a9f2ba76ae
* feat!(openid): introducing support for openid configuration BREAKING CHANGE: provider configuration changed from auth.authentication.provider to auth.authentication.jwt.enabled * add upgrading to 4.1.0 * add validation for deprecated values * add openid CI with keycloak * fix chart-testing lint new-line-at-end-of-file * fix keycloak dependency repository * fix keycloak repository * fix yaml to json convert error * disable keycloak to validate github actions before re-enable it * disable openid test scenario * disable keycloak in values * enable keycloak without authentication and authorization * add openid test scenario * disable test scenario other than openid * enable all test scenario * disable functions component * create openid resources * test truncate command * test truncate command * change client_secret generator * change client_secret generator * test python * fix script * fix script * print python result * test python * test python * fix client_secret generation * fix create openid resources * fix secret name * fix mount keycloak config * fix keycloak service * exclude keycloak from chart * add license * add license * wait keycloak is alive * fix keycloak chart install namespace * add test pulsar real openid config * fix keycloak issuer url * fix pod name * remove check keycloak alive * check realm pulsar openid configuration * change keycloak service * remove test keyclock service * remove selector to get all pod log * wait keycloak is alive * check keycloak realm pulsar urls * wait until keycloak is ready * add wait timeout * fix realm pulsar name * add log to debug * add openid for toolset * set authorization * set authorization * fix client template filename * fix install keycloak * disable authorization * debug sub claim value * fix sub claim value * cleanup * enable all build --------- Co-authored-by: glecroc <guillaume.lecroc@cnp.fr>
73 lines
2.0 KiB
JSON
73 lines
2.0 KiB
JSON
{
|
|
"clientId": $ARGS.named.CLIENT_ID,
|
|
"enabled": true,
|
|
"clientAuthenticatorType": "client-secret",
|
|
"secret": $ARGS.named.CLIENT_SECRET,
|
|
"standardFlowEnabled" : false,
|
|
"implicitFlowEnabled" : false,
|
|
"serviceAccountsEnabled": true,
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"realm_client": "false",
|
|
"oidc.ciba.grant.enabled": "false",
|
|
"client.secret.creation.time": "1735689600",
|
|
"backchannel.logout.session.required": "true",
|
|
"standard.token.exchange.enabled": "false",
|
|
"frontchannel.logout.session.required": "true",
|
|
"oauth2.device.authorization.grant.enabled": "false",
|
|
"display.on.consent.screen": "false",
|
|
"backchannel.logout.revoke.offline.tokens": "false"
|
|
},
|
|
"protocolMappers": [
|
|
{
|
|
"name": "sub",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-hardcoded-claim-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"introspection.token.claim": "true",
|
|
"claim.value": $ARGS.named.SUB_CLAIM_VALUE,
|
|
"userinfo.token.claim": "true",
|
|
"id.token.claim": "true",
|
|
"lightweight.claim": "false",
|
|
"access.token.claim": "true",
|
|
"claim.name": "sub",
|
|
"jsonType.label": "String",
|
|
"access.tokenResponse.claim": "false"
|
|
}
|
|
},
|
|
{
|
|
"name": "nbf",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-hardcoded-claim-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"introspection.token.claim": "true",
|
|
"claim.value": "1735689600",
|
|
"userinfo.token.claim": "true",
|
|
"id.token.claim": "true",
|
|
"lightweight.claim": "false",
|
|
"access.token.claim": "true",
|
|
"claim.name": "nbf",
|
|
"jsonType.label": "long",
|
|
"access.tokenResponse.claim": "false"
|
|
}
|
|
}
|
|
],
|
|
"defaultClientScopes": [
|
|
"web-origins",
|
|
"service_account",
|
|
"acr",
|
|
"profile",
|
|
"roles",
|
|
"basic",
|
|
"email"
|
|
],
|
|
"optionalClientScopes": [
|
|
"address",
|
|
"phone",
|
|
"organization",
|
|
"offline_access",
|
|
"microprofile-jwt"
|
|
]
|
|
} |