MasterMito/work-club-manager
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases 1 Wiki Activity
Files
ad6a23621dc7fb6e25122881cb9b22ab82c57268
work-club-manager/infra/keycloak/realm-export.json
WorkClub Automation 1246086ab5 fix(infra): add privileges and fix Keycloak configuration for auth 
Update realm-export.json with fixed UUID endianness, correct passwords,
mappers, and SSL configuration. Add ALTER DEFAULT PRIVILEGES for app_admin
in PostgreSQL init.sh to ensure proper role permissions.

Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
2026-03-05 19:22:37 +01:00

325 lines
9.0 KiB
JSON
Raw Blame History

{
"realm": "workclub",
"enabled": true,
"displayName": "WorkClub Development Realm",
"displayNameHtml": "<div class=\"kc-logo-text\"><span>WorkClub</span></div>",
"accessTokenLifespan": 3600,
"accessTokenLifespanForImplicitFlow": 900,
"ssoSessionIdleTimeout": 1800,
"ssoSessionMaxLifespan": 36000,
"offlineSessionIdleTimeout": 2592000,
"accessCodeLifespan": 60,
"accessCodeLifespanUserAction": 300,
"sslRequired": "none",
"registrationAllowed": false,
"loginWithEmailAllowed": true,
"duplicateEmailsAllowed": false,
"resetPasswordAllowed": true,
"editUsernameAllowed": false,
"bruteForceProtected": true,
"permanentLockout": false,
"maxFailureWaitSeconds": 900,
"failureFactor": 10,
"defaultSignatureAlgorithm": "RS256",
"revokeRefreshToken": false,
"refreshTokenMaxReuse": 0,
"clients": [
{
"clientId": "workclub-api",
"name": "WorkClub Backend API",
"description": "Confidential client for backend service-to-service authentication",
"enabled": true,
"clientAuthenticatorType": "client-secret",
"secret": "dev-secret-workclub-api-change-in-production",
"publicClient": false,
"standardFlowEnabled": false,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": false,
"serviceAccountsEnabled": true,
"authorizationServicesEnabled": false,
"protocol": "openid-connect",
"attributes": {
"access.token.lifespan": "3600"
},
"protocolMappers": [
{
"name": "club-membership",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"user.attribute": "clubs",
"claim.name": "clubs",
"jsonType.label": "String",
"id.token.claim": "true",
"access.token.claim": "true",
"userinfo.token.claim": "true",
"multivalued": "false",
"aggregate.attrs": "false"
}
}
],
"defaultClientScopes": [
"web-origins",
"acr",
"profile",
"roles",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
]
},
{
"clientId": "workclub-app",
"name": "WorkClub Frontend",
"description": "Public client for frontend SPA with PKCE",
"enabled": true,
"publicClient": true,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": false,
"authorizationServicesEnabled": false,
"protocol": "openid-connect",
"redirectUris": [
"http://localhost:3000/*"
],
"webOrigins": [
"http://localhost:3000"
],
"attributes": {
"pkce.code.challenge.method": "S256",
"post.logout.redirect.uris": "http://localhost:3000/*",
"access.token.lifespan": "3600"
},
"protocolMappers": [
{
"name": "club-membership",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"user.attribute": "clubs",
"claim.name": "clubs",
"jsonType.label": "String",
"id.token.claim": "true",
"access.token.claim": "true",
"userinfo.token.claim": "true",
"multivalued": "false",
"aggregate.attrs": "false"
}
},
{
"name": "workclub-api-audience",
"protocol": "openid-connect",
"protocolMapper": "oidc-hardcoded-claim-mapper",
"consentRequired": false,
"config": {
"claim.name": "aud",
"claim.value": "workclub-api",
"jsonType.label": "String",
"access.token.claim": "true",
"id.token.claim": "false",
"userinfo.token.claim": "false"
}
},
{
"name": "sub-claim",
"protocol": "openid-connect",
"protocolMapper": "oidc-sub-mapper",
"consentRequired": false,
"config": {
"access.token.claim": "true",
"introspection.token.claim": "true"
}
}
],
"defaultClientScopes": [
"web-origins",
"acr",
"profile",
"roles",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
]
}
],
"users": [
{
"username": "admin@test.com",
"email": "admin@test.com",
"emailVerified": true,
"enabled": true,
"firstName": "Admin",
"lastName": "User",
"attributes": {
"clubs": ["64e05b5e-ef45-81d7-f2e8-3d14bd197383,3b4afcfa-1352-8fc7-b497-8ab52a0d5fda"]
},
"credentials": [
{
"type": "password",
"value": "testpass123",
"temporary": false
}
],
"requiredActions": []
},
{
"username": "manager@test.com",
"email": "manager@test.com",
"emailVerified": true,
"enabled": true,
"firstName": "Manager",
"lastName": "User",
"attributes": {
"clubs": ["64e05b5e-ef45-81d7-f2e8-3d14bd197383"]
},
"credentials": [
{
"type": "password",
"value": "testpass123",
"temporary": false
}
],
"requiredActions": []
},
{
"username": "member1@test.com",
"email": "member1@test.com",
"emailVerified": true,
"enabled": true,
"firstName": "Member",
"lastName": "One",
"attributes": {
"clubs": ["64e05b5e-ef45-81d7-f2e8-3d14bd197383,3b4afcfa-1352-8fc7-b497-8ab52a0d5fda"]
},
"credentials": [
{
"type": "password",
"value": "testpass123",
"temporary": false
}
],
"requiredActions": []
},
{
"username": "member2@test.com",
"email": "member2@test.com",
"emailVerified": true,
"enabled": true,
"firstName": "Member",
"lastName": "Two",
"attributes": {
"clubs": ["64e05b5e-ef45-81d7-f2e8-3d14bd197383"]
},
"credentials": [
{
"type": "password",
"value": "testpass123",
"temporary": false
}
],
"requiredActions": []
},
{
"username": "viewer@test.com",
"email": "viewer@test.com",
"emailVerified": true,
"enabled": true,
"firstName": "Viewer",
"lastName": "User",
"attributes": {
"clubs": ["64e05b5e-ef45-81d7-f2e8-3d14bd197383"]
},
"credentials": [
{
"type": "password",
"value": "testpass123",
"temporary": false
}
],
"requiredActions": []
}
],
"roles": {
"realm": [],
"client": {}
},
"groups": [],
"defaultRole": {
"name": "default-roles-workclub",
"description": "${role_default-roles}",
"composite": true,
"clientRole": false,
"containerId": "workclub"
},
"requiredCredentials": [
"password"
],
"otpPolicyType": "totp",
"otpPolicyAlgorithm": "HmacSHA1",
"otpPolicyInitialCounter": 0,
"otpPolicyDigits": 6,
"otpPolicyLookAheadWindow": 1,
"otpPolicyPeriod": 30,
"otpSupportedApplications": [
"totpAppGoogleName",
"totpAppMicrosoftAuthenticatorName"
],
"webAuthnPolicyRpEntityName": "keycloak",
"webAuthnPolicySignatureAlgorithms": [
"ES256"
],
"webAuthnPolicyRpId": "",
"webAuthnPolicyAttestationConveyancePreference": "not specified",
"webAuthnPolicyAuthenticatorAttachment": "not specified",
"webAuthnPolicyRequireResidentKey": "not specified",
"webAuthnPolicyUserVerificationRequirement": "not specified",
"webAuthnPolicyCreateTimeout": 0,
"webAuthnPolicyAvoidSameAuthenticatorRegister": false,
"webAuthnPolicyAcceptableAaguids": [],
"browserSecurityHeaders": {
"contentSecurityPolicyReportOnly": "",
"xContentTypeOptions": "nosniff",
"referrerPolicy": "no-referrer",
"xRobotsTag": "none",
"xFrameOptions": "SAMEORIGIN",
"contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
"xXSSProtection": "1; mode=block",
"strictTransportSecurity": "max-age=31536000; includeSubDomains"
},
"smtpServer": {},
"eventsEnabled": false,
"eventsListeners": [
"jboss-logging"
],
"enabledEventTypes": [],
"adminEventsEnabled": false,
"adminEventsDetailsEnabled": false,
"identityProviders": [],
"identityProviderMappers": [],
"components": {},
"internationalizationEnabled": false,
"supportedLocales": [],
"authenticationFlows": [],
"authenticatorConfig": [],
"requiredActions": [],
"browserFlow": "browser",
"registrationFlow": "registration",
"directGrantFlow": "direct grant",
"resetCredentialsFlow": "reset credentials",
"clientAuthenticationFlow": "clients",
"dockerAuthenticationFlow": "docker auth",
"attributes": {},
"keycloakVersion": "26.0.0"
}
Reference in New Issue View Git Blame Copy Permalink