From d22f345d4a79526b59ffa37eee80bde417a489dc Mon Sep 17 00:00:00 2001 From: Cesar Celis Hernandez Date: Thu, 24 Mar 2022 23:11:42 -0400 Subject: [PATCH] SSO Integration Test (#1742) --- .github/workflows/jobs.yaml | 79 +- Makefile | 51 + sso-integration/config/realm-export.json | 2270 ++++++++++++++++++++++ sso-integration/logssorun2.sh | 165 ++ sso-integration/set-sso.sh | 9 + sso-integration/sso_test.go | 168 ++ 6 files changed, 2741 insertions(+), 1 deletion(-) create mode 100644 sso-integration/config/realm-export.json create mode 100755 sso-integration/logssorun2.sh create mode 100755 sso-integration/set-sso.sh create mode 100644 sso-integration/sso_test.go diff --git a/.github/workflows/jobs.yaml b/.github/workflows/jobs.yaml index 4b37fe745..e25e6c71f 100644 --- a/.github/workflows/jobs.yaml +++ b/.github/workflows/jobs.yaml @@ -16,6 +16,74 @@ concurrency: jobs: + sso-integration: + + name: SSO Integration Test + needs: + - lint-job + - no-warnings-and-make-assets + - reuse-golang-dependencies + - vulnerable-dependencies-checks + runs-on: ubuntu-latest + + strategy: + matrix: + go-version: [ 1.17.x ] + + steps: + - name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }} + uses: actions/setup-go@v2 + with: + go-version: ${{ matrix.go-version }} + id: go + + - name: Check out code into the Go module directory + uses: actions/checkout@v2 + + # To build minio image, we need to clone the repository first + - name: clone https://github.com/minio/minio + uses: actions/checkout@master + with: + + # Repository name with owner. For example, actions/checkout + # Default: ${{ github.repository }} + repository: minio/minio + + # Relative path under $GITHUB_WORKSPACE to place the repository + # To have two repositories under the same test + path: 'minio_repository' + + - uses: actions/cache@v2 + name: Go Mod Cache + with: + path: | + ~/.cache/go-build + ~/go/pkg/mod + key: ${{ runner.os }}-go-${{ github.run_id }} + + - name: Build on ${{ matrix.os }} + run: | + echo "The idea is to build minio image from downloaded repository"; + cd $GITHUB_WORKSPACE/minio_repository; + echo "Get git version to build MinIO Image"; + VERSION=`git rev-parse HEAD`; + echo $VERSION; + echo "Create minio image"; + make docker VERSION=$VERSION; + echo "Jumping back to console repository to run the integration test" + cd $GITHUB_WORKSPACE; + echo "We are going to use the built image on test-integration"; + VERSION="minio/minio:$VERSION"; + echo $VERSION; + make test-sso-integration MINIO_VERSION=$VERSION; + - uses: actions/cache@v2 + id: coverage-cache-sso + name: Coverage Cache SSO + with: + path: | + ./sso-integration/coverage/ + key: ${{ runner.os }}-sso-coverage-2-${{ github.run_id }} + c-operator-api-tests: name: Operator API Tests @@ -912,6 +980,7 @@ jobs: - test-restapi-on-go - c-operator-api-tests - test-pkg-on-go + - sso-integration runs-on: ${{ matrix.os }} strategy: matrix: @@ -946,6 +1015,14 @@ jobs: ./integration/coverage/ key: ${{ runner.os }}-coverage-2-${{ github.run_id }} + - uses: actions/cache@v2 + id: coverage-cache-sso + name: Coverage Cache SSO + with: + path: | + ./sso-integration/coverage/ + key: ${{ runner.os }}-sso-coverage-2-${{ github.run_id }} + - uses: actions/cache@v2 id: coverage-cache-operator name: Coverage Cache Operator @@ -981,7 +1058,7 @@ jobs: echo "go build gocoverage.go" go build gocovmerge.go echo "put together the outs for final coverage resolution" - ./gocovmerge ../integration/coverage/system.out ../restapi/coverage/coverage.out ../pkg/coverage/coverage-pkg.out ../operator-integration/coverage/operator-api.out > all.out + ./gocovmerge ../integration/coverage/system.out ../sso-integration/coverage/sso-system.out ../restapi/coverage/coverage.out ../pkg/coverage/coverage-pkg.out ../operator-integration/coverage/operator-api.out > all.out echo "grep to obtain the result" go tool cover -func=all.out | grep total > tmp2 result=`cat tmp2 | awk 'END {print $3}'` diff --git a/Makefile b/Makefile index 3c7b6d88c..b5ea48dbb 100644 --- a/Makefile +++ b/Makefile @@ -80,6 +80,57 @@ test-integration: @(docker stop minio) @(docker network rm mynet123) +test-sso-integration: + @echo "create the network in bridge mode to communicate all containers" + @(docker network create my-net) + @echo "execute latest keycloak container" + @(docker run \ + --rm \ + --name keycloak-container \ + --network my-net \ + -p 8080:8080 \ + -e KEYCLOAK_USER=admin \ + -e KEYCLOAK_PASSWORD=admin jboss/keycloak:latest -b 0.0.0.0 -bprivate 127.0.0.1 &) + @echo "wait 60 sec until keycloak is listenning on port, then go for minio server" + @(sleep 60) + @echo "execute keycloak-config-cli container to configure keycloak for Single Sign On with MinIO" + @(docker run \ + --rm \ + --network my-net \ + --name keycloak-config-cli \ + -e KEYCLOAK_URL=http://keycloak-container:8080/auth \ + -e KEYCLOAK_USER="admin" \ + -e KEYCLOAK_PASSWORD="admin" \ + -e KEYCLOAK_AVAILABILITYCHECK_ENABLED=true \ + -e KEYCLOAK_AVAILABILITYCHECK_TIMEOUT=120s \ + -e IMPORT_FILES_LOCATIONS='/config/realm-export.json' \ + -v /home/runner/work/console/console/sso-integration/config:/config \ + adorsys/keycloak-config-cli:latest) + @echo "running minio server" + @(docker run \ + -v /data1 -v /data2 -v /data3 -v /data4 \ + --network my-net \ + -d \ + --name minio \ + --rm \ + -p 9000:9000 \ + -p 9001:9001 \ + -e MINIO_IDENTITY_OPENID_CLIENT_SECRET=0nfJuqIt0iPnRIUJkvetve5l38C6gi9W \ + -e MINIO_ROOT_USER=minio \ + -e MINIO_ROOT_PASSWORD=minio123 $(MINIO_VERSION) server /data{1...4} --address :9000 --console-address :9001) + @(sleep 60) + @echo "run mc commands" + @(docker run --name minio-client --network my-net -dit --entrypoint=/bin/sh minio/mc) + @(docker exec minio-client mc alias set myminio/ http://minio:9000 minio minio123) + @(docker exec minio-client mc admin config set myminio identity_openid config_url="http://keycloak-container:8080/auth/realms/myrealm/.well-known/openid-configuration" client_id="account") + @(docker exec minio-client mc admin service restart myminio) + @echo "starting bash script" + @(env bash $(PWD)/sso-integration/set-sso.sh) + @echo "install jq" + @(sudo apt install jq) + @echo "Executing the test:" + @(cd sso-integration && go test -coverpkg=../restapi -c -tags testrunmain . && mkdir -p coverage && ./sso-integration.test -test.v -test.run "^Test*" -test.coverprofile=coverage/sso-system.out) + test-operator-integration: @(echo "Start cd operator-integration && go test:") @(pwd) diff --git a/sso-integration/config/realm-export.json b/sso-integration/config/realm-export.json new file mode 100644 index 000000000..d4224c63b --- /dev/null +++ b/sso-integration/config/realm-export.json @@ -0,0 +1,2270 @@ +{ + "id": "myrealm", + "realm": "myrealm", + "notBefore": 0, + "defaultSignatureAlgorithm": "RS256", + "revokeRefreshToken": false, + "refreshTokenMaxReuse": 0, + "accessTokenLifespan": 300, + "accessTokenLifespanForImplicitFlow": 900, + "ssoSessionIdleTimeout": 1800, + "ssoSessionMaxLifespan": 36000, + "ssoSessionIdleTimeoutRememberMe": 0, + "ssoSessionMaxLifespanRememberMe": 0, + "offlineSessionIdleTimeout": 2592000, + "offlineSessionMaxLifespanEnabled": false, + "offlineSessionMaxLifespan": 5184000, + "clientSessionIdleTimeout": 0, + "clientSessionMaxLifespan": 0, + "clientOfflineSessionIdleTimeout": 0, + "clientOfflineSessionMaxLifespan": 0, + "accessCodeLifespan": 60, + "accessCodeLifespanUserAction": 300, + "accessCodeLifespanLogin": 1800, + "actionTokenGeneratedByAdminLifespan": 43200, + "actionTokenGeneratedByUserLifespan": 300, + "oauth2DeviceCodeLifespan": 600, + "oauth2DevicePollingInterval": 5, + "enabled": true, + "sslRequired": "external", + "registrationAllowed": false, + "registrationEmailAsUsername": false, + "rememberMe": false, + "verifyEmail": false, + "loginWithEmailAllowed": true, + "duplicateEmailsAllowed": false, + "resetPasswordAllowed": false, + "editUsernameAllowed": false, + "bruteForceProtected": false, + "permanentLockout": false, + "maxFailureWaitSeconds": 900, + "minimumQuickLoginWaitSeconds": 60, + "waitIncrementSeconds": 60, + "quickLoginCheckMilliSeconds": 1000, + "maxDeltaTimeSeconds": 43200, + "failureFactor": 30, + "roles": { + "realm": [ + { + "id": "e8591a82-12bf-4fc1-8718-b1f9e1b9ca1b", + "name": "offline_access", + "description": "${role_offline-access}", + "composite": false, + "clientRole": false, + "containerId": "myrealm", + "attributes": {} + }, + { + "id": "18bc616f-b028-490e-b889-099df17825d3", + "name": "uma_authorization", + "description": "${role_uma_authorization}", + "composite": false, + "clientRole": false, + "containerId": "myrealm", + "attributes": {} + }, + { + "id": "1a0c637a-871a-4682-b314-f44c61541c62", + "name": "admin", + "description": "${role_admin}", + "composite": true, + "composites": { + "realm": [ + "default-roles-myrealm", + "offline_access", + "uma_authorization" + ] + }, + "clientRole": false, + "containerId": "myrealm", + "attributes": {} + }, + { + "id": "4c098f8d-b615-44b0-857d-9b53e719b83f", + "name": "default-roles-myrealm", + "description": "${role_default-roles}", + "composite": true, + "composites": { + "realm": [ + "offline_access", + "uma_authorization" + ], + "client": { + "account": [ + "view-profile", + "manage-account" + ] + } + }, + "clientRole": false, + "containerId": "myrealm", + "attributes": {} + } + ], + "client": { + "realm-management": [ + { + "id": "10806493-2bf5-498e-974b-46da391a7127", + "name": "manage-events", + "description": "${role_manage-events}", + "composite": false, + "clientRole": true, + "containerId": "6990d486-f756-4c46-9a08-f317fdac950a", + "attributes": {} + }, + { + "id": "28937f4a-944c-4fe7-a6c6-73d803ddb8c2", + "name": "view-events", + "description": "${role_view-events}", + "composite": false, + "clientRole": true, + "containerId": "6990d486-f756-4c46-9a08-f317fdac950a", + "attributes": {} + }, + { + "id": "71483e3a-31be-47c4-879a-2b0222cd87b0", + "name": "query-clients", + "description": "${role_query-clients}", + "composite": false, + "clientRole": true, + "containerId": "6990d486-f756-4c46-9a08-f317fdac950a", + "attributes": {} + }, + { + "id": "614f9dad-5fc6-4496-85ce-cd81af499cc1", + "name": "manage-clients", + "description": "${role_manage-clients}", + "composite": false, + "clientRole": true, + "containerId": "6990d486-f756-4c46-9a08-f317fdac950a", + "attributes": {} + }, + { + "id": "9de8d5a7-e750-43d2-ad93-091e01371683", + "name": "query-groups", + "description": "${role_query-groups}", + "composite": false, + "clientRole": true, + "containerId": "6990d486-f756-4c46-9a08-f317fdac950a", + "attributes": {} + }, + { + "id": "6adf2da5-67ed-48ef-8dec-a27659fe94fe", + "name": "view-realm", + "description": "${role_view-realm}", + "composite": false, + "clientRole": true, + "containerId": "6990d486-f756-4c46-9a08-f317fdac950a", + "attributes": {} + }, + { + "id": "7cbdb590-3458-48bd-8df2-f7e01a6e06ae", + "name": "realm-admin", + "description": "${role_realm-admin}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "manage-events", + "view-events", + "query-clients", + "manage-clients", + "view-realm", + "query-groups", + "query-realms", + "view-authorization", + "manage-identity-providers", + "view-identity-providers", + "create-client", + "view-clients", + "impersonation", + "manage-authorization", + "query-users", + "manage-realm", + "view-users", + "manage-users" + ] + } + }, + "clientRole": true, + "containerId": "6990d486-f756-4c46-9a08-f317fdac950a", + "attributes": {} + }, + { + "id": "4799d99a-4412-4cb5-a1ad-f2a3d61049d4", + "name": "query-realms", + "description": "${role_query-realms}", + "composite": false, + "clientRole": true, + "containerId": "6990d486-f756-4c46-9a08-f317fdac950a", + "attributes": {} + }, + { + "id": "8d1658e0-402a-49a6-821c-757d12c3bee2", + "name": "manage-identity-providers", + "description": "${role_manage-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "6990d486-f756-4c46-9a08-f317fdac950a", + "attributes": {} + }, + { + "id": "044f9999-39e0-4549-9bc5-850555ba96a3", + "name": "view-authorization", + "description": "${role_view-authorization}", + "composite": false, + "clientRole": true, + "containerId": "6990d486-f756-4c46-9a08-f317fdac950a", + "attributes": {} + }, + { + "id": "e59c9b1d-6ac3-4147-8bae-078d8fe8c996", + "name": "create-client", + "description": "${role_create-client}", + "composite": false, + "clientRole": true, + "containerId": "6990d486-f756-4c46-9a08-f317fdac950a", + "attributes": {} + }, + { + "id": "02303e00-3458-49e0-8b89-ba324572350c", + "name": "view-identity-providers", + "description": "${role_view-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "6990d486-f756-4c46-9a08-f317fdac950a", + "attributes": {} + }, + { + "id": "bd5fb8a1-b03c-4f4b-a805-f99e7745e52b", + "name": "impersonation", + "description": "${role_impersonation}", + "composite": false, + "clientRole": true, + "containerId": "6990d486-f756-4c46-9a08-f317fdac950a", + "attributes": {} + }, + { + "id": "2d3b92ba-1499-4ba8-9e4a-eee33feb5570", + "name": "view-clients", + "description": "${role_view-clients}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "query-clients" + ] + } + }, + "clientRole": true, + "containerId": "6990d486-f756-4c46-9a08-f317fdac950a", + "attributes": {} + }, + { + "id": "784b50c7-1443-494c-9851-1d1e1708e584", + "name": "manage-authorization", + "description": "${role_manage-authorization}", + "composite": false, + "clientRole": true, + "containerId": "6990d486-f756-4c46-9a08-f317fdac950a", + "attributes": {} + }, + { + "id": "1f2cc84b-6b37-45a8-8549-7e9e031babac", + "name": "query-users", + "description": "${role_query-users}", + "composite": false, + "clientRole": true, + "containerId": "6990d486-f756-4c46-9a08-f317fdac950a", + "attributes": {} + }, + { + "id": "8b3e0628-ead0-40ca-b237-089dbe5e6eae", + "name": "manage-realm", + "description": "${role_manage-realm}", + "composite": false, + "clientRole": true, + "containerId": "6990d486-f756-4c46-9a08-f317fdac950a", + "attributes": {} + }, + { + "id": "bae5b17b-dac2-482c-86df-1d37ceac6cbc", + "name": "view-users", + "description": "${role_view-users}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "query-groups", + "query-users" + ] + } + }, + "clientRole": true, + "containerId": "6990d486-f756-4c46-9a08-f317fdac950a", + "attributes": {} + }, + { + "id": "58316347-660b-414a-b474-608fc95bd95a", + "name": "manage-users", + "description": "${role_manage-users}", + "composite": false, + "clientRole": true, + "containerId": "6990d486-f756-4c46-9a08-f317fdac950a", + "attributes": {} + } + ], + "security-admin-console": [], + "admin-cli": [], + "account-console": [], + "broker": [ + { + "id": "fcb8ab5c-7ae3-45a0-9d65-395a75f4fbe8", + "name": "read-token", + "description": "${role_read-token}", + "composite": false, + "clientRole": true, + "containerId": "cfae451d-7d44-4847-a79b-4e6b72f137ef", + "attributes": {} + } + ], + "account": [ + { + "id": "103c49bf-63ca-4a49-9ad6-90892bd815b5", + "name": "delete-account", + "description": "${role_delete-account}", + "composite": false, + "clientRole": true, + "containerId": "f45a6752-b19c-40d6-a335-1b4bfde1095b", + "attributes": {} + }, + { + "id": "95929a23-5a6d-446c-a8dd-ce25c70d5f88", + "name": "view-profile", + "description": "${role_view-profile}", + "composite": false, + "clientRole": true, + "containerId": "f45a6752-b19c-40d6-a335-1b4bfde1095b", + "attributes": {} + }, + { + "id": "dca10498-4294-4de9-92de-aee3ea297609", + "name": "manage-account-links", + "description": "${role_manage-account-links}", + "composite": false, + "clientRole": true, + "containerId": "f45a6752-b19c-40d6-a335-1b4bfde1095b", + "attributes": {} + }, + { + "id": "49d7b8bb-a98d-414a-a099-3600e28c41f6", + "name": "manage-account", + "description": "${role_manage-account}", + "composite": true, + "composites": { + "client": { + "account": [ + "manage-account-links" + ] + } + }, + "clientRole": true, + "containerId": "f45a6752-b19c-40d6-a335-1b4bfde1095b", + "attributes": {} + }, + { + "id": "c76fe8b3-36b9-4ce1-908b-b628361603c7", + "name": "manage-consent", + "description": "${role_manage-consent}", + "composite": true, + "composites": { + "client": { + "account": [ + "view-consent" + ] + } + }, + "clientRole": true, + "containerId": "f45a6752-b19c-40d6-a335-1b4bfde1095b", + "attributes": {} + }, + { + "id": "66db661c-6cf3-4cfc-8982-55b712188db0", + "name": "view-applications", + "description": "${role_view-applications}", + "composite": false, + "clientRole": true, + "containerId": "f45a6752-b19c-40d6-a335-1b4bfde1095b", + "attributes": {} + }, + { + "id": "5682b7a5-bd52-468f-bdf6-f6f0c016044d", + "name": "view-consent", + "description": "${role_view-consent}", + "composite": false, + "clientRole": true, + "containerId": "f45a6752-b19c-40d6-a335-1b4bfde1095b", + "attributes": {} + } + ] + } + }, + "groups": [], + "defaultRole": { + "id": "4c098f8d-b615-44b0-857d-9b53e719b83f", + "name": "default-roles-myrealm", + "description": "${role_default-roles}", + "composite": true, + "clientRole": false, + "containerId": "myrealm" + }, + "requiredCredentials": [ + "password" + ], + "otpPolicyType": "totp", + "otpPolicyAlgorithm": "HmacSHA1", + "otpPolicyInitialCounter": 0, + "otpPolicyDigits": 6, + "otpPolicyLookAheadWindow": 1, + "otpPolicyPeriod": 30, + "otpSupportedApplications": [ + "FreeOTP", + "Google Authenticator" + ], + "webAuthnPolicyRpEntityName": "keycloak", + "webAuthnPolicySignatureAlgorithms": [ + "ES256" + ], + "webAuthnPolicyRpId": "", + "webAuthnPolicyAttestationConveyancePreference": "not specified", + "webAuthnPolicyAuthenticatorAttachment": "not specified", + "webAuthnPolicyRequireResidentKey": "not specified", + "webAuthnPolicyUserVerificationRequirement": "not specified", + "webAuthnPolicyCreateTimeout": 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyAcceptableAaguids": [], + "webAuthnPolicyPasswordlessRpEntityName": "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms": [ + "ES256" + ], + "webAuthnPolicyPasswordlessRpId": "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", + "webAuthnPolicyPasswordlessCreateTimeout": 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyPasswordlessAcceptableAaguids": [], + "users": [ + { + "id": "b1f770cd-a5a5-472c-95ef-d204e67bbfaa", + "createdTimestamp": 1647982742788, + "username": "service-account-account", + "enabled": true, + "totp": false, + "emailVerified": false, + "serviceAccountClientId": "account", + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": [ + "offline_access", + "uma_authorization", + "admin", + "default-roles-myrealm" + ], + "notBefore": 0, + "groups": [] + }, + { + "username": "minio", + "enabled": true, + "credentials": [ + { + "type": "password", + "userLabel": "initial", + "value": "minio123" + } + ], + "attributes": + { + "policy": [ + "readwrite" + ] + } + } + ], + "scopeMappings": [ + { + "clientScope": "offline_access", + "roles": [ + "offline_access" + ] + } + ], + "clientScopeMappings": { + "account": [ + { + "client": "account-console", + "roles": [ + "manage-account" + ] + } + ] + }, + "clients": [ + { + "id": "f45a6752-b19c-40d6-a335-1b4bfde1095b", + "clientId": "account", + "name": "${client_account}", + "rootUrl": "${authBaseUrl}", + "baseUrl": "/realms/myrealm/account/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "0nfJuqIt0iPnRIUJkvetve5l38C6gi9W", + "redirectUris": [ + "*" + ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": true, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "access.token.lifespan": "3600", + "saml.force.post.binding": "false", + "saml.multivalued.roles": "false", + "oauth2.device.authorization.grant.enabled": "false", + "backchannel.logout.revoke.offline.tokens": "false", + "saml.server.signature.keyinfo.ext": "false", + "use.refresh.tokens": "true", + "oidc.ciba.grant.enabled": "false", + "backchannel.logout.session.required": "false", + "client_credentials.use_refresh_token": "false", + "require.pushed.authorization.requests": "false", + "saml.client.signature": "false", + "id.token.as.detached.signature": "false", + "saml.assertion.signature": "false", + "saml.encrypt": "false", + "saml.server.signature": "false", + "exclude.session.state.from.auth.response": "false", + "saml.artifact.binding": "false", + "saml_force_name_id_format": "false", + "acr.loa.map": "{}", + "tls.client.certificate.bound.access.tokens": "false", + "saml.authnstatement": "false", + "display.on.consent.screen": "false", + "token.response.type.bearer.lower-case": "false", + "saml.onetimeuse.condition": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "ddb0cb8c-92c0-409f-afdd-26f1ed5625dd", + "name": "Client IP Address", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientAddress", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientAddress", + "jsonType.label": "String" + } + }, + { + "id": "d126cfbb-c69e-4ef6-bfae-0a81460a8b4f", + "name": "Client ID", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientId", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientId", + "jsonType.label": "String" + } + }, + { + "id": "d7d811b8-b2fe-428a-bd2f-1a4f3569bd0f", + "name": "anytext", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "policy", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "policy", + "jsonType.label": "String" + } + }, + { + "id": "27b80ffb-7e88-48c1-a9d2-ea753df379e5", + "name": "Client Host", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientHost", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientHost", + "jsonType.label": "String" + } + }, + { + "id": "61097b6b-291c-44d4-8815-386f57983022", + "name": "Audience", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-mapper", + "consentRequired": false, + "config": { + "included.client.audience": "security-admin-console", + "id.token.claim": "false", + "access.token.claim": "true" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "3fab42a2-2113-4bf4-a2ea-d4a6c0ef8f4e", + "clientId": "account-console", + "name": "${client_account-console}", + "rootUrl": "${authBaseUrl}", + "baseUrl": "/realms/myrealm/account/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "/realms/myrealm/account/*" + ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "pkce.code.challenge.method": "S256" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "ef6bc5fd-e595-4974-88f4-87adebeea519", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": {} + } + ], + "defaultClientScopes": [ + "web-origins", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "ad5f0b29-ecd4-469a-b6e7-7d3d7525d157", + "clientId": "admin-cli", + "name": "${client_admin-cli}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "cfae451d-7d44-4847-a79b-4e6b72f137ef", + "clientId": "broker", + "name": "${client_broker}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "6990d486-f756-4c46-9a08-f317fdac950a", + "clientId": "realm-management", + "name": "${client_realm-management}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "086d36fd-dc1c-437f-9597-37d5918e4321", + "clientId": "security-admin-console", + "name": "${client_security-admin-console}", + "rootUrl": "${authAdminUrl}", + "baseUrl": "/admin/myrealm/console/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "/admin/myrealm/console/*" + ], + "webOrigins": [ + "+" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "pkce.code.challenge.method": "S256" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "96a8a7ae-7df1-4f87-9a51-0705b1274770", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + } + ], + "clientScopes": [ + { + "id": "77feff16-534b-42de-afde-3fdc0a3f9bbe", + "name": "web-origins", + "description": "OpenID Connect scope for add allowed web origins to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false", + "consent.screen.text": "" + }, + "protocolMappers": [ + { + "id": "b2359976-31c8-46aa-ad45-dcd3ca84d1c7", + "name": "allowed web origins", + "protocol": "openid-connect", + "protocolMapper": "oidc-allowed-origins-mapper", + "consentRequired": false, + "config": {} + } + ] + }, + { + "id": "f74d4449-c087-4a6e-8cd4-56cd1afba55e", + "name": "email", + "description": "OpenID Connect built-in scope: email", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${emailScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "7c98a037-2653-40cd-b33b-9a52b8be5a79", + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + }, + { + "id": "c6b30134-ea0b-43b7-8008-93a1b610a142", + "name": "email verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "emailVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email_verified", + "jsonType.label": "boolean" + } + } + ] + }, + { + "id": "f74e92eb-6e4c-4088-ad44-5837296c49c8", + "name": "roles", + "description": "OpenID Connect scope for add user roles to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "true", + "consent.screen.text": "${rolesScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "6f68f6ca-7fae-40a6-b358-c7767d47acde", + "name": "realm roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "user.attribute": "foo", + "access.token.claim": "true", + "claim.name": "realm_access.roles", + "jsonType.label": "String", + "multivalued": "true" + } + }, + { + "id": "31b63615-b155-4f8b-9b1f-80934f568864", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": {} + }, + { + "id": "c9be3cfa-01aa-479b-99f9-569c61b3fcf6", + "name": "client roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-client-role-mapper", + "consentRequired": false, + "config": { + "user.attribute": "foo", + "access.token.claim": "true", + "claim.name": "resource_access.${client_id}.roles", + "jsonType.label": "String", + "multivalued": "true" + } + } + ] + }, + { + "id": "f0f78029-0b08-48d6-97c3-9380af7fd9cc", + "name": "address", + "description": "OpenID Connect built-in scope: address", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${addressScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "065e4ea1-64f4-414d-aa8c-2e945193dfc7", + "name": "address", + "protocol": "openid-connect", + "protocolMapper": "oidc-address-mapper", + "consentRequired": false, + "config": { + "user.attribute.formatted": "formatted", + "user.attribute.country": "country", + "user.attribute.postal_code": "postal_code", + "userinfo.token.claim": "true", + "user.attribute.street": "street", + "id.token.claim": "true", + "user.attribute.region": "region", + "access.token.claim": "true", + "user.attribute.locality": "locality" + } + } + ] + }, + { + "id": "deb427cc-5270-4745-9063-7677aa982552", + "name": "offline_access", + "description": "OpenID Connect built-in scope: offline_access", + "protocol": "openid-connect", + "attributes": { + "consent.screen.text": "${offlineAccessScopeConsentText}", + "display.on.consent.screen": "true" + } + }, + { + "id": "6b9c0c3c-fffb-46d5-b3c0-ac9da0bd16d9", + "name": "microprofile-jwt", + "description": "Microprofile - JWT built-in scope", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "f581ceb8-0a9c-412a-a3d9-c3ad28c834fa", + "name": "upn", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "upn", + "jsonType.label": "String" + } + }, + { + "id": "e1b6467e-305b-4de5-9f7a-c857ca2e33f8", + "name": "groups", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "multivalued": "true", + "user.attribute": "foo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "groups", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "ac0ae6ba-708c-49bd-89aa-2a7fb1478af6", + "name": "role_list", + "description": "SAML role list", + "protocol": "saml", + "attributes": { + "consent.screen.text": "${samlRoleListScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "cd349cc7-d592-4482-a9ac-beb2a5a85658", + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", + "consentRequired": false, + "config": { + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" + } + } + ] + }, + { + "id": "3ecde5d5-d0c2-483c-8f15-3869ce8f5281", + "name": "phone", + "description": "OpenID Connect built-in scope: phone", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${phoneScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "7584001b-8ff9-427a-bc88-25bb32ed479b", + "name": "phone number verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "phoneNumberVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number_verified", + "jsonType.label": "boolean" + } + }, + { + "id": "aca28506-1a4a-49e9-aa00-8ff83c40eb72", + "name": "phone number", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "phoneNumber", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "a857f789-1153-4895-9b49-532057577d1e", + "name": "profile", + "description": "OpenID Connect built-in scope: profile", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${profileScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "a1358192-eedf-43ba-9174-0a64f2e9c7c0", + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + }, + { + "id": "3ea02b70-6386-4238-ac8d-6f3a791fa498", + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" + } + }, + { + "id": "8b8683cc-57ff-4e8a-b018-6974f5fb3ba1", + "name": "updated at", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "updatedAt", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "updated_at", + "jsonType.label": "String" + } + }, + { + "id": "70427f2d-cb42-4d62-b0ce-0aba4f822f80", + "name": "birthdate", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "birthdate", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "birthdate", + "jsonType.label": "String" + } + }, + { + "id": "1ae523e2-ba13-447a-87b2-d2e2712c277a", + "name": "picture", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "picture", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "picture", + "jsonType.label": "String" + } + }, + { + "id": "7378b967-8f6c-4c22-9d2e-0edc864056b3", + "name": "zoneinfo", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "zoneinfo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "zoneinfo", + "jsonType.label": "String" + } + }, + { + "id": "61d561ea-7683-4169-8769-2c291ed7f9f7", + "name": "gender", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "gender", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "gender", + "jsonType.label": "String" + } + }, + { + "id": "cfdf9b7c-355a-4dc2-867f-e66b348866d7", + "name": "middle name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "middleName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "middle_name", + "jsonType.label": "String" + } + }, + { + "id": "c382ba46-528b-40ea-b146-a700e0b4e442", + "name": "website", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "website", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "website", + "jsonType.label": "String" + } + }, + { + "id": "4eb0886d-b07d-4ceb-84cf-eb1c5c5759b4", + "name": "nickname", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "nickname", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "nickname", + "jsonType.label": "String" + } + }, + { + "id": "e841716b-2dce-4c4b-8219-d51cb90b33ab", + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String" + } + }, + { + "id": "b36e00dd-7020-4674-aa2f-7879702fbd48", + "name": "profile", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "profile", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "profile", + "jsonType.label": "String" + } + }, + { + "id": "26dfe2ae-4d3b-4e16-803e-86f668e98009", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + }, + { + "id": "3656388e-23a8-4c30-bdf2-5dcda124b79c", + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" + } + } + ] + } + ], + "defaultDefaultClientScopes": [ + "web-origins", + "profile", + "role_list", + "email", + "roles" + ], + "defaultOptionalClientScopes": [ + "phone", + "microprofile-jwt", + "offline_access", + "address" + ], + "browserSecurityHeaders": { + "contentSecurityPolicyReportOnly": "", + "xContentTypeOptions": "nosniff", + "xRobotsTag": "none", + "xFrameOptions": "SAMEORIGIN", + "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "xXSSProtection": "1; mode=block", + "strictTransportSecurity": "max-age=31536000; includeSubDomains" + }, + "smtpServer": {}, + "eventsEnabled": false, + "eventsListeners": [ + "jboss-logging" + ], + "enabledEventTypes": [], + "adminEventsEnabled": false, + "adminEventsDetailsEnabled": false, + "identityProviders": [], + "identityProviderMappers": [], + "components": { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ + { + "id": "eb57c946-2b36-4bae-950d-f490e7112b35", + "name": "Trusted Hosts", + "providerId": "trusted-hosts", + "subType": "anonymous", + "subComponents": {}, + "config": { + "host-sending-registration-request-must-match": [ + "true" + ], + "client-uris-must-match": [ + "true" + ] + } + }, + { + "id": "d157253d-fef2-43bc-95c9-fa611c0163da", + "name": "Consent Required", + "providerId": "consent-required", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "485a1a68-bf93-470e-95b7-b88a7791411a", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "oidc-full-name-mapper", + "oidc-sha256-pairwise-sub-mapper", + "saml-user-attribute-mapper", + "saml-role-list-mapper", + "saml-user-property-mapper", + "oidc-usermodel-property-mapper", + "oidc-usermodel-attribute-mapper", + "oidc-address-mapper" + ] + } + }, + { + "id": "0fcb5c28-0d4d-46c8-8eaf-01f382ba8fd9", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } + }, + { + "id": "1a05f1be-880f-47c3-943d-87a4b051960e", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } + }, + { + "id": "e317006c-58f2-4e31-adae-e9672b6a453b", + "name": "Max Clients Limit", + "providerId": "max-clients", + "subType": "anonymous", + "subComponents": {}, + "config": { + "max-clients": [ + "200" + ] + } + }, + { + "id": "0439814e-c57d-413b-8947-7f704528c588", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "a35b4178-81f3-4435-895d-f6e6a6cad481", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "saml-role-list-mapper", + "oidc-usermodel-attribute-mapper", + "saml-user-property-mapper", + "oidc-usermodel-property-mapper", + "oidc-full-name-mapper", + "oidc-sha256-pairwise-sub-mapper", + "saml-user-attribute-mapper", + "oidc-address-mapper" + ] + } + } + ], + "org.keycloak.userprofile.UserProfileProvider": [ + { + "id": "bafec80c-d7f7-4f6e-90b8-0bbad0a775b5", + "providerId": "declarative-user-profile", + "subComponents": {}, + "config": {} + } + ], + "org.keycloak.keys.KeyProvider": [ + { + "id": "85909f1b-c69b-4853-beb0-d7ebdd042262", + "name": "rsa-generated", + "providerId": "rsa-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ] + } + }, + { + "id": "cc933378-097c-45aa-88cd-fd605f3098d9", + "name": "aes-generated", + "providerId": "aes-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ] + } + }, + { + "id": "3b7274cb-29e3-4f4a-b48b-de45a69af94c", + "name": "rsa-enc-generated", + "providerId": "rsa-enc-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ], + "algorithm": [ + "RSA-OAEP" + ] + } + }, + { + "id": "5e0e20d0-c140-46a6-b121-647150f19f61", + "name": "hmac-generated", + "providerId": "hmac-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ], + "algorithm": [ + "HS256" + ] + } + } + ] + }, + "internationalizationEnabled": false, + "supportedLocales": [], + "authenticationFlows": [ + { + "id": "e259117f-6a9f-4690-9cb7-8870b125ed5d", + "alias": "Account verification options", + "description": "Method with which to verity the existing account", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-email-verification", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Verify Existing Account by Re-authentication", + "userSetupAllowed": false + } + ] + }, + { + "id": "9db34c74-5d80-4625-b211-049768a2498a", + "alias": "Authentication Options", + "description": "Authentication options.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "basic-auth", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "basic-auth-otp", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-spnego", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 30, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "3fea4a75-f078-4f00-adf6-4e00884c472b", + "alias": "Browser - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-otp-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "df29c55d-03b2-4655-84d4-c07855570989", + "alias": "Direct Grant - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "direct-grant-validate-otp", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "82563252-cdb8-4cb1-a69d-518c4eb4a9dc", + "alias": "First broker login - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-otp-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "2381a233-45eb-4b0f-bb0a-073a5eff63b1", + "alias": "Handle Existing Account", + "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-confirm-link", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Account verification options", + "userSetupAllowed": false + } + ] + }, + { + "id": "971b7295-f240-4ed9-a5a6-3dd8d73167d1", + "alias": "Reset - Conditional OTP", + "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-otp", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "9a841aad-2c91-464f-b656-27abfdb47b67", + "alias": "User creation or linking", + "description": "Flow for the existing/non-existing user alternatives", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorConfig": "create unique user config", + "authenticator": "idp-create-user-if-unique", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Handle Existing Account", + "userSetupAllowed": false + } + ] + }, + { + "id": "cc120ad6-eca3-4320-a9c7-8c7745399227", + "alias": "Verify Existing Account by Re-authentication", + "description": "Reauthentication of existing account", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-username-password-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "First broker login - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "0f85183b-5c5e-4508-b47b-1656191b3395", + "alias": "browser", + "description": "browser based authentication", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-cookie", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-spnego", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "identity-provider-redirector", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 25, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 30, + "autheticatorFlow": true, + "flowAlias": "forms", + "userSetupAllowed": false + } + ] + }, + { + "id": "411cb9f9-b9ff-4a96-afc7-92506fdb50b1", + "alias": "clients", + "description": "Base authentication for clients", + "providerId": "client-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "client-secret", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-jwt", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-secret-jwt", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 30, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-x509", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 40, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "36b5138c-015d-4fc0-80ef-9f644ed1f322", + "alias": "direct grant", + "description": "OpenID Connect Resource Owner Grant", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "direct-grant-validate-username", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "direct-grant-validate-password", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 30, + "autheticatorFlow": true, + "flowAlias": "Direct Grant - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "c7766e9f-339d-42a5-8ba7-5e969aa06419", + "alias": "docker auth", + "description": "Used by Docker clients to authenticate against the IDP", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "docker-http-basic-authenticator", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "c914f9b0-c77c-429c-a279-437d95122bda", + "alias": "first broker login", + "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorConfig": "review profile config", + "authenticator": "idp-review-profile", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "User creation or linking", + "userSetupAllowed": false + } + ] + }, + { + "id": "080a3558-9de9-48ce-b898-1e82c2d90dd6", + "alias": "forms", + "description": "Username, password, otp and other auth forms.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-username-password-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Browser - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "acf1b7bd-7308-4209-bc96-99be26b20d05", + "alias": "http challenge", + "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "no-cookie-redirect", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Authentication Options", + "userSetupAllowed": false + } + ] + }, + { + "id": "32dd9f90-716f-4a77-86ae-6693de3ea50b", + "alias": "registration", + "description": "registration flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-page-form", + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": true, + "flowAlias": "registration form", + "userSetupAllowed": false + } + ] + }, + { + "id": "71f1f843-dc06-4eca-a615-f48dfa2d4eaa", + "alias": "registration form", + "description": "registration form", + "providerId": "form-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-user-creation", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "registration-profile-action", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 40, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "registration-password-action", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 50, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "registration-recaptcha-action", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 60, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "a1658b79-38c7-4149-aa91-e1733402f784", + "alias": "reset credentials", + "description": "Reset credentials for a user if they forgot their password or something", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "reset-credentials-choose-user", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-credential-email", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-password", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 30, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 40, + "autheticatorFlow": true, + "flowAlias": "Reset - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "43d928ca-f0d1-41c6-a2bb-09550dc4a2d8", + "alias": "saml ecp", + "description": "SAML ECP Profile Authentication Flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "http-basic-authenticator", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + } + ], + "authenticatorConfig": [ + { + "id": "a66e9a38-af21-4368-a597-817c4f83b5fb", + "alias": "create unique user config", + "config": { + "require.password.update.after.registration": "false" + } + }, + { + "id": "1945702e-6e36-4ea4-b28a-15b23e64324c", + "alias": "review profile config", + "config": { + "update.profile.on.first.login": "missing" + } + } + ], + "requiredActions": [ + { + "alias": "CONFIGURE_TOTP", + "name": "Configure OTP", + "providerId": "CONFIGURE_TOTP", + "enabled": true, + "defaultAction": false, + "priority": 10, + "config": {} + }, + { + "alias": "terms_and_conditions", + "name": "Terms and Conditions", + "providerId": "terms_and_conditions", + "enabled": false, + "defaultAction": false, + "priority": 20, + "config": {} + }, + { + "alias": "UPDATE_PASSWORD", + "name": "Update Password", + "providerId": "UPDATE_PASSWORD", + "enabled": true, + "defaultAction": false, + "priority": 30, + "config": {} + }, + { + "alias": "UPDATE_PROFILE", + "name": "Update Profile", + "providerId": "UPDATE_PROFILE", + "enabled": true, + "defaultAction": false, + "priority": 40, + "config": {} + }, + { + "alias": "VERIFY_EMAIL", + "name": "Verify Email", + "providerId": "VERIFY_EMAIL", + "enabled": true, + "defaultAction": false, + "priority": 50, + "config": {} + }, + { + "alias": "delete_account", + "name": "Delete Account", + "providerId": "delete_account", + "enabled": false, + "defaultAction": false, + "priority": 60, + "config": {} + }, + { + "alias": "update_user_locale", + "name": "Update User Locale", + "providerId": "update_user_locale", + "enabled": true, + "defaultAction": false, + "priority": 1000, + "config": {} + } + ], + "browserFlow": "browser", + "registrationFlow": "registration", + "directGrantFlow": "direct grant", + "resetCredentialsFlow": "reset credentials", + "clientAuthenticationFlow": "clients", + "dockerAuthenticationFlow": "docker auth", + "attributes": { + "cibaBackchannelTokenDeliveryMode": "poll", + "cibaAuthRequestedUserHint": "login_hint", + "de.adorsys.keycloak.config.state-default-roles-client-broker-0": "[\"read-token\"]", + "clientOfflineSessionMaxLifespan": "0", + "oauth2DevicePollingInterval": "5", + "de.adorsys.keycloak.config.import-checksum-default": "79be0145af8119fbb41edb22d076a2e148ae7313b35496479a2c2b8e83174aac", + "clientSessionIdleTimeout": "0", + "clientOfflineSessionIdleTimeout": "0", + "de.adorsys.keycloak.config.state-default-roles-realm-0": "[\"uma_authorization\",\"offline_access\",\"default-roles-myrealm\"]", + "de.adorsys.keycloak.config.state-default-roles-client-realm-management-0": "[\"view-authorization\",\"view-events\",\"manage-realm\",\"manage-identity-providers\",\"view-identity-providers\",\"query-clients\",\"query-groups\",\"create-client\",\"query-users\",\"manage-events\",\"manage-users\",\"manage-authorization\",\"manage-clients\",\"query-realms", + "de.adorsys.keycloak.config.state-default-roles-client-realm-management-1": "\",\"realm-admin\",\"view-clients\",\"view-realm\",\"impersonation\",\"view-users\"]", + "cibaInterval": "5", + "cibaExpiresIn": "120", + "oauth2DeviceCodeLifespan": "600", + "de.adorsys.keycloak.config.state-default-required-actions-0": "[\"CONFIGURE_TOTP\",\"terms_and_conditions\",\"UPDATE_PASSWORD\",\"UPDATE_PROFILE\",\"VERIFY_EMAIL\",\"delete_account\",\"update_user_locale\"]", + "de.adorsys.keycloak.config.state-default-roles-client-admin-cli-0": "[]", + "de.adorsys.keycloak.config.state-default-roles-client-security-admin-console-0": "[]", + "parRequestUriLifespan": "60", + "clientSessionMaxLifespan": "0", + "de.adorsys.keycloak.config.state-default-clients-0": "[\"account\",\"account-console\",\"admin-cli\",\"broker\",\"realm-management\",\"security-admin-console\"]", + "de.adorsys.keycloak.config.state-default-components-1": "nerated\"]", + "de.adorsys.keycloak.config.state-default-components-0": "[\"Full Scope Disabled\",\"Trusted Hosts\",\"Consent Required\",\"Allowed Client Scopes\",\"Max Clients Limit\",\"Allowed Client Scopes\",\"Allowed Protocol Mapper Types\",\"Allowed Protocol Mapper Types\",\"rsa-enc-generated\",\"rsa-generated\",\"hmac-generated\",\"aes-ge", + "de.adorsys.keycloak.config.state-default-roles-client-account-0": "[\"delete-account\",\"view-profile\",\"manage-consent\",\"view-applications\",\"manage-account-links\",\"view-consent\",\"manage-account\"]" + }, + "keycloakVersion": "17.0.0", + "userManagedAccessAllowed": false, + "clientProfiles": { + "profiles": [] + }, + "clientPolicies": { + "policies": [] + } +} \ No newline at end of file diff --git a/sso-integration/logssorun2.sh b/sso-integration/logssorun2.sh new file mode 100755 index 000000000..d4d499b22 --- /dev/null +++ b/sso-integration/logssorun2.sh @@ -0,0 +1,165 @@ +#!/bin/bash + +result=`curl 'http://localhost:9001/api/v1/login' \ + -H 'Connection: keep-alive' \ + -H 'sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="99", "Google Chrome";v="99"' \ + -H 'sec-ch-ua-mobile: ?0' \ + -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36' \ + -H 'sec-ch-ua-platform: "macOS"' \ + -H 'Accept: */*' \ + -H 'Sec-Fetch-Site: same-origin' \ + -H 'Sec-Fetch-Mode: cors' \ + -H 'Sec-Fetch-Dest: empty' \ + -H 'Referer: http://localhost:9001/login' \ + -H 'Accept-Language: en-CA,en;q=0.9' \ + --compressed` +echo $result | jq '.redirect' > redirect.txt + + + + +redirect=`cat redirect.txt | tr -d '"'` + + + + +curl -i "$redirect" \ + -H 'Connection: keep-alive' \ + -H 'sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="99", "Google Chrome";v="99"' \ + -H 'sec-ch-ua-mobile: ?0' \ + -H 'sec-ch-ua-platform: "macOS"' \ + -H 'Upgrade-Insecure-Requests: 1' \ + -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36' \ + -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9' \ + -H 'Sec-Fetch-Site: same-site' \ + -H 'Sec-Fetch-Mode: navigate' \ + -H 'Sec-Fetch-User: ?1' \ + -H 'Sec-Fetch-Dest: document' \ + -H 'Referer: http://localhost:9001/' \ + -H 'Accept-Language: en-CA,en;q=0.9' \ + --compressed > form-cookies.txt + + + + + +cat form-cookies.txt | grep Set-Cookie > first-cookies.txt +cat first-cookies.txt | grep 'AUTH_SESSION_ID=' > AUTH_SESSION_ID.txt +cat AUTH_SESSION_ID.txt | awk '{print $2}' > AUTH_SESSION_ID_2.txt +sed 's/AUTH_SESSION_ID=//' AUTH_SESSION_ID_2.txt > AUTH_SESSION_ID_3.txt +sed 's/;//' AUTH_SESSION_ID_3.txt > AUTH_SESSION_ID_4.txt +AUTH_SESSION_ID=`cat AUTH_SESSION_ID_4.txt` +AUTH_SESSION_ID_LEGACY=$AUTH_SESSION_ID + + + + + + +cat first-cookies.txt | grep 'KC_RESTART=' > KC_RESTART.txt +cat KC_RESTART.txt | awk '{print $2}' > KC_RESTART_2.txt +sed 's/KC_RESTART=//' KC_RESTART_2.txt > KC_RESTART_3.txt +sed 's/;//' KC_RESTART_3.txt > KC_RESTART_4.txt +KC_RESTART=`cat KC_RESTART_4.txt` + + + + + + + + + +cat form-cookies.txt | grep form | grep "kc-form-login" > form-in-file-saved.txt +cat form-in-file-saved.txt | awk '{print $8}' > form-action-only.txt +sed 's/action="//' form-action-only.txt > form-action-only-2.txt +sed 's/"//' form-action-only-2.txt > form-action-only-3.txt +sed 's/amp;//' form-action-only-3.txt > form-action-only-4.txt +sed 's/amp;//' form-action-only-4.txt > form-action-only-5.txt +sed 's/amp;//' form-action-only-5.txt > form-action-only-6.txt +action=`cat form-action-only-6.txt` + + + + + + +cookies=`echo "Cookie: AUTH_SESSION_ID=${AUTH_SESSION_ID}; AUTH_SESSION_ID_LEGACY=${AUTH_SESSION_ID_LEGACY}; KC_RESTART=${KC_RESTART}" | tr -d '"'` +curl -i "$action" \ + -X POST \ + -H 'Connection: keep-alive' \ + -H 'Cache-Control: max-age=0' \ + -H 'sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="99", "Google Chrome";v="99"' \ + -H 'sec-ch-ua-mobile: ?0' \ + -H 'sec-ch-ua-platform: "macOS"' \ + -H 'Upgrade-Insecure-Requests: 1' \ + -H 'Origin: null' \ + -H 'Content-Type: application/x-www-form-urlencoded' \ + -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36' \ + -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9' \ + -H 'Sec-Fetch-Site: same-origin' \ + -H 'Sec-Fetch-Mode: navigate' \ + -H 'Sec-Fetch-User: ?1' \ + -H 'Sec-Fetch-Dest: document' \ + -H 'Accept-Language: en-CA,en;q=0.9' \ + -H "$cookies" \ + --data-raw 'username=minio&password=minio123&credentialId=' \ + --compressed > referer-code-state.txt + + + + + + + + + + +cat referer-code-state.txt | grep Location > location.txt +cat location.txt | awk '{print $2}' > location-2.txt +location=`cat location-2.txt` + + + + + + + + +IFS='&' +read -ra ADDR <<< "$location" + +echo ${ADDR[0]} > state.txt +echo ${ADDR[2]} > code.txt +sed 's/code=//' code.txt > code-1.txt +code=`cat code-1.txt` +echo $code +echo $code > /tmp/code + + + + + +IFS='?' +state=`cat state.txt` +read -ra ADDR22 <<< "$state" +echo ${ADDR22[1]} > state-22.txt +sed 's/%3D/=/' state-22.txt > state-22-1.txt +sed 's/%3D/=/' state-22-1.txt > state-22-2.txt +sed 's/state=//' state-22-2.txt > state-22-3.txt +state=`cat state-22-3.txt` +echo $state +echo $state > /tmp/state + + + + + + + + + + + + + diff --git a/sso-integration/set-sso.sh b/sso-integration/set-sso.sh new file mode 100755 index 000000000..dd237ecf3 --- /dev/null +++ b/sso-integration/set-sso.sh @@ -0,0 +1,9 @@ +#!/bin/sh + +echo "127.0.0.1 keycloak-container" | sudo tee -a /etc/hosts +echo " " +echo " " +echo "/etc/hosts:" +cat /etc/hosts +echo " " +echo " " diff --git a/sso-integration/sso_test.go b/sso-integration/sso_test.go new file mode 100644 index 000000000..3ceaad023 --- /dev/null +++ b/sso-integration/sso_test.go @@ -0,0 +1,168 @@ +// This file is part of MinIO Console Server +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +package ssointegration + +import ( + "bytes" + "encoding/json" + "fmt" + "log" + "net/http" + "os/exec" + "strconv" + "strings" + "testing" + "time" + + "github.com/go-openapi/loads" + "github.com/minio/console/restapi" + "github.com/minio/console/restapi/operations" + "github.com/stretchr/testify/assert" +) + +var token string + +func initConsoleServer() (*restapi.Server, error) { + + //os.Setenv("CONSOLE_MINIO_SERVER", "localhost:9000") + + swaggerSpec, err := loads.Embedded(restapi.SwaggerJSON, restapi.FlatSwaggerJSON) + if err != nil { + return nil, err + } + + noLog := func(string, ...interface{}) { + // nothing to log + } + + // Initialize MinIO loggers + restapi.LogInfo = noLog + restapi.LogError = noLog + + api := operations.NewConsoleAPI(swaggerSpec) + api.Logger = noLog + + server := restapi.NewServer(api) + // register all APIs + server.ConfigureAPI() + consolePort, _ := strconv.Atoi("9090") + + server.Host = "0.0.0.0" + server.Port = consolePort + restapi.Port = "9090" + restapi.Hostname = "0.0.0.0" + + return server, nil +} + +func TestMain(t *testing.T) { + + assert := assert.New(t) + + // start console server + go func() { + fmt.Println("start server") + srv, err := initConsoleServer() + if err != nil { + log.Println(err) + log.Println("init fail") + return + } + srv.Serve() + + }() + + fmt.Println("sleeping") + time.Sleep(2 * time.Second) + + client := &http.Client{ + Timeout: 2 * time.Second, + } + + // execute bash script to get the code and state + cmd, err := exec.Command("./logssorun2.sh").Output() + if err != nil { + fmt.Printf("error %s", err) + } + output := string(cmd) + + fmt.Println(" ") + fmt.Println(" ") + fmt.Println("output:") + fmt.Println(output) + fmt.Println(" ") + fmt.Println(" ") + + temp := strings.Split(output, "\n") + + fmt.Println(" ") + fmt.Println(" ") + fmt.Println("temp:") + fmt.Println(temp) + fmt.Println(" ") + fmt.Println(" ") + + fmt.Println("index0") + fmt.Println(temp[0]) + + if int(len(temp)) >= 2 { + fmt.Println("index 1") + fmt.Println(temp[1]) + } else { + assert.Fail("temp len is less than 2", len(temp)) + return + } + + // get login credentials + codeVarIable := string(strings.TrimSpace(temp[0])) + stateVarIabl := string(strings.TrimSpace(temp[1])) + requestData := map[string]string{ + "code": codeVarIable, + "state": stateVarIabl, + } + requestDataJSON, _ := json.Marshal(requestData) + + requestDataBody := bytes.NewReader(requestDataJSON) + + request, _ := http.NewRequest( + "POST", + "http://localhost:9001/api/v1/login/oauth2/auth", + requestDataBody, + ) + request.Header.Add("Content-Type", "application/json") + + response, err := client.Do(request) + if err != nil { + log.Println(err) + } + + if response != nil { + for _, cookie := range response.Cookies() { + if cookie.Name == "token" { + token = cookie.Value + break + } + } + } + fmt.Println(response.Status) + if token == "" { + assert.Fail("authentication token not found in cookies response") + } else { + fmt.Println(token) + } + +}