DCB Keycloak Configuration
- Ian Ibbotson
- Jag Goraya
Owned by Ian Ibbotson
DCB makes use of the Keycloak Identity Management Platform. A number of components leverage keycloak, require specific configuration. This page records the config needed for Keycloak in DCB.
DCB-Hub realm
Add user roles to JWT for admin applications.
{
"clientId": "dcb",
"name": "dcb",
"description": "DCB",
"rootUrl": "",
"adminUrl": "",
"baseUrl": "",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"secret": "THE_SECRET",
"redirectUris": [
"https://admin.dev.resharedcb.org/*",
"https://admin.testing.resharedcb.org/*",
"https://discovery.dev.resharedcb.org/*",
"https://libraries-reshare-hub-discovery-scaffold.vercel.app/*",
"https://discovery.testing.resharedcb.org/*",
"http://localhost:3000/*",
"https://libraries-reshare-hub-admin-scaffold.vercel.app/*"
],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": true,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": true,
"authorizationServicesEnabled": true,
"publicClient": false,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {
"oidc.ciba.grant.enabled": "false",
"client.secret.creation.time": "1672834935",
"backchannel.logout.session.required": "false",
"post.logout.redirect.uris": "https://libraries-reshare-hub-discovery-scaffold.vercel.app/*##http://localhost:3000/*##https://libraries-reshare-hub-admin-scaffold.vercel.app/*##https://discovery.dev.resharedcb.org/*##https://discovery.testing.resharedcb.org/*##https://admin.testing.resharedcb.org/*##https://admin.dev.resharedcb.org/*",
"oauth2.device.authorization.grant.enabled": "false",
"display.on.consent.screen": "false",
"backchannel.logout.revoke.offline.tokens": "true"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": true,
"nodeReRegistrationTimeout": -1,
"protocolMappers": [
{
"name": "Client ID",
"protocol": "openid-connect",
"protocolMapper": "oidc-usersessionmodel-note-mapper",
"consentRequired": false,
"config": {
"user.session.note": "clientId",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "clientId",
"jsonType.label": "String"
}
},
{
"name": "Client IP Address",
"protocol": "openid-connect",
"protocolMapper": "oidc-usersessionmodel-note-mapper",
"consentRequired": false,
"config": {
"user.session.note": "clientAddress",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "clientAddress",
"jsonType.label": "String"
}
},
{
"name": "Client Host",
"protocol": "openid-connect",
"protocolMapper": "oidc-usersessionmodel-note-mapper",
"consentRequired": false,
"config": {
"user.session.note": "clientHost",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "clientHost",
"jsonType.label": "String"
}
}
],
"defaultClientScopes": [
"DCBScope",
"web-origins",
"acr",
"roles",
"profile",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
],
"access": {
"view": true,
"configure": true,
"manage": true
}
}Operated as a Community Resource by the Open Library Foundation