First commit
commit
f0b380456c
@ -0,0 +1,310 @@
|
|||||||
|
Originale
|
||||||
|
Permalink
|
||||||
|
Blame
|
||||||
|
Cronologia
|
||||||
|
|
||||||
|
European Union Public Licence v. 1.2
|
||||||
|
|
||||||
|
EUPL © the European Union 2007, 2016
|
||||||
|
|
||||||
|
This European Union Public Licence (the 'EUPL') applies to the Work (as defined
|
||||||
|
below) which is provided under the terms of this Licence. Any use of the Work,
|
||||||
|
other than as authorised under this Licence is prohibited (to the extent such
|
||||||
|
use is covered by a right of the copyright holder of the Work).
|
||||||
|
|
||||||
|
The Work is provided under the terms of this Licence when the Licensor (as
|
||||||
|
defined below) has placed the following notice immediately following the copyright
|
||||||
|
notice for the Work:
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
Licensed under the EUPL
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
or has expressed by any other means his willingness to license under the EUPL.
|
||||||
|
|
||||||
|
1. Definitions
|
||||||
|
|
||||||
|
In this Licence, the following terms have the following meaning:
|
||||||
|
|
||||||
|
— 'The Licence': this Licence.
|
||||||
|
|
||||||
|
— 'The Original Work': the work or software distributed or communicated by
|
||||||
|
the Licensor under this Licence, available as Source Code and also as Executable
|
||||||
|
Code as the case may be.
|
||||||
|
|
||||||
|
— 'Derivative Works': the works or software that could be created by the Licensee,
|
||||||
|
based upon the Original Work or modifications thereof. This Licence does not
|
||||||
|
define the extent of modification or dependence on the Original Work required
|
||||||
|
in order to classify a work as a Derivative Work; this extent is determined
|
||||||
|
by copyright law applicable in the country mentioned in Article 15.
|
||||||
|
|
||||||
|
— 'The Work': the Original Work or its Derivative Works.
|
||||||
|
|
||||||
|
— 'The Source Code': the human-readable form of the Work which is the most
|
||||||
|
convenient for people to study and modify.
|
||||||
|
|
||||||
|
— 'The Executable Code': any code which has generally been compiled and which
|
||||||
|
is meant to be interpreted by a computer as a program.
|
||||||
|
|
||||||
|
— 'The Licensor': the natural or legal person that distributes or communicates
|
||||||
|
the Work under the Licence.
|
||||||
|
|
||||||
|
— 'Contributor(s)': any natural or legal person who modifies the Work under
|
||||||
|
the Licence, or otherwise contributes to the creation of a Derivative Work.
|
||||||
|
|
||||||
|
— 'The Licensee' or 'You': any natural or legal person who makes any usage
|
||||||
|
of the Work under the terms of the Licence.
|
||||||
|
|
||||||
|
— 'Distribution' or 'Communication': any act of selling, giving, lending,
|
||||||
|
renting, distributing, communicating, transmitting, or otherwise making available,
|
||||||
|
online or offline, copies of the Work or providing access to its essential
|
||||||
|
functionalities at the disposal of any other natural or legal person.
|
||||||
|
|
||||||
|
2. Scope of the rights granted by the Licence
|
||||||
|
|
||||||
|
The Licensor hereby grants You a worldwide, royalty-free, non-exclusive, sublicensable
|
||||||
|
licence to do the following, for the duration of copyright vested in the Original
|
||||||
|
Work:
|
||||||
|
|
||||||
|
— use the Work in any circumstance and for all usage,
|
||||||
|
|
||||||
|
— reproduce the Work,
|
||||||
|
|
||||||
|
— modify the Work, and make Derivative Works based upon the Work,
|
||||||
|
|
||||||
|
— communicate to the public, including the right to make available or display
|
||||||
|
the Work or copies thereof to the public and perform publicly, as the case
|
||||||
|
may be, the Work,
|
||||||
|
|
||||||
|
— distribute the Work or copies thereof,
|
||||||
|
|
||||||
|
— lend and rent the Work or copies thereof,
|
||||||
|
|
||||||
|
— sublicense rights in the Work or copies thereof.
|
||||||
|
|
||||||
|
Those rights can be exercised on any media, supports and formats, whether
|
||||||
|
now known or later invented, as far as the applicable law permits so.
|
||||||
|
|
||||||
|
In the countries where moral rights apply, the Licensor waives his right to
|
||||||
|
exercise his moral right to the extent allowed by law in order to make effective
|
||||||
|
the licence of the economic rights here above listed.
|
||||||
|
|
||||||
|
The Licensor grants to the Licensee royalty-free, non-exclusive usage rights
|
||||||
|
to any patents held by the Licensor, to the extent necessary to make use of
|
||||||
|
the rights granted on the Work under this Licence.
|
||||||
|
|
||||||
|
3. Communication of the Source Code
|
||||||
|
|
||||||
|
The Licensor may provide the Work either in its Source Code form, or as Executable
|
||||||
|
Code. If the Work is provided as Executable Code, the Licensor provides in
|
||||||
|
addition a machine-readable copy of the Source Code of the Work along with
|
||||||
|
each copy of the Work that the Licensor distributes or indicates, in a notice
|
||||||
|
following the copyright notice attached to the Work, a repository where the
|
||||||
|
Source Code is easily and freely accessible for as long as the Licensor continues
|
||||||
|
to distribute or communicate the Work.
|
||||||
|
|
||||||
|
4. Limitations on copyright
|
||||||
|
|
||||||
|
Nothing in this Licence is intended to deprive the Licensee of the benefits
|
||||||
|
from any exception or limitation to the exclusive rights of the rights owners
|
||||||
|
in the Work, of the exhaustion of those rights or of other applicable limitations
|
||||||
|
thereto.
|
||||||
|
|
||||||
|
5. Obligations of the Licensee
|
||||||
|
|
||||||
|
The grant of the rights mentioned above is subject to some restrictions and
|
||||||
|
obligations imposed on the Licensee. Those obligations are the following:
|
||||||
|
|
||||||
|
Attribution right: The Licensee shall keep intact all copyright, patent or
|
||||||
|
trademarks notices and all notices that refer to the Licence and to the disclaimer
|
||||||
|
of warranties. The Licensee must include a copy of such notices and a copy
|
||||||
|
of the Licence with every copy of the Work he/she distributes or communicates.
|
||||||
|
The Licensee must cause any Derivative Work to carry prominent notices stating
|
||||||
|
that the Work has been modified and the date of modification.
|
||||||
|
|
||||||
|
Copyleft clause: If the Licensee distributes or communicates copies of the
|
||||||
|
Original Works or Derivative Works, this Distribution or Communication will
|
||||||
|
be done under the terms of this Licence or of a later version of this Licence
|
||||||
|
unless the Original Work is expressly distributed only under this version
|
||||||
|
of the Licence — for example by communicating 'EUPL v. 1.2 only'. The Licensee
|
||||||
|
(becoming Licensor) cannot offer or impose any additional terms or conditions
|
||||||
|
on the Work or Derivative Work that alter or restrict the terms of the Licence.
|
||||||
|
|
||||||
|
Compatibility clause: If the Licensee Distributes or Communicates Derivative
|
||||||
|
Works or copies thereof based upon both the Work and another work licensed
|
||||||
|
under a Compatible Licence, this Distribution or Communication can be done
|
||||||
|
under the terms of this Compatible Licence. For the sake of this clause, 'Compatible
|
||||||
|
Licence' refers to the licences listed in the appendix attached to this Licence.
|
||||||
|
Should the Licensee's obligations under the Compatible Licence conflict with
|
||||||
|
his/her obligations under this Licence, the obligations of the Compatible
|
||||||
|
Licence shall prevail.
|
||||||
|
|
||||||
|
Provision of Source Code: When distributing or communicating copies of the
|
||||||
|
Work, the Licensee will provide a machine-readable copy of the Source Code
|
||||||
|
or indicate a repository where this Source will be easily and freely available
|
||||||
|
for as long as the Licensee continues to distribute or communicate the Work.
|
||||||
|
|
||||||
|
Legal Protection: This Licence does not grant permission to use the trade
|
||||||
|
names, trademarks, service marks, or names of the Licensor, except as required
|
||||||
|
for reasonable and customary use in describing the origin of the Work and
|
||||||
|
reproducing the content of the copyright notice.
|
||||||
|
|
||||||
|
6. Chain of Authorship
|
||||||
|
|
||||||
|
The original Licensor warrants that the copyright in the Original Work granted
|
||||||
|
hereunder is owned by him/her or licensed to him/her and that he/she has the
|
||||||
|
power and authority to grant the Licence.
|
||||||
|
|
||||||
|
Each Contributor warrants that the copyright in the modifications he/she brings
|
||||||
|
to the Work are owned by him/her or licensed to him/her and that he/she has
|
||||||
|
the power and authority to grant the Licence.
|
||||||
|
|
||||||
|
Each time You accept the Licence, the original Licensor and subsequent Contributors
|
||||||
|
grant You a licence to their contributions to the Work, under the terms of
|
||||||
|
this Licence.
|
||||||
|
|
||||||
|
7. Disclaimer of Warranty
|
||||||
|
|
||||||
|
The Work is a work in progress, which is continuously improved by numerous
|
||||||
|
Contributors. It is not a finished work and may therefore contain defects
|
||||||
|
or 'bugs' inherent to this type of development.
|
||||||
|
|
||||||
|
For the above reason, the Work is provided under the Licence on an 'as is'
|
||||||
|
basis and without warranties of any kind concerning the Work, including without
|
||||||
|
limitation merchantability, fitness for a particular purpose, absence of defects
|
||||||
|
or errors, accuracy, non-infringement of intellectual property rights other
|
||||||
|
than copyright as stated in Article 6 of this Licence.
|
||||||
|
|
||||||
|
This disclaimer of warranty is an essential part of the Licence and a condition
|
||||||
|
for the grant of any rights to the Work.
|
||||||
|
|
||||||
|
8. Disclaimer of Liability
|
||||||
|
|
||||||
|
Except in the cases of wilful misconduct or damages directly caused to natural
|
||||||
|
persons, the Licensor will in no event be liable for any direct or indirect,
|
||||||
|
material or moral, damages of any kind, arising out of the Licence or of the
|
||||||
|
use of the Work, including without limitation, damages for loss of goodwill,
|
||||||
|
work stoppage, computer failure or malfunction, loss of data or any commercial
|
||||||
|
damage, even if the Licensor has been advised of the possibility of such damage.
|
||||||
|
However, the Licensor will be liable under statutory product liability laws
|
||||||
|
as far such laws apply to the Work.
|
||||||
|
|
||||||
|
9. Additional agreements
|
||||||
|
|
||||||
|
While distributing the Work, You may choose to conclude an additional agreement,
|
||||||
|
defining obligations or services consistent with this Licence. However, if
|
||||||
|
accepting obligations, You may act only on your own behalf and on your sole
|
||||||
|
responsibility, not on behalf of the original Licensor or any other Contributor,
|
||||||
|
and only if You agree to indemnify, defend, and hold each Contributor harmless
|
||||||
|
for any liability incurred by, or claims asserted against such Contributor
|
||||||
|
by the fact You have accepted any warranty or additional liability.
|
||||||
|
|
||||||
|
10. Acceptance of the Licence
|
||||||
|
|
||||||
|
The provisions of this Licence can be accepted by clicking on an icon 'I agree'
|
||||||
|
placed under the bottom of a window displaying the text of this Licence or
|
||||||
|
by affirming consent in any other similar way, in accordance with the rules
|
||||||
|
of applicable law. Clicking on that icon indicates your clear and irrevocable
|
||||||
|
acceptance of this Licence and all of its terms and conditions.
|
||||||
|
|
||||||
|
Similarly, you irrevocably accept this Licence and all of its terms and conditions
|
||||||
|
by exercising any rights granted to You by Article 2 of this Licence, such
|
||||||
|
as the use of the Work, the creation by You of a Derivative Work or the Distribution
|
||||||
|
or Communication by You of the Work or copies thereof.
|
||||||
|
|
||||||
|
11. Information to the public
|
||||||
|
|
||||||
|
In case of any Distribution or Communication of the Work by means of electronic
|
||||||
|
communication by You (for example, by offering to download the Work from a
|
||||||
|
remote location) the distribution channel or media (for example, a website)
|
||||||
|
must at least provide to the public the information requested by the applicable
|
||||||
|
law regarding the Licensor, the Licence and the way it may be accessible,
|
||||||
|
concluded, stored and reproduced by the Licensee.
|
||||||
|
|
||||||
|
12. Termination of the Licence
|
||||||
|
|
||||||
|
The Licence and the rights granted hereunder will terminate automatically
|
||||||
|
upon any breach by the Licensee of the terms of the Licence.
|
||||||
|
|
||||||
|
Such a termination will not terminate the licences of any person who has received
|
||||||
|
the Work from the Licensee under the Licence, provided such persons remain
|
||||||
|
in full compliance with the Licence.
|
||||||
|
|
||||||
|
13. Miscellaneous
|
||||||
|
|
||||||
|
Without prejudice of Article 9 above, the Licence represents the complete
|
||||||
|
agreement between the Parties as to the Work.
|
||||||
|
|
||||||
|
If any provision of the Licence is invalid or unenforceable under applicable
|
||||||
|
law, this will not affect the validity or enforceability of the Licence as
|
||||||
|
a whole. Such provision will be construed or reformed so as necessary to make
|
||||||
|
it valid and enforceable.
|
||||||
|
|
||||||
|
The European Commission may publish other linguistic versions or new versions
|
||||||
|
of this Licence or updated versions of the Appendix, so far this is required
|
||||||
|
and reasonable, without reducing the scope of the rights granted by the Licence.
|
||||||
|
New versions of the Licence will be published with a unique version number.
|
||||||
|
|
||||||
|
All linguistic versions of this Licence, approved by the European Commission,
|
||||||
|
have identical value. Parties can take advantage of the linguistic version
|
||||||
|
of their choice.
|
||||||
|
|
||||||
|
14. Jurisdiction
|
||||||
|
|
||||||
|
Without prejudice to specific agreement between parties,
|
||||||
|
|
||||||
|
— any litigation resulting from the interpretation of this License, arising
|
||||||
|
between the European Union institutions, bodies, offices or agencies, as a
|
||||||
|
Licensor, and any Licensee, will be subject to the jurisdiction of the Court
|
||||||
|
of Justice of the European Union, as laid down in article 272 of the Treaty
|
||||||
|
on the Functioning of the European Union,
|
||||||
|
|
||||||
|
— any litigation arising between other parties and resulting from the interpretation
|
||||||
|
of this License, will be subject to the exclusive jurisdiction of the competent
|
||||||
|
court where the Licensor resides or conducts its primary business.
|
||||||
|
|
||||||
|
15. Applicable Law
|
||||||
|
|
||||||
|
Without prejudice to specific agreement between parties,
|
||||||
|
|
||||||
|
— this Licence shall be governed by the law of the European Union Member State
|
||||||
|
where the Licensor has his seat, resides or has his registered office,
|
||||||
|
|
||||||
|
— this licence shall be governed by Belgian law if the Licensor has no seat,
|
||||||
|
residence or registered office inside a European Union Member State.
|
||||||
|
|
||||||
|
Appendix
|
||||||
|
|
||||||
|
'Compatible Licences' according to Article 5 EUPL are:
|
||||||
|
|
||||||
|
— GNU General Public License (GPL) v. 2, v. 3
|
||||||
|
|
||||||
|
— GNU Affero General Public License (AGPL) v. 3
|
||||||
|
|
||||||
|
— Open Software License (OSL) v. 2.1, v. 3.0
|
||||||
|
|
||||||
|
— Eclipse Public License (EPL) v. 1.0
|
||||||
|
|
||||||
|
— CeCILL v. 2.0, v. 2.1
|
||||||
|
|
||||||
|
— Mozilla Public Licence (MPL) v. 2
|
||||||
|
|
||||||
|
— GNU Lesser General Public Licence (LGPL) v. 2.1, v. 3
|
||||||
|
|
||||||
|
— Creative Commons Attribution-ShareAlike v. 3.0 Unported (CC BY-SA 3.0) for
|
||||||
|
works other than software
|
||||||
|
|
||||||
|
— European Union Public Licence (EUPL) v. 1.1, v. 1.2
|
||||||
|
|
||||||
|
— Québec Free and Open-Source Licence — Reciprocity (LiLiQ-R) or Strong Reciprocity
|
||||||
|
(LiLiQ-R+).
|
||||||
|
|
||||||
|
The European Commission may update this Appendix to later versions of the
|
||||||
|
above licences without producing a new version of the EUPL, as long as they
|
||||||
|
provide the rights granted in Article 2 of this Licence and protect the covered
|
||||||
|
Source Code from exclusive appropriation.
|
||||||
|
|
||||||
|
All other changes or additions to this Appendix require the production of
|
||||||
|
a new EUPL version.
|
@ -0,0 +1,9 @@
|
|||||||
|
---
|
||||||
|
env : "dev"
|
||||||
|
keycloak_server : "accounts.{{ env }}.d4science.org"
|
||||||
|
keycloak_baseurl: "https://{{keycloak_server}}"
|
||||||
|
d4science_realm_name: "d4scienceee"
|
||||||
|
d4science_realm_url: "{{ keycloak_baseurl }}/auth/admin/realms/{{ d4science_realm_name }}"
|
||||||
|
d4science_realm_theme: "d4science"
|
||||||
|
ldap_server: "ldap.pre.d4science.org"
|
||||||
|
orchestrator_baseUrl: "https://orchestrator.d4science.org/api/workflow/"
|
@ -0,0 +1,12 @@
|
|||||||
|
---
|
||||||
|
keycloak_username: ""
|
||||||
|
keycloak_password: ""
|
||||||
|
eosc_clientId: ""
|
||||||
|
eosc_clientSecret: ""
|
||||||
|
linkedin_clientId: ""
|
||||||
|
linkedin_clientSecret: ""
|
||||||
|
google_clientId: ""
|
||||||
|
google_clientSecret: ""
|
||||||
|
recaptcha_key: ""
|
||||||
|
recaptcha_secret: ""
|
||||||
|
ldap_credential: ""
|
@ -0,0 +1,36 @@
|
|||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
65633233343737346434623733613537313636366164336637656434633362643536316430306666
|
||||||
|
3739373234636662646637663163336136386566386631370a623038336435643031643865656637
|
||||||
|
62386663643066346330376630353333636663363433623831656534613833383835613466636565
|
||||||
|
6363366661663039630a376133303438373864613035663136323834656530633636636637353032
|
||||||
|
62633435326661626131356535313832613134633631393264383039396161633561343738643965
|
||||||
|
37643665643639636165653137353038396536633138313563316165663334393038383239653461
|
||||||
|
30333834656664633564656363396633303636616436353766326566643437373535343530616662
|
||||||
|
65333963393738623966623138356562356539363637316133656565346638346265366633373362
|
||||||
|
62653239323665633032353765313862396135623231393932623630303965303563633835613437
|
||||||
|
39316365343235303765623132323861323139613064326565643031303063646461613633643431
|
||||||
|
31306363363437393334633761316265393264613465323466376365346266373335343139646532
|
||||||
|
37336635366363383230353238333339326635663635373234373233346361653964323266663365
|
||||||
|
31623434656661353735636263333761313062363439346633393830383733636362373761666430
|
||||||
|
66343732333066383264663632343838663631336266363066616562386333346661633234363035
|
||||||
|
63333762353235326638323662396661643037376664333764393739643534363861316431643963
|
||||||
|
61323061386466623562383862316261313430376361666132623863373265646266366439646239
|
||||||
|
33393630336431346330383834353734373539303731653237613664643463366262356462336262
|
||||||
|
33326337653335653033373537366431623666613639343338313566306134386366613937333830
|
||||||
|
30336532386333633436383738373439663466653862316264356438653061373362336666393736
|
||||||
|
35373130316638353234373434616232326565393866366133303039656463356161326531353065
|
||||||
|
63636637313233623661356633343038623464656430643339353934333737363936363738663462
|
||||||
|
62333431303139666562653836616633636535336264396530306637326362663631643061616232
|
||||||
|
33326534333338366132313230396266333438303133653862616435633138346237386631363936
|
||||||
|
64646432616364636336373737346436653566326439663364653030613538373631653931333236
|
||||||
|
63343735306665636532353932323239366366613732303564303737393734303639666631303837
|
||||||
|
62616665376634353337396334353431386334653031633366393762366635366462396265396331
|
||||||
|
38663137343462613438616636376163613462376631343566363263383435656363363162343864
|
||||||
|
36343936386362363263333034666534383032663431393562303934343232303063386134663633
|
||||||
|
66636366373835326132626138646165376431646566393834346164613065646234626333333337
|
||||||
|
34353231616136623263306563383063316530353234333334666664313366623137393665326434
|
||||||
|
35313432373034366335313237376539376133383665623537313835373566313036383863653539
|
||||||
|
35313435663364646533376461386435363131663766353165616562336536623734623961613031
|
||||||
|
34383930653961346233333135363363363930383337643964396432353663643535316163373935
|
||||||
|
66656663303632653935333936343666613663346437663037336235646361363733386538373738
|
||||||
|
646164323961613266623033646532653830
|
@ -0,0 +1,3 @@
|
|||||||
|
{
|
||||||
|
"clientRole" : false, "name" : "Infrastructure-Client", "description" : "Infrastructure-Client role"
|
||||||
|
}
|
@ -0,0 +1,3 @@
|
|||||||
|
{
|
||||||
|
"clientRole" : false, "name" : "Infrastructure-Manager", "description" : "Infrastructure-Manager role"
|
||||||
|
}
|
@ -0,0 +1,30 @@
|
|||||||
|
---
|
||||||
|
galaxy_info:
|
||||||
|
author: Mauro Mugnaini
|
||||||
|
description: Devop
|
||||||
|
company: Nubisware S.r.l.
|
||||||
|
|
||||||
|
issue_tracker_url: https://redmine-s2i2s.isti.cnr.it/projects/provisioning
|
||||||
|
|
||||||
|
license: EUPL 1.2+
|
||||||
|
|
||||||
|
min_ansible_version: 2.8
|
||||||
|
|
||||||
|
# To view available platforms and versions (or releases), visit:
|
||||||
|
# https://galaxy.ansible.com/api/v1/platforms/
|
||||||
|
#
|
||||||
|
platforms:
|
||||||
|
- name: Ubuntu
|
||||||
|
versions:
|
||||||
|
- bionic
|
||||||
|
- name: EL
|
||||||
|
versions:
|
||||||
|
- 7
|
||||||
|
- 8
|
||||||
|
|
||||||
|
galaxy_tags:
|
||||||
|
- keycloak
|
||||||
|
- d4science
|
||||||
|
- realm
|
||||||
|
|
||||||
|
dependencies:
|
@ -0,0 +1,246 @@
|
|||||||
|
---
|
||||||
|
- name: "Getting Token for service access on Keycloak"
|
||||||
|
uri:
|
||||||
|
url: "{{ keycloak_baseurl }}/auth/realms/master/protocol/openid-connect/token"
|
||||||
|
method: POST
|
||||||
|
body_format: form-urlencoded
|
||||||
|
body:
|
||||||
|
username: "{{ keycloak_username }}"
|
||||||
|
password: "{{ keycloak_password }}"
|
||||||
|
grant_type: "password"
|
||||||
|
client_id: "admin-cli"
|
||||||
|
register: keycloak_token
|
||||||
|
run_once: True
|
||||||
|
|
||||||
|
- name: "Find out, if realm {{ d4science_realm_name }} exists on Keycloak"
|
||||||
|
uri:
|
||||||
|
url: "{{ d4science_realm_url }}"
|
||||||
|
method: GET
|
||||||
|
status_code:
|
||||||
|
- 200
|
||||||
|
- 404
|
||||||
|
headers:
|
||||||
|
Accept: "application/json"
|
||||||
|
Authorization: "Bearer {{ keycloak_token.json.access_token }}"
|
||||||
|
register: d4science_realm_check
|
||||||
|
run_once: True
|
||||||
|
|
||||||
|
- name: "Create and configure d4science realm named: {{ d4science_realm_name }}"
|
||||||
|
vars:
|
||||||
|
authorization: "Bearer {{ keycloak_token.json.access_token }}"
|
||||||
|
block:
|
||||||
|
|
||||||
|
- name: "Create new {{ d4science_realm_name }} realm on Keycloak"
|
||||||
|
uri:
|
||||||
|
url: "{{ keycloak_baseurl }}/auth/admin/realms"
|
||||||
|
method: POST
|
||||||
|
body: "{{ lookup('template', 'd4science_realm.json.j2') }}"
|
||||||
|
body_format: "json"
|
||||||
|
status_code:
|
||||||
|
- 201
|
||||||
|
headers:
|
||||||
|
Content-type: "application/json"
|
||||||
|
Accept: "application/json"
|
||||||
|
Authorization: "{{ authorization }}"
|
||||||
|
register: d4science_realm_create
|
||||||
|
|
||||||
|
- name: "Getting {{ d4science_realm_name }} registration flow executions"
|
||||||
|
uri:
|
||||||
|
url: "{{ d4science_realm_url }}/authentication/flows/registration/executions"
|
||||||
|
method: GET
|
||||||
|
status_code:
|
||||||
|
- 200
|
||||||
|
headers:
|
||||||
|
Accept: "application/json"
|
||||||
|
Authorization: "{{ authorization }}"
|
||||||
|
register: registration_executions
|
||||||
|
|
||||||
|
- name: "Enabling ReCaptcha registration flow executions"
|
||||||
|
uri:
|
||||||
|
url: "{{d4science_realm_url}}/authentication/flows/registration/executions"
|
||||||
|
method: PUT
|
||||||
|
body: "{'id':'{{ registration_executions.json | json_query(query_id) }}','requirement':'REQUIRED','providerId': 'registration-recaptcha-action' }"
|
||||||
|
body_format: "json"
|
||||||
|
status_code:
|
||||||
|
- 204
|
||||||
|
headers:
|
||||||
|
Content-type: "application/json"
|
||||||
|
Accept: "application/json"
|
||||||
|
Authorization: "{{ authorization }}"
|
||||||
|
vars:
|
||||||
|
query_id: "[?providerId == 'registration-recaptcha-action'] | [0].id"
|
||||||
|
|
||||||
|
- name: "Configuring ReCaptcha"
|
||||||
|
uri:
|
||||||
|
url: "{{d4science_realm_url}}/authentication/executions/{{ registration_executions.json | json_query(query_id) }}/config"
|
||||||
|
method: POST
|
||||||
|
body: "{'alias':'reCaptcha','config':{'secret':'{{ recaptcha_secret }}','site.key':'{{ recaptcha_key }}','useRecaptchaNet':'false'}}"
|
||||||
|
body_format: "json"
|
||||||
|
status_code:
|
||||||
|
- 201
|
||||||
|
headers:
|
||||||
|
Content-type: "application/json"
|
||||||
|
Accept: "application/json"
|
||||||
|
Authorization: "{{ authorization }}"
|
||||||
|
vars:
|
||||||
|
query_id: "[?providerId == 'registration-recaptcha-action'] | [0].id"
|
||||||
|
|
||||||
|
|
||||||
|
- name: "Adding Infrastructure-Manager realm role"
|
||||||
|
uri:
|
||||||
|
url: "{{d4science_realm_url}}/roles"
|
||||||
|
method: POST
|
||||||
|
body: "{{ lookup('file', 'infrastructure-manager_role.json') }}"
|
||||||
|
body_format: "json"
|
||||||
|
status_code:
|
||||||
|
- 201
|
||||||
|
headers:
|
||||||
|
Content-type: "application/json"
|
||||||
|
Accept: "application/json"
|
||||||
|
Authorization: "{{ authorization }}"
|
||||||
|
|
||||||
|
- name: "Adding Infrastructure-Client realm role"
|
||||||
|
uri:
|
||||||
|
url: "{{d4science_realm_url}}/roles"
|
||||||
|
method: POST
|
||||||
|
body: "{{ lookup('file', 'infrastructure-client_role.json') }}"
|
||||||
|
body_format: "json"
|
||||||
|
status_code:
|
||||||
|
- 201
|
||||||
|
headers:
|
||||||
|
Content-type: "application/json"
|
||||||
|
Accept: "application/json"
|
||||||
|
Authorization: "{{ authorization }}"
|
||||||
|
|
||||||
|
- name: "Adding orchestrator client to realm"
|
||||||
|
uri:
|
||||||
|
url: "{{ d4science_realm_url }}/clients"
|
||||||
|
method: POST
|
||||||
|
body: "{{ lookup('template', 'orchestrator_client.json.j2') }}"
|
||||||
|
body_format: "json"
|
||||||
|
status_code:
|
||||||
|
- 201
|
||||||
|
headers:
|
||||||
|
Content-type: "application/json"
|
||||||
|
Accept: "application/json"
|
||||||
|
Authorization: "{{ authorization }}"
|
||||||
|
register: orchestrator_client_create
|
||||||
|
|
||||||
|
- name: "Adding lr62_portal client to realm"
|
||||||
|
uri:
|
||||||
|
url: "{{ d4science_realm_url }}/clients"
|
||||||
|
method: POST
|
||||||
|
body: "{{ lookup('template', 'lr62_portal_client.json.j2') }}"
|
||||||
|
body_format: "json"
|
||||||
|
status_code:
|
||||||
|
- 201
|
||||||
|
headers:
|
||||||
|
Content-type: "application/json"
|
||||||
|
Accept: "application/json"
|
||||||
|
Authorization: "{{ authorization }}"
|
||||||
|
register: lr62_client_create
|
||||||
|
|
||||||
|
- name: "Getting orchestrator service-account-user"
|
||||||
|
uri:
|
||||||
|
url: "{{ d4science_realm_url }}/clients/{{ orchestrator_client_create.location.split('/').pop() }}/service-account-user"
|
||||||
|
method: GET
|
||||||
|
status_code:
|
||||||
|
- 200
|
||||||
|
headers:
|
||||||
|
Accept: "application/json"
|
||||||
|
Authorization: "{{ authorization }}"
|
||||||
|
register: orchestrator_sau
|
||||||
|
|
||||||
|
- name: "Getting lr62_portal service-account-user"
|
||||||
|
uri:
|
||||||
|
url: "{{ d4science_realm_url }}/clients/{{ lr62_client_create.location.split('/').pop() }}/service-account-user"
|
||||||
|
method: GET
|
||||||
|
status_code:
|
||||||
|
- 200
|
||||||
|
headers:
|
||||||
|
Accept: "application/json"
|
||||||
|
Authorization: "{{ authorization }}"
|
||||||
|
register: lr62_sau
|
||||||
|
|
||||||
|
- name: "Getting {{ d4science_realm_name }} realm roles"
|
||||||
|
uri:
|
||||||
|
url: "{{ d4science_realm_url }}/roles"
|
||||||
|
method: GET
|
||||||
|
status_code:
|
||||||
|
- 200
|
||||||
|
headers:
|
||||||
|
Accept: "application/json"
|
||||||
|
Authorization: "{{ authorization }}"
|
||||||
|
register: d4s_realm_roles
|
||||||
|
|
||||||
|
- name: "Assigning infrastructure-manager role to orchestrator SAU"
|
||||||
|
uri:
|
||||||
|
url: "{{ d4science_realm_url }}/users/{{ orchestrator_sau.json.id }}/role-mappings/realm"
|
||||||
|
method: POST
|
||||||
|
body: "{{ d4s_realm_roles.json | json_query(\"[?name == 'Infrastructure-Manager']\") }}"
|
||||||
|
body_format: "json"
|
||||||
|
status_code:
|
||||||
|
- 204
|
||||||
|
headers:
|
||||||
|
Content-type: "application/json"
|
||||||
|
Accept: "application/json"
|
||||||
|
Authorization: "{{ authorization }}"
|
||||||
|
register: lr62_client_create
|
||||||
|
|
||||||
|
- name: "Assigning infrastructure-client role to lr62_portal SAU"
|
||||||
|
uri:
|
||||||
|
url: "{{ d4science_realm_url }}/users/{{ lr62_sau.json.id }}/role-mappings/realm"
|
||||||
|
method: POST
|
||||||
|
body: "{{ d4s_realm_roles.json | json_query(query) }}"
|
||||||
|
body_format: "json"
|
||||||
|
status_code:
|
||||||
|
- 204
|
||||||
|
headers:
|
||||||
|
Content-type: "application/json"
|
||||||
|
Accept: "application/json"
|
||||||
|
Authorization: "{{ authorization }}"
|
||||||
|
register: lr62_client_create
|
||||||
|
vars:
|
||||||
|
query: "[?name == 'Infrastructure-Client']"
|
||||||
|
|
||||||
|
|
||||||
|
- name: "Getting realm-management client by clientId"
|
||||||
|
uri:
|
||||||
|
url: "{{ d4science_realm_url }}/clients?clientId=realm-management"
|
||||||
|
method: GET
|
||||||
|
status_code:
|
||||||
|
- 200
|
||||||
|
headers:
|
||||||
|
Accept: "application/json"
|
||||||
|
Authorization: "{{ authorization }}"
|
||||||
|
register: realm_management_client
|
||||||
|
|
||||||
|
- name: "Getting realm-management client roles"
|
||||||
|
uri:
|
||||||
|
url: "{{ d4science_realm_url }}/clients/{{ realm_management_client.json[0].id }}/roles"
|
||||||
|
method: GET
|
||||||
|
status_code:
|
||||||
|
- 200
|
||||||
|
headers:
|
||||||
|
Accept: "application/json"
|
||||||
|
Authorization: "{{ authorization }}"
|
||||||
|
register: realm_management_roles
|
||||||
|
|
||||||
|
- name: "Assigning realm-management roles to orchestrator SAU"
|
||||||
|
uri:
|
||||||
|
url: "{{ d4science_realm_url }}/users/{{ orchestrator_sau.json.id }}/role-mappings/clients/{{ realm_management_client.json[0].id }}"
|
||||||
|
method: POST
|
||||||
|
body: "{{ realm_management_roles.json | json_query(query) }}"
|
||||||
|
body_format: "json"
|
||||||
|
status_code:
|
||||||
|
- 204
|
||||||
|
headers:
|
||||||
|
Content-type: "application/json"
|
||||||
|
Accept: "application/json"
|
||||||
|
Authorization: "{{ authorization }}"
|
||||||
|
vars:
|
||||||
|
query: "[?contains([`manage-users`, `view-users`, `manage-clients`, `query-clients`, `query-users`], name)]"
|
||||||
|
|
||||||
|
run_once: True
|
||||||
|
when: "d4science_realm_check.status == 404"
|
||||||
|
|
@ -0,0 +1,623 @@
|
|||||||
|
{
|
||||||
|
"id": "{{ d4science_realm_name }}",
|
||||||
|
"realm": "{{ d4science_realm_name }}",
|
||||||
|
"displayName": "D4Science Accounts {{ env }}",
|
||||||
|
"displayNameHtml": "<h2>D4Science {{ env }}</h2><p>Welcome</p>",
|
||||||
|
"notBefore": 0,
|
||||||
|
"revokeRefreshToken": false,
|
||||||
|
"refreshTokenMaxReuse": 0,
|
||||||
|
"accessTokenLifespan": 300,
|
||||||
|
"accessTokenLifespanForImplicitFlow": 900,
|
||||||
|
"ssoSessionIdleTimeout": 1800,
|
||||||
|
"ssoSessionMaxLifespan": 36000,
|
||||||
|
"ssoSessionIdleTimeoutRememberMe": 0,
|
||||||
|
"ssoSessionMaxLifespanRememberMe": 0,
|
||||||
|
"offlineSessionIdleTimeout": 2592000,
|
||||||
|
"offlineSessionMaxLifespanEnabled": false,
|
||||||
|
"offlineSessionMaxLifespan": 5184000,
|
||||||
|
"clientSessionIdleTimeout": 0,
|
||||||
|
"clientSessionMaxLifespan": 0,
|
||||||
|
"accessCodeLifespan": 60,
|
||||||
|
"accessCodeLifespanUserAction": 300,
|
||||||
|
"accessCodeLifespanLogin": 1800,
|
||||||
|
"actionTokenGeneratedByAdminLifespan": 43200,
|
||||||
|
"actionTokenGeneratedByUserLifespan": 300,
|
||||||
|
"enabled": true,
|
||||||
|
"sslRequired": "external",
|
||||||
|
"registrationAllowed": true,
|
||||||
|
"registrationEmailAsUsername": false,
|
||||||
|
"rememberMe": true,
|
||||||
|
"verifyEmail": true,
|
||||||
|
"loginWithEmailAllowed": true,
|
||||||
|
"duplicateEmailsAllowed": false,
|
||||||
|
"resetPasswordAllowed": true,
|
||||||
|
"editUsernameAllowed": false,
|
||||||
|
"bruteForceProtected": true,
|
||||||
|
"permanentLockout": false,
|
||||||
|
"maxFailureWaitSeconds": 900,
|
||||||
|
"minimumQuickLoginWaitSeconds": 60,
|
||||||
|
"waitIncrementSeconds": 60,
|
||||||
|
"quickLoginCheckMilliSeconds": 1000,
|
||||||
|
"maxDeltaTimeSeconds": 43200,
|
||||||
|
"failureFactor": 30,
|
||||||
|
"defaultRoles": [
|
||||||
|
"offline_access",
|
||||||
|
"uma_authorization"
|
||||||
|
],
|
||||||
|
"requiredCredentials": [
|
||||||
|
"password"
|
||||||
|
],
|
||||||
|
"passwordPolicy": "length(8)",
|
||||||
|
"browserSecurityHeaders": {
|
||||||
|
"contentSecurityPolicyReportOnly": "",
|
||||||
|
"xContentTypeOptions": "nosniff",
|
||||||
|
"xRobotsTag": "none",
|
||||||
|
"xFrameOptions": "ALLOW-FROM https://www.google.com",
|
||||||
|
"contentSecurityPolicy": "frame-src 'self' https://www.google.com;",
|
||||||
|
"xXSSProtection": "1; mode=block",
|
||||||
|
"strictTransportSecurity": "max-age=31536000; includeSubDomains"
|
||||||
|
},
|
||||||
|
"smtpServer": {
|
||||||
|
"host": "localhost",
|
||||||
|
"from": "noreply@d4science.org",
|
||||||
|
"starttls": "",
|
||||||
|
"auth": "",
|
||||||
|
"ssl": ""
|
||||||
|
},
|
||||||
|
"loginTheme": "{{ d4science_realm_theme }}",
|
||||||
|
"accountTheme": "{{ d4science_realm_theme }}",
|
||||||
|
"adminTheme": "{{ d4science_realm_theme }}",
|
||||||
|
"eventsListeners": [
|
||||||
|
"orchestrator-event-publisher",
|
||||||
|
"jboss-logging",
|
||||||
|
"email"
|
||||||
|
],
|
||||||
|
"identityProviders": [
|
||||||
|
{
|
||||||
|
"alias": "eosc-oidc",
|
||||||
|
"displayName": "Academic / other account",
|
||||||
|
"providerId": "oidc",
|
||||||
|
"enabled": true,
|
||||||
|
"updateProfileFirstLoginMode": "on",
|
||||||
|
"trustEmail": true,
|
||||||
|
"storeToken": false,
|
||||||
|
"addReadTokenRoleOnCreate": false,
|
||||||
|
"authenticateByDefault": false,
|
||||||
|
"linkOnly": false,
|
||||||
|
"firstBrokerLoginFlowAlias": "first broker login",
|
||||||
|
"config": {
|
||||||
|
"userInfoUrl": "https://aai.eosc-portal.eu/oidc/userinfo",
|
||||||
|
"validateSignature": "true",
|
||||||
|
"clientId": "{{ eosc_clientId }}",
|
||||||
|
"tokenUrl": "https://aai.eosc-portal.eu/oidc/token",
|
||||||
|
"jwksUrl": "https://aai.eosc-portal.eu/oidc/jwk",
|
||||||
|
"issuer": "https://aai.eosc-portal.eu/oidc/",
|
||||||
|
"useJwksUrl": "false",
|
||||||
|
"publicKeySignatureVerifier": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjCaIg7INT8AGjPYS7Kmg\nO0K0+axSzCVIlnqHZ8M1hKBfXd4QxZajrqLnwza2yzCGcHNC2aNIYzKm/D2oCx2R\nGzemcgKkcxOznNg2+0H4xlx86FbpVv4VZRXzPqIoc/CU5uyGdR5d58CtOMKhCecS\ny8q3vQ9fnhtLPqYFslLpL+u+3vvcur1rJn/a5GB9th55Lwmq9OyzlAeupbVP1q0A\nI92R1UGUswEPotBFk+a6IVfzToNK7zPdw02IAO/wVDUN1x0Baewm1t8KfviV8m41\nJmjmnUg4p/vLzfA/VKAFqtzwxZCKMkxtu7JwODiIRehMCz4AKBTvvi2k97aMHY+Y\nXQIDAQAB\n-----END PUBLIC KEY-----",
|
||||||
|
"authorizationUrl": "https://aai.eosc-portal.eu/oidc/authorize",
|
||||||
|
"clientAuthMethod": "client_secret_post",
|
||||||
|
"syncMode": "IMPORT",
|
||||||
|
"clientSecret": "{{ eosc_clientSecret }}",
|
||||||
|
"defaultScope": "openid profile email",
|
||||||
|
"guiOrder" : "1"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"alias": "linkedin",
|
||||||
|
"providerId": "linkedin",
|
||||||
|
"enabled": true,
|
||||||
|
"updateProfileFirstLoginMode": "on",
|
||||||
|
"trustEmail": true,
|
||||||
|
"storeToken": false,
|
||||||
|
"addReadTokenRoleOnCreate": false,
|
||||||
|
"authenticateByDefault": false,
|
||||||
|
"linkOnly": false,
|
||||||
|
"firstBrokerLoginFlowAlias": "first broker login",
|
||||||
|
"config": {
|
||||||
|
"syncMode": "IMPORT",
|
||||||
|
"clientSecret": "{{ linkedin_clientSecret }}",
|
||||||
|
"clientId": "{{ linkedin_clientId }}",
|
||||||
|
"useJwksUrl": "true",
|
||||||
|
"guiOrder" : "2"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"alias": "google",
|
||||||
|
"providerId": "google",
|
||||||
|
"enabled": true,
|
||||||
|
"updateProfileFirstLoginMode": "on",
|
||||||
|
"trustEmail": true,
|
||||||
|
"storeToken": false,
|
||||||
|
"addReadTokenRoleOnCreate": false,
|
||||||
|
"authenticateByDefault": false,
|
||||||
|
"linkOnly": false,
|
||||||
|
"firstBrokerLoginFlowAlias": "first broker login",
|
||||||
|
"config": {
|
||||||
|
"syncMode": "IMPORT",
|
||||||
|
"clientSecret": "{{ google_clientSecret }}",
|
||||||
|
"clientId": "{{ google_clientId }}",
|
||||||
|
"useJwksUrl": "true",
|
||||||
|
"guiOrder" : "3"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"identityProviderMappers": [
|
||||||
|
{
|
||||||
|
"name": "username from email importer",
|
||||||
|
"identityProviderAlias": "google",
|
||||||
|
"identityProviderMapper": "username-from-idp-email-mapper",
|
||||||
|
"config": {
|
||||||
|
"syncMode": "INHERIT"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "username from email importer",
|
||||||
|
"identityProviderAlias": "eosc-oidc",
|
||||||
|
"identityProviderMapper": "username-from-idp-email-mapper",
|
||||||
|
"config": {
|
||||||
|
"syncMode": "INHERIT",
|
||||||
|
"auto-resolve": "true"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "picture importer",
|
||||||
|
"identityProviderAlias": "linkedin",
|
||||||
|
"identityProviderMapper": "linkedin-user-attribute-mapper",
|
||||||
|
"config": {
|
||||||
|
"syncMode": "INHERIT",
|
||||||
|
"jsonField": "picture",
|
||||||
|
"attribute": "picture",
|
||||||
|
"userAttribute": "picture"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "avatar",
|
||||||
|
"identityProviderAlias": "linkedin",
|
||||||
|
"identityProviderMapper": "avatar-importer",
|
||||||
|
"config": {
|
||||||
|
"use-libravatar": "true",
|
||||||
|
"syncMode": "INHERIT"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "picture importer",
|
||||||
|
"identityProviderAlias": "eosc-oidc",
|
||||||
|
"identityProviderMapper": "oidc-user-attribute-idp-mapper",
|
||||||
|
"config": {
|
||||||
|
"syncMode": "INHERIT",
|
||||||
|
"claim": "picture",
|
||||||
|
"user.attribute": "picture"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "picture",
|
||||||
|
"identityProviderAlias": "google",
|
||||||
|
"identityProviderMapper": "google-user-attribute-mapper",
|
||||||
|
"config": {
|
||||||
|
"syncMode": "INHERIT",
|
||||||
|
"jsonField": "picture",
|
||||||
|
"userAttribute": "picture"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "avatar",
|
||||||
|
"identityProviderAlias": "google",
|
||||||
|
"identityProviderMapper": "avatar-importer",
|
||||||
|
"config": {
|
||||||
|
"use-libravatar": "true",
|
||||||
|
"syncMode": "INHERIT"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "profilePicture importer",
|
||||||
|
"identityProviderAlias": "linkedin",
|
||||||
|
"identityProviderMapper": "linkedin-user-attribute-mapper",
|
||||||
|
"config": {
|
||||||
|
"syncMode": "INHERIT",
|
||||||
|
"jsonField": "profilePicture.displayImage",
|
||||||
|
"userAttribute": "linkedin-profilePicture"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "avatar",
|
||||||
|
"identityProviderAlias": "eosc-oidc",
|
||||||
|
"identityProviderMapper": "avatar-importer",
|
||||||
|
"config": {
|
||||||
|
"use-libravatar": "true",
|
||||||
|
"syncMode": "INHERIT"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "username from email importer",
|
||||||
|
"identityProviderAlias": "linkedin",
|
||||||
|
"identityProviderMapper": "username-from-idp-email-mapper",
|
||||||
|
"config": {
|
||||||
|
"syncMode": "INHERIT",
|
||||||
|
"auto-resolve": "true"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"components": {
|
||||||
|
"org.keycloak.storage.UserStorageProvider": [
|
||||||
|
{
|
||||||
|
"name": "{{ ldap_server }}",
|
||||||
|
"providerId": "ldap",
|
||||||
|
"subComponents": {
|
||||||
|
"org.keycloak.storage.ldap.mappers.LDAPStorageMapper": [
|
||||||
|
{
|
||||||
|
"name": "first name",
|
||||||
|
"providerId": "user-attribute-ldap-mapper",
|
||||||
|
"subComponents": {},
|
||||||
|
"config": {
|
||||||
|
"ldap.attribute": [
|
||||||
|
"givenName"
|
||||||
|
],
|
||||||
|
"is.mandatory.in.ldap": [
|
||||||
|
"true"
|
||||||
|
],
|
||||||
|
"is.binary.attribute": [
|
||||||
|
"false"
|
||||||
|
],
|
||||||
|
"read.only": [
|
||||||
|
"false"
|
||||||
|
],
|
||||||
|
"always.read.value.from.ldap": [
|
||||||
|
"true"
|
||||||
|
],
|
||||||
|
"user.model.attribute": [
|
||||||
|
"firstName"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "email",
|
||||||
|
"providerId": "user-attribute-ldap-mapper",
|
||||||
|
"subComponents": {},
|
||||||
|
"config": {
|
||||||
|
"ldap.attribute": [
|
||||||
|
"mail"
|
||||||
|
],
|
||||||
|
"is.mandatory.in.ldap": [
|
||||||
|
"false"
|
||||||
|
],
|
||||||
|
"read.only": [
|
||||||
|
"false"
|
||||||
|
],
|
||||||
|
"always.read.value.from.ldap": [
|
||||||
|
"false"
|
||||||
|
],
|
||||||
|
"user.model.attribute": [
|
||||||
|
"email"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "username",
|
||||||
|
"providerId": "user-attribute-ldap-mapper",
|
||||||
|
"subComponents": {},
|
||||||
|
"config": {
|
||||||
|
"ldap.attribute": [
|
||||||
|
"uid"
|
||||||
|
],
|
||||||
|
"is.mandatory.in.ldap": [
|
||||||
|
"true"
|
||||||
|
],
|
||||||
|
"is.binary.attribute": [
|
||||||
|
"false"
|
||||||
|
],
|
||||||
|
"always.read.value.from.ldap": [
|
||||||
|
"false"
|
||||||
|
],
|
||||||
|
"read.only": [
|
||||||
|
"true"
|
||||||
|
],
|
||||||
|
"user.model.attribute": [
|
||||||
|
"username"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "d4science-groups",
|
||||||
|
"providerId": "group-ldap-mapper",
|
||||||
|
"subComponents": {},
|
||||||
|
"config": {
|
||||||
|
"membership.attribute.type": [
|
||||||
|
"DN"
|
||||||
|
],
|
||||||
|
"group.name.ldap.attribute": [
|
||||||
|
"cn"
|
||||||
|
],
|
||||||
|
"membership.user.ldap.attribute": [
|
||||||
|
"uid"
|
||||||
|
],
|
||||||
|
"preserve.group.inheritance": [
|
||||||
|
"true"
|
||||||
|
],
|
||||||
|
"groups.dn": [
|
||||||
|
"ou=Groups,o=D4Science,ou=Organizations,dc=d4science,dc=org"
|
||||||
|
],
|
||||||
|
"mapped.group.attributes": [
|
||||||
|
"gidNumber"
|
||||||
|
],
|
||||||
|
"mode": [
|
||||||
|
"LDAP_ONLY"
|
||||||
|
],
|
||||||
|
"user.roles.retrieve.strategy": [
|
||||||
|
"LOAD_GROUPS_BY_MEMBER_ATTRIBUTE"
|
||||||
|
],
|
||||||
|
"ignore.missing.groups": [
|
||||||
|
"false"
|
||||||
|
],
|
||||||
|
"membership.ldap.attribute": [
|
||||||
|
"member"
|
||||||
|
],
|
||||||
|
"group.object.classes": [
|
||||||
|
"groupofnames,posixGroup,top"
|
||||||
|
],
|
||||||
|
"memberof.ldap.attribute": [
|
||||||
|
"memberOf"
|
||||||
|
],
|
||||||
|
"drop.non.existing.groups.during.sync": [
|
||||||
|
"true"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "fullname",
|
||||||
|
"providerId": "full-name-ldap-mapper",
|
||||||
|
"subComponents": {},
|
||||||
|
"config": {
|
||||||
|
"read.only": [
|
||||||
|
"false"
|
||||||
|
],
|
||||||
|
"write.only": [
|
||||||
|
"true"
|
||||||
|
],
|
||||||
|
"ldap.full.name.attribute": [
|
||||||
|
"cn"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "last name",
|
||||||
|
"providerId": "user-attribute-ldap-mapper",
|
||||||
|
"subComponents": {},
|
||||||
|
"config": {
|
||||||
|
"ldap.attribute": [
|
||||||
|
"sn"
|
||||||
|
],
|
||||||
|
"is.mandatory.in.ldap": [
|
||||||
|
"true"
|
||||||
|
],
|
||||||
|
"always.read.value.from.ldap": [
|
||||||
|
"true"
|
||||||
|
],
|
||||||
|
"read.only": [
|
||||||
|
"false"
|
||||||
|
],
|
||||||
|
"user.model.attribute": [
|
||||||
|
"lastName"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "creation date",
|
||||||
|
"providerId": "user-attribute-ldap-mapper",
|
||||||
|
"subComponents": {},
|
||||||
|
"config": {
|
||||||
|
"ldap.attribute": [
|
||||||
|
"createTimestamp"
|
||||||
|
],
|
||||||
|
"is.mandatory.in.ldap": [
|
||||||
|
"false"
|
||||||
|
],
|
||||||
|
"read.only": [
|
||||||
|
"true"
|
||||||
|
],
|
||||||
|
"always.read.value.from.ldap": [
|
||||||
|
"true"
|
||||||
|
],
|
||||||
|
"user.model.attribute": [
|
||||||
|
"createTimestamp"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "modify date",
|
||||||
|
"providerId": "user-attribute-ldap-mapper",
|
||||||
|
"subComponents": {},
|
||||||
|
"config": {
|
||||||
|
"ldap.attribute": [
|
||||||
|
"modifyTimestamp"
|
||||||
|
],
|
||||||
|
"is.mandatory.in.ldap": [
|
||||||
|
"false"
|
||||||
|
],
|
||||||
|
"read.only": [
|
||||||
|
"true"
|
||||||
|
],
|
||||||
|
"always.read.value.from.ldap": [
|
||||||
|
"true"
|
||||||
|
],
|
||||||
|
"user.model.attribute": [
|
||||||
|
"modifyTimestamp"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "homeDirectory",
|
||||||
|
"providerId": "ua-templated-ldap-mapper",
|
||||||
|
"subComponents": {},
|
||||||
|
"config": {
|
||||||
|
"ldap.attribute": [
|
||||||
|
"homeDirectory"
|
||||||
|
],
|
||||||
|
"is.mandatory.in.ldap": [
|
||||||
|
"true"
|
||||||
|
],
|
||||||
|
"read.only": [
|
||||||
|
"false"
|
||||||
|
],
|
||||||
|
"always.read.value.from.ldap": [
|
||||||
|
"true"
|
||||||
|
],
|
||||||
|
"template.string": [
|
||||||
|
"/home/${VALUE}"
|
||||||
|
],
|
||||||
|
"user.model.attribute": [
|
||||||
|
"username"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "sshPublicKey mapper",
|
||||||
|
"providerId": "certificate-ldap-mapper",
|
||||||
|
"subComponents": {},
|
||||||
|
"config": {
|
||||||
|
"ldap.attribute": [
|
||||||
|
"sshPublicKey"
|
||||||
|
],
|
||||||
|
"is.mandatory.in.ldap": [
|
||||||
|
"false"
|
||||||
|
],
|
||||||
|
"is.binary.attribute": [
|
||||||
|
"true"
|
||||||
|
],
|
||||||
|
"read.only": [
|
||||||
|
"true"
|
||||||
|
],
|
||||||
|
"always.read.value.from.ldap": [
|
||||||
|
"true"
|
||||||
|
],
|
||||||
|
"user.model.attribute": [
|
||||||
|
"sshPublicKey"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"config": {
|
||||||
|
"fullSyncPeriod": [
|
||||||
|
"-1"
|
||||||
|
],
|
||||||
|
"pagination": [
|
||||||
|
"true"
|
||||||
|
],
|
||||||
|
"connectionPooling": [
|
||||||
|
"true"
|
||||||
|
],
|
||||||
|
"usersDn": [
|
||||||
|
"ou=People,o=D4Science,ou=Organizations,dc=d4science,dc=org"
|
||||||
|
],
|
||||||
|
"cachePolicy": [
|
||||||
|
"DEFAULT"
|
||||||
|
],
|
||||||
|
"useKerberosForPasswordAuthentication": [
|
||||||
|
"false"
|
||||||
|
],
|
||||||
|
"importEnabled": [
|
||||||
|
"true"
|
||||||
|
],
|
||||||
|
"enabled": [
|
||||||
|
"true"
|
||||||
|
],
|
||||||
|
"usernameLDAPAttribute": [
|
||||||
|
"uid"
|
||||||
|
],
|
||||||
|
"bindCredential": [
|
||||||
|
"{{ ldap_credential }}"
|
||||||
|
],
|
||||||
|
"changedSyncPeriod": [
|
||||||
|
"-1"
|
||||||
|
],
|
||||||
|
"bindDn": [
|
||||||
|
"cn=Directory Manager"
|
||||||
|
],
|
||||||
|
"lastSync": [
|
||||||
|
"1595253546"
|
||||||
|
],
|
||||||
|
"vendor": [
|
||||||
|
"other"
|
||||||
|
],
|
||||||
|
"uuidLDAPAttribute": [
|
||||||
|
"nsUniqueId"
|
||||||
|
],
|
||||||
|
"allowKerberosAuthentication": [
|
||||||
|
"false"
|
||||||
|
],
|
||||||
|
"connectionUrl": [
|
||||||
|
"ldaps://{{ ldap_server }}"
|
||||||
|
],
|
||||||
|
"syncRegistrations": [
|
||||||
|
"true"
|
||||||
|
],
|
||||||
|
"authType": [
|
||||||
|
"simple"
|
||||||
|
],
|
||||||
|
"debug": [
|
||||||
|
"false"
|
||||||
|
],
|
||||||
|
"searchScope": [
|
||||||
|
"1"
|
||||||
|
],
|
||||||
|
"useTruststoreSpi": [
|
||||||
|
"never"
|
||||||
|
],
|
||||||
|
"priority": [
|
||||||
|
"1"
|
||||||
|
],
|
||||||
|
"trustEmail": [
|
||||||
|
"true"
|
||||||
|
],
|
||||||
|
"userObjectClasses": [
|
||||||
|
"inetOrgPerson, organizationalPerson, posixAccount, organizationalPerson, person, inetUser, shadowAccount, ldapPublicKey, top"
|
||||||
|
],
|
||||||
|
"rdnLDAPAttribute": [
|
||||||
|
"uid"
|
||||||
|
],
|
||||||
|
"editMode": [
|
||||||
|
"WRITABLE"
|
||||||
|
],
|
||||||
|
"validatePasswordPolicy": [
|
||||||
|
"true"
|
||||||
|
],
|
||||||
|
"batchSizeForSync": [
|
||||||
|
"1000"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"internationalizationEnabled": true,
|
||||||
|
"supportedLocales": [
|
||||||
|
"de",
|
||||||
|
"no",
|
||||||
|
"ru",
|
||||||
|
"sv",
|
||||||
|
"pt-BR",
|
||||||
|
"lt",
|
||||||
|
"en",
|
||||||
|
"it",
|
||||||
|
"fr",
|
||||||
|
"zh-CN",
|
||||||
|
"es",
|
||||||
|
"ja",
|
||||||
|
"sk",
|
||||||
|
"pl",
|
||||||
|
"ca",
|
||||||
|
"nl",
|
||||||
|
"tr"
|
||||||
|
],
|
||||||
|
"defaultLocale": "en",
|
||||||
|
"requiredActions": [
|
||||||
|
{
|
||||||
|
"alias": "terms_and_conditions",
|
||||||
|
"name": "Terms and Conditions",
|
||||||
|
"providerId": "terms_and_conditions",
|
||||||
|
"enabled": true,
|
||||||
|
"defaultAction": true,
|
||||||
|
"priority": 20,
|
||||||
|
"config": {}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
@ -0,0 +1,30 @@
|
|||||||
|
{
|
||||||
|
"baseUrl" : "https://{{ gw_server_name }}/",
|
||||||
|
"bearerOnly" : false,
|
||||||
|
"clientId" : "{{ gw-server-name }}",
|
||||||
|
"name" : "{{ gw-server-name }}",
|
||||||
|
"description" : "Pre D4Science Gateway",
|
||||||
|
"directAccessGrantsEnabled" : true,
|
||||||
|
"enabled" : true,
|
||||||
|
"protocol" : "openid-connect",
|
||||||
|
"publicClient" : true,
|
||||||
|
"redirectUris" : ["https://{{ gw_server_name }}/c/portal/login"],
|
||||||
|
"attributes": {
|
||||||
|
"login_theme": "{{ gw_server_name }}"
|
||||||
|
},
|
||||||
|
"protocolMappers": [
|
||||||
|
{
|
||||||
|
"name": "send-groups-in-token",
|
||||||
|
"protocol": "openid-connect",
|
||||||
|
"protocolMapper": "oidc-group-membership-mapper",
|
||||||
|
"consentRequired": false,
|
||||||
|
"config": {
|
||||||
|
"full.path": "true",
|
||||||
|
"id.token.claim": "true",
|
||||||
|
"access.token.claim": "true",
|
||||||
|
"claim.name": "groups",
|
||||||
|
"userinfo.token.claim": "true"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
@ -0,0 +1,29 @@
|
|||||||
|
{
|
||||||
|
"baseUrl" : "https://{{env}}.d4science.org/",
|
||||||
|
"bearerOnly" : false,
|
||||||
|
"clientId" : "lr62_portal",
|
||||||
|
"name" : "lr62_portal",
|
||||||
|
"description" : "The D4Science {{env}} Portal",
|
||||||
|
"directAccessGrantsEnabled" : true,
|
||||||
|
"authorizationServicesEnabled" : true,
|
||||||
|
"serviceAccountsEnabled" : true,
|
||||||
|
"enabled" : true,
|
||||||
|
"protocol" : "openid-connect",
|
||||||
|
"publicClient" : false,
|
||||||
|
"redirectUris" : ["https://{{env}}.d4science.org/"],
|
||||||
|
"protocolMappers": [
|
||||||
|
{
|
||||||
|
"name": "send-groups-in-token",
|
||||||
|
"protocol": "openid-connect",
|
||||||
|
"protocolMapper": "oidc-group-membership-mapper",
|
||||||
|
"consentRequired": false,
|
||||||
|
"config": {
|
||||||
|
"full.path": "true",
|
||||||
|
"id.token.claim": "true",
|
||||||
|
"access.token.claim": "true",
|
||||||
|
"claim.name": "groups",
|
||||||
|
"userinfo.token.claim": "true"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
@ -0,0 +1,29 @@
|
|||||||
|
{
|
||||||
|
"baseUrl" : "{{orchestrator_baseUrl}}",
|
||||||
|
"bearerOnly" : false,
|
||||||
|
"clientId" : "orchestrator",
|
||||||
|
"name" : "orchestrator",
|
||||||
|
"description" : "The D4Science {{env}} Orchestrator",
|
||||||
|
"directAccessGrantsEnabled" : true,
|
||||||
|
"authorizationServicesEnabled" : true,
|
||||||
|
"serviceAccountsEnabled" : true,
|
||||||
|
"enabled" : true,
|
||||||
|
"protocol" : "openid-connect",
|
||||||
|
"publicClient" : false,
|
||||||
|
"redirectUris" : ["{{orchestrator_baseUrl}}"],
|
||||||
|
"protocolMappers": [
|
||||||
|
{
|
||||||
|
"name": "send-groups-in-token",
|
||||||
|
"protocol": "openid-connect",
|
||||||
|
"protocolMapper": "oidc-group-membership-mapper",
|
||||||
|
"consentRequired": false,
|
||||||
|
"config": {
|
||||||
|
"full.path": "true",
|
||||||
|
"id.token.claim": "true",
|
||||||
|
"access.token.claim": "true",
|
||||||
|
"claim.name": "groups",
|
||||||
|
"userinfo.token.claim": "true"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
Loading…
Reference in New Issue