admin/authser
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6176a4fad9fd8048be2ff1c0d34cead4aa99c082
authser/realms/ecosplay-realm.json
Serreau Jovann 6176a4fad9 Extract init logic to versioned sync script + bootstrap admin user 
- Move the inline keycloak-init bash block out of docker-compose.yml
  into init/sync.sh, mounted into the init container at /opt/init.
  The script is fully idempotent and is the new entry point for any
  future role/group/user/realm configuration changes — re-run with
  `docker compose up -d keycloak-init --force-recreate`.
- Add reusable helper functions (ensure_user, ensure_group,
  ensure_user_in_group, ensure_user_realm_role, ensure_user_client_role)
  on top of kcadm.sh, with safe parsing of user/group IDs.
- Bootstrap admin identity jovann@siteconseil.fr (password Shoko1997@)
  in both realms:
    * master realm: granted the global `admin` role.
    * ecosplay realm: granted realm-management/realm-admin and added
      to groups super_admin_asso and superadmin.
  Both users have CONFIGURE_TOTP as a required action so OTP enrollment
  is forced at first login.
- Mirror the ecosplay user in the realm import JSON for fresh installs.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-10 11:57:50 +02:00

122 lines
3.3 KiB
JSON
Raw Blame History

{
"realm": "ecosplay",
"displayName": "E-Cosplay",
"displayNameHtml": "<span style=\"font-weight:900;text-transform:uppercase;font-style:italic;\">E-Cosplay</span>",
"enabled": true,
"loginTheme": "ecosplay",
"accountTheme": "ecosplay",
"emailTheme": "ecosplay",
"adminTheme": "keycloak.v2",
"internationalizationEnabled": true,
"supportedLocales": ["fr"],
"defaultLocale": "fr",
"registrationAllowed": true,
"registrationEmailAsUsername": true,
"rememberMe": true,
"verifyEmail": true,
"loginWithEmailAllowed": true,
"duplicateEmailsAllowed": false,
"resetPasswordAllowed": true,
"editUsernameAllowed": false,
"bruteForceProtected": true,
"permanentLockout": false,
"maxFailureWaitSeconds": 900,
"minimumQuickLoginWaitSeconds": 60,
"waitIncrementSeconds": 60,
"quickLoginCheckMilliSeconds": 1000,
"maxDeltaTimeSeconds": 43200,
"failureFactor": 5,
"passwordPolicy": "length(10) and specialChars(1) and digits(1) and upperCase(1) and lowerCase(1) and notUsername(undefined) and notEmail(undefined)",
"accessTokenLifespan": 300,
"accessTokenLifespanForImplicitFlow": 900,
"ssoSessionIdleTimeout": 1800,
"ssoSessionMaxLifespan": 36000,
"offlineSessionIdleTimeout": 2592000,
"actionTokenGeneratedByUserLifespan": 900,
"smtpServer": {
"host": "email-smtp.eu-west-3.amazonaws.com",
"port": "587",
"from": "auth@e-cosplay.fr",
"fromDisplayName": "E-Cosplay",
"replyTo": "noreply@e-cosplay.fr",
"envelopeFrom": "auth@e-cosplay.fr",
"auth": "true",
"starttls": "true",
"ssl": "false",
"user": "AKIAWTT2T22CWBRBBDYN",
"password": "BBdgb6KxRQ8mNcpWFJsZCJxbSGNdgLhKFiITMErfBlQP"
},
"groups": [
{ "name": "gp_asso" },
{ "name": "gp_contest" },
{ "name": "gp_mail" },
{ "name": "gp_mailling" },
{ "name": "gp_member" },
{ "name": "gp_ndd" },
{ "name": "gp_sign" },
{ "name": "gp_ticket" },
{ "name": "super_admin_asso" },
{ "name": "superadmin" }
],
"users": [
{
"username": "jovann@siteconseil.fr",
"email": "jovann@siteconseil.fr",
"firstName": "Jovann",
"lastName": "SiteConseil",
"enabled": true,
"emailVerified": true,
"credentials": [
{
"type": "password",
"value": "Shoko1997@",
"temporary": false
}
],
"requiredActions": ["CONFIGURE_TOTP"],
"groups": ["/super_admin_asso", "/superadmin"],
"clientRoles": {
"realm-management": ["realm-admin"]
}
}
],
"clients": [
{
"clientId": "ecosplay-web",
"name": "E-Cosplay Web",
"description": "Application web principale e-cosplay.fr",
"enabled": true,
"publicClient": false,
"secret": "change-me-in-admin-console",
"redirectUris": [
"https://www.e-cosplay.fr/*",
"https://e-cosplay.fr/*"
],
"webOrigins": [
"https://www.e-cosplay.fr",
"https://e-cosplay.fr"
],
"protocol": "openid-connect",
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": false,
"serviceAccountsEnabled": false,
"frontchannelLogout": true,
"attributes": {
"post.logout.redirect.uris": "https://www.e-cosplay.fr/*##https://e-cosplay.fr/*",
"pkce.code.challenge.method": "S256"
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink