diff --git a/compose.yaml b/compose.yaml index 3f4b65421..8cd238958 100644 --- a/compose.yaml +++ b/compose.yaml @@ -28,7 +28,7 @@ services: - TIMED_SSO_CLIENT_ID=timed-public keycloak: - image: keycloak/keycloak:24.0.3 + image: keycloak/keycloak:25.0 depends_on: - db volumes: diff --git a/keycloak/config.json b/keycloak/config.json index bbdc46509..0f32baa66 100644 --- a/keycloak/config.json +++ b/keycloak/config.json @@ -553,8 +553,8 @@ "id" : "b6e7a821-7468-4f47-9090-e9f8b5b6f47f", "type" : "password", "createdDate" : 1714983538218, - "secretData" : "{\"value\":\"R8M7GQmbpG+HdE5gZTrzuEEad/FsIUpXkgS6jpkRcCvWN1BOKBm+HZZiqKzq0JOp006msAsgxKLGuI2J8vivPA==\",\"salt\":\"woXe0WAn8Ila4qo4i+MWxA==\",\"additionalParameters\":{}}", - "credentialData" : "{\"hashIterations\":210000,\"algorithm\":\"pbkdf2-sha512\",\"additionalParameters\":{}}" + "secretData" : "{\"value\":\"zMTrVhokCzBzjLjqqhUUmcuKGlDOpu9GhpW+gxkte4Y=\",\"salt\":\"zxQe7aQJ+tMKpK+Jjv114g==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":5,\"algorithm\":\"argon2\",\"additionalParameters\":{\"hashLength\":[\"32\"],\"memory\":[\"7168\"],\"type\":[\"id\"],\"version\":[\"1.3\"],\"parallelism\":[\"1\"]}}" } ], "disableableCredentialTypes" : [ ], "requiredActions" : [ ], @@ -603,7 +603,7 @@ "authenticationFlowBindingOverrides" : { }, "fullScopeAllowed" : false, "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "basic", "email" ], "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { "id" : "e23137e9-69dc-4aa1-ab09-576229d4b360", @@ -642,7 +642,7 @@ "consentRequired" : false, "config" : { } } ], - "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "basic", "email" ], "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { "id" : "370e39e7-a935-454d-85c7-5340b12473ad", @@ -670,7 +670,7 @@ "authenticationFlowBindingOverrides" : { }, "fullScopeAllowed" : false, "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "basic", "email" ], "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { "id" : "267ea800-4fbf-4c3c-aba4-f034652dbae8", @@ -773,7 +773,7 @@ "jsonType.label" : "String" } } ], - "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "basic", "email" ], "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { "id" : "a97276c8-541b-4d06-86fc-4199ad4af83f", @@ -811,8 +811,8 @@ "protocol" : "openid-connect", "attributes" : { "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${addressScopeConsentText}" + "consent.screen.text" : "${addressScopeConsentText}", + "display.on.consent.screen" : "true" }, "protocolMappers" : [ { "id" : "20e72be7-7219-41b0-8400-e328c28b20e8", @@ -892,8 +892,8 @@ "protocol" : "openid-connect", "attributes" : { "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${profileScopeConsentText}" + "consent.screen.text" : "${profileScopeConsentText}", + "display.on.consent.screen" : "true" }, "protocolMappers" : [ { "id" : "1df3a6b2-7472-4bb1-957f-ccd22d9b2796", @@ -1110,8 +1110,8 @@ "protocol" : "openid-connect", "attributes" : { "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${phoneScopeConsentText}" + "consent.screen.text" : "${phoneScopeConsentText}", + "display.on.consent.screen" : "true" }, "protocolMappers" : [ { "id" : "e743fc8b-a6da-4dc0-be6a-9ecca0652b6c", @@ -1144,6 +1144,40 @@ "jsonType.label" : "boolean" } } ] + }, { + "id" : "a0903c58-100b-4590-bbfe-bab669c41506", + "name" : "basic", + "description" : "OpenID Connect scope for add all basic claims to the token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "4e4bf07d-73aa-4e83-bab7-09fb99566146", + "name" : "auth_time", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usersessionmodel-note-mapper", + "consentRequired" : false, + "config" : { + "user.session.note" : "AUTH_TIME", + "id.token.claim" : "true", + "introspection.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "auth_time", + "jsonType.label" : "long" + } + }, { + "id" : "1305bf2a-6e16-4167-8931-5564bb36dbb0", + "name" : "sub", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-sub-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "access.token.claim" : "true" + } + } ] }, { "id" : "80e6b37c-20be-41cf-adb2-58c2a4d149f5", "name" : "roles", @@ -1151,8 +1185,8 @@ "protocol" : "openid-connect", "attributes" : { "include.in.token.scope" : "false", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${rolesScopeConsentText}" + "consent.screen.text" : "${rolesScopeConsentText}", + "display.on.consent.screen" : "true" }, "protocolMappers" : [ { "id" : "072bac0e-fa12-476a-ba4f-4478bf19957e", @@ -1171,12 +1205,12 @@ "protocolMapper" : "oidc-usermodel-realm-role-mapper", "consentRequired" : false, "config" : { - "introspection.token.claim" : "true", - "multivalued" : "true", "user.attribute" : "foo", + "introspection.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "realm_access.roles", - "jsonType.label" : "String" + "jsonType.label" : "String", + "multivalued" : "true" } }, { "id" : "306dfffc-fcc7-4754-94a0-930fc17528f3", @@ -1185,12 +1219,12 @@ "protocolMapper" : "oidc-usermodel-client-role-mapper", "consentRequired" : false, "config" : { - "introspection.token.claim" : "true", - "multivalued" : "true", "user.attribute" : "foo", + "introspection.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "resource_access.${client_id}.roles", - "jsonType.label" : "String" + "jsonType.label" : "String", + "multivalued" : "true" } } ] }, { @@ -1200,8 +1234,8 @@ "protocol" : "openid-connect", "attributes" : { "include.in.token.scope" : "false", - "display.on.consent.screen" : "false", - "consent.screen.text" : "" + "consent.screen.text" : "", + "display.on.consent.screen" : "false" }, "protocolMappers" : [ { "id" : "362f8c1a-3420-47e0-a180-6374fb231306", @@ -1262,8 +1296,8 @@ "protocol" : "openid-connect", "attributes" : { "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${emailScopeConsentText}" + "consent.screen.text" : "${emailScopeConsentText}", + "display.on.consent.screen" : "true" }, "protocolMappers" : [ { "id" : "c640dbe7-b58a-430d-84da-8460a8229fdb", @@ -1297,7 +1331,7 @@ } } ] } ], - "defaultDefaultClientScopes" : [ "role_list", "profile", "email", "roles", "web-origins", "acr" ], + "defaultDefaultClientScopes" : [ "role_list", "profile", "email", "roles", "web-origins", "acr", "basic" ], "defaultOptionalClientScopes" : [ "offline_access", "address", "phone", "microprofile-jwt" ], "browserSecurityHeaders" : { "contentSecurityPolicyReportOnly" : "", @@ -1332,7 +1366,7 @@ "subType" : "anonymous", "subComponents" : { }, "config" : { - "allowed-protocol-mapper-types" : [ "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-full-name-mapper", "oidc-address-mapper", "saml-role-list-mapper", "saml-user-attribute-mapper", "saml-user-property-mapper", "oidc-sha256-pairwise-sub-mapper" ] + "allowed-protocol-mapper-types" : [ "saml-role-list-mapper", "oidc-full-name-mapper", "oidc-address-mapper", "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", "saml-user-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-property-mapper" ] } }, { "id" : "a95cc0db-8432-4f54-8692-7060275bc1bb", @@ -1341,7 +1375,7 @@ "subType" : "authenticated", "subComponents" : { }, "config" : { - "allowed-protocol-mapper-types" : [ "oidc-usermodel-property-mapper", "saml-role-list-mapper", "saml-user-property-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-address-mapper", "oidc-usermodel-attribute-mapper", "oidc-full-name-mapper", "saml-user-attribute-mapper" ] + "allowed-protocol-mapper-types" : [ "oidc-usermodel-attribute-mapper", "oidc-full-name-mapper", "saml-role-list-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-attribute-mapper", "saml-user-property-mapper", "oidc-usermodel-property-mapper", "oidc-address-mapper" ] } }, { "id" : "9f86543e-5ee6-4e74-93d4-27d83ba95a26", @@ -2009,8 +2043,9 @@ "cibaInterval" : "5", "realmReusableOtpCode" : "false" }, - "keycloakVersion" : "24.0.3", + "keycloakVersion" : "25.0.6", "userManagedAccessAllowed" : false, + "organizationsEnabled" : false, "clientProfiles" : { "profiles" : [ ] }, @@ -2503,7 +2538,7 @@ "authenticationFlowBindingOverrides" : { }, "fullScopeAllowed" : false, "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "basic", "email" ], "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { "id" : "824ca530-9bcd-4ad8-a98f-4b94ee2e5fc3", @@ -2542,7 +2577,7 @@ "consentRequired" : false, "config" : { } } ], - "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "basic", "email" ], "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { "id" : "1941a726-b59c-4966-9a7b-de98b0708d33", @@ -2570,7 +2605,7 @@ "authenticationFlowBindingOverrides" : { }, "fullScopeAllowed" : false, "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "basic", "email" ], "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { "id" : "80df32fb-cd11-41f0-a507-958671ab1600", @@ -2673,7 +2708,7 @@ "jsonType.label" : "String" } } ], - "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "basic", "email" ], "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { "id" : "f729f49c-d44f-477c-b0d1-4b0ac4787826", @@ -2710,7 +2745,7 @@ "authenticationFlowBindingOverrides" : { }, "fullScopeAllowed" : true, "nodeReRegistrationTimeout" : -1, - "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "basic", "email" ], "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] } ], "clientScopes" : [ { @@ -2729,8 +2764,8 @@ "protocol" : "openid-connect", "attributes" : { "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${emailScopeConsentText}" + "consent.screen.text" : "${emailScopeConsentText}", + "display.on.consent.screen" : "true" }, "protocolMappers" : [ { "id" : "d1133033-54a6-4a94-987e-f4fbb1e05b44", @@ -2770,8 +2805,8 @@ "protocol" : "openid-connect", "attributes" : { "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${phoneScopeConsentText}" + "consent.screen.text" : "${phoneScopeConsentText}", + "display.on.consent.screen" : "true" }, "protocolMappers" : [ { "id" : "a50ad63d-ceea-4056-bac6-925eade03a06", @@ -2832,8 +2867,8 @@ "protocol" : "openid-connect", "attributes" : { "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${addressScopeConsentText}" + "consent.screen.text" : "${addressScopeConsentText}", + "display.on.consent.screen" : "true" }, "protocolMappers" : [ { "id" : "00186941-28c8-41b7-8bc5-f64300ae228c", @@ -2902,8 +2937,8 @@ "protocol" : "openid-connect", "attributes" : { "include.in.token.scope" : "false", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${rolesScopeConsentText}" + "consent.screen.text" : "${rolesScopeConsentText}", + "display.on.consent.screen" : "true" }, "protocolMappers" : [ { "id" : "cdae0447-e4a1-42a2-97b2-6f67da476fac", @@ -2912,12 +2947,12 @@ "protocolMapper" : "oidc-usermodel-client-role-mapper", "consentRequired" : false, "config" : { - "introspection.token.claim" : "true", - "multivalued" : "true", "user.attribute" : "foo", + "introspection.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "resource_access.${client_id}.roles", - "jsonType.label" : "String" + "jsonType.label" : "String", + "multivalued" : "true" } }, { "id" : "e790865f-8c74-474c-83bc-93e534b9301a", @@ -2936,12 +2971,12 @@ "protocolMapper" : "oidc-usermodel-realm-role-mapper", "consentRequired" : false, "config" : { - "introspection.token.claim" : "true", - "multivalued" : "true", "user.attribute" : "foo", + "introspection.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "realm_access.roles", - "jsonType.label" : "String" + "jsonType.label" : "String", + "multivalued" : "true" } } ] }, { @@ -2951,8 +2986,8 @@ "protocol" : "openid-connect", "attributes" : { "include.in.token.scope" : "false", - "display.on.consent.screen" : "false", - "consent.screen.text" : "" + "consent.screen.text" : "", + "display.on.consent.screen" : "false" }, "protocolMappers" : [ { "id" : "0b69722f-6628-494e-81f2-00c543fb6baf", @@ -2994,8 +3029,8 @@ "protocol" : "openid-connect", "attributes" : { "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${profileScopeConsentText}" + "consent.screen.text" : "${profileScopeConsentText}", + "display.on.consent.screen" : "true" }, "protocolMappers" : [ { "id" : "0f8e0608-b9f3-4cb8-81ca-a85ab27a57fa", @@ -3205,8 +3240,42 @@ "jsonType.label" : "String" } } ] + }, { + "id" : "dc2adc71-255c-40d1-980a-cb47515716ab", + "name" : "basic", + "description" : "OpenID Connect scope for add all basic claims to the token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "4bbb2bc4-61c9-42df-95f6-0318e36167e2", + "name" : "sub", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-sub-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "access.token.claim" : "true" + } + }, { + "id" : "75dc51a3-e0ff-41f0-8d7d-5d2dda7f245e", + "name" : "auth_time", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usersessionmodel-note-mapper", + "consentRequired" : false, + "config" : { + "user.session.note" : "AUTH_TIME", + "id.token.claim" : "true", + "introspection.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "auth_time", + "jsonType.label" : "long" + } + } ] } ], - "defaultDefaultClientScopes" : [ "role_list", "profile", "email", "roles", "web-origins", "acr" ], + "defaultDefaultClientScopes" : [ "role_list", "profile", "email", "roles", "web-origins", "acr", "basic" ], "defaultOptionalClientScopes" : [ "offline_access", "address", "phone", "microprofile-jwt" ], "browserSecurityHeaders" : { "contentSecurityPolicyReportOnly" : "", @@ -3260,7 +3329,7 @@ "subType" : "authenticated", "subComponents" : { }, "config" : { - "allowed-protocol-mapper-types" : [ "saml-user-attribute-mapper", "saml-user-property-mapper", "oidc-address-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper", "saml-role-list-mapper", "oidc-full-name-mapper" ] + "allowed-protocol-mapper-types" : [ "oidc-full-name-mapper", "saml-role-list-mapper", "saml-user-property-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-property-mapper", "oidc-address-mapper", "saml-user-attribute-mapper", "oidc-usermodel-attribute-mapper" ] } }, { "id" : "40b4741c-881c-4e25-a993-c63639d7ab69", @@ -3287,7 +3356,7 @@ "subType" : "anonymous", "subComponents" : { }, "config" : { - "allowed-protocol-mapper-types" : [ "saml-user-property-mapper", "oidc-address-mapper", "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", "saml-user-attribute-mapper", "oidc-full-name-mapper", "saml-role-list-mapper", "oidc-sha256-pairwise-sub-mapper" ] + "allowed-protocol-mapper-types" : [ "oidc-sha256-pairwise-sub-mapper", "saml-user-property-mapper", "oidc-address-mapper", "oidc-full-name-mapper", "saml-user-attribute-mapper", "saml-role-list-mapper", "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper" ] } }, { "id" : "8b8cf966-8bb5-4f30-a22a-cbc74c835df8", @@ -3910,8 +3979,9 @@ "cibaInterval" : "5", "realmReusableOtpCode" : "false" }, - "keycloakVersion" : "24.0.3", + "keycloakVersion" : "25.0.6", "userManagedAccessAllowed" : false, + "organizationsEnabled" : false, "clientProfiles" : { "profiles" : [ ] },