Update deployment option "integration"
- The entire integration folder was refactured.
- Please follow the instruction in README.md
Issue-Id: OAM-217
Change-Id: I7822fd928ee759ff4738f9673a4320e2409772e7
Signed-off-by: demx8as6 <martin.skorupski@highstreet-technologies.com>
diff --git a/solution/integration/smo/common/.env b/solution/integration/smo/common/.env
new file mode 100644
index 0000000..6f4e5c8
--- /dev/null
+++ b/solution/integration/smo/common/.env
@@ -0,0 +1,49 @@
+################################################################################
+# Copyright 2021 highstreet technologies and others
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+COMPOSE_PROJECT_NAME=o-ran-sc-d-release
+
+# Credentials
+
+ADMIN_USERNAME=admin
+ADMIN_PASSWORD=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+
+# Network settings
+# Please update /etc/docker/daemon.json accordingly
+# https://docs.docker.com/config/daemon/ipv6/
+NETWORK_SUBNET_SMO=2001:db8:1:40::/96
+NETWORK_GATEWAY_SMO=2001:db8:1:40::1
+
+# Identity server
+IDENTITY_IMAGE=quay.io/keycloak/keycloak:12.0.4
+IDENTITY_PORT=8081
+IDENTITY_PROVIDER_URL=http://identity:8081
+
+# Topology server
+TOPOLOGY_IMAGE=docker.io/hightec/smo-topology-api-v2:2.0.2-SNAPSHOT-20210315T160448Z
+TOPOLOGY_PROVIDERS=5GBerlin,winlab
+
+# PERSISTENCE (including SDN-R Database)
+PERSISTENCE_IMAGE=docker.elastic.co/elasticsearch/elasticsearch-oss:7.9.3
+
+## ZooKeeper
+ZOOKEEPER_IMAGE=nexus3.onap.org:10001/onap/dmaap/zookeeper:6.0.3
+
+## Kafka
+KAFKA_IMAGE=nexus3.onap.org:10001/onap/dmaap/kafka111:1.0.4
+
+## DMaaP
+DMAAP_IMAGE=nexus3.onap.org:10001/onap/dmaap/dmaap-mr:1.1.18
\ No newline at end of file
diff --git a/solution/integration/smo/common/dmaap/MsgRtrApi.properties b/solution/integration/smo/common/dmaap/MsgRtrApi.properties
new file mode 100644
index 0000000..33ff0fd
--- /dev/null
+++ b/solution/integration/smo/common/dmaap/MsgRtrApi.properties
@@ -0,0 +1,169 @@
+###############################################################################
+# ============LICENSE_START=======================================================
+# org.onap.dmaap
+# ================================================================================
+# Copyright � 2017 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+#
+###############################################################################
+###############################################################################
+##
+## Cambria API Server config
+##
+## - Default values are shown as commented settings.
+##
+
+###############################################################################
+##
+## HTTP service
+##
+## - 3904 is standard as of 7/29/14.
+#
+## Zookeeper Connection
+##
+## Both Cambria and Kafka make use of Zookeeper.
+##
+#config.zk.servers=172.18.1.1
+config.zk.servers=zookeeper
+#config.zk.root=/fe3c/cambria/config
+
+
+###############################################################################
+##
+## Kafka Connection
+##
+## Items below are passed through to Kafka's producer and consumer
+## configurations (after removing "kafka.")
+## if you want to change request.required.acks it can take this one value
+#kafka.metadata.broker.list=localhost:9092,localhost:9093
+kafka.metadata.broker.list=kafka:9092
+##kafka.request.required.acks=-1
+#kafka.client.zookeeper=${config.zk.servers}
+consumer.timeout.ms=100
+zookeeper.connection.timeout.ms=6000
+zookeeper.session.timeout.ms=20000
+zookeeper.sync.time.ms=2000
+auto.commit.interval.ms=1000
+fetch.message.max.bytes =1000000
+auto.commit.enable=false
+
+#(backoff*retries > zksessiontimeout)
+kafka.rebalance.backoff.ms=10000
+kafka.rebalance.max.retries=6
+
+
+###############################################################################
+##
+## Secured Config
+##
+## Some data stored in the config system is sensitive -- API keys and secrets,
+## for example. to protect it, we use an encryption layer for this section
+## of the config.
+##
+## The key is a base64 encode AES key. This must be created/configured for
+## each installation.
+#cambria.secureConfig.key=
+##
+## The initialization vector is a 16 byte value specific to the secured store.
+## This must be created/configured for each installation.
+#cambria.secureConfig.iv=
+
+## Southfield Sandbox
+cambria.secureConfig.key=b/7ouTn9FfEw2PQwL0ov/Q==
+cambria.secureConfig.iv=wR9xP5k5vbz/xD0LmtqQLw==
+authentication.adminSecret=fe3cCompound
+#cambria.secureConfig.key[pc569h]=YT3XPyxEmKCTLI2NK+Sjbw==
+#cambria.secureConfig.iv[pc569h]=rMm2jhR3yVnU+u2V9Ugu3Q==
+
+
+###############################################################################
+##
+## Consumer Caching
+##
+## Kafka expects live connections from the consumer to the broker, which
+## obviously doesn't work over connectionless HTTP requests. The Cambria
+## server proxies HTTP requests into Kafka consumer sessions that are kept
+## around for later re-use. Not doing so is costly for setup per request,
+## which would substantially impact a high volume consumer's performance.
+##
+## This complicates Cambria server failover, because we often need server
+## A to close its connection before server B brings up the replacement.
+##
+
+## The consumer cache is normally enabled.
+#cambria.consumer.cache.enabled=true
+
+## Cached consumers are cleaned up after a period of disuse. The server inspects
+## consumers every sweepFreqSeconds and will clean up any connections that are
+## dormant for touchFreqMs.
+#cambria.consumer.cache.sweepFreqSeconds=15
+cambria.consumer.cache.touchFreqMs=120000
+##stickforallconsumerrequests=false
+## The cache is managed through ZK. The default value for the ZK connection
+## string is the same as config.zk.servers.
+#cambria.consumer.cache.zkConnect=${config.zk.servers}
+
+##
+## Shared cache information is associated with this node's name. The default
+## name is the hostname plus the HTTP service port this host runs on. (The
+## hostname is determined via InetAddress.getLocalHost ().getCanonicalHostName(),
+## which is not always adequate.) You can set this value explicitly here.
+##
+#cambria.api.node.identifier=<use-something-unique-to-this-instance>
+
+#cambria.rateLimit.maxEmptyPollsPerMinute=30
+#cambria.rateLimitActual.delay.ms=10
+
+###############################################################################
+##
+## Metrics Reporting
+##
+## This server can report its metrics periodically on a topic.
+##
+#metrics.send.cambria.enabled=true
+#metrics.send.cambria.topic=cambria.apinode.metrics #msgrtr.apinode.metrics.dmaap
+#metrics.send.cambria.sendEverySeconds=60
+
+cambria.consumer.cache.zkBasePath=/fe3c/cambria/consumerCache
+consumer.timeout=17
+
+##############################################################################
+#100mb
+maxcontentlength=10000
+
+
+##############################################################################
+#AAF Properties
+msgRtr.namespace.aaf=org.onap.dmaap.mr.topic
+msgRtr.topicfactory.aaf=org.onap.dmaap.mr.topicFactory|:org.onap.dmaap.mr.topic:
+enforced.topic.name.AAF=org.onap.dmaap.mr
+forceAAF=false
+transidUEBtopicreqd=false
+defaultNSforUEB=org.onap.dmaap.mr
+##############################################################################
+#Mirror Maker Agent
+msgRtr.mirrormakeradmin.aaf=org.onap.dmaap.mr.mirrormaker|*|admin
+msgRtr.mirrormakeruser.aaf=org.onap.dmaap.mr.mirrormaker|*|user
+msgRtr.mirrormakeruser.aaf.create=org.onap.dmaap.mr.topicFactory|:org.onap.dmaap.mr.topic:
+msgRtr.mirrormaker.timeout=15000
+msgRtr.mirrormaker.topic=org.onap.dmaap.mr.mmagent
+msgRtr.mirrormaker.consumergroup=mmagentserver
+msgRtr.mirrormaker.consumerid=1
+
+kafka.max.poll.interval.ms=300000
+kafka.heartbeat.interval.ms=60000
+kafka.session.timeout.ms=240000
+kafka.max.poll.records=1000
\ No newline at end of file
diff --git a/solution/integration/smo/common/dmaap/cadi.properties b/solution/integration/smo/common/dmaap/cadi.properties
new file mode 100644
index 0000000..dca56c8
--- /dev/null
+++ b/solution/integration/smo/common/dmaap/cadi.properties
@@ -0,0 +1,19 @@
+aaf_locate_url=https://aaf-locate.{{ include "common.namespace" . }}:8095
+aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1
+aaf_env=DEV
+aaf_lur=org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm
+
+cadi_truststore=/appl/dmaapMR1/etc/org.onap.dmaap.mr.trust.jks
+cadi_truststore_password=enc:mN6GiIzFQxKGDzAXDOs7b4j8DdIX02QrZ9QOWNRpxV3rD6whPCfizSMZkJwxi_FJ
+
+cadi_keyfile=/appl/dmaapMR1/etc/org.onap.dmaap.mr.keyfile
+
+cadi_alias=dmaapmr@mr.dmaap.onap.org
+cadi_keystore=/appl/dmaapMR1/etc/org.onap.dmaap.mr.p12
+cadi_keystore_password=enc:_JJT2gAEkRzXla5xfDIHal8pIoIB5iIos3USvZQT6sL-l14LpI5fRFR_QIGUCh5W
+cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US
+
+cadi_loglevel=INFO
+cadi_protocols=TLSv1.1,TLSv1.2
+cadi_latitude=37.78187
+cadi_longitude=-122.26147
\ No newline at end of file
diff --git a/solution/integration/smo/common/dmaap/logback.xml b/solution/integration/smo/common/dmaap/logback.xml
new file mode 100644
index 0000000..f02a2db
--- /dev/null
+++ b/solution/integration/smo/common/dmaap/logback.xml
@@ -0,0 +1,208 @@
+<!--
+ ============LICENSE_START=======================================================
+ Copyright © 2019 AT&T Intellectual Property. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END=========================================================
+ -->
+
+<configuration scan="true" scanPeriod="3 seconds" debug="false">
+ <contextName>${module.ajsc.namespace.name}</contextName>
+ <jmxConfigurator />
+ <property name="logDirectory" value="${AJSC_HOME}/log" />
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>ERROR</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <encoder>
+ <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n
+ </pattern>
+ </encoder>
+ </appender>
+
+ <appender name="INFO" class="ch.qos.logback.core.ConsoleAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>INFO</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ </appender>
+
+ <appender name="DEBUG" class="ch.qos.logback.core.ConsoleAppender">
+
+ <encoder>
+ <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="ERROR" class="ch.qos.logback.core.ConsoleAppender"> class="ch.qos.logback.core.ConsoleAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>ERROR</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <encoder>
+ <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
+ </encoder>
+ </appender>
+
+
+ <!-- Msgrtr related loggers -->
+ <logger name="org.onap.dmaap.dmf.mr.service" level="INFO" />
+ <logger name="org.onap.dmaap.dmf.mr.service.impl" level="INFO" />
+
+ <logger name="org.onap.dmaap.dmf.mr.resources" level="INFO" />
+ <logger name="org.onap.dmaap.dmf.mr.resources.streamReaders" level="INFO" />
+
+ <logger name="org.onap.dmaap.dmf.mr.backends" level="INFO" />
+ <logger name="org.onap.dmaap.dmf.mr.backends.kafka" level="INFO" />
+ <logger name="org.onap.dmaap.dmf.mr.backends.memory" level="INFO" />
+
+ <logger name="org.onap.dmaap.dmf.mr.beans" level="INFO" />
+
+ <logger name="org.onap.dmaap.dmf.mr.constants" level="INFO" />
+
+ <logger name="org.onap.dmaap.dmf.mr.exception" level="INFO" />
+
+ <logger name="org.onap.dmaap.dmf.mr.listener" level="INFO" />
+
+ <logger name="org.onap.dmaap.dmf.mr.metabroker" level="INFO" />
+
+ <logger name="org.onap.dmaap.dmf.mr.metrics.publisher" level="INFO" />
+ <logger name="org.onap.dmaap.dmf.mr.metrics.publisher.impl" level="INFO" />
+
+
+
+ <logger name="org.onap.dmaap.dmf.mr.security" level="INFO" />
+ <logger name="org.onap.dmaap.dmf.mr.security.impl" level="INFO" />
+
+ <logger name="org.onap.dmaap.dmf.mr.transaction" level="INFO" />
+ <logger name="com.att.dmf.mr.transaction.impl" level="INFO" />
+
+ <logger name="org.onap.dmaap.dmf.mr.metabroker" level="INFO" />
+ <logger name="org.onap.dmaap.dmf.mr.metabroker" level="INFO" />
+
+ <logger name="org.onap.dmaap.dmf.mr.utils" level="INFO" />
+ <logger name="org.onap.dmaap.mr.filter" level="INFO" />
+
+ <!--<logger name="com.att.nsa.cambria.*" level="INFO" />-->
+
+ <!-- Msgrtr loggers in ajsc -->
+ <logger name="org.onap.dmaap.service" level="INFO" />
+ <logger name="org.onap.dmaap" level="INFO" />
+
+
+ <!-- Spring related loggers -->
+ <logger name="org.springframework" level="WARN" additivity="false"/>
+ <logger name="org.springframework.beans" level="WARN" additivity="false"/>
+ <logger name="org.springframework.web" level="WARN" additivity="false" />
+ <logger name="com.blog.spring.jms" level="WARN" additivity="false" />
+
+ <!-- AJSC Services (bootstrap services) -->
+ <logger name="ajsc" level="WARN" additivity="false"/>
+ <logger name="ajsc.RouteMgmtService" level="INFO" additivity="false"/>
+ <logger name="ajsc.ComputeService" level="INFO" additivity="false" />
+ <logger name="ajsc.VandelayService" level="WARN" additivity="false"/>
+ <logger name="ajsc.FilePersistenceService" level="WARN" additivity="false"/>
+ <logger name="ajsc.UserDefinedJarService" level="WARN" additivity="false" />
+ <logger name="ajsc.UserDefinedBeansDefService" level="WARN" additivity="false" />
+ <logger name="ajsc.LoggingConfigurationService" level="WARN" additivity="false" />
+
+ <!-- AJSC related loggers (DME2 Registration, csi logging, restlet, servlet
+ logging) -->
+ <logger name="ajsc.utils" level="WARN" additivity="false"/>
+ <logger name="ajsc.utils.DME2Helper" level="INFO" additivity="false" />
+ <logger name="ajsc.filters" level="DEBUG" additivity="false" />
+ <logger name="ajsc.beans.interceptors" level="DEBUG" additivity="false" />
+ <logger name="ajsc.restlet" level="DEBUG" additivity="false" />
+ <logger name="ajsc.servlet" level="DEBUG" additivity="false" />
+ <logger name="com.att" level="WARN" additivity="false" />
+ <logger name="com.att.ajsc.csi.logging" level="WARN" additivity="false" />
+ <logger name="com.att.ajsc.filemonitor" level="WARN" additivity="false"/>
+
+ <logger name="com.att.nsa.dmaap.util" level="INFO" additivity="false"/>
+ <logger name="com.att.cadi.filter" level="INFO" additivity="false" />
+
+
+ <!-- Other Loggers that may help troubleshoot -->
+ <logger name="net.sf" level="WARN" additivity="false" />
+ <logger name="org.apache.commons.httpclient" level="WARN" additivity="false"/>
+ <logger name="org.apache.commons" level="WARN" additivity="false" />
+ <logger name="org.apache.coyote" level="WARN" additivity="false"/>
+ <logger name="org.apache.jasper" level="WARN" additivity="false"/>
+
+ <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging.
+ May aid in troubleshooting) -->
+ <logger name="org.apache.camel" level="WARN" additivity="false" />
+ <logger name="org.apache.cxf" level="WARN" additivity="false" />
+ <logger name="org.apache.camel.processor.interceptor" level="WARN" additivity="false"/>
+ <logger name="org.apache.cxf.jaxrs.interceptor" level="WARN" additivity="false" />
+ <logger name="org.apache.cxf.service" level="WARN" additivity="false" />
+ <logger name="org.restlet" level="DEBUG" additivity="false" />
+ <logger name="org.apache.camel.component.restlet" level="DEBUG" additivity="false" />
+ <logger name="org.apache.kafka" level="DEBUG" additivity="false" />
+ <logger name="org.apache.zookeeper" level="INFO" additivity="false" />
+ <logger name="org.I0Itec.zkclient" level="DEBUG" additivity="false" />
+
+ <!-- logback internals logging -->
+ <logger name="ch.qos.logback.classic" level="INFO" additivity="false"/>
+ <logger name="ch.qos.logback.core" level="INFO" additivity="false" />
+
+ <!-- logback jms appenders & loggers definition starts here -->
+ <!-- logback jms appenders & loggers definition starts here -->
+ <appender name="auditLogs" class="ch.qos.logback.core.ConsoleAppender">
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ </filter>
+ <encoder>
+ <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
+ </encoder>
+ </appender>
+ <appender name="perfLogs" class="ch.qos.logback.core.ConsoleAppender">
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ </filter>
+ <encoder>
+ <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
+ </encoder>
+ </appender>
+ <appender name="ASYNC-audit" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>1000</queueSize>
+ <discardingThreshold>0</discardingThreshold>
+ <appender-ref ref="Audit-Record-Queue" />
+ </appender>
+
+ <logger name="AuditRecord" level="INFO" additivity="FALSE">
+ <appender-ref ref="STDOUT" />
+ </logger>
+ <logger name="AuditRecord_DirectCall" level="INFO" additivity="FALSE">
+ <appender-ref ref="STDOUT" />
+ </logger>
+ <appender name="ASYNC-perf" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>1000</queueSize>
+ <discardingThreshold>0</discardingThreshold>
+ <appender-ref ref="Performance-Tracker-Queue" />
+ </appender>
+ <logger name="PerfTrackerRecord" level="INFO" additivity="FALSE">
+ <appender-ref ref="ASYNC-perf" />
+ <appender-ref ref="perfLogs" />
+ </logger>
+ <!-- logback jms appenders & loggers definition ends here -->
+
+ <root level="DEBUG">
+ <appender-ref ref="DEBUG" />
+ <appender-ref ref="ERROR" />
+ <appender-ref ref="INFO" />
+ <appender-ref ref="STDOUT" />
+ </root>
+
+</configuration>
diff --git a/solution/integration/smo/common/docker-compose.yml b/solution/integration/smo/common/docker-compose.yml
new file mode 100755
index 0000000..e3088fd
--- /dev/null
+++ b/solution/integration/smo/common/docker-compose.yml
@@ -0,0 +1,121 @@
+################################################################################
+# Copyright 2021 highstreet technologies GmbH
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+version: '3.8'
+services:
+ identity:
+ image: ${IDENTITY_IMAGE}
+ container_name: identity
+ ports:
+ - ${IDENTITY_PORT}:${IDENTITY_PORT}
+ environment:
+ - KEYCLOAK_USER=${ADMIN_USERNAME}
+ - KEYCLOAK_PASSWORD=${ADMIN_PASSWORD}
+ - JAVA_OPTS=-Djboss.http.port=${IDENTITY_PORT}
+ networks:
+ dmz:
+
+ topology:
+ image: ${TOPOLOGY_IMAGE}
+ container_name: topology
+ ports:
+ - 3001:3001
+ environment:
+ - AUTH_ENABLED=true
+ - AUTH_HOST_URL=${IDENTITY_PROVIDER_URL}
+ # - AUTH_CONFIG_FILE
+ - PROVIDERS=${TOPOLOGY_PROVIDERS}
+ - LOAD_PACKAGES=com.highstreet
+
+ persistence:
+ image: ${PERSISTENCE_IMAGE}
+ container_name: persistence
+ environment:
+ - discovery.type=single-node
+
+ zookeeper:
+ image: ${ZOOKEEPER_IMAGE}
+ container_name: zookeeper
+ ports:
+ - 2181:2181
+ environment:
+ ZOOKEEPER_REPLICAS: 1
+ ZOOKEEPER_TICK_TIME: 2000
+ ZOOKEEPER_SYNC_LIMIT: 5
+ ZOOKEEPER_INIT_LIMIT: 10
+ ZOOKEEPER_MAX_CLIENT_CNXNS: 200
+ ZOOKEEPER_AUTOPURGE_SNAP_RETAIN_COUNT: 3
+ ZOOKEEPER_AUTOPURGE_PURGE_INTERVAL: 24
+ ZOOKEEPER_CLIENT_PORT: 2181
+ KAFKA_OPTS: -Djava.security.auth.login.config=/etc/zookeeper/secrets/jaas/zk_server_jaas.conf -Dzookeeper.kerberos.removeHostFromPrincipal=true -Dzookeeper.kerberos.removeRealmFromPrincipal=true -Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider -Dzookeeper.requireClientAuthScheme=sasl
+ ZOOKEEPER_SERVER_ID:
+ volumes:
+ - ./zookeeper/zk_server_jaas.conf:/etc/zookeeper/secrets/jaas/zk_server_jaas.conf
+
+ kafka:
+ image: ${KAFKA_IMAGE}
+ container_name: kafka
+ ports:
+ - 9092:9092
+ environment:
+ enableCadi: 'false'
+ KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
+ KAFKA_ZOOKEEPER_CONNECTION_TIMEOUT_MS: 40000
+ KAFKA_ZOOKEEPER_SESSION_TIMEOUT_MS: 40000
+ KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: INTERNAL_PLAINTEXT:PLAINTEXT,EXTERNAL_PLAINTEXT:PLAINTEXT
+ KAFKA_ADVERTISED_LISTENERS: INTERNAL_PLAINTEXT://kafka:9092
+ KAFKA_LISTENERS: INTERNAL_PLAINTEXT://0.0.0.0:9092
+ KAFKA_INTER_BROKER_LISTENER_NAME: INTERNAL_PLAINTEXT
+ KAFKA_CONFLUENT_SUPPORT_METRICS_ENABLE: 'false'
+ KAFKA_OPTS: -Djava.security.auth.login.config=/etc/kafka/secrets/jaas/zk_client_jaas.conf
+ KAFKA_ZOOKEEPER_SET_ACL: 'true'
+ KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
+ # Reduced the number of partitions only to avoid the timeout error for the first subscribe call in slow environment
+ KAFKA_OFFSETS_TOPIC_NUM_PARTITIONS: 1
+ volumes:
+ - ./kafka/zk_client_jaas.conf:/etc/kafka/secrets/jaas/zk_client_jaas.conf
+ depends_on:
+ - zookeeper
+
+ dmaap:
+ container_name: onap-dmaap
+ image: ${DMAAP_IMAGE}
+ ports:
+ - 3904:3904
+ - 3905:3905
+ environment:
+ enableCadi: 'false'
+ volumes:
+ - ./dmaap/MsgRtrApi.properties:/appl/dmaapMR1/bundleconfig/etc/appprops/MsgRtrApi.properties
+ - ./dmaap/logback.xml:/appl/dmaapMR1/bundleconfig/etc/logback.xml
+ - ./dmaap/cadi.properties:/appl/dmaapMR1/etc/cadi.properties
+ depends_on:
+ - zookeeper
+ - kafka
+
+networks:
+ dmz:
+ driver: bridge
+ name: dmz
+ enable_ipv6: false
+ default:
+ driver: bridge
+ name: smo
+ enable_ipv6: true
+ ipam:
+ driver: default
+ config:
+ - subnet: ${NETWORK_SUBNET_SMO}
+ gateway: ${NETWORK_GATEWAY_SMO}
diff --git a/solution/integration/smo/common/docker/README.md b/solution/integration/smo/common/docker/README.md
new file mode 100644
index 0000000..a36804f
--- /dev/null
+++ b/solution/integration/smo/common/docker/README.md
@@ -0,0 +1,32 @@
+# Docker configuration
+
+To support IPv6 the docker configuration must be modified.
+
+Please see:
+https://docs.docker.com/config/daemon/ipv6/
+
+1. Edit /etc/docker/daemon.json, set the ipv6 key to true and the fixed-cidr-v6 key to your IPv6 subnet. In this example we are setting it to 2001:db8:1::/64.
+
+
+```
+{
+ "dns": ["1.1.1.1"],
+ "registry-mirrors": [
+ "https://nexus3.o-ran-sc.org:10004",
+ "https://nexus3.onap.org:10001"
+ ],
+ "log-driver": "json-file",
+ "log-opts": {
+ "max-size": "10m",
+ "max-file": "3"
+ },
+ "ipv6": true,
+ "fixed-cidr-v6": "2001:db8:1::/64"
+}
+```
+
+2. Reload the Docker configuration file.
+
+```
+$ systemctl reload docker
+```
\ No newline at end of file
diff --git a/solution/integration/smo/common/docker/daemon.json b/solution/integration/smo/common/docker/daemon.json
new file mode 100644
index 0000000..1573447
--- /dev/null
+++ b/solution/integration/smo/common/docker/daemon.json
@@ -0,0 +1,14 @@
+{
+ "dns": ["1.1.1.1"],
+ "registry-mirrors": [
+ "https://nexus3.o-ran-sc.org:10004",
+ "https://nexus3.onap.org:10001"
+ ],
+ "log-driver": "json-file",
+ "log-opts": {
+ "max-size": "10m",
+ "max-file": "3"
+ },
+ "ipv6": true,
+ "fixed-cidr-v6": "2001:db8:1::/64"
+}
diff --git a/solution/integration/smo/common/identity/authentication.json b/solution/integration/smo/common/identity/authentication.json
new file mode 100644
index 0000000..bc4a5bc
--- /dev/null
+++ b/solution/integration/smo/common/identity/authentication.json
@@ -0,0 +1,116 @@
+{
+ "roles": {
+ "administration": [
+ {
+ "id": "66f90a7a-3766-4f69-989d-c94910e0bad6",
+ "name": "administration"
+ }
+ ],
+ "provision": [
+ {
+ "id": "7c6d7309-c7c1-4a51-8a85-bd6713af5ca7",
+ "name": "provision"
+ }
+ ],
+ "supervision": [
+ {
+ "id": "d2594199-99c2-4e0c-9b33-94b0a84b569a",
+ "name": "supervision"
+ }
+ ]
+ },
+ "users": [
+ {
+ "firstName": "Leia",
+ "lastName": "Organa",
+ "email": "leia.organa@sdnr.onap.org",
+ "enabled": "true",
+ "username": "leia.organa",
+ "credentials": [
+ {
+ "type": "password",
+ "value": "Default4SDN!",
+ "temporary": false
+ }
+ ]
+ },
+ {
+ "firstName": "R2",
+ "lastName": "D2",
+ "email": "r2.d2@sdnr.onap.org",
+ "enabled": "true",
+ "username": "r2.d2",
+ "credentials": [
+ {
+ "type": "password",
+ "value": "Default4SDN!",
+ "temporary": false
+ }
+ ]
+ },
+ {
+ "firstName": "Luke",
+ "lastName": "Skywalker",
+ "email": "luke.skywalker@sdnr.onap.org",
+ "enabled": "true",
+ "username": "luke.skywalker",
+ "credentials": [
+ {
+ "type": "password",
+ "value": "Default4SDN!",
+ "temporary": false
+ }
+ ]
+ },
+ {
+ "firstName": "Jargo",
+ "lastName": "Fett",
+ "email": "jargo.fett@sdnr.onap.org",
+ "enabled": "true",
+ "username": "jargo.fett",
+ "credentials": [
+ {
+ "type": "password",
+ "value": "Default4SDN!",
+ "temporary": false
+ }
+ ]
+ },
+ {
+ "firstName": "Martin",
+ "lastName": "Skorupski",
+ "email": "martin.skorupski@sdnr.onap.org",
+ "enabled": "true",
+ "username": "martin.skorupski",
+ "credentials": [
+ {
+ "type": "password",
+ "value": "Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U",
+ "temporary": false
+ }
+ ]
+ }
+ ],
+ "grants": [
+ {
+ "username":"leia.organa",
+ "role":"administration"
+ },
+ {
+ "username":"r2.d2",
+ "role":"administration"
+ },
+ {
+ "username":"luke.skywalker",
+ "role":"provision"
+ },
+ {
+ "username":"jargo.fett",
+ "role":"supervision"
+ },
+ {
+ "username":"martin.skorupski",
+ "role":"administration"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/solution/integration/smo/common/identity/config.py b/solution/integration/smo/common/identity/config.py
new file mode 100644
index 0000000..649026c
--- /dev/null
+++ b/solution/integration/smo/common/identity/config.py
@@ -0,0 +1,222 @@
+#!/usr/bin/env python
+################################################################################
+# Copyright 2021 highstreet technologies GmbH
+#
+# Licensed under the Apache License, Version 2.0 (the 'License');
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an 'AS IS' BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# importing the sys, json, requests library
+import os
+import sys
+import json
+import requests
+import getpass
+
+# global configurations
+# TODO: read from ../.env
+base = 'http://localhost:8081'
+username = 'admin'
+password = 'Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U'
+realmFile = os.path.dirname(os.path.abspath(__file__)) + '/o-ran-sc-realm.json'
+authFile = os.path.dirname(os.path.abspath(__file__)) + '/authentication.json'
+
+# Request a token for futher communication
+def getToken():
+ url = base + '/auth/realms/master/protocol/openid-connect/token'
+ headers = {
+ 'content-type': 'application/x-www-form-urlencoded',
+ 'accept': 'application/json'
+ }
+ body = {
+ 'client_id':'admin-cli',
+ 'grant_type': 'password',
+ 'username': username,
+ 'password': password
+ }
+ try:
+ response = requests.post(url, verify=False, auth=(username, password), data=body, headers=headers)
+ except requests.exceptions.Timeout:
+ sys.exit('HTTP request failed, please check you internet connection.')
+ except requests.exceptions.TooManyRedirects:
+ sys.exit('HTTP request failed, please check your proxy settings.')
+ except requests.exceptions.RequestException as e:
+ # catastrophic error. bail.
+ raise SystemExit(e)
+
+ if response.status_code >= 200 and response.status_code < 300:
+ print('Got tocken!')
+ return response.json()['access_token']
+ else:
+ sys.exit('Getting token failed.')
+
+# create the default realm from file
+def createRealm(token, realm):
+ url = base + '/auth/admin/realms'
+ auth = 'bearer ' + token
+ headers = {
+ 'content-type': 'application/json',
+ 'accept': 'application/json',
+ 'authorization': auth
+ }
+ try:
+ response = requests.post(url, verify=False, json=realm, headers=headers)
+ except requests.exceptions.Timeout:
+ sys.exit('HTTP request failed, please check you internet connection.')
+ except requests.exceptions.TooManyRedirects:
+ sys.exit('HTTP request failed, please check your proxy settings.')
+ except requests.exceptions.RequestException as e:
+ # catastrophic error. bail.
+ raise SystemExit(e)
+
+ return response.status_code >= 200 and response.status_code < 300
+
+# Check if default realm exists
+def checkRealmExists(token, realmId):
+ url = base + '/auth/admin/realms/' + realmId
+ auth = 'bearer ' + token
+ headers = {
+ 'accept': 'application/json',
+ 'authorization': auth
+ }
+ try:
+ response = requests.get(url, verify=False, headers=headers)
+ except requests.exceptions.Timeout:
+ sys.exit('HTTP request failed, please check you internet connection.')
+ except requests.exceptions.TooManyRedirects:
+ sys.exit('HTTP request failed, please check your proxy settings.')
+ except requests.exceptions.RequestException as e:
+ # catastrophic error. bail.
+ raise SystemExit(e)
+
+ if response.status_code >= 200 and response.status_code < 300:
+ return realmId == response.json()['id']
+ else:
+ # sys.exit('Getting realm failed.')
+ return False
+
+# create a user in default realm
+def createUser(token, realmId, user):
+ url = base + '/auth/admin/realms/' + realmId + '/users'
+ auth = 'bearer ' + token
+ headers = {
+ 'accept': 'application/json',
+ 'authorization': auth
+ }
+ try:
+ response = requests.post(url, verify=False, json=user, headers=headers)
+ except requests.exceptions.Timeout:
+ sys.exit('HTTP request failed, please check you internet connection.')
+ except requests.exceptions.TooManyRedirects:
+ sys.exit('HTTP request failed, please check your proxy settings.')
+ except requests.exceptions.RequestException as e:
+ # catastrophic error. bail.
+ raise SystemExit(e)
+
+ if response.status_code >= 200 and response.status_code < 300:
+ print('User', user['username'], 'created!')
+ else:
+ print('User creation', user['username'], 'failed!\n', response.text)
+
+# creates User accounts in realm based a file
+def createUsers(token, realm, authConfig):
+ for user in authConfig['users']:
+ createUser(token, realm, user)
+
+ # create a user based on system user
+ systemUser = {
+ "firstName": getpass.getuser(),
+ "lastName": "",
+ "email": getpass.getuser() + "@sdnr.onap.org",
+ "enabled": "true",
+ "username": getpass.getuser(),
+ "credentials": [
+ {
+ "type": "password",
+ "value": password,
+ "temporary": False
+ }
+ ]
+ }
+ createUser(token, realm, systemUser)
+
+# Grants a role to a user
+def addUserRole(user, role, options):
+ url = options['url'] + '/' + user['id'] + '/role-mappings/realm'
+ try:
+ response = requests.post(url, verify=False, json=role, headers=options['headers'])
+ except requests.exceptions.Timeout:
+ sys.exit('HTTP request failed, please check you internet connection.')
+ except requests.exceptions.TooManyRedirects:
+ sys.exit('HTTP request failed, please check your proxy settings.')
+ except requests.exceptions.RequestException as e:
+ # catastrophic error. bail.
+ raise SystemExit(e)
+
+ if response.status_code >= 200 and response.status_code < 300:
+ print('User role', user['username'], role[0]['name'], 'created!')
+ else:
+ print('Creation of user role', user['username'], role[0]['name'], 'failed!\n', response.text)
+
+# searches for the role of a given user
+def findRole(user, authConfig):
+ roleName='administration'
+ for grant in authConfig['grants']:
+ if grant['username'] == user:
+ roleName= grant['role']
+ role=authConfig['roles'][roleName]
+ return role
+
+# adds roles to users
+def addUserRoles(token, realmId, authConfig):
+ url = base + '/auth/admin/realms/' + realmId + '/users'
+ auth = 'bearer ' + token
+ headers = {
+ 'content-type': 'application/json',
+ 'accept': 'application/json',
+ 'authorization': auth
+ }
+ try:
+ response = requests.get(url, verify=False, headers=headers)
+ except requests.exceptions.Timeout:
+ sys.exit('HTTP request failed, please check you internet connection.')
+ except requests.exceptions.TooManyRedirects:
+ sys.exit('HTTP request failed, please check your proxy settings.')
+ except requests.exceptions.RequestException as e:
+ # catastrophic error. bail.
+ raise SystemExit(e)
+
+ if response.status_code >= 200 and response.status_code < 300:
+ users = response.json()
+ options = {
+ "url": url,
+ "auth": auth,
+ "headers": headers
+ }
+ for user in users:
+ role=findRole(user['username'], authConfig)
+ addUserRole(user, role, options)
+ else:
+ sys.exit('Getting users failed.')
+
+# main
+token = getToken()
+if token:
+ with open(realmFile) as file:
+ realm = json.load(file)
+ if not checkRealmExists(token, realm['id']):
+ createRealm(token, realm)
+
+ with open(authFile) as authConfig:
+ auth = json.load(authConfig)
+ createUsers(token, realm['id'], auth);
+ addUserRoles(token, realm['id'], auth)
diff --git a/solution/integration/smo/common/identity/o-ran-sc-realm.json b/solution/integration/smo/common/identity/o-ran-sc-realm.json
new file mode 100644
index 0000000..c7621d7
--- /dev/null
+++ b/solution/integration/smo/common/identity/o-ran-sc-realm.json
@@ -0,0 +1,2154 @@
+{
+ "id": "onap",
+ "realm": "onap",
+ "displayName": "O-RAN-SC SIM & OAM & NON-RT-RIC",
+ "displayNameHtml": "<div class=\"kc-logo-text\"><span>O-RAN-SC: SIM and OAM and Non-RT-RIC</span></div>",
+ "notBefore": 1606124502,
+ "revokeRefreshToken": false,
+ "refreshTokenMaxReuse": 0,
+ "accessTokenLifespan": 300,
+ "accessTokenLifespanForImplicitFlow": 900,
+ "ssoSessionIdleTimeout": 1800,
+ "ssoSessionMaxLifespan": 36000,
+ "ssoSessionIdleTimeoutRememberMe": 0,
+ "ssoSessionMaxLifespanRememberMe": 0,
+ "offlineSessionIdleTimeout": 2592000,
+ "offlineSessionMaxLifespanEnabled": false,
+ "offlineSessionMaxLifespan": 5184000,
+ "clientSessionIdleTimeout": 0,
+ "clientSessionMaxLifespan": 0,
+ "clientOfflineSessionIdleTimeout": 0,
+ "clientOfflineSessionMaxLifespan": 0,
+ "accessCodeLifespan": 60,
+ "accessCodeLifespanUserAction": 300,
+ "accessCodeLifespanLogin": 1800,
+ "actionTokenGeneratedByAdminLifespan": 43200,
+ "actionTokenGeneratedByUserLifespan": 300,
+ "enabled": true,
+ "sslRequired": "external",
+ "registrationAllowed": false,
+ "registrationEmailAsUsername": false,
+ "rememberMe": true,
+ "verifyEmail": false,
+ "loginWithEmailAllowed": true,
+ "duplicateEmailsAllowed": false,
+ "resetPasswordAllowed": false,
+ "editUsernameAllowed": false,
+ "bruteForceProtected": false,
+ "permanentLockout": false,
+ "maxFailureWaitSeconds": 900,
+ "minimumQuickLoginWaitSeconds": 60,
+ "waitIncrementSeconds": 60,
+ "quickLoginCheckMilliSeconds": 1000,
+ "maxDeltaTimeSeconds": 43200,
+ "failureFactor": 30,
+ "roles": {
+ "realm": [
+ {
+ "id": "66f90a7a-3766-4f69-989d-c94910e0bad6",
+ "name": "administration",
+ "description": "Read/write access to all operations.",
+ "composite": false,
+ "clientRole": false,
+ "containerId": "onap",
+ "attributes": {}
+ },
+ {
+ "id": "d2594199-99c2-4e0c-9b33-94b0a84b569a",
+ "name": "supervision",
+ "description": "In general no write access and also no read access to user-management.",
+ "composite": false,
+ "clientRole": false,
+ "containerId": "onap",
+ "attributes": {}
+ },
+ {
+ "id": "db6e98ed-5fa8-4471-9522-ba12a8732e08",
+ "name": "uma_authorization",
+ "description": "${role_uma_authorization}",
+ "composite": false,
+ "clientRole": false,
+ "containerId": "onap",
+ "attributes": {}
+ },
+ {
+ "id": "e344eb3a-8efe-4346-b5d4-93b9262cf0ec",
+ "name": "offline_access",
+ "description": "${role_offline-access}",
+ "composite": false,
+ "clientRole": false,
+ "containerId": "onap",
+ "attributes": {}
+ },
+ {
+ "id": "7c6d7309-c7c1-4a51-8a85-bd6713af5ca7",
+ "name": "provision",
+ "description": "In general read/write access, expect write access to user-management.",
+ "composite": false,
+ "clientRole": false,
+ "containerId": "onap",
+ "attributes": {}
+ }
+ ],
+ "client": {
+ "realm-management": [
+ {
+ "id": "48cf3c96-5ef0-4a91-a95f-149234d0b595",
+ "name": "manage-identity-providers",
+ "description": "${role_manage-identity-providers}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "048a9bfc-077a-42a2-afe8-1ec13d3a43a3",
+ "attributes": {}
+ },
+ {
+ "id": "97066b13-50b7-4556-8c33-b06279ee26b7",
+ "name": "query-realms",
+ "description": "${role_query-realms}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "048a9bfc-077a-42a2-afe8-1ec13d3a43a3",
+ "attributes": {}
+ },
+ {
+ "id": "120f58c7-3850-487e-9733-a9b98ac43921",
+ "name": "view-events",
+ "description": "${role_view-events}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "048a9bfc-077a-42a2-afe8-1ec13d3a43a3",
+ "attributes": {}
+ },
+ {
+ "id": "4ab08158-f781-448f-a394-d0022957c2d8",
+ "name": "manage-users",
+ "description": "${role_manage-users}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "048a9bfc-077a-42a2-afe8-1ec13d3a43a3",
+ "attributes": {}
+ },
+ {
+ "id": "a2aeee62-6cfa-4968-be7c-b861ca16d9ae",
+ "name": "impersonation",
+ "description": "${role_impersonation}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "048a9bfc-077a-42a2-afe8-1ec13d3a43a3",
+ "attributes": {}
+ },
+ {
+ "id": "cddc6aa1-d8d8-4a4b-a6d0-15576ca147cc",
+ "name": "manage-authorization",
+ "description": "${role_manage-authorization}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "048a9bfc-077a-42a2-afe8-1ec13d3a43a3",
+ "attributes": {}
+ },
+ {
+ "id": "f139916a-75d6-44e2-8fb2-818cabc9aa79",
+ "name": "query-users",
+ "description": "${role_query-users}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "048a9bfc-077a-42a2-afe8-1ec13d3a43a3",
+ "attributes": {}
+ },
+ {
+ "id": "51216a0a-b1cb-4bbf-966a-6d6b9a430981",
+ "name": "query-clients",
+ "description": "${role_query-clients}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "048a9bfc-077a-42a2-afe8-1ec13d3a43a3",
+ "attributes": {}
+ },
+ {
+ "id": "77174699-6e58-4515-a4de-fc0c5f1b84aa",
+ "name": "manage-events",
+ "description": "${role_manage-events}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "048a9bfc-077a-42a2-afe8-1ec13d3a43a3",
+ "attributes": {}
+ },
+ {
+ "id": "34107e13-212e-4b07-a00a-0cb422cb1b18",
+ "name": "view-authorization",
+ "description": "${role_view-authorization}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "048a9bfc-077a-42a2-afe8-1ec13d3a43a3",
+ "attributes": {}
+ },
+ {
+ "id": "b2460807-5207-4112-ae9d-931e1ea8e495",
+ "name": "manage-realm",
+ "description": "${role_manage-realm}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "048a9bfc-077a-42a2-afe8-1ec13d3a43a3",
+ "attributes": {}
+ },
+ {
+ "id": "36454cac-a7b4-49a2-9202-7e9253680709",
+ "name": "view-clients",
+ "description": "${role_view-clients}",
+ "composite": true,
+ "composites": {
+ "client": {
+ "realm-management": [
+ "query-clients"
+ ]
+ }
+ },
+ "clientRole": true,
+ "containerId": "048a9bfc-077a-42a2-afe8-1ec13d3a43a3",
+ "attributes": {}
+ },
+ {
+ "id": "bd6536a5-fb15-4d9d-acd4-05af2f5f0872",
+ "name": "manage-clients",
+ "description": "${role_manage-clients}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "048a9bfc-077a-42a2-afe8-1ec13d3a43a3",
+ "attributes": {}
+ },
+ {
+ "id": "0413ee3e-5669-45e2-a62e-013e5fa9f95c",
+ "name": "view-identity-providers",
+ "description": "${role_view-identity-providers}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "048a9bfc-077a-42a2-afe8-1ec13d3a43a3",
+ "attributes": {}
+ },
+ {
+ "id": "a7f035f6-bcb3-4a3e-9aba-b9d8151ae1e2",
+ "name": "create-client",
+ "description": "${role_create-client}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "048a9bfc-077a-42a2-afe8-1ec13d3a43a3",
+ "attributes": {}
+ },
+ {
+ "id": "6f755449-81aa-413c-b9a2-f1a04a310216",
+ "name": "realm-admin",
+ "description": "${role_realm-admin}",
+ "composite": true,
+ "composites": {
+ "client": {
+ "realm-management": [
+ "view-events",
+ "manage-identity-providers",
+ "query-realms",
+ "manage-users",
+ "impersonation",
+ "manage-authorization",
+ "query-users",
+ "query-clients",
+ "manage-events",
+ "view-authorization",
+ "manage-realm",
+ "view-clients",
+ "manage-clients",
+ "view-identity-providers",
+ "create-client",
+ "view-realm",
+ "view-users",
+ "query-groups"
+ ]
+ }
+ },
+ "clientRole": true,
+ "containerId": "048a9bfc-077a-42a2-afe8-1ec13d3a43a3",
+ "attributes": {}
+ },
+ {
+ "id": "b84067d9-c1a0-473b-9a8d-c9da11d702d0",
+ "name": "view-realm",
+ "description": "${role_view-realm}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "048a9bfc-077a-42a2-afe8-1ec13d3a43a3",
+ "attributes": {}
+ },
+ {
+ "id": "f93e22e0-4777-4eed-8793-54344e3912b8",
+ "name": "view-users",
+ "description": "${role_view-users}",
+ "composite": true,
+ "composites": {
+ "client": {
+ "realm-management": [
+ "query-users",
+ "query-groups"
+ ]
+ }
+ },
+ "clientRole": true,
+ "containerId": "048a9bfc-077a-42a2-afe8-1ec13d3a43a3",
+ "attributes": {}
+ },
+ {
+ "id": "0a21201d-d801-4905-bd24-15a0b6b672bd",
+ "name": "query-groups",
+ "description": "${role_query-groups}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "048a9bfc-077a-42a2-afe8-1ec13d3a43a3",
+ "attributes": {}
+ }
+ ],
+ "odlux.app": [],
+ "security-admin-console": [],
+ "admin-cli": [],
+ "account-console": [],
+ "broker": [
+ {
+ "id": "0ffc5717-546e-4bc9-a5ac-402cf244b8ef",
+ "name": "read-token",
+ "description": "${role_read-token}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "03f925c3-3688-44fc-80da-57a15e48f9c6",
+ "attributes": {}
+ }
+ ],
+ "account": [
+ {
+ "id": "73a6e64c-673d-41f8-891d-35cdf18530a2",
+ "name": "view-consent",
+ "description": "${role_view-consent}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "79520b16-34b6-4427-8c0f-40ef1e514d5e",
+ "attributes": {}
+ },
+ {
+ "id": "ad1c45b0-c118-423c-932b-4d37a1e22169",
+ "name": "manage-account-links",
+ "description": "${role_manage-account-links}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "79520b16-34b6-4427-8c0f-40ef1e514d5e",
+ "attributes": {}
+ },
+ {
+ "id": "5a945b4b-5982-4340-a2b9-464edacb5280",
+ "name": "manage-consent",
+ "description": "${role_manage-consent}",
+ "composite": true,
+ "composites": {
+ "client": {
+ "account": [
+ "view-consent"
+ ]
+ }
+ },
+ "clientRole": true,
+ "containerId": "79520b16-34b6-4427-8c0f-40ef1e514d5e",
+ "attributes": {}
+ },
+ {
+ "id": "27c9a3d3-78e9-4ca3-940c-3a3c16cac97f",
+ "name": "view-profile",
+ "description": "${role_view-profile}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "79520b16-34b6-4427-8c0f-40ef1e514d5e",
+ "attributes": {}
+ },
+ {
+ "id": "0dc10caf-b2f3-42e2-af88-c6c3d8f170ad",
+ "name": "delete-account",
+ "description": "${role_delete-account}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "79520b16-34b6-4427-8c0f-40ef1e514d5e",
+ "attributes": {}
+ },
+ {
+ "id": "b3ff60e4-53e9-4a78-9855-3e7a13608a37",
+ "name": "manage-account",
+ "description": "${role_manage-account}",
+ "composite": true,
+ "composites": {
+ "client": {
+ "account": [
+ "manage-account-links"
+ ]
+ }
+ },
+ "clientRole": true,
+ "containerId": "79520b16-34b6-4427-8c0f-40ef1e514d5e",
+ "attributes": {}
+ },
+ {
+ "id": "9fbd7ab1-300f-4bf4-8e3f-9de42ea841f4",
+ "name": "view-applications",
+ "description": "${role_view-applications}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "79520b16-34b6-4427-8c0f-40ef1e514d5e",
+ "attributes": {}
+ }
+ ]
+ }
+ },
+ "groups": [
+ {
+ "id": "53697740-dd18-4170-bcc7-5386d68bee12",
+ "name": "NetworkAdministration",
+ "path": "/NetworkAdministration",
+ "attributes": {},
+ "realmRoles": [
+ "administration"
+ ],
+ "clientRoles": {},
+ "subGroups": []
+ },
+ {
+ "id": "7416392a-8a94-48a0-b2f4-32355df722ee",
+ "name": "NetworkOperation",
+ "path": "/NetworkOperation",
+ "attributes": {},
+ "realmRoles": [
+ "provision"
+ ],
+ "clientRoles": {},
+ "subGroups": []
+ },
+ {
+ "id": "2627fd3e-5991-4464-8d46-5accfa7f49d9",
+ "name": "NetworkPlanning",
+ "path": "/NetworkPlanning",
+ "attributes": {},
+ "realmRoles": [
+ "supervision"
+ ],
+ "clientRoles": {},
+ "subGroups": []
+ }
+ ],
+ "defaultRoles": [
+ "uma_authorization",
+ "offline_access"
+ ],
+ "requiredCredentials": [
+ "password"
+ ],
+ "otpPolicyType": "totp",
+ "otpPolicyAlgorithm": "HmacSHA1",
+ "otpPolicyInitialCounter": 0,
+ "otpPolicyDigits": 6,
+ "otpPolicyLookAheadWindow": 1,
+ "otpPolicyPeriod": 30,
+ "otpSupportedApplications": [
+ "FreeOTP",
+ "Google Authenticator"
+ ],
+ "webAuthnPolicyRpEntityName": "keycloak",
+ "webAuthnPolicySignatureAlgorithms": [
+ "ES256"
+ ],
+ "webAuthnPolicyRpId": "",
+ "webAuthnPolicyAttestationConveyancePreference": "not specified",
+ "webAuthnPolicyAuthenticatorAttachment": "not specified",
+ "webAuthnPolicyRequireResidentKey": "not specified",
+ "webAuthnPolicyUserVerificationRequirement": "not specified",
+ "webAuthnPolicyCreateTimeout": 0,
+ "webAuthnPolicyAvoidSameAuthenticatorRegister": false,
+ "webAuthnPolicyAcceptableAaguids": [],
+ "webAuthnPolicyPasswordlessRpEntityName": "keycloak",
+ "webAuthnPolicyPasswordlessSignatureAlgorithms": [
+ "ES256"
+ ],
+ "webAuthnPolicyPasswordlessRpId": "",
+ "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified",
+ "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified",
+ "webAuthnPolicyPasswordlessRequireResidentKey": "not specified",
+ "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified",
+ "webAuthnPolicyPasswordlessCreateTimeout": 0,
+ "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false,
+ "webAuthnPolicyPasswordlessAcceptableAaguids": [],
+ "scopeMappings": [
+ {
+ "clientScope": "offline_access",
+ "roles": [
+ "offline_access"
+ ]
+ }
+ ],
+ "clientScopeMappings": {
+ "account": [
+ {
+ "client": "account-console",
+ "roles": [
+ "manage-account"
+ ]
+ }
+ ]
+ },
+ "clients": [
+ {
+ "id": "79520b16-34b6-4427-8c0f-40ef1e514d5e",
+ "clientId": "account",
+ "name": "${client_account}",
+ "rootUrl": "${authBaseUrl}",
+ "baseUrl": "/realms/onap-oam-joins-non-rt-ric/account/",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "**********",
+ "defaultRoles": [
+ "view-profile",
+ "manage-account"
+ ],
+ "redirectUris": [
+ "/realms/onap-oam-joins-non-rt-ric/account/*"
+ ],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": false,
+ "serviceAccountsEnabled": false,
+ "publicClient": false,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {},
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": false,
+ "nodeReRegistrationTimeout": 0,
+ "defaultClientScopes": [
+ "web-origins",
+ "role_list",
+ "roles",
+ "profile",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "offline_access",
+ "microprofile-jwt"
+ ]
+ },
+ {
+ "id": "9e6bfeba-bdd0-480f-b5a2-872613bc8f5c",
+ "clientId": "account-console",
+ "name": "${client_account-console}",
+ "rootUrl": "${authBaseUrl}",
+ "baseUrl": "/realms/onap-oam-joins-non-rt-ric/account/",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "**********",
+ "redirectUris": [
+ "/realms/onap-oam-joins-non-rt-ric/account/*"
+ ],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": false,
+ "serviceAccountsEnabled": false,
+ "publicClient": true,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {
+ "pkce.code.challenge.method": "S256"
+ },
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": false,
+ "nodeReRegistrationTimeout": 0,
+ "protocolMappers": [
+ {
+ "id": "7c4d0074-59ac-48de-a13d-ff68f061b5aa",
+ "name": "audience resolve",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-audience-resolve-mapper",
+ "consentRequired": false,
+ "config": {}
+ }
+ ],
+ "defaultClientScopes": [
+ "web-origins",
+ "role_list",
+ "roles",
+ "profile",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "offline_access",
+ "microprofile-jwt"
+ ]
+ },
+ {
+ "id": "42be94b8-40c9-4874-9d6e-9501d12f73a5",
+ "clientId": "admin-cli",
+ "name": "${client_admin-cli}",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "**********",
+ "redirectUris": [],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": false,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": true,
+ "serviceAccountsEnabled": false,
+ "publicClient": true,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {
+ "saml.assertion.signature": "false",
+ "access.token.lifespan": "1200",
+ "saml.force.post.binding": "false",
+ "saml.multivalued.roles": "false",
+ "saml.encrypt": "false",
+ "saml.server.signature": "false",
+ "saml.server.signature.keyinfo.ext": "false",
+ "exclude.session.state.from.auth.response": "false",
+ "saml_force_name_id_format": "false",
+ "saml.client.signature": "false",
+ "tls.client.certificate.bound.access.tokens": "false",
+ "saml.authnstatement": "false",
+ "display.on.consent.screen": "false",
+ "saml.onetimeuse.condition": "false"
+ },
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": true,
+ "nodeReRegistrationTimeout": 0,
+ "defaultClientScopes": [
+ "web-origins",
+ "role_list",
+ "roles",
+ "profile",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "offline_access",
+ "microprofile-jwt"
+ ]
+ },
+ {
+ "id": "03f925c3-3688-44fc-80da-57a15e48f9c6",
+ "clientId": "broker",
+ "name": "${client_broker}",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "**********",
+ "redirectUris": [],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": false,
+ "serviceAccountsEnabled": false,
+ "publicClient": false,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {},
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": false,
+ "nodeReRegistrationTimeout": 0,
+ "defaultClientScopes": [
+ "web-origins",
+ "role_list",
+ "roles",
+ "profile",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "offline_access",
+ "microprofile-jwt"
+ ]
+ },
+ {
+ "id": "dbd662ad-e959-44c9-bd18-859ca0142927",
+ "clientId": "odlux.app",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "2a64fdca-c205-4b52-9f58-195ccc142ddb",
+ "redirectUris": [
+ "http://localhost:8081/*",
+ "https://sdnc-web:8453/*"
+ ],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": true,
+ "serviceAccountsEnabled": false,
+ "publicClient": false,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {
+ "saml.assertion.signature": "false",
+ "access.token.lifespan": "1800",
+ "saml.force.post.binding": "false",
+ "saml.multivalued.roles": "false",
+ "saml.encrypt": "false",
+ "backchannel.logout.revoke.offline.tokens": "false",
+ "saml.server.signature": "false",
+ "saml.server.signature.keyinfo.ext": "false",
+ "exclude.session.state.from.auth.response": "false",
+ "backchannel.logout.session.required": "false",
+ "client_credentials.use_refresh_token": "false",
+ "saml_force_name_id_format": "false",
+ "saml.client.signature": "false",
+ "tls.client.certificate.bound.access.tokens": "false",
+ "saml.authnstatement": "false",
+ "display.on.consent.screen": "false",
+ "saml.onetimeuse.condition": "false"
+ },
+ "authenticationFlowBindingOverrides": {
+ "direct_grant": "dfb7f7d8-1260-4d25-ac2c-b04b029bc63f",
+ "browser": "158733a4-43f8-4cbc-922d-5017939ad0dc"
+ },
+ "fullScopeAllowed": true,
+ "nodeReRegistrationTimeout": -1,
+ "defaultClientScopes": [
+ "web-origins",
+ "role_list",
+ "roles",
+ "profile",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "offline_access",
+ "microprofile-jwt"
+ ]
+ },
+ {
+ "id": "048a9bfc-077a-42a2-afe8-1ec13d3a43a3",
+ "clientId": "realm-management",
+ "name": "${client_realm-management}",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "**********",
+ "redirectUris": [],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": true,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": false,
+ "serviceAccountsEnabled": false,
+ "publicClient": false,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {},
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": false,
+ "nodeReRegistrationTimeout": 0,
+ "defaultClientScopes": [
+ "web-origins",
+ "role_list",
+ "roles",
+ "profile",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "offline_access",
+ "microprofile-jwt"
+ ]
+ },
+ {
+ "id": "458df016-a86f-4750-979b-7f4bc20d9bed",
+ "clientId": "security-admin-console",
+ "name": "${client_security-admin-console}",
+ "rootUrl": "${authAdminUrl}",
+ "baseUrl": "/admin/onap-oam-joins-non-rt-ric/console/",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "**********",
+ "redirectUris": [
+ "/admin/onap-oam-joins-non-rt-ric/console/*"
+ ],
+ "webOrigins": [
+ "+"
+ ],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": false,
+ "serviceAccountsEnabled": false,
+ "publicClient": true,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {
+ "pkce.code.challenge.method": "S256"
+ },
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": false,
+ "nodeReRegistrationTimeout": 0,
+ "protocolMappers": [
+ {
+ "id": "7a2b5c79-4775-4f07-810f-f101774cd086",
+ "name": "locale",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "locale",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "locale",
+ "jsonType.label": "String"
+ }
+ }
+ ],
+ "defaultClientScopes": [
+ "web-origins",
+ "role_list",
+ "roles",
+ "profile",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "offline_access",
+ "microprofile-jwt"
+ ]
+ }
+ ],
+ "clientScopes": [
+ {
+ "id": "6dd0bccf-179e-4d35-acd0-03aa6ef2153d",
+ "name": "address",
+ "description": "OpenID Connect built-in scope: address",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "true",
+ "display.on.consent.screen": "true",
+ "consent.screen.text": "${addressScopeConsentText}"
+ },
+ "protocolMappers": [
+ {
+ "id": "6c342dae-9652-49f9-8327-ec2c3ddcd159",
+ "name": "address",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-address-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.attribute.formatted": "formatted",
+ "user.attribute.country": "country",
+ "user.attribute.postal_code": "postal_code",
+ "userinfo.token.claim": "true",
+ "user.attribute.street": "street",
+ "id.token.claim": "true",
+ "user.attribute.region": "region",
+ "access.token.claim": "true",
+ "user.attribute.locality": "locality"
+ }
+ }
+ ]
+ },
+ {
+ "id": "452eb724-9c8c-4d5b-8e3a-c40dfab97fd6",
+ "name": "email",
+ "description": "OpenID Connect built-in scope: email",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "true",
+ "display.on.consent.screen": "true",
+ "consent.screen.text": "${emailScopeConsentText}"
+ },
+ "protocolMappers": [
+ {
+ "id": "e7e9a9b0-0aeb-4d44-bb6d-8d287050521c",
+ "name": "email verified",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "emailVerified",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "email_verified",
+ "jsonType.label": "boolean"
+ }
+ },
+ {
+ "id": "b9fc29ad-dd40-42c5-939c-315f661ac889",
+ "name": "email",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "email",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "email",
+ "jsonType.label": "String"
+ }
+ }
+ ]
+ },
+ {
+ "id": "49f39fbb-5b69-452a-b2b4-064f3e8f23e4",
+ "name": "microprofile-jwt",
+ "description": "Microprofile - JWT built-in scope",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "true",
+ "display.on.consent.screen": "false"
+ },
+ "protocolMappers": [
+ {
+ "id": "ed60115c-0fb1-4c4f-8134-11751957a241",
+ "name": "upn",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "username",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "upn",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "c88ed97f-9f0e-4d16-a1b2-1cb22e37fc46",
+ "name": "groups",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-realm-role-mapper",
+ "consentRequired": false,
+ "config": {
+ "multivalued": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "foo",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "groups",
+ "jsonType.label": "String"
+ }
+ }
+ ]
+ },
+ {
+ "id": "cf78afd0-da31-4e37-8503-618bf3f1da2b",
+ "name": "offline_access",
+ "description": "OpenID Connect built-in scope: offline_access",
+ "protocol": "openid-connect",
+ "attributes": {
+ "consent.screen.text": "${offlineAccessScopeConsentText}",
+ "display.on.consent.screen": "true"
+ }
+ },
+ {
+ "id": "7b1e27d0-17c0-4358-9e15-ff3dd48afe74",
+ "name": "phone",
+ "description": "OpenID Connect built-in scope: phone",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "true",
+ "display.on.consent.screen": "true",
+ "consent.screen.text": "${phoneScopeConsentText}"
+ },
+ "protocolMappers": [
+ {
+ "id": "33ad6d44-00c7-4ef1-88aa-2d3929225806",
+ "name": "phone number verified",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "phoneNumberVerified",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "phone_number_verified",
+ "jsonType.label": "boolean"
+ }
+ },
+ {
+ "id": "71d82f58-9411-4d7b-89a4-5f8e7cca6f7d",
+ "name": "phone number",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "phoneNumber",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "phone_number",
+ "jsonType.label": "String"
+ }
+ }
+ ]
+ },
+ {
+ "id": "a226a318-27ab-472e-b53e-a8f6bb7fac28",
+ "name": "profile",
+ "description": "OpenID Connect built-in scope: profile",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "true",
+ "display.on.consent.screen": "true",
+ "consent.screen.text": "${profileScopeConsentText}"
+ },
+ "protocolMappers": [
+ {
+ "id": "5e8ecd21-c433-4b17-aacc-a01586532fd9",
+ "name": "gender",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "gender",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "gender",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "cf587792-5813-4fe3-a16d-4ce4d4c92b50",
+ "name": "updated at",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "updatedAt",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "updated_at",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "65b516e5-e573-46a7-a721-141647220ae2",
+ "name": "birthdate",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "birthdate",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "birthdate",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "d6e02648-07f1-4e6e-940a-f0a6997af1ec",
+ "name": "full name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-full-name-mapper",
+ "consentRequired": false,
+ "config": {
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "userinfo.token.claim": "true"
+ }
+ },
+ {
+ "id": "957e23f0-14fa-4959-b44d-7ee628302664",
+ "name": "nickname",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "nickname",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "nickname",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "8f73eeed-e3fe-4086-8d56-ed488939bf7a",
+ "name": "given name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "firstName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "given_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "987d88f4-0803-4bf1-96d4-ba0badf95656",
+ "name": "username",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "username",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "preferred_username",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "de495b80-7a8c-47b6-bba5-534f59431156",
+ "name": "middle name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "middleName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "middle_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "176751a4-b631-4521-a9b4-0275d55c0846",
+ "name": "locale",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "locale",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "locale",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "37a41d7d-3f1b-4290-8885-2fbe197297eb",
+ "name": "zoneinfo",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "zoneinfo",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "zoneinfo",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "f639ac53-4c08-416b-828f-b06e6f5f59cf",
+ "name": "website",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "website",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "website",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "acac2472-8d13-4c22-929d-9c364e3af1dc",
+ "name": "family name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "lastName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "family_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "b748d016-ce62-4cf2-bf0f-78482f90c4e0",
+ "name": "picture",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "picture",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "picture",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "e8d61aee-2580-4aec-9c99-9310e0b10637",
+ "name": "profile",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "profile",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "profile",
+ "jsonType.label": "String"
+ }
+ }
+ ]
+ },
+ {
+ "id": "7b6ec9ac-c5b6-4096-8b48-5a27d9a4b3fd",
+ "name": "role_list",
+ "description": "SAML role list",
+ "protocol": "saml",
+ "attributes": {
+ "consent.screen.text": "${samlRoleListScopeConsentText}",
+ "display.on.consent.screen": "true"
+ },
+ "protocolMappers": [
+ {
+ "id": "924fba2b-b443-4160-96dd-5a8d7b5fe685",
+ "name": "role list",
+ "protocol": "saml",
+ "protocolMapper": "saml-role-list-mapper",
+ "consentRequired": false,
+ "config": {
+ "single": "false",
+ "attribute.nameformat": "Basic",
+ "attribute.name": "Role"
+ }
+ }
+ ]
+ },
+ {
+ "id": "6ccb6ae1-d28c-42a0-a59d-2c3d8429e96f",
+ "name": "roles",
+ "description": "OpenID Connect scope for add user roles to the access token",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "false",
+ "display.on.consent.screen": "true",
+ "consent.screen.text": "${rolesScopeConsentText}"
+ },
+ "protocolMappers": [
+ {
+ "id": "1968a6ac-cf1c-4d15-a4fe-f5206f73e0b9",
+ "name": "client roles",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-client-role-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.attribute": "foo",
+ "access.token.claim": "true",
+ "claim.name": "resource_access.${client_id}.roles",
+ "jsonType.label": "String",
+ "multivalued": "true"
+ }
+ },
+ {
+ "id": "800d0b8f-42f0-4990-81a6-4cc513097ba7",
+ "name": "realm roles",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-realm-role-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.attribute": "foo",
+ "access.token.claim": "true",
+ "claim.name": "realm_access.roles",
+ "jsonType.label": "String",
+ "multivalued": "true"
+ }
+ },
+ {
+ "id": "ccaf8f4b-1050-4aca-a54f-5832873a7cfe",
+ "name": "audience resolve",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-audience-resolve-mapper",
+ "consentRequired": false,
+ "config": {}
+ }
+ ]
+ },
+ {
+ "id": "04affd50-f5ca-476a-960f-21935af0ab5d",
+ "name": "web-origins",
+ "description": "OpenID Connect scope for add allowed web origins to the access token",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "false",
+ "display.on.consent.screen": "false",
+ "consent.screen.text": ""
+ },
+ "protocolMappers": [
+ {
+ "id": "f4e1fc1e-454a-46b6-a660-5066aecbb363",
+ "name": "allowed web origins",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-allowed-origins-mapper",
+ "consentRequired": false,
+ "config": {}
+ }
+ ]
+ }
+ ],
+ "defaultDefaultClientScopes": [
+ "web-origins",
+ "email",
+ "roles",
+ "role_list",
+ "profile"
+ ],
+ "defaultOptionalClientScopes": [
+ "microprofile-jwt",
+ "address",
+ "phone",
+ "offline_access"
+ ],
+ "browserSecurityHeaders": {
+ "contentSecurityPolicyReportOnly": "",
+ "xContentTypeOptions": "nosniff",
+ "xRobotsTag": "none",
+ "xFrameOptions": "SAMEORIGIN",
+ "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
+ "xXSSProtection": "1; mode=block",
+ "strictTransportSecurity": "max-age=31536000; includeSubDomains"
+ },
+ "smtpServer": {},
+ "eventsEnabled": false,
+ "eventsListeners": [
+ "jboss-logging"
+ ],
+ "enabledEventTypes": [],
+ "adminEventsEnabled": false,
+ "adminEventsDetailsEnabled": false,
+ "identityProviders": [],
+ "identityProviderMappers": [],
+ "components": {
+ "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [
+ {
+ "id": "0c44905c-8894-4af1-8e5b-75370102ebc7",
+ "name": "Max Clients Limit",
+ "providerId": "max-clients",
+ "subType": "anonymous",
+ "subComponents": {},
+ "config": {
+ "max-clients": [
+ "200"
+ ]
+ }
+ },
+ {
+ "id": "b191c0f5-a3b0-4f59-bd83-070d3b6c2b28",
+ "name": "Allowed Protocol Mapper Types",
+ "providerId": "allowed-protocol-mappers",
+ "subType": "anonymous",
+ "subComponents": {},
+ "config": {
+ "allowed-protocol-mapper-types": [
+ "saml-role-list-mapper",
+ "oidc-sha256-pairwise-sub-mapper",
+ "saml-user-attribute-mapper",
+ "oidc-usermodel-property-mapper",
+ "oidc-address-mapper",
+ "oidc-full-name-mapper",
+ "saml-user-property-mapper",
+ "oidc-usermodel-attribute-mapper"
+ ]
+ }
+ },
+ {
+ "id": "d152b7b9-d519-48bc-ac78-1dc3c08c4569",
+ "name": "Trusted Hosts",
+ "providerId": "trusted-hosts",
+ "subType": "anonymous",
+ "subComponents": {},
+ "config": {
+ "host-sending-registration-request-must-match": [
+ "true"
+ ],
+ "client-uris-must-match": [
+ "true"
+ ]
+ }
+ },
+ {
+ "id": "724d468e-c5da-4189-b51e-0c43ee65ef90",
+ "name": "Consent Required",
+ "providerId": "consent-required",
+ "subType": "anonymous",
+ "subComponents": {},
+ "config": {}
+ },
+ {
+ "id": "409f70ab-abe9-4f3e-873f-ae3c717af73e",
+ "name": "Allowed Client Scopes",
+ "providerId": "allowed-client-templates",
+ "subType": "authenticated",
+ "subComponents": {},
+ "config": {
+ "allow-default-scopes": [
+ "true"
+ ]
+ }
+ },
+ {
+ "id": "46ebd6ed-3ad9-433f-b8e1-9a87d971f490",
+ "name": "Full Scope Disabled",
+ "providerId": "scope",
+ "subType": "anonymous",
+ "subComponents": {},
+ "config": {}
+ },
+ {
+ "id": "61c5003c-94ee-44de-8e1c-f892f5e09488",
+ "name": "Allowed Protocol Mapper Types",
+ "providerId": "allowed-protocol-mappers",
+ "subType": "authenticated",
+ "subComponents": {},
+ "config": {
+ "allowed-protocol-mapper-types": [
+ "oidc-usermodel-property-mapper",
+ "oidc-full-name-mapper",
+ "saml-role-list-mapper",
+ "oidc-address-mapper",
+ "oidc-sha256-pairwise-sub-mapper",
+ "oidc-usermodel-attribute-mapper",
+ "saml-user-attribute-mapper",
+ "saml-user-property-mapper"
+ ]
+ }
+ },
+ {
+ "id": "da534621-02b7-4ccc-b14b-6a9a3648961d",
+ "name": "Allowed Client Scopes",
+ "providerId": "allowed-client-templates",
+ "subType": "anonymous",
+ "subComponents": {},
+ "config": {
+ "allow-default-scopes": [
+ "true"
+ ]
+ }
+ }
+ ],
+ "org.keycloak.keys.KeyProvider": [
+ {
+ "id": "9890b674-2409-4e30-95e8-0c66775d0dec",
+ "name": "rsa-generated",
+ "providerId": "rsa-generated",
+ "subComponents": {},
+ "config": {
+ "priority": [
+ "100"
+ ]
+ }
+ },
+ {
+ "id": "447f9685-f16b-463c-9ee1-ed1ae487fa06",
+ "name": "aes-generated",
+ "providerId": "aes-generated",
+ "subComponents": {},
+ "config": {
+ "priority": [
+ "100"
+ ]
+ }
+ },
+ {
+ "id": "198c0d7e-ee71-4b28-86ab-3cd3b0f45231",
+ "name": "hmac-generated",
+ "providerId": "hmac-generated",
+ "subComponents": {},
+ "config": {
+ "priority": [
+ "100"
+ ],
+ "algorithm": [
+ "HS256"
+ ]
+ }
+ }
+ ]
+ },
+ "internationalizationEnabled": false,
+ "supportedLocales": [],
+ "authenticationFlows": [
+ {
+ "id": "0ee220ce-108a-409c-83c2-a5686323b9ee",
+ "alias": "Account verification options",
+ "description": "Method with which to verity the existing account",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "idp-email-verification",
+ "requirement": "ALTERNATIVE",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "requirement": "ALTERNATIVE",
+ "priority": 20,
+ "flowAlias": "Verify Existing Account by Re-authentication",
+ "userSetupAllowed": false,
+ "autheticatorFlow": true
+ }
+ ]
+ },
+ {
+ "id": "d21dab1e-44d5-4e02-ad5d-544ac4fb6c3c",
+ "alias": "Authentication Options",
+ "description": "Authentication options.",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "basic-auth",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "basic-auth-otp",
+ "requirement": "DISABLED",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "auth-spnego",
+ "requirement": "DISABLED",
+ "priority": 30,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ }
+ ]
+ },
+ {
+ "id": "ec170205-9818-4cd2-9aff-d57c3c47a0a8",
+ "alias": "Browser - Conditional OTP",
+ "description": "Flow to determine if the OTP is required for the authentication",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "conditional-user-configured",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "auth-otp-form",
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ }
+ ]
+ },
+ {
+ "id": "7867cf39-84c1-4061-8d7a-000ffd974a06",
+ "alias": "Direct Grant - Conditional OTP",
+ "description": "Flow to determine if the OTP is required for the authentication",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "conditional-user-configured",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "direct-grant-validate-otp",
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ }
+ ]
+ },
+ {
+ "id": "eb496420-e54b-41e4-abdb-c5179dc345af",
+ "alias": "First broker login - Conditional OTP",
+ "description": "Flow to determine if the OTP is required for the authentication",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "conditional-user-configured",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "auth-otp-form",
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ }
+ ]
+ },
+ {
+ "id": "bbf7a7ae-352b-44f4-83ab-1b3adcc0470c",
+ "alias": "Handle Existing Account",
+ "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "idp-confirm-link",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "flowAlias": "Account verification options",
+ "userSetupAllowed": false,
+ "autheticatorFlow": true
+ }
+ ]
+ },
+ {
+ "id": "74ec31d4-b70d-45db-817d-998ca47dca3f",
+ "alias": "Reset - Conditional OTP",
+ "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "conditional-user-configured",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "reset-otp",
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ }
+ ]
+ },
+ {
+ "id": "f0f868e5-da82-4ab3-8a39-4b02417ec001",
+ "alias": "User creation or linking",
+ "description": "Flow for the existing/non-existing user alternatives",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticatorConfig": "create unique user config",
+ "authenticator": "idp-create-user-if-unique",
+ "requirement": "ALTERNATIVE",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "requirement": "ALTERNATIVE",
+ "priority": 20,
+ "flowAlias": "Handle Existing Account",
+ "userSetupAllowed": false,
+ "autheticatorFlow": true
+ }
+ ]
+ },
+ {
+ "id": "78059620-abd8-4e1c-97a5-dd25bf456a29",
+ "alias": "Verify Existing Account by Re-authentication",
+ "description": "Reauthentication of existing account",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "idp-username-password-form",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "requirement": "CONDITIONAL",
+ "priority": 20,
+ "flowAlias": "First broker login - Conditional OTP",
+ "userSetupAllowed": false,
+ "autheticatorFlow": true
+ }
+ ]
+ },
+ {
+ "id": "158733a4-43f8-4cbc-922d-5017939ad0dc",
+ "alias": "browser",
+ "description": "browser based authentication",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "auth-cookie",
+ "requirement": "ALTERNATIVE",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "auth-spnego",
+ "requirement": "DISABLED",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "identity-provider-redirector",
+ "requirement": "ALTERNATIVE",
+ "priority": 25,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "requirement": "ALTERNATIVE",
+ "priority": 30,
+ "flowAlias": "forms",
+ "userSetupAllowed": false,
+ "autheticatorFlow": true
+ }
+ ]
+ },
+ {
+ "id": "9027d460-c6c3-49d9-869d-108acba1609c",
+ "alias": "clients",
+ "description": "Base authentication for clients",
+ "providerId": "client-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "client-secret",
+ "requirement": "ALTERNATIVE",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "client-jwt",
+ "requirement": "ALTERNATIVE",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "client-secret-jwt",
+ "requirement": "ALTERNATIVE",
+ "priority": 30,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "client-x509",
+ "requirement": "ALTERNATIVE",
+ "priority": 40,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ }
+ ]
+ },
+ {
+ "id": "dfb7f7d8-1260-4d25-ac2c-b04b029bc63f",
+ "alias": "direct grant",
+ "description": "OpenID Connect Resource Owner Grant",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "direct-grant-validate-username",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "direct-grant-validate-password",
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "requirement": "CONDITIONAL",
+ "priority": 30,
+ "flowAlias": "Direct Grant - Conditional OTP",
+ "userSetupAllowed": false,
+ "autheticatorFlow": true
+ }
+ ]
+ },
+ {
+ "id": "58f57ccc-d878-4670-bffa-be9f4754df62",
+ "alias": "docker auth",
+ "description": "Used by Docker clients to authenticate against the IDP",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "docker-http-basic-authenticator",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ }
+ ]
+ },
+ {
+ "id": "c5d1f9d8-1d25-4654-adf8-0a83f0c98303",
+ "alias": "first broker login",
+ "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticatorConfig": "review profile config",
+ "authenticator": "idp-review-profile",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "flowAlias": "User creation or linking",
+ "userSetupAllowed": false,
+ "autheticatorFlow": true
+ }
+ ]
+ },
+ {
+ "id": "84eccfe4-1192-4a02-a5ed-f4ff7a5a1442",
+ "alias": "forms",
+ "description": "Username, password, otp and other auth forms.",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "auth-username-password-form",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "requirement": "CONDITIONAL",
+ "priority": 20,
+ "flowAlias": "Browser - Conditional OTP",
+ "userSetupAllowed": false,
+ "autheticatorFlow": true
+ }
+ ]
+ },
+ {
+ "id": "a2f8ce9d-0206-4ea5-b09a-e660e551c2c0",
+ "alias": "http challenge",
+ "description": "An authentication flow based on challenge-response HTTP Authentication Schemes",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "no-cookie-redirect",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "flowAlias": "Authentication Options",
+ "userSetupAllowed": false,
+ "autheticatorFlow": true
+ }
+ ]
+ },
+ {
+ "id": "112ed8a8-631c-455e-9dbc-34935b74b237",
+ "alias": "registration",
+ "description": "registration flow",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "registration-page-form",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "flowAlias": "registration form",
+ "userSetupAllowed": false,
+ "autheticatorFlow": true
+ }
+ ]
+ },
+ {
+ "id": "f15cdba2-4e59-4c06-9819-604f9eb811d0",
+ "alias": "registration form",
+ "description": "registration form",
+ "providerId": "form-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "registration-user-creation",
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "registration-profile-action",
+ "requirement": "REQUIRED",
+ "priority": 40,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "registration-password-action",
+ "requirement": "REQUIRED",
+ "priority": 50,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "registration-recaptcha-action",
+ "requirement": "DISABLED",
+ "priority": 60,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ }
+ ]
+ },
+ {
+ "id": "182c33c2-1b63-4a77-bbde-54af459f94b6",
+ "alias": "reset credentials",
+ "description": "Reset credentials for a user if they forgot their password or something",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "reset-credentials-choose-user",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "reset-credential-email",
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "reset-password",
+ "requirement": "REQUIRED",
+ "priority": 30,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "requirement": "CONDITIONAL",
+ "priority": 40,
+ "flowAlias": "Reset - Conditional OTP",
+ "userSetupAllowed": false,
+ "autheticatorFlow": true
+ }
+ ]
+ },
+ {
+ "id": "bd4486c6-1f69-45fd-b0c7-cbeeaf9e4f21",
+ "alias": "saml ecp",
+ "description": "SAML ECP Profile Authentication Flow",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "http-basic-authenticator",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ }
+ ]
+ }
+ ],
+ "authenticatorConfig": [
+ {
+ "id": "476c8235-6510-4a4f-ae77-dc711b1792ac",
+ "alias": "create unique user config",
+ "config": {
+ "require.password.update.after.registration": "false"
+ }
+ },
+ {
+ "id": "6e78f8d6-1611-441a-b0da-df6570583564",
+ "alias": "review profile config",
+ "config": {
+ "update.profile.on.first.login": "missing"
+ }
+ }
+ ],
+ "requiredActions": [
+ {
+ "alias": "CONFIGURE_TOTP",
+ "name": "Configure OTP",
+ "providerId": "CONFIGURE_TOTP",
+ "enabled": true,
+ "defaultAction": false,
+ "priority": 10,
+ "config": {}
+ },
+ {
+ "alias": "terms_and_conditions",
+ "name": "Terms and Conditions",
+ "providerId": "terms_and_conditions",
+ "enabled": false,
+ "defaultAction": false,
+ "priority": 20,
+ "config": {}
+ },
+ {
+ "alias": "UPDATE_PASSWORD",
+ "name": "Update Password",
+ "providerId": "UPDATE_PASSWORD",
+ "enabled": true,
+ "defaultAction": false,
+ "priority": 30,
+ "config": {}
+ },
+ {
+ "alias": "UPDATE_PROFILE",
+ "name": "Update Profile",
+ "providerId": "UPDATE_PROFILE",
+ "enabled": true,
+ "defaultAction": false,
+ "priority": 40,
+ "config": {}
+ },
+ {
+ "alias": "VERIFY_EMAIL",
+ "name": "Verify Email",
+ "providerId": "VERIFY_EMAIL",
+ "enabled": true,
+ "defaultAction": false,
+ "priority": 50,
+ "config": {}
+ },
+ {
+ "alias": "delete_account",
+ "name": "Delete Account",
+ "providerId": "delete_account",
+ "enabled": false,
+ "defaultAction": false,
+ "priority": 60,
+ "config": {}
+ },
+ {
+ "alias": "update_user_locale",
+ "name": "Update User Locale",
+ "providerId": "update_user_locale",
+ "enabled": true,
+ "defaultAction": false,
+ "priority": 1000,
+ "config": {}
+ }
+ ],
+ "browserFlow": "browser",
+ "registrationFlow": "registration",
+ "directGrantFlow": "direct grant",
+ "resetCredentialsFlow": "reset credentials",
+ "clientAuthenticationFlow": "clients",
+ "dockerAuthenticationFlow": "docker auth",
+ "attributes": {
+ "clientOfflineSessionMaxLifespan": "0",
+ "clientSessionIdleTimeout": "0",
+ "clientSessionMaxLifespan": "0",
+ "clientOfflineSessionIdleTimeout": "0"
+ },
+ "keycloakVersion": "12.0.4",
+ "userManagedAccessAllowed": false
+}
diff --git a/solution/integration/smo/common/identity/standalone.xml b/solution/integration/smo/common/identity/standalone.xml
new file mode 100644
index 0000000..7097355
--- /dev/null
+++ b/solution/integration/smo/common/identity/standalone.xml
@@ -0,0 +1,602 @@
+<?xml version='1.0' encoding='UTF-8'?>
+
+<server xmlns="urn:jboss:domain:14.0">
+ <extensions>
+ <extension module="org.jboss.as.clustering.infinispan"/>
+ <extension module="org.jboss.as.connector"/>
+ <extension module="org.jboss.as.deployment-scanner"/>
+ <extension module="org.jboss.as.ee"/>
+ <extension module="org.jboss.as.ejb3"/>
+ <extension module="org.jboss.as.jaxrs"/>
+ <extension module="org.jboss.as.jmx"/>
+ <extension module="org.jboss.as.jpa"/>
+ <extension module="org.jboss.as.logging"/>
+ <extension module="org.jboss.as.mail"/>
+ <extension module="org.jboss.as.naming"/>
+ <extension module="org.jboss.as.remoting"/>
+ <extension module="org.jboss.as.security"/>
+ <extension module="org.jboss.as.transactions"/>
+ <extension module="org.jboss.as.weld"/>
+ <extension module="org.keycloak.keycloak-server-subsystem"/>
+ <extension module="org.wildfly.extension.bean-validation"/>
+ <extension module="org.wildfly.extension.core-management"/>
+ <extension module="org.wildfly.extension.elytron"/>
+ <extension module="org.wildfly.extension.io"/>
+ <extension module="org.wildfly.extension.microprofile.config-smallrye"/>
+ <extension module="org.wildfly.extension.microprofile.health-smallrye"/>
+ <extension module="org.wildfly.extension.microprofile.metrics-smallrye"/>
+ <extension module="org.wildfly.extension.request-controller"/>
+ <extension module="org.wildfly.extension.security.manager"/>
+ <extension module="org.wildfly.extension.undertow"/>
+ </extensions>
+ <management>
+ <security-realms>
+ <security-realm name="ManagementRealm">
+ <authentication>
+ <local default-user="$local" skip-group-loading="true"/>
+ <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
+ </authentication>
+ <authorization map-groups-to-roles="false">
+ <properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
+ </authorization>
+ </security-realm>
+ <security-realm name="ApplicationRealm">
+ <server-identities>
+ <ssl>
+ <keystore path="application.keystore" relative-to="jboss.server.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
+ </ssl>
+ </server-identities>
+ <authentication>
+ <local default-user="$local" allowed-users="*" skip-group-loading="true"/>
+ <properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
+ </authentication>
+ <authorization>
+ <properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
+ </authorization>
+ </security-realm>
+ </security-realms>
+ <audit-log>
+ <formatters>
+ <json-formatter name="json-formatter"/>
+ </formatters>
+ <handlers>
+ <file-handler name="file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
+ </handlers>
+ <logger log-boot="true" log-read-only="false" enabled="false">
+ <handlers>
+ <handler name="file"/>
+ </handlers>
+ </logger>
+ </audit-log>
+ <management-interfaces>
+ <http-interface security-realm="ManagementRealm">
+ <http-upgrade enabled="true"/>
+ <socket-binding http="management-http"/>
+ </http-interface>
+ </management-interfaces>
+ <access-control provider="simple">
+ <role-mapping>
+ <role name="SuperUser">
+ <include>
+ <user name="$local"/>
+ </include>
+ </role>
+ </role-mapping>
+ </access-control>
+ </management>
+ <profile>
+ <subsystem xmlns="urn:jboss:domain:logging:8.0">
+ <console-handler name="CONSOLE">
+ <formatter>
+ <named-formatter name="COLOR-PATTERN"/>
+ </formatter>
+ </console-handler>
+ <logger category="com.arjuna">
+ <level name="WARN"/>
+ </logger>
+ <logger category="io.jaegertracing.Configuration">
+ <level name="WARN"/>
+ </logger>
+ <logger category="org.jboss.as.config">
+ <level name="DEBUG"/>
+ </logger>
+ <logger category="sun.rmi">
+ <level name="WARN"/>
+ </logger>
+ <logger category="org.keycloak">
+ <level name="${env.KEYCLOAK_LOGLEVEL:INFO}"/>
+ </logger>
+ <root-logger>
+ <level name="${env.ROOT_LOGLEVEL:INFO}"/>
+ <handlers>
+ <handler name="CONSOLE"/>
+ </handlers>
+ </root-logger>
+ <formatter name="PATTERN">
+ <pattern-formatter pattern="%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
+ </formatter>
+ <formatter name="COLOR-PATTERN">
+ <pattern-formatter pattern="%K{level}%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
+ </formatter>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:bean-validation:1.0"/>
+ <subsystem xmlns="urn:jboss:domain:core-management:1.0"/>
+ <subsystem xmlns="urn:jboss:domain:datasources:6.0">
+ <datasources>
+ <datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true" statistics-enabled="${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}}">
+ <connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE</connection-url>
+ <driver>h2</driver>
+ <security>
+ <user-name>sa</user-name>
+ <password>sa</password>
+ </security>
+ </datasource>
+ <datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true" statistics-enabled="${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}}">
+ <connection-url>jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE</connection-url>
+ <driver>h2</driver>
+ <security>
+ <user-name>sa</user-name>
+ <password>sa</password>
+ </security>
+ </datasource>
+ <drivers>
+ <driver name="h2" module="com.h2database.h2">
+ <xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
+ </driver>
+ </drivers>
+ </datasources>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:deployment-scanner:2.0">
+ <deployment-scanner path="deployments" relative-to="jboss.server.base.dir" scan-interval="5000" runtime-failure-causes-rollback="${jboss.deployment.scanner.rollback.on.failure:false}"/>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:ee:5.0">
+ <spec-descriptor-property-replacement>false</spec-descriptor-property-replacement>
+ <concurrent>
+ <context-services>
+ <context-service name="default" jndi-name="java:jboss/ee/concurrency/context/default" use-transaction-setup-provider="true"/>
+ </context-services>
+ <managed-thread-factories>
+ <managed-thread-factory name="default" jndi-name="java:jboss/ee/concurrency/factory/default" context-service="default"/>
+ </managed-thread-factories>
+ <managed-executor-services>
+ <managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default" context-service="default" hung-task-threshold="60000" keepalive-time="5000"/>
+ </managed-executor-services>
+ <managed-scheduled-executor-services>
+ <managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default" context-service="default" hung-task-threshold="60000" keepalive-time="3000"/>
+ </managed-scheduled-executor-services>
+ </concurrent>
+ <default-bindings context-service="java:jboss/ee/concurrency/context/default" datasource="java:jboss/datasources/ExampleDS" managed-executor-service="java:jboss/ee/concurrency/executor/default" managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default" managed-thread-factory="java:jboss/ee/concurrency/factory/default"/>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:ejb3:8.0">
+ <session-bean>
+ <stateless>
+ <bean-instance-pool-ref pool-name="slsb-strict-max-pool"/>
+ </stateless>
+ <stateful default-access-timeout="5000" cache-ref="simple" passivation-disabled-cache-ref="simple"/>
+ <singleton default-access-timeout="5000"/>
+ </session-bean>
+ <pools>
+ <bean-instance-pools>
+ <strict-max-pool name="mdb-strict-max-pool" derive-size="from-cpu-count" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
+ <strict-max-pool name="slsb-strict-max-pool" derive-size="from-worker-pools" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
+ </bean-instance-pools>
+ </pools>
+ <caches>
+ <cache name="simple"/>
+ <cache name="distributable" passivation-store-ref="infinispan" aliases="passivating clustered"/>
+ </caches>
+ <passivation-stores>
+ <passivation-store name="infinispan" cache-container="ejb" max-size="10000"/>
+ </passivation-stores>
+ <async thread-pool-name="default"/>
+ <timer-service thread-pool-name="default" default-data-store="default-file-store">
+ <data-stores>
+ <file-data-store name="default-file-store" path="timer-service-data" relative-to="jboss.server.data.dir"/>
+ </data-stores>
+ </timer-service>
+ <remote cluster="ejb" connectors="http-remoting-connector" thread-pool-name="default">
+ <channel-creation-options>
+ <option name="MAX_OUTBOUND_MESSAGES" value="1234" type="remoting"/>
+ </channel-creation-options>
+ </remote>
+ <thread-pools>
+ <thread-pool name="default">
+ <max-threads count="10"/>
+ <keepalive-time time="60" unit="seconds"/>
+ </thread-pool>
+ </thread-pools>
+ <default-security-domain value="other"/>
+ <default-missing-method-permissions-deny-access value="true"/>
+ <statistics enabled="${wildfly.ejb3.statistics-enabled:${wildfly.statistics-enabled:false}}"/>
+ <log-system-exceptions value="true"/>
+ </subsystem>
+ <subsystem xmlns="urn:wildfly:elytron:11.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto">
+ <providers>
+ <aggregate-providers name="combined-providers">
+ <providers name="elytron"/>
+ <providers name="openssl"/>
+ </aggregate-providers>
+ <provider-loader name="elytron" module="org.wildfly.security.elytron"/>
+ <provider-loader name="openssl" module="org.wildfly.openssl"/>
+ </providers>
+ <audit-logging>
+ <file-audit-log name="local-audit" path="audit.log" relative-to="jboss.server.log.dir" format="JSON"/>
+ </audit-logging>
+ <security-domains>
+ <security-domain name="ApplicationDomain" default-realm="ApplicationRealm" permission-mapper="default-permission-mapper">
+ <realm name="ApplicationRealm" role-decoder="groups-to-roles"/>
+ <realm name="local"/>
+ </security-domain>
+ <security-domain name="ManagementDomain" default-realm="ManagementRealm" permission-mapper="default-permission-mapper">
+ <realm name="ManagementRealm" role-decoder="groups-to-roles"/>
+ <realm name="local" role-mapper="super-user-mapper"/>
+ </security-domain>
+ </security-domains>
+ <security-realms>
+ <identity-realm name="local" identity="$local"/>
+ <properties-realm name="ApplicationRealm">
+ <users-properties path="application-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ApplicationRealm"/>
+ <groups-properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
+ </properties-realm>
+ <properties-realm name="ManagementRealm">
+ <users-properties path="mgmt-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ManagementRealm"/>
+ <groups-properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
+ </properties-realm>
+ </security-realms>
+ <mappers>
+ <simple-permission-mapper name="default-permission-mapper" mapping-mode="first">
+ <permission-mapping>
+ <principal name="anonymous"/>
+ <permission-set name="default-permissions"/>
+ </permission-mapping>
+ <permission-mapping match-all="true">
+ <permission-set name="login-permission"/>
+ <permission-set name="default-permissions"/>
+ </permission-mapping>
+ </simple-permission-mapper>
+ <constant-realm-mapper name="local" realm-name="local"/>
+ <simple-role-decoder name="groups-to-roles" attribute="groups"/>
+ <constant-role-mapper name="super-user-mapper">
+ <role name="SuperUser"/>
+ </constant-role-mapper>
+ </mappers>
+ <permission-sets>
+ <permission-set name="login-permission">
+ <permission class-name="org.wildfly.security.auth.permission.LoginPermission"/>
+ </permission-set>
+ <permission-set name="default-permissions">
+ <permission class-name="org.wildfly.extension.batch.jberet.deployment.BatchPermission" module="org.wildfly.extension.batch.jberet" target-name="*"/>
+ <permission class-name="org.wildfly.transaction.client.RemoteTransactionPermission" module="org.wildfly.transaction.client"/>
+ <permission class-name="org.jboss.ejb.client.RemoteEJBPermission" module="org.jboss.ejb-client"/>
+ </permission-set>
+ </permission-sets>
+ <http>
+ <http-authentication-factory name="management-http-authentication" security-domain="ManagementDomain" http-server-mechanism-factory="global">
+ <mechanism-configuration>
+ <mechanism mechanism-name="DIGEST">
+ <mechanism-realm realm-name="ManagementRealm"/>
+ </mechanism>
+ </mechanism-configuration>
+ </http-authentication-factory>
+ <provider-http-server-mechanism-factory name="global"/>
+ </http>
+ <sasl>
+ <sasl-authentication-factory name="application-sasl-authentication" sasl-server-factory="configured" security-domain="ApplicationDomain">
+ <mechanism-configuration>
+ <mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/>
+ <mechanism mechanism-name="DIGEST-MD5">
+ <mechanism-realm realm-name="ApplicationRealm"/>
+ </mechanism>
+ </mechanism-configuration>
+ </sasl-authentication-factory>
+ <sasl-authentication-factory name="management-sasl-authentication" sasl-server-factory="configured" security-domain="ManagementDomain">
+ <mechanism-configuration>
+ <mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/>
+ <mechanism mechanism-name="DIGEST-MD5">
+ <mechanism-realm realm-name="ManagementRealm"/>
+ </mechanism>
+ </mechanism-configuration>
+ </sasl-authentication-factory>
+ <configurable-sasl-server-factory name="configured" sasl-server-factory="elytron">
+ <properties>
+ <property name="wildfly.sasl.local-user.default-user" value="$local"/>
+ </properties>
+ </configurable-sasl-server-factory>
+ <mechanism-provider-filtering-sasl-server-factory name="elytron" sasl-server-factory="global">
+ <filters>
+ <filter provider-name="WildFlyElytron"/>
+ </filters>
+ </mechanism-provider-filtering-sasl-server-factory>
+ <provider-sasl-server-factory name="global"/>
+ </sasl>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:infinispan:11.0">
+ <cache-container name="keycloak" module="org.keycloak.keycloak-model-infinispan">
+ <local-cache name="realms">
+ <heap-memory size="10000"/>
+ </local-cache>
+ <local-cache name="users">
+ <heap-memory size="10000"/>
+ </local-cache>
+ <local-cache name="sessions"/>
+ <local-cache name="authenticationSessions"/>
+ <local-cache name="offlineSessions"/>
+ <local-cache name="clientSessions"/>
+ <local-cache name="offlineClientSessions"/>
+ <local-cache name="loginFailures"/>
+ <local-cache name="work"/>
+ <local-cache name="authorization">
+ <heap-memory size="10000"/>
+ </local-cache>
+ <local-cache name="keys">
+ <heap-memory size="1000"/>
+ <expiration max-idle="3600000"/>
+ </local-cache>
+ <local-cache name="actionTokens">
+ <heap-memory size="-1"/>
+ <expiration interval="300000" max-idle="-1"/>
+ </local-cache>
+ </cache-container>
+ <cache-container name="server" default-cache="default" module="org.wildfly.clustering.server">
+ <local-cache name="default">
+ <transaction mode="BATCH"/>
+ </local-cache>
+ </cache-container>
+ <cache-container name="web" default-cache="passivation" module="org.wildfly.clustering.web.infinispan">
+ <local-cache name="passivation">
+ <locking isolation="REPEATABLE_READ"/>
+ <transaction mode="BATCH"/>
+ <file-store passivation="true" purge="false"/>
+ </local-cache>
+ <local-cache name="sso">
+ <locking isolation="REPEATABLE_READ"/>
+ <transaction mode="BATCH"/>
+ </local-cache>
+ <local-cache name="routing"/>
+ </cache-container>
+ <cache-container name="ejb" aliases="sfsb" default-cache="passivation" module="org.wildfly.clustering.ejb.infinispan">
+ <local-cache name="passivation">
+ <locking isolation="REPEATABLE_READ"/>
+ <transaction mode="BATCH"/>
+ <file-store passivation="true" purge="false"/>
+ </local-cache>
+ </cache-container>
+ <cache-container name="hibernate" module="org.infinispan.hibernate-cache">
+ <local-cache name="entity">
+ <heap-memory size="10000"/>
+ <expiration max-idle="100000"/>
+ </local-cache>
+ <local-cache name="local-query">
+ <heap-memory size="10000"/>
+ <expiration max-idle="100000"/>
+ </local-cache>
+ <local-cache name="timestamps"/>
+ </cache-container>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:io:3.0">
+ <worker name="default"/>
+ <buffer-pool name="default"/>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:jaxrs:2.0"/>
+ <subsystem xmlns="urn:jboss:domain:jca:5.0">
+ <archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/>
+ <bean-validation enabled="true"/>
+ <default-workmanager>
+ <short-running-threads>
+ <core-threads count="50"/>
+ <queue-length count="50"/>
+ <max-threads count="50"/>
+ <keepalive-time time="10" unit="seconds"/>
+ </short-running-threads>
+ <long-running-threads>
+ <core-threads count="50"/>
+ <queue-length count="50"/>
+ <max-threads count="50"/>
+ <keepalive-time time="10" unit="seconds"/>
+ </long-running-threads>
+ </default-workmanager>
+ <cached-connection-manager/>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:jmx:1.3">
+ <expose-resolved-model/>
+ <expose-expression-model/>
+ <remoting-connector/>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:jpa:1.1">
+ <jpa default-datasource="" default-extended-persistence-inheritance="DEEP"/>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
+ <web-context>auth</web-context>
+ <providers>
+ <provider>
+ classpath:${jboss.home.dir}/providers/*
+ </provider>
+ </providers>
+ <master-realm-name>master</master-realm-name>
+ <scheduled-task-interval>900</scheduled-task-interval>
+ <theme>
+ <staticMaxAge>2592000</staticMaxAge>
+ <cacheThemes>true</cacheThemes>
+ <cacheTemplates>true</cacheTemplates>
+ <welcomeTheme>${env.KEYCLOAK_WELCOME_THEME:keycloak}</welcomeTheme>
+ <default>${env.KEYCLOAK_DEFAULT_THEME:keycloak}</default>
+ <dir>${jboss.home.dir}/themes</dir>
+ </theme>
+ <spi name="eventsStore">
+ <provider name="jpa" enabled="true">
+ <properties>
+ <property name="exclude-events" value="["REFRESH_TOKEN"]"/>
+ </properties>
+ </provider>
+ </spi>
+ <spi name="userCache">
+ <provider name="default" enabled="true"/>
+ </spi>
+ <spi name="userSessionPersister">
+ <default-provider>jpa</default-provider>
+ </spi>
+ <spi name="timer">
+ <default-provider>basic</default-provider>
+ </spi>
+ <spi name="connectionsHttpClient">
+ <provider name="default" enabled="true"/>
+ </spi>
+ <spi name="connectionsJpa">
+ <provider name="default" enabled="true">
+ <properties>
+ <property name="dataSource" value="java:jboss/datasources/KeycloakDS"/>
+ <property name="initializeEmpty" value="true"/>
+ <property name="migrationStrategy" value="update"/>
+ <property name="migrationExport" value="${jboss.home.dir}/keycloak-database-update.sql"/>
+ </properties>
+ </provider>
+ </spi>
+ <spi name="realmCache">
+ <provider name="default" enabled="true"/>
+ </spi>
+ <spi name="connectionsInfinispan">
+ <default-provider>default</default-provider>
+ <provider name="default" enabled="true">
+ <properties>
+ <property name="cacheContainer" value="java:jboss/infinispan/container/keycloak"/>
+ </properties>
+ </provider>
+ </spi>
+ <spi name="jta-lookup">
+ <default-provider>${keycloak.jta.lookup.provider:jboss}</default-provider>
+ <provider name="jboss" enabled="true"/>
+ </spi>
+ <spi name="publicKeyStorage">
+ <provider name="infinispan" enabled="true">
+ <properties>
+ <property name="minTimeBetweenRequests" value="10"/>
+ </properties>
+ </provider>
+ </spi>
+ <spi name="x509cert-lookup">
+ <default-provider>${keycloak.x509cert.lookup.provider:default}</default-provider>
+ <provider name="default" enabled="true"/>
+ </spi>
+ <spi name="hostname">
+ <default-provider>${keycloak.hostname.provider:default}</default-provider>
+ <provider name="default" enabled="true">
+ <properties>
+ <property name="frontendUrl" value="${keycloak.frontendUrl:}"/>
+ <property name="forceBackendUrlToFrontendUrl" value="false"/>
+ </properties>
+ </provider>
+ <provider name="fixed" enabled="true">
+ <properties>
+ <property name="hostname" value="${keycloak.hostname.fixed.hostname:localhost}"/>
+ <property name="httpPort" value="${keycloak.hostname.fixed.httpPort:-1}"/>
+ <property name="httpsPort" value="${keycloak.hostname.fixed.httpsPort:-1}"/>
+ <property name="alwaysHttps" value="${keycloak.hostname.fixed.alwaysHttps:false}"/>
+ </properties>
+ </provider>
+ </spi>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:mail:4.0">
+ <mail-session name="default" jndi-name="java:jboss/mail/Default">
+ <smtp-server outbound-socket-binding-ref="mail-smtp"/>
+ </mail-session>
+ </subsystem>
+ <subsystem xmlns="urn:wildfly:microprofile-config-smallrye:1.0"/>
+ <subsystem xmlns="urn:wildfly:microprofile-health-smallrye:2.0" security-enabled="false" empty-liveness-checks-status="${env.MP_HEALTH_EMPTY_LIVENESS_CHECKS_STATUS:UP}" empty-readiness-checks-status="${env.MP_HEALTH_EMPTY_READINESS_CHECKS_STATUS:UP}"/>
+ <subsystem xmlns="urn:wildfly:microprofile-metrics-smallrye:2.0" security-enabled="false" exposed-subsystems="*" prefix="${wildfly.metrics.prefix:wildfly}"/>
+ <subsystem xmlns="urn:jboss:domain:naming:2.0">
+ <remote-naming/>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:remoting:4.0">
+ <http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:request-controller:1.0"/>
+ <subsystem xmlns="urn:jboss:domain:security:2.0">
+ <security-domains>
+ <security-domain name="other" cache-type="default">
+ <authentication>
+ <login-module code="Remoting" flag="optional">
+ <module-option name="password-stacking" value="useFirstPass"/>
+ </login-module>
+ <login-module code="RealmDirect" flag="required">
+ <module-option name="password-stacking" value="useFirstPass"/>
+ </login-module>
+ </authentication>
+ </security-domain>
+ <security-domain name="jboss-web-policy" cache-type="default">
+ <authorization>
+ <policy-module code="Delegating" flag="required"/>
+ </authorization>
+ </security-domain>
+ <security-domain name="jaspitest" cache-type="default">
+ <authentication-jaspi>
+ <login-module-stack name="dummy">
+ <login-module code="Dummy" flag="optional"/>
+ </login-module-stack>
+ <auth-module code="Dummy"/>
+ </authentication-jaspi>
+ </security-domain>
+ <security-domain name="jboss-ejb-policy" cache-type="default">
+ <authorization>
+ <policy-module code="Delegating" flag="required"/>
+ </authorization>
+ </security-domain>
+ </security-domains>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:security-manager:1.0">
+ <deployment-permissions>
+ <maximum-set>
+ <permission class="java.security.AllPermission"/>
+ </maximum-set>
+ </deployment-permissions>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:transactions:5.0">
+ <core-environment node-identifier="${jboss.tx.node.id:1}">
+ <process-id>
+ <uuid/>
+ </process-id>
+ </core-environment>
+ <recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/>
+ <coordinator-environment statistics-enabled="${wildfly.transactions.statistics-enabled:${wildfly.statistics-enabled:false}}"/>
+ <object-store path="tx-object-store" relative-to="jboss.server.data.dir"/>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:undertow:11.0" default-server="default-server" default-virtual-host="default-host" default-servlet-container="default" default-security-domain="other" statistics-enabled="${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}}">
+ <buffer-cache name="default"/>
+ <server name="default-server">
+ <http-listener name="default" socket-binding="http" redirect-socket="https" proxy-address-forwarding="${env.PROXY_ADDRESS_FORWARDING:false}" enable-http2="true"/>
+ <https-listener name="https" socket-binding="https" proxy-address-forwarding="${env.PROXY_ADDRESS_FORWARDING:false}" security-realm="ApplicationRealm" enable-http2="true"/>
+ <host name="default-host" alias="localhost">
+ <location name="/" handler="welcome-content"/>
+ <http-invoker security-realm="ApplicationRealm"/>
+ </host>
+ </server>
+ <servlet-container name="default">
+ <jsp-config/>
+ <websockets/>
+ </servlet-container>
+ <handlers>
+ <file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
+ </handlers>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:weld:4.0"/>
+ </profile>
+ <interfaces>
+ <interface name="management">
+ <inet-address value="${jboss.bind.address.management:[::1]}"/>
+ </interface>
+ <interface name="public">
+ <inet-address value="${jboss.bind.address:[::]}"/>
+ </interface>
+ </interfaces>
+ <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
+ <socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
+ <socket-binding name="http" port="${jboss.http.port:8080}"/>
+ <socket-binding name="https" port="${jboss.https.port:8443}"/>
+ <socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
+ <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/>
+ <socket-binding name="txn-recovery-environment" port="4712"/>
+ <socket-binding name="txn-status-manager" port="4713"/>
+ <outbound-socket-binding name="mail-smtp">
+ <remote-destination host="${jboss.mail.server.host:localhost}" port="${jboss.mail.server.port:25}"/>
+ </outbound-socket-binding>
+ </socket-binding-group>
+</server>
diff --git a/solution/integration/smo/common/kafka/zk_client_jaas.conf b/solution/integration/smo/common/kafka/zk_client_jaas.conf
new file mode 100755
index 0000000..d4ef1eb
--- /dev/null
+++ b/solution/integration/smo/common/kafka/zk_client_jaas.conf
@@ -0,0 +1,5 @@
+Client {
+ org.apache.zookeeper.server.auth.DigestLoginModule required
+ username="kafka"
+ password="kafka_secret";
+ };
\ No newline at end of file
diff --git a/solution/integration/smo/common/zookeeper/zk_server_jaas.conf b/solution/integration/smo/common/zookeeper/zk_server_jaas.conf
new file mode 100644
index 0000000..26bf460
--- /dev/null
+++ b/solution/integration/smo/common/zookeeper/zk_server_jaas.conf
@@ -0,0 +1,4 @@
+Server {
+ org.apache.zookeeper.server.auth.DigestLoginModule required
+ user_kafka=kafka_secret;
+};
\ No newline at end of file