Code Review / oom.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Merge "[PLATFORM] Add Keycloak ONAP REALM import"
[oom.git] / kubernetes / platform / components / keycloak-init / components / keycloak-config-cli / resources / realm / onap-realm.json
1 {
2   "id": "ONAP",
3   "realm": "ONAP",
4   "enabled": true,
5   "roles": {
6     "realm": [
7       {
8         "name": "onap_admin",
9         "description": "User role for administration tasks in the portal.",
10         "composite": false,
11         "clientRole": false,
12         "containerId": "onap",
13         "attributes": {}
14       },
15       {
16         "name": "user",
17         "composite": false,
18         "clientRole": false,
19         "containerId": "onap",
20         "attributes": {}
21       },
22       {
23         "name": "admin",
24         "composite": false,
25         "clientRole": false,
26         "containerId": "onap",
27         "attributes": {}
28       },
29       {
30         "name": "onap_designer",
31         "description": "User role for designer tasks in the portal.",
32         "composite": false,
33         "clientRole": false,
34         "containerId": "onap",
35         "attributes": {}
36       },
37       {
38         "name": "offline_access",
39         "description": "${role_offline-access}",
40         "composite": false,
41         "clientRole": false,
42         "containerId": "onap",
43         "attributes": {}
44       },
45       {
46         "name": "onap_operator",
47         "description": "User role for operator tasks in the portal.",
48         "composite": false,
49         "clientRole": false,
50         "containerId": "onap",
51         "attributes": {}
52       },
53       {
54         "name": "uma_authorization",
55         "description": "${role_uma_authorization}",
56         "composite": false,
57         "clientRole": false,
58         "containerId": "onap",
59         "attributes": {}
60       },
61       {
62         "name": "default-roles-onap",
63         "description": "${role_default-roles}",
64         "composite": true,
65         "composites": {
66           "realm": [
67             "offline_access",
68             "uma_authorization"
69           ],
70           "client": {
71             "account": [
72               "view-profile",
73               "manage-account"
74             ]
75           }
76         },
77         "clientRole": false,
78         "containerId": "onap",
79         "attributes": {}
80       }
81     ]
82   },
83   "clients": [
84     {
85       "clientId": "portal-app",
86       "surrogateAuthRequired": false,
87       "enabled": true,
88       "alwaysDisplayInConsole": false,
89       "clientAuthenticatorType": "client-secret",
90       "redirectUris": [
91         "{{ .Values.portalUrl }}/*",
92         "http://localhost/*"
93       ],
94       "webOrigins": [
95         "*"
96       ],
97       "notBefore": 0,
98       "bearerOnly": false,
99       "consentRequired": false,
100       "standardFlowEnabled": true,
101       "implicitFlowEnabled": false,
102       "directAccessGrantsEnabled": true,
103       "serviceAccountsEnabled": false,
104       "publicClient": true,
105       "frontchannelLogout": false,
106       "protocol": "openid-connect",
107       "attributes": {
108         "oidc.ciba.grant.enabled": "false",
109         "backchannel.logout.session.required": "true",
110         "post.logout.redirect.uris": "{{ .Values.portalUrl }}/*",
111         "oauth2.device.authorization.grant.enabled": "false",
112         "display.on.consent.screen": "false",
113         "backchannel.logout.revoke.offline.tokens": "false"
114       },
115       "authenticationFlowBindingOverrides": {},
116       "fullScopeAllowed": true,
117       "nodeReRegistrationTimeout": -1,
118       "protocolMappers": [
119         {
120           "name": "User-Roles",
121           "protocol": "openid-connect",
122           "protocolMapper": "oidc-usermodel-realm-role-mapper",
123           "consentRequired": false,
124           "config": {
125             "id.token.claim": "true",
126             "access.token.claim": "true",
127             "claim.name": "roles",
128             "multivalued": "true",
129             "userinfo.token.claim": "true"
130           }
131         },
132         {
133           "name": "SDC-User",
134           "protocol": "openid-connect",
135           "protocolMapper": "oidc-usermodel-attribute-mapper",
136           "consentRequired": false,
137           "config": {
138             "userinfo.token.claim": "true",
139             "user.attribute": "sdc_user",
140             "id.token.claim": "true",
141             "access.token.claim": "true",
142             "claim.name": "sdc_user",
143             "jsonType.label": "String"
144           }
145         }
146       ],
147       "defaultClientScopes": [
148         "web-origins",
149         "acr",
150         "profile",
151         "roles",
152         "email"
153       ],
154       "optionalClientScopes": [
155         "address",
156         "phone",
157         "offline_access",
158         "microprofile-jwt"
159       ]
160     }, {
161       "clientId" : "portal-bff",
162       "surrogateAuthRequired" : false,
163       "enabled" : true,
164       "alwaysDisplayInConsole" : false,
165       "clientAuthenticatorType" : "client-secret",
166       "secret" : "pKOuVH1bwRZoNzp5P5t4GV8CqcCJYVtr",
167       "redirectUris" : [ ],
168       "webOrigins" : [ ],
169       "notBefore" : 0,
170       "bearerOnly" : false,
171       "consentRequired" : false,
172       "standardFlowEnabled" : false,
173       "implicitFlowEnabled" : false,
174       "directAccessGrantsEnabled" : false,
175       "serviceAccountsEnabled" : true,
176       "publicClient" : false,
177       "frontchannelLogout" : false,
178       "protocol" : "openid-connect",
179       "attributes" : {
180         "saml.force.post.binding" : "false",
181         "saml.multivalued.roles" : "false",
182         "frontchannel.logout.session.required" : "false",
183         "oauth2.device.authorization.grant.enabled" : "false",
184         "backchannel.logout.revoke.offline.tokens" : "false",
185         "saml.server.signature.keyinfo.ext" : "false",
186         "use.refresh.tokens" : "true",
187         "oidc.ciba.grant.enabled" : "false",
188         "backchannel.logout.session.required" : "true",
189         "client_credentials.use_refresh_token" : "false",
190         "require.pushed.authorization.requests" : "false",
191         "saml.client.signature" : "false",
192         "saml.allow.ecp.flow" : "false",
193         "id.token.as.detached.signature" : "false",
194         "saml.assertion.signature" : "false",
195         "client.secret.creation.time" : "1665048112",
196         "saml.encrypt" : "false",
197         "saml.server.signature" : "false",
198         "exclude.session.state.from.auth.response" : "false",
199         "saml.artifact.binding" : "false",
200         "saml_force_name_id_format" : "false",
201         "acr.loa.map" : "{}",
202         "tls.client.certificate.bound.access.tokens" : "false",
203         "saml.authnstatement" : "false",
204         "display.on.consent.screen" : "false",
205         "token.response.type.bearer.lower-case" : "false",
206         "saml.onetimeuse.condition" : "false"
207       },
208       "authenticationFlowBindingOverrides" : { },
209       "fullScopeAllowed" : true,
210       "nodeReRegistrationTimeout" : -1,
211       "protocolMappers" : [ {
212         "name" : "Client Host",
213         "protocol" : "openid-connect",
214         "protocolMapper" : "oidc-usersessionmodel-note-mapper",
215         "consentRequired" : false,
216         "config" : {
217           "user.session.note" : "clientHost",
218           "id.token.claim" : "true",
219           "access.token.claim" : "true",
220           "claim.name" : "clientHost",
221           "jsonType.label" : "String"
222         }
223       }, {
224         "name" : "Client IP Address",
225         "protocol" : "openid-connect",
226         "protocolMapper" : "oidc-usersessionmodel-note-mapper",
227         "consentRequired" : false,
228         "config" : {
229           "user.session.note" : "clientAddress",
230           "id.token.claim" : "true",
231           "access.token.claim" : "true",
232           "claim.name" : "clientAddress",
233           "jsonType.label" : "String"
234         }
235       } ],
236       "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ],
237       "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
238     }],
239   "users": [
240     {
241       "createdTimestamp" : 1664965113698,
242       "username" : "onap-admin",
243       "enabled" : true,
244       "totp" : false,
245       "emailVerified" : false,
246       "attributes" : {
247         "sdc_user" : [ "cs0008" ]
248       },
249       "credentials" : [ {
250         "type" : "password",
251         "createdDate" : 1664965134586,
252         "secretData" : "{\"value\":\"nD4K4x8HEgk6xlWIAgzZOE+EOjdbovJfEa7N3WXwIMCWCfdXpn7Riys7hZhI1NbKcc9QPI9j8LQB/JSuZVcXKA==\",\"salt\":\"T8X9A9tT2cyLvEjHFo+zuQ==\",\"additionalParameters\":{}}",
253         "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
254       } ],
255       "disableableCredentialTypes" : [ ],
256       "requiredActions" : [ ],
257       "realmRoles" : [ "default-roles-onap", "onap_admin" ],
258       "notBefore" : 0,
259       "groups" : [ ]
260     }, {
261       "createdTimestamp" : 1665048354760,
262       "username" : "onap-designer",
263       "enabled" : true,
264       "totp" : false,
265       "emailVerified" : false,
266       "attributes" : {
267         "sec_user" : [ "cs0008" ]
268       },
269       "credentials" : [ ],
270       "disableableCredentialTypes" : [ ],
271       "requiredActions" : [ ],
272       "realmRoles" : [ "default-roles-onap", "onap_designer" ],
273       "notBefore" : 0,
274       "groups" : [ ]
275     }, {
276       "createdTimestamp" : 1665048547054,
277       "username" : "onap-operator",
278       "enabled" : true,
279       "totp" : false,
280       "emailVerified" : false,
281       "attributes" : {
282         "sdc_user" : [ "cs0008" ]
283       },
284       "credentials" : [ ],
285       "disableableCredentialTypes" : [ ],
286       "requiredActions" : [ ],
287       "realmRoles" : [ "default-roles-onap", "onap_operator" ],
288       "notBefore" : 0,
289       "groups" : [ ]
290     }, {
291       "createdTimestamp" : 1665048112458,
292       "username" : "service-account-portal-bff",
293       "enabled" : true,
294       "totp" : false,
295       "emailVerified" : false,
296       "serviceAccountClientId" : "portal-bff",
297       "credentials" : [ ],
298       "disableableCredentialTypes" : [ ],
299       "requiredActions" : [ ],
300       "realmRoles" : [ "default-roles-onap" ],
301       "clientRoles" : {
302         "realm-management" : [ "manage-realm", "manage-users" ]
303       },
304       "notBefore" : 0,
305       "groups" : [ ]
306     }
307   ],
308   "attributes": {
309     "frontendUrl": "{{ .Values.portalUrl }}/auth/",
310     "acr.loa.map": "{\"ABC\":\"5\"}"
311   }
312 }
Introduces the ONAP Platform OOM (ONAP Operations Manager) to efficiently Deploy, Manage, Operate the ONAP platform and its components (e.g. MSO, DCAE, SDC, etc.) and infrastructure (VMs, Containers).