldap.attribute": [
"sn"
],
"is.mandatory.in.ldap": [
"true"
],
"always.read.value.from.ldap": [
"true"
],
"read.only": [
"false"
],
"user.model.attribute": [
"lastName"
]
}
},
{
"name": "creation date",
"providerId": "user-attribute-ldap-mapper",
"subComponents": {},
"config": {
"ldap.attribute": [
"createTimestamp"
],
"is.mandatory.in.ldap": [
"false"
],
"read.only": [
"true"
],
"always.read.value.from.ldap": [
"true"
],
"user.model.attribute": [
"createTimestamp"
]
}
},
{
"name": "modify date",
"providerId": "user-attribute-ldap-mapper",
"subComponents": {},
"config": {
"ldap.attribute": [
"modifyTimestamp"
],
"is.mandatory.in.ldap": [
"false"
],
"read.only": [
"true"
],
"always.read.value.from.ldap": [
"true"
],
"user.model.attribute": [
"modifyTimestamp"
]
}
},
{
"name": "homeDirectory",
"providerId": "ua-templated-ldap-mapper",
"subComponents": {},
"config": {
"ldap.attribute": [
"homeDirectory"
],
"is.mandatory.in.ldap": [
"true"
],
"read.only": [
"false"
],
"always.read.value.from.ldap": [
"true"
],
"template.string": [
"/home/${VALUE}"
],
"user.model.attribute": [
"username"
]
}
},
{
"name": "sshPublicKey mapper",
"providerId": "certificate-ldap-mapper",
"subComponents": {},
"config": {
"ldap.attribute": [
"sshPublicKey"
],
"is.mandatory.in.ldap": [
"false"
],
"is.binary.attribute": [
"true"
],
"read.only": [
"true"
],
"always.read.value.from.ldap": [
"true"
],
"user.model.attribute": [
"sshPublicKey"
]
}
}
]
},
"config": {
"fullSyncPeriod": [
"-1"
],
"pagination": [
"true"
],
"connectionPooling": [
"true"
],
"usersDn": [
"ou=People,o=D4Science,ou=Organizations,dc=d4science,dc=org"
],
"cachePolicy": [
"DEFAULT"
],
"useKerberosForPasswordAuthentication": [
"false"
],
"importEnabled": [
"true"
],
"enabled": [
"true"
],
"usernameLDAPAttribute": [
"uid"
],
"bindCredential": [
"{{ ldap_credential }}"
],
"changedSyncPeriod": [
"-1"
],
"bindDn": [
"cn=Directory Manager"
],
"lastSync": [
"1595253546"
],
"vendor": [
"other"
],
"uuidLDAPAttribute": [
"nsUniqueId"
],
"allowKerberosAuthentication": [
"false"
],
"connectionUrl": [
"ldaps://{{ ldap_server }}"
],
"syncRegistrations": [
"true"
],
"authType": [
"simple"
],
"debug": [
"false"
],
"searchScope": [
"1"
],
"useTruststoreSpi": [
"never"
],
"priority": [
"1"
],
"trustEmail": [
"true"
],
"userObjectClasses": [
"inetOrgPerson, organizationalPerson, posixAccount, organizationalPerson, person, inetUser, shadowAccount, ldapPublicKey, top"
],
"rdnLDAPAttribute": [
"uid"
],
"editMode": [
"WRITABLE"
],
"validatePasswordPolicy": [
"true"
],
"batchSizeForSync": [
"1000"
]
}
}
]
},
"internationalizationEnabled": true,
"supportedLocales": [
"de",
"no",
"ru",
"sv",
"pt-BR",
"lt",
"en",
"it",
"fr",
"zh-CN",
"es",
"ja",
"sk",
"pl",
"ca",
"nl",
"tr"
],
"defaultLocale": "en",
"requiredActions": [
{
"alias": "terms_and_conditions",
"name": "Terms and Conditions",
"providerId": "terms_and_conditions",
"enabled": true,
"defaultAction": true,
"priority": 20,
"config": {}
}
]
}

@ -0,0 +1,30 @@
{
"baseUrl" : "https://{{ gw_server_name }}/",
"bearerOnly" : false,
"clientId" : "{{ gw-server-name }}",
"name" : "{{ gw-server-name }}",
"description" : "Pre D4Science Gateway",
"directAccessGrantsEnabled" : true,
"enabled" : true,
"protocol" : "openid-connect",
"publicClient" : true,
"redirectUris" : ["https://{{ gw_server_name }}/c/portal/login"],
"attributes": {
"login_theme": "{{ gw_server_name }}"
},
"protocolMappers": [
{
"name": "send-groups-in-token",
"protocol": "openid-connect",
"protocolMapper": "oidc-group-membership-mapper",
"consentRequired": false,
"config": {
"full.path": "true",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "groups",
"userinfo.token.claim": "true"
}
}
]
}

@ -0,0 +1,29 @@
{
"baseUrl" : "https://{{env}}.d4science.org/",
"bearerOnly" : false,
"clientId" : "lr62_portal",
"name" : "lr62_portal",
"description" : "The D4Science {{env}} Portal",
"directAccessGrantsEnabled" : true,
"authorizationServicesEnabled" : true,
"serviceAccountsEnabled" : true,
"enabled" : true,
"protocol" : "openid-connect",
"publicClient" : false,
"redirectUris" : ["https://{{env}}.d4science.org/"],
"protocolMappers": [
{
"name": "send-groups-in-token",
"protocol": "openid-connect",
"protocolMapper": "oidc-group-membership-mapper",
"consentRequired": false,
"config": {
"full.path": "true",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "groups",
"userinfo.token.claim": "true"
}
}
]
}

@ -0,0 +1,29 @@
{
"baseUrl" : "{{orchestrator_baseUrl}}",
"bearerOnly" : false,
"clientId" : "orchestrator",
"name" : "orchestrator",
"description" : "The D4Science {{env}} Orchestrator",
"directAccessGrantsEnabled" : true,
"authorizationServicesEnabled" : true,
"serviceAccountsEnabled" : true,
"enabled" : true,
"protocol" : "openid-connect",
"publicClient" : false,
"redirectUris" : ["{{orchestrator_baseUrl}}"],
"protocolMappers": [
{
"name": "send-groups-in-token",
"protocol": "openid-connect",
"protocolMapper": "oidc-group-membership-mapper",
"consentRequired": false,
"config": {
"full.path": "true",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "groups",
"userinfo.token.claim": "true"
}
}
]
}
Loading…
Cancel
Save