onprem-deploy/yonote-chart-mono/templates/realm-configmap.yaml

169 lines
6.5 KiB
YAML
Raw Normal View History

2024-08-25 14:01:24 +00:00
apiVersion: v1
kind: ConfigMap
metadata:
name: realm-export
data:
realm-export.json: |
{
"realm": "yonote",
"enabled": true,
"notBefore": 1647809856,
"defaultSignatureAlgorithm": "RS256",
"revokeRefreshToken": false,
"refreshTokenMaxReuse": 0,
"accessTokenLifespan": 300,
"accessTokenLifespanForImplicitFlow": 900,
"ssoSessionIdleTimeout": 1800,
"ssoSessionMaxLifespan": 36000,
"ssoSessionIdleTimeoutRememberMe": 0,
"ssoSessionMaxLifespanRememberMe": 0,
"offlineSessionIdleTimeout": 2592000,
"offlineSessionMaxLifespanEnabled": false,
"offlineSessionMaxLifespan": 5184000,
"clientSessionIdleTimeout": 0,
"clientSessionMaxLifespan": 0,
"clientOfflineSessionIdleTimeout": 0,
"clientOfflineSessionMaxLifespan": 0,
"accessCodeLifespan": 60,
"accessCodeLifespanUserAction": 300,
"accessCodeLifespanLogin": 1800,
"actionTokenGeneratedByAdminLifespan": 43200,
"actionTokenGeneratedByUserLifespan": 300,
"oauth2DeviceCodeLifespan": 600,
"oauth2DevicePollingInterval": 5,
"sslRequired": "external",
"registrationAllowed": true,
"registrationEmailAsUsername": true,
"rememberMe": true,
"verifyEmail": false,
"loginWithEmailAllowed": true,
"duplicateEmailsAllowed": false,
"resetPasswordAllowed": true,
"editUsernameAllowed": false,
"bruteForceProtected": false,
"permanentLockout": false,
"maxFailureWaitSeconds": 900,
"minimumQuickLoginWaitSeconds": 60,
"waitIncrementSeconds": 60,
"quickLoginCheckMilliSeconds": 1000,
"maxDeltaTimeSeconds": 43200,
"failureFactor": 30,
"clients": [
{
"clientId": "{{ .Values.global.yonote.config.plain.data.OIDC_CLIENT_ID }}",
"secret": "{{ .Values.global.yonote.config.secret.stringData.OIDC_CLIENT_SECRET }}",
"redirectUris": [
"https://*.{{ .Values.global.yonote.baseListenAddress }}/*",
"http://*.{{ .Values.global.yonote.baseListenAddress }}/*",
"http://app.{{ .Values.global.yonote.baseListenAddress }}/*",
"https://app.{{ .Values.global.yonote.baseListenAddress }}/*",
"https://app.{{ .Values.global.yonote.baseListenAddress }}/auth/oidc.callback/*"
],
"baseUrl": "https://app.{{ .Values.global.yonote.baseListenAddress }}",
"enabled": true,
"publicClient": false,
"protocol": "openid-connect",
"attributes": {
"client.secret": "{{ .Values.global.yonote.config.secret.stringData.OIDC_CLIENT_SECRET }}",
"display.on.consent.screen": "true"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": false,
"protocolMappers": [
{
"name": "oidc-display-name",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "{{ .Values.global.yonote.config.plain.data.OIDC_DISPLAY_NAME }}",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "{{ .Values.global.yonote.config.plain.data.OIDC_DISPLAY_NAME }}",
"jsonType.label": "String"
}
}
],
"defaultClientScopes": ["openid", "email"]
}
],
"identityProviders": [],
"internationalizationEnabled": true,
"clientScopes": [
{
"name": "openid",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"display.on.consent.screen": "true",
"consent.screen.text": "{{ .Values.global.yonote.config.plain.data.OIDC_DISPLAY_NAME }}"
},
"protocolMappers": []
},
{
"name": "email",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"display.on.consent.screen": "true"
},
"protocolMappers": [
{
"id": "56fe6d23-690a-465c-bc36-99bff8fef6eb",
"name": "email verified",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "emailVerified",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "email_verified",
"jsonType.label": "boolean"
}
},
{
"id": "2c6acd0e-b776-48f5-9c3b-7bfdbbe712dc",
"name": "email",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "email",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "email",
"jsonType.label": "String"
}
}
]
}
],
"browserSecurityHeaders": {
"contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';"
},
"webAuthnPolicyRpEntityName": "keycloak",
"webAuthnPolicySignatureAlgorithms": ["ES256"],
"webAuthnPolicyRpId": "",
"webAuthnPolicyAttestationConveyancePreference": "not specified",
"webAuthnPolicyAuthenticatorAttachment": "not specified",
"webAuthnPolicyRequireResidentKey": "not specified",
"webAuthnPolicyUserVerificationRequirement": "not specified",
"webAuthnPolicyCreateTimeout": 0,
"webAuthnPolicyAvoidSameAuthenticatorRegister": false,
"webAuthnPolicyAcceptableAaguids": [],
"webAuthnPolicyPasswordlessRpEntityName": "keycloak",
"webAuthnPolicyPasswordlessSignatureAlgorithms": ["ES256"],
"webAuthnPolicyPasswordlessRpId": "",
"webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified",
"webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified",
"webAuthnPolicyPasswordlessRequireResidentKey": "not specified",
"webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified",
"webAuthnPolicyPasswordlessCreateTimeout": 0,
"webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false,
"webAuthnPolicyPasswordlessAcceptableAaguids": [],
"smtpServer": {}
}