diff --git a/backend/pom.xml b/backend/pom.xml index 117ef44b..845d7948 100644 --- a/backend/pom.xml +++ b/backend/pom.xml @@ -73,6 +73,18 @@ jackson-datatype-jsr310 2.17.0 + + io.quarkus + quarkus-oidc + + + io.quarkus + quarkus-smallrye-jwt + + + io.quarkus + quarkus-keycloak-authorization + io.quarkus quarkus-hibernate-orm-panache @@ -96,6 +108,11 @@ gson 2.10.1 + + com.auth0 + java-jwt + 3.18.1 + @@ -123,17 +140,6 @@ - - maven-surefire-plugin - ${surefire-plugin.version} - - ${project.build.directory}/surefire-reports - - org.jboss.logmanager.LogManager - ${maven.home} - - - maven-surefire-plugin ${surefire-plugin.version} diff --git a/backend/src/main/java/fr/zelytra/session/SessionSocket.java b/backend/src/main/java/fr/zelytra/session/SessionSocket.java index c3022ff8..5dd9a81e 100644 --- a/backend/src/main/java/fr/zelytra/session/SessionSocket.java +++ b/backend/src/main/java/fr/zelytra/session/SessionSocket.java @@ -10,8 +10,8 @@ import fr.zelytra.session.server.SotServer; import fr.zelytra.session.socket.MessageType; import fr.zelytra.session.socket.SocketMessage; +import fr.zelytra.session.socket.security.SocketSecurityEntity; import io.quarkus.logging.Log; -import jakarta.enterprise.context.ApplicationScoped; import jakarta.inject.Inject; import jakarta.websocket.*; import jakarta.websocket.server.PathParam; @@ -21,8 +21,8 @@ import java.io.IOException; import java.util.concurrent.*; -@ServerEndpoint(value = "/sessions/{sessionId}") // WebSocket endpoint -@ApplicationScoped +// WebSocket endpoint +@ServerEndpoint(value = "/sessions/{token}/{sessionId}") public class SessionSocket { private final ExecutorService executor = Executors.newSingleThreadExecutor(); @@ -32,6 +32,9 @@ public class SessionSocket { @ConfigProperty(name = "app.version") String appVersion; + @ConfigProperty(name = "quarkus.oidc.auth-server-url") + String realmURL; + @Inject SessionManager sessionManager; @@ -58,7 +61,7 @@ public void onOpen(Session session) { @OnMessage - public void onMessage(String message, Session session, @PathParam("sessionId") String sessionId) throws IOException { + public void onMessage(String message, Session session, @PathParam("sessionId") String sessionId, @PathParam("token") String token) throws IOException { ObjectMapper objectMapper = new ObjectMapper(); objectMapper.registerModule(new JavaTimeModule()); @@ -73,7 +76,7 @@ public void onMessage(String message, Session session, @PathParam("sessionId") S switch (socketMessage.messageType()) { case CONNECT -> { Player player = objectMapper.convertValue(socketMessage.data(), Player.class); - handleConnectMessage(player, session, sessionId); + handleConnectMessage(player, session, sessionId, token); } case UPDATE -> { Player player = objectMapper.convertValue(socketMessage.data(), Player.class); @@ -136,13 +139,23 @@ private void handleLeaveServerMessage(Session session, SotServer sotServer) { } // Extracted method to handle CONNECT messages - private void handleConnectMessage(Player player, Session session, String sessionId) { + public void handleConnectMessage(Player player, Session session, String sessionId, String token) throws IOException { // Cancel the timeout task since we've received the message Future timeoutTask = sessionTimeoutTasks.remove(session.getId()); if (timeoutTask != null) { timeoutTask.cancel(true); } + // Checking security + SocketSecurityEntity socketSecurity = SocketSecurityEntity.websocketUser.get(token); + if (socketSecurity == null || !socketSecurity.isValid()) { + Log.info("Invalid token, session will be closed"); + sessionManager.sendDataToPlayer(session, MessageType.CONNECTION_REFUSED, null); + session.close(); + return; + } + SocketSecurityEntity.websocketUser.remove(token); + // Refuse connection from client with different version if (player.getClientVersion() == null || !player.getClientVersion().equalsIgnoreCase(appVersion)) { Log.warn("[" + player.getUsername() + "] Client is out of date, connection refused (" + player.getClientVersion() + ")"); diff --git a/backend/src/main/java/fr/zelytra/session/socket/MessageType.java b/backend/src/main/java/fr/zelytra/session/socket/MessageType.java index cb95515c..eb5ce3cd 100644 --- a/backend/src/main/java/fr/zelytra/session/socket/MessageType.java +++ b/backend/src/main/java/fr/zelytra/session/socket/MessageType.java @@ -11,4 +11,5 @@ public enum MessageType { OUTDATED_CLIENT, SESSION_NOT_FOUND, KEEP_ALIVE, + CONNECTION_REFUSED, } diff --git a/backend/src/main/java/fr/zelytra/session/socket/security/SocketSecurityEndpoints.java b/backend/src/main/java/fr/zelytra/session/socket/security/SocketSecurityEndpoints.java new file mode 100644 index 00000000..02519227 --- /dev/null +++ b/backend/src/main/java/fr/zelytra/session/socket/security/SocketSecurityEndpoints.java @@ -0,0 +1,23 @@ +package fr.zelytra.session.socket.security; + +import io.quarkus.logging.Log; +import io.quarkus.security.Authenticated; +import jakarta.ws.rs.GET; +import jakarta.ws.rs.Path; +import jakarta.ws.rs.Produces; +import jakarta.ws.rs.core.MediaType; +import jakarta.ws.rs.core.Response; + +@Authenticated +@Path("/socket") +public class SocketSecurityEndpoints { + + @GET + @Path("/register") + @Produces(MediaType.TEXT_PLAIN) + public Response registerClient() { + Log.info("[GET] /socket/register"); + SocketSecurityEntity socketSecurity = new SocketSecurityEntity(); + return Response.ok(socketSecurity.getKey()).build(); + } +} diff --git a/backend/src/main/java/fr/zelytra/session/socket/security/SocketSecurityEntity.java b/backend/src/main/java/fr/zelytra/session/socket/security/SocketSecurityEntity.java new file mode 100644 index 00000000..6015a641 --- /dev/null +++ b/backend/src/main/java/fr/zelytra/session/socket/security/SocketSecurityEntity.java @@ -0,0 +1,29 @@ +package fr.zelytra.session.socket.security; + +import java.util.Date; +import java.util.HashMap; +import java.util.Map; +import java.util.UUID; + +public class SocketSecurityEntity { + + public static final Map websocketUser = new HashMap<>(); + + private final String key; + + private final long validity; + + public SocketSecurityEntity() { + this.validity = new Date().toInstant().plusSeconds(30).toEpochMilli(); + this.key = UUID.randomUUID().toString(); + websocketUser.put(this.key, this); + } + + public boolean isValid() { + return this.validity >= new Date().toInstant().toEpochMilli(); + } + + public String getKey() { + return key; + } +} diff --git a/backend/src/main/resources/application.properties b/backend/src/main/resources/application.properties index 7f9b98d8..a39987ea 100644 --- a/backend/src/main/resources/application.properties +++ b/backend/src/main/resources/application.properties @@ -12,5 +12,21 @@ quarkus.hibernate-orm.database.generation=update %test.quarkus.hibernate-orm.dialect=org.hibernate.dialect.H2Dialect %test.quarkus.http.port=9090 -proxy.check.api.key=${PROXY_CHECK_API_KEY:test} -app.version=0.1.5 \ No newline at end of file +# OIDC Configuration +%prod,dev.quarkus.oidc.auth-server-url=${KEYCLOAK_HOST:http://127.0.0.1:2604/auth}/realms/Betterfleet +%prod,dev.quarkus.oidc.client-id=${KEYCLOAK_CLIENT_ID:application} + +# Debug +#quarkus.log.category."io.quarkus.oidc".level=DEBUG +#quarkus.log.category."io.smallrye.jwt".level=DEBUG + +# Custom variables +proxy.check.api.key=${PROXY_CHECK_API_KEY} +app.version=0.1.5 + +# CORS configuration +quarkus.http.cors=true +quarkus.http.cors.origins=* +quarkus.http.cors.methods=GET,PUT,POST,DELETE,OPTIONS +quarkus.http.cors.access-control-max-age=24H +quarkus.http.cors.exposed-headers=Access-Control-Allow-Origin,Access-Control-Allow-Credentials \ No newline at end of file diff --git a/backend/src/test/java/fr/zelytra/session/SessionSocketTest.java b/backend/src/test/java/fr/zelytra/session/SessionSocketTest.java index 7b725a02..21bcdeb7 100644 --- a/backend/src/test/java/fr/zelytra/session/SessionSocketTest.java +++ b/backend/src/test/java/fr/zelytra/session/SessionSocketTest.java @@ -4,6 +4,7 @@ import fr.zelytra.session.fleet.Fleet; import fr.zelytra.session.player.Player; import fr.zelytra.session.socket.MessageType; +import fr.zelytra.session.socket.security.SocketSecurityEntity; import io.quarkus.test.InjectMock; import io.quarkus.test.common.http.TestHTTPResource; import io.quarkus.test.junit.QuarkusTest; @@ -50,18 +51,22 @@ class SessionSocketTest { void setup() throws URISyntaxException, DeploymentException, IOException { Mockito.doReturn(null).when(executorService).submit(any(Runnable.class)); String sessionId = sessionManager.createSession(); - this.uri = new URI("ws://" + websocketEndpoint.getHost() + ":" + websocketEndpoint.getPort() + "/sessions/" + sessionId); + SocketSecurityEntity socketSecurity = new SocketSecurityEntity(); + this.uri = new URI("ws://" + websocketEndpoint.getHost() + ":" + websocketEndpoint.getPort() + "/sessions/" + socketSecurity.getKey() + "/" + sessionId); betterFleetClient = new BetterFleetClient(); ContainerProvider.getWebSocketContainer().connectToServer(betterFleetClient, uri); } @Test - void stressTest() throws IOException, InterruptedException, EncodeException, DeploymentException { + void stressTest() throws IOException, InterruptedException, EncodeException, DeploymentException, URISyntaxException { List fakePlayers = generateFakePlayer(50); String fleetId = ""; for (Player player : fakePlayers) { BetterFleetClient playerClient = new BetterFleetClient(); + SocketSecurityEntity socketSecurity = new SocketSecurityEntity(); + URI uri = new URI("ws://" + websocketEndpoint.getHost() + ":" + websocketEndpoint.getPort() + "/sessions/" + socketSecurity.getKey() + "/" + fleetId); + ContainerProvider.getWebSocketContainer().connectToServer(playerClient, uri); playerClient.sendMessage(MessageType.CONNECT, player); diff --git a/backend/src/test/java/fr/zelytra/session/socket/security/SocketSecurityEndpointsTest.java b/backend/src/test/java/fr/zelytra/session/socket/security/SocketSecurityEndpointsTest.java new file mode 100644 index 00000000..98f2bb6a --- /dev/null +++ b/backend/src/test/java/fr/zelytra/session/socket/security/SocketSecurityEndpointsTest.java @@ -0,0 +1,21 @@ +package fr.zelytra.session.socket.security; + +import io.quarkus.test.junit.QuarkusTest; +import io.restassured.RestAssured; +import org.junit.jupiter.api.Test; + +@QuarkusTest +public class SocketSecurityEndpointsTest { + + private static final String RANDOM_BEARER_TOKEN = "337aab0f-b547-489b-9dbd-a54dc7bdf20d"; + + @Test + void testPermitAll() { + RestAssured.given() + .when() + .header("Authorization", "Bearer: " + RANDOM_BEARER_TOKEN) + .get("/socket/register") + .then() + .statusCode(401); + } +} diff --git a/deployment/.env b/deployment/.env index 4ef90908..9aee4056 100644 --- a/deployment/.env +++ b/deployment/.env @@ -1,3 +1,7 @@ POSTGRES_USER= POSTGRES_PASSWORD= -PUBLIC_QUARKUS_HOSTNAME= \ No newline at end of file +PUBLIC_QUARKUS_HOSTNAME= +KEYCLOAK_PASSWORD= +PUBLIC_KEYCLOAK_HOSTNAME= +MICROSOFT_CLIENT_ID= +MICROSOFT_CLIENT_SECRET= \ No newline at end of file diff --git a/deployment/dev/.env b/deployment/dev/.env index b9a1b4f8..da3c0a86 100644 --- a/deployment/dev/.env +++ b/deployment/dev/.env @@ -1,2 +1,8 @@ POSTGRES_USER=m7CaHqTPqojQceii -POSTGRES_PASSWORD=A7aXfgh4@BM#7x85 \ No newline at end of file +POSTGRES_PASSWORD=A7aXfgh4@BM#7x85 +KEYCLOAK_USER=admin +PUBLIC_QUARKUS_HOSTNAME=http://127.0.0.1:2601 +KEYCLOAK_PASSWORD=pa$$w0rd +PUBLIC_KEYCLOAK_HOSTNAME=http://127.0.0.1:2604 +MICROSOFT_CLIENT_ID=123 +MICROSOFT_CLIENT_SECRET=123 \ No newline at end of file diff --git a/deployment/dev/docker-compose.yml b/deployment/dev/docker-compose.yml index 6731de1b..67cbcd27 100644 --- a/deployment/dev/docker-compose.yml +++ b/deployment/dev/docker-compose.yml @@ -7,12 +7,55 @@ services: ports: - "2600:5432" volumes: - - ./init.sql:/docker-entrypoint-initdb.d/init.sql - - /psql-data/app:/var/lib/postgresql/data + - ./psql-data/app:/var/lib/postgresql/data - /etc/localtime:/etc/localtime:ro environment: POSTGRES_USER: ${POSTGRES_USER} POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} POSTGRES_DB: BetterFleet PGDATA: /var/lib/postgresql/data + restart: unless-stopped + + postgres-auth: + image: postgres:14.2-alpine + container_name: betterfleet-postgres-auth + ports: + - "2603:5432" + volumes: + - ./psql-data/auth:/var/lib/postgresql/data/pgdata + - /etc/localtime:/etc/localtime:ro + environment: + POSTGRES_USER: ${POSTGRES_USER} + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} + POSTGRES_DB: Keycloak + PGDATA: /var/lib/postgresql/data/pgdata + restart: unless-stopped + + keycloak: + image: quay.io/keycloak/keycloak:latest + container_name: betterfleet-keycloak + depends_on: + - postgres-auth + ports: + - "2604:8080" + volumes: + - ./keycloak/config:/opt/keycloak/data/import + - /etc/localtime:/etc/localtime:ro + command: start --import-realm + environment: + KC_HOSTNAME_STRICT: "false" + KC_HTTP_RELATIVE_PATH: /auth + KC_DB: postgres + KC_DB_URL_HOST: postgres-auth + PROXY_ADDRESS_FORWARDING: "true" + KC_PROXY: edge + MICROSOFT_CLIENT_ID: ${MICROSOFT_CLIENT_ID} + MICROSOFT_CLIENT_SECRET: ${MICROSOFT_CLIENT_SECRET} + KC_DB_URL_DATABASE: Keycloak + KC_VAULT_FILE: /var/keycloak/vault + KC_DB_USERNAME: ${POSTGRES_USER} + KC_DB_PASSWORD: ${POSTGRES_PASSWORD} + KEYCLOAK_ADMIN: ${KEYCLOAK_USER} + KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_PASSWORD} + KC_OVERRIDE: "false" restart: unless-stopped \ No newline at end of file diff --git a/deployment/dev/keycloak/config/betterfleet-realm.json b/deployment/dev/keycloak/config/betterfleet-realm.json new file mode 100644 index 00000000..785d433d --- /dev/null +++ b/deployment/dev/keycloak/config/betterfleet-realm.json @@ -0,0 +1,2268 @@ +{ + "id": "b992645c-a6e4-4cc0-9f13-79eaaf5908b5", + "realm": "Betterfleet", + "displayName": "", + "displayNameHtml": "", + "notBefore": 0, + "defaultSignatureAlgorithm": "RS256", + "revokeRefreshToken": false, + "refreshTokenMaxReuse": 0, + "accessTokenLifespan": 300, + "accessTokenLifespanForImplicitFlow": 900, + "ssoSessionIdleTimeout": 864000, + "ssoSessionMaxLifespan": 864000, + "ssoSessionIdleTimeoutRememberMe": 0, + "ssoSessionMaxLifespanRememberMe": 0, + "offlineSessionIdleTimeout": 2592000, + "offlineSessionMaxLifespanEnabled": false, + "offlineSessionMaxLifespan": 5184000, + "clientSessionIdleTimeout": 0, + "clientSessionMaxLifespan": 0, + "clientOfflineSessionIdleTimeout": 0, + "clientOfflineSessionMaxLifespan": 0, + "accessCodeLifespan": 60, + "accessCodeLifespanUserAction": 300, + "accessCodeLifespanLogin": 1800, + "actionTokenGeneratedByAdminLifespan": 43200, + "actionTokenGeneratedByUserLifespan": 300, + "oauth2DeviceCodeLifespan": 600, + "oauth2DevicePollingInterval": 5, + "enabled": true, + "sslRequired": "external", + "registrationAllowed": true, + "registrationEmailAsUsername": false, + "rememberMe": false, + "verifyEmail": false, + "loginWithEmailAllowed": true, + "duplicateEmailsAllowed": false, + "resetPasswordAllowed": false, + "editUsernameAllowed": false, + "bruteForceProtected": true, + "permanentLockout": true, + "maxTemporaryLockouts": 0, + "maxFailureWaitSeconds": 900, + "minimumQuickLoginWaitSeconds": 60, + "waitIncrementSeconds": 60, + "quickLoginCheckMilliSeconds": 1000, + "maxDeltaTimeSeconds": 43200, + "failureFactor": 15, + "roles": { + "realm": [ + { + "id": "02b8e69b-b48d-4138-a7cd-951499e50c34", + "name": "uma_authorization", + "description": "${role_uma_authorization}", + "composite": false, + "clientRole": false, + "containerId": "b992645c-a6e4-4cc0-9f13-79eaaf5908b5", + "attributes": {} + }, + { + "id": "5ad5939b-4c7d-4470-ae9d-bdc7da5bd594", + "name": "offline_access", + "description": "${role_offline-access}", + "composite": false, + "clientRole": false, + "containerId": "b992645c-a6e4-4cc0-9f13-79eaaf5908b5", + "attributes": {} + }, + { + "id": "9d61c0df-0499-429d-9ca3-296834821d48", + "name": "default-roles-betterfleet", + "description": "${role_default-roles}", + "composite": true, + "composites": { + "realm": [ + "offline_access", + "uma_authorization" + ], + "client": { + "broker": [ + "read-token" + ], + "account": [ + "view-profile", + "manage-account" + ] + } + }, + "clientRole": false, + "containerId": "b992645c-a6e4-4cc0-9f13-79eaaf5908b5", + "attributes": {} + } + ], + "client": { + "realm-management": [ + { + "id": "ff3231f8-5b80-4d2e-a371-627dda4fc459", + "name": "query-groups", + "description": "${role_query-groups}", + "composite": false, + "clientRole": true, + "containerId": "1a0af498-bf8a-4cde-952b-f22c33373aac", + "attributes": {} + }, + { + "id": "751a171b-434c-45d6-b0e8-2eba6bad4b9f", + "name": "query-realms", + "description": "${role_query-realms}", + "composite": false, + "clientRole": true, + "containerId": "1a0af498-bf8a-4cde-952b-f22c33373aac", + "attributes": {} + }, + { + "id": "a8b35977-b894-4a20-8581-3b531aa9c9d6", + "name": "view-clients", + "description": "${role_view-clients}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "query-clients" + ] + } + }, + "clientRole": true, + "containerId": "1a0af498-bf8a-4cde-952b-f22c33373aac", + "attributes": {} + }, + { + "id": "98203870-9b0f-4b09-8fde-bb8747de2e23", + "name": "manage-clients", + "description": "${role_manage-clients}", + "composite": false, + "clientRole": true, + "containerId": "1a0af498-bf8a-4cde-952b-f22c33373aac", + "attributes": {} + }, + { + "id": "1f30e864-ebd9-4221-9653-5687c57149ed", + "name": "view-identity-providers", + "description": "${role_view-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "1a0af498-bf8a-4cde-952b-f22c33373aac", + "attributes": {} + }, + { + "id": "38346b82-0ecf-46ba-855a-9b6115e7c680", + "name": "create-client", + "description": "${role_create-client}", + "composite": false, + "clientRole": true, + "containerId": "1a0af498-bf8a-4cde-952b-f22c33373aac", + "attributes": {} + }, + { + "id": "5737eebe-dbc2-4fc5-a31a-2ccfe8851fcd", + "name": "manage-realm", + "description": "${role_manage-realm}", + "composite": false, + "clientRole": true, + "containerId": "1a0af498-bf8a-4cde-952b-f22c33373aac", + "attributes": {} + }, + { + "id": "2a100acd-6fcf-473f-b322-12f397719023", + "name": "realm-admin", + "description": "${role_realm-admin}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "query-groups", + "query-realms", + "view-clients", + "manage-clients", + "view-identity-providers", + "create-client", + "manage-realm", + "manage-authorization", + "manage-events", + "view-users", + "query-clients", + "manage-users", + "manage-identity-providers", + "view-authorization", + "view-events", + "view-realm", + "impersonation", + "query-users" + ] + } + }, + "clientRole": true, + "containerId": "1a0af498-bf8a-4cde-952b-f22c33373aac", + "attributes": {} + }, + { + "id": "845bb0ae-c919-44c8-a636-960b7ec3a7f0", + "name": "manage-authorization", + "description": "${role_manage-authorization}", + "composite": false, + "clientRole": true, + "containerId": "1a0af498-bf8a-4cde-952b-f22c33373aac", + "attributes": {} + }, + { + "id": "2b60b796-2413-485e-bb3d-120efe4ff1cc", + "name": "manage-events", + "description": "${role_manage-events}", + "composite": false, + "clientRole": true, + "containerId": "1a0af498-bf8a-4cde-952b-f22c33373aac", + "attributes": {} + }, + { + "id": "83eb5d8b-31e9-4ced-b371-d89c8037150f", + "name": "view-users", + "description": "${role_view-users}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "query-groups", + "query-users" + ] + } + }, + "clientRole": true, + "containerId": "1a0af498-bf8a-4cde-952b-f22c33373aac", + "attributes": {} + }, + { + "id": "34362d7e-571d-4786-9361-6fdf40290253", + "name": "query-clients", + "description": "${role_query-clients}", + "composite": false, + "clientRole": true, + "containerId": "1a0af498-bf8a-4cde-952b-f22c33373aac", + "attributes": {} + }, + { + "id": "b3797c1a-f572-4224-94dd-c0ae04fe78d4", + "name": "manage-users", + "description": "${role_manage-users}", + "composite": false, + "clientRole": true, + "containerId": "1a0af498-bf8a-4cde-952b-f22c33373aac", + "attributes": {} + }, + { + "id": "6cf55f2f-7eef-46b3-8686-13a002a8cfd3", + "name": "manage-identity-providers", + "description": "${role_manage-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "1a0af498-bf8a-4cde-952b-f22c33373aac", + "attributes": {} + }, + { + "id": "4ecc6cea-319e-428f-809c-dc5303c6455d", + "name": "view-authorization", + "description": "${role_view-authorization}", + "composite": false, + "clientRole": true, + "containerId": "1a0af498-bf8a-4cde-952b-f22c33373aac", + "attributes": {} + }, + { + "id": "a4017fb1-f27e-4663-92ba-61f30970afa0", + "name": "view-events", + "description": "${role_view-events}", + "composite": false, + "clientRole": true, + "containerId": "1a0af498-bf8a-4cde-952b-f22c33373aac", + "attributes": {} + }, + { + "id": "e6b84aad-0d7f-408b-873a-2d97a42272ae", + "name": "view-realm", + "description": "${role_view-realm}", + "composite": false, + "clientRole": true, + "containerId": "1a0af498-bf8a-4cde-952b-f22c33373aac", + "attributes": {} + }, + { + "id": "706df02d-bc79-45fe-a839-95626c84d3f7", + "name": "impersonation", + "description": "${role_impersonation}", + "composite": false, + "clientRole": true, + "containerId": "1a0af498-bf8a-4cde-952b-f22c33373aac", + "attributes": {} + }, + { + "id": "ef553c56-dd3f-4c34-8de2-f312c49ae417", + "name": "query-users", + "description": "${role_query-users}", + "composite": false, + "clientRole": true, + "containerId": "1a0af498-bf8a-4cde-952b-f22c33373aac", + "attributes": {} + } + ], + "application": [], + "security-admin-console": [], + "admin-cli": [], + "account-console": [], + "broker": [ + { + "id": "ad2dfc03-317f-4339-9cc8-b6df7140ddbf", + "name": "read-token", + "description": "${role_read-token}", + "composite": false, + "clientRole": true, + "containerId": "b6b3a930-d410-4336-a554-2358cc18d696", + "attributes": {} + } + ], + "account": [ + { + "id": "8768e112-3985-4639-8a64-fbea6d52d3ac", + "name": "view-profile", + "description": "${role_view-profile}", + "composite": false, + "clientRole": true, + "containerId": "f9c1ec69-d8ca-476d-a64c-c564a3c2ee0f", + "attributes": {} + }, + { + "id": "e233f80c-d392-4a3f-9d1c-e79d08e4de3a", + "name": "manage-account", + "description": "${role_manage-account}", + "composite": true, + "composites": { + "client": { + "account": [ + "manage-account-links" + ] + } + }, + "clientRole": true, + "containerId": "f9c1ec69-d8ca-476d-a64c-c564a3c2ee0f", + "attributes": {} + }, + { + "id": "3dc82896-25a0-4868-a0b5-d43ec953ee72", + "name": "manage-account-links", + "description": "${role_manage-account-links}", + "composite": false, + "clientRole": true, + "containerId": "f9c1ec69-d8ca-476d-a64c-c564a3c2ee0f", + "attributes": {} + }, + { + "id": "a294c1dc-8ad6-41fa-8ef8-76e1c8b2df34", + "name": "view-consent", + "description": "${role_view-consent}", + "composite": false, + "clientRole": true, + "containerId": "f9c1ec69-d8ca-476d-a64c-c564a3c2ee0f", + "attributes": {} + }, + { + "id": "aa9326a4-1761-4696-ad11-7fa22d3658fd", + "name": "view-applications", + "description": "${role_view-applications}", + "composite": false, + "clientRole": true, + "containerId": "f9c1ec69-d8ca-476d-a64c-c564a3c2ee0f", + "attributes": {} + }, + { + "id": "cb2b4389-a040-4818-a3fe-0b2ee862c5f4", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "f9c1ec69-d8ca-476d-a64c-c564a3c2ee0f", + "attributes": {} + }, + { + "id": "26870b26-7de4-4dd9-a90c-c36e98f8d0cd", + "name": "delete-account", + "description": "${role_delete-account}", + "composite": false, + "clientRole": true, + "containerId": "f9c1ec69-d8ca-476d-a64c-c564a3c2ee0f", + "attributes": {} + }, + { + "id": "9612ca22-80d7-431f-86ad-609d403dd01d", + "name": "manage-consent", + "description": "${role_manage-consent}", + "composite": true, + "composites": { + "client": { + "account": [ + "view-consent" + ] + } + }, + "clientRole": true, + "containerId": "f9c1ec69-d8ca-476d-a64c-c564a3c2ee0f", + "attributes": {} + } + ] + } + }, + "groups": [], + "defaultRole": { + "id": "9d61c0df-0499-429d-9ca3-296834821d48", + "name": "default-roles-betterfleet", + "description": "${role_default-roles}", + "composite": true, + "clientRole": false, + "containerId": "b992645c-a6e4-4cc0-9f13-79eaaf5908b5" + }, + "requiredCredentials": [ + "password" + ], + "otpPolicyType": "totp", + "otpPolicyAlgorithm": "HmacSHA1", + "otpPolicyInitialCounter": 0, + "otpPolicyDigits": 6, + "otpPolicyLookAheadWindow": 1, + "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, + "otpSupportedApplications": [ + "totpAppFreeOTPName", + "totpAppGoogleName", + "totpAppMicrosoftAuthenticatorName" + ], + "localizationTexts": {}, + "webAuthnPolicyRpEntityName": "keycloak", + "webAuthnPolicySignatureAlgorithms": [ + "ES256" + ], + "webAuthnPolicyRpId": "", + "webAuthnPolicyAttestationConveyancePreference": "not specified", + "webAuthnPolicyAuthenticatorAttachment": "not specified", + "webAuthnPolicyRequireResidentKey": "not specified", + "webAuthnPolicyUserVerificationRequirement": "not specified", + "webAuthnPolicyCreateTimeout": 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyAcceptableAaguids": [], + "webAuthnPolicyExtraOrigins": [], + "webAuthnPolicyPasswordlessRpEntityName": "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms": [ + "ES256" + ], + "webAuthnPolicyPasswordlessRpId": "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", + "webAuthnPolicyPasswordlessCreateTimeout": 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyPasswordlessAcceptableAaguids": [], + "webAuthnPolicyPasswordlessExtraOrigins": [], + "scopeMappings": [ + { + "clientScope": "offline_access", + "roles": [ + "offline_access" + ] + } + ], + "clientScopeMappings": { + "account": [ + { + "client": "account-console", + "roles": [ + "manage-account", + "view-groups" + ] + } + ] + }, + "clients": [ + { + "id": "f9c1ec69-d8ca-476d-a64c-c564a3c2ee0f", + "clientId": "account", + "name": "${client_account}", + "rootUrl": "${authBaseUrl}", + "baseUrl": "/realms/Betterfleet/account/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "/realms/Betterfleet/account/*" + ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "329550ad-57be-4e63-83ee-911de63bbcdf", + "clientId": "account-console", + "name": "${client_account-console}", + "rootUrl": "${authBaseUrl}", + "baseUrl": "/realms/Betterfleet/account/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "/realms/Betterfleet/account/*" + ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+", + "pkce.code.challenge.method": "S256" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "1571d305-0688-4732-97bf-16365b02c41f", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": {} + } + ], + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "3b32a287-cf49-4034-8587-c9c5ad81294a", + "clientId": "admin-cli", + "name": "${client_admin-cli}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "41796e3c-5b29-4cca-b374-53fe3468889c", + "clientId": "application", + "name": "application", + "description": "", + "rootUrl": "", + "adminUrl": "", + "baseUrl": "", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "*" + ], + "webOrigins": [ + "*" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": true, + "protocol": "openid-connect", + "attributes": { + "oidc.ciba.grant.enabled": "false", + "backchannel.logout.session.required": "true", + "post.logout.redirect.uris": "+", + "display.on.consent.screen": "false", + "oauth2.device.authorization.grant.enabled": "false", + "backchannel.logout.revoke.offline.tokens": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "b6b3a930-d410-4336-a554-2358cc18d696", + "clientId": "broker", + "name": "${client_broker}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "1a0af498-bf8a-4cde-952b-f22c33373aac", + "clientId": "realm-management", + "name": "${client_realm-management}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "6feb9ae5-0b08-454a-b2a4-c0f92372c100", + "clientId": "security-admin-console", + "name": "${client_security-admin-console}", + "rootUrl": "${authAdminUrl}", + "baseUrl": "/admin/Betterfleet/console/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "/admin/Betterfleet/console/*" + ], + "webOrigins": [ + "+" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+", + "pkce.code.challenge.method": "S256" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "cb1078a3-bc06-486c-a03c-2050c44542ac", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + } + ], + "clientScopes": [ + { + "id": "23c45343-4e36-4bb6-bdcb-1614984383a4", + "name": "offline_access", + "description": "OpenID Connect built-in scope: offline_access", + "protocol": "openid-connect", + "attributes": { + "consent.screen.text": "${offlineAccessScopeConsentText}", + "display.on.consent.screen": "true" + } + }, + { + "id": "23b97f01-bf6c-4a59-803b-245a3c0cadfa", + "name": "address", + "description": "OpenID Connect built-in scope: address", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${addressScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "100f1bd3-dd34-4560-ba3b-4980a80c0c26", + "name": "address", + "protocol": "openid-connect", + "protocolMapper": "oidc-address-mapper", + "consentRequired": false, + "config": { + "user.attribute.formatted": "formatted", + "user.attribute.country": "country", + "introspection.token.claim": "true", + "user.attribute.postal_code": "postal_code", + "userinfo.token.claim": "true", + "user.attribute.street": "street", + "id.token.claim": "true", + "user.attribute.region": "region", + "access.token.claim": "true", + "user.attribute.locality": "locality" + } + } + ] + }, + { + "id": "5eb6027f-9f90-4592-b0e0-9c606ab0543b", + "name": "email", + "description": "OpenID Connect built-in scope: email", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${emailScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "7a9b4fe8-6064-4883-aea3-4649908960a9", + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + }, + { + "id": "296b0e12-836a-4cbf-8a1e-d4e7accde88b", + "name": "email verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "emailVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email_verified", + "jsonType.label": "boolean" + } + } + ] + }, + { + "id": "63bd6aba-9d39-4c6c-9d81-acf4d493e594", + "name": "profile", + "description": "OpenID Connect built-in scope: profile", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${profileScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "b6159d2a-e7c1-4ca7-86eb-1928e9a9a08d", + "name": "profile", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "profile", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "profile", + "jsonType.label": "String" + } + }, + { + "id": "63afabef-a95d-457f-a496-4326ce86c98d", + "name": "updated at", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "updatedAt", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "updated_at", + "jsonType.label": "long" + } + }, + { + "id": "eaf7d50f-aaf3-488e-b8c0-bca4097a018f", + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String" + } + }, + { + "id": "222e6e8b-4bf8-494f-9fb6-542cbc6f340f", + "name": "middle name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "middleName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "middle_name", + "jsonType.label": "String" + } + }, + { + "id": "7bdeeb75-1610-4237-9141-61ec6f89275c", + "name": "gender", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "gender", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "gender", + "jsonType.label": "String" + } + }, + { + "id": "8ddaa06a-c558-4d81-a552-109734703e95", + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" + } + }, + { + "id": "44429a3e-d20b-49d8-9d0f-c1492218ef90", + "name": "birthdate", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "birthdate", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "birthdate", + "jsonType.label": "String" + } + }, + { + "id": "cc1b0130-6730-4e8c-936e-8c8e4a4cf033", + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "introspection.token.claim": "true", + "userinfo.token.claim": "true" + } + }, + { + "id": "1850878b-f44e-4818-9b22-e66fd1ceee8e", + "name": "picture", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "picture", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "picture", + "jsonType.label": "String" + } + }, + { + "id": "b4db2545-d3c4-4774-9d04-1c471f1bd907", + "name": "nickname", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "nickname", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "nickname", + "jsonType.label": "String" + } + }, + { + "id": "a5d8b5db-8a6d-469a-a742-2619775833ed", + "name": "zoneinfo", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "zoneinfo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "zoneinfo", + "jsonType.label": "String" + } + }, + { + "id": "ec754fa2-ac03-45e0-add6-0e419c6012a8", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + }, + { + "id": "468500a0-1f99-40cc-abe7-746299cfe6dd", + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" + } + }, + { + "id": "43d0e440-d033-41de-8b03-42119746e3df", + "name": "website", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "website", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "website", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "3709f595-684a-4e84-9ad4-c37c07e411cf", + "name": "role_list", + "description": "SAML role list", + "protocol": "saml", + "attributes": { + "consent.screen.text": "${samlRoleListScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "fc9bfc6e-7e4b-446b-a116-e6b7cb16b039", + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", + "consentRequired": false, + "config": { + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" + } + } + ] + }, + { + "id": "974eedf9-386f-40d6-8908-d307042dfe8a", + "name": "web-origins", + "description": "OpenID Connect scope for add allowed web origins to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false", + "consent.screen.text": "" + }, + "protocolMappers": [ + { + "id": "f9d62f00-57b0-46ab-9bd6-b3832a3ab7d3", + "name": "allowed web origins", + "protocol": "openid-connect", + "protocolMapper": "oidc-allowed-origins-mapper", + "consentRequired": false, + "config": { + "access.token.claim": "true", + "introspection.token.claim": "true" + } + } + ] + }, + { + "id": "a9d8faf1-0d27-4081-bad4-c228111969b1", + "name": "roles", + "description": "OpenID Connect scope for add user roles to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "true", + "consent.screen.text": "${rolesScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "53163b69-e7d7-49e0-a862-3178783377dc", + "name": "realm roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "multivalued": "true", + "user.attribute": "foo", + "access.token.claim": "true", + "claim.name": "realm_access.roles", + "jsonType.label": "String" + } + }, + { + "id": "d5272d78-c23a-4646-a9d2-34ea816b17a5", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": { + "access.token.claim": "true", + "introspection.token.claim": "true" + } + }, + { + "id": "74d3f38c-a75e-45a0-a063-f795a64a08f2", + "name": "client roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-client-role-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "multivalued": "true", + "user.attribute": "foo", + "access.token.claim": "true", + "claim.name": "resource_access.${client_id}.roles", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "26b4a1bc-dceb-415a-91cf-645cc302baef", + "name": "microprofile-jwt", + "description": "Microprofile - JWT built-in scope", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "5ee59b19-99d0-4cba-9ed6-a3b3e9212649", + "name": "upn", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "upn", + "jsonType.label": "String" + } + }, + { + "id": "1a77bbf1-0e54-4c51-849e-43718096114b", + "name": "groups", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "multivalued": "true", + "userinfo.token.claim": "true", + "user.attribute": "foo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "groups", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "65b194bd-87e2-48d9-ac15-ca21528fa81b", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "a1e0f67a-1c08-46b8-9880-eef580a62508", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "introspection.token.claim": "true", + "userinfo.token.claim": "true" + } + } + ] + }, + { + "id": "a72de4c9-f486-451e-b033-bd0dcc56547f", + "name": "phone", + "description": "OpenID Connect built-in scope: phone", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${phoneScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "2c73f934-2a98-4689-a399-1aac6fb9d558", + "name": "phone number", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "phoneNumber", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number", + "jsonType.label": "String" + } + }, + { + "id": "5b5d1514-9737-473f-ad6e-9273c42235ec", + "name": "phone number verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "phoneNumberVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number_verified", + "jsonType.label": "boolean" + } + } + ] + } + ], + "defaultDefaultClientScopes": [ + "role_list", + "profile", + "email", + "roles", + "web-origins", + "acr" + ], + "defaultOptionalClientScopes": [ + "offline_access", + "address", + "phone", + "microprofile-jwt" + ], + "browserSecurityHeaders": { + "contentSecurityPolicyReportOnly": "", + "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", + "xRobotsTag": "none", + "xFrameOptions": "SAMEORIGIN", + "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "xXSSProtection": "1; mode=block", + "strictTransportSecurity": "max-age=31536000; includeSubDomains" + }, + "smtpServer": {}, + "eventsEnabled": false, + "eventsListeners": [ + "jboss-logging" + ], + "enabledEventTypes": [], + "adminEventsEnabled": false, + "adminEventsDetailsEnabled": false, + "identityProviders": [ + { + "alias": "microsoft", + "internalId": "f0a98553-bd49-4457-bf97-07421c8249bb", + "providerId": "microsoft", + "enabled": true, + "updateProfileFirstLoginMode": "on", + "trustEmail": true, + "storeToken": true, + "addReadTokenRoleOnCreate": false, + "authenticateByDefault": false, + "linkOnly": false, + "firstBrokerLoginFlowAlias": "first broker login", + "config": { + "hideOnLoginPage": "true", + "acceptsPromptNoneForwardFromClient": "false", + "clientId": "${MICROSOFT_CLIENT_ID}", + "disableUserInfo": "true", + "filteredByClaim": "false", + "syncMode": "IMPORT", + "clientSecret": "${MICROSOFT_CLIENT_SECRET}", + "defaultScope": "openid profile" + } + } + ], + "identityProviderMappers": [], + "components": { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ + { + "id": "43d2190f-a91b-4c81-a39d-f007839eccde", + "name": "Trusted Hosts", + "providerId": "trusted-hosts", + "subType": "anonymous", + "subComponents": {}, + "config": { + "host-sending-registration-request-must-match": [ + "true" + ], + "client-uris-must-match": [ + "true" + ] + } + }, + { + "id": "64126fe2-bb3a-4ad0-ac12-d8a7fed149b8", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } + }, + { + "id": "76b805a1-f124-4d92-a928-d27909e116be", + "name": "Consent Required", + "providerId": "consent-required", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "6da6ea50-8331-4ba4-bb8c-75f90744604b", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "saml-user-property-mapper", + "oidc-usermodel-property-mapper", + "oidc-address-mapper", + "oidc-usermodel-attribute-mapper", + "saml-user-attribute-mapper", + "saml-role-list-mapper", + "oidc-sha256-pairwise-sub-mapper", + "oidc-full-name-mapper" + ] + } + }, + { + "id": "0b8a0bcf-35f7-45c4-af01-614e62b39392", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "oidc-full-name-mapper", + "oidc-usermodel-attribute-mapper", + "oidc-usermodel-property-mapper", + "oidc-sha256-pairwise-sub-mapper", + "saml-role-list-mapper", + "oidc-address-mapper", + "saml-user-property-mapper", + "saml-user-attribute-mapper" + ] + } + }, + { + "id": "2a5078ca-a706-475b-8b7c-6cb3bdb9526b", + "name": "Max Clients Limit", + "providerId": "max-clients", + "subType": "anonymous", + "subComponents": {}, + "config": { + "max-clients": [ + "200" + ] + } + }, + { + "id": "544ac93b-540c-4dfc-92cb-44ec310db05e", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "54ee2b32-ded9-45be-ac56-905f794ac833", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } + } + ], + "org.keycloak.userprofile.UserProfileProvider": [ + { + "id": "505a94e0-5702-41a6-b830-59bab1fe4418", + "providerId": "declarative-user-profile", + "subComponents": {}, + "config": { + "kc.user.profile.config": [ + "{\"attributes\":[{\"name\":\"username\",\"displayName\":\"${username}\",\"validations\":{\"username-prohibited-characters\":{},\"up-username-not-idn-homograph\":{},\"length\":{\"min\":\"3\",\"max\":\"16\",\"trim-disabled\":\"false\"}},\"annotations\":{},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"email\",\"displayName\":\"${email}\",\"validations\":{\"email\":{},\"length\":{\"max\":255}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false}],\"groups\":[{\"name\":\"user-metadata\",\"displayHeader\":\"User metadata\",\"displayDescription\":\"Attributes, which refer to user metadata\"}],\"unmanagedAttributePolicy\":\"ENABLED\"}" + ] + } + } + ], + "org.keycloak.keys.KeyProvider": [ + { + "id": "08ff545d-9767-460c-91d3-8d14be62dbcf", + "name": "rsa-enc-generated", + "providerId": "rsa-enc-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ], + "algorithm": [ + "RSA-OAEP" + ] + } + }, + { + "id": "0f6cba3f-836a-4b91-b630-ef520e969921", + "name": "hmac-generated-hs512", + "providerId": "hmac-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ], + "algorithm": [ + "HS512" + ] + } + }, + { + "id": "1c88e8ca-ac37-4bde-86b5-8b0688f5ced4", + "name": "hmac-generated", + "providerId": "hmac-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ], + "algorithm": [ + "HS256" + ] + } + }, + { + "id": "09e1056a-0281-474e-afb7-e77c7968ebdc", + "name": "rsa-generated", + "providerId": "rsa-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ] + } + }, + { + "id": "7cc85c08-27b5-459e-92f8-c955357f648f", + "name": "aes-generated", + "providerId": "aes-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ] + } + } + ] + }, + "internationalizationEnabled": true, + "supportedLocales": [ + "en", + "fr" + ], + "defaultLocale": "en", + "authenticationFlows": [ + { + "id": "4ae76b0b-5339-46cc-8c5c-1cfaa8ecf281", + "alias": "Account verification options", + "description": "Method with which to verity the existing account", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-email-verification", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Verify Existing Account by Re-authentication", + "userSetupAllowed": false + } + ] + }, + { + "id": "28c9fc62-39d9-4564-8e80-aa050c1e76ae", + "alias": "Browser - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-otp-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "9ec6da11-9539-4815-adc5-3801b080a9b7", + "alias": "Direct Grant - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "direct-grant-validate-otp", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "76b4bbba-294b-43eb-bcd1-c01dc1b4af9e", + "alias": "First broker login - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-otp-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "861f0975-4286-4e9f-aeb5-5806d918d225", + "alias": "Handle Existing Account", + "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-confirm-link", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Account verification options", + "userSetupAllowed": false + } + ] + }, + { + "id": "5e9ebb47-05d4-4f02-a6ff-3148d6dd026c", + "alias": "Reset - Conditional OTP", + "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-otp", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "982df19d-0d8a-4c2d-b407-60166d3ef460", + "alias": "User creation or linking", + "description": "Flow for the existing/non-existing user alternatives", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorConfig": "create unique user config", + "authenticator": "idp-create-user-if-unique", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Handle Existing Account", + "userSetupAllowed": false + } + ] + }, + { + "id": "6460f802-7d45-4fcb-934d-df580ae24900", + "alias": "Verify Existing Account by Re-authentication", + "description": "Reauthentication of existing account", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-username-password-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "First broker login - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "857f189a-3a70-4517-bc7e-58db37f162cd", + "alias": "browser", + "description": "browser based authentication", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-cookie", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-spnego", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorConfig": "microsoft", + "authenticator": "identity-provider-redirector", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 25, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 30, + "autheticatorFlow": true, + "flowAlias": "forms", + "userSetupAllowed": false + } + ] + }, + { + "id": "8a6ab115-e621-48ef-bd4f-7a84deae8d48", + "alias": "clients", + "description": "Base authentication for clients", + "providerId": "client-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "client-secret", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-jwt", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-secret-jwt", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 30, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-x509", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 40, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "bbe6d7b2-b135-4d12-aa77-a5efcfe1631e", + "alias": "direct grant", + "description": "OpenID Connect Resource Owner Grant", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "direct-grant-validate-username", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "direct-grant-validate-password", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 30, + "autheticatorFlow": true, + "flowAlias": "Direct Grant - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "b663a452-f0f8-4394-9f55-ef55d2bcfa02", + "alias": "docker auth", + "description": "Used by Docker clients to authenticate against the IDP", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "docker-http-basic-authenticator", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "c9345817-609d-450c-8180-40ab7e65b122", + "alias": "first broker login", + "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorConfig": "review profile config", + "authenticator": "idp-review-profile", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "User creation or linking", + "userSetupAllowed": false + } + ] + }, + { + "id": "e318df24-1699-4570-a136-6c8ea8f09f4d", + "alias": "forms", + "description": "Username, password, otp and other auth forms.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-username-password-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Browser - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "daf866a3-34f9-4271-ae50-7aaf5b005d92", + "alias": "registration", + "description": "registration flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-page-form", + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": true, + "flowAlias": "registration form", + "userSetupAllowed": false + } + ] + }, + { + "id": "381a2f19-3b2d-4d9e-99f0-778827160c21", + "alias": "registration form", + "description": "registration form", + "providerId": "form-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-user-creation", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "registration-password-action", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 50, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "registration-recaptcha-action", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 60, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "9c35c46d-9ca8-47e4-a4d9-ee5cf192d82d", + "alias": "reset credentials", + "description": "Reset credentials for a user if they forgot their password or something", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "reset-credentials-choose-user", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-credential-email", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-password", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 30, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 40, + "autheticatorFlow": true, + "flowAlias": "Reset - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "6aa87744-95df-4b6c-bf9b-5b7df0d2875d", + "alias": "saml ecp", + "description": "SAML ECP Profile Authentication Flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "http-basic-authenticator", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + } + ], + "authenticatorConfig": [ + { + "id": "2f870c8a-c343-4f11-bfbc-8d93421082a5", + "alias": "create unique user config", + "config": { + "require.password.update.after.registration": "false" + } + }, + { + "id": "367ca487-7d04-4a15-831e-f84a595053e8", + "alias": "microsoft", + "config": {} + }, + { + "id": "39d39e94-9e1e-492d-89bf-5dd2afc97e35", + "alias": "microsoft", + "config": { + "defaultProvider": "microsoft" + } + }, + { + "id": "0f0b4d76-73e5-45ae-bf6d-7962f17a3a21", + "alias": "review profile config", + "config": { + "update.profile.on.first.login": "missing" + } + } + ], + "requiredActions": [ + { + "alias": "CONFIGURE_TOTP", + "name": "Configure OTP", + "providerId": "CONFIGURE_TOTP", + "enabled": true, + "defaultAction": false, + "priority": 10, + "config": {} + }, + { + "alias": "TERMS_AND_CONDITIONS", + "name": "Terms and Conditions", + "providerId": "TERMS_AND_CONDITIONS", + "enabled": false, + "defaultAction": false, + "priority": 20, + "config": {} + }, + { + "alias": "UPDATE_PASSWORD", + "name": "Update Password", + "providerId": "UPDATE_PASSWORD", + "enabled": true, + "defaultAction": false, + "priority": 30, + "config": {} + }, + { + "alias": "UPDATE_PROFILE", + "name": "Update Profile", + "providerId": "UPDATE_PROFILE", + "enabled": true, + "defaultAction": false, + "priority": 40, + "config": {} + }, + { + "alias": "VERIFY_EMAIL", + "name": "Verify Email", + "providerId": "VERIFY_EMAIL", + "enabled": true, + "defaultAction": false, + "priority": 50, + "config": {} + }, + { + "alias": "delete_account", + "name": "Delete Account", + "providerId": "delete_account", + "enabled": false, + "defaultAction": false, + "priority": 60, + "config": {} + }, + { + "alias": "webauthn-register", + "name": "Webauthn Register", + "providerId": "webauthn-register", + "enabled": true, + "defaultAction": false, + "priority": 70, + "config": {} + }, + { + "alias": "webauthn-register-passwordless", + "name": "Webauthn Register Passwordless", + "providerId": "webauthn-register-passwordless", + "enabled": true, + "defaultAction": false, + "priority": 80, + "config": {} + }, + { + "alias": "update_user_locale", + "name": "Update User Locale", + "providerId": "update_user_locale", + "enabled": true, + "defaultAction": false, + "priority": 1000, + "config": {} + } + ], + "browserFlow": "browser", + "registrationFlow": "registration", + "directGrantFlow": "direct grant", + "resetCredentialsFlow": "reset credentials", + "clientAuthenticationFlow": "clients", + "dockerAuthenticationFlow": "docker auth", + "firstBrokerLoginFlow": "first broker login", + "attributes": { + "cibaBackchannelTokenDeliveryMode": "poll", + "cibaAuthRequestedUserHint": "login_hint", + "clientOfflineSessionMaxLifespan": "0", + "oauth2DevicePollingInterval": "5", + "clientSessionIdleTimeout": "0", + "clientOfflineSessionIdleTimeout": "0", + "cibaInterval": "5", + "realmReusableOtpCode": "false", + "cibaExpiresIn": "120", + "oauth2DeviceCodeLifespan": "600", + "parRequestUriLifespan": "60", + "clientSessionMaxLifespan": "0", + "frontendUrl": "", + "acr.loa.map": "{}" + }, + "keycloakVersion": "24.0.2", + "userManagedAccessAllowed": false, + "clientProfiles": { + "profiles": [] + }, + "clientPolicies": { + "policies": [] + } +} \ No newline at end of file diff --git a/deployment/docker-compose.yml b/deployment/docker-compose.yml index d0209ec5..af0b376e 100644 --- a/deployment/docker-compose.yml +++ b/deployment/docker-compose.yml @@ -21,6 +21,7 @@ services: image: zelytra/better-fleet-backend:latest container_name: betterfleet-backend depends_on: + - keycloak - postgres-app ports: - "2601:8080" @@ -29,16 +30,63 @@ services: DB_DATABASE: BetterFleet DB_USER: ${POSTGRES_USER} DB_PASSWORD: ${POSTGRES_PASSWORD} + KEYCLOAK_HOST: ${PUBLIC_KEYCLOAK_HOSTNAME} restart: unless-stopped frontend: image: zelytra/better-fleet-website:latest container_name: betterfleet-website depends_on: + - keycloak - postgres-app - backend ports: - "2602:80" environment: VITE_BACKEND_HOST: ${PUBLIC_QUARKUS_HOSTNAME} + VITE_KEYCLOAK_HOST: ${PUBLIC_KEYCLOAK_HOSTNAME} + restart: unless-stopped + + postgres-auth: + image: postgres:14.2-alpine + container_name: betterfleet-postgres-auth + ports: + - "2603:5432" + volumes: + - ./psql-data/auth:/var/lib/postgresql/data/pgdata + - /etc/localtime:/etc/localtime:ro + environment: + POSTGRES_USER: ${POSTGRES_USER} + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} + POSTGRES_DB: Keycloak + PGDATA: /var/lib/postgresql/data/pgdata + restart: unless-stopped + + keycloak: + image: quay.io/keycloak/keycloak:latest + container_name: betterfleet-keycloak + depends_on: + - postgres-auth + ports: + - "2604:8080" + volumes: + - ./keycloak/config:/opt/keycloak/data/import + - /etc/localtime:/etc/localtime:ro + command: start --import-realm + environment: + KC_HOSTNAME_STRICT: "false" + KC_HTTP_RELATIVE_PATH: /auth + KC_DB: postgres + KC_DB_URL_HOST: postgres-auth + PROXY_ADDRESS_FORWARDING: "true" + KC_PROXY: edge + MICROSOFT_CLIENT_ID: ${MICROSOFT_CLIENT_ID} + MICROSOFT_CLIENT_SECRET: ${MICROSOFT_CLIENT_SECRET} + KC_DB_URL_DATABASE: Keycloak + KC_VAULT_FILE: /var/keycloak/vault + KC_DB_USERNAME: ${POSTGRES_USER} + KC_DB_PASSWORD: ${POSTGRES_PASSWORD} + KEYCLOAK_ADMIN: ${KEYCLOAK_USER} + KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_PASSWORD} + KC_OVERRIDE: "false" restart: unless-stopped \ No newline at end of file diff --git a/deployment/keycloak/config/betterfleet-realm.json b/deployment/keycloak/config/betterfleet-realm.json new file mode 100644 index 00000000..785d433d --- /dev/null +++ b/deployment/keycloak/config/betterfleet-realm.json @@ -0,0 +1,2268 @@ +{ + "id": "b992645c-a6e4-4cc0-9f13-79eaaf5908b5", + "realm": "Betterfleet", + "displayName": "", + "displayNameHtml": "", + "notBefore": 0, + "defaultSignatureAlgorithm": "RS256", + "revokeRefreshToken": false, + "refreshTokenMaxReuse": 0, + "accessTokenLifespan": 300, + "accessTokenLifespanForImplicitFlow": 900, + "ssoSessionIdleTimeout": 864000, + "ssoSessionMaxLifespan": 864000, + "ssoSessionIdleTimeoutRememberMe": 0, + "ssoSessionMaxLifespanRememberMe": 0, + "offlineSessionIdleTimeout": 2592000, + "offlineSessionMaxLifespanEnabled": false, + "offlineSessionMaxLifespan": 5184000, + "clientSessionIdleTimeout": 0, + "clientSessionMaxLifespan": 0, + "clientOfflineSessionIdleTimeout": 0, + "clientOfflineSessionMaxLifespan": 0, + "accessCodeLifespan": 60, + "accessCodeLifespanUserAction": 300, + "accessCodeLifespanLogin": 1800, + "actionTokenGeneratedByAdminLifespan": 43200, + "actionTokenGeneratedByUserLifespan": 300, + "oauth2DeviceCodeLifespan": 600, + "oauth2DevicePollingInterval": 5, + "enabled": true, + "sslRequired": "external", + "registrationAllowed": true, + "registrationEmailAsUsername": false, + "rememberMe": false, + "verifyEmail": false, + "loginWithEmailAllowed": true, + "duplicateEmailsAllowed": false, + "resetPasswordAllowed": false, + "editUsernameAllowed": false, + "bruteForceProtected": true, + "permanentLockout": true, + "maxTemporaryLockouts": 0, + "maxFailureWaitSeconds": 900, + "minimumQuickLoginWaitSeconds": 60, + "waitIncrementSeconds": 60, + "quickLoginCheckMilliSeconds": 1000, + "maxDeltaTimeSeconds": 43200, + "failureFactor": 15, + "roles": { + "realm": [ + { + "id": "02b8e69b-b48d-4138-a7cd-951499e50c34", + "name": "uma_authorization", + "description": "${role_uma_authorization}", + "composite": false, + "clientRole": false, + "containerId": "b992645c-a6e4-4cc0-9f13-79eaaf5908b5", + "attributes": {} + }, + { + "id": "5ad5939b-4c7d-4470-ae9d-bdc7da5bd594", + "name": "offline_access", + "description": "${role_offline-access}", + "composite": false, + "clientRole": false, + "containerId": "b992645c-a6e4-4cc0-9f13-79eaaf5908b5", + "attributes": {} + }, + { + "id": "9d61c0df-0499-429d-9ca3-296834821d48", + "name": "default-roles-betterfleet", + "description": "${role_default-roles}", + "composite": true, + "composites": { + "realm": [ + "offline_access", + "uma_authorization" + ], + "client": { + "broker": [ + "read-token" + ], + "account": [ + "view-profile", + "manage-account" + ] + } + }, + "clientRole": false, + "containerId": "b992645c-a6e4-4cc0-9f13-79eaaf5908b5", + "attributes": {} + } + ], + "client": { + "realm-management": [ + { + "id": "ff3231f8-5b80-4d2e-a371-627dda4fc459", + "name": "query-groups", + "description": "${role_query-groups}", + "composite": false, + "clientRole": true, + "containerId": "1a0af498-bf8a-4cde-952b-f22c33373aac", + "attributes": {} + }, + { + "id": "751a171b-434c-45d6-b0e8-2eba6bad4b9f", + "name": "query-realms", + "description": "${role_query-realms}", + "composite": false, + "clientRole": true, + "containerId": "1a0af498-bf8a-4cde-952b-f22c33373aac", + "attributes": {} + }, + { + "id": "a8b35977-b894-4a20-8581-3b531aa9c9d6", + "name": "view-clients", + "description": "${role_view-clients}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "query-clients" + ] + } + }, + "clientRole": true, + "containerId": "1a0af498-bf8a-4cde-952b-f22c33373aac", + "attributes": {} + }, + { + "id": "98203870-9b0f-4b09-8fde-bb8747de2e23", + "name": "manage-clients", + "description": "${role_manage-clients}", + "composite": false, + "clientRole": true, + "containerId": "1a0af498-bf8a-4cde-952b-f22c33373aac", + "attributes": {} + }, + { + "id": "1f30e864-ebd9-4221-9653-5687c57149ed", + "name": "view-identity-providers", + "description": "${role_view-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "1a0af498-bf8a-4cde-952b-f22c33373aac", + "attributes": {} + }, + { + "id": "38346b82-0ecf-46ba-855a-9b6115e7c680", + "name": "create-client", + "description": "${role_create-client}", + "composite": false, + "clientRole": true, + "containerId": "1a0af498-bf8a-4cde-952b-f22c33373aac", + "attributes": {} + }, + { + "id": "5737eebe-dbc2-4fc5-a31a-2ccfe8851fcd", + "name": "manage-realm", + "description": "${role_manage-realm}", + "composite": false, + "clientRole": true, + "containerId": "1a0af498-bf8a-4cde-952b-f22c33373aac", + "attributes": {} + }, + { + "id": "2a100acd-6fcf-473f-b322-12f397719023", + "name": "realm-admin", + "description": "${role_realm-admin}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "query-groups", + "query-realms", + "view-clients", + "manage-clients", + "view-identity-providers", + "create-client", + "manage-realm", + "manage-authorization", + "manage-events", + "view-users", + "query-clients", + "manage-users", + "manage-identity-providers", + "view-authorization", + "view-events", + "view-realm", + "impersonation", + "query-users" + ] + } + }, + "clientRole": true, + "containerId": "1a0af498-bf8a-4cde-952b-f22c33373aac", + "attributes": {} + }, + { + "id": "845bb0ae-c919-44c8-a636-960b7ec3a7f0", + "name": "manage-authorization", + "description": "${role_manage-authorization}", + "composite": false, + "clientRole": true, + "containerId": "1a0af498-bf8a-4cde-952b-f22c33373aac", + "attributes": {} + }, + { + "id": "2b60b796-2413-485e-bb3d-120efe4ff1cc", + "name": "manage-events", + "description": "${role_manage-events}", + "composite": false, + "clientRole": true, + "containerId": "1a0af498-bf8a-4cde-952b-f22c33373aac", + "attributes": {} + }, + { + "id": "83eb5d8b-31e9-4ced-b371-d89c8037150f", + "name": "view-users", + "description": "${role_view-users}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "query-groups", + "query-users" + ] + } + }, + "clientRole": true, + "containerId": "1a0af498-bf8a-4cde-952b-f22c33373aac", + "attributes": {} + }, + { + "id": "34362d7e-571d-4786-9361-6fdf40290253", + "name": "query-clients", + "description": "${role_query-clients}", + "composite": false, + "clientRole": true, + "containerId": "1a0af498-bf8a-4cde-952b-f22c33373aac", + "attributes": {} + }, + { + "id": "b3797c1a-f572-4224-94dd-c0ae04fe78d4", + "name": "manage-users", + "description": "${role_manage-users}", + "composite": false, + "clientRole": true, + "containerId": "1a0af498-bf8a-4cde-952b-f22c33373aac", + "attributes": {} + }, + { + "id": "6cf55f2f-7eef-46b3-8686-13a002a8cfd3", + "name": "manage-identity-providers", + "description": "${role_manage-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "1a0af498-bf8a-4cde-952b-f22c33373aac", + "attributes": {} + }, + { + "id": "4ecc6cea-319e-428f-809c-dc5303c6455d", + "name": "view-authorization", + "description": "${role_view-authorization}", + "composite": false, + "clientRole": true, + "containerId": "1a0af498-bf8a-4cde-952b-f22c33373aac", + "attributes": {} + }, + { + "id": "a4017fb1-f27e-4663-92ba-61f30970afa0", + "name": "view-events", + "description": "${role_view-events}", + "composite": false, + "clientRole": true, + "containerId": "1a0af498-bf8a-4cde-952b-f22c33373aac", + "attributes": {} + }, + { + "id": "e6b84aad-0d7f-408b-873a-2d97a42272ae", + "name": "view-realm", + "description": "${role_view-realm}", + "composite": false, + "clientRole": true, + "containerId": "1a0af498-bf8a-4cde-952b-f22c33373aac", + "attributes": {} + }, + { + "id": "706df02d-bc79-45fe-a839-95626c84d3f7", + "name": "impersonation", + "description": "${role_impersonation}", + "composite": false, + "clientRole": true, + "containerId": "1a0af498-bf8a-4cde-952b-f22c33373aac", + "attributes": {} + }, + { + "id": "ef553c56-dd3f-4c34-8de2-f312c49ae417", + "name": "query-users", + "description": "${role_query-users}", + "composite": false, + "clientRole": true, + "containerId": "1a0af498-bf8a-4cde-952b-f22c33373aac", + "attributes": {} + } + ], + "application": [], + "security-admin-console": [], + "admin-cli": [], + "account-console": [], + "broker": [ + { + "id": "ad2dfc03-317f-4339-9cc8-b6df7140ddbf", + "name": "read-token", + "description": "${role_read-token}", + "composite": false, + "clientRole": true, + "containerId": "b6b3a930-d410-4336-a554-2358cc18d696", + "attributes": {} + } + ], + "account": [ + { + "id": "8768e112-3985-4639-8a64-fbea6d52d3ac", + "name": "view-profile", + "description": "${role_view-profile}", + "composite": false, + "clientRole": true, + "containerId": "f9c1ec69-d8ca-476d-a64c-c564a3c2ee0f", + "attributes": {} + }, + { + "id": "e233f80c-d392-4a3f-9d1c-e79d08e4de3a", + "name": "manage-account", + "description": "${role_manage-account}", + "composite": true, + "composites": { + "client": { + "account": [ + "manage-account-links" + ] + } + }, + "clientRole": true, + "containerId": "f9c1ec69-d8ca-476d-a64c-c564a3c2ee0f", + "attributes": {} + }, + { + "id": "3dc82896-25a0-4868-a0b5-d43ec953ee72", + "name": "manage-account-links", + "description": "${role_manage-account-links}", + "composite": false, + "clientRole": true, + "containerId": "f9c1ec69-d8ca-476d-a64c-c564a3c2ee0f", + "attributes": {} + }, + { + "id": "a294c1dc-8ad6-41fa-8ef8-76e1c8b2df34", + "name": "view-consent", + "description": "${role_view-consent}", + "composite": false, + "clientRole": true, + "containerId": "f9c1ec69-d8ca-476d-a64c-c564a3c2ee0f", + "attributes": {} + }, + { + "id": "aa9326a4-1761-4696-ad11-7fa22d3658fd", + "name": "view-applications", + "description": "${role_view-applications}", + "composite": false, + "clientRole": true, + "containerId": "f9c1ec69-d8ca-476d-a64c-c564a3c2ee0f", + "attributes": {} + }, + { + "id": "cb2b4389-a040-4818-a3fe-0b2ee862c5f4", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "f9c1ec69-d8ca-476d-a64c-c564a3c2ee0f", + "attributes": {} + }, + { + "id": "26870b26-7de4-4dd9-a90c-c36e98f8d0cd", + "name": "delete-account", + "description": "${role_delete-account}", + "composite": false, + "clientRole": true, + "containerId": "f9c1ec69-d8ca-476d-a64c-c564a3c2ee0f", + "attributes": {} + }, + { + "id": "9612ca22-80d7-431f-86ad-609d403dd01d", + "name": "manage-consent", + "description": "${role_manage-consent}", + "composite": true, + "composites": { + "client": { + "account": [ + "view-consent" + ] + } + }, + "clientRole": true, + "containerId": "f9c1ec69-d8ca-476d-a64c-c564a3c2ee0f", + "attributes": {} + } + ] + } + }, + "groups": [], + "defaultRole": { + "id": "9d61c0df-0499-429d-9ca3-296834821d48", + "name": "default-roles-betterfleet", + "description": "${role_default-roles}", + "composite": true, + "clientRole": false, + "containerId": "b992645c-a6e4-4cc0-9f13-79eaaf5908b5" + }, + "requiredCredentials": [ + "password" + ], + "otpPolicyType": "totp", + "otpPolicyAlgorithm": "HmacSHA1", + "otpPolicyInitialCounter": 0, + "otpPolicyDigits": 6, + "otpPolicyLookAheadWindow": 1, + "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, + "otpSupportedApplications": [ + "totpAppFreeOTPName", + "totpAppGoogleName", + "totpAppMicrosoftAuthenticatorName" + ], + "localizationTexts": {}, + "webAuthnPolicyRpEntityName": "keycloak", + "webAuthnPolicySignatureAlgorithms": [ + "ES256" + ], + "webAuthnPolicyRpId": "", + "webAuthnPolicyAttestationConveyancePreference": "not specified", + "webAuthnPolicyAuthenticatorAttachment": "not specified", + "webAuthnPolicyRequireResidentKey": "not specified", + "webAuthnPolicyUserVerificationRequirement": "not specified", + "webAuthnPolicyCreateTimeout": 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyAcceptableAaguids": [], + "webAuthnPolicyExtraOrigins": [], + "webAuthnPolicyPasswordlessRpEntityName": "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms": [ + "ES256" + ], + "webAuthnPolicyPasswordlessRpId": "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", + "webAuthnPolicyPasswordlessCreateTimeout": 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyPasswordlessAcceptableAaguids": [], + "webAuthnPolicyPasswordlessExtraOrigins": [], + "scopeMappings": [ + { + "clientScope": "offline_access", + "roles": [ + "offline_access" + ] + } + ], + "clientScopeMappings": { + "account": [ + { + "client": "account-console", + "roles": [ + "manage-account", + "view-groups" + ] + } + ] + }, + "clients": [ + { + "id": "f9c1ec69-d8ca-476d-a64c-c564a3c2ee0f", + "clientId": "account", + "name": "${client_account}", + "rootUrl": "${authBaseUrl}", + "baseUrl": "/realms/Betterfleet/account/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "/realms/Betterfleet/account/*" + ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "329550ad-57be-4e63-83ee-911de63bbcdf", + "clientId": "account-console", + "name": "${client_account-console}", + "rootUrl": "${authBaseUrl}", + "baseUrl": "/realms/Betterfleet/account/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "/realms/Betterfleet/account/*" + ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+", + "pkce.code.challenge.method": "S256" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "1571d305-0688-4732-97bf-16365b02c41f", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": {} + } + ], + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "3b32a287-cf49-4034-8587-c9c5ad81294a", + "clientId": "admin-cli", + "name": "${client_admin-cli}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "41796e3c-5b29-4cca-b374-53fe3468889c", + "clientId": "application", + "name": "application", + "description": "", + "rootUrl": "", + "adminUrl": "", + "baseUrl": "", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "*" + ], + "webOrigins": [ + "*" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": true, + "protocol": "openid-connect", + "attributes": { + "oidc.ciba.grant.enabled": "false", + "backchannel.logout.session.required": "true", + "post.logout.redirect.uris": "+", + "display.on.consent.screen": "false", + "oauth2.device.authorization.grant.enabled": "false", + "backchannel.logout.revoke.offline.tokens": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "b6b3a930-d410-4336-a554-2358cc18d696", + "clientId": "broker", + "name": "${client_broker}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "1a0af498-bf8a-4cde-952b-f22c33373aac", + "clientId": "realm-management", + "name": "${client_realm-management}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "6feb9ae5-0b08-454a-b2a4-c0f92372c100", + "clientId": "security-admin-console", + "name": "${client_security-admin-console}", + "rootUrl": "${authAdminUrl}", + "baseUrl": "/admin/Betterfleet/console/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "/admin/Betterfleet/console/*" + ], + "webOrigins": [ + "+" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+", + "pkce.code.challenge.method": "S256" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "cb1078a3-bc06-486c-a03c-2050c44542ac", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + } + ], + "clientScopes": [ + { + "id": "23c45343-4e36-4bb6-bdcb-1614984383a4", + "name": "offline_access", + "description": "OpenID Connect built-in scope: offline_access", + "protocol": "openid-connect", + "attributes": { + "consent.screen.text": "${offlineAccessScopeConsentText}", + "display.on.consent.screen": "true" + } + }, + { + "id": "23b97f01-bf6c-4a59-803b-245a3c0cadfa", + "name": "address", + "description": "OpenID Connect built-in scope: address", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${addressScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "100f1bd3-dd34-4560-ba3b-4980a80c0c26", + "name": "address", + "protocol": "openid-connect", + "protocolMapper": "oidc-address-mapper", + "consentRequired": false, + "config": { + "user.attribute.formatted": "formatted", + "user.attribute.country": "country", + "introspection.token.claim": "true", + "user.attribute.postal_code": "postal_code", + "userinfo.token.claim": "true", + "user.attribute.street": "street", + "id.token.claim": "true", + "user.attribute.region": "region", + "access.token.claim": "true", + "user.attribute.locality": "locality" + } + } + ] + }, + { + "id": "5eb6027f-9f90-4592-b0e0-9c606ab0543b", + "name": "email", + "description": "OpenID Connect built-in scope: email", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${emailScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "7a9b4fe8-6064-4883-aea3-4649908960a9", + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + }, + { + "id": "296b0e12-836a-4cbf-8a1e-d4e7accde88b", + "name": "email verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "emailVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email_verified", + "jsonType.label": "boolean" + } + } + ] + }, + { + "id": "63bd6aba-9d39-4c6c-9d81-acf4d493e594", + "name": "profile", + "description": "OpenID Connect built-in scope: profile", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${profileScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "b6159d2a-e7c1-4ca7-86eb-1928e9a9a08d", + "name": "profile", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "profile", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "profile", + "jsonType.label": "String" + } + }, + { + "id": "63afabef-a95d-457f-a496-4326ce86c98d", + "name": "updated at", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "updatedAt", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "updated_at", + "jsonType.label": "long" + } + }, + { + "id": "eaf7d50f-aaf3-488e-b8c0-bca4097a018f", + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String" + } + }, + { + "id": "222e6e8b-4bf8-494f-9fb6-542cbc6f340f", + "name": "middle name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "middleName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "middle_name", + "jsonType.label": "String" + } + }, + { + "id": "7bdeeb75-1610-4237-9141-61ec6f89275c", + "name": "gender", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "gender", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "gender", + "jsonType.label": "String" + } + }, + { + "id": "8ddaa06a-c558-4d81-a552-109734703e95", + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" + } + }, + { + "id": "44429a3e-d20b-49d8-9d0f-c1492218ef90", + "name": "birthdate", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "birthdate", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "birthdate", + "jsonType.label": "String" + } + }, + { + "id": "cc1b0130-6730-4e8c-936e-8c8e4a4cf033", + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "introspection.token.claim": "true", + "userinfo.token.claim": "true" + } + }, + { + "id": "1850878b-f44e-4818-9b22-e66fd1ceee8e", + "name": "picture", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "picture", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "picture", + "jsonType.label": "String" + } + }, + { + "id": "b4db2545-d3c4-4774-9d04-1c471f1bd907", + "name": "nickname", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "nickname", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "nickname", + "jsonType.label": "String" + } + }, + { + "id": "a5d8b5db-8a6d-469a-a742-2619775833ed", + "name": "zoneinfo", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "zoneinfo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "zoneinfo", + "jsonType.label": "String" + } + }, + { + "id": "ec754fa2-ac03-45e0-add6-0e419c6012a8", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + }, + { + "id": "468500a0-1f99-40cc-abe7-746299cfe6dd", + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" + } + }, + { + "id": "43d0e440-d033-41de-8b03-42119746e3df", + "name": "website", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "website", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "website", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "3709f595-684a-4e84-9ad4-c37c07e411cf", + "name": "role_list", + "description": "SAML role list", + "protocol": "saml", + "attributes": { + "consent.screen.text": "${samlRoleListScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "fc9bfc6e-7e4b-446b-a116-e6b7cb16b039", + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", + "consentRequired": false, + "config": { + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" + } + } + ] + }, + { + "id": "974eedf9-386f-40d6-8908-d307042dfe8a", + "name": "web-origins", + "description": "OpenID Connect scope for add allowed web origins to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false", + "consent.screen.text": "" + }, + "protocolMappers": [ + { + "id": "f9d62f00-57b0-46ab-9bd6-b3832a3ab7d3", + "name": "allowed web origins", + "protocol": "openid-connect", + "protocolMapper": "oidc-allowed-origins-mapper", + "consentRequired": false, + "config": { + "access.token.claim": "true", + "introspection.token.claim": "true" + } + } + ] + }, + { + "id": "a9d8faf1-0d27-4081-bad4-c228111969b1", + "name": "roles", + "description": "OpenID Connect scope for add user roles to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "true", + "consent.screen.text": "${rolesScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "53163b69-e7d7-49e0-a862-3178783377dc", + "name": "realm roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "multivalued": "true", + "user.attribute": "foo", + "access.token.claim": "true", + "claim.name": "realm_access.roles", + "jsonType.label": "String" + } + }, + { + "id": "d5272d78-c23a-4646-a9d2-34ea816b17a5", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": { + "access.token.claim": "true", + "introspection.token.claim": "true" + } + }, + { + "id": "74d3f38c-a75e-45a0-a063-f795a64a08f2", + "name": "client roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-client-role-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "multivalued": "true", + "user.attribute": "foo", + "access.token.claim": "true", + "claim.name": "resource_access.${client_id}.roles", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "26b4a1bc-dceb-415a-91cf-645cc302baef", + "name": "microprofile-jwt", + "description": "Microprofile - JWT built-in scope", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "5ee59b19-99d0-4cba-9ed6-a3b3e9212649", + "name": "upn", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "upn", + "jsonType.label": "String" + } + }, + { + "id": "1a77bbf1-0e54-4c51-849e-43718096114b", + "name": "groups", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "multivalued": "true", + "userinfo.token.claim": "true", + "user.attribute": "foo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "groups", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "65b194bd-87e2-48d9-ac15-ca21528fa81b", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "a1e0f67a-1c08-46b8-9880-eef580a62508", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "introspection.token.claim": "true", + "userinfo.token.claim": "true" + } + } + ] + }, + { + "id": "a72de4c9-f486-451e-b033-bd0dcc56547f", + "name": "phone", + "description": "OpenID Connect built-in scope: phone", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${phoneScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "2c73f934-2a98-4689-a399-1aac6fb9d558", + "name": "phone number", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "phoneNumber", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number", + "jsonType.label": "String" + } + }, + { + "id": "5b5d1514-9737-473f-ad6e-9273c42235ec", + "name": "phone number verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "phoneNumberVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number_verified", + "jsonType.label": "boolean" + } + } + ] + } + ], + "defaultDefaultClientScopes": [ + "role_list", + "profile", + "email", + "roles", + "web-origins", + "acr" + ], + "defaultOptionalClientScopes": [ + "offline_access", + "address", + "phone", + "microprofile-jwt" + ], + "browserSecurityHeaders": { + "contentSecurityPolicyReportOnly": "", + "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", + "xRobotsTag": "none", + "xFrameOptions": "SAMEORIGIN", + "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "xXSSProtection": "1; mode=block", + "strictTransportSecurity": "max-age=31536000; includeSubDomains" + }, + "smtpServer": {}, + "eventsEnabled": false, + "eventsListeners": [ + "jboss-logging" + ], + "enabledEventTypes": [], + "adminEventsEnabled": false, + "adminEventsDetailsEnabled": false, + "identityProviders": [ + { + "alias": "microsoft", + "internalId": "f0a98553-bd49-4457-bf97-07421c8249bb", + "providerId": "microsoft", + "enabled": true, + "updateProfileFirstLoginMode": "on", + "trustEmail": true, + "storeToken": true, + "addReadTokenRoleOnCreate": false, + "authenticateByDefault": false, + "linkOnly": false, + "firstBrokerLoginFlowAlias": "first broker login", + "config": { + "hideOnLoginPage": "true", + "acceptsPromptNoneForwardFromClient": "false", + "clientId": "${MICROSOFT_CLIENT_ID}", + "disableUserInfo": "true", + "filteredByClaim": "false", + "syncMode": "IMPORT", + "clientSecret": "${MICROSOFT_CLIENT_SECRET}", + "defaultScope": "openid profile" + } + } + ], + "identityProviderMappers": [], + "components": { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ + { + "id": "43d2190f-a91b-4c81-a39d-f007839eccde", + "name": "Trusted Hosts", + "providerId": "trusted-hosts", + "subType": "anonymous", + "subComponents": {}, + "config": { + "host-sending-registration-request-must-match": [ + "true" + ], + "client-uris-must-match": [ + "true" + ] + } + }, + { + "id": "64126fe2-bb3a-4ad0-ac12-d8a7fed149b8", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } + }, + { + "id": "76b805a1-f124-4d92-a928-d27909e116be", + "name": "Consent Required", + "providerId": "consent-required", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "6da6ea50-8331-4ba4-bb8c-75f90744604b", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "saml-user-property-mapper", + "oidc-usermodel-property-mapper", + "oidc-address-mapper", + "oidc-usermodel-attribute-mapper", + "saml-user-attribute-mapper", + "saml-role-list-mapper", + "oidc-sha256-pairwise-sub-mapper", + "oidc-full-name-mapper" + ] + } + }, + { + "id": "0b8a0bcf-35f7-45c4-af01-614e62b39392", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "oidc-full-name-mapper", + "oidc-usermodel-attribute-mapper", + "oidc-usermodel-property-mapper", + "oidc-sha256-pairwise-sub-mapper", + "saml-role-list-mapper", + "oidc-address-mapper", + "saml-user-property-mapper", + "saml-user-attribute-mapper" + ] + } + }, + { + "id": "2a5078ca-a706-475b-8b7c-6cb3bdb9526b", + "name": "Max Clients Limit", + "providerId": "max-clients", + "subType": "anonymous", + "subComponents": {}, + "config": { + "max-clients": [ + "200" + ] + } + }, + { + "id": "544ac93b-540c-4dfc-92cb-44ec310db05e", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "54ee2b32-ded9-45be-ac56-905f794ac833", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } + } + ], + "org.keycloak.userprofile.UserProfileProvider": [ + { + "id": "505a94e0-5702-41a6-b830-59bab1fe4418", + "providerId": "declarative-user-profile", + "subComponents": {}, + "config": { + "kc.user.profile.config": [ + "{\"attributes\":[{\"name\":\"username\",\"displayName\":\"${username}\",\"validations\":{\"username-prohibited-characters\":{},\"up-username-not-idn-homograph\":{},\"length\":{\"min\":\"3\",\"max\":\"16\",\"trim-disabled\":\"false\"}},\"annotations\":{},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"email\",\"displayName\":\"${email}\",\"validations\":{\"email\":{},\"length\":{\"max\":255}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false}],\"groups\":[{\"name\":\"user-metadata\",\"displayHeader\":\"User metadata\",\"displayDescription\":\"Attributes, which refer to user metadata\"}],\"unmanagedAttributePolicy\":\"ENABLED\"}" + ] + } + } + ], + "org.keycloak.keys.KeyProvider": [ + { + "id": "08ff545d-9767-460c-91d3-8d14be62dbcf", + "name": "rsa-enc-generated", + "providerId": "rsa-enc-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ], + "algorithm": [ + "RSA-OAEP" + ] + } + }, + { + "id": "0f6cba3f-836a-4b91-b630-ef520e969921", + "name": "hmac-generated-hs512", + "providerId": "hmac-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ], + "algorithm": [ + "HS512" + ] + } + }, + { + "id": "1c88e8ca-ac37-4bde-86b5-8b0688f5ced4", + "name": "hmac-generated", + "providerId": "hmac-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ], + "algorithm": [ + "HS256" + ] + } + }, + { + "id": "09e1056a-0281-474e-afb7-e77c7968ebdc", + "name": "rsa-generated", + "providerId": "rsa-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ] + } + }, + { + "id": "7cc85c08-27b5-459e-92f8-c955357f648f", + "name": "aes-generated", + "providerId": "aes-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ] + } + } + ] + }, + "internationalizationEnabled": true, + "supportedLocales": [ + "en", + "fr" + ], + "defaultLocale": "en", + "authenticationFlows": [ + { + "id": "4ae76b0b-5339-46cc-8c5c-1cfaa8ecf281", + "alias": "Account verification options", + "description": "Method with which to verity the existing account", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-email-verification", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Verify Existing Account by Re-authentication", + "userSetupAllowed": false + } + ] + }, + { + "id": "28c9fc62-39d9-4564-8e80-aa050c1e76ae", + "alias": "Browser - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-otp-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "9ec6da11-9539-4815-adc5-3801b080a9b7", + "alias": "Direct Grant - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "direct-grant-validate-otp", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "76b4bbba-294b-43eb-bcd1-c01dc1b4af9e", + "alias": "First broker login - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-otp-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "861f0975-4286-4e9f-aeb5-5806d918d225", + "alias": "Handle Existing Account", + "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-confirm-link", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Account verification options", + "userSetupAllowed": false + } + ] + }, + { + "id": "5e9ebb47-05d4-4f02-a6ff-3148d6dd026c", + "alias": "Reset - Conditional OTP", + "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-otp", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "982df19d-0d8a-4c2d-b407-60166d3ef460", + "alias": "User creation or linking", + "description": "Flow for the existing/non-existing user alternatives", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorConfig": "create unique user config", + "authenticator": "idp-create-user-if-unique", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Handle Existing Account", + "userSetupAllowed": false + } + ] + }, + { + "id": "6460f802-7d45-4fcb-934d-df580ae24900", + "alias": "Verify Existing Account by Re-authentication", + "description": "Reauthentication of existing account", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-username-password-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "First broker login - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "857f189a-3a70-4517-bc7e-58db37f162cd", + "alias": "browser", + "description": "browser based authentication", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-cookie", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-spnego", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorConfig": "microsoft", + "authenticator": "identity-provider-redirector", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 25, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 30, + "autheticatorFlow": true, + "flowAlias": "forms", + "userSetupAllowed": false + } + ] + }, + { + "id": "8a6ab115-e621-48ef-bd4f-7a84deae8d48", + "alias": "clients", + "description": "Base authentication for clients", + "providerId": "client-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "client-secret", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-jwt", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-secret-jwt", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 30, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-x509", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 40, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "bbe6d7b2-b135-4d12-aa77-a5efcfe1631e", + "alias": "direct grant", + "description": "OpenID Connect Resource Owner Grant", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "direct-grant-validate-username", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "direct-grant-validate-password", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 30, + "autheticatorFlow": true, + "flowAlias": "Direct Grant - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "b663a452-f0f8-4394-9f55-ef55d2bcfa02", + "alias": "docker auth", + "description": "Used by Docker clients to authenticate against the IDP", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "docker-http-basic-authenticator", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "c9345817-609d-450c-8180-40ab7e65b122", + "alias": "first broker login", + "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorConfig": "review profile config", + "authenticator": "idp-review-profile", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "User creation or linking", + "userSetupAllowed": false + } + ] + }, + { + "id": "e318df24-1699-4570-a136-6c8ea8f09f4d", + "alias": "forms", + "description": "Username, password, otp and other auth forms.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-username-password-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Browser - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "daf866a3-34f9-4271-ae50-7aaf5b005d92", + "alias": "registration", + "description": "registration flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-page-form", + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": true, + "flowAlias": "registration form", + "userSetupAllowed": false + } + ] + }, + { + "id": "381a2f19-3b2d-4d9e-99f0-778827160c21", + "alias": "registration form", + "description": "registration form", + "providerId": "form-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-user-creation", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "registration-password-action", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 50, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "registration-recaptcha-action", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 60, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "9c35c46d-9ca8-47e4-a4d9-ee5cf192d82d", + "alias": "reset credentials", + "description": "Reset credentials for a user if they forgot their password or something", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "reset-credentials-choose-user", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-credential-email", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-password", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 30, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 40, + "autheticatorFlow": true, + "flowAlias": "Reset - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "6aa87744-95df-4b6c-bf9b-5b7df0d2875d", + "alias": "saml ecp", + "description": "SAML ECP Profile Authentication Flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "http-basic-authenticator", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + } + ], + "authenticatorConfig": [ + { + "id": "2f870c8a-c343-4f11-bfbc-8d93421082a5", + "alias": "create unique user config", + "config": { + "require.password.update.after.registration": "false" + } + }, + { + "id": "367ca487-7d04-4a15-831e-f84a595053e8", + "alias": "microsoft", + "config": {} + }, + { + "id": "39d39e94-9e1e-492d-89bf-5dd2afc97e35", + "alias": "microsoft", + "config": { + "defaultProvider": "microsoft" + } + }, + { + "id": "0f0b4d76-73e5-45ae-bf6d-7962f17a3a21", + "alias": "review profile config", + "config": { + "update.profile.on.first.login": "missing" + } + } + ], + "requiredActions": [ + { + "alias": "CONFIGURE_TOTP", + "name": "Configure OTP", + "providerId": "CONFIGURE_TOTP", + "enabled": true, + "defaultAction": false, + "priority": 10, + "config": {} + }, + { + "alias": "TERMS_AND_CONDITIONS", + "name": "Terms and Conditions", + "providerId": "TERMS_AND_CONDITIONS", + "enabled": false, + "defaultAction": false, + "priority": 20, + "config": {} + }, + { + "alias": "UPDATE_PASSWORD", + "name": "Update Password", + "providerId": "UPDATE_PASSWORD", + "enabled": true, + "defaultAction": false, + "priority": 30, + "config": {} + }, + { + "alias": "UPDATE_PROFILE", + "name": "Update Profile", + "providerId": "UPDATE_PROFILE", + "enabled": true, + "defaultAction": false, + "priority": 40, + "config": {} + }, + { + "alias": "VERIFY_EMAIL", + "name": "Verify Email", + "providerId": "VERIFY_EMAIL", + "enabled": true, + "defaultAction": false, + "priority": 50, + "config": {} + }, + { + "alias": "delete_account", + "name": "Delete Account", + "providerId": "delete_account", + "enabled": false, + "defaultAction": false, + "priority": 60, + "config": {} + }, + { + "alias": "webauthn-register", + "name": "Webauthn Register", + "providerId": "webauthn-register", + "enabled": true, + "defaultAction": false, + "priority": 70, + "config": {} + }, + { + "alias": "webauthn-register-passwordless", + "name": "Webauthn Register Passwordless", + "providerId": "webauthn-register-passwordless", + "enabled": true, + "defaultAction": false, + "priority": 80, + "config": {} + }, + { + "alias": "update_user_locale", + "name": "Update User Locale", + "providerId": "update_user_locale", + "enabled": true, + "defaultAction": false, + "priority": 1000, + "config": {} + } + ], + "browserFlow": "browser", + "registrationFlow": "registration", + "directGrantFlow": "direct grant", + "resetCredentialsFlow": "reset credentials", + "clientAuthenticationFlow": "clients", + "dockerAuthenticationFlow": "docker auth", + "firstBrokerLoginFlow": "first broker login", + "attributes": { + "cibaBackchannelTokenDeliveryMode": "poll", + "cibaAuthRequestedUserHint": "login_hint", + "clientOfflineSessionMaxLifespan": "0", + "oauth2DevicePollingInterval": "5", + "clientSessionIdleTimeout": "0", + "clientOfflineSessionIdleTimeout": "0", + "cibaInterval": "5", + "realmReusableOtpCode": "false", + "cibaExpiresIn": "120", + "oauth2DeviceCodeLifespan": "600", + "parRequestUriLifespan": "60", + "clientSessionMaxLifespan": "0", + "frontendUrl": "", + "acr.loa.map": "{}" + }, + "keycloakVersion": "24.0.2", + "userManagedAccessAllowed": false, + "clientProfiles": { + "profiles": [] + }, + "clientPolicies": { + "policies": [] + } +} \ No newline at end of file diff --git a/deployment/nginx.conf b/deployment/nginx.conf new file mode 100644 index 00000000..78a7452c --- /dev/null +++ b/deployment/nginx.conf @@ -0,0 +1,40 @@ +server { + + server_name betterfleet.fr; + + location / { + proxy_pass http://127.0.0.1:2602; + } + + location /api { + rewrite /api/(.*) /$1 break; + proxy_pass http://127.0.0.1:2601; + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + # Socket conf + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_hide_header 'Access-Control-Allow-Origin'; + proxy_http_version 1.1; + proxy_connect_timeout 7d; + proxy_send_timeout 7d; + proxy_read_timeout 7d; + } + + + location /auth { + #rewrite /auth/(.*) /$1 break; + proxy_pass http://127.0.0.1:2604; + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + listen [::]:80; + listen 80; +} diff --git a/webapp/.env.development b/webapp/.env.development index 002388bd..983c3c58 100644 --- a/webapp/.env.development +++ b/webapp/.env.development @@ -1,3 +1,4 @@ VITE_BACKEND_HOST="http://127.0.0.1:8080" VITE_SOCKET_HOST="ws://127.0.0.1:8080/sessions" +VITE_KEYCLOAK_HOST="http://127.0.0.1:2604/auth" VITE_VERSION=$npm_package_version \ No newline at end of file diff --git a/webapp/.env.production b/webapp/.env.production index 0de079e7..fb9ec957 100644 --- a/webapp/.env.production +++ b/webapp/.env.production @@ -1,2 +1,4 @@ VITE_SOCKET_HOST=wss://betterfleet.fr/api/sessions +VITE_KEYCLOAK_HOST=https://betterfleet.fr/auth +VITE_BACKEND_HOST=https://betterfleet.fr/api VITE_VERSION=$npm_package_version \ No newline at end of file diff --git a/webapp/package-lock.json b/webapp/package-lock.json index 4d4c01bf..49c2c1cf 100644 --- a/webapp/package-lock.json +++ b/webapp/package-lock.json @@ -11,6 +11,7 @@ "@js-joda/core": "^5.6.2", "@tauri-apps/api": "^1.5.3", "axios": "^1.6.8", + "keycloak-js": "^20.0.3", "vue": "^3.4.21", "vue-i18n": "^9.10.2" }, @@ -1024,6 +1025,25 @@ "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==", "dev": true }, + "node_modules/base64-js": { + "version": "1.5.1", + "resolved": "https://registry.npmjs.org/base64-js/-/base64-js-1.5.1.tgz", + "integrity": "sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ] + }, "node_modules/binary-extensions": { "version": "2.2.0", "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.2.0.tgz", @@ -1295,6 +1315,20 @@ "node": ">=0.12.0" } }, + "node_modules/js-sha256": { + "version": "0.9.0", + "resolved": "https://registry.npmjs.org/js-sha256/-/js-sha256-0.9.0.tgz", + "integrity": "sha512-sga3MHh9sgQN2+pJ9VYZ+1LPwXOxuBJBA5nrR5/ofPfuiJBE2hnjsaN8se8JznOmGLN2p49Pe5U/ttafcs/apA==" + }, + "node_modules/keycloak-js": { + "version": "20.0.5", + "resolved": "https://registry.npmjs.org/keycloak-js/-/keycloak-js-20.0.5.tgz", + "integrity": "sha512-7+M5Uni4oNlAmbjM/lDJzFHu2+PGqU6/bvmTBuQssE1fJ7ZyNeCRHgFoaVfFpIU3m6aAFwPUko4lVcn4kPXP5Q==", + "dependencies": { + "base64-js": "^1.5.1", + "js-sha256": "^0.9.0" + } + }, "node_modules/lru-cache": { "version": "6.0.0", "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", diff --git a/webapp/package.json b/webapp/package.json index 5c5c661a..f90cc0ed 100644 --- a/webapp/package.json +++ b/webapp/package.json @@ -9,14 +9,14 @@ "preview": "vite preview", "tauri": "tauri", "tauri-dev": "npm run tauri dev", - "tauri-build": "npm run tauri build" + "tauri-build": "npm run tauri build -- --debug" }, "dependencies": { "@js-joda/core": "^5.6.2", "@tauri-apps/api": "^1.5.3", - "axios": "^1.6.8", "vue": "^3.4.21", - "vue-i18n": "^9.10.2" + "vue-i18n": "^9.10.2", + "keycloak-js": "^20.0.3" }, "devDependencies": { "@tauri-apps/cli": "^1.5.11", diff --git a/webapp/src-tauri/Cargo.lock b/webapp/src-tauri/Cargo.lock index 4e3eb4cd..1edca834 100644 --- a/webapp/src-tauri/Cargo.lock +++ b/webapp/src-tauri/Cargo.lock @@ -127,7 +127,7 @@ checksum = "9d297deb1925b89f2ccc13d7635fa0714f12c87adce1c75356b39ca9b7178567" [[package]] name = "better_fleet" -version = "0.1.3-alpha" +version = "0.1.5-alpha" dependencies = [ "anyhow", "etherparse", diff --git a/webapp/src-tauri/Cargo.toml b/webapp/src-tauri/Cargo.toml index ba0316e4..7f6900ea 100644 --- a/webapp/src-tauri/Cargo.toml +++ b/webapp/src-tauri/Cargo.toml @@ -17,7 +17,7 @@ tauri-build = { version = "1.5.1", features = [] } [dependencies] serde_json = "1.0" serde = { version = "1.0", features = ["derive"] } -tauri = { version = "1.6.0", features = [ "updater", "shell-all"] } +tauri = { version = "1.6.0", features = [ "http-all", "updater", "shell-all"] } anyhow = "1.0.80" socket2 = "0.5.6" tokio = { version = "1.36.0", features = ["full"] } diff --git a/webapp/src-tauri/tauri.conf.json b/webapp/src-tauri/tauri.conf.json index 2c47060b..c452e436 100644 --- a/webapp/src-tauri/tauri.conf.json +++ b/webapp/src-tauri/tauri.conf.json @@ -18,6 +18,14 @@ "execute": true, "sidecar": true, "open": true + }, + "http": { + "all": true, + "request": true, + "scope": [ + "http://**", + "https://**" + ] } }, "bundle": { @@ -57,7 +65,16 @@ } }, "security": { - "csp": null + "csp": null, + "dangerousRemoteDomainIpcAccess": [ + { + "domain": "localhost", + "windows": [ + "main" + ], + "enableTauriAPI": true + } + ] }, "updater": { "active": true, @@ -76,7 +93,8 @@ "height": 700, "resizable": true, "title": "BetterFleet", - "width": 1250 + "width": 1250, + "transparent": true } ] } diff --git a/webapp/src/App.vue b/webapp/src/App.vue index 5514f3e9..344b30b2 100644 --- a/webapp/src/App.vue +++ b/webapp/src/App.vue @@ -1,117 +1,23 @@ diff --git a/webapp/src/assets/backgrounds/button.svg b/webapp/src/assets/backgrounds/button.svg new file mode 100644 index 00000000..ccc8bd42 --- /dev/null +++ b/webapp/src/assets/backgrounds/button.svg @@ -0,0 +1,8 @@ + + + + + + + + diff --git a/webapp/src/assets/backgrounds/login.svg b/webapp/src/assets/backgrounds/login.svg new file mode 100644 index 00000000..ee577e11 --- /dev/null +++ b/webapp/src/assets/backgrounds/login.svg @@ -0,0 +1,3 @@ + + + \ No newline at end of file diff --git a/webapp/src/assets/backgrounds/user-card.svg b/webapp/src/assets/backgrounds/user-card.svg new file mode 100644 index 00000000..e032394f --- /dev/null +++ b/webapp/src/assets/backgrounds/user-card.svg @@ -0,0 +1,3 @@ + + + \ No newline at end of file diff --git a/webapp/src/assets/contributors/contributors.json b/webapp/src/assets/contributors/contributors.json new file mode 100644 index 00000000..82002b35 --- /dev/null +++ b/webapp/src/assets/contributors/contributors.json @@ -0,0 +1,22 @@ +{ + "developers": [ + "Zelytra", + "dadodasyra" + ], + "translators" : [ + "Ichabodt" + ], + "designers": [ + "ZeTro", + "Zamao" + ], + "alphaTesters": [ + "Azuryy11", + "Despra", + "AtrX Ghost", + "Ignis", + "ShadowPsy", + "Vex", + "Buckoshow" + ] +} \ No newline at end of file diff --git a/webapp/src/assets/icons/contributors/alpha-tester.svg b/webapp/src/assets/icons/contributors/alpha-tester.svg new file mode 100644 index 00000000..44f7b7d7 --- /dev/null +++ b/webapp/src/assets/icons/contributors/alpha-tester.svg @@ -0,0 +1,4 @@ + + + + \ No newline at end of file diff --git a/webapp/src/assets/icons/contributors/designer.svg b/webapp/src/assets/icons/contributors/designer.svg new file mode 100644 index 00000000..bf5888da --- /dev/null +++ b/webapp/src/assets/icons/contributors/designer.svg @@ -0,0 +1,10 @@ + + + + + + + + + + \ No newline at end of file diff --git a/webapp/src/assets/icons/contributors/developer.svg b/webapp/src/assets/icons/contributors/developer.svg new file mode 100644 index 00000000..98147663 --- /dev/null +++ b/webapp/src/assets/icons/contributors/developer.svg @@ -0,0 +1,3 @@ + + + \ No newline at end of file diff --git a/webapp/src/assets/icons/contributors/translator.svg b/webapp/src/assets/icons/contributors/translator.svg new file mode 100644 index 00000000..01aae793 --- /dev/null +++ b/webapp/src/assets/icons/contributors/translator.svg @@ -0,0 +1,3 @@ + + + \ No newline at end of file diff --git a/webapp/src/assets/icons/full-logo.svg b/webapp/src/assets/icons/full-logo.svg new file mode 100644 index 00000000..97d4ae22 --- /dev/null +++ b/webapp/src/assets/icons/full-logo.svg @@ -0,0 +1,22 @@ + + + + + + + + + + + + + + + + + + + + + + diff --git a/webapp/src/assets/locales/fr.json b/webapp/src/assets/locales/fr.json index 83560554..e20f1c3f 100644 --- a/webapp/src/assets/locales/fr.json +++ b/webapp/src/assets/locales/fr.json @@ -129,6 +129,15 @@ "es": "Español", "fr": "Français" }, + "login": { + "continue": "Continuer", + "description": "Bienvenue sur Better Fleet ! Nous sommes ravis de vous compter parmi nous. Pour que vous puissiez utiliser pleinement l'application, il est nécessaire de vous connecter à votre compte ou bien en créer un !", + "disconnect": "Ce n’est pas votre compte ? ", + "loginButton": "Se connecter", + "succeed": "Connexion réussie !", + "userWelcome": "Bienvenue", + "welcome": "Bienvenue sur" + }, "modal": { "confirm": { "launch": { @@ -157,6 +166,12 @@ "title": "Entrez un code de session" } }, + "contributor": { + "alpha_tester": "Alpha-Testeur", + "designer": "Designer", + "developer": "Développeur", + "translator": "Traducteur" + }, "countdown": "La recherche commence dans...", "id": "Code de session", "idCopy": "Copié !", diff --git a/webapp/src/components/Authentication.vue b/webapp/src/components/Authentication.vue new file mode 100644 index 00000000..e5858c15 --- /dev/null +++ b/webapp/src/components/Authentication.vue @@ -0,0 +1,133 @@ + + + + + \ No newline at end of file diff --git a/webapp/src/components/FleetMenuNavigator.vue b/webapp/src/components/FleetMenuNavigator.vue new file mode 100644 index 00000000..a304701d --- /dev/null +++ b/webapp/src/components/FleetMenuNavigator.vue @@ -0,0 +1,109 @@ + + + + + \ No newline at end of file diff --git a/webapp/src/components/Config.vue b/webapp/src/components/fleet/Config.vue similarity index 93% rename from webapp/src/components/Config.vue rename to webapp/src/components/fleet/Config.vue index f0c01013..1cbbc698 100644 --- a/webapp/src/components/Config.vue +++ b/webapp/src/components/fleet/Config.vue @@ -10,7 +10,7 @@ :style="{ backgroundColor: Utils.generateRandomColor() }" >

- {{ UserStore.player.username.charAt(0) }} + {{ UserStore.player.username.charAt(0).toUpperCase() }}

{{ UserStore.player.username }}

@@ -18,17 +18,12 @@ - @@ -87,10 +82,10 @@

@@ -110,13 +105,13 @@ import SingleSelect from "@/vue/form/SingleSelect.vue"; import {SingleSelectInterface} from "@/vue/form/Inputs.ts"; import {inject, onMounted, ref,} from "vue"; -import fr from "@/assets/icons/locales/fr.svg"; -import de from "@/assets/icons/locales/de.svg"; -import es from "@/assets/icons/locales/es.svg"; -import en from "@/assets/icons/locales/en.svg"; -import xbox from "@/assets/icons/xbox.svg"; -import microsoft from "@/assets/icons/microsoft.svg"; -import playstation from "@/assets/icons/playstation.svg"; +import fr from "@assets/icons/locales/fr.svg"; +import de from "@assets/icons/locales/de.svg"; +import es from "@assets/icons/locales/es.svg"; +import en from "@assets/icons/locales/en.svg"; +import xbox from "@assets/icons/xbox.svg"; +import microsoft from "@assets/icons/microsoft.svg"; +import playstation from "@assets/icons/playstation.svg"; import {UserStore} from "@/objects/stores/UserStore.ts"; import {AlertProvider, AlertType} from "@/vue/alert/Alert.ts"; import SaveBar from "@/vue/utils/SaveBar.vue"; @@ -125,6 +120,7 @@ import countdownSound from "@assets/sounds/countdown.mp3"; import {PlayerDevice} from "@/objects/fleet/Player.ts"; import ParameterPart from "@/vue/templates/ParameterPart.vue"; import {Utils} from "@/objects/utils/Utils.ts"; +import {keycloakStore} from "@/objects/stores/LoginStates.ts"; const {t, availableLocales} = useI18n(); const alerts = inject("alertProvider"); @@ -258,7 +254,6 @@ function getDeviceImgUrl(iconName: string): string { } function runSound() { - console.log(volume.value) if (sound.paused) { sound.volume = volume.value / 100; sound.play() diff --git a/webapp/src/components/Fleet.vue b/webapp/src/components/fleet/Fleet.vue similarity index 79% rename from webapp/src/components/Fleet.vue rename to webapp/src/components/fleet/Fleet.vue index fdf7bda7..ac8f890c 100644 --- a/webapp/src/components/Fleet.vue +++ b/webapp/src/components/fleet/Fleet.vue @@ -11,8 +11,8 @@ diff --git a/webapp/src/components/Home.vue b/webapp/src/components/fleet/Home.vue similarity index 100% rename from webapp/src/components/Home.vue rename to webapp/src/components/fleet/Home.vue diff --git a/webapp/src/components/fleet/FleetLobby.vue b/webapp/src/components/fleet/session/FleetLobby.vue similarity index 98% rename from webapp/src/components/fleet/FleetLobby.vue rename to webapp/src/components/fleet/session/FleetLobby.vue index 0812be74..f5273f2d 100644 --- a/webapp/src/components/fleet/FleetLobby.vue +++ b/webapp/src/components/fleet/session/FleetLobby.vue @@ -3,7 +3,7 @@