Attachments

keycloak-realm.json

Note: verifyEmail is set to false - When verification by SMS code is used, this must be false, as otherwise the user would never be able to log in. If an email link is used for verification, CPS will set "VERIFY_EMAIL" as the required action and send the email - an account cannot obtain a JWT token before the email is validated. This means it can be set to false in both scenarios.

{
"id": "cps-default",
"realm": "cps-default",
"enabled": true,
"verifyEmail": false,
"editUsernameAllowed": true,
"accessTokenLifespan": 1800,
"ssoSessionIdleTimeout": 31536000,
"ssoSessionMaxLifespan": 31536000,
"roles": {
"realm": [
{
"id": "role_uma_authorization",
"name": "uma_authorization",
"description": "${role_uma_authorization}",
"composite": false,
"clientRole": false,
"containerId": "cps-default",
"attributes": {}
},
{
"id": "role_default-roles-cps-default",
"name": "default-roles-cps-default",
"description": "${role_default-roles}",
"composite": true,
"composites": {
"realm": [
"CUSTOMER_PROFILE",
"offline_access",
"uma_authorization"
],
"client": {
"account": [
"view-profile",
"manage-account"
]
}
},
"clientRole": false,
"containerId": "cps-default",
"attributes": {}
},
{
"id": "role_offline_access",
"name": "offline_access",
"description": "${role_offline-access}",
"composite": false,
"clientRole": false,
"containerId": "cps-default",
"attributes": {}
},
{
"id": "role_CUSTOMER_PROFILE",
"name": "CUSTOMER_PROFILE",
"composite": false,
"clientRole": false,
"containerId": "cps-default",
"attributes": {}
},
{
"id": "role_CUSTOMER_PROFILE_ANONYMOUS",
"name": "CUSTOMER_PROFILE_ANONYMOUS",
"composite": false,
"clientRole": false,
"containerId": "cps-default",
"attributes": {}
}
]
},
"defaultRole": {
"id": "role_default-roles-cps-default",
"name": "default-roles-cps-default",
"description": "${role_default-roles}",
"composite": true,
"clientRole": false,
"containerId": "cps-default"
},
"requiredCredentials": [
"password"
],
"clients": [
{
"id": "client_admin-cli",
"clientId": "admin-cli",
"name": "${client_admin-cli}",
"enabled": true,
"clientAuthenticatorType": "client-secret",
"directAccessGrantsEnabled": true,
"publicClient": true,
"fullScopeAllowed": true,
"protocolMappers": [
{
"name": "aud: gk-ssc",
"protocol": "openid-connect",
"protocolMapper": "oidc-audience-mapper",
"consentRequired": false,
"config": {
"id.token.claim": "false",
"access.token.claim": "true",
"included.custom.audience": "gk-ssc",
"userinfo.token.claim": "false"
 }
},
{
"name": "hardcoded empty properties",
"protocol": "openid-connect",
"protocolMapper": "oidc-hardcoded-claim-mapper",
"consentRequired": false,
"config": {
"claim.value": "{}",
"userinfo.token.claim": "true",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "id_token.properties",
"jsonType.label": "JSON",
"access.tokenResponse.claim": "false"
}
},
{
"name": "ID to id_token.sub",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "id",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "id_token.sub",
"jsonType.label": "String"
}
},
{
"name": "hardcoded empty authorities",
"protocol": "openid-connect",
"protocolMapper": "oidc-hardcoded-claim-mapper",
"consentRequired": false,
"config": {
"claim.value": "[]",
"userinfo.token.claim": "true",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "id_token.authorities",
"jsonType.label": "JSON",
"access.tokenResponse.claim": "false"
}
}
],
"defaultClientScopes": [
"web-origins",
"roles",
"profile",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
]
},
{
"id": "client_ssc-byod",
"clientId": "ssc-byod",
"name": "SSC BYOD",
"enabled": true,
"clientAuthenticatorType": "client-secret",
"directAccessGrantsEnabled": true,
"publicClient": true,
"fullScopeAllowed": true,
"protocolMappers": [
{
"name": "aud: gk-ssc",
"protocol": "openid-connect",
"protocolMapper": "oidc-audience-mapper",
"consentRequired": false,
"config": {
"id.token.claim": "false",
"access.token.claim": "true",
"included.custom.audience": "gk-ssc",
"userinfo.token.claim": "false"
 }
},
{
"name": "hardcoded empty properties",
"protocol": "openid-connect",
"protocolMapper": "oidc-hardcoded-claim-mapper",
"consentRequired": false,
"config": {
"claim.value": "{}",
"userinfo.token.claim": "true",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "id_token.properties",
"jsonType.label": "JSON",
"access.tokenResponse.claim": "false"
}
},
{
"name": "ID to id_token.sub",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "id",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "id_token.sub",
"jsonType.label": "String"
}
},
"name": "externalCustomerId to id_token.sub",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "externalCustomerId",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "id_token.sub",
"jsonType.label": "String"
}
},
{
"name": "externalCustomerId to sub",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "externalCustomerId",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "sub",
"jsonType.label": "String"
}
},
 {
"name": "hardcoded empty authorities",
"protocol": "openid-connect",
"protocolMapper": "oidc-hardcoded-claim-mapper",
"consentRequired": false,
"config": {
"claim.value": "[]",
"userinfo.token.claim": "true",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "id_token.authorities",
"jsonType.label": "JSON",
"access.tokenResponse.claim": "false"
}
},
{
"name": "GK tenant ID",
"protocol": "openid-connect",
"protocolMapper": "oidc-hardcoded-claim-mapper",
"consentRequired": false,
"config": {
"id.token.claim": "false",
"access.token.claim": "true",
"claim.name": "gk_tenant_id",
"claim.value": "{{tenantId}}",
"jsonType.label": "String"
}
 ],
"defaultClientScopes": [
"web-origins",
"roles",
"profile",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
]
},
{
"id":"client_customer-profile-service",
"clientId": "customer-profile-service",
"enabled": true,
"clientAuthenticatorType": "client-secret",
"secret": "CUSTOMER_PROFILE_SERVICE_CLIENT_SECRET",
"redirectUris": [
"*"
],
"webOrigins": [
""
],
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": true,
"authorizationServicesEnabled": true,
"publicClient": false,
"protocol": "openid-connect",
"fullScopeAllowed": true,
"defaultClientScopes": [
"web-origins",
"roles",
"profile",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
]
}
],
"users": [
{
"id": "user_service-account-cps",
"username": "service-account-customer-profile-service",
"enabled": true,
"emailVerified": false,
"serviceAccountClientId": "customer-profile-service",
"realmRoles": [
"default-roles-cps-default",
"customer-profile-service"
],
"clientRoles": {
"realm-management": [
"realm-admin",
"view-users",
"manage-users"
],
"customer-profile-service": [
"uma_protection"
]
}
}
],
"smtpServer" : {
"host": "__KEYCLOAK_SMTP_HOST__",
"port": "__KEYCLOAK_SMTP_PORT__",
"from": "__KEYCLOAK_SMTP_FROM__",
"fromDisplayName": "__KEYCLOAK_SMTP_FROM_DISPLAY_NAME__",
"auth": "__KEYCLOAK_SMTP_AUTH__",
"ssl": "__KEYCLOAK_SMTP_SSL__",
"starttls": "__KEYCLOAK_SMTP_STARTTLS__",
"user": "__KEYCLOAK_SMTP_USER__",
"password" : "__KEYCLOAK_SMTP_PASSWORD__"
}
} 

keycloak-anonymous-user.json

{
"enabled": true,
"emailVerified": true,
"id":"user_anonymous",
"username": "#ANONYMOUS",
"credentials":
[
{
"type":"password",
"value":"ANONYMOUS_USER_PASSWORD"
}
]
} 

keycloak-certificate.json

{
"name": "__CERTIFICATE_NAME__",
"providerId": "rsa",
"providerType": "org.keycloak.keys.KeyProvider",
"parentId": "cps-default",
"config": {
"priority": [
"__CERTIFICATE_PRIORITY__"
],
"enabled": [
"true"
],
"active": [
"true"
],
"algorithm": [
"RS256"
],
"privateKey": [
"__PRIVATE_RSA_KEY__"
],
"certificate": [
"__X509_CERTIFICATE__"
]
},
"id": "__CERTIFICATE_ID__"
}