keycloakify 11.5.2 → 11.5.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bin/{682.index.js → 153.index.js} +220 -25
- package/bin/main.js +1 -1
- package/bin/start-keycloak/realmConfig/{ParsedRealmJson.d.ts → ParsedRealmJson/ParsedRealmJson.d.ts} +2 -3
- package/bin/start-keycloak/realmConfig/ParsedRealmJson/index.d.ts +3 -0
- package/bin/start-keycloak/realmConfig/ParsedRealmJson/readRealmJsonFile.d.ts +4 -0
- package/bin/start-keycloak/realmConfig/ParsedRealmJson/writeRealmJsonFile.d.ts +6 -0
- package/bin/start-keycloak/realmConfig/defaultConfig/defaultConfig.d.ts +1 -4
- package/bin/tools/Stringifyable.d.ts +13 -0
- package/bin/tools/canonicalStringify.d.ts +5 -0
- package/package.json +14 -4
- package/src/bin/start-keycloak/realmConfig/{ParsedRealmJson.ts → ParsedRealmJson/ParsedRealmJson.ts} +1 -19
- package/src/bin/start-keycloak/realmConfig/ParsedRealmJson/index.ts +3 -0
- package/src/bin/start-keycloak/realmConfig/ParsedRealmJson/readRealmJsonFile.ts +20 -0
- package/src/bin/start-keycloak/realmConfig/ParsedRealmJson/writeRealmJsonFile.ts +29 -0
- package/src/bin/start-keycloak/realmConfig/defaultConfig/defaultConfig.ts +3 -4
- package/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-18.json +51 -33
- package/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-19.json +48 -30
- package/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-20.json +50 -32
- package/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-21.json +29 -11
- package/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-23.json +25 -7
- package/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-24.json +26 -8
- package/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-25.json +26 -8
- package/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-26.json +11 -11
- package/src/bin/start-keycloak/realmConfig/dumpContainerConfig.ts +1 -1
- package/src/bin/start-keycloak/realmConfig/prepareRealmConfig.ts +1 -1
- package/src/bin/start-keycloak/realmConfig/realmConfig.ts +15 -19
- package/src/bin/tools/Stringifyable.ts +99 -0
- package/src/bin/tools/canonicalStringify.ts +164 -0
- package/tools/vendor/dompurify.js +1 -1
|
@@ -775,6 +775,24 @@
|
|
|
775
775
|
"fullScopeAllowed": false,
|
|
776
776
|
"nodeReRegistrationTimeout": 0,
|
|
777
777
|
"protocolMappers": [
|
|
778
|
+
{
|
|
779
|
+
"id": "8fd0d584-7052-4d04-a615-d18a71050873",
|
|
780
|
+
"name": "allowed-origins",
|
|
781
|
+
"protocol": "openid-connect",
|
|
782
|
+
"protocolMapper": "oidc-hardcoded-claim-mapper",
|
|
783
|
+
"consentRequired": false,
|
|
784
|
+
"config": {
|
|
785
|
+
"userinfo.token.claim": "true",
|
|
786
|
+
"id.token.claim": "false",
|
|
787
|
+
"access.token.claim": "true",
|
|
788
|
+
"claim.name": "allowed-origins",
|
|
789
|
+
"jsonType.label": "JSON",
|
|
790
|
+
"access.tokenResponse.claim": "false",
|
|
791
|
+
"claim.value": "[\"*\"]",
|
|
792
|
+
"introspection.token.claim": "true",
|
|
793
|
+
"lightweight.claim": "true"
|
|
794
|
+
}
|
|
795
|
+
},
|
|
778
796
|
{
|
|
779
797
|
"id": "7779f8fa-c2fe-4e68-be56-66ee97bf8f13",
|
|
780
798
|
"name": "locale",
|
|
@@ -1355,14 +1373,14 @@
|
|
|
1355
1373
|
"subComponents": {},
|
|
1356
1374
|
"config": {
|
|
1357
1375
|
"allowed-protocol-mapper-types": [
|
|
1358
|
-
"oidc-address-mapper",
|
|
1359
|
-
"oidc-full-name-mapper",
|
|
1360
|
-
"saml-role-list-mapper",
|
|
1361
1376
|
"oidc-sha256-pairwise-sub-mapper",
|
|
1362
1377
|
"oidc-usermodel-property-mapper",
|
|
1378
|
+
"oidc-address-mapper",
|
|
1379
|
+
"oidc-full-name-mapper",
|
|
1363
1380
|
"oidc-usermodel-attribute-mapper",
|
|
1364
|
-
"saml-user-
|
|
1365
|
-
"saml-
|
|
1381
|
+
"saml-user-attribute-mapper",
|
|
1382
|
+
"saml-role-list-mapper",
|
|
1383
|
+
"saml-user-property-mapper"
|
|
1366
1384
|
]
|
|
1367
1385
|
}
|
|
1368
1386
|
},
|
|
@@ -1411,14 +1429,14 @@
|
|
|
1411
1429
|
"subComponents": {},
|
|
1412
1430
|
"config": {
|
|
1413
1431
|
"allowed-protocol-mapper-types": [
|
|
1414
|
-
"saml-user-attribute-mapper",
|
|
1415
|
-
"saml-role-list-mapper",
|
|
1416
|
-
"oidc-sha256-pairwise-sub-mapper",
|
|
1417
1432
|
"oidc-full-name-mapper",
|
|
1433
|
+
"oidc-usermodel-attribute-mapper",
|
|
1434
|
+
"saml-role-list-mapper",
|
|
1435
|
+
"saml-user-attribute-mapper",
|
|
1418
1436
|
"oidc-usermodel-property-mapper",
|
|
1419
1437
|
"oidc-address-mapper",
|
|
1420
|
-
"
|
|
1421
|
-
"
|
|
1438
|
+
"oidc-sha256-pairwise-sub-mapper",
|
|
1439
|
+
"saml-user-property-mapper"
|
|
1422
1440
|
]
|
|
1423
1441
|
}
|
|
1424
1442
|
},
|
|
@@ -1536,7 +1554,7 @@
|
|
|
1536
1554
|
"defaultLocale": "en",
|
|
1537
1555
|
"authenticationFlows": [
|
|
1538
1556
|
{
|
|
1539
|
-
"id": "
|
|
1557
|
+
"id": "30a878f0-57aa-4d20-bab0-6cf1d7317a5c",
|
|
1540
1558
|
"alias": "Account verification options",
|
|
1541
1559
|
"description": "Method with which to verity the existing account",
|
|
1542
1560
|
"providerId": "basic-flow",
|
|
@@ -1562,7 +1580,7 @@
|
|
|
1562
1580
|
]
|
|
1563
1581
|
},
|
|
1564
1582
|
{
|
|
1565
|
-
"id": "
|
|
1583
|
+
"id": "d386affe-d1fe-472a-bee6-54105d0101f5",
|
|
1566
1584
|
"alias": "Authentication Options",
|
|
1567
1585
|
"description": "Authentication options.",
|
|
1568
1586
|
"providerId": "basic-flow",
|
|
@@ -1596,7 +1614,7 @@
|
|
|
1596
1614
|
]
|
|
1597
1615
|
},
|
|
1598
1616
|
{
|
|
1599
|
-
"id": "
|
|
1617
|
+
"id": "77b95bc0-bd0c-46b7-8240-3182023e9d50",
|
|
1600
1618
|
"alias": "Browser - Conditional OTP",
|
|
1601
1619
|
"description": "Flow to determine if the OTP is required for the authentication",
|
|
1602
1620
|
"providerId": "basic-flow",
|
|
@@ -1622,7 +1640,7 @@
|
|
|
1622
1640
|
]
|
|
1623
1641
|
},
|
|
1624
1642
|
{
|
|
1625
|
-
"id": "
|
|
1643
|
+
"id": "bc96d3d6-29a1-42af-a63e-bb67a8c6d78f",
|
|
1626
1644
|
"alias": "Direct Grant - Conditional OTP",
|
|
1627
1645
|
"description": "Flow to determine if the OTP is required for the authentication",
|
|
1628
1646
|
"providerId": "basic-flow",
|
|
@@ -1648,7 +1666,7 @@
|
|
|
1648
1666
|
]
|
|
1649
1667
|
},
|
|
1650
1668
|
{
|
|
1651
|
-
"id": "
|
|
1669
|
+
"id": "7697ca74-5c2b-45ab-9335-e0f6dec59b5c",
|
|
1652
1670
|
"alias": "First broker login - Conditional OTP",
|
|
1653
1671
|
"description": "Flow to determine if the OTP is required for the authentication",
|
|
1654
1672
|
"providerId": "basic-flow",
|
|
@@ -1674,7 +1692,7 @@
|
|
|
1674
1692
|
]
|
|
1675
1693
|
},
|
|
1676
1694
|
{
|
|
1677
|
-
"id": "
|
|
1695
|
+
"id": "534cb120-f600-4f40-9707-7b781bdbce48",
|
|
1678
1696
|
"alias": "Handle Existing Account",
|
|
1679
1697
|
"description": "Handle what to do if there is existing account with same email/username like authenticated identity provider",
|
|
1680
1698
|
"providerId": "basic-flow",
|
|
@@ -1700,7 +1718,7 @@
|
|
|
1700
1718
|
]
|
|
1701
1719
|
},
|
|
1702
1720
|
{
|
|
1703
|
-
"id": "
|
|
1721
|
+
"id": "f884b048-b223-4ed6-ae16-e49a4255131e",
|
|
1704
1722
|
"alias": "Reset - Conditional OTP",
|
|
1705
1723
|
"description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.",
|
|
1706
1724
|
"providerId": "basic-flow",
|
|
@@ -1726,7 +1744,7 @@
|
|
|
1726
1744
|
]
|
|
1727
1745
|
},
|
|
1728
1746
|
{
|
|
1729
|
-
"id": "
|
|
1747
|
+
"id": "61c7966c-ad72-49f5-84dd-376152348092",
|
|
1730
1748
|
"alias": "User creation or linking",
|
|
1731
1749
|
"description": "Flow for the existing/non-existing user alternatives",
|
|
1732
1750
|
"providerId": "basic-flow",
|
|
@@ -1753,7 +1771,7 @@
|
|
|
1753
1771
|
]
|
|
1754
1772
|
},
|
|
1755
1773
|
{
|
|
1756
|
-
"id": "
|
|
1774
|
+
"id": "72412d0f-dd1b-49fe-bb0b-9dad99eb0491",
|
|
1757
1775
|
"alias": "Verify Existing Account by Re-authentication",
|
|
1758
1776
|
"description": "Reauthentication of existing account",
|
|
1759
1777
|
"providerId": "basic-flow",
|
|
@@ -1779,7 +1797,7 @@
|
|
|
1779
1797
|
]
|
|
1780
1798
|
},
|
|
1781
1799
|
{
|
|
1782
|
-
"id": "
|
|
1800
|
+
"id": "6b76613e-0d39-440d-aab4-98eaffb1e96a",
|
|
1783
1801
|
"alias": "browser",
|
|
1784
1802
|
"description": "browser based authentication",
|
|
1785
1803
|
"providerId": "basic-flow",
|
|
@@ -1821,7 +1839,7 @@
|
|
|
1821
1839
|
]
|
|
1822
1840
|
},
|
|
1823
1841
|
{
|
|
1824
|
-
"id": "
|
|
1842
|
+
"id": "0ff60395-fa89-41be-ad22-fab339e67c49",
|
|
1825
1843
|
"alias": "clients",
|
|
1826
1844
|
"description": "Base authentication for clients",
|
|
1827
1845
|
"providerId": "client-flow",
|
|
@@ -1863,7 +1881,7 @@
|
|
|
1863
1881
|
]
|
|
1864
1882
|
},
|
|
1865
1883
|
{
|
|
1866
|
-
"id": "
|
|
1884
|
+
"id": "bbb3ece7-7dbf-4aba-80c3-dde4b9cdd0b6",
|
|
1867
1885
|
"alias": "direct grant",
|
|
1868
1886
|
"description": "OpenID Connect Resource Owner Grant",
|
|
1869
1887
|
"providerId": "basic-flow",
|
|
@@ -1897,7 +1915,7 @@
|
|
|
1897
1915
|
]
|
|
1898
1916
|
},
|
|
1899
1917
|
{
|
|
1900
|
-
"id": "
|
|
1918
|
+
"id": "f5f2c0f6-7dbf-4978-845e-6cacac23aa13",
|
|
1901
1919
|
"alias": "docker auth",
|
|
1902
1920
|
"description": "Used by Docker clients to authenticate against the IDP",
|
|
1903
1921
|
"providerId": "basic-flow",
|
|
@@ -1915,7 +1933,7 @@
|
|
|
1915
1933
|
]
|
|
1916
1934
|
},
|
|
1917
1935
|
{
|
|
1918
|
-
"id": "
|
|
1936
|
+
"id": "cf463104-19e2-41a8-8a53-d3dd30b75344",
|
|
1919
1937
|
"alias": "first broker login",
|
|
1920
1938
|
"description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
|
|
1921
1939
|
"providerId": "basic-flow",
|
|
@@ -1942,7 +1960,7 @@
|
|
|
1942
1960
|
]
|
|
1943
1961
|
},
|
|
1944
1962
|
{
|
|
1945
|
-
"id": "
|
|
1963
|
+
"id": "b99b60dc-41ad-487d-be69-a2eefa954a9d",
|
|
1946
1964
|
"alias": "forms",
|
|
1947
1965
|
"description": "Username, password, otp and other auth forms.",
|
|
1948
1966
|
"providerId": "basic-flow",
|
|
@@ -1968,7 +1986,7 @@
|
|
|
1968
1986
|
]
|
|
1969
1987
|
},
|
|
1970
1988
|
{
|
|
1971
|
-
"id": "
|
|
1989
|
+
"id": "18731296-2c96-4f98-a884-027e629e4f9d",
|
|
1972
1990
|
"alias": "http challenge",
|
|
1973
1991
|
"description": "An authentication flow based on challenge-response HTTP Authentication Schemes",
|
|
1974
1992
|
"providerId": "basic-flow",
|
|
@@ -1994,7 +2012,7 @@
|
|
|
1994
2012
|
]
|
|
1995
2013
|
},
|
|
1996
2014
|
{
|
|
1997
|
-
"id": "
|
|
2015
|
+
"id": "9a9dce17-5425-4fd5-b3b8-81410e1dbce4",
|
|
1998
2016
|
"alias": "registration",
|
|
1999
2017
|
"description": "registration flow",
|
|
2000
2018
|
"providerId": "basic-flow",
|
|
@@ -2013,7 +2031,7 @@
|
|
|
2013
2031
|
]
|
|
2014
2032
|
},
|
|
2015
2033
|
{
|
|
2016
|
-
"id": "
|
|
2034
|
+
"id": "d0a24e08-cb69-4949-9518-50ae7a96ee49",
|
|
2017
2035
|
"alias": "registration form",
|
|
2018
2036
|
"description": "registration form",
|
|
2019
2037
|
"providerId": "form-flow",
|
|
@@ -2055,7 +2073,7 @@
|
|
|
2055
2073
|
]
|
|
2056
2074
|
},
|
|
2057
2075
|
{
|
|
2058
|
-
"id": "
|
|
2076
|
+
"id": "6a9aa554-afba-487f-9c82-e94c81c15b3b",
|
|
2059
2077
|
"alias": "reset credentials",
|
|
2060
2078
|
"description": "Reset credentials for a user if they forgot their password or something",
|
|
2061
2079
|
"providerId": "basic-flow",
|
|
@@ -2097,7 +2115,7 @@
|
|
|
2097
2115
|
]
|
|
2098
2116
|
},
|
|
2099
2117
|
{
|
|
2100
|
-
"id": "
|
|
2118
|
+
"id": "e0361d46-eab4-41a6-bb2e-1dc6a5a6b073",
|
|
2101
2119
|
"alias": "saml ecp",
|
|
2102
2120
|
"description": "SAML ECP Profile Authentication Flow",
|
|
2103
2121
|
"providerId": "basic-flow",
|
|
@@ -2117,14 +2135,14 @@
|
|
|
2117
2135
|
],
|
|
2118
2136
|
"authenticatorConfig": [
|
|
2119
2137
|
{
|
|
2120
|
-
"id": "
|
|
2138
|
+
"id": "053d6017-e54c-418a-abe7-44dd4752eacb",
|
|
2121
2139
|
"alias": "create unique user config",
|
|
2122
2140
|
"config": {
|
|
2123
2141
|
"require.password.update.after.registration": "false"
|
|
2124
2142
|
}
|
|
2125
2143
|
},
|
|
2126
2144
|
{
|
|
2127
|
-
"id": "
|
|
2145
|
+
"id": "8b545cf4-ab9e-4226-b3c0-d7ac773eae2f",
|
|
2128
2146
|
"alias": "review profile config",
|
|
2129
2147
|
"config": {
|
|
2130
2148
|
"update.profile.on.first.login": "missing"
|
|
@@ -408,9 +408,9 @@
|
|
|
408
408
|
"otpPolicyPeriod": 30,
|
|
409
409
|
"otpPolicyCodeReusable": false,
|
|
410
410
|
"otpSupportedApplications": [
|
|
411
|
-
"totpAppGoogleName",
|
|
412
411
|
"totpAppFreeOTPName",
|
|
413
|
-
"totpAppMicrosoftAuthenticatorName"
|
|
412
|
+
"totpAppMicrosoftAuthenticatorName",
|
|
413
|
+
"totpAppGoogleName"
|
|
414
414
|
],
|
|
415
415
|
"webAuthnPolicyRpEntityName": "keycloak",
|
|
416
416
|
"webAuthnPolicySignatureAlgorithms": ["ES256"],
|
|
@@ -779,6 +779,24 @@
|
|
|
779
779
|
"fullScopeAllowed": false,
|
|
780
780
|
"nodeReRegistrationTimeout": 0,
|
|
781
781
|
"protocolMappers": [
|
|
782
|
+
{
|
|
783
|
+
"id": "8fd0d584-7052-4d04-a615-d18a71050873",
|
|
784
|
+
"name": "allowed-origins",
|
|
785
|
+
"protocol": "openid-connect",
|
|
786
|
+
"protocolMapper": "oidc-hardcoded-claim-mapper",
|
|
787
|
+
"consentRequired": false,
|
|
788
|
+
"config": {
|
|
789
|
+
"userinfo.token.claim": "true",
|
|
790
|
+
"id.token.claim": "false",
|
|
791
|
+
"access.token.claim": "true",
|
|
792
|
+
"claim.name": "allowed-origins",
|
|
793
|
+
"jsonType.label": "JSON",
|
|
794
|
+
"access.tokenResponse.claim": "false",
|
|
795
|
+
"claim.value": "[\"*\"]",
|
|
796
|
+
"introspection.token.claim": "true",
|
|
797
|
+
"lightweight.claim": "true"
|
|
798
|
+
}
|
|
799
|
+
},
|
|
782
800
|
{
|
|
783
801
|
"id": "7779f8fa-c2fe-4e68-be56-66ee97bf8f13",
|
|
784
802
|
"name": "locale",
|
|
@@ -1359,13 +1377,13 @@
|
|
|
1359
1377
|
"subComponents": {},
|
|
1360
1378
|
"config": {
|
|
1361
1379
|
"allowed-protocol-mapper-types": [
|
|
1362
|
-
"
|
|
1363
|
-
"
|
|
1380
|
+
"oidc-usermodel-attribute-mapper",
|
|
1381
|
+
"oidc-usermodel-property-mapper",
|
|
1364
1382
|
"oidc-sha256-pairwise-sub-mapper",
|
|
1383
|
+
"saml-user-property-mapper",
|
|
1365
1384
|
"saml-role-list-mapper",
|
|
1366
|
-
"oidc-usermodel-attribute-mapper",
|
|
1367
1385
|
"oidc-full-name-mapper",
|
|
1368
|
-
"
|
|
1386
|
+
"saml-user-attribute-mapper",
|
|
1369
1387
|
"oidc-address-mapper"
|
|
1370
1388
|
]
|
|
1371
1389
|
}
|
|
@@ -1415,14 +1433,14 @@
|
|
|
1415
1433
|
"subComponents": {},
|
|
1416
1434
|
"config": {
|
|
1417
1435
|
"allowed-protocol-mapper-types": [
|
|
1418
|
-
"oidc-address-mapper",
|
|
1419
1436
|
"oidc-usermodel-property-mapper",
|
|
1420
|
-
"oidc-usermodel-attribute-mapper",
|
|
1421
|
-
"oidc-full-name-mapper",
|
|
1422
1437
|
"oidc-sha256-pairwise-sub-mapper",
|
|
1423
|
-
"saml-user-property-mapper",
|
|
1424
1438
|
"saml-role-list-mapper",
|
|
1425
|
-
"saml-user-attribute-mapper"
|
|
1439
|
+
"saml-user-attribute-mapper",
|
|
1440
|
+
"saml-user-property-mapper",
|
|
1441
|
+
"oidc-usermodel-attribute-mapper",
|
|
1442
|
+
"oidc-address-mapper",
|
|
1443
|
+
"oidc-full-name-mapper"
|
|
1426
1444
|
]
|
|
1427
1445
|
}
|
|
1428
1446
|
},
|
|
@@ -789,6 +789,24 @@
|
|
|
789
789
|
"fullScopeAllowed": false,
|
|
790
790
|
"nodeReRegistrationTimeout": 0,
|
|
791
791
|
"protocolMappers": [
|
|
792
|
+
{
|
|
793
|
+
"id": "8fd0d584-7052-4d04-a615-d18a71050873",
|
|
794
|
+
"name": "allowed-origins",
|
|
795
|
+
"protocol": "openid-connect",
|
|
796
|
+
"protocolMapper": "oidc-hardcoded-claim-mapper",
|
|
797
|
+
"consentRequired": false,
|
|
798
|
+
"config": {
|
|
799
|
+
"introspection.token.claim": "true",
|
|
800
|
+
"userinfo.token.claim": "true",
|
|
801
|
+
"id.token.claim": "false",
|
|
802
|
+
"access.token.claim": "true",
|
|
803
|
+
"claim.name": "allowed-origins",
|
|
804
|
+
"jsonType.label": "JSON",
|
|
805
|
+
"access.tokenResponse.claim": "false",
|
|
806
|
+
"claim.value": "[\"*\"]",
|
|
807
|
+
"lightweight.claim": "true"
|
|
808
|
+
}
|
|
809
|
+
},
|
|
792
810
|
{
|
|
793
811
|
"id": "59cde7ae-2218-4a8e-83af-cad992c3a700",
|
|
794
812
|
"name": "locale",
|
|
@@ -1401,14 +1419,14 @@
|
|
|
1401
1419
|
"subComponents": {},
|
|
1402
1420
|
"config": {
|
|
1403
1421
|
"allowed-protocol-mapper-types": [
|
|
1404
|
-
"saml-role-list-mapper",
|
|
1405
1422
|
"oidc-sha256-pairwise-sub-mapper",
|
|
1406
|
-
"oidc-usermodel-attribute-mapper",
|
|
1407
1423
|
"saml-user-attribute-mapper",
|
|
1408
1424
|
"oidc-full-name-mapper",
|
|
1425
|
+
"oidc-usermodel-property-mapper",
|
|
1426
|
+
"oidc-usermodel-attribute-mapper",
|
|
1409
1427
|
"oidc-address-mapper",
|
|
1410
1428
|
"saml-user-property-mapper",
|
|
1411
|
-
"
|
|
1429
|
+
"saml-role-list-mapper"
|
|
1412
1430
|
]
|
|
1413
1431
|
}
|
|
1414
1432
|
},
|
|
@@ -1477,14 +1495,14 @@
|
|
|
1477
1495
|
"subComponents": {},
|
|
1478
1496
|
"config": {
|
|
1479
1497
|
"allowed-protocol-mapper-types": [
|
|
1480
|
-
"
|
|
1498
|
+
"oidc-usermodel-property-mapper",
|
|
1481
1499
|
"saml-role-list-mapper",
|
|
1500
|
+
"saml-user-property-mapper",
|
|
1482
1501
|
"oidc-usermodel-attribute-mapper",
|
|
1502
|
+
"saml-user-attribute-mapper",
|
|
1483
1503
|
"oidc-address-mapper",
|
|
1484
|
-
"saml-user-property-mapper",
|
|
1485
1504
|
"oidc-full-name-mapper",
|
|
1486
|
-
"oidc-sha256-pairwise-sub-mapper"
|
|
1487
|
-
"oidc-usermodel-property-mapper"
|
|
1505
|
+
"oidc-sha256-pairwise-sub-mapper"
|
|
1488
1506
|
]
|
|
1489
1507
|
}
|
|
1490
1508
|
}
|
|
@@ -919,6 +919,24 @@
|
|
|
919
919
|
"claim.name": "locale",
|
|
920
920
|
"jsonType.label": "String"
|
|
921
921
|
}
|
|
922
|
+
},
|
|
923
|
+
{
|
|
924
|
+
"id": "8fd0d584-7052-4d04-a615-d18a71050873",
|
|
925
|
+
"name": "allowed-origins",
|
|
926
|
+
"protocol": "openid-connect",
|
|
927
|
+
"protocolMapper": "oidc-hardcoded-claim-mapper",
|
|
928
|
+
"consentRequired": false,
|
|
929
|
+
"config": {
|
|
930
|
+
"introspection.token.claim": "true",
|
|
931
|
+
"userinfo.token.claim": "true",
|
|
932
|
+
"id.token.claim": "false",
|
|
933
|
+
"access.token.claim": "true",
|
|
934
|
+
"claim.name": "allowed-origins",
|
|
935
|
+
"jsonType.label": "JSON",
|
|
936
|
+
"access.tokenResponse.claim": "false",
|
|
937
|
+
"claim.value": "[\"*\"]",
|
|
938
|
+
"lightweight.claim": "true"
|
|
939
|
+
}
|
|
922
940
|
}
|
|
923
941
|
],
|
|
924
942
|
"defaultClientScopes": ["web-origins", "acr", "profile", "roles", "email"],
|
|
@@ -1545,14 +1563,14 @@
|
|
|
1545
1563
|
"subComponents": {},
|
|
1546
1564
|
"config": {
|
|
1547
1565
|
"allowed-protocol-mapper-types": [
|
|
1566
|
+
"oidc-full-name-mapper",
|
|
1548
1567
|
"saml-role-list-mapper",
|
|
1568
|
+
"saml-user-attribute-mapper",
|
|
1569
|
+
"oidc-usermodel-attribute-mapper",
|
|
1549
1570
|
"oidc-address-mapper",
|
|
1550
1571
|
"oidc-usermodel-property-mapper",
|
|
1551
|
-
"saml-user-attribute-mapper",
|
|
1552
1572
|
"saml-user-property-mapper",
|
|
1553
|
-
"oidc-sha256-pairwise-sub-mapper"
|
|
1554
|
-
"oidc-usermodel-attribute-mapper",
|
|
1555
|
-
"oidc-full-name-mapper"
|
|
1573
|
+
"oidc-sha256-pairwise-sub-mapper"
|
|
1556
1574
|
]
|
|
1557
1575
|
}
|
|
1558
1576
|
},
|
|
@@ -1584,14 +1602,14 @@
|
|
|
1584
1602
|
"subComponents": {},
|
|
1585
1603
|
"config": {
|
|
1586
1604
|
"allowed-protocol-mapper-types": [
|
|
1605
|
+
"oidc-sha256-pairwise-sub-mapper",
|
|
1606
|
+
"oidc-address-mapper",
|
|
1587
1607
|
"oidc-full-name-mapper",
|
|
1588
1608
|
"oidc-usermodel-property-mapper",
|
|
1589
1609
|
"saml-user-attribute-mapper",
|
|
1590
|
-
"oidc-sha256-pairwise-sub-mapper",
|
|
1591
1610
|
"saml-role-list-mapper",
|
|
1592
|
-
"
|
|
1593
|
-
"oidc-usermodel-attribute-mapper"
|
|
1594
|
-
"saml-user-property-mapper"
|
|
1611
|
+
"saml-user-property-mapper",
|
|
1612
|
+
"oidc-usermodel-attribute-mapper"
|
|
1595
1613
|
]
|
|
1596
1614
|
}
|
|
1597
1615
|
},
|
|
@@ -964,6 +964,24 @@
|
|
|
964
964
|
"claim.name": "locale",
|
|
965
965
|
"jsonType.label": "String"
|
|
966
966
|
}
|
|
967
|
+
},
|
|
968
|
+
{
|
|
969
|
+
"id": "8fd0d584-7052-4d04-a615-d18a71050873",
|
|
970
|
+
"name": "allowed-origins",
|
|
971
|
+
"protocol": "openid-connect",
|
|
972
|
+
"protocolMapper": "oidc-hardcoded-claim-mapper",
|
|
973
|
+
"consentRequired": false,
|
|
974
|
+
"config": {
|
|
975
|
+
"introspection.token.claim": "true",
|
|
976
|
+
"userinfo.token.claim": "true",
|
|
977
|
+
"id.token.claim": "false",
|
|
978
|
+
"access.token.claim": "true",
|
|
979
|
+
"claim.name": "allowed-origins",
|
|
980
|
+
"jsonType.label": "JSON",
|
|
981
|
+
"access.tokenResponse.claim": "false",
|
|
982
|
+
"claim.value": "[\"*\"]",
|
|
983
|
+
"lightweight.claim": "true"
|
|
984
|
+
}
|
|
967
985
|
}
|
|
968
986
|
],
|
|
969
987
|
"defaultClientScopes": [
|
|
@@ -1618,14 +1636,14 @@
|
|
|
1618
1636
|
"subComponents": {},
|
|
1619
1637
|
"config": {
|
|
1620
1638
|
"allowed-protocol-mapper-types": [
|
|
1621
|
-
"saml-role-list-mapper",
|
|
1622
|
-
"oidc-full-name-mapper",
|
|
1623
|
-
"saml-user-property-mapper",
|
|
1624
|
-
"saml-user-attribute-mapper",
|
|
1625
1639
|
"oidc-usermodel-attribute-mapper",
|
|
1626
1640
|
"oidc-address-mapper",
|
|
1641
|
+
"saml-role-list-mapper",
|
|
1642
|
+
"saml-user-property-mapper",
|
|
1627
1643
|
"oidc-sha256-pairwise-sub-mapper",
|
|
1628
|
-
"
|
|
1644
|
+
"saml-user-attribute-mapper",
|
|
1645
|
+
"oidc-usermodel-property-mapper",
|
|
1646
|
+
"oidc-full-name-mapper"
|
|
1629
1647
|
]
|
|
1630
1648
|
}
|
|
1631
1649
|
},
|
|
@@ -1657,12 +1675,12 @@
|
|
|
1657
1675
|
"allowed-protocol-mapper-types": [
|
|
1658
1676
|
"oidc-address-mapper",
|
|
1659
1677
|
"saml-user-attribute-mapper",
|
|
1660
|
-
"oidc-full-name-mapper",
|
|
1661
1678
|
"saml-role-list-mapper",
|
|
1679
|
+
"oidc-usermodel-property-mapper",
|
|
1662
1680
|
"oidc-sha256-pairwise-sub-mapper",
|
|
1663
|
-
"oidc-usermodel-attribute-mapper",
|
|
1664
1681
|
"saml-user-property-mapper",
|
|
1665
|
-
"oidc-usermodel-
|
|
1682
|
+
"oidc-usermodel-attribute-mapper",
|
|
1683
|
+
"oidc-full-name-mapper"
|
|
1666
1684
|
]
|
|
1667
1685
|
}
|
|
1668
1686
|
},
|
|
@@ -997,7 +997,7 @@
|
|
|
997
997
|
"claim.value": "[\"*\"]",
|
|
998
998
|
"userinfo.token.claim": "true",
|
|
999
999
|
"id.token.claim": "false",
|
|
1000
|
-
"lightweight.claim": "
|
|
1000
|
+
"lightweight.claim": "true",
|
|
1001
1001
|
"access.token.claim": "true",
|
|
1002
1002
|
"claim.name": "allowed-origins",
|
|
1003
1003
|
"jsonType.label": "JSON",
|
|
@@ -1628,7 +1628,7 @@
|
|
|
1628
1628
|
"smtpServer": {},
|
|
1629
1629
|
"loginTheme": "keycloakify-starter",
|
|
1630
1630
|
"accountTheme": "",
|
|
1631
|
-
"adminTheme": "",
|
|
1631
|
+
"adminTheme": "keycloakify-starter",
|
|
1632
1632
|
"emailTheme": "",
|
|
1633
1633
|
"eventsEnabled": false,
|
|
1634
1634
|
"eventsListeners": ["keycloakify-logging", "jboss-logging"],
|
|
@@ -1657,13 +1657,13 @@
|
|
|
1657
1657
|
"subComponents": {},
|
|
1658
1658
|
"config": {
|
|
1659
1659
|
"allowed-protocol-mapper-types": [
|
|
1660
|
-
"oidc-usermodel-property-mapper",
|
|
1661
|
-
"saml-user-property-mapper",
|
|
1662
1660
|
"oidc-address-mapper",
|
|
1663
1661
|
"saml-user-attribute-mapper",
|
|
1664
|
-
"
|
|
1665
|
-
"oidc-sha256-pairwise-sub-mapper",
|
|
1662
|
+
"oidc-usermodel-property-mapper",
|
|
1666
1663
|
"oidc-usermodel-attribute-mapper",
|
|
1664
|
+
"saml-user-property-mapper",
|
|
1665
|
+
"oidc-sha256-pairwise-sub-mapper",
|
|
1666
|
+
"saml-role-list-mapper",
|
|
1667
1667
|
"oidc-full-name-mapper"
|
|
1668
1668
|
]
|
|
1669
1669
|
}
|
|
@@ -1694,14 +1694,14 @@
|
|
|
1694
1694
|
"subComponents": {},
|
|
1695
1695
|
"config": {
|
|
1696
1696
|
"allowed-protocol-mapper-types": [
|
|
1697
|
-
"
|
|
1698
|
-
"oidc-full-name-mapper",
|
|
1697
|
+
"oidc-usermodel-attribute-mapper",
|
|
1699
1698
|
"oidc-sha256-pairwise-sub-mapper",
|
|
1700
|
-
"saml-user-property-mapper",
|
|
1701
|
-
"oidc-usermodel-property-mapper",
|
|
1702
1699
|
"saml-role-list-mapper",
|
|
1703
1700
|
"oidc-address-mapper",
|
|
1704
|
-
"oidc-
|
|
1701
|
+
"oidc-full-name-mapper",
|
|
1702
|
+
"saml-user-property-mapper",
|
|
1703
|
+
"oidc-usermodel-property-mapper",
|
|
1704
|
+
"saml-user-attribute-mapper"
|
|
1705
1705
|
]
|
|
1706
1706
|
}
|
|
1707
1707
|
},
|
|
@@ -333,7 +333,7 @@ function editAccountConsoleAndSecurityAdminConsole(params: {
|
|
|
333
333
|
"claim.value": '["*"]',
|
|
334
334
|
"userinfo.token.claim": "true",
|
|
335
335
|
"id.token.claim": "false",
|
|
336
|
-
"lightweight.claim": "
|
|
336
|
+
"lightweight.claim": "true",
|
|
337
337
|
"access.token.claim": "true",
|
|
338
338
|
"claim.name": "allowed-origins",
|
|
339
339
|
"jsonType.label": "JSON",
|
|
@@ -1,6 +1,5 @@
|
|
|
1
1
|
import type { BuildContext } from "../../shared/buildContext";
|
|
2
2
|
import { assert } from "tsafe/assert";
|
|
3
|
-
import { runPrettier, getIsPrettierAvailable } from "../../tools/runPrettier";
|
|
4
3
|
import { getDefaultConfig } from "./defaultConfig";
|
|
5
4
|
import {
|
|
6
5
|
prepareRealmConfig,
|
|
@@ -14,7 +13,11 @@ import {
|
|
|
14
13
|
sep as pathSep
|
|
15
14
|
} from "path";
|
|
16
15
|
import { existsAsync } from "../../tools/fs.existsAsync";
|
|
17
|
-
import {
|
|
16
|
+
import {
|
|
17
|
+
readRealmJsonFile,
|
|
18
|
+
writeRealmJsonFile,
|
|
19
|
+
type ParsedRealmJson
|
|
20
|
+
} from "./ParsedRealmJson";
|
|
18
21
|
import {
|
|
19
22
|
dumpContainerConfig,
|
|
20
23
|
type BuildContextLike as BuildContextLike_dumpContainerConfig
|
|
@@ -80,22 +83,11 @@ export async function getRealmConfig(params: {
|
|
|
80
83
|
}
|
|
81
84
|
}
|
|
82
85
|
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
if (await getIsPrettierAvailable()) {
|
|
89
|
-
sourceCode = await runPrettier({
|
|
90
|
-
sourceCode,
|
|
91
|
-
filePath: realmJsonFilePath
|
|
92
|
-
});
|
|
93
|
-
}
|
|
94
|
-
|
|
95
|
-
fs.writeFileSync(realmJsonFilePath, sourceCode);
|
|
96
|
-
};
|
|
97
|
-
|
|
98
|
-
await writeRealmJsonFile({ parsedRealmJson });
|
|
86
|
+
await writeRealmJsonFile({
|
|
87
|
+
realmJsonFilePath,
|
|
88
|
+
parsedRealmJson,
|
|
89
|
+
keycloakMajorVersionNumber
|
|
90
|
+
});
|
|
99
91
|
|
|
100
92
|
const { onRealmConfigChange } = (() => {
|
|
101
93
|
const run = runExclusive.build(async () => {
|
|
@@ -119,7 +111,11 @@ export async function getRealmConfig(params: {
|
|
|
119
111
|
return;
|
|
120
112
|
}
|
|
121
113
|
|
|
122
|
-
await writeRealmJsonFile({
|
|
114
|
+
await writeRealmJsonFile({
|
|
115
|
+
realmJsonFilePath,
|
|
116
|
+
parsedRealmJson,
|
|
117
|
+
keycloakMajorVersionNumber
|
|
118
|
+
});
|
|
123
119
|
|
|
124
120
|
console.log(
|
|
125
121
|
[
|