113 lines
3.5 KiB
YAML
113 lines
3.5 KiB
YAML
ingress:
|
|
hostname: id.forteapps.net
|
|
|
|
extraEnvVars:
|
|
- name: KC_FEATURES
|
|
value: "token-exchange,admin-fine-grained-authz"
|
|
|
|
keycloakConfigCli:
|
|
enabled: true
|
|
extraEnvVars:
|
|
- name: IMPORT_VAR_SUBSTITUTION_ENABLED
|
|
value: "true"
|
|
- name: MS_IDP_CLIENT_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: microsoft-idp-credentials
|
|
key: MS_IDP_CLIENT_SECRET
|
|
configuration:
|
|
microsoft-idp.json: |
|
|
{
|
|
"realm": "forte",
|
|
"authenticationFlows": [
|
|
{
|
|
"alias": "auto-link-first-broker-login",
|
|
"description": "Auto-link IdP accounts to existing users by email",
|
|
"providerId": "basic-flow",
|
|
"topLevel": true,
|
|
"builtIn": false,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "idp-create-user-if-unique",
|
|
"authenticatorFlow": false,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 10
|
|
},
|
|
{
|
|
"authenticator": "idp-auto-link",
|
|
"authenticatorFlow": false,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 20
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"identityProviders": [
|
|
{
|
|
"alias": "forte-entra",
|
|
"displayName": "Forte Entra",
|
|
"providerId": "microsoft",
|
|
"enabled": true,
|
|
"trustEmail": true,
|
|
"firstBrokerLoginFlowAlias": "auto-link-first-broker-login",
|
|
"config": {
|
|
"clientId": "7995d2b5-b798-4caf-8da6-b00b78bb34d7",
|
|
"clientSecret": "$(env:MS_IDP_CLIENT_SECRET)",
|
|
"defaultScope": "openid email profile",
|
|
"tenantId": "063afd9e-5fcb-48d2-a769-ca31b0f5b443",
|
|
"syncMode": "IMPORT"
|
|
}
|
|
},
|
|
{
|
|
"alias": "forte-entra-graph",
|
|
"displayName": "Forte Entra (Graph)",
|
|
"providerId": "microsoft",
|
|
"enabled": true,
|
|
"storeToken": true,
|
|
"trustEmail": true,
|
|
"firstBrokerLoginFlowAlias": "auto-link-first-broker-login",
|
|
"config": {
|
|
"clientId": "7995d2b5-b798-4caf-8da6-b00b78bb34d7",
|
|
"clientSecret": "$(env:MS_IDP_CLIENT_SECRET)",
|
|
"defaultScope": "openid email profile User.Read Mail.Send",
|
|
"tenantId": "063afd9e-5fcb-48d2-a769-ca31b0f5b443",
|
|
"syncMode": "IMPORT"
|
|
}
|
|
}
|
|
],
|
|
"identityProviderMappers": [
|
|
{
|
|
"name": "forte-entra-email",
|
|
"identityProviderAlias": "forte-entra",
|
|
"identityProviderMapper": "hardcoded-attribute-idp-mapper",
|
|
"config": {
|
|
"syncMode": "INHERIT",
|
|
"attribute": "emailVerified",
|
|
"attribute.value": "true"
|
|
}
|
|
},
|
|
{
|
|
"name": "forte-entra-graph-email",
|
|
"identityProviderAlias": "forte-entra-graph",
|
|
"identityProviderMapper": "hardcoded-attribute-idp-mapper",
|
|
"config": {
|
|
"syncMode": "INHERIT",
|
|
"attribute": "emailVerified",
|
|
"attribute.value": "true"
|
|
}
|
|
}
|
|
],
|
|
"roles": {
|
|
"realm": [
|
|
{
|
|
"name": "default-roles-forte",
|
|
"composites": {
|
|
"client": {
|
|
"broker": ["read-token"]
|
|
}
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|