diff --git a/docker/keycloak/README.md b/docker/keycloak/README.md index e769d2ae17..553a70ec98 100644 --- a/docker/keycloak/README.md +++ b/docker/keycloak/README.md @@ -43,13 +43,15 @@ VCR.py). The primary reason this setup exists, is for automated testing reasons. - `testuser` / `testuser`, has the `bsn`, `kvk`, `name_qualifier`, `legalSubjectID` and `actingSubjectID` attributes (authentication plugins: DigiD, eHerkenning) -- `digid-machtigen` / `digid-machtigen`, has the `aanvrager.bsn`, `gemachtigde.bsn` and - `service_id` attributes (for DigiD machtigen) -- `eherkenning-bewindvoering` / `eherkenning-bewindvoering`, has the `legalSubjectID` - (kvk), `actingSubjectID` (pseudo ID), `representeeBSN`, `service_id`, `service_uuid`, - and `name_qualifier` attributes (for eHerkenning bewindvoering) -- `admin` / `admin`, intended to create as django user (can be made staff). The email - address is `admin@example.com`. +- `digid-machtigen` / `digid-machtigen`, has the `aanvrager.bsn`, `gemachtigde.bsn` and `service_id` + attributes (for DigiD machtigen) +- `eherkenning-bewindvoering` / `eherkenning-bewindvoering`, has the `legalSubjectID` (kvk), + `actingSubjectID` (pseudo ID), `representeeBSN`, `service_id`, `service_uuid`, and + `name_qualifier` attributes (for eHerkenning bewindvoering) +- `eherkenning-vestiging` / `eherkenning-vestiging`, has the `legalSubjectID` (kvk), + `actingSubjectID` (pseudo ID) and `vestiging` attributes +- `admin` / `admin`, intended to create as django user (can be made staff). The email address is + `admin@example.com`. ## Exporting the Realm diff --git a/docker/keycloak/import/test-realm.json b/docker/keycloak/import/test-realm.json index d7ee99e1ad..279efcdce7 100644 --- a/docker/keycloak/import/test-realm.json +++ b/docker/keycloak/import/test-realm.json @@ -460,6 +460,32 @@ "realmRoles" : [ "default-roles-test" ], "notBefore" : 0, "groups" : [ ] + }, { + "id" : "44be45f6-a7ae-42c2-9486-30f078cf5b39", + "createdTimestamp" : 1719999585061, + "username" : "eherkenning-vestiging", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "attributes" : { + "name_qualifier" : [ "urn:etoegang:1.9:EntityConcernedID:KvKnr" ], + "vestiging" : [ "123456789012" ], + "legalSubjectID" : [ "12345678" ], + "actingSubjectID" : [ "4B75A0EA107B3D36" ] + }, + "credentials" : [ { + "id" : "5e4a5b82-f5b1-48b6-9335-e25d3b417cef", + "type" : "password", + "userLabel" : "My password", + "createdDate" : 1719999593682, + "secretData" : "{\"value\":\"etDGywOL01Nr9RD1tG2x95/A37HEsf0zk2Kol8GNIJ0=\",\"salt\":\"pnnxOICMkQRoCM/ywGSOww==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-test" ], + "notBefore" : 0, + "groups" : [ ] }, { "id" : "a28aac19-6ac5-4ce5-bbe3-b6c24051914a", "createdTimestamp" : 1707141299906, @@ -1346,6 +1372,21 @@ "claim.name" : "service_id", "jsonType.label" : "String" } + }, { + "id" : "5ba6ed6e-e6c5-4c74-9049-185c875df8ad", + "name" : "vestiging", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "vestiging", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "vestiging", + "jsonType.label" : "String" + } }, { "id" : "e12f9cee-121e-4b29-be63-0eda4cc0e8ba", "name" : "legalSubjectID",