mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2025-12-30 17:00:57 -06:00
Code Issues Packages Projects Releases Wiki Activity

ocis_keycloak: Add ocis roles as realm roles (#5750)

Browse Source 
* ocis_keycloak: Add ocis roles as realm roles

This adds the roles ocisAdmin, ocisSpaceAdmin, ocisUser and ocisGuest as realm roles
to the the oCIS realm. It also assigns those roles to the demo users.

Additionally the missing demo user "Katherine Johnson" is added with the role of
"ocisSpaceAdmin".

* Expose realm_roles in "roles" claim of id tokens and userinfo
This commit is contained in:
Ralf Haferkamp
2023-03-08 12:11:21 +01:00
committed by GitHub
parent 97267e9b34
commit b57504696b
1 changed files with 73 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

75
deployments/examples/ocis_keycloak/config/keycloak/ocis-realm.dist.json
View File

@@ -46,6 +46,15 @@
"failureFactor": 30,
"roles": {
"realm": [
{
"id": "0bb40fa2-4490-4687-9159-b1d27ec7423a",
"name": "ocisAdmin",
"description": "",
"composite": false,
"clientRole": false,
"containerId": "ownCloud Infinite Scale Test",
"attributes": {}
},
{
"id": "2d576514-4aae-46aa-9d9c-075f55f4d988",
"name": "uma_authorization",
@@ -55,6 +64,24 @@
"containerId": "ownCloud Infinite Scale Test",
"attributes": {}
},
{
"id": "8c79ff81-c256-48fd-b0b9-795c7941eedf",
"name": "ocisUser",
"description": "",
"composite": false,
"clientRole": false,
"containerId": "ownCloud Infinite Scale Test",
"attributes": {}
},
{
"id": "bd5f5012-48bb-4ea4-bfe6-0623e3ca0552",
"name": "ocisSpaceAdmin",
"description": "",
"composite": false,
"clientRole": false,
"containerId": "ownCloud Infinite Scale Test",
"attributes": {}
},
{
"id": "e2145b30-bf6f-49fb-af3f-1b40168bfcef",
"name": "offline_access",
@@ -84,6 +111,15 @@
"clientRole": false,
"containerId": "ownCloud Infinite Scale Test",
"attributes": {}
},
{
"id": "7eedfa6d-a2d9-4296-b6db-e75e4e9c0963",
"name": "ocisGuest",
"description": "",
"composite": false,
"clientRole": false,
"containerId": "ownCloud Infinite Scale Test",
"attributes": {}
}
],
"client": {
@@ -479,6 +515,7 @@
"requiredActions": [],
"realmRoles": [
"uma_authorization",
"ocisAdmin",
"offline_access"
],
"clientRoles": {
@@ -513,6 +550,7 @@
"requiredActions": [],
"realmRoles": [
"uma_authorization",
"ocisUser",
"offline_access"
],
"clientRoles": {
@@ -524,6 +562,35 @@
"notBefore": 0,
"groups": []
},
{
"id": "b44a81e2-e3ed-4241-a9ce-44604f7ac9eb",
"createdTimestamp": 1678101111607,
"username": "katherine",
"enabled": true,
"totp": false,
"emailVerified": true,
"firstName": "Katherine",
"lastName": "Johnson",
"email": "katherine@example.org",
"credentials": [
{
"id": "be18ccc9-b80f-4895-bf06-8e8e4605c634",
"type": "password",
"userLabel": "My password",
"createdDate": 1678101159924,
"secretData": "{\"value\":\"/E/1yfcgM8deq6V544gEsTfsXZuUnzaofmM+AK+MpAsvRoNRtEyRN1pajhIpGDtEuPa/KVBDbcALE7WMbFhO1w==\",\"salt\":\"TXapvlOYBWqabQRo+fINFQ==\",\"additionalParameters\":{}}",
"credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
}
],
"disableableCredentialTypes": [],
"requiredActions": [],
"realmRoles": [
"ocisSpaceAdmin",
"default-roles-ocis"
],
"notBefore": 0,
"groups": []
},
{
"id": "48016357-346a-443e-bf7a-945c9448a99b",
"createdTimestamp": 1611912241951,
@@ -547,6 +614,7 @@
"requiredActions": [],
"realmRoles": [
"uma_authorization",
"ocisUser",
"offline_access"
],
"clientRoles": {
@@ -581,6 +649,7 @@
"requiredActions": [],
"realmRoles": [
"uma_authorization",
"ocisAdmin",
"offline_access"
],
"clientRoles": {
@@ -615,6 +684,7 @@
"requiredActions": [],
"realmRoles": [
"uma_authorization",
"ocisUser",
"offline_access"
],
"clientRoles": {
@@ -1564,9 +1634,10 @@
"protocolMapper": "oidc-usermodel-realm-role-mapper",
"consentRequired": false,
"config": {
"user.attribute": "foo",
"access.token.claim": "true",
"claim.name": "realm_access.roles",
"claim.name": "roles",
"userinfo.token.claim": "true",
"id.token.claim": "true",
"jsonType.label": "String",
"multivalued": "true"
}