From b782c3faa763569f059b7e2189bd34b029f8258e Mon Sep 17 00:00:00 2001 From: burnettk Date: Fri, 3 Feb 2023 13:02:50 -0500 Subject: [PATCH] remove service accounts, formalize j, add madhurya --- .../keycloak/bin/export_keycloak_realms | 3 + .../realm_exports/spiffworkflow-realm.json | 106 ++++++++---------- .../keycloak/test_user_lists/sartography | 2 + 3 files changed, 50 insertions(+), 61 deletions(-) diff --git a/spiffworkflow-backend/keycloak/bin/export_keycloak_realms b/spiffworkflow-backend/keycloak/bin/export_keycloak_realms index f205d0d7d..7e55ae6fd 100755 --- a/spiffworkflow-backend/keycloak/bin/export_keycloak_realms +++ b/spiffworkflow-backend/keycloak/bin/export_keycloak_realms @@ -21,6 +21,9 @@ docker exec keycloak /opt/keycloak/bin/kc.sh export --dir "${docker_container_pa docker cp "keycloak:${docker_container_path}" "$local_tmp_dir" for realm in $realms ; do + if ! grep -Eq '\-realm$' <<< "$realm"; then + realm="${realm}-realm" + fi cp "${local_tmp_dir}/hey/${realm}.json" "${script_dir}/../realm_exports/" done diff --git a/spiffworkflow-backend/keycloak/realm_exports/spiffworkflow-realm.json b/spiffworkflow-backend/keycloak/realm_exports/spiffworkflow-realm.json index 634caef71..c81e57ad6 100644 --- a/spiffworkflow-backend/keycloak/realm_exports/spiffworkflow-realm.json +++ b/spiffworkflow-backend/keycloak/realm_exports/spiffworkflow-realm.json @@ -903,7 +903,7 @@ "emailVerified" : false, "firstName" : "", "lastName" : "", - "email" : "j@status.im", + "email" : "j@sartography.com", "credentials" : [ { "id" : "e71ec785-9133-4b7d-8015-1978379af0bb", "type" : "password", @@ -1163,6 +1163,26 @@ "realmRoles" : [ "default-roles-spiffworkflow" ], "notBefore" : 0, "groups" : [ ] + }, { + "id" : "99ce8a54-2941-4767-8ddf-52320b3708bd", + "createdTimestamp" : 1675447085191, + "username" : "madhurya", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "email" : "madhurya@sartography.com", + "credentials" : [ { + "id" : "4fa2bf1f-188e-42e3-9633-01d436864206", + "type" : "password", + "createdDate" : 1675447085252, + "secretData" : "{\"value\":\"6ZApQ7kx4YDc5ojW9eyFiSKMz5l3/Zl5PIScHEW1gtP3lrnnWqWgwcP+8cWkKdm3im+XrZwDQHjuGjGN5Rbjyw==\",\"salt\":\"HT3fCh245v8etRFIprXsyw==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-spiffworkflow" ], + "notBefore" : 0, + "groups" : [ ] }, { "id" : "6f5bfa09-7494-4a2f-b871-cf327048cac7", "createdTimestamp" : 1665517010600, @@ -1405,42 +1425,6 @@ "realmRoles" : [ "default-roles-spiffworkflow" ], "notBefore" : 0, "groups" : [ ] - }, { - "id" : "487d3a85-89dd-4839-957a-c3f6d70551f6", - "createdTimestamp" : 1657115173081, - "username" : "service-account-spiffworkflow-backend", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "email" : "service-account@status.im", - "serviceAccountClientId" : "spiffworkflow-backend", - "credentials" : [ ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "realmRoles" : [ "default-roles-spiffworkflow" ], - "clientRoles" : { - "spiffworkflow-backend" : [ "uma_protection" ] - }, - "notBefore" : 0, - "groups" : [ ] - }, { - "id" : "22de68b1-4b06-4bc2-8da6-0c577e7e62ad", - "createdTimestamp" : 1657055472800, - "username" : "service-account-withauth", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "email" : "service-account-withauth@status.im", - "serviceAccountClientId" : "withAuth", - "credentials" : [ ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "realmRoles" : [ "default-roles-spiffworkflow" ], - "clientRoles" : { - "withAuth" : [ "uma_protection" ] - }, - "notBefore" : 0, - "groups" : [ ] }, { "id" : "3d45bb85-0a2d-4b15-8a19-d26a5619d359", "createdTimestamp" : 1674148694810, @@ -2674,7 +2658,7 @@ "subType" : "authenticated", "subComponents" : { }, "config" : { - "allowed-protocol-mapper-types" : [ "oidc-address-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-role-list-mapper", "oidc-usermodel-attribute-mapper", "saml-user-property-mapper", "saml-user-attribute-mapper", "oidc-usermodel-property-mapper", "oidc-full-name-mapper" ] + "allowed-protocol-mapper-types" : [ "oidc-usermodel-property-mapper", "saml-role-list-mapper", "saml-user-attribute-mapper", "oidc-address-mapper", "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-full-name-mapper" ] } }, { "id" : "d68e938d-dde6-47d9-bdc8-8e8523eb08cd", @@ -2692,7 +2676,7 @@ "subType" : "anonymous", "subComponents" : { }, "config" : { - "allowed-protocol-mapper-types" : [ "saml-role-list-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-attribute-mapper", "saml-user-attribute-mapper", "oidc-full-name-mapper", "saml-user-property-mapper", "oidc-address-mapper", "oidc-usermodel-property-mapper" ] + "allowed-protocol-mapper-types" : [ "saml-role-list-mapper", "saml-user-property-mapper", "oidc-usermodel-property-mapper", "oidc-full-name-mapper", "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-address-mapper", "saml-user-attribute-mapper" ] } }, { "id" : "3854361d-3fe5-47fb-9417-a99592e3dc5c", @@ -2782,7 +2766,7 @@ "internationalizationEnabled" : false, "supportedLocales" : [ ], "authenticationFlows" : [ { - "id" : "feafc299-fede-4880-9e23-eb81aca22808", + "id" : "8facbab5-bca2-42c6-8608-ed94dacefe92", "alias" : "Account verification options", "description" : "Method with which to verity the existing account", "providerId" : "basic-flow", @@ -2804,7 +2788,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "ce7904d0-9182-49a2-aa71-a7b43e21f3ac", + "id" : "be52bd38-2def-41e7-a021-69bae78e92b7", "alias" : "Authentication Options", "description" : "Authentication options.", "providerId" : "basic-flow", @@ -2833,7 +2817,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "d9c6909a-5cc1-4ddf-b297-dbfcf6e609a6", + "id" : "ee18f6d1-9ca3-4535-a7a0-9759f3841513", "alias" : "Browser - Conditional OTP", "description" : "Flow to determine if the OTP is required for the authentication", "providerId" : "basic-flow", @@ -2855,7 +2839,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "083a589e-a486-42b6-ae73-1ec983967ff5", + "id" : "c76481eb-7997-4231-abac-632afd97631f", "alias" : "Direct Grant - Conditional OTP", "description" : "Flow to determine if the OTP is required for the authentication", "providerId" : "basic-flow", @@ -2877,7 +2861,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "7f0248b0-2d51-4175-9fd2-52b606a39e26", + "id" : "14fe94d2-f3ef-4349-9cbe-79921c013108", "alias" : "First broker login - Conditional OTP", "description" : "Flow to determine if the OTP is required for the authentication", "providerId" : "basic-flow", @@ -2899,7 +2883,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "44465f1f-c700-4ec0-a234-d95c994c9e25", + "id" : "533c45e3-10d9-480b-9c9b-c2f746fb6f66", "alias" : "Handle Existing Account", "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", "providerId" : "basic-flow", @@ -2921,7 +2905,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "8cf09055-5b98-4fc8-b867-3dffacdec21b", + "id" : "1161d043-26ba-420c-baed-b220bcef40f1", "alias" : "Reset - Conditional OTP", "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", "providerId" : "basic-flow", @@ -2943,7 +2927,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "16b50b3e-4240-4f49-a85e-1bfd40def300", + "id" : "cbba8afb-920f-4ae0-85f3-6bc520485dc2", "alias" : "User creation or linking", "description" : "Flow for the existing/non-existing user alternatives", "providerId" : "basic-flow", @@ -2966,7 +2950,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "2aa981ae-d67e-49fb-95a4-91de1e5ab724", + "id" : "7b349cd1-fb1c-4d04-b5b5-885352277562", "alias" : "Verify Existing Account by Re-authentication", "description" : "Reauthentication of existing account", "providerId" : "basic-flow", @@ -2988,7 +2972,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "cf8406f7-09c3-4614-a898-99c9d66746f6", + "id" : "de10b07d-98b5-483c-b193-b1b93229478f", "alias" : "browser", "description" : "browser based authentication", "providerId" : "basic-flow", @@ -3024,7 +3008,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "e1ec7d6e-7612-4c5b-afce-c7f4fddbf6ec", + "id" : "4504d37b-3a2d-4cc9-b300-29482d86c72e", "alias" : "clients", "description" : "Base authentication for clients", "providerId" : "client-flow", @@ -3060,7 +3044,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "f5862b09-6e01-4c88-b44e-26dc59d71b80", + "id" : "9d86bdff-ba8e-433a-8536-a49c0af5faf2", "alias" : "direct grant", "description" : "OpenID Connect Resource Owner Grant", "providerId" : "basic-flow", @@ -3089,7 +3073,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "7caa8611-8b13-437e-83b2-556899b5444f", + "id" : "546d31fc-a885-46eb-94bd-171d04f16a7c", "alias" : "docker auth", "description" : "Used by Docker clients to authenticate against the IDP", "providerId" : "basic-flow", @@ -3104,7 +3088,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "91d40deb-344f-4e0b-a845-98b2fc4a633a", + "id" : "70e5d629-4338-4aec-8671-fc7cf4c450b1", "alias" : "first broker login", "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", "providerId" : "basic-flow", @@ -3127,7 +3111,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "f221b5e6-1bcc-4b37-ba61-4d3bc6a30a8b", + "id" : "7213dc19-6e0b-4241-bef6-2409346a2745", "alias" : "forms", "description" : "Username, password, otp and other auth forms.", "providerId" : "basic-flow", @@ -3149,7 +3133,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "3ed8e597-19af-4ec8-b532-a97311f52de3", + "id" : "f91a8499-8cf5-408c-b85d-40e85a3f6ee3", "alias" : "http challenge", "description" : "An authentication flow based on challenge-response HTTP Authentication Schemes", "providerId" : "basic-flow", @@ -3171,7 +3155,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "3970fd16-3786-4eb3-9efe-453d0984b18b", + "id" : "9ec3751c-619e-4edc-a14f-4ac9c60b056f", "alias" : "registration", "description" : "registration flow", "providerId" : "basic-flow", @@ -3187,7 +3171,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "e26b27b4-c957-491c-bb6d-9d226b22399c", + "id" : "8048e711-8e77-4b85-8b26-243948a7c2f4", "alias" : "registration form", "description" : "registration form", "providerId" : "form-flow", @@ -3223,7 +3207,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "3ae37429-a623-42e3-a4a1-f9586b96b730", + "id" : "5a08de49-dd24-4e53-a656-9fac52fc6d2b", "alias" : "reset credentials", "description" : "Reset credentials for a user if they forgot their password or something", "providerId" : "basic-flow", @@ -3259,7 +3243,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "7606ecd5-eb13-4aee-bd9f-3ec4ce77c59c", + "id" : "42bc970f-3ee5-429c-a543-e8078808d371", "alias" : "saml ecp", "description" : "SAML ECP Profile Authentication Flow", "providerId" : "basic-flow", @@ -3275,13 +3259,13 @@ } ] } ], "authenticatorConfig" : [ { - "id" : "058b3c89-4ea4-43fa-b337-e523b1d93ec3", + "id" : "23f4f930-3290-4a63-ac96-f7ddc04fbce2", "alias" : "create unique user config", "config" : { "require.password.update.after.registration" : "false" } }, { - "id" : "21410ac7-4b82-4f19-aae2-43ac33ba3f8f", + "id" : "4cfa7fa4-1a9b-4464-9510-460208e345eb", "alias" : "review profile config", "config" : { "update.profile.on.first.login" : "missing" diff --git a/spiffworkflow-backend/keycloak/test_user_lists/sartography b/spiffworkflow-backend/keycloak/test_user_lists/sartography index b6f685b8f..1b7166bb1 100644 --- a/spiffworkflow-backend/keycloak/test_user_lists/sartography +++ b/spiffworkflow-backend/keycloak/test_user_lists/sartography @@ -3,9 +3,11 @@ alex@sartography.com dan@sartography.com daniel@sartography.com elizabeth@sartography.com +j@sartography.com jason@sartography.com jon@sartography.com kb@sartography.com +kevin@sartography.com madhurya@sartography.com mike@sartography.com natalia@sartography.com