diff --git a/automation/dbildungs-iam-keycloak/Chart.yaml b/automation/dbildungs-iam-keycloak/Chart.yaml index 314741f7b..9ef3e85ce 100644 --- a/automation/dbildungs-iam-keycloak/Chart.yaml +++ b/automation/dbildungs-iam-keycloak/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 -appVersion: spsh-1307 +appVersion: 0.9.1 description: A Helm Chart for the dbildungs-iam-keycloak name: dbildungs-iam-keycloak type: application -version: 0.0.0-spsh-1307-20241125-1410 +version: 0.9.1 diff --git a/automation/dbildungs-iam-keycloak/dev-realm-spsh.json b/automation/dbildungs-iam-keycloak/dev-realm-spsh.json index 6966343a4..dfabf8403 100644 --- a/automation/dbildungs-iam-keycloak/dev-realm-spsh.json +++ b/automation/dbildungs-iam-keycloak/dev-realm-spsh.json @@ -1445,72 +1445,6 @@ "configure": true, "manage": true } - }, - { - "id": "dd986a17-44c7-4ec9-87f6-addf1646ecf0", - "clientId": "school-sh", - "name": "School-SH", - "description": "", - "rootUrl": "${KC_SCHOOLSH_CLIENT_ROOT_URL}", - "adminUrl": "", - "baseUrl": "", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "${KC_SCHOOLSH_CLIENT_SECRET}", - "redirectUris": [ - "/cgi/samlauth" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": true, - "protocol": "saml", - "attributes": { - "saml.assertion.signature": "true", - "saml_assertion_consumer_url_redirect": "${KC_SCHOOLSH_CLIENT_ROOT_URL}/cgi/samlauth", - "saml_single_logout_service_url_post": "${KC_SCHOOLSH_CLIENT_ROOT_URL}/cgi/tmlogout", - "saml.force.post.binding": "true", - "saml.encrypt": "true", - "saml_assertion_consumer_url_post": "${KC_SCHOOLSH_CLIENT_ROOT_URL}/cgi/samlauth", - "saml.server.signature": "true", - "saml.server.signature.keyinfo.ext": "false", - "saml.signing.certificate": "${KC_SCHOOLSH_CLIENT_SIGNING_CERTIFICATE}", - "saml_single_logout_service_url_redirect": "${KC_SCHOOLSH_CLIENT_ROOT_URL}/cgi/tmlogout", - "saml.artifact.binding": "false", - "saml.signature.algorithm": "RSA_SHA256", - "saml_force_name_id_format": "false", - "saml.client.signature": "true", - "saml.encryption.certificate": "${KC_SCHOOLSH_CLIENT_ENCRYPTION_CERTIFICATE}", - "saml.authnstatement": "true", - "display.on.consent.screen": "false", - "saml_name_id_format": "username", - "saml.allow.ecp.flow": "false", - "saml_signature_canonicalization_method": "http://www.w3.org/2001/10/xml-exc-c14n#", - "saml.onetimeuse.condition": "false", - "saml.server.signature.keyinfo.xmlSigKeyInfoKeyNameTransformer": "NONE" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "role_list" - ], - "optionalClientScopes": [], - "access": { - "view": true, - "configure": true, - "manage": true - } } ], "clientScopes": [ @@ -2192,27 +2126,12 @@ }, { "id": "d47622d7-8d04-4d38-b7f0-d80eb182f80d", - "name": "rsa", - "providerId": "rsa", + "name": "rsa-generated", + "providerId": "rsa-generated", "subComponents": {}, "config": { - "privateKey": [ - "${KC_RS256_PRIVATE_KEY}" - ], - "certificate": [ - "${KC_RS256_CERTIFICATE}" - ], - "active": [ - "true" - ], - "enabled": [ - "true" - ], "priority": [ "100" - ], - "algorithm": [ - "RS256" ] } }, diff --git a/automation/dbildungs-iam-keycloak/prod-realm-spsh.json b/automation/dbildungs-iam-keycloak/prod-realm-spsh.json index bed1184b8..88148773c 100644 --- a/automation/dbildungs-iam-keycloak/prod-realm-spsh.json +++ b/automation/dbildungs-iam-keycloak/prod-realm-spsh.json @@ -1282,72 +1282,6 @@ "configure": true, "manage": true } - }, - { - "id": "dd986a17-44c7-4ec9-87f6-addf1646ecf0", - "clientId": "school-sh", - "name": "School-SH", - "description": "", - "rootUrl": "${KC_SCHOOLSH_CLIENT_ROOT_URL}", - "adminUrl": "", - "baseUrl": "", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "${KC_SCHOOLSH_CLIENT_SECRET}", - "redirectUris": [ - "/cgi/samlauth" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": true, - "protocol": "saml", - "attributes": { - "saml.assertion.signature": "true", - "saml_assertion_consumer_url_redirect": "${KC_SCHOOLSH_CLIENT_ROOT_URL}/cgi/samlauth", - "saml_single_logout_service_url_post": "${KC_SCHOOLSH_CLIENT_ROOT_URL}/cgi/tmlogout", - "saml.force.post.binding": "true", - "saml.encrypt": "true", - "saml_assertion_consumer_url_post": "${KC_SCHOOLSH_CLIENT_ROOT_URL}/cgi/samlauth", - "saml.server.signature": "true", - "saml.server.signature.keyinfo.ext": "false", - "saml.signing.certificate": "${KC_SCHOOLSH_CLIENT_SIGNING_CERTIFICATE}", - "saml_single_logout_service_url_redirect": "${KC_SCHOOLSH_CLIENT_ROOT_URL}/cgi/tmlogout", - "saml.artifact.binding": "false", - "saml.signature.algorithm": "RSA_SHA256", - "saml_force_name_id_format": "false", - "saml.client.signature": "true", - "saml.encryption.certificate": "${KC_SCHOOLSH_CLIENT_ENCRYPTION_CERTIFICATE}", - "saml.authnstatement": "true", - "display.on.consent.screen": "false", - "saml_name_id_format": "username", - "saml.allow.ecp.flow": "false", - "saml_signature_canonicalization_method": "http://www.w3.org/2001/10/xml-exc-c14n#", - "saml.onetimeuse.condition": "false", - "saml.server.signature.keyinfo.xmlSigKeyInfoKeyNameTransformer": "NONE" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "role_list" - ], - "optionalClientScopes": [], - "access": { - "view": true, - "configure": true, - "manage": true - } } ], "clientScopes": [ @@ -2029,27 +1963,12 @@ }, { "id": "d47622d7-8d04-4d38-b7f0-d80eb182f80d", - "name": "rsa", - "providerId": "rsa", + "name": "rsa-generated", + "providerId": "rsa-generated", "subComponents": {}, "config": { - "privateKey": [ - "${KC_RS256_PRIVATE_KEY}" - ], - "certificate": [ - "${KC_RS256_CERTIFICATE}" - ], - "active": [ - "true" - ], - "enabled": [ - "true" - ], "priority": [ "100" - ], - "algorithm": [ - "RS256" ] } }, diff --git a/automation/dbildungs-iam-keycloak/templates/configmap.yaml b/automation/dbildungs-iam-keycloak/templates/configmap.yaml index 93b3a9a84..4fbaf3eb2 100644 --- a/automation/dbildungs-iam-keycloak/templates/configmap.yaml +++ b/automation/dbildungs-iam-keycloak/templates/configmap.yaml @@ -11,6 +11,5 @@ data: KC_ROOT_URL: "https://{{ .Values.frontendHostname }}" KC_PROXY: "edge" KEYCLOAK_ADMIN: admin - KC_SCHOOLSH_CLIENT_ROOT_URL: "{{ .Values.schoolsh.rootUrl }}" KC_HTTP_MANAGEMENT_PORT: "8090" STATUS_URL: "{{ .Values.status.url }}" \ No newline at end of file diff --git a/automation/dbildungs-iam-keycloak/templates/deployment.yaml b/automation/dbildungs-iam-keycloak/templates/deployment.yaml index c8f792102..50d66b5f6 100644 --- a/automation/dbildungs-iam-keycloak/templates/deployment.yaml +++ b/automation/dbildungs-iam-keycloak/templates/deployment.yaml @@ -70,16 +70,6 @@ spec: secretKeyRef: name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} key: db-password - - name: KC_RS256_PRIVATE_KEY - valueFrom: - secretKeyRef: - name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} - key: keycloak-rs256-privateKey - - name: KC_RS256_CERTIFICATE - valueFrom: - secretKeyRef: - name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} - key: keycloak-rs256-certificate - name: KC_CLIENT_SECRET valueFrom: secretKeyRef: @@ -137,21 +127,6 @@ spec: key: keycloak-nextcloud-clientSecret - name: KC_DB_URL value: "jdbc:postgresql://$(DB_HOST)/$(DB_NAME)" - - name: KC_SCHOOLSH_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} - key: keycloak-schoolsh-clientSecret - - name: KC_SCHOOLSH_CLIENT_SIGNING_CERTIFICATE - valueFrom: - secretKeyRef: - name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} - key: keycloak-schoolsh-signingCertificate - - name: KC_SCHOOLSH_CLIENT_ENCRYPTION_CERTIFICATE - valueFrom: - secretKeyRef: - name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} - key: keycloak-schoolsh-encryptionCertificate {{- if .Values.extraEnvVars }} {{ toYaml .Values.extraEnvVars | nindent 12 }} {{- end }} diff --git a/automation/dbildungs-iam-keycloak/templates/secret.yaml b/automation/dbildungs-iam-keycloak/templates/secret.yaml index ff11ec5ea..fa32c7e33 100644 --- a/automation/dbildungs-iam-keycloak/templates/secret.yaml +++ b/automation/dbildungs-iam-keycloak/templates/secret.yaml @@ -9,8 +9,6 @@ data: admin-password: {{ .Values.auth.admin_password }} db-host: {{ .Values.database.host }} db-password: {{ .Values.database.password }} - keycloak-rs256-privateKey: {{ .Values.auth.keycloak_rs256_privateKey }} - keycloak-rs256-certificate: {{ .Values.auth.keycloak_rs256_certificate }} keycloak-adminSecret: {{ .Values.auth.keycloak_adminSecret }} keycloak-clientSecret: {{ .Values.auth.keycloak_clientSecret }} keycloak-itslearning-clientSecret: {{ .Values.auth.keycloak_itslearning_clientSecret }} @@ -22,8 +20,5 @@ data: pi-user-realm: {{ .Values.auth.pi_user_realm }} keycloak-nextcloud-clientId: {{ .Values.auth.keycloak_nextcloud_clientId }} keycloak-nextcloud-clientSecret: {{ .Values.auth.keycloak_nextcloud_clientSecret }} - keycloak-schoolsh-clientSecret: {{ .Values.auth.keycloak_schoolsh_clientSecret }} - keycloak-schoolsh-signingCertificate: {{ .Values.auth.keycloak_schoolsh_signingCertificate }} - keycloak-schoolsh-encryptionCertificate: {{ .Values.auth.keycloak_schoolsh_encryptionCertificate }} {{- end }} \ No newline at end of file diff --git a/automation/dbildungs-iam-keycloak/values.yaml b/automation/dbildungs-iam-keycloak/values.yaml index 97efbccb4..86072ca7b 100644 --- a/automation/dbildungs-iam-keycloak/values.yaml +++ b/automation/dbildungs-iam-keycloak/values.yaml @@ -8,17 +8,12 @@ image: tag: "" pullPolicy: Always -schoolsh: - rootUrl: https://school-sh.invalid - auth: # existingSecret: Refers to a secret already present in the cluster, which is required for the authentication and configuration of the database setup tasks. existingSecret: "" secretName: dbildungs-iam-keycloak admin_password: "" admin_user: "" - keycloak_rs256_privateKey: "" - keycloak_rs256_certificate: "" keycloak_adminSecret: "" keycloak_clientSecret: "" keycloak_itslearning_clientSecret: "" @@ -30,10 +25,6 @@ auth: pi_admin_password: "" pi_user_resolver: "" pi_user_realm: "" - schoolsh_clientSecret: "" - schoolsh_signingCertificate: "" - schoolsh_encryptionCertificate: "" - command: []