UNCLASSIFIED - NO CUI

Skip to content
Snippets Groups Projects

Resolve "Update baby-yoda JSON within package with clients for all BigBang applications"

Merged Resolve "Update baby-yoda JSON within package with clients for all BigBang applications"
25-update-realm-with-all-dev-clients into main
Merged kevin.wilder requested to merge 25-update-realm-with-all-dev-clients into main
Viewing commit 47332f73
Prev Next
Show latest version
1 file
+ 193
134
Compare changes
  • Side-by-side
  • Inline
chart/resources/dev/baby-yoda.json
+ 193
134
@@ -318,6 +318,7 @@
"https://nexus.bigbang.dev/service/rest/v1/security/saml/metadata": [],
"dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_jaeger": [],
"admin-cli": [],
"dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_twistlock-oidc": [],
"dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_kiali": [],
"dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_prometheus": [],
"account": [
@@ -1318,6 +1319,64 @@
],
"optionalClientScopes": []
},
{
"id": "88e8bc0c-a50a-4735-ab91-0b99080f9906",
"clientId": "dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_twistlock-oidc",
"name": "twistlock",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"redirectUris": [
"https://twistlock.bigbang.dev/api/v1/authenticate/callback/oidc"
],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": false,
"serviceAccountsEnabled": false,
"publicClient": true,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {
"saml.assertion.signature": "false",
"id.token.as.detached.signature": "false",
"saml.multivalued.roles": "false",
"saml.force.post.binding": "false",
"saml.encrypt": "false",
"oauth2.device.authorization.grant.enabled": "false",
"backchannel.logout.revoke.offline.tokens": "false",
"saml.server.signature": "false",
"saml.server.signature.keyinfo.ext": "false",
"use.refresh.tokens": "true",
"exclude.session.state.from.auth.response": "false",
"oidc.ciba.grant.enabled": "false",
"saml.artifact.binding": "false",
"backchannel.logout.session.required": "true",
"client_credentials.use_refresh_token": "false",
"saml_force_name_id_format": "false",
"saml.client.signature": "false",
"tls.client.certificate.bound.access.tokens": "false",
"saml.authnstatement": "false",
"display.on.consent.screen": "false",
"saml.onetimeuse.condition": "false"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": true,
"nodeReRegistrationTimeout": -1,
"defaultClientScopes": [
"profile"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
]
},
{
"id": "f975a475-89c7-43bc-bddb-c9d974ff5ac3",
"clientId": "https://nexus.bigbang.dev/service/rest/v1/security/saml/metadata",
@@ -1747,6 +1806,30 @@
}
]
},
{
"id": "fe2dbca3-685c-4f46-b2a3-3c3f6efb9049",
"name": "role_list",
"description": "SAML role list",
"protocol": "saml",
"attributes": {
"consent.screen.text": "${samlRoleListScopeConsentText}",
"display.on.consent.screen": "true"
},
"protocolMappers": [
{
"id": "5b33612e-8bd9-49c1-bd37-c25851fb227d",
"name": "role list",
"protocol": "saml",
"protocolMapper": "saml-role-list-mapper",
"consentRequired": false,
"config": {
"single": "false",
"attribute.nameformat": "Basic",
"attribute.name": "Role"
}
}
]
},
{
"id": "064e6036-85e1-45ae-87ac-5614510456a7",
"name": "email",
@@ -1790,30 +1873,6 @@
}
]
},
{
"id": "fe2dbca3-685c-4f46-b2a3-3c3f6efb9049",
"name": "role_list",
"description": "SAML role list",
"protocol": "saml",
"attributes": {
"consent.screen.text": "${samlRoleListScopeConsentText}",
"display.on.consent.screen": "true"
},
"protocolMappers": [
{
"id": "5b33612e-8bd9-49c1-bd37-c25851fb227d",
"name": "role list",
"protocol": "saml",
"protocolMapper": "saml-role-list-mapper",
"consentRequired": false,
"config": {
"single": "false",
"attribute.nameformat": "Basic",
"attribute.name": "Role"
}
}
]
},
{
"id": "98fe901c-81b9-4229-9b9f-1177d341e9db",
"name": "offline_access",
@@ -1825,14 +1884,53 @@
}
},
{
"id": "a78ae9be-9dca-4858-b573-d6aeacf77584",
"name": "twistlock",
"description": "twistlock",
"protocol": "saml",
"id": "55c60259-8981-4cd4-a593-a07b71c9a9f3",
"name": "roles",
"description": "OpenID Connect scope for add user roles to the access token",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"display.on.consent.screen": "true"
}
"include.in.token.scope": "false",
"display.on.consent.screen": "true",
"consent.screen.text": "${rolesScopeConsentText}"
},
"protocolMappers": [
{
"id": "776ed187-694d-4324-80f0-f7a210604462",
"name": "realm roles",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-realm-role-mapper",
"consentRequired": false,
"config": {
"user.attribute": "foo",
"access.token.claim": "true",
"claim.name": "realm_access.roles",
"jsonType.label": "String",
"multivalued": "true"
}
},
{
"id": "1dbd971a-ab9c-49d0-997f-8cc939f70145",
"name": "audience resolve",
"protocol": "openid-connect",
"protocolMapper": "oidc-audience-resolve-mapper",
"consentRequired": false,
"config": {}
},
{
"id": "4333b5ca-2c48-4384-a52b-47ee263cc8e0",
"name": "client roles",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-client-role-mapper",
"consentRequired": false,
"config": {
"user.attribute": "foo",
"access.token.claim": "true",
"claim.name": "resource_access.${client_id}.roles",
"jsonType.label": "String",
"multivalued": "true"
}
}
]
},
{
"id": "73183397-1d5a-4387-b54d-de45d1d98658",
@@ -2055,53 +2153,14 @@
]
},
{
"id": "55c60259-8981-4cd4-a593-a07b71c9a9f3",
"name": "roles",
"description": "OpenID Connect scope for add user roles to the access token",
"protocol": "openid-connect",
"id": "a78ae9be-9dca-4858-b573-d6aeacf77584",
"name": "twistlock",
"description": "twistlock",
"protocol": "saml",
"attributes": {
"include.in.token.scope": "false",
"display.on.consent.screen": "true",
"consent.screen.text": "${rolesScopeConsentText}"
},
"protocolMappers": [
{
"id": "776ed187-694d-4324-80f0-f7a210604462",
"name": "realm roles",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-realm-role-mapper",
"consentRequired": false,
"config": {
"user.attribute": "foo",
"access.token.claim": "true",
"claim.name": "realm_access.roles",
"jsonType.label": "String",
"multivalued": "true"
}
},
{
"id": "1dbd971a-ab9c-49d0-997f-8cc939f70145",
"name": "audience resolve",
"protocol": "openid-connect",
"protocolMapper": "oidc-audience-resolve-mapper",
"consentRequired": false,
"config": {}
},
{
"id": "4333b5ca-2c48-4384-a52b-47ee263cc8e0",
"name": "client roles",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-client-role-mapper",
"consentRequired": false,
"config": {
"user.attribute": "foo",
"access.token.claim": "true",
"claim.name": "resource_access.${client_id}.roles",
"jsonType.label": "String",
"multivalued": "true"
}
}
]
"include.in.token.scope": "true",
"display.on.consent.screen": "true"
}
},
{
"id": "8449cb31-24be-4fcb-8263-8eca0c1e9f5b",
@@ -2328,14 +2387,14 @@
"subComponents": {},
"config": {
"allowed-protocol-mapper-types": [
"oidc-usermodel-property-mapper",
"saml-user-attribute-mapper",
"saml-user-property-mapper",
"oidc-usermodel-attribute-mapper",
"saml-role-list-mapper",
"oidc-full-name-mapper",
"oidc-usermodel-property-mapper",
"oidc-address-mapper",
"oidc-sha256-pairwise-sub-mapper"
"saml-user-property-mapper",
"oidc-usermodel-attribute-mapper",
"oidc-sha256-pairwise-sub-mapper",
"oidc-full-name-mapper"
]
}
},
@@ -2379,25 +2438,6 @@
"subComponents": {},
"config": {}
},
{
"id": "a1d490a7-504f-4512-9aef-48247d5d2982",
"name": "Allowed Protocol Mapper Types",
"providerId": "allowed-protocol-mappers",
"subType": "anonymous",
"subComponents": {},
"config": {
"allowed-protocol-mapper-types": [
"oidc-usermodel-property-mapper",
"saml-role-list-mapper",
"saml-user-property-mapper",
"oidc-full-name-mapper",
"oidc-address-mapper",
"oidc-usermodel-attribute-mapper",
"oidc-sha256-pairwise-sub-mapper",
"saml-user-attribute-mapper"
]
}
},
{
"id": "0bc6c803-7a6d-46dd-b4d9-4118d7fd465b",
"name": "Trusted Hosts",
@@ -2412,6 +2452,25 @@
"true"
]
}
},
{
"id": "a1d490a7-504f-4512-9aef-48247d5d2982",
"name": "Allowed Protocol Mapper Types",
"providerId": "allowed-protocol-mappers",
"subType": "anonymous",
"subComponents": {},
"config": {
"allowed-protocol-mapper-types": [
"oidc-full-name-mapper",
"saml-user-attribute-mapper",
"saml-user-property-mapper",
"oidc-usermodel-property-mapper",
"oidc-address-mapper",
"oidc-sha256-pairwise-sub-mapper",
"oidc-usermodel-attribute-mapper",
"saml-role-list-mapper"
]
}
}
],
"org.keycloak.userprofile.UserProfileProvider": [
@@ -2467,7 +2526,7 @@
],
"authenticationFlows": [
{
"id": "76d488b8-da03-4318-97f8-d8b2e89f661a",
"id": "3fb0a791-ef05-4bf8-b50f-b5630df65006",
"alias": "Account verification options",
"description": "Method with which to verity the existing account",
"providerId": "basic-flow",
@@ -2493,7 +2552,7 @@
]
},
{
"id": "08f0b8d2-ff0e-4d38-93f2-a362d0f28e9e",
"id": "606a40ba-0bf6-4efa-8bd9-383f02d5f616",
"alias": "Authentication",
"description": "",
"providerId": "basic-flow",
@@ -2528,7 +2587,7 @@
]
},
{
"id": "3ba2cd70-e91b-4ee5-9c10-eb98429af881",
"id": "a34f6591-3296-4b0c-822b-503bdacd839f",
"alias": "Authentication Options",
"description": "Authentication options.",
"providerId": "basic-flow",
@@ -2562,7 +2621,7 @@
]
},
{
"id": "ba80fc9f-56d0-47c0-9e15-34551fdd6392",
"id": "5f087ee6-c923-40b1-93ca-a6fbc32e754f",
"alias": "Authorization",
"description": "",
"providerId": "basic-flow",
@@ -2580,7 +2639,7 @@
]
},
{
"id": "d4a49183-d3e1-4b5b-9a5b-596bae13b199",
"id": "7a4a9fc5-03c8-4eb1-8b65-1c58e737deef",
"alias": "Browser - Conditional OTP",
"description": "Flow to determine if the OTP is required for the authentication",
"providerId": "basic-flow",
@@ -2606,7 +2665,7 @@
]
},
{
"id": "a3035326-ff62-4dca-bfaa-a9d0ce0ee6a2",
"id": "29de8aff-835a-4ccf-8184-670ad0d346fa",
"alias": "Conditional OTP",
"description": "",
"providerId": "basic-flow",
@@ -2632,7 +2691,7 @@
]
},
{
"id": "1462015f-6b62-4b73-af11-df68a0462c52",
"id": "9e2af316-93b3-41c4-a39f-06556b0d6511",
"alias": "Direct Grant - Conditional OTP",
"description": "Flow to determine if the OTP is required for the authentication",
"providerId": "basic-flow",
@@ -2658,7 +2717,7 @@
]
},
{
"id": "cdc1212d-3bc6-4ca7-967f-f198a3f1aa46",
"id": "94927892-75e9-4e61-bd38-33cc2616a783",
"alias": "First broker login - Conditional OTP",
"description": "Flow to determine if the OTP is required for the authentication",
"providerId": "basic-flow",
@@ -2684,7 +2743,7 @@
]
},
{
"id": "e2fbe86e-fa2a-4933-a322-7f0e9fe36be0",
"id": "2e8bc441-820d-463b-934c-b628ca6484b5",
"alias": "Handle Existing Account",
"description": "Handle what to do if there is existing account with same email/username like authenticated identity provider",
"providerId": "basic-flow",
@@ -2710,7 +2769,7 @@
]
},
{
"id": "055ed95b-893f-460a-b1a4-6895f8d4c986",
"id": "3c8cbc92-3cb2-47cc-b93d-9d90f5d2756a",
"alias": "MFA Login",
"description": "",
"providerId": "basic-flow",
@@ -2736,7 +2795,7 @@
]
},
{
"id": "39f907c7-ea8e-43f5-b77d-5ced3fe42a49",
"id": "67f69fbe-9973-430a-aa31-fef35da32f8a",
"alias": "P1 Authentication",
"description": "browser based authentication",
"providerId": "basic-flow",
@@ -2762,7 +2821,7 @@
]
},
{
"id": "c233eaf8-a337-43a8-a1d0-f56577cc02da",
"id": "3f843623-d1c2-4bbc-88e7-9533be9b195f",
"alias": "P1 Authentication Browser - Conditional OTP",
"description": "Flow to determine if the OTP is required for the authentication",
"providerId": "basic-flow",
@@ -2788,7 +2847,7 @@
]
},
{
"id": "056472c3-33ec-452f-ac7c-02f029531db0",
"id": "810866bb-d095-412d-865b-f33ea73874d5",
"alias": "P1 Registration",
"description": "registration flow",
"providerId": "basic-flow",
@@ -2807,7 +2866,7 @@
]
},
{
"id": "f75b38c3-8d39-43dc-8f6d-0113b3b9632a",
"id": "e9dd1bfd-8848-4599-a42e-2d22d9c17aa6",
"alias": "P1 Registration registration form",
"description": "registration form",
"providerId": "form-flow",
@@ -2842,7 +2901,7 @@
]
},
{
"id": "297a7b57-59b7-4981-8136-1cacb703d437",
"id": "8335106b-746f-4acb-8ddf-7fc093a9abe9",
"alias": "P1 Reset Credentials",
"description": "Reset credentials for a user if they forgot their password or something",
"providerId": "basic-flow",
@@ -2876,7 +2935,7 @@
]
},
{
"id": "e51495aa-3a96-47f3-b111-d624f15ad2b2",
"id": "d8a1fbc9-e950-4ddf-95b7-29461b2570a2",
"alias": "Reset - Conditional OTP",
"description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.",
"providerId": "basic-flow",
@@ -2902,7 +2961,7 @@
]
},
{
"id": "9d59b58b-5af1-4a01-b5f8-f8016d126422",
"id": "7a1100f0-8a89-4088-bd81-c900b16f2a0b",
"alias": "User creation or linking",
"description": "Flow for the existing/non-existing user alternatives",
"providerId": "basic-flow",
@@ -2929,7 +2988,7 @@
]
},
{
"id": "49a8a439-3a1e-4368-b329-bec8961873ee",
"id": "3f8f98ac-dc85-4327-b66d-cd5c451af0ff",
"alias": "Verify Existing Account by Re-authentication",
"description": "Reauthentication of existing account",
"providerId": "basic-flow",
@@ -2955,7 +3014,7 @@
]
},
{
"id": "9d86c38d-66cd-4241-9385-fcd76c007a6d",
"id": "4ab32647-1f65-48d0-a4c6-ae239b6809d5",
"alias": "browser",
"description": "browser based authentication",
"providerId": "basic-flow",
@@ -2997,7 +3056,7 @@
]
},
{
"id": "82778935-a0b6-4a08-9f90-330e5e2fe11b",
"id": "38474249-2758-40c1-b7b5-b6711d22df7e",
"alias": "clients",
"description": "Base authentication for clients",
"providerId": "client-flow",
@@ -3039,7 +3098,7 @@
]
},
{
"id": "23c7e6ac-ecf2-403f-a6fc-9ab6f8be2bef",
"id": "90aeea54-1e80-4ce9-bcd4-594493719389",
"alias": "direct grant",
"description": "OpenID Connect Resource Owner Grant",
"providerId": "basic-flow",
@@ -3073,7 +3132,7 @@
]
},
{
"id": "274c84c9-a04d-448e-a051-7f065bb37481",
"id": "3d8dcb34-2c4c-4464-95e5-47476b1ae71d",
"alias": "docker auth",
"description": "Used by Docker clients to authenticate against the IDP",
"providerId": "basic-flow",
@@ -3091,7 +3150,7 @@
]
},
{
"id": "e500bed5-273e-4837-8e1a-86a35c805c49",
"id": "2f4ccbf1-5149-493e-9d8f-2c8074ede331",
"alias": "first broker login",
"description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
"providerId": "basic-flow",
@@ -3118,7 +3177,7 @@
]
},
{
"id": "93adf54f-6685-49e9-9924-7b3673f7b2b6",
"id": "6fd827ee-fe6b-4748-9047-ac1b9be14360",
"alias": "forms",
"description": "Username, password, otp and other auth forms.",
"providerId": "basic-flow",
@@ -3144,7 +3203,7 @@
]
},
{
"id": "d67e7e07-845a-44eb-8d02-d7c749a81fd2",
"id": "dea21598-ceb3-4ae7-bd72-df7c6cd70b78",
"alias": "http challenge",
"description": "An authentication flow based on challenge-response HTTP Authentication Schemes",
"providerId": "basic-flow",
@@ -3170,7 +3229,7 @@
]
},
{
"id": "5813b8e3-fc39-4edd-883b-6a944c60e361",
"id": "15e7d210-ab4b-44f7-b9e6-6ae380e72372",
"alias": "registration",
"description": "registration flow",
"providerId": "basic-flow",
@@ -3189,7 +3248,7 @@
]
},
{
"id": "dcfb3c5e-bd88-4eca-b356-135e34ef642c",
"id": "26c5fa44-0b70-407a-a8a6-8024c0f82033",
"alias": "registration form",
"description": "registration form",
"providerId": "form-flow",
@@ -3231,7 +3290,7 @@
]
},
{
"id": "65806b45-5d42-4c48-998d-39e9e909e529",
"id": "6236a3ea-4041-4b7e-9294-290a5ccb845e",
"alias": "reset credentials",
"description": "Reset credentials for a user if they forgot their password or something",
"providerId": "basic-flow",
@@ -3273,7 +3332,7 @@
]
},
{
"id": "9a6c79b5-fffb-4529-979e-374be32faf89",
"id": "592e01ca-8a12-4fce-830b-10354944a960",
"alias": "saml ecp",
"description": "SAML ECP Profile Authentication Flow",
"providerId": "basic-flow",
@@ -3293,14 +3352,14 @@
],
"authenticatorConfig": [
{
"id": "2d1f831e-008f-43c3-be1a-574d43ba8bf5",
"id": "0f55a4d2-7240-485a-aee3-734a45865805",
"alias": "create unique user config",
"config": {
"require.password.update.after.registration": "false"
}
},
{
"id": "ecaf4d50-d9ad-4979-9bab-82492db40d15",
"id": "5974380d-7ce8-48c8-8775-5114d135f464",
"alias": "dod-cac",
"config": {
"x509-cert-auth.canonical-dn-enabled": "false",
@@ -3315,12 +3374,12 @@
}
},
{
"id": "faf2389d-3901-4a6c-be1d-aa10cc541811",
"id": "eb413bee-476e-4978-bb68-cac13bb07eb7",
"alias": "main",
"config": {}
},
{
"id": "98f61002-4369-4dca-934b-7c35b48f001c",
"id": "9f405940-6675-4d48-ae5d-e687bd24c926",
"alias": "review profile config",
"config": {
"update.profile.on.first.login": "missing"

UNCLASSIFIED - NO CUI