This is an automated email from the ASF dual-hosted git repository.
davsclaus pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/main by this push:
new 15dabc178fc CAMEL-21811: camel-oauth - Prefer Ingress over TLS
configured on Keycloak directly (#17415)
15dabc178fc is described below
commit 15dabc178fc08d9fc9df1aff8caa9ca65b10bdb7
Author: Thomas Diesler <tdies...@redhat.com>
AuthorDate: Fri Mar 14 07:22:35 2025 +0100
CAMEL-21811: camel-oauth - Prefer Ingress over TLS configured on Keycloak
directly (#17415)
---
components/camel-oauth/README.md | 74 +-
components/camel-oauth/helm/Chart.yaml | 2 +-
components/camel-oauth/helm/etc/camel-realm.json | 2270 ++------------------
components/camel-oauth/helm/etc/cluster.crt | 34 +
components/camel-oauth/helm/etc/cluster.key | 52 +
components/camel-oauth/helm/etc/keycloak.crt | 33 -
components/camel-oauth/helm/etc/keycloak.key | 52 -
components/camel-oauth/helm/etc/san.cnf | 5 +-
.../helm/{Chart.yaml => scripts/functions.sh} | 21 +-
.../helm/scripts/simple_kafka_config.sh | 120 ++
components/camel-oauth/helm/scripts/start.sh | 42 +
components/camel-oauth/helm/templates/kafka.yaml | 176 ++
.../camel-oauth/helm/templates/keycloak.yaml | 75 +-
.../{Chart.yaml => templates/traefik-secret.yaml} | 24 +-
components/camel-oauth/helm/templates/whoami.yaml | 93 +
.../helm/{Chart.yaml => values-kafka.yaml} | 10 +-
.../{Chart.yaml => values-traefik-secret.yaml} | 8 +-
.../helm/{Chart.yaml => values-whoami.yaml} | 9 +-
18 files changed, 862 insertions(+), 2238 deletions(-)
diff --git a/components/camel-oauth/README.md b/components/camel-oauth/README.md
index 73e5b09951c..690c1b4f5da 100644
--- a/components/camel-oauth/README.md
+++ b/components/camel-oauth/README.md
@@ -21,33 +21,49 @@ Respective jbang projects live
[here|https://github.com/tdiesler/camel-cloud-exa
For Kafka we use strimzi kafka-oauth-client directly, which is documented
[here|https://github.com/tdiesler/camel-cloud-examples/blob/main/camel-main/kafka-oauth/kafka-oauth-route.yaml].
-## Keycloak as the Identity Provider
+## Ingress with Traefik
+
+An Identity Provider should only be accessed with transport layer security
(TLS) in place. This is in the nature
+of communicating privacy/security sensitive data over any communication
channel.
+
+Therefore, we place Keycloak behind an TLS terminating proxy (Traefik). It has
the advantage that any traffic
+(i.e. not only for Keycloak) can be secured at ingress level.
+
+https://doc.traefik.io/traefik/
-Currently, we use Keycloak as OIDC Provider - Hashicorp Vault is underway.
+```
+helm repo add traefik https://traefik.github.io/charts
+helm repo update
+helm install traefik traefik/traefik
+```
-### Keycloak Certificate
+## Ingress TLS Certificate
```
# Generate TLS Certificate
-openssl req -x509 -newkey rsa:4096 -keyout ./helm/etc/keycloak.key -out
./helm/etc/keycloak.crt -days 365 -nodes -config ./helm/etc/san.cnf
+openssl req -x509 -newkey rsa:4096 -keyout ./helm/etc/cluster.key -out
./helm/etc/cluster.crt -days 365 -nodes -config ./helm/etc/san.cnf
# Import TLS Certificate to Java Keystore (i.e. trust the certificate)
-sudo keytool -import -alias keycloak -file ./helm/etc/keycloak.crt -keystore
$JAVA_HOME/lib/security/cacerts -storepass changeit
+sudo keytool -import -alias keycloak -file ./helm/etc/cluster.crt -keystore
$JAVA_HOME/lib/security/cacerts -storepass changeit
# Remove TLS Certificate from Java Keystore
sudo keytool -delete -alias keycloak -keystore $JAVA_HOME/lib/security/cacerts
-storepass changeit
```
-### Keycloak on Kubernetes
+### Verify with TLS access
-Deploy Keycloak as Identity Provider
+```
+helm upgrade --install traefik-secret ./helm -f
./helm/values-traefik-secret.yaml
+helm upgrade --install whoami ./helm -f ./helm/values-whoami.yaml
+```
-Admin: admin/admin
-User: alice/alice
+https://cluster.local/who
+
+## Keycloak as the Identity Provider
-https://keycloak.local:30443/
+Currently, we use Keycloak as OIDC Provider - Hashicorp Vault is underway.
-Host 'keycloak.local' should be mapped (/etc/hosts) to your local k8s IP
+Keycloak can be configured/deployed via Helm like this...
```
kubectl config use-context docker-desktop \
@@ -58,12 +74,17 @@ kubectl config use-context docker-desktop \
helm uninstall keycloak
```
+https://keycloak.local/kc
+
+Admin: admin/admin
+User: alice/alice
+
### Keycloak Admin Tasks
-Run this when realm 'camel' if not already imported
+Create realm 'camel' if not already imported
```
-kcadm config credentials --server https://keycloak.local:30443 --realm master
--user admin --password admin
+kcadm config credentials --server https://keycloak.local/kc --realm master
--user admin --password admin
kcadm create realms -s realm=camel -s enabled=true
@@ -92,10 +113,35 @@ kcadm set-password -r camel --userid=${userid}
--new-password alice
kcadm delete realms/camel -r master
```
-Show client/user configuration
+Show realm, client, user configuration
```
+kcadm get realms | jq -r '.[] | select(.realm=="camel")'
+
kcadm get clients -r camel | jq -r '.[] | select(.clientId=="camel-client")'
kcadm get users -r camel | jq -r '.[] | select(.username=="alice")'
```
+
+## Kafka on Kubernetes
+
+### Extract the Keycloak cert
+
+In this configuration, Keycloak is deployed behind Traefik, which is our TLS
terminating proxy.
+The domain `keycloak.local` is mapped to an actual IP in `/etc/hosts`.
+
+```
+echo -n | openssl s_client -connect keycloak.local:443 -servername
keycloak.local | openssl x509 > keycloak.crt
+cat keycloak.crt | openssl x509 -noout -text
+```
+
+Deploy a single node Kafka cluster
+
+```
+kubectl config use-context docker-desktop \
+ && helm upgrade --install kafka ./helm -f ./helm/values-kafka.yaml \
+ && kubectl wait --for=condition=Ready pod -l app.kubernetes.io/name=kafka
--timeout=20s \
+ && kubectl logs --tail 400 -f -l app.kubernetes.io/name=kafka
+
+helm uninstall kafka
+```
diff --git a/components/camel-oauth/helm/Chart.yaml
b/components/camel-oauth/helm/Chart.yaml
index e455139ac69..db75b24655d 100644
--- a/components/camel-oauth/helm/Chart.yaml
+++ b/components/camel-oauth/helm/Chart.yaml
@@ -16,6 +16,6 @@
#
apiVersion: v2
-name: platform-http-chart
+name: camel-oauth-infra
description: A Helm chart to deploy Keycloak
version: 0.1.0
\ No newline at end of file
diff --git a/components/camel-oauth/helm/etc/camel-realm.json
b/components/camel-oauth/helm/etc/camel-realm.json
index 899d037f676..ef300a59d29 100644
--- a/components/camel-oauth/helm/etc/camel-realm.json
+++ b/components/camel-oauth/helm/etc/camel-realm.json
@@ -1,2139 +1,241 @@
{
- "accessCodeLifespan": 60,
- "accessCodeLifespanLogin": 1800,
- "accessCodeLifespanUserAction": 300,
+ "realm": "camel",
"accessTokenLifespan": 300,
- "accessTokenLifespanForImplicitFlow": 900,
- "actionTokenGeneratedByAdminLifespan": 43200,
- "actionTokenGeneratedByUserLifespan": 300,
- "adminEventsDetailsEnabled": false,
- "adminEventsEnabled": false,
- "adminPermissionsEnabled": false,
- "attributes": {
- "cibaAuthRequestedUserHint": "login_hint",
- "cibaBackchannelTokenDeliveryMode": "poll",
- "cibaExpiresIn": "120",
- "cibaInterval": "5",
- "oauth2DeviceCodeLifespan": "600",
- "oauth2DevicePollingInterval": "5",
- "parRequestUriLifespan": "60",
- "realmReusableOtpCode": "false"
- },
- "authenticationFlows": [
- {
- "alias": "Account verification options",
- "authenticationExecutions": [
- {
- "authenticator": "idp-email-verification",
- "authenticatorFlow": false,
- "autheticatorFlow": false,
- "priority": 10,
- "requirement": "ALTERNATIVE",
- "userSetupAllowed": false
- },
- {
- "authenticatorFlow": true,
- "autheticatorFlow": true,
- "flowAlias": "Verify Existing Account by Re-authentication",
- "priority": 20,
- "requirement": "ALTERNATIVE",
- "userSetupAllowed": false
- }
- ],
- "builtIn": true,
- "description": "Method with which to verity the existing account",
- "id": "cae070ea-ddce-46fb-be70-795d59869217",
- "providerId": "basic-flow",
- "topLevel": false
- },
- {
- "alias": "Browser - Conditional OTP",
- "authenticationExecutions": [
- {
- "authenticator": "conditional-user-configured",
- "authenticatorFlow": false,
- "autheticatorFlow": false,
- "priority": 10,
- "requirement": "REQUIRED",
- "userSetupAllowed": false
- },
- {
- "authenticator": "auth-otp-form",
- "authenticatorFlow": false,
- "autheticatorFlow": false,
- "priority": 20,
- "requirement": "REQUIRED",
- "userSetupAllowed": false
- }
- ],
- "builtIn": true,
- "description": "Flow to determine if the OTP is required for the
authentication",
- "id": "87907cb4-8369-4f18-9daa-6c834726644b",
- "providerId": "basic-flow",
- "topLevel": false
- },
- {
- "alias": "Browser - Conditional Organization",
- "authenticationExecutions": [
- {
- "authenticator": "conditional-user-configured",
- "authenticatorFlow": false,
- "autheticatorFlow": false,
- "priority": 10,
- "requirement": "REQUIRED",
- "userSetupAllowed": false
- },
- {
- "authenticator": "organization",
- "authenticatorFlow": false,
- "autheticatorFlow": false,
- "priority": 20,
- "requirement": "ALTERNATIVE",
- "userSetupAllowed": false
- }
- ],
- "builtIn": true,
- "description": "Flow to determine if the organization identity-first
login is to be used",
- "id": "37d88d49-79c8-4d3c-8546-bfe103085117",
- "providerId": "basic-flow",
- "topLevel": false
- },
- {
- "alias": "Direct Grant - Conditional OTP",
- "authenticationExecutions": [
- {
- "authenticator": "conditional-user-configured",
- "authenticatorFlow": false,
- "autheticatorFlow": false,
- "priority": 10,
- "requirement": "REQUIRED",
- "userSetupAllowed": false
- },
- {
- "authenticator": "direct-grant-validate-otp",
- "authenticatorFlow": false,
- "autheticatorFlow": false,
- "priority": 20,
- "requirement": "REQUIRED",
- "userSetupAllowed": false
- }
- ],
- "builtIn": true,
- "description": "Flow to determine if the OTP is required for the
authentication",
- "id": "767b935b-6e00-4884-a9f0-90281cf54634",
- "providerId": "basic-flow",
- "topLevel": false
- },
- {
- "alias": "First Broker Login - Conditional Organization",
- "authenticationExecutions": [
- {
- "authenticator": "conditional-user-configured",
- "authenticatorFlow": false,
- "autheticatorFlow": false,
- "priority": 10,
- "requirement": "REQUIRED",
- "userSetupAllowed": false
- },
- {
- "authenticator": "idp-add-organization-member",
- "authenticatorFlow": false,
- "autheticatorFlow": false,
- "priority": 20,
- "requirement": "REQUIRED",
- "userSetupAllowed": false
- }
- ],
- "builtIn": true,
- "description": "Flow to determine if the authenticator that adds
organization members is to be used",
- "id": "a1182ccd-bda9-40ac-a28f-da1b53c62191",
- "providerId": "basic-flow",
- "topLevel": false
- },
- {
- "alias": "First broker login - Conditional OTP",
- "authenticationExecutions": [
- {
- "authenticator": "conditional-user-configured",
- "authenticatorFlow": false,
- "autheticatorFlow": false,
- "priority": 10,
- "requirement": "REQUIRED",
- "userSetupAllowed": false
- },
- {
- "authenticator": "auth-otp-form",
- "authenticatorFlow": false,
- "autheticatorFlow": false,
- "priority": 20,
- "requirement": "REQUIRED",
- "userSetupAllowed": false
- }
- ],
- "builtIn": true,
- "description": "Flow to determine if the OTP is required for the
authentication",
- "id": "39020d63-f50b-4bab-824a-732d274324a6",
- "providerId": "basic-flow",
- "topLevel": false
- },
- {
- "alias": "Handle Existing Account",
- "authenticationExecutions": [
- {
- "authenticator": "idp-confirm-link",
- "authenticatorFlow": false,
- "autheticatorFlow": false,
- "priority": 10,
- "requirement": "REQUIRED",
- "userSetupAllowed": false
- },
- {
- "authenticatorFlow": true,
- "autheticatorFlow": true,
- "flowAlias": "Account verification options",
- "priority": 20,
- "requirement": "REQUIRED",
- "userSetupAllowed": false
- }
- ],
- "builtIn": true,
- "description": "Handle what to do if there is existing account with same
email/username like authenticated identity provider",
- "id": "1be565ad-e41c-412e-86ff-aa5fff4183c5",
- "providerId": "basic-flow",
- "topLevel": false
- },
- {
- "alias": "Organization",
- "authenticationExecutions": [
- {
- "authenticatorFlow": true,
- "autheticatorFlow": true,
- "flowAlias": "Browser - Conditional Organization",
- "priority": 10,
- "requirement": "CONDITIONAL",
- "userSetupAllowed": false
- }
- ],
- "builtIn": true,
- "id": "a4b5f3f3-cbae-4b14-99a0-d9b3b667543a",
- "providerId": "basic-flow",
- "topLevel": false
- },
- {
- "alias": "Reset - Conditional OTP",
- "authenticationExecutions": [
- {
- "authenticator": "conditional-user-configured",
- "authenticatorFlow": false,
- "autheticatorFlow": false,
- "priority": 10,
- "requirement": "REQUIRED",
- "userSetupAllowed": false
- },
- {
- "authenticator": "reset-otp",
- "authenticatorFlow": false,
- "autheticatorFlow": false,
- "priority": 20,
- "requirement": "REQUIRED",
- "userSetupAllowed": false
- }
- ],
- "builtIn": true,
- "description": "Flow to determine if the OTP should be reset or not. Set
to REQUIRED to force.",
- "id": "b49293c6-ded0-4edc-9a5f-d2c1ae5a3d56",
- "providerId": "basic-flow",
- "topLevel": false
- },
- {
- "alias": "User creation or linking",
- "authenticationExecutions": [
- {
- "authenticator": "idp-create-user-if-unique",
- "authenticatorConfig": "create unique user config",
- "authenticatorFlow": false,
- "autheticatorFlow": false,
- "priority": 10,
- "requirement": "ALTERNATIVE",
- "userSetupAllowed": false
- },
- {
- "authenticatorFlow": true,
- "autheticatorFlow": true,
- "flowAlias": "Handle Existing Account",
- "priority": 20,
- "requirement": "ALTERNATIVE",
- "userSetupAllowed": false
- }
- ],
- "builtIn": true,
- "description": "Flow for the existing/non-existing user alternatives",
- "id": "1cb7464a-d7c0-459e-b09c-2847984109da",
- "providerId": "basic-flow",
- "topLevel": false
- },
- {
- "alias": "Verify Existing Account by Re-authentication",
- "authenticationExecutions": [
- {
- "authenticator": "idp-username-password-form",
- "authenticatorFlow": false,
- "autheticatorFlow": false,
- "priority": 10,
- "requirement": "REQUIRED",
- "userSetupAllowed": false
- },
- {
- "authenticatorFlow": true,
- "autheticatorFlow": true,
- "flowAlias": "First broker login - Conditional OTP",
- "priority": 20,
- "requirement": "CONDITIONAL",
- "userSetupAllowed": false
- }
- ],
- "builtIn": true,
- "description": "Reauthentication of existing account",
- "id": "6c7a7a86-da4f-4bea-a59b-6ab3f4e5af66",
- "providerId": "basic-flow",
- "topLevel": false
- },
- {
- "alias": "browser",
- "authenticationExecutions": [
- {
- "authenticator": "auth-cookie",
- "authenticatorFlow": false,
- "autheticatorFlow": false,
- "priority": 10,
- "requirement": "ALTERNATIVE",
- "userSetupAllowed": false
- },
- {
- "authenticator": "auth-spnego",
- "authenticatorFlow": false,
- "autheticatorFlow": false,
- "priority": 20,
- "requirement": "DISABLED",
- "userSetupAllowed": false
- },
- {
- "authenticator": "identity-provider-redirector",
- "authenticatorFlow": false,
- "autheticatorFlow": false,
- "priority": 25,
- "requirement": "ALTERNATIVE",
- "userSetupAllowed": false
- },
- {
- "authenticatorFlow": true,
- "autheticatorFlow": true,
- "flowAlias": "Organization",
- "priority": 26,
- "requirement": "ALTERNATIVE",
- "userSetupAllowed": false
- },
- {
- "authenticatorFlow": true,
- "autheticatorFlow": true,
- "flowAlias": "forms",
- "priority": 30,
- "requirement": "ALTERNATIVE",
- "userSetupAllowed": false
- }
- ],
- "builtIn": true,
- "description": "Browser based authentication",
- "id": "d52b496a-d02f-4f43-bea1-db5bb3fd935e",
- "providerId": "basic-flow",
- "topLevel": true
- },
- {
- "alias": "clients",
- "authenticationExecutions": [
- {
- "authenticator": "client-secret",
- "authenticatorFlow": false,
- "autheticatorFlow": false,
- "priority": 10,
- "requirement": "ALTERNATIVE",
- "userSetupAllowed": false
- },
- {
- "authenticator": "client-jwt",
- "authenticatorFlow": false,
- "autheticatorFlow": false,
- "priority": 20,
- "requirement": "ALTERNATIVE",
- "userSetupAllowed": false
- },
- {
- "authenticator": "client-secret-jwt",
- "authenticatorFlow": false,
- "autheticatorFlow": false,
- "priority": 30,
- "requirement": "ALTERNATIVE",
- "userSetupAllowed": false
- },
- {
- "authenticator": "client-x509",
- "authenticatorFlow": false,
- "autheticatorFlow": false,
- "priority": 40,
- "requirement": "ALTERNATIVE",
- "userSetupAllowed": false
- }
- ],
- "builtIn": true,
- "description": "Base authentication for clients",
- "id": "e10bdc41-0c9c-4e66-b7e1-53bedaee3bc2",
- "providerId": "client-flow",
- "topLevel": true
- },
- {
- "alias": "direct grant",
- "authenticationExecutions": [
- {
- "authenticator": "direct-grant-validate-username",
- "authenticatorFlow": false,
- "autheticatorFlow": false,
- "priority": 10,
- "requirement": "REQUIRED",
- "userSetupAllowed": false
- },
- {
- "authenticator": "direct-grant-validate-password",
- "authenticatorFlow": false,
- "autheticatorFlow": false,
- "priority": 20,
- "requirement": "REQUIRED",
- "userSetupAllowed": false
- },
- {
- "authenticatorFlow": true,
- "autheticatorFlow": true,
- "flowAlias": "Direct Grant - Conditional OTP",
- "priority": 30,
- "requirement": "CONDITIONAL",
- "userSetupAllowed": false
- }
- ],
- "builtIn": true,
- "description": "OpenID Connect Resource Owner Grant",
- "id": "584d7f63-e86d-44e9-ba87-41bc2303f14a",
- "providerId": "basic-flow",
- "topLevel": true
- },
- {
- "alias": "docker auth",
- "authenticationExecutions": [
- {
- "authenticator": "docker-http-basic-authenticator",
- "authenticatorFlow": false,
- "autheticatorFlow": false,
- "priority": 10,
- "requirement": "REQUIRED",
- "userSetupAllowed": false
- }
- ],
- "builtIn": true,
- "description": "Used by Docker clients to authenticate against the IDP",
- "id": "993a5f27-ecff-4c87-a6fe-89e557484dac",
- "providerId": "basic-flow",
- "topLevel": true
- },
- {
- "alias": "first broker login",
- "authenticationExecutions": [
- {
- "authenticator": "idp-review-profile",
- "authenticatorConfig": "review profile config",
- "authenticatorFlow": false,
- "autheticatorFlow": false,
- "priority": 10,
- "requirement": "REQUIRED",
- "userSetupAllowed": false
- },
- {
- "authenticatorFlow": true,
- "autheticatorFlow": true,
- "flowAlias": "User creation or linking",
- "priority": 20,
- "requirement": "REQUIRED",
- "userSetupAllowed": false
- },
- {
- "authenticatorFlow": true,
- "autheticatorFlow": true,
- "flowAlias": "First Broker Login - Conditional Organization",
- "priority": 50,
- "requirement": "CONDITIONAL",
- "userSetupAllowed": false
- }
- ],
- "builtIn": true,
- "description": "Actions taken after first broker login with identity
provider account, which is not yet linked to any Keycloak account",
- "id": "e5c203ab-87bd-4b3a-ac4c-ffe02d0807fb",
- "providerId": "basic-flow",
- "topLevel": true
- },
- {
- "alias": "forms",
- "authenticationExecutions": [
- {
- "authenticator": "auth-username-password-form",
- "authenticatorFlow": false,
- "autheticatorFlow": false,
- "priority": 10,
- "requirement": "REQUIRED",
- "userSetupAllowed": false
- },
- {
- "authenticatorFlow": true,
- "autheticatorFlow": true,
- "flowAlias": "Browser - Conditional OTP",
- "priority": 20,
- "requirement": "CONDITIONAL",
- "userSetupAllowed": false
- }
- ],
- "builtIn": true,
- "description": "Username, password, otp and other auth forms.",
- "id": "dc505ff6-a644-4c67-99a7-f80109adc7bb",
- "providerId": "basic-flow",
- "topLevel": false
- },
- {
- "alias": "registration",
- "authenticationExecutions": [
- {
- "authenticator": "registration-page-form",
- "authenticatorFlow": true,
- "autheticatorFlow": true,
- "flowAlias": "registration form",
- "priority": 10,
- "requirement": "REQUIRED",
- "userSetupAllowed": false
- }
- ],
- "builtIn": true,
- "description": "Registration flow",
- "id": "e0eace41-ef5e-4039-804d-78be3279f900",
- "providerId": "basic-flow",
- "topLevel": true
- },
- {
- "alias": "registration form",
- "authenticationExecutions": [
- {
- "authenticator": "registration-user-creation",
- "authenticatorFlow": false,
- "autheticatorFlow": false,
- "priority": 20,
- "requirement": "REQUIRED",
- "userSetupAllowed": false
- },
- {
- "authenticator": "registration-password-action",
- "authenticatorFlow": false,
- "autheticatorFlow": false,
- "priority": 50,
- "requirement": "REQUIRED",
- "userSetupAllowed": false
- },
- {
- "authenticator": "registration-recaptcha-action",
- "authenticatorFlow": false,
- "autheticatorFlow": false,
- "priority": 60,
- "requirement": "DISABLED",
- "userSetupAllowed": false
- },
- {
- "authenticator": "registration-terms-and-conditions",
- "authenticatorFlow": false,
- "autheticatorFlow": false,
- "priority": 70,
- "requirement": "DISABLED",
- "userSetupAllowed": false
- }
- ],
- "builtIn": true,
- "description": "Registration form",
- "id": "da98451c-b801-4d74-bd38-af81169e1fa9",
- "providerId": "form-flow",
- "topLevel": false
- },
- {
- "alias": "reset credentials",
- "authenticationExecutions": [
- {
- "authenticator": "reset-credentials-choose-user",
- "authenticatorFlow": false,
- "autheticatorFlow": false,
- "priority": 10,
- "requirement": "REQUIRED",
- "userSetupAllowed": false
- },
- {
- "authenticator": "reset-credential-email",
- "authenticatorFlow": false,
- "autheticatorFlow": false,
- "priority": 20,
- "requirement": "REQUIRED",
- "userSetupAllowed": false
- },
- {
- "authenticator": "reset-password",
- "authenticatorFlow": false,
- "autheticatorFlow": false,
- "priority": 30,
- "requirement": "REQUIRED",
- "userSetupAllowed": false
- },
- {
- "authenticatorFlow": true,
- "autheticatorFlow": true,
- "flowAlias": "Reset - Conditional OTP",
- "priority": 40,
- "requirement": "CONDITIONAL",
- "userSetupAllowed": false
- }
- ],
- "builtIn": true,
- "description": "Reset credentials for a user if they forgot their
password or something",
- "id": "baf2e059-e2ed-4511-8cb9-9bae87ed2079",
- "providerId": "basic-flow",
- "topLevel": true
- },
- {
- "alias": "saml ecp",
- "authenticationExecutions": [
- {
- "authenticator": "http-basic-authenticator",
- "authenticatorFlow": false,
- "autheticatorFlow": false,
- "priority": 10,
- "requirement": "REQUIRED",
- "userSetupAllowed": false
- }
- ],
- "builtIn": true,
- "description": "SAML ECP Profile Authentication Flow",
- "id": "40a31665-a2cd-48cc-b3fb-572e045b9fc5",
- "providerId": "basic-flow",
- "topLevel": true
- }
- ],
- "authenticatorConfig": [
- {
- "alias": "create unique user config",
- "config": {
- "require.password.update.after.registration": "false"
- },
- "id": "3ab5456f-5c1c-445d-a772-a986b59b36a9"
- },
- {
- "alias": "review profile config",
- "config": {
- "update.profile.on.first.login": "missing"
- },
- "id": "50608b3e-9f44-41f0-b535-5ef3979167e6"
- }
- ],
- "browserFlow": "browser",
- "browserSecurityHeaders": {
- "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self';
object-src 'none';",
- "contentSecurityPolicyReportOnly": "",
- "referrerPolicy": "no-referrer",
- "strictTransportSecurity": "max-age=31536000; includeSubDomains",
- "xContentTypeOptions": "nosniff",
- "xFrameOptions": "SAMEORIGIN",
- "xRobotsTag": "none",
- "xXSSProtection": "1; mode=block"
- },
- "bruteForceProtected": false,
- "bruteForceStrategy": "MULTIPLE",
- "clientAuthenticationFlow": "clients",
- "clientOfflineSessionIdleTimeout": 0,
- "clientOfflineSessionMaxLifespan": 0,
- "clientPolicies": {
- "policies": []
- },
- "clientProfiles": {
- "profiles": []
- },
- "clientScopeMappings": {
- "account": [
- {
- "client": "account-console",
- "roles": [
- "manage-account",
- "view-groups"
- ]
- }
- ]
- },
- "clientScopes": [
- {
- "attributes": {
- "display.on.consent.screen": "false",
- "include.in.token.scope": "true"
- },
- "description": "Microprofile - JWT built-in scope",
- "id": "7aaaf3c4-868f-41d2-868d-35eb057cd205",
- "name": "microprofile-jwt",
- "protocol": "openid-connect",
- "protocolMappers": [
- {
- "config": {
- "access.token.claim": "true",
- "claim.name": "upn",
- "id.token.claim": "true",
- "introspection.token.claim": "true",
- "jsonType.label": "String",
- "user.attribute": "username",
- "userinfo.token.claim": "true"
- },
- "consentRequired": false,
- "id": "21cff289-9683-4e5b-a2e1-a6b83c24975a",
- "name": "upn",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper"
- },
- {
- "config": {
- "access.token.claim": "true",
- "claim.name": "groups",
- "id.token.claim": "true",
- "introspection.token.claim": "true",
- "jsonType.label": "String",
- "multivalued": "true",
- "user.attribute": "foo"
- },
- "consentRequired": false,
- "id": "52c78de5-cfd1-4b44-96d2-522bd0d0f338",
- "name": "groups",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-realm-role-mapper"
- }
- ]
- },
- {
- "attributes": {
- "consent.screen.text": "${addressScopeConsentText}",
- "display.on.consent.screen": "true",
- "include.in.token.scope": "true"
- },
- "description": "OpenID Connect built-in scope: address",
- "id": "344e25fa-1a59-439a-87a3-9b67b3b939a4",
- "name": "address",
- "protocol": "openid-connect",
- "protocolMappers": [
- {
- "config": {
- "access.token.claim": "true",
- "id.token.claim": "true",
- "introspection.token.claim": "true",
- "user.attribute.country": "country",
- "user.attribute.formatted": "formatted",
- "user.attribute.locality": "locality",
- "user.attribute.postal_code": "postal_code",
- "user.attribute.region": "region",
- "user.attribute.street": "street",
- "userinfo.token.claim": "true"
- },
- "consentRequired": false,
- "id": "d651d31e-11c1-428f-b07a-4e60ed0a9af5",
- "name": "address",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-address-mapper"
- }
- ]
- },
- {
- "attributes": {
- "consent.screen.text": "${phoneScopeConsentText}",
- "display.on.consent.screen": "true",
- "include.in.token.scope": "true"
- },
- "description": "OpenID Connect built-in scope: phone",
- "id": "f7e20abd-09bf-4d24-825a-58780fb6b29b",
- "name": "phone",
- "protocol": "openid-connect",
- "protocolMappers": [
- {
- "config": {
- "access.token.claim": "true",
- "claim.name": "phone_number",
- "id.token.claim": "true",
- "introspection.token.claim": "true",
- "jsonType.label": "String",
- "user.attribute": "phoneNumber",
- "userinfo.token.claim": "true"
- },
- "consentRequired": false,
- "id": "425fcb87-d8f4-4021-a198-71af50f6b5ed",
- "name": "phone number",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper"
- },
- {
- "config": {
- "access.token.claim": "true",
- "claim.name": "phone_number_verified",
- "id.token.claim": "true",
- "introspection.token.claim": "true",
- "jsonType.label": "boolean",
- "user.attribute": "phoneNumberVerified",
- "userinfo.token.claim": "true"
- },
- "consentRequired": false,
- "id": "54b3ff41-3bde-4b31-aeb9-f17f1a831b4f",
- "name": "phone number verified",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper"
- }
- ]
- },
- {
- "attributes": {
- "display.on.consent.screen": "false",
- "include.in.token.scope": "false"
- },
- "description": "Specific scope for a client enabled for service
accounts",
- "id": "4435f35a-8bd4-48b2-81a6-28b938a175da",
- "name": "service_account",
- "protocol": "openid-connect",
- "protocolMappers": [
- {
- "config": {
- "access.token.claim": "true",
- "claim.name": "clientAddress",
- "id.token.claim": "true",
- "introspection.token.claim": "true",
- "jsonType.label": "String",
- "user.session.note": "clientAddress"
- },
- "consentRequired": false,
- "id": "4f2bd9a5-6885-47ae-8bb5-957e6c95eca8",
- "name": "Client IP Address",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usersessionmodel-note-mapper"
- },
- {
- "config": {
- "access.token.claim": "true",
- "claim.name": "client_id",
- "id.token.claim": "true",
- "introspection.token.claim": "true",
- "jsonType.label": "String",
- "user.session.note": "client_id"
- },
- "consentRequired": false,
- "id": "4d23d59a-16c1-46b0-9ee0-afbcfeaea959",
- "name": "Client ID",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usersessionmodel-note-mapper"
- },
- {
- "config": {
- "access.token.claim": "true",
- "claim.name": "clientHost",
- "id.token.claim": "true",
- "introspection.token.claim": "true",
- "jsonType.label": "String",
- "user.session.note": "clientHost"
- },
- "consentRequired": false,
- "id": "91802fe0-be3b-4960-99d3-c3c52dc0c885",
- "name": "Client Host",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usersessionmodel-note-mapper"
- }
- ]
- },
- {
- "attributes": {
- "consent.screen.text": "${profileScopeConsentText}",
- "display.on.consent.screen": "true",
- "include.in.token.scope": "true"
- },
- "description": "OpenID Connect built-in scope: profile",
- "id": "54fa7985-ca72-45b9-aeab-c31fc11a3455",
- "name": "profile",
- "protocol": "openid-connect",
- "protocolMappers": [
- {
- "config": {
- "access.token.claim": "true",
- "claim.name": "profile",
- "id.token.claim": "true",
- "introspection.token.claim": "true",
- "jsonType.label": "String",
- "user.attribute": "profile",
- "userinfo.token.claim": "true"
- },
- "consentRequired": false,
- "id": "f2d2e2dd-8f19-4730-82fe-d4359f7f6f1b",
- "name": "profile",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper"
- },
- {
- "config": {
- "access.token.claim": "true",
- "claim.name": "picture",
- "id.token.claim": "true",
- "introspection.token.claim": "true",
- "jsonType.label": "String",
- "user.attribute": "picture",
- "userinfo.token.claim": "true"
- },
- "consentRequired": false,
- "id": "ebe75f43-8f40-4ca8-b62f-345d36f61a8c",
- "name": "picture",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper"
- },
- {
- "config": {
- "access.token.claim": "true",
- "claim.name": "gender",
- "id.token.claim": "true",
- "introspection.token.claim": "true",
- "jsonType.label": "String",
- "user.attribute": "gender",
- "userinfo.token.claim": "true"
- },
- "consentRequired": false,
- "id": "846a582e-86cc-4c9c-9f65-269fed23f6a2",
- "name": "gender",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper"
- },
- {
- "config": {
- "access.token.claim": "true",
- "claim.name": "zoneinfo",
- "id.token.claim": "true",
- "introspection.token.claim": "true",
- "jsonType.label": "String",
- "user.attribute": "zoneinfo",
- "userinfo.token.claim": "true"
- },
- "consentRequired": false,
- "id": "04d178f2-c8fa-45d6-b0be-c8acd2e16b3c",
- "name": "zoneinfo",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper"
- },
- {
- "config": {
- "access.token.claim": "true",
- "claim.name": "locale",
- "id.token.claim": "true",
- "introspection.token.claim": "true",
- "jsonType.label": "String",
- "user.attribute": "locale",
- "userinfo.token.claim": "true"
- },
- "consentRequired": false,
- "id": "e8b997dc-4684-4758-9846-480b6e4e9ca4",
- "name": "locale",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper"
- },
- {
- "config": {
- "access.token.claim": "true",
- "claim.name": "updated_at",
- "id.token.claim": "true",
- "introspection.token.claim": "true",
- "jsonType.label": "long",
- "user.attribute": "updatedAt",
- "userinfo.token.claim": "true"
- },
- "consentRequired": false,
- "id": "4940a100-c258-49a6-a0fe-7c946b1c4ce3",
- "name": "updated at",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper"
- },
- {
- "config": {
- "access.token.claim": "true",
- "claim.name": "preferred_username",
- "id.token.claim": "true",
- "introspection.token.claim": "true",
- "jsonType.label": "String",
- "user.attribute": "username",
- "userinfo.token.claim": "true"
- },
- "consentRequired": false,
- "id": "d4a5f0ca-7ffd-4706-ae4b-d8ca928ee599",
- "name": "username",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper"
- },
- {
- "config": {
- "access.token.claim": "true",
- "id.token.claim": "true",
- "introspection.token.claim": "true",
- "userinfo.token.claim": "true"
- },
- "consentRequired": false,
- "id": "7936f5b4-b5e5-4400-b6e0-ed0f23eb43d3",
- "name": "full name",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-full-name-mapper"
- },
- {
- "config": {
- "access.token.claim": "true",
- "claim.name": "family_name",
- "id.token.claim": "true",
- "introspection.token.claim": "true",
- "jsonType.label": "String",
- "user.attribute": "lastName",
- "userinfo.token.claim": "true"
- },
- "consentRequired": false,
- "id": "f91eeb97-47d3-4b4a-a03e-9610dea8ad26",
- "name": "family name",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper"
- },
- {
- "config": {
- "access.token.claim": "true",
- "claim.name": "birthdate",
- "id.token.claim": "true",
- "introspection.token.claim": "true",
- "jsonType.label": "String",
- "user.attribute": "birthdate",
- "userinfo.token.claim": "true"
- },
- "consentRequired": false,
- "id": "388281ea-5d95-4670-b2a3-5230104511a6",
- "name": "birthdate",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper"
- },
- {
- "config": {
- "access.token.claim": "true",
- "claim.name": "middle_name",
- "id.token.claim": "true",
- "introspection.token.claim": "true",
- "jsonType.label": "String",
- "user.attribute": "middleName",
- "userinfo.token.claim": "true"
- },
- "consentRequired": false,
- "id": "57d612d3-698d-47fd-bf7d-9663276c3088",
- "name": "middle name",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper"
- },
- {
- "config": {
- "access.token.claim": "true",
- "claim.name": "given_name",
- "id.token.claim": "true",
- "introspection.token.claim": "true",
- "jsonType.label": "String",
- "user.attribute": "firstName",
- "userinfo.token.claim": "true"
- },
- "consentRequired": false,
- "id": "253ed51c-994f-4b64-8c24-bc423925a845",
- "name": "given name",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper"
- },
- {
- "config": {
- "access.token.claim": "true",
- "claim.name": "website",
- "id.token.claim": "true",
- "introspection.token.claim": "true",
- "jsonType.label": "String",
- "user.attribute": "website",
- "userinfo.token.claim": "true"
- },
- "consentRequired": false,
- "id": "1c152cff-f9c3-4fcd-9394-1c09c4a77e75",
- "name": "website",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper"
- },
- {
- "config": {
- "access.token.claim": "true",
- "claim.name": "nickname",
- "id.token.claim": "true",
- "introspection.token.claim": "true",
- "jsonType.label": "String",
- "user.attribute": "nickname",
- "userinfo.token.claim": "true"
- },
- "consentRequired": false,
- "id": "5c172e81-a500-46fe-be77-6fb6e4e3aedc",
- "name": "nickname",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper"
- }
- ]
- },
- {
- "attributes": {
- "consent.screen.text": "${emailScopeConsentText}",
- "display.on.consent.screen": "true",
- "include.in.token.scope": "true"
- },
- "description": "OpenID Connect built-in scope: email",
- "id": "ea20e4dc-8701-4dc5-b4d4-a2a075419685",
- "name": "email",
- "protocol": "openid-connect",
- "protocolMappers": [
- {
- "config": {
- "access.token.claim": "true",
- "claim.name": "email_verified",
- "id.token.claim": "true",
- "introspection.token.claim": "true",
- "jsonType.label": "boolean",
- "user.attribute": "emailVerified",
- "userinfo.token.claim": "true"
- },
- "consentRequired": false,
- "id": "57060a43-fe4f-4ed6-80d2-8f500a2ac6a9",
- "name": "email verified",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-property-mapper"
- },
- {
- "config": {
- "access.token.claim": "true",
- "claim.name": "email",
- "id.token.claim": "true",
- "introspection.token.claim": "true",
- "jsonType.label": "String",
- "user.attribute": "email",
- "userinfo.token.claim": "true"
- },
- "consentRequired": false,
- "id": "e37af486-8e38-4df8-863d-72f954e109f6",
- "name": "email",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper"
- }
- ]
- },
- {
- "attributes": {
- "display.on.consent.screen": "false",
- "include.in.token.scope": "false"
- },
- "description": "OpenID Connect scope for add acr (authentication context
class reference) to the token",
- "id": "eade01bc-3b70-451e-a3e9-a2d2d98d6015",
- "name": "acr",
- "protocol": "openid-connect",
- "protocolMappers": [
- {
- "config": {
- "access.token.claim": "true",
- "id.token.claim": "true",
- "introspection.token.claim": "true"
- },
- "consentRequired": false,
- "id": "35cda456-a597-4f96-85e7-991993784768",
- "name": "acr loa level",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-acr-mapper"
- }
- ]
- },
- {
- "attributes": {
- "display.on.consent.screen": "false"
- },
- "description": "Organization Membership",
- "id": "4a8b5d37-212e-49dc-8f4a-a611af9ea0e0",
- "name": "saml_organization",
- "protocol": "saml",
- "protocolMappers": [
- {
- "config": {},
- "consentRequired": false,
- "id": "ffdc0525-b40e-4f9b-98d9-92c67845176d",
- "name": "organization",
- "protocol": "saml",
- "protocolMapper": "saml-organization-membership-mapper"
- }
- ]
- },
- {
- "attributes": {
- "consent.screen.text": "${samlRoleListScopeConsentText}",
- "display.on.consent.screen": "true"
- },
- "description": "SAML role list",
- "id": "8ca5dd23-6618-4e3d-aaa2-53c4075f3807",
- "name": "role_list",
- "protocol": "saml",
- "protocolMappers": [
- {
- "config": {
- "attribute.name": "Role",
- "attribute.nameformat": "Basic",
- "single": "false"
- },
- "consentRequired": false,
- "id": "8ffb7639-1cb1-4d69-9a31-7804b8e483ea",
- "name": "role list",
- "protocol": "saml",
- "protocolMapper": "saml-role-list-mapper"
- }
- ]
- },
- {
- "attributes": {
- "consent.screen.text": "${organizationScopeConsentText}",
- "display.on.consent.screen": "true",
- "include.in.token.scope": "true"
- },
- "description": "Additional claims about the organization a subject
belongs to",
- "id": "20664e6a-1dd1-4bac-9680-dbae402cf691",
- "name": "organization",
- "protocol": "openid-connect",
- "protocolMappers": [
- {
- "config": {
- "access.token.claim": "true",
- "claim.name": "organization",
- "id.token.claim": "true",
- "introspection.token.claim": "true",
- "jsonType.label": "String",
- "multivalued": "true"
- },
- "consentRequired": false,
- "id": "6c462bdf-90c5-44f5-94d2-0002cc167b46",
- "name": "organization",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-organization-membership-mapper"
- }
- ]
- },
- {
- "attributes": {
- "consent.screen.text": "${offlineAccessScopeConsentText}",
- "display.on.consent.screen": "true"
- },
- "description": "OpenID Connect built-in scope: offline_access",
- "id": "ed38bfbc-8f29-4f64-935b-5cf06d2215f7",
- "name": "offline_access",
- "protocol": "openid-connect"
- },
- {
- "attributes": {
- "consent.screen.text": "${rolesScopeConsentText}",
- "display.on.consent.screen": "true",
- "include.in.token.scope": "false"
- },
- "description": "OpenID Connect scope for add user roles to the access
token",
- "id": "fb84a8f0-1a0b-4fa6-887f-8c2800c6fbd9",
- "name": "roles",
- "protocol": "openid-connect",
- "protocolMappers": [
- {
- "config": {
- "access.token.claim": "true",
- "claim.name": "realm_access.roles",
- "introspection.token.claim": "true",
- "jsonType.label": "String",
- "multivalued": "true",
- "user.attribute": "foo"
- },
- "consentRequired": false,
- "id": "03ad1d22-79ae-4432-b175-2c1191529b09",
- "name": "realm roles",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-realm-role-mapper"
- },
- {
- "config": {
- "access.token.claim": "true",
- "claim.name": "resource_access.${client_id}.roles",
- "introspection.token.claim": "true",
- "jsonType.label": "String",
- "multivalued": "true",
- "user.attribute": "foo"
- },
- "consentRequired": false,
- "id": "d48fa36e-fd7d-41aa-9c89-14a2b3cfc5b1",
- "name": "client roles",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-client-role-mapper"
- },
- {
- "config": {
- "access.token.claim": "true",
- "introspection.token.claim": "true"
- },
- "consentRequired": false,
- "id": "fdb7d9ca-93db-40cd-a189-299e2dcc4483",
- "name": "audience resolve",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-audience-resolve-mapper"
- }
- ]
- },
- {
- "attributes": {
- "consent.screen.text": "",
- "display.on.consent.screen": "false",
- "include.in.token.scope": "false"
- },
- "description": "OpenID Connect scope for add allowed web origins to the
access token",
- "id": "3ee41590-b580-4114-a4f9-ae7311699adb",
- "name": "web-origins",
- "protocol": "openid-connect",
- "protocolMappers": [
- {
- "config": {
- "access.token.claim": "true",
- "introspection.token.claim": "true"
- },
- "consentRequired": false,
- "id": "ee56b7f1-a844-48c3-a55e-374b57fe6ca5",
- "name": "allowed web origins",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-allowed-origins-mapper"
- }
- ]
- },
- {
- "attributes": {
- "display.on.consent.screen": "false",
- "include.in.token.scope": "false"
- },
- "description": "OpenID Connect scope for add all basic claims to the
token",
- "id": "7eacd797-dd65-412a-9fa5-8ba3d4824e64",
- "name": "basic",
- "protocol": "openid-connect",
- "protocolMappers": [
- {
- "config": {
- "access.token.claim": "true",
- "introspection.token.claim": "true"
- },
- "consentRequired": false,
- "id": "260dd52c-632b-46ef-8210-a3d8351d8523",
- "name": "sub",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-sub-mapper"
- },
- {
- "config": {
- "access.token.claim": "true",
- "claim.name": "auth_time",
- "id.token.claim": "true",
- "introspection.token.claim": "true",
- "jsonType.label": "long",
- "user.session.note": "AUTH_TIME"
- },
- "consentRequired": false,
- "id": "8e1d4215-9034-46c1-ab66-2c756840452e",
- "name": "auth_time",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usersessionmodel-note-mapper"
- }
- ]
- }
- ],
- "clientSessionIdleTimeout": 0,
- "clientSessionMaxLifespan": 0,
- "clients": [
- {
- "alwaysDisplayInConsole": false,
- "attributes": {
- "post.logout.redirect.uris": "+",
- "realm_client": "false"
- },
- "authenticationFlowBindingOverrides": {},
- "baseUrl": "/realms/camel/account/",
- "bearerOnly": false,
- "clientAuthenticatorType": "client-secret",
- "clientId": "account",
- "consentRequired": false,
- "defaultClientScopes": [
- "web-origins",
- "acr",
- "roles",
- "profile",
- "basic",
- "email"
- ],
- "directAccessGrantsEnabled": false,
- "enabled": true,
- "frontchannelLogout": false,
- "fullScopeAllowed": false,
- "id": "f5aaf582-f7c0-4c6c-bcf2-390660090115",
- "implicitFlowEnabled": false,
- "name": "${client_account}",
- "nodeReRegistrationTimeout": 0,
- "notBefore": 0,
- "optionalClientScopes": [
- "address",
- "phone",
- "organization",
- "offline_access",
- "microprofile-jwt"
- ],
- "protocol": "openid-connect",
- "publicClient": true,
- "redirectUris": [
- "/realms/camel/account/*"
- ],
- "rootUrl": "${authBaseUrl}",
- "serviceAccountsEnabled": false,
- "standardFlowEnabled": true,
- "surrogateAuthRequired": false,
- "webOrigins": []
- },
+ "ssoSessionMaxLifespan": 32140800,
+ "ssoSessionIdleTimeout": 32140800,
+ "enabled": true,
+ "sslRequired": "external",
+ "users": [
{
- "alwaysDisplayInConsole": false,
- "attributes": {
- "pkce.code.challenge.method": "S256",
- "post.logout.redirect.uris": "+",
- "realm_client": "false"
- },
- "authenticationFlowBindingOverrides": {},
- "baseUrl": "/realms/camel/account/",
- "bearerOnly": false,
- "clientAuthenticatorType": "client-secret",
- "clientId": "account-console",
- "consentRequired": false,
- "defaultClientScopes": [
- "web-origins",
- "acr",
- "roles",
- "profile",
- "basic",
- "email"
- ],
- "directAccessGrantsEnabled": false,
+ "username": "alice",
"enabled": true,
- "frontchannelLogout": false,
- "fullScopeAllowed": false,
- "id": "ece35b24-8c9e-4970-9c05-a4dc38d382a7",
- "implicitFlowEnabled": false,
- "name": "${client_account-console}",
- "nodeReRegistrationTimeout": 0,
- "notBefore": 0,
- "optionalClientScopes": [
- "address",
- "phone",
- "organization",
- "offline_access",
- "microprofile-jwt"
- ],
- "protocol": "openid-connect",
- "protocolMappers": [
+ "firstName": "Alice",
+ "lastName": "Brown",
+ "email": "al...@example.com",
+ "credentials": [
{
- "config": {},
- "consentRequired": false,
- "id": "5acc723e-c018-490d-8b7a-e31c23e673db",
- "name": "audience resolve",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-audience-resolve-mapper"
+ "type": "password",
+ "value": "alice"
}
],
- "publicClient": true,
- "redirectUris": [
- "/realms/camel/account/*"
+ "realmRoles": [
+ "user"
],
- "rootUrl": "${authBaseUrl}",
- "serviceAccountsEnabled": false,
- "standardFlowEnabled": true,
- "surrogateAuthRequired": false,
- "webOrigins": []
+ "clientRoles": {
+ "kafka": [
+ "kafka-topic:superapp_*:owner"
+ ]
+ }
},
{
- "alwaysDisplayInConsole": false,
- "attributes": {
- "client.use.lightweight.access.token.enabled": "true",
- "realm_client": "false"
- },
- "authenticationFlowBindingOverrides": {},
- "bearerOnly": false,
- "clientAuthenticatorType": "client-secret",
- "clientId": "admin-cli",
- "consentRequired": false,
- "defaultClientScopes": [
- "web-origins",
- "acr",
- "roles",
- "profile",
- "basic",
- "email"
- ],
- "directAccessGrantsEnabled": true,
+ "username": "admin",
"enabled": true,
- "frontchannelLogout": false,
- "fullScopeAllowed": true,
- "id": "b172229f-58b9-4e19-9f9d-ee91d65fd67e",
- "implicitFlowEnabled": false,
- "name": "${client_admin-cli}",
- "nodeReRegistrationTimeout": 0,
- "notBefore": 0,
- "optionalClientScopes": [
- "address",
- "phone",
- "organization",
- "offline_access",
- "microprofile-jwt"
- ],
- "protocol": "openid-connect",
- "publicClient": true,
- "redirectUris": [],
- "serviceAccountsEnabled": false,
- "standardFlowEnabled": false,
- "surrogateAuthRequired": false,
- "webOrigins": []
- },
- {
- "alwaysDisplayInConsole": false,
- "attributes": {
- "realm_client": "true"
- },
- "authenticationFlowBindingOverrides": {},
- "bearerOnly": true,
- "clientAuthenticatorType": "client-secret",
- "clientId": "broker",
- "consentRequired": false,
- "defaultClientScopes": [
- "web-origins",
- "acr",
- "roles",
- "profile",
- "basic",
- "email"
+ "email": "ad...@example.com",
+ "credentials": [
+ {
+ "type": "password",
+ "value": "admin-password"
+ }
],
- "directAccessGrantsEnabled": false,
- "enabled": true,
- "frontchannelLogout": false,
- "fullScopeAllowed": false,
- "id": "62567bd0-4265-4ae3-a802-6cc2d944a5b7",
- "implicitFlowEnabled": false,
- "name": "${client_broker}",
- "nodeReRegistrationTimeout": 0,
- "notBefore": 0,
- "optionalClientScopes": [
- "address",
- "phone",
- "organization",
- "offline_access",
- "microprofile-jwt"
+ "realmRoles": [
+ "admin"
],
- "protocol": "openid-connect",
- "publicClient": false,
- "redirectUris": [],
- "serviceAccountsEnabled": false,
- "standardFlowEnabled": true,
- "surrogateAuthRequired": false,
- "webOrigins": []
+ "clientRoles": {
+ "realm-management": [
+ "realm-admin"
+ ],
+ "kafka": [
+ "kafka-admin"
+ ]
+ }
},
{
- "alwaysDisplayInConsole": false,
- "attributes": {
- "client.secret.creation.time": "1739866545",
- "post.logout.redirect.uris": "http://127.0.0.1:8080/";,
- "realm_client": "false"
- },
- "authenticationFlowBindingOverrides": {},
- "bearerOnly": false,
- "clientAuthenticatorType": "client-secret",
- "clientId": "camel-client",
- "consentRequired": false,
- "defaultClientScopes": [
- "service_account",
- "web-origins",
- "acr",
- "roles",
- "profile",
- "basic",
- "email"
- ],
- "directAccessGrantsEnabled": false,
+ "username": "service-account-kafka-broker",
"enabled": true,
- "frontchannelLogout": false,
- "fullScopeAllowed": true,
- "id": "528c7a81-f7e2-40d9-9745-5af73e16e2d6",
- "implicitFlowEnabled": false,
- "nodeReRegistrationTimeout": -1,
- "notBefore": 0,
- "optionalClientScopes": [
- "address",
- "phone",
- "organization",
- "offline_access",
- "microprofile-jwt"
- ],
- "protocol": "openid-connect",
- "publicClient": false,
- "redirectUris": [
- "http://127.0.0.1:8080/auth";
- ],
- "secret": "camel-client-secret",
- "serviceAccountsEnabled": true,
- "standardFlowEnabled": true,
- "surrogateAuthRequired": false,
- "webOrigins": [
- "http://127.0.0.1:8080";
- ]
+ "email": "service-account-kafka-bro...@placeholder.org",
+ "serviceAccountClientId": "kafka-broker",
+ "clientRoles": {
+ "kafka" : ["kafka-admin"]
+ }
},
{
- "alwaysDisplayInConsole": false,
- "attributes": {
- "realm_client": "true"
- },
- "authenticationFlowBindingOverrides": {},
- "bearerOnly": true,
- "clientAuthenticatorType": "client-secret",
- "clientId": "realm-management",
- "consentRequired": false,
- "defaultClientScopes": [
- "web-origins",
- "acr",
- "roles",
- "profile",
- "basic",
- "email"
- ],
- "directAccessGrantsEnabled": false,
+ "username": "service-account-kafka-producer-client",
"enabled": true,
- "frontchannelLogout": false,
- "fullScopeAllowed": false,
- "id": "b517865c-a141-4ff2-8462-d7b55e040dab",
- "implicitFlowEnabled": false,
- "name": "${client_realm-management}",
- "nodeReRegistrationTimeout": 0,
- "notBefore": 0,
- "optionalClientScopes": [
- "address",
- "phone",
- "organization",
- "offline_access",
- "microprofile-jwt"
- ],
- "protocol": "openid-connect",
- "publicClient": false,
- "redirectUris": [],
- "serviceAccountsEnabled": false,
- "standardFlowEnabled": true,
- "surrogateAuthRequired": false,
- "webOrigins": []
+ "email": "service-account-kafka-producer-cli...@placeholder.org",
+ "serviceAccountClientId": "kafka-producer-client"
},
{
- "alwaysDisplayInConsole": false,
- "attributes": {
- "client.use.lightweight.access.token.enabled": "true",
- "pkce.code.challenge.method": "S256",
- "post.logout.redirect.uris": "+",
- "realm_client": "false"
- },
- "authenticationFlowBindingOverrides": {},
- "baseUrl": "/admin/camel/console/",
- "bearerOnly": false,
- "clientAuthenticatorType": "client-secret",
- "clientId": "security-admin-console",
- "consentRequired": false,
- "defaultClientScopes": [
- "web-origins",
- "acr",
- "roles",
- "profile",
- "basic",
- "email"
- ],
- "directAccessGrantsEnabled": false,
+ "username": "service-account-kafka-consumer-client",
"enabled": true,
- "frontchannelLogout": false,
- "fullScopeAllowed": true,
- "id": "e92f2b26-aa13-46fe-84e8-3d0e86bed8d4",
- "implicitFlowEnabled": false,
- "name": "${client_security-admin-console}",
- "nodeReRegistrationTimeout": 0,
- "notBefore": 0,
- "optionalClientScopes": [
- "address",
- "phone",
- "organization",
- "offline_access",
- "microprofile-jwt"
- ],
- "protocol": "openid-connect",
- "protocolMappers": [
- {
- "config": {
- "access.token.claim": "true",
- "claim.name": "locale",
- "id.token.claim": "true",
- "introspection.token.claim": "true",
- "jsonType.label": "String",
- "user.attribute": "locale",
- "userinfo.token.claim": "true"
- },
- "consentRequired": false,
- "id": "17841641-7b03-43c8-8307-596bd2572ffc",
- "name": "locale",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper"
- }
- ],
- "publicClient": true,
- "redirectUris": [
- "/admin/camel/console/*"
- ],
- "rootUrl": "${authAdminUrl}",
- "serviceAccountsEnabled": false,
- "standardFlowEnabled": true,
- "surrogateAuthRequired": false,
- "webOrigins": [
- "+"
- ]
+ "email": "service-account-kafka-consumer-cli...@placeholder.org",
+ "serviceAccountClientId": "kafka-consumer-client",
+ "clientRoles": {
+ "kafka" : ["kafka-topic:superapp_*:consumer"]
+ }
}
],
- "components": {
- "org.keycloak.keys.KeyProvider": [
- {
- "config": {
- "priority": [
- "100"
- ]
- },
- "id": "0ebda9b5-8bc8-4d8e-897f-b1dbb6b37a92",
- "name": "rsa-generated",
- "providerId": "rsa-generated",
- "subComponents": {}
- },
- {
- "config": {
- "active": [
- "true"
- ],
- "algorithm": [
- "RSA-OAEP"
- ],
- "enabled": [
- "false"
- ],
- "keySize": [
- "2048"
- ],
- "priority": [
- "100"
- ]
- },
- "id": "f52a4515-1e39-4cb4-b51f-4430568e2b90",
- "name": "rsa-enc-generated",
- "providerId": "rsa-enc-generated",
- "subComponents": {}
- },
+ "roles": {
+ "realm": [
{
- "config": {
- "priority": [
- "100"
- ]
- },
- "id": "2163323c-747b-4ad6-85a2-4e6307fb30fd",
- "name": "aes-generated",
- "providerId": "aes-generated",
- "subComponents": {}
+ "name": "user",
+ "description": "User privileges"
},
{
- "config": {
- "algorithm": [
- "HS512"
- ],
- "priority": [
- "100"
- ]
- },
- "id": "bec37f80-4e3f-4469-81c6-08f27ee41f28",
- "name": "hmac-generated-hs512",
- "providerId": "hmac-generated",
- "subComponents": {}
+ "name": "admin",
+ "description": "Administrator privileges"
}
],
-
"org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [
- {
- "config": {
- "max-clients": [
- "200"
- ]
- },
- "id": "7774d67c-b440-4477-9ee7-8d1d5239fd80",
- "name": "Max Clients Limit",
- "providerId": "max-clients",
- "subComponents": {},
- "subType": "anonymous"
- },
- {
- "config": {
- "client-uris-must-match": [
- "true"
- ],
- "host-sending-registration-request-must-match": [
- "true"
- ]
- },
- "id": "d78cce55-836a-4c91-8e7c-6233b70b4ed0",
- "name": "Trusted Hosts",
- "providerId": "trusted-hosts",
- "subComponents": {},
- "subType": "anonymous"
- },
- {
- "config": {},
- "id": "bb69f779-b16f-40fc-925b-3c670233a29b",
- "name": "Full Scope Disabled",
- "providerId": "scope",
- "subComponents": {},
- "subType": "anonymous"
- },
- {
- "config": {
- "allow-default-scopes": [
- "true"
- ]
- },
- "id": "32e6dcdd-874f-4c9d-b31c-2fd869900b6c",
- "name": "Allowed Client Scopes",
- "providerId": "allowed-client-templates",
- "subComponents": {},
- "subType": "authenticated"
- },
- {
- "config": {},
- "id": "ab34db59-db6f-4037-b896-c98ad1b6a87a",
- "name": "Consent Required",
- "providerId": "consent-required",
- "subComponents": {},
- "subType": "anonymous"
- },
- {
- "config": {
- "allowed-protocol-mapper-types": [
- "saml-user-property-mapper",
- "saml-role-list-mapper",
- "oidc-usermodel-attribute-mapper",
- "oidc-address-mapper",
- "saml-user-attribute-mapper",
- "oidc-usermodel-property-mapper",
- "oidc-full-name-mapper",
- "oidc-sha256-pairwise-sub-mapper"
- ]
- },
- "id": "d7fa36e0-89ac-4b1a-8b1f-4cb32af415d8",
- "name": "Allowed Protocol Mapper Types",
- "providerId": "allowed-protocol-mappers",
- "subComponents": {},
- "subType": "authenticated"
- },
- {
- "config": {
- "allow-default-scopes": [
- "true"
- ]
+ "client": {
+ "kafka": [
+ {
+ "name": "kafka-admin",
+ "description": "Kafka administrator - can perform any action on any
Kafka resource",
+ "clientRole": true
},
- "id": "a12a2c6c-531c-4c3b-9254-43fba109cab3",
- "name": "Allowed Client Scopes",
- "providerId": "allowed-client-templates",
- "subComponents": {},
- "subType": "anonymous"
- },
- {
- "config": {
- "allowed-protocol-mapper-types": [
- "saml-user-property-mapper",
- "oidc-full-name-mapper",
- "oidc-address-mapper",
- "oidc-usermodel-property-mapper",
- "oidc-sha256-pairwise-sub-mapper",
- "saml-role-list-mapper",
- "saml-user-attribute-mapper",
- "oidc-usermodel-attribute-mapper"
- ]
+ {
+ "name": "kafka-topic:superapp_*:owner",
+ "description": "Owner of topics that begin with 'superapp_' prefix.
Can perform any operation on these topics.",
+ "clientRole": true
},
- "id": "03d3362c-0f3c-4d47-a983-1a14cd383bb0",
- "name": "Allowed Protocol Mapper Types",
- "providerId": "allowed-protocol-mappers",
- "subComponents": {},
- "subType": "anonymous"
- }
- ]
- },
- "defaultDefaultClientScopes": [
- "role_list",
- "saml_organization",
- "profile",
- "email",
- "roles",
- "web-origins",
- "acr",
- "basic"
- ],
- "defaultOptionalClientScopes": [
- "offline_access",
- "address",
- "phone",
- "microprofile-jwt",
- "organization"
- ],
- "defaultRole": {
- "clientRole": false,
- "composite": true,
- "containerId": "2f6145a3-ea79-4b1e-bf79-ee52fd535391",
- "description": "${role_default-roles}",
- "id": "ffe65c82-b0e5-4f42-b2cc-3f887563c6a8",
- "name": "default-roles-camel"
+ {
+ "name": "kafka-topic:superapp_*:consumer",
+ "description": "Consumer of topics that begin with 'superapp_'
prefix. Can perform READ, and DESCRIBE on these topics.",
+ "clientRole": true
+ }
+ ]
+ }
},
- "defaultSignatureAlgorithm": "RS256",
- "directGrantFlow": "direct grant",
- "dockerAuthenticationFlow": "docker auth",
- "duplicateEmailsAllowed": false,
- "editUsernameAllowed": false,
- "enabled": true,
- "enabledEventTypes": [],
- "eventsEnabled": false,
- "eventsListeners": [
- "jboss-logging"
- ],
- "failureFactor": 30,
- "firstBrokerLoginFlow": "first broker login",
- "id": "2f6145a3-ea79-4b1e-bf79-ee52fd535391",
- "identityProviderMappers": [],
- "identityProviders": [],
- "internationalizationEnabled": false,
- "keycloakVersion": "26.1.2",
- "localizationTexts": {},
- "loginWithEmailAllowed": true,
- "maxDeltaTimeSeconds": 43200,
- "maxFailureWaitSeconds": 900,
- "maxTemporaryLockouts": 0,
- "minimumQuickLoginWaitSeconds": 60,
- "notBefore": 0,
- "oauth2DeviceCodeLifespan": 600,
- "oauth2DevicePollingInterval": 5,
- "offlineSessionIdleTimeout": 2592000,
- "offlineSessionMaxLifespan": 5184000,
- "offlineSessionMaxLifespanEnabled": false,
- "organizationsEnabled": false,
- "otpPolicyAlgorithm": "HmacSHA1",
- "otpPolicyCodeReusable": false,
- "otpPolicyDigits": 6,
- "otpPolicyInitialCounter": 0,
- "otpPolicyLookAheadWindow": 1,
- "otpPolicyPeriod": 30,
- "otpPolicyType": "totp",
- "otpSupportedApplications": [
- "totpAppFreeOTPName",
- "totpAppGoogleName",
- "totpAppMicrosoftAuthenticatorName"
- ],
- "permanentLockout": false,
- "quickLoginCheckMilliSeconds": 1000,
- "realm": "camel",
- "refreshTokenMaxReuse": 0,
- "registrationAllowed": false,
- "registrationEmailAsUsername": false,
- "registrationFlow": "registration",
- "rememberMe": false,
- "requiredActions": [
- {
- "alias": "CONFIGURE_TOTP",
- "config": {},
- "defaultAction": false,
- "enabled": true,
- "name": "Configure OTP",
- "priority": 10,
- "providerId": "CONFIGURE_TOTP"
- },
- {
- "alias": "TERMS_AND_CONDITIONS",
- "config": {},
- "defaultAction": false,
- "enabled": false,
- "name": "Terms and Conditions",
- "priority": 20,
- "providerId": "TERMS_AND_CONDITIONS"
- },
- {
- "alias": "UPDATE_PASSWORD",
- "config": {},
- "defaultAction": false,
- "enabled": true,
- "name": "Update Password",
- "priority": 30,
- "providerId": "UPDATE_PASSWORD"
- },
+ "scopeMappings": [
{
- "alias": "UPDATE_PROFILE",
- "config": {},
- "defaultAction": false,
- "enabled": true,
- "name": "Update Profile",
- "priority": 40,
- "providerId": "UPDATE_PROFILE"
+ "client": "kafka-broker",
+ "roles": [
+ "offline_access"
+ ]
},
{
- "alias": "VERIFY_EMAIL",
- "config": {},
- "defaultAction": false,
- "enabled": true,
- "name": "Verify Email",
- "priority": 50,
- "providerId": "VERIFY_EMAIL"
+ "client": "kafka-producer-client",
+ "roles": [
+ "offline_access"
+ ]
},
{
- "alias": "delete_account",
- "config": {},
- "defaultAction": false,
- "enabled": false,
- "name": "Delete Account",
- "priority": 60,
- "providerId": "delete_account"
+ "client": "kafka-consumer-client",
+ "roles": [
+ "offline_access"
+ ]
},
{
- "alias": "webauthn-register",
- "config": {},
- "defaultAction": false,
- "enabled": true,
- "name": "Webauthn Register",
- "priority": 70,
- "providerId": "webauthn-register"
- },
+ "clientScope": "offline_access",
+ "roles": [
+ "offline_access"
+ ]
+ }
+ ],
+ "clientScopeMappings": {
+ "kafka": [
+ {
+ "client": "kafka-broker",
+ "roles": [
+ "kafka-admin"
+ ]
+ },
+ {
+ "client": "kafka-consumer-client",
+ "roles": [
+ "kafka-topic:superapp_*:consumer"
+ ]
+ },
+ {
+ "client": "kafka-producer-client",
+ "roles": [
+ "kafka-topic:superapp_*:owner"
+ ]
+ }
+ ]
+ },
+ "clients": [
{
- "alias": "webauthn-register-passwordless",
- "config": {},
- "defaultAction": false,
+ "clientId": "camel-client",
"enabled": true,
- "name": "Webauthn Register Passwordless",
- "priority": 80,
- "providerId": "webauthn-register-passwordless"
+ "clientAuthenticatorType": "client-secret",
+ "secret": "camel-client-secret",
+ "publicClient": false,
+ "bearerOnly": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": false,
+ "serviceAccountsEnabled": true,
+ "consentRequired" : false,
+ "fullScopeAllowed" : false,
+ "redirectUris": [
+ "http://127.0.0.1:8080/auth";
+ ],
+ "attributes": {
+ "post.logout.redirect.uris": "http://127.0.0.1:8080/";
+ }
},
{
- "alias": "VERIFY_PROFILE",
- "config": {},
- "defaultAction": false,
+ "clientId": "kafka",
"enabled": true,
- "name": "Verify Profile",
- "priority": 90,
- "providerId": "VERIFY_PROFILE"
+ "publicClient": true,
+ "bearerOnly": false,
+ "standardFlowEnabled": false,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": false,
+ "serviceAccountsEnabled": false,
+ "consentRequired" : false,
+ "fullScopeAllowed" : false
},
{
- "alias": "delete_credential",
- "config": {},
- "defaultAction": false,
+ "clientId": "kafka-broker",
"enabled": true,
- "name": "Delete Credential",
- "priority": 100,
- "providerId": "delete_credential"
+ "clientAuthenticatorType": "client-secret",
+ "secret": "kafka-broker-secret",
+ "publicClient": false,
+ "bearerOnly": false,
+ "standardFlowEnabled": false,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": true,
+ "serviceAccountsEnabled": true,
+ "consentRequired" : false,
+ "fullScopeAllowed" : false,
+ "attributes": {
+ "access.token.lifespan": "32140800"
+ }
},
{
- "alias": "update_user_locale",
- "config": {},
- "defaultAction": false,
- "enabled": true,
- "name": "Update User Locale",
- "priority": 1000,
- "providerId": "update_user_locale"
- }
- ],
- "requiredCredentials": [
- "password"
- ],
- "resetCredentialsFlow": "reset credentials",
- "resetPasswordAllowed": false,
- "revokeRefreshToken": false,
- "scopeMappings": [
- {
- "clientScope": "offline_access",
- "roles": [
- "offline_access"
- ]
- }
- ],
- "smtpServer": {},
- "sslRequired": "external",
- "ssoSessionIdleTimeout": 1800,
- "ssoSessionIdleTimeoutRememberMe": 0,
- "ssoSessionMaxLifespan": 36000,
- "ssoSessionMaxLifespanRememberMe": 0,
- "supportedLocales": [],
- "userManagedAccessAllowed": false,
- "users": [
- {
- "createdTimestamp": 1739866545416,
- "disableableCredentialTypes": [],
- "emailVerified": false,
+ "clientId": "kafka-producer-client",
"enabled": true,
- "id": "b69d3c34-dda3-47b6-9ce9-0010f756cde4",
- "notBefore": 0,
- "requiredActions": [],
- "serviceAccountClientId": "camel-client",
- "totp": false,
- "username": "service-account-camel-client"
+ "clientAuthenticatorType": "client-secret",
+ "secret": "kafka-producer-client-secret",
+ "publicClient": false,
+ "bearerOnly": false,
+ "standardFlowEnabled": false,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": true,
+ "serviceAccountsEnabled": true,
+ "consentRequired" : false,
+ "fullScopeAllowed" : false,
+ "attributes": {
+ "access.token.lifespan": "36000"
+ }
},
{
- "username": "alice",
+ "clientId": "kafka-consumer-client",
"enabled": true,
- "email": "al...@example.com",
- "emailVerified": true,
- "firstName": "Alice",
- "lastName": "Brown",
- "credentials": [
- {
- "type": "password",
- "value": "alice"
- }
- ]
+ "clientAuthenticatorType": "client-secret",
+ "secret": "kafka-consumer-client-secret",
+ "publicClient": false,
+ "bearerOnly": false,
+ "standardFlowEnabled": false,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": true,
+ "serviceAccountsEnabled": true,
+ "consentRequired" : false,
+ "fullScopeAllowed" : false,
+ "attributes": {
+ "access.token.lifespan": "32140800"
+ }
}
- ],
- "verifiableCredentialsEnabled": false,
- "verifyEmail": false,
- "waitIncrementSeconds": 60,
- "webAuthnPolicyAcceptableAaguids": [],
- "webAuthnPolicyAttestationConveyancePreference": "not specified",
- "webAuthnPolicyAuthenticatorAttachment": "not specified",
- "webAuthnPolicyAvoidSameAuthenticatorRegister": false,
- "webAuthnPolicyCreateTimeout": 0,
- "webAuthnPolicyExtraOrigins": [],
- "webAuthnPolicyPasswordlessAcceptableAaguids": [],
- "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified",
- "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified",
- "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false,
- "webAuthnPolicyPasswordlessCreateTimeout": 0,
- "webAuthnPolicyPasswordlessExtraOrigins": [],
- "webAuthnPolicyPasswordlessRequireResidentKey": "not specified",
- "webAuthnPolicyPasswordlessRpEntityName": "keycloak",
- "webAuthnPolicyPasswordlessRpId": "",
- "webAuthnPolicyPasswordlessSignatureAlgorithms": [
- "ES256",
- "RS256"
- ],
- "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified",
- "webAuthnPolicyRequireResidentKey": "not specified",
- "webAuthnPolicyRpEntityName": "keycloak",
- "webAuthnPolicyRpId": "",
- "webAuthnPolicySignatureAlgorithms": [
- "ES256",
- "RS256"
- ],
- "webAuthnPolicyUserVerificationRequirement": "not specified"
+ ]
}
diff --git a/components/camel-oauth/helm/etc/cluster.crt
b/components/camel-oauth/helm/etc/cluster.crt
new file mode 100644
index 00000000000..df065655ad6
--- /dev/null
+++ b/components/camel-oauth/helm/etc/cluster.crt
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF1DCCA7ygAwIBAgIUG1nj2lY4cjhn275nh3491iZZ2eUwDQYJKoZIhvcNAQEL
+BQAwaDELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVN0YXRlMQ0wCwYDVQQHDARDaXR5
+MRUwEwYDVQQKDAxPcmdhbml6YXRpb24xDTALBgNVBAsMBFVuaXQxFDASBgNVBAMM
+C0NhbWVsIE9BdXRoMB4XDTI1MDMxMDExNDYyMloXDTI2MDMxMDExNDYyMlowaDEL
+MAkGA1UEBhMCVVMxDjAMBgNVBAgMBVN0YXRlMQ0wCwYDVQQHDARDaXR5MRUwEwYD
+VQQKDAxPcmdhbml6YXRpb24xDTALBgNVBAsMBFVuaXQxFDASBgNVBAMMC0NhbWVs
+IE9BdXRoMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3PDEVJ9z9S9o
+99a6wmgf+LdWoRUGM3rsNWXsVEpHavwRlOU4khwNcNUBfdg3ACnzTxIBeUix8VRS
+kDEpLRAuK1IVhoLi+vXbDzl58WqZvK4JSb97TzSlt14Ka4twmli9+A85dDcmxhWm
+VAL7qloC5oW1p3eB00mIm3XZAoGqudRzLxaE7aNrZ8Alk6/3PFZZpkf36/iA2XsL
+C7qvCPlJ5wi/gh18pLcirabNkbLMtkKERmSUL1verUxQdpR9cMl4m5XaWBRWgoQK
+r5hAL1GDebwRlHj+0w2WlWbryHGQK0udakB0i4QHirn/Nttm9mOpZv55FFGbRtbh
+GpTYVLRfyNreQ1+n76KwDutoRff8NpWv7jr96GX9PrvqI8xgL5Yd3VHsy6ZbZuuF
+K6HM5ELXVlietF/1KGhCephC3hVAHDMeCrF8++Graj8Dzu8DS7I61lpvaT6Qbxjv
+8Q48A1VgsTXsEoDiloRJt6cAQSXsv+2/xOsjW8lbmWyWslv4Ib+Qzm6EZ/DGVJ2U
+Qdpu3iXf+On+ep10fPTCmS/WrX4lNY866pqwnol9ln0kZQG1577l/e3tjjyIOyAE
+ua/B0pXwg72zc97cW0ydA9ABsa6zI2CjzOaK+PFLsvJesQD4yklwUL9BnMViHJfS
+2Z8f7IIfbcaMJU8D1oj5C7L9B7kScgUCAwEAAaN2MHQwDgYDVR0PAQH/BAQDAgWg
+MBMGA1UdJQQMMAoGCCsGAQUFBwMBMC4GA1UdEQQnMCWCDWNsdXN0ZXIubG9jYWyC
+DmtleWNsb2FrLmxvY2FshwR/AAABMB0GA1UdDgQWBBSgrQRoOUiJOt+dN8D7Yd+a
+PUD72DANBgkqhkiG9w0BAQsFAAOCAgEAAmjrTVBrI9DUyQvVN6VHwv6lgJZvJvTy
+7TWgZUqQULo0Ay1B6m8Dp87i5EasjhYljZ5nm4MS92LcTW+ar3K7JAq43MRN8uVy
+4TMeNfZGFAWdcaxFZv5s//mnECE72WTDMUDCEAth7pnLFn43nHLYPyMfkmUJ7Yxy
++sSSD+uwFB8hzxx4T65sBuI1MoUSnDOWssHnNlJZN3/Y/ZMyMsomfjvPDqpv2MO8
+kn2wzT/eXQnmhRe0LktlpyU/dLa59+Md31RAP6YWqUGQftnzT6J2a438NxuqKu8v
+PdwlNQ2BFI6gHgYlNwB4ayQlbYMgrKSVcEsF2rgoMT4mSOu+LNwL4tks643npC1p
+gg7lCoJywjDz8owKGrY1lhz7ZdgnpdgUcefldw7zCXDPSgUnmgpdMXtvwgVa6G13
+pI/lGlb5UTdbR9HtHnEvfz1FWRBZbaupsM1cQ14rJCyn9EEm8jgU0VsS0P9kJxbQ
+HUKwLnN7gGtWvtyW6iIkJmN0OUtgaQxJzWYNBguwEGgGDXBbwYoulgvSbqsnUl3V
+JhGZ+RIa78r+iaQ4cx2giMtbIH+HmBua7jCNn3ZJtS745kRBb6Sf95HjdSrzEig6
+PkmSt/1wM/s/+BTiZR/XnAz9Lg+DgwqrdcA350PKF5D/RNQSxc2x54jkp9nrUT/M
+ztaJIfsNLiY=
+-----END CERTIFICATE-----
diff --git a/components/camel-oauth/helm/etc/cluster.key
b/components/camel-oauth/helm/etc/cluster.key
new file mode 100644
index 00000000000..01a889dc670
--- /dev/null
+++ b/components/camel-oauth/helm/etc/cluster.key
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDc8MRUn3P1L2j3
+1rrCaB/4t1ahFQYzeuw1ZexUSkdq/BGU5TiSHA1w1QF92DcAKfNPEgF5SLHxVFKQ
+MSktEC4rUhWGguL69dsPOXnxapm8rglJv3tPNKW3Xgpri3CaWL34Dzl0NybGFaZU
+AvuqWgLmhbWnd4HTSYibddkCgaq51HMvFoTto2tnwCWTr/c8VlmmR/fr+IDZewsL
+uq8I+UnnCL+CHXyktyKtps2Rssy2QoRGZJQvW96tTFB2lH1wyXibldpYFFaChAqv
+mEAvUYN5vBGUeP7TDZaVZuvIcZArS51qQHSLhAeKuf8222b2Y6lm/nkUUZtG1uEa
+lNhUtF/I2t5DX6fvorAO62hF9/w2la/uOv3oZf0+u+ojzGAvlh3dUezLpltm64Ur
+oczkQtdWWJ60X/UoaEJ6mELeFUAcMx4KsXz74atqPwPO7wNLsjrWWm9pPpBvGO/x
+DjwDVWCxNewSgOKWhEm3pwBBJey/7b/E6yNbyVuZbJayW/ghv5DOboRn8MZUnZRB
+2m7eJd/46f56nXR89MKZL9atfiU1jzrqmrCeiX2WfSRlAbXnvuX97e2OPIg7IAS5
+r8HSlfCDvbNz3txbTJ0D0AGxrrMjYKPM5or48Uuy8l6xAPjKSXBQv0GcxWIcl9LZ
+nx/sgh9txowlTwPWiPkLsv0HuRJyBQIDAQABAoICABt44KC5Fv0UwROYIq7LrbYK
+bf4nlBbQoRBetQ0iE1FNOI5wFiGs1UsDYWUZfnVJwhRB4+cF0AJ2/rEpO7p7uZHv
+affIzJpx+aQh/HS1UZpxdXwzEA0gOb7cNaV7uCuo/y4aDoXR2cNlq8HkgRCEkrnB
+RH4nUQBJs2/JLouuPeFPdmcTgMHfwRosfT+o8LAS+KDBcCVqR/NC5nO16c/O146f
+uthd/EKq9ufqxsLoHaZIDRSHqxlcbgrUY2jrO9HLa3DFKFotZThjXMTKxKhdlWCM
+rw7sIJtzpBa9rnHFFS0dANzWWOeEKj/ossBKdboLWGQTHlEVeJ5NV74rZd7actJW
+otvI8V9pitXNFBdpM9moad3/R4WzgbmdzO1EAlXEBcVVlUTpCxblzbOKnA87u7Fn
+NzBjQl3TVj2exTNkQRZWinhk9jJlNyUVVx6q9B7lary2qqdzAOjtPNozjGhBQOaB
+z9gaVZpZgCSIojfkfVXiO2NU3GxMkvpiiZ5XR/+yxxTN4A0EzQpPZgJTkOQ4PNqy
+lvjpa8cZM7a+jrvFfcDe69Tq2v4Ng2Dwjk8v9xXf8fdDgf54OrrPl0D+ATUYBznb
+DGJVKZ12ceij+jbP62KKfa1R+FEw4avsi7hhaTm99jf9J/ghGvgcL+mXlM3i777f
+nX8KQDUSscx2Ja7/iqBBAoIBAQDz9f9BlzKdIjQj3T8Jj8AlQKod5tMy3NJuaYPh
+lL44l3uUNODAUXm6OBnSKtwR5NSmad+PslG1R694RpqxjcKMAcPbtRUzANZLxJ0z
+GF5LEwrqLGpJ8pB15qApmKmS+Qzffx1r8h/ziy266Xg/gkmN63SdqBihUPbE1crc
+lC++1tMKBnainOyByFkdyXbw2y2pE05LVWnryhhsLFotgY0W0I+Ovgz6QqfE79KU
+WWMFuFFpchKoe9bKmucfQXnDjWaU++3GRXSSx2nRQfjaRZBAL+z3vJcUXuikwMVd
+tEUrq0dj95lCu7RRqRXESWfQu280YoX5ANKGY/j6uLFZtU0RAoIBAQDn1/LSadHi
+RHVoA4TtYPgckmABZbcEViN/d2sEOM4fTnvF3gotkgyUVVouZI7XivV2f9zPa6zl
+LbfmD9xts/cVolN7UZzgMM3tRYoyM5A1oCwm/ZjGDGu/eUvaqRMGEVJCb0jkITqf
+XkBC5WpZs42agPvR90B8eeB2rvBUDwAFWfW1M44yK1HKS9bYAGs5YhEbOyvOSGZp
+K0VpvaqsOohPzip1KKr9W3bPmgTM2qd/qal0lAzFXRBqFRQGZSuDnrYsIjJjvEv5
+aA4br8UT0S1ImBIVBKF4z1xQFBL/GxQ0i/UNASdSLHq1r3E/4yHmtpcUNWnwSFaS
+Tzufqh35x6W1AoIBAQDL0kC6qfntckAhnp0l/eXIuefnJ4xYOEnPWXSHqV/rpBPp
+VOxZgTi0Ll7USl6mzIolptrTEWZWkFe3ozVnFkrt8iOSkg3uGMrxbojvwXI2Quih
+kQ4UTgYHmvFBD3zNgCoTJ/6KyzWKokNIn/qJBO8zFP7PITvCuwQQm5XrCBuD07Np
+8tB3N6gZHivmSQWIYXYahjipk+j0yFnzNnL5Bf28i+8EkSACjmHglYVXz/59LutF
+r7qK7Twc9aIXaPq0OJT18C1Ns4Wbg+OSow2oPuov1lqi9/s5V7oCu9OpYA1SWL1C
+dgCj0nLqrtuyrKmBqLdWCuJnkRpSkX/Y6SmzC1ghAoIBAQCXxu/YgB4/GsIhzev/
+2zOSwODJCWW/GQU0NWGB6g5GwIKXDr1rB+nkUdwv8vTwdrArW5ma0MrnXf6+RjPw
+PZjMOPCeEte4jTrC0nueUdNex/UfsXWKcic3upjGFVm25zAK/f+iGX7fRjybjsUI
+5FsXgslYs50r4D3qdKww24EP/8yzS4UTovhwjyWfUubfMiwwv5P1/7/LqeBPUTOi
+fM8wL6/r8yu9oVsunY327k4pbVDaWPHjYwGT8Sii5yiNiiGI0vpaALNcG5rg1TkX
+uCEFHUj5KYbsKBQu+HVXPMsFe3p5gP/U8/mBZ9GkGXXgLDjLqgwombLTJbvK0vu8
+wc7hAoIBAQCiUUl9oQhyHJ+Ixu02s+Ym6h5LMAH/I/S7m76LV8x3NSZMepU6jZjd
+LnULDsN7ZdbFGCLnjqr6c0xG00bR1ptL4V5yba8xqhCOLXazXUamP2uJISHPSauy
+2DT0paNr/2ksBL/pEkv8okA6jpbmCj/y4m48AkE8dWo3HR2kRiv6UXTtzlPrIYBl
+2gEBsZOqvuvzsAjzGnL0dZDoqP7/HK6plUHwTlvg15lPJmnbNj0jmtn+3OAVKOws
+myUTdDO7p4XkRRGPHedip9SXiVoBVJxmcopHhmYihyyJc1Dk/yxE7KDq5Hnla5XT
+nrJv2Z4xG1KIkEOjCOn+klnstOI9tboD
+-----END PRIVATE KEY-----
diff --git a/components/camel-oauth/helm/etc/keycloak.crt
b/components/camel-oauth/helm/etc/keycloak.crt
deleted file mode 100644
index 09b59c8d3e3..00000000000
--- a/components/camel-oauth/helm/etc/keycloak.crt
+++ /dev/null
@@ -1,33 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFyzCCA7OgAwIBAgIUFVvwaM91yqF60c5zGcXkBfmTRKEwDQYJKoZIhvcNAQEL
-BQAwazELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVN0YXRlMQ0wCwYDVQQHDARDaXR5
-MRUwEwYDVQQKDAxPcmdhbml6YXRpb24xDTALBgNVBAsMBFVuaXQxFzAVBgNVBAMM
-DmtleWNsb2FrLmxvY2FsMB4XDTI1MDIxNzEwNDkxMFoXDTI2MDIxNzEwNDkxMFow
-azELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVN0YXRlMQ0wCwYDVQQHDARDaXR5MRUw
-EwYDVQQKDAxPcmdhbml6YXRpb24xDTALBgNVBAsMBFVuaXQxFzAVBgNVBAMMDmtl
-eWNsb2FrLmxvY2FsMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqr5n
-fYTJJ+4O7naJ59FPxAlz4vshjpUgLlizDQ3VgL20lS/XDtX/sId50LFTYJiXeh0p
-TDPSzVYJr6s5mMfOgLxdgLlp6d2kbj2FVhlDKLdkUnELdro/yLuUbLcwI/brNiTO
-JWo5UbneL8RWuwsOCSI0YHiKX3T+xq3S6fZ2Sp7pZeiNoMXsDKh6t9TQRtvOwTPz
-z6DWSpeEEfNpx4HsSp0DMkL+sEnxbX0eDBGsQbCr3NEvxFttZoASpXkvTEmbPs9n
-Ebm7LYRjthIbGUfRP1DMPBR1RcFhqNpwERGAzhTe+2FLlSFNjsKo3JNyo+hhCUhW
-Z773qacai3lZO3oNt514Ic/NzsHuG1+Ge4VXWjyVUqjBkxXzrwvWO6AuVAwJOnWo
-w9ys3r3M622/KB6SWtdC1WkRlRc9dt9G8WceRv4LAUv5qt7dmS8+pq0UTBoLn5DS
-2TJBwlSkpi5vWEIUeKRl/qUfKzRr/sDLMjC/qrlsWPkFS9+ooFsWBtuGNz29T0b7
-gXGplA05hy5QM/biLxWLK0SgqpQ/znIOAT93i4f/cM1EfleF8yFqELd+LzfHlJka
-2CQfOY0cwsKKUPdbLlMt/VddvNILN84RrtbbwwJ55poRiBSfx1lkODw5sm4lTPF8
-f8XOo8wwlmoVkn9rJlqkq5xZBlAsIW+8dwt8vA8CAwEAAaNnMGUwDgYDVR0PAQH/
-BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB8GA1UdEQQYMBaCDmtleWNsb2Fr
-LmxvY2FshwR/AAABMB0GA1UdDgQWBBQ6xZaBawT/6XxXK5bMcJNqyE7OgjANBgkq
-hkiG9w0BAQsFAAOCAgEAXGk3i4C8tmcqgR48ziU6WIE/lFcOfcd8ITahdCvrgMLv
-yUYO/POS24fi+djWmMvBYojiOPuvY8EyKyg2+CSAfmMRxcZIQHHz8EG8awzZwzVf
-IamGKo2rVdB/p3wgut9EreGkHQ9jpPM0TFwT/ei4GULjYIrhcqjDNyOCtGaIn5Qt
-Mm3IghOLfrEj7WYwNSBhpC++hd6Q7FXKwa41Dgar6GKjDn2QHEgPGks225MX+WPl
-ZbCdJO9+Heez3UejDJ484ZuxgxpbMgG2Uq1knaE+K5yIbk2h/GlX0nceMb0r7Wbb
-53IennDQEZETG2k3tMSF4ez2WLHOP993T7zZVs5Wfl7hpQZ7yA4LteOPFCE0KcfC
-zj0Svz+w5Iu5GSbVUpG6qSxl5S/xEVsUYwZJvlKfz4reentd8Z717fhaxtaUZxKm
-SoCkMVbAwiolBVgeOkvpasXd1q+rrwCEJYjUK9T5hThTXtQThKii0FgE3n91JAnC
-Is/dCvLDea8SYlpiyVpaC6sxFtZr99GDE+Vj9radPAJWQl2XO5o5uiCdvqVugXvy
-p2N3HJAQdklSEkUcl7xE73sGjfI1Wpdi/KYiFsiLmm/+hymug7S0Ll9X6mHbakvk
-nEZlZVWg0HXYhpI+LsUPCca+qEOxOEwqNKtL0CKjfcyYhOn18pRHCQr7AFJeZYs=
------END CERTIFICATE-----
diff --git a/components/camel-oauth/helm/etc/keycloak.key
b/components/camel-oauth/helm/etc/keycloak.key
deleted file mode 100644
index 154101357fb..00000000000
--- a/components/camel-oauth/helm/etc/keycloak.key
+++ /dev/null
@@ -1,52 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCqvmd9hMkn7g7u
-donn0U/ECXPi+yGOlSAuWLMNDdWAvbSVL9cO1f+wh3nQsVNgmJd6HSlMM9LNVgmv
-qzmYx86AvF2AuWnp3aRuPYVWGUMot2RScQt2uj/Iu5RstzAj9us2JM4lajlRud4v
-xFa7Cw4JIjRgeIpfdP7GrdLp9nZKnull6I2gxewMqHq31NBG287BM/PPoNZKl4QR
-82nHgexKnQMyQv6wSfFtfR4MEaxBsKvc0S/EW21mgBKleS9MSZs+z2cRubsthGO2
-EhsZR9E/UMw8FHVFwWGo2nAREYDOFN77YUuVIU2Owqjck3Kj6GEJSFZnvveppxqL
-eVk7eg23nXghz83Owe4bX4Z7hVdaPJVSqMGTFfOvC9Y7oC5UDAk6dajD3Kzevczr
-bb8oHpJa10LVaRGVFz1230bxZx5G/gsBS/mq3t2ZLz6mrRRMGgufkNLZMkHCVKSm
-Lm9YQhR4pGX+pR8rNGv+wMsyML+quWxY+QVL36igWxYG24Y3Pb1PRvuBcamUDTmH
-LlAz9uIvFYsrRKCqlD/Ocg4BP3eLh/9wzUR+V4XzIWoQt34vN8eUmRrYJB85jRzC
-wopQ91suUy39V1280gs3zhGu1tvDAnnmmhGIFJ/HWWQ4PDmybiVM8Xx/xc6jzDCW
-ahWSf2smWqSrnFkGUCwhb7x3C3y8DwIDAQABAoICAD5z+b+4J6nS0iRYOHYSIhaH
-DJvsFqikFErPh+KQ+lSmTxy4jHWxQd6slxqGGgS9m75/VyE33XXc8BsQyrb+8qI1
-BBB3AW4Y87GdEB3fjKiid/ANyE8rrfP65L3lPZcSFJPP35Vg5sllbodTThQJZZ9i
-ovzcamSjEyPR5dFNJJSDzsRHTTKO4pn4sDZ4gZxBfz09BwOdhXRwOk8klT7z312l
-U8t5JNaPnV7agniQqEy41gwlec7dUEVLOEbNbkb9r2rIix85K+VoxN4Ofln/YmLB
-54pcQ075/oI4MACWQeJfUPZq7q4EKe27du+DgU3BzGiMTIqTF9y2sidtAf4W1VgH
-1Pi4dIhcy4wKTVY7vu1dHjJfLgScecHUc09OXqBz1ChCJ+N4Wm1Ft0GawWIP8W23
-BuoWZXuCJYvN7QUPhypNQe+v2tlI0E0VxWMU25SPB7zs4ugXZxhqagDOEuUIb61T
-zSGQTCdJuapFQr+wm1UEdBYTnSKezIM3vToQ/tAviRgGv8r0nYSMBgaO/A3OIHWW
-RiPVlPvTDf+A3f97atuEKnr84gs8ONEISneN+tDdWIgZKscnhIO/77IAyBO913rT
-ZInnUUwizpIbg3D30hWnr+QF6R3/wZ49OcA6P4TS4KjFexuaMxnQsr/Rpxr85vXn
-SFx+hYXaOPyuDpOQRJXBAoIBAQDoXAC7rODhRCX6vgEVFhwFJYGIS5dTV5kcsfAx
-QXBads8m7W+XmNHBLE5qqs1Lrta1gWzM0beZeuN5+NX+zT4f/ey6TSVFy78jA033
-xYZCD64tq04aTwAIVSzl6GbGESFH7NbuIOiCYvK1YYgEeJb+ShVXq/JES17b0v6P
-bfN0CJIqBgaXXNv6k+niJeyYgoXKkBLyM4C1yUq2yG0CPnoFfJjA9VXqtmioDwae
-uSM330Dgjeu0/X2Ie7NvkPHIuyF15P/tlqIw/4JBSVG1JR58hsmzS62lMuargIki
-ufiY3PXZOmaAEt0BUL/rIBS/chTIrO9nKCpXZYHUkLMGbEnPAoIBAQC8HZIDdfco
-58L/2/e7qlT9Yhlxfdnb0dj8Ibfb2vzGSekqaON7j2P5U8GHqevGxIy38XFwWI6P
-Df/KmcEeUSHwH5PbwZR+bz0HTxa//ZxU9h4ovt1WVcTnXAOqXSSoBTktIHbvW0K+
-q2UBHMCqSzFQqN3KNLkC9TerX5zH0PpsIstJSnKsX5kwDpzoWXOjURTquFkRiQmj
-aHW+NsS2r6sp/XJRbPUWKctyMJXY5zuuY0jIeuS1tFZyg89NOk6tlZJwDYeKmpqK
-NKu1QGT/5DIYsbBf7FkSg4M4ebPfj5LDi1tcEscTVISLl9vfwIUn68DpbGS37WC4
-Az7uTTZOdjnBAoIBAQDWBbBTLaixNUE6VPrQPl4uy14leWL4TC5mxOs1o03mtZqX
-A4qO+x7xLGtKSurv9ComYwEhI2ZWg1+1wGLz4H6BnzUGYPqc8E+s42VUfGbuwFyy
-CiDVkMC57CJ/3fGULMEX6+oIytz/BD8EnMJZQ+3oabqA14s+JqJIHm+FE0R0M1TW
-SliV4N1qUAXU3ROxYj/z1YLt/kxmpPMhqzjlIUDpftuAmDm8CKobakOxvVvYIdYz
-P+XE/tw6853SfJKITv1CB11IrT/Vm/ORSQRusrMDBnAQqvtVt63KeIlYKC34N0Zo
-ASfafgV9KbCs1Q7nTCAiu0+EF/XwLDpK3cFYgDP3AoIBAQCCrewcGVvcf7v38AAV
-z0sBRp+0NqAcU5fv9yB5S5Rjzz555ql40XC66JM9wi33Q90Zf1G1oN9Pw4LZZJxC
-ikwQOm+FruGQP4hexnNgZjau0ta6qXSrICQMMOCe/duUGSTSE4Zr2rLwL7KX5jh1
-VIzqopSIfr2zr1O/6kjIioUcj8M2o9ArrLGHL++SfWmWn6HvOKcvRkp6yPtaa0OW
-QUyfe+Bpbk6H2frp1ZSTPHc6OuB53N162M9g9+4PkRzM+2XiD5QEFkibD+HkpNpE
-5WpjuzRyPobWFKQYnHr3KA7lZq7NtIG1DPaS3qiwtFYMGHtH7LO/Ddktm5uhAeRi
-90BBAoIBADc3wftpVYj2shAmU+0SSxYRHSXPb3Kgha/vrihNHLvp2ZwBp//6jXuk
-5ZpNgwe8T3Z6VAfvD1RXgvmb1GQviHCmtzsKVjgJnsxj8sOvpMBAvzupg6fxjG5R
-nJX9Vpks4TEunhnIWWGibEvbu7KKQXl/Wy9XDQdEsX9sjwnW5e0uAstWngHRFJOY
-u1KF4yfH/XhbKFLqku4s/xtNd/rAijfxs/k0BA5r+JVdoJ6ZykEe3hBRTp1DJ725
-hfg4yNcELG25uwcvaTeKnph1TqdFRwC37Kb+QNNG7GYpB+g7QsH4fLFAuZRVYHxo
-NllR/NTnsleE+4jwx8GMlvFvto+9/aw=
------END PRIVATE KEY-----
diff --git a/components/camel-oauth/helm/etc/san.cnf
b/components/camel-oauth/helm/etc/san.cnf
index 110a13cd86d..9a04e08acf3 100644
--- a/components/camel-oauth/helm/etc/san.cnf
+++ b/components/camel-oauth/helm/etc/san.cnf
@@ -10,7 +10,7 @@ ST = State
L = City
O = Organization
OU = Unit
-CN = keycloak.local
+CN = Camel OAuth
[ v3_req ]
keyUsage = critical, digitalSignature, keyEncipherment
@@ -18,5 +18,6 @@ extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[ alt_names ]
-DNS.1 = keycloak.local
+DNS.1 = cluster.local
+DNS.2 = keycloak.local
IP.1 = 127.0.0.1
diff --git a/components/camel-oauth/helm/Chart.yaml
b/components/camel-oauth/helm/scripts/functions.sh
similarity index 72%
copy from components/camel-oauth/helm/Chart.yaml
copy to components/camel-oauth/helm/scripts/functions.sh
index e455139ac69..a8568d41c99 100644
--- a/components/camel-oauth/helm/Chart.yaml
+++ b/components/camel-oauth/helm/scripts/functions.sh
@@ -15,7 +15,20 @@
# limitations under the License.
#
-apiVersion: v2
-name: platform-http-chart
-description: A Helm chart to deploy Keycloak
-version: 0.1.0
\ No newline at end of file
+
+wait_for_url() {
+ URL=$1
+ MSG=$2
+
+ if [[ $URL == https* ]]; then
+ CMD="curl -k -sL -o /dev/null -w %{http_code} $URL"
+ else
+ CMD="curl -sL -o /dev/null -w %{http_code} $URL"
+ fi
+
+ until [ "200" == "`$CMD`" ]
+ do
+ echo "$MSG ($URL)"
+ sleep 2
+ done
+}
diff --git a/components/camel-oauth/helm/scripts/simple_kafka_config.sh
b/components/camel-oauth/helm/scripts/simple_kafka_config.sh
new file mode 100644
index 00000000000..c724e62694a
--- /dev/null
+++ b/components/camel-oauth/helm/scripts/simple_kafka_config.sh
@@ -0,0 +1,120 @@
+#!/bin/bash
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+
+declare -A props
+
+to_property_name() {
+ key=$1
+ echo ${key:6} | tr _ . | tr [:upper:] [:lower:]
+}
+
+pop_value() {
+ key=$1
+ fallback=$2
+
+ if [ -z ${props[$key]+x} ] ; then
+ echo $fallback
+ else
+ echo ${props[$key]}
+ fi
+ unset props[$key]
+}
+
+#
+# This function allows you to encode as KAFKA_* env vars property names that
contain characters invalid for env var names
+# You can use:
+# KAFKA_LISTENER_NAME_CLIENT_SCRAM__2DSHA__2D256_SASL_JAAS_CONFIG=something
+#
+# Which will first be converted to:
+# KAFKA_LISTENER_NAME_CLIENT_SCRAM%2DSHA%2D256_SASL_JAAS_CONFIG=something
+#
+# And then to:
+# KAFKA_LISTENER_NAME_CLIENT_SCRAM-SHA-256_SASL_JAAS_CONFIG=something
+#
+unescape() {
+ if [[ "$1" != "" ]]; then
+ echo "$1" | sed -e "s@__@\%@g" -e "s@+@ @g;s@%@\\\\x@g" | xargs -0 printf
"%b"
+ fi
+}
+
+unset IFS
+for var in $(compgen -e); do
+ if [[ $var == KAFKA_* ]]; then
+
+ case $var in
+
KAFKA_DEBUG|KAFKA_OPTS|KAFKA_VERSION|KAFKA_HOME|KAFKA_CHECKSUM|KAFKA_LOG4J_OPTS|KAFKA_HEAP_OPTS|KAFKA_JVM_PERFORMANCE_OPTS|KAFKA_GC_LOG_OPTS|KAFKA_JMX_OPTS)
;;
+ *)
+ props[$(to_property_name $(unescape $var))]=${!var}
+ ;;
+ esac
+ fi
+done
+
+#
+# Generate output
+#
+
+if [[ "$1" == "--kraft" ]]; then
+ #
+ # Output kraft version of server.properties
+ #
+ echo "#"
+ echo "# strimzi.properties (kraft)"
+ echo "#"
+
+ echo process.roles=`pop_value process.roles broker,controller`
+ echo node.id=`pop_value node.id 1`
+ echo log.dirs=`pop_value log.dirs /tmp/kraft-combined-logs`
+
+elif [[ "$1" == "" ]]; then
+ echo "#"
+ echo "# strimzi.properties"
+ echo "#"
+
+ echo broker.id=`pop_value broker.id 0`
+ echo log.dirs=`pop_value log.dirs /tmp/kafka-logs`
+ echo group.initial.rebalance.delay.ms=`pop_value
group.initial.rebalance.delay.ms 0`
+else
+ echo "Unsupported argument: $1"
+ exit 1
+fi
+
+echo num.network.threads=`pop_value num.network.threads 3`
+echo num.io.threads=`pop_value num.io.threads 8`
+echo socket.send.buffer.bytes=`pop_value socket.send.buffer.bytes 102400`
+echo socket.receive.buffer.bytes=`pop_value socket.receive.buffer.bytes 102400`
+echo socket.request.max.bytes=`pop_value socket.request.max.bytes 104857600`
+echo num.partitions=`pop_value num.partitions 1`
+echo num.recovery.threads.per.data.dir=`pop_value
num.recovery.threads.per.data.dir 1`
+echo offsets.topic.replication.factor=`pop_value
offsets.topic.replication.factor 1`
+echo transaction.state.log.replication.factor=`pop_value
transaction.state.log.replication.factor 1`
+echo transaction.state.log.min.isr=`pop_value transaction.state.log.min.isr 1`
+echo log.retention.hours=`pop_value log.retention.hours 168`
+echo log.segment.bytes=`pop_value log.segment.bytes 1073741824`
+echo log.retention.check.interval.ms=`pop_value
log.retention.check.interval.ms 300000`
+
+#
+# Add what remains of KAFKA_* env vars
+#
+for K in "${!props[@]}"
+do
+ echo $K=`pop_value $K`
+done
+
+echo
diff --git a/components/camel-oauth/helm/scripts/start.sh
b/components/camel-oauth/helm/scripts/start.sh
new file mode 100644
index 00000000000..7995bd11849
--- /dev/null
+++ b/components/camel-oauth/helm/scripts/start.sh
@@ -0,0 +1,42 @@
+#!/bin/bash
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+set -e
+
+# Get the directory where the start.sh script is located
+SCRIPT_DIR=$(dirname "$(realpath "$0")")
+
+# source ${SCRIPT_DIR}/functions.sh
+
+if [ "$SERVER_PROPERTIES_FILE" == "" ]; then
+ echo "Generating a new strimzi.properties file using ENV vars"
+ ${SCRIPT_DIR}/simple_kafka_config.sh $1 | tee /tmp/strimzi.properties
+else
+ echo "Using provided server.properties file: $SERVER_PROPERTIES_FILE"
+ cp $SERVER_PROPERTIES_FILE /tmp/strimzi.properties
+fi
+
+if [[ "$1" == "--kraft" ]]; then
+ KAFKA_CLUSTER_ID="$(/opt/kafka/bin/kafka-storage.sh random-uuid)"
+ /opt/kafka/bin/kafka-storage.sh format -t $KAFKA_CLUSTER_ID -c
/tmp/strimzi.properties
+fi
+
+# add Strimzi kafka-oauth-* jars and their dependencies to classpath
+# export CLASSPATH="/opt/kafka/libs/strimzi/*:$CLASSPATH"
+
+exec /opt/kafka/bin/kafka-server-start.sh /tmp/strimzi.properties
diff --git a/components/camel-oauth/helm/templates/kafka.yaml
b/components/camel-oauth/helm/templates/kafka.yaml
new file mode 100644
index 00000000000..1da36e56fdc
--- /dev/null
+++ b/components/camel-oauth/helm/templates/kafka.yaml
@@ -0,0 +1,176 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+{{- with .Values.deployments.kafka }}
+---
+
+# Kafka Scripts ConfigMap
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: kafka-scripts
+data:
+ functions.sh: |-
+ {{- $.Files.Get "scripts/functions.sh" | nindent 4 }}
+ simple_kafka_config.sh: |-
+ {{- $.Files.Get "scripts/simple_kafka_config.sh" | nindent 4 }}
+ start.sh: |-
+ {{- $.Files.Get "scripts/start.sh" | nindent 4 }}
+
+# Kafka Deployment
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: kafka
+ labels:
+ app.kubernetes.io/name: kafka
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: kafka
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/name: kafka
+ spec:
+ initContainers:
+ - name: kafka-init
+ image: busybox
+ command: ["sh", "-c", "cp /tmp/kafka/scripts/* /opt/kafka/scripts/
&& chmod +x /opt/kafka/scripts/*.sh"]
+ volumeMounts:
+ - name: kafka-scripts-configmap
+ mountPath: /tmp/kafka/scripts
+ - name: kafka-scripts
+ mountPath: /opt/kafka/scripts
+ containers:
+ - name: kafka
+ image: quay.io/strimzi/kafka:latest-kafka-3.9.0
+ command: [ "/opt/kafka/scripts/start.sh", "--kraft" ]
+ ports:
+ - containerPort: 9091
+ - containerPort: 9092
+ - containerPort: 9093
+ - containerPort: 9094
+ env:
+ # KRaft settings
+ - name: KAFKA_NODE_ID
+ value: "0"
+ - name: KAFKA_PROCESS_ROLES
+ value: "broker,controller"
+ - name: KAFKA_CONTROLLER_QUORUM_VOTERS
+ value: "0@kafka:9091"
+
+ # Listeners & Security
+ - name: KAFKA_LISTENERS
+ value:
"CONTROLLER://:9091,INTERNPLAIN://:9092,INTERNSECURE://:9093,EXTERNSECURE://:9194"
+ - name: KAFKA_ADVERTISED_LISTENERS
+ value:
"INTERNPLAIN://:9092,INTERNSECURE://kafka:9093,EXTERNSECURE://127.0.0.1:{{
$.Values.kafkaNodePort }}"
+ - name: KAFKA_LISTENER_SECURITY_PROTOCOL_MAP
+ value:
"CONTROLLER:PLAINTEXT,INTERNPLAIN:PLAINTEXT,INTERNSECURE:SASL_PLAINTEXT,EXTERNSECURE:SASL_PLAINTEXT"
+ - name: KAFKA_CONTROLLER_LISTENER_NAMES
+ value: "CONTROLLER"
+ - name: KAFKA_INTER_BROKER_LISTENER_NAME
+ value: "INTERNPLAIN"
+
+ - name: KAFKA_LISTENER_NAME_INTERNSECURE_SASL_ENABLED_MECHANISMS
+ value: "OAUTHBEARER"
+ - name: KAFKA_LISTENER_NAME_EXTERNSECURE_SASL_ENABLED_MECHANISMS
+ value: "OAUTHBEARER"
+
+ - name:
KAFKA_LISTENER_NAME_INTERNSECURE_OAUTHBEARER_SASL_JAAS_CONFIG
+ value: |-
+
org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required
+
oauth.jwks.endpoint.uri="http://keycloak.local/kc/realms/camel/protocol/openid-connect/certs";
+
oauth.token.endpoint.uri="http://keycloak.local/kc/realms/camel/protocol/openid-connect/token";
+ oauth.check.issuer=false
+ unsecuredLoginStringClaim_sub="unused";
+ - name:
KAFKA_LISTENER_NAME_EXTERNSECURE_OAUTHBEARER_SASL_JAAS_CONFIG
+ value: |-
+
org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required
+
oauth.jwks.endpoint.uri="http://keycloak.local/kc/realms/camel/protocol/openid-connect/certs";
+
oauth.token.endpoint.uri="http://keycloak.local/kc/realms/camel/protocol/openid-connect/token";
+ oauth.check.issuer=false
+ unsecuredLoginStringClaim_sub="unused";
+
+ - name:
KAFKA_LISTENER_NAME_INTERNSECURE_OAUTHBEARER_SASL_SERVER_CALLBACK_HANDLER_CLASS
+ value:
"io.strimzi.kafka.oauth.server.JaasServerOauthValidatorCallbackHandler"
+ - name:
KAFKA_LISTENER_NAME_EXTERNSECURE_OAUTHBEARER_SASL_SERVER_CALLBACK_HANDLER_CLASS
+ value:
"io.strimzi.kafka.oauth.server.JaasServerOauthValidatorCallbackHandler"
+
+ - name: KAFKA_PRINCIPAL_BUILDER_CLASS
+ value: "io.strimzi.kafka.oauth.server.OAuthKafkaPrincipalBuilder"
+
+ volumeMounts:
+ - name: kafka-logs
+ mountPath: /opt/kafka/logs
+ - name: kafka-scripts
+ mountPath: /opt/kafka/scripts
+ securityContext:
+ runAsUser: 1001 # The UID of the kafka user
+ runAsGroup: 0 # The GID of the root group (since kafka is in
root group)
+ volumes:
+ - name: kafka-scripts-configmap
+ configMap:
+ name: kafka-scripts
+ - name: kafka-logs
+ emptyDir: {}
+ - name: kafka-scripts
+ emptyDir: {}
+
+# Kafka Internal Services
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: kafka
+ labels:
+ app.kubernetes.io/name: kafka
+spec:
+ ports:
+ - name: ctrl
+ port: 9091
+ targetPort: 9091
+ - name: plain
+ port: 9092
+ targetPort: 9092
+ - name: secure
+ port: 9093
+ targetPort: 9093
+ selector:
+ app.kubernetes.io/name: kafka
+
+# Kafka External Services
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: kafka-extern
+ labels:
+ app.kubernetes.io/name: kafka-extern
+spec:
+ type: NodePort
+ ports:
+ - port: 9094
+ targetPort: 9094
+ nodePort: {{ $.Values.kafkaNodePort }}
+ selector:
+ app.kubernetes.io/name: kafka
+---
+{{- end }}
diff --git a/components/camel-oauth/helm/templates/keycloak.yaml
b/components/camel-oauth/helm/templates/keycloak.yaml
index 94ffd0c57c4..3dbcc32a6e7 100644
--- a/components/camel-oauth/helm/templates/keycloak.yaml
+++ b/components/camel-oauth/helm/templates/keycloak.yaml
@@ -29,25 +29,9 @@ metadata:
app.kubernetes.io/release: {{ $.Release.Name }}
app.kubernetes.io/revision: '{{ $.Release.Revision }}'
data:
- demo-realm.json: |-
+ camel-realm.json: |-
{{- $.Files.Get "etc/camel-realm.json" | nindent 4 }}
-# Keycloak TLS Secret
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: keycloak-tls
- labels:
- app.kubernetes.io/name: keycloak
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/release: {{ $.Release.Name }}
- app.kubernetes.io/revision: '{{ $.Release.Revision }}'
-type: kubernetes.io/tls
-data:
- tls.crt: {{ $.Files.Get "etc/keycloak.crt" | b64enc }}
- tls.key: {{ $.Files.Get "etc/keycloak.key" | b64enc }}
-
# Keycloak Deployment
---
apiVersion: apps/v1
@@ -77,10 +61,11 @@ spec:
image: quay.io/keycloak/keycloak:{{ .version }}
args:
- "start-dev"
- - "--https-port=8443"
- - "--https-certificate-file=/etc/x509/https/tls.crt"
- - "--https-certificate-key-file=/etc/x509/https/tls.key"
- "--import-realm"
+ - "--http-enabled=true"
+ - "--http-relative-path=/kc"
+ - "--proxy-headers=xforwarded"
+ - "--proxy-protocol-enabled=false"
env:
- name: KC_BOOTSTRAP_ADMIN_USERNAME
value: admin
@@ -88,18 +73,11 @@ spec:
value: admin
ports:
- containerPort: 8080
- - containerPort: 8443
volumeMounts:
- - name: keycloak-tls
- mountPath: /etc/x509/https
- readOnly: true
- name: keycloak-realm-config
mountPath: /opt/keycloak/data/import
readOnly: true
volumes:
- - name: keycloak-tls
- secret:
- secretName: keycloak-tls
- name: keycloak-realm-config
configMap:
name: keycloak-realm-config
@@ -113,15 +91,48 @@ metadata:
labels:
app.kubernetes.io/name: keycloak
spec:
- type: NodePort
ports:
- name: http
port: 8080
- nodePort: {{ .nodePortHttp }}
- - name: https
- port: 8443
- nodePort: {{ .nodePortHttps }}
selector:
app.kubernetes.io/name: keycloak
+
+# Keycloak Ingress Http
+#---
+#apiVersion: traefik.io/v1alpha1
+#kind: IngressRoute
+#metadata:
+# name: keycloak-http
+# labels:
+# app.kubernetes.io/name: keycloak-http
+#spec:
+# entryPoints:
+# - web
+# routes:
+# - match: PathPrefix(`/kc`)
+# kind: Rule
+# services:
+# - name: keycloak
+# port: 8080
+
+# Keycloak Ingress Https
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+ name: keycloak-https
+ labels:
+ app.kubernetes.io/name: keycloak-https
+spec:
+ entryPoints:
+ - websecure
+ routes:
+ - match: PathPrefix(`/kc`)
+ kind: Rule
+ services:
+ - name: keycloak
+ port: 8080
+ tls:
+ secretName: traefik-tls
---
{{- end }}
diff --git a/components/camel-oauth/helm/Chart.yaml
b/components/camel-oauth/helm/templates/traefik-secret.yaml
similarity index 62%
copy from components/camel-oauth/helm/Chart.yaml
copy to components/camel-oauth/helm/templates/traefik-secret.yaml
index e455139ac69..9763ed228ae 100644
--- a/components/camel-oauth/helm/Chart.yaml
+++ b/components/camel-oauth/helm/templates/traefik-secret.yaml
@@ -15,7 +15,23 @@
# limitations under the License.
#
-apiVersion: v2
-name: platform-http-chart
-description: A Helm chart to deploy Keycloak
-version: 0.1.0
\ No newline at end of file
+{{- with .Values.deployments.traefik }}
+
+# Traefik TLS Secret
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: traefik-tls
+ labels:
+ app.kubernetes.io/name: traefik
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/release: {{ $.Release.Name }}
+ app.kubernetes.io/revision: '{{ $.Release.Revision }}'
+type: kubernetes.io/tls
+data:
+ tls.crt: {{ $.Files.Get "etc/cluster.crt" | b64enc }}
+ tls.key: {{ $.Files.Get "etc/cluster.key" | b64enc }}
+
+---
+{{- end }}
diff --git a/components/camel-oauth/helm/templates/whoami.yaml
b/components/camel-oauth/helm/templates/whoami.yaml
new file mode 100644
index 00000000000..c4a49b0f14e
--- /dev/null
+++ b/components/camel-oauth/helm/templates/whoami.yaml
@@ -0,0 +1,93 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+{{- with .Values.deployments.whoami }}
+
+# Whoami Deployment
+---
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+ name: whoami
+ labels:
+ app.kubernetes.io/name: whoami
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: whoami
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/name: whoami
+ spec:
+ containers:
+ - name: whoami
+ image: traefik/whoami
+ ports:
+ - containerPort: 80
+
+# Whoami Service
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: whoami
+spec:
+ ports:
+ - name: web
+ port: 80
+ targetPort: 80
+ selector:
+ app.kubernetes.io/name: whoami
+
+# Whoami IngressRoute
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+ name: whoami
+ labels:
+ app.kubernetes.io/name: whoami
+spec:
+ entryPoints:
+ - web
+ - websecure
+ routes:
+ - match: PathPrefix(`/who`)
+ kind: Rule
+ services:
+ - name: whoami
+ port: 80
+ middlewares:
+ - name: strip-prefix-who
+ tls:
+ secretName: traefik-tls
+
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+ name: strip-prefix-who
+ labels:
+ app.kubernetes.io/name: whoami
+spec:
+ stripPrefix:
+ prefixes:
+ - /who
+---
+{{- end }}
diff --git a/components/camel-oauth/helm/Chart.yaml
b/components/camel-oauth/helm/values-kafka.yaml
similarity index 88%
copy from components/camel-oauth/helm/Chart.yaml
copy to components/camel-oauth/helm/values-kafka.yaml
index e455139ac69..eba9e046dfc 100644
--- a/components/camel-oauth/helm/Chart.yaml
+++ b/components/camel-oauth/helm/values-kafka.yaml
@@ -15,7 +15,9 @@
# limitations under the License.
#
-apiVersion: v2
-name: platform-http-chart
-description: A Helm chart to deploy Keycloak
-version: 0.1.0
\ No newline at end of file
+
+kafkaNodePort: 30094
+
+deployments:
+ kafka:
+ name: "kafka"
diff --git a/components/camel-oauth/helm/Chart.yaml
b/components/camel-oauth/helm/values-traefik-secret.yaml
similarity index 88%
copy from components/camel-oauth/helm/Chart.yaml
copy to components/camel-oauth/helm/values-traefik-secret.yaml
index e455139ac69..456168bbbda 100644
--- a/components/camel-oauth/helm/Chart.yaml
+++ b/components/camel-oauth/helm/values-traefik-secret.yaml
@@ -15,7 +15,7 @@
# limitations under the License.
#
-apiVersion: v2
-name: platform-http-chart
-description: A Helm chart to deploy Keycloak
-version: 0.1.0
\ No newline at end of file
+deployments:
+
+ traefik:
+ name: "traefik-secret"
diff --git a/components/camel-oauth/helm/Chart.yaml
b/components/camel-oauth/helm/values-whoami.yaml
similarity index 88%
copy from components/camel-oauth/helm/Chart.yaml
copy to components/camel-oauth/helm/values-whoami.yaml
index e455139ac69..ea21c35fbd4 100644
--- a/components/camel-oauth/helm/Chart.yaml
+++ b/components/camel-oauth/helm/values-whoami.yaml
@@ -15,7 +15,8 @@
# limitations under the License.
#
-apiVersion: v2
-name: platform-http-chart
-description: A Helm chart to deploy Keycloak
-version: 0.1.0
\ No newline at end of file
+deployments:
+
+ whoami:
+ name: "whoami"
+
