DCB Keycloak Configuration

DCB makes use of the Keycloak Identity Management Platform. A number of components leverage keycloak, require specific configuration. This page records the config needed for Keycloak in DCB.

DCB-Hub realm

 

Add user roles to JWT for admin applications.

 

 

{ "clientId": "dcb", "name": "dcb", "description": "DCB", "rootUrl": "", "adminUrl": "", "baseUrl": "", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "secret": "THE_SECRET", "redirectUris": [ "https://admin.dev.resharedcb.org/*", "https://admin.testing.resharedcb.org/*", "https://discovery.dev.resharedcb.org/*", "https://libraries-reshare-hub-discovery-scaffold.vercel.app/*", "https://discovery.testing.resharedcb.org/*", "http://localhost:3000/*", "https://libraries-reshare-hub-admin-scaffold.vercel.app/*" ], "webOrigins": [], "notBefore": 0, "bearerOnly": false, "consentRequired": false, "standardFlowEnabled": true, "implicitFlowEnabled": true, "directAccessGrantsEnabled": true, "serviceAccountsEnabled": true, "authorizationServicesEnabled": true, "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { "oidc.ciba.grant.enabled": "false", "client.secret.creation.time": "1672834935", "backchannel.logout.session.required": "false", "post.logout.redirect.uris": "https://libraries-reshare-hub-discovery-scaffold.vercel.app/*##http://localhost:3000/*##https://libraries-reshare-hub-admin-scaffold.vercel.app/*##https://discovery.dev.resharedcb.org/*##https://discovery.testing.resharedcb.org/*##https://admin.testing.resharedcb.org/*##https://admin.dev.resharedcb.org/*", "oauth2.device.authorization.grant.enabled": "false", "display.on.consent.screen": "false", "backchannel.logout.revoke.offline.tokens": "true" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": true, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { "name": "Client ID", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "clientId", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "clientId", "jsonType.label": "String" } }, { "name": "Client IP Address", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "clientAddress", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "clientAddress", "jsonType.label": "String" } }, { "name": "Client Host", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "clientHost", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "clientHost", "jsonType.label": "String" } } ], "defaultClientScopes": [ "DCBScope", "web-origins", "acr", "roles", "profile", "email" ], "optionalClientScopes": [ "address", "phone", "offline_access", "microprofile-jwt" ], "access": { "view": true, "configure": true, "manage": true } }

Operated as a Community Resource by the Open Library Foundation