launchpad/infra/values/upc-dev/keycloak-values.yaml

ingress:
  hostname: id.forteapps.net

keycloakConfigCli:
  extraEnvVarsSecret: microsoft-idp-credentials
  configuration:
    microsoft-idp.json: |
      {
        "realm": "forte",
        "identityProviders": [
          {
            "alias": "forte-entra",
            "displayName": "Forte Entra",
            "providerId": "microsoft",
            "enabled": true,
            "storeToken": true,
            "trustEmail": true,
            "firstBrokerLoginFlowAlias": "first broker login",
            "config": {
              "clientId": "7995d2b5-b798-4caf-8da6-b00b78bb34d7",
              "clientSecret": "$(env:MS_IDP_CLIENT_SECRET)",
              "defaultScope": "openid email profile User.Read Mail.Send",
              "tenant": "063afd9e-5fcb-48d2-a769-ca31b0f5b443",
              "syncMode": "IMPORT"
            }
          }
        ],
        "identityProviderMappers": [
          {
            "name": "forte-entra-email",
            "identityProviderAlias": "forte-entra",
            "identityProviderMapper": "hardcoded-attribute-idp-mapper",
            "config": {
              "syncMode": "INHERIT",
              "attribute": "emailVerified",
              "attribute.value": "true"
            }
          }
        ],
        "roles": {
          "realm": [
            {
              "name": "default-roles-forte",
              "composites": {
                "client": {
                  "broker": ["read-token"]
                }
              }
            }
          ]
        }
      }