Skip to content

Instantly share code, notes, and snippets.

@f41gh7

f41gh7/gk.yaml

Last active February 24, 2021 19:26
Show Gist options
  • Save f41gh7/cbc1621aa898cfe2003dda5cdaae513c to your computer and use it in GitHub Desktop.
Save f41gh7/cbc1621aa898cfe2003dda5cdaae513c to your computer and use it in GitHub Desktop.
Download ZIP
demo
Raw
gk.yaml
apiVersion: v1
kind: Service
metadata:
name: vm-demo-grafana
labels:
k8s-app: grafana
app.kubernetes.io/name: vm-demo
app.kubernetes.io/component: grafana
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: 3000
selector:
k8s-app: grafana
---
apiVersion: v1
kind: Service
metadata:
name: vm-demo-grafana-np
labels:
k8s-app: grafana
app.kubernetes.io/name: vm-demo
app.kubernetes.io/component: grafana
spec:
type: NodePort
ports:
- name: http
port: 80
protocol: TCP
targetPort: 3000
nodePort: 30300
selector:
k8s-app: grafana
---
apiVersion: v1
kind: Secret
metadata:
name: vm-demo-grafana
labels:
app.kubernetes.io/name: vm-demo
app.kubernetes.io/component: grafana
type: Opaque
stringData:
# username: admin
admin-user: admin
admin-password: "some-init-password"
---
apiVersion: v1
kind: ConfigMap
metadata:
name: vm-demo-grafana-ini
labels:
app.kubernetes.io/name: vm-demo
app.kubernetes.io/component: grafana
data:
grafana.ini: |
[analytics]
check_for_updates = false
[grafana_net]
url = https://grafana.net
[log]
mode = console
[paths]
data = /var/lib/grafana/data
logs = /var/log/grafana
plugins = /var/lib/grafana/plugins
[auth.generic_oauth]
enabled = true
allow_sign_up = true
team_ids =
allowed_organizations =
name = Auth0
client_id = grafana
client_secret = 65f6213b-0815-4a21-81f7-4b9759c83c23
scopes = openid profile
tls_skip_verify_insecure = true
auth_url = https://demo.victoriametrics.com/auth/realms/vm-demo/protocol/openid-connect/auth
token_url = https://demo.victoriametrics.com/auth/realms/vm-demo/protocol/openid-connect/token
api_url = https://demo.victoriametrics.com/auth/realms/vm-demo/protocol/openid-connect/userinfo
[server]
domain = demo.victoriametrics.com
root_url = https://%(domain)s/grafana/
serve_from_sub_path = true
---
apiVersion: v1
kind: ConfigMap
metadata:
name: vm-demo-grafana-datasources
labels:
app.kubernetes.io/name: vm-demo
data:
datasources.yaml: |
apiVersion: 1
datasources:
- access: proxy
isDefault: true
name: victoria-metrics-os
type: prometheus
url: http://vmdb-os-demo:8428
version: 1
- access: proxy
isDefault: false
name: victoria-metrics-enterprise
type: prometheus
url: http://vm-demo-vmgateway:8431
version: 1
jsonData:
oauthPassThru: true
---
apiVersion: v1
kind: ConfigMap
metadata:
name: vm-demo-grafana-dashboardproviders
labels:
app.kubernetes.io/name: vm-demo
data:
dashboardproviders.yaml: |
apiVersion: 1
providers:
- disableDeletion: false
editable: true
folder: ""
name: default
options:
path: /var/lib/grafana/dashboards
orgId: 1
type: file
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: vm-demo-grafana
labels: &Labels
k8s-app: grafana
app.kubernetes.io/name: vm-demo
app.kubernetes.io/component: grafana
spec:
serviceName: vm-demo-grafana
replicas: 1
selector:
matchLabels: *Labels
template:
metadata:
labels: *Labels
spec:
securityContext:
runAsUser: 1000
fsGroup: 1000
runAsGroup: 1000
containers:
- name: grafana
image: grafana/grafana
imagePullPolicy: Always
volumeMounts:
- name: config
mountPath: "/etc/grafana/"
# - name: dashboards
# mountPath: "/var/lib/grafana/dashboards"
- name: datasources
mountPath: "/etc/grafana/provisioning/datasources/"
# - name: dashboardproviders
# mountPath: "/etc/grafana/provisioning/dashboards/"
- name: vm-demo-grafana-data
mountPath: "/var/lib/grafana"
ports:
- name: service
containerPort: 80
protocol: TCP
- name: grafana
containerPort: 3000
protocol: TCP
env:
- name: GF_SECURITY_ADMIN_USER
valueFrom:
secretKeyRef:
name: vm-demo-grafana
key: admin-user
- name: GF_SECURITY_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: vm-demo-grafana
key: admin-password
livenessProbe:
httpGet:
path: /api/health
port: 3000
readinessProbe:
httpGet:
path: /api/health
port: 3000
initialDelaySeconds: 60
timeoutSeconds: 9
failureThreshold: 10
periodSeconds: 10
resources:
limits:
cpu: 250m
memory: 200Mi
requests:
cpu: 50m
memory: 100Mi
volumes:
- name: config
configMap:
name: vm-demo-grafana-ini
- name: datasources
configMap:
name: vm-demo-grafana-datasources
# - name: dashboardproviders
# configMap:
# name: vm-demo-grafana-dashboardproviders
# - name: dashboards
# configMap:
# name: vm-demo-dashboards
volumeClaimTemplates:
- metadata:
name: vm-demo-grafana-data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: "2Gi"
---
apiVersion: v1
kind: Service
metadata:
name: vm-demo-keycloak
labels:
k8s-app: keycloack
app.kubernetes.io/name: vm-demo
app.kubernetes.io/component: vm-demo-keycloak
spec:
ports:
- name: http
port: 8080
targetPort: 8080
nodePort: 30800
selector:
app.kubernetes.io/component: vm-demo-keycloak
type: NodePort
---
# export command
#
# /opt/jboss/keycloak/bin/standalone.sh -Dkeycloak.migration.action=export -Dkeycloak.migration.provider=singleFile -Dkeycloak.migration.file=/tmp/demo.json -Dkeycloak.migration.usersExportStrategy=REALM_FILE -Dkeycloak.migration.realmName=vm-demo -Djboss.http.port=8888 -Djboss.https.port=9999 -Djboss.management.http.port=7777 -Djboss.management.https.port=7776
apiVersion: apps/v1
kind: Deployment
metadata:
name: vm-demo-keycloak
labels:
k8s-app: keycloack
app.kubernetes.io/name: vm-demo
app.kubernetes.io/component: vm-demo-keycloak
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/component: vm-demo-keycloak
template:
metadata:
labels:
k8s-app: keycloack
app.kubernetes.io/name: vm-demo
app.kubernetes.io/component: vm-demo-keycloak
spec:
volumes:
- name: default-realm
configMap:
# kubectl create configmap --from-file demo.json keycloack-import
name: keycloack-import
containers:
- name: keycloak
image: jboss/keycloak:12.0.1
#image: quay.io/keycloak/keycloak:12.0.3
env:
- name: KEYCLOAK_USER
value: "admin"
- name: KEYCLOAK_PASSWORD
value: "some-init-password"
- name: PROXY_ADDRESS_FORWARDING
value: "true"
- name: KEYCLOAK_IMPORT
value: "/tmp/default-realm/demo.json -Dkeycloak.profile.feature.upload_scripts=enabled"
volumeMounts:
- mountPath: /tmp/default-realm
name: default-realm
ports:
- name: http
containerPort: 8080
- name: https
containerPort: 8443
readinessProbe:
httpGet:
path: /auth/realms/master
port: 8080
Raw
gw.yaml
apiVersion: v1
kind: Service
metadata:
name: vm-demo-vmgateway-np
labels:
k8s-app: vmgateway
app.kubernetes.io/name: vm-demo
app.kubernetes.io/component: vm-demo-vmgateway
spec:
type: NodePort
ports:
- port: 8431
targetPort: 8431
nodePort: 30431
protocol: TCP
selector:
k8s-app: vmgateway
---
apiVersion: v1
kind: Service
metadata:
name: vm-demo-vmgateway
labels:
k8s-app: vmgateway
app.kubernetes.io/name: vm-demo
app.kubernetes.io/component: vm-demo-vmgateway
spec:
type: ClusterIP
ports:
- port: 8431
targetPort: 8431
protocol: TCP
selector:
k8s-app: vmgateway
---
# deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: vm-demo-vmgateway
labels:
k8s-app: vmgateway
app.kubernetes.io/name: vm-demo
app.kubernetes.io/component: vm-demo-vmgateway
spec:
replicas: 2
selector:
matchLabels:
app.kubernetes.io/component: vm-demo-vmgateway
template:
metadata:
labels:
k8s-app: vmgateway
app.kubernetes.io/name: vm-demo
app.kubernetes.io/component: vm-demo-vmgateway
spec:
containers:
- name: vmgateway
image: victoriametrics/vmgateway:enterprise-vmgateway-v1.54.1
args:
- -vminsert.url=http://vmdb-os-demo:8428
- -vmselect.url=http://vmdb-os-demo:8428
- -enable.auth
ports:
- name: http
containerPort: 8431
readinessProbe:
httpGet:
path: /health
port: 8431
---
#
---
Raw
prometheus.yaml
apiVersion: v1
kind: Service
metadata:
name: vm-demo-prometheus-np
labels:
k8s-app: prometheus
app.kubernetes.io/name: vm-demo
app.kubernetes.io/component: vm-demo-prometheus
spec:
type: NodePort
ports:
- port: 9090
targetPort: 9090
nodePort: 30900
protocol: TCP
selector:
k8s-app: prometheus
---
apiVersion: v1
kind: Service
metadata:
name: vm-demo-prometheus
labels:
k8s-app: prometheus
app.kubernetes.io/name: vm-demo
app.kubernetes.io/component: vm-demo-prometheus
spec:
type: ClusterIP
ports:
- port: 9090
targetPort: 9090
protocol: TCP
selector:
k8s-app: prometheus
---
apiVersion: v1
kind: ConfigMap
metadata:
name: prom-config
labels:
k8s-app: prometheus
app.kubernetes.io/name: vm-demo
app.kubernetes.io/component: vm-demo-prometheus
data:
config.yaml: |
global:
scrape_interval: 5s
scrape_configs:
- job_name: node_exporter
static_configs:
- targets: [ '10.128.0.60:9100' ]
labels:
organization_id: org1
- targets: [ '10.128.15.194:9100' ]
labels:
organization_id: org2
- targets: [ '10.128.15.195:9100' ]
labels:
organization_id: org3
remote_write:
- url: http://vmdb-os-demo:8428/api/v1/write
---
# deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: vm-demo-prometheus
labels:
k8s-app: prometheus
app.kubernetes.io/name: vm-demo
app.kubernetes.io/component: vm-demo-prometheus
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/component: vm-demo-prometheus
template:
metadata:
labels:
k8s-app: prometheus
app.kubernetes.io/name: vm-demo
app.kubernetes.io/component: vm-demo-prometheus
spec:
containers:
- name: prometheus
image: prom/prometheus:v2.25.0
args:
- --config.file=/opt/prom_cm/config.yaml
ports:
- name: http
containerPort: 9090
volumeMounts:
- mountPath: /opt/prom_cm
name: prom-cfg
volumes:
- name: prom-cfg
configMap:
name: prom-config
---
Raw
realm.json
{
"id" : "vm-demo",
"realm" : "vm-demo",
"displayName" : "vm-demo",
"notBefore" : 0,
"revokeRefreshToken" : false,
"refreshTokenMaxReuse" : 0,
"accessTokenLifespan" : 300,
"accessTokenLifespanForImplicitFlow" : 900,
"ssoSessionIdleTimeout" : 1800,
"ssoSessionMaxLifespan" : 36000,
"ssoSessionIdleTimeoutRememberMe" : 0,
"ssoSessionMaxLifespanRememberMe" : 0,
"offlineSessionIdleTimeout" : 2592000,
"offlineSessionMaxLifespanEnabled" : false,
"offlineSessionMaxLifespan" : 5184000,
"clientSessionIdleTimeout" : 0,
"clientSessionMaxLifespan" : 0,
"clientOfflineSessionIdleTimeout" : 0,
"clientOfflineSessionMaxLifespan" : 0,
"accessCodeLifespan" : 60,
"accessCodeLifespanUserAction" : 300,
"accessCodeLifespanLogin" : 1800,
"actionTokenGeneratedByAdminLifespan" : 43200,
"actionTokenGeneratedByUserLifespan" : 300,
"enabled" : true,
"sslRequired" : "external",
"registrationAllowed" : false,
"registrationEmailAsUsername" : false,
"rememberMe" : false,
"verifyEmail" : false,
"loginWithEmailAllowed" : true,
"duplicateEmailsAllowed" : false,
"resetPasswordAllowed" : false,
"editUsernameAllowed" : false,
"bruteForceProtected" : false,
"permanentLockout" : false,
"maxFailureWaitSeconds" : 900,
"minimumQuickLoginWaitSeconds" : 60,
"waitIncrementSeconds" : 60,
"quickLoginCheckMilliSeconds" : 1000,
"maxDeltaTimeSeconds" : 43200,
"failureFactor" : 30,
"roles" : {
"realm" : [ {
"id" : "76328566-1b65-492c-aa6b-3e1831ae8c24",
"name" : "offline_access",
"description" : "${role_offline-access}",
"composite" : false,
"clientRole" : false,
"containerId" : "vm-demo",
"attributes" : { }
}, {
"id" : "c519ce9c-20a2-42ca-b326-aed039c33e68",
"name" : "uma_authorization",
"description" : "${role_uma_authorization}",
"composite" : false,
"clientRole" : false,
"containerId" : "vm-demo",
"attributes" : { }
} ],
"client" : {
"realm-management" : [ {
"id" : "b79c501b-38fe-4073-9132-2fa314093193",
"name" : "impersonation",
"description" : "${role_impersonation}",
"composite" : false,
"clientRole" : true,
"containerId" : "fcfdede8-ad90-44c7-836b-88be1d69e5eb",
"attributes" : { }
}, {
"id" : "aa1ce752-b351-4f84-8389-9847956a6772",
"name" : "query-users",
"description" : "${role_query-users}",
"composite" : false,
"clientRole" : true,
"containerId" : "fcfdede8-ad90-44c7-836b-88be1d69e5eb",
"attributes" : { }
}, {
"id" : "53742c54-9759-4784-8663-2f58b13bc58c",
"name" : "query-clients",
"description" : "${role_query-clients}",
"composite" : false,
"clientRole" : true,
"containerId" : "fcfdede8-ad90-44c7-836b-88be1d69e5eb",
"attributes" : { }
}, {
"id" : "dac04052-2279-4b93-be08-327d1ef84eb0",
"name" : "query-groups",
"description" : "${role_query-groups}",
"composite" : false,
"clientRole" : true,
"containerId" : "fcfdede8-ad90-44c7-836b-88be1d69e5eb",
"attributes" : { }
}, {
"id" : "7a245bee-87a1-48d1-aa62-246047553f45",
"name" : "view-authorization",
"description" : "${role_view-authorization}",
"composite" : false,
"clientRole" : true,
"containerId" : "fcfdede8-ad90-44c7-836b-88be1d69e5eb",
"attributes" : { }
}, {
"id" : "60daf59d-74c2-48ef-b400-5e3fba3f9f49",
"name" : "view-identity-providers",
"description" : "${role_view-identity-providers}",
"composite" : false,
"clientRole" : true,
"containerId" : "fcfdede8-ad90-44c7-836b-88be1d69e5eb",
"attributes" : { }
}, {
"id" : "95d0bb9c-cacc-4fb0-ae00-8bc93f24a0be",
"name" : "view-realm",
"description" : "${role_view-realm}",
"composite" : false,
"clientRole" : true,
"containerId" : "fcfdede8-ad90-44c7-836b-88be1d69e5eb",
"attributes" : { }
}, {
"id" : "7661e7d6-ac09-4679-a09b-2d2a74c5679a",
"name" : "view-clients",
"description" : "${role_view-clients}",
"composite" : true,
"composites" : {
"client" : {
"realm-management" : [ "query-clients" ]
}
},
"clientRole" : true,
"containerId" : "fcfdede8-ad90-44c7-836b-88be1d69e5eb",
"attributes" : { }
}, {
"id" : "4beabdc8-9c2a-4067-b710-ba1e1014996d",
"name" : "manage-realm",
"description" : "${role_manage-realm}",
"composite" : false,
"clientRole" : true,
"containerId" : "fcfdede8-ad90-44c7-836b-88be1d69e5eb",
"attributes" : { }
}, {
"id" : "e3728e11-64bb-4e56-90da-ea097834f38b",
"name" : "manage-users",
"description" : "${role_manage-users}",
"composite" : false,
"clientRole" : true,
"containerId" : "fcfdede8-ad90-44c7-836b-88be1d69e5eb",
"attributes" : { }
}, {
"id" : "842b383b-a504-44fe-950d-aedc661f9b24",
"name" : "query-realms",
"description" : "${role_query-realms}",
"composite" : false,
"clientRole" : true,
"containerId" : "fcfdede8-ad90-44c7-836b-88be1d69e5eb",
"attributes" : { }
}, {
"id" : "8778f819-3333-469b-a261-d4c62e08581a",
"name" : "realm-admin",
"description" : "${role_realm-admin}",
"composite" : true,
"composites" : {
"client" : {
"realm-management" : [ "query-users", "impersonation", "query-clients", "query-groups", "view-authorization", "view-identity-providers", "view-realm", "view-clients", "manage-realm", "manage-users", "query-realms", "create-client", "manage-identity-providers", "manage-clients", "view-events", "manage-authorization", "manage-events", "view-users" ]
}
},
"clientRole" : true,
"containerId" : "fcfdede8-ad90-44c7-836b-88be1d69e5eb",
"attributes" : { }
}, {
"id" : "7e513d18-8a50-4399-8bd4-9694f13ba288",
"name" : "create-client",
"description" : "${role_create-client}",
"composite" : false,
"clientRole" : true,
"containerId" : "fcfdede8-ad90-44c7-836b-88be1d69e5eb",
"attributes" : { }
}, {
"id" : "a51ca073-50fe-4473-bf14-603ab4dca53c",
"name" : "manage-identity-providers",
"description" : "${role_manage-identity-providers}",
"composite" : false,
"clientRole" : true,
"containerId" : "fcfdede8-ad90-44c7-836b-88be1d69e5eb",
"attributes" : { }
}, {
"id" : "56a31d44-62f3-4f15-962b-8cdfcc37c250",
"name" : "manage-clients",
"description" : "${role_manage-clients}",
"composite" : false,
"clientRole" : true,
"containerId" : "fcfdede8-ad90-44c7-836b-88be1d69e5eb",
"attributes" : { }
}, {
"id" : "c97292de-bac2-40fa-9b7f-23a4f9d1a7e5",
"name" : "view-events",
"description" : "${role_view-events}",
"composite" : false,
"clientRole" : true,
"containerId" : "fcfdede8-ad90-44c7-836b-88be1d69e5eb",
"attributes" : { }
}, {
"id" : "5c704957-a8e7-49d7-9bd7-16c50a567520",
"name" : "manage-authorization",
"description" : "${role_manage-authorization}",
"composite" : false,
"clientRole" : true,
"containerId" : "fcfdede8-ad90-44c7-836b-88be1d69e5eb",
"attributes" : { }
}, {
"id" : "7a9504fe-f61e-479b-910c-3d6911f181cd",
"name" : "manage-events",
"description" : "${role_manage-events}",
"composite" : false,
"clientRole" : true,
"containerId" : "fcfdede8-ad90-44c7-836b-88be1d69e5eb",
"attributes" : { }
}, {
"id" : "9c450e7a-e46a-4ca3-b6fa-a02a73c81c13",
"name" : "view-users",
"description" : "${role_view-users}",
"composite" : true,
"composites" : {
"client" : {
"realm-management" : [ "query-users", "query-groups" ]
}
},
"clientRole" : true,
"containerId" : "fcfdede8-ad90-44c7-836b-88be1d69e5eb",
"attributes" : { }
} ],
"grafana" : [ {
"id" : "0617cbe8-570b-4506-8284-42cc066ba690",
"name" : "uma_protection",
"composite" : false,
"clientRole" : true,
"containerId" : "6a4298f1-199b-44b4-b6c5-61dc43ae67d8",
"attributes" : { }
} ],
"security-admin-console" : [ ],
"admin-cli" : [ ],
"account-console" : [ ],
"broker" : [ {
"id" : "32449780-99bf-486f-aec3-54d90bb58fde",
"name" : "read-token",
"description" : "${role_read-token}",
"composite" : false,
"clientRole" : true,
"containerId" : "2c0b7a7c-3a86-4878-b268-dfa4aa70596e",
"attributes" : { }
} ],
"account" : [ {
"id" : "a3fc9c52-73cf-45a4-ad97-28eeba291b2b",
"name" : "manage-consent",
"description" : "${role_manage-consent}",
"composite" : true,
"composites" : {
"client" : {
"account" : [ "view-consent" ]
}
},
"clientRole" : true,
"containerId" : "58bb8505-b7bb-47bb-8661-4735f0c5c794",
"attributes" : { }
}, {
"id" : "2d9c48e1-86a9-407a-8d6b-a1a6fd0e755b",
"name" : "view-applications",
"description" : "${role_view-applications}",
"composite" : false,
"clientRole" : true,
"containerId" : "58bb8505-b7bb-47bb-8661-4735f0c5c794",
"attributes" : { }
}, {
"id" : "db7a5045-2b0c-4b0c-bb83-e8406b507244",
"name" : "manage-account",
"description" : "${role_manage-account}",
"composite" : true,
"composites" : {
"client" : {
"account" : [ "manage-account-links" ]
}
},
"clientRole" : true,
"containerId" : "58bb8505-b7bb-47bb-8661-4735f0c5c794",
"attributes" : { }
}, {
"id" : "5d681aa7-7841-4419-a167-be167318e0f1",
"name" : "view-consent",
"description" : "${role_view-consent}",
"composite" : false,
"clientRole" : true,
"containerId" : "58bb8505-b7bb-47bb-8661-4735f0c5c794",
"attributes" : { }
}, {
"id" : "9b92e504-8d19-4f0a-997e-5cf7428b4bb4",
"name" : "view-profile",
"description" : "${role_view-profile}",
"composite" : false,
"clientRole" : true,
"containerId" : "58bb8505-b7bb-47bb-8661-4735f0c5c794",
"attributes" : { }
}, {
"id" : "624a6e3a-a7a6-462d-9dac-fa46fdba66f4",
"name" : "delete-account",
"description" : "${role_delete-account}",
"composite" : false,
"clientRole" : true,
"containerId" : "58bb8505-b7bb-47bb-8661-4735f0c5c794",
"attributes" : { }
}, {
"id" : "8c93f0e9-6ee8-48e9-b46e-f14e32000dc8",
"name" : "manage-account-links",
"description" : "${role_manage-account-links}",
"composite" : false,
"clientRole" : true,
"containerId" : "58bb8505-b7bb-47bb-8661-4735f0c5c794",
"attributes" : { }
} ]
}
},
"groups" : [ ],
"defaultRoles" : [ "offline_access", "uma_authorization" ],
"requiredCredentials" : [ "password" ],
"otpPolicyType" : "totp",
"otpPolicyAlgorithm" : "HmacSHA1",
"otpPolicyInitialCounter" : 0,
"otpPolicyDigits" : 6,
"otpPolicyLookAheadWindow" : 1,
"otpPolicyPeriod" : 30,
"otpSupportedApplications" : [ "FreeOTP", "Google Authenticator" ],
"webAuthnPolicyRpEntityName" : "keycloak",
"webAuthnPolicySignatureAlgorithms" : [ "ES256" ],
"webAuthnPolicyRpId" : "",
"webAuthnPolicyAttestationConveyancePreference" : "not specified",
"webAuthnPolicyAuthenticatorAttachment" : "not specified",
"webAuthnPolicyRequireResidentKey" : "not specified",
"webAuthnPolicyUserVerificationRequirement" : "not specified",
"webAuthnPolicyCreateTimeout" : 0,
"webAuthnPolicyAvoidSameAuthenticatorRegister" : false,
"webAuthnPolicyAcceptableAaguids" : [ ],
"webAuthnPolicyPasswordlessRpEntityName" : "keycloak",
"webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ],
"webAuthnPolicyPasswordlessRpId" : "",
"webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified",
"webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified",
"webAuthnPolicyPasswordlessRequireResidentKey" : "not specified",
"webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified",
"webAuthnPolicyPasswordlessCreateTimeout" : 0,
"webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false,
"webAuthnPolicyPasswordlessAcceptableAaguids" : [ ],
"users" : [ {
"id" : "03509f56-da0e-4503-ae7b-e3a050c6a3a3",
"createdTimestamp" : 1614190889289,
"username" : "organization-1",
"enabled" : true,
"totp" : false,
"emailVerified" : true,
"email" : "organization-1@organization-1",
"attributes" : {
"vm_access" : [ "{\"extra_labels\": {\"organization_id\": \"org1\" }}" ]
},
"credentials" : [ {
"id" : "50ee4eb6-6d39-429d-819f-9a658db05a5f",
"type" : "password",
"createdDate" : 1614190940908,
"secretData" : "{\"value\":\"/NJ5F3taHXdAoNQl6mJpcw4zLQtmJBSq7hENAYmt9wMaTMD8JEp7Kk3yehiANwXG3D9JpUz9iQTx0UJxbjkwvA==\",\"salt\":\"5weB3g7v7KNSOc3doW+PYQ==\",\"additionalParameters\":{}}",
"credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
} ],
"disableableCredentialTypes" : [ ],
"requiredActions" : [ ],
"realmRoles" : [ "offline_access", "uma_authorization" ],
"clientRoles" : {
"account" : [ "view-profile", "manage-account" ]
},
"notBefore" : 0,
"groups" : [ ]
}, {
"id" : "6135e361-2878-4449-a07e-07fcc84fde90",
"createdTimestamp" : 1614191273996,
"username" : "organization-2",
"enabled" : true,
"totp" : false,
"emailVerified" : true,
"email" : "organization-2@organization-2",
"attributes" : {
"vm_access" : [ "{ \"extra_labels\": {\"organization_id\": \"org2\"}}" ]
},
"credentials" : [ {
"id" : "8c28cad8-b5b4-4287-ae2c-f0430e3575f9",
"type" : "password",
"createdDate" : 1614191368462,
"secretData" : "{\"value\":\"prRS04Qd8207PxKok81vj2II/H6m8yaiDzszZo0DEPJFM5qEcG4YqNLRreMHPMib2LGozZf49n5R4yjEHu4RWA==\",\"salt\":\"KQTZkFiYU1RJ/XdTfLnLHQ==\",\"additionalParameters\":{}}",
"credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
} ],
"disableableCredentialTypes" : [ ],
"requiredActions" : [ ],
"realmRoles" : [ "offline_access", "uma_authorization" ],
"clientRoles" : {
"account" : [ "view-profile", "manage-account" ]
},
"notBefore" : 0,
"groups" : [ ]
}, {
"id" : "65abf7cc-df1c-4447-b4e4-0ac7b5bf11dd",
"createdTimestamp" : 1614191421392,
"username" : "organization-admin",
"enabled" : true,
"totp" : false,
"emailVerified" : true,
"email" : "organization-admin@organization-admin",
"attributes" : {
"vm_access" : [ "{}" ]
},
"credentials" : [ {
"id" : "d8ab594b-0ab3-4cd0-a895-ad33f440bad7",
"type" : "password",
"createdDate" : 1614191461426,
"secretData" : "{\"value\":\"GfxUkfYF0R0fc0lPSu8NtDnbyXgrTl6dfOPTINnT8mXbS/7mHU0el+NSGVksYcEl4/jFLzIhfNgU7Ud+zjIcoA==\",\"salt\":\"SmoD0NCidlznfdEool6Pbg==\",\"additionalParameters\":{}}",
"credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
} ],
"disableableCredentialTypes" : [ ],
"requiredActions" : [ ],
"realmRoles" : [ "offline_access", "uma_authorization" ],
"clientRoles" : {
"account" : [ "view-profile", "manage-account" ]
},
"notBefore" : 0,
"groups" : [ ]
}, {
"id" : "c8b94438-6dbe-464c-bbe0-d4ac89e7b886",
"createdTimestamp" : 1614081938992,
"username" : "service-account-grafana",
"enabled" : true,
"totp" : false,
"emailVerified" : false,
"serviceAccountClientId" : "grafana",
"credentials" : [ ],
"disableableCredentialTypes" : [ ],
"requiredActions" : [ ],
"realmRoles" : [ "offline_access", "uma_authorization" ],
"clientRoles" : {
"grafana" : [ "uma_protection" ],
"account" : [ "view-profile", "manage-account" ]
},
"notBefore" : 0,
"groups" : [ ]
} ],
"scopeMappings" : [ {
"clientScope" : "offline_access",
"roles" : [ "offline_access" ]
} ],
"clientScopeMappings" : {
"account" : [ {
"client" : "account-console",
"roles" : [ "manage-account" ]
} ]
},
"clients" : [ {
"id" : "58bb8505-b7bb-47bb-8661-4735f0c5c794",
"clientId" : "account",
"name" : "${client_account}",
"rootUrl" : "${authBaseUrl}",
"baseUrl" : "/realms/vm-demo/account/",
"surrogateAuthRequired" : false,
"enabled" : true,
"alwaysDisplayInConsole" : false,
"clientAuthenticatorType" : "client-secret",
"secret" : "997f5d7b-2c9e-47ce-bcde-232470b54137",
"defaultRoles" : [ "view-profile", "manage-account" ],
"redirectUris" : [ "/realms/vm-demo/account/*" ],
"webOrigins" : [ ],
"notBefore" : 0,
"bearerOnly" : false,
"consentRequired" : false,
"standardFlowEnabled" : true,
"implicitFlowEnabled" : false,
"directAccessGrantsEnabled" : false,
"serviceAccountsEnabled" : false,
"publicClient" : false,
"frontchannelLogout" : false,
"protocol" : "openid-connect",
"attributes" : { },
"authenticationFlowBindingOverrides" : { },
"fullScopeAllowed" : false,
"nodeReRegistrationTimeout" : 0,
"defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ],
"optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
}, {
"id" : "d626a506-d74c-4bed-bd83-2a6b727859e3",
"clientId" : "account-console",
"name" : "${client_account-console}",
"rootUrl" : "${authBaseUrl}",
"baseUrl" : "/realms/vm-demo/account/",
"surrogateAuthRequired" : false,
"enabled" : true,
"alwaysDisplayInConsole" : false,
"clientAuthenticatorType" : "client-secret",
"secret" : "527d9120-efde-434b-85a6-9191c6d5d830",
"redirectUris" : [ "/realms/vm-demo/account/*" ],
"webOrigins" : [ ],
"notBefore" : 0,
"bearerOnly" : false,
"consentRequired" : false,
"standardFlowEnabled" : true,
"implicitFlowEnabled" : false,
"directAccessGrantsEnabled" : false,
"serviceAccountsEnabled" : false,
"publicClient" : true,
"frontchannelLogout" : false,
"protocol" : "openid-connect",
"attributes" : {
"pkce.code.challenge.method" : "S256"
},
"authenticationFlowBindingOverrides" : { },
"fullScopeAllowed" : false,
"nodeReRegistrationTimeout" : 0,
"protocolMappers" : [ {
"id" : "d3817ff2-4d03-4fdb-9954-a4a5675f7b4b",
"name" : "audience resolve",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-audience-resolve-mapper",
"consentRequired" : false,
"config" : { }
} ],
"defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ],
"optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
}, {
"id" : "74e864dd-a6a1-465a-8aca-ce8c57687d77",
"clientId" : "admin-cli",
"name" : "${client_admin-cli}",
"surrogateAuthRequired" : false,
"enabled" : true,
"alwaysDisplayInConsole" : false,
"clientAuthenticatorType" : "client-secret",
"secret" : "7d58b1af-e9a8-4a3f-8bcd-0377a067b68f",
"redirectUris" : [ ],
"webOrigins" : [ ],
"notBefore" : 0,
"bearerOnly" : false,
"consentRequired" : false,
"standardFlowEnabled" : false,
"implicitFlowEnabled" : false,
"directAccessGrantsEnabled" : true,
"serviceAccountsEnabled" : false,
"publicClient" : true,
"frontchannelLogout" : false,
"protocol" : "openid-connect",
"attributes" : { },
"authenticationFlowBindingOverrides" : { },
"fullScopeAllowed" : false,
"nodeReRegistrationTimeout" : 0,
"defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ],
"optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
}, {
"id" : "2c0b7a7c-3a86-4878-b268-dfa4aa70596e",
"clientId" : "broker",
"name" : "${client_broker}",
"surrogateAuthRequired" : false,
"enabled" : true,
"alwaysDisplayInConsole" : false,
"clientAuthenticatorType" : "client-secret",
"secret" : "def73088-560c-436b-8c53-331e6b03e3eb",
"redirectUris" : [ ],
"webOrigins" : [ ],
"notBefore" : 0,
"bearerOnly" : false,
"consentRequired" : false,
"standardFlowEnabled" : true,
"implicitFlowEnabled" : false,
"directAccessGrantsEnabled" : false,
"serviceAccountsEnabled" : false,
"publicClient" : false,
"frontchannelLogout" : false,
"protocol" : "openid-connect",
"attributes" : { },
"authenticationFlowBindingOverrides" : { },
"fullScopeAllowed" : false,
"nodeReRegistrationTimeout" : 0,
"defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ],
"optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
}, {
"id" : "6a4298f1-199b-44b4-b6c5-61dc43ae67d8",
"clientId" : "grafana",
"rootUrl" : "https://demo.victoriametrics.com/auth",
"adminUrl" : "",
"baseUrl" : "/realms/vm-demo/account/",
"surrogateAuthRequired" : false,
"enabled" : true,
"alwaysDisplayInConsole" : false,
"clientAuthenticatorType" : "client-secret",
"secret" : "65f6213b-0815-4a21-81f7-4b9759c83c23",
"redirectUris" : [ "https://demo.victoriametrics.com", "http://vm-demo-grafana.default.svc:3000/*", "https://demo.victoriametrics.com/*", "https://demo.victoriametrics.com/grafana/*", "http://localhost:3000/*", "http://localhost:3000" ],
"webOrigins" : [ "https://demo.victoriametrics.com/*" ],
"notBefore" : 0,
"bearerOnly" : false,
"consentRequired" : false,
"standardFlowEnabled" : true,
"implicitFlowEnabled" : false,
"directAccessGrantsEnabled" : true,
"serviceAccountsEnabled" : true,
"authorizationServicesEnabled" : true,
"publicClient" : false,
"frontchannelLogout" : false,
"protocol" : "openid-connect",
"attributes" : {
"saml.assertion.signature" : "false",
"saml.force.post.binding" : "false",
"saml.multivalued.roles" : "false",
"saml.encrypt" : "false",
"backchannel.logout.revoke.offline.tokens" : "false",
"saml.server.signature" : "false",
"saml.server.signature.keyinfo.ext" : "false",
"exclude.session.state.from.auth.response" : "false",
"backchannel.logout.session.required" : "true",
"client_credentials.use_refresh_token" : "false",
"saml_force_name_id_format" : "false",
"saml.client.signature" : "false",
"tls.client.certificate.bound.access.tokens" : "false",
"saml.authnstatement" : "false",
"display.on.consent.screen" : "false",
"saml.onetimeuse.condition" : "false"
},
"authenticationFlowBindingOverrides" : { },
"fullScopeAllowed" : true,
"nodeReRegistrationTimeout" : -1,
"protocolMappers" : [ {
"id" : "eaca7afe-b9dd-4562-8ac4-d541bd493125",
"name" : "Client ID",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usersessionmodel-note-mapper",
"consentRequired" : false,
"config" : {
"user.session.note" : "clientId",
"userinfo.token.claim" : "true",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "clientId",
"jsonType.label" : "String"
}
}, {
"id" : "bbc37d2b-8cb3-47ba-a1b5-40b98dfe58fb",
"name" : "Client Host",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usersessionmodel-note-mapper",
"consentRequired" : false,
"config" : {
"user.session.note" : "clientHost",
"userinfo.token.claim" : "true",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "clientHost",
"jsonType.label" : "String"
}
}, {
"id" : "b63469c7-dcf0-4d07-a6af-944bc925dc27",
"name" : "Client IP Address",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usersessionmodel-note-mapper",
"consentRequired" : false,
"config" : {
"user.session.note" : "clientAddress",
"userinfo.token.claim" : "true",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "clientAddress",
"jsonType.label" : "String"
}
}, {
"id" : "e6254891-0c99-46a8-ae82-0cb97080a8c9",
"name" : "vm_access",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-attribute-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "vm_access",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "vm_access",
"jsonType.label" : "JSON"
}
} ],
"defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ],
"optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ],
"authorizationSettings" : {
"allowRemoteResourceManagement" : true,
"policyEnforcementMode" : "ENFORCING",
"resources" : [ {
"name" : "Default Resource",
"type" : "urn:grafana:resources:default",
"ownerManagedAccess" : false,
"attributes" : { },
"_id" : "94cab5d8-3159-4b59-80b8-4de4a6bc024e",
"uris" : [ "/*" ]
} ],
"policies" : [ {
"id" : "d1270f6d-b38c-481a-b2f7-62173c91e04a",
"name" : "Default Policy",
"description" : "A policy that grants access only for users within this realm",
"type" : "js",
"logic" : "POSITIVE",
"decisionStrategy" : "AFFIRMATIVE",
"config" : {
"code" : "// by default, grants any permission associated with this policy\n$evaluation.grant();\n"
}
}, {
"id" : "9d38362a-1afa-4042-9a1f-59ddc078bdcc",
"name" : "Default Permission",
"description" : "A permission that applies to the default resource type",
"type" : "resource",
"logic" : "POSITIVE",
"decisionStrategy" : "UNANIMOUS",
"config" : {
"defaultResourceType" : "urn:grafana:resources:default",
"applyPolicies" : "[\"Default Policy\"]"
}
} ],
"scopes" : [ ],
"decisionStrategy" : "UNANIMOUS"
}
}, {
"id" : "fcfdede8-ad90-44c7-836b-88be1d69e5eb",
"clientId" : "realm-management",
"name" : "${client_realm-management}",
"surrogateAuthRequired" : false,
"enabled" : true,
"alwaysDisplayInConsole" : false,
"clientAuthenticatorType" : "client-secret",
"secret" : "30411894-6e07-4abd-ae62-fe96a767701e",
"redirectUris" : [ ],
"webOrigins" : [ ],
"notBefore" : 0,
"bearerOnly" : true,
"consentRequired" : false,
"standardFlowEnabled" : true,
"implicitFlowEnabled" : false,
"directAccessGrantsEnabled" : false,
"serviceAccountsEnabled" : false,
"publicClient" : false,
"frontchannelLogout" : false,
"protocol" : "openid-connect",
"attributes" : { },
"authenticationFlowBindingOverrides" : { },
"fullScopeAllowed" : false,
"nodeReRegistrationTimeout" : 0,
"defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ],
"optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
}, {
"id" : "ad64a76a-d66d-4677-b557-e343e0ada7eb",
"clientId" : "security-admin-console",
"name" : "${client_security-admin-console}",
"rootUrl" : "${authAdminUrl}",
"baseUrl" : "/admin/vm-demo/console/",
"surrogateAuthRequired" : false,
"enabled" : true,
"alwaysDisplayInConsole" : false,
"clientAuthenticatorType" : "client-secret",
"secret" : "fbb86242-b2c5-4ce3-97e7-efb0123357f3",
"redirectUris" : [ "/admin/vm-demo/console/*" ],
"webOrigins" : [ "+" ],
"notBefore" : 0,
"bearerOnly" : false,
"consentRequired" : false,
"standardFlowEnabled" : true,
"implicitFlowEnabled" : false,
"directAccessGrantsEnabled" : false,
"serviceAccountsEnabled" : false,
"publicClient" : true,
"frontchannelLogout" : false,
"protocol" : "openid-connect",
"attributes" : {
"pkce.code.challenge.method" : "S256"
},
"authenticationFlowBindingOverrides" : { },
"fullScopeAllowed" : false,
"nodeReRegistrationTimeout" : 0,
"protocolMappers" : [ {
"id" : "552ba021-b96e-46c3-b918-600ba43c7beb",
"name" : "locale",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-attribute-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "locale",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "locale",
"jsonType.label" : "String"
}
} ],
"defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ],
"optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
} ],
"clientScopes" : [ {
"id" : "71872f44-e7cc-442b-961b-34586039b28c",
"name" : "address",
"description" : "OpenID Connect built-in scope: address",
"protocol" : "openid-connect",
"attributes" : {
"include.in.token.scope" : "true",
"display.on.consent.screen" : "true",
"consent.screen.text" : "${addressScopeConsentText}"
},
"protocolMappers" : [ {
"id" : "be9b42b9-8ae5-4954-a911-d34faed32327",
"name" : "address",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-address-mapper",
"consentRequired" : false,
"config" : {
"user.attribute.formatted" : "formatted",
"user.attribute.country" : "country",
"user.attribute.postal_code" : "postal_code",
"userinfo.token.claim" : "true",
"user.attribute.street" : "street",
"id.token.claim" : "true",
"user.attribute.region" : "region",
"access.token.claim" : "true",
"user.attribute.locality" : "locality"
}
} ]
}, {
"id" : "83721914-a1d8-409c-baa7-d8b2b7441793",
"name" : "email",
"description" : "OpenID Connect built-in scope: email",
"protocol" : "openid-connect",
"attributes" : {
"include.in.token.scope" : "true",
"display.on.consent.screen" : "true",
"consent.screen.text" : "${emailScopeConsentText}"
},
"protocolMappers" : [ {
"id" : "bf2f188a-52f3-4bd0-a85b-590566d6dfe7",
"name" : "email verified",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-property-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "emailVerified",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "email_verified",
"jsonType.label" : "boolean"
}
}, {
"id" : "4aef1663-2f6c-4842-9ef6-eaf06c10b51d",
"name" : "email",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-property-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "email",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "email",
"jsonType.label" : "String"
}
} ]
}, {
"id" : "2f851829-5025-4880-a1cc-38fa8ff9f480",
"name" : "microprofile-jwt",
"description" : "Microprofile - JWT built-in scope",
"protocol" : "openid-connect",
"attributes" : {
"include.in.token.scope" : "true",
"display.on.consent.screen" : "false"
},
"protocolMappers" : [ {
"id" : "a8908be8-d470-4ad0-8782-f3a62ecda73d",
"name" : "upn",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-property-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "username",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "upn",
"jsonType.label" : "String"
}
}, {
"id" : "237f1cec-f346-4bd6-9361-4c35d34bbe18",
"name" : "groups",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-realm-role-mapper",
"consentRequired" : false,
"config" : {
"multivalued" : "true",
"userinfo.token.claim" : "true",
"user.attribute" : "foo",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "groups",
"jsonType.label" : "String"
}
} ]
}, {
"id" : "846a3092-a27f-4233-b7b4-2db92dbc44ee",
"name" : "offline_access",
"description" : "OpenID Connect built-in scope: offline_access",
"protocol" : "openid-connect",
"attributes" : {
"consent.screen.text" : "${offlineAccessScopeConsentText}",
"display.on.consent.screen" : "true"
}
}, {
"id" : "145d816c-6d16-40ff-ade3-fb2c9485c823",
"name" : "phone",
"description" : "OpenID Connect built-in scope: phone",
"protocol" : "openid-connect",
"attributes" : {
"include.in.token.scope" : "true",
"display.on.consent.screen" : "true",
"consent.screen.text" : "${phoneScopeConsentText}"
},
"protocolMappers" : [ {
"id" : "95714ff4-f23a-4892-b0af-25ae396bb641",
"name" : "phone number",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-attribute-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "phoneNumber",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "phone_number",
"jsonType.label" : "String"
}
}, {
"id" : "3f6b3da4-202d-4bd0-99f6-5414a67258ca",
"name" : "phone number verified",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-attribute-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "phoneNumberVerified",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "phone_number_verified",
"jsonType.label" : "boolean"
}
} ]
}, {
"id" : "191553a0-b440-4216-b687-282a857e4b10",
"name" : "profile",
"description" : "OpenID Connect built-in scope: profile",
"protocol" : "openid-connect",
"attributes" : {
"include.in.token.scope" : "true",
"display.on.consent.screen" : "true",
"consent.screen.text" : "${profileScopeConsentText}"
},
"protocolMappers" : [ {
"id" : "3ef57ff1-ceab-4867-8de3-8684b4a5bd28",
"name" : "birthdate",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-attribute-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "birthdate",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "birthdate",
"jsonType.label" : "String"
}
}, {
"id" : "a66f72b2-c6d8-4143-98b9-e8c1ecf9cbee",
"name" : "zoneinfo",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-attribute-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "zoneinfo",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "zoneinfo",
"jsonType.label" : "String"
}
}, {
"id" : "598fff83-bc57-4128-b66b-c36b8e4f9dc7",
"name" : "middle name",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-attribute-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "middleName",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "middle_name",
"jsonType.label" : "String"
}
}, {
"id" : "ed580554-c1fc-438b-8ee9-e3875e5800af",
"name" : "updated at",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-attribute-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "updatedAt",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "updated_at",
"jsonType.label" : "String"
}
}, {
"id" : "8c173859-98cb-4444-98c9-3f7f80210538",
"name" : "full name",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-full-name-mapper",
"consentRequired" : false,
"config" : {
"id.token.claim" : "true",
"access.token.claim" : "true",
"userinfo.token.claim" : "true"
}
}, {
"id" : "566d5e96-eafc-43df-a3c8-6f70f72973bc",
"name" : "given name",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-property-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "firstName",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "given_name",
"jsonType.label" : "String"
}
}, {
"id" : "0b24a88f-43ac-454e-acb2-9aedc4a24f74",
"name" : "website",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-attribute-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "website",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "website",
"jsonType.label" : "String"
}
}, {
"id" : "27eadb09-023b-440d-90fd-d177094b148d",
"name" : "locale",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-attribute-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "locale",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "locale",
"jsonType.label" : "String"
}
}, {
"id" : "29a5cf10-bdd9-4f85-af71-471fdedd925d",
"name" : "picture",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-attribute-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "picture",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "picture",
"jsonType.label" : "String"
}
}, {
"id" : "35f6dc56-f498-428b-95ed-a43cf5bafd83",
"name" : "family name",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-property-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "lastName",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "family_name",
"jsonType.label" : "String"
}
}, {
"id" : "49733cd5-eb1d-4487-8bd0-804ba7dd8e02",
"name" : "gender",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-attribute-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "gender",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "gender",
"jsonType.label" : "String"
}
}, {
"id" : "aced0462-c46b-438a-b875-0291abc1005e",
"name" : "profile",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-attribute-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "profile",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "profile",
"jsonType.label" : "String"
}
}, {
"id" : "0027f4d2-4571-4c02-9390-9edc0bf072fe",
"name" : "username",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-property-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "username",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "preferred_username",
"jsonType.label" : "String"
}
}, {
"id" : "c8f3c512-78a3-419b-a5bf-6407a4a7f844",
"name" : "nickname",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-attribute-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "nickname",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "nickname",
"jsonType.label" : "String"
}
} ]
}, {
"id" : "82e6c9a1-fa28-4f71-b681-ee6ca9d57e72",
"name" : "role_list",
"description" : "SAML role list",
"protocol" : "saml",
"attributes" : {
"consent.screen.text" : "${samlRoleListScopeConsentText}",
"display.on.consent.screen" : "true"
},
"protocolMappers" : [ {
"id" : "03933b58-dda2-4f24-9d35-6fb4a249fbbf",
"name" : "role list",
"protocol" : "saml",
"protocolMapper" : "saml-role-list-mapper",
"consentRequired" : false,
"config" : {
"single" : "false",
"attribute.nameformat" : "Basic",
"attribute.name" : "Role"
}
} ]
}, {
"id" : "d67c1fa3-da3c-40c7-8a8b-15dc65c8885b",
"name" : "roles",
"description" : "OpenID Connect scope for add user roles to the access token",
"protocol" : "openid-connect",
"attributes" : {
"include.in.token.scope" : "false",
"display.on.consent.screen" : "true",
"consent.screen.text" : "${rolesScopeConsentText}"
},
"protocolMappers" : [ {
"id" : "9e3f88a4-f973-4c0a-9a10-15712ace2ed8",
"name" : "realm roles",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-realm-role-mapper",
"consentRequired" : false,
"config" : {
"user.attribute" : "foo",
"access.token.claim" : "true",
"claim.name" : "realm_access.roles",
"jsonType.label" : "String",
"multivalued" : "true"
}
}, {
"id" : "7e67b255-e9c2-43e1-b807-6a97d284c7a9",
"name" : "client roles",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-client-role-mapper",
"consentRequired" : false,
"config" : {
"user.attribute" : "foo",
"access.token.claim" : "true",
"claim.name" : "resource_access.${client_id}.roles",
"jsonType.label" : "String",
"multivalued" : "true"
}
}, {
"id" : "0f715c91-62f4-4fa5-b3b3-731f3e7249c0",
"name" : "audience resolve",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-audience-resolve-mapper",
"consentRequired" : false,
"config" : { }
} ]
}, {
"id" : "7cb7596f-aad0-44fe-8d89-d01d8a2e327f",
"name" : "web-origins",
"description" : "OpenID Connect scope for add allowed web origins to the access token",
"protocol" : "openid-connect",
"attributes" : {
"include.in.token.scope" : "false",
"display.on.consent.screen" : "false",
"consent.screen.text" : ""
},
"protocolMappers" : [ {
"id" : "cf06c81c-ccc8-4e22-9d52-c1aa62214398",
"name" : "allowed web origins",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-allowed-origins-mapper",
"consentRequired" : false,
"config" : { }
} ]
} ],
"defaultDefaultClientScopes" : [ "profile", "web-origins", "role_list", "email", "roles" ],
"defaultOptionalClientScopes" : [ "phone", "microprofile-jwt", "address", "offline_access" ],
"browserSecurityHeaders" : {
"contentSecurityPolicyReportOnly" : "",
"xContentTypeOptions" : "nosniff",
"xRobotsTag" : "none",
"xFrameOptions" : "SAMEORIGIN",
"contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
"xXSSProtection" : "1; mode=block",
"strictTransportSecurity" : "max-age=31536000; includeSubDomains"
},
"smtpServer" : { },
"eventsEnabled" : false,
"eventsListeners" : [ "jboss-logging" ],
"enabledEventTypes" : [ ],
"adminEventsEnabled" : false,
"adminEventsDetailsEnabled" : false,
"identityProviders" : [ ],
"identityProviderMappers" : [ ],
"components" : {
"org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ {
"id" : "e5c414b6-f69b-4fa2-900c-54ad33a51cfc",
"name" : "Max Clients Limit",
"providerId" : "max-clients",
"subType" : "anonymous",
"subComponents" : { },
"config" : {
"max-clients" : [ "200" ]
}
}, {
"id" : "514dbf17-e310-420f-8069-e7b25fae2289",
"name" : "Allowed Client Scopes",
"providerId" : "allowed-client-templates",
"subType" : "anonymous",
"subComponents" : { },
"config" : {
"allow-default-scopes" : [ "true" ]
}
}, {
"id" : "8e142075-20e7-4140-ae8e-575cee553b5e",
"name" : "Full Scope Disabled",
"providerId" : "scope",
"subType" : "anonymous",
"subComponents" : { },
"config" : { }
}, {
"id" : "6645f3d6-22ba-4553-9877-6f06b6a49b07",
"name" : "Consent Required",
"providerId" : "consent-required",
"subType" : "anonymous",
"subComponents" : { },
"config" : { }
}, {
"id" : "c9be0c20-d435-427c-93e3-efb4db09bf8a",
"name" : "Allowed Client Scopes",
"providerId" : "allowed-client-templates",
"subType" : "authenticated",
"subComponents" : { },
"config" : {
"allow-default-scopes" : [ "true" ]
}
}, {
"id" : "49819c59-d23d-4488-a227-dcb105f1a3a2",
"name" : "Trusted Hosts",
"providerId" : "trusted-hosts",
"subType" : "anonymous",
"subComponents" : { },
"config" : {
"host-sending-registration-request-must-match" : [ "true" ],
"client-uris-must-match" : [ "true" ]
}
}, {
"id" : "007761cd-b3fe-4734-abe9-afafb63d1376",
"name" : "Allowed Protocol Mapper Types",
"providerId" : "allowed-protocol-mappers",
"subType" : "anonymous",
"subComponents" : { },
"config" : {
"allowed-protocol-mapper-types" : [ "oidc-sha256-pairwise-sub-mapper", "saml-user-property-mapper", "saml-role-list-mapper", "saml-user-attribute-mapper", "oidc-address-mapper", "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-full-name-mapper" ]
}
}, {
"id" : "0a6015b4-530d-4081-86fa-b262b7412681",
"name" : "Allowed Protocol Mapper Types",
"providerId" : "allowed-protocol-mappers",
"subType" : "authenticated",
"subComponents" : { },
"config" : {
"allowed-protocol-mapper-types" : [ "oidc-usermodel-property-mapper", "saml-user-property-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-full-name-mapper", "oidc-usermodel-attribute-mapper", "saml-role-list-mapper", "saml-user-attribute-mapper", "oidc-address-mapper" ]
}
} ],
"org.keycloak.keys.KeyProvider" : [ {
"id" : "b7fc33bd-af65-4a76-ba7a-dba6c497aba9",
"name" : "rsa-generated",
"providerId" : "rsa-generated",
"subComponents" : { },
"config" : {
"privateKey" : [ "MIIEowIBAAKCAQEAkqT8n9oHfK/o+bSndPJdlK8bG5cAdoK0AHKXSMmxDuO9iou2yBOZBUBZa56AMFFeF4qmNWjkH8avo3IUBe/nrBtGi3Wp3sSECpeubR78tP/hH1+dFYIMhCGWjUsWkZZu4Hj9tIwNBhuU+HjPTZixjERuEeSNuT5eQoUVIekMGLlpHj0hsHWyhgE6Hud84+N9nFrp1yrN3f02M6vtKGaZAMEHFTLerxwxqpasm+AWEdjICYyNOGVsC5TsieVrL05+uMaLMzroDjHJ0fEVhbzdtRtc0vR5vNnCpLYA9Krh7fObbyEIexUIPWMzoJlvs7jLSJeppMh0egPzi6iorAKRyQIDAQABAoIBAGGTluVm1oSJKKS/KI4Ql2RP/+Gj4JL69Xs2xKOSUVZvA7gkr0MCh1ePMfECTpnYCpvvjhkL6n+aXVSMm/Y3ZBiJLa+uY5HvgUzrEQ1bCRwHB20w2f1tw5ZIIz1xMVs+lhiXaXmxlxjxUXbkLEydxcZn4jXVttgEQARTOXSO9ZWdBHSYS06MN09iofuKtaClfcNml/lg65OS4w5dnqdlicsxNtps5L9A1S+Bn0GW9b0NprmoXL0w3wPuYDy93nVpKrAA0tikijOQd+tCcDMTLJSf2W8PDBljSsrZr6abbjp/A44FvRxJugCFph3E8Ng9m00Yec40KDTODc++AKnUTuECgYEA5Q4l3mM1A30I4GuX7hsZf35T4DhRl0QeQOPzfyURbgnQ69UxH3IO8gHfnwIFH5DPMq2dMgfj1URgOCtsbA/ZatnOEpV0nc20Mk3HyXFd4ESqgZh/kP1bWW5vQ2TNXZ3Kv7chWY7BSK1wvMAtfw/3CdVMcQGOt+1Xi8Uy/6udN+8CgYEAo+UXT3jiiKT4//aVGreI9QBGFxlrPeaqdfAlHyGZikwEzjU66Cqn9/F4FPSZl9krL/fcQFcr5vbXsRAx6+U5btVGgiQwUVfE3NAij6DR9aT3p28BpC2gq4kwLuJQ1OpPqXAW6Xml8fD5/JAMbHP07OxMKr55/g72H47I+L9GWccCgYEAu7VzbSLpz/kIbDlgIX3N0IBrJiWhH5BwJodoBXsQJJggwRNOFVH4U3UbmAgkwLCATCyg1N5IZH6LR5y2VnxKlVj2mp4mGif4Ev1Qy5F++AntnRSm/d/Sm6B3x8f00FI+VAw0ZVsqpG+WIuhuoGEp9sH4yecX2TzEcMNjPsiZp7sCgYAskHJSLbCLLzB1iPrqFNWsqLJmPYcngbz/7JhraptxO1JjL54g2thpVsMsD4Zj/6z6kg7Vf950ItJrVtf8KIwBUwSlBmoM9CyXThDXtQbiIEUmxcxQdAeoHNl5JhiMjFm03MGeInG446lVv2VhZ/ZFJctgJALPzgmmcxC6cmgSqQKBgDI8+l05SujOwOJNO2BvnbfDOzFRnUTlnjWEiRU+9JlPexNaJNJ1znFnf1k6+OiXc6kBPCdWA2KASgmhmItdkeHJ44R/UHe096Q614IHdzZooUHnH0OylAGosHk8+6udcTHOb6Sk0qF6Kto+KjgFYOhkTfPL0Q/m/2EztDs4CX4I" ],
"certificate" : [ "MIICnTCCAYUCBgF3zsQPUzANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAd2bS1kZW1vMB4XDTIxMDIyMzExNTk1MVoXDTMxMDIyMzEyMDEzMVowEjEQMA4GA1UEAwwHdm0tZGVtbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJKk/J/aB3yv6Pm0p3TyXZSvGxuXAHaCtAByl0jJsQ7jvYqLtsgTmQVAWWuegDBRXheKpjVo5B/Gr6NyFAXv56wbRot1qd7EhAqXrm0e/LT/4R9fnRWCDIQhlo1LFpGWbuB4/bSMDQYblPh4z02YsYxEbhHkjbk+XkKFFSHpDBi5aR49IbB1soYBOh7nfOPjfZxa6dcqzd39NjOr7ShmmQDBBxUy3q8cMaqWrJvgFhHYyAmMjThlbAuU7Inlay9OfrjGizM66A4xydHxFYW83bUbXNL0ebzZwqS2APSq4e3zm28hCHsVCD1jM6CZb7O4y0iXqaTIdHoD84uoqKwCkckCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAYJgj5s9K8lkZZnKEJeG6x6KuWPNjgt99AsxVe3bGIHQ7OVCeFvUQ5mQ+CRJec2zEg9tZKLdCNaVsElvbw+2rtNw8xolbjMhIZBvmHAueoHbO0EvAaGb9Pr9ukhEorEqZV6X/QAFuyunCaSzyrVPCC3xGjyL7Pf39nRWY+0Q16K4KKuFHSCKlDRQkFSKc47DOEpJ/siS3BLuO9mFIADWyfhEBLuLaOz3wcKLyvakBgp7wmtrQHd75bH/xi312liZHRUTZVeYST5PxcZDNgL5kqpxAHFdSNiEO40pV54ChZgtXTl6zDo2/Cvc1f2jxAuyG/IVihHcI55aAwjo3gd3Djg==" ],
"priority" : [ "100" ]
}
}, {
"id" : "30526f5d-edfb-43ce-9dd3-223b52d939ce",
"name" : "hmac-generated",
"providerId" : "hmac-generated",
"subComponents" : { },
"config" : {
"kid" : [ "0ed9d9d7-b02f-46ba-98ea-64cf4344fb88" ],
"secret" : [ "GzfYl53UYkrCQQYXBR0PfQ42RrYerrg-8uWy-lM4AgnQkq2LlvPBKW_qItNaDUj0lQGphm3AfSYh56lTgoHqGQ" ],
"priority" : [ "100" ],
"algorithm" : [ "HS256" ]
}
}, {
"id" : "ea79a71d-a620-4461-a752-3a498e1ca1c0",
"name" : "aes-generated",
"providerId" : "aes-generated",
"subComponents" : { },
"config" : {
"kid" : [ "41214b56-00ca-4fbd-9e73-d467152b789c" ],
"secret" : [ "iOkYLHTSejflWL8uqeE2Pw" ],
"priority" : [ "100" ]
}
} ]
},
"internationalizationEnabled" : false,
"supportedLocales" : [ ],
"authenticationFlows" : [ {
"id" : "20b21644-d7ba-46f7-b2cd-0e00d65b1134",
"alias" : "Account verification options",
"description" : "Method with which to verity the existing account",
"providerId" : "basic-flow",
"topLevel" : false,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "idp-email-verification",
"requirement" : "ALTERNATIVE",
"priority" : 10,
"userSetupAllowed" : false,
"autheticatorFlow" : false
}, {
"requirement" : "ALTERNATIVE",
"priority" : 20,
"flowAlias" : "Verify Existing Account by Re-authentication",
"userSetupAllowed" : false,
"autheticatorFlow" : true
} ]
}, {
"id" : "fd3194a7-a178-4f3f-b67b-452f96b7d39e",
"alias" : "Authentication Options",
"description" : "Authentication options.",
"providerId" : "basic-flow",
"topLevel" : false,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "basic-auth",
"requirement" : "REQUIRED",
"priority" : 10,
"userSetupAllowed" : false,
"autheticatorFlow" : false
}, {
"authenticator" : "basic-auth-otp",
"requirement" : "DISABLED",
"priority" : 20,
"userSetupAllowed" : false,
"autheticatorFlow" : false
}, {
"authenticator" : "auth-spnego",
"requirement" : "DISABLED",
"priority" : 30,
"userSetupAllowed" : false,
"autheticatorFlow" : false
} ]
}, {
"id" : "46ee40bf-b387-4338-b8af-668b35b6b188",
"alias" : "Browser - Conditional OTP",
"description" : "Flow to determine if the OTP is required for the authentication",
"providerId" : "basic-flow",
"topLevel" : false,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "conditional-user-configured",
"requirement" : "REQUIRED",
"priority" : 10,
"userSetupAllowed" : false,
"autheticatorFlow" : false
}, {
"authenticator" : "auth-otp-form",
"requirement" : "REQUIRED",
"priority" : 20,
"userSetupAllowed" : false,
"autheticatorFlow" : false
} ]
}, {
"id" : "355c5b59-2d78-4e0e-85ff-3c9af0026ba2",
"alias" : "Direct Grant - Conditional OTP",
"description" : "Flow to determine if the OTP is required for the authentication",
"providerId" : "basic-flow",
"topLevel" : false,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "conditional-user-configured",
"requirement" : "REQUIRED",
"priority" : 10,
"userSetupAllowed" : false,
"autheticatorFlow" : false
}, {
"authenticator" : "direct-grant-validate-otp",
"requirement" : "REQUIRED",
"priority" : 20,
"userSetupAllowed" : false,
"autheticatorFlow" : false
} ]
}, {
"id" : "1425d393-0945-42d6-b308-2d9f951d75d1",
"alias" : "First broker login - Conditional OTP",
"description" : "Flow to determine if the OTP is required for the authentication",
"providerId" : "basic-flow",
"topLevel" : false,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "conditional-user-configured",
"requirement" : "REQUIRED",
"priority" : 10,
"userSetupAllowed" : false,
"autheticatorFlow" : false
}, {
"authenticator" : "auth-otp-form",
"requirement" : "REQUIRED",
"priority" : 20,
"userSetupAllowed" : false,
"autheticatorFlow" : false
} ]
}, {
"id" : "ee774386-c61e-4181-9c49-88b93529394c",
"alias" : "Handle Existing Account",
"description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider",
"providerId" : "basic-flow",
"topLevel" : false,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "idp-confirm-link",
"requirement" : "REQUIRED",
"priority" : 10,
"userSetupAllowed" : false,
"autheticatorFlow" : false
}, {
"requirement" : "REQUIRED",
"priority" : 20,
"flowAlias" : "Account verification options",
"userSetupAllowed" : false,
"autheticatorFlow" : true
} ]
}, {
"id" : "32d2f4ca-b159-462d-b98b-7e67cc663658",
"alias" : "Reset - Conditional OTP",
"description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.",
"providerId" : "basic-flow",
"topLevel" : false,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "conditional-user-configured",
"requirement" : "REQUIRED",
"priority" : 10,
"userSetupAllowed" : false,
"autheticatorFlow" : false
}, {
"authenticator" : "reset-otp",
"requirement" : "REQUIRED",
"priority" : 20,
"userSetupAllowed" : false,
"autheticatorFlow" : false
} ]
}, {
"id" : "bde4998f-380c-4e9b-815f-73d576930922",
"alias" : "User creation or linking",
"description" : "Flow for the existing/non-existing user alternatives",
"providerId" : "basic-flow",
"topLevel" : false,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticatorConfig" : "create unique user config",
"authenticator" : "idp-create-user-if-unique",
"requirement" : "ALTERNATIVE",
"priority" : 10,
"userSetupAllowed" : false,
"autheticatorFlow" : false
}, {
"requirement" : "ALTERNATIVE",
"priority" : 20,
"flowAlias" : "Handle Existing Account",
"userSetupAllowed" : false,
"autheticatorFlow" : true
} ]
}, {
"id" : "eee3d102-ed8b-43e7-8fe6-6159afbcbf0c",
"alias" : "Verify Existing Account by Re-authentication",
"description" : "Reauthentication of existing account",
"providerId" : "basic-flow",
"topLevel" : false,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "idp-username-password-form",
"requirement" : "REQUIRED",
"priority" : 10,
"userSetupAllowed" : false,
"autheticatorFlow" : false
}, {
"requirement" : "CONDITIONAL",
"priority" : 20,
"flowAlias" : "First broker login - Conditional OTP",
"userSetupAllowed" : false,
"autheticatorFlow" : true
} ]
}, {
"id" : "3a852ea3-4463-49c8-b573-6ca124fddf64",
"alias" : "browser",
"description" : "browser based authentication",
"providerId" : "basic-flow",
"topLevel" : true,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "auth-cookie",
"requirement" : "ALTERNATIVE",
"priority" : 10,
"userSetupAllowed" : false,
"autheticatorFlow" : false
}, {
"authenticator" : "auth-spnego",
"requirement" : "DISABLED",
"priority" : 20,
"userSetupAllowed" : false,
"autheticatorFlow" : false
}, {
"authenticator" : "identity-provider-redirector",
"requirement" : "ALTERNATIVE",
"priority" : 25,
"userSetupAllowed" : false,
"autheticatorFlow" : false
}, {
"requirement" : "ALTERNATIVE",
"priority" : 30,
"flowAlias" : "forms",
"userSetupAllowed" : false,
"autheticatorFlow" : true
} ]
}, {
"id" : "6f139e2a-aafb-41ed-b1b6-ada61d434667",
"alias" : "clients",
"description" : "Base authentication for clients",
"providerId" : "client-flow",
"topLevel" : true,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "client-secret",
"requirement" : "ALTERNATIVE",
"priority" : 10,
"userSetupAllowed" : false,
"autheticatorFlow" : false
}, {
"authenticator" : "client-jwt",
"requirement" : "ALTERNATIVE",
"priority" : 20,
"userSetupAllowed" : false,
"autheticatorFlow" : false
}, {
"authenticator" : "client-secret-jwt",
"requirement" : "ALTERNATIVE",
"priority" : 30,
"userSetupAllowed" : false,
"autheticatorFlow" : false
}, {
"authenticator" : "client-x509",
"requirement" : "ALTERNATIVE",
"priority" : 40,
"userSetupAllowed" : false,
"autheticatorFlow" : false
} ]
}, {
"id" : "dcc1153b-3959-466d-b9ef-415610c75076",
"alias" : "direct grant",
"description" : "OpenID Connect Resource Owner Grant",
"providerId" : "basic-flow",
"topLevel" : true,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "direct-grant-validate-username",
"requirement" : "REQUIRED",
"priority" : 10,
"userSetupAllowed" : false,
"autheticatorFlow" : false
}, {
"authenticator" : "direct-grant-validate-password",
"requirement" : "REQUIRED",
"priority" : 20,
"userSetupAllowed" : false,
"autheticatorFlow" : false
}, {
"requirement" : "CONDITIONAL",
"priority" : 30,
"flowAlias" : "Direct Grant - Conditional OTP",
"userSetupAllowed" : false,
"autheticatorFlow" : true
} ]
}, {
"id" : "e61f6db0-3565-4095-bf51-a1cc8dd05123",
"alias" : "docker auth",
"description" : "Used by Docker clients to authenticate against the IDP",
"providerId" : "basic-flow",
"topLevel" : true,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "docker-http-basic-authenticator",
"requirement" : "REQUIRED",
"priority" : 10,
"userSetupAllowed" : false,
"autheticatorFlow" : false
} ]
}, {
"id" : "2129e2eb-db8a-4059-915c-3cde1778305f",
"alias" : "first broker login",
"description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
"providerId" : "basic-flow",
"topLevel" : true,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticatorConfig" : "review profile config",
"authenticator" : "idp-review-profile",
"requirement" : "REQUIRED",
"priority" : 10,
"userSetupAllowed" : false,
"autheticatorFlow" : false
}, {
"requirement" : "REQUIRED",
"priority" : 20,
"flowAlias" : "User creation or linking",
"userSetupAllowed" : false,
"autheticatorFlow" : true
} ]
}, {
"id" : "e13c2267-db90-4ca5-a4b6-8bcfa9eb0eae",
"alias" : "forms",
"description" : "Username, password, otp and other auth forms.",
"providerId" : "basic-flow",
"topLevel" : false,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "auth-username-password-form",
"requirement" : "REQUIRED",
"priority" : 10,
"userSetupAllowed" : false,
"autheticatorFlow" : false
}, {
"requirement" : "CONDITIONAL",
"priority" : 20,
"flowAlias" : "Browser - Conditional OTP",
"userSetupAllowed" : false,
"autheticatorFlow" : true
} ]
}, {
"id" : "095f7599-4601-4a95-ad6f-c6c5734f7871",
"alias" : "http challenge",
"description" : "An authentication flow based on challenge-response HTTP Authentication Schemes",
"providerId" : "basic-flow",
"topLevel" : true,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "no-cookie-redirect",
"requirement" : "REQUIRED",
"priority" : 10,
"userSetupAllowed" : false,
"autheticatorFlow" : false
}, {
"requirement" : "REQUIRED",
"priority" : 20,
"flowAlias" : "Authentication Options",
"userSetupAllowed" : false,
"autheticatorFlow" : true
} ]
}, {
"id" : "42de1f1f-7f92-4428-8368-1a3eb27df368",
"alias" : "registration",
"description" : "registration flow",
"providerId" : "basic-flow",
"topLevel" : true,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "registration-page-form",
"requirement" : "REQUIRED",
"priority" : 10,
"flowAlias" : "registration form",
"userSetupAllowed" : false,
"autheticatorFlow" : true
} ]
}, {
"id" : "f3b7295f-c335-45bc-b08d-e74b06dee4e3",
"alias" : "registration form",
"description" : "registration form",
"providerId" : "form-flow",
"topLevel" : false,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "registration-user-creation",
"requirement" : "REQUIRED",
"priority" : 20,
"userSetupAllowed" : false,
"autheticatorFlow" : false
}, {
"authenticator" : "registration-profile-action",
"requirement" : "REQUIRED",
"priority" : 40,
"userSetupAllowed" : false,
"autheticatorFlow" : false
}, {
"authenticator" : "registration-password-action",
"requirement" : "REQUIRED",
"priority" : 50,
"userSetupAllowed" : false,
"autheticatorFlow" : false
}, {
"authenticator" : "registration-recaptcha-action",
"requirement" : "DISABLED",
"priority" : 60,
"userSetupAllowed" : false,
"autheticatorFlow" : false
} ]
}, {
"id" : "f0bca209-cf33-4b69-b137-39a30d05605d",
"alias" : "reset credentials",
"description" : "Reset credentials for a user if they forgot their password or something",
"providerId" : "basic-flow",
"topLevel" : true,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "reset-credentials-choose-user",
"requirement" : "REQUIRED",
"priority" : 10,
"userSetupAllowed" : false,
"autheticatorFlow" : false
}, {
"authenticator" : "reset-credential-email",
"requirement" : "REQUIRED",
"priority" : 20,
"userSetupAllowed" : false,
"autheticatorFlow" : false
}, {
"authenticator" : "reset-password",
"requirement" : "REQUIRED",
"priority" : 30,
"userSetupAllowed" : false,
"autheticatorFlow" : false
}, {
"requirement" : "CONDITIONAL",
"priority" : 40,
"flowAlias" : "Reset - Conditional OTP",
"userSetupAllowed" : false,
"autheticatorFlow" : true
} ]
}, {
"id" : "4f81a684-51d9-4ef0-bb81-98eddda74ad6",
"alias" : "saml ecp",
"description" : "SAML ECP Profile Authentication Flow",
"providerId" : "basic-flow",
"topLevel" : true,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "http-basic-authenticator",
"requirement" : "REQUIRED",
"priority" : 10,
"userSetupAllowed" : false,
"autheticatorFlow" : false
} ]
} ],
"authenticatorConfig" : [ {
"id" : "26722a7e-dfdd-4178-9a6e-765dcf562698",
"alias" : "create unique user config",
"config" : {
"require.password.update.after.registration" : "false"
}
}, {
"id" : "cf75325c-3946-41e2-843b-04a714224c81",
"alias" : "review profile config",
"config" : {
"update.profile.on.first.login" : "missing"
}
} ],
"requiredActions" : [ {
"alias" : "CONFIGURE_TOTP",
"name" : "Configure OTP",
"providerId" : "CONFIGURE_TOTP",
"enabled" : true,
"defaultAction" : false,
"priority" : 10,
"config" : { }
}, {
"alias" : "terms_and_conditions",
"name" : "Terms and Conditions",
"providerId" : "terms_and_conditions",
"enabled" : false,
"defaultAction" : false,
"priority" : 20,
"config" : { }
}, {
"alias" : "UPDATE_PASSWORD",
"name" : "Update Password",
"providerId" : "UPDATE_PASSWORD",
"enabled" : true,
"defaultAction" : false,
"priority" : 30,
"config" : { }
}, {
"alias" : "UPDATE_PROFILE",
"name" : "Update Profile",
"providerId" : "UPDATE_PROFILE",
"enabled" : true,
"defaultAction" : false,
"priority" : 40,
"config" : { }
}, {
"alias" : "VERIFY_EMAIL",
"name" : "Verify Email",
"providerId" : "VERIFY_EMAIL",
"enabled" : true,
"defaultAction" : false,
"priority" : 50,
"config" : { }
}, {
"alias" : "delete_account",
"name" : "Delete Account",
"providerId" : "delete_account",
"enabled" : false,
"defaultAction" : false,
"priority" : 60,
"config" : { }
}, {
"alias" : "update_user_locale",
"name" : "Update User Locale",
"providerId" : "update_user_locale",
"enabled" : true,
"defaultAction" : false,
"priority" : 1000,
"config" : { }
} ],
"browserFlow" : "browser",
"registrationFlow" : "registration",
"directGrantFlow" : "direct grant",
"resetCredentialsFlow" : "reset credentials",
"clientAuthenticationFlow" : "clients",
"dockerAuthenticationFlow" : "docker auth",
"attributes" : {
"clientOfflineSessionMaxLifespan" : "0",
"clientSessionIdleTimeout" : "0",
"clientSessionMaxLifespan" : "0",
"frontendUrl" : "https://demo.victoriametrics.com/auth/",
"clientOfflineSessionIdleTimeout" : "0"
},
"keycloakVersion" : "12.0.1",
"userManagedAccessAllowed" : false
}
Raw
single.yaml
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: monitoring
app.kubernetes.io/instance: demo
app.kubernetes.io/name: vmdb-os
name: vmdb-os-demo-np
spec:
ports:
- name: http
port: 8428
protocol: TCP
targetPort: 8428
nodePort: 30428
selector:
app.kubernetes.io/component: monitoring
app.kubernetes.io/instance: demo
app.kubernetes.io/name: vmdb-os
type: NodePort
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: monitoring
app.kubernetes.io/instance: demo
app.kubernetes.io/name: vmdb-os
name: vmdb-os-demo
spec:
ports:
- name: http
port: 8428
protocol: TCP
targetPort: 8428
selector:
app.kubernetes.io/component: monitoring
app.kubernetes.io/instance: demo
app.kubernetes.io/name: vmdb-os
type: ClusterIP
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: vmsingle
labels:
app.kubernetes.io/component: monitoring
app.kubernetes.io/instance: demo
app.kubernetes.io/name: vmdb-os
spec:
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
resources:
requests:
storage: 20Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: monitoring
app.kubernetes.io/instance: demo
app.kubernetes.io/name: vmdb-os
name: vmdb-os-demo
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/component: monitoring
app.kubernetes.io/instance: demo
app.kubernetes.io/name: vmdb-os
strategy:
type: Recreate
template:
metadata:
labels:
app.kubernetes.io/component: monitoring
app.kubernetes.io/instance: demo
app.kubernetes.io/name: vmdb-os
spec:
containers:
- args:
- -storageDataPath=/victoria-metrics-data
image: victoriametrics/victoria-metrics:v1.54.1
livenessProbe:
failureThreshold: 3
httpGet:
path: /health
port: 8428
scheme: HTTP
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 5
name: vmdb-os
ports:
- containerPort: 8428
name: http
protocol: TCP
readinessProbe:
failureThreshold: 10
httpGet:
path: /health
port: 8428
scheme: HTTP
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 5
resources:
limits:
cpu: "2"
memory: 4512Mi
requests:
cpu: 500m
memory: 512Mi
volumeMounts:
- mountPath: /victoria-metrics-data
name: data
securityContext:
fsGroup: 65534
runAsNonRoot: true
runAsUser: 65534
volumes:
- persistentVolumeClaim:
claimName: vmsingle
name: data
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment