diff --git a/ANET-Realm-export.json b/ANET-Realm-export.json new file mode 100644 index 0000000000..2a83c161cb --- /dev/null +++ b/ANET-Realm-export.json @@ -0,0 +1,2032 @@ +{ + "id" : "ANET-Realm", + "realm" : "ANET-Realm", + "notBefore" : 0, + "revokeRefreshToken" : false, + "refreshTokenMaxReuse" : 0, + "accessTokenLifespan" : 300, + "accessTokenLifespanForImplicitFlow" : 900, + "ssoSessionIdleTimeout" : 1800, + "ssoSessionMaxLifespan" : 36000, + "ssoSessionIdleTimeoutRememberMe" : 0, + "ssoSessionMaxLifespanRememberMe" : 0, + "offlineSessionIdleTimeout" : 2592000, + "offlineSessionMaxLifespanEnabled" : false, + "offlineSessionMaxLifespan" : 5184000, + "clientSessionIdleTimeout" : 0, + "clientSessionMaxLifespan" : 0, + "accessCodeLifespan" : 60, + "accessCodeLifespanUserAction" : 300, + "accessCodeLifespanLogin" : 1800, + "actionTokenGeneratedByAdminLifespan" : 43200, + "actionTokenGeneratedByUserLifespan" : 300, + "enabled" : true, + "sslRequired" : "none", + "registrationAllowed" : false, + "registrationEmailAsUsername" : false, + "rememberMe" : false, + "verifyEmail" : false, + "loginWithEmailAllowed" : true, + "duplicateEmailsAllowed" : false, + "resetPasswordAllowed" : false, + "editUsernameAllowed" : false, + "bruteForceProtected" : false, + "permanentLockout" : false, + "maxFailureWaitSeconds" : 900, + "minimumQuickLoginWaitSeconds" : 60, + "waitIncrementSeconds" : 60, + "quickLoginCheckMilliSeconds" : 1000, + "maxDeltaTimeSeconds" : 43200, + "failureFactor" : 30, + "roles" : { + "realm" : [ { + "id" : "de546ad8-7d06-4ee2-845f-bd7987e52431", + "name" : "offline_access", + "description" : "${role_offline-access}", + "composite" : false, + "clientRole" : false, + "containerId" : "ANET-Realm", + "attributes" : { } + }, { + "id" : "e1c0b4e6-3c35-4b2c-b4ca-d2ac6d3dc097", + "name" : "uma_authorization", + "description" : "${role_uma_authorization}", + "composite" : false, + "clientRole" : false, + "containerId" : "ANET-Realm", + "attributes" : { } + } ], + "client" : { + "realm-management" : [ { + "id" : "6deafe55-f5fa-47a3-b340-4c14cadc243d", + "name" : "query-groups", + "description" : "${role_query-groups}", + "composite" : false, + "clientRole" : true, + "containerId" : "226c9ac9-5ec4-48d4-84f9-da87f128d516", + "attributes" : { } + }, { + "id" : "ea34cdaf-657a-44fb-b430-347364f3074a", + "name" : "manage-identity-providers", + "description" : "${role_manage-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "226c9ac9-5ec4-48d4-84f9-da87f128d516", + "attributes" : { } + }, { + "id" : "44174eab-e43f-4c30-9c24-1dd24b8f450c", + "name" : "query-clients", + "description" : "${role_query-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "226c9ac9-5ec4-48d4-84f9-da87f128d516", + "attributes" : { } + }, { + "id" : "98573a66-d101-4db7-9f75-937067e27f5a", + "name" : "view-users", + "description" : "${role_view-users}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "query-groups", "query-users" ] + } + }, + "clientRole" : true, + "containerId" : "226c9ac9-5ec4-48d4-84f9-da87f128d516", + "attributes" : { } + }, { + "id" : "f99fd846-6274-41a8-b052-c7c52eff8ac4", + "name" : "view-events", + "description" : "${role_view-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "226c9ac9-5ec4-48d4-84f9-da87f128d516", + "attributes" : { } + }, { + "id" : "adf23201-615e-4da5-ab79-bf13c004646e", + "name" : "view-identity-providers", + "description" : "${role_view-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "226c9ac9-5ec4-48d4-84f9-da87f128d516", + "attributes" : { } + }, { + "id" : "9ee41ab4-9f3d-4cef-abf0-e583eeb90e0d", + "name" : "view-clients", + "description" : "${role_view-clients}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "query-clients" ] + } + }, + "clientRole" : true, + "containerId" : "226c9ac9-5ec4-48d4-84f9-da87f128d516", + "attributes" : { } + }, { + "id" : "85390d08-80c5-4b90-bec9-9cb9daf1302f", + "name" : "manage-clients", + "description" : "${role_manage-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "226c9ac9-5ec4-48d4-84f9-da87f128d516", + "attributes" : { } + }, { + "id" : "adb958da-4da2-46d7-b6e0-665ffaf6aa97", + "name" : "impersonation", + "description" : "${role_impersonation}", + "composite" : false, + "clientRole" : true, + "containerId" : "226c9ac9-5ec4-48d4-84f9-da87f128d516", + "attributes" : { } + }, { + "id" : "a4e4819f-b7f4-468e-91c3-c6676f1ebc10", + "name" : "realm-admin", + "description" : "${role_realm-admin}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "query-groups", "manage-identity-providers", "query-clients", "view-users", "view-events", "view-identity-providers", "view-clients", "manage-clients", "impersonation", "manage-realm", "manage-authorization", "manage-events", "view-authorization", "view-realm", "create-client", "query-users", "manage-users", "query-realms" ] + } + }, + "clientRole" : true, + "containerId" : "226c9ac9-5ec4-48d4-84f9-da87f128d516", + "attributes" : { } + }, { + "id" : "de787200-cb3c-4c0a-af81-8c627f23a886", + "name" : "manage-realm", + "description" : "${role_manage-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "226c9ac9-5ec4-48d4-84f9-da87f128d516", + "attributes" : { } + }, { + "id" : "667eeba3-180b-4ed1-b8d6-9b8b3cb29334", + "name" : "manage-events", + "description" : "${role_manage-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "226c9ac9-5ec4-48d4-84f9-da87f128d516", + "attributes" : { } + }, { + "id" : "2d1aaa7d-f6cb-47a7-a703-fd75ea4c1dc2", + "name" : "manage-authorization", + "description" : "${role_manage-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "226c9ac9-5ec4-48d4-84f9-da87f128d516", + "attributes" : { } + }, { + "id" : "34cdbba9-572d-4978-95c8-6489db5a7399", + "name" : "view-realm", + "description" : "${role_view-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "226c9ac9-5ec4-48d4-84f9-da87f128d516", + "attributes" : { } + }, { + "id" : "24db8129-295a-4197-8cd0-7365b268909b", + "name" : "view-authorization", + "description" : "${role_view-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "226c9ac9-5ec4-48d4-84f9-da87f128d516", + "attributes" : { } + }, { + "id" : "f9044aff-7e9f-454b-af74-25bcd2d24394", + "name" : "create-client", + "description" : "${role_create-client}", + "composite" : false, + "clientRole" : true, + "containerId" : "226c9ac9-5ec4-48d4-84f9-da87f128d516", + "attributes" : { } + }, { + "id" : "f9c88e73-2ae6-406a-a246-4e52d2098b8e", + "name" : "query-users", + "description" : "${role_query-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "226c9ac9-5ec4-48d4-84f9-da87f128d516", + "attributes" : { } + }, { + "id" : "9ebfa5d7-030e-49f1-8a29-339abd28f90b", + "name" : "manage-users", + "description" : "${role_manage-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "226c9ac9-5ec4-48d4-84f9-da87f128d516", + "attributes" : { } + }, { + "id" : "ed5b3672-9f28-45db-8bb1-bee8c2931517", + "name" : "query-realms", + "description" : "${role_query-realms}", + "composite" : false, + "clientRole" : true, + "containerId" : "226c9ac9-5ec4-48d4-84f9-da87f128d516", + "attributes" : { } + } ], + "security-admin-console" : [ ], + "admin-cli" : [ ], + "ANET-Client" : [ ], + "account-console" : [ ], + "broker" : [ { + "id" : "539edaa7-15e3-40e8-8c91-ba363753ad6a", + "name" : "read-token", + "description" : "${role_read-token}", + "composite" : false, + "clientRole" : true, + "containerId" : "310f7bc8-7d61-428e-bf9c-495df5eda23e", + "attributes" : { } + } ], + "account" : [ { + "id" : "92dd3c29-c962-4fe2-9c10-df74bfff1337", + "name" : "manage-account-links", + "description" : "${role_manage-account-links}", + "composite" : false, + "clientRole" : true, + "containerId" : "adabd92d-54bb-48da-8c8d-2be627aabf0f", + "attributes" : { } + }, { + "id" : "add21af4-028f-4023-ac02-61433ba324b5", + "name" : "view-profile", + "description" : "${role_view-profile}", + "composite" : false, + "clientRole" : true, + "containerId" : "adabd92d-54bb-48da-8c8d-2be627aabf0f", + "attributes" : { } + }, { + "id" : "8c679ea0-a001-4cae-9340-d69bb748d51c", + "name" : "view-consent", + "description" : "${role_view-consent}", + "composite" : false, + "clientRole" : true, + "containerId" : "adabd92d-54bb-48da-8c8d-2be627aabf0f", + "attributes" : { } + }, { + "id" : "62b4fcd5-0bb7-4b51-9f3d-87a36d4a3c1d", + "name" : "manage-consent", + "description" : "${role_manage-consent}", + "composite" : true, + "composites" : { + "client" : { + "account" : [ "view-consent" ] + } + }, + "clientRole" : true, + "containerId" : "adabd92d-54bb-48da-8c8d-2be627aabf0f", + "attributes" : { } + }, { + "id" : "a1663f30-ab10-4d4d-b5f2-7600d2fba716", + "name" : "manage-account", + "description" : "${role_manage-account}", + "composite" : true, + "composites" : { + "client" : { + "account" : [ "manage-account-links" ] + } + }, + "clientRole" : true, + "containerId" : "adabd92d-54bb-48da-8c8d-2be627aabf0f", + "attributes" : { } + }, { + "id" : "bd3726ab-afe3-42b3-aa60-bbf1427851f8", + "name" : "view-applications", + "description" : "${role_view-applications}", + "composite" : false, + "clientRole" : true, + "containerId" : "adabd92d-54bb-48da-8c8d-2be627aabf0f", + "attributes" : { } + } ] + } + }, + "groups" : [ ], + "defaultRoles" : [ "offline_access", "uma_authorization" ], + "requiredCredentials" : [ "password" ], + "otpPolicyType" : "totp", + "otpPolicyAlgorithm" : "HmacSHA1", + "otpPolicyInitialCounter" : 0, + "otpPolicyDigits" : 6, + "otpPolicyLookAheadWindow" : 1, + "otpPolicyPeriod" : 30, + "otpSupportedApplications" : [ "FreeOTP", "Google Authenticator" ], + "webAuthnPolicyRpEntityName" : "keycloak", + "webAuthnPolicySignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyRpId" : "", + "webAuthnPolicyAttestationConveyancePreference" : "not specified", + "webAuthnPolicyAuthenticatorAttachment" : "not specified", + "webAuthnPolicyRequireResidentKey" : "not specified", + "webAuthnPolicyUserVerificationRequirement" : "not specified", + "webAuthnPolicyCreateTimeout" : 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyAcceptableAaguids" : [ ], + "webAuthnPolicyPasswordlessRpEntityName" : "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyPasswordlessRpId" : "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified", + "webAuthnPolicyPasswordlessCreateTimeout" : 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ], + "users" : [ { + "id" : "d09a55cf-6aa4-4bbf-8bf3-055ddcb4d27c", + "createdTimestamp" : 1589458813990, + "username" : "advisor", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "credentials" : [ { + "id" : "76726d7b-bec6-432b-9a16-eecb82512e02", + "type" : "password", + "createdDate" : 1589458821618, + "secretData" : "{\"value\":\"RnxiajnFp5JD95imJ1n0H7cSxi7Va6COLdrfMBTr+tChqTR7S7Cbd9E94rdkvAhBND5EDZkssRwiSR22oD0gxA==\",\"salt\":\"fwi+Bxcru/x9YqUccVartA==\"}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\"}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "offline_access", "uma_authorization" ], + "clientRoles" : { + "account" : [ "view-profile", "manage-account" ] + }, + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "3276c85a-bf03-4591-a74b-56d70ac8eec0", + "createdTimestamp" : 1589458832842, + "username" : "andrew", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "credentials" : [ { + "id" : "aa5ec874-0c1e-4962-b117-a01dd738cbcc", + "type" : "password", + "createdDate" : 1589458840675, + "secretData" : "{\"value\":\"545CmSOfikF8dbb2R/I+DOWrh+EQtcGyVWm74Z2g/S/2NxB8UCoHhXmX2grIx2W5r/4eaDFSlfCPLInLnzFJ2A==\",\"salt\":\"i+PRmq8twRNob8qEkzjSdw==\"}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\"}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "offline_access", "uma_authorization" ], + "clientRoles" : { + "account" : [ "view-profile", "manage-account" ] + }, + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "abc72322-1452-4222-bb71-a0b3db435175", + "createdTimestamp" : 1589458849678, + "username" : "arthur", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "credentials" : [ { + "id" : "d0468ec5-d2ea-4f3b-9a1c-1ca2a60c31fe", + "type" : "password", + "createdDate" : 1589458856240, + "secretData" : "{\"value\":\"t+oIVXWrFvdHLJlpdjOlkqgTet24XaMrwO56tLmoSFShq3jZ9NDmWTTdw7bGDMzM7rrMxBy1P4w5NuPAJwTj7w==\",\"salt\":\"e7Xw7r7h61eOR6JF+EyAJg==\"}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\"}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "offline_access", "uma_authorization" ], + "clientRoles" : { + "account" : [ "view-profile", "manage-account" ] + }, + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "505c6bd9-e2d1-4f9e-83b0-ecc9279c42c5", + "createdTimestamp" : 1589458867307, + "username" : "bob", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "credentials" : [ { + "id" : "d97c7f64-309d-4e8f-83f5-896a94148d07", + "type" : "password", + "createdDate" : 1589458873471, + "secretData" : "{\"value\":\"Q+E8bgOtCDWQCokUnEguGHAFoj2Sd7V6oNQknzXBnlhACQEh6fE+p7JDJ341geZ/4kq2xG+ntO2ygs5kD+BLFQ==\",\"salt\":\"hKrMXip5zCx1cdtEUfB+Hg==\"}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\"}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "offline_access", "uma_authorization" ], + "clientRoles" : { + "account" : [ "view-profile", "manage-account" ] + }, + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "06547ee2-dcc3-420c-96cb-5f3bb3793b4d", + "createdTimestamp" : 1589458882558, + "username" : "elizabeth", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "credentials" : [ { + "id" : "336462c7-1223-4e6e-a137-a191921dd29e", + "type" : "password", + "createdDate" : 1589458888423, + "secretData" : "{\"value\":\"a6EFR5f5Y7WTcMWS3Cd4mxVhnttAce6jj8VbHtmmWfs3892Y7piBaCKINd01fn4F+9ON1cjcW56NWvCRnnizmg==\",\"salt\":\"K/4JLfm50JBdoxP7rHkJAA==\"}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\"}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "offline_access", "uma_authorization" ], + "clientRoles" : { + "account" : [ "view-profile", "manage-account" ] + }, + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "04c29bab-7b20-4ff2-8583-8ad3dbcff4d6", + "createdTimestamp" : 1589458896665, + "username" : "erin", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "credentials" : [ { + "id" : "7bbd8ab2-8415-4985-b8cd-d31972771be6", + "type" : "password", + "createdDate" : 1589458902386, + "secretData" : "{\"value\":\"Jn/Uxw7wf3CB9Jqjn38HVDW9Ct5/GTtUEC5XXvoCwoeYyL2MRgMDzO/G1frXln0pyuf8BE3fX5yyzIcxzn9T9A==\",\"salt\":\"lMSUIPlldCwtyhIw6jDVSw==\"}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\"}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "offline_access", "uma_authorization" ], + "clientRoles" : { + "account" : [ "view-profile", "manage-account" ] + }, + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "04fbbc19-3bd9-4075-8dd8-bc8c741d8c3c", + "createdTimestamp" : 1589458913057, + "username" : "henry", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "credentials" : [ { + "id" : "49b13b1f-9936-44ad-80dd-02bc698ff57e", + "type" : "password", + "createdDate" : 1589458919179, + "secretData" : "{\"value\":\"3+rnVqs+99RUvFvcpeX5PRbbG29ynz9Ens0j+xJPsYvv3vgaxiernomrZLB2cSMvVouXlNcx4ts9bxl3Vln61w==\",\"salt\":\"3u4wd9ahwbjwyaHOGRJryA==\"}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\"}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "offline_access", "uma_authorization" ], + "clientRoles" : { + "account" : [ "view-profile", "manage-account" ] + }, + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "89003390-168e-4dc3-a582-5b38ae264bdd", + "createdTimestamp" : 1589458930069, + "username" : "jack", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "credentials" : [ { + "id" : "64f9ebcf-a3fb-4a48-ab3e-328191cfb6f9", + "type" : "password", + "createdDate" : 1589458935885, + "secretData" : "{\"value\":\"8cW1JDlarofzwVTyjuuaDpDZ+kg2ca8X8ZHMBlDDiQTYg1a6oGCeSFOEgbTOnffIQFYClfubmkQ5tZIiy/qZ8Q==\",\"salt\":\"u2TBXrgU4BezyrL+h4WSig==\"}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\"}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "offline_access", "uma_authorization" ], + "clientRoles" : { + "account" : [ "view-profile", "manage-account" ] + }, + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "19fcef93-1b1a-472b-97f5-77f46cf6f3fd", + "createdTimestamp" : 1589458944756, + "username" : "jacob", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "credentials" : [ { + "id" : "d999430d-8d41-45d9-ae9c-397b205c1b9b", + "type" : "password", + "createdDate" : 1589458952347, + "secretData" : "{\"value\":\"OiBbrZ2HG6/lljTNRXM0/xkXSGzWpH8Icl2MBNZ7JqdrGmeu7Z3S8/wSGt1lAUudRUh/kPhgr+fc5CnVb6ACkg==\",\"salt\":\"+mrbaObsu37f0aIIdaC86w==\"}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\"}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "offline_access", "uma_authorization" ], + "clientRoles" : { + "account" : [ "view-profile", "manage-account" ] + }, + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "39f5a6ff-22a6-4257-a50e-a64942a5115b", + "createdTimestamp" : 1589461163498, + "username" : "newguy", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "credentials" : [ { + "id" : "8b05b802-5fd3-4b80-a7c2-6b8cc612d2d7", + "type" : "password", + "createdDate" : 1589461171125, + "secretData" : "{\"value\":\"Q5XkxUhPU5t6U64s2D6u2kHQBDBO8AOGokLEjv2Z0Ozv2PFjLruy7vfzXPOA2Fo+Kyj9wjEtjR9Hvt0cdMs5Bg==\",\"salt\":\"NCdcmzoOzLy8b4zVsnAO5w==\"}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\"}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "offline_access", "uma_authorization" ], + "clientRoles" : { + "account" : [ "view-profile", "manage-account" ] + }, + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "2a1e98bd-13dc-49c9-a1c5-7137eacc0e8f", + "createdTimestamp" : 1589458964142, + "username" : "nick", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "credentials" : [ { + "id" : "c1547a67-232e-46c4-b978-9c18d5f3f939", + "type" : "password", + "createdDate" : 1589458969851, + "secretData" : "{\"value\":\"Zk0+UyShT385m7UF3VA0W1IZ1p6UB8BXH2F/ko88Gw2/Id0c6ybqpaQpPbDGDbMWnogx8hT9b1f4WQtAFbBKwQ==\",\"salt\":\"txHCxmMFWO6MnLJECG/Ccw==\"}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\"}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "offline_access", "uma_authorization" ], + "clientRoles" : { + "account" : [ "view-profile", "manage-account" ] + }, + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "66a0c276-528a-4ae9-81ea-90a217a0e5ee", + "createdTimestamp" : 1589460346718, + "username" : "not-in-anet", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "credentials" : [ { + "id" : "f1bf054e-0c8d-46c5-9fcc-998efb2d47f6", + "type" : "password", + "createdDate" : 1589460358104, + "secretData" : "{\"value\":\"LdxutTHfV3omKk+5fWtAozbFrakU/tvwvArDj3MT9wBJEfrM5kTP2s+GvDi3AzRkKNEPvgTHGD5Rfx0JoqFx9A==\",\"salt\":\"bJHvPH509AnAz+z+9ZGhDw==\"}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\"}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "offline_access", "uma_authorization" ], + "clientRoles" : { + "account" : [ "view-profile", "manage-account" ] + }, + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "9eb4b898-6fe4-40f8-abca-e893424d75d1", + "createdTimestamp" : 1589458978728, + "username" : "rebecca", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "credentials" : [ { + "id" : "65e15807-220b-4207-a7f0-5678cfcdd44d", + "type" : "password", + "createdDate" : 1589458984332, + "secretData" : "{\"value\":\"zy3InxU6JPIqwBzlLbqSfLayRjnjtQJK615BmfOtnQ1RM+AxCz4G5heio+yeDdjxnS6XfaPW1kUg9ncpoaFXmg==\",\"salt\":\"aV0RoBxspXZlXpUO7itdwQ==\"}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\"}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "offline_access", "uma_authorization" ], + "clientRoles" : { + "account" : [ "view-profile", "manage-account" ] + }, + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "5b585887-1c3d-4f47-bccb-cdfebfd6e919", + "createdTimestamp" : 1589458993207, + "username" : "reina", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "credentials" : [ { + "id" : "ae2ee14d-694d-441d-a1d3-532b88d24393", + "type" : "password", + "createdDate" : 1589459000007, + "secretData" : "{\"value\":\"lKmM8u1TEObTH3ny8kcMmMSSHWlM9X57YL91kpRQzPWNImQmB2XrfEgU6TGV59djzFff1EbyY+UhsW5eXpTzQw==\",\"salt\":\"hhY14yNAisSzrrvp+pJ+lg==\"}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\"}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "offline_access", "uma_authorization" ], + "clientRoles" : { + "account" : [ "view-profile", "manage-account" ] + }, + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "47625492-6883-460a-85cb-338bb8147e2e", + "createdTimestamp" : 1589461265521, + "username" : "testapprover1", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "credentials" : [ { + "id" : "2f701aa5-c35f-487e-9109-70fa1a54c5c0", + "type" : "password", + "createdDate" : 1589461271182, + "secretData" : "{\"value\":\"oPVOiMKiADwTsJeqN9lhsLiIfihPHRQjURLdoEtEjAsoKU58v3hHLo7sijtHx6qHVz+0mK0orCa9020XjP9BkA==\",\"salt\":\"l32h0CWEcLJmUZ1qvr7G/Q==\"}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\"}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "offline_access", "uma_authorization" ], + "clientRoles" : { + "account" : [ "view-profile", "manage-account" ] + }, + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "60b3e516-4ed3-48bb-80e8-935d52b28657", + "createdTimestamp" : 1589461280914, + "username" : "testapprover2", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "credentials" : [ { + "id" : "20aa0669-a27a-4a37-a70d-a7731c9c6fe5", + "type" : "password", + "createdDate" : 1589461286605, + "secretData" : "{\"value\":\"D/Nve1fhLbSNUjpQgkOXa5udJnsT+GQxQycgeVK/AMXPVql0IaPJ3W3RaJ2yX0K9FrqrvMpqVOT/gis8uLdX0w==\",\"salt\":\"oKsl7yjvM1/cyu/P3cdKrw==\"}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\"}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "offline_access", "uma_authorization" ], + "clientRoles" : { + "account" : [ "view-profile", "manage-account" ] + }, + "notBefore" : 0, + "groups" : [ ] + } ], + "scopeMappings" : [ { + "clientScope" : "offline_access", + "roles" : [ "offline_access" ] + } ], + "clientScopeMappings" : { + "account" : [ { + "client" : "account-console", + "roles" : [ "manage-account" ] + } ] + }, + "clients" : [ { + "id" : "0cfd5ecd-dc95-4c1e-ae22-b3ef79b94178", + "clientId" : "ANET-Client", + "rootUrl" : "http://localhost:8080", + "adminUrl" : "", + "baseUrl" : "/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "12869b4c-74ac-43f9-b71e-ff74e07babf9", + "redirectUris" : [ "*" ], + "webOrigins" : [ "*" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "saml.assertion.signature" : "false", + "saml.force.post.binding" : "false", + "saml.multivalued.roles" : "false", + "saml.encrypt" : "false", + "saml.server.signature" : "false", + "saml.server.signature.keyinfo.ext" : "false", + "exclude.session.state.from.auth.response" : "false", + "saml_force_name_id_format" : "false", + "saml.client.signature" : "false", + "tls.client.certificate.bound.access.tokens" : "false", + "saml.authnstatement" : "false", + "display.on.consent.screen" : "false", + "saml.onetimeuse.condition" : "false" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : -1, + "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "adabd92d-54bb-48da-8c8d-2be627aabf0f", + "clientId" : "account", + "name" : "${client_account}", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/ANET-Realm/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "461ebed8-8930-4622-afb0-7efcf67c1737", + "defaultRoles" : [ "manage-account", "view-profile" ], + "redirectUris" : [ "/realms/ANET-Realm/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "2513b222-dac8-4e33-995d-7716edcff4ea", + "clientId" : "account-console", + "name" : "${client_account-console}", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/ANET-Realm/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "d7e07321-a71e-45cd-8294-59d207d7c901", + "redirectUris" : [ "/realms/ANET-Realm/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "saml.assertion.signature" : "false", + "saml.force.post.binding" : "false", + "saml.multivalued.roles" : "false", + "saml.encrypt" : "false", + "saml.server.signature" : "false", + "saml.server.signature.keyinfo.ext" : "false", + "exclude.session.state.from.auth.response" : "false", + "saml_force_name_id_format" : "false", + "saml.client.signature" : "false", + "tls.client.certificate.bound.access.tokens" : "false", + "saml.authnstatement" : "false", + "display.on.consent.screen" : "false", + "pkce.code.challenge.method" : "S256", + "saml.onetimeuse.condition" : "false" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "25ee3b1c-bc33-48be-8b5a-504d808eb074", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { } + } ], + "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "42f30994-67a4-4ca0-9f13-cac016c1fc40", + "clientId" : "admin-cli", + "name" : "${client_admin-cli}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "a7418059-1683-4805-a1d9-f10df25882c1", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : false, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "310f7bc8-7d61-428e-bf9c-495df5eda23e", + "clientId" : "broker", + "name" : "${client_broker}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "de76bd18-3dd7-47dd-98df-2a4c96e41312", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "226c9ac9-5ec4-48d4-84f9-da87f128d516", + "clientId" : "realm-management", + "name" : "${client_realm-management}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "238fda24-8e15-4654-aa21-630243206900", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : true, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "1861065c-4c14-465c-9fb4-fd3296cd8ea1", + "clientId" : "security-admin-console", + "name" : "${client_security-admin-console}", + "rootUrl" : "${authAdminUrl}", + "baseUrl" : "/admin/ANET-Realm/console/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "394e880f-3aae-428e-a56b-1b6dd0ca64a2", + "redirectUris" : [ "/admin/ANET-Realm/console/*" ], + "webOrigins" : [ "+" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "pkce.code.challenge.method" : "S256" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "42964cf4-1955-4cac-8fa8-75f678302f17", + "name" : "locale", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "locale", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "locale", + "jsonType.label" : "String" + } + } ], + "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + } ], + "clientScopes" : [ { + "id" : "b1487359-d18d-42e3-b7a7-4638c8a7f655", + "name" : "address", + "description" : "OpenID Connect built-in scope: address", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${addressScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "6c60dad9-0cd7-441f-b61f-a895f2767f94", + "name" : "address", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-address-mapper", + "consentRequired" : false, + "config" : { + "user.attribute.formatted" : "formatted", + "user.attribute.country" : "country", + "user.attribute.postal_code" : "postal_code", + "userinfo.token.claim" : "true", + "user.attribute.street" : "street", + "id.token.claim" : "true", + "user.attribute.region" : "region", + "access.token.claim" : "true", + "user.attribute.locality" : "locality" + } + } ] + }, { + "id" : "ad93f67c-fe0e-449b-9996-2d6f4e01c1ef", + "name" : "email", + "description" : "OpenID Connect built-in scope: email", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${emailScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "84834c7e-8060-4f69-9a54-939a5b0774fc", + "name" : "email verified", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "emailVerified", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email_verified", + "jsonType.label" : "boolean" + } + }, { + "id" : "6cdd2f1d-12c9-4db9-840f-ecce6b15202c", + "name" : "email", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "email", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "97b816b7-523e-4816-b1c1-a1a7edc029e4", + "name" : "microprofile-jwt", + "description" : "Microprofile - JWT built-in scope", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "95570082-2735-4265-b8dc-127f369efd42", + "name" : "groups", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "multivalued" : "true", + "user.attribute" : "foo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "groups", + "jsonType.label" : "String" + } + }, { + "id" : "e6fed1a9-6990-4d0a-a514-a2e0e0f8e04d", + "name" : "upn", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "upn", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "f0325185-6c2d-473f-a14f-77e7c1256cde", + "name" : "offline_access", + "description" : "OpenID Connect built-in scope: offline_access", + "protocol" : "openid-connect", + "attributes" : { + "consent.screen.text" : "${offlineAccessScopeConsentText}", + "display.on.consent.screen" : "true" + } + }, { + "id" : "cf8d4c32-4061-4675-8204-be6fcc018f6b", + "name" : "phone", + "description" : "OpenID Connect built-in scope: phone", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${phoneScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "875eb5c1-78a1-4b6d-aed7-bb2e4190cc2d", + "name" : "phone number verified", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "phoneNumberVerified", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "phone_number_verified", + "jsonType.label" : "boolean" + } + }, { + "id" : "fbc54f93-9844-4595-9ac1-ac497fdf708e", + "name" : "phone number", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "phoneNumber", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "phone_number", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "1a9546c7-ccc9-4fe0-93bb-bab55c5ee373", + "name" : "profile", + "description" : "OpenID Connect built-in scope: profile", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${profileScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "491b87ec-8bd3-4dc7-b529-8e816af4e10a", + "name" : "middle name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "middleName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "middle_name", + "jsonType.label" : "String" + } + }, { + "id" : "1285fb95-629f-4533-a130-7d89b733f85f", + "name" : "website", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "website", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "website", + "jsonType.label" : "String" + } + }, { + "id" : "0f8d1283-e140-4ec5-887e-c890a1be0f67", + "name" : "profile", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "profile", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "profile", + "jsonType.label" : "String" + } + }, { + "id" : "af4cbb7b-a614-46d2-8494-1e2fefadcf8e", + "name" : "full name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-full-name-mapper", + "consentRequired" : false, + "config" : { + "id.token.claim" : "true", + "access.token.claim" : "true", + "userinfo.token.claim" : "true" + } + }, { + "id" : "53e9e3c7-db1f-4b7c-a546-a34ad1823d1f", + "name" : "zoneinfo", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "zoneinfo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "zoneinfo", + "jsonType.label" : "String" + } + }, { + "id" : "b6e168eb-5481-4560-8132-5236626ca914", + "name" : "username", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "preferred_username", + "jsonType.label" : "String" + } + }, { + "id" : "0696bf57-f329-4ddd-915b-f8c2f224e3ef", + "name" : "picture", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "picture", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "picture", + "jsonType.label" : "String" + } + }, { + "id" : "0f419e12-4607-4c44-b066-d69c7e8c138b", + "name" : "birthdate", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "birthdate", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "birthdate", + "jsonType.label" : "String" + } + }, { + "id" : "797b0894-f6ab-45da-ae8f-4b7f413e6b3a", + "name" : "locale", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "locale", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "locale", + "jsonType.label" : "String" + } + }, { + "id" : "afa8f9e1-bc52-4537-9a14-8d5f6d00a05a", + "name" : "given name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "firstName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "given_name", + "jsonType.label" : "String" + } + }, { + "id" : "a2e0b251-2ab6-4b4b-9c17-282c98661353", + "name" : "family name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "lastName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "family_name", + "jsonType.label" : "String" + } + }, { + "id" : "9e845cc8-116b-4621-a54a-57bc724eaa26", + "name" : "gender", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "gender", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "gender", + "jsonType.label" : "String" + } + }, { + "id" : "6531105e-a8b4-4b15-9a24-7d031c1d8271", + "name" : "nickname", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "nickname", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "nickname", + "jsonType.label" : "String" + } + }, { + "id" : "e1063f7e-e145-435c-a5e2-9123353601f8", + "name" : "updated at", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "updatedAt", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "updated_at", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "aa20e49f-3781-49e1-81f7-66620b20332d", + "name" : "role_list", + "description" : "SAML role list", + "protocol" : "saml", + "attributes" : { + "consent.screen.text" : "${samlRoleListScopeConsentText}", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "06f0cf4b-e473-424b-84af-42a3bec4f4d6", + "name" : "role list", + "protocol" : "saml", + "protocolMapper" : "saml-role-list-mapper", + "consentRequired" : false, + "config" : { + "single" : "false", + "attribute.nameformat" : "Basic", + "attribute.name" : "Role" + } + } ] + }, { + "id" : "01425c92-9622-4cd4-95eb-abf09cda1758", + "name" : "roles", + "description" : "OpenID Connect scope for add user roles to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${rolesScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "f06db033-610f-4f94-bb77-dbffd3b2726e", + "name" : "client roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-client-role-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "foo", + "access.token.claim" : "true", + "claim.name" : "resource_access.${client_id}.roles", + "jsonType.label" : "String", + "multivalued" : "true" + } + }, { + "id" : "70373363-4224-4c5c-8d28-cd5912e6c4b6", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { } + }, { + "id" : "e280afa7-15f7-4002-b734-fe6019a92c44", + "name" : "realm roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "foo", + "access.token.claim" : "true", + "claim.name" : "realm_access.roles", + "jsonType.label" : "String", + "multivalued" : "true" + } + } ] + }, { + "id" : "0ace601a-df45-420f-80b4-80da8fbb6eb5", + "name" : "web-origins", + "description" : "OpenID Connect scope for add allowed web origins to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false", + "consent.screen.text" : "" + }, + "protocolMappers" : [ { + "id" : "7896d68f-cd19-40e2-b598-12207a81bef5", + "name" : "allowed web origins", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-allowed-origins-mapper", + "consentRequired" : false, + "config" : { } + } ] + } ], + "defaultDefaultClientScopes" : [ "role_list", "profile", "email", "roles", "web-origins" ], + "defaultOptionalClientScopes" : [ "offline_access", "address", "phone", "microprofile-jwt" ], + "browserSecurityHeaders" : { + "contentSecurityPolicyReportOnly" : "", + "xContentTypeOptions" : "nosniff", + "xRobotsTag" : "none", + "xFrameOptions" : "SAMEORIGIN", + "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "xXSSProtection" : "1; mode=block", + "strictTransportSecurity" : "max-age=31536000; includeSubDomains" + }, + "smtpServer" : { }, + "eventsEnabled" : false, + "eventsListeners" : [ "jboss-logging" ], + "enabledEventTypes" : [ ], + "adminEventsEnabled" : false, + "adminEventsDetailsEnabled" : false, + "components" : { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ { + "id" : "63cbcf54-d8b5-4ce8-b3c9-132e154dde72", + "name" : "Consent Required", + "providerId" : "consent-required", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "65abd96f-f5b2-4597-bf26-7e0c4d7ef6f0", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "oidc-full-name-mapper", "oidc-usermodel-property-mapper", "saml-user-attribute-mapper", "oidc-address-mapper", "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-role-list-mapper" ] + } + }, { + "id" : "dd3736ae-aee5-4a59-8b01-8f36dbca9dc6", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "oidc-usermodel-property-mapper", "oidc-address-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-attribute-mapper", "oidc-usermodel-attribute-mapper", "saml-user-property-mapper", "saml-role-list-mapper", "oidc-full-name-mapper" ] + } + }, { + "id" : "16271b47-116c-4980-9a66-30c0ab4e0bf8", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allow-default-scopes" : [ "true" ] + } + }, { + "id" : "17441b19-002e-4be7-aa6d-2e76dfa093b7", + "name" : "Full Scope Disabled", + "providerId" : "scope", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "f64c1edf-1b31-489a-8f89-0e65c59689b3", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "allow-default-scopes" : [ "true" ] + } + }, { + "id" : "7a4c7964-616d-4c6f-8e36-ecca3c616f52", + "name" : "Trusted Hosts", + "providerId" : "trusted-hosts", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "host-sending-registration-request-must-match" : [ "true" ], + "client-uris-must-match" : [ "true" ] + } + }, { + "id" : "9ca50f31-bf1c-46b4-bf22-312c7173bafd", + "name" : "Max Clients Limit", + "providerId" : "max-clients", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "max-clients" : [ "200" ] + } + } ], + "org.keycloak.keys.KeyProvider" : [ { + "id" : "16e3cd5d-2787-48ad-9a00-90445392178b", + "name" : "aes-generated", + "providerId" : "aes-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "309bd7b8-8c44-4e5c-9154-d46e226339d1" ], + "secret" : [ "knhSEfNDzAXMD751xVuvsQ" ], + "priority" : [ "100" ] + } + }, { + "id" : "2d605abd-3cb3-44aa-9684-23d47bcb1103", + "name" : "rsa-generated", + "providerId" : "rsa-generated", + "subComponents" : { }, + "config" : { + "privateKey" : [ "MIIEowIBAAKCAQEAiU/Zd3ZgsjTAbGdsL5r+H7Mbs3CpLiXXdHaRqfb6lADiL++7NErXIlrgEISQDNGPntObYO2sJ0Dlt+hGC8yn03mYIXKrm1qsrF/BaYxwUDlm3RO7ib1xrDZWDD1RXujDT6hDOkqX3ABOc18orbWjuXOlmT9YIPwq794T7lUtj/ofMf4loHrXDH+LDdPPJlkiYXRfCkWAluEQBSBc4XVPf1m26SziRPCzaTOq7uFHpFFDFfk74FlmbZeW2ejD0kI+DjsPqDO+E4IFkuH3RvbgcLjUQ56Uh1fRf+kInNWIpoQBCjRBRCLittPaDtDyKoblXd6Ru++pYMzyJ2SCrZL8AQIDAQABAoIBAAnB29EqX0qqhvXtD3n+iIpWHuTMX6lA1SOYfVdXjozP10LSxTm9C7aMQJnL4bSXe54sqUDlArOzX9+GqNuTymUzocTWsi0S72w8TbEjYqPAwHd7PHtYM+ip38l03gBhh+d0LHrK7Cmc9/Yoz+owGxdFiYHvR2LoqGBtJntsIBW39LDr2MeMh0uiQT8PlRYva9GBkjRDtUTDBVr/MwYwFAs1DPi1Py0AK7meLhSDnY2e29BXj13AfXMU4eiBOL7Ce921JPOrIpypsBF7FUCyV5j3lwfpTblN0x+b51ssyFD5xn2T/Pd9IGqtb1OCi/GltsDQ3t2dFIpq3cnAT0TunZUCgYEAwV+tBV2wwzVVZ/riqLV/uBpZhQ9yaQyCmrLc2rz3ui51N5hUN0ZeX4G/TVyhftJtn3q1jPWkJt2HIbh505fs2uEWpdlzJVlwsMXG8OzMy/CaPBHXBHi/+oFf0y6ZhSOaU4b/ClP/nwkHLyZ6zcoTMzZcudmI6KLrnl9IB8ZHcBMCgYEAtcgsM7LpzeiPZnN7AmSCAtOIzzbpp95ZSNlMBxicdtiqcCg19cveiFurIhwF84T2TiunFj7EPoq2vtNP+dlMEBrIBphhl10YYeAB3Nx3yvy6fg4/+COBxd/cU6kLuN/A+T4/dtfV3tFftwEUl3mz0ze+jH4VDrfdsBlaYFbWbhsCgYAS0OV8FS7C/+iMkpwFgIup9V5qlSMz15TJyse0vRh51FVxkG/5ZO5/6pcbxvyr43vpPb52tdxAL+QbQuEP1sOkVKyofK04oChX+xatkM0otwO6/p1mgP1lObuCSBGGI/27TPJ6JcxExFMfomXmqlgN7qc9Kk6pHFlC8tCGeSOwYwKBgCtiR7Ja+9Ppsfe4jd4HUMQN6jPSHjezKEnrmmqDJCx1D1BPOHmeG1Ed15z/ZSg2TnZfkrQLbNikUHMAibDOfInHan+wdHIkhMIvLSKh93EZmgSlr/yvtLQd9j59NM/9jtetVIYvgtp3y8koV9rC7/jz7+Ul3i6yERWLJ3egofKLAoGBALDrh5IpxnKzhWGxovSkHDeXBKFne6/j1px4dSMcY0KNsFIu16s5cnHUG4s25bctLOdaMa3LA0LQKWoSMawx4FMlJ24Q84nstuG8EDGFlCp1CNJsTLOmMjJ1sBIKe7vp2x4T4wePRokpc9x29Nr7VWh0tg1SiSHwrNSrnpkDuOQi" ], + "certificate" : [ "MIICozCCAYsCBgFyEx58/zANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDDApBTkVUIFJlYWxtMB4XDTIwMDUxNDEyMTYwNFoXDTMwMDUxNDEyMTc0NFowFTETMBEGA1UEAwwKQU5FVCBSZWFsbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIlP2Xd2YLI0wGxnbC+a/h+zG7NwqS4l13R2kan2+pQA4i/vuzRK1yJa4BCEkAzRj57Tm2DtrCdA5bfoRgvMp9N5mCFyq5tarKxfwWmMcFA5Zt0Tu4m9caw2Vgw9UV7ow0+oQzpKl9wATnNfKK21o7lzpZk/WCD8Ku/eE+5VLY/6HzH+JaB61wx/iw3TzyZZImF0XwpFgJbhEAUgXOF1T39Ztuks4kTws2kzqu7hR6RRQxX5O+BZZm2Xltnow9JCPg47D6gzvhOCBZLh90b24HC41EOelIdX0X/pCJzViKaEAQo0QUQi4rbT2g7Q8iqG5V3ekbvvqWDM8idkgq2S/AECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEANRpyAF8Pan0IwTEWMhvxGnEge0+Js2ImA+NfB9IidTTvJqvAcYTXe5C5A+RBpuYyjGKIZA+0Vk37q6dDh3POZOqUjp8YW5wJlwxDLWI52DYjA6lm2DRc0Gwi1bvDlA0QYEkkDCSvlME1s8g7rf8+bapsCfh+0aMecQBJxMbaLdDxMdloUWOZwBHelwdKI/HwwaemKIJLIIpp5zugsxFPfDJ+cxFZM6JEkh810KRnyh8teosF0CH7QVU+h+07kSlHzlOwekmG8/zZtF61+6S8YdNRNKEWCRCUs2RU1ovS+kRFz1K1lHdExPCNYemhpqRppIlV88YeBqC7nJ95WsjjUQ==" ], + "priority" : [ "100" ] + } + }, { + "id" : "a6a76dda-cf9d-4f94-8bd5-15238036d10e", + "name" : "hmac-generated", + "providerId" : "hmac-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "0e4b5bb3-487f-4907-b652-bcfc893ac67c" ], + "secret" : [ "IU7UOaxuEQqiA0kbgs3u90K25nbMTBZRyMa6n829WpmtItqwjXldIX1QczMG-gqHmp7ZKapACEX-hCGK6GZaJQ" ], + "priority" : [ "100" ], + "algorithm" : [ "HS256" ] + } + } ] + }, + "internationalizationEnabled" : false, + "supportedLocales" : [ ], + "authenticationFlows" : [ { + "id" : "e8119773-d020-462c-b044-00aad9b13d3d", + "alias" : "Account verification options", + "description" : "Method with which to verity the existing account", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-email-verification", + "requirement" : "ALTERNATIVE", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "requirement" : "ALTERNATIVE", + "priority" : 20, + "flowAlias" : "Verify Existing Account by Re-authentication", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "13c58c63-dcf6-4a75-95ba-81973f38c601", + "alias" : "Authentication Options", + "description" : "Authentication options.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "basic-auth", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "basic-auth-otp", + "requirement" : "DISABLED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "auth-spnego", + "requirement" : "DISABLED", + "priority" : 30, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "76bdea03-b6a4-4252-bffa-6a5cd349e0ea", + "alias" : "Browser - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "auth-otp-form", + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "879485f4-c3e8-4252-81e7-726ed8f318df", + "alias" : "Direct Grant - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "direct-grant-validate-otp", + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "d3033328-ec86-49bc-8207-c82ca4e6ce84", + "alias" : "First broker login - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "auth-otp-form", + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "775c59cb-df74-4a58-a777-e2785dd31a77", + "alias" : "Handle Existing Account", + "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-confirm-link", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "requirement" : "REQUIRED", + "priority" : 20, + "flowAlias" : "Account verification options", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "d6e440c7-871f-45d0-a854-a8e2360ac186", + "alias" : "Reset - Conditional OTP", + "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "reset-otp", + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "c6269b2b-e7aa-4d02-85b8-3688e3e52279", + "alias" : "User creation or linking", + "description" : "Flow for the existing/non-existing user alternatives", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "create unique user config", + "authenticator" : "idp-create-user-if-unique", + "requirement" : "ALTERNATIVE", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "requirement" : "ALTERNATIVE", + "priority" : 20, + "flowAlias" : "Handle Existing Account", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "08765295-5459-49c7-a42f-0ac52aaa0a6b", + "alias" : "Verify Existing Account by Re-authentication", + "description" : "Reauthentication of existing account", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-username-password-form", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "requirement" : "CONDITIONAL", + "priority" : 20, + "flowAlias" : "First broker login - Conditional OTP", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "c9d59f75-79a5-4ba4-a8a9-ce29049ef65f", + "alias" : "browser", + "description" : "browser based authentication", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-cookie", + "requirement" : "ALTERNATIVE", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "auth-spnego", + "requirement" : "DISABLED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "identity-provider-redirector", + "requirement" : "ALTERNATIVE", + "priority" : 25, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "requirement" : "ALTERNATIVE", + "priority" : 30, + "flowAlias" : "forms", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "6c6a77f0-7e80-4066-a3af-429ea47cbdc0", + "alias" : "clients", + "description" : "Base authentication for clients", + "providerId" : "client-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "client-secret", + "requirement" : "ALTERNATIVE", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "client-jwt", + "requirement" : "ALTERNATIVE", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "client-secret-jwt", + "requirement" : "ALTERNATIVE", + "priority" : 30, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "client-x509", + "requirement" : "ALTERNATIVE", + "priority" : 40, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "609a5e86-267d-4812-880f-e4020da7ccc3", + "alias" : "direct grant", + "description" : "OpenID Connect Resource Owner Grant", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "direct-grant-validate-username", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "direct-grant-validate-password", + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "requirement" : "CONDITIONAL", + "priority" : 30, + "flowAlias" : "Direct Grant - Conditional OTP", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "393c3c7f-9309-4ef9-a4a2-f3fc8c646482", + "alias" : "docker auth", + "description" : "Used by Docker clients to authenticate against the IDP", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "docker-http-basic-authenticator", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "0d0e8647-db58-4821-918f-40a5489a6951", + "alias" : "first broker login", + "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "review profile config", + "authenticator" : "idp-review-profile", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "requirement" : "REQUIRED", + "priority" : 20, + "flowAlias" : "User creation or linking", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "8315f64c-8d10-4771-bfbc-30a46bf6bf0b", + "alias" : "forms", + "description" : "Username, password, otp and other auth forms.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-username-password-form", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "requirement" : "CONDITIONAL", + "priority" : 20, + "flowAlias" : "Browser - Conditional OTP", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "7551d3b4-0561-4507-8106-93f7247f5619", + "alias" : "http challenge", + "description" : "An authentication flow based on challenge-response HTTP Authentication Schemes", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "no-cookie-redirect", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "requirement" : "REQUIRED", + "priority" : 20, + "flowAlias" : "Authentication Options", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "47a557cb-de84-4af3-acbb-c5c407aa2c19", + "alias" : "registration", + "description" : "registration flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-page-form", + "requirement" : "REQUIRED", + "priority" : 10, + "flowAlias" : "registration form", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "a594be52-8ae7-4b88-ba1c-0ddd0b9dfb42", + "alias" : "registration form", + "description" : "registration form", + "providerId" : "form-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-user-creation", + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "registration-profile-action", + "requirement" : "REQUIRED", + "priority" : 40, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "registration-password-action", + "requirement" : "REQUIRED", + "priority" : 50, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "registration-recaptcha-action", + "requirement" : "DISABLED", + "priority" : 60, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "79cc351a-2838-476e-ad32-2a3ef0262ac2", + "alias" : "reset credentials", + "description" : "Reset credentials for a user if they forgot their password or something", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "reset-credentials-choose-user", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "reset-credential-email", + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "reset-password", + "requirement" : "REQUIRED", + "priority" : 30, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "requirement" : "CONDITIONAL", + "priority" : 40, + "flowAlias" : "Reset - Conditional OTP", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "5f45470c-8f03-4dcc-a02c-e09d9ebc4d16", + "alias" : "saml ecp", + "description" : "SAML ECP Profile Authentication Flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "http-basic-authenticator", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + } ], + "authenticatorConfig" : [ { + "id" : "91ece4c4-11ab-4489-a992-ae8b2b06e2bf", + "alias" : "create unique user config", + "config" : { + "require.password.update.after.registration" : "false" + } + }, { + "id" : "7287c6e6-b568-46e0-8d6c-44f9ad3ea58f", + "alias" : "review profile config", + "config" : { + "update.profile.on.first.login" : "missing" + } + } ], + "requiredActions" : [ { + "alias" : "CONFIGURE_TOTP", + "name" : "Configure OTP", + "providerId" : "CONFIGURE_TOTP", + "enabled" : true, + "defaultAction" : false, + "priority" : 10, + "config" : { } + }, { + "alias" : "terms_and_conditions", + "name" : "Terms and Conditions", + "providerId" : "terms_and_conditions", + "enabled" : false, + "defaultAction" : false, + "priority" : 20, + "config" : { } + }, { + "alias" : "UPDATE_PASSWORD", + "name" : "Update Password", + "providerId" : "UPDATE_PASSWORD", + "enabled" : true, + "defaultAction" : false, + "priority" : 30, + "config" : { } + }, { + "alias" : "UPDATE_PROFILE", + "name" : "Update Profile", + "providerId" : "UPDATE_PROFILE", + "enabled" : true, + "defaultAction" : false, + "priority" : 40, + "config" : { } + }, { + "alias" : "VERIFY_EMAIL", + "name" : "Verify Email", + "providerId" : "VERIFY_EMAIL", + "enabled" : true, + "defaultAction" : false, + "priority" : 50, + "config" : { } + }, { + "alias" : "update_user_locale", + "name" : "Update User Locale", + "providerId" : "update_user_locale", + "enabled" : true, + "defaultAction" : false, + "priority" : 1000, + "config" : { } + } ], + "browserFlow" : "browser", + "registrationFlow" : "registration", + "directGrantFlow" : "direct grant", + "resetCredentialsFlow" : "reset credentials", + "clientAuthenticationFlow" : "clients", + "dockerAuthenticationFlow" : "docker auth", + "attributes" : { + "clientSessionIdleTimeout" : "0", + "clientSessionMaxLifespan" : "0" + }, + "keycloakVersion" : "10.0.1", + "userManagedAccessAllowed" : false +} diff --git a/anet.yml b/anet.yml index e88ed284a1..64cf9efb79 100644 --- a/anet.yml +++ b/anet.yml @@ -15,8 +15,7 @@ ############################################################## # Flag to run the server in development mode -# - Will use Basic authentication (rather than Windows Domain Auth) -# - Will reload the GraphQL Graph on every request. +# - Will run the account deactivation worker once on startup developmentMode: true # Flag to tell the server to redirect all HTTP traffic to HTTPS @@ -51,20 +50,16 @@ emailFromAddr: "Anet Testing " # Should not include an ending slash! serverUrl: "http://localhost:3000" -# Whether to time Waffle requests -timeWaffleRequests: true - -# Configuration for Waffle. This is the system that ANET uses to perform windows authentication -# See https://github.com/Waffle/waffle -waffleConfig: - principalFormat: fqn - roleFormat: both - allowGuestLogin: false - impersonate: false - securityFilterProviders: waffle.servlet.spi.BasicSecurityFilterProvider - #securityFilterProviders: "waffle.servlet.spi.BasicSecurityFilterProvider waffle.servlet.spi.NegotiateSecurityFilterProvider" - #"waffle.servlet.spi.NegotiateSecurityFilterProvider/protocols": NTLM - "waffle.servlet.spi.BasicSecurityFilterProvider/realm": ANET +keycloakConfiguration: + realm: ANET-Realm + auth-server-url: http://localhost:9080/auth + ssl-required: none + register-node-at-startup: true + register-node-period: 600 + resource: ANET-Client + enable-basic-auth: true + credentials: + secret: 12869b4c-74ac-43f9-b71e-ff74e07babf9 ######################################################## ### The below is the default Dropwizard Configuration @@ -139,8 +134,6 @@ logging: logFormat: '%d{yyyy-MM-dd HH:mm:ss.SSS,UTC}\t%p\t%m%n' "io.dropwizard.assets.AssetsBundle" : TRACE "io.dropwizard.assets.*" : TRACE - "waffle.servlet.NegotiateSecurityFilter" : TRACE - "mil.dds.anet.auth.AnetAuthenticationFilter" : TRACE "mil.dds.anet.threads" : DEBUG "mil.dds.anet.resources.TestingResource" : level: INFO diff --git a/build.gradle b/build.gradle index 59c033d85a..dbe038e85f 100644 --- a/build.gradle +++ b/build.gradle @@ -2,7 +2,7 @@ plugins { id "org.kordamp.markdown.convert" version "1.2.0" id "com.bmuschko.docker-remote-api" version "6.4.0" id "com.github.node-gradle.node" version "2.2.3" - id "com.diffplug.gradle.spotless" version "3.29.0" + id "com.diffplug.gradle.spotless" version "3.30.0" } apply plugin: 'java' @@ -85,12 +85,14 @@ dependencies { implementation 'ch.qos.logback:logback-classic:1.2.3' implementation 'ch.qos.logback:logback-core:1.2.3' implementation 'ch.qos.logback:logback-access:1.2.3' - implementation 'com.github.waffle:waffle-jna:1.9.1' implementation 'com.graphql-java:java-dataloader:2.2.3' implementation 'io.leangen.graphql:spqr:0.10.1' implementation 'com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer:20191001.1' implementation 'com.mikesamuel:json-sanitizer:1.2.0' + // Authentication + implementation 'de.ahus1.keycloak.dropwizard:keycloak-dropwizard:1.1.1' + // Used for converting GraphQL request output to XML: implementation 'com.github.javadev:underscore-lodash:1.26' // For JSON schema validation diff --git a/client/config/browserstack.config.js b/client/config/browserstack.config.js index 142b9a8118..88f39dd516 100644 --- a/client/config/browserstack.config.js +++ b/client/config/browserstack.config.js @@ -27,7 +27,7 @@ const capabilities = { // but that is so prone to unexpected failures as to be unusable. // So test with latest stable Chrome instead. browserName: "Chrome", - browser_version: "80.0", + browser_version: "81.0", "goog:chromeOptions": { // Maximize the window so we can see what's going on args: ["--start-maximized"] diff --git a/client/package.json b/client/package.json index 2f5add7f18..69a9badfe7 100644 --- a/client/package.json +++ b/client/package.json @@ -27,8 +27,8 @@ "@storybook/addon-actions": "5.3.18", "@storybook/react": "5.3.18", "@wdio/browserstack-service": "6.1.10", - "@wdio/cli": "6.1.9", - "@wdio/local-runner": "6.1.9", + "@wdio/cli": "6.1.11", + "@wdio/local-runner": "6.1.11", "@wdio/mocha-framework": "6.1.8", "@wdio/spec-reporter": "6.1.9", "@wdio/sync": "6.1.8", @@ -42,7 +42,7 @@ "cache-loader": "4.1.0", "chai": "4.2.0", "chalk": "4.0.0", - "chromedriver": "80.0.2", + "chromedriver": "81.0.0", "clean-webpack-plugin": "3.0.0", "colors": "1.4.0", "config": "3.3.1", @@ -52,7 +52,7 @@ "cross-spawn": "7.0.2", "css-loader": "3.5.3", "dotenv": "8.2.0", - "eslint": "6.8.0", + "eslint": "7.0.0", "eslint-config-react-app": "5.2.1", "eslint-config-standard": "14.1.1", "eslint-config-standard-react": "9.2.0", @@ -63,7 +63,7 @@ "eslint-plugin-node": "11.1.0", "eslint-plugin-promise": "4.2.1", "eslint-plugin-react": "7.19.0", - "eslint-plugin-react-hooks": "3.0.0", + "eslint-plugin-react-hooks": "4.0.0", "eslint-plugin-standard": "4.0.1", "faker": "https://github.com/Marak/faker.js.git", "file-loader": "6.0.0", @@ -87,7 +87,7 @@ "style-loader": "1.2.1", "thread-loader": "2.1.3", "wdio-chromedriver-service": "6.0.3", - "webdriverio": "6.1.9", + "webdriverio": "6.1.11", "webpack": "4.43.0", "webpack-cli": "3.3.11", "webpack-dev-server": "3.11.0", @@ -144,11 +144,11 @@ "react-redux": "7.2.0", "react-redux-loading-bar": "4.6.0", "react-router-bootstrap": "0.25.0", - "react-router-dom": "5.1.2", + "react-router-dom": "5.2.0", "react-scroll": "1.7.16", "react-svg-text": "0.1.2", "react-tag-input": "6.4.2", - "react-toastify": "5.5.0", + "react-toastify": "6.0.2", "react-tooltip": "4.2.6", "react-ultimate-pagination": "1.2.0", "react-use-dimensions": "1.2.1", diff --git a/client/src/pages/Help.js b/client/src/pages/Help.js index a163d82773..23ddb32b54 100644 --- a/client/src/pages/Help.js +++ b/client/src/pages/Help.js @@ -42,28 +42,18 @@ const BaseHelp = ({ appSettings, currentUser, pageDispatchers }) => { currentUser.position && currentUser.position.organization ) { - // Retrieve super users - const positionQuery = { - pageSize: 0, // retrieve all these positions - type: [Position.TYPE.SUPER_USER, Position.TYPE.ADMINISTRATOR], - status: Position.STATUS.ACTIVE, - organizationUuid: currentUser.position.organization.uuid - } - const queryResult = API.useApiQuery(GQL_GET_POSITION_LIST, { - positionQuery - }) return ( - ) } return ( @@ -76,6 +66,40 @@ BaseHelp.propTypes = { pageDispatchers: PageDispatchersPropType } +const BaseHelpFetchSuperUsers = ({ + orgUuid, + appSettings, + currentUser, + pageDispatchers +}) => { + // Retrieve super users + const positionQuery = { + pageSize: 0, // retrieve all these positions + type: [Position.TYPE.SUPER_USER, Position.TYPE.ADMINISTRATOR], + status: Position.STATUS.ACTIVE, + organizationUuid: orgUuid + } + const queryResult = API.useApiQuery(GQL_GET_POSITION_LIST, { + positionQuery + }) + return ( + + ) +} + +BaseHelpFetchSuperUsers.propTypes = { + orgUuid: PropTypes.string.isRequired, + appSettings: PropTypes.object, + currentUser: PropTypes.instanceOf(Person), + pageDispatchers: PageDispatchersPropType +} + const BaseHelpConditional = ({ loading, error, diff --git a/client/src/pages/organizations/New.js b/client/src/pages/organizations/New.js index 2fb188d5c3..dc1acac6f8 100644 --- a/client/src/pages/organizations/New.js +++ b/client/src/pages/organizations/New.js @@ -30,14 +30,10 @@ const OrganizationNew = ({ pageDispatchers }) => { const routerLocation = useLocation() const qs = utils.parseQueryString(routerLocation.search) if (qs.parentOrgUuid) { - const queryResult = API.useApiQuery(GQL_GET_ORGANIZATION, { - uuid: qs.parentOrgUuid - }) return ( - ) } @@ -48,6 +44,24 @@ OrganizationNew.propTypes = { pageDispatchers: PageDispatchersPropType } +const OrganizationNewFetchParentOrg = ({ orgUuid, pageDispatchers }) => { + const queryResult = API.useApiQuery(GQL_GET_ORGANIZATION, { + uuid: orgUuid + }) + return ( + + ) +} + +OrganizationNewFetchParentOrg.propTypes = { + orgUuid: PropTypes.string.isRequired, + pageDispatchers: PageDispatchersPropType +} + const OrganizationNewConditional = ({ loading, error, diff --git a/client/src/pages/positions/New.js b/client/src/pages/positions/New.js index 672c8dfd69..cdecae7bf3 100644 --- a/client/src/pages/positions/New.js +++ b/client/src/pages/positions/New.js @@ -30,16 +30,10 @@ const PositionNew = ({ pageDispatchers }) => { const routerLocation = useLocation() const qs = utils.parseQueryString(routerLocation.search) if (qs.organizationUuid) { - // If an organizationUuid was given in query parameters, - // then look that org up and pre-populate the field. - const queryResult = API.useApiQuery(GQL_GET_ORGANIZATION, { - uuid: qs.organizationUuid - }) return ( - ) } @@ -50,6 +44,26 @@ PositionNew.propTypes = { pageDispatchers: PageDispatchersPropType } +const PositionNewFetchOrg = ({ orgUuid, pageDispatchers }) => { + // If an organizationUuid was given in query parameters, + // then look that org up and pre-populate the field. + const queryResult = API.useApiQuery(GQL_GET_ORGANIZATION, { + uuid: orgUuid + }) + return ( + + ) +} + +PositionNewFetchOrg.propTypes = { + orgUuid: PropTypes.string.isRequired, + pageDispatchers: PageDispatchersPropType +} + const PositionNewConditional = ({ loading, error, diff --git a/client/src/pages/tasks/New.js b/client/src/pages/tasks/New.js index e68ca13b83..92f2e78bd6 100644 --- a/client/src/pages/tasks/New.js +++ b/client/src/pages/tasks/New.js @@ -30,14 +30,10 @@ const TaskNew = ({ pageDispatchers }) => { const routerLocation = useLocation() const qs = utils.parseQueryString(routerLocation.search) if (qs.taskedOrgUuid) { - const queryResult = API.useApiQuery(GQL_GET_ORGANIZATION, { - uuid: qs.taskedOrgUuid - }) return ( - ) } @@ -48,6 +44,24 @@ TaskNew.propTypes = { pageDispatchers: PageDispatchersPropType } +const TaskNewFetchTaskedOrg = ({ taskedOrgUuid, pageDispatchers }) => { + const queryResult = API.useApiQuery(GQL_GET_ORGANIZATION, { + uuid: taskedOrgUuid + }) + return ( + + ) +} + +TaskNewFetchTaskedOrg.propTypes = { + taskedOrgUuid: PropTypes.string.isRequired, + pageDispatchers: PageDispatchersPropType +} + const TaskNewConditional = ({ loading, error, diff --git a/client/yarn.lock b/client/yarn.lock index f9ab888d5a..ce5a4be6e8 100644 --- a/client/yarn.lock +++ b/client/yarn.lock @@ -1217,7 +1217,7 @@ dependencies: regenerator-runtime "^0.13.4" -"@babel/runtime@^7.0.0", "@babel/runtime@^7.1.2", "@babel/runtime@^7.3.1", "@babel/runtime@^7.4.0", "@babel/runtime@^7.4.2", "@babel/runtime@^7.4.5", "@babel/runtime@^7.5.0", "@babel/runtime@^7.5.5", "@babel/runtime@^7.6.3", "@babel/runtime@^7.7.2", "@babel/runtime@^7.7.6", "@babel/runtime@^7.8.4", "@babel/runtime@^7.8.7", "@babel/runtime@^7.9.2": +"@babel/runtime@^7.0.0", "@babel/runtime@^7.1.2", "@babel/runtime@^7.3.1", "@babel/runtime@^7.4.5", "@babel/runtime@^7.5.0", "@babel/runtime@^7.5.5", "@babel/runtime@^7.6.3", "@babel/runtime@^7.7.2", "@babel/runtime@^7.7.6", "@babel/runtime@^7.8.4", "@babel/runtime@^7.8.7", "@babel/runtime@^7.9.2": version "7.9.2" resolved "https://registry.yarnpkg.com/@babel/runtime/-/runtime-7.9.2.tgz#d90df0583a3a252f09aaa619665367bae518db06" integrity sha512-NE2DtOdufG7R5vnfQUTehdTfNycfUANEtCa9PssN9O/xmTzP4E08UI797ixaei6hBEVL9BI/PsdJS5x7mWoB9Q== @@ -2514,10 +2514,10 @@ browserstack-local "^1.4.5" got "^11.0.2" -"@wdio/cli@6.1.9": - version "6.1.9" - resolved "https://registry.yarnpkg.com/@wdio/cli/-/cli-6.1.9.tgz#2836990956acf690e0918346690309caa332c8c8" - integrity sha512-jcu6C+ssFJNqdLNn68jjyYw1+4qtWLl9V8XMupN8bSOiWtRW44Swltme+gjkMhZDatF8mFv1dEYfRMxbPsSqzw== +"@wdio/cli@6.1.11": + version "6.1.11" + resolved "https://registry.yarnpkg.com/@wdio/cli/-/cli-6.1.11.tgz#a819c6eb42d9397d04ca7cb30182a74dabcc0a01" + integrity sha512-xH/val+A2rimVgWnT7P7V7/DH7+r1bQ88a3LjM1UJIEnjVBhglx+fysjFCnRV205IhkW5lej0XLUlIJmMFdhiA== dependencies: "@wdio/config" "6.1.2" "@wdio/logger" "6.0.16" @@ -2533,7 +2533,7 @@ lodash.pickby "^4.6.0" lodash.union "^4.6.0" log-update "^4.0.0" - webdriverio "6.1.9" + webdriverio "6.1.11" yargs "^15.0.1" yarn-install "^1.0.0" @@ -2546,14 +2546,14 @@ deepmerge "^4.0.0" glob "^7.1.2" -"@wdio/local-runner@6.1.9": - version "6.1.9" - resolved "https://registry.yarnpkg.com/@wdio/local-runner/-/local-runner-6.1.9.tgz#c51944c38d3e6ed6cd3569265d81a513a760012b" - integrity sha512-EeBZESQIK5uVzrHkHSYlcBHYx2DPLwyWXKNMKkMdvR49BD7Z14CyH4TfWBytl/6ekLM9/B73EEXWRLWEVGC/0A== +"@wdio/local-runner@6.1.11": + version "6.1.11" + resolved "https://registry.yarnpkg.com/@wdio/local-runner/-/local-runner-6.1.11.tgz#28ccbaf02694b3d492207946b7fda0ae3bbf862e" + integrity sha512-cM8suZ5m35nIf02KmZqC5zi7bhb/k9jmbZJ0RaRLSSCrQK0CaWiSiUSJxx8FSymueStsob7dKQg3jzdUcOzQeQ== dependencies: "@wdio/logger" "6.0.16" "@wdio/repl" "6.1.8" - "@wdio/runner" "6.1.9" + "@wdio/runner" "6.1.11" async-exit-hook "^2.0.1" stream-buffers "^3.0.2" @@ -2577,10 +2577,10 @@ expect-webdriverio "^1.1.5" mocha "^7.0.1" -"@wdio/protocols@6.1.2": - version "6.1.2" - resolved "https://registry.yarnpkg.com/@wdio/protocols/-/protocols-6.1.2.tgz#b81094454977b3dd5b674417e681ba3d1c65ea16" - integrity sha512-H39nUuCVu6u2msjFAabVcWjz91+Ef3nerb61J4iwKzxGNvC1h4hOTmigRNFtjOIrWQ/76f4Ss1sZ1dEwhOIRrQ== +"@wdio/protocols@6.1.11": + version "6.1.11" + resolved "https://registry.yarnpkg.com/@wdio/protocols/-/protocols-6.1.11.tgz#96f3508497310fac0e9ea80daead2b1f26e57c4e" + integrity sha512-opauqB8kxsUOHrNxHv24D+DjULOvxQUfwSIGL4pv6u/b/Jzni4Nmjy4wcIb8TFXvWWvp7JfFQM1DntM0gQ0d3g== "@wdio/repl@6.1.8": version "6.1.8" @@ -2596,18 +2596,18 @@ dependencies: fs-extra "^9.0.0" -"@wdio/runner@6.1.9": - version "6.1.9" - resolved "https://registry.yarnpkg.com/@wdio/runner/-/runner-6.1.9.tgz#c115a158c564792c3c1f2f293e2b9d8d0a92e08f" - integrity sha512-iBWkv2I4YHD6w+LzFoL5P+kfPH8RJIxgE7Thl/Ux2ElKbBuKwxO/+gyq7W4Vz7LkZADycEfFke7AEmmSJkgbVQ== +"@wdio/runner@6.1.11": + version "6.1.11" + resolved "https://registry.yarnpkg.com/@wdio/runner/-/runner-6.1.11.tgz#1996536d18759592b8e55443acd3916fe5f22131" + integrity sha512-Hw+sL63ALE7/CsxVEt3uwUtERcDZn2gbUhwuHUdNoePtj2kD1UQwpof8LATrymT3oVaiMYB3j3hcB8hvoTGQRA== dependencies: "@wdio/config" "6.1.2" "@wdio/logger" "6.0.16" "@wdio/utils" "6.1.8" deepmerge "^4.0.0" gaze "^1.1.2" - webdriver "6.1.8" - webdriverio "6.1.9" + webdriver "6.1.11" + webdriverio "6.1.11" "@wdio/spec-reporter@6.1.9": version "6.1.9" @@ -4614,7 +4614,7 @@ chalk@2.3.1: escape-string-regexp "^1.0.5" supports-color "^5.2.0" -chalk@2.4.2, chalk@^2.0.0, chalk@^2.0.1, chalk@^2.1.0, chalk@^2.3.0, chalk@^2.4.1, chalk@^2.4.2: +chalk@2.4.2, chalk@^2.0.0, chalk@^2.0.1, chalk@^2.3.0, chalk@^2.4.1, chalk@^2.4.2: version "2.4.2" resolved "https://registry.yarnpkg.com/chalk/-/chalk-2.4.2.tgz#cd42541677a54333cf541a49108c1432b44c9424" integrity sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ== @@ -4794,10 +4794,10 @@ chrome-trace-event@^1.0.2: dependencies: tslib "^1.9.0" -chromedriver@80.0.2: - version "80.0.2" - resolved "https://registry.yarnpkg.com/chromedriver/-/chromedriver-80.0.2.tgz#005b9bf19abebf678b5d5670a9f16605c437a154" - integrity sha512-MKrTzBtykWuIswRYgUw9dHXr96BShQYSy8NdLlo2LN1mZ17A9nxtz9v0h9z1zKWTVaxT7e0qvo41rSY5BL1i+Q== +chromedriver@81.0.0: + version "81.0.0" + resolved "https://registry.yarnpkg.com/chromedriver/-/chromedriver-81.0.0.tgz#690ba333aedf2b4c4933b6590c3242d3e5f28f3c" + integrity sha512-BA++IQ7O1FzHmNpzMlOfLiSBvPZ946uuhtJjZHEIr/Gb+Ha9jiuGbHiT45l6O3XGbQ8BAwvbmdisjl4rTxro4A== dependencies: "@testim/chrome-version" "^1.0.7" axios "^0.19.2" @@ -5533,7 +5533,7 @@ cross-spawn@6.0.5, cross-spawn@^6.0.0, cross-spawn@^6.0.5: shebang-command "^1.2.0" which "^1.2.9" -cross-spawn@7.0.2, cross-spawn@^7.0.0: +cross-spawn@7.0.2, cross-spawn@^7.0.0, cross-spawn@^7.0.2: version "7.0.2" resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-7.0.2.tgz#d0d7dcfa74e89115c7619f4f721a94e1fdb716d6" integrity sha512-PD6G8QG3S4FK/XCGFbEQrDqO2AnMMsy0meR7lerlIOHAAbkuavGU/pOqprrlvfTNjvowivTeBsjebAL0NSoMxw== @@ -6258,14 +6258,14 @@ detect-port@^1.3.0: address "^1.0.1" debug "^2.6.0" -devtools@6.1.9: - version "6.1.9" - resolved "https://registry.yarnpkg.com/devtools/-/devtools-6.1.9.tgz#566807107d5f2f462336305714f670394473928c" - integrity sha512-L/swy1hth+2ltn/8Wnvd8BjZORNftINOgIRQ86NpL7ieSOz3RaOjf8T70prZwsQ6Hgk9ZW0WDuR/Rj3gMHTgsA== +devtools@6.1.11: + version "6.1.11" + resolved "https://registry.yarnpkg.com/devtools/-/devtools-6.1.11.tgz#a2b09034a4ee630749fff756ec436abd03e20a79" + integrity sha512-jqCkkIcFTUq7xAPRwUApq8IMUn6v5XWoroaIec27ALXehFdGpEmO4p6Uehbn2580HOa2JYB+FdR9yzTw+MAuQA== dependencies: "@wdio/config" "6.1.2" "@wdio/logger" "6.0.16" - "@wdio/protocols" "6.1.2" + "@wdio/protocols" "6.1.11" "@wdio/utils" "6.1.8" chrome-launcher "^0.13.1" puppeteer-core "^3.0.0" @@ -7030,10 +7030,10 @@ eslint-plugin-promise@4.2.1: resolved "https://registry.yarnpkg.com/eslint-plugin-promise/-/eslint-plugin-promise-4.2.1.tgz#845fd8b2260ad8f82564c1222fce44ad71d9418a" integrity sha512-VoM09vT7bfA7D+upt+FjeBO5eHIJQBUWki1aPvB+vbNiHS3+oGIJGIeyBtKQTME6UPXXy3vV07OL1tHd3ANuDw== -eslint-plugin-react-hooks@3.0.0: - version "3.0.0" - resolved "https://registry.yarnpkg.com/eslint-plugin-react-hooks/-/eslint-plugin-react-hooks-3.0.0.tgz#9e80c71846eb68dd29c3b21d832728aa66e5bd35" - integrity sha512-EjxTHxjLKIBWFgDJdhKKzLh5q+vjTFrqNZX36uIxWS4OfyXe5DawqPj3U5qeJ1ngLwatjzQnmR0Lz0J0YH3kxw== +eslint-plugin-react-hooks@4.0.0: + version "4.0.0" + resolved "https://registry.yarnpkg.com/eslint-plugin-react-hooks/-/eslint-plugin-react-hooks-4.0.0.tgz#81196b990043cde339e25c6662aeebe32ac52d01" + integrity sha512-YKBY+kilK5wrwIdQnCF395Ya6nDro3EAMoe+2xFkmyklyhF16fH83TrQOo9zbZIDxBsXFgBbywta/0JKRNFDkw== eslint-plugin-react@7.19.0: version "7.19.0" @@ -7074,13 +7074,6 @@ eslint-scope@^5.0.0: esrecurse "^4.1.0" estraverse "^4.1.1" -eslint-utils@^1.4.3: - version "1.4.3" - resolved "https://registry.yarnpkg.com/eslint-utils/-/eslint-utils-1.4.3.tgz#74fec7c54d0776b6f67e0251040b5806564e981f" - integrity sha512-fbBN5W2xdY45KulGXmLHZ3c3FHfVYmKg0IrAKGOkT/464PQsx2UeIzfz1RmEci+KLm1bBaAzZAh8+/E+XAeZ8Q== - dependencies: - eslint-visitor-keys "^1.1.0" - eslint-utils@^2.0.0: version "2.0.0" resolved "https://registry.yarnpkg.com/eslint-utils/-/eslint-utils-2.0.0.tgz#7be1cc70f27a72a76cd14aa698bcabed6890e1cd" @@ -7093,22 +7086,22 @@ eslint-visitor-keys@^1.0.0, eslint-visitor-keys@^1.1.0: resolved "https://registry.yarnpkg.com/eslint-visitor-keys/-/eslint-visitor-keys-1.1.0.tgz#e2a82cea84ff246ad6fb57f9bde5b46621459ec2" integrity sha512-8y9YjtM1JBJU/A9Kc+SbaOV4y29sSWckBwMHa+FGtVj5gN/sbnKDf6xJUl+8g7FAij9LVaP8C24DUiH/f/2Z9A== -eslint@6.8.0: - version "6.8.0" - resolved "https://registry.yarnpkg.com/eslint/-/eslint-6.8.0.tgz#62262d6729739f9275723824302fb227c8c93ffb" - integrity sha512-K+Iayyo2LtyYhDSYwz5D5QdWw0hCacNzyq1Y821Xna2xSJj7cijoLLYmLxTQgcgZ9mC61nryMy9S7GRbYpI5Ig== +eslint@7.0.0: + version "7.0.0" + resolved "https://registry.yarnpkg.com/eslint/-/eslint-7.0.0.tgz#c35dfd04a4372110bd78c69a8d79864273919a08" + integrity sha512-qY1cwdOxMONHJfGqw52UOpZDeqXy8xmD0u8CT6jIstil72jkhURC704W8CFyTPDPllz4z4lu0Ql1+07PG/XdIg== dependencies: "@babel/code-frame" "^7.0.0" ajv "^6.10.0" - chalk "^2.1.0" - cross-spawn "^6.0.5" + chalk "^4.0.0" + cross-spawn "^7.0.2" debug "^4.0.1" doctrine "^3.0.0" eslint-scope "^5.0.0" - eslint-utils "^1.4.3" + eslint-utils "^2.0.0" eslint-visitor-keys "^1.1.0" - espree "^6.1.2" - esquery "^1.0.1" + espree "^7.0.0" + esquery "^1.2.0" esutils "^2.0.2" file-entry-cache "^5.0.1" functional-red-black-tree "^1.0.1" @@ -7121,25 +7114,24 @@ eslint@6.8.0: is-glob "^4.0.0" js-yaml "^3.13.1" json-stable-stringify-without-jsonify "^1.0.1" - levn "^0.3.0" + levn "^0.4.1" lodash "^4.17.14" minimatch "^3.0.4" - mkdirp "^0.5.1" natural-compare "^1.4.0" - optionator "^0.8.3" + optionator "^0.9.1" progress "^2.0.0" - regexpp "^2.0.1" - semver "^6.1.2" - strip-ansi "^5.2.0" - strip-json-comments "^3.0.1" + regexpp "^3.1.0" + semver "^7.2.1" + strip-ansi "^6.0.0" + strip-json-comments "^3.1.0" table "^5.2.3" text-table "^0.2.0" v8-compile-cache "^2.0.3" -espree@^6.1.2: - version "6.2.1" - resolved "https://registry.yarnpkg.com/espree/-/espree-6.2.1.tgz#77fc72e1fd744a2052c20f38a5b575832e82734a" - integrity sha512-ysCxRQY3WaXJz9tdbWOwuWr5Y/XrPTGX9Kiz3yoUXwW0VZ4w30HTkQLaGx/+ttFjF8i+ACbArnB4ce68a9m5hw== +espree@^7.0.0: + version "7.0.0" + resolved "https://registry.yarnpkg.com/espree/-/espree-7.0.0.tgz#8a7a60f218e69f120a842dc24c5a88aa7748a74e" + integrity sha512-/r2XEx5Mw4pgKdyb7GNLQNsu++asx/dltf/CI8RFi9oGHxmQFgvLbc5Op4U6i8Oaj+kdslhJtVlEZeAqH5qOTw== dependencies: acorn "^7.1.1" acorn-jsx "^5.2.0" @@ -7150,7 +7142,7 @@ esprima@^4.0.0, esprima@^4.0.1, esprima@~4.0.0: resolved "https://registry.yarnpkg.com/esprima/-/esprima-4.0.1.tgz#13b04cdb3e6c5d19df91ab6987a8695619b0aa71" integrity sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A== -esquery@^1.0.1: +esquery@^1.2.0: version "1.3.1" resolved "https://registry.yarnpkg.com/esquery/-/esquery-1.3.1.tgz#b78b5828aa8e214e29fb74c4d5b752e1c033da57" integrity sha512-olpvt9QG0vniUBZspVRN6lwB7hOZoTRtT+jzR+tS4ffYx2mzbw+z0XCOk44aaLYKApNX5nMm+E+P6o25ip/DHQ== @@ -7497,7 +7489,7 @@ fast-json-stable-stringify@^2.0.0: resolved "https://registry.yarnpkg.com/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz#874bf69c6f404c2b5d99c481341399fd55892633" integrity sha512-lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw== -fast-levenshtein@~2.0.6: +fast-levenshtein@^2.0.6, fast-levenshtein@~2.0.6: version "2.0.6" resolved "https://registry.yarnpkg.com/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz#3d8a5c66883a16a30ca8643e851f19baa7797917" integrity sha1-PYpcZog6FqMMqGQ+hR8Zuqd5eRc= @@ -10878,7 +10870,15 @@ levenary@^1.1.1: dependencies: leven "^3.1.0" -levn@^0.3.0, levn@~0.3.0: +levn@^0.4.1: + version "0.4.1" + resolved "https://registry.yarnpkg.com/levn/-/levn-0.4.1.tgz#ae4562c007473b932a6200d403268dd2fffc6ade" + integrity sha512-+bT2uH4E5LGE7h/n3evcS/sQlJXCpIp6ym8OWJ5eV6+67Dsql/LaaT7qJBAt2rzfoa/5QBGBhxDix1dMt2kQKQ== + dependencies: + prelude-ls "^1.2.1" + type-check "~0.4.0" + +levn@~0.3.0: version "0.3.0" resolved "https://registry.yarnpkg.com/levn/-/levn-0.3.0.tgz#3b09924edf9f083c0490fdd4c0bc4421e04764ee" integrity sha1-OwmSTt+fCDwEkP3UwLxEIeBHZO4= @@ -11569,14 +11569,13 @@ min-indent@^1.0.0: resolved "https://registry.yarnpkg.com/min-indent/-/min-indent-1.0.0.tgz#cfc45c37e9ec0d8f0a0ec3dd4ef7f7c3abe39256" integrity sha1-z8RcN+nsDY8KDsPdTvf3w6vjklY= -mini-create-react-context@^0.3.0: - version "0.3.2" - resolved "https://registry.yarnpkg.com/mini-create-react-context/-/mini-create-react-context-0.3.2.tgz#79fc598f283dd623da8e088b05db8cddab250189" - integrity sha512-2v+OeetEyliMt5VHMXsBhABoJ0/M4RCe7fatd/fBy6SMiKazUSEt3gxxypfnk2SHMkdBYvorHRoQxuGoiwbzAw== +mini-create-react-context@^0.4.0: + version "0.4.0" + resolved "https://registry.yarnpkg.com/mini-create-react-context/-/mini-create-react-context-0.4.0.tgz#df60501c83151db69e28eac0ef08b4002efab040" + integrity sha512-b0TytUgFSbgFJGzJqXPKCFCBWigAjpjo+Fl7Vf7ZbKRDptszpppKxXH6DRXEABZ/gcEQczeb0iZ7JvL8e8jjCA== dependencies: - "@babel/runtime" "^7.4.0" - gud "^1.0.0" - tiny-warning "^1.0.2" + "@babel/runtime" "^7.5.5" + tiny-warning "^1.0.3" mini-css-extract-plugin@^0.7.0: version "0.7.0" @@ -12334,7 +12333,7 @@ optimism@^0.10.0: dependencies: "@wry/context" "^0.4.0" -optionator@^0.8.1, optionator@^0.8.3: +optionator@^0.8.1: version "0.8.3" resolved "https://registry.yarnpkg.com/optionator/-/optionator-0.8.3.tgz#84fa1d036fe9d3c7e21d99884b601167ec8fb495" integrity sha512-+IW9pACdk3XWmmTXG8m3upGUJst5XRGzxMRjXzAuJ1XnIFNvfhjjIuYkDvysnPQ7qzqVzLt78BCruntqRhWQbA== @@ -12346,6 +12345,18 @@ optionator@^0.8.1, optionator@^0.8.3: type-check "~0.3.2" word-wrap "~1.2.3" +optionator@^0.9.1: + version "0.9.1" + resolved "https://registry.yarnpkg.com/optionator/-/optionator-0.9.1.tgz#4f236a6373dae0566a6d43e1326674f50c291499" + integrity sha512-74RlY5FCnhq4jRxVUPKDaRwrVNXMqsGsiW6AJw4XK8hmtm10wC0ypZBLw5IIp85NZMr91+qd1RvvENwg7jjRFw== + dependencies: + deep-is "^0.1.3" + fast-levenshtein "^2.0.6" + levn "^0.4.1" + prelude-ls "^1.2.1" + type-check "^0.4.0" + word-wrap "^1.2.3" + ora@^3.0.0: version "3.4.0" resolved "https://registry.yarnpkg.com/ora/-/ora-3.4.0.tgz#bf0752491059a3ef3ed4c85097531de9fdbcd318" @@ -13025,6 +13036,11 @@ postcss@^7.0.0, postcss@^7.0.14, postcss@^7.0.16, postcss@^7.0.26, postcss@^7.0. source-map "^0.6.1" supports-color "^6.1.0" +prelude-ls@^1.2.1: + version "1.2.1" + resolved "https://registry.yarnpkg.com/prelude-ls/-/prelude-ls-1.2.1.tgz#debc6489d7a6e6b0e7611888cec880337d316396" + integrity sha512-vkcDPrRZo1QZLbn5RLGPpg/WmIQ65qoWWhcGKf/b5eplkkarX0m9z8ppCat4mlOqUsWpyNuYgO3VRyrYHSzX5g== + prelude-ls@~1.1.2: version "1.1.2" resolved "https://registry.yarnpkg.com/prelude-ls/-/prelude-ls-1.1.2.tgz#21932a549f5e52ffd9a827f570e04be62a97da54" @@ -13751,29 +13767,29 @@ react-router-bootstrap@0.25.0: dependencies: prop-types "^15.5.10" -react-router-dom@5.1.2: - version "5.1.2" - resolved "https://registry.yarnpkg.com/react-router-dom/-/react-router-dom-5.1.2.tgz#06701b834352f44d37fbb6311f870f84c76b9c18" - integrity sha512-7BPHAaIwWpZS074UKaw1FjVdZBSVWEk8IuDXdB+OkLb8vd/WRQIpA4ag9WQk61aEfQs47wHyjWUoUGGZxpQXew== +react-router-dom@5.2.0: + version "5.2.0" + resolved "https://registry.yarnpkg.com/react-router-dom/-/react-router-dom-5.2.0.tgz#9e65a4d0c45e13289e66c7b17c7e175d0ea15662" + integrity sha512-gxAmfylo2QUjcwxI63RhQ5G85Qqt4voZpUXSEqCwykV0baaOTQDR1f0PmY8AELqIyVc0NEZUj0Gov5lNGcXgsA== dependencies: "@babel/runtime" "^7.1.2" history "^4.9.0" loose-envify "^1.3.1" prop-types "^15.6.2" - react-router "5.1.2" + react-router "5.2.0" tiny-invariant "^1.0.2" tiny-warning "^1.0.0" -react-router@5.1.2: - version "5.1.2" - resolved "https://registry.yarnpkg.com/react-router/-/react-router-5.1.2.tgz#6ea51d789cb36a6be1ba5f7c0d48dd9e817d3418" - integrity sha512-yjEuMFy1ONK246B+rsa0cUam5OeAQ8pyclRDgpxuSCrAlJ1qN9uZ5IgyKC7gQg0w8OM50NXHEegPh/ks9YuR2A== +react-router@5.2.0: + version "5.2.0" + resolved "https://registry.yarnpkg.com/react-router/-/react-router-5.2.0.tgz#424e75641ca8747fbf76e5ecca69781aa37ea293" + integrity sha512-smz1DUuFHRKdcJC0jobGo8cVbhO3x50tCL4icacOlcwDOEQPq4TMqwx3sY1TP+DvtTgz4nm3thuo7A+BK2U0Dw== dependencies: "@babel/runtime" "^7.1.2" history "^4.9.0" hoist-non-react-statics "^3.1.0" loose-envify "^1.3.1" - mini-create-react-context "^0.3.0" + mini-create-react-context "^0.4.0" path-to-regexp "^1.7.0" prop-types "^15.6.2" react-is "^16.6.0" @@ -13846,15 +13862,14 @@ react-textarea-autosize@^7.1.0: "@babel/runtime" "^7.1.2" prop-types "^15.6.0" -react-toastify@5.5.0: - version "5.5.0" - resolved "https://registry.yarnpkg.com/react-toastify/-/react-toastify-5.5.0.tgz#f55de44f6b5e3ce3b13b69e5bb4427f2c9404822" - integrity sha512-jsVme7jALIFGRyQsri/g4YTsRuaaGI70T6/ikjwZMB4mwTZaCWqj5NqxhGrRStKlJc5npXKKvKeqTiRGQl78LQ== +react-toastify@6.0.2: + version "6.0.2" + resolved "https://registry.yarnpkg.com/react-toastify/-/react-toastify-6.0.2.tgz#db941d3b51997ccbd53cfd39e94ab2f49145a515" + integrity sha512-hcBdCJOOceix6pfdk073VoDlSjTfvMqDULvrJtnny6LQxJJI8jFtOVi3mwX5h2fYl6PXes5M51gkvn8eDW6zQw== dependencies: - "@babel/runtime" "^7.4.2" classnames "^2.2.6" prop-types "^15.7.2" - react-transition-group "^4" + react-transition-group "^4.4.1" react-tooltip@4.2.6: version "4.2.6" @@ -13874,10 +13889,10 @@ react-transition-group@^2.0.0, react-transition-group@^2.2.1, react-transition-g prop-types "^15.6.2" react-lifecycles-compat "^3.0.4" -react-transition-group@^4: - version "4.3.0" - resolved "https://registry.yarnpkg.com/react-transition-group/-/react-transition-group-4.3.0.tgz#fea832e386cf8796c58b61874a3319704f5ce683" - integrity sha512-1qRV1ZuVSdxPlPf4O8t7inxUGpdyO5zG9IoNfJxSO0ImU2A1YWkEQvFPuIPZmMLkg5hYs7vv5mMOyfgSkvAwvw== +react-transition-group@^4.4.1: + version "4.4.1" + resolved "https://registry.yarnpkg.com/react-transition-group/-/react-transition-group-4.4.1.tgz#63868f9325a38ea5ee9535d828327f85773345c9" + integrity sha512-Djqr7OQ2aPUiYurhPalTrVy9ddmFCCzwhqQmtN+J3+3DzLO209Fdr70QrN8Z3DsglWql6iY1lDWAfpFiBtuKGw== dependencies: "@babel/runtime" "^7.5.5" dom-helpers "^5.0.1" @@ -14112,12 +14127,7 @@ regexp.prototype.flags@^1.2.0, regexp.prototype.flags@^1.3.0: define-properties "^1.1.3" es-abstract "^1.17.0-next.1" -regexpp@^2.0.1: - version "2.0.1" - resolved "https://registry.yarnpkg.com/regexpp/-/regexpp-2.0.1.tgz#8d19d31cf632482b589049f8281f93dbcba4d07f" - integrity sha512-lv0M6+TkDVniA3aD1Eg0DVpfU/booSu7Eev3TDO/mZKHBfVjgCGTV4t4buppESEYDtkArYFOxTJWv6S5C+iaNw== - -regexpp@^3.0.0: +regexpp@^3.0.0, regexpp@^3.1.0: version "3.1.0" resolved "https://registry.yarnpkg.com/regexpp/-/regexpp-3.1.0.tgz#206d0ad0a5648cffbdb8ae46438f3dc51c9f78e2" integrity sha512-ZOIzd8yVsQQA7j8GCSlPGXwg5PfmA1mrq0JP4nGhh54LaKN3xdai/vHUDu74pKwV8OxseMS65u2NImosQcSD0Q== @@ -14618,7 +14628,7 @@ semver@7.0.0: resolved "https://registry.yarnpkg.com/semver/-/semver-7.0.0.tgz#5f3ca35761e47e05b206c6daff2cf814f0316b8e" integrity sha512-+GB6zVA9LWh6zovYQLALHwv5rb2PHGlJi3lfiqIHxR0uuwCgefcOJc59v9fv1w8GbStwxuuqqAjI9NMAOOgq1A== -semver@^6.0.0, semver@^6.1.0, semver@^6.1.2, semver@^6.2.0, semver@^6.3.0: +semver@^6.0.0, semver@^6.1.0, semver@^6.2.0, semver@^6.3.0: version "6.3.0" resolved "https://registry.yarnpkg.com/semver/-/semver-6.3.0.tgz#ee0a64c8af5e8ceea67687b133761e1becbd1d3d" integrity sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw== @@ -15410,7 +15420,7 @@ strip-json-comments@2.0.1, strip-json-comments@~2.0.1: resolved "https://registry.yarnpkg.com/strip-json-comments/-/strip-json-comments-2.0.1.tgz#3c531942e908c2697c0ec344858c286c7ca0a60a" integrity sha1-PFMZQukIwml8DsNEhYwobHygpgo= -strip-json-comments@^3.0.1: +strip-json-comments@^3.1.0: version "3.1.0" resolved "https://registry.yarnpkg.com/strip-json-comments/-/strip-json-comments-3.1.0.tgz#7638d31422129ecf4457440009fba03f9f9ac180" integrity sha512-e6/d0eBu7gHtdCqFt0xJr642LdToM5/cN4Qb9DbHjVx1CP5RyeM+zH7pbecEmDv/lBqb0QH+6Uqq75rxFPkM0w== @@ -15787,7 +15797,7 @@ tiny-invariant@^1.0.2: resolved "https://registry.yarnpkg.com/tiny-invariant/-/tiny-invariant-1.1.0.tgz#634c5f8efdc27714b7f386c35e6760991d230875" integrity sha512-ytxQvrb1cPc9WBEI/HSeYYoGD0kWnGEOR8RY6KomWLBVhqz0RgTwVO9dLrGz7dC+nN9llyI7OKAgRq8Vq4ZBSw== -tiny-warning@^1.0.0, tiny-warning@^1.0.2: +tiny-warning@^1.0.0, tiny-warning@^1.0.2, tiny-warning@^1.0.3: version "1.0.3" resolved "https://registry.yarnpkg.com/tiny-warning/-/tiny-warning-1.0.3.tgz#94a30db453df4c643d0fd566060d60a875d84754" integrity sha512-lBN9zLN/oAf68o3zNXYrdCt1kP8WsiGW8Oo2ka41b2IM5JL/S1CTyX1rW0mb/zSuJun0ZUrDxx4sqvYS2FWzPA== @@ -15979,6 +15989,13 @@ tweetnacl@^0.14.3, tweetnacl@~0.14.0: resolved "https://registry.yarnpkg.com/tweetnacl/-/tweetnacl-0.14.5.tgz#5ae68177f192d4456269d108afa93ff8743f4f64" integrity sha1-WuaBd/GS1EViadEIr6k/+HQ/T2Q= +type-check@^0.4.0, type-check@~0.4.0: + version "0.4.0" + resolved "https://registry.yarnpkg.com/type-check/-/type-check-0.4.0.tgz#07b8203bfa7056c0657050e3ccd2c37730bab8f1" + integrity sha512-XleUoc9uwGXqjWwXaUTZAmzMcFZ5858QA2vvx1Ur5xIcixXIP+8LnFDgRplU30us6teqdlskFfu+ae4K79Ooew== + dependencies: + prelude-ls "^1.2.1" + type-check@~0.3.2: version "0.3.2" resolved "https://registry.yarnpkg.com/type-check/-/type-check-0.3.2.tgz#5884cab512cf1d355e3fb784f30804b2b520db72" @@ -16543,22 +16560,22 @@ wdio-chromedriver-service@6.0.3: dependencies: fs-extra "^9.0.0" -webdriver@6.1.8: - version "6.1.8" - resolved "https://registry.yarnpkg.com/webdriver/-/webdriver-6.1.8.tgz#792f390fcbedd97325cac25ae5df92d4d38fe3e7" - integrity sha512-S1SkzMAn/iYGzm86wrjlm/RhkbBShFYecKmHwH08/Xt3vwq9uYRN2u2+d58snVGs07y9y5uROjK7ktvYDo8rlg== +webdriver@6.1.11: + version "6.1.11" + resolved "https://registry.yarnpkg.com/webdriver/-/webdriver-6.1.11.tgz#26c9c61defee06948cd4e7869ecd7b9cc02dc36f" + integrity sha512-CWCsTSz4J5uSQD8PHtDyHCdzqWr/8GD9feesJSiftHvauegikTFCC8nUtI68EfYlNO5gYpnI0eF90prKTz8SnA== dependencies: "@wdio/config" "6.1.2" "@wdio/logger" "6.0.16" - "@wdio/protocols" "6.1.2" + "@wdio/protocols" "6.1.11" "@wdio/utils" "6.1.8" got "^11.0.2" lodash.merge "^4.6.1" -webdriverio@6.1.9: - version "6.1.9" - resolved "https://registry.yarnpkg.com/webdriverio/-/webdriverio-6.1.9.tgz#9fda9685584eb594101a742b198370e66ebecd7e" - integrity sha512-1ayARHlnq2uSLdLnAf5r9GNUXBMAR8Jsd0TjnQOzC5czZHy/N1S9T3lqWzMYo5Kut4MNikXHFZqTT3y0B2U1Iw== +webdriverio@6.1.11: + version "6.1.11" + resolved "https://registry.yarnpkg.com/webdriverio/-/webdriverio-6.1.11.tgz#40d214678111ac3436bac525ff10bce16b1f4561" + integrity sha512-b6nP19da0HlqqD3ApYZc3yCraMwUjWLX+ghaT0kCIA8lBbVCEhXhJNAgPrEZJUfYJPKmYe7f0Gibn821fCMCQQ== dependencies: "@wdio/config" "6.1.2" "@wdio/logger" "6.0.16" @@ -16566,7 +16583,7 @@ webdriverio@6.1.9: "@wdio/utils" "6.1.8" archiver "^4.0.1" css-value "^0.0.1" - devtools "6.1.9" + devtools "6.1.11" grapheme-splitter "^1.0.2" lodash.clonedeep "^4.5.0" lodash.isobject "^3.0.2" @@ -16575,7 +16592,7 @@ webdriverio@6.1.9: resq "^1.6.0" rgb2hex "^0.1.0" serialize-error "^6.0.0" - webdriver "6.1.8" + webdriver "6.1.11" webidl-conversions@^5.0.0: version "5.0.0" @@ -16820,7 +16837,7 @@ widest-line@^3.1.0: dependencies: string-width "^4.0.0" -word-wrap@~1.2.3: +word-wrap@^1.2.3, word-wrap@~1.2.3: version "1.2.3" resolved "https://registry.yarnpkg.com/word-wrap/-/word-wrap-1.2.3.tgz#610636f6b1f703891bd34771ccb17fb93b47079c" integrity sha512-Hz/mrNwitNRh/HUAtM/VT/5VH+ygD6DV7mYKZAtHOrbs8U7lvPS6xf7EJKMF0uW1KJCl0H701g3ZGus+muE5vQ== diff --git a/keycloak-export.sh b/keycloak-export.sh new file mode 100755 index 0000000000..f8904ed0ff --- /dev/null +++ b/keycloak-export.sh @@ -0,0 +1,11 @@ +#!/bin/sh + +KEYCLOAK_SERVER_PATH="/srv/apps/keycloak-10.0.1" +KEYCLOAK_PORT="9080" + +"$KEYCLOAK_SERVER_PATH"/bin/standalone.sh \ + -Djboss.http.port="$KEYCLOAK_PORT" \ + -Dkeycloak.migration.action=export + -Dkeycloak.migration.provider=singleFile + -Dkeycloak.migration.realmName=ANET-Realm + -Dkeycloak.migration.file=ANET_Realm-export.json diff --git a/keycloak-import.sh b/keycloak-import.sh new file mode 100755 index 0000000000..314ec89813 --- /dev/null +++ b/keycloak-import.sh @@ -0,0 +1,14 @@ +#!/bin/sh + +KEYCLOAK_SERVER_PATH="/srv/apps/keycloak-10.0.1" +KEYCLOAK_PORT="9080" + +"$KEYCLOAK_SERVER_PATH"/bin/standalone.sh \ + -Djboss.http.port="$KEYCLOAK_PORT" \ + -Dkeycloak.profile.feature.scripts=enabled \ + -Dkeycloak.profile.feature.upload_scripts=enabled \ + -Dkeycloak.migration.action=import \ + -Dkeycloak.migration.provider=singleFile \ + -Dkeycloak.migration.realmName=ANET-Realm \ + -Dkeycloak.migration.file=ANET-Realm-export.json \ + -Dkeycloak.migration.strategy=OVERWRITE_EXISTING diff --git a/src/main/java/mil/dds/anet/AnetApplication.java b/src/main/java/mil/dds/anet/AnetApplication.java index 2b9a4e19c0..01fa04ef2c 100644 --- a/src/main/java/mil/dds/anet/AnetApplication.java +++ b/src/main/java/mil/dds/anet/AnetApplication.java @@ -12,14 +12,14 @@ import com.networknt.schema.JsonSchemaFactory; import com.networknt.schema.SpecVersion; import com.networknt.schema.ValidationMessage; +import de.ahus1.keycloak.dropwizard.AbstractKeycloakAuthenticator; +import de.ahus1.keycloak.dropwizard.KeycloakBundle; +import de.ahus1.keycloak.dropwizard.KeycloakConfiguration; import freemarker.template.Configuration; import freemarker.template.Version; import io.dropwizard.Application; -import io.dropwizard.auth.AuthDynamicFeature; -import io.dropwizard.auth.AuthFilter; import io.dropwizard.auth.AuthValueFactoryProvider; -import io.dropwizard.auth.basic.BasicCredentialAuthFilter; -import io.dropwizard.auth.chained.ChainedAuthFilter; +import io.dropwizard.auth.Authorizer; import io.dropwizard.bundles.assets.ConfiguredAssetsBundle; import io.dropwizard.cli.ServerCommand; import io.dropwizard.configuration.EnvironmentVariableSubstitutor; @@ -32,22 +32,21 @@ import java.io.IOException; import java.io.InputStream; import java.lang.invoke.MethodHandles; -import java.util.Arrays; +import java.security.Principal; import java.util.EnumSet; +import java.util.List; import java.util.Map; import java.util.Set; import java.util.concurrent.Executors; import java.util.concurrent.ScheduledExecutorService; import java.util.concurrent.TimeUnit; import javax.servlet.DispatcherType; -import javax.servlet.Filter; -import javax.servlet.FilterRegistration; -import mil.dds.anet.auth.AnetAuthenticationFilter; -import mil.dds.anet.auth.AnetDevAuthenticator; -import mil.dds.anet.auth.TimedNegotiateSecurityFilter; -import mil.dds.anet.auth.UrlParamsAuthFilter; +import javax.servlet.http.HttpServletRequest; +import javax.ws.rs.WebApplicationException; +import javax.ws.rs.core.Response.Status; import mil.dds.anet.beans.Person; import mil.dds.anet.config.AnetConfiguration; +import mil.dds.anet.database.PersonDao; import mil.dds.anet.database.StatementLogger; import mil.dds.anet.resources.AdminResource; import mil.dds.anet.resources.ApprovalStepResource; @@ -76,13 +75,12 @@ import org.eclipse.jetty.server.session.SessionHandler; import org.eclipse.jetty.servlet.FilterHolder; import org.eclipse.jetty.servlet.ServletContextHandler; -import org.glassfish.jersey.server.filter.RolesAllowedDynamicFeature; +import org.keycloak.KeycloakSecurityContext; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import ru.vyarus.dropwizard.guice.GuiceBundle; import ru.vyarus.dropwizard.guice.injector.lookup.InjectorLookup; import ru.vyarus.guicey.jdbi3.JdbiBundle; -import waffle.servlet.NegotiateSecurityFilter; public class AnetApplication extends Application { @@ -151,6 +149,48 @@ public Map> getViewConfiguration( } }); + // Add Dropwizard-Keycloak + bootstrap.addBundle(new KeycloakBundle() { + @Override + protected KeycloakConfiguration getKeycloakConfiguration(AnetConfiguration configuration) { + return configuration.getKeycloakConfiguration(); + } + + @Override + protected Class getUserClass() { + return Person.class; + } + + @Override + protected AbstractKeycloakAuthenticator createAuthenticator( + KeycloakConfiguration configuration) { + return new AbstractKeycloakAuthenticator(configuration) { + @Override + protected Person prepareAuthentication(KeycloakSecurityContext securityContext, + HttpServletRequest request, KeycloakConfiguration keycloakConfiguration) { + final PersonDao dao = AnetObjectEngine.getInstance().getPersonDao(); + final String username = securityContext.getToken().getPreferredUsername(); + final List p = dao.findByDomainUsername(username); + if (p.isEmpty()) { + throw new WebApplicationException("Unauthorized", Status.UNAUTHORIZED); + } + return p.get(0); + } + }; + } + + @Override + protected Authorizer createAuthorizer() { + return new Authorizer() { + @Override + public boolean authorize(Person principal, String role) { + // We don't use @RolesAllowed type authorizations + return false; + } + }; + } + }); + // Add Dropwizard-Guicey bootstrap.addBundle(GuiceBundle.builder() .bundles( @@ -183,43 +223,14 @@ public void run(AnetConfiguration configuration, Environment environment) final AnetObjectEngine engine = new AnetObjectEngine(dbUrl, this, metricRegistry); environment.servlets().setSessionHandler(new SessionHandler()); - if (configuration.isDevelopmentMode()) { - // In development mode chain URL params (used during testing) and basic HTTP Authentication - final UrlParamsAuthFilter urlParamsAuthFilter = - new UrlParamsAuthFilter.Builder() - .setAuthenticator(new AnetDevAuthenticator(engine, metricRegistry)) - // Acting only as Authz. - .setAuthorizer(new AnetAuthenticationFilter(engine, metricRegistry)).setRealm("ANET") - .buildAuthFilter(); - final BasicCredentialAuthFilter basicAuthFilter = - new BasicCredentialAuthFilter.Builder() - .setAuthenticator(new AnetDevAuthenticator(engine, metricRegistry)) - // Acting only as Authz. - .setAuthorizer(new AnetAuthenticationFilter(engine, metricRegistry)).setRealm("ANET") - .buildAuthFilter(); - environment.jersey().register(new AuthDynamicFeature(new ChainedAuthFilter<>( - Arrays.asList(new AuthFilter[] {urlParamsAuthFilter, basicAuthFilter})))); - } else { - // In Production require Windows AD Authentication. - final Filter nsf = - configuration.isTimeWaffleRequests() ? new TimedNegotiateSecurityFilter(metricRegistry) - : new NegotiateSecurityFilter(); - final FilterRegistration nsfReg = - environment.servlets().addFilter("NegotiateSecurityFilter", nsf); - nsfReg.setInitParameters(configuration.getWaffleConfig()); - nsfReg.addMappingForUrlPatterns(EnumSet.of(DispatcherType.REQUEST), true, "/*"); - environment.jersey() - .register(new AuthDynamicFeature(new AnetAuthenticationFilter(engine, metricRegistry))); - } - if (configuration.getRedirectToHttps()) { forwardToHttps(environment.getApplicationContext()); } // If you want to use @Auth to inject a custom Principal type into your resource environment.jersey().register(new AuthValueFactoryProvider.Binder<>(Person.class)); - // If you want to use @RolesAllowed to do authorization. - environment.jersey().register(RolesAllowedDynamicFeature.class); + // We no longer use @RolesAllowed to do authorization + // environment.jersey().register(RolesAllowedDynamicFeature.class); environment.jersey().register(new WebExceptionMapper()); if (configuration.isTestMode()) { diff --git a/src/main/java/mil/dds/anet/auth/AnetAuthenticationFilter.java b/src/main/java/mil/dds/anet/auth/AnetAuthenticationFilter.java deleted file mode 100644 index 6a53df007f..0000000000 --- a/src/main/java/mil/dds/anet/auth/AnetAuthenticationFilter.java +++ /dev/null @@ -1,133 +0,0 @@ -package mil.dds.anet.auth; - -import com.codahale.metrics.MetricRegistry; -import com.codahale.metrics.Timer; -import io.dropwizard.auth.Authorizer; -import java.io.IOException; -import java.lang.invoke.MethodHandles; -import java.security.Principal; -import java.util.List; -import javax.annotation.Priority; -import javax.ws.rs.WebApplicationException; -import javax.ws.rs.container.ContainerRequestContext; -import javax.ws.rs.container.ContainerRequestFilter; -import javax.ws.rs.core.Response.Status; -import javax.ws.rs.core.SecurityContext; -import mil.dds.anet.AnetObjectEngine; -import mil.dds.anet.beans.Person; -import mil.dds.anet.beans.Person.PersonStatus; -import mil.dds.anet.beans.Person.Role; -import mil.dds.anet.beans.Position; -import mil.dds.anet.beans.Position.PositionType; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -@Priority(1500) // Run After Authentication, but before Authorization -public class AnetAuthenticationFilter implements ContainerRequestFilter, Authorizer { - - private static final Logger logger = - LoggerFactory.getLogger(MethodHandles.lookup().lookupClass()); - - private final AnetObjectEngine engine; - private final Timer timerFilter; - private final Timer timerAuthorize; - - public AnetAuthenticationFilter(AnetObjectEngine engine, MetricRegistry metricRegistry) { - this.engine = engine; - this.timerFilter = metricRegistry.timer(MetricRegistry.name(this.getClass(), "filter")); - this.timerAuthorize = metricRegistry.timer(MetricRegistry.name(this.getClass(), "authorize")); - } - - @Override - public void filter(ContainerRequestContext ctx) throws IOException { - final Timer.Context context = timerFilter.time(); - try { - final SecurityContext secContext = ctx.getSecurityContext(); - Principal p = secContext.getUserPrincipal(); - if (p != null) { - String domainUsername = p.getName(); - List matches = engine.getPersonDao().findByDomainUsername(domainUsername); - Person person; - if (matches.size() == 0) { - // First time this user has ever logged in. - person = new Person(); - person.setDomainUsername(domainUsername); - person.setName(""); - person.setRole(Role.ADVISOR); - person.setStatus(PersonStatus.NEW_USER); - person = engine.getPersonDao().insert(person); - } else { - person = matches.get(0); - } - - final Person user = person; - ctx.setSecurityContext(new SecurityContext() { - @Override - public Principal getUserPrincipal() { - return user; - } - - @Override - public boolean isUserInRole(String role) { - return authorize(user, role); - } - - @Override - public boolean isSecure() { - return secContext.isSecure(); - } - - @Override - public String getAuthenticationScheme() { - return secContext.getAuthenticationScheme(); - } - }); - } else { - throw new WebApplicationException("Unauthorized", Status.UNAUTHORIZED); - } - } finally { - context.stop(); - } - } - - @Override - public boolean authorize(Person principal, String role) { - final Timer.Context context = timerAuthorize.time(); - try { - return checkAuthorization(principal, role); - } finally { - context.stop(); - } - } - - /** - * Determines if a given person has a particular role. For SUPER_USER Privileges, this does not - * validate that the user has those privileges for a particular organization. That needs to be - * done later. - */ - public static boolean checkAuthorization(Person principal, String role) { - Position position = principal.loadPosition(); - if (position == null) { - logger.debug("Authorizing {} for role {} FAILED due to null position", - principal.getDomainUsername(), role); - return false; - } - - // Administrators can do anything - if (position.getType() == PositionType.ADMINISTRATOR) { - logger.debug("Authorizing {} for role {} SUCCESS", principal.getDomainUsername(), role); - return true; - } - - // Verify the user is a super user. - if (PositionType.SUPER_USER.toString().equals(role)) { - if (position.getType() == PositionType.SUPER_USER) { - logger.debug("Authorizing {} for role {} SUCCESS", principal.getDomainUsername(), role); - return true; - } - } - logger.debug("Authorizing {} for role {} FAILED", principal.getDomainUsername(), role); - return false; - } - -} diff --git a/src/main/java/mil/dds/anet/auth/AnetDevAuthenticator.java b/src/main/java/mil/dds/anet/auth/AnetDevAuthenticator.java deleted file mode 100644 index 517f3511e3..0000000000 --- a/src/main/java/mil/dds/anet/auth/AnetDevAuthenticator.java +++ /dev/null @@ -1,55 +0,0 @@ -package mil.dds.anet.auth; - -import com.codahale.metrics.MetricRegistry; -import com.codahale.metrics.Timer; -import io.dropwizard.auth.AuthenticationException; -import io.dropwizard.auth.Authenticator; -import io.dropwizard.auth.basic.BasicCredentials; -import java.util.List; -import java.util.Optional; -import mil.dds.anet.AnetObjectEngine; -import mil.dds.anet.beans.Person; -import mil.dds.anet.beans.Person.PersonStatus; -import mil.dds.anet.beans.Person.Role; -import mil.dds.anet.database.PersonDao; - -public class AnetDevAuthenticator implements Authenticator { - - private final PersonDao dao; - private final Timer timerAuthenticate; - - public AnetDevAuthenticator(AnetObjectEngine engine, MetricRegistry metricRegistry) { - this.dao = engine.getPersonDao(); - this.timerAuthenticate = - metricRegistry.timer(MetricRegistry.name(this.getClass(), "authenticate")); - } - - @Override - public Optional authenticate(BasicCredentials credentials) - throws AuthenticationException { - final Timer.Context context = timerAuthenticate.time(); - try { - List p = dao.findByDomainUsername(credentials.getUsername()); - if (p.size() > 0) { - Person person = p.get(0); - return Optional.of(person); - } - - if (credentials.getUsername().equals(credentials.getPassword())) { - // Special development mechanism to perform a 'first login'. - Person newUser = new Person(); - newUser.setName(credentials.getUsername()); - newUser.setRole(Role.ADVISOR); - newUser.setDomainUsername(credentials.getUsername()); - newUser.setStatus(PersonStatus.NEW_USER); - newUser = dao.insert(newUser); - - return Optional.of(newUser); - } - return Optional.empty(); - } finally { - context.stop(); - } - } - -} diff --git a/src/main/java/mil/dds/anet/auth/TimedNegotiateSecurityFilter.java b/src/main/java/mil/dds/anet/auth/TimedNegotiateSecurityFilter.java deleted file mode 100644 index 752b3ee6b8..0000000000 --- a/src/main/java/mil/dds/anet/auth/TimedNegotiateSecurityFilter.java +++ /dev/null @@ -1,188 +0,0 @@ -package mil.dds.anet.auth; - -import com.codahale.metrics.MetricRegistry; -import com.codahale.metrics.Timer; -import com.codahale.metrics.annotation.Timed; -import java.io.IOException; -import javax.servlet.FilterChain; -import javax.servlet.FilterConfig; -import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import waffle.servlet.NegotiateSecurityFilter; -import waffle.servlet.spi.SecurityFilterProviderCollection; -import waffle.windows.auth.IWindowsAuthProvider; -import waffle.windows.auth.PrincipalFormat; - -public class TimedNegotiateSecurityFilter extends NegotiateSecurityFilter { - - private final Timer timerDoFilter; - private final Timer timerInit; - private final Timer timerSetPrincipalFormat; - private final Timer timerGetPrincipalFormat; - private final Timer timerSetRoleFormat; - private final Timer timerGetRoleFormat; - private final Timer timerGetAuth; - private final Timer timerSetAuth; - private final Timer timerIsAllowGuestLogin; - private final Timer timerSetImpersonate; - private final Timer timerIsImpersonate; - private final Timer timerGetProviders; - - public TimedNegotiateSecurityFilter(MetricRegistry metricRegistry) { - this.timerDoFilter = metricRegistry.timer(MetricRegistry.name(this.getClass(), "doFilter")); - this.timerInit = metricRegistry.timer(MetricRegistry.name(this.getClass(), "init")); - this.timerSetPrincipalFormat = - metricRegistry.timer(MetricRegistry.name(this.getClass(), "setPrincipalFormat")); - this.timerGetPrincipalFormat = - metricRegistry.timer(MetricRegistry.name(this.getClass(), "getPrincipalFormat")); - this.timerSetRoleFormat = - metricRegistry.timer(MetricRegistry.name(this.getClass(), "setRoleFormat")); - this.timerGetRoleFormat = - metricRegistry.timer(MetricRegistry.name(this.getClass(), "getRoleFormat")); - this.timerGetAuth = metricRegistry.timer(MetricRegistry.name(this.getClass(), "setAuth")); - this.timerSetAuth = metricRegistry.timer(MetricRegistry.name(this.getClass(), "getAuth")); - this.timerIsAllowGuestLogin = - metricRegistry.timer(MetricRegistry.name(this.getClass(), "isAllowGuestLogin")); - this.timerSetImpersonate = - metricRegistry.timer(MetricRegistry.name(this.getClass(), "setImpersonate")); - this.timerIsImpersonate = - metricRegistry.timer(MetricRegistry.name(this.getClass(), "isImpersonate")); - this.timerGetProviders = - metricRegistry.timer(MetricRegistry.name(this.getClass(), "getProviders")); - } - - @Timed - @Override - public void doFilter(ServletRequest sreq, ServletResponse sres, FilterChain chain) - throws IOException, ServletException { - final Timer.Context context = timerDoFilter.time(); - try { - super.doFilter(sreq, sres, chain); - } finally { - context.stop(); - } - } - - @Timed - @Override - public void init(FilterConfig filterConfig) throws ServletException { - final Timer.Context context = timerInit.time(); - try { - super.init(filterConfig); - } finally { - context.stop(); - } - } - - @Timed - @Override - public void setPrincipalFormat(String format) { - final Timer.Context context = timerSetPrincipalFormat.time(); - try { - super.setPrincipalFormat(format); - } finally { - context.stop(); - } - } - - @Timed - @Override - public PrincipalFormat getPrincipalFormat() { - final Timer.Context context = timerGetPrincipalFormat.time(); - try { - return super.getPrincipalFormat(); - } finally { - context.stop(); - } - } - - @Timed - @Override - public void setRoleFormat(String format) { - final Timer.Context context = timerSetRoleFormat.time(); - try { - super.setRoleFormat(format); - } finally { - context.stop(); - } - } - - @Timed - @Override - public PrincipalFormat getRoleFormat() { - final Timer.Context context = timerGetRoleFormat.time(); - try { - return super.getRoleFormat(); - } finally { - context.stop(); - } - } - - @Timed - @Override - public void setAuth(IWindowsAuthProvider provider) { - final Timer.Context context = timerGetAuth.time(); - try { - super.setAuth(provider); - } finally { - context.stop(); - } - } - - @Timed - @Override - public IWindowsAuthProvider getAuth() { - final Timer.Context context = timerSetAuth.time(); - try { - return super.getAuth(); - } finally { - context.stop(); - } - } - - @Timed - @Override - public boolean isAllowGuestLogin() { - final Timer.Context context = timerIsAllowGuestLogin.time(); - try { - return super.isAllowGuestLogin(); - } finally { - context.stop(); - } - } - - @Timed - @Override - public void setImpersonate(boolean value) { - final Timer.Context context = timerSetImpersonate.time(); - try { - super.setImpersonate(value); - } finally { - context.stop(); - } - } - - @Timed - @Override - public boolean isImpersonate() { - final Timer.Context context = timerIsImpersonate.time(); - try { - return super.isImpersonate(); - } finally { - context.stop(); - } - } - - @Timed - @Override - public SecurityFilterProviderCollection getProviders() { - final Timer.Context context = timerGetProviders.time(); - try { - return super.getProviders(); - } finally { - context.stop(); - } - } - -} diff --git a/src/main/java/mil/dds/anet/auth/UrlParamsAuthFilter.java b/src/main/java/mil/dds/anet/auth/UrlParamsAuthFilter.java deleted file mode 100644 index 33616a1c3b..0000000000 --- a/src/main/java/mil/dds/anet/auth/UrlParamsAuthFilter.java +++ /dev/null @@ -1,67 +0,0 @@ -package mil.dds.anet.auth; - -import io.dropwizard.auth.AuthFilter; -import io.dropwizard.auth.Authenticator; -import io.dropwizard.auth.basic.BasicCredentials; -import java.io.IOException; -import java.security.Principal; -import java.util.List; -import javax.annotation.Nullable; -import javax.annotation.Priority; -import javax.ws.rs.Priorities; -import javax.ws.rs.WebApplicationException; -import javax.ws.rs.container.ContainerRequestContext; -import javax.ws.rs.core.MultivaluedMap; -import javax.ws.rs.core.SecurityContext; -import org.apache.commons.collections.CollectionUtils; - -@Priority(Priorities.AUTHENTICATION) -public class UrlParamsAuthFilter

extends AuthFilter { - - private static final String PARAM_PASSWORD = "pass"; - private static final String PARAM_USERNAME = "user"; - - private UrlParamsAuthFilter() {} - - @Override - public void filter(ContainerRequestContext requestContext) throws IOException { - final MultivaluedMap queryParameters = - requestContext.getUriInfo().getQueryParameters(); - final BasicCredentials credentials = getCredentials(queryParameters); - if (!authenticate(requestContext, credentials, SecurityContext.BASIC_AUTH)) { - throw new WebApplicationException(unauthorizedHandler.buildResponse(prefix, realm)); - } - } - - @Nullable - private BasicCredentials getCredentials(MultivaluedMap queryParameters) { - final String username = extractParam(queryParameters, PARAM_USERNAME); - final String password = extractParam(queryParameters, PARAM_PASSWORD); - if (username == null || password == null) { - return null; - } - return new BasicCredentials(username, password); - } - - private String extractParam(MultivaluedMap queryParameters, String paramName) { - final List params = queryParameters.get(paramName); - return CollectionUtils.isEmpty(params) ? null : params.get(0); - } - - /** - * Builder for {@link UrlParamsAuthFilter}. - *

- * An {@link Authenticator} must be provided during the building process. - *

- * - * @param

the principal - */ - public static class Builder

- extends AuthFilterBuilder> { - - @Override - protected UrlParamsAuthFilter

newInstance() { - return new UrlParamsAuthFilter<>(); - } - } -} diff --git a/src/main/java/mil/dds/anet/config/AnetConfiguration.java b/src/main/java/mil/dds/anet/config/AnetConfiguration.java index 434fe16a41..15c1717bfd 100644 --- a/src/main/java/mil/dds/anet/config/AnetConfiguration.java +++ b/src/main/java/mil/dds/anet/config/AnetConfiguration.java @@ -2,12 +2,12 @@ import com.fasterxml.jackson.annotation.JsonProperty; import com.google.common.collect.ImmutableMap; +import de.ahus1.keycloak.dropwizard.KeycloakConfiguration; import io.dropwizard.Configuration; import io.dropwizard.bundles.assets.AssetsBundleConfiguration; import io.dropwizard.bundles.assets.AssetsConfiguration; import io.dropwizard.db.DataSourceFactory; import java.util.Collections; -import java.util.HashMap; import java.util.Map; import javax.validation.Valid; import javax.validation.constraints.NotNull; @@ -28,15 +28,13 @@ public class AnetConfiguration extends Configuration implements AssetsBundleConf private Map dictionary; - private boolean timeWaffleRequests; - @Valid @NotNull @JsonProperty private final AssetsConfiguration assets = AssetsConfiguration.builder().build(); @NotNull - private Map waffleConfig = new HashMap(); + private KeycloakConfiguration keycloakConfiguration = new KeycloakConfiguration(); @Valid @NotNull @@ -98,20 +96,12 @@ public void setViews(Map> views) { this.views = builder.build(); } - public boolean isTimeWaffleRequests() { - return timeWaffleRequests; - } - - public void setTimeWaffleRequests(boolean timeWaffleRequests) { - this.timeWaffleRequests = timeWaffleRequests; - } - - public Map getWaffleConfig() { - return waffleConfig; + public KeycloakConfiguration getKeycloakConfiguration() { + return keycloakConfiguration; } - public void setWaffleConfig(Map config) { - this.waffleConfig = config; + public void setKeycloakConfiguration(KeycloakConfiguration keycloakConfiguration) { + this.keycloakConfiguration = keycloakConfiguration; } public SmtpConfiguration getSmtp() { diff --git a/src/test/java/mil/dds/anet/test/resources/GraphQlResourceTest.java b/src/test/java/mil/dds/anet/test/resources/GraphQlResourceTest.java index e04af97501..2ccf5f4284 100644 --- a/src/test/java/mil/dds/anet/test/resources/GraphQlResourceTest.java +++ b/src/test/java/mil/dds/anet/test/resources/GraphQlResourceTest.java @@ -137,8 +137,8 @@ private void doAsserts(File f, Map resp) { * Helper method to build httpQuery with authentication and Accept headers. */ private Builder httpQuery(String path, Person authUser) { - final String authString = - Base64.getEncoder().encodeToString((authUser.getDomainUsername() + ":").getBytes()); + final String authString = Base64.getEncoder().encodeToString( + (authUser.getDomainUsername() + ":" + authUser.getDomainUsername()).getBytes()); return client.target(String.format("http://localhost:%d%s", TestApp.app.getLocalPort(), path)) .request().header("Authorization", "Basic " + authString) .header("Accept", MediaType.APPLICATION_JSON_TYPE.toString()); diff --git a/src/test/java/mil/dds/anet/test/resources/utils/GraphQlClient.java b/src/test/java/mil/dds/anet/test/resources/utils/GraphQlClient.java index 0b0cc4d33d..591a0a2e45 100644 --- a/src/test/java/mil/dds/anet/test/resources/utils/GraphQlClient.java +++ b/src/test/java/mil/dds/anet/test/resources/utils/GraphQlClient.java @@ -59,8 +59,8 @@ public T doGraphQlQuery(Person user, String query, Map varia private Builder httpQuery(String path, Person authUser) { try { - final String authString = - Base64.getEncoder().encodeToString((authUser.getDomainUsername() + ":").getBytes()); + final String authString = Base64.getEncoder().encodeToString( + (authUser.getDomainUsername() + ":" + authUser.getDomainUsername()).getBytes()); final URI uri = new URI("http", null, "localhost", localPort, path, null, null); return client.target(uri).request().header("Authorization", "Basic " + authString) .header("Accept", MediaType.APPLICATION_JSON_TYPE.toString());