From bd478478f100f51d75aabd4e70a38386f245265f Mon Sep 17 00:00:00 2001 From: Danijel Simeunovic Date: Thu, 14 May 2026 20:40:44 +0200 Subject: [PATCH] fix attemt --- infra/values/base/gitea-values.yaml | 1 - infra/values/base/keycloak-values.yaml | 59 +++++++++++++++++++++++--- 2 files changed, 52 insertions(+), 8 deletions(-) diff --git a/infra/values/base/gitea-values.yaml b/infra/values/base/gitea-values.yaml index 2bc7fbb..e322a4b 100644 --- a/infra/values/base/gitea-values.yaml +++ b/infra/values/base/gitea-values.yaml @@ -41,7 +41,6 @@ gitea: oauth2: ENABLED: true ENABLE_AUTO_REGISTRATION: true - ACCOUNT_LINKING: auto USERNAME: email session: diff --git a/infra/values/base/keycloak-values.yaml b/infra/values/base/keycloak-values.yaml index 5e5432e..7b47834 100644 --- a/infra/values/base/keycloak-values.yaml +++ b/infra/values/base/keycloak-values.yaml @@ -55,12 +55,12 @@ postgresql: size: 8Gi keycloakConfigCli: - extraEnvVars: - - name: IMPORT_MANAGED_PROTOCOL_MAPPER - value: "no-delete" enabled: true image: repository: bitnamilegacy/keycloak-config-cli + extraEnvVars: + - name: IMPORT_MANAGED_PROTOCOL_MAPPER + value: "no-delete" configuration: forte-realm.json: | { @@ -75,7 +75,7 @@ keycloakConfigCli: "clients": [ { "clientId": "gitea", - "name": "Forte Git", + "name": "Gitea", "enabled": true, "protocol": "openid-connect", "clientAuthenticatorType": "client-secret", @@ -90,7 +90,22 @@ keycloakConfigCli: "k8s.secret.name": "gitea-oidc-credentials", "k8s.secret.client-id-key": "key", "k8s.secret.client-secret-key": "secret" - } + }, + "protocolMappers": [ + { + "name": "email_verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-hardcoded-claim-mapper", + "config": { + "claim.name": "email_verified", + "claim.value": "true", + "jsonType.label": "boolean", + "id.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + } + ] }, { "clientId": "grafana", @@ -109,7 +124,23 @@ keycloakConfigCli: "k8s.secret.name": "grafana-oidc-credentials", "k8s.secret.client-id-key": "client-id", "k8s.secret.client-secret-key": "client-secret" - } + }, + "protocolMappers": [ + { + "name": "client-roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-client-role-mapper", + "config": { + "claim.name": "resource_access.grafana.roles", + "jsonType.label": "String", + "multivalued": "true", + "usermodel.clientRoleMapping.clientId": "grafana", + "id.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + } + ] }, { "clientId": "argocd", @@ -128,7 +159,21 @@ keycloakConfigCli: "k8s.secret.name": "argocd-oidc-credentials", "k8s.secret.client-id-key": "client-id", "k8s.secret.client-secret-key": "client-secret" - } + }, + "protocolMappers": [ + { + "name": "groups", + "protocol": "openid-connect", + "protocolMapper": "oidc-group-membership-mapper", + "config": { + "claim.name": "groups", + "full.path": "false", + "id.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + } + ] } ], "groups": [