diff --git a/.github/scripts/install-blazectl.sh b/.github/scripts/install-blazectl.sh new file mode 100755 index 0000000..5f561bd --- /dev/null +++ b/.github/scripts/install-blazectl.sh @@ -0,0 +1,8 @@ +#!/bin/bash -e + +VERSION="0.13.0" + +curl -sLO "https://github.com/samply/blazectl/releases/download/v$VERSION/blazectl-$VERSION-linux-amd64.tar.gz" +tar xzf "blazectl-$VERSION-linux-amd64.tar.gz" +rm "blazectl-$VERSION-linux-amd64.tar.gz" +sudo mv ./blazectl /usr/local/bin/blazectl diff --git a/.github/scripts/test-consent-queries.sh b/.github/scripts/test-consent-queries.sh new file mode 100755 index 0000000..424939d --- /dev/null +++ b/.github/scripts/test-consent-queries.sh @@ -0,0 +1,21 @@ +#!/bin/bash -e + +SCRIPT_DIR="$(dirname "$(readlink -f "$0")")" +. "$SCRIPT_DIR/util.sh" + +BASE="http://localhost:8081/fhir" +PERMIT_URI="$BASE/Consent?mii-provision-provision-code-type=2.16.840.1.113883.3.1937.777.24.5.1.1\$permit" +DENY_URI="$BASE/Consent?mii-provision-provision-code-type=2.16.840.1.113883.3.1937.777.24.5.1.1\$deny" + +count() { + RESP=$(curl -sH 'Prefer: handling=strict' -H 'Accept: application/fhir+json' "$1") + + if [ "$(echo "$RESP" | jq -r .resourceType)" = "OperationOutcome" ]; then + echo "$RESP" | jq -r .issue[].diagnostics + else + echo "$RESP" | jq -r .total + fi +} + +test "permit count" "$(count "$PERMIT_URI")" "1" +test "permit count" "$(count "$DENY_URI")" "0" diff --git a/.github/scripts/util.sh b/.github/scripts/util.sh new file mode 100644 index 0000000..3342000 --- /dev/null +++ b/.github/scripts/util.sh @@ -0,0 +1,19 @@ +#!/bin/bash -e + +test() { + if [ "$2" = "$3" ]; then + echo "OK: the $1 is $3" + else + echo "Fail: the $1 is $2, expected $3" + exit 1 + fi +} + +test-le() { + if [ "$2" -le "$3" ]; then + echo "OK: the $1 of $2 is <= $3" + else + echo "Fail: the $1 is $2, expected <= $3" + exit 1 + fi +} diff --git a/.github/scripts/wait-for-url.sh b/.github/scripts/wait-for-url.sh new file mode 100755 index 0000000..a06481f --- /dev/null +++ b/.github/scripts/wait-for-url.sh @@ -0,0 +1,14 @@ +#!/bin/bash -e + +URL=$1 +START_EPOCH="$(date +"%s")" + +eclipsed() { + EPOCH="$(date +"%s")" + echo $((EPOCH - START_EPOCH)) +} + +# wait at maximum 120 seconds +while [[ ($(eclipsed) -lt 120) && ("$(curl -s -o /dev/null -w '%{response_code}' "$URL")" != "200") ]]; do + sleep 2 +done diff --git a/num-node/testdata/test-patient-all.json b/.github/test-data/test-patient-all.json similarity index 100% rename from num-node/testdata/test-patient-all.json rename to .github/test-data/test-patient-all.json diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ca61550..2f03892 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,69 +9,39 @@ on: pull_request: branches: - main - -env: - TEST_DATA_REF: v0.2.0 - TEST_DATA_PATH: test/data-to-sq - AUTH_USERNAME: "codex-developer" - AUTH_PASSWORD: "codex" + - develop jobs: - - test: + lint: runs-on: ubuntu-latest steps: - - name: Checkout Deploy Repo - uses: actions/checkout@v2 - - - name: Checkout Test Data Repo - uses: actions/checkout@v2 - with: - repository: num-codex/codex-testdata-to-sq - ref: ${{ env.TEST_DATA_REF }} - path: ${{ env.TEST_DATA_PATH }} + - name: Check out Git repository + uses: actions/checkout@v3 - - name: Cache Test Data - id: cache-test-data - uses: actions/cache@v2 + - name: Check shell scripts + uses: ludeeus/action-shellcheck@master with: - path: ${{ env.TEST_DATA_PATH }}/testCases - key: testcases-${{ hashFiles('**/*.json') }} + ignore_paths: .github/scripts - - name: Setup Python - if: steps.cache-test-data.outputs.cache-hit != 'true' - uses: actions/setup-python@v2 + test-feasibility-triangle-fhir-server: + runs-on: ubuntu-latest - - name: Generate Test Data - if: steps.cache-test-data.outputs.cache-hit != 'true' - working-directory: ${{ env.TEST_DATA_PATH }} - run: python main.py + steps: + - name: Check out Git repository + uses: actions/checkout@v3 - - name: Setup Base Auth - run: bash num-node/setup-base-auth.sh "${{ env.AUTH_USERNAME }}" "${{ env.AUTH_PASSWORD }}" + - name: Install Blazectl + run: .github/scripts/install-blazectl.sh - - name: Build the stack - env: - CODEX_DSF_DIC_FHIR_APP_JVM_ARGS: -Xmx1g - CODEX_DSF_DIC_BPE_APP_JVM_ARGS: -Xmx500m - CODEX_DSF_ZARS_FHIR_APP_JVM_ARGS: -Xmx1g - CODEX_DSF_ZARS_BPE_APP_JVM_ARGS: -Xmx500m - CODEX_FEASIBILITY_BACKEND_API_BASE_URL: http://localhost:8091/api/ - run: ./start-zars-and-num-node.sh --disable-result-obfuscation + - name: Start Blaze FHIR Server + run: docker-compose -f feasibility-triangle/fhir-server/docker-compose.yml up -d - - name: Wait for FHIR Server Running - uses: ifaxity/wait-on-action@v1 - with: - resource: http://localhost:8081/health - timeout: 60000 + - name: Wait for Blaze FHIR Server + run: .github/scripts/wait-for-url.sh http://localhost:8081/health - - name: Initialize Test Data - run: bash num-node/init-testdata.sh + - name: Load Data + run: blazectl --no-progress --server http://localhost:8081/fhir upload .github/test-data - - name: Run tests - env: - TERM: "xterm" - QUERY_ENDPOINT_URL: "http://localhost:8091/api/v1/query-handler/run-query" - AUTH_TOKEN_REQUEST_URL: "https://localhost:8443/auth/realms/codex-develop/protocol/openid-connect/token" - run: test/run_tests.sh + - name: Run Test Queries + run: .github/scripts/test-consent-queries.sh diff --git a/.gitignore b/.gitignore index abd02b3..740105a 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,8 @@ test/testdata num-node/testdata !num-node/testdata/test-patient-all.json start-zars-and-num-node-all.sh +.env +deploy-config.json +*.pem +!ca.pem +.htpasswd diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..d2f3a75 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,88 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +## Component specific changes + +Please refer to the respective repositories for a more in depth changelog of single components: + +|Component|Link| +|--|--| +|UI|| +|Ontology Generation|| +|Backend|| +|AKTIN Broker|| +|AKTIN Feasibility Plugin|| +|DSF Feasibility Plugin|| +|FLARE|| +|Blaze FHIR server|| + +## [3.0.0] - 2023-08-08 + +### Overall + +- Updated all components and underlying libraries to the new versions +- Updated all components to version compatible with ontology version 2.0 +- Adjusted readme to reflect changes in the underlying components + +### Features + +| Feature | Affected Components | +| -- | -- | +|Added support for referenced criteria|UI, backend, Ontology, Sq2cql, FLARE| +|Added support for composite search parameters|UI, SQ, Ontology, Sq2cql, FLARE| +|Updated to new DSF version v1.0.0 compatible with new DSF verison v1.x | Backend, DSF feasibility plugin| +|Added Dateselection|UI| +|Update ontology to new ontology generation and added ontology to images directly| Ontology, Backend, FLARE| +|Added encrypted result logging| Backend| +|Add support for self-signed certificates| Backend, FLARE, DSF feasibility plugin | + + +## [2.1.0] - 2023-07-25 + +### Overall + +- Updated AKTIN Client to 1.6.0: Fix websocket timeout and improve error handling - +- Updated FLARE to 1.0: Fix Execution Operation - +- Updated Blaze to 0.22: implements $everything, adds basic frontend, Support for Custom Search Parameters +- Added Troubleshooting specific for triangle +- Update testdata repo from MII + + +## [2.0.0] - 2023-03-29 + +### Overall + +- Updated all components and underlying libraries to the new versions +- Updated UI to angular 15 +- Updated keycloak to 21.0 +- Updated nginx to 1.23 +- Refactored deploy repository - removed DSF from this deployment and added reference to DSF deployment in Readme +- Removed hapi fhir-server from deployment + +### Features + +| Feature | Affected Components | +| -- | -- | +|Added calculated criterion age|Ontology, Sq2cql, FLARE| +|Improved at site obfuscation|DSF Feasibility Plugin, AKTIN Client| +|Added SQ query import and export|UI| +|Improved FHIR query execution and result caching |FLARE| +|Update Consent to new search params and add central MII consent query|UI, Ontology| +|Update ontology to newest KDS version| Ontology| +|Update AKTIN client to new version, move query handling to Java plugin and add query validation|AKTIN client| +|SQ query validation|Backend, AKTIN client| +|Add CQL execution to direct broker| Backend| + +### Security and Privacy + +| Feature | Affected Components | +| - | - | +|Added extra security measures, which restrict number queries a user can send and results a user can view|UI, Backend| +|Improved at site obfuscation|DSF Feasibility Plugin, Aktin Client| +|Hard rate limit at sites for AKTIN and DSF feasibility plugins|DSF feasibility plugin, AKTIN Client| +|Query results are no longer persisted and only kept in memory for a configurable amount of time|Backend| +|Delete query results from central DSF and AKTIN broker on collection|Backend| +|User blacklisting if too many queries are sent in a given time|Backend| + +## [1.6.0] - 2022-09-08 diff --git a/Feasibility-Query.md b/Feasibility-Query.md index 08a17cc..c217912 100644 --- a/Feasibility-Query.md +++ b/Feasibility-Query.md @@ -88,66 +88,67 @@ A JSON schema of the ui ontology tree can be found here: -### Codex Code Tree +### Code Tree This file contains a code tree, which allows the query translators to resolve (find) all the children for a "code" (criterion) inside a vocabulary. This then allows the final search query to search not only for a particular criterion, but also search for all the respective children. Following the children element of the code tree would for example resolve I09 () to I09,I09.0,I09.1,I09.2,I09.8,I09.9 -A JSON schema of the Codex Code Tree can be found here: +A JSON schema of the code tree can be found here:
- Codex Code Tree - Example Excerpt + Code Tree - Example Excerpt ```json { - "children": [ +"children": [ { - "children": [], - "termCode": { - "code": "I09.0", - "display": "Rheumatische Myokarditis", - "system": "http://fhir.de/CodeSystem/dimdi/icd-10-gm" - } + "termCode": { + "code": "I09.2", + "display": "Chronische rheumatische Perikarditis", + "system": "http://fhir.de/CodeSystem/bfarm/icd-10-gm", + "version": "2023" + } }, { - "children": [], - "termCode": { - "code": "I09.1", - "display": "Rheumatische Krankheiten des Endokards, Herzklappe nicht n\u00e4her bezeichnet", - "system": "http://fhir.de/CodeSystem/dimdi/icd-10-gm" - } + "termCode": { + "code": "I09.9", + "display": "Rheumatische Herzkrankheit, nicht n\u00e4her bezeichnet", + "system": "http://fhir.de/CodeSystem/bfarm/icd-10-gm", + "version": "2023" + } }, { - "children": [], - "termCode": { - "code": "I09.2", - "display": "Chronische rheumatische Perikarditis", - "system": "http://fhir.de/CodeSystem/dimdi/icd-10-gm" - } + "termCode": { + "code": "I09.1", + "display": "Rheumatische Krankheiten des Endokards, Herzklappe nicht n\u00e4her bezeichnet", + "system": "http://fhir.de/CodeSystem/bfarm/icd-10-gm", + "version": "2023" + } }, { - "children": [], - "termCode": { - "code": "I09.8", - "display": "Sonstige n\u00e4her bezeichnete rheumatische Herzkrankheiten", - "system": "http://fhir.de/CodeSystem/dimdi/icd-10-gm" - } + "termCode": { + "code": "I09.0", + "display": "Rheumatische Myokarditis", + "system": "http://fhir.de/CodeSystem/bfarm/icd-10-gm", + "version": "2023" + } }, { - "children": [], - "termCode": { - "code": "I09.9", - "display": "Rheumatische Herzkrankheit, nicht n\u00e4her bezeichnet", - "system": "http://fhir.de/CodeSystem/dimdi/icd-10-gm" - } + "termCode": { + "code": "I09.8", + "display": "Sonstige n\u00e4her bezeichnete rheumatische Herzkrankheiten", + "system": "http://fhir.de/CodeSystem/bfarm/icd-10-gm", + "version": "2023" + } } - ], - "termCode": { +], +"termCode": { "code": "I09", "display": "Sonstige rheumatische Herzkrankheiten", - "system": "http://fhir.de/CodeSystem/dimdi/icd-10-gm" - } + "system": "http://fhir.de/CodeSystem/bfarm/icd-10-gm", + "version": "2023" +} } ```
@@ -156,7 +157,7 @@ A JSON schema of the Codex Code Tree can be found here: @@ -174,17 +178,19 @@ A JSON schema of the Codex Code Tree can be found here: Term Code Mapping - Excerpt Laboratory Value ```json -{ - "fhirResourceType": "Observation", - "fixedCriteria": [], - "key": { - "code": "76769-9", - "display": "Hemoglobin [Mass/volume] in Venous blood by Oximetry", - "system": "http://loinc.org" - }, - "termCodeSearchParameter": "code", - "valueSearchParameter": "value-quantity" - } +{{ + "fhirResourceType": "Observation", + "key": { + "code": "76769-9", + "display": "Hemoglobin [Mass/volume] in Venous blood by Oximetry", + "system": "http://loinc.org" + }, + "termCodeSearchParameter": "code", + "timeRestrictionParameter": "date", + "timeRestrictionPath": "effective", + "valueFhirPath": "value", + "valueSearchParameter": "value-quantity" + } ``` @@ -193,28 +199,17 @@ A JSON schema of the Codex Code Tree can be found here: diff --git a/README.md b/README.md index 3ab4a2e..d16ab08 100644 --- a/README.md +++ b/README.md @@ -1,176 +1,20 @@ -![CI](https://github.com/num-codex/codex-deploy/actions/workflows/ci.yml/badge.svg) +# Feasibility Deploy -# codex-deploy +[![version](https://img.shields.io/badge/version-2.0.0-green.svg)](https://github.com/medizininformatik-initiative/feasibility-deploy/releases) -This codex deployment Repo offers an example deployment repository using Docker-compose and official codex images to setup an example environment. +This feasibility deployment repository offers an example deployment repository using docker-compose and official images to set up a feasibility portal (central) as well as feasibility triangle (decentral - at site) It is divided into two parts: -A "ZARS" (Zentrale Antrags- und Registerstelle - Central Application and Registration Center) part, which creates a deployment of the centralized components neccessary for the deployment of the dezentralized feasibility query tool. +A feasibility portal part, which creates a deployment of the centralized components necessary for the deployment of the decentralized feasibility query tool. -A "Num-Node" part, which provides a deployment for the decenctralized components +A feasibility triangle part, which provides a deployment for the decentralized components. -
- -
Figure 1 - Overview Codex AP2 - Feasibility Queries
-
+## Feasibility Portal (central) -## Initial Setup +See: `feasibility-portal/README.md` of this repository. -### Step 1 - Initialise certificates +## Feasibility Triangle (decentral) -Use the `setup-all-base-auth.sh ` to initialise the deployment with self signed certificates and setup basic auth for the num node.The `setup-all-base-auth.sh` requires two arguments. First the username, second the password for the user. -This sets up a user and basic auth authentication for the FHIR server of the num-node and creates two sets of self signed certificates (cert.pem, key.pem) in the `num-node/auth` and `zars/auth`folders. - - -### Step 2 - Start Zars and Num-Node - -Use the `start-zars-and-num-node.sh` to start up the ZARS and num node. - -Additional flags are explained when running `start-zars-and-num-node.sh -h`. - - -### Step 3 - Restrict rights for certificates - -Once keycloak has successfully started up, set the rights of the certificate files to 600. - -`chmod 600 zars/auth/* num-node/auth/*` - - -### Step 4 - Initialise test data (optional) - -If you would like to test your setup you can initialise the testdata provided with this repository - -`cd num-node && bash init-testdata.sh` - - -## Exposed Services - -Services exposed via the two nginx reverse proxys provided: - -| Service | URL | Part of | Default User | Default Password | -|------------------------------|--------------------------------------------------|----------|---------------------|-----------| -| Feasibility GUI | | ZARS | codex-developer | codex | -| Feasibility UI backend | | ZARS | connect via keycloak| - | -| Keycloak | | ZARS | admin | admin | -| (GECCO) FHIR Server | | Num-Node | - | - | -| Flare | | Num-Node | - | - | - - -Direct (non reverse proxy) access to the services: - -| Service | URL | Part of | Default User | Default Password | -|------------------------------|--------------------------------------------------|----------|--------------|------------------| -| feasibility backend | | ZARS | - | - | -| flare zars (for translation) | | ZARS | - | - | -| Aktin Broker | | ZARS | admin | changeme | -| keycloak | | ZARS | admin | admin | -| flare num node | | Num-Node | - | - | -| FHIR Server | | Num-Node | - | - | - - -## Certificates - -Both the ZARS as well as the Num-Node require certificates to be set up as these are required to run the system with HTTPS on deployment. -If you have followed the setup steps above, you should have self signed certificates set up in the respective `auth` folders. -To install your own certificates stop the ZARS and num node (`stop-zars-and-num-nodes.sh`) and replace the respective cert.pem and key.pem with your own files (note: the file name has to stay the same). - -Startup the services again `start-zars-and-num-node.sh`. - - -## Sending your first feasibility request - -Please be aware, that we are using self-signed certificates in the initial setup, which your browser will flag and for some browsers will not allow you to continue to the websites. - -We found that firefox works best. Navigate to the respective service exposed via the nginx webservers above and accept the risk. - -After setting up your FHIR server, check if the FHIR server contains some test data: - (user and password as set before) - -Access the user interface and log in: -- username: codex-developer -- password: codex - -If you have loaded the test data provided with the repository you can create a query with one inclusion criterion "Biologisches Geschlecht" = female. -This criterion can be found under "Demographie" > "Biologisches Geschlecht". - -It will take a couple of seconds, but should the user interface should then return "1". - -## Sending a feasibility request via REST - -You can also send a request to the UI backend via REST. - - -``` bash -# request access token -curl -k --location --request POST 'https://localhost/auth/realms/codex-develop/protocol/openid-connect/token' \ ---header 'Content-Type: application/x-www-form-urlencoded' \ ---data-urlencode 'grant_type=password' \ ---data-urlencode 'client_id=feasibility-gui' \ ---data-urlencode 'scope=openid' \ ---data-urlencode 'username=codex-developer' \ ---data-urlencode 'password=codex' - -# run query -curl -k --location --request POST 'https://localhost/api/v1/query-handler/run-query' \ ---header 'Authorization: Bearer ' \ ---header 'Content-Type: application/json' \ ---header 'Cookie: JSESSIONID=node0v3dnl2dqawhlbymawm3cl7ib22.node0' \ ---data-raw '{ - "version": "http://to_be_decided.com/draft-1/schema#", - "inclusionCriteria": [ - [ - { - "termCode": { - "code": "76689-9", - "system": "http://loinc.org", - "display": "Sex assigned at birth" - }, - "valueFilter": { - "type": "concept", - "selectedConcepts": [ - { - "code": "female", - "system": "http://hl7.org/fhir/administrative-gender", - "display": "Female" - } - ] - } - } - ] - ], - "display": "" -}' - -# get query result -curl -k --location --request GET '' \ ---header 'Authorization: Bearer ' \ ---header 'Content-Type: application/json' -``` - -## Components - -The following components alongside their versions are used within this deployment: - -### NUM-Node -| Component | Version | -|-----------|---------| -|aktin-client|1.3.0| -|codex-processes-ap2/fhir|0.1.0-rc5| -|codex-processes-ap2/bpe|0.1.0-rc5| -|num-codex/blaze|0.0.2| -|hapi-fhir-jpaserver-starter|5.2.0-distroless| -|codex-flare|0.0.5| -|nginx-unprivileged|1.20-alpine| - -### ZARS: -| Component | Version | -|-----------|---------| -|aktin-broker|1.3.0| -|codex-feasibility-backend|0.0.6| -|codex-processes-ap2/fhir|0.1.0-rc5| -|codex-processes-ap2/bpe|0.1.0-rc5| -|codex-flare|0.0.5| -|codex-feasibility-gui|0.1.1| -|codex-keycloak|0.0.1| +See: `feasibility-triangle/README.md` of this repository. diff --git a/assets/codex-process-feasibility-0.1.0-RC6.jar b/assets/codex-process-feasibility-0.1.0-RC6.jar deleted file mode 100644 index 03075df..0000000 Binary files a/assets/codex-process-feasibility-0.1.0-RC6.jar and /dev/null differ diff --git a/assets/hapi-fhir-client-5.1.0.jar b/assets/hapi-fhir-client-5.1.0.jar deleted file mode 100644 index 9116733..0000000 Binary files a/assets/hapi-fhir-client-5.1.0.jar and /dev/null differ diff --git a/auth/cert.pem b/auth/cert.pem deleted file mode 100644 index 2efd9ee..0000000 --- a/auth/cert.pem +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFCzCCAvOgAwIBAgIUWoVK9ABtDTEnmyV7kI2ymrPzlDMwDQYJKoZIhvcNAQEL -BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MCAXDTIxMTEwOTE0NTIxN1oYDzIyOTUw -ODI0MTQ1MjE3WjAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwggIiMA0GCSqGSIb3DQEB -AQUAA4ICDwAwggIKAoICAQDmg8xMXKhrCjS68ZSwJQHfwMTddJD0yPNp8q99tMOs -GPJAb1kALKmyXMHJKkbO+7RIJAL8iE74ypcs3peyuux8+RlIExwNJM7xAgWr6Tsq -X7eGgp/1qZxUFRfv2EUjIX3+WQ+Tk764wO2n0O2qO/ORbTTq8v2UJ/5Oy5Kr+sHR -O26err20FJBDjLe5khyayA2j3NhYwADhaS82H8pLSQazxjw4JTOV3fV1X/ILtNrL -3N5N0iDV1zEbCqhT/DKy5VIdVcuNa4iGjvg2RDCSoFT8MWCwUSa8RqgRaYgYNnIE -+4C/DOs9cN/PgyNT0QOT/DL781qVzmnNXDJi0Gc5EjlDsllYBh5r5i63R4DjkXFV -zm2vuOsq4/bCMCmwuQxeq4Sp6rzap5jOhZBiPo6DxlmEpZIvT5veVhJxSQw+fXmr -/TWS5j+xawx+LuULuViFYuY0OSk7b5LPrQEQ3Jf/DcWxDzxYYP/RRhGc/gSA3xEq -SZB8B56szBax6E9HqZx6f8bWWeoNam427bTq9Kd1HL4AhzQoWwsMSgmItMZNKPxI -bRtxBqe54ZqEOpG74qdIdmT2DTvaIVP1t1Wms9kgJqpr2942Y8FGA0n6gFpKyies -Sj+XWslywKrvaU30oWZrKGRpd50NPmRj0jzRioii3QavmfiPjlJcRs76Q+YYo0Ko -qQIDAQABo1MwUTAdBgNVHQ4EFgQU92BGBU0qDcAKADrjWo09AYnqwiAwHwYDVR0j -BBgwFoAU92BGBU0qDcAKADrjWo09AYnqwiAwDwYDVR0TAQH/BAUwAwEB/zANBgkq -hkiG9w0BAQsFAAOCAgEAof09zqk+b5Cs6lW8c/nkpDg3V+lE3Wr7Vg1pts4OUsHK -ssxtNU8Oxt5wRWYShhbvl1XStwvf3OBPdZ9m3us7Uv/4CuDfMHbcsXMOzgYjsfkZ -tBuYwbb4ZqhVw73B6o0Qns2dtmFHlwPPFg8pVRLXYmGufJ7g40wdUd9hdgDbag/t -4/ha417wqHNUikYXWFIRCA6NSeqweKuJzN0vrWPOSfGX4cQbfia3NxiSyGzuADCi -qsOfcViXvgORgUvW6r8xJ4JZ6/UvTeMCAb4TSD3IPt+kPop4AFS9CytZxjAM2Miz -5Lzn4eEsBo/WdJZml0uC04Ovos+IFsqxMETSvJ6E4w8Bv8U96/ZUYVLsWjDbduXk -L+SWNp01eBGxBe7BoWMBkcMldQBW4GdHM/tfVGH3ASVbV3cDDRZ9MJw7JHI00SRD -fcYEKku+eLrANisP0Kjgl9/cYD73zOH13QDrm4YWu8OMO+CMWpCue3ySPsVuVMGX -8UmMCd7/iBqIveamcc4ksPad+bKQTC+tkNZ1pCVJt+QquuQZF3YPHYv3OyKQVvbL -wvCwlHcwmLw2qS7JoUDjiue14SYT1zJhtwuFa/29BqhiI0Hof2LehJYTaCa+o6G5 -MGRRlLezhRQhinw5xPRfWj588zB2ZbiR9nurMIc4RAji+pNPXoraXpoT3H4nSfU= ------END CERTIFICATE----- diff --git a/auth/key.pem b/auth/key.pem deleted file mode 100644 index 9f9e63b..0000000 --- a/auth/key.pem +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQDmg8xMXKhrCjS6 -8ZSwJQHfwMTddJD0yPNp8q99tMOsGPJAb1kALKmyXMHJKkbO+7RIJAL8iE74ypcs -3peyuux8+RlIExwNJM7xAgWr6TsqX7eGgp/1qZxUFRfv2EUjIX3+WQ+Tk764wO2n -0O2qO/ORbTTq8v2UJ/5Oy5Kr+sHRO26err20FJBDjLe5khyayA2j3NhYwADhaS82 -H8pLSQazxjw4JTOV3fV1X/ILtNrL3N5N0iDV1zEbCqhT/DKy5VIdVcuNa4iGjvg2 -RDCSoFT8MWCwUSa8RqgRaYgYNnIE+4C/DOs9cN/PgyNT0QOT/DL781qVzmnNXDJi -0Gc5EjlDsllYBh5r5i63R4DjkXFVzm2vuOsq4/bCMCmwuQxeq4Sp6rzap5jOhZBi -Po6DxlmEpZIvT5veVhJxSQw+fXmr/TWS5j+xawx+LuULuViFYuY0OSk7b5LPrQEQ -3Jf/DcWxDzxYYP/RRhGc/gSA3xEqSZB8B56szBax6E9HqZx6f8bWWeoNam427bTq -9Kd1HL4AhzQoWwsMSgmItMZNKPxIbRtxBqe54ZqEOpG74qdIdmT2DTvaIVP1t1Wm -s9kgJqpr2942Y8FGA0n6gFpKyiesSj+XWslywKrvaU30oWZrKGRpd50NPmRj0jzR -ioii3QavmfiPjlJcRs76Q+YYo0KoqQIDAQABAoICAEjvarS+nItBr213ApS5IN6r -H57yQuswqdPb9arQhxjsy7mXgZGMkCTfNHFx7vWOrnwk6Mz+U/5kG3EW/OiQPENO -jbFAWp/OBaw7949tPEsr/eWRbwtLnyr7gZdh1n5HGpZfl44aMT5DzO5MLOawEWDy -LMwqFhHKlaxYvQ+tR6XsKBQNNfjEiODWpUsR7/sJUUeHmOx708t+fHGjnV40vOok -zuj03F2O3RtGQE9z6caXG7+DvN/sNp1XwerQ4Tm5VUHy43TbkVcB5YdGDBhYoosp -FG61PoxTztmzilwe3fS1nwbUD5phHG+MDqF2gKtSIM+XMBI2PUO86DRbvE1Sdsta -0YIj6xt0u9n74zMfAx5UVNjoXghdTd0vt+KVQZj0bDeyYGYnfUsmPGFsoAHv2NH9 -nXMJ4GwN18gt5WMjudQGxy9rcUcf7Dt4+VoDixuIHM2c+YtRLcxEbGBW5L9NnzsI -NoHKkh0Sbq/vYIgMN1x+ZcGsWbE27Gv7hlDeD1oLDWwu7y9Gga+lViXupM72SEof -vFR5qs4MG3MILIDEtQDlaAIzK+ipff+iqc4vVgwoM/eZr+j1UyMc5reCFK5kHJOR -RttNsmWq05sZ0pPveHHjNyq/fvV2HZ89qQXX0Gkyym4T/B77tigdXilpN0X/yob5 -DfmHNF9OqIMD/zD2gVABAoIBAQD7hY5Nh91wFTr5JZOrwsu0HHNhlIFOO1MvbDeP -qdxCPCRfkXzfF9zcd+b0zJ6VbLIwbX9KRR/qtK/9qnnt4j915i/is9NeXIdJWJv8 -byfZiERY/xTcQ+OWQWFi6eD4Dw5S9mrrppoFg7CMHr7iubT99wbnkfICQerb2izq -LrxYmQrk60Frlr3iP57wrQQ2wHuvH5jh1j+H/YYgGTQCiiCcJLupqhnMUC9dyzK5 -63OQHJG4ESUNEtt9SmIg2Xb2tj1G9zHR7SGHsr2vI0uSPzS0j6fp8UZUsgR62I0g -FPq22kdt2WtRu0BLbnlQ5lcAFl9w2apowmM5WUl7dknWaJuVAoIBAQDqnn3/7kSW -NPVMBWX+S86N1Wr+KpqhT0E0oM2K6dcT4tdWuUkkgrBuiJWlZOBBL/W8dXg6CW+g -QdQv9IU9D5/hDFjoR0rfznDoDpKKrO6umO2VA7oyNUZVQmRfixP7Qyu63xaIENM+ -1Dciro4TQzPXbGtrkFC07AzgYTLK4f0JdQOZyxDdDVKjFyIUcDLvL0qrwPPxUFvh -7f77AL2tru0FZaB8BsNf3/J73m0xxJQhil6iHHPUTXFWXfqWzH6cELqoVEttUFkP -bUmwQX5nKaKzNIDwVFv2zGg5axbm+CSNWL1RJPqE5L7wmuclejUPTXbVG+Z3KybX -ooJoA7J7o3PFAoIBAFduJHok2T+F0bsbacqR6vdP0HfCBHSqQI9CgcnJlMvdVhN2 -Yj62b8qfT0QXAKUWZJZa6Z1qi96tMmPt53ZeaArWmhymv7mUVl6Tk51bEjIWoROC -j8DFRI5NacnVXKM9sI/8IkyJ3A5AqZT7dwUe4qBJRzglzkcknLwRif1Zg5UUlenf -MR1yB81mqhwlOErD+/py9FTEgc8GvKHZwO+FDjLYvfcLLu6LjPuAj8B67O/SToD6 -TLPPs0ZJHfUnQqgdzw0lDkdXs4kVA8SmczWCDRMawJacjQMR4mbFccEOKdx34c54 -fkqp2X6fB0Ks3t8j58c1knvZ3l3oAJgPFTmXoUUCggEAXebtWx+MB+pOOwz2E19X -3mCKoAuBNAq6eEvbuDt7P5RMx4MFCT3dS4ATFM1ZC/4cBj+lzOS17pgqSr89DIFS -ZgpBE0Zla0n+2oHqmOI57Vt7y2ZggXPdIIagEbViW/A4cmSTagYB5mWdY54lcwQ0 -nYXhQH3UL3VCehOs9pKYac6RkF47850/c9Lwaum1GRH+etuRRwX4oGZW5TMYt4kJ -iF1ya/FxBNBnBrixT3f0KbBty8hDe7c7I2wdvXk/O0teybxjK+86lfgRxB+Sbcu2 -OK9M4+N/ozmQhVqdIfgy+PeJXg7EzaeX3EjDNrbAwc0pQIYYKZ31v9xlAShpqR50 -WQKCAQBnds9mHnhVjo/TEYFO6vuxPx+jnpac8Es4znLYQlvu4HxZlRB5G4cxE8PA -BvwNcaU29B0ZqHprRuoZ9Ioff3rfCq5wuUymiaK7k19+PkWzyqZz91wzTCQdOLvk -C6hVy8LrNOfcigJa7L3hiBO0iPeHka2P8/SlcerYEGNBZ2QEy4gVnJG7pilzALPT -8IBRQdSGGYS4SDnhuN5rQGj7Zrx6M/elwYCAWGJgB+q/Kiv5djM1d3f7k4KE1lc/ -YldlMDNg/H3zMja4JaCAAlxVWxxYztfPVLd8RNu6N6yct8JBEymQgi6kHRRkmxUv -J48aZZreEvcSzCyzsc5cntuQmiIF ------END PRIVATE KEY----- diff --git a/down-zars-and-num-node.sh b/down-zars-and-num-node.sh deleted file mode 100755 index 86c8441..0000000 --- a/down-zars-and-num-node.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/usr/bin/env sh - -COMPOSE_PROJECT=codex-deploy - -BASE_DIR="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -printf "Down ZARS components ..." -docker-compose -p $COMPOSE_PROJECT -f $BASE_DIR/zars/keycloak/docker-compose.yml down -docker-compose -p $COMPOSE_PROJECT -f $BASE_DIR/zars/flare/docker-compose.yml down -docker-compose -p $COMPOSE_PROJECT -f $BASE_DIR/zars/backend/docker-compose.yml down -docker-compose -p $COMPOSE_PROJECT -f $BASE_DIR/zars/gui/docker-compose.yml down -docker-compose -p $COMPOSE_PROJECT -f $BASE_DIR/zars/aktin-broker/docker-compose.yml down -sh $BASE_DIR/zars/dsf-broker/down.sh $COMPOSE_PROJECT - -printf "Down Num-Node components ..." -docker-compose -p $COMPOSE_PROJECT -f $BASE_DIR/num-node/aktin-client/docker-compose.yml down -docker-compose -p $COMPOSE_PROJECT -f $BASE_DIR/num-node/flare/docker-compose.yml down -docker-compose -p $COMPOSE_PROJECT -f $BASE_DIR/num-node/fhir-server/blaze-server/docker-compose.yml down -docker-compose -p $COMPOSE_PROJECT -f $BASE_DIR/num-node/fhir-server/hapi-fhir-server/docker-compose.yml down -docker-compose -p $COMPOSE_PROJECT -f $BASE_DIR/num-node/rev-proxy/docker-compose.yml down -sh $BASE_DIR/num-node/dsf-client/down.sh $COMPOSE_PROJECT diff --git a/zars/.gitignore b/feasibility-portal/.gitignore similarity index 81% rename from zars/.gitignore rename to feasibility-portal/.gitignore index 2b3f625..782034e 100644 --- a/zars/.gitignore +++ b/feasibility-portal/.gitignore @@ -5,3 +5,4 @@ keycloak/data /ontology/*.json /ontology/ui_profiles/*.json +/ontology/migration/*.sql diff --git a/feasibility-portal/README.md b/feasibility-portal/README.md new file mode 100644 index 0000000..01e097a --- /dev/null +++ b/feasibility-portal/README.md @@ -0,0 +1,245 @@ +# Feasibility Portal + +The feasibility portal provides a feasibility query user interface with an appropriate backend, query translation to CQL and FHIR Search as well as +the central part of two middlewares for the transfer of the queries from the feasibility portal to the feasibility triangles located at participating sites (hospitals). + + +## Setting up the Feasibility Portal - Local Installation + +### Step 1 - Installation Docker + +The installation of the Feasibility Portal requires Docker (https://docs.docker.com/engine/install/ubuntu/) and docker-compose (https://docs.docker.com/compose/install/). +If not already installed on your VM, install using the links provided above. + +### Step 2 - Clone this Repository to your virtual machine + +ssh to your virtual machine and switch to sudo `sudo -s`. +Designate a folder for your setup in which you clone the deploy repository, we suggest /opt (`cd /opt`) +Navigate to the directory and clone this repository: `git clone https://github.com/medizininformatik-initiative/feasibility-deploy.git` +Navigate to the feasibility-portal folder of the repository: `cd /opt/feasibility-deploy/feasibility-portal` +Checkout the version (git tag) of the feasibility portal you would like to install: `git checkout ` + +### Step 3 - Initialise .env files + +The feasibility portal requires .env files for the docker-compose setup. If you are performing a new setup of the project, execute the `initialise-portal-env-files.sh`. + +If you have set up the portal before, compare the .env to the .env.default env files of each component and copy the additional params as appropriate. + +### Step 4 - Set up SSL certificates + +Running this setup safely at your site requires a valid certificate and domain. Please contact the responsible body of your institution to receive both a domain and certificate. +You will require two .pem files: a cert.pem (certificate) and key.pem (private key). + +Once you have the appropriate certificates you should save them under `/opt/feasibility-deploy/feasibility-portal/auth`. +Set the rights for all files of the auth folder to 655 `chmod 655 /opt/feasibility-deploy/feasibility-portal/auth/*`. + +- Not providing the certificate files is not an option. + +### Step 5 - Load the ontology + +**Note:** The ontology is now part of the image and will not have to be loaded manually. + +### Step 6 - Configure your feasibility portal + +If you use the default local feasibility portal setup you will only have to change the following environment variables: + +| file | environment variable | value for local setup | +|------------------------|--------------------------------------------|--------------------------------------------------------------------| +| keycloak/.env | FEASIBILITY_KC_HOSTNAME_URL | base-url-of-your-local-feasibility-portal/auth | +| keycloak/.env | FEASIBILITY_KC_HOSTNAME_ADMIN_URL | base-url-of-your-local-feasibility-portal/auth/keycloakadmin | +| keycloak/.env | FEASIBILITY_KC_ADMIN_USER | keycloak admin user name | +| keycloak/.env | FEASIBILITY_KC_ADMIN_PW | choose a secure password here e.g. Ykc2PINWatNqL5Wq,OIxFz1Sv3dzmQ2 | +| backend/.env | FEASIBILITY_BACKEND_AKTIN_ENABLED | false | +| backend/.env | FEASIBILITY_BACKEND_DIRECT_ENABLED | true | +| backend/.env | FEASIBILITY_BACKEND_API_BASE_URL | base-url-of-your-local-feasibility-portal/api | +| backend/.env | FLARE_WEBSERVICE_BASE_URL | http://flare:8080 | +| backend/.env | FEASIBILITY_BACKEND_ALLOWED_ORIGINS | base-url-of-your-local-feasibility-portal | +|backend/.env |FEASIBILITY_BACKEND_KEYCLOAK_BASE_URL_ISSUER| base-url-of-your-local-feasibility-portal/auth | +| gui/deploy-config.json | uiBackendApi > baseUrl | base-url-of-your-local-feasibility-portal/api/v3 | +| gui/deploy-config.json | auth > baseUrl | base-url-of-your-local-feasibility-portal | + +Please note that all user env variables (variables containing USER) should be changed and all password variables (variables containing PASSWORD or PW) should be set to secure passwords. + +For more details on the environment variables see the paragraph **Configurable environment variables** of this README. + +### Step 7 - Start the feasibility portal + +To start the portal navigate to `/opt/feasibility-deploy/feasibility-portal` and +execute `bash start-feasibility-portal-local.sh`. + +This starts the following default local feasibility portal, with the following components: + +| Component | url | description | +|-----------|------------------------------------|-------------| +| GUI | https://my-fesibility-domain | | +| Keycloak | https://my-feasibility-domain/auth | | + + +### Step 8 - Configure keycloak and add a user for the user interface + +Please note that the keycloak provided here is an example setup, and we strongly recommend for each site to adjust the keycloak installation to their local security requirements or connect the local feasibility portal to a keycloak already provided at the site. + +Navigate to https://my-fesibility-domain/auth/keycloakadmin/admin +click on "Administration Console" and log in to keycloak using the admin user and password set in step 6 (FEASIBILITY_KC_ADMIN_USER, FEASIBILITY_KC_ADMIN_PW). +User: admin +Pw: my password set in step 6 + +1. Set the domain for your client: +Switch to the `feasibility` realm (realm name might be different if you use your own keycloak) by using the realm changer on top of the left navigation bar (should be set to `master` when logging in) +Click on `Clients > feasibility-webapp` and change the fields: Root URL, Home URL and Web Origins +to: https://your-feasibility-domain + + and **Valid Redirect URIs** to: https://your-feasibility-domain/* + + and **Valid post logout redirect URIs** to: https://your-feasibility-domain/* + + and leave **Admin URL** empty + + Save the changes by clicking the "save" button. + +2. Add a user for your feasibility user interface: +Click on `Users > Create new user` and fill in the field **Username** with a username of your choice. +Click on **Credentials** > **Set Password** and fill the `Password` and `Password Confirmation` fields with a password of your choice and save the changes by clicking `set password`. +Click on ** Role Mapping > Assign Role ** , select FeasibilityUser and click `Assign` + + +### Step 9 - Access the user interface and send first query + +Access your user interface under and log in with the user created in step 8. + +Click on **New query**, create a query and send it using the **send** button. +After a few moments you should see the results to your query in the **Number of patients** window. + + +## Updating your local feasibility portal + +If you have already installed the local feasibility portal and just want to update it, follow these steps: + + +### Step 1 - Stop your portal + +`cd /opt/feasibility-deploy/feasibility-portal && bash stop-feasibility-portal.sh` + +### Step 2 - Update repository and check out new tag + +`cd /opt/feasibility-deploy && git pull` +`git checkout ` + +### Step 3 - transfer the new env variables + +Compare the .env and .env.default files for each component and add any new variables from the .env.default file to the .env file. +Keep the existing configuration as is. + +### Step 4 - Update your ontology + +**Note:** The ontology is now part of the image and will not have to be loaded manually. + +### Step 5 - Start your portal + +To start the portal navigate to `/opt/feasibility-deploy/feasibility-portal` and +execute `bash start-feasibility-portal-local.sh`. + +### Step 6 - Log in to the local feasibility portal and test your connection + +Ask for the Url of the central portal at the FDPG or check Confluence for the correct address. + +Log in to the portal and send a request with the Inclusion Criterion chosen from the Inclusion criteria tree (folder sign under Inclusion Criteria) +"Person > PatientIn > Geschlecht: Female,Male" + +and press "send". + +## Configuration + +### Configurable environment variables + + +| Env Var | Description | Default | Possible values | Component | +|-----------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------|-----------------|-----------| +| ### aktin config ### | | | | | +| AKTIN_BROKER_LOG_LEVEL | Log level of the aktin broker | INFO | | AKTIN | +| AKTIN_ADMIN_PW | password for the web admin of the aktin broker Admin is accessible via: http://localhost:AKTIN_BROKER_HOST_AND_PORT/admin/html/index.html | changeme | | AKTIN | +| AKTIN_BROKER_HOST_AND_PORT | aktin broker Docker port | 127.0.0.1:8080 | | AKTIN | +| ### backend db-config ### | | | | | +| FEASIBILITY_BACKEND_DATASOURCE_HOST | backend database host | feasibility-gui-backend-db | | BACKEND | +| FEASIBILITY_BACKEND_DATASOURCE_PORT | backend database port | 5432 | | BACKEND | +| FEASIBILITY_BACKEND_DATASOURCE_USERNAME | backend database username | guidbuser | | BACKEND | +| FEASIBILITY_BACKEND_DATASOURCE_PASSWORD | backend database password | guidbpw | | BACKEND | +| ### backend keycloak ### | | | | BACKEND | +| FEASIBILITY_BACKEND_KEYCLOAK_ENABLED | whether keycloak is enabled for the backend | true | | BACKEND | +| FEASIBILITY_BACKEND_KEYCLOAK_ALLOWED_ROLE | The keycloak role required to access the backend | FEASIBILITY_USER | | BACKEND | +| FEASIBILITY_BACKEND_KEYCLOAK_POWER_ROLE | The keycloak role required to access the backend as Power user - Power users cannot be blacklisted | FEASIBILITY_POWER_USER | | BACKEND | +| FEASIBILITY_BACKEND_KEYCLOAK_ADMIN_ROLE | The keycloak role required to access the backend as admin | FEASIBILITY_ADMIN | | BACKEND | +| FEASIBILITY_BACKEND_KEYCLOAK_BASE_URL_ISSUER | the url the backend uses to access keycloak to verify the issuer | http://keycloak:8080 | | BACKEND | +| FEASIBILITY_BACKEND_KEYCLOAK_BASE_URL_JWK | the url the backend uses to access keycloak for tokens | http://keycloak:8080 | | BACKEND | +| FEASIBILITY_BACKEND_KEYCLOAK_REALM | the realm the backend uses within keycloak | codex-develop | | BACKEND | +| ### backend direct broker ### | | | | BACKEND | +| FEASIBILITY_BACKEND_BROKER_CLIENT_DIRECT_ENABLED | enables the direct broker. This connects the backend directly to flare and is only meant to be used for a local installation | false | | BACKEND | +| FEASIBILITY_BACKEND_BROKER_CLIENT_DIRECT_USE_CQL | tells the direct broker to use cql instead of flare for query execution | false | | BACKEND | +| FEASIBILITY_BACKEND_BROKER_CLIENT_OBFUSCATE_RESULT_COUNT | obfuscate results from the local broker | false | | BACKEND | +| FEASIBILITY_BACKEND_FLARE_WEBSERVICE_BASE_URL | the url of the flare component the backend should connect to when using the direct broker | http://flare:8080 | | BACKEND | +| FEASIBILITY_BACKEND_CQL_SERVER_BASE_URL | the url of the fhir server the backend should connect to when using the direct broker | http://fhir-server:8080/fhir | | BACKEND | +| ### backend Aktin broker ### | | | | BACKEND | +| FEASIBILITY_BACKEND_AKTIN_ENABLED | enables the aktin broker | false | | BACKEND | +| FEASIBILITY_BACKEND_AKTIN_BROKER_BASE_URL | aktin broker base url | http://aktin-broker:8080/broker/ | | BACKEND | +| FEASIBILITY_BACKEND_AKTIN_BROKER_API_KEY | aktin broker admin api key. The backend needs admin access as it requires permission to post new queries to the broker | xxxApiKeyAdmin123 | | BACKEND | +| ### backend DSF broker ### | | | | BACKEND | +| FEASIBILITY_BACKEND_DSF_ENABLED | enables the dsf | false | | BACKEND | +| FEASIBILITY_BACKEND_DSF_CACERT | | /opt/codex-feasibility-security/ca.pem | | BACKEND | +| FEASIBILITY_BACKEND_DSF_DSF_SECURITY_KEYSTORE_P12FILE | | /opt/codex-feasibility-security/test-user.p12 | | BACKEND | +| FEASIBILITY_BACKEND_DSF_SECURITY_KEYSTORE_PASSWORD | | password | | BACKEND | +| FEASIBILITY_BACKEND_DSF_WEBSERVICE_BASE_URL | | https://dsf-zars-fhir-proxy/fhir | | BACKEND | +| FEASIBILITY_BACKEND_DSF_WEBSOCKET_URL | | wss://dsf-zars-fhir-proxy:443/fhir/ws | | BACKEND | +| FEASIBILITY_BACKEND_DSF_ORGANIZATION_ID | | Test_ZARS | | BACKEND | +| ### backend privacy ### | | | | BACKEND | +| FEASIBILITY_BACKEND_PRIVACY_QUOTA_SOFT_CREATE_AMOUNT | Set how many queries a user can send in a soft interval minutes time | 3 | | BACKEND | +| FEASIBILITY_BACKEND_PRIVACY_QUOTA_SOFT_CREATE_INTERVALMINUTES | Set how many minutes time within which user can send soft create amount | 1 | | BACKEND | +| FEASIBILITY_BACKEND_PRIVACY_QUOTA_HARD_CREATE_AMOUNT | Set how many queries a user can send in a hard interval minutes time - if exceeded user will be blacklisted | 50 | | BACKEND | +| FEASIBILITY_BACKEND_PRIVACY_QUOTA_HARD_CREATE_INTERVALMINUTES | Set how many minutes time within which user can send hard create amount - if exceeded user will be blacklisted | 10080 | | BACKEND | +| FEASIBILITY_BACKEND_PRIVACY_QUOTA_READ_SUMMARY_POLLINGINTERVALSECONDS | Set polling interval for summary results - sum of results across all connected sites | 10 | | BACKEND | +| FEASIBILITY_BACKEND_PRIVACY_QUOTA_READ_DETAILED_OBFUSCATED_POLLINGINTERVALSECONDS | Set polling interval for detailed obfuscated results - detailed list of results per site - site name obfuscated | 10 | | BACKEND | +| FEASIBILITY_BACKEND_PRIVACY_QUOTA_READ_DETAILEDOBFUSCATED_AMOUNT | Set how often a user can view detailed obfuscated query results in DETAILEDOBFUSCATED_INTERVALSECONDS seconds | 3 | | BACKEND | +| FEASIBILITY_BACKEND_PRIVACY_QUOTA_READ_DETAILEDOBFUSCATED_INTERVALSECONDS | Set how many seconds time within which user can view detailed results DETAILEDOBFUSCATED_AMOUNT | 7200 | | BACKEND | +| FEASIBILITY_BACKEND_PRIVACY_THRESHOLD_RESULTS | Set results size which has to be exceeded for results to be shown | 20 | | BACKEND | +| FEASIBILITY_BACKEND_PRIVACY_THRESHOLD_SITES | Set number of sites which have to be exceeded for results to be shown | 3 | | BACKEND | +| FEASIBILITY_BACKEND_CERTS_PATH | path to certificates | ../dsf-broker/certs | | BACKEND | +| FEASIBILITY_BACKEND_QUERYRESULT_EXPIRY_MINUTES | The time it takes for query results to expire and be deleted | 5 | | BACKEND | +| ### backend logging ### | | | | BACKEND | +| FEASIBILITY_BACKEND_LOG_LEVEL_SQL | log level of the backend for hibernate | info | | BACKEND | +| FEASIBILITY_BACKEND_LOG_LEVEL | log level of the backend | info | | BACKEND | +| ### backend app ### | | | | BACKEND | +| FEASIBILITY_BACKEND_CQL_TRANSLATE_ENABLED | enables CQL translation | true | | BACKEND | +| FEASIBILITY_BACKEND_FHIR_TRANSLATE_ENABLED | enables FHIR Search translation. This is only required if a site has their own FLARE component it wishes to use | false | | BACKEND | +| FEASIBILITY_BACKEND_API_BASE_URL | the api url of the backend. If using a reverse proxy this url should be the url of this proxy, which forwards to the backend | https://localhost/api/ | | BACKEND | +| FEASIBILITY_BACKEND_ALLOWED_ORIGINS | base-url-of-your-local-feasibility-portal | https://localhost | | BACKEND | +| FEASIBILITY_BACKEND_UI_PROFILES_PATH | path on host where the backend searches for the ui profiles | ../ontology/ui_profiles | | BACKEND | +| FEASIBILITY_BACKEND_CONCEPT_TREE_PATH | path on host where the backend looks for the code tree file | ../ontology/codex-code-tree.json | | BACKEND | +| FEASIBILITY_BACKEND_TERM_CODE_MAPPING_PATH | path on host where the backend looks for the mapping file | ../ontology/codex-term-code-mapping.json | | BACKEND | +| FEASIBILITY_BACKEND_MIGRATION_PATH | path on host where the backend looks for migration files | ../ontology/migration/R_Load_latest_ui_profile.sql | | BACKEND | +| ### keycloak ### | | | | | +| FEASIBILITY_KC_DB | keycloak db name | keycloakdb | | KEYCLOAK | +| FEASIBILITY_KC_DB_USER | keycloak database username | keycloakdbuser | | KEYCLOAK | +| FEASIBILITY_KC_DB_PW | keycloak database password | keycloakdbpw | | KEYCLOAK | +| FEASIBILITY_KC_ADMIN_USER | keycloak admin username | admin | | KEYCLOAK | +| FEASIBILITY_KC_ADMIN_PW | keycloak admin password | adminpw | | KEYCLOAK | +| FEASIBILITY_KC_HTTP_RELATIVE_PATH | the relative path keycloak is running under | /auth | | KEYCLOAK | +| FEASIBILITY_KC_HOSTNAME_URL | the url at which keycloak is exposed | https://localhost/auth | | KEYCLOAK | +| FEASIBILITY_KC_HOSTNAME_ADMIN_URL | the url of the admin console | https://localhost/auth/keycloakadmin | | KEYCLOAK | +| FEASIBILITY_KC_LOG_LEVEL | log level | info | | KEYCLOAK | +| FEASIBILITY_KC_PROXY | type of proxy in front of keycloak to use | edge | | KEYCLOAK | +| ### additional dsf configs ### | | | | | +| FEASIBILITY_DSF_BROKER_PROCESS_ORGANIZATION_IDENTIFIER | Identifier of this organization. | Test_ZARS | String | DSF | +| FEASIBILITY_DSF_BROKER_PROCESS_FHIR_SERVER_BASE_URL | Base URL to a FHIR server or proxy for feasibility evaluation. This can also be the base URL of a reverse proxy if used. Only required if evaluation strategy is set to cql. | https://dsf-zars-fhir-proxy/fhir | URL | DSF | + + +### Support for self-signed certificates + +Depending on your setup you might need to use self-singed certificates and the tools will have to accept your CAs. +For the portal then only tool for which this is relevant is the backend. + +#### Feasibility Backend + +The feasibility backend supports the use of self-signed certificates from your own CAs. On each startup, the feasibility backend will search through the folder /app/certs inside the container, add all found CA *.pem files to a java truststore and start the application with this truststore. + +Using docker-compose, mount a folder from your host (e.g.: ./certs) to the /app/certs folder, add your *.pem files (one for each CA you would like to support) to the folder and ensure that they have the .pem extension. + +In this deployment repository we have prepared this for you. To add your own CA add the respective ca *.pem files to the backend/certs folder. diff --git a/feasibility-portal/aktin-broker/.env.default b/feasibility-portal/aktin-broker/.env.default new file mode 100644 index 0000000..867e9ac --- /dev/null +++ b/feasibility-portal/aktin-broker/.env.default @@ -0,0 +1,2 @@ +AKTIN_BROKER_LOG_LEVEL=INFO +AKTIN_ADMIN_PW=changeme \ No newline at end of file diff --git a/zars/aktin-broker/api-keys.properties b/feasibility-portal/aktin-broker/api-keys.properties similarity index 100% rename from zars/aktin-broker/api-keys.properties rename to feasibility-portal/aktin-broker/api-keys.properties diff --git a/zars/aktin-broker/docker-compose.yml b/feasibility-portal/aktin-broker/docker-compose.yml similarity index 76% rename from zars/aktin-broker/docker-compose.yml rename to feasibility-portal/aktin-broker/docker-compose.yml index ee8a018..6c1430a 100644 --- a/zars/aktin-broker/docker-compose.yml +++ b/feasibility-portal/aktin-broker/docker-compose.yml @@ -1,8 +1,9 @@ version: '3.7' services: aktin-broker: - image: ghcr.io/aktin/aktin-broker:1.3.2 + image: ghcr.io/aktin/aktin-broker:1.5.1 environment: + LOG_LEVEL: ${AKTIN_BROKER_LOG_LEVEL:-INFO} PASSWORD: ${AKTIN_ADMIN_PW:-changeme} HOST_AND_PORT: ${AKTIN_BROKER_HOST_AND_PORT:-0.0.0.0:8080} volumes: diff --git a/num-node/auth/.gitkeep b/feasibility-portal/auth/.gitkeep similarity index 100% rename from num-node/auth/.gitkeep rename to feasibility-portal/auth/.gitkeep diff --git a/feasibility-portal/backend/.env.default b/feasibility-portal/backend/.env.default new file mode 100644 index 0000000..0416499 --- /dev/null +++ b/feasibility-portal/backend/.env.default @@ -0,0 +1,53 @@ +# ----- app +FEASIBILITY_BACKEND_CQL_TRANSLATE_ENABLED=true +FEASIBILITY_BACKEND_FHIR_TRANSLATE_ENABLED=false +FEASIBILITY_BACKEND_API_BASE_URL=https://localhost/api/ +FEASIBILITY_BACKEND_ALLOWED_ORIGINS=https://localhost +# ---- db config +FEASIBILITY_BACKEND_DATASOURCE_HOST=feasibility-gui-backend-db +FEASIBILITY_BACKEND_DATASOURCE_PORT=5432 +FEASIBILITY_BACKEND_DATASOURCE_USERNAME=guidbuser +FEASIBILITY_BACKEND_DATASOURCE_PASSWORD=guidbpw +# ---- auth +FEASIBILITY_BACKEND_KEYCLOAK_ENABLED=true +FEASIBILITY_BACKEND_KEYCLOAK_ALLOWED_ROLE=FeasibilityUser +FEASIBILITY_BACKEND_KEYCLOAK_POWER_ROLE=FeasibilityPowerUser +FEASIBILITY_BACKEND_KEYCLOAK_ADMIN_ROLE=FeasibilityAdmin +FEASIBILITY_BACKEND_KEYCLOAK_BASE_URL_ISSUER=https://localhost/auth +FEASIBILITY_BACKEND_KEYCLOAK_BASE_URL_JWK=http://auth:8080/auth +FEASIBILITY_BACKEND_KEYCLOAK_REALM=feasibility +#---- Direct broker +FEASIBILITY_BACKEND_BROKER_CLIENT_DIRECT_ENABLED=true +FEASIBILITY_BACKEND_BROKER_CLIENT_DIRECT_USE_CQL=false +FEASIBILITY_BACKEND_BROKER_CLIENT_OBFUSCATE_RESULT_COUNT=false +FEASIBILITY_BACKEND_FLARE_WEBSERVICE_BASE_URL=http://flare:8080 +FEASIBILITY_BACKEND_CQL_SERVER_BASE_URL=http://fhir-server:8080/fhir +# ---- Aktin broker +FEASIBILITY_BACKEND_AKTIN_ENABLED=false +FEASIBILITY_BACKEND_AKTIN_BROKER_BASE_URL=http://aktin-broker:8080/broker/ +FEASIBILITY_BACKEND_AKTIN_BROKER_API_KEY=xxxApiKeyAdmin123 +# ---- DSF broker +FEASIBILITY_BACKEND_DSF_ENABLED=false +FEASIBILITY_BACKEND_DSF_CACERT=/opt/codex-feasibility-security/ca.pem +FEASIBILITY_BACKEND_DSF_DSF_SECURITY_KEYSTORE_P12FILE=/opt/codex-feasibility-security/test-user.p12 +FEASIBILITY_BACKEND_DSF_SECURITY_KEYSTORE_PASSWORD=password +FEASIBILITY_BACKEND_DSF_WEBSERVICE_BASE_URL=https://dsf-zars-fhir-proxy/fhir +FEASIBILITY_BACKEND_DSF_WEBSOCKET_URL=wss://dsf-zars-fhir-proxy:443/fhir/ws +FEASIBILITY_BACKEND_DSF_ORGANIZATION_ID=Test_ZARS +# ---- privacy +FEASIBILITY_BACKEND_PRIVACY_QUOTA_SOFT_CREATE_AMOUNT=3 +FEASIBILITY_BACKEND_PRIVACY_QUOTA_SOFT_CREATE_INTERVALMINUTES=1 +FEASIBILITY_BACKEND_PRIVACY_QUOTA_HARD_CREATE_AMOUNT=50 +FEASIBILITY_BACKEND_PRIVACY_QUOTA_HARD_CREATE_INTERVALMINUTES=10080 +FEASIBILITY_BACKEND_PRIVACY_QUOTA_READ_SUMMARY_POLLINGINTERVALSECONDS=5 +FEASIBILITY_BACKEND_PRIVACY_QUOTA_READ_DETAILED_OBFUSCATED_POLLINGINTERVALSECONDS=10 +FEASIBILITY_BACKEND_PRIVACY_QUOTA_READ_DETAILED_OBFUSCATED_AMOUNT=10 +FEASIBILITY_BACKEND_PRIVACY_QUOTA_READ_DETAILED_OBFUSCATED_INTERVALSECONDS=7200 +FEASIBILITY_BACKEND_PRIVACY_THRESHOLD_RESULTS=0 +FEASIBILITY_BACKEND_PRIVACY_THRESHOLD_SITES=1 +FEASIBILITY_BACKEND_QUERYRESULT_EXPIRY_MINUTES=5 +# ---- logging +FEASIBILITY_BACKEND_LOG_LEVEL_SQL=info +FEASIBILITY_BACKEND_LOG_LEVEL=info + + diff --git a/feasibility-portal/backend/docker-compose.yml b/feasibility-portal/backend/docker-compose.yml new file mode 100644 index 0000000..4acd547 --- /dev/null +++ b/feasibility-portal/backend/docker-compose.yml @@ -0,0 +1,87 @@ +version: '3.7' +services: + feasibility-gui-backend: + image: ghcr.io/medizininformatik-initiative/feasibility-backend:4.0.0 + ports: + - ${FEASIBILITY_BACKEND_PORT:-127.0.0.1:8091}:8090 + depends_on: + - feasibility-gui-backend-db + environment: + # ----- app + QUERY_VALIDATION_ENABLED: ${FEASIBILITY_BACKEND_QUERY_VALIDATION_ENABLED:-true} + CQL_TRANSLATE_ENABLED: ${FEASIBILITY_BACKEND_CQL_TRANSLATE_ENABLED:-true} + FHIR_TRANSLATE_ENABLED: ${FEASIBILITY_BACKEND_FHIR_TRANSLATE_ENABLED:-false} + API_BASE_URL: ${FEASIBILITY_BACKEND_API_BASE_URL:-https://localhost/api/} + ALLOWED_ORIGINS: ${FEASIBILITY_BACKEND_ALLOWED_ORIGINS:-https://localhost} + QUERYRESULT_EXPIRY_MINUTES: ${FEASIBILITY_BACKEND_QUERYRESULT_EXPIRY_MINUTES:-5} + # ---- db config + FEASIBILITY_DATABASE_HOST: ${FEASIBILITY_BACKEND_DATASOURCE_HOST:-feasibility-gui-backend-db} + FEASIBILITY_DATABASE_PORT: ${FEASIBILITY_BACKEND_DATASOURCE_PORT:-5432} + FEASIBILITY_DATABASE_USER: ${FEASIBILITY_BACKEND_DATASOURCE_USERNAME:-guidbuser} + FEASIBILITY_DATABASE_PASSWORD: ${FEASIBILITY_BACKEND_DATASOURCE_PASSWORD:-guidbpw} + # ---- auth + KEYCLOAK_ENABLED: ${FEASIBILITY_BACKEND_KEYCLOAK_ENABLED:-true} + KEYCLOAK_ALLOWED_ROLE: ${FEASIBILITY_BACKEND_KEYCLOAK_ALLOWED_ROLE:-FeasibilityUser} + KEYCLOAK_POWER_ROLE: ${FEASIBILITY_BACKEND_KEYCLOAK_POWER_ROLE:-FeasibilityPowerUser} + KEYCLOAK_ADMIN_ROLE: ${FEASIBILITY_BACKEND_KEYCLOAK_ADMIN_ROLE:-FeasibilityAdmin} + KEYCLOAK_BASE_URL_ISSUER: ${FEASIBILITY_BACKEND_KEYCLOAK_BASE_URL_ISSUER:-http://auth:8080} + KEYCLOAK_BASE_URL_JWK: ${FEASIBILITY_BACKEND_KEYCLOAK_BASE_URL_JWK:-http://auth:8080} + KEYCLOAK_REALM: ${FEASIBILITY_BACKEND_KEYCLOAK_REALM:-feasibility} + #---- Direct broker + BROKER_CLIENT_DIRECT_ENABLED: ${FEASIBILITY_BACKEND_BROKER_CLIENT_DIRECT_ENABLED:-false} + BROKER_CLIENT_DIRECT_USE_CQL: ${FEASIBILITY_BACKEND_BROKER_CLIENT_DIRECT_USE_CQL:-false} + BROKER_CLIENT_OBFUSCATE_RESULT_COUNT: ${FEASIBILITY_BACKEND_BROKER_CLIENT_OBFUSCATE_RESULT_COUNT:-false} + FLARE_WEBSERVICE_BASE_URL: ${FEASIBILITY_BACKEND_FLARE_WEBSERVICE_BASE_URL:-http://flare:8080} + CQL_SERVER_BASE_URL: ${FEASIBILITY_BACKEND_CQL_SERVER_BASE_URL:-http://fhir-server:8080/fhir} + # ---- Aktin broker + BROKER_CLIENT_AKTIN_ENABLED: ${FEASIBILITY_BACKEND_AKTIN_ENABLED:-false} + AKTIN_BROKER_BASE_URL: ${FEASIBILITY_BACKEND_AKTIN_BROKER_BASE_URL:-http://aktin-broker:8080/broker/} + AKTIN_BROKER_API_KEY: ${FEASIBILITY_BACKEND_AKTIN_BROKER_API_KEY:-xxxApiKeyAdmin123} + # ---- DSF broker + BROKER_CLIENT_DSF_ENABLED: ${FEASIBILITY_BACKEND_DSF_ENABLED:-false} + DSF_SECURITY_CACERT: ${FEASIBILITY_BACKEND_DSF_CACERT:-/opt/codex-feasibility-security/ca.pem} + DSF_SECURITY_KEYSTORE_P12FILE: ${FEASIBILITY_BACKEND_DSF_DSF_SECURITY_KEYSTORE_P12FILE:-/opt/codex-feasibility-security/test-user.p12} + DSF_SECURITY_KEYSTORE_PASSWORD: ${FEASIBILITY_BACKEND_DSF_SECURITY_KEYSTORE_PASSWORD:-password} + DSF_PROXY_HOST: ${FEASIBILITY_BACKEND_DSF_PROXY_HOST} + DSF_PROXY_USERNAME: ${FEASIBILITY_BACKEND_DSF_PROXY_USERNAME} + DSF_PROXY_PASSWORD: ${FEASIBILITY_BACKEND_DSF_PROXY_PASSWORD} + DSF_WEBSERVICE_BASE_URL: ${FEASIBILITY_BACKEND_DSF_WEBSERVICE_BASE_URL:-https://dsf-zars-fhir-proxy/fhir} + DSF_WEBSOCKET_URL: ${FEASIBILITY_BACKEND_DSF_WEBSOCKET_URL:-wss://dsf-zars-fhir-proxy:443/fhir/ws} + DSF_ORGANIZATION_ID: ${FEASIBILITY_BACKEND_DSF_ORGANIZATION_ID:-Test_ZARS} + # ---- privacy + PRIVACY_QUOTA_SOFT_CREATE_AMOUNT: ${FEASIBILITY_BACKEND_PRIVACY_QUOTA_SOFT_CREATE_AMOUNT:-3} + PRIVACY_QUOTA_SOFT_CREATE_INTERVALMINUTES: ${FEASIBILITY_BACKEND_PRIVACY_QUOTA_SOFT_CREATE_INTERVALMINUTES:-1} + PRIVACY_QUOTA_HARD_CREATE_AMOUNT: ${FEASIBILITY_BACKEND_PRIVACY_QUOTA_HARD_CREATE_AMOUNT:-50} + PRIVACY_QUOTA_HARD_CREATE_INTERVALMINUTES: ${FEASIBILITY_BACKEND_PRIVACY_QUOTA_HARD_CREATE_INTERVALMINUTES:-10080} + PRIVACY_QUOTA_READ_SUMMARY_POLLINGINTERVALSECONDS: ${FEASIBILITY_BACKEND_PRIVACY_QUOTA_READ_SUMMARY_POLLINGINTERVALSECONDS:-10} + PRIVACY_QUOTA_READ_DETAILED_OBFUSCATED_POLLINGINTERVALSECONDS: ${FEASIBILITY_BACKEND_PRIVACY_QUOTA_READ_DETAILED_OBFUSCATED_POLLINGINTERVALSECONDS:-10} + PRIVACY_QUOTA_READ_DETAILED_OBFUSCATED_AMOUNT: ${FEASIBILITY_BACKEND_PRIVACY_QUOTA_READ_DETAILED_OBFUSCATED_AMOUNT:-3} + PRIVACY_QUOTA_READ_DETAILED_OBFUSCATED_INTERVALSECONDS: ${FEASIBILITY_BACKEND_PRIVACY_QUOTA_READ_DETAILED_OBFUSCATED_INTERVALSECONDS:-7200} + PRIVACY_THRESHOLD_RESULTS: ${FEASIBILITY_BACKEND_PRIVACY_THRESHOLD_RESULTS:-20} + PRIVACY_THRESHOLD_SITES: ${FEASIBILITY_BACKEND_PRIVACY_THRESHOLD_SITES:-3} + QUERYRESULT_DISABLE_LOG_FILE_ENCRYPTION: "true" + # ---- logging + LOG_LEVEL_SQL: ${FEASIBILITY_BACKEND_LOG_LEVEL_SQL:-warn} + LOG_LEVEL: ${FEASIBILITY_BACKEND_LOG_LEVEL:-warn} + restart: unless-stopped + volumes: + - ${FEASIBILITY_BACKEND_CERTS_PATH:-../secrets}:/opt/codex-feasibility-security + - ./certs:/opt/codex-feasibility-backend/certs + + feasibility-gui-backend-db: + image: 'postgres:15-alpine' + ports: + - ${FEASIBILITY_BACKEND_DB_PORT:-127.0.0.1:5432}:5432 + environment: + POSTGRES_USER: ${FEASIBILITY_BACKEND_DATASOURCE_USERNAME:-guidbuser} + POSTGRES_PASSWORD: ${FEASIBILITY_BACKEND_DATASOURCE_PASSWORD:-guidbpw} + POSTGRES_DB: codex_ui + restart: unless-stopped + volumes: + - type: volume + source: feas-backend-db-data + target: /var/lib/postgresql/data + +volumes: + feas-backend-db-data: + name: "feas-backend-db-data" diff --git a/feasibility-portal/down-feasibility-portal.sh b/feasibility-portal/down-feasibility-portal.sh new file mode 100755 index 0000000..a55ff45 --- /dev/null +++ b/feasibility-portal/down-feasibility-portal.sh @@ -0,0 +1,10 @@ +#!/usr/bin/env sh + +COMPOSE_PROJECT=${FEASIBILITY_COMPOSE_PROJECT:-feasibility-deploy} + +BASE_DIR="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 || exit 1 ; pwd -P )" + +docker-compose -p "$COMPOSE_PROJECT" -f "$BASE_DIR"/keycloak/docker-compose.yml down +docker-compose -p "$COMPOSE_PROJECT" -f "$BASE_DIR"/backend/docker-compose.yml down +docker-compose -p "$COMPOSE_PROJECT" -f "$BASE_DIR"/gui/docker-compose.yml down +docker-compose -p "$COMPOSE_PROJECT" -f "$BASE_DIR"/aktin-broker/docker-compose.yml down diff --git a/zars/gui/deploy-config.json b/feasibility-portal/gui/deploy-config.json.default similarity index 50% rename from zars/gui/deploy-config.json rename to feasibility-portal/gui/deploy-config.json.default index d40ae8c..db928a8 100644 --- a/zars/gui/deploy-config.json +++ b/feasibility-portal/gui/deploy-config.json.default @@ -6,16 +6,17 @@ "baseUrl": "/api" }, "uiBackendApi": { - "baseUrl": "https://localhost/api/v1" + "baseUrl": "https://localhost/api/v3" }, "auth": { - "baseUrl": "https://localhost", - "realm": "codex-develop", - "clientId": "feasibility-gui" + "baseUrl": "https://localhost/auth", + "realm": "feasibility", + "clientId": "feasibility-webapp", + "roles": ["FeasibilityUser"] }, "legal": { "version": "0.9.0", - "copyrightOwner": "CODEX Team" + "copyrightOwner": "MII Team" }, "features": { "v2": { @@ -26,20 +27,24 @@ }, "extra": { "displayvaluefiltericon": false, - "showoptionspage": false + "showoptionspage": true, + "optionpageroles": ["FeasibilityAdmin"] } }, "options": { - "pollingtimeinseconds": 10, - "pollingintervallinseconds": 1, - "lowerboundarypatientresult": 0 + "sendsqcontexttobackend": true, + "pollingtimeinseconds": 30, + "pollingintervallinseconds": 10, + "lowerboundarypatientresult": 0, + "lowerboundarylocationresult": 0 }, "mock": { "terminology": false, "query": false, - "result": false + "result": false, + "loadnsave": false }, - "stylesheet": "abideTheme", + "stylesheet": "FDPGTheme", "fhirport": "8082", "dataset": "codex", "queryVersion": "v2" diff --git a/zars/gui/docker-compose.yml b/feasibility-portal/gui/docker-compose.yml similarity index 56% rename from zars/gui/docker-compose.yml rename to feasibility-portal/gui/docker-compose.yml index cf76365..b929851 100644 --- a/zars/gui/docker-compose.yml +++ b/feasibility-portal/gui/docker-compose.yml @@ -1,11 +1,14 @@ services: - zars-feasibility-gui: - image: ghcr.io/num-codex/codex-feasibility-gui:0.2.0_RC9 + feasibility-gui: + image: ghcr.io/medizininformatik-initiative/feasibility-gui:2.0.0 ports: - "443:8443" + restart: unless-stopped volumes: - ../auth/cert.pem:/etc/nginx/conf.d/cert.pem - ../auth/key.pem:/etc/nginx/conf.d/key.pem - ./nginx.conf:/etc/nginx/nginx.conf:ro - ./mime.types:/etc/nginx/conf.d/mime.types - ./deploy-config.json:/usr/share/nginx/html/assets/config/config.deploy.json + - ./language/de.json:/usr/share/nginx/html/assets/i18n/de.json + - ./language/en.json:/usr/share/nginx/html/assets/i18n/en.json diff --git a/feasibility-portal/gui/language/de.json b/feasibility-portal/gui/language/de.json new file mode 100644 index 0000000..fc987ea --- /dev/null +++ b/feasibility-portal/gui/language/de.json @@ -0,0 +1,258 @@ +{ + "DASHBOARD": { + "CODEXTHEME": { + "HEADLINE": "Willkommen auf der CODEX Feasibility Plattform!", + "PARAGRAPH1": "Die CODEX Feasibility Plattform ist ein Angebot für Wissenschaftler:innen, die für ihre Forschung nach COVID-19 spezifischen Daten suchen.", + "PARAGRAPH2": "Auf dieser Plattform steht hierfür ein frei zugängliches Suchtool zur Verfügung, das eine erste, unverbindliche Machbarkeitsabfrage ermöglicht. Auf diesem Weg kann festgestellt werden, wie viele Daten an den angeschlossenen CODEX-Standorten zur Verfügung stehen.", + "PARAGRAPH3_1": "Anhand dieser Information können dann in einem nächsten Schritt konkrete Anfragen an die entsprechenden Standorte gestellt werden.", + "PARAGRAPH3_2": "", + "PARAGRAPH3_3": "", + "PARAGRAPH3_4": "", + "PARAGRAPH3_LINK": "", + "PARAGRAPH4_1": "", + "PARAGRAPH4_2": "", + "PARAGRAPH4_3": "", + "PARAGRAPH5_1": "", + "PARAGRAPH5_2": "", + "PARAGRAPH5_3": "" + }, + "ABIDETHEME": { + "HEADLINE": "Willkommen auf der ABIDE Feasibility Plattform!", + "PARAGRAPH1": "Die ABIDE Feasibility Plattform ist ein Unterstützungsangebot für Wissenschaftler und Wissenschaftlerinnen bei der Umsetzung ihrer Forschungsvorhaben.", + "PARAGRAPH2": "Mit einer Machbarkeitsanfrage (Feasibility) erfahren Forschende, wie viele Fälle für ihre Suchkriterien (Ein- und Ausschlusskriterien) in den Datenintegrationszentren der universitätsmedizinischen Standorte bundesweit vorhanden sind und für medizinische Forschungszwecke beantragt werden können.", + "PARAGRAPH3_1": "Zur Formulierung der Abfrage stehen aktuell der Kerndatensatz der Medizininformatikinitiative und der COVID-19 spezifische Datensatz GECCO zur Verfügung.", + "PARAGRAPH3_2": "", + "PARAGRAPH3_3": "", + "PARAGRAPH3_4": "", + "PARAGRAPH3_LINK": "", + "PARAGRAPH4_1": "", + "PARAGRAPH4_2": "", + "PARAGRAPH4_3": "", + "PARAGRAPH5_1": "", + "PARAGRAPH5_2": "", + "PARAGRAPH5_3": "" + }, + "FDPGTHEME": { + "HEADLINE": "Willkommen im Bereich „Daten und Bioproben finden“ des Forschungsdatenportals für Gesundheit", + "PARAGRAPH1": "Hier finden Sie ein Unterstützungsangebot für Wissenschaftlerinnen und Wissenschaftler zur Umsetzung Ihres Forschungsvorhabens.", + "PARAGRAPH2": "Mit einer Machbarkeitsanfrage erfahren Sie, wie viele Datensätze für Ihre Suchkriterien in den Universitätskliniken bundesweit vorhanden sind. Anhand von Ein- und Ausschlusskriterien kann die Verfügbarkeit von Gesundheitsdaten für medizinische Forschungszwecke abgeschätzt werden.", + "PARAGRAPH3_1": "Über ", + "PARAGRAPH3_2": "Neue Abfrage", + "PARAGRAPH3_3": " haben Sie die Möglichkeit, eine neue Suchanfrage auf Basis des ", + "PARAGRAPH3_4": " zu formulieren und abzuschicken, um einen Überblick über die verfügbaren Datensätze zu erhalten.", + "PARAGRAPH3_LINK": "Kerndatensatzes der MII", + "PARAGRAPH4_1": "Gespeicherte Abfragen oder gespeicherte Entwürfe können Sie über ", + "PARAGRAPH4_2": "Meine Abfragen", + "PARAGRAPH4_3": " einsehen und weiter bearbeiten.", + "PARAGRAPH5_1": "Sobald Ihnen alle relevanten Informationen für Ihr Forschungsvorhaben zur Verfügung stehen, können Sie über ", + "PARAGRAPH5_2": "Antrag stellen", + "PARAGRAPH5_3": " einen Antrag zur Datennutzung im Antragsportal des Forschungsdatenportals für Gesundheit stellen." + }, + "NEWQUERY": { + "HEADLINE": "Neue Abfrage", + "TEXT": "Führen Sie eine Suche anhand Ihrer Ein- und Ausschlusskriterien durch" + }, + "MYQUERY": { + "HEADLINE": "Meine Abfragen", + "TEXT": "Erhalten Sie eine Übersicht über Ihre bereits durchgeführten Suchanfragen" + }, + "FEASPORTAL": { + "HEADLINE": "Antrag stellen", + "TEXT": "Stellen Sie einen Antrag zur Datennutzung im Antragsportal" + } + }, + "DATASELECTION": { + "DATASELECTION": "Datenselektion", + "SEARCH": { + "LABEL": "Code oder Suchbegriff eingeben", + "CRITERIA": "Suchkriterien" + }, + "DISPLAY": { + "LABEL": "Ausgewählte Merkmale" + } + }, + "LANGUAGE": { + "GERMAN": "Deutsch", + "ENGLISH": "Englisch", + "LABEL": "Sprache auswählen" + }, + "APPLAYOUT": { + "SIDENAV": { + "LABEL": "Seitennavigation" + }, + "TOGGLE": { + "LABEL": "Seitennavigation umschalten" + } + }, + "NAVIGATION": { + "DASHBOARD": "Startseite", + "QUERYBUILDER_EDITOR": "Machbarkeitsabfrage", + "QUERYBUILDER_OVERVIEW": "Meine Abfragen", + "DATASELECTION_EDITOR": "Datenselektion", + "OPTIONS": "Einstellungen", + "SIGNOUT": "Abmelden" + }, + "OPTIONSPAGE": { + "MULTIPLEVALUEDEFINITIONS": "mehrere Einschränkungen pro Kriterium", + "MULTIPLEGROUPS": "mehrere Gruppen", + "DEPENDENTGROUPS": "abhängige Gruppen", + "TIMERESTRICTION": "zeitabhängige Kriterien", + "DISPLAYVALUEFILTERICON": "nutze Icons für Vergleichsoperatoren", + "POLLINGTIME": "Polling Time", + "POLLINGINTERVALL": "Polling Intervall", + "FHIRPORT": "FHIR Port" + }, + "QUERYBUILDER": { + "SEARCH": { + "INCLUSION": "Einschlusskriterien", + "EXCLUSION": "Ausschlusskriterien", + "LABEL": "Code oder Suchbegriff eingeben", + "ALL": "Alle", + "CATEGORY_FILTER": "Filtern nach", + "CONSENT_HEADER": "Art der Datennutzung", + "CONSENT_CENTRAL_TOOLTIP": "Bei der zentralen Analyse erhalten Sie von der MII pseudonymisierte Daten zu den Patienten, die zu Ihrem Forschungsprojekt passen. Pseudonyme Daten (die durch die Pseudonyme automatisch einen Bezug zu den Patienten ermöglichen) können aber nur genutzt werden, wenn die Patienten ihre Einwilligung in die Nutzung erteilt haben. Die Forschenden bekommen die pseudonymisierten Daten zum Download zur Verfügung gestellt und können darin ihre Analysen mit großer Flexibilität und Tiefe sowie häufig mit größerem Tempo ausführen, als es bei verteilten Analysen der Fall ist. Die Erhebung der Einwilligungen ist an den Standorten in vollem Gange, dennoch ist erwartbar, dass zu den meisten Anfragen weniger Patienten angezeigt werden als bei verteilten Analysen.", + "CONSENT_DISTRIBUTED_TOOLTIP": "Bei verteilten Analysen findet die Analyse auf den Daten an den Standorten statt. Die Forschenden erhalten anonyme Ergebnisdaten. An vielen Standorten kann bei verteilten Analysen auf einer anderen Rechtsgrundlage als der Einwilligung der Patienten gerechnet werden. Dadurch wird häufig eine größere Menge an Patienten gefunden, die zu Ihrer Forschungsfrage passen. Bei manchen Standorten erfolgen Machbarkeitsanfragen auch auf Basis der Patienteneinwilligung. Diese Standorte antworten auf Machbarkeitsanfragen mit vergleichsweise geringen Anzahlen. Möglicherweise stehen an diesen Standorten für verteilte Analysen aber höhere Patientenzahlen zur Verfügung. Die tatsächliche Anzahl wird erst nach dem Antragsprozess deutlich.", + "CONSENT_CENTRAL": " voraussetzen (Daten können zentral zusammengeführt werden)", + "CONSENT_CENTRAL_LINK": "„Broad Consent (der MII oder MII-kompatibel)", + "CONSENT_DISTRIBUTED": "Kein „Broad Consent“ voraussetzen (Daten stehen nur für „Verteilte Analysen“ zur Verfügung)" + }, + "SWITCH": { + "LABEL_AND": "UND", + "LABEL_OR": "ODER" + }, + "DISPLAY": { + "REFERENCED_CRITERIA": "Referenzierte Kriterien", + "LABEL": "Ausgewählte Merkmale", + "ONE_OF": "", + "MORE": "weitere", + "BETWEEN": "zwischen {{ min }} und {{ max }} {{ unit }}", + "COMPARATOR": "{{ comparator }} {{ value }} {{ unit }}", + "TIMERESTRICTION": { + "LATEST": "(aktuellstes)", + "BOTH": "zwischen {{ from }} und {{ to }}", + "FROM": "nach {{ from }}", + "TO": "vor {{ to }}", + "NONE": "keine zeitliche Einschränkung" + }, + "GROUPS": { + "LINKEDGROUPS": "Gruppen sind verbunden", + "SHOW_CONNECTION": "Beziehung anzeigen", + "NEW_GROUP": "Neue Gruppe", + "HINT_NOT_MOVED": "Gruppe konnte nicht verschoben werden", + "HINT_NOT_DELETABLE_LINKED_GROUP": "Gruppen mit verbundener Untergruppe können nicht gelöscht werden" + } + }, + "OVERVIEW": { + "TITLE_LABEL": "Titel", + "COMMENT_LABEL": "Kommentar", + "SAVE_HEADER": "Abspeichern der aktuellen Suchanfrage", + "LOAD_HEADER": "Bisherige Suchanfragen", + "IMPORT_HEADER": "Suchanfragen importieren", + "SAVE_WITH_QUERY": "für Datennutzungsantrag speichern (muss vorher ausgeführt worden sein)", + "SAVE_TEMPLATE": "als Vorlage speichern", + "DOWNLOAD_SQ": "als Datei speichern", + "FILENAME": "Dateiname", + "SAVED_QUERIES": "Gespeicherte Abfragen (mit Ergebnis)", + "SAVED_TEMPLATES": "Gespeicherte Vorlagen" + }, + "EDIT": { + "HEADER": "Einschränkungen der ausgewählten Merkmale", + "HEADER_FILTER_QUANTITY": "Geben Sie einen Wertebereich ein:", + "HEADER_FILTER_QUANTITY_FOR_DISPLAY": "Geben Sie einen Wertebereich ein ({{ label }}):", + "HEADER_FILTER_CONCEPT_OPTIONAL": "Wählen Sie einen oder mehrere zulässige Werte:", + "HEADER_FILTER_CONCEPT_MANDATORY": "Geben Sie einen oder mehrere zulässige Werte an:", + "HEADER_FILTER_CONCEPT_FOR_DISPLAY": "Geben Sie einen oder mehrere zulässige Werte an ({{ label }}):", + "HEADER_FILTER_REFERENCE": "Festgestellte Diagnose", + "HEADER_FILTER_VALUE": "Wertebereich", + "CHOOSE_GROUP": "Gruppe auswählen", + "MANDATORY_HINT": "Pflichtfeld", + "UNIT": "Einheit", + "MIN": "Min", + "MAX": "Max", + "VALUE": "Wert", + "OPERATOR": "Operator", + "AND": "und", + "NONE": "kein Filter", + "EQUAL": "gleich", + "LESS_THAN": "kleiner", + "GREATER_THAN": "größer", + "BETWEEN": "zwischen", + "TIMERESTRICTION": { + "LABEL": "Datum", + "EVER": "Alle Ereignisse liegen im Zeitraum", + "LATEST": "Aktuellstes Ereignis liegt im Zeitraum", + "FROM": "von", + "TO": "bis", + "AT": "am", + "NOT_AT": "nicht am", + "BEFORE": "vor", + "BEFORE_OR_AT": "vor oder am", + "AFTER": "nach", + "AFTER_OR_AT": "nach oder am", + "BETWEEN": "zwischen", + "TITLE": "Zeitraum (optional)" + }, + "GROUPS": { + "HEADER_LINKED_GROUPS": "Beziehung zwischen Gruppen", + "OPTION_PARENT_EVER": "Jedes Merkmal", + "OPTION_PARENT_FIRST": "Erstes Merkmal", + "OPTION_PARENT_LATEST": "Aktuellstes Merkmal", + "GROUP_PARENT_1": "der Gruppe", + "GROUP_PARENT_2": "fand", + "OPTION_DEPENDENT_EVER": "jedem Merkmal", + "OPTION_DEPENDENT_FIRST": "dem ersten Merkmal", + "OPTION_DEPENDENT_LATEST": "dem aktuellsten Merkmal", + "GROUP_DEPENDENT_1": "der Gruppe", + "GROUP_DEPENDENT_2": "statt", + "TILL": "bis", + "FROM": "von", + "BEFORE": "vor", + "AFTER": "nach", + "DAY": "Tag(e)", + "MONTH": "Monat(e)", + "YEAR": "Jahr(e)", + "LABEL_UNIT": "Einheit", + "LABEL_VALUE": "Wert", + "LABEL_PREPOSITION": "Präposition" + } + }, + "HINT": { + "NO_VALUE_SELECTED": "Wählen Sie mindestens einen Wert", + "MINIMUM_GREATER_MAXIMUM": "Der minimale Wert muss kleiner als der maximale Wert sein", + "MINIMUM_EXCEEDED": "Wert muss mindestens {{ min }} sein", + "MAXIMUM_EXCEEDED": "Wert darf höchstens {{ max }} sein", + "SEARCH_TEXT_NO_INPUT": "Geben Sie ein Suchkriterium ein oder öffnen sie die Übersicht der Kategorien", + "NO_CRITERIA_SELECTED": "es muss mindestens ein Einschlusskriterium ausgewählt sein" + } + }, + "RESULT": { + "PATIENT_NUMBER": "Anzahl der Patienten", + "PATIENT_NUMBER_TOOLTIP": "Die Machbarkeitsanfragen liefen Näherungsergebnisse zurück. Die Ergebnisse der Anfrage werden anonymisiert. In dem Prozess werden Abweichungen zum exakten Ergebnis bewusst eingeführt. Daher eignen sich die Ergebnisse lediglich für die erste Bewertung einer Machbarkeit Ihres Projekts, sie sollten aber nicht für die wissenschaftliche Arbeit eingesetzt werden. Das Veröffentlichen der Zahlen ist grundsätzlich nicht gestattet. Die tatsächlich erhältliche Patientenzahl lässt sich erst beziffern, wenn Ihr Projekt über einen Datennutzungsantrag angefragt und durch die zuständigen Use & Access Committees begutachtet wurde.", + "TOTAL": "Gesamt", + "SITE": "Standort", + "MESSAGE429": "Sie haben die maximale Anzahl an Abrufen für die Standortaufschlüsselung erreicht.", + "DETAILS_TOOLTIP": "Die Zahl zeigt Ihnen wieviele Ihrere Detailergebnisaufrufe Sie verbraucht haben - wird täglich zurückgesetzt" + }, + "LEGAL": { + "DISCLOSURE": "Impressum", + "DATAPROTECTION": "Datenschutz", + "CONTACT": "Kontakt" + }, + "BUTTON": { + "SAVE": "Speichern", + "CANCEL": "Abbrechen", + "CLOSE": "Schließen", + "DOWNLOAD": "Herunterladen", + "ADD": "Auswählen", + "ADD_TOOLTIP": "Merkmal einschränken", + "ADDALL": "Alle hinzufügen", + "SEND": "Abfrage starten", + "RESET": "Zurücksetzen", + "RESULTDETAILS": "Details", + "SAVEQUERY": "Abfrage speichern", + "VALIDATE": "Validieren", + "IMPORT": "Query laden", + "IMPORT_FROM_FILE": "Datei auswählen", + "IMPORT_DATASELECTION": "Datenselektion laden" + } +} \ No newline at end of file diff --git a/feasibility-portal/gui/language/en.json b/feasibility-portal/gui/language/en.json new file mode 100644 index 0000000..5a60e1e --- /dev/null +++ b/feasibility-portal/gui/language/en.json @@ -0,0 +1,259 @@ +{ + "DASHBOARD": { + "CODEXTHEME": { + "HEADLINE": "Welcome to the CODEX Feasibility Platform!", + "PARAGRAPH1": "Die CODEX Feasibility Plattform ist ein Angebot für Wissenschaftler:innen, die für ihre Forschung nach COVID-19 spezifischen Daten suchen.", + "PARAGRAPH2": "Auf dieser Plattform steht hierfür ein frei zugängliches Suchtool zur Verfügung, das eine erste, unverbindliche Machbarkeitsabfrage ermöglicht. Auf diesem Weg kann festgestellt werden, wie viele Daten an den angeschlossenen CODEX-Standorten zur Verfügung stehen.", + "PARAGRAPH3_1": "Anhand dieser Information können dann in einem nächsten Schritt konkrete Anfragen an die entsprechenden Standorte gestellt werden.", + "PARAGRAPH3_2": "", + "PARAGRAPH3_3": "", + "PARAGRAPH3_4": "", + "PARAGRAPH3_LINK": "", + "PARAGRAPH4_1": "", + "PARAGRAPH4_2": "", + "PARAGRAPH4_3": "", + "PARAGRAPH5_1": "", + "PARAGRAPH5_2": "", + "PARAGRAPH5_3": "" + }, + "ABIDETHEME": { + "HEADLINE": "Welcome to the ABIDE Feasibility Platform!", + "PARAGRAPH1": "Die ABIDE Feasibility Plattform ist ein Unterstützungsangebot für Wissenschaftler und Wissenschaftlerinnen bei der Umsetzung ihrer Forschungsvorhaben.", + "PARAGRAPH2": "Mit einer Machbarkeitsanfrage (Feasibility) erfahren Forschende, wie viele Fälle für ihre Suchkriterien (Ein- und Ausschlusskriterien) in den Datenintegrationszentren der universitätsmedizinischen Standorte bundesweit vorhanden sind und für medizinische Forschungszwecke beantragt werden können.", + "PARAGRAPH3_1": "Zur Formulierung der Abfrage stehen aktuell der Kerndatensatz der Medizininformatikinitiative und der COVID-19 spezifische Datensatz GECCO zur Verfügung.", + "PARAGRAPH3_2": "", + "PARAGRAPH3_3": "", + "PARAGRAPH3_4": "", + "PARAGRAPH3_LINK": "", + "PARAGRAPH4_1": "", + "PARAGRAPH4_2": "", + "PARAGRAPH4_3": "", + "PARAGRAPH5_1": "", + "PARAGRAPH5_2": "", + "PARAGRAPH5_3": "" + }, + "FDPGTHEME": { + "HEADLINE": "Welcome to the „Find data and biospecimens“ service of the German Research Data Portal for Health", + "PARAGRAPH1": "This is a support service for scientists to assist you in realizing your research project. By submitting a feasibility request, you can find out how many data sets for your search criteria are available at university hospitals nationwide. Based on inclusion and exclusion criteria, the availability of health data for medical research purposes can be estimated.", + "PARAGRAPH2": "", + "PARAGRAPH3_1": "With ", + "PARAGRAPH3_2": "New Query", + "PARAGRAPH3_3": " you have the possibility to formulate and send a new query based on the ", + "PARAGRAPH3_4": " to get an overview of the available patient data records.", + "PARAGRAPH3_LINK": "core data set of the MII", + "PARAGRAPH4_1": "You can view and further edit saved queries or saved drafts via ", + "PARAGRAPH4_2": "My Queries", + "PARAGRAPH4_3": ".", + "PARAGRAPH5_1": "Once you have all the relevant information for your research project, you can submit an application for data use in the proposal portal of the German Research Data Portal for Health via", + "PARAGRAPH5_2": "Submit Application", + "PARAGRAPH5_3": "." + }, + "NEWQUERY": { + "HEADLINE": "New Query", + "TEXT": "Perform a request based on your inclusion and exclusion criteria" + }, + "MYQUERY": { + "HEADLINE": "My Queries", + "TEXT": "Get an overview of the requests you have already performed" + }, + "FEASPORTAL": { + "HEADLINE": "Submit Application", + "TEXT": "Make a request for data use in the proposal portal" + } + }, + "DATASELECTION": { + "DATASELECTION": "Dataselection", + "SEARCH": { + "LABEL": "Insert code or serach text", + "CRITERIA": "Search Criteria" + }, + "DISPLAY": { + "LABEL": "Selected Criteria" + } + }, + "LANGUAGE": { + "GERMAN": "German", + "ENGLISH": "English", + "LABEL": "Select language" + }, + "APPLAYOUT": { + "SIDENAV": { + "LABEL": "Sidenav" + }, + "TOGGLE": { + "LABEL": "Toggle sidenav" + } + }, + "NAVIGATION": { + "DASHBOARD": "Home", + "QUERYBUILDER_EDITOR": "Feasibility Query", + "QUERYBUILDER_OVERVIEW": "My Queries", + "DATASELECTION_EDITOR": "Dataselection", + "OPTIONS": "Options", + "SIGNOUT": "Sign out" + }, + "OPTIONSPAGE": { + "MULTIPLEVALUEDEFINITIONS": "Multiple values per criteria", + "MULTIPLEGROUPS": "Multiple groups", + "DEPENDENTGROUPS": "Dependent groups", + "TIMERESTRICTION": "Time restricted criteria", + "DISPLAYVALUEFILTERICON": "Use icons for comparator symbols", + "POLLINGTIME": "Polling Time", + "CONTEXT_IN_SQ": "Include Context in SQ", + "POLLINGINTERVALL": "Polling Intervall", + "FHIRPORT": "FHIR Port" + }, + "QUERYBUILDER": { + "SEARCH": { + "INCLUSION": "Inclusion criteria", + "EXCLUSION": "Exclusion criteria", + "LABEL": "enter code or display", + "ALL": "All", + "CATEGORY_FILTER": "Filter by", + "CONSENT_HEADER": "Type of data use", + "CONSENT_CENTRAL_TOOLTIP": "For the central analysis you will recieve patient data pseudonymised by the MII, which fit your research project proposal. Pseudonymised data can only be used, if patients have consented to their use.The researches will recieve the pseudonymised data in form of a Download. They will then be able to conduct their analysis with greater flexibility and depths as well as faster speed compared to decentral analyis. The collection of the consent is currently underway across all sites. However it can be expected, that for most queries less patients will be found for central than de-central analysis.", + "CONSENT_DISTRIBUTED_TOOLTIP": " For distributed analyses the analysis is carried out at the sites. The researchers recieve anonymous result data. For many sites a de-central analysis can be based on a different legal other than a consent. This often leads to larger numbers of patients found, which fulfill the requirements for your research proposal. Some sites also require the consent of a patient for feasibility queries. These sites will answer feasibility queries with comparatively lower number. The actual number of patients available from these site for distributed analyses might be higher. The actual number of available patients will not be clear until after the research proposal has been processed..", + "CONSENT_CENTRAL": " is assumed (Data consolidated centrally)", + "CONSENT_CENTRAL_LINK": "„Broad Consent“ (MII or compatible with MII)", + "CONSENT_DISTRIBUTED": "No „Broad Consent“ requested (data available for „federated analysis“)" + }, + "SWITCH": { + "LABEL_AND": "AND", + "LABEL_OR": "OR" + }, + "DISPLAY": { + "LABEL": "Selected criteria", + "ONE_OF": "", + "MORE": "more", + "BETWEEN": "between {{ min }} and {{ max }} {{ unit }}", + "COMPARATOR": "{{ comparator }} {{ value }} {{ unit }}", + "TIMERESTRICTION": { + "LATEST": "(latest)", + "BOTH": "between {{ from }} and {{ to }}", + "FROM": "later than {{ from }}", + "TO": "before {{ to }}", + "NONE": "no time restriction" + }, + "REFERENCED_CRITERIA": "referenced criteria:", + "GROUPS": { + "LINKEDGROUPS": "groups are linked", + "SHOW_CONNECTION": "show connection", + "NEW_GROUP": "New Group", + "HINT_NOT_MOVED": "Could not move group", + "HINT_NOT_DELETABLE_LINKED_GROUP": "Groups linked with subgroups cannot be deleted" + } + }, + "OVERVIEW": { + "TITLE_LABEL": "Title", + "COMMENT_LABEL": "Comment", + "SAVE_HEADER": "Save the current query", + "LOAD_HEADER": "Previous Queries", + "IMPORT_HEADER": "Import Queries", + "SAVE_WITH_QUERY": "Save for research proposal (must have been executed)", + "SAVE_TEMPLATE": "Save as template", + "DOWNLOAD_SQ": "Save as file", + "FILENAME": "File name", + "SAVED_QUERIES": "Saved Queries (with result)", + "SAVED_TEMPLATES": "Saved Templates" + }, + "EDIT": { + "HEADER": "Restrictions of selected concepts", + "HEADER_FILTER_QUANTITY": "Choose a value restriction:", + "HEADER_FILTER_QUANTITY_FOR_DISPLAY": "Choose a value restriction ({{ label }}):", + "HEADER_FILTER_CONCEPT_OPTIONAL": "Choose one or more valid values:", + "HEADER_FILTER_CONCEPT_MANDATORY": "Choose one or more valid values:", + "HEADER_FILTER_CONCEPT_FOR_DISPLAY": "Choose one or more valid values ({{ label }}):", + "HEADER_FILTER_REFERENCE": "observed diagnosis", + "HEADER_FILTER_VALUE": "Value restriction", + "CHOOSE_GROUP": "Choose a group", + "MANDATORY_HINT": "Mandatory field", + "UNIT": "Unit", + "MIN": "Min", + "MAX": "Max", + "VALUE": "Value", + "OPERATOR": "Operator", + "AND": "and", + "NONE": "none", + "EQUAL": "equals", + "LESS_THAN": "less than", + "GREATER_THAN": "more than", + "BETWEEN": "between", + "TIMERESTRICTION": { + "LABEL": "Date", + "EVER": "All occurrences in", + "LATEST": "Latest occurrence in", + "FROM": "from", + "TO": "to", + "AT": "at", + "NOT_AT": "not at", + "BEFORE": "before", + "BEFORE_OR_AT": "before or at", + "AFTER": "after", + "AFTER_OR_AT": "after or at", + "BETWEEN": "between", + "TITLE": "Time constraint (optional)" + }, + "GROUPS": { + "HEADER_LINKED_GROUPS": "Relation between linked groups", + "OPTION_PARENT_EVER": "all occurrences", + "OPTION_PARENT_FIRST": "first occurrence", + "OPTION_PARENT_LATEST": "latest occurrence", + "GROUP_PARENT_1": "of group", + "GROUP_PARENT_2": "occurred", + "OPTION_DEPENDENT_EVER": "all occurrences", + "OPTION_DEPENDENT_FIRST": "first occurrence", + "OPTION_DEPENDENT_LATEST": "latest occurrence", + "GROUP_DEPENDENT_1": "of group", + "GROUP_DEPENDENT_2": "", + "TILL": "till", + "FROM": "from", + "BEFORE": "before", + "AFTER": "after", + "DAY": "day(s)", + "MONTH": "month(s)", + "YEAR": "year(s)", + "LABEL_UNIT": "Unit", + "LABEL_VALUE": "Value", + "LABEL_PREPOSITION": "Preposition" + } + }, + "HINT": { + "NO_VALUE_SELECTED": "Choose at least one value", + "MINIMUM_GREATER_MAXIMUM": "Minimal value must be less than maximal value", + "MINIMUM_EXCEEDED": "Value must be at least {{ min }}", + "MAXIMUM_EXCEEDED": "Value must be at most {{ max }}", + "SEARCH_TEXT_NO_INPUT": "Enter a search criteria or open the category tree view", + "NO_CRITERIA_SELECTED": "Choose at least one inclusion criteria" + } + }, + "RESULT": { + "PATIENT_NUMBER": "Number of patients", + "PATIENT_NUMBER_TOOLTIP": "The feasibility queries return approximate results. The results of the query are anaonymised. In this process, deviations from the exact result are deliberately introduced. Therefore, the results are only suitable for the first evaluation of the feasibility of your project and should not be used for scientific work. The publication of the results is generally not permitted. The actual number of patients can only be quantified once your project has been requested via a data use application and reviewed by the relevant Use & Access Committees.", + "TOTAL": "Total", + "SITE": "Site", + "MESSAGE429": "You reached your maximum request limit.", + "DETAILS_TOOLTIP": "The number shows how many views of the detailed result view you have already used - will be reset daily" + }, + "LEGAL": { + "DISCLOSURE": "Disclosure", + "DATAPROTECTION": "Data Protection", + "CONTACT": "Contact" + }, + "BUTTON": { + "SAVE": "Save", + "CANCEL": "Cancel", + "CLOSE": "Close", + "DOWNLOAD": "Download", + "ADD": "Add", + "ADD_TOOLTIP": "restrict criteria", + "ADDALL": "Add all", + "SEND": "Send", + "RESET": "Reset", + "RESULTDETAILS": "Details", + "SAVEQUERY": "Save query", + "VALIDATE": "Validate", + "IMPORT": "Load query", + "IMPORT_FROM_FILE": "choose file", + "IMPORT_DATASELECTION": "Load Dataselection" + } +} \ No newline at end of file diff --git a/zars/gui/mime.types b/feasibility-portal/gui/mime.types similarity index 97% rename from zars/gui/mime.types rename to feasibility-portal/gui/mime.types index 62bd4b6..641a680 100644 --- a/zars/gui/mime.types +++ b/feasibility-portal/gui/mime.types @@ -1,4 +1,5 @@ types { + image/svg+xml svg; text/html html htm shtml; text/css css; text/xml xml rss; diff --git a/zars/gui/nginx.conf b/feasibility-portal/gui/nginx.conf similarity index 79% rename from zars/gui/nginx.conf rename to feasibility-portal/gui/nginx.conf index 50f6d1f..d37a429 100644 --- a/zars/gui/nginx.conf +++ b/feasibility-portal/gui/nginx.conf @@ -64,7 +64,7 @@ gzip_disable "MSIE [1-6]\."; } location /api/ { - proxy_pass http://zars-feasibility-gui-backend:8090/api/; + proxy_pass http://feasibility-gui-backend:8090/api/; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host; } @@ -73,12 +73,25 @@ gzip_disable "MSIE [1-6]\."; proxy_buffers 4 128k; proxy_busy_buffers_size 128k; proxy_buffer_size 64k; - proxy_pass https://keycloak:8443; + proxy_pass http://auth:8080/auth; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $host; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Port $server_port; + proxy_set_header X-Real-IP $remote_addr; } + location /auth/keycloakadmin { + proxy_buffers 4 128k; + proxy_busy_buffers_size 128k; + proxy_buffer_size 64k; + proxy_pass http://auth:8080/auth; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Port $server_port; + proxy_set_header X-Real-IP $remote_addr; + } } } diff --git a/feasibility-portal/initialise-portal-env-files.sh b/feasibility-portal/initialise-portal-env-files.sh new file mode 100644 index 0000000..9b43408 --- /dev/null +++ b/feasibility-portal/initialise-portal-env-files.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +envfiles=( "gui/deploy-config.json" "backend/.env" "keycloak/.env" "aktin-broker/.env") + +for file in "${envfiles[@]}" +do + if [[ -f "$file" ]]; then + printf ".env file %s already exists - not copying default env \n" "$file" + printf "Please check if your current env file %s is missing any params from the %s file and copy them as appropriate\n" "$file" "$file.default" + else + cp "$file.default" "$file" + fi +done diff --git a/feasibility-portal/keycloak/.env.default b/feasibility-portal/keycloak/.env.default new file mode 100644 index 0000000..28a4fc0 --- /dev/null +++ b/feasibility-portal/keycloak/.env.default @@ -0,0 +1,11 @@ +FEASIBILITY_KC_DB=keycloakdb +FEASIBILITY_KC_DB_USER=keycloakdbuser +FEASIBILITY_KC_DB_PW=keycloakdbpw +FEASIBILITY_KC_ADMIN_USER=admin +FEASIBILITY_KC_ADMIN_PW=adminpw +FEASIBILITY_KC_HTTP_RELATIVE_PATH=/auth +FEASIBILITY_KC_HOSTNAME_URL=https://localhost/auth +FEASIBILITY_KC_HOSTNAME_ADMIN_URL=https://localhost/auth/keycloakadmin +FEASIBILITY_KC_LOG_LEVEL=info +FEASIBILITY_KC_PROXY=edge + diff --git a/feasibility-portal/keycloak/docker-compose.yml b/feasibility-portal/keycloak/docker-compose.yml new file mode 100644 index 0000000..3cd6395 --- /dev/null +++ b/feasibility-portal/keycloak/docker-compose.yml @@ -0,0 +1,36 @@ +version: "3.7" + +services: + auth-db: + image: postgres:15-alpine + restart: unless-stopped + environment: + POSTGRES_DB: ${FEASIBILITY_KC_DB:-keycloakdb} + POSTGRES_USER: ${FEASIBILITY_KC_DB_USER:-keycloakdbuser} + POSTGRES_PASSWORD: ${FEASIBILITY_KC_DB_PW:-keycloakdbpw} + volumes: + - "feasibility-auth-db:/var/lib/postgresql/data" + + auth: + image: keycloak/keycloak:22.0 + command: ["start", "--import-realm"] + restart: unless-stopped + environment: + KC_DB: postgres + KC_DB_URL: "jdbc:postgresql://auth-db:5432/${FEASIBILITY_KC_DB}" + KC_DB_USERNAME: ${FEASIBILITY_KC_DB_USER} + KC_DB_PASSWORD: ${FEASIBILITY_KC_DB_PW} + KEYCLOAK_ADMIN: ${FEASIBILITY_KC_ADMIN_USER} + KEYCLOAK_ADMIN_PASSWORD: ${FEASIBILITY_KC_ADMIN_PW} + KC_HTTP_RELATIVE_PATH: ${FEASIBILITY_KC_HTTP_RELATIVE_PATH:-/auth} + KC_HOSTNAME_URL: ${FEASIBILITY_KC_HOSTNAME_URL:-https://localhost/auth} + KC_HOSTNAME_ADMIN_URL: ${FEASIBILITY_KC_HOSTNAME_ADMIN_URL:-https://localhost/auth/keycloakadmin} + KC_LOG_LEVEL: ${FEASIBILITY_KC_LOG_LEVEL:-info} + KC_PROXY: ${FEASIBILITY_KC_PROXY:-edge} + volumes: + - ./init/feasibility-realm.json:/opt/keycloak/data/import/realm.json:ro + depends_on: + - auth-db + +volumes: + feasibility-auth-db: diff --git a/feasibility-portal/keycloak/init/feasibility-realm.json b/feasibility-portal/keycloak/init/feasibility-realm.json new file mode 100644 index 0000000..e52c0d9 --- /dev/null +++ b/feasibility-portal/keycloak/init/feasibility-realm.json @@ -0,0 +1,2263 @@ +{ + "id": "2268ed68-686a-4c9e-8637-6c366a60d459", + "realm": "feasibility", + "notBefore": 0, + "defaultSignatureAlgorithm": "RS256", + "revokeRefreshToken": false, + "refreshTokenMaxReuse": 0, + "accessTokenLifespan": 300, + "accessTokenLifespanForImplicitFlow": 900, + "ssoSessionIdleTimeout": 1800, + "ssoSessionMaxLifespan": 36000, + "ssoSessionIdleTimeoutRememberMe": 0, + "ssoSessionMaxLifespanRememberMe": 0, + "offlineSessionIdleTimeout": 2592000, + "offlineSessionMaxLifespanEnabled": false, + "offlineSessionMaxLifespan": 5184000, + "clientSessionIdleTimeout": 0, + "clientSessionMaxLifespan": 0, + "clientOfflineSessionIdleTimeout": 0, + "clientOfflineSessionMaxLifespan": 0, + "accessCodeLifespan": 60, + "accessCodeLifespanUserAction": 300, + "accessCodeLifespanLogin": 1800, + "actionTokenGeneratedByAdminLifespan": 43200, + "actionTokenGeneratedByUserLifespan": 300, + "oauth2DeviceCodeLifespan": 600, + "oauth2DevicePollingInterval": 5, + "enabled": true, + "sslRequired": "external", + "registrationAllowed": false, + "registrationEmailAsUsername": false, + "rememberMe": false, + "verifyEmail": false, + "loginWithEmailAllowed": true, + "duplicateEmailsAllowed": false, + "resetPasswordAllowed": false, + "editUsernameAllowed": false, + "bruteForceProtected": true, + "permanentLockout": false, + "maxFailureWaitSeconds": 900, + "minimumQuickLoginWaitSeconds": 60, + "waitIncrementSeconds": 60, + "quickLoginCheckMilliSeconds": 1000, + "maxDeltaTimeSeconds": 43200, + "failureFactor": 30, + "roles": { + "realm": [ + { + "id": "51cb7b69-d269-4872-b832-2d326e2e8658", + "name": "FeasibilityUser", + "description": "Standard feasibility user, which is allowed to send feasibility queries but has no admin rights", + "composite": false, + "clientRole": false, + "containerId": "2268ed68-686a-4c9e-8637-6c366a60d459", + "attributes": {} + }, + { + "id": "c15735b2-fb84-4939-90bb-1483d95eb9dd", + "name": "offline_access", + "description": "${role_offline-access}", + "composite": false, + "clientRole": false, + "containerId": "2268ed68-686a-4c9e-8637-6c366a60d459", + "attributes": {} + }, + { + "id": "79573cca-5524-4642-a46f-ce7b988690ae", + "name": "FeasibilityPowerUser", + "description": "Users in this role are not subject to the hard limit for creating queries.", + "composite": false, + "clientRole": false, + "containerId": "2268ed68-686a-4c9e-8637-6c366a60d459", + "attributes": {} + }, + { + "id": "3b8bd5f7-5d05-434f-9040-d6e4ea2cd49b", + "name": "uma_authorization", + "description": "${role_uma_authorization}", + "composite": false, + "clientRole": false, + "containerId": "2268ed68-686a-4c9e-8637-6c366a60d459", + "attributes": {} + }, + { + "id": "e3102b96-039a-4b74-8b7b-1ee58bac24c4", + "name": "default-roles-feasibility", + "description": "${role_default-roles}", + "composite": true, + "composites": { + "realm": [ + "offline_access", + "uma_authorization" + ], + "client": { + "account": [ + "view-profile", + "manage-account" + ] + } + }, + "clientRole": false, + "containerId": "2268ed68-686a-4c9e-8637-6c366a60d459", + "attributes": {} + }, + { + "id": "c9d91f7e-30f0-4fab-9c06-75edad9a7fb9", + "name": "FeasibilityAdmin", + "description": "Admin user who may access endpoints a normal user must not access. Users in this role are not subject to any rate limiting", + "composite": false, + "clientRole": false, + "containerId": "2268ed68-686a-4c9e-8637-6c366a60d459", + "attributes": {} + } + ], + "client": { + "feasibility-webapp": [], + "realm-management": [ + { + "id": "9331cbb4-1e36-4777-9df2-e9f55541f23c", + "name": "view-realm", + "description": "${role_view-realm}", + "composite": false, + "clientRole": true, + "containerId": "5a01c330-fd53-4aeb-bcce-085264100c18", + "attributes": {} + }, + { + "id": "b3cc4711-7c56-4b03-af51-08edc7e1d2b1", + "name": "create-client", + "description": "${role_create-client}", + "composite": false, + "clientRole": true, + "containerId": "5a01c330-fd53-4aeb-bcce-085264100c18", + "attributes": {} + }, + { + "id": "ef251993-4d26-4321-82d5-77d82dba29b8", + "name": "manage-clients", + "description": "${role_manage-clients}", + "composite": false, + "clientRole": true, + "containerId": "5a01c330-fd53-4aeb-bcce-085264100c18", + "attributes": {} + }, + { + "id": "93bac7cf-4036-4670-be72-c385ba1f5bb0", + "name": "manage-authorization", + "description": "${role_manage-authorization}", + "composite": false, + "clientRole": true, + "containerId": "5a01c330-fd53-4aeb-bcce-085264100c18", + "attributes": {} + }, + { + "id": "309737bf-98e9-440e-9418-1bf56e7741ca", + "name": "impersonation", + "description": "${role_impersonation}", + "composite": false, + "clientRole": true, + "containerId": "5a01c330-fd53-4aeb-bcce-085264100c18", + "attributes": {} + }, + { + "id": "ae1b0ea8-eb86-4fbb-ba31-f8e3c64762c7", + "name": "query-clients", + "description": "${role_query-clients}", + "composite": false, + "clientRole": true, + "containerId": "5a01c330-fd53-4aeb-bcce-085264100c18", + "attributes": {} + }, + { + "id": "50f7eaec-dceb-42ba-a4c6-83d3e60b1b72", + "name": "view-users", + "description": "${role_view-users}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "query-groups", + "query-users" + ] + } + }, + "clientRole": true, + "containerId": "5a01c330-fd53-4aeb-bcce-085264100c18", + "attributes": {} + }, + { + "id": "a38cc5d0-3422-422f-b776-6896ccabeec2", + "name": "manage-realm", + "description": "${role_manage-realm}", + "composite": false, + "clientRole": true, + "containerId": "5a01c330-fd53-4aeb-bcce-085264100c18", + "attributes": {} + }, + { + "id": "429ff4cc-4ebd-4ca7-a5a0-8015ff9fb094", + "name": "manage-events", + "description": "${role_manage-events}", + "composite": false, + "clientRole": true, + "containerId": "5a01c330-fd53-4aeb-bcce-085264100c18", + "attributes": {} + }, + { + "id": "27b5a1f1-ce28-4dbb-a501-9ba2bd4f2b00", + "name": "query-users", + "description": "${role_query-users}", + "composite": false, + "clientRole": true, + "containerId": "5a01c330-fd53-4aeb-bcce-085264100c18", + "attributes": {} + }, + { + "id": "cb4548fc-5d6d-40ad-9983-d8659b8be6b6", + "name": "view-events", + "description": "${role_view-events}", + "composite": false, + "clientRole": true, + "containerId": "5a01c330-fd53-4aeb-bcce-085264100c18", + "attributes": {} + }, + { + "id": "5f16bac4-91d3-44c1-a8cb-7ed5da4015d0", + "name": "realm-admin", + "description": "${role_realm-admin}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "view-realm", + "create-client", + "manage-clients", + "manage-authorization", + "impersonation", + "query-clients", + "view-users", + "manage-realm", + "manage-events", + "query-users", + "view-events", + "manage-identity-providers", + "query-realms", + "view-clients", + "manage-users", + "view-authorization", + "query-groups", + "view-identity-providers" + ] + } + }, + "clientRole": true, + "containerId": "5a01c330-fd53-4aeb-bcce-085264100c18", + "attributes": {} + }, + { + "id": "798884b5-15b9-4830-b715-32bbc8d10b32", + "name": "manage-identity-providers", + "description": "${role_manage-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "5a01c330-fd53-4aeb-bcce-085264100c18", + "attributes": {} + }, + { + "id": "a9e4215c-6834-4531-a1b6-a1c95e4fd4cd", + "name": "query-realms", + "description": "${role_query-realms}", + "composite": false, + "clientRole": true, + "containerId": "5a01c330-fd53-4aeb-bcce-085264100c18", + "attributes": {} + }, + { + "id": "1d386eb1-bbdd-43f1-9583-19ba1f80bbbc", + "name": "view-clients", + "description": "${role_view-clients}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "query-clients" + ] + } + }, + "clientRole": true, + "containerId": "5a01c330-fd53-4aeb-bcce-085264100c18", + "attributes": {} + }, + { + "id": "e48a6d04-c281-4d6e-a336-0627f78ad401", + "name": "manage-users", + "description": "${role_manage-users}", + "composite": false, + "clientRole": true, + "containerId": "5a01c330-fd53-4aeb-bcce-085264100c18", + "attributes": {} + }, + { + "id": "5780557a-d429-4cd2-90fd-a35578e77e38", + "name": "view-authorization", + "description": "${role_view-authorization}", + "composite": false, + "clientRole": true, + "containerId": "5a01c330-fd53-4aeb-bcce-085264100c18", + "attributes": {} + }, + { + "id": "b50b51b6-3890-4de7-9e62-a9090b572d39", + "name": "query-groups", + "description": "${role_query-groups}", + "composite": false, + "clientRole": true, + "containerId": "5a01c330-fd53-4aeb-bcce-085264100c18", + "attributes": {} + }, + { + "id": "b4a2906d-b347-4a6a-b01a-a3e05e1d93a9", + "name": "view-identity-providers", + "description": "${role_view-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "5a01c330-fd53-4aeb-bcce-085264100c18", + "attributes": {} + } + ], + "security-admin-console": [], + "admin-cli": [], + "account-console": [], + "broker": [ + { + "id": "2dbbcaa4-f916-4892-b152-e79f0e8f1ae5", + "name": "read-token", + "description": "${role_read-token}", + "composite": false, + "clientRole": true, + "containerId": "f3331d77-6585-4c5e-a490-756f60be886e", + "attributes": {} + } + ], + "account": [ + { + "id": "efd139d7-d607-47bf-8b70-ab1ecb3ae06e", + "name": "delete-account", + "description": "${role_delete-account}", + "composite": false, + "clientRole": true, + "containerId": "a9708df4-9d2d-48a6-9f16-8978316f51e5", + "attributes": {} + }, + { + "id": "f4cfff0d-d7c9-4713-aaf1-18fbec77f636", + "name": "manage-consent", + "description": "${role_manage-consent}", + "composite": true, + "composites": { + "client": { + "account": [ + "view-consent" + ] + } + }, + "clientRole": true, + "containerId": "a9708df4-9d2d-48a6-9f16-8978316f51e5", + "attributes": {} + }, + { + "id": "81626631-1e34-44c1-be51-f450cd78b614", + "name": "view-consent", + "description": "${role_view-consent}", + "composite": false, + "clientRole": true, + "containerId": "a9708df4-9d2d-48a6-9f16-8978316f51e5", + "attributes": {} + }, + { + "id": "70f8967a-89a7-45c4-99cd-be1c8194e248", + "name": "manage-account-links", + "description": "${role_manage-account-links}", + "composite": false, + "clientRole": true, + "containerId": "a9708df4-9d2d-48a6-9f16-8978316f51e5", + "attributes": {} + }, + { + "id": "7d0f39a0-cde9-4b0a-a529-0994dd3eb33a", + "name": "view-applications", + "description": "${role_view-applications}", + "composite": false, + "clientRole": true, + "containerId": "a9708df4-9d2d-48a6-9f16-8978316f51e5", + "attributes": {} + }, + { + "id": "fe10338e-5ba1-417a-8b58-99e8e0d3837c", + "name": "view-profile", + "description": "${role_view-profile}", + "composite": false, + "clientRole": true, + "containerId": "a9708df4-9d2d-48a6-9f16-8978316f51e5", + "attributes": {} + }, + { + "id": "93114928-449f-473b-a748-03cd2de51c8d", + "name": "manage-account", + "description": "${role_manage-account}", + "composite": true, + "composites": { + "client": { + "account": [ + "manage-account-links" + ] + } + }, + "clientRole": true, + "containerId": "a9708df4-9d2d-48a6-9f16-8978316f51e5", + "attributes": {} + }, + { + "id": "d9b50ef5-1a7f-4ce8-aecd-ebf7cd464d64", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "a9708df4-9d2d-48a6-9f16-8978316f51e5", + "attributes": {} + } + ] + } + }, + "groups": [], + "defaultRole": { + "id": "e3102b96-039a-4b74-8b7b-1ee58bac24c4", + "name": "default-roles-feasibility", + "description": "${role_default-roles}", + "composite": true, + "clientRole": false, + "containerId": "2268ed68-686a-4c9e-8637-6c366a60d459" + }, + "requiredCredentials": [ + "password" + ], + "passwordPolicy": "notUsername(undefined) and notEmail(undefined)", + "otpPolicyType": "totp", + "otpPolicyAlgorithm": "HmacSHA1", + "otpPolicyInitialCounter": 0, + "otpPolicyDigits": 6, + "otpPolicyLookAheadWindow": 1, + "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, + "otpSupportedApplications": [ + "totpAppFreeOTPName", + "totpAppGoogleName", + "totpAppMicrosoftAuthenticatorName" + ], + "webAuthnPolicyRpEntityName": "keycloak", + "webAuthnPolicySignatureAlgorithms": [ + "ES256" + ], + "webAuthnPolicyRpId": "", + "webAuthnPolicyAttestationConveyancePreference": "not specified", + "webAuthnPolicyAuthenticatorAttachment": "not specified", + "webAuthnPolicyRequireResidentKey": "not specified", + "webAuthnPolicyUserVerificationRequirement": "not specified", + "webAuthnPolicyCreateTimeout": 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyAcceptableAaguids": [], + "webAuthnPolicyPasswordlessRpEntityName": "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms": [ + "ES256" + ], + "webAuthnPolicyPasswordlessRpId": "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", + "webAuthnPolicyPasswordlessCreateTimeout": 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyPasswordlessAcceptableAaguids": [], + "scopeMappings": [ + { + "clientScope": "offline_access", + "roles": [ + "offline_access" + ] + } + ], + "clientScopeMappings": { + "account": [ + { + "client": "account-console", + "roles": [ + "manage-account", + "view-groups" + ] + } + ] + }, + "clients": [ + { + "id": "a9708df4-9d2d-48a6-9f16-8978316f51e5", + "clientId": "account", + "name": "${client_account}", + "rootUrl": "${authBaseUrl}", + "baseUrl": "/realms/feasibility/account/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "/realms/feasibility/account/*" + ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "0e4587c4-53a6-425d-9c3c-373a1f3c3ea8", + "clientId": "account-console", + "name": "${client_account-console}", + "rootUrl": "${authBaseUrl}", + "baseUrl": "/realms/feasibility/account/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "/realms/feasibility/account/*" + ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+", + "pkce.code.challenge.method": "S256" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "14386432-3d23-43c2-993d-b827d702319b", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": {} + } + ], + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "7be48f2f-4745-4912-8748-50209d15a7e4", + "clientId": "admin-cli", + "name": "${client_admin-cli}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "f3331d77-6585-4c5e-a490-756f60be886e", + "clientId": "broker", + "name": "${client_broker}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "2bb006d9-c6d1-4694-91bb-d20c72f97ab4", + "clientId": "feasibility-webapp", + "name": "feasibility-webapp", + "description": "", + "rootUrl": "https://localhost", + "adminUrl": "https://localhost", + "baseUrl": "https://localhost", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "https://localhost/*" + ], + "webOrigins": [ + "+" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": true, + "protocol": "openid-connect", + "attributes": { + "oidc.ciba.grant.enabled": "false", + "backchannel.logout.session.required": "true", + "post.logout.redirect.uris": "+", + "display.on.consent.screen": "false", + "oauth2.device.authorization.grant.enabled": "false", + "backchannel.logout.revoke.offline.tokens": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "5a01c330-fd53-4aeb-bcce-085264100c18", + "clientId": "realm-management", + "name": "${client_realm-management}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "d54a4fd4-51ef-467e-a842-a74dcf04b3e8", + "clientId": "security-admin-console", + "name": "${client_security-admin-console}", + "rootUrl": "${authAdminUrl}", + "baseUrl": "/admin/feasibility/console/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "/admin/feasibility/console/*" + ], + "webOrigins": [ + "+" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+", + "pkce.code.challenge.method": "S256" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "95ed21c3-cad8-4d48-a24a-c5d30d619826", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + } + ], + "clientScopes": [ + { + "id": "54f9e1da-a52f-49c2-9751-57ec83d7ae0f", + "name": "profile", + "description": "OpenID Connect built-in scope: profile", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${profileScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "09d58d3e-eef2-458f-bba4-48d6de6a6116", + "name": "gender", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "gender", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "gender", + "jsonType.label": "String" + } + }, + { + "id": "40e2763f-4fc0-4dfa-a81f-ff815131c138", + "name": "updated at", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "updatedAt", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "updated_at", + "jsonType.label": "long" + } + }, + { + "id": "fd71d132-c5d0-4c03-82ab-2fd9854c68d7", + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" + } + }, + { + "id": "829a7be3-13d0-4bb1-b283-8f7e4047e2d2", + "name": "birthdate", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "birthdate", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "birthdate", + "jsonType.label": "String" + } + }, + { + "id": "ee8b1a4b-64c7-4cc1-a3cb-dea1592a2b62", + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + }, + { + "id": "25bdd74c-d84e-47c3-a23f-1c83281bf156", + "name": "profile", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "profile", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "profile", + "jsonType.label": "String" + } + }, + { + "id": "5263a825-41da-4a3d-bb7b-feb91dd13427", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + }, + { + "id": "d941f7ea-e6cd-4d64-8227-477e920f791d", + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String" + } + }, + { + "id": "47215783-c6ff-4565-b5fc-759e485c8979", + "name": "website", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "website", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "website", + "jsonType.label": "String" + } + }, + { + "id": "413a6730-ea1d-4857-b192-0ab41ffeb0e5", + "name": "nickname", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "nickname", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "nickname", + "jsonType.label": "String" + } + }, + { + "id": "55e8c3e2-36b2-460a-9851-e9a429164194", + "name": "picture", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "picture", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "picture", + "jsonType.label": "String" + } + }, + { + "id": "0c8f81d7-734d-4195-aead-c00c9ba4f9e3", + "name": "middle name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "middleName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "middle_name", + "jsonType.label": "String" + } + }, + { + "id": "7948a327-a526-4be6-9715-afd8c8636797", + "name": "zoneinfo", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "zoneinfo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "zoneinfo", + "jsonType.label": "String" + } + }, + { + "id": "1b88530a-5336-48d7-859b-bc41c364dc0f", + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "b52455e7-9cd5-4726-a31a-31312344012c", + "name": "address", + "description": "OpenID Connect built-in scope: address", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${addressScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "6f9322e7-84a9-437e-8644-aea3b5f54adc", + "name": "address", + "protocol": "openid-connect", + "protocolMapper": "oidc-address-mapper", + "consentRequired": false, + "config": { + "user.attribute.formatted": "formatted", + "user.attribute.country": "country", + "user.attribute.postal_code": "postal_code", + "userinfo.token.claim": "true", + "user.attribute.street": "street", + "id.token.claim": "true", + "user.attribute.region": "region", + "access.token.claim": "true", + "user.attribute.locality": "locality" + } + } + ] + }, + { + "id": "abf381fe-7538-4529-858f-4216132674cd", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "8c01d465-fdcc-47a9-aa2c-da829dd1ff65", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + } + ] + }, + { + "id": "47fe69af-a1b4-4c4f-b02d-a23e12b0cf39", + "name": "role_list", + "description": "SAML role list", + "protocol": "saml", + "attributes": { + "consent.screen.text": "${samlRoleListScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "9aeef7a2-0a1e-4460-be36-510274c17772", + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", + "consentRequired": false, + "config": { + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" + } + } + ] + }, + { + "id": "83573c1e-ff5a-4523-ba7a-5e81d9db86f1", + "name": "offline_access", + "description": "OpenID Connect built-in scope: offline_access", + "protocol": "openid-connect", + "attributes": { + "consent.screen.text": "${offlineAccessScopeConsentText}", + "display.on.consent.screen": "true" + } + }, + { + "id": "dfde37ea-846c-4d60-beba-0af7adfefe45", + "name": "email", + "description": "OpenID Connect built-in scope: email", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${emailScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "797d901f-6f96-4228-93e4-49fe517427de", + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + }, + { + "id": "84c070fa-6b10-44f3-a540-31f8943b32ed", + "name": "email verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "emailVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email_verified", + "jsonType.label": "boolean" + } + } + ] + }, + { + "id": "19af4bbf-04e2-4ca9-a93a-027fe7726309", + "name": "web-origins", + "description": "OpenID Connect scope for add allowed web origins to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false", + "consent.screen.text": "" + }, + "protocolMappers": [ + { + "id": "bcb6d62a-79e1-4476-8421-1b27ef11b59f", + "name": "allowed web origins", + "protocol": "openid-connect", + "protocolMapper": "oidc-allowed-origins-mapper", + "consentRequired": false, + "config": {} + } + ] + }, + { + "id": "2b547faf-1890-4b84-b5b2-65ae318d76d9", + "name": "roles", + "description": "OpenID Connect scope for add user roles to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "true", + "consent.screen.text": "${rolesScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "74a5caa0-08f3-4f03-8f52-e434e9e9b25a", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": {} + }, + { + "id": "6cf63106-cebe-4bbf-8d54-26b601cbbb9c", + "name": "realm roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "multivalued": "true", + "userinfo.token.claim": "true", + "user.attribute": "foo", + "id.token.claim": "false", + "access.token.claim": "true", + "claim.name": "realm_access.roles", + "jsonType.label": "String" + } + }, + { + "id": "edc9a040-eb9c-441f-82d1-204e91a3f02f", + "name": "client roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-client-role-mapper", + "consentRequired": false, + "config": { + "user.attribute": "foo", + "access.token.claim": "true", + "claim.name": "resource_access.${client_id}.roles", + "jsonType.label": "String", + "multivalued": "true" + } + } + ] + }, + { + "id": "60bfd884-d8da-481c-9687-6517d98b4d09", + "name": "microprofile-jwt", + "description": "Microprofile - JWT built-in scope", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "112e1abe-9dba-4b17-90fe-879ce45e681b", + "name": "upn", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "upn", + "jsonType.label": "String" + } + }, + { + "id": "70633dda-f43e-4304-bc8f-47c5600e2b9e", + "name": "groups", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "multivalued": "true", + "userinfo.token.claim": "true", + "user.attribute": "foo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "groups", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "811d2520-078a-4730-826d-efdd9f5c5818", + "name": "phone", + "description": "OpenID Connect built-in scope: phone", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${phoneScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "02e74785-b633-4a78-bbd3-fb5aa405880b", + "name": "phone number", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "phoneNumber", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number", + "jsonType.label": "String" + } + }, + { + "id": "35471ea2-3b31-4a2e-a57b-63fa23312e75", + "name": "phone number verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "phoneNumberVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number_verified", + "jsonType.label": "boolean" + } + } + ] + } + ], + "defaultDefaultClientScopes": [ + "role_list", + "profile", + "email", + "roles", + "web-origins", + "acr" + ], + "defaultOptionalClientScopes": [ + "offline_access", + "address", + "phone", + "microprofile-jwt" + ], + "browserSecurityHeaders": { + "contentSecurityPolicyReportOnly": "", + "xContentTypeOptions": "nosniff", + "xRobotsTag": "none", + "xFrameOptions": "SAMEORIGIN", + "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "xXSSProtection": "1; mode=block", + "strictTransportSecurity": "max-age=31536000; includeSubDomains" + }, + "smtpServer": {}, + "eventsEnabled": false, + "eventsListeners": [ + "jboss-logging" + ], + "enabledEventTypes": [], + "adminEventsEnabled": false, + "adminEventsDetailsEnabled": false, + "identityProviders": [], + "identityProviderMappers": [], + "components": { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ + { + "id": "1727392e-576c-4a6d-be26-3939ca7f1a74", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } + }, + { + "id": "e1667956-eb28-406b-85e1-921570ce4203", + "name": "Consent Required", + "providerId": "consent-required", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "1cf930a6-6c5b-4c8a-989e-8311ea67361e", + "name": "Trusted Hosts", + "providerId": "trusted-hosts", + "subType": "anonymous", + "subComponents": {}, + "config": { + "host-sending-registration-request-must-match": [ + "true" + ], + "client-uris-must-match": [ + "true" + ] + } + }, + { + "id": "a65081f4-6f09-4d6a-9841-20f8c24c6254", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } + }, + { + "id": "f7dd852b-1d11-40e6-b1ef-a616afa244d5", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "5213745c-6a93-4666-b05a-2f3d6fd0cbe6", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "oidc-full-name-mapper", + "saml-user-attribute-mapper", + "saml-role-list-mapper", + "oidc-usermodel-property-mapper", + "oidc-usermodel-attribute-mapper", + "oidc-address-mapper", + "oidc-sha256-pairwise-sub-mapper", + "saml-user-property-mapper" + ] + } + }, + { + "id": "b6c31f41-a5a0-40aa-9b3d-40eb54b0bd93", + "name": "Max Clients Limit", + "providerId": "max-clients", + "subType": "anonymous", + "subComponents": {}, + "config": { + "max-clients": [ + "200" + ] + } + }, + { + "id": "844964d8-a4e4-48b9-8bae-9e9b4cf98407", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "saml-user-attribute-mapper", + "oidc-sha256-pairwise-sub-mapper", + "oidc-usermodel-property-mapper", + "oidc-full-name-mapper", + "oidc-usermodel-attribute-mapper", + "saml-role-list-mapper", + "oidc-address-mapper", + "saml-user-property-mapper" + ] + } + } + ], + "org.keycloak.userprofile.UserProfileProvider": [ + { + "id": "64e5b946-3efc-4fa1-ab11-ee67d46b7740", + "providerId": "declarative-user-profile", + "subComponents": {}, + "config": {} + } + ], + "org.keycloak.keys.KeyProvider": [ + { + "id": "01e3c79d-0db5-4f14-9cb5-ec84494cf288", + "name": "hmac-generated", + "providerId": "hmac-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ], + "algorithm": [ + "HS256" + ] + } + }, + { + "id": "1b448d17-22f0-4ef8-b014-1a1476d9480f", + "name": "aes-generated", + "providerId": "aes-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ] + } + }, + { + "id": "94d424b7-b1db-4582-897e-d2cc50918f74", + "name": "rsa-enc-generated", + "providerId": "rsa-enc-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ], + "algorithm": [ + "RSA-OAEP" + ] + } + }, + { + "id": "9127a77a-f0bc-464e-9429-24d332b94fa9", + "name": "rsa-generated", + "providerId": "rsa-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ] + } + } + ] + }, + "internationalizationEnabled": false, + "supportedLocales": [], + "authenticationFlows": [ + { + "id": "cb24f56f-33f6-451f-8e86-f0b59cb78bfb", + "alias": "Account verification options", + "description": "Method with which to verity the existing account", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-email-verification", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Verify Existing Account by Re-authentication", + "userSetupAllowed": false + } + ] + }, + { + "id": "16cbe5b5-8907-4c79-a28e-af26a64d4545", + "alias": "Authentication Options", + "description": "Authentication options.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "basic-auth", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "basic-auth-otp", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-spnego", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 30, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "f540010d-17d4-4f96-8752-44bcf3fb9770", + "alias": "Browser - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-otp-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "8bd5fb04-e90f-4838-9f03-30230712a0b4", + "alias": "Direct Grant - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "direct-grant-validate-otp", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "54247ccb-334b-4ac6-a815-a6209ca0b020", + "alias": "First broker login - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-otp-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "0714d5f1-6090-4932-8e6d-757bb8dbe82b", + "alias": "Handle Existing Account", + "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-confirm-link", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Account verification options", + "userSetupAllowed": false + } + ] + }, + { + "id": "a284c5e8-d3d7-4ce2-a192-0a12add20e2c", + "alias": "Reset - Conditional OTP", + "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-otp", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "5a0eee2a-7c7b-4d5b-af9d-a2938f8d99c8", + "alias": "User creation or linking", + "description": "Flow for the existing/non-existing user alternatives", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorConfig": "create unique user config", + "authenticator": "idp-create-user-if-unique", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Handle Existing Account", + "userSetupAllowed": false + } + ] + }, + { + "id": "67915d59-934e-411f-961e-2685fc7115a6", + "alias": "Verify Existing Account by Re-authentication", + "description": "Reauthentication of existing account", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-username-password-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "First broker login - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "b88af6ec-5de7-42a2-8e09-addc24063066", + "alias": "browser", + "description": "browser based authentication", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-cookie", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-spnego", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "identity-provider-redirector", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 25, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 30, + "autheticatorFlow": true, + "flowAlias": "forms", + "userSetupAllowed": false + } + ] + }, + { + "id": "a1ed4636-21e5-48a4-bccd-c8a460a99759", + "alias": "clients", + "description": "Base authentication for clients", + "providerId": "client-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "client-secret", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-jwt", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-secret-jwt", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 30, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-x509", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 40, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "02300a75-fe74-4290-bca5-e6a264f23350", + "alias": "direct grant", + "description": "OpenID Connect Resource Owner Grant", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "direct-grant-validate-username", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "direct-grant-validate-password", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 30, + "autheticatorFlow": true, + "flowAlias": "Direct Grant - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "ab4dc592-8917-4418-9e14-2c18e541837b", + "alias": "docker auth", + "description": "Used by Docker clients to authenticate against the IDP", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "docker-http-basic-authenticator", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "3e6b5064-2034-470f-bd29-8edc96285991", + "alias": "first broker login", + "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorConfig": "review profile config", + "authenticator": "idp-review-profile", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "User creation or linking", + "userSetupAllowed": false + } + ] + }, + { + "id": "9c9af7ce-c44c-49b6-b3c9-5926819b798b", + "alias": "forms", + "description": "Username, password, otp and other auth forms.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-username-password-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Browser - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "76e0940b-a8b4-408e-be78-eaf8fd37bc78", + "alias": "http challenge", + "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "no-cookie-redirect", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Authentication Options", + "userSetupAllowed": false + } + ] + }, + { + "id": "9a5d8f12-34f7-4dd0-baab-9ad1335f83f5", + "alias": "registration", + "description": "registration flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-page-form", + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": true, + "flowAlias": "registration form", + "userSetupAllowed": false + } + ] + }, + { + "id": "af3e4179-a6e2-4ab8-a66d-7ad4c0fc11c5", + "alias": "registration form", + "description": "registration form", + "providerId": "form-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-user-creation", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "registration-profile-action", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 40, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "registration-password-action", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 50, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "registration-recaptcha-action", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 60, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "fadc7a19-a9c5-4d5b-b7cf-a083ea11d579", + "alias": "reset credentials", + "description": "Reset credentials for a user if they forgot their password or something", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "reset-credentials-choose-user", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-credential-email", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-password", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 30, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 40, + "autheticatorFlow": true, + "flowAlias": "Reset - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "6fb62e67-4ebd-4698-a79e-416643f8cc40", + "alias": "saml ecp", + "description": "SAML ECP Profile Authentication Flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "http-basic-authenticator", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + } + ], + "authenticatorConfig": [ + { + "id": "3189c761-6799-4a93-8033-46b386b8e6cc", + "alias": "create unique user config", + "config": { + "require.password.update.after.registration": "false" + } + }, + { + "id": "7df85127-1db0-42d7-9408-c2fce1ad2c47", + "alias": "review profile config", + "config": { + "update.profile.on.first.login": "missing" + } + } + ], + "requiredActions": [ + { + "alias": "CONFIGURE_TOTP", + "name": "Configure OTP", + "providerId": "CONFIGURE_TOTP", + "enabled": true, + "defaultAction": false, + "priority": 10, + "config": {} + }, + { + "alias": "TERMS_AND_CONDITIONS", + "name": "Terms and Conditions", + "providerId": "TERMS_AND_CONDITIONS", + "enabled": false, + "defaultAction": false, + "priority": 20, + "config": {} + }, + { + "alias": "UPDATE_PASSWORD", + "name": "Update Password", + "providerId": "UPDATE_PASSWORD", + "enabled": true, + "defaultAction": false, + "priority": 30, + "config": {} + }, + { + "alias": "UPDATE_PROFILE", + "name": "Update Profile", + "providerId": "UPDATE_PROFILE", + "enabled": true, + "defaultAction": false, + "priority": 40, + "config": {} + }, + { + "alias": "VERIFY_EMAIL", + "name": "Verify Email", + "providerId": "VERIFY_EMAIL", + "enabled": true, + "defaultAction": false, + "priority": 50, + "config": {} + }, + { + "alias": "delete_account", + "name": "Delete Account", + "providerId": "delete_account", + "enabled": false, + "defaultAction": false, + "priority": 60, + "config": {} + }, + { + "alias": "webauthn-register", + "name": "Webauthn Register", + "providerId": "webauthn-register", + "enabled": true, + "defaultAction": false, + "priority": 70, + "config": {} + }, + { + "alias": "webauthn-register-passwordless", + "name": "Webauthn Register Passwordless", + "providerId": "webauthn-register-passwordless", + "enabled": true, + "defaultAction": false, + "priority": 80, + "config": {} + }, + { + "alias": "update_user_locale", + "name": "Update User Locale", + "providerId": "update_user_locale", + "enabled": true, + "defaultAction": false, + "priority": 1000, + "config": {} + } + ], + "browserFlow": "browser", + "registrationFlow": "registration", + "directGrantFlow": "direct grant", + "resetCredentialsFlow": "reset credentials", + "clientAuthenticationFlow": "clients", + "dockerAuthenticationFlow": "docker auth", + "attributes": { + "cibaBackchannelTokenDeliveryMode": "poll", + "cibaExpiresIn": "120", + "cibaAuthRequestedUserHint": "login_hint", + "oauth2DeviceCodeLifespan": "600", + "clientOfflineSessionMaxLifespan": "0", + "oauth2DevicePollingInterval": "5", + "clientSessionIdleTimeout": "0", + "parRequestUriLifespan": "60", + "clientSessionMaxLifespan": "0", + "clientOfflineSessionIdleTimeout": "0", + "cibaInterval": "5", + "realmReusableOtpCode": "false" + }, + "keycloakVersion": "21.0.1", + "userManagedAccessAllowed": false, + "clientProfiles": { + "profiles": [] + }, + "clientPolicies": { + "policies": [] + } +} diff --git a/zars/setup-base-auth.sh b/feasibility-portal/setup-base-auth.sh similarity index 59% rename from zars/setup-base-auth.sh rename to feasibility-portal/setup-base-auth.sh index 0bdfb13..4d1fe50 100755 --- a/zars/setup-base-auth.sh +++ b/feasibility-portal/setup-base-auth.sh @@ -8,11 +8,11 @@ # #fi -BASE_DIR="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" +BASE_DIR="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 || exit 1 ; pwd -P )" echo "Generating default certificate..." -docker run --rm -v $BASE_DIR/auth:/export --entrypoint openssl alpine/openssl req -nodes -subj '/CN=localhost' -x509 -newkey rsa:4096 -keyout /export/key.pem -out /export/cert.pem -days 99999 -docker run --rm -v $BASE_DIR/auth:/export alpine chmod 655 /export/* +docker run --rm -v "$BASE_DIR"/auth:/export --entrypoint openssl alpine/openssl req -nodes -subj '/CN=localhost' -x509 -newkey rsa:4096 -keyout /export/key.pem -out /export/cert.pem -days 99999 +docker run --rm -v "$BASE_DIR"/auth:/export alpine chmod -R 655 /export #echo "generating user: $1 , with password: $2" #docker run --rm --entrypoint htpasswd registry:2.7.0 -nb $1 $2 > .htpasswd diff --git a/feasibility-portal/start-feasibility-portal-local.sh b/feasibility-portal/start-feasibility-portal-local.sh new file mode 100755 index 0000000..c594a45 --- /dev/null +++ b/feasibility-portal/start-feasibility-portal-local.sh @@ -0,0 +1,21 @@ +#!/usr/bin/env sh + +COMPOSE_PROJECT=${FEASIBILITY_COMPOSE_PROJECT:-feasibility-deploy} +AKTIN_ENABLED=${AKTIN_ENABLED:-false} + + +BASE_DIR="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 || exit 1 ; pwd -P )" + + +if [ "$AKTIN_ENABLED" = true ]; then + printf "Starting aktin broker for localhost ... \n" + docker-compose -p "$COMPOSE_PROJECT" -f "$BASE_DIR"/aktin-broker/docker-compose.yml up -d + export CODEX_FEASIBILITY_BACKEND_DIRECT_ENABLED=false + export CODEX_FEASIBILITY_BACKEND_AKTIN_ENABLED=true + printf "Sleeping 20 seconds to allow aktin to start up before backend ... \n" + sleep 20 +fi + +docker-compose -p "$COMPOSE_PROJECT" -f "$BASE_DIR"/keycloak/docker-compose.yml up -d +docker-compose -p "$COMPOSE_PROJECT" -f "$BASE_DIR"/backend/docker-compose.yml up -d +docker-compose -p "$COMPOSE_PROJECT" -f "$BASE_DIR"/gui/docker-compose.yml up -d diff --git a/feasibility-portal/start-feasibility-portal.sh b/feasibility-portal/start-feasibility-portal.sh new file mode 100755 index 0000000..ad3ea49 --- /dev/null +++ b/feasibility-portal/start-feasibility-portal.sh @@ -0,0 +1,12 @@ +#!/usr/bin/env sh + +COMPOSE_PROJECT=${FEASIBILITY_COMPOSE_PROJECT:-feasibility-deploy} + +BASE_DIR="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 || exit 1 ; pwd -P )" + +#sh "$BASE_DIR"/dsf-broker/start.sh "$COMPOSE_PROJECT" +docker-compose -p "$COMPOSE_PROJECT" -f "$BASE_DIR"/keycloak/docker-compose.yml up -d +docker-compose -p "$COMPOSE_PROJECT" -f "$BASE_DIR"/backend/docker-compose.yml up -d +docker-compose -p "$COMPOSE_PROJECT" -f "$BASE_DIR"/gui/docker-compose.yml up -d +docker-compose -p "$COMPOSE_PROJECT" -f "$BASE_DIR"/aktin-broker/docker-compose.yml up -d + diff --git a/feasibility-portal/stop-feasibility-portal.sh b/feasibility-portal/stop-feasibility-portal.sh new file mode 100755 index 0000000..9960ad7 --- /dev/null +++ b/feasibility-portal/stop-feasibility-portal.sh @@ -0,0 +1,10 @@ +#!/usr/bin/env sh + +COMPOSE_PROJECT=${FEASIBILITY_COMPOSE_PROJECT:-feasibility-deploy} + +BASE_DIR="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 || exit 1 ; pwd -P )" + +docker-compose -p "$COMPOSE_PROJECT" -f "$BASE_DIR"/keycloak/docker-compose.yml stop +docker-compose -p "$COMPOSE_PROJECT" -f "$BASE_DIR"/backend/docker-compose.yml stop +docker-compose -p "$COMPOSE_PROJECT" -f "$BASE_DIR"/gui/docker-compose.yml stop +docker-compose -p "$COMPOSE_PROJECT" -f "$BASE_DIR"/aktin-broker/docker-compose.yml stop diff --git a/feasibility-triangle/.gitignore b/feasibility-triangle/.gitignore new file mode 100644 index 0000000..95ffcf1 --- /dev/null +++ b/feasibility-triangle/.gitignore @@ -0,0 +1,4 @@ +/ontology/*.json +/testdata/*.json +/testdata/*.zip +troubleshooting/input-queries.json diff --git a/feasibility-triangle/README.md b/feasibility-triangle/README.md new file mode 100644 index 0000000..cf1381f --- /dev/null +++ b/feasibility-triangle/README.md @@ -0,0 +1,282 @@ +# The Feasibility Triangle + + +The Feasibility Triangle part of this repository provides a site (data integration center) with all the necessary components to set up in order to allow feasibility queries from the central feasibility portal. + + +## Overview + +The Feasibility Triangle is composed of four components: + +1. A Middleware Client (AKTIN or DSF) +2. A Feasibility Analysis Request Executor (FLARE) +3. A FHIR Server (Blaze) +4. Reverse Proxy (NGINX) + +The reverse proxy allows for integration into a site's multi-server infrastructure. It also provides basic auth capability for FHIR server and FLARE components. + +### CQL Support + +[CQL](https://cql.hl7.org) is supported. If your FHIR server **does not** support CQL itself then the FLARE component must be used as a kind of translation mediator. + +### Component Interchangeability + +All components work with well-defined interfaces making them interchangeable. Thus, there are different middleware clients and FHIR servers to chose from. + +This leads to the following setup options: + +- AKTIN - FLARE (FHIR Search) - FHIR Server (not CQL ready) - END OF SUPPORT FOR FEASIBILITY 31.12.2023 +- AKTIN - FHIR Server (CQL ready) - END OF SUPPORT FOR FEASIBILITY 31.12.2023 +- DSF - FLARE (FHIR Search) - FHIR Server (not CQL ready) +- DSF - FHIR Server (CQL ready) + +**_When choosing a FHIR server, make sure it supports either CQL or the required FHIR search capabilities._** + +## Setting up the Feasibility Triangle + +### Step 1 - Installation Docker + +The installation of the Feasibility Triangle requires Docker (https://docs.docker.com/engine/install/ubuntu/) and docker-compose (https://docs.docker.com/compose/install/). +If not already installed on your VM, install using the links provided above. + +### Step 2 - Clone this Repository to your virtual machine + +ssh to your virtual machine and switch to sudo `sudo -s`. +Designate a folder for your setup in which to clone the deploy repository, we suggest /opt (`cd /opt`) +Navigate to the directory and clone this repository: `git clone https://github.com/medizininformatik-initiative/feasibility-deploy.git` +Navigate to the feasibility-triangle folder of the repository: `cd /opt/feasibility-deploy/feasibility-triangle` +Checkout the version (git tag) of the feasibility triangle you would like to install: `git checkout ` + +### Step 3 - Initialise .env files + +The feasibility portal requires .env files for the docker-compose setup. If you are performing a new setup of the project, execute the `initialise-triangle-env-files.sh`. + +If you have set up the portal before compare the .env to the .env.default env files of each component and copy the additional params as appropriate. + +### Step 4 - Set Up basic auth + +To set up basic auth you can execute the `setup-base-auth.sh ` to add a simple .htpasswd to protect your FHIR Server and FLARE component with basic authentication. +This creates a .htpasswd file in the `auth` directory, which will be mounted to the nginx, which is part of this deployment repository. + +### Step 5 - Set Up ssl certificates + +Running this setup safely at your site requires a valid certificate and domain. Please contact the responsible body of your institution to receive both a domain and certificate. +You will require two .pem files: a cert.pem (certificate) and key.pem (private key). + +Once you have the appropriate certificates you should save them under `/opt/feasibility-deploy/feasibility-triangle/auth`. +Set the rights for all files of the auth folder to 655 `chmod 655 /opt/feasibility-deploy/feasibility-triangle/auth/*`. + +- If you do not provide a cert.pem and key.pem file the reverse proxy will not start up, as it will not be able to provide a secure https connection. +- The rest of the feasibility triangle will still work, as it does create a connection to the outside without the need to make itself accessible. +- However, if you would for example load data into the FHIR server from an ETL job on another VM you will need to expose the FHIR server via a reverse proxy, which will require the certificates above. + +### Step 6 - Load the ontology mapping files + +**Note:** The ontology is now part of the FLARE image and will not have to be loaded manually. + +### Step 7 - Configure your feasibility triangle + +If you use the default triangle setup you only have to configure the AKTIN client to connect to the central feasibility portal as the rest of the setup will already be correctly configured for you. + +Please note that all user env variables should be changed and all password variables should be set to secure passwords. + +Follow the [DSF configuration wiki](https://github.com/medizininformatik-initiative/feasibility-deploy/wiki/DSF-Middleware-Setup) if you want to use the DSF middleware instead. + +To configure the AKTIN client in the default setup, change the following environment variables in the file `/opt/feasibility-deploy/feasibility-triangle/aktin-client/.env` according to the paragraph **Configurable environment variables** of this README: + +- FEASIBILITY_AKTIN_CLIENT_BROKER_ENDPOINT_URI +- FEASIBILITY_AKTIN_CLIENT_AUTH_PARAM +- FEASIBILITY_AKTIN_CLIENT_WEBSOCKET_PING_SECONDS +- FEASIBILITY_AKTIN_PROCESS_EXECUTOR_THREADS + +If you are using AKTIN, the new version of the AKTIN client logs to the STDOUT of the container. You will be responsible for persisting these container logs beyond the stopping and starting of the container. + +### Step 8 - Start the feasibility triangle + +To start the triangle navigate to `/opt/feasibility-deploy/feasibility-triangle` and +execute `bash start-triangle.sh`. + +This starts the following default triangle: +AKTIN (Middleware) - FLARE (FHIR Search executor) - BLAZE (FHIR Server) + +- AKTIN: Used to connect to the central platform and allow queries from the FDPG +- FLARE: A Rest Service, which is needed to translate, execute and evaluate a feasibility query on a FHIR Server using FHIR Search +- BLAZE: The FHIR Server which holds the patient data for feasibility queries + + +If you would like to pick other component combinations you can start each component individually by setting your compose project (`export FEASIBILITY_COMPOSE_PROJECT=feasibility-deploy`) +navigating to the respective components folder and executing: +`docker-compose -p $FEASIBILITY_COMPOSE_PROJECT up -d` + + +### Step 9 - Access the Triangle + +In the default configuration, and given that you have set up a SSL certificate in step 4, the setup will expose the following services: + +These are the URLs for access to the webclients via nginx: + +| Component | URL | User | Password | +|-------------|----------------------------------|------------------|------------------| +| Flare | | chosen in step 3 | chosen in step 3 | +| FHIR Server | | chosen in step 3 | chosen in step 3 | + +Accessible service via localhost: + +| Component | URL | User | Password | +|-------------|----------------------------------|------------------|------------------| +| Flare | | None required | None required | +| FHIR Server | | None required | None required | + +Please be aware that you will need to set up an ssh tunnel to your server and forward the respective ports if you would like to access the services on localhost without a password. + +For example for the FHIR Server: ssh -L 8081:127.0.0.1:8081 your-username@your-server-ip + +### Step 10 - Init Testdata (Optional) + +To initialise testdata execute `get-mii-testdata.sh`. This will download MII core dataset compliant testdata from , +unpack it and save it to the testdata folder of this repository. + +You can then load the data into your FHIR Server using the `upload-testdata.sh` script. + + +## Updating the Feasibility Triangle + +If you have already installed the feasibility triangle and just want to update it, follow these steps: + + +### Step 1 - Stop your triangle + +`cd /opt/feasibility-deploy/feasibility-triangle && bash stop-triangle.sh` + +### Step 2 - Update repository and check out new tag + +`cd /opt/feasibility-deploy/feasibility-triangle && git pull` +`git checkout ` + +### Step 3 - transfer the new env variables + +Compare the .env and .env.default files for each component and add any new variables from the .env.default file to the .env file. +Keep the existing configuration as is. + +### Step 4 - Update your ontology + +**Note:** The ontology is now part of the FLARE image and will not have to be loaded manually. + +### Step 5 - Start your triangle + +To start the triangle navigate to `/opt/feasibility-deploy/feasibility-triangle` and +execute `bash start-triangle.sh`. + +### Step 6 - Update your DSF + +If you are using the DSF to connect to the central feasibility portal, please follow the instructions here: +https://github.com/medizininformatik-initiative/feasibility-deploy/wiki/DSF-Middleware-Setup + +### Step 7 - Log in to the central feasibility portal and test your connection + +Ask for the Url of the central portal at the FDPG or check Confluence for the correct address. + +Log in to the portal and send a request with the Inclusion Criterion chosen from the Inclusion criteria tree (folder sign under Inclusion Criteria) +"Person > PatientIn > Geschlecht: Female,Male" + +and press "send". + +Check your triangle aktin client logs: +docker logs -f id-of-the-aktin-client-container + +you should see output similar to: +``` +Mar 29, 2023 12:59:57 PM feasibility.FeasibilityExecution doExecution +FINE: {"version":"http://to_be_decided.com/draft-1/schema#","display":"","inclusionCriteria":[[{"termCodes":[{"code":"263495000","system":"http://snomed.info/sct","display":"Geschlecht"}],"context":{"code":"Patient","system":"fdpg.mii.cds","version":"1.0.0","display":"Patient"},"valueFilter":{"selectedConcepts":[{"code":"female","display":"Female","system":"http://hl7.org/fhir/administrative-gender"},{"code":"male","display":"Male","system":"http://hl7.org/fhir/administrative-gender"}],"type":"concept"}}]]} +``` + +## Configuration + +### Configurable environment variables + +| Env Variable | Description | Default | Possible Values | Component | +|-----------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------|-----------------------------------------------------|-----------| +| FEASIBILITY_AKTIN_CLIENT_BROKER_REQUEST_MEDIATYPE | The media type of the query you would like to handle | application/sq+json | application/sq+json, text/cql | AKTIN | +| FEASIBILITY_AKTIN_CLIENT_BROKER_RESULT_MEDIATYPE | The media type of the query response you return | application/json | application/json | AKTIN | +| FEASIBILITY_AKTIN_CLIENT_BROKER_ENDPOINT_URI | The URL of the AKTIN broker endpoint | http://aktin-broker:8080/broker/ | URL | AKTIN | +| FEASIBILITY_AKTIN_CLIENT_AUTH_CLASS | Type of authentication used by AKTIN | org.aktin.broker.client2.auth.ApiKeyAuthentication | org.aktin.broker.client2.auth.ApiKeyAuthentication | AKTIN | +| FEASIBILITY_AKTIN_CLIENT_AUTH_PARAM | The API key of your site | xxxApiKey123 | API key token | AKTIN | +| FEASIBILITY_AKTIN_CLIENT_WEBSOCKET_DISABLED | enables or disables the websocket - if websocket is disabled the client will poll requests instead - the polling interval is then configured using the env var FEASIBILITY_AKTIN_CLIENT_WEBSOCKET_RECONNECT_SECONDS | false | boolean | AKTIN | +| FEASIBILITY_AKTIN_CLIENT_WEBSOCKET_PING_SECONDS | The time in which your AKTIN client pings the AKTIN broker to ensure idle websocket conections stay open | 60 | Integer (seconds) | AKTIN | +| FEASIBILITY_AKTIN_CLIENT_WEBSOCKET_RECONNECT_SECONDS | | 10 | Integer (seconds) | AKTIN | +| FEASIBILITY_AKTIN_CLIENT_WEBSOCKET_RECONNECT_POLLING | | TRUE | | AKTIN | +| FEASIBILITY_AKTIN_CLIENT_PROCESS_TIMEOUT_SECONDS | The timeout within which a process has to return before the client sends a "failed" message to the AKTIN broker | 60 | Integer (seconds) | AKTIN | +| FEASIBILITY_AKTIN_PROCESS_EXECUTOR_THREADS | configures how many parallel threads AKTIN will use to process requests simultaniously | 2 | Integer (number of threads) | AKTIN | +| FEASIBILITY_AKTIN_FLARE_URL | the URL of the FLARE component if used | http://flare:8080/query/execute | URL | AKTIN | +| FEASIBILITY_AKTIN_FLARE_USER | the basic auth user for flare if needed | | | AKTIN | +| FEASIBILITY_AKTIN_FLARE_PW | the basic auth password for flare if needed | | | AKTIN | +| FEASIBILITY_AKTIN_LOG_LEVEL | the general log level for the AKTIN client | INFO | ALL, FINEST, FINER, FINE, CONFIG, INFO, SEVERE, OFF | AKTIN | +| FEASIBILITY_AKTIN_LOG_LEVEL_FEASIBILITY | the log level of the feasibility plugin for the AKTIN client - note that on FINE above all incoming queries are logged - on FINEST and above it also logs the obfuscated result to each query | FINE | ALL, FINEST, FINER, FINE, CONFIG, INFO, SEVERE, OFF | AKTIN | +| FEASIBILITY_AKTIN_JAVA_OPTS | Provides Java options to the AKTIN client - can be used to configure proxy use. For example : " Dhttps.proxyHost=squid -Dhttps.proxyPort=3128" | | valid java options | AKTIN | +| FEASIBILITY_AKTIN_CQL_FHIR_USER | basic auth user to connect to FHIR server if CQL is used | | | AKTIN | +| FEASIBILITY_AKTIN_CQL_FHIR_PW | basic auth password to connect to FHIR server if CQL is used | | | AKTIN | +| FEASIBILITY_AKTIN_CQL_FHIR_BASE_URL | FHIR server base url the AKTIN client is to use to connect to the FHIR server | http://fhir-server:8080/fhir | | AKTIN | +| FEASIBILITY_AKTIN_HARD_RATE_LIMIT_NREQUESTS | Hard Rate limit - if this is breached the application will reject all future requests until it is restarted | 300 | integer | AKTIN | +| FEASIBILITY_AKTIN_HARD_RATE_LIMIT_RESET_MINUTES | Time after which the rate limit configured in FEASIBILITY_AKTIN_HARD_RATE_LIMIT_NREQUESTS is reset | 60 | integer | AKTIN | +| FEASIBILITY_AKTIN_OBFUSCATOR_EPSILON | Epsilon used in the Result obfuscator to obfuscate the results using a Laplace function | 0.28 | double | AKTIN | +| FHIR_SERVER_BASE_URL | The base URL of the FHIR server the fhir server uses to generate next links | http://fhir-server:8080 | | BLAZE | +| FHIR_SERVER_LOG_LEVEL | log level of the FHIR server | debug | debug, info, error | BLAZE | +| BLAZE_JVM_ARGS | see: https://github.com/samply/blaze/blob/master/docs/deployment/environment-variables.md | -Xmx4g | | BLAZE | +| BLAZE_BLOCK_CACHE_SIZE | see: https://github.com/samply/blaze/blob/master/docs/deployment/environment-variables.md | 256 | | BLAZE | +| BLAZE_DB_RESOURCE_CACHE_SIZE | see: https://github.com/samply/blaze/blob/master/docs/deployment/environment-variables.md | 2000000 | | BLAZE | +| BLAZE_DB_RESOURCE_HANDLE_CACHE_SIZE | see: https://github.com/samply/blaze/blob/master/docs/deployment/environment-variables.md | 100000 | | BLAZE | +| PORT_FHIR_SERVER_LOCALHOST | The exposed docker port of the FHIR server | 127.0.0.1:8081 | should always include 127.0.0.1 | BLAZE | +| FEASIBILITY_FLARE_PORT | The exposed docker port of the FLARE componenet | 127.0.0.1:8084 | should always include 127.0.0.1 | FLARE | +| FLARE_FHIR_SERVER_URL | The Url of the FHIR server FLARE uses to connect to the FHIR server | http://fhir-server:8080/fhir/ | URL | FLARE | +| FLARE_FHIR_USER | basic auth user to connect to FHIR server | | | FLARE | +| FLARE_FHIR_PW | basic auth password to connect to FHIR server if CQL is used | | | FLARE | +| FLARE_FHIR_PAGE_COUNT | The number of resources per page FLARE asks for from the FHIR server | 500 | | FLARE | +| Env Variable | Description | Default | Possible Values | Component | +| FLARE_FHIR_MAX_CONNECTIONS | maximum number of connections flare will open to fhir server simultaniously | 32 | | FLARE | +| FLARE_CACHE_MEM_SIZE_MB | in memory cache size in mb | 1024 | | FLARE | +| FLARE_CACHE_MEM_EXPIRE | in memory cache time to expire | PT48H | ISO 8601 time duration | FLARE | +| FLARE_CACHE_MEM_REFRESH | in memory chache time to refresh - not refresh should be shorter than expire | PT24H | ISO 8601 time duration | FLARE | +| FLARE_CACHE_DISK_THREADS | number of threads used to write to disk cache | 4 | integer | FLARE | +| FLARE_CACHE_DISK_PATH | disk path for disk cache inside docker container | PT24H | string disk path | FLARE | +| FLARE_CACHE_DISK_EXPIRE | disk cache time to expire | P7D | ISO 8601 time duration | FLARE | +| FLARE_JAVA_TOOL_OPTIONS | java tool options passed to the flare container | -Xmx4g | | FLARE | +| FLARE_LOG_LEVEL | | info | off, fatal, error, warn, info, debug, trace | FLARE | +| FEASIBILITY_TRIANGLE_REV_PROXY_PORT | The exposed docker port of the reverse proxy - set to 443 if you want to use standard https and you only have the feasibility triangle installed on your server | 444 | Integer (valid port) | REV Proxy | +| FEASIBILITY_DSF_CLIENT_PROCESS_FORWARD_PROXY_HOST | Forward proxy host. | | FQDN | DSF | +| FEASIBILITY_DSF_CLIENT_PROCESS_FORWARD_PROXY_PORT | Forward proxy port. | | Integer | DSF | +| FEASIBILITY_DSF_CLIENT_PROCESS_FORWARD_PROXY_USERNAME | Username for a forward proxy if it requires one. | | String | DSF | +| FEASIBILITY_DSF_CLIENT_PROCESS_FORWARD_PROXY_PASSWORD | Password for a forward proxy if it requires one. | | String | DSF | +| FEASIBILITY_DSF_CLIENT_PROCESS_FHIR_SERVER_BEARER_AUTH_TOKEN | Bearer token used for authentication against a client target. Do not prefix this with `Bearer `! | | String | DSF | +| FEASIBILITY_DSF_CLIENT_PROCESS_FHIR_SERVER_BASIC_AUTH_USERNAME | Username for basic authentication against a FHIR server client target. | | String | DSF | +| FEASIBILITY_DSF_CLIENT_PROCESS_FHIR_SERVER_BASIC_AUTH_PASSWORD | Password for basic authentication against a FHIR server client target. | | String | DSF | +| FEASIBILITY_DSF_CLIENT_PROCESS_FHIR_SERVER_CONNECTION_TIMEOUT | Timeout for establishing a connection to a FHIR server client target in `ms`. | 2000 | Integer | DSF | +| FEASIBILITY_DSF_CLIENT_PROCESS_FHIR_SERVER_CONNECTION_REQUEST_TIMEOUT | Timeout for requesting a connection to a FHIR server client target in `ms`. | 20000 | Integer | DSF | +| FEASIBILITY_DSF_CLIENT_PROCESS_FHIR_SERVER_NETWORK_OPS_TIMEOUT | Timeout for blocking a read / write network operation to a FHIR server without failing in `ms`. | 20000 | Integer | DSF | +| FEASIBILITY_DSF_CLIENT_PROCESS_TRUST_STORE_PATH | Path to a trust store used for connecting to a FHIR server. Necessary when using self-signed certificates. | /opt/bpe/truststore.p12 | String | DSF | +| FEASIBILITY_DSF_CLIENT_PROCESS_TRUST_STORE_PASSWORD | Password for opening the trust store used for connecting to a FHIR server. | | String | DSF | +| FEASIBILITY_DSF_CLIENT_PROCESS_KEY_STORE_PATH | Path to a key store used for authenticating against a FHIR server or proxy using a client certificate. | /opt/bpe/keystore | String | DSF | +| FEASIBILITY_DSF_CLIENT_PROCESS_KEY_STORE_PASSWORD | Password for opening the key store used for authenticating against a FHIR server or proxy. | | String | DSF | +| FEASIBILITY_DSF_CLIENT_PROCESS_FHIR_SERVER_BASE_URL | Base URL to a FHIR server or proxy for feasibility evaluation. This can also be the base URL of a reverse proxy if used. Only required if evaluation strategy is set to cql. | | URL | DSF | +| FEASIBILITY_DSF_CLIENT_PROCESS_EVALUATION_STRATEGY | Defines whether the feasibility shall be evaluated using cql or structured-query. Using the latter requires a FLARE instance. | | `structured-query`, `cql` | DSF | +| FEASIBILITY_DSF_CLIENT_PROCESS_EVALUATION_OBFUSCATE | Defines whether the feasibility evaluation result shall be obfuscated. | | Boolean | DSF | +| FEASIBILITY_DSF_CLIENT_PROCESS_ORGANIZATION_IDENTIFIER | Identifier of this organization. | Test_DIC_1 | String | DSF | +| FEASIBILITY_DSF_CLIENT_PROCESS_FLARE_WEBSERVICE_BASE_URL | Base URL to a FLARE instance. Only required if evaluation strategy is set to structured-query. | http://node-flare:5000/ | URL | DSF | + + +### Support for self-singed certificates + +Depending on your setup you might need to use self-singed certificates and the tools will have to accept your CAs. +For the triangle self-singed certificates are currently supported for the PATH: BPE (DSF) -> FLARE -> FHIR SERVER. + +#### BPE (DSF) + +The DSF Feasibility Plugin supports self-signed certificates - please see [DSF configuration wiki](https://github.com/medizininformatik-initiative/feasibility-deploy/wiki/DSF-Middleware-Setup) +for details. + +#### FLARE + +FLARE supports the use of self-signed certificates from your own CAs. On each startup FLARE will search through the folder /app/certs inside the container , add all found CA *.pem files to a java truststore and start FLARE with this truststore. + +In order to add your own CA files, add your own CA *.pem files to the /app/certs folder of the container. + +Using docker-compose mount a folder from your host (e.g.: ./certs) to the /app/certs folder, add your *.pem files (one for each CA you would like to support) to the folder and ensure that they have the .pem extension. diff --git a/feasibility-triangle/aktin-client/.env.default b/feasibility-triangle/aktin-client/.env.default new file mode 100644 index 0000000..1bbac17 --- /dev/null +++ b/feasibility-triangle/aktin-client/.env.default @@ -0,0 +1,25 @@ +FEASIBILITY_AKTIN_CLIENT_BROKER_REQUEST_MEDIATYPE=application/sq+json +FEASIBILITY_AKTIN_CLIENT_BROKER_RESULT_MEDIATYPE=application/json +FEASIBILITY_AKTIN_CLIENT_BROKER_ENDPOINT_URI=http://aktin-broker:8080/broker/ +FEASIBILITY_AKTIN_CLIENT_AUTH_CLASS=org.aktin.broker.client2.auth.ApiKeyAuthentication +FEASIBILITY_AKTIN_CLIENT_AUTH_PARAM=xxxApiKey123 +FEASIBILITY_AKTIN_CLIENT_WEBSOCKET_DISABLED=false +FEASIBILITY_AKTIN_CLIENT_WEBSOCKET_PING_SECONDS=60 +FEASIBILITY_AKTIN_CLIENT_WEBSOCKET_RECONNECT_SECONDS=10 +FEASIBILITY_AKTIN_CLIENT_WEBSOCKET_RECONNECT_POLLING=true +FEASIBILITY_AKTIN_CLIENT_PROCESS_TIMEOUT_SECONDS=60 +FEASIBILITY_AKTIN_CLIENT_OBFUSCATE=true +FEASIBILITY_AKTIN_JAVA_OPTS= +FEASIBILITY_AKTIN_PROCESS_EXECUTOR_THREADS=2 +FEASIBILITY_AKTIN_CQL_FHIR_BASE_URL= +FEASIBILITY_AKTIN_CQL_FHIR_USER= +FEASIBILITY_AKTIN_CQL_FHIR_PW= +FEASIBILITY_AKTIN_CQL_SOCKET_TIMEOUT_MS=50000 +FEASIBILITY_AKTIN_FLARE_URL=http://flare:8080/query/execute +FEASIBILITY_AKTIN_FLARE_USER= +FEASIBILITY_AKTIN_FLARE_PW= +FEASIBILITY_AKTIN_HARD_RATE_LIMIT_NREQUESTS=300 +FEASIBILITY_AKTIN_HARD_RATE_LIMIT_RESET_MINUTES=60 +FEASIBILITY_AKTIN_OBFUSCATOR_EPSILON=0.28 +FEASIBILITY_AKTIN_LOG_LEVEL=INFO +FEASIBILITY_AKTIN_LOG_LEVEL_FEASIBILITY=FINE \ No newline at end of file diff --git a/feasibility-triangle/aktin-client/docker-compose.yml b/feasibility-triangle/aktin-client/docker-compose.yml new file mode 100644 index 0000000..5ed744a --- /dev/null +++ b/feasibility-triangle/aktin-client/docker-compose.yml @@ -0,0 +1,29 @@ +version: '3.7' +services: + aktin-client: + image: ghcr.io/medizininformatik-initiative/feasibility-aktin-client:2.0.0 + environment: + BROKER_REQUEST_MEDIATYPE: ${FEASIBILITY_AKTIN_CLIENT_BROKER_REQUEST_MEDIATYPE:-application/sq+json} + BROKER_RESULT_MEDIATYPE: ${FEASIBILITY_AKTIN_CLIENT_BROKER_RESULT_MEDIATYPE:-application/json} + BROKER_ENDPOINT_URI: ${FEASIBILITY_AKTIN_CLIENT_BROKER_ENDPOINT_URI:-http://aktin-broker:8080/broker/} + CLIENT_AUTH_CLASS: ${FEASIBILITY_AKTIN_CLIENT_AUTH_CLASS:-org.aktin.broker.client2.auth.ApiKeyAuthentication} + CLIENT_AUTH_PARAM: ${FEASIBILITY_AKTIN_CLIENT_AUTH_PARAM:-xxxApiKey123} + CLIENT_WEBSOCKET_DISABLED: ${FEASIBILITY_AKTIN_CLIENT_WEBSOCKET_DISABLED:-false} + CLIENT_WEBSOCKET_PING_SECONDS: ${FEASIBILITY_AKTIN_CLIENT_WEBSOCKET_PING_SECONDS:-60} + CLIENT_WEBSOCKET_RECONNECT_SECONDS: ${FEASIBILITY_AKTIN_CLIENT_WEBSOCKET_RECONNECT_SECONDS:-10} + CLIENT_WEBSOCKET_RECONNECT_POLLING: ${FEASIBILITY_AKTIN_CLIENT_WEBSOCKET_RECONNECT_POLLING:-true} + PROCESS_EXECUTOR_THREADS: ${FEASIBILITY_AKTIN_PROCESS_EXECUTOR_THREADS:-1} + PROCESS_TIMEOUT_SECONDS: ${FEASIBILITY_AKTIN_CLIENT_PROCESS_TIMEOUT_SECONDS:-60} + JAVA_OPTS: ${FEASIBILITY_AKTIN_JAVA_OPTS} + CQL_FHIR_BASE_URL: ${FEASIBILITY_AKTIN_CQL_FHIR_BASE_URL} + CQL_FHIR_USER: ${FEASIBILITY_AKTIN_CQL_FHIR_USER} + CQL_FHIR_PW: ${FEASIBILITY_AKTIN_CQL_FHIR_PW} + CQL_SOCKET_TIMEOUT_MS: ${FEASIBILITY_AKTIN_CQL_SOCKET_TIMEOUT_MS} + FLARE_URL: ${FEASIBILITY_AKTIN_FLARE_URL:-http://flare:8080/query/execute} + FLARE_USER: ${FEASIBILITY_AKTIN_FLARE_USER} + FLARE_PW: ${FEASIBILITY_AKTIN_FLARE_PW} + HARD_RATE_LIMIT_NREQUESTS: ${FEASIBILITY_AKTIN_HARD_RATE_LIMIT_NREQUESTS:-300} + HARD_RATE_LIMIT_RESET_MINUTES: ${FEASIBILITY_AKTIN_HARD_RATE_LIMIT_RESET_MINUTES:-60} + OBFUSCATOR_EPSILON: ${FEASIBILITY_AKTIN_OBFUSCATOR_EPSILON:-0.28} + LOG_LEVEL: ${FEASIBILITY_AKTIN_LOG_LEVEL:-INFO} + LOG_LEVEL_FEASIBILITY: ${FEASIBILITY_AKTIN_LOG_LEVEL_FEASIBILITY:-FINE} diff --git a/num-node/dsf-client/bpe/app/last_event/.gitkeep b/feasibility-triangle/auth/.gitkeep similarity index 100% rename from num-node/dsf-client/bpe/app/last_event/.gitkeep rename to feasibility-triangle/auth/.gitkeep diff --git a/feasibility-triangle/down-triangle.sh b/feasibility-triangle/down-triangle.sh new file mode 100755 index 0000000..0f45195 --- /dev/null +++ b/feasibility-triangle/down-triangle.sh @@ -0,0 +1,9 @@ +#!/usr/bin/env sh + +COMPOSE_PROJECT=${FEASIBILITY_COMPOSE_PROJECT:-feasibility-deploy} +BASE_DIR="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 || exit 1 ; pwd -P )" + +docker-compose -p "$COMPOSE_PROJECT" -f "$BASE_DIR"/aktin-client/docker-compose.yml down +docker-compose -p "$COMPOSE_PROJECT" -f "$BASE_DIR"/flare/docker-compose.yml down +docker-compose -p "$COMPOSE_PROJECT" -f "$BASE_DIR"/fhir-server/docker-compose.yml down -v +docker-compose -p "$COMPOSE_PROJECT" -f "$BASE_DIR"/rev-proxy/docker-compose.yml down diff --git a/feasibility-triangle/fhir-server/.env.default b/feasibility-triangle/fhir-server/.env.default new file mode 100644 index 0000000..519864e --- /dev/null +++ b/feasibility-triangle/fhir-server/.env.default @@ -0,0 +1,7 @@ +FHIR_SERVER_BASE_URL=http://fhir-server:8080 +FHIR_SERVER_LOG_LEVEL=debug +BLAZE_JVM_ARGS=-Xmx4g +BLAZE_BLOCK_CACHE_SIZE=256 +BLAZE_DB_RESOURCE_CACHE_SIZE=2000000 +BLAZE_DB_RESOURCE_HANDLE_CACHE_SIZE=100000 +PORT_FHIR_SERVER_LOCALHOST=127.0.0.1:8081 diff --git a/feasibility-triangle/fhir-server/custom-search-parameters.json b/feasibility-triangle/fhir-server/custom-search-parameters.json new file mode 100644 index 0000000..e843f9a --- /dev/null +++ b/feasibility-triangle/fhir-server/custom-search-parameters.json @@ -0,0 +1,157 @@ +{ + "resourceType": "Bundle", + "type": "collection", + "entry": [ + { + "fullUrl": "http://codex.de/age", + "resource": { + "resourceType": "SearchParameter", + "id": "codex-age", + "url": "http://codex.de/age", + "version": "0.1.0", + "name": "codex-age", + "status": "active", + "description": "codex age", + "code": "codex-age", + "base": [ + "Patient" + ], + "type": "quantity", + "expression": "Patient.extension.where(url='https://www.netzwerk-universitaetsmedizin.de/fhir/StructureDefinition/age').extension.where(url='age').value" + } + }, + { + "fullUrl": "http://codex.de/ethnicity", + "resource": { + "resourceType": "SearchParameter", + "id": "codex-ethnicity", + "url": "http://codex.de/ethnicity", + "version": "0.1.0", + "name": "codex-ethnicity", + "status": "active", + "description": "codex ethnicity", + "code": "codex-ethnicity", + "base": [ + "Patient" + ], + "type": "token", + "expression": "Patient.extension.where(url='https://www.netzwerk-universitaetsmedizin.de/fhir/StructureDefinition/ethnic-group').value" + } + }, + { + "fullUrl": "https://www.medizininformatik-initiative.de/fhir/modul-consent/SearchParameter/mii-sp-consent-provisioncode", + "resource": { + "resourceType": "SearchParameter", + "id": "mii-provision-provision-code", + "url": "https://www.medizininformatik-initiative.de/fhir/modul-consent/SearchParameter/mii-sp-consent-provisioncode", + "version": "1.0.3", + "name": "MII_SP_Consent_ProvisionCode", + "status": "active", + "date": "2023-03-08", + "description": "Suche im Code der Provison", + "code": "mii-provision-provision-code", + "base": [ + "Consent" + ], + "type": "token", + "expression": "Consent.provision.provision.code" + } + }, + { + "fullUrl": "https://www.medizininformatik-initiative.de/fhir/modul-consent/SearchParameter/mii-sp-consent-provisiontype", + "resource": { + "resourceType": "SearchParameter", + "id": "mii-provision-provision-type", + "url": "https://www.medizininformatik-initiative.de/fhir/modul-consent/SearchParameter/mii-sp-consent-provisiontype", + "version": "1.0.3", + "name": "MII_SP_Consent_ProvisionType", + "status": "active", + "date": "2023-03-08", + "description": "Suche im Typ (type) der Provison", + "code": "mii-provision-provision-type", + "base": [ + "Consent" + ], + "type": "token", + "expression": "Consent.provision.provision.type" + } + }, + { + "fullUrl": "https://www.medizininformatik-initiative.de/fhir/modul-consent/SearchParameter/mii-sp-consent-provisionperiod", + "resource": { + "resourceType": "SearchParameter", + "id": "mii-provision-provision-period", + "url": "https://www.medizininformatik-initiative.de/fhir/modul-consent/SearchParameter/mii-sp-consent-provisionperiod", + "version": "1.0.3", + "name": "MII_SP_Consent_ProvisionPeriod", + "status": "active", + "date": "2023-03-08", + "description": "Suche im Zeitraum (period) der Provison", + "code": "mii-provision-provision-period", + "base": [ + "Consent" + ], + "type": "date", + "expression": "Consent.provision.provision.period" + } + }, + { + "fullUrl": "https://www.medizininformatik-initiative.de/fhir/modul-consent/SearchParameter/mii-sp-consent-provisioncodetype", + "resource": { + "resourceType": "SearchParameter", + "id": "mii-provision-provision-code-type", + "url": "https://www.medizininformatik-initiative.de/fhir/modul-consent/SearchParameter/mii-sp-consent-provisioncodetype", + "version": "1.0.3", + "name": "MII_SP_Consent_ProvisionCodeType", + "status": "active", + "date": "2023-03-08", + "description": "Suche nach Typ (type) einer bestimmten, durch einen Code definierten, Provision", + "code": "mii-provision-provision-code-type", + "base": [ + "Consent" + ], + "type": "composite", + "expression": "Consent.provision.provision", + "component": [ + { + "definition": "https://www.medizininformatik-initiative.de/fhir/modul-consent/SearchParameter/mii-sp-consent-provisioncode", + "expression": "code" + }, + { + "definition": "https://www.medizininformatik-initiative.de/fhir/modul-consent/SearchParameter/mii-sp-consent-provisiontype", + "expression": "type" + } + ] + } + }, + { + "fullUrl": "https://www.medizininformatik-initiative.de/fhir/modul-consent/SearchParameter/mii-sp-consent-provisioncodeperiod", + "resource": { + "resourceType": "SearchParameter", + "id": "mii-provision-provision-code-period", + "url": "https://www.medizininformatik-initiative.de/fhir/modul-consent/SearchParameter/mii-sp-consent-provisioncodeperiod", + "version": "1.0.3", + "name": "MII_SP_Consent_ProvisionCodePeriod", + "status": "active", + "date": "2023-03-08", + "description": "Suche nach Zeitraum (period) einer bestimmten, durch einen Code definierten, Provision", + "code": "mii-provision-provision-code-period", + "base": [ + "Consent" + ], + "type": "composite", + "expression": "Consent.provision.provision", + "component": [ + { + "definition": "https://www.medizininformatik-initiative.de/fhir/modul-consent/SearchParameter/mii-sp-consent-provisioncode", + "expression": "code" + }, + { + "definition": "https://www.medizininformatik-initiative.de/fhir/modul-consent/SearchParameter/mii-sp-consent-provisionperiod", + "expression": "period" + } + ] + } + } + ] +} diff --git a/feasibility-triangle/fhir-server/docker-compose.yml b/feasibility-triangle/fhir-server/docker-compose.yml new file mode 100644 index 0000000..4a1a459 --- /dev/null +++ b/feasibility-triangle/fhir-server/docker-compose.yml @@ -0,0 +1,21 @@ +version: '3.7' +services: + fhir-server: + image: samply/blaze:0.22 + environment: + BASE_URL: ${FHIR_SERVER_BASE_URL:-http://fhir-server:8080} + LOG_LEVEL: ${FHIR_SERVER_LOG_LEVEL:-info} + JAVA_TOOL_OPTIONS: ${BLAZE_JVM_ARGS:--Xmx4g} + DB_BLOCK_CACHE_SIZE: ${BLAZE_BLOCK_CACHE_SIZE:-256} + DB_RESOURCE_CACHE_SIZE: ${BLAZE_DB_RESOURCE_CACHE_SIZE:-2000000} + DB_RESOURCE_HANDLE_CACHE_SIZE: ${BLAZE_DB_RESOURCE_HANDLE_CACHE_SIZE:-1000000} + DB_SEARCH_PARAM_BUNDLE: "/app/custom-search-parameters.json" + ports: + - ${PORT_FHIR_SERVER_LOCALHOST:-127.0.0.1:8081}:8080 + restart: unless-stopped + volumes: + - "./custom-search-parameters.json:/app/custom-search-parameters.json:ro" + - "blaze-data:/app/data" + +volumes: + blaze-data: diff --git a/feasibility-triangle/flare/.env.default b/feasibility-triangle/flare/.env.default new file mode 100644 index 0000000..01f2227 --- /dev/null +++ b/feasibility-triangle/flare/.env.default @@ -0,0 +1,14 @@ +FEASIBILITY_FLARE_PORT=127.0.0.1:8084 +FLARE_FHIR_SERVER_URL=http://fhir-server:8080/fhir +FLARE_FHIR_USER= +FLARE_FHIR_PW= +FLARE_FHIR_PAGE_COUNT=500 +FLARE_FHIR_MAX_CONNECTIONS=32 +FLARE_CACHE_MEM_SIZE_MB=1024 +FLARE_CACHE_MEM_EXPIRE=PT48H +FLARE_CACHE_MEM_REFRESH=PT24H +FLARE_CACHE_DISK_THREADS=4 +FLARE_CACHE_DISK_PATH=cache +FLARE_CACHE_DISK_EXPIRE=P7D +FLARE_JAVA_TOOL_OPTIONS=-Xmx4g +FLARE_LOG_LEVEL=info diff --git a/feasibility-triangle/flare/docker-compose.yml b/feasibility-triangle/flare/docker-compose.yml new file mode 100644 index 0000000..c19ce8e --- /dev/null +++ b/feasibility-triangle/flare/docker-compose.yml @@ -0,0 +1,31 @@ +version: "3.7" + +services: + flare: + image: ghcr.io/medizininformatik-initiative/flare:2.0.0 + ports: + - ${FEASIBILITY_FLARE_PORT:-127.0.0.1:8084}:8080 + environment: + FLARE_FHIR_SERVER: ${FLARE_FHIR_SERVER_URL:-http://fhir-server:8080/fhir/} + FLARE_FHIR_USER: ${FLARE_FHIR_USER:-} + FLARE_FHIR_PASSWORD: ${FLARE_FHIR_PW:-} + FLARE_FHIR_MAX_CONNECTIONS: ${FLARE_FHIR_MAX_CONNECTIONS:-32} + FLARE_FHIR_PAGE_COUNT: ${FLARE_FHIR_PAGE_COUNT:-500} + FLARE_CACHE_MEM_SIZE_MB: ${FLARE_CACHE_MEM_SIZE_MB:-1024} + FLARE_CACHE_MEM_EXPIRE: ${FLARE_CACHE_MEM_EXPIRE:-PT48H} + FLARE_CACHE_MEM_REFRESH: ${FLARE_CACHE_MEM_REFRESH:-PT24H} + FLARE_CACHE_DISK_PATH: ${FLARE_CACHE_DISK_PATH:-cache} + FLARE_CACHE_DISK_THREADS: ${FLARE_CACHE_DISK_THREADS:-4} + FLARE_CACHE_DISK_EXPIRE: ${FLARE_CACHE_DISK_EXPIRE:-P7D} + JAVA_TOOL_OPTIONS: ${FLARE_JAVA_TOOL_OPTIONS:--Xmx4g} + LOG_LEVEL: ${FLARE_LOG_LEVEL:-info} + restart: unless-stopped + volumes: + - ${FLARE_SELF_SIGNED_CA_CERT_PATH:-./certs}:/app/certs + - type: volume + source: feas-flare-cache + target: /app/cache + +volumes: + feas-flare-cache: + name: "feas-flare-cache" diff --git a/feasibility-triangle/get-mii-testdata.sh b/feasibility-triangle/get-mii-testdata.sh new file mode 100755 index 0000000..a2d059c --- /dev/null +++ b/feasibility-triangle/get-mii-testdata.sh @@ -0,0 +1,16 @@ +#!/usr/bin/env bash + +MII_TESTDATA_DOWNLOAD_URL="https://health-atlas.de/data_files/594/download?version=1" + +wget -O testdata.zip "$MII_TESTDATA_DOWNLOAD_URL" +unzip testdata.zip -d testdata-temp +cd testdata-temp/Vorhofflimmern || exit + +for file in *.json.zip +do + unzip -o "$file" -d ../../testdata +done + +cd ../../ +rm testdata.zip +rm -rf testdata-temp diff --git a/feasibility-triangle/initialise-triangle-env-files.sh b/feasibility-triangle/initialise-triangle-env-files.sh new file mode 100644 index 0000000..135db86 --- /dev/null +++ b/feasibility-triangle/initialise-triangle-env-files.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +envfiles=( "aktin-client/.env" "fhir-server/.env" "flare/.env" "rev-proxy/.env") + +for file in "${envfiles[@]}" +do + if [[ -f "$file" ]]; then + printf ".env file %s already exists - not copying default env \n" "$file" + printf "Please check if your current env file %s is missing any params from the %s file and copy them as appropriate\n" "$file" "$file.default" + else + cp "$file.default" "$file" + fi +done diff --git a/feasibility-triangle/reset-fhir-server.sh b/feasibility-triangle/reset-fhir-server.sh new file mode 100755 index 0000000..638369e --- /dev/null +++ b/feasibility-triangle/reset-fhir-server.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +COMPOSE_PROJECT=${COMPOSE_PROJECT:-feasibility-deploy} + +BASE_DIR="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 || exit 1 ; pwd -P )" +docker-compose -p "$COMPOSE_PROJECT" -f "$BASE_DIR"/docker-compose.yml down -v +docker-compose -p "$COMPOSE_PROJECT" -f "$BASE_DIR"/docker-compose.yml up -d diff --git a/feasibility-triangle/rev-proxy/.env.default b/feasibility-triangle/rev-proxy/.env.default new file mode 100644 index 0000000..37c6954 --- /dev/null +++ b/feasibility-triangle/rev-proxy/.env.default @@ -0,0 +1 @@ +FEASIBILITY_TRIANGLE_REV_PROXY_PORT=444 \ No newline at end of file diff --git a/num-node/rev-proxy/docker-compose.yml b/feasibility-triangle/rev-proxy/docker-compose.yml similarity index 62% rename from num-node/rev-proxy/docker-compose.yml rename to feasibility-triangle/rev-proxy/docker-compose.yml index 60f5854..50c8a12 100644 --- a/num-node/rev-proxy/docker-compose.yml +++ b/feasibility-triangle/rev-proxy/docker-compose.yml @@ -1,17 +1,15 @@ version: '2.0' services: - nginx-num-node: - container_name: nginx-num-node + feasibility-triangle-nginx: restart: unless-stopped - image: nginxinc/nginx-unprivileged:1.20-alpine + image: nginxinc/nginx-unprivileged:1.23-alpine ports: - - ${PORT_NUM_NODE_REV_PROXY:-444}:8443 + - ${FEASIBILITY_TRIANGLE_REV_PROXY_PORT:-444}:8443 volumes: - ../auth/cert.pem:/etc/nginx/conf.d/cert.pem - ../auth/key.pem:/etc/nginx/conf.d/key.pem - ../auth/.htpasswd:/etc/nginx/.htpasswd - # - ./dhparam.pem:/etc/nginx/dhparam.pem - ./nginx.conf:/etc/nginx/nginx.conf:ro - ./mime.types:/etc/nginx/conf.d/mime.types diff --git a/feasibility-triangle/rev-proxy/generateCert.sh b/feasibility-triangle/rev-proxy/generateCert.sh new file mode 100755 index 0000000..7e908d1 --- /dev/null +++ b/feasibility-triangle/rev-proxy/generateCert.sh @@ -0,0 +1,5 @@ +#!/usr/bin/env sh + +BASE_DIR="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 || exit 1 ; pwd -P )" + +docker run --rm -v "$BASE_DIR":/export --entrypoint openssl alpine/openssl req -nodes -subj '/CN=localhost' -x509 -newkey rsa:4096 -keyout /export/key.pem -out /export/cert.pem -days 99999 diff --git a/num-node/rev-proxy/mime.types b/feasibility-triangle/rev-proxy/mime.types similarity index 100% rename from num-node/rev-proxy/mime.types rename to feasibility-triangle/rev-proxy/mime.types diff --git a/num-node/rev-proxy/nginx.conf b/feasibility-triangle/rev-proxy/nginx.conf similarity index 93% rename from num-node/rev-proxy/nginx.conf rename to feasibility-triangle/rev-proxy/nginx.conf index e13c6fc..c8e825b 100644 --- a/num-node/rev-proxy/nginx.conf +++ b/feasibility-triangle/rev-proxy/nginx.conf @@ -59,13 +59,14 @@ http { proxy_set_header Authorization ""; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Host $http_host; + proxy_set_header X-Forwarded-Port $server_port; } - location /flare { + location /flare/ { auth_basic "Restricted"; auth_basic_user_file /etc/nginx/.htpasswd; - proxy_pass http://node-flare:8080/flare; + proxy_pass http://flare:8080/; proxy_set_header Authorization ""; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; diff --git a/feasibility-triangle/rev-proxy/reset-nginx.sh b/feasibility-triangle/rev-proxy/reset-nginx.sh new file mode 100755 index 0000000..ea4a749 --- /dev/null +++ b/feasibility-triangle/rev-proxy/reset-nginx.sh @@ -0,0 +1,9 @@ +#!/usr/bin/env sh + +export COMPOSE_IGNORE_ORPHANS=True +COMPOSE_PROJECT=codex-deploy + +BASE_DIR="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 || exit 1 ; pwd -P )" + +docker-compose -p "$COMPOSE_PROJECT" -f "$BASE_DIR"/docker-compose.yml down +docker-compose -p "$COMPOSE_PROJECT" -f "$BASE_DIR"/docker-compose.yml up -d diff --git a/feasibility-triangle/setup-base-auth.sh b/feasibility-triangle/setup-base-auth.sh new file mode 100755 index 0000000..f65351e --- /dev/null +++ b/feasibility-triangle/setup-base-auth.sh @@ -0,0 +1,14 @@ +#!/usr/bin/env sh + +if [ -z "$BASE_DIR" ]; then + BASE_DIR=$( cd -- "$(dirname "$0")" >/dev/null 2>&1 || exit 1 ; pwd -P ) +fi + +if [ -z "$1" ] && [ -z "$2" ]; then + echo "please provide a username and password" + echo "setup-all-base-auth.sh " + exit +fi + +echo "generating user: $1 , with password: $2" +docker run --rm --entrypoint htpasswd registry:2.7.0 -nb "$1" "$2" > "$BASE_DIR"/auth/.htpasswd diff --git a/feasibility-triangle/start-triangle.sh b/feasibility-triangle/start-triangle.sh new file mode 100755 index 0000000..bfccd77 --- /dev/null +++ b/feasibility-triangle/start-triangle.sh @@ -0,0 +1,18 @@ +#!/usr/bin/env sh + +COMPOSE_PROJECT=${FEASIBILITY_COMPOSE_PROJECT:-feasibility-deploy} +BASE_DIR="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 || exit 1 ; pwd -P )" +CERT_FILE=${CERT_FILE:-$BASE_DIR/auth/cert.pem} +KEY_FILE=${KEY_FILE:-$BASE_DIR/auth/key.pem} + +docker-compose -p "$COMPOSE_PROJECT" -f "$BASE_DIR"/aktin-client/docker-compose.yml up -d +docker-compose -p "$COMPOSE_PROJECT" -f "$BASE_DIR"/flare/docker-compose.yml up -d +docker-compose -p "$COMPOSE_PROJECT" -f "$BASE_DIR"/fhir-server/docker-compose.yml up -d + +if [ -f "$CERT_FILE" ] && [ -f "$KEY_FILE" ]; then + echo "Auth files cert: $CERT_FILE and key: $KEY_FILE exist => starting NGINX reverse proxy on port $PORT_NUM_NODE_REV_PROXY" + docker-compose -p "$COMPOSE_PROJECT" -f "$BASE_DIR"/rev-proxy/docker-compose.yml up -d +else + echo "One of or both cert ($CERT_FILE) and key ($KEY_FILE) files missing => NOT starting NGINX reverse proxy on port $PORT_NUM_NODE_REV_PROXY" + echo "Note that your feasibility triangle will still work, but will only be accessible from localhost" +fi diff --git a/feasibility-triangle/stop-triangle.sh b/feasibility-triangle/stop-triangle.sh new file mode 100755 index 0000000..eb67723 --- /dev/null +++ b/feasibility-triangle/stop-triangle.sh @@ -0,0 +1,10 @@ +#!/usr/bin/env sh + +COMPOSE_PROJECT=${FEASIBILITY_COMPOSE_PROJECT:-feasibility-deploy} + +BASE_DIR="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 || exit 1 ; pwd -P )" + +docker-compose -p "$COMPOSE_PROJECT" -f "$BASE_DIR"/aktin-client/docker-compose.yml stop +docker-compose -p "$COMPOSE_PROJECT" -f "$BASE_DIR"/flare/docker-compose.yml stop +docker-compose -p "$COMPOSE_PROJECT" -f "$BASE_DIR"/fhir-server/docker-compose.yml stop +docker-compose -p "$COMPOSE_PROJECT" -f "$BASE_DIR"/rev-proxy/docker-compose.yml stop diff --git a/feasibility-triangle/troubleshooting/input-queries.json b/feasibility-triangle/troubleshooting/input-queries.json new file mode 100644 index 0000000..98926d8 --- /dev/null +++ b/feasibility-triangle/troubleshooting/input-queries.json @@ -0,0 +1,297 @@ +{ + "queries": [ + { + "query-name": "patient-gender", + "module": "Patient", + "sq": { + "version": "http://to_be_decided.com/draft-1/schema#", + "display": "", + "inclusionCriteria": [ + [ + { + "termCodes": [ + { + "code": "263495000", + "system": "http://snomed.info/sct", + "display": "Geschlecht" + } + ], + "valueFilter": { + "selectedConcepts": [ + { + "code": "female", + "display": "Female", + "system": "http://hl7.org/fhir/administrative-gender" + }, + { + "code": "male", + "display": "Male", + "system": "http://hl7.org/fhir/administrative-gender" + } + ], + "type": "concept" + } + } + ] + ] + } + }, + { + "query-name": "diabetes-any", + "module": "Condition", + "sq": { + "version": "http://to_be_decided.com/draft-1/schema#", + "display": "", + "inclusionCriteria": [ + [ + { + "termCodes": [ + { + "code": "E10-E14", + "system": "http://fhir.de/CodeSystem/bfarm/icd-10-gm", + "version": "2023", + "display": "Diabetes mellitus" + } + ] + } + ] + ] + } + }, + { + "query-name": "hemoglobin-718-7", + "module": "Laboratory", + "sq": { + "version": "http://to_be_decided.com/draft-1/schema#", + "display": "", + "inclusionCriteria": [ + [ + { + "termCodes": [ + { + "code": "718-7", + "system": "http://loinc.org", + "display": "Hämoglobin" + } + ], + "valueFilter": { + "selectedConcepts": [], + "type": "quantity-comparator", + "unit": { + "code": "g/dL", + "display": "g/dL" + }, + "value": 0, + "comparator": "gt" + } + }, + { + "termCodes": [ + { + "code": "17856-6", + "system": "http://loinc.org", + "display": "Hämoglobin A1c" + } + ], + "valueFilter": { + "selectedConcepts": [], + "type": "quantity-comparator", + "unit": { + "code": "%", + "display": "%" + }, + "value": 0, + "comparator": "gt" + } + }, + { + "termCodes": [ + { + "code": "4548-4", + "system": "http://loinc.org", + "display": "Hämoglobin A1c" + } + ], + "valueFilter": { + "selectedConcepts": [], + "type": "quantity-comparator", + "unit": { + "code": "%", + "display": "%" + }, + "value": 0, + "comparator": "gt" + } + }, + { + "termCodes": [ + { + "code": "4549-2", + "system": "http://loinc.org", + "display": "Hemoglobin A1c/Hemoglobin.total in Blood by Electrophoresis" + } + ], + "valueFilter": { + "selectedConcepts": [], + "type": "quantity-comparator", + "unit": { + "code": "%", + "display": "%" + }, + "value": 0, + "comparator": "gt" + } + } + ] + ] + } + }, + { + "query-name": "procedure-endocronological-function", + "module": "Procedure", + "sq": { + "version": "http://to_be_decided.com/draft-1/schema#", + "display": "", + "inclusionCriteria": [ + [ + { + "termCodes": [ + { + "code": "3-20", + "system": "http://fhir.de/CodeSystem/bfarm/ops", + "version": "2023", + "display": "Computertomographie [CT], nativ" + } + ] + }, + { + "termCodes": [ + { + "code": "8-19", + "system": "http://fhir.de/CodeSystem/bfarm/ops", + "version": "2023", + "display": "Verbände und Entfernung von erkranktem Gewebe an Haut und Unterhaut" + } + ] + } + ] + ] + } + }, + { + "query-name": "central-consent-eudsgvoniveau", + "module": "Consent", + "sq": { + "version": "http://to_be_decided.com/draft-1/schema#", + "display": "", + "inclusionCriteria": [ + [ + { + "termCodes": [ + { + "code": "central-consent", + "system": "mii.abide", + "display": "MDAT wissenschaftlich nutzen - EU DSGVO Niveau" + } + ] + } + ] + ] + } + }, + { + "query-name": "medication-administration-antidiab", + "module": "Medication", + "sq": { + "version": "http://to_be_decided.com/draft-1/schema#", + "display": "", + "inclusionCriteria": [ + [ + { + "termCodes": [ + { + "code": "A10", + "system": "http://fhir.de/CodeSystem/bfarm/atc", + "version": "2022", + "display": "Antidiabetika" + } + ] + } + ] + ] + } + }, + { + "query-name": "specimen-test", + "module": "Specimen", + "sq": { + "version": "http://to_be_decided.com/draft-1/schema#", + "display": "", + "inclusionCriteria": [ + [ + { + "termCodes": [ + { + "code": "119297000", + "system": "http://snomed.info/sct", + "version": "http://snomed.info/sct/900000000000207008/version/20220930", + "display": "Blood specimen" + } + ] + }, + { + "termCodes": [ + { + "code": "119361006", + "system": "http://snomed.info/sct", + "version": "http://snomed.info/sct/900000000000207008/version/20220930", + "display": "Plasma specimen" + } + ] + }, + { + "termCodes": [ + { + "code": "119376003", + "system": "http://snomed.info/sct", + "version": "http://snomed.info/sct/900000000000207008/version/20220930", + "display": "Tissue specimen" + } + ] + }, + { + "termCodes": [ + { + "code": "441652008", + "system": "http://snomed.info/sct", + "version": "http://snomed.info/sct/900000000000207008/version/20220930", + "display": "Formalin-fixed paraffin-embedded tissue specimen" + } + ] + }, + { + "termCodes": [ + { + "code": "441479001", + "system": "http://snomed.info/sct", + "version": "http://snomed.info/sct/900000000000207008/version/20220930", + "display": "Fresh tissue specimen" + } + ] + }, + { + "termCodes": [ + { + "code": "420135007", + "system": "http://snomed.info/sct", + "version": "http://snomed.info/sct/900000000000207008/version/20220930", + "display": "Whole blood" + } + ] + } + ] + ] + } + } + ] +} \ No newline at end of file diff --git a/feasibility-triangle/troubleshooting/patient-query.json b/feasibility-triangle/troubleshooting/patient-query.json new file mode 100644 index 0000000..a74b06f --- /dev/null +++ b/feasibility-triangle/troubleshooting/patient-query.json @@ -0,0 +1,32 @@ +{ + "version": "http://to_be_decided.com/draft-1/schema#", + "display": "", + "inclusionCriteria": [ + [ + { + "termCodes": [ + { + "code": "263495000", + "system": "http://snomed.info/sct", + "display": "Geschlecht" + } + ], + "valueFilter": { + "selectedConcepts": [ + { + "code": "female", + "display": "Female", + "system": "http://hl7.org/fhir/administrative-gender" + }, + { + "code": "male", + "display": "Male", + "system": "http://hl7.org/fhir/administrative-gender" + } + ], + "type": "concept" + } + } + ] + ] +} \ No newline at end of file diff --git a/feasibility-triangle/troubleshooting/test-flare.sh b/feasibility-triangle/troubleshooting/test-flare.sh new file mode 100644 index 0000000..ceb5681 --- /dev/null +++ b/feasibility-triangle/troubleshooting/test-flare.sh @@ -0,0 +1,38 @@ +#!/bin/bash + +FLARE_SERVER_URL=${FEASIBILITY_TEST_FLARE_SERVER_URL:-"http://localhost:8084"} +PRINT_SQ=${FEASIBILITY_TEST_PRINT_SQ:-true} +CHECK_TRANSLATION=${FEASIBILITY_TEST_CHECK_TRANSLATION:-true} +CHECK_EXECUTION=${FEASIBILITY_TEST_CHECK_EXECUTION:-true} + +json_data=$(cat input-queries.json) +entries=$(echo "$json_data" | jq -r '.queries[] | @base64') + +for entry in $entries; do + decoded_entry=$(echo "$entry" | base64 -d) + sq=$(echo "$decoded_entry" | jq -r '.sq') + + query_name=$(echo "$decoded_entry" | jq -r '."query-name"') + + printf "\n\nTest query = #################### %s ####################\n\n" "$query_name" + + if [[ $PRINT_SQ == true ]];then + printf "\n### Query input structured query :\n" + echo "$sq" + fi + + if [[ $CHECK_TRANSLATION == true ]];then + printf "\n### FLARE FHIR Search translation for query is: \n" + curl --location "$FLARE_SERVER_URL/query/translate" \ + --header 'Content-Type: application/sq+json' \ + -d "$sq" + fi + + if [[ $CHECK_EXECUTION == true ]];then + printf "\n\n### FLARE FHIR Search execution result for query is: \n" + curl --location "$FLARE_SERVER_URL/query/execute" \ + --header 'Content-Type: application/sq+json' \ + -d "$sq" + fi + +done diff --git a/feasibility-triangle/troubleshooting/troubleshooting.md b/feasibility-triangle/troubleshooting/troubleshooting.md new file mode 100644 index 0000000..1044104 --- /dev/null +++ b/feasibility-triangle/troubleshooting/troubleshooting.md @@ -0,0 +1,287 @@ +# Troubleshooting Feasibility Triangle + +The feasibility triangle can be composed of the following components. +To debug your triangle it is important that you check each component, starting with the last component in the queue +and working your way towards the Middleware, which connects to the central portal. + +1. AKTIN - FLARE (FHIR Search) - FHIR Server (not CQL ready) +2. AKTIN - FHIR Server (CQL ready) +3. DSF - FLARE (FHIR Search) - FHIR Server (not CQL ready) +4. DSF - FHIR Server (CQL ready) + +=> Debugging Route +1. FHIR Server -> FLARE check translate -> FLARE check execute -> AKTIN +2. FHIR Server -> CQL check execution -> AKTIN +3. FHIR Server -> FLARE check translate -> FLARE check execute -> DSF +4. FHIR Server -> CQL check execution -> DSF + + +Additionally you can use the FLARE tool to check if your data is loaded into the FHIR server correctly. +See DQA below. + +For our monitoring we currently use the queries specified here +in the `input-queries.json` file. These will be updated regularly to reflect the newest tests and implemented FHIR modules. + +> **Before running any tests update the test queries by executing `bash update-test-queries.sh`** + + +## Communicating problems + +If you encounter a problem with any of the components and you have identified in which component the error occurs please create an issue for the respective component directly: +Blaze: +FLARE: +AKTIN: +DSF: + +If you cannot place the error directly use this repository to create an issue: + + +## FHIR Server + +Check if your FHIR server is running. In the default installation execute `curl http://localhost:8081/fhir/Patient?_summary=count` +This should return a result as follows: + +``` +{"id":"DCCM7GJX6LIW2SIL","type":"searchset","total":12040,"link":[{"relation":"self","url":"http://localhost:8081/fhir/Patient?_summary=count&_count=50&__t=12041"}],"resourceType":"Bundle"} +``` + +If this does not return a result check the logs of your fhir server, for default setup `docker logs -f feasibility-deploy_fhir-server_1` +and contact our team or create an issue here: https://github.com/samply/blaze + +Note: If you have a FHIR server other than Blaze please contact the appropriate vendor or support team. + + +## FLARE + +To see if FLARE is running use `docker ps` to list all your containers currently running. +There should be one container called: feasibility-deploy_flare_1 + +If it is running your can see its logs by using: `docker logs -f feasibility-deploy_flare_1` + +Before running any tests update the test queries by executing `bash update-test-queries.sh` + +If this does not work try to download the input-queries test file from github: + +To check if FLARE has the right ontology loaded and can execute the SQs from input-quries.json on your FHIR server, execute: +```bash +export FEASIBILITY_TEST_CHECK_TRANSLATION=true +export FEASIBILITY_TEST_CHECK_EXECUTION=true +bash test-flare.sh +``` + +### FLARE - Check translate Only + +To check if FLARE has the right ontology loaded and FLARE can translate the SQs from input-queries.json, execute: + +```bash +export FEASIBILITY_TEST_CHECK_TRANSLATION=true +export FEASIBILITY_TEST_CHECK_EXECUTION=false +bash test-flare.sh +``` + + +### FLARE - Check execute Only + +To check if FLARE is configured correctly, can connect to the FHIR server and execute the SQs from input-queries.json, execute: + +```bash +export FEASIBILITY_TEST_CHECK_TRANSLATION=false +export FEASIBILITY_TEST_CHECK_EXECUTION=true +bash test-flare.sh +``` + +### FLARE - Check translate (manual) + +To check if the translation is correct and you have updated to the correct ontology mapping files, +you can access the flare component directly: + +Flare has a translation endpoint /translate, which allows you to get the fhir search representation of a request: + +``` +curl --location --request POST 'http://localhost:8084/query/translate' \ +--header 'Content-Type: application/sq+json' \ +--data-raw '' +``` + +> **Note**: You can extract a structured query from the aktin logs once a request has been recieved by your system and send it to your local FLARE. +> Additionally you can also create a feasibility query in the UI and use the Download function under "save > > query" to download a current SQ to test. + +This will give you an output, which contains the fhir search translation for each criterion in our Structured-Query, for example: + +The Structured-Query: +``` +curl --location --request POST 'http://localhost:8084/query/tranlsate' \ +--header 'Content-Type: application/sq+json' \ +--data-raw '{ + "version": "http://to_be_decided.com/draft-1/schema#", + "display": "", + "inclusionCriteria": [ + [ + { + "termCodes": [ + { + "code": "263495000", + "system": "http://snomed.info/sct", + "display": "Geschlecht" + } + ], + "valueFilter": { + "selectedConcepts": [ + { + "code": "female", + "display": "Female", + "system": "http://hl7.org/fhir/administrative-gender" + }, + { + "code": "male", + "display": "Male", + "system": "http://hl7.org/fhir/administrative-gender" + } + ], + "type": "concept" + } + } + ] + ] + }' +``` + +### FLARE - Check execute (manual) + +To check if the execution is correct you can use the Flare execution endpoint /execute, which will execute the feasibility query on your FHIR server: + +``` +curl --location --request POST 'http://localhost:8084/query/execute' \ +--header 'Content-Type: application/sq+json' \ +--data-raw '' +``` + +Input for your structured query is identical to the input for the translation endpoint above. + +> **Note**: You can extract a structured query from the aktin logs once a request has been recieved by your system and send it to your local FLARE. +> Additionally you can also create a feasibility query in the UI and use the Download function under "save > > query" to download a current SQ to test. + + +The return value should be a number >= 0 + +## AKTIN + +To check if the aktin client is running use the command `docker logs -f feasibility-deploy_aktin-client_1` + +If it is running correctly it will display: +``` +INFO: websocket connection established +Mar 21, 2022 1:30:44 PM org.aktin.broker.client.live.sysproc.ProcessExecutionService run +INFO: websocket ping-pong delay set to 60s +``` + +If the container is not running follow these steps: + +Check if the aktin broker is currently available from your host: `curl https://aktin.forschen-fuer-gesundheit.de/broker/status` + +If the aktin client does not start up, add the following to the docker-compose.yml of the atkin client: +`entrypoint: sh -c "tail -f /dev/null"` and restart the container using `bash stop-node.sh`and `bash start-node.sh` + +Check if you can connect to the broker from within your docker container: + +`docker exec abide-deploy_aktin-client_1 sh -c "curl https://aktin.forschen-fuer-gesundheit.de/broker/status"` + +If you cannot connect to this endpoint, please check your proxy configurations. + +Other common errors invole the environment variables set. To check if they are correct: + +log in to the aktin container `docker exec -it feasibility-deploy_aktin-client_1 sh` and then execute `echo $`. +Note that you can find the name of your variable in the docker-compose.yml under environment. +If your variable is not set double check your .env file and if the env var is set and still not correct in the container directly +replace it in the docker-compose file, for example change, +from: +`BROKER_ENDPOINT_URI: ${FEASIBILITY_AKTIN_CLIENT_BROKER_ENDPOINT_URI:-http://aktin-broker:8080/broker/}` +to: +`BROKER_ENDPOINT_URI: ` + +Remove or Comment-Out the `entrypoint: sh -c "tail -f /dev/null"` from your docker-compose.yml and restart the containers, using `bash stop-triangle.sh`and `bash start-triangle.sh`. + + +## DSF + +The DSF installation is described elsewhere. This troubleshooting focusses on troubleshooting the DSF Feasibility plugin. + + + +## Manual Connection test + +To test whether your site returns answers to a feasibility query you can log into the central UI +and upload your own test SQ under "My queries" (Meine Abfragen). To test whether you are generally connected you can use the `patient-query.json` in this folder. Should you not have an account please contact info@forschen-fuer-gesundheit.de. + +Once you have loaded and sent the query you should check the logs of your Middleware to see if the query is shown in the respective logs. + +### Manual Connection test - AKTIN + +For AKTIN in the logs you should see the query arriving and beeing completed as follows (example = AKTIN - FLARE - FHIR server): + +``` +May 24, 2023 11:58:49 AM org.aktin.broker.client.live.CLIExecutionService onStatusUpdate +INFO: status 1858 -> queued +May 24, 2023 11:58:49 AM org.aktin.broker.client.live.CLIExecutionService onStatusUpdate +INFO: status 1858 -> processing +May 24, 2023 11:58:50 AM feasibility.FeasibilityExecution doExecution +FINE: Evaluating SQ against FLARE, SQ evaluated is: +May 24, 2023 11:58:50 AM feasibility.FeasibilityExecution doExecution +FINE: {"version":"http://to_be_decided.com/draft-1/schema#","inclusionCriteria":[[{"termCodes":[{"code":"263495000","system":"http://snomed.info/sct","display":"Geschlecht"}],"valueFilter":{"type":"concept","selectedConcepts":[{"code":"female","system":"http://hl7.org/fhir/administrative-gender","display":"Female"},{"code":"male","system":"http://hl7.org/fhir/administrative-gender","display":"Male"}]}}]]} +May 24, 2023 11:58:51 AM org.aktin.broker.client.live.CLIExecutionService onStatusUpdate +INFO: status 1858 -> completed +``` + +If your log contains an error first check if your FHIR Server and if applicable your FLARE are working correctly - see the respective parts of this readme. +Then collect the error messages and send them to our team or create an issue for the respective component. + +## DQA + +It is recommended for every DIC to use the DQA tool provided here to analyse the FHIR resources loaded in the FHIR server. + +Additionally the DIC can use the FLARE tool provided to see if the resources are found correctly: + +### FLARE - DQA + +FLARE can also be used to check if you have correctly implemented the FHIR resources so that they can be queried using our tools. +To check this, execute the following: + +```bash +export FEASIBILITY_TEST_PRINT_SQ=false +export FEASIBILITY_TEST_CHECK_TRANSLATION=true +export FEASIBILITY_TEST_CHECK_EXECUTION=false +bash test-flare.sh +``` + +This will print the FHIR Search translation for our standard test scripts, which you can use to debug the FHIR resources on your server. +For example, the Observation query for hemoglobin would return: +`[base]/Observation?code=http://loinc.org|718-7&value-quantity=gt0|http://unitsofmeasure.org|g/dL` + +which you can then execute against your FHIR server to see what it returns. If you cannot find any of the values try removing parts of the query, so that you can see +if you have any resources for the code, here: +`[base]/Observation?code=718-7` +Open the resource and then queck if your units are correct and you are using the right system. +If you cannot find any resources even with the code check whether this is correct and investigate further. + + +## Common problems and how to solve them + +PROBLEM: AKTIN Websocket connection fails + +DESCRIPTION: There are cases where the AKTIN websocket connection fails and cannot be re-established. +This error seems to be site specific and cannot be easily replicated. + + +SOLUTION: Restart the AKTIN client and send the AKTIN logs to + +--- + +PROBLEM: Requests time out + +DESCRIPTION: Some requests can time out depending on the used components and the hardware the site supplies. + +SOLUTION: If this problem persists contact to setup an appointment with one of our developers. +Please also see the tuning guide for the blaze server. +We do currently not recommend the HAPI FHIR server as it is not fast enough for larger datasets. + +--- diff --git a/feasibility-triangle/troubleshooting/update-test-queries.sh b/feasibility-triangle/troubleshooting/update-test-queries.sh new file mode 100644 index 0000000..ab9123d --- /dev/null +++ b/feasibility-triangle/troubleshooting/update-test-queries.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +curl -o input-queries.json https://raw.githubusercontent.com/medizininformatik-initiative/feasibility-monitoring/main/input-queries.json \ No newline at end of file diff --git a/feasibility-triangle/upload-testdata.sh b/feasibility-triangle/upload-testdata.sh new file mode 100755 index 0000000..cddfde6 --- /dev/null +++ b/feasibility-triangle/upload-testdata.sh @@ -0,0 +1,10 @@ +#!/usr/bin/env bash + +BASE_DIR="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 || exit 1 ; pwd -P )" +FHIR_BASE_URL=${FEASIBILITY_TESTDATA_UPLOAD_FHIR_BASE_URL:-http://localhost:8081/fhir} + +FILES=("$BASE_DIR"/testdata/*) +for fhirBundle in "${FILES[@]}"; do + echo "Sending Testdata bundle $fhirBundle ..." + curl -X POST -H "Content-Type: application/json" -d @"$fhirBundle" "$FHIR_BASE_URL" +done diff --git a/img/access-usability.png b/img/access-usability.png deleted file mode 100644 index 20b6b23..0000000 Binary files a/img/access-usability.png and /dev/null differ diff --git a/img/codex-ap2-overview.drawio b/img/codex-ap2-overview.drawio deleted file mode 100644 index 9db7624..0000000 --- a/img/codex-ap2-overview.drawio +++ /dev/null @@ -1 +0,0 @@ -7V3/d6K4Fv9res7MD3oSAgg/VtvOzHnded3pznu7+8se1KhsEXyIU52/fhNIEHKjpSqIfe0vhQAh3Pu5X3MTr8hgvv4Ue4vZL9GYBlcGGq+vyM2VYRjIttk/3rIRLdgVLdPYH2dteNvw6P+kohGJ1pU/psvSjUkUBYm/KDeOojCko6TU5sVx9Fy+bRIF5bcuvCkFDY8jL4Ct//XHySxrdSy0bf9M/elMvhkjcWXuyZtFw3LmjaPnQhO5vSKDOIqS7Gi+HtCAU0/SJXvubsfVfGAxDZMqD1w769n3zX8m0fBr5+/N1+E323ruYMPJ+vnhBSvxyWK4yUbSII5W4ZjybtAV6T/P/IQ+LrwRv/rM2M7aZsk8YGeYHcJhiZH+oHFC14UmMcxPNJrTJN6wW+RV7AiaCdR0LEnE5y0P8rZZgf6WZIwn+D7Ne9+Shh0I6ryCUg5uH6FMS6UTgnTKbyrRidRFJxsBOn24ebz7yJr6D7dnJ1mOGkkyjCHJsGNAkjm1UcwEFLu7v/52flrZPYVWhBhdbAByuTqAmd2eVRfBLECwT7eDwb87d5+/fOs80ph94pVhB2wo/SE/mvKjD5+vH76wp6KYQzHwftKPZ6ewqSo6Ym7p9gKF68Nj72VNR8PxNbeu7GwUeMulPyrThq795HdBRn78R+H4hn+8Y8uzTeHSA4199hGMfVnbThIvo1U8ohXUUOLFU5pUkD46LjkCkGVF06MDvGiLaeAl/o+y+6DjkXjDQ+SzbysiwAWSk32tuLNo4uXDUmAdUoaT4cLOMoqAzlKo5J97BHqgQ/GYxKtRsorp+NcVFQAtgYmR/t4bMtexhCEv8KchBxhjPkdEn8uVz1yza3Fh7o/HvI9+TJf+T2+Y9sdhs+Afl36u1b+ybrRA2g99VYJzB1O85arow+kkG3URdt3TQAK7XcctPxVNJktaD//c1kg/41W8+b148kfxJO3J2p7yrpz89ByqxGqHKpHAdVXjYh+uWgxT6czEjauWHnQtB7/et1mdSFk6gTohpl1W7vgkICGoa1mlfgnuIuQW/pymVE+vQoj1kuo5QszNdzFvhZhjZAMccM+etTxSLx7NWizxvV0hwAESj4lZlnjjOLw0IMAGYNz1U+KHMBgbBD4V6GlVhGu6MBvQaPDVI+fUgZKBl6YDLZlnzgMfZHSNA3WgJUOYbdqjeVcH5oTa7erkuG2vq4ONruugwp+hyD7pGuU+a9SUMIXVSjFvSXLkrbo6PejpXE6yJMfwCUTesKzeKUW+AQmuMHFWkOAwCmmZY8skjp7ySUXeMonCRMyAYkOcD6IgitPeSKa00ie9OIGqIW2+84M8CxOOxdlx+Q/HrqotUKu0hUMUAcfocG3RA51hZqiQgXvExQSZxFTC5LqDJKOKBWGMeBSnUZzMomkUesHttrVfdri399xH0ULA6G+aJBsBS2+VRCqKC1gUIC8CMcvHaQzZFp3H2TKncthe1Za9Dnbsy7xN4QahTneisgemfAQndyIPPIAsBVHZGE6KLwc6oKNoTNedycyPO3NvsfDDKQCcNDqpgXqIln7iR9z4DKMkieZl5KgGKuGIg3YsU5NSDUqEzbwFf+V8PeV1J13vJzOYXT7AvyZ+CuyUDTS+/UEz45bqV4Y3RZ/a/dMEkg42FSZZMJA0e11rt7Y7eSiJDehd/H+qCOvCVYR0VVumIqAFylQEc1uYlE03nSSm9F1HbHWEmqSwtZP9DasJB2oJWbAjsq4wffeL5wfDaA1423T+zlELoLTVPKjJBB6WjmKbtO7eIKFGxdurqHgd59SK9ziRgBUwd9Rb+kM/8BM+jO9fzg59bKjJEAtBXYJ1RZJmbaoExsTfv3T63uiJIaqFFDM1ZaVaitWmLWRdR4Fiadqnv/KDsa6KLVPJ56akiStQUjdvUhv0XKh1RRElqAMUVk2k19BvsRcumVZpQTkgtmxAVxMilOzJmZyesHBSfj9CdfMU5wcocc4NUDix9x5Q7+GgrRZqE11te7OusrsrKfIe8ezQZ6iFTDzB1Fte4MhGvqPEMT+pVuHIA8FCkSO+KhY5lmscj8vmu1XzpVLxtySbj001A09sBSJVc/kYlN3n5qKh7L1bJTNXGYPILIJwe9puHJILxaFFSJ612dbZHw7FXPtty00aBuMp13ucTiG2Doftmt3ENsFdV4EhA9Oeyt2LAuXrptffGigrG+mWgfLtKcdDl8PsyL8W4alf3rLF2A5YSVjjIqhziOthfTgUZYbq4qD4lvxFLKeXm51DOARpOarx61Bdcb7icCBjhCsiGSO3IpSbmY7IR75PCeXBP10u0z0tiox8IeMWrZLAD+kg30Njr8p4RfxP1CTOjilPW6MHasvEYVn4u6/qUp93zxegsLExAqFBNB/6oZfmcwx0H00ZZislRBkBE3W+TpPRKeZmRJNMBQV0kmjyRXmZp47lZYVwCgZbIM+qmVHR7g9Qn7DARGvK09s1HTENFwNenH8eipgaqmm3N6lPJmBq8/R+TlPu82tUPWmX12KoM0Ckd6jXQnZO0jVWowoV7TncmLMXoGFUtRAir19pjesBk0PpNj6aoqAPAz4Xwi5dP/Anbnxm0vwhV7ktmFkFqz20lUKNzv1jBHMcSuVVW+qsGGFUR64q+VSdc0LywdB8x2rTPnet2mD4VSpizXLThg2/5OMllv9hrMYXLaj/w9Y5bJw+VCfVQnUlAdW7pFjdOHnp4K4kkLpWHPfcrmsUlpOaBzpqYBs/F3Vxr5Kr9trScpgVMyzywujAyid1o0n1CbB9o/JEPeXoGDexb5lbkiJT5sIqbl30YhbscJGpvKa3enaroZAHqa5ZbiZfLUlIjayB4TyVHKFdlS01Yxy6jL/ReO6HafkRtNR8M0R/BEuSzu/6nL1iFOei1ca6/CNsJ646Y5OjqS3BJoYe/cp/L67bJVJqfsfSOL+Nrzmssn/NxaR8Dq6L2pYeGMXaA+linHqStnqCSa72qt1dNlSn9uDZV4Bztafa05hVcuOXiGmjhGlUGdO96vU0h2O68rabNeRMdyERLMw9ENMuqJGpx021lV1V8tWJu2M309r7RE1+rQFjt6+reecrM69A1I6fO315k5xGZk9NU1kQbMpqo4IBdzQ+cX05VQN6YH9ef3t8uzzANvgNBQyZoAt/62MCgeUe5eWn+p2h3g5PgO9g2EYXVo3oRIPU9aMDmBgaLyCLt9kbPHZlNPPipTBV9v9W/Idd+qtk0nG2pzIul08uF15Y4qK8cZRx6JpbrenwA/tSNmwk/31Mu0B8g6jOxJv7wSa7dUaDH5RzrnB9mfoT/Co2Fuviheyl/EoYxXMvKFx7FiTlF02U8RUFzD2hcYeNecTXqoEnOQA7AkvpwLM+8ks+g0koOkVyKOmVhK/BnLCuZKcpLDm3o3hcfmH+4NAbPU1T7HUUYhl8LyZOJ8N0xYElSTb2l4vAE+TyQ172JD47iLxEeb3KNa0UooxvQXbjXcZRyWW9iDaxABJONWkkSLuUtLafhsGkhY70UVsjaHZoGwyOi+RI1fUIcpOCtiRvSAs3JKuFuTuTAi8FUI2gop7psFfnx0FhoPnCHkaYgCJrs4nIg8CE1b/oZsSswROAb/PL2OEPfNW3xwc73f4aXUbf7Y/6kdt/AA== \ No newline at end of file diff --git a/img/codex-ap2-overview.png b/img/codex-ap2-overview.png deleted file mode 100644 index 3d96f5f..0000000 Binary files a/img/codex-ap2-overview.png and /dev/null differ diff --git a/img/codex-ap2-query-translation.drawio b/img/codex-ap2-query-translation.drawio deleted file mode 100644 index d659c5c..0000000 --- a/img/codex-ap2-query-translation.drawio +++ /dev/null @@ -1 +0,0 @@ -7VrJcts4EP0aHaXiIm7HSHaWKU+VMkoy8WkKJmESY5JQgdDmr09DBMUFosJYopVFvphobM1+rxeAGpjTZPOOoUX0Nw1wPDC0YDMwbwaGYWi2Df+EZCslhmXmkpCRIJfppWBOnrEUalK6JAHOagM5pTEni7rQp2mKfV6TIcbouj7skcb1XRcoxIpg7qNYlf5LAh7lUtfSSvl7TMKo2FnXZE+CisFSkEUooOuKyLwdmFNGKc+fks0Ux8J6hV3yeW9beveKMZzyLhOeZtpf2Yw/fQm8lf0c/TMNJl+GjkRjheKlfGOpLd8WJsABWEQ2KeMRDWmK4ttSOmF0mQZY7KNBqxxzR+kChDoI/8ecbyW8aMkpiCKexLIXXoFtv8r5u8a9aIysonmzqXbebGUr11Uo2GoUKcrokvn4iCVsCRNHLMT82MDxHjygPaYJBo1gIsMx4mRV1wRJ+oX7cSVC8CBB+gHACjUrgM05W/p8yXDwcYnlFlX8VphxAoy+Qw84ntGMcEJT6HqgnNOkDkQx9k1MQjGGCwAnSLZ8sCpmIMg4o094SmMKrZuUpoIFQPCF2DLZhCIYjNAz6DTyISb890h2PFlQIha4XcE6mdwRuuJioYFhavBnT/bQCn3w5ji4KhRF+LEkmWXwGbqOlQvWpSuPnZEURhU/Lvz7/PgZV/y64me5dh0/b6xdHD81YE4/3l0xa8XMtS7vc94vneR2rRlmBKwhmHD2zDfumvmMi2a+sYLiBPlPOA0UMOtQrSPC8XyBdkZYg5vUYYkoI8805ajNHxMSBDsGnME9TFdvhDRdDWm6ZqveoRu9uYf7+7kH3hD+tVgYnitLQatcSTT6KCY7u5R5UZfSFeRlCaJ9YijNhA6Qtk5yrz6cxjVVp/EO+My4N5exFMO9jQgDyRwj5kcD4azw6nYMmkweoMMOxdOUJg8klVbV7mhI/Gvp0Fo6OEVkulzp4KjHrV8+NnaPc98PX9aJ4UtOnQmmlUwYK0Wk2QA4j8ByWvXSo7GS5TVX0q36Svk7Kivt2LJ/oxMIpJ73LkGgM+Y2pzM5tBPJcZrnqrnt3ecPPZeKefw9QyzcV3t73trqMaoITtVI2HSU89lTLb9FrtgMHyHxDRO0WJA0vCazfQizrZFh1TG0vYtfXzhq4ZKjCKwGQ4TbIWcYX2Hcl57jnxNGp0NWSYM34gOIMHqMsgxKzZaaoiwj7qt9bTWFPFqVx6n7Ss/ho5Vo9HiDUbD6+ympBe0KktaBoFrITixrPKdRjFjaC8saXTOaSzW51ndd0+XS4A9iYOcD/0UZaDpeI5a5L2Tg2Gys5DRX6pmArlqPqAR8zZOZyBPVw1lXEv/ADVXfJPY6kthtIfGp7PSskdNItp77yuc19VvBklyro5Yi1/BGDbx07cCF9itXR6569PuEWULSHYbqrdwcsxXxVVwvfs956OOAdyA79HbP6f4ctxdthcLLYqzxap8B3K5XJU5PAVVT/NNtfkbqmvBNr3kJ32RdS2SGEhBtK8N2MSo7orRy2+9pRzXTreY71ifAQ65Dx0QBzfJXWfnw8sdt5u03 \ No newline at end of file diff --git a/img/codex-ap2-query-translation.png b/img/codex-ap2-query-translation.png deleted file mode 100644 index 45151c8..0000000 Binary files a/img/codex-ap2-query-translation.png and /dev/null differ diff --git a/img/codex-feasibility-deploy-overview.drawio b/img/codex-feasibility-deploy-overview.drawio deleted file mode 100644 index e921fb5..0000000 --- a/img/codex-feasibility-deploy-overview.drawio +++ /dev/null @@ -1 +0,0 @@ -7R1bc9q4+tdkpntmYHy/PCYkabNNttkm3V5eOgYEeGMwa5s02V9/JNsytvSBBcjGtNuHBoQR9ne/60wfzF/eRt5ydheOUXCmKeOXM/3yTNM0xbLwH7Lymq+opp6tTCN/nK2p64UH/1+ULyr56sofo7hyYRKGQeIvq4ujcLFAo6Sy5kVR+KN62SQMqr+69KaIW3gYeQG/+tkfJ7N81VGU9QfvkD+d5T9t0g+G3uhpGoWrRf57Z5p+nf7LPp57dK/8+njmjcMfpSX96kwfRGGYZK/mLwMUEOBSsGXfu97waXHfEVokIl8Y/fvu3L5ZDRbx1Hm8m19dvv1o9Ewz2+bZC1aIPkd6t8krhVD6jIjsopzpFz9mfoIelt6IfPoDEwVemyXzAL9T8cs4icKnApJGsTIIgzBK99MVxXUVstXED4LSeg49/YJ/svxhn1GUoJfSUv6kb1E4R0n0ii95qVJXTpU9/IvZwo8Sjm26OCvhV1XNfNXLKWta7L6GLn6RAxgG9rfEvDjX3dmzangf3l/8c/tlvuxpbj2w0WJ8TqgavxsFXhz7oyp8MUii1y85LtI3X8mbvknfXr6UP7x8Lb+7R5GPHwVFdPHFT77QjfHr0lb43Xon8oZutBE5cbiKRmjL46u5qEDjCkfyOCzhyAQwRNciFHiJ/1zlYwhp+S/chz6+5YJEHMWo0ohmM4jPnij/WpmzmJ0wyTBbGabS18zqbokXTVHC7ZZSUvHw+xOXrtQTFxFXhF8n4SLJJbGq7cRwhRz2hnRTBUZi/i3D0KqgMQFOtFUAzYbaFB+qAKSsIMkBUwGZ9c8qpB/04hRk5/gC1Vi+rD/Er6bk7/W7m4+9t16CfnivdEd8g9mm2SUcSmrEaeANUXAfxn7ihwsiEzCGCPteEMz4WIvdMhckIdnBC/wpePl5/sEwTJJwzsvgsYmcMSi1HW2oY2WfgaIizS1L10Ei2k6nwrK8pzscxVhaqxSjcRTz8erhsXd+f8MhNIl8bzEl7+pUJUVSgCZJo/AznQoLYgXXNzmIQrrQdvtmQxC1OIjefrj5Y9B750XzcIEZLeIgiw2oJXm5jMIRiuN6AK8ttA+rJPAXKF9vDNK6bVcgrQFGhw7A2WqKbm0OyqmMuo/RahwuXucnCmdNqYez0SacHQ7Oj7MIod5n77V3h7Debw7IjACfTCbaaAQJ8LE1tEyrWfLvFlZUXmxzeKizt3cEVq0RnIOo1gamstvSOSBus4nFzV+NkVXY461uIWr9shtpBrNRw4avyquS3y8vBiegmE2rahurCs8xLatlldcYqaUzCHyUo08KTMdePEtDCo3qCQ7Arito+bDMIA/AfAzgvTd58nr3UThejQB1fGIw1o4PY6p4OBgPwkW8mp8ejFkLvhD3R4OwBM26T/Bp3+iXbC2eP22m2QTEaa26PzCWpToME7I6WFSZm1rNRhuUOcY0iXkUly3JBfHmGzZZwazU3BZ4V2sSzn5fql2h6fU0Tq34OTbh0zxDmcDDzE4fFImLHSixYLB6GVGSAVBQRM1DkwdSWI/KFxrHs/q27Zb/VXcMJ5MYNWLvacZOsmcRLtDhgke6AFEEBUM7sXCdUeK6vqf8UFWYUxuWH1oX5YdAaq2pbM+O5Fqvx7qVujF1SerOYMmVtZhkkStzw2orBMg7xqdLgO7PSYCmzRKG27fFEoeH0qDeCg3y8YTdaTDX12sd/bX0iRR9LRqOc/PHkR6NM3SLes05evYNxxlsFLblcJzGx8JPGePYDWgqAqsqsnCusvmQlnGuC3B54Sq9TEklWX+4nC/6MYqe/RH6nnjxk4DzxKW1d0T6DvVDNO6+LZfBEwFdkx5w0QW46rQgrOsdg7BAcdZpQdhwOwZhjYNwmo2+xCBQ3tyHcTKN0MOft79thPvoFcNzjCJdIF2aFS3eDuvyp3FeB2WK4Wb3SkS+OAyogGo1eqvvFkHpZh1iTeRdFVTz7fgLquIyRKCvi3AOLzcENmta4/PBjSzFQuvehhEteXsMl5h4NrG0Tzht4QUPSRhlEdQ96yA43hUjkEMYWTs6Ix/Rw/+PkXMikMnIwGYNM7LB64IPS1JL6gU8K6fq+gHbO1uqxkaroQgXi6rnsRc9fcDb+ElKL33FrC5q6SooAKhmFyeyQ4SBfmxhQMuoyryPmeYhfxtGySycErxerVcv1qu3IakcTuHzN0qS17w+3Fsl4VlNRZRoA4CRi6vaaB/NRshLmx4EWYMXs1eXfIER5YBFmBygx0CCZwv2mzBUmRRQTwUI2gEIuqhakg/3HcIKq3lwPkrCbaXxRc07Www/98fjlBvqfLc20EC9tAINNo+GVmuIja51LR0ggGxBAWR0K9+lu9X4Xk/ft1XJMJidDK3dUCHNxHYjKSVKOCbtTK0jHFHF1VKaiikL2p9uLCZ5JEw3u2apdMC33Xpn3BcMpYW8FiWIEhn/r5eEvcnM32waHxI2bLwRTIbqUlkiUdZtkOWoowKbEY1VNZsC0XPaGykOh517IQEeAsEDlnFpDYKHD+YMMAUSMsGrD5lwxC9e4wTN443k3XR0lsfMdmTvVDrXPk3yTsWvAXS4Q1/lrdz2UcL7G78UShjXA8oXtY4SlwNzI0GNvYrR8Rt5vokp6puYohFR6cERXmKdg9hJTZEzsG1iox1S+OARwrSea1QC0dxgxJubF2fm5Q70T/3Wg/V2D6tpnbqERaj27CALvfk6aRrPKaErHM//M1JZI1V1bKBhCZR0bmPd8FZLYo6ri8cr1z652QPFl/yQrah/yLq0GxxRfifWORbtgJXFoA7PoPgGzF5KepjSlHCC/xt7iUfgGqA5Sj1n5dknC2kEWkGLyB/N1pdNIswnWMCtzZaYmi3xBrOlbqATKxe82B/1R0G4Gn/Hv4D/JhALTwJ/+S7fYuxHWEZkHP8Dxck+kqLQDxsVR0yC5ovpY8oKOjBfauwhZwK2xlsjBw0nkuQLS1ZAGL3lOLrDdzIRFUBUga8NeVf4V1EFqq4zwsSiWr4miec2hireFc9QxKZi31wjzIhDPyB5Ik35y4v6+I+6pXaqk3lZGVg02MyVZfAs12oq1pFQl7G/KqbsXutJUGLrSLRaNTQWkbTvaOfKCp4mlMbqKozZV7f3LQy/v/4b6J7//S5YPgHzjZqhgE+/f7pL7h7f/Wl/fJlrg1sTfZr3aDClTAHgXXasuEZlI6Q6izXx0hou9WEe2lZzCInwyK8176tjNw8z9tf0tbb3DxMywuEK4VSq9HAFr0r58XtHCVfQkisZgQnVcNQqoXcpMMHnXS43+inUPVFG3gL/PyQ+C6kOxTZogtkgBSH2N9L5w5jUqQf05vw34ipFGfTiMPDH+fX+Yn3RxRbDqHBiamyjZSnWl3+pFP7jaSYKEy83bpXUkorJvubaAnIzgilMYKXvOKWVzIRyzZI3dTyvhikbMKF4PbUnKl6NjGm6EipQRqvouSgAjLHUSvjL02Up0tERFI5U33VEAdsaG1xhfVJR/WvbG9L4susFXLOatOg5ttz0PyX08qTKMHxaLYkUS8WO3kvnvSrwoL8WNEz9OF9poXClr+uslX6gwtkw44gaGFL10VZrGQiPTNFoFPbi7RXPrYZJivhHLQFlARUZ4yElBFZ0QF80FViBkawdrkP21wdUzpcVwlZa7IhCUHWVSXsZrBwX9sh0i6EJs6HZMKrG9mgYNTVk/Dc0y5SqRWBkS+jDk0uTW+NJHaFJ12RIkjMtxNvmFZa6WXunQyRpmnINm+hH+Fn5+6Pj/zW2FMeNr776TiF/2o1UVOzxIjHZYJEv/OxA3BQ8NIVWxDc+1c92qsYtm3+WF8OEAQKVTWaJiHiZOun1ByVo5KCEDC8Kth6SXm63kA/TGZr0w3WioTfKrBJySTQdvtEMh1ylEUdeI7Cnr03lN/4QBgKQhz/iN7+VTmDI7nbDCQxHCQFtZT4pgSHFNaqBIfUw6duCHc6X3725fLgm4Z2L+ysOb79AYot1olUw6qLxqra5zFZLTYaCEZq6epYNSqRGhWxtbaavv5Zep/uolQJB56AKwW3Jmnofoq2hswYbLmqwggZ8Up3vwrhfpV/LIjN5sPlh5kX+YtoNyb+VrSRJfrdq1koK0Ghq367GaAylWGlePeh8FUseSyGRkTwnQBUG6VTHf+48PxiGxAJ58+jFTzH5KE0LXN5948hBSiFUue6JH0nRfiGUIUsZmawyAmaQwwOIZZzKBFMEb59e355//BVNBYuP3Lc3hH+btirh5u3VYPChd7ozJKSYdGxdSpt48h1j+v7D379rv//142bxz+Pkm6sDR0S9RQsUpTnZJD3EKMtuzNPsRuqUXeEHzuyHorg0mXlEVfgkfxunJ4Vk8jg7Eu8z0ch+FJPlIAyfyFVpAoVo52WY4C/46Q9igylOUlWtLCM0RuRopFSTp0I7maHKlt5iTG8spteMvBj1gSFEs/TWRuEqIN/xgpjcXZpjXqIIWwvzPGUc++PSj/Q3k2i7WWPdWBOjzqWNXZtJGwMHQ7WTJ1ZZLWHpvJrQN3QRNaUmZAwwqLX+be1MVn/QVqu+1vynWrEz4dpNqaCdw7UWM9q2xw29kBcQA0Fr8EoNLMPtSqHRdnaQkAxWVHruw75Usp4203eaOEICxqPWgkRwLBGBIBKhMKshCuewySjC0uUkKkYNVrrsf3IFN6JR8DAAaVTJpwNh6dKRrsvtrCWj1MRgpjAfGMKmjV9K36zO3dbVPjmUfv2vtaCGIXDIUHN14jpQp/Yf17fM9XyZ8vn7x5s/eB9mwxmMP7/TzAU3THiuTFN+M4y3o3Z4UKo5Nc41ufF2lrb3+FT2sDq+XLVp3gXO1wbb8jqtsSkhd1djq1rfdZTSPwbvht7XWtPYEs43kcv3pxAF+LlUNh9Qgtm+y2EAY9N4oD3YXjNN5jDxw4imeS62oNGyljcn1tJiGGeD4JRDllLjbUVtt5vL88czmpa+uE7j6Kx9VypYWrFrq4BdCXy68lcYLbw5Kn19/Rl/9R/eaLbD5W/RcBUl8dhLVnPhr8SjWYBGWIRs+wJ5zNJTbbJqvWhcb9XWnti+s9Gps7FG1wSGxECDeFVNwpQYkGhtPkCws+rJov+f82dI8wRM9wh5X8oOZAr3jOmg2l+DQb3J4IVU83REgzlc+TobfBZWYJrl9HW7GoLo2YIN6ruXHtuMyW1J7pCCaXU3M4k/pXd/QhWvHStXikHh3J0PBQaYAK4gBgIvh9VytWTG2Q7DBfsOFFYtfqe+aeJf0F0sVg3dYGJw8my61T8eevuivLu3h8+L5y8f7qPLm+KA0Z0KGysisamjFODbBaToQQOpdyOMnYWQwcgg2j+8cTjXwV+QPQZ6KxpKUm7qj+JWh+xFGZfXF4wxRtJGF+MoLYNsXYwN1A001TAIohZsOs8s17H/zBqznVgqvIb7GK3G4eJ13jsfYqd0vFpM0aLkc0AeBl4DtuzuKu83lS66u78hXlharXT/8Mf32w/vt+9WWiLXX958q3w/LV3btEPHPBeuI961eFYqBLL0Sk2QmcATB2s6ieBuIbbdRyWBFmzHkbCJpoSLgEAiR1dRoBbzRKOR792vkiqC85Iy7KCnQCBPRWrTJj6KsgqztKjNSx+Y27yu0Yg8EGTjQqVYm4q3xANFEN1VG/XqxwbsnqopKnLqZtxbAP3JyNVs7exr+mzXn1M1c0kboPK7KdUMo1MkDtLqfK3cfRWy54Xrb7aScuPNPabFBCj2jtezOxVdAm21sQocI5ad/iHMKzvHyE22CtIFmEgHw4mNZbBN3nm5DZ+8gNQ/P0ZoNcPKME7wRvxQmyrv1Jg4jY+CZZWliZyxAUlFRxvqlgWFjixL10EG3k5ROx0x0jZ6+cKSq979zZeNmm8ZhaTevh6hm0pG5EMPPphCFSv9YAWWPMjypR/T+/OHEwSs2jXI8qJ6ejM4Rch2jmY3z3IgwpA6LZc+dmGS0Yx4U4VXU76gOVTIsG2bkTeA/wwiT8YRnHAsiu87gJD3+Hh/VuqPahl/rUl/nWelxngJjmZA6GD9j5o8LOt8755d3Rq1rM+uduuEU0OvIrnnCo4S4HdiZub0VIUlBEmZVYeNdbhuC4lVS0L9WcMpfku0Vc3s1gB6LsVvsZ6qKBG6KruT4Ck1u9IgV0/r6nJpUOeJ6xiRlQ3J+iJB/5V+87Bk/VY/uTbX2tLcFZvmqrlhzPLHrsBZz33CbXuQgSydCAzO2ZrNPXKynJu0YatyeRo2ajROr6SW5CBckIb+3sei2R9A/dEHHG+lUxklrqrhMFxnH6ZzpNa4gkVGQHECh7y67GS8zLIbE/+FcGLFSctFM+efXV8XhVjlEi5DUjbCYCvJTWCEBugQSMlIwKDmPYIExUl2KBsD8trJziX4wzOd+YarCgooXpiElvfvKkL9UThG3zEWEWU0FF09o4zfAC+cYNKSlUcymPFRPYN6ISXMGcVpjJCFJx9zEhow9zFH9u0FNwTH1Qmpy620fGqtZcXsXgmjqlkfkttKXsoKxoFAhnOnHIwM9uX8XUdROfYtHJIyirmxyvLYl09ygAZKmwOMhcZVHnQiEwwKi+db+ELpfsphKOSzKdVuqk83x6d9ly2itx1edakw7TcFNz5X8ummd+GNnhApYuoexABpAUJMRkYUhhgfOvtzhaLXi5UfjNcZj3WRWDZF8siQ1BRXAJKQvdsc6QENkNngRf6Y0mwQZwrnM1JX4C1iLFUQfx5X63DV2JJxG3AkwBavxqxRjXfZtlPo4M/b4wOSI1DLOjKBAgkz4vi8pFX5vbm3XELzgE/PM7uQhEGdtZ1Nh8dgy54ZteQ4HIaLBINh+tpLIsSHo35dJKqs19IFJDbmXldmre3oXvft4hSRwlM/9EiRrTRca5NTwd8RZ3rdClCIdIPZRNSZXpd6F1u5zFYNO9OagDMtToOKUSbC9dtu0yEQ0zkJOsT2V5/tlDbt/UmxkH4FMaotE6NIwKJ9gdg1OqQeRlfoUFfVPpt1tZz+lpmBJ0WUEmaZnTBRiirprhHlzyccBTo1QDrcEH+tlJSAuZXa4+QoWatlom5sLoQKzIU4CVL8qexFhye6Fmqe9iC0gqjV3Yha5vnnMAiBMlTwQl20DLWdXITISfOF44/i2CN3XcZiTbQN7BrdCOZdQnBcAMcwC91QkgFQ221jUTigTjqNZl69oBGm/4gD7fGTFBbdpC5J0VjEBKjDkq8DWzOthOVAx4oJXDY3YJl76jPV3Zi+aUmf6bzLuemYtGPzo8MVXriC/MhWasvjR943On9KyFlDbC7mgkSJOyDUeCDaRxdqvF59RNHcX6SBfB6UD9nchQ7C8ui5V7pxJwtc9tcU1F2o1xSink87FiNwJNDK/y9FtYmdOF0IyPeWU1TAERzV+qO8doFBYt00nxwHQMG0zBk+MpDisr13pqH3edfBAaScLmHULYyUn62uD2i5GwwOk5hAl93WAruuSEyRYPPPgNqNeb5qRbdMf0ucJprpVdu11QkLH1Yh5L+xMTyosOFB5hsHd0dtBWyJaN+j11EQek9HN1LXNWpHKU6Fxz/vllGSOf652ioqyubg+GetqTi/DtRqbz3voytxEW7+s7H3FHSLPcaD67ZuOC4CnORCx0CmZaqTdKTku0/8zIzjt164QKUqNNKzOauZ9+gn6fyRroHKtgFbVoVOIG7MmDV5H7EtYXgCs/BNrVMiDtMGMJh+PxnHp2UEx0DIEnEUtiXK+0ZszWzI3+DD5dUX/PceA4wcgX505uXTyJCcg3JYjck5YNZbNTrwGPneYgrMSOxGgKAsKEz6Pr9JVYa8Bdqx+XFZKnX6WgnZA7POLm8GHUVQVbabDMrcJlBms8ktF8gUQ9ZEcxjjrYlv5x/5uX+/KsrWs0PXgVOgdV4OyvDbKCRD1teaiISP78IxmfFx9X8= \ No newline at end of file diff --git a/img/codex-feasibility-deploy-overview.png b/img/codex-feasibility-deploy-overview.png deleted file mode 100644 index fea7424..0000000 Binary files a/img/codex-feasibility-deploy-overview.png and /dev/null differ diff --git a/img/feasibility-gui-example.png b/img/feasibility-gui-example.png deleted file mode 100644 index df07e1b..0000000 Binary files a/img/feasibility-gui-example.png and /dev/null differ diff --git a/num-node/.gitignore b/num-node/.gitignore deleted file mode 100644 index f9a40ae..0000000 --- a/num-node/.gitignore +++ /dev/null @@ -1 +0,0 @@ -/ontology/*.json \ No newline at end of file diff --git a/num-node/README.md b/num-node/README.md deleted file mode 100644 index 961477b..0000000 --- a/num-node/README.md +++ /dev/null @@ -1,115 +0,0 @@ -# The Codex Num-Node - Feasibility Queries - -The Num-Node part of this Repository provides a site (data integration center) with all the neccessary components to set up in order to allow feasibiliy queries from the central feasibility platform. - -It is to be integrated with other parts of the Num-Node (see [Num-Node Repository](https://github.com/num-codex/num-knoten)). - -It can however be installed by itself in order to test the feasibility query setup and be later switched to a production environment. - - -## Setting up the Num-Node for Feasibility Overview - -This setup is configured to install the so called "feasibility triangle" on one VM, which combines the minimum neccessary components to load data into a FHIR store and connect to a central feasibility query platform. - -
- -
Figure 1 - Overview Num Node Feasibility Triangle
-
- -We will describe the setup process for all components on the same VM inside the same docker network here and then describe all components in more detail including the configuration variables and their purpose within the Num-Node. - -The Num-Node parts here are only part of the Num-Node components to be deployed and can be later configured to work with the ETL Num_Node components described as part of the [Num-Node V2](https://github.com/num-codex/num-knoten). - - -## Setting up the Num-Node on one VM - -### Step 1 - clone this Repository to your virtual machine - -ssh to your virtual machine and switch to sudo `sudo -s`. -Create a folder for your setup, we suggest /opt/num-node (`mkdir -p /opt/num-node`) -Navigate to the directory and clone this repository: `git clone https://github.com/num-codex/codex-deploy` -Navigate to the num-node folder of the repository: `cd /opt/num-node/codex-deploy/num-node` - -### Step 2 - Setup basic auth - -To set up basic auth you can execute the `setup-base-auth.sh | chosen in step 2 | chosen in step 2 | -| FHIR Server | | chosen in step 2 | chosen in step 2 | - -Accessible service via localhost: - -| Component | URL | User | Password | -|-------------|----------------------------------|------------------|------------------| -| Flare | | None required | None required | -| FHIR Server | | None required | None required | - -Please be aware, that if you would like to access the services on localhost without a password you will need to -set up an ssh tunnel to your server and forward the respective ports. - -For example for the FHIR Server: ssh -L 8081:127.0.0.1:8081 your-username@your-server-ip - -### Step 6 - Init Testdata (Optional) - -If you would like to test your setup you can initialise the testdata provided with this repository. - -`bash init-testdata.sh` - -Alternatively if you are part of the CODEX project, please download the testdata here: - -https://confluence.imi.med.fau.de/download/attachments/156379181/gecco-feasibility-testdata.zip?version=1&modificationDate=1624281356939&api=v2 - -remove the current testdata and unzip the file in the testdata directory of this projects num-node folder. - -`rm -f testdata/* && unzip gecco-feasibility-testdata.zip -d testdata` - -then execute `bash init-testdata.sh` to load the testdata in your FHIR server - -## Change Certificate - -To change the certificate of the Num-Node request a cert.pem and key.pem file from your institution and add replace the cert.pem and key.pem files in the `auth` folder. - -After replacing the *.pem files restart the num-node using the `stop-node.sh` and `start-node.sh` in sequence. - - - - diff --git a/num-node/aktin-client/.env b/num-node/aktin-client/.env deleted file mode 100644 index a4d57b1..0000000 --- a/num-node/aktin-client/.env +++ /dev/null @@ -1,17 +0,0 @@ -CODEX_FEASIBILITY_AKTIN_CLIENT_BROKER_REQUEST_MEDIATYPE=application/sq+json -CODEX_FEASIBILITY_AKTIN_CLIENT_BROKER_RESULT_MEDIATYPE=application/json -CODEX_FEASIBILITY_AKTIN_CLIENT_BROKER_ENDPOINT_URI=http://aktin-broker:8080/broker/ -CODEX_FEASIBILITY_AKTIN_CLIENT_AUTH_CLASS=org.aktin.broker.client2.auth.ApiKeyAuthentication -CODEX_FEASIBILITY_AKTIN_CLIENT_AUTH_PARAM=xxxApiKey123 -CLIENT_WEBSOCKET_PING_SECONDS=60 -CODEX_FEASIBILITY_AKTIN_CLIENT_WEBSOCKET_RECONNECT_SECONDS=10 -CODEX_FEASIBILITY_AKTIN_CLIENT_WEBSOCKET_RECONNECT_POLLING=false -CODEX_FEASIBILITY_AKTIN_CLIENT_PROCESS_TIMEOUT_SECONDS=60 -CODEX_FEASIBILITY_AKTIN_CLIENT_PROCESS_COMMAND=/opt/aktin/call-flare.sh -CODEX_FEASIBILITY_AKTIN_CLIENT_PROCESS_ARGS=10 -CODEX_FEASIBILITY_AKTIN_CLIENT_FLARE_BASE_URL=http://node-flare:8080 -CODEX_FEASIBILITY_AKTIN_CLIENT_OBFUSCATE=true -JAVA_OPTS= -AKTIN_CLIENT_AUTH_USER= -AKTIN_CLIENT_AUTH_PW= -AKTIN_FHIR_BASE_URL= \ No newline at end of file diff --git a/num-node/aktin-client/README.md b/num-node/aktin-client/README.md deleted file mode 100644 index 2a7fb33..0000000 --- a/num-node/aktin-client/README.md +++ /dev/null @@ -1,63 +0,0 @@ -# Docker Version of the AKTIN broker and client - - -## Broker Configuration - -| EnvVar | Description | Example | Default | -|--------|-------------|---------|---------| -|AKTIN_BROKER_PORT| Host and port the aktin broker is exposed on externally (outside the docker container) | | 127.0.0.1:8080| -|PASSWORD| admin password for local admin http://localhost:8080/admin/html/login.html | |changeme| - -The `api-key.properties` file can be used to add your own api keys for clients to allow them to connect to the broker. -When deploying your own version of the broker, please make sure to remove the example api keys and replace them with your own. - -To add an api key for an admin client (a client which is allowed to submit requests to the broker) the api key needs to contain `OU=admin`, see example in this folder - -## Client Configuration - -The client has to be configured through the sysproc.properties file, which is mounted into the docker container. - -| Sysproc var | Description | Example | Default | -|--------|-------------|---------|---------| -|broker.request.mediatype| | the mediatype the client expects from the broker (note the broker has stored multiple mediatypes for a request this will chose the mediatype to pick)|text | -|broker.result.mediatype | | the mediatype the client is sending back to the broker |application/json | -|broker.endpoint.uri | | |http://aktin-broker:8080/broker/ | -|client.auth.class | | | | -|client.auth.param | | | | -|client.websocket.reconnect.seconds | | | | -|client.websocket.reconnect.polling | | | | -|process.timeout.seconds | | | | -|process.command | |the path to the sh file which is to be executed by the client when the client recieves the request |/opt/codex-aktin/return-request.sh| -|process.command.mapenv | | | | -|process.args | | | | - -Note that the client passes the request to the chosen script file (process.command) on stdin. -The easiest way therefore to access the request from within your script is to use the following command `REQUEST_INPUT=$(cat)` - -To use your own script file, mount it into the docker container (see example `docker-compose.broker.yml`) - - -## Run docker setup - -To run the docker setup on one local machine execute the following commands: - -```bash -export COMPOSE_PROJECT=codex-develop - -cd aktin-broker -docker-compose -p $COMPOSE_PROJECT up -d -sleep 10 -cd ../aktin-client -docker-compose -p $COMPOSE_PROJECT up -d -``` - -If you would like to deploy the broker and client individually copy the respective folder to the respective virtual machine -and execute `docker-compose -p $COMPOSE_PROJECT up -d`. - - -Once started visit the admin at: - -http://localhost:8080/admin/html/login.html - -user: admin -password: from AKTIN_ADMIN_PW environment variable - see above \ No newline at end of file diff --git a/num-node/aktin-client/aktin-requests.log b/num-node/aktin-client/aktin-requests.log deleted file mode 100644 index e69de29..0000000 diff --git a/num-node/aktin-client/client-exec-scripts/call-cql.sh b/num-node/aktin-client/client-exec-scripts/call-cql.sh deleted file mode 100755 index 663a249..0000000 --- a/num-node/aktin-client/client-exec-scripts/call-cql.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/sh - -QUERY_INPUT=`cat` -CLIENT_OBFUSCATE=${CLIENT_OBFUSCATE:-true} - -echo "##### INCOMING REQUEST at $(date) #####" >> aktin-requests.log -echo "----BEGIN REQUEST----" >> aktin-requests.log -echo $QUERY_INPUT >> aktin-requests.log -echo "----END REQUEST----" >> aktin-requests.log - -RESP=$(sh execute-cql.sh "$QUERY_INPUT") - -if [ $CLIENT_OBFUSCATE = true ]; then - if [ $RESP != 0 ];then - RESP=$(($RESP - ($RESP % 10) + 10)) - fi -fi - -echo "----BEGIN RESPONSE----" >> aktin-requests.log -echo $RESP >> aktin-requests.log -echo "----END RESPONSE----" >> aktin-requests.log - -printf "$RESP" \ No newline at end of file diff --git a/num-node/aktin-client/client-exec-scripts/call-flare.sh b/num-node/aktin-client/client-exec-scripts/call-flare.sh deleted file mode 100755 index 1f0b5af..0000000 --- a/num-node/aktin-client/client-exec-scripts/call-flare.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/sh - -FLARE_BASE_URL=${FLARE_BASE_URL:-"http://flare:8080"} -CLIENT_OBFUSCATE=${CLIENT_OBFUSCATE:-true} - -QUERY_INPUT=`cat` - -echo "##### INCOMING REQUEST at $(date) #####" >> aktin-requests.log -echo "----BEGIN REQUEST----" >> aktin-requests.log -echo $QUERY_INPUT >> aktin-requests.log -echo "----END REQUEST----" >> aktin-requests.log - -RESP=$(curl --location --request POST "$FLARE_BASE_URL/query/execute" \ ---header 'Content-Type: application/sq+json' \ ---data-raw "$QUERY_INPUT") - -if [ $CLIENT_OBFUSCATE = true ]; then - if [ $RESP != 0 ];then - RESP=$(($RESP - ($RESP % 10) + 10)) - fi -fi - -echo "----BEGIN RESPONSE----" >> aktin-requests.log -echo $RESP >> aktin-requests.log -echo "----END RESPONSE----" >> aktin-requests.log - -printf "$RESP" \ No newline at end of file diff --git a/num-node/aktin-client/client-exec-scripts/echo.sh b/num-node/aktin-client/client-exec-scripts/echo.sh deleted file mode 100755 index ca54039..0000000 --- a/num-node/aktin-client/client-exec-scripts/echo.sh +++ /dev/null @@ -1,3 +0,0 @@ - #/bin/bash - -echo "Connection works - this is a reponse from the a client" \ No newline at end of file diff --git a/num-node/aktin-client/client-exec-scripts/execute-cql.sh b/num-node/aktin-client/client-exec-scripts/execute-cql.sh deleted file mode 100755 index cc73d15..0000000 --- a/num-node/aktin-client/client-exec-scripts/execute-cql.sh +++ /dev/null @@ -1,113 +0,0 @@ -#!/bin/sh - -BASE=${FHIR_BASE_URL:-"http://fhir-server:8080/fhir"} -BASIC_AUTH_64=$(printf "$AUTH_USER:$AUTH_PW" | base64) -BASIC_AUTH="Authorization: Basic $BASIC_AUTH_64" - -library() { -cat < /dev/null - -MEASURE_ID=$(createmeasure ${MEASURE_URI} ${LIBRARY_URI} ${TYPE} | post "Measure" | jq -r .id) - -COUNT=$(evaluatemeasure ${MEASURE_ID} | jq ".group[0].population[0].count") - -printf "${COUNT}" diff --git a/num-node/aktin-client/docker-compose.yml b/num-node/aktin-client/docker-compose.yml deleted file mode 100644 index 7784231..0000000 --- a/num-node/aktin-client/docker-compose.yml +++ /dev/null @@ -1,28 +0,0 @@ -version: '3.7' -services: - aktin-client: - image: ghcr.io/num-codex/aktin-client:1.3.4 - environment: - BROKER_REQUEST_MEDIATYPE: ${CODEX_FEASIBILITY_AKTIN_CLIENT_BROKER_REQUEST_MEDIATYPE:-application/sq+json} - BROKER_RESULT_MEDIATYPE: ${CODEX_FEASIBILITY_AKTIN_CLIENT_BROKER_RESULT_MEDIATYPE:-application/json} - BROKER_ENDPOINT_URI: ${CODEX_FEASIBILITY_AKTIN_CLIENT_BROKER_ENDPOINT_URI:-http://aktin-broker:8080/broker/} - CLIENT_AUTH_CLASS: ${CODEX_FEASIBILITY_AKTIN_CLIENT_AUTH_CLASS:-org.aktin.broker.client2.auth.ApiKeyAuthentication} - CLIENT_AUTH_PARAM: ${CODEX_FEASIBILITY_AKTIN_CLIENT_AUTH_PARAM:-xxxApiKey123} - CLIENT_WEBSOCKET_PING_SECONDS: ${CLIENT_WEBSOCKET_PING_SECONDS:-60} - CLIENT_WEBSOCKET_RECONNECT_SECONDS: ${CODEX_FEASIBILITY_AKTIN_CLIENT_WEBSOCKET_RECONNECT_SECONDS:-10} - CLIENT_WEBSOCKET_RECONNECT_POLLING: ${CODEX_FEASIBILITY_AKTIN_CLIENT_WEBSOCKET_RECONNECT_POLLING:-true} - PROCESS_TIMEOUT_SECONDS: ${CODEX_FEASIBILITY_AKTIN_CLIENT_PROCESS_TIMEOUT_SECONDS:-60} - PROCESS_COMMAND: ${CODEX_FEASIBILITY_AKTIN_CLIENT_PROCESS_COMMAND:-/opt/aktin/call-flare.sh} - PROCESS_ARGS: ${CODEX_FEASIBILITY_AKTIN_CLIENT_PROCESS_ARGS:-10} - FLARE_BASE_URL: ${CODEX_FEASIBILITY_AKTIN_CLIENT_FLARE_BASE_URL:-http://node-flare:8080} - CLIENT_OBFUSCATE: ${CODEX_FEASIBILITY_AKTIN_CLIENT_OBFUSCATE:-true} - JAVA_OPTS: $JAVA_OPTS - AUTH_USER: ${AKTIN_CLIENT_AUTH_USER:-} - AUTH_PW: ${AKTIN_CLIENT_AUTH_PW:-} - FHIR_BASE_URL: ${AKTIN_FHIR_BASE_URL:-http://fhir-server:8080/fhir} - volumes: - - ./client-exec-scripts/echo.sh:/opt/aktin/echo.sh - - ./client-exec-scripts/call-cql.sh:/opt/aktin/call-cql.sh - - ./client-exec-scripts/execute-cql.sh:/opt/aktin/execute-cql.sh - - ./client-exec-scripts/call-flare.sh:/opt/aktin/call-flare.sh - - ./aktin-requests.log:/opt/aktin/aktin-requests.log diff --git a/num-node/down-node.sh b/num-node/down-node.sh deleted file mode 100755 index 9bec110..0000000 --- a/num-node/down-node.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/usr/bin/env sh - -COMPOSE_PROJECT=codex-deploy - -BASE_DIR="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -docker-compose -p $COMPOSE_PROJECT -f $BASE_DIR/aktin-client/docker-compose.yml down -docker-compose -p $COMPOSE_PROJECT -f $BASE_DIR/flare/docker-compose.yml down -docker-compose -p $COMPOSE_PROJECT -f $BASE_DIR/fhir-server/blaze-server/docker-compose.yml down -v -docker-compose -p $COMPOSE_PROJECT -f $BASE_DIR/fhir-server/hapi-fhir-server/docker-compose.yml down -docker-compose -p $COMPOSE_PROJECT -f $BASE_DIR/rev-proxy/docker-compose.yml down -sh $BASE_DIR/dsf-client/down.sh $COMPOSE_PROJECT diff --git a/num-node/dsf-client/.env b/num-node/dsf-client/.env deleted file mode 100644 index 8a9f5a4..0000000 --- a/num-node/dsf-client/.env +++ /dev/null @@ -1,2 +0,0 @@ -DIC_1_USER_THUMBPRINTS=e2b39f27f51553a9f51a4dbda11cf7ac36339778af0d38a51cc85538dfde8b04837acc1dc8ec0a401cbe7867dbc9e1ba82e950fea4ca304aa3909541ad49fd16,d2e7338c3e9fc96a081b1a8983a847028859a68e5e318cb79cd6d0b2e9508e91698c373bbcdf56f774d6a9997e4a83a28fb6046ec80f8551ae38de49fe03b202 -DIC_1_USER_THUMBPRINTS_PERMANENT_DELETE=e2b39f27f51553a9f51a4dbda11cf7ac36339778af0d38a51cc85538dfde8b04837acc1dc8ec0a401cbe7867dbc9e1ba82e950fea4ca304aa3909541ad49fd16,d2e7338c3e9fc96a081b1a8983a847028859a68e5e318cb79cd6d0b2e9508e91698c373bbcdf56f774d6a9997e4a83a28fb6046ec80f8551ae38de49fe03b202 diff --git a/num-node/dsf-client/docker-compose.yml b/num-node/dsf-client/docker-compose.yml deleted file mode 100644 index 2de047e..0000000 --- a/num-node/dsf-client/docker-compose.yml +++ /dev/null @@ -1,181 +0,0 @@ -version: '3.7' - -services: - - # ---- Proxy ---------------------------------------------------------------- - dsf-dic-fhir-proxy: - image: nginx:1.21 - restart: on-failure - secrets: - - proxy_certificate_and_int_cas.pem - - proxy_certificate_private_key.pem - - proxy_trusted_client_cas.pem - volumes: - - type: bind - source: ./proxy/nginx.conf - target: /etc/nginx/nginx.conf - read_only: true - environment: - TZ: Europe/Berlin - depends_on: - - dsf-dic-fhir-app - - dsf-dic-fhir-app: - image: ghcr.io/highmed/fhir:0.5.2 - restart: on-failure - volumes: - - type: bind - source: ./fhir/app/conf/bundle.xml - target: /opt/fhir/conf/bundle.xml - secrets: - - db_liquibase.password - - db_fhir_dic_1_user.password - - db_fhir_dic_1_user_permanent_delete.password - - app_client_trust_certificates.pem - - app_dic_1_client_certificate.pem - - app_dic_1_client_certificate_private_key.pem - - app_client_certificate_private_key.pem.password - environment: - ORG_HIGHMED_DSF_FHIR_DB_LIQUIBASE_PASSWORD_FILE: /run/secrets/db_liquibase.password - ORG_HIGHMED_DSF_FHIR_DB_USER_PASSWORD_FILE: /run/secrets/db_fhir_dic_1_user.password - ORG_HIGHMED_DSF_FHIR_DB_USER_PERMANENT_DELETE_PASSWORD_FILE: /run/secrets/db_fhir_dic_1_user_permanent_delete.password - ORG_HIGHMED_DSF_FHIR_CLIENT_TRUST_CERTIFICATES: /run/secrets/app_client_trust_certificates.pem - ORG_HIGHMED_DSF_FHIR_CLIENT_CERTIFICATE: /run/secrets/app_dic_1_client_certificate.pem - ORG_HIGHMED_DSF_FHIR_CLIENT_CERTIFICATE_PRIVATE_KEY: /run/secrets/app_dic_1_client_certificate_private_key.pem - ORG_HIGHMED_DSF_FHIR_CLIENT_CERTIFICATE_PRIVATE_KEY_PASSWORD_FILE: /run/secrets/app_client_certificate_private_key.pem.password - ORG_HIGHMED_DSF_FHIR_DB_URL: jdbc:postgresql://dsf-dic-fhir-db/fhir - ORG_HIGHMED_DSF_FHIR_DB_USER_GROUP: dic_1_fhir_users - ORG_HIGHMED_DSF_FHIR_DB_USER_USERNAME: dic_1_fhir_server_user - ORG_HIGHMED_DSF_FHIR_DB_USER_PERMANENT_DELETE_GROUP: dic_1_fhir_permanent_delete_users - ORG_HIGHMED_DSF_FHIR_DB_USER_PERMANENT_DELETE_USERNAME: dic_1_fhir_server_permanent_delete_user - ORG_HIGHMED_DSF_FHIR_SERVER_BASE_URL: https://dsf-dic-fhir-proxy/fhir - ORG_HIGHMED_DSF_FHIR_SERVER_ORGANIZATION_IDENTIFIER_VALUE: Test_DIC_1 - ORG_HIGHMED_DSF_FHIR_SERVER_USER_THUMBPRINTS: "e2b39f27f51553a9f51a4dbda11cf7ac36339778af0d38a51cc85538dfde8b04837acc1dc8ec0a401cbe7867dbc9e1ba82e950fea4ca304aa3909541ad49fd16,d2e7338c3e9fc96a081b1a8983a847028859a68e5e318cb79cd6d0b2e9508e91698c373bbcdf56f774d6a9997e4a83a28fb6046ec80f8551ae38de49fe03b202" - ORG_HIGHMED_DSF_FHIR_SERVER_USER_THUMBPRINTS_PERMANENT_DELETE: "e2b39f27f51553a9f51a4dbda11cf7ac36339778af0d38a51cc85538dfde8b04837acc1dc8ec0a401cbe7867dbc9e1ba82e950fea4ca304aa3909541ad49fd16,d2e7338c3e9fc96a081b1a8983a847028859a68e5e318cb79cd6d0b2e9508e91698c373bbcdf56f774d6a9997e4a83a28fb6046ec80f8551ae38de49fe03b202" - EXTRA_JVM_ARGS: ${CODEX_DSF_ZARS_FHIR_APP_JVM_ARGS} - TZ: Europe/Berlin - #CORS_ORIGINS: "http://dsf-zars-bpe-app" - # ORGANIZATION_TYPE: "MeDIC" - needs to be put into the fhir resource organisation - depends_on: - - dsf-dic-fhir-db - - dsf-dic-fhir-db: - image: postgres:13 - restart: on-failure - healthcheck: - test: [ "CMD-SHELL", "pg_isready -U liquibase_user -d fhir" ] - interval: 10s - timeout: 5s - retries: 5 - environment: - POSTGRES_PASSWORD_FILE: /run/secrets/db_liquibase.password - POSTGRES_USER: liquibase_user - POSTGRES_DB: fhir - volumes: - - type: volume - source: dsf-dic-fhir-db-data - target: /var/lib/postgresql/data - secrets: - - db_liquibase.password - - dsf-dic-bpe-app: - image: ghcr.io/highmed/bpe:0.5.2 - restart: on-failure - volumes: - - type: bind - source: ../../assets/codex-process-feasibility-0.1.0-RC6.jar - target: /opt/bpe/process/codex-process-feasibility-0.1.0-RC6.jar - read_only: true - - type: bind - source: ./bpe/app/last_event - target: /opt/bpe/last_event - - type: bind - source: ../../assets/hapi-fhir-client-5.1.0.jar - target: /opt/bpe/plugin/hapi-fhir-client-5.1.0.jar - read_only: true - secrets: - - db_liquibase.password - - db_dic_1_bpe_user.password - - db_dic_1_bpe_user_camunda.password - - app_client_trust_certificates.pem - - app_dic_1_client_certificate.pem - - app_dic_1_client_certificate_private_key.pem - - app_client_certificate_private_key.pem.password - environment: - ORG_HIGHMED_DSF_BPE_DB_LIQUIBASE_PASSWORD_FILE: /run/secrets/db_liquibase.password - ORG_HIGHMED_DSF_BPE_DB_USER_PASSWORD_FILE: /run/secrets/db_dic_1_bpe_user.password - ORG_HIGHMED_DSF_BPE_DB_USER_CAMUNDA_PASSWORD_FILE: /run/secrets/db_dic_1_bpe_user_camunda.password - ORG_HIGHMED_DSF_BPE_FHIR_CLIENT_TRUST_CERTIFICATES: /run/secrets/app_client_trust_certificates.pem - ORG_HIGHMED_DSF_BPE_FHIR_CLIENT_CERTIFICATE: /run/secrets/app_dic_1_client_certificate.pem - ORG_HIGHMED_DSF_BPE_FHIR_CLIENT_CERTIFICATE_PRIVATE_KEY: /run/secrets/app_dic_1_client_certificate_private_key.pem - ORG_HIGHMED_DSF_BPE_FHIR_CLIENT_CERTIFICATE_PRIVATE_KEY_PASSWORD_FILE: /run/secrets/app_client_certificate_private_key.pem.password - ORG_HIGHMED_DSF_BPE_DB_URL: jdbc:postgresql://dsf-dic-bpe-db/bpe - ORG_HIGHMED_DSF_BPE_DB_USER_GROUP: dic_1_bpe_users - ORG_HIGHMED_DSF_BPE_DB_USER_USERNAME: dic_1_bpe_server_user - ORG_HIGHMED_DSF_BPE_DB_USER_CAMUNDA_GROUP: dic_1_camunda_users - ORG_HIGHMED_DSF_BPE_DB_USER_CAMUNDA_USERNAME: dic_1_camunda_server_user - ORG_HIGHMED_DSF_BPE_FHIR_SERVER_ORGANIZATION_IDENTIFIER_VALUE: Test_DIC_1 - ORG_HIGHMED_DSF_BPE_FHIR_SERVER_BASE_URL: https://dsf-dic-fhir-proxy/fhir - DE_NETZWERK_UNIVERSITAETSMEDIZIN_CODEX_PROCESSES_FEASIBILITY_FLARE_WEBSERVICE_BASEURL: http://node-flare:5000/ - DE_NETZWERK_UNIVERSITAETSMEDIZIN_CODEX_PROCESSES_FEASIBILITY_FLARE_WEBSERVICE_CONNECTTIMEOUT: 2000 - DE_NETZWERK_UNIVERSITAETSMEDIZIN_CODEX_PROCESSES_FEASIBILITY_EVALUATION_STRATEGY: ${CODEX_FEASIBILITY_DSF_CLIENT_PROCESS_EVALUATION_STRATEGY:"structured-query"} - DE_NETZWERK_UNIVERSITAETSMEDIZIN_CODEX_PROCESSES_FEASIBILITY_EVALUATION_OBFUSCATE: ${CODEX_FEASIBILITY_DSF_CLIENT_PROCESS_EVALUATION_OBFUSCATE:"true"} - EXTRA_JVM_ARGS: ${CODEX_DSF_ZARS_BPE_APP_JVM_ARGS} - TZ: "Europe/Berlin" - depends_on: - - dsf-dic-fhir-proxy - - dsf-dic-bpe-db - - dsf-dic-bpe-db: - image: postgres:13 - restart: on-failure - healthcheck: - test: [ "CMD-SHELL", "pg_isready -U liquibase_user -d bpe" ] - interval: 10s - timeout: 5s - retries: 5 - environment: - POSTGRES_PASSWORD_FILE: /run/secrets/db_liquibase.password - POSTGRES_USER: liquibase_user - POSTGRES_DB: bpe - volumes: - - type: volume - source: dsf-dic-bpe-db-data - target: /var/lib/postgresql/data - secrets: - - db_liquibase.password - -secrets: - proxy_certificate_and_int_cas.pem: - file: ../../secrets/proxy_certificate_and_int_cas.pem - proxy_certificate_private_key.pem: - file: ../../secrets/proxy_certificate_private_key.pem - proxy_trusted_client_cas.pem: - file: ../../secrets/proxy_trusted_client_cas.pem - - app_client_trust_certificates.pem: - file: ../../secrets/app_client_trust_certificates.pem - app_client_certificate_private_key.pem.password: - file: ../../secrets/app_client_certificate_private_key.pem.password - - db_liquibase.password: - file: ../../secrets/db_liquibase.password - - db_dic_1_bpe_user.password: - file: ../../secrets/db_dic_1_bpe_user.password - db_dic_1_bpe_user_camunda.password: - file: ../../secrets/db_dic_1_bpe_user_camunda.password - app_dic_1_client_certificate.pem: - file: ../../secrets/app_dic_1_client_certificate.pem - app_dic_1_client_certificate_private_key.pem: - file: ../../secrets/app_dic_1_client_certificate_private_key.pem - db_fhir_dic_1_user.password: - file: ../../secrets/db_fhir_dic_1_user.password - db_fhir_dic_1_user_permanent_delete.password: - file: ../../secrets/db_fhir_dic_1_user_permanent_delete.password - -volumes: - dsf-dic-fhir-db-data: - name: "dsf-dic-fhir-db-data" - dsf-dic-bpe-db-data: - name: "dsf-dic-bpe-db-data" diff --git a/num-node/dsf-client/down.sh b/num-node/dsf-client/down.sh deleted file mode 100755 index 5f42f5b..0000000 --- a/num-node/dsf-client/down.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/usr/bin/env sh - -# Arguments -# 1: docker-compose project token - -BASE_DIR="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -docker-compose -p $1 -f $BASE_DIR/docker-compose.yml down diff --git a/num-node/dsf-client/fhir/app/conf/bundle.xml b/num-node/dsf-client/fhir/app/conf/bundle.xml deleted file mode 100644 index 00a41ef..0000000 --- a/num-node/dsf-client/fhir/app/conf/bundle.xml +++ /dev/null @@ -1,262 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/num-node/dsf-client/proxy/nginx.conf b/num-node/dsf-client/proxy/nginx.conf deleted file mode 100644 index 9d770e4..0000000 --- a/num-node/dsf-client/proxy/nginx.conf +++ /dev/null @@ -1,56 +0,0 @@ - -user nginx; -worker_processes 1; - -error_log /var/log/nginx/error.log warn; -pid /var/run/nginx.pid; - - -events { - worker_connections 1024; -} - - -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - #tcp_nopush on; - - keepalive_timeout 65; - - #gzip on; - - ssl_certificate /run/secrets/proxy_certificate_and_int_cas.pem; - ssl_certificate_key /run/secrets/proxy_certificate_private_key.pem; - ssl_protocols TLSv1.3; - ssl_prefer_server_ciphers off; - add_header Strict-Transport-Security "max-age=63072000" always; - - ssl_client_certificate /run/secrets/proxy_trusted_client_cas.pem; - ssl_verify_client on; - ssl_verify_depth 2; - - server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name dsf-dic-fhir-proxy; - - location / { - proxy_set_header X-ClientCert $ssl_client_escaped_cert; - proxy_pass http://dsf-dic-fhir-app:8080; - - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 43200s; - } - } -} diff --git a/num-node/dsf-client/start.sh b/num-node/dsf-client/start.sh deleted file mode 100755 index a8d5b54..0000000 --- a/num-node/dsf-client/start.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/usr/bin/env sh - -# Arguments -# 1: docker-compose project token - -BASE_DIR="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# FHIR ------------------------------------------------------------------------ - -echo "Starting ZARS FHIR app..." -docker-compose -p $1 -f $BASE_DIR/docker-compose.yml up -d dsf-dic-fhir-proxy -echo -n "Waiting for full startup of the DSF DIC FHIR app..." -( docker-compose -p $1 -f $BASE_DIR/docker-compose.yml logs -f dsf-dic-fhir-app & ) | grep -E -q '^.* Server\.doStart.* \| Started.*' -echo "DONE" - -# BPE ------------------------------------------------------------------------- - -echo -n "Setting permissions for ZARS BPE app..." -chmod a+w -R $BASE_DIR/bpe/app/last_event -echo "DONE" - -echo "Starting ZARS BPE app..." -docker-compose -p $1 -f $BASE_DIR/docker-compose.yml up -d dsf-dic-bpe-app -echo -n "Waiting for full startup of the DSF DIC BPE app..." -( docker-compose -p $1 -f $BASE_DIR/docker-compose.yml logs -f dsf-dic-bpe-app & ) | grep -E -q '^.* Server\.doStart.* \| Started.*' -echo "DONE" diff --git a/num-node/dsf-client/stop.sh b/num-node/dsf-client/stop.sh deleted file mode 100755 index 83b63c9..0000000 --- a/num-node/dsf-client/stop.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/usr/bin/env sh - -# Arguments -# 1: docker-compose project token - -BASE_DIR="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -docker-compose -p $1 -f $BASE_DIR/docker-compose.yml stop diff --git a/num-node/fhir-server/blaze-server/docker-compose.yml b/num-node/fhir-server/blaze-server/docker-compose.yml deleted file mode 100644 index cf144b8..0000000 --- a/num-node/fhir-server/blaze-server/docker-compose.yml +++ /dev/null @@ -1,15 +0,0 @@ -version: '3.7' -services: - fhir-server: - image: ghcr.io/num-codex/blaze:0.16 - environment: - BASE_URL: "http://fhir-server:8080" - JAVA_TOOL_OPTIONS: ${CODEX_FHIR_SERVER_JVM_ARGS:--Xmx4g} - LOG_LEVEL: debug - ports: - - ${PORT_BLAZE_FHIR:-127.0.0.1:8081}:8080 - volumes: - - "blaze-data:/app/data" - -volumes: - blaze-data: diff --git a/num-node/fhir-server/blaze-server/resetBlaze.sh b/num-node/fhir-server/blaze-server/resetBlaze.sh deleted file mode 100755 index e65db7e..0000000 --- a/num-node/fhir-server/blaze-server/resetBlaze.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/usr/bin/env sh - -COMPOSE_PROJECT=codex-deploy - -BASE_DIR="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -docker-compose -p $COMPOSE_PROJECT -f $BASE_DIR/docker-compose.yml down -v -docker-compose -p $COMPOSE_PROJECT -f $BASE_DIR/docker-compose.yml up -d diff --git a/num-node/fhir-server/hapi-fhir-server/README.md b/num-node/fhir-server/hapi-fhir-server/README.md deleted file mode 100644 index d10d1e6..0000000 --- a/num-node/fhir-server/hapi-fhir-server/README.md +++ /dev/null @@ -1,13 +0,0 @@ -# HAPI FHIR Server - -Simple HAPI FHIR Server based on official HAPI project docker: hapiproject/hapi:v5.1.0 - -## Run - -### With batteries included - -```sh -docker-compose -f docker-compose.yml up -d -``` - -Access at \ No newline at end of file diff --git a/num-node/fhir-server/hapi-fhir-server/docker-compose.yml b/num-node/fhir-server/hapi-fhir-server/docker-compose.yml deleted file mode 100644 index 968803b..0000000 --- a/num-node/fhir-server/hapi-fhir-server/docker-compose.yml +++ /dev/null @@ -1,27 +0,0 @@ -version: "3.7" - -services: - fhir-server: - container_name: fhir-server - image: hapiproject/hapi:v5.4.1 - restart: always - ports: - - ${PORT_HAPI_FHIR:-127.0.0.1:8081}:8080 - environment: - SPRING_DATASOURCE_URL: "jdbc:postgresql://db:5432/fhir?currentSchema=public" - SPRING_DATASOURCE_USERNAME: postgres - SPRING_DATASOURCE_PASSWORD: postgres - SPRING_DATASOURCE_DRIVERCLASSNAME: org.postgresql.Driver - SPRING_JPA_PROPERTIES_HIBERNATE_DIALECT: org.hibernate.dialect.PostgreSQL10Dialect - VALIDATION_REQUESTS_ENABLED: "false" - HAPI_FHIR_USE_APACHE_ADDRESS_STRATEGY: "true" - depends_on: - - db - - db: - container_name: hapidb - image: postgres:12.6-alpine - restart: always - environment: - POSTGRES_PASSWORD: postgres - POSTGRES_DB: fhir diff --git a/num-node/flare/docker-compose.yml b/num-node/flare/docker-compose.yml deleted file mode 100644 index 894643e..0000000 --- a/num-node/flare/docker-compose.yml +++ /dev/null @@ -1,17 +0,0 @@ -version: "3.7" - -services: - node-flare: - image: ghcr.io/rwth-imi/flare-query:1.0-rc8 - ports: - - ${NUM_NODE_PORT_FLARE:-127.0.0.1:8084}:8080 - environment: - FLARE_FHIR_SERVER_URL: ${FLARE_FHIR_SERVER_URL:-http://fhir-server:8080/fhir/} - FLARE_FHIR_USER: ${FLARE_FHIR_USER:-} - FLARE_FHIR_PW: ${FLARE_FHIR_PW:-} - MAPPINGS_FILE: ${FLARE_ONTOLOGY_FILES_FOLDER:-/opt/flare/ontology}/codex-term-code-mapping.json - CONCEPT_TREE_FILE: ${FLARE_ONTOLOGY_FILES_FOLDER:-/opt/flare/ontology}/codex-code-tree.json - volumes: - - ${FLARE_LOCAL_CONCEPT_TREE_PATH:-../ontology/codex-code-tree.json}:${FLARE_ONTOLOGY_FILES_FOLDER:-/opt/flare/ontology}/codex-code-tree.json - - ${FLARE_LOCAL_TERM_CODE_MAPPING_PATH:-../ontology/codex-term-code-mapping.json}:${FLARE_ONTOLOGY_FILES_FOLDER:-/opt/flare/ontology}/codex-term-code-mapping.json - diff --git a/num-node/init-testdata.sh b/num-node/init-testdata.sh deleted file mode 100755 index e82f2f3..0000000 --- a/num-node/init-testdata.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/usr/bin/env sh - -BASE_DIR="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -FILES=$BASE_DIR/testdata/* -for fhirBundle in $FILES; do - echo "Sending Testdata bundle $fhirBundle ..." - curl -X POST -H "Content-Type: application/json" -d @$fhirBundle http://localhost:8081/fhir -done diff --git a/num-node/ontology/.gitkeep b/num-node/ontology/.gitkeep deleted file mode 100644 index e69de29..0000000 diff --git a/num-node/rev-proxy/add-nginx-user.sh b/num-node/rev-proxy/add-nginx-user.sh deleted file mode 100755 index e82eab8..0000000 --- a/num-node/rev-proxy/add-nginx-user.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh -echo "generating user and pw: $1 , $2" -docker run --rm --entrypoint htpasswd registry:2.7.0 -nb $1 $2 >> .htpasswd diff --git a/num-node/rev-proxy/generateCert.sh b/num-node/rev-proxy/generateCert.sh deleted file mode 100755 index dc5087a..0000000 --- a/num-node/rev-proxy/generateCert.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/usr/bin/env sh - -BASE_DIR="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -docker run --rm -v $BASE_DIR:/export --entrypoint openssl alpine/openssl req -nodes -subj '/CN=localhost' -x509 -newkey rsa:4096 -keyout /export/key.pem -out /export/cert.pem -days 99999 diff --git a/num-node/rev-proxy/q_nginx_start.sh b/num-node/rev-proxy/q_nginx_start.sh deleted file mode 100755 index 356c1b3..0000000 --- a/num-node/rev-proxy/q_nginx_start.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/bash -ALLOWED_IPS=${ALLOWED_IPS:-""} - -echo $ALLOWED_IPS - -ips=$(echo $ALLOWED_IPS | tr ",'" "\n") - -printf "" > /etc/nginx/conf.d/queue_allow_ips.conf - -for ip in $ips -do - echo "allow $ip;" >> /etc/nginx/conf.d/queue_allow_ips.conf -done - -if [[ -n $ALLOWED_IPS ]];then - echo "deny all;" >> /etc/nginx/conf.d/queue_allow_ips.conf -fi - -#starting nginx -nginx -g 'daemon off;' diff --git a/num-node/rev-proxy/reset-nginx.sh b/num-node/rev-proxy/reset-nginx.sh deleted file mode 100755 index 5ccc2f6..0000000 --- a/num-node/rev-proxy/reset-nginx.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/usr/bin/env sh - -export COMPOSE_IGNORE_ORPHANS=True -COMPOSE_PROJECT=codex-deploy - -BASE_DIR="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -docker-compose -p $COMPOSE_PROJECT -f $BASE_DIR/docker-compose.yml down -docker-compose -p $COMPOSE_PROJECT -f $BASE_DIR/docker-compose.yml up -d diff --git a/num-node/rev-proxy/setup-base-auth.sh b/num-node/rev-proxy/setup-base-auth.sh deleted file mode 100755 index b2ad89b..0000000 --- a/num-node/rev-proxy/setup-base-auth.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/usr/bin/env sh - -#FILE=$PWD/node-rev-proxy/dhparam.pem -#if [ ! -f "$FILE" ]; then -# echo "Creating longer Diffie-Hellman Prime for extra security... this may take a while \n\n" -# docker run --rm -v $PWD/node-rev-proxy:/export --entrypoint openssl alpine/openssl dhparam -out /export/dhparam.pem 4096 -# echo $FILE -# -#fi - -readlink "$0" >/dev/null -if [ $? -ne 0 ]; then - BASE_DIR=$(dirname "$0") -else - BASE_DIR=$(dirname "$(readlink "$0")") -fi - -echo "Generating default certificate..." -docker run --rm -v $BASE_DIR/auth:/export --entrypoint openssl alpine/openssl req -nodes -subj '/CN=localhost' -x509 -newkey rsa:4096 -keyout /export/key.pem -out /export/cert.pem -days 99999 - -#echo "generating user: $1 , with password: $2" -#docker run --rm --entrypoint htpasswd registry:2.7.0 -nb $1 $2 > .htpasswd diff --git a/num-node/setup-base-auth.sh b/num-node/setup-base-auth.sh deleted file mode 100755 index d7097f6..0000000 --- a/num-node/setup-base-auth.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/usr/bin/env sh - -#FILE=$PWD/node-rev-proxy/dhparam.pem -#if [ ! -f "$FILE" ]; then -# echo "Creating longer Diffie-Hellman Prime for extra security... this may take a while \n\n" -# docker run --rm -v $PWD/node-rev-proxy:/export --entrypoint openssl alpine/openssl dhparam -out /export/dhparam.pem 4096 -# echo $FILE -# -#fi -if [ -z "$BASE_DIR" ]; then - BASE_DIR=$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P ) -fi - -if [ -z "$1" ] && [ -z "$2" ]; then - echo "please provide a username and password" - echo "setup-all-base-auth.sh " - exit -fi - -#echo "Generating default certificate..." -#docker run --rm -v $BASE_DIR/auth:/export --entrypoint openssl alpine/openssl req -nodes -subj '/CN=localhost' -x509 -newkey rsa:4096 -keyout /export/key.pem -out /export/cert.pem -days 99999 -#docker run --rm -v $BASE_DIR/auth:/export alpine chmod 655 /export/* - -echo "generating user: $1 , with password: $2" -docker run --rm --entrypoint htpasswd registry:2.7.0 -nb $1 $2 > $BASE_DIR/auth/.htpasswd - diff --git a/num-node/start-node.sh b/num-node/start-node.sh deleted file mode 100755 index 746ec01..0000000 --- a/num-node/start-node.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/usr/bin/env sh - -COMPOSE_PROJECT=abide-deploy -export PORT_NUM_NODE_REV_PROXY=444 - -BASE_DIR="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" -FHIR_SERVER=${FHIR_SERVER:-blaze} -CERT_FILE=${CERT_FILE:-$BASE_DIR/auth/cert.pem} -KEY_FILE=${KEY_FILE:-$BASE_DIR/auth/key.pem} - -docker-compose -p $COMPOSE_PROJECT -f $BASE_DIR/aktin-client/docker-compose.yml up -d -docker-compose -p $COMPOSE_PROJECT -f $BASE_DIR/flare/docker-compose.yml up -d - -if [ "$FHIR_SERVER" = "blaze" ]; then - echo "Starting up FHIR-Server: Blaze" - docker-compose -p $COMPOSE_PROJECT -f $BASE_DIR/fhir-server/blaze-server/docker-compose.yml up -d -elif [ "$FHIR_SERVER" = "hapi" ]; then - echo "Starting up FHIR-Server: HAPI" - docker-compose -p $COMPOSE_PROJECT -f $BASE_DIR/fhir-server/hapi-fhir-server/docker-compose.yml up -d -fi - -if [ -f "$CERT_FILE" ] && [ -f "$KEY_FILE" ]; then - echo "Auth files cert: $CERT_FILE and key: $KEY_FILE exist => starting NGINX reverse proxy on port $PORT_NUM_NODE_REV_PROXY" - docker-compose -p $COMPOSE_PROJECT -f $BASE_DIR/rev-proxy/docker-compose.yml up -d -else - echo "One of or both cert ($CERT_FILE) and key ($KEY_FILE) files missing => NOT starting NGINX reverse proxy on port $PORT_NUM_NODE_REV_PROXY" - echo "Note that your feasibility triangle will still work, but will only be accessible from localhost" -fi diff --git a/num-node/stop-node.sh b/num-node/stop-node.sh deleted file mode 100755 index cef5686..0000000 --- a/num-node/stop-node.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/usr/bin/env sh - -COMPOSE_PROJECT=abide-deploy - -BASE_DIR="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -docker-compose -p $COMPOSE_PROJECT -f $BASE_DIR/aktin-client/docker-compose.yml stop -docker-compose -p $COMPOSE_PROJECT -f $BASE_DIR/flare/docker-compose.yml stop -docker-compose -p $COMPOSE_PROJECT -f $BASE_DIR/fhir-server/blaze-server/docker-compose.yml stop -docker-compose -p $COMPOSE_PROJECT -f $BASE_DIR/fhir-server/hapi-fhir-server/docker-compose.yml stop -docker-compose -p $COMPOSE_PROJECT -f $BASE_DIR/rev-proxy/docker-compose.yml stop -sh $BASE_DIR/dsf-client/stop.sh $COMPOSE_PROJECT diff --git a/secrets/app_client_certificate_private_key.pem.password b/secrets/app_client_certificate_private_key.pem.password deleted file mode 100644 index 7aa311a..0000000 --- a/secrets/app_client_certificate_private_key.pem.password +++ /dev/null @@ -1 +0,0 @@ -password \ No newline at end of file diff --git a/secrets/app_client_trust_certificates.pem b/secrets/app_client_trust_certificates.pem deleted file mode 100644 index a5f16f3..0000000 --- a/secrets/app_client_trust_certificates.pem +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE/TCCAuWgAwIBAgIGAX0zqQXAMA0GCSqGSIb3DQEBDQUAMBwxCzAJBgNVBAYT -AkRFMQ0wCwYDVQQDDARUZXN0MB4XDTIxMTExODE1MjczNFoXDTMxMTExODE1Mjcz -NFowHDELMAkGA1UEBhMCREUxDTALBgNVBAMMBFRlc3QwggIiMA0GCSqGSIb3DQEB -AQUAA4ICDwAwggIKAoICAQCEcTJ8fEGvYVH05Us0COJWx+Frde4m83+uM4knLZOT -BeCcsLck8ImYOsmGnuCeE2s/NXYup0amBCnTm8N+02qlBGsTBVtbA9Q4KagvvMt+ -RzBA+XiNKzddj5+86e88Pb6vZpIHzAZTczJx9suX1sVwdhUnItJ9H4vW2NboD6GS -HUI8jkqxo2/GgsJ8EDZ2gHqueDNUfSh0hLM9OOCFPMz4frZ2X0THxq4RExWiLxap -wibzTQSUlJoawicaqNnDVNkTXxAWIVp8ZQLt2ftQI1ejsSvHp3o25Yq/g0QHWUzl -dtdNRCCWZiCn6pDZEnjEFitMgI16lEGQk9/+7EFANmu26Zzcz9mesAPlrW3f3cBP -a5OWzKATjjS+6FmBO/rclSbRwpzYYf3ZNprWHH1CXFD75My4+bpdJMgIJHMw4UKe -EOAQ8gPnQymnhDHWf6CnFF4GF5iTOmhPcgY/KNFHQKetK3Ahr3+hNEvWc6gF5keu -lyX/LKqbU1UBS6nCbkC07QRs6nUu9EWvA6MkG2fsX4IzxI5zzzm8in6lDpbZKJpG -GN4gyloSn5W07jpxCLQOx511rgDE/giqOclcClquwC1kMVw6OOVkVAsoO617SlPv -g7BEW9kQOpw+b2N+rm2PzaGzGaIpEzaHsGlGpBEY0OxJUQLfMjC9zwI3Mrjp6T1O -lwIDAQABo0UwQzAdBgNVHQ4EFgQU63O2Ad7qkE/GOId7P60sa6ge7ycwEgYDVR0T -AQH/BAgwBgEB/wIBATAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQENBQADggIB -ACYMVsFoJcr/by6J/D7sDZjeJF++LMc6wERy2cwOpl+pOfzbkzOqbysGZq37Z136 -bxtufzJiSRvNbyxtCfbJkMA2/RcAdXrCPyUziMgMqj1eVdJ3proVzRGRs5DNLGNB -rmvGLWxqbdWAX86AoLmYbwddM9dpF5ZVliv7vh37I6Y4To3G5SHgmRm6wk0FgA3w -27+Kj/BKpn83wZHOBA6Dld6TDDjMxl7aQUd3kcTsWp/V1sBC0m+YZJW9U7SqsMAx -3hJOuF7uMEuTTtQkWs6yzGchTi/SFJolC8vvq7SgMSCH5Qt3ySZixtp01O53O7oG -7Iywdj2kN8qwI4+yLGm+dqzkChgPqjR3DIyOFQZvYlSRgglaKU2jSipoQneg/3Wu -JE1AjciSR8lblSLFJildLejVEWJ3chrPeeKwFu0lGBQRCgcIqlnexz7mSEriKZSw -EEp36WoO9eGZ45fbJdCEnQb+Ic7hrA1Ll3C1+GsWhZ9DDCr2VhHvZ5T9khGcpG+D -3Muq869YPMq0vpuZRUmyq/6mUGpZ5E7m5d1sgFghIqywl3ZJK+qkTXu1qa6mC2gq -8Eodnd0zTtyTlr/zBZgeCypNVG9dmAIZYqNulubGkFQkK5WD6UXrWFHqT/Z8bQ5a -V8XcC/3nBZa5g8OziVi03YkUpCunaYFJyyMg8UbZBW4q ------END CERTIFICATE----- diff --git a/secrets/app_dic_1_client_certificate.pem b/secrets/app_dic_1_client_certificate.pem deleted file mode 100644 index 5a32fab..0000000 --- a/secrets/app_dic_1_client_certificate.pem +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFNTCCAx2gAwIBAgIGAX0zqRBKMA0GCSqGSIb3DQEBDQUAMBwxCzAJBgNVBAYT -AkRFMQ0wCwYDVQQDDARUZXN0MB4XDTIxMTExODE1MjczN1oXDTIyMTExODE1Mjcz -N1owJDELMAkGA1UEBhMCREUxFTATBgNVBAMMDGRpYy0xLWNsaWVudDCCAiIwDQYJ -KoZIhvcNAQEBBQADggIPADCCAgoCggIBAKKQGOu5WqSU+jCdpCGrxb3d3p5Ic40e -Yr7K8qmu/6zVXsIoZo6F+DrnYj09IIUr6+AzK5cuIPRUKjBhhN+KcyC2wY24b29W -ZADXJxV95E3I917fjrAcDXmHLNGgIPYZhTfSOMjvtt/CmQA1OOuy6A+XbGImCgrg -iC+Qbsk0dNDTamriTlVG7D/VAUhiv12D7K0TtvrvJMsRtmoV5qURmauRkIYTF+00 -e1L8MAOEwR92t9S1kwYmOTJtPHF2PRPnHibAkLQ8mXOF1wSBoy33lWzKkUshpCvr -HD/GvCIYLTDeKn6MTs5RFYBN6fXw8Pm0DUIJrfueH2xdcrDDTXDvNPcUFSNZ1ltJ -mBwKwefIsPltJJXPQoDghLEhDTIiSDO1xIhRYs5M4IC8ENxwZp3BIgMVogeAgPL0 -noqfEZgGyX5Msra+bPaNqB0qybVi64Pk+KOEFQLjoQEyfgC9/kX4XHcXzrCNmg3P -VW/2JviZ95XBDQwO0Hk5uF6EBPCYOs1mkZqjuC7tGgK/J9101FPu6eqiXdDj7YcF -eTYiTpz7eHGjlbl+Ele6xoo8Snk0bxKAPobHeVmJgMp3nsYtilXizNGPDxZYC06L -cOvfJwHbDPrwQO8aoEhPRvId4E0np2+Gt+95Wbd1zEFL4iAsIzsD8I60zCIxVmDH -NQwbAgJwOsmtAgMBAAGjdTBzMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXg -MB0GA1UdDgQWBBQkuyqbNycKzX6fVH8dBVyQXM7qXjAfBgNVHSMEGDAWgBTrc7YB -3uqQT8Y4h3s/rSxrqB7vJzATBgNVHSUEDDAKBggrBgEFBQcDAjANBgkqhkiG9w0B -AQ0FAAOCAgEAOREHvSaon7wET8fH2Fl8nvRhvi+i/1TIbMnRHWLiUu4GV4J5+Dig -Ks+12QxvSz+9KEUZSYQHtkC7GJqgB6af7CfFc4a36AZ15keiCME6xDKK6HuBcYPA -0puw18UdtwYs6M6qxVdIuM2R/tdEvXGCkRLGfjNqfn4RKkYCW8zxZtQG4eUgaYqk -CohJiddaeKvktQDfHLWuKLNp19WTM0RAOVtNB89G9iCFtna19K/lQTapo0PMu4le -ITiGme3YmfCFASatDGNlToZ6LhT0gmdT0pPT2+OFLanEwTH3GvtfFNnKldsEifq7 -w31uucLXkCIZnvXZt96OloRSq0NieY/orVMshEk2LjK2rK8Tsu4Pk2UvasN2BOgp -om6rmpwBvfe0DfMI5zVEXrF1bYeISCQJNyjbzsTeBDHq58La1E1QmFrakN0lASAk -KvUyKdIE/Y/gYPx9y52NDWPhI01Fi24/vpD0SwNq1bZAiBP771hxcsVWZVYdkDa6 -F+qdhHPMsm99iAy8GwUrVouJUzjgY7qIxLLo3H+g2dgHdTCUiUX3Q5OQIibakE7E -ac1nuP0lf6k2hTEZFovenYJXBjTAnLHuaDDhGG6fkJCBoLZRpeaDb+9EztOQsJaS -0bTK41Gl7EvUdm6fyPywc06B6Ts4pCXVlwvgwtUU+OwX1fc2B0vsvhQ= ------END CERTIFICATE----- diff --git a/secrets/app_dic_1_client_certificate_private_key.pem b/secrets/app_dic_1_client_certificate_private_key.pem deleted file mode 100644 index e20a248..0000000 --- a/secrets/app_dic_1_client_certificate_private_key.pem +++ /dev/null @@ -1,55 +0,0 @@ ------BEGIN ENCRYPTED PRIVATE KEY----- -MIIJxTBvBgkqhkiG9w0BBQ0wYjBBBgkqhkiG9w0BBQwwNAQgydh8LSzaIBm4fEEl -HhcbKgGYRDJXE6hcFq3sX6juHCECAggAMAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUD -BAECBBB/TS/e4+NHe2kzsxmixmzoBIIJULXIG8QU1cjkbH9e/fviZLBUw7bsR7QY -0Q7dSsWL7r00Ch6Zm4nVn/VYuHN39K53wQvBJHCw16E32AAsBx25kZU7SJe4gmPa -OtqSCxFfJwQ8VFRkjeEwH0VMV5NDxPK7Njhl7NcyrfePOZvS96LQWyn8rLezFapF -M13D0ylB5os3gEV/mAbmrmC1km1Cd1mAFH1ccy/xtukP9GC30JDngmC1kQT+0oYm -yANjEQ2vYYHXuB8fw/y4nA6sjKMqr24PYRgTbuhQ/7LGjUaedaJ+oPFkrLkZdECP -Koo9WFoNkf+fSIexwUmqf46T0LmorJe5zXFavOthoc6CYWSmcPp/BDSMebGsMmUM -LOG/MRx/4GWncUmzOfUowTqniOMC42c5rTt8FpmMrNG1ojLSSUTQVU3B7jw0cim1 -6NlWcbhOT2Fh5mwC+go687OldNjsLijR4g75RM35GihB/Ikv1+IjT/YLLXsRBPSE -wO5bY+QDeuy2fUJSCctrcXa4wg6M2u32GtQZp+v/M8fDTMevexCWexfbEM+niMhJ -gHavzXO/o+6UKpeoYErU0QbnhW6Fgslq2cuaORimMKDhYnFC2cVLNj/ZF6Il5WCy -soIZVjE1pIfQvVSoop5xbPC5bnDQjuLErNXfzeozK8RaRiST2P055J1jYhhyXl2+ -duLGG5e5RNFoYDsj3oYfzT67cOms15CTQGedxTWpa48RibbrwxamKeLQpjo1sbSW -nd4OnegJ3lfWK//23w0VNuu2m1+uEbgz7ON+AllSRu4qTPaiHa6JOfdQz2hgs0Li -HrH9mVVXh5is0pz87V+OFPEbQfc9rNoPdmia5lYhA/sYgYpUBT4uMGF/MvP29evM -VJH6sEBHvlQ7FV4l7pj91pPfDo33Wl9F5NCZ8RO/2NBa/xVo4sK+BVEnRznUjRWl -GkjHwKHYe3zARn2ePiwopqZ3z0uU3OlW4/XwMxmTyxzz7Pl4Hb27Ob9TPqOTjEA8 -U60OjvaW6Brjc44kjfV9pq/3GYjaQUo16E2v4hOJjsUGKa1Xe62roElDnevz5wiw -3+uXmIwhKTi9v8mhjzVpPJHamapJa7sFnopVTmWmwoK9033nz+eAiukuAobuMCFp -qpcKI8lPMDkzS0J1wY4h8/LyBO1NIrgLRfW544FA/2zuw/FQeS51is//j1woOb62 -Suz0eyMITxenwBZNr5ubNhkbYs+pNvrIOK9jnhWv8+8VbSLWzWa8y6Ygwo3KwG6W -j8eVUhqDC/i2W9h5vfkP4mg5dAsIgsoNMUGyChV2Zpndk/A8oYgr7kHH7RPoex4J -DLDOFFTS1g5fwfc6IR6rS1UVPP6ocOLw3LXaZQMO6k7mwmnL0rZnJatG61+RUi0G -OlgS/TwLL1AqKmrKK3vMzax733BNKrNqntVFQIYI3oCAYcKvbK2UOPstpNJJur3r -4G4k4u26IsQwG0DkYt5a5ly6SZ1tf8UInBW7vKMPHLS1gofuPT1BE0KzeaReZEGi -6c3Gx1H8UvgbPQdyBCeU/yorNGSEbnSyfYKfIvmioTs6vApu4TZ2f4WbiJ7EUxTC -FcCMShQIgUXGNoKHyfe8kvqMTsDGL++wfP2bjjJFmAqVhEIMpmBXLuF7uJFZpJPr -0VAFzR7iJSIFgUNBP+jXrK7+4CJxv5ku0i5WJkyWiXhLnMShInvxmYQHZzsQat+B -mSQD4Ed+ZV3gwofyvoPw1zuL3aKFnLXBIzNW+IbthSMn7S+Ew9r7lK9i8sEwLW2g -xh/3Mi0R15Xa1GB+0/4MHN4c1PU/EKctTh6CGdIHzg2/6SQP213iT+jXxrHdgzXi -jDSkE6EYg+nSftWOy2+GSNzyw7tFIpGZ/KaQghi6Qjtf7HR5h7QimV1yWxwMkgbl -ITG//7LuIL4RMdARtQicxa47f4tg18zsQgZ2vLoXNkOHHZcAWdiye5D2UiW2EITk -c9/5eNyOr+7IlqBCKRgHnWfESni+nenqgq3tOw06tRY2cevptdGJB1eIvRj71wn+ -hWPqsT3s7gDgBrr3DVHZTO0b8KUkNAkw02P9/sjCswTnZzIN1NoXTXkYJTzZSPKZ -R7PBI9WBao00n8mlz0qg3ntKUA43B0w3t+25g++ZWH3Vp+0mA1XTxg8A+lXnW06l -qSKFtw0750Xe5NzZkMXq+1FryAZTDj2Vp6jfCctW5GCfrJqh3qD4olZv6s0L6a4Q -H6Uyhj/GogaLjn6QOBPGAzblq8eOwUeBoQ6qz7S0DYG0dZ/Cg847m+LbMTrnxGzG -dMsSENlOmxBU0oyD2TLlEmpOFZp8DOGGpsLldlIgHXc2/FscV+sQ3fXV6XAVohmC -F1gAD/mjpn/1M3Cu7c/7yKIbRtBZ/BsBPCAkBbWGB8/eg1qwD5cP4OY8LwxfeOj3 -3swYyERbjLmE1eUMkPUdiUVbVK6f4xozHHzH2xYCc+DzrzBiSmONfYs11vEUAC+O -2VCixCuWKhyTX5cjBbR7Hfc6ksbBi0po6KejCjWXQ85YZFHO0jRsMvHB565HcROZ -4GaBXV6r0GKejgNkw7k/TkbJf+ISjUczrIa/rJjZaCkohBBn51fLfLofjGKKEBbU -19fxyqtGgJ8iC+cNNFTwdRpGdBGfCSKIiQwWuiQSnw9iHO7Y+hieFK5dGSDit4tQ -dvTY3hCWTDswEBwf3S1TvjmYfnPBxsn73b7lOPmZS2yagEeZhsRFdB4JIJLxqkk1 -IHwerB6Qy9SBJ2znmMPtXwHy2ghVX7+qw+1iQTQQ+/bNQivAWLkGWoK30XFw7u/a -UgvtzEdUjdLUAs+4JTPHfem40KOI9sBywyP00J2fs7XW4P6FG2J7DrFBO/ec0Rqt -4qv9oT8D4g6qmpQ/25A/QNVLjFdXOHQcgrmshqSVIPGQ62f5YbzpJxm05SCPN+qj -qMVyTcwIKWeKQItFEyRqEljYLsu4e2Y2Y4D6oM/UNUawVSOfn+DXRRDnBUvZ8dfx -2L5uT3tFOYg1aHtNFWpkAWjDRgVfWkLYefZMAfmrhb4eS38Un2FbzGYlC5TIuvbD -onaULVa24D6eJ2QKi283o1t5nC/BqCfARGiPsqqqKB+r4yynLxXSfEE4GS23yKle -RAuhvkRW8voYY2TPdad00JW+h/6iAZsksof8WChFCmtBMY9MTh9PPgNkjctQdfaZ -pwnhqv4h7xPe ------END ENCRYPTED PRIVATE KEY----- diff --git a/secrets/app_zars_client_certificate.pem b/secrets/app_zars_client_certificate.pem deleted file mode 100644 index 4c56a9b..0000000 --- a/secrets/app_zars_client_certificate.pem +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFNDCCAxygAwIBAgIGAX0zqRG2MA0GCSqGSIb3DQEBDQUAMBwxCzAJBgNVBAYT -AkRFMQ0wCwYDVQQDDARUZXN0MB4XDTIxMTExODE1MjczN1oXDTIyMTExODE1Mjcz -N1owIzELMAkGA1UEBhMCREUxFDASBgNVBAMMC3phcnMtY2xpZW50MIICIjANBgkq -hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAm9yxScJierpxRy1EnXO5tN8qF2sCXd1O -OVUyJ7unm4UXF3JiKyDUXRG/4+F00+O+SFIYLLox1Mn3wbWqiFGRz/RTUiwU8pWg -bv/jAPRuuLri7rxLb9rCc/luh54pIdNzsT6aMd6FphUH8icibOnO+rZslCQ6WZDI -fkwpKeHG0RqMWuZ4ithB4FBMjX0EnDEnWatNYE2CFHvlQAZqzIN7Lq8Y09yV9C99 -tT+X8iD+iSdMyp5TDra2cyq1HIk9K6H24CJfNE4N1UQqt5V1HRaiIv387TcIKQX9 -icyGeREQwT9Du1Hy8W5plQwyDBju+A01fq0sb6wp7CwtG9DUNHpQCbUQECLAU2fg -uBhSiQJd6p1vkw0bB+HR8r5huYy6JGWxOeIIG9CPgAu9ykSW3LF79DGP0Lw8AUEu -NesSM73z95eIdyD0bApjtXA34k+dJXcYC1Ttufxmz+ywAwOqVNgM+GcI22KYDeW1 -AhrUrYB8zIwszkJhhy+4SbhyJM5+O1asziqv1fOTLbRTOu43oBW5j2l/d71kndC3 -mMGEpDlg4yBniM6zWm7rXRPI0ExJcu0IYNTiku9F7Scc/q60Rg5FnSEulXeyOSzV -S4ahfFiOr40aWK3Z663pV161VGy65uJ+MdgfrI0BuCfDUcUL1GhEi198vdqHtR2Z -O3yoLDsx9UcCAwEAAaN1MHMwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAw -HQYDVR0OBBYEFPw+ZvKNIGfNPLsLOI2g1a2FMuUHMB8GA1UdIwQYMBaAFOtztgHe -6pBPxjiHez+tLGuoHu8nMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB -DQUAA4ICAQAb4HJlYmpLli/FGKPO2I3rYCT1EYNRFqQTSH7yN7rJsvpKIcIey+yA -K55G8fDMTGVUkq1G2xS7vs0dmezs7WowiMKgWsaKqfpG3nvVsOYlCYx2pr5p6TdN -BQ8hR8MUhHFI1eofilU5speBs1UGbUO8lAHqR+WycPDCrP8x2TEVQiCOts8CcLKC -GL9SGBklKziU8pmaitlQivW2ia+0DvszN63R+IFAQjqlrpeOiW04u+uV1xOQBAF0 -pWufK7NMpP+swEzLwBpsx4B2TF29Zetu9BEAHYhuqF44ygPTuIqkqAEAlcaqSYy6 -YrvDePL6U3nLa8QS5oSlc/Big4ANX1/7ox3GZDFk+ta/wRlqgNTt/jwEsLcsNhEX -mV3DdACPyoms0f6BWJLOYiCSV+mdgMgujwzcx5fmeAYKp9BtPDfU0jnxhEbYY5JF -k1GZvcBm5EQsDyHrrEVb4n7l7Mq+N7lVq0n9Fak2bvqvkE3ruRNSv5muLPKw65Tl -IM2v/KEWNtrxBk0P8LEkvBJ6Jg8e2dVatZR1TijbKNhNPp7DKaA8PcPHvsa5SV9+ -ZfHhYLcXHztiOewjUICi+TVM5RiDRU4UgiayiZjxsP6ZRatm1VeeNMlglgupB3Wf -HE4WP0BEGWfK46kw+osjzNHsN+b/QVnNhi6kx8BuL2fzDy5QFAediw== ------END CERTIFICATE----- diff --git a/secrets/app_zars_client_certificate_private_key.pem b/secrets/app_zars_client_certificate_private_key.pem deleted file mode 100644 index 598cce9..0000000 --- a/secrets/app_zars_client_certificate_private_key.pem +++ /dev/null @@ -1,55 +0,0 @@ ------BEGIN ENCRYPTED PRIVATE KEY----- -MIIJxTBvBgkqhkiG9w0BBQ0wYjBBBgkqhkiG9w0BBQwwNAQgb5PDA2Jm1Zi0HiOn -YIB1TG5+B5l4wnG0OfpYdnvPllkCAggAMAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUD -BAECBBDRjVgRMrYOlq4ZwsWz9g0pBIIJUA8G+Gk/uFv+9JH59D2Z/DC92qEoWJ6u -UpwTmS3aM3+lM7AWFyzCxT9cjZ9iME/uy78Afw4jpaDPud++s3PPXmpWC2D3FWRH -2aGTrTYWdvT36z1MADGfaWbOJnVNTTFdWZfcE7mLqduXITIsaHsOeHsMfO5QupJu -1dECM/IQR6GaYwXroXSo+MFio2QVhDxdpuHErINmna1qyF+hIB/DsaTrKmwOkr/a -Sdt4gDBr1GNt/urQRx5lhURtiRanNm7dnXI9LsUyZvH1l72wid2Tm414t4O5F0lu -yvgn30JFnlO8qVzBolTIWvf5+J2Qj6JP2bQgyynjIHgH2Nfl0LNM1mj808DYFsRo -3LhgA3iVz14Scp7BMQUE03cQq691zSCYs0MOL9MMrDUW/w4glFSI1Ytcr9BA1c16 -6ygq5KxSdzBJlyMEGgPycaiCRrSfFE3YkcNJcfcrMX11uzhehtNF+6ctLrjoN74J -f6zZlg1JdYkizncMtqnqCYzc6O89rCeE/F1A7rMnnMWR/iNaj2q7V2YRjuc4bohO -PUhwl43LD+NwhweOWBiDkAXrb9PeBp7b1zKgcJWVZ5elTQGZbKmLY5IHiB6vpDkd -8LurwkW07432umD4K+DkAxKRtQMCtBD/b+wSABBPr4aoDNd8NPS/IWzbzoQyeRET -BLrc/fUOZ0kLA5Laj4BxBEb1IzY+97YTvynRByo+XmBP1dmQLUnfwHa01tYWIpMt -Dgdx0eK2MY/qUBtCqeHHkhMLfCxyRElvUMp+3a1KIfzxKCel2TtONrD358nVb0Ub -/RClOUHGnWBTkQYkKbugjRjlgQoV1NgMhgpQYEMSioE9e8vAoiCn24iybS1ODmRQ -A1T/EsnYzY2xien51xG5Lt2oJrDanAwx2aj/2TG1iJED+/+ElQgcp3sEaT3dXW8a -I58khp+3SM2UccgvzMtyl4JCZC3N9B/qvRR0DngQgg1GWDkfmQb2uB+XL1HDURn2 -b7SJ85uf48VrTXManrwl1zWO1z7s0+s12NeFqTywYa+WoMGLrPGgcpueA7iPVzwU -pdZUoNZMFcUABeWls3i/0Aq2iCVjyKJOuMfsjOedMnXed9Hs6HL2K4H6ZrVAzUGa -ANKON6xdizAuMvxMRBjyZGSXp3yYyKpTh3YKU+8EUq9kwUBZUVPzhWoCN7+RKqjH -T54ZXWJirx8a+r4kCEqGS4Is0f9lezIV5OhbppE4Tw+eAPCsiBaAYYwHtp5xfOTM -294Cuk90ok6pg1U9Tk5w4XchD6ZFVkU+Tb230l8i5IEjCVh0hN/O03sxwRRox1Ch -py5g8x6TTXm55smzzhdH2TemZMSxX47G6mqSK1vg8j2mDxS/xVge9FFH+Yl6ZYJO -rwv0FLQDUqiJvS6RkF4wh02WlS91nfBDNNO/HHmk/TksBfVtDbNBVQrmvA6WJVMu -+0u/YhAZuy0P9jNbgQCo6SWF0cnrOG0nkDSwys20mmg12J8b3vyxTLCYXQ54/1Kp -nqownfjfk7W6DECBui6ZKYMYnJHDnVxzPF+xiwUkw64u0WkuFIxDi6N/TgUxUVER -4I9b3lOSY8SdRX/m/kzfCh41T5jAfpNpOe6QQE/Yz6w17lrldnAT5MwnxsBpaLDh -hW5OvzpE6A0QwnDxWHM94oYPfQ9xsvhZQgTjM8bvqqkCGSTPhpEAcqG1QcAjiB2L -EKlnwl3j35Z/N8ZEzccjNuJSXn7JjNqihU1504YjEpFI4//lUn69VNwQh6bazupy -xyJ6/XROsluMR+1qnyHavBRwnqw1y8iSP/Ua8dH8m0bpB2Or7skvIsE3kgcnv2QA -mqUQ7EQr9uE0ka8C19MIdRR0D4wLSvEIX+PFDLM12toWJ2Vac70G6VRNyTv3m2an -sJ0LhDIYkZG2uvVimMvVQRvJc5y5m8xCgKYXtK5qO4LE3rvCrwJCzhJwWxQhzC9N -sY4aasfw3YEGpy7bFCLVbke5Lx2aLYhXNxsM+HuqXzTpjbVI4ztLkNfvPUo44e9f -ev4IBDrCvWNPJvhd5wtlIrOscPLlvVWDAYs51lNhirNF+gBlv+ax4s2CcZIGAnpR -Va66Z7Y68ENE2T3LcH+e5EUnVC5Slrl3TMFmocPg8BYuHvfiGSsErAWxhAc6sz5y -DvFWz0y5deJip1/hF21PMtnsJiZ9Oih9PNVZagCDPf2fXXW5YK3+ZMs7qEKkKaH2 -hdQCT7nE4Hsv+d01ZF59zee3bIp1mpBtpREXaFs/XV6iSLc1lCqyEHo9pAmDLSKJ -YrZJ2UWoia8/RWtfFdCErwzAhm7tJXJDeIuXtBjULNydJtdqTTAECjwfpZaGSfk3 -3/LJlqdbHyKIjjYhkvSLueB0OmgU9up3HsFFA/GXrkKNCqg++jbgV29Ls3F2yrmq -h+jt+irc3o+ED85vvaGetDGZzhUQ7HNUAeSTw2PLlIu5d/tr4367/m9pg6lB/T0i -DdaRP26USfJhvlbAwWdpYJfwuE8OnsBp2YCmhZFQe9/oIRd31dWAZ56JcZx0g9Im -LYryBt6G1L4dbOgRFPBVQ+qZVh0xnCbCtJKXKlA55vZq05aNHdftnJCdmMDhCOxW -fRvbhADL0NIJrcqc6fhVeJEJrzg3qlJoiKJv2PIGZNeU/pFG5ein9nrnkXjW8dct -cWd37o6f6qffeXS9MVMh3e70m5N+LwPVnjuw7yWCmy/8oBzLIfjSWI065Z829nmt -0E/kH3ZDqKvt0rlDJv6DdVa51XBxzIqGB++hlmODVu83MRK9pnp6oPZ/PIDbAoGb -mTuM0TVrCfVQw1rHrbxl2GP/BpXtu1ufFffu5te7jNFnbAatndDs8bojbDGBQ6of -S1zJ4pZQOGtTjRCVl43z84/FpyXz8Bqm3spUgcLdaAp6u107lzXXl8iFvxAsjcsr -MUEzSPq9PVwJ8JO/gA6+EIwbFb1IB2QjRn2LwH8Qp6ib5qn4P06Atgj/MXxDxYZl -p9JU1uqShmYeXbMjLOh8jF26v8FCf7zF0jN6FSoRcEQq0MbbnxONMpf5P9+++znc -OlOmzXtIIM++ZGO1PEmLYlExogOGvuvtM4zNLb7HybXb5bNELZqkbshdw933u6eh -ez8E0Y+tZO6P76POym0D0BSeCYJTPzhrkESiQD+URioG8J46WyRtPGeUm714mNvy -UtEZyWeXSxw3 ------END ENCRYPTED PRIVATE KEY----- diff --git a/zars/dsf-broker/certs/ca.pem b/secrets/ca.pem similarity index 98% rename from zars/dsf-broker/certs/ca.pem rename to secrets/ca.pem index a5f16f3..d817e45 100644 --- a/zars/dsf-broker/certs/ca.pem +++ b/secrets/ca.pem @@ -26,4 +26,4 @@ EEp36WoO9eGZ45fbJdCEnQb+Ic7hrA1Ll3C1+GsWhZ9DDCr2VhHvZ5T9khGcpG+D 3Muq869YPMq0vpuZRUmyq/6mUGpZ5E7m5d1sgFghIqywl3ZJK+qkTXu1qa6mC2gq 8Eodnd0zTtyTlr/zBZgeCypNVG9dmAIZYqNulubGkFQkK5WD6UXrWFHqT/Z8bQ5a V8XcC/3nBZa5g8OziVi03YkUpCunaYFJyyMg8UbZBW4q ------END CERTIFICATE----- +-----END CERTIFICATE----- \ No newline at end of file diff --git a/secrets/db_dic_1_bpe_user.password b/secrets/db_dic_1_bpe_user.password deleted file mode 100644 index a29523e..0000000 --- a/secrets/db_dic_1_bpe_user.password +++ /dev/null @@ -1 +0,0 @@ -UJ5kkCmZ7NiiPwP91F1vI05ffgolkw0G \ No newline at end of file diff --git a/secrets/db_dic_1_bpe_user_camunda.password b/secrets/db_dic_1_bpe_user_camunda.password deleted file mode 100644 index e50c302..0000000 --- a/secrets/db_dic_1_bpe_user_camunda.password +++ /dev/null @@ -1 +0,0 @@ -5wK1DhDiyrhPLNWwnX2zY8bMMjlZHNvt \ No newline at end of file diff --git a/secrets/db_fhir_dic_1_user.password b/secrets/db_fhir_dic_1_user.password deleted file mode 100644 index eb580f9..0000000 --- a/secrets/db_fhir_dic_1_user.password +++ /dev/null @@ -1 +0,0 @@ -jnZkystPHM52FG3ryr7YHSTsWC9wu7KW \ No newline at end of file diff --git a/secrets/db_fhir_dic_1_user_permanent_delete.password b/secrets/db_fhir_dic_1_user_permanent_delete.password deleted file mode 100644 index fa8124f..0000000 --- a/secrets/db_fhir_dic_1_user_permanent_delete.password +++ /dev/null @@ -1 +0,0 @@ -DrWZ4ja4vAWhcgEmrnp3iZWqZT5daVUc \ No newline at end of file diff --git a/secrets/db_fhir_zars_user.password b/secrets/db_fhir_zars_user.password deleted file mode 100644 index 0bc4d05..0000000 --- a/secrets/db_fhir_zars_user.password +++ /dev/null @@ -1 +0,0 @@ -jzrMLm6sKjkwCemEuwn98cjH2X3dV2LY \ No newline at end of file diff --git a/secrets/db_fhir_zars_user_permanent_delete.password b/secrets/db_fhir_zars_user_permanent_delete.password deleted file mode 100644 index 546dead..0000000 --- a/secrets/db_fhir_zars_user_permanent_delete.password +++ /dev/null @@ -1 +0,0 @@ -FIzpR7jGuVS2uBQowC9OYB2vEAWu3THN \ No newline at end of file diff --git a/secrets/db_liquibase.password b/secrets/db_liquibase.password deleted file mode 100644 index d8a0612..0000000 --- a/secrets/db_liquibase.password +++ /dev/null @@ -1 +0,0 @@ -Ar5PjcJCb3cyTR4DsAeSkP6QCCkWt7hAw4RYE5HLCJYbPpcRKHTvWFtteubFfnhS \ No newline at end of file diff --git a/secrets/db_zars_bpe_user.password b/secrets/db_zars_bpe_user.password deleted file mode 100644 index d37473f..0000000 --- a/secrets/db_zars_bpe_user.password +++ /dev/null @@ -1 +0,0 @@ -cADBwBUsCVlwuhFin5b5ZhVdO8qY7ApC \ No newline at end of file diff --git a/secrets/db_zars_bpe_user_camunda.password b/secrets/db_zars_bpe_user_camunda.password deleted file mode 100644 index bd79744..0000000 --- a/secrets/db_zars_bpe_user_camunda.password +++ /dev/null @@ -1 +0,0 @@ -57V695NgKq3k0euc48PwJuwlZWo2r5CW \ No newline at end of file diff --git a/secrets/proxy_certificate_and_int_cas.pem b/secrets/proxy_certificate_and_int_cas.pem deleted file mode 100644 index 23a74f0..0000000 --- a/secrets/proxy_certificate_and_int_cas.pem +++ /dev/null @@ -1,63 +0,0 @@ -subject= CN=localhost,C=DE ------BEGIN CERTIFICATE----- -MIIFczCCA1ugAwIBAgIGAX0zqQ5mMA0GCSqGSIb3DQEBDQUAMBwxCzAJBgNVBAYT -AkRFMQ0wCwYDVQQDDARUZXN0MB4XDTIxMTExODE1MjczN1oXDTIyMTExODE1Mjcz -N1owITELMAkGA1UEBhMCREUxEjAQBgNVBAMMCWxvY2FsaG9zdDCCAiIwDQYJKoZI -hvcNAQEBBQADggIPADCCAgoCggIBAJSNER3dRatpZGiOh2PKmt/qK+tJoIuQQdqz -10Y7G9e5sfIBmInUd3jrRc3olWPrdEC3lL/HtTXhB6QnxQo9+NRkFwoqy0+2whjZ -OzTG6i8GDDHXPci/ZlrxbUIJuLpkr26JrICC7wnOpUqKEh2/0crX3BsbEOY4s3dr -QInASpDIDeiBJFbO7+SWp5q+ExlnNJmB2+3E+D1aIH/eOdw1yN9qh0GhC0gqvIf2 -Q+d8WyyORX6et12OJ/zzDXtLTK4pj39RgGl7yVs1NvlxRH1mG5VSB0XTpRzSg1hJ -b9594qW8Dvq4u/5pODQ1JLAVzweT4Q1UXMnRN1LbxZzMVItW13ciz3a56QT+4mj7 -VNOuPWr6vKQa24AnLa+NKeFTEhk6N3N7vWGBqYermLwVww+mScRPAu5UwLpfbt3g -a7EjplNtCKoLCJVOglyyqKFHKwsrqAw/+4oXpflYcjNM8RK79d7NnrSCYqCssbRt -NmXuQwLfMyVCcaykRl0EqoNCezhv4WiUz2umBModCrlGudcQiuAKRnjScfLoCGTI -dai+i6SBgMPaS8yK5RvSecUFkmgz4qnK0vml3f+nWaOZeguvG/nutM+6OhOlgRPc -6qp5eJeP+pAq0DsMk69NfhcbwR/Nkk0Dt6ESXL0rATxes49wxk2/wjN+7mMsvpRV -HH8FuKvzAgMBAAGjgbUwgbIwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBPAw -HQYDVR0OBBYEFA0LOQAaS8/YUThEnHKYBzcKg41lMD0GA1UdEQQ2MDSCCWxvY2Fs -aG9zdIISZHNmLWRpYy1maGlyLXByb3h5ghNkc2YtemFycy1maGlyLXByb3h5MB8G -A1UdIwQYMBaAFOtztgHe6pBPxjiHez+tLGuoHu8nMBMGA1UdJQQMMAoGCCsGAQUF -BwMBMA0GCSqGSIb3DQEBDQUAA4ICAQB2zLWht3FwUHH0/9C4b61wm/pNOAVNFAef -Noc69TMUa+gSn0jkyZE4XgSoMTlndKz7FmkEXy8hiqtALzekREJ7eKTRLXG995Aj -loBw/9OqJakuit6+jfB4h5dYXbAq1zZoCnWSgyClJrsgKZp5KtQXGGQJ5qNAiaFb -dh1c/p7YxcFc5HdjrkHxmzAC8I5PokWcSx9ItQ+dowAD5Qxa02YgmJZ/Q7U7hmws -ys41f7Dy9lKcSEz5r/UVl7KARA8E71ePsMaQqWxF3hyT8WroyEV44dzsvlSZ0faH -zoE9GzEUECkPnQLbUK6ZCpRRTp9LCyItmt57WV5pfafQMaCB9+h5NNX0EgLIHzdA -Stu03CticA96uHId/rTfMOoaCuAdLeJ9P4+jBERbkx/RFSVe6/jbFtcbtYdd1cBr -xo1L0RlhUCSy4JsKdo1iqszK/22mGpxDEq5O9H14h2qfTrFR7+FUKJoDB7Peki4i -Va2xloLQIgKx9eDMDi89hQ5O3Sl/hfkdGfRwahuATct4u6ack5l+QAKfIwODmqa1 -Qwib6W2VWam03EoiSEa06vEPBMUq8tOA7pDkutxKsFpda0+Ur0uuvck/1fDdQk6a -X6td5etVd3VVdRMGqppGgFhrEDEO3oSvpMBPvtRHgC31Jbj4oSiMSxQYyVI5w4Aj -q1oWuMEWkw== ------END CERTIFICATE----- -subject= CN=Test,C=DE ------BEGIN CERTIFICATE----- -MIIE/TCCAuWgAwIBAgIGAX0zqQXAMA0GCSqGSIb3DQEBDQUAMBwxCzAJBgNVBAYT -AkRFMQ0wCwYDVQQDDARUZXN0MB4XDTIxMTExODE1MjczNFoXDTMxMTExODE1Mjcz -NFowHDELMAkGA1UEBhMCREUxDTALBgNVBAMMBFRlc3QwggIiMA0GCSqGSIb3DQEB -AQUAA4ICDwAwggIKAoICAQCEcTJ8fEGvYVH05Us0COJWx+Frde4m83+uM4knLZOT -BeCcsLck8ImYOsmGnuCeE2s/NXYup0amBCnTm8N+02qlBGsTBVtbA9Q4KagvvMt+ -RzBA+XiNKzddj5+86e88Pb6vZpIHzAZTczJx9suX1sVwdhUnItJ9H4vW2NboD6GS -HUI8jkqxo2/GgsJ8EDZ2gHqueDNUfSh0hLM9OOCFPMz4frZ2X0THxq4RExWiLxap -wibzTQSUlJoawicaqNnDVNkTXxAWIVp8ZQLt2ftQI1ejsSvHp3o25Yq/g0QHWUzl -dtdNRCCWZiCn6pDZEnjEFitMgI16lEGQk9/+7EFANmu26Zzcz9mesAPlrW3f3cBP -a5OWzKATjjS+6FmBO/rclSbRwpzYYf3ZNprWHH1CXFD75My4+bpdJMgIJHMw4UKe -EOAQ8gPnQymnhDHWf6CnFF4GF5iTOmhPcgY/KNFHQKetK3Ahr3+hNEvWc6gF5keu -lyX/LKqbU1UBS6nCbkC07QRs6nUu9EWvA6MkG2fsX4IzxI5zzzm8in6lDpbZKJpG -GN4gyloSn5W07jpxCLQOx511rgDE/giqOclcClquwC1kMVw6OOVkVAsoO617SlPv -g7BEW9kQOpw+b2N+rm2PzaGzGaIpEzaHsGlGpBEY0OxJUQLfMjC9zwI3Mrjp6T1O -lwIDAQABo0UwQzAdBgNVHQ4EFgQU63O2Ad7qkE/GOId7P60sa6ge7ycwEgYDVR0T -AQH/BAgwBgEB/wIBATAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQENBQADggIB -ACYMVsFoJcr/by6J/D7sDZjeJF++LMc6wERy2cwOpl+pOfzbkzOqbysGZq37Z136 -bxtufzJiSRvNbyxtCfbJkMA2/RcAdXrCPyUziMgMqj1eVdJ3proVzRGRs5DNLGNB -rmvGLWxqbdWAX86AoLmYbwddM9dpF5ZVliv7vh37I6Y4To3G5SHgmRm6wk0FgA3w -27+Kj/BKpn83wZHOBA6Dld6TDDjMxl7aQUd3kcTsWp/V1sBC0m+YZJW9U7SqsMAx -3hJOuF7uMEuTTtQkWs6yzGchTi/SFJolC8vvq7SgMSCH5Qt3ySZixtp01O53O7oG -7Iywdj2kN8qwI4+yLGm+dqzkChgPqjR3DIyOFQZvYlSRgglaKU2jSipoQneg/3Wu -JE1AjciSR8lblSLFJildLejVEWJ3chrPeeKwFu0lGBQRCgcIqlnexz7mSEriKZSw -EEp36WoO9eGZ45fbJdCEnQb+Ic7hrA1Ll3C1+GsWhZ9DDCr2VhHvZ5T9khGcpG+D -3Muq869YPMq0vpuZRUmyq/6mUGpZ5E7m5d1sgFghIqywl3ZJK+qkTXu1qa6mC2gq -8Eodnd0zTtyTlr/zBZgeCypNVG9dmAIZYqNulubGkFQkK5WD6UXrWFHqT/Z8bQ5a -V8XcC/3nBZa5g8OziVi03YkUpCunaYFJyyMg8UbZBW4q ------END CERTIFICATE----- diff --git a/secrets/proxy_certificate_private_key.pem b/secrets/proxy_certificate_private_key.pem deleted file mode 100644 index 774f1e0..0000000 --- a/secrets/proxy_certificate_private_key.pem +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQCUjREd3UWraWRo -jodjyprf6ivrSaCLkEHas9dGOxvXubHyAZiJ1Hd460XN6JVj63RAt5S/x7U14Qek -J8UKPfjUZBcKKstPtsIY2Ts0xuovBgwx1z3Iv2Za8W1CCbi6ZK9uiayAgu8JzqVK -ihIdv9HK19wbGxDmOLN3a0CJwEqQyA3ogSRWzu/klqeavhMZZzSZgdvtxPg9WiB/ -3jncNcjfaodBoQtIKryH9kPnfFssjkV+nrddjif88w17S0yuKY9/UYBpe8lbNTb5 -cUR9ZhuVUgdF06Uc0oNYSW/efeKlvA76uLv+aTg0NSSwFc8Hk+ENVFzJ0TdS28Wc -zFSLVtd3Is92uekE/uJo+1TTrj1q+rykGtuAJy2vjSnhUxIZOjdze71hgamHq5i8 -FcMPpknETwLuVMC6X27d4GuxI6ZTbQiqCwiVToJcsqihRysLK6gMP/uKF6X5WHIz -TPESu/XezZ60gmKgrLG0bTZl7kMC3zMlQnGspEZdBKqDQns4b+FolM9rpgTKHQq5 -RrnXEIrgCkZ40nHy6AhkyHWovoukgYDD2kvMiuUb0nnFBZJoM+KpytL5pd3/p1mj -mXoLrxv57rTPujoTpYET3OqqeXiXj/qQKtA7DJOvTX4XG8EfzZJNA7ehEly9KwE8 -XrOPcMZNv8Izfu5jLL6UVRx/Bbir8wIDAQABAoICAHcT1WKxGsXax8ggaFsP77IK -DoafEHiPfJqJiskbXKhCjGfH67SggdyGDACQrh/Yf+nYvv40Ygf8iJmH36TkJHBs -gyN9Rlhx0YkFqTYXNWXYXTIercIb2zqPSNuk21VenFnpNkQVsPOVmF3166u5Nbx5 -6FA6FAPX89SIPsWtRJhmJO/5hV2oqBf+w/+A2eKFHl7m/5rLR4o2ktKtGohw/MJK -rH1pUJfa2iHKwIfw4U0IBqEHLUlrSJa1Zlss8xyw5/xRIrRrq+7W62hs6U/z56x8 -gqPwkexWuz6sL2aUVngwFXnZV6kKQylmaDBWawxR+BctRuvoL4bV8MRN7n97b18w -19zwVR1g3WC3HQoRhEUJ2iLjGQfQoFNOT8wQOVTEzbdS2PDRKiZ2r6NPiywOP/KD -X/Y6YGpkNWZhbxBuypQj6NBvdhQF9CDue6dJLej4nJ1EH8TEDuXyi1dv9s8cPtkA -CZPj+XMpR8NXdhzstuj5xaq2cpWdMc2LWY5/77CzZXy8T+L62rbcLl1v0JUGqXMs -nL8rsNVqiMhpioXzsZfbHYm/VUfwkVHgmRMB11IcjF65yst/Sc7T+89pqSLPQZYw -9o9y4mlRd0EUt7143aGKi75hiex39jmBNh9nk+kBnfuf2lJStVp92WGTJxdRpcLR -hLTQewypN29B/hXbKbOBAoIBAQDUdADFIbfcPyJr/xsopEMFYPo8h0E7KZqWy6jC -qUhylxJnc/VL3l8m7qllQ3Hh/61YWicSqMzGAybxm0ke/13pgTsH/dV/nKIh6sir -3anu2x+JWas5+C4AohY89dqr7P8MzngNKiseFwsemVVNjOVxykY5u0lRKNUzkzje -Mk4sU1K6JO4aQRLEts71lpvljto96/jzkf8iyZuARiL9Igp+nqCOnkD2iSWQRgfg -9LEQfNmYxHfIKXOeVyUkiw326+9E1/zyjBKHDJVY1eOYgZyFvabjpDoWDxpWMAFk -aJHVHnpKw1P18nbl9dD/EwFU8BuayJwkVAQWLw+FOxwagLehAoIBAQCy//I8scsL -fLjjfkwzi2HW+U14P8jKoA7tLBDbx1t5tstn9xvpaK+Qv70QgTJ0ooCYPy5/I8QO -+pbORlCeWj5BjaFl0N6u/2zCcZWRslGzISkYsTTgNulnEappvc3EUVH7h9o6vNMl -HjD3ZgvoGiZt7syiBYQaDhHVwQTlHgADBn9WO71SFDrYKTg55KXDrH7al8ipb+Vy -ZJitP3C2c00XgkzyMbmXadGVpLAeKZ7VC/VCUME5jjwR2KgzptaxvltAR55oRq9w -ENuDWKDJxgOvE6HSxenlArVYYK/kBnXo5xL4KGcgw3H3GJ5QSxlqWwNWa0mJF6lN -mx/CAVWycysTAoIBADH1UVUJ18Vn5z1EEOverI/wPQfMum8iGmMJYxbbXdjsY3yG -TRFZKkDqcFUKphYB3I5hLLz7iqOpjBfWbzxlynylUe9QJktK1ulo32Viy5oKVwEi -X9xS2uZ1NwuAuLojEdq+Fobp+pepzYiVf/SrhCzc5uSegOAf3PqyzPWbGLzdnx98 -naz4zmQJpOMlVmWF0RYsji8gjsFsbS+dzo592b/qp1DCL/6JQ5cIkMO6ZoS9ByIg -WRZtgO2kCmzscg01b99ddvLGM3kkYV4xdcKf/+GHNl5jePFE/el0gm9NE7Xs487+ -3ZiBOqpawpmoq3CAwc0FDYqRYyCgUmL/Al3NFOECggEAH9PcuagPZ3J82Y6KdBvT -gMsBWGFXDZhaLxfHw5x2CnVTQ6AvqVgA56cAMiAW3aBLZ0bMuLSeVt990x2zlgSL -z1IkoZr7DXjDWOujYa2oU0aRLR/NPBTneXktqPGj1cVz41qrlggfLxloMYVGlrWX -obJ1VlXOwGdCCpTwjuC/tcoA+E9VAXQxZmAl7D1YsCtKvwmAF4ia7rUuZJfELdzg -l06G6gWnb2HUb1xCKIrUACPJL0p2oQpGahHxDoYa5K3pQcu6QeZXqYCF15v5swbv -fsDp5DVmul656gX/IHd5nbkAqXldpPi7mekZtUM1OLEILeSTxbmcU/1CL1fXagyK -WwKCAQAlrcUNOEJvrkdAndo1bKab/LYOech2pcE3aWJiimKbNl6zn/rWFaqZl4Mk -O1mi2uyHT9T6lq32IQzhGDjpB625KZtC7VUDlog0OsShm9leDDZsG2r9/tYmeFxA -2cN+radw4q6q4VWhx5IySh9yvI0JzxIW4VQ20jK120RHrmG/baKNjLu8O1bs9HaE -D5kHZpz+O5HUfkiMeCFXSCOCGbLlxG/3BbtemvnIoIOZ4v63GJpU+JmJ1B6O96rz -vjdUN+SqYj8iv+wOZn2dYAIWOb4F0/AF0qk95+lMWcKTj23S6yuPo0KPn31+kxd5 -6QsTyf8pc1IcoQ/4vzNBzsPvs7jV ------END PRIVATE KEY----- diff --git a/secrets/proxy_trusted_client_cas.pem b/secrets/proxy_trusted_client_cas.pem deleted file mode 100644 index a5f16f3..0000000 --- a/secrets/proxy_trusted_client_cas.pem +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE/TCCAuWgAwIBAgIGAX0zqQXAMA0GCSqGSIb3DQEBDQUAMBwxCzAJBgNVBAYT -AkRFMQ0wCwYDVQQDDARUZXN0MB4XDTIxMTExODE1MjczNFoXDTMxMTExODE1Mjcz -NFowHDELMAkGA1UEBhMCREUxDTALBgNVBAMMBFRlc3QwggIiMA0GCSqGSIb3DQEB -AQUAA4ICDwAwggIKAoICAQCEcTJ8fEGvYVH05Us0COJWx+Frde4m83+uM4knLZOT -BeCcsLck8ImYOsmGnuCeE2s/NXYup0amBCnTm8N+02qlBGsTBVtbA9Q4KagvvMt+ -RzBA+XiNKzddj5+86e88Pb6vZpIHzAZTczJx9suX1sVwdhUnItJ9H4vW2NboD6GS -HUI8jkqxo2/GgsJ8EDZ2gHqueDNUfSh0hLM9OOCFPMz4frZ2X0THxq4RExWiLxap -wibzTQSUlJoawicaqNnDVNkTXxAWIVp8ZQLt2ftQI1ejsSvHp3o25Yq/g0QHWUzl -dtdNRCCWZiCn6pDZEnjEFitMgI16lEGQk9/+7EFANmu26Zzcz9mesAPlrW3f3cBP -a5OWzKATjjS+6FmBO/rclSbRwpzYYf3ZNprWHH1CXFD75My4+bpdJMgIJHMw4UKe -EOAQ8gPnQymnhDHWf6CnFF4GF5iTOmhPcgY/KNFHQKetK3Ahr3+hNEvWc6gF5keu -lyX/LKqbU1UBS6nCbkC07QRs6nUu9EWvA6MkG2fsX4IzxI5zzzm8in6lDpbZKJpG -GN4gyloSn5W07jpxCLQOx511rgDE/giqOclcClquwC1kMVw6OOVkVAsoO617SlPv -g7BEW9kQOpw+b2N+rm2PzaGzGaIpEzaHsGlGpBEY0OxJUQLfMjC9zwI3Mrjp6T1O -lwIDAQABo0UwQzAdBgNVHQ4EFgQU63O2Ad7qkE/GOId7P60sa6ge7ycwEgYDVR0T -AQH/BAgwBgEB/wIBATAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQENBQADggIB -ACYMVsFoJcr/by6J/D7sDZjeJF++LMc6wERy2cwOpl+pOfzbkzOqbysGZq37Z136 -bxtufzJiSRvNbyxtCfbJkMA2/RcAdXrCPyUziMgMqj1eVdJ3proVzRGRs5DNLGNB -rmvGLWxqbdWAX86AoLmYbwddM9dpF5ZVliv7vh37I6Y4To3G5SHgmRm6wk0FgA3w -27+Kj/BKpn83wZHOBA6Dld6TDDjMxl7aQUd3kcTsWp/V1sBC0m+YZJW9U7SqsMAx -3hJOuF7uMEuTTtQkWs6yzGchTi/SFJolC8vvq7SgMSCH5Qt3ySZixtp01O53O7oG -7Iywdj2kN8qwI4+yLGm+dqzkChgPqjR3DIyOFQZvYlSRgglaKU2jSipoQneg/3Wu -JE1AjciSR8lblSLFJildLejVEWJ3chrPeeKwFu0lGBQRCgcIqlnexz7mSEriKZSw -EEp36WoO9eGZ45fbJdCEnQb+Ic7hrA1Ll3C1+GsWhZ9DDCr2VhHvZ5T9khGcpG+D -3Muq869YPMq0vpuZRUmyq/6mUGpZ5E7m5d1sgFghIqywl3ZJK+qkTXu1qa6mC2gq -8Eodnd0zTtyTlr/zBZgeCypNVG9dmAIZYqNulubGkFQkK5WD6UXrWFHqT/Z8bQ5a -V8XcC/3nBZa5g8OziVi03YkUpCunaYFJyyMg8UbZBW4q ------END CERTIFICATE----- diff --git a/zars/dsf-broker/certs/test-user.p12 b/secrets/test-user.p12 similarity index 100% rename from zars/dsf-broker/certs/test-user.p12 rename to secrets/test-user.p12 diff --git a/setup-all-base-auth.sh b/setup-all-base-auth.sh deleted file mode 100755 index 1b4b6aa..0000000 --- a/setup-all-base-auth.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/usr/bin/env sh - -BASE_DIR=$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P ) - -if [ -z "$1" ] && [ -z "$2" ]; then - echo "please provide a username and password" - echo "setup-all-base-auth.sh " - exit -fi - -cd num-node -sh $BASE_DIR/num-node/setup-base-auth.sh $1 $2 -sh $BASE_DIR/zars/setup-base-auth.sh diff --git a/start-zars-and-num-node.sh b/start-zars-and-num-node.sh deleted file mode 100755 index 2ceb7fa..0000000 --- a/start-zars-and-num-node.sh +++ /dev/null @@ -1,138 +0,0 @@ -#!/usr/bin/env sh - -# Globals -COMPOSE_PROJECT=codex-deploy - -BASE_DIR="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# Globals -COMPOSE_PROJECT=codex-deploy - -# Option Defaults -MIDDLEWARE_TYPE=AKTIN -FHIR_SERVER_TYPE=BLAZE -QUERY_FORMAT=STRUCTURED -OBFUSCATE=true - - -usage() { - cat </dev/null 2>&1 ; pwd -P )" - -printf "Stopping ZARS components ..." -docker-compose -p $COMPOSE_PROJECT -f $BASE_DIR/zars/keycloak/docker-compose.yml stop -docker-compose -p $COMPOSE_PROJECT -f $BASE_DIR/zars/flare/docker-compose.yml stop -docker-compose -p $COMPOSE_PROJECT -f $BASE_DIR/zars/backend/docker-compose.yml stop -docker-compose -p $COMPOSE_PROJECT -f $BASE_DIR/zars/gui/docker-compose.yml stop -docker-compose -p $COMPOSE_PROJECT -f $BASE_DIR/zars/aktin-broker/docker-compose.yml stop -sh $BASE_DIR/zars/dsf-broker/stop.sh $COMPOSE_PROJECT - - -printf "Stopping Num-Node components" -docker-compose -p $COMPOSE_PROJECT -f $BASE_DIR/num-node/aktin-client/docker-compose.yml stop -bash $BASE_DIR/num-node/dsf-client/stop.sh $COMPOSE_PROJECT -docker-compose -p $COMPOSE_PROJECT -f $BASE_DIR/num-node/flare/docker-compose.yml stop -docker-compose -p $COMPOSE_PROJECT -f $BASE_DIR/num-node/fhir-server/blaze-server/docker-compose.yml stop -docker-compose -p $COMPOSE_PROJECT -f $BASE_DIR/num-node/fhir-server/hapi-fhir-server/docker-compose.yml stop -docker-compose -p $COMPOSE_PROJECT -f $BASE_DIR/num-node/rev-proxy/docker-compose.yml stop diff --git a/test/README.md b/test/README.md deleted file mode 100644 index 2e12b10..0000000 --- a/test/README.md +++ /dev/null @@ -1,58 +0,0 @@ -# Running Test Queries -For running test queries against a running test deployment of the codex project the script `test/run_tests.sh` can be used for automatic test execution. In order to have predictable results the components NUM node and ZARS need to be started and ready, the NUM node needs to be initialized with test patient data and test cases needs to be cloned to a local directory containing specific search queries which all should result in the total number of patients of 1. These queries are sent to the ZARS and the response is checked to contain a result of 1. - -## Prerequisites -The following software needs to be installed to run the automatic test script: - -* bash -* curl -* jq - -For the [complete setup and test script execution](#complete-setup-and-test-script-execution) additional software is needed: - -* docker -* docker-compose -* git -* python - -## Set Environment -The following environment variables need to be set to run the automatic test script: - -* `TEST_DATA_PATH`, path to the folder containing the cloned test cases project -* `QUERY_ENDPOINT_URL`, url of the query endpoint for sending search queries -* `AUTH_TOKEN_REQUEST_URL`, url of the access token provider endpoint -* `AUTH_USERNAME`, username of the user permitted to send queries -* `AUTH_PASSWORD`, password of the user permitted to send queries - -## Complete Setup and Test Script Execution -You can use the following shell script to setup both the NUM node and the ZARS component with all test patient data as well as running the automatic test script. This assumes that all of the software listed in section [Prerequisites](#prerequisites) is installed and a write and read accessible directory `/tmp` exists: - -``` -export TEST_DATA_PATH=/tmp/codex-testdata -export QUERY_ENDPOINT_URL="http://localhost:8091/api/v1/query-handler/run-query" -export AUTH_TOKEN_REQUEST_URL="https://localhost:8443/auth/realms/codex-develop/protocol/openid-connect/token" -export AUTH_USERNAME=codex-developer -export AUTH_PASSWORD=codex -git clone --single-branch --branch main https://github.com/num-codex/codex-deploy.git /tmp/codex-deploy -git clone --single-branch --branch v0.2.0 https://github.com/num-codex/codex-testdata-to-sq.git $TEST_DATA_PATH -/tmp/codex-deploy/setup-all-base-auth.sh codex-developer $AUTH_PASSWORD -/tmp/codex-deploy/start-zars-and-num-node.sh --disable-result-obfuscation -(cd $TEST_DATA_PATH; python main.py) -until docker exec -it fhir-server curl -s --fail 'http://localhost:8080/health'; do - sleep 1; -done -/tmp/codex-deploy/num-node/init-testdata.sh -/tmp/codex-deploy/test/run_tests.sh -``` - -The script starts the components with their default services. You can change the services to be used by editing the line - -``` -/tmp/codex-deploy/start-zars-and-num-node.sh --disable-result-obfuscation -``` - -and add the desired arguments. To find out about the available arguments and their values run the main startup script in the root directory of this git repository with the help flag (`-h`): - -``` -./start-zars-and-num-node.sh -h -``` diff --git a/test/run_tests.sh b/test/run_tests.sh deleted file mode 100755 index 61ae4d4..0000000 --- a/test/run_tests.sh +++ /dev/null @@ -1,158 +0,0 @@ -#!/bin/bash -set -o pipefail - -RED=$(tput setaf 1) -YELLOW=$(tput setaf 3) -GREEN=$(tput setaf 2) -BOLD=$(tput bold) -UNDERLINE=$(tput smul) -RESET=$(tput sgr 0) - -check_ignored() { - for ignored in $ignored_files; do - if [ "$1" == "$ignored" ]; then - return 0 - fi - done - return 1 -} - -print_info() { - echo -n " ${UNDERLINE}$1${RESET}: " - echo "$2" -} - -print_success() { - echo "$GREEN SUCCESS$RESET" - while ! { [[ -z "$1" ]] || [[ -z "$2" ]]; }; do - print_info "$1" "$2" - shift 2 - done -} - -print_fail() { - echo "$RED FAILURE $RESET" - while ! { [[ -z "$1" ]] || [[ -z "$2" ]]; }; do - print_info "$1" "$2" - shift 2 - done - case_fail=$((case_fail+1)) -} - -for e in "AUTH_TOKEN_REQUEST_URL" "AUTH_USERNAME" "AUTH_PASSWORD" "QUERY_ENDPOINT_URL" "TEST_DATA_PATH"; do - missing=false - if [ -z "${!e}" ]; then - echo "${RED}Required environment variable '$e' missing!${RESET}" - missing=true - fi -done - -if $missing; then - exit 1 -fi - -files=$(ls $TEST_DATA_PATH/testCases/*.json) -ignored_files=$(cat $TEST_DATA_PATH/testCaseIgnoreList.txt) -case_total=$(ls $files | wc -l) -case_execute=0 -case_fail=0 -case_ignore=0 -pad=${#case_total} -delay=${TEST_RETRY_DELAY:-2} -i=0 - -for f in $files; do - filename="$(basename "$f")" - title="$(echo "$filename" | sed -r 's/\.json//')" - if check_ignored $filename; then - continue - fi - case_execute=$((case_execute+1)) -done - -for f in $files; do - filename="$(basename "$f")" - title="$(echo "$filename" | sed -r 's/\.json//')" - - if check_ignored $filename; then - case_ignore=$((case_ignore+1)) - continue - fi - - i=$((i+1)) - - echo "" - printf "${BOLD}[%${pad}s/%d] Running Test Case:$RESET %s\n" "$i" "$case_execute" "$title" - echo -n " Sending Query " - auth_token="$(curl -ksS --location --request POST "$AUTH_TOKEN_REQUEST_URL" \ - --header 'Content-Type: application/x-www-form-urlencoded' \ - --data-urlencode 'grant_type=password' \ - --data-urlencode "username=$AUTH_USERNAME" \ - --data-urlencode "password=$AUTH_PASSWORD" \ - --data-urlencode 'client_id=feasibility-gui' 2>&1)" - if ! jq -ne --argjson auth "$auth_token" '$auth | .access_token != null' 1> /dev/null 2>&1; then - print_fail "Error" "${RED}Response to access token request does not conform to expected format${RESET}" "Response" "$auth_token" - continue - fi - auth_token="$(jq -rn --argjson auth "$auth_token" '$auth | .access_token')" - query="$(jq -r "." $f)" - result_location="$(curl -ksS --location --request POST\ - --header 'Content-Type: application/json' \ - --header 'Accept: application/json' \ - --header "Authorization: Bearer $auth_token" \ - --data "@$f" \ - "$QUERY_ENDPOINT_URL")" - if ! jq -ne --argjson result "$result_location" '$result | .location != null' 1> /dev/null 2>&1; then - print_fail "Error" "${RED}Query response does not conform to expected format${RESET}" "Query" "$(jq '.' $t)" "Response" "$result_location" - continue - fi - result_location="$(jq -rn --argjson result "$result_location" '$result | .location')" - print_success - - echo -n " Retrieving Result " - retries=${TEST_RETRY_COUNT:-5} - failed=true - while [ $retries -gt 0 ]; do - result="$(curl -ksS --location \ - --header "Authorization: Bearer $auth_token" \ - --header 'Accept: application/json' \ - "$result_location")" - if ! jq -ne --argjson result "$result" '$result | .resultLines != null' 1> /dev/null 2>&1; then - print_fail "Error" "${RED}Result response does not conform to expected format${RESET}" "Response" "$result" - continue - fi - if jq -ne --argjson result "$result" '$result | .resultLines | length > 0' 1> /dev/null 2>&1; then - failed=false - break - fi - sleep $delay - retries=$((retries-1)) - done - - if $failed; then - print_fail "Error" "${RED}Result response contains empty resultLines${RESET}" "Result Location" "$result_location" "Response" "$result" - continue - fi - - if ! jq -ne --argjson result "$result" '$result | .totalNumberOfPatients == 1' 1> /dev/null 2>&1; then - print_fail "Expected Result" "1" "Actual Result" "$(jq -n --argjson result "$result" '$result | .totalNumberOfPatients')" - continue - else - print_success - fi -done - -echo "" -echo "${BOLD}Test Summary:${RESET}" -echo " ${UNDERLINE}Total${RESET}: $case_total" -printf " ${UNDERLINE}Ignored${RESET}: ${YELLOW}%${pad}s${RESET}\n" "$case_ignore" -printf " ${UNDERLINE}Executed${RESET}: %${pad}s\n" "$case_execute" -printf " ${UNDERLINE}Succeeded${RESET}: ${GREEN}%${pad}s${RESET}\n" "$((case_execute-case_fail))" -echo -n " ${UNDERLINE}Failed${RESET}: " -if [ $case_fail -gt 0 ]; then - printf "${RED}%${pad}s${RESET}\n" "$case_fail" - exit 1 -else - printf "${GREEN}%${pad}s${RESET}\n" "0" - exit 0 -fi diff --git a/zars/README.md b/zars/README.md deleted file mode 100644 index 28a67ad..0000000 --- a/zars/README.md +++ /dev/null @@ -1,41 +0,0 @@ -# Codex Feasibility Platform - -The codex feasibility platform provides a feasibility query user interface with an appropriate backend, query translation to CQL and FHIR Search as well as -two Middlewares for the transfer of the queries from the feasibility platform to the so called num-nodes located inside hospitals. - -The feasibility platform can be run standalone inside a data integration center for local queries or, if connected via the middlewares provided as part of this project, -connected to decentral num-nodes inside data integration centers. - -The feasibility gui allows a researcher to define feasibility queries, by combining inclusion and exlcusion search criterions using boolean logic (see example Figure 1 below). - -
- -
Figure 1 - Example feasibility query
-
- - -An overview of the platform is depicted in Figure 2 below and shows the architecture of the complete system neccessary for distributed dezentralized feasibility queries accross multiple independent institutions. - -
- -
Figure 2 - Overview Codex AP2 - Feasibility Queries
-
- - -the System includes one central platform (ZARS) and multiple Num-Nodes the central platform connects to. -The central part is responsible for providing the user interface and translating the user input into and generating three types of queries (Structured Query, CQL, FHIR Search) to be send to the Num-Nodes. - -The query translation is described in more detail here: -[Query Translation](../Feasibility-Query.md) - -The other components, which are part of the central platform are: -- [Feasibility GUI](https://github.com/num-codex/codex-feasibility-gui) -- [Feasibility Backend](https://github.com/num-codex/codex-feasibility-backend) -- [Flare Query Translation](https://github.com/num-codex/codex-flare) -- [CQL Query Translation](https://github.com/num-codex/codex-sq2cql) -- [Keycloak](https://github.com/num-codex/codex-keycloak) (This keycloak is for development purposes only, for deployment a new keycloak should be configured) -- [Aktin Broker - Middleware - Option 1](https://github.com/aktin/broker) -- [DSF Broker - Middleware - Option 2](https://github.com/num-codex/codex-processes-ap2) - -For further details on each component please refer to the respective repositories. - diff --git a/zars/auth/.gitkeep b/zars/auth/.gitkeep deleted file mode 100644 index e69de29..0000000 diff --git a/zars/backend/docker-compose.yml b/zars/backend/docker-compose.yml deleted file mode 100644 index 8cddce9..0000000 --- a/zars/backend/docker-compose.yml +++ /dev/null @@ -1,47 +0,0 @@ -version: '3.7' -services: - zars-feasibility-gui-backend: - image: ghcr.io/num-codex/codex-feasibility-backend:1.0.4-RC8 - ports: - - ${CODEX_FEASIBILITY_BACKEND_PORT:-127.0.0.1:8091}:8090 - depends_on: - - zars-feasibility-db - environment: - SPRING_DATASOURCE_URL: ${CODEX_FEASIBILITY_BACKEND_DATASOURCE_URL:-jdbc:postgresql://zars-feasibility-db:5432/codex_ui?currentSchema=codex} - SPRING_DATASOURCE_USERNAME: ${CODEX_FEASIBILITY_BACKEND_DATASOURCE_USERNAME:-codex-postgres} - SPRING_DATASOURCE_PASSWORD: ${CODEX_FEASIBILITY_BACKEND_DATASOURCE_PASSWORD:-codex-password} - BROKER_CLIENT_TYPE: ${CODEX_FEASIBILITY_BACKEND_BROKER_CLIENT_TYPE:-AKTIN} - KEYCLOAK_ENABLED: ${CODEX_FEASIBILITY_BACKEND_KEYCLOAK_ENABLED:-true} - KEYCLOAK_BASE_URL: ${CODEX_FEASIBILITY_BACKEND_KEYCLOAK_BASE_URL:-http://keycloak:8080} - KEYCLOAK_REALM: ${CODEX_FEASIBILITY_BACKEND_KEYCLOAK_REALM:-codex-develop} - KEYCLOAK_CLIENT_ID: ${CODEX_FEASIBILITY_BACKEND_KEYCLOAK_CLIENT_ID:-feasibility-gui} - CQL_TRANSLATE_ENABLED: ${CODEX_FEASIBILITY_BACKEND_CQL_TRANSLATE_ENABLED:-false} - FHIR_TRANSLATE_ENABLED: ${CODEX_FEASIBILITY_BACKEND_FHIR_TRANSLATE_ENABLED:-false} - FLARE_WEBSERVICE_BASE_URL: ${CODEX_FEASIBILITY_BACKEND_FLARE_WEBSERVICE_BASE_URL:-http://zars-flare:5000} - API_BASE_URL: ${CODEX_FEASIBILITY_BACKEND_API_BASE_URL:-https://localhost/api/} - BROKER_CLIENT_DIRECT_ENABLED: ${CODEX_FEASIBILITY_BACKEND_DIRECT_ENABLED:-false} - # ---- Aktin - BROKER_CLIENT_AKTIN_ENABLED: ${CODEX_FEASIBILITY_BACKEND_AKTIN_ENABLED:-false} - AKTIN_BROKER_BASE_URL: ${CODEX_FEASIBILITY_BACKEND_AKTIN_BROKER_BASE_URL:-http://aktin-broker:8080/broker/} - AKTIN_BROKER_API_KEY: ${CODEX_FEASIBILITY_BACKEND_AKTIN_BROKER_API_KEY:-xxxApiKeyAdmin123} - # ---- DSF - DSF_SECURITY_CACERT: "/opt/codex-feasibility-security/ca.pem" - DSF_SECURITY_KEYSTORE_P12FILE: "/opt/codex-feasibility-security/test-user.p12" - DSF_SECURITY_KEYSTORE_PASSWORD: "password" - DSF_WEBSERVICE_BASE_URL: "https://dsf-zars-fhir-proxy/fhir" - DSF_WEBSOCKET_URL: "wss://dsf-zars-fhir-proxy:443/fhir/ws" - DSF_ORGANIZATION_ID: "Test_ZARS" - volumes: - - ${CODEX_FEASIBILITY_BACKEND_UI_PROFILES_PATH:-../ontology/ui_profiles}:/opt/codex-feasibility-backend/ontology/ui_profiles - - ${CODEX_FEASIBILITY_BACKEND_CONCEPT_TREE_PATH:-../ontology/codex-code-tree.json}:/opt/codex-feasibility-backend/ontology/conceptTree.json - - ${CODEX_FEASIBILITY_BACKEND_TERM_CODE_MAPPING_PATH:-../ontology/codex-term-code-mapping.json}:/opt/codex-feasibility-backend/ontology/termCodeMapping.json - - ${CODEX_FEASIBILITY_BACKEND_CERTS_PATH:-../dsf-broker/certs}:/opt/codex-feasibility-security - - zars-feasibility-db: - image: 'postgres:13.1-alpine' - ports: - - ${CODEX_FEASIBILITY_BACKEND_DB_PORT:-127.0.0.1:5432}:5432 - environment: - POSTGRES_USER: ${CODEX_FEASIBILITY_BACKEND_DATASOURCE_USERNAME:-codex-postgres} - POSTGRES_PASSWORD: ${CODEX_FEASIBILITY_BACKEND_DATASOURCE_PASSWORD:-codex-password} - POSTGRES_DB: codex_ui diff --git a/zars/dsf-broker/.env b/zars/dsf-broker/.env deleted file mode 100644 index af82f2e..0000000 --- a/zars/dsf-broker/.env +++ /dev/null @@ -1,2 +0,0 @@ -ZARS_USER_THUMBPRINTS=d134d0ba1c925703ab2ed3b7a243bd95934e313337640c98399d703d423707a5c6635cf884f4b240b2bc6634a0e770f0d565410016b71ce237c1952118f9295d,d2e7338c3e9fc96a081b1a8983a847028859a68e5e318cb79cd6d0b2e9508e91698c373bbcdf56f774d6a9997e4a83a28fb6046ec80f8551ae38de49fe03b202 -ZARS_USER_THUMBPRINTS_PERMANENT_DELETE=d134d0ba1c925703ab2ed3b7a243bd95934e313337640c98399d703d423707a5c6635cf884f4b240b2bc6634a0e770f0d565410016b71ce237c1952118f9295d,d2e7338c3e9fc96a081b1a8983a847028859a68e5e318cb79cd6d0b2e9508e91698c373bbcdf56f774d6a9997e4a83a28fb6046ec80f8551ae38de49fe03b202 diff --git a/zars/dsf-broker/bpe/app/last_event/.gitkeep b/zars/dsf-broker/bpe/app/last_event/.gitkeep deleted file mode 100644 index e69de29..0000000 diff --git a/zars/dsf-broker/docker-compose.yml b/zars/dsf-broker/docker-compose.yml deleted file mode 100644 index dea3eab..0000000 --- a/zars/dsf-broker/docker-compose.yml +++ /dev/null @@ -1,182 +0,0 @@ -version: '3.7' - -services: - - # ---- Proxy ---------------------------------------------------------------- - dsf-zars-fhir-proxy: - image: nginx:1.21 - restart: on-failure - ports: - - "127.0.0.1:443:443" - secrets: - - proxy_certificate_and_int_cas.pem - - proxy_certificate_private_key.pem - - proxy_trusted_client_cas.pem - volumes: - - type: bind - source: ./proxy/nginx.conf - target: /etc/nginx/nginx.conf - read_only: true - environment: - TZ: Europe/Berlin - depends_on: - - dsf-zars-fhir-app - - dsf-zars-fhir-app: - image: ghcr.io/highmed/fhir:0.5.2 - restart: on-failure - ports: - - "127.0.0.1:11345:8080" - volumes: - - type: bind - source: ./fhir/app/conf/bundle.xml - target: /opt/fhir/conf/bundle.xml - secrets: - - db_liquibase.password - - db_fhir_zars_user.password - - db_fhir_zars_user_permanent_delete.password - - app_client_trust_certificates.pem - - app_zars_client_certificate.pem - - app_zars_client_certificate_private_key.pem - - app_client_certificate_private_key.pem.password - environment: - ORG_HIGHMED_DSF_FHIR_DB_LIQUIBASE_PASSWORD_FILE: /run/secrets/db_liquibase.password - ORG_HIGHMED_DSF_FHIR_DB_USER_PASSWORD_FILE: /run/secrets/db_fhir_zars_user.password - ORG_HIGHMED_DSF_FHIR_DB_USER_PERMANENT_DELETE_PASSWORD_FILE: /run/secrets/db_fhir_zars_user_permanent_delete.password - ORG_HIGHMED_DSF_FHIR_CLIENT_TRUST_CERTIFICATES: /run/secrets/app_client_trust_certificates.pem - ORG_HIGHMED_DSF_FHIR_CLIENT_CERTIFICATE: /run/secrets/app_zars_client_certificate.pem - ORG_HIGHMED_DSF_FHIR_CLIENT_CERTIFICATE_PRIVATE_KEY: /run/secrets/app_zars_client_certificate_private_key.pem - ORG_HIGHMED_DSF_FHIR_CLIENT_CERTIFICATE_PRIVATE_KEY_PASSWORD_FILE: /run/secrets/app_client_certificate_private_key.pem.password - ORG_HIGHMED_DSF_FHIR_DB_URL: jdbc:postgresql://dsf-zars-fhir-db/fhir - ORG_HIGHMED_DSF_FHIR_DB_USER_GROUP: zars_fhir_users - ORG_HIGHMED_DSF_FHIR_DB_USER_USERNAME: zars_fhir_server_user - ORG_HIGHMED_DSF_FHIR_DB_USER_PERMANENT_DELETE_GROUP: zars_fhir_permanent_delete_users - ORG_HIGHMED_DSF_FHIR_DB_USER_PERMANENT_DELETE_USERNAME: zars_fhir_server_permanent_delete_user - ORG_HIGHMED_DSF_FHIR_SERVER_BASE_URL: https://dsf-zars-fhir-proxy/fhir - ORG_HIGHMED_DSF_FHIR_SERVER_ORGANIZATION_IDENTIFIER_VALUE: Test_ZARS - ORG_HIGHMED_DSF_FHIR_SERVER_USER_THUMBPRINTS: "d134d0ba1c925703ab2ed3b7a243bd95934e313337640c98399d703d423707a5c6635cf884f4b240b2bc6634a0e770f0d565410016b71ce237c1952118f9295d,d2e7338c3e9fc96a081b1a8983a847028859a68e5e318cb79cd6d0b2e9508e91698c373bbcdf56f774d6a9997e4a83a28fb6046ec80f8551ae38de49fe03b202" - ORG_HIGHMED_DSF_FHIR_SERVER_USER_THUMBPRINTS_PERMANENT_DELETE: "d134d0ba1c925703ab2ed3b7a243bd95934e313337640c98399d703d423707a5c6635cf884f4b240b2bc6634a0e770f0d565410016b71ce237c1952118f9295d,d2e7338c3e9fc96a081b1a8983a847028859a68e5e318cb79cd6d0b2e9508e91698c373bbcdf56f774d6a9997e4a83a28fb6046ec80f8551ae38de49fe03b202" - EXTRA_JVM_ARGS: ${CODEX_DSF_ZARS_FHIR_APP_JVM_ARGS} - TZ: Europe/Berlin - #CORS_ORIGINS: "http://zars-feasibility-gui-backend" - # ORGANIZATION_TYPE: "MeDIC" - needs to be put into the fhir resource organisation - depends_on: - - dsf-zars-fhir-db - - dsf-zars-fhir-db: - image: postgres:13 - restart: on-failure - healthcheck: - test: [ "CMD-SHELL", "pg_isready -U liquibase_user -d fhir" ] - interval: 10s - timeout: 5s - retries: 5 - environment: - POSTGRES_PASSWORD_FILE: /run/secrets/db_liquibase.password - POSTGRES_USER: liquibase_user - POSTGRES_DB: fhir - volumes: - - type: volume - source: dsf-zars-fhir-db-data - target: /var/lib/postgresql/data - secrets: - - db_liquibase.password - - # ZARS BPE ------------------------------------------------------------------ - dsf-zars-bpe-app: - image: ghcr.io/highmed/bpe:0.5.2 - restart: on-failure - volumes: - - type: bind - source: ../../assets/codex-process-feasibility-0.1.0-RC6.jar - target: /opt/bpe/process/codex-process-feasibility-0.1.0-RC6.jar - read_only: true - - type: bind - source: ./bpe/app/last_event - target: /opt/bpe/last_event - - type: bind - source: ../../assets/hapi-fhir-client-5.1.0.jar - target: /opt/bpe/plugin/hapi-fhir-client-5.1.0.jar - secrets: - - db_liquibase.password - - db_zars_bpe_user.password - - db_zars_bpe_user_camunda.password - - app_client_trust_certificates.pem - - app_zars_client_certificate.pem - - app_zars_client_certificate_private_key.pem - - app_client_certificate_private_key.pem.password - environment: - ORG_HIGHMED_DSF_BPE_DB_LIQUIBASE_PASSWORD_FILE: /run/secrets/db_liquibase.password - ORG_HIGHMED_DSF_BPE_DB_USER_PASSWORD_FILE: /run/secrets/db_zars_bpe_user.password - ORG_HIGHMED_DSF_BPE_DB_USER_CAMUNDA_PASSWORD_FILE: /run/secrets/db_zars_bpe_user_camunda.password - ORG_HIGHMED_DSF_BPE_FHIR_CLIENT_TRUST_CERTIFICATES: /run/secrets/app_client_trust_certificates.pem - ORG_HIGHMED_DSF_BPE_FHIR_CLIENT_CERTIFICATE: /run/secrets/app_zars_client_certificate.pem - ORG_HIGHMED_DSF_BPE_FHIR_CLIENT_CERTIFICATE_PRIVATE_KEY: /run/secrets/app_zars_client_certificate_private_key.pem - ORG_HIGHMED_DSF_BPE_FHIR_CLIENT_CERTIFICATE_PRIVATE_KEY_PASSWORD_FILE: /run/secrets/app_client_certificate_private_key.pem.password - ORG_HIGHMED_DSF_BPE_DB_URL: jdbc:postgresql://dsf-zars-bpe-db/bpe - ORG_HIGHMED_DSF_BPE_DB_USER_GROUP: zars_bpe_users - ORG_HIGHMED_DSF_BPE_DB_USER_USERNAME: zars_bpe_server_user - ORG_HIGHMED_DSF_BPE_DB_USER_CAMUNDA_GROUP: zars_camunda_users - ORG_HIGHMED_DSF_BPE_DB_USER_CAMUNDA_USERNAME: zars_camunda_server_user - ORG_HIGHMED_DSF_BPE_FHIR_SERVER_ORGANIZATION_IDENTIFIER_VALUE: Test_ZARS - ORG_HIGHMED_DSF_BPE_FHIR_SERVER_BASE_URL: https://dsf-zars-fhir-proxy/fhir - EXTRA_JVM_ARGS: ${CODEX_DSF_ZARS_BPE_APP_JVM_ARGS} - TZ: "Europe/Berlin" - # WEBSOCKET_URL: "wss://dsf-zars-fhir-proxy/fhir/ws" - depends_on: - - dsf-zars-bpe-db - - dsf-zars-fhir-proxy - - dsf-zars-bpe-db: - image: postgres:13 - restart: on-failure - healthcheck: - test: [ "CMD-SHELL", "pg_isready -U liquibase_user -d bpe" ] - interval: 10s - timeout: 5s - retries: 5 - environment: - POSTGRES_PASSWORD_FILE: /run/secrets/db_liquibase.password - POSTGRES_USER: liquibase_user - POSTGRES_DB: bpe - volumes: - - type: volume - source: dsf-zars-bpe-db-data - target: /var/lib/postgresql/data - secrets: - - db_liquibase.password - -secrets: - proxy_certificate_and_int_cas.pem: - file: ../../secrets/proxy_certificate_and_int_cas.pem - proxy_certificate_private_key.pem: - file: ../../secrets/proxy_certificate_private_key.pem - proxy_trusted_client_cas.pem: - file: ../../secrets/proxy_trusted_client_cas.pem - - app_client_trust_certificates.pem: - file: ../../secrets/app_client_trust_certificates.pem - app_client_certificate_private_key.pem.password: - file: ../../secrets/app_client_certificate_private_key.pem.password - - db_liquibase.password: - file: ../../secrets/db_liquibase.password - - db_zars_bpe_user.password: - file: ../../secrets/db_zars_bpe_user.password - db_zars_bpe_user_camunda.password: - file: ../../secrets/db_zars_bpe_user_camunda.password - app_zars_client_certificate.pem: - file: ../../secrets/app_zars_client_certificate.pem - app_zars_client_certificate_private_key.pem: - file: ../../secrets/app_zars_client_certificate_private_key.pem - db_fhir_zars_user.password: - file: ../../secrets/db_fhir_zars_user.password - db_fhir_zars_user_permanent_delete.password: - file: ../../secrets/db_fhir_zars_user_permanent_delete.password - -volumes: - dsf-zars-fhir-db-data: - name: "dsf-zars-fhir-db-data" - dsf-zars-bpe-db-data: - name: "dsf-zars-bpe-db-data" diff --git a/zars/dsf-broker/down.sh b/zars/dsf-broker/down.sh deleted file mode 100755 index 5f42f5b..0000000 --- a/zars/dsf-broker/down.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/usr/bin/env sh - -# Arguments -# 1: docker-compose project token - -BASE_DIR="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -docker-compose -p $1 -f $BASE_DIR/docker-compose.yml down diff --git a/zars/dsf-broker/fhir/app/conf/bundle.xml b/zars/dsf-broker/fhir/app/conf/bundle.xml deleted file mode 100644 index fec5766..0000000 --- a/zars/dsf-broker/fhir/app/conf/bundle.xml +++ /dev/null @@ -1,262 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/zars/dsf-broker/proxy/nginx.conf b/zars/dsf-broker/proxy/nginx.conf deleted file mode 100644 index 13b2b26..0000000 --- a/zars/dsf-broker/proxy/nginx.conf +++ /dev/null @@ -1,59 +0,0 @@ - -user nginx; -worker_processes 1; - -error_log /var/log/nginx/error.log warn; -pid /var/run/nginx.pid; - - -events { - worker_connections 1024; -} - - -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - #tcp_nopush on; - - keepalive_timeout 65; - - #gzip on; - - ssl_certificate /run/secrets/proxy_certificate_and_int_cas.pem; - ssl_certificate_key /run/secrets/proxy_certificate_private_key.pem; - ssl_protocols TLSv1.3; - ssl_prefer_server_ciphers off; - add_header Strict-Transport-Security "max-age=63072000" always; - - ssl_client_certificate /run/secrets/proxy_trusted_client_cas.pem; - ssl_verify_client on; - ssl_verify_depth 2; - - include /etc/nginx/conf.d/*.conf; - - server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name dsf-zars-fhir-proxy; - - location / { - proxy_set_header X-ClientCert $ssl_client_escaped_cert; - - proxy_pass http://dsf-zars-fhir-app:8080; - - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 43200s; - } - } -} diff --git a/zars/dsf-broker/start.sh b/zars/dsf-broker/start.sh deleted file mode 100755 index d54f0b7..0000000 --- a/zars/dsf-broker/start.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/usr/bin/env sh - -# Arguments -# 1: docker-compose project token - -BASE_DIR="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# FHIR ------------------------------------------------------------------------ - -echo "Starting ZARS FHIR app..." -docker-compose -p $1 -f $BASE_DIR/docker-compose.yml up -d dsf-zars-fhir-proxy -echo -n "Waiting for full startup of the DSF ZARS FHIR app..." -( docker-compose -p $1 -f $BASE_DIR/docker-compose.yml logs -f dsf-zars-fhir-app & ) | grep -E -q '^.* Server\.doStart.* \| Started.*' -echo "DONE" - -# BPE ------------------------------------------------------------------------- - -echo -n "Setting permissions for ZARS BPE app..." -chmod a+w -R bpe/app/last_event -echo "DONE" - -echo "Starting ZARS BPE app..." -docker-compose -p $1 -f $BASE_DIR/docker-compose.yml up -d dsf-zars-bpe-app -echo -n "Waiting for full startup of the DSF ZARS BPE app..." -( docker-compose -p $1 -f $BASE_DIR/docker-compose.yml logs -f dsf-zars-bpe-app & ) | grep -E -q '^.* Server\.doStart.* \| Started.*' -echo "DONE" diff --git a/zars/dsf-broker/stop.sh b/zars/dsf-broker/stop.sh deleted file mode 100755 index 83b63c9..0000000 --- a/zars/dsf-broker/stop.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/usr/bin/env sh - -# Arguments -# 1: docker-compose project token - -BASE_DIR="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -docker-compose -p $1 -f $BASE_DIR/docker-compose.yml stop diff --git a/zars/keycloak/docker-compose.yml b/zars/keycloak/docker-compose.yml deleted file mode 100644 index e8c4e88..0000000 --- a/zars/keycloak/docker-compose.yml +++ /dev/null @@ -1,39 +0,0 @@ -version: "3.7" - -services: - db: - container_name: codexkeycloakdb - image: postgres:14-alpine - restart: unless-stopped - environment: - POSTGRES_PASSWORD: postgres - POSTGRES_DB: keycloak - POSTGRES_USER: keycloak - volumes: - - "db:/var/lib/postgresql/data" - - keycloak: - container_name: codexkeycloak - image: jboss/keycloak:15.0.2 - restart: unless-stopped - environment: - DB_VENDOR: POSTGRES - DB_ADDR: db - DB_DATABASE: keycloak - DB_USER: keycloak - DB_SCHEMA: public - DB_PASSWORD: postgres - KEYCLOAK_USER: admin - KEYCLOAK_PASSWORD: ${FEASIBILITY_KEYCLOAK_ADMIN_PW:-admin} - PROXY_ADDRESS_FORWARDING: "true" - KEYCLOAK_IMPORT: /tmp/initial-realm.json - KEYCLOAK_FRONTEND_URL: ${FEASIBILITY_KEYCLOAK_BASE_URL:-https://localhost/auth} - volumes: - - ${KEYCLOAKIMPORTFILE:-./init/initial-realm-prod.json}:/tmp/initial-realm.json - - ../auth/cert.pem:/etc/x509/https/tls.crt - - ../auth/key.pem:/etc/x509/https/tls.key - depends_on: - - db - -volumes: - db: diff --git a/zars/keycloak/init/initial-realm-prod.json b/zars/keycloak/init/initial-realm-prod.json deleted file mode 100644 index 04297f4..0000000 --- a/zars/keycloak/init/initial-realm-prod.json +++ /dev/null @@ -1,2904 +0,0 @@ -{ -"id": "codex-develop", -"realm": "codex-develop", -"displayName": "codex develop realm", -"notBefore": 0, -"defaultSignatureAlgorithm": "RS256", -"revokeRefreshToken": false, -"refreshTokenMaxReuse": 0, -"accessTokenLifespan": 300, -"accessTokenLifespanForImplicitFlow": 900, -"ssoSessionIdleTimeout": 1800, -"ssoSessionMaxLifespan": 36000, -"ssoSessionIdleTimeoutRememberMe": 0, -"ssoSessionMaxLifespanRememberMe": 0, -"offlineSessionIdleTimeout": 2592000, -"offlineSessionMaxLifespanEnabled": false, -"offlineSessionMaxLifespan": 5184000, -"clientSessionIdleTimeout": 0, -"clientSessionMaxLifespan": 0, -"clientOfflineSessionIdleTimeout": 0, -"clientOfflineSessionMaxLifespan": 0, -"accessCodeLifespan": 60, -"accessCodeLifespanUserAction": 300, -"accessCodeLifespanLogin": 1800, -"actionTokenGeneratedByAdminLifespan": 43200, -"actionTokenGeneratedByUserLifespan": 300, -"oauth2DeviceCodeLifespan": 600, -"oauth2DevicePollingInterval": 5, -"enabled": true, -"sslRequired": "external", -"registrationAllowed": false, -"registrationEmailAsUsername": false, -"rememberMe": false, -"verifyEmail": false, -"loginWithEmailAllowed": true, -"duplicateEmailsAllowed": false, -"resetPasswordAllowed": false, -"editUsernameAllowed": false, -"bruteForceProtected": true, -"permanentLockout": false, -"maxFailureWaitSeconds": 900, -"minimumQuickLoginWaitSeconds": 60, -"waitIncrementSeconds": 60, -"quickLoginCheckMilliSeconds": 1000, -"maxDeltaTimeSeconds": 43200, -"failureFactor": 30, -"roles": { -"realm": [ -{ -"id": "234d9488-fd72-47ff-aaaa-9182cf4e9c94", -"name": "CODEX_USER", -"description": "this is for development purposes only and allows full access to all features", -"composite": false, -"clientRole": false, -"containerId": "codex-develop", -"attributes": {} -}, -{ -"id": "7d988f33-e10a-437c-9470-fa817fce27fd", -"name": "default-roles-codex-develop", -"description": "${role_default-roles}", -"composite": true, -"composites": { -"realm": [ -"offline_access", -"uma_authorization" -], -"client": { -"account": [ -"view-profile", -"manage-account" -] -} -}, -"clientRole": false, -"containerId": "codex-develop", -"attributes": {} -}, -{ -"id": "2115205d-7d9d-4588-ba58-c7119f5cadb8", -"name": "uma_authorization", -"description": "${role_uma_authorization}", -"composite": false, -"clientRole": false, -"containerId": "codex-develop", -"attributes": {} -}, -{ -"id": "7575186c-ee41-492b-8c2c-a3046a28baaa", -"name": "offline_access", -"description": "${role_offline-access}", -"composite": false, -"clientRole": false, -"containerId": "codex-develop", -"attributes": {} -} -], -"client": { -"diz-ukf": [], -"realm-management": [ -{ -"id": "6ef2f4a0-e69f-48e2-ade5-789867a1f506", -"name": "create-client", -"description": "${role_create-client}", -"composite": false, -"clientRole": true, -"containerId": "97968df9-46f9-4444-9863-e200f600bc7b", -"attributes": {} -}, -{ -"id": "06bce4fa-6063-4f40-b07f-57bf13ac02d6", -"name": "view-events", -"description": "${role_view-events}", -"composite": false, -"clientRole": true, -"containerId": "97968df9-46f9-4444-9863-e200f600bc7b", -"attributes": {} -}, -{ -"id": "d3a727f9-dc79-43e0-8538-f503472a981c", -"name": "manage-events", -"description": "${role_manage-events}", -"composite": false, -"clientRole": true, -"containerId": "97968df9-46f9-4444-9863-e200f600bc7b", -"attributes": {} -}, -{ -"id": "620cec8e-9472-49a6-9c87-0d38cb612ce6", -"name": "manage-realm", -"description": "${role_manage-realm}", -"composite": false, -"clientRole": true, -"containerId": "97968df9-46f9-4444-9863-e200f600bc7b", -"attributes": {} -}, -{ -"id": "041baff5-7dba-4610-ac57-cbe6e322c5ee", -"name": "query-groups", -"description": "${role_query-groups}", -"composite": false, -"clientRole": true, -"containerId": "97968df9-46f9-4444-9863-e200f600bc7b", -"attributes": {} -}, -{ -"id": "ded66799-c4cc-40eb-a41c-6664f737133a", -"name": "view-realm", -"description": "${role_view-realm}", -"composite": false, -"clientRole": true, -"containerId": "97968df9-46f9-4444-9863-e200f600bc7b", -"attributes": {} -}, -{ -"id": "7bc76c46-fa6d-4865-8de6-541d9c5cf3be", -"name": "manage-authorization", -"description": "${role_manage-authorization}", -"composite": false, -"clientRole": true, -"containerId": "97968df9-46f9-4444-9863-e200f600bc7b", -"attributes": {} -}, -{ -"id": "49a92e81-0540-47e0-bb65-d53439ed033d", -"name": "manage-identity-providers", -"description": "${role_manage-identity-providers}", -"composite": false, -"clientRole": true, -"containerId": "97968df9-46f9-4444-9863-e200f600bc7b", -"attributes": {} -}, -{ -"id": "ea9b2dfb-3b8f-4091-8b21-b93cbf468e76", -"name": "impersonation", -"description": "${role_impersonation}", -"composite": false, -"clientRole": true, -"containerId": "97968df9-46f9-4444-9863-e200f600bc7b", -"attributes": {} -}, -{ -"id": "cae8e208-6dd0-48d7-b576-1b74ee2325dc", -"name": "view-users", -"description": "${role_view-users}", -"composite": true, -"composites": { -"client": { -"realm-management": [ -"query-users", -"query-groups" -] -} -}, -"clientRole": true, -"containerId": "97968df9-46f9-4444-9863-e200f600bc7b", -"attributes": {} -}, -{ -"id": "e22e2a6d-2095-4491-a7a5-fa851a260f8a", -"name": "manage-users", -"description": "${role_manage-users}", -"composite": false, -"clientRole": true, -"containerId": "97968df9-46f9-4444-9863-e200f600bc7b", -"attributes": {} -}, -{ -"id": "0d64002a-678e-4edf-afb5-164b01e583ce", -"name": "query-users", -"description": "${role_query-users}", -"composite": false, -"clientRole": true, -"containerId": "97968df9-46f9-4444-9863-e200f600bc7b", -"attributes": {} -}, -{ -"id": "f67c03c2-940a-4dc7-94b1-c3b02c879cc8", -"name": "view-identity-providers", -"description": "${role_view-identity-providers}", -"composite": false, -"clientRole": true, -"containerId": "97968df9-46f9-4444-9863-e200f600bc7b", -"attributes": {} -}, -{ -"id": "5d80b412-33f2-4829-bf93-654a3a1d4729", -"name": "query-realms", -"description": "${role_query-realms}", -"composite": false, -"clientRole": true, -"containerId": "97968df9-46f9-4444-9863-e200f600bc7b", -"attributes": {} -}, -{ -"id": "1432e629-14a9-4cd5-a7e8-eb2604596bca", -"name": "query-clients", -"description": "${role_query-clients}", -"composite": false, -"clientRole": true, -"containerId": "97968df9-46f9-4444-9863-e200f600bc7b", -"attributes": {} -}, -{ -"id": "b1f9fa5d-6c81-462c-b057-84e95428afc1", -"name": "manage-clients", -"description": "${role_manage-clients}", -"composite": false, -"clientRole": true, -"containerId": "97968df9-46f9-4444-9863-e200f600bc7b", -"attributes": {} -}, -{ -"id": "b469f4e7-4488-4562-969f-a00e4d27a6af", -"name": "realm-admin", -"description": "${role_realm-admin}", -"composite": true, -"composites": { -"client": { -"realm-management": [ -"create-client", -"view-events", -"manage-events", -"manage-realm", -"query-groups", -"view-realm", -"manage-authorization", -"manage-identity-providers", -"impersonation", -"view-users", -"manage-users", -"query-users", -"view-identity-providers", -"query-realms", -"query-clients", -"manage-clients", -"view-authorization", -"view-clients" -] -} -}, -"clientRole": true, -"containerId": "97968df9-46f9-4444-9863-e200f600bc7b", -"attributes": {} -}, -{ -"id": "39334f25-7fac-4535-b37b-45bd4b9e30ca", -"name": "view-authorization", -"description": "${role_view-authorization}", -"composite": false, -"clientRole": true, -"containerId": "97968df9-46f9-4444-9863-e200f600bc7b", -"attributes": {} -}, -{ -"id": "53d2e35b-1391-455a-89dc-f91566062994", -"name": "view-clients", -"description": "${role_view-clients}", -"composite": true, -"composites": { -"client": { -"realm-management": [ -"query-clients" -] -} -}, -"clientRole": true, -"containerId": "97968df9-46f9-4444-9863-e200f600bc7b", -"attributes": {} -} -], -"diz-umm": [], -"feasibility-gui": [], -"security-admin-console": [], -"diz-uker": [], -"admin-cli": [], -"middleware-broker": [], -"diz-uka": [], -"account-console": [], -"broker": [ -{ -"id": "bd3f8312-52f1-4bc9-b708-152285b87b94", -"name": "read-token", -"description": "${role_read-token}", -"composite": false, -"clientRole": true, -"containerId": "f3955d64-565f-46c3-bf0d-2e8a9716e504", -"attributes": {} -} -], -"account": [ -{ -"id": "c078d5c6-80bc-4811-b31a-24f54216d22b", -"name": "delete-account", -"description": "${role_delete-account}", -"composite": false, -"clientRole": true, -"containerId": "58de4034-0047-40f4-a0c7-7d746cd19d72", -"attributes": {} -}, -{ -"id": "3b4e41be-e77d-4a7a-a82a-90a064c0b3ed", -"name": "manage-consent", -"description": "${role_manage-consent}", -"composite": true, -"composites": { -"client": { -"account": [ -"view-consent" -] -} -}, -"clientRole": true, -"containerId": "58de4034-0047-40f4-a0c7-7d746cd19d72", -"attributes": {} -}, -{ -"id": "f45d884b-1c5a-44bb-b617-1fc59ad30ff2", -"name": "view-applications", -"description": "${role_view-applications}", -"composite": false, -"clientRole": true, -"containerId": "58de4034-0047-40f4-a0c7-7d746cd19d72", -"attributes": {} -}, -{ -"id": "a69ead20-97b1-47ac-b3e1-ac89d180802b", -"name": "view-profile", -"description": "${role_view-profile}", -"composite": false, -"clientRole": true, -"containerId": "58de4034-0047-40f4-a0c7-7d746cd19d72", -"attributes": {} -}, -{ -"id": "25cc13e9-4b87-40c0-b894-4ff14a760581", -"name": "manage-account-links", -"description": "${role_manage-account-links}", -"composite": false, -"clientRole": true, -"containerId": "58de4034-0047-40f4-a0c7-7d746cd19d72", -"attributes": {} -}, -{ -"id": "173548bf-ff7b-49a4-99f2-be38c0be0453", -"name": "manage-account", -"description": "${role_manage-account}", -"composite": true, -"composites": { -"client": { -"account": [ -"manage-account-links" -] -} -}, -"clientRole": true, -"containerId": "58de4034-0047-40f4-a0c7-7d746cd19d72", -"attributes": {} -}, -{ -"id": "93c6eaad-2278-4617-8ac2-b9838a4fc8a6", -"name": "view-consent", -"description": "${role_view-consent}", -"composite": false, -"clientRole": true, -"containerId": "58de4034-0047-40f4-a0c7-7d746cd19d72", -"attributes": {} -} -] -} -}, -"groups": [ -{ -"id": "cce70ab0-7355-4210-baf7-93d07343f852", -"name": "codex-develop", -"path": "/codex-develop", -"attributes": {}, -"realmRoles": [ -"CODEX_USER" -], -"clientRoles": {}, -"subGroups": [] -} -], -"defaultRole": { -"id": "7d988f33-e10a-437c-9470-fa817fce27fd", -"name": "default-roles-codex-develop", -"description": "${role_default-roles}", -"composite": true, -"clientRole": false, -"containerId": "codex-develop" -}, -"requiredCredentials": [ -"password" -], -"otpPolicyType": "totp", -"otpPolicyAlgorithm": "HmacSHA1", -"otpPolicyInitialCounter": 0, -"otpPolicyDigits": 6, -"otpPolicyLookAheadWindow": 1, -"otpPolicyPeriod": 30, -"otpSupportedApplications": [ -"FreeOTP", -"Google Authenticator" -], -"webAuthnPolicyRpEntityName": "keycloak", -"webAuthnPolicySignatureAlgorithms": [ -"ES256" -], -"webAuthnPolicyRpId": "", -"webAuthnPolicyAttestationConveyancePreference": "not specified", -"webAuthnPolicyAuthenticatorAttachment": "not specified", -"webAuthnPolicyRequireResidentKey": "not specified", -"webAuthnPolicyUserVerificationRequirement": "not specified", -"webAuthnPolicyCreateTimeout": 0, -"webAuthnPolicyAvoidSameAuthenticatorRegister": false, -"webAuthnPolicyAcceptableAaguids": [], -"webAuthnPolicyPasswordlessRpEntityName": "keycloak", -"webAuthnPolicyPasswordlessSignatureAlgorithms": [ -"ES256" -], -"webAuthnPolicyPasswordlessRpId": "", -"webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", -"webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", -"webAuthnPolicyPasswordlessRequireResidentKey": "not specified", -"webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", -"webAuthnPolicyPasswordlessCreateTimeout": 0, -"webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, -"webAuthnPolicyPasswordlessAcceptableAaguids": [], -"users": [ -{ -"id": "e110ea20-bb3f-439f-b17e-40b4f378c366", -"createdTimestamp": 1611754418555, -"username": "service-account-diz-uka", -"enabled": true, -"totp": false, -"emailVerified": false, -"serviceAccountClientId": "diz-uka", -"disableableCredentialTypes": [], -"requiredActions": [], -"realmRoles": [ -"uma_authorization", -"offline_access" -], -"clientRoles": { -"account": [ -"view-profile", -"manage-account" -] -}, -"notBefore": 0, -"groups": [] -}, -{ -"id": "e1d5f479-21fb-4838-b79b-1138f283ac9f", -"createdTimestamp": 1611752991562, -"username": "service-account-diz-uker", -"enabled": true, -"totp": false, -"emailVerified": false, -"serviceAccountClientId": "diz-uker", -"disableableCredentialTypes": [], -"requiredActions": [], -"realmRoles": [ -"uma_authorization", -"offline_access" -], -"clientRoles": { -"account": [ -"view-profile", -"manage-account" -] -}, -"notBefore": 0, -"groups": [] -}, -{ -"id": "e9cf9ac9-7894-4e34-a9b5-242a8fdc4a2f", -"createdTimestamp": 1611750913052, -"username": "service-account-diz-ukf", -"enabled": true, -"totp": false, -"emailVerified": false, -"serviceAccountClientId": "diz-ukf", -"disableableCredentialTypes": [], -"requiredActions": [], -"realmRoles": [ -"uma_authorization", -"offline_access" -], -"clientRoles": { -"account": [ -"view-profile", -"manage-account" -] -}, -"notBefore": 0, -"groups": [] -}, -{ -"id": "b9235783-d5ad-4f0b-ab0b-b99c21d0106a", -"createdTimestamp": 1611755169205, -"username": "service-account-diz-umm", -"enabled": true, -"totp": false, -"emailVerified": false, -"serviceAccountClientId": "diz-umm", -"disableableCredentialTypes": [], -"requiredActions": [], -"realmRoles": [ -"uma_authorization", -"offline_access" -], -"clientRoles": { -"account": [ -"view-profile", -"manage-account" -] -}, -"notBefore": 0, -"groups": [] -} -], -"scopeMappings": [ -{ -"client": "feasibility-gui", -"roles": [ -"CODEX_USER" -] -}, -{ -"clientScope": "offline_access", -"roles": [ -"offline_access" -] -} -], -"clientScopeMappings": { -"account": [ -{ -"client": "account-console", -"roles": [ -"manage-account" -] -} -] -}, -"clients": [ -{ -"id": "58de4034-0047-40f4-a0c7-7d746cd19d72", -"clientId": "account", -"name": "${client_account}", -"rootUrl": "${authBaseUrl}", -"baseUrl": "/realms/codex-develop/account/", -"surrogateAuthRequired": false, -"enabled": true, -"alwaysDisplayInConsole": false, -"clientAuthenticatorType": "client-secret", -"secret": "**********", -"redirectUris": [ -"/realms/codex-develop/account/*" -], -"webOrigins": [], -"notBefore": 0, -"bearerOnly": false, -"consentRequired": false, -"standardFlowEnabled": true, -"implicitFlowEnabled": false, -"directAccessGrantsEnabled": false, -"serviceAccountsEnabled": false, -"publicClient": false, -"frontchannelLogout": false, -"protocol": "openid-connect", -"attributes": {}, -"authenticationFlowBindingOverrides": {}, -"fullScopeAllowed": false, -"nodeReRegistrationTimeout": 0, -"defaultClientScopes": [ -"web-origins", -"roles", -"profile", -"email" -], -"optionalClientScopes": [ -"address", -"phone", -"offline_access", -"microprofile-jwt" -] -}, -{ -"id": "3787bcaa-e3cf-47fc-a103-01bad3079cfd", -"clientId": "account-console", -"name": "${client_account-console}", -"rootUrl": "${authBaseUrl}", -"baseUrl": "/realms/codex-develop/account/", -"surrogateAuthRequired": false, -"enabled": true, -"alwaysDisplayInConsole": false, -"clientAuthenticatorType": "client-secret", -"secret": "**********", -"redirectUris": [ -"/realms/codex-develop/account/*" -], -"webOrigins": [], -"notBefore": 0, -"bearerOnly": false, -"consentRequired": false, -"standardFlowEnabled": true, -"implicitFlowEnabled": false, -"directAccessGrantsEnabled": false, -"serviceAccountsEnabled": false, -"publicClient": true, -"frontchannelLogout": false, -"protocol": "openid-connect", -"attributes": { -"pkce.code.challenge.method": "S256" -}, -"authenticationFlowBindingOverrides": {}, -"fullScopeAllowed": false, -"nodeReRegistrationTimeout": 0, -"protocolMappers": [ -{ -"id": "f2c4a481-3653-4873-b2d8-9f43a010c7d3", -"name": "audience resolve", -"protocol": "openid-connect", -"protocolMapper": "oidc-audience-resolve-mapper", -"consentRequired": false, -"config": {} -} -], -"defaultClientScopes": [ -"web-origins", -"roles", -"profile", -"email" -], -"optionalClientScopes": [ -"address", -"phone", -"offline_access", -"microprofile-jwt" -] -}, -{ -"id": "104a7fea-42b6-494f-b1c0-0e6bd39e80e2", -"clientId": "admin-cli", -"name": "${client_admin-cli}", -"surrogateAuthRequired": false, -"enabled": true, -"alwaysDisplayInConsole": false, -"clientAuthenticatorType": "client-secret", -"secret": "**********", -"redirectUris": [], -"webOrigins": [], -"notBefore": 0, -"bearerOnly": false, -"consentRequired": false, -"standardFlowEnabled": false, -"implicitFlowEnabled": false, -"directAccessGrantsEnabled": true, -"serviceAccountsEnabled": false, -"publicClient": true, -"frontchannelLogout": false, -"protocol": "openid-connect", -"attributes": {}, -"authenticationFlowBindingOverrides": {}, -"fullScopeAllowed": false, -"nodeReRegistrationTimeout": 0, -"defaultClientScopes": [ -"web-origins", -"roles", -"profile", -"email" -], -"optionalClientScopes": [ -"address", -"phone", -"offline_access", -"microprofile-jwt" -] -}, -{ -"id": "f3955d64-565f-46c3-bf0d-2e8a9716e504", -"clientId": "broker", -"name": "${client_broker}", -"surrogateAuthRequired": false, -"enabled": true, -"alwaysDisplayInConsole": false, -"clientAuthenticatorType": "client-secret", -"secret": "**********", -"redirectUris": [], -"webOrigins": [], -"notBefore": 0, -"bearerOnly": false, -"consentRequired": false, -"standardFlowEnabled": true, -"implicitFlowEnabled": false, -"directAccessGrantsEnabled": false, -"serviceAccountsEnabled": false, -"publicClient": false, -"frontchannelLogout": false, -"protocol": "openid-connect", -"attributes": {}, -"authenticationFlowBindingOverrides": {}, -"fullScopeAllowed": false, -"nodeReRegistrationTimeout": 0, -"defaultClientScopes": [ -"web-origins", -"roles", -"profile", -"email" -], -"optionalClientScopes": [ -"address", -"phone", -"offline_access", -"microprofile-jwt" -] -}, -{ -"id": "a990ffc5-3853-4911-aa0b-2e67acc67654", -"clientId": "diz-uka", -"surrogateAuthRequired": false, -"enabled": true, -"alwaysDisplayInConsole": false, -"clientAuthenticatorType": "client-secret", -"secret": "**********", -"redirectUris": [ -"*" -], -"webOrigins": [], -"notBefore": 0, -"bearerOnly": false, -"consentRequired": false, -"standardFlowEnabled": false, -"implicitFlowEnabled": false, -"directAccessGrantsEnabled": false, -"serviceAccountsEnabled": true, -"publicClient": false, -"frontchannelLogout": false, -"protocol": "openid-connect", -"attributes": { -"saml.assertion.signature": "false", -"saml.force.post.binding": "false", -"saml.multivalued.roles": "false", -"saml.encrypt": "false", -"backchannel.logout.revoke.offline.tokens": "false", -"saml.server.signature": "false", -"saml.server.signature.keyinfo.ext": "false", -"exclude.session.state.from.auth.response": "false", -"backchannel.logout.session.required": "true", -"client_credentials.use_refresh_token": "false", -"saml_force_name_id_format": "false", -"saml.client.signature": "false", -"tls.client.certificate.bound.access.tokens": "false", -"saml.authnstatement": "false", -"display.on.consent.screen": "false", -"saml.onetimeuse.condition": "false" -}, -"authenticationFlowBindingOverrides": {}, -"fullScopeAllowed": true, -"nodeReRegistrationTimeout": -1, -"protocolMappers": [ -{ -"id": "9ad40dc2-7d2f-4bcb-aff8-87b102683d59", -"name": "Client ID", -"protocol": "openid-connect", -"protocolMapper": "oidc-usersessionmodel-note-mapper", -"consentRequired": false, -"config": { -"user.session.note": "clientId", -"userinfo.token.claim": "true", -"id.token.claim": "true", -"access.token.claim": "true", -"claim.name": "clientId", -"jsonType.label": "String" -} -}, -{ -"id": "6d38235d-b875-4230-88b4-0a1fd85e2e3f", -"name": "Client IP Address", -"protocol": "openid-connect", -"protocolMapper": "oidc-usersessionmodel-note-mapper", -"consentRequired": false, -"config": { -"user.session.note": "clientAddress", -"userinfo.token.claim": "true", -"id.token.claim": "true", -"access.token.claim": "true", -"claim.name": "clientAddress", -"jsonType.label": "String" -} -}, -{ -"id": "db753d17-d132-4149-a728-12f98ff681a1", -"name": "site-id", -"protocol": "openid-connect", -"protocolMapper": "oidc-hardcoded-claim-mapper", -"consentRequired": false, -"config": { -"claim.value": "uka", -"userinfo.token.claim": "false", -"id.token.claim": "false", -"access.token.claim": "true", -"claim.name": "site-id", -"jsonType.label": "String", -"access.tokenResponse.claim": "false" -} -}, -{ -"id": "bffce946-42d7-4c80-909f-f7577efafe1f", -"name": "site-name", -"protocol": "openid-connect", -"protocolMapper": "oidc-hardcoded-claim-mapper", -"consentRequired": false, -"config": { -"claim.value": "Universitätsklinikum Aachen", -"userinfo.token.claim": "false", -"id.token.claim": "false", -"access.token.claim": "true", -"claim.name": "site-name", -"jsonType.label": "String", -"access.tokenResponse.claim": "false" -} -}, -{ -"id": "f893aae2-ee23-4536-97c1-7fbe41d8a69d", -"name": "Client Host", -"protocol": "openid-connect", -"protocolMapper": "oidc-usersessionmodel-note-mapper", -"consentRequired": false, -"config": { -"user.session.note": "clientHost", -"userinfo.token.claim": "true", -"id.token.claim": "true", -"access.token.claim": "true", -"claim.name": "clientHost", -"jsonType.label": "String" -} -} -], -"defaultClientScopes": [ -"web-origins", -"roles", -"profile", -"email" -], -"optionalClientScopes": [ -"address", -"phone", -"offline_access", -"microprofile-jwt" -] -}, -{ -"id": "b7c8fb32-3b2c-4b68-ac16-3dd7fd52c0db", -"clientId": "diz-uker", -"name": "DIZ Klinikum Erlangen", -"surrogateAuthRequired": false, -"enabled": true, -"alwaysDisplayInConsole": false, -"clientAuthenticatorType": "client-secret", -"secret": "**********", -"redirectUris": [ -"*" -], -"webOrigins": [], -"notBefore": 0, -"bearerOnly": false, -"consentRequired": false, -"standardFlowEnabled": true, -"implicitFlowEnabled": false, -"directAccessGrantsEnabled": false, -"serviceAccountsEnabled": true, -"publicClient": false, -"frontchannelLogout": false, -"protocol": "openid-connect", -"attributes": { -"saml.assertion.signature": "false", -"saml.force.post.binding": "false", -"saml.multivalued.roles": "false", -"saml.encrypt": "false", -"backchannel.logout.revoke.offline.tokens": "false", -"saml.server.signature": "false", -"saml.server.signature.keyinfo.ext": "false", -"exclude.session.state.from.auth.response": "false", -"backchannel.logout.session.required": "true", -"client_credentials.use_refresh_token": "false", -"saml_force_name_id_format": "false", -"saml.client.signature": "false", -"tls.client.certificate.bound.access.tokens": "false", -"saml.authnstatement": "false", -"display.on.consent.screen": "false", -"saml.onetimeuse.condition": "false" -}, -"authenticationFlowBindingOverrides": {}, -"fullScopeAllowed": true, -"nodeReRegistrationTimeout": -1, -"protocolMappers": [ -{ -"id": "7d24f353-3c53-4999-a751-9fd4e68af32b", -"name": "Client Host", -"protocol": "openid-connect", -"protocolMapper": "oidc-usersessionmodel-note-mapper", -"consentRequired": false, -"config": { -"user.session.note": "clientHost", -"userinfo.token.claim": "true", -"id.token.claim": "true", -"access.token.claim": "true", -"claim.name": "clientHost", -"jsonType.label": "String" -} -}, -{ -"id": "d824e8bd-4575-4ec0-987b-781eea1eb344", -"name": "site-name", -"protocol": "openid-connect", -"protocolMapper": "oidc-hardcoded-claim-mapper", -"consentRequired": false, -"config": { -"claim.value": "Universitätsklinikum Erlangen", -"userinfo.token.claim": "false", -"id.token.claim": "false", -"access.token.claim": "true", -"claim.name": "site-name", -"jsonType.label": "String", -"access.tokenResponse.claim": "false" -} -}, -{ -"id": "a36c9375-c3cc-478a-b346-688c3e1ecf39", -"name": "Client ID", -"protocol": "openid-connect", -"protocolMapper": "oidc-usersessionmodel-note-mapper", -"consentRequired": false, -"config": { -"user.session.note": "clientId", -"userinfo.token.claim": "true", -"id.token.claim": "true", -"access.token.claim": "true", -"claim.name": "clientId", -"jsonType.label": "String" -} -}, -{ -"id": "8702c166-1c0f-4a4b-a547-a596a4fb604c", -"name": "Client IP Address", -"protocol": "openid-connect", -"protocolMapper": "oidc-usersessionmodel-note-mapper", -"consentRequired": false, -"config": { -"user.session.note": "clientAddress", -"userinfo.token.claim": "true", -"id.token.claim": "true", -"access.token.claim": "true", -"claim.name": "clientAddress", -"jsonType.label": "String" -} -}, -{ -"id": "97b2a224-abda-478b-9a5c-52e3c80275ce", -"name": "site-id", -"protocol": "openid-connect", -"protocolMapper": "oidc-hardcoded-claim-mapper", -"consentRequired": false, -"config": { -"claim.value": "uker", -"userinfo.token.claim": "false", -"id.token.claim": "false", -"access.token.claim": "true", -"claim.name": "site-id", -"jsonType.label": "String", -"access.tokenResponse.claim": "false" -} -} -], -"defaultClientScopes": [ -"web-origins", -"roles", -"profile", -"email" -], -"optionalClientScopes": [ -"address", -"phone", -"offline_access", -"microprofile-jwt" -] -}, -{ -"id": "7023c077-3b12-4b6e-848f-b9daaee8559b", -"clientId": "diz-ukf", -"name": "Diz Klinikum Frankfurt", -"description": "", -"surrogateAuthRequired": false, -"enabled": true, -"alwaysDisplayInConsole": false, -"clientAuthenticatorType": "client-secret", -"secret": "**********", -"redirectUris": [ -"*" -], -"webOrigins": [], -"notBefore": 0, -"bearerOnly": false, -"consentRequired": false, -"standardFlowEnabled": true, -"implicitFlowEnabled": false, -"directAccessGrantsEnabled": false, -"serviceAccountsEnabled": true, -"publicClient": false, -"frontchannelLogout": false, -"protocol": "openid-connect", -"attributes": { -"saml.assertion.signature": "false", -"saml.force.post.binding": "false", -"saml.multivalued.roles": "false", -"saml.encrypt": "false", -"backchannel.logout.revoke.offline.tokens": "false", -"saml.server.signature": "false", -"saml.server.signature.keyinfo.ext": "false", -"exclude.session.state.from.auth.response": "false", -"backchannel.logout.session.required": "true", -"client_credentials.use_refresh_token": "false", -"saml_force_name_id_format": "false", -"saml.client.signature": "false", -"tls.client.certificate.bound.access.tokens": "false", -"saml.authnstatement": "false", -"display.on.consent.screen": "false", -"saml.onetimeuse.condition": "false" -}, -"authenticationFlowBindingOverrides": {}, -"fullScopeAllowed": true, -"nodeReRegistrationTimeout": -1, -"protocolMappers": [ -{ -"id": "6cfd2eea-3e6c-46aa-ae47-21f4a826b718", -"name": "Client IP Address", -"protocol": "openid-connect", -"protocolMapper": "oidc-usersessionmodel-note-mapper", -"consentRequired": false, -"config": { -"user.session.note": "clientAddress", -"userinfo.token.claim": "true", -"id.token.claim": "true", -"access.token.claim": "true", -"claim.name": "clientAddress", -"jsonType.label": "String" -} -}, -{ -"id": "9709abf0-bfd3-41a2-9750-b7216026cb08", -"name": "Client Host", -"protocol": "openid-connect", -"protocolMapper": "oidc-usersessionmodel-note-mapper", -"consentRequired": false, -"config": { -"user.session.note": "clientHost", -"userinfo.token.claim": "true", -"id.token.claim": "true", -"access.token.claim": "true", -"claim.name": "clientHost", -"jsonType.label": "String" -} -}, -{ -"id": "579c084e-d066-4032-9d03-a1ad7612f182", -"name": "site name", -"protocol": "openid-connect", -"protocolMapper": "oidc-hardcoded-claim-mapper", -"consentRequired": false, -"config": { -"claim.value": "Universitätsklinikum Frankfurt", -"userinfo.token.claim": "false", -"id.token.claim": "false", -"access.token.claim": "true", -"claim.name": "site-name", -"jsonType.label": "String", -"access.tokenResponse.claim": "false" -} -}, -{ -"id": "16ba2d6b-5160-4796-8d2f-dd854673c286", -"name": "Client ID", -"protocol": "openid-connect", -"protocolMapper": "oidc-usersessionmodel-note-mapper", -"consentRequired": false, -"config": { -"user.session.note": "clientId", -"userinfo.token.claim": "true", -"id.token.claim": "true", -"access.token.claim": "true", -"claim.name": "clientId", -"jsonType.label": "String" -} -}, -{ -"id": "89c4bd1c-f496-4f3f-a326-f25d50577ec9", -"name": "site-claim", -"protocol": "openid-connect", -"protocolMapper": "oidc-hardcoded-claim-mapper", -"consentRequired": false, -"config": { -"claim.value": "ukf", -"userinfo.token.claim": "false", -"id.token.claim": "false", -"access.token.claim": "true", -"claim.name": "site-id", -"jsonType.label": "String", -"access.tokenResponse.claim": "false" -} -} -], -"defaultClientScopes": [ -"web-origins", -"roles", -"profile", -"email" -], -"optionalClientScopes": [ -"address", -"phone", -"offline_access", -"microprofile-jwt" -] -}, -{ -"id": "e0f89ff0-dc21-42df-a34f-f6534cc63546", -"clientId": "diz-umm", -"name": "Diz Klinikum Mannheim", -"surrogateAuthRequired": false, -"enabled": true, -"alwaysDisplayInConsole": false, -"clientAuthenticatorType": "client-secret", -"secret": "**********", -"redirectUris": [ -"*" -], -"webOrigins": [], -"notBefore": 0, -"bearerOnly": false, -"consentRequired": false, -"standardFlowEnabled": false, -"implicitFlowEnabled": false, -"directAccessGrantsEnabled": false, -"serviceAccountsEnabled": true, -"publicClient": false, -"frontchannelLogout": false, -"protocol": "openid-connect", -"attributes": { -"saml.assertion.signature": "false", -"saml.force.post.binding": "false", -"saml.multivalued.roles": "false", -"saml.encrypt": "false", -"backchannel.logout.revoke.offline.tokens": "false", -"saml.server.signature": "false", -"saml.server.signature.keyinfo.ext": "false", -"exclude.session.state.from.auth.response": "false", -"backchannel.logout.session.required": "true", -"client_credentials.use_refresh_token": "false", -"saml_force_name_id_format": "false", -"saml.client.signature": "false", -"tls.client.certificate.bound.access.tokens": "false", -"saml.authnstatement": "false", -"display.on.consent.screen": "false", -"saml.onetimeuse.condition": "false" -}, -"authenticationFlowBindingOverrides": {}, -"fullScopeAllowed": true, -"nodeReRegistrationTimeout": -1, -"protocolMappers": [ -{ -"id": "1b5eb35f-8e3c-451c-82dd-3814822d976c", -"name": "Client Host", -"protocol": "openid-connect", -"protocolMapper": "oidc-usersessionmodel-note-mapper", -"consentRequired": false, -"config": { -"user.session.note": "clientHost", -"userinfo.token.claim": "true", -"id.token.claim": "true", -"access.token.claim": "true", -"claim.name": "clientHost", -"jsonType.label": "String" -} -}, -{ -"id": "286b9ab7-1852-4a90-9fec-604d838d0105", -"name": "site-name", -"protocol": "openid-connect", -"protocolMapper": "oidc-hardcoded-claim-mapper", -"consentRequired": false, -"config": { -"claim.value": "Universitätsklinikum Mannheim", -"userinfo.token.claim": "false", -"id.token.claim": "false", -"access.token.claim": "true", -"claim.name": "site-name", -"jsonType.label": "String", -"access.tokenResponse.claim": "false" -} -}, -{ -"id": "d40ef512-9416-437e-8d81-aab76d709cd0", -"name": "Client IP Address", -"protocol": "openid-connect", -"protocolMapper": "oidc-usersessionmodel-note-mapper", -"consentRequired": false, -"config": { -"user.session.note": "clientAddress", -"userinfo.token.claim": "true", -"id.token.claim": "true", -"access.token.claim": "true", -"claim.name": "clientAddress", -"jsonType.label": "String" -} -}, -{ -"id": "b1a7d22a-d62c-4c27-ba4e-3f583f93b810", -"name": "site-id", -"protocol": "openid-connect", -"protocolMapper": "oidc-hardcoded-claim-mapper", -"consentRequired": false, -"config": { -"claim.value": "umm", -"userinfo.token.claim": "false", -"id.token.claim": "false", -"access.token.claim": "true", -"claim.name": "site-id", -"jsonType.label": "String", -"access.tokenResponse.claim": "false" -} -}, -{ -"id": "0c5e5ea6-dea8-4e08-9784-e8bfc3570877", -"name": "Client ID", -"protocol": "openid-connect", -"protocolMapper": "oidc-usersessionmodel-note-mapper", -"consentRequired": false, -"config": { -"user.session.note": "clientId", -"userinfo.token.claim": "true", -"id.token.claim": "true", -"access.token.claim": "true", -"claim.name": "clientId", -"jsonType.label": "String" -} -} -], -"defaultClientScopes": [ -"web-origins", -"roles", -"profile", -"email" -], -"optionalClientScopes": [ -"address", -"phone", -"offline_access", -"microprofile-jwt" -] -}, -{ -"id": "d2b31de6-0333-468a-a104-2ff8f759d786", -"clientId": "feasibility-gui", -"name": "feasibility gui", -"rootUrl": "https://feasibility.forschen-fuer-gesundheit.de", -"baseUrl": "https://feasibility.forschen-fuer-gesundheit.de", -"surrogateAuthRequired": false, -"enabled": true, -"alwaysDisplayInConsole": false, -"clientAuthenticatorType": "client-secret", -"redirectUris": [ -"https://feasibility.forschen-fuer-gesundheit.de" -], -"webOrigins": [ -"https://feasibility.forschen-fuer-gesundheit.de" -], -"notBefore": 0, -"bearerOnly": false, -"consentRequired": false, -"standardFlowEnabled": true, -"implicitFlowEnabled": false, -"directAccessGrantsEnabled": true, -"serviceAccountsEnabled": false, -"publicClient": true, -"frontchannelLogout": false, -"protocol": "openid-connect", -"attributes": { -"saml.assertion.signature": "false", -"id.token.as.detached.signature": "false", -"saml.force.post.binding": "false", -"saml.multivalued.roles": "false", -"saml.encrypt": "false", -"oauth2.device.authorization.grant.enabled": "false", -"backchannel.logout.revoke.offline.tokens": "false", -"saml.server.signature": "false", -"saml.server.signature.keyinfo.ext": "false", -"use.refresh.tokens": "true", -"exclude.session.state.from.auth.response": "false", -"oidc.ciba.grant.enabled": "false", -"saml.artifact.binding": "false", -"backchannel.logout.session.required": "true", -"client_credentials.use_refresh_token": "false", -"saml_force_name_id_format": "false", -"saml.client.signature": "false", -"tls.client.certificate.bound.access.tokens": "false", -"require.pushed.authorization.requests": "false", -"saml.authnstatement": "false", -"display.on.consent.screen": "false", -"saml.onetimeuse.condition": "false" -}, -"authenticationFlowBindingOverrides": {}, -"fullScopeAllowed": true, -"nodeReRegistrationTimeout": -1, -"protocolMappers": [ -{ -"id": "3c9dc1e7-63c0-4d5f-add7-a0e4443999c7", -"name": "groups", -"protocol": "openid-connect", -"protocolMapper": "oidc-usermodel-realm-role-mapper", -"consentRequired": false, -"config": { -"multivalued": "true", -"userinfo.token.claim": "true", -"user.attribute": "foo", -"id.token.claim": "true", -"access.token.claim": "true", -"claim.name": "groups", -"jsonType.label": "String" -} -} -], -"defaultClientScopes": [ -"web-origins", -"roles", -"profile", -"email" -], -"optionalClientScopes": [ -"address", -"phone", -"offline_access", -"microprofile-jwt" -] -}, -{ -"id": "57f9233c-e17b-4dc1-ba97-13c52ef341f4", -"clientId": "middleware-broker", -"name": "Middleware Broker", -"surrogateAuthRequired": false, -"enabled": true, -"alwaysDisplayInConsole": false, -"clientAuthenticatorType": "client-secret", -"secret": "**********", -"redirectUris": [ -"*" -], -"webOrigins": [], -"notBefore": 0, -"bearerOnly": false, -"consentRequired": false, -"standardFlowEnabled": false, -"implicitFlowEnabled": false, -"directAccessGrantsEnabled": false, -"serviceAccountsEnabled": false, -"publicClient": false, -"frontchannelLogout": false, -"protocol": "openid-connect", -"attributes": { -"saml.assertion.signature": "false", -"saml.force.post.binding": "false", -"saml.multivalued.roles": "false", -"saml.encrypt": "false", -"backchannel.logout.revoke.offline.tokens": "false", -"saml.server.signature": "false", -"saml.server.signature.keyinfo.ext": "false", -"exclude.session.state.from.auth.response": "false", -"backchannel.logout.session.required": "true", -"client_credentials.use_refresh_token": "false", -"saml_force_name_id_format": "false", -"saml.client.signature": "false", -"tls.client.certificate.bound.access.tokens": "false", -"saml.authnstatement": "false", -"display.on.consent.screen": "false", -"saml.onetimeuse.condition": "false" -}, -"authenticationFlowBindingOverrides": {}, -"fullScopeAllowed": true, -"nodeReRegistrationTimeout": -1, -"defaultClientScopes": [ -"web-origins", -"roles", -"profile", -"email" -], -"optionalClientScopes": [ -"address", -"phone", -"offline_access", -"microprofile-jwt" -] -}, -{ -"id": "97968df9-46f9-4444-9863-e200f600bc7b", -"clientId": "realm-management", -"name": "${client_realm-management}", -"surrogateAuthRequired": false, -"enabled": true, -"alwaysDisplayInConsole": false, -"clientAuthenticatorType": "client-secret", -"secret": "**********", -"redirectUris": [], -"webOrigins": [], -"notBefore": 0, -"bearerOnly": true, -"consentRequired": false, -"standardFlowEnabled": true, -"implicitFlowEnabled": false, -"directAccessGrantsEnabled": false, -"serviceAccountsEnabled": false, -"publicClient": false, -"frontchannelLogout": false, -"protocol": "openid-connect", -"attributes": {}, -"authenticationFlowBindingOverrides": {}, -"fullScopeAllowed": false, -"nodeReRegistrationTimeout": 0, -"defaultClientScopes": [ -"web-origins", -"roles", -"profile", -"email" -], -"optionalClientScopes": [ -"address", -"phone", -"offline_access", -"microprofile-jwt" -] -}, -{ -"id": "cdd22346-0e4a-449b-879f-d9ba7b90e12c", -"clientId": "security-admin-console", -"name": "${client_security-admin-console}", -"rootUrl": "${authAdminUrl}", -"baseUrl": "/admin/codex-develop/console/", -"surrogateAuthRequired": false, -"enabled": true, -"alwaysDisplayInConsole": false, -"clientAuthenticatorType": "client-secret", -"secret": "**********", -"redirectUris": [ -"/admin/codex-develop/console/*" -], -"webOrigins": [ -"+" -], -"notBefore": 0, -"bearerOnly": false, -"consentRequired": false, -"standardFlowEnabled": true, -"implicitFlowEnabled": false, -"directAccessGrantsEnabled": false, -"serviceAccountsEnabled": false, -"publicClient": true, -"frontchannelLogout": false, -"protocol": "openid-connect", -"attributes": { -"pkce.code.challenge.method": "S256" -}, -"authenticationFlowBindingOverrides": {}, -"fullScopeAllowed": false, -"nodeReRegistrationTimeout": 0, -"protocolMappers": [ -{ -"id": "5dce29d4-cbb8-4936-b847-8581717e98e8", -"name": "locale", -"protocol": "openid-connect", -"protocolMapper": "oidc-usermodel-attribute-mapper", -"consentRequired": false, -"config": { -"userinfo.token.claim": "true", -"user.attribute": "locale", -"id.token.claim": "true", -"access.token.claim": "true", -"claim.name": "locale", -"jsonType.label": "String" -} -} -], -"defaultClientScopes": [ -"web-origins", -"roles", -"profile", -"email" -], -"optionalClientScopes": [ -"address", -"phone", -"offline_access", -"microprofile-jwt" -] -} -], -"clientScopes": [ -{ -"id": "ddc37a1c-c9f0-4a65-8df4-aa4734d3eab0", -"name": "role_list", -"description": "SAML role list", -"protocol": "saml", -"attributes": { -"consent.screen.text": "${samlRoleListScopeConsentText}", -"display.on.consent.screen": "true" -}, -"protocolMappers": [ -{ -"id": "4f09c2b1-6fa3-4139-9ead-d117cc8f837a", -"name": "role list", -"protocol": "saml", -"protocolMapper": "saml-role-list-mapper", -"consentRequired": false, -"config": { -"single": "false", -"attribute.nameformat": "Basic", -"attribute.name": "Role" -} -} -] -}, -{ -"id": "fc03e27c-af69-4555-ac90-0f798a13d662", -"name": "offline_access", -"description": "OpenID Connect built-in scope: offline_access", -"protocol": "openid-connect", -"attributes": { -"consent.screen.text": "${offlineAccessScopeConsentText}", -"display.on.consent.screen": "true" -} -}, -{ -"id": "aa7a47ca-fb6c-4e68-a958-e2c7c0df4cb6", -"name": "microprofile-jwt", -"description": "Microprofile - JWT built-in scope", -"protocol": "openid-connect", -"attributes": { -"include.in.token.scope": "true", -"display.on.consent.screen": "false" -}, -"protocolMappers": [ -{ -"id": "e914b43f-8809-44b9-a263-d833a4abbb0a", -"name": "upn", -"protocol": "openid-connect", -"protocolMapper": "oidc-usermodel-property-mapper", -"consentRequired": false, -"config": { -"userinfo.token.claim": "true", -"user.attribute": "username", -"id.token.claim": "true", -"access.token.claim": "true", -"claim.name": "upn", -"jsonType.label": "String" -} -}, -{ -"id": "ac2e9505-f796-4086-8d49-d6fc112c3af6", -"name": "groups", -"protocol": "openid-connect", -"protocolMapper": "oidc-usermodel-realm-role-mapper", -"consentRequired": false, -"config": { -"multivalued": "true", -"userinfo.token.claim": "true", -"user.attribute": "foo", -"id.token.claim": "true", -"access.token.claim": "true", -"claim.name": "groups", -"jsonType.label": "String" -} -} -] -}, -{ -"id": "66979aa9-f8b2-4849-8047-c5c514b0894d", -"name": "roles", -"description": "OpenID Connect scope for add user roles to the access token", -"protocol": "openid-connect", -"attributes": { -"include.in.token.scope": "false", -"display.on.consent.screen": "true", -"consent.screen.text": "${rolesScopeConsentText}" -}, -"protocolMappers": [ -{ -"id": "b9d4c8ed-8349-4036-a316-f5da88e1affd", -"name": "realm roles", -"protocol": "openid-connect", -"protocolMapper": "oidc-usermodel-realm-role-mapper", -"consentRequired": false, -"config": { -"user.attribute": "foo", -"access.token.claim": "true", -"claim.name": "realm_access.roles", -"jsonType.label": "String", -"multivalued": "true" -} -}, -{ -"id": "86df93b0-95d2-4ddf-8a67-c95cd8548b4c", -"name": "client roles", -"protocol": "openid-connect", -"protocolMapper": "oidc-usermodel-client-role-mapper", -"consentRequired": false, -"config": { -"user.attribute": "foo", -"access.token.claim": "true", -"claim.name": "resource_access.${client_id}.roles", -"jsonType.label": "String", -"multivalued": "true" -} -}, -{ -"id": "9512f843-d701-447a-81ad-c37c514f5e85", -"name": "audience resolve", -"protocol": "openid-connect", -"protocolMapper": "oidc-audience-resolve-mapper", -"consentRequired": false, -"config": {} -} -] -}, -{ -"id": "217f533d-3b86-4c18-ba3f-9cd3a2ee2020", -"name": "profile", -"description": "OpenID Connect built-in scope: profile", -"protocol": "openid-connect", -"attributes": { -"include.in.token.scope": "true", -"display.on.consent.screen": "true", -"consent.screen.text": "${profileScopeConsentText}" -}, -"protocolMappers": [ -{ -"id": "56a95df4-a2aa-4084-bb0c-a1c582bc49de", -"name": "full name", -"protocol": "openid-connect", -"protocolMapper": "oidc-full-name-mapper", -"consentRequired": false, -"config": { -"id.token.claim": "true", -"access.token.claim": "true", -"userinfo.token.claim": "true" -} -}, -{ -"id": "cda8131f-1089-461c-b7d7-9095f9f09039", -"name": "given name", -"protocol": "openid-connect", -"protocolMapper": "oidc-usermodel-property-mapper", -"consentRequired": false, -"config": { -"userinfo.token.claim": "true", -"user.attribute": "firstName", -"id.token.claim": "true", -"access.token.claim": "true", -"claim.name": "given_name", -"jsonType.label": "String" -} -}, -{ -"id": "472e35d5-bdca-4b2e-a254-a039e8d38055", -"name": "middle name", -"protocol": "openid-connect", -"protocolMapper": "oidc-usermodel-attribute-mapper", -"consentRequired": false, -"config": { -"userinfo.token.claim": "true", -"user.attribute": "middleName", -"id.token.claim": "true", -"access.token.claim": "true", -"claim.name": "middle_name", -"jsonType.label": "String" -} -}, -{ -"id": "fc05cdc0-8af3-4ef3-9e4f-13739a27b8eb", -"name": "updated at", -"protocol": "openid-connect", -"protocolMapper": "oidc-usermodel-attribute-mapper", -"consentRequired": false, -"config": { -"userinfo.token.claim": "true", -"user.attribute": "updatedAt", -"id.token.claim": "true", -"access.token.claim": "true", -"claim.name": "updated_at", -"jsonType.label": "String" -} -}, -{ -"id": "e7687a07-343d-468f-94a9-eb164b116def", -"name": "username", -"protocol": "openid-connect", -"protocolMapper": "oidc-usermodel-property-mapper", -"consentRequired": false, -"config": { -"userinfo.token.claim": "true", -"user.attribute": "username", -"id.token.claim": "true", -"access.token.claim": "true", -"claim.name": "preferred_username", -"jsonType.label": "String" -} -}, -{ -"id": "24b05ecf-9e9d-4339-b0a0-a3a74d31a6b7", -"name": "website", -"protocol": "openid-connect", -"protocolMapper": "oidc-usermodel-attribute-mapper", -"consentRequired": false, -"config": { -"userinfo.token.claim": "true", -"user.attribute": "website", -"id.token.claim": "true", -"access.token.claim": "true", -"claim.name": "website", -"jsonType.label": "String" -} -}, -{ -"id": "1680e452-542a-4cd8-8dc3-3a1a5f81a0fd", -"name": "nickname", -"protocol": "openid-connect", -"protocolMapper": "oidc-usermodel-attribute-mapper", -"consentRequired": false, -"config": { -"userinfo.token.claim": "true", -"user.attribute": "nickname", -"id.token.claim": "true", -"access.token.claim": "true", -"claim.name": "nickname", -"jsonType.label": "String" -} -}, -{ -"id": "b8e7ac11-ffa9-4d9f-b69a-b943a413b712", -"name": "gender", -"protocol": "openid-connect", -"protocolMapper": "oidc-usermodel-attribute-mapper", -"consentRequired": false, -"config": { -"userinfo.token.claim": "true", -"user.attribute": "gender", -"id.token.claim": "true", -"access.token.claim": "true", -"claim.name": "gender", -"jsonType.label": "String" -} -}, -{ -"id": "f236c5c8-7c33-423d-8d7e-f50aad004994", -"name": "zoneinfo", -"protocol": "openid-connect", -"protocolMapper": "oidc-usermodel-attribute-mapper", -"consentRequired": false, -"config": { -"userinfo.token.claim": "true", -"user.attribute": "zoneinfo", -"id.token.claim": "true", -"access.token.claim": "true", -"claim.name": "zoneinfo", -"jsonType.label": "String" -} -}, -{ -"id": "6d1e7cb0-cafc-4e1a-bcff-1ad7455543a0", -"name": "profile", -"protocol": "openid-connect", -"protocolMapper": "oidc-usermodel-attribute-mapper", -"consentRequired": false, -"config": { -"userinfo.token.claim": "true", -"user.attribute": "profile", -"id.token.claim": "true", -"access.token.claim": "true", -"claim.name": "profile", -"jsonType.label": "String" -} -}, -{ -"id": "fe9d04d9-7335-4c1b-bb79-243ef9879adf", -"name": "locale", -"protocol": "openid-connect", -"protocolMapper": "oidc-usermodel-attribute-mapper", -"consentRequired": false, -"config": { -"userinfo.token.claim": "true", -"user.attribute": "locale", -"id.token.claim": "true", -"access.token.claim": "true", -"claim.name": "locale", -"jsonType.label": "String" -} -}, -{ -"id": "4566115f-0422-4f85-b725-c73e648db062", -"name": "picture", -"protocol": "openid-connect", -"protocolMapper": "oidc-usermodel-attribute-mapper", -"consentRequired": false, -"config": { -"userinfo.token.claim": "true", -"user.attribute": "picture", -"id.token.claim": "true", -"access.token.claim": "true", -"claim.name": "picture", -"jsonType.label": "String" -} -}, -{ -"id": "1cba28ae-5118-47e5-9f50-9389ef84486e", -"name": "birthdate", -"protocol": "openid-connect", -"protocolMapper": "oidc-usermodel-attribute-mapper", -"consentRequired": false, -"config": { -"userinfo.token.claim": "true", -"user.attribute": "birthdate", -"id.token.claim": "true", -"access.token.claim": "true", -"claim.name": "birthdate", -"jsonType.label": "String" -} -}, -{ -"id": "cfed8843-761c-4842-9504-51413cfd1175", -"name": "family name", -"protocol": "openid-connect", -"protocolMapper": "oidc-usermodel-property-mapper", -"consentRequired": false, -"config": { -"userinfo.token.claim": "true", -"user.attribute": "lastName", -"id.token.claim": "true", -"access.token.claim": "true", -"claim.name": "family_name", -"jsonType.label": "String" -} -} -] -}, -{ -"id": "ebd9ef35-eef3-4173-ae10-68e31431543c", -"name": "address", -"description": "OpenID Connect built-in scope: address", -"protocol": "openid-connect", -"attributes": { -"include.in.token.scope": "true", -"display.on.consent.screen": "true", -"consent.screen.text": "${addressScopeConsentText}" -}, -"protocolMappers": [ -{ -"id": "c28c14c3-eaaf-4b35-bb27-47e6a0082221", -"name": "address", -"protocol": "openid-connect", -"protocolMapper": "oidc-address-mapper", -"consentRequired": false, -"config": { -"user.attribute.formatted": "formatted", -"user.attribute.country": "country", -"user.attribute.postal_code": "postal_code", -"userinfo.token.claim": "true", -"user.attribute.street": "street", -"id.token.claim": "true", -"user.attribute.region": "region", -"access.token.claim": "true", -"user.attribute.locality": "locality" -} -} -] -}, -{ -"id": "7076f74a-d3ca-4358-ac4e-4327fb6abccc", -"name": "email", -"description": "OpenID Connect built-in scope: email", -"protocol": "openid-connect", -"attributes": { -"include.in.token.scope": "true", -"display.on.consent.screen": "true", -"consent.screen.text": "${emailScopeConsentText}" -}, -"protocolMappers": [ -{ -"id": "2154d906-8036-47f3-bdc8-95168bbf98fb", -"name": "email verified", -"protocol": "openid-connect", -"protocolMapper": "oidc-usermodel-property-mapper", -"consentRequired": false, -"config": { -"userinfo.token.claim": "true", -"user.attribute": "emailVerified", -"id.token.claim": "true", -"access.token.claim": "true", -"claim.name": "email_verified", -"jsonType.label": "boolean" -} -}, -{ -"id": "addbcb30-55d6-4719-912f-6fd3ba096608", -"name": "email", -"protocol": "openid-connect", -"protocolMapper": "oidc-usermodel-property-mapper", -"consentRequired": false, -"config": { -"userinfo.token.claim": "true", -"user.attribute": "email", -"id.token.claim": "true", -"access.token.claim": "true", -"claim.name": "email", -"jsonType.label": "String" -} -} -] -}, -{ -"id": "643899ea-61ae-41e1-a16e-cfaa4f6e9cbf", -"name": "web-origins", -"description": "OpenID Connect scope for add allowed web origins to the access token", -"protocol": "openid-connect", -"attributes": { -"include.in.token.scope": "false", -"display.on.consent.screen": "false", -"consent.screen.text": "" -}, -"protocolMappers": [ -{ -"id": "73052104-9074-4c49-bc66-604c394b56e9", -"name": "allowed web origins", -"protocol": "openid-connect", -"protocolMapper": "oidc-allowed-origins-mapper", -"consentRequired": false, -"config": {} -} -] -}, -{ -"id": "ecdb49aa-e141-4456-b705-2c9056b357ca", -"name": "phone", -"description": "OpenID Connect built-in scope: phone", -"protocol": "openid-connect", -"attributes": { -"include.in.token.scope": "true", -"display.on.consent.screen": "true", -"consent.screen.text": "${phoneScopeConsentText}" -}, -"protocolMappers": [ -{ -"id": "54ed815a-74e9-448c-9dc4-06f58d1e8e79", -"name": "phone number verified", -"protocol": "openid-connect", -"protocolMapper": "oidc-usermodel-attribute-mapper", -"consentRequired": false, -"config": { -"userinfo.token.claim": "true", -"user.attribute": "phoneNumberVerified", -"id.token.claim": "true", -"access.token.claim": "true", -"claim.name": "phone_number_verified", -"jsonType.label": "boolean" -} -}, -{ -"id": "76e6bc11-144e-4b98-9844-9f22bbc1a81b", -"name": "phone number", -"protocol": "openid-connect", -"protocolMapper": "oidc-usermodel-attribute-mapper", -"consentRequired": false, -"config": { -"userinfo.token.claim": "true", -"user.attribute": "phoneNumber", -"id.token.claim": "true", -"access.token.claim": "true", -"claim.name": "phone_number", -"jsonType.label": "String" -} -} -] -} -], -"defaultDefaultClientScopes": [ -"profile", -"web-origins", -"roles", -"email", -"role_list" -], -"defaultOptionalClientScopes": [ -"microprofile-jwt", -"address", -"phone", -"offline_access" -], -"browserSecurityHeaders": { -"contentSecurityPolicyReportOnly": "", -"xContentTypeOptions": "nosniff", -"xRobotsTag": "none", -"xFrameOptions": "ALLOW-FROM https://feasibility.forschen-fuer-gesundheit.de", -"contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; https://feasibility.forschen-fuer-gesundheit.de", -"xXSSProtection": "1; mode=block", -"strictTransportSecurity": "max-age=31536000; includeSubDomains" -}, -"smtpServer": {}, -"eventsEnabled": false, -"eventsListeners": [ -"jboss-logging" -], -"enabledEventTypes": [], -"adminEventsEnabled": false, -"adminEventsDetailsEnabled": false, -"identityProviders": [], -"identityProviderMappers": [], -"components": { -"org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ -{ -"id": "d678125d-4a20-4730-a629-939e768de9ff", -"name": "Full Scope Disabled", -"providerId": "scope", -"subType": "anonymous", -"subComponents": {}, -"config": {} -}, -{ -"id": "a5327830-86ac-426c-a77b-00bd81dba0db", -"name": "Max Clients Limit", -"providerId": "max-clients", -"subType": "anonymous", -"subComponents": {}, -"config": { -"max-clients": [ -"200" -] -} -}, -{ -"id": "f516ba7a-0b6b-44cf-8719-78ce76a349b9", -"name": "Allowed Client Scopes", -"providerId": "allowed-client-templates", -"subType": "anonymous", -"subComponents": {}, -"config": { -"allow-default-scopes": [ -"true" -] -} -}, -{ -"id": "8b8c1d8c-7d01-4985-8c81-b18f671e555e", -"name": "Trusted Hosts", -"providerId": "trusted-hosts", -"subType": "anonymous", -"subComponents": {}, -"config": { -"host-sending-registration-request-must-match": [ -"true" -], -"client-uris-must-match": [ -"true" -] -} -}, -{ -"id": "9c7e9418-c113-431e-a26b-4d300e44cfd6", -"name": "Consent Required", -"providerId": "consent-required", -"subType": "anonymous", -"subComponents": {}, -"config": {} -}, -{ -"id": "129768ec-66db-4de0-9b67-dd3889e092e8", -"name": "Allowed Protocol Mapper Types", -"providerId": "allowed-protocol-mappers", -"subType": "authenticated", -"subComponents": {}, -"config": { -"allowed-protocol-mapper-types": [ -"oidc-usermodel-attribute-mapper", -"oidc-full-name-mapper", -"saml-role-list-mapper", -"oidc-address-mapper", -"saml-user-property-mapper", -"oidc-usermodel-property-mapper", -"saml-user-attribute-mapper", -"oidc-sha256-pairwise-sub-mapper" -] -} -}, -{ -"id": "a3b792d9-2819-496e-b48e-91dd51ec9d2a", -"name": "Allowed Client Scopes", -"providerId": "allowed-client-templates", -"subType": "authenticated", -"subComponents": {}, -"config": { -"allow-default-scopes": [ -"true" -] -} -}, -{ -"id": "e533cdfb-5afc-4685-a0a1-4a1fd6d4716d", -"name": "Allowed Protocol Mapper Types", -"providerId": "allowed-protocol-mappers", -"subType": "anonymous", -"subComponents": {}, -"config": { -"allowed-protocol-mapper-types": [ -"oidc-usermodel-attribute-mapper", -"saml-user-property-mapper", -"oidc-sha256-pairwise-sub-mapper", -"saml-role-list-mapper", -"oidc-full-name-mapper", -"oidc-usermodel-property-mapper", -"oidc-address-mapper", -"saml-user-attribute-mapper" -] -} -} -], -"org.keycloak.keys.KeyProvider": [ -{ -"id": "485b2c16-6c0a-4274-9ab4-a957ed56eabd", -"name": "hmac-generated", -"providerId": "hmac-generated", -"subComponents": {}, -"config": { -"priority": [ -"100" -], -"algorithm": [ -"HS256" -] -} -}, -{ -"id": "aa37ed27-fa9d-40bd-90c8-d26478531db6", -"name": "rsa-generated", -"providerId": "rsa-generated", -"subComponents": {}, -"config": { -"priority": [ -"100" -] -} -}, -{ -"id": "5bbd86a4-df07-4b06-8c4e-6bf4a38caa53", -"name": "aes-generated", -"providerId": "aes-generated", -"subComponents": {}, -"config": { -"priority": [ -"100" -] -} -} -] -}, -"internationalizationEnabled": false, -"supportedLocales": [], -"authenticationFlows": [ -{ -"id": "d36f5255-710b-4f16-962d-79de80337530", -"alias": "Account verification options", -"description": "Method with which to verity the existing account", -"providerId": "basic-flow", -"topLevel": false, -"builtIn": true, -"authenticationExecutions": [ -{ -"authenticator": "idp-email-verification", -"authenticatorFlow": false, -"requirement": "ALTERNATIVE", -"priority": 10, -"userSetupAllowed": false, -"autheticatorFlow": false -}, -{ -"authenticatorFlow": true, -"requirement": "ALTERNATIVE", -"priority": 20, -"flowAlias": "Verify Existing Account by Re-authentication", -"userSetupAllowed": false, -"autheticatorFlow": true -} -] -}, -{ -"id": "836723c7-d3b8-4305-8dfc-ecf22d84ea5d", -"alias": "Authentication Options", -"description": "Authentication options.", -"providerId": "basic-flow", -"topLevel": false, -"builtIn": true, -"authenticationExecutions": [ -{ -"authenticator": "basic-auth", -"authenticatorFlow": false, -"requirement": "REQUIRED", -"priority": 10, -"userSetupAllowed": false, -"autheticatorFlow": false -}, -{ -"authenticator": "basic-auth-otp", -"authenticatorFlow": false, -"requirement": "DISABLED", -"priority": 20, -"userSetupAllowed": false, -"autheticatorFlow": false -}, -{ -"authenticator": "auth-spnego", -"authenticatorFlow": false, -"requirement": "DISABLED", -"priority": 30, -"userSetupAllowed": false, -"autheticatorFlow": false -} -] -}, -{ -"id": "d07ba96d-fd71-404e-b2f2-4f75f0b19ef5", -"alias": "Browser - Conditional OTP", -"description": "Flow to determine if the OTP is required for the authentication", -"providerId": "basic-flow", -"topLevel": false, -"builtIn": true, -"authenticationExecutions": [ -{ -"authenticator": "conditional-user-configured", -"authenticatorFlow": false, -"requirement": "REQUIRED", -"priority": 10, -"userSetupAllowed": false, -"autheticatorFlow": false -}, -{ -"authenticator": "auth-otp-form", -"authenticatorFlow": false, -"requirement": "REQUIRED", -"priority": 20, -"userSetupAllowed": false, -"autheticatorFlow": false -} -] -}, -{ -"id": "b1924030-02ce-4297-b6bb-1ef4083318b8", -"alias": "Direct Grant - Conditional OTP", -"description": "Flow to determine if the OTP is required for the authentication", -"providerId": "basic-flow", -"topLevel": false, -"builtIn": true, -"authenticationExecutions": [ -{ -"authenticator": "conditional-user-configured", -"authenticatorFlow": false, -"requirement": "REQUIRED", -"priority": 10, -"userSetupAllowed": false, -"autheticatorFlow": false -}, -{ -"authenticator": "direct-grant-validate-otp", -"authenticatorFlow": false, -"requirement": "REQUIRED", -"priority": 20, -"userSetupAllowed": false, -"autheticatorFlow": false -} -] -}, -{ -"id": "3bf11139-b411-4795-9d02-1068e92103cd", -"alias": "First broker login - Conditional OTP", -"description": "Flow to determine if the OTP is required for the authentication", -"providerId": "basic-flow", -"topLevel": false, -"builtIn": true, -"authenticationExecutions": [ -{ -"authenticator": "conditional-user-configured", -"authenticatorFlow": false, -"requirement": "REQUIRED", -"priority": 10, -"userSetupAllowed": false, -"autheticatorFlow": false -}, -{ -"authenticator": "auth-otp-form", -"authenticatorFlow": false, -"requirement": "REQUIRED", -"priority": 20, -"userSetupAllowed": false, -"autheticatorFlow": false -} -] -}, -{ -"id": "86bd977a-7ae5-4396-8bfb-98adef09cb35", -"alias": "Handle Existing Account", -"description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", -"providerId": "basic-flow", -"topLevel": false, -"builtIn": true, -"authenticationExecutions": [ -{ -"authenticator": "idp-confirm-link", -"authenticatorFlow": false, -"requirement": "REQUIRED", -"priority": 10, -"userSetupAllowed": false, -"autheticatorFlow": false -}, -{ -"authenticatorFlow": true, -"requirement": "REQUIRED", -"priority": 20, -"flowAlias": "Account verification options", -"userSetupAllowed": false, -"autheticatorFlow": true -} -] -}, -{ -"id": "1245fb82-cf33-4040-8e12-0da5b8a6ca8a", -"alias": "Reset - Conditional OTP", -"description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", -"providerId": "basic-flow", -"topLevel": false, -"builtIn": true, -"authenticationExecutions": [ -{ -"authenticator": "conditional-user-configured", -"authenticatorFlow": false, -"requirement": "REQUIRED", -"priority": 10, -"userSetupAllowed": false, -"autheticatorFlow": false -}, -{ -"authenticator": "reset-otp", -"authenticatorFlow": false, -"requirement": "REQUIRED", -"priority": 20, -"userSetupAllowed": false, -"autheticatorFlow": false -} -] -}, -{ -"id": "62493d55-86b2-4282-a054-3fca77b4255b", -"alias": "User creation or linking", -"description": "Flow for the existing/non-existing user alternatives", -"providerId": "basic-flow", -"topLevel": false, -"builtIn": true, -"authenticationExecutions": [ -{ -"authenticatorConfig": "create unique user config", -"authenticator": "idp-create-user-if-unique", -"authenticatorFlow": false, -"requirement": "ALTERNATIVE", -"priority": 10, -"userSetupAllowed": false, -"autheticatorFlow": false -}, -{ -"authenticatorFlow": true, -"requirement": "ALTERNATIVE", -"priority": 20, -"flowAlias": "Handle Existing Account", -"userSetupAllowed": false, -"autheticatorFlow": true -} -] -}, -{ -"id": "f3776b9b-3a02-4bdf-b798-0a104184b31e", -"alias": "Verify Existing Account by Re-authentication", -"description": "Reauthentication of existing account", -"providerId": "basic-flow", -"topLevel": false, -"builtIn": true, -"authenticationExecutions": [ -{ -"authenticator": "idp-username-password-form", -"authenticatorFlow": false, -"requirement": "REQUIRED", -"priority": 10, -"userSetupAllowed": false, -"autheticatorFlow": false -}, -{ -"authenticatorFlow": true, -"requirement": "CONDITIONAL", -"priority": 20, -"flowAlias": "First broker login - Conditional OTP", -"userSetupAllowed": false, -"autheticatorFlow": true -} -] -}, -{ -"id": "362f89f3-5e20-4778-8b05-ceb0f4c9ae4b", -"alias": "browser", -"description": "browser based authentication", -"providerId": "basic-flow", -"topLevel": true, -"builtIn": true, -"authenticationExecutions": [ -{ -"authenticator": "auth-cookie", -"authenticatorFlow": false, -"requirement": "ALTERNATIVE", -"priority": 10, -"userSetupAllowed": false, -"autheticatorFlow": false -}, -{ -"authenticator": "auth-spnego", -"authenticatorFlow": false, -"requirement": "DISABLED", -"priority": 20, -"userSetupAllowed": false, -"autheticatorFlow": false -}, -{ -"authenticator": "identity-provider-redirector", -"authenticatorFlow": false, -"requirement": "ALTERNATIVE", -"priority": 25, -"userSetupAllowed": false, -"autheticatorFlow": false -}, -{ -"authenticatorFlow": true, -"requirement": "ALTERNATIVE", -"priority": 30, -"flowAlias": "forms", -"userSetupAllowed": false, -"autheticatorFlow": true -} -] -}, -{ -"id": "ba7f8247-cc82-448e-a6a7-6242d7deabc2", -"alias": "clients", -"description": "Base authentication for clients", -"providerId": "client-flow", -"topLevel": true, -"builtIn": true, -"authenticationExecutions": [ -{ -"authenticator": "client-secret", -"authenticatorFlow": false, -"requirement": "ALTERNATIVE", -"priority": 10, -"userSetupAllowed": false, -"autheticatorFlow": false -}, -{ -"authenticator": "client-jwt", -"authenticatorFlow": false, -"requirement": "ALTERNATIVE", -"priority": 20, -"userSetupAllowed": false, -"autheticatorFlow": false -}, -{ -"authenticator": "client-secret-jwt", -"authenticatorFlow": false, -"requirement": "ALTERNATIVE", -"priority": 30, -"userSetupAllowed": false, -"autheticatorFlow": false -}, -{ -"authenticator": "client-x509", -"authenticatorFlow": false, -"requirement": "ALTERNATIVE", -"priority": 40, -"userSetupAllowed": false, -"autheticatorFlow": false -} -] -}, -{ -"id": "da762a68-3168-4328-a133-37a499dcf49e", -"alias": "direct grant", -"description": "OpenID Connect Resource Owner Grant", -"providerId": "basic-flow", -"topLevel": true, -"builtIn": true, -"authenticationExecutions": [ -{ -"authenticator": "direct-grant-validate-username", -"authenticatorFlow": false, -"requirement": "REQUIRED", -"priority": 10, -"userSetupAllowed": false, -"autheticatorFlow": false -}, -{ -"authenticator": "direct-grant-validate-password", -"authenticatorFlow": false, -"requirement": "REQUIRED", -"priority": 20, -"userSetupAllowed": false, -"autheticatorFlow": false -}, -{ -"authenticatorFlow": true, -"requirement": "CONDITIONAL", -"priority": 30, -"flowAlias": "Direct Grant - Conditional OTP", -"userSetupAllowed": false, -"autheticatorFlow": true -} -] -}, -{ -"id": "7d3b33ce-d81a-4ead-8f43-0460c42bb465", -"alias": "docker auth", -"description": "Used by Docker clients to authenticate against the IDP", -"providerId": "basic-flow", -"topLevel": true, -"builtIn": true, -"authenticationExecutions": [ -{ -"authenticator": "docker-http-basic-authenticator", -"authenticatorFlow": false, -"requirement": "REQUIRED", -"priority": 10, -"userSetupAllowed": false, -"autheticatorFlow": false -} -] -}, -{ -"id": "4b40dbf9-871d-4f3e-9549-3e2095e7afce", -"alias": "first broker login", -"description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", -"providerId": "basic-flow", -"topLevel": true, -"builtIn": true, -"authenticationExecutions": [ -{ -"authenticatorConfig": "review profile config", -"authenticator": "idp-review-profile", -"authenticatorFlow": false, -"requirement": "REQUIRED", -"priority": 10, -"userSetupAllowed": false, -"autheticatorFlow": false -}, -{ -"authenticatorFlow": true, -"requirement": "REQUIRED", -"priority": 20, -"flowAlias": "User creation or linking", -"userSetupAllowed": false, -"autheticatorFlow": true -} -] -}, -{ -"id": "0a3c6df9-d4dd-4fad-b0f0-c3286e81b16d", -"alias": "forms", -"description": "Username, password, otp and other auth forms.", -"providerId": "basic-flow", -"topLevel": false, -"builtIn": true, -"authenticationExecutions": [ -{ -"authenticator": "auth-username-password-form", -"authenticatorFlow": false, -"requirement": "REQUIRED", -"priority": 10, -"userSetupAllowed": false, -"autheticatorFlow": false -}, -{ -"authenticatorFlow": true, -"requirement": "CONDITIONAL", -"priority": 20, -"flowAlias": "Browser - Conditional OTP", -"userSetupAllowed": false, -"autheticatorFlow": true -} -] -}, -{ -"id": "5233e6bd-9b0e-4dd7-832c-9cccf5461f0b", -"alias": "http challenge", -"description": "An authentication flow based on challenge-response HTTP Authentication Schemes", -"providerId": "basic-flow", -"topLevel": true, -"builtIn": true, -"authenticationExecutions": [ -{ -"authenticator": "no-cookie-redirect", -"authenticatorFlow": false, -"requirement": "REQUIRED", -"priority": 10, -"userSetupAllowed": false, -"autheticatorFlow": false -}, -{ -"authenticatorFlow": true, -"requirement": "REQUIRED", -"priority": 20, -"flowAlias": "Authentication Options", -"userSetupAllowed": false, -"autheticatorFlow": true -} -] -}, -{ -"id": "cfe041c6-babc-4ac7-a22e-f909727d8603", -"alias": "registration", -"description": "registration flow", -"providerId": "basic-flow", -"topLevel": true, -"builtIn": true, -"authenticationExecutions": [ -{ -"authenticator": "registration-page-form", -"authenticatorFlow": true, -"requirement": "REQUIRED", -"priority": 10, -"flowAlias": "registration form", -"userSetupAllowed": false, -"autheticatorFlow": true -} -] -}, -{ -"id": "2322211d-da96-496f-936a-7b475e59c6d7", -"alias": "registration form", -"description": "registration form", -"providerId": "form-flow", -"topLevel": false, -"builtIn": true, -"authenticationExecutions": [ -{ -"authenticator": "registration-user-creation", -"authenticatorFlow": false, -"requirement": "REQUIRED", -"priority": 20, -"userSetupAllowed": false, -"autheticatorFlow": false -}, -{ -"authenticator": "registration-profile-action", -"authenticatorFlow": false, -"requirement": "REQUIRED", -"priority": 40, -"userSetupAllowed": false, -"autheticatorFlow": false -}, -{ -"authenticator": "registration-password-action", -"authenticatorFlow": false, -"requirement": "REQUIRED", -"priority": 50, -"userSetupAllowed": false, -"autheticatorFlow": false -}, -{ -"authenticator": "registration-recaptcha-action", -"authenticatorFlow": false, -"requirement": "DISABLED", -"priority": 60, -"userSetupAllowed": false, -"autheticatorFlow": false -} -] -}, -{ -"id": "b230ee41-d032-430a-9696-2b72ef13ff66", -"alias": "reset credentials", -"description": "Reset credentials for a user if they forgot their password or something", -"providerId": "basic-flow", -"topLevel": true, -"builtIn": true, -"authenticationExecutions": [ -{ -"authenticator": "reset-credentials-choose-user", -"authenticatorFlow": false, -"requirement": "REQUIRED", -"priority": 10, -"userSetupAllowed": false, -"autheticatorFlow": false -}, -{ -"authenticator": "reset-credential-email", -"authenticatorFlow": false, -"requirement": "REQUIRED", -"priority": 20, -"userSetupAllowed": false, -"autheticatorFlow": false -}, -{ -"authenticator": "reset-password", -"authenticatorFlow": false, -"requirement": "REQUIRED", -"priority": 30, -"userSetupAllowed": false, -"autheticatorFlow": false -}, -{ -"authenticatorFlow": true, -"requirement": "CONDITIONAL", -"priority": 40, -"flowAlias": "Reset - Conditional OTP", -"userSetupAllowed": false, -"autheticatorFlow": true -} -] -}, -{ -"id": "827bc678-bf3d-40a6-89c4-38b9551d80d3", -"alias": "saml ecp", -"description": "SAML ECP Profile Authentication Flow", -"providerId": "basic-flow", -"topLevel": true, -"builtIn": true, -"authenticationExecutions": [ -{ -"authenticator": "http-basic-authenticator", -"authenticatorFlow": false, -"requirement": "REQUIRED", -"priority": 10, -"userSetupAllowed": false, -"autheticatorFlow": false -} -] -} -], -"authenticatorConfig": [ -{ -"id": "2565c938-a088-402c-97c5-040ddc655dad", -"alias": "create unique user config", -"config": { -"require.password.update.after.registration": "false" -} -}, -{ -"id": "ae312d41-a4d2-4cb0-a0a5-86101e3d0313", -"alias": "review profile config", -"config": { -"update.profile.on.first.login": "missing" -} -} -], -"requiredActions": [ -{ -"alias": "CONFIGURE_TOTP", -"name": "Configure OTP", -"providerId": "CONFIGURE_TOTP", -"enabled": true, -"defaultAction": false, -"priority": 10, -"config": {} -}, -{ -"alias": "terms_and_conditions", -"name": "Terms and Conditions", -"providerId": "terms_and_conditions", -"enabled": false, -"defaultAction": false, -"priority": 20, -"config": {} -}, -{ -"alias": "UPDATE_PASSWORD", -"name": "Update Password", -"providerId": "UPDATE_PASSWORD", -"enabled": true, -"defaultAction": false, -"priority": 30, -"config": {} -}, -{ -"alias": "UPDATE_PROFILE", -"name": "Update Profile", -"providerId": "UPDATE_PROFILE", -"enabled": true, -"defaultAction": false, -"priority": 40, -"config": {} -}, -{ -"alias": "VERIFY_EMAIL", -"name": "Verify Email", -"providerId": "VERIFY_EMAIL", -"enabled": true, -"defaultAction": false, -"priority": 50, -"config": {} -}, -{ -"alias": "delete_account", -"name": "Delete Account", -"providerId": "delete_account", -"enabled": false, -"defaultAction": false, -"priority": 60, -"config": {} -}, -{ -"alias": "update_user_locale", -"name": "Update User Locale", -"providerId": "update_user_locale", -"enabled": true, -"defaultAction": false, -"priority": 1000, -"config": {} -} -], -"browserFlow": "browser", -"registrationFlow": "registration", -"directGrantFlow": "direct grant", -"resetCredentialsFlow": "reset credentials", -"clientAuthenticationFlow": "clients", -"dockerAuthenticationFlow": "docker auth", -"attributes": { -"cibaBackchannelTokenDeliveryMode": "poll", -"cibaExpiresIn": "120", -"cibaAuthRequestedUserHint": "login_hint", -"oauth2DeviceCodeLifespan": "600", -"clientOfflineSessionMaxLifespan": "0", -"oauth2DevicePollingInterval": "5", -"clientSessionIdleTimeout": "0", -"clientSessionMaxLifespan": "0", -"parRequestUriLifespan": "60", -"clientOfflineSessionIdleTimeout": "0", -"cibaInterval": "5" -}, -"keycloakVersion": "15.0.2", -"userManagedAccessAllowed": false, -"clientProfiles": { -"profiles": [] -}, -"clientPolicies": { -"policies": [] -} -} \ No newline at end of file diff --git a/zars/keycloak/keycloak-dump-deploy.json b/zars/keycloak/keycloak-dump-deploy.json deleted file mode 100644 index e2c5d0e..0000000 --- a/zars/keycloak/keycloak-dump-deploy.json +++ /dev/null @@ -1,3735 +0,0 @@ -[ { - "id" : "codex-develop", - "realm" : "codex-develop", - "displayName" : "codex develop realm", - "notBefore" : 0, - "revokeRefreshToken" : false, - "refreshTokenMaxReuse" : 0, - "accessTokenLifespan" : 300, - "accessTokenLifespanForImplicitFlow" : 900, - "ssoSessionIdleTimeout" : 1800, - "ssoSessionMaxLifespan" : 36000, - "ssoSessionIdleTimeoutRememberMe" : 0, - "ssoSessionMaxLifespanRememberMe" : 0, - "offlineSessionIdleTimeout" : 2592000, - "offlineSessionMaxLifespanEnabled" : false, - "offlineSessionMaxLifespan" : 5184000, - "clientSessionIdleTimeout" : 0, - "clientSessionMaxLifespan" : 0, - "clientOfflineSessionIdleTimeout" : 0, - "clientOfflineSessionMaxLifespan" : 0, - "accessCodeLifespan" : 60, - "accessCodeLifespanUserAction" : 300, - "accessCodeLifespanLogin" : 1800, - "actionTokenGeneratedByAdminLifespan" : 43200, - "actionTokenGeneratedByUserLifespan" : 300, - "enabled" : true, - "sslRequired" : "external", - "registrationAllowed" : false, - "registrationEmailAsUsername" : false, - "rememberMe" : false, - "verifyEmail" : false, - "loginWithEmailAllowed" : true, - "duplicateEmailsAllowed" : false, - "resetPasswordAllowed" : false, - "editUsernameAllowed" : false, - "bruteForceProtected" : false, - "permanentLockout" : false, - "maxFailureWaitSeconds" : 900, - "minimumQuickLoginWaitSeconds" : 60, - "waitIncrementSeconds" : 60, - "quickLoginCheckMilliSeconds" : 1000, - "maxDeltaTimeSeconds" : 43200, - "failureFactor" : 30, - "roles" : { - "realm" : [ { - "id" : "234d9488-fd72-47ff-aaaa-9182cf4e9c94", - "name" : "CODEX_USER", - "description" : "this is for development purposes only and allows full access to all features", - "composite" : false, - "clientRole" : false, - "containerId" : "codex-develop", - "attributes" : { } - }, { - "id" : "2115205d-7d9d-4588-ba58-c7119f5cadb8", - "name" : "uma_authorization", - "description" : "${role_uma_authorization}", - "composite" : false, - "clientRole" : false, - "containerId" : "codex-develop", - "attributes" : { } - }, { - "id" : "7575186c-ee41-492b-8c2c-a3046a28baaa", - "name" : "offline_access", - "description" : "${role_offline-access}", - "composite" : false, - "clientRole" : false, - "containerId" : "codex-develop", - "attributes" : { } - } ], - "client" : { - "realm-management" : [ { - "id" : "6ef2f4a0-e69f-48e2-ade5-789867a1f506", - "name" : "create-client", - "description" : "${role_create-client}", - "composite" : false, - "clientRole" : true, - "containerId" : "97968df9-46f9-4444-9863-e200f600bc7b", - "attributes" : { } - }, { - "id" : "06bce4fa-6063-4f40-b07f-57bf13ac02d6", - "name" : "view-events", - "description" : "${role_view-events}", - "composite" : false, - "clientRole" : true, - "containerId" : "97968df9-46f9-4444-9863-e200f600bc7b", - "attributes" : { } - }, { - "id" : "d3a727f9-dc79-43e0-8538-f503472a981c", - "name" : "manage-events", - "description" : "${role_manage-events}", - "composite" : false, - "clientRole" : true, - "containerId" : "97968df9-46f9-4444-9863-e200f600bc7b", - "attributes" : { } - }, { - "id" : "620cec8e-9472-49a6-9c87-0d38cb612ce6", - "name" : "manage-realm", - "description" : "${role_manage-realm}", - "composite" : false, - "clientRole" : true, - "containerId" : "97968df9-46f9-4444-9863-e200f600bc7b", - "attributes" : { } - }, { - "id" : "041baff5-7dba-4610-ac57-cbe6e322c5ee", - "name" : "query-groups", - "description" : "${role_query-groups}", - "composite" : false, - "clientRole" : true, - "containerId" : "97968df9-46f9-4444-9863-e200f600bc7b", - "attributes" : { } - }, { - "id" : "ded66799-c4cc-40eb-a41c-6664f737133a", - "name" : "view-realm", - "description" : "${role_view-realm}", - "composite" : false, - "clientRole" : true, - "containerId" : "97968df9-46f9-4444-9863-e200f600bc7b", - "attributes" : { } - }, { - "id" : "7bc76c46-fa6d-4865-8de6-541d9c5cf3be", - "name" : "manage-authorization", - "description" : "${role_manage-authorization}", - "composite" : false, - "clientRole" : true, - "containerId" : "97968df9-46f9-4444-9863-e200f600bc7b", - "attributes" : { } - }, { - "id" : "49a92e81-0540-47e0-bb65-d53439ed033d", - "name" : "manage-identity-providers", - "description" : "${role_manage-identity-providers}", - "composite" : false, - "clientRole" : true, - "containerId" : "97968df9-46f9-4444-9863-e200f600bc7b", - "attributes" : { } - }, { - "id" : "ea9b2dfb-3b8f-4091-8b21-b93cbf468e76", - "name" : "impersonation", - "description" : "${role_impersonation}", - "composite" : false, - "clientRole" : true, - "containerId" : "97968df9-46f9-4444-9863-e200f600bc7b", - "attributes" : { } - }, { - "id" : "cae8e208-6dd0-48d7-b576-1b74ee2325dc", - "name" : "view-users", - "description" : "${role_view-users}", - "composite" : true, - "composites" : { - "client" : { - "realm-management" : [ "query-users", "query-groups" ] - } - }, - "clientRole" : true, - "containerId" : "97968df9-46f9-4444-9863-e200f600bc7b", - "attributes" : { } - }, { - "id" : "e22e2a6d-2095-4491-a7a5-fa851a260f8a", - "name" : "manage-users", - "description" : "${role_manage-users}", - "composite" : false, - "clientRole" : true, - "containerId" : "97968df9-46f9-4444-9863-e200f600bc7b", - "attributes" : { } - }, { - "id" : "0d64002a-678e-4edf-afb5-164b01e583ce", - "name" : "query-users", - "description" : "${role_query-users}", - "composite" : false, - "clientRole" : true, - "containerId" : "97968df9-46f9-4444-9863-e200f600bc7b", - "attributes" : { } - }, { - "id" : "f67c03c2-940a-4dc7-94b1-c3b02c879cc8", - "name" : "view-identity-providers", - "description" : "${role_view-identity-providers}", - "composite" : false, - "clientRole" : true, - "containerId" : "97968df9-46f9-4444-9863-e200f600bc7b", - "attributes" : { } - }, { - "id" : "5d80b412-33f2-4829-bf93-654a3a1d4729", - "name" : "query-realms", - "description" : "${role_query-realms}", - "composite" : false, - "clientRole" : true, - "containerId" : "97968df9-46f9-4444-9863-e200f600bc7b", - "attributes" : { } - }, { - "id" : "1432e629-14a9-4cd5-a7e8-eb2604596bca", - "name" : "query-clients", - "description" : "${role_query-clients}", - "composite" : false, - "clientRole" : true, - "containerId" : "97968df9-46f9-4444-9863-e200f600bc7b", - "attributes" : { } - }, { - "id" : "b1f9fa5d-6c81-462c-b057-84e95428afc1", - "name" : "manage-clients", - "description" : "${role_manage-clients}", - "composite" : false, - "clientRole" : true, - "containerId" : "97968df9-46f9-4444-9863-e200f600bc7b", - "attributes" : { } - }, { - "id" : "b469f4e7-4488-4562-969f-a00e4d27a6af", - "name" : "realm-admin", - "description" : "${role_realm-admin}", - "composite" : true, - "composites" : { - "client" : { - "realm-management" : [ "create-client", "view-events", "manage-realm", "manage-events", "query-groups", "view-realm", "manage-identity-providers", "manage-authorization", "view-users", "impersonation", "manage-users", "query-users", "view-identity-providers", "query-realms", "query-clients", "manage-clients", "view-authorization", "view-clients" ] - } - }, - "clientRole" : true, - "containerId" : "97968df9-46f9-4444-9863-e200f600bc7b", - "attributes" : { } - }, { - "id" : "39334f25-7fac-4535-b37b-45bd4b9e30ca", - "name" : "view-authorization", - "description" : "${role_view-authorization}", - "composite" : false, - "clientRole" : true, - "containerId" : "97968df9-46f9-4444-9863-e200f600bc7b", - "attributes" : { } - }, { - "id" : "53d2e35b-1391-455a-89dc-f91566062994", - "name" : "view-clients", - "description" : "${role_view-clients}", - "composite" : true, - "composites" : { - "client" : { - "realm-management" : [ "query-clients" ] - } - }, - "clientRole" : true, - "containerId" : "97968df9-46f9-4444-9863-e200f600bc7b", - "attributes" : { } - } ], - "feasibility-gui" : [ ], - "security-admin-console" : [ ], - "diz-uker" : [ ], - "admin-cli" : [ ], - "account-console" : [ ], - "broker" : [ { - "id" : "bd3f8312-52f1-4bc9-b708-152285b87b94", - "name" : "read-token", - "description" : "${role_read-token}", - "composite" : false, - "clientRole" : true, - "containerId" : "f3955d64-565f-46c3-bf0d-2e8a9716e504", - "attributes" : { } - } ], - "account" : [ { - "id" : "c078d5c6-80bc-4811-b31a-24f54216d22b", - "name" : "delete-account", - "description" : "${role_delete-account}", - "composite" : false, - "clientRole" : true, - "containerId" : "58de4034-0047-40f4-a0c7-7d746cd19d72", - "attributes" : { } - }, { - "id" : "3b4e41be-e77d-4a7a-a82a-90a064c0b3ed", - "name" : "manage-consent", - "description" : "${role_manage-consent}", - "composite" : true, - "composites" : { - "client" : { - "account" : [ "view-consent" ] - } - }, - "clientRole" : true, - "containerId" : "58de4034-0047-40f4-a0c7-7d746cd19d72", - "attributes" : { } - }, { - "id" : "f45d884b-1c5a-44bb-b617-1fc59ad30ff2", - "name" : "view-applications", - "description" : "${role_view-applications}", - "composite" : false, - "clientRole" : true, - "containerId" : "58de4034-0047-40f4-a0c7-7d746cd19d72", - "attributes" : { } - }, { - "id" : "a69ead20-97b1-47ac-b3e1-ac89d180802b", - "name" : "view-profile", - "description" : "${role_view-profile}", - "composite" : false, - "clientRole" : true, - "containerId" : "58de4034-0047-40f4-a0c7-7d746cd19d72", - "attributes" : { } - }, { - "id" : "25cc13e9-4b87-40c0-b894-4ff14a760581", - "name" : "manage-account-links", - "description" : "${role_manage-account-links}", - "composite" : false, - "clientRole" : true, - "containerId" : "58de4034-0047-40f4-a0c7-7d746cd19d72", - "attributes" : { } - }, { - "id" : "173548bf-ff7b-49a4-99f2-be38c0be0453", - "name" : "manage-account", - "description" : "${role_manage-account}", - "composite" : true, - "composites" : { - "client" : { - "account" : [ "manage-account-links" ] - } - }, - "clientRole" : true, - "containerId" : "58de4034-0047-40f4-a0c7-7d746cd19d72", - "attributes" : { } - }, { - "id" : "93c6eaad-2278-4617-8ac2-b9838a4fc8a6", - "name" : "view-consent", - "description" : "${role_view-consent}", - "composite" : false, - "clientRole" : true, - "containerId" : "58de4034-0047-40f4-a0c7-7d746cd19d72", - "attributes" : { } - } ] - } - }, - "groups" : [ { - "id" : "cce70ab0-7355-4210-baf7-93d07343f852", - "name" : "codex-develop", - "path" : "/codex-develop", - "attributes" : { }, - "realmRoles" : [ "CODEX_USER" ], - "clientRoles" : { }, - "subGroups" : [ ] - } ], - "defaultRoles" : [ "uma_authorization", "offline_access" ], - "requiredCredentials" : [ "password" ], - "otpPolicyType" : "totp", - "otpPolicyAlgorithm" : "HmacSHA1", - "otpPolicyInitialCounter" : 0, - "otpPolicyDigits" : 6, - "otpPolicyLookAheadWindow" : 1, - "otpPolicyPeriod" : 30, - "otpSupportedApplications" : [ "FreeOTP", "Google Authenticator" ], - "webAuthnPolicyRpEntityName" : "keycloak", - "webAuthnPolicySignatureAlgorithms" : [ "ES256" ], - "webAuthnPolicyRpId" : "", - "webAuthnPolicyAttestationConveyancePreference" : "not specified", - "webAuthnPolicyAuthenticatorAttachment" : "not specified", - "webAuthnPolicyRequireResidentKey" : "not specified", - "webAuthnPolicyUserVerificationRequirement" : "not specified", - "webAuthnPolicyCreateTimeout" : 0, - "webAuthnPolicyAvoidSameAuthenticatorRegister" : false, - "webAuthnPolicyAcceptableAaguids" : [ ], - "webAuthnPolicyPasswordlessRpEntityName" : "keycloak", - "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ], - "webAuthnPolicyPasswordlessRpId" : "", - "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified", - "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified", - "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified", - "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified", - "webAuthnPolicyPasswordlessCreateTimeout" : 0, - "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false, - "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ], - "users" : [ { - "id" : "654df1f8-3025-4351-b79d-c067c7021f60", - "createdTimestamp" : 1609928667083, - "username" : "codex-developer", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "firstName" : "Codex", - "lastName" : "Developer", - "credentials" : [ { - "id" : "129eab44-8297-488c-93cd-2db12ea13e31", - "type" : "password", - "createdDate" : 1611911996052, - "secretData" : "{\"value\":\"oQIr2jQwagVXu4ryvs2OLiRTGyTndUxsYXbIbN5Sf20sWTe/9hvoXL5oAHndidSJPg4gvMKa01eEQKsbUl/j9g==\",\"salt\":\"SB3h9+/wNADO4Vsh4myTmw==\",\"additionalParameters\":{}}", - "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" - } ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "realmRoles" : [ "uma_authorization", "offline_access" ], - "clientRoles" : { - "account" : [ "view-profile", "manage-account" ] - }, - "notBefore" : 0, - "groups" : [ "/codex-develop" ] - }, { - "id" : "e1d5f479-21fb-4838-b79b-1138f283ac9f", - "createdTimestamp" : 1611752991562, - "username" : "service-account-diz-uker", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "serviceAccountClientId" : "diz-uker", - "credentials" : [ ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "realmRoles" : [ "uma_authorization", "offline_access" ], - "clientRoles" : { - "account" : [ "view-profile", "manage-account" ] - }, - "notBefore" : 0, - "groups" : [ ] - } ], - "scopeMappings" : [ { - "clientScope" : "offline_access", - "roles" : [ "offline_access" ] - } ], - "clientScopeMappings" : { - "account" : [ { - "client" : "account-console", - "roles" : [ "manage-account" ] - } ] - }, - "clients" : [ { - "id" : "58de4034-0047-40f4-a0c7-7d746cd19d72", - "clientId" : "account", - "name" : "${client_account}", - "rootUrl" : "${authBaseUrl}", - "baseUrl" : "/realms/codex-develop/account/", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "**********", - "defaultRoles" : [ "view-profile", "manage-account" ], - "redirectUris" : [ "/realms/codex-develop/account/*" ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "3787bcaa-e3cf-47fc-a103-01bad3079cfd", - "clientId" : "account-console", - "name" : "${client_account-console}", - "rootUrl" : "${authBaseUrl}", - "baseUrl" : "/realms/codex-develop/account/", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "**********", - "redirectUris" : [ "/realms/codex-develop/account/*" ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "pkce.code.challenge.method" : "S256" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "protocolMappers" : [ { - "id" : "f2c4a481-3653-4873-b2d8-9f43a010c7d3", - "name" : "audience resolve", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-audience-resolve-mapper", - "consentRequired" : false, - "config" : { } - } ], - "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "104a7fea-42b6-494f-b1c0-0e6bd39e80e2", - "clientId" : "admin-cli", - "name" : "${client_admin-cli}", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "**********", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : false, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : true, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "f3955d64-565f-46c3-bf0d-2e8a9716e504", - "clientId" : "broker", - "name" : "${client_broker}", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "**********", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "b7c8fb32-3b2c-4b68-ac16-3dd7fd52c0db", - "clientId" : "diz-uker", - "name" : "DIZ Klinikum Erlangen", - "surrogateAuthRequired" : false, - "enabled" : false, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "4f390e12-487f-402f-9c63-86c1476ed462", - "redirectUris" : [ "*" ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : true, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "saml.assertion.signature" : "false", - "saml.force.post.binding" : "false", - "saml.multivalued.roles" : "false", - "saml.encrypt" : "false", - "backchannel.logout.revoke.offline.tokens" : "false", - "saml.server.signature" : "false", - "saml.server.signature.keyinfo.ext" : "false", - "exclude.session.state.from.auth.response" : "false", - "backchannel.logout.session.required" : "true", - "client_credentials.use_refresh_token" : "false", - "saml_force_name_id_format" : "false", - "saml.client.signature" : "false", - "tls.client.certificate.bound.access.tokens" : "false", - "saml.authnstatement" : "false", - "display.on.consent.screen" : "false", - "saml.onetimeuse.condition" : "false" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : true, - "nodeReRegistrationTimeout" : -1, - "protocolMappers" : [ { - "id" : "7d24f353-3c53-4999-a751-9fd4e68af32b", - "name" : "Client Host", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usersessionmodel-note-mapper", - "consentRequired" : false, - "config" : { - "user.session.note" : "clientHost", - "userinfo.token.claim" : "true", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "clientHost", - "jsonType.label" : "String" - } - }, { - "id" : "d824e8bd-4575-4ec0-987b-781eea1eb344", - "name" : "site-name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-hardcoded-claim-mapper", - "consentRequired" : false, - "config" : { - "claim.value" : "Universitätsklinikum Erlangen", - "userinfo.token.claim" : "false", - "id.token.claim" : "false", - "access.token.claim" : "true", - "claim.name" : "site-name", - "jsonType.label" : "String", - "access.tokenResponse.claim" : "false" - } - }, { - "id" : "a36c9375-c3cc-478a-b346-688c3e1ecf39", - "name" : "Client ID", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usersessionmodel-note-mapper", - "consentRequired" : false, - "config" : { - "user.session.note" : "clientId", - "userinfo.token.claim" : "true", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "clientId", - "jsonType.label" : "String" - } - }, { - "id" : "8702c166-1c0f-4a4b-a547-a596a4fb604c", - "name" : "Client IP Address", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usersessionmodel-note-mapper", - "consentRequired" : false, - "config" : { - "user.session.note" : "clientAddress", - "userinfo.token.claim" : "true", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "clientAddress", - "jsonType.label" : "String" - } - }, { - "id" : "97b2a224-abda-478b-9a5c-52e3c80275ce", - "name" : "site-id", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-hardcoded-claim-mapper", - "consentRequired" : false, - "config" : { - "claim.value" : "uker", - "userinfo.token.claim" : "false", - "id.token.claim" : "false", - "access.token.claim" : "true", - "claim.name" : "site-id", - "jsonType.label" : "String", - "access.tokenResponse.claim" : "false" - } - } ], - "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "d2b31de6-0333-468a-a104-2ff8f759d786", - "clientId" : "feasibility-gui", - "name" : "feasibility gui", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "**********", - "redirectUris" : [ "/home", "/api" ], - "webOrigins" : [ "+" ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : true, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "saml.assertion.signature" : "false", - "saml.force.post.binding" : "false", - "saml.multivalued.roles" : "false", - "saml.encrypt" : "false", - "backchannel.logout.revoke.offline.tokens" : "false", - "saml.server.signature" : "false", - "saml.server.signature.keyinfo.ext" : "false", - "exclude.session.state.from.auth.response" : "false", - "backchannel.logout.session.required" : "true", - "client_credentials.use_refresh_token" : "false", - "saml_force_name_id_format" : "false", - "saml.client.signature" : "false", - "tls.client.certificate.bound.access.tokens" : "false", - "saml.authnstatement" : "false", - "display.on.consent.screen" : "false", - "saml.onetimeuse.condition" : "false" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : true, - "nodeReRegistrationTimeout" : -1, - "protocolMappers" : [ { - "id" : "3c9dc1e7-63c0-4d5f-add7-a0e4443999c7", - "name" : "groups", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-realm-role-mapper", - "consentRequired" : false, - "config" : { - "multivalued" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "foo", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "groups", - "jsonType.label" : "String" - } - } ], - "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "97968df9-46f9-4444-9863-e200f600bc7b", - "clientId" : "realm-management", - "name" : "${client_realm-management}", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "**********", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : true, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "cdd22346-0e4a-449b-879f-d9ba7b90e12c", - "clientId" : "security-admin-console", - "name" : "${client_security-admin-console}", - "rootUrl" : "${authAdminUrl}", - "baseUrl" : "/admin/codex-develop/console/", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "**********", - "redirectUris" : [ "/admin/codex-develop/console/*" ], - "webOrigins" : [ "+" ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "pkce.code.challenge.method" : "S256" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "protocolMappers" : [ { - "id" : "5dce29d4-cbb8-4936-b847-8581717e98e8", - "name" : "locale", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "locale", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "locale", - "jsonType.label" : "String" - } - } ], - "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - } ], - "clientScopes" : [ { - "id" : "ebd9ef35-eef3-4173-ae10-68e31431543c", - "name" : "address", - "description" : "OpenID Connect built-in scope: address", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${addressScopeConsentText}" - }, - "protocolMappers" : [ { - "id" : "c28c14c3-eaaf-4b35-bb27-47e6a0082221", - "name" : "address", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-address-mapper", - "consentRequired" : false, - "config" : { - "user.attribute.formatted" : "formatted", - "user.attribute.country" : "country", - "user.attribute.postal_code" : "postal_code", - "userinfo.token.claim" : "true", - "user.attribute.street" : "street", - "id.token.claim" : "true", - "user.attribute.region" : "region", - "access.token.claim" : "true", - "user.attribute.locality" : "locality" - } - } ] - }, { - "id" : "7076f74a-d3ca-4358-ac4e-4327fb6abccc", - "name" : "email", - "description" : "OpenID Connect built-in scope: email", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${emailScopeConsentText}" - }, - "protocolMappers" : [ { - "id" : "2154d906-8036-47f3-bdc8-95168bbf98fb", - "name" : "email verified", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "emailVerified", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "email_verified", - "jsonType.label" : "boolean" - } - }, { - "id" : "addbcb30-55d6-4719-912f-6fd3ba096608", - "name" : "email", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "email", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "email", - "jsonType.label" : "String" - } - } ] - }, { - "id" : "aa7a47ca-fb6c-4e68-a958-e2c7c0df4cb6", - "name" : "microprofile-jwt", - "description" : "Microprofile - JWT built-in scope", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "false" - }, - "protocolMappers" : [ { - "id" : "e914b43f-8809-44b9-a263-d833a4abbb0a", - "name" : "upn", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "username", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "upn", - "jsonType.label" : "String" - } - }, { - "id" : "ac2e9505-f796-4086-8d49-d6fc112c3af6", - "name" : "groups", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-realm-role-mapper", - "consentRequired" : false, - "config" : { - "multivalued" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "foo", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "groups", - "jsonType.label" : "String" - } - } ] - }, { - "id" : "fc03e27c-af69-4555-ac90-0f798a13d662", - "name" : "offline_access", - "description" : "OpenID Connect built-in scope: offline_access", - "protocol" : "openid-connect", - "attributes" : { - "consent.screen.text" : "${offlineAccessScopeConsentText}", - "display.on.consent.screen" : "true" - } - }, { - "id" : "ecdb49aa-e141-4456-b705-2c9056b357ca", - "name" : "phone", - "description" : "OpenID Connect built-in scope: phone", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${phoneScopeConsentText}" - }, - "protocolMappers" : [ { - "id" : "54ed815a-74e9-448c-9dc4-06f58d1e8e79", - "name" : "phone number verified", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "phoneNumberVerified", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "phone_number_verified", - "jsonType.label" : "boolean" - } - }, { - "id" : "76e6bc11-144e-4b98-9844-9f22bbc1a81b", - "name" : "phone number", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "phoneNumber", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "phone_number", - "jsonType.label" : "String" - } - } ] - }, { - "id" : "217f533d-3b86-4c18-ba3f-9cd3a2ee2020", - "name" : "profile", - "description" : "OpenID Connect built-in scope: profile", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${profileScopeConsentText}" - }, - "protocolMappers" : [ { - "id" : "56a95df4-a2aa-4084-bb0c-a1c582bc49de", - "name" : "full name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-full-name-mapper", - "consentRequired" : false, - "config" : { - "id.token.claim" : "true", - "access.token.claim" : "true", - "userinfo.token.claim" : "true" - } - }, { - "id" : "cda8131f-1089-461c-b7d7-9095f9f09039", - "name" : "given name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "firstName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "given_name", - "jsonType.label" : "String" - } - }, { - "id" : "472e35d5-bdca-4b2e-a254-a039e8d38055", - "name" : "middle name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "middleName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "middle_name", - "jsonType.label" : "String" - } - }, { - "id" : "fc05cdc0-8af3-4ef3-9e4f-13739a27b8eb", - "name" : "updated at", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "updatedAt", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "updated_at", - "jsonType.label" : "String" - } - }, { - "id" : "e7687a07-343d-468f-94a9-eb164b116def", - "name" : "username", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "username", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "preferred_username", - "jsonType.label" : "String" - } - }, { - "id" : "24b05ecf-9e9d-4339-b0a0-a3a74d31a6b7", - "name" : "website", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "website", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "website", - "jsonType.label" : "String" - } - }, { - "id" : "1680e452-542a-4cd8-8dc3-3a1a5f81a0fd", - "name" : "nickname", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "nickname", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "nickname", - "jsonType.label" : "String" - } - }, { - "id" : "b8e7ac11-ffa9-4d9f-b69a-b943a413b712", - "name" : "gender", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "gender", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "gender", - "jsonType.label" : "String" - } - }, { - "id" : "f236c5c8-7c33-423d-8d7e-f50aad004994", - "name" : "zoneinfo", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "zoneinfo", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "zoneinfo", - "jsonType.label" : "String" - } - }, { - "id" : "6d1e7cb0-cafc-4e1a-bcff-1ad7455543a0", - "name" : "profile", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "profile", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "profile", - "jsonType.label" : "String" - } - }, { - "id" : "fe9d04d9-7335-4c1b-bb79-243ef9879adf", - "name" : "locale", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "locale", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "locale", - "jsonType.label" : "String" - } - }, { - "id" : "4566115f-0422-4f85-b725-c73e648db062", - "name" : "picture", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "picture", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "picture", - "jsonType.label" : "String" - } - }, { - "id" : "1cba28ae-5118-47e5-9f50-9389ef84486e", - "name" : "birthdate", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "birthdate", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "birthdate", - "jsonType.label" : "String" - } - }, { - "id" : "cfed8843-761c-4842-9504-51413cfd1175", - "name" : "family name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "lastName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "family_name", - "jsonType.label" : "String" - } - } ] - }, { - "id" : "ddc37a1c-c9f0-4a65-8df4-aa4734d3eab0", - "name" : "role_list", - "description" : "SAML role list", - "protocol" : "saml", - "attributes" : { - "consent.screen.text" : "${samlRoleListScopeConsentText}", - "display.on.consent.screen" : "true" - }, - "protocolMappers" : [ { - "id" : "4f09c2b1-6fa3-4139-9ead-d117cc8f837a", - "name" : "role list", - "protocol" : "saml", - "protocolMapper" : "saml-role-list-mapper", - "consentRequired" : false, - "config" : { - "single" : "false", - "attribute.nameformat" : "Basic", - "attribute.name" : "Role" - } - } ] - }, { - "id" : "66979aa9-f8b2-4849-8047-c5c514b0894d", - "name" : "roles", - "description" : "OpenID Connect scope for add user roles to the access token", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "false", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${rolesScopeConsentText}" - }, - "protocolMappers" : [ { - "id" : "b9d4c8ed-8349-4036-a316-f5da88e1affd", - "name" : "realm roles", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-realm-role-mapper", - "consentRequired" : false, - "config" : { - "user.attribute" : "foo", - "access.token.claim" : "true", - "claim.name" : "realm_access.roles", - "jsonType.label" : "String", - "multivalued" : "true" - } - }, { - "id" : "86df93b0-95d2-4ddf-8a67-c95cd8548b4c", - "name" : "client roles", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-client-role-mapper", - "consentRequired" : false, - "config" : { - "user.attribute" : "foo", - "access.token.claim" : "true", - "claim.name" : "resource_access.${client_id}.roles", - "jsonType.label" : "String", - "multivalued" : "true" - } - }, { - "id" : "9512f843-d701-447a-81ad-c37c514f5e85", - "name" : "audience resolve", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-audience-resolve-mapper", - "consentRequired" : false, - "config" : { } - } ] - }, { - "id" : "643899ea-61ae-41e1-a16e-cfaa4f6e9cbf", - "name" : "web-origins", - "description" : "OpenID Connect scope for add allowed web origins to the access token", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "false", - "display.on.consent.screen" : "false", - "consent.screen.text" : "" - }, - "protocolMappers" : [ { - "id" : "73052104-9074-4c49-bc66-604c394b56e9", - "name" : "allowed web origins", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-allowed-origins-mapper", - "consentRequired" : false, - "config" : { } - } ] - } ], - "defaultDefaultClientScopes" : [ "profile", "web-origins", "roles", "email", "role_list" ], - "defaultOptionalClientScopes" : [ "microprofile-jwt", "address", "phone", "offline_access" ], - "browserSecurityHeaders" : { - "contentSecurityPolicyReportOnly" : "", - "xContentTypeOptions" : "nosniff", - "xRobotsTag" : "none", - "xFrameOptions" : "SAMEORIGIN", - "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - "xXSSProtection" : "1; mode=block", - "strictTransportSecurity" : "max-age=31536000; includeSubDomains" - }, - "smtpServer" : { }, - "eventsEnabled" : false, - "eventsListeners" : [ "jboss-logging" ], - "enabledEventTypes" : [ ], - "adminEventsEnabled" : false, - "adminEventsDetailsEnabled" : false, - "identityProviders" : [ ], - "identityProviderMappers" : [ ], - "components" : { - "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ { - "id" : "d678125d-4a20-4730-a629-939e768de9ff", - "name" : "Full Scope Disabled", - "providerId" : "scope", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { } - }, { - "id" : "a5327830-86ac-426c-a77b-00bd81dba0db", - "name" : "Max Clients Limit", - "providerId" : "max-clients", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "max-clients" : [ "200" ] - } - }, { - "id" : "f516ba7a-0b6b-44cf-8719-78ce76a349b9", - "name" : "Allowed Client Scopes", - "providerId" : "allowed-client-templates", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "allow-default-scopes" : [ "true" ] - } - }, { - "id" : "8b8c1d8c-7d01-4985-8c81-b18f671e555e", - "name" : "Trusted Hosts", - "providerId" : "trusted-hosts", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "host-sending-registration-request-must-match" : [ "true" ], - "client-uris-must-match" : [ "true" ] - } - }, { - "id" : "9c7e9418-c113-431e-a26b-4d300e44cfd6", - "name" : "Consent Required", - "providerId" : "consent-required", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { } - }, { - "id" : "129768ec-66db-4de0-9b67-dd3889e092e8", - "name" : "Allowed Protocol Mapper Types", - "providerId" : "allowed-protocol-mappers", - "subType" : "authenticated", - "subComponents" : { }, - "config" : { - "allowed-protocol-mapper-types" : [ "oidc-usermodel-attribute-mapper", "oidc-full-name-mapper", "oidc-usermodel-property-mapper", "oidc-address-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-attribute-mapper", "saml-user-property-mapper", "saml-role-list-mapper" ] - } - }, { - "id" : "a3b792d9-2819-496e-b48e-91dd51ec9d2a", - "name" : "Allowed Client Scopes", - "providerId" : "allowed-client-templates", - "subType" : "authenticated", - "subComponents" : { }, - "config" : { - "allow-default-scopes" : [ "true" ] - } - }, { - "id" : "e533cdfb-5afc-4685-a0a1-4a1fd6d4716d", - "name" : "Allowed Protocol Mapper Types", - "providerId" : "allowed-protocol-mappers", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "allowed-protocol-mapper-types" : [ "oidc-full-name-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-role-list-mapper", "saml-user-attribute-mapper", "saml-user-property-mapper", "oidc-address-mapper", "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper" ] - } - } ], - "org.keycloak.keys.KeyProvider" : [ { - "id" : "485b2c16-6c0a-4274-9ab4-a957ed56eabd", - "name" : "hmac-generated", - "providerId" : "hmac-generated", - "subComponents" : { }, - "config" : { - "kid" : [ "3045150d-477c-41df-b1b2-a53a835e2527" ], - "secret" : [ "71ndvqgD3mUCMMp2mYc8oFPyrMQV21AoZl_8C61MjUAJ1FpW-1CEQesWrXrNRIAMPEVyYPxdFliIaWhSvgbJVQ" ], - "priority" : [ "100" ], - "algorithm" : [ "HS256" ] - } - }, { - "id" : "aa37ed27-fa9d-40bd-90c8-d26478531db6", - "name" : "rsa-generated", - "providerId" : "rsa-generated", - "subComponents" : { }, - "config" : { - "privateKey" : [ "MIIEpAIBAAKCAQEAsXqfyR80A+mKnnCwsdpU1zGx+so7CvpnIBeXcUiDWYMIZUYy0G9YSYVgLwJX7C7ZLaBjn5mfgu6lZkIvkwdxzG5EhO84jGgE+VACwf/xdf7oNDDm7QY7SNSJ04qPl0E/XZWU9BV+L1UmXE7vPGeFXiMpR0RSFABSOXZYmYcIn7NbHJfaPTQ4/oNzKC9ms3RibcqfPBmbQ/aqw6Ei8ZuMJtKZ5T9Mee2Xcpq83AA/CpmpPY0buZZcRwYxZFSrWEviyHF0j2DPWxAFmowj4htFcmu3AVRfTXJ+C/LmYvL9owrD5mD+Fj0gsL/jzp6zCFWvJJsJLclsO21G8eP5b4aEAwIDAQABAoIBAQCL15pFh/+dQYyG8TZYvTbyZObfPC+vo8RUJiKfEUrl4fhgjCKH1+QR8jTqdYc/w14+tE0rOYnVSiMrYuVHjaseMJhuwmulPmUE6QVzRS9GETd3wDyE8M8PwOBkvZ4MyU2beLxoYvMNaqOSQmQBDXSpyzzAOdYOin4/Zr/DIQIrioAD2bEPApNae9SI3TmpgK/k6i7aZ59KjnAumqUkOVtBpb6UrA7t5wD6tDW2NlhvBKblqw8g9XaSqi4VFuMx5kR7bHrr1Bs/ljFqSpaSqyuZR14pih7o7PSm/ZsmvHTv0h2djhTrBL+j044PUB364f8iOb5EE12gnwKKceu+mtGJAoGBAN4X76nVbnozzFmKwQnZFXJolnOiidmg2o2A70OdxKzsD02SftlX2EssszKZtgV+hi0CAtoqu06NUZfXUP14WypTFty7CH1RVqcCGTK7Z0A8zpK0xzgv1NQQkMgabvXyxpjJDWGaO+2QzkavEK0mePACUJBLYAbHbrnMKiuMD4P3AoGBAMyTBdTlfwy0Gmsbleu/yDaDTV2NuH+jHHUpYLRgXU1M/dhSH7rS2lWHuB1Yfoh2tXoMuMIlOTLgUM6FM5ZF8D4jhU4dbuWBTnsiJfe5OmghB84Ws6FxDRh9XhKAqAXnCA07f9l+6phg9JV4NCwCprmH578J70Zeo6Zjf7OU2yVVAoGBALDvGtUPnyMl7xAK9b0Vv/tUjT/0ZqQFfPgslvEkWJJ2wb5IDlyymjNRmjWetZ9s7BIhPwp17qEm/rDcLb6xStfOODGDo8DKsyD8D/0Vxa0shFnmQaxmlsSXqfBw9qNkVYlU6x8t075wlZVEVSHMu55iCbLbCdZ8vZ6xo4rr21SDAoGAEBXLUpcM61HJ9fwASL4Wnvqp/Z4kEJ0horCzMtuU2nwgRX8Hkaf8lNcMCfqoUFCNKmCPsmw82Bw9Hk/o43ryTeB7Hc5ApvkI07O2qoi85+0Y8QJl816xOei5mdjV3UjyICA6iD5rcbnF4W7HI2K9+z6NYT8FulG8qluOce9VX9UCgYB7kZWeeEXT4U/sK6qBmPG8c4qrnOj1ZdBm7qOf4hVfVLdjpb9nMO+UmT+OD3HAVPHPtj7i3rD0kT0M4F5WbOXNnILHgddZngMk+NfJKFuX0/8UtN+WMgptP5hoiXg7JVlH9lTpj0prmHT1XXQ2Q2RJABXfZV5N3rTuPJp1eBJtDw==" ], - "certificate" : [ "MIICqTCCAZECBgF21ziLuTANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1jb2RleC1kZXZlbG9wMB4XDTIxMDEwNjEwMjExNVoXDTMxMDEwNjEwMjI1NVowGDEWMBQGA1UEAwwNY29kZXgtZGV2ZWxvcDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALF6n8kfNAPpip5wsLHaVNcxsfrKOwr6ZyAXl3FIg1mDCGVGMtBvWEmFYC8CV+wu2S2gY5+Zn4LupWZCL5MHccxuRITvOIxoBPlQAsH/8XX+6DQw5u0GO0jUidOKj5dBP12VlPQVfi9VJlxO7zxnhV4jKUdEUhQAUjl2WJmHCJ+zWxyX2j00OP6DcygvZrN0Ym3KnzwZm0P2qsOhIvGbjCbSmeU/THntl3KavNwAPwqZqT2NG7mWXEcGMWRUq1hL4shxdI9gz1sQBZqMI+IbRXJrtwFUX01yfgvy5mLy/aMKw+Zg/hY9ILC/486eswhVrySbCS3JbDttRvHj+W+GhAMCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEADj0BiZWloTnfxSbk4CM4KEovyWwI0tEbvlNRN5OtjUjs2SusOI9vj8FmdJQhGqXnVjQ5gGVEHUXqTD/f7epugirsMqs4i5Rf4oRIHgxWDzIZiBb3rXPHS0AxkdyXh74c3fekG2rRhejaHbfBvPASSkqEBGF+1Q9UtG3186oQCWX/9kl/+rqZNixIy5nASZgQodxRPKoZo/5xiJyH+C43gijme886FI2PQ0DN26Rx0YA/5J5agoHNH96UKCbSyLC145KFUwDymUzOv85HTFL9bGalMpvynDlfa0f6mjxmprjhESY9Edk+V4WHhKRUaV9Y5v1QLl+4lX3pgaTjM+ydMA==" ], - "priority" : [ "100" ] - } - }, { - "id" : "5bbd86a4-df07-4b06-8c4e-6bf4a38caa53", - "name" : "aes-generated", - "providerId" : "aes-generated", - "subComponents" : { }, - "config" : { - "kid" : [ "630ed6ad-1a26-437a-be85-adfc6ba688eb" ], - "secret" : [ "I-1hns034JdoYP3chTbBGA" ], - "priority" : [ "100" ] - } - } ] - }, - "internationalizationEnabled" : false, - "supportedLocales" : [ ], - "authenticationFlows" : [ { - "id" : "32758648-6669-4bdf-81cf-9c888d8e4c84", - "alias" : "Account verification options", - "description" : "Method with which to verity the existing account", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "idp-email-verification", - "requirement" : "ALTERNATIVE", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "requirement" : "ALTERNATIVE", - "priority" : 20, - "flowAlias" : "Verify Existing Account by Re-authentication", - "userSetupAllowed" : false, - "autheticatorFlow" : true - } ] - }, { - "id" : "05521a8b-dd7b-4a11-a0ac-fd7c5680874d", - "alias" : "Authentication Options", - "description" : "Authentication options.", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "basic-auth", - "requirement" : "REQUIRED", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "basic-auth-otp", - "requirement" : "DISABLED", - "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "auth-spnego", - "requirement" : "DISABLED", - "priority" : 30, - "userSetupAllowed" : false, - "autheticatorFlow" : false - } ] - }, { - "id" : "35cc964c-6bc2-409a-8a0b-e3cbfca6acca", - "alias" : "Browser - Conditional OTP", - "description" : "Flow to determine if the OTP is required for the authentication", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "requirement" : "REQUIRED", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "auth-otp-form", - "requirement" : "REQUIRED", - "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false - } ] - }, { - "id" : "5b4c25a9-fe76-470c-b31d-33b4658f4029", - "alias" : "Direct Grant - Conditional OTP", - "description" : "Flow to determine if the OTP is required for the authentication", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "requirement" : "REQUIRED", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "direct-grant-validate-otp", - "requirement" : "REQUIRED", - "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false - } ] - }, { - "id" : "6c774497-ef68-48ef-84a6-86d0e0f1b929", - "alias" : "First broker login - Conditional OTP", - "description" : "Flow to determine if the OTP is required for the authentication", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "requirement" : "REQUIRED", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "auth-otp-form", - "requirement" : "REQUIRED", - "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false - } ] - }, { - "id" : "5e4ba039-906b-47ac-bfc1-e82b24f9f988", - "alias" : "Handle Existing Account", - "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "idp-confirm-link", - "requirement" : "REQUIRED", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "requirement" : "REQUIRED", - "priority" : 20, - "flowAlias" : "Account verification options", - "userSetupAllowed" : false, - "autheticatorFlow" : true - } ] - }, { - "id" : "f5bf93b8-db7a-4522-a3f8-ef823616b99f", - "alias" : "Reset - Conditional OTP", - "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "requirement" : "REQUIRED", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "reset-otp", - "requirement" : "REQUIRED", - "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false - } ] - }, { - "id" : "0423ec86-befe-475b-842a-c189bf05f68a", - "alias" : "User creation or linking", - "description" : "Flow for the existing/non-existing user alternatives", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticatorConfig" : "create unique user config", - "authenticator" : "idp-create-user-if-unique", - "requirement" : "ALTERNATIVE", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "requirement" : "ALTERNATIVE", - "priority" : 20, - "flowAlias" : "Handle Existing Account", - "userSetupAllowed" : false, - "autheticatorFlow" : true - } ] - }, { - "id" : "a7b8b1ef-c8cc-4dad-9939-bcbb8237f3a0", - "alias" : "Verify Existing Account by Re-authentication", - "description" : "Reauthentication of existing account", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "idp-username-password-form", - "requirement" : "REQUIRED", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "requirement" : "CONDITIONAL", - "priority" : 20, - "flowAlias" : "First broker login - Conditional OTP", - "userSetupAllowed" : false, - "autheticatorFlow" : true - } ] - }, { - "id" : "6820d842-3dd5-49e4-bd09-e36f198ee282", - "alias" : "browser", - "description" : "browser based authentication", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "auth-cookie", - "requirement" : "ALTERNATIVE", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "auth-spnego", - "requirement" : "DISABLED", - "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "identity-provider-redirector", - "requirement" : "ALTERNATIVE", - "priority" : 25, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "requirement" : "ALTERNATIVE", - "priority" : 30, - "flowAlias" : "forms", - "userSetupAllowed" : false, - "autheticatorFlow" : true - } ] - }, { - "id" : "2d01e1ea-4438-42d1-900b-f4274d6518cc", - "alias" : "clients", - "description" : "Base authentication for clients", - "providerId" : "client-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "client-secret", - "requirement" : "ALTERNATIVE", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "client-jwt", - "requirement" : "ALTERNATIVE", - "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "client-secret-jwt", - "requirement" : "ALTERNATIVE", - "priority" : 30, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "client-x509", - "requirement" : "ALTERNATIVE", - "priority" : 40, - "userSetupAllowed" : false, - "autheticatorFlow" : false - } ] - }, { - "id" : "65139319-eb35-4583-8136-46c08a8fff98", - "alias" : "direct grant", - "description" : "OpenID Connect Resource Owner Grant", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "direct-grant-validate-username", - "requirement" : "REQUIRED", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "direct-grant-validate-password", - "requirement" : "REQUIRED", - "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "requirement" : "CONDITIONAL", - "priority" : 30, - "flowAlias" : "Direct Grant - Conditional OTP", - "userSetupAllowed" : false, - "autheticatorFlow" : true - } ] - }, { - "id" : "bd5abebe-ceea-4acb-a682-8808cb0e3ff1", - "alias" : "docker auth", - "description" : "Used by Docker clients to authenticate against the IDP", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "docker-http-basic-authenticator", - "requirement" : "REQUIRED", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - } ] - }, { - "id" : "5cacb799-e1b6-41f1-a33e-2ce79cb4fcfd", - "alias" : "first broker login", - "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticatorConfig" : "review profile config", - "authenticator" : "idp-review-profile", - "requirement" : "REQUIRED", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "requirement" : "REQUIRED", - "priority" : 20, - "flowAlias" : "User creation or linking", - "userSetupAllowed" : false, - "autheticatorFlow" : true - } ] - }, { - "id" : "16738660-38b9-4c1b-9194-886349faebc0", - "alias" : "forms", - "description" : "Username, password, otp and other auth forms.", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "auth-username-password-form", - "requirement" : "REQUIRED", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "requirement" : "CONDITIONAL", - "priority" : 20, - "flowAlias" : "Browser - Conditional OTP", - "userSetupAllowed" : false, - "autheticatorFlow" : true - } ] - }, { - "id" : "0209db8c-1ed2-4b04-9dcd-dc8ac7db1a6a", - "alias" : "http challenge", - "description" : "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "no-cookie-redirect", - "requirement" : "REQUIRED", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "requirement" : "REQUIRED", - "priority" : 20, - "flowAlias" : "Authentication Options", - "userSetupAllowed" : false, - "autheticatorFlow" : true - } ] - }, { - "id" : "348fb242-dc01-49c7-a4fc-8c96ac72eedc", - "alias" : "registration", - "description" : "registration flow", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "registration-page-form", - "requirement" : "REQUIRED", - "priority" : 10, - "flowAlias" : "registration form", - "userSetupAllowed" : false, - "autheticatorFlow" : true - } ] - }, { - "id" : "c5d0b00b-4f35-4f8e-8f3e-2d0c380b88fb", - "alias" : "registration form", - "description" : "registration form", - "providerId" : "form-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "registration-user-creation", - "requirement" : "REQUIRED", - "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "registration-profile-action", - "requirement" : "REQUIRED", - "priority" : 40, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "registration-password-action", - "requirement" : "REQUIRED", - "priority" : 50, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "registration-recaptcha-action", - "requirement" : "DISABLED", - "priority" : 60, - "userSetupAllowed" : false, - "autheticatorFlow" : false - } ] - }, { - "id" : "32e0216f-79b3-40d9-a302-fc94967b13ed", - "alias" : "reset credentials", - "description" : "Reset credentials for a user if they forgot their password or something", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "reset-credentials-choose-user", - "requirement" : "REQUIRED", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "reset-credential-email", - "requirement" : "REQUIRED", - "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "reset-password", - "requirement" : "REQUIRED", - "priority" : 30, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "requirement" : "CONDITIONAL", - "priority" : 40, - "flowAlias" : "Reset - Conditional OTP", - "userSetupAllowed" : false, - "autheticatorFlow" : true - } ] - }, { - "id" : "73a936d3-340d-43ab-aa5c-016862b4e0b6", - "alias" : "saml ecp", - "description" : "SAML ECP Profile Authentication Flow", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "http-basic-authenticator", - "requirement" : "REQUIRED", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - } ] - } ], - "authenticatorConfig" : [ { - "id" : "ed2c029b-c6dc-477e-b944-1389576ad8f9", - "alias" : "create unique user config", - "config" : { - "require.password.update.after.registration" : "false" - } - }, { - "id" : "fbff98ae-f3dd-4ae8-9bef-bb3db3ca3159", - "alias" : "review profile config", - "config" : { - "update.profile.on.first.login" : "missing" - } - } ], - "requiredActions" : [ { - "alias" : "CONFIGURE_TOTP", - "name" : "Configure OTP", - "providerId" : "CONFIGURE_TOTP", - "enabled" : true, - "defaultAction" : false, - "priority" : 10, - "config" : { } - }, { - "alias" : "terms_and_conditions", - "name" : "Terms and Conditions", - "providerId" : "terms_and_conditions", - "enabled" : false, - "defaultAction" : false, - "priority" : 20, - "config" : { } - }, { - "alias" : "UPDATE_PASSWORD", - "name" : "Update Password", - "providerId" : "UPDATE_PASSWORD", - "enabled" : true, - "defaultAction" : false, - "priority" : 30, - "config" : { } - }, { - "alias" : "UPDATE_PROFILE", - "name" : "Update Profile", - "providerId" : "UPDATE_PROFILE", - "enabled" : true, - "defaultAction" : false, - "priority" : 40, - "config" : { } - }, { - "alias" : "VERIFY_EMAIL", - "name" : "Verify Email", - "providerId" : "VERIFY_EMAIL", - "enabled" : true, - "defaultAction" : false, - "priority" : 50, - "config" : { } - }, { - "alias" : "delete_account", - "name" : "Delete Account", - "providerId" : "delete_account", - "enabled" : false, - "defaultAction" : false, - "priority" : 60, - "config" : { } - }, { - "alias" : "update_user_locale", - "name" : "Update User Locale", - "providerId" : "update_user_locale", - "enabled" : true, - "defaultAction" : false, - "priority" : 1000, - "config" : { } - } ], - "browserFlow" : "browser", - "registrationFlow" : "registration", - "directGrantFlow" : "direct grant", - "resetCredentialsFlow" : "reset credentials", - "clientAuthenticationFlow" : "clients", - "dockerAuthenticationFlow" : "docker auth", - "attributes" : { - "clientOfflineSessionMaxLifespan" : "0", - "clientSessionIdleTimeout" : "0", - "clientSessionMaxLifespan" : "0", - "clientOfflineSessionIdleTimeout" : "0" - }, - "keycloakVersion" : "12.0.1", - "userManagedAccessAllowed" : false -}, { - "id" : "master", - "realm" : "master", - "displayName" : "Keycloak", - "displayNameHtml" : "
Keycloak
", - "notBefore" : 0, - "revokeRefreshToken" : false, - "refreshTokenMaxReuse" : 0, - "accessTokenLifespan" : 60, - "accessTokenLifespanForImplicitFlow" : 900, - "ssoSessionIdleTimeout" : 1800, - "ssoSessionMaxLifespan" : 36000, - "ssoSessionIdleTimeoutRememberMe" : 0, - "ssoSessionMaxLifespanRememberMe" : 0, - "offlineSessionIdleTimeout" : 2592000, - "offlineSessionMaxLifespanEnabled" : false, - "offlineSessionMaxLifespan" : 5184000, - "clientSessionIdleTimeout" : 0, - "clientSessionMaxLifespan" : 0, - "clientOfflineSessionIdleTimeout" : 0, - "clientOfflineSessionMaxLifespan" : 0, - "accessCodeLifespan" : 60, - "accessCodeLifespanUserAction" : 300, - "accessCodeLifespanLogin" : 1800, - "actionTokenGeneratedByAdminLifespan" : 43200, - "actionTokenGeneratedByUserLifespan" : 300, - "enabled" : true, - "sslRequired" : "external", - "registrationAllowed" : false, - "registrationEmailAsUsername" : false, - "rememberMe" : false, - "verifyEmail" : false, - "loginWithEmailAllowed" : false, - "duplicateEmailsAllowed" : false, - "resetPasswordAllowed" : false, - "editUsernameAllowed" : false, - "bruteForceProtected" : false, - "permanentLockout" : false, - "maxFailureWaitSeconds" : 900, - "minimumQuickLoginWaitSeconds" : 60, - "waitIncrementSeconds" : 60, - "quickLoginCheckMilliSeconds" : 1000, - "maxDeltaTimeSeconds" : 43200, - "failureFactor" : 30, - "roles" : { - "realm" : [ { - "id" : "57bda7a6-32fd-4bcc-b2a5-8113b8c042fe", - "name" : "create-realm", - "description" : "${role_create-realm}", - "composite" : false, - "clientRole" : false, - "containerId" : "master", - "attributes" : { } - }, { - "id" : "6adef679-b1b7-439d-b2aa-49aadda60b04", - "name" : "offline_access", - "description" : "${role_offline-access}", - "composite" : false, - "clientRole" : false, - "containerId" : "master", - "attributes" : { } - }, { - "id" : "700d3e0d-fd5b-403e-9610-dd5d5a19256a", - "name" : "admin", - "description" : "${role_admin}", - "composite" : true, - "composites" : { - "realm" : [ "create-realm" ], - "client" : { - "codex-develop-realm" : [ "view-clients", "manage-realm", "query-clients", "view-identity-providers", "query-users", "impersonation", "view-authorization", "view-users", "query-realms", "manage-identity-providers", "manage-authorization", "create-client", "manage-users", "view-realm", "manage-clients", "query-groups", "manage-events", "view-events" ], - "master-realm" : [ "query-users", "manage-users", "create-client", "view-authorization", "query-clients", "manage-clients", "manage-identity-providers", "view-events", "manage-authorization", "query-realms", "view-identity-providers", "manage-events", "view-users", "impersonation", "manage-realm", "query-groups", "view-realm", "view-clients" ] - } - }, - "clientRole" : false, - "containerId" : "master", - "attributes" : { } - }, { - "id" : "a7a37cec-e994-4c71-bf66-85a29cb70d8d", - "name" : "uma_authorization", - "description" : "${role_uma_authorization}", - "composite" : false, - "clientRole" : false, - "containerId" : "master", - "attributes" : { } - } ], - "client" : { - "security-admin-console" : [ ], - "admin-cli" : [ ], - "account-console" : [ ], - "codex-develop-realm" : [ { - "id" : "afc419c3-3426-4d3d-b005-a53f50165acd", - "name" : "manage-identity-providers", - "description" : "${role_manage-identity-providers}", - "composite" : false, - "clientRole" : true, - "containerId" : "6a568d94-adba-4742-8f92-ddbdcdf004c8", - "attributes" : { } - }, { - "id" : "16e2edb1-47c7-4ad9-a3a7-d2dd7f44a87a", - "name" : "query-realms", - "description" : "${role_query-realms}", - "composite" : false, - "clientRole" : true, - "containerId" : "6a568d94-adba-4742-8f92-ddbdcdf004c8", - "attributes" : { } - }, { - "id" : "210206bc-0980-4ffb-8ae8-f8ae38b552f6", - "name" : "view-clients", - "description" : "${role_view-clients}", - "composite" : true, - "composites" : { - "client" : { - "codex-develop-realm" : [ "query-clients" ] - } - }, - "clientRole" : true, - "containerId" : "6a568d94-adba-4742-8f92-ddbdcdf004c8", - "attributes" : { } - }, { - "id" : "6016a0bb-5070-4e19-961b-14c12707ea1c", - "name" : "manage-authorization", - "description" : "${role_manage-authorization}", - "composite" : false, - "clientRole" : true, - "containerId" : "6a568d94-adba-4742-8f92-ddbdcdf004c8", - "attributes" : { } - }, { - "id" : "41717978-ea98-43c1-8b29-acb11c7c9184", - "name" : "create-client", - "description" : "${role_create-client}", - "composite" : false, - "clientRole" : true, - "containerId" : "6a568d94-adba-4742-8f92-ddbdcdf004c8", - "attributes" : { } - }, { - "id" : "c2c33c0a-14ae-4578-b285-0e3710edab53", - "name" : "manage-realm", - "description" : "${role_manage-realm}", - "composite" : false, - "clientRole" : true, - "containerId" : "6a568d94-adba-4742-8f92-ddbdcdf004c8", - "attributes" : { } - }, { - "id" : "8f5a4222-3286-497b-a9d5-e86dd9f33ae6", - "name" : "query-clients", - "description" : "${role_query-clients}", - "composite" : false, - "clientRole" : true, - "containerId" : "6a568d94-adba-4742-8f92-ddbdcdf004c8", - "attributes" : { } - }, { - "id" : "36fbb7a0-a949-4d42-b959-ad492512d648", - "name" : "view-identity-providers", - "description" : "${role_view-identity-providers}", - "composite" : false, - "clientRole" : true, - "containerId" : "6a568d94-adba-4742-8f92-ddbdcdf004c8", - "attributes" : { } - }, { - "id" : "409b3327-1e3b-496a-b8fc-f1a39dc04519", - "name" : "manage-users", - "description" : "${role_manage-users}", - "composite" : false, - "clientRole" : true, - "containerId" : "6a568d94-adba-4742-8f92-ddbdcdf004c8", - "attributes" : { } - }, { - "id" : "fbef2ef6-61af-4d95-9fd5-5525e2a55da6", - "name" : "view-realm", - "description" : "${role_view-realm}", - "composite" : false, - "clientRole" : true, - "containerId" : "6a568d94-adba-4742-8f92-ddbdcdf004c8", - "attributes" : { } - }, { - "id" : "0eb03368-46ff-4dfe-a613-6a32fb9a30cd", - "name" : "manage-clients", - "description" : "${role_manage-clients}", - "composite" : false, - "clientRole" : true, - "containerId" : "6a568d94-adba-4742-8f92-ddbdcdf004c8", - "attributes" : { } - }, { - "id" : "17079efd-2f96-40ba-8e59-1804b6a1560c", - "name" : "query-users", - "description" : "${role_query-users}", - "composite" : false, - "clientRole" : true, - "containerId" : "6a568d94-adba-4742-8f92-ddbdcdf004c8", - "attributes" : { } - }, { - "id" : "119ba01e-2194-4f5b-8e7e-2c98ae303c6b", - "name" : "query-groups", - "description" : "${role_query-groups}", - "composite" : false, - "clientRole" : true, - "containerId" : "6a568d94-adba-4742-8f92-ddbdcdf004c8", - "attributes" : { } - }, { - "id" : "83566a4c-485a-4162-850a-7cd66e47328f", - "name" : "manage-events", - "description" : "${role_manage-events}", - "composite" : false, - "clientRole" : true, - "containerId" : "6a568d94-adba-4742-8f92-ddbdcdf004c8", - "attributes" : { } - }, { - "id" : "91f76687-eda3-4de3-a4e7-b673fa714f83", - "name" : "impersonation", - "description" : "${role_impersonation}", - "composite" : false, - "clientRole" : true, - "containerId" : "6a568d94-adba-4742-8f92-ddbdcdf004c8", - "attributes" : { } - }, { - "id" : "703822de-32dd-4547-a072-03dfe5e0e63e", - "name" : "view-authorization", - "description" : "${role_view-authorization}", - "composite" : false, - "clientRole" : true, - "containerId" : "6a568d94-adba-4742-8f92-ddbdcdf004c8", - "attributes" : { } - }, { - "id" : "3f6d5621-ff62-4720-b6ff-b3bc3ce70ac9", - "name" : "view-events", - "description" : "${role_view-events}", - "composite" : false, - "clientRole" : true, - "containerId" : "6a568d94-adba-4742-8f92-ddbdcdf004c8", - "attributes" : { } - }, { - "id" : "cbb60aa5-fda5-462b-8be8-217833f701fe", - "name" : "view-users", - "description" : "${role_view-users}", - "composite" : true, - "composites" : { - "client" : { - "codex-develop-realm" : [ "query-groups", "query-users" ] - } - }, - "clientRole" : true, - "containerId" : "6a568d94-adba-4742-8f92-ddbdcdf004c8", - "attributes" : { } - } ], - "broker" : [ { - "id" : "c4d98485-7111-4e17-a306-b82740e24679", - "name" : "read-token", - "description" : "${role_read-token}", - "composite" : false, - "clientRole" : true, - "containerId" : "ec161ab4-99bd-437d-b6ba-50a79e47f657", - "attributes" : { } - } ], - "master-realm" : [ { - "id" : "839c9904-8933-48a2-be26-0c978c36865b", - "name" : "manage-identity-providers", - "description" : "${role_manage-identity-providers}", - "composite" : false, - "clientRole" : true, - "containerId" : "b2669be8-fee3-4bc5-8ed0-23ab3519b0ac", - "attributes" : { } - }, { - "id" : "2ffa06a6-8860-4113-991f-4d6b9a336f9e", - "name" : "view-events", - "description" : "${role_view-events}", - "composite" : false, - "clientRole" : true, - "containerId" : "b2669be8-fee3-4bc5-8ed0-23ab3519b0ac", - "attributes" : { } - }, { - "id" : "37f6fe43-c5f5-4540-9509-27a43ff57640", - "name" : "manage-authorization", - "description" : "${role_manage-authorization}", - "composite" : false, - "clientRole" : true, - "containerId" : "b2669be8-fee3-4bc5-8ed0-23ab3519b0ac", - "attributes" : { } - }, { - "id" : "c7423289-1e8f-4aac-ae96-f1fbc9cd9ca1", - "name" : "query-users", - "description" : "${role_query-users}", - "composite" : false, - "clientRole" : true, - "containerId" : "b2669be8-fee3-4bc5-8ed0-23ab3519b0ac", - "attributes" : { } - }, { - "id" : "655460ce-14df-40e6-8cb4-955d7b94dcb4", - "name" : "manage-users", - "description" : "${role_manage-users}", - "composite" : false, - "clientRole" : true, - "containerId" : "b2669be8-fee3-4bc5-8ed0-23ab3519b0ac", - "attributes" : { } - }, { - "id" : "5232f58f-454e-409d-8415-028882985afe", - "name" : "query-realms", - "description" : "${role_query-realms}", - "composite" : false, - "clientRole" : true, - "containerId" : "b2669be8-fee3-4bc5-8ed0-23ab3519b0ac", - "attributes" : { } - }, { - "id" : "e10f4f4e-352d-45f6-8577-a2d37ba0d439", - "name" : "view-identity-providers", - "description" : "${role_view-identity-providers}", - "composite" : false, - "clientRole" : true, - "containerId" : "b2669be8-fee3-4bc5-8ed0-23ab3519b0ac", - "attributes" : { } - }, { - "id" : "ec21f8f4-5ea7-4150-8bae-d0524c4a72dd", - "name" : "impersonation", - "description" : "${role_impersonation}", - "composite" : false, - "clientRole" : true, - "containerId" : "b2669be8-fee3-4bc5-8ed0-23ab3519b0ac", - "attributes" : { } - }, { - "id" : "04cbf008-50fa-488e-b3a0-e3fa2e2d095d", - "name" : "manage-events", - "description" : "${role_manage-events}", - "composite" : false, - "clientRole" : true, - "containerId" : "b2669be8-fee3-4bc5-8ed0-23ab3519b0ac", - "attributes" : { } - }, { - "id" : "c447561d-d771-4dfc-bf70-0c3ec6ed8da6", - "name" : "view-users", - "description" : "${role_view-users}", - "composite" : true, - "composites" : { - "client" : { - "master-realm" : [ "query-users", "query-groups" ] - } - }, - "clientRole" : true, - "containerId" : "b2669be8-fee3-4bc5-8ed0-23ab3519b0ac", - "attributes" : { } - }, { - "id" : "e641d44d-74c4-4490-a4a3-56332e64674a", - "name" : "manage-realm", - "description" : "${role_manage-realm}", - "composite" : false, - "clientRole" : true, - "containerId" : "b2669be8-fee3-4bc5-8ed0-23ab3519b0ac", - "attributes" : { } - }, { - "id" : "148a8898-c573-4b3d-a20e-50e78cf942aa", - "name" : "create-client", - "description" : "${role_create-client}", - "composite" : false, - "clientRole" : true, - "containerId" : "b2669be8-fee3-4bc5-8ed0-23ab3519b0ac", - "attributes" : { } - }, { - "id" : "2568b37f-9387-4841-997a-e422737a371a", - "name" : "query-groups", - "description" : "${role_query-groups}", - "composite" : false, - "clientRole" : true, - "containerId" : "b2669be8-fee3-4bc5-8ed0-23ab3519b0ac", - "attributes" : { } - }, { - "id" : "fe8539e0-5da5-416a-9066-ce03459ad1d1", - "name" : "view-authorization", - "description" : "${role_view-authorization}", - "composite" : false, - "clientRole" : true, - "containerId" : "b2669be8-fee3-4bc5-8ed0-23ab3519b0ac", - "attributes" : { } - }, { - "id" : "97b340b1-041f-4b06-bf6c-da9397df42ef", - "name" : "query-clients", - "description" : "${role_query-clients}", - "composite" : false, - "clientRole" : true, - "containerId" : "b2669be8-fee3-4bc5-8ed0-23ab3519b0ac", - "attributes" : { } - }, { - "id" : "0d9716dc-bfb7-4660-82fa-e0c4be846cc3", - "name" : "view-realm", - "description" : "${role_view-realm}", - "composite" : false, - "clientRole" : true, - "containerId" : "b2669be8-fee3-4bc5-8ed0-23ab3519b0ac", - "attributes" : { } - }, { - "id" : "0caee47f-e62b-4103-9c48-6a6fc917ff1d", - "name" : "view-clients", - "description" : "${role_view-clients}", - "composite" : true, - "composites" : { - "client" : { - "master-realm" : [ "query-clients" ] - } - }, - "clientRole" : true, - "containerId" : "b2669be8-fee3-4bc5-8ed0-23ab3519b0ac", - "attributes" : { } - }, { - "id" : "f49f14bc-c652-4dae-8a62-793e592cbb8d", - "name" : "manage-clients", - "description" : "${role_manage-clients}", - "composite" : false, - "clientRole" : true, - "containerId" : "b2669be8-fee3-4bc5-8ed0-23ab3519b0ac", - "attributes" : { } - } ], - "account" : [ { - "id" : "b518ef56-7a68-41cc-9bae-24af4aee37b9", - "name" : "manage-account", - "description" : "${role_manage-account}", - "composite" : true, - "composites" : { - "client" : { - "account" : [ "manage-account-links" ] - } - }, - "clientRole" : true, - "containerId" : "21d9d509-9e7d-47be-9bf9-63a7ff9a3bca", - "attributes" : { } - }, { - "id" : "b0adb32f-8f1f-414b-8ca6-f61508760f00", - "name" : "view-consent", - "description" : "${role_view-consent}", - "composite" : false, - "clientRole" : true, - "containerId" : "21d9d509-9e7d-47be-9bf9-63a7ff9a3bca", - "attributes" : { } - }, { - "id" : "ffc46cf6-bdf6-4b5d-ae55-41e80eccad1d", - "name" : "view-profile", - "description" : "${role_view-profile}", - "composite" : false, - "clientRole" : true, - "containerId" : "21d9d509-9e7d-47be-9bf9-63a7ff9a3bca", - "attributes" : { } - }, { - "id" : "7e305ec4-2424-4558-92a2-95c24da005cc", - "name" : "delete-account", - "description" : "${role_delete-account}", - "composite" : false, - "clientRole" : true, - "containerId" : "21d9d509-9e7d-47be-9bf9-63a7ff9a3bca", - "attributes" : { } - }, { - "id" : "4da658d4-486c-45d4-a78f-520a90e38d49", - "name" : "manage-consent", - "description" : "${role_manage-consent}", - "composite" : true, - "composites" : { - "client" : { - "account" : [ "view-consent" ] - } - }, - "clientRole" : true, - "containerId" : "21d9d509-9e7d-47be-9bf9-63a7ff9a3bca", - "attributes" : { } - }, { - "id" : "0f2a6808-7e59-40d7-90dc-24490c90cb4d", - "name" : "manage-account-links", - "description" : "${role_manage-account-links}", - "composite" : false, - "clientRole" : true, - "containerId" : "21d9d509-9e7d-47be-9bf9-63a7ff9a3bca", - "attributes" : { } - }, { - "id" : "6d18bb4f-2b04-40bc-877c-8bb6bf6076bd", - "name" : "view-applications", - "description" : "${role_view-applications}", - "composite" : false, - "clientRole" : true, - "containerId" : "21d9d509-9e7d-47be-9bf9-63a7ff9a3bca", - "attributes" : { } - } ] - } - }, - "groups" : [ ], - "defaultRoles" : [ "offline_access", "uma_authorization" ], - "requiredCredentials" : [ "password" ], - "otpPolicyType" : "totp", - "otpPolicyAlgorithm" : "HmacSHA1", - "otpPolicyInitialCounter" : 0, - "otpPolicyDigits" : 6, - "otpPolicyLookAheadWindow" : 1, - "otpPolicyPeriod" : 30, - "otpSupportedApplications" : [ "FreeOTP", "Google Authenticator" ], - "webAuthnPolicyRpEntityName" : "keycloak", - "webAuthnPolicySignatureAlgorithms" : [ "ES256" ], - "webAuthnPolicyRpId" : "", - "webAuthnPolicyAttestationConveyancePreference" : "not specified", - "webAuthnPolicyAuthenticatorAttachment" : "not specified", - "webAuthnPolicyRequireResidentKey" : "not specified", - "webAuthnPolicyUserVerificationRequirement" : "not specified", - "webAuthnPolicyCreateTimeout" : 0, - "webAuthnPolicyAvoidSameAuthenticatorRegister" : false, - "webAuthnPolicyAcceptableAaguids" : [ ], - "webAuthnPolicyPasswordlessRpEntityName" : "keycloak", - "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ], - "webAuthnPolicyPasswordlessRpId" : "", - "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified", - "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified", - "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified", - "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified", - "webAuthnPolicyPasswordlessCreateTimeout" : 0, - "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false, - "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ], - "users" : [ { - "id" : "d30a9975-4a2b-4feb-9602-7d29e7c639e6", - "createdTimestamp" : 1609928576419, - "username" : "admin", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "credentials" : [ { - "id" : "ba5e3ec4-5b62-43d5-aac4-d63dfb1013b5", - "type" : "password", - "createdDate" : 1609928576595, - "secretData" : "{\"value\":\"CRbzuShCgp6C8Q/3sV2WsRlZ9P1jyMa9kO070oiQQLxPJcdojK4ES6xNLnvoWxR9C/FeGJtadODcsqXq0CoYCA==\",\"salt\":\"ElTaXOmeliezNt9eLg7WDQ==\",\"additionalParameters\":{}}", - "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" - } ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "realmRoles" : [ "offline_access", "admin", "uma_authorization" ], - "clientRoles" : { - "account" : [ "manage-account", "view-profile" ] - }, - "notBefore" : 0, - "groups" : [ ] - } ], - "scopeMappings" : [ { - "clientScope" : "offline_access", - "roles" : [ "offline_access" ] - } ], - "clientScopeMappings" : { - "account" : [ { - "client" : "account-console", - "roles" : [ "manage-account" ] - } ] - }, - "clients" : [ { - "id" : "21d9d509-9e7d-47be-9bf9-63a7ff9a3bca", - "clientId" : "account", - "name" : "${client_account}", - "rootUrl" : "${authBaseUrl}", - "baseUrl" : "/realms/master/account/", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "b5d044fd-65f5-401e-85a9-e6594e12882b", - "defaultRoles" : [ "manage-account", "view-profile" ], - "redirectUris" : [ "/realms/master/account/*" ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "5f17003e-c510-4029-a42a-32e77e9c7618", - "clientId" : "account-console", - "name" : "${client_account-console}", - "rootUrl" : "${authBaseUrl}", - "baseUrl" : "/realms/master/account/", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "ef0823b7-cdbe-492a-8134-dcaf15450408", - "redirectUris" : [ "/realms/master/account/*" ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "pkce.code.challenge.method" : "S256" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "protocolMappers" : [ { - "id" : "556dc3d1-6a24-4b79-80cf-e8c58233a9c9", - "name" : "audience resolve", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-audience-resolve-mapper", - "consentRequired" : false, - "config" : { } - } ], - "defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "c80f35c5-b7e1-4100-a68e-b34d8ede513c", - "clientId" : "admin-cli", - "name" : "${client_admin-cli}", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "8bb55c95-477c-464b-984f-81f9c6f1dd0d", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : false, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : true, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "ec161ab4-99bd-437d-b6ba-50a79e47f657", - "clientId" : "broker", - "name" : "${client_broker}", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "dafb8686-7e91-48f7-a6c3-bd8c5e04e71b", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "6a568d94-adba-4742-8f92-ddbdcdf004c8", - "clientId" : "codex-develop-realm", - "name" : "codex-develop Realm", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "3402734c-cb09-47ef-9991-9c27e2b0ae29", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : true, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : true, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "b2669be8-fee3-4bc5-8ed0-23ab3519b0ac", - "clientId" : "master-realm", - "name" : "master Realm", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "0fd20961-c58b-4f38-be05-575c5d036052", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : true, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : true, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "cde5b7a9-c7bc-46b6-86c9-817ebfedeac8", - "clientId" : "security-admin-console", - "name" : "${client_security-admin-console}", - "rootUrl" : "${authAdminUrl}", - "baseUrl" : "/admin/master/console/", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "ccc0d87b-ee45-4178-9c67-a8b0ad0942b0", - "redirectUris" : [ "/admin/master/console/*" ], - "webOrigins" : [ "+" ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "pkce.code.challenge.method" : "S256" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "protocolMappers" : [ { - "id" : "fb9e242f-dd44-4b94-b878-edc50e2f8001", - "name" : "locale", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "locale", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "locale", - "jsonType.label" : "String" - } - } ], - "defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - } ], - "clientScopes" : [ { - "id" : "869b0d5c-3eab-4f16-8136-84770359acdf", - "name" : "address", - "description" : "OpenID Connect built-in scope: address", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${addressScopeConsentText}" - }, - "protocolMappers" : [ { - "id" : "32be15df-b593-4b6c-9c23-f0c13d4f7455", - "name" : "address", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-address-mapper", - "consentRequired" : false, - "config" : { - "user.attribute.formatted" : "formatted", - "user.attribute.country" : "country", - "user.attribute.postal_code" : "postal_code", - "userinfo.token.claim" : "true", - "user.attribute.street" : "street", - "id.token.claim" : "true", - "user.attribute.region" : "region", - "access.token.claim" : "true", - "user.attribute.locality" : "locality" - } - } ] - }, { - "id" : "1e151647-be5d-4ab4-b0ac-3be57cc277b3", - "name" : "email", - "description" : "OpenID Connect built-in scope: email", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${emailScopeConsentText}" - }, - "protocolMappers" : [ { - "id" : "efb4dd45-22ba-47cd-b204-9e3759646267", - "name" : "email", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "email", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "email", - "jsonType.label" : "String" - } - }, { - "id" : "59d7366a-59bc-4893-a090-5b8d405a776e", - "name" : "email verified", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "emailVerified", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "email_verified", - "jsonType.label" : "boolean" - } - } ] - }, { - "id" : "32fea8d3-229e-44d2-8426-592e847f3d73", - "name" : "microprofile-jwt", - "description" : "Microprofile - JWT built-in scope", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "false" - }, - "protocolMappers" : [ { - "id" : "169877df-dda6-4cbe-b0fd-4f06c25085b9", - "name" : "groups", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-realm-role-mapper", - "consentRequired" : false, - "config" : { - "multivalued" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "foo", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "groups", - "jsonType.label" : "String" - } - }, { - "id" : "f1ac5d9b-b771-42c1-a479-d12862c3b128", - "name" : "upn", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "username", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "upn", - "jsonType.label" : "String" - } - } ] - }, { - "id" : "379e7ce2-086c-4d6c-bec9-688444ba5c07", - "name" : "offline_access", - "description" : "OpenID Connect built-in scope: offline_access", - "protocol" : "openid-connect", - "attributes" : { - "consent.screen.text" : "${offlineAccessScopeConsentText}", - "display.on.consent.screen" : "true" - } - }, { - "id" : "8ab53452-f5b9-4bb1-bf1a-9c3b11a96269", - "name" : "phone", - "description" : "OpenID Connect built-in scope: phone", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${phoneScopeConsentText}" - }, - "protocolMappers" : [ { - "id" : "cb0ed777-353b-402a-8e31-e52c918a8bc8", - "name" : "phone number", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "phoneNumber", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "phone_number", - "jsonType.label" : "String" - } - }, { - "id" : "bec1abba-4535-4408-8a56-033ec4452aa2", - "name" : "phone number verified", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "phoneNumberVerified", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "phone_number_verified", - "jsonType.label" : "boolean" - } - } ] - }, { - "id" : "7aa238ed-2ca8-4275-8c32-bd94eafa2b2a", - "name" : "profile", - "description" : "OpenID Connect built-in scope: profile", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${profileScopeConsentText}" - }, - "protocolMappers" : [ { - "id" : "3344a2f8-2303-4bfb-ad97-2cef92a89933", - "name" : "birthdate", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "birthdate", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "birthdate", - "jsonType.label" : "String" - } - }, { - "id" : "30eed4f5-1b54-44a5-a68d-b644b1d02202", - "name" : "locale", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "locale", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "locale", - "jsonType.label" : "String" - } - }, { - "id" : "53c8ff46-dbba-410f-929a-f1518123ee7f", - "name" : "gender", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "gender", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "gender", - "jsonType.label" : "String" - } - }, { - "id" : "4f5a90c0-2f1e-47e3-b7dd-34b9329de907", - "name" : "full name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-full-name-mapper", - "consentRequired" : false, - "config" : { - "id.token.claim" : "true", - "access.token.claim" : "true", - "userinfo.token.claim" : "true" - } - }, { - "id" : "b0db14b4-3a54-420f-8bb8-494ec7552a4c", - "name" : "username", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "username", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "preferred_username", - "jsonType.label" : "String" - } - }, { - "id" : "4124cc51-2cfc-4398-ac77-158c339420b4", - "name" : "middle name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "middleName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "middle_name", - "jsonType.label" : "String" - } - }, { - "id" : "2ab51ceb-ff7e-42d9-84b1-908e4bcfd45f", - "name" : "family name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "lastName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "family_name", - "jsonType.label" : "String" - } - }, { - "id" : "8fe9b2a5-b429-4db2-997c-1f12c065a345", - "name" : "profile", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "profile", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "profile", - "jsonType.label" : "String" - } - }, { - "id" : "f722b266-57bf-4888-bac8-b5d5d2ad75b6", - "name" : "nickname", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "nickname", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "nickname", - "jsonType.label" : "String" - } - }, { - "id" : "6e19faae-7367-416a-a8da-84eb03b0a1ac", - "name" : "zoneinfo", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "zoneinfo", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "zoneinfo", - "jsonType.label" : "String" - } - }, { - "id" : "06620d98-c97d-4f6c-8b7d-8110e638f4dc", - "name" : "website", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "website", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "website", - "jsonType.label" : "String" - } - }, { - "id" : "cb3c3343-c803-491f-86d8-7e69d0fa3a91", - "name" : "picture", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "picture", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "picture", - "jsonType.label" : "String" - } - }, { - "id" : "0de024c4-4adb-44bc-b6bf-6e0554e27024", - "name" : "updated at", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "updatedAt", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "updated_at", - "jsonType.label" : "String" - } - }, { - "id" : "bd80e04f-cc0c-43f6-9fab-0558bb5b8392", - "name" : "given name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "firstName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "given_name", - "jsonType.label" : "String" - } - } ] - }, { - "id" : "5ee8d4b5-939b-4f9c-9cde-c6c4095344c6", - "name" : "role_list", - "description" : "SAML role list", - "protocol" : "saml", - "attributes" : { - "consent.screen.text" : "${samlRoleListScopeConsentText}", - "display.on.consent.screen" : "true" - }, - "protocolMappers" : [ { - "id" : "57b9ac6b-2081-43cd-8321-50e18bf0c0ca", - "name" : "role list", - "protocol" : "saml", - "protocolMapper" : "saml-role-list-mapper", - "consentRequired" : false, - "config" : { - "single" : "false", - "attribute.nameformat" : "Basic", - "attribute.name" : "Role" - } - } ] - }, { - "id" : "0d3b7baf-7644-4440-b5b5-8e56b459f781", - "name" : "roles", - "description" : "OpenID Connect scope for add user roles to the access token", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "false", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${rolesScopeConsentText}" - }, - "protocolMappers" : [ { - "id" : "c33fbf1c-4d6a-4cac-a4c7-9eb08363d9ea", - "name" : "realm roles", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-realm-role-mapper", - "consentRequired" : false, - "config" : { - "user.attribute" : "foo", - "access.token.claim" : "true", - "claim.name" : "realm_access.roles", - "jsonType.label" : "String", - "multivalued" : "true" - } - }, { - "id" : "7471e9c6-3c19-4340-a9d7-06c7e9534ae6", - "name" : "client roles", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-client-role-mapper", - "consentRequired" : false, - "config" : { - "user.attribute" : "foo", - "access.token.claim" : "true", - "claim.name" : "resource_access.${client_id}.roles", - "jsonType.label" : "String", - "multivalued" : "true" - } - }, { - "id" : "97c5e4b1-7157-484e-8b03-8df750edd478", - "name" : "audience resolve", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-audience-resolve-mapper", - "consentRequired" : false, - "config" : { } - } ] - }, { - "id" : "0ae5cce3-3993-4db9-9dd6-d4aa91bdf48a", - "name" : "web-origins", - "description" : "OpenID Connect scope for add allowed web origins to the access token", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "false", - "display.on.consent.screen" : "false", - "consent.screen.text" : "" - }, - "protocolMappers" : [ { - "id" : "7e2df4cb-c17b-4a58-a3e2-0a77672b4b84", - "name" : "allowed web origins", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-allowed-origins-mapper", - "consentRequired" : false, - "config" : { } - } ] - } ], - "defaultDefaultClientScopes" : [ "web-origins", "roles", "email", "role_list", "profile" ], - "defaultOptionalClientScopes" : [ "microprofile-jwt", "offline_access", "address", "phone" ], - "browserSecurityHeaders" : { - "contentSecurityPolicyReportOnly" : "", - "xContentTypeOptions" : "nosniff", - "xRobotsTag" : "none", - "xFrameOptions" : "SAMEORIGIN", - "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - "xXSSProtection" : "1; mode=block", - "strictTransportSecurity" : "max-age=31536000; includeSubDomains" - }, - "smtpServer" : { }, - "eventsEnabled" : false, - "eventsListeners" : [ "jboss-logging" ], - "enabledEventTypes" : [ ], - "adminEventsEnabled" : false, - "adminEventsDetailsEnabled" : false, - "identityProviders" : [ ], - "identityProviderMappers" : [ ], - "components" : { - "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ { - "id" : "92088785-b126-470d-bb6a-faecdd1f539f", - "name" : "Allowed Client Scopes", - "providerId" : "allowed-client-templates", - "subType" : "authenticated", - "subComponents" : { }, - "config" : { - "allow-default-scopes" : [ "true" ] - } - }, { - "id" : "b03737b7-9cd5-41a3-9d1b-ffe240941ebf", - "name" : "Allowed Client Scopes", - "providerId" : "allowed-client-templates", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "allow-default-scopes" : [ "true" ] - } - }, { - "id" : "921585bd-0ec8-4abd-a5d1-6db9fa777738", - "name" : "Allowed Protocol Mapper Types", - "providerId" : "allowed-protocol-mappers", - "subType" : "authenticated", - "subComponents" : { }, - "config" : { - "allowed-protocol-mapper-types" : [ "saml-user-property-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-address-mapper", "oidc-usermodel-attribute-mapper", "saml-role-list-mapper", "saml-user-attribute-mapper", "oidc-full-name-mapper", "oidc-usermodel-property-mapper" ] - } - }, { - "id" : "b6963c0c-4df8-4062-9592-919e1b0dee36", - "name" : "Full Scope Disabled", - "providerId" : "scope", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { } - }, { - "id" : "9a4ebf6c-d75f-442d-8cc1-079f1f793053", - "name" : "Trusted Hosts", - "providerId" : "trusted-hosts", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "host-sending-registration-request-must-match" : [ "true" ], - "client-uris-must-match" : [ "true" ] - } - }, { - "id" : "9b384b7b-8713-4b7c-88ef-65cf0ed81d24", - "name" : "Consent Required", - "providerId" : "consent-required", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { } - }, { - "id" : "87541ef8-98ff-4249-8fcc-2f24ca8f546c", - "name" : "Allowed Protocol Mapper Types", - "providerId" : "allowed-protocol-mappers", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "allowed-protocol-mapper-types" : [ "saml-user-property-mapper", "saml-role-list-mapper", "oidc-usermodel-property-mapper", "saml-user-attribute-mapper", "oidc-address-mapper", "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-full-name-mapper" ] - } - }, { - "id" : "d27ddf88-67fe-4d41-86e7-bc10aeb50747", - "name" : "Max Clients Limit", - "providerId" : "max-clients", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "max-clients" : [ "200" ] - } - } ], - "org.keycloak.keys.KeyProvider" : [ { - "id" : "fff53bd2-9416-41b9-8554-7a73fa0fb524", - "name" : "fallback-RS256", - "providerId" : "rsa-generated", - "subComponents" : { }, - "config" : { - "privateKey" : [ "MIIEogIBAAKCAQEAvQAeJIbd9iQ+RSTRiyuCSYXfkQUwfKwr2VdWLH8hVjgbL+blwn1Di9qFE1sbL6Ak2GkFdXu7n53RduW5cphbjfHJsDz5G9f9ODrLq0mfcA2iXlz9e2Di9HzGi3R8/dIu06wI4Nbk5myJSWXlL2DcOuf5UNDpikY76eRkV3ywiV0p5wyl4kqh9yA/4g7a3i6ChY1Zac9HlWlnslV/0feJNXbTXYIz4FsaapwtDgzd9kYptva1hZPxzuBGwY7+4KsXfmeQ/k2pkUrQGzWnAWMdeQZQRq9M2omEoSXSDRpOubu3E6TGmKIpbUS5vwbiiZR1Pf6VjegTDIRg8B4E6VhynQIDAQABAoIBAEXTxk8ueNEYwNzg5n4pfABX8qpspWZaYfTxnIfiDFoDbp/7CcYaa5s/B82H6nplC1fdLUQji8VEFIB+DU72VVUTELYJQOv1l7tvlZHaKIrIrsV4S7qKqC817lDVn9xTDDPuKnWPT5CGZw50FAG2Ioes7uLZ3H7Wxgn69MuR6NNGssLRa57vv34ea1DkL6j4rNzn5KRDilIoq3b0Z1IOzC4anlQ06plu2dnQDr16O0HoEPCTt3key5vkpJ2VdS2AxruV8gSPqgqx++muH9DqphOeIzTyVIrckig6IlYvLL1Jt4DuSEV/5boclMx8lHLgdyjdYoEveX7OTTDaqfkafQ0CgYEA4LN06SAXpaB2/zAU/+pevNVh1y7CjftSkBq4GbG3S7b9b/9RWp9ITOlqbxKhvB0WNEc7ReHwMYM1VcKoOqMrmt+7pmN1bveOFH+W5NCBn2EpCBPS4n1YeqvhEP/gDnUVjlO2bECtIyR6cNNk5MzPrLL2KekPQFTYkNWDKN03jecCgYEA11OgYZs+tNiv0FhS2f/JfmOwTDZf5TJmzEMbil1hvjVwbarvuNhCnC+azyAmGCw7x+HDiMswlYrWduCJFU1z8FM3dfstVXZZhYKgJh/7A/P6WT2+zm8Rq0qDpVupd6zskN04VuYuW87Rl3Ro1cnTuO8hdq+/bjg/3/jbpCFPwtsCgYBWkMxZg6OYi1lMtplgfkpBNXOcEsehK1GDcse6Hl0fLkA1BYeyAes4tjPq1qK4dfw357lOEt0WNhY2E+f7ryD9aXRBhc+YEIcMHptjS3CklinYksqLtv5/Q/hRNEJ9T14eluGQktogz8zb6pTUEJNxVQDA5KibgBRut9Lvy0m7wQKBgD5mTaP7iUB/SvPlpJzoM0wdN4neeAvDf2bSS7jdNuYYNmyRjMbUZPk+Em7TsjZvGyPhmPibaYjsoxnwF8nEmESc2QWntIt/sJGwORjTS7rpiTMzYYgRR92LynqxBXtY8XVJpnoIWobgeHybj4Xk5yZApkHuzFr0kg4l4ADAZozhAoGAUyw3JtlTRAzoOTX5i2OowLLbkOsmv8ES/3m1w8zftzo0sVE7y7y3RqnxXwuiVW6CZVIuCToQzuWP5BesE2x/Oi8RIf1a6XDJTTjsyC/nZTwY5dZiMBqqkGfHSq3fqw6p2DYrDt+7A2WDGR5xs/gqGHiIth3rwq/EW9zwM/i8aGI=" ], - "certificate" : [ "MIICmzCCAYMCBgF21znt9TANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZtYXN0ZXIwHhcNMjEwMTA2MTAyMjQ2WhcNMzEwMTA2MTAyNDI2WjARMQ8wDQYDVQQDDAZtYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9AB4kht32JD5FJNGLK4JJhd+RBTB8rCvZV1YsfyFWOBsv5uXCfUOL2oUTWxsvoCTYaQV1e7ufndF25blymFuN8cmwPPkb1/04OsurSZ9wDaJeXP17YOL0fMaLdHz90i7TrAjg1uTmbIlJZeUvYNw65/lQ0OmKRjvp5GRXfLCJXSnnDKXiSqH3ID/iDtreLoKFjVlpz0eVaWeyVX/R94k1dtNdgjPgWxpqnC0ODN32Rim29rWFk/HO4EbBjv7gqxd+Z5D+TamRStAbNacBYx15BlBGr0zaiYShJdINGk65u7cTpMaYoiltRLm/BuKJlHU9/pWN6BMMhGDwHgTpWHKdAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAHVSjqgGibvldmR9sk8cHwke+ogaNc9u+gmtNs53zqsBvmpAiGiG1Tfz+zT0m4UoJz5jyL1U2A2/hNu/NFH78g1MRVD9wrfF6LVbOKV0x06JdCHKy5FJh6qxT5/VNWvX6KVV9cpUQeubiW/bBqoYg8IH64ol6ZYbvTlO6h2OGodTwjsbRQd58w9ugCu/umpbfqswsg6dKMSG4BE4Wpzb1lS+9whlXbivhNgytWcMtws2zNeqtk651lZyiWo2sUNi6VcCo0iLLtQnN49cDOdwvZQAE904Ve5/T2qZyQ4hdnSeNhjbYeVjTOMu6MwyrtlQ2Zj5EO3aSXCcHG6prFs41I4=" ], - "priority" : [ "-100" ], - "algorithm" : [ "RS256" ] - } - }, { - "id" : "49060930-4cd3-491b-9c08-028feff287a0", - "name" : "fallback-HS256", - "providerId" : "hmac-generated", - "subComponents" : { }, - "config" : { - "kid" : [ "57fc63a5-d19b-48f3-b797-f4214b00d3b7" ], - "secret" : [ "jezb81MS6K8oZGlTDQWtKzfRlj0leCBsNW8yUf3DdV2MbWLra8BX3FrdTmJhWPw2--nujBwHaORRnni9MD6Mpw" ], - "priority" : [ "-100" ], - "algorithm" : [ "HS256" ] - } - } ] - }, - "internationalizationEnabled" : false, - "supportedLocales" : [ ], - "authenticationFlows" : [ { - "id" : "be1ea611-b828-49b0-b256-e243683b954e", - "alias" : "Account verification options", - "description" : "Method with which to verity the existing account", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "idp-email-verification", - "requirement" : "ALTERNATIVE", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "requirement" : "ALTERNATIVE", - "priority" : 20, - "flowAlias" : "Verify Existing Account by Re-authentication", - "userSetupAllowed" : false, - "autheticatorFlow" : true - } ] - }, { - "id" : "2da72c18-1859-4970-bc3f-dba1f8f41541", - "alias" : "Authentication Options", - "description" : "Authentication options.", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "basic-auth", - "requirement" : "REQUIRED", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "basic-auth-otp", - "requirement" : "DISABLED", - "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "auth-spnego", - "requirement" : "DISABLED", - "priority" : 30, - "userSetupAllowed" : false, - "autheticatorFlow" : false - } ] - }, { - "id" : "6a419f20-016e-4b96-8767-d3728e476775", - "alias" : "Browser - Conditional OTP", - "description" : "Flow to determine if the OTP is required for the authentication", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "requirement" : "REQUIRED", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "auth-otp-form", - "requirement" : "REQUIRED", - "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false - } ] - }, { - "id" : "477f94e2-c2f1-4c52-b021-a89fca240ec1", - "alias" : "Direct Grant - Conditional OTP", - "description" : "Flow to determine if the OTP is required for the authentication", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "requirement" : "REQUIRED", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "direct-grant-validate-otp", - "requirement" : "REQUIRED", - "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false - } ] - }, { - "id" : "62d5b413-9d70-40e9-812c-f7f981459ea5", - "alias" : "First broker login - Conditional OTP", - "description" : "Flow to determine if the OTP is required for the authentication", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "requirement" : "REQUIRED", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "auth-otp-form", - "requirement" : "REQUIRED", - "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false - } ] - }, { - "id" : "929bfa4f-aced-45dc-9a30-8254e8e51717", - "alias" : "Handle Existing Account", - "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "idp-confirm-link", - "requirement" : "REQUIRED", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "requirement" : "REQUIRED", - "priority" : 20, - "flowAlias" : "Account verification options", - "userSetupAllowed" : false, - "autheticatorFlow" : true - } ] - }, { - "id" : "57c97d78-8826-4e41-afe0-40ccc38005af", - "alias" : "Reset - Conditional OTP", - "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "requirement" : "REQUIRED", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "reset-otp", - "requirement" : "REQUIRED", - "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false - } ] - }, { - "id" : "b1e5580d-b8a9-4589-94a2-f0b43ce1f384", - "alias" : "User creation or linking", - "description" : "Flow for the existing/non-existing user alternatives", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticatorConfig" : "create unique user config", - "authenticator" : "idp-create-user-if-unique", - "requirement" : "ALTERNATIVE", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "requirement" : "ALTERNATIVE", - "priority" : 20, - "flowAlias" : "Handle Existing Account", - "userSetupAllowed" : false, - "autheticatorFlow" : true - } ] - }, { - "id" : "d36424c9-bcfd-4969-84a4-82eeaf792e9c", - "alias" : "Verify Existing Account by Re-authentication", - "description" : "Reauthentication of existing account", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "idp-username-password-form", - "requirement" : "REQUIRED", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "requirement" : "CONDITIONAL", - "priority" : 20, - "flowAlias" : "First broker login - Conditional OTP", - "userSetupAllowed" : false, - "autheticatorFlow" : true - } ] - }, { - "id" : "2d7cb2bf-f7c2-4b22-8dc2-c57e13d6467b", - "alias" : "browser", - "description" : "browser based authentication", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "auth-cookie", - "requirement" : "ALTERNATIVE", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "auth-spnego", - "requirement" : "DISABLED", - "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "identity-provider-redirector", - "requirement" : "ALTERNATIVE", - "priority" : 25, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "requirement" : "ALTERNATIVE", - "priority" : 30, - "flowAlias" : "forms", - "userSetupAllowed" : false, - "autheticatorFlow" : true - } ] - }, { - "id" : "890275cd-ea96-4780-896f-82fc06d52624", - "alias" : "clients", - "description" : "Base authentication for clients", - "providerId" : "client-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "client-secret", - "requirement" : "ALTERNATIVE", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "client-jwt", - "requirement" : "ALTERNATIVE", - "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "client-secret-jwt", - "requirement" : "ALTERNATIVE", - "priority" : 30, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "client-x509", - "requirement" : "ALTERNATIVE", - "priority" : 40, - "userSetupAllowed" : false, - "autheticatorFlow" : false - } ] - }, { - "id" : "796d828d-6ef8-4650-8f32-4f7976719924", - "alias" : "direct grant", - "description" : "OpenID Connect Resource Owner Grant", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "direct-grant-validate-username", - "requirement" : "REQUIRED", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "direct-grant-validate-password", - "requirement" : "REQUIRED", - "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "requirement" : "CONDITIONAL", - "priority" : 30, - "flowAlias" : "Direct Grant - Conditional OTP", - "userSetupAllowed" : false, - "autheticatorFlow" : true - } ] - }, { - "id" : "52ff3e0f-a5e3-4d2b-abca-f98411be138f", - "alias" : "docker auth", - "description" : "Used by Docker clients to authenticate against the IDP", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "docker-http-basic-authenticator", - "requirement" : "REQUIRED", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - } ] - }, { - "id" : "68cc3970-00a0-4af0-a82d-c54669517a36", - "alias" : "first broker login", - "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticatorConfig" : "review profile config", - "authenticator" : "idp-review-profile", - "requirement" : "REQUIRED", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "requirement" : "REQUIRED", - "priority" : 20, - "flowAlias" : "User creation or linking", - "userSetupAllowed" : false, - "autheticatorFlow" : true - } ] - }, { - "id" : "662eba9d-e1fb-4b04-bf73-28e4dac125b2", - "alias" : "forms", - "description" : "Username, password, otp and other auth forms.", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "auth-username-password-form", - "requirement" : "REQUIRED", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "requirement" : "CONDITIONAL", - "priority" : 20, - "flowAlias" : "Browser - Conditional OTP", - "userSetupAllowed" : false, - "autheticatorFlow" : true - } ] - }, { - "id" : "8187ab7c-4516-4f37-9012-d2daa6fc177b", - "alias" : "http challenge", - "description" : "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "no-cookie-redirect", - "requirement" : "REQUIRED", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "requirement" : "REQUIRED", - "priority" : 20, - "flowAlias" : "Authentication Options", - "userSetupAllowed" : false, - "autheticatorFlow" : true - } ] - }, { - "id" : "633e10ad-13d2-4cc5-94b5-c140c4b3564f", - "alias" : "registration", - "description" : "registration flow", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "registration-page-form", - "requirement" : "REQUIRED", - "priority" : 10, - "flowAlias" : "registration form", - "userSetupAllowed" : false, - "autheticatorFlow" : true - } ] - }, { - "id" : "edffc1f4-d9d5-4d71-85cc-384d48caee3f", - "alias" : "registration form", - "description" : "registration form", - "providerId" : "form-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "registration-user-creation", - "requirement" : "REQUIRED", - "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "registration-profile-action", - "requirement" : "REQUIRED", - "priority" : 40, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "registration-password-action", - "requirement" : "REQUIRED", - "priority" : 50, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "registration-recaptcha-action", - "requirement" : "DISABLED", - "priority" : 60, - "userSetupAllowed" : false, - "autheticatorFlow" : false - } ] - }, { - "id" : "f5a8a121-0fb9-42bb-af42-447ec67e3dc4", - "alias" : "reset credentials", - "description" : "Reset credentials for a user if they forgot their password or something", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "reset-credentials-choose-user", - "requirement" : "REQUIRED", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "reset-credential-email", - "requirement" : "REQUIRED", - "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "reset-password", - "requirement" : "REQUIRED", - "priority" : 30, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "requirement" : "CONDITIONAL", - "priority" : 40, - "flowAlias" : "Reset - Conditional OTP", - "userSetupAllowed" : false, - "autheticatorFlow" : true - } ] - }, { - "id" : "f33eb50f-d0f0-408a-897c-d698ac51351f", - "alias" : "saml ecp", - "description" : "SAML ECP Profile Authentication Flow", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "http-basic-authenticator", - "requirement" : "REQUIRED", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - } ] - } ], - "authenticatorConfig" : [ { - "id" : "87a51372-d7a7-4a69-b02a-b8b6b2eb5ac4", - "alias" : "create unique user config", - "config" : { - "require.password.update.after.registration" : "false" - } - }, { - "id" : "5268f200-6ee5-42c9-9671-6e1f22148231", - "alias" : "review profile config", - "config" : { - "update.profile.on.first.login" : "missing" - } - } ], - "requiredActions" : [ { - "alias" : "CONFIGURE_TOTP", - "name" : "Configure OTP", - "providerId" : "CONFIGURE_TOTP", - "enabled" : true, - "defaultAction" : false, - "priority" : 10, - "config" : { } - }, { - "alias" : "terms_and_conditions", - "name" : "Terms and Conditions", - "providerId" : "terms_and_conditions", - "enabled" : false, - "defaultAction" : false, - "priority" : 20, - "config" : { } - }, { - "alias" : "UPDATE_PASSWORD", - "name" : "Update Password", - "providerId" : "UPDATE_PASSWORD", - "enabled" : true, - "defaultAction" : false, - "priority" : 30, - "config" : { } - }, { - "alias" : "UPDATE_PROFILE", - "name" : "Update Profile", - "providerId" : "UPDATE_PROFILE", - "enabled" : true, - "defaultAction" : false, - "priority" : 40, - "config" : { } - }, { - "alias" : "VERIFY_EMAIL", - "name" : "Verify Email", - "providerId" : "VERIFY_EMAIL", - "enabled" : true, - "defaultAction" : false, - "priority" : 50, - "config" : { } - }, { - "alias" : "delete_account", - "name" : "Delete Account", - "providerId" : "delete_account", - "enabled" : false, - "defaultAction" : false, - "priority" : 60, - "config" : { } - }, { - "alias" : "update_user_locale", - "name" : "Update User Locale", - "providerId" : "update_user_locale", - "enabled" : true, - "defaultAction" : false, - "priority" : 1000, - "config" : { } - } ], - "browserFlow" : "browser", - "registrationFlow" : "registration", - "directGrantFlow" : "direct grant", - "resetCredentialsFlow" : "reset credentials", - "clientAuthenticationFlow" : "clients", - "dockerAuthenticationFlow" : "docker auth", - "attributes" : { - "clientOfflineSessionMaxLifespan" : "0", - "clientSessionIdleTimeout" : "0", - "clientSessionMaxLifespan" : "0", - "clientOfflineSessionIdleTimeout" : "0" - }, - "keycloakVersion" : "12.0.1", - "userManagedAccessAllowed" : false -} ] \ No newline at end of file diff --git a/zars/ontology/ui_profiles/.gitkeep b/zars/ontology/ui_profiles/.gitkeep deleted file mode 100644 index e69de29..0000000 diff --git a/zars/start-feasibility-local.sh b/zars/start-feasibility-local.sh deleted file mode 100755 index dd8f02a..0000000 --- a/zars/start-feasibility-local.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/usr/bin/env sh - -COMPOSE_PROJECT=abide-deploy - -export FEASIBILITY_KEYCLOAK_ADMIN_PW=${FEASIBILITY_KEYCLOAK_ADMIN_PW:-admin} -FEASIBILITY_BASE_URL=${FEASIBILITY_BASE_URL:-https://localhost} -export CODEX_FEASIBILITY_BACKEND_FLARE_WEBSERVICE_BASE_URL=http://node-flare:8080 -export CODEX_FEASIBILITY_BACKEND_DIRECT_ENABLED=true -export CODEX_FEASIBILITY_BACKEND_API_BASE_URL=$FEASIBILITY_BASE_URL/api/ -export FEASIBILITY_KEYCLOAK_BASE_URL=$FEASIBILITY_BASE_URL/auth -AKTIN_ENABLED=${AKTIN_ENABLED:-false} - - -BASE_DIR="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - - -if [ $AKTIN_ENABLED = true ]; then - printf "Starting aktin broker for localhost ... \n" - docker-compose -p $COMPOSE_PROJECT -f $BASE_DIR/aktin-broker/docker-compose.yml up -d - export CODEX_FEASIBILITY_BACKEND_DIRECT_ENABLED=false - export CODEX_FEASIBILITY_BACKEND_AKTIN_ENABLED=true - printf "Sleeping 20 seconds to allow aktin to start up before backend ... \n" - sleep 20 -fi - -docker-compose -p $COMPOSE_PROJECT -f $BASE_DIR/keycloak/docker-compose.yml up -d -docker-compose -p $COMPOSE_PROJECT -f $BASE_DIR/backend/docker-compose.yml up -d -docker-compose -p $COMPOSE_PROJECT -f $BASE_DIR/gui/docker-compose.yml up -d - - - diff --git a/zars/start-zars.sh b/zars/start-zars.sh deleted file mode 100755 index 4e0124d..0000000 --- a/zars/start-zars.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/usr/bin/env sh - -COMPOSE_PROJECT=abide-deploy - -BASE_DIR="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -docker-compose -p $COMPOSE_PROJECT -f $BASE_DIR/keycloak/docker-compose.yml up -d -docker-compose -p $COMPOSE_PROJECT -f $BASE_DIR/backend/docker-compose.yml up -d -docker-compose -p $COMPOSE_PROJECT -f $BASE_DIR/gui/docker-compose.yml up -d -docker-compose -p $COMPOSE_PROJECT -f $BASE_DIR/aktin-broker/docker-compose.yml up -d -sh $BASE_DIR/dsf-broker/start.sh $COMPOSE_PROJECT diff --git a/zars/stop-zars.sh b/zars/stop-zars.sh deleted file mode 100755 index fd1db94..0000000 --- a/zars/stop-zars.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/usr/bin/env sh - -COMPOSE_PROJECT=abide-deploy - -BASE_DIR="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -docker-compose -p $COMPOSE_PROJECT -f $BASE_DIR/keycloak/docker-compose.yml stop -docker-compose -p $COMPOSE_PROJECT -f $BASE_DIR/backend/docker-compose.yml stop -docker-compose -p $COMPOSE_PROJECT -f $BASE_DIR/gui/docker-compose.yml stop -docker-compose -p $COMPOSE_PROJECT -f $BASE_DIR/aktin-broker/docker-compose.yml stop -sh $BASE_DIR/dsf-broker/stop.sh $COMPOSE_PROJECT