add sentinel + correction ninegate/nineskeletor + add nine pull

.gitignore

@@ -11,41 +11,18 @@ docker-compose.yml
 
 /services/30-openldap/volume/data
 
+/services/30-redis/volume
+
+/services/40-keycloak/volume/realm/realm-export.json
+
 /services/50-nextcloud/volume/data
 /services/50-nextcloud/volume/html
 /services/50-nextcloud/volume/app
 
-/services/50-nineboard/volume/data/private/*
+/services/50-nineboard/volume/data
-!/services/50-nineboard/volume/data/private/.gitkeep
+/services/50-ninefolio/volume/data
-/services/50-nineboard/volume/data/public/*
+/services/50-ninefolio/volume/apache
-!/services/50-nineboard/volume/data/public/avatar
+/services/50-ninegate/volume/data
-/services/50-nineboard/volume/data/public/avatar/*
-!/services/50-nineboard/volume/data/public/avatar/admin.jpg
-!/services/50-nineboard/volume/data/public/avatar/noavatar.png
-!/services/50-nineboard/volume/data/public/avatar/system.jpg
-!/services/50-nineboard/volume/data/public/logo
-/services/50-nineboard/volume/data/public/logo/*
-!/services/50-nineboard/volume/data/public/logo/logo.png
-
-
-/services/50-ninegate/volume/data/private/*
-!/services/50-ninegate/volume/data/private/.gitkeep
-/services/50-ninegate/volume/data/public/*
-!/services/50-ninegate/volume/data/public/avatar
-/services/50-ninegate/volume/data/public/avatar/*
-!/services/50-ninegate/volume/data/public/avatar/admin.jpg
-!/services/50-ninegate/volume/data/public/avatar/noavatar.png
-!/services/50-ninegate/volume/data/public/avatar/system.jpg
-!/services/50-ninegate/volume/data/public/logo
-/services/50-ninegate/volume/data/public/logo/*
-!/services/50-ninegate/volume/data/public/logo/logo.png
-!/services/50-ninegate/volume/data/public/header
-/services/50-ninegate/volume/data/public/header/*
-!/services/50-ninegate/volume/data/public/header/header.png
-!/services/50-ninegate/volume/data/public/icon
-/services/50-ninegate/volume/data/public/icon/*
-!/services/50-ninegate/volume/data/public/icon/icon_*.png
-
 
 /services/50-nineskeletor/volume/data/private/*
 !/services/50-nineskeletor/volume/data/private/.gitkeep

env/.env

@@ -13,7 +13,7 @@ RELEASE_SYSTEM=linux
 # GLOBAL
 APP_ENV=PROD
 WEB_URL=nine.local
-PROTOCOLE=http
+PROTOCOLE=https
 
 # ADMIN USER
 ADMIN_USER=admin
@@ -26,7 +26,7 @@ MASTERIDENTITY=SQL
 
 # AUTHENTIFICATION
 # SQL or CAS (todo LDAP or OPENID)
-MODE_AUTH=SQL
+MODE_AUTH=CAS
 
 # NINEAPACHE
 # Il sert de reverse proxy
@@ -34,6 +34,28 @@ NINEAPACHE_SERVICE_NAME=nineapache
 NINEAPACHE_ACTIVATE=1
 NINEAPACHE_LOCAL=1
 
+# MTA
+# passerelle courriel
+MTA_SERVICE_NAME=mta
+MTA_ACTIVATE=1
+MTA_LOCAL=1
+MTA_RELAY_HOST=
+MTA_RELAY_PORT=
+MTA_RELAY_USER="user"
+
+# DEBUGING MTA
+# fake-smtp server
+FAKESMTP_SERVICE_NAME=fakesmtp
+FAKESMTP_LOCAL=1
+FAKESMTP_ACTIVATE=1
+# si actif, il faut sans doute l’utiliser
+# comme passerelle pour le service MTA
+if [ "$FAKESMTP_ACTIVATE" -eq 1 ]
+then
+    MTA_RELAY_HOST="$FAKESMTP_NAME"
+    MTA_RELAY_PORT=2525
+fi
+
 # MARIADB
 MARIADB_SERVICE_NAME=mariadb
 MARIADB_ACTIVATE=1
@@ -51,6 +73,13 @@ REDIS_LOCAL=1
 REDIS_HOST=${REDIS_SERVICE_NAME}
 REDIS_PORT=6379
 
+# SENTINEL
+SENTINEL_SERVICE_NAME=sentinel
+SENTINEL_ACTIVATE=1
+SENTINEL_LOCAL=1
+SENTINEL_HOST=${SENTINEL_SERVICE_NAME}
+SENTINEL_PORT=26379
+
 # MINIO
 MINIO_SERVICE_NAME=minio
 MINIO_ACTIVATE=1
@@ -59,7 +88,6 @@ MINIO_HOST=${MINIO_SERVICE_NAME}
 MINIO_PORT=9000
 MINIO_URL=${PROTOCOLE}://${WEB_URL}:9001
 
-
 # OPENLDAP
 # LDAP_SYNC Si MASTERIDENTITY = SQL permet la synchronisation des utilisateurs SQL vers LDAP
 OPENLDAP_SERVICE_NAME=openldap
@@ -67,6 +95,7 @@ OPENLDAP_ACTIVATE=1
 OPENLDAP_LOCAL=1
 
 # LDAP
+LDAP_ACTIVATE=${OPENLDAP_ACTIVATE}
 LDAP_TYPE=LDAP
 LDAP_HOST=${OPENLDAP_SERVICE_NAME}
 LDAP_PORT=1389
@@ -79,18 +108,28 @@ LDAP_BASEORGANISATION=ou=ninegate,${LDAP_BASEDN}
 LDAP_BASEUSER=ou=users,${LDAP_BASEORGANISATION}
 LDAP_BASENIVEAU01=ou=niveau01,${LDAP_BASEORGANISATION}
 LDAP_BASENIVEAU02=ou=niveau02,${LDAP_BASEORGANISATION}
+LDAP_BASENIVEAU03=ou=niveau03,${LDAP_BASEORGANISATION}
+LDAP_BASENIVEAU04=ou=niveau04,${LDAP_BASEORGANISATION}
 LDAP_BASEGROUP=ou=groups,${LDAP_BASEORGANISATION}
 LDAP_SYNC=1 
 LDAP_TEMPLATE=open
+
 LDAP_USERNAME=uid
 LDAP_FIRSTNAME=givenname
 LDAP_LASTNAME=sn
 LDAP_DISPLAYNAME=displayName
 LDAP_EMAIL=mail
-LDAP_MEMBER=memberUid
+LDAP_MEMBEROF=memberOf
-LDAP_USER_FILTER="(&(${LDAP_USERNAME}=*)(objectClass=person)(!(description=Computer)))"
+
+LDAP_GROUP_GID=gidnumber
+LDAP_GROUP_NAME=cn
+LDAP_GROUP_MEMBER=memberUid
+LDAP_GROUP_MEMBERISDN=0
+
 LDAP_LOGIN_FILTER="(&(${LDAP_USERNAME}=%uid%)(objectClass=person)(!(description=Computer)))"
+LDAP_USER_FILTER="(&(${LDAP_USERNAME}=*)(objectClass=person)(!(description=Computer)))"
 LDAP_GROUP_FILTER="(&(objectClass=posixGroup))"
+
 SCRIBE_GROUP=1
 SCRIBE_MASTER=1
 OPENLDAPREQNIVEAU01="(&(uid=*)(objectclass=inetOrgPerson)(!(description=Computer)))"
@@ -107,7 +146,7 @@ CAS_ACTIVATE=${KEYCLOAK_ACTIVATE}
 CAS_USER=${ADMIN_USER}-keycloak
 CAS_PASSWORD=${ADMIN_PASSWORD}-keycloak
 CAS_HOST=${WEB_URL}
-CAS_PORT=8999
+CAS_PORT=443
 CAS_PATH=/auth/realms/nine/protocol/cas
 CAS_URL=${PROTOCOLE}://${CAS_HOST}:${CAS_PORT}
 
@@ -130,6 +169,12 @@ NINEBOARD_ACTIVATE=1
 NINEBOARD_LOCAL=1
 NINEBOARD_URL=${PROTOCOLE}://${WEB_URL}/nineboard
 
+# NINEFOLIO
+NINEFOLIO_SERVICE_NAME=ninefolio
+NINEFOLIO_ACTIVATE=1
+NINEFOLIO_LOCAL=1
+NINEFOLIO_URL=${PROTOCOLE}://${WEB_URL}/ninefolio
+
 # NINEGATE
 NINEGATE_SERVICE_NAME=ninegate
 NINEGATE_ACTIVATE=1
@@ -152,7 +197,7 @@ WORDPRESS_URL=${PROTOCOLE}://${WEB_URL}/wordpress
 ADMINER_SERVICE_NAME=adminer
 ADMINER_ACTIVATE=1
 ADMINER_LOCAL=1
-ADMINER_URL=${PROTOCOLE}://${WEB_URL}/adminer/?server=${MARIADB_SERVICE_NAME}&username=${MARIADB_USER}
+ADMINER_URL="${PROTOCOLE}://${WEB_URL}/adminer/?server=${MARIADB_SERVICE_NAME}&username=${MARIADB_USER}"
 
 # PHPLDAPADMIN
 PHPLDAPADMIN_SERVICE_NAME=phpldapadmin

misc/images/mta/containers/Dockerfile

@@ -0,0 +1,33 @@
+FROM debian:buster-slim
+
+RUN set -eux; \
+	apt-get update; \
+	apt-get install -y \
+		exim4-daemon-light \
+		tini \
+	; \
+	rm -rf /var/lib/apt/lists/*; \
+	ln -svfT /etc/hostname /etc/mailname
+
+# https://blog.dhampir.no/content/exim4-line-length-in-debian-stretch-mail-delivery-failed-returning-message-to-sender
+# https://serverfault.com/a/881197
+# https://bugs.debian.org/828801
+RUN echo "IGNORE_SMTP_LINE_LENGTH_LIMIT='true'" >> /etc/exim4/exim4.conf.localmacros
+
+RUN set -eux; \
+	mkdir -p /var/spool/exim4 /var/log/exim4; \
+	chown -R Debian-exim:Debian-exim /var/spool/exim4 /var/log/exim4
+
+COPY set-exim4-update-conf docker-entrypoint.sh /usr/local/bin/
+RUN set -eux; \
+	set-exim4-update-conf \
+		dc_eximconfig_configtype 'internet' \
+		dc_hide_mailname 'true' \
+		dc_local_interfaces '0.0.0.0 ; ::0' \
+		dc_other_hostnames '' \
+		dc_relay_nets '0.0.0.0/0' \
+	;
+
+EXPOSE 25
+ENTRYPOINT ["docker-entrypoint.sh"]
+CMD ["exim", "-bd", "-v"]

misc/images/mta/containers/docker-entrypoint.sh

@@ -0,0 +1,33 @@
+#!/bin/bash
+set -Eeuo pipefail
+
+if [ "$1" = 'exim' ]; then
+	if [ -n "${GMAIL_USER:-}" ] && [ -n "${GMAIL_PASSWORD:-}" ]; then
+		# see https://wiki.debian.org/GmailAndExim4
+		export EXIM4_SMARTHOST='smtp.gmail.com::587' \
+			EXIM4_SMARTHOST_USER="$GMAIL_USER" \
+			EXIM4_SMARTHOST_PASSWORD="$GMAIL_PASSWORD"
+	fi
+	unset GMAIL_USER GMAIL_PASSWORD # scrub env of creds
+
+	if [ -n "${EXIM4_SMARTHOST:-}" ]; then
+		set-exim4-update-conf \
+			dc_eximconfig_configtype 'smarthost' \
+			dc_smarthost "$EXIM4_SMARTHOST"
+		if [ -n "${EXIM4_SMARTHOST_USER:-}" ] && [ -n "${EXIM4_SMARTHOST_PASSWORD:-}" ]; then
+			echo "*:$EXIM4_SMARTHOST_USER:$EXIM4_SMARTHOST_PASSWORD" > /etc/exim4/passwd.client
+		fi
+	fi
+	unset EXIM4_SMARTHOST EXIM4_SMARTHOST_USER EXIM4_SMARTHOST_PASSWORD # scrub env of creds
+
+	if [ "$(id -u)" = '0' ]; then
+		mkdir -p /var/spool/exim4 /var/log/exim4 || :
+		chown -R Debian-exim:Debian-exim /var/spool/exim4 /var/log/exim4 || :
+	fi
+
+	if [ "$$" = 1 ]; then
+		set -- tini -- "$@"
+	fi
+fi
+
+exec "$@"

misc/images/mta/containers/set-exim4-update-conf

@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+set -Eeuo pipefail
+
+conf='/etc/exim4/update-exim4.conf.conf'
+
+args=()
+while [ "$#" -gt 0 ]; do
+	key="$1"
+	value="$2"
+	shift 2
+
+	if ! grep -qE "^#?${key}=" "$conf"; then
+		echo >&2 "error: '$key' not found in '$conf'"
+		exit 1
+	fi
+
+	sed_escaped_value="$(sed -e 's/[\/&]/\\&/g' <<<"$value")"
+	args+=( -e "s/^#?(${key})=.*/\1='${sed_escaped_value}'/" )
+done
+
+if [ "${#args[@]}" -eq 0 ]; then
+	echo >&2 "error: nothing to do?"
+	exit 1
+fi
+
+set -x
+sed -ri "${args[@]}" "$conf"
+update-exim4.conf -v

misc/images/nineapache7/containers/nineapache/Dockerfile

@@ -12,7 +12,8 @@ RUN apk add --no-cache \
     curl \
     unzip \
     zip \
-    openssl
+    openssl \
+    mariadb-client
 
 RUN apk add --no-cache \ 
     apache2 \
@@ -60,7 +61,8 @@ RUN npm install -g yarn
 COPY apache2.sh /etc/apache2/apache2.sh
 RUN chmod +x /etc/apache2/apache2.sh    
 COPY php.local.ini /etc/php7/conf.d/
-COPY apache.conf /etc/apache2/conf.d/zapp.conf
+COPY httpd.conf /etc/apache2/httpd.conf
+COPY site.conf /etc/apache2/conf.d/nine/site.conf
 COPY ssl.conf /etc/apache2/conf.d/ssl.conf
 COPY index.php /app/public/index.php
 

misc/images/nineapache7/containers/nineapache/httpd.conf

@@ -0,0 +1,483 @@
+#
+# This is the main Apache HTTP server configuration file.  It contains the
+# configuration directives that give the server its instructions.
+# See <URL:http://httpd.apache.org/docs/2.4/> for detailed information.
+# In particular, see 
+# <URL:http://httpd.apache.org/docs/2.4/mod/directives.html>
+# for a discussion of each configuration directive.
+#
+# Do NOT simply read the instructions in here without understanding
+# what they do.  They're here only as hints or reminders.  If you are unsure
+# consult the online docs. You have been warned.  
+#
+# Configuration and logfile names: If the filenames you specify for many
+# of the server's control files begin with "/" (or "drive:/" for Win32), the
+# server will use that explicit path.  If the filenames do *not* begin
+# with "/", the value of ServerRoot is prepended -- so "logs/access_log"
+# with ServerRoot set to "/usr/local/apache2" will be interpreted by the
+# server as "/usr/local/apache2/logs/access_log", whereas "/logs/access_log" 
+# will be interpreted as '/logs/access_log'.
+
+#
+# ServerTokens
+# This directive configures what you return as the Server HTTP response
+# Header. The default is 'Full' which sends information about the OS-Type
+# and compiled in modules.
+# Set to one of:  Full | OS | Minor | Minimal | Major | Prod
+# where Full conveys the most information, and Prod the least.
+#
+ServerTokens OS
+
+#
+# ServerRoot: The top of the directory tree under which the server's
+# configuration, error, and log files are kept.
+#
+# Do not add a slash at the end of the directory path.  If you point
+# ServerRoot at a non-local disk, be sure to specify a local disk on the
+# Mutex directive, if file-based mutexes are used.  If you wish to share the
+# same ServerRoot for multiple httpd daemons, you will need to change at
+# least PidFile.
+#
+ServerRoot /var/www
+
+#
+# Mutex: Allows you to set the mutex mechanism and mutex file directory
+# for individual mutexes, or change the global defaults
+#
+# Uncomment and change the directory if mutexes are file-based and the default
+# mutex file directory is not on a local disk or is not appropriate for some
+# other reason.
+#
+# Mutex default:/run/apache2
+
+#
+# Listen: Allows you to bind Apache to specific IP addresses and/or
+# ports, instead of the default. See also the <VirtualHost>
+# directive.
+#
+# Change this to Listen on specific IP addresses as shown below to 
+# prevent Apache from glomming onto all bound IP addresses.
+#                            
+#Listen 12.34.56.78:80
+Listen 80
+
+#
+# Dynamic Shared Object (DSO) Support
+#
+# To be able to use the functionality of a module which was built as a DSO you
+# have to place corresponding `LoadModule' lines at this location so the
+# directives contained in it are actually available _before_ they are used.
+# Statically compiled modules (those listed by `httpd -l') do not need
+# to be loaded here.
+#
+# Example:
+# LoadModule foo_module modules/mod_foo.so
+#
+#LoadModule mpm_event_module modules/mod_mpm_event.so
+LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
+#LoadModule mpm_worker_module modules/mod_mpm_worker.so
+LoadModule authn_file_module modules/mod_authn_file.so
+#LoadModule authn_dbm_module modules/mod_authn_dbm.so
+#LoadModule authn_anon_module modules/mod_authn_anon.so
+#LoadModule authn_dbd_module modules/mod_authn_dbd.so
+#LoadModule authn_socache_module modules/mod_authn_socache.so
+LoadModule authn_core_module modules/mod_authn_core.so
+LoadModule authz_host_module modules/mod_authz_host.so
+LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
+LoadModule authz_user_module modules/mod_authz_user.so
+#LoadModule authz_dbm_module modules/mod_authz_dbm.so
+#LoadModule authz_owner_module modules/mod_authz_owner.so
+#LoadModule authz_dbd_module modules/mod_authz_dbd.so
+LoadModule authz_core_module modules/mod_authz_core.so
+LoadModule access_compat_module modules/mod_access_compat.so
+LoadModule auth_basic_module modules/mod_auth_basic.so
+#LoadModule auth_form_module modules/mod_auth_form.so
+#LoadModule auth_digest_module modules/mod_auth_digest.so
+#LoadModule allowmethods_module modules/mod_allowmethods.so
+#LoadModule file_cache_module modules/mod_file_cache.so
+#LoadModule cache_module modules/mod_cache.so
+#LoadModule cache_disk_module modules/mod_cache_disk.so
+#LoadModule cache_socache_module modules/mod_cache_socache.so
+#LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
+#LoadModule socache_dbm_module modules/mod_socache_dbm.so
+#LoadModule socache_memcache_module modules/mod_socache_memcache.so
+#LoadModule socache_redis_module modules/mod_socache_redis.so
+#LoadModule watchdog_module modules/mod_watchdog.so
+#LoadModule macro_module modules/mod_macro.so
+#LoadModule dbd_module modules/mod_dbd.so
+#LoadModule dumpio_module modules/mod_dumpio.so
+#LoadModule echo_module modules/mod_echo.so
+#LoadModule buffer_module modules/mod_buffer.so
+#LoadModule data_module modules/mod_data.so
+#LoadModule ratelimit_module modules/mod_ratelimit.so
+LoadModule reqtimeout_module modules/mod_reqtimeout.so
+#LoadModule ext_filter_module modules/mod_ext_filter.so
+#LoadModule request_module modules/mod_request.so
+#LoadModule include_module modules/mod_include.so
+LoadModule filter_module modules/mod_filter.so
+#LoadModule reflector_module modules/mod_reflector.so
+#LoadModule substitute_module modules/mod_substitute.so
+#LoadModule sed_module modules/mod_sed.so
+#LoadModule charset_lite_module modules/mod_charset_lite.so
+#LoadModule deflate_module modules/mod_deflate.so
+#LoadModule brotli_module modules/mod_brotli.so
+LoadModule mime_module modules/mod_mime.so
+LoadModule log_config_module modules/mod_log_config.so
+#LoadModule log_debug_module modules/mod_log_debug.so
+#LoadModule log_forensic_module modules/mod_log_forensic.so
+#LoadModule logio_module modules/mod_logio.so
+LoadModule env_module modules/mod_env.so
+#LoadModule mime_magic_module modules/mod_mime_magic.so
+#LoadModule expires_module modules/mod_expires.so
+LoadModule headers_module modules/mod_headers.so
+#LoadModule usertrack_module modules/mod_usertrack.so
+#LoadModule unique_id_module modules/mod_unique_id.so
+LoadModule setenvif_module modules/mod_setenvif.so
+LoadModule version_module modules/mod_version.so
+#LoadModule remoteip_module modules/mod_remoteip.so
+#LoadModule session_module modules/mod_session.so
+#LoadModule session_cookie_module modules/mod_session_cookie.so
+#LoadModule session_crypto_module modules/mod_session_crypto.so
+#LoadModule session_dbd_module modules/mod_session_dbd.so
+#LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
+#LoadModule slotmem_plain_module modules/mod_slotmem_plain.so
+#LoadModule dialup_module modules/mod_dialup.so
+#LoadModule http2_module modules/mod_http2.so
+LoadModule unixd_module modules/mod_unixd.so
+#LoadModule heartbeat_module modules/mod_heartbeat.so
+#LoadModule heartmonitor_module modules/mod_heartmonitor.so
+LoadModule status_module modules/mod_status.so
+LoadModule autoindex_module modules/mod_autoindex.so
+#LoadModule asis_module modules/mod_asis.so
+#LoadModule info_module modules/mod_info.so
+#LoadModule suexec_module modules/mod_suexec.so
+<IfModule !mpm_prefork_module>
+        #LoadModule cgid_module modules/mod_cgid.so
+</IfModule>
+<IfModule mpm_prefork_module>
+        #LoadModule cgi_module modules/mod_cgi.so
+</IfModule>
+#LoadModule vhost_alias_module modules/mod_vhost_alias.so
+#LoadModule negotiation_module modules/mod_negotiation.so
+LoadModule dir_module modules/mod_dir.so
+#LoadModule actions_module modules/mod_actions.so
+#LoadModule speling_module modules/mod_speling.so
+#LoadModule userdir_module modules/mod_userdir.so
+LoadModule alias_module modules/mod_alias.so
+#LoadModule rewrite_module modules/mod_rewrite.so
+
+LoadModule negotiation_module modules/mod_negotiation.so
+
+<IfModule unixd_module>
+#
+# If you wish httpd to run as a different user or group, you must run
+# httpd as root initially and it will switch.  
+#
+# User/Group: The name (or #number) of the user/group to run httpd as.
+# It is usually good practice to create a dedicated user and group for
+# running httpd, as with most system services.
+#
+User apache
+Group apache
+
+</IfModule>
+
+# 'Main' server configuration
+#
+# The directives in this section set up the values used by the 'main'
+# server, which responds to any requests that aren't handled by a
+# <VirtualHost> definition.  These values also provide defaults for
+# any <VirtualHost> containers you may define later in the file.
+#
+# All of these directives may appear inside <VirtualHost> containers,
+# in which case these default settings will be overridden for the
+# virtual host being defined.
+#
+
+#
+# ServerAdmin: Your address, where problems with the server should be
+# e-mailed.  This address appears on some server-generated pages, such
+# as error documents.  e.g. admin@your-domain.com
+#
+ServerAdmin you@example.com
+
+#
+# Optionally add a line containing the server version and virtual host
+# name to server-generated pages (internal error documents, FTP directory
+# listings, mod_status and mod_info output etc., but not CGI generated
+# documents or custom error documents).
+# Set to "EMail" to also include a mailto: link to the ServerAdmin.
+# Set to one of:  On | Off | EMail
+#
+ServerSignature On
+
+#
+# ServerName gives the name and port that the server uses to identify itself.
+# This can often be determined automatically, but we recommend you specify
+# it explicitly to prevent problems during startup.
+#
+# If your host doesn't have a registered DNS name, enter its IP address here.
+#
+#ServerName www.example.com:80
+
+#
+# Deny access to the entirety of your server's filesystem. You must
+# explicitly permit access to web content directories in other 
+# <Directory> blocks below.
+#
+<Directory />
+    AllowOverride none
+    Require all denied
+</Directory>
+
+#
+# Note that from this point forward you must specifically allow
+# particular features to be enabled - so if something's not working as
+# you might expect, make sure that you have specifically enabled it
+# below.                     
+#
+
+#
+# DocumentRoot: The directory out of which you will serve your
+# documents. By default, all requests are taken from this directory, but
+# symbolic links and aliases may be used to point to other locations.
+#
+DocumentRoot "/var/www/localhost/htdocs"
+<Directory "/var/www/localhost/htdocs">
+    #
+    # Possible values for the Options directive are "None", "All",
+    # or any combination of:
+    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
+    #
+    # Note that "MultiViews" must be named *explicitly* --- "Options All"
+    # doesn't give it to you.
+    #
+    # The Options directive is both complicated and important.  Please see
+    # http://httpd.apache.org/docs/2.4/mod/core.html#options
+    # for more information.
+    #
+    Options Indexes FollowSymLinks
+
+    #
+    # AllowOverride controls what directives may be placed in .htaccess files.
+    # It can be "All", "None", or any combination of the keywords:
+    #   AllowOverride FileInfo AuthConfig Limit
+    #
+    AllowOverride None
+
+    #
+    # Controls who can get stuff from this server.
+    #
+    Require all granted
+</Directory>
+
+#
+# DirectoryIndex: sets the file that Apache will serve if a directory
+# is requested.
+#
+<IfModule dir_module>
+    DirectoryIndex index.html
+</IfModule>
+
+#
+# The following lines prevent .htaccess and .htpasswd files from being 
+# viewed by Web clients. 
+#
+<Files ".ht*">
+    Require all denied
+</Files>
+
+#
+# ErrorLog: The location of the error log file.
+# If you do not specify an ErrorLog directive within a <VirtualHost>
+# container, error messages relating to that virtual host will be
+# logged here.  If you *do* define an error logfile for a <VirtualHost>
+# container, that host's errors will be logged there and not here.
+#                            
+ErrorLog logs/error.log
+
+#
+# LogLevel: Control the number of messages logged to the error_log.
+# Possible values include: debug, info, notice, warn, error, crit,
+# alert, emerg.
+#
+LogLevel warn
+
+<IfModule log_config_module>
+    #
+    # The following directives define some format nicknames for use with
+    # a CustomLog directive (see below).
+    #
+    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+    LogFormat "%h %l %u %t \"%r\" %>s %b" common
+
+    <IfModule logio_module>
+      # You need to enable mod_logio.c to use %I and %O
+      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
+    </IfModule>
+
+    #
+    # The location and format of the access logfile (Common Logfile Format).
+    # If you do not define any access logfiles within a <VirtualHost>
+    # container, they will be logged here.  Contrariwise, if you *do*
+    # define per-<VirtualHost> access logfiles, transactions will be
+    # logged therein and *not* in this file.
+    #
+    #CustomLog logs/access.log common
+
+    #
+    # If you prefer a logfile with access, agent, and referer information
+    # (Combined Logfile Format) you can use the following directive.
+    #
+    CustomLog logs/access.log combined
+</IfModule>
+
+<IfModule alias_module>
+    #
+    # Redirect: Allows you to tell clients about documents that used to 
+    # exist in your server's namespace, but do not anymore. The client 
+    # will make a new request for the document at its new location.
+    # Example:
+    # Redirect permanent /foo http://www.example.com/bar
+
+    #
+    # Alias: Maps web paths into filesystem paths and is used to
+    # access content that does not live under the DocumentRoot.
+    # Example:
+    # Alias /webpath /full/filesystem/path
+    #
+    # If you include a trailing / on /webpath then the server will
+    # require it to be present in the URL.  You will also likely
+    # need to provide a <Directory> section to allow access to
+    # the filesystem path.
+
+    #
+    # ScriptAlias: This controls which directories contain server scripts. 
+    # ScriptAliases are essentially the same as Aliases, except that
+    # documents in the target directory are treated as applications and
+    # run by the server when requested rather than as documents sent to the
+    # client.  The same rules about trailing "/" apply to ScriptAlias
+    # directives as to Alias.
+    #
+    ScriptAlias /cgi-bin/ "/var/www/localhost/cgi-bin/"
+
+</IfModule>
+
+<IfModule cgid_module>
+    #
+    # ScriptSock: On threaded servers, designate the path to the UNIX
+    # socket used to communicate with the CGI daemon of mod_cgid.
+    #
+    #Scriptsock cgisock
+</IfModule>
+
+#
+# "/var/www/localhost/cgi-bin" should be changed to whatever your ScriptAliased
+# CGI directory exists, if you have that configured.
+#
+<Directory "/var/www/localhost/cgi-bin">
+    AllowOverride None
+    Options None
+    Require all granted
+</Directory>
+
+<IfModule headers_module>
+    #
+    # Avoid passing HTTP_PROXY environment to CGI's on this or any proxied
+    # backend servers which have lingering "httpoxy" defects.
+    # 'Proxy' request header is undefined by the IETF, not listed by IANA
+    #
+    RequestHeader unset Proxy early
+</IfModule>
+
+<IfModule mime_module>
+    #
+    # TypesConfig points to the file containing the list of mappings from
+    # filename extension to MIME-type.
+    #
+    TypesConfig /etc/apache2/mime.types
+
+    #
+    # AddType allows you to add to or override the MIME configuration
+    # file specified in TypesConfig for specific file types.
+    #
+    #AddType application/x-gzip .tgz
+    #
+    # AddEncoding allows you to have certain browsers uncompress
+    # information on the fly. Note: Not all browsers support this.
+    #
+    #AddEncoding x-compress .Z
+    #AddEncoding x-gzip .gz .tgz
+    #
+    # If the AddEncoding directives above are commented-out, then you
+    # probably should define those extensions to indicate media types:
+    #                        
+    AddType application/x-compress .Z
+    AddType application/x-gzip .gz .tgz
+
+    #
+    # AddHandler allows you to map certain file extensions to "handlers":
+    # actions unrelated to filetype. These can be either built into the server
+    # or added with the Action directive (see below)
+    #
+    # To use CGI scripts outside of ScriptAliased directories:
+    # (You will also need to add "ExecCGI" to the "Options" directive.)
+    #
+    #AddHandler cgi-script .cgi
+
+    # For type maps (negotiated resources):
+    #AddHandler type-map var
+
+    #
+    # Filters allow you to process content before it is sent to the client.
+    #
+    # To parse .shtml files for server-side includes (SSI):
+    # (You will also need to add "Includes" to the "Options" directive.)
+    #
+    #AddType text/html .shtml
+    #AddOutputFilter INCLUDES .shtml
+</IfModule>
+
+#
+# The mod_mime_magic module allows the server to use various hints from the
+# contents of the file itself to determine its type.  The MIMEMagicFile
+# directive tells the module where the hint definitions are located.
+#
+<IfModule mime_magic_module>
+    MIMEMagicFile /etc/apache2/magic
+</IfModule>
+
+#
+# Customizable error responses come in three flavors:
+# 1) plain text 2) local redirects 3) external redirects
+#
+# Some examples:
+#ErrorDocument 500 "The server made a boo boo."
+#ErrorDocument 404 /missing.html
+#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
+#ErrorDocument 402 http://www.example.com/subscription_info.html
+#
+
+#
+# MaxRanges: Maximum number of Ranges in a request before
+# returning the entire resource, or one of the special
+# values 'default', 'none' or 'unlimited'.
+# Default setting is to accept 200 Ranges.
+#MaxRanges unlimited
+
+#
+# EnableMMAP and EnableSendfile: On systems that support it, 
+# memory-mapping or the sendfile syscall may be used to deliver
+# files.  This usually improves server performance, but must
+# be turned off when serving from networked-mounted 
+# filesystems or if support for these functions is otherwise
+# broken on your system.
+# Defaults: EnableMMAP On, EnableSendfile Off
+#
+#EnableMMAP off
+#EnableSendfile on
+
+# Load config files from the config directory "/etc/apache2/conf.d".
+#
+IncludeOptional /etc/apache2/conf.d/*.conf
+IncludeOptional /etc/apache2/conf.d/nine/*.conf

misc/images/nineapache7/containers/nineapache/site.conf

@@ -16,4 +16,5 @@ DocumentRoot "/app/public"
     RewriteRule ^index\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L]
     RewriteCond %{REQUEST_FILENAME} !-f
     RewriteRule ^ %{ENV:BASE}/index.php [L]    
-</Directory>
+</Directory>
+

misc/images/nineapache8/containers/nineapache/Dockerfile

@@ -12,7 +12,8 @@ RUN apk add --no-cache \
     curl \
     unzip \
     zip \
-    openssl
+    openssl \
+    mariadb-client
 
 RUN apk add --no-cache \ 
     apache2 \

misc/images/sentinel/containers/Dockerfile

@@ -0,0 +1,19 @@
+FROM redis:6-alpine
+ 
+ENV SENTINEL_QUORUM 2
+ENV SENTINEL_DOWN_AFTER 1000
+ENV SENTINEL_FAILOVER 1000
+ 
+RUN mkdir -p /redis
+ 
+WORKDIR /redis
+ 
+COPY sentinel.conf .
+COPY sentinel-entrypoint.sh /usr/local/bin/
+ 
+RUN chown redis:redis /redis/* && \
+    chmod +x /usr/local/bin/sentinel-entrypoint.sh
+ 
+EXPOSE 26379
+ 
+ENTRYPOINT ["sentinel-entrypoint.sh"]

misc/images/sentinel/containers/sentinel-entrypoint.sh

@@ -0,0 +1,7 @@
+#!/bin/sh
+ 
+sed -i "s/\$SENTINEL_QUORUM/$SENTINEL_QUORUM/g" /redis/sentinel.conf
+sed -i "s/\$SENTINEL_DOWN_AFTER/$SENTINEL_DOWN_AFTER/g" /redis/sentinel.conf
+sed -i "s/\$SENTINEL_FAILOVER/$SENTINEL_FAILOVER/g" /redis/sentinel.conf
+ 
+redis-server /redis/sentinel.conf --sentinel

misc/images/sentinel/containers/sentinel.conf

@@ -0,0 +1,9 @@
+port 26379
+
+dir /tmp
+
+sentinel resolve-hostnames yes
+sentinel monitor redismaster redis 6379 $SENTINEL_QUORUM
+sentinel down-after-milliseconds redismaster $SENTINEL_DOWN_AFTER
+sentinel parallel-syncs redismaster 1
+sentinel failover-timeout redismaster $SENTINEL_FAILOVER

misc/tools/dicos.sh

@@ -1,12 +1,11 @@
     dir=$1
 
     if [ -f "$dir/dicos/.env.dicos" ]; then
+
         dicos="$dir/dicos/.env.dicos"
 
         # Exporter la variable
-        while IFS='=' read -r key value; do
+        set -o allexport; source <(grep -v '^#' $dir/env/.env.merge | sed 's/^/export /'); set +o allexport
-            export "$key"="$value"
-        done < $dir/env/.env.merge
 
         # Initialisation des tableaux
         templates=()

misc/tools/mergeenv.sh

@@ -0,0 +1,25 @@
+#!/usr/bin/env -S -i bash
+
+env_files="env/.env env/.env.local"
+merged_env="env/.env.merge"
+if [ -n "$1" ]
+then
+    env_files="$env_files $1/env/.env $1/env/.env.local"
+    merged_env="$1/env/.env.merge"
+fi
+
+unset PWD
+unset SHLVL
+for env_file in $env_files
+do
+    set -a
+    if [ -f "$env_file" ]
+    then
+        . $env_file
+    fi
+    set +a
+done
+unset username
+export -p | cut -d" " -f3- | sed "/OLDPWD/d" | head -n -1 | sort > "$merged_env"
+
+exit 0

nine.sh

@@ -22,6 +22,18 @@ stop() {
     docker-compose stop $1
 
     if [[ "$2" != 1 ]]; then echo; fi
+
+    if [[ "$2" != 1 ]]; then Title "REMOVE"; fi
+    
+    if [[ "$1" != "" ]]; then 
+        docker-compose rm -s -v -f "${1}"
+    else
+        for key in $(for k in "${!services[@]}"; do echo "$k:${services[$k]}"; done | sort -t: -k2,2 | cut -d: -f1); do
+            docker-compose rm -s -v -f "${key}"
+        done;    
+    fi
+    
+    if [[ "$2" != 1 ]]; then echo; fi
 }
 
 #===========================================================================================================================================
@@ -94,6 +106,26 @@ destroyall(){
     fi
 }
 
+
+#===========================================================================================================================================
+#== PULL ===================================================================================================================================
+#===========================================================================================================================================
+
+pull(){
+    if [[ "$1" == "" ]]
+    then
+        Question_ouinon "Souhaitez-vous mettre à jour les images  ?"
+    else
+        Question_ouinon "Souhaitez-vous mettre à jour l'images du service $1  ?"
+    fi
+
+    if [[ "$?" = 0 ]]
+    then
+        stop $1
+        docker-compose pull $1
+    fi
+}
+
 #===========================================================================================================================================
 #== ENV ====================================================================================================================================
 #===========================================================================================================================================
@@ -101,7 +133,8 @@ destroyall(){
         
 env(){
     for dir in $(ls -d "services"/[0-9][0-9]-* | sort); do
-        mergeenv $dir/env/.env.merge env/.env.merge $dir/env/.env $dir/env/.env.local
+        #mergeenv $dir/env/.env.merge env/.env.merge $dir/env/.env $dir/env/.env.local
+        misc/tools/mergeenv.sh $dir
     done    
 }
 
@@ -111,18 +144,40 @@ env(){
 # Construction du dockercompose
 
 dockercompose() {
-    echo "services:" > docker-compose.yml
 
+    echo "services:" > services.yml
+    echo "secrets:" > secrets.yml
+    echo "networks:" > networks.yml
+    echo "  nine-network:" >> networks.yml
+    echo "    name: nine-network" >> networks.yml
     for dir in $(ls -d "services"/[0-9][0-9]-* | sort); do
         # Construction du docker-compose
         if [ -f "$dir/dockercompose/dockercompose.yml" ]; then
-            cat "$dir/dockercompose/dockercompose.yml" >> docker-compose.yml
+        unset section
+        while read; do
+            case $REPLY in
+                "services:")
+                    section=${REPLY%:}
+                    ;;
+                "secrets:")
+                    section=${REPLY%:}
+                    ;;
+                "networks:")
+                    section=${REPLY%:}
+                    ;;
+                *)
+                    if [ -n "$section" ]; then
+                        echo "$REPLY" >> ${section}.yml
+                    fi
+                    ;;
+
+            esac
+        done < "$dir/dockercompose/dockercompose.yml"
         fi  
     done
+    cat services.yml secrets.yml networks.yml > docker-compose.yml
+    rm -f services.yml secrets.yml networks.yml
 
-    echo "networks:" >> docker-compose.yml
-    echo "  nine-network:" >> docker-compose.yml
-    echo "    name: nine-network" >> docker-compose.yml    
 }
 
 #===========================================================================================================================================
@@ -174,9 +229,9 @@ services() {
 #===========================================================================================================================================
 
 # Include variable d'environnement global
-mergeenv env/.env.merge env/.env env/.env.local
+#mergeenv env/.env.merge env/.env env/.env.local
+misc/tools/mergeenv.sh
 . env/.env.merge
-
 # Include service
 declare -A services
 for dir in $(ls -d "services"/[0-9][0-9]-* | sort); do
@@ -246,6 +301,9 @@ then
     else
         destroy$2
     fi
+elif [[ $1 == "pull" ]]
+then
+    pull $2
 elif [[ $1 == "services" ]]
 then
     services
@@ -269,6 +327,21 @@ then
         template        
         up$2
     fi
+elif [[ $1 == "regenlogs" ]]
+then
+    if [[ -z $2 ]]
+    then
+        destroyall
+        apache
+        template
+        up
+    else
+        destroy$2
+        apache
+        template        
+        up$2
+    fi
+    docker-compose logs -f $2
 else
     EchoRouge "Action possible ="
     EchoRouge "nine.sh > UP de l'ensemble des services actifs"
@@ -277,10 +350,12 @@ else
     EchoRouge "nine.sh uplogs > UP puis logs de l'ensemble des services actifs"
     EchoRouge "nine.sh uplogs monservice> UP puis logs de monservice"    
     EchoRouge "nine.sh stop > STOP de l'ensemble des services"
-    EchoRouge "nine.sh stop monservice> STOP de monservice"
+    EchoRouge "nine.sh stop monservice > STOP de monservice"
-    EchoRouge "nine.sh bash monservice> lance un terminel dans le conteneur de monservice"
+    EchoRouge "nine.sh bash monservice > lance un terminel dans le conteneur de monservice"
-    EchoRouge "nine.sh destroyall> détruit l'ensemble des services avec l'ensemble des BDD et des volumes persistant"
+    EchoRouge "nine.sh destroyall > détruit l'ensemble des services avec l'ensemble des BDD et des volumes persistant"
-    EchoRouge "nine.sh destroy monservice> détruit monservices et si souhaitez sa BDD et ses volumes persistant"
+    EchoRouge "nine.sh destroy monservice > détruit monservices et si souhaitez sa BDD et ses volumes persistant"
+    EchoRouge "nine.sh pull > Mettre à jour l'ensemble des images"
+    EchoRouge "nine.sh pull monservice > Mettre à jour l'image de monservice"
     EchoRouge "nine.sh services > Liste des Services"
     EchoRouge "nine.sh logs > LOGS de l'ensemble des services"
     EchoRouge "nine.sh logs monservice > LOGS de monservice"
@@ -289,4 +364,4 @@ else
     EchoRouge "nine.sh regen monservice > lance destroy monservice puis up monservice"
 fi
 echo
-echo
+echo

readme.md

@@ -4,119 +4,68 @@
 
 git clone --branch master https://forge.cadoles.com/afornerot/ninedocker.git
 
-## Nine sur localhost
+## Nine sur localhost
 
 Vous devez ajouter un domaine dans votre host qui pointe sur 127.0.0.0
 
-Sans personnalisation nine est configuré pour travailler avec nine.local et il écoute le port 7080
+Sans personnalisation nine est configuré pour travailler avec nine.local et il écoute les ports 443 et 80
 
 ```
 127.0.0.0 nine.local
 ```
 
-## Comment personnaliser
+# Structure du projet
 
-Pour personnaliser la configuration de base
+## env
 
-- créer un fichier /env/.env.local
+Ce répertoire contient l'ensemble des variables d'environnements de Ninedocker. Ne modifiez jamais le fichier .env, si vous souhaitez personnaliser votre environnement, initialisez un fichier .env.local au même emplacement. Dans ce fichier vous pourrez altérer les valeurs des variables présentes dans le .env.
-- et faite varier les variables d'environnement WEB_URL et PROTOCOLE
 
-### Host
+### Variables "SERVICE"
+
+Chaque service ont au minimum trois variables
+
+```
+- LESERVICE_SERVICE_NAME=leservice # Le nom du service
+- LESERVICE_ACTIVATE=1             # Pour activer le service
+- LESERVICE_LOCAL=1                # Pour indiquer si le service est hébergé sur ninedocker
+```
+
+Si vous souhaitez ajouter vos propres services à Ninedocker, ajoutez obligatoirement au moins trois variables dans votre .env.local:
+
+```
+- MONSERVICE_SERVICE_NAME=leservice
+- MONSERVICE_ACTIVATE=1
+- MONSERVICE_LOCAL=1
+```
+
+### Variables WEB_URL & PROTOCOLE
 
 De base ninedocker est configuré pour fonctionner sur nine.local en https
 
-Exemple de faire fonctionner le docker en local et en http
+Vous devez donc modifier dans le .env.local pour être en phase avec votre environnement
 
 ```
 WEB_URL=mondomaine
 PROTOCOLE=https
 ```
 
-### Ports & Services associés
+### Variable MASTERIDENTITY
 
-Les services suivants sont à l'écoute des ports
+La variable MASTERIDENTITY peut prendre les valeurs SQL ou SSO ou LDAP. Elle permet d'indiquer à Ninegate ou Nineskeletor qui est le maître de l'indentité.
 
-- 3306 = mariadb
+- Si **SQL** = c'est que c'est Ninegate ou Nineskeletor qui sont detenteur et maître de l'indentité. Dans ce cas Ninegate ou Nineskeletor seront capable de synchroniser leurs utilisateurs dans un annuaire. Si un service OPENLDAP est activé.
-- 9000 = ninegate
+- Si **SSO** = c'est que c'est à la connexion en SSO aux différents services qui va autosubmit ou autoupdate l'utilisateur dans le service qui utilise le service SSO. Dans ce cas, il est impératif que votre mode d'authentification soit paramétré en CAS.
-- 1389/1636 = openldap
+- Si **LDAP** = c'est que c'est le service OPENLDAP qui est maître de l'identité. Dans ce cas c'est à vous d'alimenter les utilisateurs dans l'annuaire. Le service PHPLDAPADMIN pourrait vous aider à cela. Certains service pourront se synchroniser avec votre annuaire pour récupérer d'avance votre structure organisationnelle
-- 8999/8443 = keycloak
-- 9001 = nextcloud
-- 9002 = nineboard
-- 9003 = wordpress
-- 9100 = adminer
-- 9101 = phpldapadmin
-- 9102 = nineapache
 
-Si vous souhaitez ne pas attaquer vos services via leurs ports, vous devrez mettre en place un reverse proxy apache ou ngnix
+### Variable MODE_AUTH
 
-exemple apache
+Cette variable permet de déterminer quel protocole d'authentification sera utilisé par les différents service
 
-```
+- **SQL** = sa propre mire d'authentification
-ProxyPass /auth http://0.0.0.0:8080/auth retry=0 keepalive=On
+- **CAS** = CAS le serveur CAS local ou externe
-ProxyPassReverse /auth http://0.0.0.0:8080/auth retry=0
+- **LDAP** = l'annuaire local ou externe dans ce cas la variable LDAP_LOGIN_FILTER est nécessaire
 
-ProxyPass /ninegate http://0.0.0.0:9000/ninegate retry=0 keepalive=On
+### Variables LDAP
-ProxyPassReverse /ninegate http://0.0.0.0:9000/ninegate retry=0
-ProxyPass /wssninegate ws://0.0.0.0:9000/wssninegate retry=0 keepalive=On
-ProxyPassReverse /wssninegate ws://0.0.0.0:9000/wssninegate retry=0
-
-ProxyPass /nextcloud http://0.0.0.0:9001 retry=0 keepalive=On
-ProxyPassReverse /nextcloud http://0.0.0.0:9001 retry=0
-
-ProxyPass /nineboard http://0.0.0.0:9002/nineboard retry=0 keepalive=On
-ProxyPassReverse /nineboard http://0.0.0.0:9002/nineboard retry=0
-ProxyPass /wssnineboard ws://0.0.0.0:9002/wssnineboard retry=0 keepalive=On
-ProxyPassReverse /wssnineboard ws://0.0.0.0:9002/wssnineboard retry=0
-
-ProxyPass /wordpress http://0.0.0.0:9003/wordpress retry=0 keepalive=On
-ProxyPassReverse /wordpress http://0.0.0.0:9003/wordpress retry=0
-
-ProxyPass /adminer http://0.0.0.0:9100 retry=0 keepalive=On
-ProxyPassReverse /adminer http://0.0.0.0:9100 retry=0
-
-ProxyPass /phpldapadmin http://0.0.0.0:9101/phpldapadmin retry=0 keepalive=On
-ProxyPassReverse /phpldapadmin http://0.0.0.0:9101/phpldapadmin retry=0
-
-ProxyPass /nineapache http://0.0.0.0:9102 retry=0 keepalive=On
-ProxyPassReverse /nineapache http://0.0.0.0:9102 retry=0
-```
-
-### Activer / Désactiver les services
-
-Dans votre ./env/.env.local vous pouvez activer / désactiver des services via les variables suivante
-
-```
-MARIADB_ACTIVATE=
-LDAP_ACTIVATE=
-CAS_ACTIVATE=
-NINEGATE_ACTIVATE=
-NEXTCLOUD_ACTIVATE=
-NINEBOARD_ACTIVATE=
-WORDPRESS_ACTIVATE=
-ADMINER_ACTIVATE=
-PHPLDAPADMIN_ACTIVATE=
-NINEAPACHE_ACTIVATE=
-```
-
-### Déporter des services
-
-Certains services peuvent t'être distant et non géré par le docker nine. Pour cela garder le service actif mais indiquer lui qu'il n'est pas local via les variables suivantes
-
-```
-LDAP_LOCAL
-CAS_LOCAL
-NINEGATE_LOCAL
-NEXTCLOUD_LOCAL
-NINEBOARD_LOCAL
-WORDPRESS_LOCAL
-ADMINER_LOCAL
-PHPLDAPADMIN_LOCAL
-NINEAPACHE_LOCAL
-```
-
-S'il ne sont pas local en fonction du service vous devrez ajouter les variables nécessaire dans votre .env.local pour indiquer où se situe le service.
-
-**LDAP**
 
 ```
 LDAP_HOST                       # Host de votre annuaire
@@ -134,35 +83,7 @@ LDAP_EMAIL=mail                 # Attribut mail d'un utilisateur
 LDAP_MEMBER=memberUid           # Liste des uid utilisateur dans un groupe
 ```
 
-### Personnaliser Ninegate
+#### Variable LDAP_SYNC
-
-#### MASTERIDENTITY
-
-Ce variable va vous permettre de déterminer qui est le maître de l'identité
-
-**SQL**
-
-- C'est ninegate le maître vous pouvez via l'interface de gestion de ninagate créer/modifier/supprimer des niveaux/groups/utilisateurs
-- Vous pourrez activer l'auto inscription des utilisateurs
-- Les utilisateurs pourront bénéficier d'un "Mot de passe oublié"
-- Si vous avez activer le service LDAP, les utilisateurs pourront alors être synchroniser
-
-**LDAP**
-
-- C'est l'annuaire le maître vous ne plus créer/modifier/supprimer des utilisateurs dans l'interface de ninegate, ni bénéficier de l'auto inscription des utilisateurs ni de la fonctionnalité "Mot de passe oublié"
-- Cela sera à vous de créer directement dans l'annuaire vos utilisateurs
-- Vous pourrez créer des niveaux et des groupes
-- Les niveau01s et les groupes pourront etre associé à une requete LDAP indiquant à Ninegate comment les récupérer et les synchroniser dans sa base
-
-### MODE_AUTH
-
-Quel protocole d'authentification sera utilisé par les différents service
-
-- SQL = sa propre mire d'authentification
-- CAS = CAS le serveur CAS local ou externe
-- LDAP = l'annuaire local ou externe dans ce cas la variable LDAP_LOGIN_FILTER est nécessaire
-
-#### Synchronisation
 
 Pour activer la synchronisation des comptes il est nessaire d'activer cette variable
 
@@ -172,14 +93,14 @@ LDAP_SYNC
 
 En fonction de votre MASTERIDENTITY vous pouvez synchroniser les utilisateurs
 
-**Si masteridentity est à SQL = où sont synchronisées les datas dans l'annuaire**
+**Si MASTERIDENTITY est à SQL = synchronisation des datas la BDD vers l'annuaire**
 
 Attention dans ce cas ninegate attend une structure d'annuaire bien précise. Vous pouvez retrouver cette structure si vous souhaitez déporter votre annuaire à ces emplacements :
 
 - schema = ./volume/openldap/nine/schema/cadoles.ldif
 - ldif = ./volume/openldap/nine/ldif/cadoles.ldif
 
-Voici les variables qui indiquera à ninegate où aller synchroniser son organisation
+Voici les variables qui indiquera à Ninegate où aller synchroniser son organisation
 
 ```
 LDAP_BASEUSER="ou=users,ou=ninegate,o=gouv,c=fr"
@@ -188,7 +109,7 @@ LDAP_BASENIVEAU02="ou=niveau02,ou=ninegate,o=gouv,c=fr"
 LDAP_BASEGROUP="ou=groups,ou=ninegate,o=gouv,c=fr"
 ```
 
-**Si masteridentity est à LDAP**
+**Si MASTERIDENTITY est à LDAP**
 
 Dans l'interface de ninegate sur les niveaux vous devrait lui indiquer comment créer les utilisateurs de ce niveau via un filtre LDAP
 
@@ -211,6 +132,6 @@ OPENLDAPSYNCHROGROUP
 OPENLDAPREQGROUP
 ```
 
-**Si masteridentity est à SSO**
+**Si MASTERIDENTITY est à SSO**
 
 Il n'y a pas de synchronisation, la création / modification des utilisateurs se fait à la connexion de ce dernier.

services/01-mta/dockercompose/dockercompose.yml

@@ -0,0 +1,14 @@
+# Passerelle courriel pour les autres conteneurs
+services:
+  mta:
+    image: postfix
+    container_name: mta
+    restart: unless-stopped 
+    env_file: ./services/01-mta/env/.env.merge
+    networks:
+      - nine-network
+    secrets:
+      - postfix_password
+secrets:
+  postfix_password:
+    file: ./services/01-mta/secrets/postfix_password.txt

services/01-mta/env/.env

@@ -0,0 +1,4 @@
+POSTFIX_HOSTNAME="nine.local"
+POSTFIX_RELAY_HOST="$MTA_RELAY_HOST:$MTA_RELAY_PORT"
+POSTFIX_RELAY_USER="$MTA_RELAY_USER"
+POSTFIX_RELAY_PASSWORD_FILE="/run/secrets/postfix_password"

services/01-mta/misc/nine.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+
+function upmta {
+    if [[ $MTA_ACTIVATE == 1 && $MTA_LOCAL == 1 ]]
+    then
+        Title ${MTA_SERVICE_NAME^^}
+        EchoVert "CONTAINER"
+        upservice ${MTA_SERVICE_NAME}
+        Echo
+    fi      
+}
+
+function destroymta {
+    if [[ $MTA_LOCAL == 1 ]]
+    then
+        Title "DESTROY ${MTA_SERVICE_NAME}"
+
+        stop ${MTA_SERVICE_NAME} 1
+        docker-compose rm -s -v -f "${MTA_SERVICE_NAME}"    
+        echo ""
+    fi
+}

services/01-mta/secrets/postfix_password.txt

@@ -0,0 +1 @@
+secret

services/10-nineapache/dockercompose/dockercompose.yml

@@ -1,4 +1,4 @@
-
+services:
   # Nineapache
   # Reverse proxy de l'ensemble des services
   # Seul port ouvert sur l'exterieur
@@ -11,5 +11,7 @@
       - nine-network
     ports:
       - "80:80"  
+      - "443:443"
     volumes:
       - ./services/10-nineapache/volume/apache:/etc/apache2/conf.d/nine
+      - ./services/10-nineapache/volume/ssl:/etc/apache2/ssl

services/10-nineapache/volume/ssl/selfsigned.crt

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDYTCCAkmgAwIBAgIUQ+F6GtJo7VWyn1uemlBWSqYDGyYwDQYJKoZIhvcNAQEL
+BQAwQDELMAkGA1UEBhMCRlIxDzANBgNVBAgMBkZyYW5jZTEOMAwGA1UEBwwFRGlq
+b24xEDAOBgNVBAoMB0NhZG9sZXMwHhcNMjQwNzI4MTU1NjM0WhcNMjUwNzI4MTU1
+NjM0WjBAMQswCQYDVQQGEwJGUjEPMA0GA1UECAwGRnJhbmNlMQ4wDAYDVQQHDAVE
+aWpvbjEQMA4GA1UECgwHQ2Fkb2xlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAKLfE1bjieaMAKV7e9blEPGSQtp2gFfrsYwjLaFnT+JyUtNbAKtAUxsB
+SOLMC+cBMluQyv1E69xeL+8v9QgkmpvUw/nJy32/hU1AVSxzfU67wZHWusjx4089
+tHLmJymDQkjvKnshLoPSXQTD3bA1HScMyuymqdXlUTIHm3xoOmi+9T+58UgCsTaj
+7j8TavNdbU5PXSWyk8WHoYZJMEefLypvARa8g0xDYq3S7MomTIIulS/p/pD2RVA6
+th8SrjBiIvI7OrNP2TyYbZbVGit64+03+YIiCr8UUqA+a4FZlOzvWo9pHsErb/9a
+uQeQ2ICS6ZnrLNHcNY/mppUW4TfEn6kCAwEAAaNTMFEwHQYDVR0OBBYEFGZEJEsY
+Y4TL3Q2UMm1CfJNywqJuMB8GA1UdIwQYMBaAFGZEJEsYY4TL3Q2UMm1CfJNywqJu
+MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAITdEJjIwNhzPomS
+ybcf1MES4zHSzQNmE6eRgKrB3V7qKANyjaav8vuDaH5drs5cEs+r/uheuVEQFrSV
+Jk4zLllo3XTdOE2Hydjzxy7Ztqel11hA8dD5tgdJBDxLj4lMbgAbMBWTfH2VjGYC
+xPtr8dV9kH2/91sJixRgKBVZ5ywzbqPIZU3iraXe8VOd9Uj+hDrNomAXJFrI/QV4
+81bEvHwTmBHWU+plTu0YyhlBkW5byScFZNek5eOxI721phnog/t9UDbsi20mrH0e
+iLfJ169LZ3yAWGy4NRq3oQnJUalu3HwlZr0fp0Eih0t7CD5O8Lt4ymN7EywrrI7J
+VnR5yZU=
+-----END CERTIFICATE-----

services/10-nineapache/volume/ssl/selfsigned.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCi3xNW44nmjACl
+e3vW5RDxkkLadoBX67GMIy2hZ0/iclLTWwCrQFMbAUjizAvnATJbkMr9ROvcXi/v
+L/UIJJqb1MP5yct9v4VNQFUsc31Ou8GR1rrI8eNPPbRy5icpg0JI7yp7IS6D0l0E
+w92wNR0nDMrspqnV5VEyB5t8aDpovvU/ufFIArE2o+4/E2rzXW1OT10lspPFh6GG
+STBHny8qbwEWvINMQ2Kt0uzKJkyCLpUv6f6Q9kVQOrYfEq4wYiLyOzqzT9k8mG2W
+1RoreuPtN/mCIgq/FFKgPmuBWZTs71qPaR7BK2//WrkHkNiAkumZ6yzR3DWP5qaV
+FuE3xJ+pAgMBAAECggEAONndCktKa2sbHqhHxe8XRvti0pbinc3rn5r35osFW2nE
+d3ogdaZyW87K/j9zOCM2zLdx444XNki6OqdmxHziatqNvbcujKo5gYmfMXDuoHjx
+TFLDyDiGu7YyMpkbumXS0VqKXYhrkB/x0CP+Ue94SZUxkAFs7vioqun04CwRl1Xh
+8Z0fU8IFSP1gEOmJMk1nLfCcYPdgsVDWNauhe1NAPCoZQGGYGfuGI6aBERy7vkAD
+S5kt7SAnhznXbo2K1hNHuj2exOLUpjWUeA7k/pyiIuK+PBoizB0nOgGClvOY9TCu
+il8jljLyH2lHeNhO1q6e+mu2oggjfozbMD5NcwduMQKBgQDGgj7+5fzhYtziFJOC
+DtCDgOEx8F7WxluxwuniG+WasnrpvF3mERQfj+Lx1X4gSSiZBu/ygq+e+NVuw6oL
+XNYyArvzsH+Ti9xzXhdJA0ujPXwoQ9km7GrM16x/OJGmA8Ruj7Xi5FSaP1mQeZze
+6JttYTVLw2vOe+4OQpxRSSe/FwKBgQDSCp4TRh7HJ3/cx/VMt1r8YvD8O/RrS+Df
+zKmTp57zaua8aVVXw34LN5RXnpom/zE1dg2uV0Lh4hneNEZgcm6OcJQrofkfrMUr
+LJKyym635VmYOmLdZYfHU3YpyJmPSb9+VwObPN9WGqgMMhoG8b7AeTqLihait5OA
+I0gj2+/PPwKBgGGeAySOLMEZQM3cmH1Ik7lXU2afccPkX4sW8rTCSzK7uj3e574P
+f/nVZCDQf+mYkGJQSwbSxVJDw5FonuJfkOWe+pZnoRUJnisNhh3dhQCNZ9TVKKA/
+enWpSaZ2RwmAqMRF34foCMKhjIXDiCUF9gjf2LmdLBKqVvKkRwKiGu2ZAoGBAMbo
+VSBthBIXnueG2Q8IiHqAfDRx1pqRpehqmaCB2W4tK0r7+Vz+fevDe5CqWtNZUdGN
+9ZDHhEgDZXnfSVJmq7nqdPcJEbHkXGfxcw8r00QFRx55FE0TrEygBkO1e26NaXIM
+lxa4w8t3vPKns6wl3P3LEB067Qq1DFMJlnSXAHfjAoGAAPbkr4ETFLswU/qdWAag
+mp5l2q7lAr9WUW+grJsY7PAc+RWvYiqs8zSyqIP39FyiwCdvJbQ7yhmUUI4Xsap+
+sseQwQ77KvZbAmbaht/8CCEpEvIunlmDPPvdmC2aBjjiXPCdfuI9oZW1vHg+DMR0
+EJyRdCAFQ4+712mehLzSSFQ=
+-----END PRIVATE KEY-----

services/15-mariadb/dockercompose/dockercompose.yml

@@ -1,4 +1,4 @@
-
+services:
   # Mariadb
   # Base de données des services
   # Port interne 3306

services/30-minio/dockercompose/dockercompose.yml

@@ -1,4 +1,4 @@
-
+services:
   # Minio
   # Stocakge S3
   # Port interne 9000 pour le stockage / Port interne 9001 pour l'interface web
@@ -12,4 +12,4 @@
     networks:
       - nine-network
     volumes:
-      - './services/30-minio/volume/data:/data'
+      - './services/30-minio/volume/data:/data'

services/30-openldap/dockercompose/dockercompose.yml

@@ -1,4 +1,4 @@
-
+services:
   # Openldap
   # Annuaire
   # Port interne 1389 & 1636

services/30-redis/dockercompose/dockercompose.yml

@@ -1,4 +1,4 @@
-
+services:
   # Redis
   # Base de données redis pour les services qui souhaitent stocker leur session en bdd
   # Port interne 6379
@@ -10,3 +10,5 @@
       - nine-network    
     environment:
       - TZ=Europe/Paris
+    volumes:
+      - ./services/30-redis/volume/data:/data:rw

services/30-redis/misc/nine.sh

@@ -18,6 +18,16 @@ function destroyredis(){
         stop $REDIS_SERVICE_NAME 1
         docker-compose rm -s -v -f "$REDIS_SERVICE_NAME"  
 
+        if [[ -z $1 ]]; then 
+            Question_ouinon "Souhaitez-vous supprimer la BDD associé à $REDIS_SERVICE_NAME ?";
+            response=$?
+        fi
+        if [[ "$response" == 0 || ! -z $1 ]]
+        then
+            EchoRouge "Delete BDD = $REDIS_SERVICE_NAME"
+            rm -rf services/30-redis/volume/data
+        fi
+
         echo ""
    fi  
 }

services/35-sentinel/dockercompose/dockercompose.yml

@@ -0,0 +1,11 @@
+services:
+  # Sentinel
+  # Sentinel du servince redis
+  # Port interne 26379
+  sentinel:
+    image: reg.cadoles.com/envole/sentinel
+    container_name: nine-sentinel
+    env_file: ./services/35-sentinel/env/.env.merge
+    networks:
+      - nine-network
+      

services/35-sentinel/env/.env

@@ -0,0 +1,3 @@
+
+# == SENTINEL ================================================================================================================================
+

services/35-sentinel/misc/nine.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+
+function upsentinel {
+    if [[ $SENTINEL_ACTIVATE == 1 && $SENTINEL_LOCAL == 1 ]]
+    then
+        Title "SENTINEL"
+        EchoVert "CONTAINER"
+        upservice $SENTINEL_SERVICE_NAME
+        Echo
+    fi
+}
+
+function destroysentinel(){
+    if [[ $SENTINEL_LOCAL == 1 ]]
+    then
+        Title "DESTROY $SENTINEL_SERVICE_NAME"
+
+        stop $SENTINEL_SERVICE_NAME 1
+        docker-compose rm -s -v -f "$SENTINEL_SERVICE_NAME"  
+
+        echo ""
+   fi  
+}

services/40-keycloak/dicos/.env.dicos

@@ -0,0 +1,2 @@
+templates=services/40-keycloak/tmpl/realm-export.json
+destinations=services/40-keycloak/volume/realm/realm-export.json

services/40-keycloak/dockercompose/dockercompose.yml

@@ -1,23 +1,22 @@
-
+services:
   # Keycloak
   # serveur SSO
   # Port interne 8999 & 8443
   keycloak:
     image: reg.cadoles.com/envole/keycloak:24.0.5
     container_name: nine-keycloak
-    restart: unless-stopped  
+    restart: unless-stopped         
-    healthcheck:
-      test: curl --fail http://127.0.0.1:9990 || exit 1
-      interval: 1s
-      timeout: 60s       
     env_file: ./services/40-keycloak/env/.env.merge
     networks:
       - nine-network
-    ports:
-      - 8999:8999
-      - 8443:8443
     volumes:
-      - './services/40-keycloak/volume/nine:/nine'
+      - ./services/40-keycloak/volume/realm:/opt/keycloak/data/import
+      - ./services/40-keycloak/volume/nine:/nine
     command:
-      - start-dev
+      - start
       - --import-realm
+      - --proxy-headers
+      - xforwarded
+      - --http-relative-path
+      - /auth
+

services/40-keycloak/env/.env

@@ -12,12 +12,11 @@ KC_DB_PASSWORD=${MARIADB_PASSWORD}
 KC_HTTPS_CERTIFICATE_FILE=/nine/server.crt.pem
 KC_HTTPS_CERTIFICATE_KEY_FILE=/nine/server.key.pem
 KC_HOSTNAME_PATH=/auth
-KC_HTTP_PORT=8999
 KC_HOSTNAME=nine.local
-KC_HOSTNAME_STRICT=false
 KC_PROXY_ADDRESS_FORWARDING=true
 KC_PROXY_HEADERS=xforwarded
+
+KC_HTTP_PORT=8999
 KC_HTTP_ENABLED=true
-
+KC_HOSTNAME_STRICT=false
-KC_IMPORT=/nine/realm-export.json
 

services/40-keycloak/tmpl/realm-export.json

@@ -0,0 +1,2377 @@
+{
+  "id": "8c01436d-9073-418c-940e-6b6178066782",
+  "realm": "nine",
+  "displayName": "Keycloak",
+  "displayNameHtml": "<div class=\"kc-logo-text\"><span>Nine</span></div>",
+  "notBefore": 0,
+  "defaultSignatureAlgorithm": "RS256",
+  "revokeRefreshToken": false,
+  "refreshTokenMaxReuse": 0,
+  "accessTokenLifespan": 60,
+  "accessTokenLifespanForImplicitFlow": 900,
+  "ssoSessionIdleTimeout": 1800,
+  "ssoSessionMaxLifespan": 36000,
+  "ssoSessionIdleTimeoutRememberMe": 0,
+  "ssoSessionMaxLifespanRememberMe": 0,
+  "offlineSessionIdleTimeout": 2592000,
+  "offlineSessionMaxLifespanEnabled": false,
+  "offlineSessionMaxLifespan": 5184000,
+  "clientSessionIdleTimeout": 0,
+  "clientSessionMaxLifespan": 0,
+  "clientOfflineSessionIdleTimeout": 0,
+  "clientOfflineSessionMaxLifespan": 0,
+  "accessCodeLifespan": 60,
+  "accessCodeLifespanUserAction": 300,
+  "accessCodeLifespanLogin": 1800,
+  "actionTokenGeneratedByAdminLifespan": 43200,
+  "actionTokenGeneratedByUserLifespan": 300,
+  "oauth2DeviceCodeLifespan": 600,
+  "oauth2DevicePollingInterval": 5,
+  "enabled": true,
+  "sslRequired": "external",
+  "registrationAllowed": false,
+  "registrationEmailAsUsername": false,
+  "rememberMe": false,
+  "verifyEmail": false,
+  "loginWithEmailAllowed": true,
+  "duplicateEmailsAllowed": false,
+  "resetPasswordAllowed": false,
+  "editUsernameAllowed": false,
+  "bruteForceProtected": false,
+  "permanentLockout": false,
+  "maxTemporaryLockouts": 0,
+  "maxFailureWaitSeconds": 900,
+  "minimumQuickLoginWaitSeconds": 60,
+  "waitIncrementSeconds": 60,
+  "quickLoginCheckMilliSeconds": 1000,
+  "maxDeltaTimeSeconds": 43200,
+  "failureFactor": 30,
+  "defaultRole": {
+    "id": "c6cb73d9-9ced-4620-8c2a-f03306b7d0a2",
+    "name": "default-roles-nine",
+    "description": "${role_default-roles}",
+    "composite": true,
+    "clientRole": false,
+    "containerId": "8c01436d-9073-418c-940e-6b6178066782"
+  },
+  "requiredCredentials": [
+    "password"
+  ],
+  "otpPolicyType": "totp",
+  "otpPolicyAlgorithm": "HmacSHA1",
+  "otpPolicyInitialCounter": 0,
+  "otpPolicyDigits": 6,
+  "otpPolicyLookAheadWindow": 1,
+  "otpPolicyPeriod": 30,
+  "otpPolicyCodeReusable": false,
+  "otpSupportedApplications": [
+    "totpAppFreeOTPName",
+    "totpAppGoogleName",
+    "totpAppMicrosoftAuthenticatorName"
+  ],
+  "localizationTexts": {},
+  "webAuthnPolicyRpEntityName": "keycloak",
+  "webAuthnPolicySignatureAlgorithms": [
+    "ES256"
+  ],
+  "webAuthnPolicyRpId": "",
+  "webAuthnPolicyAttestationConveyancePreference": "not specified",
+  "webAuthnPolicyAuthenticatorAttachment": "not specified",
+  "webAuthnPolicyRequireResidentKey": "not specified",
+  "webAuthnPolicyUserVerificationRequirement": "not specified",
+  "webAuthnPolicyCreateTimeout": 0,
+  "webAuthnPolicyAvoidSameAuthenticatorRegister": false,
+  "webAuthnPolicyAcceptableAaguids": [],
+  "webAuthnPolicyExtraOrigins": [],
+  "webAuthnPolicyPasswordlessRpEntityName": "keycloak",
+  "webAuthnPolicyPasswordlessSignatureAlgorithms": [
+    "ES256"
+  ],
+  "webAuthnPolicyPasswordlessRpId": "",
+  "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified",
+  "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified",
+  "webAuthnPolicyPasswordlessRequireResidentKey": "not specified",
+  "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified",
+  "webAuthnPolicyPasswordlessCreateTimeout": 0,
+  "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false,
+  "webAuthnPolicyPasswordlessAcceptableAaguids": [],
+  "webAuthnPolicyPasswordlessExtraOrigins": [],
+  "scopeMappings": [
+    {
+      "clientScope": "offline_access",
+      "roles": [
+        "offline_access"
+      ]
+    }
+  ],
+  "clientScopeMappings": {
+    "account": [
+      {
+        "client": "account-console",
+        "roles": [
+          "manage-account",
+          "view-groups"
+        ]
+      }
+    ]
+  },
+  "clients": [
+    {
+      "id": "233d4e12-e0f2-4ac9-83ff-d83e408c41b1",
+      "clientId": "account",
+      "name": "${client_account}",
+      "rootUrl": "${authBaseUrl}",
+      "baseUrl": "/realms/nine/account/",
+      "surrogateAuthRequired": false,
+      "enabled": true,
+      "alwaysDisplayInConsole": false,
+      "clientAuthenticatorType": "client-secret",
+      "redirectUris": [
+        "/realms/nine/account/*"
+      ],
+      "webOrigins": [],
+      "notBefore": 0,
+      "bearerOnly": false,
+      "consentRequired": false,
+      "standardFlowEnabled": true,
+      "implicitFlowEnabled": false,
+      "directAccessGrantsEnabled": false,
+      "serviceAccountsEnabled": false,
+      "publicClient": true,
+      "frontchannelLogout": false,
+      "protocol": "openid-connect",
+      "attributes": {
+        "post.logout.redirect.uris": "+"
+      },
+      "authenticationFlowBindingOverrides": {},
+      "fullScopeAllowed": false,
+      "nodeReRegistrationTimeout": 0,
+      "protocolMappers": [
+        {
+          "id": "948e92a9-d96a-4b75-9300-bb4ddf11166c",
+          "name": "full name",
+          "protocol": "cas",
+          "protocolMapper": "cas-full-name-mapper",
+          "consentRequired": false,
+          "config": {
+            "claim.name": "cn",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "0493b3b4-6b22-47ca-8942-77b0d6f6b4c0",
+          "name": "email",
+          "protocol": "cas",
+          "protocolMapper": "cas-usermodel-property-mapper",
+          "consentRequired": false,
+          "config": {
+            "user.attribute": "email",
+            "claim.name": "mail",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "f3c849e4-0e9e-4e64-a177-f58506a50942",
+          "name": "given name",
+          "protocol": "cas",
+          "protocolMapper": "cas-usermodel-property-mapper",
+          "consentRequired": false,
+          "config": {
+            "user.attribute": "firstName",
+            "claim.name": "givenName",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "c85e0aee-70df-4684-897a-178221e01856",
+          "name": "family name",
+          "protocol": "cas",
+          "protocolMapper": "cas-usermodel-property-mapper",
+          "consentRequired": false,
+          "config": {
+            "user.attribute": "lastName",
+            "claim.name": "sn",
+            "jsonType.label": "String"
+          }
+        }
+      ],
+      "defaultClientScopes": [
+        "web-origins",
+        "acr",
+        "roles",
+        "profile",
+        "email"
+      ],
+      "optionalClientScopes": [
+        "address",
+        "phone",
+        "offline_access",
+        "microprofile-jwt"
+      ]
+    },
+    {
+      "id": "b5094515-d074-49df-8354-11aa5a748f39",
+      "clientId": "account-console",
+      "name": "${client_account-console}",
+      "rootUrl": "${authBaseUrl}",
+      "baseUrl": "/realms/nine/account/",
+      "surrogateAuthRequired": false,
+      "enabled": true,
+      "alwaysDisplayInConsole": false,
+      "clientAuthenticatorType": "client-secret",
+      "redirectUris": [
+        "/realms/nine/account/*"
+      ],
+      "webOrigins": [],
+      "notBefore": 0,
+      "bearerOnly": false,
+      "consentRequired": false,
+      "standardFlowEnabled": true,
+      "implicitFlowEnabled": false,
+      "directAccessGrantsEnabled": false,
+      "serviceAccountsEnabled": false,
+      "publicClient": true,
+      "frontchannelLogout": false,
+      "protocol": "openid-connect",
+      "attributes": {
+        "post.logout.redirect.uris": "+",
+        "pkce.code.challenge.method": "S256"
+      },
+      "authenticationFlowBindingOverrides": {},
+      "fullScopeAllowed": false,
+      "nodeReRegistrationTimeout": 0,
+      "protocolMappers": [
+        {
+          "id": "689cb46e-9af9-4967-97c8-c44dcc96fd9d",
+          "name": "full name",
+          "protocol": "cas",
+          "protocolMapper": "cas-full-name-mapper",
+          "consentRequired": false,
+          "config": {
+            "claim.name": "cn",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "d798371a-1b03-4dd7-8b35-2dc736cfb384",
+          "name": "family name",
+          "protocol": "cas",
+          "protocolMapper": "cas-usermodel-property-mapper",
+          "consentRequired": false,
+          "config": {
+            "user.attribute": "lastName",
+            "claim.name": "sn",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "f9e1aaf2-6bf5-4652-9f37-4c3c94a5d6b9",
+          "name": "audience resolve",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-audience-resolve-mapper",
+          "consentRequired": false,
+          "config": {}
+        },
+        {
+          "id": "528c18f8-2a2e-44fa-9429-77bdd8d679e9",
+          "name": "email",
+          "protocol": "cas",
+          "protocolMapper": "cas-usermodel-property-mapper",
+          "consentRequired": false,
+          "config": {
+            "user.attribute": "email",
+            "claim.name": "mail",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "93f8c307-5296-4773-82f9-b2791c2302d7",
+          "name": "given name",
+          "protocol": "cas",
+          "protocolMapper": "cas-usermodel-property-mapper",
+          "consentRequired": false,
+          "config": {
+            "user.attribute": "firstName",
+            "claim.name": "givenName",
+            "jsonType.label": "String"
+          }
+        }
+      ],
+      "defaultClientScopes": [
+        "web-origins",
+        "acr",
+        "roles",
+        "profile",
+        "email"
+      ],
+      "optionalClientScopes": [
+        "address",
+        "phone",
+        "offline_access",
+        "microprofile-jwt"
+      ]
+    },
+    {
+      "id": "64bd651e-62b0-4d4c-846d-d41a64e9168d",
+      "clientId": "admin-cli",
+      "name": "${client_admin-cli}",
+      "surrogateAuthRequired": false,
+      "enabled": true,
+      "alwaysDisplayInConsole": false,
+      "clientAuthenticatorType": "client-secret",
+      "redirectUris": [],
+      "webOrigins": [],
+      "notBefore": 0,
+      "bearerOnly": false,
+      "consentRequired": false,
+      "standardFlowEnabled": false,
+      "implicitFlowEnabled": false,
+      "directAccessGrantsEnabled": true,
+      "serviceAccountsEnabled": false,
+      "publicClient": true,
+      "frontchannelLogout": false,
+      "protocol": "openid-connect",
+      "attributes": {},
+      "authenticationFlowBindingOverrides": {},
+      "fullScopeAllowed": false,
+      "nodeReRegistrationTimeout": 0,
+      "protocolMappers": [
+        {
+          "id": "b07a89df-98e3-4ed1-8611-4be22376db88",
+          "name": "full name",
+          "protocol": "cas",
+          "protocolMapper": "cas-full-name-mapper",
+          "consentRequired": false,
+          "config": {
+            "claim.name": "cn",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "24437aa5-70c3-42d8-b279-9e9775de8bd1",
+          "name": "email",
+          "protocol": "cas",
+          "protocolMapper": "cas-usermodel-property-mapper",
+          "consentRequired": false,
+          "config": {
+            "user.attribute": "email",
+            "claim.name": "mail",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "7c3eb243-db59-4f9d-a230-f26162d7fde1",
+          "name": "given name",
+          "protocol": "cas",
+          "protocolMapper": "cas-usermodel-property-mapper",
+          "consentRequired": false,
+          "config": {
+            "user.attribute": "firstName",
+            "claim.name": "givenName",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "aaf9c300-14af-4999-a0f6-cd01363d6f2c",
+          "name": "family name",
+          "protocol": "cas",
+          "protocolMapper": "cas-usermodel-property-mapper",
+          "consentRequired": false,
+          "config": {
+            "user.attribute": "lastName",
+            "claim.name": "sn",
+            "jsonType.label": "String"
+          }
+        }
+      ],
+      "defaultClientScopes": [
+        "web-origins",
+        "acr",
+        "roles",
+        "profile",
+        "email"
+      ],
+      "optionalClientScopes": [
+        "address",
+        "phone",
+        "offline_access",
+        "microprofile-jwt"
+      ]
+    },
+    {
+      "id": "29badf9a-5911-4c4c-a3bb-544e53a39603",
+      "clientId": "broker",
+      "name": "${client_broker}",
+      "surrogateAuthRequired": false,
+      "enabled": true,
+      "alwaysDisplayInConsole": false,
+      "clientAuthenticatorType": "client-secret",
+      "redirectUris": [],
+      "webOrigins": [],
+      "notBefore": 0,
+      "bearerOnly": true,
+      "consentRequired": false,
+      "standardFlowEnabled": true,
+      "implicitFlowEnabled": false,
+      "directAccessGrantsEnabled": false,
+      "serviceAccountsEnabled": false,
+      "publicClient": false,
+      "frontchannelLogout": false,
+      "protocol": "openid-connect",
+      "attributes": {},
+      "authenticationFlowBindingOverrides": {},
+      "fullScopeAllowed": false,
+      "nodeReRegistrationTimeout": 0,
+      "protocolMappers": [
+        {
+          "id": "38457dea-3c4d-45f7-9e57-bf57c21125cf",
+          "name": "full name",
+          "protocol": "cas",
+          "protocolMapper": "cas-full-name-mapper",
+          "consentRequired": false,
+          "config": {
+            "claim.name": "cn",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "475e052f-bda8-4fbc-b0d8-90e1dd60cf5a",
+          "name": "family name",
+          "protocol": "cas",
+          "protocolMapper": "cas-usermodel-property-mapper",
+          "consentRequired": false,
+          "config": {
+            "user.attribute": "lastName",
+            "claim.name": "sn",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "d2ce31a8-bd06-4f59-ad2b-f0c99950eb13",
+          "name": "given name",
+          "protocol": "cas",
+          "protocolMapper": "cas-usermodel-property-mapper",
+          "consentRequired": false,
+          "config": {
+            "user.attribute": "firstName",
+            "claim.name": "givenName",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "6f1164c7-2b43-4957-a174-42e311dc2b2b",
+          "name": "email",
+          "protocol": "cas",
+          "protocolMapper": "cas-usermodel-property-mapper",
+          "consentRequired": false,
+          "config": {
+            "user.attribute": "email",
+            "claim.name": "mail",
+            "jsonType.label": "String"
+          }
+        }
+      ],
+      "defaultClientScopes": [
+        "web-origins",
+        "acr",
+        "roles",
+        "profile",
+        "email"
+      ],
+      "optionalClientScopes": [
+        "address",
+        "phone",
+        "offline_access",
+        "microprofile-jwt"
+      ]
+    },
+    {
+      "id": "d1f15fb9-2780-44b7-b673-317bde459ee3",
+      "clientId": "nine-realm",
+      "name": "Nine Realm",
+      "surrogateAuthRequired": false,
+      "enabled": true,
+      "alwaysDisplayInConsole": false,
+      "clientAuthenticatorType": "client-secret",
+      "redirectUris": [],
+      "webOrigins": [],
+      "notBefore": 0,
+      "bearerOnly": true,
+      "consentRequired": false,
+      "standardFlowEnabled": true,
+      "implicitFlowEnabled": false,
+      "directAccessGrantsEnabled": false,
+      "serviceAccountsEnabled": false,
+      "publicClient": false,
+      "frontchannelLogout": false,
+      "attributes": {},
+      "authenticationFlowBindingOverrides": {},
+      "fullScopeAllowed": false,
+      "nodeReRegistrationTimeout": 0,
+      "defaultClientScopes": [
+        "web-origins",
+        "acr",
+        "roles",
+        "profile",
+        "email"
+      ],
+      "optionalClientScopes": [
+        "address",
+        "phone",
+        "offline_access",
+        "microprofile-jwt"
+      ]
+    },
+    {
+      "id": "0369c3c4-5619-458d-9968-474ce7468e36",
+      "clientId": "nine",
+      "name": "",
+      "description": "",
+      "rootUrl": "https://nine.local",
+      "adminUrl": "https://nine.local",
+      "baseUrl": "https://nine.local",
+      "surrogateAuthRequired": false,
+      "enabled": true,
+      "alwaysDisplayInConsole": false,
+      "clientAuthenticatorType": "client-secret",
+      "redirectUris": [
+        "https://nine.local/*"
+      ],
+      "webOrigins": [],
+      "notBefore": 0,
+      "bearerOnly": false,
+      "consentRequired": false,
+      "standardFlowEnabled": true,
+      "implicitFlowEnabled": false,
+      "directAccessGrantsEnabled": true,
+      "serviceAccountsEnabled": false,
+      "publicClient": true,
+      "frontchannelLogout": true,
+      "protocol": "cas",
+      "attributes": {},
+      "authenticationFlowBindingOverrides": {},
+      "fullScopeAllowed": true,
+      "nodeReRegistrationTimeout": -1,
+      "protocolMappers": [
+        {
+          "id": "51dda658-3bda-4426-a2ac-4a4116d47c5b",
+          "name": "full name",
+          "protocol": "cas",
+          "protocolMapper": "cas-full-name-mapper",
+          "consentRequired": false,
+          "config": {
+            "claim.name": "cn",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "b0ef29ec-43e6-4de1-a32a-428b8cc9256f",
+          "name": "family name",
+          "protocol": "cas",
+          "protocolMapper": "cas-usermodel-property-mapper",
+          "consentRequired": false,
+          "config": {
+            "user.attribute": "lastName",
+            "claim.name": "sn",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "2513a533-dd8a-4ac9-a5e4-a112782747c2",
+          "name": "given name",
+          "protocol": "cas",
+          "protocolMapper": "cas-usermodel-property-mapper",
+          "consentRequired": false,
+          "config": {
+            "user.attribute": "firstName",
+            "claim.name": "givenName",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "53ade622-b842-40ab-9865-2d915edb33a9",
+          "name": "email",
+          "protocol": "cas",
+          "protocolMapper": "cas-usermodel-property-mapper",
+          "consentRequired": false,
+          "config": {
+            "user.attribute": "email",
+            "claim.name": "mail",
+            "jsonType.label": "String"
+          }
+        }
+      ],
+      "defaultClientScopes": [],
+      "optionalClientScopes": []
+    },
+    {
+      "id": "f2669799-582f-4b47-af83-3d6e038ab26f",
+      "clientId": "security-admin-console",
+      "name": "${client_security-admin-console}",
+      "rootUrl": "${authAdminUrl}",
+      "baseUrl": "/admin/nine/console/",
+      "surrogateAuthRequired": false,
+      "enabled": true,
+      "alwaysDisplayInConsole": false,
+      "clientAuthenticatorType": "client-secret",
+      "redirectUris": [
+        "/admin/nine/console/*"
+      ],
+      "webOrigins": [
+        "+"
+      ],
+      "notBefore": 0,
+      "bearerOnly": false,
+      "consentRequired": false,
+      "standardFlowEnabled": true,
+      "implicitFlowEnabled": false,
+      "directAccessGrantsEnabled": false,
+      "serviceAccountsEnabled": false,
+      "publicClient": true,
+      "frontchannelLogout": false,
+      "protocol": "openid-connect",
+      "attributes": {
+        "post.logout.redirect.uris": "+",
+        "pkce.code.challenge.method": "S256"
+      },
+      "authenticationFlowBindingOverrides": {},
+      "fullScopeAllowed": false,
+      "nodeReRegistrationTimeout": 0,
+      "protocolMappers": [
+        {
+          "id": "f82de958-ae41-4c7d-a083-6e2d50c5a7d7",
+          "name": "locale",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-usermodel-attribute-mapper",
+          "consentRequired": false,
+          "config": {
+            "introspection.token.claim": "true",
+            "userinfo.token.claim": "true",
+            "user.attribute": "locale",
+            "id.token.claim": "true",
+            "access.token.claim": "true",
+            "claim.name": "locale",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "a03ae4fe-184c-4d69-9406-d09c14679b75",
+          "name": "email",
+          "protocol": "cas",
+          "protocolMapper": "cas-usermodel-property-mapper",
+          "consentRequired": false,
+          "config": {
+            "user.attribute": "email",
+            "claim.name": "mail",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "a6df64fe-f3cb-4f4f-81fa-a07f97cc3f81",
+          "name": "family name",
+          "protocol": "cas",
+          "protocolMapper": "cas-usermodel-property-mapper",
+          "consentRequired": false,
+          "config": {
+            "user.attribute": "lastName",
+            "claim.name": "sn",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "1550aa6b-3498-4b21-9585-0744b340ab26",
+          "name": "given name",
+          "protocol": "cas",
+          "protocolMapper": "cas-usermodel-property-mapper",
+          "consentRequired": false,
+          "config": {
+            "user.attribute": "firstName",
+            "claim.name": "givenName",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "9c698b95-7793-43af-9fd4-6ea8d1e77f0f",
+          "name": "full name",
+          "protocol": "cas",
+          "protocolMapper": "cas-full-name-mapper",
+          "consentRequired": false,
+          "config": {
+            "claim.name": "cn",
+            "jsonType.label": "String"
+          }
+        }
+      ],
+      "defaultClientScopes": [
+        "web-origins",
+        "acr",
+        "roles",
+        "profile",
+        "email"
+      ],
+      "optionalClientScopes": [
+        "address",
+        "phone",
+        "offline_access",
+        "microprofile-jwt"
+      ]
+    }
+  ],
+  "clientScopes": [
+    {
+      "id": "44f5b9b0-613d-474b-a01f-4a0034dfcbf0",
+      "name": "address",
+      "description": "OpenID Connect built-in scope: address",
+      "protocol": "openid-connect",
+      "attributes": {
+        "include.in.token.scope": "true",
+        "display.on.consent.screen": "true",
+        "consent.screen.text": "${addressScopeConsentText}"
+      },
+      "protocolMappers": [
+        {
+          "id": "7fca379b-3748-448d-a3bc-b5594ba9a4d1",
+          "name": "address",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-address-mapper",
+          "consentRequired": false,
+          "config": {
+            "user.attribute.formatted": "formatted",
+            "user.attribute.country": "country",
+            "introspection.token.claim": "true",
+            "user.attribute.postal_code": "postal_code",
+            "userinfo.token.claim": "true",
+            "user.attribute.street": "street",
+            "id.token.claim": "true",
+            "user.attribute.region": "region",
+            "access.token.claim": "true",
+            "user.attribute.locality": "locality"
+          }
+        }
+      ]
+    },
+    {
+      "id": "f7c624a7-450e-4d80-9c79-7ffc13253ef1",
+      "name": "role_list",
+      "description": "SAML role list",
+      "protocol": "saml",
+      "attributes": {
+        "consent.screen.text": "${samlRoleListScopeConsentText}",
+        "display.on.consent.screen": "true"
+      },
+      "protocolMappers": [
+        {
+          "id": "0b0c0090-6428-4f0d-9b4e-aa16a95aca86",
+          "name": "role list",
+          "protocol": "saml",
+          "protocolMapper": "saml-role-list-mapper",
+          "consentRequired": false,
+          "config": {
+            "single": "false",
+            "attribute.nameformat": "Basic",
+            "attribute.name": "Role"
+          }
+        }
+      ]
+    },
+    {
+      "id": "1aecf9c9-4cfb-4d38-b2c7-b123c0b70f3c",
+      "name": "acr",
+      "description": "OpenID Connect scope for add acr (authentication context class reference) to the token",
+      "protocol": "openid-connect",
+      "attributes": {
+        "include.in.token.scope": "false",
+        "display.on.consent.screen": "false"
+      },
+      "protocolMappers": [
+        {
+          "id": "9b0fccab-e157-458a-b8ee-588f4e6749f7",
+          "name": "acr loa level",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-acr-mapper",
+          "consentRequired": false,
+          "config": {
+            "id.token.claim": "true",
+            "access.token.claim": "true",
+            "introspection.token.claim": "true"
+          }
+        }
+      ]
+    },
+    {
+      "id": "3f5c736b-6ee5-4b62-a8f3-9c5ce50c590b",
+      "name": "offline_access",
+      "description": "OpenID Connect built-in scope: offline_access",
+      "protocol": "openid-connect",
+      "attributes": {
+        "consent.screen.text": "${offlineAccessScopeConsentText}",
+        "display.on.consent.screen": "true"
+      }
+    },
+    {
+      "id": "108a7d33-774c-43e0-b53a-11bc47e370b1",
+      "name": "microprofile-jwt",
+      "description": "Microprofile - JWT built-in scope",
+      "protocol": "openid-connect",
+      "attributes": {
+        "include.in.token.scope": "true",
+        "display.on.consent.screen": "false"
+      },
+      "protocolMappers": [
+        {
+          "id": "08b725cb-24b7-40f8-84b2-06c1f603b6dd",
+          "name": "upn",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-usermodel-attribute-mapper",
+          "consentRequired": false,
+          "config": {
+            "introspection.token.claim": "true",
+            "userinfo.token.claim": "true",
+            "user.attribute": "username",
+            "id.token.claim": "true",
+            "access.token.claim": "true",
+            "claim.name": "upn",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "74767889-becd-41c1-9f73-a95696e3a50a",
+          "name": "groups",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-usermodel-realm-role-mapper",
+          "consentRequired": false,
+          "config": {
+            "introspection.token.claim": "true",
+            "multivalued": "true",
+            "user.attribute": "foo",
+            "id.token.claim": "true",
+            "access.token.claim": "true",
+            "claim.name": "groups",
+            "jsonType.label": "String"
+          }
+        }
+      ]
+    },
+    {
+      "id": "dbb54e59-442b-4ba7-a57e-a7bfa1a69639",
+      "name": "phone",
+      "description": "OpenID Connect built-in scope: phone",
+      "protocol": "openid-connect",
+      "attributes": {
+        "include.in.token.scope": "true",
+        "display.on.consent.screen": "true",
+        "consent.screen.text": "${phoneScopeConsentText}"
+      },
+      "protocolMappers": [
+        {
+          "id": "141307b6-f544-4952-aa08-bd25c5cbb064",
+          "name": "phone number verified",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-usermodel-attribute-mapper",
+          "consentRequired": false,
+          "config": {
+            "introspection.token.claim": "true",
+            "userinfo.token.claim": "true",
+            "user.attribute": "phoneNumberVerified",
+            "id.token.claim": "true",
+            "access.token.claim": "true",
+            "claim.name": "phone_number_verified",
+            "jsonType.label": "boolean"
+          }
+        },
+        {
+          "id": "2ba0989c-e084-4a1c-b61d-b16e8163075a",
+          "name": "phone number",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-usermodel-attribute-mapper",
+          "consentRequired": false,
+          "config": {
+            "introspection.token.claim": "true",
+            "userinfo.token.claim": "true",
+            "user.attribute": "phoneNumber",
+            "id.token.claim": "true",
+            "access.token.claim": "true",
+            "claim.name": "phone_number",
+            "jsonType.label": "String"
+          }
+        }
+      ]
+    },
+    {
+      "id": "a0bcda9b-a848-4b56-8e20-c04002a34275",
+      "name": "roles",
+      "description": "OpenID Connect scope for add user roles to the access token",
+      "protocol": "openid-connect",
+      "attributes": {
+        "include.in.token.scope": "false",
+        "display.on.consent.screen": "true",
+        "consent.screen.text": "${rolesScopeConsentText}"
+      },
+      "protocolMappers": [
+        {
+          "id": "4144f3eb-7963-4a18-a3dd-e269042ee8e5",
+          "name": "realm roles",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-usermodel-realm-role-mapper",
+          "consentRequired": false,
+          "config": {
+            "introspection.token.claim": "true",
+            "multivalued": "true",
+            "user.attribute": "foo",
+            "access.token.claim": "true",
+            "claim.name": "realm_access.roles",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "f94cef89-ceec-4644-b61b-08d13f8107ab",
+          "name": "audience resolve",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-audience-resolve-mapper",
+          "consentRequired": false,
+          "config": {
+            "access.token.claim": "true",
+            "introspection.token.claim": "true"
+          }
+        },
+        {
+          "id": "8bdd8757-4f3b-4e81-89af-84771ba5f27f",
+          "name": "client roles",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-usermodel-client-role-mapper",
+          "consentRequired": false,
+          "config": {
+            "introspection.token.claim": "true",
+            "multivalued": "true",
+            "user.attribute": "foo",
+            "access.token.claim": "true",
+            "claim.name": "resource_access.${client_id}.roles",
+            "jsonType.label": "String"
+          }
+        }
+      ]
+    },
+    {
+      "id": "30fc2b82-026a-4633-b44b-9aa00fad5dd2",
+      "name": "profile",
+      "description": "OpenID Connect built-in scope: profile",
+      "protocol": "openid-connect",
+      "attributes": {
+        "include.in.token.scope": "true",
+        "display.on.consent.screen": "true",
+        "consent.screen.text": "${profileScopeConsentText}"
+      },
+      "protocolMappers": [
+        {
+          "id": "70d3b52d-e817-4530-8f39-c78fd36dd2ec",
+          "name": "given name",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-usermodel-attribute-mapper",
+          "consentRequired": false,
+          "config": {
+            "introspection.token.claim": "true",
+            "userinfo.token.claim": "true",
+            "user.attribute": "firstName",
+            "id.token.claim": "true",
+            "access.token.claim": "true",
+            "claim.name": "given_name",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "3981e8a2-b98c-4b5b-a829-a6c7a78e78aa",
+          "name": "picture",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-usermodel-attribute-mapper",
+          "consentRequired": false,
+          "config": {
+            "introspection.token.claim": "true",
+            "userinfo.token.claim": "true",
+            "user.attribute": "picture",
+            "id.token.claim": "true",
+            "access.token.claim": "true",
+            "claim.name": "picture",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "b8ff8f12-b4ad-4824-b80e-3ed24d2cf0d5",
+          "name": "username",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-usermodel-attribute-mapper",
+          "consentRequired": false,
+          "config": {
+            "introspection.token.claim": "true",
+            "userinfo.token.claim": "true",
+            "user.attribute": "username",
+            "id.token.claim": "true",
+            "access.token.claim": "true",
+            "claim.name": "preferred_username",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "f57f5e63-76e6-49cd-a626-6a1719178bb6",
+          "name": "gender",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-usermodel-attribute-mapper",
+          "consentRequired": false,
+          "config": {
+            "introspection.token.claim": "true",
+            "userinfo.token.claim": "true",
+            "user.attribute": "gender",
+            "id.token.claim": "true",
+            "access.token.claim": "true",
+            "claim.name": "gender",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "93e59cd5-58da-4bc1-85bd-b3c30f22672c",
+          "name": "locale",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-usermodel-attribute-mapper",
+          "consentRequired": false,
+          "config": {
+            "introspection.token.claim": "true",
+            "userinfo.token.claim": "true",
+            "user.attribute": "locale",
+            "id.token.claim": "true",
+            "access.token.claim": "true",
+            "claim.name": "locale",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "3d5e9f25-6957-47a6-adf6-28dce56cde6c",
+          "name": "zoneinfo",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-usermodel-attribute-mapper",
+          "consentRequired": false,
+          "config": {
+            "introspection.token.claim": "true",
+            "userinfo.token.claim": "true",
+            "user.attribute": "zoneinfo",
+            "id.token.claim": "true",
+            "access.token.claim": "true",
+            "claim.name": "zoneinfo",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "b382c7d1-7eee-4116-a559-cc1b7995c02a",
+          "name": "website",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-usermodel-attribute-mapper",
+          "consentRequired": false,
+          "config": {
+            "introspection.token.claim": "true",
+            "userinfo.token.claim": "true",
+            "user.attribute": "website",
+            "id.token.claim": "true",
+            "access.token.claim": "true",
+            "claim.name": "website",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "b0f598b6-4423-4851-9340-af4b4ce2372c",
+          "name": "updated at",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-usermodel-attribute-mapper",
+          "consentRequired": false,
+          "config": {
+            "introspection.token.claim": "true",
+            "userinfo.token.claim": "true",
+            "user.attribute": "updatedAt",
+            "id.token.claim": "true",
+            "access.token.claim": "true",
+            "claim.name": "updated_at",
+            "jsonType.label": "long"
+          }
+        },
+        {
+          "id": "1b46128d-59cf-4784-919a-6b6d239a7cb3",
+          "name": "middle name",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-usermodel-attribute-mapper",
+          "consentRequired": false,
+          "config": {
+            "introspection.token.claim": "true",
+            "userinfo.token.claim": "true",
+            "user.attribute": "middleName",
+            "id.token.claim": "true",
+            "access.token.claim": "true",
+            "claim.name": "middle_name",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "3ecceb6a-19af-4dac-800d-02e1bf5e583c",
+          "name": "family name",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-usermodel-attribute-mapper",
+          "consentRequired": false,
+          "config": {
+            "introspection.token.claim": "true",
+            "userinfo.token.claim": "true",
+            "user.attribute": "lastName",
+            "id.token.claim": "true",
+            "access.token.claim": "true",
+            "claim.name": "family_name",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "731c33ad-e095-4773-ad96-6d7d15f6ca6a",
+          "name": "full name",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-full-name-mapper",
+          "consentRequired": false,
+          "config": {
+            "id.token.claim": "true",
+            "access.token.claim": "true",
+            "introspection.token.claim": "true",
+            "userinfo.token.claim": "true"
+          }
+        },
+        {
+          "id": "5644efe6-3b6f-4da6-9a24-1050e187373d",
+          "name": "birthdate",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-usermodel-attribute-mapper",
+          "consentRequired": false,
+          "config": {
+            "introspection.token.claim": "true",
+            "userinfo.token.claim": "true",
+            "user.attribute": "birthdate",
+            "id.token.claim": "true",
+            "access.token.claim": "true",
+            "claim.name": "birthdate",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "0b74b6fc-dd25-49c9-92b3-4c0c24c0f400",
+          "name": "nickname",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-usermodel-attribute-mapper",
+          "consentRequired": false,
+          "config": {
+            "introspection.token.claim": "true",
+            "userinfo.token.claim": "true",
+            "user.attribute": "nickname",
+            "id.token.claim": "true",
+            "access.token.claim": "true",
+            "claim.name": "nickname",
+            "jsonType.label": "String"
+          }
+        },
+        {
+          "id": "0da3ead5-e8da-44d4-b305-202250b8ba8e",
+          "name": "profile",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-usermodel-attribute-mapper",
+          "consentRequired": false,
+          "config": {
+            "introspection.token.claim": "true",
+            "userinfo.token.claim": "true",
+            "user.attribute": "profile",
+            "id.token.claim": "true",
+            "access.token.claim": "true",
+            "claim.name": "profile",
+            "jsonType.label": "String"
+          }
+        }
+      ]
+    },
+    {
+      "id": "472d994e-e8b6-488e-b0dd-c22683a7288a",
+      "name": "email",
+      "description": "OpenID Connect built-in scope: email",
+      "protocol": "openid-connect",
+      "attributes": {
+        "include.in.token.scope": "true",
+        "display.on.consent.screen": "true",
+        "consent.screen.text": "${emailScopeConsentText}"
+      },
+      "protocolMappers": [
+        {
+          "id": "94581337-8186-4eed-b4a7-15dde470a949",
+          "name": "email verified",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-usermodel-property-mapper",
+          "consentRequired": false,
+          "config": {
+            "introspection.token.claim": "true",
+            "userinfo.token.claim": "true",
+            "user.attribute": "emailVerified",
+            "id.token.claim": "true",
+            "access.token.claim": "true",
+            "claim.name": "email_verified",
+            "jsonType.label": "boolean"
+          }
+        },
+        {
+          "id": "789c447c-c5d4-41d1-bc57-f333fad86b3f",
+          "name": "email",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-usermodel-attribute-mapper",
+          "consentRequired": false,
+          "config": {
+            "introspection.token.claim": "true",
+            "userinfo.token.claim": "true",
+            "user.attribute": "email",
+            "id.token.claim": "true",
+            "access.token.claim": "true",
+            "claim.name": "email",
+            "jsonType.label": "String"
+          }
+        }
+      ]
+    },
+    {
+      "id": "f1befe1c-6a3d-4407-afce-bd5323b3617a",
+      "name": "web-origins",
+      "description": "OpenID Connect scope for add allowed web origins to the access token",
+      "protocol": "openid-connect",
+      "attributes": {
+        "include.in.token.scope": "false",
+        "display.on.consent.screen": "false",
+        "consent.screen.text": ""
+      },
+      "protocolMappers": [
+        {
+          "id": "9d42f847-50ea-4d25-b7c5-1390606a935d",
+          "name": "allowed web origins",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-allowed-origins-mapper",
+          "consentRequired": false,
+          "config": {
+            "access.token.claim": "true",
+            "introspection.token.claim": "true"
+          }
+        }
+      ]
+    }
+  ],
+  "defaultDefaultClientScopes": [
+    "acr",
+    "profile",
+    "email",
+    "roles",
+    "web-origins",
+    "role_list"
+  ],
+  "defaultOptionalClientScopes": [
+    "microprofile-jwt",
+    "offline_access",
+    "address",
+    "phone"
+  ],
+  "browserSecurityHeaders": {
+    "contentSecurityPolicyReportOnly": "",
+    "xContentTypeOptions": "nosniff",
+    "referrerPolicy": "no-referrer",
+    "xRobotsTag": "none",
+    "xFrameOptions": "SAMEORIGIN",
+    "xXSSProtection": "1; mode=block",
+    "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
+    "strictTransportSecurity": "max-age=31536000; includeSubDomains"
+  },
+  "smtpServer": {},
+  "eventsEnabled": false,
+  "eventsListeners": [
+    "jboss-logging"
+  ],
+  "enabledEventTypes": [],
+  "adminEventsEnabled": false,
+  "adminEventsDetailsEnabled": false,
+  "identityProviders": [],
+  "identityProviderMappers": [],
+  "components": {
+    "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [
+      {
+        "id": "23af680b-0b89-4857-b4f7-350b6c2e220d",
+        "name": "Full Scope Disabled",
+        "providerId": "scope",
+        "subType": "anonymous",
+        "subComponents": {},
+        "config": {}
+      },
+      {
+        "id": "cdc6000c-d869-49cf-952d-4da8f1d415fb",
+        "name": "Trusted Hosts",
+        "providerId": "trusted-hosts",
+        "subType": "anonymous",
+        "subComponents": {},
+        "config": {
+          "host-sending-registration-request-must-match": [
+            "true"
+          ],
+          "client-uris-must-match": [
+            "true"
+          ]
+        }
+      },
+      {
+        "id": "b5dc34f8-d83b-46e1-8937-f99477889e3d",
+        "name": "Allowed Protocol Mapper Types",
+        "providerId": "allowed-protocol-mappers",
+        "subType": "anonymous",
+        "subComponents": {},
+        "config": {
+          "allowed-protocol-mapper-types": [
+            "oidc-address-mapper",
+            "saml-user-attribute-mapper",
+            "oidc-usermodel-attribute-mapper",
+            "saml-user-property-mapper",
+            "saml-role-list-mapper",
+            "oidc-full-name-mapper",
+            "oidc-usermodel-property-mapper",
+            "oidc-sha256-pairwise-sub-mapper"
+          ]
+        }
+      },
+      {
+        "id": "70694b72-a05c-4333-b5a9-e999b8c94baf",
+        "name": "Max Clients Limit",
+        "providerId": "max-clients",
+        "subType": "anonymous",
+        "subComponents": {},
+        "config": {
+          "max-clients": [
+            "200"
+          ]
+        }
+      },
+      {
+        "id": "e744782e-3ad6-43e5-b833-492954f741f3",
+        "name": "Allowed Client Scopes",
+        "providerId": "allowed-client-templates",
+        "subType": "anonymous",
+        "subComponents": {},
+        "config": {
+          "allow-default-scopes": [
+            "true"
+          ]
+        }
+      },
+      {
+        "id": "f4f0c4a7-3c81-47bc-a1f7-e064ade250a0",
+        "name": "Consent Required",
+        "providerId": "consent-required",
+        "subType": "anonymous",
+        "subComponents": {},
+        "config": {}
+      },
+      {
+        "id": "a458c0dd-a4b1-4f81-a1a3-f96e1d6876e7",
+        "name": "Allowed Client Scopes",
+        "providerId": "allowed-client-templates",
+        "subType": "authenticated",
+        "subComponents": {},
+        "config": {
+          "allow-default-scopes": [
+            "true"
+          ]
+        }
+      },
+      {
+        "id": "4fe5808b-36cf-4d06-a450-f34ab07b1fc7",
+        "name": "Allowed Protocol Mapper Types",
+        "providerId": "allowed-protocol-mappers",
+        "subType": "authenticated",
+        "subComponents": {},
+        "config": {
+          "allowed-protocol-mapper-types": [
+            "saml-user-attribute-mapper",
+            "oidc-sha256-pairwise-sub-mapper",
+            "oidc-usermodel-property-mapper",
+            "oidc-address-mapper",
+            "oidc-full-name-mapper",
+            "saml-user-property-mapper",
+            "oidc-usermodel-attribute-mapper",
+            "saml-role-list-mapper"
+          ]
+        }
+      }
+    ],
+    "org.keycloak.storage.UserStorageProvider": [
+      {
+        "id": "ec9f5ff8-7e9f-4bc3-a497-40d2529f230c",
+        "name": "ldap",
+        "providerId": "ldap",
+        "subComponents": {
+          "org.keycloak.storage.ldap.mappers.LDAPStorageMapper": [
+            {
+              "id": "675c4ceb-ad7e-4ad1-9248-9bd1baff6c0e",
+              "name": "MSAD account controls",
+              "providerId": "msad-user-account-control-mapper",
+              "subComponents": {},
+              "config": {
+                "always.read.enabled.value.from.ldap": [
+                  "true"
+                ]
+              }
+            },
+            {
+              "id": "e5364a67-473c-4b4f-8a0e-b1b20f96b2cc",
+              "name": "username",
+              "providerId": "user-attribute-ldap-mapper",
+              "subComponents": {},
+              "config": {
+                "ldap.attribute": [
+                  "${LDAP_USERNAME}"
+                ],
+                "is.mandatory.in.ldap": [
+                  "true"
+                ],
+                "read.only": [
+                  "false"
+                ],
+                "always.read.value.from.ldap": [
+                  "false"
+                ],
+                "user.model.attribute": [
+                  "username"
+                ]
+              }
+            },
+            {
+              "id": "56f2e0ab-bb99-40b7-95ed-def5758724b0",
+              "name": "creation date",
+              "providerId": "user-attribute-ldap-mapper",
+              "subComponents": {},
+              "config": {
+                "ldap.attribute": [
+                  "whenCreated"
+                ],
+                "is.mandatory.in.ldap": [
+                  "false"
+                ],
+                "always.read.value.from.ldap": [
+                  "true"
+                ],
+                "read.only": [
+                  "true"
+                ],
+                "user.model.attribute": [
+                  "createTimestamp"
+                ]
+              }
+            },
+            {
+              "id": "a74b9186-df91-40c9-8862-74088daa11b4",
+              "name": "email",
+              "providerId": "user-attribute-ldap-mapper",
+              "subComponents": {},
+              "config": {
+                "ldap.attribute": [
+                  "${LDAP_EMAIL}"
+                ],
+                "is.mandatory.in.ldap": [
+                  "false"
+                ],
+                "read.only": [
+                  "false"
+                ],
+                "always.read.value.from.ldap": [
+                  "false"
+                ],
+                "user.model.attribute": [
+                  "email"
+                ]
+              }
+            },
+            {
+              "id": "6ea199ee-b4f8-4610-b52d-3fe8b24e731d",
+              "name": "modify date",
+              "providerId": "user-attribute-ldap-mapper",
+              "subComponents": {},
+              "config": {
+                "ldap.attribute": [
+                  "whenChanged"
+                ],
+                "is.mandatory.in.ldap": [
+                  "false"
+                ],
+                "always.read.value.from.ldap": [
+                  "true"
+                ],
+                "read.only": [
+                  "true"
+                ],
+                "user.model.attribute": [
+                  "modifyTimestamp"
+                ]
+              }
+            },
+            {
+              "id": "8ed3a4f0-3c65-48fb-8d4b-60ca8c256893",
+              "name": "last name",
+              "providerId": "user-attribute-ldap-mapper",
+              "subComponents": {},
+              "config": {
+                "ldap.attribute": [
+                  "${LDAP_LASTNAME}"
+                ],
+                "is.mandatory.in.ldap": [
+                  "true"
+                ],
+                "read.only": [
+                  "false"
+                ],
+                "always.read.value.from.ldap": [
+                  "true"
+                ],
+                "user.model.attribute": [
+                  "lastName"
+                ]
+              }
+            },
+            {
+              "id": "7993f193-0dd8-4901-8568-d19f5071be4c",
+              "name": "first name",
+              "providerId": "user-attribute-ldap-mapper",
+              "subComponents": {},
+              "config": {
+                "ldap.attribute": [
+                  "${LDAP_FIRSTNAME}"
+                ],
+                "is.mandatory.in.ldap": [
+                  "true"
+                ],
+                "read.only": [
+                  "false"
+                ],
+                "always.read.value.from.ldap": [
+                  "true"
+                ],
+                "user.model.attribute": [
+                  "firstName"
+                ]
+              }
+            }
+          ]
+        },
+        "config": {
+          "fullSyncPeriod": [
+            "-1"
+          ],
+          "pagination": [
+            "false"
+          ],
+          "startTls": [
+            "false"
+          ],
+          "connectionPooling": [
+            "false"
+          ],
+          "usersDn": [
+            "${LDAP_BASEUSER}"
+          ],
+          "cachePolicy": [
+            "DEFAULT"
+          ],
+          "useKerberosForPasswordAuthentication": [
+            "false"
+          ],
+          "importEnabled": [
+            "true"
+          ],
+          "enabled": [
+            "true"
+          ],
+          "usernameLDAPAttribute": [
+            "${LDAP_USERNAME}"
+          ],
+          "bindDn": [
+            "${LDAP_USER}"
+          ],
+          "bindCredential": [
+            "${LDAP_PASSWORD}"
+          ],
+          "changedSyncPeriod": [
+            "-1"
+          ],
+          "vendor": [
+            "ad"
+          ],
+          "uuidLDAPAttribute": [
+            "${LDAP_USERNAME}"
+          ],
+          "allowKerberosAuthentication": [
+            "false"
+          ],
+          "connectionUrl": [
+            "ldap://${LDAP_HOST}:${LDAP_PORT}"
+          ],
+          "syncRegistrations": [
+            "true"
+          ],
+          "authType": [
+            "simple"
+          ],
+          "krbPrincipalAttribute": [
+            "userPrincipalName"
+          ],
+          "customUserSearchFilter": [
+            ""
+          ],
+          "searchScope": [
+            "2"
+          ],
+          "useTruststoreSpi": [
+            "always"
+          ],
+          "usePasswordModifyExtendedOp": [
+            "false"
+          ],
+          "trustEmail": [
+            "false"
+          ],
+          "userObjectClasses": [
+            "person, organizationalPerson"
+          ],
+          "rdnLDAPAttribute": [
+            "${LDAP_USERNAME}"
+          ],
+          "editMode": [
+            "READ_ONLY"
+          ],
+          "validatePasswordPolicy": [
+            "false"
+          ]
+        }
+      }
+    ],
+    "org.keycloak.userprofile.UserProfileProvider": [
+      {
+        "id": "1a37be47-9d7f-4a11-9164-aec609d02ca5",
+        "providerId": "declarative-user-profile",
+        "subComponents": {},
+        "config": {
+          "kc.user.profile.config": [
+            "{\"attributes\":[{\"name\":\"username\",\"displayName\":\"${username}\",\"validations\":{\"length\":{\"min\":3,\"max\":255},\"username-prohibited-characters\":{},\"up-username-not-idn-homograph\":{}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"email\",\"displayName\":\"${email}\",\"validations\":{\"email\":{},\"length\":{\"max\":255}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"firstName\",\"displayName\":\"${firstName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"lastName\",\"displayName\":\"${lastName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false}],\"groups\":[{\"name\":\"user-metadata\",\"displayHeader\":\"User metadata\",\"displayDescription\":\"Attributes, which refer to user metadata\"}]}"
+          ]
+        }
+      }
+    ],
+    "org.keycloak.keys.KeyProvider": [
+      {
+        "id": "6081048e-5704-4c3b-857d-9e07abde9899",
+        "name": "rsa-generated",
+        "providerId": "rsa-generated",
+        "subComponents": {},
+        "config": {
+          "priority": [
+            "100"
+          ]
+        }
+      },
+      {
+        "id": "2f926d8a-0ead-4a97-a067-2cf87fa21e40",
+        "name": "hmac-generated-hs512",
+        "providerId": "hmac-generated",
+        "subComponents": {},
+        "config": {
+          "priority": [
+            "100"
+          ],
+          "algorithm": [
+            "HS512"
+          ]
+        }
+      },
+      {
+        "id": "4e12d30a-0ddd-4723-a1b9-3aa8a0bee122",
+        "name": "rsa-enc-generated",
+        "providerId": "rsa-enc-generated",
+        "subComponents": {},
+        "config": {
+          "priority": [
+            "100"
+          ],
+          "algorithm": [
+            "RSA-OAEP"
+          ]
+        }
+      },
+      {
+        "id": "31d61106-da3a-42c4-b6b3-b683352ebb0f",
+        "name": "aes-generated",
+        "providerId": "aes-generated",
+        "subComponents": {},
+        "config": {
+          "priority": [
+            "100"
+          ]
+        }
+      }
+    ]
+  },
+  "internationalizationEnabled": false,
+  "supportedLocales": [],
+  "authenticationFlows": [
+    {
+      "id": "6f96a656-96bf-4dfb-ae4c-5a8f0b8b8dbd",
+      "alias": "Account verification options",
+      "description": "Method with which to verity the existing account",
+      "providerId": "basic-flow",
+      "topLevel": false,
+      "builtIn": true,
+      "authenticationExecutions": [
+        {
+          "authenticator": "idp-email-verification",
+          "authenticatorFlow": false,
+          "requirement": "ALTERNATIVE",
+          "priority": 10,
+          "autheticatorFlow": false,
+          "userSetupAllowed": false
+        },
+        {
+          "authenticatorFlow": true,
+          "requirement": "ALTERNATIVE",
+          "priority": 20,
+          "autheticatorFlow": true,
+          "flowAlias": "Verify Existing Account by Re-authentication",
+          "userSetupAllowed": false
+        }
+      ]
+    },
+    {
+      "id": "263ef5c8-371f-497a-849d-71e99baa0e69",
+      "alias": "Browser - Conditional OTP",
+      "description": "Flow to determine if the OTP is required for the authentication",
+      "providerId": "basic-flow",
+      "topLevel": false,
+      "builtIn": true,
+      "authenticationExecutions": [
+        {
+          "authenticator": "conditional-user-configured",
+          "authenticatorFlow": false,
+          "requirement": "REQUIRED",
+          "priority": 10,
+          "autheticatorFlow": false,
+          "userSetupAllowed": false
+        },
+        {
+          "authenticator": "auth-otp-form",
+          "authenticatorFlow": false,
+          "requirement": "REQUIRED",
+          "priority": 20,
+          "autheticatorFlow": false,
+          "userSetupAllowed": false
+        }
+      ]
+    },
+    {
+      "id": "bb77c574-7c8a-4b03-9621-a459eb698ab8",
+      "alias": "Direct Grant - Conditional OTP",
+      "description": "Flow to determine if the OTP is required for the authentication",
+      "providerId": "basic-flow",
+      "topLevel": false,
+      "builtIn": true,
+      "authenticationExecutions": [
+        {
+          "authenticator": "conditional-user-configured",
+          "authenticatorFlow": false,
+          "requirement": "REQUIRED",
+          "priority": 10,
+          "autheticatorFlow": false,
+          "userSetupAllowed": false
+        },
+        {
+          "authenticator": "direct-grant-validate-otp",
+          "authenticatorFlow": false,
+          "requirement": "REQUIRED",
+          "priority": 20,
+          "autheticatorFlow": false,
+          "userSetupAllowed": false
+        }
+      ]
+    },
+    {
+      "id": "79e04092-ee16-4d4a-9f46-6d6fa7c3a2b2",
+      "alias": "First broker login - Conditional OTP",
+      "description": "Flow to determine if the OTP is required for the authentication",
+      "providerId": "basic-flow",
+      "topLevel": false,
+      "builtIn": true,
+      "authenticationExecutions": [
+        {
+          "authenticator": "conditional-user-configured",
+          "authenticatorFlow": false,
+          "requirement": "REQUIRED",
+          "priority": 10,
+          "autheticatorFlow": false,
+          "userSetupAllowed": false
+        },
+        {
+          "authenticator": "auth-otp-form",
+          "authenticatorFlow": false,
+          "requirement": "REQUIRED",
+          "priority": 20,
+          "autheticatorFlow": false,
+          "userSetupAllowed": false
+        }
+      ]
+    },
+    {
+      "id": "20994506-5361-4b3a-bcbf-80df6479540e",
+      "alias": "Handle Existing Account",
+      "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider",
+      "providerId": "basic-flow",
+      "topLevel": false,
+      "builtIn": true,
+      "authenticationExecutions": [
+        {
+          "authenticator": "idp-confirm-link",
+          "authenticatorFlow": false,
+          "requirement": "REQUIRED",
+          "priority": 10,
+          "autheticatorFlow": false,
+          "userSetupAllowed": false
+        },
+        {
+          "authenticatorFlow": true,
+          "requirement": "REQUIRED",
+          "priority": 20,
+          "autheticatorFlow": true,
+          "flowAlias": "Account verification options",
+          "userSetupAllowed": false
+        }
+      ]
+    },
+    {
+      "id": "80bdca65-5877-4f59-87db-4f3b5f9822c3",
+      "alias": "Reset - Conditional OTP",
+      "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.",
+      "providerId": "basic-flow",
+      "topLevel": false,
+      "builtIn": true,
+      "authenticationExecutions": [
+        {
+          "authenticator": "conditional-user-configured",
+          "authenticatorFlow": false,
+          "requirement": "REQUIRED",
+          "priority": 10,
+          "autheticatorFlow": false,
+          "userSetupAllowed": false
+        },
+        {
+          "authenticator": "reset-otp",
+          "authenticatorFlow": false,
+          "requirement": "REQUIRED",
+          "priority": 20,
+          "autheticatorFlow": false,
+          "userSetupAllowed": false
+        }
+      ]
+    },
+    {
+      "id": "196de53d-9fdb-43c6-877b-6e51916a5cb7",
+      "alias": "User creation or linking",
+      "description": "Flow for the existing/non-existing user alternatives",
+      "providerId": "basic-flow",
+      "topLevel": false,
+      "builtIn": true,
+      "authenticationExecutions": [
+        {
+          "authenticatorConfig": "create unique user config",
+          "authenticator": "idp-create-user-if-unique",
+          "authenticatorFlow": false,
+          "requirement": "ALTERNATIVE",
+          "priority": 10,
+          "autheticatorFlow": false,
+          "userSetupAllowed": false
+        },
+        {
+          "authenticatorFlow": true,
+          "requirement": "ALTERNATIVE",
+          "priority": 20,
+          "autheticatorFlow": true,
+          "flowAlias": "Handle Existing Account",
+          "userSetupAllowed": false
+        }
+      ]
+    },
+    {
+      "id": "3b58dbe7-a052-4312-b45b-63e9c3d47a23",
+      "alias": "Verify Existing Account by Re-authentication",
+      "description": "Reauthentication of existing account",
+      "providerId": "basic-flow",
+      "topLevel": false,
+      "builtIn": true,
+      "authenticationExecutions": [
+        {
+          "authenticator": "idp-username-password-form",
+          "authenticatorFlow": false,
+          "requirement": "REQUIRED",
+          "priority": 10,
+          "autheticatorFlow": false,
+          "userSetupAllowed": false
+        },
+        {
+          "authenticatorFlow": true,
+          "requirement": "CONDITIONAL",
+          "priority": 20,
+          "autheticatorFlow": true,
+          "flowAlias": "First broker login - Conditional OTP",
+          "userSetupAllowed": false
+        }
+      ]
+    },
+    {
+      "id": "f93f00c3-a0cf-4ad7-bba2-e09cb1c3427f",
+      "alias": "browser",
+      "description": "browser based authentication",
+      "providerId": "basic-flow",
+      "topLevel": true,
+      "builtIn": true,
+      "authenticationExecutions": [
+        {
+          "authenticator": "auth-cookie",
+          "authenticatorFlow": false,
+          "requirement": "ALTERNATIVE",
+          "priority": 10,
+          "autheticatorFlow": false,
+          "userSetupAllowed": false
+        },
+        {
+          "authenticator": "auth-spnego",
+          "authenticatorFlow": false,
+          "requirement": "DISABLED",
+          "priority": 20,
+          "autheticatorFlow": false,
+          "userSetupAllowed": false
+        },
+        {
+          "authenticator": "identity-provider-redirector",
+          "authenticatorFlow": false,
+          "requirement": "ALTERNATIVE",
+          "priority": 25,
+          "autheticatorFlow": false,
+          "userSetupAllowed": false
+        },
+        {
+          "authenticatorFlow": true,
+          "requirement": "ALTERNATIVE",
+          "priority": 30,
+          "autheticatorFlow": true,
+          "flowAlias": "forms",
+          "userSetupAllowed": false
+        }
+      ]
+    },
+    {
+      "id": "6fb1b243-94c1-49c8-9804-76f6120c509b",
+      "alias": "clients",
+      "description": "Base authentication for clients",
+      "providerId": "client-flow",
+      "topLevel": true,
+      "builtIn": true,
+      "authenticationExecutions": [
+        {
+          "authenticator": "client-secret",
+          "authenticatorFlow": false,
+          "requirement": "ALTERNATIVE",
+          "priority": 10,
+          "autheticatorFlow": false,
+          "userSetupAllowed": false
+        },
+        {
+          "authenticator": "client-jwt",
+          "authenticatorFlow": false,
+          "requirement": "ALTERNATIVE",
+          "priority": 20,
+          "autheticatorFlow": false,
+          "userSetupAllowed": false
+        },
+        {
+          "authenticator": "client-secret-jwt",
+          "authenticatorFlow": false,
+          "requirement": "ALTERNATIVE",
+          "priority": 30,
+          "autheticatorFlow": false,
+          "userSetupAllowed": false
+        },
+        {
+          "authenticator": "client-x509",
+          "authenticatorFlow": false,
+          "requirement": "ALTERNATIVE",
+          "priority": 40,
+          "autheticatorFlow": false,
+          "userSetupAllowed": false
+        }
+      ]
+    },
+    {
+      "id": "71daf21d-4a0d-49cf-a599-6aedb9d5e6a6",
+      "alias": "direct grant",
+      "description": "OpenID Connect Resource Owner Grant",
+      "providerId": "basic-flow",
+      "topLevel": true,
+      "builtIn": true,
+      "authenticationExecutions": [
+        {
+          "authenticator": "direct-grant-validate-username",
+          "authenticatorFlow": false,
+          "requirement": "REQUIRED",
+          "priority": 10,
+          "autheticatorFlow": false,
+          "userSetupAllowed": false
+        },
+        {
+          "authenticator": "direct-grant-validate-password",
+          "authenticatorFlow": false,
+          "requirement": "REQUIRED",
+          "priority": 20,
+          "autheticatorFlow": false,
+          "userSetupAllowed": false
+        },
+        {
+          "authenticatorFlow": true,
+          "requirement": "CONDITIONAL",
+          "priority": 30,
+          "autheticatorFlow": true,
+          "flowAlias": "Direct Grant - Conditional OTP",
+          "userSetupAllowed": false
+        }
+      ]
+    },
+    {
+      "id": "8cd7b199-c099-42a5-b7aa-bebfd443e713",
+      "alias": "docker auth",
+      "description": "Used by Docker clients to authenticate against the IDP",
+      "providerId": "basic-flow",
+      "topLevel": true,
+      "builtIn": true,
+      "authenticationExecutions": [
+        {
+          "authenticator": "docker-http-basic-authenticator",
+          "authenticatorFlow": false,
+          "requirement": "REQUIRED",
+          "priority": 10,
+          "autheticatorFlow": false,
+          "userSetupAllowed": false
+        }
+      ]
+    },
+    {
+      "id": "82d55b45-138b-44ac-a6f4-98e375a64e55",
+      "alias": "first broker login",
+      "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
+      "providerId": "basic-flow",
+      "topLevel": true,
+      "builtIn": true,
+      "authenticationExecutions": [
+        {
+          "authenticatorConfig": "review profile config",
+          "authenticator": "idp-review-profile",
+          "authenticatorFlow": false,
+          "requirement": "REQUIRED",
+          "priority": 10,
+          "autheticatorFlow": false,
+          "userSetupAllowed": false
+        },
+        {
+          "authenticatorFlow": true,
+          "requirement": "REQUIRED",
+          "priority": 20,
+          "autheticatorFlow": true,
+          "flowAlias": "User creation or linking",
+          "userSetupAllowed": false
+        }
+      ]
+    },
+    {
+      "id": "ef13a8d2-0127-4dcd-825e-92a7ac61dbff",
+      "alias": "forms",
+      "description": "Username, password, otp and other auth forms.",
+      "providerId": "basic-flow",
+      "topLevel": false,
+      "builtIn": true,
+      "authenticationExecutions": [
+        {
+          "authenticator": "auth-username-password-form",
+          "authenticatorFlow": false,
+          "requirement": "REQUIRED",
+          "priority": 10,
+          "autheticatorFlow": false,
+          "userSetupAllowed": false
+        },
+        {
+          "authenticatorFlow": true,
+          "requirement": "CONDITIONAL",
+          "priority": 20,
+          "autheticatorFlow": true,
+          "flowAlias": "Browser - Conditional OTP",
+          "userSetupAllowed": false
+        }
+      ]
+    },
+    {
+      "id": "ecfe5882-7d96-4872-a818-3e5b3aa562b1",
+      "alias": "registration",
+      "description": "registration flow",
+      "providerId": "basic-flow",
+      "topLevel": true,
+      "builtIn": true,
+      "authenticationExecutions": [
+        {
+          "authenticator": "registration-page-form",
+          "authenticatorFlow": true,
+          "requirement": "REQUIRED",
+          "priority": 10,
+          "autheticatorFlow": true,
+          "flowAlias": "registration form",
+          "userSetupAllowed": false
+        }
+      ]
+    },
+    {
+      "id": "40a98efb-f838-41a8-834d-48bc7d298ea7",
+      "alias": "registration form",
+      "description": "registration form",
+      "providerId": "form-flow",
+      "topLevel": false,
+      "builtIn": true,
+      "authenticationExecutions": [
+        {
+          "authenticator": "registration-user-creation",
+          "authenticatorFlow": false,
+          "requirement": "REQUIRED",
+          "priority": 20,
+          "autheticatorFlow": false,
+          "userSetupAllowed": false
+        },
+        {
+          "authenticator": "registration-password-action",
+          "authenticatorFlow": false,
+          "requirement": "REQUIRED",
+          "priority": 50,
+          "autheticatorFlow": false,
+          "userSetupAllowed": false
+        },
+        {
+          "authenticator": "registration-recaptcha-action",
+          "authenticatorFlow": false,
+          "requirement": "DISABLED",
+          "priority": 60,
+          "autheticatorFlow": false,
+          "userSetupAllowed": false
+        },
+        {
+          "authenticator": "registration-terms-and-conditions",
+          "authenticatorFlow": false,
+          "requirement": "DISABLED",
+          "priority": 70,
+          "autheticatorFlow": false,
+          "userSetupAllowed": false
+        }
+      ]
+    },
+    {
+      "id": "8afc69e8-84b3-40f9-b448-2dc69c8c79ca",
+      "alias": "reset credentials",
+      "description": "Reset credentials for a user if they forgot their password or something",
+      "providerId": "basic-flow",
+      "topLevel": true,
+      "builtIn": true,
+      "authenticationExecutions": [
+        {
+          "authenticator": "reset-credentials-choose-user",
+          "authenticatorFlow": false,
+          "requirement": "REQUIRED",
+          "priority": 10,
+          "autheticatorFlow": false,
+          "userSetupAllowed": false
+        },
+        {
+          "authenticator": "reset-credential-email",
+          "authenticatorFlow": false,
+          "requirement": "REQUIRED",
+          "priority": 20,
+          "autheticatorFlow": false,
+          "userSetupAllowed": false
+        },
+        {
+          "authenticator": "reset-password",
+          "authenticatorFlow": false,
+          "requirement": "REQUIRED",
+          "priority": 30,
+          "autheticatorFlow": false,
+          "userSetupAllowed": false
+        },
+        {
+          "authenticatorFlow": true,
+          "requirement": "CONDITIONAL",
+          "priority": 40,
+          "autheticatorFlow": true,
+          "flowAlias": "Reset - Conditional OTP",
+          "userSetupAllowed": false
+        }
+      ]
+    },
+    {
+      "id": "d46af357-91e5-49bc-af7d-dd3e072caeca",
+      "alias": "saml ecp",
+      "description": "SAML ECP Profile Authentication Flow",
+      "providerId": "basic-flow",
+      "topLevel": true,
+      "builtIn": true,
+      "authenticationExecutions": [
+        {
+          "authenticator": "http-basic-authenticator",
+          "authenticatorFlow": false,
+          "requirement": "REQUIRED",
+          "priority": 10,
+          "autheticatorFlow": false,
+          "userSetupAllowed": false
+        }
+      ]
+    }
+  ],
+  "authenticatorConfig": [
+    {
+      "id": "1f02ebfc-cf2f-4ac0-9049-ce4227816999",
+      "alias": "create unique user config",
+      "config": {
+        "require.password.update.after.registration": "false"
+      }
+    },
+    {
+      "id": "6aa3b20f-9a1e-4e98-976e-ee941e638032",
+      "alias": "review profile config",
+      "config": {
+        "update.profile.on.first.login": "missing"
+      }
+    }
+  ],
+  "requiredActions": [
+    {
+      "alias": "CONFIGURE_TOTP",
+      "name": "Configure OTP",
+      "providerId": "CONFIGURE_TOTP",
+      "enabled": true,
+      "defaultAction": false,
+      "priority": 10,
+      "config": {}
+    },
+    {
+      "alias": "TERMS_AND_CONDITIONS",
+      "name": "Terms and Conditions",
+      "providerId": "TERMS_AND_CONDITIONS",
+      "enabled": false,
+      "defaultAction": false,
+      "priority": 20,
+      "config": {}
+    },
+    {
+      "alias": "UPDATE_PASSWORD",
+      "name": "Update Password",
+      "providerId": "UPDATE_PASSWORD",
+      "enabled": true,
+      "defaultAction": false,
+      "priority": 30,
+      "config": {}
+    },
+    {
+      "alias": "UPDATE_PROFILE",
+      "name": "Update Profile",
+      "providerId": "UPDATE_PROFILE",
+      "enabled": true,
+      "defaultAction": false,
+      "priority": 40,
+      "config": {}
+    },
+    {
+      "alias": "VERIFY_EMAIL",
+      "name": "Verify Email",
+      "providerId": "VERIFY_EMAIL",
+      "enabled": true,
+      "defaultAction": false,
+      "priority": 50,
+      "config": {}
+    },
+    {
+      "alias": "delete_account",
+      "name": "Delete Account",
+      "providerId": "delete_account",
+      "enabled": false,
+      "defaultAction": false,
+      "priority": 60,
+      "config": {}
+    },
+    {
+      "alias": "webauthn-register",
+      "name": "Webauthn Register",
+      "providerId": "webauthn-register",
+      "enabled": true,
+      "defaultAction": false,
+      "priority": 70,
+      "config": {}
+    },
+    {
+      "alias": "webauthn-register-passwordless",
+      "name": "Webauthn Register Passwordless",
+      "providerId": "webauthn-register-passwordless",
+      "enabled": true,
+      "defaultAction": false,
+      "priority": 80,
+      "config": {}
+    },
+    {
+      "alias": "VERIFY_PROFILE",
+      "name": "Verify Profile",
+      "providerId": "VERIFY_PROFILE",
+      "enabled": true,
+      "defaultAction": false,
+      "priority": 90,
+      "config": {}
+    },
+    {
+      "alias": "delete_credential",
+      "name": "Delete Credential",
+      "providerId": "delete_credential",
+      "enabled": true,
+      "defaultAction": false,
+      "priority": 100,
+      "config": {}
+    },
+    {
+      "alias": "update_user_locale",
+      "name": "Update User Locale",
+      "providerId": "update_user_locale",
+      "enabled": true,
+      "defaultAction": false,
+      "priority": 1000,
+      "config": {}
+    }
+  ],
+  "browserFlow": "browser",
+  "registrationFlow": "registration",
+  "directGrantFlow": "direct grant",
+  "resetCredentialsFlow": "reset credentials",
+  "clientAuthenticationFlow": "clients",
+  "dockerAuthenticationFlow": "docker auth",
+  "firstBrokerLoginFlow": "first broker login",
+  "attributes": {
+    "cibaBackchannelTokenDeliveryMode": "poll",
+    "cibaExpiresIn": "120",
+    "cibaAuthRequestedUserHint": "login_hint",
+    "parRequestUriLifespan": "60",
+    "cibaInterval": "5",
+    "realmReusableOtpCode": "false"
+  },
+  "keycloakVersion": "24.0.5",
+  "userManagedAccessAllowed": false,
+  "clientProfiles": {
+    "profiles": []
+  },
+  "clientPolicies": {
+    "policies": []
+  }
+}

services/40-keycloak/volume/nine/realm-export.json

@@ -1,8 +1,8 @@
 {
-  "id": "nine",
+  "id": "envole",
-  "realm": "nine",
+  "realm": "envole",
   "displayName": "Keycloak",
-  "displayNameHtml": "<div class=\"kc-logo-text\"><span>Nine</span></div>",
+  "displayNameHtml": "<div class=\"kc-logo-text\"><span>Envole</span></div>",
   "notBefore": 0,
   "defaultSignatureAlgorithm": "RS256",
   "revokeRefreshToken": false,
@@ -51,7 +51,7 @@
     "description": "${role_default-roles}",
     "composite": true,
     "clientRole": false,
-    "containerId": "nine"
+    "containerId": "envole"
   },
   "requiredCredentials": [
     "password"
@@ -114,13 +114,13 @@
       "clientId": "account",
       "name": "${client_account}",
       "rootUrl": "${authBaseUrl}",
-      "baseUrl": "/realms/nine/account/",
+      "baseUrl": "/realms/envole/account/",
       "surrogateAuthRequired": false,
       "enabled": true,
       "alwaysDisplayInConsole": false,
       "clientAuthenticatorType": "client-secret",
       "redirectUris": [
-        "/realms/nine/account/*"
+        "/realms/envole/account/*"
       ],
       "webOrigins": [],
       "notBefore": 0,
@@ -194,13 +194,13 @@
       "clientId": "account-console",
       "name": "${client_account-console}",
       "rootUrl": "${authBaseUrl}",
-      "baseUrl": "/realms/nine/account/",
+      "baseUrl": "/realms/envole/account/",
       "surrogateAuthRequired": false,
       "enabled": true,
       "alwaysDisplayInConsole": false,
       "clientAuthenticatorType": "client-secret",
       "redirectUris": [
-        "/realms/nine/account/*"
+        "/realms/envole/account/*"
       ],
       "webOrigins": [],
       "notBefore": 0,
@@ -433,18 +433,18 @@
     },
     {
       "id": "133d3397-41e7-4ec1-aaf0-a0939da72f58",
-      "clientId": "nine",
+      "clientId": "envole",
-      "name": "nine",
+      "name": "envole",
-      "rootUrl": "https://nine.local",
+      "rootUrl": "https://envole.local",
-      "baseUrl": "https://nine.local",
+      "baseUrl": "https://envole.local",
       "surrogateAuthRequired": false,
       "enabled": true,
       "alwaysDisplayInConsole": false,
       "clientAuthenticatorType": "client-secret",
       "secret": "**********",
       "redirectUris": [
-        "http://nine.local*",
+        "http://envole.local*",
-        "https://nine.local*"
+        "https://envole.local*"
       ],
       "webOrigins": [],
       "notBefore": 0,
@@ -535,7 +535,7 @@
         }
       ],
       "defaultClientScopes": [
-        "nine"
+        "envole"
       ],
       "optionalClientScopes": []
     },
@@ -620,13 +620,13 @@
       "clientId": "security-admin-console",
       "name": "${client_security-admin-console}",
       "rootUrl": "${authAdminUrl}",
-      "baseUrl": "/admin/nine/console/",
+      "baseUrl": "/admin/envole/console/",
       "surrogateAuthRequired": false,
       "enabled": true,
       "alwaysDisplayInConsole": false,
       "clientAuthenticatorType": "client-secret",
       "redirectUris": [
-        "/admin/nine/console/*"
+        "/admin/envole/console/*"
       ],
       "webOrigins": [
         "+"
@@ -1192,7 +1192,7 @@
     },
     {
       "id": "238cdd25-3e87-45cf-badf-89033829a1af",
-      "name": "nine",
+      "name": "envole",
       "protocol": "cas",
       "attributes": {
         "include.in.token.scope": "true",
@@ -1594,7 +1594,7 @@
             "true"
           ],
           "usersDn": [
-            "ou=users,ou=ninegate,dc=nine,dc=org"
+            "ou=users,ou=ninegate,dc=envole,dc=org"
           ],
           "cachePolicy": [
             "DEFAULT"
@@ -1618,7 +1618,7 @@
             "-1"
           ],
           "bindDn": [
-            "cn=admin,dc=nine,dc=org"
+            "cn=admin,dc=envole,dc=org"
           ],
           "lastSync": [
             "1698698495"

services/50-dokuwiki/dockercompose/dockercompose.yml

@@ -1,4 +1,4 @@
-
+services:
   # Dokuwiki
   # Wiki
   # Port interne 80

services/50-nextcloud/dockercompose/dockercompose.yml

@@ -1,4 +1,4 @@
-
+services:
   # Nextcloud
   # Hébergement de fichiers et une plateforme de collaboration
   # Port interne 80

services/50-nextcloud/volume/nine/app/user_cas/appinfo/info.xml

@@ -30,7 +30,7 @@
 
     <dependencies>
         <owncloud min-version="10.0" max-version="10.10"/>
-        <nextcloud min-version="14" max-version="27.1"/>
+        <nextcloud min-version="14" max-version="27.2"/>
     </dependencies>
 
     <commands>

services/50-nextcloud/volume/nine/app/user_cas/lib/Controller/AuthenticationController.php

@@ -123,7 +123,7 @@ class AuthenticationController extends Controller
 
                 $this->loggingService->write(\OCA\UserCas\Service\LoggingService::FATAL, 'Fatal error with code: ' . $e->getCode() . ' and message: ' . $e->getMessage());
 
-                header("Location: " . $this->appService->getAbsoluteURL('/'));
+                header("Location: " . this->getServiceBasedUrl());
                 die();
             }
         }
@@ -217,7 +217,7 @@ class AuthenticationController extends Controller
 
                 $this->loggingService->write(\OCA\UserCas\Service\LoggingService::FATAL, 'Fatal error with code: ' . $e->getCode() . ' and message: ' . $e->getMessage());
 
-                header("Location: " . $this->appService->getAbsoluteURL('/'));
+                header("Location: " . this->getServiceBasedUrl());
                 die();
             }
         }
@@ -278,19 +278,26 @@ class AuthenticationController extends Controller
 
             $newProtocol = 'http://';
 
-            if (intval($this->config->getAppValue($this->appName, 'cas_server_port')) === 443) {
-
-                $newProtocol = 'https://';
-            }
 
             $params['backUrl'] = $newProtocol . $this->config->getAppValue($this->appName, 'cas_server_hostname') . $this->config->getAppValue($this->appName, 'cas_server_path');
         } else {*/
 
-            $params['backUrl'] = $this->appService->getAbsoluteURL('/');
+
+        $params['backUrl'] = this->getServiceBasedUrl();
         //}
 
         $response = new TemplateResponse($this->appName, 'cas-error', $params, 'guest');
 
         return $response;
     }
+
+    private function getServiceBasedUrl(): string {
+        $overwrite = \OC::$server->getConfig()->getSystemValue('overwrite.cli.url');
+        if($overwrite) return $overwrite;
+        
+        $httpProtocol = \OC::$server->getConfig()->getSystemValue('protocol');
+        $currentUrl = $_SERVER['SERVER_NAME'];
+
+        return $httpProtocol . $currentUrl;
+    }    
 }

services/50-nextcloud/volume/nine/app/user_cas/lib/Hooks/UserHooks.php

@@ -406,7 +406,7 @@ class UserHooks
             # Reset cookie
             setcookie("user_cas_redirect_url", '/', 0, '/');
 
-            \phpCAS::logout(array("service" => $this->appService->getAbsoluteURL('/')));
+            \phpCAS::logout(array("service" => $this->getServiceBasedUrl()));
 
         } else {
 
@@ -445,4 +445,14 @@ class UserHooks
 
         return $attributes;
     }
+
+    private function getServiceBasedUrl(): string {
+        $overwrite = \OC::$server->getConfig()->getSystemValue('overwrite.cli.url');
+        if($overwrite) return $overwrite;
+        
+        $httpProtocol = \OC::$server->getConfig()->getSystemValue('protocol');
+        $currentUrl = $_SERVER['SERVER_NAME'];
+
+        return $httpProtocol . $currentUrl;
+    }    
 }

services/50-nextcloud/volume/prestart/prestart.sh

@@ -54,7 +54,7 @@ run_as 'php occ app:update files_external'
 run_as 'php occ app:enable files_external'
 if [[ "${NEXTCLOUD_SAMBA}" == "1" ]]
 then
-run_as 'php  occ files_external:import /envole/mount.json -q'
+run_as 'php  occ files_external:import /nine/mount.json -q'
 fi
 
 echo 
@@ -67,7 +67,7 @@ echo
 echo "== USER CAS"
 if [[ "${MODE_AUTH}" == "CAS" && "${CAS_ACTIVATE}" == "1" ]]
 then
-    cp -rf /envole/app/user_cas /var/www/html/custom_apps
+    cp -rf /nine/app/user_cas /var/www/html/custom_apps
     chown www-data:www-data /var/www/html/custom_apps -R
     run_as 'php occ config:app:set user_cas cas_server_hostname --value='${CAS_HOST}' -q'
     run_as 'php occ config:app:set user_cas cas_server_path --value='${CAS_PATH}' -q'
@@ -84,6 +84,7 @@ fi
 
 echo 
 echo "== USER LDAP"
+
 if [[ "${LDAP_ACTIVATE}" == "1" ]]
 then
     run_as 'php occ app:install user_ldap'

services/50-nineboard/dockercompose/dockercompose.yml

@@ -1,4 +1,4 @@
-
+services:
   # Nineboard
   # Tableaux de bord collaboratif
   # Port interne 80

services/50-nineboard/env/.env

@@ -3,4 +3,7 @@
 
 APP_AUTH=${MODE_AUTH}
 APP_ALIAS=nineboard
+APP_WEBURL=${WEB_URL}
 
+LDAP_FILTERGROUP=${LDAP_GROUP_FILTER}
+LDAP_FILTERUSER=${LDAP_USER_FILTER}

services/50-nineboard/misc/nine.sh

@@ -4,7 +4,15 @@ function upnineboard {
     if [[ $NINEBOARD_ACTIVATE == 1 && $NINEBOARD_LOCAL == 1 ]]
     then
         Title ${NINEBOARD_SERVICE_NAME^^}
-               
+
+        if [[ $MARIADB_ACTIVATE == 1 && $MARIADB_LOCAL == 1 ]]
+        then
+            EchoVert "DATABASE"
+            Echo ${NINEBOARD_SERVICE_NAME^^}
+            docker-compose exec $MARIADB_SERVICE_NAME /nine/init.sh $NINEBOARD_SERVICE_NAME
+            Echo
+        fi
+
         EchoVert "CONTAINER"
         upservice ${NINEBOARD_SERVICE_NAME}
         Echo

services/50-ninefolio/apache/apache.conf

@@ -0,0 +1,5 @@
+# ninefolio
+ProxyPass /ninefolio http://ninefolio/ninefolio retry=0 keepalive=On
+ProxyPassReverse /ninefolio http://ninefolio/ninefolio retry=0
+ProxyPass /wssninefolio ws://ninefolio/wssninefolio retry=0 keepalive=On
+ProxyPassReverse /wssninefolio ws://ninefolio/wssninefolio retry=0

services/50-ninefolio/dockercompose/dockercompose.yml

@@ -0,0 +1,15 @@
+services:
+  # ninefolio
+  # Portail collaboratif
+  # Port interne 80
+  ninefolio:
+    image: reg.cadoles.com/envole/ninefolio
+    container_name: nine-ninefolio
+    restart: unless-stopped  
+    env_file: ./services/50-ninefolio/env/.env.merge
+    networks:
+      - nine-network
+    volumes:
+      - ./services/50-ninefolio/volume/data/private:/app/uploads
+      - ./services/50-ninefolio/volume/data/public:/app/public/uploads
+

services/50-ninefolio/env/.env

@@ -0,0 +1,21 @@
+
+# == NINEFOLIO =============================================================================================================================
+
+
+# BASIC
+APP_ALIAS=ninefolio
+APP_NAME="NINEFOLIO"
+APP_CRON=1
+
+# Webpack
+APP_PUBLIC_PATH=/${APP_ALIAS}/build
+APP_MANIFEST_KEY_PREFIX=${APP_ALIAS}
+
+# BDD
+DATABASE_NAME=${NINEFOLIO_SERVICE_NAME}
+DATABASE_USER=${MARIADB_USER}
+DATABASE_PASSWORD=${MARIADB_PASSWORD}
+DATABASE_HOST=${MARIADB_SERVICE_NAME}
+
+
+

services/50-ninefolio/misc/nine.sh

@@ -0,0 +1,45 @@
+#!/bin/bash
+
+
+function upninefolio {
+    if [[ $NINEFOLIO_ACTIVATE == 1 && $NINEFOLIO_LOCAL == 1 ]]
+    then
+        Title ${NINEFOLIO_SERVICE_NAME^^}
+
+        if [[ $MARIADB_ACTIVATE == 1 && $MARIADB_LOCAL == 1 ]]
+        then
+            EchoVert "DATABASE"
+            Echo ${NINEFOLIO_SERVICE_NAME^^}
+            docker-compose exec $MARIADB_SERVICE_NAME /nine/init.sh $NINEFOLIO_SERVICE_NAME
+            Echo
+        fi
+
+        EchoVert "CONTAINER"
+        upservice ${NINEFOLIO_SERVICE_NAME}
+        chmod -R a+wr ./services/50-ninefolio/volume/data
+        Echo
+    fi    
+}
+
+function destroyninefolio {
+    if [[ $NINEFOLIO_LOCAL == 1 ]]
+    then
+        Title "DESTROY $NINEFOLIO_SERVICE_NAME"
+
+        stop $NINEFOLIO_SERVICE_NAME 1
+        docker-compose rm -s -v -f "$NINEFOLIO_SERVICE_NAME"
+        
+        if [[ -z $1 ]]; then 
+            Question_ouinon "Souhaitez-vous supprimer la BDD associé à $NINEFOLIO_SERVICE_NAME ?";
+            response=$?
+        fi
+        if [[ "$response" == 0 || ! -z $1 ]]
+        then
+            EchoRouge "Delete BDD = $NINEFOLIO_SERVICE_NAME"
+            docker-compose exec $MARIADB_SERVICE_NAME /nine/delete.sh $NINEFOLIO_SERVICE_NAME
+            rm -rf services/50-ninefolio/volume/data
+        fi
+
+        echo ""
+    fi   
+}

services/50-ninegate/dockercompose/dockercompose.yml

@@ -1,4 +1,4 @@
-
+services:
   # Ninegate
   # Portail collaboratif
   # Port interne 80

services/50-ninegate/misc/nine.sh

@@ -37,6 +37,7 @@ function destroyninegate {
         then
             EchoRouge "Delete BDD = $NINEGATE_SERVICE_NAME"
             docker-compose exec $MARIADB_SERVICE_NAME /nine/delete.sh $NINEGATE_SERVICE_NAME
+            rm -rf services/50-ninegate/volume/data
         fi
 
         echo ""