diff --git a/.github/workflows/cx-iam-consortia.yml b/.github/workflows/cx-iam-consortia.yml index bd1fcf43..59b42d62 100644 --- a/.github/workflows/cx-iam-consortia.yml +++ b/.github/workflows/cx-iam-consortia.yml @@ -49,20 +49,31 @@ jobs: username: ${{ secrets.DOCKER_HUB_USER }} password: ${{ secrets.DOCKER_HUB_TOKEN }} + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Docker meta id: meta uses: docker/metadata-action@v4 with: images: ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }} + # Automatically prepare image tags; + # semver patter will generate tags like these for example :v1 :v1.2 tags: | type=raw,value=latest type=raw,value=${{ env.REF_NAME }} + type=semver,pattern=v{{major}} + type=semver,pattern=v{{major}}.{{minor}} - name: Build and push Keycloak init container uses: docker/build-push-action@v4 with: context: . file: docker/Dockerfile.consortia.import + platforms: linux/amd64, linux/arm64 push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} diff --git a/.github/workflows/cx-iam.yml b/.github/workflows/cx-iam.yml index fe87187c..e6a4c98f 100644 --- a/.github/workflows/cx-iam.yml +++ b/.github/workflows/cx-iam.yml @@ -49,20 +49,31 @@ jobs: username: ${{ secrets.DOCKER_HUB_USER }} password: ${{ secrets.DOCKER_HUB_TOKEN }} + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Docker meta id: meta uses: docker/metadata-action@v4 with: images: ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }} + # Automatically prepare image tags; + # semver patter will generate tags like these for example :v1 :v1.2 tags: | type=raw,value=latest type=raw,value=${{ env.REF_NAME }} + type=semver,pattern=v{{major}} + type=semver,pattern=v{{major}}.{{minor}} - name: Build and push Keycloak init container uses: docker/build-push-action@v4 with: context: . file: docker/Dockerfile.import + platforms: linux/amd64, linux/arm64 push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} diff --git a/CHANGELOG.md b/CHANGELOG.md index 1fa012b8..ba350189 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,61 @@ New features, fixed bugs, known defects and other noteworthy changes to each release of the Catena-X IAM * Keycloak instances. +## 2.1.0-RC1 + +### Change + +* realm configuration (centralidp) - updates to CX-Central realm: + * changed the username of initial CX Operator user to align with CX portal company_users ID + * created the composite role "BPDM Gate Read" in client technical_roles_management and associated client role "view_company_data" from Cl16-CX-BPDMGate + * created the composite role "BPDM Gate Read" in client technical_roles_management and associated client roles "view_company_data", "update_company_data" and "view_shared_data" from Cl16-CX-BPDMGate + * assigned the roles "view_wallet" and "view_certificates" from the Cl5-CX-Custodian client to all the composite role of the client Cl2-CX-Portal + * created the roles "upload_certificates" and "delete_certificates" inside the Cl2-CX-Portal client and assigned them to the composite roles "Business Admin", "IT Admin" and "Company Admin" and "Purchaser" + * removed tenant-mapper from the "catena" client scope + +### Bugfix + +* realm configuration (centralidp) - fixes to CX-Central realm: + * assigned the following roles from the Cl2-CX-Portal from the composite role "IT Admin": + * delete_user_account + * delete_own_user_account + * view_service_marketplace + * view_service_offering + * subscribe_service + * view_service_subscriptions + * view_membership + * delete_notifications + * assigned the following roles from the Cl2-CX-Portal from the composite role "Business Admin": + * delete_own_user_account + * view_user_management + * view_connectors + * view_apps + * view_subscription + * view_app_subscription + * view_autosetup_status + * view_service_marketplace + * view_service_offering + * view_service_subscriptions + * view_company_data + * view_use_case_participation + * view_certificates + +### Technical Support + +* build of init containers + * enabled build of images for arm64, in addition to amd64 + * added additional image tags of type semver +* updated base image versions for init container in README +* updated generic-security documentation +* adjusted source url in license files for static content + +### Known Knowns + +The following issues were recently discovered: + +* Refresh token rotation causes page reload in frontend apps when using multiple tabs, see [User Token Lifespan](docs/consultation/workshop-20231005.md#user-token-lifespan) +* Custom login themes break when inserting HTML/CSS/JavaScript code in the IdP display name + ## 2.0.0 ### Change diff --git a/README.md b/README.md index 613a3be9..63d2ac01 100644 --- a/README.md +++ b/README.md @@ -34,19 +34,19 @@ DockerHub: * https://hub.docker.com/r/tractusx/portal-iam * https://hub.docker.com/r/tractusx/portal-iam-consortia -Base image: alpinelinux/docker-alpine:3.17 +Base image: alpinelinux/docker-alpine:3.18 -* Dockerfile: [alpinelinux/docker-alpine:3.17](https://github.com/alpinelinux/docker-alpine/blob/681b8c677aaed66e48a5ce721509647bd4dcd017/x86_64/Dockerfile) -* GitHub project: [https://github.com/alpinelinux/docker-alpine](https://github.com/alpinelinux/docker-alpine)) +* Dockerfile: [alpinelinux/docker-alpine:3.18](https://github.com/alpinelinux/docker-alpine/blob/v3.18/x86_64/Dockerfile) +* GitHub project: [https://github.com/alpinelinux/docker-alpine](https://github.com/alpinelinux/docker-alpine) * DockerHub: [https://hub.docker.com/_/alpine](https://hub.docker.com/_/alpine) DockerHub: * https://hub.docker.com/r/tractusx/portal-iam-seeding -Base image: mcr.microsoft.com/dotnet/runtime:6.0-alpine +Base image: mcr.microsoft.com/dotnet/runtime:7.0-alpine -* Dockerfile: [mcr.microsoft.com/dotnet/runtime:6.0-alpine](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime/6.0/alpine3.17/amd64/Dockerfile) +* Dockerfile: [mcr.microsoft.com/dotnet/runtime:7.0-alpine](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime/7.0/alpine3.17/amd64/Dockerfile) * GitHub project: [https://github.com/dotnet/dotnet-docker](https://github.com/dotnet/dotnet-docker) * DockerHub: [https://hub.docker.com/_/microsoft-dotnet-runtime](https://hub.docker.com/_/microsoft-dotnet-runtime) diff --git a/charts/centralidp/values.yaml b/charts/centralidp/values.yaml index 12754918..97e7d03b 100644 --- a/charts/centralidp/values.yaml +++ b/charts/centralidp/values.yaml @@ -48,7 +48,7 @@ keycloak: mountPath: "/realms" initContainers: - name: import - image: tractusx/portal-iam:v2.0.0 + image: tractusx/portal-iam:pr44 imagePullPolicy: Always command: - sh @@ -178,7 +178,7 @@ seeding: mountPath: "app/realms" initContainers: - name: init-cx-central - image: tractusx/portal-iam:v2.0.0 + image: tractusx/portal-iam:pr44 imagePullPolicy: Always command: - sh diff --git a/charts/sharedidp/values.yaml b/charts/sharedidp/values.yaml index 5095297e..0f7f76ea 100644 --- a/charts/sharedidp/values.yaml +++ b/charts/sharedidp/values.yaml @@ -52,7 +52,7 @@ keycloak: mountPath: "/realms" initContainers: - name: import - image: tractusx/portal-iam:v2.0.0 + image: tractusx/portal-iam:pr44 imagePullPolicy: Always command: - sh diff --git a/consortia/environments/centralidp/values-beta.yaml b/consortia/environments/centralidp/values-beta.yaml index cd1c2731..120f5887 100644 --- a/consortia/environments/centralidp/values-beta.yaml +++ b/consortia/environments/centralidp/values-beta.yaml @@ -22,7 +22,7 @@ keycloak: proxy: edge initContainers: - name: import - image: tractusx/portal-iam-consortia:v2.0.0 + image: tractusx/portal-iam-consortia:pr44 imagePullPolicy: Always command: - sh @@ -69,7 +69,7 @@ seeding: enabled: true initContainers: - name: init-cx-central - image: tractusx/portal-iam-consortia:v2.0.0 + image: tractusx/portal-iam-consortia:pr44 imagePullPolicy: Always command: - sh diff --git a/consortia/environments/centralidp/values-int.yaml b/consortia/environments/centralidp/values-int.yaml index 5587b2e4..f3c401c4 100644 --- a/consortia/environments/centralidp/values-int.yaml +++ b/consortia/environments/centralidp/values-int.yaml @@ -22,7 +22,7 @@ keycloak: proxy: edge initContainers: - name: import - image: tractusx/portal-iam-consortia:v2.0.0 + image: tractusx/portal-iam-consortia:pr44 imagePullPolicy: Always command: - sh @@ -69,7 +69,7 @@ seeding: enabled: false initContainers: - name: init-cx-central - image: tractusx/portal-iam-consortia:v2.0.0 + image: tractusx/portal-iam-consortia:pr44 imagePullPolicy: Always command: - sh diff --git a/consortia/environments/centralidp/values-pen.yaml b/consortia/environments/centralidp/values-pen.yaml index 9928afe2..1e229f87 100644 --- a/consortia/environments/centralidp/values-pen.yaml +++ b/consortia/environments/centralidp/values-pen.yaml @@ -22,7 +22,7 @@ keycloak: proxy: edge initContainers: - name: import - image: tractusx/portal-iam-consortia:v2.0.0 + image: tractusx/portal-iam-consortia:pr44 imagePullPolicy: Always command: - sh @@ -69,7 +69,7 @@ seeding: enabled: true initContainers: - name: init-cx-central - image: tractusx/portal-iam-consortia:v2.0.0 + image: tractusx/portal-iam-consortia:pr44 imagePullPolicy: Always command: - sh diff --git a/consortia/environments/centralidp/values-rc.yaml b/consortia/environments/centralidp/values-rc.yaml index e36db47a..271f63ad 100644 --- a/consortia/environments/centralidp/values-rc.yaml +++ b/consortia/environments/centralidp/values-rc.yaml @@ -22,7 +22,7 @@ keycloak: proxy: edge initContainers: - name: import - image: tractusx/portal-iam-consortia:v2.0.0 + image: tractusx/portal-iam-consortia:pr44 imagePullPolicy: Always command: - sh @@ -69,7 +69,7 @@ seeding: enabled: true initContainers: - name: init-cx-central - image: tractusx/portal-iam-consortia:v2.0.0 + image: tractusx/portal-iam-consortia:pr44 imagePullPolicy: Always command: - sh diff --git a/consortia/environments/centralidp/values-templateconsortia.yaml b/consortia/environments/centralidp/values-templateconsortia.yaml index ecace48f..c57df821 100644 --- a/consortia/environments/centralidp/values-templateconsortia.yaml +++ b/consortia/environments/centralidp/values-templateconsortia.yaml @@ -22,7 +22,7 @@ keycloak: proxy: edge initContainers: - name: import - image: tractusx/portal-iam-consortia:v2.0.0 + image: tractusx/portal-iam-consortia:pr44 imagePullPolicy: Always command: - sh @@ -66,11 +66,11 @@ secrets: replicationPassword: "" seeding: - enabled: true + enabled: false image: "tractusx/portal-iam-seeding:dev" initContainers: - name: init-cx-central - image: tractusx/portal-iam-consortia:v2.0.0 + image: tractusx/portal-iam-consortia:pr44 imagePullPolicy: Always command: - sh diff --git a/consortia/environments/centralidp/values-templategeneric.yaml b/consortia/environments/centralidp/values-templategeneric.yaml index 442c97e7..2e5973e4 100644 --- a/consortia/environments/centralidp/values-templategeneric.yaml +++ b/consortia/environments/centralidp/values-templategeneric.yaml @@ -22,7 +22,7 @@ keycloak: proxy: edge initContainers: - name: import - image: tractusx/portal-iam:v2.0.0 + image: tractusx/portal-iam:pr44 imagePullPolicy: Always command: - sh @@ -70,7 +70,7 @@ seeding: image: "tractusx/portal-iam-seeding:rc" initContainers: - name: init-cx-central - image: tractusx/portal-iam:v2.0.0 + image: tractusx/portal-iam:pr44 imagePullPolicy: Always command: - sh diff --git a/consortia/environments/sharedidp/values-beta.yaml b/consortia/environments/sharedidp/values-beta.yaml index 4a69a240..cd3a8cc6 100644 --- a/consortia/environments/sharedidp/values-beta.yaml +++ b/consortia/environments/sharedidp/values-beta.yaml @@ -41,7 +41,7 @@ keycloak: mountPath: "/secrets" initContainers: - name: import - image: tractusx/portal-iam-consortia:v2.0.0 + image: tractusx/portal-iam-consortia:pr44 imagePullPolicy: Always command: - sh diff --git a/consortia/environments/sharedidp/values-int.yaml b/consortia/environments/sharedidp/values-int.yaml index 3cc80a3c..d76da6d8 100644 --- a/consortia/environments/sharedidp/values-int.yaml +++ b/consortia/environments/sharedidp/values-int.yaml @@ -41,7 +41,7 @@ keycloak: mountPath: "/secrets" initContainers: - name: import - image: tractusx/portal-iam-consortia:v2.0.0 + image: tractusx/portal-iam-consortia:pr44 imagePullPolicy: Always command: - sh diff --git a/consortia/environments/sharedidp/values-pen.yaml b/consortia/environments/sharedidp/values-pen.yaml index 08bdcb96..b8d08a25 100644 --- a/consortia/environments/sharedidp/values-pen.yaml +++ b/consortia/environments/sharedidp/values-pen.yaml @@ -41,7 +41,7 @@ keycloak: mountPath: "/secrets" initContainers: - name: import - image: tractusx/portal-iam-consortia:v2.0.0 + image: tractusx/portal-iam-consortia:pr44 imagePullPolicy: Always command: - sh diff --git a/consortia/environments/sharedidp/values-rc.yaml b/consortia/environments/sharedidp/values-rc.yaml index 1836afb1..a2afe257 100644 --- a/consortia/environments/sharedidp/values-rc.yaml +++ b/consortia/environments/sharedidp/values-rc.yaml @@ -41,7 +41,7 @@ keycloak: mountPath: "/secrets" initContainers: - name: import - image: tractusx/portal-iam-consortia:v2.0.0 + image: tractusx/portal-iam-consortia:pr44 imagePullPolicy: Always command: - sh diff --git a/consortia/environments/sharedidp/values-templateconsortia.yaml b/consortia/environments/sharedidp/values-templateconsortia.yaml index b6044b6d..012556b6 100644 --- a/consortia/environments/sharedidp/values-templateconsortia.yaml +++ b/consortia/environments/sharedidp/values-templateconsortia.yaml @@ -41,7 +41,7 @@ keycloak: mountPath: "/secrets" initContainers: - name: import - image: tractusx/portal-iam-consortia:v2.0.0 + image: tractusx/portal-iam-consortia:pr44 imagePullPolicy: Always command: - sh diff --git a/consortia/environments/sharedidp/values-templategeneric.yaml b/consortia/environments/sharedidp/values-templategeneric.yaml index 397f0127..9dd00b81 100644 --- a/consortia/environments/sharedidp/values-templategeneric.yaml +++ b/consortia/environments/sharedidp/values-templategeneric.yaml @@ -36,7 +36,7 @@ keycloak: mountPath: "/realms" initContainers: - name: import - image: tractusx/portal-iam:v2.0.0 + image: tractusx/portal-iam:pr44 imagePullPolicy: Always command: - sh diff --git a/docs/static/2-factor-auth.png.license b/docs/static/2-factor-auth.png.license index 8bbb33d7..30820604 100644 --- a/docs/static/2-factor-auth.png.license +++ b/docs/static/2-factor-auth.png.license @@ -2,5 +2,5 @@ This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses - SPDX-License-Identifier: CC-BY-4.0 - SPDX-FileCopyrightText: Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -- Source URL: https://github.com/eclipse-tractusx/portal-assets +- Source URL: https://github.com/eclipse-tractusx/portal-iam diff --git a/docs/static/add-idp.png.license b/docs/static/add-idp.png.license index 8bbb33d7..30820604 100644 --- a/docs/static/add-idp.png.license +++ b/docs/static/add-idp.png.license @@ -2,5 +2,5 @@ This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses - SPDX-License-Identifier: CC-BY-4.0 - SPDX-FileCopyrightText: Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -- Source URL: https://github.com/eclipse-tractusx/portal-assets +- Source URL: https://github.com/eclipse-tractusx/portal-iam diff --git a/docs/static/add-provider-menu.png.license b/docs/static/add-provider-menu.png.license index 8bbb33d7..30820604 100644 --- a/docs/static/add-provider-menu.png.license +++ b/docs/static/add-provider-menu.png.license @@ -2,5 +2,5 @@ This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses - SPDX-License-Identifier: CC-BY-4.0 - SPDX-FileCopyrightText: Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -- Source URL: https://github.com/eclipse-tractusx/portal-assets +- Source URL: https://github.com/eclipse-tractusx/portal-iam diff --git a/docs/static/auth-flow.png.license b/docs/static/auth-flow.png.license index 8bbb33d7..30820604 100644 --- a/docs/static/auth-flow.png.license +++ b/docs/static/auth-flow.png.license @@ -2,5 +2,5 @@ This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses - SPDX-License-Identifier: CC-BY-4.0 - SPDX-FileCopyrightText: Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -- Source URL: https://github.com/eclipse-tractusx/portal-assets +- Source URL: https://github.com/eclipse-tractusx/portal-iam diff --git a/docs/static/authentication-flow.png.license b/docs/static/authentication-flow.png.license index 8bbb33d7..30820604 100644 --- a/docs/static/authentication-flow.png.license +++ b/docs/static/authentication-flow.png.license @@ -2,5 +2,5 @@ This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses - SPDX-License-Identifier: CC-BY-4.0 - SPDX-FileCopyrightText: Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -- Source URL: https://github.com/eclipse-tractusx/portal-assets +- Source URL: https://github.com/eclipse-tractusx/portal-iam diff --git a/docs/static/authentication-protocol.png.license b/docs/static/authentication-protocol.png.license index 8bbb33d7..30820604 100644 --- a/docs/static/authentication-protocol.png.license +++ b/docs/static/authentication-protocol.png.license @@ -2,5 +2,5 @@ This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses - SPDX-License-Identifier: CC-BY-4.0 - SPDX-FileCopyrightText: Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -- Source URL: https://github.com/eclipse-tractusx/portal-assets +- Source URL: https://github.com/eclipse-tractusx/portal-iam diff --git a/docs/static/authenticationflow.png.license b/docs/static/authenticationflow.png.license index 7eb90696..237685b9 100644 --- a/docs/static/authenticationflow.png.license +++ b/docs/static/authenticationflow.png.license @@ -2,4 +2,4 @@ This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses - SPDX-License-Identifier: CC-BY-4.0 - SPDX-FileCopyrightText: Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -- Source URL: https://github.com/eclipse-tractusx/portal-assets +- Source URL: https://github.com/eclipse-tractusx/portal-iam diff --git a/docs/static/bpdm-gate-overview.png.license b/docs/static/bpdm-gate-overview.png.license index 8bbb33d7..30820604 100644 --- a/docs/static/bpdm-gate-overview.png.license +++ b/docs/static/bpdm-gate-overview.png.license @@ -2,5 +2,5 @@ This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses - SPDX-License-Identifier: CC-BY-4.0 - SPDX-FileCopyrightText: Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -- Source URL: https://github.com/eclipse-tractusx/portal-assets +- Source URL: https://github.com/eclipse-tractusx/portal-iam diff --git a/docs/static/bpdm-pool.png.license b/docs/static/bpdm-pool.png.license index 8bbb33d7..30820604 100644 --- a/docs/static/bpdm-pool.png.license +++ b/docs/static/bpdm-pool.png.license @@ -2,5 +2,5 @@ This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses - SPDX-License-Identifier: CC-BY-4.0 - SPDX-FileCopyrightText: Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -- Source URL: https://github.com/eclipse-tractusx/portal-assets +- Source URL: https://github.com/eclipse-tractusx/portal-iam diff --git a/docs/static/bpn.png.license b/docs/static/bpn.png.license index 8bbb33d7..30820604 100644 --- a/docs/static/bpn.png.license +++ b/docs/static/bpn.png.license @@ -2,5 +2,5 @@ This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses - SPDX-License-Identifier: CC-BY-4.0 - SPDX-FileCopyrightText: Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -- Source URL: https://github.com/eclipse-tractusx/portal-assets +- Source URL: https://github.com/eclipse-tractusx/portal-iam diff --git a/docs/static/brute-force.png.license b/docs/static/brute-force.png.license index 8bbb33d7..30820604 100644 --- a/docs/static/brute-force.png.license +++ b/docs/static/brute-force.png.license @@ -2,5 +2,5 @@ This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses - SPDX-License-Identifier: CC-BY-4.0 - SPDX-FileCopyrightText: Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -- Source URL: https://github.com/eclipse-tractusx/portal-assets +- Source URL: https://github.com/eclipse-tractusx/portal-iam diff --git a/docs/static/client-authentication-concept.png.license b/docs/static/client-authentication-concept.png.license index 8bbb33d7..30820604 100644 --- a/docs/static/client-authentication-concept.png.license +++ b/docs/static/client-authentication-concept.png.license @@ -2,5 +2,5 @@ This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses - SPDX-License-Identifier: CC-BY-4.0 - SPDX-FileCopyrightText: Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -- Source URL: https://github.com/eclipse-tractusx/portal-assets +- Source URL: https://github.com/eclipse-tractusx/portal-iam diff --git a/docs/static/client-data.png.license b/docs/static/client-data.png.license index 8bbb33d7..30820604 100644 --- a/docs/static/client-data.png.license +++ b/docs/static/client-data.png.license @@ -2,5 +2,5 @@ This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses - SPDX-License-Identifier: CC-BY-4.0 - SPDX-FileCopyrightText: Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -- Source URL: https://github.com/eclipse-tractusx/portal-assets +- Source URL: https://github.com/eclipse-tractusx/portal-iam diff --git a/docs/static/client-roles.png.license b/docs/static/client-roles.png.license index 8bbb33d7..30820604 100644 --- a/docs/static/client-roles.png.license +++ b/docs/static/client-roles.png.license @@ -2,5 +2,5 @@ This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses - SPDX-License-Identifier: CC-BY-4.0 - SPDX-FileCopyrightText: Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -- Source URL: https://github.com/eclipse-tractusx/portal-assets +- Source URL: https://github.com/eclipse-tractusx/portal-iam diff --git a/docs/static/common-parameters.png.license b/docs/static/common-parameters.png.license index 8bbb33d7..30820604 100644 --- a/docs/static/common-parameters.png.license +++ b/docs/static/common-parameters.png.license @@ -2,5 +2,5 @@ This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses - SPDX-License-Identifier: CC-BY-4.0 - SPDX-FileCopyrightText: Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -- Source URL: https://github.com/eclipse-tractusx/portal-assets +- Source URL: https://github.com/eclipse-tractusx/portal-iam diff --git a/docs/static/composite-roles.png.license b/docs/static/composite-roles.png.license index 8bbb33d7..30820604 100644 --- a/docs/static/composite-roles.png.license +++ b/docs/static/composite-roles.png.license @@ -2,5 +2,5 @@ This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses - SPDX-License-Identifier: CC-BY-4.0 - SPDX-FileCopyrightText: Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -- Source URL: https://github.com/eclipse-tractusx/portal-assets +- Source URL: https://github.com/eclipse-tractusx/portal-iam diff --git a/docs/static/create-user.png.license b/docs/static/create-user.png.license index 8bbb33d7..30820604 100644 --- a/docs/static/create-user.png.license +++ b/docs/static/create-user.png.license @@ -2,5 +2,5 @@ This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses - SPDX-License-Identifier: CC-BY-4.0 - SPDX-FileCopyrightText: Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -- Source URL: https://github.com/eclipse-tractusx/portal-assets +- Source URL: https://github.com/eclipse-tractusx/portal-iam diff --git a/docs/static/event-config.png.license b/docs/static/event-config.png.license index 8bbb33d7..30820604 100644 --- a/docs/static/event-config.png.license +++ b/docs/static/event-config.png.license @@ -2,5 +2,5 @@ This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses - SPDX-License-Identifier: CC-BY-4.0 - SPDX-FileCopyrightText: Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -- Source URL: https://github.com/eclipse-tractusx/portal-assets +- Source URL: https://github.com/eclipse-tractusx/portal-iam diff --git a/docs/static/first-login-flow.png.license b/docs/static/first-login-flow.png.license index 8bbb33d7..30820604 100644 --- a/docs/static/first-login-flow.png.license +++ b/docs/static/first-login-flow.png.license @@ -2,5 +2,5 @@ This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses - SPDX-License-Identifier: CC-BY-4.0 - SPDX-FileCopyrightText: Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -- Source URL: https://github.com/eclipse-tractusx/portal-assets +- Source URL: https://github.com/eclipse-tractusx/portal-iam diff --git a/docs/static/identity-providers.png.license b/docs/static/identity-providers.png.license index 8bbb33d7..30820604 100644 --- a/docs/static/identity-providers.png.license +++ b/docs/static/identity-providers.png.license @@ -2,5 +2,5 @@ This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses - SPDX-License-Identifier: CC-BY-4.0 - SPDX-FileCopyrightText: Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -- Source URL: https://github.com/eclipse-tractusx/portal-assets +- Source URL: https://github.com/eclipse-tractusx/portal-iam diff --git a/docs/static/import-external-idp-config.png.license b/docs/static/import-external-idp-config.png.license index 8bbb33d7..30820604 100644 --- a/docs/static/import-external-idp-config.png.license +++ b/docs/static/import-external-idp-config.png.license @@ -2,5 +2,5 @@ This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses - SPDX-License-Identifier: CC-BY-4.0 - SPDX-FileCopyrightText: Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -- Source URL: https://github.com/eclipse-tractusx/portal-assets +- Source URL: https://github.com/eclipse-tractusx/portal-iam diff --git a/docs/static/login-event-filter.png.license b/docs/static/login-event-filter.png.license index 8bbb33d7..30820604 100644 --- a/docs/static/login-event-filter.png.license +++ b/docs/static/login-event-filter.png.license @@ -2,5 +2,5 @@ This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses - SPDX-License-Identifier: CC-BY-4.0 - SPDX-FileCopyrightText: Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -- Source URL: https://github.com/eclipse-tractusx/portal-assets +- Source URL: https://github.com/eclipse-tractusx/portal-iam diff --git a/docs/static/login-events.png.license b/docs/static/login-events.png.license index 8bbb33d7..30820604 100644 --- a/docs/static/login-events.png.license +++ b/docs/static/login-events.png.license @@ -2,5 +2,5 @@ This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses - SPDX-License-Identifier: CC-BY-4.0 - SPDX-FileCopyrightText: Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -- Source URL: https://github.com/eclipse-tractusx/portal-assets +- Source URL: https://github.com/eclipse-tractusx/portal-iam diff --git a/docs/static/managed-wallets-overview.png.license b/docs/static/managed-wallets-overview.png.license index 8bbb33d7..30820604 100644 --- a/docs/static/managed-wallets-overview.png.license +++ b/docs/static/managed-wallets-overview.png.license @@ -2,5 +2,5 @@ This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses - SPDX-License-Identifier: CC-BY-4.0 - SPDX-FileCopyrightText: Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -- Source URL: https://github.com/eclipse-tractusx/portal-assets +- Source URL: https://github.com/eclipse-tractusx/portal-iam diff --git a/docs/static/mappers.png.license b/docs/static/mappers.png.license index 8bbb33d7..30820604 100644 --- a/docs/static/mappers.png.license +++ b/docs/static/mappers.png.license @@ -2,5 +2,5 @@ This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses - SPDX-License-Identifier: CC-BY-4.0 - SPDX-FileCopyrightText: Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -- Source URL: https://github.com/eclipse-tractusx/portal-assets +- Source URL: https://github.com/eclipse-tractusx/portal-iam diff --git a/docs/static/new-flow.png.license b/docs/static/new-flow.png.license index 8bbb33d7..30820604 100644 --- a/docs/static/new-flow.png.license +++ b/docs/static/new-flow.png.license @@ -2,5 +2,5 @@ This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses - SPDX-License-Identifier: CC-BY-4.0 - SPDX-FileCopyrightText: Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -- Source URL: https://github.com/eclipse-tractusx/portal-assets +- Source URL: https://github.com/eclipse-tractusx/portal-iam diff --git a/docs/static/overall-system.png.license b/docs/static/overall-system.png.license index 8bbb33d7..30820604 100644 --- a/docs/static/overall-system.png.license +++ b/docs/static/overall-system.png.license @@ -2,5 +2,5 @@ This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses - SPDX-License-Identifier: CC-BY-4.0 - SPDX-FileCopyrightText: Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -- Source URL: https://github.com/eclipse-tractusx/portal-assets +- Source URL: https://github.com/eclipse-tractusx/portal-iam diff --git a/docs/static/password-policy.png.license b/docs/static/password-policy.png.license index 8bbb33d7..30820604 100644 --- a/docs/static/password-policy.png.license +++ b/docs/static/password-policy.png.license @@ -2,5 +2,5 @@ This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses - SPDX-License-Identifier: CC-BY-4.0 - SPDX-FileCopyrightText: Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -- Source URL: https://github.com/eclipse-tractusx/portal-assets +- Source URL: https://github.com/eclipse-tractusx/portal-iam diff --git a/docs/static/password-recovery.png.license b/docs/static/password-recovery.png.license index 8bbb33d7..30820604 100644 --- a/docs/static/password-recovery.png.license +++ b/docs/static/password-recovery.png.license @@ -2,5 +2,5 @@ This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses - SPDX-License-Identifier: CC-BY-4.0 - SPDX-FileCopyrightText: Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -- Source URL: https://github.com/eclipse-tractusx/portal-assets +- Source URL: https://github.com/eclipse-tractusx/portal-iam diff --git a/docs/static/portal-application-overview.png.license b/docs/static/portal-application-overview.png.license index 8bbb33d7..30820604 100644 --- a/docs/static/portal-application-overview.png.license +++ b/docs/static/portal-application-overview.png.license @@ -2,5 +2,5 @@ This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses - SPDX-License-Identifier: CC-BY-4.0 - SPDX-FileCopyrightText: Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -- Source URL: https://github.com/eclipse-tractusx/portal-assets +- Source URL: https://github.com/eclipse-tractusx/portal-iam diff --git a/docs/static/portal-idp.png.license b/docs/static/portal-idp.png.license index 8bbb33d7..30820604 100644 --- a/docs/static/portal-idp.png.license +++ b/docs/static/portal-idp.png.license @@ -2,5 +2,5 @@ This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses - SPDX-License-Identifier: CC-BY-4.0 - SPDX-FileCopyrightText: Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -- Source URL: https://github.com/eclipse-tractusx/portal-assets +- Source URL: https://github.com/eclipse-tractusx/portal-iam diff --git a/docs/static/registration-application-overview.png.license b/docs/static/registration-application-overview.png.license index 8bbb33d7..30820604 100644 --- a/docs/static/registration-application-overview.png.license +++ b/docs/static/registration-application-overview.png.license @@ -2,5 +2,5 @@ This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses - SPDX-License-Identifier: CC-BY-4.0 - SPDX-FileCopyrightText: Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -- Source URL: https://github.com/eclipse-tractusx/portal-assets +- Source URL: https://github.com/eclipse-tractusx/portal-iam diff --git a/docs/static/required-authenticaction.png.license b/docs/static/required-authenticaction.png.license index 8bbb33d7..30820604 100644 --- a/docs/static/required-authenticaction.png.license +++ b/docs/static/required-authenticaction.png.license @@ -2,5 +2,5 @@ This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses - SPDX-License-Identifier: CC-BY-4.0 - SPDX-FileCopyrightText: Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -- Source URL: https://github.com/eclipse-tractusx/portal-assets +- Source URL: https://github.com/eclipse-tractusx/portal-iam diff --git a/docs/static/roles-permissions.png.license b/docs/static/roles-permissions.png.license index 8bbb33d7..30820604 100644 --- a/docs/static/roles-permissions.png.license +++ b/docs/static/roles-permissions.png.license @@ -2,5 +2,5 @@ This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses - SPDX-License-Identifier: CC-BY-4.0 - SPDX-FileCopyrightText: Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -- Source URL: https://github.com/eclipse-tractusx/portal-assets +- Source URL: https://github.com/eclipse-tractusx/portal-iam diff --git a/docs/static/save-events.png.license b/docs/static/save-events.png.license index 8bbb33d7..30820604 100644 --- a/docs/static/save-events.png.license +++ b/docs/static/save-events.png.license @@ -2,5 +2,5 @@ This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses - SPDX-License-Identifier: CC-BY-4.0 - SPDX-FileCopyrightText: Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -- Source URL: https://github.com/eclipse-tractusx/portal-assets +- Source URL: https://github.com/eclipse-tractusx/portal-iam diff --git a/docs/static/scenario1.png.license b/docs/static/scenario1.png.license index 8bbb33d7..30820604 100644 --- a/docs/static/scenario1.png.license +++ b/docs/static/scenario1.png.license @@ -2,5 +2,5 @@ This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses - SPDX-License-Identifier: CC-BY-4.0 - SPDX-FileCopyrightText: Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -- Source URL: https://github.com/eclipse-tractusx/portal-assets +- Source URL: https://github.com/eclipse-tractusx/portal-iam diff --git a/docs/static/scenario2-1.png.license b/docs/static/scenario2-1.png.license index 8bbb33d7..30820604 100644 --- a/docs/static/scenario2-1.png.license +++ b/docs/static/scenario2-1.png.license @@ -2,5 +2,5 @@ This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses - SPDX-License-Identifier: CC-BY-4.0 - SPDX-FileCopyrightText: Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -- Source URL: https://github.com/eclipse-tractusx/portal-assets +- Source URL: https://github.com/eclipse-tractusx/portal-iam diff --git a/docs/static/scenario2.png.license b/docs/static/scenario2.png.license index 8bbb33d7..30820604 100644 --- a/docs/static/scenario2.png.license +++ b/docs/static/scenario2.png.license @@ -2,5 +2,5 @@ This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses - SPDX-License-Identifier: CC-BY-4.0 - SPDX-FileCopyrightText: Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -- Source URL: https://github.com/eclipse-tractusx/portal-assets +- Source URL: https://github.com/eclipse-tractusx/portal-iam diff --git a/docs/static/technical-user-accounts-overview.png.license b/docs/static/technical-user-accounts-overview.png.license index 8bbb33d7..30820604 100644 --- a/docs/static/technical-user-accounts-overview.png.license +++ b/docs/static/technical-user-accounts-overview.png.license @@ -2,5 +2,5 @@ This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses - SPDX-License-Identifier: CC-BY-4.0 - SPDX-FileCopyrightText: Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -- Source URL: https://github.com/eclipse-tractusx/portal-assets +- Source URL: https://github.com/eclipse-tractusx/portal-iam diff --git a/docs/static/technical-user-overview.png.license b/docs/static/technical-user-overview.png.license index 8bbb33d7..30820604 100644 --- a/docs/static/technical-user-overview.png.license +++ b/docs/static/technical-user-overview.png.license @@ -2,5 +2,5 @@ This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses - SPDX-License-Identifier: CC-BY-4.0 - SPDX-FileCopyrightText: Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -- Source URL: https://github.com/eclipse-tractusx/portal-assets +- Source URL: https://github.com/eclipse-tractusx/portal-iam diff --git a/docs/static/tokens.png.license b/docs/static/tokens.png.license index 8bbb33d7..30820604 100644 --- a/docs/static/tokens.png.license +++ b/docs/static/tokens.png.license @@ -2,5 +2,5 @@ This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses - SPDX-License-Identifier: CC-BY-4.0 - SPDX-FileCopyrightText: Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -- Source URL: https://github.com/eclipse-tractusx/portal-assets +- Source URL: https://github.com/eclipse-tractusx/portal-iam diff --git a/docs/static/users-view.png.license b/docs/static/users-view.png.license index 8bbb33d7..30820604 100644 --- a/docs/static/users-view.png.license +++ b/docs/static/users-view.png.license @@ -2,5 +2,5 @@ This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses - SPDX-License-Identifier: CC-BY-4.0 - SPDX-FileCopyrightText: Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -- Source URL: https://github.com/eclipse-tractusx/portal-assets +- Source URL: https://github.com/eclipse-tractusx/portal-iam diff --git a/docs/technical documentation/06. Roles & Rights Concept.md b/docs/technical documentation/06. Roles & Rights Concept.md index 383faca4..00732cbf 100644 --- a/docs/technical documentation/06. Roles & Rights Concept.md +++ b/docs/technical documentation/06. Roles & Rights Concept.md @@ -101,7 +101,7 @@ For the BPDM Pools READ rights are given to all CX members. WRITE into the POOL "add_company_data" is only allowed for the platform owner/ operator and (if integrated) possible service providers of BPDM cleanup services. -![BPDM](/docs/static/bpdm-pool.png) +![BPDM](/docs/static/bpdm-pool-overview.png) * Technical User is the corresponding bpdm data provider (operator or/and service provider; no platform customer) #### 2.5.6 BPDM Gate diff --git a/docs/technical documentation/10. Generic Security.md b/docs/technical documentation/10. Generic Security.md index 6449de03..f710e5e2 100644 --- a/docs/technical documentation/10. Generic Security.md +++ b/docs/technical documentation/10. Generic Security.md @@ -1,6 +1,6 @@ ## Security Generic -This document serves as a introduction for the security config of the catena-x reference implementation with Keycloak. The settings outlined are designed to provide a robust security framework for test environments - ensuring the integrity, confidentiality, and availability of our system and data. +This document serves as an introduction for the security config of the catena-x reference implementation with Keycloak. The settings outlined are designed to provide a robust security framework for test environments - ensuring the integrity, confidentiality, and availability of our system and data. Disclaimer: The configurations suggested in this file are starting points and should be adapted to meet the specific security requirements of your environment. It's important to regularly review and update these settings to adapt to new threats and changing organizational needs. @@ -85,9 +85,9 @@ By default, Keycloak sets up a same-origin policy for iframes. ### Open redirects -An open redirector is an endpoint using a parameter to automatically redirect a user agent to the location specified by the parameter value without validation. An attacker can use the end-user authorization endpoint and the redirect URI parameter to use the authorization server as an open redirector, using a user’s trust in an authorization server to launch a phishing attack. +An open redirect is an endpoint using a parameter to automatically redirect a user agent to the location specified by the parameter value without validation. An attacker can use the end-user authorization endpoint and the redirect URI parameter to use the authorization server as an open redirect, using a user’s trust in an authorization server to launch a phishing attack. -Keycloak requires that all registered applications and clients register at least one redirection URI pattern. When a client requests that Keycloak performs a redirect, Keycloak checks the redirect URI against the list of valid registered URI patterns. Clients and applications must register as specific a URI pattern as possible to mitigate open redirector attacks. +Keycloak requires that all registered applications and clients register at least one redirection URI pattern. When a client requests that Keycloak performs a redirect, Keycloak checks the redirect URI against the list of valid registered URI patterns. Clients and applications must register as specific a URI pattern as possible to mitigate open redirects attacks. ### Compromised Authorization code diff --git a/import/keycloak-themes/catenax-shared/login/resources/images/background.svg.license b/import/keycloak-themes/catenax-shared/login/resources/images/background.svg.license index 7eb90696..237685b9 100644 --- a/import/keycloak-themes/catenax-shared/login/resources/images/background.svg.license +++ b/import/keycloak-themes/catenax-shared/login/resources/images/background.svg.license @@ -2,4 +2,4 @@ This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses - SPDX-License-Identifier: CC-BY-4.0 - SPDX-FileCopyrightText: Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -- Source URL: https://github.com/eclipse-tractusx/portal-assets +- Source URL: https://github.com/eclipse-tractusx/portal-iam diff --git a/import/realm-config/consortia/catenax-central/beta/CX-Central-realm.json b/import/realm-config/consortia/catenax-central/beta/CX-Central-realm.json index 3d5f6861..df643dbd 100644 --- a/import/realm-config/consortia/catenax-central/beta/CX-Central-realm.json +++ b/import/realm-config/consortia/catenax-central/beta/CX-Central-realm.json @@ -162,6 +162,9 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], @@ -189,6 +192,7 @@ "activate_subscription", "view_tech_roles", "view_notifications", + "view_certificates", "technical_roles_management", "delete_tech_user_management", "delete_own_user_account", @@ -210,6 +214,15 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, + { + "id": "b4a925ec-cfbf-497f-86cb-f835b6b861ea", + "name": "upload_certificates", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "attributes": {} + }, { "id": "4d1ca50b-8a6e-47ee-9a9b-ed5a919bc0d5", "name": "invite_new_partner", @@ -270,6 +283,15 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, + { + "id": "ca454bd0-e524-4398-8ee4-919646f04925", + "name": "delete_certificates", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "attributes": {} + }, { "id": "27521792-5070-4dd9-93ed-d4fea69877e2", "name": "view_app_language", @@ -305,20 +327,24 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], "Cl2-CX-Portal": [ + "view_technical_setup", + "view_tech_user_management", + "app_management", + "view_tech_roles", + "view_certificates", "view_app_language", "technical_roles_management", "CX User", - "view_technical_setup", - "view_tech_user_management", "edit_apps", - "app_management", "view_use_cases", - "view_apps", - "view_tech_roles" + "view_apps" ] } }, @@ -335,20 +361,37 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], "Cl2-CX-Portal": [ - "view_dataspaces", + "upload_certificates", + "view_app_subscription", "add_user_account", - "filter_apps", - "view_notifications", + "view_company_data", + "delete_certificates", + "view_service_marketplace", "modify_user_account", + "view_service_offering", + "view_autosetup_status", "unsubscribe_apps", - "unsubscribe_services", - "view_apps", + "view_user_management", "subscribe_apps", "view_services", + "view_dataspaces", + "filter_apps", + "view_service_subscriptions", + "view_notifications", + "view_certificates", + "delete_own_user_account", + "unsubscribe_services", + "view_apps", + "view_subscription", + "view_use_case_participation", + "view_connectors", "view_partner_network" ], "Cl3-CX-Semantic": [ @@ -633,6 +676,9 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], @@ -643,7 +689,9 @@ "add_user_account", "view_company_data", "view_managed_idp", + "view_service_marketplace", "modify_user_account", + "view_service_offering", "disable_idp", "add_connectors", "configure_partner_registration", @@ -657,14 +705,18 @@ "update_own_user_account", "add_self_descriptions", "view_user_account", + "view_service_subscriptions", "setup_idp", "view_notifications", "view_certificates", "technical_roles_management", "view_client_roles", "delete_tech_user_management", + "subscribe_service", + "delete_own_user_account", "request_ssicredential", "my_user_account", + "delete_user_account", "view_apps", "view_subscription", "modify_connectors", @@ -691,17 +743,21 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], "Cl2-CX-Portal": [ + "view_service_subscriptions", + "activate_subscription", + "view_certificates", "subscribe_service", "CX User", "view_service_offering", "unsubscribe_apps", - "view_service_subscriptions", "unsubscribe_services", - "activate_subscription", "subscribe_apps", "view_services" ] @@ -756,6 +812,9 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], @@ -763,11 +822,13 @@ "update_company_role", "view_documents", "delete_connectors", + "upload_certificates", "setup_client", "view_app_subscription", "delete_documents", "view_company_data", "view_app_language", + "delete_certificates", "modify_user_account", "view_autosetup_status", "add_connectors", @@ -839,6 +900,9 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], @@ -850,6 +914,7 @@ "filter_apps", "view_company_data", "view_notifications", + "view_certificates", "view_service_marketplace", "view_service_offering", "delete_own_user_account", @@ -906,6 +971,9 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], @@ -915,6 +983,7 @@ "add_user_account", "activate_subscription", "delete_apps", + "view_certificates", "CX User", "view_autosetup_status", "App Developer", @@ -1055,15 +1124,21 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], "Cl2-CX-Portal": [ + "delete_certificates", "subscribe_service_offering", "CX User", + "upload_certificates", "unsubscribe_apps", "view_app_subscription", "unsubscribe_services", + "view_certificates", "subscribe_apps" ] } @@ -1848,6 +1923,24 @@ "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", "attributes": {} }, + { + "id": "ffdc000a-7b44-4117-8794-c87492a50604", + "name": "BPDM Gate Read & Write", + "description": "", + "composite": true, + "composites": { + "client": { + "Cl16-CX-BPDMGate": [ + "view_company_data", + "update_company_data", + "view_shared_data" + ] + } + }, + "clientRole": true, + "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "attributes": {} + }, { "id": "20f2c41a-dacd-4505-877a-bb899066a767", "name": "BPDM Pool", @@ -1863,6 +1956,22 @@ "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", "attributes": {} }, + { + "id": "75211526-5c5e-4c6d-a377-627402c3f1b3", + "name": "BPDM Gate Read", + "description": "", + "composite": true, + "composites": { + "client": { + "Cl16-CX-BPDMGate": [ + "view_company_data" + ] + } + }, + "clientRole": true, + "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "attributes": {} + }, { "id": "6f153999-e1a9-4cc7-b9c0-f53e7c5f7a42", "name": "Identity Wallet Management", @@ -2546,8 +2655,8 @@ "otpPolicyCodeReusable": false, "otpSupportedApplications": [ "totpAppMicrosoftAuthenticatorName", - "totpAppFreeOTPName", - "totpAppGoogleName" + "totpAppGoogleName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -2653,7 +2762,7 @@ }, { "id" : "502dabcf-01c7-47d9-a88e-0be4279097b5", "createdTimestamp" : 1651814956235, - "username" : "cx-operator.656e8a94-188b-4a3e-9eec-b45d8efd8347", + "username" : "ac1cf001-7fbc-1f2f-817f-bce058020006", "enabled" : true, "totp" : false, "emailVerified" : false, @@ -15174,21 +15283,6 @@ "display.on.consent.screen": "false" }, "protocolMappers": [ - { - "id": "748924d3-243b-4d66-9708-89e258dffb2c", - "name": "tenant-mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "tenant", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "tenant", - "jsonType.label": "String" - } - }, { "id": "b3dd05cc-7289-4a87-9625-af60b859d748", "name": "organisation-mapper", @@ -16087,29 +16181,40 @@ ], "identityProviderMappers": [ { - "id": "7698c5c5-61de-47d4-a0f7-45956bc3448b", + "id": "b1821a86-d106-41fd-8530-fe35db674fa7", "name": "organisation-mapper", - "identityProviderAlias": "Service-Provider", + "identityProviderAlias": "Company-2", "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { - "attribute.value": "Service-Provider", + "attribute.value": "company-2", "syncMode": "INHERIT", "attribute": "organisation" } }, { - "id": "362c4703-c93c-46d0-8b44-57410a2f83b5", + "id": "4c60af35-e036-4b5e-be89-68bb8d17b77c", + "name": "username-mapper", + "identityProviderAlias": "Service-Provider", + "identityProviderMapper": "oidc-username-idp-mapper", + "config": { + "syncMode": "INHERIT", + "template": "${ALIAS}.${CLAIM.sub}", + "target": "LOCAL" + } + }, + { + "id": "a626d168-191c-432c-865c-4065701c244d", "name": "organisation-mapper", - "identityProviderAlias": "Security-Company", + "identityProviderAlias": "CX-Test-Access", "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { - "attribute.value": "security-company", + "attribute.value": "CX-Test-Access", "syncMode": "INHERIT", "attribute": "organisation" } }, { - "id": "6077f452-443a-405e-b0bd-a31f90b15a6a", + "id": "8d114037-207e-4116-a3e6-04cd91a4eb56", "name": "organisation-mapper", "identityProviderAlias": "Company-1", "identityProviderMapper": "hardcoded-attribute-idp-mapper", @@ -16120,29 +16225,29 @@ } }, { - "id": "01872600-e492-4891-bf1e-a87d682f60d6", + "id": "3b19bace-cb49-4f13-ae48-68392cbe146c", "name": "organisation-mapper", - "identityProviderAlias": "App-Provider", - "identityProviderMapper": "hardcoded-attribute-idp-mapper", + "identityProviderAlias": "Onboarding-Provider", + "identityProviderMapper": "hardcoded-user-session-attribute-idp-mapper", "config": { - "attribute.value": "App-Provider", + "attribute.value": "Onboarding-Provider", "syncMode": "INHERIT", "attribute": "organisation" } }, { - "id": "8f34d0e9-5f0d-46b5-a863-533493e4b5e2", - "name": "organisation-mapper", - "identityProviderAlias": "CX-Test-Access", - "identityProviderMapper": "hardcoded-attribute-idp-mapper", + "id": "12a1bb4d-7d43-4bab-a397-f98764dac714", + "name": "username mapper", + "identityProviderAlias": "Security-Company", + "identityProviderMapper": "oidc-username-idp-mapper", "config": { - "attribute.value": "CX-Test-Access", "syncMode": "INHERIT", - "attribute": "organisation" + "template": "${ALIAS}.${CLAIM.sub}", + "target": "LOCAL" } }, { - "id": "b3eac58e-f6a1-45b3-aae4-99ab9a273004", + "id": "fdf88ab5-5e7f-451d-9845-67b28651c403", "name": "username-mapper", "identityProviderAlias": "Company-2", "identityProviderMapper": "oidc-username-idp-mapper", @@ -16153,9 +16258,9 @@ } }, { - "id": "b4908715-22a5-4d5a-85c9-aadba0edc548", + "id": "39304984-ba46-448f-8b3a-403a58bb370a", "name": "username-mapper", - "identityProviderAlias": "CX-Operator", + "identityProviderAlias": "Company-1", "identityProviderMapper": "oidc-username-idp-mapper", "config": { "syncMode": "INHERIT", @@ -16164,9 +16269,9 @@ } }, { - "id": "63f85232-7f4b-4888-932b-af98e69a9db7", + "id": "95853fba-6d86-4ec9-8a63-b70096b223b0", "name": "username mapper", - "identityProviderAlias": "Security-Company", + "identityProviderAlias": "CX-Test-Access", "identityProviderMapper": "oidc-username-idp-mapper", "config": { "syncMode": "INHERIT", @@ -16175,9 +16280,20 @@ } }, { - "id": "3ca68e56-c9ab-4532-8ade-086c06fc962b", - "name": "username mapper", - "identityProviderAlias": "CX-Test-Access", + "id": "b31b84dd-0520-4d7e-b260-5b65e35a8bbc", + "name": "organisation-mapper", + "identityProviderAlias": "Service-Provider", + "identityProviderMapper": "hardcoded-attribute-idp-mapper", + "config": { + "attribute.value": "Service-Provider", + "syncMode": "INHERIT", + "attribute": "organisation" + } + }, + { + "id": "471f5a24-3bf8-439e-85a4-e77edabdbe01", + "name": "username-mapper", + "identityProviderAlias": "CX-Operator", "identityProviderMapper": "oidc-username-idp-mapper", "config": { "syncMode": "INHERIT", @@ -16186,7 +16302,7 @@ } }, { - "id": "1194d08d-4b9d-4f03-83ec-68dba650d8c7", + "id": "9c128b39-6691-4b1b-bb2d-811569083828", "name": "username-mapper", "identityProviderAlias": "App-Provider", "identityProviderMapper": "oidc-username-idp-mapper", @@ -16197,7 +16313,7 @@ } }, { - "id": "e01bcaa1-fbfc-4069-a7d7-1dc9844e6696", + "id": "08019f44-b520-47bc-b168-183a723e7b56", "name": "organisation-mapper", "identityProviderAlias": "CX-Operator", "identityProviderMapper": "hardcoded-attribute-idp-mapper", @@ -16208,48 +16324,26 @@ } }, { - "id": "aac3870c-4c68-4d2a-984a-d443ad7d253c", + "id": "512836a8-22b1-45d5-92ad-b7a258c17f4c", "name": "organisation-mapper", - "identityProviderAlias": "Onboarding-Provider", - "identityProviderMapper": "hardcoded-user-session-attribute-idp-mapper", + "identityProviderAlias": "Security-Company", + "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { - "attribute.value": "Onboarding-Provider", + "attribute.value": "security-company", "syncMode": "INHERIT", "attribute": "organisation" } }, { - "id": "7502ee53-a2e9-4d14-80e9-304e96489d85", - "name": "username-mapper", - "identityProviderAlias": "Service-Provider", - "identityProviderMapper": "oidc-username-idp-mapper", - "config": { - "syncMode": "INHERIT", - "template": "${ALIAS}.${CLAIM.sub}", - "target": "LOCAL" - } - }, - { - "id": "00c2fd45-916e-490c-9f95-39ff539e7922", + "id": "44a519c7-4a39-4899-9b3f-b7afbc4ddfe4", "name": "organisation-mapper", - "identityProviderAlias": "Company-2", + "identityProviderAlias": "App-Provider", "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { - "attribute.value": "company-2", + "attribute.value": "App-Provider", "syncMode": "INHERIT", "attribute": "organisation" } - }, - { - "id": "c3c541ed-eed4-4b07-aa36-45457ee0fe67", - "name": "username-mapper", - "identityProviderAlias": "Company-1", - "identityProviderMapper": "oidc-username-idp-mapper", - "config": { - "syncMode": "INHERIT", - "template": "${ALIAS}.${CLAIM.sub}", - "target": "LOCAL" - } } ], "components": { @@ -16297,14 +16391,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ + "saml-user-property-mapper", + "oidc-usermodel-attribute-mapper", "oidc-address-mapper", - "saml-user-attribute-mapper", - "oidc-full-name-mapper", "saml-role-list-mapper", - "oidc-usermodel-attribute-mapper", - "oidc-usermodel-property-mapper", + "oidc-full-name-mapper", "oidc-sha256-pairwise-sub-mapper", - "saml-user-property-mapper" + "oidc-usermodel-property-mapper", + "saml-user-attribute-mapper" ] } }, @@ -16324,14 +16418,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-usermodel-attribute-mapper", - "saml-user-attribute-mapper", + "oidc-full-name-mapper", "saml-role-list-mapper", "oidc-address-mapper", - "oidc-sha256-pairwise-sub-mapper", - "oidc-full-name-mapper", "oidc-usermodel-property-mapper", - "saml-user-property-mapper" + "oidc-usermodel-attribute-mapper", + "saml-user-property-mapper", + "saml-user-attribute-mapper", + "oidc-sha256-pairwise-sub-mapper" ] } }, diff --git a/import/realm-config/consortia/catenax-central/dev/CX-Central-realm.json b/import/realm-config/consortia/catenax-central/dev/CX-Central-realm.json index 41beb178..c6f7f5c5 100644 --- a/import/realm-config/consortia/catenax-central/dev/CX-Central-realm.json +++ b/import/realm-config/consortia/catenax-central/dev/CX-Central-realm.json @@ -162,6 +162,9 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], @@ -189,6 +192,7 @@ "activate_subscription", "view_tech_roles", "view_notifications", + "view_certificates", "technical_roles_management", "delete_tech_user_management", "delete_own_user_account", @@ -210,6 +214,15 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, + { + "id": "b4a925ec-cfbf-497f-86cb-f835b6b861ea", + "name": "upload_certificates", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "attributes": {} + }, { "id": "4d1ca50b-8a6e-47ee-9a9b-ed5a919bc0d5", "name": "invite_new_partner", @@ -270,6 +283,15 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, + { + "id": "ca454bd0-e524-4398-8ee4-919646f04925", + "name": "delete_certificates", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "attributes": {} + }, { "id": "27521792-5070-4dd9-93ed-d4fea69877e2", "name": "view_app_language", @@ -305,20 +327,24 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], "Cl2-CX-Portal": [ + "view_technical_setup", + "view_tech_user_management", + "app_management", + "view_tech_roles", + "view_certificates", "view_app_language", "technical_roles_management", "CX User", - "view_technical_setup", - "view_tech_user_management", "edit_apps", - "app_management", "view_use_cases", - "view_apps", - "view_tech_roles" + "view_apps" ] } }, @@ -335,20 +361,37 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], "Cl2-CX-Portal": [ - "view_dataspaces", + "upload_certificates", + "view_app_subscription", "add_user_account", - "filter_apps", - "view_notifications", + "view_company_data", + "delete_certificates", + "view_service_marketplace", "modify_user_account", + "view_service_offering", + "view_autosetup_status", "unsubscribe_apps", - "unsubscribe_services", - "view_apps", + "view_user_management", "subscribe_apps", "view_services", + "view_dataspaces", + "filter_apps", + "view_service_subscriptions", + "view_notifications", + "view_certificates", + "delete_own_user_account", + "unsubscribe_services", + "view_apps", + "view_subscription", + "view_use_case_participation", + "view_connectors", "view_partner_network" ], "Cl3-CX-Semantic": [ @@ -633,6 +676,9 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], @@ -643,7 +689,9 @@ "add_user_account", "view_company_data", "view_managed_idp", + "view_service_marketplace", "modify_user_account", + "view_service_offering", "disable_idp", "add_connectors", "configure_partner_registration", @@ -657,14 +705,18 @@ "update_own_user_account", "add_self_descriptions", "view_user_account", + "view_service_subscriptions", "setup_idp", "view_notifications", "view_certificates", "technical_roles_management", "view_client_roles", "delete_tech_user_management", + "subscribe_service", + "delete_own_user_account", "request_ssicredential", "my_user_account", + "delete_user_account", "view_apps", "view_subscription", "modify_connectors", @@ -691,17 +743,21 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], "Cl2-CX-Portal": [ + "view_service_subscriptions", + "activate_subscription", + "view_certificates", "subscribe_service", "CX User", "view_service_offering", "unsubscribe_apps", - "view_service_subscriptions", "unsubscribe_services", - "activate_subscription", "subscribe_apps", "view_services" ] @@ -756,6 +812,9 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], @@ -763,11 +822,13 @@ "update_company_role", "view_documents", "delete_connectors", + "upload_certificates", "setup_client", "view_app_subscription", "delete_documents", "view_company_data", "view_app_language", + "delete_certificates", "modify_user_account", "view_autosetup_status", "add_connectors", @@ -839,6 +900,9 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], @@ -850,6 +914,7 @@ "filter_apps", "view_company_data", "view_notifications", + "view_certificates", "view_service_marketplace", "view_service_offering", "delete_own_user_account", @@ -906,6 +971,9 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], @@ -915,6 +983,7 @@ "add_user_account", "activate_subscription", "delete_apps", + "view_certificates", "CX User", "view_autosetup_status", "App Developer", @@ -1055,15 +1124,21 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], "Cl2-CX-Portal": [ + "delete_certificates", "subscribe_service_offering", "CX User", + "upload_certificates", "unsubscribe_apps", "view_app_subscription", "unsubscribe_services", + "view_certificates", "subscribe_apps" ] } @@ -1848,6 +1923,24 @@ "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", "attributes": {} }, + { + "id": "ffdc000a-7b44-4117-8794-c87492a50604", + "name": "BPDM Gate Read & Write", + "description": "", + "composite": true, + "composites": { + "client": { + "Cl16-CX-BPDMGate": [ + "view_company_data", + "update_company_data", + "view_shared_data" + ] + } + }, + "clientRole": true, + "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "attributes": {} + }, { "id": "20f2c41a-dacd-4505-877a-bb899066a767", "name": "BPDM Pool", @@ -1863,6 +1956,22 @@ "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", "attributes": {} }, + { + "id": "75211526-5c5e-4c6d-a377-627402c3f1b3", + "name": "BPDM Gate Read", + "description": "", + "composite": true, + "composites": { + "client": { + "Cl16-CX-BPDMGate": [ + "view_company_data" + ] + } + }, + "clientRole": true, + "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "attributes": {} + }, { "id": "6f153999-e1a9-4cc7-b9c0-f53e7c5f7a42", "name": "Identity Wallet Management", @@ -2546,8 +2655,8 @@ "otpPolicyCodeReusable": false, "otpSupportedApplications": [ "totpAppMicrosoftAuthenticatorName", - "totpAppFreeOTPName", - "totpAppGoogleName" + "totpAppGoogleName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -2653,7 +2762,7 @@ }, { "id" : "502dabcf-01c7-47d9-a88e-0be4279097b5", "createdTimestamp" : 1651814956235, - "username" : "cx-operator.656e8a94-188b-4a3e-9eec-b45d8efd8347", + "username" : "ac1cf001-7fbc-1f2f-817f-bce058020006", "enabled" : true, "totp" : false, "emailVerified" : false, @@ -15174,21 +15283,6 @@ "display.on.consent.screen": "false" }, "protocolMappers": [ - { - "id": "748924d3-243b-4d66-9708-89e258dffb2c", - "name": "tenant-mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "tenant", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "tenant", - "jsonType.label": "String" - } - }, { "id": "b3dd05cc-7289-4a87-9625-af60b859d748", "name": "organisation-mapper", @@ -16087,29 +16181,40 @@ ], "identityProviderMappers": [ { - "id": "7698c5c5-61de-47d4-a0f7-45956bc3448b", + "id": "b1821a86-d106-41fd-8530-fe35db674fa7", "name": "organisation-mapper", - "identityProviderAlias": "Service-Provider", + "identityProviderAlias": "Company-2", "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { - "attribute.value": "Service-Provider", + "attribute.value": "company-2", "syncMode": "INHERIT", "attribute": "organisation" } }, { - "id": "362c4703-c93c-46d0-8b44-57410a2f83b5", + "id": "4c60af35-e036-4b5e-be89-68bb8d17b77c", + "name": "username-mapper", + "identityProviderAlias": "Service-Provider", + "identityProviderMapper": "oidc-username-idp-mapper", + "config": { + "syncMode": "INHERIT", + "template": "${ALIAS}.${CLAIM.sub}", + "target": "LOCAL" + } + }, + { + "id": "a626d168-191c-432c-865c-4065701c244d", "name": "organisation-mapper", - "identityProviderAlias": "Security-Company", + "identityProviderAlias": "CX-Test-Access", "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { - "attribute.value": "security-company", + "attribute.value": "CX-Test-Access", "syncMode": "INHERIT", "attribute": "organisation" } }, { - "id": "6077f452-443a-405e-b0bd-a31f90b15a6a", + "id": "8d114037-207e-4116-a3e6-04cd91a4eb56", "name": "organisation-mapper", "identityProviderAlias": "Company-1", "identityProviderMapper": "hardcoded-attribute-idp-mapper", @@ -16120,29 +16225,29 @@ } }, { - "id": "01872600-e492-4891-bf1e-a87d682f60d6", + "id": "3b19bace-cb49-4f13-ae48-68392cbe146c", "name": "organisation-mapper", - "identityProviderAlias": "App-Provider", - "identityProviderMapper": "hardcoded-attribute-idp-mapper", + "identityProviderAlias": "Onboarding-Provider", + "identityProviderMapper": "hardcoded-user-session-attribute-idp-mapper", "config": { - "attribute.value": "App-Provider", + "attribute.value": "Onboarding-Provider", "syncMode": "INHERIT", "attribute": "organisation" } }, { - "id": "8f34d0e9-5f0d-46b5-a863-533493e4b5e2", - "name": "organisation-mapper", - "identityProviderAlias": "CX-Test-Access", - "identityProviderMapper": "hardcoded-attribute-idp-mapper", + "id": "12a1bb4d-7d43-4bab-a397-f98764dac714", + "name": "username mapper", + "identityProviderAlias": "Security-Company", + "identityProviderMapper": "oidc-username-idp-mapper", "config": { - "attribute.value": "CX-Test-Access", "syncMode": "INHERIT", - "attribute": "organisation" + "template": "${ALIAS}.${CLAIM.sub}", + "target": "LOCAL" } }, { - "id": "b3eac58e-f6a1-45b3-aae4-99ab9a273004", + "id": "fdf88ab5-5e7f-451d-9845-67b28651c403", "name": "username-mapper", "identityProviderAlias": "Company-2", "identityProviderMapper": "oidc-username-idp-mapper", @@ -16153,9 +16258,9 @@ } }, { - "id": "b4908715-22a5-4d5a-85c9-aadba0edc548", + "id": "39304984-ba46-448f-8b3a-403a58bb370a", "name": "username-mapper", - "identityProviderAlias": "CX-Operator", + "identityProviderAlias": "Company-1", "identityProviderMapper": "oidc-username-idp-mapper", "config": { "syncMode": "INHERIT", @@ -16164,9 +16269,9 @@ } }, { - "id": "63f85232-7f4b-4888-932b-af98e69a9db7", + "id": "95853fba-6d86-4ec9-8a63-b70096b223b0", "name": "username mapper", - "identityProviderAlias": "Security-Company", + "identityProviderAlias": "CX-Test-Access", "identityProviderMapper": "oidc-username-idp-mapper", "config": { "syncMode": "INHERIT", @@ -16175,9 +16280,20 @@ } }, { - "id": "3ca68e56-c9ab-4532-8ade-086c06fc962b", - "name": "username mapper", - "identityProviderAlias": "CX-Test-Access", + "id": "b31b84dd-0520-4d7e-b260-5b65e35a8bbc", + "name": "organisation-mapper", + "identityProviderAlias": "Service-Provider", + "identityProviderMapper": "hardcoded-attribute-idp-mapper", + "config": { + "attribute.value": "Service-Provider", + "syncMode": "INHERIT", + "attribute": "organisation" + } + }, + { + "id": "471f5a24-3bf8-439e-85a4-e77edabdbe01", + "name": "username-mapper", + "identityProviderAlias": "CX-Operator", "identityProviderMapper": "oidc-username-idp-mapper", "config": { "syncMode": "INHERIT", @@ -16186,7 +16302,7 @@ } }, { - "id": "1194d08d-4b9d-4f03-83ec-68dba650d8c7", + "id": "9c128b39-6691-4b1b-bb2d-811569083828", "name": "username-mapper", "identityProviderAlias": "App-Provider", "identityProviderMapper": "oidc-username-idp-mapper", @@ -16197,7 +16313,7 @@ } }, { - "id": "e01bcaa1-fbfc-4069-a7d7-1dc9844e6696", + "id": "08019f44-b520-47bc-b168-183a723e7b56", "name": "organisation-mapper", "identityProviderAlias": "CX-Operator", "identityProviderMapper": "hardcoded-attribute-idp-mapper", @@ -16208,48 +16324,26 @@ } }, { - "id": "aac3870c-4c68-4d2a-984a-d443ad7d253c", + "id": "512836a8-22b1-45d5-92ad-b7a258c17f4c", "name": "organisation-mapper", - "identityProviderAlias": "Onboarding-Provider", - "identityProviderMapper": "hardcoded-user-session-attribute-idp-mapper", + "identityProviderAlias": "Security-Company", + "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { - "attribute.value": "Onboarding-Provider", + "attribute.value": "security-company", "syncMode": "INHERIT", "attribute": "organisation" } }, { - "id": "7502ee53-a2e9-4d14-80e9-304e96489d85", - "name": "username-mapper", - "identityProviderAlias": "Service-Provider", - "identityProviderMapper": "oidc-username-idp-mapper", - "config": { - "syncMode": "INHERIT", - "template": "${ALIAS}.${CLAIM.sub}", - "target": "LOCAL" - } - }, - { - "id": "00c2fd45-916e-490c-9f95-39ff539e7922", + "id": "44a519c7-4a39-4899-9b3f-b7afbc4ddfe4", "name": "organisation-mapper", - "identityProviderAlias": "Company-2", + "identityProviderAlias": "App-Provider", "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { - "attribute.value": "company-2", + "attribute.value": "App-Provider", "syncMode": "INHERIT", "attribute": "organisation" } - }, - { - "id": "c3c541ed-eed4-4b07-aa36-45457ee0fe67", - "name": "username-mapper", - "identityProviderAlias": "Company-1", - "identityProviderMapper": "oidc-username-idp-mapper", - "config": { - "syncMode": "INHERIT", - "template": "${ALIAS}.${CLAIM.sub}", - "target": "LOCAL" - } } ], "components": { @@ -16297,14 +16391,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ + "saml-user-property-mapper", + "oidc-usermodel-attribute-mapper", "oidc-address-mapper", - "saml-user-attribute-mapper", - "oidc-full-name-mapper", "saml-role-list-mapper", - "oidc-usermodel-attribute-mapper", - "oidc-usermodel-property-mapper", + "oidc-full-name-mapper", "oidc-sha256-pairwise-sub-mapper", - "saml-user-property-mapper" + "oidc-usermodel-property-mapper", + "saml-user-attribute-mapper" ] } }, @@ -16324,14 +16418,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-usermodel-attribute-mapper", - "saml-user-attribute-mapper", + "oidc-full-name-mapper", "saml-role-list-mapper", "oidc-address-mapper", - "oidc-sha256-pairwise-sub-mapper", - "oidc-full-name-mapper", "oidc-usermodel-property-mapper", - "saml-user-property-mapper" + "oidc-usermodel-attribute-mapper", + "saml-user-property-mapper", + "saml-user-attribute-mapper", + "oidc-sha256-pairwise-sub-mapper" ] } }, diff --git a/import/realm-config/consortia/catenax-central/int/CX-Central-realm.json b/import/realm-config/consortia/catenax-central/int/CX-Central-realm.json index f522d795..bae4d6ba 100644 --- a/import/realm-config/consortia/catenax-central/int/CX-Central-realm.json +++ b/import/realm-config/consortia/catenax-central/int/CX-Central-realm.json @@ -162,6 +162,9 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], @@ -189,6 +192,7 @@ "activate_subscription", "view_tech_roles", "view_notifications", + "view_certificates", "technical_roles_management", "delete_tech_user_management", "delete_own_user_account", @@ -210,6 +214,15 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, + { + "id": "b4a925ec-cfbf-497f-86cb-f835b6b861ea", + "name": "upload_certificates", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "attributes": {} + }, { "id": "4d1ca50b-8a6e-47ee-9a9b-ed5a919bc0d5", "name": "invite_new_partner", @@ -270,6 +283,15 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, + { + "id": "ca454bd0-e524-4398-8ee4-919646f04925", + "name": "delete_certificates", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "attributes": {} + }, { "id": "27521792-5070-4dd9-93ed-d4fea69877e2", "name": "view_app_language", @@ -305,20 +327,24 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], "Cl2-CX-Portal": [ + "view_technical_setup", + "view_tech_user_management", + "app_management", + "view_tech_roles", + "view_certificates", "view_app_language", "technical_roles_management", "CX User", - "view_technical_setup", - "view_tech_user_management", "edit_apps", - "app_management", "view_use_cases", - "view_apps", - "view_tech_roles" + "view_apps" ] } }, @@ -335,20 +361,37 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], "Cl2-CX-Portal": [ - "view_dataspaces", + "upload_certificates", + "view_app_subscription", "add_user_account", - "filter_apps", - "view_notifications", + "view_company_data", + "delete_certificates", + "view_service_marketplace", "modify_user_account", + "view_service_offering", + "view_autosetup_status", "unsubscribe_apps", - "unsubscribe_services", - "view_apps", + "view_user_management", "subscribe_apps", "view_services", + "view_dataspaces", + "filter_apps", + "view_service_subscriptions", + "view_notifications", + "view_certificates", + "delete_own_user_account", + "unsubscribe_services", + "view_apps", + "view_subscription", + "view_use_case_participation", + "view_connectors", "view_partner_network" ], "Cl3-CX-Semantic": [ @@ -633,6 +676,9 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], @@ -643,7 +689,9 @@ "add_user_account", "view_company_data", "view_managed_idp", + "view_service_marketplace", "modify_user_account", + "view_service_offering", "disable_idp", "add_connectors", "configure_partner_registration", @@ -657,14 +705,18 @@ "update_own_user_account", "add_self_descriptions", "view_user_account", + "view_service_subscriptions", "setup_idp", "view_notifications", "view_certificates", "technical_roles_management", "view_client_roles", "delete_tech_user_management", + "subscribe_service", + "delete_own_user_account", "request_ssicredential", "my_user_account", + "delete_user_account", "view_apps", "view_subscription", "modify_connectors", @@ -691,17 +743,21 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], "Cl2-CX-Portal": [ + "view_service_subscriptions", + "activate_subscription", + "view_certificates", "subscribe_service", "CX User", "view_service_offering", "unsubscribe_apps", - "view_service_subscriptions", "unsubscribe_services", - "activate_subscription", "subscribe_apps", "view_services" ] @@ -756,6 +812,9 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], @@ -763,11 +822,13 @@ "update_company_role", "view_documents", "delete_connectors", + "upload_certificates", "setup_client", "view_app_subscription", "delete_documents", "view_company_data", "view_app_language", + "delete_certificates", "modify_user_account", "view_autosetup_status", "add_connectors", @@ -839,6 +900,9 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], @@ -850,6 +914,7 @@ "filter_apps", "view_company_data", "view_notifications", + "view_certificates", "view_service_marketplace", "view_service_offering", "delete_own_user_account", @@ -906,6 +971,9 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], @@ -915,6 +983,7 @@ "add_user_account", "activate_subscription", "delete_apps", + "view_certificates", "CX User", "view_autosetup_status", "App Developer", @@ -1055,15 +1124,21 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], "Cl2-CX-Portal": [ + "delete_certificates", "subscribe_service_offering", "CX User", + "upload_certificates", "unsubscribe_apps", "view_app_subscription", "unsubscribe_services", + "view_certificates", "subscribe_apps" ] } @@ -1848,6 +1923,24 @@ "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", "attributes": {} }, + { + "id": "ffdc000a-7b44-4117-8794-c87492a50604", + "name": "BPDM Gate Read & Write", + "description": "", + "composite": true, + "composites": { + "client": { + "Cl16-CX-BPDMGate": [ + "view_company_data", + "update_company_data", + "view_shared_data" + ] + } + }, + "clientRole": true, + "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "attributes": {} + }, { "id": "20f2c41a-dacd-4505-877a-bb899066a767", "name": "BPDM Pool", @@ -1863,6 +1956,22 @@ "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", "attributes": {} }, + { + "id": "75211526-5c5e-4c6d-a377-627402c3f1b3", + "name": "BPDM Gate Read", + "description": "", + "composite": true, + "composites": { + "client": { + "Cl16-CX-BPDMGate": [ + "view_company_data" + ] + } + }, + "clientRole": true, + "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "attributes": {} + }, { "id": "6f153999-e1a9-4cc7-b9c0-f53e7c5f7a42", "name": "Identity Wallet Management", @@ -2546,8 +2655,8 @@ "otpPolicyCodeReusable": false, "otpSupportedApplications": [ "totpAppMicrosoftAuthenticatorName", - "totpAppFreeOTPName", - "totpAppGoogleName" + "totpAppGoogleName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -2653,7 +2762,7 @@ }, { "id" : "502dabcf-01c7-47d9-a88e-0be4279097b5", "createdTimestamp" : 1651814956235, - "username" : "cx-operator.656e8a94-188b-4a3e-9eec-b45d8efd8347", + "username" : "ac1cf001-7fbc-1f2f-817f-bce058020006", "enabled" : true, "totp" : false, "emailVerified" : false, @@ -15174,21 +15283,6 @@ "display.on.consent.screen": "false" }, "protocolMappers": [ - { - "id": "748924d3-243b-4d66-9708-89e258dffb2c", - "name": "tenant-mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "tenant", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "tenant", - "jsonType.label": "String" - } - }, { "id": "b3dd05cc-7289-4a87-9625-af60b859d748", "name": "organisation-mapper", @@ -16087,29 +16181,40 @@ ], "identityProviderMappers": [ { - "id": "7698c5c5-61de-47d4-a0f7-45956bc3448b", + "id": "b1821a86-d106-41fd-8530-fe35db674fa7", "name": "organisation-mapper", - "identityProviderAlias": "Service-Provider", + "identityProviderAlias": "Company-2", "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { - "attribute.value": "Service-Provider", + "attribute.value": "company-2", "syncMode": "INHERIT", "attribute": "organisation" } }, { - "id": "362c4703-c93c-46d0-8b44-57410a2f83b5", + "id": "4c60af35-e036-4b5e-be89-68bb8d17b77c", + "name": "username-mapper", + "identityProviderAlias": "Service-Provider", + "identityProviderMapper": "oidc-username-idp-mapper", + "config": { + "syncMode": "INHERIT", + "template": "${ALIAS}.${CLAIM.sub}", + "target": "LOCAL" + } + }, + { + "id": "a626d168-191c-432c-865c-4065701c244d", "name": "organisation-mapper", - "identityProviderAlias": "Security-Company", + "identityProviderAlias": "CX-Test-Access", "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { - "attribute.value": "security-company", + "attribute.value": "CX-Test-Access", "syncMode": "INHERIT", "attribute": "organisation" } }, { - "id": "6077f452-443a-405e-b0bd-a31f90b15a6a", + "id": "8d114037-207e-4116-a3e6-04cd91a4eb56", "name": "organisation-mapper", "identityProviderAlias": "Company-1", "identityProviderMapper": "hardcoded-attribute-idp-mapper", @@ -16120,29 +16225,29 @@ } }, { - "id": "01872600-e492-4891-bf1e-a87d682f60d6", + "id": "3b19bace-cb49-4f13-ae48-68392cbe146c", "name": "organisation-mapper", - "identityProviderAlias": "App-Provider", - "identityProviderMapper": "hardcoded-attribute-idp-mapper", + "identityProviderAlias": "Onboarding-Provider", + "identityProviderMapper": "hardcoded-user-session-attribute-idp-mapper", "config": { - "attribute.value": "App-Provider", + "attribute.value": "Onboarding-Provider", "syncMode": "INHERIT", "attribute": "organisation" } }, { - "id": "8f34d0e9-5f0d-46b5-a863-533493e4b5e2", - "name": "organisation-mapper", - "identityProviderAlias": "CX-Test-Access", - "identityProviderMapper": "hardcoded-attribute-idp-mapper", + "id": "12a1bb4d-7d43-4bab-a397-f98764dac714", + "name": "username mapper", + "identityProviderAlias": "Security-Company", + "identityProviderMapper": "oidc-username-idp-mapper", "config": { - "attribute.value": "CX-Test-Access", "syncMode": "INHERIT", - "attribute": "organisation" + "template": "${ALIAS}.${CLAIM.sub}", + "target": "LOCAL" } }, { - "id": "b3eac58e-f6a1-45b3-aae4-99ab9a273004", + "id": "fdf88ab5-5e7f-451d-9845-67b28651c403", "name": "username-mapper", "identityProviderAlias": "Company-2", "identityProviderMapper": "oidc-username-idp-mapper", @@ -16153,9 +16258,9 @@ } }, { - "id": "b4908715-22a5-4d5a-85c9-aadba0edc548", + "id": "39304984-ba46-448f-8b3a-403a58bb370a", "name": "username-mapper", - "identityProviderAlias": "CX-Operator", + "identityProviderAlias": "Company-1", "identityProviderMapper": "oidc-username-idp-mapper", "config": { "syncMode": "INHERIT", @@ -16164,9 +16269,9 @@ } }, { - "id": "63f85232-7f4b-4888-932b-af98e69a9db7", + "id": "95853fba-6d86-4ec9-8a63-b70096b223b0", "name": "username mapper", - "identityProviderAlias": "Security-Company", + "identityProviderAlias": "CX-Test-Access", "identityProviderMapper": "oidc-username-idp-mapper", "config": { "syncMode": "INHERIT", @@ -16175,9 +16280,20 @@ } }, { - "id": "3ca68e56-c9ab-4532-8ade-086c06fc962b", - "name": "username mapper", - "identityProviderAlias": "CX-Test-Access", + "id": "b31b84dd-0520-4d7e-b260-5b65e35a8bbc", + "name": "organisation-mapper", + "identityProviderAlias": "Service-Provider", + "identityProviderMapper": "hardcoded-attribute-idp-mapper", + "config": { + "attribute.value": "Service-Provider", + "syncMode": "INHERIT", + "attribute": "organisation" + } + }, + { + "id": "471f5a24-3bf8-439e-85a4-e77edabdbe01", + "name": "username-mapper", + "identityProviderAlias": "CX-Operator", "identityProviderMapper": "oidc-username-idp-mapper", "config": { "syncMode": "INHERIT", @@ -16186,7 +16302,7 @@ } }, { - "id": "1194d08d-4b9d-4f03-83ec-68dba650d8c7", + "id": "9c128b39-6691-4b1b-bb2d-811569083828", "name": "username-mapper", "identityProviderAlias": "App-Provider", "identityProviderMapper": "oidc-username-idp-mapper", @@ -16197,7 +16313,7 @@ } }, { - "id": "e01bcaa1-fbfc-4069-a7d7-1dc9844e6696", + "id": "08019f44-b520-47bc-b168-183a723e7b56", "name": "organisation-mapper", "identityProviderAlias": "CX-Operator", "identityProviderMapper": "hardcoded-attribute-idp-mapper", @@ -16208,48 +16324,26 @@ } }, { - "id": "aac3870c-4c68-4d2a-984a-d443ad7d253c", + "id": "512836a8-22b1-45d5-92ad-b7a258c17f4c", "name": "organisation-mapper", - "identityProviderAlias": "Onboarding-Provider", - "identityProviderMapper": "hardcoded-user-session-attribute-idp-mapper", + "identityProviderAlias": "Security-Company", + "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { - "attribute.value": "Onboarding-Provider", + "attribute.value": "security-company", "syncMode": "INHERIT", "attribute": "organisation" } }, { - "id": "7502ee53-a2e9-4d14-80e9-304e96489d85", - "name": "username-mapper", - "identityProviderAlias": "Service-Provider", - "identityProviderMapper": "oidc-username-idp-mapper", - "config": { - "syncMode": "INHERIT", - "template": "${ALIAS}.${CLAIM.sub}", - "target": "LOCAL" - } - }, - { - "id": "00c2fd45-916e-490c-9f95-39ff539e7922", + "id": "44a519c7-4a39-4899-9b3f-b7afbc4ddfe4", "name": "organisation-mapper", - "identityProviderAlias": "Company-2", + "identityProviderAlias": "App-Provider", "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { - "attribute.value": "company-2", + "attribute.value": "App-Provider", "syncMode": "INHERIT", "attribute": "organisation" } - }, - { - "id": "c3c541ed-eed4-4b07-aa36-45457ee0fe67", - "name": "username-mapper", - "identityProviderAlias": "Company-1", - "identityProviderMapper": "oidc-username-idp-mapper", - "config": { - "syncMode": "INHERIT", - "template": "${ALIAS}.${CLAIM.sub}", - "target": "LOCAL" - } } ], "components": { @@ -16297,14 +16391,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ + "saml-user-property-mapper", + "oidc-usermodel-attribute-mapper", "oidc-address-mapper", - "saml-user-attribute-mapper", - "oidc-full-name-mapper", "saml-role-list-mapper", - "oidc-usermodel-attribute-mapper", - "oidc-usermodel-property-mapper", + "oidc-full-name-mapper", "oidc-sha256-pairwise-sub-mapper", - "saml-user-property-mapper" + "oidc-usermodel-property-mapper", + "saml-user-attribute-mapper" ] } }, @@ -16324,14 +16418,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-usermodel-attribute-mapper", - "saml-user-attribute-mapper", + "oidc-full-name-mapper", "saml-role-list-mapper", "oidc-address-mapper", - "oidc-sha256-pairwise-sub-mapper", - "oidc-full-name-mapper", "oidc-usermodel-property-mapper", - "saml-user-property-mapper" + "oidc-usermodel-attribute-mapper", + "saml-user-property-mapper", + "saml-user-attribute-mapper", + "oidc-sha256-pairwise-sub-mapper" ] } }, diff --git a/import/realm-config/consortia/catenax-central/pen/CX-Central-realm.json b/import/realm-config/consortia/catenax-central/pen/CX-Central-realm.json index d5b0b34f..98c00a03 100644 --- a/import/realm-config/consortia/catenax-central/pen/CX-Central-realm.json +++ b/import/realm-config/consortia/catenax-central/pen/CX-Central-realm.json @@ -162,6 +162,9 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], @@ -189,6 +192,7 @@ "activate_subscription", "view_tech_roles", "view_notifications", + "view_certificates", "technical_roles_management", "delete_tech_user_management", "delete_own_user_account", @@ -210,6 +214,15 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, + { + "id": "b4a925ec-cfbf-497f-86cb-f835b6b861ea", + "name": "upload_certificates", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "attributes": {} + }, { "id": "4d1ca50b-8a6e-47ee-9a9b-ed5a919bc0d5", "name": "invite_new_partner", @@ -270,6 +283,15 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, + { + "id": "ca454bd0-e524-4398-8ee4-919646f04925", + "name": "delete_certificates", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "attributes": {} + }, { "id": "27521792-5070-4dd9-93ed-d4fea69877e2", "name": "view_app_language", @@ -305,20 +327,24 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], "Cl2-CX-Portal": [ + "view_technical_setup", + "view_tech_user_management", + "app_management", + "view_tech_roles", + "view_certificates", "view_app_language", "technical_roles_management", "CX User", - "view_technical_setup", - "view_tech_user_management", "edit_apps", - "app_management", "view_use_cases", - "view_apps", - "view_tech_roles" + "view_apps" ] } }, @@ -335,20 +361,37 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], "Cl2-CX-Portal": [ - "view_dataspaces", + "upload_certificates", + "view_app_subscription", "add_user_account", - "filter_apps", - "view_notifications", + "view_company_data", + "delete_certificates", + "view_service_marketplace", "modify_user_account", + "view_service_offering", + "view_autosetup_status", "unsubscribe_apps", - "unsubscribe_services", - "view_apps", + "view_user_management", "subscribe_apps", "view_services", + "view_dataspaces", + "filter_apps", + "view_service_subscriptions", + "view_notifications", + "view_certificates", + "delete_own_user_account", + "unsubscribe_services", + "view_apps", + "view_subscription", + "view_use_case_participation", + "view_connectors", "view_partner_network" ], "Cl3-CX-Semantic": [ @@ -633,6 +676,9 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], @@ -643,7 +689,9 @@ "add_user_account", "view_company_data", "view_managed_idp", + "view_service_marketplace", "modify_user_account", + "view_service_offering", "disable_idp", "add_connectors", "configure_partner_registration", @@ -657,14 +705,18 @@ "update_own_user_account", "add_self_descriptions", "view_user_account", + "view_service_subscriptions", "setup_idp", "view_notifications", "view_certificates", "technical_roles_management", "view_client_roles", "delete_tech_user_management", + "subscribe_service", + "delete_own_user_account", "request_ssicredential", "my_user_account", + "delete_user_account", "view_apps", "view_subscription", "modify_connectors", @@ -691,17 +743,21 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], "Cl2-CX-Portal": [ + "view_service_subscriptions", + "activate_subscription", + "view_certificates", "subscribe_service", "CX User", "view_service_offering", "unsubscribe_apps", - "view_service_subscriptions", "unsubscribe_services", - "activate_subscription", "subscribe_apps", "view_services" ] @@ -756,6 +812,9 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], @@ -763,11 +822,13 @@ "update_company_role", "view_documents", "delete_connectors", + "upload_certificates", "setup_client", "view_app_subscription", "delete_documents", "view_company_data", "view_app_language", + "delete_certificates", "modify_user_account", "view_autosetup_status", "add_connectors", @@ -839,6 +900,9 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], @@ -850,6 +914,7 @@ "filter_apps", "view_company_data", "view_notifications", + "view_certificates", "view_service_marketplace", "view_service_offering", "delete_own_user_account", @@ -906,6 +971,9 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], @@ -915,6 +983,7 @@ "add_user_account", "activate_subscription", "delete_apps", + "view_certificates", "CX User", "view_autosetup_status", "App Developer", @@ -1055,15 +1124,21 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], "Cl2-CX-Portal": [ + "delete_certificates", "subscribe_service_offering", "CX User", + "upload_certificates", "unsubscribe_apps", "view_app_subscription", "unsubscribe_services", + "view_certificates", "subscribe_apps" ] } @@ -1848,6 +1923,24 @@ "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", "attributes": {} }, + { + "id": "ffdc000a-7b44-4117-8794-c87492a50604", + "name": "BPDM Gate Read & Write", + "description": "", + "composite": true, + "composites": { + "client": { + "Cl16-CX-BPDMGate": [ + "view_company_data", + "update_company_data", + "view_shared_data" + ] + } + }, + "clientRole": true, + "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "attributes": {} + }, { "id": "20f2c41a-dacd-4505-877a-bb899066a767", "name": "BPDM Pool", @@ -1863,6 +1956,22 @@ "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", "attributes": {} }, + { + "id": "75211526-5c5e-4c6d-a377-627402c3f1b3", + "name": "BPDM Gate Read", + "description": "", + "composite": true, + "composites": { + "client": { + "Cl16-CX-BPDMGate": [ + "view_company_data" + ] + } + }, + "clientRole": true, + "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "attributes": {} + }, { "id": "6f153999-e1a9-4cc7-b9c0-f53e7c5f7a42", "name": "Identity Wallet Management", @@ -2546,8 +2655,8 @@ "otpPolicyCodeReusable": false, "otpSupportedApplications": [ "totpAppMicrosoftAuthenticatorName", - "totpAppFreeOTPName", - "totpAppGoogleName" + "totpAppGoogleName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -2653,7 +2762,7 @@ }, { "id" : "502dabcf-01c7-47d9-a88e-0be4279097b5", "createdTimestamp" : 1651814956235, - "username" : "cx-operator.656e8a94-188b-4a3e-9eec-b45d8efd8347", + "username" : "ac1cf001-7fbc-1f2f-817f-bce058020006", "enabled" : true, "totp" : false, "emailVerified" : false, @@ -15174,21 +15283,6 @@ "display.on.consent.screen": "false" }, "protocolMappers": [ - { - "id": "748924d3-243b-4d66-9708-89e258dffb2c", - "name": "tenant-mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "tenant", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "tenant", - "jsonType.label": "String" - } - }, { "id": "b3dd05cc-7289-4a87-9625-af60b859d748", "name": "organisation-mapper", @@ -16087,29 +16181,40 @@ ], "identityProviderMappers": [ { - "id": "7698c5c5-61de-47d4-a0f7-45956bc3448b", + "id": "b1821a86-d106-41fd-8530-fe35db674fa7", "name": "organisation-mapper", - "identityProviderAlias": "Service-Provider", + "identityProviderAlias": "Company-2", "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { - "attribute.value": "Service-Provider", + "attribute.value": "company-2", "syncMode": "INHERIT", "attribute": "organisation" } }, { - "id": "362c4703-c93c-46d0-8b44-57410a2f83b5", + "id": "4c60af35-e036-4b5e-be89-68bb8d17b77c", + "name": "username-mapper", + "identityProviderAlias": "Service-Provider", + "identityProviderMapper": "oidc-username-idp-mapper", + "config": { + "syncMode": "INHERIT", + "template": "${ALIAS}.${CLAIM.sub}", + "target": "LOCAL" + } + }, + { + "id": "a626d168-191c-432c-865c-4065701c244d", "name": "organisation-mapper", - "identityProviderAlias": "Security-Company", + "identityProviderAlias": "CX-Test-Access", "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { - "attribute.value": "security-company", + "attribute.value": "CX-Test-Access", "syncMode": "INHERIT", "attribute": "organisation" } }, { - "id": "6077f452-443a-405e-b0bd-a31f90b15a6a", + "id": "8d114037-207e-4116-a3e6-04cd91a4eb56", "name": "organisation-mapper", "identityProviderAlias": "Company-1", "identityProviderMapper": "hardcoded-attribute-idp-mapper", @@ -16120,29 +16225,29 @@ } }, { - "id": "01872600-e492-4891-bf1e-a87d682f60d6", + "id": "3b19bace-cb49-4f13-ae48-68392cbe146c", "name": "organisation-mapper", - "identityProviderAlias": "App-Provider", - "identityProviderMapper": "hardcoded-attribute-idp-mapper", + "identityProviderAlias": "Onboarding-Provider", + "identityProviderMapper": "hardcoded-user-session-attribute-idp-mapper", "config": { - "attribute.value": "App-Provider", + "attribute.value": "Onboarding-Provider", "syncMode": "INHERIT", "attribute": "organisation" } }, { - "id": "8f34d0e9-5f0d-46b5-a863-533493e4b5e2", - "name": "organisation-mapper", - "identityProviderAlias": "CX-Test-Access", - "identityProviderMapper": "hardcoded-attribute-idp-mapper", + "id": "12a1bb4d-7d43-4bab-a397-f98764dac714", + "name": "username mapper", + "identityProviderAlias": "Security-Company", + "identityProviderMapper": "oidc-username-idp-mapper", "config": { - "attribute.value": "CX-Test-Access", "syncMode": "INHERIT", - "attribute": "organisation" + "template": "${ALIAS}.${CLAIM.sub}", + "target": "LOCAL" } }, { - "id": "b3eac58e-f6a1-45b3-aae4-99ab9a273004", + "id": "fdf88ab5-5e7f-451d-9845-67b28651c403", "name": "username-mapper", "identityProviderAlias": "Company-2", "identityProviderMapper": "oidc-username-idp-mapper", @@ -16153,9 +16258,9 @@ } }, { - "id": "b4908715-22a5-4d5a-85c9-aadba0edc548", + "id": "39304984-ba46-448f-8b3a-403a58bb370a", "name": "username-mapper", - "identityProviderAlias": "CX-Operator", + "identityProviderAlias": "Company-1", "identityProviderMapper": "oidc-username-idp-mapper", "config": { "syncMode": "INHERIT", @@ -16164,9 +16269,9 @@ } }, { - "id": "63f85232-7f4b-4888-932b-af98e69a9db7", + "id": "95853fba-6d86-4ec9-8a63-b70096b223b0", "name": "username mapper", - "identityProviderAlias": "Security-Company", + "identityProviderAlias": "CX-Test-Access", "identityProviderMapper": "oidc-username-idp-mapper", "config": { "syncMode": "INHERIT", @@ -16175,9 +16280,20 @@ } }, { - "id": "3ca68e56-c9ab-4532-8ade-086c06fc962b", - "name": "username mapper", - "identityProviderAlias": "CX-Test-Access", + "id": "b31b84dd-0520-4d7e-b260-5b65e35a8bbc", + "name": "organisation-mapper", + "identityProviderAlias": "Service-Provider", + "identityProviderMapper": "hardcoded-attribute-idp-mapper", + "config": { + "attribute.value": "Service-Provider", + "syncMode": "INHERIT", + "attribute": "organisation" + } + }, + { + "id": "471f5a24-3bf8-439e-85a4-e77edabdbe01", + "name": "username-mapper", + "identityProviderAlias": "CX-Operator", "identityProviderMapper": "oidc-username-idp-mapper", "config": { "syncMode": "INHERIT", @@ -16186,7 +16302,7 @@ } }, { - "id": "1194d08d-4b9d-4f03-83ec-68dba650d8c7", + "id": "9c128b39-6691-4b1b-bb2d-811569083828", "name": "username-mapper", "identityProviderAlias": "App-Provider", "identityProviderMapper": "oidc-username-idp-mapper", @@ -16197,7 +16313,7 @@ } }, { - "id": "e01bcaa1-fbfc-4069-a7d7-1dc9844e6696", + "id": "08019f44-b520-47bc-b168-183a723e7b56", "name": "organisation-mapper", "identityProviderAlias": "CX-Operator", "identityProviderMapper": "hardcoded-attribute-idp-mapper", @@ -16208,48 +16324,26 @@ } }, { - "id": "aac3870c-4c68-4d2a-984a-d443ad7d253c", + "id": "512836a8-22b1-45d5-92ad-b7a258c17f4c", "name": "organisation-mapper", - "identityProviderAlias": "Onboarding-Provider", - "identityProviderMapper": "hardcoded-user-session-attribute-idp-mapper", + "identityProviderAlias": "Security-Company", + "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { - "attribute.value": "Onboarding-Provider", + "attribute.value": "security-company", "syncMode": "INHERIT", "attribute": "organisation" } }, { - "id": "7502ee53-a2e9-4d14-80e9-304e96489d85", - "name": "username-mapper", - "identityProviderAlias": "Service-Provider", - "identityProviderMapper": "oidc-username-idp-mapper", - "config": { - "syncMode": "INHERIT", - "template": "${ALIAS}.${CLAIM.sub}", - "target": "LOCAL" - } - }, - { - "id": "00c2fd45-916e-490c-9f95-39ff539e7922", + "id": "44a519c7-4a39-4899-9b3f-b7afbc4ddfe4", "name": "organisation-mapper", - "identityProviderAlias": "Company-2", + "identityProviderAlias": "App-Provider", "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { - "attribute.value": "company-2", + "attribute.value": "App-Provider", "syncMode": "INHERIT", "attribute": "organisation" } - }, - { - "id": "c3c541ed-eed4-4b07-aa36-45457ee0fe67", - "name": "username-mapper", - "identityProviderAlias": "Company-1", - "identityProviderMapper": "oidc-username-idp-mapper", - "config": { - "syncMode": "INHERIT", - "template": "${ALIAS}.${CLAIM.sub}", - "target": "LOCAL" - } } ], "components": { @@ -16297,14 +16391,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ + "saml-user-property-mapper", + "oidc-usermodel-attribute-mapper", "oidc-address-mapper", - "saml-user-attribute-mapper", - "oidc-full-name-mapper", "saml-role-list-mapper", - "oidc-usermodel-attribute-mapper", - "oidc-usermodel-property-mapper", + "oidc-full-name-mapper", "oidc-sha256-pairwise-sub-mapper", - "saml-user-property-mapper" + "oidc-usermodel-property-mapper", + "saml-user-attribute-mapper" ] } }, @@ -16324,14 +16418,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-usermodel-attribute-mapper", - "saml-user-attribute-mapper", + "oidc-full-name-mapper", "saml-role-list-mapper", "oidc-address-mapper", - "oidc-sha256-pairwise-sub-mapper", - "oidc-full-name-mapper", "oidc-usermodel-property-mapper", - "saml-user-property-mapper" + "oidc-usermodel-attribute-mapper", + "saml-user-property-mapper", + "saml-user-attribute-mapper", + "oidc-sha256-pairwise-sub-mapper" ] } }, diff --git a/import/realm-config/consortia/catenax-central/rc/CX-Central-realm.json b/import/realm-config/consortia/catenax-central/rc/CX-Central-realm.json index a8f0a59d..fe5dbe65 100644 --- a/import/realm-config/consortia/catenax-central/rc/CX-Central-realm.json +++ b/import/realm-config/consortia/catenax-central/rc/CX-Central-realm.json @@ -162,6 +162,9 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], @@ -189,6 +192,7 @@ "activate_subscription", "view_tech_roles", "view_notifications", + "view_certificates", "technical_roles_management", "delete_tech_user_management", "delete_own_user_account", @@ -210,6 +214,15 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, + { + "id": "b4a925ec-cfbf-497f-86cb-f835b6b861ea", + "name": "upload_certificates", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "attributes": {} + }, { "id": "4d1ca50b-8a6e-47ee-9a9b-ed5a919bc0d5", "name": "invite_new_partner", @@ -270,6 +283,15 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, + { + "id": "ca454bd0-e524-4398-8ee4-919646f04925", + "name": "delete_certificates", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "attributes": {} + }, { "id": "27521792-5070-4dd9-93ed-d4fea69877e2", "name": "view_app_language", @@ -305,20 +327,24 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], "Cl2-CX-Portal": [ + "view_technical_setup", + "view_tech_user_management", + "app_management", + "view_tech_roles", + "view_certificates", "view_app_language", "technical_roles_management", "CX User", - "view_technical_setup", - "view_tech_user_management", "edit_apps", - "app_management", "view_use_cases", - "view_apps", - "view_tech_roles" + "view_apps" ] } }, @@ -335,20 +361,37 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], "Cl2-CX-Portal": [ - "view_dataspaces", + "upload_certificates", + "view_app_subscription", "add_user_account", - "filter_apps", - "view_notifications", + "view_company_data", + "delete_certificates", + "view_service_marketplace", "modify_user_account", + "view_service_offering", + "view_autosetup_status", "unsubscribe_apps", - "unsubscribe_services", - "view_apps", + "view_user_management", "subscribe_apps", "view_services", + "view_dataspaces", + "filter_apps", + "view_service_subscriptions", + "view_notifications", + "view_certificates", + "delete_own_user_account", + "unsubscribe_services", + "view_apps", + "view_subscription", + "view_use_case_participation", + "view_connectors", "view_partner_network" ], "Cl3-CX-Semantic": [ @@ -633,6 +676,9 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], @@ -643,7 +689,9 @@ "add_user_account", "view_company_data", "view_managed_idp", + "view_service_marketplace", "modify_user_account", + "view_service_offering", "disable_idp", "add_connectors", "configure_partner_registration", @@ -657,14 +705,18 @@ "update_own_user_account", "add_self_descriptions", "view_user_account", + "view_service_subscriptions", "setup_idp", "view_notifications", "view_certificates", "technical_roles_management", "view_client_roles", "delete_tech_user_management", + "subscribe_service", + "delete_own_user_account", "request_ssicredential", "my_user_account", + "delete_user_account", "view_apps", "view_subscription", "modify_connectors", @@ -691,17 +743,21 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], "Cl2-CX-Portal": [ + "view_service_subscriptions", + "activate_subscription", + "view_certificates", "subscribe_service", "CX User", "view_service_offering", "unsubscribe_apps", - "view_service_subscriptions", "unsubscribe_services", - "activate_subscription", "subscribe_apps", "view_services" ] @@ -756,6 +812,9 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], @@ -763,11 +822,13 @@ "update_company_role", "view_documents", "delete_connectors", + "upload_certificates", "setup_client", "view_app_subscription", "delete_documents", "view_company_data", "view_app_language", + "delete_certificates", "modify_user_account", "view_autosetup_status", "add_connectors", @@ -839,6 +900,9 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], @@ -850,6 +914,7 @@ "filter_apps", "view_company_data", "view_notifications", + "view_certificates", "view_service_marketplace", "view_service_offering", "delete_own_user_account", @@ -906,6 +971,9 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], @@ -915,6 +983,7 @@ "add_user_account", "activate_subscription", "delete_apps", + "view_certificates", "CX User", "view_autosetup_status", "App Developer", @@ -1055,15 +1124,21 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], "Cl2-CX-Portal": [ + "delete_certificates", "subscribe_service_offering", "CX User", + "upload_certificates", "unsubscribe_apps", "view_app_subscription", "unsubscribe_services", + "view_certificates", "subscribe_apps" ] } @@ -1848,6 +1923,24 @@ "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", "attributes": {} }, + { + "id": "ffdc000a-7b44-4117-8794-c87492a50604", + "name": "BPDM Gate Read & Write", + "description": "", + "composite": true, + "composites": { + "client": { + "Cl16-CX-BPDMGate": [ + "view_company_data", + "update_company_data", + "view_shared_data" + ] + } + }, + "clientRole": true, + "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "attributes": {} + }, { "id": "20f2c41a-dacd-4505-877a-bb899066a767", "name": "BPDM Pool", @@ -1863,6 +1956,22 @@ "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", "attributes": {} }, + { + "id": "75211526-5c5e-4c6d-a377-627402c3f1b3", + "name": "BPDM Gate Read", + "description": "", + "composite": true, + "composites": { + "client": { + "Cl16-CX-BPDMGate": [ + "view_company_data" + ] + } + }, + "clientRole": true, + "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "attributes": {} + }, { "id": "6f153999-e1a9-4cc7-b9c0-f53e7c5f7a42", "name": "Identity Wallet Management", @@ -2546,8 +2655,8 @@ "otpPolicyCodeReusable": false, "otpSupportedApplications": [ "totpAppMicrosoftAuthenticatorName", - "totpAppFreeOTPName", - "totpAppGoogleName" + "totpAppGoogleName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -2653,7 +2762,7 @@ }, { "id" : "502dabcf-01c7-47d9-a88e-0be4279097b5", "createdTimestamp" : 1651814956235, - "username" : "cx-operator.656e8a94-188b-4a3e-9eec-b45d8efd8347", + "username" : "ac1cf001-7fbc-1f2f-817f-bce058020006", "enabled" : true, "totp" : false, "emailVerified" : false, @@ -15174,21 +15283,6 @@ "display.on.consent.screen": "false" }, "protocolMappers": [ - { - "id": "748924d3-243b-4d66-9708-89e258dffb2c", - "name": "tenant-mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "tenant", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "tenant", - "jsonType.label": "String" - } - }, { "id": "b3dd05cc-7289-4a87-9625-af60b859d748", "name": "organisation-mapper", @@ -16087,29 +16181,40 @@ ], "identityProviderMappers": [ { - "id": "7698c5c5-61de-47d4-a0f7-45956bc3448b", + "id": "b1821a86-d106-41fd-8530-fe35db674fa7", "name": "organisation-mapper", - "identityProviderAlias": "Service-Provider", + "identityProviderAlias": "Company-2", "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { - "attribute.value": "Service-Provider", + "attribute.value": "company-2", "syncMode": "INHERIT", "attribute": "organisation" } }, { - "id": "362c4703-c93c-46d0-8b44-57410a2f83b5", + "id": "4c60af35-e036-4b5e-be89-68bb8d17b77c", + "name": "username-mapper", + "identityProviderAlias": "Service-Provider", + "identityProviderMapper": "oidc-username-idp-mapper", + "config": { + "syncMode": "INHERIT", + "template": "${ALIAS}.${CLAIM.sub}", + "target": "LOCAL" + } + }, + { + "id": "a626d168-191c-432c-865c-4065701c244d", "name": "organisation-mapper", - "identityProviderAlias": "Security-Company", + "identityProviderAlias": "CX-Test-Access", "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { - "attribute.value": "security-company", + "attribute.value": "CX-Test-Access", "syncMode": "INHERIT", "attribute": "organisation" } }, { - "id": "6077f452-443a-405e-b0bd-a31f90b15a6a", + "id": "8d114037-207e-4116-a3e6-04cd91a4eb56", "name": "organisation-mapper", "identityProviderAlias": "Company-1", "identityProviderMapper": "hardcoded-attribute-idp-mapper", @@ -16120,29 +16225,29 @@ } }, { - "id": "01872600-e492-4891-bf1e-a87d682f60d6", + "id": "3b19bace-cb49-4f13-ae48-68392cbe146c", "name": "organisation-mapper", - "identityProviderAlias": "App-Provider", - "identityProviderMapper": "hardcoded-attribute-idp-mapper", + "identityProviderAlias": "Onboarding-Provider", + "identityProviderMapper": "hardcoded-user-session-attribute-idp-mapper", "config": { - "attribute.value": "App-Provider", + "attribute.value": "Onboarding-Provider", "syncMode": "INHERIT", "attribute": "organisation" } }, { - "id": "8f34d0e9-5f0d-46b5-a863-533493e4b5e2", - "name": "organisation-mapper", - "identityProviderAlias": "CX-Test-Access", - "identityProviderMapper": "hardcoded-attribute-idp-mapper", + "id": "12a1bb4d-7d43-4bab-a397-f98764dac714", + "name": "username mapper", + "identityProviderAlias": "Security-Company", + "identityProviderMapper": "oidc-username-idp-mapper", "config": { - "attribute.value": "CX-Test-Access", "syncMode": "INHERIT", - "attribute": "organisation" + "template": "${ALIAS}.${CLAIM.sub}", + "target": "LOCAL" } }, { - "id": "b3eac58e-f6a1-45b3-aae4-99ab9a273004", + "id": "fdf88ab5-5e7f-451d-9845-67b28651c403", "name": "username-mapper", "identityProviderAlias": "Company-2", "identityProviderMapper": "oidc-username-idp-mapper", @@ -16153,9 +16258,9 @@ } }, { - "id": "b4908715-22a5-4d5a-85c9-aadba0edc548", + "id": "39304984-ba46-448f-8b3a-403a58bb370a", "name": "username-mapper", - "identityProviderAlias": "CX-Operator", + "identityProviderAlias": "Company-1", "identityProviderMapper": "oidc-username-idp-mapper", "config": { "syncMode": "INHERIT", @@ -16164,9 +16269,9 @@ } }, { - "id": "63f85232-7f4b-4888-932b-af98e69a9db7", + "id": "95853fba-6d86-4ec9-8a63-b70096b223b0", "name": "username mapper", - "identityProviderAlias": "Security-Company", + "identityProviderAlias": "CX-Test-Access", "identityProviderMapper": "oidc-username-idp-mapper", "config": { "syncMode": "INHERIT", @@ -16175,9 +16280,20 @@ } }, { - "id": "3ca68e56-c9ab-4532-8ade-086c06fc962b", - "name": "username mapper", - "identityProviderAlias": "CX-Test-Access", + "id": "b31b84dd-0520-4d7e-b260-5b65e35a8bbc", + "name": "organisation-mapper", + "identityProviderAlias": "Service-Provider", + "identityProviderMapper": "hardcoded-attribute-idp-mapper", + "config": { + "attribute.value": "Service-Provider", + "syncMode": "INHERIT", + "attribute": "organisation" + } + }, + { + "id": "471f5a24-3bf8-439e-85a4-e77edabdbe01", + "name": "username-mapper", + "identityProviderAlias": "CX-Operator", "identityProviderMapper": "oidc-username-idp-mapper", "config": { "syncMode": "INHERIT", @@ -16186,7 +16302,7 @@ } }, { - "id": "1194d08d-4b9d-4f03-83ec-68dba650d8c7", + "id": "9c128b39-6691-4b1b-bb2d-811569083828", "name": "username-mapper", "identityProviderAlias": "App-Provider", "identityProviderMapper": "oidc-username-idp-mapper", @@ -16197,7 +16313,7 @@ } }, { - "id": "e01bcaa1-fbfc-4069-a7d7-1dc9844e6696", + "id": "08019f44-b520-47bc-b168-183a723e7b56", "name": "organisation-mapper", "identityProviderAlias": "CX-Operator", "identityProviderMapper": "hardcoded-attribute-idp-mapper", @@ -16208,48 +16324,26 @@ } }, { - "id": "aac3870c-4c68-4d2a-984a-d443ad7d253c", + "id": "512836a8-22b1-45d5-92ad-b7a258c17f4c", "name": "organisation-mapper", - "identityProviderAlias": "Onboarding-Provider", - "identityProviderMapper": "hardcoded-user-session-attribute-idp-mapper", + "identityProviderAlias": "Security-Company", + "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { - "attribute.value": "Onboarding-Provider", + "attribute.value": "security-company", "syncMode": "INHERIT", "attribute": "organisation" } }, { - "id": "7502ee53-a2e9-4d14-80e9-304e96489d85", - "name": "username-mapper", - "identityProviderAlias": "Service-Provider", - "identityProviderMapper": "oidc-username-idp-mapper", - "config": { - "syncMode": "INHERIT", - "template": "${ALIAS}.${CLAIM.sub}", - "target": "LOCAL" - } - }, - { - "id": "00c2fd45-916e-490c-9f95-39ff539e7922", + "id": "44a519c7-4a39-4899-9b3f-b7afbc4ddfe4", "name": "organisation-mapper", - "identityProviderAlias": "Company-2", + "identityProviderAlias": "App-Provider", "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { - "attribute.value": "company-2", + "attribute.value": "App-Provider", "syncMode": "INHERIT", "attribute": "organisation" } - }, - { - "id": "c3c541ed-eed4-4b07-aa36-45457ee0fe67", - "name": "username-mapper", - "identityProviderAlias": "Company-1", - "identityProviderMapper": "oidc-username-idp-mapper", - "config": { - "syncMode": "INHERIT", - "template": "${ALIAS}.${CLAIM.sub}", - "target": "LOCAL" - } } ], "components": { @@ -16297,14 +16391,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ + "saml-user-property-mapper", + "oidc-usermodel-attribute-mapper", "oidc-address-mapper", - "saml-user-attribute-mapper", - "oidc-full-name-mapper", "saml-role-list-mapper", - "oidc-usermodel-attribute-mapper", - "oidc-usermodel-property-mapper", + "oidc-full-name-mapper", "oidc-sha256-pairwise-sub-mapper", - "saml-user-property-mapper" + "oidc-usermodel-property-mapper", + "saml-user-attribute-mapper" ] } }, @@ -16324,14 +16418,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-usermodel-attribute-mapper", - "saml-user-attribute-mapper", + "oidc-full-name-mapper", "saml-role-list-mapper", "oidc-address-mapper", - "oidc-sha256-pairwise-sub-mapper", - "oidc-full-name-mapper", "oidc-usermodel-property-mapper", - "saml-user-property-mapper" + "oidc-usermodel-attribute-mapper", + "saml-user-property-mapper", + "saml-user-attribute-mapper", + "oidc-sha256-pairwise-sub-mapper" ] } }, diff --git a/import/realm-config/consortia/catenax-central/stable/CX-Central-realm.json b/import/realm-config/consortia/catenax-central/stable/CX-Central-realm.json index 7c146d1a..c06b02ac 100644 --- a/import/realm-config/consortia/catenax-central/stable/CX-Central-realm.json +++ b/import/realm-config/consortia/catenax-central/stable/CX-Central-realm.json @@ -162,6 +162,9 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], @@ -189,6 +192,7 @@ "activate_subscription", "view_tech_roles", "view_notifications", + "view_certificates", "technical_roles_management", "delete_tech_user_management", "delete_own_user_account", @@ -210,6 +214,15 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, + { + "id": "b4a925ec-cfbf-497f-86cb-f835b6b861ea", + "name": "upload_certificates", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "attributes": {} + }, { "id": "4d1ca50b-8a6e-47ee-9a9b-ed5a919bc0d5", "name": "invite_new_partner", @@ -270,6 +283,15 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, + { + "id": "ca454bd0-e524-4398-8ee4-919646f04925", + "name": "delete_certificates", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "attributes": {} + }, { "id": "27521792-5070-4dd9-93ed-d4fea69877e2", "name": "view_app_language", @@ -305,20 +327,24 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], "Cl2-CX-Portal": [ + "view_technical_setup", + "view_tech_user_management", + "app_management", + "view_tech_roles", + "view_certificates", "view_app_language", "technical_roles_management", "CX User", - "view_technical_setup", - "view_tech_user_management", "edit_apps", - "app_management", "view_use_cases", - "view_apps", - "view_tech_roles" + "view_apps" ] } }, @@ -335,20 +361,37 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], "Cl2-CX-Portal": [ - "view_dataspaces", + "upload_certificates", + "view_app_subscription", "add_user_account", - "filter_apps", - "view_notifications", + "view_company_data", + "delete_certificates", + "view_service_marketplace", "modify_user_account", + "view_service_offering", + "view_autosetup_status", "unsubscribe_apps", - "unsubscribe_services", - "view_apps", + "view_user_management", "subscribe_apps", "view_services", + "view_dataspaces", + "filter_apps", + "view_service_subscriptions", + "view_notifications", + "view_certificates", + "delete_own_user_account", + "unsubscribe_services", + "view_apps", + "view_subscription", + "view_use_case_participation", + "view_connectors", "view_partner_network" ], "Cl3-CX-Semantic": [ @@ -633,6 +676,9 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], @@ -643,7 +689,9 @@ "add_user_account", "view_company_data", "view_managed_idp", + "view_service_marketplace", "modify_user_account", + "view_service_offering", "disable_idp", "add_connectors", "configure_partner_registration", @@ -657,14 +705,18 @@ "update_own_user_account", "add_self_descriptions", "view_user_account", + "view_service_subscriptions", "setup_idp", "view_notifications", "view_certificates", "technical_roles_management", "view_client_roles", "delete_tech_user_management", + "subscribe_service", + "delete_own_user_account", "request_ssicredential", "my_user_account", + "delete_user_account", "view_apps", "view_subscription", "modify_connectors", @@ -691,17 +743,21 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], "Cl2-CX-Portal": [ + "view_service_subscriptions", + "activate_subscription", + "view_certificates", "subscribe_service", "CX User", "view_service_offering", "unsubscribe_apps", - "view_service_subscriptions", "unsubscribe_services", - "activate_subscription", "subscribe_apps", "view_services" ] @@ -756,6 +812,9 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], @@ -763,11 +822,13 @@ "update_company_role", "view_documents", "delete_connectors", + "upload_certificates", "setup_client", "view_app_subscription", "delete_documents", "view_company_data", "view_app_language", + "delete_certificates", "modify_user_account", "view_autosetup_status", "add_connectors", @@ -839,6 +900,9 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], @@ -850,6 +914,7 @@ "filter_apps", "view_company_data", "view_notifications", + "view_certificates", "view_service_marketplace", "view_service_offering", "delete_own_user_account", @@ -906,6 +971,9 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], @@ -915,6 +983,7 @@ "add_user_account", "activate_subscription", "delete_apps", + "view_certificates", "CX User", "view_autosetup_status", "App Developer", @@ -1055,15 +1124,21 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], "Cl2-CX-Portal": [ + "delete_certificates", "subscribe_service_offering", "CX User", + "upload_certificates", "unsubscribe_apps", "view_app_subscription", "unsubscribe_services", + "view_certificates", "subscribe_apps" ] } @@ -1848,6 +1923,24 @@ "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", "attributes": {} }, + { + "id": "ffdc000a-7b44-4117-8794-c87492a50604", + "name": "BPDM Gate Read & Write", + "description": "", + "composite": true, + "composites": { + "client": { + "Cl16-CX-BPDMGate": [ + "view_company_data", + "update_company_data", + "view_shared_data" + ] + } + }, + "clientRole": true, + "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "attributes": {} + }, { "id": "20f2c41a-dacd-4505-877a-bb899066a767", "name": "BPDM Pool", @@ -1863,6 +1956,22 @@ "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", "attributes": {} }, + { + "id": "75211526-5c5e-4c6d-a377-627402c3f1b3", + "name": "BPDM Gate Read", + "description": "", + "composite": true, + "composites": { + "client": { + "Cl16-CX-BPDMGate": [ + "view_company_data" + ] + } + }, + "clientRole": true, + "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "attributes": {} + }, { "id": "6f153999-e1a9-4cc7-b9c0-f53e7c5f7a42", "name": "Identity Wallet Management", @@ -2546,8 +2655,8 @@ "otpPolicyCodeReusable": false, "otpSupportedApplications": [ "totpAppMicrosoftAuthenticatorName", - "totpAppFreeOTPName", - "totpAppGoogleName" + "totpAppGoogleName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -2653,7 +2762,7 @@ }, { "id" : "502dabcf-01c7-47d9-a88e-0be4279097b5", "createdTimestamp" : 1651814956235, - "username" : "cx-operator.656e8a94-188b-4a3e-9eec-b45d8efd8347", + "username" : "ac1cf001-7fbc-1f2f-817f-bce058020006", "enabled" : true, "totp" : false, "emailVerified" : false, @@ -15174,21 +15283,6 @@ "display.on.consent.screen": "false" }, "protocolMappers": [ - { - "id": "748924d3-243b-4d66-9708-89e258dffb2c", - "name": "tenant-mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "tenant", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "tenant", - "jsonType.label": "String" - } - }, { "id": "b3dd05cc-7289-4a87-9625-af60b859d748", "name": "organisation-mapper", @@ -16087,29 +16181,40 @@ ], "identityProviderMappers": [ { - "id": "7698c5c5-61de-47d4-a0f7-45956bc3448b", + "id": "b1821a86-d106-41fd-8530-fe35db674fa7", "name": "organisation-mapper", - "identityProviderAlias": "Service-Provider", + "identityProviderAlias": "Company-2", "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { - "attribute.value": "Service-Provider", + "attribute.value": "company-2", "syncMode": "INHERIT", "attribute": "organisation" } }, { - "id": "362c4703-c93c-46d0-8b44-57410a2f83b5", + "id": "4c60af35-e036-4b5e-be89-68bb8d17b77c", + "name": "username-mapper", + "identityProviderAlias": "Service-Provider", + "identityProviderMapper": "oidc-username-idp-mapper", + "config": { + "syncMode": "INHERIT", + "template": "${ALIAS}.${CLAIM.sub}", + "target": "LOCAL" + } + }, + { + "id": "a626d168-191c-432c-865c-4065701c244d", "name": "organisation-mapper", - "identityProviderAlias": "Security-Company", + "identityProviderAlias": "CX-Test-Access", "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { - "attribute.value": "security-company", + "attribute.value": "CX-Test-Access", "syncMode": "INHERIT", "attribute": "organisation" } }, { - "id": "6077f452-443a-405e-b0bd-a31f90b15a6a", + "id": "8d114037-207e-4116-a3e6-04cd91a4eb56", "name": "organisation-mapper", "identityProviderAlias": "Company-1", "identityProviderMapper": "hardcoded-attribute-idp-mapper", @@ -16120,29 +16225,29 @@ } }, { - "id": "01872600-e492-4891-bf1e-a87d682f60d6", + "id": "3b19bace-cb49-4f13-ae48-68392cbe146c", "name": "organisation-mapper", - "identityProviderAlias": "App-Provider", - "identityProviderMapper": "hardcoded-attribute-idp-mapper", + "identityProviderAlias": "Onboarding-Provider", + "identityProviderMapper": "hardcoded-user-session-attribute-idp-mapper", "config": { - "attribute.value": "App-Provider", + "attribute.value": "Onboarding-Provider", "syncMode": "INHERIT", "attribute": "organisation" } }, { - "id": "8f34d0e9-5f0d-46b5-a863-533493e4b5e2", - "name": "organisation-mapper", - "identityProviderAlias": "CX-Test-Access", - "identityProviderMapper": "hardcoded-attribute-idp-mapper", + "id": "12a1bb4d-7d43-4bab-a397-f98764dac714", + "name": "username mapper", + "identityProviderAlias": "Security-Company", + "identityProviderMapper": "oidc-username-idp-mapper", "config": { - "attribute.value": "CX-Test-Access", "syncMode": "INHERIT", - "attribute": "organisation" + "template": "${ALIAS}.${CLAIM.sub}", + "target": "LOCAL" } }, { - "id": "b3eac58e-f6a1-45b3-aae4-99ab9a273004", + "id": "fdf88ab5-5e7f-451d-9845-67b28651c403", "name": "username-mapper", "identityProviderAlias": "Company-2", "identityProviderMapper": "oidc-username-idp-mapper", @@ -16153,9 +16258,9 @@ } }, { - "id": "b4908715-22a5-4d5a-85c9-aadba0edc548", + "id": "39304984-ba46-448f-8b3a-403a58bb370a", "name": "username-mapper", - "identityProviderAlias": "CX-Operator", + "identityProviderAlias": "Company-1", "identityProviderMapper": "oidc-username-idp-mapper", "config": { "syncMode": "INHERIT", @@ -16164,9 +16269,9 @@ } }, { - "id": "63f85232-7f4b-4888-932b-af98e69a9db7", + "id": "95853fba-6d86-4ec9-8a63-b70096b223b0", "name": "username mapper", - "identityProviderAlias": "Security-Company", + "identityProviderAlias": "CX-Test-Access", "identityProviderMapper": "oidc-username-idp-mapper", "config": { "syncMode": "INHERIT", @@ -16175,9 +16280,20 @@ } }, { - "id": "3ca68e56-c9ab-4532-8ade-086c06fc962b", - "name": "username mapper", - "identityProviderAlias": "CX-Test-Access", + "id": "b31b84dd-0520-4d7e-b260-5b65e35a8bbc", + "name": "organisation-mapper", + "identityProviderAlias": "Service-Provider", + "identityProviderMapper": "hardcoded-attribute-idp-mapper", + "config": { + "attribute.value": "Service-Provider", + "syncMode": "INHERIT", + "attribute": "organisation" + } + }, + { + "id": "471f5a24-3bf8-439e-85a4-e77edabdbe01", + "name": "username-mapper", + "identityProviderAlias": "CX-Operator", "identityProviderMapper": "oidc-username-idp-mapper", "config": { "syncMode": "INHERIT", @@ -16186,7 +16302,7 @@ } }, { - "id": "1194d08d-4b9d-4f03-83ec-68dba650d8c7", + "id": "9c128b39-6691-4b1b-bb2d-811569083828", "name": "username-mapper", "identityProviderAlias": "App-Provider", "identityProviderMapper": "oidc-username-idp-mapper", @@ -16197,7 +16313,7 @@ } }, { - "id": "e01bcaa1-fbfc-4069-a7d7-1dc9844e6696", + "id": "08019f44-b520-47bc-b168-183a723e7b56", "name": "organisation-mapper", "identityProviderAlias": "CX-Operator", "identityProviderMapper": "hardcoded-attribute-idp-mapper", @@ -16208,48 +16324,26 @@ } }, { - "id": "aac3870c-4c68-4d2a-984a-d443ad7d253c", + "id": "512836a8-22b1-45d5-92ad-b7a258c17f4c", "name": "organisation-mapper", - "identityProviderAlias": "Onboarding-Provider", - "identityProviderMapper": "hardcoded-user-session-attribute-idp-mapper", + "identityProviderAlias": "Security-Company", + "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { - "attribute.value": "Onboarding-Provider", + "attribute.value": "security-company", "syncMode": "INHERIT", "attribute": "organisation" } }, { - "id": "7502ee53-a2e9-4d14-80e9-304e96489d85", - "name": "username-mapper", - "identityProviderAlias": "Service-Provider", - "identityProviderMapper": "oidc-username-idp-mapper", - "config": { - "syncMode": "INHERIT", - "template": "${ALIAS}.${CLAIM.sub}", - "target": "LOCAL" - } - }, - { - "id": "00c2fd45-916e-490c-9f95-39ff539e7922", + "id": "44a519c7-4a39-4899-9b3f-b7afbc4ddfe4", "name": "organisation-mapper", - "identityProviderAlias": "Company-2", + "identityProviderAlias": "App-Provider", "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { - "attribute.value": "company-2", + "attribute.value": "App-Provider", "syncMode": "INHERIT", "attribute": "organisation" } - }, - { - "id": "c3c541ed-eed4-4b07-aa36-45457ee0fe67", - "name": "username-mapper", - "identityProviderAlias": "Company-1", - "identityProviderMapper": "oidc-username-idp-mapper", - "config": { - "syncMode": "INHERIT", - "template": "${ALIAS}.${CLAIM.sub}", - "target": "LOCAL" - } } ], "components": { @@ -16297,14 +16391,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ + "saml-user-property-mapper", + "oidc-usermodel-attribute-mapper", "oidc-address-mapper", - "saml-user-attribute-mapper", - "oidc-full-name-mapper", "saml-role-list-mapper", - "oidc-usermodel-attribute-mapper", - "oidc-usermodel-property-mapper", + "oidc-full-name-mapper", "oidc-sha256-pairwise-sub-mapper", - "saml-user-property-mapper" + "oidc-usermodel-property-mapper", + "saml-user-attribute-mapper" ] } }, @@ -16324,14 +16418,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-usermodel-attribute-mapper", - "saml-user-attribute-mapper", + "oidc-full-name-mapper", "saml-role-list-mapper", "oidc-address-mapper", - "oidc-sha256-pairwise-sub-mapper", - "oidc-full-name-mapper", "oidc-usermodel-property-mapper", - "saml-user-property-mapper" + "oidc-usermodel-attribute-mapper", + "saml-user-property-mapper", + "saml-user-attribute-mapper", + "oidc-sha256-pairwise-sub-mapper" ] } }, diff --git a/import/realm-config/generic/catenax-central/CX-Central-realm.json b/import/realm-config/generic/catenax-central/CX-Central-realm.json index 41f31855..f3231dfc 100644 --- a/import/realm-config/generic/catenax-central/CX-Central-realm.json +++ b/import/realm-config/generic/catenax-central/CX-Central-realm.json @@ -156,6 +156,9 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], @@ -183,6 +186,7 @@ "activate_subscription", "view_tech_roles", "view_notifications", + "view_certificates", "technical_roles_management", "delete_tech_user_management", "delete_own_user_account", @@ -299,20 +303,24 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], "Cl2-CX-Portal": [ + "view_technical_setup", + "view_tech_user_management", + "app_management", + "view_tech_roles", + "view_certificates", "view_app_language", "technical_roles_management", "CX User", - "view_technical_setup", - "view_tech_user_management", "edit_apps", - "app_management", "view_use_cases", - "view_apps", - "view_tech_roles" + "view_apps" ] } }, @@ -329,27 +337,44 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], + "Cl3-CX-Semantic": [ + "add_semantic_model", + "update_semantic_model", + "view_semantic_model", + "delete_semantic_model" + ], "Cl2-CX-Portal": [ - "view_dataspaces", + "view_app_subscription", "add_user_account", - "filter_apps", - "view_notifications", + "view_company_data", + "view_service_marketplace", "modify_user_account", + "view_service_offering", + "view_autosetup_status", "unsubscribe_apps", - "unsubscribe_services", - "view_apps", + "upload_certificates", + "view_user_management", "subscribe_apps", "view_services", + "view_dataspaces", + "filter_apps", + "view_service_subscriptions", + "view_notifications", + "view_certificates", + "delete_certificates", + "delete_own_user_account", + "unsubscribe_services", + "view_apps", + "view_subscription", + "view_use_case_participation", + "view_connectors", "view_partner_network" - ], - "Cl3-CX-Semantic": [ - "add_semantic_model", - "update_semantic_model", - "view_semantic_model", - "delete_semantic_model" ] } }, @@ -505,6 +530,15 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, + { + "id": "26eacd86-808a-4869-ad64-564cda6b3e2f", + "name": "delete_certificates", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "attributes": {} + }, { "id": "6560b255-cbc6-4fb7-8afe-d61732e34ab1", "name": "view_client_roles", @@ -627,6 +661,9 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], @@ -637,7 +674,9 @@ "add_user_account", "view_company_data", "view_managed_idp", + "view_service_marketplace", "modify_user_account", + "view_service_offering", "disable_idp", "add_connectors", "configure_partner_registration", @@ -651,14 +690,18 @@ "update_own_user_account", "add_self_descriptions", "view_user_account", + "view_service_subscriptions", "setup_idp", "view_notifications", "view_certificates", "technical_roles_management", "view_client_roles", "delete_tech_user_management", + "subscribe_service", + "delete_own_user_account", "request_ssicredential", "my_user_account", + "delete_user_account", "view_apps", "view_subscription", "modify_connectors", @@ -685,17 +728,21 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], "Cl2-CX-Portal": [ + "view_service_subscriptions", + "activate_subscription", + "view_certificates", "subscribe_service", "CX User", "view_service_offering", "unsubscribe_apps", - "view_service_subscriptions", "unsubscribe_services", - "activate_subscription", "subscribe_apps", "view_services" ] @@ -750,6 +797,9 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], @@ -776,6 +826,7 @@ "view_user_account", "setup_idp", "view_tech_roles", + "delete_certificates", "view_client_roles", "subscribe_service", "request_ssicredential", @@ -791,6 +842,7 @@ "unsubscribe_apps", "disable_idp", "upload_documents", + "upload_certificates", "view_use_cases", "subscribe_apps", "view_services", @@ -833,6 +885,9 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], @@ -844,6 +899,7 @@ "filter_apps", "view_company_data", "view_notifications", + "view_certificates", "view_service_marketplace", "view_service_offering", "delete_own_user_account", @@ -900,6 +956,9 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], @@ -909,6 +968,7 @@ "add_user_account", "activate_subscription", "delete_apps", + "view_certificates", "CX User", "view_autosetup_status", "App Developer", @@ -934,6 +994,15 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, + { + "id": "48c262f0-3f56-4bab-94d5-f3c30fb5d9f9", + "name": "upload_certificates", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "attributes": {} + }, { "id": "b4bead06-e3c4-4fce-9e06-43d9d9537766", "name": "view_use_cases", @@ -1049,15 +1118,21 @@ "Cl7-CX-BPDM": [ "view_company_data" ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl1-CX-Registration": [ "view_registration" ], "Cl2-CX-Portal": [ + "delete_certificates", "subscribe_service_offering", "CX User", "unsubscribe_apps", "view_app_subscription", "unsubscribe_services", + "upload_certificates", + "view_certificates", "subscribe_apps" ] } @@ -1444,6 +1519,24 @@ "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", "attributes": {} }, + { + "id": "162b2472-c940-4285-a662-e712501491dc", + "name": "BPDM Gate Read & Write", + "description": "", + "composite": true, + "composites": { + "client": { + "Cl16-CX-BPDMGate": [ + "view_company_data", + "update_company_data", + "view_shared_data" + ] + } + }, + "clientRole": true, + "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "attributes": {} + }, { "id": "6f153999-e1a9-4cc7-b9c0-f53e7c5f7a42", "name": "Identity Wallet Management", @@ -1510,6 +1603,22 @@ "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", "attributes": {} }, + { + "id": "ef1112fd-3e6d-4e73-8947-5a21fd38f760", + "name": "BPDM Gate Read", + "description": "", + "composite": true, + "composites": { + "client": { + "Cl16-CX-BPDMGate": [ + "view_company_data" + ] + } + }, + "clientRole": true, + "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "attributes": {} + }, { "id": "d5781775-3fbd-4f46-84ea-b19164393205", "name": "Dataspace Discovery", @@ -2184,9 +2293,9 @@ "otpPolicyPeriod": 30, "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "totpAppGoogleName", + "totpAppFreeOTPName", "totpAppMicrosoftAuthenticatorName", - "totpAppFreeOTPName" + "totpAppGoogleName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -2216,7 +2325,7 @@ { "id" : "502dabcf-01c7-47d9-a88e-0be4279097b5", "createdTimestamp" : 1652788086549, - "username" : "cx-operator.656e8a94-188b-4a3e-9eec-b45d8efd8347", + "username" : "ac1cf001-7fbc-1f2f-817f-bce058020006", "enabled" : true, "totp" : false, "emailVerified" : false, @@ -4996,21 +5105,6 @@ "display.on.consent.screen": "false" }, "protocolMappers": [ - { - "id": "748924d3-243b-4d66-9708-89e258dffb2c", - "name": "tenant-mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "tenant", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "tenant", - "jsonType.label": "String" - } - }, { "id": "b3dd05cc-7289-4a87-9625-af60b859d748", "name": "organisation-mapper", @@ -5710,25 +5804,25 @@ ], "identityProviderMappers": [ { - "id": "e01bcaa1-fbfc-4069-a7d7-1dc9844e6696", - "name": "organisation-mapper", + "id": "4307e9a1-df8d-441a-b601-70e0ef510959", + "name": "username-mapper", "identityProviderAlias": "CX-Operator", - "identityProviderMapper": "hardcoded-attribute-idp-mapper", + "identityProviderMapper": "oidc-username-idp-mapper", "config": { - "attribute.value": "CX-Operator", "syncMode": "INHERIT", - "attribute": "organisation" + "template": "${ALIAS}.${CLAIM.sub}", + "target": "LOCAL" } }, { - "id": "b4908715-22a5-4d5a-85c9-aadba0edc548", - "name": "username-mapper", + "id": "05407473-42a0-4630-90ed-ce2d6d70108e", + "name": "organisation-mapper", "identityProviderAlias": "CX-Operator", - "identityProviderMapper": "oidc-username-idp-mapper", + "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { + "attribute.value": "CX-Operator", "syncMode": "INHERIT", - "template": "${ALIAS}.${CLAIM.sub}", - "target": "LOCAL" + "attribute": "organisation" } } ], @@ -5778,13 +5872,13 @@ "config": { "allowed-protocol-mapper-types": [ "oidc-address-mapper", + "oidc-usermodel-property-mapper", "saml-user-attribute-mapper", - "oidc-full-name-mapper", "saml-role-list-mapper", - "oidc-usermodel-attribute-mapper", - "oidc-usermodel-property-mapper", "oidc-sha256-pairwise-sub-mapper", - "saml-user-property-mapper" + "saml-user-property-mapper", + "oidc-usermodel-attribute-mapper", + "oidc-full-name-mapper" ] } }, @@ -5804,14 +5898,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ + "oidc-address-mapper", "oidc-usermodel-attribute-mapper", "saml-user-attribute-mapper", - "saml-role-list-mapper", - "oidc-address-mapper", "oidc-sha256-pairwise-sub-mapper", - "oidc-full-name-mapper", "oidc-usermodel-property-mapper", - "saml-user-property-mapper" + "saml-role-list-mapper", + "saml-user-property-mapper", + "oidc-full-name-mapper" ] } }, diff --git a/scripts/license.sh b/scripts/license.sh index 0baa88ca..0ed90808 100755 --- a/scripts/license.sh +++ b/scripts/license.sh @@ -41,7 +41,7 @@ This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses - SPDX-License-Identifier: CC-BY-4.0 - SPDX-FileCopyrightText: Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -- Source URL: https://github.com/eclipse-tractusx/portal-assets +- Source URL: https://github.com/eclipse-tractusx/portal-iam EOF done