fix(e2e-test findings): adjust realm config (#228)

* fix: enable user profiles in cx-central realm to address user attributes change coming keycloak v24 #226 * fix(master sharedidp): update realm to not require user profiles as that's the default in master realms, discovered as part of eclipse-tractusx/portal-backend#1154 * fix(svc): add technical_roles_management role to client scope #227 * fix(svc): add create_ssi_notifications role to sa-cl24-01 from Cl2-CX-Portal client #229 * fix(docs): add store_didDocument from technical user accounts
eclipse-tractusx · Nov 20, 2024 · 54f93d7 · 54f93d7
1 parent 32509c7
commit 54f93d7
Show file tree

Hide file tree

Showing 3 changed files with 713 additions and 703 deletions.
diff --git a/docs/admin/technical-documentation/06. Roles & Rights Concept.md b/docs/admin/technical-documentation/06. Roles & Rights Concept.md
@@ -238,8 +238,9 @@ This role concept covers all roles related to
 | Access technical user details (view_tech_user_management) | x | | | | | | | x |
 | send_mail | | | | | | | | |
 | create_ssi_notifications | | | | | | | | |
-|update_application_bpn_credential | | | | | | | | |
-|update_application_membership_credential | | | | | | | | |
+| store_didDocument | | | | | | | | |
+| update_application_bpn_credential | | | | | | | | |
+| update_application_membership_credential | | | | | | | | |
 | **BPN Discovery (Cl22-CX-BPND)** | | | | | | | | |
 | View Discovery BPN (view_bpn_discovery) | | | | | x | | | |
 | Add Discovery BPN (add_bpn_discovery) | | | | | x | | | |

diff --git a/import/realm-config/generic/catenax-central/CX-Central-realm.json b/import/realm-config/generic/catenax-central/CX-Central-realm.json
@@ -2759,7 +2759,16 @@
     "totpAppGoogleName",
     "totpAppMicrosoftAuthenticatorName"
   ],
-  "localizationTexts": {},
+  "localizationTexts": {
+    "de": {
+      "profile.attributes.organisation": "Organisation",
+      "profile.attributes.bpn": "BPN"
+    },
+    "en": {
+      "profile.attributes.organisation": "Organisation",
+      "profile.attributes.bpn": "BPN"
+    }
+  },
   "webAuthnPolicyRpEntityName": "keycloak",
   "webAuthnPolicySignatureAlgorithms": [
     "ES256"
@@ -3025,7 +3034,8 @@
         "Cl2-CX-Portal": [
           "update_application_bpn_credential",
           "update_application_membership_credential",
-          "send_mail"
+          "send_mail",
+          "create_ssi_notifications"
         ]
       },
       "notBefore": 0,
@@ -3427,6 +3437,7 @@
       {
         "client": "sa-cl2-05",
         "roles": [
+          "technical_roles_management",
           "store_didDocument"
         ]
       },
@@ -7860,12 +7871,12 @@
     ],
     "org.keycloak.userprofile.UserProfileProvider": [
       {
-        "id": "28c95b37-8ccd-42f5-be92-9cfbcff47848",
+        "id": "1dd954ae-97aa-4f35-94f9-6afec01a6e9a",
         "providerId": "declarative-user-profile",
         "subComponents": {},
         "config": {
           "kc.user.profile.config": [
-            "{\"attributes\":[{\"name\":\"username\",\"displayName\":\"${username}\",\"validations\":{\"length\":{\"min\":3,\"max\":255},\"username-prohibited-characters\":{},\"up-username-not-idn-homograph\":{}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"email\",\"displayName\":\"${email}\",\"validations\":{\"email\":{},\"length\":{\"max\":255}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"firstName\",\"displayName\":\"${firstName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"lastName\",\"displayName\":\"${lastName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false}],\"groups\":[{\"name\":\"user-metadata\",\"displayHeader\":\"User metadata\",\"displayDescription\":\"Attributes, which refer to user metadata\"}],\"unmanagedAttributePolicy\":\"ENABLED\"}"
+            "{\"attributes\":[{\"name\":\"username\",\"displayName\":\"${username}\",\"validations\":{\"length\":{\"min\":3,\"max\":255},\"username-prohibited-characters\":{},\"up-username-not-idn-homograph\":{}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"email\",\"displayName\":\"${email}\",\"validations\":{\"email\":{},\"length\":{\"max\":255}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"firstName\",\"displayName\":\"${firstName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"lastName\",\"displayName\":\"${lastName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"organisation\",\"displayName\":\"${profile.attributes.organisation}\",\"validations\":{},\"annotations\":{},\"permissions\":{\"view\":[],\"edit\":[\"admin\"]},\"multivalued\":false},{\"name\":\"bpn\",\"displayName\":\"${profile.attributes.bpn}\",\"validations\":{},\"annotations\":{},\"permissions\":{\"view\":[],\"edit\":[\"admin\"]},\"multivalued\":true}],\"groups\":[{\"name\":\"user-metadata\",\"displayHeader\":\"User metadata\",\"displayDescription\":\"Attributes, which refer to user metadata\"}]}"
           ]
         }
       }
@@ -7942,6 +7953,7 @@
     "de",
     "en"
   ],
+  "defaultLocale": "en",
   "authenticationFlows": [
     {
       "id": "b85acc77-a0fd-492e-841f-051eb40cd92f",
@@ -8832,17 +8844,18 @@
   "firstBrokerLoginFlow": "first broker login",
   "attributes": {
     "cibaBackchannelTokenDeliveryMode": "poll",
-    "cibaExpiresIn": "120",
     "cibaAuthRequestedUserHint": "login_hint",
-    "oauth2DeviceCodeLifespan": "600",
     "oauth2DevicePollingInterval": "5",
     "clientOfflineSessionMaxLifespan": "0",
     "clientSessionIdleTimeout": "0",
-    "parRequestUriLifespan": "60",
-    "clientSessionMaxLifespan": "0",
     "clientOfflineSessionIdleTimeout": "0",
     "cibaInterval": "5",
-    "realmReusableOtpCode": "false"
+    "realmReusableOtpCode": "false",
+    "cibaExpiresIn": "120",
+    "oauth2DeviceCodeLifespan": "600",
+    "parRequestUriLifespan": "60",
+    "clientSessionMaxLifespan": "0",
+    "organizationsEnabled": "false"
   },
   "keycloakVersion": "25.0.6",
   "userManagedAccessAllowed": false,