svg

dicos/90_envole.xml

@@ -0,0 +1,301 @@
+<?xml version="1.0" encoding="utf-8"?>
+<creole>
+    <containers>
+        <container name='web'>
+            <file filelist='envole' name='/etc/apache2/sites-available/envole' source='envole-apache.conf' rm="True"/>
+			<file filelist='envole' name='/usr/share/envole/docker/.env.local' source='ninegate-env.local' rm='True'/>
+
+            <service method='apache' servicelist='envole'>envole</service>
+        </container>
+    </containers>
+
+    <variables>
+        <family name='applications web'>
+            <!-- MASTERIDENTITY -->
+            <variable type='string'  name='envole_masteridentity' mandatory='True' description="Maître de l'identité"><value>LDAP</value></variable>
+
+            <!-- AUTHENTIFICATION -->
+            <variable type='string'  name='envole_modeauth' description="Mode Authentification" mandatory='True'><value>CAS</value></variable>
+            <variable type='oui/non' name='cas_local' description="Serveur CAS local" mandatory='True'><value>non</value></variable>
+            <variable type='string'  name='cas_host' description="Host CAS" mandatory='True'></variable>
+            <variable type='string'  name='cas_port' description="Port CAS" mandatory='True'><value>443</value></variable>
+            <variable type='string'  name='cas_path' description="Path CAS" mandatory='True'><value>/sso</value></variable>
+            <variable type='string'  name='cas_username' description="Attribut CAS identifiant unique de l'utilisateur" mandatory='True'><value>username</value></variable>
+            <variable type='string'  name='cas_lastname' description="Attribut CAS nom de l'utilisateur" mandatory='True'><value>lastname</value></variable>
+            <variable type='string'  name='cas_firstname' description="Attribut CAS prénom de l'utilisateur" mandatory='True'><value>firstname</value></variable>
+            <variable type='string'  name='cas_email' description="Attribut CAS mail de l'utilisateur" mandatory='True'><value>email</value></variable>
+            <variable type='oui/non' name='ninegate_ssosynchrogroup' description="Générer automatiquement les groupes en fonction d'un attribut SSO"><value>oui</value></variable>
+            <variable type='string'  name='ninegate_ssoreqgroup' description="Attribut SSO associé à la notion de groupe" mandatory='True'><value>user_groups</value></variable>
+            <variable type='oui/non' name='ninegate_ssosynchroitem' description="Associer automatiquement les items en fonction d'un attribut SSO"><value>non</value></variable>
+            <variable type='string'  name='ninegate_ssoreqitem' description="Attribut SSO associé à la notion d'item" mandatory='True'></variable>
+
+            <!-- BASE DE DONNEES -->
+            <variable type='oui/non' name='activer_database'  description='Activer Base de données'><value>oui</value></variable>
+            <variable type='oui/non' name='database_local' description='Base de données local'><value>oui</value></variable>
+            <variable type='string'  name='database_host' description='Host Base de données' mandatory='True'></variable>
+            <variable type='string'  name='database_port' description='Port Base de données' mandatory='True'></variable>
+            <variable type='string'  name='database_user' description='Utilisateur base de données' mandatory='True'></variable>
+
+
+            <!-- OPENLDAP -->
+            <variable type='oui/non' name='activer_openldap'  description='Activer Annuaire'><value>oui</value></variable>
+            <variable type='oui/non' name='openldap_local' description='Annuaire local'><value>non</value></variable>
+            <variable type='string'  name='openldap_ldaptemplate' description="Modèle d'annuaire"><value>scribe</value></variable>
+
+            <variable type='string'  name='openldap_host' mandatory='True' description='Annuaire host'></variable>
+            <variable type='string'  name='openldap_port' mandatory='True' description='Annuaire port'><value>389</value></variable>
+            <variable type='oui/non' name='openldap_tls' description='Utiliser le mode TLS'><value>non</value></variable>
+
+            <variable type='string'  name='openldap_basedn' mandatory='True' description='Base DN'><value>o=gouv,c=fr</value></variable>
+            <variable type='string'  name='openldap_user' mandatory='True' description='CN du compte writer'><value>admin</value></variable>
+
+            <!-- APPLICATIONS -->
+            <variable type='oui/non'  name='activer_ninegate' description='Activer Ninegate'><value>oui</value></variable>
+            <variable type='oui/non'  name='activer_nextcloud' description='Activer Nextcloud'><value>non</value></variable>
+            <variable type='oui/non'  name='activer_adminer' description='Activer Adminer'><value>non</value></variable>
+            <variable type='oui/non'  name='activer_phpldapadmin' description='Activer Phpldapadmin'><value>non</value></variable>
+
+            <!-- SECRETS -->
+            <variable type='string'   name='openldap_password' mandatory='True' description='Password compte writer Annuaire'></variable>
+            <variable type='string'   name='database_rootpassword' mandatory='True' description='Password compte root base de données'></variable>
+            <variable type='string'   name='database_userpassword' mandatory='True' description='Password compte user base de données'></variable>
+            <variable type='string'   name='keycload_userpassword' mandatory='True' description='Password compte admin-keycloak Keycloak'></variable>
+            <variable type='string'   name='envole_adminpassword' mandatory='True' description='Password compte administrateur applicatifs'></variable>
+            <variable type='string'   name='ninegate_secret' mandatory='True' description='Secret key Ninegate'></variable>
+
+            <!-- NINEGATE -->
+            <variable type='oui/non' name='ninegate_syncldap' description='Synchroniser les utilisateurs vers annuaire'><value>oui</value></variable>
+
+            <variable type='oui/non' name='ninegate_scribegroup' description="Considérer les classes/options comme des groupes de travail"><value>oui</value></variable>
+            <variable type='oui/non' name='ninegate_scribemaster' description="Placer les professeurs comme manager des groupes classes/options"><value>oui</value></variable>
+
+            <variable type='string'  name='ninegate_openldapreqniveau01' description="Lors de l'initalisation de Ninegate requete LDAP utilisateur de votre premier Niveau01" mandatory='True'><value>(uid=*)</value></variable>
+            <variable type='oui/non' name='ninegate_openldapsynchrogroup' description="Générer automatiquement les groupes en fonction de votre annuaire"><value>oui</value></variable>
+            <variable type='string'  name='ninegate_openldapreqgroup' description="Requête pour générer automatiquement les groupes" mandatory='True'><value>(objectClass=posixGroup)</value></variable>
+            <variable type='string'  name='ninegate_openldapsubbranchgroup' description="Rechercher les groupes dans la sous-branche" mandatory='False' />
+            <variable type='string'  name='ninegate_openldapsubbranchuser' description="Rechercher les utilisateurs dans la sous-branche" mandatory='False' />
+            <variable type='string'  name='ninegate_moderegistration' description="Mode de registration : none / byuser / byadmin"  mandatory='True'><value>none</value></variable>
+
+            <variable type='oui/non' name='ninegate_forcetheme' description="Forcer l'utilisation d'un thème"><value>non</value></variable>
+            <variable type='string'  name='ninegate_forcethemename' description="Nom du thème"></variable>
+
+            <!-- NEXTCLOUD -->
+            <variable name='nextcloud_local' type='oui/non' description='Nextcloud local'><value>oui</value></variable>
+            <variable name='nextcloud_url' type='string' mandatory='True' description='Nextcloud URL'></variable>
+            <variable name='nextcloud_samba' type='oui/non' description='Configurer un partage Samba'><value>non</value></variable>
+            <variable name='nextcloud_samba_host' type='string' mandatory='True' description='Samba host name'></variable>
+            <variable name='nextcloud_samba_name' type='string' mandatory='True' description='Samba root name'><value>nextcloud</value></variable>
+        </family>
+        
+        <separators>
+            <separator name="envole_masteridentity">Maître de l'identité</separator>
+            <separator name="envole_modeauth">Authentification</separator>
+            <separator name="activer_database">Base de Données</separator>
+            <separator name="activer_openldap">Annuaire</separator>
+            <separator name="activer_ninegate">Applications</separator>
+            <separator name="openldap_password">Secrets</separator>
+            <separator name="ninegate_syncldap">Ninegate Portail</separator>
+            <separator name="nextcloud_local">Nextcloud</separator>
+        </separators>
+    </variables>
+
+    <constraints>
+        <check name='valid_enum' target='envole_masteridentity'>
+            <param>['LDAP', 'SQL', 'SSO']</param>
+        </check>
+        <check name='valid_enum' target='openldap_ldaptemplate'>
+            <param>['scribe', 'open']</param>
+        </check>
+        <check name='valid_enum' target='envole_modeauth'>
+            <param>['CAS', 'SQL', 'LDAP']</param>
+        </check>
+
+        <!-- APACHE -->
+        <condition name='hidden_if_in' source='activer_apache'>
+            <param>non</param>
+
+            <target type='family'>applications web</target>
+            <target type='servicelist'>envole</target>
+        </condition>
+
+        <!-- MASTERIDENTITY -->
+        <condition name='hidden_if_in' source='envole_masteridentity'>
+            <param>LDAP</param>
+            <param>SSO</param>
+
+            <target type='variable'>ninegate_syncldap</target>
+            <target type='variable'>ninegate_moderegistration</target>
+        </condition>  
+
+        <condition name='hidden_if_in' source='envole_masteridentity'>
+            <param>SQL</param>
+            <param>SSO</param>
+
+            <target type='variable'>openldap_ldaptemplate</target>
+        </condition>  
+
+        <condition name='hidden_if_in' source='envole_masteridentity'>
+            <param>SQL</param>
+            <param>LDAP</param>
+
+            <target type='variable'>ninegate_ssosynchrogroup</target>
+            <target type='variable'>ninegate_ssoreqgroup</target>
+            <target type='variable'>ninegate_ssosynchroitem</target>
+            <target type='variable'>ninegate_ssoreqitem</target> 
+        </condition>
+
+        <!-- AUTHENTIFICATION -->
+        <condition name='hidden_if_in' source='envole_modeauth'>
+            <param>SQL</param>
+            <param>LDAP</param>
+
+            <target type='variable'>cas_local</target>
+            <target type='variable'>cas_username</target>
+            <target type='variable'>cas_lastname</target>
+            <target type='variable'>cas_firstname</target>
+            <target type='variable'>cas_email</target>
+        </condition>
+
+        <condition name='hidden_if_in' source='cas_local'>
+            <param>oui</param>
+
+            <target type='variable'>cas_host</target>
+            <target type='variable'>cas_port</target>
+            <target type='variable'>cas_path</target>
+        </condition>
+        
+        <condition name='hidden_if_in' source='cas_local'>
+            <param>non</param>
+
+            <target type='variable'>keycload_userpassword</target>
+        </condition>
+
+        <!-- DATABASE -->
+        <condition name='hidden_if_in' source='activer_database'>
+            <param>non</param>
+
+            <target type='variable'>database_local</target>
+            <target type='variable'>database_rootpassword</target>
+            <target type='variable'>database_userpassword</target>
+            <target type='variable'>activer_ninegate</target>
+            <target type='variable'>activer_nextcloud</target>
+            <target type='variable'>activer_adminer</target>
+        </condition>
+
+        <condition name='hidden_if_in' source='database_local'>
+            <param>oui</param>
+
+            <target type='variable'>database_host</target>
+            <target type='variable'>database_port</target>
+            <target type='variable'>database_user</target>
+        </condition>
+
+        
+        <!-- OPENLDAP -->
+        <condition name='hidden_if_in' source='activer_openldap'>
+            <param>non</param>
+
+            <target type='variable'>openldap_local</target>
+            <target type='variable'>openldap_password</target>
+            <target type='variable'>activer_phpldapadmin</target>
+        </condition>    
+        
+        <condition name='hidden_if_in' source='openldap_local'>
+            <param>oui</param>
+
+            <target type='variable'>openldap_host</target>
+            <target type='variable'>openldap_port</target>
+            <target type='variable'>openldap_tls</target>
+            <target type='variable'>openldap_basedn</target>
+            <target type='variable'>openldap_user</target>        
+        </condition>
+
+        <condition name='hidden_if_not_in' source='openldap_ldaptemplate'>
+            <param>scribe</param>
+
+            <target type='variable'>ninegate_scribegroup</target>
+            <target type='variable'>ninegate_scribemaster</target>
+        </condition>
+
+
+
+        <!-- NINEGATE -->
+        <condition name='hidden_if_in' source='activer_ninegate'>
+            <param>non</param>
+
+            <target type='variable'>ninegate_secret</target>
+            <target type='variable'>ninegate_syncldap</target>
+            <target type='variable'>ninegate_ssosynchrogroup</target>
+            <target type='variable'>ninegate_ssoreqgroup</target>
+            <target type='variable'>ninegate_ssosynchroitem</target>
+            <target type='variable'>ninegate_ssoreqitem</target>
+            <target type='variable'>ninegate_scribegroup</target>
+            <target type='variable'>ninegate_scribemaster</target>
+            <target type='variable'>ninegate_openldapreqniveau01</target>
+            <target type='variable'>ninegate_openldapsynchrogroup</target>
+            <target type='variable'>ninegate_openldapreqgroup</target>
+            <target type='variable'>ninegate_openldapsubbranchgroup</target>
+            <target type='variable'>ninegate_openldapsubbranchuser</target>
+            <target type='variable'>ninegate_moderegistration</target>
+            <target type='variable'>ninegate_forcetheme</target>
+            <target type='variable'>ninegate_forcethemename</target>
+        </condition>
+
+        <condition name='hidden_if_not_in' source='openldap_ldaptemplate'>
+            <param>scribe</param>
+
+            <target type='variable'>ninegate_scribegroup</target>
+            <target type='variable'>ninegate_scribemaster</target>
+        </condition>
+
+        <condition name='hidden_if_not_in' source='openldap_ldaptemplate'>
+            <param>open</param>
+
+            <target type='variable'>ninegate_openldapreqniveau01</target>
+            <target type='variable'>ninegate_openldapsynchrogroup</target>
+            <target type='variable'>ninegate_openldapreqgroup</target>
+            <target type='variable'>ninegate_openldapsubbranchgroup</target>
+            <target type='variable'>ninegate_openldapsubbranchuser</target>
+        </condition>    
+
+        <condition name='hidden_if_in' source='ninegate_ssosynchroitem'>
+            <param>non</param>
+
+            <target type='variable'>ninegate_ssoreqitem</target>
+        </condition>
+
+        <condition name='hidden_if_in' source='ninegate_forcetheme'>
+            <param>non</param>
+
+            <target type='variable'>ninegate_forcethemename</target>
+        </condition>
+
+        
+        <!-- NEXTCLOUD -->
+        <condition name='hidden_if_in' source='activer_nextcloud'>
+            <param>non</param>
+
+            <target type='variable'>nextcloud_local</target>
+            <target type='variable'>nextcloud_samba</target>    
+        </condition>
+
+        <condition name='hidden_if_in' source='nextcloud_local'>
+            <param>oui</param>
+
+            <target type='variable'>nextcloud_url</target>    
+        </condition> 
+
+        <condition name='hidden_if_in' source='nextcloud_local'>
+            <param>non</param>
+
+            <target type='variable'>nextcloud_samba</target>    
+        </condition> 
+
+        <condition name='hidden_if_in' source='nextcloud_samba'>
+            <param>non</param>
+
+            <target type='variable'>nextcloud_samba_host</target>
+            <target type='variable'>nextcloud_samba_name</target>    
+        </condition>                
+    </constraints>
+</creole>

readme.md

@@ -23,9 +23,6 @@ sudo apt update
 apt-get install docker-ce docker-ce-cli containerd.io docker-compose-plugin docker-compose
 ```
 
-
-sudo apt install python3-pip -y
-pip3 install podman-compose
 ## Installation envole
 ```
 cd /root

src/envole-1.0/.vscode/settings.json

@@ -0,0 +1,15 @@
+{
+    "markdown-pdf.stylesRelativePathFile": true,
+    "markdown-pdf.styles": [
+        "./misc/tools/cadoles_theme.css"
+    ],
+    "markdown-pdf.breaks": true,
+    "markdown-pdf.outputDirectory": "./",
+    "markdown.extension.toc.levels": "2..6",
+    "markdown-pdf.outputDirectoryRelativePathFile": true,
+    "markdown-pdf.headerTemplate": "<div style=\"font-size: 9px; margin-left: 1cm;\">SHELA</div> <div style=\"font-size: 9px; margin-left: auto; margin-right: 1cm; \"> Cadoles - <span class='date'></span></div>",
+    "esbonio.sphinx.confDir": "",
+    "markdown-pdf.convertOnSave": true,
+    "markdown-pdf.type": ["pdf","html"],
+    "markdown-pdf.convertOnSaveExclude": ["readme.md"],
+}

src/envole-1.0/doc/etude.html

@@ -0,0 +1,481 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>etude.md</title>
+<meta http-equiv="Content-type" content="text/html;charset=UTF-8">
+
+<style>
+/* https://github.com/microsoft/vscode/blob/master/extensions/markdown-language-features/media/markdown.css */
+/*---------------------------------------------------------------------------------------------
+ *  Copyright (c) Microsoft Corporation. All rights reserved.
+ *  Licensed under the MIT License. See License.txt in the project root for license information.
+ *--------------------------------------------------------------------------------------------*/
+
+body {
+	font-family: var(--vscode-markdown-font-family, -apple-system, BlinkMacSystemFont, "Segoe WPC", "Segoe UI", "Ubuntu", "Droid Sans", sans-serif);
+	font-size: var(--vscode-markdown-font-size, 14px);
+	padding: 0 26px;
+	line-height: var(--vscode-markdown-line-height, 22px);
+	word-wrap: break-word;
+}
+
+#code-csp-warning {
+	position: fixed;
+	top: 0;
+	right: 0;
+	color: white;
+	margin: 16px;
+	text-align: center;
+	font-size: 12px;
+	font-family: sans-serif;
+	background-color:#444444;
+	cursor: pointer;
+	padding: 6px;
+	box-shadow: 1px 1px 1px rgba(0,0,0,.25);
+}
+
+#code-csp-warning:hover {
+	text-decoration: none;
+	background-color:#007acc;
+	box-shadow: 2px 2px 2px rgba(0,0,0,.25);
+}
+
+body.scrollBeyondLastLine {
+	margin-bottom: calc(100vh - 22px);
+}
+
+body.showEditorSelection .code-line {
+	position: relative;
+}
+
+body.showEditorSelection .code-active-line:before,
+body.showEditorSelection .code-line:hover:before {
+	content: "";
+	display: block;
+	position: absolute;
+	top: 0;
+	left: -12px;
+	height: 100%;
+}
+
+body.showEditorSelection li.code-active-line:before,
+body.showEditorSelection li.code-line:hover:before {
+	left: -30px;
+}
+
+.vscode-light.showEditorSelection .code-active-line:before {
+	border-left: 3px solid rgba(0, 0, 0, 0.15);
+}
+
+.vscode-light.showEditorSelection .code-line:hover:before {
+	border-left: 3px solid rgba(0, 0, 0, 0.40);
+}
+
+.vscode-light.showEditorSelection .code-line .code-line:hover:before {
+	border-left: none;
+}
+
+.vscode-dark.showEditorSelection .code-active-line:before {
+	border-left: 3px solid rgba(255, 255, 255, 0.4);
+}
+
+.vscode-dark.showEditorSelection .code-line:hover:before {
+	border-left: 3px solid rgba(255, 255, 255, 0.60);
+}
+
+.vscode-dark.showEditorSelection .code-line .code-line:hover:before {
+	border-left: none;
+}
+
+.vscode-high-contrast.showEditorSelection .code-active-line:before {
+	border-left: 3px solid rgba(255, 160, 0, 0.7);
+}
+
+.vscode-high-contrast.showEditorSelection .code-line:hover:before {
+	border-left: 3px solid rgba(255, 160, 0, 1);
+}
+
+.vscode-high-contrast.showEditorSelection .code-line .code-line:hover:before {
+	border-left: none;
+}
+
+img {
+	max-width: 100%;
+	max-height: 100%;
+}
+
+a {
+	text-decoration: none;
+}
+
+a:hover {
+	text-decoration: underline;
+}
+
+a:focus,
+input:focus,
+select:focus,
+textarea:focus {
+	outline: 1px solid -webkit-focus-ring-color;
+	outline-offset: -1px;
+}
+
+hr {
+	border: 0;
+	height: 2px;
+	border-bottom: 2px solid;
+}
+
+h1 {
+	padding-bottom: 0.3em;
+	line-height: 1.2;
+	border-bottom-width: 1px;
+	border-bottom-style: solid;
+}
+
+h1, h2, h3 {
+	font-weight: normal;
+}
+
+table {
+	border-collapse: collapse;
+}
+
+table > thead > tr > th {
+	text-align: left;
+	border-bottom: 1px solid;
+}
+
+table > thead > tr > th,
+table > thead > tr > td,
+table > tbody > tr > th,
+table > tbody > tr > td {
+	padding: 5px 10px;
+}
+
+table > tbody > tr + tr > td {
+	border-top: 1px solid;
+}
+
+blockquote {
+	margin: 0 7px 0 5px;
+	padding: 0 16px 0 10px;
+	border-left-width: 5px;
+	border-left-style: solid;
+}
+
+code {
+	font-family: Menlo, Monaco, Consolas, "Droid Sans Mono", "Courier New", monospace, "Droid Sans Fallback";
+	font-size: 1em;
+	line-height: 1.357em;
+}
+
+body.wordWrap pre {
+	white-space: pre-wrap;
+}
+
+pre:not(.hljs),
+pre.hljs code > div {
+	padding: 16px;
+	border-radius: 3px;
+	overflow: auto;
+}
+
+pre code {
+	color: var(--vscode-editor-foreground);
+	tab-size: 4;
+}
+
+/** Theming */
+
+.vscode-light pre {
+	background-color: rgba(220, 220, 220, 0.4);
+}
+
+.vscode-dark pre {
+	background-color: rgba(10, 10, 10, 0.4);
+}
+
+.vscode-high-contrast pre {
+	background-color: rgb(0, 0, 0);
+}
+
+.vscode-high-contrast h1 {
+	border-color: rgb(0, 0, 0);
+}
+
+.vscode-light table > thead > tr > th {
+	border-color: rgba(0, 0, 0, 0.69);
+}
+
+.vscode-dark table > thead > tr > th {
+	border-color: rgba(255, 255, 255, 0.69);
+}
+
+.vscode-light h1,
+.vscode-light hr,
+.vscode-light table > tbody > tr + tr > td {
+	border-color: rgba(0, 0, 0, 0.18);
+}
+
+.vscode-dark h1,
+.vscode-dark hr,
+.vscode-dark table > tbody > tr + tr > td {
+	border-color: rgba(255, 255, 255, 0.18);
+}
+
+</style>
+
+<style>
+/* Tomorrow Theme */
+/* http://jmblog.github.com/color-themes-for-google-code-highlightjs */
+/* Original theme - https://github.com/chriskempson/tomorrow-theme */
+
+/* Tomorrow Comment */
+.hljs-comment,
+.hljs-quote {
+	color: #8e908c;
+}
+
+/* Tomorrow Red */
+.hljs-variable,
+.hljs-template-variable,
+.hljs-tag,
+.hljs-name,
+.hljs-selector-id,
+.hljs-selector-class,
+.hljs-regexp,
+.hljs-deletion {
+	color: #c82829;
+}
+
+/* Tomorrow Orange */
+.hljs-number,
+.hljs-built_in,
+.hljs-builtin-name,
+.hljs-literal,
+.hljs-type,
+.hljs-params,
+.hljs-meta,
+.hljs-link {
+	color: #f5871f;
+}
+
+/* Tomorrow Yellow */
+.hljs-attribute {
+	color: #eab700;
+}
+
+/* Tomorrow Green */
+.hljs-string,
+.hljs-symbol,
+.hljs-bullet,
+.hljs-addition {
+	color: #718c00;
+}
+
+/* Tomorrow Blue */
+.hljs-title,
+.hljs-section {
+	color: #4271ae;
+}
+
+/* Tomorrow Purple */
+.hljs-keyword,
+.hljs-selector-tag {
+	color: #8959a8;
+}
+
+.hljs {
+	display: block;
+	overflow-x: auto;
+	color: #4d4d4c;
+	padding: 0.5em;
+}
+
+.hljs-emphasis {
+	font-style: italic;
+}
+
+.hljs-strong {
+	font-weight: bold;
+}
+</style>
+
+<style>
+/*
+ * Markdown PDF CSS
+ */
+
+ body {
+	font-family: -apple-system, BlinkMacSystemFont, "Segoe WPC", "Segoe UI", "Ubuntu", "Droid Sans", sans-serif, "Meiryo";
+	padding: 0 12px;
+}
+
+pre {
+	background-color: #f8f8f8;
+	border: 1px solid #cccccc;
+	border-radius: 3px;
+	overflow-x: auto;
+	white-space: pre-wrap;
+	overflow-wrap: break-word;
+}
+
+pre:not(.hljs) {
+	padding: 23px;
+	line-height: 19px;
+}
+
+blockquote {
+	background: rgba(127, 127, 127, 0.1);
+	border-color: rgba(0, 122, 204, 0.5);
+}
+
+.emoji {
+	height: 1.4em;
+}
+
+code {
+	font-size: 14px;
+	line-height: 19px;
+}
+
+/* for inline code */
+:not(pre):not(.hljs) > code {
+	color: #C9AE75; /* Change the old color so it seems less like an error */
+	font-size: inherit;
+}
+
+/* Page Break : use <div class="page"/> to insert page break
+-------------------------------------------------------- */
+.page {
+	page-break-after: always;
+}
+
+</style>
+<link rel="stylesheet" href="file:///run/user/1000/gvfs/sftp%3Ahost%3Deolebase.ac-test.fr%2Cuser%3Droot/root/git/envole/src/envole-1.0/doc/misc/tools/cadoles_theme.css" type="text/css">
+<script src="https://unpkg.com/mermaid/dist/mermaid.min.js"></script>
+</head>
+<body>
+  <script>
+    mermaid.initialize({
+      startOnLoad: true,
+      theme: document.body.classList.contains('vscode-dark') || document.body.classList.contains('vscode-high-contrast')
+          ? 'dark'
+          : 'default'
+    });
+  </script>
+<h1 id="envole">Envole</h1>
+<h2 id="introduction">Introduction</h2>
+<p>Envole est une solution qui propose un ensemble d'applicatifs web fédérés autour d'un annaire afin de gérer l'identité ainsi qu'un SSO afin de gérer l'authentification.</p>
+<p>Il s'appuit sur la distrution EOLE pour déployer ses différents composants.</p>
+<p>Envole rencontre depuis des années des problèmatiques :</p>
+<ul>
+<li>Elle doit se baser sur une version précise d'EOLE 2.5 ou 2.6 ou 2.7 ou 2.8 ou 2.9 qui ont chacune leur contrainte de version php</li>
+<li>Les différentes applications Envole ont leur propre contrainte de version php.</li>
+<li>Ce qui oblige de limiter les possibilités de montée de version de l'application dans une version x d'eole car cette dernière ne fournit pas la version minimum de php requise</li>
+<li>Ou qui empéche le passage d'une application de fonctionner dans une version x d'eole car cette dernière propose une version trop résente de php pour l'application</li>
+</ul>
+<p>Ce document va chercher à évaluer la possibilité de conteneriser les applications Envole, afin qu'elles puissent fonctionner le moins possible en contrainte avec la version d'Eole</p>
+<h2 id="architecture">Architecture</h2>
+<h3 id="eolebase">EoleBase</h3>
+<p>La présente étude part du principe qu'Envole ne serait plus installé sur une instance Scribe mais sur une installation EoleBase d'Eole</p>
+<p><strong>Avantages</strong></p>
+<ul>
+<li>Décharger le serveur Scribe et lui laisser ses fonctions principales. C'est à dire
+<ul>
+<li>Contrôleur de Domaine</li>
+<li>SSO</li>
+<li>Annuaire</li>
+<li>Imap (et SMTP ?)</li>
+</ul>
+</li>
+<li>Faire évoluer plus facilement le serveur Envole vers des versions plus récente d'Eole avec moins de contrainte tout en assurant une mise à jour de sécurité plus régulière</li>
+</ul>
+<p><strong>Inconvéhients</strong></p>
+<ul>
+<li>L'adminstrateur devra configurer le lien SSO et Annaire qui eux restent sur le scribe.</li>
+<li>Il devra donc fixer certains secrets sur le Scribe (notamment le compte reader/writer annuaire sur le scibe)</li>
+<li>Connaitre et renseigner les hosts/ports des service SSO et Annuaire</li>
+<li>Avoir un second nom de domaine pour l'accès aux applications Envole</li>
+</ul>
+<h3 id="paquet-debian">Paquet Debian</h3>
+<p>Contrairement à la précédente logique Envole, il n'y aurait qu'un seul paquet Debian pour Envole. Il n'installerait pas les sources des applications, mais uniquement</p>
+<ul>
+<li>le dictionnaire eole de configuration</li>
+<li>les templates de configuration</li>
+<li>le dossier de définitions de l'ensemble des conteneurs possible pour Envole</li>
+<li>un script qui viendrait monter ou non les conteneurs souhaités par l'administateur</li>
+</ul>
+<h3 id="poc">POC</h3>
+<p>Afin de s'assurer de la faisabilité d'un tel changement, un POC a été initié, dans le cadre des éléments précédents cités. La première question fut de savoir quelle technologie de conteneurisation serait à utiliser PODMAN ou DOCKER, et dans leur logique de composer PODMAN-COMPOSE ou DOCKER-COMPOSER.</p>
+<h3 id="podman-vs-docker-sur-eole">PODMAN vs DOCKER sur Eole</h3>
+<p><strong>PODMAN</strong></p>
+<p>Eole a intégré à partir de la 2.9 dans sa distribution podman. Ce qui de prime abord devrait-être la technologie à utiliser, sauf que</p>
+<ul>
+<li>Ubuntu 22.04 ne dispose pas de paquet pour podman-compose</li>
+<li>Pour installer podman-compose, il est nécessaire de l'installer via pip</li>
+<li>De plus la version de podman disponible sur Ubuntu 22.04 est une version 3.4 qui n'est pas compatible avec la version de podman-compose</li>
+<li>Il est nécessaire d'installer la dernière version 4.4 de Podman PPA pour faire fonctionner l'ensemble</li>
+<li>Par la suite il est possible de créer un composer d'image docker comme on pourrait le faire avec docker-compose. Podman est juste plus stricte dans sa synthaxe et certaines commandes ne sont pas tout à fait indentique</li>
+<li>Mais il apparait qu'un reconfigure rendra totalement inopérant le réseau des conteneurs. Pour le rendre de nouveau opérant, il est nécessaire de le détruire pour le reconstruire.</li>
+</ul>
+<p><strong>DOCKER</strong></p>
+<p>Eole n'a pas intégré nativement docker. Mais il est tout à fait possible de l'installer par ses propres moyens sauf que</p>
+<ul>
+<li>Tout comme Podman Ubuntu ne propose pas de paquet suffisament à jour de docker-ce et docker-compose</li>
+<li>Il est nécessaire de les installer via la mise en place d'un PPA</li>
+<li>Par la suite docker se comporte bien mieux que podman. Il est plus souple d'usage, moins verbeux</li>
+<li>Mais tout comme podman, un reconfigure vient rendre totalement inopérant le reseau des conteneurs. Il est nécessaire de réinitialiser docker-ce pour rétablir le reseau.</li>
+</ul>
+<p><strong>CONCLUSION</strong></p>
+<p>Quoi qu'il arrive, une intégration compléte que cela soit avec Podman ou avec Docker, demandera un travail d'intégration d'Eole</p>
+<ul>
+<li>afin de disposer des dernières versions possibles de l'un ou de l'autre</li>
+<li>que l'un ou l'autre ne détruit pas le réseau associé au composer de conteneur</li>
+</ul>
+<p>Ma préférence va malgrés tout sur Docker, il est plus souple moins verbeux et me semble plus fiable à long terme. Il serait possible de maitenir les deux solutions en parrallèle avec un effort supplémentaire d'intégration et de maintenance.</p>
+<h2 id="poc">POC</h2>
+<h3 id="sources">Sources</h3>
+<p>Les sources du POC sont disponible ici<br>
+https://forge.cadoles.com/Envole/envole</p>
+<p>Elles sont pour l'instant hébergé à Cadoles pour des raisons de simplicité de mise en oeuvre, mais à terme elles seront bien stockées chez Eole</p>
+<h3 id="repository">Repository</h3>
+<p>Certaines images sont hébergées elles aussi sur un repository public de Cadoles. Là aussi pour des raisons de simplicité de mise en oevre, mais à terme Eole devra fournir un repository propre aux images Envole.</p>
+<p>Les images en questions sont celles des applications  maintenues par Envole, en l'occurence pour l'instant uniquement Ninegate. Mais à terme pourra aussi y figurer des images d'applications tiers sur lesquelles nous aurions besion d'altérer légèrement le comportement.</p>
+<h3 id="installation-du-poc">Installation du POC</h3>
+<p>1- Instancier un eolebase 2.9</p>
+<p>2- Installer eole-web</p>
+<pre class="hljs"><code><div>apt-get install eole-web
+Genconfig
+Services &gt; Activer l'interface web de l'EAD = non
+Services &gt; Activer le serveur de bases de données MySQL = non
+Services &gt; Activer l’interface d’administration du module (EAD3) = non
+Applications Web &gt; Nom de domaine des applications web = mondomaine.fr
+save &amp; quit
+Reconfigure
+</div></code></pre>
+<p>3- Installer docker &amp; docker-compose</p>
+<pre class="hljs"><code><div>apt install git make apt-transport-https ca-certificates curl gnupg-agent software-properties-common
+mkdir -p /etc/apt/keyrings
+curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
+echo \
+&quot;deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
+$(lsb_release -cs) stable&quot; | tee /etc/apt/sources.list.d/docker.list &gt; /dev/null
+apt update
+apt-get install docker-ce docker-ce-cli containerd.io docker-compose-plugin docker-compose
+</div></code></pre>
+<p>4- Installer Envole</p>
+<pre class="hljs"><code><div>cd /usr/share
+mkdir -p envole
+cd /usr/share/envole
+mkdir -p docker
+cd /usr/share/envole/docker
+git clone https://forge.cadoles.com/Envole/envole.git
+cd /root/git/envole
+make install
+</div></code></pre>
+<p>5- Configurer Envole</p>
+
+</body>
+</html>

src/envole-1.0/doc/etude.md

@@ -0,0 +1,149 @@
+# Envole 
+
+## Introduction
+
+Envole est une solution qui propose un ensemble d'applicatifs web fédérés autour d'un annaire afin de gérer l'identité ainsi qu'un SSO afin de gérer l'authentification.
+
+Il s'appuit sur la distrution EOLE pour déployer ses différents composants.
+
+Envole rencontre depuis des années des problèmatiques :
+
+- Elle doit se baser sur une version précise d'EOLE 2.5 ou 2.6 ou 2.7 ou 2.8 ou 2.9 qui ont chacune leur contrainte de version php
+- Les différentes applications Envole ont leur propre contrainte de version php.
+- Ce qui oblige de limiter les possibilités de montée de version de l'application dans une version x d'eole car cette dernière ne fournit pas la version minimum de php requise
+- Ou qui empéche le passage d'une application de fonctionner dans une version x d'eole car cette dernière propose une version trop résente de php pour l'application
+
+Ce document va chercher à évaluer la possibilité de conteneriser les applications Envole, afin qu'elles puissent fonctionner le moins possible en contrainte avec la version d'Eole
+
+## Architecture
+
+### EoleBase
+
+La présente étude part du principe qu'Envole ne serait plus installé sur une instance Scribe mais sur une installation EoleBase d'Eole
+
+**Avantages**
+- Décharger le serveur Scribe et lui laisser ses fonctions principales. C'est à dire 
+    - Contrôleur de Domaine
+    - SSO
+    - Annuaire
+    - Imap (et SMTP ?)
+- Faire évoluer plus facilement le serveur Envole vers des versions plus récente d'Eole avec moins de contrainte tout en assurant une mise à jour de sécurité plus régulière
+
+**Inconvéhients**
+- L'adminstrateur devra configurer le lien SSO et Annaire qui eux restent sur le scribe.
+- Il devra donc fixer certains secrets sur le Scribe (notamment le compte reader/writer annuaire sur le scibe)
+- Connaitre et renseigner les hosts/ports des service SSO et Annuaire
+- Avoir un second nom de domaine pour l'accès aux applications Envole
+
+
+### Paquet Debian
+
+Contrairement à la précédente logique Envole, il n'y aurait qu'un seul paquet Debian pour Envole. Il n'installerait pas les sources des applications, mais uniquement
+
+- le dictionnaire eole de configuration
+- les templates de configuration
+- le dossier de définitions de l'ensemble des conteneurs possible pour Envole
+- un script qui viendrait monter ou non les conteneurs souhaités par l'administateur
+
+### POC
+
+Afin de s'assurer de la faisabilité d'un tel changement, un POC a été initié, dans le cadre des éléments précédents cités. La première question fut de savoir quelle technologie de conteneurisation serait à utiliser PODMAN ou DOCKER, et dans leur logique de composer PODMAN-COMPOSE ou DOCKER-COMPOSER.
+
+### PODMAN vs DOCKER sur Eole
+
+**PODMAN**
+
+Eole a intégré à partir de la 2.9 dans sa distribution podman. Ce qui de prime abord devrait-être la technologie à utiliser, sauf que 
+
+- Ubuntu 22.04 ne dispose pas de paquet pour podman-compose
+- Pour installer podman-compose, il est nécessaire de l'installer via pip
+- De plus la version de podman disponible sur Ubuntu 22.04 est une version 3.4 qui n'est pas compatible avec la version de podman-compose
+- Il est nécessaire d'installer la dernière version 4.4 de Podman PPA pour faire fonctionner l'ensemble
+- Par la suite il est possible de créer un composer d'image docker comme on pourrait le faire avec docker-compose. Podman est juste plus stricte dans sa synthaxe et certaines commandes ne sont pas tout à fait indentique
+- Mais il apparait qu'un reconfigure rendra totalement inopérant le réseau des conteneurs. Pour le rendre de nouveau opérant, il est nécessaire de le détruire pour le reconstruire.
+
+**DOCKER**
+
+Eole n'a pas intégré nativement docker. Mais il est tout à fait possible de l'installer par ses propres moyens sauf que
+- Tout comme Podman Ubuntu ne propose pas de paquet suffisament à jour de docker-ce et docker-compose
+- Il est nécessaire de les installer via la mise en place d'un PPA
+- Par la suite docker se comporte bien mieux que podman. Il est plus souple d'usage, moins verbeux
+- Mais tout comme podman, un reconfigure vient rendre totalement inopérant le reseau des conteneurs. Il est nécessaire de réinitialiser docker-ce pour rétablir le reseau.
+
+**CONCLUSION**
+
+Quoi qu'il arrive, une intégration compléte que cela soit avec Podman ou avec Docker, demandera un travail d'intégration d'Eole
+- afin de disposer des dernières versions possibles de l'un ou de l'autre
+- que l'un ou l'autre ne détruit pas le réseau associé au composer de conteneur
+
+Ma préférence va malgrés tout sur Docker, il est plus souple moins verbeux et me semble plus fiable à long terme. Il serait possible de maitenir les deux solutions en parrallèle avec un effort supplémentaire d'intégration et de maintenance.
+
+## POC
+
+### Sources
+
+Les sources du POC sont disponible ici  
+https://forge.cadoles.com/Envole/envole
+
+Elles sont pour l'instant hébergé à Cadoles pour des raisons de simplicité de mise en oeuvre, mais à terme elles seront bien stockées chez Eole
+
+### Repository
+
+Certaines images sont hébergées elles aussi sur un repository public de Cadoles. Là aussi pour des raisons de simplicité de mise en oevre, mais à terme Eole devra fournir un repository propre aux images Envole.
+
+Les images en questions sont celles des applications  maintenues par Envole, en l'occurence pour l'instant uniquement Ninegate. Mais à terme pourra aussi y figurer des images d'applications tiers sur lesquelles nous aurions besion d'altérer légèrement le comportement.
+
+### Installation du POC
+
+1- Instancier un eolebase 2.9  
+
+2- Installer eole-web
+```
+apt-get install eole-web
+Genconfig
+Services > Activer l'interface web de l'EAD = non
+Services > Activer le serveur de bases de données MySQL = non
+Services > Activer l’interface d’administration du module (EAD3) = non
+Applications Web > Nom de domaine des applications web = mondomaine.fr
+save & quit
+Reconfigure
+``` 
+
+3- Installer docker & docker-compose
+```
+apt install git make apt-transport-https ca-certificates curl gnupg-agent software-properties-common
+mkdir -p /etc/apt/keyrings
+curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
+echo \
+"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
+$(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
+apt update
+apt-get install docker-ce docker-ce-cli containerd.io docker-compose-plugin docker-compose
+```
+
+4- Installer Envole
+
+```
+cd /usr/share
+mkdir -p envole
+cd /usr/share/envole
+mkdir -p docker
+cd /usr/share/envole/docker
+git clone https://forge.cadoles.com/Envole/envole.git
+cd /root/git/envole
+make install
+```
+
+5- Configurer Envole
+
+
+
+
+
+
+
+
+
+
+
+

src/envole-1.0/env/.env

@@ -26,7 +26,7 @@ MARIADB_ACTIVATE=1
 MARIADB_LOCAL=1
 MARIADB_ROOT_PASSWORD=${ADMIN_PASSWORD}
 MARIADB_USER=user
-MARIADB_PASSWORD=changeme
+MARIADB_PASSWORD=${ADMIN_PASSWORD}
 
 # LDAP
 # LDAP_SYNC Si MASTERIDENTITY = SQL permet la synchronisation des utilisateurs SQL vers LDAP
@@ -46,6 +46,17 @@ LDAP_BASENIVEAU01=ou=niveau01,ou=ninegate,${LDAP_BASEDN}
 LDAP_BASENIVEAU02=ou=niveau02,ou=ninegate,${LDAP_BASEDN}
 LDAP_BASEGROUP=ou=groups,ou=ninegate,${LDAP_BASEDN}
 LDAP_SYNC=1 
+LDAP_TEMPLATE=
+LDAP_USERNAME=uid
+LDAP_FIRSTNAME=givenname
+LDAP_LASTNAME=sn
+LDAP_EMAIL=mail
+LDAP_MEMBER=memberUid
+SCRIBE_GROUP=1
+SCRIBE_MASTER=1
+OPENLDAPREQNIVEAU01=
+OPENLDAPSYNCHROGROUP=0
+OPENLDAPREQGROUP=
 
 # CAS
 # attention si localhost = ajouter keycloak dans votre propre host : le service web doit valider son ticket via le nom du service et votre navigateur doit assi le voir

src/envole-1.0/env/.env.zapp.phpldapadmin

@@ -3,4 +3,5 @@
 
 PHPLDAPADMIN_LDAP_HOSTS=ldap://${LDAP_SERVICE_NAME}:${LDAP_PORT}
 PHPLDAPADMIN_HTTPS="false"
+PHPLDAPADMIN_SERVER_PATH=
 

src/envole-1.0/envole.sh

@@ -15,10 +15,6 @@ cat ./env/.env* >> ./.env.local
 clear
 BigTitle "ENVOLE"
 
-echo "========"
-echo ${WEB_URL}
-echo "========"
-
 # on remplace les valeur reprise dans les autres .env car podman interprète mal
 sed -i 's#${WEB_URL}#'${WEB_URL}'#g' ./.env.local
 sed -i 's#${WEB_PROTOCOL}#'${WEB_PROTOCOL}'#g' ./.env.local
@@ -61,9 +57,11 @@ sed -i 's#${NEXTCLOUD_URL}#'${NEXTCLOUD_URL}'#g' ./.env.local
 #== STOP ===================================================================================================================================
 #===========================================================================================================================================
 #1 = service to stop if null all service
+#2 = stopper par destroyall
 
 stop() {
-    Title "STOP"
+    if [[ "$2" != 1 ]]; then Title "STOP"; fi
+
     $PODCOMPOSEBIN stop $1
     if [[ "$PODCOMPOSEBIN" == "podman-compose" ]]
     then
@@ -90,15 +88,15 @@ wait_for_container() {
     waiting_done="false"
 
     while [[ "${waiting_done}" != "true" ]]; do
-        container_state="$($PODBIN inspect "${container_id}" --format '{{ .State.Status }}')"
-        if [[ "${container_state}" == "running" ]]; then
-            health_status="$($PODBIN inspect "${container_id}" --format '{{ .State.Health.Status }}')"
-            if [[ ${health_status} == "healthy" ]]; then
-                waiting_done="true"
-            fi
-        else
-            waiting_done="true"
-        fi
+         container_state="$($PODBIN inspect "${container_id}" --format '{{ .State.Status }}')"
+         if [[ "${container_state}" == "running" ]]; then
+             health_status="$($PODBIN inspect "${container_id}" --format '{{ .State.Health.Status }}')"
+             if [[ ${health_status} == "healthy" ]]; then
+                 waiting_done="true"
+             fi
+         else
+             waiting_done="true"
+         fi
         sleep 1;
     done;
 }
@@ -214,7 +212,7 @@ up(){
             echo
         fi        
     else
-        EchoVert ${1^^}
+        Title ${1^^}
         $PODCOMPOSEBIN up -d $1
     fi
 }
@@ -245,9 +243,10 @@ destroyall(){
 #2 = ne pas poser de questions
 
 destroy(){
-    stop $1
-    
     Title "DESTROY "${1^^}
+
+    stop $1 1
+
     if [[ "$PODCOMPOSEBIN" == "docker-compose" ]]
     then
         $PODBIN rm "envole-$1"
@@ -340,6 +339,9 @@ then
 elif  [[ $1 == "logs" ]]
 then
     $PODCOMPOSEBIN logs -f $2
+elif [[ $1 == "iswait" ]]
+then
+    wait_for_container $2
 elif  [[ $1 == "env" ]]
 then
     EchoVert "Fichier .env.local regénéré"

src/envole-1.0/misc/tools/cadoles_theme.css

@@ -0,0 +1,129 @@
+@font-face {
+	font-family: "Roboto";
+	src: url("fonts/Roboto/Roboto-Regular.ttf") format('truetype');
+}
+
+body {
+	font-family: "Roboto" !important;
+	color: #333;	
+    max-width: 1200px;
+    margin: auto;
+}
+
+.title {
+	color: #078eb5;
+	text-transform: uppercase;
+    font-size: 3em;
+    margin-top:30px;
+    text-align: center;
+    line-height: 1em;
+    font-weight: bold
+}
+
+h1 {
+	text-transform: uppercase;
+    page-break-before: always;
+}
+
+h2 {
+    text-transform: uppercase;
+    text-decoration: underline;
+}
+
+h3 {
+    text-decoration: underline;
+}
+
+a, a:hover, a:visited , h1, h2, h3, h4, h5, h6 {
+	color: #078eb5;
+    font-weight: bold
+}
+
+img {
+    max-width:100%;
+    margin:auto;
+    display: block;
+}
+
+.center {
+    text-align: center;
+}
+
+footer img {
+	width: 32px;
+}
+
+.info,
+.success,
+.warning,
+.danger {
+	padding: 1rem;
+	margin-bottom: 1rem;
+}
+
+.info {
+	background-color: rgba(41, 128, 185, .1);
+	border-left: solid 4px rgba(41, 128, 185,1.0);
+	color: rgba(41, 128, 185,1.0);
+}
+
+.success {
+	background-color: rgba(39, 174, 96, .1);
+	border-left: solid 4px rgba(39, 174, 96,1.0);
+	color:rgba(39, 174, 96,1.0);
+}
+
+.warning {
+	padding: 1rem;
+	background-color: rgba(243, 156, 18, .1);
+	border-left: solid 4px #f39c12;
+	color: #f39c12;
+}
+
+.danger {
+	background-color: rgba(231, 76, 60, .1);
+	border-left: solid 4px rgba(231, 76, 60,1.0);
+	color: rgba(231, 76, 60,1.0);
+}
+
+.page-break {
+	page-break-after: always;
+}
+
+.center {
+    text-align: center;
+}
+
+table {
+    width:100%;
+}
+
+table > thead > tr > th {
+    border: 1px solid;
+    text-align:center;
+}
+
+table > tbody > tr > td {
+    border: 1px solid;
+}
+
+.matriceresponsabilites {
+    text-align:center;
+    font-size: 10px;
+}
+
+.matriceresponsabilites td:nth-child(2) {
+    text-align:left;
+}
+
+.matriceresponsabilites td {
+    padding: 2px;
+}
+
+img[alt="schéma declenchement PCA"] { width: 500px; }
+img[alt="Type Epique"] { width: 500px; }
+img[alt="Type Epique Dependance"] { width: 200px; }
+img[alt="Type Scenario"] { width: 500px; }
+img[alt="Type Scenario Dependance"] { width: 200px; }
+img[alt="Type Tache"] { width: 500px; }
+img[alt="Jalon"] { width: 200px; }

src/envole-1.0/misc/tools/fonts/Roboto/LICENSE.txt

@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

tmpl/envole-apache.conf

@@ -0,0 +1,19 @@
+
+ProxyPass /ninegate http://0.0.0.0:9000/ninegate retry=0 keepalive=On
+ProxyPassReverse /ninegate http://0.0.0.0:9000/ninegate retry=0
+ProxyPass /wssninegate ws://0.0.0.0:9000/wssninegate retry=0 keepalive=On
+ProxyPassReverse /wssninegate ws://0.0.0.0:9000/wssninegate retry=0
+
+ProxyPass /nextcloud http://0.0.0.0:9001 retry=0 keepalive=On
+ProxyPassReverse /nextcloud http://0.0.0.0:9001 retry=0
+
+ProxyPass /adminer http://0.0.0.0:9100 retry=0 keepalive=On
+ProxyPassReverse /adminer http://0.0.0.0:9100 retry=0
+
+ProxyPass /phpldapadmin http://0.0.0.0:9101/phpldapadmin retry=0 keepalive=On
+ProxyPassReverse /phpldapadmin http://0.0.0.0:9101/phpldapadmin retry=0
+
+ProxyPass /nineapache http://0.0.0.0:9102 retry=0 keepalive=On
+ProxyPassReverse /nineapache http://0.0.0.0:9102 retry=0
+
+

tmpl/envole-nextcloud.env

@@ -0,0 +1,7 @@
+
+#-- LOCAL
+
+NEXTCLOUD_ACTIVATE=1
+NEXTCLOUD_ALIAS=/nextcloud
+NEXTCLOUD_URL=${WEB_PROTOCOL}://${WEB_URL}/nextcloud
+

tmpl/envole-phpldapadmin.env

@@ -0,0 +1,7 @@
+
+#-- LOCAL
+
+PHPLDAPADMIN_ACTIVATE=1
+PHPLDAPADMIN_URL=/phpldapadmin
+PHPLDAPADMIN_SERVER_PATH=${PHPLDAPADMIN_URL}
+

tmpl/envole-realm.json

@@ -0,0 +1,2422 @@
+{
+  "id": "envole",
+  "realm": "envole",
+  "displayName": "Keycloak",
+  "displayNameHtml": "<div class=\"kc-logo-text\"><span>Envole</span></div>",
+  "notBefore": 0,
+  "defaultSignatureAlgorithm": "RS256",
+  "revokeRefreshToken": false,
+  "refreshTokenMaxReuse": 0,
+  "accessTokenLifespan": 60,
+  "accessTokenLifespanForImplicitFlow": 900,
+  "ssoSessionIdleTimeout": 1800,
+  "ssoSessionMaxLifespan": 36000,
+  "ssoSessionIdleTimeoutRememberMe": 0,
+  "ssoSessionMaxLifespanRememberMe": 0,
+  "offlineSessionIdleTimeout": 2592000,
+  "offlineSessionMaxLifespanEnabled": false,
+  "offlineSessionMaxLifespan": 5184000,
+  "clientSessionIdleTimeout": 0,
+  "clientSessionMaxLifespan": 0,
+  "clientOfflineSessionIdleTimeout": 0,
+  "clientOfflineSessionMaxLifespan": 0,
+  "accessCodeLifespan": 60,
+  "accessCodeLifespanUserAction": 300,
+  "accessCodeLifespanLogin": 1800,
+  "actionTokenGeneratedByAdminLifespan": 43200,
+  "actionTokenGeneratedByUserLifespan": 300,
+  "oauth2DeviceCodeLifespan": 600,
+  "oauth2DevicePollingInterval": 600,
+  "enabled": true,
+  "sslRequired": "external",
+  "registrationAllowed": false,
+  "registrationEmailAsUsername": false,
+  "rememberMe": false,
+  "verifyEmail": false,
+  "loginWithEmailAllowed": true,
+  "duplicateEmailsAllowed": false,
+  "resetPasswordAllowed": false,
+  "editUsernameAllowed": false,
+  "bruteForceProtected": false,
+  "permanentLockout": false,
+  "maxFailureWaitSeconds": 900,
+  "minimumQuickLoginWaitSeconds": 60,
+  "waitIncrementSeconds": 60,
+  "quickLoginCheckMilliSeconds": 1000,
+  "maxDeltaTimeSeconds": 43200,
+  "failureFactor": 30,
+  "defaultRole": {
+    "id": "778a9da1-89ea-4523-9537-0dc533265465",
+    "name": "default-roles-master",
+    "description": "${role_default-roles}",
+    "composite": true,
+    "clientRole": false,
+    "containerId": "envole"
+  },
+  "requiredCredentials": [
+    "password"
+  ],
+  "otpPolicyType": "totp",
+  "otpPolicyAlgorithm": "HmacSHA1",
+  "otpPolicyInitialCounter": 0,
+  "otpPolicyDigits": 6,
+  "otpPolicyLookAheadWindow": 1,
+  "otpPolicyPeriod": 30,
+  "otpSupportedApplications": [
+    "FreeOTP",
+    "Google Authenticator"
+  ],
+  "webAuthnPolicyRpEntityName": "keycloak",
+  "webAuthnPolicySignatureAlgorithms": [
+    "ES256"
+  ],
+  "webAuthnPolicyRpId": "",
+  "webAuthnPolicyAttestationConveyancePreference": "not specified",
+  "webAuthnPolicyAuthenticatorAttachment": "not specified",
+  "webAuthnPolicyRequireResidentKey": "not specified",
+  "webAuthnPolicyUserVerificationRequirement": "not specified",
+  "webAuthnPolicyCreateTimeout": 0,
+  "webAuthnPolicyAvoidSameAuthenticatorRegister": false,
+  "webAuthnPolicyAcceptableAaguids": [],
+  "webAuthnPolicyPasswordlessRpEntityName": "keycloak",
+  "webAuthnPolicyPasswordlessSignatureAlgorithms": [
+    "ES256"
+  ],
+  "webAuthnPolicyPasswordlessRpId": "",
+  "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified",
+  "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified",
+  "webAuthnPolicyPasswordlessRequireResidentKey": "not specified",
+  "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified",
+  "webAuthnPolicyPasswordlessCreateTimeout": 0,
+  "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false,
+  "webAuthnPolicyPasswordlessAcceptableAaguids": [],
+  "scopeMappings": [
+    {
+      "clientScope": "offline_access",
+      "roles": [
+        "offline_access"
+      ]
+    }
+  ],
+  "clientScopeMappings": {
+    "account": [
+      {
+        "client": "account-console",
+        "roles": [
+          "manage-account"
+        ]
+      }
+    ]
+  },
+  "clients": [
+    {
+      "id": "87270d83-7d5e-4dbe-a2d5-33d0cf465ac8",
+      "clientId": "account",
+      "name": "${client_account}",
+      "rootUrl": "${authBaseUrl}",
+      "baseUrl": "/realms/envole/account/",
+      "surrogateAuthRequired": false,
+      "enabled": true,
+      "alwaysDisplayInConsole": false,
+      "clientAuthenticatorType": "client-secret",
+      "redirectUris": [
+        "/realms/envole/account/*"
+      ],
+      "webOrigins": [],
+      "notBefore": 0,
+      "bearerOnly": false,
+      "consentRequired": false,
+      "standardFlowEnabled": true,
+      "implicitFlowEnabled": false,
+      "directAccessGrantsEnabled": false,
+      "serviceAccountsEnabled": false,
+      "publicClient": true,
+      "frontchannelLogout": false,
+      "protocol": "openid-connect",
+      "attributes": {},
+      "authenticationFlowBindingOverrides": {},
+      "fullScopeAllowed": false,
+      "nodeReRegistrationTimeout": 0,
+      "protocolMappers": [
+        {
+          "id": "7158adbd-5fbc-4452-87ec-f0d566a34f45",
+          "name": "full name",
+          "protocol": "cas",
+          "protocolMapper": "cas-full-name-mapper",
+          "consentRequired": false,
+          "config": {
+            "claim.name": "cn",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "f5914a8b-94fc-48d4-998e-ef199b0b0882",
+          "name": "given name",
+          "protocol": "cas",
+          "protocolMapper": "cas-usermodel-property-mapper",
+          "consentRequired": false,
+          "config": {
+            "user.attribute": "firstName",
+            "claim.name": "givenName",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "86ebd837-9e65-4081-a1cb-8836f310445e",
+          "name": "email",
+          "protocol": "cas",
+          "protocolMapper": "cas-usermodel-property-mapper",
+          "consentRequired": false,
+          "config": {
+            "user.attribute": "email",
+            "claim.name": "mail",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "e6a441b6-524f-407c-a516-127da17b95b7",
+          "name": "family name",
+          "protocol": "cas",
+          "protocolMapper": "cas-usermodel-property-mapper",
+          "consentRequired": false,
+          "config": {
+            "user.attribute": "lastName",
+            "claim.name": "sn",
+            "jsonType.label": "String"
+          }
+        }
+      ],
+      "defaultClientScopes": [],
+      "optionalClientScopes": []
+    },
+    {
+      "id": "3b851809-0f59-4b0d-9f85-bce72dfe250e",
+      "clientId": "account-console",
+      "name": "${client_account-console}",
+      "rootUrl": "${authBaseUrl}",
+      "baseUrl": "/realms/envole/account/",
+      "surrogateAuthRequired": false,
+      "enabled": true,
+      "alwaysDisplayInConsole": false,
+      "clientAuthenticatorType": "client-secret",
+      "redirectUris": [
+        "/realms/envole/account/*"
+      ],
+      "webOrigins": [],
+      "notBefore": 0,
+      "bearerOnly": false,
+      "consentRequired": false,
+      "standardFlowEnabled": true,
+      "implicitFlowEnabled": false,
+      "directAccessGrantsEnabled": false,
+      "serviceAccountsEnabled": false,
+      "publicClient": true,
+      "frontchannelLogout": false,
+      "protocol": "openid-connect",
+      "attributes": {
+        "pkce.code.challenge.method": "S256"
+      },
+      "authenticationFlowBindingOverrides": {},
+      "fullScopeAllowed": false,
+      "nodeReRegistrationTimeout": 0,
+      "protocolMappers": [
+        {
+          "id": "a255ef19-0537-4a44-84a8-c0b1ff4313b9",
+          "name": "audience resolve",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-audience-resolve-mapper",
+          "consentRequired": false,
+          "config": {}
+        },
+        {
+          "id": "6b88ea94-98d6-47dd-b656-82933d77ae18",
+          "name": "family name",
+          "protocol": "cas",
+          "protocolMapper": "cas-usermodel-property-mapper",
+          "consentRequired": false,
+          "config": {
+            "user.attribute": "lastName",
+            "claim.name": "sn",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "512a8304-56af-49e5-90b5-c9c05b70033c",
+          "name": "full name",
+          "protocol": "cas",
+          "protocolMapper": "cas-full-name-mapper",
+          "consentRequired": false,
+          "config": {
+            "claim.name": "cn",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "624dd437-2e33-4369-8c7e-a2de1c239f5f",
+          "name": "given name",
+          "protocol": "cas",
+          "protocolMapper": "cas-usermodel-property-mapper",
+          "consentRequired": false,
+          "config": {
+            "user.attribute": "firstName",
+            "claim.name": "givenName",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "75e0b103-fbc5-4cc7-9cc4-a68b7d3fdbfd",
+          "name": "email",
+          "protocol": "cas",
+          "protocolMapper": "cas-usermodel-property-mapper",
+          "consentRequired": false,
+          "config": {
+            "user.attribute": "email",
+            "claim.name": "mail",
+            "jsonType.label": "String"
+          }
+        }
+      ],
+      "defaultClientScopes": [],
+      "optionalClientScopes": []
+    },
+    {
+      "id": "d239802f-534d-4c4f-9a8c-95fe57a928ed",
+      "clientId": "admin-cli",
+      "name": "${client_admin-cli}",
+      "surrogateAuthRequired": false,
+      "enabled": true,
+      "alwaysDisplayInConsole": false,
+      "clientAuthenticatorType": "client-secret",
+      "redirectUris": [],
+      "webOrigins": [],
+      "notBefore": 0,
+      "bearerOnly": false,
+      "consentRequired": false,
+      "standardFlowEnabled": false,
+      "implicitFlowEnabled": false,
+      "directAccessGrantsEnabled": true,
+      "serviceAccountsEnabled": false,
+      "publicClient": true,
+      "frontchannelLogout": false,
+      "protocol": "openid-connect",
+      "attributes": {},
+      "authenticationFlowBindingOverrides": {},
+      "fullScopeAllowed": false,
+      "nodeReRegistrationTimeout": 0,
+      "protocolMappers": [
+        {
+          "id": "5ad3b564-2e34-4f06-9ae8-833633ece218",
+          "name": "email",
+          "protocol": "cas",
+          "protocolMapper": "cas-usermodel-property-mapper",
+          "consentRequired": false,
+          "config": {
+            "user.attribute": "email",
+            "claim.name": "mail",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "8eca5774-5f4b-4519-a1b1-227978cf8183",
+          "name": "given name",
+          "protocol": "cas",
+          "protocolMapper": "cas-usermodel-property-mapper",
+          "consentRequired": false,
+          "config": {
+            "user.attribute": "firstName",
+            "claim.name": "givenName",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "6a0101c8-2972-4acd-aac6-72149b803555",
+          "name": "family name",
+          "protocol": "cas",
+          "protocolMapper": "cas-usermodel-property-mapper",
+          "consentRequired": false,
+          "config": {
+            "user.attribute": "lastName",
+            "claim.name": "sn",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "620a7c64-22d1-4c33-bda2-d86ff7c702ce",
+          "name": "full name",
+          "protocol": "cas",
+          "protocolMapper": "cas-full-name-mapper",
+          "consentRequired": false,
+          "config": {
+            "claim.name": "cn",
+            "jsonType.label": "String"
+          }
+        }
+      ],
+      "defaultClientScopes": [],
+      "optionalClientScopes": []
+    },
+    {
+      "id": "7671be05-b84f-481f-b6f8-6254c939268d",
+      "clientId": "broker",
+      "name": "${client_broker}",
+      "surrogateAuthRequired": false,
+      "enabled": true,
+      "alwaysDisplayInConsole": false,
+      "clientAuthenticatorType": "client-secret",
+      "redirectUris": [],
+      "webOrigins": [],
+      "notBefore": 0,
+      "bearerOnly": true,
+      "consentRequired": false,
+      "standardFlowEnabled": true,
+      "implicitFlowEnabled": false,
+      "directAccessGrantsEnabled": false,
+      "serviceAccountsEnabled": false,
+      "publicClient": false,
+      "frontchannelLogout": false,
+      "protocol": "openid-connect",
+      "attributes": {},
+      "authenticationFlowBindingOverrides": {},
+      "fullScopeAllowed": false,
+      "nodeReRegistrationTimeout": 0,
+      "protocolMappers": [
+        {
+          "id": "ed454920-baa4-4815-bef6-6f20787d249e",
+          "name": "full name",
+          "protocol": "cas",
+          "protocolMapper": "cas-full-name-mapper",
+          "consentRequired": false,
+          "config": {
+            "claim.name": "cn",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "aa39dee5-5ccb-4461-a79a-0384af9d44ad",
+          "name": "email",
+          "protocol": "cas",
+          "protocolMapper": "cas-usermodel-property-mapper",
+          "consentRequired": false,
+          "config": {
+            "user.attribute": "email",
+            "claim.name": "mail",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "e008d88c-8028-431b-8671-f900635f35fc",
+          "name": "given name",
+          "protocol": "cas",
+          "protocolMapper": "cas-usermodel-property-mapper",
+          "consentRequired": false,
+          "config": {
+            "user.attribute": "firstName",
+            "claim.name": "givenName",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "1ff4922e-5c6e-4498-82cc-6766b20c8c1e",
+          "name": "family name",
+          "protocol": "cas",
+          "protocolMapper": "cas-usermodel-property-mapper",
+          "consentRequired": false,
+          "config": {
+            "user.attribute": "lastName",
+            "claim.name": "sn",
+            "jsonType.label": "String"
+          }
+        }
+      ],
+      "defaultClientScopes": [],
+      "optionalClientScopes": []
+    },
+    {
+      "id": "133d3397-41e7-4ec1-aaf0-a0939da72f58",
+      "clientId": "envole",
+      "name": "envole",
+      "rootUrl": "https://eolebase.ac-test.fr",
+      "baseUrl": "https://eolebase.ac-test.fr",
+      "surrogateAuthRequired": false,
+      "enabled": true,
+      "alwaysDisplayInConsole": false,
+      "clientAuthenticatorType": "client-secret",
+      "secret": "**********",
+      "redirectUris": [
+        "http://eolebase.ac-test.fr*",
+        "https://eolebase.ac-test.fr*"
+      ],
+      "webOrigins": [],
+      "notBefore": 0,
+      "bearerOnly": false,
+      "consentRequired": false,
+      "standardFlowEnabled": true,
+      "implicitFlowEnabled": false,
+      "directAccessGrantsEnabled": false,
+      "serviceAccountsEnabled": false,
+      "publicClient": false,
+      "frontchannelLogout": false,
+      "protocol": "cas",
+      "attributes": {
+        "id.token.as.detached.signature": "false",
+        "saml.assertion.signature": "false",
+        "saml.force.post.binding": "false",
+        "saml.multivalued.roles": "false",
+        "saml.encrypt": "false",
+        "login_theme": "keycloak",
+        "oauth2.device.authorization.grant.enabled": "false",
+        "backchannel.logout.revoke.offline.tokens": "false",
+        "saml.server.signature": "false",
+        "saml.server.signature.keyinfo.ext": "false",
+        "use.refresh.tokens": "true",
+        "exclude.session.state.from.auth.response": "false",
+        "oidc.ciba.grant.enabled": "false",
+        "saml.artifact.binding": "false",
+        "backchannel.logout.session.required": "false",
+        "client_credentials.use_refresh_token": "false",
+        "saml_force_name_id_format": "false",
+        "require.pushed.authorization.requests": "false",
+        "saml.client.signature": "false",
+        "tls.client.certificate.bound.access.tokens": "false",
+        "saml.authnstatement": "false",
+        "display.on.consent.screen": "false",
+        "saml.onetimeuse.condition": "false"
+      },
+      "authenticationFlowBindingOverrides": {},
+      "fullScopeAllowed": true,
+      "nodeReRegistrationTimeout": -1,
+      "protocolMappers": [
+        {
+          "id": "4e60ce83-fc4e-4f13-addc-ded389802592",
+          "name": "email",
+          "protocol": "cas",
+          "protocolMapper": "cas-usermodel-property-mapper",
+          "consentRequired": false,
+          "config": {
+            "user.attribute": "email",
+            "claim.name": "mail",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "5ebc6595-9386-4834-9f1c-5df10d8a68aa",
+          "name": "full name",
+          "protocol": "cas",
+          "protocolMapper": "cas-full-name-mapper",
+          "consentRequired": false,
+          "config": {
+            "claim.name": "cn",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "5ca43923-49cb-47f2-8c5f-d646808f665c",
+          "name": "family name",
+          "protocol": "cas",
+          "protocolMapper": "cas-usermodel-property-mapper",
+          "consentRequired": false,
+          "config": {
+            "user.attribute": "lastName",
+            "claim.name": "sn",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "e99e05dc-e158-4232-a1a0-a972e9397782",
+          "name": "given name",
+          "protocol": "cas",
+          "protocolMapper": "cas-usermodel-property-mapper",
+          "consentRequired": false,
+          "config": {
+            "user.attribute": "firstName",
+            "claim.name": "givenName",
+            "jsonType.label": "String"
+          }
+        }
+      ],
+      "defaultClientScopes": [
+        "envole"
+      ],
+      "optionalClientScopes": []
+    },
+    {
+      "id": "d5474573-906e-4f00-914a-a436049f5ac0",
+      "clientId": "realm-management",
+      "name": "${client_realm-management}",
+      "surrogateAuthRequired": false,
+      "enabled": true,
+      "alwaysDisplayInConsole": false,
+      "clientAuthenticatorType": "client-secret",
+      "redirectUris": [],
+      "webOrigins": [],
+      "notBefore": 0,
+      "bearerOnly": true,
+      "consentRequired": false,
+      "standardFlowEnabled": true,
+      "implicitFlowEnabled": false,
+      "directAccessGrantsEnabled": false,
+      "serviceAccountsEnabled": false,
+      "publicClient": false,
+      "frontchannelLogout": false,
+      "protocol": "openid-connect",
+      "attributes": {},
+      "authenticationFlowBindingOverrides": {},
+      "fullScopeAllowed": false,
+      "nodeReRegistrationTimeout": 0,
+      "protocolMappers": [
+        {
+          "id": "eb04593d-ec09-4a65-8b8e-b177bf23b8bc",
+          "name": "given name",
+          "protocol": "cas",
+          "protocolMapper": "cas-usermodel-property-mapper",
+          "consentRequired": false,
+          "config": {
+            "user.attribute": "firstName",
+            "claim.name": "givenName",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "9434f197-308e-4266-93e6-1d162a52c6d5",
+          "name": "full name",
+          "protocol": "cas",
+          "protocolMapper": "cas-full-name-mapper",
+          "consentRequired": false,
+          "config": {
+            "claim.name": "cn",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "5195c729-1853-4b2f-a239-16e439265873",
+          "name": "family name",
+          "protocol": "cas",
+          "protocolMapper": "cas-usermodel-property-mapper",
+          "consentRequired": false,
+          "config": {
+            "user.attribute": "lastName",
+            "claim.name": "sn",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "565cf014-8114-47ca-861f-1710035a7023",
+          "name": "email",
+          "protocol": "cas",
+          "protocolMapper": "cas-usermodel-property-mapper",
+          "consentRequired": false,
+          "config": {
+            "user.attribute": "email",
+            "claim.name": "mail",
+            "jsonType.label": "String"
+          }
+        }
+      ],
+      "defaultClientScopes": [],
+      "optionalClientScopes": []
+    },
+    {
+      "id": "e4c15b58-2e15-4ff3-8e16-ecbd02551978",
+      "clientId": "security-admin-console",
+      "name": "${client_security-admin-console}",
+      "rootUrl": "${authAdminUrl}",
+      "baseUrl": "/admin/envole/console/",
+      "surrogateAuthRequired": false,
+      "enabled": true,
+      "alwaysDisplayInConsole": false,
+      "clientAuthenticatorType": "client-secret",
+      "redirectUris": [
+        "/admin/envole/console/*"
+      ],
+      "webOrigins": [
+        "+"
+      ],
+      "notBefore": 0,
+      "bearerOnly": false,
+      "consentRequired": false,
+      "standardFlowEnabled": true,
+      "implicitFlowEnabled": false,
+      "directAccessGrantsEnabled": false,
+      "serviceAccountsEnabled": false,
+      "publicClient": true,
+      "frontchannelLogout": false,
+      "protocol": "openid-connect",
+      "attributes": {
+        "pkce.code.challenge.method": "S256"
+      },
+      "authenticationFlowBindingOverrides": {},
+      "fullScopeAllowed": false,
+      "nodeReRegistrationTimeout": 0,
+      "protocolMappers": [
+        {
+          "id": "26bfca71-394c-4ca2-8e74-865a7b9b4182",
+          "name": "email",
+          "protocol": "cas",
+          "protocolMapper": "cas-usermodel-property-mapper",
+          "consentRequired": false,
+          "config": {
+            "user.attribute": "email",
+            "claim.name": "mail",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "31a8e7ec-b19b-4195-bcb7-1e8d57f525f6",
+          "name": "full name",
+          "protocol": "cas",
+          "protocolMapper": "cas-full-name-mapper",
+          "consentRequired": false,
+          "config": {
+            "claim.name": "cn",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "f8257533-9a9a-4ac2-85dc-50921351f67b",
+          "name": "given name",
+          "protocol": "cas",
+          "protocolMapper": "cas-usermodel-property-mapper",
+          "consentRequired": false,
+          "config": {
+            "user.attribute": "firstName",
+            "claim.name": "givenName",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "58da24e2-5491-452c-8a9f-c13e27c01b4f",
+          "name": "locale",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-usermodel-attribute-mapper",
+          "consentRequired": false,
+          "config": {
+            "userinfo.token.claim": "true",
+            "user.attribute": "locale",
+            "id.token.claim": "true",
+            "access.token.claim": "true",
+            "claim.name": "locale",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "b34ad4e4-ed15-485a-9d7c-8b8ca89386b3",
+          "name": "family name",
+          "protocol": "cas",
+          "protocolMapper": "cas-usermodel-property-mapper",
+          "consentRequired": false,
+          "config": {
+            "user.attribute": "lastName",
+            "claim.name": "sn",
+            "jsonType.label": "String"
+          }
+        }
+      ],
+      "defaultClientScopes": [],
+      "optionalClientScopes": []
+    }
+  ],
+  "clientScopes": [
+    {
+      "id": "e5bab9e6-0003-405a-bc2a-d96d1c2f7046",
+      "name": "email",
+      "description": "OpenID Connect built-in scope: email",
+      "protocol": "openid-connect",
+      "attributes": {
+        "include.in.token.scope": "true",
+        "display.on.consent.screen": "true",
+        "consent.screen.text": "${emailScopeConsentText}"
+      },
+      "protocolMappers": [
+        {
+          "id": "2cf129d5-5a52-4522-94d3-aeefe5074af1",
+          "name": "email",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-usermodel-property-mapper",
+          "consentRequired": false,
+          "config": {
+            "userinfo.token.claim": "true",
+            "user.attribute": "email",
+            "id.token.claim": "true",
+            "access.token.claim": "true",
+            "claim.name": "email",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "d07c04b4-0c9b-4168-9a87-0d1f8db41c01",
+          "name": "email verified",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-usermodel-property-mapper",
+          "consentRequired": false,
+          "config": {
+            "userinfo.token.claim": "true",
+            "user.attribute": "emailVerified",
+            "id.token.claim": "true",
+            "access.token.claim": "true",
+            "claim.name": "email_verified",
+            "jsonType.label": "boolean"
+          }
+        }
+      ]
+    },
+    {
+      "id": "bd3e8ff5-e456-49bb-8fc5-a4b10bdb161e",
+      "name": "role_list",
+      "description": "SAML role list",
+      "protocol": "saml",
+      "attributes": {
+        "consent.screen.text": "${samlRoleListScopeConsentText}",
+        "display.on.consent.screen": "true"
+      },
+      "protocolMappers": [
+        {
+          "id": "2f00f403-1835-4a67-a05d-31bb0264c0bf",
+          "name": "role list",
+          "protocol": "saml",
+          "protocolMapper": "saml-role-list-mapper",
+          "consentRequired": false,
+          "config": {
+            "single": "false",
+            "attribute.nameformat": "Basic",
+            "attribute.name": "Role"
+          }
+        }
+      ]
+    },
+    {
+      "id": "df9cfc10-8f39-43fc-a5b3-99e6014dffea",
+      "name": "profile",
+      "description": "OpenID Connect built-in scope: profile",
+      "protocol": "openid-connect",
+      "attributes": {
+        "include.in.token.scope": "true",
+        "display.on.consent.screen": "true",
+        "consent.screen.text": "${profileScopeConsentText}"
+      },
+      "protocolMappers": [
+        {
+          "id": "10b45997-ab67-448b-9396-0adb49948e4c",
+          "name": "nickname",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-usermodel-attribute-mapper",
+          "consentRequired": false,
+          "config": {
+            "userinfo.token.claim": "true",
+            "user.attribute": "nickname",
+            "id.token.claim": "true",
+            "access.token.claim": "true",
+            "claim.name": "nickname",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "0f172771-2ce4-42e3-926a-ff2f1075af6f",
+          "name": "locale",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-usermodel-attribute-mapper",
+          "consentRequired": false,
+          "config": {
+            "userinfo.token.claim": "true",
+            "user.attribute": "locale",
+            "id.token.claim": "true",
+            "access.token.claim": "true",
+            "claim.name": "locale",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "3dcf78c2-cd43-4101-a02b-007260a9b612",
+          "name": "picture",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-usermodel-attribute-mapper",
+          "consentRequired": false,
+          "config": {
+            "userinfo.token.claim": "true",
+            "user.attribute": "picture",
+            "id.token.claim": "true",
+            "access.token.claim": "true",
+            "claim.name": "picture",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "e9ea9414-335f-4c79-8ada-a8cd960100d1",
+          "name": "website",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-usermodel-attribute-mapper",
+          "consentRequired": false,
+          "config": {
+            "userinfo.token.claim": "true",
+            "user.attribute": "website",
+            "id.token.claim": "true",
+            "access.token.claim": "true",
+            "claim.name": "website",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "2fac0274-ece3-4a89-9818-14adda3a67bc",
+          "name": "gender",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-usermodel-attribute-mapper",
+          "consentRequired": false,
+          "config": {
+            "userinfo.token.claim": "true",
+            "user.attribute": "gender",
+            "id.token.claim": "true",
+            "access.token.claim": "true",
+            "claim.name": "gender",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "b0f98586-8113-4552-a3fb-fd507c829128",
+          "name": "zoneinfo",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-usermodel-attribute-mapper",
+          "consentRequired": false,
+          "config": {
+            "userinfo.token.claim": "true",
+            "user.attribute": "zoneinfo",
+            "id.token.claim": "true",
+            "access.token.claim": "true",
+            "claim.name": "zoneinfo",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "6968296c-04b8-45dc-9540-d1f0f3f60221",
+          "name": "middle name",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-usermodel-attribute-mapper",
+          "consentRequired": false,
+          "config": {
+            "userinfo.token.claim": "true",
+            "user.attribute": "middleName",
+            "id.token.claim": "true",
+            "access.token.claim": "true",
+            "claim.name": "middle_name",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "0d0ad251-5054-4827-be19-44d289ba213d",
+          "name": "profile",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-usermodel-attribute-mapper",
+          "consentRequired": false,
+          "config": {
+            "userinfo.token.claim": "true",
+            "user.attribute": "profile",
+            "id.token.claim": "true",
+            "access.token.claim": "true",
+            "claim.name": "profile",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "16cdcafc-e1d2-401c-aa06-5bbb865dc216",
+          "name": "username",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-usermodel-property-mapper",
+          "consentRequired": false,
+          "config": {
+            "userinfo.token.claim": "true",
+            "user.attribute": "username",
+            "id.token.claim": "true",
+            "access.token.claim": "true",
+            "claim.name": "preferred_username",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "f367af39-837f-4ebf-b899-515b85bebf74",
+          "name": "given name",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-usermodel-property-mapper",
+          "consentRequired": false,
+          "config": {
+            "userinfo.token.claim": "true",
+            "user.attribute": "firstName",
+            "id.token.claim": "true",
+            "access.token.claim": "true",
+            "claim.name": "given_name",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "c98e8531-fe14-4836-afff-453573504cb5",
+          "name": "birthdate",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-usermodel-attribute-mapper",
+          "consentRequired": false,
+          "config": {
+            "userinfo.token.claim": "true",
+            "user.attribute": "birthdate",
+            "id.token.claim": "true",
+            "access.token.claim": "true",
+            "claim.name": "birthdate",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "d2a55e94-0e99-4b65-a9dd-2994f41d5f0c",
+          "name": "updated at",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-usermodel-attribute-mapper",
+          "consentRequired": false,
+          "config": {
+            "userinfo.token.claim": "true",
+            "user.attribute": "updatedAt",
+            "id.token.claim": "true",
+            "access.token.claim": "true",
+            "claim.name": "updated_at",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "cf433524-2dcc-49ef-8493-bf9d92b88101",
+          "name": "full name",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-full-name-mapper",
+          "consentRequired": false,
+          "config": {
+            "id.token.claim": "true",
+            "access.token.claim": "true",
+            "userinfo.token.claim": "true"
+          }
+        },
+        {
+          "id": "90a63c1f-a529-47fb-8412-a37bc511d8f7",
+          "name": "family name",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-usermodel-property-mapper",
+          "consentRequired": false,
+          "config": {
+            "userinfo.token.claim": "true",
+            "user.attribute": "lastName",
+            "id.token.claim": "true",
+            "access.token.claim": "true",
+            "claim.name": "family_name",
+            "jsonType.label": "String"
+          }
+        }
+      ]
+    },
+    {
+      "id": "6aa23421-70a4-4e86-88f6-9f0660a61c9b",
+      "name": "web-origins",
+      "description": "OpenID Connect scope for add allowed web origins to the access token",
+      "protocol": "openid-connect",
+      "attributes": {
+        "include.in.token.scope": "false",
+        "display.on.consent.screen": "false",
+        "consent.screen.text": ""
+      },
+      "protocolMappers": [
+        {
+          "id": "4949c89a-5149-41ba-87a5-f3cd9b3f6b77",
+          "name": "allowed web origins",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-allowed-origins-mapper",
+          "consentRequired": false,
+          "config": {}
+        }
+      ]
+    },
+    {
+      "id": "26b70183-e9a3-4383-893d-578ee135ac91",
+      "name": "phone",
+      "description": "OpenID Connect built-in scope: phone",
+      "protocol": "openid-connect",
+      "attributes": {
+        "include.in.token.scope": "true",
+        "display.on.consent.screen": "true",
+        "consent.screen.text": "${phoneScopeConsentText}"
+      },
+      "protocolMappers": [
+        {
+          "id": "3e193f09-c5c4-4a5e-bf18-a191830cba62",
+          "name": "phone number verified",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-usermodel-attribute-mapper",
+          "consentRequired": false,
+          "config": {
+            "userinfo.token.claim": "true",
+            "user.attribute": "phoneNumberVerified",
+            "id.token.claim": "true",
+            "access.token.claim": "true",
+            "claim.name": "phone_number_verified",
+            "jsonType.label": "boolean"
+          }
+        },
+        {
+          "id": "dcbb0641-3ddf-47aa-ad90-5f5f76f63cbe",
+          "name": "phone number",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-usermodel-attribute-mapper",
+          "consentRequired": false,
+          "config": {
+            "userinfo.token.claim": "true",
+            "user.attribute": "phoneNumber",
+            "id.token.claim": "true",
+            "access.token.claim": "true",
+            "claim.name": "phone_number",
+            "jsonType.label": "String"
+          }
+        }
+      ]
+    },
+    {
+      "id": "cb7a60bc-d71f-4379-8bbc-d22e48a78a2e",
+      "name": "address",
+      "description": "OpenID Connect built-in scope: address",
+      "protocol": "openid-connect",
+      "attributes": {
+        "include.in.token.scope": "true",
+        "display.on.consent.screen": "true",
+        "consent.screen.text": "${addressScopeConsentText}"
+      },
+      "protocolMappers": [
+        {
+          "id": "b177c977-c857-4c15-b985-8d489f3ab4aa",
+          "name": "address",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-address-mapper",
+          "consentRequired": false,
+          "config": {
+            "user.attribute.formatted": "formatted",
+            "user.attribute.country": "country",
+            "user.attribute.postal_code": "postal_code",
+            "userinfo.token.claim": "true",
+            "user.attribute.street": "street",
+            "id.token.claim": "true",
+            "user.attribute.region": "region",
+            "access.token.claim": "true",
+            "user.attribute.locality": "locality"
+          }
+        }
+      ]
+    },
+    {
+      "id": "a31d82e9-ae91-42e2-ba0d-115f53749780",
+      "name": "roles",
+      "description": "OpenID Connect scope for add user roles to the access token",
+      "protocol": "openid-connect",
+      "attributes": {
+        "include.in.token.scope": "false",
+        "display.on.consent.screen": "true",
+        "consent.screen.text": "${rolesScopeConsentText}"
+      },
+      "protocolMappers": [
+        {
+          "id": "0e76249d-2f86-4e0d-8ddc-f034f96837f6",
+          "name": "audience resolve",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-audience-resolve-mapper",
+          "consentRequired": false,
+          "config": {}
+        },
+        {
+          "id": "fad5d917-9728-43fb-99b8-b23547a125e2",
+          "name": "client roles",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-usermodel-client-role-mapper",
+          "consentRequired": false,
+          "config": {
+            "user.attribute": "foo",
+            "access.token.claim": "true",
+            "claim.name": "resource_access.${client_id}.roles",
+            "jsonType.label": "String",
+            "multivalued": "true"
+          }
+        },
+        {
+          "id": "cbed5763-4f17-4f30-ae15-d9bcdc20d50a",
+          "name": "realm roles",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-usermodel-realm-role-mapper",
+          "consentRequired": false,
+          "config": {
+            "user.attribute": "foo",
+            "access.token.claim": "true",
+            "claim.name": "realm_access.roles",
+            "jsonType.label": "String",
+            "multivalued": "true"
+          }
+        }
+      ]
+    },
+    {
+      "id": "7bc8ebde-3563-4ce1-a0d2-ad58aba2cd7c",
+      "name": "microprofile-jwt",
+      "description": "Microprofile - JWT built-in scope",
+      "protocol": "openid-connect",
+      "attributes": {
+        "include.in.token.scope": "true",
+        "display.on.consent.screen": "false"
+      },
+      "protocolMappers": [
+        {
+          "id": "e5e10473-8bd1-42b5-89fa-d0b3e90a18ed",
+          "name": "upn",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-usermodel-property-mapper",
+          "consentRequired": false,
+          "config": {
+            "userinfo.token.claim": "true",
+            "user.attribute": "username",
+            "id.token.claim": "true",
+            "access.token.claim": "true",
+            "claim.name": "upn",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "7d0b5233-08f1-47c1-9b21-ae8c471d67e1",
+          "name": "groups",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-usermodel-realm-role-mapper",
+          "consentRequired": false,
+          "config": {
+            "multivalued": "true",
+            "userinfo.token.claim": "true",
+            "user.attribute": "foo",
+            "id.token.claim": "true",
+            "access.token.claim": "true",
+            "claim.name": "groups",
+            "jsonType.label": "String"
+          }
+        }
+      ]
+    },
+    {
+      "id": "238cdd25-3e87-45cf-badf-89033829a1af",
+      "name": "envole",
+      "protocol": "cas",
+      "attributes": {
+        "include.in.token.scope": "true",
+        "display.on.consent.screen": "true"
+      },
+      "protocolMappers": [
+        {
+          "id": "d4e42326-ec8b-4103-8e7b-afdc1c64d904",
+          "name": "siren",
+          "protocol": "cas",
+          "protocolMapper": "cas-usermodel-attribute-mapper",
+          "consentRequired": false,
+          "config": {
+            "user.attribute": "siren",
+            "claim.name": "siren",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "fcd2b58e-8be8-40b4-aec0-132fb6259d93",
+          "name": "niveau01",
+          "protocol": "cas",
+          "protocolMapper": "cas-usermodel-attribute-mapper",
+          "consentRequired": false,
+          "config": {
+            "user.attribute": "niveau01",
+            "claim.name": "niveau01",
+            "jsonType.label": "String"
+          }
+        }
+      ]
+    },
+    {
+      "id": "44ab982e-a384-41a3-8610-a65600c489e4",
+      "name": "offline_access",
+      "description": "OpenID Connect built-in scope: offline_access",
+      "protocol": "openid-connect",
+      "attributes": {
+        "consent.screen.text": "${offlineAccessScopeConsentText}",
+        "display.on.consent.screen": "true"
+      }
+    }
+  ],
+  "defaultDefaultClientScopes": [
+    "web-origins",
+    "roles",
+    "role_list",
+    "profile",
+    "email"
+  ],
+  "defaultOptionalClientScopes": [
+    "phone",
+    "offline_access",
+    "microprofile-jwt",
+    "address"
+  ],
+  "browserSecurityHeaders": {
+    "contentSecurityPolicyReportOnly": "",
+    "xContentTypeOptions": "nosniff",
+    "xRobotsTag": "none",
+    "xFrameOptions": "SAMEORIGIN",
+    "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
+    "xXSSProtection": "1; mode=block",
+    "strictTransportSecurity": "max-age=31536000; includeSubDomains"
+  },
+  "smtpServer": {},
+  "eventsEnabled": false,
+  "eventsListeners": [
+    "jboss-logging"
+  ],
+  "enabledEventTypes": [],
+  "adminEventsEnabled": false,
+  "adminEventsDetailsEnabled": false,
+  "identityProviders": [],
+  "identityProviderMappers": [],
+  "components": {
+    "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [
+      {
+        "id": "4534f093-d690-4e0e-afe1-3590257718f4",
+        "name": "Max Clients Limit",
+        "providerId": "max-clients",
+        "subType": "anonymous",
+        "subComponents": {},
+        "config": {
+          "max-clients": [
+            "200"
+          ]
+        }
+      },
+      {
+        "id": "6c90c03e-45f7-4ea6-83eb-fc6131e24c34",
+        "name": "Allowed Protocol Mapper Types",
+        "providerId": "allowed-protocol-mappers",
+        "subType": "anonymous",
+        "subComponents": {},
+        "config": {
+          "allowed-protocol-mapper-types": [
+            "oidc-usermodel-attribute-mapper",
+            "saml-user-property-mapper",
+            "oidc-address-mapper",
+            "oidc-full-name-mapper",
+            "saml-role-list-mapper",
+            "oidc-sha256-pairwise-sub-mapper",
+            "oidc-usermodel-property-mapper",
+            "saml-user-attribute-mapper"
+          ]
+        }
+      },
+      {
+        "id": "55c9c339-6151-47cb-9f95-99076e157e1c",
+        "name": "Full Scope Disabled",
+        "providerId": "scope",
+        "subType": "anonymous",
+        "subComponents": {},
+        "config": {}
+      },
+      {
+        "id": "e7af1382-7b01-4b25-9ae1-57bec1f0fec2",
+        "name": "Trusted Hosts",
+        "providerId": "trusted-hosts",
+        "subType": "anonymous",
+        "subComponents": {},
+        "config": {
+          "host-sending-registration-request-must-match": [
+            "true"
+          ],
+          "client-uris-must-match": [
+            "true"
+          ]
+        }
+      },
+      {
+        "id": "09380ed6-96a9-43ab-ba83-cb864a3f509a",
+        "name": "Allowed Client Scopes",
+        "providerId": "allowed-client-templates",
+        "subType": "anonymous",
+        "subComponents": {},
+        "config": {
+          "allow-default-scopes": [
+            "true"
+          ]
+        }
+      },
+      {
+        "id": "64924b80-6b72-4991-a838-b1c275cb79f8",
+        "name": "Consent Required",
+        "providerId": "consent-required",
+        "subType": "anonymous",
+        "subComponents": {},
+        "config": {}
+      },
+      {
+        "id": "509b7501-be18-4425-bb25-68fe6868dc73",
+        "name": "Allowed Protocol Mapper Types",
+        "providerId": "allowed-protocol-mappers",
+        "subType": "authenticated",
+        "subComponents": {},
+        "config": {
+          "allowed-protocol-mapper-types": [
+            "saml-user-attribute-mapper",
+            "oidc-sha256-pairwise-sub-mapper",
+            "saml-user-property-mapper",
+            "oidc-usermodel-attribute-mapper",
+            "oidc-full-name-mapper",
+            "oidc-address-mapper",
+            "oidc-usermodel-property-mapper",
+            "saml-role-list-mapper"
+          ]
+        }
+      },
+      {
+        "id": "164c42e5-13a3-4d67-82dd-3a24a21099c5",
+        "name": "Allowed Client Scopes",
+        "providerId": "allowed-client-templates",
+        "subType": "authenticated",
+        "subComponents": {},
+        "config": {
+          "allow-default-scopes": [
+            "true"
+          ]
+        }
+      }
+    ],
+    "org.keycloak.userprofile.UserProfileProvider": [
+      {
+        "id": "57b8edbf-3395-4ac3-80d7-2bd0ca1ec792",
+        "providerId": "declarative-user-profile",
+        "subComponents": {},
+        "config": {}
+      }
+    ],
+    "org.keycloak.storage.UserStorageProvider": [
+      {
+        "id": "cc488d45-7acf-4460-9ce3-92fa33f2169a",
+        "name": "ldap",
+        "providerId": "ldap",
+        "subComponents": {
+          "org.keycloak.storage.ldap.mappers.LDAPStorageMapper": [
+            {
+              "id": "05b4c1c5-f1b3-418f-b4e3-40149e08cb9f",
+              "name": "email",
+              "providerId": "user-attribute-ldap-mapper",
+              "subComponents": {},
+              "config": {
+                "ldap.attribute": [
+                  "mail"
+                ],
+                "is.mandatory.in.ldap": [
+                  "false"
+                ],
+                "is.binary.attribute": [
+                  "false"
+                ],
+                "read.only": [
+                  "true"
+                ],
+                "always.read.value.from.ldap": [
+                  "false"
+                ],
+                "user.model.attribute": [
+                  "email"
+                ]
+              }
+            },
+            {
+              "id": "a019bec6-f45a-4cee-a2e2-04454e31c8a7",
+              "name": "username",
+              "providerId": "user-attribute-ldap-mapper",
+              "subComponents": {},
+              "config": {
+                "ldap.attribute": [
+                  "uid"
+                ],
+                "is.mandatory.in.ldap": [
+                  "false"
+                ],
+                "is.binary.attribute": [
+                  "false"
+                ],
+                "read.only": [
+                  "true"
+                ],
+                "user.model.attribute": [
+                  "username"
+                ]
+              }
+            },
+            {
+              "id": "a5717a47-a717-4655-98cf-0cdfab2c8d9b",
+              "name": "modify date",
+              "providerId": "user-attribute-ldap-mapper",
+              "subComponents": {},
+              "config": {
+                "ldap.attribute": [
+                  "modifyTimestamp"
+                ],
+                "is.mandatory.in.ldap": [
+                  "false"
+                ],
+                "always.read.value.from.ldap": [
+                  "true"
+                ],
+                "read.only": [
+                  "true"
+                ],
+                "user.model.attribute": [
+                  "modifyTimestamp"
+                ]
+              }
+            },
+            {
+              "id": "3dc5921d-44ac-4748-8c61-a4f1e2052d95",
+              "name": "niveau01",
+              "providerId": "user-attribute-ldap-mapper",
+              "subComponents": {},
+              "config": {
+                "ldap.attribute": [
+                  "niveau01"
+                ],
+                "is.mandatory.in.ldap": [
+                  "false"
+                ],
+                "is.binary.attribute": [
+                  "false"
+                ],
+                "read.only": [
+                  "true"
+                ],
+                "user.model.attribute": [
+                  "niveau01"
+                ]
+              }
+            },
+            {
+              "id": "4dc6f603-4c19-466e-8929-279fd246c3b5",
+              "name": "last name",
+              "providerId": "user-attribute-ldap-mapper",
+              "subComponents": {},
+              "config": {
+                "ldap.attribute": [
+                  "sn"
+                ],
+                "is.mandatory.in.ldap": [
+                  "true"
+                ],
+                "always.read.value.from.ldap": [
+                  "true"
+                ],
+                "read.only": [
+                  "true"
+                ],
+                "user.model.attribute": [
+                  "lastName"
+                ]
+              }
+            },
+            {
+              "id": "b35862bf-04c1-4b72-9eb4-1a511b44d66e",
+              "name": "first name",
+              "providerId": "user-attribute-ldap-mapper",
+              "subComponents": {},
+              "config": {
+                "ldap.attribute": [
+                  "givenName"
+                ],
+                "is.mandatory.in.ldap": [
+                  "false"
+                ],
+                "is.binary.attribute": [
+                  "false"
+                ],
+                "always.read.value.from.ldap": [
+                  "true"
+                ],
+                "read.only": [
+                  "true"
+                ],
+                "user.model.attribute": [
+                  "firstname"
+                ]
+              }
+            },
+            {
+              "id": "207e55ef-e171-4a96-ad85-7d9899472991",
+              "name": "siren",
+              "providerId": "user-attribute-ldap-mapper",
+              "subComponents": {},
+              "config": {
+                "ldap.attribute": [
+                  "siren"
+                ],
+                "is.mandatory.in.ldap": [
+                  "false"
+                ],
+                "is.binary.attribute": [
+                  "false"
+                ],
+                "read.only": [
+                  "true"
+                ],
+                "user.model.attribute": [
+                  "siren"
+                ]
+              }
+            },
+            {
+              "id": "faf41ea6-f9f8-4872-9b9e-2461e0d9b834",
+              "name": "creation date",
+              "providerId": "user-attribute-ldap-mapper",
+              "subComponents": {},
+              "config": {
+                "ldap.attribute": [
+                  "createTimestamp"
+                ],
+                "is.mandatory.in.ldap": [
+                  "false"
+                ],
+                "read.only": [
+                  "true"
+                ],
+                "always.read.value.from.ldap": [
+                  "true"
+                ],
+                "user.model.attribute": [
+                  "createTimestamp"
+                ]
+              }
+            }
+          ]
+        },
+        "config": {
+          "pagination": [
+            "true"
+          ],
+          "fullSyncPeriod": [
+            "-1"
+          ],
+          "connectionPooling": [
+            "true"
+          ],
+          "usersDn": [
+            "ou=users,ou=ninegate,dc=envole,dc=org"
+          ],
+          "cachePolicy": [
+            "DEFAULT"
+          ],
+          "useKerberosForPasswordAuthentication": [
+            "false"
+          ],
+          "importEnabled": [
+            "false"
+          ],
+          "enabled": [
+            "true"
+          ],
+          "usernameLDAPAttribute": [
+            "uid"
+          ],
+          "bindCredential": [
+            "changeme"
+          ],
+          "changedSyncPeriod": [
+            "-1"
+          ],
+          "bindDn": [
+            "cn=admin,dc=envole,dc=org"
+          ],
+          "lastSync": [
+            "1698698495"
+          ],
+          "vendor": [
+            "other"
+          ],
+          "uuidLDAPAttribute": [
+            "entryUUID"
+          ],
+          "connectionUrl": [
+            "ldap://openldap:1389"
+          ],
+          "allowKerberosAuthentication": [
+            "false"
+          ],
+          "syncRegistrations": [
+            "false"
+          ],
+          "authType": [
+            "simple"
+          ],
+          "debug": [
+            "false"
+          ],
+          "searchScope": [
+            "1"
+          ],
+          "useTruststoreSpi": [
+            "ldapsOnly"
+          ],
+          "trustEmail": [
+            "false"
+          ],
+          "priority": [
+            "0"
+          ],
+          "userObjectClasses": [
+            "inetOrgPerson, organizationalPerson"
+          ],
+          "rdnLDAPAttribute": [
+            "uid"
+          ],
+          "editMode": [
+            "READ_ONLY"
+          ],
+          "validatePasswordPolicy": [
+            "false"
+          ],
+          "batchSizeForSync": [
+            "1000"
+          ]
+        }
+      }
+    ],
+    "org.keycloak.keys.KeyProvider": [
+      {
+        "id": "20be504c-5093-4f94-b9c8-8048c49301dd",
+        "name": "hmac-generated",
+        "providerId": "hmac-generated",
+        "subComponents": {},
+        "config": {
+          "priority": [
+            "100"
+          ],
+          "algorithm": [
+            "HS256"
+          ]
+        }
+      },
+      {
+        "id": "89c846d9-b9e9-4022-8cf7-03a63e4efc03",
+        "name": "rsa-enc-generated",
+        "providerId": "rsa-enc-generated",
+        "subComponents": {},
+        "config": {
+          "priority": [
+            "100"
+          ],
+          "algorithm": [
+            "RSA-OAEP"
+          ]
+        }
+      },
+      {
+        "id": "048bb6eb-5423-476b-9c19-d39e6640a1cf",
+        "name": "aes-generated",
+        "providerId": "aes-generated",
+        "subComponents": {},
+        "config": {
+          "priority": [
+            "100"
+          ]
+        }
+      },
+      {
+        "id": "f1c978f6-a133-46f6-a784-bc1c6a9dace9",
+        "name": "rsa-generated",
+        "providerId": "rsa-generated",
+        "subComponents": {},
+        "config": {
+          "priority": [
+            "100"
+          ]
+        }
+      }
+    ]
+  },
+  "internationalizationEnabled": false,
+  "supportedLocales": [],
+  "authenticationFlows": [
+    {
+      "id": "2769839a-7135-4319-bcf2-1208e18004cb",
+      "alias": "Account verification options",
+      "description": "Method with which to verity the existing account",
+      "providerId": "basic-flow",
+      "topLevel": false,
+      "builtIn": true,
+      "authenticationExecutions": [
+        {
+          "authenticator": "idp-email-verification",
+          "authenticatorFlow": false,
+          "requirement": "ALTERNATIVE",
+          "priority": 10,
+          "userSetupAllowed": false,
+          "autheticatorFlow": false
+        },
+        {
+          "authenticatorFlow": true,
+          "requirement": "ALTERNATIVE",
+          "priority": 20,
+          "flowAlias": "Verify Existing Account by Re-authentication",
+          "userSetupAllowed": false,
+          "autheticatorFlow": true
+        }
+      ]
+    },
+    {
+      "id": "a03d0c39-b304-479f-beb3-0ac34048b3e7",
+      "alias": "Authentication Options",
+      "description": "Authentication options.",
+      "providerId": "basic-flow",
+      "topLevel": false,
+      "builtIn": true,
+      "authenticationExecutions": [
+        {
+          "authenticator": "basic-auth",
+          "authenticatorFlow": false,
+          "requirement": "REQUIRED",
+          "priority": 10,
+          "userSetupAllowed": false,
+          "autheticatorFlow": false
+        },
+        {
+          "authenticator": "basic-auth-otp",
+          "authenticatorFlow": false,
+          "requirement": "DISABLED",
+          "priority": 20,
+          "userSetupAllowed": false,
+          "autheticatorFlow": false
+        },
+        {
+          "authenticator": "auth-spnego",
+          "authenticatorFlow": false,
+          "requirement": "DISABLED",
+          "priority": 30,
+          "userSetupAllowed": false,
+          "autheticatorFlow": false
+        }
+      ]
+    },
+    {
+      "id": "ccb129aa-f7e7-4111-a463-a19206b7fb37",
+      "alias": "Browser - Conditional OTP",
+      "description": "Flow to determine if the OTP is required for the authentication",
+      "providerId": "basic-flow",
+      "topLevel": false,
+      "builtIn": true,
+      "authenticationExecutions": [
+        {
+          "authenticator": "conditional-user-configured",
+          "authenticatorFlow": false,
+          "requirement": "REQUIRED",
+          "priority": 10,
+          "userSetupAllowed": false,
+          "autheticatorFlow": false
+        },
+        {
+          "authenticator": "auth-otp-form",
+          "authenticatorFlow": false,
+          "requirement": "REQUIRED",
+          "priority": 20,
+          "userSetupAllowed": false,
+          "autheticatorFlow": false
+        }
+      ]
+    },
+    {
+      "id": "e590c666-bf10-455b-8a0b-fe26d15a5c0a",
+      "alias": "Direct Grant - Conditional OTP",
+      "description": "Flow to determine if the OTP is required for the authentication",
+      "providerId": "basic-flow",
+      "topLevel": false,
+      "builtIn": true,
+      "authenticationExecutions": [
+        {
+          "authenticator": "conditional-user-configured",
+          "authenticatorFlow": false,
+          "requirement": "REQUIRED",
+          "priority": 10,
+          "userSetupAllowed": false,
+          "autheticatorFlow": false
+        },
+        {
+          "authenticator": "direct-grant-validate-otp",
+          "authenticatorFlow": false,
+          "requirement": "REQUIRED",
+          "priority": 20,
+          "userSetupAllowed": false,
+          "autheticatorFlow": false
+        }
+      ]
+    },
+    {
+      "id": "272ef112-7124-4361-83e1-fab3a43cb68d",
+      "alias": "First broker login - Conditional OTP",
+      "description": "Flow to determine if the OTP is required for the authentication",
+      "providerId": "basic-flow",
+      "topLevel": false,
+      "builtIn": true,
+      "authenticationExecutions": [
+        {
+          "authenticator": "conditional-user-configured",
+          "authenticatorFlow": false,
+          "requirement": "REQUIRED",
+          "priority": 10,
+          "userSetupAllowed": false,
+          "autheticatorFlow": false
+        },
+        {
+          "authenticator": "auth-otp-form",
+          "authenticatorFlow": false,
+          "requirement": "REQUIRED",
+          "priority": 20,
+          "userSetupAllowed": false,
+          "autheticatorFlow": false
+        }
+      ]
+    },
+    {
+      "id": "2e80c4de-0a90-4751-919e-4cad083ebb39",
+      "alias": "Handle Existing Account",
+      "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider",
+      "providerId": "basic-flow",
+      "topLevel": false,
+      "builtIn": true,
+      "authenticationExecutions": [
+        {
+          "authenticator": "idp-confirm-link",
+          "authenticatorFlow": false,
+          "requirement": "REQUIRED",
+          "priority": 10,
+          "userSetupAllowed": false,
+          "autheticatorFlow": false
+        },
+        {
+          "authenticatorFlow": true,
+          "requirement": "REQUIRED",
+          "priority": 20,
+          "flowAlias": "Account verification options",
+          "userSetupAllowed": false,
+          "autheticatorFlow": true
+        }
+      ]
+    },
+    {
+      "id": "501be6a7-b886-4e0f-9b13-5ceabdb59ef6",
+      "alias": "Reset - Conditional OTP",
+      "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.",
+      "providerId": "basic-flow",
+      "topLevel": false,
+      "builtIn": true,
+      "authenticationExecutions": [
+        {
+          "authenticator": "conditional-user-configured",
+          "authenticatorFlow": false,
+          "requirement": "REQUIRED",
+          "priority": 10,
+          "userSetupAllowed": false,
+          "autheticatorFlow": false
+        },
+        {
+          "authenticator": "reset-otp",
+          "authenticatorFlow": false,
+          "requirement": "REQUIRED",
+          "priority": 20,
+          "userSetupAllowed": false,
+          "autheticatorFlow": false
+        }
+      ]
+    },
+    {
+      "id": "06e92c43-c436-4a32-91c5-6bb536403405",
+      "alias": "User creation or linking",
+      "description": "Flow for the existing/non-existing user alternatives",
+      "providerId": "basic-flow",
+      "topLevel": false,
+      "builtIn": true,
+      "authenticationExecutions": [
+        {
+          "authenticatorConfig": "create unique user config",
+          "authenticator": "idp-create-user-if-unique",
+          "authenticatorFlow": false,
+          "requirement": "ALTERNATIVE",
+          "priority": 10,
+          "userSetupAllowed": false,
+          "autheticatorFlow": false
+        },
+        {
+          "authenticatorFlow": true,
+          "requirement": "ALTERNATIVE",
+          "priority": 20,
+          "flowAlias": "Handle Existing Account",
+          "userSetupAllowed": false,
+          "autheticatorFlow": true
+        }
+      ]
+    },
+    {
+      "id": "96c60c50-0210-48c7-b39d-3118e11227b9",
+      "alias": "Verify Existing Account by Re-authentication",
+      "description": "Reauthentication of existing account",
+      "providerId": "basic-flow",
+      "topLevel": false,
+      "builtIn": true,
+      "authenticationExecutions": [
+        {
+          "authenticator": "idp-username-password-form",
+          "authenticatorFlow": false,
+          "requirement": "REQUIRED",
+          "priority": 10,
+          "userSetupAllowed": false,
+          "autheticatorFlow": false
+        },
+        {
+          "authenticatorFlow": true,
+          "requirement": "CONDITIONAL",
+          "priority": 20,
+          "flowAlias": "First broker login - Conditional OTP",
+          "userSetupAllowed": false,
+          "autheticatorFlow": true
+        }
+      ]
+    },
+    {
+      "id": "731ece9d-bfbb-4174-864d-3d609a6a9a8d",
+      "alias": "browser",
+      "description": "browser based authentication",
+      "providerId": "basic-flow",
+      "topLevel": true,
+      "builtIn": true,
+      "authenticationExecutions": [
+        {
+          "authenticator": "auth-cookie",
+          "authenticatorFlow": false,
+          "requirement": "ALTERNATIVE",
+          "priority": 10,
+          "userSetupAllowed": false,
+          "autheticatorFlow": false
+        },
+        {
+          "authenticator": "auth-spnego",
+          "authenticatorFlow": false,
+          "requirement": "DISABLED",
+          "priority": 20,
+          "userSetupAllowed": false,
+          "autheticatorFlow": false
+        },
+        {
+          "authenticator": "identity-provider-redirector",
+          "authenticatorFlow": false,
+          "requirement": "ALTERNATIVE",
+          "priority": 25,
+          "userSetupAllowed": false,
+          "autheticatorFlow": false
+        },
+        {
+          "authenticatorFlow": true,
+          "requirement": "ALTERNATIVE",
+          "priority": 30,
+          "flowAlias": "forms",
+          "userSetupAllowed": false,
+          "autheticatorFlow": true
+        }
+      ]
+    },
+    {
+      "id": "3b6dedee-71b5-408c-a4ef-c3d9d56491fa",
+      "alias": "clients",
+      "description": "Base authentication for clients",
+      "providerId": "client-flow",
+      "topLevel": true,
+      "builtIn": true,
+      "authenticationExecutions": [
+        {
+          "authenticator": "client-secret",
+          "authenticatorFlow": false,
+          "requirement": "ALTERNATIVE",
+          "priority": 10,
+          "userSetupAllowed": false,
+          "autheticatorFlow": false
+        },
+        {
+          "authenticator": "client-jwt",
+          "authenticatorFlow": false,
+          "requirement": "ALTERNATIVE",
+          "priority": 20,
+          "userSetupAllowed": false,
+          "autheticatorFlow": false
+        },
+        {
+          "authenticator": "client-secret-jwt",
+          "authenticatorFlow": false,
+          "requirement": "ALTERNATIVE",
+          "priority": 30,
+          "userSetupAllowed": false,
+          "autheticatorFlow": false
+        },
+        {
+          "authenticator": "client-x509",
+          "authenticatorFlow": false,
+          "requirement": "ALTERNATIVE",
+          "priority": 40,
+          "userSetupAllowed": false,
+          "autheticatorFlow": false
+        }
+      ]
+    },
+    {
+      "id": "05623406-4a49-4f73-a52e-16119b5ee7fa",
+      "alias": "direct grant",
+      "description": "OpenID Connect Resource Owner Grant",
+      "providerId": "basic-flow",
+      "topLevel": true,
+      "builtIn": true,
+      "authenticationExecutions": [
+        {
+          "authenticator": "direct-grant-validate-username",
+          "authenticatorFlow": false,
+          "requirement": "REQUIRED",
+          "priority": 10,
+          "userSetupAllowed": false,
+          "autheticatorFlow": false
+        },
+        {
+          "authenticator": "direct-grant-validate-password",
+          "authenticatorFlow": false,
+          "requirement": "REQUIRED",
+          "priority": 20,
+          "userSetupAllowed": false,
+          "autheticatorFlow": false
+        },
+        {
+          "authenticatorFlow": true,
+          "requirement": "CONDITIONAL",
+          "priority": 30,
+          "flowAlias": "Direct Grant - Conditional OTP",
+          "userSetupAllowed": false,
+          "autheticatorFlow": true
+        }
+      ]
+    },
+    {
+      "id": "7b96140b-16c1-4fb8-a59f-a362603b9830",
+      "alias": "docker auth",
+      "description": "Used by Docker clients to authenticate against the IDP",
+      "providerId": "basic-flow",
+      "topLevel": true,
+      "builtIn": true,
+      "authenticationExecutions": [
+        {
+          "authenticator": "docker-http-basic-authenticator",
+          "authenticatorFlow": false,
+          "requirement": "REQUIRED",
+          "priority": 10,
+          "userSetupAllowed": false,
+          "autheticatorFlow": false
+        }
+      ]
+    },
+    {
+      "id": "53ce2fa4-56a0-4165-839d-62c3e14c15f7",
+      "alias": "first broker login",
+      "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
+      "providerId": "basic-flow",
+      "topLevel": true,
+      "builtIn": true,
+      "authenticationExecutions": [
+        {
+          "authenticatorConfig": "review profile config",
+          "authenticator": "idp-review-profile",
+          "authenticatorFlow": false,
+          "requirement": "REQUIRED",
+          "priority": 10,
+          "userSetupAllowed": false,
+          "autheticatorFlow": false
+        },
+        {
+          "authenticatorFlow": true,
+          "requirement": "REQUIRED",
+          "priority": 20,
+          "flowAlias": "User creation or linking",
+          "userSetupAllowed": false,
+          "autheticatorFlow": true
+        }
+      ]
+    },
+    {
+      "id": "f9a1fd59-e174-40e9-a28a-643b51366e4d",
+      "alias": "forms",
+      "description": "Username, password, otp and other auth forms.",
+      "providerId": "basic-flow",
+      "topLevel": false,
+      "builtIn": true,
+      "authenticationExecutions": [
+        {
+          "authenticator": "auth-username-password-form",
+          "authenticatorFlow": false,
+          "requirement": "REQUIRED",
+          "priority": 10,
+          "userSetupAllowed": false,
+          "autheticatorFlow": false
+        },
+        {
+          "authenticatorFlow": true,
+          "requirement": "CONDITIONAL",
+          "priority": 20,
+          "flowAlias": "Browser - Conditional OTP",
+          "userSetupAllowed": false,
+          "autheticatorFlow": true
+        }
+      ]
+    },
+    {
+      "id": "19d3a997-c030-401e-903c-d168650f0413",
+      "alias": "http challenge",
+      "description": "An authentication flow based on challenge-response HTTP Authentication Schemes",
+      "providerId": "basic-flow",
+      "topLevel": true,
+      "builtIn": true,
+      "authenticationExecutions": [
+        {
+          "authenticator": "no-cookie-redirect",
+          "authenticatorFlow": false,
+          "requirement": "REQUIRED",
+          "priority": 10,
+          "userSetupAllowed": false,
+          "autheticatorFlow": false
+        },
+        {
+          "authenticatorFlow": true,
+          "requirement": "REQUIRED",
+          "priority": 20,
+          "flowAlias": "Authentication Options",
+          "userSetupAllowed": false,
+          "autheticatorFlow": true
+        }
+      ]
+    },
+    {
+      "id": "100db2b7-d0b1-4287-909a-8ab0a5f268bb",
+      "alias": "registration",
+      "description": "registration flow",
+      "providerId": "basic-flow",
+      "topLevel": true,
+      "builtIn": true,
+      "authenticationExecutions": [
+        {
+          "authenticator": "registration-page-form",
+          "authenticatorFlow": true,
+          "requirement": "REQUIRED",
+          "priority": 10,
+          "flowAlias": "registration form",
+          "userSetupAllowed": false,
+          "autheticatorFlow": true
+        }
+      ]
+    },
+    {
+      "id": "549011b0-b533-48cf-90d0-d1b8ca11105c",
+      "alias": "registration form",
+      "description": "registration form",
+      "providerId": "form-flow",
+      "topLevel": false,
+      "builtIn": true,
+      "authenticationExecutions": [
+        {
+          "authenticator": "registration-user-creation",
+          "authenticatorFlow": false,
+          "requirement": "REQUIRED",
+          "priority": 20,
+          "userSetupAllowed": false,
+          "autheticatorFlow": false
+        },
+        {
+          "authenticator": "registration-profile-action",
+          "authenticatorFlow": false,
+          "requirement": "REQUIRED",
+          "priority": 40,
+          "userSetupAllowed": false,
+          "autheticatorFlow": false
+        },
+        {
+          "authenticator": "registration-password-action",
+          "authenticatorFlow": false,
+          "requirement": "REQUIRED",
+          "priority": 50,
+          "userSetupAllowed": false,
+          "autheticatorFlow": false
+        },
+        {
+          "authenticator": "registration-recaptcha-action",
+          "authenticatorFlow": false,
+          "requirement": "DISABLED",
+          "priority": 60,
+          "userSetupAllowed": false,
+          "autheticatorFlow": false
+        }
+      ]
+    },
+    {
+      "id": "98bc4f2e-8bc3-4187-97dc-90ce7ef0909d",
+      "alias": "reset credentials",
+      "description": "Reset credentials for a user if they forgot their password or something",
+      "providerId": "basic-flow",
+      "topLevel": true,
+      "builtIn": true,
+      "authenticationExecutions": [
+        {
+          "authenticator": "reset-credentials-choose-user",
+          "authenticatorFlow": false,
+          "requirement": "REQUIRED",
+          "priority": 10,
+          "userSetupAllowed": false,
+          "autheticatorFlow": false
+        },
+        {
+          "authenticator": "reset-credential-email",
+          "authenticatorFlow": false,
+          "requirement": "REQUIRED",
+          "priority": 20,
+          "userSetupAllowed": false,
+          "autheticatorFlow": false
+        },
+        {
+          "authenticator": "reset-password",
+          "authenticatorFlow": false,
+          "requirement": "REQUIRED",
+          "priority": 30,
+          "userSetupAllowed": false,
+          "autheticatorFlow": false
+        },
+        {
+          "authenticatorFlow": true,
+          "requirement": "CONDITIONAL",
+          "priority": 40,
+          "flowAlias": "Reset - Conditional OTP",
+          "userSetupAllowed": false,
+          "autheticatorFlow": true
+        }
+      ]
+    },
+    {
+      "id": "30f9008c-cba1-480f-9547-e0ad994f6165",
+      "alias": "saml ecp",
+      "description": "SAML ECP Profile Authentication Flow",
+      "providerId": "basic-flow",
+      "topLevel": true,
+      "builtIn": true,
+      "authenticationExecutions": [
+        {
+          "authenticator": "http-basic-authenticator",
+          "authenticatorFlow": false,
+          "requirement": "REQUIRED",
+          "priority": 10,
+          "userSetupAllowed": false,
+          "autheticatorFlow": false
+        }
+      ]
+    }
+  ],
+  "authenticatorConfig": [
+    {
+      "id": "8e916fa6-4d7e-4247-a9fa-5a185f23b6cb",
+      "alias": "create unique user config",
+      "config": {
+        "require.password.update.after.registration": "false"
+      }
+    },
+    {
+      "id": "91f281c4-3965-4897-a495-b61d15083306",
+      "alias": "review profile config",
+      "config": {
+        "update.profile.on.first.login": "missing"
+      }
+    }
+  ],
+  "requiredActions": [
+    {
+      "alias": "CONFIGURE_TOTP",
+      "name": "Configure OTP",
+      "providerId": "CONFIGURE_TOTP",
+      "enabled": true,
+      "defaultAction": false,
+      "priority": 10,
+      "config": {}
+    },
+    {
+      "alias": "terms_and_conditions",
+      "name": "Terms and Conditions",
+      "providerId": "terms_and_conditions",
+      "enabled": false,
+      "defaultAction": false,
+      "priority": 20,
+      "config": {}
+    },
+    {
+      "alias": "UPDATE_PASSWORD",
+      "name": "Update Password",
+      "providerId": "UPDATE_PASSWORD",
+      "enabled": true,
+      "defaultAction": false,
+      "priority": 30,
+      "config": {}
+    },
+    {
+      "alias": "UPDATE_PROFILE",
+      "name": "Update Profile",
+      "providerId": "UPDATE_PROFILE",
+      "enabled": true,
+      "defaultAction": false,
+      "priority": 40,
+      "config": {}
+    },
+    {
+      "alias": "VERIFY_EMAIL",
+      "name": "Verify Email",
+      "providerId": "VERIFY_EMAIL",
+      "enabled": true,
+      "defaultAction": false,
+      "priority": 50,
+      "config": {}
+    },
+    {
+      "alias": "delete_account",
+      "name": "Delete Account",
+      "providerId": "delete_account",
+      "enabled": false,
+      "defaultAction": false,
+      "priority": 60,
+      "config": {}
+    },
+    {
+      "alias": "update_user_locale",
+      "name": "Update User Locale",
+      "providerId": "update_user_locale",
+      "enabled": true,
+      "defaultAction": false,
+      "priority": 1000,
+      "config": {}
+    }
+  ],
+  "browserFlow": "browser",
+  "registrationFlow": "registration",
+  "directGrantFlow": "direct grant",
+  "resetCredentialsFlow": "reset credentials",
+  "clientAuthenticationFlow": "clients",
+  "dockerAuthenticationFlow": "docker auth",
+  "attributes": {
+    "cibaBackchannelTokenDeliveryMode": "poll",
+    "cibaExpiresIn": "120",
+    "cibaAuthRequestedUserHint": "login_hint",
+    "oauth2DeviceCodeLifespan": "600",
+    "clientOfflineSessionMaxLifespan": "0",
+    "oauth2DevicePollingInterval": "600",
+    "clientSessionIdleTimeout": "0",
+    "userProfileEnabled": "false",
+    "parRequestUriLifespan": "60",
+    "clientSessionMaxLifespan": "0",
+    "clientOfflineSessionIdleTimeout": "0",
+    "cibaInterval": "5"
+  },
+  "keycloakVersion": "16.1.1",
+  "userManagedAccessAllowed": false,
+  "clientProfiles": {
+    "profiles": []
+  },
+  "clientPolicies": {
+    "policies": []
+  }
+}

tmpl/envole.env

@@ -0,0 +1,45 @@
+
+#-- LOCAL
+
+RELEASE_SYSTEM=eole
+WEB_URL=eolebase.ac-test.fr
+WEB_PROTOCOL=https
+
+MASTERIDENTITY=LDAP
+MODE_AUTH=CAS
+
+LDAP_ACTIVATE=1
+LDAP_LOCAL=0
+LDAP_HOST=scribe.ac-test.fr
+LDAP_PORT=389
+LDAP_USER="cn=reader,o=gouv,c=fr"
+LDAP_PASSWORD="uom1eiyighievuli7phahphoh2jieChaebah9owu4aeph0maitiYeiph"
+LDAP_BASEDN="o=gouv,c=fr"
+LDAP_SYNC=0
+LDAP_BASEUSER="o=gouv,c=fr"
+LDAP_BASENIVEAU01="o=gouv,c=fr"
+LDAP_BASENIVEAU02="o=gouv,c=fr"
+LDAP_BASEGROUP="o=gouv,c=fr"
+LDAP_TEMPLATE=scribe
+SCRIBE_GROUP=1
+SCRIBE_MASTER=1
+
+
+CAS_ACTIVATE=1
+CAS_LOCAL=0
+CAS_HOST=scribe.ac-test.fr
+CAS_PORT=443
+CAS_PATH=/sso
+CAS_URL=${WEB_PROTOCOL}://${CAS_HOST}:${CAS_PORT}
+
+NINEGATE_ACTIVATE=1
+NINEGATE_URL=/ninegate
+
+ADMINER_ACTIVATE=1
+ADMINER_URL=/adminer
+
+
+
+NINEAPACHE_ACTIVATE=1
+NINEAPACHE_URL=/nineapache
+

tmpl/ernvole-keycloak.env

@@ -0,0 +1,5 @@
+
+#-- LOCAL
+
+KC_HTTPS_CERTIFICATE_FILE=
+KC_HTTPS_CERTIFICATE_KEY_FILE=