remove service accounts, formalize j, add madhurya

spiffworkflow-backend/keycloak/bin/export_keycloak_realms

@@ -21,6 +21,9 @@ docker exec keycloak /opt/keycloak/bin/kc.sh export --dir "${docker_container_pa
 docker cp "keycloak:${docker_container_path}" "$local_tmp_dir"
 
 for realm in $realms ; do
+  if ! grep -Eq '\-realm$' <<< "$realm"; then
+    realm="${realm}-realm"
+  fi
   cp "${local_tmp_dir}/hey/${realm}.json" "${script_dir}/../realm_exports/"
 done
 

spiffworkflow-backend/keycloak/realm_exports/spiffworkflow-realm.json

@@ -903,7 +903,7 @@
     "emailVerified" : false,
     "firstName" : "",
     "lastName" : "",
-    "email" : "j@status.im",
+    "email" : "j@sartography.com",
     "credentials" : [ {
       "id" : "e71ec785-9133-4b7d-8015-1978379af0bb",
       "type" : "password",
@@ -1163,6 +1163,26 @@
     "realmRoles" : [ "default-roles-spiffworkflow" ],
     "notBefore" : 0,
     "groups" : [ ]
+  }, {
+    "id" : "99ce8a54-2941-4767-8ddf-52320b3708bd",
+    "createdTimestamp" : 1675447085191,
+    "username" : "madhurya",
+    "enabled" : true,
+    "totp" : false,
+    "emailVerified" : false,
+    "email" : "madhurya@sartography.com",
+    "credentials" : [ {
+      "id" : "4fa2bf1f-188e-42e3-9633-01d436864206",
+      "type" : "password",
+      "createdDate" : 1675447085252,
+      "secretData" : "{\"value\":\"6ZApQ7kx4YDc5ojW9eyFiSKMz5l3/Zl5PIScHEW1gtP3lrnnWqWgwcP+8cWkKdm3im+XrZwDQHjuGjGN5Rbjyw==\",\"salt\":\"HT3fCh245v8etRFIprXsyw==\",\"additionalParameters\":{}}",
+      "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
+    } ],
+    "disableableCredentialTypes" : [ ],
+    "requiredActions" : [ ],
+    "realmRoles" : [ "default-roles-spiffworkflow" ],
+    "notBefore" : 0,
+    "groups" : [ ]
   }, {
     "id" : "6f5bfa09-7494-4a2f-b871-cf327048cac7",
     "createdTimestamp" : 1665517010600,
@@ -1405,42 +1425,6 @@
     "realmRoles" : [ "default-roles-spiffworkflow" ],
     "notBefore" : 0,
     "groups" : [ ]
-  }, {
-    "id" : "487d3a85-89dd-4839-957a-c3f6d70551f6",
-    "createdTimestamp" : 1657115173081,
-    "username" : "service-account-spiffworkflow-backend",
-    "enabled" : true,
-    "totp" : false,
-    "emailVerified" : false,
-    "email" : "service-account@status.im",
-    "serviceAccountClientId" : "spiffworkflow-backend",
-    "credentials" : [ ],
-    "disableableCredentialTypes" : [ ],
-    "requiredActions" : [ ],
-    "realmRoles" : [ "default-roles-spiffworkflow" ],
-    "clientRoles" : {
-      "spiffworkflow-backend" : [ "uma_protection" ]
-    },
-    "notBefore" : 0,
-    "groups" : [ ]
-  }, {
-    "id" : "22de68b1-4b06-4bc2-8da6-0c577e7e62ad",
-    "createdTimestamp" : 1657055472800,
-    "username" : "service-account-withauth",
-    "enabled" : true,
-    "totp" : false,
-    "emailVerified" : false,
-    "email" : "service-account-withauth@status.im",
-    "serviceAccountClientId" : "withAuth",
-    "credentials" : [ ],
-    "disableableCredentialTypes" : [ ],
-    "requiredActions" : [ ],
-    "realmRoles" : [ "default-roles-spiffworkflow" ],
-    "clientRoles" : {
-      "withAuth" : [ "uma_protection" ]
-    },
-    "notBefore" : 0,
-    "groups" : [ ]
   }, {
     "id" : "3d45bb85-0a2d-4b15-8a19-d26a5619d359",
     "createdTimestamp" : 1674148694810,
@@ -2674,7 +2658,7 @@
       "subType" : "authenticated",
       "subComponents" : { },
       "config" : {
-        "allowed-protocol-mapper-types" : [ "oidc-address-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-role-list-mapper", "oidc-usermodel-attribute-mapper", "saml-user-property-mapper", "saml-user-attribute-mapper", "oidc-usermodel-property-mapper", "oidc-full-name-mapper" ]
+        "allowed-protocol-mapper-types" : [ "oidc-usermodel-property-mapper", "saml-role-list-mapper", "saml-user-attribute-mapper", "oidc-address-mapper", "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-full-name-mapper" ]
       }
     }, {
       "id" : "d68e938d-dde6-47d9-bdc8-8e8523eb08cd",
@@ -2692,7 +2676,7 @@
       "subType" : "anonymous",
       "subComponents" : { },
       "config" : {
-        "allowed-protocol-mapper-types" : [ "saml-role-list-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-attribute-mapper", "saml-user-attribute-mapper", "oidc-full-name-mapper", "saml-user-property-mapper", "oidc-address-mapper", "oidc-usermodel-property-mapper" ]
+        "allowed-protocol-mapper-types" : [ "saml-role-list-mapper", "saml-user-property-mapper", "oidc-usermodel-property-mapper", "oidc-full-name-mapper", "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-address-mapper", "saml-user-attribute-mapper" ]
       }
     }, {
       "id" : "3854361d-3fe5-47fb-9417-a99592e3dc5c",
@@ -2782,7 +2766,7 @@
   "internationalizationEnabled" : false,
   "supportedLocales" : [ ],
   "authenticationFlows" : [ {
-    "id" : "feafc299-fede-4880-9e23-eb81aca22808",
+    "id" : "8facbab5-bca2-42c6-8608-ed94dacefe92",
     "alias" : "Account verification options",
     "description" : "Method with which to verity the existing account",
     "providerId" : "basic-flow",
@@ -2804,7 +2788,7 @@
       "userSetupAllowed" : false
     } ]
   }, {
-    "id" : "ce7904d0-9182-49a2-aa71-a7b43e21f3ac",
+    "id" : "be52bd38-2def-41e7-a021-69bae78e92b7",
     "alias" : "Authentication Options",
     "description" : "Authentication options.",
     "providerId" : "basic-flow",
@@ -2833,7 +2817,7 @@
       "userSetupAllowed" : false
     } ]
   }, {
-    "id" : "d9c6909a-5cc1-4ddf-b297-dbfcf6e609a6",
+    "id" : "ee18f6d1-9ca3-4535-a7a0-9759f3841513",
     "alias" : "Browser - Conditional OTP",
     "description" : "Flow to determine if the OTP is required for the authentication",
     "providerId" : "basic-flow",
@@ -2855,7 +2839,7 @@
       "userSetupAllowed" : false
     } ]
   }, {
-    "id" : "083a589e-a486-42b6-ae73-1ec983967ff5",
+    "id" : "c76481eb-7997-4231-abac-632afd97631f",
     "alias" : "Direct Grant - Conditional OTP",
     "description" : "Flow to determine if the OTP is required for the authentication",
     "providerId" : "basic-flow",
@@ -2877,7 +2861,7 @@
       "userSetupAllowed" : false
     } ]
   }, {
-    "id" : "7f0248b0-2d51-4175-9fd2-52b606a39e26",
+    "id" : "14fe94d2-f3ef-4349-9cbe-79921c013108",
     "alias" : "First broker login - Conditional OTP",
     "description" : "Flow to determine if the OTP is required for the authentication",
     "providerId" : "basic-flow",
@@ -2899,7 +2883,7 @@
       "userSetupAllowed" : false
     } ]
   }, {
-    "id" : "44465f1f-c700-4ec0-a234-d95c994c9e25",
+    "id" : "533c45e3-10d9-480b-9c9b-c2f746fb6f66",
     "alias" : "Handle Existing Account",
     "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider",
     "providerId" : "basic-flow",
@@ -2921,7 +2905,7 @@
       "userSetupAllowed" : false
     } ]
   }, {
-    "id" : "8cf09055-5b98-4fc8-b867-3dffacdec21b",
+    "id" : "1161d043-26ba-420c-baed-b220bcef40f1",
     "alias" : "Reset - Conditional OTP",
     "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.",
     "providerId" : "basic-flow",
@@ -2943,7 +2927,7 @@
       "userSetupAllowed" : false
     } ]
   }, {
-    "id" : "16b50b3e-4240-4f49-a85e-1bfd40def300",
+    "id" : "cbba8afb-920f-4ae0-85f3-6bc520485dc2",
     "alias" : "User creation or linking",
     "description" : "Flow for the existing/non-existing user alternatives",
     "providerId" : "basic-flow",
@@ -2966,7 +2950,7 @@
       "userSetupAllowed" : false
     } ]
   }, {
-    "id" : "2aa981ae-d67e-49fb-95a4-91de1e5ab724",
+    "id" : "7b349cd1-fb1c-4d04-b5b5-885352277562",
     "alias" : "Verify Existing Account by Re-authentication",
     "description" : "Reauthentication of existing account",
     "providerId" : "basic-flow",
@@ -2988,7 +2972,7 @@
       "userSetupAllowed" : false
     } ]
   }, {
-    "id" : "cf8406f7-09c3-4614-a898-99c9d66746f6",
+    "id" : "de10b07d-98b5-483c-b193-b1b93229478f",
     "alias" : "browser",
     "description" : "browser based authentication",
     "providerId" : "basic-flow",
@@ -3024,7 +3008,7 @@
       "userSetupAllowed" : false
     } ]
   }, {
-    "id" : "e1ec7d6e-7612-4c5b-afce-c7f4fddbf6ec",
+    "id" : "4504d37b-3a2d-4cc9-b300-29482d86c72e",
     "alias" : "clients",
     "description" : "Base authentication for clients",
     "providerId" : "client-flow",
@@ -3060,7 +3044,7 @@
       "userSetupAllowed" : false
     } ]
   }, {
-    "id" : "f5862b09-6e01-4c88-b44e-26dc59d71b80",
+    "id" : "9d86bdff-ba8e-433a-8536-a49c0af5faf2",
     "alias" : "direct grant",
     "description" : "OpenID Connect Resource Owner Grant",
     "providerId" : "basic-flow",
@@ -3089,7 +3073,7 @@
       "userSetupAllowed" : false
     } ]
   }, {
-    "id" : "7caa8611-8b13-437e-83b2-556899b5444f",
+    "id" : "546d31fc-a885-46eb-94bd-171d04f16a7c",
     "alias" : "docker auth",
     "description" : "Used by Docker clients to authenticate against the IDP",
     "providerId" : "basic-flow",
@@ -3104,7 +3088,7 @@
       "userSetupAllowed" : false
     } ]
   }, {
-    "id" : "91d40deb-344f-4e0b-a845-98b2fc4a633a",
+    "id" : "70e5d629-4338-4aec-8671-fc7cf4c450b1",
     "alias" : "first broker login",
     "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
     "providerId" : "basic-flow",
@@ -3127,7 +3111,7 @@
       "userSetupAllowed" : false
     } ]
   }, {
-    "id" : "f221b5e6-1bcc-4b37-ba61-4d3bc6a30a8b",
+    "id" : "7213dc19-6e0b-4241-bef6-2409346a2745",
     "alias" : "forms",
     "description" : "Username, password, otp and other auth forms.",
     "providerId" : "basic-flow",
@@ -3149,7 +3133,7 @@
       "userSetupAllowed" : false
     } ]
   }, {
-    "id" : "3ed8e597-19af-4ec8-b532-a97311f52de3",
+    "id" : "f91a8499-8cf5-408c-b85d-40e85a3f6ee3",
     "alias" : "http challenge",
     "description" : "An authentication flow based on challenge-response HTTP Authentication Schemes",
     "providerId" : "basic-flow",
@@ -3171,7 +3155,7 @@
       "userSetupAllowed" : false
     } ]
   }, {
-    "id" : "3970fd16-3786-4eb3-9efe-453d0984b18b",
+    "id" : "9ec3751c-619e-4edc-a14f-4ac9c60b056f",
     "alias" : "registration",
     "description" : "registration flow",
     "providerId" : "basic-flow",
@@ -3187,7 +3171,7 @@
       "userSetupAllowed" : false
     } ]
   }, {
-    "id" : "e26b27b4-c957-491c-bb6d-9d226b22399c",
+    "id" : "8048e711-8e77-4b85-8b26-243948a7c2f4",
     "alias" : "registration form",
     "description" : "registration form",
     "providerId" : "form-flow",
@@ -3223,7 +3207,7 @@
       "userSetupAllowed" : false
     } ]
   }, {
-    "id" : "3ae37429-a623-42e3-a4a1-f9586b96b730",
+    "id" : "5a08de49-dd24-4e53-a656-9fac52fc6d2b",
     "alias" : "reset credentials",
     "description" : "Reset credentials for a user if they forgot their password or something",
     "providerId" : "basic-flow",
@@ -3259,7 +3243,7 @@
       "userSetupAllowed" : false
     } ]
   }, {
-    "id" : "7606ecd5-eb13-4aee-bd9f-3ec4ce77c59c",
+    "id" : "42bc970f-3ee5-429c-a543-e8078808d371",
     "alias" : "saml ecp",
     "description" : "SAML ECP Profile Authentication Flow",
     "providerId" : "basic-flow",
@@ -3275,13 +3259,13 @@
     } ]
   } ],
   "authenticatorConfig" : [ {
-    "id" : "058b3c89-4ea4-43fa-b337-e523b1d93ec3",
+    "id" : "23f4f930-3290-4a63-ac96-f7ddc04fbce2",
     "alias" : "create unique user config",
     "config" : {
       "require.password.update.after.registration" : "false"
     }
   }, {
-    "id" : "21410ac7-4b82-4f19-aae2-43ac33ba3f8f",
+    "id" : "4cfa7fa4-1a9b-4464-9510-460208e345eb",
     "alias" : "review profile config",
     "config" : {
       "update.profile.on.first.login" : "missing"

spiffworkflow-backend/keycloak/test_user_lists/sartography

@@ -3,9 +3,11 @@ alex@sartography.com
 dan@sartography.com
 daniel@sartography.com
 elizabeth@sartography.com
+j@sartography.com
 jason@sartography.com
 jon@sartography.com
 kb@sartography.com
+kevin@sartography.com
 madhurya@sartography.com
 mike@sartography.com
 natalia@sartography.com