diff --git a/Makefile b/Makefile index 0823ff281..eace8606f 100644 --- a/Makefile +++ b/Makefile @@ -131,29 +131,25 @@ test-replication: test-sso-integration: @echo "create the network in bridge mode to communicate all containers" @(docker network create my-net) - @echo "execute latest keycloak container" + @echo "run openldap container using MinIO Image: quay.io/minio/openldap:latest" @(docker run \ - --rm \ - --name keycloak-container \ - --network my-net \ - -p 8080:8080 \ - -e KEYCLOAK_USER=admin \ - -e KEYCLOAK_PASSWORD=admin jboss/keycloak:latest -b 0.0.0.0 -bprivate 127.0.0.1 &) - @echo "wait 60 sec until keycloak is listenning on port, then go for minio server" - @(sleep 60) - @echo "execute keycloak-config-cli container to configure keycloak for Single Sign On with MinIO" + -e LDAP_ORGANIZATION="MinIO Inc" \ + -e LDAP_DOMAIN="min.io" \ + -e LDAP_ADMIN_PASSWORD="admin" \ + --network my-net \ + -p 389:389 \ + -p 636:636 \ + --name openldap \ + --detach quay.io/minio/openldap:latest) + @echo "Run Dex container using MinIO Image: quay.io/minio/dex:latest" @(docker run \ - --rm \ - --network my-net \ - --name keycloak-config-cli \ - -e KEYCLOAK_URL=http://keycloak-container:8080/auth \ - -e KEYCLOAK_USER="admin" \ - -e KEYCLOAK_PASSWORD="admin" \ - -e KEYCLOAK_AVAILABILITYCHECK_ENABLED=true \ - -e KEYCLOAK_AVAILABILITYCHECK_TIMEOUT=120s \ - -e IMPORT_FILES_LOCATIONS='/config/realm-export.json' \ - -v /home/runner/work/console/console/sso-integration/config:/config \ - adorsys/keycloak-config-cli:latest) + -e DEX_ISSUER=http://dex:5556/dex \ + -e DEX_CLIENT_REDIRECT_URI=http://127.0.0.1:9001/oauth_callback \ + -e DEX_LDAP_SERVER=openldap:389 \ + --network my-net \ + -p 5556:5556 \ + --name dex \ + --detach quay.io/minio/dex:latest) @echo "running minio server" @(docker run \ -v /data1 -v /data2 -v /data3 -v /data4 \ @@ -163,13 +159,22 @@ test-sso-integration: --rm \ -p 9000:9000 \ -p 9001:9001 \ - -e MINIO_IDENTITY_OPENID_CLIENT_SECRET=0nfJuqIt0iPnRIUJkvetve5l38C6gi9W \ - -e MINIO_IDENTITY_OPENID_CONFIG_URL=http://keycloak-container:8080/auth/realms/myrealm/.well-known/openid-configuration \ - -e MINIO_IDENTITY_OPENID_CLIENT_ID="account" \ + -e MINIO_IDENTITY_OPENID_CLIENT_ID="minio-client-app" \ + -e MINIO_IDENTITY_OPENID_CLIENT_SECRET="minio-client-app-secret" \ + -e MINIO_IDENTITY_OPENID_CLAIM_NAME=name \ + -e MINIO_IDENTITY_OPENID_CONFIG_URL=http://dex:5556/dex/.well-known/openid-configuration \ + -e MINIO_IDENTITY_OPENID_REDIRECT_URI=http://127.0.0.1:9001/oauth_callback \ -e MINIO_ROOT_USER=minio \ -e MINIO_ROOT_PASSWORD=minio123 $(MINIO_VERSION) server /data{1...4} --address :9000 --console-address :9001) + @echo "run mc commands to set the policy" + @(docker run --name minio-client --network my-net -dit --entrypoint=/bin/sh minio/mc) + @(docker exec minio-client mc alias set myminio/ http://minio:9000 minio minio123) + @echo "adding policy to Dillon Harper to be able to login:" + @(cd sso-integration && docker cp allaccess.json minio-client:/ && docker exec minio-client mc admin policy add myminio "Dillon Harper" allaccess.json) @echo "starting bash script" @(env bash $(PWD)/sso-integration/set-sso.sh) + @echo "add python module" + @(pip3 install bs4) @echo "Executing the test:" @(cd sso-integration && go test -coverpkg=../restapi -c -tags testrunmain . && mkdir -p coverage && ./sso-integration.test -test.v -test.run "^Test*" -test.coverprofile=coverage/sso-system.out) diff --git a/sso-integration/Dockerfile b/sso-integration/Dockerfile new file mode 100644 index 000000000..8d55afae2 --- /dev/null +++ b/sso-integration/Dockerfile @@ -0,0 +1,3 @@ +FROM ghcr.io/dexidp/dex:latest + +ADD config.docker.yaml /etc/dex/ diff --git a/sso-integration/allaccess.json b/sso-integration/allaccess.json new file mode 100644 index 000000000..975e66cef --- /dev/null +++ b/sso-integration/allaccess.json @@ -0,0 +1,14 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "s3:*" + ], + "Resource": [ + "arn:aws:s3:::*" + ] + } + ] +} diff --git a/sso-integration/config.docker.yaml b/sso-integration/config.docker.yaml new file mode 100644 index 000000000..6ad0282ec --- /dev/null +++ b/sso-integration/config.docker.yaml @@ -0,0 +1,23 @@ +issuer: http://dex:5556/dex +storage: + type: sqlite3 + config: + file: /var/dex/dex.db +web: + http: 0.0.0.0:5556 +staticClients: +- id: minio-client-app + secret: minio-client-app-secret + name: 'MinIO Example Client App' + redirectURIs: + - 'http://127.0.0.1:9001/oauth_callback' +connectors: +- type: mockCallback + id: mock + name: Example +enablePasswordDB: true +staticPasswords: +- email: "admin@example.com" + hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W" + username: "admin" + userID: "08a8684b-db88-4b73-90a9-3cd1661f5466" diff --git a/sso-integration/config/realm-export.json b/sso-integration/config/realm-export.json deleted file mode 100644 index d4224c63b..000000000 --- a/sso-integration/config/realm-export.json +++ /dev/null @@ -1,2270 +0,0 @@ -{ - "id": "myrealm", - "realm": "myrealm", - "notBefore": 0, - "defaultSignatureAlgorithm": "RS256", - "revokeRefreshToken": false, - "refreshTokenMaxReuse": 0, - "accessTokenLifespan": 300, - "accessTokenLifespanForImplicitFlow": 900, - "ssoSessionIdleTimeout": 1800, - "ssoSessionMaxLifespan": 36000, - "ssoSessionIdleTimeoutRememberMe": 0, - "ssoSessionMaxLifespanRememberMe": 0, - "offlineSessionIdleTimeout": 2592000, - "offlineSessionMaxLifespanEnabled": false, - "offlineSessionMaxLifespan": 5184000, - "clientSessionIdleTimeout": 0, - "clientSessionMaxLifespan": 0, - "clientOfflineSessionIdleTimeout": 0, - "clientOfflineSessionMaxLifespan": 0, - "accessCodeLifespan": 60, - "accessCodeLifespanUserAction": 300, - "accessCodeLifespanLogin": 1800, - "actionTokenGeneratedByAdminLifespan": 43200, - "actionTokenGeneratedByUserLifespan": 300, - "oauth2DeviceCodeLifespan": 600, - "oauth2DevicePollingInterval": 5, - "enabled": true, - "sslRequired": "external", - "registrationAllowed": false, - "registrationEmailAsUsername": false, - "rememberMe": false, - "verifyEmail": false, - "loginWithEmailAllowed": true, - "duplicateEmailsAllowed": false, - "resetPasswordAllowed": false, - "editUsernameAllowed": false, - "bruteForceProtected": false, - "permanentLockout": false, - "maxFailureWaitSeconds": 900, - "minimumQuickLoginWaitSeconds": 60, - "waitIncrementSeconds": 60, - "quickLoginCheckMilliSeconds": 1000, - "maxDeltaTimeSeconds": 43200, - "failureFactor": 30, - "roles": { - "realm": [ - { - "id": "e8591a82-12bf-4fc1-8718-b1f9e1b9ca1b", - "name": "offline_access", - "description": "${role_offline-access}", - "composite": false, - "clientRole": false, - "containerId": "myrealm", - "attributes": {} - }, - { - "id": "18bc616f-b028-490e-b889-099df17825d3", - "name": "uma_authorization", - "description": "${role_uma_authorization}", - "composite": false, - "clientRole": false, - "containerId": "myrealm", - "attributes": {} - }, - { - "id": "1a0c637a-871a-4682-b314-f44c61541c62", - "name": "admin", - "description": "${role_admin}", - "composite": true, - "composites": { - "realm": [ - "default-roles-myrealm", - "offline_access", - "uma_authorization" - ] - }, - "clientRole": false, - "containerId": "myrealm", - "attributes": {} - }, - { - "id": "4c098f8d-b615-44b0-857d-9b53e719b83f", - "name": "default-roles-myrealm", - "description": "${role_default-roles}", - "composite": true, - "composites": { - "realm": [ - "offline_access", - "uma_authorization" - ], - "client": { - "account": [ - "view-profile", - "manage-account" - ] - } - }, - "clientRole": false, - "containerId": "myrealm", - "attributes": {} - } - ], - "client": { - "realm-management": [ - { - "id": "10806493-2bf5-498e-974b-46da391a7127", - "name": "manage-events", - "description": "${role_manage-events}", - "composite": false, - "clientRole": true, - "containerId": "6990d486-f756-4c46-9a08-f317fdac950a", - "attributes": {} - }, - { - "id": "28937f4a-944c-4fe7-a6c6-73d803ddb8c2", - "name": "view-events", - "description": "${role_view-events}", - "composite": false, - "clientRole": true, - "containerId": "6990d486-f756-4c46-9a08-f317fdac950a", - "attributes": {} - }, - { - "id": "71483e3a-31be-47c4-879a-2b0222cd87b0", - "name": "query-clients", - "description": "${role_query-clients}", - "composite": false, - "clientRole": true, - "containerId": "6990d486-f756-4c46-9a08-f317fdac950a", - "attributes": {} - }, - { - "id": "614f9dad-5fc6-4496-85ce-cd81af499cc1", - "name": "manage-clients", - "description": "${role_manage-clients}", - "composite": false, - "clientRole": true, - "containerId": "6990d486-f756-4c46-9a08-f317fdac950a", - "attributes": {} - }, - { - "id": "9de8d5a7-e750-43d2-ad93-091e01371683", - "name": "query-groups", - "description": "${role_query-groups}", - "composite": false, - "clientRole": true, - "containerId": "6990d486-f756-4c46-9a08-f317fdac950a", - "attributes": {} - }, - { - "id": "6adf2da5-67ed-48ef-8dec-a27659fe94fe", - "name": "view-realm", - "description": "${role_view-realm}", - "composite": false, - "clientRole": true, - "containerId": "6990d486-f756-4c46-9a08-f317fdac950a", - "attributes": {} - }, - { - "id": "7cbdb590-3458-48bd-8df2-f7e01a6e06ae", - "name": "realm-admin", - "description": "${role_realm-admin}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "manage-events", - "view-events", - "query-clients", - "manage-clients", - "view-realm", - "query-groups", - "query-realms", - "view-authorization", - "manage-identity-providers", - "view-identity-providers", - "create-client", - "view-clients", - "impersonation", - "manage-authorization", - "query-users", - "manage-realm", - "view-users", - "manage-users" - ] - } - }, - "clientRole": true, - "containerId": "6990d486-f756-4c46-9a08-f317fdac950a", - "attributes": {} - }, - { - "id": "4799d99a-4412-4cb5-a1ad-f2a3d61049d4", - "name": "query-realms", - "description": "${role_query-realms}", - "composite": false, - "clientRole": true, - "containerId": "6990d486-f756-4c46-9a08-f317fdac950a", - "attributes": {} - }, - { - "id": "8d1658e0-402a-49a6-821c-757d12c3bee2", - "name": "manage-identity-providers", - "description": "${role_manage-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "6990d486-f756-4c46-9a08-f317fdac950a", - "attributes": {} - }, - { - "id": "044f9999-39e0-4549-9bc5-850555ba96a3", - "name": "view-authorization", - "description": "${role_view-authorization}", - "composite": false, - "clientRole": true, - "containerId": "6990d486-f756-4c46-9a08-f317fdac950a", - "attributes": {} - }, - { - "id": "e59c9b1d-6ac3-4147-8bae-078d8fe8c996", - "name": "create-client", - "description": "${role_create-client}", - "composite": false, - "clientRole": true, - "containerId": "6990d486-f756-4c46-9a08-f317fdac950a", - "attributes": {} - }, - { - "id": "02303e00-3458-49e0-8b89-ba324572350c", - "name": "view-identity-providers", - "description": "${role_view-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "6990d486-f756-4c46-9a08-f317fdac950a", - "attributes": {} - }, - { - "id": "bd5fb8a1-b03c-4f4b-a805-f99e7745e52b", - "name": "impersonation", - "description": "${role_impersonation}", - "composite": false, - "clientRole": true, - "containerId": "6990d486-f756-4c46-9a08-f317fdac950a", - "attributes": {} - }, - { - "id": "2d3b92ba-1499-4ba8-9e4a-eee33feb5570", - "name": "view-clients", - "description": "${role_view-clients}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "query-clients" - ] - } - }, - "clientRole": true, - "containerId": "6990d486-f756-4c46-9a08-f317fdac950a", - "attributes": {} - }, - { - "id": "784b50c7-1443-494c-9851-1d1e1708e584", - "name": "manage-authorization", - "description": "${role_manage-authorization}", - "composite": false, - "clientRole": true, - "containerId": "6990d486-f756-4c46-9a08-f317fdac950a", - "attributes": {} - }, - { - "id": "1f2cc84b-6b37-45a8-8549-7e9e031babac", - "name": "query-users", - "description": "${role_query-users}", - "composite": false, - "clientRole": true, - "containerId": "6990d486-f756-4c46-9a08-f317fdac950a", - "attributes": {} - }, - { - "id": "8b3e0628-ead0-40ca-b237-089dbe5e6eae", - "name": "manage-realm", - "description": "${role_manage-realm}", - "composite": false, - "clientRole": true, - "containerId": "6990d486-f756-4c46-9a08-f317fdac950a", - "attributes": {} - }, - { - "id": "bae5b17b-dac2-482c-86df-1d37ceac6cbc", - "name": "view-users", - "description": "${role_view-users}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "query-groups", - "query-users" - ] - } - }, - "clientRole": true, - "containerId": "6990d486-f756-4c46-9a08-f317fdac950a", - "attributes": {} - }, - { - "id": "58316347-660b-414a-b474-608fc95bd95a", - "name": "manage-users", - "description": "${role_manage-users}", - "composite": false, - "clientRole": true, - "containerId": "6990d486-f756-4c46-9a08-f317fdac950a", - "attributes": {} - } - ], - "security-admin-console": [], - "admin-cli": [], - "account-console": [], - "broker": [ - { - "id": "fcb8ab5c-7ae3-45a0-9d65-395a75f4fbe8", - "name": "read-token", - "description": "${role_read-token}", - "composite": false, - "clientRole": true, - "containerId": "cfae451d-7d44-4847-a79b-4e6b72f137ef", - "attributes": {} - } - ], - "account": [ - { - "id": "103c49bf-63ca-4a49-9ad6-90892bd815b5", - "name": "delete-account", - "description": "${role_delete-account}", - "composite": false, - "clientRole": true, - "containerId": "f45a6752-b19c-40d6-a335-1b4bfde1095b", - "attributes": {} - }, - { - "id": "95929a23-5a6d-446c-a8dd-ce25c70d5f88", - "name": "view-profile", - "description": "${role_view-profile}", - "composite": false, - "clientRole": true, - "containerId": "f45a6752-b19c-40d6-a335-1b4bfde1095b", - "attributes": {} - }, - { - "id": "dca10498-4294-4de9-92de-aee3ea297609", - "name": "manage-account-links", - "description": "${role_manage-account-links}", - "composite": false, - "clientRole": true, - "containerId": "f45a6752-b19c-40d6-a335-1b4bfde1095b", - "attributes": {} - }, - { - "id": "49d7b8bb-a98d-414a-a099-3600e28c41f6", - "name": "manage-account", - "description": "${role_manage-account}", - "composite": true, - "composites": { - "client": { - "account": [ - "manage-account-links" - ] - } - }, - "clientRole": true, - "containerId": "f45a6752-b19c-40d6-a335-1b4bfde1095b", - "attributes": {} - }, - { - "id": "c76fe8b3-36b9-4ce1-908b-b628361603c7", - "name": "manage-consent", - "description": "${role_manage-consent}", - "composite": true, - "composites": { - "client": { - "account": [ - "view-consent" - ] - } - }, - "clientRole": true, - "containerId": "f45a6752-b19c-40d6-a335-1b4bfde1095b", - "attributes": {} - }, - { - "id": "66db661c-6cf3-4cfc-8982-55b712188db0", - "name": "view-applications", - "description": "${role_view-applications}", - "composite": false, - "clientRole": true, - "containerId": "f45a6752-b19c-40d6-a335-1b4bfde1095b", - "attributes": {} - }, - { - "id": "5682b7a5-bd52-468f-bdf6-f6f0c016044d", - "name": "view-consent", - "description": "${role_view-consent}", - "composite": false, - "clientRole": true, - "containerId": "f45a6752-b19c-40d6-a335-1b4bfde1095b", - "attributes": {} - } - ] - } - }, - "groups": [], - "defaultRole": { - "id": "4c098f8d-b615-44b0-857d-9b53e719b83f", - "name": "default-roles-myrealm", - "description": "${role_default-roles}", - "composite": true, - "clientRole": false, - "containerId": "myrealm" - }, - "requiredCredentials": [ - "password" - ], - "otpPolicyType": "totp", - "otpPolicyAlgorithm": "HmacSHA1", - "otpPolicyInitialCounter": 0, - "otpPolicyDigits": 6, - "otpPolicyLookAheadWindow": 1, - "otpPolicyPeriod": 30, - "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" - ], - "webAuthnPolicyRpEntityName": "keycloak", - "webAuthnPolicySignatureAlgorithms": [ - "ES256" - ], - "webAuthnPolicyRpId": "", - "webAuthnPolicyAttestationConveyancePreference": "not specified", - "webAuthnPolicyAuthenticatorAttachment": "not specified", - "webAuthnPolicyRequireResidentKey": "not specified", - "webAuthnPolicyUserVerificationRequirement": "not specified", - "webAuthnPolicyCreateTimeout": 0, - "webAuthnPolicyAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyAcceptableAaguids": [], - "webAuthnPolicyPasswordlessRpEntityName": "keycloak", - "webAuthnPolicyPasswordlessSignatureAlgorithms": [ - "ES256" - ], - "webAuthnPolicyPasswordlessRpId": "", - "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", - "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", - "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", - "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", - "webAuthnPolicyPasswordlessCreateTimeout": 0, - "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyPasswordlessAcceptableAaguids": [], - "users": [ - { - "id": "b1f770cd-a5a5-472c-95ef-d204e67bbfaa", - "createdTimestamp": 1647982742788, - "username": "service-account-account", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "account", - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "offline_access", - "uma_authorization", - "admin", - "default-roles-myrealm" - ], - "notBefore": 0, - "groups": [] - }, - { - "username": "minio", - "enabled": true, - "credentials": [ - { - "type": "password", - "userLabel": "initial", - "value": "minio123" - } - ], - "attributes": - { - "policy": [ - "readwrite" - ] - } - } - ], - "scopeMappings": [ - { - "clientScope": "offline_access", - "roles": [ - "offline_access" - ] - } - ], - "clientScopeMappings": { - "account": [ - { - "client": "account-console", - "roles": [ - "manage-account" - ] - } - ] - }, - "clients": [ - { - "id": "f45a6752-b19c-40d6-a335-1b4bfde1095b", - "clientId": "account", - "name": "${client_account}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/myrealm/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "0nfJuqIt0iPnRIUJkvetve5l38C6gi9W", - "redirectUris": [ - "*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "access.token.lifespan": "3600", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "oidc.ciba.grant.enabled": "false", - "backchannel.logout.session.required": "false", - "client_credentials.use_refresh_token": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.encrypt": "false", - "saml.server.signature": "false", - "exclude.session.state.from.auth.response": "false", - "saml.artifact.binding": "false", - "saml_force_name_id_format": "false", - "acr.loa.map": "{}", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "token.response.type.bearer.lower-case": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "ddb0cb8c-92c0-409f-afdd-26f1ed5625dd", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "d126cfbb-c69e-4ef6-bfae-0a81460a8b4f", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "d7d811b8-b2fe-428a-bd2f-1a4f3569bd0f", - "name": "anytext", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "policy", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "policy", - "jsonType.label": "String" - } - }, - { - "id": "27b80ffb-7e88-48c1-a9d2-ea753df379e5", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "61097b6b-291c-44d4-8815-386f57983022", - "name": "Audience", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-mapper", - "consentRequired": false, - "config": { - "included.client.audience": "security-admin-console", - "id.token.claim": "false", - "access.token.claim": "true" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "3fab42a2-2113-4bf4-a2ea-d4a6c0ef8f4e", - "clientId": "account-console", - "name": "${client_account-console}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/myrealm/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/realms/myrealm/account/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "pkce.code.challenge.method": "S256" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "ef6bc5fd-e595-4974-88f4-87adebeea519", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "ad5f0b29-ecd4-469a-b6e7-7d3d7525d157", - "clientId": "admin-cli", - "name": "${client_admin-cli}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "cfae451d-7d44-4847-a79b-4e6b72f137ef", - "clientId": "broker", - "name": "${client_broker}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "6990d486-f756-4c46-9a08-f317fdac950a", - "clientId": "realm-management", - "name": "${client_realm-management}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "086d36fd-dc1c-437f-9597-37d5918e4321", - "clientId": "security-admin-console", - "name": "${client_security-admin-console}", - "rootUrl": "${authAdminUrl}", - "baseUrl": "/admin/myrealm/console/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/admin/myrealm/console/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "pkce.code.challenge.method": "S256" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "96a8a7ae-7df1-4f87-9a51-0705b1274770", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - } - ], - "clientScopes": [ - { - "id": "77feff16-534b-42de-afde-3fdc0a3f9bbe", - "name": "web-origins", - "description": "OpenID Connect scope for add allowed web origins to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "false", - "consent.screen.text": "" - }, - "protocolMappers": [ - { - "id": "b2359976-31c8-46aa-ad45-dcd3ca84d1c7", - "name": "allowed web origins", - "protocol": "openid-connect", - "protocolMapper": "oidc-allowed-origins-mapper", - "consentRequired": false, - "config": {} - } - ] - }, - { - "id": "f74d4449-c087-4a6e-8cd4-56cd1afba55e", - "name": "email", - "description": "OpenID Connect built-in scope: email", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${emailScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "7c98a037-2653-40cd-b33b-9a52b8be5a79", - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" - } - }, - { - "id": "c6b30134-ea0b-43b7-8008-93a1b610a142", - "name": "email verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "emailVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email_verified", - "jsonType.label": "boolean" - } - } - ] - }, - { - "id": "f74e92eb-6e4c-4088-ad44-5837296c49c8", - "name": "roles", - "description": "OpenID Connect scope for add user roles to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "true", - "consent.screen.text": "${rolesScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "6f68f6ca-7fae-40a6-b358-c7767d47acde", - "name": "realm roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "realm_access.roles", - "jsonType.label": "String", - "multivalued": "true" - } - }, - { - "id": "31b63615-b155-4f8b-9b1f-80934f568864", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - }, - { - "id": "c9be3cfa-01aa-479b-99f9-569c61b3fcf6", - "name": "client roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-client-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "resource_access.${client_id}.roles", - "jsonType.label": "String", - "multivalued": "true" - } - } - ] - }, - { - "id": "f0f78029-0b08-48d6-97c3-9380af7fd9cc", - "name": "address", - "description": "OpenID Connect built-in scope: address", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${addressScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "065e4ea1-64f4-414d-aa8c-2e945193dfc7", - "name": "address", - "protocol": "openid-connect", - "protocolMapper": "oidc-address-mapper", - "consentRequired": false, - "config": { - "user.attribute.formatted": "formatted", - "user.attribute.country": "country", - "user.attribute.postal_code": "postal_code", - "userinfo.token.claim": "true", - "user.attribute.street": "street", - "id.token.claim": "true", - "user.attribute.region": "region", - "access.token.claim": "true", - "user.attribute.locality": "locality" - } - } - ] - }, - { - "id": "deb427cc-5270-4745-9063-7677aa982552", - "name": "offline_access", - "description": "OpenID Connect built-in scope: offline_access", - "protocol": "openid-connect", - "attributes": { - "consent.screen.text": "${offlineAccessScopeConsentText}", - "display.on.consent.screen": "true" - } - }, - { - "id": "6b9c0c3c-fffb-46d5-b3c0-ac9da0bd16d9", - "name": "microprofile-jwt", - "description": "Microprofile - JWT built-in scope", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ - { - "id": "f581ceb8-0a9c-412a-a3d9-c3ad28c834fa", - "name": "upn", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "upn", - "jsonType.label": "String" - } - }, - { - "id": "e1b6467e-305b-4de5-9f7a-c857ca2e33f8", - "name": "groups", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "multivalued": "true", - "user.attribute": "foo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "groups", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "ac0ae6ba-708c-49bd-89aa-2a7fb1478af6", - "name": "role_list", - "description": "SAML role list", - "protocol": "saml", - "attributes": { - "consent.screen.text": "${samlRoleListScopeConsentText}", - "display.on.consent.screen": "true" - }, - "protocolMappers": [ - { - "id": "cd349cc7-d592-4482-a9ac-beb2a5a85658", - "name": "role list", - "protocol": "saml", - "protocolMapper": "saml-role-list-mapper", - "consentRequired": false, - "config": { - "single": "false", - "attribute.nameformat": "Basic", - "attribute.name": "Role" - } - } - ] - }, - { - "id": "3ecde5d5-d0c2-483c-8f15-3869ce8f5281", - "name": "phone", - "description": "OpenID Connect built-in scope: phone", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${phoneScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "7584001b-8ff9-427a-bc88-25bb32ed479b", - "name": "phone number verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumberVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number_verified", - "jsonType.label": "boolean" - } - }, - { - "id": "aca28506-1a4a-49e9-aa00-8ff83c40eb72", - "name": "phone number", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumber", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "a857f789-1153-4895-9b49-532057577d1e", - "name": "profile", - "description": "OpenID Connect built-in scope: profile", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${profileScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "a1358192-eedf-43ba-9174-0a64f2e9c7c0", - "name": "full name", - "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "id": "3ea02b70-6386-4238-ac8d-6f3a791fa498", - "name": "given name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "firstName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" - } - }, - { - "id": "8b8683cc-57ff-4e8a-b018-6974f5fb3ba1", - "name": "updated at", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "updatedAt", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "updated_at", - "jsonType.label": "String" - } - }, - { - "id": "70427f2d-cb42-4d62-b0ce-0aba4f822f80", - "name": "birthdate", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "birthdate", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "birthdate", - "jsonType.label": "String" - } - }, - { - "id": "1ae523e2-ba13-447a-87b2-d2e2712c277a", - "name": "picture", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "picture", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "picture", - "jsonType.label": "String" - } - }, - { - "id": "7378b967-8f6c-4c22-9d2e-0edc864056b3", - "name": "zoneinfo", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "zoneinfo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "zoneinfo", - "jsonType.label": "String" - } - }, - { - "id": "61d561ea-7683-4169-8769-2c291ed7f9f7", - "name": "gender", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "gender", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "gender", - "jsonType.label": "String" - } - }, - { - "id": "cfdf9b7c-355a-4dc2-867f-e66b348866d7", - "name": "middle name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "middleName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "middle_name", - "jsonType.label": "String" - } - }, - { - "id": "c382ba46-528b-40ea-b146-a700e0b4e442", - "name": "website", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "website", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "website", - "jsonType.label": "String" - } - }, - { - "id": "4eb0886d-b07d-4ceb-84cf-eb1c5c5759b4", - "name": "nickname", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "nickname", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "nickname", - "jsonType.label": "String" - } - }, - { - "id": "e841716b-2dce-4c4b-8219-d51cb90b33ab", - "name": "family name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "lastName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" - } - }, - { - "id": "b36e00dd-7020-4674-aa2f-7879702fbd48", - "name": "profile", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "profile", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "profile", - "jsonType.label": "String" - } - }, - { - "id": "26dfe2ae-4d3b-4e16-803e-86f668e98009", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - }, - { - "id": "3656388e-23a8-4c30-bdf2-5dcda124b79c", - "name": "username", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" - } - } - ] - } - ], - "defaultDefaultClientScopes": [ - "web-origins", - "profile", - "role_list", - "email", - "roles" - ], - "defaultOptionalClientScopes": [ - "phone", - "microprofile-jwt", - "offline_access", - "address" - ], - "browserSecurityHeaders": { - "contentSecurityPolicyReportOnly": "", - "xContentTypeOptions": "nosniff", - "xRobotsTag": "none", - "xFrameOptions": "SAMEORIGIN", - "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - "xXSSProtection": "1; mode=block", - "strictTransportSecurity": "max-age=31536000; includeSubDomains" - }, - "smtpServer": {}, - "eventsEnabled": false, - "eventsListeners": [ - "jboss-logging" - ], - "enabledEventTypes": [], - "adminEventsEnabled": false, - "adminEventsDetailsEnabled": false, - "identityProviders": [], - "identityProviderMappers": [], - "components": { - "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ - { - "id": "eb57c946-2b36-4bae-950d-f490e7112b35", - "name": "Trusted Hosts", - "providerId": "trusted-hosts", - "subType": "anonymous", - "subComponents": {}, - "config": { - "host-sending-registration-request-must-match": [ - "true" - ], - "client-uris-must-match": [ - "true" - ] - } - }, - { - "id": "d157253d-fef2-43bc-95c9-fa611c0163da", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "485a1a68-bf93-470e-95b7-b88a7791411a", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "oidc-full-name-mapper", - "oidc-sha256-pairwise-sub-mapper", - "saml-user-attribute-mapper", - "saml-role-list-mapper", - "saml-user-property-mapper", - "oidc-usermodel-property-mapper", - "oidc-usermodel-attribute-mapper", - "oidc-address-mapper" - ] - } - }, - { - "id": "0fcb5c28-0d4d-46c8-8eaf-01f382ba8fd9", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, - { - "id": "1a05f1be-880f-47c3-943d-87a4b051960e", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, - { - "id": "e317006c-58f2-4e31-adae-e9672b6a453b", - "name": "Max Clients Limit", - "providerId": "max-clients", - "subType": "anonymous", - "subComponents": {}, - "config": { - "max-clients": [ - "200" - ] - } - }, - { - "id": "0439814e-c57d-413b-8947-7f704528c588", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "a35b4178-81f3-4435-895d-f6e6a6cad481", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "saml-role-list-mapper", - "oidc-usermodel-attribute-mapper", - "saml-user-property-mapper", - "oidc-usermodel-property-mapper", - "oidc-full-name-mapper", - "oidc-sha256-pairwise-sub-mapper", - "saml-user-attribute-mapper", - "oidc-address-mapper" - ] - } - } - ], - "org.keycloak.userprofile.UserProfileProvider": [ - { - "id": "bafec80c-d7f7-4f6e-90b8-0bbad0a775b5", - "providerId": "declarative-user-profile", - "subComponents": {}, - "config": {} - } - ], - "org.keycloak.keys.KeyProvider": [ - { - "id": "85909f1b-c69b-4853-beb0-d7ebdd042262", - "name": "rsa-generated", - "providerId": "rsa-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ] - } - }, - { - "id": "cc933378-097c-45aa-88cd-fd605f3098d9", - "name": "aes-generated", - "providerId": "aes-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ] - } - }, - { - "id": "3b7274cb-29e3-4f4a-b48b-de45a69af94c", - "name": "rsa-enc-generated", - "providerId": "rsa-enc-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ], - "algorithm": [ - "RSA-OAEP" - ] - } - }, - { - "id": "5e0e20d0-c140-46a6-b121-647150f19f61", - "name": "hmac-generated", - "providerId": "hmac-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ], - "algorithm": [ - "HS256" - ] - } - } - ] - }, - "internationalizationEnabled": false, - "supportedLocales": [], - "authenticationFlows": [ - { - "id": "e259117f-6a9f-4690-9cb7-8870b125ed5d", - "alias": "Account verification options", - "description": "Method with which to verity the existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-email-verification", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false - } - ] - }, - { - "id": "9db34c74-5d80-4625-b211-049768a2498a", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "3fea4a75-f078-4f00-adf6-4e00884c472b", - "alias": "Browser - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "df29c55d-03b2-4655-84d4-c07855570989", - "alias": "Direct Grant - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "direct-grant-validate-otp", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "82563252-cdb8-4cb1-a69d-518c4eb4a9dc", - "alias": "First broker login - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "2381a233-45eb-4b0f-bb0a-073a5eff63b1", - "alias": "Handle Existing Account", - "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-confirm-link", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "Account verification options", - "userSetupAllowed": false - } - ] - }, - { - "id": "971b7295-f240-4ed9-a5a6-3dd8d73167d1", - "alias": "Reset - Conditional OTP", - "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "reset-otp", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "9a841aad-2c91-464f-b656-27abfdb47b67", - "alias": "User creation or linking", - "description": "Flow for the existing/non-existing user alternatives", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "create unique user config", - "authenticator": "idp-create-user-if-unique", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "Handle Existing Account", - "userSetupAllowed": false - } - ] - }, - { - "id": "cc120ad6-eca3-4320-a9c7-8c7745399227", - "alias": "Verify Existing Account by Re-authentication", - "description": "Reauthentication of existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false - } - ] - }, - { - "id": "0f85183b-5c5e-4508-b47b-1656191b3395", - "alias": "browser", - "description": "browser based authentication", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-cookie", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "identity-provider-redirector", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 25, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 30, - "autheticatorFlow": true, - "flowAlias": "forms", - "userSetupAllowed": false - } - ] - }, - { - "id": "411cb9f9-b9ff-4a96-afc7-92506fdb50b1", - "alias": "clients", - "description": "Base authentication for clients", - "providerId": "client-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "client-secret", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "client-jwt", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "client-secret-jwt", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 30, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "client-x509", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 40, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "36b5138c-015d-4fc0-80ef-9f644ed1f322", - "alias": "direct grant", - "description": "OpenID Connect Resource Owner Grant", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "direct-grant-validate-username", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "direct-grant-validate-password", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 30, - "autheticatorFlow": true, - "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false - } - ] - }, - { - "id": "c7766e9f-339d-42a5-8ba7-5e969aa06419", - "alias": "docker auth", - "description": "Used by Docker clients to authenticate against the IDP", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "docker-http-basic-authenticator", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "c914f9b0-c77c-429c-a279-437d95122bda", - "alias": "first broker login", - "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "review profile config", - "authenticator": "idp-review-profile", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "User creation or linking", - "userSetupAllowed": false - } - ] - }, - { - "id": "080a3558-9de9-48ce-b898-1e82c2d90dd6", - "alias": "forms", - "description": "Username, password, otp and other auth forms.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false - } - ] - }, - { - "id": "acf1b7bd-7308-4209-bc96-99be26b20d05", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "Authentication Options", - "userSetupAllowed": false - } - ] - }, - { - "id": "32dd9f90-716f-4a77-86ae-6693de3ea50b", - "alias": "registration", - "description": "registration flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-page-form", - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": true, - "flowAlias": "registration form", - "userSetupAllowed": false - } - ] - }, - { - "id": "71f1f843-dc06-4eca-a615-f48dfa2d4eaa", - "alias": "registration form", - "description": "registration form", - "providerId": "form-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-user-creation", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "registration-profile-action", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 40, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "registration-password-action", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 50, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "registration-recaptcha-action", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 60, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "a1658b79-38c7-4149-aa91-e1733402f784", - "alias": "reset credentials", - "description": "Reset credentials for a user if they forgot their password or something", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "reset-credentials-choose-user", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "reset-credential-email", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "reset-password", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 30, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 40, - "autheticatorFlow": true, - "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false - } - ] - }, - { - "id": "43d928ca-f0d1-41c6-a2bb-09550dc4a2d8", - "alias": "saml ecp", - "description": "SAML ECP Profile Authentication Flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "http-basic-authenticator", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - } - ], - "authenticatorConfig": [ - { - "id": "a66e9a38-af21-4368-a597-817c4f83b5fb", - "alias": "create unique user config", - "config": { - "require.password.update.after.registration": "false" - } - }, - { - "id": "1945702e-6e36-4ea4-b28a-15b23e64324c", - "alias": "review profile config", - "config": { - "update.profile.on.first.login": "missing" - } - } - ], - "requiredActions": [ - { - "alias": "CONFIGURE_TOTP", - "name": "Configure OTP", - "providerId": "CONFIGURE_TOTP", - "enabled": true, - "defaultAction": false, - "priority": 10, - "config": {} - }, - { - "alias": "terms_and_conditions", - "name": "Terms and Conditions", - "providerId": "terms_and_conditions", - "enabled": false, - "defaultAction": false, - "priority": 20, - "config": {} - }, - { - "alias": "UPDATE_PASSWORD", - "name": "Update Password", - "providerId": "UPDATE_PASSWORD", - "enabled": true, - "defaultAction": false, - "priority": 30, - "config": {} - }, - { - "alias": "UPDATE_PROFILE", - "name": "Update Profile", - "providerId": "UPDATE_PROFILE", - "enabled": true, - "defaultAction": false, - "priority": 40, - "config": {} - }, - { - "alias": "VERIFY_EMAIL", - "name": "Verify Email", - "providerId": "VERIFY_EMAIL", - "enabled": true, - "defaultAction": false, - "priority": 50, - "config": {} - }, - { - "alias": "delete_account", - "name": "Delete Account", - "providerId": "delete_account", - "enabled": false, - "defaultAction": false, - "priority": 60, - "config": {} - }, - { - "alias": "update_user_locale", - "name": "Update User Locale", - "providerId": "update_user_locale", - "enabled": true, - "defaultAction": false, - "priority": 1000, - "config": {} - } - ], - "browserFlow": "browser", - "registrationFlow": "registration", - "directGrantFlow": "direct grant", - "resetCredentialsFlow": "reset credentials", - "clientAuthenticationFlow": "clients", - "dockerAuthenticationFlow": "docker auth", - "attributes": { - "cibaBackchannelTokenDeliveryMode": "poll", - "cibaAuthRequestedUserHint": "login_hint", - "de.adorsys.keycloak.config.state-default-roles-client-broker-0": "[\"read-token\"]", - "clientOfflineSessionMaxLifespan": "0", - "oauth2DevicePollingInterval": "5", - "de.adorsys.keycloak.config.import-checksum-default": "79be0145af8119fbb41edb22d076a2e148ae7313b35496479a2c2b8e83174aac", - "clientSessionIdleTimeout": "0", - "clientOfflineSessionIdleTimeout": "0", - "de.adorsys.keycloak.config.state-default-roles-realm-0": "[\"uma_authorization\",\"offline_access\",\"default-roles-myrealm\"]", - "de.adorsys.keycloak.config.state-default-roles-client-realm-management-0": "[\"view-authorization\",\"view-events\",\"manage-realm\",\"manage-identity-providers\",\"view-identity-providers\",\"query-clients\",\"query-groups\",\"create-client\",\"query-users\",\"manage-events\",\"manage-users\",\"manage-authorization\",\"manage-clients\",\"query-realms", - "de.adorsys.keycloak.config.state-default-roles-client-realm-management-1": "\",\"realm-admin\",\"view-clients\",\"view-realm\",\"impersonation\",\"view-users\"]", - "cibaInterval": "5", - "cibaExpiresIn": "120", - "oauth2DeviceCodeLifespan": "600", - "de.adorsys.keycloak.config.state-default-required-actions-0": "[\"CONFIGURE_TOTP\",\"terms_and_conditions\",\"UPDATE_PASSWORD\",\"UPDATE_PROFILE\",\"VERIFY_EMAIL\",\"delete_account\",\"update_user_locale\"]", - "de.adorsys.keycloak.config.state-default-roles-client-admin-cli-0": "[]", - "de.adorsys.keycloak.config.state-default-roles-client-security-admin-console-0": "[]", - "parRequestUriLifespan": "60", - "clientSessionMaxLifespan": "0", - "de.adorsys.keycloak.config.state-default-clients-0": "[\"account\",\"account-console\",\"admin-cli\",\"broker\",\"realm-management\",\"security-admin-console\"]", - "de.adorsys.keycloak.config.state-default-components-1": "nerated\"]", - "de.adorsys.keycloak.config.state-default-components-0": "[\"Full Scope Disabled\",\"Trusted Hosts\",\"Consent Required\",\"Allowed Client Scopes\",\"Max Clients Limit\",\"Allowed Client Scopes\",\"Allowed Protocol Mapper Types\",\"Allowed Protocol Mapper Types\",\"rsa-enc-generated\",\"rsa-generated\",\"hmac-generated\",\"aes-ge", - "de.adorsys.keycloak.config.state-default-roles-client-account-0": "[\"delete-account\",\"view-profile\",\"manage-consent\",\"view-applications\",\"manage-account-links\",\"view-consent\",\"manage-account\"]" - }, - "keycloakVersion": "17.0.0", - "userManagedAccessAllowed": false, - "clientProfiles": { - "profiles": [] - }, - "clientPolicies": { - "policies": [] - } -} \ No newline at end of file diff --git a/sso-integration/dex-requests.py b/sso-integration/dex-requests.py new file mode 100644 index 000000000..7e0d106f0 --- /dev/null +++ b/sso-integration/dex-requests.py @@ -0,0 +1,30 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +import pdb +import requests +from bs4 import BeautifulSoup + +result = requests.get('http://localhost:9001/api/v1/login') +redirect = result.json()['redirect'] +result = requests.get(redirect) +soup = BeautifulSoup(result.text, "html.parser") + +# Log in to Your Account via OpenLDAP Connector +url = "http://dex:5556" + soup.findAll('a')[1].get('href') +result = requests.get(url) +soup = BeautifulSoup(result.text, "html.parser") +url = "http://dex:5556" + soup.form.get('action') + +# Post the credentials in the form +# From https://github.com/minio/minio-iam-testing/blob/main/ldap/bootstrap.ldif +myobj = { + 'login': 'dillon@example.io', + 'password': 'dillon', +} +result2 = requests.post(url, data = myobj) +code = result2.url.split("?code=")[1].split("&state=")[0] +state = result2.url.split("?code=")[1].split("&state=")[1] + +print(code) +print(state) diff --git a/sso-integration/logssorun2.sh b/sso-integration/logssorun2.sh deleted file mode 100755 index d4d499b22..000000000 --- a/sso-integration/logssorun2.sh +++ /dev/null @@ -1,165 +0,0 @@ -#!/bin/bash - -result=`curl 'http://localhost:9001/api/v1/login' \ - -H 'Connection: keep-alive' \ - -H 'sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="99", "Google Chrome";v="99"' \ - -H 'sec-ch-ua-mobile: ?0' \ - -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36' \ - -H 'sec-ch-ua-platform: "macOS"' \ - -H 'Accept: */*' \ - -H 'Sec-Fetch-Site: same-origin' \ - -H 'Sec-Fetch-Mode: cors' \ - -H 'Sec-Fetch-Dest: empty' \ - -H 'Referer: http://localhost:9001/login' \ - -H 'Accept-Language: en-CA,en;q=0.9' \ - --compressed` -echo $result | jq '.redirect' > redirect.txt - - - - -redirect=`cat redirect.txt | tr -d '"'` - - - - -curl -i "$redirect" \ - -H 'Connection: keep-alive' \ - -H 'sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="99", "Google Chrome";v="99"' \ - -H 'sec-ch-ua-mobile: ?0' \ - -H 'sec-ch-ua-platform: "macOS"' \ - -H 'Upgrade-Insecure-Requests: 1' \ - -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36' \ - -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9' \ - -H 'Sec-Fetch-Site: same-site' \ - -H 'Sec-Fetch-Mode: navigate' \ - -H 'Sec-Fetch-User: ?1' \ - -H 'Sec-Fetch-Dest: document' \ - -H 'Referer: http://localhost:9001/' \ - -H 'Accept-Language: en-CA,en;q=0.9' \ - --compressed > form-cookies.txt - - - - - -cat form-cookies.txt | grep Set-Cookie > first-cookies.txt -cat first-cookies.txt | grep 'AUTH_SESSION_ID=' > AUTH_SESSION_ID.txt -cat AUTH_SESSION_ID.txt | awk '{print $2}' > AUTH_SESSION_ID_2.txt -sed 's/AUTH_SESSION_ID=//' AUTH_SESSION_ID_2.txt > AUTH_SESSION_ID_3.txt -sed 's/;//' AUTH_SESSION_ID_3.txt > AUTH_SESSION_ID_4.txt -AUTH_SESSION_ID=`cat AUTH_SESSION_ID_4.txt` -AUTH_SESSION_ID_LEGACY=$AUTH_SESSION_ID - - - - - - -cat first-cookies.txt | grep 'KC_RESTART=' > KC_RESTART.txt -cat KC_RESTART.txt | awk '{print $2}' > KC_RESTART_2.txt -sed 's/KC_RESTART=//' KC_RESTART_2.txt > KC_RESTART_3.txt -sed 's/;//' KC_RESTART_3.txt > KC_RESTART_4.txt -KC_RESTART=`cat KC_RESTART_4.txt` - - - - - - - - - -cat form-cookies.txt | grep form | grep "kc-form-login" > form-in-file-saved.txt -cat form-in-file-saved.txt | awk '{print $8}' > form-action-only.txt -sed 's/action="//' form-action-only.txt > form-action-only-2.txt -sed 's/"//' form-action-only-2.txt > form-action-only-3.txt -sed 's/amp;//' form-action-only-3.txt > form-action-only-4.txt -sed 's/amp;//' form-action-only-4.txt > form-action-only-5.txt -sed 's/amp;//' form-action-only-5.txt > form-action-only-6.txt -action=`cat form-action-only-6.txt` - - - - - - -cookies=`echo "Cookie: AUTH_SESSION_ID=${AUTH_SESSION_ID}; AUTH_SESSION_ID_LEGACY=${AUTH_SESSION_ID_LEGACY}; KC_RESTART=${KC_RESTART}" | tr -d '"'` -curl -i "$action" \ - -X POST \ - -H 'Connection: keep-alive' \ - -H 'Cache-Control: max-age=0' \ - -H 'sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="99", "Google Chrome";v="99"' \ - -H 'sec-ch-ua-mobile: ?0' \ - -H 'sec-ch-ua-platform: "macOS"' \ - -H 'Upgrade-Insecure-Requests: 1' \ - -H 'Origin: null' \ - -H 'Content-Type: application/x-www-form-urlencoded' \ - -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36' \ - -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9' \ - -H 'Sec-Fetch-Site: same-origin' \ - -H 'Sec-Fetch-Mode: navigate' \ - -H 'Sec-Fetch-User: ?1' \ - -H 'Sec-Fetch-Dest: document' \ - -H 'Accept-Language: en-CA,en;q=0.9' \ - -H "$cookies" \ - --data-raw 'username=minio&password=minio123&credentialId=' \ - --compressed > referer-code-state.txt - - - - - - - - - - -cat referer-code-state.txt | grep Location > location.txt -cat location.txt | awk '{print $2}' > location-2.txt -location=`cat location-2.txt` - - - - - - - - -IFS='&' -read -ra ADDR <<< "$location" - -echo ${ADDR[0]} > state.txt -echo ${ADDR[2]} > code.txt -sed 's/code=//' code.txt > code-1.txt -code=`cat code-1.txt` -echo $code -echo $code > /tmp/code - - - - - -IFS='?' -state=`cat state.txt` -read -ra ADDR22 <<< "$state" -echo ${ADDR22[1]} > state-22.txt -sed 's/%3D/=/' state-22.txt > state-22-1.txt -sed 's/%3D/=/' state-22-1.txt > state-22-2.txt -sed 's/state=//' state-22-2.txt > state-22-3.txt -state=`cat state-22-3.txt` -echo $state -echo $state > /tmp/state - - - - - - - - - - - - - diff --git a/sso-integration/set-sso.sh b/sso-integration/set-sso.sh index dd237ecf3..96665ad9b 100755 --- a/sso-integration/set-sso.sh +++ b/sso-integration/set-sso.sh @@ -1,6 +1,6 @@ #!/bin/sh -echo "127.0.0.1 keycloak-container" | sudo tee -a /etc/hosts +echo "127.0.0.1 dex" | sudo tee -a /etc/hosts echo " " echo " " echo "/etc/hosts:" diff --git a/sso-integration/sso_test.go b/sso-integration/sso_test.go index 3ceaad023..679170923 100644 --- a/sso-integration/sso_test.go +++ b/sso-integration/sso_test.go @@ -93,8 +93,8 @@ func TestMain(t *testing.T) { Timeout: 2 * time.Second, } - // execute bash script to get the code and state - cmd, err := exec.Command("./logssorun2.sh").Output() + // execute script to get the code and state + cmd, err := exec.Command("python3", "dex-requests.py").Output() if err != nil { fmt.Printf("error %s", err) }