Skip to content

Commit

Permalink
dbildungs-iam-keycloak
Browse files Browse the repository at this point in the history
  • Loading branch information
dbildungs-iam-keycloak-gha committed Jan 14, 2025
1 parent d892803 commit 101e1aa
Show file tree
Hide file tree
Showing 10 changed files with 335 additions and 33 deletions.
4 changes: 2 additions & 2 deletions automation/dbildungs-iam-keycloak/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
apiVersion: v2
appVersion: SPSH-1377
appVersion: spsh-1377
description: A Helm Chart for the dbildungs-iam-keycloak
name: dbildungs-iam-keycloak
type: application
version: 0.0.0-spsh-1377-20250113-1557
version: 0.0.0-spsh-1377-20250114-1110
109 changes: 95 additions & 14 deletions automation/dbildungs-iam-keycloak/dev-realm-spsh.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -418,7 +418,7 @@
"requiredCredentials": [
"password"
],
"passwordPolicy" : "maxAuthAge(0)",
"passwordPolicy": "maxAuthAge(0) and passwordHistory(3) and length(8) and digits(1) and lowerCase(1) and upperCase(1) and specialChars(1) and regexPattern(^\\S+$)",
"otpPolicyType": "totp",
"otpPolicyAlgorithm": "HmacSHA1",
"otpPolicyInitialCounter": 0,
Expand Down Expand Up @@ -639,7 +639,7 @@
"description": "Admin for Schulportal SH",
"rootUrl": "${KC_ROOT_URL}",
"adminUrl": "",
"baseUrl": "",
"baseUrl": "${KC_ROOT_URL}",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
Expand Down Expand Up @@ -826,7 +826,7 @@
"description": "",
"rootUrl": "",
"adminUrl": "",
"baseUrl": "",
"baseUrl": "${KC_ROOT_URL}",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
Expand All @@ -853,7 +853,7 @@
"oidc.ciba.grant.enabled": "false",
"client.secret.creation.time": "1727357679",
"backchannel.logout.session.required": "true",
"jwt.credential.certificate": "MIICpzCCAY8CBgGSudz1xDANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxzcHNoLXNlcnZpY2UwHhcNMjQxMDIzMTQ1MDE4WhcNMzQxMDIzMTQ1MTU4WjAXMRUwEwYDVQQDDAxzcHNoLXNlcnZpY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4+xc3VFrYv+1A5Eoa+7firuYN/+3FwoLKSYAe68FQrPTDA27qyTdtPwbZfYe33lxREq7YgAF0T9qGVShXQrQqv+vvf0IDBdsTWd2UbEnJ02vj0CvDKV+1bFBWQt2Ead7MF6Wsw0HbK1tWMlvdZZl7YwypH8uHmXtGvdnnYNCLzJYPEWU4so6CPVAB89cTdspceYGg9HUnoWKv7IklAL/fJfJ/IWO/D/tEmPqM5taONuQmnwmYFhXMFAVRu32uixIYXNzr8Tw9w5naHIjENib83OtiqwidZrGbL7djNidIIs0XOzTxRlOzJ/+ajvUUQJLEQPEpjyd0QFEk2RshtcD9AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGsR/rbVu+Yf0rvYsfz59etjNoEtTq8l4jbDMChJRnanLHJvAxqHl0co1m+MbxTYB+l2cnqS6tpwea0LfKICXAamMScxe8dcq86DHV8RFOpWLszZgxFuPNplVxZxWde2AhwxCTz/wF2bPllJGc8mxJK0DJkuC50zh9yXQ6XFfwT9qTVAvqv3aEEKidmY3uDxRYFnzmLzqu7ac+Q3e/AWtP+PCQ+vmSJaSK4Uyn21wu3VN+1Gb8clPVI2pkNypSExq/OeS6g1BZy6Sng9mxG42602RLQj7QwK4GQHxYqMCEagf2W1OzC9pt+kGGg0JlN1kxeodiKLvU/Q8zWGCURWY30=",
"jwt.credential.certificate": "${KC_SERVICE_CLIENT_CERTIFICATE}",
"oauth2.device.authorization.grant.enabled": "false",
"display.on.consent.screen": "false",
"backchannel.logout.revoke.offline.tokens": "false"
Expand Down Expand Up @@ -959,7 +959,7 @@
"oauth2.device.authorization.grant.enabled": "false",
"display.on.consent.screen": "false",
"backchannel.logout.revoke.offline.tokens": "false",
"acr.loa.map": "{\"gold\":\"10\"}",
"acr.loa.map": "{\"gold\":\"10\", \"silver\":\"15\"}",
"default.acr.values": "0"
},
"authenticationFlowBindingOverrides": {
Expand Down Expand Up @@ -1034,7 +1034,7 @@
"description": "",
"rootUrl": "",
"adminUrl": "",
"baseUrl": "",
"baseUrl": "${KC_ROOT_URL}",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
Expand Down Expand Up @@ -1141,7 +1141,7 @@
"description": "",
"rootUrl": "${KC_ROOT_URL}",
"adminUrl": "",
"baseUrl": "",
"baseUrl": "${KC_ROOT_URL}",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
Expand Down Expand Up @@ -1248,7 +1248,7 @@
"description": "",
"rootUrl": "https://sh.lumaserv.dev",
"adminUrl": "",
"baseUrl": "",
"baseUrl": "${KC_ROOT_URL}",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
Expand Down Expand Up @@ -1302,7 +1302,7 @@
"description": "",
"rootUrl": "https://www.itslintegrations.com",
"adminUrl": "",
"baseUrl": "",
"baseUrl": "${KC_ROOT_URL}",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
Expand Down Expand Up @@ -1378,7 +1378,7 @@
"description": "",
"rootUrl": "http://ox.dev.spsh.dbildungsplattform.de",
"adminUrl": "http://ox.dev.spsh.dbildungsplattform.de/appsuite/",
"baseUrl": "",
"baseUrl": "${KC_ROOT_URL}",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
Expand Down Expand Up @@ -1445,6 +1445,72 @@
"configure": true,
"manage": true
}
},
{
"id": "dd986a17-44c7-4ec9-87f6-addf1646ecf0",
"clientId": "${KC_SCHOOLSH_CLIENT_ID}",
"name": "School-SH",
"description": "",
"rootUrl": "${KC_SCHOOLSH_CLIENT_ROOT_URL}",
"adminUrl": "",
"baseUrl": "",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"secret": "${KC_SCHOOLSH_CLIENT_SECRET}",
"redirectUris": [
"/cgi/samlauth"
],
"webOrigins": [
"+"
],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": false,
"serviceAccountsEnabled": false,
"publicClient": false,
"frontchannelLogout": true,
"protocol": "saml",
"attributes": {
"saml.assertion.signature": "true",
"saml_assertion_consumer_url_redirect": "${KC_SCHOOLSH_CLIENT_ROOT_URL}/cgi/samlauth",
"saml_single_logout_service_url_post": "${KC_SCHOOLSH_CLIENT_ROOT_URL}/cgi/tmlogout",
"saml.force.post.binding": "true",
"saml.encrypt": "true",
"saml_assertion_consumer_url_post": "${KC_SCHOOLSH_CLIENT_ROOT_URL}/cgi/samlauth",
"saml.server.signature": "true",
"saml.server.signature.keyinfo.ext": "false",
"saml.signing.certificate": "${KC_SCHOOLSH_CLIENT_SIGNING_CERTIFICATE}",
"saml_single_logout_service_url_redirect": "${KC_SCHOOLSH_CLIENT_ROOT_URL}/cgi/tmlogout",
"saml.artifact.binding": "false",
"saml.signature.algorithm": "RSA_SHA256",
"saml_force_name_id_format": "false",
"saml.client.signature": "true",
"saml.encryption.certificate": "${KC_SCHOOLSH_CLIENT_ENCRYPTION_CERTIFICATE}",
"saml.authnstatement": "true",
"display.on.consent.screen": "false",
"saml_name_id_format": "username",
"saml.allow.ecp.flow": "false",
"saml_signature_canonicalization_method": "http://www.w3.org/2001/10/xml-exc-c14n#",
"saml.onetimeuse.condition": "false",
"saml.server.signature.keyinfo.xmlSigKeyInfoKeyNameTransformer": "NONE"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": true,
"nodeReRegistrationTimeout": -1,
"defaultClientScopes": [
"role_list"
],
"optionalClientScopes": [],
"access": {
"view": true,
"configure": true,
"manage": true
}
}
],
"clientScopes": [
Expand Down Expand Up @@ -2126,12 +2192,27 @@
},
{
"id": "d47622d7-8d04-4d38-b7f0-d80eb182f80d",
"name": "rsa-generated",
"providerId": "rsa-generated",
"name": "rsa",
"providerId": "rsa",
"subComponents": {},
"config": {
"privateKey": [
"${KC_RS256_PRIVATE_KEY}"
],
"certificate": [
"${KC_RS256_CERTIFICATE}"
],
"active": [
"true"
],
"enabled": [
"true"
],
"priority": [
"100"
],
"algorithm": [
"RS256"
]
}
},
Expand Down Expand Up @@ -2804,7 +2885,7 @@
"alias": "gold",
"config": {
"loa-condition-level": "20",
"loa-max-age": "10000"
"loa-max-age": "0"
}
},
{
Expand All @@ -2817,7 +2898,7 @@
"piservicepass" : "${PI_ADMIN_PASSWORD}",
"piserver" : "${PI_BASE_URL}",
"piserviceaccount" : "${PI_ADMIN_USER}",
"pidefaultmessage" : "Diese Aktion setzt eine Zwei-Faktor-Authentifizierung voraus. Bitte geben Sie das Einmalpasswort von Ihrem Security-Token ein.",
"pidefaultmessage" : "Diese Aktion setzt eine Zwei-Faktor-Authentifizierung voraus. Bitte geben Sie die 6 Ziffern des Einmalpassworts von Ihrem 2FA-Token ein.",
"preftokentype" : "OTP",
"pirealm" : "${PI_REALM}",
"pidolog" : "true",
Expand Down
Loading

0 comments on commit 101e1aa

Please sign in to comment.