sheppy/opendesk
1
0
Fork 0
mirror of https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git synced 2025-12-06 23:41:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix(nubus): Drop guardian provisioning

Browse Source
This commit is contained in:
Jaime Conde
2024-07-16 10:00:59 +02:00
committed by Carlos García-Mauriño
parent 9dfbadfac5
commit ef346d4b57
1 changed files with 0 additions and 292 deletions
Download Patch File Download Diff File Expand all files Collapse all files

292
helmfile/apps/nubus/values-opendesk-keycloak-bootstrap.yaml.gotmpl
View File

@@ -302,298 +302,6 @@ config:
- "address"
- "email"
- "profile"
- name: "guardian-management-api"
clientId: "guardian-management-api"
rootUrl: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
baseUrl: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
protocol: "openid-connect"
publicClient: false
clientAuthenticatorType: "client-secret"
secret: {{ .Values.secrets.keycloak.clientSecret.guardian | quote }}
redirectUris:
- "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/guardian/*"
fullScopeAllowed: true
standardFlowEnabled: true
implicitFlowEnabled: false
directAccessGrantsEnabled: false
serviceAccountsEnabled: true
protocolMappers:
- name: "Client Host"
protocol: "openid-connect"
protocolMapper: "oidc-usersessionmodel-note-mapper"
consentRequired: false
config:
user.session.note: "clientHost"
userinfo.token.claim: true
id.token.claim: true
access.token.claim: true
claim.name: "clientHost"
jsonType.label: "String"
- name: "Client ID"
protocol: "openid-connect"
protocolMapper: "oidc-usersessionmodel-note-mapper"
consentRequired: false
config:
user.session.note: "client_id"
userinfo.token.claim: true
id.token.claim: true
access.token.claim: true
claim.name: "client_id"
jsonType.label: "String"
- name: "guardian-audience"
protocol: "openid-connect"
protocolMapper: "oidc-audience-mapper"
consentRequired: false
config:
included.client.audience: "guardian"
userinfo.token.claim: false
id.token.claim: false
access.token.claim: true
- name: "audiencemap"
protocol: "openid-connect"
protocolMapper: "oidc-audience-mapper"
consentRequired: false
config:
included.client.audience: "guardian-cli"
userinfo.token.claim: true
id.token.claim: true
access.token.claim: true
- name: "dn"
protocol: "openid-connect"
protocolMapper: "oidc-usermodel-attribute-mapper"
consentRequired: false
config:
userinfo.token.claim: false
user.attribute: "LDAP_ENTRY_DN"
id.token.claim: false
access.token.claim: true
claim.name: "dn"
jsonType.label: "String"
- name: "username"
protocol: "openid-connect"
protocolMapper: "oidc-usermodel-property-mapper"
consentRequired: false
config:
userinfo.token.claim: true
user.attribute: "username"
id.token.claim: true
access.token.claim: true
claim.name: "preferred_username"
jsonType.label: "String"
- name: "uid"
protocol: "openid-connect"
protocolMapper: "oidc-usermodel-attribute-mapper"
consentRequired: false
config:
userinfo.token.claim: true
user.attribute: "uid"
id.token.claim: true
access.token.claim: true
claim.name: "uid"
jsonType.label: "String"
- name: "email"
protocol: "openid-connect"
protocolMapper: "oidc-usermodel-property-mapper"
consentRequired: false
config:
userinfo.token.claim: true
user.attribute: "email"
id.token.claim: true
access.token.claim: true
claim.name: "email"
jsonType.label: "String"
- name: "Client IP Address"
protocol: "openid-connect"
protocolMapper: "oidc-usersessionmodel-note-mapper"
consentRequired: false
config:
user.session.note: "clientAddress"
userinfo.token.claim: true
id.token.claim: true
access.token.claim: true
claim.name: "clientAddress"
jsonType.label: "String"
- name: "guardian-scripts"
clientId: "guardian-scripts"
description: ""
rootUrl: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
adminUrl: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
baseUrl: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
surrogateAuthRequired: false
enabled: true
alwaysDisplayInConsole: false
clientAuthenticatorType: "client-secret"
redirectUris:
- "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/guardian/*"
- "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
- "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/guardian/*"
webOrigins:
- "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
bearerOnly: false
consentRequired: false
standardFlowEnabled: true
implicitFlowEnabled: false
directAccessGrantsEnabled: true
serviceAccountsEnabled: false
publicClient: true
frontchannelLogout: false
protocol: "openid-connect"
fullScopeAllowed: true
protocolMappers:
- name: "email"
protocol: "openid-connect"
protocolMapper: "oidc-usermodel-property-mapper"
consentRequired: false
config:
userinfo.token.claim: true
user.attribute: "email"
id.token.claim: true
access.token.claim: true
claim.name: "email"
jsonType.label: "String"
- name: "guardian-audience"
protocol: "openid-connect"
protocolMapper: "oidc-audience-mapper"
consentRequired: false
config:
included.client.audience: "guardian"
id.token.claim: false
access.token.claim: true
userinfo.token.claim: false
- name: "username"
protocol: "openid-connect"
protocolMapper: "oidc-usermodel-property-mapper"
consentRequired: false
config:
userinfo.token.claim: true
user.attribute: "username"
id.token.claim: true
access.token.claim: true
claim.name: "preferred_username"
jsonType.label: "String"
- name: "uid"
protocol: "openid-connect"
protocolMapper: "oidc-usermodel-attribute-mapper"
consentRequired: false
config:
userinfo.token.claim: true
user.attribute: "uid"
id.token.claim: true
access.token.claim: true
claim.name: "uid"
jsonType.label: "String"
- name: "audiencemap"
protocol: "openid-connect"
protocolMapper: "oidc-audience-mapper"
consentRequired: false
config:
included.client.audience: "guardian-scripts"
id.token.claim: true
access.token.claim: true
userinfo.token.claim: true
- name: "dn"
protocol: "openid-connect"
protocolMapper: "oidc-usermodel-attribute-mapper"
consentRequired: false
config:
aggregate.attrs: false
multivalued: false
userinfo.token.claim: false
user.attribute: "LDAP_ENTRY_DN"
id.token.claim: false
access.token.claim: true
claim.name: "dn"
jsonType.label: "String"
defaultClientScopes:
- "opendesk"
- "web-origins"
- "acr"
- "roles"
- "profile"
- "email"
optionalClientScopes:
- "address"
- "phone"
- "offline_access"
- "microprofile-jwt"
- name: "guardian-ui"
clientId: "guardian-ui"
rootUrl: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
baseUrl: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
clientAuthenticatorType: "client-secret"
redirectUris:
- "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/guardian/*"
standardFlowEnabled: true
publicClient: true
implicitFlowEnabled: false
directAccessGrantsEnabled: false
serviceAccountsEnabled: false
protocol: "openid-connect"
fullScopeAllowed: true
protocolMappers:
- name: "uid"
protocol: "openid-connect"
protocolMapper: "oidc-usermodel-attribute-mapper"
consentRequired: false
config:
userinfo.token.claim: true
user.attribute: "uid"
id.token.claim: true
access.token.claim: true
claim.name: "uid"
jsonType.label: "String"
- name: "username"
protocol: "openid-connect"
protocolMapper: "oidc-usermodel-property-mapper"
consentRequired: false
config:
userinfo.token.claim: true
user.attribute: "username"
id.token.claim: true
access.token.claim: true
claim.name: "preferred_username"
jsonType.label: "String"
- name: "dn"
protocol: "openid-connect"
protocolMapper: "oidc-usermodel-attribute-mapper"
consentRequired: false
config:
userinfo.token.claim: "false"
user.attribute: "LDAP_ENTRY_DN"
id.token.claim: false
access.token.claim: true
claim.name: "dn"
jsonType.label: "String"
- name: "audiencemap"
protocol: "openid-connect"
protocolMapper: "oidc-audience-mapper"
consentRequired: false
config:
included.client.audience: "guardian"
id.token.claim: true
access.token.claim: true
userinfo.token.claim: true
- name: "email"
protocol: "openid-connect"
protocolMapper: "oidc-usermodel-property-mapper"
consentRequired: false
config:
userinfo.token.claim: true
user.attribute: "email"
id.token.claim: true
access.token.claim: true
claim.name: "email"
jsonType.label: "String"
- name: "guardian-audience"
protocol: "openid-connect"
protocolMapper: "oidc-audience-mapper"
consentRequired: false
config:
included.client.audience: "guardian"
id.token.claim: false
access.token.claim: true
userinfo.token.claim: false
containerSecurityContext:
allowPrivilegeEscalation: false