Added Grafana client config to Keycloak
This commit is contained in:
Richard Robert Reitz
parent
ce6c51eea9
commit
65c5321ce6
1 changed files with 76 additions and 0 deletions
|
|
@ -181,6 +181,82 @@ data:
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
grafana-client-payload.json: |
|
||||||
|
{
|
||||||
|
"clientId": "grafana-oauth",
|
||||||
|
"name": "grafana-oauth",
|
||||||
|
"description": "Used for Grafana SSO",
|
||||||
|
"rootUrl": "https://{{{ .Env.DOMAIN }}}/grafana",
|
||||||
|
"adminUrl": "https://{{{ .Env.DOMAIN }}}/grafana",
|
||||||
|
"baseUrl": "https://{{{ .Env.DOMAIN }}}/grafana",
|
||||||
|
"surrogateAuthRequired": false,
|
||||||
|
"enabled": true,
|
||||||
|
"alwaysDisplayInConsole": false,
|
||||||
|
"clientAuthenticatorType": "client-secret",
|
||||||
|
"secret": "aQ1UV9Z6ZuLBwrgw8vV9ijf6LA95yMZL",
|
||||||
|
"redirectUris": [
|
||||||
|
"http://{{{ .Env.DOMAIN }}}/grafana/*"
|
||||||
|
],
|
||||||
|
"webOrigins": [
|
||||||
|
"https://{{{ .Env.DOMAIN }}}/grafana"
|
||||||
|
],
|
||||||
|
"notBefore": 0,
|
||||||
|
"bearerOnly": false,
|
||||||
|
"consentRequired": false,
|
||||||
|
"standardFlowEnabled": true,
|
||||||
|
"implicitFlowEnabled": false,
|
||||||
|
"directAccessGrantsEnabled": true,
|
||||||
|
"serviceAccountsEnabled": false,
|
||||||
|
"publicClient": false,
|
||||||
|
"frontchannelLogout": true,
|
||||||
|
"protocol": "openid-connect",
|
||||||
|
"attributes": {
|
||||||
|
"oidc.ciba.grant.enabled": "false",
|
||||||
|
"backchannel.logout.session.required": "true",
|
||||||
|
"display.on.consent.screen": "false",
|
||||||
|
"oauth2.device.authorization.grant.enabled": "false",
|
||||||
|
"backchannel.logout.revoke.offline.tokens": "false"
|
||||||
|
},
|
||||||
|
"authenticationFlowBindingOverrides": {},
|
||||||
|
"fullScopeAllowed": true,
|
||||||
|
"nodeReRegistrationTimeout": -1,
|
||||||
|
"protocolMappers": [
|
||||||
|
{
|
||||||
|
"name": "client roles",
|
||||||
|
"protocol": "openid-connect",
|
||||||
|
"protocolMapper": "oidc-usermodel-client-role-mapper",
|
||||||
|
"consentRequired": false,
|
||||||
|
"config": {
|
||||||
|
"multivalued": "true",
|
||||||
|
"userinfo.token.claim": "false",
|
||||||
|
"user.attribute": "foo",
|
||||||
|
"id.token.claim": "true",
|
||||||
|
"access.token.claim": "true",
|
||||||
|
"claim.name": "resource_access.${client_id}.roles",
|
||||||
|
"jsonType.label": "String"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"defaultClientScopes": [
|
||||||
|
"web-origins",
|
||||||
|
"acr",
|
||||||
|
"roles",
|
||||||
|
"offline_access",
|
||||||
|
"profile",
|
||||||
|
"email"
|
||||||
|
],
|
||||||
|
"optionalClientScopes": [
|
||||||
|
"address",
|
||||||
|
"phone",
|
||||||
|
"microprofile-jwt"
|
||||||
|
],
|
||||||
|
"access": {
|
||||||
|
"view": true,
|
||||||
|
"configure": true,
|
||||||
|
"manage": true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
---
|
---
|
||||||
apiVersion: batch/v1
|
apiVersion: batch/v1
|
||||||
kind: Job
|
kind: Job
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue