Keycloak

Форк
0
/
ldaprealm.json 
290 строк · 9.9 Кб
1
{
2
  "id": "ldap-demo",
3
  "realm": "ldap-demo",
4
  "enabled": true,
5
  "sslRequired": "external",
6
  "privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
7
  "publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
8
  "requiredCredentials": [ "password" ],
9
  "clients": [
10
    {
11
      "clientId": "finance",
12
      "enabled": true,
13
      "bearerOnly": true
14
    },
15
    {
16
      "clientId": "ldap-app",
17
      "enabled": true,
18
      "baseUrl": "/ldap-portal",
19
      "redirectUris": [
20
        "/ldap-portal/*"
21
      ],
22
      "adminUrl": "/ldap-portal",
23
      "secret": "password",
24
      "fullScopeAllowed": true,
25
      "protocolMappers": [
26
        {
27
          "protocolMapper" : "oidc-usermodel-property-mapper",
28
          "protocol" : "openid-connect",
29
          "name" : "username",
30
          "config" : {
31
            "Claim JSON Type" : "String",
32
            "user.attribute" : "username",
33
            "claim.name" : "preferred_username",
34
            "id.token.claim" : "true",
35
            "access.token.claim" : "true"
36
          }
37
        },
38
        {
39
          "protocolMapper" : "oidc-full-name-mapper",
40
          "protocol" : "openid-connect",
41
          "name" : "full name",
42
          "config" : {
43
            "id.token.claim" : "true",
44
            "access.token.claim" : "true"
45
          }
46
        },
47
        {
48
          "protocolMapper" : "oidc-usermodel-property-mapper",
49
          "protocol" : "openid-connect",
50
          "name" : "given name",
51
          "config" : {
52
            "Claim JSON Type" : "String",
53
            "user.attribute" : "firstName",
54
            "claim.name" : "given_name",
55
            "id.token.claim" : "true",
56
            "access.token.claim" : "true"
57
          }
58
        },
59
        {
60
          "protocolMapper" : "oidc-usermodel-property-mapper",
61
          "protocol" : "openid-connect",
62
          "name" : "family name",
63
          "config" : {
64
            "Claim JSON Type" : "String",
65
            "user.attribute" : "lastName",
66
            "claim.name" : "family_name",
67
            "id.token.claim" : "true",
68
            "access.token.claim" : "true"
69
          }
70
        },
71
        {
72
          "protocolMapper" : "oidc-usermodel-property-mapper",
73
          "protocol" : "openid-connect",
74
          "name" : "email",
75
          "config" : {
76
            "Claim JSON Type" : "String",
77
            "user.attribute" : "email",
78
            "claim.name" : "email",
79
            "id.token.claim" : "true",
80
            "access.token.claim" : "true"
81
          }
82
        },
83
        {
84
          "protocolMapper" : "oidc-usermodel-attribute-mapper",
85
          "protocol" : "openid-connect",
86
          "name" : "postal code",
87
          "config" : {
88
            "Claim JSON Type" : "String",
89
            "user.attribute" : "postal_code",
90
            "claim.name" : "postal_code",
91
            "multivalued": "true",
92
            "id.token.claim" : "true",
93
            "access.token.claim" : "true"
94
          }
95
        },
96
        {
97
          "protocolMapper" : "oidc-usermodel-attribute-mapper",
98
          "protocol" : "openid-connect",
99
          "name" : "street",
100
          "config" : {
101
            "Claim JSON Type" : "String",
102
            "user.attribute" : "street",
103
            "claim.name" : "street",
104
            "multivalued": "false",
105
            "id.token.claim" : "true",
106
            "access.token.claim" : "true"
107
          }
108
        },
109
        {
110
          "protocolMapper" : "oidc-usermodel-attribute-mapper",
111
          "protocol" : "openid-connect",
112
          "name" : "picture",
113
          "config" : {
114
            "Claim JSON Type" : "String",
115
            "user.attribute" : "picture",
116
            "claim.name" : "picture",
117
            "multivalued": "false",
118
            "id.token.claim" : "true",
119
            "access.token.claim" : "true"
120
          }
121
        }
122
      ]
123
    }
124
  ],
125
  "userFederationProviders": [
126
    {
127
      "displayName": "ldap-apacheds",
128
      "providerName": "ldap",
129
      "priority": 1,
130
      "fullSyncPeriod": -1,
131
      "changedSyncPeriod": -1,
132
      "config": {
133
        "pagination" : "true",
134
        "debug" : "false",
135
        "searchScope" : "1",
136
        "connectionPooling" : "true",
137
        "usersDn" : "ou=People,dc=keycloak,dc=org",
138
        "userObjectClasses" : "inetOrgPerson, organizationalPerson",
139
        "usernameLDAPAttribute" : "uid",
140
        "bindDn" : "uid=admin,ou=system",
141
        "bindCredential" : "secret",
142
        "rdnLDAPAttribute" : "uid",
143
        "vendor" : "other",
144
        "editMode" : "WRITABLE",
145
        "uuidLDAPAttribute" : "entryUUID",
146
        "connectionUrl" : "ldap://localhost:10389",
147
        "syncRegistrations" : "true",
148
        "authType" : "simple"
149
      }
150
    }
151
  ],
152
  "userFederationMappers" : [
153
    {
154
      "name" : "username",
155
      "federationMapperType" : "user-attribute-ldap-mapper",
156
      "federationProviderDisplayName" : "ldap-apacheds",
157
      "config" : {
158
        "ldap.attribute" : "uid",
159
        "user.model.attribute" : "username",
160
        "is.mandatory.in.ldap" : "true",
161
        "read.only" : "false",
162
        "always.read.value.from.ldap" : "false"
163
      }
164
    },
165
    {
166
      "name" : "first name",
167
      "federationMapperType" : "user-attribute-ldap-mapper",
168
      "federationProviderDisplayName" : "ldap-apacheds",
169
      "config" : {
170
        "ldap.attribute" : "cn",
171
        "user.model.attribute" : "firstName",
172
        "is.mandatory.in.ldap" : "true",
173
        "read.only" : "false",
174
        "always.read.value.from.ldap" : "false"
175
      }
176
    },
177
    {
178
      "name" : "last name",
179
      "federationMapperType" : "user-attribute-ldap-mapper",
180
      "federationProviderDisplayName" : "ldap-apacheds",
181
      "config" : {
182
        "ldap.attribute" : "sn",
183
        "user.model.attribute" : "lastName",
184
        "is.mandatory.in.ldap" : "true",
185
        "read.only" : "false",
186
        "always.read.value.from.ldap" : "false"
187
      }
188
    },
189
    {
190
      "name" : "email",
191
      "federationMapperType" : "user-attribute-ldap-mapper",
192
      "federationProviderDisplayName" : "ldap-apacheds",
193
      "config" : {
194
        "ldap.attribute" : "mail",
195
        "user.model.attribute" : "email",
196
        "is.mandatory.in.ldap" : "false",
197
        "read.only" : "false",
198
        "always.read.value.from.ldap" : "false"
199
      }
200
    },
201
    {
202
      "name" : "creation date",
203
      "federationMapperType" : "user-attribute-ldap-mapper",
204
      "federationProviderDisplayName" : "ldap-apacheds",
205
      "config" : {
206
        "ldap.attribute" : "createTimestamp",
207
        "user.model.attribute" : "createTimestamp",
208
        "is.mandatory.in.ldap" : "false",
209
        "read.only" : "true",
210
        "always.read.value.from.ldap" : "false"
211
      }
212
    },
213
    {
214
      "name" : "modify date",
215
      "federationMapperType" : "user-attribute-ldap-mapper",
216
      "federationProviderDisplayName" : "ldap-apacheds",
217
      "config" : {
218
        "ldap.attribute" : "modifyTimestamp",
219
        "user.model.attribute" : "modifyTimestamp",
220
        "is.mandatory.in.ldap" : "false",
221
        "read.only" : "true",
222
        "always.read.value.from.ldap" : "false"
223
      }
224
    },
225
    {
226
      "name" : "postal code",
227
      "federationMapperType" : "user-attribute-ldap-mapper",
228
      "federationProviderDisplayName" : "ldap-apacheds",
229
      "config" : {
230
        "ldap.attribute" : "postalCode",
231
        "user.model.attribute" : "postal_code",
232
        "is.mandatory.in.ldap" : "false",
233
        "read.only" : "false",
234
        "always.read.value.from.ldap" : "false"
235
      }
236
    },
237
    {
238
      "name" : "street",
239
      "federationMapperType" : "user-attribute-ldap-mapper",
240
      "federationProviderDisplayName" : "ldap-apacheds",
241
      "config" : {
242
        "ldap.attribute" : "street",
243
        "user.model.attribute" : "street",
244
        "is.mandatory.in.ldap" : "false",
245
        "read.only" : "false",
246
        "always.read.value.from.ldap" : "false"
247
      }
248
    },
249
    {
250
      "name" : "picture",
251
      "federationMapperType" : "user-attribute-ldap-mapper",
252
      "federationProviderDisplayName" : "ldap-apacheds",
253
      "config" : {
254
        "ldap.attribute" : "jpegPhoto",
255
        "user.model.attribute" : "picture",
256
        "is.mandatory.in.ldap" : "false",
257
        "read.only" : "false",
258
        "always.read.value.from.ldap" : "true",
259
        "is.binary.attribute" : "true"
260
      }
261
    },
262
    {
263
      "name" : "realm roles",
264
      "federationMapperType" : "role-ldap-mapper",
265
      "federationProviderDisplayName" : "ldap-apacheds",
266
      "config" : {
267
        "roles.dn" : "ou=RealmRoles,dc=keycloak,dc=org",
268
        "membership.ldap.attribute" : "member",
269
        "role.name.ldap.attribute" : "cn",
270
        "role.object.classes" : "groupOfNames",
271
        "mode" : "LDAP_ONLY",
272
        "use.realm.roles.mapping" : "true"
273
      }
274
    },
275
    {
276
      "name" : "finance roles",
277
      "federationMapperType" : "role-ldap-mapper",
278
      "federationProviderDisplayName" : "ldap-apacheds",
279
      "config" : {
280
        "roles.dn" : "ou=FinanceRoles,dc=keycloak,dc=org",
281
        "membership.ldap.attribute" : "member",
282
        "role.name.ldap.attribute" : "cn",
283
        "role.object.classes" : "groupOfNames",
284
        "mode" : "LDAP_ONLY",
285
        "use.realm.roles.mapping" : "false",
286
        "client.id" : "finance"
287
      }
288
    }
289
  ]
290
}

Использование cookies

Мы используем файлы cookie в соответствии с Политикой конфиденциальности и Политикой использования cookies.

Нажимая кнопку «Принимаю», Вы даете АО «СберТех» согласие на обработку Ваших персональных данных в целях совершенствования нашего веб-сайта и Сервиса GitVerse, а также повышения удобства их использования.

Запретить использование cookies Вы можете самостоятельно в настройках Вашего браузера.