mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-08-18 17:55:09 +02:00
Kevin Veen-Birkenbach
20c8d46f54
- Removed all static 'id' fields from realm.json.j2, ldap.json.j2, and client.json.j2 - Replaced 'desktop-secret' with correct 'client-secret' authenticator type - Standardized Jinja filters to use 'to_json' consistently - Corrected defaultClientScopes entry from 'web-app-origins' to built-in 'web-origins' - Verified LDAP mapper definitions and optional realm role mapping - Ensured realm.json.j2 contains only required scopes References: Chat with ChatGPT (2025-08-17) https://chatgpt.com/share/68a1aaae-1b04-800f-aa8d-8a0ef6d33cba
61 lines
1.9 KiB
Django/Jinja
61 lines
1.9 KiB
Django/Jinja
{
|
|
"clientId": "{{ KEYCLOAK_CLIENT_ID }}",
|
|
"name": "",
|
|
"description": "",
|
|
"rootUrl": "{{ KEYCLOAK_REALM_URL }}",
|
|
"adminUrl": "{{ KEYCLOAK_REALM_URL }}",
|
|
"baseUrl": "{{ KEYCLOAK_REALM_URL }}",
|
|
"surrogateAuthRequired": false,
|
|
"enabled": true,
|
|
"alwaysDisplayInConsole": false,
|
|
"clientAuthenticatorType": "client-secret",
|
|
"secret": "{{ OIDC.CLIENT.SECRET }}",
|
|
{# The following line should be covered by 02_update_client_redirects.yml #}
|
|
"redirectUris": {{ KEYCLOAK_REDIRECT_URIS | to_json }},
|
|
"webOrigins": {{ KEYCLOAK_WEB_ORIGINS | to_json }},
|
|
"notBefore": 0,
|
|
"bearerOnly": false,
|
|
"consentRequired": false,
|
|
"standardFlowEnabled": true,
|
|
"implicitFlowEnabled": true,
|
|
"directAccessGrantsEnabled": true,
|
|
"serviceAccountsEnabled": true,
|
|
"publicClient": false,
|
|
"frontchannelLogout": true,
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"frontchannel.logout.url": {{ KEYCLOAK_FRONTCHANNEL_LOGOUT_URL | to_json }},
|
|
"realm_client": "false",
|
|
"oidc.ciba.grant.enabled": "false",
|
|
"client.secret.creation.time": "0",
|
|
"backchannel.logout.session.required": "true",
|
|
"post.logout.redirect.uris": {{ KEYCLOAK_POST_LOGOUT_URIS | to_json }},
|
|
"frontchannel.logout.session.required": "true",
|
|
"oauth2.device.authorization.grant.enabled": "false",
|
|
"display.on.consent.screen": "false",
|
|
"use.jwks.url": "false",
|
|
"backchannel.logout.revoke.offline.tokens": "false"
|
|
},
|
|
"authenticationFlowBindingOverrides": {},
|
|
"fullScopeAllowed": true,
|
|
"nodeReRegistrationTimeout": -1,
|
|
"defaultClientScopes": [
|
|
"web-origins",
|
|
"service_account",
|
|
"acr",
|
|
"roles",
|
|
"profile",
|
|
"basic",
|
|
"email"
|
|
],
|
|
"optionalClientScopes": [
|
|
"address",
|
|
"phone",
|
|
"organization",
|
|
"offline_access",
|
|
"microprofile-jwt",
|
|
"{{ applications | get_app_conf(application_id, 'scopes.rbac_roles', True) }}",
|
|
"{{ applications | get_app_conf(application_id, 'scopes.nextcloud', True) }}"
|
|
]
|
|
}
|