From 784997ca0551c053658f64229d2dbca4cb498f5a Mon Sep 17 00:00:00 2001 From: hangy Date: Tue, 14 Nov 2023 00:50:20 +0100 Subject: [PATCH] Update keycloak dev realm --- conf/keycloak/open-products-facts-realm.json | 52 +++++++++++++------- docker/dev.yml | 2 +- 2 files changed, 35 insertions(+), 19 deletions(-) diff --git a/conf/keycloak/open-products-facts-realm.json b/conf/keycloak/open-products-facts-realm.json index f33d1e08b332e..290d3c7fd838e 100644 --- a/conf/keycloak/open-products-facts-realm.json +++ b/conf/keycloak/open-products-facts-realm.json @@ -1,6 +1,8 @@ { "id" : "793a2761-1af2-44e1-a0b8-cc37a030a2af", "realm" : "open-products-facts", + "displayName" : "Open Products Facts", + "displayNameHtml" : "", "notBefore" : 0, "defaultSignatureAlgorithm" : "RS256", "revokeRefreshToken" : false, @@ -27,13 +29,13 @@ "oauth2DevicePollingInterval" : 5, "enabled" : true, "sslRequired" : "external", - "registrationAllowed" : false, - "registrationEmailAsUsername" : false, + "registrationAllowed" : true, + "registrationEmailAsUsername" : true, "rememberMe" : false, - "verifyEmail" : false, + "verifyEmail" : true, "loginWithEmailAllowed" : true, "duplicateEmailsAllowed" : false, - "resetPasswordAllowed" : false, + "resetPasswordAllowed" : true, "editUsernameAllowed" : false, "bruteForceProtected" : false, "permanentLockout" : false, @@ -351,15 +353,16 @@ "containerId" : "793a2761-1af2-44e1-a0b8-cc37a030a2af" }, "requiredCredentials" : [ "password" ], + "passwordPolicy" : "passwordHistory(2) and notUsername(undefined) and notEmail(undefined) and length(12)", "otpPolicyType" : "totp", - "otpPolicyAlgorithm" : "HmacSHA1", + "otpPolicyAlgorithm" : "HmacSHA512", "otpPolicyInitialCounter" : 0, - "otpPolicyDigits" : 6, + "otpPolicyDigits" : 8, "otpPolicyLookAheadWindow" : 1, "otpPolicyPeriod" : 30, "otpPolicyCodeReusable" : false, - "otpSupportedApplications" : [ "totpAppFreeOTPName", "totpAppGoogleName", "totpAppMicrosoftAuthenticatorName" ], - "webAuthnPolicyRpEntityName" : "keycloak", + "otpSupportedApplications" : [ "totpAppFreeOTPName" ], + "webAuthnPolicyRpEntityName" : "Open Products Facts", "webAuthnPolicySignatureAlgorithms" : [ "ES256" ], "webAuthnPolicyRpId" : "", "webAuthnPolicyAttestationConveyancePreference" : "not specified", @@ -369,7 +372,7 @@ "webAuthnPolicyCreateTimeout" : 0, "webAuthnPolicyAvoidSameAuthenticatorRegister" : false, "webAuthnPolicyAcceptableAaguids" : [ ], - "webAuthnPolicyPasswordlessRpEntityName" : "keycloak", + "webAuthnPolicyPasswordlessRpEntityName" : "Open Products Facts", "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ], "webAuthnPolicyPasswordlessRpId" : "", "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified", @@ -1173,7 +1176,7 @@ "subType" : "authenticated", "subComponents" : { }, "config" : { - "allowed-protocol-mapper-types" : [ "saml-role-list-mapper", "oidc-address-mapper", "oidc-full-name-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", "saml-user-attribute-mapper", "saml-user-property-mapper" ] + "allowed-protocol-mapper-types" : [ "oidc-usermodel-property-mapper", "oidc-address-mapper", "oidc-full-name-mapper", "saml-role-list-mapper", "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", "saml-user-attribute-mapper", "oidc-sha256-pairwise-sub-mapper" ] } }, { "id" : "539c0fae-f869-470d-b219-058562d2d218", @@ -1182,7 +1185,7 @@ "subType" : "anonymous", "subComponents" : { }, "config" : { - "allowed-protocol-mapper-types" : [ "oidc-usermodel-attribute-mapper", "saml-role-list-mapper", "saml-user-attribute-mapper", "saml-user-property-mapper", "oidc-usermodel-property-mapper", "oidc-address-mapper", "oidc-full-name-mapper", "oidc-sha256-pairwise-sub-mapper" ] + "allowed-protocol-mapper-types" : [ "saml-role-list-mapper", "saml-user-attribute-mapper", "oidc-address-mapper", "oidc-usermodel-property-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-full-name-mapper", "oidc-usermodel-attribute-mapper", "saml-user-property-mapper" ] } }, { "id" : "8602688d-3424-4037-a0a0-12405b54f9f8", @@ -1236,6 +1239,15 @@ "client-uris-must-match" : [ "true" ] } } ], + "org.keycloak.userprofile.UserProfileProvider" : [ { + "id" : "447e9b44-e950-4484-bcf5-642752546b29", + "providerId" : "declarative-user-profile", + "subComponents" : { }, + "config" : { + "config-pieces-count" : [ "1" ], + "config-piece-0" : [ "{\"attributes\":[{\"name\":\"name\",\"displayName\":\"${profile.attribute.name}\",\"selector\":{\"scopes\":[\"profile\"]},\"permissions\":{\"edit\":[\"admin\",\"user\"],\"view\":[\"user\",\"admin\"]},\"annotations\":{\"inputHelperTextAfter\":\"${profile.attribute.name.helpText}\"},\"validations\":{\"person-name-prohibited-characters\":{\"error-message\":\"\"},\"length\":{\"min\":\"1\",\"max\":\"255\"}},\"group\":null,\"required\":{\"roles\":[\"admin\",\"user\"]}},{\"name\":\"username\",\"displayName\":\"${username}\",\"permissions\":{\"edit\":[\"admin\",\"user\"],\"view\":[\"admin\",\"user\"]},\"validations\":{\"length\":{\"min\":3,\"max\":255},\"username-prohibited-characters\":{},\"up-username-not-idn-homograph\":{}},\"annotations\":{\"inputHelperTextAfter\":\"${username.helpText}\"},\"group\":null},{\"name\":\"email\",\"displayName\":\"${email}\",\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"validations\":{\"email\":{},\"length\":{\"max\":255}}},{\"name\":\"country\",\"displayName\":\"${country}\",\"required\":{\"roles\":[\"admin\",\"user\"]},\"permissions\":{\"edit\":[\"admin\",\"user\"],\"view\":[\"user\",\"admin\"]},\"annotations\":{},\"validations\":{},\"group\":\"i18n\"},{\"name\":\"contributorSettings\",\"displayName\":\"${profile.attribute.group.contributorSettings}\",\"permissions\":{\"edit\":[\"admin\",\"user\"],\"view\":[\"user\",\"admin\"]},\"annotations\":{\"inputType\":\"multiselect-checkboxes\",\"inputOptionLabelsI18nPrefix\":\"profile.attribute.group.contributorSettings\"},\"validations\":{\"options\":{\"options\":[\"showBarcodeInSearchResults\",\"showEditLinkInSearchResults\"]}},\"group\":null,\"required\":{\"roles\":[\"admin\",\"user\"]}}],\"groups\":[{\"annotations\":{},\"displayDescription\":\"${profile.attribute.group.i18n.description}\",\"displayHeader\":\"${profile.attribute.group.i18n}\",\"name\":\"i18n\"}]}" ] + } + } ], "org.keycloak.keys.KeyProvider" : [ { "id" : "f33d1c49-c3c5-4409-b56f-151464f12082", "name" : "aes-generated", @@ -1282,8 +1294,9 @@ } } ] }, - "internationalizationEnabled" : false, - "supportedLocales" : [ ], + "internationalizationEnabled" : true, + "supportedLocales" : [ "de", "no", "fi", "ru", "lt", "lv", "fr", "hu", "zh-CN", "sk", "ca", "sv", "pt-BR", "el", "en", "it", "es", "cs", "ar", "ja", "fa", "pl", "da", "nl", "tr" ], + "defaultLocale" : "en", "authenticationFlows" : [ { "id" : "837aceb1-a125-4512-9e1e-d9ac5d2e5b74", "alias" : "Account verification options", @@ -1820,17 +1833,20 @@ "dockerAuthenticationFlow" : "docker auth", "attributes" : { "cibaBackchannelTokenDeliveryMode" : "poll", - "cibaExpiresIn" : "120", "cibaAuthRequestedUserHint" : "login_hint", - "oauth2DeviceCodeLifespan" : "600", "clientOfflineSessionMaxLifespan" : "0", "oauth2DevicePollingInterval" : "5", "clientSessionIdleTimeout" : "0", - "parRequestUriLifespan" : "60", - "clientSessionMaxLifespan" : "0", + "userProfileEnabled" : "true", "clientOfflineSessionIdleTimeout" : "0", "cibaInterval" : "5", - "realmReusableOtpCode" : "false" + "realmReusableOtpCode" : "false", + "cibaExpiresIn" : "120", + "oauth2DeviceCodeLifespan" : "600", + "parRequestUriLifespan" : "60", + "clientSessionMaxLifespan" : "0", + "frontendUrl" : "", + "acr.loa.map" : "{}" }, "keycloakVersion" : "22.0.5", "userManagedAccessAllowed" : false, diff --git a/docker/dev.yml b/docker/dev.yml index 30f748300d335..026b293503c28 100644 --- a/docker/dev.yml +++ b/docker/dev.yml @@ -107,7 +107,7 @@ services: volumes: - keycloak_data:/opt/keycloak/data - ./conf/keycloak:/opt/keycloak/data/import - command: start-dev --import-realm + command: start-dev --import-realm --features="account3,declarative-user-profile" ports: - "127.0.0.1:${KEYCLOAK_EXPOSE_PORT:-8080}:8080" networks: