commit 260209092ae820e1759f0ad2400052af76d2042d Author: Nicolas MASSE Date: Thu Feb 4 16:15:38 2021 +0100 Work in progress diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..3d02ad3 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,6 @@ +[submodule "keycloak-loadtesting-k6"] + path = k6 + url = git@github.com:nmasse-itix/keycloak-loadtesting-k6.git +[submodule "keycloak-loadtesting-setup"] + path = setup + url = git@github.com:nmasse-itix/keycloak-loadtesting-setup.git diff --git a/k6 b/k6 new file mode 160000 index 0000000..2475c66 --- /dev/null +++ b/k6 @@ -0,0 +1 @@ +Subproject commit 2475c668116b2591fd9c88fb6caa5c9d77c66e18 diff --git a/realm-templates/baseline.template b/realm-templates/baseline.template new file mode 100644 index 0000000..0b2e103 --- /dev/null +++ b/realm-templates/baseline.template @@ -0,0 +1,88 @@ +{ + "id": "realm_{{ .ID }}", + "realm": "realm_{{ .ID }}", + "displayName": "realm_{{ .ID }}", + "notBefore": 0, + "revokeRefreshToken": false, + "refreshTokenMaxReuse": 0, + "accessTokenLifespan": 1800, + "accessTokenLifespanForImplicitFlow": 900, + "ssoSessionIdleTimeout": 3600, + "ssoSessionMaxLifespan": 36000, + "offlineSessionIdleTimeout": 2592000, + "accessCodeLifespan": 60, + "accessCodeLifespanUserAction": 300, + "accessCodeLifespanLogin": 1800, + "actionTokenGeneratedByAdminLifespan": 43200, + "actionTokenGeneratedByUserLifespan": 300, + "enabled": true, + "sslRequired": "external", + "registrationAllowed": false, + "registrationEmailAsUsername": false, + "rememberMe": false, + "verifyEmail": false, + "loginWithEmailAllowed": true, + "duplicateEmailsAllowed": false, + "resetPasswordAllowed": false, + "editUsernameAllowed": false, + "bruteForceProtected": false, + "permanentLockout": false, + "maxFailureWaitSeconds": 900, + "minimumQuickLoginWaitSeconds": 60, + "waitIncrementSeconds": 60, + "quickLoginCheckMilliSeconds": 1000, + "maxDeltaTimeSeconds": 43200, + "failureFactor": 30, + "users": [ +{{- range $count, $user := .Users }} +{{- if gt $count 0 }},{{ end }} + { + "username": "user_{{ $user.ID }}", + "firstName": "User", + "lastName": "{{ $user.ID }}", + "email": "user_{{ $user.ID }}@nowhere.test", + "emailVerified": true, + "enabled": true, + "credentials": [ + { + "type": "password", + "value": "user_{{ $user.ID }}" + } + ], + "requiredActions": [], + "realmRoles": [], + "applicationRoles": {} + } +{{- end }} + ], + "roles": { + "realm": [], + "client": {} + }, + "defaultRoles": [ + "offline_access" + ], + "requiredCredentials": [ "password" ], + "scopeMappings": [], + "clientScopeMappings": {}, + "clients": [ +{{- range $count, $client := .Clients }} +{{- if gt $count 0 }},{{ end }} + { + "clientId": "app_{{ $client.ID }}", + "name": "app_{{ $client.ID }}", + "enabled": true, + "publicClient": false, + "redirectUris": [ + "http://dummy/url" + ], + "fullScopeAllowed": false, + "standardFlowEnabled": true, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": true, + "clientAuthenticatorType": "client-secret", + "secret": "{{ $client.Secret }}" + } +{{- end }} + ] +} diff --git a/realm-templates/ldap.template b/realm-templates/ldap.template new file mode 100644 index 0000000..6f56083 --- /dev/null +++ b/realm-templates/ldap.template @@ -0,0 +1,298 @@ +{ + "id": "realm_{{ .ID }}", + "realm": "realm_{{ .ID }}", + "displayName": "realm_{{ .ID }}", + "notBefore": 0, + "revokeRefreshToken": false, + "refreshTokenMaxReuse": 0, + "accessTokenLifespan": 1800, + "accessTokenLifespanForImplicitFlow": 900, + "ssoSessionIdleTimeout": 3600, + "ssoSessionMaxLifespan": 36000, + "offlineSessionIdleTimeout": 2592000, + "accessCodeLifespan": 60, + "accessCodeLifespanUserAction": 300, + "accessCodeLifespanLogin": 1800, + "actionTokenGeneratedByAdminLifespan": 43200, + "actionTokenGeneratedByUserLifespan": 300, + "enabled": true, + "sslRequired": "external", + "registrationAllowed": false, + "registrationEmailAsUsername": false, + "rememberMe": false, + "verifyEmail": false, + "loginWithEmailAllowed": true, + "duplicateEmailsAllowed": false, + "resetPasswordAllowed": false, + "editUsernameAllowed": false, + "bruteForceProtected": false, + "permanentLockout": false, + "maxFailureWaitSeconds": 900, + "minimumQuickLoginWaitSeconds": 60, + "waitIncrementSeconds": 60, + "quickLoginCheckMilliSeconds": 1000, + "maxDeltaTimeSeconds": 43200, + "failureFactor": 30, + "users": [], + "roles": { + "realm": [], + "client": {} + }, + "defaultRoles": [], + "requiredCredentials": [ "password" ], + "scopeMappings": [], + "clientScopeMappings": {}, + "clients": [ +{{- range $count, $client := .Clients }} +{{- if gt $count 0 }},{{ end }} + { + "clientId": "app_{{ $client.ID }}", + "name": "app_{{ $client.ID }}", + "enabled": true, + "publicClient": false, + "redirectUris": [ + "http://dummy/url" + ], + "fullScopeAllowed": false, + "standardFlowEnabled": true, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": true, + "clientAuthenticatorType": "client-secret", + "secret": "{{ $client.Secret }}" + } +{{- end }} + ], + "components": { + "org.keycloak.storage.UserStorageProvider": [ + { + "name": "ldap", + "providerId": "ldap", + "subComponents": { + "org.keycloak.storage.ldap.mappers.LDAPStorageMapper": [ + { + "name": "modify date", + "providerId": "user-attribute-ldap-mapper", + "subComponents": {}, + "config": { + "ldap.attribute": [ + "modifyTimestamp" + ], + "is.mandatory.in.ldap": [ + "false" + ], + "always.read.value.from.ldap": [ + "true" + ], + "read.only": [ + "true" + ], + "user.model.attribute": [ + "modifyTimestamp" + ] + } + }, + { + "name": "username", + "providerId": "user-attribute-ldap-mapper", + "subComponents": {}, + "config": { + "ldap.attribute": [ + "uid" + ], + "is.mandatory.in.ldap": [ + "true" + ], + "read.only": [ + "true" + ], + "always.read.value.from.ldap": [ + "false" + ], + "user.model.attribute": [ + "username" + ] + } + }, + { + "name": "first name", + "providerId": "user-attribute-ldap-mapper", + "subComponents": {}, + "config": { + "ldap.attribute": [ + "cn" + ], + "is.mandatory.in.ldap": [ + "true" + ], + "read.only": [ + "true" + ], + "always.read.value.from.ldap": [ + "true" + ], + "user.model.attribute": [ + "firstName" + ] + } + }, + { + "name": "email", + "providerId": "user-attribute-ldap-mapper", + "subComponents": {}, + "config": { + "ldap.attribute": [ + "mail" + ], + "is.mandatory.in.ldap": [ + "false" + ], + "always.read.value.from.ldap": [ + "false" + ], + "read.only": [ + "true" + ], + "user.model.attribute": [ + "email" + ] + } + }, + { + "name": "last name", + "providerId": "user-attribute-ldap-mapper", + "subComponents": {}, + "config": { + "ldap.attribute": [ + "sn" + ], + "is.mandatory.in.ldap": [ + "true" + ], + "always.read.value.from.ldap": [ + "true" + ], + "read.only": [ + "true" + ], + "user.model.attribute": [ + "lastName" + ] + } + }, + { + "name": "creation date", + "providerId": "user-attribute-ldap-mapper", + "subComponents": {}, + "config": { + "ldap.attribute": [ + "createTimestamp" + ], + "is.mandatory.in.ldap": [ + "false" + ], + "always.read.value.from.ldap": [ + "true" + ], + "read.only": [ + "true" + ], + "user.model.attribute": [ + "createTimestamp" + ] + } + } + ] + }, + "config": { + "pagination": [ + "true" + ], + "fullSyncPeriod": [ + "-1" + ], + "usersDn": [ + "ou=users,dc=keycloak,dc=org" + ], + "connectionPooling": [ + "true" + ], + "cachePolicy": [ + "DEFAULT" + ], + "useKerberosForPasswordAuthentication": [ + "false" + ], + "importEnabled": [ + "true" + ], + "enabled": [ + "true" + ], + "bindCredential": [ + "keycloak" + ], + "bindDn": [ + "cn=admin,dc=keycloak,dc=org" + ], + "changedSyncPeriod": [ + "-1" + ], + "usernameLDAPAttribute": [ + "uid" + ], + "lastSync": [ + "1611161804" + ], + "vendor": [ + "other" + ], + "uuidLDAPAttribute": [ + "entryUUID" + ], + "connectionUrl": [ + "ldap://openldap.dns.podman:389/" + ], + "allowKerberosAuthentication": [ + "false" + ], + "syncRegistrations": [ + "false" + ], + "authType": [ + "simple" + ], + "debug": [ + "false" + ], + "searchScope": [ + "1" + ], + "useTruststoreSpi": [ + "ldapsOnly" + ], + "priority": [ + "0" + ], + "trustEmail": [ + "true" + ], + "userObjectClasses": [ + "inetOrgPerson, organizationalPerson" + ], + "rdnLDAPAttribute": [ + "uid" + ], + "editMode": [ + "READ_ONLY" + ], + "validatePasswordPolicy": [ + "false" + ], + "batchSizeForSync": [ + "1000" + ] + } + } + ] + } +} \ No newline at end of file diff --git a/realm-templates/pbkdf-1it.template b/realm-templates/pbkdf-1it.template new file mode 100644 index 0000000..0704947 --- /dev/null +++ b/realm-templates/pbkdf-1it.template @@ -0,0 +1,89 @@ +{ + "id": "realm_{{ .ID }}", + "realm": "realm_{{ .ID }}", + "displayName": "realm_{{ .ID }}", + "notBefore": 0, + "revokeRefreshToken": false, + "refreshTokenMaxReuse": 0, + "accessTokenLifespan": 1800, + "accessTokenLifespanForImplicitFlow": 900, + "ssoSessionIdleTimeout": 3600, + "ssoSessionMaxLifespan": 36000, + "offlineSessionIdleTimeout": 2592000, + "accessCodeLifespan": 60, + "accessCodeLifespanUserAction": 300, + "accessCodeLifespanLogin": 1800, + "actionTokenGeneratedByAdminLifespan": 43200, + "actionTokenGeneratedByUserLifespan": 300, + "enabled": true, + "sslRequired": "external", + "registrationAllowed": false, + "registrationEmailAsUsername": false, + "rememberMe": false, + "verifyEmail": false, + "loginWithEmailAllowed": true, + "duplicateEmailsAllowed": false, + "resetPasswordAllowed": false, + "editUsernameAllowed": false, + "bruteForceProtected": false, + "permanentLockout": false, + "maxFailureWaitSeconds": 900, + "minimumQuickLoginWaitSeconds": 60, + "waitIncrementSeconds": 60, + "quickLoginCheckMilliSeconds": 1000, + "maxDeltaTimeSeconds": 43200, + "failureFactor": 30, + "passwordPolicy": "hashIterations(1)", + "users": [ +{{- range $count, $user := .Users }} +{{- if gt $count 0 }},{{ end }} + { + "username": "user_{{ $user.ID }}", + "firstName": "User", + "lastName": "{{ $user.ID }}", + "email": "user_{{ $user.ID }}@nowhere.test", + "emailVerified": true, + "enabled": true, + "credentials": [ + { + "type": "password", + "value": "user_{{ $user.ID }}" + } + ], + "requiredActions": [], + "realmRoles": [], + "applicationRoles": {} + } +{{- end }} + ], + "roles": { + "realm": [], + "client": {} + }, + "defaultRoles": [ + "offline_access" + ], + "requiredCredentials": [ "password" ], + "scopeMappings": [], + "clientScopeMappings": {}, + "clients": [ +{{- range $count, $client := .Clients }} +{{- if gt $count 0 }},{{ end }} + { + "clientId": "app_{{ $client.ID }}", + "name": "app_{{ $client.ID }}", + "enabled": true, + "publicClient": false, + "redirectUris": [ + "http://dummy/url" + ], + "fullScopeAllowed": false, + "standardFlowEnabled": true, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": true, + "clientAuthenticatorType": "client-secret", + "secret": "{{ $client.Secret }}" + } +{{- end }} + ] +} diff --git a/setup b/setup new file mode 160000 index 0000000..7df1c9d --- /dev/null +++ b/setup @@ -0,0 +1 @@ +Subproject commit 7df1c9d24534fa682eddcc728cadcc8edc3c30a8