diff --git a/.DS_Store b/.DS_Store index 4a02c90..506ad18 100644 Binary files a/.DS_Store and b/.DS_Store differ diff --git a/.gitignore b/.gitignore index f0bdb94..94a12a5 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,6 @@ enterprise.txt -volumes \ No newline at end of file + +## Ignoring keycloak so it can be pulled already setup. +!volumes/keycloak/* +volumes diff --git a/README.md b/README.md index a38da21..12f07f1 100644 --- a/README.md +++ b/README.md @@ -1,38 +1,46 @@ # README -This is a docker compose file that contains a working Mattermost with an LDAP server. The LDAP image comes from [rroemhild/docker-test-openldap](https://github.com/rroemhild/docker-test-openldap). +This is a basic reproduction that includes various components preconfigured like SAML, LDAP, advanced logging, prometheus, grafana, and elasticsearch. -To start this docker file run the below from the root repo directory +## Making Changes - - -You can access mattermost via `localhost:8065`. +If you're testing changes with Mattermost I do not suggest running `docker compose restart` or `docker compose down / up` because the keycloak instance can quickly get into a failed state with too frequent of restarts. Instead do `docker down mattermost`. Additionally, the keycloak container can take up to 5 minutes to spin up. If it's taking a while with no logs output, just restart the keycloak container **only**. ## Getting Started 1. Add an enterprise license to this folder with the name `license.txt` + note: If you ignore this set Mattermost will not spin up. 2. Start the docker containers. This may take a second to download everything. -``` -docker-compose up -d -``` + If you don't want to watch the logs use the below: + ``` + docker-compose up -d + // OR + docker compose up -d // for docker desktop + ``` -3. You can log access Mattermost at `localhost:8065` + If you want to watch the logs start up with + ```bash + docker-compose up + // OR + docker compose up // for docker desktop + ``` -## Things to break +3. Sign into Mattermost + - You can use any of the accounts to sign in. + - The keycloak container can be **very** picky sometimes and require a restart of just that container to sign in with that method the first time. -- User left an ldap synced team of their own accord -- new email address, can't sign in -- ID attributes don't match. +## Accounts - - -## Make key - -```bash - -openssl req -x509 -newkey rsa:4096 -keyout myKey.pem -out cert.pem -days 365 -nodes -openssl pkcs12 -export -out keyStore.p12 -inkey myKey.pem -in cert.pem -``` \ No newline at end of file +| Username | Password | Keycloak Role | Mattermost Role | Can use LDAP? | Can use SAML? | +|-----------|-----------|---------------|-----------------|---------------|---------------| +| admin | admin | Admin | n/a | n/a | n/a | +| professor | professor | User | Sys Admin | Yes | Yes | +| bender | bender | User | Member | Yes | Yes | +| hermes | hermes | User | Sys Admin | Yes | Yes | +| fry | fry | User | Member | Yes | Yes | +| leela | leela | User | Member | Yes | Yes | +| zoidberg | zoidberg | User | Member | Yes | Yes | +| amy | amy | User | Member | Yes | Yes | diff --git a/certs/.DS_Store b/certs/.DS_Store new file mode 100644 index 0000000..8a9edb3 Binary files /dev/null and b/certs/.DS_Store differ diff --git a/certs/cert.pem b/certs/cert.pem deleted file mode 100644 index 34a4955..0000000 --- a/certs/cert.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEsDCCApgCCQDevuuaZ0R6dzANBgkqhkiG9w0BAQsFADAaMQswCQYDVQQGEwJV -UzELMAkGA1UECAwCTkMwHhcNMjIwOTI5MDAxMDI1WhcNMjMwOTI5MDAxMDI1WjAa -MQswCQYDVQQGEwJVUzELMAkGA1UECAwCTkMwggIiMA0GCSqGSIb3DQEBAQUAA4IC -DwAwggIKAoICAQCrQWpN8jzbgtWvpi3gKKYZPI8oHQfUN99ydSCDCtxgzEtQHYGn -hPKDMx74u5IGUHztyhPA+NtlFm/qq3IwhlaD0pWwPFuFYYHObK81US55joQh4riX -ouSIKyYrix9HTSrnG8zqrIyInBZF7s9mXA/OfIwOvNYqf3N8AwSFucZMflfFyvzF -w41denE7uoWY4L+4/zu37MlWo2mo8NFKNL/dnB2WJzXEvXVaDTD9ng1aVODbJjW2 -j7WTilZZi5+7hFup2yGVcYHAkGkZ+OKhDekuKln/EjCdFP/opxHM6s1JYVe/HHfV -nc/1Ib28fP3oMs0rfJfwR2OJ0wlid1ujRXjofZQ5d/RVsxf7PIOn9ErtWwuqIKBJ -Je1h/hyGsc8hKApR1PsNwkPctNgVayqNkCw+gQ1JtGOLIVOe1OwPH2gRHk6tFEDW -Ztut/uv8u4JCs0ebTdzfc8e/6SFLvTFZzBO2f/jVS+HU4yjmLhUZSqj3tVnYhQYQ -xoRhKKsQYtLw67cLVCt1xl+JThaUIJLQfSbgGKa4X+NKK+lLduw3hER3H8NseP46 -qhanRJYhaHNkdeGY/QO55Fn4jud0SEBezvBMMubHR9ui7g6YWSjmePh0Ef2y1B+H -y/dzaaccwfKar+MftU1cbEcDDpaiwKlb98HuVPouDq3NbVXJpIFoiou6SwIDAQAB -MA0GCSqGSIb3DQEBCwUAA4ICAQB3jf+B2TaBCyhP0gNvB4RhOVH35oPGR9p+8mbp -X3cyhZN9V7muB6Mjvm8MIqMZ/nYrRIeEXRItMvrq2bJ0VOU2gXkK0cfEPUWBjXzz -6AhE7Mo6tTX0AX3bT4HhUSqJjQpGQCjdz2bB5StZEAaK2WU1qtVv71mD6YLDTJqu -YzAXvuAvpk03MAEF5BnL3sAwz4jq2SrkojV5QUWu7xIawlCdXN6QmJbHLVQADpZ1 -BAP24Ip68HY2FddZdOsjqDZIQmXl+3tswewDAwRLYbrNCEfULdU5KaZKr0jj3JE9 -Jo1bt+ssjX+rVRHuD+J5cDr825/Hcpsu7g84yHn/wx5A1Bof+7DVno9n9f+bJPbp -8Zs9MGUNPw4eRLCh+K4HbWgEfrngfu7b/lcYXVvBAaTWKKii9n9Kb4165HJCEmL0 -Y5p7FqKbh+j2wBUn3xz6cWqn++hHvrRCn6dvoIqK2ZL9EU546YwUTbNT/ePuwuS3 -7yPwTMgBsxPbw6YIt1dtu/Ox6WCNSt+MBo3vGJI9HbSmMfA3J1dEMQYxyPd/eYRg -i5e42+YEntTKEHKt3FyGo790U4zrjujCkA48aBXtYapCpeb2xp9apR8SUIPj0gXP -hcwmpojF+Ou+xyXnHmJx9SEY53jpE9TDK+fjLnf+h1uHzEbKMqAaIgWLlWIzHZ+a -pntjqg== ------END CERTIFICATE----- diff --git a/certs/keyStore.p12 b/certs/keyStore.p12 deleted file mode 100644 index 784b534..0000000 Binary files a/certs/keyStore.p12 and /dev/null differ diff --git a/certs/mattermost.crt b/certs/mattermost.crt deleted file mode 100644 index d1be1db..0000000 --- a/certs/mattermost.crt +++ /dev/null @@ -1,87 +0,0 @@ -Bag Attributes - localKeyID: EF 64 CD 0D 53 DC 8C E1 64 D3 F5 EC 1D 94 15 D0 41 E9 E0 6E -subject=/C=US/ST=NC -issuer=/C=US/ST=NC ------BEGIN CERTIFICATE----- -MIIEsDCCApgCCQDevuuaZ0R6dzANBgkqhkiG9w0BAQsFADAaMQswCQYDVQQGEwJV -UzELMAkGA1UECAwCTkMwHhcNMjIwOTI5MDAxMDI1WhcNMjMwOTI5MDAxMDI1WjAa -MQswCQYDVQQGEwJVUzELMAkGA1UECAwCTkMwggIiMA0GCSqGSIb3DQEBAQUAA4IC -DwAwggIKAoICAQCrQWpN8jzbgtWvpi3gKKYZPI8oHQfUN99ydSCDCtxgzEtQHYGn -hPKDMx74u5IGUHztyhPA+NtlFm/qq3IwhlaD0pWwPFuFYYHObK81US55joQh4riX -ouSIKyYrix9HTSrnG8zqrIyInBZF7s9mXA/OfIwOvNYqf3N8AwSFucZMflfFyvzF -w41denE7uoWY4L+4/zu37MlWo2mo8NFKNL/dnB2WJzXEvXVaDTD9ng1aVODbJjW2 -j7WTilZZi5+7hFup2yGVcYHAkGkZ+OKhDekuKln/EjCdFP/opxHM6s1JYVe/HHfV -nc/1Ib28fP3oMs0rfJfwR2OJ0wlid1ujRXjofZQ5d/RVsxf7PIOn9ErtWwuqIKBJ -Je1h/hyGsc8hKApR1PsNwkPctNgVayqNkCw+gQ1JtGOLIVOe1OwPH2gRHk6tFEDW -Ztut/uv8u4JCs0ebTdzfc8e/6SFLvTFZzBO2f/jVS+HU4yjmLhUZSqj3tVnYhQYQ -xoRhKKsQYtLw67cLVCt1xl+JThaUIJLQfSbgGKa4X+NKK+lLduw3hER3H8NseP46 -qhanRJYhaHNkdeGY/QO55Fn4jud0SEBezvBMMubHR9ui7g6YWSjmePh0Ef2y1B+H -y/dzaaccwfKar+MftU1cbEcDDpaiwKlb98HuVPouDq3NbVXJpIFoiou6SwIDAQAB -MA0GCSqGSIb3DQEBCwUAA4ICAQB3jf+B2TaBCyhP0gNvB4RhOVH35oPGR9p+8mbp -X3cyhZN9V7muB6Mjvm8MIqMZ/nYrRIeEXRItMvrq2bJ0VOU2gXkK0cfEPUWBjXzz -6AhE7Mo6tTX0AX3bT4HhUSqJjQpGQCjdz2bB5StZEAaK2WU1qtVv71mD6YLDTJqu -YzAXvuAvpk03MAEF5BnL3sAwz4jq2SrkojV5QUWu7xIawlCdXN6QmJbHLVQADpZ1 -BAP24Ip68HY2FddZdOsjqDZIQmXl+3tswewDAwRLYbrNCEfULdU5KaZKr0jj3JE9 -Jo1bt+ssjX+rVRHuD+J5cDr825/Hcpsu7g84yHn/wx5A1Bof+7DVno9n9f+bJPbp -8Zs9MGUNPw4eRLCh+K4HbWgEfrngfu7b/lcYXVvBAaTWKKii9n9Kb4165HJCEmL0 -Y5p7FqKbh+j2wBUn3xz6cWqn++hHvrRCn6dvoIqK2ZL9EU546YwUTbNT/ePuwuS3 -7yPwTMgBsxPbw6YIt1dtu/Ox6WCNSt+MBo3vGJI9HbSmMfA3J1dEMQYxyPd/eYRg -i5e42+YEntTKEHKt3FyGo790U4zrjujCkA48aBXtYapCpeb2xp9apR8SUIPj0gXP -hcwmpojF+Ou+xyXnHmJx9SEY53jpE9TDK+fjLnf+h1uHzEbKMqAaIgWLlWIzHZ+a -pntjqg== ------END CERTIFICATE----- -Bag Attributes - localKeyID: EF 64 CD 0D 53 DC 8C E1 64 D3 F5 EC 1D 94 15 D0 41 E9 E0 6E -Key Attributes: ------BEGIN PRIVATE KEY----- -MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQCrQWpN8jzbgtWv -pi3gKKYZPI8oHQfUN99ydSCDCtxgzEtQHYGnhPKDMx74u5IGUHztyhPA+NtlFm/q -q3IwhlaD0pWwPFuFYYHObK81US55joQh4riXouSIKyYrix9HTSrnG8zqrIyInBZF -7s9mXA/OfIwOvNYqf3N8AwSFucZMflfFyvzFw41denE7uoWY4L+4/zu37MlWo2mo -8NFKNL/dnB2WJzXEvXVaDTD9ng1aVODbJjW2j7WTilZZi5+7hFup2yGVcYHAkGkZ -+OKhDekuKln/EjCdFP/opxHM6s1JYVe/HHfVnc/1Ib28fP3oMs0rfJfwR2OJ0wli -d1ujRXjofZQ5d/RVsxf7PIOn9ErtWwuqIKBJJe1h/hyGsc8hKApR1PsNwkPctNgV -ayqNkCw+gQ1JtGOLIVOe1OwPH2gRHk6tFEDWZtut/uv8u4JCs0ebTdzfc8e/6SFL -vTFZzBO2f/jVS+HU4yjmLhUZSqj3tVnYhQYQxoRhKKsQYtLw67cLVCt1xl+JThaU -IJLQfSbgGKa4X+NKK+lLduw3hER3H8NseP46qhanRJYhaHNkdeGY/QO55Fn4jud0 -SEBezvBMMubHR9ui7g6YWSjmePh0Ef2y1B+Hy/dzaaccwfKar+MftU1cbEcDDpai -wKlb98HuVPouDq3NbVXJpIFoiou6SwIDAQABAoICAHy0nt9xtQU3ybklbqSblRAt -fCV+tlO/9/OV/P3Pq9jFC1akleRRuHL3h+ciV1xHwiE6FJZh4QlEhGzDOdzCBj/p -2dzCpvaCoY6asB9IJWqY7/jo6vhowrexjBMLNNSsCcDPCrIcwh08ZC+6jcaA5XW8 -VhTpR58cvhCg9esW86KCIhJDFTxBgTB/1/LhiSVhC9t/6JGvWJHBX1CJRC4gKVML -urO7i7jfKZRQpMsaC6kqw65xrY1qKpPsmaKNPNzEricLDfKP/CcoQZCLHySeR525 -c119dm78ermE5z5sAN8dhlMBPPYN/AAJ+OtHrXEnhSXUjaOHqKEVTvEn70/+Z+Lb -WfD0haxbpacZYSunsa/T6qhF3x9DoK8E1BuMz0p/2zYemRhg2EigvchgiaAJ6TB7 -bfgmT37dQtq+BdOttc78/xDKEwp51OTDNF0GGCGsGfLaWerj/CarOnjvxX0D4tCZ -ix6dHTTHeI7gEdWaAjYyRhUc8CqNg9N73pp9ZJ5a0LVjCRtODBbjuyJZW++whuVR -I4ckRVRf2i9LSz10yYwtx/KD4qCsKBXjfddkhWSmL5UthbxR3VWHch/QqbxNGV/m -XYrWSIf+9AlfxR4QhYF8JXrQRvL9E66IkHyahOeyEE0Rc2q5AYMNM3k5VUtlBlDK -g7+XtqQTqh3eOwPO9UcJAoIBAQDZvEA2MxqnRq1joE17Dhxv3nO5U5MDUIInZXRr -aGgf41dIGi1qqeT4KxqbE9fYledKlLDDu/J+2O5svZyUs5xG1LKfWXkyeB7YgkOH -jjDKhAnzagV9EDwfR0PgNZtXMSEUQ4wU+wuBCo2fwu8lUEh12+jqpSR9aY04eWMq -d9udHCjMbak4d1rv3OCT9anSnKgBrbBfZAU5e25gUHYtwWA7ImF/tBdO3jmdD+fm -qgK62+grZgv3bq73LE1qoafg5uDtPHILRCpe2Az/5KS2g/jx4YK7PS4OATvsq6/9 -HMw6/H19U9CNaRmE1wRswPTkOhh5VU0JKYx5nO9G5PaOvRg/AoIBAQDJWhJ3bo/t -0KgID2peYzB9sFjQBknQwQa2A4QOsaeml+3oXt92eCjQlJOy4VDjFya4vY1g5iM2 -MRzLCBFKK33a0XG5u99x5jQJfPFF/h+3Ne3oO8DlnYK1TkIFg3/LV56AJGlqP9x7 -XG+LPlArN0kPoVfy9+X2eKN6mP2t3CeeUAqN+Njprra9cQBbnsrQ+i7y5LW2/j0U -+5/7Ks5bX0GTMW/uPQe4fZnBqRv2wZIIar3BxTGP2bvAVzE27VVzao47i8LCpK/i -VSKXLFq/lmC8KFEWwX4ruOeurqJY7gUMl6IQfbM4ghuEygG+xF3m0iBdD11sHN5v -aowvRQdQmvr1AoIBAHg2NiF2b5XBMMObYou5C7w7zhqY6MbgsSs9GVyfpTVN2AeH -5GFKcY8OhT7vYrFCehM0Kq+2Wbjs3h4NRaDX1UVJ82CFDqPtq+IPcWcq+wckhTXt -6B/XUcpXF0N3dU9bYY8FiBahUAWrpOt6vXwVahwgEOVTzeSr3Ps8EaMFz6tbO686 -MD5rrzpU8WzfKiaMtTlQAtt3pmbJHfRxF/5FEHM1lSzjaibyDE8J1BgG70DpXrJv -QdYXNuRigk+H9t71uWNhhvlvZhE9KVgyjTnzfQNWZU4pBf9XcRVG6QBO4PcEJeiG -2NLqHtu3tsqwccR7yr1aehC/7r3KBlVW3kWKYxMCggEAbzQKzOFIJly94K263mRD -rLcPZdyDOgLRVQb+ESt23yA7qcF0Azb7u67DH+EmzjTEEvXFNkYEHnLjZxKOkfsR -KB/SgnTLRFmSVccmbbSbCZGEUmVl9KqYPM/60Ja+pqw+gqEZgy+/8nWruShyGFwR -QsumCi91VzlreFM0j6fuTZYBLkXIbs8qZ9gYDYHWm7IA6e78mRMy4vrRcWND0tz6 -F3QPUHFuaSsdFwLxycdAgtuI75Kb+8mR0vmU2bQcJIEuCp72so9IAGVqlDlP6U4B -IQnXNw0oRLd7ZVNXoGvcaAb638a8i7H3xs/WROiov8k/TIYm34XWJ4yd3aFvF8pw -XQKCAQBydFyYSRNSb2nLBh6w7lL6aBjs8ubZ1gU0WWJUaPsEfowRPctPYGO2u2i1 -QWHRZuimlPFQ/fuX01G1463H/Oqb1jcfzIjAXafPOtnXZyofkF3Uv0OqnUFNGQBx -9K6TR4mZ+4EP8Ah2lxf1QDNSPVUvwA++Af0Mqnq1L4nPb9F7hCm6fpJ/RT1BJr3+ -thHyoZmv0VOgk6sHnsBIlpcI2CKfcAqcxCQOg1EigqXR7+7Ac8j9c3RWEYle9HGm -TuDFKIsuFm/7QtYp5tCKDMetnK1SAUDf2zxS5LRwP3njQSuexfXYGSrIjJgWFIb3 -x6HwQnd/hJeig7u6P5zf051OUo6W ------END PRIVATE KEY----- diff --git a/certs/mattermost.key b/certs/mattermost.key deleted file mode 100644 index 0272f83..0000000 --- a/certs/mattermost.key +++ /dev/null @@ -1,55 +0,0 @@ -Bag Attributes - localKeyID: EF 64 CD 0D 53 DC 8C E1 64 D3 F5 EC 1D 94 15 D0 41 E9 E0 6E -Key Attributes: ------BEGIN PRIVATE KEY----- -MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQCrQWpN8jzbgtWv -pi3gKKYZPI8oHQfUN99ydSCDCtxgzEtQHYGnhPKDMx74u5IGUHztyhPA+NtlFm/q -q3IwhlaD0pWwPFuFYYHObK81US55joQh4riXouSIKyYrix9HTSrnG8zqrIyInBZF -7s9mXA/OfIwOvNYqf3N8AwSFucZMflfFyvzFw41denE7uoWY4L+4/zu37MlWo2mo -8NFKNL/dnB2WJzXEvXVaDTD9ng1aVODbJjW2j7WTilZZi5+7hFup2yGVcYHAkGkZ -+OKhDekuKln/EjCdFP/opxHM6s1JYVe/HHfVnc/1Ib28fP3oMs0rfJfwR2OJ0wli -d1ujRXjofZQ5d/RVsxf7PIOn9ErtWwuqIKBJJe1h/hyGsc8hKApR1PsNwkPctNgV -ayqNkCw+gQ1JtGOLIVOe1OwPH2gRHk6tFEDWZtut/uv8u4JCs0ebTdzfc8e/6SFL -vTFZzBO2f/jVS+HU4yjmLhUZSqj3tVnYhQYQxoRhKKsQYtLw67cLVCt1xl+JThaU -IJLQfSbgGKa4X+NKK+lLduw3hER3H8NseP46qhanRJYhaHNkdeGY/QO55Fn4jud0 -SEBezvBMMubHR9ui7g6YWSjmePh0Ef2y1B+Hy/dzaaccwfKar+MftU1cbEcDDpai -wKlb98HuVPouDq3NbVXJpIFoiou6SwIDAQABAoICAHy0nt9xtQU3ybklbqSblRAt -fCV+tlO/9/OV/P3Pq9jFC1akleRRuHL3h+ciV1xHwiE6FJZh4QlEhGzDOdzCBj/p -2dzCpvaCoY6asB9IJWqY7/jo6vhowrexjBMLNNSsCcDPCrIcwh08ZC+6jcaA5XW8 -VhTpR58cvhCg9esW86KCIhJDFTxBgTB/1/LhiSVhC9t/6JGvWJHBX1CJRC4gKVML -urO7i7jfKZRQpMsaC6kqw65xrY1qKpPsmaKNPNzEricLDfKP/CcoQZCLHySeR525 -c119dm78ermE5z5sAN8dhlMBPPYN/AAJ+OtHrXEnhSXUjaOHqKEVTvEn70/+Z+Lb -WfD0haxbpacZYSunsa/T6qhF3x9DoK8E1BuMz0p/2zYemRhg2EigvchgiaAJ6TB7 -bfgmT37dQtq+BdOttc78/xDKEwp51OTDNF0GGCGsGfLaWerj/CarOnjvxX0D4tCZ -ix6dHTTHeI7gEdWaAjYyRhUc8CqNg9N73pp9ZJ5a0LVjCRtODBbjuyJZW++whuVR -I4ckRVRf2i9LSz10yYwtx/KD4qCsKBXjfddkhWSmL5UthbxR3VWHch/QqbxNGV/m -XYrWSIf+9AlfxR4QhYF8JXrQRvL9E66IkHyahOeyEE0Rc2q5AYMNM3k5VUtlBlDK -g7+XtqQTqh3eOwPO9UcJAoIBAQDZvEA2MxqnRq1joE17Dhxv3nO5U5MDUIInZXRr -aGgf41dIGi1qqeT4KxqbE9fYledKlLDDu/J+2O5svZyUs5xG1LKfWXkyeB7YgkOH -jjDKhAnzagV9EDwfR0PgNZtXMSEUQ4wU+wuBCo2fwu8lUEh12+jqpSR9aY04eWMq -d9udHCjMbak4d1rv3OCT9anSnKgBrbBfZAU5e25gUHYtwWA7ImF/tBdO3jmdD+fm -qgK62+grZgv3bq73LE1qoafg5uDtPHILRCpe2Az/5KS2g/jx4YK7PS4OATvsq6/9 -HMw6/H19U9CNaRmE1wRswPTkOhh5VU0JKYx5nO9G5PaOvRg/AoIBAQDJWhJ3bo/t -0KgID2peYzB9sFjQBknQwQa2A4QOsaeml+3oXt92eCjQlJOy4VDjFya4vY1g5iM2 -MRzLCBFKK33a0XG5u99x5jQJfPFF/h+3Ne3oO8DlnYK1TkIFg3/LV56AJGlqP9x7 -XG+LPlArN0kPoVfy9+X2eKN6mP2t3CeeUAqN+Njprra9cQBbnsrQ+i7y5LW2/j0U -+5/7Ks5bX0GTMW/uPQe4fZnBqRv2wZIIar3BxTGP2bvAVzE27VVzao47i8LCpK/i -VSKXLFq/lmC8KFEWwX4ruOeurqJY7gUMl6IQfbM4ghuEygG+xF3m0iBdD11sHN5v -aowvRQdQmvr1AoIBAHg2NiF2b5XBMMObYou5C7w7zhqY6MbgsSs9GVyfpTVN2AeH -5GFKcY8OhT7vYrFCehM0Kq+2Wbjs3h4NRaDX1UVJ82CFDqPtq+IPcWcq+wckhTXt -6B/XUcpXF0N3dU9bYY8FiBahUAWrpOt6vXwVahwgEOVTzeSr3Ps8EaMFz6tbO686 -MD5rrzpU8WzfKiaMtTlQAtt3pmbJHfRxF/5FEHM1lSzjaibyDE8J1BgG70DpXrJv -QdYXNuRigk+H9t71uWNhhvlvZhE9KVgyjTnzfQNWZU4pBf9XcRVG6QBO4PcEJeiG -2NLqHtu3tsqwccR7yr1aehC/7r3KBlVW3kWKYxMCggEAbzQKzOFIJly94K263mRD -rLcPZdyDOgLRVQb+ESt23yA7qcF0Azb7u67DH+EmzjTEEvXFNkYEHnLjZxKOkfsR -KB/SgnTLRFmSVccmbbSbCZGEUmVl9KqYPM/60Ja+pqw+gqEZgy+/8nWruShyGFwR -QsumCi91VzlreFM0j6fuTZYBLkXIbs8qZ9gYDYHWm7IA6e78mRMy4vrRcWND0tz6 -F3QPUHFuaSsdFwLxycdAgtuI75Kb+8mR0vmU2bQcJIEuCp72so9IAGVqlDlP6U4B -IQnXNw0oRLd7ZVNXoGvcaAb638a8i7H3xs/WROiov8k/TIYm34XWJ4yd3aFvF8pw -XQKCAQBydFyYSRNSb2nLBh6w7lL6aBjs8ubZ1gU0WWJUaPsEfowRPctPYGO2u2i1 -QWHRZuimlPFQ/fuX01G1463H/Oqb1jcfzIjAXafPOtnXZyofkF3Uv0OqnUFNGQBx -9K6TR4mZ+4EP8Ah2lxf1QDNSPVUvwA++Af0Mqnq1L4nPb9F7hCm6fpJ/RT1BJr3+ -thHyoZmv0VOgk6sHnsBIlpcI2CKfcAqcxCQOg1EigqXR7+7Ac8j9c3RWEYle9HGm -TuDFKIsuFm/7QtYp5tCKDMetnK1SAUDf2zxS5LRwP3njQSuexfXYGSrIjJgWFIb3 -x6HwQnd/hJeig7u6P5zf051OUo6W ------END PRIVATE KEY----- diff --git a/certs/myKey.pem b/certs/myKey.pem deleted file mode 100644 index cc22ca6..0000000 --- a/certs/myKey.pem +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQCrQWpN8jzbgtWv -pi3gKKYZPI8oHQfUN99ydSCDCtxgzEtQHYGnhPKDMx74u5IGUHztyhPA+NtlFm/q -q3IwhlaD0pWwPFuFYYHObK81US55joQh4riXouSIKyYrix9HTSrnG8zqrIyInBZF -7s9mXA/OfIwOvNYqf3N8AwSFucZMflfFyvzFw41denE7uoWY4L+4/zu37MlWo2mo -8NFKNL/dnB2WJzXEvXVaDTD9ng1aVODbJjW2j7WTilZZi5+7hFup2yGVcYHAkGkZ -+OKhDekuKln/EjCdFP/opxHM6s1JYVe/HHfVnc/1Ib28fP3oMs0rfJfwR2OJ0wli -d1ujRXjofZQ5d/RVsxf7PIOn9ErtWwuqIKBJJe1h/hyGsc8hKApR1PsNwkPctNgV -ayqNkCw+gQ1JtGOLIVOe1OwPH2gRHk6tFEDWZtut/uv8u4JCs0ebTdzfc8e/6SFL -vTFZzBO2f/jVS+HU4yjmLhUZSqj3tVnYhQYQxoRhKKsQYtLw67cLVCt1xl+JThaU -IJLQfSbgGKa4X+NKK+lLduw3hER3H8NseP46qhanRJYhaHNkdeGY/QO55Fn4jud0 -SEBezvBMMubHR9ui7g6YWSjmePh0Ef2y1B+Hy/dzaaccwfKar+MftU1cbEcDDpai -wKlb98HuVPouDq3NbVXJpIFoiou6SwIDAQABAoICAHy0nt9xtQU3ybklbqSblRAt -fCV+tlO/9/OV/P3Pq9jFC1akleRRuHL3h+ciV1xHwiE6FJZh4QlEhGzDOdzCBj/p -2dzCpvaCoY6asB9IJWqY7/jo6vhowrexjBMLNNSsCcDPCrIcwh08ZC+6jcaA5XW8 -VhTpR58cvhCg9esW86KCIhJDFTxBgTB/1/LhiSVhC9t/6JGvWJHBX1CJRC4gKVML -urO7i7jfKZRQpMsaC6kqw65xrY1qKpPsmaKNPNzEricLDfKP/CcoQZCLHySeR525 -c119dm78ermE5z5sAN8dhlMBPPYN/AAJ+OtHrXEnhSXUjaOHqKEVTvEn70/+Z+Lb -WfD0haxbpacZYSunsa/T6qhF3x9DoK8E1BuMz0p/2zYemRhg2EigvchgiaAJ6TB7 -bfgmT37dQtq+BdOttc78/xDKEwp51OTDNF0GGCGsGfLaWerj/CarOnjvxX0D4tCZ -ix6dHTTHeI7gEdWaAjYyRhUc8CqNg9N73pp9ZJ5a0LVjCRtODBbjuyJZW++whuVR -I4ckRVRf2i9LSz10yYwtx/KD4qCsKBXjfddkhWSmL5UthbxR3VWHch/QqbxNGV/m -XYrWSIf+9AlfxR4QhYF8JXrQRvL9E66IkHyahOeyEE0Rc2q5AYMNM3k5VUtlBlDK -g7+XtqQTqh3eOwPO9UcJAoIBAQDZvEA2MxqnRq1joE17Dhxv3nO5U5MDUIInZXRr -aGgf41dIGi1qqeT4KxqbE9fYledKlLDDu/J+2O5svZyUs5xG1LKfWXkyeB7YgkOH -jjDKhAnzagV9EDwfR0PgNZtXMSEUQ4wU+wuBCo2fwu8lUEh12+jqpSR9aY04eWMq -d9udHCjMbak4d1rv3OCT9anSnKgBrbBfZAU5e25gUHYtwWA7ImF/tBdO3jmdD+fm -qgK62+grZgv3bq73LE1qoafg5uDtPHILRCpe2Az/5KS2g/jx4YK7PS4OATvsq6/9 -HMw6/H19U9CNaRmE1wRswPTkOhh5VU0JKYx5nO9G5PaOvRg/AoIBAQDJWhJ3bo/t -0KgID2peYzB9sFjQBknQwQa2A4QOsaeml+3oXt92eCjQlJOy4VDjFya4vY1g5iM2 -MRzLCBFKK33a0XG5u99x5jQJfPFF/h+3Ne3oO8DlnYK1TkIFg3/LV56AJGlqP9x7 -XG+LPlArN0kPoVfy9+X2eKN6mP2t3CeeUAqN+Njprra9cQBbnsrQ+i7y5LW2/j0U -+5/7Ks5bX0GTMW/uPQe4fZnBqRv2wZIIar3BxTGP2bvAVzE27VVzao47i8LCpK/i -VSKXLFq/lmC8KFEWwX4ruOeurqJY7gUMl6IQfbM4ghuEygG+xF3m0iBdD11sHN5v -aowvRQdQmvr1AoIBAHg2NiF2b5XBMMObYou5C7w7zhqY6MbgsSs9GVyfpTVN2AeH -5GFKcY8OhT7vYrFCehM0Kq+2Wbjs3h4NRaDX1UVJ82CFDqPtq+IPcWcq+wckhTXt -6B/XUcpXF0N3dU9bYY8FiBahUAWrpOt6vXwVahwgEOVTzeSr3Ps8EaMFz6tbO686 -MD5rrzpU8WzfKiaMtTlQAtt3pmbJHfRxF/5FEHM1lSzjaibyDE8J1BgG70DpXrJv -QdYXNuRigk+H9t71uWNhhvlvZhE9KVgyjTnzfQNWZU4pBf9XcRVG6QBO4PcEJeiG -2NLqHtu3tsqwccR7yr1aehC/7r3KBlVW3kWKYxMCggEAbzQKzOFIJly94K263mRD -rLcPZdyDOgLRVQb+ESt23yA7qcF0Azb7u67DH+EmzjTEEvXFNkYEHnLjZxKOkfsR -KB/SgnTLRFmSVccmbbSbCZGEUmVl9KqYPM/60Ja+pqw+gqEZgy+/8nWruShyGFwR -QsumCi91VzlreFM0j6fuTZYBLkXIbs8qZ9gYDYHWm7IA6e78mRMy4vrRcWND0tz6 -F3QPUHFuaSsdFwLxycdAgtuI75Kb+8mR0vmU2bQcJIEuCp72so9IAGVqlDlP6U4B -IQnXNw0oRLd7ZVNXoGvcaAb638a8i7H3xs/WROiov8k/TIYm34XWJ4yd3aFvF8pw -XQKCAQBydFyYSRNSb2nLBh6w7lL6aBjs8ubZ1gU0WWJUaPsEfowRPctPYGO2u2i1 -QWHRZuimlPFQ/fuX01G1463H/Oqb1jcfzIjAXafPOtnXZyofkF3Uv0OqnUFNGQBx -9K6TR4mZ+4EP8Ah2lxf1QDNSPVUvwA++Af0Mqnq1L4nPb9F7hCm6fpJ/RT1BJr3+ -thHyoZmv0VOgk6sHnsBIlpcI2CKfcAqcxCQOg1EigqXR7+7Ac8j9c3RWEYle9HGm -TuDFKIsuFm/7QtYp5tCKDMetnK1SAUDf2zxS5LRwP3njQSuexfXYGSrIjJgWFIb3 -x6HwQnd/hJeig7u6P5zf051OUo6W ------END PRIVATE KEY----- diff --git a/deep-dive.env b/deep-dive.env deleted file mode 100644 index 585718b..0000000 --- a/deep-dive.env +++ /dev/null @@ -1,36 +0,0 @@ - - -# necessary Mattermost options/variables (see env.example) -MM_SQLSETTINGS_DRIVERNAME=postgres -MM_SQLSETTINGS_DATASOURCE=postgres://mmuser:mmuser_password@postgres:5432/mattermost?sslmode=disable&connect_timeout= -MM_SERVICESETTINGS_LICENSEFILELOCATION=config/license.mattermost-enterprise - -## turning on local mode so we can use mmctl in the startup script -MM_SERVICESETTINGS_ENABLELOCALMODE=true - -## LDAP config settings -MM_LDAPSETTINGS_ENABLE=true -MM_LDAPSETTINGS_ENABLESYNC=true -MM_LDAPSETTINGS_LDAPSERVER=openldap -MM_LDAPSETTINGS_LDAPPORT=10389 -MM_LDAPSETTINGS_BASEDN="dc=planetexpress,dc=com" -MM_LDAPSETTINGS_BINDUSERNAME="cn=admin,dc=planetexpress,dc=com" -MM_LDAPSETTINGS_BINDPASSWORD=GoodNewsEveryone -MM_LDAPSETTINGS_USERFILER=(objectClass=inetOrgPerson) -MM_LDAPSETTINGS_GROUPFILTER=(objectClass=Group) -MM_LDAPSETTINGS_EnableAdminFilter=true -MM_LDAPSETTINGS_AdminFilter="(memberof=cn=admin_staff,ou=people,dc=planetexpress,dc=com)" -MM_LDAPSETTINGS_GROUPDISPLAYNAMEATTRIBUTE=cn -MM_LDAPSETTINGS_GROUPIDATTRIBUTE=dn -MM_LDAPSETTINGS_FIRSTNAMEATTRIBUTE=givenName -MM_LDAPSETTINGS_LASTNAMEATTRIBUTE=sn -MM_LDAPSETTINGS_EmailAttribute=mail -MM_LDAPSETTINGS_UsernameAttribute=uid -MM_LDAPSETTINGS_IdAttribute=uid -MM_LDAPSETTINGS_LoginIdAttribute=uid -MM_LDAPSETTINGS_TRACE=true - -# MM_SamlSettings_IdpMetadataURL="http://keycloak:8080/auth/realms/master/protocol/saml/descriptor" - -MM_LOGSETTINGS_ADVANCEDLOGGINGCONFIG="{\"console-log\":{\"Type\":\"console\",\"Format\":\"json\",\"Levels\":[{\"ID\":10,\"Name\":\"stdlog\",\"Stacktrace\":false},{\"ID\":5,\"Name\":\"debug\",\"Stacktrace\":false},{\"ID\":4,\"Name\":\"info\",\"Stacktrace\":false,\"color\":36},{\"ID\":3,\"Name\":\"warn\",\"Stacktrace\":false,\"color\":33},{\"ID\":2,\"Name\":\"error\",\"Stacktrace\":true,\"color\":31},{\"ID\":1,\"Name\":\"fatal\",\"Stacktrace\":true},{\"ID\":0,\"Name\":\"panic\",\"Stacktrace\":true}],\"Options\":{\"Out\":\"stdout\"},\"MaxQueueSize\":1000},\"file-log\":{\"Type\":\"file\",\"Format\":\"json\",\"Levels\":[{\"ID\":10,\"Name\":\"stdlog\",\"Stacktrace\":false},{\"ID\":5,\"Name\":\"debug\",\"Stacktrace\":false},{\"ID\":4,\"Name\":\"info\",\"Stacktrace\":false},{\"ID\":3,\"Name\":\"warn\",\"Stacktrace\":false},{\"ID\":2,\"Name\":\"error\",\"Stacktrace\":true},{\"ID\":1,\"Name\":\"fatal\",\"Stacktrace\":true},{\"ID\":0,\"Name\":\"panic\",\"Stacktrace\":true}],\"Options\":{\"Compress\":true,\"Filename\":\"logs/traceLogs.json\",\"MaxAgeDays\":15,\"MaxBackups\":3,\"MaxSizeMB\":100},\"MaxQueueSize\":1000}}" - diff --git a/docker-compose.yml b/docker-compose.yml index 66f4efe..b08faa4 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,7 +2,7 @@ version: '3.9' services: postgres: - container_name: deep-dive-postgres + container_name: cs-repro-postgres environment: - POSTGRES_USER=mmuser - POSTGRES_PASSWORD=mmuser_password @@ -27,7 +27,7 @@ services: timeout: 3s retries: 3 openldap: - container_name: deep-dive-openldap + container_name: cs-repro-openldap hostname: openldap restart: unless-stopped image: rroemhild/test-openldap:latest @@ -35,16 +35,16 @@ services: - "10389:10389" - "10636:10636" prometheus: - container_name: deep-dive-prometheus + container_name: cs-repro-prometheus image: prom/prometheus:latest - restart: always + restart: unless-stopped ports: - 9090:9090 volumes: - ./files/prometheus.yml:/etc/prometheus/prometheus.yml:ro - ./volumes/prometheus:/prometheus grafana: - container_name: deep-dive-grafana + container_name: cs-repro-grafana image: grafana/grafana:7.5.7 ports: - 3000:3000 @@ -58,13 +58,12 @@ services: - ./files/grafana/provisioning:/etc/grafana/provisioning - ./volumes/grafana:/var/lib/grafana mattermost: - container_name: deep-dive-mattermost - env_file: - - deep-dive.env + platform: linux/amd64 + container_name: cs-repro-mattermost depends_on: postgres: condition: service_healthy - image: mattermost/mattermost-enterprise-edition:release-7.2 + image: mattermost/mattermost-enterprise-edition:release-7.5 restart: unless-stopped security_opt: - no-new-privileges:true @@ -76,22 +75,26 @@ services: tmpfs: - /tmp volumes: - - ./volumes/app/mattermost/config:/mattermost/config:rw - - ./volumes/app/mattermost/data:/mattermost/data:rw - - ./volumes/app/mattermost/logs:/mattermost/logs:rw - - ./volumes/app/mattermost/plugins:/mattermost/plugins:rw - - ./volumes/app/mattermost/client/plugins:/mattermost/client/plugins:rw - - ./volumes/app/mattermost/bleve-indexes:/mattermost/bleve-indexes:rw + - ./volumes/mattermost/config:/mattermost/config:rw + - ./volumes/mattermost/data:/mattermost/data:rw + - ./volumes/mattermost/logs:/mattermost/logs:rw + - ./volumes/mattermost/plugins:/mattermost/plugins:rw + - ./volumes/mattermost/client/plugins:/mattermost/client/plugins:rw + - ./volumes/mattermost/bleve-indexes:/mattermost/bleve-indexes:rw - ./enterprise.txt:/mattermost/config/license.mattermost-enterprise:ro + - ./files/mattermost/config.json:/mattermost/config/config.json + - ./files/mattermost/samlCert.crt:/mattermost/config/samlCert.crt + # - ./certs/mattermost.crt:/mattermost/config/mattermost.crt:rW keycloak: - image: quay.io/keycloak/keycloak:latest + container_name: cs-repro-keycloak + platform: linux/amd64 + image: keycloak/keycloak:18.0.0 volumes: - ./volumes/keycloak:/opt/keycloak/data:rw environment: - PROXY_ADDRESS_FORWARDING="true" - KEYCLOAK_ADMIN=admin - KEYCLOAK_ADMIN_PASSWORD=admin - # - KEYCLOAK_URL=http://localhost:8080/auth ports: - 8080:8080 command: diff --git a/files/.DS_Store b/files/.DS_Store index f352190..e8d33eb 100644 Binary files a/files/.DS_Store and b/files/.DS_Store differ diff --git a/files/keycloak/keycloakBackup.zip b/files/keycloak/keycloakBackup.zip new file mode 100644 index 0000000..4194509 Binary files /dev/null and b/files/keycloak/keycloakBackup.zip differ diff --git a/files/keycloak/realm-export.json b/files/keycloak/realm-export.json new file mode 100644 index 0000000..88d7dc2 --- /dev/null +++ b/files/keycloak/realm-export.json @@ -0,0 +1,2522 @@ +{ + "id": "a97f1e13-04fc-4a0e-829d-b6ba7a426b73", + "realm": "master", + "displayName": "Keycloak", + "displayNameHtml": "
Keycloak
", + "notBefore": 0, + "defaultSignatureAlgorithm": "RS256", + "revokeRefreshToken": false, + "refreshTokenMaxReuse": 0, + "accessTokenLifespan": 60, + "accessTokenLifespanForImplicitFlow": 900, + "ssoSessionIdleTimeout": 1800, + "ssoSessionMaxLifespan": 36000, + "ssoSessionIdleTimeoutRememberMe": 0, + "ssoSessionMaxLifespanRememberMe": 0, + "offlineSessionIdleTimeout": 2592000, + "offlineSessionMaxLifespanEnabled": false, + "offlineSessionMaxLifespan": 5184000, + "clientSessionIdleTimeout": 0, + "clientSessionMaxLifespan": 0, + "clientOfflineSessionIdleTimeout": 0, + "clientOfflineSessionMaxLifespan": 0, + "accessCodeLifespan": 60, + "accessCodeLifespanUserAction": 300, + "accessCodeLifespanLogin": 1800, + "actionTokenGeneratedByAdminLifespan": 43200, + "actionTokenGeneratedByUserLifespan": 300, + "oauth2DeviceCodeLifespan": 600, + "oauth2DevicePollingInterval": 600, + "enabled": true, + "sslRequired": "none", + "registrationAllowed": false, + "registrationEmailAsUsername": false, + "rememberMe": false, + "verifyEmail": false, + "loginWithEmailAllowed": true, + "duplicateEmailsAllowed": false, + "resetPasswordAllowed": false, + "editUsernameAllowed": false, + "bruteForceProtected": false, + "permanentLockout": false, + "maxFailureWaitSeconds": 900, + "minimumQuickLoginWaitSeconds": 60, + "waitIncrementSeconds": 60, + "quickLoginCheckMilliSeconds": 1000, + "maxDeltaTimeSeconds": 43200, + "failureFactor": 30, + "roles": { + "realm": [ + { + "id": "6ceda107-9da4-4045-8598-4c2f5f72f506", + "name": "offline_access", + "description": "${role_offline-access}", + "composite": false, + "clientRole": false, + "containerId": "a97f1e13-04fc-4a0e-829d-b6ba7a426b73", + "attributes": {} + }, + { + "id": "07ea6201-1dcb-4182-8661-eaa156e15120", + "name": "admin", + "description": "${role_admin}", + "composite": true, + "composites": { + "realm": [ + "create-realm" + ], + "client": { + "master-realm": [ + "view-identity-providers", + "create-client", + "view-events", + "manage-realm", + "query-users", + "view-realm", + "manage-identity-providers", + "manage-authorization", + "query-clients", + "query-groups", + "manage-clients", + "manage-events", + "query-realms", + "impersonation", + "view-users", + "view-authorization", + "manage-users", + "view-clients" + ] + } + }, + "clientRole": false, + "containerId": "a97f1e13-04fc-4a0e-829d-b6ba7a426b73", + "attributes": {} + }, + { + "id": "7b305a19-b453-4315-94be-d7d831ee2e31", + "name": "uma_authorization", + "description": "${role_uma_authorization}", + "composite": false, + "clientRole": false, + "containerId": "a97f1e13-04fc-4a0e-829d-b6ba7a426b73", + "attributes": {} + }, + { + "id": "92580f99-5da1-417c-b48d-1cabef7fc006", + "name": "create-realm", + "description": "${role_create-realm}", + "composite": false, + "clientRole": false, + "containerId": "a97f1e13-04fc-4a0e-829d-b6ba7a426b73", + "attributes": {} + }, + { + "id": "c95f33a9-eebb-4c7a-96b5-ec28df088b46", + "name": "default-roles-master", + "description": "${role_default-roles}", + "composite": true, + "composites": { + "realm": [ + "offline_access", + "uma_authorization" + ], + "client": { + "account": [ + "manage-account", + "view-profile" + ] + } + }, + "clientRole": false, + "containerId": "a97f1e13-04fc-4a0e-829d-b6ba7a426b73", + "attributes": {} + } + ], + "client": { + "mattermost": [], + "security-admin-console": [], + "admin-cli": [], + "account-console": [], + "broker": [ + { + "id": "d6435a61-4e33-4db3-8e69-8f1fb30b6873", + "name": "read-token", + "description": "${role_read-token}", + "composite": false, + "clientRole": true, + "containerId": "9210e2c0-6e39-408d-8c28-044b00f75a44", + "attributes": {} + } + ], + "master-realm": [ + { + "id": "95c7790e-4740-4a32-813f-bcc42e0c2ce7", + "name": "view-identity-providers", + "description": "${role_view-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "30e97ab6-7d99-445f-9744-04328a5e098e", + "attributes": {} + }, + { + "id": "077473ec-4f55-4b73-8f94-0e1bf88db2c3", + "name": "create-client", + "description": "${role_create-client}", + "composite": false, + "clientRole": true, + "containerId": "30e97ab6-7d99-445f-9744-04328a5e098e", + "attributes": {} + }, + { + "id": "886a497e-00d8-4ccb-bfd5-321800cf4b9d", + "name": "view-events", + "description": "${role_view-events}", + "composite": false, + "clientRole": true, + "containerId": "30e97ab6-7d99-445f-9744-04328a5e098e", + "attributes": {} + }, + { + "id": "7380ae62-f6ef-46c1-be8e-e8ecfb9549b1", + "name": "manage-realm", + "description": "${role_manage-realm}", + "composite": false, + "clientRole": true, + "containerId": "30e97ab6-7d99-445f-9744-04328a5e098e", + "attributes": {} + }, + { + "id": "2fd4abbc-9eac-4701-acfc-3ec1ec00b66d", + "name": "query-users", + "description": "${role_query-users}", + "composite": false, + "clientRole": true, + "containerId": "30e97ab6-7d99-445f-9744-04328a5e098e", + "attributes": {} + }, + { + "id": "5ba5179c-a484-42e7-af2d-defa50bfc4d8", + "name": "view-realm", + "description": "${role_view-realm}", + "composite": false, + "clientRole": true, + "containerId": "30e97ab6-7d99-445f-9744-04328a5e098e", + "attributes": {} + }, + { + "id": "b50363c0-3ac2-410a-aac1-6a5d4b6db4e1", + "name": "manage-identity-providers", + "description": "${role_manage-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "30e97ab6-7d99-445f-9744-04328a5e098e", + "attributes": {} + }, + { + "id": "b0e4af2b-833a-4591-b971-6f5a8a5b55d5", + "name": "manage-authorization", + "description": "${role_manage-authorization}", + "composite": false, + "clientRole": true, + "containerId": "30e97ab6-7d99-445f-9744-04328a5e098e", + "attributes": {} + }, + { + "id": "43c9c1d8-186f-439b-ab3c-b20bb0b4dcb2", + "name": "query-clients", + "description": "${role_query-clients}", + "composite": false, + "clientRole": true, + "containerId": "30e97ab6-7d99-445f-9744-04328a5e098e", + "attributes": {} + }, + { + "id": "fea03a8f-e7a8-40c8-9642-02a10c0a4320", + "name": "manage-clients", + "description": "${role_manage-clients}", + "composite": false, + "clientRole": true, + "containerId": "30e97ab6-7d99-445f-9744-04328a5e098e", + "attributes": {} + }, + { + "id": "2d14a5c7-e054-4f69-8b97-f7bc9eecdfd8", + "name": "query-groups", + "description": "${role_query-groups}", + "composite": false, + "clientRole": true, + "containerId": "30e97ab6-7d99-445f-9744-04328a5e098e", + "attributes": {} + }, + { + "id": "a577d4ef-342a-4d29-9f6a-20c9dd491067", + "name": "manage-events", + "description": "${role_manage-events}", + "composite": false, + "clientRole": true, + "containerId": "30e97ab6-7d99-445f-9744-04328a5e098e", + "attributes": {} + }, + { + "id": "616ea72c-d23c-41bc-8cad-70aef73a35b2", + "name": "impersonation", + "description": "${role_impersonation}", + "composite": false, + "clientRole": true, + "containerId": "30e97ab6-7d99-445f-9744-04328a5e098e", + "attributes": {} + }, + { + "id": "07223c48-e5d7-4295-99d2-51bc49693a3d", + "name": "query-realms", + "description": "${role_query-realms}", + "composite": false, + "clientRole": true, + "containerId": "30e97ab6-7d99-445f-9744-04328a5e098e", + "attributes": {} + }, + { + "id": "9ce6baa3-3ea4-4f5b-829d-bb704346cdbf", + "name": "view-users", + "description": "${role_view-users}", + "composite": true, + "composites": { + "client": { + "master-realm": [ + "query-groups", + "query-users" + ] + } + }, + "clientRole": true, + "containerId": "30e97ab6-7d99-445f-9744-04328a5e098e", + "attributes": {} + }, + { + "id": "e034b189-5a49-4a82-a2fa-263a1142cf2e", + "name": "view-authorization", + "description": "${role_view-authorization}", + "composite": false, + "clientRole": true, + "containerId": "30e97ab6-7d99-445f-9744-04328a5e098e", + "attributes": {} + }, + { + "id": "94ed2028-7ed5-4183-8c1b-7ccd6e6ad745", + "name": "manage-users", + "description": "${role_manage-users}", + "composite": false, + "clientRole": true, + "containerId": "30e97ab6-7d99-445f-9744-04328a5e098e", + "attributes": {} + }, + { + "id": "09cf429d-67c9-422b-bb95-0a26bb7ce7c2", + "name": "view-clients", + "description": "${role_view-clients}", + "composite": true, + "composites": { + "client": { + "master-realm": [ + "query-clients" + ] + } + }, + "clientRole": true, + "containerId": "30e97ab6-7d99-445f-9744-04328a5e098e", + "attributes": {} + } + ], + "account": [ + { + "id": "869fe846-8c14-4cd3-9bbf-e477bcadd1b4", + "name": "view-applications", + "description": "${role_view-applications}", + "composite": false, + "clientRole": true, + "containerId": "a68e0f49-c5dd-4484-bc13-8032a28a1db3", + "attributes": {} + }, + { + "id": "6d914cb9-a27f-4e72-a359-6312bec6fff2", + "name": "view-consent", + "description": "${role_view-consent}", + "composite": false, + "clientRole": true, + "containerId": "a68e0f49-c5dd-4484-bc13-8032a28a1db3", + "attributes": {} + }, + { + "id": "847706e1-5309-4a7b-929f-450395f9d82e", + "name": "manage-account", + "description": "${role_manage-account}", + "composite": true, + "composites": { + "client": { + "account": [ + "manage-account-links" + ] + } + }, + "clientRole": true, + "containerId": "a68e0f49-c5dd-4484-bc13-8032a28a1db3", + "attributes": {} + }, + { + "id": "96c95342-d281-4f7b-8e46-bd9d0a6f7d07", + "name": "manage-consent", + "description": "${role_manage-consent}", + "composite": true, + "composites": { + "client": { + "account": [ + "view-consent" + ] + } + }, + "clientRole": true, + "containerId": "a68e0f49-c5dd-4484-bc13-8032a28a1db3", + "attributes": {} + }, + { + "id": "416e5096-dfdf-4ad4-892b-29fcc48b0bbd", + "name": "delete-account", + "description": "${role_delete-account}", + "composite": false, + "clientRole": true, + "containerId": "a68e0f49-c5dd-4484-bc13-8032a28a1db3", + "attributes": {} + }, + { + "id": "cbd3b120-bf5b-4239-953d-adacc0c75927", + "name": "view-profile", + "description": "${role_view-profile}", + "composite": false, + "clientRole": true, + "containerId": "a68e0f49-c5dd-4484-bc13-8032a28a1db3", + "attributes": {} + }, + { + "id": "bc0b6832-4f2e-4616-b52d-57cad36b91e4", + "name": "manage-account-links", + "description": "${role_manage-account-links}", + "composite": false, + "clientRole": true, + "containerId": "a68e0f49-c5dd-4484-bc13-8032a28a1db3", + "attributes": {} + } + ] + } + }, + "groups": [], + "defaultRole": { + "id": "c95f33a9-eebb-4c7a-96b5-ec28df088b46", + "name": "default-roles-master", + "description": "${role_default-roles}", + "composite": true, + "clientRole": false, + "containerId": "a97f1e13-04fc-4a0e-829d-b6ba7a426b73" + }, + "requiredCredentials": [ + "password" + ], + "otpPolicyType": "totp", + "otpPolicyAlgorithm": "HmacSHA1", + "otpPolicyInitialCounter": 0, + "otpPolicyDigits": 6, + "otpPolicyLookAheadWindow": 1, + "otpPolicyPeriod": 30, + "otpSupportedApplications": [ + "FreeOTP", + "Google Authenticator" + ], + "webAuthnPolicyRpEntityName": "keycloak", + "webAuthnPolicySignatureAlgorithms": [ + "ES256" + ], + "webAuthnPolicyRpId": "", + "webAuthnPolicyAttestationConveyancePreference": "not specified", + "webAuthnPolicyAuthenticatorAttachment": "not specified", + "webAuthnPolicyRequireResidentKey": "not specified", + "webAuthnPolicyUserVerificationRequirement": "not specified", + "webAuthnPolicyCreateTimeout": 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyAcceptableAaguids": [], + "webAuthnPolicyPasswordlessRpEntityName": "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms": [ + "ES256" + ], + "webAuthnPolicyPasswordlessRpId": "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", + "webAuthnPolicyPasswordlessCreateTimeout": 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyPasswordlessAcceptableAaguids": [], + "scopeMappings": [ + { + "clientScope": "offline_access", + "roles": [ + "offline_access" + ] + } + ], + "clientScopeMappings": { + "account": [ + { + "client": "account-console", + "roles": [ + "manage-account" + ] + } + ] + }, + "clients": [ + { + "id": "a68e0f49-c5dd-4484-bc13-8032a28a1db3", + "clientId": "account", + "name": "${client_account}", + "rootUrl": "${authBaseUrl}", + "baseUrl": "/realms/master/account/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "/realms/master/account/*" + ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "df4abd4c-6513-49f0-87be-f931b68b79f6", + "clientId": "account-console", + "name": "${client_account-console}", + "rootUrl": "${authBaseUrl}", + "baseUrl": "/realms/master/account/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "/realms/master/account/*" + ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "pkce.code.challenge.method": "S256" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "a83246f2-0e8b-47fb-b116-64ecce0b72a6", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": {} + } + ], + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "fb2e402e-5848-42e1-a922-74c763adee65", + "clientId": "admin-cli", + "name": "${client_admin-cli}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "9210e2c0-6e39-408d-8c28-044b00f75a44", + "clientId": "broker", + "name": "${client_broker}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "30e97ab6-7d99-445f-9744-04328a5e098e", + "clientId": "master-realm", + "name": "master Realm", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "724e3122-78db-4c7d-bacc-04260c6a5ed2", + "clientId": "mattermost", + "rootUrl": "http://localhost:8065", + "baseUrl": "/login/sso/saml", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "redirectUris": [ + "/login/sso/saml" + ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": true, + "protocol": "saml", + "attributes": { + "saml.force.post.binding": "true", + "saml.multivalued.roles": "false", + "frontchannel.logout.session.required": "false", + "oauth2.device.authorization.grant.enabled": "false", + "backchannel.logout.revoke.offline.tokens": "false", + "saml.server.signature.keyinfo.ext": "false", + "use.refresh.tokens": "true", + "saml.signing.certificate": "MIICozCCAYsCBgGFojx4JDANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDDAptYXR0ZXJtb3N0MB4XDTIzMDExMTE5MDczMFoXDTMzMDExMTE5MDkxMFowFTETMBEGA1UEAwwKbWF0dGVybW9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKx1RXhDMskLAra9Eyhaadhrxym0t8hDGq+SXby5O0+1kS62YUbKzwLLpedMmvsxXG5CMI8iSU/GxgdgwUQndQPVITVBptovqRvKUZUxQNEZewN2k9pzzcG5jX2eyZSoxZVv4drgoTVKd21xldQgQ2n14qkfrRMFEP3P7WSCxNjVJM25mcgid5/kpiwX1Kx42PNdb53weuZlfveNwdMP8JSxPu1fwg/F8ddpr/MnNKbZMPuxsT67jovZt3X4yANZ3S80DKOc1YKKqOPObvzJ7GmHlCsfS8BAvNPvhRMAI4ItUzyjm3nTpj0XLq0LskM0ixtX9gICGBm1XXFomvMFlq0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAiIhLE3NaWRkl9ECECf0fQunFgHFJww6PzV4XciYllytPYBnbrUpc+Hsj7litriwwWwj4QmXpasl8iwVKvTQVxJ2XmIUfoNRjrhQ+KZ3VO85FYcC0Qvz7BLdsBOsWa6b/2h2JK04a9gff/CmGhZwkJAx+of/gyTjV3VfI7UFY0+yCQs9acCn0Zf6y2av6HfN9pYA7yPhShMEb3Va6ZDsFra6xG5cpS2ZNMdJw7M5WmBvAt9C0a0/GPmajzENbES0sXrjho4JshJsLjynbNN/g02GlAtC9E132rYf5FNlepsUet61dixRU/VVH+2DaZLF4r7781ZDDhiAHCM1Iq3gFsA==", + "oidc.ciba.grant.enabled": "false", + "backchannel.logout.session.required": "false", + "client_credentials.use_refresh_token": "false", + "saml.signature.algorithm": "RSA_SHA256", + "require.pushed.authorization.requests": "false", + "saml.client.signature": "false", + "saml.signing.private.key": "MIIEpAIBAAKCAQEArHVFeEMyyQsCtr0TKFpp2GvHKbS3yEMar5JdvLk7T7WRLrZhRsrPAsul50ya+zFcbkIwjyJJT8bGB2DBRCd1A9UhNUGm2i+pG8pRlTFA0Rl7A3aT2nPNwbmNfZ7JlKjFlW/h2uChNUp3bXGV1CBDafXiqR+tEwUQ/c/tZILE2NUkzbmZyCJ3n+SmLBfUrHjY811vnfB65mV+943B0w/wlLE+7V/CD8Xx12mv8yc0ptkw+7GxPruOi9m3dfjIA1ndLzQMo5zVgoqo485u/MnsaYeUKx9LwEC80++FEwAjgi1TPKObedOmPRcurQuyQzSLG1f2AgIYGbVdcWia8wWWrQIDAQABAoIBAAKSKPv2/H3UxTCWNv/mASfxy2FKyWaZ4X72jqEunby9dzGcFG0qvtVK1elR0gmmnbsjD3hCyZb/3pnjjl4GvI7XEYyqsuMTzNCWPosb1dyIJbZSgTfDfDDEJGDYCidGMNPefB54NM8Hkio2hEZKSNb+jGd7Cmh7Ldqqy94wuOCGnpGyKM2Eg949UlwC4gNhS3HBojJo+e9iWkMsYMRm/gOuPXwE/Zh305ZHbDCQpX9nXEBos7A9gqbqMKZqY8sL6DhncSYKtxHijV2sVpCRquHYHsHMAIpy1he9LDGX7Wrbs9Y0RY0VNyMlgoJO8i9Ovqfr7d+mKid8ivq71Sv/82ECgYEA91G4Xy7apirnkFgzIDmMYsRGSelxT2+38JPUIwwuaUc+WzW7lyO3H+LMq3OFMdsqIlDsHYBAnEHjTzwBGdwMxpACLjhzCnJt1ELRzEUUwOU+BSVpxT2ROp+ZbT0RerkmrvX8PMSsxSBrkQj/Rk9dDh/0QSRB2TLM2hPG4+vkX/kCgYEAsoLjfTz2wDo+sm6wB/dtr9EAoA9f5e6cWuT/mM7OB4TuhdgCEvUeQ+jR0vqQ9necSByA5o9DbM5TzXjX652NvTByLrvnNYzvsj6K2o24+26J3BRyGJpuYlk2Z9Co9RdXKe8bxh1/6SPWapfgRaFSY2QL+zMpXrLYJTnIhQZPwVUCgYEAt001Ji621WOFPwFv2xlsCCPKqKtBVQvLO56FIvi7SUIJYFah03IgHpzc7tHuzTXPs6FgbrkIqgdXbvldI4ppWZ2QUCt8cCjBaAmiLxCgQhtl7TB+hTaNdfKmJ0WUt+2UUyZzraJjHrNZpiQR902I/ZgHU2SI/W7eT19LENBb8hkCgYAq4ZRCHmXr0VIETOCOWVqI9Hzg9jCELGh00TOxAmStm7osfrIo2ab2izP0KWqvOhZZoDc6q0l4Fqw83H2JxOQqgTu8jDjDPWLK/4kdbRP1mh0Vt/ecf2RqzaFrGM2tanjuwth6I9X5LDmyi189er4uz/as1iJm9DFF5/aKNfTsrQKBgQCHq3nxcNhn3obBrXtvoYX9eXceuJNRcOJOOpIOovF2ea4B0z1kVzI35MAqY6Z5NAa0yHyUOuUntNZtvYGgsPNo4qtxvo8pmgAcSbGNM7AFws98+56PY09fgiVEBrE4NPmoGfCFmTGfpROZecsJtWF/pj7rw2KVXPuQgE2lpxf5kA==", + "saml.allow.ecp.flow": "false", + "id.token.as.detached.signature": "false", + "saml.assertion.signature": "false", + "client.secret.creation.time": "1673464207", + "saml.encryption.private.key": "MIIEpQIBAAKCAQEAy830vuA0ISsrbyLWBywiD+3XNu//z9qRx4uiy+948DXWjlEirLx9GwWJZHuPKtEgFxXHjOD2Eko7W/m+EznTHHVxV0guDYviCLdi5sqpnBRZS5146cr1fJCkOEGUC1HWCxXaQb3LH7JZbXuvIKWAiZnDcDYn//fS8zdz7N9WRqpRntKodGEtBud73tG6PmESi2E5aiHi0zrTmN51RxVtX8bEe5ET3Whl6wG1wnD/GPfuNpYPr+GFs2VK9Fi6vQs8SUo1P1bTH2V1VkJmovOBIT9aalBl60P8ByZ3dX5x1HY01Vy1IIPKBOHu+cLCUNtROLWNQIajJWuobckcxxliTQIDAQABAoIBAAvCDR26B6fmOrJFuz1csXZjzWfQ/tw6CvENQE4tubd6E6/QRITctwcJEb0nV8IroINUcVfSXr/9YmFTDkFDs8dPi0Ny2Z1Udaz1D5KrHI/xqJkxM5mhaPpPyfmo5uakSQoIr7fdQEvK2Vf0q8zhX4IQyfK+XR5qaNQ5XcnLtMmMzYApqgL2rwVoSvO39+BZiXzraEDykSdPRXV4RawaeXSllzqXUZwWy7P2ZwxR4+Vix2H1/m8bBrAcYptetwEi0K/T1mZualrU8P1HsJZEPA76BxNrKORk4U4RKCPaVV6mI73zxxI+1rpR6XooEQFVzHxFtvBWpibwPlu6CFNdCyECgYEA+4Oh/FHIANmmPu6QKt+XnguSzdl5Ar7FS6Gd8ksIHpLdpEfkCTugK5T/s/hpkPZQETcpgk7xqpaOkPNnmqaXfCa8BAQnM7UkhhqEpa4dSdFES/wqaVEZAgbITkoQVlXWZtkaAFV9PacxfQVEEcGn2qNZFb6uLa4bXq3EXbXf/oUCgYEAz3B9X2FzdfigEjbyks1Btq+L/OhrhqW6vkjKFSNyjz/OY9QsC9K08gqTPNkzFipUIBzrNIpXqia4Ew4OJXJXu1obezd5gWd1Jg+eNhemde1TaQ9GZbawG9vGWQmuE02jOzDEF7YcN2IL/6k8U29kXBru+GrruNzHkVF+jDFK0ykCgYEA7yYjoRJ19PD+1TnrVQjTVpC0nwzYtlaErLxYvajAaKnHG8zLtEfArY/4bryWTCMY0LW9v0ynF0ge+Q6oBXG/+mmuPrdgOxdTSjvuwsbCzIyxvvpfrVJSUA346hAcZqspuRNXWNfwxO2z7adTKPsVSpwlObrcTU0Oc0EQxPYJrS0CgYEAyt863fNSlkeHVQkEB2pSIDZi8/7iWhbvIXXSnQXD3jEKyjsQsKdra2PIR7Qr8DuJdraRmRrLTY78azZNw3WmM4aWZdUFMfdabNTNaB2NILvv3UmhEYyvgy9XNnDvG9XME/FHdeEWi1uKXIjIhNjmD+YPXEhFLNBPJOHMn5L9mLECgYEA068BGxGJIVNxGCD8iErF+DUxltbuzX6cw0pkj2W2tA0Z3tgvlSnQuNW/5k8w7D0wlI6XmZfxtx2D3eY7Iany8TLXGEW9NOd8U8FgQzf+hFZA+k4gnfLQOeaRolfzIXn6jDoNNkNdNr2Yt8E9IKFbiZwsVHj6Q/hR+Ds/lEBPH9Q=", + "saml.encrypt": "false", + "saml.server.signature": "false", + "exclude.session.state.from.auth.response": "false", + "saml.artifact.binding.identifier": "s+FCT7acoISBsDrZ2B6VSIQhmX8=", + "saml.artifact.binding": "false", + "saml_force_name_id_format": "true", + "acr.loa.map": "{}", + "saml.encryption.certificate": "MIICozCCAYsCBgGFomUJ3zANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDDAptYXR0ZXJtb3N0MB4XDTIzMDExMTE5NTE0OFoXDTMzMDExMTE5NTMyOFowFTETMBEGA1UEAwwKbWF0dGVybW9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMvN9L7gNCErK28i1gcsIg/t1zbv/8/akceLosvvePA11o5RIqy8fRsFiWR7jyrRIBcVx4zg9hJKO1v5vhM50xx1cVdILg2L4gi3YubKqZwUWUudeOnK9XyQpDhBlAtR1gsV2kG9yx+yWW17ryClgImZw3A2J//30vM3c+zfVkaqUZ7SqHRhLQbne97Ruj5hEothOWoh4tM605jedUcVbV/GxHuRE91oZesBtcJw/xj37jaWD6/hhbNlSvRYur0LPElKNT9W0x9ldVZCZqLzgSE/WmpQZetD/Acmd3V+cdR2NNVctSCDygTh7vnCwlDbUTi1jUCGoyVrqG3JHMcZYk0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEADYsy/DAPauvcCk2inH20xMjj2Wmf+s9TU+KfGGl7tD+7n4cN/G1sue822Yjqk/3qeIvhvAFZzOjx1BMBinLtuue17KLueV/U0XkBBgZVHy32fCGiYlxaykmK9G+j3bjAluX8Nv4XQ2nksC2hTvkFSJEcdYjYw7IecMjPsnxf3Yrn/jrWHpIPEQuzw/zh+asOhUHga4d1OioLBZbw0aIVW3c4SLD5OIp4irbxMkwCdp3EWEK+xOoFmyboBfhBpv1/uKIe1+6hMINW2lXKwSBn4NoRRVrkrdgrTAICDcEeUK1S91fVo5+y7qSRdGHVtZFdf+kie/BR5oEOiHKz1orLuw==", + "tls.client.certificate.bound.access.tokens": "false", + "saml.authnstatement": "true", + "display.on.consent.screen": "false", + "saml_name_id_format": "email", + "token.response.type.bearer.lower-case": "false", + "saml.onetimeuse.condition": "false", + "saml_signature_canonicalization_method": "http://www.w3.org/2001/10/xml-exc-c14n#" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "protocolMappers": [ + { + "id": "39f3946e-63aa-4b58-82a1-2d097bd440b9", + "name": "X500 email", + "protocol": "saml", + "protocolMapper": "saml-user-property-mapper", + "consentRequired": false, + "config": { + "attribute.nameformat": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", + "user.attribute": "email", + "friendly.name": "email", + "attribute.name": "urn:oid:1.2.840.113549.1.9.1" + } + }, + { + "id": "9e4e5aed-a91e-4b4c-b717-e313eb46f962", + "name": "X500 surname", + "protocol": "saml", + "protocolMapper": "saml-user-property-mapper", + "consentRequired": false, + "config": { + "attribute.nameformat": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", + "user.attribute": "lastName", + "friendly.name": "surname", + "attribute.name": "urn:oid:2.5.4.4" + } + }, + { + "id": "2b41551a-1298-45e2-9df3-eea3d3d43ac0", + "name": "username", + "protocol": "saml", + "protocolMapper": "saml-user-property-mapper", + "consentRequired": false, + "config": { + "user.attribute": "username", + "friendly.name": "username", + "attribute.name": "username" + } + }, + { + "id": "ddbcd91b-ada9-4eab-b96f-d352f0cb8801", + "name": "X500 givenName", + "protocol": "saml", + "protocolMapper": "saml-user-property-mapper", + "consentRequired": false, + "config": { + "attribute.nameformat": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", + "user.attribute": "firstName", + "friendly.name": "givenName", + "attribute.name": "urn:oid:2.5.4.42" + } + }, + { + "id": "a04728c9-0629-490a-9834-eedb67ef2076", + "name": "id", + "protocol": "saml", + "protocolMapper": "saml-user-property-mapper", + "consentRequired": false, + "config": { + "user.attribute": "id", + "friendly.name": "id", + "attribute.name": "id" + } + } + ], + "defaultClientScopes": [ + "role_list" + ], + "optionalClientScopes": [] + }, + { + "id": "6b00dda0-21e9-4521-beae-4827acdbefe6", + "clientId": "security-admin-console", + "name": "${client_security-admin-console}", + "rootUrl": "${authAdminUrl}", + "baseUrl": "/admin/master/console/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "/admin/master/console/*" + ], + "webOrigins": [ + "+" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "pkce.code.challenge.method": "S256" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "43421e87-b77c-496b-a7da-961317f34d55", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + } + ], + "clientScopes": [ + { + "id": "0b9be147-cde5-4fe6-8e4d-43c7f9e52214", + "name": "address", + "description": "OpenID Connect built-in scope: address", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${addressScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "db00df9d-3e41-48f1-aea0-3c8bc32d40ab", + "name": "address", + "protocol": "openid-connect", + "protocolMapper": "oidc-address-mapper", + "consentRequired": false, + "config": { + "user.attribute.formatted": "formatted", + "user.attribute.country": "country", + "user.attribute.postal_code": "postal_code", + "userinfo.token.claim": "true", + "user.attribute.street": "street", + "id.token.claim": "true", + "user.attribute.region": "region", + "access.token.claim": "true", + "user.attribute.locality": "locality" + } + } + ] + }, + { + "id": "adb4ab59-af38-4f36-b390-9faab4aff25c", + "name": "phone", + "description": "OpenID Connect built-in scope: phone", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${phoneScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "dcfcbd28-4eb9-4adf-b04d-0f0560926308", + "name": "phone number", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "phoneNumber", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number", + "jsonType.label": "String" + } + }, + { + "id": "72cf8314-8264-470a-bdc3-6fd9a4a65bbf", + "name": "phone number verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "phoneNumberVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number_verified", + "jsonType.label": "boolean" + } + } + ] + }, + { + "id": "e50b48c2-4ed0-4690-926b-230eb08e8da2", + "name": "email", + "description": "OpenID Connect built-in scope: email", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${emailScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "a163d4cf-58ae-42c2-821f-e0b75220cb49", + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + }, + { + "id": "78dfc85b-254b-4aab-aff9-d1f27fbf3779", + "name": "email verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "emailVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email_verified", + "jsonType.label": "boolean" + } + } + ] + }, + { + "id": "e5aefa06-e4c7-4097-932a-8b741f2dd594", + "name": "profile", + "description": "OpenID Connect built-in scope: profile", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${profileScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "c2aa336d-487a-4dd2-92c1-91011ee3981e", + "name": "birthdate", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "birthdate", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "birthdate", + "jsonType.label": "String" + } + }, + { + "id": "8af669c8-98b5-45a7-8922-6279be4020c3", + "name": "profile", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "profile", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "profile", + "jsonType.label": "String" + } + }, + { + "id": "1e284eda-433a-41d5-8ca6-fd32fb985f13", + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" + } + }, + { + "id": "e27ee864-559b-4e83-a024-9eee6ca6d19a", + "name": "website", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "website", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "website", + "jsonType.label": "String" + } + }, + { + "id": "04a264d7-1b48-41f1-8244-94ca4673aa03", + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" + } + }, + { + "id": "15390ea5-36b8-421f-930d-4d6169d730e6", + "name": "middle name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "middleName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "middle_name", + "jsonType.label": "String" + } + }, + { + "id": "98c527d6-6e61-4f43-baf5-d6868017b0bf", + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + }, + { + "id": "c5928673-6c4d-4cb0-ad4d-6fc78f3192ba", + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String" + } + }, + { + "id": "4da03a0b-28bb-48f2-aa13-91b0834d0fb0", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + }, + { + "id": "5c7db15c-0204-4f73-8a90-2f5d3b15d1ca", + "name": "zoneinfo", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "zoneinfo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "zoneinfo", + "jsonType.label": "String" + } + }, + { + "id": "22d1dbb7-b268-4fff-a26f-bead3e9bd789", + "name": "nickname", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "nickname", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "nickname", + "jsonType.label": "String" + } + }, + { + "id": "d708c7d4-f41f-4809-817c-7f631bc2be3f", + "name": "gender", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "gender", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "gender", + "jsonType.label": "String" + } + }, + { + "id": "ae205e2b-fa3c-45f7-8c30-4b592fb88316", + "name": "picture", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "picture", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "picture", + "jsonType.label": "String" + } + }, + { + "id": "5826fa81-0936-45ba-ae43-c5c57244b7bb", + "name": "updated at", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "updatedAt", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "updated_at", + "jsonType.label": "long" + } + } + ] + }, + { + "id": "0c3c79fc-e6a7-4960-832d-5fef78e603d3", + "name": "microprofile-jwt", + "description": "Microprofile - JWT built-in scope", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "498382df-5ac4-4e92-a7d6-2f50d9a26ec3", + "name": "upn", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "upn", + "jsonType.label": "String" + } + }, + { + "id": "44bfd719-d6bb-4237-b85d-70fb0ebdf586", + "name": "groups", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "multivalued": "true", + "user.attribute": "foo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "groups", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "af89bff0-bc2f-49cf-839c-a5beae67144f", + "name": "offline_access", + "description": "OpenID Connect built-in scope: offline_access", + "protocol": "openid-connect", + "attributes": { + "consent.screen.text": "${offlineAccessScopeConsentText}", + "display.on.consent.screen": "true" + } + }, + { + "id": "cb900b02-3c76-45b3-a3cb-1225ea8ee65d", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "7f4cbd4e-7db4-4a69-977e-dc92146b817f", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, + { + "id": "adcb35fa-535c-4226-944f-9203eed93f98", + "name": "role_list", + "description": "SAML role list", + "protocol": "saml", + "attributes": { + "consent.screen.text": "${samlRoleListScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "678d6678-3ad7-4cc7-9503-3b9e99d63113", + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", + "consentRequired": false, + "config": { + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" + } + } + ] + }, + { + "id": "bce21033-9174-4de1-82f1-3d192f4f30c6", + "name": "roles", + "description": "OpenID Connect scope for add user roles to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "true", + "consent.screen.text": "${rolesScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "235ca07c-5857-4c73-9044-cdb809d156a4", + "name": "client roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-client-role-mapper", + "consentRequired": false, + "config": { + "user.attribute": "foo", + "access.token.claim": "true", + "claim.name": "resource_access.${client_id}.roles", + "jsonType.label": "String", + "multivalued": "true" + } + }, + { + "id": "edc2ff5b-3f75-428d-87a3-24e26e297346", + "name": "realm roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "user.attribute": "foo", + "access.token.claim": "true", + "claim.name": "realm_access.roles", + "jsonType.label": "String", + "multivalued": "true" + } + }, + { + "id": "3be2dca2-e00b-4766-a9d8-69f622443f07", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": {} + } + ] + }, + { + "id": "fdf5c325-e322-4137-af17-1b7a926b5807", + "name": "web-origins", + "description": "OpenID Connect scope for add allowed web origins to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false", + "consent.screen.text": "" + }, + "protocolMappers": [ + { + "id": "1bfc9671-270d-4acf-8287-a6f299356958", + "name": "allowed web origins", + "protocol": "openid-connect", + "protocolMapper": "oidc-allowed-origins-mapper", + "consentRequired": false, + "config": {} + } + ] + } + ], + "defaultDefaultClientScopes": [ + "role_list", + "profile", + "email", + "roles", + "web-origins", + "acr" + ], + "defaultOptionalClientScopes": [ + "offline_access", + "address", + "phone", + "microprofile-jwt" + ], + "browserSecurityHeaders": { + "contentSecurityPolicyReportOnly": "", + "xContentTypeOptions": "nosniff", + "xRobotsTag": "none", + "xFrameOptions": "SAMEORIGIN", + "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "xXSSProtection": "1; mode=block", + "strictTransportSecurity": "max-age=31536000; includeSubDomains" + }, + "smtpServer": {}, + "eventsEnabled": false, + "eventsListeners": [ + "jboss-logging" + ], + "enabledEventTypes": [], + "adminEventsEnabled": false, + "adminEventsDetailsEnabled": false, + "identityProviders": [], + "identityProviderMappers": [], + "components": { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ + { + "id": "9731efc3-409d-4bd7-a070-b30205d1c6c6", + "name": "Max Clients Limit", + "providerId": "max-clients", + "subType": "anonymous", + "subComponents": {}, + "config": { + "max-clients": [ + "200" + ] + } + }, + { + "id": "969c619f-3aca-498f-a76c-acc771e8aaa4", + "name": "Consent Required", + "providerId": "consent-required", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "ef75051d-4f0c-4aeb-a507-42b2895e7800", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "oidc-address-mapper", + "oidc-usermodel-property-mapper", + "saml-user-property-mapper", + "oidc-full-name-mapper", + "saml-role-list-mapper", + "saml-user-attribute-mapper", + "oidc-usermodel-attribute-mapper", + "oidc-sha256-pairwise-sub-mapper" + ] + } + }, + { + "id": "c304a0e4-e91a-4f70-8523-3bed05cdea94", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } + }, + { + "id": "fd5b586f-87d8-4ca5-a405-84756cf64c19", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "71ab8320-4120-4a71-a595-387b48bceacc", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } + }, + { + "id": "ee32b607-4a98-4829-9dcb-a7665fa0f039", + "name": "Trusted Hosts", + "providerId": "trusted-hosts", + "subType": "anonymous", + "subComponents": {}, + "config": { + "host-sending-registration-request-must-match": [ + "true" + ], + "client-uris-must-match": [ + "true" + ] + } + }, + { + "id": "7381caa4-293f-43fc-9657-d3f90950c202", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "oidc-usermodel-property-mapper", + "oidc-usermodel-attribute-mapper", + "oidc-sha256-pairwise-sub-mapper", + "oidc-address-mapper", + "saml-role-list-mapper", + "saml-user-attribute-mapper", + "saml-user-property-mapper", + "oidc-full-name-mapper" + ] + } + } + ], + "org.keycloak.storage.UserStorageProvider": [ + { + "id": "4890375a-caa2-47a4-ac7a-20bc7bad0c37", + "name": "ldap", + "providerId": "ldap", + "subComponents": { + "org.keycloak.storage.ldap.mappers.LDAPStorageMapper": [ + { + "id": "b28871f8-2321-4b04-89cd-2e73ae2a7820", + "name": "username", + "providerId": "user-attribute-ldap-mapper", + "subComponents": {}, + "config": { + "ldap.attribute": [ + "uid" + ], + "is.mandatory.in.ldap": [ + "true" + ], + "read.only": [ + "true" + ], + "always.read.value.from.ldap": [ + "false" + ], + "user.model.attribute": [ + "username" + ] + } + }, + { + "id": "35e78211-433c-46d9-95c3-1b7ff54fa3b8", + "name": "last name", + "providerId": "user-attribute-ldap-mapper", + "subComponents": {}, + "config": { + "ldap.attribute": [ + "sn" + ], + "is.mandatory.in.ldap": [ + "true" + ], + "read.only": [ + "true" + ], + "always.read.value.from.ldap": [ + "true" + ], + "user.model.attribute": [ + "lastName" + ] + } + }, + { + "id": "7c97faa2-6980-4004-8817-1917f5eca754", + "name": "email", + "providerId": "user-attribute-ldap-mapper", + "subComponents": {}, + "config": { + "ldap.attribute": [ + "mail" + ], + "is.mandatory.in.ldap": [ + "false" + ], + "read.only": [ + "true" + ], + "always.read.value.from.ldap": [ + "false" + ], + "user.model.attribute": [ + "email" + ] + } + }, + { + "id": "ffc9c879-3d36-4114-a202-56f62ff4463a", + "name": "creation date", + "providerId": "user-attribute-ldap-mapper", + "subComponents": {}, + "config": { + "ldap.attribute": [ + "createTimestamp" + ], + "is.mandatory.in.ldap": [ + "false" + ], + "read.only": [ + "true" + ], + "always.read.value.from.ldap": [ + "true" + ], + "user.model.attribute": [ + "createTimestamp" + ] + } + }, + { + "id": "81f9fd0c-463e-47be-85f5-2a12431a705e", + "name": "first name", + "providerId": "user-attribute-ldap-mapper", + "subComponents": {}, + "config": { + "ldap.attribute": [ + "cn" + ], + "is.mandatory.in.ldap": [ + "true" + ], + "always.read.value.from.ldap": [ + "true" + ], + "read.only": [ + "true" + ], + "user.model.attribute": [ + "firstName" + ] + } + }, + { + "id": "09b38c95-67be-441b-b3e8-61dcfc174225", + "name": "modify date", + "providerId": "user-attribute-ldap-mapper", + "subComponents": {}, + "config": { + "ldap.attribute": [ + "modifyTimestamp" + ], + "is.mandatory.in.ldap": [ + "false" + ], + "always.read.value.from.ldap": [ + "true" + ], + "read.only": [ + "true" + ], + "user.model.attribute": [ + "modifyTimestamp" + ] + } + } + ] + }, + "config": { + "fullSyncPeriod": [ + "604800" + ], + "pagination": [ + "true" + ], + "connectionPooling": [ + "true" + ], + "usersDn": [ + "dc=planetexpress,dc=com" + ], + "cachePolicy": [ + "DEFAULT" + ], + "useKerberosForPasswordAuthentication": [ + "false" + ], + "importEnabled": [ + "true" + ], + "enabled": [ + "true" + ], + "bindDn": [ + "cn=admin,dc=planetexpress,dc=com" + ], + "bindCredential": [ + "**********" + ], + "changedSyncPeriod": [ + "-1" + ], + "usernameLDAPAttribute": [ + "uid" + ], + "lastSync": [ + "1674570921" + ], + "vendor": [ + "other" + ], + "uuidLDAPAttribute": [ + "uid" + ], + "allowKerberosAuthentication": [ + "false" + ], + "connectionUrl": [ + "ldap://openldap:10389" + ], + "syncRegistrations": [ + "false" + ], + "authType": [ + "simple" + ], + "debug": [ + "false" + ], + "searchScope": [ + "2" + ], + "useTruststoreSpi": [ + "ldapsOnly" + ], + "priority": [ + "0" + ], + "trustEmail": [ + "true" + ], + "userObjectClasses": [ + "inetOrgPerson, organizationalPerson" + ], + "rdnLDAPAttribute": [ + "uid" + ], + "editMode": [ + "READ_ONLY" + ], + "validatePasswordPolicy": [ + "false" + ], + "batchSizeForSync": [ + "1000" + ] + } + } + ], + "org.keycloak.userprofile.UserProfileProvider": [ + { + "id": "5663ef5f-89c6-4b85-a9c4-0399186f827e", + "providerId": "declarative-user-profile", + "subComponents": {}, + "config": {} + } + ], + "org.keycloak.keys.KeyProvider": [ + { + "id": "cd098442-bc1c-4f71-9ce0-70ad34eede30", + "name": "aes-generated", + "providerId": "aes-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ] + } + }, + { + "id": "25036e94-5292-4796-856a-8af3c6562c40", + "name": "rsa-enc-generated", + "providerId": "rsa-enc-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ], + "algorithm": [ + "RSA-OAEP" + ] + } + }, + { + "id": "6c0b803c-af16-434f-bc4b-f9d466cfa9e5", + "name": "rsa-generated", + "providerId": "rsa-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ] + } + }, + { + "id": "24929f7c-a7ca-4068-b69f-8114b6e2c6f8", + "name": "hmac-generated", + "providerId": "hmac-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ], + "algorithm": [ + "HS256" + ] + } + } + ] + }, + "internationalizationEnabled": false, + "supportedLocales": [], + "authenticationFlows": [ + { + "id": "89b86bdf-8cba-45b9-98e3-053b428ed39f", + "alias": "Account verification options", + "description": "Method with which to verity the existing account", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-email-verification", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Verify Existing Account by Re-authentication", + "userSetupAllowed": false + } + ] + }, + { + "id": "cf30bef0-83aa-4c92-be72-f890e60b2194", + "alias": "Authentication Options", + "description": "Authentication options.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "basic-auth", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "basic-auth-otp", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-spnego", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 30, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "43c895bc-f168-4468-811f-48c77a7bbc8e", + "alias": "Browser - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-otp-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "0c8e0db9-3b84-4ec5-ba0f-6bef737de71d", + "alias": "Direct Grant - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "direct-grant-validate-otp", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "c3213544-7683-4943-be57-7c8e9252a5fd", + "alias": "First broker login - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-otp-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "7e1f5efa-239d-48e2-babe-b00bbe633ffd", + "alias": "Handle Existing Account", + "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-confirm-link", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Account verification options", + "userSetupAllowed": false + } + ] + }, + { + "id": "f7d755a1-f5a5-4465-8638-f86cf5bbfe18", + "alias": "Reset - Conditional OTP", + "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-otp", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "55014247-6121-4801-bd9a-c989402e909b", + "alias": "User creation or linking", + "description": "Flow for the existing/non-existing user alternatives", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorConfig": "create unique user config", + "authenticator": "idp-create-user-if-unique", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Handle Existing Account", + "userSetupAllowed": false + } + ] + }, + { + "id": "21ca8d82-f936-4445-9aa9-cd9036a5c174", + "alias": "Verify Existing Account by Re-authentication", + "description": "Reauthentication of existing account", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-username-password-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "First broker login - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "1bbea613-90d3-43a6-8ee0-adf4d5175b9e", + "alias": "browser", + "description": "browser based authentication", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-cookie", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-spnego", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "identity-provider-redirector", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 25, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 30, + "autheticatorFlow": true, + "flowAlias": "forms", + "userSetupAllowed": false + } + ] + }, + { + "id": "83f9077f-8712-4cf7-813a-18c7852e8cca", + "alias": "clients", + "description": "Base authentication for clients", + "providerId": "client-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "client-secret", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-jwt", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-secret-jwt", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 30, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-x509", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 40, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "1b400595-d710-4a78-8657-46296ea71c01", + "alias": "direct grant", + "description": "OpenID Connect Resource Owner Grant", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "direct-grant-validate-username", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "direct-grant-validate-password", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 30, + "autheticatorFlow": true, + "flowAlias": "Direct Grant - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "f446b7d4-f533-40d0-bfee-e7b97ead7c40", + "alias": "docker auth", + "description": "Used by Docker clients to authenticate against the IDP", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "docker-http-basic-authenticator", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "3dc40147-fca9-4fe3-8c9d-3c1e845871f8", + "alias": "first broker login", + "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorConfig": "review profile config", + "authenticator": "idp-review-profile", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "User creation or linking", + "userSetupAllowed": false + } + ] + }, + { + "id": "43aba87d-7609-4f70-a36a-3ac292b6cb81", + "alias": "forms", + "description": "Username, password, otp and other auth forms.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-username-password-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Browser - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "095709c2-dae9-4672-af50-8f55385c16b9", + "alias": "http challenge", + "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "no-cookie-redirect", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Authentication Options", + "userSetupAllowed": false + } + ] + }, + { + "id": "909e38f9-7dfa-4b90-8dee-7ee2640ec14a", + "alias": "registration", + "description": "registration flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-page-form", + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": true, + "flowAlias": "registration form", + "userSetupAllowed": false + } + ] + }, + { + "id": "c0d38c00-69be-4237-89f6-0f7925c2dd9d", + "alias": "registration form", + "description": "registration form", + "providerId": "form-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-user-creation", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "registration-profile-action", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 40, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "registration-password-action", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 50, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "registration-recaptcha-action", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 60, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "1da1cf8a-fcbb-4310-9c14-19f3fe5bd47a", + "alias": "reset credentials", + "description": "Reset credentials for a user if they forgot their password or something", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "reset-credentials-choose-user", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-credential-email", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-password", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 30, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 40, + "autheticatorFlow": true, + "flowAlias": "Reset - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "979bc57d-5fcd-49cc-b706-9f4608b3d85e", + "alias": "saml ecp", + "description": "SAML ECP Profile Authentication Flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "http-basic-authenticator", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + } + ], + "authenticatorConfig": [ + { + "id": "61d24622-2f7e-49b6-b790-ef7ff64a86cf", + "alias": "create unique user config", + "config": { + "require.password.update.after.registration": "false" + } + }, + { + "id": "dae8f9d2-99f0-4aa8-98a0-45311605e4d6", + "alias": "review profile config", + "config": { + "update.profile.on.first.login": "missing" + } + } + ], + "requiredActions": [ + { + "alias": "CONFIGURE_TOTP", + "name": "Configure OTP", + "providerId": "CONFIGURE_TOTP", + "enabled": true, + "defaultAction": false, + "priority": 10, + "config": {} + }, + { + "alias": "terms_and_conditions", + "name": "Terms and Conditions", + "providerId": "terms_and_conditions", + "enabled": false, + "defaultAction": false, + "priority": 20, + "config": {} + }, + { + "alias": "UPDATE_PASSWORD", + "name": "Update Password", + "providerId": "UPDATE_PASSWORD", + "enabled": true, + "defaultAction": false, + "priority": 30, + "config": {} + }, + { + "alias": "UPDATE_PROFILE", + "name": "Update Profile", + "providerId": "UPDATE_PROFILE", + "enabled": true, + "defaultAction": false, + "priority": 40, + "config": {} + }, + { + "alias": "VERIFY_EMAIL", + "name": "Verify Email", + "providerId": "VERIFY_EMAIL", + "enabled": true, + "defaultAction": false, + "priority": 50, + "config": {} + }, + { + "alias": "delete_account", + "name": "Delete Account", + "providerId": "delete_account", + "enabled": false, + "defaultAction": false, + "priority": 60, + "config": {} + }, + { + "alias": "update_user_locale", + "name": "Update User Locale", + "providerId": "update_user_locale", + "enabled": true, + "defaultAction": false, + "priority": 1000, + "config": {} + } + ], + "browserFlow": "browser", + "registrationFlow": "registration", + "directGrantFlow": "direct grant", + "resetCredentialsFlow": "reset credentials", + "clientAuthenticationFlow": "clients", + "dockerAuthenticationFlow": "docker auth", + "attributes": { + "cibaBackchannelTokenDeliveryMode": "poll", + "cibaExpiresIn": "120", + "cibaAuthRequestedUserHint": "login_hint", + "oauth2DeviceCodeLifespan": "600", + "oauth2DevicePollingInterval": "600", + "clientOfflineSessionMaxLifespan": "0", + "clientSessionIdleTimeout": "0", + "parRequestUriLifespan": "60", + "clientSessionMaxLifespan": "0", + "clientOfflineSessionIdleTimeout": "0", + "cibaInterval": "5" + }, + "keycloakVersion": "18.0.0", + "userManagedAccessAllowed": false, + "clientProfiles": { + "profiles": [] + }, + "clientPolicies": { + "policies": [] + } +} \ No newline at end of file diff --git a/files/advancedLogging.json b/files/mattermost/advancedLogging.json similarity index 100% rename from files/advancedLogging.json rename to files/mattermost/advancedLogging.json diff --git a/files/mattermost/config.json b/files/mattermost/config.json new file mode 100644 index 0000000..dca66c0 --- /dev/null +++ b/files/mattermost/config.json @@ -0,0 +1,601 @@ +{ + "ServiceSettings": { + "SiteURL": "", + "WebsocketURL": "", + "LicenseFileLocation": "config/license.mattermost-enterprise", + "ListenAddress": ":8065", + "ConnectionSecurity": "", + "TLSCertFile": "", + "TLSKeyFile": "", + "TLSMinVer": "1.2", + "TLSStrictTransport": false, + "TLSStrictTransportMaxAge": 63072000, + "TLSOverwriteCiphers": [], + "UseLetsEncrypt": false, + "LetsEncryptCertificateCacheFile": "./config/letsencrypt.cache", + "Forward80To443": false, + "TrustedProxyIPHeader": [], + "ReadTimeout": 300, + "WriteTimeout": 300, + "IdleTimeout": 60, + "MaximumLoginAttempts": 10, + "GoroutineHealthThreshold": -1, + "EnableOAuthServiceProvider": false, + "EnableIncomingWebhooks": true, + "EnableOutgoingWebhooks": true, + "EnableCommands": true, + "EnablePostUsernameOverride": false, + "EnablePostIconOverride": false, + "GoogleDeveloperKey": "", + "EnableLinkPreviews": true, + "EnablePermalinkPreviews": true, + "RestrictLinkPreviews": "", + "EnableTesting": false, + "EnableDeveloper": false, + "DeveloperFlags": "", + "EnableClientPerformanceDebugging": false, + "EnableOpenTracing": false, + "EnableSecurityFixAlert": true, + "EnableInsecureOutgoingConnections": false, + "AllowedUntrustedInternalConnections": "cs-repro-keycloak:8080 cs-repro-keycloak", + "EnableMultifactorAuthentication": false, + "EnforceMultifactorAuthentication": false, + "EnableUserAccessTokens": false, + "AllowCorsFrom": "", + "CorsExposedHeaders": "", + "CorsAllowCredentials": false, + "CorsDebug": false, + "AllowCookiesForSubdomains": false, + "ExtendSessionLengthWithActivity": false, + "SessionLengthWebInDays": 180, + "SessionLengthWebInHours": 4320, + "SessionLengthMobileInDays": 180, + "SessionLengthMobileInHours": 4320, + "SessionLengthSSOInDays": 30, + "SessionLengthSSOInHours": 720, + "SessionCacheInMinutes": 10, + "SessionIdleTimeoutInMinutes": 43200, + "WebsocketSecurePort": 443, + "WebsocketPort": 80, + "WebserverMode": "gzip", + "EnableGifPicker": true, + "GfycatAPIKey": "2_KtH_W5", + "GfycatAPISecret": "3wLVZPiswc3DnaiaFoLkDvB4X0IV6CpMkj4tf2inJRsBY6-FnkT08zGmppWFgeof", + "EnableCustomEmoji": true, + "EnableEmojiPicker": true, + "PostEditTimeLimit": -1, + "TimeBetweenUserTypingUpdatesMilliseconds": 5000, + "EnablePostSearch": true, + "EnableFileSearch": true, + "MinimumHashtagLength": 3, + "EnableUserTypingMessages": true, + "EnableChannelViewedMessages": true, + "EnableUserStatuses": true, + "ExperimentalEnableAuthenticationTransfer": true, + "ClusterLogTimeoutMilliseconds": 2000, + "EnablePreviewFeatures": true, + "EnableTutorial": true, + "EnableOnboardingFlow": true, + "ExperimentalEnableDefaultChannelLeaveJoinMessages": true, + "ExperimentalGroupUnreadChannels": "disabled", + "EnableAPITeamDeletion": false, + "EnableAPITriggerAdminNotifications": false, + "EnableAPIUserDeletion": false, + "ExperimentalEnableHardenedMode": false, + "ExperimentalStrictCSRFEnforcement": false, + "EnableEmailInvitations": true, + "DisableBotsWhenOwnerIsDeactivated": true, + "EnableBotAccountCreation": false, + "EnableSVGs": true, + "EnableLatex": true, + "EnableInlineLatex": true, + "PostPriority": false, + "EnableAPIChannelDeletion": false, + "EnableLocalMode": true, + "LocalModeSocketLocation": "/var/tmp/mattermost_local.socket", + "EnableAWSMetering": false, + "SplitKey": "", + "FeatureFlagSyncIntervalSeconds": 30, + "DebugSplit": false, + "ThreadAutoFollow": true, + "CollapsedThreads": "always_on", + "ManagedResourcePaths": "", + "EnableCustomGroups": true + }, + "TeamSettings": { + "SiteName": "Mattermost", + "MaxUsersPerTeam": 50, + "EnableUserCreation": true, + "EnableOpenServer": false, + "EnableUserDeactivation": false, + "RestrictCreationToDomains": "", + "EnableCustomUserStatuses": true, + "EnableCustomBrand": false, + "CustomBrandText": "", + "CustomDescriptionText": "", + "RestrictDirectMessage": "any", + "EnableLastActiveTime": true, + "UserStatusAwayTimeout": 300, + "MaxChannelsPerTeam": 2000, + "MaxNotificationsPerChannel": 1000, + "EnableConfirmNotificationsToChannel": true, + "TeammateNameDisplay": "username", + "ExperimentalViewArchivedChannels": true, + "ExperimentalEnableAutomaticReplies": false, + "LockTeammateNameDisplay": false, + "ExperimentalPrimaryTeam": "", + "ExperimentalDefaultChannels": [] + }, + "ClientRequirements": { + "AndroidLatestVersion": "", + "AndroidMinVersion": "", + "IosLatestVersion": "", + "IosMinVersion": "" + }, + "SqlSettings": { + "DriverName": "postgres", + "DataSource": "postgres://mmuser:mmuser_password@cs-mattermost-postgres:5432/mattermost?sslmode=disable\u0026connect_timeout=10\u0026binary_parameters=yes", + "DataSourceReplicas": [], + "DataSourceSearchReplicas": [], + "MaxIdleConns": 20, + "ConnMaxLifetimeMilliseconds": 3600000, + "ConnMaxIdleTimeMilliseconds": 300000, + "MaxOpenConns": 300, + "Trace": false, + "AtRestEncryptKey": "d44qwusbidpssy13zw6cr9idp43mgw5w", + "QueryTimeout": 30, + "DisableDatabaseSearch": false, + "MigrationsStatementTimeoutSeconds": 100000, + "ReplicaLagSettings": [] + }, + "LogSettings": { + "EnableConsole": true, + "ConsoleLevel": "DEBUG", + "ConsoleJson": true, + "EnableColor": false, + "EnableFile": true, + "FileLevel": "INFO", + "FileJson": true, + "FileLocation": "", + "EnableWebhookDebugging": true, + "EnableDiagnostics": true, + "EnableSentry": true, + "AdvancedLoggingConfig": "" + }, + "ExperimentalAuditSettings": { + "FileEnabled": false, + "FileName": "", + "FileMaxSizeMB": 100, + "FileMaxAgeDays": 0, + "FileMaxBackups": 0, + "FileCompress": false, + "FileMaxQueueSize": 1000, + "AdvancedLoggingConfig": "" + }, + "NotificationLogSettings": { + "EnableConsole": true, + "ConsoleLevel": "DEBUG", + "ConsoleJson": true, + "EnableColor": false, + "EnableFile": true, + "FileLevel": "INFO", + "FileJson": true, + "FileLocation": "", + "AdvancedLoggingConfig": "" + }, + "PasswordSettings": { + "MinimumLength": 8, + "Lowercase": false, + "Number": false, + "Uppercase": false, + "Symbol": false + }, + "FileSettings": { + "EnableFileAttachments": true, + "EnableMobileUpload": true, + "EnableMobileDownload": true, + "MaxFileSize": 104857600, + "MaxImageResolution": 33177600, + "MaxImageDecoderConcurrency": -1, + "DriverName": "local", + "Directory": "./data/", + "EnablePublicLink": false, + "ExtractContent": true, + "ArchiveRecursion": false, + "PublicLinkSalt": "o57y33mz89b5jjxibuyxyjds6s8tcxxd", + "InitialFont": "nunito-bold.ttf", + "AmazonS3AccessKeyId": "", + "AmazonS3SecretAccessKey": "", + "AmazonS3Bucket": "", + "AmazonS3PathPrefix": "", + "AmazonS3Region": "", + "AmazonS3Endpoint": "s3.amazonaws.com", + "AmazonS3SSL": true, + "AmazonS3SignV2": false, + "AmazonS3SSE": false, + "AmazonS3Trace": false, + "AmazonS3RequestTimeoutMilliseconds": 30000 + }, + "EmailSettings": { + "EnableSignUpWithEmail": true, + "EnableSignInWithEmail": true, + "EnableSignInWithUsername": true, + "SendEmailNotifications": true, + "UseChannelInEmailNotifications": false, + "RequireEmailVerification": false, + "FeedbackName": "", + "FeedbackEmail": "test@example.com", + "ReplyToAddress": "test@example.com", + "FeedbackOrganization": "", + "EnableSMTPAuth": false, + "SMTPUsername": "", + "SMTPPassword": "", + "SMTPServer": "localhost", + "SMTPPort": "10025", + "SMTPServerTimeout": 10, + "ConnectionSecurity": "", + "SendPushNotifications": false, + "PushNotificationServer": "", + "PushNotificationContents": "full", + "PushNotificationBuffer": 1000, + "EnableEmailBatching": false, + "EmailBatchingBufferSize": 256, + "EmailBatchingInterval": 30, + "EnablePreviewModeBanner": true, + "SkipServerCertificateVerification": false, + "EmailNotificationContentsType": "full", + "LoginButtonColor": "#0000", + "LoginButtonBorderColor": "#2389D7", + "LoginButtonTextColor": "#2389D7", + "EnableInactivityEmail": true + }, + "RateLimitSettings": { + "Enable": false, + "PerSec": 10, + "MaxBurst": 100, + "MemoryStoreSize": 10000, + "VaryByRemoteAddr": true, + "VaryByUser": false, + "VaryByHeader": "" + }, + "PrivacySettings": { + "ShowEmailAddress": true, + "ShowFullName": true + }, + "SupportSettings": { + "TermsOfServiceLink": "https://mattermost.com/terms-of-use/", + "PrivacyPolicyLink": "https://mattermost.com/privacy-policy/", + "AboutLink": "https://docs.mattermost.com/about/product.html/", + "HelpLink": "https://mattermost.com/default-help/", + "ReportAProblemLink": "https://mattermost.com/default-report-a-problem/", + "SupportEmail": "", + "CustomTermsOfServiceEnabled": false, + "CustomTermsOfServiceReAcceptancePeriod": 365, + "EnableAskCommunityLink": true + }, + "AnnouncementSettings": { + "EnableBanner": false, + "BannerText": "", + "BannerColor": "#f2a93b", + "BannerTextColor": "#333333", + "AllowBannerDismissal": true, + "AdminNoticesEnabled": true, + "UserNoticesEnabled": true, + "NoticesURL": "https://notices.mattermost.com/", + "NoticesFetchFrequency": 3600, + "NoticesSkipCache": false + }, + "ThemeSettings": { + "EnableThemeSelection": true, + "DefaultTheme": "default", + "AllowCustomThemes": true, + "AllowedThemes": [] + }, + "GitLabSettings": { + "Enable": false, + "Secret": "", + "Id": "", + "Scope": "", + "AuthEndpoint": "", + "TokenEndpoint": "", + "UserAPIEndpoint": "", + "DiscoveryEndpoint": "", + "ButtonText": "", + "ButtonColor": "" + }, + "GoogleSettings": { + "Enable": false, + "Secret": "", + "Id": "", + "Scope": "profile email", + "AuthEndpoint": "https://accounts.google.com/o/oauth2/v2/auth", + "TokenEndpoint": "https://www.googleapis.com/oauth2/v4/token", + "UserAPIEndpoint": "https://people.googleapis.com/v1/people/me?personFields=names,emailAddresses,nicknames,metadata", + "DiscoveryEndpoint": "", + "ButtonText": "", + "ButtonColor": "" + }, + "Office365Settings": { + "Enable": false, + "Secret": "", + "Id": "", + "Scope": "User.Read", + "AuthEndpoint": "https://login.microsoftonline.com/common/oauth2/v2.0/authorize", + "TokenEndpoint": "https://login.microsoftonline.com/common/oauth2/v2.0/token", + "UserAPIEndpoint": "https://graph.microsoft.com/v1.0/me", + "DiscoveryEndpoint": "", + "DirectoryId": "" + }, + "OpenIdSettings": { + "Enable": false, + "Secret": "", + "Id": "", + "Scope": "profile openid email", + "AuthEndpoint": "", + "TokenEndpoint": "", + "UserAPIEndpoint": "", + "DiscoveryEndpoint": "", + "ButtonText": "", + "ButtonColor": "#145DBF" + }, + "LdapSettings": { + "Enable": true, + "EnableSync": true, + "LdapServer": "openldap", + "LdapPort": 10389, + "ConnectionSecurity": "", + "BaseDN": "dc=planetexpress,dc=com", + "BindUsername": "cn=admin,dc=planetexpress,dc=com", + "BindPassword": "GoodNewsEveryone", + "UserFilter": "(objectClass=inetOrgPerson)", + "GroupFilter": "(objectClass=Group)", + "GuestFilter": "", + "EnableAdminFilter": true, + "AdminFilter": "(memberof=cn=admin_staff,ou=people,dc=planetexpress,dc=com)", + "GroupDisplayNameAttribute": "cn", + "GroupIdAttribute": "dn", + "FirstNameAttribute": "givenName", + "LastNameAttribute": "sn", + "EmailAttribute": "mail", + "UsernameAttribute": "uid", + "NicknameAttribute": "", + "IdAttribute": "uid", + "PositionAttribute": "", + "LoginIdAttribute": "uid", + "PictureAttribute": "", + "SyncIntervalMinutes": 60, + "SkipCertificateVerification": false, + "PublicCertificateFile": "", + "PrivateKeyFile": "", + "QueryTimeout": 60, + "MaxPageSize": 0, + "LoginFieldName": "", + "LoginButtonColor": "#0000", + "LoginButtonBorderColor": "#2389D7", + "LoginButtonTextColor": "#2389D7", + "Trace": true + }, + "ComplianceSettings": { + "Enable": false, + "Directory": "./data/", + "EnableDaily": false, + "BatchSize": 30000 + }, + "LocalizationSettings": { + "DefaultServerLocale": "en", + "DefaultClientLocale": "en", + "AvailableLocales": "" + }, + "SamlSettings": { + "Enable": true, + "EnableSyncWithLdap": false, + "EnableSyncWithLdapIncludeAuth": false, + "IgnoreGuestsLdapSync": false, + "Verify": false, + "Encrypt": false, + "SignRequest": false, + "IdpURL": "http://localhost:8080/realms/master/protocol/saml", + "IdpDescriptorURL": "http://localhost:8080/realms/master", + "IdpMetadataURL": "http://cs-repro-keycloak:8080/realms/master/protocol/saml/descriptor", + "ServiceProviderIdentifier": "mattermost", + "AssertionConsumerServiceURL": "http://localhost:8065/login/sso/saml", + "SignatureAlgorithm": "RSAwithSHA1", + "CanonicalAlgorithm": "Canonical1.0", + "ScopingIDPProviderId": "", + "ScopingIDPName": "", + "IdpCertificateFile": "samlCert.crt", + "PublicCertificateFile": "", + "PrivateKeyFile": "", + "IdAttribute": "id", + "GuestAttribute": "", + "EnableAdminAttribute": false, + "AdminAttribute": "", + "FirstNameAttribute": "", + "LastNameAttribute": "", + "EmailAttribute": "email", + "UsernameAttribute": "username", + "NicknameAttribute": "", + "LocaleAttribute": "", + "PositionAttribute": "", + "LoginButtonText": "keycloak", + "LoginButtonColor": "#34a28b", + "LoginButtonBorderColor": "#2389D7", + "LoginButtonTextColor": "#ffffff" + }, + "NativeAppSettings": { + "AppCustomURLSchemes": [ + "mmauth://", + "mmauthbeta://" + ], + "AppDownloadLink": "https://mattermost.com/download/#mattermostApps", + "AndroidAppDownloadLink": "https://mattermost.com/mattermost-android-app/", + "IosAppDownloadLink": "https://mattermost.com/mattermost-ios-app/" + }, + "ClusterSettings": { + "Enable": false, + "ClusterName": "", + "OverrideHostname": "", + "NetworkInterface": "", + "BindAddress": "", + "AdvertiseAddress": "", + "UseIPAddress": true, + "EnableGossipCompression": true, + "EnableExperimentalGossipEncryption": false, + "ReadOnlyConfig": true, + "GossipPort": 8074, + "StreamingPort": 8075, + "MaxIdleConns": 100, + "MaxIdleConnsPerHost": 128, + "IdleConnTimeoutMilliseconds": 90000 + }, + "MetricsSettings": { + "Enable": false, + "BlockProfileRate": 0, + "ListenAddress": ":8067" + }, + "ExperimentalSettings": { + "ClientSideCertEnable": false, + "ClientSideCertCheck": "secondary", + "LinkMetadataTimeoutMilliseconds": 5000, + "RestrictSystemAdmin": false, + "UseNewSAMLLibrary": false, + "EnableSharedChannels": false, + "EnableRemoteClusterService": false, + "EnableAppBar": false + }, + "AnalyticsSettings": { + "MaxUsersForStatistics": 2500 + }, + "ElasticsearchSettings": { + "ConnectionURL": "http://localhost:9200", + "Username": "elastic", + "Password": "changeme", + "EnableIndexing": false, + "EnableSearching": false, + "EnableAutocomplete": false, + "Sniff": true, + "PostIndexReplicas": 1, + "PostIndexShards": 1, + "ChannelIndexReplicas": 1, + "ChannelIndexShards": 1, + "UserIndexReplicas": 1, + "UserIndexShards": 1, + "AggregatePostsAfterDays": 365, + "PostsAggregatorJobStartTime": "03:00", + "IndexPrefix": "", + "LiveIndexingBatchSize": 1, + "BatchSize": 10000, + "RequestTimeoutSeconds": 30, + "SkipTLSVerification": false, + "Trace": "" + }, + "BleveSettings": { + "IndexDir": "", + "EnableIndexing": false, + "EnableSearching": false, + "EnableAutocomplete": false, + "BatchSize": 10000 + }, + "DataRetentionSettings": { + "EnableMessageDeletion": false, + "EnableFileDeletion": false, + "EnableBoardsDeletion": false, + "MessageRetentionDays": 365, + "FileRetentionDays": 365, + "BoardsRetentionDays": 365, + "DeletionJobStartTime": "02:00", + "BatchSize": 3000 + }, + "MessageExportSettings": { + "EnableExport": false, + "ExportFormat": "actiance", + "DailyRunTime": "01:00", + "ExportFromTimestamp": 0, + "BatchSize": 10000, + "DownloadExportResults": false, + "GlobalRelaySettings": { + "CustomerType": "A9", + "SMTPUsername": "", + "SMTPPassword": "", + "EmailAddress": "", + "SMTPServerTimeout": 1800 + } + }, + "JobSettings": { + "RunJobs": true, + "RunScheduler": true, + "CleanupJobsThresholdDays": -1, + "CleanupConfigThresholdDays": -1 + }, + "ProductSettings": { + "EnablePublicSharedBoards": false + }, + "PluginSettings": { + "Enable": true, + "EnableUploads": false, + "AllowInsecureDownloadURL": false, + "EnableHealthCheck": true, + "Directory": "./plugins", + "ClientDirectory": "./client/plugins", + "Plugins": { + "playbooks": { + "BotUserID": "rn8xj3rnwtnffjfu14uff6imyh" + } + }, + "PluginStates": { + "com.mattermost.apps": { + "Enable": true + }, + "com.mattermost.calls": { + "Enable": true + }, + "com.mattermost.nps": { + "Enable": true + }, + "com.mattermost.plugin-channel-export": { + "Enable": true + }, + "focalboard": { + "Enable": true + }, + "playbooks": { + "Enable": true + } + }, + "EnableMarketplace": true, + "EnableRemoteMarketplace": true, + "AutomaticPrepackagedPlugins": true, + "RequirePluginSignature": false, + "MarketplaceURL": "https://api.integrations.mattermost.com", + "SignaturePublicKeyFiles": [], + "ChimeraOAuthProxyURL": "" + }, + "DisplaySettings": { + "CustomURLSchemes": [], + "ExperimentalTimezone": true + }, + "GuestAccountsSettings": { + "Enable": false, + "AllowEmailAccounts": true, + "EnforceMultifactorAuthentication": false, + "RestrictCreationToDomains": "" + }, + "ImageProxySettings": { + "Enable": false, + "ImageProxyType": "local", + "RemoteImageProxyURL": "", + "RemoteImageProxyOptions": "" + }, + "CloudSettings": { + "CWSURL": "https://customers.mattermost.com", + "CWSAPIURL": "https://portal.internal.prod.cloud.mattermost.com" + }, + "ImportSettings": { + "Directory": "./import", + "RetentionDays": 30 + }, + "ExportSettings": { + "Directory": "./export", + "RetentionDays": 30 + } +} \ No newline at end of file diff --git a/files/mattermost/samlCert.crt b/files/mattermost/samlCert.crt new file mode 100644 index 0000000..724a8f9 --- /dev/null +++ b/files/mattermost/samlCert.crt @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIICmzCCAYMCBgGGCXMBejANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZtYXN0 +ZXIwHhcNMjMwMTMxMjAwNzU3WhcNMzMwMTMxMjAwOTM3WjARMQ8wDQYDVQQDDAZt +YXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCEUyvwjY48sxu4 +XQKZgD77R48yROaNOBklAwH/HIg0mWrOtoxHTLtbLb8gBMppCE7cmMBMmcxXc6QL +CuUQlACsLWKc/+sXIRhl2/75oGi4QGtqfKKSOGmano0dmk0xxrg5AsHfwi0JrteW +g3Z+5cI9SfSkj7L3bfEnazE6v8A065CoGIC0Eh0UiP57hYIVfxpY301/ghQVJONc +BmtI8dvaNuB3eezvi49u5AybO034twUE4qN10gN2nKL3dUIJ3XrQ7D0GPtyTDRam +089Ml0hKT+bUEJf61EzDKxAAuB+y3FAvBXyYrEs7wQzvfaQ5bvvgEGyzVdsYE5+4 +B1cOfkdnAgMBAAEwDQYJKoZIhvcNAQELBQADggEBABgLyQjLg6Z9K0cE4boGw8NA +4o6PlUjLzR8wkpH3mLKzrsxIfOmGRTUZC5kijfxCTsVpUYs/Bams+MCv/ElR6JtU +9qODPHgyRZXjFv2clOByY1vwVaY3wK7BHCXCo2FnIEwBZ4PwA52/sAebAa/nd3YJ +P3p/45xC64e8wUp19hyO+azFo2ZTkhGyn3b3gR37KvL4MemhawMHNj7RVBQXdtYX +eEXtqdRcAp+ip0zHwn00z4C1971k/F66P+tHhnGqRb1nuuKmwRzfUyaF3GMGbot8 +sv3U8Q3LxXpf/BQnzSegDbKVsGeUIXFke1Suxe8E1yyPlThIS2LNaUnS9acv/r0= +-----END CERTIFICATE----- diff --git a/files/public.crt b/files/public.crt deleted file mode 100644 index 59c6d45..0000000 --- a/files/public.crt +++ /dev/null @@ -1 +0,0 @@ -MIICozCCAYsCBgGDhvaKdjANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDDAptYXR0ZXJtb3N0MB4XDTIyMDkyOTAxNTU0N1oXDTMyMDkyOTAxNTcyN1owFTETMBEGA1UEAwwKbWF0dGVybW9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIhzTzXqXGG9rQbCHVZBJlZsruk+lRSp7dBItPl1Dr0DctaIWc1DXKQMQKLthGyE9RLlW4SyjH08qCo1oqACG4Lg8A1OER/9Gt263/Yim0IBTldzK27g9Xkp8MK6WUGMP4eweuNbu1UhuXy7+cb50dPD8/v0h4+ys1LGHZ0b/maNGN2ehz9nhnmpqrfCc9KDpljuib7AEa5cdscof6YAFQj8pYDidmS3AVE8tGpksuOUQl8FjKVPnmAJbkcQqymVVEMvcRa+O/1qqrSOunrYZsAlQmD74y6UA0kbstSu/K5PFgNGzmmDw/A/u11cPxzh5A7yOCJ3Q9JZBu/882dw/AUCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEANoRIrWqaC6iD/t78S98Rl1VVF86e3Ef2v/bmF3KNFi/twSzFaSuqLSVl9SkWoas8uKWX6AmtBOm9MCPIF7q+d+yAIQkt2UxtuFEsd61Z9Couc4p/rxJGbVGBRqeeTWm8GRUrASaj/JqbZVPM1QtOKpmlCP+5fEq7e/npO0Blfje5pWkAGkA4WhXxYpYVe+cCyXvpcckJLzGCxbGg2iFeD4nmPIO1Drsme35tgwt3gPZhY2DqUTaP/CsauxGi5xv840871kz6mOu75qw4Qpo0MBlSZR2f8IFaHyzZpFyu0p83ZKK3/XTPmuvFfJh59640axZBT6pXWoNp/JyD4KnZSg== \ No newline at end of file diff --git a/keycloak.yml b/keycloak.yml deleted file mode 100644 index a4a9f1a..0000000 --- a/keycloak.yml +++ /dev/null @@ -1,40 +0,0 @@ - -version: '3' - -volumes: - postgres_data: - driver: local - -services: - # postgres: - # image: postgres - # volumes: - # - postgres_data:/var/lib/postgresql/data - # environment: - # POSTGRES_DB: keycloak - # POSTGRES_USER: keycloak - # POSTGRES_PASSWORD: password - keycloak: - image: quay.io/keycloak/keycloak:latest - environment: - # KC_DB_VENDOR: POSTGRES - # DB_ADDR: postgres - # DB_DATABASE: keycloak - # : keycloak - # DB_SCHEMA: public - # DB_PASSWORD: password - # KC_DB_URL: 'jdbc:postgresql://postgres/keycloak' - # KC_DB_USERNAME: keycloak - # KC_DB: postgres - # KC_DB_PASSWORD: password - KEYCLOAK_ADMIN: admin - KEYCLOAK_ADMIN_PASSWORD: Pa55w0rd - # KC_HOSTNAME: keycloak - # KC_HOSTNAME_PORT - # volumes: - # - ./volumes/keycloak:/opt/jboss/keycloak/standalone/data/ - ports: - - 8080:8080 - depends_on: - postgres: - condition: service_healthy \ No newline at end of file diff --git a/volumes/keycloak/h2/keycloakdb.mv.db b/volumes/keycloak/h2/keycloakdb.mv.db new file mode 100644 index 0000000..e1bbb72 Binary files /dev/null and b/volumes/keycloak/h2/keycloakdb.mv.db differ diff --git a/volumes/keycloak/h2/keycloakdb.trace.db b/volumes/keycloak/h2/keycloakdb.trace.db new file mode 100644 index 0000000..66f6a34 --- /dev/null +++ b/volumes/keycloak/h2/keycloakdb.trace.db @@ -0,0 +1,265 @@ +2023-01-31 20:05:33 jdbc[3]: exception +org.h2.jdbc.JdbcSQLException: Table "MIGRATION_MODEL" not found; SQL statement: +SELECT ID, VERSION FROM MIGRATION_MODEL ORDER BY UPDATE_TIME DESC [42102-197] +2023-01-31 20:09:07 jdbc[3]: exception +org.h2.jdbc.JdbcSQLException: Table "MIGRATION_MODEL" not found; SQL statement: +SELECT ID, VERSION FROM MIGRATION_MODEL ORDER BY UPDATE_TIME DESC [42102-197] +2023-01-31 20:09:11 jdbc[3]: exception +org.h2.jdbc.JdbcSQLException: Table "DATABASECHANGELOG" not found; SQL statement: +SELECT COUNT(*) FROM PUBLIC.DATABASECHANGELOG [42102-197] +2023-01-31 20:09:13 jdbc[4]: exception +org.h2.jdbc.JdbcSQLException: Table "DATABASECHANGELOGLOCK" not found; SQL statement: +SELECT COUNT(*) FROM PUBLIC.DATABASECHANGELOGLOCK [42102-197] +2023-01-31 20:09:13 jdbc[3]: exception +org.h2.jdbc.JdbcSQLException: Table "DATABASECHANGELOG" not found; SQL statement: +SELECT COUNT(*) FROM PUBLIC.DATABASECHANGELOG [42102-197] +2023-01-31 20:16:47 jdbc[3]: exception +org.h2.jdbc.JdbcSQLException: Database is already closed (to disable automatic closing at VM shutdown, add ";DB_CLOSE_ON_EXIT=FALSE" to the db URL) [90121-197] + at org.h2.message.DbException.getJdbcSQLException(DbException.java:357) + at org.h2.message.DbException.get(DbException.java:179) + at org.h2.message.DbException.get(DbException.java:155) + at org.h2.message.DbException.get(DbException.java:144) + at org.h2.jdbc.JdbcConnection.checkClosed(JdbcConnection.java:1526) + at org.h2.jdbcx.JdbcXAConnection$PooledJdbcConnection.checkClosed(JdbcXAConnection.java:470) + at org.h2.jdbc.JdbcConnection.checkClosed(JdbcConnection.java:1502) + at org.h2.jdbc.JdbcConnection.setAutoCommit(JdbcConnection.java:455) + at org.h2.jdbcx.JdbcXAConnection$PooledJdbcConnection.close(JdbcXAConnection.java:451) + at org.h2.jdbcx.JdbcXAConnection.close(JdbcXAConnection.java:78) + at io.agroal.pool.ConnectionHandler.closeConnection(ConnectionHandler.java:185) + at io.agroal.pool.ConnectionPool$DestroyConnectionTask.run(ConnectionPool.java:768) + at io.agroal.pool.ConnectionPool.close(ConnectionPool.java:189) + at io.agroal.pool.DataSource.close(DataSource.java:79) + at io.quarkus.agroal.runtime.DataSources.stop(DataSources.java:381) + at io.quarkus.agroal.runtime.DataSources_Bean.destroy(Unknown Source) + at io.quarkus.agroal.runtime.DataSources_Bean.destroy(Unknown Source) + at io.quarkus.arc.impl.AbstractInstanceHandle.destroyInternal(AbstractInstanceHandle.java:80) + at io.quarkus.arc.impl.ContextInstanceHandleImpl.destroy(ContextInstanceHandleImpl.java:20) + at io.quarkus.arc.impl.AbstractSharedContext.destroy(AbstractSharedContext.java:94) + at io.quarkus.arc.impl.ArcContainerImpl.shutdown(ArcContainerImpl.java:369) + at io.quarkus.arc.Arc.shutdown(Arc.java:52) + at io.quarkus.arc.runtime.ArcRecorder$1.run(ArcRecorder.java:44) + at io.quarkus.runtime.StartupContext.runAllInReverseOrder(StartupContext.java:84) + at io.quarkus.runtime.StartupContext.close(StartupContext.java:73) + at io.quarkus.runner.ApplicationImpl.doStop(Unknown Source) + at io.quarkus.runtime.Application.stop(Application.java:203) + at io.quarkus.runtime.Application.stop(Application.java:155) + at io.quarkus.runtime.ApplicationLifecycleManager.run(ApplicationLifecycleManager.java:215) + at io.quarkus.runtime.Quarkus.run(Quarkus.java:67) + at org.keycloak.quarkus.runtime.KeycloakMain.start(KeycloakMain.java:86) + at org.keycloak.quarkus.runtime.cli.command.AbstractStartCommand.run(AbstractStartCommand.java:34) + at picocli.CommandLine.executeUserObject(CommandLine.java:1939) + at picocli.CommandLine.access$1300(CommandLine.java:145) + at picocli.CommandLine$RunLast.executeUserObjectOfLastSubcommandWithSameParent(CommandLine.java:2358) + at picocli.CommandLine$RunLast.handle(CommandLine.java:2352) + at picocli.CommandLine$RunLast.handle(CommandLine.java:2314) + at picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:2179) + at picocli.CommandLine$RunLast.execute(CommandLine.java:2316) + at picocli.CommandLine.execute(CommandLine.java:2078) + at org.keycloak.quarkus.runtime.cli.Picocli.parseAndRun(Picocli.java:88) + at org.keycloak.quarkus.runtime.KeycloakMain.main(KeycloakMain.java:77) + at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) + at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) + at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) + at java.base/java.lang.reflect.Method.invoke(Method.java:566) + at io.quarkus.bootstrap.runner.QuarkusEntryPoint.doRun(QuarkusEntryPoint.java:60) + at io.quarkus.bootstrap.runner.QuarkusEntryPoint.main(QuarkusEntryPoint.java:31) +2023-01-31 20:16:47 jdbc[4]: exception +org.h2.jdbc.JdbcSQLException: Database is already closed (to disable automatic closing at VM shutdown, add ";DB_CLOSE_ON_EXIT=FALSE" to the db URL) [90121-197] + at org.h2.message.DbException.getJdbcSQLException(DbException.java:357) + at org.h2.message.DbException.get(DbException.java:179) + at org.h2.message.DbException.get(DbException.java:155) + at org.h2.message.DbException.get(DbException.java:144) + at org.h2.jdbc.JdbcConnection.checkClosed(JdbcConnection.java:1526) + at org.h2.jdbcx.JdbcXAConnection$PooledJdbcConnection.checkClosed(JdbcXAConnection.java:470) + at org.h2.jdbc.JdbcConnection.checkClosedForWrite(JdbcConnection.java:1512) + at org.h2.jdbc.JdbcConnection.rollback(JdbcConnection.java:516) + at org.h2.jdbcx.JdbcXAConnection$PooledJdbcConnection.close(JdbcXAConnection.java:450) + at org.h2.jdbcx.JdbcXAConnection.close(JdbcXAConnection.java:78) + at io.agroal.pool.ConnectionHandler.closeConnection(ConnectionHandler.java:185) + at io.agroal.pool.ConnectionPool$DestroyConnectionTask.run(ConnectionPool.java:768) + at io.agroal.pool.ConnectionPool.close(ConnectionPool.java:189) + at io.agroal.pool.DataSource.close(DataSource.java:79) + at io.quarkus.agroal.runtime.DataSources.stop(DataSources.java:381) + at io.quarkus.agroal.runtime.DataSources_Bean.destroy(Unknown Source) + at io.quarkus.agroal.runtime.DataSources_Bean.destroy(Unknown Source) + at io.quarkus.arc.impl.AbstractInstanceHandle.destroyInternal(AbstractInstanceHandle.java:80) + at io.quarkus.arc.impl.ContextInstanceHandleImpl.destroy(ContextInstanceHandleImpl.java:20) + at io.quarkus.arc.impl.AbstractSharedContext.destroy(AbstractSharedContext.java:94) + at io.quarkus.arc.impl.ArcContainerImpl.shutdown(ArcContainerImpl.java:369) + at io.quarkus.arc.Arc.shutdown(Arc.java:52) + at io.quarkus.arc.runtime.ArcRecorder$1.run(ArcRecorder.java:44) + at io.quarkus.runtime.StartupContext.runAllInReverseOrder(StartupContext.java:84) + at io.quarkus.runtime.StartupContext.close(StartupContext.java:73) + at io.quarkus.runner.ApplicationImpl.doStop(Unknown Source) + at io.quarkus.runtime.Application.stop(Application.java:203) + at io.quarkus.runtime.Application.stop(Application.java:155) + at io.quarkus.runtime.ApplicationLifecycleManager.run(ApplicationLifecycleManager.java:215) + at io.quarkus.runtime.Quarkus.run(Quarkus.java:67) + at org.keycloak.quarkus.runtime.KeycloakMain.start(KeycloakMain.java:86) + at org.keycloak.quarkus.runtime.cli.command.AbstractStartCommand.run(AbstractStartCommand.java:34) + at picocli.CommandLine.executeUserObject(CommandLine.java:1939) + at picocli.CommandLine.access$1300(CommandLine.java:145) + at picocli.CommandLine$RunLast.executeUserObjectOfLastSubcommandWithSameParent(CommandLine.java:2358) + at picocli.CommandLine$RunLast.handle(CommandLine.java:2352) + at picocli.CommandLine$RunLast.handle(CommandLine.java:2314) + at picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:2179) + at picocli.CommandLine$RunLast.execute(CommandLine.java:2316) + at picocli.CommandLine.execute(CommandLine.java:2078) + at org.keycloak.quarkus.runtime.cli.Picocli.parseAndRun(Picocli.java:88) + at org.keycloak.quarkus.runtime.KeycloakMain.main(KeycloakMain.java:77) + at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) + at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) + at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) + at java.base/java.lang.reflect.Method.invoke(Method.java:566) + at io.quarkus.bootstrap.runner.QuarkusEntryPoint.doRun(QuarkusEntryPoint.java:60) + at io.quarkus.bootstrap.runner.QuarkusEntryPoint.main(QuarkusEntryPoint.java:31) +2023-01-31 20:16:47 jdbc[5]: exception +org.h2.jdbc.JdbcSQLException: Database is already closed (to disable automatic closing at VM shutdown, add ";DB_CLOSE_ON_EXIT=FALSE" to the db URL) [90121-197] + at org.h2.message.DbException.getJdbcSQLException(DbException.java:357) + at org.h2.message.DbException.get(DbException.java:179) + at org.h2.message.DbException.get(DbException.java:155) + at org.h2.message.DbException.get(DbException.java:144) + at org.h2.jdbc.JdbcConnection.checkClosed(JdbcConnection.java:1526) + at org.h2.jdbcx.JdbcXAConnection$PooledJdbcConnection.checkClosed(JdbcXAConnection.java:470) + at org.h2.jdbc.JdbcConnection.checkClosedForWrite(JdbcConnection.java:1512) + at org.h2.jdbc.JdbcConnection.rollback(JdbcConnection.java:516) + at org.h2.jdbcx.JdbcXAConnection$PooledJdbcConnection.close(JdbcXAConnection.java:450) + at org.h2.jdbcx.JdbcXAConnection.close(JdbcXAConnection.java:78) + at io.agroal.pool.ConnectionHandler.closeConnection(ConnectionHandler.java:185) + at io.agroal.pool.ConnectionPool$DestroyConnectionTask.run(ConnectionPool.java:768) + at io.agroal.pool.ConnectionPool.close(ConnectionPool.java:189) + at io.agroal.pool.DataSource.close(DataSource.java:79) + at io.quarkus.agroal.runtime.DataSources.stop(DataSources.java:381) + at io.quarkus.agroal.runtime.DataSources_Bean.destroy(Unknown Source) + at io.quarkus.agroal.runtime.DataSources_Bean.destroy(Unknown Source) + at io.quarkus.arc.impl.AbstractInstanceHandle.destroyInternal(AbstractInstanceHandle.java:80) + at io.quarkus.arc.impl.ContextInstanceHandleImpl.destroy(ContextInstanceHandleImpl.java:20) + at io.quarkus.arc.impl.AbstractSharedContext.destroy(AbstractSharedContext.java:94) + at io.quarkus.arc.impl.ArcContainerImpl.shutdown(ArcContainerImpl.java:369) + at io.quarkus.arc.Arc.shutdown(Arc.java:52) + at io.quarkus.arc.runtime.ArcRecorder$1.run(ArcRecorder.java:44) + at io.quarkus.runtime.StartupContext.runAllInReverseOrder(StartupContext.java:84) + at io.quarkus.runtime.StartupContext.close(StartupContext.java:73) + at io.quarkus.runner.ApplicationImpl.doStop(Unknown Source) + at io.quarkus.runtime.Application.stop(Application.java:203) + at io.quarkus.runtime.Application.stop(Application.java:155) + at io.quarkus.runtime.ApplicationLifecycleManager.run(ApplicationLifecycleManager.java:215) + at io.quarkus.runtime.Quarkus.run(Quarkus.java:67) + at org.keycloak.quarkus.runtime.KeycloakMain.start(KeycloakMain.java:86) + at org.keycloak.quarkus.runtime.cli.command.AbstractStartCommand.run(AbstractStartCommand.java:34) + at picocli.CommandLine.executeUserObject(CommandLine.java:1939) + at picocli.CommandLine.access$1300(CommandLine.java:145) + at picocli.CommandLine$RunLast.executeUserObjectOfLastSubcommandWithSameParent(CommandLine.java:2358) + at picocli.CommandLine$RunLast.handle(CommandLine.java:2352) + at picocli.CommandLine$RunLast.handle(CommandLine.java:2314) + at picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:2179) + at picocli.CommandLine$RunLast.execute(CommandLine.java:2316) + at picocli.CommandLine.execute(CommandLine.java:2078) + at org.keycloak.quarkus.runtime.cli.Picocli.parseAndRun(Picocli.java:88) + at org.keycloak.quarkus.runtime.KeycloakMain.main(KeycloakMain.java:77) + at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) + at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) + at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) + at java.base/java.lang.reflect.Method.invoke(Method.java:566) + at io.quarkus.bootstrap.runner.QuarkusEntryPoint.doRun(QuarkusEntryPoint.java:60) + at io.quarkus.bootstrap.runner.QuarkusEntryPoint.main(QuarkusEntryPoint.java:31) +2023-01-31 20:34:31 jdbc[3]: exception +org.h2.jdbc.JdbcSQLException: Database is already closed (to disable automatic closing at VM shutdown, add ";DB_CLOSE_ON_EXIT=FALSE" to the db URL) [90121-197] + at org.h2.message.DbException.getJdbcSQLException(DbException.java:357) + at org.h2.message.DbException.get(DbException.java:179) + at org.h2.message.DbException.get(DbException.java:155) + at org.h2.message.DbException.get(DbException.java:144) + at org.h2.jdbc.JdbcConnection.checkClosed(JdbcConnection.java:1526) + at org.h2.jdbcx.JdbcXAConnection$PooledJdbcConnection.checkClosed(JdbcXAConnection.java:470) + at org.h2.jdbc.JdbcConnection.checkClosed(JdbcConnection.java:1502) + at org.h2.jdbc.JdbcConnection.setAutoCommit(JdbcConnection.java:455) + at org.h2.jdbcx.JdbcXAConnection$PooledJdbcConnection.close(JdbcXAConnection.java:451) + at org.h2.jdbcx.JdbcXAConnection.close(JdbcXAConnection.java:78) + at io.agroal.pool.ConnectionHandler.closeConnection(ConnectionHandler.java:185) + at io.agroal.pool.ConnectionPool$DestroyConnectionTask.run(ConnectionPool.java:768) + at io.agroal.pool.ConnectionPool.close(ConnectionPool.java:189) + at io.agroal.pool.DataSource.close(DataSource.java:79) + at io.quarkus.agroal.runtime.DataSources.stop(DataSources.java:381) + at io.quarkus.agroal.runtime.DataSources_Bean.destroy(Unknown Source) + at io.quarkus.agroal.runtime.DataSources_Bean.destroy(Unknown Source) + at io.quarkus.arc.impl.AbstractInstanceHandle.destroyInternal(AbstractInstanceHandle.java:80) + at io.quarkus.arc.impl.ContextInstanceHandleImpl.destroy(ContextInstanceHandleImpl.java:20) + at io.quarkus.arc.impl.AbstractSharedContext.destroy(AbstractSharedContext.java:94) + at io.quarkus.arc.impl.ArcContainerImpl.shutdown(ArcContainerImpl.java:369) + at io.quarkus.arc.Arc.shutdown(Arc.java:52) + at io.quarkus.arc.runtime.ArcRecorder$1.run(ArcRecorder.java:44) + at io.quarkus.runtime.StartupContext.runAllInReverseOrder(StartupContext.java:84) + at io.quarkus.runtime.StartupContext.close(StartupContext.java:73) + at io.quarkus.runner.ApplicationImpl.doStop(Unknown Source) + at io.quarkus.runtime.Application.stop(Application.java:203) + at io.quarkus.runtime.Application.stop(Application.java:155) + at io.quarkus.runtime.ApplicationLifecycleManager$ShutdownHookThread.run(ApplicationLifecycleManager.java:420) +2023-01-31 20:36:21 jdbc[3]: exception +org.h2.jdbc.JdbcSQLException: Database is already closed (to disable automatic closing at VM shutdown, add ";DB_CLOSE_ON_EXIT=FALSE" to the db URL) [90121-197] + at org.h2.message.DbException.getJdbcSQLException(DbException.java:357) + at org.h2.message.DbException.get(DbException.java:179) + at org.h2.message.DbException.get(DbException.java:155) + at org.h2.message.DbException.get(DbException.java:144) + at org.h2.jdbc.JdbcConnection.checkClosed(JdbcConnection.java:1526) + at org.h2.jdbcx.JdbcXAConnection$PooledJdbcConnection.checkClosed(JdbcXAConnection.java:470) + at org.h2.jdbc.JdbcConnection.checkClosed(JdbcConnection.java:1502) + at org.h2.jdbc.JdbcConnection.setAutoCommit(JdbcConnection.java:455) + at org.h2.jdbcx.JdbcXAConnection$PooledJdbcConnection.close(JdbcXAConnection.java:451) + at org.h2.jdbcx.JdbcXAConnection.close(JdbcXAConnection.java:78) + at io.agroal.pool.ConnectionHandler.closeConnection(ConnectionHandler.java:185) + at io.agroal.pool.ConnectionPool$DestroyConnectionTask.run(ConnectionPool.java:768) + at io.agroal.pool.ConnectionPool.close(ConnectionPool.java:189) + at io.agroal.pool.DataSource.close(DataSource.java:79) + at io.quarkus.agroal.runtime.DataSources.stop(DataSources.java:381) + at io.quarkus.agroal.runtime.DataSources_Bean.destroy(Unknown Source) + at io.quarkus.agroal.runtime.DataSources_Bean.destroy(Unknown Source) + at io.quarkus.arc.impl.AbstractInstanceHandle.destroyInternal(AbstractInstanceHandle.java:80) + at io.quarkus.arc.impl.ContextInstanceHandleImpl.destroy(ContextInstanceHandleImpl.java:20) + at io.quarkus.arc.impl.AbstractSharedContext.destroy(AbstractSharedContext.java:94) + at io.quarkus.arc.impl.ArcContainerImpl.shutdown(ArcContainerImpl.java:369) + at io.quarkus.arc.Arc.shutdown(Arc.java:52) + at io.quarkus.arc.runtime.ArcRecorder$1.run(ArcRecorder.java:44) + at io.quarkus.runtime.StartupContext.runAllInReverseOrder(StartupContext.java:84) + at io.quarkus.runtime.StartupContext.close(StartupContext.java:73) + at io.quarkus.runner.ApplicationImpl.doStop(Unknown Source) + at io.quarkus.runtime.Application.stop(Application.java:203) + at io.quarkus.runtime.Application.stop(Application.java:155) + at io.quarkus.runtime.ApplicationLifecycleManager$ShutdownHookThread.run(ApplicationLifecycleManager.java:420) +2023-01-31 20:37:21 jdbc[3]: exception +org.h2.jdbc.JdbcSQLException: Database is already closed (to disable automatic closing at VM shutdown, add ";DB_CLOSE_ON_EXIT=FALSE" to the db URL) [90121-197] + at org.h2.message.DbException.getJdbcSQLException(DbException.java:357) + at org.h2.message.DbException.get(DbException.java:179) + at org.h2.message.DbException.get(DbException.java:155) + at org.h2.message.DbException.get(DbException.java:144) + at org.h2.jdbc.JdbcConnection.checkClosed(JdbcConnection.java:1526) + at org.h2.jdbcx.JdbcXAConnection$PooledJdbcConnection.checkClosed(JdbcXAConnection.java:470) + at org.h2.jdbc.JdbcConnection.checkClosedForWrite(JdbcConnection.java:1512) + at org.h2.jdbc.JdbcConnection.rollback(JdbcConnection.java:516) + at org.h2.jdbcx.JdbcXAConnection$PooledJdbcConnection.close(JdbcXAConnection.java:450) + at io.agroal.pool.ConnectionFactory.xaConnectionSetup(ConnectionFactory.java:251) + at io.agroal.pool.ConnectionFactory.createConnection(ConnectionFactory.java:216) + at io.agroal.pool.ConnectionPool$CreateConnectionTask.call(ConnectionPool.java:513) + at io.agroal.pool.ConnectionPool$CreateConnectionTask.call(ConnectionPool.java:494) + at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) + at io.agroal.pool.util.PriorityScheduledExecutor.beforeExecute(PriorityScheduledExecutor.java:75) + at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1126) + at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) + at java.base/java.lang.Thread.run(Thread.java:829) +2023-01-31 20:37:21 jdbc[3]: exception +org.h2.jdbc.JdbcSQLException: Database is already closed (to disable automatic closing at VM shutdown, add ";DB_CLOSE_ON_EXIT=FALSE" to the db URL) [90121-197] + at org.h2.message.DbException.getJdbcSQLException(DbException.java:357) + at org.h2.message.DbException.get(DbException.java:179) + at org.h2.message.DbException.get(DbException.java:155) + at org.h2.message.DbException.get(DbException.java:144) + at org.h2.jdbc.JdbcConnection.checkClosed(JdbcConnection.java:1526) + at org.h2.jdbc.JdbcConnection.checkClosedForWrite(JdbcConnection.java:1512) + at org.h2.jdbc.JdbcConnection.rollback(JdbcConnection.java:516) + at org.h2.jdbcx.JdbcXAConnection.getConnection(JdbcXAConnection.java:104) + at io.agroal.pool.ConnectionHandler.(ConnectionHandler.java:91) + at io.agroal.pool.ConnectionPool$CreateConnectionTask.call(ConnectionPool.java:513) + at io.agroal.pool.ConnectionPool$CreateConnectionTask.call(ConnectionPool.java:494) + at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) + at io.agroal.pool.util.PriorityScheduledExecutor.beforeExecute(PriorityScheduledExecutor.java:75) + at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1126) + at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) + at java.base/java.lang.Thread.run(Thread.java:829)