zammad-client-secure.json 3.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128
  1. {
  2. "clientId": "#KEYCLOAK_ZAMMAD_BASE_URL/auth/saml/metadata",
  3. "name": "Zammad",
  4. "description": "",
  5. "rootUrl": "",
  6. "adminUrl": "",
  7. "baseUrl": "",
  8. "surrogateAuthRequired": false,
  9. "enabled": true,
  10. "alwaysDisplayInConsole": false,
  11. "clientAuthenticatorType": "client-secret",
  12. "secret": "**********",
  13. "redirectUris": [
  14. "#KEYCLOAK_ZAMMAD_BASE_URL/auth/saml/callback"
  15. ],
  16. "webOrigins": [
  17. "#KEYCLOAK_ZAMMAD_BASE_URL"
  18. ],
  19. "notBefore": 0,
  20. "bearerOnly": false,
  21. "consentRequired": false,
  22. "standardFlowEnabled": true,
  23. "implicitFlowEnabled": false,
  24. "directAccessGrantsEnabled": false,
  25. "serviceAccountsEnabled": false,
  26. "publicClient": false,
  27. "frontchannelLogout": true,
  28. "protocol": "saml",
  29. "attributes": {
  30. "saml.assertion.signature": "true",
  31. "client.secret.creation.time": "1697048024",
  32. "saml.force.post.binding": "true",
  33. "saml.encrypt": "true",
  34. "post.logout.redirect.uris": "+",
  35. "saml_assertion_consumer_url_post": "#KEYCLOAK_ZAMMAD_BASE_URL/auth/saml/callback",
  36. "saml.server.signature": "false",
  37. "saml.server.signature.keyinfo.ext": "false",
  38. "saml.signing.certificate": "#KEYCLOAK_ZAMMAD_CERTIFICATE",
  39. "saml.artifact.binding.identifier": "NzG42pzk2nEJxq+Sj8jqpxslW0Q=",
  40. "saml_single_logout_service_url_redirect": "#KEYCLOAK_ZAMMAD_BASE_URL/auth/saml/slo",
  41. "saml.artifact.binding": "false",
  42. "saml.signature.algorithm": "RSA_SHA256",
  43. "saml_force_name_id_format": "false",
  44. "saml.client.signature": "true",
  45. "saml.encryption.certificate": "#KEYCLOAK_ZAMMAD_CERTIFICATE",
  46. "saml.authnstatement": "true",
  47. "display.on.consent.screen": "false",
  48. "saml_name_id_format": "email",
  49. "saml.allow.ecp.flow": "false",
  50. "saml_signature_canonicalization_method": "http://www.w3.org/2001/10/xml-exc-c14n#",
  51. "saml.onetimeuse.condition": "false",
  52. "saml.server.signature.keyinfo.xmlSigKeyInfoKeyNameTransformer": "NONE"
  53. },
  54. "authenticationFlowBindingOverrides": {},
  55. "fullScopeAllowed": true,
  56. "nodeReRegistrationTimeout": -1,
  57. "protocolMappers": [
  58. {
  59. "name": "uid",
  60. "protocol": "saml",
  61. "protocolMapper": "saml-user-attribute-mapper",
  62. "consentRequired": false,
  63. "config": {
  64. "user.attribute": "uid",
  65. "aggregate.attrs": "false",
  66. "friendly.name": "Unique Identifier",
  67. "attribute.name": "uid"
  68. }
  69. },
  70. {
  71. "name": "email",
  72. "protocol": "saml",
  73. "protocolMapper": "saml-user-attribute-mapper",
  74. "consentRequired": false,
  75. "config": {
  76. "attribute.nameformat": "Basic",
  77. "user.attribute": "email",
  78. "friendly.name": "Email address",
  79. "attribute.name": "email"
  80. }
  81. },
  82. {
  83. "name": "name",
  84. "protocol": "saml",
  85. "protocolMapper": "saml-user-attribute-mapper",
  86. "consentRequired": false,
  87. "config": {
  88. "attribute.nameformat": "Basic",
  89. "user.attribute": "username",
  90. "friendly.name": "Full name",
  91. "attribute.name": "name"
  92. }
  93. },
  94. {
  95. "name": "first_name",
  96. "protocol": "saml",
  97. "protocolMapper": "saml-user-attribute-mapper",
  98. "consentRequired": false,
  99. "config": {
  100. "attribute.nameformat": "Basic",
  101. "user.attribute": "firstName",
  102. "friendly.name": "Given name",
  103. "attribute.name": "first_name"
  104. }
  105. },
  106. {
  107. "name": "last_name",
  108. "protocol": "saml",
  109. "protocolMapper": "saml-user-attribute-mapper",
  110. "consentRequired": false,
  111. "config": {
  112. "attribute.nameformat": "Basic",
  113. "user.attribute": "lastName",
  114. "friendly.name": "Family name",
  115. "attribute.name": "last_name"
  116. }
  117. }
  118. ],
  119. "defaultClientScopes": [
  120. "role_list"
  121. ],
  122. "optionalClientScopes": [],
  123. "access": {
  124. "view": true,
  125. "configure": true,
  126. "manage": true
  127. }
  128. }