chore(upgrade-env): add trailing auth for realms

realms imported via initcontainer
eclipse-tractusx · Sep 26, 2023 · 18439ab · 18439ab
1 parent 3a09a4f
commit 18439ab
Show file tree

Hide file tree

Showing 10 changed files with 2,301 additions and 51 deletions.
diff --git a/import/realm-config/consortia/catenax-central/upgrade/CX-Central-realm.json b/import/realm-config/consortia/catenax-central/upgrade/CX-Central-realm.json
@@ -4792,6 +4792,35 @@
       },
       "notBefore": 0,
       "groups": []
+    },
+    {
+      "id" : "01b02e4f-1c16-437e-9555-9bbcfe4bade3",
+      "createdTimestamp" : 1652788086549,
+      "username" : "c3819cfb-72c2-45bf-9666-895af2e7fc19",
+      "enabled" : true,
+      "totp" : false,
+      "emailVerified" : true,
+      "firstName" : "Tester",
+      "lastName" : "Onboarding Provider",
+      "email" : "[email protected]",
+      "attributes" : {
+        "bpn" : [ "BPNL000000001OSP" ],
+        "organisation" : [ "Onboarding-Provider" ]
+      },
+      "credentials" : [ ],
+      "disableableCredentialTypes" : [ ],
+      "requiredActions" : [ ],
+      "federatedIdentities" : [ {
+        "identityProvider" : "Onboarding-Provider",
+        "userId" : "c5e606f8-0808-42ba-b285-74debb9d8335",
+        "userName" : "[email protected]"
+      } ],
+      "realmRoles" : [ "default-roles-catena-x realm" ],
+      "clientRoles" : {
+        "Cl2-CX-Portal" : [ "Company Admin" ]
+      },
+      "notBefore" : 0,
+      "groups" : [ ]
     }
   ],
   "scopeMappings": [
@@ -15773,15 +15802,15 @@
       "firstBrokerLoginFlowAlias": "first broker login",
       "config": {
         "validateSignature": "true",
-        "userInfoUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/CX-Test-Access/protocol/openid-connect/userinfo",
-        "tokenUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/CX-Test-Access/protocol/openid-connect/token",
+        "userInfoUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Test-Access/protocol/openid-connect/userinfo",
+        "tokenUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Test-Access/protocol/openid-connect/token",
         "clientId": "Central-IdP",
-        "jwksUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/CX-Test-Access/protocol/openid-connect/certs",
-        "issuer": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/CX-Test-Access",
+        "jwksUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Test-Access/protocol/openid-connect/certs",
+        "issuer": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Test-Access",
         "useJwksUrl": "true",
-        "authorizationUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/CX-Test-Access/protocol/openid-connect/auth",
+        "authorizationUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Test-Access/protocol/openid-connect/auth",
         "clientAuthMethod": "private_key_jwt",
-        "logoutUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/CX-Test-Access/protocol/openid-connect/logout",
+        "logoutUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Test-Access/protocol/openid-connect/logout",
         "syncMode": "IMPORT",
         "clientAssertionSigningAlg": "RS256"
       }
@@ -15800,15 +15829,15 @@
       "firstBrokerLoginFlowAlias": "first broker login",
       "config": {
         "validateSignature": "true",
-        "userInfoUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/Company-1/protocol/openid-connect/userinfo",
-        "tokenUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/Company-1/protocol/openid-connect/token",
+        "userInfoUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Company-1/protocol/openid-connect/userinfo",
+        "tokenUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Company-1/protocol/openid-connect/token",
         "clientId": "Central-IdP",
-        "jwksUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/Company-1/protocol/openid-connect/certs",
-        "issuer": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/Company-1",
+        "jwksUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Company-1/protocol/openid-connect/certs",
+        "issuer": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Company-1",
         "useJwksUrl": "true",
-        "authorizationUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/Company-1/protocol/openid-connect/auth",
+        "authorizationUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Company-1/protocol/openid-connect/auth",
         "clientAuthMethod": "private_key_jwt",
-        "logoutUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/Company-1/protocol/openid-connect/logout",
+        "logoutUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Company-1/protocol/openid-connect/logout",
         "syncMode": "IMPORT",
         "clientAssertionSigningAlg": "RS256"
       }
@@ -15827,15 +15856,15 @@
       "firstBrokerLoginFlowAlias": "first broker login",
       "config": {
         "validateSignature": "true",
-        "userInfoUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/Company-2/protocol/openid-connect/userinfo",
-        "tokenUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/Company-2/protocol/openid-connect/token",
+        "userInfoUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Company-2/protocol/openid-connect/userinfo",
+        "tokenUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Company-2/protocol/openid-connect/token",
         "clientId": "Central-IdP",
-        "jwksUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/Company-2/protocol/openid-connect/certs",
-        "issuer": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/Company-2",
+        "jwksUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Company-2/protocol/openid-connect/certs",
+        "issuer": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Company-2",
         "useJwksUrl": "true",
-        "authorizationUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/Company-2/protocol/openid-connect/auth",
+        "authorizationUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Company-2/protocol/openid-connect/auth",
         "clientAuthMethod": "private_key_jwt",
-        "logoutUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/Company-2/protocol/openid-connect/logout",
+        "logoutUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Company-2/protocol/openid-connect/logout",
         "syncMode": "IMPORT",
         "clientAssertionSigningAlg": "RS256"
       }
@@ -15854,15 +15883,15 @@
       "firstBrokerLoginFlowAlias": "first broker login",
       "config": {
         "validateSignature": "true",
-        "userInfoUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/Security-Company/protocol/openid-connect/userinfo",
-        "tokenUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/Security-Company/protocol/openid-connect/token",
+        "userInfoUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Security-Company/protocol/openid-connect/userinfo",
+        "tokenUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Security-Company/protocol/openid-connect/token",
         "clientId": "Central-IdP",
-        "jwksUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/Security-Company/protocol/openid-connect/certs",
-        "issuer": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/Security-Company",
+        "jwksUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Security-Company/protocol/openid-connect/certs",
+        "issuer": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Security-Company",
         "useJwksUrl": "true",
-        "authorizationUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/Security-Company/protocol/openid-connect/auth",
+        "authorizationUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Security-Company/protocol/openid-connect/auth",
         "clientAuthMethod": "private_key_jwt",
-        "logoutUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/Security-Company/protocol/openid-connect/logout",
+        "logoutUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Security-Company/protocol/openid-connect/logout",
         "syncMode": "IMPORT",
         "clientAssertionSigningAlg": "RS256"
       }
@@ -15884,11 +15913,11 @@
         "hideOnLoginPage": "false",
         "validateSignature": "true",
         "clientId": "central-idp",
-        "tokenUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/Service-Provider/protocol/openid-connect/token",
-        "authorizationUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/Service-Provider/protocol/openid-connect/auth",
-        "jwksUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/Service-Provider/protocol/openid-connect/certs",
+        "tokenUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Service-Provider/protocol/openid-connect/token",
+        "authorizationUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Service-Provider/protocol/openid-connect/auth",
+        "jwksUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Service-Provider/protocol/openid-connect/certs",
         "clientAuthMethod": "private_key_jwt",
-        "logoutUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/Service-Provider/protocol/openid-connect/logout",
+        "logoutUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Service-Provider/protocol/openid-connect/logout",
         "clientAssertionSigningAlg": "RS256",
         "syncMode": "FORCE",
         "useJwksUrl": "true"
@@ -15911,11 +15940,11 @@
         "hideOnLoginPage": "false",
         "validateSignature": "true",
         "clientId": "central-idp",
-        "tokenUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/App-Provider/protocol/openid-connect/token",
-        "authorizationUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/App-Provider/protocol/openid-connect/auth",
-        "jwksUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/App-Provider/protocol/openid-connect/certs",
+        "tokenUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/App-Provider/protocol/openid-connect/token",
+        "authorizationUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/App-Provider/protocol/openid-connect/auth",
+        "jwksUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/App-Provider/protocol/openid-connect/certs",
         "clientAuthMethod": "private_key_jwt",
-        "logoutUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/App-Provider/protocol/openid-connect/logout",
+        "logoutUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/App-Provider/protocol/openid-connect/logout",
         "clientAssertionSigningAlg": "RS256",
         "syncMode": "FORCE",
         "useJwksUrl": "true"
@@ -15938,15 +15967,42 @@
         "hideOnLoginPage": "false",
         "validateSignature": "true",
         "clientId": "central-idp",
-        "tokenUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/CX-Operator/protocol/openid-connect/token",
-        "authorizationUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/CX-Operator/protocol/openid-connect/auth",
-        "jwksUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/CX-Operator/protocol/openid-connect/certs",
+        "tokenUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Operator/protocol/openid-connect/token",
+        "authorizationUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Operator/protocol/openid-connect/auth",
+        "jwksUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Operator/protocol/openid-connect/certs",
         "clientAuthMethod": "private_key_jwt",
-        "logoutUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/CX-Operator/protocol/openid-connect/logout",
+        "logoutUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Operator/protocol/openid-connect/logout",
         "clientAssertionSigningAlg": "RS256",
         "syncMode": "FORCE",
         "useJwksUrl": "true"
       }
+    },
+    {
+      "alias": "Onboarding-Provider",
+      "displayName": "Onboarding-Provider",
+      "internalId": "8c1f0cf6-2872-45aa-8cfe-10a92de89092",
+      "providerId": "keycloak-oidc",
+      "enabled": true,
+      "updateProfileFirstLoginMode": "on",
+      "trustEmail": false,
+      "storeToken": false,
+      "addReadTokenRoleOnCreate": false,
+      "authenticateByDefault": false,
+      "linkOnly": false,
+      "firstBrokerLoginFlowAlias": "Login without auto user creation",
+      "config": {
+        "validateSignature": "true",
+        "pkceEnabled": "false",
+        "clientId": "central-idp",
+        "tokenUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Onboarding-Provider/protocol/openid-connect/token",
+        "jwksUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Onboarding-Provider/protocol/openid-connect/certs",
+        "clientAuthMethod": "private_key_jwt",
+        "authorizationUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Onboarding-Provider/protocol/openid-connect/auth",
+        "logoutUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Onboarding-Provider/protocol/openid-connect/logout",
+        "syncMode": "IMPORT",
+        "clientAssertionSigningAlg": "RS256",
+        "useJwksUrl": "true"
+      }
     }
   ],
   "identityProviderMappers": [
@@ -16103,6 +16159,17 @@
         "syncMode": "INHERIT",
         "attribute": "organisation"
       }
+    },
+    {
+      "id": "5f77e673-37bf-4950-9522-d0299c157926",
+      "name": "organisation-mapper",
+      "identityProviderAlias": "Onboarding-Provider",
+      "identityProviderMapper": "hardcoded-user-session-attribute-idp-mapper",
+      "config": {
+        "attribute.value": "Onboarding-Provider",
+        "syncMode": "INHERIT",
+        "attribute": "organisation"
+      }
     }
   ],
   "components": {

diff --git a/import/realm-config/consortia/catenax-shared/upgrade/App-Provider-realm.json b/import/realm-config/consortia/catenax-shared/upgrade/App-Provider-realm.json
@@ -638,7 +638,7 @@
       "clientAuthenticatorType": "client-jwt",
       "secret": "**********",
       "redirectUris": [
-        "https://centralidp-upgrade.dev.demo.catena-x.net/realms/CX-Central/broker/App-Provider/endpoint/*"
+        "https://centralidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Central/broker/App-Provider/endpoint/*"
       ],
       "webOrigins": [
         "+"
@@ -657,7 +657,7 @@
         "token.endpoint.auth.signing.alg": "RS256",
         "use.jwks.url": "true",
         "backchannel.logout.session.required": "true",
-        "jwks.url": "https://centralidp-upgrade.dev.demo.catena-x.net/realms/CX-Central/protocol/openid-connect/certs",
+        "jwks.url": "https://centralidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/certs",
         "backchannel.logout.revoke.offline.tokens": "false"
       },
       "authenticationFlowBindingOverrides": {},

diff --git a/import/realm-config/consortia/catenax-shared/upgrade/CX-Operator-realm.json b/import/realm-config/consortia/catenax-shared/upgrade/CX-Operator-realm.json
@@ -638,7 +638,7 @@
       "clientAuthenticatorType": "client-jwt",
       "secret": "**********",
       "redirectUris": [
-        "https://centralidp-upgrade.dev.demo.catena-x.net/realms/CX-Central/broker/CX-Operator/endpoint/*"
+        "https://centralidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Central/broker/CX-Operator/endpoint/*"
       ],
       "webOrigins": [
         "+"
@@ -657,7 +657,7 @@
         "token.endpoint.auth.signing.alg": "RS256",
         "use.jwks.url": "true",
         "backchannel.logout.session.required": "true",
-        "jwks.url": "https://centralidp-upgrade.dev.demo.catena-x.net/realms/CX-Central/protocol/openid-connect/certs",
+        "jwks.url": "https://centralidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/certs",
         "backchannel.logout.revoke.offline.tokens": "false"
       },
       "authenticationFlowBindingOverrides": {},

diff --git a/import/realm-config/consortia/catenax-shared/upgrade/CX-Test-Access-realm.json b/import/realm-config/consortia/catenax-shared/upgrade/CX-Test-Access-realm.json
@@ -636,7 +636,7 @@
       "clientAuthenticatorType": "client-jwt",
       "secret": "**********",
       "redirectUris": [
-        "https://centralidp-upgrade.dev.demo.catena-x.net/realms/CX-Central/broker/CX-Test-Access/endpoint/*"
+        "https://centralidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Central/broker/CX-Test-Access/endpoint/*"
       ],
       "webOrigins": [
         "+"
@@ -672,7 +672,7 @@
         "saml.server.signature": "false",
         "exclude.session.state.from.auth.response": "false",
         "saml.artifact.binding": "false",
-        "jwks.url": "https://centralidp-upgrade.dev.demo.catena-x.net/realms/CX-Central/protocol/openid-connect/certs",
+        "jwks.url": "https://centralidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/certs",
         "saml_force_name_id_format": "false",
         "tls.client.certificate.bound.access.tokens": "false",
         "saml.authnstatement": "false",

diff --git a/import/realm-config/consortia/catenax-shared/upgrade/Company-1-realm.json b/import/realm-config/consortia/catenax-shared/upgrade/Company-1-realm.json
@@ -637,7 +637,7 @@
       "clientAuthenticatorType": "client-jwt",
       "secret": "**********",
       "redirectUris": [
-        "https://centralidp-upgrade.dev.demo.catena-x.net/realms/CX-Central/broker/Company-1/endpoint/*"
+        "https://centralidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Central/broker/Company-1/endpoint/*"
       ],
       "webOrigins": [
         "+"
@@ -673,7 +673,7 @@
         "saml.server.signature": "false",
         "exclude.session.state.from.auth.response": "false",
         "saml.artifact.binding": "false",
-        "jwks.url": "https://centralidp-upgrade.dev.demo.catena-x.net/realms/CX-Central/protocol/openid-connect/certs",
+        "jwks.url": "https://centralidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/certs",
         "saml_force_name_id_format": "false",
         "tls.client.certificate.bound.access.tokens": "false",
         "saml.authnstatement": "false",

diff --git a/import/realm-config/consortia/catenax-shared/upgrade/Company-2-realm.json b/import/realm-config/consortia/catenax-shared/upgrade/Company-2-realm.json
@@ -636,7 +636,7 @@
       "clientAuthenticatorType": "client-jwt",
       "secret": "**********",
       "redirectUris": [
-        "https://centralidp-upgrade.dev.demo.catena-x.net/realms/CX-Central/broker/Company-2/endpoint/*"
+        "https://centralidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Central/broker/Company-2/endpoint/*"
       ],
       "webOrigins": [
         "+"
@@ -672,7 +672,7 @@
         "saml.server.signature": "false",
         "exclude.session.state.from.auth.response": "false",
         "saml.artifact.binding": "false",
-        "jwks.url": "https://centralidp-upgrade.dev.demo.catena-x.net/realms/CX-Central/protocol/openid-connect/certs",
+        "jwks.url": "https://centralidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/certs",
         "saml_force_name_id_format": "false",
         "tls.client.certificate.bound.access.tokens": "false",
         "saml.authnstatement": "false",