Code Review / oom.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Merge "[AAI] Add model-loader tracing config"
[oom.git] / kubernetes / platform / components / keycloak-init / resources / realms / onap-realm.json
1 {
2   "id": "ONAP",
3   "realm": "ONAP",
4   "enabled": true,
5   "roles": {
6     "realm": [
7       {
8         "name": "onap_admin",
9         "description": "User role for administration tasks in the portal.",
10         "composite": false,
11         "clientRole": false,
12         "containerId": "onap",
13         "attributes": {}
14       },
15       {
16         "name": "user",
17         "composite": false,
18         "clientRole": false,
19         "containerId": "onap",
20         "attributes": {}
21       },
22       {
23         "name": "admin",
24         "composite": false,
25         "clientRole": false,
26         "containerId": "onap",
27         "attributes": {}
28       },
29       {
30         "name": "onap_designer",
31         "description": "User role for designer tasks in the portal.",
32         "composite": false,
33         "clientRole": false,
34         "containerId": "onap",
35         "attributes": {}
36       },
37       {
38         "name": "offline_access",
39         "description": "${role_offline-access}",
40         "composite": false,
41         "clientRole": false,
42         "containerId": "onap",
43         "attributes": {}
44       },
45       {
46         "name": "onap_operator",
47         "description": "User role for operator tasks in the portal.",
48         "composite": false,
49         "clientRole": false,
50         "containerId": "onap",
51         "attributes": {}
52       },
53       {
54         "name": "uma_authorization",
55         "description": "${role_uma_authorization}",
56         "composite": false,
57         "clientRole": false,
58         "containerId": "onap",
59         "attributes": {}
60       },
61       {
62         "name": "default-roles-onap",
63         "description": "${role_default-roles}",
64         "composite": true,
65         "composites": {
66           "realm": [
67             "offline_access",
68             "uma_authorization"
69           ],
70           "client": {
71             "account": [
72               "view-profile",
73               "manage-account"
74             ]
75           }
76         },
77         "clientRole": false,
78         "containerId": "onap",
79         "attributes": {}
80       }
81     ]
82   },
83   "groups": [
84     {
85       "name": "admins",
86       "path": "/admins",
87       "attributes": {},
88       "realmRoles": [],
89       "clientRoles": {},
90       "subGroups": []
91     }
92   ],
93   "clients": [
94     {
95       "clientId": "oauth2-proxy",
96       "name": "Oauth2 Proxy",
97       "description": "",
98       "rootUrl": "",
99       "adminUrl": "",
100       "baseUrl": "",
101       "surrogateAuthRequired": false,
102       "enabled": true,
103       "alwaysDisplayInConsole": false,
104       "clientAuthenticatorType": "client-secret",
105       "secret": "5YSOkJz99WHv8enDZPknzJuGqVSerELp",
106       "redirectUris": [
107         "*"
108       ],
109       "webOrigins": [],
110       "notBefore": 0,
111       "bearerOnly": false,
112       "consentRequired": false,
113       "standardFlowEnabled": true,
114       "implicitFlowEnabled": false,
115       "directAccessGrantsEnabled": true,
116       "serviceAccountsEnabled": false,
117       "publicClient": false,
118       "frontchannelLogout": true,
119       "protocol": "openid-connect",
120       "attributes": {
121         "tls-client-certificate-bound-access-tokens": "false",
122         "oidc.ciba.grant.enabled": "false",
123         "backchannel.logout.session.required": "true",
124         "client_credentials.use_refresh_token": "false",
125         "acr.loa.map": "{}",
126         "require.pushed.authorization.requests": "false",
127         "oauth2.device.authorization.grant.enabled": "false",
128         "display.on.consent.screen": "false",
129         "backchannel.logout.revoke.offline.tokens": "false",
130         "token.response.type.bearer.lower-case": "false",
131         "use.refresh.tokens": "true"
132       },
133       "authenticationFlowBindingOverrides": {},
134       "fullScopeAllowed": true,
135       "nodeReRegistrationTimeout": -1,
136       "protocolMappers": [
137         {
138           "name": "SDC-User",
139           "protocol": "openid-connect",
140           "protocolMapper": "oidc-usermodel-attribute-mapper",
141           "consentRequired": false,
142           "config": {
143             "multivalued": "false",
144             "userinfo.token.claim": "true",
145             "user.attribute": "sdc_user",
146             "id.token.claim": "true",
147             "access.token.claim": "true",
148             "claim.name": "sdc_user",
149             "jsonType.label": "String"
150           }
151         }
152       ],
153       "defaultClientScopes": [
154         "web-origins",
155         "acr",
156         "profile",
157         "roles",
158         "email"
159       ],
160       "optionalClientScopes": [
161         "address",
162         "phone",
163         "offline_access",
164         "groups",
165         "microprofile-jwt"
166       ]
167     },
168     {
169       "clientId": "portal-app",
170       "surrogateAuthRequired": false,
171       "enabled": true,
172       "alwaysDisplayInConsole": false,
173       "clientAuthenticatorType": "client-secret",
174       "redirectUris": [
175         "{{ .Values.portalUrl }}/*",
176         "http://localhost/*"
177       ],
178       "webOrigins": [
179         "*"
180       ],
181       "notBefore": 0,
182       "bearerOnly": false,
183       "consentRequired": false,
184       "standardFlowEnabled": true,
185       "implicitFlowEnabled": false,
186       "directAccessGrantsEnabled": true,
187       "serviceAccountsEnabled": false,
188       "publicClient": true,
189       "frontchannelLogout": false,
190       "protocol": "openid-connect",
191       "attributes": {
192         "oidc.ciba.grant.enabled": "false",
193         "backchannel.logout.session.required": "true",
194         "post.logout.redirect.uris": "{{ .Values.portalUrl }}/*",
195         "oauth2.device.authorization.grant.enabled": "false",
196         "display.on.consent.screen": "false",
197         "backchannel.logout.revoke.offline.tokens": "false"
198       },
199       "authenticationFlowBindingOverrides": {},
200       "fullScopeAllowed": true,
201       "nodeReRegistrationTimeout": -1,
202       "protocolMappers": [
203         {
204           "name": "User-Roles",
205           "protocol": "openid-connect",
206           "protocolMapper": "oidc-usermodel-realm-role-mapper",
207           "consentRequired": false,
208           "config": {
209             "id.token.claim": "true",
210             "access.token.claim": "true",
211             "claim.name": "roles",
212             "multivalued": "true",
213             "userinfo.token.claim": "true"
214           }
215         },
216         {
217           "name": "SDC-User",
218           "protocol": "openid-connect",
219           "protocolMapper": "oidc-usermodel-attribute-mapper",
220           "consentRequired": false,
221           "config": {
222             "userinfo.token.claim": "true",
223             "user.attribute": "sdc_user",
224             "id.token.claim": "true",
225             "access.token.claim": "true",
226             "claim.name": "sdc_user",
227             "jsonType.label": "String"
228           }
229         }
230       ],
231       "defaultClientScopes": [
232         "web-origins",
233         "acr",
234         "profile",
235         "roles",
236         "email"
237       ],
238       "optionalClientScopes": [
239         "address",
240         "phone",
241         "offline_access",
242         "microprofile-jwt"
243       ]
244     },
245     {
246       "clientId" : "portal-bff",
247       "surrogateAuthRequired" : false,
248       "enabled" : true,
249       "alwaysDisplayInConsole" : false,
250       "clientAuthenticatorType" : "client-secret",
251       "secret" : "pKOuVH1bwRZoNzp5P5t4GV8CqcCJYVtr",
252       "redirectUris" : [ ],
253       "webOrigins" : [ ],
254       "notBefore" : 0,
255       "bearerOnly" : false,
256       "consentRequired" : false,
257       "standardFlowEnabled" : false,
258       "implicitFlowEnabled" : false,
259       "directAccessGrantsEnabled" : false,
260       "serviceAccountsEnabled" : true,
261       "publicClient" : false,
262       "frontchannelLogout" : false,
263       "protocol" : "openid-connect",
264       "attributes" : {
265         "saml.force.post.binding" : "false",
266         "saml.multivalued.roles" : "false",
267         "frontchannel.logout.session.required" : "false",
268         "oauth2.device.authorization.grant.enabled" : "false",
269         "backchannel.logout.revoke.offline.tokens" : "false",
270         "saml.server.signature.keyinfo.ext" : "false",
271         "use.refresh.tokens" : "true",
272         "oidc.ciba.grant.enabled" : "false",
273         "backchannel.logout.session.required" : "true",
274         "client_credentials.use_refresh_token" : "false",
275         "require.pushed.authorization.requests" : "false",
276         "saml.client.signature" : "false",
277         "saml.allow.ecp.flow" : "false",
278         "id.token.as.detached.signature" : "false",
279         "saml.assertion.signature" : "false",
280         "client.secret.creation.time" : "1665048112",
281         "saml.encrypt" : "false",
282         "saml.server.signature" : "false",
283         "exclude.session.state.from.auth.response" : "false",
284         "saml.artifact.binding" : "false",
285         "saml_force_name_id_format" : "false",
286         "acr.loa.map" : "{}",
287         "tls.client.certificate.bound.access.tokens" : "false",
288         "saml.authnstatement" : "false",
289         "display.on.consent.screen" : "false",
290         "token.response.type.bearer.lower-case" : "false",
291         "saml.onetimeuse.condition" : "false"
292       },
293       "authenticationFlowBindingOverrides" : { },
294       "fullScopeAllowed" : true,
295       "nodeReRegistrationTimeout" : -1,
296       "protocolMappers" : [ {
297         "name" : "Client Host",
298         "protocol" : "openid-connect",
299         "protocolMapper" : "oidc-usersessionmodel-note-mapper",
300         "consentRequired" : false,
301         "config" : {
302           "user.session.note" : "clientHost",
303           "id.token.claim" : "true",
304           "access.token.claim" : "true",
305           "claim.name" : "clientHost",
306           "jsonType.label" : "String"
307         }
308       }, {
309         "name" : "Client IP Address",
310         "protocol" : "openid-connect",
311         "protocolMapper" : "oidc-usersessionmodel-note-mapper",
312         "consentRequired" : false,
313         "config" : {
314           "user.session.note" : "clientAddress",
315           "id.token.claim" : "true",
316           "access.token.claim" : "true",
317           "claim.name" : "clientAddress",
318           "jsonType.label" : "String"
319         }
320       } ],
321       "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ],
322       "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
323     }
324   ],
325   "users": [
326     {
327       "createdTimestamp" : 1664965113698,
328       "username" : "onap-admin",
329       "enabled" : true,
330       "totp" : false,
331       "emailVerified" : false,
332       "attributes" : {
333         "sdc_user" : [ "cs0008" ]
334       },
335       "credentials" : [ {
336         "type" : "password",
337         "createdDate" : 1664965134586,
338         "secretData" : "{\"value\":\"nD4K4x8HEgk6xlWIAgzZOE+EOjdbovJfEa7N3WXwIMCWCfdXpn7Riys7hZhI1NbKcc9QPI9j8LQB/JSuZVcXKA==\",\"salt\":\"T8X9A9tT2cyLvEjHFo+zuQ==\",\"additionalParameters\":{}}",
339         "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
340       } ],
341       "disableableCredentialTypes" : [ ],
342       "requiredActions" : [ ],
343       "realmRoles" : [ "default-roles-onap", "onap_admin" ],
344       "notBefore" : 0,
345       "groups" : [ ]
346     }, {
347       "createdTimestamp" : 1665048354760,
348       "username" : "onap-designer",
349       "enabled" : true,
350       "totp" : false,
351       "emailVerified" : false,
352       "attributes" : {
353         "sec_user" : [ "cs0008" ]
354       },
355       "credentials" : [ ],
356       "disableableCredentialTypes" : [ ],
357       "requiredActions" : [ ],
358       "realmRoles" : [ "default-roles-onap", "onap_designer" ],
359       "notBefore" : 0,
360       "groups" : [ ]
361     }, {
362       "createdTimestamp" : 1665048547054,
363       "username" : "onap-operator",
364       "enabled" : true,
365       "totp" : false,
366       "emailVerified" : false,
367       "attributes" : {
368         "sdc_user" : [ "cs0008" ]
369       },
370       "credentials" : [ ],
371       "disableableCredentialTypes" : [ ],
372       "requiredActions" : [ ],
373       "realmRoles" : [ "default-roles-onap", "onap_operator" ],
374       "notBefore" : 0,
375       "groups" : [ ]
376     }, {
377       "createdTimestamp" : 1665048112458,
378       "username" : "service-account-portal-bff",
379       "enabled" : true,
380       "totp" : false,
381       "emailVerified" : false,
382       "serviceAccountClientId" : "portal-bff",
383       "credentials" : [ ],
384       "disableableCredentialTypes" : [ ],
385       "requiredActions" : [ ],
386       "realmRoles" : [ "default-roles-onap" ],
387       "clientRoles" : {
388         "realm-management" : [ "manage-realm", "manage-users" ]
389       },
390       "notBefore" : 0,
391       "groups" : [ ]
392     }
393   ],
394   "clientScopes": [
395     {
396       "name": "groups",
397       "description": "Membership to a group",
398       "protocol": "openid-connect",
399       "attributes": {
400         "include.in.token.scope": "true",
401         "display.on.consent.screen": "true",
402         "gui.order": "",
403         "consent.screen.text": ""
404       },
405       "protocolMappers": [
406         {
407           "name": "groups",
408           "protocol": "openid-connect",
409           "protocolMapper": "oidc-group-membership-mapper",
410           "consentRequired": false,
411           "config": {
412             "full.path": "false",
413             "id.token.claim": "true",
414             "access.token.claim": "true",
415             "claim.name": "groups",
416             "userinfo.token.claim": "true"
417           }
418         }
419       ]
420     }
421   ],
422   "attributes": {
423     "frontendUrl": "{{ .Values.KEYCLOAK_URL }}",
424     "acr.loa.map": "{\"ABC\":\"5\"}"
425   }
426 }
Introduces the ONAP Platform OOM (ONAP Operations Manager) to efficiently Deploy, Manage, Operate the ONAP platform and its components (e.g. MSO, DCAE, SDC, etc.) and infrastructure (VMs, Containers).