Skip to content

Commit ee8c5c3

Browse files
jtrileyjtriley
committed
add rhoai-test client for openshift logins
1 parent c05de1e commit ee8c5c3

File tree

1 file changed

+118
-0
lines changed

1 file changed

+118
-0
lines changed

k8s/overlays/nerc-shift-1/clients/rhoai-test.yaml

Lines changed: 118 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,118 @@
1+
apiVersion: keycloak.org/v1alpha1
2+
kind: KeycloakClient
3+
metadata:
4+
name: rhoai-test-client
5+
labels:
6+
client: rhoai-test-client
7+
spec:
8+
realmSelector:
9+
matchLabels:
10+
realm: mss
11+
client:
12+
attributes:
13+
access.token.lifespan: "60"
14+
backchannel.logout.revoke.offline.tokens: "false"
15+
backchannel.logout.session.required: "true"
16+
client_credentials.use_refresh_token: "false"
17+
display.on.consent.screen: "false"
18+
exclude.session.state.from.auth.response: "false"
19+
id.token.as.detached.signature: "false"
20+
oauth2.device.authorization.grant.enabled: "false"
21+
oidc.ciba.grant.enabled: "false"
22+
require.pushed.authorization.requests: "false"
23+
saml.artifact.binding: "false"
24+
saml.assertion.signature: "false"
25+
saml.authnstatement: "false"
26+
saml.client.signature: "false"
27+
saml.encrypt: "false"
28+
saml.force.post.binding: "false"
29+
saml.multivalued.roles: "false"
30+
saml.onetimeuse.condition: "false"
31+
saml.server.signature: "false"
32+
saml.server.signature.keyinfo.ext: "false"
33+
saml_force_name_id_format: "false"
34+
tls.client.certificate.bound.access.tokens: "false"
35+
use.refresh.tokens: "true"
36+
clientAuthenticatorType: client-secret
37+
clientId: rhoai-test
38+
defaultClientScopes:
39+
- web-origins
40+
- roles
41+
- profile
42+
- email
43+
directAccessGrantsEnabled: false
44+
enabled: true
45+
fullScopeAllowed: true
46+
implicitFlowEnabled: false
47+
nodeReRegistrationTimeout: -1
48+
optionalClientScopes:
49+
- address
50+
- phone
51+
- offline_access
52+
- microprofile-jwt
53+
protocol: openid-connect
54+
protocolMappers:
55+
- config:
56+
access.token.claim: "false"
57+
claim.name: cilogon_idp_name
58+
id.token.claim: "true"
59+
jsonType.label: String
60+
user.attribute: cilogon_idp_name
61+
userinfo.token.claim: "true"
62+
name: cilogon_idp_name
63+
protocol: openid-connect
64+
protocolMapper: oidc-usermodel-attribute-mapper
65+
- config:
66+
access.token.claim: "false"
67+
claim.name: preferred_username
68+
id.token.claim: "true"
69+
jsonType.label: String
70+
user.attribute: username
71+
userinfo.token.claim: "true"
72+
name: username
73+
protocol: openid-connect
74+
protocolMapper: oidc-usermodel-property-mapper
75+
- config:
76+
access.token.claim: "false"
77+
claim.name: sub
78+
id.token.claim: "true"
79+
jsonType.label: String
80+
user.attribute: username
81+
userinfo.token.claim: "true"
82+
name: sub
83+
protocol: openid-connect
84+
protocolMapper: oidc-usermodel-property-mapper
85+
- config:
86+
access.token.claim: "true"
87+
claim.name: clientHost
88+
id.token.claim: "true"
89+
jsonType.label: String
90+
user.session.note: clientHost
91+
name: Client Host
92+
protocol: openid-connect
93+
protocolMapper: oidc-usersessionmodel-note-mapper
94+
- config:
95+
access.token.claim: "true"
96+
claim.name: clientAddress
97+
id.token.claim: "true"
98+
jsonType.label: String
99+
user.session.note: clientAddress
100+
name: Client IP Address
101+
protocol: openid-connect
102+
protocolMapper: oidc-usersessionmodel-note-mapper
103+
- config:
104+
access.token.claim: "true"
105+
claim.name: clientId
106+
id.token.claim: "true"
107+
jsonType.label: String
108+
user.session.note: clientId
109+
name: Client ID
110+
protocol: openid-connect
111+
protocolMapper: oidc-usersessionmodel-note-mapper
112+
publicClient: false
113+
webOrigins:
114+
- https://console-openshift-console.apps.rhoai-test.nerc.mghpcc.org
115+
redirectUris:
116+
- https://oauth-openshift.apps.rhoai-test.nerc.mghpcc.org/*
117+
serviceAccountsEnabled: false
118+
standardFlowEnabled: true

0 commit comments

Comments
 (0)