diff --git a/docker-compose-keycloak.yml b/docker-compose-keycloak.yml new file mode 100644 index 000000000..2391a9ad1 --- /dev/null +++ b/docker-compose-keycloak.yml @@ -0,0 +1,146 @@ +version: '2' + +services: + alfresco: + image: alfresco/alfresco-content-repository-community:6.1.2-ga + mem_limit: 1500m + depends_on: + - postgres + - auth + environment: + AUTH_SERVER_URL: ${AUTH_SERVER_URL} + JAVA_OPTS: ' + -Ddb.driver=org.postgresql.Driver + -Ddb.username=alfresco + -Ddb.password=alfresco + -Ddb.url=jdbc:postgresql://postgres:5432/alfresco + -Dsolr.host=solr6 + -Dsolr.port=8983 + -Dsolr.secureComms=none + -Dsolr.base.url=/solr + -Dindex.subsystem.name=solr6 + -Dshare.host=localhost + -Dalfresco.port=8080 + -Daos.baseUrlOverwrite=http://localhost:8080/alfresco/aos + -Dmessaging.broker.url="failover:(nio://activemq:61616)?timeout=3000&jms.useCompression=true" + -Ddeployment.method=DOCKER_COMPOSE + -Dcsrf.filter.enabled=false + -Xms1g -Xmx1g + -Dauthentication.chain=identity-service1:identity-service,alfrescoNtlm1:alfrescoNtlm + -Didentity-service.enable-basic-auth=true + -Didentity-service.authentication.validation.failure.silent=false + -Didentity-service.auth-server-url=${AUTH_SERVER_URL} + -Didentity-service.realm=alfresco + -Didentity-service.resource=alfresco + ' + networks: + - internal + ports: + - 8080:8080 #Browser port + + share: + image: alfresco/alfresco-share:6.1.0-RC3 + mem_limit: 1g + depends_on: + - alfresco + environment: + - REPO_HOST=alfresco + - REPO_PORT=8080 + - 'CATALINA_OPTS= -Xms500m -Xmx500m' + networks: + - internal + ports: + - 8083:8080 + + postgres: + image: postgres:10.1 + mem_limit: 1500m + environment: + - POSTGRES_PASSWORD=alfresco + - POSTGRES_USER=alfresco + - POSTGRES_DB=alfresco + command: postgres -c max_connections=300 -c log_min_messages=LOG + networks: + - internal + ports: + - 5432:5432 + + solr6: + image: alfresco/alfresco-search-services:1.3.0-RC2 + mem_limit: 2500m + depends_on: + - alfresco + environment: + #Solr needs to know how to register itself with Alfresco + - SOLR_ALFRESCO_HOST=alfresco + - SOLR_ALFRESCO_PORT=8080 + #Alfresco needs to know how to call solr + - SOLR_SOLR_HOST=solr6 + - SOLR_SOLR_PORT=8983 + #Create the default alfresco and archive cores + - SOLR_CREATE_ALFRESCO_DEFAULTS=alfresco,archive + - 'SOLR_JAVA_MEM=-Xms2g -Xmx2g' + networks: + - internal + ports: + - 8983:8983 #Browser port + + activemq: + image: alfresco/alfresco-activemq:5.15.6 + mem_limit: 2048m + networks: + - internal + ports: + - 8161:8161 # Web Console + - 5672:5672 # AMQP + - 61616:61616 # OpenWire + - 61613:61613 # STOMP + + content-app: + image: alfresco/alfresco-content-app:latest + build: . + environment: + # BASEPATH: ./ + APP_CONFIG_OAUTH2_HOST: ${APP_CONFIG_OAUTH2_HOST} + APP_CONFIG_AUTH_TYPE: ${APP_CONFIG_AUTH_TYPE} + APP_CONFIG_OAUTH2_CLIENTID: ${APP_CONFIG_OAUTH2_CLIENTID} + APP_CONFIG_OAUTH2_REDIRECT_SILENT_IFRAME_URI: ${APP_CONFIG_OAUTH2_REDIRECT_SILENT_IFRAME_URI} + APP_CONFIG_OAUTH2_REDIRECT_LOGIN: ${APP_CONFIG_OAUTH2_REDIRECT_LOGIN} + APP_CONFIG_OAUTH2_REDIRECT_LOGOUT: ${APP_CONFIG_OAUTH2_REDIRECT_LOGOUT} + depends_on: + - alfresco + networks: + - internal + ports: + - 4001:80 + # volumes: + # - ./app.config.json:/usr/share/nginx/html/app.config.json + # - ./nginx.conf:/etc/nginx/conf.d/default.conf + + proxy: + image: nginx:stable-alpine + depends_on: + - content-app + volumes: + - ./docker/nginx.conf:/etc/nginx/conf.d/default.conf + networks: + - internal + ports: + - 4000:80 + + auth: + image: jboss/keycloak:4.8.3.Final + volumes: + - ./docker/auth/alfresco-realm.json:/tmp/alfresco-realm.json + environment: + - KEYCLOAK_USER=admin + - KEYCLOAK_PASSWORD=admin + - KEYCLOAK_IMPORT=/tmp/alfresco-realm.json + - DB_VENDOR=h2 + networks: + - internal + ports: + - 8085:8080 + +networks: + internal: diff --git a/docker-compose.yml b/docker-compose.yml index e48454677..523fe41d9 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,8 +1,9 @@ -version: '3' +version: '2' services: alfresco: - image: alfresco/alfresco-content-repository-community:6.1.0-ea + image: alfresco/alfresco-content-repository-community:6.1.2-ga + mem_limit: 1500m depends_on: - postgres environment: @@ -17,8 +18,12 @@ services: -Dsolr.base.url=/solr -Dindex.subsystem.name=solr6 -Dshare.host=localhost + -Dalfresco.port=8080 + -Daos.baseUrlOverwrite=http://localhost:8080/alfresco/aos + -Dmessaging.broker.url="failover:(nio://activemq:61616)?timeout=3000&jms.useCompression=true" -Ddeployment.method=DOCKER_COMPOSE -Dcsrf.filter.enabled=false + -Xms1g -Xmx1g ' networks: - internal @@ -26,12 +31,14 @@ services: - 8080:8080 #Browser port share: - image: alfresco/alfresco-share:6.0.c + image: alfresco/alfresco-share:6.1.0-RC3 + mem_limit: 1g depends_on: - alfresco environment: - REPO_HOST=alfresco - REPO_PORT=8080 + - 'CATALINA_OPTS= -Xms500m -Xmx500m' networks: - internal ports: @@ -39,6 +46,7 @@ services: postgres: image: postgres:10.1 + mem_limit: 1500m environment: - POSTGRES_PASSWORD=alfresco - POSTGRES_USER=alfresco @@ -50,7 +58,8 @@ services: - 5432:5432 solr6: - image: alfresco/alfresco-search-services:1.2.0 + image: alfresco/alfresco-search-services:1.3.0-RC2 + mem_limit: 2500m depends_on: - alfresco environment: @@ -62,6 +71,7 @@ services: - SOLR_SOLR_PORT=8983 #Create the default alfresco and archive cores - SOLR_CREATE_ALFRESCO_DEFAULTS=alfresco,archive + - 'SOLR_JAVA_MEM=-Xms2g -Xmx2g' networks: - internal ports: @@ -69,6 +79,7 @@ services: activemq: image: alfresco/alfresco-activemq:5.15.6 + mem_limit: 2048m networks: - internal ports: @@ -95,11 +106,11 @@ services: depends_on: - content-app volumes: - - ./docker-compose/nginx.conf:/etc/nginx/conf.d/default.conf + - ./docker/nginx.conf:/etc/nginx/conf.d/default.conf networks: - internal ports: - 4000:80 networks: - ? internal + internal: diff --git a/docker-compose/README.md b/docker-compose/README.md deleted file mode 100644 index 7cf4122e2..000000000 --- a/docker-compose/README.md +++ /dev/null @@ -1,15 +0,0 @@ -# ACA with ACS Community 6.0ea - -To run ACA together with the latest ACS community (6.0) use the following command: - -```sh -docker-compose up -``` - -The ACA is served on the port 3000. - -If you want to teardown the environment, use the following command: - -```sh -docker-compose down -``` diff --git a/docker-compose/docker-compose.yml b/docker-compose/docker-compose.yml deleted file mode 100644 index b2813417c..000000000 --- a/docker-compose/docker-compose.yml +++ /dev/null @@ -1,94 +0,0 @@ -version: "3" - -services: - alfresco: - image: alfresco/alfresco-content-repository-community:6.0.7-ga - depends_on: - - postgres - environment: - JAVA_OPTS : " - -Ddb.driver=org.postgresql.Driver - -Ddb.username=alfresco - -Ddb.password=alfresco - -Ddb.url=jdbc:postgresql://postgres:5432/alfresco - -Dsolr.host=solr6 - -Dsolr.port=8983 - -Dsolr.secureComms=none - -Dsolr.base.url=/solr - -Dindex.subsystem.name=solr6 - -Dshare.host=localhost - -Ddeployment.method=DOCKER_COMPOSE - -Dcsrf.filter.enabled=false - " - networks: - - internal - ports: - - 8080:8080 #Browser port - - share: - image: alfresco/alfresco-share:6.0.b - depends_on: - - alfresco - environment: - - REPO_HOST=alfresco - - REPO_PORT=8080 - networks: - - internal - ports: - - 8083:8080 - - postgres: - image: postgres:10.1 - environment: - - POSTGRES_PASSWORD=alfresco - - POSTGRES_USER=alfresco - - POSTGRES_DB=alfresco - command: postgres -c max_connections=300 -c log_min_messages=LOG - networks: - - internal - ports: - - 5432:5432 - - solr6: - image: alfresco/alfresco-search-services:1.1.1 - depends_on: - - alfresco - environment: - #Solr needs to know how to register itself with Alfresco - - SOLR_ALFRESCO_HOST=alfresco - - SOLR_ALFRESCO_PORT=8080 - #Alfresco needs to know how to call solr - - SOLR_SOLR_HOST=solr6 - - SOLR_SOLR_PORT=8983 - #Create the default alfresco and archive cores - - SOLR_CREATE_ALFRESCO_DEFAULTS=alfresco,archive - networks: - - internal - ports: - - 8983:8983 #Browser port - - content-app: - image: alfresco/alfresco-content-app:master-latest - depends_on: - - alfresco - networks: - - internal - ports: - - 3001:80 - # volumes: - # - ./app.config.json:/usr/share/nginx/html/app.config.json - # - ./nginx.conf:/etc/nginx/conf.d/default.conf - - proxy: - image: nginx - depends_on: - - content-app - volumes: - - ./nginx.conf:/etc/nginx/conf.d/default.conf - networks: - - internal - ports: - - 3000:80 - -networks: - internal: diff --git a/docker-compose/nginx.conf b/docker-compose/nginx.conf deleted file mode 100644 index 816f20865..000000000 --- a/docker-compose/nginx.conf +++ /dev/null @@ -1,45 +0,0 @@ -server { - listen *:80; - - set $allowOriginSite *; - proxy_pass_request_headers on; - proxy_pass_header Set-Cookie; - - access_log off; - - location / { - proxy_pass http://content-app; - - proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; - proxy_redirect off; - proxy_buffering off; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_pass_header Set-Cookie; - } - - location /alfresco/ { - proxy_pass http://alfresco:8080; - - proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; - proxy_redirect off; - proxy_buffering off; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_pass_header Set-Cookie; - } - - location /share/ { - proxy_pass http://share:8080; - - proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; - proxy_redirect off; - proxy_buffering off; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_pass_header Set-Cookie; - } -} diff --git a/docker/auth/alfresco-realm.json b/docker/auth/alfresco-realm.json new file mode 100644 index 000000000..ca02bd125 --- /dev/null +++ b/docker/auth/alfresco-realm.json @@ -0,0 +1,1673 @@ +{ + "id": "alfresco", + "realm": "alfresco", + "notBefore": 0, + "revokeRefreshToken": false, + "refreshTokenMaxReuse": 0, + "accessTokenLifespan": 300, + "accessTokenLifespanForImplicitFlow": 900, + "ssoSessionIdleTimeout": 1800, + "ssoSessionMaxLifespan": 36000, + "offlineSessionIdleTimeout": 2592000, + "accessCodeLifespan": 60, + "accessCodeLifespanUserAction": 300, + "accessCodeLifespanLogin": 1800, + "actionTokenGeneratedByAdminLifespan": 43200, + "actionTokenGeneratedByUserLifespan": 300, + "enabled": true, + "sslRequired": "none", + "registrationAllowed": false, + "registrationEmailAsUsername": false, + "rememberMe": false, + "verifyEmail": false, + "loginWithEmailAllowed": true, + "duplicateEmailsAllowed": false, + "resetPasswordAllowed": false, + "editUsernameAllowed": false, + "bruteForceProtected": false, + "permanentLockout": false, + "maxFailureWaitSeconds": 900, + "minimumQuickLoginWaitSeconds": 60, + "waitIncrementSeconds": 60, + "quickLoginCheckMilliSeconds": 1000, + "maxDeltaTimeSeconds": 43200, + "failureFactor": 30, + "roles": { + "realm": [ + { + "id": "39654467-e529-418e-bd27-354a0414fb52", + "name": "admin", + "scopeParamRequired": false, + "composite": false, + "clientRole": false, + "containerId": "alfresco" + }, + { + "id": "5b481c9b-38fe-474a-a047-50c3935262cb", + "name": "uma_authorization", + "description": "${role_uma_authorization}", + "scopeParamRequired": false, + "composite": false, + "clientRole": false, + "containerId": "alfresco" + }, + { + "id": "86db4867-8c3c-4cdf-8950-e18790f5bf6a", + "name": "offline_access", + "description": "${role_offline-access}", + "scopeParamRequired": true, + "composite": false, + "clientRole": false, + "containerId": "alfresco" + } + ], + "client": { + "realm-management": [ + { + "id": "a637f20f-fd3e-4db6-9d2a-c91acb1e14e8", + "name": "create-client", + "description": "${role_create-client}", + "scopeParamRequired": false, + "composite": false, + "clientRole": true, + "containerId": "c1f65e94-ed07-4bba-bafd-413db402a5f2" + }, + { + "id": "4232f8bf-dab4-4b4a-8ccf-28b8984f8ae7", + "name": "realm-admin", + "description": "${role_realm-admin}", + "scopeParamRequired": false, + "composite": true, + "composites": { + "client": { + "realm-management": [ + "create-client", + "view-authorization", + "manage-events", + "query-users", + "manage-authorization", + "view-realm", + "view-clients", + "query-clients", + "query-groups", + "impersonation", + "manage-users", + "manage-clients", + "manage-identity-providers", + "view-users", + "query-realms", + "view-identity-providers", + "view-events", + "manage-realm" + ] + } + }, + "clientRole": true, + "containerId": "c1f65e94-ed07-4bba-bafd-413db402a5f2" + }, + { + "id": "ae0da5c2-643c-480e-8900-59bdca3581b3", + "name": "view-authorization", + "description": "${role_view-authorization}", + "scopeParamRequired": false, + "composite": false, + "clientRole": true, + "containerId": "c1f65e94-ed07-4bba-bafd-413db402a5f2" + }, + { + "id": "8a69ec22-4fe9-43e0-b4f0-16b632c2d324", + "name": "manage-events", + "description": "${role_manage-events}", + "scopeParamRequired": false, + "composite": false, + "clientRole": true, + "containerId": "c1f65e94-ed07-4bba-bafd-413db402a5f2" + }, + { + "id": "1c2c870c-5428-4144-ab12-c7304d1a7d2d", + "name": "query-users", + "description": "${role_query-users}", + "scopeParamRequired": false, + "composite": false, + "clientRole": true, + "containerId": "c1f65e94-ed07-4bba-bafd-413db402a5f2" + }, + { + "id": "9884df61-b63f-4f8b-8fba-650db69c8784", + "name": "manage-authorization", + "description": "${role_manage-authorization}", + "scopeParamRequired": false, + "composite": false, + "clientRole": true, + "containerId": "c1f65e94-ed07-4bba-bafd-413db402a5f2" + }, + { + "id": "003ae8b9-e32a-4c0b-b319-d2a985249348", + "name": "view-realm", + "description": "${role_view-realm}", + "scopeParamRequired": false, + "composite": false, + "clientRole": true, + "containerId": "c1f65e94-ed07-4bba-bafd-413db402a5f2" + }, + { + "id": "d0d2eaa3-e737-4a7e-990d-4c6efa323cc3", + "name": "view-clients", + "description": "${role_view-clients}", + "scopeParamRequired": false, + "composite": true, + "composites": { + "client": { + "realm-management": ["query-clients"] + } + }, + "clientRole": true, + "containerId": "c1f65e94-ed07-4bba-bafd-413db402a5f2" + }, + { + "id": "d9f0638c-e045-4d92-b4ff-e0c71f68f4ba", + "name": "query-clients", + "description": "${role_query-clients}", + "scopeParamRequired": false, + "composite": false, + "clientRole": true, + "containerId": "c1f65e94-ed07-4bba-bafd-413db402a5f2" + }, + { + "id": "02d5937c-929b-4928-8a55-b0de4c9b4924", + "name": "query-groups", + "description": "${role_query-groups}", + "scopeParamRequired": false, + "composite": false, + "clientRole": true, + "containerId": "c1f65e94-ed07-4bba-bafd-413db402a5f2" + }, + { + "id": "c74d9c9b-65e4-4847-a47a-3edbb2fce0fb", + "name": "impersonation", + "description": "${role_impersonation}", + "scopeParamRequired": false, + "composite": false, + "clientRole": true, + "containerId": "c1f65e94-ed07-4bba-bafd-413db402a5f2" + }, + { + "id": "e681501e-a8da-4653-861c-c37e2e1f8609", + "name": "manage-users", + "description": "${role_manage-users}", + "scopeParamRequired": false, + "composite": false, + "clientRole": true, + "containerId": "c1f65e94-ed07-4bba-bafd-413db402a5f2" + }, + { + "id": "067b5e3c-9918-4713-85ca-749c6aae13e1", + "name": "manage-clients", + "description": "${role_manage-clients}", + "scopeParamRequired": false, + "composite": false, + "clientRole": true, + "containerId": "c1f65e94-ed07-4bba-bafd-413db402a5f2" + }, + { + "id": "5b395e85-f5fa-4af9-b573-497cc9b1e694", + "name": "manage-identity-providers", + "description": "${role_manage-identity-providers}", + "scopeParamRequired": false, + "composite": false, + "clientRole": true, + "containerId": "c1f65e94-ed07-4bba-bafd-413db402a5f2" + }, + { + "id": "b4ec253f-4d52-425e-b091-ed51aac7bd4c", + "name": "view-users", + "description": "${role_view-users}", + "scopeParamRequired": false, + "composite": true, + "composites": { + "client": { + "realm-management": ["query-groups", "query-users"] + } + }, + "clientRole": true, + "containerId": "c1f65e94-ed07-4bba-bafd-413db402a5f2" + }, + { + "id": "574e930a-07d5-446f-9628-3d7568eb483a", + "name": "query-realms", + "description": "${role_query-realms}", + "scopeParamRequired": false, + "composite": false, + "clientRole": true, + "containerId": "c1f65e94-ed07-4bba-bafd-413db402a5f2" + }, + { + "id": "0cb1c9c8-55ce-4f22-b6d5-b6882c8b74fd", + "name": "view-identity-providers", + "description": "${role_view-identity-providers}", + "scopeParamRequired": false, + "composite": false, + "clientRole": true, + "containerId": "c1f65e94-ed07-4bba-bafd-413db402a5f2" + }, + { + "id": "5d07f2b1-9f28-4e8b-8f91-7d68699d327c", + "name": "view-events", + "description": "${role_view-events}", + "scopeParamRequired": false, + "composite": false, + "clientRole": true, + "containerId": "c1f65e94-ed07-4bba-bafd-413db402a5f2" + }, + { + "id": "53ccf3c9-4391-4d43-9d9e-6e644b989e9f", + "name": "manage-realm", + "description": "${role_manage-realm}", + "scopeParamRequired": false, + "composite": false, + "clientRole": true, + "containerId": "c1f65e94-ed07-4bba-bafd-413db402a5f2" + } + ], + "security-admin-console": [], + "alfresco": [], + "admin-cli": [], + "broker": [ + { + "id": "560b729f-ebc7-4ce6-967b-045611d35cde", + "name": "read-token", + "description": "${role_read-token}", + "scopeParamRequired": false, + "composite": false, + "clientRole": true, + "containerId": "887e537f-4a97-4374-a5de-45ad37bfe2df" + } + ], + "account": [ + { + "id": "86de6e40-74c1-4aa6-9a8b-bff434fb9a18", + "name": "manage-account-links", + "description": "${role_manage-account-links}", + "scopeParamRequired": false, + "composite": false, + "clientRole": true, + "containerId": "140feb9e-fd73-4d02-97f6-928ed67020f1" + }, + { + "id": "6a95ddc1-2b12-4e59-8d14-01a98c0fad71", + "name": "manage-account", + "description": "${role_manage-account}", + "scopeParamRequired": false, + "composite": true, + "composites": { + "client": { + "account": ["manage-account-links"] + } + }, + "clientRole": true, + "containerId": "140feb9e-fd73-4d02-97f6-928ed67020f1" + }, + { + "id": "a8e8d710-1f71-4481-93a1-db030533b64a", + "name": "view-profile", + "description": "${role_view-profile}", + "scopeParamRequired": false, + "composite": false, + "clientRole": true, + "containerId": "140feb9e-fd73-4d02-97f6-928ed67020f1" + } + ] + } + }, + "groups": [ + { + "id": "21cd4641-e7cb-456f-846d-214589cef3da", + "name": "admin", + "path": "/admin", + "attributes": {}, + "realmRoles": [], + "clientRoles": {}, + "subGroups": [] + } + ], + "defaultRoles": ["offline_access", "uma_authorization"], + "requiredCredentials": ["password"], + "otpPolicyType": "totp", + "otpPolicyAlgorithm": "HmacSHA256", + "otpPolicyInitialCounter": 0, + "otpPolicyDigits": 6, + "otpPolicyLookAheadWindow": 1, + "otpPolicyPeriod": 30, + "otpSupportedApplications": ["FreeOTP"], + "clients": [ + { + "id": "fca5da6d-fd90-4596-a754-346d872b779f", + "clientId": "security-admin-console", + "name": "${client_security-admin-console}", + "baseUrl": "/auth/admin/alfresco/console/index.html", + "surrogateAuthRequired": false, + "enabled": true, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "redirectUris": ["/auth/admin/alfresco/console/*"], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "50435a57-d933-4392-aa63-c7b93969cb77", + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", + "consentRequired": false, + "config": { + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" + } + }, + { + "id": "9d065ef2-ac16-4314-bdce-6df1e32b45da", + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": true, + "consentText": "${username}", + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" + } + }, + { + "id": "f21fa9c5-090a-4873-a059-5a714e186e08", + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": true, + "consentText": "${fullName}", + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + }, + { + "id": "1d28c5e3-d1ab-4563-838d-06c61e96fd3c", + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": true, + "consentText": "${familyName}", + "config": { + "userinfo.token.claim": "true", + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String" + } + }, + { + "id": "0fd5ed6e-65af-4661-9d40-09a0dc90d705", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "consentText": "${locale}", + "config": { + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + }, + { + "id": "47febcd5-e6e8-4c83-8ea0-551f66cbef51", + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": true, + "consentText": "${email}", + "config": { + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + }, + { + "id": "fc891ffd-b5b7-4d56-b1cd-60ae25ec0040", + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": true, + "consentText": "${givenName}", + "config": { + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" + } + } + ], + "useTemplateConfig": false, + "useTemplateScope": false, + "useTemplateMappers": false + }, + { + "id": "be13165d-2792-43aa-abdb-2c6cdb627184", + "clientId": "alfresco", + "surrogateAuthRequired": false, + "enabled": true, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "redirectUris": ["*"], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": true, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "protocolMappers": [ + { + "id": "202b6b67-dea4-440b-b250-867fa7eb7333", + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", + "consentRequired": false, + "config": { + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" + } + }, + { + "id": "cdb53973-5bf0-4de4-945d-901de3205016", + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": true, + "consentText": "${email}", + "config": { + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + }, + { + "id": "8dd3c664-426e-44e7-931f-5e0700ed9e7f", + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": true, + "consentText": "${username}", + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" + } + }, + { + "id": "aa1a443c-4716-424b-b695-49961d9cf98a", + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": true, + "consentText": "${familyName}", + "config": { + "userinfo.token.claim": "true", + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String" + } + }, + { + "id": "b29201a7-e442-47f6-a589-1b6faaf27b20", + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": true, + "consentText": "${fullName}", + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + }, + { + "id": "292f1e75-3216-447d-886a-6ab91b0dee1d", + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": true, + "consentText": "${givenName}", + "config": { + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" + } + } + ], + "useTemplateConfig": false, + "useTemplateScope": false, + "useTemplateMappers": false + }, + { + "id": "887e537f-4a97-4374-a5de-45ad37bfe2df", + "clientId": "broker", + "name": "${client_broker}", + "surrogateAuthRequired": false, + "enabled": true, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "865fd86a-4c5e-4900-80de-34f30feb55b8", + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": true, + "consentText": "${familyName}", + "config": { + "userinfo.token.claim": "true", + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String" + } + }, + { + "id": "80b5d7cc-1ec3-4d73-8344-d0479bb4178a", + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": true, + "consentText": "${username}", + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" + } + }, + { + "id": "54578e9a-e782-4a83-8f24-13da2b2f598c", + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": true, + "consentText": "${givenName}", + "config": { + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" + } + }, + { + "id": "a8cd846c-f538-4001-ba5f-e37d77ff87cd", + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": true, + "consentText": "${fullName}", + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + }, + { + "id": "a259f058-dbda-473a-b96e-2998958f8510", + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", + "consentRequired": false, + "config": { + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" + } + }, + { + "id": "c7aed2b8-6716-4770-a936-31d973bdc557", + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": true, + "consentText": "${email}", + "config": { + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + } + ], + "useTemplateConfig": false, + "useTemplateScope": false, + "useTemplateMappers": false + }, + { + "id": "c1f65e94-ed07-4bba-bafd-413db402a5f2", + "clientId": "realm-management", + "name": "${client_realm-management}", + "surrogateAuthRequired": false, + "enabled": true, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "b51a2178-2121-42c8-9ae1-7a6f356377c0", + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": true, + "consentText": "${fullName}", + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + }, + { + "id": "091f3317-7f74-417f-9854-1726ede0fba8", + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": true, + "consentText": "${username}", + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" + } + }, + { + "id": "033aeb3f-f04f-460b-9eeb-fd9376b1f639", + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": true, + "consentText": "${familyName}", + "config": { + "userinfo.token.claim": "true", + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String" + } + }, + { + "id": "5e3d143c-1792-41c1-bf10-2ece9684a8fc", + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": true, + "consentText": "${givenName}", + "config": { + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" + } + }, + { + "id": "e0464a63-f5ac-4fb8-9cf5-dc671badf59e", + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": true, + "consentText": "${email}", + "config": { + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + }, + { + "id": "b68aec8b-327d-4238-8021-cefda0f66690", + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", + "consentRequired": false, + "config": { + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" + } + } + ], + "useTemplateConfig": false, + "useTemplateScope": false, + "useTemplateMappers": false + }, + { + "id": "140feb9e-fd73-4d02-97f6-928ed67020f1", + "clientId": "account", + "name": "${client_account}", + "baseUrl": "/auth/realms/alfresco/account", + "surrogateAuthRequired": false, + "enabled": true, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "defaultRoles": ["view-profile", "manage-account"], + "redirectUris": ["/auth/realms/alfresco/account/*"], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "fbda389d-78dd-4566-8238-c49a8809a3ac", + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": true, + "consentText": "${email}", + "config": { + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + }, + { + "id": "88b68fdb-7f1b-459b-9013-2c1dfcb4ab87", + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": true, + "consentText": "${familyName}", + "config": { + "userinfo.token.claim": "true", + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String" + } + }, + { + "id": "9d129b38-1b18-4c79-a987-088ec7460d8d", + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": true, + "consentText": "${username}", + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" + } + }, + { + "id": "6ca7c6ca-4d2f-4fbe-8288-c65ec1f1a2ef", + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", + "consentRequired": false, + "config": { + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" + } + }, + { + "id": "dcaaafc2-72d0-41b1-9df1-250aa82c3aa3", + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": true, + "consentText": "${fullName}", + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + }, + { + "id": "64a2de57-3811-415f-a6b9-b550c3dfd8b0", + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": true, + "consentText": "${givenName}", + "config": { + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" + } + } + ], + "useTemplateConfig": false, + "useTemplateScope": false, + "useTemplateMappers": false + }, + { + "id": "b5947c98-5a51-47f4-b7c9-935c491d17e9", + "clientId": "admin-cli", + "name": "${client_admin-cli}", + "surrogateAuthRequired": false, + "enabled": true, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "3a7400ad-d225-401f-bdb7-91d60db990f6", + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": true, + "consentText": "${username}", + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" + } + }, + { + "id": "e4353798-aaac-40fa-967d-64aea182dd69", + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": true, + "consentText": "${email}", + "config": { + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + }, + { + "id": "8fe5f0fa-b9f3-41c4-9a52-b195582d9239", + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": true, + "consentText": "${familyName}", + "config": { + "userinfo.token.claim": "true", + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String" + } + }, + { + "id": "44872cc3-57b5-41d3-aae1-825dd2c350c0", + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": true, + "consentText": "${fullName}", + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + }, + { + "id": "29d794ba-6708-49cd-8a83-c50d6fc0e293", + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", + "consentRequired": false, + "config": { + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" + } + }, + { + "id": "4c266a5c-cb5f-407a-876e-18f002b7792a", + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": true, + "consentText": "${givenName}", + "config": { + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" + } + } + ], + "useTemplateConfig": false, + "useTemplateScope": false, + "useTemplateMappers": false + } + ], + "browserSecurityHeaders": { + "xContentTypeOptions": "nosniff", + "xRobotsTag": "none", + "xFrameOptions": "SAMEORIGIN", + "xXSSProtection": "1; mode=block", + "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';" + }, + "smtpServer": {}, + "loginTheme": "keycloak", + "eventsEnabled": false, + "eventsListeners": ["jboss-logging"], + "enabledEventTypes": [], + "adminEventsEnabled": false, + "adminEventsDetailsEnabled": false, + "components": { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ + { + "id": "20f304be-9abc-4fa2-801e-c02440148d1b", + "name": "Trusted Hosts", + "providerId": "trusted-hosts", + "subType": "anonymous", + "subComponents": {}, + "config": { + "host-sending-registration-request-must-match": ["true"], + "client-uris-must-match": ["true"] + } + }, + { + "id": "dd0ae9d2-7af3-4d38-b8e7-d9c5825d3b1f", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "b3099bb7-0064-4315-85d9-cdbcc0bfef71", + "name": "Consent Required", + "providerId": "consent-required", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "7f35ed4a-2140-478b-b2f8-46585315b71f", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "saml-user-attribute-mapper", + "oidc-usermodel-property-mapper", + "saml-role-list-mapper", + "saml-user-property-mapper", + "oidc-address-mapper", + "oidc-full-name-mapper", + "oidc-sha256-pairwise-sub-mapper", + "oidc-usermodel-attribute-mapper" + ], + "consent-required-for-all-mappers": ["true"] + } + }, + { + "id": "30ac8e1b-b8e4-4877-aeab-42af7c2af5ff", + "name": "Allowed Client Templates", + "providerId": "allowed-client-templates", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "db5b54f2-258b-40f9-92f9-ef83a887d1fa", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "saml-user-attribute-mapper", + "oidc-usermodel-attribute-mapper", + "oidc-usermodel-property-mapper", + "saml-role-list-mapper", + "oidc-address-mapper", + "saml-user-property-mapper", + "oidc-full-name-mapper", + "oidc-sha256-pairwise-sub-mapper" + ], + "consent-required-for-all-mappers": ["true"] + } + }, + { + "id": "cd68d51f-9c85-4560-b1d6-9379bf3fce54", + "name": "Allowed Client Templates", + "providerId": "allowed-client-templates", + "subType": "authenticated", + "subComponents": {}, + "config": {} + }, + { + "id": "cd3bfc37-cc55-40dc-8d83-98b76ad5a521", + "name": "Max Clients Limit", + "providerId": "max-clients", + "subType": "anonymous", + "subComponents": {}, + "config": { + "max-clients": ["200"] + } + } + ], + "org.keycloak.keys.KeyProvider": [ + { + "id": "14b13815-a8b1-412c-a98d-0da235e8c8f9", + "name": "rsa-generated", + "providerId": "rsa-generated", + "subComponents": {}, + "config": { + "priority": ["100"] + } + }, + { + "id": "306d8c4c-9ad1-444e-af1a-d6c67dffc5b7", + "name": "hmac-generated", + "providerId": "hmac-generated", + "subComponents": {}, + "config": { + "priority": ["100"] + } + }, + { + "id": "bff7cf8c-001f-4cfb-8d47-9a8bd5bc48d3", + "name": "aes-generated", + "providerId": "aes-generated", + "subComponents": {}, + "config": { + "priority": ["100"] + } + } + ] + }, + "internationalizationEnabled": true, + "supportedLocales": [ + "de", + "no", + "ru", + "sv", + "pt-BR", + "lt", + "en", + "it", + "fr", + "zh-CN", + "es", + "ja", + "ca", + "nl" + ], + "defaultLocale": "en", + "authenticationFlows": [ + { + "id": "ac4ffcd4-6547-4e1c-90ac-aa56304011fb", + "alias": "Handle Existing Account", + "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-confirm-link", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "idp-email-verification", + "requirement": "ALTERNATIVE", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "requirement": "ALTERNATIVE", + "priority": 30, + "flowAlias": "Verify Existing Account by Re-authentication", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "affb11d0-0542-4824-a433-a41e90295ec1", + "alias": "Verify Existing Account by Re-authentication", + "description": "Reauthentication of existing account", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-username-password-form", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "auth-otp-form", + "requirement": "OPTIONAL", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "19c7907b-c38a-4cbf-b106-f42ae613fce7", + "alias": "browser", + "description": "browser based authentication", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-cookie", + "requirement": "ALTERNATIVE", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "auth-spnego", + "requirement": "DISABLED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "identity-provider-redirector", + "requirement": "ALTERNATIVE", + "priority": 25, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "requirement": "ALTERNATIVE", + "priority": 30, + "flowAlias": "forms", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "5d678091-c1f9-4100-866f-fe35b032ae9d", + "alias": "clients", + "description": "Base authentication for clients", + "providerId": "client-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "client-secret", + "requirement": "ALTERNATIVE", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "client-jwt", + "requirement": "ALTERNATIVE", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "d41512a5-3b62-477c-9590-badbe9f8044d", + "alias": "direct grant", + "description": "OpenID Connect Resource Owner Grant", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "direct-grant-validate-username", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "direct-grant-validate-password", + "requirement": "REQUIRED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "direct-grant-validate-otp", + "requirement": "OPTIONAL", + "priority": 30, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "34c91e7e-dc6c-495a-889f-f033c9311911", + "alias": "docker auth", + "description": "Used by Docker clients to authenticate against the IDP", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "docker-http-basic-authenticator", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "d28bb33e-87a2-4712-a62c-01015ddfdf57", + "alias": "first broker login", + "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorConfig": "review profile config", + "authenticator": "idp-review-profile", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticatorConfig": "create unique user config", + "authenticator": "idp-create-user-if-unique", + "requirement": "ALTERNATIVE", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "requirement": "ALTERNATIVE", + "priority": 30, + "flowAlias": "Handle Existing Account", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "e65923ea-0c5b-43e3-9ebb-648391445207", + "alias": "forms", + "description": "Username, password, otp and other auth forms.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-username-password-form", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "auth-otp-form", + "requirement": "OPTIONAL", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "2d8d3a79-2e44-4d52-9aa2-919a400e0ab0", + "alias": "registration", + "description": "registration flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-page-form", + "requirement": "REQUIRED", + "priority": 10, + "flowAlias": "registration form", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "5043cb5e-d76e-4a57-a0db-98366acb6bf7", + "alias": "registration form", + "description": "registration form", + "providerId": "form-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-user-creation", + "requirement": "REQUIRED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "registration-profile-action", + "requirement": "REQUIRED", + "priority": 40, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "registration-password-action", + "requirement": "REQUIRED", + "priority": 50, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "registration-recaptcha-action", + "requirement": "DISABLED", + "priority": 60, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "79f99e59-6a78-4262-a86a-231e0c69d4bd", + "alias": "reset credentials", + "description": "Reset credentials for a user if they forgot their password or something", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "reset-credentials-choose-user", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "reset-credential-email", + "requirement": "REQUIRED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "reset-password", + "requirement": "REQUIRED", + "priority": 30, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "reset-otp", + "requirement": "OPTIONAL", + "priority": 40, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "62e8ccd7-e995-4226-bee4-4ef9f1d6edc1", + "alias": "saml ecp", + "description": "SAML ECP Profile Authentication Flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "http-basic-authenticator", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + } + ], + "authenticatorConfig": [ + { + "id": "d1eae692-c7d2-4d52-ac4d-7b1231ce0a22", + "alias": "create unique user config", + "config": { + "require.password.update.after.registration": "false" + } + }, + { + "id": "c6f89a26-2c86-4b6b-aee9-a483370fa20a", + "alias": "review profile config", + "config": { + "update.profile.on.first.login": "missing" + } + } + ], + "requiredActions": [ + { + "alias": "CONFIGURE_TOTP", + "name": "Configure OTP", + "providerId": "CONFIGURE_TOTP", + "enabled": true, + "defaultAction": false, + "config": {} + }, + { + "alias": "UPDATE_PASSWORD", + "name": "Update Password", + "providerId": "UPDATE_PASSWORD", + "enabled": true, + "defaultAction": false, + "config": {} + }, + { + "alias": "UPDATE_PROFILE", + "name": "Update Profile", + "providerId": "UPDATE_PROFILE", + "enabled": true, + "defaultAction": false, + "config": {} + }, + { + "alias": "VERIFY_EMAIL", + "name": "Verify Email", + "providerId": "VERIFY_EMAIL", + "enabled": true, + "defaultAction": false, + "config": {} + }, + { + "alias": "terms_and_conditions", + "name": "Terms and Conditions", + "providerId": "terms_and_conditions", + "enabled": false, + "defaultAction": false, + "config": {} + } + ], + "browserFlow": "browser", + "registrationFlow": "registration", + "directGrantFlow": "direct grant", + "resetCredentialsFlow": "reset credentials", + "clientAuthenticationFlow": "clients", + "dockerAuthenticationFlow": "docker auth", + "attributes": { + "_browser_header.xXSSProtection": "1; mode=block", + "_browser_header.xFrameOptions": "SAMEORIGIN", + "permanentLockout": "false", + "quickLoginCheckMilliSeconds": "1000", + "_browser_header.xRobotsTag": "none", + "maxFailureWaitSeconds": "900", + "minimumQuickLoginWaitSeconds": "60", + "failureFactor": "30", + "actionTokenGeneratedByUserLifespan": "300", + "maxDeltaTimeSeconds": "43200", + "_browser_header.xContentTypeOptions": "nosniff", + "actionTokenGeneratedByAdminLifespan": "43200", + "bruteForceProtected": "false", + "_browser_header.contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "waitIncrementSeconds": "60" + }, + "users": [ + { + "id": "9c978d30-c9ad-4dcb-b61c-840fe56f72f2", + "createdTimestamp": 1533234734911, + "username": "admin", + "enabled": true, + "totp": false, + "emailVerified": true, + "firstName": "admin", + "lastName": "admin", + "email": "admin.adf@alfresco.com", + "credentials": [ + { + "type": "password", + "value": "admin" + } + ], + "disableableCredentialTypes": ["password"], + "requiredActions": [], + "realmRoles": ["uma_authorization", "user", "offline_access"], + "clientRoles": { + "realm-management": [ + "view-clients", + "manage-users", + "manage-clients", + "view-users", + "manage-realm", + "view-realm" + ], + "account": ["manage-account", "view-profile"] + }, + "groups": ["/admin"] + } + ], + "keycloakVersion": "4.8.3.Final" +} diff --git a/docker/nginx.conf b/docker/nginx.conf new file mode 100644 index 000000000..808f13ad0 --- /dev/null +++ b/docker/nginx.conf @@ -0,0 +1,29 @@ +server { + listen *:80; + + set $allowOriginSite *; + proxy_pass_request_headers on; + proxy_pass_header Set-Cookie; + + access_log off; + + proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; + proxy_redirect off; + proxy_buffering off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass_header Set-Cookie; + + location / { + proxy_pass http://content-app; + } + + location /alfresco/ { + proxy_pass http://alfresco:8080; + } + + location /share/ { + proxy_pass http://share:8080; + } +} diff --git a/docs/getting-started/docker.md b/docs/getting-started/docker.md index 350e2c4b9..67c932663 100644 --- a/docs/getting-started/docker.md +++ b/docs/getting-started/docker.md @@ -28,15 +28,5 @@ Use the following command to stop all the containers: npm run stop:docker ``` -## Preview Mode - -**Tip:** With this mode, you do not need building application from source code or installing dependencies. - -To run the latest published container go to the `docker-compose` folder and start docker compose from there: - -```sh -cd docker-compose -docker-compose up -``` - -The application is available at the `http://localhost:3000` address. +You can also develop the application and run in default port (4200), +it is going to use the same docker containers automatically. diff --git a/package.json b/package.json index 2312a8ced..b0a3b1103 100644 --- a/package.json +++ b/package.json @@ -15,7 +15,8 @@ "wd:update": "webdriver-manager update --gecko=false", "e2e": "npm run wd:update && protractor --baseUrl=http://localhost:4000", "e2e.local": "npm run wd:update && protractor --baseUrl=http://localhost:4200", - "start:docker": "docker-compose up -d --build && wait-on http://localhost:8080 && wait-on http://localhost:4000", + "wait:app": "wait-on http://localhost:8080 && wait-on http://localhost:4000", + "start:docker": "docker-compose up -d --build && npm run wait:app", "stop:docker": "docker-compose stop", "e2e:docker": "npm run start:docker && npm run e2e && npm run stop:docker", "spellcheck": "cspell 'src/**/*.ts' 'e2e/**/*.ts' 'projects/**/*.ts'", @@ -25,7 +26,7 @@ "build.tomcat": "npm run build -- --base-href ./ && jar -cvf docker/tomcat/artifacts/content-app.war -C dist/app/ .", "build.tomcat.e2e": "./build-tomcat-e2e.sh", "e2e.tomcat": "npm run wd:update && protractor --baseUrl=http://localhost:4000/content-app/", - "docker.tomcat.start": "cd docker/tomcat && docker-compose up -d --build && wait-on http://localhost:8080 && wait-on http://localhost:4000", + "docker.tomcat.start": "cd docker/tomcat && docker-compose up -d --build && npm run wait:app", "docker.tomcat.stop": "cd docker/tomcat && docker-compose stop", "docker.tomcat.e2e": "npm run docker.tomcat.start && npm run e2e.tomcat", "lint:staged": "lint-staged" diff --git a/start-sso.sh b/start-sso.sh new file mode 100755 index 000000000..87efca10d --- /dev/null +++ b/start-sso.sh @@ -0,0 +1,19 @@ +export HOST_IP=$(ifconfig | grep -E "([0-9]{1,3}\.){3}[0-9]{1,3}" | grep -v 127.0.0.1 | awk '{ print $2 }' | cut -f2 -d: | head -n1) +export AUTH_SERVER_URL="http://${HOST_IP}:8085/auth" +export APP_URL="http://${HOST_IP}:4000" + +export APP_CONFIG_AUTH_TYPE="OAUTH" +export APP_CONFIG_OAUTH2_HOST="${AUTH_SERVER_URL}/realms/alfresco" +export APP_CONFIG_OAUTH2_CLIENTID="alfresco" +export APP_CONFIG_OAUTH2_REDIRECT_SILENT_IFRAME_URI="${APP_URL}/assets/silent-refresh.html" +export APP_CONFIG_OAUTH2_REDIRECT_LOGIN="/" +export APP_CONFIG_OAUTH2_REDIRECT_LOGOUT="/logout" + +docker-compose -f docker-compose-keycloak.yml up -d --build + +echo "Waiting for the app..." +npm run wait:app + +echo "Identity Service: ${AUTH_SERVER_URL}" +echo "Realm: ${APP_CONFIG_OAUTH2_HOST}" +echo "Content Workspace: ${APP_URL}"