From c01e334ebc8180ece1325cc8c2204529268540cc Mon Sep 17 00:00:00 2001 From: Chen Wang Date: Tue, 10 May 2022 10:14:33 -0500 Subject: [PATCH 1/7] add a redirect registration endpoint --- backend/app/config.py | 3 +++ backend/app/routers/keycloak.py | 4 ++++ 2 files changed, 7 insertions(+) diff --git a/backend/app/config.py b/backend/app/config.py index e5e9f5488..d86cb1323 100644 --- a/backend/app/config.py +++ b/backend/app/config.py @@ -40,6 +40,9 @@ class Settings(BaseSettings): auth_realm = "clowder" auth_client_id = "clowder2-backend" auth_url = f"{auth_base}/auth/realms/{auth_realm}/protocol/openid-connect/auth?client_id={auth_client_id}&response_type=code" + # scope=openid email&redirect_uri=http:///&kc_locale= + auth_register_url = f"{auth_base}/auth/realms/{auth_realm}/protocol/openid-connect/registrations?client_id" \ + f"={auth_client_id}&response_type=code" auth_token_url = ( f"{auth_base}/auth/realms/{auth_realm}/protocol/openid-connect/token" ) diff --git a/backend/app/routers/keycloak.py b/backend/app/routers/keycloak.py index 5b2188bff..5a67af82e 100644 --- a/backend/app/routers/keycloak.py +++ b/backend/app/routers/keycloak.py @@ -26,6 +26,10 @@ router = APIRouter() security = HTTPBearer() +@router.get("/register") +async def register() -> RedirectResponse: + return RedirectResponse(settings.auth_register_url) + @router.get("/login") async def login() -> RedirectResponse: From c53c2f6dfb302ddfe22b2b3f0a1f5f730f0bd705 Mon Sep 17 00:00:00 2001 From: Chen Wang Date: Tue, 10 May 2022 10:22:21 -0500 Subject: [PATCH 2/7] add a redirect register component --- frontend/src/app.config.ts | 2 ++ frontend/src/components/auth/RedirectRegister.tsx | 14 ++++++++++++++ .../src/components/auth/{ => legacy}/Login.tsx | 6 +++--- .../src/components/auth/{ => legacy}/Logout.tsx | 2 +- .../src/components/auth/{ => legacy}/Register.tsx | 4 ++-- frontend/src/routes.tsx | 5 ++--- 6 files changed, 24 insertions(+), 9 deletions(-) create mode 100644 frontend/src/components/auth/RedirectRegister.tsx rename frontend/src/components/auth/{ => legacy}/Login.tsx (95%) rename frontend/src/components/auth/{ => legacy}/Logout.tsx (85%) rename frontend/src/components/auth/{ => legacy}/Register.tsx (97%) diff --git a/frontend/src/app.config.ts b/frontend/src/app.config.ts index 1bae42e94..bc956e6f8 100644 --- a/frontend/src/app.config.ts +++ b/frontend/src/app.config.ts @@ -7,6 +7,7 @@ interface Config{ KeycloakLogin: string; KeycloakLogout: string; KeycloakRefresh: string; + KeycloakRegister: string; } const config:Config = {}; @@ -26,5 +27,6 @@ config["GHIssueBaseURL"] = "https://github.com/clowder-framework/clowder2-fronte config["KeycloakLogin"] = "http://localhost:8000/api/v2/auth/login"; config["KeycloakLogout"] = "http://localhost:8000/api/v2/auth/logout"; config["KeycloakRefresh"] = "http://localhost:8000/api/v2/auth/refresh_token"; +config["KeycloakRegister"] = "http://localhost:8000/api/v2/auth/register"; export default config; diff --git a/frontend/src/components/auth/RedirectRegister.tsx b/frontend/src/components/auth/RedirectRegister.tsx new file mode 100644 index 000000000..43eeeb6d3 --- /dev/null +++ b/frontend/src/components/auth/RedirectRegister.tsx @@ -0,0 +1,14 @@ +import React, {useEffect} from "react"; +import {Link} from "react-router-dom"; +import config from "../../app.config"; + +export const RedirectRegister = (): JSX.Element => { + const url = config.KeycloakRegister; + useEffect(() => { + window.location.href = url; + }, []); + + return ( + + ) +} diff --git a/frontend/src/components/auth/Login.tsx b/frontend/src/components/auth/legacy/Login.tsx similarity index 95% rename from frontend/src/components/auth/Login.tsx rename to frontend/src/components/auth/legacy/Login.tsx index 9cc959f2a..e7d37f44b 100644 --- a/frontend/src/components/auth/Login.tsx +++ b/frontend/src/components/auth/legacy/Login.tsx @@ -2,10 +2,10 @@ import React, {useEffect, useState} from "react"; import {useNavigate} from "react-router-dom"; import {Avatar, Button, Paper, TextField, Typography, Link} from "@mui/material"; import LockOutlinedIcon from "@mui/icons-material/LockOutlined"; -import {isAuthorized} from "../../utils/common"; +import {isAuthorized} from "../../../utils/common"; import {useDispatch, useSelector} from "react-redux"; -import {login as loginAction} from "../../actions/user"; -import {RootState} from "../../types/data"; +import {login as loginAction} from "../../../actions/user"; +import {RootState} from "../../../types/data"; export const Login = (): JSX.Element => { // use history hook to redirect/navigate between routes diff --git a/frontend/src/components/auth/Logout.tsx b/frontend/src/components/auth/legacy/Logout.tsx similarity index 85% rename from frontend/src/components/auth/Logout.tsx rename to frontend/src/components/auth/legacy/Logout.tsx index ae6556302..5494abbee 100644 --- a/frontend/src/components/auth/Logout.tsx +++ b/frontend/src/components/auth/legacy/Logout.tsx @@ -1,6 +1,6 @@ import React, {useEffect} from "react"; import {useDispatch} from "react-redux"; -import {logout as logoutAction} from "../../actions/user"; +import {logout as logoutAction} from "../../../actions/user"; import {Navigate} from "react-router-dom"; export const Logout = (): JSX.Element => { diff --git a/frontend/src/components/auth/Register.tsx b/frontend/src/components/auth/legacy/Register.tsx similarity index 97% rename from frontend/src/components/auth/Register.tsx rename to frontend/src/components/auth/legacy/Register.tsx index b412bbe7c..163d74e63 100644 --- a/frontend/src/components/auth/Register.tsx +++ b/frontend/src/components/auth/legacy/Register.tsx @@ -10,8 +10,8 @@ import { } from "@mui/material"; import LockOutlinedIcon from "@mui/icons-material/LockOutlined"; import {useDispatch, useSelector} from "react-redux"; -import {register as registerAction} from "../../actions/user"; -import {RootState} from "../../types/data"; +import {register as registerAction} from "../../../actions/user"; +import {RootState} from "../../../types/data"; export const Register = (): JSX.Element => { diff --git a/frontend/src/routes.tsx b/frontend/src/routes.tsx index 219f48099..cf60cae5b 100644 --- a/frontend/src/routes.tsx +++ b/frontend/src/routes.tsx @@ -5,11 +5,10 @@ import {Dashboard} from "./components/Dashbard"; import {Dataset as DatasetComponent} from "./components/datasets/Dataset"; import {File as FileComponent} from "./components/files/File"; -import {Register as RegisterComponent} from "./components/auth/Register"; +import {RedirectRegister as RedirectRegisterComponent} from "./components/auth/RedirectRegister"; import {Auth as AuthComponent} from "./components/auth/Auth"; import {RedirectLogin as RedirectLoginComponent} from "./components/auth/RedirectLogin"; import {RedirectLogout as RedirectLogoutComponent} from "./components/auth/RedirectLogout"; -import {Refresh as RefreshComponent} from "./components/auth/Refresh"; import {isAuthorized} from "./utils/common"; @@ -28,7 +27,7 @@ const AppRoutes = ( } /> } /> } /> - } /> + } /> } /> } /> } /> From 113a4cee048104fa458e4798fbd7c35830bc9d33 Mon Sep 17 00:00:00 2001 From: Chen Wang Date: Tue, 10 May 2022 10:22:54 -0500 Subject: [PATCH 3/7] codegen --- frontend/src/openapi/v2/services/AuthService.ts | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/frontend/src/openapi/v2/services/AuthService.ts b/frontend/src/openapi/v2/services/AuthService.ts index e622d2cb9..93bfb5070 100644 --- a/frontend/src/openapi/v2/services/AuthService.ts +++ b/frontend/src/openapi/v2/services/AuthService.ts @@ -7,6 +7,18 @@ import { request as __request } from '../core/request'; export class AuthService { + /** + * Register + * @returns any Successful Response + * @throws ApiError + */ + public static registerApiV2AuthRegisterGet(): CancelablePromise { + return __request({ + method: 'GET', + path: `/api/v2/auth/register`, + }); + } + /** * Login * Redirect to keycloak login page. From 93f43eede382003636fab3eb722e43aad2e0fe2d Mon Sep 17 00:00:00 2001 From: Chen Wang Date: Tue, 10 May 2022 10:53:22 -0500 Subject: [PATCH 4/7] configure the topbar to show correct login/register/logout --- frontend/src/actions/user.js | 2 ++ .../src/components/auth/RedirectLogout.tsx | 21 +++++++++---- frontend/src/components/navigation/TopBar.tsx | 30 ++++++++++++++----- 3 files changed, 40 insertions(+), 13 deletions(-) diff --git a/frontend/src/actions/user.js b/frontend/src/actions/user.js index c77d42cad..f45955e92 100644 --- a/frontend/src/actions/user.js +++ b/frontend/src/actions/user.js @@ -9,6 +9,8 @@ export const userActions = { logout }; +// TODO need to clean up this file with all the mixed login/logout methods + export async function loginHelper(email, password, first_name=null, last_name=null, register = false) { const data = {"email": email, "password": password}; if (register) { diff --git a/frontend/src/components/auth/RedirectLogout.tsx b/frontend/src/components/auth/RedirectLogout.tsx index 9a3768849..54b8144d4 100644 --- a/frontend/src/components/auth/RedirectLogout.tsx +++ b/frontend/src/components/auth/RedirectLogout.tsx @@ -1,14 +1,25 @@ import React, {useEffect} from "react"; -import {logoutHelper} from "../../actions/user"; +import {logout} from "../../actions/user"; +import TopBar from "../navigation/TopBar"; +import {useDispatch} from "react-redux"; export const RedirectLogout = (): JSX.Element => { + + const dispatch = useDispatch(); + const logUserOut = () => dispatch(logout()); + useEffect(() => { - logoutHelper().then(res => { - console.log(res); - }); + logUserOut(); }, []); return ( -
Logged Out!
+
+ +
+

you have logged out.

+
+ +
+ ) } diff --git a/frontend/src/components/navigation/TopBar.tsx b/frontend/src/components/navigation/TopBar.tsx index 7831f11a4..42314bbdc 100644 --- a/frontend/src/components/navigation/TopBar.tsx +++ b/frontend/src/components/navigation/TopBar.tsx @@ -1,10 +1,12 @@ -import React from "react"; +import React, {useEffect} from "react"; import { AppBar, Link, Toolbar } from "@mui/material"; import Box from "@mui/material/Box"; +import {useSelector} from "react-redux"; +import {RootState} from "../../types/data"; const link = { textDecoration: "none", @@ -14,6 +16,9 @@ const link = { }; export default function TopBar() { + + const loggedOut = useSelector((state: RootState) => state.error.loggedOut); + return ( - clowder-logo-sm - Home - - Help - - Explore - Logout + + clowder-logo-sm + Home + + Help + Explore + + { + loggedOut ? + <> + Register + Login + + : + Logout + } From ff8b47e3107796597dc0651900fc90b90af46d70 Mon Sep 17 00:00:00 2001 From: Chen Wang Date: Tue, 10 May 2022 11:05:08 -0500 Subject: [PATCH 5/7] fix firstname and lastname --- backend/app/routers/keycloak.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/backend/app/routers/keycloak.py b/backend/app/routers/keycloak.py index 5a67af82e..ea3f817ca 100644 --- a/backend/app/routers/keycloak.py +++ b/backend/app/routers/keycloak.py @@ -124,7 +124,8 @@ async def auth( email = userinfo["email"] user = UserDB( email=email, - full_name=f"{given_name} {family_name}", + first_name=given_name, + last_name=family_name, hashed_password="", keycloak_id=keycloak_id, ) From 96342c93ad0bb9c9fbe0b8376242a4161221188d Mon Sep 17 00:00:00 2001 From: Chen Wang Date: Tue, 10 May 2022 11:34:08 -0500 Subject: [PATCH 6/7] update the realm setting --- backend/keycloak/realm-export.json | 952 +++++++++-------------------- 1 file changed, 274 insertions(+), 678 deletions(-) diff --git a/backend/keycloak/realm-export.json b/backend/keycloak/realm-export.json index d7a0dd1bb..c6d113284 100644 --- a/backend/keycloak/realm-export.json +++ b/backend/keycloak/realm-export.json @@ -1,7 +1,7 @@ { - "id": "a95a9b0c-dfc0-42fc-a89d-6fab3a37fcf3", + "id": "78d8c46c-b86d-453a-8e43-d066701337a1", "realm": "clowder", - "notBefore": 1647451804, + "notBefore": 0, "defaultSignatureAlgorithm": "RS256", "revokeRefreshToken": false, "refreshTokenMaxReuse": 0, @@ -33,7 +33,7 @@ "verifyEmail": false, "loginWithEmailAllowed": true, "duplicateEmailsAllowed": false, - "resetPasswordAllowed": true, + "resetPasswordAllowed": false, "editUsernameAllowed": false, "bruteForceProtected": false, "permanentLockout": false, @@ -44,12 +44,12 @@ "maxDeltaTimeSeconds": 43200, "failureFactor": 30, "defaultRole": { - "id": "255cadda-90be-4be8-aabe-8a1437e8db36", + "id": "61c87054-6095-4e92-aa02-f9e98cee4776", "name": "default-roles-clowder", "description": "${role_default-roles}", "composite": true, "clientRole": false, - "containerId": "a95a9b0c-dfc0-42fc-a89d-6fab3a37fcf3" + "containerId": "78d8c46c-b86d-453a-8e43-d066701337a1" }, "requiredCredentials": [ "password" @@ -96,375 +96,9 @@ ] } ], - "clientScopeMappings": { - "account": [ - { - "client": "account-console", - "roles": [ - "manage-account" - ] - } - ] - }, - "clients": [ - { - "id": "c0dbd9a3-d750-4ff1-aa42-ac778df83ef6", - "clientId": "account", - "name": "${client_account}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/clowder/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/realms/clowder/account/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "c6d18450-47f3-4d2a-87ef-97d0f3414efe", - "clientId": "account-console", - "name": "${client_account-console}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/clowder/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/realms/clowder/account/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "pkce.code.challenge.method": "S256" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "8268dd83-7d4a-4aa4-9b32-803a881c11a2", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "89a47015-9ef6-46e5-8059-874b675059ef", - "clientId": "admin-cli", - "name": "${client_admin-cli}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "d2185eda-0e48-47c1-bda5-150c199865c7", - "clientId": "broker", - "name": "${client_broker}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "9d3fa7e0-6aa2-45c1-865d-4eee673eb6bf", - "clientId": "clowder2-backend", - "rootUrl": "http://localhost:8000", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "http://localhost:8000/api/v2/auth" - ], - "webOrigins": [ - "http://localhost:8000" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.multivalued.roles": "false", - "saml.force.post.binding": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "oidc.ciba.grant.enabled": "false", - "backchannel.logout.session.required": "false", - "client_credentials.use_refresh_token": "false", - "saml.client.signature": "false", - "require.pushed.authorization.requests": "false", - "saml.assertion.signature": "false", - "id.token.as.detached.signature": "false", - "saml.encrypt": "false", - "saml.server.signature": "false", - "exclude.session.state.from.auth.response": "false", - "saml.artifact.binding": "false", - "saml_force_name_id_format": "false", - "tls.client.certificate.bound.access.tokens": "false", - "acr.loa.map": "{}", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "token.response.type.bearer.lower-case": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "0c9efac7-4df3-4116-a1e3-c421fb4bf9df", - "clientId": "realm-management", - "name": "${client_realm-management}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "cf8424c8-b84a-43d4-8e0f-93c3f394fe84", - "clientId": "security-admin-console", - "name": "${client_security-admin-console}", - "rootUrl": "${authAdminUrl}", - "baseUrl": "/admin/clowder/console/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/admin/clowder/console/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "pkce.code.challenge.method": "S256" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "c50de445-699e-4af6-958d-4dec02312a1c", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - } - ], "clientScopes": [ { - "id": "bae6d53b-dc40-4819-95c2-99cc8addff6c", - "name": "web-origins", - "description": "OpenID Connect scope for add allowed web origins to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "false", - "consent.screen.text": "" - }, - "protocolMappers": [ - { - "id": "e73aabcb-994e-4201-93fd-66bb9a75842a", - "name": "allowed web origins", - "protocol": "openid-connect", - "protocolMapper": "oidc-allowed-origins-mapper", - "consentRequired": false, - "config": {} - } - ] - }, - { - "id": "0a8f056e-36df-4aaf-8eee-289e13ec473c", + "id": "4a80608d-c868-4f42-ba36-5630799a4df4", "name": "phone", "description": "OpenID Connect built-in scope: phone", "protocol": "openid-connect", @@ -475,7 +109,7 @@ }, "protocolMappers": [ { - "id": "57a6b29f-e66a-4d32-93e6-d2c3b1fe4823", + "id": "8bcf238f-e3ed-48e3-b881-b05eebf85baf", "name": "phone number verified", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", @@ -490,7 +124,7 @@ } }, { - "id": "c0dc7048-d769-4d98-8fd8-a85e4bbfa62f", + "id": "50c40685-75d9-433b-a294-bdbf5a0a2374", "name": "phone number", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", @@ -507,56 +141,38 @@ ] }, { - "id": "aeeafc25-f5bc-4f8d-88c5-0b4150415d50", - "name": "roles", - "description": "OpenID Connect scope for add user roles to the access token", + "id": "86f0b8f6-9555-4100-a4f3-cf74a38b064d", + "name": "web-origins", + "description": "OpenID Connect scope for add allowed web origins to the access token", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "false", - "display.on.consent.screen": "true", - "consent.screen.text": "${rolesScopeConsentText}" + "display.on.consent.screen": "false", + "consent.screen.text": "" }, "protocolMappers": [ { - "id": "d808f1a4-7485-4abc-bc96-730ffaa3d541", - "name": "client roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-client-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "resource_access.${client_id}.roles", - "jsonType.label": "String", - "multivalued": "true" - } - }, - { - "id": "c97eee7b-93bb-46e3-b11e-e07bd9a88034", - "name": "audience resolve", + "id": "365d7402-608d-4ccd-9f2e-f520dba9292b", + "name": "allowed web origins", "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", + "protocolMapper": "oidc-allowed-origins-mapper", "consentRequired": false, "config": {} - }, - { - "id": "e3ad1110-ec92-4cec-bfe2-03fd49c25ccc", - "name": "realm roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "realm_access.roles", - "jsonType.label": "String", - "multivalued": "true" - } } ] }, { - "id": "a5673fb0-526e-41b4-a1d7-47b53e7fe4d6", + "id": "4e29230a-53f0-4eff-998b-b76209d90c43", + "name": "offline_access", + "description": "OpenID Connect built-in scope: offline_access", + "protocol": "openid-connect", + "attributes": { + "consent.screen.text": "${offlineAccessScopeConsentText}", + "display.on.consent.screen": "true" + } + }, + { + "id": "951a33ea-933d-498e-9d26-c502ed0dda73", "name": "profile", "description": "OpenID Connect built-in scope: profile", "protocol": "openid-connect", @@ -567,37 +183,37 @@ }, "protocolMappers": [ { - "id": "825256af-e9c1-4faf-91ba-b31cf812f625", - "name": "given name", + "id": "ad195d6c-00c4-4fcc-85b3-81d41958281c", + "name": "picture", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "firstName", + "user.attribute": "picture", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "given_name", + "claim.name": "picture", "jsonType.label": "String" } }, { - "id": "667fc7f5-4230-44fa-b8b5-29943e77a102", - "name": "locale", + "id": "4a0908c3-7c75-42a0-ae1f-ccd30a741934", + "name": "family name", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "locale", + "user.attribute": "lastName", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "locale", + "claim.name": "family_name", "jsonType.label": "String" } }, { - "id": "a3f2ce5f-88c0-4b6d-b908-8a4d933c9f48", + "id": "a52ca937-13aa-490a-a6a0-ba6e0878340f", "name": "website", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", @@ -612,82 +228,79 @@ } }, { - "id": "668b1177-85cf-4b3b-b893-d75a5c697495", - "name": "zoneinfo", + "id": "1e9e9547-3c52-4033-8fbc-eb963f3122ee", + "name": "given name", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "zoneinfo", + "user.attribute": "firstName", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "zoneinfo", + "claim.name": "given_name", "jsonType.label": "String" } }, { - "id": "cb7b6bbc-1506-4fab-ba0f-fd65cfda5789", - "name": "middle name", + "id": "21236dca-2a9d-4777-84e0-d65f2208ea8d", + "name": "updated at", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "middleName", + "user.attribute": "updatedAt", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "middle_name", + "claim.name": "updated_at", "jsonType.label": "String" } }, { - "id": "91896308-0855-4152-9a16-b4e63093b07c", - "name": "picture", + "id": "4a6e51cc-c23b-4705-beee-d017cd2ffc6f", + "name": "birthdate", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "picture", + "user.attribute": "birthdate", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "picture", + "claim.name": "birthdate", "jsonType.label": "String" } }, { - "id": "95e292af-9fa5-44ff-892e-a32a42183627", - "name": "family name", + "id": "7f26aacf-ff86-4422-9897-55d4973752ad", + "name": "nickname", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "lastName", + "user.attribute": "nickname", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "family_name", + "claim.name": "nickname", "jsonType.label": "String" } }, { - "id": "b58166e6-87c2-474b-9b04-ba0d813b45b3", - "name": "username", + "id": "6237166b-24de-4be0-ac07-43669c085b49", + "name": "full name", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", + "protocolMapper": "oidc-full-name-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" + "userinfo.token.claim": "true" } }, { - "id": "30c5a069-1d72-4bb8-85ce-11eac851ec61", + "id": "39062d27-8a67-4c01-8fd3-3a16de594c76", "name": "gender", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", @@ -702,134 +315,126 @@ } }, { - "id": "c8328579-ef1c-4737-83f4-cb129c8c7831", - "name": "updated at", + "id": "d95e56fb-7e2b-4c8e-a204-5d93b5ad3fc7", + "name": "locale", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "updatedAt", + "user.attribute": "locale", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "updated_at", + "claim.name": "locale", "jsonType.label": "String" } }, { - "id": "c54898da-56be-4c37-ba26-d07a9824c4f2", - "name": "profile", + "id": "f684a5be-8f77-44d8-bcfa-3059d548a506", + "name": "username", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "profile", + "user.attribute": "username", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "profile", + "claim.name": "preferred_username", "jsonType.label": "String" } }, { - "id": "72a8da7e-bad0-4e79-be75-dd48c8900499", - "name": "full name", + "id": "76c350b9-34aa-41a4-9960-6c05c7fe1a8a", + "name": "profile", "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { + "userinfo.token.claim": "true", + "user.attribute": "profile", "id.token.claim": "true", "access.token.claim": "true", - "userinfo.token.claim": "true" + "claim.name": "profile", + "jsonType.label": "String" } }, { - "id": "2e64287f-7bb2-48cd-94ab-dc86fa0c7c88", - "name": "nickname", + "id": "c1abda0c-3814-429a-b44b-10008bee3c54", + "name": "middle name", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "nickname", + "user.attribute": "middleName", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "nickname", + "claim.name": "middle_name", "jsonType.label": "String" } }, { - "id": "446734d4-3ad8-4c97-aaea-44e21319402e", - "name": "birthdate", + "id": "499269ef-245d-4644-a5ce-7c19b0a6b4a5", + "name": "zoneinfo", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "birthdate", + "user.attribute": "zoneinfo", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "birthdate", + "claim.name": "zoneinfo", "jsonType.label": "String" } } ] }, { - "id": "eb6c022f-2578-4828-87f1-e05927678120", - "name": "email", - "description": "OpenID Connect built-in scope: email", + "id": "408d1b20-7239-43ff-8abf-0c38fd736713", + "name": "microprofile-jwt", + "description": "Microprofile - JWT built-in scope", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${emailScopeConsentText}" + "display.on.consent.screen": "false" }, "protocolMappers": [ { - "id": "9d242859-9217-4c9a-9889-08d49634784d", - "name": "email verified", + "id": "73259aa7-7c41-4fc7-b265-ea05260ce34b", + "name": "groups", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", + "protocolMapper": "oidc-usermodel-realm-role-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", - "user.attribute": "emailVerified", + "multivalued": "true", + "user.attribute": "foo", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "email_verified", - "jsonType.label": "boolean" + "claim.name": "groups", + "jsonType.label": "String" } }, { - "id": "7cc66e50-4e9f-4940-b532-7bcadbdcb279", - "name": "email", + "id": "4762f5cc-2046-4493-9ef9-c0f382347a1a", + "name": "upn", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "email", + "user.attribute": "username", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "email", + "claim.name": "upn", "jsonType.label": "String" } } ] }, { - "id": "ad46489a-f89f-4f61-b393-3a340106ac25", - "name": "offline_access", - "description": "OpenID Connect built-in scope: offline_access", - "protocol": "openid-connect", - "attributes": { - "consent.screen.text": "${offlineAccessScopeConsentText}", - "display.on.consent.screen": "true" - } - }, - { - "id": "5b3ba25d-d6fe-4672-b7bd-f87a738eefea", + "id": "987bb7ea-14e4-42ce-81e6-153647e7b725", "name": "role_list", "description": "SAML role list", "protocol": "saml", @@ -839,7 +444,7 @@ }, "protocolMappers": [ { - "id": "b8374915-aed5-4224-b143-ff0fba5145bb", + "id": "e4f1d2dd-38ed-4a72-9d6a-82fafa9a78ae", "name": "role list", "protocol": "saml", "protocolMapper": "saml-role-list-mapper", @@ -853,77 +458,127 @@ ] }, { - "id": "42ddc8a7-f421-4f55-8b48-a4584ecb706c", - "name": "address", - "description": "OpenID Connect built-in scope: address", + "id": "bfca4979-76b9-444c-aea0-451dc5c3c206", + "name": "roles", + "description": "OpenID Connect scope for add user roles to the access token", "protocol": "openid-connect", "attributes": { - "include.in.token.scope": "true", + "include.in.token.scope": "false", "display.on.consent.screen": "true", - "consent.screen.text": "${addressScopeConsentText}" + "consent.screen.text": "${rolesScopeConsentText}" }, "protocolMappers": [ { - "id": "70b9810a-ac2d-4cb0-ba9d-a0af109ed2c6", - "name": "address", + "id": "4a8d312e-7867-4028-b878-0fd83a7aae93", + "name": "client roles", "protocol": "openid-connect", - "protocolMapper": "oidc-address-mapper", + "protocolMapper": "oidc-usermodel-client-role-mapper", "consentRequired": false, "config": { - "user.attribute.formatted": "formatted", - "user.attribute.country": "country", - "user.attribute.postal_code": "postal_code", - "userinfo.token.claim": "true", - "user.attribute.street": "street", - "id.token.claim": "true", - "user.attribute.region": "region", + "user.attribute": "foo", "access.token.claim": "true", - "user.attribute.locality": "locality" + "claim.name": "resource_access.${client_id}.roles", + "jsonType.label": "String", + "multivalued": "true" + } + }, + { + "id": "39b62b03-f639-49f8-8b7e-8f1650c4c6b4", + "name": "realm roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "user.attribute": "foo", + "access.token.claim": "true", + "claim.name": "realm_access.roles", + "jsonType.label": "String", + "multivalued": "true" } + }, + { + "id": "6b154110-2324-4e94-ae65-d17aa0874106", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": {} } ] }, { - "id": "9517fbc2-4bc7-44ad-bd3c-2134e6385b01", - "name": "microprofile-jwt", - "description": "Microprofile - JWT built-in scope", + "id": "2f7228d8-1065-4bc3-bdd1-ac9aac60a964", + "name": "email", + "description": "OpenID Connect built-in scope: email", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "true", - "display.on.consent.screen": "false" + "display.on.consent.screen": "true", + "consent.screen.text": "${emailScopeConsentText}" }, "protocolMappers": [ { - "id": "3553f990-ba52-4713-b8d3-299b83f2a7a2", - "name": "groups", + "id": "5cdb9ccc-2b95-46bd-aba5-6fa853ce4891", + "name": "email verified", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", + "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { - "multivalued": "true", - "user.attribute": "foo", + "userinfo.token.claim": "true", + "user.attribute": "emailVerified", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "groups", - "jsonType.label": "String" + "claim.name": "email_verified", + "jsonType.label": "boolean" } }, { - "id": "f054f73a-24c3-4ffa-af87-243ddffd0b5a", - "name": "upn", + "id": "d9ab0bbf-078f-46c3-8080-19b46a5cf083", + "name": "email", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "username", + "user.attribute": "email", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "upn", + "claim.name": "email", "jsonType.label": "String" } } ] + }, + { + "id": "d0b15326-58a8-42c1-8667-5a0b863d8b09", + "name": "address", + "description": "OpenID Connect built-in scope: address", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${addressScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "6ad4ceda-6c38-4746-af86-869bc62d1240", + "name": "address", + "protocol": "openid-connect", + "protocolMapper": "oidc-address-mapper", + "consentRequired": false, + "config": { + "user.attribute.formatted": "formatted", + "user.attribute.country": "country", + "user.attribute.postal_code": "postal_code", + "userinfo.token.claim": "true", + "user.attribute.street": "street", + "id.token.claim": "true", + "user.attribute.region": "region", + "access.token.claim": "true", + "user.attribute.locality": "locality" + } + } + ] } ], "defaultDefaultClientScopes": [ @@ -948,14 +603,7 @@ "xXSSProtection": "1; mode=block", "strictTransportSecurity": "max-age=31536000; includeSubDomains" }, - "smtpServer": { - "host": "maildev", - "from": "devnull@ncsa.illinois.edu", - "starttls": "", - "auth": "", - "ssl": "" - }, - "loginTheme": "keycloak", + "smtpServer": {}, "eventsEnabled": false, "eventsListeners": [ "jboss-logging" @@ -963,77 +611,58 @@ "enabledEventTypes": [], "adminEventsEnabled": false, "adminEventsDetailsEnabled": false, - "identityProviders": [ - { - "alias": "cilogon", - "displayName": "CILogon", - "internalId": "165a05f4-f6d7-44ae-a906-285cba64bae7", - "providerId": "oidc", - "enabled": true, - "updateProfileFirstLoginMode": "on", - "trustEmail": false, - "storeToken": true, - "addReadTokenRoleOnCreate": true, - "authenticateByDefault": false, - "linkOnly": false, - "firstBrokerLoginFlowAlias": "first broker login", - "config": { - "userInfoUrl": "https://cilogon.org/oauth2/userinfo", - "clientId": "cilogon:/client_id/165f54b200b7bc4bf77635fe56237902", - "tokenUrl": "https://cilogon.org/oauth2/token", - "authorizationUrl": "https://cilogon.org/authorize", - "clientAuthMethod": "client_secret_post", - "syncMode": "IMPORT", - "clientSecret": "**********", - "defaultScope": "openid profile org.cilogon.userinfo email", - "useJwksUrl": "true" - } - }, - { - "alias": "globus", - "displayName": "Globus", - "internalId": "1f4df120-221f-4ed9-ab4a-f40bfeedafbb", - "providerId": "oidc", - "enabled": true, - "updateProfileFirstLoginMode": "on", - "trustEmail": false, - "storeToken": true, - "addReadTokenRoleOnCreate": true, - "authenticateByDefault": false, - "linkOnly": false, - "firstBrokerLoginFlowAlias": "first broker login", - "config": { - "clientId": "fa3320ff-4730-4395-a4ec-fc7fe23ec8a7", - "tokenUrl": "https://auth.globus.org/v2/oauth2/token", - "authorizationUrl": "https://auth.globus.org/v2/oauth2/authorize", - "clientAuthMethod": "client_secret_post", - "syncMode": "IMPORT", - "clientSecret": "**********", - "defaultScope": "openid profile email", - "useJwksUrl": "true" - } - } - ], + "identityProviders": [], "identityProviderMappers": [], "components": { "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ { - "id": "e2dae728-1a1a-45af-9065-620384959e13", - "name": "Trusted Hosts", - "providerId": "trusted-hosts", + "id": "097b13b7-2056-4f31-a1bf-b90389a3f06f", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "oidc-sha256-pairwise-sub-mapper", + "saml-user-attribute-mapper", + "oidc-usermodel-property-mapper", + "saml-user-property-mapper", + "saml-role-list-mapper", + "oidc-address-mapper", + "oidc-full-name-mapper", + "oidc-usermodel-attribute-mapper" + ] + } + }, + { + "id": "1384bb51-d580-457e-9927-698b14f5c905", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", "subType": "anonymous", "subComponents": {}, "config": { - "host-sending-registration-request-must-match": [ - "true" - ], - "client-uris-must-match": [ - "true" + "allowed-protocol-mapper-types": [ + "oidc-sha256-pairwise-sub-mapper", + "oidc-address-mapper", + "oidc-full-name-mapper", + "saml-user-attribute-mapper", + "saml-user-property-mapper", + "oidc-usermodel-property-mapper", + "oidc-usermodel-attribute-mapper", + "saml-role-list-mapper" ] } }, { - "id": "2a2f8ffa-334e-4736-8ce7-9669f3c1b57b", + "id": "019df9d6-c98c-45c5-85af-254fa290fc3a", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "3b471206-6e35-4d13-b7f8-b14ed103c245", "name": "Max Clients Limit", "providerId": "max-clients", "subType": "anonymous", @@ -1045,38 +674,34 @@ } }, { - "id": "b61aee8f-89b9-429f-a00c-0e8ad8d397e8", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", + "id": "ee36b6c5-8cbc-42eb-a018-b4f13d03c1e6", + "name": "Trusted Hosts", + "providerId": "trusted-hosts", "subType": "anonymous", "subComponents": {}, "config": { - "allow-default-scopes": [ + "host-sending-registration-request-must-match": [ + "true" + ], + "client-uris-must-match": [ "true" ] } }, { - "id": "587e5d10-5f94-4b55-9eab-af3757126452", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", + "id": "f7072a40-db7e-4250-ae37-081c124579ef", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", "subType": "anonymous", "subComponents": {}, "config": { - "allowed-protocol-mapper-types": [ - "oidc-sha256-pairwise-sub-mapper", - "oidc-usermodel-property-mapper", - "oidc-address-mapper", - "saml-role-list-mapper", - "saml-user-attribute-mapper", - "saml-user-property-mapper", - "oidc-usermodel-attribute-mapper", - "oidc-full-name-mapper" + "allow-default-scopes": [ + "true" ] } }, { - "id": "42de5d51-e99f-48c5-a347-8a943b55b11d", + "id": "c01d03de-9076-46b8-88d9-404b31b9a628", "name": "Allowed Client Scopes", "providerId": "allowed-client-templates", "subType": "authenticated", @@ -1088,44 +713,28 @@ } }, { - "id": "ec10fb40-0867-403f-bf83-0dd804d9658c", + "id": "67a9b2cc-5702-4321-94c0-3c12937b8bea", "name": "Consent Required", "providerId": "consent-required", "subType": "anonymous", "subComponents": {}, "config": {} - }, + } + ], + "org.keycloak.keys.KeyProvider": [ { - "id": "65145f79-7a4b-4ee0-823b-e6c901ea050f", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "authenticated", + "id": "55f6cdd1-808c-4071-a133-d6ec01ed5e35", + "name": "rsa-generated", + "providerId": "rsa-generated", "subComponents": {}, "config": { - "allowed-protocol-mapper-types": [ - "saml-user-property-mapper", - "oidc-usermodel-attribute-mapper", - "oidc-sha256-pairwise-sub-mapper", - "oidc-full-name-mapper", - "saml-role-list-mapper", - "oidc-address-mapper", - "saml-user-attribute-mapper", - "oidc-usermodel-property-mapper" + "priority": [ + "100" ] } }, { - "id": "768e411f-2942-4de1-8072-7c1a18ad158a", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} - } - ], - "org.keycloak.keys.KeyProvider": [ - { - "id": "25f8382e-c4c6-4a98-b2ec-c1381a946e2c", + "id": "4f69e46e-470e-4f90-8692-3fbf2b2407d1", "name": "rsa-enc-generated", "providerId": "rsa-enc-generated", "subComponents": {}, @@ -1139,7 +748,7 @@ } }, { - "id": "5c263375-6225-41c5-8243-c13a4aa17fa4", + "id": "dbeb8bda-3c4f-4429-acd2-8e3d10e2c8a9", "name": "hmac-generated", "providerId": "hmac-generated", "subComponents": {}, @@ -1153,18 +762,7 @@ } }, { - "id": "5e332177-04bc-4d36-9ef6-93a2262a845b", - "name": "rsa-generated", - "providerId": "rsa-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ] - } - }, - { - "id": "32c7819c-b8fe-4187-8d4d-0620e17732c9", + "id": "921672bb-4b25-44cc-9b1c-791f904c206f", "name": "aes-generated", "providerId": "aes-generated", "subComponents": {}, @@ -1177,12 +775,10 @@ ] }, "internationalizationEnabled": false, - "supportedLocales": [ - "" - ], + "supportedLocales": [], "authenticationFlows": [ { - "id": "453bc861-4b56-42c5-b9fa-0528fd5718a6", + "id": "92242363-dfa2-4eff-bf6b-f48cc49833c4", "alias": "Account verification options", "description": "Method with which to verity the existing account", "providerId": "basic-flow", @@ -1208,7 +804,7 @@ ] }, { - "id": "e81123da-0b62-4bd4-ad54-18727aa5d8cd", + "id": "d545d0f4-13cb-4f11-9cb5-a5a547288e7a", "alias": "Authentication Options", "description": "Authentication options.", "providerId": "basic-flow", @@ -1242,7 +838,7 @@ ] }, { - "id": "9b6a1736-62ab-4cc4-a8bd-42cf47b6a79d", + "id": "8b369d55-1e33-4f98-a3bc-dcfd4a056752", "alias": "Browser - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -1268,7 +864,7 @@ ] }, { - "id": "096808e7-7022-4cbe-b7f4-aa942c1bcdc9", + "id": "ca6dbc59-4258-4779-95ba-365448b14dcb", "alias": "Direct Grant - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -1294,7 +890,7 @@ ] }, { - "id": "df83e163-cc18-45be-87b1-b57080cf8c78", + "id": "55182e6e-0e9f-43a6-92b1-707399393b37", "alias": "First broker login - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -1320,7 +916,7 @@ ] }, { - "id": "1d5bb784-a3d2-4caf-acd4-c274e0609396", + "id": "da178f77-2fd4-4901-9189-0e116adf6747", "alias": "Handle Existing Account", "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", "providerId": "basic-flow", @@ -1346,7 +942,7 @@ ] }, { - "id": "6bfd8f4f-020e-4643-ab35-a23e1150ac52", + "id": "aea31361-560a-4874-96b8-8125e2862814", "alias": "Reset - Conditional OTP", "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", "providerId": "basic-flow", @@ -1372,7 +968,7 @@ ] }, { - "id": "a64261a6-d9a7-4a2c-adb4-15335edc8b12", + "id": "e7501aa0-8be6-4454-8684-dd51e242c8ff", "alias": "User creation or linking", "description": "Flow for the existing/non-existing user alternatives", "providerId": "basic-flow", @@ -1399,7 +995,7 @@ ] }, { - "id": "356933ac-4fbc-45d9-9677-779f06a3e8f9", + "id": "527658dc-a4ea-468b-8bf4-b8680bd35a4b", "alias": "Verify Existing Account by Re-authentication", "description": "Reauthentication of existing account", "providerId": "basic-flow", @@ -1425,7 +1021,7 @@ ] }, { - "id": "903b59d8-9803-4cdb-86ea-71388bec970f", + "id": "5cc673a7-1e0f-4675-96d7-75c075fbfb0e", "alias": "browser", "description": "browser based authentication", "providerId": "basic-flow", @@ -1467,7 +1063,7 @@ ] }, { - "id": "a2374bb9-d56f-4525-a587-6dc02b78e32e", + "id": "bdc0486e-7d0d-450d-86bf-3c7e39969b22", "alias": "clients", "description": "Base authentication for clients", "providerId": "client-flow", @@ -1509,7 +1105,7 @@ ] }, { - "id": "350007f6-ebd6-4987-8a9b-fda510898542", + "id": "12b638e7-8e39-4cc5-ae44-e591d124dcba", "alias": "direct grant", "description": "OpenID Connect Resource Owner Grant", "providerId": "basic-flow", @@ -1543,7 +1139,7 @@ ] }, { - "id": "0b5f28b7-95aa-4f70-a301-0144d659c75b", + "id": "b4c10fd1-7a38-4d1b-b21f-9866da7a0197", "alias": "docker auth", "description": "Used by Docker clients to authenticate against the IDP", "providerId": "basic-flow", @@ -1561,7 +1157,7 @@ ] }, { - "id": "b7dcebef-b6dd-433a-8e91-ba410afbc4c7", + "id": "3b0d9dd8-c2f6-4fdf-a791-86369b783e9d", "alias": "first broker login", "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", "providerId": "basic-flow", @@ -1588,7 +1184,7 @@ ] }, { - "id": "74c30149-9cc8-4ca7-972f-a0d63dbe2dfa", + "id": "d0c1dbe0-c4d0-412c-bc3a-48ed735dfa28", "alias": "forms", "description": "Username, password, otp and other auth forms.", "providerId": "basic-flow", @@ -1614,7 +1210,7 @@ ] }, { - "id": "45430b29-ffc4-4ec0-9e5c-520e17eba47c", + "id": "87e1eebc-6353-4b58-b2e5-1b8ddc778b78", "alias": "http challenge", "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", "providerId": "basic-flow", @@ -1640,7 +1236,7 @@ ] }, { - "id": "0dc827ca-b147-4c88-9180-543d0a55ac77", + "id": "759d6a74-b17c-4061-b4ea-8e576130b29b", "alias": "registration", "description": "registration flow", "providerId": "basic-flow", @@ -1659,7 +1255,7 @@ ] }, { - "id": "813fe85a-a46e-4438-be49-a85557173900", + "id": "e654c163-786b-4972-8424-45a33082869e", "alias": "registration form", "description": "registration form", "providerId": "form-flow", @@ -1701,7 +1297,7 @@ ] }, { - "id": "41da0a7a-2250-49c5-8ca0-66db26e9bd82", + "id": "27b0118b-adef-45cc-a04e-ff5bf28f662f", "alias": "reset credentials", "description": "Reset credentials for a user if they forgot their password or something", "providerId": "basic-flow", @@ -1743,7 +1339,7 @@ ] }, { - "id": "15f22a01-f34a-4873-bda0-88375de3d456", + "id": "161918c4-aa04-4a01-906f-bc2ea70d1c95", "alias": "saml ecp", "description": "SAML ECP Profile Authentication Flow", "providerId": "basic-flow", @@ -1763,14 +1359,14 @@ ], "authenticatorConfig": [ { - "id": "94f6296a-d000-4a8f-8575-51731421624f", + "id": "67748a63-9c75-4d1f-9f79-81a970311819", "alias": "create unique user config", "config": { "require.password.update.after.registration": "false" } }, { - "id": "076881cf-9fe6-4196-8ccc-df2331efd5e7", + "id": "1e97c37a-a96c-4273-b436-75f4ae2a3837", "alias": "review profile config", "config": { "update.profile.on.first.login": "missing" @@ -1861,7 +1457,7 @@ "clientOfflineSessionIdleTimeout": "0", "cibaInterval": "5" }, - "keycloakVersion": "17.0.0", + "keycloakVersion": "17.0.1", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] From ab218ea90045ac8b920611db19dfab2c7a4ffd6b Mon Sep 17 00:00:00 2001 From: Chen Wang Date: Wed, 11 May 2022 11:06:54 -0500 Subject: [PATCH 7/7] add login again text --- frontend/src/components/auth/RedirectLogout.tsx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/frontend/src/components/auth/RedirectLogout.tsx b/frontend/src/components/auth/RedirectLogout.tsx index 54b8144d4..6440e7b19 100644 --- a/frontend/src/components/auth/RedirectLogout.tsx +++ b/frontend/src/components/auth/RedirectLogout.tsx @@ -16,7 +16,7 @@ export const RedirectLogout = (): JSX.Element => {
-

you have logged out.

+

You have logged out. Log in again.