From 9d468ec7f15528e5e6d64ce7e1712aa461acaea6 Mon Sep 17 00:00:00 2001 From: geso02 Date: Mon, 28 Apr 2025 14:54:21 +0200 Subject: [PATCH 1/8] Update example to use nginx setup instead of keycloak plugin --- examples/BaSyxSecured/README.md | 19 ++- .../basyx/aas-discovery.properties | 2 +- .../BaSyxSecured/basyx/aas-env.properties | 10 +- examples/BaSyxSecured/docker-compose.yaml | 94 ++++++++++--- examples/BaSyxSecured/keycloak/Dockerfile | 15 --- .../BaSyxSecured/keycloak/initializer/pom.xml | 126 ------------------ .../InitializerProviderFactory.java | 22 --- .../keycloak/initializer/InitializerSpi.java | 29 ---- .../realm/IssuerInitializerProvider.java | 83 ------------ .../src/main/resources/log4j.properties | 8 -- .../keycloak/realm/BaSyx-realm.json | 8 +- 11 files changed, 105 insertions(+), 311 deletions(-) delete mode 100644 examples/BaSyxSecured/keycloak/Dockerfile delete mode 100644 examples/BaSyxSecured/keycloak/initializer/pom.xml delete mode 100644 examples/BaSyxSecured/keycloak/initializer/src/main/java/org/eclipse/digitaltwin/basyx/keycloak/initializer/InitializerProviderFactory.java delete mode 100644 examples/BaSyxSecured/keycloak/initializer/src/main/java/org/eclipse/digitaltwin/basyx/keycloak/initializer/InitializerSpi.java delete mode 100644 examples/BaSyxSecured/keycloak/initializer/src/main/java/org/eclipse/digitaltwin/basyx/keycloak/initializer/realm/IssuerInitializerProvider.java delete mode 100644 examples/BaSyxSecured/keycloak/initializer/src/main/resources/log4j.properties diff --git a/examples/BaSyxSecured/README.md b/examples/BaSyxSecured/README.md index 52cc6280e..c7176159a 100644 --- a/examples/BaSyxSecured/README.md +++ b/examples/BaSyxSecured/README.md @@ -3,20 +3,33 @@ All BaSyx components support role-based access control by using Keycloak as identity provider. Access rules are defined based on roles. Roles are defined in the Keycloak server. +In this setup, an nginx proxy is used to expose the different BaSyx services under dedicated subdomains. +The main URLs are: + +AAS Web UI: http://aasgui.basyx.localhost + +Keycloak: http://keycloak.basyx.localhost + +Additional service URLs can be found in the docker-compose file. + +Modern browsers like Google Chrome, Firefox, and others automatically resolve any URL ending with .localhost to the local address 127.0.0.1. +This means requests to these URLs are directly routed to your own machine, where the nginx instance running inside Docker forwards the requests to the corresponding BaSyx service. +As an alternative for setups where .localhost handling might not work correctly, you could manually map the required domains to 127.0.0.1 by editing your /etc/hosts file. + To start the secure setup execute the following command ```bash docker-compose up -d ``` -This will start the BaSyx components and the Keycloak server. The Keycloak server can be found at http://localhost:9097. +This will start the BaSyx components and the Keycloak server. The Keycloak server can be found at http://keycloak.basyx.localhost. There you can login as admin with username `admin` and password `keycloak-admin`. ![BaSyx Realm User Overview](users.png) The example comes with an already configured realm `BaSyx` and a user `john.doe` with password `johndoe`. This user has the `admin` role and can access all BaSyx components and all information about each component. -The entry point for accessing the Asset Administration Shells and their Submodels is the AAS Web UI running at http://localhost:3000. +The entry point for accessing the Asset Administration Shells and their Submodels is the AAS Web UI running at http://aasgui.basyx.localhost. After opening the page you will be redirected to the Keycloak login page. Use the credentials of user `john.doe` to log in. ![Login to BaSyx using Keycloak](login.png) @@ -25,7 +38,7 @@ The UI shows the login status in the top right corner. To end your session click on the logout button in the top right corner. ![Logout button in the AAS UI](logout.png) -There are several other user accounts available, each with different roles. You can use them to test the different levels of access. The password for these users is their username without the dots. You can find them in the [Users](http://localhost:9097/admin/master/console/#/BaSyx/users) tab of the BaSyx realm in Keycloak. +There are several other user accounts available, each with different roles. You can use them to test the different levels of access. The password for these users is their username without the dots. You can find them in the [Users](http://keycloak.basyx.localhost/admin/master/console/#/BaSyx/users) tab of the BaSyx realm in Keycloak. ## Upload AAS Environment files (AASX/JSON/XML) with RBAC diff --git a/examples/BaSyxSecured/basyx/aas-discovery.properties b/examples/BaSyxSecured/basyx/aas-discovery.properties index d1fc57268..74a127c40 100644 --- a/examples/BaSyxSecured/basyx/aas-discovery.properties +++ b/examples/BaSyxSecured/basyx/aas-discovery.properties @@ -9,4 +9,4 @@ basyx.feature.authorization.enabled = true basyx.feature.authorization.type = rbac basyx.feature.authorization.jwtBearerTokenProvider = keycloak basyx.feature.authorization.rbac.file = file:/application/rbac_rules.json -spring.security.oauth2.resourceserver.jwt.issuer-uri= http://keycloak:9097/realms/BaSyx \ No newline at end of file +spring.security.oauth2.resourceserver.jwt.issuer-uri= http://keycloak.basyx.localhost/realms/BaSyx \ No newline at end of file diff --git a/examples/BaSyxSecured/basyx/aas-env.properties b/examples/BaSyxSecured/basyx/aas-env.properties index 42358acb4..649b4a47e 100644 --- a/examples/BaSyxSecured/basyx/aas-env.properties +++ b/examples/BaSyxSecured/basyx/aas-env.properties @@ -5,14 +5,14 @@ basyx.cors.allowed-origins=* basyx.cors.allowed-methods=GET,POST,PATCH,DELETE,PUT,OPTIONS,HEAD basyx.aasrepository.feature.registryintegration=http://aas-registry:8080 basyx.submodelrepository.feature.registryintegration=http://sm-registry:8080 -basyx.externalurl=http://localhost:8081 +basyx.externalurl=http://aasenv.basyx.localhost basyx.feature.authorization.enabled = true basyx.feature.authorization.type = rbac basyx.feature.authorization.jwtBearerTokenProvider = keycloak basyx.feature.authorization.rbac.file = file:/application/rbac_rules.json -spring.security.oauth2.resourceserver.jwt.issuer-uri= http://keycloak-rbac:8080/realms/BaSyx -basyx.aasenvironment.authorization.preconfiguration.token-endpoint=http://keycloak-rbac:8080/realms/BaSyx/protocol/openid-connect/token +spring.security.oauth2.resourceserver.jwt.issuer-uri= http://keycloak.basyx.localhost/realms/BaSyx +basyx.aasenvironment.authorization.preconfiguration.token-endpoint=http://keycloak.basyx.localhost/realms/BaSyx/protocol/openid-connect/token basyx.aasenvironment.authorization.preconfiguration.grant-type = CLIENT_CREDENTIALS basyx.aasenvironment.authorization.preconfiguration.client-id=workstation-1 basyx.aasenvironment.authorization.preconfiguration.client-secret=nY0mjyECF60DGzNmQUjL81XurSl8etom @@ -23,12 +23,12 @@ spring.servlet.multipart.max-request-size=128MB spring.servlet.multipart.max-file-size=128MB basyx.aasrepository.feature.registryintegration.authorization.enabled=true -basyx.aasrepository.feature.registryintegration.authorization.token-endpoint=http://keycloak-rbac:8080/realms/BaSyx/protocol/openid-connect/token +basyx.aasrepository.feature.registryintegration.authorization.token-endpoint=http://keycloak.basyx.localhost/realms/BaSyx/protocol/openid-connect/token basyx.aasrepository.feature.registryintegration.authorization.grant-type = CLIENT_CREDENTIALS basyx.aasrepository.feature.registryintegration.authorization.client-id = workstation-1 basyx.aasrepository.feature.registryintegration.authorization.client-secret = nY0mjyECF60DGzNmQUjL81XurSl8etom basyx.submodelrepository.feature.registryintegration.authorization.enabled=true -basyx.submodelrepository.feature.registryintegration.authorization.token-endpoint=http://keycloak-rbac:8080/realms/BaSyx/protocol/openid-connect/token +basyx.submodelrepository.feature.registryintegration.authorization.token-endpoint=http://keycloak.basyx.localhost/realms/BaSyx/protocol/openid-connect/token basyx.submodelrepository.feature.registryintegration.authorization.grant-type = CLIENT_CREDENTIALS basyx.submodelrepository.feature.registryintegration.authorization.client-id=workstation-1 basyx.submodelrepository.feature.registryintegration.authorization.client-secret=nY0mjyECF60DGzNmQUjL81XurSl8etom diff --git a/examples/BaSyxSecured/docker-compose.yaml b/examples/BaSyxSecured/docker-compose.yaml index b0db5b757..94266369d 100644 --- a/examples/BaSyxSecured/docker-compose.yaml +++ b/examples/BaSyxSecured/docker-compose.yaml @@ -1,8 +1,25 @@ services: + + # nginx reverse proxy to support dns lookup + # nginx-proxy: + # image: nginxproxy/nginx-proxy:1.6.0-alpine + # container_name: proxy + # restart: always + # ports: + # - "80:80" + # volumes: + # - /var/run/docker.sock:/tmp/docker.sock:ro + # environment: + # DEFAULT_HOST: aasgui.basyx.localhost + # networks: + # - basyx-java-server-sdk + # AAS Environment aas-env: image: eclipsebasyx/aas-environment:$BASYX_VERSION container_name: aas-env-rbac + extra_hosts: + - "keycloak.basyx.localhost:host-gateway" volumes: - ./aas:/application/aas - ./basyx/aas-env.properties:/application/application.properties @@ -10,6 +27,9 @@ services: ports: - '8081:8081' restart: always + environment: + VIRTUAL_HOST: aasenv.basyx.localhost + VIRTUAL_PORT: "8081" depends_on: aas-registry: condition: service_healthy @@ -22,20 +42,27 @@ services: aas-registry: image: eclipsebasyx/aas-registry-log-mem:$BASYX_VERSION container_name: secured-aas-registry-log-mem-rbac + extra_hosts: + - "keycloak.basyx.localhost:host-gateway" ports: - "8082:8080" environment: + VIRTUAL_HOST: aasreg.basyx.localhost + VIRTUAL_PORT: "8080" SERVER_SERVLET_CONTEXT_PATH: / BASYX_CORS_ALLOWED_ORIGINS: '*' BASYX_CORS_ALLOWED_METHODS: GET,POST,PATCH,DELETE,PUT,OPTIONS,HEAD BASYX_FEATURE_AUTHORIZATION_ENABLED: true BASYX_FEATURE_AUTHORIZATION_TYPE: rbac BASYX_FEATURE_AUTHORIZATION_JWTBEARERTOKENPROVIDER: keycloak - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI: http://keycloak-rbac:8080/realms/BaSyx + SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI: http://keycloak.basyx.localhost/realms/BaSyx BASYX_FEATURE_AUTHORIZATION_RBAC_FILE: file:/workspace/config/rbac_rules.json volumes: - ./basyx/rules/aas_registry_rbac_rules.json:/workspace/config/rbac_rules.json restart: always + depends_on: + keycloak-healthcheck: + condition: service_completed_successfully networks: - basyx-java-server-sdk @@ -43,20 +70,27 @@ services: sm-registry: image: eclipsebasyx/submodel-registry-log-mem:$BASYX_VERSION container_name: secured-sm-registry-log-mem-rbac + extra_hosts: + - "keycloak.basyx.localhost:host-gateway" environment: + VIRTUAL_HOST: smreg.basyx.localhost + VIRTUAL_PORT: "8080" SERVER_SERVLET_CONTEXT_PATH: / BASYX_CORS_ALLOWED_ORIGINS: '*' BASYX_CORS_ALLOWED_METHODS: GET,POST,PATCH,DELETE,PUT,OPTIONS,HEAD BASYX_FEATURE_AUTHORIZATION_ENABLED: true BASYX_FEATURE_AUTHORIZATION_TYPE: rbac BASYX_FEATURE_AUTHORIZATION_JWTBEARERTOKENPROVIDER: keycloak - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI: http://keycloak-rbac:8080/realms/BaSyx + SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI: http://keycloak.basyx.localhost/realms/BaSyx BASYX_FEATURE_AUTHORIZATION_RBAC_FILE: file:/workspace/config/rbac_rules.json ports: - "8083:8080" volumes: - ./basyx/rules/sm_registry_rbac_rules.json:/workspace/config/rbac_rules.json restart: always + depends_on: + keycloak-healthcheck: + condition: service_completed_successfully networks: - basyx-java-server-sdk @@ -64,12 +98,20 @@ services: aas-discovery: image: eclipsebasyx/aas-discovery:$BASYX_VERSION container_name: aas-discovery + extra_hosts: + - "keycloak.basyx.localhost:host-gateway" + environment: + VIRTUAL_HOST: discovery.basyx.localhost + VIRTUAL_PORT: "8081" volumes: - ./basyx/aas-discovery.properties:/application/application.properties - ./basyx/rules/aas_discovery_rbac_rules.json:/application/rbac_rules.json ports: - '8084:8081' restart: always + depends_on: + keycloak-healthcheck: + condition: service_completed_successfully networks: - basyx-java-server-sdk @@ -78,17 +120,19 @@ services: image: eclipsebasyx/aas-gui:$AAS_WEBUI_VERSION container_name: aas-web-gui extra_hosts: - - "keycloak:127.0.0.1" + - "keycloak.basyx.localhost:host-gateway" ports: - '3000:3000' environment: - AAS_REGISTRY_PATH: http://localhost:8082/shell-descriptors - SUBMODEL_REGISTRY_PATH: http://localhost:8083/submodel-descriptors - AAS_REPO_PATH: http://localhost:8081/shells - SUBMODEL_REPO_PATH: http://localhost:8081/submodels - CD_REPO_PATH: http://localhost:8081/concept-descriptions - AAS_DISCOVERY_PATH: http://localhost:8084/lookup/shells - KEYCLOAK_URL: http://localhost:9097 + VIRTUAL_HOST: aasgui.basyx.localhost + VIRTUAL_PORT: "3000" + AAS_REGISTRY_PATH: http://aasreg.basyx.localhost/shell-descriptors + SUBMODEL_REGISTRY_PATH: http://smreg.basyx.localhost/submodel-descriptors + AAS_REPO_PATH: http://aasenv.basyx.localhost/shells + SUBMODEL_REPO_PATH: http://aasenv.basyx.localhost/submodels + CD_REPO_PATH: http://aasenv.basyx.localhost/concept-descriptions + AAS_DISCOVERY_PATH: http://discovery.basyx.localhost/lookup/shells + KEYCLOAK_URL: http://keycloak.basyx.localhost KEYCLOAK_REALM: BaSyx KEYCLOAK_CLIENT_ID: basyx-web-ui restart: always @@ -98,17 +142,20 @@ services: networks: - basyx-java-server-sdk + keycloak: - image: eclipsebasyx/keycloak:0.0.1 - build: - context: ./keycloak - dockerfile: Dockerfile + image: keycloak/keycloak:24.0.4 container_name: keycloak-rbac environment: - KC_HOSTNAME: localhost - KC_SPI_INITIALIZER_ISSUER_BASE_URI: http://keycloak-rbac:8080 + VIRTUAL_HOST: keycloak.basyx.localhost + VIRTUAL_PORT: "8080" + KC_HOSTNAME: keycloak.basyx.localhost KEYCLOAK_ADMIN: admin KEYCLOAK_ADMIN_PASSWORD: keycloak-admin + KC_HTTP_ENABLED: "true" + KC_HTTPS_ENABLED: "false" + KC_HEALTH_ENABLED: "true" + KC_IMPORT: /opt/keycloak/data/import/ command: ["start-dev", "--import-realm"] ports: - 9097:8080 @@ -116,6 +163,21 @@ services: - ./keycloak/realm:/opt/keycloak/data/import networks: - basyx-java-server-sdk + + keycloak-healthcheck: + image: curlimages/curl:latest + container_name: keycloak-healthcheck + command: > + sh -c " + echo 'Waiting for Keycloak to become ready...'; + until curl -sf http://keycloak-rbac:8080/health/ready; do + sleep 5; + done; + echo 'Keycloak is ready!'" + depends_on: + - keycloak + networks: + - basyx-java-server-sdk networks: basyx-java-server-sdk: diff --git a/examples/BaSyxSecured/keycloak/Dockerfile b/examples/BaSyxSecured/keycloak/Dockerfile deleted file mode 100644 index 1af526960..000000000 --- a/examples/BaSyxSecured/keycloak/Dockerfile +++ /dev/null @@ -1,15 +0,0 @@ -# syntax=docker/dockerfile:1 -FROM maven:3-eclipse-temurin-17 AS build -ARG HTTP_PROXY -ARG HTTPS_PROXY -WORKDIR /workspace -COPY ./initializer/pom.xml /workspace/pom.xml -COPY ./initializer/src /workspace/src -COPY ./realm/BaSyx-realm.json /workspace/BaSyx-realm.json -RUN mvn install - -FROM keycloak/keycloak:24.0.4 -COPY --from=build /workspace/target/org.eclipse.digitaltwin.basyx.v3.clients-keycloak-issuer-initializer.jar /opt/keycloak/providers/issuer-initializer.jar -COPY --from=build /workspace/BaSyx-realm.json /opt/keycloak/data/import/BaSyx-realm.json - -RUN /opt/keycloak/bin/kc.sh import --file /opt/keycloak/data/import/BaSyx-realm.json \ No newline at end of file diff --git a/examples/BaSyxSecured/keycloak/initializer/pom.xml b/examples/BaSyxSecured/keycloak/initializer/pom.xml deleted file mode 100644 index 62d5c64b2..000000000 --- a/examples/BaSyxSecured/keycloak/initializer/pom.xml +++ /dev/null @@ -1,126 +0,0 @@ - - - 4.0.0 - org.eclipse.digitaltwin.basyx.v3.clients - keycloak-issuer-initializer - 1.0-SNAPSHOT - - - 24.0.3 - UTF-8 - 1.14.11 - 2.0.13 - - - - - org.keycloak - keycloak-core - ${keycloak.version} - - - org.keycloak - keycloak-server-spi - ${keycloak.version} - - - org.keycloak - keycloak-server-spi-private - ${keycloak.version} - - - org.keycloak - keycloak-services - ${keycloak.version} - - - - com.google.auto.service - auto-service - - 1.1.1 - - - org.slf4j - slf4j-api - ${slf4j.version} - - - net.bytebuddy - byte-buddy - 1.14.15 - - - net.bytebuddy - byte-buddy-agent - 1.14.15 - - - com.cronutils - cron-utils - 9.2.1 - - - org.slf4j - slf4j-reload4j - ${slf4j.version} - - - - - ${project.groupId}-${project.artifactId} - - - org.apache.maven.plugins - maven-shade-plugin - - - package - - shade - - - - - - org.keycloak:* - - **/* - - - - io.smallrye.common:smallrye-common-annotation - - **/* - - - - - - - - - - - - - - \ No newline at end of file diff --git a/examples/BaSyxSecured/keycloak/initializer/src/main/java/org/eclipse/digitaltwin/basyx/keycloak/initializer/InitializerProviderFactory.java b/examples/BaSyxSecured/keycloak/initializer/src/main/java/org/eclipse/digitaltwin/basyx/keycloak/initializer/InitializerProviderFactory.java deleted file mode 100644 index ccb4be066..000000000 --- a/examples/BaSyxSecured/keycloak/initializer/src/main/java/org/eclipse/digitaltwin/basyx/keycloak/initializer/InitializerProviderFactory.java +++ /dev/null @@ -1,22 +0,0 @@ -package org.eclipse.digitaltwin.basyx.keycloak.initializer; - -import org.keycloak.Config; -import org.keycloak.models.KeycloakSession; -import org.keycloak.provider.Provider; -import org.keycloak.provider.ProviderFactory; - -public interface InitializerProviderFactory extends ProviderFactory, Provider { - - @Override - default Provider create(KeycloakSession session) { - return null; - } - - @Override - default void init(Config.Scope config) { - } - - @Override - default void close() { - } -} diff --git a/examples/BaSyxSecured/keycloak/initializer/src/main/java/org/eclipse/digitaltwin/basyx/keycloak/initializer/InitializerSpi.java b/examples/BaSyxSecured/keycloak/initializer/src/main/java/org/eclipse/digitaltwin/basyx/keycloak/initializer/InitializerSpi.java deleted file mode 100644 index 67da7d22c..000000000 --- a/examples/BaSyxSecured/keycloak/initializer/src/main/java/org/eclipse/digitaltwin/basyx/keycloak/initializer/InitializerSpi.java +++ /dev/null @@ -1,29 +0,0 @@ -package org.eclipse.digitaltwin.basyx.keycloak.initializer; - -import com.google.auto.service.AutoService; -import org.keycloak.provider.Provider; -import org.keycloak.provider.ProviderFactory; -import org.keycloak.provider.Spi; - -@AutoService(Spi.class) -public class InitializerSpi implements Spi { - @Override - public boolean isInternal() { - return true; - } - - @Override - public String getName() { - return "initializer"; - } - - @Override - public Class getProviderClass() { - return Provider.class; - } - - @Override - public Class> getProviderFactoryClass() { - return InitializerProviderFactory.class; - } -} diff --git a/examples/BaSyxSecured/keycloak/initializer/src/main/java/org/eclipse/digitaltwin/basyx/keycloak/initializer/realm/IssuerInitializerProvider.java b/examples/BaSyxSecured/keycloak/initializer/src/main/java/org/eclipse/digitaltwin/basyx/keycloak/initializer/realm/IssuerInitializerProvider.java deleted file mode 100644 index 8ad4f8edf..000000000 --- a/examples/BaSyxSecured/keycloak/initializer/src/main/java/org/eclipse/digitaltwin/basyx/keycloak/initializer/realm/IssuerInitializerProvider.java +++ /dev/null @@ -1,83 +0,0 @@ -package org.eclipse.digitaltwin.basyx.keycloak.initializer.realm; - -import static net.bytebuddy.matcher.ElementMatchers.isDeclaredBy; -import static net.bytebuddy.matcher.ElementMatchers.named; -import static net.bytebuddy.matcher.ElementMatchers.returns; - -import java.net.URI; -import java.net.URISyntaxException; -import java.util.List; - -import org.eclipse.digitaltwin.basyx.keycloak.initializer.InitializerProviderFactory; -import org.keycloak.Config; -import org.keycloak.models.KeycloakSessionFactory; -import org.keycloak.provider.ProviderConfigProperty; -import org.keycloak.provider.ProviderConfigurationBuilder; -import org.keycloak.services.Urls; -import org.keycloak.services.validation.Validation; - -import com.google.auto.service.AutoService; - -import net.bytebuddy.ByteBuddy; -import net.bytebuddy.agent.ByteBuddyAgent; -import net.bytebuddy.dynamic.loading.ClassReloadingStrategy; -import net.bytebuddy.implementation.MethodDelegation; - -@AutoService(InitializerProviderFactory.class) -public class IssuerInitializerProvider implements InitializerProviderFactory { - - public static final String PROVIDER_ID = "issuer"; - - private static final String CONFIG_ATTR_BASE_URI = "base-uri"; - - private static String issuerBaseUri; - - private static final org.slf4j.Logger log = org.slf4j.LoggerFactory.getLogger(IssuerInitializerProvider.class); - - @Override - public String getId() { - return PROVIDER_ID; - } - - @Override - public void init(Config.Scope config) { - issuerBaseUri = config.get(CONFIG_ATTR_BASE_URI); - if (!Validation.isBlank(issuerBaseUri)) { - log.info("Issuer BaseURI fixed value: {}", issuerBaseUri); - } else { - log.info("Issuer BaseURI is blank"); - } - } - - @Override - public void postInit(KeycloakSessionFactory factory) { - ByteBuddyAgent.install(); - new ByteBuddy() - .redefine(Urls.class) - .method(named("realmIssuer").and(isDeclaredBy(Urls.class).and(returns(String.class)))) - .intercept(MethodDelegation.to(this.getClass())) - .make() - .load(Urls.class.getClassLoader(), ClassReloadingStrategy.fromInstalledAgent()); - } - - public static String realmIssuer(URI baseUri, String realmName) { - try { - baseUri = new URI(issuerBaseUri); - } catch (URISyntaxException | NullPointerException ignored) { - } - return Urls.realmBase(baseUri).path("{realm}").build(realmName).toString(); - } - - @Override - public List getConfigMetadata() { - return ProviderConfigurationBuilder.create() - .property() - .name(CONFIG_ATTR_BASE_URI) - .type(ProviderConfigProperty.STRING_TYPE) - .helpText("The baseUri to use for the issuer of this server. Keep empty, if the regular hostname settings should be used.") - .add() - .build(); - } -} - - diff --git a/examples/BaSyxSecured/keycloak/initializer/src/main/resources/log4j.properties b/examples/BaSyxSecured/keycloak/initializer/src/main/resources/log4j.properties deleted file mode 100644 index 05fb2da9e..000000000 --- a/examples/BaSyxSecured/keycloak/initializer/src/main/resources/log4j.properties +++ /dev/null @@ -1,8 +0,0 @@ -# Root Logger -log4j.rootLogger=INFO, stdout - -# Direct log messages to stdout -log4j.appender.stdout=org.apache.log4j.ConsoleAppender -log4j.appender.stdout.Target=System.out -log4j.appender.stdout.layout=org.apache.log4j.PatternLayout -log4j.appender.stdout.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n \ No newline at end of file diff --git a/examples/BaSyxSecured/keycloak/realm/BaSyx-realm.json b/examples/BaSyxSecured/keycloak/realm/BaSyx-realm.json index 7680f78b7..cd61dff78 100644 --- a/examples/BaSyxSecured/keycloak/realm/BaSyx-realm.json +++ b/examples/BaSyxSecured/keycloak/realm/BaSyx-realm.json @@ -1629,8 +1629,10 @@ "enabled" : true, "alwaysDisplayInConsole" : false, "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ "http://localhost:3000/*" ], - "webOrigins" : [ "http://localhost:3000" ], + "redirectUris" : [ + "http://aasgui.basyx.localhost/*", "http://localhost:3000/*" ], + "webOrigins" : [ + "http://aasgui.basyx.localhost", "http://localhost:3000" ], "notBefore" : 0, "bearerOnly" : false, "consentRequired" : false, @@ -1644,7 +1646,7 @@ "attributes" : { "oidc.ciba.grant.enabled" : "false", "backchannel.logout.session.required" : "true", - "post.logout.redirect.uris" : "http://localhost:3000/*", + "post.logout.redirect.uris": "http://localhost:3000/*##http://aasgui.basyx.localhost/*", "oauth2.device.authorization.grant.enabled" : "true", "display.on.consent.screen" : "false", "backchannel.logout.revoke.offline.tokens" : "false" From 837ae4fbc8898d21f401fbf74f940cb310aa1c9f Mon Sep 17 00:00:00 2001 From: geso02 Date: Mon, 28 Apr 2025 14:54:54 +0200 Subject: [PATCH 2/8] Uncomment keycloak fixed uri instance to check which test is using it --- ci/docker-compose.yml | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/ci/docker-compose.yml b/ci/docker-compose.yml index 628a83747..59b7ab131 100644 --- a/ci/docker-compose.yml +++ b/ci/docker-compose.yml @@ -158,24 +158,24 @@ services: networks: - basyx-java-server-sdk - keycloak-fixed-uri: - image: eclipsebasyx/keycloak:0.0.1 - build: - context: ./keycloak - dockerfile: Dockerfile.keycloak - container_name: keycloak-fixed - environment: - KC_HOSTNAME: localhost - KC_SPI_INITIALIZER_ISSUER_BASE_URI: http://keycloak-fixed:8080 - KEYCLOAK_ADMIN: admin - KEYCLOAK_ADMIN_PASSWORD: keycloak-admin - command: ["start-dev", "--import-realm"] - ports: - - 9097:8080 - volumes: - - ./keycloak/realm:/opt/keycloak/data/import:ro - networks: - - basyx-java-server-sdk + # keycloak-fixed-uri: + # image: eclipsebasyx/keycloak:0.0.1 + # build: + # context: ./keycloak + # dockerfile: Dockerfile.keycloak + # container_name: keycloak-fixed + # environment: + # KC_HOSTNAME: localhost + # KC_SPI_INITIALIZER_ISSUER_BASE_URI: http://keycloak-fixed:8080 + # KEYCLOAK_ADMIN: admin + # KEYCLOAK_ADMIN_PASSWORD: keycloak-admin + # command: ["start-dev", "--import-realm"] + # ports: + # - 9097:8080 + # volumes: + # - ./keycloak/realm:/opt/keycloak/data/import:ro + # networks: + # - basyx-java-server-sdk networks: basyx-java-server-sdk: From 0bf43307294f6d0a82686d8151b70d5031f17b35 Mon Sep 17 00:00:00 2001 From: geso02 Date: Tue, 29 Apr 2025 09:18:31 +0200 Subject: [PATCH 3/8] Fix aas repository registry integration tests --- ...thorizedAasRepositoryRegistryLinkTest.java | 2 +- .../application-authregistry.properties | 2 +- ci/docker-compose.yml | 78 ++++++++++++++++++- examples/BaSyxSecured/docker-compose.yaml | 24 +++--- 4 files changed, 90 insertions(+), 16 deletions(-) diff --git a/basyx.aasrepository/basyx.aasrepository-feature-registry-integration/src/test/java/org/eclipse/digitaltwin/basyx/aasrepository/feature/registry/integration/AuthorizedAasRepositoryRegistryLinkTest.java b/basyx.aasrepository/basyx.aasrepository-feature-registry-integration/src/test/java/org/eclipse/digitaltwin/basyx/aasrepository/feature/registry/integration/AuthorizedAasRepositoryRegistryLinkTest.java index d8f6b36f0..c21282c61 100644 --- a/basyx.aasrepository/basyx.aasrepository-feature-registry-integration/src/test/java/org/eclipse/digitaltwin/basyx/aasrepository/feature/registry/integration/AuthorizedAasRepositoryRegistryLinkTest.java +++ b/basyx.aasrepository/basyx.aasrepository-feature-registry-integration/src/test/java/org/eclipse/digitaltwin/basyx/aasrepository/feature/registry/integration/AuthorizedAasRepositoryRegistryLinkTest.java @@ -51,7 +51,7 @@ public class AuthorizedAasRepositoryRegistryLinkTest extends AasRepositoryRegistryLinkTestSuite { private static final String AAS_REPO_URL = "http://localhost:8081"; - private static final String AAS_REGISTRY_BASE_URL = "http://localhost:8051"; + private static final String AAS_REGISTRY_BASE_URL = "http://localhost:8052"; private static ConfigurableApplicationContext appContext; private static AasRepositoryRegistryLink aasRepositoryRegistryLink; diff --git a/basyx.aasrepository/basyx.aasrepository-feature-registry-integration/src/test/resources/application-authregistry.properties b/basyx.aasrepository/basyx.aasrepository-feature-registry-integration/src/test/resources/application-authregistry.properties index fb41fb610..21d823a23 100644 --- a/basyx.aasrepository/basyx.aasrepository-feature-registry-integration/src/test/resources/application-authregistry.properties +++ b/basyx.aasrepository/basyx.aasrepository-feature-registry-integration/src/test/resources/application-authregistry.properties @@ -36,7 +36,7 @@ basyx.externalurl=http://localhost:8081 # Authorized registry integration basyx.aasrepository.feature.registryintegration.authorization.enabled=true -basyx.aasrepository.feature.registryintegration.authorization.token-endpoint=http://localhost:9097/realms/BaSyx/protocol/openid-connect/token +basyx.aasrepository.feature.registryintegration.authorization.token-endpoint=http://localhost/realms/BaSyx/protocol/openid-connect/token basyx.aasrepository.feature.registryintegration.authorization.grant-type = CLIENT_CREDENTIALS basyx.aasrepository.feature.registryintegration.authorization.client-id=workstation-1 basyx.aasrepository.feature.registryintegration.authorization.client-secret=nY0mjyECF60DGzNmQUjL81XurSl8etom diff --git a/ci/docker-compose.yml b/ci/docker-compose.yml index 59b7ab131..ba19f8bad 100644 --- a/ci/docker-compose.yml +++ b/ci/docker-compose.yml @@ -1,5 +1,19 @@ version: "3.9" services: + + nginx-proxy: + image: nginxproxy/nginx-proxy:1.6.0-alpine + container_name: proxy + restart: always + ports: + - "80:80" + volumes: + - /var/run/docker.sock:/tmp/docker.sock:ro + environment: + DEFAULT_HOST: keycloak.basyx.localhost + networks: + - basyx-java-server-sdk + mongo: image: mongo:5.0.10 # Provide mongo config @@ -96,6 +110,8 @@ services: secured-aas-registry-log-mem: image: eclipsebasyx/aas-registry-log-mem:$BASYX_VERSION container_name: secured-aas-registry-log-mem + extra_hosts: + - "keycloak.basyx.localhost:host-gateway" ports: - "8051:8080" environment: @@ -105,7 +121,7 @@ services: BASYX_FEATURE_AUTHORIZATION_ENABLED: true BASYX_FEATURE_AUTHORIZATION_TYPE: rbac BASYX_FEATURE_AUTHORIZATION_JWTBEARERTOKENPROVIDER: keycloak - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI: http://keycloak-fixed:8080/realms/BaSyx + SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI: http://keycloak.basyx.localhost/realms/BaSyx BASYX_FEATURE_AUTHORIZATION_RBAC_FILE: file:/rbac/rbac_rules.json volumes: - ./keycloak/rules/rbac_rules-aas-registry.json:/rbac/rbac_rules.json:ro @@ -116,6 +132,8 @@ services: secured-sm-registry-log-mem: image: eclipsebasyx/submodel-registry-log-mem:$BASYX_VERSION container_name: secured-sm-registry-log-mem + extra_hosts: + - "keycloak.basyx.localhost:host-gateway" environment: SERVER_SERVLET_CONTEXT_PATH: / BASYX_CORS_ALLOWED_ORIGINS: '*' @@ -123,7 +141,7 @@ services: BASYX_FEATURE_AUTHORIZATION_ENABLED: true BASYX_FEATURE_AUTHORIZATION_TYPE: rbac BASYX_FEATURE_AUTHORIZATION_JWTBEARERTOKENPROVIDER: keycloak - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI: http://keycloak-fixed:8080/realms/BaSyx + SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI: http://keycloak.basyx.localhost:8080/realms/BaSyx BASYX_FEATURE_AUTHORIZATION_RBAC_FILE: file:/rbac/rbac_rules.json volumes: - ./keycloak/rules/rbac_rules-sm-registry.json:/rbac/rbac_rules.json:ro @@ -158,6 +176,62 @@ services: networks: - basyx-java-server-sdk + keycloak-localhost: + image: keycloak/keycloak:24.0.4 + container_name: keycloak-localhost + environment: + KC_HOSTNAME: localhost + KEYCLOAK_ADMIN: admin + KEYCLOAK_ADMIN_PASSWORD: keycloak-admin + KC_HTTP_ENABLED: "true" + KC_HTTPS_ENABLED: "false" + KC_HEALTH_ENABLED: "true" + KC_IMPORT: /opt/keycloak/data/import/ + command: ["start-dev", "--import-realm"] + volumes: + - ./keycloak/realm:/opt/keycloak/data/import + ports: + - 9098:8080 + networks: + - basyx-java-server-sdk + + + keycloak-nginx: + image: keycloak/keycloak:24.0.4 + container_name: keycloak-nginx + environment: + VIRTUAL_HOST: keycloak.basyx.localhost + VIRTUAL_PORT: "8080" + KC_HOSTNAME: keycloak.basyx.localhost + KEYCLOAK_ADMIN: admin + KEYCLOAK_ADMIN_PASSWORD: keycloak-admin + KC_HTTP_ENABLED: "true" + KC_HTTPS_ENABLED: "false" + KC_HEALTH_ENABLED: "true" + KC_IMPORT: /opt/keycloak/data/import/ + command: ["start-dev", "--import-realm"] + volumes: + - ./keycloak/realm:/opt/keycloak/data/import + ports: + - 9099:8080 + networks: + - basyx-java-server-sdk + + keycloak-healthcheck: + image: curlimages/curl:latest + container_name: keycloak-healthcheck + command: > + sh -c " + echo 'Waiting for Keycloak to become ready...'; + until curl -sf http://keycloak-nginx:8080/health/ready; do + sleep 5; + done; + echo 'Keycloak is ready!'" + depends_on: + - keycloak + networks: + - basyx-java-server-sdk + # keycloak-fixed-uri: # image: eclipsebasyx/keycloak:0.0.1 # build: diff --git a/examples/BaSyxSecured/docker-compose.yaml b/examples/BaSyxSecured/docker-compose.yaml index 94266369d..bf9b636cf 100644 --- a/examples/BaSyxSecured/docker-compose.yaml +++ b/examples/BaSyxSecured/docker-compose.yaml @@ -1,18 +1,18 @@ services: # nginx reverse proxy to support dns lookup - # nginx-proxy: - # image: nginxproxy/nginx-proxy:1.6.0-alpine - # container_name: proxy - # restart: always - # ports: - # - "80:80" - # volumes: - # - /var/run/docker.sock:/tmp/docker.sock:ro - # environment: - # DEFAULT_HOST: aasgui.basyx.localhost - # networks: - # - basyx-java-server-sdk + nginx-proxy: + image: nginxproxy/nginx-proxy:1.6.0-alpine + container_name: proxy + restart: always + ports: + - "80:80" + volumes: + - /var/run/docker.sock:/tmp/docker.sock:ro + environment: + DEFAULT_HOST: aasgui.basyx.localhost + networks: + - basyx-java-server-sdk # AAS Environment aas-env: From 10d52b0484e3e49395a05c1a3978402e119d260b Mon Sep 17 00:00:00 2001 From: geso02 Date: Tue, 29 Apr 2025 11:59:40 +0200 Subject: [PATCH 4/8] Update keycloak reference for test cases --- .../application-authregistry.properties | 2 +- ci/docker-compose.yml | 21 +-- ci/keycloak/initializer/pom.xml | 126 ------------------ .../InitializerProviderFactory.java | 22 --- .../keycloak/initializer/InitializerSpi.java | 29 ---- .../realm/IssuerInitializerProvider.java | 83 ------------ .../src/main/resources/log4j.properties | 8 -- 7 files changed, 2 insertions(+), 289 deletions(-) delete mode 100644 ci/keycloak/initializer/pom.xml delete mode 100644 ci/keycloak/initializer/src/main/java/org/eclipse/digitaltwin/basyx/keycloak/initializer/InitializerProviderFactory.java delete mode 100644 ci/keycloak/initializer/src/main/java/org/eclipse/digitaltwin/basyx/keycloak/initializer/InitializerSpi.java delete mode 100644 ci/keycloak/initializer/src/main/java/org/eclipse/digitaltwin/basyx/keycloak/initializer/realm/IssuerInitializerProvider.java delete mode 100644 ci/keycloak/initializer/src/main/resources/log4j.properties diff --git a/basyx.submodelrepository/basyx.submodelrepository-feature-registry-integration/src/test/resources/application-authregistry.properties b/basyx.submodelrepository/basyx.submodelrepository-feature-registry-integration/src/test/resources/application-authregistry.properties index 10f7d70a5..b64904df2 100644 --- a/basyx.submodelrepository/basyx.submodelrepository-feature-registry-integration/src/test/resources/application-authregistry.properties +++ b/basyx.submodelrepository/basyx.submodelrepository-feature-registry-integration/src/test/resources/application-authregistry.properties @@ -36,7 +36,7 @@ basyx.externalurl=http://localhost:8081 # Authorized registry integration basyx.submodelrepository.feature.registryintegration.authorization.enabled=true -basyx.submodelrepository.feature.registryintegration.authorization.token-endpoint=http://localhost:9097/realms/BaSyx/protocol/openid-connect/token +basyx.submodelrepository.feature.registryintegration.authorization.token-endpoint=http://localhost/realms/BaSyx/protocol/openid-connect/token basyx.submodelrepository.feature.registryintegration.authorization.grant-type = CLIENT_CREDENTIALS basyx.submodelrepository.feature.registryintegration.authorization.client-id=workstation-1 basyx.submodelrepository.feature.registryintegration.authorization.client-secret=nY0mjyECF60DGzNmQUjL81XurSl8etom diff --git a/ci/docker-compose.yml b/ci/docker-compose.yml index ba19f8bad..cd3868e5b 100644 --- a/ci/docker-compose.yml +++ b/ci/docker-compose.yml @@ -141,7 +141,7 @@ services: BASYX_FEATURE_AUTHORIZATION_ENABLED: true BASYX_FEATURE_AUTHORIZATION_TYPE: rbac BASYX_FEATURE_AUTHORIZATION_JWTBEARERTOKENPROVIDER: keycloak - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI: http://keycloak.basyx.localhost:8080/realms/BaSyx + SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI: http://keycloak.basyx.localhost/realms/BaSyx BASYX_FEATURE_AUTHORIZATION_RBAC_FILE: file:/rbac/rbac_rules.json volumes: - ./keycloak/rules/rbac_rules-sm-registry.json:/rbac/rbac_rules.json:ro @@ -232,25 +232,6 @@ services: networks: - basyx-java-server-sdk - # keycloak-fixed-uri: - # image: eclipsebasyx/keycloak:0.0.1 - # build: - # context: ./keycloak - # dockerfile: Dockerfile.keycloak - # container_name: keycloak-fixed - # environment: - # KC_HOSTNAME: localhost - # KC_SPI_INITIALIZER_ISSUER_BASE_URI: http://keycloak-fixed:8080 - # KEYCLOAK_ADMIN: admin - # KEYCLOAK_ADMIN_PASSWORD: keycloak-admin - # command: ["start-dev", "--import-realm"] - # ports: - # - 9097:8080 - # volumes: - # - ./keycloak/realm:/opt/keycloak/data/import:ro - # networks: - # - basyx-java-server-sdk - networks: basyx-java-server-sdk: name: basyx-java-server-sdk diff --git a/ci/keycloak/initializer/pom.xml b/ci/keycloak/initializer/pom.xml deleted file mode 100644 index 62d5c64b2..000000000 --- a/ci/keycloak/initializer/pom.xml +++ /dev/null @@ -1,126 +0,0 @@ - - - 4.0.0 - org.eclipse.digitaltwin.basyx.v3.clients - keycloak-issuer-initializer - 1.0-SNAPSHOT - - - 24.0.3 - UTF-8 - 1.14.11 - 2.0.13 - - - - - org.keycloak - keycloak-core - ${keycloak.version} - - - org.keycloak - keycloak-server-spi - ${keycloak.version} - - - org.keycloak - keycloak-server-spi-private - ${keycloak.version} - - - org.keycloak - keycloak-services - ${keycloak.version} - - - - com.google.auto.service - auto-service - - 1.1.1 - - - org.slf4j - slf4j-api - ${slf4j.version} - - - net.bytebuddy - byte-buddy - 1.14.15 - - - net.bytebuddy - byte-buddy-agent - 1.14.15 - - - com.cronutils - cron-utils - 9.2.1 - - - org.slf4j - slf4j-reload4j - ${slf4j.version} - - - - - ${project.groupId}-${project.artifactId} - - - org.apache.maven.plugins - maven-shade-plugin - - - package - - shade - - - - - - org.keycloak:* - - **/* - - - - io.smallrye.common:smallrye-common-annotation - - **/* - - - - - - - - - - - - - - \ No newline at end of file diff --git a/ci/keycloak/initializer/src/main/java/org/eclipse/digitaltwin/basyx/keycloak/initializer/InitializerProviderFactory.java b/ci/keycloak/initializer/src/main/java/org/eclipse/digitaltwin/basyx/keycloak/initializer/InitializerProviderFactory.java deleted file mode 100644 index ccb4be066..000000000 --- a/ci/keycloak/initializer/src/main/java/org/eclipse/digitaltwin/basyx/keycloak/initializer/InitializerProviderFactory.java +++ /dev/null @@ -1,22 +0,0 @@ -package org.eclipse.digitaltwin.basyx.keycloak.initializer; - -import org.keycloak.Config; -import org.keycloak.models.KeycloakSession; -import org.keycloak.provider.Provider; -import org.keycloak.provider.ProviderFactory; - -public interface InitializerProviderFactory extends ProviderFactory, Provider { - - @Override - default Provider create(KeycloakSession session) { - return null; - } - - @Override - default void init(Config.Scope config) { - } - - @Override - default void close() { - } -} diff --git a/ci/keycloak/initializer/src/main/java/org/eclipse/digitaltwin/basyx/keycloak/initializer/InitializerSpi.java b/ci/keycloak/initializer/src/main/java/org/eclipse/digitaltwin/basyx/keycloak/initializer/InitializerSpi.java deleted file mode 100644 index 67da7d22c..000000000 --- a/ci/keycloak/initializer/src/main/java/org/eclipse/digitaltwin/basyx/keycloak/initializer/InitializerSpi.java +++ /dev/null @@ -1,29 +0,0 @@ -package org.eclipse.digitaltwin.basyx.keycloak.initializer; - -import com.google.auto.service.AutoService; -import org.keycloak.provider.Provider; -import org.keycloak.provider.ProviderFactory; -import org.keycloak.provider.Spi; - -@AutoService(Spi.class) -public class InitializerSpi implements Spi { - @Override - public boolean isInternal() { - return true; - } - - @Override - public String getName() { - return "initializer"; - } - - @Override - public Class getProviderClass() { - return Provider.class; - } - - @Override - public Class> getProviderFactoryClass() { - return InitializerProviderFactory.class; - } -} diff --git a/ci/keycloak/initializer/src/main/java/org/eclipse/digitaltwin/basyx/keycloak/initializer/realm/IssuerInitializerProvider.java b/ci/keycloak/initializer/src/main/java/org/eclipse/digitaltwin/basyx/keycloak/initializer/realm/IssuerInitializerProvider.java deleted file mode 100644 index 8ad4f8edf..000000000 --- a/ci/keycloak/initializer/src/main/java/org/eclipse/digitaltwin/basyx/keycloak/initializer/realm/IssuerInitializerProvider.java +++ /dev/null @@ -1,83 +0,0 @@ -package org.eclipse.digitaltwin.basyx.keycloak.initializer.realm; - -import static net.bytebuddy.matcher.ElementMatchers.isDeclaredBy; -import static net.bytebuddy.matcher.ElementMatchers.named; -import static net.bytebuddy.matcher.ElementMatchers.returns; - -import java.net.URI; -import java.net.URISyntaxException; -import java.util.List; - -import org.eclipse.digitaltwin.basyx.keycloak.initializer.InitializerProviderFactory; -import org.keycloak.Config; -import org.keycloak.models.KeycloakSessionFactory; -import org.keycloak.provider.ProviderConfigProperty; -import org.keycloak.provider.ProviderConfigurationBuilder; -import org.keycloak.services.Urls; -import org.keycloak.services.validation.Validation; - -import com.google.auto.service.AutoService; - -import net.bytebuddy.ByteBuddy; -import net.bytebuddy.agent.ByteBuddyAgent; -import net.bytebuddy.dynamic.loading.ClassReloadingStrategy; -import net.bytebuddy.implementation.MethodDelegation; - -@AutoService(InitializerProviderFactory.class) -public class IssuerInitializerProvider implements InitializerProviderFactory { - - public static final String PROVIDER_ID = "issuer"; - - private static final String CONFIG_ATTR_BASE_URI = "base-uri"; - - private static String issuerBaseUri; - - private static final org.slf4j.Logger log = org.slf4j.LoggerFactory.getLogger(IssuerInitializerProvider.class); - - @Override - public String getId() { - return PROVIDER_ID; - } - - @Override - public void init(Config.Scope config) { - issuerBaseUri = config.get(CONFIG_ATTR_BASE_URI); - if (!Validation.isBlank(issuerBaseUri)) { - log.info("Issuer BaseURI fixed value: {}", issuerBaseUri); - } else { - log.info("Issuer BaseURI is blank"); - } - } - - @Override - public void postInit(KeycloakSessionFactory factory) { - ByteBuddyAgent.install(); - new ByteBuddy() - .redefine(Urls.class) - .method(named("realmIssuer").and(isDeclaredBy(Urls.class).and(returns(String.class)))) - .intercept(MethodDelegation.to(this.getClass())) - .make() - .load(Urls.class.getClassLoader(), ClassReloadingStrategy.fromInstalledAgent()); - } - - public static String realmIssuer(URI baseUri, String realmName) { - try { - baseUri = new URI(issuerBaseUri); - } catch (URISyntaxException | NullPointerException ignored) { - } - return Urls.realmBase(baseUri).path("{realm}").build(realmName).toString(); - } - - @Override - public List getConfigMetadata() { - return ProviderConfigurationBuilder.create() - .property() - .name(CONFIG_ATTR_BASE_URI) - .type(ProviderConfigProperty.STRING_TYPE) - .helpText("The baseUri to use for the issuer of this server. Keep empty, if the regular hostname settings should be used.") - .add() - .build(); - } -} - - diff --git a/ci/keycloak/initializer/src/main/resources/log4j.properties b/ci/keycloak/initializer/src/main/resources/log4j.properties deleted file mode 100644 index 05fb2da9e..000000000 --- a/ci/keycloak/initializer/src/main/resources/log4j.properties +++ /dev/null @@ -1,8 +0,0 @@ -# Root Logger -log4j.rootLogger=INFO, stdout - -# Direct log messages to stdout -log4j.appender.stdout=org.apache.log4j.ConsoleAppender -log4j.appender.stdout.Target=System.out -log4j.appender.stdout.layout=org.apache.log4j.PatternLayout -log4j.appender.stdout.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n \ No newline at end of file From a3508b9201aa58908e7056abec6d4503a1b75cea Mon Sep 17 00:00:00 2001 From: geso02 Date: Tue, 29 Apr 2025 14:15:24 +0200 Subject: [PATCH 5/8] Update aas environment test --- .../client/TestAuthorizedConnectedAasEnvironment.java | 2 +- .../client/TestAuthorizedConnectedAasManager.java | 4 ++-- .../src/test/resources/application-authorization.properties | 2 +- .../internal/AssetAdministrationShellRepositoryApi.java | 1 - 4 files changed, 4 insertions(+), 5 deletions(-) diff --git a/basyx.aasenvironment/basyx.aasenvironment-client/src/test/java/org/eclipse/digitaltwin/basyx/aasenvironment/client/TestAuthorizedConnectedAasEnvironment.java b/basyx.aasenvironment/basyx.aasenvironment-client/src/test/java/org/eclipse/digitaltwin/basyx/aasenvironment/client/TestAuthorizedConnectedAasEnvironment.java index 1167b03d1..d53ad9fd6 100644 --- a/basyx.aasenvironment/basyx.aasenvironment-client/src/test/java/org/eclipse/digitaltwin/basyx/aasenvironment/client/TestAuthorizedConnectedAasEnvironment.java +++ b/basyx.aasenvironment/basyx.aasenvironment-client/src/test/java/org/eclipse/digitaltwin/basyx/aasenvironment/client/TestAuthorizedConnectedAasEnvironment.java @@ -93,7 +93,7 @@ public static void cleanUpContext() { @Before public void setup() throws IOException { - TokenManager mockTokenManager = new TokenManager("http://localhost:9096/realms/BaSyx/protocol/openid-connect/token", new ClientCredentialAccessTokenProvider(new ClientCredential("workstation-1", "nY0mjyECF60DGzNmQUjL81XurSl8etom"))); + TokenManager mockTokenManager = new TokenManager("http://localhost:9098/realms/BaSyx/protocol/openid-connect/token", new ClientCredentialAccessTokenProvider(new ClientCredential("workstation-1", "nY0mjyECF60DGzNmQUjL81XurSl8etom"))); aasEnvironment = new AuthorizedConnectedAasEnvironment(mockTokenManager); } diff --git a/basyx.aasenvironment/basyx.aasenvironment-client/src/test/java/org/eclipse/digitaltwin/basyx/aasenvironment/client/TestAuthorizedConnectedAasManager.java b/basyx.aasenvironment/basyx.aasenvironment-client/src/test/java/org/eclipse/digitaltwin/basyx/aasenvironment/client/TestAuthorizedConnectedAasManager.java index 98ca90893..7d1cffb01 100644 --- a/basyx.aasenvironment/basyx.aasenvironment-client/src/test/java/org/eclipse/digitaltwin/basyx/aasenvironment/client/TestAuthorizedConnectedAasManager.java +++ b/basyx.aasenvironment/basyx.aasenvironment-client/src/test/java/org/eclipse/digitaltwin/basyx/aasenvironment/client/TestAuthorizedConnectedAasManager.java @@ -63,8 +63,8 @@ public class TestAuthorizedConnectedAasManager extends TestConnectedAasManager { protected final static String AAS_REGISTRY_BASE_PATH = "http://localhost:8051"; protected final static String SM_REGISTRY_BASE_PATH = "http://localhost:8061"; - private final static TokenManager TOKEN_MANAGER = new TokenManager("http://localhost:9096/realms/BaSyx/protocol/openid-connect/token", new ClientCredentialAccessTokenProvider(new ClientCredential("workstation-1", "nY0mjyECF60DGzNmQUjL81XurSl8etom"))); - private final static TokenManager TOKEN_MANAGER_REGISTRY = new TokenManager("http://localhost:9097/realms/BaSyx/protocol/openid-connect/token", new ClientCredentialAccessTokenProvider(new ClientCredential("workstation-1", "nY0mjyECF60DGzNmQUjL81XurSl8etom"))); + private final static TokenManager TOKEN_MANAGER = new TokenManager("http://localhost:9098/realms/BaSyx/protocol/openid-connect/token", new ClientCredentialAccessTokenProvider(new ClientCredential("workstation-1", "nY0mjyECF60DGzNmQUjL81XurSl8etom"))); + private final static TokenManager TOKEN_MANAGER_REGISTRY = new TokenManager("http://localhost/realms/BaSyx/protocol/openid-connect/token", new ClientCredentialAccessTokenProvider(new ClientCredential("workstation-1", "nY0mjyECF60DGzNmQUjL81XurSl8etom"))); private static AuthorizedConnectedAasRepository connectedAasRepository; private static AuthorizedConnectedSubmodelRepository connectedSmRepository; diff --git a/basyx.aasenvironment/basyx.aasenvironment-client/src/test/resources/application-authorization.properties b/basyx.aasenvironment/basyx.aasenvironment-client/src/test/resources/application-authorization.properties index ce03007f1..09894191f 100644 --- a/basyx.aasenvironment/basyx.aasenvironment-client/src/test/resources/application-authorization.properties +++ b/basyx.aasenvironment/basyx.aasenvironment-client/src/test/resources/application-authorization.properties @@ -37,7 +37,7 @@ basyx.feature.authorization.enabled = true basyx.feature.authorization.type = rbac basyx.feature.authorization.jwtBearerTokenProvider = keycloak basyx.feature.authorization.rbac.file = classpath:rbac_rules.json -spring.security.oauth2.resourceserver.jwt.issuer-uri= http://localhost:9096/realms/BaSyx +spring.security.oauth2.resourceserver.jwt.issuer-uri= http://localhost:9098/realms/BaSyx #################################################################################### # Operation Delegation diff --git a/basyx.aasrepository/basyx.aasrepository-client/src/main/java/org/eclipse/digitaltwin/basyx/aasrepository/client/internal/AssetAdministrationShellRepositoryApi.java b/basyx.aasrepository/basyx.aasrepository-client/src/main/java/org/eclipse/digitaltwin/basyx/aasrepository/client/internal/AssetAdministrationShellRepositoryApi.java index 8474b933b..2eac185a5 100644 --- a/basyx.aasrepository/basyx.aasrepository-client/src/main/java/org/eclipse/digitaltwin/basyx/aasrepository/client/internal/AssetAdministrationShellRepositoryApi.java +++ b/basyx.aasrepository/basyx.aasrepository-client/src/main/java/org/eclipse/digitaltwin/basyx/aasrepository/client/internal/AssetAdministrationShellRepositoryApi.java @@ -1089,7 +1089,6 @@ private void addAuthorizationHeaderIfAuthIsEnabled(HttpRequest.Builder localVarR try { localVarRequestBuilder.header("Authorization", "Bearer " + tokenManager.getAccessToken()); } catch (IOException e) { - e.printStackTrace(); throw new AccessTokenRetrievalException("Unable to request access token"); } } From 4488c559c1d4b8fb1782fda83b96f769c6816fc3 Mon Sep 17 00:00:00 2001 From: geso02 Date: Tue, 29 Apr 2025 14:33:30 +0200 Subject: [PATCH 6/8] Trigger build --- .../integration/AuthorizedAasRepositoryRegistryLinkTest.java | 1 - 1 file changed, 1 deletion(-) diff --git a/basyx.aasrepository/basyx.aasrepository-feature-registry-integration/src/test/java/org/eclipse/digitaltwin/basyx/aasrepository/feature/registry/integration/AuthorizedAasRepositoryRegistryLinkTest.java b/basyx.aasrepository/basyx.aasrepository-feature-registry-integration/src/test/java/org/eclipse/digitaltwin/basyx/aasrepository/feature/registry/integration/AuthorizedAasRepositoryRegistryLinkTest.java index c21282c61..44749a7b5 100644 --- a/basyx.aasrepository/basyx.aasrepository-feature-registry-integration/src/test/java/org/eclipse/digitaltwin/basyx/aasrepository/feature/registry/integration/AuthorizedAasRepositoryRegistryLinkTest.java +++ b/basyx.aasrepository/basyx.aasrepository-feature-registry-integration/src/test/java/org/eclipse/digitaltwin/basyx/aasrepository/feature/registry/integration/AuthorizedAasRepositoryRegistryLinkTest.java @@ -84,7 +84,6 @@ public void sendUnauthorizedRequest() throws IOException { ApiException exception = assertThrows(ApiException.class, () -> { registryApi.postAssetAdministrationShellDescriptor(descriptor); }); - assertEquals(HttpStatus.UNAUTHORIZED.value(), exception.getCode()); } From 51aa6098fa6b550753b569b0ed999bf1e2e7c95e Mon Sep 17 00:00:00 2001 From: geso02 Date: Tue, 29 Apr 2025 14:43:24 +0200 Subject: [PATCH 7/8] Update submodel service example --- .../example/auth/application-rbac.yml | 2 +- .../example/docker-compose.yml | 47 +- .../example/keycloak/realm/BaSyx-realm.json | 3036 +++++++++++++++++ .../example/run-security-test.sh | 2 +- 4 files changed, 3069 insertions(+), 18 deletions(-) create mode 100644 basyx.submodelservice/basyx.submodelservice.component/example/keycloak/realm/BaSyx-realm.json diff --git a/basyx.submodelservice/basyx.submodelservice.component/example/auth/application-rbac.yml b/basyx.submodelservice/basyx.submodelservice.component/example/auth/application-rbac.yml index 9126c631a..abec0f61d 100644 --- a/basyx.submodelservice/basyx.submodelservice.component/example/auth/application-rbac.yml +++ b/basyx.submodelservice/basyx.submodelservice.component/example/auth/application-rbac.yml @@ -11,4 +11,4 @@ spring: oauth2: resourceserver: jwt: - issuer-uri: http://keycloak:9102/realms/BaSyx \ No newline at end of file + issuer-uri: http://keycloak.basyx.localhost/realms/BaSyx \ No newline at end of file diff --git a/basyx.submodelservice/basyx.submodelservice.component/example/docker-compose.yml b/basyx.submodelservice/basyx.submodelservice.component/example/docker-compose.yml index 14c84aae8..adcf26458 100644 --- a/basyx.submodelservice/basyx.submodelservice.component/example/docker-compose.yml +++ b/basyx.submodelservice/basyx.submodelservice.component/example/docker-compose.yml @@ -3,6 +3,21 @@ networks: driver: bridge services: + + # nginx reverse proxy to support dns lookup + nginx-proxy: + image: nginxproxy/nginx-proxy:1.6.0-alpine + container_name: proxy + restart: always + ports: + - "80:80" + volumes: + - /var/run/docker.sock:/tmp/docker.sock:ro + environment: + DEFAULT_HOST: keycloak.basyx.localhost + networks: + - auth + submodel-service: image: eclipsebasyx/submodel-service:${REVISION} container_name: submodel-service @@ -23,12 +38,13 @@ services: - ./sources/:/application/sources/:ro - ./jars/HelloWorld.jar:/application/jars/HelloWorld.jar:ro - ./application-mappings.yml:/application/config/application-mappings.yml/:ro + submodel-service-auth: image: eclipsebasyx/submodel-service:${REVISION} container_name: submodel-service-auth pull_policy: missing - # extra_hosts: - # - "host.docker.internal:host-gateway" + extra_hosts: + - "keycloak.basyx.localhost:host-gateway" environment: # add the mounted jar file file:submodel.json or submodel.json BASYX_SUBMODELSERVICE_SUBMODEL_FILE: submodel.json @@ -55,24 +71,23 @@ services: condition: service_completed_successfully keycloak: - image: test/keycloak-submodel:24.0.4 - build: - context: ../../../ci/keycloak - dockerfile: Dockerfile.keycloak + image: keycloak/keycloak:24.0.4 container_name: keycloak - command: ["start-dev", "--import-realm"] - ports: - - 9102:9102 environment: - KC_HTTP_PORT: 9102 - KC_HTTP_ENABLED: "true" - KC_HTTPS_ENABLED: "false" - KC_HEALTH_ENABLED: "true" - KC_HOSTNAME: localhost - KC_SPI_INITIALIZER_ISSUER_BASE_URI: http://keycloak:9102 + VIRTUAL_HOST: keycloak.basyx.localhost + VIRTUAL_PORT: "8080" + KC_HOSTNAME: keycloak.basyx.localhost KEYCLOAK_ADMIN: admin KEYCLOAK_ADMIN_PASSWORD: keycloak-admin + KC_HTTP_ENABLED: "true" + KC_HTTPS_ENABLED: "false" + KC_HEALTH_ENABLED: "true" KC_IMPORT: /opt/keycloak/data/import/ + command: ["start-dev", "--import-realm"] + ports: + - 9097:8080 + volumes: + - ./keycloak/realm:/opt/keycloak/data/import networks: - auth @@ -81,7 +96,7 @@ services: command: > sh -c " echo 'Waiting for Keycloak to become ready...'; - until curl -sf http://keycloak:9102/health/ready; do + until curl -sf http://keycloak:8080/health/ready; do sleep 5; done; echo 'Keycloak is ready!'" diff --git a/basyx.submodelservice/basyx.submodelservice.component/example/keycloak/realm/BaSyx-realm.json b/basyx.submodelservice/basyx.submodelservice.component/example/keycloak/realm/BaSyx-realm.json new file mode 100644 index 000000000..cd61dff78 --- /dev/null +++ b/basyx.submodelservice/basyx.submodelservice.component/example/keycloak/realm/BaSyx-realm.json @@ -0,0 +1,3036 @@ +{ + "id" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570", + "realm" : "BaSyx", + "notBefore" : 0, + "defaultSignatureAlgorithm" : "RS256", + "revokeRefreshToken" : false, + "refreshTokenMaxReuse" : 0, + "accessTokenLifespan" : 300, + "accessTokenLifespanForImplicitFlow" : 900, + "ssoSessionIdleTimeout" : 1800, + "ssoSessionMaxLifespan" : 36000, + "ssoSessionIdleTimeoutRememberMe" : 0, + "ssoSessionMaxLifespanRememberMe" : 0, + "offlineSessionIdleTimeout" : 2592000, + "offlineSessionMaxLifespanEnabled" : false, + "offlineSessionMaxLifespan" : 5184000, + "clientSessionIdleTimeout" : 0, + "clientSessionMaxLifespan" : 0, + "clientOfflineSessionIdleTimeout" : 0, + "clientOfflineSessionMaxLifespan" : 0, + "accessCodeLifespan" : 60, + "accessCodeLifespanUserAction" : 300, + "accessCodeLifespanLogin" : 1800, + "actionTokenGeneratedByAdminLifespan" : 43200, + "actionTokenGeneratedByUserLifespan" : 300, + "oauth2DeviceCodeLifespan" : 600, + "oauth2DevicePollingInterval" : 5, + "enabled" : true, + "sslRequired" : "external", + "registrationAllowed" : false, + "registrationEmailAsUsername" : false, + "rememberMe" : false, + "verifyEmail" : false, + "loginWithEmailAllowed" : true, + "duplicateEmailsAllowed" : false, + "resetPasswordAllowed" : false, + "editUsernameAllowed" : false, + "bruteForceProtected" : false, + "permanentLockout" : false, + "maxTemporaryLockouts" : 0, + "maxFailureWaitSeconds" : 900, + "minimumQuickLoginWaitSeconds" : 60, + "waitIncrementSeconds" : 60, + "quickLoginCheckMilliSeconds" : 1000, + "maxDeltaTimeSeconds" : 43200, + "failureFactor" : 30, + "roles" : { + "realm" : [ { + "id" : "efe8c80d-bcd5-4a3c-91a0-a397a80d1d52", + "name" : "basyx-updater-two", + "description" : "", + "composite" : false, + "clientRole" : false, + "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570", + "attributes" : { } + }, { + "id" : "9b70ce9b-1b39-4f5a-893d-9f8956cf5dad", + "name" : "basyx-reader-serialization-two", + "description" : "", + "composite" : false, + "clientRole" : false, + "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570", + "attributes" : { } + }, { + "id" : "4bbc59ce-901e-49b9-adeb-0511469595df", + "name" : "basyx-aas-discoverer", + "description" : "", + "composite" : false, + "clientRole" : false, + "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570", + "attributes" : { } + }, { + "id" : "52e7db01-dd27-4589-a530-ec8491bd2026", + "name" : "basyx-assetid-deleter", + "description" : "", + "composite" : false, + "clientRole" : false, + "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570", + "attributes" : { } + }, { + "id" : "20c8f106-d2fb-422d-9045-22b28151f792", + "name" : "basyx-sme-reader-two", + "description" : "", + "composite" : false, + "clientRole" : false, + "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570", + "attributes" : { } + }, { + "id" : "14dd6864-bcbd-46c3-b9b6-269ce036badc", + "name" : "basyx-uploader-three", + "description" : "", + "composite" : false, + "clientRole" : false, + "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570", + "attributes" : { } + }, { + "id" : "502bc902-9de6-4552-98b0-55187b847272", + "name" : "user", + "description" : "", + "composite" : true, + "composites" : { + "client" : { + "basyx-client-api" : [ "basyx-user" ] + } + }, + "clientRole" : false, + "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570", + "attributes" : { } + }, { + "id" : "d3323aef-0e1f-4ec0-ba54-e0b3f9a897eb", + "name" : "basyx-assetid-discoverer", + "description" : "", + "composite" : false, + "clientRole" : false, + "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570", + "attributes" : { } + }, { + "id" : "43a09e41-bcfb-429b-8675-eaf116ad4f1f", + "name" : "basyx-updater", + "description" : "", + "composite" : false, + "clientRole" : false, + "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570", + "attributes" : { } + }, { + "id" : "4028f02d-3ee1-4c18-9b6a-a22c8bda51de", + "name" : "basyx-sme-updater", + "description" : "", + "composite" : false, + "clientRole" : false, + "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570", + "attributes" : { } + }, { + "id" : "6ce3248b-7c14-42b4-9cbc-e1237851d778", + "name" : "basyx-creator", + "description" : "", + "composite" : false, + "clientRole" : false, + "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570", + "attributes" : { } + }, { + "id" : "5702a4dd-4ccb-44b1-805d-fd9b1c333492", + "name" : "basyx-sme-updater-two", + "description" : "", + "composite" : false, + "clientRole" : false, + "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570", + "attributes" : { } + }, { + "id" : "5ad9c765-2075-4cc4-b41e-c1b11cd544c4", + "name" : "uma_authorization", + "description" : "${role_uma_authorization}", + "composite" : false, + "clientRole" : false, + "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570", + "attributes" : { } + }, { + "id" : "797d2956-a895-4171-ab44-2fc9dbcf7f4c", + "name" : "default-roles-basyx", + "description" : "${role_default-roles}", + "composite" : true, + "composites" : { + "realm" : [ "offline_access", "uma_authorization" ], + "client" : { + "account" : [ "view-profile", "manage-account" ] + } + }, + "clientRole" : false, + "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570", + "attributes" : { } + }, { + "id" : "94394113-64a8-4cd1-9212-5a0cd955187b", + "name" : "basyx-asset-updater", + "description" : "", + "composite" : false, + "clientRole" : false, + "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570", + "attributes" : { } + }, { + "id" : "f9df352e-269d-4a5d-a263-105d8ab3ae52", + "name" : "basyx-reader", + "description" : "", + "composite" : false, + "clientRole" : false, + "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570", + "attributes" : { } + }, { + "id" : "469ec431-9a4f-4d87-80fe-cf2c7bbd5d37", + "name" : "basyx-reader-serialization", + "description" : "", + "composite" : false, + "clientRole" : false, + "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570", + "attributes" : { } + }, { + "id" : "b70c22a9-e17e-4914-ae43-2752bafe356a", + "name" : "basyx-asset-updater-two", + "description" : "", + "composite" : false, + "clientRole" : false, + "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570", + "attributes" : { } + }, { + "id" : "a537120f-8ccc-47a8-a1a7-9229d72561e5", + "name" : "READ", + "description" : "", + "composite" : false, + "clientRole" : false, + "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570", + "attributes" : { } + }, { + "id" : "ebf827ce-862a-413b-afb3-5ad410ddf4ac", + "name" : "admin", + "description" : "", + "composite" : true, + "composites" : { + "client" : { + "basyx-client-api" : [ "basyx-admin" ] + } + }, + "clientRole" : false, + "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570", + "attributes" : { } + }, { + "id" : "32b591a9-55ed-4940-a7ad-efb3c40c3d38", + "name" : "basyx-executor-two", + "description" : "", + "composite" : false, + "clientRole" : false, + "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570", + "attributes" : { } + }, { + "id" : "7b698a18-f272-4178-a6a2-d09e714c488e", + "name" : "basyx-uploader-two", + "description" : "", + "composite" : false, + "clientRole" : false, + "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570", + "attributes" : { } + }, { + "id" : "09fa63ab-86ae-40bb-9497-56ee46070200", + "name" : "basyx-sme-reader", + "description" : "", + "composite" : false, + "clientRole" : false, + "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570", + "attributes" : { } + }, { + "id" : "7065a5d2-3ab5-471a-be8c-cda64b6ce319", + "name" : "basyx-uploader", + "description" : "", + "composite" : false, + "clientRole" : false, + "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570", + "attributes" : { } + }, { + "id" : "012af7ea-5eb7-4156-929a-acbae548e105", + "name" : "basyx-deleter", + "description" : "", + "composite" : false, + "clientRole" : false, + "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570", + "attributes" : { } + }, { + "id" : "53212b19-655b-4e13-ad31-ec8c7d43d35d", + "name" : "basyx-deleter-two", + "description" : "", + "composite" : false, + "clientRole" : false, + "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570", + "attributes" : { } + }, { + "id" : "2d2873a1-e636-46b2-bc89-5d8ca3fcde9e", + "name" : "basyx-executor", + "description" : "", + "composite" : false, + "clientRole" : false, + "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570", + "attributes" : { } + }, { + "id" : "7a2111c1-7d1f-4b41-a0de-bfe314b73b72", + "name" : "offline_access", + "description" : "${role_offline-access}", + "composite" : false, + "clientRole" : false, + "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570", + "attributes" : { } + }, { + "id" : "05885c8f-e81f-47fa-bf47-c07153fc7b1b", + "name" : "basyx-file-sme-reader", + "description" : "", + "composite" : false, + "clientRole" : false, + "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570", + "attributes" : { } + }, { + "id" : "5b5d0f1e-777f-4342-8128-b9eff69aed17", + "name" : "maintainer", + "description" : "", + "composite" : false, + "clientRole" : false, + "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570", + "attributes" : { } + }, { + "id" : "afb72d5e-0841-452d-b3e0-5268dcba4c2a", + "name" : "visitor", + "description" : "", + "composite" : false, + "clientRole" : false, + "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570", + "attributes" : { } + }, { + "id" : "b007c30e-c4bc-46ad-b72f-8ce67ec129fd", + "name" : "basyx-assetid-creator", + "description" : "", + "composite" : false, + "clientRole" : false, + "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570", + "attributes" : { } + }, { + "id" : "50fb06f4-fe2d-46d8-b02c-5f5c409e4ce5", + "name" : "basyx-file-sme-updater", + "description" : "", + "composite" : false, + "clientRole" : false, + "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570", + "attributes" : { } + }, { + "id" : "905eadf9-8b63-4503-9022-2f33daaa3372", + "name" : "basyx-reader-two", + "description" : "", + "composite" : false, + "clientRole" : false, + "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570", + "attributes" : { } + }, { + "id" : "a0dfe40a-8ec0-492c-a2c4-fa0ff9275918", + "name" : "basyx-sme-updater-three", + "description" : "", + "composite" : false, + "clientRole" : false, + "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570", + "attributes" : { } + } ], + "client" : { + "realm-management" : [ { + "id" : "1752f599-6520-4588-9a85-75049a5f4ea7", + "name" : "query-clients", + "description" : "${role_query-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "205e3c12-0af6-4d19-8eb4-d660d854ee43", + "attributes" : { } + }, { + "id" : "33fd6cb3-2c41-4d41-87c7-56dece25892c", + "name" : "create-client", + "description" : "${role_create-client}", + "composite" : false, + "clientRole" : true, + "containerId" : "205e3c12-0af6-4d19-8eb4-d660d854ee43", + "attributes" : { } + }, { + "id" : "c083167e-2b27-4860-9117-07d01eaf9d28", + "name" : "view-clients", + "description" : "${role_view-clients}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "query-clients" ] + } + }, + "clientRole" : true, + "containerId" : "205e3c12-0af6-4d19-8eb4-d660d854ee43", + "attributes" : { } + }, { + "id" : "88458e07-82e7-4e8e-a262-4c2e271dfe9c", + "name" : "manage-identity-providers", + "description" : "${role_manage-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "205e3c12-0af6-4d19-8eb4-d660d854ee43", + "attributes" : { } + }, { + "id" : "940a767e-8370-4ef4-aec4-c616393b3ff5", + "name" : "manage-realm", + "description" : "${role_manage-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "205e3c12-0af6-4d19-8eb4-d660d854ee43", + "attributes" : { } + }, { + "id" : "33c113a8-2aa6-4f0a-a0fe-80f6c74e691d", + "name" : "manage-authorization", + "description" : "${role_manage-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "205e3c12-0af6-4d19-8eb4-d660d854ee43", + "attributes" : { } + }, { + "id" : "8db1ccc7-4484-4d98-a32e-1125487bbfa7", + "name" : "view-realm", + "description" : "${role_view-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "205e3c12-0af6-4d19-8eb4-d660d854ee43", + "attributes" : { } + }, { + "id" : "70a4bece-8b1e-4f3e-86b9-56f56851880f", + "name" : "query-users", + "description" : "${role_query-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "205e3c12-0af6-4d19-8eb4-d660d854ee43", + "attributes" : { } + }, { + "id" : "f4acf86a-1877-4c8d-ab97-d30941ab1952", + "name" : "impersonation", + "description" : "${role_impersonation}", + "composite" : false, + "clientRole" : true, + "containerId" : "205e3c12-0af6-4d19-8eb4-d660d854ee43", + "attributes" : { } + }, { + "id" : "46693e69-db27-4e94-a4a4-8e4e14cc3cd4", + "name" : "view-authorization", + "description" : "${role_view-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "205e3c12-0af6-4d19-8eb4-d660d854ee43", + "attributes" : { } + }, { + "id" : "206be815-72c8-40ab-a4cd-7020d1f72942", + "name" : "manage-events", + "description" : "${role_manage-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "205e3c12-0af6-4d19-8eb4-d660d854ee43", + "attributes" : { } + }, { + "id" : "e1cf18c5-6635-4f1d-8efa-d86c609515d8", + "name" : "query-groups", + "description" : "${role_query-groups}", + "composite" : false, + "clientRole" : true, + "containerId" : "205e3c12-0af6-4d19-8eb4-d660d854ee43", + "attributes" : { } + }, { + "id" : "3ec28e2e-89f8-46af-8655-fde414a9bd28", + "name" : "manage-users", + "description" : "${role_manage-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "205e3c12-0af6-4d19-8eb4-d660d854ee43", + "attributes" : { } + }, { + "id" : "44e2e3d4-1501-4490-adbf-5376e0d8ce17", + "name" : "query-realms", + "description" : "${role_query-realms}", + "composite" : false, + "clientRole" : true, + "containerId" : "205e3c12-0af6-4d19-8eb4-d660d854ee43", + "attributes" : { } + }, { + "id" : "add14c5f-311c-42f3-9595-2fe7c36d6c2b", + "name" : "view-events", + "description" : "${role_view-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "205e3c12-0af6-4d19-8eb4-d660d854ee43", + "attributes" : { } + }, { + "id" : "7ba6fa14-a7a0-4072-9a7c-247c5df3e60f", + "name" : "realm-admin", + "description" : "${role_realm-admin}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "query-clients", "create-client", "view-clients", "manage-identity-providers", "manage-realm", "manage-authorization", "view-realm", "query-users", "impersonation", "view-authorization", "manage-events", "query-groups", "manage-users", "query-realms", "view-events", "view-identity-providers", "manage-clients", "view-users" ] + } + }, + "clientRole" : true, + "containerId" : "205e3c12-0af6-4d19-8eb4-d660d854ee43", + "attributes" : { } + }, { + "id" : "978756e4-01e3-4fee-b0aa-b291e7a4d8d8", + "name" : "view-identity-providers", + "description" : "${role_view-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "205e3c12-0af6-4d19-8eb4-d660d854ee43", + "attributes" : { } + }, { + "id" : "0ccfa96c-7e90-43b3-ba58-cb70b42456ca", + "name" : "manage-clients", + "description" : "${role_manage-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "205e3c12-0af6-4d19-8eb4-d660d854ee43", + "attributes" : { } + }, { + "id" : "440c9f2a-5b40-4971-a9e6-044a118561ba", + "name" : "view-users", + "description" : "${role_view-users}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "query-groups", "query-users" ] + } + }, + "clientRole" : true, + "containerId" : "205e3c12-0af6-4d19-8eb4-d660d854ee43", + "attributes" : { } + } ], + "basyx-client-api" : [ { + "id" : "2dd4b9b1-748f-43f3-b62b-048c92ae79d1", + "name" : "basyx-creator", + "description" : "", + "composite" : false, + "clientRole" : true, + "containerId" : "3fb3e5e5-dbd8-4d51-b964-746c5b2181a4", + "attributes" : { } + }, { + "id" : "ba077409-1b5d-4fc8-b20e-10389507fb75", + "name" : "basyx-admin", + "description" : "", + "composite" : false, + "clientRole" : true, + "containerId" : "3fb3e5e5-dbd8-4d51-b964-746c5b2181a4", + "attributes" : { } + }, { + "id" : "05ca5b90-4eda-4a58-a724-bfc61d1c4a05", + "name" : "basyx-user", + "description" : "", + "composite" : false, + "clientRole" : true, + "containerId" : "3fb3e5e5-dbd8-4d51-b964-746c5b2181a4", + "attributes" : { } + } ], + "basyx-web-ui" : [ ], + "security-admin-console" : [ ], + "admin-cli" : [ ], + "account-console" : [ ], + "broker" : [ { + "id" : "30909060-d910-4a45-8bcc-059768731492", + "name" : "read-token", + "description" : "${role_read-token}", + "composite" : false, + "clientRole" : true, + "containerId" : "45f21c3d-4e85-466f-984f-d7bd47392453", + "attributes" : { } + } ], + "account" : [ { + "id" : "5b81c2c9-2460-4b8a-abd8-a685292eb7ce", + "name" : "manage-account-links", + "description" : "${role_manage-account-links}", + "composite" : false, + "clientRole" : true, + "containerId" : "049e1323-6efb-4543-bc52-566cd292732a", + "attributes" : { } + }, { + "id" : "74daac96-8775-4666-8e13-070049c6d8e7", + "name" : "view-profile", + "description" : "${role_view-profile}", + "composite" : false, + "clientRole" : true, + "containerId" : "049e1323-6efb-4543-bc52-566cd292732a", + "attributes" : { } + }, { + "id" : "d9580b03-2736-46cc-97ab-d2f62301df1d", + "name" : "view-groups", + "description" : "${role_view-groups}", + "composite" : false, + "clientRole" : true, + "containerId" : "049e1323-6efb-4543-bc52-566cd292732a", + "attributes" : { } + }, { + "id" : "bf835a6b-c6f6-47a2-9e2b-c082cbba801c", + "name" : "delete-account", + "description" : "${role_delete-account}", + "composite" : false, + "clientRole" : true, + "containerId" : "049e1323-6efb-4543-bc52-566cd292732a", + "attributes" : { } + }, { + "id" : "d862864d-24af-4dac-b35d-b27e4c5bd081", + "name" : "manage-account", + "description" : "${role_manage-account}", + "composite" : true, + "composites" : { + "client" : { + "account" : [ "manage-account-links" ] + } + }, + "clientRole" : true, + "containerId" : "049e1323-6efb-4543-bc52-566cd292732a", + "attributes" : { } + }, { + "id" : "7ccd9a2b-458b-4981-ad5f-543701dbace0", + "name" : "manage-consent", + "description" : "${role_manage-consent}", + "composite" : true, + "composites" : { + "client" : { + "account" : [ "view-consent" ] + } + }, + "clientRole" : true, + "containerId" : "049e1323-6efb-4543-bc52-566cd292732a", + "attributes" : { } + }, { + "id" : "7e16ae1b-8db3-44ea-8bfd-879e6d8ac53c", + "name" : "view-consent", + "description" : "${role_view-consent}", + "composite" : false, + "clientRole" : true, + "containerId" : "049e1323-6efb-4543-bc52-566cd292732a", + "attributes" : { } + }, { + "id" : "8c63a071-2ca5-4991-8a37-bccf7ef696b0", + "name" : "view-applications", + "description" : "${role_view-applications}", + "composite" : false, + "clientRole" : true, + "containerId" : "049e1323-6efb-4543-bc52-566cd292732a", + "attributes" : { } + } ], + "basyx-demo" : [ ], + "workstation-1" : [ { + "id" : "914a18c6-4f14-418f-99e0-bfdcf604ac01", + "name" : "uma_protection", + "composite" : false, + "clientRole" : true, + "containerId" : "96031210-9e6c-4252-a22e-e81a47e30d65", + "attributes" : { } + } ] + } + }, + "groups" : [ { + "id" : "606a14f2-6114-4fd3-9ca6-4a53514fffb9", + "name" : "BaSyxGroup", + "path" : "/BaSyxGroup", + "subGroups" : [ ], + "attributes" : { }, + "realmRoles" : [ "basyx-deleter", "basyx-creator", "basyx-asset-updater" ], + "clientRoles" : { } + } ], + "defaultRole" : { + "id" : "797d2956-a895-4171-ab44-2fc9dbcf7f4c", + "name" : "default-roles-basyx", + "description" : "${role_default-roles}", + "composite" : true, + "clientRole" : false, + "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570" + }, + "requiredCredentials" : [ "password" ], + "otpPolicyType" : "totp", + "otpPolicyAlgorithm" : "HmacSHA1", + "otpPolicyInitialCounter" : 0, + "otpPolicyDigits" : 6, + "otpPolicyLookAheadWindow" : 1, + "otpPolicyPeriod" : 30, + "otpPolicyCodeReusable" : false, + "otpSupportedApplications" : [ "totpAppFreeOTPName", "totpAppGoogleName", "totpAppMicrosoftAuthenticatorName" ], + "localizationTexts" : { }, + "webAuthnPolicyRpEntityName" : "keycloak", + "webAuthnPolicySignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyRpId" : "", + "webAuthnPolicyAttestationConveyancePreference" : "not specified", + "webAuthnPolicyAuthenticatorAttachment" : "not specified", + "webAuthnPolicyRequireResidentKey" : "not specified", + "webAuthnPolicyUserVerificationRequirement" : "not specified", + "webAuthnPolicyCreateTimeout" : 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyAcceptableAaguids" : [ ], + "webAuthnPolicyExtraOrigins" : [ ], + "webAuthnPolicyPasswordlessRpEntityName" : "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyPasswordlessRpId" : "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified", + "webAuthnPolicyPasswordlessCreateTimeout" : 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ], + "webAuthnPolicyPasswordlessExtraOrigins" : [ ], + "users" : [ { + "id" : "856b093b-ef9f-4bd0-92ca-662f680c73cc", + "username" : "basyx.aas.discoverer", + "firstName" : "", + "lastName" : "", + "emailVerified" : false, + "createdTimestamp" : 1713968958846, + "enabled" : true, + "totp" : false, + "credentials" : [ { + "id" : "bc4944be-c8e2-4c91-81cc-9478a0795906", + "type" : "password", + "userLabel" : "My password", + "createdDate" : 1713968969072, + "secretData" : "{\"value\":\"V1xFTsjw4G4nJY+ftBt4CavQs1d8zf0ybVtUhxQR0yg=\",\"salt\":\"XjYZbMDK9iyDdsZe2WXb6A==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "basyx-aas-discoverer", "default-roles-basyx" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "aef2b331-f694-4503-b0da-1412c77842ba", + "username" : "basyx.asset.updater", + "firstName" : "", + "lastName" : "", + "emailVerified" : false, + "createdTimestamp" : 1702179260496, + "enabled" : true, + "totp" : false, + "credentials" : [ { + "id" : "24db17af-1244-4cea-8af8-1047adcd0753", + "type" : "password", + "userLabel" : "My password", + "createdDate" : 1702179278395, + "secretData" : "{\"value\":\"YRTadONVBjE5bQjGmz2mtnr3X4IlU+4xxbmq2aBRuIo=\",\"salt\":\"wfqiItiwdM2FBYJPENkQ2A==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-basyx", "basyx-asset-updater" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "4fc75aa9-4745-4bec-846e-de5dbd665b7c", + "username" : "basyx.asset.updater.2", + "firstName" : "", + "lastName" : "", + "emailVerified" : false, + "createdTimestamp" : 1702179349503, + "enabled" : true, + "totp" : false, + "credentials" : [ { + "id" : "db64f531-b8ab-4e33-b7b9-e3ba0e3677d4", + "type" : "password", + "userLabel" : "My password", + "createdDate" : 1702179363013, + "secretData" : "{\"value\":\"6HRJw+wSlbSrf8wcAGjnn5/PnD8ARlZOnJK7p87+VOc=\",\"salt\":\"VDu0YOIlhG3WHofMj2hSeg==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "basyx-asset-updater-two", "default-roles-basyx" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "bcbd95b2-2ec4-42a6-9b1d-39dabf0454c3", + "username" : "basyx.assetid.creator", + "firstName" : "", + "lastName" : "", + "emailVerified" : false, + "createdTimestamp" : 1713969008326, + "enabled" : true, + "totp" : false, + "credentials" : [ { + "id" : "81b26fa2-4eda-45d7-a8be-4b6d64b3d813", + "type" : "password", + "userLabel" : "My password", + "createdDate" : 1713971859329, + "secretData" : "{\"value\":\"yNEw5ey4rT1a0dONFUpVe7YaNfIrobNkCdL6DZjBj1A=\",\"salt\":\"JLMeQM7gjHenb5JhfzhWQA==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "basyx-assetid-creator", "default-roles-basyx" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "2def798c-7547-42fe-8915-be493d740005", + "username" : "basyx.assetid.deleter", + "firstName" : "", + "lastName" : "", + "emailVerified" : false, + "createdTimestamp" : 1713969038565, + "enabled" : true, + "totp" : false, + "credentials" : [ { + "id" : "fa285b2c-9a2d-4400-a524-508b0a16f4c3", + "type" : "password", + "userLabel" : "My password", + "createdDate" : 1713969048116, + "secretData" : "{\"value\":\"28gYVMfDZofypgu67nmV5Kv2KrPGEFshT5tYvj+LPf8=\",\"salt\":\"ZZI9X8eR7pl7YqmgC06FYw==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "basyx-assetid-deleter", "default-roles-basyx" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "3527f121-116c-429b-bf0d-78bf4a8b5abe", + "username" : "basyx.assetid.discoverer", + "firstName" : "", + "lastName" : "", + "emailVerified" : false, + "createdTimestamp" : 1713968905507, + "enabled" : true, + "totp" : false, + "credentials" : [ { + "id" : "4f3427f8-9da2-4372-a54b-c1e54dc8da68", + "type" : "password", + "userLabel" : "My password", + "createdDate" : 1713968917922, + "secretData" : "{\"value\":\"uUOChDW0wpWybeiWSqsyqKSfLN0CWANylCjzNavInB4=\",\"salt\":\"TsyGowE4zc8gsp4wRREOAQ==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "basyx-assetid-discoverer", "default-roles-basyx" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "f48119f5-7dff-46af-b9db-3ee96cd52550", + "username" : "basyx.creator", + "firstName" : "BaSyx", + "lastName" : "creator", + "emailVerified" : false, + "createdTimestamp" : 1702032555719, + "enabled" : true, + "totp" : false, + "credentials" : [ { + "id" : "393aa50c-70ed-4676-b5d0-b4c6cf930272", + "type" : "password", + "userLabel" : "My password", + "createdDate" : 1702032714401, + "secretData" : "{\"value\":\"/TOCJJp9SrRtZnB+QxjdzJCKONo5IDy/C/H5GyhsRm8=\",\"salt\":\"2hB/91M1PTQmtp9w8ULRMQ==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "basyx-creator", "default-roles-basyx" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "40858874-f6e7-48c8-9667-d585d7c27b57", + "username" : "basyx.deleter", + "firstName" : "BaSyx", + "lastName" : "Deleter", + "emailVerified" : false, + "createdTimestamp" : 1702032602188, + "enabled" : true, + "totp" : false, + "credentials" : [ { + "id" : "ee9224dd-6277-4c3d-8d88-b595d66f25c7", + "type" : "password", + "userLabel" : "My password", + "createdDate" : 1702032741081, + "secretData" : "{\"value\":\"eQ18xAGwRazaHAdd6F+WnhIDKlFn9uTUvgrYOY8sfUg=\",\"salt\":\"0CwKlmVofsusehhhfJZExA==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "basyx-deleter", "default-roles-basyx" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "fcf7ea95-875e-42ef-afe1-f9b6008cbaf9", + "username" : "basyx.deleter.2", + "firstName" : "", + "lastName" : "", + "emailVerified" : false, + "createdTimestamp" : 1702161686852, + "enabled" : true, + "totp" : false, + "credentials" : [ { + "id" : "1b8d0b8c-1f65-43e0-9178-785533746684", + "type" : "password", + "userLabel" : "My password", + "createdDate" : 1702161714301, + "secretData" : "{\"value\":\"/iZkSX4POJyi8GuL3+fMGlPVcLkssWMTA5KWt48IeXc=\",\"salt\":\"/5sjiGBNXC4xzAHjWFJr+g==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "basyx-deleter-two", "default-roles-basyx" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "8e820205-13fa-4d61-9513-99f717c15f73", + "username" : "basyx.executor", + "firstName" : "", + "lastName" : "", + "emailVerified" : false, + "createdTimestamp" : 1705326903328, + "enabled" : true, + "totp" : false, + "credentials" : [ { + "id" : "3e891de4-74e6-46cb-840f-6681af0ce397", + "type" : "password", + "userLabel" : "My password", + "createdDate" : 1705326918687, + "secretData" : "{\"value\":\"ytSpEUoTvStjF057boJpFgx59agjUC9pJiM/mdrtc7Y=\",\"salt\":\"U30NyBIzFGYhoqC+DCuMZQ==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "basyx-executor", "default-roles-basyx" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "3d645000-277e-46f5-b421-85f1fdb064b5", + "username" : "basyx.executor.2", + "firstName" : "", + "lastName" : "", + "emailVerified" : false, + "createdTimestamp" : 1705326932748, + "enabled" : true, + "totp" : false, + "credentials" : [ { + "id" : "d21c920f-5dd0-4ce7-ad2e-737a841bb1f8", + "type" : "password", + "userLabel" : "My password", + "createdDate" : 1705326945517, + "secretData" : "{\"value\":\"uAi1tN7YY/byDS0vay77q3nlJsb9gkC5lGiB8SROcIw=\",\"salt\":\"/zhdEnnDDFvuWMT9ZzLMSA==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "basyx-executor-two", "default-roles-basyx" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "c86047c6-3ab8-4f47-86ba-b26ea80d1986", + "username" : "basyx.file.sme.reader", + "firstName" : "", + "lastName" : "", + "emailVerified" : false, + "createdTimestamp" : 1705398014689, + "enabled" : true, + "totp" : false, + "credentials" : [ { + "id" : "bd374dc3-4fec-4232-be91-a3f5608e373e", + "type" : "password", + "userLabel" : "My password", + "createdDate" : 1705398026388, + "secretData" : "{\"value\":\"3p7BdFuY8JBRDaoD0Lv2i3N2XCvuM7mt5tUhdyJ+sRA=\",\"salt\":\"3+GFcXL0EAlfjmP3CwtpLg==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "basyx-file-sme-reader", "default-roles-basyx" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "da7acf36-1574-4c0a-aa5b-65829a512b60", + "username" : "basyx.file.sme.updater", + "firstName" : "", + "lastName" : "", + "emailVerified" : false, + "createdTimestamp" : 1705398962710, + "enabled" : true, + "totp" : false, + "credentials" : [ { + "id" : "e5fda50d-9f52-4f60-a917-31a85fc275a7", + "type" : "password", + "userLabel" : "My password", + "createdDate" : 1705398974508, + "secretData" : "{\"value\":\"sQsBVFdIJj7whmjzlFHkrh+ZCtrj8oXaOuK4V1q+95I=\",\"salt\":\"G1xU/pxUi5Moj3V7dRhfOg==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "basyx-file-sme-updater", "default-roles-basyx" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "abfaa545-3c2f-4ac6-9f41-7c166613ea35", + "username" : "basyx.reader", + "firstName" : "BaSyx", + "lastName" : "Reader", + "emailVerified" : false, + "createdTimestamp" : 1702032528855, + "enabled" : true, + "totp" : false, + "credentials" : [ { + "id" : "eea587f5-439d-487d-85d0-587b226f0683", + "type" : "password", + "userLabel" : "My password", + "createdDate" : 1702032760779, + "secretData" : "{\"value\":\"fNd3UFdT3clPTDFTMgdFzpNN6R34wu0R23S2vV6fOgI=\",\"salt\":\"eMifD6Sp0urGRzhEhSDc4w==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "basyx-reader", "default-roles-basyx" ], + "clientRoles" : { + "basyx-client-api" : [ "basyx-user" ] + }, + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "37e1ba01-3b9c-428c-b0fe-be85970bf1d9", + "username" : "basyx.reader.2", + "firstName" : "", + "lastName" : "", + "emailVerified" : false, + "createdTimestamp" : 1702158534562, + "enabled" : true, + "totp" : false, + "credentials" : [ { + "id" : "3237f89d-f9f0-4b70-9a08-d31d995c6948", + "type" : "password", + "userLabel" : "My password", + "createdDate" : 1702158617052, + "secretData" : "{\"value\":\"5aTlmhGaKIHjdeAWoC6+ei2WGOBE62okIiVm6h0/Ur4=\",\"salt\":\"qkVSxkETPCSxTqAERBjcDw==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "basyx-reader-two", "default-roles-basyx" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "2d7a7bdb-c8d3-4684-8c06-8873aabd9968", + "username" : "basyx.reader.serialization", + "firstName" : "", + "lastName" : "", + "emailVerified" : false, + "createdTimestamp" : 1707983800892, + "enabled" : true, + "totp" : false, + "credentials" : [ { + "id" : "c35c2724-8ae9-4193-bd25-e5245df77f4d", + "type" : "password", + "userLabel" : "My password", + "createdDate" : 1707983812752, + "secretData" : "{\"value\":\"2PxseHKNw94KIO+vkxn+jLwrfRWFF3Eh6cTOviSyKTI=\",\"salt\":\"E8GDPR/T+enGFszv/XvlQA==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "basyx-reader-serialization", "default-roles-basyx" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "113691d0-fc03-4607-8b64-97b646bded1f", + "username" : "basyx.reader.serialization.2", + "firstName" : "", + "lastName" : "", + "emailVerified" : false, + "createdTimestamp" : 1707983824403, + "enabled" : true, + "totp" : false, + "credentials" : [ { + "id" : "86bd4fdc-077c-4546-b80a-f51788f15b56", + "type" : "password", + "userLabel" : "My password", + "createdDate" : 1707983834216, + "secretData" : "{\"value\":\"LMmwk+0uIx2VOOD/Llx19E6oUW6Z+fye0dD6fft8JlI=\",\"salt\":\"mWFD3gAs2jncjP6tBu9C3g==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "basyx-reader-serialization-two", "default-roles-basyx" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "3988486a-51eb-447b-bc87-354e5b724c76", + "username" : "basyx.sme.reader", + "firstName" : "", + "lastName" : "", + "emailVerified" : false, + "createdTimestamp" : 1705306854299, + "enabled" : true, + "totp" : false, + "credentials" : [ { + "id" : "d70787d1-9834-43d6-a10d-bca854847fec", + "type" : "password", + "userLabel" : "My password", + "createdDate" : 1705306868293, + "secretData" : "{\"value\":\"DaO6udzDHUKnoqpl/7bdprLMKfwqV7MjKme1/NnEQtA=\",\"salt\":\"SzPSSVEQd1ZZoOGLuWGInA==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-basyx", "basyx-sme-reader" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "ed921577-8b07-439e-af66-cc3579a276ec", + "username" : "basyx.sme.reader.2", + "firstName" : "", + "lastName" : "", + "emailVerified" : false, + "createdTimestamp" : 1705310445991, + "enabled" : true, + "totp" : false, + "credentials" : [ { + "id" : "62446675-7b7e-40e7-bf6c-b375d8542a12", + "type" : "password", + "userLabel" : "My password", + "createdDate" : 1705310456309, + "secretData" : "{\"value\":\"QQkWFYjV952eOqGdkcDqqF4OdgtMCmUSKxzPF5I1LrU=\",\"salt\":\"ZUxajrFJ/cFxxH28cz8ibQ==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "basyx-sme-reader-two", "default-roles-basyx" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "60f02977-d033-43ed-8171-8ac44d14c62f", + "username" : "basyx.sme.updater", + "firstName" : "", + "lastName" : "", + "emailVerified" : false, + "createdTimestamp" : 1705312271325, + "enabled" : true, + "totp" : false, + "credentials" : [ { + "id" : "d224c0bc-7c5d-426d-8e96-9f4dfb141eab", + "type" : "password", + "userLabel" : "My password", + "createdDate" : 1705312282450, + "secretData" : "{\"value\":\"q+x0JQZAGRyDLlVAWPzLmVCJ/PPpb07xW+bAv1QFw9s=\",\"salt\":\"QC5VcH0pvVpnVPC/EnTAuA==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "basyx-sme-updater", "default-roles-basyx" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "9fd79b98-a230-43c8-a7ff-f88ee381c58c", + "username" : "basyx.sme.updater.2", + "firstName" : "", + "lastName" : "", + "emailVerified" : false, + "createdTimestamp" : 1705315980352, + "enabled" : true, + "totp" : false, + "credentials" : [ { + "id" : "eca8536c-fbf7-49dd-a370-405b00336965", + "type" : "password", + "userLabel" : "My password", + "createdDate" : 1705315990230, + "secretData" : "{\"value\":\"KpVPW6pBjilR3xUTV5X/Y8g2javOsmkY7/9TLwix8Lk=\",\"salt\":\"xmj+BOrdA7DQks9wwxV42w==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "basyx-sme-updater-two", "default-roles-basyx" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "20336dcf-0c1f-4344-b31b-f26048fc7faa", + "username" : "basyx.sme.updater.3", + "firstName" : "", + "lastName" : "", + "emailVerified" : false, + "createdTimestamp" : 1705324670982, + "enabled" : true, + "totp" : false, + "credentials" : [ { + "id" : "d1652462-350a-42e0-9a3e-e04cfa258237", + "type" : "password", + "userLabel" : "My password", + "createdDate" : 1705324695639, + "secretData" : "{\"value\":\"/qEHkHQIlm0poWXk13LWf3TpXq/ffOzflkIbretgeBw=\",\"salt\":\"arEuG45sRa+2aOZiY9PqVg==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "basyx-sme-updater-three", "default-roles-basyx" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "44f291ad-a0de-4035-9938-a092faf810b5", + "username" : "basyx.updater", + "firstName" : "BaSyx", + "lastName" : "Updater", + "emailVerified" : false, + "createdTimestamp" : 1702032579778, + "enabled" : true, + "totp" : false, + "credentials" : [ { + "id" : "28e62a3a-790d-477f-b139-b0ea943abfd7", + "type" : "password", + "userLabel" : "My password", + "createdDate" : 1702032778389, + "secretData" : "{\"value\":\"ZfuHUQ78g18C9k/zjHn/QBKsD8e9+xhxomRaBI00oSQ=\",\"salt\":\"IIhszlFoc5V3AKG0sDowkg==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "basyx-updater", "default-roles-basyx" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "9bf6b5c8-194f-4672-9313-9f3823cb3019", + "username" : "basyx.updater.2", + "firstName" : "", + "lastName" : "", + "emailVerified" : false, + "createdTimestamp" : 1702161564532, + "enabled" : true, + "totp" : false, + "credentials" : [ { + "id" : "59ef29d6-6dcf-42e6-b946-33d50335e0d1", + "type" : "password", + "userLabel" : "My password", + "createdDate" : 1702161581051, + "secretData" : "{\"value\":\"IWJZlX5XJT4IoSH1npG+APct5iL931bC54+RtjRgKAw=\",\"salt\":\"YZW26Yurco6D2uhzjVcQjA==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "basyx-updater-two", "default-roles-basyx" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "cb7df854-827d-4d34-a01f-33cdf07f5cea", + "username" : "basyx.uploader", + "firstName" : "", + "lastName" : "", + "emailVerified" : false, + "createdTimestamp" : 1708702290219, + "enabled" : true, + "totp" : false, + "credentials" : [ { + "id" : "7df6170e-1631-434d-8380-62f750c563cf", + "type" : "password", + "userLabel" : "My password", + "createdDate" : 1708702304670, + "secretData" : "{\"value\":\"M7YGdklaJzphwjjWGLfb990lR4NY4rbLTQ1LAPptEuc=\",\"salt\":\"MEYVvEIkg54+jjXQS47dbA==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-basyx", "basyx-uploader" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "3c94e1e0-caac-48c3-a31c-c9f555233a46", + "username" : "basyx.uploader.2", + "firstName" : "", + "lastName" : "", + "emailVerified" : false, + "createdTimestamp" : 1708932762171, + "enabled" : true, + "totp" : false, + "credentials" : [ { + "id" : "0d4049cb-293b-4f76-b82b-5ba9ee4530f2", + "type" : "password", + "userLabel" : "My password", + "createdDate" : 1708932779332, + "secretData" : "{\"value\":\"jNTZeVbTOOtuokGeXGhYd5Aa+G9TkCS1RFikWtULN/w=\",\"salt\":\"9St8VUxP3iiO2jZYM7whww==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-basyx", "basyx-uploader-two" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "c1a592bd-536f-4a3e-8193-c17d479814f3", + "username" : "basyx.uploader.3", + "firstName" : "", + "lastName" : "", + "emailVerified" : false, + "createdTimestamp" : 1708934121191, + "enabled" : true, + "totp" : false, + "credentials" : [ { + "id" : "7cd8fd3f-8c83-43b9-9fb7-6203e7c7376c", + "type" : "password", + "userLabel" : "My password", + "createdDate" : 1708934138452, + "secretData" : "{\"value\":\"BenBZDPAZWMjSh21uER8mw7PSEdXw8xRh7YPlWsNUno=\",\"salt\":\"ioGE5CqXT8XyCWkcbi9ETA==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "basyx-uploader-three", "default-roles-basyx" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "f3ec1793-3d62-41c3-ad34-b7b29ac88528", + "username" : "bob.maintainer", + "firstName" : "Bob", + "lastName" : "", + "emailVerified" : false, + "createdTimestamp" : 1702030619322, + "enabled" : true, + "totp" : false, + "credentials" : [ { + "id" : "a45e5184-e7f3-41bc-be25-c97197852301", + "type" : "password", + "userLabel" : "My password", + "createdDate" : 1702030635868, + "secretData" : "{\"value\":\"qMAW5hUeZYBsbUjNqSHcRFIn05OKnS/whcapkCvLL3c=\",\"salt\":\"BsbKzzXVRR6sazSpRimCeA==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "maintainer", "default-roles-basyx" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "e75ac9e8-7093-4898-a203-d9839f854944", + "username" : "jane.doe", + "firstName" : "Jane", + "lastName" : "Doe", + "emailVerified" : false, + "createdTimestamp" : 1702030567684, + "enabled" : true, + "totp" : false, + "credentials" : [ { + "id" : "d1e97a9f-42b6-43d0-a070-1216d03a64b7", + "type" : "password", + "userLabel" : "My password", + "createdDate" : 1702030585530, + "secretData" : "{\"value\":\"S/d8o0wllcaXTOdtd/DGSIY9K6irGF0eMn9QJxZ+FSk=\",\"salt\":\"jIVz5vxpb6RpVHxkqi7jSw==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "user", "default-roles-basyx" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "caf7499e-4f3d-45fa-9246-99ea8f8b5c94", + "username" : "john", + "firstName" : "", + "lastName" : "", + "emailVerified" : false, + "createdTimestamp" : 1701764678734, + "enabled" : true, + "totp" : false, + "credentials" : [ { + "id" : "136b209f-3b75-45d9-b448-e1ec93dc7ea4", + "type" : "password", + "userLabel" : "My password", + "createdDate" : 1701764705215, + "secretData" : "{\"value\":\"wl3q7M/vsTL2T2vVXnZQG8eRzktKT5WRqDP+d1sW2tE=\",\"salt\":\"Yx270JeMPiFH36ycimpziA==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "READ", "admin", "user", "default-roles-basyx" ], + "clientRoles" : { + "basyx-client-api" : [ "basyx-admin" ] + }, + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "fb833c1b-3a7d-4224-9ab1-672e7203bab5", + "username" : "john.doe", + "firstName" : "John", + "lastName" : "Doe", + "emailVerified" : false, + "createdTimestamp" : 1702030523698, + "enabled" : true, + "totp" : false, + "credentials" : [ { + "id" : "b8b3d5cf-4fa3-46ed-8a3e-18875acecff0", + "type" : "password", + "userLabel" : "My password", + "createdDate" : 1702030540643, + "secretData" : "{\"value\":\"PAA5qfnQC9ImTZslJXw6GSW6k7rhYHl7XCdlk+9yb5A=\",\"salt\":\"jtFqUjRq7RtxXNYrKSJgFA==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "admin", "default-roles-basyx" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "9045c192-428a-4fff-bf7a-b9a9ac16742f", + "username" : "paul.visitor", + "firstName" : "Paul", + "lastName" : "Visitor", + "emailVerified" : false, + "createdTimestamp" : 1702030666980, + "enabled" : true, + "totp" : false, + "credentials" : [ { + "id" : "81d4c206-c0a0-4ee6-9fcb-19f755e66150", + "type" : "password", + "userLabel" : "My password", + "createdDate" : 1702030682803, + "secretData" : "{\"value\":\"MedIFuT+Rl3PrjV7Nn/DJxJRiQD0Ucl6Ms2fc3wXbtU=\",\"salt\":\"12rxIShfyTRisjU8t7Smhw==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "visitor", "default-roles-basyx" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "a19abcac-34d5-46bb-a604-b07dc234e80f", + "username" : "service-account-workstation-1", + "emailVerified" : false, + "createdTimestamp" : 1715582034760, + "enabled" : true, + "totp" : false, + "serviceAccountClientId" : "workstation-1", + "credentials" : [ ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "basyx-reader", "basyx-deleter", "basyx-updater", "admin", "basyx-creator", "default-roles-basyx" ], + "clientRoles" : { + "workstation-1" : [ "uma_protection" ] + }, + "notBefore" : 0, + "groups" : [ "/BaSyxGroup" ] + }, { + "id" : "77957093-d593-44b4-b4e9-bc365e840cdd", + "username" : "test.user", + "firstName" : "Test", + "lastName" : "User", + "email" : "test.user@gmail.com", + "emailVerified" : true, + "createdTimestamp" : 1715539640949, + "enabled" : true, + "totp" : false, + "credentials" : [ { + "id" : "11672ccf-38b7-421b-8d01-755e0f2197da", + "type" : "password", + "userLabel" : "My password", + "createdDate" : 1715539657887, + "secretData" : "{\"value\":\"7YbCeFyuYDpwu/06UbMT7OObo29RU7cG1XWrqcNwZLg=\",\"salt\":\"nAQ9KKDYyg5GGuSUyfG+kw==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-basyx" ], + "notBefore" : 0, + "groups" : [ "/BaSyxGroup" ] + } ], + "scopeMappings" : [ { + "clientScope" : "offline_access", + "roles" : [ "offline_access" ] + } ], + "clientScopeMappings" : { + "account" : [ { + "client" : "account-console", + "roles" : [ "manage-account", "view-groups" ] + } ] + }, + "clients" : [ { + "id" : "049e1323-6efb-4543-bc52-566cd292732a", + "clientId" : "account", + "name" : "${client_account}", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/BaSyx/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/realms/BaSyx/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "7d00b9a7-d212-4132-91f0-06e0719c7b43", + "clientId" : "account-console", + "name" : "${client_account-console}", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/BaSyx/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/realms/BaSyx/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+", + "pkce.code.challenge.method" : "S256" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "f5343ae7-2d59-45ff-8c56-7fcc152d90f5", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { } + } ], + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "00ebf255-9c7c-444d-92b5-ff146d9147b9", + "clientId" : "admin-cli", + "name" : "${client_admin-cli}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : false, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "3fb3e5e5-dbd8-4d51-b964-746c5b2181a4", + "clientId" : "basyx-client-api", + "name" : "BaSyx Client Api", + "description" : "", + "rootUrl" : "http://localhost:8081", + "adminUrl" : "http://localhost:8081", + "baseUrl" : "http://localhost:8081", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "http://localhost:8081/*" ], + "webOrigins" : [ "http://localhost:8081" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : true, + "protocol" : "openid-connect", + "attributes" : { + "oidc.ciba.grant.enabled" : "false", + "backchannel.logout.session.required" : "true", + "post.logout.redirect.uris" : "http://localhost:8081", + "oauth2.device.authorization.grant.enabled" : "false", + "display.on.consent.screen" : "false", + "backchannel.logout.revoke.offline.tokens" : "false" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : -1, + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "615f29de-5f3d-4384-8b71-7351ff2c2a32", + "clientId" : "basyx-demo", + "name" : "", + "description" : "", + "rootUrl" : "", + "adminUrl" : "", + "baseUrl" : "", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "41f9RznNmtHaWKT7i8IDYTjl2VaLHw0q", + "redirectUris" : [ "/*" ], + "webOrigins" : [ "/*" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : true, + "protocol" : "openid-connect", + "attributes" : { + "oidc.ciba.grant.enabled" : "false", + "client.secret.creation.time" : "1716897911", + "backchannel.logout.session.required" : "true", + "post.logout.redirect.uris" : "+", + "oauth2.device.authorization.grant.enabled" : "false", + "backchannel.logout.revoke.offline.tokens" : "false" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : -1, + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "047f9c4e-3895-4562-9d8d-87cf3b1c7c05", + "clientId" : "basyx-web-ui", + "name" : "", + "description" : "", + "rootUrl" : "", + "adminUrl" : "", + "baseUrl" : "", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ + "http://aasgui.basyx.localhost/*", "http://localhost:3000/*" ], + "webOrigins" : [ + "http://aasgui.basyx.localhost", "http://localhost:3000" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : true, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : true, + "protocol" : "openid-connect", + "attributes" : { + "oidc.ciba.grant.enabled" : "false", + "backchannel.logout.session.required" : "true", + "post.logout.redirect.uris": "http://localhost:3000/*##http://aasgui.basyx.localhost/*", + "oauth2.device.authorization.grant.enabled" : "true", + "display.on.consent.screen" : "false", + "backchannel.logout.revoke.offline.tokens" : "false" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : -1, + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "45f21c3d-4e85-466f-984f-d7bd47392453", + "clientId" : "broker", + "name" : "${client_broker}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : true, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "205e3c12-0af6-4d19-8eb4-d660d854ee43", + "clientId" : "realm-management", + "name" : "${client_realm-management}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : true, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "2f43139f-46dc-442a-84b6-1eef146c0b16", + "clientId" : "security-admin-console", + "name" : "${client_security-admin-console}", + "rootUrl" : "${authAdminUrl}", + "baseUrl" : "/admin/BaSyx/console/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/admin/BaSyx/console/*" ], + "webOrigins" : [ "+" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+", + "pkce.code.challenge.method" : "S256" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "70e02310-8910-4ad2-b02e-3091643fca8c", + "name" : "locale", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "locale", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "locale", + "jsonType.label" : "String" + } + } ], + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "96031210-9e6c-4252-a22e-e81a47e30d65", + "clientId" : "workstation-1", + "name" : "Workstation 1", + "description" : "", + "rootUrl" : "", + "adminUrl" : "", + "baseUrl" : "", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : true, + "clientAuthenticatorType" : "client-secret", + "secret" : "nY0mjyECF60DGzNmQUjL81XurSl8etom", + "redirectUris" : [ "/*" ], + "webOrigins" : [ "/*" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : true, + "authorizationServicesEnabled" : true, + "publicClient" : false, + "frontchannelLogout" : true, + "protocol" : "openid-connect", + "attributes" : { + "oidc.ciba.grant.enabled" : "false", + "client.secret.creation.time" : "1715582034", + "backchannel.logout.session.required" : "true", + "post.logout.redirect.uris" : "+", + "oauth2.device.authorization.grant.enabled" : "false", + "backchannel.logout.revoke.offline.tokens" : "false" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : -1, + "protocolMappers" : [ { + "id" : "1f332577-69b1-48cf-b2d1-95ccd6159fdf", + "name" : "Client IP Address", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usersessionmodel-note-mapper", + "consentRequired" : false, + "config" : { + "user.session.note" : "clientAddress", + "userinfo.token.claim" : "true", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "clientAddress", + "jsonType.label" : "String" + } + }, { + "id" : "05688508-b82b-46c5-85de-f0bacf03d6e7", + "name" : "Client Host", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usersessionmodel-note-mapper", + "consentRequired" : false, + "config" : { + "user.session.note" : "clientHost", + "userinfo.token.claim" : "true", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "clientHost", + "jsonType.label" : "String" + } + }, { + "id" : "a1c32e51-4369-4460-a015-98867bb101fd", + "name" : "Client ID", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usersessionmodel-note-mapper", + "consentRequired" : false, + "config" : { + "user.session.note" : "client_id", + "userinfo.token.claim" : "true", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "client_id", + "jsonType.label" : "String" + } + } ], + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ], + "authorizationSettings" : { + "allowRemoteResourceManagement" : true, + "policyEnforcementMode" : "ENFORCING", + "resources" : [ ], + "policies" : [ ], + "scopes" : [ ], + "decisionStrategy" : "UNANIMOUS" + } + } ], + "clientScopes" : [ { + "id" : "e0f355da-f9ff-4104-b305-043b0188747b", + "name" : "offline_access", + "description" : "OpenID Connect built-in scope: offline_access", + "protocol" : "openid-connect", + "attributes" : { + "consent.screen.text" : "${offlineAccessScopeConsentText}", + "display.on.consent.screen" : "true" + } + }, { + "id" : "a194eeae-0c0b-4300-b613-9c7b5a281ba0", + "name" : "web-origins", + "description" : "OpenID Connect scope for add allowed web origins to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false", + "consent.screen.text" : "" + }, + "protocolMappers" : [ { + "id" : "c3c7617c-2d46-4cf7-893c-776b7a14797a", + "name" : "allowed web origins", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-allowed-origins-mapper", + "consentRequired" : false, + "config" : { } + } ] + }, { + "id" : "69675a1a-f2a5-4316-915b-e1a0cc02e0fe", + "name" : "role_list", + "description" : "SAML role list", + "protocol" : "saml", + "attributes" : { + "consent.screen.text" : "${samlRoleListScopeConsentText}", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "e9883191-5f1c-4eed-90da-51806ba954cc", + "name" : "role list", + "protocol" : "saml", + "protocolMapper" : "saml-role-list-mapper", + "consentRequired" : false, + "config" : { + "single" : "false", + "attribute.nameformat" : "Basic", + "attribute.name" : "Role" + } + } ] + }, { + "id" : "95a35d30-fb91-4a8c-a208-5c7b1644b7fa", + "name" : "acr", + "description" : "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "51873e8d-85db-4c1f-be02-bef88d435e89", + "name" : "acr loa level", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-acr-mapper", + "consentRequired" : false, + "config" : { + "id.token.claim" : "true", + "access.token.claim" : "true", + "userinfo.token.claim" : "true" + } + } ] + }, { + "id" : "d937e76f-71f3-4260-bbc6-1feffc3a655e", + "name" : "roles", + "description" : "OpenID Connect scope for add user roles to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "gui.order" : "", + "consent.screen.text" : "${rolesScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "7dfd8525-9c12-49a1-a6ec-4d4d1bb74471", + "name" : "realm roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "multivalued" : "true", + "userinfo.token.claim" : "false", + "user.attribute" : "foo", + "id.token.claim" : "false", + "access.token.claim" : "true", + "claim.name" : "realm_access.roles", + "jsonType.label" : "String" + } + }, { + "id" : "2fe9cc2c-3f61-446e-9cf4-f34fe1964a1d", + "name" : "client roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-client-role-mapper", + "consentRequired" : false, + "config" : { + "multivalued" : "true", + "userinfo.token.claim" : "false", + "user.attribute" : "foo", + "id.token.claim" : "false", + "access.token.claim" : "true", + "claim.name" : "resource_access.${client_id}.roles", + "jsonType.label" : "String" + } + }, { + "id" : "4071dcc6-b7d3-42b1-93c7-e14d0a17d103", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { } + } ] + }, { + "id" : "c22bdca5-b67a-4249-a8c7-9bbe8fc16559", + "name" : "phone", + "description" : "OpenID Connect built-in scope: phone", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${phoneScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "d62a405a-d99e-4d6a-bed4-48c052abc559", + "name" : "phone number", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "phoneNumber", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "phone_number", + "jsonType.label" : "String" + } + }, { + "id" : "531eab62-3750-4ed9-b101-9f1c2e709c51", + "name" : "phone number verified", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "phoneNumberVerified", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "phone_number_verified", + "jsonType.label" : "boolean" + } + } ] + }, { + "id" : "9ddb9d40-7d9e-48de-8069-dd4e49e781dd", + "name" : "email", + "description" : "OpenID Connect built-in scope: email", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${emailScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "ae918ce8-12e6-4cb3-be0d-243cbf083fcb", + "name" : "email verified", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "emailVerified", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email_verified", + "jsonType.label" : "boolean" + } + }, { + "id" : "59542d0c-b9b4-4913-ba99-416cf5c4a725", + "name" : "email", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "email", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "2359cb5f-9de5-410c-9e87-38f1a4db0eee", + "name" : "microprofile-jwt", + "description" : "Microprofile - JWT built-in scope", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "dc0f74c2-135c-4e61-b74e-22836524b496", + "name" : "groups", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "multivalued" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "foo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "groups", + "jsonType.label" : "String" + } + }, { + "id" : "a715f65e-3a94-4bca-94df-49e1e53e5aae", + "name" : "upn", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "upn", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "11a8d21b-ed5d-4567-af88-91101e132553", + "name" : "profile", + "description" : "OpenID Connect built-in scope: profile", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${profileScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "c6ae1222-2561-491e-8c33-2e2eef183f6a", + "name" : "nickname", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "nickname", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "nickname", + "jsonType.label" : "String" + } + }, { + "id" : "aba683c1-ee38-4f0a-980b-9c7c31a189ad", + "name" : "family name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "lastName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "family_name", + "jsonType.label" : "String" + } + }, { + "id" : "b5d111f6-91be-4735-9dbf-848bcf86c1d3", + "name" : "birthdate", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "birthdate", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "birthdate", + "jsonType.label" : "String" + } + }, { + "id" : "8e0ca67f-030e-4ea9-af3c-8e7815442957", + "name" : "updated at", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "updatedAt", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "updated_at", + "jsonType.label" : "long" + } + }, { + "id" : "3d9431ca-a590-457b-a0e3-412f63f07923", + "name" : "zoneinfo", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "zoneinfo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "zoneinfo", + "jsonType.label" : "String" + } + }, { + "id" : "b54a324a-b8ee-4c66-b780-50f9b8e3e275", + "name" : "locale", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "locale", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "locale", + "jsonType.label" : "String" + } + }, { + "id" : "6ffd147e-fac7-4299-ab9f-b7bef677d0ae", + "name" : "middle name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "middleName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "middle_name", + "jsonType.label" : "String" + } + }, { + "id" : "9637b112-a2e8-4787-be6d-45f8d0804555", + "name" : "profile", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "profile", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "profile", + "jsonType.label" : "String" + } + }, { + "id" : "36e9530e-da81-477e-907e-a335efff8df8", + "name" : "given name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "firstName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "given_name", + "jsonType.label" : "String" + } + }, { + "id" : "119fb217-5662-40db-a33c-442846a58b71", + "name" : "full name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-full-name-mapper", + "consentRequired" : false, + "config" : { + "id.token.claim" : "true", + "access.token.claim" : "true", + "userinfo.token.claim" : "true" + } + }, { + "id" : "b607712e-db7c-42d3-ab9c-99acf62bac40", + "name" : "username", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "preferred_username", + "jsonType.label" : "String" + } + }, { + "id" : "c73bc111-8b12-46ac-866f-1e690c8fa21a", + "name" : "website", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "website", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "website", + "jsonType.label" : "String" + } + }, { + "id" : "8de0aa23-d84c-4f77-9ada-52d6bcd71593", + "name" : "picture", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "picture", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "picture", + "jsonType.label" : "String" + } + }, { + "id" : "85b4a69b-2b52-44e0-b4f7-4ff75feba1b4", + "name" : "gender", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "gender", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "gender", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "691dbb7d-ed16-4283-b737-f02676e56e82", + "name" : "address", + "description" : "OpenID Connect built-in scope: address", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${addressScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "46d9b7a5-0776-496d-9a50-e5584709677b", + "name" : "address", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-address-mapper", + "consentRequired" : false, + "config" : { + "user.attribute.formatted" : "formatted", + "user.attribute.country" : "country", + "user.attribute.postal_code" : "postal_code", + "userinfo.token.claim" : "true", + "user.attribute.street" : "street", + "id.token.claim" : "true", + "user.attribute.region" : "region", + "access.token.claim" : "true", + "user.attribute.locality" : "locality" + } + } ] + } ], + "defaultDefaultClientScopes" : [ "role_list", "profile", "email", "web-origins", "acr", "roles" ], + "defaultOptionalClientScopes" : [ "offline_access", "address", "phone", "microprofile-jwt" ], + "browserSecurityHeaders" : { + "contentSecurityPolicyReportOnly" : "", + "xContentTypeOptions" : "nosniff", + "referrerPolicy" : "no-referrer", + "xRobotsTag" : "none", + "xFrameOptions" : "SAMEORIGIN", + "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "xXSSProtection" : "1; mode=block", + "strictTransportSecurity" : "max-age=31536000; includeSubDomains" + }, + "smtpServer" : { }, + "eventsEnabled" : false, + "eventsListeners" : [ "jboss-logging" ], + "enabledEventTypes" : [ ], + "adminEventsEnabled" : false, + "adminEventsDetailsEnabled" : false, + "identityProviders" : [ ], + "identityProviderMappers" : [ ], + "components" : { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ { + "id" : "f44d4d8f-cc39-4467-bb75-889f8d4c9b90", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "saml-user-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-address-mapper", "oidc-full-name-mapper", "oidc-usermodel-property-mapper", "saml-role-list-mapper", "oidc-usermodel-attribute-mapper", "saml-user-property-mapper" ] + } + }, { + "id" : "7256d195-1e91-4f63-a9c4-6bef95243a92", + "name" : "Max Clients Limit", + "providerId" : "max-clients", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "max-clients" : [ "200" ] + } + }, { + "id" : "f3d9ee71-6796-41bb-b89f-c4b2ad108b3a", + "name" : "Trusted Hosts", + "providerId" : "trusted-hosts", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "host-sending-registration-request-must-match" : [ "true" ], + "client-uris-must-match" : [ "true" ] + } + }, { + "id" : "340f74d5-41a0-45cc-8ccb-65a0a4c49ed4", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "allow-default-scopes" : [ "true" ] + } + }, { + "id" : "fb2bea0a-dca5-4784-822d-cf10518f41c6", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "saml-user-attribute-mapper", "oidc-usermodel-property-mapper", "oidc-address-mapper", "oidc-full-name-mapper", "saml-role-list-mapper", "oidc-usermodel-attribute-mapper", "saml-user-property-mapper", "oidc-sha256-pairwise-sub-mapper" ] + } + }, { + "id" : "face2c9e-4d23-44e2-9a09-74e1d8448bd3", + "name" : "Consent Required", + "providerId" : "consent-required", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "6d38ba87-78ee-4ca3-aecd-0164922a08e2", + "name" : "Full Scope Disabled", + "providerId" : "scope", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "d9bdd722-325e-41ff-bb88-df8772c9415b", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allow-default-scopes" : [ "true" ] + } + } ], + "org.keycloak.userprofile.UserProfileProvider" : [ { + "id" : "2997d5f7-8adc-453d-b672-3d4f01f833ba", + "providerId" : "declarative-user-profile", + "subComponents" : { }, + "config" : { + "kc.user.profile.config" : [ "{\"attributes\":[{\"name\":\"username\",\"displayName\":\"${username}\",\"validations\":{\"length\":{\"min\":3,\"max\":255},\"username-prohibited-characters\":{},\"up-username-not-idn-homograph\":{}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"email\",\"displayName\":\"${email}\",\"validations\":{\"email\":{},\"length\":{\"max\":255}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"firstName\",\"displayName\":\"${firstName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"lastName\",\"displayName\":\"${lastName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false}],\"groups\":[{\"name\":\"user-metadata\",\"displayHeader\":\"User metadata\",\"displayDescription\":\"Attributes, which refer to user metadata\"}],\"unmanagedAttributePolicy\":\"ENABLED\"}" ] + } + } ], + "org.keycloak.keys.KeyProvider" : [ { + "id" : "9948a63f-b171-4137-bb81-beabd0c049f0", + "name" : "aes-generated", + "providerId" : "aes-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "59f8ad80-8417-45dd-8196-c2f37ddaa309" ], + "secret" : [ "D82qLVou0ux0UswcrMSTlw" ], + "priority" : [ "100" ] + } + }, { + "id" : "f594170e-f886-4653-9d9c-a70d87f66ae5", + "name" : "hmac-generated-hs512", + "providerId" : "hmac-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "be9f743e-81d8-4db4-972b-914de6b73ad1" ], + "secret" : [ "LD4EsL3zKuD39yf_HXsNgFLBqiE7pmTTipK3Fg7JCm3QfmdTulIVt7o3LvXVd2Z-6fvBHIFT8DbhHpXuCMu1XY7xiB5TGJSlgs3b5kVb7Dz4xyd4QR5VajswABlcLZDF0_n2LXtpQ72nZmpGBC-DEMSavpvtbMtOb7EJvMlVUws" ], + "priority" : [ "100" ], + "algorithm" : [ "HS512" ] + } + }, { + "id" : "4a3be057-744a-44c4-9211-9a98d7c6303c", + "name" : "rsa-enc-generated", + "providerId" : "rsa-enc-generated", + "subComponents" : { }, + "config" : { + "privateKey" : [ "MIIEogIBAAKCAQEA9KETJD3hVFueAg6Dk39nNIhTNDGtEbOfz15JumFd23CNfceSgZB2fQn6/kwzxom+i2Za8NrcJh21sDbeXb0VQNnOWsjiOzDuC6VvRFzeg3eIr6BqQIEggHwk2YRqd/lD225Myk5s3G1PA/cLr0ZO+/IUwI9Z6rKayzSO0IrpHKe4cJUa6YGMeVeprN575/jcbbC+B8IXJdmcJ1+n5MUzHxpcvDFKLBOaukGTENji4qMoHxQ2YkGO5nOTDlq6Nx5J+VUMrUfP3Z7fJPvil+ma6jZtre4T3r7DoKv6jzQRbDUig/aFyx+qqStP+nPiRJ7sx6KzyJSekXPPY4bDkVdVXwIDAQABAoIBAAut4J6Tb72ANETpd+GwxiogmhK89NDXPRMaIs+WeqcrGMfZB+C0sQ60mi2a6lvmID+o7tpevWT6eFd5GL7r880chcWy0o48S0xccezKUq5/JGD4k5B2oCkfBDL4WsCImSZ4Sr7b5Xmh15E0y1nrM7X2orc0AN+u9quRKLWPJ3Fmy21NNOS6FVcAUwSJViDzG+heH8Ny91OnQs3SSh/0Ubxiv/bl54FVAoq1vrTl5xHBu8T+jXU978P6n8O8tXLaCEReAAcwrSAw98nNIuPOzqyZS5VLpxQCaVoIotorysPifrOQJFVHYK9az+jdkT1enxMdhmEewWW6KlQdUNeA+XUCgYEA+wzLLNAixryRgdlWvmmg8hVUAgXPczlDOfSOajSX7UcykTz/m0qjZ2idwUyMQvy+/ukqdJieSMegTWSq9kDyYW5THSI0GlIaX+2BMQml+enrGkDWp2Hl1G5EK9z98aw/fdVodn7U7XQKm3v1toF02Lx7sit6KFPCupg2lr248NMCgYEA+XPfFq2TuDCKhm9+yLQm5tyTzbDOfKqWAKYCYIO0iPMzeOwc09W0UOT6iW2WhFpus3jtp8lPmzfJ7MmIQ9RwhwporMGRPbV/tD7TEvCgOUOEsJv6eHgLqA1zCLI9kx1uezQglF1seb77ouOD6gTG/kK5HfwEd8GLV53TtYjYEcUCgYBerrOOAi2rgIDsVRjnFZVy1+JoJOLZlRYqrHZtzcoi3kBPEI9idSLtpEIjHgikVwh9wViWwtynnEp0BeyIlXQUlPRZv4WhC6gQ19VqtjXX7IYTz7JlTIHOvYuOc3l/BTSo86zDTBBoQeSiQX0pSOfVujh4uPcIcJa3oyKrdYBjqwKBgBfGKU7aACgfyDQD0EuEj+iUwSlrXmKXR3CMYdGc+8nJk/BEYIL37RWAnTgXz66Rh9dnAQ9qqkGa0Y3Vrzz3tDnKjitYz2TYNXGSQz+c20hZ3P2QABEXL9U2Yu5DPocU2QC4+RnqxXnc79KYaGwXRHfbGBV5fVuEgKk7C4BTqHQZAoGAUur0G3Qdu7PDFXDYYYuAk78ilVhLIp+r4nv61C8ydO4PKQPjRC+ab/UH0OvlXmGKAqeLj/cbohtOuprcHmaqIEwzxxXwQrdkBCWo7LxrV0/Ke731V5XM59disjA+F8aR78nZPBLHz5JLl0sagkKA8V3t9EwQMJ//M+ZbAqoT/GM=" ], + "keyUse" : [ "ENC" ], + "certificate" : [ "MIICmTCCAYECBgGMOOsFujANBgkqhkiG9w0BAQsFADAQMQ4wDAYDVQQDDAVCYVN5eDAeFw0yMzEyMDUwNzM3NTVaFw0zMzEyMDUwNzM5MzVaMBAxDjAMBgNVBAMMBUJhU3l4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9KETJD3hVFueAg6Dk39nNIhTNDGtEbOfz15JumFd23CNfceSgZB2fQn6/kwzxom+i2Za8NrcJh21sDbeXb0VQNnOWsjiOzDuC6VvRFzeg3eIr6BqQIEggHwk2YRqd/lD225Myk5s3G1PA/cLr0ZO+/IUwI9Z6rKayzSO0IrpHKe4cJUa6YGMeVeprN575/jcbbC+B8IXJdmcJ1+n5MUzHxpcvDFKLBOaukGTENji4qMoHxQ2YkGO5nOTDlq6Nx5J+VUMrUfP3Z7fJPvil+ma6jZtre4T3r7DoKv6jzQRbDUig/aFyx+qqStP+nPiRJ7sx6KzyJSekXPPY4bDkVdVXwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQDtGhf0x8ll3OWG0ZPBeq75OtrxGsLeF+Ic0LPMjlZvhJ6YOj79NKuILhBfECGoOeyp2xhrWXZzrNtgl/1LFULYjeBMwmUt9Hlcj/iNSQslOl3bwUxKtVZfGfEDmC4uRqVnVC9NdQlJ8s1Wea675OrFBQevtqZMApkTvQHzSpfhK+bNGyMpBW6zYleUzvE8jDu9AtlLhjAw2/HWJHrOI2DwMN16tNth4vUlKMRfSgr/0kmxuQbqfd3H+kPgd78EgkGob7bCL27d7rRHnCBT79bWBushpTY9TnqQvfwQthGKFICEhsXOreXwRuxgJfG70Q60iwfXexknZFeaqmLPIY8k" ], + "priority" : [ "100" ], + "algorithm" : [ "RSA-OAEP" ] + } + }, { + "id" : "f7fcd439-e566-4b8d-8078-f300b494f90a", + "name" : "rsa-generated", + "providerId" : "rsa-generated", + "subComponents" : { }, + "config" : { + "privateKey" : [ "MIIEowIBAAKCAQEAsQ4RUvlZXLjQpLizIMht46ASwpwUoPpUDTmUhxF/VV+ezHTHbTAdv/5RA1GgCyTjAQe/Ih6dLByZrJFaroyvqgIJdMRCb0MwajI1US0/NwHtVvo5dea/+GKeHGRzvYZjxVlooR/1xmskfAM/NR/NaOMUhr/TNV7n7LXEb06L55DYnqdqrUnhXLewBq1lo54GsMqxN4hlkc4nJ2uYUtWEkV4SlMyYRjXBlylpuWFO0+/FsmaqSx7CZWjNWmqKlxnvUgRrT5Vh+9ZgCAOmGtLuFYOVWzqmVjWtyiJ1pYfWjwc86XeWBFefVY1lkoNNoSYKV4AZIkeF2M/+FHNzNGhLOwIDAQABAoIBABCuWR5+pJcySGIEjsfbalMETVAtgVoLS6j1UFOLZ/pEqILty64zVtI0ZTCRW6lBH+wEbVMLHFbAGRBjn24Lji9PwtFP/kxaQbD3qwNLZoXJtjE4IPrFMzf1Hp1hL3BfPX4l5tArYS4BAS535dgc927W2iO55e3E08f+9hNgjJjT6fpFvKqsGsHkPVEQBr0p1vZ1JkO3FrhCP4s5HTRSHoiaFxQb2yceN/mSmQHTcRJv6yxHAuhaKL44r7KEeI8fyANvXhx+BZhu9aX9Esb72poRFOyV5Wu1QoVFpKIUNhELTJ0NOjSTiqThDXKK0EOgkooN5dhyeNRcQ4qwufUF4n0CgYEA56YwPasUGWF7ZqiqfSgXOHrMb4E/T9Y194tVM4J94eEVqNeUrqcphLsBG1g9MAmMo6rXjYnmYyVZmrmaqeaSUKpibg2Bg0yfe8p/Z0UjwHebKXAYOQDUQazGgcACV4zHPhQFUzgJ/WS3X2EJUXb8M5OBlThD94xXlT0szrjKFLUCgYEAw6q3sQDEuGm6kVSrH35CflhRcEyGYzAfG5XXUGr1BuPqzsVeQMXm5fzIvFDpSqP0E1LS1LjiQQJuRVbcEGLmpG38hGKD5LgFxx2/leu8a9+i7v1yZ6DaQB+XXrtiCoOSab8q8AeU/5AJm9JQI2jr08u//xnIy1tUh3t9wjMxRi8CgYEAvmZnolh6pb3tOt0JfOO16lNss33tdwafxv78IeFw7HcgYW4IpGF7i8BVUY9+g3xl36StlYWyGu35L2a9DEcbHjhdvQ1W1X/mWk5/13cJwsnMfAvJrRjUXcLQSpdylVl97rVwBw25kE/3NOtCSHZfJ1lnminsG41784ubx7I1Tz0CgYAahJ6UnJgMrjeczq7Ke+AjI3EWGSj1dGYi5PHjcjt3DZibIWCewrOCY/oIm6aieQnxPH5aWhw/10Z+m0ED74N2sXlRr9BURSRzUfLPLL3CmPKKFUtWBBTQL/fh3N9ysVY8gq4dDcoBwNGsjppR0jxz3d9NgX8XIG+aVQA8O5fn/QKBgBVXVKXNeEiNPSoayzDXNuCU14DintvN4+jq2kL4zmOOc1s+NHdqAP/FZfBaQwl6SDZer3Tx9oXCZatZV9y8IZEC6GXqQO7H/RPbMDcuT8B6KHPqf0SZ0F7XYL9FGwjVQ5k1ouOvWbeNPxvHfxcs0nJTpou4gklF3yO98ATFEvv1" ], + "keyUse" : [ "SIG" ], + "certificate" : [ "MIICmTCCAYECBgGMOOsFGDANBgkqhkiG9w0BAQsFADAQMQ4wDAYDVQQDDAVCYVN5eDAeFw0yMzEyMDUwNzM3NTVaFw0zMzEyMDUwNzM5MzVaMBAxDjAMBgNVBAMMBUJhU3l4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsQ4RUvlZXLjQpLizIMht46ASwpwUoPpUDTmUhxF/VV+ezHTHbTAdv/5RA1GgCyTjAQe/Ih6dLByZrJFaroyvqgIJdMRCb0MwajI1US0/NwHtVvo5dea/+GKeHGRzvYZjxVlooR/1xmskfAM/NR/NaOMUhr/TNV7n7LXEb06L55DYnqdqrUnhXLewBq1lo54GsMqxN4hlkc4nJ2uYUtWEkV4SlMyYRjXBlylpuWFO0+/FsmaqSx7CZWjNWmqKlxnvUgRrT5Vh+9ZgCAOmGtLuFYOVWzqmVjWtyiJ1pYfWjwc86XeWBFefVY1lkoNNoSYKV4AZIkeF2M/+FHNzNGhLOwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCd6bCxZ0JvQ9/Wh1iY17lDbmbIfcm/DapqN3Q8q3VLTwvsg4mwL0lKinTztGbh2KpSmRlLTFsvED63k8hIt09FLvbPy8n7U/DddaUhxS3/MMcQ2u+Rg5zXNhIPMdqyvXD9+R9ToXToP2BfD23f8HgGXJ2y5D3u48PZ96g2SlbAbNTnESABSB3r7bcHMemT+Ud/7auSA45lLoJWmlQjJ7gbFk1Dwrv/AdYTBFM+LWflei9MQUBqP95960VbFmX9sHIBxTqQ5GxB8JNdVPSEdfJe0xP2Bh4I0+yPGDvoadncQYySnBvlmdpKy60+UWWrH9R1ritc/F///hFB77hDu2l/" ], + "priority" : [ "100" ] + } + }, { + "id" : "c6b34d4a-f4f6-4864-8c39-86b0b6762bb7", + "name" : "hmac-generated", + "providerId" : "hmac-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "8dc274eb-ee41-475b-b397-52fffaf3b558" ], + "secret" : [ "DHWa3cwv5TFTPhjldSbGi44H0qb5UhRJjyE2N2HGwxRptCp4sgot3_0Z8YcTD3fFzXQvsHy5UShsaUwD0i2SaxcksllwigKdUc8kgK28DM1jN-_A98ht-kn_s5mJRqfsTFHnzQ_-Ur2DSzU1d16pNn0J-Gbhb7e6ySF5_LZQwBk" ], + "priority" : [ "100" ], + "algorithm" : [ "HS256" ] + } + } ] + }, + "internationalizationEnabled" : false, + "supportedLocales" : [ ], + "authenticationFlows" : [ { + "id" : "76ff1526-2405-40a7-9051-977dfba08add", + "alias" : "Account verification options", + "description" : "Method with which to verity the existing account", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-email-verification", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Verify Existing Account by Re-authentication", + "userSetupAllowed" : false + } ] + }, { + "id" : "64d21769-b1ff-4012-8021-b724df8e759f", + "alias" : "Browser - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-otp-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "e07a9d36-3a69-431d-ae89-3ac51675ea16", + "alias" : "Direct Grant - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "direct-grant-validate-otp", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "db117f4e-e2f2-40b0-9d74-c3be8f6aacaf", + "alias" : "First broker login - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-otp-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "7a3723a1-f43f-44b4-aa75-d6d7f3c60fac", + "alias" : "Handle Existing Account", + "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-confirm-link", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Account verification options", + "userSetupAllowed" : false + } ] + }, { + "id" : "04b87ec9-fbc0-434d-ae6c-3b144d4c4fb3", + "alias" : "Reset - Conditional OTP", + "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-otp", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "12d1fb6a-2691-4616-921f-537b2930763a", + "alias" : "User creation or linking", + "description" : "Flow for the existing/non-existing user alternatives", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "create unique user config", + "authenticator" : "idp-create-user-if-unique", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Handle Existing Account", + "userSetupAllowed" : false + } ] + }, { + "id" : "72dd5217-9d7a-4b9a-8e81-c98390a05938", + "alias" : "Verify Existing Account by Re-authentication", + "description" : "Reauthentication of existing account", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-username-password-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "First broker login - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "652e9b64-0250-41aa-ab19-b6742aa2ee4f", + "alias" : "browser", + "description" : "browser based authentication", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-cookie", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-spnego", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "identity-provider-redirector", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 25, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 30, + "autheticatorFlow" : true, + "flowAlias" : "forms", + "userSetupAllowed" : false + } ] + }, { + "id" : "2707b9b1-9a49-44b9-bbd3-4333d6b16a98", + "alias" : "clients", + "description" : "Base authentication for clients", + "providerId" : "client-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "client-secret", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-jwt", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-secret-jwt", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 30, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-x509", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 40, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "1aee26cc-cca5-4eef-8fb9-afa36240b518", + "alias" : "direct grant", + "description" : "OpenID Connect Resource Owner Grant", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "direct-grant-validate-username", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "direct-grant-validate-password", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 30, + "autheticatorFlow" : true, + "flowAlias" : "Direct Grant - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "09bb06f3-ff4d-4b65-b609-fea90f93044f", + "alias" : "docker auth", + "description" : "Used by Docker clients to authenticate against the IDP", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "docker-http-basic-authenticator", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "10fe11ec-61e9-49a6-85a8-2cd4c24da4bf", + "alias" : "first broker login", + "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "review profile config", + "authenticator" : "idp-review-profile", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "User creation or linking", + "userSetupAllowed" : false + } ] + }, { + "id" : "67281328-09bb-4140-9cdb-5ea1bfcf827b", + "alias" : "forms", + "description" : "Username, password, otp and other auth forms.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-username-password-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Browser - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "e4d8833f-6b90-47a1-9d73-4fbf3c41e910", + "alias" : "registration", + "description" : "registration flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-page-form", + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : true, + "flowAlias" : "registration form", + "userSetupAllowed" : false + } ] + }, { + "id" : "41e56e9f-589e-4857-b28e-f6b8754ae400", + "alias" : "registration form", + "description" : "registration form", + "providerId" : "form-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-user-creation", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "registration-password-action", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 50, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "registration-recaptcha-action", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 60, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "412c0d35-ba19-4ee0-92de-4b00fd52e3fa", + "alias" : "reset credentials", + "description" : "Reset credentials for a user if they forgot their password or something", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "reset-credentials-choose-user", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-credential-email", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-password", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 30, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 40, + "autheticatorFlow" : true, + "flowAlias" : "Reset - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "eede5156-ace5-41f3-b86d-441278f5b337", + "alias" : "saml ecp", + "description" : "SAML ECP Profile Authentication Flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "http-basic-authenticator", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + } ], + "authenticatorConfig" : [ { + "id" : "2caebb6c-1b1b-42ec-ac41-1f1dabd609ad", + "alias" : "create unique user config", + "config" : { + "require.password.update.after.registration" : "false" + } + }, { + "id" : "8ef60759-3395-4d42-ba53-390f72df09d5", + "alias" : "review profile config", + "config" : { + "update.profile.on.first.login" : "missing" + } + } ], + "requiredActions" : [ { + "alias" : "CONFIGURE_TOTP", + "name" : "Configure OTP", + "providerId" : "CONFIGURE_TOTP", + "enabled" : true, + "defaultAction" : false, + "priority" : 10, + "config" : { } + }, { + "alias" : "TERMS_AND_CONDITIONS", + "name" : "Terms and Conditions", + "providerId" : "TERMS_AND_CONDITIONS", + "enabled" : false, + "defaultAction" : false, + "priority" : 20, + "config" : { } + }, { + "alias" : "UPDATE_PASSWORD", + "name" : "Update Password", + "providerId" : "UPDATE_PASSWORD", + "enabled" : true, + "defaultAction" : false, + "priority" : 30, + "config" : { } + }, { + "alias" : "UPDATE_PROFILE", + "name" : "Update Profile", + "providerId" : "UPDATE_PROFILE", + "enabled" : true, + "defaultAction" : false, + "priority" : 40, + "config" : { } + }, { + "alias" : "VERIFY_EMAIL", + "name" : "Verify Email", + "providerId" : "VERIFY_EMAIL", + "enabled" : true, + "defaultAction" : false, + "priority" : 50, + "config" : { } + }, { + "alias" : "delete_account", + "name" : "Delete Account", + "providerId" : "delete_account", + "enabled" : false, + "defaultAction" : false, + "priority" : 60, + "config" : { } + }, { + "alias" : "webauthn-register", + "name" : "Webauthn Register", + "providerId" : "webauthn-register", + "enabled" : true, + "defaultAction" : false, + "priority" : 70, + "config" : { } + }, { + "alias" : "webauthn-register-passwordless", + "name" : "Webauthn Register Passwordless", + "providerId" : "webauthn-register-passwordless", + "enabled" : true, + "defaultAction" : false, + "priority" : 80, + "config" : { } + }, { + "alias" : "delete_credential", + "name" : "Delete Credential", + "providerId" : "delete_credential", + "enabled" : true, + "defaultAction" : false, + "priority" : 100, + "config" : { } + }, { + "alias" : "update_user_locale", + "name" : "Update User Locale", + "providerId" : "update_user_locale", + "enabled" : true, + "defaultAction" : false, + "priority" : 1000, + "config" : { } + } ], + "browserFlow" : "browser", + "registrationFlow" : "registration", + "directGrantFlow" : "direct grant", + "resetCredentialsFlow" : "reset credentials", + "clientAuthenticationFlow" : "clients", + "dockerAuthenticationFlow" : "docker auth", + "firstBrokerLoginFlow" : "first broker login", + "attributes" : { + "cibaBackchannelTokenDeliveryMode" : "poll", + "cibaExpiresIn" : "120", + "cibaAuthRequestedUserHint" : "login_hint", + "oauth2DeviceCodeLifespan" : "600", + "clientOfflineSessionMaxLifespan" : "0", + "oauth2DevicePollingInterval" : "5", + "clientSessionIdleTimeout" : "0", + "parRequestUriLifespan" : "60", + "clientSessionMaxLifespan" : "0", + "clientOfflineSessionIdleTimeout" : "0", + "cibaInterval" : "5", + "realmReusableOtpCode" : "false" + }, + "keycloakVersion" : "24.0.4", + "userManagedAccessAllowed" : false, + "clientProfiles" : { + "profiles" : [ ] + }, + "clientPolicies" : { + "policies" : [ ] + } +} \ No newline at end of file diff --git a/basyx.submodelservice/basyx.submodelservice.component/example/run-security-test.sh b/basyx.submodelservice/basyx.submodelservice.component/example/run-security-test.sh index cc864e9a4..b6f1f03b2 100644 --- a/basyx.submodelservice/basyx.submodelservice.component/example/run-security-test.sh +++ b/basyx.submodelservice/basyx.submodelservice.component/example/run-security-test.sh @@ -9,7 +9,7 @@ # ============================================= # --- Keycloak credentials --- -TOKEN_URL="http://localhost:9102/realms/BaSyx/protocol/openid-connect/token" +TOKEN_URL="http://localhost/realms/BaSyx/protocol/openid-connect/token" CLIENT_ID="workstation-1" CLIENT_SECRET="nY0mjyECF60DGzNmQUjL81XurSl8etom" From 8f95a2c843e3dd1fc27d95766ea6f67747ecd453 Mon Sep 17 00:00:00 2001 From: geso02 Date: Wed, 30 Apr 2025 09:35:49 +0200 Subject: [PATCH 8/8] Use the real token instead of a mock for testing --- ...thorizedAasRepositoryRegistryLinkTest.java | 20 ++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/basyx.aasrepository/basyx.aasrepository-feature-registry-integration/src/test/java/org/eclipse/digitaltwin/basyx/aasrepository/feature/registry/integration/AuthorizedAasRepositoryRegistryLinkTest.java b/basyx.aasrepository/basyx.aasrepository-feature-registry-integration/src/test/java/org/eclipse/digitaltwin/basyx/aasrepository/feature/registry/integration/AuthorizedAasRepositoryRegistryLinkTest.java index 44749a7b5..acc7d6e6f 100644 --- a/basyx.aasrepository/basyx.aasrepository-feature-registry-integration/src/test/java/org/eclipse/digitaltwin/basyx/aasrepository/feature/registry/integration/AuthorizedAasRepositoryRegistryLinkTest.java +++ b/basyx.aasrepository/basyx.aasrepository-feature-registry-integration/src/test/java/org/eclipse/digitaltwin/basyx/aasrepository/feature/registry/integration/AuthorizedAasRepositoryRegistryLinkTest.java @@ -27,18 +27,22 @@ import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertThrows; + import java.io.FileNotFoundException; import java.io.IOException; +import java.util.List; import org.eclipse.digitaltwin.basyx.aasregistry.client.ApiException; import org.eclipse.digitaltwin.basyx.aasregistry.client.api.RegistryAndDiscoveryInterfaceApi; import org.eclipse.digitaltwin.basyx.aasregistry.client.model.AssetAdministrationShellDescriptor; import org.eclipse.digitaltwin.basyx.aasregistry.main.client.AuthorizedConnectedAasRegistry; +import org.eclipse.digitaltwin.basyx.client.internal.authorization.AccessTokenProviderFactory; import org.eclipse.digitaltwin.basyx.client.internal.authorization.TokenManager; +import org.eclipse.digitaltwin.basyx.client.internal.authorization.grant.AccessTokenProvider; +import org.eclipse.digitaltwin.basyx.client.internal.authorization.grant.GrantType; import org.junit.AfterClass; import org.junit.BeforeClass; import org.junit.Test; -import org.mockito.Mockito; import org.springframework.boot.SpringApplication; import org.springframework.context.ConfigurableApplicationContext; import org.springframework.http.HttpStatus; @@ -70,13 +74,19 @@ public static void tearDown() { appContext.close(); } + @Test public void sendUnauthorizedRequest() throws IOException { - TokenManager mockTokenManager = Mockito.mock(TokenManager.class); - - Mockito.when(mockTokenManager.getAccessToken()).thenReturn("mockedAccessToken"); + String clientId = "workstation-1"; + String clientSecret = "nY0mjyECF60DGzNmQUjL81XurSl8etom"; + + AccessTokenProviderFactory factory = new AccessTokenProviderFactory(GrantType.CLIENT_CREDENTIALS, List.of()); + factory.setClientCredentials(clientId, clientSecret); + AccessTokenProvider provider = factory.create(); + //issuer will also have the port number and will not match the registry issuer -> 401 invalid token, unauthorized + TokenManager tokenManager = new TokenManager("http://localhost:9098/realms/BaSyx/protocol/openid-connect/token", provider); - RegistryAndDiscoveryInterfaceApi registryApi = new AuthorizedConnectedAasRegistry(AAS_REGISTRY_BASE_URL, mockTokenManager); + RegistryAndDiscoveryInterfaceApi registryApi = new AuthorizedConnectedAasRegistry("http://localhost:8051", tokenManager); AssetAdministrationShellDescriptor descriptor = new AssetAdministrationShellDescriptor(); descriptor.setIdShort("shortId");