{ "id": "ONAP", "realm": "ONAP", "enabled": true, "roles": { "realm": [ { "name": "onap_admin", "description": "User role for administration tasks in the portal.", "composite": false, "clientRole": false, "containerId": "onap", "attributes": {} }, { "name": "user", "composite": false, "clientRole": false, "containerId": "onap", "attributes": {} }, { "name": "admin", "composite": false, "clientRole": false, "containerId": "onap", "attributes": {} }, { "name": "onap_designer", "description": "User role for designer tasks in the portal.", "composite": false, "clientRole": false, "containerId": "onap", "attributes": {} }, { "name": "offline_access", "description": "${role_offline-access}", "composite": false, "clientRole": false, "containerId": "onap", "attributes": {} }, { "name": "onap_operator", "description": "User role for operator tasks in the portal.", "composite": false, "clientRole": false, "containerId": "onap", "attributes": {} }, { "name": "uma_authorization", "description": "${role_uma_authorization}", "composite": false, "clientRole": false, "containerId": "onap", "attributes": {} }, { "name": "default-roles-onap", "description": "${role_default-roles}", "composite": true, "composites": { "realm": [ "offline_access", "uma_authorization" ], "client": { "account": [ "view-profile", "manage-account" ] } }, "clientRole": false, "containerId": "onap", "attributes": {} } ] }, "groups": [ { "name": "admins", "path": "/admins", "attributes": {}, "realmRoles": [], "clientRoles": {}, "subGroups": [] } ], "clients": [ { "clientId": "oauth2-proxy", "name": "Oauth2 Proxy", "description": "", "rootUrl": "", "adminUrl": "", "baseUrl": "", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "secret": "5YSOkJz99WHv8enDZPknzJuGqVSerELp", "redirectUris": [ "*" ], "webOrigins": [], "notBefore": 0, "bearerOnly": false, "consentRequired": false, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": true, "serviceAccountsEnabled": false, "publicClient": false, "frontchannelLogout": true, "protocol": "openid-connect", "attributes": { "tls-client-certificate-bound-access-tokens": "false", "oidc.ciba.grant.enabled": "false", "backchannel.logout.session.required": "true", "client_credentials.use_refresh_token": "false", "acr.loa.map": "{}", "require.pushed.authorization.requests": "false", "oauth2.device.authorization.grant.enabled": "false", "display.on.consent.screen": "false", "backchannel.logout.revoke.offline.tokens": "false", "token.response.type.bearer.lower-case": "false", "use.refresh.tokens": "true" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": true, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { "name": "SDC-User", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "multivalued": "false", "userinfo.token.claim": "true", "user.attribute": "sdc_user", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "sdc_user", "jsonType.label": "String" } } ], "defaultClientScopes": [ "web-origins", "acr", "profile", "roles", "email" ], "optionalClientScopes": [ "address", "phone", "offline_access", "groups", "microprofile-jwt" ] }, { "clientId": "portal-app", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "redirectUris": [ "{{ .Values.portalUrl }}/*", "http://localhost/*" ], "webOrigins": [ "*" ], "notBefore": 0, "bearerOnly": false, "consentRequired": false, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": true, "serviceAccountsEnabled": false, "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { "oidc.ciba.grant.enabled": "false", "backchannel.logout.session.required": "true", "post.logout.redirect.uris": "{{ .Values.portalUrl }}/*", "oauth2.device.authorization.grant.enabled": "false", "display.on.consent.screen": "false", "backchannel.logout.revoke.offline.tokens": "false" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": true, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { "name": "User-Roles", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-realm-role-mapper", "consentRequired": false, "config": { "id.token.claim": "true", "access.token.claim": "true", "claim.name": "roles", "multivalued": "true", "userinfo.token.claim": "true" } }, { "name": "SDC-User", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", "user.attribute": "sdc_user", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "sdc_user", "jsonType.label": "String" } } ], "defaultClientScopes": [ "web-origins", "acr", "profile", "roles", "email" ], "optionalClientScopes": [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { "clientId" : "portal-bff", "surrogateAuthRequired" : false, "enabled" : true, "alwaysDisplayInConsole" : false, "clientAuthenticatorType" : "client-secret", "secret" : "pKOuVH1bwRZoNzp5P5t4GV8CqcCJYVtr", "redirectUris" : [ ], "webOrigins" : [ ], "notBefore" : 0, "bearerOnly" : false, "consentRequired" : false, "standardFlowEnabled" : false, "implicitFlowEnabled" : false, "directAccessGrantsEnabled" : false, "serviceAccountsEnabled" : true, "publicClient" : false, "frontchannelLogout" : false, "protocol" : "openid-connect", "attributes" : { "saml.force.post.binding" : "false", "saml.multivalued.roles" : "false", "frontchannel.logout.session.required" : "false", "oauth2.device.authorization.grant.enabled" : "false", "backchannel.logout.revoke.offline.tokens" : "false", "saml.server.signature.keyinfo.ext" : "false", "use.refresh.tokens" : "true", "oidc.ciba.grant.enabled" : "false", "backchannel.logout.session.required" : "true", "client_credentials.use_refresh_token" : "false", "require.pushed.authorization.requests" : "false", "saml.client.signature" : "false", "saml.allow.ecp.flow" : "false", "id.token.as.detached.signature" : "false", "saml.assertion.signature" : "false", "client.secret.creation.time" : "1665048112", "saml.encrypt" : "false", "saml.server.signature" : "false", "exclude.session.state.from.auth.response" : "false", "saml.artifact.binding" : "false", "saml_force_name_id_format" : "false", "acr.loa.map" : "{}", "tls.client.certificate.bound.access.tokens" : "false", "saml.authnstatement" : "false", "display.on.consent.screen" : "false", "token.response.type.bearer.lower-case" : "false", "saml.onetimeuse.condition" : "false" }, "authenticationFlowBindingOverrides" : { }, "fullScopeAllowed" : true, "nodeReRegistrationTimeout" : -1, "protocolMappers" : [ { "name" : "Client Host", "protocol" : "openid-connect", "protocolMapper" : "oidc-usersessionmodel-note-mapper", "consentRequired" : false, "config" : { "user.session.note" : "clientHost", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "clientHost", "jsonType.label" : "String" } }, { "name" : "Client IP Address", "protocol" : "openid-connect", "protocolMapper" : "oidc-usersessionmodel-note-mapper", "consentRequired" : false, "config" : { "user.session.note" : "clientAddress", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "clientAddress", "jsonType.label" : "String" } } ], "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] } ], "users": [ { "createdTimestamp" : 1664965113698, "username" : "onap-admin", "enabled" : true, "totp" : false, "emailVerified" : false, "attributes" : { "sdc_user" : [ "cs0008" ] }, "credentials" : [ { "type" : "password", "createdDate" : 1664965134586, "secretData" : "{\"value\":\"nD4K4x8HEgk6xlWIAgzZOE+EOjdbovJfEa7N3WXwIMCWCfdXpn7Riys7hZhI1NbKcc9QPI9j8LQB/JSuZVcXKA==\",\"salt\":\"T8X9A9tT2cyLvEjHFo+zuQ==\",\"additionalParameters\":{}}", "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" } ], "disableableCredentialTypes" : [ ], "requiredActions" : [ ], "realmRoles" : [ "default-roles-onap", "onap_admin" ], "notBefore" : 0, "groups" : [ ] }, { "createdTimestamp" : 1665048354760, "username" : "onap-designer", "enabled" : true, "totp" : false, "emailVerified" : false, "attributes" : { "sec_user" : [ "cs0008" ] }, "credentials" : [ ], "disableableCredentialTypes" : [ ], "requiredActions" : [ ], "realmRoles" : [ "default-roles-onap", "onap_designer" ], "notBefore" : 0, "groups" : [ ] }, { "createdTimestamp" : 1665048547054, "username" : "onap-operator", "enabled" : true, "totp" : false, "emailVerified" : false, "attributes" : { "sdc_user" : [ "cs0008" ] }, "credentials" : [ ], "disableableCredentialTypes" : [ ], "requiredActions" : [ ], "realmRoles" : [ "default-roles-onap", "onap_operator" ], "notBefore" : 0, "groups" : [ ] }, { "createdTimestamp" : 1665048112458, "username" : "service-account-portal-bff", "enabled" : true, "totp" : false, "emailVerified" : false, "serviceAccountClientId" : "portal-bff", "credentials" : [ ], "disableableCredentialTypes" : [ ], "requiredActions" : [ ], "realmRoles" : [ "default-roles-onap" ], "clientRoles" : { "realm-management" : [ "manage-realm", "manage-users" ] }, "notBefore" : 0, "groups" : [ ] } ], "clientScopes": [ { "name": "groups", "description": "Membership to a group", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "true", "display.on.consent.screen": "true", "gui.order": "", "consent.screen.text": "" }, "protocolMappers": [ { "name": "groups", "protocol": "openid-connect", "protocolMapper": "oidc-group-membership-mapper", "consentRequired": false, "config": { "full.path": "false", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "groups", "userinfo.token.claim": "true" } } ] } ], "attributes": { "frontendUrl": "{{ .Values.KEYCLOAK_URL }}", "acr.loa.map": "{\"ABC\":\"5\"}" } }