You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

662 lines
25 KiB
Django/Jinja

{
"id": "{{ d4science_realm_name }}",
"realm": "{{ d4science_realm_name }}",
"displayName": "D4Science Accounts {{ env }}",
"displayNameHtml": "<h2>D4Science {{ env }}</h2><p>Welcome</p>",
"notBefore": 0,
"revokeRefreshToken": false,
"refreshTokenMaxReuse": 0,
"accessTokenLifespan": 300,
"accessTokenLifespanForImplicitFlow": 900,
"ssoSessionIdleTimeout": 1800,
"ssoSessionMaxLifespan": 36000,
"ssoSessionIdleTimeoutRememberMe": 0,
"ssoSessionMaxLifespanRememberMe": 0,
"offlineSessionIdleTimeout": 2592000,
"offlineSessionMaxLifespanEnabled": false,
"offlineSessionMaxLifespan": 5184000,
"clientSessionIdleTimeout": 0,
"clientSessionMaxLifespan": 0,
"accessCodeLifespan": 60,
"accessCodeLifespanUserAction": 300,
"accessCodeLifespanLogin": 1800,
"actionTokenGeneratedByAdminLifespan": 43200,
"actionTokenGeneratedByUserLifespan": 300,
"enabled": true,
"sslRequired": "external",
"registrationAllowed": true,
"registrationEmailAsUsername": false,
"rememberMe": true,
"verifyEmail": true,
"loginWithEmailAllowed": true,
"duplicateEmailsAllowed": false,
"resetPasswordAllowed": true,
"editUsernameAllowed": false,
"bruteForceProtected": true,
"permanentLockout": false,
"maxFailureWaitSeconds": 900,
"minimumQuickLoginWaitSeconds": 60,
"waitIncrementSeconds": 60,
"quickLoginCheckMilliSeconds": 1000,
"maxDeltaTimeSeconds": 43200,
"failureFactor": 30,
"defaultRoles": [
"offline_access",
"uma_authorization"
],
"requiredCredentials": [
"password"
],
"passwordPolicy": "length(8)",
"browserSecurityHeaders": {
"contentSecurityPolicyReportOnly": "",
"xContentTypeOptions": "nosniff",
"xRobotsTag": "none",
"xFrameOptions": "ALLOW-FROM https://www.google.com",
"contentSecurityPolicy": "frame-src 'self' https://www.google.com;",
"xXSSProtection": "1; mode=block",
"strictTransportSecurity": "max-age=31536000; includeSubDomains"
},
"smtpServer": {
"host": "localhost",
"from": "noreply@d4science.org",
"starttls": "",
"auth": "",
"ssl": ""
},
"loginTheme": "{{ d4science_realm_theme }}",
"accountTheme": "{{ d4science_realm_theme }}",
"adminTheme": "{{ d4science_realm_theme }}",
"eventsListeners": [
"orchestrator-event-publisher",
"jboss-logging",
"email"
],
"identityProviders": [
{
"alias": "eosc-oidc",
"displayName": "Academic / other",
"providerId": "oidc",
"enabled": true,
"updateProfileFirstLoginMode": "on",
"trustEmail": true,
"storeToken": false,
"addReadTokenRoleOnCreate": false,
"authenticateByDefault": false,
"linkOnly": false,
"firstBrokerLoginFlowAlias": "first broker login",
"config": {
"userInfoUrl": "https://aai.eosc-portal.eu/oidc/userinfo",
"validateSignature": "true",
"clientId": "{{ eosc_clientId }}",
"tokenUrl": "https://aai.eosc-portal.eu/oidc/token",
"jwksUrl": "https://aai.eosc-portal.eu/oidc/jwk",
"issuer": "https://aai.eosc-portal.eu/oidc/",
"useJwksUrl": "false",
"publicKeySignatureVerifier": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjCaIg7INT8AGjPYS7Kmg\nO0K0+axSzCVIlnqHZ8M1hKBfXd4QxZajrqLnwza2yzCGcHNC2aNIYzKm/D2oCx2R\nGzemcgKkcxOznNg2+0H4xlx86FbpVv4VZRXzPqIoc/CU5uyGdR5d58CtOMKhCecS\ny8q3vQ9fnhtLPqYFslLpL+u+3vvcur1rJn/a5GB9th55Lwmq9OyzlAeupbVP1q0A\nI92R1UGUswEPotBFk+a6IVfzToNK7zPdw02IAO/wVDUN1x0Baewm1t8KfviV8m41\nJmjmnUg4p/vLzfA/VKAFqtzwxZCKMkxtu7JwODiIRehMCz4AKBTvvi2k97aMHY+Y\nXQIDAQAB\n-----END PUBLIC KEY-----",
"authorizationUrl": "https://aai.eosc-portal.eu/oidc/authorize",
"clientAuthMethod": "client_secret_post",
"syncMode": "IMPORT",
"clientSecret": "{{ eosc_clientSecret }}",
"defaultScope": "openid profile email",
"guiOrder" : "1"
}
},
{
"alias": "linkedin",
"providerId": "linkedin",
"enabled": true,
"updateProfileFirstLoginMode": "on",
"trustEmail": true,
"storeToken": false,
"addReadTokenRoleOnCreate": false,
"authenticateByDefault": false,
"linkOnly": false,
"firstBrokerLoginFlowAlias": "first broker login",
"config": {
"syncMode": "IMPORT",
"clientSecret": "{{ linkedin_clientSecret }}",
"clientId": "{{ linkedin_clientId }}",
"useJwksUrl": "true",
"guiOrder" : "2"
}
},
{
"alias": "google",
"providerId": "google",
"enabled": true,
"updateProfileFirstLoginMode": "on",
"trustEmail": true,
"storeToken": false,
"addReadTokenRoleOnCreate": false,
"authenticateByDefault": false,
"linkOnly": false,
"firstBrokerLoginFlowAlias": "first broker login",
"config": {
"syncMode": "IMPORT",
"clientSecret": "{{ google_clientSecret }}",
"clientId": "{{ google_clientId }}",
"useJwksUrl": "true",
"guiOrder" : "3"
}
},
{
"alias": "twitter",
"providerId": "twitter",
"enabled": true,
"updateProfileFirstLoginMode": "on",
"trustEmail": false,
"storeToken": false,
"addReadTokenRoleOnCreate": false,
"authenticateByDefault": false,
"linkOnly": false,
"firstBrokerLoginFlowAlias": "first broker login",
"config": {
"syncMode": "IMPORT",
"clientSecret": "{{ twitter_clientSecret }}",
"clientId": "{{ twitter_clientId }}",
"useJwksUrl": "true",
"guiOrder" : "4"
}
},
{
"alias": "github",
"providerId": "github",
"enabled": true,
"updateProfileFirstLoginMode": "on",
"trustEmail": true,
"storeToken": false,
"addReadTokenRoleOnCreate": false,
"authenticateByDefault": false,
"linkOnly": false,
"firstBrokerLoginFlowAlias": "first broker login",
"config": {
"syncMode": "IMPORT",
"clientSecret": "{{ github_clientSecret }}",
"clientId": "{{ github_clientId }}",
"useJwksUrl": "true",
"guiOrder" : "5"
}
},
],
"identityProviderMappers": [
{
"name": "username from email importer",
"identityProviderAlias": "google",
"identityProviderMapper": "username-from-idp-email-mapper",
"config": {
"syncMode": "INHERIT"
}
},
{
"name": "username from email importer",
"identityProviderAlias": "eosc-oidc",
"identityProviderMapper": "username-from-idp-email-mapper",
"config": {
"syncMode": "INHERIT",
"auto-resolve": "true"
}
},
{
"name": "picture importer",
"identityProviderAlias": "linkedin",
"identityProviderMapper": "linkedin-user-attribute-mapper",
"config": {
"syncMode": "INHERIT",
"jsonField": "picture",
"attribute": "picture",
"userAttribute": "picture"
}
},
{
"name": "avatar",
"identityProviderAlias": "linkedin",
"identityProviderMapper": "avatar-importer",
"config": {
"use-libravatar": "true",
"syncMode": "INHERIT"
}
},
{
"name": "picture importer",
"identityProviderAlias": "eosc-oidc",
"identityProviderMapper": "oidc-user-attribute-idp-mapper",
"config": {
"syncMode": "INHERIT",
"claim": "picture",
"user.attribute": "picture"
}
},
{
"name": "picture",
"identityProviderAlias": "google",
"identityProviderMapper": "google-user-attribute-mapper",
"config": {
"syncMode": "INHERIT",
"jsonField": "picture",
"userAttribute": "picture"
}
},
{
"name": "avatar",
"identityProviderAlias": "google",
"identityProviderMapper": "avatar-importer",
"config": {
"use-libravatar": "true",
"syncMode": "INHERIT"
}
},
{
"name": "profilePicture importer",
"identityProviderAlias": "linkedin",
"identityProviderMapper": "linkedin-user-attribute-mapper",
"config": {
"syncMode": "INHERIT",
"jsonField": "profilePicture.displayImage",
"userAttribute": "linkedin-profilePicture"
}
},
{
"name": "avatar",
"identityProviderAlias": "eosc-oidc",
"identityProviderMapper": "avatar-importer",
"config": {
"use-libravatar": "true",
"syncMode": "INHERIT"
}
},
{
"name": "username from email importer",
"identityProviderAlias": "linkedin",
"identityProviderMapper": "username-from-idp-email-mapper",
"config": {
"syncMode": "INHERIT",
"auto-resolve": "true"
}
}
],
"components": {
"org.keycloak.storage.UserStorageProvider": [
{
"name": "{{ ldap_server }}",
"providerId": "ldap",
"subComponents": {
"org.keycloak.storage.ldap.mappers.LDAPStorageMapper": [
{
"name": "first name",
"providerId": "user-attribute-ldap-mapper",
"subComponents": {},
"config": {
"ldap.attribute": [
"givenName"
],
"is.mandatory.in.ldap": [
"true"
],
"is.binary.attribute": [
"false"
],
"read.only": [
"false"
],
"always.read.value.from.ldap": [
"true"
],
"user.model.attribute": [
"firstName"
]
}
},
{
"name": "email",
"providerId": "user-attribute-ldap-mapper",
"subComponents": {},
"config": {
"ldap.attribute": [
"mail"
],
"is.mandatory.in.ldap": [
"false"
],
"read.only": [
"false"
],
"always.read.value.from.ldap": [
"false"
],
"user.model.attribute": [
"email"
]
}
},
{
"name": "username",
"providerId": "user-attribute-ldap-mapper",
"subComponents": {},
"config": {
"ldap.attribute": [
"uid"
],
"is.mandatory.in.ldap": [
"true"
],
"is.binary.attribute": [
"false"
],
"always.read.value.from.ldap": [
"false"
],
"read.only": [
"true"
],
"user.model.attribute": [
"username"
]
}
},
{
"name": "d4science-groups",
"providerId": "group-ldap-mapper",
"subComponents": {},
"config": {
"membership.attribute.type": [
"DN"
],
"group.name.ldap.attribute": [
"cn"
],
"membership.user.ldap.attribute": [
"uid"
],
"preserve.group.inheritance": [
"true"
],
"groups.dn": [
"ou=Groups,o=D4Science,ou=Organizations,dc=d4science,dc=org"
],
"mapped.group.attributes": [
"gidNumber"
],
"mode": [
"LDAP_ONLY"
],
"user.roles.retrieve.strategy": [
"LOAD_GROUPS_BY_MEMBER_ATTRIBUTE"
],
"ignore.missing.groups": [
"false"
],
"membership.ldap.attribute": [
"member"
],
"group.object.classes": [
"groupofnames,posixGroup,top"
],
"memberof.ldap.attribute": [
"memberOf"
],
"drop.non.existing.groups.during.sync": [
"true"
]
}
},
{
"name": "fullname",
"providerId": "full-name-ldap-mapper",
"subComponents": {},
"config": {
"read.only": [
"false"
],
"write.only": [
"true"
],
"ldap.full.name.attribute": [
"cn"
]
}
},
{
"name": "last name",
"providerId": "user-attribute-ldap-mapper",
"subComponents": {},
"config": {
"ldap.attribute": [
"sn"
],
"is.mandatory.in.ldap": [
"true"
],
"always.read.value.from.ldap": [
"true"
],
"read.only": [
"false"
],
"user.model.attribute": [
"lastName"
]
}
},
{
"name": "creation date",
"providerId": "user-attribute-ldap-mapper",
"subComponents": {},
"config": {
"ldap.attribute": [
"createTimestamp"
],
"is.mandatory.in.ldap": [
"false"
],
"read.only": [
"true"
],
"always.read.value.from.ldap": [
"true"
],
"user.model.attribute": [
"createTimestamp"
]
}
},
{
"name": "modify date",
"providerId": "user-attribute-ldap-mapper",
"subComponents": {},
"config": {
"ldap.attribute": [
"modifyTimestamp"
],
"is.mandatory.in.ldap": [
"false"
],
"read.only": [
"true"
],
"always.read.value.from.ldap": [
"true"
],
"user.model.attribute": [
"modifyTimestamp"
]
}
},
{
"name": "homeDirectory",
"providerId": "ua-templated-ldap-mapper",
"subComponents": {},
"config": {
"ldap.attribute": [
"homeDirectory"
],
"is.mandatory.in.ldap": [
"true"
],
"read.only": [
"false"
],
"always.read.value.from.ldap": [
"true"
],
"template.string": [
"/home/${VALUE}"
],
"user.model.attribute": [
"username"
]
}
},
{
"name": "sshPublicKey mapper",
"providerId": "certificate-ldap-mapper",
"subComponents": {},
"config": {
"ldap.attribute": [
"sshPublicKey"
],
"is.mandatory.in.ldap": [
"false"
],
"is.binary.attribute": [
"true"
],
"read.only": [
"true"
],
"always.read.value.from.ldap": [
"true"
],
"user.model.attribute": [
"sshPublicKey"
]
}
}
]
},
"config": {
"fullSyncPeriod": [
"-1"
],
"pagination": [
"true"
],
"connectionPooling": [
"true"
],
"usersDn": [
"ou=People,o=D4Science,ou=Organizations,dc=d4science,dc=org"
],
"cachePolicy": [
"DEFAULT"
],
"useKerberosForPasswordAuthentication": [
"false"
],
"importEnabled": [
"true"
],
"enabled": [
"true"
],
"usernameLDAPAttribute": [
"uid"
],
"bindCredential": [
"{{ ldap_credential }}"
],
"changedSyncPeriod": [
"-1"
],
"bindDn": [
"cn=Directory Manager"
],
"lastSync": [
"1595253546"
],
"vendor": [
"other"
],
"uuidLDAPAttribute": [
"nsUniqueId"
],
"allowKerberosAuthentication": [
"false"
],
"connectionUrl": [
"ldaps://{{ ldap_server }}"
],
"syncRegistrations": [
"true"
],
"authType": [
"simple"
],
"debug": [
"false"
],
"searchScope": [
"1"
],
"useTruststoreSpi": [
"never"
],
"priority": [
"1"
],
"trustEmail": [
"true"
],
"userObjectClasses": [
"inetOrgPerson, organizationalPerson, posixAccount, organizationalPerson, person, inetUser, shadowAccount, ldapPublicKey, top"
],
"rdnLDAPAttribute": [
"uid"
],
"editMode": [
"WRITABLE"
],
"validatePasswordPolicy": [
"true"
],
"batchSizeForSync": [
"1000"
]
}
}
]
},
"internationalizationEnabled": true,
"supportedLocales": [
"de",
"no",
"ru",
"sv",
"pt-BR",
"lt",
"en",
"it",
"fr",
"zh-CN",
"es",
"ja",
"sk",
"pl",
"ca",
"nl",
"tr"
],
"defaultLocale": "en",
"requiredActions": [
{
"alias": "terms_and_conditions",
"name": "Terms and Conditions",
"providerId": "terms_and_conditions",
"enabled": true,
"defaultAction": true,
"priority": 20,
"config": {}
}
]
}