mocode-software/meldestelle
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5f6114450d
meldestelle/config/docker/keycloak/meldestelle-realm.json
stefan ef336feb94
All checks were successful
Build and Publish Docker Images / build-and-push (., backend/infrastructure/gateway/Dockerfile, api-gateway, api-gateway) (push) Successful in 7m46s
Details
Build and Publish Docker Images / build-and-push (., backend/services/ping/Dockerfile, ping-service, ping-service) (push) Successful in 7m12s
Details
Build and Publish Docker Images / build-and-push (., config/docker/caddy/web-app/Dockerfile, web-app, web-app) (push) Successful in 1m55s
Details
Build and Publish Docker Images / build-and-push (., config/docker/keycloak/Dockerfile, keycloak, keycloak) (push) Successful in 1m37s
Details
Add app.mo-code.at to Keycloak configuration, update allowed origins, and include debug logs for analysis
2026-03-15 01:14:43 +01:00

403 lines
11 KiB
JSON
Raw Blame History

{
"realm": "meldestelle",
"enabled": true,
"displayName": "Meldestelle Authentication",
"displayNameHtml": "<div class=\"kc-logo-text\"><span>Meldestelle</span></div>",
"sslRequired": "external",
"registrationAllowed": false,
"registrationEmailAsUsername": false,
"rememberMe": true,
"verifyEmail": false,
"loginWithEmailAllowed": true,
"duplicateEmailsAllowed": false,
"resetPasswordAllowed": true,
"editUsernameAllowed": false,
"bruteForceProtected": true,
"permanentLockout": false,
"maxFailureWaitSeconds": 900,
"minimumQuickLoginWaitSeconds": 60,
"waitIncrementSeconds": 60,
"quickLoginCheckMilliSeconds": 1000,
"maxDeltaTimeSeconds": 43200,
"failureFactor": 5,
"defaultSignatureAlgorithm": "RS256",
"offlineSessionMaxLifespan": 5184000,
"offlineSessionMaxLifespanEnabled": false,
"accessTokenLifespan": 300,
"accessTokenLifespanForImplicitFlow": 900,
"ssoSessionIdleTimeout": 1800,
"ssoSessionMaxLifespan": 36000,
"refreshTokenMaxReuse": 0,
"accessCodeLifespan": 60,
"accessCodeLifespanUserAction": 300,
"accessCodeLifespanLogin": 1800,
"actionTokenGeneratedByAdminLifespan": 43200,
"actionTokenGeneratedByUserLifespan": 300,
"oauth2DeviceCodeLifespan": 600,
"oauth2DevicePollingInterval": 5,
"internationalizationEnabled": true,
"supportedLocales": [
"de",
"en"
],
"defaultLocale": "de",
"roles": {
"realm": [
{
"name": "ADMIN",
"description": "Administrator role with full system access",
"composite": false,
"clientRole": false
},
{
"name": "USER",
"description": "Standard user role with limited access",
"composite": false,
"clientRole": false
},
{
"name": "MELD_USER",
"description": "Verified user role (Technical placeholder for REITER)",
"composite": false,
"clientRole": false
},
{
"name": "MONITORING",
"description": "Monitoring role for system health checks",
"composite": false,
"clientRole": false
},
{
"name": "GUEST",
"description": "Guest role with minimal access",
"composite": false,
"clientRole": false
}
]
},
"clients": [
{
"clientId": "api-gateway",
"name": "API Gateway Client",
"description": "OAuth2 client for the Meldestelle API Gateway",
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"secret": "K5RqonwVOaxPKaXVH4mbthSRbjRh5tOK",
"redirectUris": [
"http://localhost:8081/*",
"http://localhost:3000/*",
"https://app.meldestelle.at/*"
],
"webOrigins": [
"http://localhost:8081",
"http://localhost:3000",
"https://app.meldestelle.at",
"http://localhost:8080"
],
"protocol": "openid-connect",
"bearerOnly": false,
"publicClient": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": true,
"authorizationServicesEnabled": false,
"fullScopeAllowed": true,
"frontchannelLogout": true,
"attributes": {
"access.token.lifespan": "300",
"client.secret.creation.time": "0",
"oauth2.device.authorization.grant.enabled": "false",
"backchannel.logout.session.required": "true",
"backchannel.logout.revoke.offline.tokens": "false",
"post.logout.redirect.uris": "http://localhost:8081/*##http://localhost:3000/*##https://app.meldestelle.at/*"
},
"protocolMappers": [
{
"name": "realm-roles",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-realm-role-mapper",
"consentRequired": false,
"config": {
"multivalued": "true",
"userinfo.token.claim": "true",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "realm_access.roles",
"jsonType.label": "String"
}
},
{
"name": "client-roles",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-client-role-mapper",
"consentRequired": false,
"config": {
"multivalued": "true",
"userinfo.token.claim": "true",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "resource_access.${client_id}.roles",
"jsonType.label": "String"
}
},
{
"name": "username",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "username",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "preferred_username",
"jsonType.label": "String"
}
},
{
"name": "email",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "email",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "email",
"jsonType.label": "String"
}
},
{
"name": "full-name",
"protocol": "openid-connect",
"protocolMapper": "oidc-full-name-mapper",
"consentRequired": false,
"config": {
"id.token.claim": "true",
"access.token.claim": "true",
"userinfo.token.claim": "true"
}
}
]
},
{
"clientId": "web-app",
"name": "Web Application Client",
"description": "Public client for web frontend",
"enabled": true,
"publicClient": true,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": true,
"redirectUris": [
"http://localhost:8080/*",
"http://localhost:4000/*",
"http://localhost:3000/*",
"https://app.meldestelle.at/*",
"https://app.mo-code.at/*"
],
"webOrigins": [
"http://localhost:8080",
"http://localhost:4000",
"http://localhost:3000",
"https://app.meldestelle.at",
"https://app.mo-code.at"
],
"protocol": "openid-connect",
"attributes": {
"pkce.code.challenge.method": "S256",
"post.logout.redirect.uris": "http://localhost:8080/*##http://localhost:4000/*##http://localhost:3000/*##https://app.meldestelle.at/*##https://app.mo-code.at/*"
}
},
{
"clientId": "postman-client",
"name": "Postman Test Client",
"description": "Confidential client for backend testing via Postman",
"enabled": true,
"clientAuthenticatorType": "client-secret",
"secret": "postman-secret-123",
"redirectUris": [
"https://oauth.pstmn.io/v1/callback"
],
"webOrigins": [],
"protocol": "openid-connect",
"bearerOnly": false,
"publicClient": false,
"standardFlowEnabled": false,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": false,
"fullScopeAllowed": true
},
{
"clientId": "frontend-client",
"name": "Meldestelle Desktop & Mobile Client",
"description": "Public PKCE client for the KMP Compose Desktop/Mobile application",
"enabled": true,
"publicClient": true,
"protocol": "openid-connect",
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": false,
"authorizationServicesEnabled": false,
"attributes": {
"pkce.code.challenge.method": "S256",
"post.logout.redirect.uris": "meldestelle://callback##http://localhost:*##https://app.meldestelle.at/*##https://app.mo-code.at/*"
},
"redirectUris": [
"meldestelle://callback",
"http://localhost:*",
"https://app.meldestelle.at/*",
"https://app.mo-code.at/*"
],
"webOrigins": [
"http://localhost:8080",
"http://localhost:4000",
"https://app.meldestelle.at",
"https://app.mo-code.at"
],
"defaultClientScopes": [
"web-origins",
"acr",
"roles",
"profile",
"basic",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
]
}
],
"users": [
{
"username": "admin",
"enabled": true,
"emailVerified": true,
"firstName": "System",
"lastName": "Administrator",
"email": "admin@meldestelle.local",
"credentials": [
{
"type": "password",
"value": "Admin#1234",
"temporary": false
}
],
"realmRoles": [
"ADMIN",
"USER",
"MELD_USER"
],
"clientRoles": {
"api-gateway": [
"ADMIN"
]
}
}
],
"groups": [],
"defaultRoles": [
"USER",
"GUEST"
],
"requiredCredentials": [
"password"
],
"passwordPolicy": "length(10) and digits(1) and upperCase(1) and specialChars(1) and notUsername(undefined)",
"otpPolicyType": "totp",
"otpPolicyAlgorithm": "HmacSHA1",
"otpPolicyInitialCounter": 0,
"otpPolicyDigits": 6,
"otpPolicyLookAheadWindow": 1,
"otpPolicyPeriod": 30,
"otpSupportedApplications": [
"FreeOTP",
"Google Authenticator"
],
"webAuthnPolicyRpEntityName": "meldestelle",
"webAuthnPolicySignatureAlgorithms": [
"ES256",
"RS256"
],
"smtpServer": {},
"eventsEnabled": true,
"eventsListeners": [
"jboss-logging"
],
"enabledEventTypes": [
"LOGIN",
"LOGIN_ERROR",
"LOGOUT",
"REGISTER",
"REGISTER_ERROR",
"UPDATE_PASSWORD",
"UPDATE_PASSWORD_ERROR"
],
"adminEventsEnabled": true,
"adminEventsDetailsEnabled": true,
"identityProviders": [],
"identityProviderMappers": [],
"components": {
"org.keycloak.keys.KeyProvider": [
{
"name": "rsa-generated",
"providerId": "rsa-generated",
"subComponents": {},
"config": {
"priority": [
"100"
]
}
},
{
"name": "hmac-generated",
"providerId": "hmac-generated",
"subComponents": {},
"config": {
"priority": [
"100"
],
"algorithm": [
"HS256"
]
}
},
{
"name": "aes-generated",
"providerId": "aes-generated",
"subComponents": {},
"config": {
"priority": [
"100"
]
}
}
]
},
"authenticationFlows": [],
"authenticatorConfig": [],
"requiredActions": [],
"browserFlow": "browser",
"registrationFlow": "registration",
"directGrantFlow": "direct grant",
"resetCredentialsFlow": "reset credentials",
"clientAuthenticationFlow": "clients",
"dockerAuthenticationFlow": "docker auth",
"attributes": {
"frontendUrl": "",
"acr.loa.map": "{}",
"clientOfflineSessionMaxLifespan": "0",
"clientSessionIdleTimeout": "0",
"clientSessionMaxLifespan": "0",
"clientOfflineSessionIdleTimeout": "0"
}
}
Reference in New Issue View Git Blame Copy Permalink