You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
662 lines
25 KiB
Django/Jinja
662 lines
25 KiB
Django/Jinja
{
|
|
"id": "{{ d4science_realm_name }}",
|
|
"realm": "{{ d4science_realm_name }}",
|
|
"displayName": "D4Science Accounts {{ env }}",
|
|
"displayNameHtml": "<h2>D4Science {{ env }}</h2><p>Welcome</p>",
|
|
"notBefore": 0,
|
|
"revokeRefreshToken": false,
|
|
"refreshTokenMaxReuse": 0,
|
|
"accessTokenLifespan": 300,
|
|
"accessTokenLifespanForImplicitFlow": 900,
|
|
"ssoSessionIdleTimeout": 1800,
|
|
"ssoSessionMaxLifespan": 36000,
|
|
"ssoSessionIdleTimeoutRememberMe": 0,
|
|
"ssoSessionMaxLifespanRememberMe": 0,
|
|
"offlineSessionIdleTimeout": 2592000,
|
|
"offlineSessionMaxLifespanEnabled": false,
|
|
"offlineSessionMaxLifespan": 5184000,
|
|
"clientSessionIdleTimeout": 0,
|
|
"clientSessionMaxLifespan": 0,
|
|
"accessCodeLifespan": 60,
|
|
"accessCodeLifespanUserAction": 300,
|
|
"accessCodeLifespanLogin": 1800,
|
|
"actionTokenGeneratedByAdminLifespan": 43200,
|
|
"actionTokenGeneratedByUserLifespan": 300,
|
|
"enabled": true,
|
|
"sslRequired": "external",
|
|
"registrationAllowed": true,
|
|
"registrationEmailAsUsername": false,
|
|
"rememberMe": true,
|
|
"verifyEmail": true,
|
|
"loginWithEmailAllowed": true,
|
|
"duplicateEmailsAllowed": false,
|
|
"resetPasswordAllowed": true,
|
|
"editUsernameAllowed": false,
|
|
"bruteForceProtected": true,
|
|
"permanentLockout": false,
|
|
"maxFailureWaitSeconds": 900,
|
|
"minimumQuickLoginWaitSeconds": 60,
|
|
"waitIncrementSeconds": 60,
|
|
"quickLoginCheckMilliSeconds": 1000,
|
|
"maxDeltaTimeSeconds": 43200,
|
|
"failureFactor": 30,
|
|
"defaultRoles": [
|
|
"offline_access",
|
|
"uma_authorization"
|
|
],
|
|
"requiredCredentials": [
|
|
"password"
|
|
],
|
|
"passwordPolicy": "length(8)",
|
|
"browserSecurityHeaders": {
|
|
"contentSecurityPolicyReportOnly": "",
|
|
"xContentTypeOptions": "nosniff",
|
|
"xRobotsTag": "none",
|
|
"xFrameOptions": "ALLOW-FROM https://www.google.com",
|
|
"contentSecurityPolicy": "frame-src 'self' https://www.google.com;",
|
|
"xXSSProtection": "1; mode=block",
|
|
"strictTransportSecurity": "max-age=31536000; includeSubDomains"
|
|
},
|
|
"smtpServer": {
|
|
"host": "localhost",
|
|
"from": "noreply@d4science.org",
|
|
"starttls": "",
|
|
"auth": "",
|
|
"ssl": ""
|
|
},
|
|
"loginTheme": "{{ d4science_realm_theme }}",
|
|
"accountTheme": "{{ d4science_realm_theme }}",
|
|
"adminTheme": "{{ d4science_realm_theme }}",
|
|
"eventsListeners": [
|
|
"orchestrator-event-publisher",
|
|
"jboss-logging",
|
|
"email"
|
|
],
|
|
"identityProviders": [
|
|
{
|
|
"alias": "eosc-oidc",
|
|
"displayName": "Academic / other",
|
|
"providerId": "oidc",
|
|
"enabled": true,
|
|
"updateProfileFirstLoginMode": "on",
|
|
"trustEmail": true,
|
|
"storeToken": false,
|
|
"addReadTokenRoleOnCreate": false,
|
|
"authenticateByDefault": false,
|
|
"linkOnly": false,
|
|
"firstBrokerLoginFlowAlias": "first broker login",
|
|
"config": {
|
|
"userInfoUrl": "https://aai.eosc-portal.eu/oidc/userinfo",
|
|
"validateSignature": "true",
|
|
"clientId": "{{ eosc_clientId }}",
|
|
"tokenUrl": "https://aai.eosc-portal.eu/oidc/token",
|
|
"jwksUrl": "https://aai.eosc-portal.eu/oidc/jwk",
|
|
"issuer": "https://aai.eosc-portal.eu/oidc/",
|
|
"useJwksUrl": "false",
|
|
"publicKeySignatureVerifier": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjCaIg7INT8AGjPYS7Kmg\nO0K0+axSzCVIlnqHZ8M1hKBfXd4QxZajrqLnwza2yzCGcHNC2aNIYzKm/D2oCx2R\nGzemcgKkcxOznNg2+0H4xlx86FbpVv4VZRXzPqIoc/CU5uyGdR5d58CtOMKhCecS\ny8q3vQ9fnhtLPqYFslLpL+u+3vvcur1rJn/a5GB9th55Lwmq9OyzlAeupbVP1q0A\nI92R1UGUswEPotBFk+a6IVfzToNK7zPdw02IAO/wVDUN1x0Baewm1t8KfviV8m41\nJmjmnUg4p/vLzfA/VKAFqtzwxZCKMkxtu7JwODiIRehMCz4AKBTvvi2k97aMHY+Y\nXQIDAQAB\n-----END PUBLIC KEY-----",
|
|
"authorizationUrl": "https://aai.eosc-portal.eu/oidc/authorize",
|
|
"clientAuthMethod": "client_secret_post",
|
|
"syncMode": "IMPORT",
|
|
"clientSecret": "{{ eosc_clientSecret }}",
|
|
"defaultScope": "openid profile email",
|
|
"guiOrder" : "1"
|
|
}
|
|
},
|
|
{
|
|
"alias": "linkedin",
|
|
"providerId": "linkedin",
|
|
"enabled": true,
|
|
"updateProfileFirstLoginMode": "on",
|
|
"trustEmail": true,
|
|
"storeToken": false,
|
|
"addReadTokenRoleOnCreate": false,
|
|
"authenticateByDefault": false,
|
|
"linkOnly": false,
|
|
"firstBrokerLoginFlowAlias": "first broker login",
|
|
"config": {
|
|
"syncMode": "IMPORT",
|
|
"clientSecret": "{{ linkedin_clientSecret }}",
|
|
"clientId": "{{ linkedin_clientId }}",
|
|
"useJwksUrl": "true",
|
|
"guiOrder" : "2"
|
|
}
|
|
},
|
|
{
|
|
"alias": "google",
|
|
"providerId": "google",
|
|
"enabled": true,
|
|
"updateProfileFirstLoginMode": "on",
|
|
"trustEmail": true,
|
|
"storeToken": false,
|
|
"addReadTokenRoleOnCreate": false,
|
|
"authenticateByDefault": false,
|
|
"linkOnly": false,
|
|
"firstBrokerLoginFlowAlias": "first broker login",
|
|
"config": {
|
|
"syncMode": "IMPORT",
|
|
"clientSecret": "{{ google_clientSecret }}",
|
|
"clientId": "{{ google_clientId }}",
|
|
"useJwksUrl": "true",
|
|
"guiOrder" : "3"
|
|
}
|
|
},
|
|
{
|
|
"alias": "twitter",
|
|
"providerId": "twitter",
|
|
"enabled": true,
|
|
"updateProfileFirstLoginMode": "on",
|
|
"trustEmail": false,
|
|
"storeToken": false,
|
|
"addReadTokenRoleOnCreate": false,
|
|
"authenticateByDefault": false,
|
|
"linkOnly": false,
|
|
"firstBrokerLoginFlowAlias": "first broker login",
|
|
"config": {
|
|
"syncMode": "IMPORT",
|
|
"clientSecret": "{{ twitter_clientSecret }}",
|
|
"clientId": "{{ twitter_clientId }}",
|
|
"useJwksUrl": "true",
|
|
"guiOrder" : "4"
|
|
}
|
|
},
|
|
{
|
|
"alias": "github",
|
|
"providerId": "github",
|
|
"enabled": true,
|
|
"updateProfileFirstLoginMode": "on",
|
|
"trustEmail": true,
|
|
"storeToken": false,
|
|
"addReadTokenRoleOnCreate": false,
|
|
"authenticateByDefault": false,
|
|
"linkOnly": false,
|
|
"firstBrokerLoginFlowAlias": "first broker login",
|
|
"config": {
|
|
"syncMode": "IMPORT",
|
|
"clientSecret": "{{ github_clientSecret }}",
|
|
"clientId": "{{ github_clientId }}",
|
|
"useJwksUrl": "true",
|
|
"guiOrder" : "5"
|
|
}
|
|
},
|
|
],
|
|
"identityProviderMappers": [
|
|
{
|
|
"name": "username from email importer",
|
|
"identityProviderAlias": "google",
|
|
"identityProviderMapper": "username-from-idp-email-mapper",
|
|
"config": {
|
|
"syncMode": "INHERIT"
|
|
}
|
|
},
|
|
{
|
|
"name": "username from email importer",
|
|
"identityProviderAlias": "eosc-oidc",
|
|
"identityProviderMapper": "username-from-idp-email-mapper",
|
|
"config": {
|
|
"syncMode": "INHERIT",
|
|
"auto-resolve": "true"
|
|
}
|
|
},
|
|
{
|
|
"name": "picture importer",
|
|
"identityProviderAlias": "linkedin",
|
|
"identityProviderMapper": "linkedin-user-attribute-mapper",
|
|
"config": {
|
|
"syncMode": "INHERIT",
|
|
"jsonField": "picture",
|
|
"attribute": "picture",
|
|
"userAttribute": "picture"
|
|
}
|
|
},
|
|
{
|
|
"name": "avatar",
|
|
"identityProviderAlias": "linkedin",
|
|
"identityProviderMapper": "avatar-importer",
|
|
"config": {
|
|
"use-libravatar": "true",
|
|
"syncMode": "INHERIT"
|
|
}
|
|
},
|
|
{
|
|
"name": "picture importer",
|
|
"identityProviderAlias": "eosc-oidc",
|
|
"identityProviderMapper": "oidc-user-attribute-idp-mapper",
|
|
"config": {
|
|
"syncMode": "INHERIT",
|
|
"claim": "picture",
|
|
"user.attribute": "picture"
|
|
}
|
|
},
|
|
{
|
|
"name": "picture",
|
|
"identityProviderAlias": "google",
|
|
"identityProviderMapper": "google-user-attribute-mapper",
|
|
"config": {
|
|
"syncMode": "INHERIT",
|
|
"jsonField": "picture",
|
|
"userAttribute": "picture"
|
|
}
|
|
},
|
|
{
|
|
"name": "avatar",
|
|
"identityProviderAlias": "google",
|
|
"identityProviderMapper": "avatar-importer",
|
|
"config": {
|
|
"use-libravatar": "true",
|
|
"syncMode": "INHERIT"
|
|
}
|
|
},
|
|
{
|
|
"name": "profilePicture importer",
|
|
"identityProviderAlias": "linkedin",
|
|
"identityProviderMapper": "linkedin-user-attribute-mapper",
|
|
"config": {
|
|
"syncMode": "INHERIT",
|
|
"jsonField": "profilePicture.displayImage",
|
|
"userAttribute": "linkedin-profilePicture"
|
|
}
|
|
},
|
|
{
|
|
"name": "avatar",
|
|
"identityProviderAlias": "eosc-oidc",
|
|
"identityProviderMapper": "avatar-importer",
|
|
"config": {
|
|
"use-libravatar": "true",
|
|
"syncMode": "INHERIT"
|
|
}
|
|
},
|
|
{
|
|
"name": "username from email importer",
|
|
"identityProviderAlias": "linkedin",
|
|
"identityProviderMapper": "username-from-idp-email-mapper",
|
|
"config": {
|
|
"syncMode": "INHERIT",
|
|
"auto-resolve": "true"
|
|
}
|
|
}
|
|
],
|
|
"components": {
|
|
"org.keycloak.storage.UserStorageProvider": [
|
|
{
|
|
"name": "{{ ldap_server }}",
|
|
"providerId": "ldap",
|
|
"subComponents": {
|
|
"org.keycloak.storage.ldap.mappers.LDAPStorageMapper": [
|
|
{
|
|
"name": "first name",
|
|
"providerId": "user-attribute-ldap-mapper",
|
|
"subComponents": {},
|
|
"config": {
|
|
"ldap.attribute": [
|
|
"givenName"
|
|
],
|
|
"is.mandatory.in.ldap": [
|
|
"true"
|
|
],
|
|
"is.binary.attribute": [
|
|
"false"
|
|
],
|
|
"read.only": [
|
|
"false"
|
|
],
|
|
"always.read.value.from.ldap": [
|
|
"true"
|
|
],
|
|
"user.model.attribute": [
|
|
"firstName"
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"name": "email",
|
|
"providerId": "user-attribute-ldap-mapper",
|
|
"subComponents": {},
|
|
"config": {
|
|
"ldap.attribute": [
|
|
"mail"
|
|
],
|
|
"is.mandatory.in.ldap": [
|
|
"false"
|
|
],
|
|
"read.only": [
|
|
"false"
|
|
],
|
|
"always.read.value.from.ldap": [
|
|
"false"
|
|
],
|
|
"user.model.attribute": [
|
|
"email"
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"name": "username",
|
|
"providerId": "user-attribute-ldap-mapper",
|
|
"subComponents": {},
|
|
"config": {
|
|
"ldap.attribute": [
|
|
"uid"
|
|
],
|
|
"is.mandatory.in.ldap": [
|
|
"true"
|
|
],
|
|
"is.binary.attribute": [
|
|
"false"
|
|
],
|
|
"always.read.value.from.ldap": [
|
|
"false"
|
|
],
|
|
"read.only": [
|
|
"true"
|
|
],
|
|
"user.model.attribute": [
|
|
"username"
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"name": "d4science-groups",
|
|
"providerId": "group-ldap-mapper",
|
|
"subComponents": {},
|
|
"config": {
|
|
"membership.attribute.type": [
|
|
"DN"
|
|
],
|
|
"group.name.ldap.attribute": [
|
|
"cn"
|
|
],
|
|
"membership.user.ldap.attribute": [
|
|
"uid"
|
|
],
|
|
"preserve.group.inheritance": [
|
|
"true"
|
|
],
|
|
"groups.dn": [
|
|
"ou=Groups,o=D4Science,ou=Organizations,dc=d4science,dc=org"
|
|
],
|
|
"mapped.group.attributes": [
|
|
"gidNumber"
|
|
],
|
|
"mode": [
|
|
"LDAP_ONLY"
|
|
],
|
|
"user.roles.retrieve.strategy": [
|
|
"LOAD_GROUPS_BY_MEMBER_ATTRIBUTE"
|
|
],
|
|
"ignore.missing.groups": [
|
|
"false"
|
|
],
|
|
"membership.ldap.attribute": [
|
|
"member"
|
|
],
|
|
"group.object.classes": [
|
|
"groupofnames,posixGroup,top"
|
|
],
|
|
"memberof.ldap.attribute": [
|
|
"memberOf"
|
|
],
|
|
"drop.non.existing.groups.during.sync": [
|
|
"true"
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"name": "fullname",
|
|
"providerId": "full-name-ldap-mapper",
|
|
"subComponents": {},
|
|
"config": {
|
|
"read.only": [
|
|
"false"
|
|
],
|
|
"write.only": [
|
|
"true"
|
|
],
|
|
"ldap.full.name.attribute": [
|
|
"cn"
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"name": "last name",
|
|
"providerId": "user-attribute-ldap-mapper",
|
|
"subComponents": {},
|
|
"config": {
|
|
"ldap.attribute": [
|
|
"sn"
|
|
],
|
|
"is.mandatory.in.ldap": [
|
|
"true"
|
|
],
|
|
"always.read.value.from.ldap": [
|
|
"true"
|
|
],
|
|
"read.only": [
|
|
"false"
|
|
],
|
|
"user.model.attribute": [
|
|
"lastName"
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"name": "creation date",
|
|
"providerId": "user-attribute-ldap-mapper",
|
|
"subComponents": {},
|
|
"config": {
|
|
"ldap.attribute": [
|
|
"createTimestamp"
|
|
],
|
|
"is.mandatory.in.ldap": [
|
|
"false"
|
|
],
|
|
"read.only": [
|
|
"true"
|
|
],
|
|
"always.read.value.from.ldap": [
|
|
"true"
|
|
],
|
|
"user.model.attribute": [
|
|
"createTimestamp"
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"name": "modify date",
|
|
"providerId": "user-attribute-ldap-mapper",
|
|
"subComponents": {},
|
|
"config": {
|
|
"ldap.attribute": [
|
|
"modifyTimestamp"
|
|
],
|
|
"is.mandatory.in.ldap": [
|
|
"false"
|
|
],
|
|
"read.only": [
|
|
"true"
|
|
],
|
|
"always.read.value.from.ldap": [
|
|
"true"
|
|
],
|
|
"user.model.attribute": [
|
|
"modifyTimestamp"
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"name": "homeDirectory",
|
|
"providerId": "ua-templated-ldap-mapper",
|
|
"subComponents": {},
|
|
"config": {
|
|
"ldap.attribute": [
|
|
"homeDirectory"
|
|
],
|
|
"is.mandatory.in.ldap": [
|
|
"true"
|
|
],
|
|
"read.only": [
|
|
"false"
|
|
],
|
|
"always.read.value.from.ldap": [
|
|
"true"
|
|
],
|
|
"template.string": [
|
|
"/home/${VALUE}"
|
|
],
|
|
"user.model.attribute": [
|
|
"username"
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"name": "sshPublicKey mapper",
|
|
"providerId": "certificate-ldap-mapper",
|
|
"subComponents": {},
|
|
"config": {
|
|
"ldap.attribute": [
|
|
"sshPublicKey"
|
|
],
|
|
"is.mandatory.in.ldap": [
|
|
"false"
|
|
],
|
|
"is.binary.attribute": [
|
|
"true"
|
|
],
|
|
"read.only": [
|
|
"true"
|
|
],
|
|
"always.read.value.from.ldap": [
|
|
"true"
|
|
],
|
|
"user.model.attribute": [
|
|
"sshPublicKey"
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"config": {
|
|
"fullSyncPeriod": [
|
|
"-1"
|
|
],
|
|
"pagination": [
|
|
"true"
|
|
],
|
|
"connectionPooling": [
|
|
"true"
|
|
],
|
|
"usersDn": [
|
|
"ou=People,o=D4Science,ou=Organizations,dc=d4science,dc=org"
|
|
],
|
|
"cachePolicy": [
|
|
"DEFAULT"
|
|
],
|
|
"useKerberosForPasswordAuthentication": [
|
|
"false"
|
|
],
|
|
"importEnabled": [
|
|
"true"
|
|
],
|
|
"enabled": [
|
|
"true"
|
|
],
|
|
"usernameLDAPAttribute": [
|
|
"uid"
|
|
],
|
|
"bindCredential": [
|
|
"{{ ldap_credential }}"
|
|
],
|
|
"changedSyncPeriod": [
|
|
"-1"
|
|
],
|
|
"bindDn": [
|
|
"cn=Directory Manager"
|
|
],
|
|
"lastSync": [
|
|
"1595253546"
|
|
],
|
|
"vendor": [
|
|
"other"
|
|
],
|
|
"uuidLDAPAttribute": [
|
|
"nsUniqueId"
|
|
],
|
|
"allowKerberosAuthentication": [
|
|
"false"
|
|
],
|
|
"connectionUrl": [
|
|
"ldaps://{{ ldap_server }}"
|
|
],
|
|
"syncRegistrations": [
|
|
"true"
|
|
],
|
|
"authType": [
|
|
"simple"
|
|
],
|
|
"debug": [
|
|
"false"
|
|
],
|
|
"searchScope": [
|
|
"1"
|
|
],
|
|
"useTruststoreSpi": [
|
|
"never"
|
|
],
|
|
"priority": [
|
|
"1"
|
|
],
|
|
"trustEmail": [
|
|
"true"
|
|
],
|
|
"userObjectClasses": [
|
|
"inetOrgPerson, organizationalPerson, posixAccount, organizationalPerson, person, inetUser, shadowAccount, ldapPublicKey, top"
|
|
],
|
|
"rdnLDAPAttribute": [
|
|
"uid"
|
|
],
|
|
"editMode": [
|
|
"WRITABLE"
|
|
],
|
|
"validatePasswordPolicy": [
|
|
"true"
|
|
],
|
|
"batchSizeForSync": [
|
|
"1000"
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"internationalizationEnabled": true,
|
|
"supportedLocales": [
|
|
"de",
|
|
"no",
|
|
"ru",
|
|
"sv",
|
|
"pt-BR",
|
|
"lt",
|
|
"en",
|
|
"it",
|
|
"fr",
|
|
"zh-CN",
|
|
"es",
|
|
"ja",
|
|
"sk",
|
|
"pl",
|
|
"ca",
|
|
"nl",
|
|
"tr"
|
|
],
|
|
"defaultLocale": "en",
|
|
"requiredActions": [
|
|
{
|
|
"alias": "terms_and_conditions",
|
|
"name": "Terms and Conditions",
|
|
"providerId": "terms_and_conditions",
|
|
"enabled": true,
|
|
"defaultAction": true,
|
|
"priority": 20,
|
|
"config": {}
|
|
}
|
|
]
|
|
}
|