dbildungs-iam-keycloak

automation/dbildungs-iam-keycloak/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
-appVersion: spsh-1307
+appVersion: 0.9.1
 description: A Helm Chart for the dbildungs-iam-keycloak
 name: dbildungs-iam-keycloak
 type: application
-version: 0.0.0-spsh-1307-20241125-1410
+version: 0.9.1

automation/dbildungs-iam-keycloak/dev-realm-spsh.json

@@ -1445,72 +1445,6 @@
           "configure": true,
           "manage": true
         }
-      },
-      {
-        "id": "dd986a17-44c7-4ec9-87f6-addf1646ecf0",
-        "clientId": "school-sh",
-        "name": "School-SH",
-        "description": "",
-        "rootUrl": "${KC_SCHOOLSH_CLIENT_ROOT_URL}",
-        "adminUrl": "",
-        "baseUrl": "",
-        "surrogateAuthRequired": false,
-        "enabled": true,
-        "alwaysDisplayInConsole": false,
-        "clientAuthenticatorType": "client-secret",
-        "secret": "${KC_SCHOOLSH_CLIENT_SECRET}",
-        "redirectUris": [
-          "/cgi/samlauth"
-        ],
-        "webOrigins": [
-          "+"
-        ],
-        "notBefore": 0,
-        "bearerOnly": false,
-        "consentRequired": false,
-        "standardFlowEnabled": true,
-        "implicitFlowEnabled": false,
-        "directAccessGrantsEnabled": false,
-        "serviceAccountsEnabled": false,
-        "publicClient": false,
-        "frontchannelLogout": true,
-        "protocol": "saml",
-        "attributes": {
-          "saml.assertion.signature": "true",
-          "saml_assertion_consumer_url_redirect": "${KC_SCHOOLSH_CLIENT_ROOT_URL}/cgi/samlauth",
-          "saml_single_logout_service_url_post": "${KC_SCHOOLSH_CLIENT_ROOT_URL}/cgi/tmlogout",
-          "saml.force.post.binding": "true",
-          "saml.encrypt": "true",
-          "saml_assertion_consumer_url_post": "${KC_SCHOOLSH_CLIENT_ROOT_URL}/cgi/samlauth",
-          "saml.server.signature": "true",
-          "saml.server.signature.keyinfo.ext": "false",
-          "saml.signing.certificate": "${KC_SCHOOLSH_CLIENT_SIGNING_CERTIFICATE}",
-          "saml_single_logout_service_url_redirect": "${KC_SCHOOLSH_CLIENT_ROOT_URL}/cgi/tmlogout",
-          "saml.artifact.binding": "false",
-          "saml.signature.algorithm": "RSA_SHA256",
-          "saml_force_name_id_format": "false",
-          "saml.client.signature": "true",
-          "saml.encryption.certificate": "${KC_SCHOOLSH_CLIENT_ENCRYPTION_CERTIFICATE}",
-          "saml.authnstatement": "true",
-          "display.on.consent.screen": "false",
-          "saml_name_id_format": "username",
-          "saml.allow.ecp.flow": "false",
-          "saml_signature_canonicalization_method": "http://www.w3.org/2001/10/xml-exc-c14n#",
-          "saml.onetimeuse.condition": "false",
-          "saml.server.signature.keyinfo.xmlSigKeyInfoKeyNameTransformer": "NONE"
-        },
-        "authenticationFlowBindingOverrides": {},
-        "fullScopeAllowed": true,
-        "nodeReRegistrationTimeout": -1,
-        "defaultClientScopes": [
-          "role_list"
-        ],
-        "optionalClientScopes": [],
-        "access": {
-          "view": true,
-          "configure": true,
-          "manage": true
-        }
       }
     ],
     "clientScopes": [
@@ -2192,27 +2126,12 @@
         },
         {
           "id": "d47622d7-8d04-4d38-b7f0-d80eb182f80d",
-          "name": "rsa",
-          "providerId": "rsa",
+          "name": "rsa-generated",
+          "providerId": "rsa-generated",
           "subComponents": {},
           "config": {
-            "privateKey": [
-              "${KC_RS256_PRIVATE_KEY}"
-            ],
-            "certificate": [
-              "${KC_RS256_CERTIFICATE}"
-            ],
-            "active": [
-              "true"
-            ],
-            "enabled": [
-              "true"
-            ],
             "priority": [
               "100"
-            ],
-            "algorithm": [
-              "RS256"
             ]
           }
         },

automation/dbildungs-iam-keycloak/prod-realm-spsh.json

@@ -1282,72 +1282,6 @@
           "configure": true,
           "manage": true
         }
-      },
-      {
-        "id": "dd986a17-44c7-4ec9-87f6-addf1646ecf0",
-        "clientId": "school-sh",
-        "name": "School-SH",
-        "description": "",
-        "rootUrl": "${KC_SCHOOLSH_CLIENT_ROOT_URL}",
-        "adminUrl": "",
-        "baseUrl": "",
-        "surrogateAuthRequired": false,
-        "enabled": true,
-        "alwaysDisplayInConsole": false,
-        "clientAuthenticatorType": "client-secret",
-        "secret": "${KC_SCHOOLSH_CLIENT_SECRET}",
-        "redirectUris": [
-          "/cgi/samlauth"
-        ],
-        "webOrigins": [
-          "+"
-        ],
-        "notBefore": 0,
-        "bearerOnly": false,
-        "consentRequired": false,
-        "standardFlowEnabled": true,
-        "implicitFlowEnabled": false,
-        "directAccessGrantsEnabled": false,
-        "serviceAccountsEnabled": false,
-        "publicClient": false,
-        "frontchannelLogout": true,
-        "protocol": "saml",
-        "attributes": {
-          "saml.assertion.signature": "true",
-          "saml_assertion_consumer_url_redirect": "${KC_SCHOOLSH_CLIENT_ROOT_URL}/cgi/samlauth",
-          "saml_single_logout_service_url_post": "${KC_SCHOOLSH_CLIENT_ROOT_URL}/cgi/tmlogout",
-          "saml.force.post.binding": "true",
-          "saml.encrypt": "true",
-          "saml_assertion_consumer_url_post": "${KC_SCHOOLSH_CLIENT_ROOT_URL}/cgi/samlauth",
-          "saml.server.signature": "true",
-          "saml.server.signature.keyinfo.ext": "false",
-          "saml.signing.certificate": "${KC_SCHOOLSH_CLIENT_SIGNING_CERTIFICATE}",
-          "saml_single_logout_service_url_redirect": "${KC_SCHOOLSH_CLIENT_ROOT_URL}/cgi/tmlogout",
-          "saml.artifact.binding": "false",
-          "saml.signature.algorithm": "RSA_SHA256",
-          "saml_force_name_id_format": "false",
-          "saml.client.signature": "true",
-          "saml.encryption.certificate": "${KC_SCHOOLSH_CLIENT_ENCRYPTION_CERTIFICATE}",
-          "saml.authnstatement": "true",
-          "display.on.consent.screen": "false",
-          "saml_name_id_format": "username",
-          "saml.allow.ecp.flow": "false",
-          "saml_signature_canonicalization_method": "http://www.w3.org/2001/10/xml-exc-c14n#",
-          "saml.onetimeuse.condition": "false",
-          "saml.server.signature.keyinfo.xmlSigKeyInfoKeyNameTransformer": "NONE"
-        },
-        "authenticationFlowBindingOverrides": {},
-        "fullScopeAllowed": true,
-        "nodeReRegistrationTimeout": -1,
-        "defaultClientScopes": [
-          "role_list"
-        ],
-        "optionalClientScopes": [],
-        "access": {
-          "view": true,
-          "configure": true,
-          "manage": true
-        }
       }
     ],
     "clientScopes": [
@@ -2029,27 +1963,12 @@
         },
         {
           "id": "d47622d7-8d04-4d38-b7f0-d80eb182f80d",
-          "name": "rsa",
-          "providerId": "rsa",
+          "name": "rsa-generated",
+          "providerId": "rsa-generated",
           "subComponents": {},
           "config": {
-            "privateKey": [
-              "${KC_RS256_PRIVATE_KEY}"
-            ],
-            "certificate": [
-              "${KC_RS256_CERTIFICATE}"
-            ],
-            "active": [
-              "true"
-            ],
-            "enabled": [
-              "true"
-            ],
             "priority": [
               "100"
-            ],
-            "algorithm": [
-              "RS256"
             ]
           }
         },

automation/dbildungs-iam-keycloak/templates/configmap.yaml

@@ -11,6 +11,5 @@ data:
   KC_ROOT_URL: "https://{{ .Values.frontendHostname }}"
   KC_PROXY: "edge"
   KEYCLOAK_ADMIN: admin
-  KC_SCHOOLSH_CLIENT_ROOT_URL: "{{ .Values.schoolsh.rootUrl }}"
   KC_HTTP_MANAGEMENT_PORT: "8090"
   STATUS_URL: "{{ .Values.status.url }}"

automation/dbildungs-iam-keycloak/templates/deployment.yaml

@@ -70,16 +70,6 @@ spec:
                 secretKeyRef:
                   name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
                   key: db-password
-            - name: KC_RS256_PRIVATE_KEY
-              valueFrom:
-                secretKeyRef:
-                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
-                  key: keycloak-rs256-privateKey
-            - name: KC_RS256_CERTIFICATE
-              valueFrom:
-                secretKeyRef:
-                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
-                  key: keycloak-rs256-certificate
             - name: KC_CLIENT_SECRET
               valueFrom:
                 secretKeyRef:
@@ -137,21 +127,6 @@ spec:
                   key: keycloak-nextcloud-clientSecret
             - name: KC_DB_URL
               value: "jdbc:postgresql://$(DB_HOST)/$(DB_NAME)"
-            - name: KC_SCHOOLSH_CLIENT_SECRET
-              valueFrom:
-                secretKeyRef:
-                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
-                  key: keycloak-schoolsh-clientSecret
-            - name: KC_SCHOOLSH_CLIENT_SIGNING_CERTIFICATE
-              valueFrom:
-                secretKeyRef:
-                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
-                  key: keycloak-schoolsh-signingCertificate
-            - name: KC_SCHOOLSH_CLIENT_ENCRYPTION_CERTIFICATE
-              valueFrom:
-                secretKeyRef:
-                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
-                  key: keycloak-schoolsh-encryptionCertificate
             {{- if .Values.extraEnvVars }}
             {{ toYaml .Values.extraEnvVars | nindent 12 }}
             {{- end }}

automation/dbildungs-iam-keycloak/templates/secret.yaml

@@ -9,8 +9,6 @@ data:
   admin-password: {{ .Values.auth.admin_password }}
   db-host: {{ .Values.database.host }}
   db-password: {{ .Values.database.password }}
-  keycloak-rs256-privateKey: {{ .Values.auth.keycloak_rs256_privateKey }}
-  keycloak-rs256-certificate: {{ .Values.auth.keycloak_rs256_certificate }}
   keycloak-adminSecret: {{ .Values.auth.keycloak_adminSecret }}
   keycloak-clientSecret: {{ .Values.auth.keycloak_clientSecret }}
   keycloak-itslearning-clientSecret: {{ .Values.auth.keycloak_itslearning_clientSecret }}
@@ -22,8 +20,5 @@ data:
   pi-user-realm: {{ .Values.auth.pi_user_realm }}
   keycloak-nextcloud-clientId: {{ .Values.auth.keycloak_nextcloud_clientId }}
   keycloak-nextcloud-clientSecret: {{ .Values.auth.keycloak_nextcloud_clientSecret }}
-  keycloak-schoolsh-clientSecret: {{ .Values.auth.keycloak_schoolsh_clientSecret }}
-  keycloak-schoolsh-signingCertificate: {{ .Values.auth.keycloak_schoolsh_signingCertificate }}
-  keycloak-schoolsh-encryptionCertificate: {{ .Values.auth.keycloak_schoolsh_encryptionCertificate }}
 
 {{- end }}

automation/dbildungs-iam-keycloak/values.yaml

@@ -8,17 +8,12 @@ image:
   tag: ""
   pullPolicy: Always
 
-schoolsh:
-  rootUrl: https://school-sh.invalid
-
 auth:
   # existingSecret: Refers to a secret already present in the cluster, which is required for the authentication and configuration of the database setup tasks.
   existingSecret: ""
   secretName: dbildungs-iam-keycloak
   admin_password: ""
   admin_user: ""
-  keycloak_rs256_privateKey: ""
-  keycloak_rs256_certificate: ""
   keycloak_adminSecret: ""
   keycloak_clientSecret: ""
   keycloak_itslearning_clientSecret: ""
@@ -30,10 +25,6 @@ auth:
   pi_admin_password: ""
   pi_user_resolver: ""
   pi_user_realm: ""
-  schoolsh_clientSecret: ""
-  schoolsh_signingCertificate: ""
-  schoolsh_encryptionCertificate: ""
-
 
 command: []