summaryrefslogtreecommitdiffstats
path: root/development/config/onap-realm.json
blob: e8000ea48c2f90a4c35e4dce95e73325b6d75d8c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
{
  "id": "ONAP",
  "realm": "ONAP",
  "enabled": true,
  "clients": [
    {
      "clientId": "portal-app",
      "surrogateAuthRequired": false,
      "enabled": true,
      "alwaysDisplayInConsole": false,
      "clientAuthenticatorType": "client-secret",
      "redirectUris": [
        "http://localhost/*"
      ],
      "webOrigins": [
        "*"
      ],
      "notBefore": 0,
      "bearerOnly": false,
      "consentRequired": false,
      "standardFlowEnabled": true,
      "implicitFlowEnabled": false,
      "directAccessGrantsEnabled": true,
      "serviceAccountsEnabled": false,
      "publicClient": true,
      "frontchannelLogout": false,
      "protocol": "openid-connect",
      "attributes": {
        "backchannel.logout.session.required": "true",
        "backchannel.logout.revoke.offline.tokens": "false"
      },
      "authenticationFlowBindingOverrides": {},
      "fullScopeAllowed": true,
      "nodeReRegistrationTimeout": -1,
      "protocolMappers": [
        {
          "name": "User-Roles",
          "protocol": "openid-connect",
          "protocolMapper": "oidc-usermodel-realm-role-mapper",
          "consentRequired": false,
          "config": {
            "id.token.claim": "true",
            "access.token.claim": "true",
            "claim.name": "roles",
            "multivalued": "true",
            "userinfo.token.claim": "true"
          }
        },
        {
          "name": "SDC-User",
          "protocol": "openid-connect",
          "protocolMapper": "oidc-usermodel-attribute-mapper",
          "consentRequired": false,
          "config": {
            "userinfo.token.claim": "true",
            "user.attribute": "sdc_user",
            "id.token.claim": "true",
            "access.token.claim": "true",
            "claim.name": "sdc_user",
            "jsonType.label": "String"
          }
        }
      ],
      "defaultClientScopes": [
        "web-origins",
        "acr",
        "profile",
        "roles",
        "email"
      ],
      "optionalClientScopes": [
        "address",
        "phone",
        "offline_access",
        "microprofile-jwt"
      ]
    }, {
      "clientId" : "portal-bff",
      "surrogateAuthRequired" : false,
      "enabled" : true,
      "alwaysDisplayInConsole" : false,
      "clientAuthenticatorType" : "client-secret",
      "secret" : "pKOuVH1bwRZoNzp5P5t4GV8CqcCJYVtr",
      "redirectUris" : [ ],
      "webOrigins" : [ ],
      "notBefore" : 0,
      "bearerOnly" : false,
      "consentRequired" : false,
      "standardFlowEnabled" : false,
      "implicitFlowEnabled" : false,
      "directAccessGrantsEnabled" : false,
      "serviceAccountsEnabled" : true,
      "publicClient" : false,
      "frontchannelLogout" : false,
      "protocol" : "openid-connect",
      "attributes" : {
        "saml.force.post.binding" : "false",
        "saml.multivalued.roles" : "false",
        "frontchannel.logout.session.required" : "false",
        "oauth2.device.authorization.grant.enabled" : "false",
        "backchannel.logout.revoke.offline.tokens" : "false",
        "saml.server.signature.keyinfo.ext" : "false",
        "use.refresh.tokens" : "true",
        "oidc.ciba.grant.enabled" : "false",
        "backchannel.logout.session.required" : "true",
        "client_credentials.use_refresh_token" : "false",
        "require.pushed.authorization.requests" : "false",
        "saml.client.signature" : "false",
        "saml.allow.ecp.flow" : "false",
        "id.token.as.detached.signature" : "false",
        "saml.assertion.signature" : "false",
        "client.secret.creation.time" : "1665048112",
        "saml.encrypt" : "false",
        "saml.server.signature" : "false",
        "exclude.session.state.from.auth.response" : "false",
        "saml.artifact.binding" : "false",
        "saml_force_name_id_format" : "false",
        "acr.loa.map" : "{}",
        "tls.client.certificate.bound.access.tokens" : "false",
        "saml.authnstatement" : "false",
        "display.on.consent.screen" : "false",
        "token.response.type.bearer.lower-case" : "false",
        "saml.onetimeuse.condition" : "false"
      },
      "authenticationFlowBindingOverrides" : { },
      "fullScopeAllowed" : true,
      "nodeReRegistrationTimeout" : -1,
      "protocolMappers" : [ {
        "name" : "Client Host",
        "protocol" : "openid-connect",
        "protocolMapper" : "oidc-usersessionmodel-note-mapper",
        "consentRequired" : false,
        "config" : {
          "user.session.note" : "clientHost",
          "id.token.claim" : "true",
          "access.token.claim" : "true",
          "claim.name" : "clientHost",
          "jsonType.label" : "String"
        }
      }, {
        "name" : "Client IP Address",
        "protocol" : "openid-connect",
        "protocolMapper" : "oidc-usersessionmodel-note-mapper",
        "consentRequired" : false,
        "config" : {
          "user.session.note" : "clientAddress",
          "id.token.claim" : "true",
          "access.token.claim" : "true",
          "claim.name" : "clientAddress",
          "jsonType.label" : "String"
        }
      } ],
      "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ],
      "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
    }],
  "users": [
    {
      "createdTimestamp" : 1664965113698,
      "username" : "onap-admin",
      "enabled" : true,
      "totp" : false,
      "emailVerified" : false,
      "attributes" : {
        "sdc_user" : [ "cs0008" ]
      },
      "credentials" : [ {
        "type" : "password",
        "createdDate" : 1664965134586,
        "secretData" : "{\"value\":\"nD4K4x8HEgk6xlWIAgzZOE+EOjdbovJfEa7N3WXwIMCWCfdXpn7Riys7hZhI1NbKcc9QPI9j8LQB/JSuZVcXKA==\",\"salt\":\"T8X9A9tT2cyLvEjHFo+zuQ==\",\"additionalParameters\":{}}",
        "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
      } ],
      "disableableCredentialTypes" : [ ],
      "requiredActions" : [ ],
      "realmRoles" : [ "default-roles-onap", "onap_admin" ],
      "notBefore" : 0,
      "groups" : [ ]
    }, {
      "createdTimestamp" : 1665048354760,
      "username" : "onap-designer",
      "enabled" : true,
      "totp" : false,
      "emailVerified" : false,
      "attributes" : {
        "sec_user" : [ "cs0008" ]
      },
      "credentials" : [ ],
      "disableableCredentialTypes" : [ ],
      "requiredActions" : [ ],
      "realmRoles" : [ "default-roles-onap", "onap_designer" ],
      "notBefore" : 0,
      "groups" : [ ]
    }, {
      "createdTimestamp" : 1665048547054,
      "username" : "onap-operator",
      "enabled" : true,
      "totp" : false,
      "emailVerified" : false,
      "attributes" : {
        "sdc_user" : [ "cs0008" ]
      },
      "credentials" : [ ],
      "disableableCredentialTypes" : [ ],
      "requiredActions" : [ ],
      "realmRoles" : [ "default-roles-onap", "onap_operator" ],
      "notBefore" : 0,
      "groups" : [ ]
    }, {
      "createdTimestamp" : 1665048112458,
      "username" : "service-account-portal-bff",
      "enabled" : true,
      "totp" : false,
      "emailVerified" : false,
      "serviceAccountClientId" : "portal-bff",
      "credentials" : [ ],
      "disableableCredentialTypes" : [ ],
      "requiredActions" : [ ],
      "realmRoles" : [ "default-roles-onap" ],
      "clientRoles" : {
        "realm-management" : [ "manage-realm", "manage-users" ]
      },
      "notBefore" : 0,
      "groups" : [ ]
    }
  ],
  "attributes": {
    "frontendUrl": "http://localhost:8080/auth/"
  }
}