diff --git a/.codacy.yml b/.codacy.yml index 375921f22d..c78b414256 100644 --- a/.codacy.yml +++ b/.codacy.yml @@ -18,5 +18,5 @@ exclude_paths: - 'tests/acceptance/TestHelpers/**' - 'tests/acceptance/run.sh' - 'vendor/**/*' - - 'tests/ociswrapper/vendor/**' + - 'tests/ocwrapper/vendor/**' ... diff --git a/.github/settings.yml b/.github/settings.yml deleted file mode 100644 index 99e17563c0..0000000000 --- a/.github/settings.yml +++ /dev/null @@ -1,90 +0,0 @@ ---- -_extends: gh-labels - -repository: - name: ocis - description: ':atom_symbol: ownCloud Infinite Scale Stack' - homepage: 'https://doc.owncloud.com/ocis/next/' - topics: reva, ocis - - private: false - has_issues: true - has_projects: true - has_wiki: false - has_downloads: false - - default_branch: master - - allow_squash_merge: true - allow_merge_commit: true - allow_rebase_merge: true - -labels: - - name: OCIS-Fastlane - color: "#deadbf" - description: Planned outside of the sprint - - name: Storage:EOS - color: "#3F7A62" - - name: Storage:S3NG - color: "#3F7A62" - - name: Storage:CephFS - color: "#3F7A62" - - name: Storage:OCIS - color: "#3F7A62" - - name: Storage:POSIX - color: "#3F7A62" - - name: Storage:ownCloudSQL - color: "#3F7A62" - -teams: - - name: ci - permission: admin - - name: employees - permission: push - - name: cern - permission: triage - - name: ocis-contractors - permission: push - -branches: - - name: master - protection: - required_pull_request_reviews: - required_approving_review_count: 1 - dismiss_stale_reviews: false - require_code_owner_reviews: false - required_status_checks: - strict: false - contexts: - - continuous-integration/drone/pr - enforce_admins: null - restrictions: - apps: [] - users: - - dependabot - teams: - - ci - - employees - - ocis-contractors - - name: stable-* - protection: - required_pull_request_reviews: - required_approving_review_count: 2 - dismiss_stale_reviews: false - require_code_owner_reviews: false - required_status_checks: - strict: false - contexts: - - continuous-integration/drone/pr - enforce_admins: null - restrictions: - apps: [] - users: - - dependabot - teams: - - ci - - employees - - ocis-contractors - -... - diff --git a/.make/release.mk b/.make/release.mk index 68f3a2425a..7da628902c 100644 --- a/.make/release.mk +++ b/.make/release.mk @@ -10,8 +10,8 @@ release-dirs: @mkdir -p $(DIST)/binaries $(DIST)/release # docker specific packaging flags -DOCKER_LDFLAGS += -X "$(OC_REPO)/ocis-pkg/config/defaults.BaseDataPathType=path" -X "$(OC_REPO)/ocis-pkg/config/defaults.BaseDataPathValue=/var/lib/ocis" -DOCKER_LDFLAGS += -X "$(OC_REPO)/ocis-pkg/config/defaults.BaseConfigPathType=path" -X "$(OC_REPO)/ocis-pkg/config/defaults.BaseConfigPathValue=/etc/ocis" +DOCKER_LDFLAGS += -X "$(OC_REPO)/pkg/config/defaults.BaseDataPathType=path" -X "$(OC_REPO)/pkg/config/defaults.BaseDataPathValue=/var/lib/opencloud" +DOCKER_LDFLAGS += -X "$(OC_REPO)/pkg/config/defaults.BaseConfigPathType=path" -X "$(OC_REPO)/pkg/config/defaults.BaseConfigPathValue=/etc/opencloud" # We can't link statically when vips is enabled but we still # prefer static linking where possible diff --git a/deployments/continuous-deployment-config/ocis_full/master.yml b/deployments/continuous-deployment-config/ocis_full/master.yml deleted file mode 100644 index ec22c3ed7f..0000000000 --- a/deployments/continuous-deployment-config/ocis_full/master.yml +++ /dev/null @@ -1,52 +0,0 @@ ---- -- name: continuous-deployment-ocis-master - server: - server_type: cx22 - image: ubuntu-24.04 - location: nbg1 - initial_ssh_key_names: - - owncloud-ocis@drone.owncloud.com - labels: - owner: ocis-team - for: oCIS-continuous-deployment-examples - rebuild: $REBUILD - rebuild_carry_paths: - - /var/lib/docker/volumes/ocis_certs - - domains: - - "*.ocis.master.owncloud.works" - - vars: - ssh_authorized_keys: - - https://github.com/kobergj.keys - - https://github.com/2403905.keys - - https://github.com/d7oc.keys - - https://github.com/wkloucek.keys - docker_compose_projects: - - name: ocis - git_url: https://github.com/owncloud/ocis.git - ref: master - docker_compose_path: deployments/examples/ocis_full - env: - INSECURE: "false" - TRAEFIK_ACME_MAIL: julian.koberg@kiteworks.com - OC_DOCKER_TAG: master - OC_DOCKER_IMAGE: owncloud/ocis-rolling - OC_DOMAIN: ocis.ocis.master.owncloud.works - COMPANION_DOMAIN: companion.ocis.master.owncloud.works - COMPANION_IMAGE: owncloud/uppy-companion:3.12.13-owncloud - WOPISERVER_DOMAIN: wopiserver.ocis.master.owncloud.works - COLLABORA_DOMAIN: collabora.ocis.master.owncloud.works - INBUCKET_DOMAIN: mail.ocis.master.owncloud.works - DEMO_USERS: "true" - COMPOSE_FILE: docker-compose.yml:ocis.yml:tika.yml:collabora.yml:web_extensions/extensions.yml:web_extensions/unzip.yml:web_extensions/importer.yml:inbucket.yml:monitoring_tracing/monitoring.yml - - name: monitoring - git_url: https://github.com/owncloud-devops/monitoring-tracing-client.git - ref: master - env: - NETWORK_NAME: ocis-net - TELEMETRY_SERVE_DOMAIN: telemetry.ocis.master.owncloud.works - JAEGER_COLLECTOR: jaeger-collector.infra.owncloud.works:443 - TELEGRAF_SPECIFIC_CONFIG: ocis_full - OC_URL: ocis.ocis.master.owncloud.works - OC_DEPLOYMENT_ID: continuous-deployment-ocis-master diff --git a/deployments/continuous-deployment-config/ocis_full/onlyoffice-master.yml b/deployments/continuous-deployment-config/ocis_full/onlyoffice-master.yml deleted file mode 100644 index 72ed867c95..0000000000 --- a/deployments/continuous-deployment-config/ocis_full/onlyoffice-master.yml +++ /dev/null @@ -1,52 +0,0 @@ ---- -- name: continuous-deployment-ocis-onlyoffice-master - server: - server_type: cx22 - image: ubuntu-24.04 - location: nbg1 - initial_ssh_key_names: - - owncloud-ocis@drone.owncloud.com - labels: - owner: ocis-team - for: oCIS-continuous-deployment-examples - rebuild: $REBUILD - rebuild_carry_paths: - - /var/lib/docker/volumes/ocis_certs - - domains: - - "*.ocis-onlyoffice.master.owncloud.works" - - vars: - ssh_authorized_keys: - - https://github.com/kobergj.keys - - https://github.com/2403905.keys - - https://github.com/d7oc.keys - - https://github.com/wkloucek.keys - docker_compose_projects: - - name: ocis - git_url: https://github.com/owncloud/ocis.git - ref: master - docker_compose_path: deployments/examples/ocis_full - env: - INSECURE: "false" - TRAEFIK_ACME_MAIL: julian.koberg@kiteworks.com - OC_DOCKER_TAG: master - OC_DOCKER_IMAGE: owncloud/ocis-rolling - OC_DOMAIN: ocis.ocis-onlyoffice.master.owncloud.works - COMPANION_DOMAIN: companion.ocis-onlyoffice.master.owncloud.works - COMPANION_IMAGE: owncloud/uppy-companion:3.12.13-owncloud - WOPISERVER_ONLYOFFICE_DOMAIN: wopiserver-oo.ocis-onlyoffice.master.owncloud.works - ONLYOFFICE_DOMAIN: onlyoffice.ocis-onlyoffice.master.owncloud.works - INBUCKET_DOMAIN: mail.ocis-onlyoffice.master.owncloud.works - DEMO_USERS: "true" - COMPOSE_FILE: docker-compose.yml:ocis.yml:tika.yml:onlyoffice.yml:web_extensions/extensions.yml:web_extensions/unzip.yml:web_extensions/importer.yml:inbucket.yml:monitoring_tracing/monitoring-oo.yml - - name: monitoring - git_url: https://github.com/owncloud-devops/monitoring-tracing-client.git - ref: master - env: - NETWORK_NAME: ocis-net - TELEMETRY_SERVE_DOMAIN: telemetry.ocis-onlyoffice.master.owncloud.works - JAEGER_COLLECTOR: jaeger-collector.infra.owncloud.works:443 - TELEGRAF_SPECIFIC_CONFIG: ocis_onlyoffice - OC_URL: ocis.ocis-onlyoffice.master.owncloud.works - OC_DEPLOYMENT_ID: continuous-deployment-ocis-onlyoffice-master diff --git a/deployments/continuous-deployment-config/ocis_full/onlyoffice-rolling.yml b/deployments/continuous-deployment-config/ocis_full/onlyoffice-rolling.yml deleted file mode 100644 index 108057ee55..0000000000 --- a/deployments/continuous-deployment-config/ocis_full/onlyoffice-rolling.yml +++ /dev/null @@ -1,52 +0,0 @@ ---- -- name: continuous-deployment-ocis-onlyoffice-rolling - server: - server_type: cx22 - image: ubuntu-24.04 - location: nbg1 - initial_ssh_key_names: - - owncloud-ocis@drone.owncloud.com - labels: - owner: ocis-team - for: oCIS-continuous-deployment-examples - rebuild: $REBUILD - rebuild_carry_paths: - - /var/lib/docker/volumes/ocis_certs - - domains: - - "*.ocis-onlyoffice.rolling.owncloud.works" - - vars: - ssh_authorized_keys: - - https://github.com/kobergj.keys - - https://github.com/2403905.keys - - https://github.com/d7oc.keys - - https://github.com/wkloucek.keys - docker_compose_projects: - - name: ocis - git_url: https://github.com/owncloud/ocis.git - ref: master - docker_compose_path: deployments/examples/ocis_full - env: - INSECURE: "false" - TRAEFIK_ACME_MAIL: julian.koberg@kiteworks.com - OC_DOCKER_TAG: 6.6.1 - OC_DOCKER_IMAGE: owncloud/ocis-rolling - OC_DOMAIN: ocis.ocis-onlyoffice.rolling.owncloud.works - COMPANION_DOMAIN: companion.ocis-onlyoffice.rolling.owncloud.works - COMPANION_IMAGE: owncloud/uppy-companion:3.12.13-owncloud - WOPISERVER_ONLYOFFICE_DOMAIN: wopiserver-oo.ocis-onlyoffice.rolling.owncloud.works - ONLYOFFICE_DOMAIN: onlyoffice.ocis-onlyoffice.rolling.owncloud.works - INBUCKET_DOMAIN: mail.ocis-onlyoffice.rolling.owncloud.works - DEMO_USERS: "true" - COMPOSE_FILE: docker-compose.yml:ocis.yml:tika.yml:onlyoffice.yml:web_extensions/extensions.yml:web_extensions/unzip.yml:web_extensions/importer.yml:inbucket.yml:monitoring_tracing/monitoring-oo.yml - - name: monitoring - git_url: https://github.com/owncloud-devops/monitoring-tracing-client.git - ref: master - env: - NETWORK_NAME: ocis-net - TELEMETRY_SERVE_DOMAIN: telemetry.ocis-onlyoffice.rolling.owncloud.works - JAEGER_COLLECTOR: jaeger-collector.infra.owncloud.works:443 - TELEGRAF_SPECIFIC_CONFIG: ocis_onlyoffice - OC_URL: ocis.ocis-onlyoffice.rolling.owncloud.works - OC_DEPLOYMENT_ID: continuous-deployment-ocis-onlyoffice-rolling diff --git a/deployments/continuous-deployment-config/ocis_full/production.yml b/deployments/continuous-deployment-config/ocis_full/production.yml deleted file mode 100644 index 18000a3d7f..0000000000 --- a/deployments/continuous-deployment-config/ocis_full/production.yml +++ /dev/null @@ -1,51 +0,0 @@ ---- -- name: continuous-deployment-ocis-production - server: - server_type: cx22 - image: ubuntu-24.04 - location: nbg1 - initial_ssh_key_names: - - owncloud-ocis@drone.owncloud.com - labels: - owner: ocis-team - for: oCIS-continuous-deployment-examples - rebuild: $REBUILD - rebuild_carry_paths: - - /var/lib/docker/volumes/ocis_certs - - domains: - - "*.ocis.production.owncloud.works" - - vars: - ssh_authorized_keys: - - https://github.com/kobergj.keys - - https://github.com/2403905.keys - - https://github.com/d7oc.keys - - https://github.com/wkloucek.keys - docker_compose_projects: - - name: ocis - git_url: https://github.com/owncloud/ocis.git - ref: master - docker_compose_path: deployments/examples/ocis_full - env: - INSECURE: "false" - TRAEFIK_ACME_MAIL: julian.koberg@kiteworks.com - OC_DOCKER_TAG: 7.0.0 - OC_DOMAIN: ocis.ocis.production.owncloud.works - COMPANION_DOMAIN: companion.ocis.production.owncloud.works - COMPANION_IMAGE: owncloud/uppy-companion:3.12.13-owncloud - WOPISERVER_DOMAIN: wopiserver.ocis.production.owncloud.works - COLLABORA_DOMAIN: collabora.ocis.production.owncloud.works - INBUCKET_DOMAIN: mail.ocis.production.owncloud.works - DEMO_USERS: "true" - COMPOSE_FILE: docker-compose.yml:ocis.yml:tika.yml:collabora.yml:web_extensions/extensions.yml:web_extensions/unzip.yml:web_extensions/importer.yml:inbucket.yml:monitoring_tracing/monitoring.yml - - name: monitoring - git_url: https://github.com/owncloud-devops/monitoring-tracing-client.git - ref: master - env: - NETWORK_NAME: ocis-net - TELEMETRY_SERVE_DOMAIN: telemetry.ocis.production.owncloud.works - JAEGER_COLLECTOR: jaeger-collector.infra.owncloud.works:443 - TELEGRAF_SPECIFIC_CONFIG: ocis_wopi - OC_URL: ocis.ocis.production.owncloud.works - OC_DEPLOYMENT_ID: continuous-deployment-ocis-production diff --git a/deployments/continuous-deployment-config/ocis_full/rolling.yml b/deployments/continuous-deployment-config/ocis_full/rolling.yml deleted file mode 100644 index fa22515c5f..0000000000 --- a/deployments/continuous-deployment-config/ocis_full/rolling.yml +++ /dev/null @@ -1,52 +0,0 @@ ---- -- name: continuous-deployment-ocis-rolling - server: - server_type: cx22 - image: ubuntu-24.04 - location: nbg1 - initial_ssh_key_names: - - owncloud-ocis@drone.owncloud.com - labels: - owner: ocis-team - for: oCIS-continuous-deployment-examples - rebuild: $REBUILD - rebuild_carry_paths: - - /var/lib/docker/volumes/ocis_certs - - domains: - - "*.ocis.rolling.owncloud.works" - - vars: - ssh_authorized_keys: - - https://github.com/kobergj.keys - - https://github.com/2403905.keys - - https://github.com/d7oc.keys - - https://github.com/wkloucek.keys - docker_compose_projects: - - name: ocis - git_url: https://github.com/owncloud/ocis.git - ref: master - docker_compose_path: deployments/examples/ocis_full - env: - INSECURE: "false" - TRAEFIK_ACME_MAIL: julian.koberg@kiteworks.com - OC_DOCKER_TAG: 6.6.1 - OC_DOCKER_IMAGE: owncloud/ocis-rolling - OC_DOMAIN: ocis.ocis.rolling.owncloud.works - COMPANION_DOMAIN: companion.ocis.rolling.owncloud.works - COMPANION_IMAGE: owncloud/uppy-companion:3.12.13-owncloud - WOPISERVER_DOMAIN: wopiserver.ocis.rolling.owncloud.works - COLLABORA_DOMAIN: collabora.ocis.rolling.owncloud.works - INBUCKET_DOMAIN: mail.ocis.rolling.owncloud.works - DEMO_USERS: "true" - COMPOSE_FILE: docker-compose.yml:ocis.yml:tika.yml:collabora.yml:web_extensions/extensions.yml:web_extensions/unzip.yml:web_extensions/importer.yml:inbucket.yml:monitoring_tracing/monitoring.yml - - name: monitoring - git_url: https://github.com/owncloud-devops/monitoring-tracing-client.git - ref: master - env: - NETWORK_NAME: ocis-net - TELEMETRY_SERVE_DOMAIN: telemetry.ocis.rolling.owncloud.works - JAEGER_COLLECTOR: jaeger-collector.infra.owncloud.works:443 - TELEGRAF_SPECIFIC_CONFIG: ocis_full - OC_URL: ocis.ocis.rolling.owncloud.works - OC_DEPLOYMENT_ID: continuous-deployment-ocis-rolling diff --git a/deployments/continuous-deployment-config/ocis_full/s3-rolling.yml b/deployments/continuous-deployment-config/ocis_full/s3-rolling.yml deleted file mode 100644 index 05ea103235..0000000000 --- a/deployments/continuous-deployment-config/ocis_full/s3-rolling.yml +++ /dev/null @@ -1,53 +0,0 @@ ---- -- name: continuous-deployment-ocis-s3-rolling - server: - server_type: cx22 - image: ubuntu-24.04 - location: nbg1 - initial_ssh_key_names: - - owncloud-ocis@drone.owncloud.com - labels: - owner: ocis-team - for: oCIS-continuous-deployment-examples - rebuild: $REBUILD - rebuild_carry_paths: - - /var/lib/docker/volumes/ocis_certs - - domains: - - "*.ocis-s3.rolling.owncloud.works" - - vars: - ssh_authorized_keys: - - https://github.com/kobergj.keys - - https://github.com/2403905.keys - - https://github.com/d7oc.keys - - https://github.com/wkloucek.keys - docker_compose_projects: - - name: ocis - git_url: https://github.com/owncloud/ocis.git - ref: master - docker_compose_path: deployments/examples/ocis_full - env: - INSECURE: "false" - TRAEFIK_ACME_MAIL: julian.koberg@kiteworks.com - OC_DOCKER_TAG: 6.6.1 - OC_DOCKER_IMAGE: owncloud/ocis-rolling - OC_DOMAIN: ocis.ocis-s3.rolling.owncloud.works - COMPANION_DOMAIN: companion.ocis-s3.rolling.owncloud.works - COMPANION_IMAGE: owncloud/uppy-companion:3.12.13-owncloud - WOPISERVER_DOMAIN: wopiserver.ocis-s3.rolling.owncloud.works - COLLABORA_DOMAIN: collabora.ocis-s3.rolling.owncloud.works - INBUCKET_DOMAIN: mail.ocis-s3.rolling.owncloud.works - MINIO_DOMAIN: minio.ocis-s3.rolling.owncloud.works - DEMO_USERS: "true" - COMPOSE_FILE: docker-compose.yml:ocis.yml:s3ng.yml:minio.yml:tika.yml:collabora.yml:web_extensions/extensions.yml:web_extensions/unzip.yml:web_extensions/importer.yml:inbucket.yml:monitoring_tracing/monitoring.yml - - name: monitoring - git_url: https://github.com/owncloud-devops/monitoring-tracing-client.git - ref: master - env: - NETWORK_NAME: ocis-net - TELEMETRY_SERVE_DOMAIN: telemetry.ocis-s3.rolling.owncloud.works - JAEGER_COLLECTOR: jaeger-collector.infra.owncloud.works:443 - TELEGRAF_SPECIFIC_CONFIG: ocis_full - OC_URL: ocis.ocis-s3.rolling.owncloud.works - OC_DEPLOYMENT_ID: continuous-deployment-ocis-s3-rolling diff --git a/deployments/continuous-deployment-config/ocis_keycloak/rolling.yml b/deployments/continuous-deployment-config/ocis_keycloak/rolling.yml deleted file mode 100644 index 644e932a5c..0000000000 --- a/deployments/continuous-deployment-config/ocis_keycloak/rolling.yml +++ /dev/null @@ -1,47 +0,0 @@ ---- -- name: continuous-deployment-ocis-keycloak-rolling - server: - server_type: cx22 - image: ubuntu-24.04 - location: nbg1 - initial_ssh_key_names: - - owncloud-ocis@drone.owncloud.com - labels: - owner: ocis-team - for: oCIS-continuous-deployment-examples - rebuild: $REBUILD - rebuild_carry_paths: - - /var/lib/docker/volumes/ocis_certs - - domains: - - "*.ocis-keycloak.rolling.owncloud.works" - - vars: - ssh_authorized_keys: - - https://github.com/kobergj.keys - - https://github.com/2403905.keys - - https://github.com/d7oc.keys - - https://github.com/wkloucek.keys - docker_compose_projects: - - name: ocis - git_url: https://github.com/owncloud/ocis.git - ref: master - docker_compose_path: deployments/examples/ocis_keycloak - env: - INSECURE: "false" - TRAEFIK_ACME_MAIL: julian.koberg@kiteworks.com - OC_DOCKER_TAG: 6.6.1 - OC_DOCKER_IMAGE: owncloud/ocis-rolling - OC_DOMAIN: ocis.ocis-keycloak.rolling.owncloud.works - KEYCLOAK_DOMAIN: keycloak.ocis-keycloak.rolling.owncloud.works - COMPOSE_FILE: docker-compose.yml:monitoring_tracing/docker-compose-additions.yml - - name: monitoring - git_url: https://github.com/owncloud-devops/monitoring-tracing-client.git - ref: master - env: - NETWORK_NAME: ocis-net - TELEMETRY_SERVE_DOMAIN: telemetry.ocis-keycloak.rolling.owncloud.works - JAEGER_COLLECTOR: jaeger-collector.infra.owncloud.works:443 - TELEGRAF_SPECIFIC_CONFIG: ocis_single_container - OC_URL: ocis.ocis-keycloak.rolling.owncloud.works - OC_DEPLOYMENT_ID: continuous-deployment-ocis-keycloak-rolling diff --git a/deployments/continuous-deployment-config/ocis_ldap/rolling.yml b/deployments/continuous-deployment-config/ocis_ldap/rolling.yml deleted file mode 100644 index 3b6e30b8b1..0000000000 --- a/deployments/continuous-deployment-config/ocis_ldap/rolling.yml +++ /dev/null @@ -1,47 +0,0 @@ ---- -- name: continuous-deployment-ocis-ldap-rolling - server: - server_type: cx22 - image: ubuntu-24.04 - location: nbg1 - initial_ssh_key_names: - - owncloud-ocis@drone.owncloud.com - labels: - owner: ocis-team - for: oCIS-continuous-deployment-examples - rebuild: $REBUILD - rebuild_carry_paths: - - /var/lib/docker/volumes/ocis_certs - - domains: - - "*.ocis-ldap.rolling.owncloud.works" - - vars: - ssh_authorized_keys: - - https://github.com/kobergj.keys - - https://github.com/2403905.keys - - https://github.com/d7oc.keys - - https://github.com/wkloucek.keys - docker_compose_projects: - - name: ocis - git_url: https://github.com/owncloud/ocis.git - ref: master - docker_compose_path: deployments/examples/ocis_ldap - env: - INSECURE: "false" - TRAEFIK_ACME_MAIL: julian.koberg@kiteworks.com - OC_DOCKER_TAG: 6.6.1 - OC_DOCKER_IMAGE: owncloud/ocis-rolling - OC_DOMAIN: ocis.ocis-ldap.rolling.owncloud.works - LDAP_MANAGER_DOMAIN: ldap.ocis-ldap.rolling.owncloud.works - COMPOSE_FILE: docker-compose.yml:monitoring_tracing/docker-compose-additions.yml - - name: monitoring - git_url: https://github.com/owncloud-devops/monitoring-tracing-client.git - ref: master - env: - NETWORK_NAME: ocis-net - TELEMETRY_SERVE_DOMAIN: telemetry.ocis-ldap.rolling.owncloud.works - JAEGER_COLLECTOR: jaeger-collector.infra.owncloud.works:443 - TELEGRAF_SPECIFIC_CONFIG: ocis_single_container - OC_URL: ocis.ocis-ldap.rolling.owncloud.works - OC_DEPLOYMENT_ID: continuous-deployment-ocis-ldap-rolling diff --git a/deployments/continuous-deployment-config/opencloud_full/master.yml b/deployments/continuous-deployment-config/opencloud_full/master.yml new file mode 100644 index 0000000000..5ade46a137 --- /dev/null +++ b/deployments/continuous-deployment-config/opencloud_full/master.yml @@ -0,0 +1,49 @@ +--- +- name: continuous-deployment-opencloud-master + server: + server_type: cx22 + image: ubuntu-24.04 + location: nbg1 + initial_ssh_key_names: + - opencloud@drone.opencloud.com + labels: + owner: ocis-team + for: opencloud-continuous-deployment-examples + rebuild: $REBUILD + rebuild_carry_paths: + - /var/lib/docker/volumes/opencloud_certs + + domains: + - "*.ocis.main.opencloud.works" + + vars: + ssh_authorized_keys: + - https://github.com/micbar.keys + docker_compose_projects: + - name: opencloud + git_url: https://github.com/opencloud-eu/opencloud.git + ref: main + docker_compose_path: deployments/examples/opencloud_full + env: + INSECURE: "false" + TRAEFIK_ACME_MAIL: devops@opencloud.eu + OC_DOCKER_TAG: main + OC_DOCKER_IMAGE: opencloud-eu/opencloud-rolling:main + OC_DOMAIN: cloud.main.opencloud.rocks + COMPANION_DOMAIN: companion.main.opencloud.rocks + COMPANION_IMAGE: transloadit/companion:5.5.0 + WOPISERVER_DOMAIN: wopiserver.main.opencloud.rocks + COLLABORA_DOMAIN: collabora.main.opencloud.rocks + INBUCKET_DOMAIN: mail.main.opencloud.rocks + DEMO_USERS: "true" + COMPOSE_FILE: docker-compose.yml:opencloud.yml:tika.yml:collabora.yml:web_extensions/extensions.yml:web_extensions/unzip.yml:web_extensions/importer.yml:inbucket.yml:monitoring_tracing/monitoring.yml + - name: monitoring + git_url: https://github.com/opencloud-devops/monitoring-tracing-client.git + ref: master + env: + NETWORK_NAME: opencloud-net + TELEMETRY_SERVE_DOMAIN: telemetry.main.opencloud.rocks + JAEGER_COLLECTOR: jaeger-collector.infra.opencloud.works:443 + TELEGRAF_SPECIFIC_CONFIG: opencloud_full + OC_URL: opencloud.main.opencloud.rocks + OC_DEPLOYMENT_ID: continuous-deployment-opencloud-master diff --git a/deployments/examples/oc10_ocis_parallel/.env b/deployments/examples/oc10_ocis_parallel/.env deleted file mode 100644 index da990f94b4..0000000000 --- a/deployments/examples/oc10_ocis_parallel/.env +++ /dev/null @@ -1,69 +0,0 @@ -# If you're on a internet facing server please comment out following line. -# It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates. -INSECURE=true - -# The demo users should not be created on a production instance -# because their passwords are public -DEMO_USERS=false - -### Traefik settings ### -TRAEFIK_LOG_LEVEL= -# Serve Traefik dashboard. Defaults to "false". -TRAEFIK_DASHBOARD= -# Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test" -TRAEFIK_DOMAIN= -# Basic authentication for the dashboard. Defaults to user "admin" and password "admin" -TRAEFIK_BASIC_AUTH_USERS= -# Email address for obtaining LetsEncrypt certificates, needs only be changed if this is a public facing server -TRAEFIK_ACME_MAIL= - -### shared oCIS / oC10 settings ### -# Domain of oCIS / oC10, where you can find the frontend. Defaults to "cloud.owncloud.test" -CLOUD_DOMAIN= - -### oCIS settings ### -# oCIS version. Defaults to "latest" -OC_DOCKER_TAG= -# JWT secret which is used for the storage provider. Must be changed in order to have a secure oCIS. Defaults to "Pive-Fumkiu4" -OC_JWT_SECRET= -# JWT secret which is used for uploads to create transfer tokens. Must be changed in order to have a secure oCIS. Defaults to "replace-me-with-a-transfer-secret" -STORAGE_TRANSFER_SECRET= -# Machine auth api key secret. Must be changed in order to have a secure oCIS. Defaults to "change-me-please" -OC_MACHINE_AUTH_API_KEY= - -### oCIS settings ### -# oC10 version. Defaults to "latest" -OC10_DOCKER_TAG= -# client secret which the openidconnect app uses to authenticate to Keycloak. Defaults to "oc10-oidc-secret" -OC10_OIDC_CLIENT_SECRET= -# app which will be shown when opening the ownCloud 10 UI. Defaults to "files" but also could be set to "web" -OWNCLOUD_DEFAULT_APP= -# if set to "false" (default) links will be opened in the classic UI, if set to "true" ownCloud Web is used -OWNCLOUD_WEB_REWRITE_LINKS= - -### LDAP settings ### -# password for the LDAP admin user "cn=admin,dc=owncloud,dc=com", defaults to "admin" -LDAP_ADMIN_PASSWORD= -# Domain of the LDAP management frontend. Defaults to "ldap.owncloud.test" -LDAP_MANAGER_DOMAIN= - -### Keycloak ### -# Domain of Keycloak, where you can find the management and authentication frontend. Defaults to "keycloak.owncloud.test" -KEYCLOAK_DOMAIN= -# Realm which to be used with oCIS. Defaults to "oCIS" -KEYCLOAK_REALM= -# Admin user login name. Defaults to "admin" -KEYCLOAK_ADMIN_USER= -# Admin user login password. Defaults to "admin" -KEYCLOAK_ADMIN_PASSWORD= - - -# If you want to use debugging and tracing with this stack, -# you need uncomment following line. Please see documentation at -# https://owncloud.dev/ocis/deployment/monitoring-tracing/ -#COMPOSE_FILE=docker-compose.yml:monitoring_tracing/docker-compose-additions.yml - -# If you want to use the testsuite with this stack, -# you need uncomment following line. Please see documentation at -# https://owncloud.dev/ocis/development/testing/ -#COMPOSE_FILE=docker-compose.yml:testing/docker-compose-additions.yml diff --git a/deployments/examples/oc10_ocis_parallel/README.md b/deployments/examples/oc10_ocis_parallel/README.md deleted file mode 100644 index 32b7d50815..0000000000 --- a/deployments/examples/oc10_ocis_parallel/README.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -document this deployment example in docs/ocis/deployment/oc10_ocis_parallel.md ---- - -Please refer to [our documentation](https://owncloud.dev/ocis/deployment/oc10_ocis_parallel/) -for instructions on how to deploy this scenario. diff --git a/deployments/examples/oc10_ocis_parallel/config/keycloak/clients/android_app.json b/deployments/examples/oc10_ocis_parallel/config/keycloak/clients/android_app.json deleted file mode 100644 index 9e13b0763f..0000000000 --- a/deployments/examples/oc10_ocis_parallel/config/keycloak/clients/android_app.json +++ /dev/null @@ -1,63 +0,0 @@ -{ - "clientId": "e4rAsNUSIUs0lF4nbv9FmCeUkTlV9GdgTLDH1b5uie7syb90SzEVrbN7HIpmWJeD", - "name": "ownCloud Android app", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret" : "dInFYGV33xKzhbRmpqQltYNdfLdJIfJ9L5ISoKhNoT9qZftpdWSP71VrpGR9pmoD", - "redirectUris": [ - "oc://android.owncloud.com" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "exclude.session.state.from.auth.response": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "role_list", - "profile", - "roles", - "owncloud", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ], - "access": { - "view": true, - "configure": true, - "manage": true - } -} diff --git a/deployments/examples/oc10_ocis_parallel/config/keycloak/clients/desktop_client.json b/deployments/examples/oc10_ocis_parallel/config/keycloak/clients/desktop_client.json deleted file mode 100644 index 5094e22baa..0000000000 --- a/deployments/examples/oc10_ocis_parallel/config/keycloak/clients/desktop_client.json +++ /dev/null @@ -1,64 +0,0 @@ -{ - "clientId": "xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69", - "name": "ownCloud desktop client", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret" : "UBntmLjC2yYCeHwsyj73Uwo9TAaecAetRwMw0xYcvNL9yRdLSUi0hUAHfvCHFeFh", - "redirectUris": [ - "http://127.0.0.1:*", - "http://localhost:*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "exclude.session.state.from.auth.response": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "role_list", - "profile", - "roles", - "owncloud", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ], - "access": { - "view": true, - "configure": true, - "manage": true - } -} diff --git a/deployments/examples/oc10_ocis_parallel/config/keycloak/clients/ios_app.json b/deployments/examples/oc10_ocis_parallel/config/keycloak/clients/ios_app.json deleted file mode 100644 index 3a1672dd9c..0000000000 --- a/deployments/examples/oc10_ocis_parallel/config/keycloak/clients/ios_app.json +++ /dev/null @@ -1,63 +0,0 @@ -{ - "clientId": "mxd5OQDk6es5LzOzRvidJNfXLUZS2oN3oUFeXPP8LpPrhx3UroJFduGEYIBOxkY1", - "name": "ownCloud iOS app", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret" : "KFeFWWEZO9TkisIQzR3fo7hfiMXlOpaqP8CFuTbSHzV1TUuGECglPxpiVKJfOXIx", - "redirectUris": [ - "oc://ios.owncloud.com" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "exclude.session.state.from.auth.response": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "role_list", - "profile", - "roles", - "owncloud", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ], - "access": { - "view": true, - "configure": true, - "manage": true - } -} diff --git a/deployments/examples/oc10_ocis_parallel/config/keycloak/clients/oc10-web.json b/deployments/examples/oc10_ocis_parallel/config/keycloak/clients/oc10-web.json deleted file mode 100644 index 3520f87d55..0000000000 --- a/deployments/examples/oc10_ocis_parallel/config/keycloak/clients/oc10-web.json +++ /dev/null @@ -1,69 +0,0 @@ -{ - "clientId": "oc10-web", - "rootUrl": "https://cloud.owncloud.test", - "adminUrl": "https://cloud.owncloud.test", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "https://cloud.owncloud.test/*" - ], - "webOrigins": [ - "https://cloud.owncloud.test" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.assertion.signature": "false", - "id.token.as.detached.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "owncloud", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ], - "access": { - "view": true, - "configure": true, - "manage": true - } -} \ No newline at end of file diff --git a/deployments/examples/oc10_ocis_parallel/config/keycloak/clients/oc10.json b/deployments/examples/oc10_ocis_parallel/config/keycloak/clients/oc10.json deleted file mode 100644 index 6b5d441bb9..0000000000 --- a/deployments/examples/oc10_ocis_parallel/config/keycloak/clients/oc10.json +++ /dev/null @@ -1,69 +0,0 @@ -{ - "clientId": "oc10", - "rootUrl": "https://cloud.owncloud.test", - "adminUrl": "https://cloud.owncloud.test", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "https://cloud.owncloud.test/*" - ], - "webOrigins": [ - "https://cloud.owncloud.test" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "owncloud", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ], - "access": { - "view": true, - "configure": true, - "manage": true - } -} \ No newline at end of file diff --git a/deployments/examples/oc10_ocis_parallel/config/keycloak/clients/ocis-web.json b/deployments/examples/oc10_ocis_parallel/config/keycloak/clients/ocis-web.json deleted file mode 100644 index 0e6ea758d4..0000000000 --- a/deployments/examples/oc10_ocis_parallel/config/keycloak/clients/ocis-web.json +++ /dev/null @@ -1,65 +0,0 @@ -{ - "clientId": "ocis-web", - "rootUrl": "https://cloud.owncloud.test", - "adminUrl": "https://cloud.owncloud.test", - "baseUrl": "", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "https://cloud.owncloud.test/*" - ], - "webOrigins": [ - "https://cloud.owncloud.test" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "exclude.session.state.from.auth.response": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "owncloud", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ], - "access": { - "view": true, - "configure": true, - "manage": true - } -} \ No newline at end of file diff --git a/deployments/examples/oc10_ocis_parallel/config/keycloak/docker-entrypoint-override.sh b/deployments/examples/oc10_ocis_parallel/config/keycloak/docker-entrypoint-override.sh deleted file mode 100644 index a892bccb70..0000000000 --- a/deployments/examples/oc10_ocis_parallel/config/keycloak/docker-entrypoint-override.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash -printenv -# replace owncloud domain in keycloak realm import -cp /opt/jboss/keycloak/owncloud-realm.dist.json /opt/jboss/keycloak/owncloud-realm.json -sed -i "s/cloud.owncloud.test/${CLOUD_DOMAIN}/g" /opt/jboss/keycloak/owncloud-realm.json -sed -i "s/oc10-oidc-secret/${OC10_OIDC_CLIENT_SECRET}/g" /opt/jboss/keycloak/owncloud-realm.json -sed -i "s/ldap-bind-credential/${LDAP_ADMIN_PASSWORD}/g" /opt/jboss/keycloak/owncloud-realm.json - - - -# run original docker-entrypoint -/opt/jboss/tools/docker-entrypoint.sh diff --git a/deployments/examples/oc10_ocis_parallel/config/keycloak/owncloud-realm.dist.json b/deployments/examples/oc10_ocis_parallel/config/keycloak/owncloud-realm.dist.json deleted file mode 100644 index d0214d5314..0000000000 --- a/deployments/examples/oc10_ocis_parallel/config/keycloak/owncloud-realm.dist.json +++ /dev/null @@ -1,2204 +0,0 @@ -{ - "id" : "owncloud", - "realm" : "owncloud", - "displayName" : "ownCloud", - "notBefore" : 0, - "defaultSignatureAlgorithm" : "RS256", - "revokeRefreshToken" : false, - "refreshTokenMaxReuse" : 0, - "accessTokenLifespan" : 300, - "accessTokenLifespanForImplicitFlow" : 900, - "ssoSessionIdleTimeout" : 1800, - "ssoSessionMaxLifespan" : 36000, - "ssoSessionIdleTimeoutRememberMe" : 0, - "ssoSessionMaxLifespanRememberMe" : 0, - "offlineSessionIdleTimeout" : 2592000, - "offlineSessionMaxLifespanEnabled" : false, - "offlineSessionMaxLifespan" : 5184000, - "clientSessionIdleTimeout" : 0, - "clientSessionMaxLifespan" : 0, - "clientOfflineSessionIdleTimeout" : 0, - "clientOfflineSessionMaxLifespan" : 0, - "accessCodeLifespan" : 60, - "accessCodeLifespanUserAction" : 300, - "accessCodeLifespanLogin" : 1800, - "actionTokenGeneratedByAdminLifespan" : 43200, - "actionTokenGeneratedByUserLifespan" : 300, - "oauth2DeviceCodeLifespan" : 600, - "oauth2DevicePollingInterval" : 5, - "enabled" : true, - "sslRequired" : "external", - "registrationAllowed" : false, - "registrationEmailAsUsername" : false, - "rememberMe" : false, - "verifyEmail" : false, - "loginWithEmailAllowed" : true, - "duplicateEmailsAllowed" : false, - "resetPasswordAllowed" : false, - "editUsernameAllowed" : false, - "bruteForceProtected" : false, - "permanentLockout" : false, - "maxFailureWaitSeconds" : 900, - "minimumQuickLoginWaitSeconds" : 60, - "waitIncrementSeconds" : 60, - "quickLoginCheckMilliSeconds" : 1000, - "maxDeltaTimeSeconds" : 43200, - "failureFactor" : 30, - "roles" : { - "realm" : [ { - "id" : "2d576514-4aae-46aa-9d9c-075f55f4d988", - "name" : "uma_authorization", - "description" : "${role_uma_authorization}", - "composite" : false, - "clientRole" : false, - "containerId" : "owncloud", - "attributes" : { } - }, { - "id" : "cec7efb8-43d8-48ec-b1a4-c6956bc11ba3", - "name" : "default-roles-ocis", - "description" : "${role_default-roles}", - "composite" : true, - "composites" : { - "realm" : [ "offline_access", "uma_authorization" ], - "client" : { - "account" : [ "manage-account", "view-profile" ] - } - }, - "clientRole" : false, - "containerId" : "owncloud", - "attributes" : { } - }, { - "id" : "e2145b30-bf6f-49fb-af3f-1b40168bfcef", - "name" : "offline_access", - "description" : "${role_offline-access}", - "composite" : false, - "clientRole" : false, - "containerId" : "owncloud", - "attributes" : { } - } ], - "client" : { - "oc10" : [ ], - "_system" : [ ], - "realm-management" : [ { - "id" : "979ce053-a671-4b50-81d5-da4bdf7404c9", - "name" : "view-clients", - "description" : "${role_view-clients}", - "composite" : true, - "composites" : { - "client" : { - "realm-management" : [ "query-clients" ] - } - }, - "clientRole" : true, - "containerId" : "7848ee94-cc9b-40db-946f-a86ac73dc9b7", - "attributes" : { } - }, { - "id" : "4bec4791-e888-4dac-bc95-71720d5981b9", - "name" : "query-users", - "description" : "${role_query-users}", - "composite" : false, - "clientRole" : true, - "containerId" : "7848ee94-cc9b-40db-946f-a86ac73dc9b7", - "attributes" : { } - }, { - "id" : "955b4406-b04f-432d-a61a-571675874341", - "name" : "manage-authorization", - "description" : "${role_manage-authorization}", - "composite" : false, - "clientRole" : true, - "containerId" : "7848ee94-cc9b-40db-946f-a86ac73dc9b7", - "attributes" : { } - }, { - "id" : "baa219af-2773-4d59-b06b-485f10fbbab3", - "name" : "view-events", - "description" : "${role_view-events}", - "composite" : false, - "clientRole" : true, - "containerId" : "7848ee94-cc9b-40db-946f-a86ac73dc9b7", - "attributes" : { } - }, { - "id" : "f280bc03-d079-478d-be06-3590580b25e9", - "name" : "manage-users", - "description" : "${role_manage-users}", - "composite" : false, - "clientRole" : true, - "containerId" : "7848ee94-cc9b-40db-946f-a86ac73dc9b7", - "attributes" : { } - }, { - "id" : "db698163-84ad-46c9-958f-bb5f80ae78b5", - "name" : "query-clients", - "description" : "${role_query-clients}", - "composite" : false, - "clientRole" : true, - "containerId" : "7848ee94-cc9b-40db-946f-a86ac73dc9b7", - "attributes" : { } - }, { - "id" : "36c04d89-abf7-4a2c-a808-8efa9aca1435", - "name" : "manage-clients", - "description" : "${role_manage-clients}", - "composite" : false, - "clientRole" : true, - "containerId" : "7848ee94-cc9b-40db-946f-a86ac73dc9b7", - "attributes" : { } - }, { - "id" : "06eae953-11d5-4344-b089-ffce1e68d5d8", - "name" : "query-realms", - "description" : "${role_query-realms}", - "composite" : false, - "clientRole" : true, - "containerId" : "7848ee94-cc9b-40db-946f-a86ac73dc9b7", - "attributes" : { } - }, { - "id" : "afe8aa78-2f06-43a5-8c99-cf68a1f5a86a", - "name" : "realm-admin", - "description" : "${role_realm-admin}", - "composite" : true, - "composites" : { - "client" : { - "realm-management" : [ "view-clients", "query-users", "manage-authorization", "view-events", "manage-users", "query-clients", "manage-clients", "query-realms", "impersonation", "manage-realm", "manage-identity-providers", "view-authorization", "create-client", "query-groups", "view-users", "view-realm", "view-identity-providers", "manage-events" ] - } - }, - "clientRole" : true, - "containerId" : "7848ee94-cc9b-40db-946f-a86ac73dc9b7", - "attributes" : { } - }, { - "id" : "22ee128a-b28e-4c6a-aa8e-ad4136d74e1b", - "name" : "impersonation", - "description" : "${role_impersonation}", - "composite" : false, - "clientRole" : true, - "containerId" : "7848ee94-cc9b-40db-946f-a86ac73dc9b7", - "attributes" : { } - }, { - "id" : "89d4f119-7f87-44d9-8eef-d207304de778", - "name" : "manage-realm", - "description" : "${role_manage-realm}", - "composite" : false, - "clientRole" : true, - "containerId" : "7848ee94-cc9b-40db-946f-a86ac73dc9b7", - "attributes" : { } - }, { - "id" : "ebffeff4-6794-4003-a2ab-a79eff7d1baa", - "name" : "manage-identity-providers", - "description" : "${role_manage-identity-providers}", - "composite" : false, - "clientRole" : true, - "containerId" : "7848ee94-cc9b-40db-946f-a86ac73dc9b7", - "attributes" : { } - }, { - "id" : "2361a7ff-d2b3-43f5-b360-ad0e44fba65c", - "name" : "view-authorization", - "description" : "${role_view-authorization}", - "composite" : false, - "clientRole" : true, - "containerId" : "7848ee94-cc9b-40db-946f-a86ac73dc9b7", - "attributes" : { } - }, { - "id" : "f7bf6d7a-a861-49c6-8f6f-225c18d0a03a", - "name" : "create-client", - "description" : "${role_create-client}", - "composite" : false, - "clientRole" : true, - "containerId" : "7848ee94-cc9b-40db-946f-a86ac73dc9b7", - "attributes" : { } - }, { - "id" : "34ccce1c-5a7e-4268-8836-2276545be900", - "name" : "query-groups", - "description" : "${role_query-groups}", - "composite" : false, - "clientRole" : true, - "containerId" : "7848ee94-cc9b-40db-946f-a86ac73dc9b7", - "attributes" : { } - }, { - "id" : "430f7831-8f22-4518-bd15-2998eae45a51", - "name" : "view-users", - "description" : "${role_view-users}", - "composite" : true, - "composites" : { - "client" : { - "realm-management" : [ "query-groups", "query-users" ] - } - }, - "clientRole" : true, - "containerId" : "7848ee94-cc9b-40db-946f-a86ac73dc9b7", - "attributes" : { } - }, { - "id" : "371a31e6-4494-4b74-b3ea-d030663423ed", - "name" : "view-realm", - "description" : "${role_view-realm}", - "composite" : false, - "clientRole" : true, - "containerId" : "7848ee94-cc9b-40db-946f-a86ac73dc9b7", - "attributes" : { } - }, { - "id" : "e875775b-7a3e-4a5d-9e4e-376351b78626", - "name" : "view-identity-providers", - "description" : "${role_view-identity-providers}", - "composite" : false, - "clientRole" : true, - "containerId" : "7848ee94-cc9b-40db-946f-a86ac73dc9b7", - "attributes" : { } - }, { - "id" : "3dce7929-ee1f-40cd-9be1-7addcae92cef", - "name" : "manage-events", - "description" : "${role_manage-events}", - "composite" : false, - "clientRole" : true, - "containerId" : "7848ee94-cc9b-40db-946f-a86ac73dc9b7", - "attributes" : { } - } ], - "ocis-web" : [ ], - "security-admin-console" : [ ], - "e4rAsNUSIUs0lF4nbv9FmCeUkTlV9GdgTLDH1b5uie7syb90SzEVrbN7HIpmWJeD" : [ ], - "mxd5OQDk6es5LzOzRvidJNfXLUZS2oN3oUFeXPP8LpPrhx3UroJFduGEYIBOxkY1" : [ ], - "account-console" : [ ], - "broker" : [ { - "id" : "81fad68a-8dd8-4d79-9a8f-206a82460145", - "name" : "read-token", - "description" : "${role_read-token}", - "composite" : false, - "clientRole" : true, - "containerId" : "002faf0a-716c-4230-81c7-ce22d1eb832c", - "attributes" : { } - } ], - "xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69" : [ ], - "admin-cli" : [ ], - "oc10-web" : [ ], - "account" : [ { - "id" : "c49a49da-8ad0-44cb-b518-6d7d72cbe494", - "name" : "manage-account", - "description" : "${role_manage-account}", - "composite" : true, - "composites" : { - "client" : { - "account" : [ "manage-account-links" ] - } - }, - "clientRole" : true, - "containerId" : "9850adad-7910-4b67-a790-da6444361618", - "attributes" : { } - }, { - "id" : "9dc2244e-b8a7-44f1-b173-d2b929fedcca", - "name" : "view-consent", - "description" : "${role_view-consent}", - "composite" : false, - "clientRole" : true, - "containerId" : "9850adad-7910-4b67-a790-da6444361618", - "attributes" : { } - }, { - "id" : "ce115327-99c9-44d4-ba7d-820397dc11e6", - "name" : "manage-account-links", - "description" : "${role_manage-account-links}", - "composite" : false, - "clientRole" : true, - "containerId" : "9850adad-7910-4b67-a790-da6444361618", - "attributes" : { } - }, { - "id" : "8c45ca71-32aa-4547-932d-412da5e371ed", - "name" : "view-profile", - "description" : "${role_view-profile}", - "composite" : false, - "clientRole" : true, - "containerId" : "9850adad-7910-4b67-a790-da6444361618", - "attributes" : { } - }, { - "id" : "cbeecf6d-9af8-4746-877b-74800a894c35", - "name" : "view-applications", - "description" : "${role_view-applications}", - "composite" : false, - "clientRole" : true, - "containerId" : "9850adad-7910-4b67-a790-da6444361618", - "attributes" : { } - }, { - "id" : "ea798f64-b5f8-417f-9fe0-d3cd9172884f", - "name" : "delete-account", - "description" : "${role_delete-account}", - "composite" : false, - "clientRole" : true, - "containerId" : "9850adad-7910-4b67-a790-da6444361618", - "attributes" : { } - }, { - "id" : "e73aaf6d-e67b-491a-9cc3-78c32c82b42c", - "name" : "manage-consent", - "description" : "${role_manage-consent}", - "composite" : true, - "composites" : { - "client" : { - "account" : [ "view-consent" ] - } - }, - "clientRole" : true, - "containerId" : "9850adad-7910-4b67-a790-da6444361618", - "attributes" : { } - } ] - } - }, - "groups" : [ ], - "defaultRole" : { - "id" : "cec7efb8-43d8-48ec-b1a4-c6956bc11ba3", - "name" : "default-roles-ocis", - "description" : "${role_default-roles}", - "composite" : true, - "clientRole" : false, - "containerId" : "owncloud" - }, - "requiredCredentials" : [ "password" ], - "otpPolicyType" : "totp", - "otpPolicyAlgorithm" : "HmacSHA1", - "otpPolicyInitialCounter" : 0, - "otpPolicyDigits" : 6, - "otpPolicyLookAheadWindow" : 1, - "otpPolicyPeriod" : 30, - "otpSupportedApplications" : [ "FreeOTP", "Google Authenticator" ], - "webAuthnPolicyRpEntityName" : "keycloak", - "webAuthnPolicySignatureAlgorithms" : [ "ES256" ], - "webAuthnPolicyRpId" : "", - "webAuthnPolicyAttestationConveyancePreference" : "not specified", - "webAuthnPolicyAuthenticatorAttachment" : "not specified", - "webAuthnPolicyRequireResidentKey" : "not specified", - "webAuthnPolicyUserVerificationRequirement" : "not specified", - "webAuthnPolicyCreateTimeout" : 0, - "webAuthnPolicyAvoidSameAuthenticatorRegister" : false, - "webAuthnPolicyAcceptableAaguids" : [ ], - "webAuthnPolicyPasswordlessRpEntityName" : "keycloak", - "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ], - "webAuthnPolicyPasswordlessRpId" : "", - "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified", - "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified", - "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified", - "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified", - "webAuthnPolicyPasswordlessCreateTimeout" : 0, - "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false, - "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ], - "users" : [], - "clientScopeMappings" : { - "account" : [ { - "client" : "account-console", - "roles" : [ "manage-account" ] - } ] - }, - "clients" : [ { - "id" : "294b6cf4-b646-4f6c-bab2-616546ec3167", - "clientId" : "_system", - "name" : "_system", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "bde4651e-faf6-4390-b58e-3e9e8e623d57", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "9850adad-7910-4b67-a790-da6444361618", - "clientId" : "account", - "name" : "${client_account}", - "rootUrl" : "${authBaseUrl}", - "baseUrl" : "/realms/owncloud/account/", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "1f414d17-2751-4fde-af10-a7c2deb3261f", - "redirectUris" : [ "/realms/owncloud/account/*" ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ ], - "optionalClientScopes" : [ ] - }, { - "id" : "55bb4cdc-045b-422a-8830-61245949d6aa", - "clientId" : "account-console", - "name" : "${client_account-console}", - "rootUrl" : "${authBaseUrl}", - "baseUrl" : "/realms/owncloud/account/", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "f63c75e2-0902-4722-acd8-6a9e870be610", - "redirectUris" : [ "/realms/owncloud/account/*" ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "pkce.code.challenge.method" : "S256" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "protocolMappers" : [ { - "id" : "9bf413ed-402f-438d-a72c-033f3c45dab2", - "name" : "audience resolve", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-audience-resolve-mapper", - "consentRequired" : false, - "config" : { } - } ], - "defaultClientScopes" : [ ], - "optionalClientScopes" : [ ] - }, { - "id" : "2969b8ff-2ab3-4907-aaa7-091a7a627ccb", - "clientId" : "admin-cli", - "name" : "${client_admin-cli}", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "27a24954-b795-426e-ada4-96b1d5140997", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : false, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : true, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ ], - "optionalClientScopes" : [ ] - }, { - "id" : "002faf0a-716c-4230-81c7-ce22d1eb832c", - "clientId" : "broker", - "name" : "${client_broker}", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "d989c5d2-0d2c-4284-a761-62c9228dbc31", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ ], - "optionalClientScopes" : [ ] - }, { - "id" : "c8367556-1d13-4979-b4f6-5e2cff1f82ae", - "clientId" : "e4rAsNUSIUs0lF4nbv9FmCeUkTlV9GdgTLDH1b5uie7syb90SzEVrbN7HIpmWJeD", - "name" : "ownCloud Android app", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "dInFYGV33xKzhbRmpqQltYNdfLdJIfJ9L5ISoKhNoT9qZftpdWSP71VrpGR9pmoD", - "redirectUris" : [ "oc://android.owncloud.com" ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : true, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "saml.assertion.signature" : "false", - "saml.force.post.binding" : "false", - "saml.multivalued.roles" : "false", - "saml.encrypt" : "false", - "backchannel.logout.revoke.offline.tokens" : "false", - "saml.server.signature" : "false", - "saml.server.signature.keyinfo.ext" : "false", - "exclude.session.state.from.auth.response" : "false", - "backchannel.logout.session.required" : "true", - "client_credentials.use_refresh_token" : "false", - "saml_force_name_id_format" : "false", - "saml.client.signature" : "false", - "tls.client.certificate.bound.access.tokens" : "false", - "saml.authnstatement" : "false", - "display.on.consent.screen" : "false", - "saml.onetimeuse.condition" : "false" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : true, - "nodeReRegistrationTimeout" : -1, - "defaultClientScopes" : [ "web-origins", "profile", "roles", "owncloud", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "6ae0e3da-38ff-47a4-a76e-b59eec0a2de9", - "clientId" : "mxd5OQDk6es5LzOzRvidJNfXLUZS2oN3oUFeXPP8LpPrhx3UroJFduGEYIBOxkY1", - "name" : "ownCloud iOS app", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "KFeFWWEZO9TkisIQzR3fo7hfiMXlOpaqP8CFuTbSHzV1TUuGECglPxpiVKJfOXIx", - "redirectUris" : [ "oc://ios.owncloud.com" ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : true, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "saml.assertion.signature" : "false", - "saml.force.post.binding" : "false", - "saml.multivalued.roles" : "false", - "saml.encrypt" : "false", - "backchannel.logout.revoke.offline.tokens" : "false", - "saml.server.signature" : "false", - "saml.server.signature.keyinfo.ext" : "false", - "exclude.session.state.from.auth.response" : "false", - "backchannel.logout.session.required" : "true", - "client_credentials.use_refresh_token" : "false", - "saml_force_name_id_format" : "false", - "saml.client.signature" : "false", - "tls.client.certificate.bound.access.tokens" : "false", - "saml.authnstatement" : "false", - "display.on.consent.screen" : "false", - "saml.onetimeuse.condition" : "false" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : true, - "nodeReRegistrationTimeout" : -1, - "defaultClientScopes" : [ "web-origins", "profile", "roles", "owncloud", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "d7a10629-dba5-4fdb-8da6-3e6e88cc297b", - "clientId" : "oc10", - "rootUrl" : "https://cloud.owncloud.test", - "adminUrl" : "https://cloud.owncloud.test", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "oc10-oidc-secret", - "redirectUris" : [ "https://cloud.owncloud.test/*" ], - "webOrigins" : [ "https://cloud.owncloud.test" ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : true, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "saml.assertion.signature" : "false", - "id.token.as.detached.signature" : "false", - "saml.multivalued.roles" : "false", - "saml.force.post.binding" : "false", - "saml.encrypt" : "false", - "oauth2.device.authorization.grant.enabled" : "false", - "backchannel.logout.revoke.offline.tokens" : "false", - "saml.server.signature" : "false", - "saml.server.signature.keyinfo.ext" : "false", - "use.refresh.tokens" : "true", - "exclude.session.state.from.auth.response" : "false", - "oidc.ciba.grant.enabled" : "false", - "saml.artifact.binding" : "false", - "backchannel.logout.session.required" : "true", - "client_credentials.use_refresh_token" : "false", - "saml_force_name_id_format" : "false", - "saml.client.signature" : "false", - "tls.client.certificate.bound.access.tokens" : "false", - "saml.authnstatement" : "false", - "display.on.consent.screen" : "false", - "saml.onetimeuse.condition" : "false" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : true, - "nodeReRegistrationTimeout" : -1, - "defaultClientScopes" : [ "web-origins", "profile", "roles", "owncloud", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "c43eb0d3-c0e2-4af4-b45d-16aabddc1e44", - "clientId" : "oc10-web", - "rootUrl" : "https://cloud.owncloud.test", - "adminUrl" : "https://cloud.owncloud.test", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ "https://cloud.owncloud.test/*" ], - "webOrigins" : [ "https://cloud.owncloud.test" ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : true, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "saml.assertion.signature" : "false", - "id.token.as.detached.signature" : "false", - "saml.force.post.binding" : "false", - "saml.multivalued.roles" : "false", - "saml.encrypt" : "false", - "oauth2.device.authorization.grant.enabled" : "false", - "backchannel.logout.revoke.offline.tokens" : "false", - "saml.server.signature" : "false", - "saml.server.signature.keyinfo.ext" : "false", - "use.refresh.tokens" : "true", - "exclude.session.state.from.auth.response" : "false", - "oidc.ciba.grant.enabled" : "false", - "saml.artifact.binding" : "false", - "backchannel.logout.session.required" : "true", - "client_credentials.use_refresh_token" : "false", - "saml_force_name_id_format" : "false", - "saml.client.signature" : "false", - "tls.client.certificate.bound.access.tokens" : "false", - "saml.authnstatement" : "false", - "display.on.consent.screen" : "false", - "saml.onetimeuse.condition" : "false" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : true, - "nodeReRegistrationTimeout" : -1, - "defaultClientScopes" : [ "web-origins", "profile", "roles", "owncloud", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "54b18eca-cf79-4263-9db9-2d79f8a1c831", - "clientId" : "ocis-web", - "rootUrl" : "https://cloud.owncloud.test", - "adminUrl" : "https://cloud.owncloud.test", - "baseUrl" : "", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "9cbeb996-67a8-4ade-a86a-d2b2f3bc2568", - "redirectUris" : [ "https://cloud.owncloud.test/*" ], - "webOrigins" : [ "https://cloud.owncloud.test" ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : true, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "saml.assertion.signature" : "false", - "saml.force.post.binding" : "false", - "saml.multivalued.roles" : "false", - "saml.encrypt" : "false", - "backchannel.logout.revoke.offline.tokens" : "false", - "saml.server.signature" : "false", - "saml.server.signature.keyinfo.ext" : "false", - "exclude.session.state.from.auth.response" : "false", - "backchannel.logout.session.required" : "true", - "client_credentials.use_refresh_token" : "false", - "saml_force_name_id_format" : "false", - "saml.client.signature" : "false", - "tls.client.certificate.bound.access.tokens" : "false", - "saml.authnstatement" : "false", - "display.on.consent.screen" : "false", - "saml.onetimeuse.condition" : "false" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : true, - "nodeReRegistrationTimeout" : -1, - "defaultClientScopes" : [ "web-origins", "profile", "roles", "owncloud", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "7848ee94-cc9b-40db-946f-a86ac73dc9b7", - "clientId" : "realm-management", - "name" : "${client_realm-management}", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "81a35a01-a005-4a8b-9ebc-4b0f4b874731", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : true, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ ], - "optionalClientScopes" : [ ] - }, { - "id" : "97264f49-a8c1-4585-99b6-e706339c62f8", - "clientId" : "security-admin-console", - "name" : "${client_security-admin-console}", - "rootUrl" : "${authAdminUrl}", - "baseUrl" : "/admin/owncloud/console/", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "27ccdbd6-c1de-4f13-90f3-0461132f467d", - "redirectUris" : [ "/admin/owncloud/console/*" ], - "webOrigins" : [ "+" ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "pkce.code.challenge.method" : "S256" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "protocolMappers" : [ { - "id" : "96092024-21dd-4d31-a004-2c5b96031da3", - "name" : "locale", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "locale", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "locale", - "jsonType.label" : "String" - } - } ], - "defaultClientScopes" : [ ], - "optionalClientScopes" : [ ] - }, { - "id" : "fc7d8a8e-cb92-4cb0-b404-d723c07d8d4f", - "clientId" : "xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69", - "name" : "ownCloud desktop client", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "UBntmLjC2yYCeHwsyj73Uwo9TAaecAetRwMw0xYcvNL9yRdLSUi0hUAHfvCHFeFh", - "redirectUris" : [ "http://127.0.0.1:*", "http://localhost:*" ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : true, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "saml.assertion.signature" : "false", - "saml.force.post.binding" : "false", - "saml.multivalued.roles" : "false", - "saml.encrypt" : "false", - "backchannel.logout.revoke.offline.tokens" : "false", - "saml.server.signature" : "false", - "saml.server.signature.keyinfo.ext" : "false", - "exclude.session.state.from.auth.response" : "false", - "backchannel.logout.session.required" : "true", - "client_credentials.use_refresh_token" : "false", - "saml_force_name_id_format" : "false", - "saml.client.signature" : "false", - "tls.client.certificate.bound.access.tokens" : "false", - "saml.authnstatement" : "false", - "display.on.consent.screen" : "false", - "saml.onetimeuse.condition" : "false" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : true, - "nodeReRegistrationTimeout" : -1, - "defaultClientScopes" : [ "web-origins", "profile", "roles", "owncloud", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - } ], - "clientScopes" : [ { - "id" : "258e56a8-1eeb-49ea-957b-aff8df4656ba", - "name" : "email", - "description" : "OpenID Connect built-in scope: email", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${emailScopeConsentText}" - }, - "protocolMappers" : [ { - "id" : "068bcfb6-4a17-4c20-b083-ae542a7f76c8", - "name" : "email verified", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "emailVerified", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "email_verified", - "jsonType.label" : "boolean" - } - }, { - "id" : "c00d6c21-2fd1-435f-9ee9-87e011048cbe", - "name" : "email", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "email", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "email", - "jsonType.label" : "String" - } - } ] - }, { - "id" : "b3e1e47e-3912-4b55-ba89-b0198e767682", - "name" : "address", - "description" : "OpenID Connect built-in scope: address", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${addressScopeConsentText}" - }, - "protocolMappers" : [ { - "id" : "876baab9-39d1-4845-abb4-561a58aa152d", - "name" : "address", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-address-mapper", - "consentRequired" : false, - "config" : { - "user.attribute.formatted" : "formatted", - "user.attribute.country" : "country", - "user.attribute.postal_code" : "postal_code", - "userinfo.token.claim" : "true", - "user.attribute.street" : "street", - "id.token.claim" : "true", - "user.attribute.region" : "region", - "access.token.claim" : "true", - "user.attribute.locality" : "locality" - } - } ] - }, { - "id" : "9cae7ced-e7d9-4f7b-8e54-7402125f6ead", - "name" : "offline_access", - "description" : "OpenID Connect built-in scope: offline_access", - "protocol" : "openid-connect", - "attributes" : { - "consent.screen.text" : "${offlineAccessScopeConsentText}", - "display.on.consent.screen" : "true" - } - }, { - "id" : "8eb1f69b-b941-4185-bca1-f916953f7cf5", - "name" : "role_list", - "description" : "SAML role list", - "protocol" : "saml", - "attributes" : { - "consent.screen.text" : "${samlRoleListScopeConsentText}", - "display.on.consent.screen" : "true" - }, - "protocolMappers" : [ { - "id" : "fb587847-806f-4443-bab0-501efc0f0b46", - "name" : "role list", - "protocol" : "saml", - "protocolMapper" : "saml-role-list-mapper", - "consentRequired" : false, - "config" : { - "single" : "false", - "attribute.nameformat" : "Basic", - "attribute.name" : "Role" - } - } ] - }, { - "id" : "947da1ff-f614-48fc-9ecb-c98cbcfd3390", - "name" : "profile", - "description" : "OpenID Connect built-in scope: profile", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${profileScopeConsentText}" - }, - "protocolMappers" : [ { - "id" : "46fec552-2f92-408a-84cf-ba98bf8e35fd", - "name" : "family name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "lastName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "family_name", - "jsonType.label" : "String" - } - }, { - "id" : "c7ed5458-4d32-423e-8ea1-d112c45045d4", - "name" : "middle name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "middleName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "middle_name", - "jsonType.label" : "String" - } - }, { - "id" : "e18d1ce4-3969-4ec1-9941-a27fd7555245", - "name" : "picture", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "picture", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "picture", - "jsonType.label" : "String" - } - }, { - "id" : "dab85a5e-9af8-4fcd-88e4-9d3ae50dd5b6", - "name" : "locale", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "locale", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "locale", - "jsonType.label" : "String" - } - }, { - "id" : "7484f47e-3bb1-48d0-ba64-e8330dcefe6e", - "name" : "profile", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "profile", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "profile", - "jsonType.label" : "String" - } - }, { - "id" : "fcd00995-9693-4803-8f41-c84044be83ed", - "name" : "website", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "website", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "website", - "jsonType.label" : "String" - } - }, { - "id" : "f09e7268-5284-449b-849b-cf8225523584", - "name" : "full name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-full-name-mapper", - "consentRequired" : false, - "config" : { - "id.token.claim" : "true", - "access.token.claim" : "true", - "userinfo.token.claim" : "true" - } - }, { - "id" : "0317f4b3-3f7b-47ab-88d3-5d6f604d944d", - "name" : "nickname", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "nickname", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "nickname", - "jsonType.label" : "String" - } - }, { - "id" : "db81244c-e739-461b-8822-52ceaa11bdf4", - "name" : "updated at", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "updatedAt", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "updated_at", - "jsonType.label" : "String" - } - }, { - "id" : "c6a16bf9-9370-4dff-a718-be53131bb238", - "name" : "gender", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "gender", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "gender", - "jsonType.label" : "String" - } - }, { - "id" : "32d76647-b542-484c-9062-edc34eb350e0", - "name" : "birthdate", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "birthdate", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "birthdate", - "jsonType.label" : "String" - } - }, { - "id" : "ac6530db-6463-446b-99da-32d5298b5fa0", - "name" : "zoneinfo", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "zoneinfo", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "zoneinfo", - "jsonType.label" : "String" - } - }, { - "id" : "ed10983b-8700-415e-933e-226ce3f397a6", - "name" : "given name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "firstName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "given_name", - "jsonType.label" : "String" - } - }, { - "id" : "8205ccd0-1266-4060-b5df-3a6eb229d91e", - "name" : "username", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "username", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "preferred_username", - "jsonType.label" : "String" - } - } ] - }, { - "id" : "79713daf-89ca-4ed4-ad97-a88b13ee9a18", - "name" : "phone", - "description" : "OpenID Connect built-in scope: phone", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${phoneScopeConsentText}" - }, - "protocolMappers" : [ { - "id" : "b5f4f5ed-1008-42ba-8b3b-7d8851a2a680", - "name" : "phone number", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "phoneNumber", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "phone_number", - "jsonType.label" : "String" - } - }, { - "id" : "08a246f1-2b4c-4def-af5c-aefc31b4820d", - "name" : "phone number verified", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "phoneNumberVerified", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "phone_number_verified", - "jsonType.label" : "boolean" - } - } ] - }, { - "id" : "0c72b80b-28d5-48d8-b593-c99030aab58d", - "name" : "roles", - "description" : "OpenID Connect scope for add user roles to the access token", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "false", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${rolesScopeConsentText}" - }, - "protocolMappers" : [ { - "id" : "bc7f015e-329f-4e99-be6b-72382f4310c7", - "name" : "client roles", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-client-role-mapper", - "consentRequired" : false, - "config" : { - "user.attribute" : "foo", - "access.token.claim" : "true", - "claim.name" : "resource_access.${client_id}.roles", - "jsonType.label" : "String", - "multivalued" : "true" - } - }, { - "id" : "215f645f-ad0b-4523-9ece-f09f69ead5c4", - "name" : "audience resolve", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-audience-resolve-mapper", - "consentRequired" : false, - "config" : { } - }, { - "id" : "4a10b958-d34d-413a-b349-1415d02cdcde", - "name" : "realm roles", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-realm-role-mapper", - "consentRequired" : false, - "config" : { - "user.attribute" : "foo", - "access.token.claim" : "true", - "claim.name" : "realm_access.roles", - "jsonType.label" : "String", - "multivalued" : "true" - } - } ] - }, { - "id" : "6f3b9b42-acdd-4abf-93ef-d82dfe347374", - "name" : "owncloud", - "description" : "ownCloud scope", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true" - }, - "protocolMappers" : [ { - "id" : "a4998f18-cb81-43fe-9467-4e513fcca673", - "name" : "ownCloudSelector", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "ownCloudSelector", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "ocis\\.routing\\.policy", - "jsonType.label" : "String" - } - }, { - "id" : "702101f3-c85f-45d9-8b03-ec5db0caecc7", - "name" : "owncloudUUID", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "multivalued" : "false", - "user.attribute" : "owncloudUUID", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "ocis\\.user\\.uuid", - "jsonType.label" : "String" - } - } ] - }, { - "id" : "5ce87358-3bca-4874-a6f0-6dccae6209a8", - "name" : "web-origins", - "description" : "OpenID Connect scope for add allowed web origins to the access token", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "false", - "display.on.consent.screen" : "false", - "consent.screen.text" : "" - }, - "protocolMappers" : [ { - "id" : "bbd23c51-918d-4ea6-9ac0-db68b512fb0a", - "name" : "allowed web origins", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-allowed-origins-mapper", - "consentRequired" : false, - "config" : { } - } ] - }, { - "id" : "bdb3e320-76c8-4ad7-9d0f-a08efc060101", - "name" : "microprofile-jwt", - "description" : "Microprofile - JWT built-in scope", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "false" - }, - "protocolMappers" : [ { - "id" : "1d08316c-493b-42ab-afa3-66f621860661", - "name" : "groups", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-realm-role-mapper", - "consentRequired" : false, - "config" : { - "multivalued" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "foo", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "groups", - "jsonType.label" : "String" - } - }, { - "id" : "52061d2d-7a41-4f1d-ba1b-3c4a53e739e4", - "name" : "upn", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "username", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "upn", - "jsonType.label" : "String" - } - } ] - } ], - "defaultDefaultClientScopes" : [ "role_list", "profile", "email", "roles", "web-origins" ], - "defaultOptionalClientScopes" : [ "offline_access", "address", "phone", "microprofile-jwt" ], - "browserSecurityHeaders" : { - "contentSecurityPolicyReportOnly" : "", - "xContentTypeOptions" : "nosniff", - "xRobotsTag" : "none", - "xFrameOptions" : "SAMEORIGIN", - "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - "xXSSProtection" : "1; mode=block", - "strictTransportSecurity" : "max-age=31536000; includeSubDomains" - }, - "smtpServer" : { }, - "eventsEnabled" : false, - "eventsListeners" : [ "jboss-logging" ], - "enabledEventTypes" : [ ], - "adminEventsEnabled" : false, - "adminEventsDetailsEnabled" : false, - "identityProviders" : [ ], - "identityProviderMappers" : [ ], - "components" : { - "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ { - "id" : "4682fe74-f3a9-445a-a7ab-557fb532fe6b", - "name" : "Consent Required", - "providerId" : "consent-required", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { } - }, { - "id" : "c46009e5-c8b5-4051-bf7f-7b1481a9aa86", - "name" : "Max Clients Limit", - "providerId" : "max-clients", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "max-clients" : [ "200" ] - } - }, { - "id" : "43edf979-28d2-46c8-9f93-48b3de185570", - "name" : "Allowed Protocol Mapper Types", - "providerId" : "allowed-protocol-mappers", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "allowed-protocol-mapper-types" : [ "oidc-address-mapper", "saml-user-attribute-mapper", "saml-role-list-mapper", "oidc-usermodel-attribute-mapper", "saml-user-property-mapper", "oidc-usermodel-property-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-full-name-mapper" ] - } - }, { - "id" : "6fc7d765-7da8-4985-ba0b-e83827b04bd3", - "name" : "Allowed Client Scopes", - "providerId" : "allowed-client-templates", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "allow-default-scopes" : [ "true" ] - } - }, { - "id" : "5a9aef85-98a6-4e90-b30f-8aa715e1f5e6", - "name" : "Allowed Protocol Mapper Types", - "providerId" : "allowed-protocol-mappers", - "subType" : "authenticated", - "subComponents" : { }, - "config" : { - "allowed-protocol-mapper-types" : [ "oidc-sha256-pairwise-sub-mapper", "oidc-address-mapper", "saml-user-attribute-mapper", "saml-role-list-mapper", "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-full-name-mapper", "saml-user-property-mapper" ] - } - }, { - "id" : "e3eadb04-8862-4567-869c-a76485268159", - "name" : "Allowed Client Scopes", - "providerId" : "allowed-client-templates", - "subType" : "authenticated", - "subComponents" : { }, - "config" : { - "allow-default-scopes" : [ "true" ] - } - }, { - "id" : "c788e6bf-2f57-4a82-b32e-ac8d48a4f676", - "name" : "Full Scope Disabled", - "providerId" : "scope", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { } - } ], - "org.keycloak.storage.UserStorageProvider" : [ { - "id" : "8eeefe7e-b558-4175-ac32-0f39420e0297", - "name" : "openldap", - "providerId" : "ldap", - "subComponents" : { - "org.keycloak.storage.ldap.mappers.LDAPStorageMapper" : [ { - "id" : "bab3b411-f302-4904-a0b2-49a7bea51336", - "name" : "username", - "providerId" : "user-attribute-ldap-mapper", - "subComponents" : { }, - "config" : { - "ldap.attribute" : [ "uid" ], - "is.mandatory.in.ldap" : [ "true" ], - "always.read.value.from.ldap" : [ "false" ], - "read.only" : [ "true" ], - "user.model.attribute" : [ "username" ] - } - }, { - "id" : "2dcf821f-6ea8-4cf4-922a-555f73b00861", - "name" : "creation date", - "providerId" : "user-attribute-ldap-mapper", - "subComponents" : { }, - "config" : { - "ldap.attribute" : [ "createTimestamp" ], - "is.mandatory.in.ldap" : [ "false" ], - "read.only" : [ "true" ], - "always.read.value.from.ldap" : [ "true" ], - "user.model.attribute" : [ "createTimestamp" ] - } - }, { - "id" : "98525e6b-0ec0-49e6-96a7-9ec25fc3a896", - "name" : "modify date", - "providerId" : "user-attribute-ldap-mapper", - "subComponents" : { }, - "config" : { - "ldap.attribute" : [ "modifyTimestamp" ], - "is.mandatory.in.ldap" : [ "false" ], - "always.read.value.from.ldap" : [ "true" ], - "read.only" : [ "true" ], - "user.model.attribute" : [ "modifyTimestamp" ] - } - }, { - "id" : "9a89ddf8-6390-4d79-bc02-c498399cdead", - "name" : "first name", - "providerId" : "user-attribute-ldap-mapper", - "subComponents" : { }, - "config" : { - "ldap.attribute" : [ "givenName" ], - "is.mandatory.in.ldap" : [ "true" ], - "is.binary.attribute" : [ "false" ], - "always.read.value.from.ldap" : [ "true" ], - "read.only" : [ "true" ], - "user.model.attribute" : [ "firstName" ] - } - }, { - "id" : "7a8e65a6-3490-488e-9308-8ba7f70565fd", - "name" : "last name", - "providerId" : "user-attribute-ldap-mapper", - "subComponents" : { }, - "config" : { - "ldap.attribute" : [ "sn" ], - "is.mandatory.in.ldap" : [ "true" ], - "always.read.value.from.ldap" : [ "true" ], - "read.only" : [ "true" ], - "user.model.attribute" : [ "lastName" ] - } - }, { - "id" : "797d5476-61d0-41bc-9fcb-6412915918c6", - "name" : "email", - "providerId" : "user-attribute-ldap-mapper", - "subComponents" : { }, - "config" : { - "ldap.attribute" : [ "mail" ], - "is.mandatory.in.ldap" : [ "false" ], - "always.read.value.from.ldap" : [ "false" ], - "read.only" : [ "true" ], - "user.model.attribute" : [ "email" ] - } - }, { - "id" : "836ed908-8ebe-49bd-b12f-8cece55e3ab9", - "name" : "ownCloudSelector", - "providerId" : "user-attribute-ldap-mapper", - "subComponents" : { }, - "config" : { - "ldap.attribute" : [ "ownCloudSelector" ], - "is.mandatory.in.ldap" : [ "false" ], - "is.binary.attribute" : [ "false" ], - "read.only" : [ "true" ], - "always.read.value.from.ldap" : [ "true" ], - "user.model.attribute" : [ "ownCloudSelector" ] - } - }, { - "id" : "68de0cfd-68d1-48dd-9cdc-c5993ee2fdc0", - "name" : "id", - "providerId" : "user-attribute-ldap-mapper", - "subComponents" : { }, - "config" : { - "ldap.attribute" : [ "owncloudUUID" ], - "is.mandatory.in.ldap" : [ "false" ], - "is.binary.attribute" : [ "false" ], - "read.only" : [ "true" ], - "always.read.value.from.ldap" : [ "false" ], - "user.model.attribute" : [ "owncloudUUID" ] - } - } ] - }, - "config" : { - "pagination" : [ "true" ], - "fullSyncPeriod" : [ "60" ], - "connectionPooling" : [ "true" ], - "usersDn" : [ "ou=users,dc=owncloud,dc=com" ], - "cachePolicy" : [ "DEFAULT" ], - "useKerberosForPasswordAuthentication" : [ "false" ], - "importEnabled" : [ "true" ], - "enabled" : [ "true" ], - "changedSyncPeriod" : [ "60" ], - "bindCredential" : [ "ldap-bind-credential" ], - "bindDn" : [ "cn=admin,dc=owncloud,dc=com" ], - "usernameLDAPAttribute" : [ "uid" ], - "lastSync" : [ "1627039770" ], - "vendor" : [ "other" ], - "uuidLDAPAttribute" : [ "entryUUID" ], - "allowKerberosAuthentication" : [ "false" ], - "connectionUrl" : [ "ldap://openldap" ], - "syncRegistrations" : [ "false" ], - "authType" : [ "simple" ], - "customUserSearchFilter" : [ "(&(objectclass=inetOrgPerson)(objectClass=owncloud))" ], - "debug" : [ "false" ], - "searchScope" : [ "2" ], - "useTruststoreSpi" : [ "ldapsOnly" ], - "trustEmail" : [ "true" ], - "priority" : [ "0" ], - "userObjectClasses" : [ "inetOrgPerson, organizationalPerson" ], - "rdnLDAPAttribute" : [ "uid" ], - "editMode" : [ "READ_ONLY" ], - "validatePasswordPolicy" : [ "false" ], - "batchSizeForSync" : [ "1000" ] - } - } ], - "org.keycloak.keys.KeyProvider" : [ { - "id" : "0e3d0048-cb16-49c3-8a9a-05d83f0daeca", - "name" : "rsa-generated", - "providerId" : "rsa-generated", - "subComponents" : { }, - "config" : { - "privateKey" : [ "MIIEpAIBAAKCAQEAnmakcvYpYSHw5b+d9KRA3h3rZRvin749w7TveBHYQkgmWiKkiAtTVbV99CkXJPrgZtG+dB6LknnWKcojXYUzlRF/zm4vZ61beSt8ZXoafYPR91mfhkGjBdLdwS/LINaGyT/YNSztsz6fEdpo73NzVzLfDVx+8AHcZL05Tqtcb39vM/kVVPIdwKnxkka6y9cLa3d1QnK7A2LW4rnYaaK++19mYFMtWLl0kC2cGiSD9rtiJ9vNp3hvXXqLVE2z7cpe/LNfu50ISpNP/2XSh1WnPUfF1BJvd4H1knIU4yaMOiU3I2LCCAp97GIK+hLJJ+t0lFbCzTydiuWCb3mwjSxQ5wIDAQABAoIBADANQSviwxDFRBfeNiOlxEvdVbB5chk1k/UPqWmKOEl7K69CPRlMHj6s7QWphWzhcjueuyDstzh7H13UBUB0jP5WrafIwza3Xz111KnQDcMvvv1DQeJvfO3iVwUo430VtxPL+2G+PGmYwJag5B5nroCwXPvnqFZUqjAhOwZDc6oayhkc57oLLsawq0jbWueSQPCIgs4fiYrfxQfkY1a5UZw8jNR0+Mmi4HKGi5rf+z7BPF8LJMcBz3JyueTL4Lv8shzOVCZTWY+O1zq1bJL+neD9KpUlWlpuS5JcQe7jKMXzEJbvgc3pvPcWTf6WV458nGEHnPm8iNKSjA8Ot7rfW2ECgYEA55QyZ3nX5ZKPf9ozWStd94dIRj9cAmSyTG3xChT5SPCLsjXHIzfJf7bloEvz5XAEr/1w62ZjhRDC2YXCtxYqeuUyi4Ff/n8a1Lnirb2CNseHGI5FCYwec5CSHlYQ0YN8k2tu+435+kZT+sC+kwbBUxa3nNdjaPz3x79eq7hI65ECgYEArxrm+co462yZxL2eBuYvVvFQClgbz84sr35ijL+ofbWosezypnFlDii0SYKpOFc+h54lWjX5eCUoinL68WjauRPT5YnCCtN80t00Cfyb3Y5E5kKzLMaeG/o6dMdZsk29/rEdD6Lm8zoOJweiPewPKz4xCk9Ltbfm0bqxaFjsiPcCgYEA0TC063ZMSaxABo1ULyuWoaBJ8HMRqXPPAG2b/LB/k5z/hEdCERU25zCPc2LI+ixbf6LgmzSNl8lRSm+jOgJC82sRYqXG0j19PkaAdtOmydcpuUvjH0G8zEX/SHoUjT5KjVzSD1jsRGG9QNlWDbhfcLAnwv1qZo+FQKIlYdeBv5ECgYAHuA7gigqSTjpFEvrJYRJLKd4WZqXrNjKAFfkwLS63Q+/I0CIuNid3RVIVP35ILohiIBWTcXeq1TCBUepABBhIOliH8Net9H63KOsnWYxhaukcoWoWmjbUEubKyRLqKkUq2hHm4458wF1pWQvM4QAWLuqogrBatV2mdy1k5S6gJwKBgQC3IY2x11n4OOyPXu52znqRaQMExgwAPYWaze4wx7TFE+YHsmTde8yxpL95yYAf1bzHpD2I3s//U1EmW2n2IDUERueCJ9yka9kFK8LQyzj5sIjvNWOm/s2yysZNN2LUeIgc8A3tHCLtEJ1oVr3s1CiTkmKFgVnQ7HS8GhNY2qxq8g==" ], - "certificate" : [ "MIICxzCCAa8CBgF3TRRx/zANBgkqhkiG9w0BAQsFADAnMSUwIwYDVQQDDBxvd25DbG91ZCBJbmZpbml0ZSBTY2FsZSBUZXN0MB4XDTIxMDEyOTA3MzcwMVoXDTMxMDEyOTA3Mzg0MVowJzElMCMGA1UEAwwcb3duQ2xvdWQgSW5maW5pdGUgU2NhbGUgVGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ5mpHL2KWEh8OW/nfSkQN4d62Ub4p++PcO073gR2EJIJloipIgLU1W1ffQpFyT64GbRvnQei5J51inKI12FM5URf85uL2etW3krfGV6Gn2D0fdZn4ZBowXS3cEvyyDWhsk/2DUs7bM+nxHaaO9zc1cy3w1cfvAB3GS9OU6rXG9/bzP5FVTyHcCp8ZJGusvXC2t3dUJyuwNi1uK52GmivvtfZmBTLVi5dJAtnBokg/a7Yifbzad4b116i1RNs+3KXvyzX7udCEqTT/9l0odVpz1HxdQSb3eB9ZJyFOMmjDolNyNiwggKfexiCvoSySfrdJRWws08nYrlgm95sI0sUOcCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAQfVVpSE+n2E2ckp2DV9DvHYZckuHGtKx9/yP4QtkcN+A6lIDK8LsNpOmcwiepseO1C+ngekN1U9pfQ3HOLg32ft38H8CrZdY9SpmK2fWM3f+18UqZaZvr26FK+GSX4lqa+WoVqMkyW6RynS/drRp1sRRQnKKDuS5Pcu5U03v7wQU9t5h83Lexh3ZhCO5YRywQ9+clc1RtAmBMu/E8g6/CZWRIRbaEyKo2KcBV1uU3gLwlbkj8wv4BhCS7JHS/+jnQqVIXeIcD/z4u0RElJHcNtZ+d4sgby2Rd1+wbKes9gFrZoucq9ghdsOi4Q5WBN4ZcRhPrw0v2mhEc1ADCmxzjQ==" ], - "priority" : [ "100" ] - } - }, { - "id" : "f92ecf31-c3c7-4c3b-af20-839fc05bcf99", - "name" : "hmac-generated", - "providerId" : "hmac-generated", - "subComponents" : { }, - "config" : { - "kid" : [ "f1889839-fdb1-4c3a-98b6-13305f1b0f74" ], - "secret" : [ "UVX0V-qlIGdVswACK-jwOsjn7EV5Uc12drTs7XCegEIlXkjtg_m2VGg2rJZgg12wxjCXm69kpTZ8lmfGxiuZdw" ], - "priority" : [ "100" ], - "algorithm" : [ "HS256" ] - } - }, { - "id" : "992dcc80-dc41-4b00-bab8-6ec1c839f3a4", - "name" : "aes-generated", - "providerId" : "aes-generated", - "subComponents" : { }, - "config" : { - "kid" : [ "3fef4998-39b3-46d3-9803-c480f4105b0a" ], - "secret" : [ "ZHHvfx76H3grDuKPGRtxCw" ], - "priority" : [ "100" ] - } - } ] - }, - "internationalizationEnabled" : false, - "supportedLocales" : [ ], - "authenticationFlows" : [ { - "id" : "119765a0-fded-4f23-97a4-e17288561bc4", - "alias" : "Account verification options", - "description" : "Method with which to verity the existing account", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "idp-email-verification", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticatorFlow" : true, - "requirement" : "ALTERNATIVE", - "priority" : 20, - "flowAlias" : "Verify Existing Account by Re-authentication", - "userSetupAllowed" : false, - "autheticatorFlow" : true - } ] - }, { - "id" : "09cf953e-836f-4262-a0b4-7adf042fbff1", - "alias" : "Authentication Options", - "description" : "Authentication options.", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "basic-auth", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "basic-auth-otp", - "authenticatorFlow" : false, - "requirement" : "DISABLED", - "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "auth-spnego", - "authenticatorFlow" : false, - "requirement" : "DISABLED", - "priority" : 30, - "userSetupAllowed" : false, - "autheticatorFlow" : false - } ] - }, { - "id" : "75d42db9-3f2f-46c0-8c36-1eda77bd9724", - "alias" : "Browser - Conditional OTP", - "description" : "Flow to determine if the OTP is required for the authentication", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "auth-otp-form", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false - } ] - }, { - "id" : "896137f6-c466-4fd6-98d7-3b9957ad7f51", - "alias" : "Direct Grant - Conditional OTP", - "description" : "Flow to determine if the OTP is required for the authentication", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "direct-grant-validate-otp", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false - } ] - }, { - "id" : "621278bb-9a86-4bbc-a1b7-ec4aa2abcef2", - "alias" : "First broker login - Conditional OTP", - "description" : "Flow to determine if the OTP is required for the authentication", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "auth-otp-form", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false - } ] - }, { - "id" : "701dce46-ca08-464e-ac94-bae172c1b6ae", - "alias" : "Handle Existing Account", - "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "idp-confirm-link", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticatorFlow" : true, - "requirement" : "REQUIRED", - "priority" : 20, - "flowAlias" : "Account verification options", - "userSetupAllowed" : false, - "autheticatorFlow" : true - } ] - }, { - "id" : "f762984a-5a3c-46c2-8d2b-24bdf2fea99c", - "alias" : "Reset - Conditional OTP", - "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "reset-otp", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false - } ] - }, { - "id" : "9b41ec7d-4032-41e8-8a85-17762d3bb659", - "alias" : "User creation or linking", - "description" : "Flow for the existing/non-existing user alternatives", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticatorConfig" : "create unique user config", - "authenticator" : "idp-create-user-if-unique", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticatorFlow" : true, - "requirement" : "ALTERNATIVE", - "priority" : 20, - "flowAlias" : "Handle Existing Account", - "userSetupAllowed" : false, - "autheticatorFlow" : true - } ] - }, { - "id" : "e3e1597b-094d-49e5-a70a-509f58877407", - "alias" : "Verify Existing Account by Re-authentication", - "description" : "Reauthentication of existing account", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "idp-username-password-form", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticatorFlow" : true, - "requirement" : "CONDITIONAL", - "priority" : 20, - "flowAlias" : "First broker login - Conditional OTP", - "userSetupAllowed" : false, - "autheticatorFlow" : true - } ] - }, { - "id" : "72e113d4-5208-4878-9497-abb20b490f10", - "alias" : "browser", - "description" : "browser based authentication", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "auth-cookie", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "auth-spnego", - "authenticatorFlow" : false, - "requirement" : "DISABLED", - "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "identity-provider-redirector", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 25, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticatorFlow" : true, - "requirement" : "ALTERNATIVE", - "priority" : 30, - "flowAlias" : "forms", - "userSetupAllowed" : false, - "autheticatorFlow" : true - } ] - }, { - "id" : "499c08d4-a6f3-4224-884f-ecc267673f77", - "alias" : "clients", - "description" : "Base authentication for clients", - "providerId" : "client-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "client-secret", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "client-jwt", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "client-secret-jwt", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 30, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "client-x509", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 40, - "userSetupAllowed" : false, - "autheticatorFlow" : false - } ] - }, { - "id" : "06222772-bc31-48b1-a66b-788d38da3374", - "alias" : "direct grant", - "description" : "OpenID Connect Resource Owner Grant", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "direct-grant-validate-username", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "direct-grant-validate-password", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticatorFlow" : true, - "requirement" : "CONDITIONAL", - "priority" : 30, - "flowAlias" : "Direct Grant - Conditional OTP", - "userSetupAllowed" : false, - "autheticatorFlow" : true - } ] - }, { - "id" : "63eac825-2e35-4b6d-b2ca-0cc45f847cbe", - "alias" : "docker auth", - "description" : "Used by Docker clients to authenticate against the IDP", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "docker-http-basic-authenticator", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - } ] - }, { - "id" : "284eb009-07f4-43d6-84f5-b4f4b86f6f0c", - "alias" : "first broker login", - "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticatorConfig" : "review profile config", - "authenticator" : "idp-review-profile", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticatorFlow" : true, - "requirement" : "REQUIRED", - "priority" : 20, - "flowAlias" : "User creation or linking", - "userSetupAllowed" : false, - "autheticatorFlow" : true - } ] - }, { - "id" : "7b45327f-0d27-4d98-b761-c9743f374bdb", - "alias" : "forms", - "description" : "Username, password, otp and other auth forms.", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "auth-username-password-form", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticatorFlow" : true, - "requirement" : "CONDITIONAL", - "priority" : 20, - "flowAlias" : "Browser - Conditional OTP", - "userSetupAllowed" : false, - "autheticatorFlow" : true - } ] - }, { - "id" : "6387adf3-2635-4b42-804a-cb3f3526613f", - "alias" : "http challenge", - "description" : "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "no-cookie-redirect", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticatorFlow" : true, - "requirement" : "REQUIRED", - "priority" : 20, - "flowAlias" : "Authentication Options", - "userSetupAllowed" : false, - "autheticatorFlow" : true - } ] - }, { - "id" : "2b0a6071-c7cd-41e7-ba45-527e9d9fa8e2", - "alias" : "registration", - "description" : "registration flow", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "registration-page-form", - "authenticatorFlow" : true, - "requirement" : "REQUIRED", - "priority" : 10, - "flowAlias" : "registration form", - "userSetupAllowed" : false, - "autheticatorFlow" : true - } ] - }, { - "id" : "18b8a9aa-e6ee-4749-ad48-a9cdef9e1fe8", - "alias" : "registration form", - "description" : "registration form", - "providerId" : "form-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "registration-user-creation", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "registration-profile-action", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 40, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "registration-password-action", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 50, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "registration-recaptcha-action", - "authenticatorFlow" : false, - "requirement" : "DISABLED", - "priority" : 60, - "userSetupAllowed" : false, - "autheticatorFlow" : false - } ] - }, { - "id" : "4cbd03a6-cd4f-48d8-82d1-1076123e1484", - "alias" : "reset credentials", - "description" : "Reset credentials for a user if they forgot their password or something", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "reset-credentials-choose-user", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "reset-credential-email", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "reset-password", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 30, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticatorFlow" : true, - "requirement" : "CONDITIONAL", - "priority" : 40, - "flowAlias" : "Reset - Conditional OTP", - "userSetupAllowed" : false, - "autheticatorFlow" : true - } ] - }, { - "id" : "0b920743-39c0-43ab-9274-db65bdb3cbe2", - "alias" : "saml ecp", - "description" : "SAML ECP Profile Authentication Flow", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "http-basic-authenticator", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - } ] - } ], - "authenticatorConfig" : [ { - "id" : "c8a68b1e-8663-48ee-b9f6-e3c103ca9aa7", - "alias" : "create unique user config", - "config" : { - "require.password.update.after.registration" : "false" - } - }, { - "id" : "db9a414e-18c5-4226-813e-1fab5f89e200", - "alias" : "review profile config", - "config" : { - "update.profile.on.first.login" : "missing" - } - } ], - "requiredActions" : [ { - "alias" : "CONFIGURE_TOTP", - "name" : "Configure OTP", - "providerId" : "CONFIGURE_TOTP", - "enabled" : true, - "defaultAction" : false, - "priority" : 10, - "config" : { } - }, { - "alias" : "terms_and_conditions", - "name" : "Terms and Conditions", - "providerId" : "terms_and_conditions", - "enabled" : false, - "defaultAction" : false, - "priority" : 20, - "config" : { } - }, { - "alias" : "UPDATE_PASSWORD", - "name" : "Update Password", - "providerId" : "UPDATE_PASSWORD", - "enabled" : true, - "defaultAction" : false, - "priority" : 30, - "config" : { } - }, { - "alias" : "UPDATE_PROFILE", - "name" : "Update Profile", - "providerId" : "UPDATE_PROFILE", - "enabled" : true, - "defaultAction" : false, - "priority" : 40, - "config" : { } - }, { - "alias" : "VERIFY_EMAIL", - "name" : "Verify Email", - "providerId" : "VERIFY_EMAIL", - "enabled" : true, - "defaultAction" : false, - "priority" : 50, - "config" : { } - }, { - "alias" : "delete_account", - "name" : "Delete Account", - "providerId" : "delete_account", - "enabled" : false, - "defaultAction" : false, - "priority" : 60, - "config" : { } - }, { - "alias" : "update_user_locale", - "name" : "Update User Locale", - "providerId" : "update_user_locale", - "enabled" : true, - "defaultAction" : false, - "priority" : 1000, - "config" : { } - } ], - "browserFlow" : "browser", - "registrationFlow" : "registration", - "directGrantFlow" : "direct grant", - "resetCredentialsFlow" : "reset credentials", - "clientAuthenticationFlow" : "clients", - "dockerAuthenticationFlow" : "docker auth", - "attributes" : { - "cibaBackchannelTokenDeliveryMode" : "poll", - "cibaExpiresIn" : "120", - "cibaAuthRequestedUserHint" : "login_hint", - "oauth2DeviceCodeLifespan" : "600", - "clientOfflineSessionMaxLifespan" : "0", - "oauth2DevicePollingInterval" : "5", - "clientSessionIdleTimeout" : "0", - "clientSessionMaxLifespan" : "0", - "clientOfflineSessionIdleTimeout" : "0", - "cibaInterval" : "5" - }, - "keycloakVersion" : "14.0.0", - "userManagedAccessAllowed" : false, - "clientProfiles" : { - "profiles" : [ ] - }, - "clientPolicies" : { - "policies" : [ ] - } -} diff --git a/deployments/examples/oc10_ocis_parallel/config/ldap/ldif/10_owncloud_schema.ldif b/deployments/examples/oc10_ocis_parallel/config/ldap/ldif/10_owncloud_schema.ldif deleted file mode 100644 index 595707b056..0000000000 --- a/deployments/examples/oc10_ocis_parallel/config/ldap/ldif/10_owncloud_schema.ldif +++ /dev/null @@ -1,32 +0,0 @@ -# This LDIF files describes the ownCloud schema -dn: cn=owncloud,cn=schema,cn=config -objectClass: olcSchemaConfig -cn: owncloud -olcObjectIdentifier: ownCloudOid 1.3.6.1.4.1.39430 -olcAttributeTypes: ( ownCloudOid:1.1.2 NAME 'ownCloudUUID' - DESC 'A non-reassignable and persistent account ID)' - EQUALITY uuidMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.1.16.1 SINGLE-VALUE ) -olcAttributeTypes: ( ownCloudOid:1.1.3 NAME 'oCExternalIdentity' - DESC 'A triple separated by "$" representing the objectIdentity resource type of the Graph API ( signInType $ issuer $ issuerAssignedId )' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) -olcAttributeTypes: ( ownCloudOid:1.1.4 NAME 'ownCloudUserEnabled' - DESC 'A boolean value indicating if ownCloudUser is enabled' - EQUALITY booleanMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE) -olcAttributeTypes: ( ownCloudOid:1.1.5 NAME 'ownCloudUserType' - DESC 'User type (e.g. Member or Guest)' - EQUALITY caseIgnoreMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) -olcObjectClasses: ( ownCloudOid:1.2.1 NAME 'ownCloud' - DESC 'ownCloud LDAP Schema' - AUXILIARY - MAY ( ownCloudUUID ) ) -olcObjectClasses: ( ownCloudOid:1.2.2 NAME 'ownCloudUser' - DESC 'ownCloud User LDAP Schema' - SUP ownCloud - AUXILIARY - MAY ( ocExternalIdentity $ ownCloudUserEnabled $ ownCloudUserType ) ) diff --git a/deployments/examples/oc10_ocis_parallel/config/ldap/ldif/20_users.ldif b/deployments/examples/oc10_ocis_parallel/config/ldap/ldif/20_users.ldif deleted file mode 100644 index ceca5125cb..0000000000 --- a/deployments/examples/oc10_ocis_parallel/config/ldap/ldif/20_users.ldif +++ /dev/null @@ -1,109 +0,0 @@ -dn: ou=users,dc=owncloud,dc=com -objectClass: organizationalUnit -ou: users - -# Start dn with uid (user identifier / login), not cn (Firstname + Surname) -dn: uid=einstein,ou=users,dc=owncloud,dc=com -objectClass: inetOrgPerson -objectClass: organizationalPerson -objectClass: ownCloud -objectClass: person -objectClass: posixAccount -objectClass: top -uid: einstein -givenName: Albert -sn: Einstein -cn: einstein -displayName: Albert Einstein -description: A German-born theoretical physicist who developed the theory of relativity, one of the two pillars of modern physics (alongside quantum mechanics). -mail: einstein@example.org -uidNumber: 20000 -gidNumber: 30000 -homeDirectory: /home/einstein -ownCloudUUID:: NGM1MTBhZGEtYzg2Yi00ODE1LTg4MjAtNDJjZGY4MmMzZDUx -userPassword:: e1NTSEF9TXJEcXpFNGdKbXZxbVRVTGhvWEZ1VzJBbkV3NWFLK3J3WTIvbHc9PQ== -ownCloudSelector: ocis - -dn: uid=marie,ou=users,dc=owncloud,dc=com -objectClass: inetOrgPerson -objectClass: organizationalPerson -objectClass: ownCloud -objectClass: person -objectClass: posixAccount -objectClass: top -uid: marie -givenName: Marie -sn: Curie -cn: marie -displayName: Marie Skłodowska Curie -description: A Polish and naturalized-French physicist and chemist who conducted pioneering research on radioactivity. -mail: marie@example.org -uidNumber: 20001 -gidNumber: 30000 -homeDirectory: /home/marie -ownCloudUUID:: ZjdmYmY4YzgtMTM5Yi00Mzc2LWIzMDctY2YwYThjMmQwZDlj -userPassword:: e1NTSEF9UmFvQWs3TU9jRHBIUWY3bXN3MGhHNnVraFZQWnRIRlhOSUNNZEE9PQ== -ownCloudSelector: oc10 - -dn: uid=richard,ou=users,dc=owncloud,dc=com -objectClass: inetOrgPerson -objectClass: organizationalPerson -objectClass: ownCloud -objectClass: person -objectClass: posixAccount -objectClass: top -uid: richard -givenName: Richard -sn: Feynman -cn: richard -displayName: Richard Phillips Feynman -description: An American theoretical physicist, known for his work in the path integral formulation of quantum mechanics, the theory of quantum electrodynamics, the physics of the superfluidity of supercooled liquid helium, as well as his work in particle physics for which he proposed the parton model. -mail: richard@example.org -uidNumber: 20002 -gidNumber: 30000 -homeDirectory: /home/richard -ownCloudUUID:: OTMyYjQ1NDAtOGQxNi00ODFlLThlZjQtNTg4ZTRiNmIxNTFj -userPassword:: e1NTSEF9Z05LZTRreHdmOGRUREY5eHlhSmpySTZ3MGxSVUM1d1RGcWROTVE9PQ== -ownCloudSelector: ocis - -dn: uid=moss,ou=users,dc=owncloud,dc=com -objectClass: inetOrgPerson -objectClass: organizationalPerson -objectClass: ownCloud -objectClass: person -objectClass: posixAccount -objectClass: top -uid: moss -givenName: Maurice -sn: Moss -cn: moss -displayName: Maurice Moss -description: A worker in the IT Department of Reynholm Industries. Of all the working staff in the IT Department, he is the most hard-working, the most experienced, and the most capable of doing his job well. He puts a lot of effort into his work, however he does not get the credit he deserves. -mail: moss@example.org -uidNumber: 20003 -gidNumber: 30000 -homeDirectory: /home/moss -ownCloudUUID:: MDU4YmZmOTUtNjcwOC00ZmU1LTkxZTQtOWVhM2QzNzc1ODhi -userPassword:: e1NTSEF9N0hEdTRoMkFDVExFWWt4U0RtSDZVQjhmUlpKRExDZDc= -ownCloudSelector: ocis - -dn: uid=admin,ou=users,dc=owncloud,dc=com -objectClass: inetOrgPerson -objectClass: organizationalPerson -objectClass: ownCloud -objectClass: person -objectClass: posixAccount -objectClass: top -uid: admin -givenName: Admin -sn: Admin -cn: admin -displayName: Admin -description: An admin for this oCIS instance. -mail: admin@example.org -uidNumber: 20004 -gidNumber: 30000 -homeDirectory: /home/admin -ownCloudUUID:: ZGRjMjAwNGMtMDk3Ny0xMWViLTlkM2YtYTc5Mzg4OGNkMGY4 -userPassword:: e1NTSEF9UWhmaFB3dERydTUydURoWFFObDRMbzVIckI3TkI5Nmo= -ownCloudSelector: oc10 diff --git a/deployments/examples/oc10_ocis_parallel/config/ldap/ldif/30_groups.ldif b/deployments/examples/oc10_ocis_parallel/config/ldap/ldif/30_groups.ldif deleted file mode 100644 index a43edf133d..0000000000 --- a/deployments/examples/oc10_ocis_parallel/config/ldap/ldif/30_groups.ldif +++ /dev/null @@ -1,81 +0,0 @@ -dn: ou=groups,dc=owncloud,dc=com -objectClass: organizationalUnit -ou: groups - -dn: cn=users,ou=groups,dc=owncloud,dc=com -objectClass: groupOfNames -objectClass: ownCloud -objectClass: top -cn: users -description: Users -ownCloudUUID:: NTA5YTlkY2QtYmIzNy00ZjRmLWEwMWEtMTlkY2EyN2Q5Y2Zh -member: uid=einstein,ou=users,dc=owncloud,dc=com -member: uid=marie,ou=users,dc=owncloud,dc=com -member: uid=richard,ou=users,dc=owncloud,dc=com -member: uid=moss,ou=users,dc=owncloud,dc=com -member: uid=admin,ou=users,dc=owncloud,dc=com - -dn: cn=sailing-lovers,ou=groups,dc=owncloud,dc=com -objectClass: groupOfNames -objectClass: ownCloud -objectClass: top -cn: sailing-lovers -description: Sailing lovers -ownCloudUUID:: NjA0MGFhMTctOWM2NC00ZmVmLTliZDAtNzcyMzRkNzFiYWQw -member: uid=einstein,ou=users,dc=owncloud,dc=com - -dn: cn=violin-haters,ou=groups,dc=owncloud,dc=com -objectClass: groupOfNames -objectClass: ownCloud -objectClass: top -cn: violin-haters -description: Violin haters -ownCloudUUID:: ZGQ1OGU1ZWMtODQyZS00OThiLTg4MDAtNjFmMmVjNmY5MTFm -member: uid=einstein,ou=users,dc=owncloud,dc=com - -dn: cn=radium-lovers,ou=groups,dc=owncloud,dc=com -objectClass: groupOfNames -objectClass: ownCloud -objectClass: top -cn: radium-lovers -description: Radium lovers -ownCloudUUID:: N2I4N2ZkNDktMjg2ZS00YTVmLWJhZmQtYzUzNWQ1ZGQ5OTdh -member: uid=marie,ou=users,dc=owncloud,dc=com - -dn: cn=polonium-lovers,ou=groups,dc=owncloud,dc=com -objectClass: groupOfNames -objectClass: ownCloud -objectClass: top -cn: polonium-lovers -description: Polonium lovers -ownCloudUUID:: Y2VkYzIxYWEtNDA3Mi00NjE0LTg2NzYtZmE5MTY1ZjU5OGZm -member: uid=marie,ou=users,dc=owncloud,dc=com - -dn: cn=quantum-lovers,ou=groups,dc=owncloud,dc=com -objectClass: groupOfNames -objectClass: ownCloud -objectClass: top -cn: quantum-lovers -description: Quantum lovers -ownCloudUUID:: YTE3MjYxMDgtMDFmOC00YzMwLTg4ZGYtMmIxYTlkMWNiYTFh -member: uid=richard,ou=users,dc=owncloud,dc=com - -dn: cn=philosophy-haters,ou=groups,dc=owncloud,dc=com -objectClass: groupOfNames -objectClass: ownCloud -objectClass: top -cn: philosophy-haters -description: Philosophy haters -ownCloudUUID:: MTY3Y2JlZTItMDUxOC00NTVhLWJmYjItMDMxZmUwNjIxZTVk -member: uid=richard,ou=users,dc=owncloud,dc=com - -dn: cn=physics-lovers,ou=groups,dc=owncloud,dc=com -objectClass: groupOfNames -objectClass: ownCloud -objectClass: top -cn: physics-lovers -description: Physics lovers -ownCloudUUID:: MjYyOTgyYzEtMjM2Mi00YWZhLWJmZGYtOGNiZmVmNjRhMDZl -member: uid=einstein,ou=users,dc=owncloud,dc=com -member: uid=marie,ou=users,dc=owncloud,dc=com -member: uid=richard,ou=users,dc=owncloud,dc=com diff --git a/deployments/examples/oc10_ocis_parallel/config/oc10/10-custom-config.sh b/deployments/examples/oc10_ocis_parallel/config/oc10/10-custom-config.sh deleted file mode 100755 index d930c64b36..0000000000 --- a/deployments/examples/oc10_ocis_parallel/config/oc10/10-custom-config.sh +++ /dev/null @@ -1,40 +0,0 @@ -#!/usr/bin/env bash -echo "Writing custom config files..." - -# openidconnect -gomplate \ - -f /etc/templates/oidc.config.php \ - -o ${OWNCLOUD_VOLUME_CONFIG}/oidc.config.php - -# we need at least version 2.1.0 of the openidconnect app -occ market:upgrade --major openidconnect -occ app:enable openidconnect - -# user LDAP -gomplate \ - -f /etc/templates/ldap-config.tmpl.json \ - -o ${OWNCLOUD_VOLUME_CONFIG}/ldap-config.json - -CONFIG=$(cat ${OWNCLOUD_VOLUME_CONFIG}/ldap-config.json) -occ config:import <<< $CONFIG - -occ ldap:test-config "s01" -occ app:enable user_ldap -/bin/bash -c 'occ user:sync "OCA\User_LDAP\User_Proxy" -r -m remove' - -cp /tmp/ldap-sync-cron /etc/cron.d -chown root:root /etc/cron.d/ldap-sync-cron - -# ownCloud Web -gomplate \ - -f /etc/templates/web.config.php \ - -o ${OWNCLOUD_VOLUME_CONFIG}/web.config.php - -gomplate \ - -f /etc/templates/web-config.tmpl.json \ - -o ${OWNCLOUD_VOLUME_CONFIG}/config.json - -occ market:upgrade --major web -occ app:enable web - -true diff --git a/deployments/examples/oc10_ocis_parallel/config/oc10/11-testing-app.sh b/deployments/examples/oc10_ocis_parallel/config/oc10/11-testing-app.sh deleted file mode 100755 index 31bd5cc621..0000000000 --- a/deployments/examples/oc10_ocis_parallel/config/oc10/11-testing-app.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/usr/bin/env bash - -# enable testing app -echo "Cloning and enabling testing app..." -git clone --depth 1 https://github.com/owncloud/testing.git /var/www/owncloud/apps/testing -occ app:enable testing - -true diff --git a/deployments/examples/oc10_ocis_parallel/config/oc10/ldap-config.tmpl.json b/deployments/examples/oc10_ocis_parallel/config/oc10/ldap-config.tmpl.json deleted file mode 100755 index 7df70428db..0000000000 --- a/deployments/examples/oc10_ocis_parallel/config/oc10/ldap-config.tmpl.json +++ /dev/null @@ -1,53 +0,0 @@ -{ - "apps": { - "user_ldap": { - "s01has_memberof_filter_support": "0", - "s01home_folder_naming_rule": "", - "s01last_jpegPhoto_lookup": "0", - "s01ldap_agent_password": "{{ .Env.STORAGE_LDAP_BIND_PASSWORD | base64.Encode }}", - "s01ldap_attributes_for_group_search": "", - "s01ldap_attributes_for_user_search": "{{ .Env.LDAP_USERATTRIBUTEFILTERS }}", - "s01ldap_backup_host": "", - "s01ldap_backup_port": "", - "s01ldap_base_groups": "{{ .Env.LDAP_BASE_DN }}", - "s01ldap_base_users": "{{ .Env.LDAP_BASE_DN }}", - "s01ldap_base": "{{ .Env.LDAP_BASE_DN }}", - "s01ldap_cache_ttl": "60", - "s01ldap_configuration_active": "1", - "s01ldap_display_name": "{{ .Env.LDAP_USER_SCHEMA_DISPLAYNAME }}", - "s01ldap_dn": "{{ .Env.STORAGE_LDAP_BIND_DN }}", - "s01ldap_dynamic_group_member_url": "", - "s01ldap_email_attr": "{{ .Env.LDAP_USER_SCHEMA_MAIL }}", - "s01ldap_experienced_admin": "1", - "s01ldap_expert_username_attr": "{{ .Env.LDAP_USER_SCHEMA_NAME_ATTR }}", - "s01ldap_expert_uuid_group_attr": "", - "s01ldap_expert_uuid_user_attr": "{{ .Env.LDAP_USER_SCHEMA_UID }}", - "s01ldap_group_display_name": "{{ .Env.LDAP_GROUP_SCHEMA_DISPLAYNAME }}", - "s01ldap_group_filter_mode": "0", - "s01ldap_group_filter": "{{ .Env.LDAP_GROUP_FILTER }}", - "s01ldap_group_member_assoc_attribute": "{{ .Env.LDAP_GROUP_MEMBER_ASSOC_ATTR }}", - "s01ldap_groupfilter_groups": "", - "s01ldap_groupfilter_objectclass": "", - "s01ldap_host": "{{ .Env.LDAP_HOST }}", - "s01ldap_login_filter_mode": "0", - "s01ldap_login_filter": "{{ .Env.LDAP_LOGINFILTER }}", - "s01ldap_loginfilter_attributes": "", - "s01ldap_loginfilter_email": "1", - "s01ldap_loginfilter_username": "1", - "s01ldap_nested_groups": "0", - "s01ldap_override_main_server": "", - "s01ldap_paging_size": "100", - "s01ldap_port": "{{ .Env.LDAP_PORT }}", - "s01ldap_quota_attr": "", - "s01ldap_quota_def": "", - "s01ldap_tls": "0", - "s01ldap_turn_off_cert_check": "0", - "s01ldap_user_display_name_2": "", - "s01ldap_user_filter_mode": "0", - "s01ldap_userfilter_groups": "", - "s01ldap_userfilter_objectclass": "", - "s01ldap_userlist_filter": "{{ .Env.LDAP_USER_FILTER }}", - "s01use_memberof_to_detect_membership": "1" - } - } -} diff --git a/deployments/examples/oc10_ocis_parallel/config/oc10/ldap-sync-cron b/deployments/examples/oc10_ocis_parallel/config/oc10/ldap-sync-cron deleted file mode 100644 index 19d70b872a..0000000000 --- a/deployments/examples/oc10_ocis_parallel/config/oc10/ldap-sync-cron +++ /dev/null @@ -1 +0,0 @@ -*/1 * * * * www-data /bin/bash -c 'occ user:sync "OCA\User_LDAP\User_Proxy" -r -m remove' diff --git a/deployments/examples/oc10_ocis_parallel/config/oc10/oidc.config.php b/deployments/examples/oc10_ocis_parallel/config/oc10/oidc.config.php deleted file mode 100644 index 5de9f9d3e6..0000000000 --- a/deployments/examples/oc10_ocis_parallel/config/oc10/oidc.config.php +++ /dev/null @@ -1,22 +0,0 @@ - [ - 'provider-url' => getenv('IDP_OIDC_ISSUER'), - 'client-id' => 'oc10', - 'client-secret' => getenv('IDP_OIDC_CLIENT_SECRET'), - 'loginButtonName' => 'OpenId Connect', - 'search-attribute' => 'preferred_username', - 'mode' => 'userid', - 'autoRedirectOnLoginPage' => true, - 'insecure' => true, - 'post_logout_redirect_uri' => 'https://' . getenv('CLOUD_DOMAIN'), - ], - ]; - return $config; -} - -$CONFIG = getOIDCConfigFromEnv(); diff --git a/deployments/examples/oc10_ocis_parallel/config/oc10/web-config.tmpl.json b/deployments/examples/oc10_ocis_parallel/config/oc10/web-config.tmpl.json deleted file mode 100644 index 2022239d22..0000000000 --- a/deployments/examples/oc10_ocis_parallel/config/oc10/web-config.tmpl.json +++ /dev/null @@ -1,35 +0,0 @@ -{ - "server": "https://{{ .Env.CLOUD_DOMAIN }}", - "theme": "owncloud", - "openIdConnect": { - "metadata_url": "{{ .Env.IDP_OIDC_ISSUER }}/.well-known/openid-configuration", - "authority": "{{ .Env.IDP_OIDC_ISSUER }}", - "client_id": "oc10-web", - "response_type": "code", - "scope": "openid profile email" - }, - "apps": ["files", "media-viewer", "search"], - "applications": [ - { - "icon": "switch_ui", - "target": "_self", - "title": { - "en": "Classic Design", - "de": "Dateien", - "fr": "Fichiers", - "zh_CN": "文件" - }, - "url": "https://{{ .Env.CLOUD_DOMAIN }}/index.php/apps/files" - }, - { - "icon": "application", - "menu": "user", - "target": "_self", - "title": { - "de": "Einstellungen", - "en": "Settings" - }, - "url": "https://{{ .Env.CLOUD_DOMAIN }}/index.php/settings/personal" - } - ] -} diff --git a/deployments/examples/oc10_ocis_parallel/config/oc10/web.config.php b/deployments/examples/oc10_ocis_parallel/config/oc10/web.config.php deleted file mode 100644 index 484a01d16e..0000000000 --- a/deployments/examples/oc10_ocis_parallel/config/oc10/web.config.php +++ /dev/null @@ -1,14 +0,0 @@ - 'https://' . getenv('CLOUD_DOMAIN') . '/index.php/apps/web', - 'web.rewriteLinks' => getenv('OWNCLOUD_WEB_REWRITE_LINKS') == 'true', - - ]; - return $config; -} - -$CONFIG = getWebConfigFromEnv(); diff --git a/deployments/examples/oc10_ocis_parallel/config/ocis/proxy.yaml b/deployments/examples/oc10_ocis_parallel/config/ocis/proxy.yaml deleted file mode 100755 index 40f74e8900..0000000000 --- a/deployments/examples/oc10_ocis_parallel/config/ocis/proxy.yaml +++ /dev/null @@ -1,61 +0,0 @@ ---- -policy_selector: - claims: - default_policy: oc10 - unauthenticated_policy: oc10 -policies: - - name: ocis - routes: - - endpoint: / - backend: http://localhost:9100 - - endpoint: /.well-known/ - backend: http://localhost:9130 - - endpoint: /konnect/ - backend: http://localhost:9130 - - endpoint: /signin/ - backend: http://localhost:9130 - - endpoint: /archiver - backend: http://localhost:9140 - - type: regex - endpoint: /ocs/v[12].php/cloud/user/signing-key - backend: http://localhost:9110 - - endpoint: /ocs/ - backend: http://localhost:9140 - - type: query - endpoint: /remote.php/?preview=1 - backend: http://localhost:9115 - - method: REPORT - endpoint: /remote.php/dav/ - backend: http://localhost:9115 - - type: query - endpoint: /dav/?preview=1 - backend: http://localhost:9115 - - type: query - endpoint: /webdav/?preview=1 - backend: http://localhost:9115 - - endpoint: /remote.php/ - service: eu.opencloud.web.ocdav - - endpoint: /dav/ - service: eu.opencloud.web.ocdav - - endpoint: /webdav/ - service: eu.opencloud.web.ocdav - - endpoint: /status.php - service: eu.opencloud.web.ocdav - - endpoint: /index.php/ - service: eu.opencloud.web.ocdav - - endpoint: /apps/ - service: eu.opencloud.web.ocdav - - endpoint: /data - backend: http://localhost:9140 - - endpoint: /app/ - backend: http://localhost:9140 - - endpoint: /graph/ - backend: http://localhost:9120 - - endpoint: /api/v0/settings - backend: http://localhost:9190 - - name: oc10 - routes: - - endpoint: "/" - backend: http://oc10:8080 - - endpoint: "/data" - backend: http://localhost:9140 diff --git a/deployments/examples/oc10_ocis_parallel/docker-compose.yml b/deployments/examples/oc10_ocis_parallel/docker-compose.yml deleted file mode 100644 index f0a09c2a2e..0000000000 --- a/deployments/examples/oc10_ocis_parallel/docker-compose.yml +++ /dev/null @@ -1,345 +0,0 @@ ---- -version: "3.7" - -services: - traefik: - image: traefik:v2.9.1 - networks: - ocis-net: - aliases: - - ${CLOUD_DOMAIN:-cloud.owncloud.test} - - ${KEYCLOAK_DOMAIN:-keycloak.owncloud.test} - command: - - "--log.level=${TRAEFIK_LOG_LEVEL:-ERROR}" - # letsencrypt configuration - - "--certificatesResolvers.http.acme.email=${TRAEFIK_ACME_MAIL:-example@example.org}" - - "--certificatesResolvers.http.acme.storage=/certs/acme.json" - - "--certificatesResolvers.http.acme.httpChallenge.entryPoint=http" - # enable dashboard - - "--api.dashboard=true" - # define entrypoints - - "--entryPoints.http.address=:80" - - "--entryPoints.http.http.redirections.entryPoint.to=https" - - "--entryPoints.http.http.redirections.entryPoint.scheme=https" - - "--entryPoints.https.address=:443" - # docker provider (get configuration from container labels) - - "--providers.docker.endpoint=unix:///var/run/docker.sock" - - "--providers.docker.exposedByDefault=false" - # access log - - "--accessLog=true" - - "--accessLog.format=json" - - "--accessLog.fields.headers.names.X-Request-Id=keep" - ports: - - "80:80" - - "443:443" - volumes: - - "/var/run/docker.sock:/var/run/docker.sock:ro" - - "certs:/certs" - labels: - - "traefik.enable=${TRAEFIK_DASHBOARD:-false}" - - "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_BASIC_AUTH_USERS:-admin:$$apr1$$4vqie50r$$YQAmQdtmz5n9rEALhxJ4l.}" # defaults to admin:admin - - "traefik.http.routers.traefik.entrypoints=https" - - "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)" - - "traefik.http.routers.traefik.middlewares=traefik-auth" - - "traefik.http.routers.traefik.tls.certresolver=http" - - "traefik.http.routers.traefik.service=api@internal" - logging: - driver: "local" - restart: always - - ocis-init-volumes: - image: busybox - entrypoint: - - /bin/sh - # prepare the oCIS config volume for oCIS - command: ["-c", "chown -R 33:33 /etc/ocis /var/lib/ocis"] - volumes: - - ocis-config:/etc/ocis - - ocis-data:/var/lib/ocis - - ocis: - image: owncloud/ocis:${OC_DOCKER_TAG:-latest} - networks: - ocis-net: - user: "33:33" # equals the user "www-data" for oC10 - entrypoint: - - /bin/sh - # run ocis init to initialize a configuration file with random secrets - # it will fail on subsequent runs, because the config file already exists - # therefore we ignore the error and then start the ocis server - command: ["-c", "ocis init || true; ocis server"] - #entrypoint: - # - /bin/sh - # - /entrypoint-override.sh - environment: - # Keycloak IDP specific configuration - OC_OIDC_ISSUER: https://${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}/auth/realms/${KEYCLOAK_REALM:-owncloud} - PROXY_OIDC_REWRITE_WELLKNOWN: "true" - WEB_OIDC_CLIENT_ID: ocis-web - WEB_OIDC_SCOPE: openid profile email owncloud - # external ldap is supposed to be read-only - GRAPH_IDENTITY_BACKEND: ldap - GRAPH_LDAP_SERVER_WRITE_ENABLED: "false" - # LDAP bind - OC_LDAP_URI: "ldaps://openldap" - OC_LDAP_INSECURE: "true" - OC_LDAP_BIND_DN: "cn=admin,dc=owncloud,dc=com" - OC_LDAP_BIND_PASSWORD: ${LDAP_ADMIN_PASSWORD:-admin} - # LDAP user settings - PROXY_USER_OIDC_CLAIM: ocis.user.uuid # claim was added in Keycloak - PROXY_USER_CS3_CLAIM: userid # equals LDAP_USER_SCHEMA_ID - OC_LDAP_GROUP_BASE_DN: "ou=groups,dc=owncloud,dc=com" - OC_LDAP_GROUP_SCHEMA_ID: "ownclouduuid" - OC_LDAP_GROUP_FILTER: "(objectclass=owncloud)" - OC_LDAP_USER_BASE_DN: "ou=users,dc=owncloud,dc=com" - OC_LDAP_USER_SCHEMA_ID: "ownclouduuid" - OC_LDAP_USER_FILTER: "(objectclass=owncloud)" - # ownCloudSQL storage driver - STORAGE_USERS_DRIVER: "owncloudsql" - STORAGE_USERS_OWNCLOUDSQL_DATADIR: "/mnt/data/files" - STORAGE_USERS_OWNCLOUDSQL_SHARE_FOLDER: "/Shares" - STORAGE_USERS_OWNCLOUDSQL_LAYOUT: "{{.Username}}" - STORAGE_USERS_OWNCLOUDSQL_DB_USERNAME: "owncloud" - STORAGE_USERS_OWNCLOUDSQL_DB_PASSWORD: "owncloud" - STORAGE_USERS_OWNCLOUDSQL_DB_HOST: "oc10-db" - STORAGE_USERS_OWNCLOUDSQL_DB_PORT: 3306 - STORAGE_USERS_OWNCLOUDSQL_DB_NAME: "owncloud" - # ownCloudSQL sharing driver - SHARING_USER_DRIVER: "owncloudsql" - SHARING_USER_OWNCLOUDSQL_DB_USERNAME: "owncloud" - SHARING_USER_OWNCLOUDSQL_DB_PASSWORD: "owncloud" - SHARING_USER_OWNCLOUDSQL_DB_HOST: "oc10-db" - SHARING_USER_OWNCLOUDSQL_DB_PORT: 3306 - SHARING_USER_OWNCLOUDSQL_DB_NAME: "owncloud" - # ownCloud storage readonly - OC_STORAGE_READ_ONLY: "false" # TODO: conflict with OWNCLOUDSQL -> https://github.com/owncloud/ocis/issues/2303 - # General oCIS config - # OC_RUN_SERVICES specifies to start all fullstack services except idm and idp. These are replaced by external services - OC_RUN_SERVICES: app-registry,app-provider,auth-basic,auth-machine,frontend,gateway,graph,groups,nats,notifications,ocdav,ocs,proxy,search,settings,sharing,storage-system,storage-publiclink,storage-shares,storage-users,store,thumbnails,users,web,webdav - OC_LOG_LEVEL: ${OC_LOG_LEVEL:-info} - OC_LOG_COLOR: "${OC_LOG_COLOR:-false}" - OC_URL: https://${CLOUD_DOMAIN:-cloud.owncloud.test} - PROXY_TLS: "false" # do not use SSL between Traefik and oCIS - # INSECURE: needed if oCIS / Traefik is using self generated certificates - OC_INSECURE: "${INSECURE:-false}" - # basic auth (not recommended, but needed for e.g., WebDav clients that do not support OpenID Connect) - PROXY_ENABLE_BASIC_AUTH: "${PROXY_ENABLE_BASIC_AUTH:-false}" - # password policies - OC_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: "banned-password-list.txt" - volumes: - - ./config/ocis/banned-password-list.txt:/etc/ocis/banned-password-list.txt - - ./config/ocis/proxy.yaml:/etc/ocis/proxy.yaml - - ocis-config:/etc/ocis - - ocis-data:/var/lib/ocis - # shared volume with oC10 - - oc10-data:/mnt/data - labels: - - "traefik.enable=true" - - "traefik.http.routers.ocis.entrypoints=https" - - "traefik.http.routers.ocis.rule=Host(`${CLOUD_DOMAIN:-cloud.owncloud.test}`)" - - "traefik.http.routers.ocis.tls.certresolver=http" - - "traefik.http.routers.ocis.service=ocis" - - "traefik.http.services.ocis.loadbalancer.server.port=9200" - logging: - driver: "local" - restart: always - - oc10: - image: owncloud/server:${OC10_DOCKER_TAG:-latest} - networks: - ocis-net: - environment: - # make ownCloud Web the default frontend - OWNCLOUD_DEFAULT_APP: ${OWNCLOUD_DEFAULT_APP:-files} # can be switched to "web" - OWNCLOUD_WEB_REWRITE_LINKS: ${OWNCLOUD_WEB_REWRITE_LINKS:-false} - # script / config variables - IDP_OIDC_ISSUER: https://${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}/auth/realms/${KEYCLOAK_REALM:-owncloud} - IDP_OIDC_CLIENT_SECRET: ${OC10_OIDC_CLIENT_SECRET:-oc10-oidc-secret} - CLOUD_DOMAIN: ${CLOUD_DOMAIN:-cloud.owncloud.test} - # LDAP bind configuration - LDAP_HOST: "openldap" - LDAP_PORT: 389 - STORAGE_LDAP_BIND_DN: "cn=admin,dc=owncloud,dc=com" - STORAGE_LDAP_BIND_PASSWORD: ${LDAP_ADMIN_PASSWORD:-admin} - # LDAP user configuration - LDAP_BASE_DN: "dc=owncloud,dc=com" - LDAP_USER_SCHEMA_DISPLAYNAME: "displayname" - LDAP_LOGINFILTER: "(&(objectclass=owncloud)(|(uid=%uid)(mail=%uid)))" - LDAP_GROUP_SCHEMA_DISPLAYNAME: "cn" - LDAP_USER_SCHEMA_NAME_ATTR: "uid" - LDAP_GROUP_FILTER: "(&(objectclass=groupOfNames)(objectclass=owncloud))" - LDAP_USER_SCHEMA_UID: "ownclouduuid" - LDAP_USERATTRIBUTEFILTERS: "" #"ownclouduuid;cn;uid;mail" - LDAP_USER_SCHEMA_MAIL: "mail" - LDAP_USER_FILTER: "(&(objectclass=owncloud))" - LDAP_GROUP_MEMBER_ASSOC_ATTR: "uniqueMember" - # ownCloud config - OWNCLOUD_DB_TYPE: mysql - OWNCLOUD_DB_NAME: owncloud - OWNCLOUD_DB_USERNAME: owncloud - OWNCLOUD_DB_PASSWORD: owncloud - OWNCLOUD_DB_HOST: oc10-db - OWNCLOUD_ADMIN_USERNAME: admin - OWNCLOUD_ADMIN_PASSWORD: admin - OWNCLOUD_MYSQL_UTF8MB4: "true" - OWNCLOUD_REDIS_ENABLED: "true" - OWNCLOUD_REDIS_HOST: redis - OWNCLOUD_TRUSTED_PROXIES: ${CLOUD_DOMAIN:-cloud.owncloud.test} - OWNCLOUD_OVERWRITE_PROTOCOL: https - OWNCLOUD_OVERWRITE_HOST: ${CLOUD_DOMAIN:-cloud.owncloud.test} - OWNCLOUD_APPS_ENABLE: "openidconnect,oauth2,user_ldap,graphapi" - OWNCLOUD_LOG_LEVEL: 0 - OWNCLOUD_LOG_FILE: /dev/stdout - volumes: - # oidc, ldap and web config - - ./config/oc10/oidc.config.php:/etc/templates/oidc.config.php - - ./config/oc10/ldap-config.tmpl.json:/etc/templates/ldap-config.tmpl.json - - ./config/oc10/ldap-sync-cron:/tmp/ldap-sync-cron - - ./config/oc10/web.config.php:/etc/templates/web.config.php - - ./config/oc10/web-config.tmpl.json:/etc/templates/web-config.tmpl.json - # config load script - - ./config/oc10/10-custom-config.sh:/etc/pre_server.d/10-custom-config.sh - # data persistence - - oc10-data:/mnt/data - logging: - driver: "local" - restart: always - - keycloak: - # Keycloak WildFly distribution, Quarkus is not ready yet for automatic setup https://github.com/keycloak/keycloak/issues/10216 - image: quay.io/keycloak/keycloak:legacy - networks: - ocis-net: - entrypoint: ["/bin/sh", "/opt/jboss/tools/docker-entrypoint-override.sh"] - volumes: - - ./config/keycloak/docker-entrypoint-override.sh:/opt/jboss/tools/docker-entrypoint-override.sh - - ./config/keycloak/owncloud-realm.dist.json:/opt/jboss/keycloak/owncloud-realm.dist.json - environment: - CLOUD_DOMAIN: ${CLOUD_DOMAIN:-cloud.owncloud.test} - OC10_OIDC_CLIENT_SECRET: ${OC10_OIDC_CLIENT_SECRET:-oc10-oidc-secret} - LDAP_ADMIN_PASSWORD: ${LDAP_ADMIN_PASSWORD:-admin} - DB_VENDOR: POSTGRES - DB_ADDR: keycloak-db - DB_DATABASE: keycloak - DB_USER: keycloak - DB_SCHEMA: public - DB_PASSWORD: keycloak - KEYCLOAK_USER: ${KEYCLOAK_ADMIN_USER:-admin} - KEYCLOAK_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD:-admin} - PROXY_ADDRESS_FORWARDING: "true" - KEYCLOAK_IMPORT: /opt/jboss/keycloak/owncloud-realm.json - labels: - - "traefik.enable=true" - - "traefik.http.routers.keycloak.entrypoints=https" - - "traefik.http.routers.keycloak.rule=Host(`${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}`)" - - "traefik.http.routers.keycloak.tls.certresolver=http" - - "traefik.http.routers.keycloak.service=keycloak" - - "traefik.http.services.keycloak.loadbalancer.server.port=8080" - logging: - driver: "local" - restart: always - - openldap: - image: osixia/openldap:latest - networks: - ocis-net: - command: --copy-service --loglevel debug - environment: - LDAP_TLS_VERIFY_CLIENT: never - LDAP_DOMAIN: owncloud.com - LDAP_ORGANISATION: ownCloud - LDAP_ADMIN_PASSWORD: ${LDAP_ADMIN_PASSWORD:-admin} - LDAP_RFC2307BIS_SCHEMA: "true" - LDAP_REMOVE_CONFIG_AFTER_SETUP: "false" - volumes: - - ./config/ldap/ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom - logging: - driver: "local" - restart: always - - ldap-manager: - image: osixia/phpldapadmin:0.9.0 - networks: - ocis-net: - environment: - PHPLDAPADMIN_LDAP_HOSTS: openldap - PHPLDAPADMIN_HTTPS: "false" - labels: - - "traefik.enable=true" - - "traefik.http.routers.ldap-manager.entrypoints=https" - - "traefik.http.routers.ldap-manager.rule=Host(`${LDAP_MANAGER_DOMAIN:-ldap.owncloud.test}`)" - - "traefik.http.routers.ldap-manager.tls.certresolver=http" - - "traefik.http.routers.ldap-manager.service=ldap-manager" - - "traefik.http.services.ldap-manager.loadbalancer.server.port=80" - logging: - driver: "local" - restart: always - - keycloak-db: - image: postgres:alpine - networks: - ocis-net: - volumes: - - keycloak-postgres-data:/var/lib/postgresql/data - environment: - POSTGRES_DB: keycloak - POSTGRES_USER: keycloak - POSTGRES_PASSWORD: keycloak - logging: - driver: "local" - restart: always - - oc10-db: - image: mariadb:10.6 - networks: - ocis-net: - environment: - - MYSQL_ROOT_PASSWORD=owncloud - - MYSQL_USER=owncloud - - MYSQL_PASSWORD=owncloud - - MYSQL_DATABASE=owncloud - command: - [ - "--max-allowed-packet=128M", - "--innodb-log-file-size=64M", - "--innodb-read-only-compressed=OFF", - ] - healthcheck: - test: ["CMD", "mysqladmin", "ping", "-u", "root", "--password=owncloud"] - interval: 10s - timeout: 5s - retries: 5 - volumes: - - oc10-mysql-data:/var/lib/mysql - logging: - driver: "local" - restart: always - - redis: - networks: - ocis-net: - image: redis:6 - command: ["--databases", "1"] - healthcheck: - test: ["CMD", "redis-cli", "ping"] - interval: 10s - timeout: 5s - retries: 5 - volumes: - - oc10-redis-data:/data - logging: - driver: "local" - restart: always - -volumes: - certs: - ocis-config: - ocis-data: - keycloak-postgres-data: - oc10-mysql-data: - oc10-redis-data: - oc10-data: - oc10-tmp: - -networks: - ocis-net: diff --git a/deployments/examples/oc10_ocis_parallel/keycloak-export.sh b/deployments/examples/oc10_ocis_parallel/keycloak-export.sh deleted file mode 100644 index 214c08dded..0000000000 --- a/deployments/examples/oc10_ocis_parallel/keycloak-export.sh +++ /dev/null @@ -1,13 +0,0 @@ -#! /bin/bash -docker-compose exec keycloak \ - sh -c "cd /opt/jboss/keycloak && \ - timeout 60 bin/standalone.sh \ - -Djboss.httin/standalone.sh \ - -Djboss.socket.binding.port-offset=100 \ - -Dkeycloak.migration.action=export \ - -Dkeycloak.migration.provider=singleFile \ - -Dkeycloak.migration.realmName=owncloud \ - -Dkeycloak.migration.file=owncloud-realm.json" - -docker-compose exec keycloak \ - cp /opt/jboss/keycloak/owncloud-realm.json /opt/jboss/keycloak/owncloud-realm.dist.json diff --git a/deployments/examples/oc10_ocis_parallel/monitoring_tracing/docker-compose-additions.yml b/deployments/examples/oc10_ocis_parallel/monitoring_tracing/docker-compose-additions.yml deleted file mode 100644 index d3b9965d8f..0000000000 --- a/deployments/examples/oc10_ocis_parallel/monitoring_tracing/docker-compose-additions.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -version: "3.7" - -services: - ocis: - environment: - # tracing - OC_TRACING_ENABLED: "true" - OC_TRACING_TYPE: "jaeger" - OC_TRACING_ENDPOINT: jaeger-agent:6831 - # metrics - # if oCIS runs as a single process, all /metrics endpoints - # will expose the same metrics, so it's sufficient to query one endpoint - PROXY_DEBUG_ADDR: 0.0.0.0:9205 - -networks: - ocis-net: - external: true diff --git a/deployments/examples/oc10_ocis_parallel/testing/docker-compose-additions.yml b/deployments/examples/oc10_ocis_parallel/testing/docker-compose-additions.yml deleted file mode 100644 index cee38e329d..0000000000 --- a/deployments/examples/oc10_ocis_parallel/testing/docker-compose-additions.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -version: "3.7" - -services: - ocis: - environment: - LDAP_GROUP_BASE_DN: "ou=TestGroups,dc=owncloud,dc=com" - LDAP_USER_BASE_DN: "ou=TestUsers,dc=owncloud,dc=com" - PROXY_ENABLE_BASIC_AUTH: "true" - - oc10: - ports: - - 8080:8080 - volumes: - - ./config/oc10/11-testing-app.sh:/etc/pre_server.d/11-testing-app.sh - - openldap: - ports: - - 636:636 diff --git a/deployments/examples/ocis_full/config/ocis/banned-password-list.txt b/deployments/examples/ocis_full/config/ocis/banned-password-list.txt deleted file mode 100644 index aff7475f22..0000000000 --- a/deployments/examples/ocis_full/config/ocis/banned-password-list.txt +++ /dev/null @@ -1,5 +0,0 @@ -password -12345678 -123 -ownCloud -ownCloud-1 diff --git a/deployments/examples/ocis_full/debug-ocis.yml b/deployments/examples/ocis_full/debug-ocis.yml deleted file mode 100644 index 64a5c86a69..0000000000 --- a/deployments/examples/ocis_full/debug-ocis.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -services: - - ocis: - command: [ "-c", "ocis init || true; dlv --listen=:40000 --headless=true --continue --check-go-version=false --api-version=2 --accept-multiclient exec /usr/bin/ocis server" ] - ports: - - 40000:40000 diff --git a/deployments/examples/ocis_full/s3ng.yml b/deployments/examples/ocis_full/s3ng.yml deleted file mode 100644 index cde233e339..0000000000 --- a/deployments/examples/ocis_full/s3ng.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -services: - ocis: - environment: - # activate s3ng storage driver - STORAGE_USERS_DRIVER: s3ng - # keep system data on ocis storage since this are only small files atm - STORAGE_SYSTEM_DRIVER: ocis - # s3ng specific settings - STORAGE_USERS_S3NG_ENDPOINT: ${S3NG_ENDPOINT:-http://minio:9000} - STORAGE_USERS_S3NG_REGION: ${S3NG_REGION:-default} - STORAGE_USERS_S3NG_ACCESS_KEY: ${S3NG_ACCESS_KEY:-ocis} - STORAGE_USERS_S3NG_SECRET_KEY: ${S3NG_SECRET_KEY:-ocis-secret-key} - STORAGE_USERS_S3NG_BUCKET: ${S3NG_BUCKET:-ocis-bucket} diff --git a/deployments/examples/ocis_full/web_extensions/extensions.yml b/deployments/examples/ocis_full/web_extensions/extensions.yml deleted file mode 100644 index d2a60a039b..0000000000 --- a/deployments/examples/ocis_full/web_extensions/extensions.yml +++ /dev/null @@ -1,7 +0,0 @@ -services: - ocis: - volumes: - - ocis-apps:/var/lib/ocis/web/assets/apps - -volumes: - ocis-apps: diff --git a/deployments/examples/ocis_hello/.env b/deployments/examples/ocis_hello/.env deleted file mode 100644 index 1b43903fa7..0000000000 --- a/deployments/examples/ocis_hello/.env +++ /dev/null @@ -1,33 +0,0 @@ -# If you're on a internet facing server please comment out following line. -# It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates. -INSECURE=true - -### Traefik settings ### -# Serve Traefik dashboard. Defaults to "false". -TRAEFIK_DASHBOARD= -# Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test" -TRAEFIK_DOMAIN= -# Basic authentication for the dashboard. Defaults to user "admin" and password "admin" -TRAEFIK_BASIC_AUTH_USERS= -# Email address for obtaining LetsEncrypt certificates, needs only be changed if this is a public facing server -TRAEFIK_ACME_MAIL= - -### oCIS settings ### -# oCIS version. Defaults to "latest" -OC_DOCKER_TAG= -# Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test" -OC_DOMAIN= -# oCIS admin user password. Defaults to "admin". -ADMIN_PASSWORD= -# The demo users should not be created on a production instance -# because their passwords are public. Defaults to "false". -DEMO_USERS= - -### oCIS Hello settings ### -# oCIS Hello version. Defaults to "latest" -OC_HELLO_DOCKER_TAG= - -# If you want to use debugging and tracing with this stack, -# you need uncomment following line. Please see documentation at -# https://owncloud.dev/ocis/deployment/monitoring-tracing/ -#COMPOSE_FILE=docker-compose.yml:monitoring_tracing/docker-compose-additions.yml diff --git a/deployments/examples/ocis_hello/README.md b/deployments/examples/ocis_hello/README.md deleted file mode 100644 index 991a4279c5..0000000000 --- a/deployments/examples/ocis_hello/README.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -document this deployment example in: docs/ocis/deployment/ocis_hello.md ---- - -Please refer to [our documentation](https://owncloud.dev/ocis/deployment/ocis_hello/) -for instructions on how to deploy this scenario. diff --git a/deployments/examples/ocis_hello/config/ocis/banned-password-list.txt b/deployments/examples/ocis_hello/config/ocis/banned-password-list.txt deleted file mode 100644 index aff7475f22..0000000000 --- a/deployments/examples/ocis_hello/config/ocis/banned-password-list.txt +++ /dev/null @@ -1,5 +0,0 @@ -password -12345678 -123 -ownCloud -ownCloud-1 diff --git a/deployments/examples/ocis_hello/config/ocis/proxy.yaml b/deployments/examples/ocis_hello/config/ocis/proxy.yaml deleted file mode 100644 index bc3169bb05..0000000000 --- a/deployments/examples/ocis_hello/config/ocis/proxy.yaml +++ /dev/null @@ -1,60 +0,0 @@ -policy_selector: - static: - policy: ocis - -policies: - - name: ocis - routes: - # defaults, taken from https://owncloud.dev/services/proxy/configuration/ - - endpoint: / - backend: http://localhost:9100 - - endpoint: /.well-known/ - backend: http://localhost:9130 - - endpoint: /konnect/ - backend: http://localhost:9130 - - endpoint: /signin/ - backend: http://localhost:9130 - - endpoint: /archiver - backend: http://localhost:9140 - - type: regex - endpoint: /ocs/v[12].php/cloud/user/signing-key - backend: http://localhost:9110 - - endpoint: /ocs/ - backend: http://localhost:9140 - - type: query - endpoint: /remote.php/?preview=1 - backend: http://localhost:9115 - - method: REPORT - endpoint: /remote.php/dav/ - backend: http://localhost:9115 - - type: query - endpoint: /dav/?preview=1 - backend: http://localhost:9115 - - type: query - endpoint: /webdav/?preview=1 - backend: http://localhost:9115 - - endpoint: /remote.php/ - service: eu.opencloud.web.ocdav - - endpoint: /dav/ - service: eu.opencloud.web.ocdav - - endpoint: /webdav/ - service: eu.opencloud.web.ocdav - - endpoint: /status.php - service: eu.opencloud.web.ocdav - - endpoint: /index.php/ - service: eu.opencloud.web.ocdav - - endpoint: /apps/ - service: eu.opencloud.web.ocdav - - endpoint: /data - backend: http://localhost:9140 - - endpoint: /app/ - backend: http://localhost:9140 - - endpoint: /graph/ - backend: http://localhost:9120 - - endpoint: /api/v0/settings - backend: http://localhost:9190 - # oCIS Hello specific routes - - endpoint: "/api/v0/greet" - backend: http://ocis-hello:9105 - - endpoint: "/hello.js" - backend: http://ocis-hello:9105 diff --git a/deployments/examples/ocis_hello/config/ocis/web.yaml b/deployments/examples/ocis_hello/config/ocis/web.yaml deleted file mode 100644 index 3100332956..0000000000 --- a/deployments/examples/ocis_hello/config/ocis/web.yaml +++ /dev/null @@ -1,5 +0,0 @@ -web: - config: - external_apps: - - id: hello - path: /hello.js diff --git a/deployments/examples/ocis_hello/docker-compose.yml b/deployments/examples/ocis_hello/docker-compose.yml deleted file mode 100644 index 2d0c1819ef..0000000000 --- a/deployments/examples/ocis_hello/docker-compose.yml +++ /dev/null @@ -1,109 +0,0 @@ ---- -version: "3.7" - -services: - traefik: - image: traefik:v2.9.1 - networks: - ocis-net: - aliases: - - ${OC_DOMAIN:-ocis.owncloud.test} - command: - - "--log.level=${TRAEFIK_LOG_LEVEL:-ERROR}" - # letsencrypt configuration - - "--certificatesResolvers.http.acme.email=${TRAEFIK_ACME_MAIL:-example@example.org}" - - "--certificatesResolvers.http.acme.storage=/certs/acme.json" - - "--certificatesResolvers.http.acme.httpChallenge.entryPoint=http" - # enable dashboard - - "--api.dashboard=true" - # define entrypoints - - "--entryPoints.http.address=:80" - - "--entryPoints.http.http.redirections.entryPoint.to=https" - - "--entryPoints.http.http.redirections.entryPoint.scheme=https" - - "--entryPoints.https.address=:443" - # docker provider (get configuration from container labels) - - "--providers.docker.endpoint=unix:///var/run/docker.sock" - - "--providers.docker.exposedByDefault=false" - # access log - - "--accessLog=true" - - "--accessLog.format=json" - - "--accessLog.fields.headers.names.X-Request-Id=keep" - ports: - - "80:80" - - "443:443" - volumes: - - "/var/run/docker.sock:/var/run/docker.sock:ro" - - "certs:/certs" - labels: - - "traefik.enable=${TRAEFIK_DASHBOARD:-false}" - - "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_BASIC_AUTH_USERS:-admin:$$apr1$$4vqie50r$$YQAmQdtmz5n9rEALhxJ4l.}" # defaults to admin:admin - - "traefik.http.routers.traefik.entrypoints=https" - - "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)" - - "traefik.http.routers.traefik.middlewares=traefik-auth" - - "traefik.http.routers.traefik.tls.certresolver=http" - - "traefik.http.routers.traefik.service=api@internal" - logging: - driver: "local" - restart: always - - ocis: - image: owncloud/ocis:${OC_DOCKER_TAG:-latest} - networks: - ocis-net: - entrypoint: - - /bin/sh - # run ocis init to initialize a configuration file with random secrets - # it will fail on subsequent runs, because the config file already exists - # therefore we ignore the error and then start the ocis server - command: ["-c", "ocis init || true; ocis server"] - environment: - OC_URL: https://${OC_DOMAIN:-ocis.owncloud.test} - OC_LOG_LEVEL: ${OC_LOG_LEVEL:-info} - OC_LOG_COLOR: "${OC_LOG_COLOR:-false}" - PROXY_TLS: "false" # do not use SSL between Traefik and oCIS - # make settings service available to oCIS Hello - SETTINGS_GRPC_ADDR: 0.0.0.0:9191 - # INSECURE: needed if oCIS / Traefik is using self generated certificates - OC_INSECURE: "${INSECURE:-false}" - # basic auth (not recommended, but needed for e.g., WebDav clients that do not support OpenID Connect) - PROXY_ENABLE_BASIC_AUTH: "${PROXY_ENABLE_BASIC_AUTH:-false}" - # admin user password - IDM_ADMIN_PASSWORD: "${ADMIN_PASSWORD:-admin}" # this overrides the admin password from the configuration file - # demo users - IDM_CREATE_DEMO_USERS: "${DEMO_USERS:-false}" - # password policies - OC_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: "banned-password-list.txt" - volumes: - - ./config/ocis/banned-password-list.txt:/etc/ocis/banned-password-list.txt - - ./config/ocis/proxy.yaml:/etc/ocis/proxy.yaml - - ./config/ocis/web.yaml:/etc/ocis/web.yaml - - ocis-config:/etc/ocis - - ocis-data:/var/lib/ocis - labels: - - "traefik.enable=true" - - "traefik.http.routers.ocis.entrypoints=https" - - "traefik.http.routers.ocis.rule=Host(`${OC_DOMAIN:-ocis.owncloud.test}`)" - - "traefik.http.routers.ocis.tls.certresolver=http" - - "traefik.http.routers.ocis.service=ocis" - - "traefik.http.services.ocis.loadbalancer.server.port=9200" - logging: - driver: "local" - restart: always - - ocis-hello: - image: owncloud/ocis-hello:${OC_HELLO_DOCKER_TAG:-latest} - networks: - ocis-net: - environment: - OC_LOG_LEVEL: ${OC_LOG_LEVEL:-info} - logging: - driver: "local" - restart: always - -volumes: - certs: - ocis-config: - ocis-data: - -networks: - ocis-net: diff --git a/deployments/examples/ocis_hello/monitoring_tracing/docker-compose-additions.yml b/deployments/examples/ocis_hello/monitoring_tracing/docker-compose-additions.yml deleted file mode 100644 index d3b9965d8f..0000000000 --- a/deployments/examples/ocis_hello/monitoring_tracing/docker-compose-additions.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -version: "3.7" - -services: - ocis: - environment: - # tracing - OC_TRACING_ENABLED: "true" - OC_TRACING_TYPE: "jaeger" - OC_TRACING_ENDPOINT: jaeger-agent:6831 - # metrics - # if oCIS runs as a single process, all /metrics endpoints - # will expose the same metrics, so it's sufficient to query one endpoint - PROXY_DEBUG_ADDR: 0.0.0.0:9205 - -networks: - ocis-net: - external: true diff --git a/deployments/examples/ocis_keycloak/.env b/deployments/examples/ocis_keycloak/.env deleted file mode 100644 index dbc2713085..0000000000 --- a/deployments/examples/ocis_keycloak/.env +++ /dev/null @@ -1,41 +0,0 @@ -# If you're on a internet facing server please comment out following line. -# It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates. -INSECURE=true - -# The demo users should not be created on a production instance -# because their passwords are public -DEMO_USERS=false - -### Traefik settings ### -# Serve Traefik dashboard. Defaults to "false". -TRAEFIK_DASHBOARD= -# Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test" -TRAEFIK_DOMAIN= -# Basic authentication for the dashboard. Defaults to user "admin" and password "admin" -TRAEFIK_BASIC_AUTH_USERS= -# Email address for obtaining LetsEncrypt certificates, needs only be changed if this is a public facing server -TRAEFIK_ACME_MAIL= - -### oCIS settings ### -# oCIS version. Defaults to "latest" -OC_DOCKER_TAG= -# Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test" -OC_DOMAIN= -# owncloud Web openid connect client id. Defaults to "web" -OC_OIDC_CLIENT_ID= - -### Keycloak ### -# Domain of Keycloak, where you can find the management and authentication frontend. Defaults to "keycloak.owncloud.test" -KEYCLOAK_DOMAIN= -# Realm which to be used with oCIS. Defaults to "oCIS" -KEYCLOAK_REALM= -# Admin user login name. Defaults to "admin" -KEYCLOAK_ADMIN_USER= -# Admin user login password. Defaults to "admin" -KEYCLOAK_ADMIN_PASSWORD= - - -# If you want to use debugging and tracing with this stack, -# you need uncomment following line. Please see documentation at -# https://owncloud.dev/ocis/deployment/monitoring-tracing/ -#COMPOSE_FILE=docker-compose.yml:monitoring_tracing/docker-compose-additions.yml diff --git a/deployments/examples/ocis_keycloak/README.md b/deployments/examples/ocis_keycloak/README.md deleted file mode 100644 index 0837071b7c..0000000000 --- a/deployments/examples/ocis_keycloak/README.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -document this deployment example in: docs/ocis/deployment/ocis_keycloak.md ---- - -Please refer to [our documentation](https://owncloud.dev/ocis/deployment/ocis_keycloak/) -for instructions on how to deploy this scenario. diff --git a/deployments/examples/ocis_keycloak/config/keycloak/clients/android_app.json b/deployments/examples/ocis_keycloak/config/keycloak/clients/android_app.json deleted file mode 100644 index 0dd4106e3f..0000000000 --- a/deployments/examples/ocis_keycloak/config/keycloak/clients/android_app.json +++ /dev/null @@ -1,64 +0,0 @@ -{ - "clientId": "e4rAsNUSIUs0lF4nbv9FmCeUkTlV9GdgTLDH1b5uie7syb90SzEVrbN7HIpmWJeD", - "name": "ownCloud Android app", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "dInFYGV33xKzhbRmpqQltYNdfLdJIfJ9L5ISoKhNoT9qZftpdWSP71VrpGR9pmoD", - "redirectUris": [ - "oc://android.owncloud.com" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "post.logout.redirect.uris": "+", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "exclude.session.state.from.auth.response": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "groups", - "basic", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ], - "access": { - "view": true, - "configure": true, - "manage": true - } -} \ No newline at end of file diff --git a/deployments/examples/ocis_keycloak/config/keycloak/clients/cyberduck.json b/deployments/examples/ocis_keycloak/config/keycloak/clients/cyberduck.json deleted file mode 100644 index 85a4e72c5c..0000000000 --- a/deployments/examples/ocis_keycloak/config/keycloak/clients/cyberduck.json +++ /dev/null @@ -1,67 +0,0 @@ -{ - "clientId": "3keLfua0olYvW1zKXTDB3OjAMPEYWEQNuiscli395GKJOiPnPURNQWGvGCJZf4Hw", - "name": "Cyberduck", - "description": "", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "yoqICbLIeYbpZPqDH4D8k4NKb04HqnrWBntEeVZEQ5gO1RmaUlln0Aqu1dj2UoF4", - "redirectUris": [ - "x-cyberduck-action:oauth", - "x-mountainduck-action:oauth" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "groups", - "basic", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ], - "access": { - "view": true, - "configure": true, - "manage": true - } -} \ No newline at end of file diff --git a/deployments/examples/ocis_keycloak/config/keycloak/clients/desktop_client.json b/deployments/examples/ocis_keycloak/config/keycloak/clients/desktop_client.json deleted file mode 100644 index 0aeb310097..0000000000 --- a/deployments/examples/ocis_keycloak/config/keycloak/clients/desktop_client.json +++ /dev/null @@ -1,65 +0,0 @@ -{ - "clientId": "xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69", - "name": "ownCloud Desktop Client", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "UBntmLjC2yYCeHwsyj73Uwo9TAaecAetRwMw0xYcvNL9yRdLSUi0hUAHfvCHFeFh", - "redirectUris": [ - "http://127.0.0.1:*", - "http://localhost:*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "post.logout.redirect.uris": "+", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "exclude.session.state.from.auth.response": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "groups", - "basic", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ], - "access": { - "view": true, - "configure": true, - "manage": true - } -} \ No newline at end of file diff --git a/deployments/examples/ocis_keycloak/config/keycloak/clients/ios_app.json b/deployments/examples/ocis_keycloak/config/keycloak/clients/ios_app.json deleted file mode 100644 index ec879ec702..0000000000 --- a/deployments/examples/ocis_keycloak/config/keycloak/clients/ios_app.json +++ /dev/null @@ -1,64 +0,0 @@ -{ - "clientId": "mxd5OQDk6es5LzOzRvidJNfXLUZS2oN3oUFeXPP8LpPrhx3UroJFduGEYIBOxkY1", - "name": "ownCloud iOS app", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "KFeFWWEZO9TkisIQzR3fo7hfiMXlOpaqP8CFuTbSHzV1TUuGECglPxpiVKJfOXIx", - "redirectUris": [ - "oc://ios.owncloud.com" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "post.logout.redirect.uris": "+", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "exclude.session.state.from.auth.response": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "groups", - "basic", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ], - "access": { - "view": true, - "configure": true, - "manage": true - } -} \ No newline at end of file diff --git a/deployments/examples/ocis_keycloak/config/keycloak/clients/web.json b/deployments/examples/ocis_keycloak/config/keycloak/clients/web.json deleted file mode 100644 index b88f7c1312..0000000000 --- a/deployments/examples/ocis_keycloak/config/keycloak/clients/web.json +++ /dev/null @@ -1,72 +0,0 @@ -{ - "clientId": "web", - "name": "", - "description": "", - "rootUrl": "https://ocis.owncloud.test", - "adminUrl": "https://ocis.owncloud.test", - "baseUrl": "", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "https://ocis.owncloud.test/*" - ], - "webOrigins": [ - "https://ocis.owncloud.test" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "post.logout.redirect.uris": "+", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "backchannel.logout.url": "https://ocis.owncloud.test/backchannel_logout", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "groups", - "basic", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ], - "access": { - "view": true, - "configure": true, - "manage": true - } -} \ No newline at end of file diff --git a/deployments/examples/ocis_keycloak/config/keycloak/docker-entrypoint-override.sh b/deployments/examples/ocis_keycloak/config/keycloak/docker-entrypoint-override.sh deleted file mode 100644 index a5033d941e..0000000000 --- a/deployments/examples/ocis_keycloak/config/keycloak/docker-entrypoint-override.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash -printenv -# replace oCIS domain in keycloak realm import -mkdir /opt/keycloak/data/import -sed -e "s/ocis.owncloud.test/${OC_DOMAIN}/g" /opt/keycloak/data/import-dist/ocis-realm.json > /opt/keycloak/data/import/ocis-realm.json - -# run original docker-entrypoint -/opt/keycloak/bin/kc.sh "$@" diff --git a/deployments/examples/ocis_keycloak/config/keycloak/ocis-realm.dist.json b/deployments/examples/ocis_keycloak/config/keycloak/ocis-realm.dist.json deleted file mode 100644 index e10b200e9b..0000000000 --- a/deployments/examples/ocis_keycloak/config/keycloak/ocis-realm.dist.json +++ /dev/null @@ -1,2793 +0,0 @@ -{ - "id": "ownCloud Infinite Scale Test", - "realm": "oCIS", - "displayName": "ownCloud Infinite Scale", - "notBefore": 0, - "defaultSignatureAlgorithm": "RS256", - "revokeRefreshToken": false, - "refreshTokenMaxReuse": 0, - "accessTokenLifespan": 300, - "accessTokenLifespanForImplicitFlow": 900, - "ssoSessionIdleTimeout": 1800, - "ssoSessionMaxLifespan": 36000, - "ssoSessionIdleTimeoutRememberMe": 0, - "ssoSessionMaxLifespanRememberMe": 0, - "offlineSessionIdleTimeout": 2592000, - "offlineSessionMaxLifespanEnabled": false, - "offlineSessionMaxLifespan": 5184000, - "clientSessionIdleTimeout": 0, - "clientSessionMaxLifespan": 0, - "clientOfflineSessionIdleTimeout": 0, - "clientOfflineSessionMaxLifespan": 0, - "accessCodeLifespan": 60, - "accessCodeLifespanUserAction": 300, - "accessCodeLifespanLogin": 1800, - "actionTokenGeneratedByAdminLifespan": 43200, - "actionTokenGeneratedByUserLifespan": 300, - "oauth2DeviceCodeLifespan": 600, - "oauth2DevicePollingInterval": 5, - "enabled": true, - "sslRequired": "external", - "registrationAllowed": false, - "registrationEmailAsUsername": false, - "rememberMe": false, - "verifyEmail": false, - "loginWithEmailAllowed": true, - "duplicateEmailsAllowed": false, - "resetPasswordAllowed": false, - "editUsernameAllowed": false, - "bruteForceProtected": true, - "permanentLockout": false, - "maxTemporaryLockouts": 0, - "maxFailureWaitSeconds": 900, - "minimumQuickLoginWaitSeconds": 60, - "waitIncrementSeconds": 60, - "quickLoginCheckMilliSeconds": 1000, - "maxDeltaTimeSeconds": 43200, - "failureFactor": 30, - "roles": { - "realm": [ - { - "id": "0bb40fa2-4490-4687-9159-b1d27ec7423a", - "name": "ocisAdmin", - "description": "", - "composite": false, - "clientRole": false, - "containerId": "ownCloud Infinite Scale Test", - "attributes": {} - }, - { - "id": "2d576514-4aae-46aa-9d9c-075f55f4d988", - "name": "uma_authorization", - "description": "${role_uma_authorization}", - "composite": false, - "clientRole": false, - "containerId": "ownCloud Infinite Scale Test", - "attributes": {} - }, - { - "id": "8c79ff81-c256-48fd-b0b9-795c7941eedf", - "name": "ocisUser", - "description": "", - "composite": false, - "clientRole": false, - "containerId": "ownCloud Infinite Scale Test", - "attributes": {} - }, - { - "id": "bd5f5012-48bb-4ea4-bfe6-0623e3ca0552", - "name": "ocisSpaceAdmin", - "description": "", - "composite": false, - "clientRole": false, - "containerId": "ownCloud Infinite Scale Test", - "attributes": {} - }, - { - "id": "e2145b30-bf6f-49fb-af3f-1b40168bfcef", - "name": "offline_access", - "description": "${role_offline-access}", - "composite": false, - "clientRole": false, - "containerId": "ownCloud Infinite Scale Test", - "attributes": {} - }, - { - "id": "82e13ea7-aac4-4d2c-9fc7-cff8333dbe19", - "name": "default-roles-ocis", - "description": "${role_default-roles}", - "composite": true, - "composites": { - "realm": [ - "offline_access", - "uma_authorization" - ], - "client": { - "account": [ - "manage-account", - "view-profile" - ] - } - }, - "clientRole": false, - "containerId": "ownCloud Infinite Scale Test", - "attributes": {} - }, - { - "id": "7eedfa6d-a2d9-4296-b6db-e75e4e9c0963", - "name": "ocisGuest", - "description": "", - "composite": false, - "clientRole": false, - "containerId": "ownCloud Infinite Scale Test", - "attributes": {} - } - ], - "client": { - "_system": [], - "realm-management": [ - { - "id": "979ce053-a671-4b50-81d5-da4bdf7404c9", - "name": "view-clients", - "description": "${role_view-clients}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "query-clients" - ] - } - }, - "clientRole": true, - "containerId": "7848ee94-cc9b-40db-946f-a86ac73dc9b7", - "attributes": {} - }, - { - "id": "4bec4791-e888-4dac-bc95-71720d5981b9", - "name": "query-users", - "description": "${role_query-users}", - "composite": false, - "clientRole": true, - "containerId": "7848ee94-cc9b-40db-946f-a86ac73dc9b7", - "attributes": {} - }, - { - "id": "955b4406-b04f-432d-a61a-571675874341", - "name": "manage-authorization", - "description": "${role_manage-authorization}", - "composite": false, - "clientRole": true, - "containerId": "7848ee94-cc9b-40db-946f-a86ac73dc9b7", - "attributes": {} - }, - { - "id": "baa219af-2773-4d59-b06b-485f10fbbab3", - "name": "view-events", - "description": "${role_view-events}", - "composite": false, - "clientRole": true, - "containerId": "7848ee94-cc9b-40db-946f-a86ac73dc9b7", - "attributes": {} - }, - { - "id": "f280bc03-d079-478d-be06-3590580b25e9", - "name": "manage-users", - "description": "${role_manage-users}", - "composite": false, - "clientRole": true, - "containerId": "7848ee94-cc9b-40db-946f-a86ac73dc9b7", - "attributes": {} - }, - { - "id": "db698163-84ad-46c9-958f-bb5f80ae78b5", - "name": "query-clients", - "description": "${role_query-clients}", - "composite": false, - "clientRole": true, - "containerId": "7848ee94-cc9b-40db-946f-a86ac73dc9b7", - "attributes": {} - }, - { - "id": "36c04d89-abf7-4a2c-a808-8efa9aca1435", - "name": "manage-clients", - "description": "${role_manage-clients}", - "composite": false, - "clientRole": true, - "containerId": "7848ee94-cc9b-40db-946f-a86ac73dc9b7", - "attributes": {} - }, - { - "id": "06eae953-11d5-4344-b089-ffce1e68d5d8", - "name": "query-realms", - "description": "${role_query-realms}", - "composite": false, - "clientRole": true, - "containerId": "7848ee94-cc9b-40db-946f-a86ac73dc9b7", - "attributes": {} - }, - { - "id": "afe8aa78-2f06-43a5-8c99-cf68a1f5a86a", - "name": "realm-admin", - "description": "${role_realm-admin}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "view-clients", - "query-users", - "manage-authorization", - "view-events", - "manage-users", - "query-clients", - "manage-clients", - "query-realms", - "impersonation", - "manage-realm", - "manage-identity-providers", - "view-authorization", - "create-client", - "query-groups", - "view-users", - "view-realm", - "view-identity-providers", - "manage-events" - ] - } - }, - "clientRole": true, - "containerId": "7848ee94-cc9b-40db-946f-a86ac73dc9b7", - "attributes": {} - }, - { - "id": "22ee128a-b28e-4c6a-aa8e-ad4136d74e1b", - "name": "impersonation", - "description": "${role_impersonation}", - "composite": false, - "clientRole": true, - "containerId": "7848ee94-cc9b-40db-946f-a86ac73dc9b7", - "attributes": {} - }, - { - "id": "89d4f119-7f87-44d9-8eef-d207304de778", - "name": "manage-realm", - "description": "${role_manage-realm}", - "composite": false, - "clientRole": true, - "containerId": "7848ee94-cc9b-40db-946f-a86ac73dc9b7", - "attributes": {} - }, - { - "id": "ebffeff4-6794-4003-a2ab-a79eff7d1baa", - "name": "manage-identity-providers", - "description": "${role_manage-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "7848ee94-cc9b-40db-946f-a86ac73dc9b7", - "attributes": {} - }, - { - "id": "2361a7ff-d2b3-43f5-b360-ad0e44fba65c", - "name": "view-authorization", - "description": "${role_view-authorization}", - "composite": false, - "clientRole": true, - "containerId": "7848ee94-cc9b-40db-946f-a86ac73dc9b7", - "attributes": {} - }, - { - "id": "f7bf6d7a-a861-49c6-8f6f-225c18d0a03a", - "name": "create-client", - "description": "${role_create-client}", - "composite": false, - "clientRole": true, - "containerId": "7848ee94-cc9b-40db-946f-a86ac73dc9b7", - "attributes": {} - }, - { - "id": "34ccce1c-5a7e-4268-8836-2276545be900", - "name": "query-groups", - "description": "${role_query-groups}", - "composite": false, - "clientRole": true, - "containerId": "7848ee94-cc9b-40db-946f-a86ac73dc9b7", - "attributes": {} - }, - { - "id": "430f7831-8f22-4518-bd15-2998eae45a51", - "name": "view-users", - "description": "${role_view-users}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "query-groups", - "query-users" - ] - } - }, - "clientRole": true, - "containerId": "7848ee94-cc9b-40db-946f-a86ac73dc9b7", - "attributes": {} - }, - { - "id": "371a31e6-4494-4b74-b3ea-d030663423ed", - "name": "view-realm", - "description": "${role_view-realm}", - "composite": false, - "clientRole": true, - "containerId": "7848ee94-cc9b-40db-946f-a86ac73dc9b7", - "attributes": {} - }, - { - "id": "e875775b-7a3e-4a5d-9e4e-376351b78626", - "name": "view-identity-providers", - "description": "${role_view-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "7848ee94-cc9b-40db-946f-a86ac73dc9b7", - "attributes": {} - }, - { - "id": "3dce7929-ee1f-40cd-9be1-7addcae92cef", - "name": "manage-events", - "description": "${role_manage-events}", - "composite": false, - "clientRole": true, - "containerId": "7848ee94-cc9b-40db-946f-a86ac73dc9b7", - "attributes": {} - } - ], - "xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69": [], - "web": [], - "security-admin-console": [], - "e4rAsNUSIUs0lF4nbv9FmCeUkTlV9GdgTLDH1b5uie7syb90SzEVrbN7HIpmWJeD": [], - "admin-cli": [], - "mxd5OQDk6es5LzOzRvidJNfXLUZS2oN3oUFeXPP8LpPrhx3UroJFduGEYIBOxkY1": [], - "account-console": [], - "broker": [ - { - "id": "81fad68a-8dd8-4d79-9a8f-206a82460145", - "name": "read-token", - "description": "${role_read-token}", - "composite": false, - "clientRole": true, - "containerId": "002faf0a-716c-4230-81c7-ce22d1eb832c", - "attributes": {} - } - ], - "account": [ - { - "id": "c49a49da-8ad0-44cb-b518-6d7d72cbe494", - "name": "manage-account", - "description": "${role_manage-account}", - "composite": true, - "composites": { - "client": { - "account": [ - "manage-account-links" - ] - } - }, - "clientRole": true, - "containerId": "9850adad-7910-4b67-a790-da6444361618", - "attributes": {} - }, - { - "id": "9dc2244e-b8a7-44f1-b173-d2b929fedcca", - "name": "view-consent", - "description": "${role_view-consent}", - "composite": false, - "clientRole": true, - "containerId": "9850adad-7910-4b67-a790-da6444361618", - "attributes": {} - }, - { - "id": "ce115327-99c9-44d4-ba7d-820397dc11e6", - "name": "manage-account-links", - "description": "${role_manage-account-links}", - "composite": false, - "clientRole": true, - "containerId": "9850adad-7910-4b67-a790-da6444361618", - "attributes": {} - }, - { - "id": "2ffdf854-084b-467a-91c6-7f07844efc9a", - "name": "view-groups", - "description": "${role_view-groups}", - "composite": false, - "clientRole": true, - "containerId": "9850adad-7910-4b67-a790-da6444361618", - "attributes": {} - }, - { - "id": "8c45ca71-32aa-4547-932d-412da5e371ed", - "name": "view-profile", - "description": "${role_view-profile}", - "composite": false, - "clientRole": true, - "containerId": "9850adad-7910-4b67-a790-da6444361618", - "attributes": {} - }, - { - "id": "cbeecf6d-9af8-4746-877b-74800a894c35", - "name": "view-applications", - "description": "${role_view-applications}", - "composite": false, - "clientRole": true, - "containerId": "9850adad-7910-4b67-a790-da6444361618", - "attributes": {} - }, - { - "id": "ea798f64-b5f8-417f-9fe0-d3cd9172884f", - "name": "delete-account", - "description": "${role_delete-account}", - "composite": false, - "clientRole": true, - "containerId": "9850adad-7910-4b67-a790-da6444361618", - "attributes": {} - }, - { - "id": "e73aaf6d-e67b-491a-9cc3-78c32c82b42c", - "name": "manage-consent", - "description": "${role_manage-consent}", - "composite": true, - "composites": { - "client": { - "account": [ - "view-consent" - ] - } - }, - "clientRole": true, - "containerId": "9850adad-7910-4b67-a790-da6444361618", - "attributes": {} - } - ] - } - }, - "groups": [ - { - "id": "99187f82-71b6-4f21-a255-0d87bb286607", - "name": "philosophy-haters", - "path": "/philosophy-haters", - "subGroups": [], - "attributes": {}, - "realmRoles": [], - "clientRoles": {} - }, - { - "id": "2129ab43-0221-40e1-871a-394a8c9b6434", - "name": "physics-lovers", - "path": "/physics-lovers", - "subGroups": [], - "attributes": {}, - "realmRoles": [], - "clientRoles": {} - }, - { - "id": "8246d8bc-8e35-4b11-916e-f8d7729d6a23", - "name": "polonium-lovers", - "path": "/polonium-lovers", - "subGroups": [], - "attributes": {}, - "realmRoles": [], - "clientRoles": {} - }, - { - "id": "fabf9b54-c27e-495e-961d-9c9f2ebfd482", - "name": "quantum-lovers", - "path": "/quantum-lovers", - "subGroups": [], - "attributes": {}, - "realmRoles": [], - "clientRoles": {} - }, - { - "id": "f5613e5a-84b6-4e85-bcb3-0fff9fa6a191", - "name": "radium-lovers", - "path": "/radium-lovers", - "subGroups": [], - "attributes": {}, - "realmRoles": [], - "clientRoles": {} - }, - { - "id": "32031f61-035e-4355-b7bf-17ff314581f3", - "name": "sailing-lovers", - "path": "/sailing-lovers", - "subGroups": [], - "attributes": {}, - "realmRoles": [], - "clientRoles": {} - }, - { - "id": "8520544b-eb76-449d-8498-fbe0e1e62a97", - "name": "users", - "path": "/users", - "subGroups": [], - "attributes": {}, - "realmRoles": [], - "clientRoles": {} - }, - { - "id": "d0a10993-e532-49b7-b2b4-009f9b31d43a", - "name": "violin-haters", - "path": "/violin-haters", - "subGroups": [], - "attributes": {}, - "realmRoles": [], - "clientRoles": {} - } - ], - "defaultRole": { - "id": "82e13ea7-aac4-4d2c-9fc7-cff8333dbe19", - "name": "default-roles-ocis", - "description": "${role_default-roles}", - "composite": true, - "clientRole": false, - "containerId": "ownCloud Infinite Scale Test" - }, - "requiredCredentials": [ - "password" - ], - "otpPolicyType": "totp", - "otpPolicyAlgorithm": "HmacSHA1", - "otpPolicyInitialCounter": 0, - "otpPolicyDigits": 6, - "otpPolicyLookAheadWindow": 1, - "otpPolicyPeriod": 30, - "otpPolicyCodeReusable": false, - "otpSupportedApplications": [ - "totpAppFreeOTPName", - "totpAppGoogleName", - "totpAppMicrosoftAuthenticatorName" - ], - "localizationTexts": {}, - "webAuthnPolicyRpEntityName": "keycloak", - "webAuthnPolicySignatureAlgorithms": [ - "ES256" - ], - "webAuthnPolicyRpId": "", - "webAuthnPolicyAttestationConveyancePreference": "not specified", - "webAuthnPolicyAuthenticatorAttachment": "not specified", - "webAuthnPolicyRequireResidentKey": "not specified", - "webAuthnPolicyUserVerificationRequirement": "not specified", - "webAuthnPolicyCreateTimeout": 0, - "webAuthnPolicyAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyAcceptableAaguids": [], - "webAuthnPolicyExtraOrigins": [], - "webAuthnPolicyPasswordlessRpEntityName": "keycloak", - "webAuthnPolicyPasswordlessSignatureAlgorithms": [ - "ES256" - ], - "webAuthnPolicyPasswordlessRpId": "", - "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", - "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", - "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", - "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", - "webAuthnPolicyPasswordlessCreateTimeout": 0, - "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyPasswordlessAcceptableAaguids": [], - "webAuthnPolicyPasswordlessExtraOrigins": [], - "users": [ - { - "id": "389845cd-65b9-47fc-b723-ba75940bcbd7", - "username": "admin", - "firstName": "Admin", - "lastName": "Admin", - "email": "admin@example.org", - "emailVerified": true, - "createdTimestamp": 1611912383386, - "enabled": true, - "totp": false, - "credentials": [ - { - "id": "499e0fbe-1c10-4588-9db4-e8a1012b9246", - "type": "password", - "createdDate": 1611912393787, - "secretData": "{\"value\":\"WUdGHYxGqrEBqg8Y3v+CKCzkzXkboMI6VmpWAYqvD7pIcP9z1zzDTqwlXrVFytoZMpcceT3Xm1hAGh7CZcSoHQ==\",\"salt\":\"pxP1MdkG//50Lv81WsQ5FA==\",\"additionalParameters\":{}}", - "credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" - } - ], - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "uma_authorization", - "ocisAdmin", - "offline_access" - ], - "clientRoles": { - "account": [ - "manage-account", - "view-profile" - ] - }, - "notBefore": 0, - "groups": [ - "/users" - ] - }, - { - "id": "0a9f434c-4864-49cf-ac15-46ed0f49d59b", - "username": "einstein", - "firstName": "Albert", - "lastName": "Einstein", - "email": "einstein@example.org", - "emailVerified": true, - "createdTimestamp": 1611912153544, - "enabled": true, - "totp": false, - "credentials": [ - { - "id": "19efcb24-c5ec-42ed-97e1-2475ca025f40", - "type": "password", - "createdDate": 1611912169712, - "secretData": "{\"value\":\"5+ofM8OpvpiPZyi4ZJuB2Pa3jGOIcY2uXui2p8KRWCs=\",\"salt\":\"wfhXLZScHStB14ZxML9d7g==\",\"additionalParameters\":{}}", - "credentialData": "{\"hashIterations\":5,\"algorithm\":\"argon2\",\"additionalParameters\":{\"hashLength\":[\"32\"],\"memory\":[\"7168\"],\"type\":[\"id\"],\"version\":[\"1.3\"],\"parallelism\":[\"1\"]}}" - } - ], - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "uma_authorization", - "ocisUser", - "offline_access" - ], - "clientRoles": { - "account": [ - "manage-account", - "view-profile" - ] - }, - "notBefore": 0, - "groups": [ - "/physics-lovers", - "/sailing-lovers", - "/users", - "/violin-haters" - ] - }, - { - "id": "b44a81e2-e3ed-4241-a9ce-44604f7ac9eb", - "username": "katherine", - "firstName": "Katherine", - "lastName": "Johnson", - "email": "katherine@example.org", - "emailVerified": true, - "createdTimestamp": 1678101111607, - "enabled": true, - "totp": false, - "credentials": [ - { - "id": "be18ccc9-b80f-4895-bf06-8e8e4605c634", - "type": "password", - "userLabel": "My password", - "createdDate": 1678101159924, - "secretData": "{\"value\":\"/E/1yfcgM8deq6V544gEsTfsXZuUnzaofmM+AK+MpAsvRoNRtEyRN1pajhIpGDtEuPa/KVBDbcALE7WMbFhO1w==\",\"salt\":\"TXapvlOYBWqabQRo+fINFQ==\",\"additionalParameters\":{}}", - "credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" - } - ], - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "ocisSpaceAdmin", - "default-roles-ocis" - ], - "notBefore": 0, - "groups": [] - }, - { - "id": "48016357-346a-443e-bf7a-945c9448a99b", - "username": "marie", - "firstName": "Marie", - "lastName": "Curie", - "email": "marie@example.org", - "emailVerified": true, - "createdTimestamp": 1611912241951, - "enabled": true, - "totp": false, - "credentials": [ - { - "id": "ff304f90-a934-4bf1-9cfe-bd165751c110", - "type": "password", - "createdDate": 1611912318408, - "secretData": "{\"value\":\"DN7g/etlfzHfd6tfF4g50xdPGy+aUboAXmjB06R0NzhGhwhOxiUh7KNWre2pqZOiu28iGXfDFWMP2xDCNid+Mg==\",\"salt\":\"ZFYXUMBaZm/XspifJgH9Tg==\",\"additionalParameters\":{}}", - "credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" - } - ], - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "uma_authorization", - "ocisUser", - "offline_access" - ], - "clientRoles": { - "account": [ - "manage-account", - "view-profile" - ] - }, - "notBefore": 0, - "groups": [ - "/physics-lovers", - "/polonium-lovers", - "/radium-lovers", - "/users" - ] - }, - { - "id": "d18c3689-b816-455a-9728-cd8c9797f315", - "username": "moss", - "firstName": "Maurice", - "lastName": "Moss", - "email": "moss@example.org", - "emailVerified": true, - "createdTimestamp": 1611912340085, - "enabled": true, - "totp": false, - "credentials": [ - { - "id": "273679bf-80ef-4c83-ac23-0ee569c3bece", - "type": "password", - "createdDate": 1611912354500, - "secretData": "{\"value\":\"f22la+Ghr2xDBOA1tJrMlc2GFy9ZiGcTJuto2U9KaHE=\",\"salt\":\"fjwq6/u6YI+r1xdZL0UtxA==\",\"additionalParameters\":{}}", - "credentialData": "{\"hashIterations\":5,\"algorithm\":\"argon2\",\"additionalParameters\":{\"hashLength\":[\"32\"],\"memory\":[\"7168\"],\"type\":[\"id\"],\"version\":[\"1.3\"],\"parallelism\":[\"1\"]}}" - } - ], - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "uma_authorization", - "ocisAdmin", - "offline_access" - ], - "clientRoles": { - "account": [ - "manage-account", - "view-profile" - ] - }, - "notBefore": 0, - "groups": [ - "/users" - ] - }, - { - "id": "373be4c5-7f65-4e91-ba0e-bfb618c96046", - "username": "richard", - "firstName": "Richard", - "lastName": "Feynman", - "email": "richard@example.org", - "emailVerified": true, - "createdTimestamp": 1611912442173, - "enabled": true, - "totp": false, - "credentials": [ - { - "id": "2fb1bcd7-8a51-4732-b695-dc4aa14b1dca", - "type": "password", - "createdDate": 1611912452192, - "secretData": "{\"value\":\"uzN0AO66tnEoLM5SpHmJ3rNb4Gj9sXJMafn68EbDwVtQmbOR0uY7L/ePU7i5pVTvhgRN7XMj0P9Fc+iV7C+Pzw==\",\"salt\":\"PqLW9Cu52hOW9b2cVTF+Sg==\",\"additionalParameters\":{}}", - "credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" - } - ], - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "uma_authorization", - "ocisUser", - "offline_access" - ], - "clientRoles": { - "account": [ - "manage-account", - "view-profile" - ] - }, - "notBefore": 0, - "groups": [ - "/philosophy-haters", - "/physics-lovers", - "/quantum-lovers", - "/users" - ] - } - ], - "scopeMappings": [ - { - "clientScope": "offline_access", - "roles": [ - "offline_access" - ] - }, - { - "clientScope": "roles", - "roles": [ - "ocisSpaceAdmin", - "ocisGuest", - "ocisUser", - "ocisAdmin" - ] - } - ], - "clientScopeMappings": { - "account": [ - { - "client": "account-console", - "roles": [ - "manage-account", - "view-groups" - ] - } - ] - }, - "clients": [ - { - "id": "294b6cf4-b646-4f6c-bab2-616546ec3167", - "clientId": "_system", - "name": "_system", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "pIw3cF77kEYSYR2r1HfOzySTBLO7aYeM", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "client.secret.creation.time": "1718778122", - "post.logout.redirect.uris": "+" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "basic", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "9850adad-7910-4b67-a790-da6444361618", - "clientId": "account", - "name": "${client_account}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/oCIS/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "PY3vaoPyw7VCfHxDf41JKbGtR2WOV85S", - "redirectUris": [ - "/realms/oCIS/account/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "client.secret.creation.time": "1718778122", - "post.logout.redirect.uris": "+" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "basic" - ], - "optionalClientScopes": [] - }, - { - "id": "55bb4cdc-045b-422a-8830-61245949d6aa", - "clientId": "account-console", - "name": "${client_account-console}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/oCIS/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/realms/oCIS/account/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "post.logout.redirect.uris": "+", - "pkce.code.challenge.method": "S256" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "9bf413ed-402f-438d-a72c-033f3c45dab2", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - } - ], - "defaultClientScopes": [ - "web-origins", - "acr", - "profile", - "roles", - "basic", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "2969b8ff-2ab3-4907-aaa7-091a7a627ccb", - "clientId": "admin-cli", - "name": "${client_admin-cli}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "post.logout.redirect.uris": "+" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "basic" - ], - "optionalClientScopes": [] - }, - { - "id": "002faf0a-716c-4230-81c7-ce22d1eb832c", - "clientId": "broker", - "name": "${client_broker}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "3mksmxreyii6xcc6N2JRGLT4fehwE1HT", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "client.secret.creation.time": "1718778122", - "post.logout.redirect.uris": "+" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "basic" - ], - "optionalClientScopes": [] - }, - { - "id": "c8367556-1d13-4979-b4f6-5e2cff1f82ae", - "clientId": "e4rAsNUSIUs0lF4nbv9FmCeUkTlV9GdgTLDH1b5uie7syb90SzEVrbN7HIpmWJeD", - "name": "ownCloud Android app", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "dInFYGV33xKzhbRmpqQltYNdfLdJIfJ9L5ISoKhNoT9qZftpdWSP71VrpGR9pmoD", - "redirectUris": [ - "oc://android.owncloud.com" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "post.logout.redirect.uris": "+", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "exclude.session.state.from.auth.response": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "groups", - "basic", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "6ae0e3da-38ff-47a4-a76e-b59eec0a2de9", - "clientId": "mxd5OQDk6es5LzOzRvidJNfXLUZS2oN3oUFeXPP8LpPrhx3UroJFduGEYIBOxkY1", - "name": "ownCloud iOS app", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "KFeFWWEZO9TkisIQzR3fo7hfiMXlOpaqP8CFuTbSHzV1TUuGECglPxpiVKJfOXIx", - "redirectUris": [ - "oc://ios.owncloud.com" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "post.logout.redirect.uris": "+", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "exclude.session.state.from.auth.response": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "groups", - "basic", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "7848ee94-cc9b-40db-946f-a86ac73dc9b7", - "clientId": "realm-management", - "name": "${client_realm-management}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "post.logout.redirect.uris": "+" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [], - "optionalClientScopes": [] - }, - { - "id": "97264f49-a8c1-4585-99b6-e706339c62f8", - "clientId": "security-admin-console", - "name": "${client_security-admin-console}", - "rootUrl": "${authAdminUrl}", - "baseUrl": "/admin/oCIS/console/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/admin/oCIS/console/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "post.logout.redirect.uris": "+", - "pkce.code.challenge.method": "S256" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "96092024-21dd-4d31-a004-2c5b96031da3", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String", - "userinfo.token.claim": "true" - } - } - ], - "defaultClientScopes": [ - "basic" - ], - "optionalClientScopes": [] - }, - { - "id": "54b18eca-cf79-4263-9db9-2d79f8a1c831", - "clientId": "web", - "name": "", - "description": "", - "rootUrl": "https://ocis.owncloud.test", - "adminUrl": "https://ocis.owncloud.test", - "baseUrl": "", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "https://ocis.owncloud.test/*" - ], - "webOrigins": [ - "https://ocis.owncloud.test" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "post.logout.redirect.uris": "+", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "backchannel.logout.url": "https://ocis.owncloud.test/backchannel_logout", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "groups", - "basic", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "fc7d8a8e-cb92-4cb0-b404-d723c07d8d4f", - "clientId": "xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69", - "name": "ownCloud Desktop Client", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "UBntmLjC2yYCeHwsyj73Uwo9TAaecAetRwMw0xYcvNL9yRdLSUi0hUAHfvCHFeFh", - "redirectUris": [ - "http://127.0.0.1:*", - "http://localhost:*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "post.logout.redirect.uris": "+", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "exclude.session.state.from.auth.response": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "groups", - "basic", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - } - ], - "clientScopes": [ - { - "id": "258e56a8-1eeb-49ea-957b-aff8df4656ba", - "name": "email", - "description": "OpenID Connect built-in scope: email", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "consent.screen.text": "${emailScopeConsentText}", - "display.on.consent.screen": "true" - }, - "protocolMappers": [ - { - "id": "068bcfb6-4a17-4c20-b083-ae542a7f76c8", - "name": "email verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "user.attribute": "emailVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email_verified", - "jsonType.label": "boolean", - "userinfo.token.claim": "true" - } - }, - { - "id": "c00d6c21-2fd1-435f-9ee9-87e011048cbe", - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String", - "userinfo.token.claim": "true" - } - } - ] - }, - { - "id": "b3e1e47e-3912-4b55-ba89-b0198e767682", - "name": "address", - "description": "OpenID Connect built-in scope: address", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "consent.screen.text": "${addressScopeConsentText}", - "display.on.consent.screen": "true" - }, - "protocolMappers": [ - { - "id": "876baab9-39d1-4845-abb4-561a58aa152d", - "name": "address", - "protocol": "openid-connect", - "protocolMapper": "oidc-address-mapper", - "consentRequired": false, - "config": { - "user.attribute.formatted": "formatted", - "user.attribute.country": "country", - "user.attribute.postal_code": "postal_code", - "userinfo.token.claim": "true", - "user.attribute.street": "street", - "id.token.claim": "true", - "user.attribute.region": "region", - "access.token.claim": "true", - "user.attribute.locality": "locality" - } - } - ] - }, - { - "id": "9cae7ced-e7d9-4f7b-8e54-7402125f6ead", - "name": "offline_access", - "description": "OpenID Connect built-in scope: offline_access", - "protocol": "openid-connect", - "attributes": { - "consent.screen.text": "${offlineAccessScopeConsentText}", - "display.on.consent.screen": "true" - } - }, - { - "id": "8eb1f69b-b941-4185-bca1-f916953f7cf5", - "name": "role_list", - "description": "SAML role list", - "protocol": "saml", - "attributes": { - "consent.screen.text": "${samlRoleListScopeConsentText}", - "display.on.consent.screen": "true" - }, - "protocolMappers": [ - { - "id": "fb587847-806f-4443-bab0-501efc0f0b46", - "name": "role list", - "protocol": "saml", - "protocolMapper": "saml-role-list-mapper", - "consentRequired": false, - "config": { - "single": "false", - "attribute.nameformat": "Basic", - "attribute.name": "Role" - } - } - ] - }, - { - "id": "947da1ff-f614-48fc-9ecb-c98cbcfd3390", - "name": "profile", - "description": "OpenID Connect built-in scope: profile", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "consent.screen.text": "${profileScopeConsentText}", - "display.on.consent.screen": "true" - }, - "protocolMappers": [ - { - "id": "46fec552-2f92-408a-84cf-ba98bf8e35fd", - "name": "family name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "user.attribute": "lastName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String", - "userinfo.token.claim": "true" - } - }, - { - "id": "c7ed5458-4d32-423e-8ea1-d112c45045d4", - "name": "middle name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "user.attribute": "middleName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "middle_name", - "jsonType.label": "String", - "userinfo.token.claim": "true" - } - }, - { - "id": "e18d1ce4-3969-4ec1-9941-a27fd7555245", - "name": "picture", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "user.attribute": "picture", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "picture", - "jsonType.label": "String", - "userinfo.token.claim": "true" - } - }, - { - "id": "dab85a5e-9af8-4fcd-88e4-9d3ae50dd5b6", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String", - "userinfo.token.claim": "true" - } - }, - { - "id": "7484f47e-3bb1-48d0-ba64-e8330dcefe6e", - "name": "profile", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "user.attribute": "profile", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "profile", - "jsonType.label": "String", - "userinfo.token.claim": "true" - } - }, - { - "id": "fcd00995-9693-4803-8f41-c84044be83ed", - "name": "website", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "user.attribute": "website", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "website", - "jsonType.label": "String", - "userinfo.token.claim": "true" - } - }, - { - "id": "f09e7268-5284-449b-849b-cf8225523584", - "name": "full name", - "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "id": "0317f4b3-3f7b-47ab-88d3-5d6f604d944d", - "name": "nickname", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "user.attribute": "nickname", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "nickname", - "jsonType.label": "String", - "userinfo.token.claim": "true" - } - }, - { - "id": "db81244c-e739-461b-8822-52ceaa11bdf4", - "name": "updated at", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "user.attribute": "updatedAt", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "updated_at", - "jsonType.label": "String", - "userinfo.token.claim": "true" - } - }, - { - "id": "c6a16bf9-9370-4dff-a718-be53131bb238", - "name": "gender", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "user.attribute": "gender", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "gender", - "jsonType.label": "String", - "userinfo.token.claim": "true" - } - }, - { - "id": "32d76647-b542-484c-9062-edc34eb350e0", - "name": "birthdate", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "user.attribute": "birthdate", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "birthdate", - "jsonType.label": "String", - "userinfo.token.claim": "true" - } - }, - { - "id": "ac6530db-6463-446b-99da-32d5298b5fa0", - "name": "zoneinfo", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "user.attribute": "zoneinfo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "zoneinfo", - "jsonType.label": "String", - "userinfo.token.claim": "true" - } - }, - { - "id": "ed10983b-8700-415e-933e-226ce3f397a6", - "name": "given name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "user.attribute": "firstName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String", - "userinfo.token.claim": "true" - } - }, - { - "id": "8205ccd0-1266-4060-b5df-3a6eb229d91e", - "name": "username", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String", - "userinfo.token.claim": "true" - } - } - ] - }, - { - "id": "79713daf-89ca-4ed4-ad97-a88b13ee9a18", - "name": "phone", - "description": "OpenID Connect built-in scope: phone", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "consent.screen.text": "${phoneScopeConsentText}", - "display.on.consent.screen": "true" - }, - "protocolMappers": [ - { - "id": "b5f4f5ed-1008-42ba-8b3b-7d8851a2a680", - "name": "phone number", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "user.attribute": "phoneNumber", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number", - "jsonType.label": "String", - "userinfo.token.claim": "true" - } - }, - { - "id": "08a246f1-2b4c-4def-af5c-aefc31b4820d", - "name": "phone number verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "user.attribute": "phoneNumberVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number_verified", - "jsonType.label": "boolean", - "userinfo.token.claim": "true" - } - } - ] - }, - { - "id": "c3a6224b-49aa-4a25-953d-7e326d66893d", - "name": "basic", - "description": "OpenID Connect scope for add all basic claims to the token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ - { - "id": "2d4f3f17-1ab7-429e-88e1-cdf08d3533c6", - "name": "auth_time", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "AUTH_TIME", - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "auth_time", - "jsonType.label": "long" - } - }, - { - "id": "3e7da934-3de3-4bd1-a565-8ac62419c138", - "name": "sub", - "protocol": "openid-connect", - "protocolMapper": "oidc-sub-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "access.token.claim": "true" - } - } - ] - }, - { - "id": "0c72b80b-28d5-48d8-b593-c99030aab58d", - "name": "roles", - "description": "OpenID Connect scope for add user roles to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "consent.screen.text": "${rolesScopeConsentText}", - "display.on.consent.screen": "true" - }, - "protocolMappers": [ - { - "id": "bc7f015e-329f-4e99-be6b-72382f4310c7", - "name": "client roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-client-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "resource_access.${client_id}.roles", - "jsonType.label": "String", - "multivalued": "true" - } - }, - { - "id": "215f645f-ad0b-4523-9ece-f09f69ead5c4", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - }, - { - "id": "4a10b958-d34d-413a-b349-1415d02cdcde", - "name": "realm roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "roles", - "jsonType.label": "String", - "userinfo.token.claim": "true", - "multivalued": "true" - } - } - ] - }, - { - "id": "7438d93e-b07a-4913-9419-3273be364c4b", - "name": "groups", - "description": "OpenID Connect scope for add user groups to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "true", - "gui.order": "", - "consent.screen.text": "" - }, - "protocolMappers": [ - { - "id": "5349faf2-64a6-481f-b207-39ffef2cd597", - "name": "groups", - "protocol": "openid-connect", - "protocolMapper": "oidc-group-membership-mapper", - "consentRequired": false, - "config": { - "full.path": "false", - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "lightweight.claim": "false", - "access.token.claim": "true", - "claim.name": "groups" - } - } - ] - }, - { - "id": "5ce87358-3bca-4874-a6f0-6dccae6209a8", - "name": "web-origins", - "description": "OpenID Connect scope for add allowed web origins to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "consent.screen.text": "", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ - { - "id": "bbd23c51-918d-4ea6-9ac0-db68b512fb0a", - "name": "allowed web origins", - "protocol": "openid-connect", - "protocolMapper": "oidc-allowed-origins-mapper", - "consentRequired": false, - "config": {} - } - ] - }, - { - "id": "86883395-e439-4cab-9d8d-31d71389969c", - "name": "acr", - "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ - { - "id": "b849b14b-7c9c-4b7b-9329-c56debefb47c", - "name": "acr loa level", - "protocol": "openid-connect", - "protocolMapper": "oidc-acr-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - } - ] - }, - { - "id": "bdb3e320-76c8-4ad7-9d0f-a08efc060101", - "name": "microprofile-jwt", - "description": "Microprofile - JWT built-in scope", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ - { - "id": "1d08316c-493b-42ab-afa3-66f621860661", - "name": "groups", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "multivalued": "true", - "userinfo.token.claim": "true", - "user.attribute": "foo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "groups", - "jsonType.label": "String" - } - }, - { - "id": "52061d2d-7a41-4f1d-ba1b-3c4a53e739e4", - "name": "upn", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "upn", - "jsonType.label": "String", - "userinfo.token.claim": "true" - } - } - ] - } - ], - "defaultDefaultClientScopes": [ - "role_list", - "profile", - "email", - "roles", - "web-origins", - "acr", - "basic", - "groups" - ], - "defaultOptionalClientScopes": [ - "offline_access", - "address", - "phone", - "microprofile-jwt" - ], - "browserSecurityHeaders": { - "contentSecurityPolicyReportOnly": "", - "xContentTypeOptions": "nosniff", - "referrerPolicy": "no-referrer", - "xRobotsTag": "none", - "xFrameOptions": "SAMEORIGIN", - "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - "xXSSProtection": "1; mode=block", - "strictTransportSecurity": "max-age=31536000; includeSubDomains" - }, - "smtpServer": {}, - "eventsEnabled": false, - "eventsListeners": [ - "jboss-logging" - ], - "enabledEventTypes": [], - "adminEventsEnabled": false, - "adminEventsDetailsEnabled": false, - "identityProviders": [], - "identityProviderMappers": [], - "components": { - "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ - { - "id": "4682fe74-f3a9-445a-a7ab-557fb532fe6b", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "c46009e5-c8b5-4051-bf7f-7b1481a9aa86", - "name": "Max Clients Limit", - "providerId": "max-clients", - "subType": "anonymous", - "subComponents": {}, - "config": { - "max-clients": [ - "200" - ] - } - }, - { - "id": "43edf979-28d2-46c8-9f93-48b3de185570", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "saml-user-property-mapper", - "saml-role-list-mapper", - "oidc-address-mapper", - "oidc-sha256-pairwise-sub-mapper", - "oidc-usermodel-property-mapper", - "oidc-usermodel-attribute-mapper", - "oidc-full-name-mapper", - "saml-user-attribute-mapper" - ] - } - }, - { - "id": "6fc7d765-7da8-4985-ba0b-e83827b04bd3", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, - { - "id": "5a9aef85-98a6-4e90-b30f-8aa715e1f5e6", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "saml-user-attribute-mapper", - "oidc-usermodel-attribute-mapper", - "oidc-address-mapper", - "saml-role-list-mapper", - "oidc-full-name-mapper", - "saml-user-property-mapper", - "oidc-sha256-pairwise-sub-mapper", - "oidc-usermodel-property-mapper" - ] - } - }, - { - "id": "e3eadb04-8862-4567-869c-a76485268159", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, - { - "id": "c788e6bf-2f57-4a82-b32e-ac8d48a4f676", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} - } - ], - "org.keycloak.userprofile.UserProfileProvider": [ - { - "id": "28d6b4ce-33d4-40c0-adef-b27e35b7e122", - "providerId": "declarative-user-profile", - "subComponents": {}, - "config": { - "kc.user.profile.config": [ - "{\"attributes\":[{\"name\":\"username\",\"displayName\":\"${username}\",\"validations\":{\"length\":{\"min\":3,\"max\":255},\"username-prohibited-characters\":{},\"up-username-not-idn-homograph\":{}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"email\",\"displayName\":\"${email}\",\"validations\":{\"email\":{},\"length\":{\"max\":255}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"firstName\",\"displayName\":\"${firstName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"lastName\",\"displayName\":\"${lastName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false}],\"groups\":[{\"name\":\"user-metadata\",\"displayHeader\":\"User metadata\",\"displayDescription\":\"Attributes, which refer to user metadata\"}],\"unmanagedAttributePolicy\":\"ENABLED\"}" - ] - } - } - ], - "org.keycloak.keys.KeyProvider": [ - { - "id": "0e3d0048-cb16-49c3-8a9a-05d83f0daeca", - "name": "rsa-generated", - "providerId": "rsa-generated", - "subComponents": {}, - "config": { - "privateKey": [ - "MIIEowIBAAKCAQEAtddPjTKbLAv02Zh3CTCfZHbgCi4M0dFOU1OJ8tHvxt7nuDz7DTA//V0T4WSgdMOLDNVs6J5KNO7ddF6aB1laCWwfGG/ZAxHyrIzTI+iFK5qG19jnvPGBzPbdffxKyC6TcUwTz6z01pbovLftwXyNtAqxwgJvfjdg4j7PYvabk97ketRWw1uH+Jlqa/TOFlbQuweea2w9CJJmofJ/lzgHk5JAyYm/oT0gVB/ukCSgh+So+AtZ8fzwawdS9uQZhvu3sU//M9j+liT+mv5Dq+uB+NIx24xWPW/hWgPlqBBZ0o1ZEbK4jtyxjDOTAs6w6/IT+OO8a9z0BsMC7nl1EzA1LQIDAQABAoIBABl/HknmMci8HRxSMEVLGoZRKWUerjB7QG1sQLhEhHImOL0QsS4uY5fdxaxXBNfqanmlsUwalGgV+ATZljpNO9PSDmLJnVbnXNdMivcKzXq0LjpfUPr2rU8KbDsT4CkaaBUSPZLjJZSzJeCpiijqPco5V6b5hXLf8Uc31wdWxwYKv4XYBOgXZGkHk27f6CdqjCzNYWhJYIHeBqISUMDEQoZx9YxemudbdNF8Vo/Keyj/vqYXdLwyyJf9A7DY/A6mZWp3XMQtlL0CykVjnbgm/EzYaXuwZSCY1sYHl7AhOu83AjPR7aYpkY662l1VuwaGliKk2+iIrIhYWDAOaluSBvcCgYEA/2vPm67piTw3umNca1EZqYC/Sta2d4yKthYh+gXzbWDDeVI63Kn1d2cWau0qV9SLwpY+UcTVReiqf5EHxOdhUzm7H7kcAUPydIOFX78BJ7sYa8TW/iZ+pvrAx/43EqCsdNMHcNVsqKMmJhpAozCMyG0BxFTsesuG4o3fCEBjoFcCgYEAtkDPeLZWw1ClocHcgTFSNRZF+wIYPpItS2NG0fRJk4jTv10nVoHRGflqhH3052iZkMpHMrB8YtbcOWET9nh3oJq3wB5VpQigPWjkmo00hNLQ36MbTbBuinmIPdy2SknoiojfSfgYcxmi3f8RHqPOLLkyAZjclJj6lAbq/aJklBsCgYBdV3rhPASgYF9FQDZwCY1FQoWlxd2cxsGSVXhJNI+HM0t8NK7KIVpRLl0k6lMFEemZTOqtWy9Ngv976vZZ4OzSS1C1ASLY24npRn8hRF4ZtOfxyld/PXYfc5er/p0Fs64Sa2RWucghwK2aUxG4EXABdsSkiRx6q5I5jPsqus0ttQKBgQCwvcs1cgZT5OqrIng3ZWAmkVIOKKrgSxvXxw/P3cpYY9GM+8aBUuU3/jN5BzkwDLUXv8Ip+xK1O05X6rfURmEkg8X8bq55nBLhWs6Ovq8Wu+bJacC5p4abjV49N8Qj6Oa1KiT387uqK0tRY+DzSMFRh8th1x7akDw4vzi1/PzyzwKBgG2C0QFuJqoVQlRnAB8Jid7ChliuPP+1KhZMd4mJ7yOaU1r+TKWPPIk5iNd3zkjc0UZGg/6h1WvZQazHAxn1/BMHR7ZY3zmBsCQ1TiRRfyr18v9rBRUS3GwmXgToJwl65aNO6cGAIvS/7TH2Zfmdjc5rkjWCv4U32+tpCGNtoaPC" - ], - "certificate": [ - "MIIClzCCAX8CBgGQLyjUfjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARvQ0lTMB4XDTI0MDYxOTA2MjAyM1oXDTM0MDYxOTA2MjIwM1owDzENMAsGA1UEAwwEb0NJUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALXXT40ymywL9NmYdwkwn2R24AouDNHRTlNTifLR78be57g8+w0wP/1dE+FkoHTDiwzVbOieSjTu3XRemgdZWglsHxhv2QMR8qyM0yPohSuahtfY57zxgcz23X38Ssguk3FME8+s9NaW6Ly37cF8jbQKscICb343YOI+z2L2m5Pe5HrUVsNbh/iZamv0zhZW0LsHnmtsPQiSZqHyf5c4B5OSQMmJv6E9IFQf7pAkoIfkqPgLWfH88GsHUvbkGYb7t7FP/zPY/pYk/pr+Q6vrgfjSMduMVj1v4VoD5agQWdKNWRGyuI7csYwzkwLOsOvyE/jjvGvc9AbDAu55dRMwNS0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEApg4N+/dI+UimwbpW7nsJWFu/FA8GgbEEBqbbjatgqeUJNuvi0jFueiYFnO/Pppp++PQDvKKwE7XfnEuippNNKWFQnwJQf9ZRnysNlYMq+vBT37+QIps2z772pq7bway5t7YlwjBhILNGIA9mzbsFK2SnyY0V5y0qQgEaZePMP/2cq5Ur9tKMUIIsTfBgkk3YLpxgq/rwTOtxfo6me5WpD5dXT57NXV9wmtxStE9z6INvMjp7FPZO8mai97X/SfgNhuGkN+EclvYEM/5/xfNR4rhPSnlsHwX2jjVuVuJZQKKY7DlVDohKMJzLf1Ocfe44mSRkQWCeGnJpg8NrtaxYTg==" - ], - "priority": [ - "100" - ] - } - }, - { - "id": "f92ecf31-c3c7-4c3b-af20-839fc05bcf99", - "name": "hmac-generated", - "providerId": "hmac-generated", - "subComponents": {}, - "config": { - "kid": [ - "a25fabf6-4224-4e0e-876b-cbfcb0a79628" - ], - "secret": [ - "4TbJ63S8xc-vEmTtAtd0YQbO9sCqeUs9B0SpOiokavNFWwRq5hrxcyXsG1GKpCAcEheGKnjNgkNAOR3jvnKDVnq-jJd9II2G6-A6G-XH7HMG7REWi2OVDf7a5eGmdFeRNdI5kQhGceS-H03hF3Q9uI4tv1mlgoeBpVxfWrS5_dQ" - ], - "priority": [ - "100" - ], - "algorithm": [ - "HS256" - ] - } - }, - { - "id": "a137a686-5876-4faf-8d1e-e3a59f55095e", - "name": "hmac-generated-hs512", - "providerId": "hmac-generated", - "subComponents": {}, - "config": { - "kid": [ - "f00e19d2-5070-4730-a68a-2a14912ef7a8" - ], - "secret": [ - "nXZiaEzaQQUrFkmkq7vRPbZ54_m-u5zo5o9j-5WxtbdwCaHGNN3hGHOjq_4z4zfB4ooRVcUtzQL_48kOoRYmvJy7_w-rfIIooxN5yGU4sVJRj3wV3cVwxPqNAVLj_pAxJnTLXGC-cckpFkWw9XfIPLG-D3Nkv05WEgVSnIuNXOo" - ], - "priority": [ - "100" - ], - "algorithm": [ - "HS512" - ] - } - }, - { - "id": "992dcc80-dc41-4b00-bab8-6ec1c839f3a4", - "name": "aes-generated", - "providerId": "aes-generated", - "subComponents": {}, - "config": { - "kid": [ - "aec7cbf7-7e70-4acd-b1b6-adc7a0d58e2f" - ], - "secret": [ - "-WfcWG4blS3bT0nsLsj-Rw" - ], - "priority": [ - "100" - ] - } - } - ] - }, - "internationalizationEnabled": false, - "supportedLocales": [], - "authenticationFlows": [ - { - "id": "8964f931-b866-4a05-ab1c-89331a566887", - "alias": "Account verification options", - "description": "Method with which to verity the existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-email-verification", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false - } - ] - }, - { - "id": "123e5711-1ee5-4f7e-ac9c-64c644daaea9", - "alias": "Browser - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "be73b7f5-9a66-487c-b7dd-80e0f7ac0c7c", - "alias": "Direct Grant - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "direct-grant-validate-otp", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "597ca917-91fc-4898-a279-cd592af286e3", - "alias": "First broker login - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "3daadb6b-4d63-4be1-a89e-ec8e41e72afa", - "alias": "Handle Existing Account", - "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-confirm-link", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "Account verification options", - "userSetupAllowed": false - } - ] - }, - { - "id": "5942598c-d7e9-4941-b13e-4a8a75e2c2a3", - "alias": "Reset - Conditional OTP", - "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "reset-otp", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "6e4b336e-eb5f-423c-8d32-4ab94d1122e6", - "alias": "User creation or linking", - "description": "Flow for the existing/non-existing user alternatives", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "create unique user config", - "authenticator": "idp-create-user-if-unique", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "Handle Existing Account", - "userSetupAllowed": false - } - ] - }, - { - "id": "35ac1997-b6af-44ff-ab27-c34f9be32e56", - "alias": "Verify Existing Account by Re-authentication", - "description": "Reauthentication of existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false - } - ] - }, - { - "id": "a3473070-fe69-4de1-a0b2-dd54b8a769d5", - "alias": "browser", - "description": "browser based authentication", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-cookie", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "identity-provider-redirector", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 25, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 30, - "autheticatorFlow": true, - "flowAlias": "forms", - "userSetupAllowed": false - } - ] - }, - { - "id": "cc714857-b114-4df6-9030-b464bbb3964d", - "alias": "clients", - "description": "Base authentication for clients", - "providerId": "client-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "client-secret", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "client-jwt", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "client-secret-jwt", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 30, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "client-x509", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 40, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "0ebe891c-1a72-4842-bf29-a9abe9c2a4d2", - "alias": "direct grant", - "description": "OpenID Connect Resource Owner Grant", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "direct-grant-validate-username", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "direct-grant-validate-password", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 30, - "autheticatorFlow": true, - "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false - } - ] - }, - { - "id": "d97d5579-b3d4-49c4-a60e-0e1e6b1c9d79", - "alias": "docker auth", - "description": "Used by Docker clients to authenticate against the IDP", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "docker-http-basic-authenticator", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "009f7c28-0f41-4237-9911-9091c3d751b7", - "alias": "first broker login", - "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "review profile config", - "authenticator": "idp-review-profile", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "User creation or linking", - "userSetupAllowed": false - } - ] - }, - { - "id": "f9911022-b3cf-4d96-9a96-51bc53c437eb", - "alias": "forms", - "description": "Username, password, otp and other auth forms.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false - } - ] - }, - { - "id": "c53eb19d-49e9-4252-8a10-4d5c6a12e61b", - "alias": "registration", - "description": "registration flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-page-form", - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": true, - "flowAlias": "registration form", - "userSetupAllowed": false - } - ] - }, - { - "id": "3b4f48d3-1706-4630-80e0-e0542780a1f7", - "alias": "registration form", - "description": "registration form", - "providerId": "form-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-user-creation", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "registration-password-action", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 50, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "registration-recaptcha-action", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 60, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "5520aa89-cd76-438a-abae-7ccd3a2d7615", - "alias": "reset credentials", - "description": "Reset credentials for a user if they forgot their password or something", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "reset-credentials-choose-user", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "reset-credential-email", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "reset-password", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 30, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 40, - "autheticatorFlow": true, - "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false - } - ] - }, - { - "id": "cce548d6-9bef-4449-88ea-99b949488fe7", - "alias": "saml ecp", - "description": "SAML ECP Profile Authentication Flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "http-basic-authenticator", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - } - ], - "authenticatorConfig": [ - { - "id": "0848606c-7510-4b09-ba0e-4dc2ef3d63f8", - "alias": "create unique user config", - "config": { - "require.password.update.after.registration": "false" - } - }, - { - "id": "91a8dee7-c679-4202-866e-234eb4164cfd", - "alias": "review profile config", - "config": { - "update.profile.on.first.login": "missing" - } - } - ], - "requiredActions": [ - { - "alias": "CONFIGURE_TOTP", - "name": "Configure OTP", - "providerId": "CONFIGURE_TOTP", - "enabled": true, - "defaultAction": false, - "priority": 10, - "config": {} - }, - { - "alias": "TERMS_AND_CONDITIONS", - "name": "Terms and Conditions", - "providerId": "TERMS_AND_CONDITIONS", - "enabled": false, - "defaultAction": false, - "priority": 20, - "config": {} - }, - { - "alias": "UPDATE_PASSWORD", - "name": "Update Password", - "providerId": "UPDATE_PASSWORD", - "enabled": true, - "defaultAction": false, - "priority": 30, - "config": {} - }, - { - "alias": "UPDATE_PROFILE", - "name": "Update Profile", - "providerId": "UPDATE_PROFILE", - "enabled": true, - "defaultAction": false, - "priority": 40, - "config": {} - }, - { - "alias": "VERIFY_EMAIL", - "name": "Verify Email", - "providerId": "VERIFY_EMAIL", - "enabled": true, - "defaultAction": false, - "priority": 50, - "config": {} - }, - { - "alias": "delete_account", - "name": "Delete Account", - "providerId": "delete_account", - "enabled": false, - "defaultAction": false, - "priority": 60, - "config": {} - }, - { - "alias": "delete_credential", - "name": "Delete Credential", - "providerId": "delete_credential", - "enabled": true, - "defaultAction": false, - "priority": 100, - "config": {} - }, - { - "alias": "update_user_locale", - "name": "Update User Locale", - "providerId": "update_user_locale", - "enabled": true, - "defaultAction": false, - "priority": 1000, - "config": {} - } - ], - "browserFlow": "browser", - "registrationFlow": "registration", - "directGrantFlow": "direct grant", - "resetCredentialsFlow": "reset credentials", - "clientAuthenticationFlow": "clients", - "dockerAuthenticationFlow": "docker auth", - "firstBrokerLoginFlow": "first broker login", - "attributes": { - "cibaBackchannelTokenDeliveryMode": "poll", - "cibaAuthRequestedUserHint": "login_hint", - "clientOfflineSessionMaxLifespan": "0", - "oauth2DevicePollingInterval": "5", - "clientSessionIdleTimeout": "0", - "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5", - "realmReusableOtpCode": "false", - "cibaExpiresIn": "120", - "oauth2DeviceCodeLifespan": "600", - "parRequestUriLifespan": "60", - "clientSessionMaxLifespan": "0", - "organizationsEnabled": "false" - }, - "keycloakVersion": "25.0.0", - "userManagedAccessAllowed": false, - "organizationsEnabled": false, - "clientProfiles": { - "profiles": [] - }, - "clientPolicies": { - "policies": [] - } -} diff --git a/deployments/examples/ocis_keycloak/config/ocis/banned-password-list.txt b/deployments/examples/ocis_keycloak/config/ocis/banned-password-list.txt deleted file mode 100644 index aff7475f22..0000000000 --- a/deployments/examples/ocis_keycloak/config/ocis/banned-password-list.txt +++ /dev/null @@ -1,5 +0,0 @@ -password -12345678 -123 -ownCloud -ownCloud-1 diff --git a/deployments/examples/ocis_keycloak/config/ocis/csp.yaml b/deployments/examples/ocis_keycloak/config/ocis/csp.yaml deleted file mode 100644 index bdd0f60572..0000000000 --- a/deployments/examples/ocis_keycloak/config/ocis/csp.yaml +++ /dev/null @@ -1,37 +0,0 @@ -directives: - child-src: - - '''self''' - connect-src: - - '''self''' - - 'blob:' - - 'https://raw.githubusercontent.com/owncloud/awesome-ocis/' - # In contrary to bash and docker the default is given after the | character - - 'https://${KEYCLOAK_DOMAIN|keycloak.owncloud.test}/' - default-src: - - '''none''' - font-src: - - '''self''' - frame-ancestors: - - '''none''' - frame-src: - - '''self''' - - 'blob:' - - 'https://embed.diagrams.net/' - img-src: - - '''self''' - - 'data:' - - 'blob:' - - 'https://raw.githubusercontent.com/owncloud/awesome-ocis/' - manifest-src: - - '''self''' - media-src: - - '''self''' - object-src: - - '''self''' - - 'blob:' - script-src: - - '''self''' - - '''unsafe-inline''' - style-src: - - '''self''' - - '''unsafe-inline''' diff --git a/deployments/examples/ocis_keycloak/docker-compose.yml b/deployments/examples/ocis_keycloak/docker-compose.yml deleted file mode 100644 index 302cf386aa..0000000000 --- a/deployments/examples/ocis_keycloak/docker-compose.yml +++ /dev/null @@ -1,153 +0,0 @@ ---- -version: "3.7" - -services: - traefik: - image: traefik:v2.9.1 - networks: - ocis-net: - aliases: - - ${OC_DOMAIN:-ocis.owncloud.test} - - ${KEYCLOAK_DOMAIN:-keycloak.owncloud.test} - command: - - "--log.level=${TRAEFIK_LOG_LEVEL:-ERROR}" - # letsencrypt configuration - - "--certificatesResolvers.http.acme.email=${TRAEFIK_ACME_MAIL:-example@example.org}" - - "--certificatesResolvers.http.acme.storage=/certs/acme.json" - - "--certificatesResolvers.http.acme.httpChallenge.entryPoint=http" - # enable dashboard - - "--api.dashboard=true" - # define entrypoints - - "--entryPoints.http.address=:80" - - "--entryPoints.http.http.redirections.entryPoint.to=https" - - "--entryPoints.http.http.redirections.entryPoint.scheme=https" - - "--entryPoints.https.address=:443" - # docker provider (get configuration from container labels) - - "--providers.docker.endpoint=unix:///var/run/docker.sock" - - "--providers.docker.exposedByDefault=false" - # access log - - "--accessLog=true" - - "--accessLog.format=json" - - "--accessLog.fields.headers.names.X-Request-Id=keep" - ports: - - "80:80" - - "443:443" - volumes: - - "${DOCKER_SOCKET_PATH:-/var/run/docker.sock}:/var/run/docker.sock:ro" - - "certs:/certs" - labels: - - "traefik.enable=${TRAEFIK_DASHBOARD:-false}" - - "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_BASIC_AUTH_USERS:-admin:$$apr1$$4vqie50r$$YQAmQdtmz5n9rEALhxJ4l.}" # defaults to admin:admin - - "traefik.http.routers.traefik.entrypoints=https" - - "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)" - - "traefik.http.routers.traefik.middlewares=traefik-auth" - - "traefik.http.routers.traefik.tls.certresolver=http" - - "traefik.http.routers.traefik.service=api@internal" - logging: - driver: ${LOG_DRIVER:-local} - restart: always - - ocis: - image: ${OC_DOCKER_IMAGE:-owncloud/ocis}:${OC_DOCKER_TAG:-latest} - networks: - ocis-net: - entrypoint: - - /bin/sh - # run ocis init to initialize a configuration file with random secrets - # it will fail on subsequent runs, because the config file already exists - # therefore we ignore the error and then start the ocis server - command: ["-c", "ocis init || true; ocis server"] - environment: - # Keycloak IDP specific configuration - PROXY_AUTOPROVISION_ACCOUNTS: "true" - PROXY_ROLE_ASSIGNMENT_DRIVER: "oidc" - OC_OIDC_ISSUER: https://${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}/realms/${KEYCLOAK_REALM:-oCIS} - PROXY_OIDC_REWRITE_WELLKNOWN: "true" - WEB_OIDC_CLIENT_ID: ${OC_OIDC_CLIENT_ID:-web} - # general config - OC_URL: https://${OC_DOMAIN:-ocis.owncloud.test} - OC_LOG_LEVEL: ${OC_LOG_LEVEL:-info} - OC_LOG_COLOR: "${OC_LOG_COLOR:-false}" - PROXY_TLS: "false" # do not use SSL between Traefik and oCIS - PROXY_USER_OIDC_CLAIM: "preferred_username" - PROXY_USER_CS3_CLAIM: "username" - # INSECURE: needed if oCIS / Traefik is using self generated certificates - OC_INSECURE: "${INSECURE:-false}" - OC_ADMIN_USER_ID: "" - OC_EXCLUDE_RUN_SERVICES: "idp" - GRAPH_ASSIGN_DEFAULT_USER_ROLE: "false" - GRAPH_USERNAME_MATCH: "none" - # password policies - OC_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: "banned-password-list.txt" - PROXY_CSP_CONFIG_FILE_LOCATION: /etc/ocis/csp.yaml - KEYCLOAK_DOMAIN: ${KEYCLOAK_DOMAIN:-keycloak.owncloud.test} - volumes: - - ./config/ocis/banned-password-list.txt:/etc/ocis/banned-password-list.txt - - ./config/ocis/csp.yaml:/etc/ocis/csp.yaml - - ocis-config:/etc/ocis - - ocis-data:/var/lib/ocis - labels: - - "traefik.enable=true" - - "traefik.http.routers.ocis.entrypoints=https" - - "traefik.http.routers.ocis.rule=Host(`${OC_DOMAIN:-ocis.owncloud.test}`)" - - "traefik.http.routers.ocis.tls.certresolver=http" - - "traefik.http.routers.ocis.service=ocis" - - "traefik.http.services.ocis.loadbalancer.server.port=9200" - logging: - driver: ${LOG_DRIVER:-local} - restart: always - - postgres: - image: postgres:alpine - networks: - ocis-net: - volumes: - - keycloak_postgres_data:/var/lib/postgresql/data - environment: - POSTGRES_DB: keycloak - POSTGRES_USER: keycloak - POSTGRES_PASSWORD: keycloak - logging: - driver: ${LOG_DRIVER:-local} - restart: always - - keycloak: - image: quay.io/keycloak/keycloak:25.0.0 - networks: - ocis-net: - command: ["start", "--proxy=edge", "--spi-connections-http-client-default-disable-trust-manager=${INSECURE:-false}", "--import-realm"] - entrypoint: ["/bin/sh", "/opt/keycloak/bin/docker-entrypoint-override.sh"] - volumes: - - "./config/keycloak/docker-entrypoint-override.sh:/opt/keycloak/bin/docker-entrypoint-override.sh" - - "./config/keycloak/ocis-realm.dist.json:/opt/keycloak/data/import-dist/ocis-realm.json" - environment: - OC_DOMAIN: ${OC_DOMAIN:-ocis.owncloud.test} - KC_HOSTNAME: ${KEYCLOAK_DOMAIN:-keycloak.owncloud.test} - KC_DB: postgres - KC_DB_URL: "jdbc:postgresql://postgres:5432/keycloak" - KC_DB_USERNAME: keycloak - KC_DB_PASSWORD: keycloak - KC_FEATURES: impersonation - KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN_USER:-admin} - KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD:-admin} - labels: - - "traefik.enable=true" - - "traefik.http.routers.keycloak.entrypoints=https" - - "traefik.http.routers.keycloak.rule=Host(`${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}`)" - - "traefik.http.routers.keycloak.tls.certresolver=http" - - "traefik.http.routers.keycloak.service=keycloak" - - "traefik.http.services.keycloak.loadbalancer.server.port=8080" - depends_on: - - postgres - logging: - driver: ${LOG_DRIVER:-local} - restart: always - -volumes: - certs: - ocis-config: - ocis-data: - keycloak_postgres_data: - -networks: - ocis-net: diff --git a/deployments/examples/ocis_keycloak/monitoring_tracing/docker-compose-additions.yml b/deployments/examples/ocis_keycloak/monitoring_tracing/docker-compose-additions.yml deleted file mode 100644 index d3b9965d8f..0000000000 --- a/deployments/examples/ocis_keycloak/monitoring_tracing/docker-compose-additions.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -version: "3.7" - -services: - ocis: - environment: - # tracing - OC_TRACING_ENABLED: "true" - OC_TRACING_TYPE: "jaeger" - OC_TRACING_ENDPOINT: jaeger-agent:6831 - # metrics - # if oCIS runs as a single process, all /metrics endpoints - # will expose the same metrics, so it's sufficient to query one endpoint - PROXY_DEBUG_ADDR: 0.0.0.0:9205 - -networks: - ocis-net: - external: true diff --git a/deployments/examples/ocis_ldap/.env b/deployments/examples/ocis_ldap/.env deleted file mode 100644 index ac41a7727f..0000000000 --- a/deployments/examples/ocis_ldap/.env +++ /dev/null @@ -1,43 +0,0 @@ -# If you're on a internet facing server please comment out following line. -# It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates. -INSECURE=true - -# The demo users should not be created on a production instance -# because their passwords are public -DEMO_USERS=true - -### Traefik settings ### -# Serve Traefik dashboard. Defaults to "false". -TRAEFIK_DASHBOARD= -# Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test" -TRAEFIK_DOMAIN= -# Basic authentication for the dashboard. Defaults to user "admin" and password "admin" -TRAEFIK_BASIC_AUTH_USERS= -# Email address for obtaining LetsEncrypt certificates, needs only be changed if this is a public facing server -TRAEFIK_ACME_MAIL= - -### oCIS settings ### -# oCIS version. Defaults to "latest" -OC_DOCKER_TAG= -# Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test" -OC_DOMAIN= -# JWT secret which is used for the storage provider. Must be changed in order to have a secure oCIS. Defaults to "Pive-Fumkiu4" -OC_JWT_SECRET= -# JWT secret which is used for uploads to create transfer tokens. Must be changed in order to have a secure oCIS. Defaults to "replace-me-with-a-transfer-secret" -STORAGE_TRANSFER_SECRET= -# Machine auth api key secret. Must be changed in order to have a secure oCIS. Defaults to "change-me-please" -OC_MACHINE_AUTH_API_KEY= - -### LDAP server settings ### -# Password of LDAP user "cn=admin,dc=owncloud,dc=com". Defaults to "admin" -LDAP_ADMIN_PASSWORD= - -### LDAP manager settings ### -# Domain of LDAP manager. Defaults to "ldap.owncloud.test" -LDAP_MANAGER_DOMAIN= - - -# If you want to use debugging and tracing with this stack, -# you need uncomment following line. Please see documentation at -# https://owncloud.dev/ocis/deployment/monitoring-tracing/ -#COMPOSE_FILE=docker-compose.yml:monitoring_tracing/docker-compose-additions.yml diff --git a/deployments/examples/ocis_ldap/README.md b/deployments/examples/ocis_ldap/README.md deleted file mode 100644 index bcdbaeec1c..0000000000 --- a/deployments/examples/ocis_ldap/README.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -document this deployment example in docs/ocis/deployment/ocis_ldap.md ---- - -Please refer to [our documentation](https://owncloud.dev/ocis/deployment/ocis_ldap/) -for instructions on how to deploy this scenario. diff --git a/deployments/examples/ocis_ldap/config/ldap/docker-entrypoint-override.sh b/deployments/examples/ocis_ldap/config/ldap/docker-entrypoint-override.sh deleted file mode 100644 index 3d3f27333b..0000000000 --- a/deployments/examples/ocis_ldap/config/ldap/docker-entrypoint-override.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/bash -printenv - -if [ ! -f /opt/bitnami/openldap/share/openldap.key ] -then - openssl req -x509 -newkey rsa:4096 -keyout /opt/bitnami/openldap/share/openldap.key -out /opt/bitnami/openldap/share/openldap.crt -sha256 -days 365 -batch -nodes -fi -# run original docker-entrypoint -/opt/bitnami/scripts/openldap/entrypoint.sh "$@" diff --git a/deployments/examples/ocis_ldap/config/ldap/ldif/10_base.ldif b/deployments/examples/ocis_ldap/config/ldap/ldif/10_base.ldif deleted file mode 100644 index 8459afb3b2..0000000000 --- a/deployments/examples/ocis_ldap/config/ldap/ldif/10_base.ldif +++ /dev/null @@ -1,13 +0,0 @@ -dn: dc=owncloud,dc=com -objectClass: organization -objectClass: dcObject -dc: owncloud -o: ownCloud - -dn: ou=users,dc=owncloud,dc=com -objectClass: organizationalUnit -ou: users - -dn: ou=groups,dc=owncloud,dc=com -objectClass: organizationalUnit -ou: groups diff --git a/deployments/examples/ocis_ldap/config/ldap/ldif/20_users.ldif b/deployments/examples/ocis_ldap/config/ldap/ldif/20_users.ldif deleted file mode 100644 index 7686146471..0000000000 --- a/deployments/examples/ocis_ldap/config/ldap/ldif/20_users.ldif +++ /dev/null @@ -1,100 +0,0 @@ -# Start dn with uid (user identifier / login), not cn (Firstname + Surname) -dn: uid=einstein,ou=users,dc=owncloud,dc=com -objectClass: inetOrgPerson -objectClass: organizationalPerson -objectClass: ownCloudUser -objectClass: person -objectClass: posixAccount -objectClass: top -uid: einstein -givenName: Albert -sn: Einstein -cn: einstein -displayName: Albert Einstein -description: A German-born theoretical physicist who developed the theory of relativity, one of the two pillars of modern physics (alongside quantum mechanics). -mail: einstein@example.org -uidNumber: 20000 -gidNumber: 30000 -homeDirectory: /home/einstein -ownCloudUUID: 4c510ada-c86b-4815-8820-42cdf82c3d51 -userPassword:: e1NTSEF9TXJEcXpFNGdKbXZxbVRVTGhvWEZ1VzJBbkV3NWFLK3J3WTIvbHc9PQ== - -dn: uid=marie,ou=users,dc=owncloud,dc=com -objectClass: inetOrgPerson -objectClass: organizationalPerson -objectClass: ownCloudUser -objectClass: person -objectClass: posixAccount -objectClass: top -uid: marie -givenName: Marie -sn: Curie -cn: marie -displayName: Marie Skłodowska Curie -description: A Polish and naturalized-French physicist and chemist who conducted pioneering research on radioactivity. -mail: marie@example.org -uidNumber: 20001 -gidNumber: 30000 -homeDirectory: /home/marie -ownCloudUUID: f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c -userPassword:: e1NTSEF9UmFvQWs3TU9jRHBIUWY3bXN3MGhHNnVraFZQWnRIRlhOSUNNZEE9PQ== - -dn: uid=richard,ou=users,dc=owncloud,dc=com -objectClass: inetOrgPerson -objectClass: organizationalPerson -objectClass: ownCloudUser -objectClass: person -objectClass: posixAccount -objectClass: top -uid: richard -givenName: Richard -sn: Feynman -cn: richard -displayName: Richard Phillips Feynman -description: An American theoretical physicist, known for his work in the path integral formulation of quantum mechanics, the theory of quantum electrodynamics, the physics of the superfluidity of supercooled liquid helium, as well as his work in particle physics for which he proposed the parton model. -mail: richard@example.org -uidNumber: 20002 -gidNumber: 30000 -homeDirectory: /home/richard -ownCloudUUID: 932b4540-8d16-481e-8ef4-588e4b6b151c -userPassword:: e1NTSEF9Z05LZTRreHdmOGRUREY5eHlhSmpySTZ3MGxSVUM1d1RGcWROTVE9PQ== - -dn: uid=moss,ou=users,dc=owncloud,dc=com -objectClass: inetOrgPerson -objectClass: organizationalPerson -objectClass: ownCloudUser -objectClass: person -objectClass: posixAccount -objectClass: top -uid: moss -givenName: Maurice -sn: Moss -cn: moss -displayName: Maurice Moss -description: A worker in the IT Department of Reynholm Industries. Of all the working staff in the IT Department, he is the most hard-working, the most experienced, and the most capable of doing his job well. He puts a lot of effort into his work, however he does not get the credit he deserves. -mail: moss@example.org -uidNumber: 20003 -gidNumber: 30000 -homeDirectory: /home/moss -ownCloudUUID: 058bff95-6708-4fe5-91e4-9ea3d377588b -userPassword:: e1NTSEF9N0hEdTRoMkFDVExFWWt4U0RtSDZVQjhmUlpKRExDZDc= - -dn: uid=admin,ou=users,dc=owncloud,dc=com -objectClass: inetOrgPerson -objectClass: organizationalPerson -objectClass: ownCloudUser -objectClass: person -objectClass: posixAccount -objectClass: top -uid: admin -givenName: Admin -sn: Admin -cn: admin -displayName: Admin -description: An admin for this oCIS instance. -mail: admin@example.org -uidNumber: 20004 -gidNumber: 30000 -homeDirectory: /home/admin -ownCloudUUID: ddc2004c-0977-11eb-9d3f-a793888cd0f8 -userPassword:: e1NTSEF9UWhmaFB3dERydTUydURoWFFObDRMbzVIckI3TkI5Nmo= diff --git a/deployments/examples/ocis_ldap/config/ldap/ldif/30_groups.ldif b/deployments/examples/ocis_ldap/config/ldap/ldif/30_groups.ldif deleted file mode 100644 index 9a43b5046c..0000000000 --- a/deployments/examples/ocis_ldap/config/ldap/ldif/30_groups.ldif +++ /dev/null @@ -1,77 +0,0 @@ -dn: cn=users,ou=groups,dc=owncloud,dc=com -objectClass: groupOfNames -objectClass: ownCloud -objectClass: top -cn: users -description: Users -ownCloudUUID: 509a9dcd-bb37-4f4f-a01a-19dca27d9cfa -member: uid=einstein,ou=users,dc=owncloud,dc=com -member: uid=marie,ou=users,dc=owncloud,dc=com -member: uid=richard,ou=users,dc=owncloud,dc=com -member: uid=moss,ou=users,dc=owncloud,dc=com -member: uid=admin,ou=users,dc=owncloud,dc=com - -dn: cn=sailing-lovers,ou=groups,dc=owncloud,dc=com -objectClass: groupOfNames -objectClass: ownCloud -objectClass: top -cn: sailing-lovers -description: Sailing lovers -ownCloudUUID: 6040aa17-9c64-4fef-9bd0-77234d71bad0 -member: uid=einstein,ou=users,dc=owncloud,dc=com - -dn: cn=violin-haters,ou=groups,dc=owncloud,dc=com -objectClass: groupOfNames -objectClass: ownCloud -objectClass: top -cn: violin-haters -description: Violin haters -ownCloudUUID: dd58e5ec-842e-498b-8800-61f2ec6f911f -member: uid=einstein,ou=users,dc=owncloud,dc=com - -dn: cn=radium-lovers,ou=groups,dc=owncloud,dc=com -objectClass: groupOfNames -objectClass: ownCloud -objectClass: top -cn: radium-lovers -description: Radium lovers -ownCloudUUID: 7b87fd49-286e-4a5f-bafd-c535d5dd997a -member: uid=marie,ou=users,dc=owncloud,dc=com - -dn: cn=polonium-lovers,ou=groups,dc=owncloud,dc=com -objectClass: groupOfNames -objectClass: ownCloud -objectClass: top -cn: polonium-lovers -description: Polonium lovers -ownCloudUUID: cedc21aa-4072-4614-8676-fa9165f598ff -member: uid=marie,ou=users,dc=owncloud,dc=com - -dn: cn=quantum-lovers,ou=groups,dc=owncloud,dc=com -objectClass: groupOfNames -objectClass: ownCloud -objectClass: top -cn: quantum-lovers -description: Quantum lovers -ownCloudUUID: a1726108-01f8-4c30-88df-2b1a9d1cba1a -member: uid=richard,ou=users,dc=owncloud,dc=com - -dn: cn=philosophy-haters,ou=groups,dc=owncloud,dc=com -objectClass: groupOfNames -objectClass: ownCloud -objectClass: top -cn: philosophy-haters -description: Philosophy haters -ownCloudUUID: 167cbee2-0518-455a-bfb2-031fe0621e5d -member: uid=richard,ou=users,dc=owncloud,dc=com - -dn: cn=physics-lovers,ou=groups,dc=owncloud,dc=com -objectClass: groupOfNames -objectClass: ownCloud -objectClass: top -cn: physics-lovers -description: Physics lovers -ownCloudUUID: 262982c1-2362-4afa-bfdf-8cbfef64a06e -member: uid=einstein,ou=users,dc=owncloud,dc=com -member: uid=marie,ou=users,dc=owncloud,dc=com -member: uid=richard,ou=users,dc=owncloud,dc=com diff --git a/deployments/examples/ocis_ldap/config/ldap/schemas/10_owncloud_schema.ldif b/deployments/examples/ocis_ldap/config/ldap/schemas/10_owncloud_schema.ldif deleted file mode 100644 index 4da967a41b..0000000000 --- a/deployments/examples/ocis_ldap/config/ldap/schemas/10_owncloud_schema.ldif +++ /dev/null @@ -1,37 +0,0 @@ -# This LDIF files describes the ownCloud schema -dn: cn=owncloud,cn=schema,cn=config -objectClass: olcSchemaConfig -cn: owncloud -olcObjectIdentifier: ownCloudOid 1.3.6.1.4.1.39430 -olcAttributeTypes: ( ownCloudOid:1.1.2 NAME 'ownCloudUUID' - DESC 'A non-reassignable and persistent account ID)' - EQUALITY uuidMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.1.16.1 SINGLE-VALUE ) -olcAttributeTypes: ( ownCloudOid:1.1.3 NAME 'oCExternalIdentity' - DESC 'A triple separated by "$" representing the objectIdentity resource type of the Graph API ( signInType $ issuer $ issuerAssignedId )' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) -olcAttributeTypes: ( ownCloudOid:1.1.4 NAME 'ownCloudUserEnabled' - DESC 'A boolean value indicating if ownCloudUser is enabled' - EQUALITY booleanMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE) -olcAttributeTypes: ( ownCloudOid:1.1.5 NAME 'ownCloudUserType' - DESC 'User type (e.g. Member or Guest)' - EQUALITY caseIgnoreMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) -olcAttributeTypes: ( ownCloudOid:1.1.6 NAME 'ocLastSignInTimestamp' - DESC 'The timestamp of the last sign-in' - EQUALITY generalizedTimeMatch - ORDERING generalizedTimeOrderingMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) -olcObjectClasses: ( ownCloudOid:1.2.1 NAME 'ownCloud' - DESC 'ownCloud LDAP Schema' - AUXILIARY - MAY ( ownCloudUUID ) ) -olcObjectClasses: ( ownCloudOid:1.2.2 NAME 'ownCloudUser' - DESC 'ownCloud User LDAP Schema' - SUP ownCloud - AUXILIARY - MAY ( ocExternalIdentity $ ownCloudUserEnabled $ ownCloudUserType $ ocLastSignInTimestamp) ) diff --git a/deployments/examples/ocis_ldap/config/ocis/banned-password-list.txt b/deployments/examples/ocis_ldap/config/ocis/banned-password-list.txt deleted file mode 100644 index aff7475f22..0000000000 --- a/deployments/examples/ocis_ldap/config/ocis/banned-password-list.txt +++ /dev/null @@ -1,5 +0,0 @@ -password -12345678 -123 -ownCloud -ownCloud-1 diff --git a/deployments/examples/ocis_ldap/docker-compose.yml b/deployments/examples/ocis_ldap/docker-compose.yml deleted file mode 100644 index be3767c3fb..0000000000 --- a/deployments/examples/ocis_ldap/docker-compose.yml +++ /dev/null @@ -1,162 +0,0 @@ ---- -version: "3.7" - -services: - traefik: - image: traefik:v2.9.1 - networks: - ocis-net: - aliases: - - ${OC_DOMAIN:-ocis.owncloud.test} - command: - - "--log.level=${TRAEFIK_LOG_LEVEL:-ERROR}" - # letsencrypt configuration - - "--certificatesResolvers.http.acme.email=${TRAEFIK_ACME_MAIL:-example@example.org}" - - "--certificatesResolvers.http.acme.storage=/certs/acme.json" - - "--certificatesResolvers.http.acme.httpChallenge.entryPoint=http" - # enable dashboard - - "--api.dashboard=true" - # define entrypoints - - "--entryPoints.http.address=:80" - - "--entryPoints.http.http.redirections.entryPoint.to=https" - - "--entryPoints.http.http.redirections.entryPoint.scheme=https" - - "--entryPoints.https.address=:443" - # docker provider (get configuration from container labels) - - "--providers.docker.endpoint=unix:///var/run/docker.sock" - - "--providers.docker.exposedByDefault=false" - # access log - - "--accessLog=true" - - "--accessLog.format=json" - - "--accessLog.fields.headers.names.X-Request-Id=keep" - ports: - - "80:80" - - "443:443" - volumes: - - "${DOCKER_SOCKET_PATH:-/var/run/docker.sock}:/var/run/docker.sock:ro" - - "certs:/certs" - labels: - - "traefik.enable=${TRAEFIK_DASHBOARD:-false}" - - "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_BASIC_AUTH_USERS:-admin:$$apr1$$4vqie50r$$YQAmQdtmz5n9rEALhxJ4l.}" # defaults to admin:admin - - "traefik.http.routers.traefik.entrypoints=https" - - "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)" - - "traefik.http.routers.traefik.middlewares=traefik-auth" - - "traefik.http.routers.traefik.tls.certresolver=http" - - "traefik.http.routers.traefik.service=api@internal" - logging: - driver: ${LOG_DRIVER:-local} - restart: always - - ocis: - image: ${OC_DOCKER_IMAGE:-owncloud/ocis}:${OC_DOCKER_TAG:-latest} - networks: - ocis-net: - depends_on: - - ldap-server - entrypoint: - - /bin/sh - # run ocis init to initialize a configuration file with random secrets - # it will fail on subsequent runs, because the config file already exists - # therefore we ignore the error and then start the ocis server - command: [ "-c", "ocis init || true; ocis server" ] - environment: - # users/groups from ldap - OC_LDAP_URI: ldaps://ldap-server:1636 - OC_LDAP_INSECURE: "true" - OC_LDAP_BIND_DN: "cn=admin,dc=owncloud,dc=com" - OC_LDAP_BIND_PASSWORD: ${LDAP_ADMIN_PASSWORD:-admin} - OC_LDAP_GROUP_BASE_DN: "ou=groups,dc=owncloud,dc=com" - OC_LDAP_GROUP_FILTER: "(objectclass=owncloud)" - OC_LDAP_GROUP_OBJECTCLASS: "groupOfNames" - OC_LDAP_USER_BASE_DN: "ou=users,dc=owncloud,dc=com" - OC_LDAP_USER_FILTER: "(objectclass=owncloud)" - OC_LDAP_USER_OBJECTCLASS: "inetOrgPerson" - LDAP_LOGIN_ATTRIBUTES: "uid" - OC_ADMIN_USER_ID: "ddc2004c-0977-11eb-9d3f-a793888cd0f8" - IDP_LDAP_LOGIN_ATTRIBUTE: "uid" - IDP_LDAP_UUID_ATTRIBUTE: "ownclouduuid" - IDP_LDAP_UUID_ATTRIBUTE_TYPE: binary - GRAPH_LDAP_SERVER_WRITE_ENABLED: "true" # assuming the external ldap is writable - GRAPH_LDAP_REFINT_ENABLED: "true" # osixia has refint enabled. - # OC_RUN_SERVICES specifies to start all services except glauth, idm and accounts. These are replaced by external services - OC_EXCLUDE_RUN_SERVICES: idm - # General oCIS config - OC_URL: https://${OC_DOMAIN:-ocis.owncloud.test} - OC_LOG_LEVEL: ${OC_LOG_LEVEL:-info} - OC_LOG_COLOR: "${OC_LOG_COLOR:-false}" - PROXY_TLS: "false" # do not use SSL between Traefik and oCIS - # INSECURE: needed if oCIS / Traefik is using self generated certificates - OC_INSECURE: "${INSECURE:-false}" - # basic auth (not recommended, but needed for e.g., WebDav clients that do not support OpenID Connect) - PROXY_ENABLE_BASIC_AUTH: "${PROXY_ENABLE_BASIC_AUTH:-false}" - # password policies - OC_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: "banned-password-list.txt" - volumes: - - ./config/ocis/banned-password-list.txt:/etc/ocis/banned-password-list.txt - - ocis-config:/etc/ocis - - ocis-data:/var/lib/ocis - labels: - - "traefik.enable=true" - - "traefik.http.routers.ocis.entrypoints=https" - - "traefik.http.routers.ocis.rule=Host(`${OC_DOMAIN:-ocis.owncloud.test}`)" - - "traefik.http.routers.ocis.tls.certresolver=http" - - "traefik.http.routers.ocis.service=ocis" - - "traefik.http.services.ocis.loadbalancer.server.port=9200" - logging: - driver: ${LOG_DRIVER:-local} - restart: always - - ldap-server: - image: bitnami/openldap:2.6 - networks: - ocis-net: - entrypoint: ["/bin/sh", "/opt/bitnami/scripts/openldap/docker-entrypoint-override.sh", "/opt/bitnami/scripts/openldap/run.sh" ] - environment: - BITNAMI_DEBUG: true - LDAP_TLS_VERIFY_CLIENT: never - LDAP_ENABLE_TLS: "yes" - LDAP_TLS_CA_FILE: /opt/bitnami/openldap/share/openldap.crt - LDAP_TLS_CERT_FILE: /opt/bitnami/openldap/share/openldap.crt - LDAP_TLS_KEY_FILE: /opt/bitnami/openldap/share/openldap.key - LDAP_ROOT: "dc=owncloud,dc=com" - LDAP_ADMIN_PASSWORD: ${LDAP_ADMIN_PASSWORD:-admin} - ports: - - "127.0.0.1:389:1389" - - "127.0.0.1:636:1636" - volumes: - - ./config/ldap/ldif:/ldifs - - ./config/ldap/schemas:/schemas - - ./config/ldap/docker-entrypoint-override.sh:/opt/bitnami/scripts/openldap/docker-entrypoint-override.sh - - ldap-certs:/opt/bitnami/openldap/share - - ldap-data:/bitnami/openldap - logging: - driver: ${LOG_DRIVER:-local} - restart: always - - ldap-manager: - image: osixia/phpldapadmin:latest - networks: - ocis-net: - environment: - PHPLDAPADMIN_LDAP_HOSTS: "#PYTHON2BASH:[{'ldap-server': [{'server': [{'port': 1389}]}]}]" - PHPLDAPADMIN_HTTPS: "false" - labels: - - "traefik.enable=true" - - "traefik.http.routers.ldap-manager.entrypoints=https" - - "traefik.http.routers.ldap-manager.rule=Host(`${LDAP_MANAGER_DOMAIN:-ldap.owncloud.test}`)" - - "traefik.http.routers.ldap-manager.tls.certresolver=http" - - "traefik.http.routers.ldap-manager.service=ldap-manager" - - "traefik.http.services.ldap-manager.loadbalancer.server.port=80" - logging: - driver: ${LOG_DRIVER:-local} - restart: always - -volumes: - certs: - ldap-certs: - ocis-config: - ocis-data: - ldap-data: - - -networks: - ocis-net: diff --git a/deployments/examples/ocis_ldap/monitoring_tracing/docker-compose-additions.yml b/deployments/examples/ocis_ldap/monitoring_tracing/docker-compose-additions.yml deleted file mode 100644 index d3b9965d8f..0000000000 --- a/deployments/examples/ocis_ldap/monitoring_tracing/docker-compose-additions.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -version: "3.7" - -services: - ocis: - environment: - # tracing - OC_TRACING_ENABLED: "true" - OC_TRACING_TYPE: "jaeger" - OC_TRACING_ENDPOINT: jaeger-agent:6831 - # metrics - # if oCIS runs as a single process, all /metrics endpoints - # will expose the same metrics, so it's sufficient to query one endpoint - PROXY_DEBUG_ADDR: 0.0.0.0:9205 - -networks: - ocis-net: - external: true diff --git a/deployments/examples/ocis_full/.env b/deployments/examples/opencloud_full/.env similarity index 75% rename from deployments/examples/ocis_full/.env rename to deployments/examples/opencloud_full/.env index 8beabe8e5d..f2707834a4 100644 --- a/deployments/examples/ocis_full/.env +++ b/deployments/examples/opencloud_full/.env @@ -14,7 +14,7 @@ INSECURE=true # Defaults to "false". TRAEFIK_DASHBOARD= # Domain of Traefik, where you can find the dashboard. -# Defaults to "traefik.owncloud.test" +# Defaults to "traefik.opencloud.test" TRAEFIK_DOMAIN= # Basic authentication for the traefik dashboard. # Defaults to user "admin" and password "admin" (written as: "admin:admin"). @@ -34,76 +34,76 @@ TRAEFIK_ACME_CASERVER= # Beside Traefik, this service must stay enabled. # Disable only for testing purposes. # Note: the leading colon is required to enable the service. -OCIS=:ocis.yml -# The oCIS container image. -# For production releases: "owncloud/ocis" -# For rolling releases: "owncloud/ocis-rolling" +OPENCLOUD=:opencloud.yml +# The opencloud container image. +# For production releases: "opencloud-eu/opencloud" +# For rolling releases: "opencloud-eu/opencloud-rolling" # Defaults to production if not set otherwise -OC_DOCKER_IMAGE=owncloud/ocis-rolling -# The oCIS container version. +OC_DOCKER_IMAGE=opencloud-eu/opencloud +# The openCloud container version. # Defaults to "latest" and points to the latest stable tag. -OC_DOCKER_TAG= -# Domain of oCIS, where you can find the frontend. -# Defaults to "ocis.owncloud.test" +OC_DOCKER_TAG=dev +# Domain of openCloud, where you can find the frontend. +# Defaults to "cloud.opencloud.test" OC_DOMAIN= -# oCIS admin user password. Defaults to "admin". +# openCloud admin user password. Defaults to "admin". ADMIN_PASSWORD= # Demo users should not be created on a production instance, # because their passwords are public. Defaults to "false". -# Also see: https://doc.owncloud.com/ocis/latest/deployment/general/general-info.html#demo-users-and-groups +# Also see: https://doc.opencloud.eu/opencloud/latest/deployment/general/general-info.html#demo-users-and-groups DEMO_USERS= -# Define the oCIS loglevel used. +# Define the openCloud loglevel used. # For more details see: -# https://doc.owncloud.com/ocis/latest/deployment/services/env-vars-special-scope.html +# https://doc.opencloud.eu/opencloud/latest/deployment/services/env-vars-special-scope.html LOG_LEVEL= # Define the kind of logging. # The default log can be read by machines. # Set this to true to make the log human readable. # LOG_PRETTY=true # -# Define the oCIS storage location. Set the paths for config and data to a local path. +# Define the openCloud storage location. Set the paths for config and data to a local path. # Note that especially the data directory can grow big. # Leaving it default stores data in docker internal volumes. # For more details see: -# https://doc.owncloud.com/ocis/next/deployment/general/general-info.html#default-paths -# OC_CONFIG_DIR=/your/local/ocis/config -# OC_DATA_DIR=/your/local/ocis/data +# https://doc.opencloud.eu/opencloud/next/deployment/general/general-info.html#default-paths +# OC_CONFIG_DIR=/your/local/opencloud/config +# OC_DATA_DIR=/your/local/opencloud/data # S3 Storage configuration - optional # Infinite Scale supports S3 storage as primary storage. # Per default, S3 storage is disabled and the local filesystem is used. # To enable S3 storage, uncomment the following line and configure the S3 storage. # For more details see: -# https://doc.owncloud.com/ocis/next/deployment/storage/s3.html +# https://doc.opencloud.eu/opencloud/next/deployment/storage/s3.html # Note: the leading colon is required to enable the service. #S3NG=:s3ng.yml # Configure the S3 storage endpoint. Defaults to "http://minio:9000" for testing purposes. S3NG_ENDPOINT= # S3 region. Defaults to "default". S3NG_REGION= -# S3 access key. Defaults to "ocis" +# S3 access key. Defaults to "opencloud" S3NG_ACCESS_KEY= -# S3 secret. Defaults to "ocis-secret-key" +# S3 secret. Defaults to "opencloud-secret-key" S3NG_SECRET_KEY= -# S3 bucket. Defaults to "ocis" +# S3 bucket. Defaults to "opencloud" S3NG_BUCKET= # # For testing purposes, add local minio S3 storage to the docker-compose file. # The leading colon is required to enable the service. #S3NG_MINIO=:minio.yml -# Minio domain. Defaults to "minio.owncloud.test". +# Minio domain. Defaults to "minio.opencloud.test". MINIO_DOMAIN= # Define SMPT settings if you would like to send Infinite Scale email notifications. # For more details see: -# https://doc.owncloud.com/ocis/latest/deployment/services/s-list/notifications.html +# https://doc.opencloud.eu/opencloud/latest/deployment/services/s-list/notifications.html # NOTE: when configuring Inbucket, these settings have no effect, see inbucket.yml for details. # SMTP host to connect to. SMTP_HOST= # Port of the SMTP host to connect to. SMTP_PORT= # An eMail address that is used for sending Infinite Scale notification eMails -# like "ocis notifications ". +# like "opencloud notifications ". SMTP_SENDER= # Username for the SMTP host to connect to. SMTP_USERNAME= @@ -114,7 +114,7 @@ SMTP_AUTHENTICATION= # Allow insecure connections to the SMTP server. Defaults to false. SMTP_INSECURE= -# Addititional services to be started on ocis startup +# Addititional services to be started on opencloud startup # The following list of services is not startet automatically and must be # manually defined for startup: # IMPORTANT: The notification service is MANDATORY, do not delete! @@ -122,29 +122,29 @@ SMTP_INSECURE= START_ADDITIONAL_SERVICES="notifications" -## oCIS Web Extensions ## -# It is possible to use the oCIS Web Extensions to add custom functionality to the oCIS frontend. -# For more details see https://github.com/owncloud/web-extensions/blob/main/README.md +## openCloud Web Extensions ## +# It is possible to use the openCloud Web Extensions to add custom functionality to the openCloud frontend. +# For more details see https://github.com/opencloud-eu/web-extensions/blob/main/README.md # Note: the leading colon is required to enable the service. # Enable this to create a new named volume #EXTENSIONS=:web_extensions/extensions.yml # Enable the desired extensions by uncommenting the following lines. # Note: the leading colon is required to enable the service. -# Note: if you want to remove a web extension, you must delete the ocis-apps volume. It will be properly recreated on docker compose startup. +# Note: if you want to remove a web extension, you must delete the opencloud-apps volume. It will be properly recreated on docker compose startup. #UNZIP=:web_extensions/unzip.yml #DRAWIO=:web_extensions/drawio.yml #JSONVIEWER=:web_extensions/jsonviewer.yml #PROGRESSBARS=:web_extensions/progressbars.yml #EXTERNALSITES=:web_extensions/externalsites.yml # External Sites needs additional config, see the following files for more details. -# - config/ocis/apps.yaml -# - config/ocis/csp.yaml +# - config/opencloud/apps.yaml +# - config/opencloud/csp.yaml #IMPORTER=:web_extensions/importer.yml # The importer needs additional config, see the following lines for more details. ## The docker image to be used for uppy companion. -# owncloud has built a container with public link import support. +# opencloud has built a container with public link import support. COMPANION_IMAGE= -# Domain of Uppy Companion. Defaults to "companion.owncloud.test". +# Domain of Uppy Companion. Defaults to "companion.opencloud.test". COMPANION_DOMAIN= # Provider settings, see https://uppy.io/docs/companion/#provideroptions for reference. # Empty by default, which disables providers. @@ -157,7 +157,7 @@ COMPANION_ONEDRIVE_SECRET= ### Apache Tika Content Analysis Toolkit ### # Tika (search) is enabled by default, comment if not required. # Note: the leading colon is required to enable the service. -TIKA=:tika.yml +#TIKA=:tika.yml # Set the desired docker image tag or digest. # Defaults to "latest" TIKA_IMAGE= @@ -172,10 +172,10 @@ TIKA_IMAGE= # Note: the leading colon is required to enable the service. COLLABORA=:collabora.yml # Domain of Collabora, where you can find the frontend. -# Defaults to "collabora.owncloud.test" +# Defaults to "collabora.opencloud.test" COLLABORA_DOMAIN= # Domain of the wopiserver which handles OnlyOffice. -# Defaults to "wopiserver.owncloud.test" +# Defaults to "wopiserver.opencloud.test" WOPISERVER_DOMAIN= # Admin user for Collabora. # Defaults to "admin". @@ -199,7 +199,7 @@ COLLABORA_SSL_VERIFICATION=false ### Debugging - Monitoring ### -# Please see documentation at: https://owncloud.dev/ocis/deployment/monitoring-tracing/ +# Please see documentation at: https://opencloud.dev/opencloud/deployment/monitoring-tracing/ # Note: the leading colon is required to enable the service. #MONITORING=:monitoring_tracing/monitoring.yml @@ -217,7 +217,7 @@ CLAMAV_DOCKER_TAG= ### OnlyOffice Settings ### # Note: the leading colon is required to enable the service. #ONLYOFFICE=:onlyoffice.yml -# Domain for OnlyOffice. Defaults to "onlyoffice.owncloud.test". +# Domain for OnlyOffice. Defaults to "onlyoffice.opencloud.test". ONLYOFFICE_DOMAIN= # Domain for the wopiserver which handles OnlyOffice. WOPISERVER_ONLYOFFICE_DOMAIN= @@ -229,7 +229,7 @@ WOPISERVER_ONLYOFFICE_DOMAIN= # Note: the leading colon is required to enable the service. #INBUCKET=:inbucket.yml # email server (in this case inbucket acts as mail catcher). -# Domain for Inbucket. Defaults to "mail.owncloud.test". +# Domain for Inbucket. Defaults to "mail.opencloud.test". INBUCKET_DOMAIN= @@ -237,4 +237,4 @@ INBUCKET_DOMAIN= # This MUST be the last line as it assembles the supplemental compose files to be used. # ALL supplemental configs must be added here, whether commented or not. # Each var must either be empty or contain :path/file.yml -COMPOSE_FILE=docker-compose.yml${OCIS:-}${TIKA:-}${S3NG:-}${S3NG_MINIO:-}${COLLABORA:-}${MONITORING:-}${IMPORTER:-}${CLAMAV:-}${ONLYOFFICE:-}${INBUCKET:-}${EXTENSIONS:-}${UNZIP:-}${DRAWIO:-}${JSONVIEWER:-}${PROGRESSBARS:-}${EXTERNALSITES:-} +COMPOSE_FILE=docker-compose.yml${OPENCLOUD:-}${TIKA:-}${S3NG:-}${S3NG_MINIO:-}${COLLABORA:-}${MONITORING:-}${IMPORTER:-}${CLAMAV:-}${ONLYOFFICE:-}${INBUCKET:-}${EXTENSIONS:-}${UNZIP:-}${DRAWIO:-}${JSONVIEWER:-}${PROGRESSBARS:-}${EXTERNALSITES:-} diff --git a/deployments/examples/ocis_full/README.md b/deployments/examples/opencloud_full/README.md similarity index 92% rename from deployments/examples/ocis_full/README.md rename to deployments/examples/opencloud_full/README.md index a9a42ed672..5cc02e48f2 100644 --- a/deployments/examples/ocis_full/README.md +++ b/deployments/examples/opencloud_full/README.md @@ -1,5 +1,5 @@ --- -document this deployment example in: docs/ocis/deployment/ocis_full.md +document this deployment example in: docs/ocis/deployment/opencloud_full.md --- # Infinite Scale WOPI Deployment Example diff --git a/deployments/examples/ocis_full/clamav.yml b/deployments/examples/opencloud_full/clamav.yml similarity index 82% rename from deployments/examples/ocis_full/clamav.yml rename to deployments/examples/opencloud_full/clamav.yml index ff577fa1b5..4af6d68dce 100644 --- a/deployments/examples/ocis_full/clamav.yml +++ b/deployments/examples/opencloud_full/clamav.yml @@ -1,14 +1,14 @@ --- services: - ocis: + opencloud: environment: ANTIVIRUS_SCANNER_TYPE: "clamav" ANTIVIRUS_CLAMAV_SOCKET: "/var/run/clamav/clamd.sock" - # the antivirus service needs manual startup, see .env and ocis.yaml for START_ADDITIONAL_SERVICES + # the antivirus service needs manual startup, see .env and opencloud.yaml for START_ADDITIONAL_SERVICES # configure the antivirus service POSTPROCESSING_STEPS: "virusscan" # PROXY_TLS is set to "false", the download url has no https - STORAGE_USERS_DATA_GATEWAY_URL: http://ocis:9200/data + STORAGE_USERS_DATA_GATEWAY_URL: http://opencloud:9200/data volumes: - "clamav-socket:/var/run/clamav" @@ -16,7 +16,7 @@ services: image: clamav/clamav:${CLAMAV_DOCKER_TAG:-latest} # release notes: https://blog.clamav.net networks: - ocis-net: + opencloud-net: volumes: - "clamav-socket:/tmp" - "clamav-db:/var/lib/clamav" diff --git a/deployments/examples/ocis_full/collabora.yml b/deployments/examples/opencloud_full/collabora.yml similarity index 78% rename from deployments/examples/ocis_full/collabora.yml rename to deployments/examples/opencloud_full/collabora.yml index 1e7a7f654a..56f866c508 100644 --- a/deployments/examples/ocis_full/collabora.yml +++ b/deployments/examples/opencloud_full/collabora.yml @@ -2,49 +2,49 @@ services: traefik: networks: - ocis-net: + opencloud-net: aliases: - - ${COLLABORA_DOMAIN:-collabora.owncloud.test} - - ${WOPISERVER_DOMAIN:-wopiserver.owncloud.test} - ocis: + - ${COLLABORA_DOMAIN:-collabora.opencloud.test} + - ${WOPISERVER_DOMAIN:-wopiserver.opencloud.test} + opencloud: environment: # make collabora the secure view app FRONTEND_APP_HANDLER_SECURE_VIEW_APP_ADDR: eu.opencloud.api.collaboration.CollaboraOnline GRAPH_AVAILABLE_ROLES: "b1e2218d-eef8-4d4c-b82d-0f1a1b48f3b5,a8d5fe5e-96e3-418d-825b-534dbdf22b99,fb6c3e19-e378-47e5-b277-9732f9de6e21,58c63c02-1d89-4572-916a-870abc5a1b7d,2d00ce52-1fc2-4dbc-8b95-a73b73395f5a,1c996275-f1c9-4e71-abdf-a42f6495e960,312c0871-5ef7-4b3a-85b6-0e4074c64049,aa97fe03-7980-45ac-9e50-b325749fd7e6" collaboration: - image: ${OC_DOCKER_IMAGE:-owncloud/ocis}:${OC_DOCKER_TAG:-latest} + image: ${OC_DOCKER_IMAGE:-opencloud-eu/opencloud}:${OC_DOCKER_TAG:-latest} networks: - ocis-net: + opencloud-net: depends_on: - ocis: + opencloud: condition: service_started collabora: condition: service_healthy entrypoint: - /bin/sh - command: [ "-c", "ocis collaboration server" ] + command: [ "-c", "opencloud collaboration server" ] environment: COLLABORATION_GRPC_ADDR: 0.0.0.0:9301 COLLABORATION_HTTP_ADDR: 0.0.0.0:9300 MICRO_REGISTRY: "nats-js-kv" - MICRO_REGISTRY_ADDRESS: "ocis:9233" - COLLABORATION_WOPI_SRC: https://${WOPISERVER_DOMAIN:-wopiserver.owncloud.test} + MICRO_REGISTRY_ADDRESS: "opencloud:9233" + COLLABORATION_WOPI_SRC: https://${WOPISERVER_DOMAIN:-wopiserver.opencloud.test} COLLABORATION_APP_NAME: "CollaboraOnline" COLLABORATION_APP_PRODUCT: "Collabora" - COLLABORATION_APP_ADDR: https://${COLLABORA_DOMAIN:-collabora.owncloud.test} - COLLABORATION_APP_ICON: https://${COLLABORA_DOMAIN:-collabora.owncloud.test}/favicon.ico + COLLABORATION_APP_ADDR: https://${COLLABORA_DOMAIN:-collabora.opencloud.test} + COLLABORATION_APP_ICON: https://${COLLABORA_DOMAIN:-collabora.opencloud.test}/favicon.ico COLLABORATION_APP_INSECURE: "${INSECURE:-true}" COLLABORATION_CS3API_DATAGATEWAY_INSECURE: "${INSECURE:-true}" COLLABORATION_LOG_LEVEL: ${LOG_LEVEL:-info} - OC_URL: https://${OC_DOMAIN:-ocis.owncloud.test} + OC_URL: https://${OC_DOMAIN:-cloud.opencloud.test} volumes: # configure the .env file to use own paths instead of docker internal volumes - - ${OC_CONFIG_DIR:-ocis-config}:/etc/ocis + - ${OC_CONFIG_DIR:-opencloud-config}:/etc/opencloud labels: - "traefik.enable=true" - "traefik.http.routers.collaboration.entrypoints=https" - - "traefik.http.routers.collaboration.rule=Host(`${WOPISERVER_DOMAIN:-wopiserver.owncloud.test}`)" + - "traefik.http.routers.collaboration.rule=Host(`${WOPISERVER_DOMAIN:-wopiserver.opencloud.test}`)" - "traefik.http.routers.collaboration.tls.certresolver=http" - "traefik.http.routers.collaboration.service=collaboration" - "traefik.http.services.collaboration.loadbalancer.server.port=9300" @@ -56,16 +56,16 @@ services: image: collabora/code:24.04.11.1.1 # release notes: https://www.collaboraonline.com/release-notes/ networks: - ocis-net: + opencloud-net: environment: - aliasgroup1: https://${WOPISERVER_DOMAIN:-wopiserver.owncloud.test}:443 + aliasgroup1: https://${WOPISERVER_DOMAIN:-wopiserver.opencloud.test}:443 DONT_GEN_SSL_CERT: "YES" extra_params: | --o:ssl.enable=${COLLABORA_SSL_ENABLE:-true} \ --o:ssl.ssl_verification=${COLLABORA_SSL_VERIFICATION:-true} \ --o:ssl.termination=true \ --o:welcome.enable=false \ - --o:net.frame_ancestors=${OC_DOMAIN:-ocis.owncloud.test} + --o:net.frame_ancestors=${OC_DOMAIN:-cloud.opencloud.test} username: ${COLLABORA_ADMIN_USER:-admin} password: ${COLLABORA_ADMIN_PASSWORD:-admin} cap_add: @@ -73,7 +73,7 @@ services: labels: - "traefik.enable=true" - "traefik.http.routers.collabora.entrypoints=https" - - "traefik.http.routers.collabora.rule=Host(`${COLLABORA_DOMAIN:-collabora.owncloud.test}`)" + - "traefik.http.routers.collabora.rule=Host(`${COLLABORA_DOMAIN:-collabora.opencloud.test}`)" - "traefik.http.routers.collabora.tls.certresolver=http" - "traefik.http.routers.collabora.service=collabora" - "traefik.http.services.collabora.loadbalancer.server.port=9980" diff --git a/deployments/examples/ocis_full/config/onlyoffice/entrypoint-override.sh b/deployments/examples/opencloud_full/config/onlyoffice/entrypoint-override.sh similarity index 100% rename from deployments/examples/ocis_full/config/onlyoffice/entrypoint-override.sh rename to deployments/examples/opencloud_full/config/onlyoffice/entrypoint-override.sh diff --git a/deployments/examples/ocis_full/config/onlyoffice/local.json b/deployments/examples/opencloud_full/config/onlyoffice/local.json similarity index 100% rename from deployments/examples/ocis_full/config/onlyoffice/local.json rename to deployments/examples/opencloud_full/config/onlyoffice/local.json diff --git a/deployments/examples/ocis_full/config/ocis/app-registry.yaml b/deployments/examples/opencloud_full/config/opencloud/app-registry.yaml similarity index 100% rename from deployments/examples/ocis_full/config/ocis/app-registry.yaml rename to deployments/examples/opencloud_full/config/opencloud/app-registry.yaml diff --git a/deployments/examples/ocis_full/config/ocis/apps.yaml b/deployments/examples/opencloud_full/config/opencloud/apps.yaml similarity index 100% rename from deployments/examples/ocis_full/config/ocis/apps.yaml rename to deployments/examples/opencloud_full/config/opencloud/apps.yaml diff --git a/deployments/examples/oc10_ocis_parallel/config/ocis/banned-password-list.txt b/deployments/examples/opencloud_full/config/opencloud/banned-password-list.txt similarity index 100% rename from deployments/examples/oc10_ocis_parallel/config/ocis/banned-password-list.txt rename to deployments/examples/opencloud_full/config/opencloud/banned-password-list.txt diff --git a/deployments/examples/ocis_full/config/ocis/csp.yaml b/deployments/examples/opencloud_full/config/opencloud/csp.yaml similarity index 59% rename from deployments/examples/ocis_full/config/ocis/csp.yaml rename to deployments/examples/opencloud_full/config/opencloud/csp.yaml index b8e5813d3d..2fd38c938f 100644 --- a/deployments/examples/ocis_full/config/ocis/csp.yaml +++ b/deployments/examples/opencloud_full/config/opencloud/csp.yaml @@ -4,9 +4,9 @@ directives: connect-src: - '''self''' - 'blob:' - - 'https://${COMPANION_DOMAIN|companion.owncloud.test}/' - - 'wss://${COMPANION_DOMAIN|companion.owncloud.test}/' - - 'https://raw.githubusercontent.com/owncloud/awesome-ocis/' + - 'https://${COMPANION_DOMAIN|companion.opencloud.test}/' + - 'wss://${COMPANION_DOMAIN|companion.opencloud.test}/' + - 'https://raw.githubusercontent.com/opencloud/awesome-apps/' default-src: - '''none''' font-src: @@ -18,18 +18,18 @@ directives: - 'blob:' - 'https://embed.diagrams.net/' # In contrary to bash and docker the default is given after the | character - - 'https://${ONLYOFFICE_DOMAIN|onlyoffice.owncloud.test}/' - - 'https://${COLLABORA_DOMAIN|collabora.owncloud.test}/' + - 'https://${ONLYOFFICE_DOMAIN|onlyoffice.opencloud.test}/' + - 'https://${COLLABORA_DOMAIN|collabora.opencloud.test}/' # This is needed for the external-sites web extension when embedding sites - - 'https://owncloud.dev' + - 'https://opencloud.dev' img-src: - '''self''' - 'data:' - 'blob:' - - 'https://raw.githubusercontent.com/owncloud/awesome-ocis/' + - 'https://raw.githubusercontent.com/opencloud/awesome-apps/' # In contrary to bash and docker the default is given after the | character - - 'https://${ONLYOFFICE_DOMAIN|onlyoffice.owncloud.test}/' - - 'https://${COLLABORA_DOMAIN|collabora.owncloud.test}/' + - 'https://${ONLYOFFICE_DOMAIN|onlyoffice.opencloud.test}/' + - 'https://${COLLABORA_DOMAIN|collabora.opencloud.test}/' manifest-src: - '''self''' media-src: diff --git a/deployments/examples/ocis_full/debug-collaboration-collabora.yml b/deployments/examples/opencloud_full/debug-collaboration-collabora.yml similarity index 82% rename from deployments/examples/ocis_full/debug-collaboration-collabora.yml rename to deployments/examples/opencloud_full/debug-collaboration-collabora.yml index 0ba450a73c..272128656d 100644 --- a/deployments/examples/ocis_full/debug-collaboration-collabora.yml +++ b/deployments/examples/opencloud_full/debug-collaboration-collabora.yml @@ -2,7 +2,7 @@ services: collaboration: - command: [ "-c", "dlv --listen=:40000 --headless=true --continue --check-go-version=false --api-version=2 --accept-multiclient exec /usr/bin/ocis collaboration server" ] + command: [ "-c", "dlv --listen=:40000 --headless=true --continue --check-go-version=false --api-version=2 --accept-multiclient exec /usr/bin/opencloud collaboration server" ] environment: COLLABORATION_LOG_LEVEL: debug ports: diff --git a/deployments/examples/ocis_full/debug-collaboration-onlyoffice.yml b/deployments/examples/opencloud_full/debug-collaboration-onlyoffice.yml similarity index 82% rename from deployments/examples/ocis_full/debug-collaboration-onlyoffice.yml rename to deployments/examples/opencloud_full/debug-collaboration-onlyoffice.yml index ce6e7aa7f8..452fae66e1 100644 --- a/deployments/examples/ocis_full/debug-collaboration-onlyoffice.yml +++ b/deployments/examples/opencloud_full/debug-collaboration-onlyoffice.yml @@ -2,7 +2,7 @@ services: collaboration-oo: - command: [ "-c", "dlv --listen=:40002 --headless=true --continue --check-go-version=false --api-version=2 --accept-multiclient exec /usr/bin/ocis collaboration server" ] + command: [ "-c", "dlv --listen=:40002 --headless=true --continue --check-go-version=false --api-version=2 --accept-multiclient exec /usr/bin/opencloud collaboration server" ] environment: COLLABORATION_LOG_LEVEL: debug ports: diff --git a/deployments/examples/opencloud_full/debug-ocis.yml b/deployments/examples/opencloud_full/debug-ocis.yml new file mode 100644 index 0000000000..1304597ba9 --- /dev/null +++ b/deployments/examples/opencloud_full/debug-ocis.yml @@ -0,0 +1,7 @@ +--- +services: + + opencloud: + command: [ "-c", "opencloud init || true; dlv --listen=:40000 --headless=true --continue --check-go-version=false --api-version=2 --accept-multiclient exec /usr/bin/opencloud server" ] + ports: + - 40000:40000 diff --git a/deployments/examples/ocis_full/docker-compose.yml b/deployments/examples/opencloud_full/docker-compose.yml similarity index 97% rename from deployments/examples/ocis_full/docker-compose.yml rename to deployments/examples/opencloud_full/docker-compose.yml index 5e9df42c32..99179f58aa 100644 --- a/deployments/examples/ocis_full/docker-compose.yml +++ b/deployments/examples/opencloud_full/docker-compose.yml @@ -4,7 +4,7 @@ services: image: traefik:v3.3.1 # release notes: https://github.com/traefik/traefik/releases networks: - ocis-net: + opencloud-net: command: - "--log.level=${TRAEFIK_LOG_LEVEL:-ERROR}" # letsencrypt configuration @@ -42,7 +42,7 @@ services: # defaults to admin:admin - "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_BASIC_AUTH_USERS:-admin:$$apr1$$4vqie50r$$YQAmQdtmz5n9rEALhxJ4l.}" - "traefik.http.routers.traefik.entrypoints=https" - - "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)" + - "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:-traefik.opencloud.test}`)" - "traefik.http.routers.traefik.middlewares=traefik-auth" - "traefik.http.routers.traefik.tls.certresolver=http" - "traefik.http.routers.traefik.service=api@internal" @@ -54,4 +54,4 @@ volumes: certs: networks: - ocis-net: + opencloud-net: diff --git a/deployments/examples/ocis_full/inbucket.yml b/deployments/examples/opencloud_full/inbucket.yml similarity index 86% rename from deployments/examples/ocis_full/inbucket.yml rename to deployments/examples/opencloud_full/inbucket.yml index d4a89e235a..276b668575 100644 --- a/deployments/examples/ocis_full/inbucket.yml +++ b/deployments/examples/opencloud_full/inbucket.yml @@ -1,11 +1,11 @@ --- services: - ocis: + opencloud: environment: NOTIFICATIONS_SMTP_HOST: inbucket NOTIFICATIONS_SMTP_PORT: 2500 - NOTIFICATIONS_SMTP_SENDER: oCIS notifications - NOTIFICATIONS_SMTP_USERNAME: notifications@${OC_DOMAIN:-ocis.owncloud.test} + NOTIFICATIONS_SMTP_SENDER: oCIS notifications + NOTIFICATIONS_SMTP_USERNAME: notifications@${OC_DOMAIN:-cloud.opencloud.test} # the mail catcher uses self signed certificates NOTIFICATIONS_SMTP_INSECURE: "true" @@ -13,7 +13,7 @@ services: image: inbucket/inbucket # changelog: https://github.com/inbucket/inbucket/blob/main/CHANGELOG.md networks: - - ocis-net + - opencloud-net entrypoint: - /bin/sh command: [ "-c", "apk add openssl; openssl req -subj '/CN=inbucket.test' -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout /tmp/server.key -out /tmp/server.crt; /start-inbucket.sh" ] @@ -25,7 +25,7 @@ services: labels: - "traefik.enable=true" - "traefik.http.routers.inbucket.entrypoints=https" - - "traefik.http.routers.inbucket.rule=Host(`${INBUCKET_DOMAIN:-mail.owncloud.test}`)" + - "traefik.http.routers.inbucket.rule=Host(`${INBUCKET_DOMAIN:-mail.opencloud.test}`)" - "traefik.http.routers.inbucket.tls.certresolver=http" - "traefik.http.routers.inbucket.service=inbucket" - "traefik.http.services.inbucket.loadbalancer.server.port=9000" diff --git a/deployments/examples/ocis_full/minio.yml b/deployments/examples/opencloud_full/minio.yml similarity index 71% rename from deployments/examples/ocis_full/minio.yml rename to deployments/examples/opencloud_full/minio.yml index fb650aba93..41e5be94c1 100644 --- a/deployments/examples/ocis_full/minio.yml +++ b/deployments/examples/opencloud_full/minio.yml @@ -4,23 +4,23 @@ services: image: minio/minio:latest # release notes: https://github.com/minio/minio/releases networks: - ocis-net: + opencloud-net: entrypoint: - /bin/sh command: [ "-c", - "mkdir -p /data/${S3NG_BUCKET:-ocis-bucket} && minio server --console-address ':9001' /data", + "mkdir -p /data/${S3NG_BUCKET:-opencloud-bucket} && minio server --console-address ':9001' /data", ] volumes: - minio-data:/data environment: - MINIO_ACCESS_KEY: ${S3NG_ACCESS_KEY:-ocis} - MINIO_SECRET_KEY: ${S3NG_SECRET_KEY:-ocis-secret-key} + MINIO_ACCESS_KEY: ${S3NG_ACCESS_KEY:-opencloud} + MINIO_SECRET_KEY: ${S3NG_SECRET_KEY:-opencloud-secret-key} labels: - "traefik.enable=true" - "traefik.http.routers.minio.entrypoints=https" - - "traefik.http.routers.minio.rule=Host(`${MINIO_DOMAIN:-minio.owncloud.test}`)" + - "traefik.http.routers.minio.rule=Host(`${MINIO_DOMAIN:-minio.opencloud.test}`)" - "traefik.http.routers.minio.tls.certresolver=http" - "traefik.http.routers.minio.service=minio" - "traefik.http.services.minio.loadbalancer.server.port=9001" diff --git a/deployments/examples/ocis_full/monitoring_tracing/monitoring-oo.yml b/deployments/examples/opencloud_full/monitoring_tracing/monitoring-oo.yml similarity index 95% rename from deployments/examples/ocis_full/monitoring_tracing/monitoring-oo.yml rename to deployments/examples/opencloud_full/monitoring_tracing/monitoring-oo.yml index cc883dc354..0ead76a5dc 100644 --- a/deployments/examples/ocis_full/monitoring_tracing/monitoring-oo.yml +++ b/deployments/examples/opencloud_full/monitoring_tracing/monitoring-oo.yml @@ -1,7 +1,7 @@ --- services: - ocis: + opencloud: environment: # tracing OC_TRACING_ENABLED: "true" @@ -22,5 +22,5 @@ services: COLLABORATION_DEBUG_ADDR: 0.0.0.0:9304 networks: - ocis-net: + opencloud-net: external: true diff --git a/deployments/examples/ocis_full/monitoring_tracing/monitoring.yml b/deployments/examples/opencloud_full/monitoring_tracing/monitoring.yml similarity index 95% rename from deployments/examples/ocis_full/monitoring_tracing/monitoring.yml rename to deployments/examples/opencloud_full/monitoring_tracing/monitoring.yml index 7258a2d9e5..a8b0eed8d2 100644 --- a/deployments/examples/ocis_full/monitoring_tracing/monitoring.yml +++ b/deployments/examples/opencloud_full/monitoring_tracing/monitoring.yml @@ -1,7 +1,7 @@ --- services: - ocis: + opencloud: environment: # tracing OC_TRACING_ENABLED: "true" @@ -22,5 +22,5 @@ services: COLLABORATION_DEBUG_ADDR: 0.0.0.0:9304 networks: - ocis-net: + opencloud-net: external: true diff --git a/deployments/examples/ocis_full/onlyoffice.yml b/deployments/examples/opencloud_full/onlyoffice.yml similarity index 80% rename from deployments/examples/ocis_full/onlyoffice.yml rename to deployments/examples/opencloud_full/onlyoffice.yml index 7d55b2081a..0e8aa54a91 100644 --- a/deployments/examples/ocis_full/onlyoffice.yml +++ b/deployments/examples/opencloud_full/onlyoffice.yml @@ -2,45 +2,45 @@ services: traefik: networks: - ocis-net: + opencloud-net: aliases: - - ${ONLYOFFICE_DOMAIN:-onlyoffice.owncloud.test} - - ${WOPISERVER_ONLYOFFICE_DOMAIN:-wopiserver-oo.owncloud.test} + - ${ONLYOFFICE_DOMAIN:-onlyoffice.opencloud.test} + - ${WOPISERVER_ONLYOFFICE_DOMAIN:-wopiserver-oo.opencloud.test} collaboration-oo: - image: ${OC_DOCKER_IMAGE:-owncloud/ocis}:${OC_DOCKER_TAG:-latest} + image: ${OC_DOCKER_IMAGE:-opencloud-eu/opencloud}:${OC_DOCKER_TAG:-latest} networks: - ocis-net: + opencloud-net: depends_on: - ocis: + opencloud: condition: service_started onlyoffice: condition: service_healthy entrypoint: - /bin/sh - command: [ "-c", "ocis collaboration server" ] + command: [ "-c", "opencloud collaboration server" ] environment: COLLABORATION_GRPC_ADDR: 0.0.0.0:9301 COLLABORATION_HTTP_ADDR: 0.0.0.0:9300 MICRO_REGISTRY: "nats-js-kv" - MICRO_REGISTRY_ADDRESS: "ocis:9233" - COLLABORATION_WOPI_SRC: https://${WOPISERVER_ONLYOFFICE_DOMAIN:-wopiserver-oo.owncloud.test} + MICRO_REGISTRY_ADDRESS: "opencloud:9233" + COLLABORATION_WOPI_SRC: https://${WOPISERVER_ONLYOFFICE_DOMAIN:-wopiserver-oo.opencloud.test} COLLABORATION_APP_NAME: "OnlyOffice" COLLABORATION_APP_PRODUCT: "OnlyOffice" - COLLABORATION_APP_ADDR: https://${ONLYOFFICE_DOMAIN:-onlyoffice.owncloud.test} - COLLABORATION_APP_ICON: https://${ONLYOFFICE_DOMAIN:-onlyoffice.owncloud.test}/web-apps/apps/documenteditor/main/resources/img/favicon.ico + COLLABORATION_APP_ADDR: https://${ONLYOFFICE_DOMAIN:-onlyoffice.opencloud.test} + COLLABORATION_APP_ICON: https://${ONLYOFFICE_DOMAIN:-onlyoffice.opencloud.test}/web-apps/apps/documenteditor/main/resources/img/favicon.ico COLLABORATION_APP_INSECURE: "${INSECURE:-true}" COLLABORATION_CS3API_DATAGATEWAY_INSECURE: "${INSECURE:-true}" COLLABORATION_LOG_LEVEL: ${LOG_LEVEL:-info} COLLABORATION_APP_PROOF_DISABLE: "true" - OC_URL: https://${OC_DOMAIN:-ocis.owncloud.test} + OC_URL: https://${OC_DOMAIN:-cloud.opencloud.test} volumes: # configure the .env file to use own paths instead of docker internal volumes - - ${OC_CONFIG_DIR:-ocis-config}:/etc/ocis + - ${OC_CONFIG_DIR:-opencloud-config}:/etc/opencloud labels: - "traefik.enable=true" - "traefik.http.routers.collaboration-oo.entrypoints=https" - - "traefik.http.routers.collaboration-oo.rule=Host(`${WOPISERVER_ONLYOFFICE_DOMAIN:-wopiserver-oo.owncloud.test}`)" + - "traefik.http.routers.collaboration-oo.rule=Host(`${WOPISERVER_ONLYOFFICE_DOMAIN:-wopiserver-oo.opencloud.test}`)" - "traefik.http.routers.collaboration-oo.tls.certresolver=http" - "traefik.http.routers.collaboration-oo.service=collaboration-oo" - "traefik.http.services.collaboration-oo.loadbalancer.server.port=9300" @@ -54,7 +54,7 @@ services: image: onlyoffice/documentserver:8.2.2 # changelog https://github.com/ONLYOFFICE/DocumentServer/releases networks: - ocis-net: + opencloud-net: entrypoint: - /bin/sh - /entrypoint-override.sh @@ -72,7 +72,7 @@ services: labels: - "traefik.enable=true" - "traefik.http.routers.onlyoffice.entrypoints=https" - - "traefik.http.routers.onlyoffice.rule=Host(`${ONLYOFFICE_DOMAIN:-onlyoffice.owncloud.test}`)" + - "traefik.http.routers.onlyoffice.rule=Host(`${ONLYOFFICE_DOMAIN:-onlyoffice.opencloud.test}`)" - "traefik.http.routers.onlyoffice.tls.certresolver=http" - "traefik.http.routers.onlyoffice.service=onlyoffice" - "traefik.http.services.onlyoffice.loadbalancer.server.port=80" diff --git a/deployments/examples/ocis_full/ocis.yml b/deployments/examples/opencloud_full/opencloud.yml similarity index 55% rename from deployments/examples/ocis_full/ocis.yml rename to deployments/examples/opencloud_full/opencloud.yml index 91726ab074..0183b07f01 100644 --- a/deployments/examples/ocis_full/ocis.yml +++ b/deployments/examples/opencloud_full/opencloud.yml @@ -2,25 +2,25 @@ services: traefik: networks: - ocis-net: + opencloud-net: aliases: - - ${OC_DOMAIN:-ocis.owncloud.test} - ocis: - image: ${OC_DOCKER_IMAGE:-owncloud/ocis}:${OC_DOCKER_TAG:-latest} - # changelog: https://github.com/owncloud/ocis/tree/master/changelog - # release notes: https://doc.owncloud.com/ocis_release_notes.html + - ${OC_DOMAIN:-cloud.opencloud.test} + opencloud: + image: ${OC_DOCKER_IMAGE:-opencloud-eu/opencloud}:${OC_DOCKER_TAG:-latest} + # changelog: https://github.com/opencloud-eu/opencloud/tree/master/changelog + # release notes: https://doc.owncloud.com/opencloud_release_notes.html networks: - ocis-net: + opencloud-net: entrypoint: - /bin/sh - # run ocis init to initialize a configuration file with random secrets + # run opencloud init to initialize a configuration file with random secrets # it will fail on subsequent runs, because the config file already exists - # therefore we ignore the error and then start the ocis server - command: ["-c", "ocis init || true; ocis server"] + # therefore we ignore the error and then start the opencloud server + command: ["-c", "opencloud init || true; opencloud server"] environment: # enable services that are not started automatically OC_ADD_RUN_SERVICES: ${START_ADDITIONAL_SERVICES} - OC_URL: https://${OC_DOMAIN:-ocis.owncloud.test} + OC_URL: https://${OC_DOMAIN:-cloud.opencloud.test} OC_LOG_LEVEL: ${LOG_LEVEL:-info} OC_LOG_COLOR: "${LOG_PRETTY:-false}" OC_LOG_PRETTY: "${LOG_PRETTY:-false}" @@ -39,38 +39,38 @@ services: # email server (if configured) NOTIFICATIONS_SMTP_HOST: "${SMTP_HOST}" NOTIFICATIONS_SMTP_PORT: "${SMTP_PORT}" - NOTIFICATIONS_SMTP_SENDER: "${SMTP_SENDER:-oCIS notifications }" + NOTIFICATIONS_SMTP_SENDER: "${SMTP_SENDER:-oCIS notifications }" NOTIFICATIONS_SMTP_USERNAME: "${SMTP_USERNAME}" NOTIFICATIONS_SMTP_INSECURE: "${SMTP_INSECURE}" # make the registry available to the app provider containers MICRO_REGISTRY_ADDRESS: 127.0.0.1:9233 NATS_NATS_HOST: 0.0.0.0 NATS_NATS_PORT: 9233 - PROXY_CSP_CONFIG_FILE_LOCATION: /etc/ocis/csp.yaml + PROXY_CSP_CONFIG_FILE_LOCATION: /etc/opencloud/csp.yaml # these three vars are needed to the csp config file to include the web office apps and the importer - COLLABORA_DOMAIN: ${COLLABORA_DOMAIN:-collabora.owncloud.test} - ONLYOFFICE_DOMAIN: ${ONLYOFFICE_DOMAIN:-onlyoffice.owncloud.test} - COMPANION_DOMAIN: ${COMPANION_DOMAIN:-companion.owncloud.test} + COLLABORA_DOMAIN: ${COLLABORA_DOMAIN:-collabora.opencloud.test} + ONLYOFFICE_DOMAIN: ${ONLYOFFICE_DOMAIN:-onlyoffice.opencloud.test} + COMPANION_DOMAIN: ${COMPANION_DOMAIN:-companion.opencloud.test} # enable to allow using the banned passwords list OC_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: banned-password-list.txt volumes: - - ./config/ocis/app-registry.yaml:/etc/ocis/app-registry.yaml - - ./config/ocis/csp.yaml:/etc/ocis/csp.yaml - - ./config/ocis/banned-password-list.txt:/etc/ocis/banned-password-list.txt + - ./config/opencloud/app-registry.yaml:/etc/opencloud/app-registry.yaml + - ./config/opencloud/csp.yaml:/etc/opencloud/csp.yaml + - ./config/opencloud/banned-password-list.txt:/etc/opencloud/banned-password-list.txt # configure the .env file to use own paths instead of docker internal volumes - - ${OC_CONFIG_DIR:-ocis-config}:/etc/ocis - - ${OC_DATA_DIR:-ocis-data}:/var/lib/ocis + - ${OC_CONFIG_DIR:-opencloud-config}:/etc/opencloud + - ${OC_DATA_DIR:-opencloud-data}:/var/lib/opencloud labels: - "traefik.enable=true" - - "traefik.http.routers.ocis.entrypoints=https" - - "traefik.http.routers.ocis.rule=Host(`${OC_DOMAIN:-ocis.owncloud.test}`)" - - "traefik.http.routers.ocis.tls.certresolver=http" - - "traefik.http.routers.ocis.service=ocis" - - "traefik.http.services.ocis.loadbalancer.server.port=9200" + - "traefik.http.routers.opencloud.entrypoints=https" + - "traefik.http.routers.opencloud.rule=Host(`${OC_DOMAIN:-cloud.opencloud.test}`)" + - "traefik.http.routers.opencloud.tls.certresolver=http" + - "traefik.http.routers.opencloud.service=opencloud" + - "traefik.http.services.opencloud.loadbalancer.server.port=9200" logging: driver: ${LOG_DRIVER:-local} restart: always volumes: - ocis-config: - ocis-data: + opencloud-config: + opencloud-data: diff --git a/deployments/examples/opencloud_full/s3ng.yml b/deployments/examples/opencloud_full/s3ng.yml new file mode 100644 index 0000000000..d9f9fec309 --- /dev/null +++ b/deployments/examples/opencloud_full/s3ng.yml @@ -0,0 +1,14 @@ +--- +services: + opencloud: + environment: + # activate s3ng storage driver + STORAGE_USERS_DRIVER: s3ng + # keep system data on opencloud storage since this are only small files atm + STORAGE_SYSTEM_DRIVER: ocis + # s3ng specific settings + STORAGE_USERS_S3NG_ENDPOINT: ${S3NG_ENDPOINT:-http://minio:9000} + STORAGE_USERS_S3NG_REGION: ${S3NG_REGION:-default} + STORAGE_USERS_S3NG_ACCESS_KEY: ${S3NG_ACCESS_KEY:-opencloud} + STORAGE_USERS_S3NG_SECRET_KEY: ${S3NG_SECRET_KEY:-opencloud-secret-key} + STORAGE_USERS_S3NG_BUCKET: ${S3NG_BUCKET:-opencloud-bucket} diff --git a/deployments/examples/ocis_full/tika.yml b/deployments/examples/opencloud_full/tika.yml similarity index 91% rename from deployments/examples/ocis_full/tika.yml rename to deployments/examples/opencloud_full/tika.yml index 70206a3f02..081f2876b5 100644 --- a/deployments/examples/ocis_full/tika.yml +++ b/deployments/examples/opencloud_full/tika.yml @@ -4,12 +4,12 @@ services: image: ${TIKA_IMAGE:-apache/tika:latest-full} # release notes: https://tika.apache.org networks: - ocis-net: + opencloud-net: restart: always logging: driver: ${LOG_DRIVER:-local} - ocis: + opencloud: environment: # fulltext search SEARCH_EXTRACTOR_TYPE: tika diff --git a/deployments/examples/ocis_full/web_extensions/drawio.yml b/deployments/examples/opencloud_full/web_extensions/drawio.yml similarity index 71% rename from deployments/examples/ocis_full/web_extensions/drawio.yml rename to deployments/examples/opencloud_full/web_extensions/drawio.yml index 4aa56ed869..c2e635cbbe 100644 --- a/deployments/examples/ocis_full/web_extensions/drawio.yml +++ b/deployments/examples/opencloud_full/web_extensions/drawio.yml @@ -1,15 +1,15 @@ --- services: - ocis: + opencloud: depends_on: drawio-init: condition: service_completed_successfully drawio-init: - image: owncloud/web-extensions:draw-io-0.3.0 + image: opencloud-eu/web-extensions:draw-io-0.3.0 user: root volumes: - - ocis-apps:/apps + - opencloud-apps:/apps entrypoint: - /bin/sh command: ["-c", "cp -R /var/lib/nginx/html/draw-io/ /apps"] diff --git a/deployments/examples/opencloud_full/web_extensions/extensions.yml b/deployments/examples/opencloud_full/web_extensions/extensions.yml new file mode 100644 index 0000000000..babeebc04f --- /dev/null +++ b/deployments/examples/opencloud_full/web_extensions/extensions.yml @@ -0,0 +1,7 @@ +services: + opencloud: + volumes: + - opencloud-apps:/var/lib/opencloud/web/assets/apps + +volumes: + opencloud-apps: diff --git a/deployments/examples/ocis_full/web_extensions/externalsites.yml b/deployments/examples/opencloud_full/web_extensions/externalsites.yml similarity index 71% rename from deployments/examples/ocis_full/web_extensions/externalsites.yml rename to deployments/examples/opencloud_full/web_extensions/externalsites.yml index a002f9d9b9..db1b57fd95 100644 --- a/deployments/examples/ocis_full/web_extensions/externalsites.yml +++ b/deployments/examples/opencloud_full/web_extensions/externalsites.yml @@ -1,15 +1,15 @@ --- services: - ocis: + opencloud: depends_on: externalsites-init: condition: service_completed_successfully externalsites-init: - image: owncloud/web-extensions:external-sites-0.3.0 + image: opencloud-eu/web-extensions:external-sites-0.3.0 user: root volumes: - - ocis-apps:/apps + - opencloud-apps:/apps entrypoint: - /bin/sh command: ["-c", "cp -R /var/lib/nginx/html/external-sites/ /apps"] diff --git a/deployments/examples/ocis_full/web_extensions/importer.yml b/deployments/examples/opencloud_full/web_extensions/importer.yml similarity index 70% rename from deployments/examples/ocis_full/web_extensions/importer.yml rename to deployments/examples/opencloud_full/web_extensions/importer.yml index d062d358b3..114a101b5c 100644 --- a/deployments/examples/ocis_full/web_extensions/importer.yml +++ b/deployments/examples/opencloud_full/web_extensions/importer.yml @@ -2,37 +2,37 @@ services: traefik: networks: - ocis-net: + opencloud-net: aliases: - - ${COMPANION_DOMAIN:-companion.owncloud.test} - ocis: + - ${COMPANION_DOMAIN:-companion.opencloud.test} + opencloud: volumes: # the cloud importer needs to be enabled in the web.yaml - - ./config/ocis/apps.yaml:/etc/ocis/apps.yaml + - ./config/opencloud/apps.yaml:/etc/opencloud/apps.yaml depends_on: importer-init: condition: service_completed_successfully importer-init: - image: owncloud/web-extensions:importer-0.1.0 + image: opencloud-eu/web-extensions:importer-0.3.0 user: root volumes: - - ocis-apps:/apps + - opencloud-apps:/apps entrypoint: - /bin/sh command: [ "-c", "cp -R /var/lib/nginx/html/importer/ /apps" ] companion: - image: ${COMPANION_IMAGE:-owncloud/uppy-companion:3.12.13-owncloud} + image: ${COMPANION_IMAGE:-transloadit/companion:5.5.0} networks: - - ocis-net + - opencloud-net environment: NODE_ENV: production NODE_TLS_REJECT_UNAUTHORIZED: 0 COMPANION_DATADIR: /tmp/companion/ - COMPANION_DOMAIN: ${COMPANION_DOMAIN:-companion.owncloud.test} + COMPANION_DOMAIN: ${COMPANION_DOMAIN:-companion.opencloud.test} COMPANION_PROTOCOL: https - COMPANION_UPLOAD_URLS: "^https://${OC_DOMAIN:-ocis.owncloud.test}/" + COMPANION_UPLOAD_URLS: "^https://${OC_DOMAIN:-cloud.opencloud.test}/" COMPANION_ONEDRIVE_KEY: "${COMPANION_ONEDRIVE_KEY}" COMPANION_ONEDRIVE_SECRET: "${COMPANION_ONEDRIVE_SECRET}" volumes: @@ -40,7 +40,7 @@ services: labels: - "traefik.enable=true" - "traefik.http.routers.companion.entrypoints=https" - - "traefik.http.routers.companion.rule=Host(`${COMPANION_DOMAIN:-companion.owncloud.test}`)" + - "traefik.http.routers.companion.rule=Host(`${COMPANION_DOMAIN:-companion.opencloud.test}`)" - "traefik.http.routers.companion.tls.certresolver=http" - "traefik.http.routers.companion.service=companion" - "traefik.http.services.companion.loadbalancer.server.port=3020" diff --git a/deployments/examples/ocis_full/web_extensions/jsonviewer.yml b/deployments/examples/opencloud_full/web_extensions/jsonviewer.yml similarity index 71% rename from deployments/examples/ocis_full/web_extensions/jsonviewer.yml rename to deployments/examples/opencloud_full/web_extensions/jsonviewer.yml index 3e4ee9e917..a482d7861b 100644 --- a/deployments/examples/ocis_full/web_extensions/jsonviewer.yml +++ b/deployments/examples/opencloud_full/web_extensions/jsonviewer.yml @@ -1,15 +1,15 @@ --- services: - ocis: + opencloud: depends_on: jsonviewer-init: condition: service_completed_successfully jsonviewer-init: - image: owncloud/web-extensions:json-viewer-0.3.0 + image: opencloud-eu/web-extensions:json-viewer-0.3.0 user: root volumes: - - ocis-apps:/apps + - opencloud-apps:/apps entrypoint: - /bin/sh command: ["-c", "cp -R /var/lib/nginx/html/json-viewer/ /apps"] diff --git a/deployments/examples/ocis_full/web_extensions/progressbars.yml b/deployments/examples/opencloud_full/web_extensions/progressbars.yml similarity index 79% rename from deployments/examples/ocis_full/web_extensions/progressbars.yml rename to deployments/examples/opencloud_full/web_extensions/progressbars.yml index 32315fbeea..668a7a867c 100644 --- a/deployments/examples/ocis_full/web_extensions/progressbars.yml +++ b/deployments/examples/opencloud_full/web_extensions/progressbars.yml @@ -1,12 +1,12 @@ --- services: - ocis: + opencloud: depends_on: progressbars-init: condition: service_completed_successfully progressbars-init: - image: owncloud/web-extensions:progress-bars-0.3.0 + image: opencloud-eu/web-extensions:progress-bars-0.3.0 user: root volumes: - ocis-apps:/apps diff --git a/deployments/examples/ocis_full/web_extensions/unzip.yml b/deployments/examples/opencloud_full/web_extensions/unzip.yml similarity index 71% rename from deployments/examples/ocis_full/web_extensions/unzip.yml rename to deployments/examples/opencloud_full/web_extensions/unzip.yml index 78a7ffe307..5bb0db1e24 100644 --- a/deployments/examples/ocis_full/web_extensions/unzip.yml +++ b/deployments/examples/opencloud_full/web_extensions/unzip.yml @@ -1,15 +1,15 @@ --- services: - ocis: + opencloud: depends_on: unzip-init: condition: service_completed_successfully unzip-init: - image: owncloud/web-extensions:unzip-0.4.0 + image: opencloud-eu/web-extensions:unzip-0.4.0 user: root volumes: - - ocis-apps:/apps + - opencloud-apps:/apps entrypoint: - /bin/sh command: ["-c", "cp -R /var/lib/nginx/html/unzip/ /apps"] diff --git a/docs/ocis/deployment/ocis_full.md b/docs/ocis/deployment/ocis_full.md index 15a5daa043..88b4851d6d 100644 --- a/docs/ocis/deployment/ocis_full.md +++ b/docs/ocis/deployment/ocis_full.md @@ -4,7 +4,7 @@ date: 2024-06-25T00:00:00+01:00 weight: 24 geekdocRepo: https://github.com/owncloud/ocis geekdocEditPath: edit/master/docs/ocis/deployment -geekdocFilePath: ocis_full.md +geekdocFilePath: opencloud_full.md --- {{< toc >}} diff --git a/pkg/version/version.go b/pkg/version/version.go index 4ed64b996a..ce9ac69078 100644 --- a/pkg/version/version.go +++ b/pkg/version/version.go @@ -16,7 +16,7 @@ var ( // LatestTag is the latest released version plus the dev meta version. // Will be overwritten by the release pipeline // Needs a manual change for every tagged release - LatestTag = "7.0.0+dev" + LatestTag = "0.1.0+dev" // Date indicates the build date. // This has been removed, it looks like you can only replace static strings with recent go versions