06de4fe485
Some checks failed
Lint Checks / Run linter (pull_request) Failing after 34s
Lint Checks / Run linter (push) Failing after 39s
Deploy Test / Run deploy test suite (pull_request) Successful in 4m38s
K8s Deploy Test / Run deploy test suite on kind/k8s (pull_request) Successful in 8m33s
Webapp Test / Run webapp test suite (pull_request) Successful in 4m11s
Smoke Test / Run basic test suite (pull_request) Successful in 4m20s
2391 lines
72 KiB
JSON
2391 lines
72 KiB
JSON
{
|
|
"id": "cerc",
|
|
"realm": "cerc",
|
|
"notBefore": 0,
|
|
"defaultSignatureAlgorithm": "RS256",
|
|
"revokeRefreshToken": false,
|
|
"refreshTokenMaxReuse": 0,
|
|
"accessTokenLifespan": 300,
|
|
"accessTokenLifespanForImplicitFlow": 900,
|
|
"ssoSessionIdleTimeout": 1800,
|
|
"ssoSessionMaxLifespan": 36000,
|
|
"ssoSessionIdleTimeoutRememberMe": 0,
|
|
"ssoSessionMaxLifespanRememberMe": 0,
|
|
"offlineSessionIdleTimeout": 2592000,
|
|
"offlineSessionMaxLifespanEnabled": false,
|
|
"offlineSessionMaxLifespan": 5184000,
|
|
"clientSessionIdleTimeout": 0,
|
|
"clientSessionMaxLifespan": 0,
|
|
"clientOfflineSessionIdleTimeout": 0,
|
|
"clientOfflineSessionMaxLifespan": 0,
|
|
"accessCodeLifespan": 60,
|
|
"accessCodeLifespanUserAction": 300,
|
|
"accessCodeLifespanLogin": 1800,
|
|
"actionTokenGeneratedByAdminLifespan": 43200,
|
|
"actionTokenGeneratedByUserLifespan": 300,
|
|
"oauth2DeviceCodeLifespan": 600,
|
|
"oauth2DevicePollingInterval": 5,
|
|
"enabled": true,
|
|
"sslRequired": "external",
|
|
"registrationAllowed": false,
|
|
"registrationEmailAsUsername": false,
|
|
"rememberMe": false,
|
|
"verifyEmail": false,
|
|
"loginWithEmailAllowed": true,
|
|
"duplicateEmailsAllowed": false,
|
|
"resetPasswordAllowed": false,
|
|
"editUsernameAllowed": false,
|
|
"bruteForceProtected": false,
|
|
"permanentLockout": false,
|
|
"maxFailureWaitSeconds": 900,
|
|
"minimumQuickLoginWaitSeconds": 60,
|
|
"waitIncrementSeconds": 60,
|
|
"quickLoginCheckMilliSeconds": 1000,
|
|
"maxDeltaTimeSeconds": 43200,
|
|
"failureFactor": 30,
|
|
"roles": {
|
|
"realm": [
|
|
{
|
|
"id": "0d341d8a-1f5a-4aa2-8152-1e2a9d3775bd",
|
|
"name": "uma_authorization",
|
|
"description": "${role_uma_authorization}",
|
|
"composite": false,
|
|
"clientRole": false,
|
|
"containerId": "cerc",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "7da1172a-c7d2-463d-8fb7-466a04803cc8",
|
|
"name": "offline_access",
|
|
"description": "${role_offline-access}",
|
|
"composite": false,
|
|
"clientRole": false,
|
|
"containerId": "cerc",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "211646ea-04a3-467e-9f25-f7539a405d03",
|
|
"name": "default-roles-cerc",
|
|
"description": "${role_default-roles}",
|
|
"composite": true,
|
|
"composites": {
|
|
"realm": [
|
|
"offline_access",
|
|
"uma_authorization"
|
|
]
|
|
},
|
|
"clientRole": false,
|
|
"containerId": "cerc",
|
|
"attributes": {}
|
|
}
|
|
],
|
|
"client": {
|
|
"realm-management": [
|
|
{
|
|
"id": "caa5575f-aa68-4cd4-bf23-d4718aaf7a74",
|
|
"name": "view-identity-providers",
|
|
"description": "${role_view-identity-providers}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "1a91181f-823b-4cbf-9d7a-f5f097a00d73",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "b0f59506-14be-4802-85bb-91e48e10795d",
|
|
"name": "create-client",
|
|
"description": "${role_create-client}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "1a91181f-823b-4cbf-9d7a-f5f097a00d73",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "d1ffefd0-e63c-4473-9334-1da2023a2379",
|
|
"name": "query-users",
|
|
"description": "${role_query-users}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "1a91181f-823b-4cbf-9d7a-f5f097a00d73",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "9b251fe8-a743-4be4-943c-5c8fc8efb59c",
|
|
"name": "impersonation",
|
|
"description": "${role_impersonation}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "1a91181f-823b-4cbf-9d7a-f5f097a00d73",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "305f3c42-4385-49fa-90b0-bd35f3a6593f",
|
|
"name": "manage-users",
|
|
"description": "${role_manage-users}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "1a91181f-823b-4cbf-9d7a-f5f097a00d73",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "c0745551-9565-4748-92b6-7540f8e4a4c8",
|
|
"name": "view-authorization",
|
|
"description": "${role_view-authorization}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "1a91181f-823b-4cbf-9d7a-f5f097a00d73",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "d333ddcd-6377-48e6-bcad-83248ce42820",
|
|
"name": "manage-authorization",
|
|
"description": "${role_manage-authorization}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "1a91181f-823b-4cbf-9d7a-f5f097a00d73",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "3bbac383-be19-4d98-9fb0-b8ba17f73765",
|
|
"name": "view-realm",
|
|
"description": "${role_view-realm}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "1a91181f-823b-4cbf-9d7a-f5f097a00d73",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "547e5883-a235-49e0-bbc1-b4b089e3d4c5",
|
|
"name": "realm-admin",
|
|
"description": "${role_realm-admin}",
|
|
"composite": true,
|
|
"composites": {
|
|
"client": {
|
|
"realm-management": [
|
|
"view-identity-providers",
|
|
"create-client",
|
|
"query-users",
|
|
"manage-users",
|
|
"impersonation",
|
|
"view-authorization",
|
|
"manage-authorization",
|
|
"view-realm",
|
|
"manage-events",
|
|
"query-realms",
|
|
"query-clients",
|
|
"manage-clients",
|
|
"view-events",
|
|
"view-clients",
|
|
"view-users",
|
|
"manage-realm",
|
|
"manage-identity-providers",
|
|
"query-groups"
|
|
]
|
|
}
|
|
},
|
|
"clientRole": true,
|
|
"containerId": "1a91181f-823b-4cbf-9d7a-f5f097a00d73",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "17e70842-fbc1-4c51-b79d-6ebac50c60e7",
|
|
"name": "manage-events",
|
|
"description": "${role_manage-events}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "1a91181f-823b-4cbf-9d7a-f5f097a00d73",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "bcf1a6f8-600b-4f27-a51a-8152f80da8a9",
|
|
"name": "query-realms",
|
|
"description": "${role_query-realms}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "1a91181f-823b-4cbf-9d7a-f5f097a00d73",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "bd85653b-3664-4d38-ac53-a662464bd9be",
|
|
"name": "query-clients",
|
|
"description": "${role_query-clients}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "1a91181f-823b-4cbf-9d7a-f5f097a00d73",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "5dbed8a7-1936-4df4-86e5-880c368b172f",
|
|
"name": "manage-clients",
|
|
"description": "${role_manage-clients}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "1a91181f-823b-4cbf-9d7a-f5f097a00d73",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "c4a6bd05-d72b-4206-a831-318530aa8d84",
|
|
"name": "view-events",
|
|
"description": "${role_view-events}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "1a91181f-823b-4cbf-9d7a-f5f097a00d73",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "19b36fad-1537-4b8e-9b1a-c5f3ef2830bf",
|
|
"name": "view-clients",
|
|
"description": "${role_view-clients}",
|
|
"composite": true,
|
|
"composites": {
|
|
"client": {
|
|
"realm-management": [
|
|
"query-clients"
|
|
]
|
|
}
|
|
},
|
|
"clientRole": true,
|
|
"containerId": "1a91181f-823b-4cbf-9d7a-f5f097a00d73",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "38e7b8be-e2de-4b88-a2b3-54fa3a6bb26e",
|
|
"name": "manage-realm",
|
|
"description": "${role_manage-realm}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "1a91181f-823b-4cbf-9d7a-f5f097a00d73",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "11f6d5d4-d883-493b-ad1d-9818d7fd6248",
|
|
"name": "view-users",
|
|
"description": "${role_view-users}",
|
|
"composite": true,
|
|
"composites": {
|
|
"client": {
|
|
"realm-management": [
|
|
"query-users",
|
|
"query-groups"
|
|
]
|
|
}
|
|
},
|
|
"clientRole": true,
|
|
"containerId": "1a91181f-823b-4cbf-9d7a-f5f097a00d73",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "93020a9b-cb4d-484a-9f65-a0a663d42fb8",
|
|
"name": "manage-identity-providers",
|
|
"description": "${role_manage-identity-providers}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "1a91181f-823b-4cbf-9d7a-f5f097a00d73",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "81cec017-13ec-473c-960b-1c84db230fc2",
|
|
"name": "query-groups",
|
|
"description": "${role_query-groups}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "1a91181f-823b-4cbf-9d7a-f5f097a00d73",
|
|
"attributes": {}
|
|
}
|
|
],
|
|
"security-admin-console": [],
|
|
"dashboard-client": [],
|
|
"admin-cli": [],
|
|
"account-console": [],
|
|
"broker": [],
|
|
"account": [
|
|
{
|
|
"id": "df36afa2-d09f-4235-9b80-97790f444bb3",
|
|
"name": "manage-account",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "1ff40495-e44c-4cbc-886a-87c3ca1edc9d",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "eaaf957e-c77a-4d89-9408-ef15e31e3500",
|
|
"name": "delete-account",
|
|
"description": "${role_delete-account}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "1ff40495-e44c-4cbc-886a-87c3ca1edc9d",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "ba9ee05e-c4bd-44fe-b127-ba2b6a3b8cd5",
|
|
"name": "view-groups",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "1ff40495-e44c-4cbc-886a-87c3ca1edc9d",
|
|
"attributes": {}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"groups": [
|
|
{
|
|
"id": "28f8feac-7483-4c9d-9a27-81e1564e461e",
|
|
"name": "allaccess",
|
|
"path": "/allaccess",
|
|
"attributes": {},
|
|
"realmRoles": [],
|
|
"clientRoles": {},
|
|
"subGroups": []
|
|
},
|
|
{
|
|
"id": "d2a0736e-e3fc-4c23-9ebd-c56b1fd44939",
|
|
"name": "eth",
|
|
"path": "/eth",
|
|
"attributes": {},
|
|
"realmRoles": [],
|
|
"clientRoles": {},
|
|
"subGroups": []
|
|
}
|
|
],
|
|
"defaultRole": {
|
|
"id": "211646ea-04a3-467e-9f25-f7539a405d03",
|
|
"name": "default-roles-cerc",
|
|
"description": "${role_default-roles}",
|
|
"composite": true,
|
|
"clientRole": false,
|
|
"containerId": "cerc"
|
|
},
|
|
"requiredCredentials": [
|
|
"password"
|
|
],
|
|
"otpPolicyType": "totp",
|
|
"otpPolicyAlgorithm": "HmacSHA1",
|
|
"otpPolicyInitialCounter": 0,
|
|
"otpPolicyDigits": 6,
|
|
"otpPolicyLookAheadWindow": 1,
|
|
"otpPolicyPeriod": 30,
|
|
"otpPolicyCodeReusable": false,
|
|
"otpSupportedApplications": [
|
|
"totpAppFreeOTPName",
|
|
"totpAppGoogleName"
|
|
],
|
|
"webAuthnPolicyRpEntityName": "keycloak",
|
|
"webAuthnPolicySignatureAlgorithms": [
|
|
"ES256"
|
|
],
|
|
"webAuthnPolicyRpId": "",
|
|
"webAuthnPolicyAttestationConveyancePreference": "not specified",
|
|
"webAuthnPolicyAuthenticatorAttachment": "not specified",
|
|
"webAuthnPolicyRequireResidentKey": "not specified",
|
|
"webAuthnPolicyUserVerificationRequirement": "not specified",
|
|
"webAuthnPolicyCreateTimeout": 0,
|
|
"webAuthnPolicyAvoidSameAuthenticatorRegister": false,
|
|
"webAuthnPolicyAcceptableAaguids": [],
|
|
"webAuthnPolicyPasswordlessRpEntityName": "keycloak",
|
|
"webAuthnPolicyPasswordlessSignatureAlgorithms": [
|
|
"ES256"
|
|
],
|
|
"webAuthnPolicyPasswordlessRpId": "",
|
|
"webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified",
|
|
"webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified",
|
|
"webAuthnPolicyPasswordlessRequireResidentKey": "not specified",
|
|
"webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified",
|
|
"webAuthnPolicyPasswordlessCreateTimeout": 0,
|
|
"webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false,
|
|
"webAuthnPolicyPasswordlessAcceptableAaguids": [],
|
|
"users": [
|
|
{
|
|
"id": "70af487b-c6d8-4f51-84d2-a23e8c9df7a3",
|
|
"createdTimestamp": 1670910521308,
|
|
"username": "service-account-dashboard-client",
|
|
"enabled": true,
|
|
"totp": false,
|
|
"emailVerified": false,
|
|
"serviceAccountClientId": "dashboard-client",
|
|
"disableableCredentialTypes": [],
|
|
"requiredActions": [],
|
|
"notBefore": 0,
|
|
"groups": []
|
|
}
|
|
],
|
|
"scopeMappings": [
|
|
{
|
|
"clientScope": "offline_access",
|
|
"roles": [
|
|
"offline_access"
|
|
]
|
|
}
|
|
],
|
|
"clientScopeMappings": {
|
|
"account": [
|
|
{
|
|
"client": "account-console",
|
|
"roles": [
|
|
"manage-account",
|
|
"view-groups"
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"clients": [
|
|
{
|
|
"id": "1ff40495-e44c-4cbc-886a-87c3ca1edc9d",
|
|
"clientId": "account",
|
|
"name": "${client_account}",
|
|
"rootUrl": "${authBaseUrl}",
|
|
"baseUrl": "/realms/cerc/account/",
|
|
"surrogateAuthRequired": false,
|
|
"enabled": true,
|
|
"alwaysDisplayInConsole": false,
|
|
"clientAuthenticatorType": "client-secret",
|
|
"secret": "**********",
|
|
"redirectUris": [
|
|
"/realms/cerc/account/*"
|
|
],
|
|
"webOrigins": [],
|
|
"notBefore": 0,
|
|
"bearerOnly": false,
|
|
"consentRequired": false,
|
|
"standardFlowEnabled": true,
|
|
"implicitFlowEnabled": false,
|
|
"directAccessGrantsEnabled": false,
|
|
"serviceAccountsEnabled": false,
|
|
"publicClient": false,
|
|
"frontchannelLogout": false,
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"post.logout.redirect.uris": "+"
|
|
},
|
|
"authenticationFlowBindingOverrides": {},
|
|
"fullScopeAllowed": false,
|
|
"nodeReRegistrationTimeout": 0,
|
|
"defaultClientScopes": [
|
|
"web-origins",
|
|
"profile",
|
|
"roles",
|
|
"email"
|
|
],
|
|
"optionalClientScopes": [
|
|
"address",
|
|
"phone",
|
|
"offline_access",
|
|
"microprofile-jwt"
|
|
]
|
|
},
|
|
{
|
|
"id": "75b3bc74-dd4d-4d0a-940c-f1a809c004a6",
|
|
"clientId": "account-console",
|
|
"name": "${client_account-console}",
|
|
"rootUrl": "${authBaseUrl}",
|
|
"baseUrl": "/realms/cerc/account/",
|
|
"surrogateAuthRequired": false,
|
|
"enabled": true,
|
|
"alwaysDisplayInConsole": false,
|
|
"clientAuthenticatorType": "client-secret",
|
|
"redirectUris": [
|
|
"/realms/cerc/account/*"
|
|
],
|
|
"webOrigins": [],
|
|
"notBefore": 0,
|
|
"bearerOnly": false,
|
|
"consentRequired": false,
|
|
"standardFlowEnabled": true,
|
|
"implicitFlowEnabled": false,
|
|
"directAccessGrantsEnabled": false,
|
|
"serviceAccountsEnabled": false,
|
|
"publicClient": true,
|
|
"frontchannelLogout": false,
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"post.logout.redirect.uris": "+",
|
|
"pkce.code.challenge.method": "S256"
|
|
},
|
|
"authenticationFlowBindingOverrides": {},
|
|
"fullScopeAllowed": false,
|
|
"nodeReRegistrationTimeout": 0,
|
|
"protocolMappers": [
|
|
{
|
|
"id": "4ec0bc59-9111-46da-a7d3-549b7aa0e398",
|
|
"name": "audience resolve",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-audience-resolve-mapper",
|
|
"consentRequired": false,
|
|
"config": {}
|
|
}
|
|
],
|
|
"defaultClientScopes": [
|
|
"web-origins",
|
|
"profile",
|
|
"roles",
|
|
"email"
|
|
],
|
|
"optionalClientScopes": [
|
|
"address",
|
|
"phone",
|
|
"offline_access",
|
|
"microprofile-jwt"
|
|
]
|
|
},
|
|
{
|
|
"id": "0dc11c0a-b159-4e48-bdf9-31a1fccd25c6",
|
|
"clientId": "admin-cli",
|
|
"name": "${client_admin-cli}",
|
|
"surrogateAuthRequired": false,
|
|
"enabled": true,
|
|
"alwaysDisplayInConsole": false,
|
|
"clientAuthenticatorType": "client-secret",
|
|
"secret": "**********",
|
|
"redirectUris": [],
|
|
"webOrigins": [],
|
|
"notBefore": 0,
|
|
"bearerOnly": false,
|
|
"consentRequired": false,
|
|
"standardFlowEnabled": false,
|
|
"implicitFlowEnabled": false,
|
|
"directAccessGrantsEnabled": true,
|
|
"serviceAccountsEnabled": false,
|
|
"publicClient": true,
|
|
"frontchannelLogout": false,
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"post.logout.redirect.uris": "+"
|
|
},
|
|
"authenticationFlowBindingOverrides": {},
|
|
"fullScopeAllowed": false,
|
|
"nodeReRegistrationTimeout": 0,
|
|
"defaultClientScopes": [
|
|
"web-origins",
|
|
"profile",
|
|
"roles",
|
|
"email"
|
|
],
|
|
"optionalClientScopes": [
|
|
"address",
|
|
"phone",
|
|
"offline_access",
|
|
"microprofile-jwt"
|
|
]
|
|
},
|
|
{
|
|
"id": "c8a751e8-08be-427f-9191-3bdc0cc3e829",
|
|
"clientId": "broker",
|
|
"name": "${client_broker}",
|
|
"surrogateAuthRequired": false,
|
|
"enabled": true,
|
|
"alwaysDisplayInConsole": false,
|
|
"clientAuthenticatorType": "client-secret",
|
|
"secret": "**********",
|
|
"redirectUris": [],
|
|
"webOrigins": [],
|
|
"notBefore": 0,
|
|
"bearerOnly": false,
|
|
"consentRequired": false,
|
|
"standardFlowEnabled": true,
|
|
"implicitFlowEnabled": false,
|
|
"directAccessGrantsEnabled": false,
|
|
"serviceAccountsEnabled": false,
|
|
"publicClient": false,
|
|
"frontchannelLogout": false,
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"post.logout.redirect.uris": "+"
|
|
},
|
|
"authenticationFlowBindingOverrides": {},
|
|
"fullScopeAllowed": false,
|
|
"nodeReRegistrationTimeout": 0,
|
|
"defaultClientScopes": [
|
|
"web-origins",
|
|
"profile",
|
|
"roles",
|
|
"email"
|
|
],
|
|
"optionalClientScopes": [
|
|
"address",
|
|
"phone",
|
|
"offline_access",
|
|
"microprofile-jwt"
|
|
]
|
|
},
|
|
{
|
|
"id": "2d7384c7-9301-4a57-8fb5-b42aa43b8d3f",
|
|
"clientId": "dashboard-client",
|
|
"surrogateAuthRequired": false,
|
|
"enabled": true,
|
|
"alwaysDisplayInConsole": false,
|
|
"clientAuthenticatorType": "client-secret",
|
|
"secret": "**********",
|
|
"redirectUris": [
|
|
"http://localhost:8180/*"
|
|
],
|
|
"webOrigins": [],
|
|
"notBefore": 0,
|
|
"bearerOnly": false,
|
|
"consentRequired": false,
|
|
"standardFlowEnabled": true,
|
|
"implicitFlowEnabled": false,
|
|
"directAccessGrantsEnabled": true,
|
|
"serviceAccountsEnabled": true,
|
|
"authorizationServicesEnabled": true,
|
|
"publicClient": false,
|
|
"frontchannelLogout": false,
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"saml.assertion.signature": "false",
|
|
"saml.force.post.binding": "false",
|
|
"saml.multivalued.roles": "false",
|
|
"saml.encrypt": "false",
|
|
"post.logout.redirect.uris": "+",
|
|
"saml.server.signature": "false",
|
|
"saml.server.signature.keyinfo.ext": "false",
|
|
"exclude.session.state.from.auth.response": "false",
|
|
"saml_force_name_id_format": "false",
|
|
"saml.client.signature": "false",
|
|
"tls.client.certificate.bound.access.tokens": "false",
|
|
"saml.authnstatement": "false",
|
|
"display.on.consent.screen": "false",
|
|
"saml.onetimeuse.condition": "false"
|
|
},
|
|
"authenticationFlowBindingOverrides": {},
|
|
"fullScopeAllowed": true,
|
|
"nodeReRegistrationTimeout": -1,
|
|
"protocolMappers": [
|
|
{
|
|
"id": "5746e878-a248-4170-9f6e-221dad215e25",
|
|
"name": "Client ID",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usersessionmodel-note-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"user.session.note": "clientId",
|
|
"userinfo.token.claim": "true",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "clientId",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "e584082b-a232-45bd-8520-bc88908642a1",
|
|
"name": "Client IP Address",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usersessionmodel-note-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"user.session.note": "clientAddress",
|
|
"userinfo.token.claim": "true",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "clientAddress",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "bd9eaacb-6c5b-4bf1-bc0d-2457f7f7a767",
|
|
"name": "api-key",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "api-key",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "api-key",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "a10834b6-005a-4083-84e7-69ea2c08c0a8",
|
|
"name": "Client Host",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usersessionmodel-note-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"user.session.note": "clientHost",
|
|
"userinfo.token.claim": "true",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "clientHost",
|
|
"jsonType.label": "String"
|
|
}
|
|
}
|
|
],
|
|
"defaultClientScopes": [
|
|
"web-origins",
|
|
"profile",
|
|
"roles",
|
|
"email"
|
|
],
|
|
"optionalClientScopes": [
|
|
"address",
|
|
"phone",
|
|
"offline_access",
|
|
"microprofile-jwt"
|
|
],
|
|
"authorizationSettings": {
|
|
"allowRemoteResourceManagement": true,
|
|
"policyEnforcementMode": "ENFORCING",
|
|
"resources": [
|
|
{
|
|
"name": "Default Resource",
|
|
"type": "urn:dashboard-client:resources:default",
|
|
"ownerManagedAccess": false,
|
|
"attributes": {},
|
|
"_id": "fd85dada-073c-4da0-ac3c-73a823e86e70",
|
|
"uris": [
|
|
"/*"
|
|
]
|
|
}
|
|
],
|
|
"policies": [],
|
|
"scopes": [],
|
|
"decisionStrategy": "UNANIMOUS"
|
|
}
|
|
},
|
|
{
|
|
"id": "1a91181f-823b-4cbf-9d7a-f5f097a00d73",
|
|
"clientId": "realm-management",
|
|
"name": "${client_realm-management}",
|
|
"surrogateAuthRequired": false,
|
|
"enabled": true,
|
|
"alwaysDisplayInConsole": false,
|
|
"clientAuthenticatorType": "client-secret",
|
|
"secret": "**********",
|
|
"redirectUris": [],
|
|
"webOrigins": [],
|
|
"notBefore": 0,
|
|
"bearerOnly": true,
|
|
"consentRequired": false,
|
|
"standardFlowEnabled": true,
|
|
"implicitFlowEnabled": false,
|
|
"directAccessGrantsEnabled": false,
|
|
"serviceAccountsEnabled": false,
|
|
"publicClient": false,
|
|
"frontchannelLogout": false,
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"post.logout.redirect.uris": "+"
|
|
},
|
|
"authenticationFlowBindingOverrides": {},
|
|
"fullScopeAllowed": false,
|
|
"nodeReRegistrationTimeout": 0,
|
|
"defaultClientScopes": [
|
|
"web-origins",
|
|
"profile",
|
|
"roles",
|
|
"email"
|
|
],
|
|
"optionalClientScopes": [
|
|
"address",
|
|
"phone",
|
|
"offline_access",
|
|
"microprofile-jwt"
|
|
]
|
|
},
|
|
{
|
|
"id": "1c10f8e8-6553-4d39-a705-8380214a01c9",
|
|
"clientId": "security-admin-console",
|
|
"name": "${client_security-admin-console}",
|
|
"rootUrl": "${authAdminUrl}",
|
|
"baseUrl": "/admin/cerc/console/",
|
|
"surrogateAuthRequired": false,
|
|
"enabled": true,
|
|
"alwaysDisplayInConsole": false,
|
|
"clientAuthenticatorType": "client-secret",
|
|
"secret": "**********",
|
|
"redirectUris": [
|
|
"/admin/cerc/console/*"
|
|
],
|
|
"webOrigins": [
|
|
"+"
|
|
],
|
|
"notBefore": 0,
|
|
"bearerOnly": false,
|
|
"consentRequired": false,
|
|
"standardFlowEnabled": true,
|
|
"implicitFlowEnabled": false,
|
|
"directAccessGrantsEnabled": false,
|
|
"serviceAccountsEnabled": false,
|
|
"publicClient": true,
|
|
"frontchannelLogout": false,
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"post.logout.redirect.uris": "+",
|
|
"pkce.code.challenge.method": "S256"
|
|
},
|
|
"authenticationFlowBindingOverrides": {},
|
|
"fullScopeAllowed": false,
|
|
"nodeReRegistrationTimeout": 0,
|
|
"protocolMappers": [
|
|
{
|
|
"id": "e65eaf73-6a5d-44da-a129-930481351e5e",
|
|
"name": "locale",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "locale",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "locale",
|
|
"jsonType.label": "String"
|
|
}
|
|
}
|
|
],
|
|
"defaultClientScopes": [
|
|
"web-origins",
|
|
"profile",
|
|
"roles",
|
|
"email"
|
|
],
|
|
"optionalClientScopes": [
|
|
"address",
|
|
"phone",
|
|
"offline_access",
|
|
"microprofile-jwt"
|
|
]
|
|
}
|
|
],
|
|
"clientScopes": [
|
|
{
|
|
"id": "6e3c0398-187d-4515-9fad-e09225e6484c",
|
|
"name": "email",
|
|
"description": "OpenID Connect built-in scope: email",
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"include.in.token.scope": "true",
|
|
"display.on.consent.screen": "true",
|
|
"consent.screen.text": "${emailScopeConsentText}"
|
|
},
|
|
"protocolMappers": [
|
|
{
|
|
"id": "7e81f77f-8631-46a0-979a-7744ea451880",
|
|
"name": "email",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-property-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "email",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "email",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "b41d73c7-5ae4-4492-9f05-fe737bbd8a9b",
|
|
"name": "email verified",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-property-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "emailVerified",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "email_verified",
|
|
"jsonType.label": "boolean"
|
|
}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "42c276ef-e93e-4e65-a963-b84a7b229449",
|
|
"name": "microprofile-jwt",
|
|
"description": "Microprofile - JWT built-in scope",
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"include.in.token.scope": "true",
|
|
"display.on.consent.screen": "false"
|
|
},
|
|
"protocolMappers": [
|
|
{
|
|
"id": "145a68c2-075a-417c-bafb-824c0bb02dd2",
|
|
"name": "groups",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-realm-role-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"multivalued": "true",
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "foo",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "groups",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "d9f7cb53-ae29-47e0-aaf8-edd40acfa5b9",
|
|
"name": "upn",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-property-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "username",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "upn",
|
|
"jsonType.label": "String"
|
|
}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "c88a720f-8fe6-4750-81b6-b87551066905",
|
|
"name": "role_list",
|
|
"description": "SAML role list",
|
|
"protocol": "saml",
|
|
"attributes": {
|
|
"consent.screen.text": "${samlRoleListScopeConsentText}",
|
|
"display.on.consent.screen": "true"
|
|
},
|
|
"protocolMappers": [
|
|
{
|
|
"id": "0244f0c4-773e-40e3-a0e4-308f5b10ab78",
|
|
"name": "role list",
|
|
"protocol": "saml",
|
|
"protocolMapper": "saml-role-list-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"single": "false",
|
|
"attribute.nameformat": "Basic",
|
|
"attribute.name": "Role"
|
|
}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "ba66e4d5-12f9-4c44-921d-42d901485803",
|
|
"name": "web-origins",
|
|
"description": "OpenID Connect scope for add allowed web origins to the access token",
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"include.in.token.scope": "false",
|
|
"display.on.consent.screen": "false",
|
|
"consent.screen.text": ""
|
|
},
|
|
"protocolMappers": [
|
|
{
|
|
"id": "0f2f1ccf-7292-4e49-a079-d9166ec100bb",
|
|
"name": "allowed web origins",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-allowed-origins-mapper",
|
|
"consentRequired": false,
|
|
"config": {}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "e73a3670-4958-43bc-b5fa-982a895bc8d4",
|
|
"name": "phone",
|
|
"description": "OpenID Connect built-in scope: phone",
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"include.in.token.scope": "true",
|
|
"display.on.consent.screen": "true",
|
|
"consent.screen.text": "${phoneScopeConsentText}"
|
|
},
|
|
"protocolMappers": [
|
|
{
|
|
"id": "bf04e15d-711a-4f66-b6f4-c35f21fcb0c8",
|
|
"name": "phone number",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "phoneNumber",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "phone_number",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "76493880-66bf-40d9-8f41-b14a8d400b1d",
|
|
"name": "phone number verified",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "phoneNumberVerified",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "phone_number_verified",
|
|
"jsonType.label": "boolean"
|
|
}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "5cb4b2c4-880e-4437-b905-19a5eb471765",
|
|
"name": "profile",
|
|
"description": "OpenID Connect built-in scope: profile",
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"include.in.token.scope": "true",
|
|
"display.on.consent.screen": "true",
|
|
"consent.screen.text": "${profileScopeConsentText}"
|
|
},
|
|
"protocolMappers": [
|
|
{
|
|
"id": "f7ba27e0-141e-4389-93d2-cc6c5fb1f78a",
|
|
"name": "family name",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-property-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "lastName",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "family_name",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "f3c2b39e-a11b-4640-acb3-c6ce139235e5",
|
|
"name": "zoneinfo",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "zoneinfo",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "zoneinfo",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "bbf1c241-15c1-4d94-812a-ad4e260f77df",
|
|
"name": "picture",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "picture",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "picture",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "0dc161e8-f2e8-4017-b895-c24a78d38e92",
|
|
"name": "birthdate",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "birthdate",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "birthdate",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "86761664-57a4-47df-a891-d0d721243327",
|
|
"name": "nickname",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "nickname",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "nickname",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "20f086d5-a07c-4711-88aa-3396fafb2adf",
|
|
"name": "full name",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-full-name-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"userinfo.token.claim": "true"
|
|
}
|
|
},
|
|
{
|
|
"id": "d79a8b71-9312-4658-b14b-8f3145052116",
|
|
"name": "username",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-property-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "username",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "preferred_username",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "ad342e65-e36a-48cc-a90a-d48aacefab01",
|
|
"name": "profile",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "profile",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "profile",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "6abd60fb-39b7-4063-aaee-5ff380f0a97e",
|
|
"name": "gender",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "gender",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "gender",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "580133fc-8e44-4e7a-a526-dcbc7d82c911",
|
|
"name": "website",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "website",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "website",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "4bcde3c0-41ef-45e6-a23b-aea222640399",
|
|
"name": "locale",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "locale",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "locale",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "1ed7844e-9002-4c7b-be3d-61f9b3c725b9",
|
|
"name": "middle name",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "middleName",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "middle_name",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "4c9e9ec5-f40d-4b6e-9385-f86b0d228940",
|
|
"name": "updated at",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "updatedAt",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "updated_at",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "bf10082b-d485-4cf4-bf31-f0181884e8cf",
|
|
"name": "given name",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-property-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "firstName",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "given_name",
|
|
"jsonType.label": "String"
|
|
}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "b25abfe5-1130-4d7d-98f4-227f8b0dc4f9",
|
|
"name": "roles",
|
|
"description": "OpenID Connect scope for add user roles to the access token",
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"include.in.token.scope": "false",
|
|
"display.on.consent.screen": "true",
|
|
"consent.screen.text": "${rolesScopeConsentText}"
|
|
},
|
|
"protocolMappers": [
|
|
{
|
|
"id": "84b22a06-dced-4b2f-bbc8-f818b01c73d0",
|
|
"name": "realm roles",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-realm-role-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"user.attribute": "foo",
|
|
"access.token.claim": "true",
|
|
"claim.name": "realm_access.roles",
|
|
"jsonType.label": "String",
|
|
"multivalued": "true"
|
|
}
|
|
},
|
|
{
|
|
"id": "5c6ed3cf-0840-4191-81ea-7092569f70fe",
|
|
"name": "audience resolve",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-audience-resolve-mapper",
|
|
"consentRequired": false,
|
|
"config": {}
|
|
},
|
|
{
|
|
"id": "dce34b2a-e58f-41b8-86ab-794edeccae40",
|
|
"name": "client roles",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-client-role-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"user.attribute": "foo",
|
|
"access.token.claim": "true",
|
|
"claim.name": "resource_access.${client_id}.roles",
|
|
"jsonType.label": "String",
|
|
"multivalued": "true"
|
|
}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "00476d55-cd2f-4f60-92dd-6f3ff634799e",
|
|
"name": "acr",
|
|
"description": "OpenID Connect scope for add acr (authentication context class reference) to the token",
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"include.in.token.scope": "false",
|
|
"display.on.consent.screen": "false"
|
|
},
|
|
"protocolMappers": [
|
|
{
|
|
"id": "f0ae1247-2120-4513-b1d1-fab7cfecfbb8",
|
|
"name": "acr loa level",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-acr-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"userinfo.token.claim": "true"
|
|
}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "3f68af4c-10e8-4351-a62d-f829b9832037",
|
|
"name": "address",
|
|
"description": "OpenID Connect built-in scope: address",
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"include.in.token.scope": "true",
|
|
"display.on.consent.screen": "true",
|
|
"consent.screen.text": "${addressScopeConsentText}"
|
|
},
|
|
"protocolMappers": [
|
|
{
|
|
"id": "3037e6e9-e1d7-492c-a060-9b2c35c688cb",
|
|
"name": "address",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-address-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"user.attribute.formatted": "formatted",
|
|
"user.attribute.country": "country",
|
|
"user.attribute.postal_code": "postal_code",
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute.street": "street",
|
|
"id.token.claim": "true",
|
|
"user.attribute.region": "region",
|
|
"access.token.claim": "true",
|
|
"user.attribute.locality": "locality"
|
|
}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "f900704b-5e92-451e-b093-02286cc22774",
|
|
"name": "offline_access",
|
|
"description": "OpenID Connect built-in scope: offline_access",
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"consent.screen.text": "${offlineAccessScopeConsentText}",
|
|
"display.on.consent.screen": "true"
|
|
}
|
|
}
|
|
],
|
|
"defaultDefaultClientScopes": [
|
|
"profile",
|
|
"email",
|
|
"roles",
|
|
"web-origins",
|
|
"role_list",
|
|
"acr"
|
|
],
|
|
"defaultOptionalClientScopes": [
|
|
"address",
|
|
"microprofile-jwt",
|
|
"phone",
|
|
"offline_access"
|
|
],
|
|
"browserSecurityHeaders": {
|
|
"contentSecurityPolicyReportOnly": "",
|
|
"xContentTypeOptions": "nosniff",
|
|
"xRobotsTag": "none",
|
|
"xFrameOptions": "SAMEORIGIN",
|
|
"contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
|
|
"xXSSProtection": "1; mode=block",
|
|
"strictTransportSecurity": "max-age=31536000; includeSubDomains"
|
|
},
|
|
"smtpServer": {},
|
|
"accountTheme": "custom",
|
|
"eventsEnabled": true,
|
|
"eventsExpiration": 604800,
|
|
"eventsListeners": [
|
|
"api-key-registration-generation",
|
|
"metrics-listener",
|
|
"jboss-logging"
|
|
],
|
|
"enabledEventTypes": [
|
|
"SEND_RESET_PASSWORD",
|
|
"REMOVE_TOTP",
|
|
"REVOKE_GRANT",
|
|
"UPDATE_TOTP",
|
|
"LOGIN_ERROR",
|
|
"CLIENT_LOGIN",
|
|
"RESET_PASSWORD_ERROR",
|
|
"IMPERSONATE_ERROR",
|
|
"CODE_TO_TOKEN_ERROR",
|
|
"CUSTOM_REQUIRED_ACTION",
|
|
"RESTART_AUTHENTICATION",
|
|
"IMPERSONATE",
|
|
"UPDATE_PROFILE_ERROR",
|
|
"LOGIN",
|
|
"UPDATE_PASSWORD_ERROR",
|
|
"CLIENT_INITIATED_ACCOUNT_LINKING",
|
|
"TOKEN_EXCHANGE",
|
|
"LOGOUT",
|
|
"REGISTER",
|
|
"CLIENT_REGISTER",
|
|
"IDENTITY_PROVIDER_LINK_ACCOUNT",
|
|
"UPDATE_PASSWORD",
|
|
"CLIENT_DELETE",
|
|
"FEDERATED_IDENTITY_LINK_ERROR",
|
|
"IDENTITY_PROVIDER_FIRST_LOGIN",
|
|
"CLIENT_DELETE_ERROR",
|
|
"VERIFY_EMAIL",
|
|
"CLIENT_LOGIN_ERROR",
|
|
"RESTART_AUTHENTICATION_ERROR",
|
|
"EXECUTE_ACTIONS",
|
|
"REMOVE_FEDERATED_IDENTITY_ERROR",
|
|
"TOKEN_EXCHANGE_ERROR",
|
|
"PERMISSION_TOKEN",
|
|
"SEND_IDENTITY_PROVIDER_LINK_ERROR",
|
|
"EXECUTE_ACTION_TOKEN_ERROR",
|
|
"SEND_VERIFY_EMAIL",
|
|
"EXECUTE_ACTIONS_ERROR",
|
|
"REMOVE_FEDERATED_IDENTITY",
|
|
"IDENTITY_PROVIDER_POST_LOGIN",
|
|
"IDENTITY_PROVIDER_LINK_ACCOUNT_ERROR",
|
|
"UPDATE_EMAIL",
|
|
"REGISTER_ERROR",
|
|
"REVOKE_GRANT_ERROR",
|
|
"EXECUTE_ACTION_TOKEN",
|
|
"LOGOUT_ERROR",
|
|
"UPDATE_EMAIL_ERROR",
|
|
"CLIENT_UPDATE_ERROR",
|
|
"UPDATE_PROFILE",
|
|
"CLIENT_REGISTER_ERROR",
|
|
"FEDERATED_IDENTITY_LINK",
|
|
"SEND_IDENTITY_PROVIDER_LINK",
|
|
"SEND_VERIFY_EMAIL_ERROR",
|
|
"RESET_PASSWORD",
|
|
"CLIENT_INITIATED_ACCOUNT_LINKING_ERROR",
|
|
"REMOVE_TOTP_ERROR",
|
|
"VERIFY_EMAIL_ERROR",
|
|
"SEND_RESET_PASSWORD_ERROR",
|
|
"CLIENT_UPDATE",
|
|
"CUSTOM_REQUIRED_ACTION_ERROR",
|
|
"IDENTITY_PROVIDER_POST_LOGIN_ERROR",
|
|
"UPDATE_TOTP_ERROR",
|
|
"CODE_TO_TOKEN",
|
|
"IDENTITY_PROVIDER_FIRST_LOGIN_ERROR"
|
|
],
|
|
"adminEventsEnabled": false,
|
|
"adminEventsDetailsEnabled": false,
|
|
"identityProviders": [],
|
|
"identityProviderMappers": [],
|
|
"components": {
|
|
"org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [
|
|
{
|
|
"id": "e108ed9d-422a-4c84-af0e-d7ea9ddc1890",
|
|
"name": "Trusted Hosts",
|
|
"providerId": "trusted-hosts",
|
|
"subType": "anonymous",
|
|
"subComponents": {},
|
|
"config": {
|
|
"host-sending-registration-request-must-match": [
|
|
"true"
|
|
],
|
|
"client-uris-must-match": [
|
|
"true"
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"id": "b9a4a7f7-d684-45bd-b4bf-646be1f79364",
|
|
"name": "Full Scope Disabled",
|
|
"providerId": "scope",
|
|
"subType": "anonymous",
|
|
"subComponents": {},
|
|
"config": {}
|
|
},
|
|
{
|
|
"id": "8df4222e-0b62-44dc-be51-f27d828f0f66",
|
|
"name": "Allowed Protocol Mapper Types",
|
|
"providerId": "allowed-protocol-mappers",
|
|
"subType": "anonymous",
|
|
"subComponents": {},
|
|
"config": {
|
|
"allowed-protocol-mapper-types": [
|
|
"oidc-full-name-mapper",
|
|
"oidc-address-mapper",
|
|
"oidc-sha256-pairwise-sub-mapper",
|
|
"saml-user-attribute-mapper",
|
|
"saml-user-property-mapper",
|
|
"saml-role-list-mapper",
|
|
"oidc-usermodel-attribute-mapper",
|
|
"oidc-usermodel-property-mapper"
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"id": "59dd3e18-4dbe-4054-b012-423e8c4da909",
|
|
"name": "Max Clients Limit",
|
|
"providerId": "max-clients",
|
|
"subType": "anonymous",
|
|
"subComponents": {},
|
|
"config": {
|
|
"max-clients": [
|
|
"200"
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"id": "7ce212c8-2587-4f6c-8824-705eabb7f925",
|
|
"name": "Allowed Client Scopes",
|
|
"providerId": "allowed-client-templates",
|
|
"subType": "authenticated",
|
|
"subComponents": {},
|
|
"config": {
|
|
"allow-default-scopes": [
|
|
"true"
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"id": "4cbfdd25-6c33-4bad-8d88-9a1aec6c8e25",
|
|
"name": "Consent Required",
|
|
"providerId": "consent-required",
|
|
"subType": "anonymous",
|
|
"subComponents": {},
|
|
"config": {}
|
|
},
|
|
{
|
|
"id": "bd008843-3c81-4750-ae85-a5e4e181b877",
|
|
"name": "Allowed Protocol Mapper Types",
|
|
"providerId": "allowed-protocol-mappers",
|
|
"subType": "authenticated",
|
|
"subComponents": {},
|
|
"config": {
|
|
"allowed-protocol-mapper-types": [
|
|
"saml-role-list-mapper",
|
|
"saml-user-property-mapper",
|
|
"oidc-full-name-mapper",
|
|
"oidc-usermodel-attribute-mapper",
|
|
"oidc-address-mapper",
|
|
"oidc-usermodel-property-mapper",
|
|
"oidc-sha256-pairwise-sub-mapper",
|
|
"saml-user-attribute-mapper"
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"id": "2edf8e74-e1b6-4e6d-83a3-c1123d462d14",
|
|
"name": "Allowed Client Scopes",
|
|
"providerId": "allowed-client-templates",
|
|
"subType": "anonymous",
|
|
"subComponents": {},
|
|
"config": {
|
|
"allow-default-scopes": [
|
|
"true"
|
|
]
|
|
}
|
|
}
|
|
],
|
|
"org.keycloak.userprofile.UserProfileProvider": [
|
|
{
|
|
"id": "bfd8d11c-d90c-4620-802d-2b5bb04ed9d3",
|
|
"providerId": "declarative-user-profile",
|
|
"subComponents": {},
|
|
"config": {}
|
|
}
|
|
],
|
|
"org.keycloak.keys.KeyProvider": [
|
|
{
|
|
"id": "ca2afd56-df5d-47ab-bea4-4416c859a338",
|
|
"name": "hmac-generated",
|
|
"providerId": "hmac-generated",
|
|
"subComponents": {},
|
|
"config": {
|
|
"priority": [
|
|
"100"
|
|
],
|
|
"algorithm": [
|
|
"HS256"
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"id": "c72d323d-5737-4bed-bbc9-41be440e99fb",
|
|
"name": "rsa-generated",
|
|
"providerId": "rsa-generated",
|
|
"subComponents": {},
|
|
"config": {
|
|
"priority": [
|
|
"100"
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"id": "f80ab6e7-1b0a-4de4-acaa-3275d3f867a2",
|
|
"name": "aes-generated",
|
|
"providerId": "aes-generated",
|
|
"subComponents": {},
|
|
"config": {
|
|
"priority": [
|
|
"100"
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"internationalizationEnabled": false,
|
|
"supportedLocales": [],
|
|
"authenticationFlows": [
|
|
{
|
|
"id": "4a7f9376-0b32-482d-acf0-49080e4af5bb",
|
|
"alias": "Handle Existing Account",
|
|
"description": "Handle what to do if there is existing account with same email/username like authenticated identity provider",
|
|
"providerId": "basic-flow",
|
|
"topLevel": false,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "idp-confirm-link",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticatorFlow": true,
|
|
"requirement": "REQUIRED",
|
|
"priority": 20,
|
|
"autheticatorFlow": true,
|
|
"flowAlias": "Handle Existing Account - Alternatives - 0",
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "258bc22b-74bd-450d-b2c0-5110b16a690c",
|
|
"alias": "Handle Existing Account - Alternatives - 0",
|
|
"description": "Subflow of Handle Existing Account with alternative executions",
|
|
"providerId": "basic-flow",
|
|
"topLevel": false,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "idp-email-verification",
|
|
"authenticatorFlow": false,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticatorFlow": true,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 20,
|
|
"autheticatorFlow": true,
|
|
"flowAlias": "Verify Existing Account by Re-authentication",
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "b5742967-0bfc-41d8-8738-8c24934d2c7b",
|
|
"alias": "Verify Existing Account by Re-authentication",
|
|
"description": "Reauthentication of existing account",
|
|
"providerId": "basic-flow",
|
|
"topLevel": false,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "idp-username-password-form",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticatorFlow": true,
|
|
"requirement": "CONDITIONAL",
|
|
"priority": 20,
|
|
"autheticatorFlow": true,
|
|
"flowAlias": "Verify Existing Account by Re-authentication - auth-otp-form - Conditional",
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "cc49251b-8a75-4324-abbe-50bb00384e39",
|
|
"alias": "Verify Existing Account by Re-authentication - auth-otp-form - Conditional",
|
|
"description": "Flow to determine if the auth-otp-form authenticator should be used or not.",
|
|
"providerId": "basic-flow",
|
|
"topLevel": false,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "conditional-user-configured",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "auth-otp-form",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 20,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "490a9641-0bea-425f-a04c-457d731489c0",
|
|
"alias": "browser",
|
|
"description": "browser based authentication",
|
|
"providerId": "basic-flow",
|
|
"topLevel": true,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "auth-cookie",
|
|
"authenticatorFlow": false,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "auth-spnego",
|
|
"authenticatorFlow": false,
|
|
"requirement": "DISABLED",
|
|
"priority": 20,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "identity-provider-redirector",
|
|
"authenticatorFlow": false,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 25,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticatorFlow": true,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 30,
|
|
"autheticatorFlow": true,
|
|
"flowAlias": "forms",
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "7efce4d5-b881-4e51-b390-5a40c342b185",
|
|
"alias": "browser plus basic",
|
|
"description": "browser based authentication",
|
|
"providerId": "basic-flow",
|
|
"topLevel": true,
|
|
"builtIn": false,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "auth-cookie",
|
|
"authenticatorFlow": false,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "basic-auth",
|
|
"authenticatorFlow": false,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 20,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "auth-spnego",
|
|
"authenticatorFlow": false,
|
|
"requirement": "DISABLED",
|
|
"priority": 25,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "identity-provider-redirector",
|
|
"authenticatorFlow": false,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 30,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticatorFlow": true,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 31,
|
|
"autheticatorFlow": true,
|
|
"flowAlias": "browser plus basic forms",
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "4f16e1b0-8531-47eb-8624-4bbf877d5596",
|
|
"alias": "browser plus basic forms",
|
|
"description": "Username, password, otp and other auth forms.",
|
|
"providerId": "basic-flow",
|
|
"topLevel": false,
|
|
"builtIn": false,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "auth-username-password-form",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticatorFlow": true,
|
|
"requirement": "CONDITIONAL",
|
|
"priority": 20,
|
|
"autheticatorFlow": true,
|
|
"flowAlias": "browser plus basic forms - auth-otp-form - Conditional",
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "22ddde40-03fe-425f-9dda-d7e8d108d5a3",
|
|
"alias": "browser plus basic forms - auth-otp-form - Conditional",
|
|
"description": "Flow to determine if the auth-otp-form authenticator should be used or not.",
|
|
"providerId": "basic-flow",
|
|
"topLevel": false,
|
|
"builtIn": false,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "conditional-user-configured",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "auth-otp-form",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 20,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "8253fd42-58bd-4536-8671-5c68522fa342",
|
|
"alias": "clients",
|
|
"description": "Base authentication for clients",
|
|
"providerId": "client-flow",
|
|
"topLevel": true,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "client-secret",
|
|
"authenticatorFlow": false,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "client-jwt",
|
|
"authenticatorFlow": false,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 20,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "client-secret-jwt",
|
|
"authenticatorFlow": false,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 30,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "client-x509",
|
|
"authenticatorFlow": false,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 40,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "04bf48cf-9568-48f4-8f17-a03af2c61419",
|
|
"alias": "direct grant",
|
|
"description": "OpenID Connect Resource Owner Grant",
|
|
"providerId": "basic-flow",
|
|
"topLevel": true,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "direct-grant-validate-username",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "direct-grant-validate-password",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 20,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticatorFlow": true,
|
|
"requirement": "CONDITIONAL",
|
|
"priority": 30,
|
|
"autheticatorFlow": true,
|
|
"flowAlias": "direct grant - direct-grant-validate-otp - Conditional",
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "61ad005d-bf91-4794-9842-3ae727a4751c",
|
|
"alias": "direct grant - direct-grant-validate-otp - Conditional",
|
|
"description": "Flow to determine if the direct-grant-validate-otp authenticator should be used or not.",
|
|
"providerId": "basic-flow",
|
|
"topLevel": false,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "conditional-user-configured",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "direct-grant-validate-otp",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 20,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "c65324a7-d836-4509-bf0c-12bd7ffcbf2b",
|
|
"alias": "docker auth",
|
|
"description": "Used by Docker clients to authenticate against the IDP",
|
|
"providerId": "basic-flow",
|
|
"topLevel": true,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "docker-http-basic-authenticator",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "91bf5412-35f7-40ff-9374-e135aa788687",
|
|
"alias": "first broker login",
|
|
"description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
|
|
"providerId": "basic-flow",
|
|
"topLevel": true,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticatorConfig": "review profile config",
|
|
"authenticator": "idp-review-profile",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticatorFlow": true,
|
|
"requirement": "REQUIRED",
|
|
"priority": 20,
|
|
"autheticatorFlow": true,
|
|
"flowAlias": "first broker login - Alternatives - 0",
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "4112f733-14e0-404b-978e-335ecda4a88e",
|
|
"alias": "first broker login - Alternatives - 0",
|
|
"description": "Subflow of first broker login with alternative executions",
|
|
"providerId": "basic-flow",
|
|
"topLevel": false,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticatorConfig": "create unique user config",
|
|
"authenticator": "idp-create-user-if-unique",
|
|
"authenticatorFlow": false,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticatorFlow": true,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 20,
|
|
"autheticatorFlow": true,
|
|
"flowAlias": "Handle Existing Account",
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "fc661cc2-942d-4596-84e7-0ab62c6dada2",
|
|
"alias": "forms",
|
|
"description": "Username, password, otp and other auth forms.",
|
|
"providerId": "basic-flow",
|
|
"topLevel": false,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "auth-username-password-form",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticatorFlow": true,
|
|
"requirement": "CONDITIONAL",
|
|
"priority": 20,
|
|
"autheticatorFlow": true,
|
|
"flowAlias": "forms - auth-otp-form - Conditional",
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "06555841-cc79-4f16-8497-6c107896e07a",
|
|
"alias": "forms - auth-otp-form - Conditional",
|
|
"description": "Flow to determine if the auth-otp-form authenticator should be used or not.",
|
|
"providerId": "basic-flow",
|
|
"topLevel": false,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "conditional-user-configured",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "auth-otp-form",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 20,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "850ed202-6ac8-4dbc-80dd-ef181327bc23",
|
|
"alias": "http challenge",
|
|
"description": "An authentication flow based on challenge-response HTTP Authentication Schemes",
|
|
"providerId": "basic-flow",
|
|
"topLevel": true,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "no-cookie-redirect",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "basic-auth",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 20,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "basic-auth-otp",
|
|
"authenticatorFlow": false,
|
|
"requirement": "DISABLED",
|
|
"priority": 30,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "auth-spnego",
|
|
"authenticatorFlow": false,
|
|
"requirement": "DISABLED",
|
|
"priority": 40,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "b5a45a81-fdc4-4473-9194-595b5b09f817",
|
|
"alias": "registration",
|
|
"description": "registration flow",
|
|
"providerId": "basic-flow",
|
|
"topLevel": true,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "registration-page-form",
|
|
"authenticatorFlow": true,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"autheticatorFlow": true,
|
|
"flowAlias": "registration form",
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "0f2d666e-7413-495e-aeb5-abed50c497f4",
|
|
"alias": "registration form",
|
|
"description": "registration form",
|
|
"providerId": "form-flow",
|
|
"topLevel": false,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "registration-user-creation",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 20,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "registration-profile-action",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 40,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "registration-password-action",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 50,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "registration-recaptcha-action",
|
|
"authenticatorFlow": false,
|
|
"requirement": "DISABLED",
|
|
"priority": 60,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "4cbd3b65-cec8-4a0a-8566-50336ad16dc8",
|
|
"alias": "reset credentials",
|
|
"description": "Reset credentials for a user if they forgot their password or something",
|
|
"providerId": "basic-flow",
|
|
"topLevel": true,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "reset-credentials-choose-user",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "reset-credential-email",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 20,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "reset-password",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 30,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticatorFlow": true,
|
|
"requirement": "CONDITIONAL",
|
|
"priority": 40,
|
|
"autheticatorFlow": true,
|
|
"flowAlias": "reset credentials - reset-otp - Conditional",
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "c027601d-55dd-4c36-9821-816815689e48",
|
|
"alias": "reset credentials - reset-otp - Conditional",
|
|
"description": "Flow to determine if the reset-otp authenticator should be used or not.",
|
|
"providerId": "basic-flow",
|
|
"topLevel": false,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "conditional-user-configured",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "reset-otp",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 20,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "76a19a9d-bbe9-4274-b743-ee5a001e7cff",
|
|
"alias": "saml ecp",
|
|
"description": "SAML ECP Profile Authentication Flow",
|
|
"providerId": "basic-flow",
|
|
"topLevel": true,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "http-basic-authenticator",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"authenticatorConfig": [
|
|
{
|
|
"id": "6428d38a-d80b-4cc0-89a2-698c7eb40fbb",
|
|
"alias": "create unique user config",
|
|
"config": {
|
|
"require.password.update.after.registration": "false"
|
|
}
|
|
},
|
|
{
|
|
"id": "d0dbc8d3-d2e5-4de3-bdb6-83c6a0b2f904",
|
|
"alias": "review profile config",
|
|
"config": {
|
|
"update.profile.on.first.login": "missing"
|
|
}
|
|
}
|
|
],
|
|
"requiredActions": [
|
|
{
|
|
"alias": "CONFIGURE_TOTP",
|
|
"name": "Configure OTP",
|
|
"providerId": "CONFIGURE_TOTP",
|
|
"enabled": true,
|
|
"defaultAction": false,
|
|
"priority": 10,
|
|
"config": {}
|
|
},
|
|
{
|
|
"alias": "terms_and_conditions",
|
|
"name": "Terms and Conditions",
|
|
"providerId": "terms_and_conditions",
|
|
"enabled": false,
|
|
"defaultAction": false,
|
|
"priority": 20,
|
|
"config": {}
|
|
},
|
|
{
|
|
"alias": "UPDATE_PASSWORD",
|
|
"name": "Update Password",
|
|
"providerId": "UPDATE_PASSWORD",
|
|
"enabled": true,
|
|
"defaultAction": false,
|
|
"priority": 30,
|
|
"config": {}
|
|
},
|
|
{
|
|
"alias": "UPDATE_PROFILE",
|
|
"name": "Update Profile",
|
|
"providerId": "UPDATE_PROFILE",
|
|
"enabled": true,
|
|
"defaultAction": false,
|
|
"priority": 40,
|
|
"config": {}
|
|
},
|
|
{
|
|
"alias": "VERIFY_EMAIL",
|
|
"name": "Verify Email",
|
|
"providerId": "VERIFY_EMAIL",
|
|
"enabled": true,
|
|
"defaultAction": false,
|
|
"priority": 50,
|
|
"config": {}
|
|
},
|
|
{
|
|
"alias": "delete_account",
|
|
"name": "Delete Account",
|
|
"providerId": "delete_account",
|
|
"enabled": false,
|
|
"defaultAction": false,
|
|
"priority": 60,
|
|
"config": {}
|
|
},
|
|
{
|
|
"alias": "update_user_locale",
|
|
"name": "Update User Locale",
|
|
"providerId": "update_user_locale",
|
|
"enabled": true,
|
|
"defaultAction": false,
|
|
"priority": 1000,
|
|
"config": {}
|
|
}
|
|
],
|
|
"browserFlow": "browser plus basic",
|
|
"registrationFlow": "registration",
|
|
"directGrantFlow": "direct grant",
|
|
"resetCredentialsFlow": "reset credentials",
|
|
"clientAuthenticationFlow": "clients",
|
|
"dockerAuthenticationFlow": "docker auth",
|
|
"attributes": {
|
|
"cibaBackchannelTokenDeliveryMode": "poll",
|
|
"cibaExpiresIn": "120",
|
|
"cibaAuthRequestedUserHint": "login_hint",
|
|
"oauth2DeviceCodeLifespan": "600",
|
|
"clientOfflineSessionMaxLifespan": "0",
|
|
"oauth2DevicePollingInterval": "5",
|
|
"clientSessionIdleTimeout": "0",
|
|
"parRequestUriLifespan": "60",
|
|
"clientSessionMaxLifespan": "0",
|
|
"clientOfflineSessionIdleTimeout": "0",
|
|
"cibaInterval": "5",
|
|
"realmReusableOtpCode": "false"
|
|
},
|
|
"keycloakVersion": "20.0.5",
|
|
"userManagedAccessAllowed": false,
|
|
"clientProfiles": {
|
|
"profiles": []
|
|
},
|
|
"clientPolicies": {
|
|
"policies": []
|
|
}
|
|
} |