diff --git a/keycloak/README.md b/keycloak/README.md index c2a8390..ef9711d 100644 --- a/keycloak/README.md +++ b/keycloak/README.md @@ -70,3 +70,52 @@ Podemos obtener la configuración OIDC en la URL: [.well-known/openid-configurat Podemos obtener las JSON Web Key Set en la URL: [JWKS](http://localhost:8080/realms/ds-2025-realm/protocol/openid-connect/certs) +--- + +## 🔧 Solución de Problemas de Sincronización + +### Problema: Los cambios en el archivo realm no se aplican + +Si modificas el archivo `realm-config/ds-2025-realm.json` pero los cambios no se reflejan en Keycloak, sigue estos pasos: + + +#### 1. Reinicio Completo con Limpieza + +Para aplicar los cambios en el archivo realm, necesitas hacer un reinicio completo que limpie los datos persistentes: + +```bash +# Detener contenedores +docker-compose down + +# Eliminar volúmenes (esto borrará todos los datos) +docker volume rm keycloak_postgres_data + +# Limpiar sistema Docker +docker system prune -f + +# Reiniciar +docker-compose up -d +``` + +#### 2. Verificar la Configuración + +Después del reinicio, verifica que: + +1. **Default Client Scopes del Realm**: Ve a `Realm Settings > Client Scopes` y verifica que aparezcan todos los scopes definidos en `defaultDefaultClientScopes` + +2. **Client Scopes de los Clientes**: Ve a cada cliente (ej: `grupo-03`) y verifica que tenga los `defaultClientScopes` correctos + +3. **Acceso a la Consola**: http://localhost:8080 con las credenciales del archivo `.env` + +### Client Scopes Disponibles + +El realm ahora incluye todos estos client scopes: + +- `usuarios:read` / `usuarios:write` +- `compras:read` / `compras:write` +- `stock:read` / `stock:write` +- `productos:read` / `productos:write` +- `categorias:read` / `categorias:write` +- `reservas:read` / `reservas:write` +- `envios:read` / `envios:write` + diff --git a/keycloak/realm-config/ds-2025-realm.json b/keycloak/realm-config/ds-2025-realm.json index 388168c..deb4772 100644 --- a/keycloak/realm-config/ds-2025-realm.json +++ b/keycloak/realm-config/ds-2025-realm.json @@ -34,6 +34,156 @@ ] }, "clientScopes": [ + { + "name": "usuarios:read", + "description": "Scope que permite acceso de lectura a los usuarios", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "name": "realm roles mapper usuarios:read", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "claim.name": "roles", + "jsonType.label": "String", + "multivalued": "true", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, + { + "name": "usuarios:write", + "description": "Scope que permite acceso de escritura a los usuarios", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "name": "realm roles mapper usuarios:write", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "claim.name": "roles", + "jsonType.label": "String", + "multivalued": "true", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, + { + "name": "compras:read", + "description": "Scope que permite acceso de lectura a las compras", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "name": "realm roles mapper compras:read", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "claim.name": "roles", + "jsonType.label": "String", + "multivalued": "true", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, + { + "name": "compras:write", + "description": "Scope que permite acceso de escritura a las compras", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "name": "realm roles mapper compras:write", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "claim.name": "roles", + "jsonType.label": "String", + "multivalued": "true", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, + { + "name": "stock:read", + "description": "Scope que permite acceso de lectura al stock", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "name": "realm roles mapper stock:read", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "claim.name": "roles", + "jsonType.label": "String", + "multivalued": "true", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, + { + "name": "stock:write", + "description": "Scope que permite acceso de escritura al stock", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "name": "realm roles mapper stock:write", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "claim.name": "roles", + "jsonType.label": "String", + "multivalued": "true", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, { "name": "productos:read", "description": "Scope que permite acceso de lectura a los productos", @@ -83,6 +233,156 @@ } } ] + }, + { + "name": "categorias:read", + "description": "Scope que permite acceso de lectura a las categorías", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "name": "realm roles mapper categorias:read", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "claim.name": "roles", + "jsonType.label": "String", + "multivalued": "true", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, + { + "name": "categorias:write", + "description": "Scope que permite acceso de escritura a las categorías", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "name": "realm roles mapper categorias:write", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "claim.name": "roles", + "jsonType.label": "String", + "multivalued": "true", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, + { + "name": "reservas:read", + "description": "Scope que permite acceso de lectura a las reservas", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "name": "realm roles mapper reservas:read", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "claim.name": "roles", + "jsonType.label": "String", + "multivalued": "true", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, + { + "name": "reservas:write", + "description": "Scope que permite acceso de escritura a las reservas", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "name": "realm roles mapper reservas:write", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "claim.name": "roles", + "jsonType.label": "String", + "multivalued": "true", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, + { + "name": "envios:read", + "description": "Scope que permite acceso de lectura a los envíos", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "name": "realm roles mapper envios:read", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "claim.name": "roles", + "jsonType.label": "String", + "multivalued": "true", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, + { + "name": "envios:write", + "description": "Scope que permite acceso de escritura a los envíos", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "name": "realm roles mapper envios:write", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "claim.name": "roles", + "jsonType.label": "String", + "multivalued": "true", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] } ], "clients": [