diff --git a/bridgehead b/bridgehead index 2cd24891..0d861105 100755 --- a/bridgehead +++ b/bridgehead @@ -53,6 +53,9 @@ case "$PROJECT" in minimal) #nothing extra to do ;; + ovis) + #nothing extra to do + ;; *) printUsage exit 1 @@ -179,6 +182,10 @@ case "$ACTION" in ;; enroll) loadVars + if [ "${REQUIRES_BEAM:-true}" != "true" ]; then + log "ERROR" "$PROJECT does not require Samply.Beam enrollment." + exit 1 + fi do_enroll $PROXY_ID ;; preRun | preUpdate) diff --git a/lib/functions.sh b/lib/functions.sh index 520d86aa..268434e2 100644 --- a/lib/functions.sh +++ b/lib/functions.sh @@ -54,7 +54,7 @@ checkOwner(){ printUsage() { echo "Usage: bridgehead start|stop|logs|docker-logs|is-running|update|check|install|uninstall|adduser|enroll PROJECTNAME" - echo "PROJECTNAME should be one of ccp|bbmri|cce|itcc|kr|dhki|nngm" + echo "PROJECTNAME should be one of ccp|bbmri|cce|pscc|itcc|kr|dhki|nngm|minimal|ovis" } checkRequirements() { diff --git a/lib/install-bridgehead.sh b/lib/install-bridgehead.sh index f7121537..97c88331 100755 --- a/lib/install-bridgehead.sh +++ b/lib/install-bridgehead.sh @@ -75,7 +75,9 @@ log "INFO" "Enabling auto-updates for bridgehead@${PROJECT}.service ..." systemctl enable --now bridgehead-update@"${PROJECT}".timer STR="\n\n systemctl start bridgehead@${PROJECT}.service\n\nor by rebooting your machine." -if [ -e /etc/bridgehead/pki/${SITE_ID}.priv.pem ]; then +if [ "${REQUIRES_BEAM:-true}" != "true" ]; then + STR="Success. This project does not require Samply.Beam enrollment. Start your bridgehead by running$STR" +elif [ -e /etc/bridgehead/pki/${SITE_ID}.priv.pem ]; then STR="Success. Next, start your bridgehead by running$STR" else STR="Success. Next, enroll into the $PROJECT broker by creating a cryptographic certificate. To do so, run\n\n /srv/docker/bridgehead/bridgehead enroll $PROJECT\n\nThen, you may start the bridgehead by running$STR" diff --git a/lib/prepare-system.sh b/lib/prepare-system.sh index 6ff4eb73..af1acb00 100755 --- a/lib/prepare-system.sh +++ b/lib/prepare-system.sh @@ -76,9 +76,12 @@ case "$PROJECT" in minimal) site_configuration_repository_middle="git.verbis.dkfz.de/minimal-bridgehead-configs/" ;; + ovis) + site_configuration_repository_middle="git.verbis.dkfz.de/ovis-sites/" + ;; *) log ERROR "Internal error, this should not happen." - exit 1 + exit 1 ;; esac @@ -115,4 +118,3 @@ chown -R bridgehead:docker /tmp/bridgehead /var/cache/bridgehead chmod -R g+wr /var/cache/bridgehead /tmp/bridgehead log INFO "System preparation is completed and configuration is present." - diff --git a/lib/prerequisites.sh b/lib/prerequisites.sh index 2c1e186e..23f47c6b 100755 --- a/lib/prerequisites.sh +++ b/lib/prerequisites.sh @@ -94,6 +94,10 @@ if [ "${PROJECT}" != "minimal" ]; then fi fi checkPrivKey() { + if [ "${REQUIRES_BEAM:-true}" != "true" ]; then + log INFO "Skipping private key check - $PROJECT does not require Samply.Beam enrollment." + return 0 + fi if [ -e "${CONFIG_DIR}pki/${SITE_ID}.priv.pem" ]; then log INFO "Success - private key found." else diff --git a/ovis/docker-compose.yml b/ovis/docker-compose.yml new file mode 100644 index 00000000..1d0152d3 --- /dev/null +++ b/ovis/docker-compose.yml @@ -0,0 +1,308 @@ +services: + traefik: + container_name: bridgehead-ovis-traefik + + forward_proxy: + container_name: bridgehead-ovis-forward-proxy + + landing: + container_name: bridgehead-ovis-landingpage + environment: + PROJECT: minimal + + ovis-frontend: + image: ${OVIS_GENERAL_IMAGE_NAMESPACE:-thewindmom}/ovis-frontend:${OVIS_IMAGE_TAG:-latest} + container_name: bridgehead-ovis-frontend + environment: + HTTP_PROXY: ${OVIS_HTTP_PROXY:-} + HTTPS_PROXY: ${OVIS_HTTPS_PROXY:-} + NO_PROXY: ${OVIS_NO_PROXY:-} + http_proxy: ${OVIS_HTTP_PROXY:-} + https_proxy: ${OVIS_HTTPS_PROXY:-} + no_proxy: ${OVIS_NO_PROXY:-} + PUBLIC_IMPORT_MODE: ${OVIS_IMPORT_MODE:-demo} + PUBLIC_LDAP_ENABLED: ${PUBLIC_LDAP_ENABLED:-false} + PUBLIC_LOGIN_ENABLED: ${PUBLIC_LOGIN_ENABLED:-false} + OVIS_PUBLIC_BASE_PATH: ${OVIS_PUBLIC_BASE_PATH:-/ovis} + PUBLIC_SYSTEM_START_LANGUAGE: ${PUBLIC_SYSTEM_START_LANGUAGE:-en} + PUBLIC_NAV_PATIENT_COHORT_ENABLED: ${PUBLIC_NAV_PATIENT_COHORT_ENABLED:-true} + PUBLIC_NAV_PATIENT_SINGLE_ENABLED: ${PUBLIC_NAV_PATIENT_SINGLE_ENABLED:-true} + PUBLIC_NAV_DIAGNOSIS_ENABLED: ${PUBLIC_NAV_DIAGNOSIS_ENABLED:-true} + PUBLIC_NAV_TNM_ENABLED: ${PUBLIC_NAV_TNM_ENABLED:-true} + PUBLIC_NAV_THERAPY_GENERAL_ENABLED: ${PUBLIC_NAV_THERAPY_GENERAL_ENABLED:-true} + PUBLIC_NAV_THERAPY_OPERATION_ENABLED: ${PUBLIC_NAV_THERAPY_OPERATION_ENABLED:-true} + PUBLIC_NAV_THERAPY_SYSTEMIC_ENABLED: ${PUBLIC_NAV_THERAPY_SYSTEMIC_ENABLED:-true} + PUBLIC_NAV_THERAPY_RADIATION_ENABLED: ${PUBLIC_NAV_THERAPY_RADIATION_ENABLED:-true} + PUBLIC_NAV_PROGRESS_ENABLED: ${PUBLIC_NAV_PROGRESS_ENABLED:-true} + PUBLIC_NAV_TUMORBOARD_ENABLED: ${PUBLIC_NAV_TUMORBOARD_ENABLED:-true} + PUBLIC_NAV_CONSULTATION_ENABLED: ${PUBLIC_NAV_CONSULTATION_ENABLED:-true} + PUBLIC_NAV_STATUS_ENABLED: ${PUBLIC_NAV_STATUS_ENABLED:-true} + PUBLIC_NAV_SURVIVAL_ENABLED: ${PUBLIC_NAV_SURVIVAL_ENABLED:-true} + PUBLIC_NAV_SUPPLEMENTARY_ENABLED: ${PUBLIC_NAV_SUPPLEMENTARY_ENABLED:-true} + PUBLIC_NAV_MOLECULAR_ENABLED: ${PUBLIC_NAV_MOLECULAR_ENABLED:-true} + PUBLIC_NAV_BIO_MATERIAL_ENABLED: ${PUBLIC_NAV_BIO_MATERIAL_ENABLED:-true} + PUBLIC_NAV_STUDY_ENABLED: ${PUBLIC_NAV_STUDY_ENABLED:-false} + PUBLIC_NAV_USER_MANAGEMENT_ENABLED: ${PUBLIC_NAV_USER_MANAGEMENT_ENABLED:-true} + PUBLIC_SITE_SPECIFIC_TECHNICAL_ADMIN_NAME: ${PUBLIC_SITE_SPECIFIC_TECHNICAL_ADMIN_NAME:-Local Admin} + PUBLIC_SITE_SPECIFIC_TECHNICAL_ADMIN_EMAIL: ${PUBLIC_SITE_SPECIFIC_TECHNICAL_ADMIN_EMAIL:-} + PUBLIC_SITE_SPECIFIC_SHOW_USERAGREEMENT: ${PUBLIC_SITE_SPECIFIC_SHOW_USERAGREEMENT:-false} + PUBLIC_SITE_SPECIFIC_SHOW_IMPRINT: ${PUBLIC_SITE_SPECIFIC_SHOW_IMPRINT:-false} + OVIS_CATALOGUE_UPSTREAM_URL: ${OVIS_CATALOGUE_UPSTREAM_URL:-} + EXPRESS_AUTH_URL: http://express-auth:5000 + EXPRESS_AUTH_USERNAME: ${EXPRESS_AUTH_USERNAME} + EXPRESS_AUTH_PASSWORD: ${EXPRESS_AUTH_PASSWORD} + GRAPHQL_UPSTREAM_URL: http://ovis-backend-apollo:4001/graphql + ORIGIN: ${OVIS_PUBLIC_ORIGIN} + volumes: + - ovis-catalogue-data:/app/dynamic-catalogue:ro + - ${OVIS_CATALOGUE_FILE:-../ovis/runtime/mongodb/ovis-catalogue.json}:/app/static/ovis-catalogue.json:ro + - ${OVIS_SITE_DOWNLOADS_DIR:-../ovis/runtime/downloads}/UserAgreement/ovis_userAgreement_en_template.pdf:/app/static/downloads/ovis_userAgreement_en_template.pdf:ro + - ${OVIS_SITE_DOWNLOADS_DIR:-../ovis/runtime/downloads}/UserAgreement/ovis_userAgreement_de_template.pdf:/app/static/downloads/ovis_userAgreement_de_template.pdf:ro + - ${OVIS_SITE_DOWNLOADS_DIR:-../ovis/runtime/downloads}/Authorization/ovis_authorization_en_template.pdf:/app/static/downloads/ovis_authorization_en_template.pdf:ro + - ${OVIS_SITE_DOWNLOADS_DIR:-../ovis/runtime/downloads}/Authorization/ovis_authorization_de_template.pdf:/app/static/downloads/ovis_authorization_de_template.pdf:ro + depends_on: + ovis-backend-apollo: + condition: service_healthy + labels: + - "traefik.enable=true" + - "traefik.http.routers.ovis-frontend.tls=true" + - "traefik.http.routers.ovis-frontend.rule=PathPrefix(`${OVIS_PUBLIC_BASE_PATH:-/ovis}`)" + - "traefik.http.routers.ovis-frontend.middlewares=ovis-slash-redirect,ovis-frontend-strip" + - "traefik.http.middlewares.ovis-slash-redirect.redirectregex.regex=^https?://([^/]+)${OVIS_PUBLIC_BASE_PATH:-/ovis}$$" + - "traefik.http.middlewares.ovis-slash-redirect.redirectregex.replacement=https://$${1}${OVIS_PUBLIC_BASE_PATH:-/ovis}/" + - "traefik.http.middlewares.ovis-slash-redirect.redirectregex.permanent=true" + - "traefik.http.middlewares.ovis-frontend-strip.stripprefix.prefixes=${OVIS_PUBLIC_BASE_PATH:-/ovis}" + - "traefik.http.services.ovis-frontend.loadbalancer.server.port=5173" + + ovis-backend-apollo: + image: ${OVIS_GENERAL_IMAGE_NAMESPACE:-thewindmom}/ovis-backend-apollo:${OVIS_IMAGE_TAG:-latest} + container_name: bridgehead-ovis-backend + environment: + APOLLO_PORT: ${APOLLO_PORT:-4001} + CREDOS_PORT: ${CREDOS_PORT:-4000} + HTTP_PROXY: ${OVIS_HTTP_PROXY:-} + HTTPS_PROXY: ${OVIS_HTTPS_PROXY:-} + NO_PROXY: ${OVIS_NO_PROXY:-} + http_proxy: ${OVIS_HTTP_PROXY:-} + https_proxy: ${OVIS_HTTPS_PROXY:-} + no_proxy: ${OVIS_NO_PROXY:-} + MONGO_VER: latest + CORS_ORIGIN: "*" + DB: ${DB:-onc_test} + ADDRESS: mongodb://ovis-backend-database-mongodb:27017 + volumes: + - ${OVIS_OPS4_FILE:-../ovis/runtime/mongodb/ops4.mjs}:/ops-data/ops4.mjs:ro + depends_on: + ovis-backend-database-mongodb: + condition: service_started + ovis-backend-mongodb-data-preprocessing: + condition: service_healthy + ovis-backend-data-import: + condition: service_started + healthcheck: + test: ["CMD-SHELL", "test -d /app/node_modules/mongodb"] + interval: 10s + timeout: 5s + retries: 5 + + ovis-backend-database-mongodb: + image: ${OVIS_GENERAL_IMAGE_NAMESPACE:-thewindmom}/ovis-backend-mongodb:${OVIS_IMAGE_TAG:-latest} + container_name: bridgehead-ovis-mongo + environment: + DB: ${DB:-onc_test} + OVIS_ROOT_USERNAME: ${OVIS_ROOT_USERNAME:-ovis-root} + volumes: + - ${OVIS_MONGO_INIT_FILE:-../ovis/runtime/mongodb/initdb.js}:/docker-entrypoint-initdb.d/init.js:ro + - ovis-mongo-db:/data/db + - ovis-mongo-conf:/data/configdb + + ovis-backend-mongodb-data-preprocessing: + image: ${OVIS_GENERAL_IMAGE_NAMESPACE:-thewindmom}/ovis-backend-preprocessor:${OVIS_IMAGE_TAG:-latest} + container_name: bridgehead-ovis-preprocessing + environment: + APOLLO_PORT: ${APOLLO_PORT:-4001} + CREDOS_PORT: ${CREDOS_PORT:-4000} + HTTP_PROXY: ${OVIS_HTTP_PROXY:-} + HTTPS_PROXY: ${OVIS_HTTPS_PROXY:-} + NO_PROXY: ${OVIS_NO_PROXY:-} + http_proxy: ${OVIS_HTTP_PROXY:-} + https_proxy: ${OVIS_HTTPS_PROXY:-} + no_proxy: ${OVIS_NO_PROXY:-} + MONGO_VER: latest + CORS_ORIGIN: "*" + DB: ${DB:-onc_test} + ADDRESS: mongodb://ovis-backend-database-mongodb:27017 + CATALOGUE_PATH: /app/generated/ovis-catalogue.json + PREPROCESSOR_NODE_HEAP_MB: ${PREPROCESSOR_NODE_HEAP_MB:-32768} + OVIS_PREPROC_DECEASED_KEYWORDS: ${OVIS_PREPROC_DECEASED_KEYWORDS:-} + OVIS_PREPROC_REZIDIV_PREFIXES: ${OVIS_PREPROC_REZIDIV_PREFIXES:-} + OVIS_PREPROC_REZIDIV_CANONICAL: ${OVIS_PREPROC_REZIDIV_CANONICAL:-} + OVIS_PREPROC_REZIDIV_LYMPH_STATES: ${OVIS_PREPROC_REZIDIV_LYMPH_STATES:-} + OVIS_PREPROC_PROGRESS_LABELS: ${OVIS_PREPROC_PROGRESS_LABELS:-} + OVIS_PREPROC_COMPLETE_REMISSION_LABELS: ${OVIS_PREPROC_COMPLETE_REMISSION_LABELS:-} + OVIS_PREPROC_RCLASS_SUCCESS: ${OVIS_PREPROC_RCLASS_SUCCESS:-} + OVIS_PREPROC_LOCAL_RSTATE_SUCCESS: ${OVIS_PREPROC_LOCAL_RSTATE_SUCCESS:-} + OVIS_PREPROC_METASTASIS_PREFIXES: ${OVIS_PREPROC_METASTASIS_PREFIXES:-} + OVIS_PREPROC_METASTASIS_SPREAD_VALUES: ${OVIS_PREPROC_METASTASIS_SPREAD_VALUES:-} + OVIS_PREPROC_METASTASIS_STRAT_SYNCHRON: ${OVIS_PREPROC_METASTASIS_STRAT_SYNCHRON:-} + OVIS_PREPROC_METASTASIS_STRAT_NONE: ${OVIS_PREPROC_METASTASIS_STRAT_NONE:-} + OVIS_PREPROC_NULL_STUDY_PHASES: ${OVIS_PREPROC_NULL_STUDY_PHASES:-} + OVIS_PREPROC_PREV_THERAPY_SURGERY: ${OVIS_PREPROC_PREV_THERAPY_SURGERY:-} + OVIS_PREPROC_PREV_THERAPY_SYSTEMIC: ${OVIS_PREPROC_PREV_THERAPY_SYSTEMIC:-} + OVIS_PREPROC_PREV_THERAPY_RADIATION: ${OVIS_PREPROC_PREV_THERAPY_RADIATION:-} + OVIS_PREPROC_PREV_CONSULTATION_NUTRITION: ${OVIS_PREPROC_PREV_CONSULTATION_NUTRITION:-} + OVIS_PREPROC_PREV_CONSULTATION_SOCIAL: ${OVIS_PREPROC_PREV_CONSULTATION_SOCIAL:-} + OVIS_PREPROC_PREV_CONSULTATION_PSYCHO: ${OVIS_PREPROC_PREV_CONSULTATION_PSYCHO:-} + OVIS_PREPROC_PREV_CONSULTATION_GENETIC: ${OVIS_PREPROC_PREV_CONSULTATION_GENETIC:-} + OVIS_PREPROC_TUMORBOARD_PATTERN_PRAE: ${OVIS_PREPROC_TUMORBOARD_PATTERN_PRAE:-} + OVIS_PREPROC_TUMORBOARD_PATTERN_POST: ${OVIS_PREPROC_TUMORBOARD_PATTERN_POST:-} + OVIS_PREPROC_TUMORBOARD_PATTERN_MTB: ${OVIS_PREPROC_TUMORBOARD_PATTERN_MTB:-} + OVIS_PREPROC_ECOG_PREFIX: ${OVIS_PREPROC_ECOG_PREFIX:-} + OVIS_PREPROC_DISTRESS_TYPE: ${OVIS_PREPROC_DISTRESS_TYPE:-} + OVIS_PREPROC_DISTRESS_POSITIVE_VALUES: ${OVIS_PREPROC_DISTRESS_POSITIVE_VALUES:-} + depends_on: + ovis-backend-database-mongodb: + condition: service_started + volumes: + - ovis-catalogue-data:/app/generated + healthcheck: + test: ["CMD-SHELL", "node -e \"require('http').get('http://localhost:9000/health', res => process.exit(res.statusCode===200?0:1)).on('error', () => process.exit(1));\""] + interval: 10s + timeout: 5s + retries: 12 + start_period: 10s + command: ["node", "./Preprocessing/catalogue-service.mjs"] + + ovis-backend-data-import: + image: ${OVIS_DATA_IMPORT_IMAGE:-${OVIS_GENERAL_IMAGE_NAMESPACE:-thewindmom}/ovis-backend-data-import-${OVIS_IMPORT_MODE:-demo}:${OVIS_IMAGE_TAG:-latest}} + container_name: bridgehead-ovis-import + env_file: + - path: ${OVIS_DATA_IMPORT_ENV_FILE:-/etc/bridgehead/ovis.conf} + required: false + environment: + HTTP_PROXY: ${OVIS_HTTP_PROXY:-} + HTTPS_PROXY: ${OVIS_HTTPS_PROXY:-} + NO_PROXY: ${OVIS_NO_PROXY:-} + http_proxy: ${OVIS_HTTP_PROXY:-} + https_proxy: ${OVIS_HTTPS_PROXY:-} + no_proxy: ${OVIS_NO_PROXY:-} + FHIR_SERVER_URL: ${FHIR_SERVER_URL:-} + FHIR_USERNAME: ${FHIR_USERNAME:-} + FHIR_PASSWORD: ${FHIR_PASSWORD:-} + ICD10_FILTER: ${ICD10_FILTER:-} + CREDOS_EXPORT_DIR: /input/CREDOSExportFiles + CREDOS_IMPORTER_NODE_HEAP_MB: ${CREDOS_IMPORTER_NODE_HEAP_MB:-8192} + volumes: + - ${OVIS_CREDOS_EXPORT_DIR:-../ovis/runtime/input/CREDOSExportFiles}:/input/CREDOSExportFiles:ro + depends_on: + ovis-backend-mongodb-data-preprocessing: + condition: service_healthy + + postgres: + image: ghcr.io/baosystems/postgis:13-3.5 + container_name: bridgehead-ovis-postgres + environment: + POSTGRES_DB: ${POSTGRES_DB:-keycloak} + POSTGRES_USER: ${POSTGRES_USER:-ovis_keycloak} + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} + volumes: + - ovis-postgres-data:/var/lib/postgresql/data + + keycloak: + image: ${OVIS_GENERAL_IMAGE_NAMESPACE:-thewindmom}/ovis-keycloak:${OVIS_IMAGE_TAG:-latest} + container_name: bridgehead-ovis-keycloak + environment: + DB_VENDOR: postgres + DB_ADDR: postgres + DB_DATABASE: ${POSTGRES_DB:-keycloak} + DB_USER: ${POSTGRES_USER:-ovis_keycloak} + DB_PASSWORD: ${POSTGRES_PASSWORD} + KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN:-ovis-admin} + KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD} + KEYCLOAK_HOSTNAME: ${OVIS_KEYCLOAK_HOSTNAME} + APP_DOMAIN: ${HOST} + KEYCLOAK_PORT: ${KEYCLOAK_PORT:-8252} + NGINX_PROXY_MODE: "true" + NGINX_SSL_ENABLED: "true" + NGINX_HTTP_PORT: "80" + NGINX_HTTPS_PORT: "443" + PUBLIC_LDAP_ENABLED: ${PUBLIC_LDAP_ENABLED:-false} + LDAP_CERTIFICATE_NAME: ${LDAP_CERTIFICATE_NAME:-} + LDAP_CONNECTION_URL: ${LDAP_CONNECTION_URL:-} + LDAP_BIND_DN: ${LDAP_BIND_DN:-} + LDAP_BIND_CREDENTIAL: ${LDAP_BIND_CREDENTIAL:-} + LDAP_USERS_DN: ${LDAP_USERS_DN:-} + LDAP_EDIT_MODE: ${LDAP_EDIT_MODE:-READ_ONLY} + LDAP_VENDOR: ${LDAP_VENDOR:-} + LDAP_USERNAME_ATTRIBUTE: ${LDAP_USERNAME_ATTRIBUTE:-} + LDAP_RDN_ATTRIBUTE: ${LDAP_RDN_ATTRIBUTE:-} + LDAP_UUID_ATTRIBUTE: ${LDAP_UUID_ATTRIBUTE:-} + LDAP_USER_OBJECT_CLASSES: ${LDAP_USER_OBJECT_CLASSES:-} + LDAP_USER_FILTER: ${LDAP_USER_FILTER:-} + LDAP_SEARCH_SCOPE: ${LDAP_SEARCH_SCOPE:-} + LDAP_READ_TIMEOUT: ${LDAP_READ_TIMEOUT:-} + LDAP_PAGINATION: ${LDAP_PAGINATION:-} + LDAP_REFERRAL: ${LDAP_REFERRAL:-} + LDAP_EMAIL_ATTRIBUTE: ${LDAP_EMAIL_ATTRIBUTE:-} + LDAP_FIRST_NAME_ATTRIBUTE: ${LDAP_FIRST_NAME_ATTRIBUTE:-} + LDAP_LAST_NAME_ATTRIBUTE: ${LDAP_LAST_NAME_ATTRIBUTE:-} + KEYCLOAK_CLIENT_ID: ${KEYCLOAK_CLIENT_ID:-ovis_client} + KEYCLOAK_CLIENT_SECRET: ${KEYCLOAK_CLIENT_SECRET} + KEYCLOAK_ADMIN_CLIENT_ID: ${KEYCLOAK_ADMIN_CLIENT_ID:-admin-cli} + KEYCLOAK_ADMIN_CLIENT_SECRET: ${KEYCLOAK_ADMIN_CLIENT_SECRET} + OVIS_ROOT_USERNAME: ${OVIS_ROOT_USERNAME:-ovis-root} + OVIS_ROOT_PASSWORD: ${OVIS_ROOT_PASSWORD} + KEYCLOAK_HTTP_RELATIVE_PATH: ${KEYCLOAK_HTTP_RELATIVE_PATH:-/ovis/keycloak} + volumes: + - ${OVIS_SITE_CERTS_DIR:-../ovis/runtime/certs}:/etc/keycloak/certs:ro + - ${OVIS_SITE_KEYCLOAK_REALM_FILE:-../ovis/runtime/keycloak/ovis-realm.json}:/realm-base/ovis-realm.json:ro + - ${OVIS_KEYCLOAK_ENTRYPOINT_FILE:-../ovis/runtime/keycloak/keycloak-entrypoint.sh}:/bridgehead-keycloak-entrypoint.sh:ro + entrypoint: ["/bridgehead-keycloak-entrypoint.sh"] + depends_on: + - postgres + labels: + - "traefik.enable=true" + - "traefik.http.routers.ovis-keycloak.tls=true" + - "traefik.http.routers.ovis-keycloak.rule=PathPrefix(`${KEYCLOAK_HTTP_RELATIVE_PATH:-/ovis/keycloak}`)" + - "traefik.http.services.ovis-keycloak.loadbalancer.server.port=8080" + + express-auth: + image: ${OVIS_GENERAL_IMAGE_NAMESPACE:-thewindmom}/ovis-express-auth:${OVIS_IMAGE_TAG:-latest} + container_name: bridgehead-ovis-express-auth + environment: + PORT: "5000" + HTTP_PROXY: ${OVIS_HTTP_PROXY:-} + HTTPS_PROXY: ${OVIS_HTTPS_PROXY:-} + NO_PROXY: ${OVIS_NO_PROXY:-} + http_proxy: ${OVIS_HTTP_PROXY:-} + https_proxy: ${OVIS_HTTPS_PROXY:-} + no_proxy: ${OVIS_NO_PROXY:-} + BASIC_AUTH_USERNAME: ${EXPRESS_AUTH_USERNAME} + BASIC_AUTH_PASSWORD: ${EXPRESS_AUTH_PASSWORD} + KEYCLOAK_URL: http://keycloak:8080${KEYCLOAK_HTTP_RELATIVE_PATH:-/ovis/keycloak} + KEYCLOAK_REALM: ${KEYCLOAK_REALM:-ovis} + KEYCLOAK_CLIENT_ID: ${KEYCLOAK_CLIENT_ID:-ovis_client} + KEYCLOAK_CLIENT_SECRET: ${KEYCLOAK_CLIENT_SECRET} + KEYCLOAK_ADMIN_CLIENT_ID: ${KEYCLOAK_ADMIN_CLIENT_ID:-admin-cli} + KEYCLOAK_ADMIN_CLIENT_SECRET: ${KEYCLOAK_ADMIN_CLIENT_SECRET} + APP_DOMAIN: ${HOST} + FRONTEND_PORT: "443" + NGINX_PROXY_MODE: "true" + NGINX_SSL_ENABLED: "true" + NGINX_HTTP_PORT: "80" + NGINX_HTTPS_PORT: "443" + depends_on: + - keycloak + labels: + - "traefik.enable=true" + - "traefik.http.routers.ovis-express.tls=true" + - "traefik.http.routers.ovis-express.rule=PathPrefix(`${OVIS_PUBLIC_BASE_PATH:-/ovis}/express`)" + - "traefik.http.routers.ovis-express.middlewares=ovis-express-strip" + - "traefik.http.middlewares.ovis-express-strip.stripprefix.prefixes=${OVIS_PUBLIC_BASE_PATH:-/ovis}/express" + - "traefik.http.services.ovis-express.loadbalancer.server.port=5000" + +volumes: + ovis-catalogue-data: + ovis-mongo-db: + ovis-mongo-conf: + ovis-postgres-data: diff --git a/ovis/runtime/downloads/Authorization/ovis_authorization_de_template.pdf b/ovis/runtime/downloads/Authorization/ovis_authorization_de_template.pdf new file mode 100644 index 00000000..8038e4fa Binary files /dev/null and b/ovis/runtime/downloads/Authorization/ovis_authorization_de_template.pdf differ diff --git a/ovis/runtime/downloads/Authorization/ovis_authorization_en_template.pdf b/ovis/runtime/downloads/Authorization/ovis_authorization_en_template.pdf new file mode 100644 index 00000000..31816e4a Binary files /dev/null and b/ovis/runtime/downloads/Authorization/ovis_authorization_en_template.pdf differ diff --git a/ovis/runtime/downloads/UserAgreement/ovis_userAgreement_de_template.pdf b/ovis/runtime/downloads/UserAgreement/ovis_userAgreement_de_template.pdf new file mode 100644 index 00000000..bed89ce7 Binary files /dev/null and b/ovis/runtime/downloads/UserAgreement/ovis_userAgreement_de_template.pdf differ diff --git a/ovis/runtime/downloads/UserAgreement/ovis_userAgreement_en_template.pdf b/ovis/runtime/downloads/UserAgreement/ovis_userAgreement_en_template.pdf new file mode 100644 index 00000000..a21f8e4c Binary files /dev/null and b/ovis/runtime/downloads/UserAgreement/ovis_userAgreement_en_template.pdf differ diff --git a/ovis/runtime/keycloak/keycloak-entrypoint.sh b/ovis/runtime/keycloak/keycloak-entrypoint.sh new file mode 100755 index 00000000..b1355731 --- /dev/null +++ b/ovis/runtime/keycloak/keycloak-entrypoint.sh @@ -0,0 +1,69 @@ +#!/usr/bin/env bash +set -euo pipefail + +IMPORT_DIR="${KEYCLOAK_IMPORT_DIR:-/opt/keycloak/data/import}" +export BASE_REALM="${BASE_REALM:-/realm-base/ovis-realm.json}" +export OUTPUT_REALM="${OUTPUT_REALM:-$IMPORT_DIR/ovis-realm.json}" +KEYCLOAK_HTTP_RELATIVE_PATH="${KEYCLOAK_HTTP_RELATIVE_PATH:-/keycloak}" + +echo "=== Starting OVIS Keycloak bootstrap ===" +echo "Keycloak certificate directory:" +ls -lh /etc/keycloak/certs || true + +mkdir -p "$IMPORT_DIR" + +echo "Building dynamic realm configuration at $OUTPUT_REALM..." +tr -d '\r' < /build-realm.sh \ + | sed 's|OUTPUT_REALM="/import/ovis-realm.json"|OUTPUT_REALM="${OUTPUT_REALM:-/opt/keycloak/data/import/ovis-realm.json}"|' \ + | sh + +if [ -n "${KEYCLOAK_ADMIN_CLIENT_SECRET:-}" ]; then + echo "Updating admin client secret for ${KEYCLOAK_ADMIN_CLIENT_ID:-admin-cli}..." + tmp_realm="${OUTPUT_REALM}.tmp" + sed "/\"clientId\"[[:space:]]*:[[:space:]]*\"${KEYCLOAK_ADMIN_CLIENT_ID:-admin-cli}\"/,/\"secret\"[[:space:]]*:/ s|\"secret\"[[:space:]]*:[[:space:]]*\"[^\"]*\"|\"secret\": \"${KEYCLOAK_ADMIN_CLIENT_SECRET}\"|" "$OUTPUT_REALM" > "$tmp_realm" + mv "$tmp_realm" "$OUTPUT_REALM" +fi + +DB_HOST="${DB_ADDR:-postgres}" +DB_PORT="${DB_PORT:-5432}" +DB_WAIT_SECONDS="${KEYCLOAK_DB_WAIT_SECONDS:-120}" +DB_POLL_INTERVAL="${KEYCLOAK_DB_WAIT_POLL_INTERVAL:-2}" + +echo "Waiting for PostgreSQL at ${DB_HOST}:${DB_PORT} (timeout: ${DB_WAIT_SECONDS}s)..." +elapsed=0 +until timeout 1 bash -c "/dev/null; do + elapsed=$((elapsed + DB_POLL_INTERVAL)) + if [ "$elapsed" -ge "$DB_WAIT_SECONDS" ]; then + echo "ERROR: PostgreSQL did not become reachable within ${DB_WAIT_SECONDS}s" + exit 1 + fi + echo "PostgreSQL not reachable yet (${elapsed}s elapsed); retrying in ${DB_POLL_INTERVAL}s..." + sleep "$DB_POLL_INTERVAL" +done + +echo "Importing Keycloak realm from $IMPORT_DIR..." +/opt/keycloak/bin/kc.sh import --dir "$IMPORT_DIR" --override true + +if [ "${OVIS_KEYCLOAK_USE_IMAGE_CMD:-false}" = "true" ] && [ "$#" -gt 0 ]; then + keycloak_args=("$@") +else + keycloak_hostname="${KEYCLOAK_HOSTNAME:-${APP_DOMAIN:-localhost}}" + keycloak_args=( + start + --http-enabled=true + --proxy-headers=xforwarded + --hostname="$keycloak_hostname" + --hostname-strict=true + --http-relative-path="$KEYCLOAK_HTTP_RELATIVE_PATH" + ) +fi + +if [ "${PUBLIC_LDAP_ENABLED:-}" = "true" ] && [ -n "${LDAP_CERTIFICATE_NAME:-}" ] && [ -f "/etc/keycloak/certs/${LDAP_CERTIFICATE_NAME}" ]; then + echo "LDAP enabled: loading certificate ${LDAP_CERTIFICATE_NAME}" + keycloak_args+=("--truststore-paths=/etc/keycloak/certs/${LDAP_CERTIFICATE_NAME}") +else + echo "LDAP disabled or certificate not found: skipping certificate loading" +fi + +echo "Starting Keycloak..." +exec /opt/keycloak/bin/kc.sh "${keycloak_args[@]}" diff --git a/ovis/runtime/keycloak/ovis-realm.json b/ovis/runtime/keycloak/ovis-realm.json new file mode 100644 index 00000000..fe3294a8 --- /dev/null +++ b/ovis/runtime/keycloak/ovis-realm.json @@ -0,0 +1,2644 @@ +{ + "id": "984c7a18-18be-4eae-b973-9017915507f6", + "realm": "ovis", + "displayName": "", + "displayNameHtml": "", + "notBefore": 0, + "defaultSignatureAlgorithm": "RS256", + "revokeRefreshToken": true, + "refreshTokenMaxReuse": 0, + "accessTokenLifespan": 300, + "accessTokenLifespanForImplicitFlow": 900, + "ssoSessionIdleTimeout": 1800, + "ssoSessionMaxLifespan": 36000, + "ssoSessionIdleTimeoutRememberMe": 0, + "ssoSessionMaxLifespanRememberMe": 0, + "offlineSessionIdleTimeout": 2592000, + "offlineSessionMaxLifespanEnabled": false, + "offlineSessionMaxLifespan": 5184000, + "clientSessionIdleTimeout": 0, + "clientSessionMaxLifespan": 0, + "clientOfflineSessionIdleTimeout": 0, + "clientOfflineSessionMaxLifespan": 0, + "accessCodeLifespan": 60, + "accessCodeLifespanUserAction": 300, + "accessCodeLifespanLogin": 1800, + "actionTokenGeneratedByAdminLifespan": 43200, + "actionTokenGeneratedByUserLifespan": 300, + "oauth2DeviceCodeLifespan": 600, + "oauth2DevicePollingInterval": 5, + "enabled": true, + "sslRequired": "external", + "registrationAllowed": false, + "registrationEmailAsUsername": false, + "rememberMe": false, + "verifyEmail": false, + "loginWithEmailAllowed": true, + "duplicateEmailsAllowed": false, + "resetPasswordAllowed": false, + "editUsernameAllowed": false, + "bruteForceProtected": false, + "permanentLockout": false, + "maxTemporaryLockouts": 0, + "maxFailureWaitSeconds": 900, + "minimumQuickLoginWaitSeconds": 60, + "waitIncrementSeconds": 60, + "quickLoginCheckMilliSeconds": 1000, + "maxDeltaTimeSeconds": 43200, + "failureFactor": 30, + "roles": { + "realm": [ + { + "id": "6910dc82-0f3f-455f-9832-a6ffe7db5498", + "name": "default-roles-ovis", + "description": "${role_default-roles}", + "composite": true, + "composites": { + "realm": [ + "default-roles-ovis", + "offline_access", + "uma_authorization" + ], + "client": { + "ovis_client": [ + "uma_protection" + ], + "account": [ + "manage-account", + "view-profile" + ] + } + }, + "clientRole": false, + "containerId": "984c7a18-18be-4eae-b973-9017915507f6", + "attributes": {} + }, + { + "id": "5a41e881-09bf-459d-bc61-c5f986223590", + "name": "uma_authorization", + "description": "${role_uma_authorization}", + "composite": false, + "clientRole": false, + "containerId": "984c7a18-18be-4eae-b973-9017915507f6", + "attributes": {} + }, + { + "id": "a59e884c-3eaa-415d-ba69-9968c83d03bf", + "name": "offline_access", + "description": "${role_offline-access}", + "composite": false, + "clientRole": false, + "containerId": "984c7a18-18be-4eae-b973-9017915507f6", + "attributes": {} + } + ], + "client": { + "realm-management": [ + { + "id": "982bc3fa-ac4a-4e7f-b73c-22e58a923d06", + "name": "view-identity-providers", + "description": "${role_view-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "10aa1be3-8d6f-4059-b9b7-ca19b7e6e500", + "attributes": {} + }, + { + "id": "76e34db6-95f3-4ea0-9509-452068ebf304", + "name": "realm-admin", + "description": "${role_realm-admin}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "view-identity-providers", + "manage-realm", + "query-realms", + "query-clients", + "manage-users", + "manage-authorization", + "view-authorization", + "view-events", + "view-realm", + "view-users", + "query-users", + "manage-identity-providers", + "impersonation", + "create-client", + "manage-clients", + "view-clients", + "manage-events", + "query-groups" + ] + } + }, + "clientRole": true, + "containerId": "10aa1be3-8d6f-4059-b9b7-ca19b7e6e500", + "attributes": {} + }, + { + "id": "77c3af5d-ef97-48b8-9ef3-7e187f3761f1", + "name": "manage-realm", + "description": "${role_manage-realm}", + "composite": false, + "clientRole": true, + "containerId": "10aa1be3-8d6f-4059-b9b7-ca19b7e6e500", + "attributes": {} + }, + { + "id": "f81ee9cb-7fee-4b91-a9be-c09752e67544", + "name": "query-realms", + "description": "${role_query-realms}", + "composite": false, + "clientRole": true, + "containerId": "10aa1be3-8d6f-4059-b9b7-ca19b7e6e500", + "attributes": {} + }, + { + "id": "98be1697-fa17-4251-b9ee-0af00e56d783", + "name": "manage-users", + "description": "${role_manage-users}", + "composite": false, + "clientRole": true, + "containerId": "10aa1be3-8d6f-4059-b9b7-ca19b7e6e500", + "attributes": {} + }, + { + "id": "2c8be1ea-5fc3-4db7-803e-7a885626d714", + "name": "query-clients", + "description": "${role_query-clients}", + "composite": false, + "clientRole": true, + "containerId": "10aa1be3-8d6f-4059-b9b7-ca19b7e6e500", + "attributes": {} + }, + { + "id": "b6fe9371-ceda-4d0e-9e3e-5ce4c81e1e72", + "name": "manage-authorization", + "description": "${role_manage-authorization}", + "composite": false, + "clientRole": true, + "containerId": "10aa1be3-8d6f-4059-b9b7-ca19b7e6e500", + "attributes": {} + }, + { + "id": "b4ce084b-a457-4479-82c6-55a33ef6e497", + "name": "view-authorization", + "description": "${role_view-authorization}", + "composite": false, + "clientRole": true, + "containerId": "10aa1be3-8d6f-4059-b9b7-ca19b7e6e500", + "attributes": {} + }, + { + "id": "11133085-a408-4c4d-9a09-67a34db373b4", + "name": "view-events", + "description": "${role_view-events}", + "composite": false, + "clientRole": true, + "containerId": "10aa1be3-8d6f-4059-b9b7-ca19b7e6e500", + "attributes": {} + }, + { + "id": "12381f0d-34f2-463c-91d0-e0e3e7cdc568", + "name": "view-realm", + "description": "${role_view-realm}", + "composite": false, + "clientRole": true, + "containerId": "10aa1be3-8d6f-4059-b9b7-ca19b7e6e500", + "attributes": {} + }, + { + "id": "b1734c62-5287-4a41-abad-9ef701012768", + "name": "query-users", + "description": "${role_query-users}", + "composite": false, + "clientRole": true, + "containerId": "10aa1be3-8d6f-4059-b9b7-ca19b7e6e500", + "attributes": {} + }, + { + "id": "0a015fcd-07fb-4628-b062-7fd8f823fc29", + "name": "view-users", + "description": "${role_view-users}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "query-users", + "query-groups" + ] + } + }, + "clientRole": true, + "containerId": "10aa1be3-8d6f-4059-b9b7-ca19b7e6e500", + "attributes": {} + }, + { + "id": "d3358026-f0b2-4ab7-ba92-fc2800800a7c", + "name": "manage-identity-providers", + "description": "${role_manage-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "10aa1be3-8d6f-4059-b9b7-ca19b7e6e500", + "attributes": {} + }, + { + "id": "96306653-e6e5-414b-a82e-0759b35605e5", + "name": "create-client", + "description": "${role_create-client}", + "composite": false, + "clientRole": true, + "containerId": "10aa1be3-8d6f-4059-b9b7-ca19b7e6e500", + "attributes": {} + }, + { + "id": "3faacd3c-0ce5-4847-8a6a-1b47a88476d4", + "name": "impersonation", + "description": "${role_impersonation}", + "composite": false, + "clientRole": true, + "containerId": "10aa1be3-8d6f-4059-b9b7-ca19b7e6e500", + "attributes": {} + }, + { + "id": "c244ec0b-ea48-4c2c-8b39-05a5d97ce739", + "name": "manage-clients", + "description": "${role_manage-clients}", + "composite": false, + "clientRole": true, + "containerId": "10aa1be3-8d6f-4059-b9b7-ca19b7e6e500", + "attributes": {} + }, + { + "id": "89b6983a-ec37-4314-af04-c72ee5080c53", + "name": "view-clients", + "description": "${role_view-clients}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "query-clients" + ] + } + }, + "clientRole": true, + "containerId": "10aa1be3-8d6f-4059-b9b7-ca19b7e6e500", + "attributes": {} + }, + { + "id": "248f6090-dfd4-45f2-871e-9a578b49de90", + "name": "manage-events", + "description": "${role_manage-events}", + "composite": false, + "clientRole": true, + "containerId": "10aa1be3-8d6f-4059-b9b7-ca19b7e6e500", + "attributes": {} + }, + { + "id": "71988386-9d33-413d-882c-7d1be5e974d8", + "name": "query-groups", + "description": "${role_query-groups}", + "composite": false, + "clientRole": true, + "containerId": "10aa1be3-8d6f-4059-b9b7-ca19b7e6e500", + "attributes": {} + } + ], + "ovis_client": [ + { + "id": "8d01206f-a7ec-4644-a065-5c01e70a2812", + "name": "uma_protection", + "composite": false, + "clientRole": true, + "containerId": "fa611acd-f986-430e-9502-2ad036271bcb", + "attributes": {} + } + ], + "security-admin-console": [], + "admin-cli": [], + "account-console": [], + "broker": [ + { + "id": "66b22024-74ca-48f9-a8be-525461c9f65b", + "name": "read-token", + "description": "${role_read-token}", + "composite": false, + "clientRole": true, + "containerId": "cb86a258-e4e6-47a4-840b-95c45c715916", + "attributes": {} + } + ], + "account": [ + { + "id": "b6fde351-9d6c-4b90-9100-57f993107d33", + "name": "delete-account", + "description": "${role_delete-account}", + "composite": false, + "clientRole": true, + "containerId": "ed3645c4-9d0a-4c74-832b-45700213756b", + "attributes": {} + }, + { + "id": "01c56d55-9722-40be-82f0-0fa49fb7e8b7", + "name": "view-consent", + "description": "${role_view-consent}", + "composite": false, + "clientRole": true, + "containerId": "ed3645c4-9d0a-4c74-832b-45700213756b", + "attributes": {} + }, + { + "id": "900a7e69-0ead-46a7-98a7-f8ecf6bb6a35", + "name": "manage-account", + "description": "${role_manage-account}", + "composite": true, + "composites": { + "client": { + "account": [ + "manage-account-links" + ] + } + }, + "clientRole": true, + "containerId": "ed3645c4-9d0a-4c74-832b-45700213756b", + "attributes": {} + }, + { + "id": "aa44871c-5100-4625-967a-c938b8807835", + "name": "view-profile", + "description": "${role_view-profile}", + "composite": false, + "clientRole": true, + "containerId": "ed3645c4-9d0a-4c74-832b-45700213756b", + "attributes": {} + }, + { + "id": "e7e409db-2411-46f3-b610-1375369ba996", + "name": "manage-account-links", + "description": "${role_manage-account-links}", + "composite": false, + "clientRole": true, + "containerId": "ed3645c4-9d0a-4c74-832b-45700213756b", + "attributes": {} + }, + { + "id": "1aeb49fe-67bf-413a-b2af-b6ff96829b9e", + "name": "view-applications", + "description": "${role_view-applications}", + "composite": false, + "clientRole": true, + "containerId": "ed3645c4-9d0a-4c74-832b-45700213756b", + "attributes": {} + }, + { + "id": "3801a4f7-5305-4634-83e7-4ea9d77981e2", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "ed3645c4-9d0a-4c74-832b-45700213756b", + "attributes": {} + }, + { + "id": "e0e3692d-879a-4636-bffb-7e9abddcdb1e", + "name": "manage-consent", + "description": "${role_manage-consent}", + "composite": true, + "composites": { + "client": { + "account": [ + "view-consent" + ] + } + }, + "clientRole": true, + "containerId": "ed3645c4-9d0a-4c74-832b-45700213756b", + "attributes": {} + } + ], + "public-user-cli": [] + } + }, + "groups": [], + "defaultRole": { + "id": "6910dc82-0f3f-455f-9832-a6ffe7db5498", + "name": "default-roles-ovis", + "description": "${role_default-roles}", + "composite": true, + "clientRole": false, + "containerId": "984c7a18-18be-4eae-b973-9017915507f6" + }, + "requiredCredentials": [ + "password" + ], + "otpPolicyType": "totp", + "otpPolicyAlgorithm": "HmacSHA1", + "otpPolicyInitialCounter": 0, + "otpPolicyDigits": 6, + "otpPolicyLookAheadWindow": 1, + "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, + "otpSupportedApplications": [ + "totpAppFreeOTPName", + "totpAppGoogleName", + "totpAppMicrosoftAuthenticatorName" + ], + "localizationTexts": {}, + "webAuthnPolicyRpEntityName": "keycloak", + "webAuthnPolicySignatureAlgorithms": [ + "ES256" + ], + "webAuthnPolicyRpId": "", + "webAuthnPolicyAttestationConveyancePreference": "not specified", + "webAuthnPolicyAuthenticatorAttachment": "not specified", + "webAuthnPolicyRequireResidentKey": "not specified", + "webAuthnPolicyUserVerificationRequirement": "not specified", + "webAuthnPolicyCreateTimeout": 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyAcceptableAaguids": [], + "webAuthnPolicyExtraOrigins": [], + "webAuthnPolicyPasswordlessRpEntityName": "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms": [ + "ES256" + ], + "webAuthnPolicyPasswordlessRpId": "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", + "webAuthnPolicyPasswordlessCreateTimeout": 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyPasswordlessAcceptableAaguids": [], + "webAuthnPolicyPasswordlessExtraOrigins": [], + "users": [ + { + "id": "e8bcb1a5-ef97-4f8a-b7f6-91716295e34b", + "username": "admin", + "firstName": "Admin", + "lastName": "OVis", + "email": "admin@example.com", + "emailVerified": true, + "attributes": { + "ovisFilter": [ + "123456" + ] + }, + "createdTimestamp": 1739977469055, + "enabled": true, + "totp": false, + "credentials": [ + { + "id": "355db3ac-c1ce-4ae9-90e2-e063d8ebbedc", + "type": "password", + "userLabel": "My password", + "createdDate": 1740061491164, + "secretData": "{\"value\":\"bNHo0wVKIXAANsoaJbfQ/ni4x+snFGIxZdyRoSKEobqRKlgyzteor7CG22FbwR/wdLBcIBaHTElhn5ALyMt55Q==\",\"salt\":\"WYsOyGvMA2Yo3E3UpjvZRg==\",\"additionalParameters\":{}}", + "credentialData": "{\"hashIterations\":210000,\"algorithm\":\"pbkdf2-sha512\",\"additionalParameters\":{}}" + } + ], + "disableableCredentialTypes": [], + "requiredActions": [ + "UPDATE_PASSWORD" + ], + "realmRoles": [ + "default-roles-ovis" + ], + "notBefore": 0, + "groups": [] + }, + { + "id": "b3c13194-ed16-47a8-9121-e3d8caf7b14e", + "username": "adrian@cpp.com", + "firstName": "adrian", + "lastName": "estevez", + "email": "adrian@cpp.com", + "emailVerified": true, + "attributes": { + "ovisFilter": [ + "Tryout 1", + "Tryout 2" + ], + "ovis-filter": [ + "Cann see everything", + "Can see nothing" + ], + "OvisFilter": [ + "Tryout 1", + "Tryout 2" + ] + }, + "createdTimestamp": 1740040115974, + "enabled": true, + "totp": false, + "credentials": [ + { + "id": "97b1d279-9fb0-432d-97ec-e02a1954d1bc", + "type": "password", + "userLabel": "My password", + "createdDate": 1740040127370, + "secretData": "{\"value\":\"HwOlkNzmqc7hCXZ/TUT6NZSzVAMW5cNuDHPcZxJdv78z2mnSzlLzKdma/YeKYGqjZuRngVsv+RAaFnW7G81Ngg==\",\"salt\":\"QhXXEYrjvaTL6vz03YVy0g==\",\"additionalParameters\":{}}", + "credentialData": "{\"hashIterations\":210000,\"algorithm\":\"pbkdf2-sha512\",\"additionalParameters\":{}}" + } + ], + "disableableCredentialTypes": [], + "requiredActions": [], + "notBefore": 1740062663, + "groups": [] + }, + { + "id": "3bd29204-6808-47d6-a55c-b81567b6fa8c", + "username": "sample-user", + "firstName": "Sample", + "lastName": "User", + "email": "sample.user@example.org", + "emailVerified": true, + "attributes": { + "ovisFilter": [ + "No Filter" + ] + }, + "createdTimestamp": 1740063654488, + "enabled": true, + "totp": false, + "credentials": [ + { + "id": "9a21a7a0-b1c5-4f67-884e-2e31c27c1de6", + "type": "password", + "userLabel": "My password", + "createdDate": 1740063673764, + "secretData": "{\"value\":\"rloNNFWyrOW7S6EqVr/jKlgLPxKRAhqb5ZGKhScwfDZSKBn5i5oc3+AvrMsVqaO0J5sXwr/y9cSHyWyFvmLIAg==\",\"salt\":\"tHObeTx8s8K75/mz43tJGQ==\",\"additionalParameters\":{}}", + "credentialData": "{\"hashIterations\":210000,\"algorithm\":\"pbkdf2-sha512\",\"additionalParameters\":{}}" + } + ], + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": [ + "default-roles-ovis" + ], + "notBefore": 0, + "groups": [] + }, + { + "id": "b71688ad-6b74-4bcb-9915-faeb77e64490", + "username": "service-account-admin-cli", + "emailVerified": false, + "createdTimestamp": 1740063896107, + "enabled": true, + "totp": false, + "serviceAccountClientId": "admin-cli", + "credentials": [], + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": [ + "default-roles-ovis" + ], + "clientRoles": { + "account": [ + "delete-account", + "manage-account" + ] + }, + "notBefore": 0, + "groups": [] + }, + { + "id": "761a6ba5-51fb-495a-bc86-0b30d625b775", + "username": "service-account-ovis_client", + "emailVerified": false, + "createdTimestamp": 1739987832980, + "enabled": true, + "totp": false, + "serviceAccountClientId": "ovis_client", + "credentials": [], + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": [ + "default-roles-ovis" + ], + "clientRoles": { + "realm-management": [ + "realm-admin" + ], + "ovis_client": [ + "uma_protection" + ] + }, + "notBefore": 0, + "groups": [] + }, + { + "id": "9a963b15-712d-48a3-b6da-f132655ccac3", + "username": "test@mail.com", + "firstName": "Test", + "lastName": "mail", + "email": "test@mail.com", + "emailVerified": true, + "attributes": { + "ovisFilter": [ + "NOT today", + "NOT oncreatedate" + ] + }, + "createdTimestamp": 1740075966847, + "enabled": true, + "totp": false, + "credentials": [ + { + "id": "6bb954aa-4de8-4a30-8122-98ff84cdd069", + "type": "password", + "createdDate": 1740078813982, + "secretData": "{\"value\":\"OMku3LkzxI/bmkHCGKtAZLQu6zOVXAKRCK8ZKiwvPtitvhNMKO4ZxAS32pA5AwUPLBTq32rnZgWUQTsBf8ncVA==\",\"salt\":\"mUjPNv0sgfl9OVPUp1zrBg==\",\"additionalParameters\":{}}", + "credentialData": "{\"hashIterations\":210000,\"algorithm\":\"pbkdf2-sha512\",\"additionalParameters\":{}}" + } + ], + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": [ + "default-roles-ovis" + ], + "notBefore": 0, + "groups": [] + }, + { + "id": "a23cf887-ff49-4344-b8df-d530a9ee9071", + "username": "ovis-root", + "firstName": "OVIS", + "lastName": "Root", + "email": "ovis-root@example.com", + "emailVerified": true, + "attributes": { + "ovisFilter": [ + "All Access" + ] + }, + "createdTimestamp": 1753786576000, + "enabled": true, + "totp": false, + "credentials": [ + { + "type": "password", + "value": "test", + "temporary": false + } + ], + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": [ + "default-roles-ovis" + ], + "notBefore": 0, + "groups": [] + } + ], + "scopeMappings": [ + { + "clientScope": "offline_access", + "roles": [ + "offline_access" + ] + } + ], + "clientScopeMappings": { + "account": [ + { + "client": "account-console", + "roles": [ + "manage-account", + "view-groups" + ] + } + ] + }, + "clients": [ + { + "id": "ed3645c4-9d0a-4c74-832b-45700213756b", + "clientId": "account", + "name": "${client_account}", + "rootUrl": "${authBaseUrl}", + "baseUrl": "/realms/ovis/account/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "/realms/ovis/account/*" + ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "13c0f6d3-b0f6-4faf-842b-5c95e9a4be5b", + "clientId": "account-console", + "name": "${client_account-console}", + "rootUrl": "${authBaseUrl}", + "baseUrl": "/realms/ovis/account/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "/realms/ovis/account/*" + ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+", + "pkce.code.challenge.method": "S256" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "aa253d8d-7b52-4890-8901-dca14dcb65fd", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": {} + } + ], + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "738c6904-bcda-40da-ad55-be8222e518bf", + "clientId": "admin-cli", + "name": "${client_admin-cli}", + "description": "", + "rootUrl": "", + "adminUrl": "", + "baseUrl": "", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "Ke2VjEEpt0phcG1zNyixbXmQmgjR4K3e", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": true, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "oidc.ciba.grant.enabled": "false", + "client.secret.creation.time": "1740063896", + "backchannel.logout.session.required": "true", + "oauth2.device.authorization.grant.enabled": "false", + "display.on.consent.screen": "false", + "backchannel.logout.revoke.offline.tokens": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "9e411e3f-2d0b-4270-a576-7260316512aa", + "name": "Client ID", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "client_id", + "introspection.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "client_id", + "jsonType.label": "String" + } + }, + { + "id": "9d0a456a-f397-4c2d-aa8b-79f71bc22bbd", + "name": "Client Host", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientHost", + "introspection.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientHost", + "jsonType.label": "String" + } + }, + { + "id": "8b10d727-eb9d-4025-a07c-a183718a44d1", + "name": "Client IP Address", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientAddress", + "introspection.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientAddress", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "cb86a258-e4e6-47a4-840b-95c45c715916", + "clientId": "broker", + "name": "${client_broker}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "fa611acd-f986-430e-9502-2ad036271bcb", + "clientId": "ovis_client", + "name": "ovis", + "description": "", + "rootUrl": "", + "adminUrl": "", + "baseUrl": "", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "your-keycloak-client-secret", + "redirectUris": [ + "/*" + ], + "webOrigins": [ + "/*" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": true, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": true, + "authorizationServicesEnabled": true, + "publicClient": false, + "frontchannelLogout": true, + "protocol": "openid-connect", + "attributes": { + "client.secret.creation.time": "1739982650", + "oauth2.device.authorization.grant.enabled": "false", + "backchannel.logout.revoke.offline.tokens": "false", + "use.refresh.tokens": "true", + "oidc.ciba.grant.enabled": "false", + "client.use.lightweight.access.token.enabled": "false", + "backchannel.logout.session.required": "true", + "client_credentials.use_refresh_token": "false", + "tls.client.certificate.bound.access.tokens": "false", + "require.pushed.authorization.requests": "false", + "acr.loa.map": "{}", + "display.on.consent.screen": "false", + "token.response.type.bearer.lower-case": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "protocolMappers": [ + { + "id": "eee24706-8890-49bc-bd4c-39ea5c066052", + "name": "Client IP Address", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientAddress", + "introspection.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientAddress", + "jsonType.label": "String" + } + }, + { + "id": "90d0742d-f4a1-470b-bbe7-d017c2fc0f77", + "name": "Client ID", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "client_id", + "introspection.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "client_id", + "jsonType.label": "String" + } + }, + { + "id": "62ac55d3-42cc-4319-9683-3819d906b439", + "name": "Client Host", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientHost", + "introspection.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientHost", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ], + "authorizationSettings": { + "allowRemoteResourceManagement": true, + "policyEnforcementMode": "ENFORCING", + "resources": [ + { + "name": "Default Resource", + "type": "urn:ovis_client:resources:default", + "ownerManagedAccess": false, + "attributes": {}, + "_id": "c8664a94-a937-4266-9d45-4801248492dd", + "uris": [ + "/*" + ] + } + ], + "policies": [ + { + "id": "564382f0-0410-4e99-97df-fa18e4257e6c", + "name": "Default Policy", + "description": "A policy that grants access only for users within this realm", + "type": "js", + "logic": "POSITIVE", + "decisionStrategy": "AFFIRMATIVE", + "config": { + "code": "// by default, grants any permission associated with this policy\n$evaluation.grant();\n" + } + }, + { + "id": "bada7714-566a-4f04-94d1-e4eeec080009", + "name": "Default Permission", + "description": "A permission that applies to the default resource type", + "type": "resource", + "logic": "POSITIVE", + "decisionStrategy": "UNANIMOUS", + "config": { + "defaultResourceType": "urn:ovis_client:resources:default", + "applyPolicies": "[\"Default Policy\"]" + } + } + ], + "scopes": [], + "decisionStrategy": "UNANIMOUS" + } + }, + { + "id": "6de9ff7f-5fc8-4acf-8f97-32cfdbb9a45d", + "clientId": "public-user-cli", + "name": "", + "description": "", + "rootUrl": "", + "adminUrl": "", + "baseUrl": "", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "/*" + ], + "webOrigins": [ + "/*" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": true, + "protocol": "openid-connect", + "attributes": { + "oidc.ciba.grant.enabled": "false", + "oauth2.device.authorization.grant.enabled": "false", + "display.on.consent.screen": "false", + "backchannel.logout.session.required": "true", + "backchannel.logout.revoke.offline.tokens": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "10aa1be3-8d6f-4059-b9b7-ca19b7e6e500", + "clientId": "realm-management", + "name": "${client_realm-management}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "98945576-9b28-414e-abdd-10033a2f1603", + "clientId": "security-admin-console", + "name": "${client_security-admin-console}", + "rootUrl": "${authAdminUrl}", + "baseUrl": "/admin/ovis/console/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "/admin/ovis/console/*" + ], + "webOrigins": [ + "+" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+", + "pkce.code.challenge.method": "S256" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "62cf7dca-33d1-489c-98ad-69dcd6f3ece3", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + } + ], + "clientScopes": [ + { + "id": "c136d0d2-f31d-4188-b570-a22b9f6aecac", + "name": "offline_access", + "description": "OpenID Connect built-in scope: offline_access", + "protocol": "openid-connect", + "attributes": { + "consent.screen.text": "${offlineAccessScopeConsentText}", + "display.on.consent.screen": "true" + } + }, + { + "id": "d1fdcdaf-09ed-4f08-b038-a9ad960a4ce4", + "name": "microprofile-jwt", + "description": "Microprofile - JWT built-in scope", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "15aa7f99-f0c7-4914-acc2-6549a52ff7c0", + "name": "upn", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "upn", + "jsonType.label": "String" + } + }, + { + "id": "436b787b-cdd3-474e-99a8-7ab30b7358fe", + "name": "groups", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "multivalued": "true", + "user.attribute": "foo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "groups", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "89862b03-5949-4768-81e2-3cfda74cb31f", + "name": "role_list", + "description": "SAML role list", + "protocol": "saml", + "attributes": { + "consent.screen.text": "${samlRoleListScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "3ba25d83-da2a-4a2c-b7dd-dc42cccfef1d", + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", + "consentRequired": false, + "config": { + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" + } + } + ] + }, + { + "id": "2c72ebc5-30e5-41b1-ab82-3375a7a53f30", + "name": "phone", + "description": "OpenID Connect built-in scope: phone", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${phoneScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "36bc55eb-6635-4384-84bd-a910689f5310", + "name": "phone number verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "phoneNumberVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number_verified", + "jsonType.label": "boolean" + } + }, + { + "id": "94b8176c-01ba-4a33-a390-1b5d8fa97996", + "name": "phone number", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "phoneNumber", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "5d60a3e0-62ae-4729-a4c0-07a5962e4e98", + "name": "address", + "description": "OpenID Connect built-in scope: address", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${addressScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "8f4511d6-6275-42bd-9167-47f410bbdc97", + "name": "address", + "protocol": "openid-connect", + "protocolMapper": "oidc-address-mapper", + "consentRequired": false, + "config": { + "user.attribute.formatted": "formatted", + "user.attribute.country": "country", + "introspection.token.claim": "true", + "user.attribute.postal_code": "postal_code", + "userinfo.token.claim": "true", + "user.attribute.street": "street", + "id.token.claim": "true", + "user.attribute.region": "region", + "access.token.claim": "true", + "user.attribute.locality": "locality" + } + } + ] + }, + { + "id": "2d6b34fc-f0fa-49cd-8723-e64b9bf82a38", + "name": "profile", + "description": "OpenID Connect built-in scope: profile", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${profileScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "fd4195b6-ca36-436f-b36c-657504fc211c", + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String" + } + }, + { + "id": "2ed742bf-a9de-4d36-a053-7410702c51b5", + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "introspection.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + }, + { + "id": "f2ee70ba-2b87-41e9-9da9-9ea1eb223b46", + "name": "gender", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "gender", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "gender", + "jsonType.label": "String" + } + }, + { + "id": "db10712b-b5f4-406d-a999-12e58c7ccac9", + "name": "zoneinfo", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "zoneinfo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "zoneinfo", + "jsonType.label": "String" + } + }, + { + "id": "1f23d807-6037-46cd-bcab-7a442d4dc3d4", + "name": "nickname", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "nickname", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "nickname", + "jsonType.label": "String" + } + }, + { + "id": "8a0d59ff-b3be-4f19-be2b-d83a8994584b", + "name": "website", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "website", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "website", + "jsonType.label": "String" + } + }, + { + "id": "ba25398c-75ac-4b43-94c9-e986bbd485c7", + "name": "ovisfilter", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "aggregate.attrs": "true", + "introspection.token.claim": "true", + "multivalued": "true", + "userinfo.token.claim": "true", + "user.attribute": "ovisFilter", + "id.token.claim": "true", + "lightweight.claim": "true", + "access.token.claim": "true", + "claim.name": "ovisFilter", + "jsonType.label": "String" + } + }, + { + "id": "9b416209-99e9-4ecd-bdbb-cb2275bd17e4", + "name": "profile", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "profile", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "profile", + "jsonType.label": "String" + } + }, + { + "id": "0b3ea69f-be22-48f3-baf3-78392214bf6d", + "name": "middle name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "middleName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "middle_name", + "jsonType.label": "String" + } + }, + { + "id": "ac848cb7-9d96-4945-ad26-858455d5f753", + "name": "updated at", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "updatedAt", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "updated_at", + "jsonType.label": "long" + } + }, + { + "id": "2663bf0c-0710-428e-ba8e-7915901c2c10", + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" + } + }, + { + "id": "559a9ec8-f536-44c6-bde1-a41ee0b50c6e", + "name": "picture", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "picture", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "picture", + "jsonType.label": "String" + } + }, + { + "id": "c9b180b2-5429-450f-9480-704ecea3ff2e", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + }, + { + "id": "eece320a-a780-4664-9adb-00f5de54e997", + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" + } + }, + { + "id": "65290387-e276-4c8c-be1c-b234ed236d69", + "name": "birthdate", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "birthdate", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "birthdate", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "bc69fa6c-9d70-4668-b9a2-b30e1303d061", + "name": "web-origins", + "description": "OpenID Connect scope for add allowed web origins to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false", + "consent.screen.text": "" + }, + "protocolMappers": [ + { + "id": "8a815b58-9b2c-4038-bdf6-73250cfcfc08", + "name": "allowed web origins", + "protocol": "openid-connect", + "protocolMapper": "oidc-allowed-origins-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, + { + "id": "2c883197-4dc3-4212-b843-8d61ce05b66e", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "90a36a60-78e3-4777-90f8-94f43a3c95ef", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "introspection.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, + { + "id": "34f00756-4b13-420c-8e96-91d90ef118e0", + "name": "roles", + "description": "OpenID Connect scope for add user roles to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "true", + "consent.screen.text": "${rolesScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "515a72e6-ef25-4a1c-bacc-047b86f02e20", + "name": "realm roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "multivalued": "true", + "user.attribute": "foo", + "access.token.claim": "true", + "claim.name": "realm_access.roles", + "jsonType.label": "String" + } + }, + { + "id": "8b0596c3-9c27-47cd-b639-9c40602cadde", + "name": "client roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-client-role-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "multivalued": "true", + "user.attribute": "foo", + "access.token.claim": "true", + "claim.name": "resource_access.${client_id}.roles", + "jsonType.label": "String" + } + }, + { + "id": "c0998326-8001-40d5-8b41-d08879ca364b", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, + { + "id": "50e6ef9e-69a5-40f5-ae3c-120ce6d2550b", + "name": "email", + "description": "OpenID Connect built-in scope: email", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${emailScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "101aeb5d-9c29-4d4b-96ca-6bb8f10748cd", + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + }, + { + "id": "bfe866a9-3dba-4695-9310-e3280f8f25e0", + "name": "email verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "emailVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email_verified", + "jsonType.label": "boolean" + } + } + ] + } + ], + "defaultDefaultClientScopes": [ + "role_list", + "profile", + "email", + "roles", + "web-origins", + "acr" + ], + "defaultOptionalClientScopes": [ + "offline_access", + "address", + "phone", + "microprofile-jwt" + ], + "browserSecurityHeaders": { + "contentSecurityPolicyReportOnly": "", + "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", + "xRobotsTag": "none", + "xFrameOptions": "SAMEORIGIN", + "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "xXSSProtection": "1; mode=block", + "strictTransportSecurity": "max-age=31536000; includeSubDomains" + }, + "smtpServer": {}, + "eventsEnabled": false, + "eventsListeners": [ + "jboss-logging" + ], + "enabledEventTypes": [], + "adminEventsEnabled": false, + "adminEventsDetailsEnabled": false, + "identityProviders": [], + "identityProviderMappers": [], + "components": { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ + { + "id": "d218d6b2-4cb0-4f86-92a0-36af312babe6", + "name": "Trusted Hosts", + "providerId": "trusted-hosts", + "subType": "anonymous", + "subComponents": {}, + "config": { + "host-sending-registration-request-must-match": [ + "true" + ], + "client-uris-must-match": [ + "true" + ] + } + }, + { + "id": "8b9a1d9c-c341-424e-9b25-788a3a0fae77", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "saml-user-property-mapper", + "oidc-sha256-pairwise-sub-mapper", + "oidc-address-mapper", + "oidc-usermodel-attribute-mapper", + "saml-role-list-mapper", + "saml-user-attribute-mapper", + "oidc-full-name-mapper", + "oidc-usermodel-property-mapper" + ] + } + }, + { + "id": "17dc0d6d-cbaa-4095-a6f6-f163fecaae3d", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } + }, + { + "id": "6d429c08-a08b-475f-baee-3ba3929e9ae7", + "name": "Consent Required", + "providerId": "consent-required", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "94860d86-7650-43a4-964a-f9553858fbbb", + "name": "Max Clients Limit", + "providerId": "max-clients", + "subType": "anonymous", + "subComponents": {}, + "config": { + "max-clients": [ + "200" + ] + } + }, + { + "id": "cb25f17c-5335-4cf4-a0af-727e290bbdda", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } + }, + { + "id": "e6ebe362-58c7-4797-a907-cb8d015cef73", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "d150fbd6-8467-4ff2-81e8-0efbcecde476", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "oidc-usermodel-property-mapper", + "oidc-sha256-pairwise-sub-mapper", + "saml-user-attribute-mapper", + "oidc-address-mapper", + "saml-user-property-mapper", + "saml-role-list-mapper", + "oidc-usermodel-attribute-mapper", + "oidc-full-name-mapper" + ] + } + } + ], + "org.keycloak.userprofile.UserProfileProvider": [ + { + "id": "38372883-d4b7-482c-a840-70c43f391c99", + "providerId": "declarative-user-profile", + "subComponents": {}, + "config": { + "kc.user.profile.config": [ + "{\"attributes\":[{\"name\":\"username\",\"displayName\":\"${username}\",\"validations\":{\"length\":{\"min\":3,\"max\":255},\"username-prohibited-characters\":{},\"up-username-not-idn-homograph\":{}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"email\",\"displayName\":\"${email}\",\"validations\":{\"email\":{},\"length\":{\"max\":255}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"firstName\",\"displayName\":\"${firstName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"lastName\",\"displayName\":\"${lastName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"ovisFilter\",\"displayName\":\"Ovis Filter\",\"validations\":{},\"annotations\":{},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\"]},\"multivalued\":true}],\"groups\":[{\"name\":\"user-metadata\",\"displayHeader\":\"User metadata\",\"displayDescription\":\"Attributes, which refer to user metadata\"}]}" + ] + } + } + ] + }, + "internationalizationEnabled": false, + "supportedLocales": [], + "authenticationFlows": [ + { + "id": "61a4e33b-5cba-4ce1-96f9-dab30289eb0f", + "alias": "Account verification options", + "description": "Method with which to verity the existing account", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-email-verification", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Verify Existing Account by Re-authentication", + "userSetupAllowed": false + } + ] + }, + { + "id": "add7d953-8edc-4f09-bd2a-71f8a0cb4bb7", + "alias": "Browser - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-otp-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "97b6139a-87ec-47c5-82b3-d574e4641e5e", + "alias": "Direct Grant - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "direct-grant-validate-otp", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "da3d754f-2957-4f31-87a2-4470335eea53", + "alias": "First broker login - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-otp-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "a4db55ce-393d-4892-b3ae-c35462929f59", + "alias": "Handle Existing Account", + "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-confirm-link", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Account verification options", + "userSetupAllowed": false + } + ] + }, + { + "id": "61c91fa5-ac37-47d2-9509-ea5174cb2509", + "alias": "Reset - Conditional OTP", + "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-otp", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "5a872414-0627-4e75-b9f0-8c51a44639c8", + "alias": "User creation or linking", + "description": "Flow for the existing/non-existing user alternatives", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorConfig": "create unique user config", + "authenticator": "idp-create-user-if-unique", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Handle Existing Account", + "userSetupAllowed": false + } + ] + }, + { + "id": "3488606c-a8e3-4f48-ae0c-b9051533c600", + "alias": "Verify Existing Account by Re-authentication", + "description": "Reauthentication of existing account", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-username-password-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "First broker login - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "4179d99d-91d2-4582-b7ac-ed9357b42ef4", + "alias": "browser", + "description": "browser based authentication", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-cookie", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-spnego", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "identity-provider-redirector", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 25, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 30, + "autheticatorFlow": true, + "flowAlias": "forms", + "userSetupAllowed": false + } + ] + }, + { + "id": "76011559-4ce2-4f21-9ef2-9514ab59f435", + "alias": "clients", + "description": "Base authentication for clients", + "providerId": "client-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "client-secret", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-jwt", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-secret-jwt", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 30, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-x509", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 40, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "1bd083ae-2440-4089-a442-dfe55fff5c6b", + "alias": "direct grant", + "description": "OpenID Connect Resource Owner Grant", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "direct-grant-validate-username", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "direct-grant-validate-password", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 30, + "autheticatorFlow": true, + "flowAlias": "Direct Grant - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "426ec41c-917e-466a-afea-adf14bff4746", + "alias": "docker auth", + "description": "Used by Docker clients to authenticate against the IDP", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "docker-http-basic-authenticator", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "12e5daf5-25a8-4cd5-8184-d832ed26f57e", + "alias": "first broker login", + "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorConfig": "review profile config", + "authenticator": "idp-review-profile", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "User creation or linking", + "userSetupAllowed": false + } + ] + }, + { + "id": "151f8790-13ce-46fd-9ddb-e0e0ab1ead60", + "alias": "forms", + "description": "Username, password, otp and other auth forms.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-username-password-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Browser - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "e9fc9fc1-deae-4b2e-950c-5e4ea910a428", + "alias": "registration", + "description": "registration flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-page-form", + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": true, + "flowAlias": "registration form", + "userSetupAllowed": false + } + ] + }, + { + "id": "5ef80f36-58e1-42d8-ae62-e5619fecf429", + "alias": "registration form", + "description": "registration form", + "providerId": "form-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-user-creation", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "registration-password-action", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 50, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "registration-recaptcha-action", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 60, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "registration-terms-and-conditions", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 70, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "0eca9d4b-2f0d-46db-91d2-bf7017554532", + "alias": "reset credentials", + "description": "Reset credentials for a user if they forgot their password or something", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "reset-credentials-choose-user", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-credential-email", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-password", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 30, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 40, + "autheticatorFlow": true, + "flowAlias": "Reset - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "036e8960-c40c-441b-97ad-17fe389c343e", + "alias": "saml ecp", + "description": "SAML ECP Profile Authentication Flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "http-basic-authenticator", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + } + ], + "authenticatorConfig": [ + { + "id": "4b818f8a-274d-47a8-83cf-16d50c3db12b", + "alias": "create unique user config", + "config": { + "require.password.update.after.registration": "false" + } + }, + { + "id": "2ad6a741-1f3d-45d5-894c-8e90ca1a27a0", + "alias": "review profile config", + "config": { + "update.profile.on.first.login": "missing" + } + } + ], + "requiredActions": [ + { + "alias": "CONFIGURE_TOTP", + "name": "Configure OTP", + "providerId": "CONFIGURE_TOTP", + "enabled": true, + "defaultAction": false, + "priority": 10, + "config": {} + }, + { + "alias": "TERMS_AND_CONDITIONS", + "name": "Terms and Conditions", + "providerId": "TERMS_AND_CONDITIONS", + "enabled": false, + "defaultAction": false, + "priority": 20, + "config": {} + }, + { + "alias": "UPDATE_PASSWORD", + "name": "Update Password", + "providerId": "UPDATE_PASSWORD", + "enabled": true, + "defaultAction": false, + "priority": 30, + "config": {} + }, + { + "alias": "UPDATE_PROFILE", + "name": "Update Profile", + "providerId": "UPDATE_PROFILE", + "enabled": true, + "defaultAction": false, + "priority": 40, + "config": {} + }, + { + "alias": "VERIFY_EMAIL", + "name": "Verify Email", + "providerId": "VERIFY_EMAIL", + "enabled": true, + "defaultAction": false, + "priority": 50, + "config": {} + }, + { + "alias": "delete_account", + "name": "Delete Account", + "providerId": "delete_account", + "enabled": false, + "defaultAction": false, + "priority": 60, + "config": {} + }, + { + "alias": "webauthn-register", + "name": "Webauthn Register", + "providerId": "webauthn-register", + "enabled": true, + "defaultAction": false, + "priority": 70, + "config": {} + }, + { + "alias": "webauthn-register-passwordless", + "name": "Webauthn Register Passwordless", + "providerId": "webauthn-register-passwordless", + "enabled": true, + "defaultAction": false, + "priority": 80, + "config": {} + }, + { + "alias": "VERIFY_PROFILE", + "name": "Verify Profile", + "providerId": "VERIFY_PROFILE", + "enabled": true, + "defaultAction": false, + "priority": 90, + "config": {} + }, + { + "alias": "delete_credential", + "name": "Delete Credential", + "providerId": "delete_credential", + "enabled": true, + "defaultAction": false, + "priority": 100, + "config": {} + }, + { + "alias": "update_user_locale", + "name": "Update User Locale", + "providerId": "update_user_locale", + "enabled": true, + "defaultAction": false, + "priority": 1000, + "config": {} + } + ], + "browserFlow": "browser", + "registrationFlow": "registration", + "directGrantFlow": "direct grant", + "resetCredentialsFlow": "reset credentials", + "clientAuthenticationFlow": "clients", + "dockerAuthenticationFlow": "docker auth", + "firstBrokerLoginFlow": "first broker login", + "attributes": { + "cibaBackchannelTokenDeliveryMode": "poll", + "cibaAuthRequestedUserHint": "login_hint", + "oauth2DevicePollingInterval": "5", + "clientOfflineSessionMaxLifespan": "0", + "clientSessionIdleTimeout": "0", + "actionTokenGeneratedByUserLifespan.verify-email": "", + "actionTokenGeneratedByUserLifespan.idp-verify-account-via-email": "", + "clientOfflineSessionIdleTimeout": "0", + "actionTokenGeneratedByUserLifespan.execute-actions": "", + "cibaInterval": "5", + "realmReusableOtpCode": "false", + "cibaExpiresIn": "120", + "oauth2DeviceCodeLifespan": "600", + "parRequestUriLifespan": "60", + "clientSessionMaxLifespan": "0", + "frontendUrl": "", + "acr.loa.map": "{}", + "shortVerificationUri": "", + "actionTokenGeneratedByUserLifespan.reset-credentials": "" + }, + "keycloakVersion": "24.0.3", + "userManagedAccessAllowed": false, + "clientProfiles": { + "profiles": [] + }, + "clientPolicies": { + "policies": [] + } +} diff --git a/ovis/runtime/mongodb/initdb.js b/ovis/runtime/mongodb/initdb.js new file mode 100644 index 00000000..c63b4e14 --- /dev/null +++ b/ovis/runtime/mongodb/initdb.js @@ -0,0 +1,18 @@ +const rootUsername = process.env.OVIS_ROOT_USERNAME || 'ovis-root'; +const databaseName = process.env.DB || 'onc_test'; + +db = db.getSiblingDB(databaseName); +db.createCollection('user'); +db.user.insertMany([ + { + _id: rootUsername, + createdAt: new Date(), + createdBy: 'system', + role: 'super-admin', + status: 'active', + pseudonymization: false, + darkMode: false, + colorTheme: 'CCCMunich', + language: 'en' + } +]); diff --git a/ovis/runtime/mongodb/ops4.mjs b/ovis/runtime/mongodb/ops4.mjs new file mode 100644 index 00000000..6158fa02 --- /dev/null +++ b/ovis/runtime/mongodb/ops4.mjs @@ -0,0 +1,990 @@ +export const ops4 = [ + { + OPSC_4: '1-10', + OPS_Gruppen_Text: 'Klinische Untersuchung' + }, + { + OPSC_4: '1-20', + OPS_Gruppen_Text: 'Neurologische Untersuchungen' + }, + { + OPSC_4: '1-21', + OPS_Gruppen_Text: 'Epilepsiediagnostik' + }, + { + OPSC_4: '1-22', + OPS_Gruppen_Text: 'Untersuchungen der Augen' + }, + { + OPSC_4: '1-24', + OPS_Gruppen_Text: 'Untersuchungen im HNO-Bereich' + }, + { + OPSC_4: '1-26', + OPS_Gruppen_Text: 'Untersuchungen der elektrophysiologischen Aktivität des Herzens' + }, + { + OPSC_4: '1-27', + OPS_Gruppen_Text: 'Diagnostische Katheteruntersuchung an Herz und Kreislauf' + }, + { + OPSC_4: '1-31', + OPS_Gruppen_Text: 'Funktionsuntersuchungen des Verdauungstraktes' + }, + { + OPSC_4: '1-33', + OPS_Gruppen_Text: 'Untersuchung des Harntraktes' + }, + { + OPSC_4: '1-40', + OPS_Gruppen_Text: 'Biopsie ohne Inzision an Nervensystem und endokrinen Organen' + }, + { + OPSC_4: '1-41', + OPS_Gruppen_Text: 'Biopsie ohne Inzision an Auge, Ohr, Nase und Haut von Gesicht und Kopf' + }, + { + OPSC_4: '1-42', + OPS_Gruppen_Text: + 'Biopsie ohne Inzision an Mund, Mundhöhle, Larynx, Pharynx und blutbildenden Organen' + }, + { + OPSC_4: '1-43', + OPS_Gruppen_Text: 'Biopsie ohne Inzision an respiratorischen Organen' + }, + { + OPSC_4: '1-44', + OPS_Gruppen_Text: 'Biopsie ohne Inzision an den Verdauungsorganen' + }, + { + OPSC_4: '1-46', + OPS_Gruppen_Text: 'Biopsie ohne Inzision an Harnorganen und männlichen Genitalorganen' + }, + { + OPSC_4: '1-47', + OPS_Gruppen_Text: 'Biopsie ohne Inzision an weiblichen Genitalorganen' + }, + { + OPSC_4: '1-48', + OPS_Gruppen_Text: 'Biopsie ohne Inzision an Knochen und Gelenken' + }, + { + OPSC_4: '1-49', + OPS_Gruppen_Text: 'Biopsie ohne Inzision an anderen Organen und Geweben' + }, + { + OPSC_4: '1-50', + OPS_Gruppen_Text: 'Biopsie an Mamma, Knochen und Muskeln durch Inzision' + }, + { + OPSC_4: '1-51', + OPS_Gruppen_Text: + 'Biopsie an Nervengewebe, Hypophyse, Corpus pineale durch Inzision und Trepanation von Schädelknochen' + }, + { + OPSC_4: '1-52', + OPS_Gruppen_Text: 'Biopsie an Augen und Augenanhangsgebilden durch Inzision' + }, + { + OPSC_4: '1-53', + OPS_Gruppen_Text: 'Biopsie an Ohr und Nase durch Inzision' + }, + { + OPSC_4: '1-54', + OPS_Gruppen_Text: 'Biopsie an Mund, Mundhöhle und Pharynx durch Inzision' + }, + { + OPSC_4: '1-55', + OPS_Gruppen_Text: + 'Biopsie an anderen Verdauungsorganen, Zwerchfell und (Retro-)Peritoneum durch Inzision' + }, + { + OPSC_4: '1-56', + OPS_Gruppen_Text: 'Biopsie an Harnwegen und männlichen Genitalorganen durch Inzision' + }, + { + OPSC_4: '1-57', + OPS_Gruppen_Text: 'Biopsie an weiblichen Genitalorganen durch Inzision' + }, + { + OPSC_4: '1-58', + OPS_Gruppen_Text: 'Biopsie an anderen Organen durch Inzision' + }, + { + OPSC_4: '1-61', + OPS_Gruppen_Text: 'Diagnostische Endoskopie der oberen Atemwege' + }, + { + OPSC_4: '1-62', + OPS_Gruppen_Text: 'Diagnostische Tracheobronchoskopie' + }, + { + OPSC_4: '1-63', + OPS_Gruppen_Text: 'Diagnostische Endoskopie des oberen Verdauungstraktes' + }, + { + OPSC_4: '1-64', + OPS_Gruppen_Text: 'Diagnostische Endoskopie der Gallen- und Pankreaswege' + }, + { + OPSC_4: '1-65', + OPS_Gruppen_Text: 'Diagnostische Endoskopie des unteren Verdauungstraktes' + }, + { + OPSC_4: '1-66', + OPS_Gruppen_Text: 'Diagnostische Endoskopie der Harnwege' + }, + { + OPSC_4: '1-67', + OPS_Gruppen_Text: 'Diagnostische Endoskopie der weiblichen Genitalorgane' + }, + { + OPSC_4: '1-68', + OPS_Gruppen_Text: 'Andere diagnostische Endoskopie' + }, + { + OPSC_4: '1-69', + OPS_Gruppen_Text: 'Diagnostische Endoskopie durch Inzision und intraoperativ' + }, + { + OPSC_4: '1-70', + OPS_Gruppen_Text: 'Provokationstestung' + }, + { + OPSC_4: '1-71', + OPS_Gruppen_Text: 'Pneumologische Funktionsuntersuchungen' + }, + { + OPSC_4: '1-76', + OPS_Gruppen_Text: 'Metabolische Funktionsuntersuchung' + }, + { + OPSC_4: '1-77', + OPS_Gruppen_Text: + 'Palliativmedizinische, geriatrische und frührehabilitative Funktionsuntersuchung' + }, + { + OPSC_4: '1-79', + OPS_Gruppen_Text: 'Physiologische Funktionstests' + }, + { + OPSC_4: '1-84', + OPS_Gruppen_Text: 'Diagnostische Punktion und Aspiration' + }, + { + OPSC_4: '1-85', + OPS_Gruppen_Text: 'Andere diagnostische Punktion und Aspiration' + }, + { + OPSC_4: '1-90', + OPS_Gruppen_Text: + 'Psychosomatische, psychotherapeutische, (neuro-)psychologische, psychosoziale und testpsychologische Untersuchung' + }, + { + OPSC_4: '1-91', + OPS_Gruppen_Text: 'Diagnostik bei chronischen Schmerzzuständen' + }, + { + OPSC_4: '1-92', + OPS_Gruppen_Text: 'Medizinische Evaluation zur Transplantation' + }, + { + OPSC_4: '1-93', + OPS_Gruppen_Text: + 'Infektiologisches Monitoring und molekularbiologisch-mikrobiologische Diagnostik' + }, + { + OPSC_4: '1-94', + OPS_Gruppen_Text: 'Komplexe Diagnostik' + }, + { + OPSC_4: '1-99', + OPS_Gruppen_Text: + 'Andere diagnostische Maßnahmen und Zusatzinformationen zu diagnostischen Maßnahmen' + }, + { + OPSC_4: '3-03', + OPS_Gruppen_Text: + 'Komplexe differenzialdiagnostische Sonographie mit digitaler Bild- und Videodokumentation' + }, + { + OPSC_4: '3-05', + OPS_Gruppen_Text: 'Endosonographie' + }, + { + OPSC_4: '3-10', + OPS_Gruppen_Text: 'Projektionsradiographie mit Spezialverfahren' + }, + { + OPSC_4: '3-13', + OPS_Gruppen_Text: 'Projektionsradiographie mit Kontrastmittelverfahren' + }, + { + OPSC_4: '3-20', + OPS_Gruppen_Text: 'Computertomographie [CT], nativ' + }, + { + OPSC_4: '3-22', + OPS_Gruppen_Text: 'Computertomographie [CT] mit Kontrastmittel' + }, + { + OPSC_4: '3-24', + OPS_Gruppen_Text: 'Computertomographie [CT], Spezialverfahren' + }, + { + OPSC_4: '3-26', + OPS_Gruppen_Text: 'Elektronenstrahltomographie [EBT]' + }, + { + OPSC_4: '3-30', + OPS_Gruppen_Text: 'Optische laserbasierte Verfahren' + }, + { + OPSC_4: '3-31', + OPS_Gruppen_Text: 'Andere optische Verfahren' + }, + { + OPSC_4: '3-60', + OPS_Gruppen_Text: 'Arteriographie' + }, + { + OPSC_4: '3-61', + OPS_Gruppen_Text: 'Phlebographie' + }, + { + OPSC_4: '3-62', + OPS_Gruppen_Text: 'Lymphographie' + }, + { + OPSC_4: '3-69', + OPS_Gruppen_Text: 'Andere Darstellung des Gefäßsystems' + }, + { + OPSC_4: '3-70', + OPS_Gruppen_Text: 'Szintigraphie' + }, + { + OPSC_4: '3-72', + OPS_Gruppen_Text: 'Single-Photon-Emissionscomputertomographie [SPECT]' + }, + { + OPSC_4: '3-73', + OPS_Gruppen_Text: + 'Single-Photon-Emissionscomputertomographie mit Computertomographie [SPECT/CT]' + }, + { + OPSC_4: '3-74', + OPS_Gruppen_Text: 'Positronenemissionstomographie [PET] mit Vollring-Scanner' + }, + { + OPSC_4: '3-75', + OPS_Gruppen_Text: 'Positronenemissionstomographie mit Computertomographie [PET/CT]' + }, + { + OPSC_4: '3-76', + OPS_Gruppen_Text: 'Sondenmessungen und Inkorporationsmessungen' + }, + { + OPSC_4: '3-80', + OPS_Gruppen_Text: 'Magnetresonanztomographie [MRT], nativ' + }, + { + OPSC_4: '3-82', + OPS_Gruppen_Text: 'Magnetresonanztomographie [MRT] mit Kontrastmittel' + }, + { + OPSC_4: '3-84', + OPS_Gruppen_Text: 'Magnetresonanztomographie [MRT], Spezialverfahren' + }, + { + OPSC_4: '3-90', + OPS_Gruppen_Text: 'Andere bildgebende Verfahren' + }, + { + OPSC_4: '3-99', + OPS_Gruppen_Text: 'Zusatzinformationen zu bildgebenden Verfahren' + }, + { + OPSC_4: '5-01', + OPS_Gruppen_Text: + 'Inzision (Trepanation), Exzision und Destruktion an Schädel, Gehirn und Hirnhäuten' + }, + { + OPSC_4: '5-02', + OPS_Gruppen_Text: 'Andere Operationen an Schädel, Gehirn und Hirnhäuten' + }, + { + OPSC_4: '5-03', + OPS_Gruppen_Text: 'Operationen an Rückenmark, Rückenmarkhäuten und Spinalkanal' + }, + { + OPSC_4: '5-04', + OPS_Gruppen_Text: 'Operationen an Nerven und Nervenganglien' + }, + { + OPSC_4: '5-05', + OPS_Gruppen_Text: 'Andere Operationen an Nerven und Nervenganglien' + }, + { + OPSC_4: '5-06', + OPS_Gruppen_Text: 'Operationen an Schilddrüse und Nebenschilddrüse' + }, + { + OPSC_4: '5-07', + OPS_Gruppen_Text: 'Operationen an anderen endokrinen Drüsen' + }, + { + OPSC_4: '5-08', + OPS_Gruppen_Text: 'Operationen an Tränendrüse und Tränenwegen' + }, + { + OPSC_4: '5-09', + OPS_Gruppen_Text: 'Operationen an den Augenlidern' + }, + { + OPSC_4: '5-10', + OPS_Gruppen_Text: 'Operationen an den Augenmuskeln' + }, + { + OPSC_4: '5-11', + OPS_Gruppen_Text: 'Operationen an der Konjunktiva' + }, + { + OPSC_4: '5-12', + OPS_Gruppen_Text: 'Operationen an der Kornea' + }, + { + OPSC_4: '5-13', + OPS_Gruppen_Text: 'Operationen an Iris, Corpus ciliare, vorderer Augenkammer und Sklera' + }, + { + OPSC_4: '5-14', + OPS_Gruppen_Text: 'Operationen an der Linse' + }, + { + OPSC_4: '5-15', + OPS_Gruppen_Text: 'Operationen an Retina, Choroidea und Corpus vitreum' + }, + { + OPSC_4: '5-16', + OPS_Gruppen_Text: 'Operationen an Orbita und Augapfel' + }, + { + OPSC_4: '5-18', + OPS_Gruppen_Text: 'Operationen an Ohrmuschel und äußerem Gehörgang' + }, + { + OPSC_4: '5-19', + OPS_Gruppen_Text: 'Mikrochirurgische Operationen am Mittelohr' + }, + { + OPSC_4: '5-20', + OPS_Gruppen_Text: 'Andere Operationen an Mittel- und Innenohr' + }, + { + OPSC_4: '5-21', + OPS_Gruppen_Text: 'Operationen an der Nase' + }, + { + OPSC_4: '5-22', + OPS_Gruppen_Text: 'Operationen an den Nasennebenhöhlen' + }, + { + OPSC_4: '5-23', + OPS_Gruppen_Text: 'Entfernung und Wiederherstellung von Zähnen' + }, + { + OPSC_4: '5-24', + OPS_Gruppen_Text: 'Operationen an Zahnfleisch, Alveolen und Kiefer' + }, + { + OPSC_4: '5-25', + OPS_Gruppen_Text: 'Operationen an der Zunge' + }, + { + OPSC_4: '5-26', + OPS_Gruppen_Text: 'Operationen an Speicheldrüsen und Speicheldrüsenausführungsgängen' + }, + { + OPSC_4: '5-27', + OPS_Gruppen_Text: 'Andere Operationen an Mund und Gesicht' + }, + { + OPSC_4: '5-28', + OPS_Gruppen_Text: 'Operationen im Bereich des Naso- und Oropharynx' + }, + { + OPSC_4: '5-29', + OPS_Gruppen_Text: 'Operationen am Pharynx' + }, + { + OPSC_4: '5-30', + OPS_Gruppen_Text: 'Exzision und Resektion am Larynx' + }, + { + OPSC_4: '5-31', + OPS_Gruppen_Text: + 'Andere Larynxoperationen und Operationen an der Trachea und Zusatzinformationen zu Operationen an Larynx und Trachea' + }, + { + OPSC_4: '5-32', + OPS_Gruppen_Text: 'Exzision und Resektion an Lunge und Bronchus' + }, + { + OPSC_4: '5-33', + OPS_Gruppen_Text: + 'Andere Operationen an Lunge und Bronchus und Zusatzinformationen zu Operationen an Lunge und Bronchus' + }, + { + OPSC_4: '5-34', + OPS_Gruppen_Text: 'Operationen an Brustwand, Pleura, Mediastinum und Zwerchfell' + }, + { + OPSC_4: '5-35', + OPS_Gruppen_Text: 'Operationen an Klappen und Septen des Herzens und herznaher Gefäße' + }, + { + OPSC_4: '5-36', + OPS_Gruppen_Text: 'Operationen an den Koronargefäßen' + }, + { + OPSC_4: '5-37', + OPS_Gruppen_Text: 'Rhythmuschirurgie und andere Operationen an Herz und Perikard' + }, + { + OPSC_4: '5-38', + OPS_Gruppen_Text: 'Inzision, Exzision und Verschluss von Blutgefäßen' + }, + { + OPSC_4: '5-39', + OPS_Gruppen_Text: + 'Andere Operationen an Blutgefäßen und Zusatzinformationen zu Operationen an Blutgefäßen' + }, + { + OPSC_4: '5-40', + OPS_Gruppen_Text: 'Operationen am Lymphgewebe' + }, + { + OPSC_4: '5-41', + OPS_Gruppen_Text: 'Operationen an Milz und Knochenmark' + }, + { + OPSC_4: '5-42', + OPS_Gruppen_Text: 'Operationen am Ösophagus' + }, + { + OPSC_4: '5-43', + OPS_Gruppen_Text: 'Inzision, Exzision und Resektion am Magen' + }, + { + OPSC_4: '5-44', + OPS_Gruppen_Text: 'Andere Operationen am Magen' + }, + { + OPSC_4: '5-45', + OPS_Gruppen_Text: 'Inzision, Exzision, Resektion und Anastomose an Dünn- und Dickdarm' + }, + { + OPSC_4: '5-46', + OPS_Gruppen_Text: + 'Andere Operationen an Dünn- und Dickdarm und Zusatzinformationen zu Operationen am Darm' + }, + { + OPSC_4: '5-47', + OPS_Gruppen_Text: 'Operationen an der Appendix' + }, + { + OPSC_4: '5-48', + OPS_Gruppen_Text: 'Operationen am Rektum' + }, + { + OPSC_4: '5-49', + OPS_Gruppen_Text: 'Operationen am Anus' + }, + { + OPSC_4: '5-50', + OPS_Gruppen_Text: 'Operationen an der Leber' + }, + { + OPSC_4: '5-51', + OPS_Gruppen_Text: 'Operationen an Gallenblase und Gallenwegen' + }, + { + OPSC_4: '5-52', + OPS_Gruppen_Text: 'Operationen am Pankreas' + }, + { + OPSC_4: '5-53', + OPS_Gruppen_Text: 'Verschluss abdominaler Hernien' + }, + { + OPSC_4: '5-54', + OPS_Gruppen_Text: + 'Andere Operationen in der Bauchregion und Zusatzinformationen zu Operationen am Verdauungstrakt' + }, + { + OPSC_4: '5-55', + OPS_Gruppen_Text: 'Operationen an der Niere' + }, + { + OPSC_4: '5-56', + OPS_Gruppen_Text: 'Operationen am Ureter' + }, + { + OPSC_4: '5-57', + OPS_Gruppen_Text: 'Operationen an der Harnblase' + }, + { + OPSC_4: '5-58', + OPS_Gruppen_Text: 'Operationen an der Urethra' + }, + { + OPSC_4: '5-59', + OPS_Gruppen_Text: 'Andere Operationen an den Harnorganen' + }, + { + OPSC_4: '5-60', + OPS_Gruppen_Text: 'Operationen an Prostata und Vesiculae seminales' + }, + { + OPSC_4: '5-61', + OPS_Gruppen_Text: 'Operationen an Skrotum und Tunica vaginalis testis' + }, + { + OPSC_4: '5-62', + OPS_Gruppen_Text: 'Operationen am Hoden' + }, + { + OPSC_4: '5-63', + OPS_Gruppen_Text: 'Operationen an Funiculus spermaticus, Epididymis und Ductus deferens' + }, + { + OPSC_4: '5-64', + OPS_Gruppen_Text: 'Operationen am Penis' + }, + { + OPSC_4: '5-65', + OPS_Gruppen_Text: 'Operationen am Ovar' + }, + { + OPSC_4: '5-66', + OPS_Gruppen_Text: 'Operationen an der Tuba uterina' + }, + { + OPSC_4: '5-67', + OPS_Gruppen_Text: 'Operationen an der Cervix uteri' + }, + { + OPSC_4: '5-68', + OPS_Gruppen_Text: 'Inzision, Exzision und Exstirpation des Uterus' + }, + { + OPSC_4: '5-69', + OPS_Gruppen_Text: 'Andere Operationen am Uterus und Operationen an den Parametrien' + }, + { + OPSC_4: '5-70', + OPS_Gruppen_Text: 'Operationen an Vagina und Douglasraum' + }, + { + OPSC_4: '5-71', + OPS_Gruppen_Text: 'Operationen an der Vulva' + }, + { + OPSC_4: '5-72', + OPS_Gruppen_Text: 'Entbindung aus Beckenendlage und instrumentelle Entbindung' + }, + { + OPSC_4: '5-73', + OPS_Gruppen_Text: 'Andere Operationen zur Geburtseinleitung und unter der Geburt' + }, + { + OPSC_4: '5-74', + OPS_Gruppen_Text: 'Sectio caesarea und Entwicklung des Kindes' + }, + { + OPSC_4: '5-75', + OPS_Gruppen_Text: 'Andere geburtshilfliche Operationen' + }, + { + OPSC_4: '5-76', + OPS_Gruppen_Text: 'Operationen bei Gesichtsschädelfrakturen' + }, + { + OPSC_4: '5-77', + OPS_Gruppen_Text: 'Andere Operationen an Gesichtsschädelknochen' + }, + { + OPSC_4: '5-78', + OPS_Gruppen_Text: 'Operationen an anderen Knochen' + }, + { + OPSC_4: '5-79', + OPS_Gruppen_Text: 'Reposition von Fraktur und Luxation' + }, + { + OPSC_4: '5-80', + OPS_Gruppen_Text: 'Offen chirurgische und andere Gelenkoperationen' + }, + { + OPSC_4: '5-81', + OPS_Gruppen_Text: 'Arthroskopische Gelenkoperationen' + }, + { + OPSC_4: '5-82', + OPS_Gruppen_Text: 'Endoprothetischer Gelenk- und Knochenersatz' + }, + { + OPSC_4: '5-83', + OPS_Gruppen_Text: 'Operationen an der Wirbelsäule' + }, + { + OPSC_4: '5-84', + OPS_Gruppen_Text: 'Operationen an der Hand' + }, + { + OPSC_4: '5-85', + OPS_Gruppen_Text: 'Operationen an Muskeln, Sehnen, Faszien und Schleimbeuteln' + }, + { + OPSC_4: '5-86', + OPS_Gruppen_Text: + 'Replantation, Exartikulation und Amputation von Extremitäten, andere Operationen an den Bewegungsorganen und Zusatzinformationen zu Operationen an den Bewegungsorganen' + }, + { + OPSC_4: '5-87', + OPS_Gruppen_Text: 'Exzision und Resektion der Mamma' + }, + { + OPSC_4: '5-88', + OPS_Gruppen_Text: 'Andere Operationen an der Mamma' + }, + { + OPSC_4: '5-89', + OPS_Gruppen_Text: 'Operationen an Haut und Unterhaut' + }, + { + OPSC_4: '5-90', + OPS_Gruppen_Text: 'Operative Wiederherstellung und Rekonstruktion von Haut und Unterhaut' + }, + { + OPSC_4: '5-91', + OPS_Gruppen_Text: 'Andere Operationen an Haut und Unterhaut' + }, + { + OPSC_4: '5-92', + OPS_Gruppen_Text: 'Operationen an Haut und Unterhaut bei Verbrennungen und Verätzungen' + }, + { + OPSC_4: '5-93', + OPS_Gruppen_Text: 'Angaben zum Transplantat und zu verwendeten Materialien' + }, + { + OPSC_4: '5-98', + OPS_Gruppen_Text: + 'Spezielle Operationstechniken und Operationen bei speziellen Versorgungssituationen' + }, + { + OPSC_4: '5-99', + OPS_Gruppen_Text: 'Vorzeitiger Abbruch einer Operation' + }, + { + OPSC_4: '6-00', + OPS_Gruppen_Text: 'Applikation von Medikamenten' + }, + { + OPSC_4: '8-01', + OPS_Gruppen_Text: 'Applikation von Medikamenten und Nahrung' + }, + { + OPSC_4: '8-02', + OPS_Gruppen_Text: 'Therapeutische Injektion' + }, + { + OPSC_4: '8-03', + OPS_Gruppen_Text: 'Immuntherapie' + }, + { + OPSC_4: '8-10', + OPS_Gruppen_Text: 'Fremdkörperentfernung' + }, + { + OPSC_4: '8-11', + OPS_Gruppen_Text: 'Extrakorporale Stoßwellentherapie' + }, + { + OPSC_4: '8-12', + OPS_Gruppen_Text: 'Manipulationen am Verdauungstrakt' + }, + { + OPSC_4: '8-13', + OPS_Gruppen_Text: 'Manipulationen am Harntrakt' + }, + { + OPSC_4: '8-14', + OPS_Gruppen_Text: 'Andere Formen von therapeutischer Katheterisierung und Kanüleneinlage' + }, + { + OPSC_4: '8-15', + OPS_Gruppen_Text: 'Therapeutische Aspiration und Entleerung durch Punktion' + }, + { + OPSC_4: '8-17', + OPS_Gruppen_Text: 'Spülung (Lavage)' + }, + { + OPSC_4: '8-19', + OPS_Gruppen_Text: 'Verbände und Entfernung von erkranktem Gewebe an Haut und Unterhaut' + }, + { + OPSC_4: '8-20', + OPS_Gruppen_Text: 'Geschlossene Reposition einer Fraktur und Gelenkluxation ohne Osteosynthese' + }, + { + OPSC_4: '8-21', + OPS_Gruppen_Text: 'Forcierte Korrektur von Adhäsionen und Deformitäten' + }, + { + OPSC_4: '8-22', + OPS_Gruppen_Text: 'Herstellung und Anpassung von Gesichtsepithesen' + }, + { + OPSC_4: '8-31', + OPS_Gruppen_Text: 'Immobilisation mit Gipsverband' + }, + { + OPSC_4: '8-39', + OPS_Gruppen_Text: 'Lagerungsbehandlung' + }, + { + OPSC_4: '8-40', + OPS_Gruppen_Text: 'Extension am Skelett' + }, + { + OPSC_4: '8-41', + OPS_Gruppen_Text: 'Extension der Wirbelsäule' + }, + { + OPSC_4: '8-50', + OPS_Gruppen_Text: 'Kontrolle von Blutungen durch Tamponaden' + }, + { + OPSC_4: '8-51', + OPS_Gruppen_Text: + 'Manipulation an Fetus oder Uterus während der Gravidität oder direkt postpartal' + }, + { + OPSC_4: '8-52', + OPS_Gruppen_Text: 'Strahlentherapie' + }, + { + OPSC_4: '8-53', + OPS_Gruppen_Text: 'Nuklearmedizinische Therapie' + }, + { + OPSC_4: '8-54', + OPS_Gruppen_Text: 'Zytostatische Chemotherapie, Immuntherapie und antiretrovirale Therapie' + }, + { + OPSC_4: '8-55', + OPS_Gruppen_Text: 'Frührehabilitative Komplexbehandlung' + }, + { + OPSC_4: '8-56', + OPS_Gruppen_Text: 'Physikalisch-therapeutische Einzelmaßnahmen' + }, + { + OPSC_4: '8-60', + OPS_Gruppen_Text: 'Hyperthermie und Hypothermie' + }, + { + OPSC_4: '8-63', + OPS_Gruppen_Text: 'Elektrostimulation des Nervensystems' + }, + { + OPSC_4: '8-64', + OPS_Gruppen_Text: 'Elektrische Konversion des Herzrhythmus' + }, + { + OPSC_4: '8-65', + OPS_Gruppen_Text: 'Elektrotherapie' + }, + { + OPSC_4: '8-66', + OPS_Gruppen_Text: 'Dauer der Behandlung durch fokussierten Ultraschall' + }, + { + OPSC_4: '8-70', + OPS_Gruppen_Text: 'Zugang bei maschineller Beatmung und Maßnahmen zum Offenhalten der Atemwege' + }, + { + OPSC_4: '8-71', + OPS_Gruppen_Text: + 'Maschinelle Beatmung und Atemunterstützung über Maske oder Tubus und Beatmungsentwöhnung' + }, + { + OPSC_4: '8-72', + OPS_Gruppen_Text: 'Sauerstoffzufuhr' + }, + { + OPSC_4: '8-77', + OPS_Gruppen_Text: 'Maßnahmen im Rahmen der Reanimation' + }, + { + OPSC_4: '8-80', + OPS_Gruppen_Text: 'Transfusion von Blutzellen' + }, + { + OPSC_4: '8-81', + OPS_Gruppen_Text: + 'Transfusion von Plasma, Plasmabestandteilen und Infusion von Volumenersatzmitteln' + }, + { + OPSC_4: '8-82', + OPS_Gruppen_Text: 'Plasmapherese, Adsorption und verwandte Verfahren' + }, + { + OPSC_4: '8-83', + OPS_Gruppen_Text: 'Therapeutische Katheterisierung und Kanüleneinlage in Gefäße' + }, + { + OPSC_4: '8-84', + OPS_Gruppen_Text: '(Perkutan-)transluminale Stentimplantation' + }, + { + OPSC_4: '8-85', + OPS_Gruppen_Text: 'Extrakorporale Zirkulation und Behandlung von Blut' + }, + { + OPSC_4: '8-86', + OPS_Gruppen_Text: + 'Autogene und allogene Stammzelltherapie und lokale Therapie mit Blutbestandteilen und Hepatozyten' + }, + { + OPSC_4: '8-90', + OPS_Gruppen_Text: 'Anästhesie' + }, + { + OPSC_4: '8-91', + OPS_Gruppen_Text: 'Schmerztherapie' + }, + { + OPSC_4: '8-92', + OPS_Gruppen_Text: 'Neurologisches Monitoring' + }, + { + OPSC_4: '8-93', + OPS_Gruppen_Text: 'Monitoring von Atmung, Herz und Kreislauf' + }, + { + OPSC_4: '8-97', + OPS_Gruppen_Text: 'Multimodale Komplexbehandlung' + }, + { + OPSC_4: '8-98', + OPS_Gruppen_Text: 'Sonstige multimodale Komplexbehandlung' + }, + { + OPSC_4: '8-99', + OPS_Gruppen_Text: 'Zusatzinformationen zu nicht operativen therapeutischen Maßnahmen' + }, + { + OPSC_4: '9-26', + OPS_Gruppen_Text: 'Geburtsbegleitende Maßnahmen' + }, + { + OPSC_4: '9-27', + OPS_Gruppen_Text: 'Behandlung wegen Infertilität' + }, + { + OPSC_4: '9-28', + OPS_Gruppen_Text: 'Behandlung während der Schwangerschaft' + }, + { + OPSC_4: '9-31', + OPS_Gruppen_Text: 'Phoniatrische und pädaudiologische Komplexbehandlung' + }, + { + OPSC_4: '9-32', + OPS_Gruppen_Text: 'Therapie von Stimm-, Sprach-, Sprech-, Schluckstörungen und Hörstörungen' + }, + { + OPSC_4: '9-40', + OPS_Gruppen_Text: 'Psychosoziale, psychosomatische und neuropsychologische Therapie' + }, + { + OPSC_4: '9-41', + OPS_Gruppen_Text: 'Psychotherapie' + }, + { + OPSC_4: '9-50', + OPS_Gruppen_Text: 'Präventive Maßnahmen' + }, + { + OPSC_4: '9-51', + OPS_Gruppen_Text: 'Ergänzende kommunikative Maßnahmen' + }, + { + OPSC_4: '9-60', + OPS_Gruppen_Text: + 'Regelbehandlung bei psychischen und psychosomatischen Störungen und Verhaltensstörungen bei Erwachsenen' + }, + { + OPSC_4: '9-61', + OPS_Gruppen_Text: + 'Intensivbehandlung bei psychischen und psychosomatischen Störungen und Verhaltensstörungen bei Erwachsenen' + }, + { + OPSC_4: '9-62', + OPS_Gruppen_Text: + 'Psychotherapeutische Komplexbehandlung bei psychischen und psychosomatischen Störungen und Verhaltensstörungen bei Erwachsenen' + }, + { + OPSC_4: '9-63', + OPS_Gruppen_Text: + 'Psychosomatisch-psychotherapeutische Komplexbehandlung bei psychischen und psychosomatischen Störungen und Verhaltensstörungen bei Erwachsenen' + }, + { + OPSC_4: '9-64', + OPS_Gruppen_Text: + 'Zusatzinformationen zur Behandlung bei psychischen und psychosomatischen Störungen und Verhaltensstörungen bei Erwachsenen' + }, + { + OPSC_4: '9-65', + OPS_Gruppen_Text: + 'Psychiatrisch-psychosomatische Regelbehandlung bei psychischen und psychosomatischen Störungen und Verhaltensstörungen bei Kindern und Jugendlichen' + }, + { + OPSC_4: '9-67', + OPS_Gruppen_Text: + 'Psychiatrisch-psychosomatische Intensivbehandlung bei psychischen und psychosomatischen Störungen und Verhaltensstörungen bei Kindern und Jugendlichen' + }, + { + OPSC_4: '9-68', + OPS_Gruppen_Text: + 'Psychiatrisch-psychosomatische Behandlung im besonderen Eltern-Kind-Setting bei psychischen und psychosomatischen Störungen und Verhaltensstörungen bei Kindern und Jugendlichen' + }, + { + OPSC_4: '9-69', + OPS_Gruppen_Text: + 'Zusatzinformationen zur Behandlung bei psychischen und psychosomatischen Störungen und Verhaltensstörungen bei Kindern und Jugendlichen' + }, + { + OPSC_4: '9-70', + OPS_Gruppen_Text: + 'Spezifische Behandlung bei psychischen und psychosomatischen Störungen und Verhaltensstörungen bei Erwachsenen' + }, + { + OPSC_4: '9-80', + OPS_Gruppen_Text: + 'Spezifische Behandlung bei psychischen und psychosomatischen Störungen und Verhaltensstörungen bei Kindern und Jugendlichen' + }, + { + OPSC_4: '9-98', + OPS_Gruppen_Text: 'Pflegebedürftigkeit und teilstationäre pädiatrische Behandlung' + }, + { + OPSC_4: '9-99', + OPS_Gruppen_Text: 'Obduktion und nicht belegte Schlüsselnummern' + } +]; diff --git a/ovis/runtime/mongodb/ovis-catalogue.json b/ovis/runtime/mongodb/ovis-catalogue.json new file mode 100644 index 00000000..0967ef42 --- /dev/null +++ b/ovis/runtime/mongodb/ovis-catalogue.json @@ -0,0 +1 @@ +{} diff --git a/ovis/vars b/ovis/vars new file mode 100644 index 00000000..062ef924 --- /dev/null +++ b/ovis/vars @@ -0,0 +1,62 @@ +PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem +BROKER_URL_FOR_PREREQ=${OVIS_PREREQ_URL:-https://github.com} + +: ${ENABLE_OVIS:=true} +: ${REQUIRES_BEAM:=false} +: ${OVIS_PUBLIC_BASE_PATH:=/ovis} +: ${OVIS_PUBLIC_ORIGIN:=https://${HOST}} +: ${KEYCLOAK_HTTP_RELATIVE_PATH:=${OVIS_PUBLIC_BASE_PATH}/keycloak} +: ${OVIS_KEYCLOAK_HOSTNAME:=${HOST}} +: ${OVIS_IMPORT_MODE:=demo} +: ${OVIS_GENERAL_IMAGE_NAMESPACE:=thewindmom} +: ${OVIS_IMAGE_TAG:=latest} +: ${PUBLIC_LOGIN_ENABLED:=false} +: ${PUBLIC_LDAP_ENABLED:=false} +: ${PUBLIC_SYSTEM_START_LANGUAGE:=en} +: ${PUBLIC_NAV_STUDY_ENABLED:=false} +: ${PUBLIC_NAV_USER_MANAGEMENT_ENABLED:=true} +: ${OVIS_SITE_CONFIG_DIR:=/etc/bridgehead/ovis} +: ${OVIS_RUNTIME_DIR:=$(pwd)/ovis/runtime} +: ${OVIS_SITE_DOWNLOADS_DIR:=${OVIS_RUNTIME_DIR}/downloads} +: ${OVIS_SITE_CERTS_DIR:=${OVIS_RUNTIME_DIR}/certs} +: ${OVIS_SITE_KEYCLOAK_REALM_FILE:=${OVIS_RUNTIME_DIR}/keycloak/ovis-realm.json} +: ${OVIS_CATALOGUE_FILE:=${OVIS_RUNTIME_DIR}/mongodb/ovis-catalogue.json} +: ${OVIS_MONGO_INIT_FILE:=${OVIS_RUNTIME_DIR}/mongodb/initdb.js} +: ${OVIS_OPS4_FILE:=${OVIS_RUNTIME_DIR}/mongodb/ops4.mjs} +: ${OVIS_CREDOS_EXPORT_DIR:=${OVIS_RUNTIME_DIR}/input/CREDOSExportFiles} + +if [ "${ENABLE_OVIS}" = "true" ]; then + mkdir -p /var/cache/bridgehead/ovis || fail_and_report 1 "Failed to create /var/cache/bridgehead/ovis" + OVIS_CREDENTIALS_FILE=${OVIS_CREDENTIALS_FILE:-/var/cache/bridgehead/ovis/credentials.env} + + ovis_random_secret() { + openssl rand -hex 24 + } + + if [ ! -f "$OVIS_CREDENTIALS_FILE" ]; then + umask 077 + { + printf ': ${DB:=onc_test}\n' + printf ': ${EXPRESS_AUTH_USERNAME:=ovis-express}\n' + printf ': ${EXPRESS_AUTH_PASSWORD:=%s}\n' "$(ovis_random_secret)" + printf ': ${KEYCLOAK_ADMIN:=ovis-admin}\n' + printf ': ${KEYCLOAK_ADMIN_PASSWORD:=%s}\n' "$(ovis_random_secret)" + printf ': ${KEYCLOAK_REALM:=ovis}\n' + printf ': ${KEYCLOAK_CLIENT_ID:=ovis_client}\n' + printf ': ${KEYCLOAK_CLIENT_SECRET:=%s}\n' "$(ovis_random_secret)" + printf ': ${KEYCLOAK_ADMIN_CLIENT_ID:=admin-cli}\n' + printf ': ${KEYCLOAK_ADMIN_CLIENT_SECRET:=%s}\n' "$(ovis_random_secret)" + printf ': ${OVIS_ROOT_USERNAME:=ovis-root}\n' + printf ': ${OVIS_ROOT_PASSWORD:=%s}\n' "$(ovis_random_secret)" + printf ': ${POSTGRES_DB:=keycloak}\n' + printf ': ${POSTGRES_USER:=ovis_keycloak}\n' + printf ': ${POSTGRES_PASSWORD:=%s}\n' "$(ovis_random_secret)" + } > "$OVIS_CREDENTIALS_FILE" + fi + if [ "$(id -u)" -eq 0 ] && id bridgehead >/dev/null 2>&1; then + chown bridgehead /var/cache/bridgehead/ovis "$OVIS_CREDENTIALS_FILE" + fi + chmod 700 /var/cache/bridgehead/ovis + chmod 600 "$OVIS_CREDENTIALS_FILE" + source "$OVIS_CREDENTIALS_FILE" +fi