diff --git a/import/realm-config/generic/catenax-central/CX-Central-realm.json b/import/realm-config/generic/catenax-central/CX-Central-realm.json index ffa41b80..f9ee6697 100644 --- a/import/realm-config/generic/catenax-central/CX-Central-realm.json +++ b/import/realm-config/generic/catenax-central/CX-Central-realm.json @@ -104,9 +104,86 @@ "sa-cl2-04": [], "sa-cl3-cx-1": [], "security-admin-console": [], + "Cl-25-CX-BPDM-Orchestrator": [ + { + "id": "4b20dc8b-0231-41a0-acef-662ed5353c18", + "name": "create_result_poolSync", + "description": "Allowed to create results for reserved golden record tasks in the 'PoolSync' queue.", + "composite": false, + "clientRole": true, + "containerId": "632271be-e00c-47c2-b2e9-4b12d75c8c5b", + "attributes": {} + }, + { + "id": "0a5befef-6ecf-4bc8-ab94-7f0e3731c858", + "name": "read_task", + "description": "Allowed to read the processing state and result of golden record tasks.", + "composite": false, + "clientRole": true, + "containerId": "632271be-e00c-47c2-b2e9-4b12d75c8c5b", + "attributes": {} + }, + { + "id": "4632b001-25e2-4ef8-bd04-05f7b9e0453d", + "name": "create_result_cleanAndSync", + "description": "Allowed to create results for reserved golden record tasks in the 'CleanAndSync' queue.", + "composite": false, + "clientRole": true, + "containerId": "632271be-e00c-47c2-b2e9-4b12d75c8c5b", + "attributes": {} + }, + { + "id": "d335c39d-d160-40d6-86b1-11a6e1889ddd", + "name": "create_task", + "description": "Allowed to create new golden record tasks", + "composite": false, + "clientRole": true, + "containerId": "632271be-e00c-47c2-b2e9-4b12d75c8c5b", + "attributes": {} + }, + { + "id": "1f15361f-c5ee-40e5-9169-fd32b3d0c8da", + "name": "create_reservation_clean", + "description": "Allowed to create reservations for golden record tasks inside the 'Clean' queue.", + "composite": false, + "clientRole": true, + "containerId": "632271be-e00c-47c2-b2e9-4b12d75c8c5b", + "attributes": {} + }, + { + "id": "90451361-9282-4cee-bb43-96f084a43d7e", + "name": "create_reservation_poolSync", + "description": "Allowed to create reservations for golden record tasks in the 'PoolSync' queue.", + "composite": false, + "clientRole": true, + "containerId": "632271be-e00c-47c2-b2e9-4b12d75c8c5b", + "attributes": {} + }, + { + "id": "f972bf5c-7454-4c3f-882b-0535eacd7dd9", + "name": "create_result_clean", + "description": "Allowed to create results for reserved golden record tasks in the 'Clean' queue.", + "composite": false, + "clientRole": true, + "containerId": "632271be-e00c-47c2-b2e9-4b12d75c8c5b", + "attributes": {} + }, + { + "id": "dbb4cbda-671b-4b8c-8ed8-a9c3e8ad7256", + "name": "create_reservation_cleanAndSync", + "description": "Allowed to create reservations for golden record tasks in the 'CleanAndSync' queue", + "composite": false, + "clientRole": true, + "containerId": "632271be-e00c-47c2-b2e9-4b12d75c8c5b", + "attributes": {} + } + ], "sa-cl2-03": [], + "sa-cl16-cx-3": [], + "sa-cl16-cx-2": [], "sa-cl2-05": [], "sa-cl24-01": [], + "sa-cl16-cx-1": [], "account-console": [], "sa-cl22-01": [], "Cl24-CX-SSI-CredentialIssuer": [ @@ -1618,15 +1695,20 @@ ], "technical_roles_management": [ { - "id": "1e3bef93-036c-44a8-b37a-04ca9effcfcb", - "name": "BPDM Sharing Input Consumer", - "description": "", + "id": "a1d64959-a119-4a56-ae2d-e1f6bef0c840", + "name": "BPDM Gate Admin", + "description": "Full read and write access to the Gate API", "composite": true, "composites": { "client": { "Cl16-CX-BPDMGate": [ "read_input_changelog", + "write_output_partner", + "read_output_changelog", "read_stats", + "write_sharing_state", + "read_output_partner", + "write_input_partner", "read_input_partner", "read_sharing_state" ] @@ -1652,6 +1734,46 @@ "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", "attributes": {} }, + { + "id": "3fbeeb23-c281-43a4-b76a-f0805e919905", + "name": "BPDM Orchestrator Admin", + "description": "Full read and write access to the BPDM Orchestrator component", + "composite": true, + "composites": { + "client": { + "Cl-25-CX-BPDM-Orchestrator": [ + "create_result_poolSync", + "read_task", + "create_result_cleanAndSync", + "create_task", + "create_reservation_clean", + "create_reservation_poolSync", + "create_result_clean", + "create_reservation_cleanAndSync" + ] + } + }, + "clientRole": true, + "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "attributes": {} + }, + { + "id": "a0dab74a-13d2-4ced-b0af-fa8a3894c2ec", + "name": "BPDM Orchestrator Task Creator", + "description": "Allowed to create new golden record tasks, monitor the processing state and result.", + "composite": true, + "composites": { + "client": { + "Cl-25-CX-BPDM-Orchestrator": [ + "read_task", + "create_task" + ] + } + }, + "clientRole": true, + "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "attributes": {} + }, { "id": "dee6cf7a-fb6b-451c-9ef7-87459893e48f", "name": "Registration External", @@ -1668,6 +1790,23 @@ "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", "attributes": {} }, + { + "id": "efb560b1-3649-4af9-931e-4799c61504e6", + "name": "BPDM Orchestrator Processor Cleaning", + "description": "Allowed to process golden record tasks in the 'Clean' queue", + "composite": true, + "composites": { + "client": { + "Cl-25-CX-BPDM-Orchestrator": [ + "create_reservation_clean", + "create_result_clean" + ] + } + }, + "clientRole": true, + "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "attributes": {} + }, { "id": "8ce375c0-bab3-4df7-939f-a61cd0fa0ab1", "name": "Offer Management", @@ -1689,17 +1828,32 @@ "attributes": {} }, { - "id": "97ac9e26-5db1-4b16-a7ef-a20473b7472d", - "name": "BPDM Sharing Input Manager", - "description": "", + "id": "4444626e-b5dd-4c8d-8897-0b7ad3ccdf21", + "name": "BPDM Orchestrator Processor CleanAndSync", + "description": "Allowed to process golden record tasks in the 'CleanAndSync' queue", + "composite": true, + "composites": { + "client": { + "Cl-25-CX-BPDM-Orchestrator": [ + "create_result_cleanAndSync", + "create_reservation_cleanAndSync" + ] + } + }, + "clientRole": true, + "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "attributes": {} + }, + { + "id": "d032a179-7a08-4160-9e30-c7f23bca381c", + "name": "BPDM Gate Input Consumer", + "description": "Allowed to read business partner input data", "composite": true, "composites": { "client": { "Cl16-CX-BPDMGate": [ "read_input_changelog", "read_stats", - "write_sharing_state", - "write_input_partner", "read_input_partner", "read_sharing_state" ] @@ -1712,7 +1866,7 @@ { "id": "21afd9a8-aecb-4383-9726-4e19f5ed4ed2", "name": "BPDM Pool Admin", - "description": "", + "description": "Full read and write access to the Golden Record Pool", "composite": true, "composites": { "client": { @@ -1731,36 +1885,17 @@ "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", "attributes": {} }, - { - "id": "50e20aeb-1dc7-464e-9a69-e48c34fa2078", - "name": "BPDM Sharing Output Consumer", - "description": "", - "composite": true, - "composites": { - "client": { - "Cl16-CX-BPDMGate": [ - "read_output_changelog", - "read_stats", - "read_output_partner", - "read_sharing_state" - ] - } - }, - "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", - "attributes": {} - }, { "id": "f456f008-49b1-40ea-ad89-61ad5470b5dc", "name": "BPDM Pool Consumer", - "description": "", + "description": "Allowed to read any business partner data inside the Pool", "composite": true, "composites": { "client": { "Cl7-CX-BPDM": [ "read_metadata", "read_changelog", - "read_changelog_member" + "read_partner" ] } }, @@ -1792,19 +1927,71 @@ "attributes": {} }, { - "id": "bb22abe9-7a62-4861-b00e-617298017db9", - "name": "BPDM Sharing Admin", - "description": "", + "id": "a1e82d28-ab78-40ac-aae5-cda1f3615c61", + "name": "BPDM Orchestrator Processor PoolSync", + "description": "Allowed to process golden record tasks in the 'PoolSync' queue", + "composite": true, + "composites": { + "client": { + "Cl-25-CX-BPDM-Orchestrator": [ + "create_result_poolSync", + "create_reservation_poolSync" + ] + } + }, + "clientRole": true, + "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "attributes": {} + }, + { + "id": "a5c99716-ffe5-489b-a38f-164ac9c9b8ad", + "name": "BPDM Gate Output Consumer", + "description": "Allowed to read business partner output data", + "composite": true, + "composites": { + "client": { + "Cl16-CX-BPDMGate": [ + "read_output_changelog", + "read_stats", + "read_output_partner", + "read_sharing_state" + ] + } + }, + "clientRole": true, + "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "attributes": {} + }, + { + "id": "b8f0487d-401d-4e3c-95a8-ec8504e2864b", + "name": "BPDM Pool Member Consumer", + "description": "Allowed to read business partner data from Catena-X members.", + "composite": true, + "composites": { + "client": { + "Cl7-CX-BPDM": [ + "read_metadata", + "read_partner_member", + "read_changelog_member" + ] + } + }, + "clientRole": true, + "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "attributes": {} + }, + { + "id": "2131c2ae-719a-4b32-80e8-c74a23a4f6a3", + "name": "BPDM Gate Input Manager", + "description": "Allowed to read and write business partner input data, including sending the data to the golden record process.", "composite": true, "composites": { "client": { "Cl16-CX-BPDMGate": [ "read_input_changelog", "write_output_partner", - "read_output_changelog", "read_stats", "write_sharing_state", - "read_output_partner", "write_input_partner", "read_input_partner", "read_sharing_state" @@ -1846,25 +2033,6 @@ "clientRole": true, "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", "attributes": {} - }, - { - "id": "58bc6143-972c-4bc1-bd07-78618ec20f5f", - "name": "BPDM Pool Sharing Consumer", - "description": "", - "composite": true, - "composites": { - "client": { - "Cl7-CX-BPDM": [ - "read_metadata", - "read_changelog", - "read_partner_member", - "read_changelog_member" - ] - } - }, - "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", - "attributes": {} } ], "admin-cli": [], @@ -2413,6 +2581,8 @@ "attributes": {} } ], + "sa-cl7-cx-1": [], + "sa-cl7-cx-2": [], "sa-cl21-01": [], "sa-cl7-cx-5": [], "broker": [ @@ -2466,6 +2636,8 @@ ], "sa-cl1-reg-2": [], "sa-cl5-custodian-2": [], + "sa-cl25-cx-3": [], + "sa-cl25-cx-2": [], "account": [ { "id": "9a1e745f-e0b5-4efc-9336-3ba403a79cb8", @@ -2564,7 +2736,8 @@ "containerId": "6546aea2-dbb9-4ffb-a034-c8544c4aebe0", "attributes": {} } - ] + ], + "sa-cl25-cx-1": [] } }, "groups": [], @@ -2620,180 +2793,168 @@ "webAuthnPolicyPasswordlessExtraOrigins": [], "users": [ { - "id" : "502dabcf-01c7-47d9-a88e-0be4279097b5", - "createdTimestamp" : 1652788086549, - "username" : "ac1cf001-7fbc-1f2f-817f-bce058020006", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "firstName" : "Operator", - "lastName" : "CX Admin", - "email" : "tobeadded@cx.com", - "attributes" : { - "bpn" : [ "BPNL00000003CRHK" ], - "organisation" : [ "CX-Operator" ] - }, - "credentials" : [ ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "federatedIdentities" : [ { - "identityProvider" : "CX-Operator", - "userId" : "656e8a94-188b-4a3e-9eec-b45d8efd8347", - "userName" : "cx-operator@cx.com" - } ], - "realmRoles" : [ "default-roles-catena-x realm" ], - "clientRoles" : { - "Cl2-CX-Portal" : [ "CX Admin" ] - }, - "notBefore" : 0, - "groups" : [ ] - }, - { - "id": "e69c1397-eee8-434a-b83b-dc7944bb9bdd", - "createdTimestamp": 1651730911692, - "username": "service-account-sa-cl1-reg-2", + "id": "502dabcf-01c7-47d9-a88e-0be4279097b5", + "createdTimestamp": 1652788086549, + "username": "ac1cf001-7fbc-1f2f-817f-bce058020006", "enabled": true, "totp": false, "emailVerified": false, - "serviceAccountClientId": "sa-cl1-reg-2", + "firstName": "Operator", + "lastName": "CX Admin", + "email": "tobeadded@cx.com", "attributes": { "bpn": [ "BPNL00000003CRHK" + ], + "organisation": [ + "CX-Operator" ] }, + "credentials": [], "disableableCredentialTypes": [], "requiredActions": [], + "federatedIdentities": [ + { + "identityProvider": "CX-Operator", + "userId": "656e8a94-188b-4a3e-9eec-b45d8efd8347", + "userName": "cx-operator@cx.com" + } + ], "realmRoles": [ "default-roles-catena-x realm" ], "clientRoles": { - "realm-management": [ - "manage-users", - "manage-identity-providers", - "manage-clients" + "Cl2-CX-Portal": [ + "CX Admin" ] }, "notBefore": 0, "groups": [] }, { - "id": "f0c69a64-dfbe-46e4-92db-75f6f4670909", - "createdTimestamp": 1676572155414, - "username": "service-account-sa-cl2-01", + "id": "7ecdff41-2b48-47ca-a3ed-cc244c4366e5", + "createdTimestamp": 1721628499219, + "username": "service-account-sa-cl16-cx-1", "enabled": true, "totp": false, "emailVerified": false, - "serviceAccountClientId": "sa-cl2-01", + "serviceAccountClientId": "sa-cl16-cx-1", "attributes": { - "bpn": [ + "BPN": [ "BPNL00000003CRHK" ] }, + "credentials": [], "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ "default-roles-catena-x realm" ], "clientRoles": { - "Cl2-CX-Portal": [ - "update_application_checklist_value" + "technical_roles_management": [ + "BPDM Gate Input Manager" ] }, "notBefore": 0, "groups": [] }, { - "id": "18c3a6b3-ecfe-4572-bbb4-af0c1823f206", - "createdTimestamp": 1676572207640, - "username": "service-account-sa-cl2-02", + "id": "403027b3-4937-4e66-b73b-49972fe395ee", + "createdTimestamp": 1721632038250, + "username": "service-account-sa-cl16-cx-2", "enabled": true, "totp": false, "emailVerified": false, - "serviceAccountClientId": "sa-cl2-02", + "serviceAccountClientId": "sa-cl16-cx-2", "attributes": { - "bpn": [ + "BPN": [ "BPNL00000003CRHK" ] }, + "credentials": [], "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ "default-roles-catena-x realm" ], "clientRoles": { - "Cl2-CX-Portal": [ - "submit_connector_sd", - "update_application_checklist_value" + "technical_roles_management": [ + "BPDM Gate Input Consumer" ] }, "notBefore": 0, "groups": [] }, { - "id": "a0bbb8fa-cc40-44e3-828d-342e782fd284", - "createdTimestamp": 1681380138448, - "username": "service-account-sa-cl2-03", + "id": "0f6727cf-5cd2-40e6-8485-1167243c3561", + "createdTimestamp": 1721632134896, + "username": "service-account-sa-cl16-cx-3", "enabled": true, "totp": false, "emailVerified": false, - "serviceAccountClientId": "sa-cl2-03", + "serviceAccountClientId": "sa-cl16-cx-3", "attributes": { - "bpn": [ + "BPN": [ "BPNL00000003CRHK" ] }, + "credentials": [], "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ "default-roles-catena-x realm" ], + "clientRoles": { + "technical_roles_management": [ + "BPDM Gate Output Consumer" + ] + }, "notBefore": 0, "groups": [] }, { - "id": "b2c10c26-2bd6-4181-bb79-b88aa4b250e7", - "createdTimestamp": 1712762229098, - "username": "service-account-sa-cl2-04", + "id": "e69c1397-eee8-434a-b83b-dc7944bb9bdd", + "createdTimestamp": 1651730911692, + "username": "service-account-sa-cl1-reg-2", "enabled": true, "totp": false, "emailVerified": false, - "serviceAccountClientId": "sa-cl2-04", + "serviceAccountClientId": "sa-cl1-reg-2", "attributes": { "bpn": [ "BPNL00000003CRHK" ] }, + "credentials": [], "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ "default-roles-catena-x realm" ], "clientRoles": { - "Cl24-CX-SSI-CredentialIssuer": [ - "request_ssicredential", - "revoke_credential", - "revoke_credentials_issuer", - "view_use_case_participation", - "view_certificates", - "decision_ssicredential" + "realm-management": [ + "manage-users", + "manage-identity-providers", + "manage-clients" ] }, "notBefore": 0, "groups": [] }, { - "id": "a548bfdc-232e-4cd7-8a66-2eab09e1b302", - "createdTimestamp": 1712764151096, - "username": "service-account-sa-cl2-05", + "id": "f0c69a64-dfbe-46e4-92db-75f6f4670909", + "createdTimestamp": 1676572155414, + "username": "service-account-sa-cl2-01", "enabled": true, "totp": false, "emailVerified": false, - "serviceAccountClientId": "sa-cl2-05", + "serviceAccountClientId": "sa-cl2-01", "attributes": { "bpn": [ "BPNL00000003CRHK" ] }, + "credentials": [], "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ @@ -2801,18 +2962,127 @@ ], "clientRoles": { "Cl2-CX-Portal": [ - "store_didDocument" + "update_application_checklist_value" ] }, "notBefore": 0, "groups": [] }, { - "id": "319d6b7f-bd88-4103-8124-e8ac4c791acf", - "createdTimestamp": 1681915810810, - "username": "service-account-sa-cl21-01", - "enabled": true, - "totp": false, + "id": "18c3a6b3-ecfe-4572-bbb4-af0c1823f206", + "createdTimestamp": 1676572207640, + "username": "service-account-sa-cl2-02", + "enabled": true, + "totp": false, + "emailVerified": false, + "serviceAccountClientId": "sa-cl2-02", + "attributes": { + "bpn": [ + "BPNL00000003CRHK" + ] + }, + "credentials": [], + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": [ + "default-roles-catena-x realm" + ], + "clientRoles": { + "Cl2-CX-Portal": [ + "submit_connector_sd", + "update_application_checklist_value" + ] + }, + "notBefore": 0, + "groups": [] + }, + { + "id": "a0bbb8fa-cc40-44e3-828d-342e782fd284", + "createdTimestamp": 1681380138448, + "username": "service-account-sa-cl2-03", + "enabled": true, + "totp": false, + "emailVerified": false, + "serviceAccountClientId": "sa-cl2-03", + "attributes": { + "bpn": [ + "BPNL00000003CRHK" + ] + }, + "credentials": [], + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": [ + "default-roles-catena-x realm" + ], + "notBefore": 0, + "groups": [] + }, + { + "id": "b2c10c26-2bd6-4181-bb79-b88aa4b250e7", + "createdTimestamp": 1712762229098, + "username": "service-account-sa-cl2-04", + "enabled": true, + "totp": false, + "emailVerified": false, + "serviceAccountClientId": "sa-cl2-04", + "attributes": { + "bpn": [ + "BPNL00000003CRHK" + ] + }, + "credentials": [], + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": [ + "default-roles-catena-x realm" + ], + "clientRoles": { + "Cl24-CX-SSI-CredentialIssuer": [ + "request_ssicredential", + "revoke_credential", + "revoke_credentials_issuer", + "view_use_case_participation", + "view_certificates", + "decision_ssicredential" + ] + }, + "notBefore": 0, + "groups": [] + }, + { + "id": "a548bfdc-232e-4cd7-8a66-2eab09e1b302", + "createdTimestamp": 1712764151096, + "username": "service-account-sa-cl2-05", + "enabled": true, + "totp": false, + "emailVerified": false, + "serviceAccountClientId": "sa-cl2-05", + "attributes": { + "bpn": [ + "BPNL00000003CRHK" + ] + }, + "credentials": [], + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": [ + "default-roles-catena-x realm" + ], + "clientRoles": { + "Cl2-CX-Portal": [ + "store_didDocument" + ] + }, + "notBefore": 0, + "groups": [] + }, + { + "id": "319d6b7f-bd88-4103-8124-e8ac4c791acf", + "createdTimestamp": 1681915810810, + "username": "service-account-sa-cl21-01", + "enabled": true, + "totp": false, "emailVerified": false, "serviceAccountClientId": "sa-cl21-01", "attributes": { @@ -2820,6 +3090,7 @@ "BPNL00000003CRHK" ] }, + "credentials": [], "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ @@ -2848,6 +3119,7 @@ "BPNL00000003CRHK" ] }, + "credentials": [], "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ @@ -2876,6 +3148,7 @@ "BPNL00000003CRHK" ] }, + "credentials": [], "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ @@ -2892,6 +3165,73 @@ "notBefore": 0, "groups": [] }, + { + "id": "50b6882d-b2be-4f8a-bb63-4f3e3b82859f", + "createdTimestamp": 1721632588593, + "username": "service-account-sa-cl25-cx-1", + "enabled": true, + "totp": false, + "emailVerified": false, + "serviceAccountClientId": "sa-cl25-cx-1", + "credentials": [], + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": [ + "default-roles-catena-x realm" + ], + "clientRoles": { + "technical_roles_management": [ + "BPDM Orchestrator Task Creator" + ] + }, + "notBefore": 0, + "groups": [] + }, + { + "id": "8048b81c-d46a-4cb5-ba12-d6ec30d4adba", + "createdTimestamp": 1721632683072, + "username": "service-account-sa-cl25-cx-2", + "enabled": true, + "totp": false, + "emailVerified": false, + "serviceAccountClientId": "sa-cl25-cx-2", + "credentials": [], + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": [ + "default-roles-catena-x realm" + ], + "clientRoles": { + "technical_roles_management": [ + "BPDM Orchestrator Processor PoolSync" + ] + }, + "notBefore": 0, + "groups": [] + }, + { + "id": "cb096c7f-9c8d-42c9-8345-99556cdc845f", + "createdTimestamp": 1721632773294, + "username": "service-account-sa-cl25-cx-3", + "enabled": true, + "totp": false, + "emailVerified": false, + "serviceAccountClientId": "sa-cl25-cx-3", + "credentials": [], + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": [ + "default-roles-catena-x realm" + ], + "clientRoles": { + "technical_roles_management": [ + "BPDM Orchestrator Processor Cleaning", + "BPDM Orchestrator Processor CleanAndSync" + ] + }, + "notBefore": 0, + "groups": [] + }, { "id": "965ae857-1e91-4e0b-bdb5-4efd1fc7ea9c", "createdTimestamp": 1658347753956, @@ -2905,6 +3245,7 @@ "BPNL00000003CRHK" ] }, + "credentials": [], "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ @@ -2936,6 +3277,7 @@ "BPNL00000003CRHK" ] }, + "credentials": [], "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ @@ -2956,6 +3298,55 @@ "notBefore": 0, "groups": [] }, + { + "id": "2e3aed14-df71-440b-bf22-e7cc9a0b317f", + "createdTimestamp": 1721628198415, + "username": "service-account-sa-cl7-cx-1", + "enabled": true, + "totp": false, + "emailVerified": false, + "serviceAccountClientId": "sa-cl7-cx-1", + "attributes": { + "BPN": [ + "BPNL00000003CRHK" + ] + }, + "credentials": [], + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": [ + "default-roles-catena-x realm" + ], + "clientRoles": { + "technical_roles_management": [ + "BPDM Pool Consumer" + ] + }, + "notBefore": 0, + "groups": [] + }, + { + "id": "71023310-1b5c-413b-9e91-a18cffb09423", + "createdTimestamp": 1721631672834, + "username": "service-account-sa-cl7-cx-2", + "enabled": true, + "totp": false, + "emailVerified": false, + "serviceAccountClientId": "sa-cl7-cx-2", + "credentials": [], + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": [ + "default-roles-catena-x realm" + ], + "clientRoles": { + "technical_roles_management": [ + "BPDM Pool Member Consumer" + ] + }, + "notBefore": 0, + "groups": [] + }, { "id": "f014ed5d-9e05-4f29-a5c0-227c7e7b479e", "createdTimestamp": 1670157703230, @@ -2969,6 +3360,7 @@ "BPNL00000003CRHK" ] }, + "credentials": [], "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ @@ -2976,8 +3368,9 @@ ], "clientRoles": { "technical_roles_management": [ - "BPDM Sharing Admin", - "BPDM Pool Admin" + "BPDM Pool Member Consumer", + "BPDM Gate Admin", + "BPDM Pool Consumer" ] }, "notBefore": 0, @@ -2996,6 +3389,7 @@ "BPNL00000003CRHK" ] }, + "credentials": [], "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ @@ -3061,8 +3455,7 @@ { "client": "sa-cl7-cx-5", "roles": [ - "BPDM Pool Admin", - "BPDM Sharing Admin" + "BPDM Pool Admin" ] } ], @@ -3786,6 +4179,58 @@ "publicClient": true, "frontchannelLogout": true, "protocol": "openid-connect", + "attributes": { + "oidc.ciba.grant.enabled": "false", + "post.logout.redirect.uris": "+", + "oauth2.device.authorization.grant.enabled": "false", + "backchannel.logout.session.required": "true", + "backchannel.logout.revoke.offline.tokens": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "defaultClientScopes": [ + "web-origins", + "acr", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "632271be-e00c-47c2-b2e9-4b12d75c8c5b", + "clientId": "Cl-25-CX-BPDM-Orchestrator", + "name": "BPDM Orchestrator", + "description": "Client for connecting to the BPDM Orchestrator component", + "rootUrl": "", + "adminUrl": "", + "baseUrl": "", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "/*" + ], + "webOrigins": [ + "/*" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": true, + "protocol": "openid-connect", "attributes": { "oidc.ciba.grant.enabled": "false", "oauth2.device.authorization.grant.enabled": "false", @@ -4216,18 +4661,24 @@ ] }, { - "id": "cdf11dff-530a-4fd4-97b9-84e4d60ac21e", - "clientId": "sa-cl1-reg-2", - "description": "Technical User for Portal-Backend to call Keycloak (portal helm chart: backend.keycloak.central.clientId)", + "id": "820e3d9b-808c-47ab-802d-3c5ffbdf4a82", + "clientId": "sa-cl16-cx-1", + "name": "BPDM EDC Portal Gate Input Manager", + "description": "User for the BPDM provider EDC to give Input Manager access to the Portal Gate over the 'FullAccessGateInputForSharingMember' offer", + "rootUrl": "", + "adminUrl": "", + "baseUrl": "", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "secret": "**********", "redirectUris": [ - "*" + "/*" + ], + "webOrigins": [ + "/*" ], - "webOrigins": [], "notBefore": 0, "bearerOnly": false, "consentRequired": false, @@ -4236,62 +4687,44 @@ "directAccessGrantsEnabled": false, "serviceAccountsEnabled": true, "publicClient": false, - "frontchannelLogout": false, + "frontchannelLogout": true, "protocol": "openid-connect", "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "post.logout.redirect.uris": "+", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", + "client.secret.creation.time": "1721628499", "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "require.pushed.authorization.requests": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", + "oauth2.device.authorization.grant.enabled": "false", "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" + "backchannel.logout.revoke.offline.tokens": "false" }, "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, + "fullScopeAllowed": true, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { - "id": "479039e1-718d-48d1-a2e1-a818c5cb8832", - "name": "BPN", + "id": "d533ffa8-6f47-4512-b5cb-8e1e92d57b16", + "name": "Client IP Address", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { + "user.session.note": "clientAddress", "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "bpn", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "bpn", + "claim.name": "clientAddress", "jsonType.label": "String" } }, { - "id": "7ef011ab-1e39-4d57-9f23-3b389394b57f", + "id": "231c2392-9c42-45c6-af42-ea08dd2f089f", "name": "Client Host", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "clientHost", - "userinfo.token.claim": "true", + "introspection.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "clientHost", @@ -4299,38 +4732,24 @@ } }, { - "id": "dcd989ce-2636-4d01-ba95-0fa20e02383f", + "id": "1b1f7fa9-ee1a-4aa3-bc12-8ced1b21b921", "name": "Client ID", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "client_id", - "userinfo.token.claim": "true", + "introspection.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "client_id", "jsonType.label": "String" } - }, - { - "id": "9d83df9b-abf7-4504-aac4-e7966f8a877c", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } } ], "defaultClientScopes": [ "web-origins", + "acr", "roles", "profile", "email" @@ -4343,16 +4762,24 @@ ] }, { - "id": "6bf6f4e5-562c-4382-945f-e5fef59423e2", - "clientId": "sa-cl2-01", - "description": "Technical User Clearinghouse update application", + "id": "f5fdfe5f-e589-4cc1-bdb8-b32adac426dd", + "clientId": "sa-cl16-cx-2", + "name": "BPDM EDC Portal Gate Input Consumer", + "description": "User for the BPDM provider EDC to give input consumer access to the Portal Gate over the 'ReadAccessGateInputForSharingMember' offer", + "rootUrl": "", + "adminUrl": "", + "baseUrl": "", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "secret": "**********", - "redirectUris": [], - "webOrigins": [], + "redirectUris": [ + "/*" + ], + "webOrigins": [ + "/*" + ], "notBefore": 0, "bearerOnly": false, "consentRequired": false, @@ -4361,62 +4788,28 @@ "directAccessGrantsEnabled": false, "serviceAccountsEnabled": true, "publicClient": false, - "frontchannelLogout": false, + "frontchannelLogout": true, "protocol": "openid-connect", "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "post.logout.redirect.uris": "+", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", + "oauth2.device.authorization.grant.enabled": "false", + "client.secret.creation.time": "1721632038", "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" + "backchannel.logout.revoke.offline.tokens": "false" }, "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, + "fullScopeAllowed": true, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { - "id": "1acda193-a63f-4ec1-aa17-3e15d2b7c3ae", - "name": "BPN", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "bpn", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "bpn", - "jsonType.label": "String" - } - }, - { - "id": "9a62e6ee-4e3c-4cb9-81b7-53e8dfbdd210", + "id": "cbfcaad7-1fb9-418a-9103-9018b5f11fa7", "name": "Client IP Address", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "clientAddress", - "userinfo.token.claim": "true", + "introspection.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "clientAddress", @@ -4424,14 +4817,14 @@ } }, { - "id": "b0d195d1-f5be-4249-ac88-133fcf138f4d", + "id": "d90d8e84-df62-425a-80e3-675a4249d9eb", "name": "Client ID", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "client_id", - "userinfo.token.claim": "true", + "introspection.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "client_id", @@ -4439,14 +4832,14 @@ } }, { - "id": "6920d343-be3f-4e3b-9330-841521ff4a2c", + "id": "2524dbde-d083-4453-a863-12eeda163b07", "name": "Client Host", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "clientHost", - "userinfo.token.claim": "true", + "introspection.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "clientHost", @@ -4456,6 +4849,7 @@ ], "defaultClientScopes": [ "web-origins", + "acr", "roles", "profile", "email" @@ -4468,16 +4862,24 @@ ] }, { - "id": "2d19b59b-4970-4cc0-a561-a9dac9d49045", - "clientId": "sa-cl2-02", - "description": "Technical User SelfDescription (SD) update application", + "id": "aa9dfd65-f731-43b1-a054-4b5b957b3212", + "clientId": "sa-cl16-cx-3", + "name": "BPDM EDC Portal Gate Output Consumer", + "description": "User for the BPDM provider EDC to give output consumer access to the Portal Gate over the 'ReadAccessGateOutputForSharingMember' offer.", + "rootUrl": "", + "adminUrl": "", + "baseUrl": "", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "secret": "**********", - "redirectUris": [], - "webOrigins": [], + "redirectUris": [ + "/*" + ], + "webOrigins": [ + "/*" + ], "notBefore": 0, "bearerOnly": false, "consentRequired": false, @@ -4486,61 +4888,28 @@ "directAccessGrantsEnabled": false, "serviceAccountsEnabled": true, "publicClient": false, - "frontchannelLogout": false, + "frontchannelLogout": true, "protocol": "openid-connect", "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "post.logout.redirect.uris": "+", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", + "oauth2.device.authorization.grant.enabled": "false", + "client.secret.creation.time": "1721632134", "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "require.pushed.authorization.requests": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" + "backchannel.logout.revoke.offline.tokens": "false" }, "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, + "fullScopeAllowed": true, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { - "id": "89fa847a-3f52-4ea3-a09b-5f3552cabccd", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "6c3d92dd-e8db-4ecd-a819-bd2d64f73f6c", + "id": "80565fff-1a36-4934-a98a-b92ea32a6f91", "name": "Client ID", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "client_id", - "userinfo.token.claim": "true", + "introspection.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "client_id", @@ -4548,39 +4917,39 @@ } }, { - "id": "c57a542f-40fa-401a-9329-ec501da2f8e1", - "name": "BPN", + "id": "2b09160d-0df7-4b03-ba4f-407ffae3f3e4", + "name": "Client Host", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { + "user.session.note": "clientHost", "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "bpn", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "bpn", + "claim.name": "clientHost", "jsonType.label": "String" } }, { - "id": "25202b04-d387-45ae-a285-a40d4eaa5b8c", - "name": "Client Host", + "id": "fa87453c-b36c-4ed6-a99f-d54b12a6cbcd", + "name": "Client IP Address", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", + "user.session.note": "clientAddress", + "introspection.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientHost", + "claim.name": "clientAddress", "jsonType.label": "String" } } ], "defaultClientScopes": [ "web-origins", + "acr", "roles", "profile", "email" @@ -4593,15 +4962,17 @@ ] }, { - "id": "cad1382b-0dd4-4ac7-8183-1c08386c84e8", - "clientId": "sa-cl2-03", - "description": "Technical User AutoSetup trigger - Portal to Vendor Autosetup (portal helm chart: backend.processesworker.offerprovider.clientId)", + "id": "cdf11dff-530a-4fd4-97b9-84e4d60ac21e", + "clientId": "sa-cl1-reg-2", + "description": "Technical User for Portal-Backend to call Keycloak (portal helm chart: backend.keycloak.central.clientId)", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "secret": "**********", - "redirectUris": [], + "redirectUris": [ + "*" + ], "webOrigins": [], "notBefore": 0, "bearerOnly": false, @@ -4631,8 +5002,8 @@ "backchannel.logout.session.required": "true", "client_credentials.use_refresh_token": "false", "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", "saml.client.signature": "false", + "require.pushed.authorization.requests": "false", "tls.client.certificate.bound.access.tokens": "false", "saml.authnstatement": "false", "display.on.consent.screen": "false", @@ -4643,38 +5014,38 @@ "nodeReRegistrationTimeout": -1, "protocolMappers": [ { - "id": "f57ed439-7c35-4a6c-a097-aa750249c442", - "name": "Client IP Address", + "id": "479039e1-718d-48d1-a2e1-a818c5cb8832", + "name": "BPN", "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "user.session.note": "clientAddress", + "introspection.token.claim": "true", "userinfo.token.claim": "true", + "user.attribute": "bpn", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientAddress", + "claim.name": "bpn", "jsonType.label": "String" } }, { - "id": "7866847b-250a-45ac-979f-741f04330aa4", - "name": "BPN", + "id": "7ef011ab-1e39-4d57-9f23-3b389394b57f", + "name": "Client Host", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "introspection.token.claim": "true", + "user.session.note": "clientHost", "userinfo.token.claim": "true", - "user.attribute": "bpn", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "bpn", + "claim.name": "clientHost", "jsonType.label": "String" } }, { - "id": "ea42e697-8fa8-4359-b342-715683a67a15", + "id": "dcd989ce-2636-4d01-ba95-0fa20e02383f", "name": "Client ID", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", @@ -4689,17 +5060,17 @@ } }, { - "id": "743f3d13-5eb1-4fd7-a092-019c052f5db0", - "name": "Client Host", + "id": "9d83df9b-abf7-4504-aac4-e7966f8a877c", + "name": "Client IP Address", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "clientHost", + "user.session.note": "clientAddress", "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientHost", + "claim.name": "clientAddress", "jsonType.label": "String" } } @@ -4718,24 +5089,16 @@ ] }, { - "id": "aa736d92-8ab7-428a-b9f8-d7ef1c02a36a", - "clientId": "sa-cl2-04", - "name": "", - "description": "Technical User SSI Credential Issuer - Portal to SSI Credential Issuer (portal helm chart: backend.processesworker.issuerComponent.clientId)", - "rootUrl": "", - "adminUrl": "", - "baseUrl": "", - "surrogateAuthRequired": false, + "id": "6bf6f4e5-562c-4382-945f-e5fef59423e2", + "clientId": "sa-cl2-01", + "description": "Technical User Clearinghouse update application", + "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "secret": "**********", - "redirectUris": [ - "/*" - ], - "webOrigins": [ - "/*" - ], + "redirectUris": [], + "webOrigins": [], "notBefore": 0, "bearerOnly": false, "consentRequired": false, @@ -4744,85 +5107,101 @@ "directAccessGrantsEnabled": false, "serviceAccountsEnabled": true, "publicClient": false, - "frontchannelLogout": true, + "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "id.token.as.detached.signature": "false", + "saml.assertion.signature": "false", + "saml.force.post.binding": "false", + "saml.multivalued.roles": "false", + "saml.encrypt": "false", + "post.logout.redirect.uris": "+", + "oauth2.device.authorization.grant.enabled": "false", + "backchannel.logout.revoke.offline.tokens": "false", + "saml.server.signature": "false", + "saml.server.signature.keyinfo.ext": "false", + "use.refresh.tokens": "true", + "exclude.session.state.from.auth.response": "false", "oidc.ciba.grant.enabled": "false", - "client.secret.creation.time": "1712762229", + "saml.artifact.binding": "false", "backchannel.logout.session.required": "true", + "client_credentials.use_refresh_token": "false", + "saml_force_name_id_format": "false", + "require.pushed.authorization.requests": "false", + "saml.client.signature": "false", + "tls.client.certificate.bound.access.tokens": "false", + "saml.authnstatement": "false", "display.on.consent.screen": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false" + "saml.onetimeuse.condition": "false" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { - "id": "d33b18c2-4848-4883-a2bc-1a24a689b658", - "name": "Client IP Address", + "id": "1acda193-a63f-4ec1-aa17-3e15d2b7c3ae", + "name": "BPN", "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "user.session.note": "clientAddress", "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "bpn", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientAddress", + "claim.name": "bpn", "jsonType.label": "String" } }, { - "id": "53adca2a-f30d-46d8-b39e-11b1102641f2", - "name": "Client ID", + "id": "9a62e6ee-4e3c-4cb9-81b7-53e8dfbdd210", + "name": "Client IP Address", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "client_id", - "introspection.token.claim": "true", + "user.session.note": "clientAddress", + "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "client_id", + "claim.name": "clientAddress", "jsonType.label": "String" } }, { - "id": "fbaf8306-4b29-45bc-9175-dfc496d9ccd5", - "name": "Client Host", + "id": "b0d195d1-f5be-4249-ac88-133fcf138f4d", + "name": "Client ID", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "clientHost", - "introspection.token.claim": "true", + "user.session.note": "client_id", + "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientHost", + "claim.name": "client_id", "jsonType.label": "String" } }, { - "id": "7d509f6d-4526-4aeb-b3b7-1885f0d1e66d", - "name": "BPN", + "id": "6920d343-be3f-4e3b-9330-841521ff4a2c", + "name": "Client Host", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "introspection.token.claim": "true", + "user.session.note": "clientHost", "userinfo.token.claim": "true", - "user.attribute": "bpn", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "bpn", + "claim.name": "clientHost", "jsonType.label": "String" } } ], "defaultClientScopes": [ "web-origins", - "acr", "roles", "profile", "email" @@ -4835,24 +5214,16 @@ ] }, { - "id": "04b94188-8879-4358-b9c0-1337d761dfb1", - "clientId": "sa-cl2-05", - "name": "", - "description": "Technical User Dim Layer - Dim Layer to Portal (dim helm chart: processesworker.callback.clientId)", - "rootUrl": "", - "adminUrl": "", - "baseUrl": "", + "id": "2d19b59b-4970-4cc0-a561-a9dac9d49045", + "clientId": "sa-cl2-02", + "description": "Technical User SelfDescription (SD) update application", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "secret": "**********", - "redirectUris": [ - "/*" - ], - "webOrigins": [ - "/*" - ], + "redirectUris": [], + "webOrigins": [], "notBefore": 0, "bearerOnly": false, "consentRequired": false, @@ -4861,51 +5232,69 @@ "directAccessGrantsEnabled": false, "serviceAccountsEnabled": true, "publicClient": false, - "frontchannelLogout": true, + "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { - "oidc.ciba.grant.enabled": "false", + "id.token.as.detached.signature": "false", + "saml.assertion.signature": "false", + "saml.force.post.binding": "false", + "saml.multivalued.roles": "false", + "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", - "client.secret.creation.time": "1712764151", + "backchannel.logout.revoke.offline.tokens": "false", + "saml.server.signature": "false", + "saml.server.signature.keyinfo.ext": "false", + "use.refresh.tokens": "true", + "exclude.session.state.from.auth.response": "false", + "oidc.ciba.grant.enabled": "false", + "saml.artifact.binding": "false", "backchannel.logout.session.required": "true", - "backchannel.logout.revoke.offline.tokens": "false" + "client_credentials.use_refresh_token": "false", + "saml_force_name_id_format": "false", + "saml.client.signature": "false", + "require.pushed.authorization.requests": "false", + "tls.client.certificate.bound.access.tokens": "false", + "saml.authnstatement": "false", + "display.on.consent.screen": "false", + "saml.onetimeuse.condition": "false" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { - "id": "519ad98b-ae9d-461e-8fb1-982d77515c2c", - "name": "Client Host", + "id": "89fa847a-3f52-4ea3-a09b-5f3552cabccd", + "name": "Client IP Address", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "clientHost", - "introspection.token.claim": "true", + "user.session.note": "clientAddress", + "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientHost", + "claim.name": "clientAddress", "jsonType.label": "String" } }, { - "id": "5e256bb8-1ffa-42b8-b2fb-41a1e015f732", - "name": "Client IP Address", + "id": "6c3d92dd-e8db-4ecd-a819-bd2d64f73f6c", + "name": "Client ID", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "clientAddress", - "introspection.token.claim": "true", + "user.session.note": "client_id", + "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientAddress", + "claim.name": "client_id", "jsonType.label": "String" } }, { - "id": "c03ffe07-024e-45c6-96d0-568a40939f20", + "id": "c57a542f-40fa-401a-9329-ec501da2f8e1", "name": "BPN", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", @@ -4921,24 +5310,23 @@ } }, { - "id": "1b16d7c2-8ae2-4899-9c9c-f77e89e1fd18", - "name": "Client ID", + "id": "25202b04-d387-45ae-a285-a40d4eaa5b8c", + "name": "Client Host", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "client_id", - "introspection.token.claim": "true", + "user.session.note": "clientHost", + "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "client_id", + "claim.name": "clientHost", "jsonType.label": "String" } } ], "defaultClientScopes": [ "web-origins", - "acr", "roles", "profile", "email" @@ -4951,9 +5339,9 @@ ] }, { - "id": "b09392dd-8b0f-4a32-bb0b-d00a4091b890", - "clientId": "sa-cl21-01", - "description": "Technical User Discovery Finder", + "id": "cad1382b-0dd4-4ac7-8183-1c08386c84e8", + "clientId": "sa-cl2-03", + "description": "Technical User AutoSetup trigger - Portal to Vendor Autosetup (portal helm chart: backend.processesworker.offerprovider.clientId)", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, @@ -4972,10 +5360,10 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { - "saml.assertion.signature": "false", "id.token.as.detached.signature": "false", - "saml.multivalued.roles": "false", + "saml.assertion.signature": "false", "saml.force.post.binding": "false", + "saml.multivalued.roles": "false", "saml.encrypt": "false", "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", @@ -4989,9 +5377,9 @@ "backchannel.logout.session.required": "true", "client_credentials.use_refresh_token": "false", "saml_force_name_id_format": "false", + "require.pushed.authorization.requests": "false", "saml.client.signature": "false", "tls.client.certificate.bound.access.tokens": "false", - "require.pushed.authorization.requests": "false", "saml.authnstatement": "false", "display.on.consent.screen": "false", "saml.onetimeuse.condition": "false" @@ -5001,52 +5389,53 @@ "nodeReRegistrationTimeout": -1, "protocolMappers": [ { - "id": "f61880f7-a1d1-47cf-a3eb-906fa83aabda", - "name": "Client ID", + "id": "f57ed439-7c35-4a6c-a097-aa750249c442", + "name": "Client IP Address", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "client_id", + "user.session.note": "clientAddress", "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "client_id", + "claim.name": "clientAddress", "jsonType.label": "String" } }, { - "id": "3c2deac0-fd68-4c39-933c-27123ff073f9", - "name": "Client IP Address", + "id": "7866847b-250a-45ac-979f-741f04330aa4", + "name": "BPN", "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "user.session.note": "clientAddress", + "introspection.token.claim": "true", "userinfo.token.claim": "true", + "user.attribute": "bpn", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientAddress", + "claim.name": "bpn", "jsonType.label": "String" } }, { - "id": "8f318235-669e-4236-b8ea-f596b802f672", - "name": "BPN", + "id": "ea42e697-8fa8-4359-b342-715683a67a15", + "name": "Client ID", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { + "user.session.note": "client_id", "userinfo.token.claim": "true", - "user.attribute": "bpn", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "bpn", + "claim.name": "client_id", "jsonType.label": "String" } }, { - "id": "b74416e5-2376-4f8e-a49b-8a03a053454a", + "id": "743f3d13-5eb1-4fd7-a092-019c052f5db0", "name": "Client Host", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", @@ -5075,16 +5464,24 @@ ] }, { - "id": "f1806543-d0ca-41cb-b029-883cdfb11a8e", - "clientId": "sa-cl22-01", - "description": "Technical User BPN Discovery", + "id": "aa736d92-8ab7-428a-b9f8-d7ef1c02a36a", + "clientId": "sa-cl2-04", + "name": "", + "description": "Technical User SSI Credential Issuer - Portal to SSI Credential Issuer (portal helm chart: backend.processesworker.issuerComponent.clientId)", + "rootUrl": "", + "adminUrl": "", + "baseUrl": "", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "secret": "**********", - "redirectUris": [], - "webOrigins": [], + "redirectUris": [ + "/*" + ], + "webOrigins": [ + "/*" + ], "notBefore": 0, "bearerOnly": false, "consentRequired": false, @@ -5093,49 +5490,399 @@ "directAccessGrantsEnabled": false, "serviceAccountsEnabled": true, "publicClient": false, - "frontchannelLogout": false, + "frontchannelLogout": true, "protocol": "openid-connect", "attributes": { - "saml.assertion.signature": "false", - "id.token.as.detached.signature": "false", - "saml.multivalued.roles": "false", - "saml.force.post.binding": "false", - "saml.encrypt": "false", - "post.logout.redirect.uris": "+", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", + "client.secret.creation.time": "1712762229", "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "require.pushed.authorization.requests": "false", - "saml.authnstatement": "false", + "post.logout.redirect.uris": "+", "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" + "oauth2.device.authorization.grant.enabled": "false", + "backchannel.logout.revoke.offline.tokens": "false" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { - "id": "09824b45-f47e-4213-90d5-7aec6a078314", - "name": "BPN", + "id": "d33b18c2-4848-4883-a2bc-1a24a689b658", + "name": "Client IP Address", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", - "user.attribute": "bpn", + "user.session.note": "clientAddress", + "introspection.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "bpn", + "claim.name": "clientAddress", + "jsonType.label": "String" + } + }, + { + "id": "53adca2a-f30d-46d8-b39e-11b1102641f2", + "name": "Client ID", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "client_id", + "introspection.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "client_id", + "jsonType.label": "String" + } + }, + { + "id": "fbaf8306-4b29-45bc-9175-dfc496d9ccd5", + "name": "Client Host", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientHost", + "introspection.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientHost", + "jsonType.label": "String" + } + }, + { + "id": "7d509f6d-4526-4aeb-b3b7-1885f0d1e66d", + "name": "BPN", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "bpn", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "bpn", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "acr", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "04b94188-8879-4358-b9c0-1337d761dfb1", + "clientId": "sa-cl2-05", + "name": "", + "description": "Technical User Dim Layer - Dim Layer to Portal (dim helm chart: processesworker.callback.clientId)", + "rootUrl": "", + "adminUrl": "", + "baseUrl": "", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "redirectUris": [ + "/*" + ], + "webOrigins": [ + "/*" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": true, + "publicClient": false, + "frontchannelLogout": true, + "protocol": "openid-connect", + "attributes": { + "oidc.ciba.grant.enabled": "false", + "oauth2.device.authorization.grant.enabled": "false", + "client.secret.creation.time": "1712764151", + "backchannel.logout.session.required": "true", + "backchannel.logout.revoke.offline.tokens": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": -1, + "protocolMappers": [ + { + "id": "519ad98b-ae9d-461e-8fb1-982d77515c2c", + "name": "Client Host", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientHost", + "introspection.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientHost", + "jsonType.label": "String" + } + }, + { + "id": "5e256bb8-1ffa-42b8-b2fb-41a1e015f732", + "name": "Client IP Address", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientAddress", + "introspection.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientAddress", + "jsonType.label": "String" + } + }, + { + "id": "c03ffe07-024e-45c6-96d0-568a40939f20", + "name": "BPN", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "bpn", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "bpn", + "jsonType.label": "String" + } + }, + { + "id": "1b16d7c2-8ae2-4899-9c9c-f77e89e1fd18", + "name": "Client ID", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "client_id", + "introspection.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "client_id", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "acr", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "b09392dd-8b0f-4a32-bb0b-d00a4091b890", + "clientId": "sa-cl21-01", + "description": "Technical User Discovery Finder", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": true, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "saml.assertion.signature": "false", + "id.token.as.detached.signature": "false", + "saml.multivalued.roles": "false", + "saml.force.post.binding": "false", + "saml.encrypt": "false", + "post.logout.redirect.uris": "+", + "oauth2.device.authorization.grant.enabled": "false", + "backchannel.logout.revoke.offline.tokens": "false", + "saml.server.signature": "false", + "saml.server.signature.keyinfo.ext": "false", + "use.refresh.tokens": "true", + "exclude.session.state.from.auth.response": "false", + "oidc.ciba.grant.enabled": "false", + "saml.artifact.binding": "false", + "backchannel.logout.session.required": "true", + "client_credentials.use_refresh_token": "false", + "saml_force_name_id_format": "false", + "saml.client.signature": "false", + "tls.client.certificate.bound.access.tokens": "false", + "require.pushed.authorization.requests": "false", + "saml.authnstatement": "false", + "display.on.consent.screen": "false", + "saml.onetimeuse.condition": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": -1, + "protocolMappers": [ + { + "id": "f61880f7-a1d1-47cf-a3eb-906fa83aabda", + "name": "Client ID", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "client_id", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "client_id", + "jsonType.label": "String" + } + }, + { + "id": "3c2deac0-fd68-4c39-933c-27123ff073f9", + "name": "Client IP Address", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientAddress", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientAddress", + "jsonType.label": "String" + } + }, + { + "id": "8f318235-669e-4236-b8ea-f596b802f672", + "name": "BPN", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "bpn", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "bpn", + "jsonType.label": "String" + } + }, + { + "id": "b74416e5-2376-4f8e-a49b-8a03a053454a", + "name": "Client Host", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientHost", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientHost", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "f1806543-d0ca-41cb-b029-883cdfb11a8e", + "clientId": "sa-cl22-01", + "description": "Technical User BPN Discovery", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": true, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "saml.assertion.signature": "false", + "id.token.as.detached.signature": "false", + "saml.multivalued.roles": "false", + "saml.force.post.binding": "false", + "saml.encrypt": "false", + "post.logout.redirect.uris": "+", + "oauth2.device.authorization.grant.enabled": "false", + "backchannel.logout.revoke.offline.tokens": "false", + "saml.server.signature": "false", + "saml.server.signature.keyinfo.ext": "false", + "use.refresh.tokens": "true", + "exclude.session.state.from.auth.response": "false", + "oidc.ciba.grant.enabled": "false", + "saml.artifact.binding": "false", + "backchannel.logout.session.required": "true", + "client_credentials.use_refresh_token": "false", + "saml_force_name_id_format": "false", + "saml.client.signature": "false", + "tls.client.certificate.bound.access.tokens": "false", + "require.pushed.authorization.requests": "false", + "saml.authnstatement": "false", + "display.on.consent.screen": "false", + "saml.onetimeuse.condition": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": -1, + "protocolMappers": [ + { + "id": "09824b45-f47e-4213-90d5-7aec6a078314", + "name": "BPN", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "bpn", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "bpn", "jsonType.label": "String" } }, @@ -5155,14 +5902,315 @@ } }, { - "id": "5b4c8ff8-6c2d-4ece-a91d-6d3113688f6e", + "id": "5b4c8ff8-6c2d-4ece-a91d-6d3113688f6e", + "name": "Client Host", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientHost", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientHost", + "jsonType.label": "String" + } + }, + { + "id": "36e185ed-3af8-489d-a94b-a280ae205e03", + "name": "Client IP Address", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientAddress", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientAddress", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "7278c4a3-539b-4ec5-8bdd-ba2eb55c2e83", + "clientId": "sa-cl24-01", + "name": "", + "description": "Technical User for SSI Credential Issuer (credential issuer helm chart: processesworker.portal.clientId)", + "rootUrl": "", + "adminUrl": "", + "baseUrl": "", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "redirectUris": [ + "/*" + ], + "webOrigins": [ + "/*" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": true, + "publicClient": false, + "frontchannelLogout": true, + "protocol": "openid-connect", + "attributes": { + "oidc.ciba.grant.enabled": "false", + "client.secret.creation.time": "1712762671", + "backchannel.logout.session.required": "true", + "display.on.consent.screen": "false", + "oauth2.device.authorization.grant.enabled": "false", + "backchannel.logout.revoke.offline.tokens": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": -1, + "protocolMappers": [ + { + "id": "452b40a8-0662-4039-8f30-c8b0e5e0e0a7", + "name": "Client Host", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientHost", + "introspection.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientHost", + "jsonType.label": "String" + } + }, + { + "id": "eb60d2ec-5147-4cf3-aa57-74399be1cb2a", + "name": "Client IP Address", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientAddress", + "introspection.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientAddress", + "jsonType.label": "String" + } + }, + { + "id": "5c3664df-0b87-4fbd-a8d6-b8cca657d46e", + "name": "Client ID", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "client_id", + "introspection.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "client_id", + "jsonType.label": "String" + } + }, + { + "id": "62fbd871-2e40-4117-bda0-e8ecfae8019e", + "name": "BPN", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "bpn", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "bpn", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "acr", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "1ba856ae-fc97-4728-951e-130d0fb29192", + "clientId": "sa-cl25-cx-1", + "name": "BPDM Portal Gate Task Creator", + "description": "User for the BPDM Portal Gate to create golden record tasks, monitor their progress and save the result.", + "rootUrl": "", + "adminUrl": "", + "baseUrl": "", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "redirectUris": [ + "/*" + ], + "webOrigins": [ + "/*" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": true, + "publicClient": false, + "frontchannelLogout": true, + "protocol": "openid-connect", + "attributes": { + "oidc.ciba.grant.enabled": "false", + "oauth2.device.authorization.grant.enabled": "false", + "client.secret.creation.time": "1721632588", + "backchannel.logout.session.required": "true", + "backchannel.logout.revoke.offline.tokens": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "protocolMappers": [ + { + "id": "3ce9a6ae-edce-4d5b-b6f6-e4b735dd3d4d", + "name": "Client ID", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "client_id", + "introspection.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "client_id", + "jsonType.label": "String" + } + }, + { + "id": "ceb9815a-ac98-45b5-a4a4-8ad63a0673b0", + "name": "Client Host", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientHost", + "introspection.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientHost", + "jsonType.label": "String" + } + }, + { + "id": "4e7c0544-83b1-4bc8-bd32-d51cf910e6f2", + "name": "Client IP Address", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientAddress", + "introspection.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientAddress", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "acr", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "d3ff57b1-4d87-4d2e-950c-20fdc2377a8d", + "clientId": "sa-cl25-cx-2", + "name": "BPDM Pool Task Processor", + "description": "User for the BPDM Pool to process golden record tasks which are in the 'PoolSync' queue", + "rootUrl": "", + "adminUrl": "", + "baseUrl": "", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "redirectUris": [ + "/*" + ], + "webOrigins": [ + "/*" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": true, + "publicClient": false, + "frontchannelLogout": true, + "protocol": "openid-connect", + "attributes": { + "oidc.ciba.grant.enabled": "false", + "oauth2.device.authorization.grant.enabled": "false", + "client.secret.creation.time": "1721632683", + "backchannel.logout.session.required": "true", + "backchannel.logout.revoke.offline.tokens": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "protocolMappers": [ + { + "id": "e9aafd88-c851-44f2-b1b7-845ef2508a27", "name": "Client Host", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "clientHost", - "userinfo.token.claim": "true", + "introspection.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "clientHost", @@ -5170,23 +6218,39 @@ } }, { - "id": "36e185ed-3af8-489d-a94b-a280ae205e03", + "id": "f2a09310-473c-40b2-88db-56883f2a0712", "name": "Client IP Address", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "clientAddress", - "userinfo.token.claim": "true", + "introspection.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "clientAddress", "jsonType.label": "String" } + }, + { + "id": "5d5cc403-d76f-4393-9c7f-bf1de4d3a4a2", + "name": "Client ID", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "client_id", + "introspection.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "client_id", + "jsonType.label": "String" + } } ], "defaultClientScopes": [ "web-origins", + "acr", "roles", "profile", "email" @@ -5199,10 +6263,10 @@ ] }, { - "id": "7278c4a3-539b-4ec5-8bdd-ba2eb55c2e83", - "clientId": "sa-cl24-01", - "name": "", - "description": "Technical User for SSI Credential Issuer (credential issuer helm chart: processesworker.portal.clientId)", + "id": "efec2ea6-09e5-4f69-b0bc-92f5c21e52df", + "clientId": "sa-cl25-cx-3", + "name": "BPDM Cleaning Dummy Task Processor", + "description": "User for the cleaning service dummy to process golden record tasks in the 'Clean' and 'CleanAndSync' queues.", "rootUrl": "", "adminUrl": "", "baseUrl": "", @@ -5229,74 +6293,57 @@ "protocol": "openid-connect", "attributes": { "oidc.ciba.grant.enabled": "false", - "client.secret.creation.time": "1712762671", - "backchannel.logout.session.required": "true", - "display.on.consent.screen": "false", "oauth2.device.authorization.grant.enabled": "false", + "client.secret.creation.time": "1721632773", + "backchannel.logout.session.required": "true", "backchannel.logout.revoke.offline.tokens": "false" }, "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, + "fullScopeAllowed": true, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { - "id": "452b40a8-0662-4039-8f30-c8b0e5e0e0a7", - "name": "Client Host", + "id": "a9e30e15-8511-4e50-96cf-6c8e44f5f248", + "name": "Client ID", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "clientHost", + "user.session.note": "client_id", "introspection.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientHost", + "claim.name": "client_id", "jsonType.label": "String" } }, { - "id": "eb60d2ec-5147-4cf3-aa57-74399be1cb2a", - "name": "Client IP Address", + "id": "76e221a2-3f0e-4fb1-b58e-89e1c6f1b8e4", + "name": "Client Host", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "clientAddress", + "user.session.note": "clientHost", "introspection.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientAddress", + "claim.name": "clientHost", "jsonType.label": "String" } }, { - "id": "5c3664df-0b87-4fbd-a8d6-b8cca657d46e", - "name": "Client ID", + "id": "7684c47b-299b-4bc6-a042-a5dbbff18bc6", + "name": "Client IP Address", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "client_id", - "introspection.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "client_id", - "jsonType.label": "String" - } - }, - { - "id": "62fbd871-2e40-4117-bda0-e8ecfae8019e", - "name": "BPN", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { + "user.session.note": "clientAddress", "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "bpn", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "bpn", + "claim.name": "clientAddress", "jsonType.label": "String" } } @@ -5565,9 +6612,212 @@ "microprofile-jwt" ] }, + { + "id": "2ab47910-b85a-43d4-bb8f-02bd46aa6976", + "clientId": "sa-cl7-cx-1", + "name": "BPDM Portal Gate Pool User", + "description": "User for the BPDM Portal Gate to fetch latest golden record information from the Pool.", + "rootUrl": "", + "adminUrl": "", + "baseUrl": "", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "redirectUris": [ + "/*" + ], + "webOrigins": [ + "/*" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": true, + "publicClient": false, + "frontchannelLogout": true, + "protocol": "openid-connect", + "attributes": { + "oidc.ciba.grant.enabled": "false", + "client.secret.creation.time": "1721628198", + "backchannel.logout.session.required": "true", + "oauth2.device.authorization.grant.enabled": "false", + "display.on.consent.screen": "false", + "backchannel.logout.revoke.offline.tokens": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "protocolMappers": [ + { + "id": "a453f008-d010-448b-abee-4d93d20642ee", + "name": "Client IP Address", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientAddress", + "introspection.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientAddress", + "jsonType.label": "String" + } + }, + { + "id": "8580d7ab-b385-4666-b144-fdc45720ad59", + "name": "Client ID", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "client_id", + "introspection.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "client_id", + "jsonType.label": "String" + } + }, + { + "id": "cb0ebfbb-ec41-4926-9510-390f688ffc42", + "name": "Client Host", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientHost", + "introspection.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientHost", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "acr", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "9518a328-8c5b-455e-9a00-e30f8776525c", + "clientId": "sa-cl7-cx-2", + "name": "BPDM EDC Pool Member Consumer", + "description": "User for the BPDM provider EDC to access the Pool over the 'FullAccessGateInputForSharingMember' offer.", + "rootUrl": "", + "adminUrl": "", + "baseUrl": "", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "redirectUris": [ + "/*" + ], + "webOrigins": [ + "/*" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": true, + "publicClient": false, + "frontchannelLogout": true, + "protocol": "openid-connect", + "attributes": { + "oidc.ciba.grant.enabled": "false", + "client.secret.creation.time": "1721631672", + "backchannel.logout.session.required": "true", + "oauth2.device.authorization.grant.enabled": "false", + "display.on.consent.screen": "false", + "backchannel.logout.revoke.offline.tokens": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "protocolMappers": [ + { + "id": "3f93e36a-a825-42c6-a802-a71bf7f16c52", + "name": "Client ID", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "client_id", + "introspection.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "client_id", + "jsonType.label": "String" + } + }, + { + "id": "50efb6af-1295-427c-a1ab-6c13de0ac609", + "name": "Client IP Address", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientAddress", + "introspection.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientAddress", + "jsonType.label": "String" + } + }, + { + "id": "eb07e4b5-4b22-4f6a-bd5e-6906fc83e366", + "name": "Client Host", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientHost", + "introspection.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientHost", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "acr", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, { "id": "183aae87-c9cf-4d70-934b-629aa6974c54", "clientId": "sa-cl7-cx-5", + "name": "Portal BPDM User", "description": "User for Portal to access BPDM for Company Address publishing into the BPDM (portal helm chart: backend.processesworker.bpdm.clientId)", "surrogateAuthRequired": false, "enabled": true,