diff --git a/compose.yml b/compose.yml index 324a4087..6c4303bd 100644 --- a/compose.yml +++ b/compose.yml @@ -41,9 +41,16 @@ services: keycloak: image: quay.io/keycloak/keycloak:24.0 - command: start-dev + command: start-dev --import-realm environment: - KEYCLOAK_ADMIN=admin - KEYCLOAK_ADMIN_PASSWORD=admin ports: - 3000:8080 + volumes: + - ./keycloak/realms:/opt/keycloak/data/import + +# Export data: +# /opt/keycloak/bin/kc.sh export \ +# --dir /opt/keycloak/data/realms \ +# --users same_file diff --git a/keycloak/realms/master-realm.json b/keycloak/realms/master-realm.json new file mode 100644 index 00000000..ad7ce3ec --- /dev/null +++ b/keycloak/realms/master-realm.json @@ -0,0 +1,1971 @@ +{ + "id" : "db537764-c578-4462-896d-0f987d35a96d", + "realm" : "master", + "displayName" : "Keycloak", + "displayNameHtml" : "
Keycloak
", + "notBefore" : 0, + "defaultSignatureAlgorithm" : "RS256", + "revokeRefreshToken" : false, + "refreshTokenMaxReuse" : 0, + "accessTokenLifespan" : 60, + "accessTokenLifespanForImplicitFlow" : 900, + "ssoSessionIdleTimeout" : 1800, + "ssoSessionMaxLifespan" : 36000, + "ssoSessionIdleTimeoutRememberMe" : 0, + "ssoSessionMaxLifespanRememberMe" : 0, + "offlineSessionIdleTimeout" : 2592000, + "offlineSessionMaxLifespanEnabled" : false, + "offlineSessionMaxLifespan" : 5184000, + "clientSessionIdleTimeout" : 0, + "clientSessionMaxLifespan" : 0, + "clientOfflineSessionIdleTimeout" : 0, + "clientOfflineSessionMaxLifespan" : 0, + "accessCodeLifespan" : 60, + "accessCodeLifespanUserAction" : 300, + "accessCodeLifespanLogin" : 1800, + "actionTokenGeneratedByAdminLifespan" : 43200, + "actionTokenGeneratedByUserLifespan" : 300, + "oauth2DeviceCodeLifespan" : 600, + "oauth2DevicePollingInterval" : 5, + "enabled" : true, + "sslRequired" : "external", + "registrationAllowed" : false, + "registrationEmailAsUsername" : false, + "rememberMe" : false, + "verifyEmail" : false, + "loginWithEmailAllowed" : true, + "duplicateEmailsAllowed" : false, + "resetPasswordAllowed" : false, + "editUsernameAllowed" : false, + "bruteForceProtected" : false, + "permanentLockout" : false, + "maxTemporaryLockouts" : 0, + "maxFailureWaitSeconds" : 900, + "minimumQuickLoginWaitSeconds" : 60, + "waitIncrementSeconds" : 60, + "quickLoginCheckMilliSeconds" : 1000, + "maxDeltaTimeSeconds" : 43200, + "failureFactor" : 30, + "roles" : { + "realm" : [ { + "id" : "ae16fd2a-9211-4f57-ad54-4755f0f64d39", + "name" : "admin", + "description" : "${role_admin}", + "composite" : true, + "composites" : { + "realm" : [ "create-realm" ], + "client" : { + "mercury-realm" : [ "query-clients", "query-realms", "query-groups", "manage-users", "view-events", "view-realm", "manage-identity-providers", "create-client", "view-authorization", "manage-events", "manage-clients", "query-users", "manage-realm", "manage-authorization", "impersonation", "view-users", "view-identity-providers", "view-clients" ], + "master-realm" : [ "view-clients", "view-events", "query-realms", "query-clients", "view-users", "manage-events", "view-authorization", "manage-identity-providers", "create-client", "manage-users", "query-groups", "query-users", "view-identity-providers", "impersonation", "manage-authorization", "manage-clients", "manage-realm", "view-realm" ] + } + }, + "clientRole" : false, + "containerId" : "db537764-c578-4462-896d-0f987d35a96d", + "attributes" : { } + }, { + "id" : "789bea23-b9c7-4101-8195-6fa26dce8ba9", + "name" : "create-realm", + "description" : "${role_create-realm}", + "composite" : false, + "clientRole" : false, + "containerId" : "db537764-c578-4462-896d-0f987d35a96d", + "attributes" : { } + }, { + "id" : "40eb0c45-d168-4480-8560-222fa3da7537", + "name" : "uma_authorization", + "description" : "${role_uma_authorization}", + "composite" : false, + "clientRole" : false, + "containerId" : "db537764-c578-4462-896d-0f987d35a96d", + "attributes" : { } + }, { + "id" : "41f2ec7d-5081-4133-b391-09fe552c1fd8", + "name" : "default-roles-master", + "description" : "${role_default-roles}", + "composite" : true, + "composites" : { + "realm" : [ "offline_access", "uma_authorization" ], + "client" : { + "account" : [ "view-profile", "manage-account" ] + } + }, + "clientRole" : false, + "containerId" : "db537764-c578-4462-896d-0f987d35a96d", + "attributes" : { } + }, { + "id" : "8af61e7e-f908-45a7-8d1d-8422ac9146fd", + "name" : "offline_access", + "description" : "${role_offline-access}", + "composite" : false, + "clientRole" : false, + "containerId" : "db537764-c578-4462-896d-0f987d35a96d", + "attributes" : { } + } ], + "client" : { + "security-admin-console" : [ ], + "mercury-realm" : [ { + "id" : "8b4ad8f4-03cb-4fb2-bf42-8be76c8cb9ba", + "name" : "query-clients", + "description" : "${role_query-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "deed2ec1-0009-4439-8043-8a2a190e3847", + "attributes" : { } + }, { + "id" : "d824d72f-e63a-4342-9a62-09cd98b68a05", + "name" : "manage-events", + "description" : "${role_manage-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "deed2ec1-0009-4439-8043-8a2a190e3847", + "attributes" : { } + }, { + "id" : "dac45eb9-2e16-4742-9256-07f2dbab44b7", + "name" : "query-realms", + "description" : "${role_query-realms}", + "composite" : false, + "clientRole" : true, + "containerId" : "deed2ec1-0009-4439-8043-8a2a190e3847", + "attributes" : { } + }, { + "id" : "53feeb27-78f1-402d-9bf0-93df10cd77ed", + "name" : "manage-clients", + "description" : "${role_manage-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "deed2ec1-0009-4439-8043-8a2a190e3847", + "attributes" : { } + }, { + "id" : "81b6df26-ae5c-4d6c-b1e7-f2bfa821d86f", + "name" : "query-groups", + "description" : "${role_query-groups}", + "composite" : false, + "clientRole" : true, + "containerId" : "deed2ec1-0009-4439-8043-8a2a190e3847", + "attributes" : { } + }, { + "id" : "cc7cc443-84f1-4541-9a17-e747f8f7707b", + "name" : "query-users", + "description" : "${role_query-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "deed2ec1-0009-4439-8043-8a2a190e3847", + "attributes" : { } + }, { + "id" : "2d9f3f14-96db-4eb5-ac21-bbb003fa7595", + "name" : "manage-users", + "description" : "${role_manage-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "deed2ec1-0009-4439-8043-8a2a190e3847", + "attributes" : { } + }, { + "id" : "78356107-b55a-430b-a6da-10afb7e846bc", + "name" : "view-events", + "description" : "${role_view-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "deed2ec1-0009-4439-8043-8a2a190e3847", + "attributes" : { } + }, { + "id" : "a944372b-7510-4bd2-964b-00a1305deb04", + "name" : "manage-realm", + "description" : "${role_manage-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "deed2ec1-0009-4439-8043-8a2a190e3847", + "attributes" : { } + }, { + "id" : "bd78b0b5-cf27-4dee-b144-8a2941025f38", + "name" : "view-realm", + "description" : "${role_view-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "deed2ec1-0009-4439-8043-8a2a190e3847", + "attributes" : { } + }, { + "id" : "e8518e97-5b7f-4430-b196-0c6ccd62ebc9", + "name" : "manage-identity-providers", + "description" : "${role_manage-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "deed2ec1-0009-4439-8043-8a2a190e3847", + "attributes" : { } + }, { + "id" : "1df290e6-8df6-42c0-a36f-5273d9c0ed9d", + "name" : "create-client", + "description" : "${role_create-client}", + "composite" : false, + "clientRole" : true, + "containerId" : "deed2ec1-0009-4439-8043-8a2a190e3847", + "attributes" : { } + }, { + "id" : "f3894915-0169-4654-98e2-ae631fe678b8", + "name" : "impersonation", + "description" : "${role_impersonation}", + "composite" : false, + "clientRole" : true, + "containerId" : "deed2ec1-0009-4439-8043-8a2a190e3847", + "attributes" : { } + }, { + "id" : "94df4620-3cd5-443f-a96c-ca9932d8448e", + "name" : "manage-authorization", + "description" : "${role_manage-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "deed2ec1-0009-4439-8043-8a2a190e3847", + "attributes" : { } + }, { + "id" : "ab925fac-d3bc-4531-a7e1-63378cb18abf", + "name" : "view-authorization", + "description" : "${role_view-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "deed2ec1-0009-4439-8043-8a2a190e3847", + "attributes" : { } + }, { + "id" : "4bfe1e96-8480-472a-88e1-4891251b545f", + "name" : "view-identity-providers", + "description" : "${role_view-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "deed2ec1-0009-4439-8043-8a2a190e3847", + "attributes" : { } + }, { + "id" : "454c3111-3534-450f-952d-9da6b831448c", + "name" : "view-users", + "description" : "${role_view-users}", + "composite" : true, + "composites" : { + "client" : { + "mercury-realm" : [ "query-groups", "query-users" ] + } + }, + "clientRole" : true, + "containerId" : "deed2ec1-0009-4439-8043-8a2a190e3847", + "attributes" : { } + }, { + "id" : "854f946d-337d-46be-af09-cd5e18cd98a5", + "name" : "view-clients", + "description" : "${role_view-clients}", + "composite" : true, + "composites" : { + "client" : { + "mercury-realm" : [ "query-clients" ] + } + }, + "clientRole" : true, + "containerId" : "deed2ec1-0009-4439-8043-8a2a190e3847", + "attributes" : { } + } ], + "admin-cli" : [ ], + "account-console" : [ ], + "broker" : [ { + "id" : "54190234-d97f-4881-9fd0-0c7cd85ddd32", + "name" : "read-token", + "description" : "${role_read-token}", + "composite" : false, + "clientRole" : true, + "containerId" : "0d5ce332-a297-430f-8ac5-7dea1d378226", + "attributes" : { } + } ], + "master-realm" : [ { + "id" : "8b1bd011-0812-4729-9570-2325dde258bc", + "name" : "view-clients", + "description" : "${role_view-clients}", + "composite" : true, + "composites" : { + "client" : { + "master-realm" : [ "query-clients" ] + } + }, + "clientRole" : true, + "containerId" : "ac5895f3-9b49-4f74-a8e9-826c913d7be3", + "attributes" : { } + }, { + "id" : "bd8fcfb3-8e6b-41b1-8cdf-795d17313dfb", + "name" : "query-realms", + "description" : "${role_query-realms}", + "composite" : false, + "clientRole" : true, + "containerId" : "ac5895f3-9b49-4f74-a8e9-826c913d7be3", + "attributes" : { } + }, { + "id" : "a858cee9-7bc0-4f87-9571-9438eced9257", + "name" : "view-events", + "description" : "${role_view-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "ac5895f3-9b49-4f74-a8e9-826c913d7be3", + "attributes" : { } + }, { + "id" : "e746f59c-d492-4345-94f4-702db66247fc", + "name" : "query-clients", + "description" : "${role_query-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "ac5895f3-9b49-4f74-a8e9-826c913d7be3", + "attributes" : { } + }, { + "id" : "15f96095-ac0b-4c10-9f1c-ede70aa0bbd0", + "name" : "query-groups", + "description" : "${role_query-groups}", + "composite" : false, + "clientRole" : true, + "containerId" : "ac5895f3-9b49-4f74-a8e9-826c913d7be3", + "attributes" : { } + }, { + "id" : "9ff95e77-4629-45b9-b0d5-36f3885816d5", + "name" : "query-users", + "description" : "${role_query-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "ac5895f3-9b49-4f74-a8e9-826c913d7be3", + "attributes" : { } + }, { + "id" : "d97cfa3d-eeca-4705-bc15-85aade6b31d5", + "name" : "view-identity-providers", + "description" : "${role_view-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "ac5895f3-9b49-4f74-a8e9-826c913d7be3", + "attributes" : { } + }, { + "id" : "72e35085-107f-4bc9-949d-32e6ef466369", + "name" : "impersonation", + "description" : "${role_impersonation}", + "composite" : false, + "clientRole" : true, + "containerId" : "ac5895f3-9b49-4f74-a8e9-826c913d7be3", + "attributes" : { } + }, { + "id" : "93dcf6b6-6c42-41ac-ab4a-684047e70472", + "name" : "manage-authorization", + "description" : "${role_manage-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "ac5895f3-9b49-4f74-a8e9-826c913d7be3", + "attributes" : { } + }, { + "id" : "4a77e149-0020-422e-a31b-3adcb70801bb", + "name" : "manage-clients", + "description" : "${role_manage-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "ac5895f3-9b49-4f74-a8e9-826c913d7be3", + "attributes" : { } + }, { + "id" : "ccf3edf8-a0e5-43ad-a008-00e082d266e2", + "name" : "manage-realm", + "description" : "${role_manage-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "ac5895f3-9b49-4f74-a8e9-826c913d7be3", + "attributes" : { } + }, { + "id" : "345fd242-9608-4448-baad-e529633f481a", + "name" : "view-users", + "description" : "${role_view-users}", + "composite" : true, + "composites" : { + "client" : { + "master-realm" : [ "query-groups", "query-users" ] + } + }, + "clientRole" : true, + "containerId" : "ac5895f3-9b49-4f74-a8e9-826c913d7be3", + "attributes" : { } + }, { + "id" : "89531376-4acf-4ebf-b86d-c36f7b931436", + "name" : "manage-events", + "description" : "${role_manage-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "ac5895f3-9b49-4f74-a8e9-826c913d7be3", + "attributes" : { } + }, { + "id" : "dcc7b1d1-c8cd-455c-8da3-bbc90ff16387", + "name" : "view-realm", + "description" : "${role_view-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "ac5895f3-9b49-4f74-a8e9-826c913d7be3", + "attributes" : { } + }, { + "id" : "cedfbb81-e836-446e-9c69-2e7bb8022d00", + "name" : "create-client", + "description" : "${role_create-client}", + "composite" : false, + "clientRole" : true, + "containerId" : "ac5895f3-9b49-4f74-a8e9-826c913d7be3", + "attributes" : { } + }, { + "id" : "9f030f83-8ca0-4079-be1b-23f1dbe4a4f0", + "name" : "manage-identity-providers", + "description" : "${role_manage-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "ac5895f3-9b49-4f74-a8e9-826c913d7be3", + "attributes" : { } + }, { + "id" : "189448d0-fe76-4bcb-9333-617e796d75a3", + "name" : "view-authorization", + "description" : "${role_view-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "ac5895f3-9b49-4f74-a8e9-826c913d7be3", + "attributes" : { } + }, { + "id" : "18bab64f-383d-4978-a7d3-583bab4d129b", + "name" : "manage-users", + "description" : "${role_manage-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "ac5895f3-9b49-4f74-a8e9-826c913d7be3", + "attributes" : { } + } ], + "account" : [ { + "id" : "411b8136-0ade-48aa-86f7-75ab989041ab", + "name" : "manage-consent", + "description" : "${role_manage-consent}", + "composite" : true, + "composites" : { + "client" : { + "account" : [ "view-consent" ] + } + }, + "clientRole" : true, + "containerId" : "318d4eeb-b489-4e04-97a3-9d7e171677db", + "attributes" : { } + }, { + "id" : "4d3fc0c0-4d3d-4133-aaef-00144d2cce00", + "name" : "view-consent", + "description" : "${role_view-consent}", + "composite" : false, + "clientRole" : true, + "containerId" : "318d4eeb-b489-4e04-97a3-9d7e171677db", + "attributes" : { } + }, { + "id" : "8b560f46-961d-428d-9b5f-d80dca4d7e8e", + "name" : "view-groups", + "description" : "${role_view-groups}", + "composite" : false, + "clientRole" : true, + "containerId" : "318d4eeb-b489-4e04-97a3-9d7e171677db", + "attributes" : { } + }, { + "id" : "6d29650a-c827-42bb-b096-6bcad76eae47", + "name" : "view-profile", + "description" : "${role_view-profile}", + "composite" : false, + "clientRole" : true, + "containerId" : "318d4eeb-b489-4e04-97a3-9d7e171677db", + "attributes" : { } + }, { + "id" : "d8060668-1535-40ad-bede-c71aa3def487", + "name" : "delete-account", + "description" : "${role_delete-account}", + "composite" : false, + "clientRole" : true, + "containerId" : "318d4eeb-b489-4e04-97a3-9d7e171677db", + "attributes" : { } + }, { + "id" : "edf01590-ad15-42ed-a57b-973ffaeb99f7", + "name" : "manage-account-links", + "description" : "${role_manage-account-links}", + "composite" : false, + "clientRole" : true, + "containerId" : "318d4eeb-b489-4e04-97a3-9d7e171677db", + "attributes" : { } + }, { + "id" : "2eedd71b-3543-4022-b033-229195e02e07", + "name" : "view-applications", + "description" : "${role_view-applications}", + "composite" : false, + "clientRole" : true, + "containerId" : "318d4eeb-b489-4e04-97a3-9d7e171677db", + "attributes" : { } + }, { + "id" : "3a61afa0-6c6f-4446-8e14-cc70a86971be", + "name" : "manage-account", + "description" : "${role_manage-account}", + "composite" : true, + "composites" : { + "client" : { + "account" : [ "manage-account-links" ] + } + }, + "clientRole" : true, + "containerId" : "318d4eeb-b489-4e04-97a3-9d7e171677db", + "attributes" : { } + } ] + } + }, + "groups" : [ ], + "defaultRole" : { + "id" : "41f2ec7d-5081-4133-b391-09fe552c1fd8", + "name" : "default-roles-master", + "description" : "${role_default-roles}", + "composite" : true, + "clientRole" : false, + "containerId" : "db537764-c578-4462-896d-0f987d35a96d" + }, + "requiredCredentials" : [ "password" ], + "otpPolicyType" : "totp", + "otpPolicyAlgorithm" : "HmacSHA1", + "otpPolicyInitialCounter" : 0, + "otpPolicyDigits" : 6, + "otpPolicyLookAheadWindow" : 1, + "otpPolicyPeriod" : 30, + "otpPolicyCodeReusable" : false, + "otpSupportedApplications" : [ "totpAppFreeOTPName", "totpAppGoogleName", "totpAppMicrosoftAuthenticatorName" ], + "localizationTexts" : { }, + "webAuthnPolicyRpEntityName" : "keycloak", + "webAuthnPolicySignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyRpId" : "", + "webAuthnPolicyAttestationConveyancePreference" : "not specified", + "webAuthnPolicyAuthenticatorAttachment" : "not specified", + "webAuthnPolicyRequireResidentKey" : "not specified", + "webAuthnPolicyUserVerificationRequirement" : "not specified", + "webAuthnPolicyCreateTimeout" : 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyAcceptableAaguids" : [ ], + "webAuthnPolicyExtraOrigins" : [ ], + "webAuthnPolicyPasswordlessRpEntityName" : "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyPasswordlessRpId" : "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified", + "webAuthnPolicyPasswordlessCreateTimeout" : 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ], + "webAuthnPolicyPasswordlessExtraOrigins" : [ ], + "scopeMappings" : [ { + "clientScope" : "offline_access", + "roles" : [ "offline_access" ] + } ], + "clientScopeMappings" : { + "account" : [ { + "client" : "account-console", + "roles" : [ "manage-account", "view-groups" ] + } ] + }, + "clients" : [ { + "id" : "318d4eeb-b489-4e04-97a3-9d7e171677db", + "clientId" : "account", + "name" : "${client_account}", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/master/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/realms/master/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "8f8bf30b-a7fc-4c97-9185-b3494daa4862", + "clientId" : "account-console", + "name" : "${client_account-console}", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/master/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/realms/master/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+", + "pkce.code.challenge.method" : "S256" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "8d9ec1c4-3f5b-4354-a842-146dfd338f13", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { } + } ], + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "517750f1-a0fb-49ad-bf70-2a5bbc7ed0d7", + "clientId" : "admin-cli", + "name" : "${client_admin-cli}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : false, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "0d5ce332-a297-430f-8ac5-7dea1d378226", + "clientId" : "broker", + "name" : "${client_broker}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : true, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "ac5895f3-9b49-4f74-a8e9-826c913d7be3", + "clientId" : "master-realm", + "name" : "master Realm", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : true, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "deed2ec1-0009-4439-8043-8a2a190e3847", + "clientId" : "mercury-realm", + "name" : "mercury Realm", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : true, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ ], + "optionalClientScopes" : [ ] + }, { + "id" : "525c9a20-5fd7-4b1f-9e63-96e659a62f07", + "clientId" : "security-admin-console", + "name" : "${client_security-admin-console}", + "rootUrl" : "${authAdminUrl}", + "baseUrl" : "/admin/master/console/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/admin/master/console/*" ], + "webOrigins" : [ "+" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+", + "pkce.code.challenge.method" : "S256" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "fa8c47f3-16e5-4395-9e68-0863b3762550", + "name" : "locale", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "locale", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "locale", + "jsonType.label" : "String" + } + } ], + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + } ], + "clientScopes" : [ { + "id" : "d4bc78cb-88c6-4732-9b25-5a6a82a170a6", + "name" : "address", + "description" : "OpenID Connect built-in scope: address", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${addressScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "b5a660d2-8c9e-4b71-b76e-8ec1827b4222", + "name" : "address", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-address-mapper", + "consentRequired" : false, + "config" : { + "user.attribute.formatted" : "formatted", + "user.attribute.country" : "country", + "introspection.token.claim" : "true", + "user.attribute.postal_code" : "postal_code", + "userinfo.token.claim" : "true", + "user.attribute.street" : "street", + "id.token.claim" : "true", + "user.attribute.region" : "region", + "access.token.claim" : "true", + "user.attribute.locality" : "locality" + } + } ] + }, { + "id" : "a6138f56-8c98-4122-ae9e-086b2ffc3b8a", + "name" : "microprofile-jwt", + "description" : "Microprofile - JWT built-in scope", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "0ba18321-518e-468e-9c1d-6c4acba19681", + "name" : "upn", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "upn", + "jsonType.label" : "String" + } + }, { + "id" : "1c6c8dc0-c899-4ea8-acf7-f6dcf3203390", + "name" : "groups", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "multivalued" : "true", + "user.attribute" : "foo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "groups", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "ac7adf26-2083-4869-a63b-e61d488cd3c7", + "name" : "web-origins", + "description" : "OpenID Connect scope for add allowed web origins to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false", + "consent.screen.text" : "" + }, + "protocolMappers" : [ { + "id" : "e4cddf76-4800-407b-ab8d-711b114a8c5e", + "name" : "allowed web origins", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-allowed-origins-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "access.token.claim" : "true" + } + } ] + }, { + "id" : "4fb08cd9-145b-4753-a70a-49e992edd43e", + "name" : "offline_access", + "description" : "OpenID Connect built-in scope: offline_access", + "protocol" : "openid-connect", + "attributes" : { + "consent.screen.text" : "${offlineAccessScopeConsentText}", + "display.on.consent.screen" : "true" + } + }, { + "id" : "e8786b72-f6c8-49a9-9b20-b61df4051be4", + "name" : "phone", + "description" : "OpenID Connect built-in scope: phone", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${phoneScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "ae52e448-344d-4b33-b493-a9ecaf753ba6", + "name" : "phone number verified", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "phoneNumberVerified", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "phone_number_verified", + "jsonType.label" : "boolean" + } + }, { + "id" : "a53db03e-a0cb-4db3-b5ac-fedd818d2b4e", + "name" : "phone number", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "phoneNumber", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "phone_number", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "28fb8afc-396b-4886-9597-2f34fa894729", + "name" : "roles", + "description" : "OpenID Connect scope for add user roles to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${rolesScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "60a66309-083a-4066-bb4a-0b8c43d84a98", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "access.token.claim" : "true" + } + }, { + "id" : "1a0fc357-6739-4c3b-8649-1fbaca87a99e", + "name" : "realm roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "multivalued" : "true", + "user.attribute" : "foo", + "access.token.claim" : "true", + "claim.name" : "realm_access.roles", + "jsonType.label" : "String" + } + }, { + "id" : "eca7c4a0-9961-472e-9ca1-ddf6688cd319", + "name" : "client roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-client-role-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "multivalued" : "true", + "user.attribute" : "foo", + "access.token.claim" : "true", + "claim.name" : "resource_access.${client_id}.roles", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "0a6f5f3d-c1d3-45ea-b3bc-7aa52097b709", + "name" : "role_list", + "description" : "SAML role list", + "protocol" : "saml", + "attributes" : { + "consent.screen.text" : "${samlRoleListScopeConsentText}", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "f57ad695-cc92-47ed-948a-1f6ce2dcf498", + "name" : "role list", + "protocol" : "saml", + "protocolMapper" : "saml-role-list-mapper", + "consentRequired" : false, + "config" : { + "single" : "false", + "attribute.nameformat" : "Basic", + "attribute.name" : "Role" + } + } ] + }, { + "id" : "aa6ca380-14af-419e-b0b0-1e233c1b72fa", + "name" : "acr", + "description" : "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "ea097089-fa49-4391-9fb2-6bd9c29cbdc9", + "name" : "acr loa level", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-acr-mapper", + "consentRequired" : false, + "config" : { + "id.token.claim" : "true", + "introspection.token.claim" : "true", + "access.token.claim" : "true" + } + } ] + }, { + "id" : "7bc153a3-5fab-4534-9ed4-0e502db4c2ea", + "name" : "profile", + "description" : "OpenID Connect built-in scope: profile", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${profileScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "6d350cc2-e798-4bfa-81ca-a5518e62586e", + "name" : "nickname", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "nickname", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "nickname", + "jsonType.label" : "String" + } + }, { + "id" : "cda4f51e-07ab-497d-ab87-89e9bd09de27", + "name" : "full name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-full-name-mapper", + "consentRequired" : false, + "config" : { + "id.token.claim" : "true", + "introspection.token.claim" : "true", + "access.token.claim" : "true", + "userinfo.token.claim" : "true" + } + }, { + "id" : "7371f42b-01ae-449a-8e04-f0bd1558c5e5", + "name" : "middle name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "middleName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "middle_name", + "jsonType.label" : "String" + } + }, { + "id" : "cc5a5c70-78a2-4124-8fc7-1c6b49f6d01b", + "name" : "username", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "preferred_username", + "jsonType.label" : "String" + } + }, { + "id" : "47b8f543-f9be-4835-a79b-e64a2f0a556c", + "name" : "locale", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "locale", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "locale", + "jsonType.label" : "String" + } + }, { + "id" : "a6be3fff-4434-44e8-9ebe-1949d3a66f47", + "name" : "gender", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "gender", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "gender", + "jsonType.label" : "String" + } + }, { + "id" : "ef2b6239-947d-48fc-85f7-f4dba50a4225", + "name" : "updated at", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "updatedAt", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "updated_at", + "jsonType.label" : "long" + } + }, { + "id" : "e914d729-377a-40b4-85c0-98216664b6b5", + "name" : "given name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "firstName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "given_name", + "jsonType.label" : "String" + } + }, { + "id" : "045c4157-ccfc-432b-8f4f-b368f201412f", + "name" : "family name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "lastName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "family_name", + "jsonType.label" : "String" + } + }, { + "id" : "3ef28a74-67b0-41a7-ae04-61d641328ad3", + "name" : "zoneinfo", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "zoneinfo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "zoneinfo", + "jsonType.label" : "String" + } + }, { + "id" : "51d628cb-a9b3-41ee-a761-978b1490c9fc", + "name" : "profile", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "profile", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "profile", + "jsonType.label" : "String" + } + }, { + "id" : "1c62fe48-6e51-4da2-bd8d-c866327230de", + "name" : "birthdate", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "birthdate", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "birthdate", + "jsonType.label" : "String" + } + }, { + "id" : "e0a516c3-eca5-408f-aae0-a06d33b3c621", + "name" : "picture", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "picture", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "picture", + "jsonType.label" : "String" + } + }, { + "id" : "dccdc877-5e17-4e66-b68e-165d16345051", + "name" : "website", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "website", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "website", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "cb4e010a-a7fe-4d5a-8ae1-4dfc695c8a63", + "name" : "email", + "description" : "OpenID Connect built-in scope: email", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${emailScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "57a25e8b-d40b-40ec-804d-6d5292033731", + "name" : "email verified", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "emailVerified", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email_verified", + "jsonType.label" : "boolean" + } + }, { + "id" : "5b74b269-b4d3-4482-8424-65e67df84f25", + "name" : "email", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "email", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email", + "jsonType.label" : "String" + } + } ] + } ], + "defaultDefaultClientScopes" : [ "role_list", "profile", "email", "roles", "web-origins", "acr" ], + "defaultOptionalClientScopes" : [ "offline_access", "address", "phone", "microprofile-jwt" ], + "browserSecurityHeaders" : { + "contentSecurityPolicyReportOnly" : "", + "xContentTypeOptions" : "nosniff", + "referrerPolicy" : "no-referrer", + "xRobotsTag" : "none", + "xFrameOptions" : "SAMEORIGIN", + "xXSSProtection" : "1; mode=block", + "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "strictTransportSecurity" : "max-age=31536000; includeSubDomains" + }, + "smtpServer" : { }, + "eventsEnabled" : false, + "eventsListeners" : [ "jboss-logging" ], + "enabledEventTypes" : [ ], + "adminEventsEnabled" : false, + "adminEventsDetailsEnabled" : false, + "identityProviders" : [ ], + "identityProviderMappers" : [ ], + "components" : { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ { + "id" : "e950fd5e-23b7-412b-864e-43888b1b1b48", + "name" : "Full Scope Disabled", + "providerId" : "scope", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "b4c8b8ef-f032-40ce-8cca-2bfac9d298c5", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-role-list-mapper", "saml-user-attribute-mapper", "saml-user-property-mapper", "oidc-address-mapper", "oidc-full-name-mapper" ] + } + }, { + "id" : "e05ca0d6-6dd2-4cdb-856b-410525894084", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "oidc-full-name-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-role-list-mapper", "oidc-usermodel-property-mapper", "saml-user-attribute-mapper", "oidc-usermodel-attribute-mapper", "oidc-address-mapper", "saml-user-property-mapper" ] + } + }, { + "id" : "4f63f462-5209-45ec-a7a6-79c6a191a647", + "name" : "Trusted Hosts", + "providerId" : "trusted-hosts", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "host-sending-registration-request-must-match" : [ "true" ], + "client-uris-must-match" : [ "true" ] + } + }, { + "id" : "4ebcc143-20a2-4249-89aa-2fae1a06c8e0", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "allow-default-scopes" : [ "true" ] + } + }, { + "id" : "7689d197-a56f-4724-a224-dc245a32bc0a", + "name" : "Consent Required", + "providerId" : "consent-required", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "2c85982a-82bb-432e-83de-1cd6d1ba84e5", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allow-default-scopes" : [ "true" ] + } + }, { + "id" : "410abfba-4413-4286-97f6-c12823ad0277", + "name" : "Max Clients Limit", + "providerId" : "max-clients", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "max-clients" : [ "200" ] + } + } ], + "org.keycloak.userprofile.UserProfileProvider" : [ { + "id" : "d00d9ac6-aad8-46e7-a758-b0075d17cf29", + "providerId" : "declarative-user-profile", + "subComponents" : { }, + "config" : { + "kc.user.profile.config" : [ "{\"attributes\":[{\"name\":\"username\",\"displayName\":\"${username}\",\"validations\":{\"length\":{\"min\":3,\"max\":255},\"username-prohibited-characters\":{},\"up-username-not-idn-homograph\":{}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"email\",\"displayName\":\"${email}\",\"validations\":{\"email\":{},\"length\":{\"max\":255}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"firstName\",\"displayName\":\"${firstName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"lastName\",\"displayName\":\"${lastName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false}],\"groups\":[{\"name\":\"user-metadata\",\"displayHeader\":\"User metadata\",\"displayDescription\":\"Attributes, which refer to user metadata\"}]}" ] + } + } ], + "org.keycloak.keys.KeyProvider" : [ { + "id" : "8c16ebe6-f1ee-4fa1-9b1a-2b044c189a85", + "name" : "hmac-generated-hs512", + "providerId" : "hmac-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "df1ecf13-321a-4e28-a510-17864c9018c0" ], + "secret" : [ "hE2LG8e1QF5GhSYtfnd34k5tnZH0TK_ZM0MJEQq4mmUa-tPTonjy5jfnxp218FegStgNjvqrpdLgE6-YImsSnOnUBhYdTN3XeuUbrN7Zj36eSwMB3n327nqizo2JPZMrRqTcDGdnUIUvJgh5ZEllKoVzzYP3FXR0o21Dp6g_XSg" ], + "priority" : [ "100" ], + "algorithm" : [ "HS512" ] + } + }, { + "id" : "25ce5f25-afda-4aff-a935-bc09bb43cdef", + "name" : "rsa-generated", + "providerId" : "rsa-generated", + "subComponents" : { }, + "config" : { + "privateKey" : [ "MIIEowIBAAKCAQEAjo5DuO9yVTfolxhW2bQKKcmV6wLddkHbf9gR+THWkSd8WoGDCozVt+T2QiOrlQYVcyJi5AunVXji7tt+TuFDne18AH1Et6REQbMEz3R++NgNJ/L95zIM/eLzdaVIonuuiPZ79oAryoYejYabCTkh/DHSI5lvw0IiDqpiZsFoV5NDJyp2wrnXsKw8VZuBE7jGuIJgcJGxayXPqiE/r2FOqLN9cIChBzK5pkV8azMfh1Hq3ASfGocei9/W+WXEOXAU7QwwWOqGDGpRsROhwvBuBrLDvwCjkvpLq8S4dBzKJv8UQ9VNjq6lxzvzbMiaDb+xwBwPNb3FLWy2fMnVNmV0gQIDAQABAoIBAAXyAnqLx/esY3+rtPGS6+qWvPEmdzCHqh0gmI1NSg7XN/05UgsGWSJ4gtm6zZzjOlFJMZkjsEilCEfgcRnelLiZLzcBAnTrPaqEyhJR4DrGHfRY0sSJ5pdPGArDyC34nQyaxQxAh7MEWXFbGAuwLY3sUQCJlWruDugQLJbvAYhHbMyfWBtlljwlMkGv3n0zz3yyTkkz6acQJMU6vi2CrA5E4/Ppj+IWp15i8CIOHYsq6RtLd9oD9w0u3a/3skDWfXyvnb6J7/pWKA9DnJ7nMODhrCxJZ/YGLa+28BnT8DL6OCyJVd+STdLtTOrEkw6P2Zw/95BBEIwsGqKhs9Ehbz0CgYEAySK4AzZ3DoDmt1UjXpboVPd/03888t+yLJWGORRSJ4kOiO9rcQbIbrnF8LG8gntnrHf2Ej7JelWjbYI871OY5n7BL+gocAtdnpGDQBhkfMdzl8hYaBJvmaKFVd7dviqEwimp6hBYuYqhjXfOjgp2t5sZ/aePfm/0A5xaO14x40UCgYEAtXDqvOi1vi7dY5NdirPb7G0h1cl7oJlJLVwpYFs+NiNrVSJpwm1XBp4TLYByda6n7d6hEdvr/2CaIeB+HPGSf0R8phbre5Pf6nYRUTQtIXPVNlEgbHJcyBp4Oz5lJByoe0oNkOGToc0Wa6n0a5Td8+4dgWPJd+ngTmcc4Rzy4g0CgYAEbbpFf9aBQD9UPBCqTYJSFJ0A6CVMZ7aBms04xoTEkBT82OCxvWd+YKLGGPPAn7z5pC6L2kwPYIFXsO1si5erQ5E3X9I8HVPzYNrV93OG99FIv0WLDRTd+iEbcevJ+x+vMsGmALQjabUC62dl4z8X7ddVqXHUY9yok7G86ucITQKBgFpOgFdUEBk/pCtKjrVZfe24B64roV+2y6hLBcESyO0TRfnSrgb6euUtSmhMVSvjqWuIcmy8JEMwZqbT4JExX3P+t3fHUp9oY3uEFmxvZsMOryFg0Z2IckuaeRsrnBWUOftbSVNCI0PWGwGtTp05NBuT+ZWMABuyCVWcltAoo28FAoGBAKfK7ZMJqF6DCNln+agvA2J3YTwcWomdmBaTt6AQS2aFqFu3N3sBWOAlEdOXQ1O/IAUyOcInDzYdQIITlYoaEP11yCwO35jCFG+uxIu3JN+X9joyDyyMTf9d4rV9J/ZxpayF6MmPsqE5tt9ckpBtkvTe3OoKjF4RBlqjd4MS7Koj" ], + "keyUse" : [ "SIG" ], + "certificate" : [ "MIICmzCCAYMCBgGOGLlzgzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZtYXN0ZXIwHhcNMjQwMzA3MTE0MTMwWhcNMzQwMzA3MTE0MzEwWjARMQ8wDQYDVQQDDAZtYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCOjkO473JVN+iXGFbZtAopyZXrAt12Qdt/2BH5MdaRJ3xagYMKjNW35PZCI6uVBhVzImLkC6dVeOLu235O4UOd7XwAfUS3pERBswTPdH742A0n8v3nMgz94vN1pUiie66I9nv2gCvKhh6NhpsJOSH8MdIjmW/DQiIOqmJmwWhXk0MnKnbCudewrDxVm4ETuMa4gmBwkbFrJc+qIT+vYU6os31wgKEHMrmmRXxrMx+HUercBJ8ahx6L39b5ZcQ5cBTtDDBY6oYMalGxE6HC8G4GssO/AKOS+kurxLh0HMom/xRD1U2OrqXHO/NsyJoNv7HAHA81vcUtbLZ8ydU2ZXSBAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAC7WtvXOzOFPXpt4m9UU2Kqxa97qPcBsG97bBH0KNUjGDLhQeiY/+EqWYc3Uq1cj3Hy1Ylx8N3vxzYFjN5iE0epqWNvrJr6Tc1KtvO/rfvFz/6IjpvH6pHoylD+DiFw2mM1big18mlHdDjdttPJt05tnoHQqsgH05DGlLwJgjDe0tatJAfjeKkjORfhhFSfxvA1WgiBhxb5phILVfa7rthdPmuKLCBAXi8iloMiBcAIe1PV4aa2SwIEwkyzCAcMe/CaqXT/aktfWLoJwPsHddXPB9fwGZQhmZHO4Yohuda7sfO8TXQQEGRN2sE3sbkvVhEGzj0wgyuF9qOpCJTFZ0OA=" ], + "priority" : [ "100" ] + } + }, { + "id" : "387bf308-c621-462f-87f4-f757171e9abe", + "name" : "aes-generated", + "providerId" : "aes-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "bc39b27e-7278-48d0-be97-a26bf1745f8a" ], + "secret" : [ "XTPePG8svIbQHX5eTn6m3g" ], + "priority" : [ "100" ] + } + }, { + "id" : "44fdde2a-3351-49fd-8d70-babe2b279900", + "name" : "rsa-enc-generated", + "providerId" : "rsa-enc-generated", + "subComponents" : { }, + "config" : { + "privateKey" : [ "MIIEowIBAAKCAQEArfgl0qIu+3t0wAZ2s54vQMx2yg8gpFM73cGkpLYGQgNH/MKswuPDDpfDi54Wp6qdqaju+9gAQOnjZyvzfjuAbpwYCCOIKcmipyFhdAs9MPATC8/CWqbVA5Ut6S/7sdfhXo8ExdYIubxJ76lH9oFS7yxbzVhmgxjc+G2htfebsKHOv9k7aCNqfiUA44rv1sooPzTOlTbzjViSNH9C8ZG3A7kwkbpQbFgsWHB1Tnv8MXJ99wqXVHRpdzGQhgL1fOo0eSTXM75yncNetgZOF7wAyOyTYAhgEdh9a+oLH5LSu1M+t+PF51ii7F4zvyJXvXMqB2/FmnbNvpK/5PF8Oa9BJwIDAQABAoIBAAy1YXHzJhJ58MvsTPSPHC2UIiNdmolWiTuIX1Im9+sPmU0mHX+5KrEgtgi3ejkyVgUkUZz1KQOU8mdBhy6UAyxRW9IQYmyHDco+voM/JO+zwfhta2m64Tm7RpjPyAe0WQLS2Mro+Uc0MYR/7cFcriXJrEUibY6rHM1LGPKVjXqIIGt5i10uaSKZkSUUt/E5CLI2Z2ETmXLJLfrCahjy5gCTfOY0CX7Ttmwxonk+dcGQsZjMWXNZi4Gaqs/gPen+51hxZIOzw3JeKMxKn0TZlV/UBe35qZa2/ouV6P79Zj5+vuR3GTcm26M4oSnjWAd+Urta/cxAVySxKgB1jrXWmDkCgYEA7Prs9CgIdAdwHwpXrdmPZIYD+VeCLSzEZO0NtXkA373siX133Uz5ezik734r8lq9QVfygx867IQvZijfSPp+ZMSSvfFiTJ+teQXKAvrEi58HJmOUcUU1TxpwZv33DvzwNbbZEi3JAozZoBrKiA8I7Du8uqPrQUS46XqtIFRCsJ8CgYEAu+6UfCZDbLDmkmgxdxcxFyCgzLaVAsfasWnAfF32oOtML6NNWPR5R/mxVsOrgNcxH8X/jGdUIAhciePqA9FGtbnTNC12y+ky5bDof6bF+8kdxaTOboZzQW4xPCHofDrRb3I+Zn8+yYQbByslobQeI0pdLzRaHnRTqhtCE8tCenkCgYEAtPnX9YmRExMPFBVw6iposGsMI+IpXth+T1kdjAYRnczMFB/GZzG+oNScWO1xIE8dkwZYBLzX4gH8tLbn9jKeTdQ1AGuUF1ImR3MdV/MsIDhdXHrVxT8GPBfD2VN/1mliBJNT6OcgSBtKo1Nycj+RH99q/Nnr8ldKI7v09OiEWZ8CgYA3SiSzNcqmYpEjR7Yt1EvkAvxr3dePHt8vTO6NaFOT2kXqyf+KiTpZO5O59A0z9ZuFPopFc2zjk7It+ziw8NP9yPLjKfEGYtBPlTGBxL4AqpWwvSDikXm9KT8g8tTkH6XYROMo4ozFWrFc9Yu3vDcVqN4rchqFVTH8HNLe4fDn+QKBgFwCNhWWx4DySoQEf4zW5wYl4FDFAbiJexhBGWEmk+2v2nJznrY4SbNEqX1XHON7GFYCHOZS1LJ6/ovWISV9xwJ7JFgmp/0vedJqLPCzmUbM+n1HG1ZZJ0UXcj0w+W0xXQKlYnO1Q0V13/lIFr1wuKgVWOQHWe8YPIYoSBGw80hy" ], + "keyUse" : [ "ENC" ], + "certificate" : [ "MIICmzCCAYMCBgGOGLl13DANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZtYXN0ZXIwHhcNMjQwMzA3MTE0MTMxWhcNMzQwMzA3MTE0MzExWjARMQ8wDQYDVQQDDAZtYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCt+CXSoi77e3TABnazni9AzHbKDyCkUzvdwaSktgZCA0f8wqzC48MOl8OLnhanqp2pqO772ABA6eNnK/N+O4BunBgII4gpyaKnIWF0Cz0w8BMLz8JaptUDlS3pL/ux1+FejwTF1gi5vEnvqUf2gVLvLFvNWGaDGNz4baG195uwoc6/2TtoI2p+JQDjiu/Wyig/NM6VNvONWJI0f0LxkbcDuTCRulBsWCxYcHVOe/wxcn33CpdUdGl3MZCGAvV86jR5JNczvnKdw162Bk4XvADI7JNgCGAR2H1r6gsfktK7Uz6348XnWKLsXjO/Ile9cyoHb8Wads2+kr/k8Xw5r0EnAgMBAAEwDQYJKoZIhvcNAQELBQADggEBADDeTocvZiteN+nmfRXreynyBKs34PF2azdVWExZnPaOWVYNphZQQ+pKmKEkLN0h0dmf7ZsaNDYxRMdNRRuwlQXKPLR7InHqQmPjMBba2OryMNpehlJ1Yz64fG8JWplfTqtipORmFmYh2E/vmpjLwRUhlUA2pW1Ncqg0Qsc8hx1OI4BFhzPgq0toonCc9HDY+Tt/vVrZd0uzhq8Q/vj/m9F9oTMuY02I1FNfULWhnPK4F/NAkH7zbtVFwNVVb26+uqXASgveHgqsiMHH7nSNUdl3xbzquEKU2akwC+Twjrwvd/DqalFUsjWasrIORL5UbZqSa7xg7h8aj5hTwDfQRHw=" ], + "priority" : [ "100" ], + "algorithm" : [ "RSA-OAEP" ] + } + } ] + }, + "internationalizationEnabled" : false, + "supportedLocales" : [ ], + "authenticationFlows" : [ { + "id" : "74569dd6-3c62-4079-8561-7bb28f4aec1b", + "alias" : "Account verification options", + "description" : "Method with which to verity the existing account", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-email-verification", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Verify Existing Account by Re-authentication", + "userSetupAllowed" : false + } ] + }, { + "id" : "bf29ee38-fa6a-4774-9314-af7c948c9b78", + "alias" : "Browser - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-otp-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "16f7dc55-3d43-43e9-ba8a-b1a53d88d3c4", + "alias" : "Direct Grant - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "direct-grant-validate-otp", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "a831f1cb-9f42-45f0-b0fb-5c56ca12ec68", + "alias" : "First broker login - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-otp-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "f4bc8d67-6bc6-40f8-8502-2348590fd25c", + "alias" : "Handle Existing Account", + "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-confirm-link", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Account verification options", + "userSetupAllowed" : false + } ] + }, { + "id" : "6809ed94-a372-4134-967b-819b2fcc4135", + "alias" : "Reset - Conditional OTP", + "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-otp", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "b1b6a625-bcb7-4458-86ad-d7dba19c1299", + "alias" : "User creation or linking", + "description" : "Flow for the existing/non-existing user alternatives", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "create unique user config", + "authenticator" : "idp-create-user-if-unique", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Handle Existing Account", + "userSetupAllowed" : false + } ] + }, { + "id" : "1ba92371-9f94-4fe6-9347-fa1feef3188e", + "alias" : "Verify Existing Account by Re-authentication", + "description" : "Reauthentication of existing account", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-username-password-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "First broker login - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "1bb4ae36-ba70-45a7-b892-c5ee53825ec7", + "alias" : "browser", + "description" : "browser based authentication", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-cookie", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-spnego", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "identity-provider-redirector", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 25, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 30, + "autheticatorFlow" : true, + "flowAlias" : "forms", + "userSetupAllowed" : false + } ] + }, { + "id" : "0fcef363-ecaf-4841-8db1-d79a249a6a6e", + "alias" : "clients", + "description" : "Base authentication for clients", + "providerId" : "client-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "client-secret", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-jwt", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-secret-jwt", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 30, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-x509", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 40, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "c5877ada-0538-4b85-845f-63b0d4765b9d", + "alias" : "direct grant", + "description" : "OpenID Connect Resource Owner Grant", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "direct-grant-validate-username", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "direct-grant-validate-password", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 30, + "autheticatorFlow" : true, + "flowAlias" : "Direct Grant - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "dffc6e5d-c2d3-4714-877e-a13293c88ad4", + "alias" : "docker auth", + "description" : "Used by Docker clients to authenticate against the IDP", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "docker-http-basic-authenticator", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "705358e5-b311-4038-a830-cc2a83e9684a", + "alias" : "first broker login", + "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "review profile config", + "authenticator" : "idp-review-profile", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "User creation or linking", + "userSetupAllowed" : false + } ] + }, { + "id" : "39c285eb-ad63-4460-a1c6-8c2026357cb8", + "alias" : "forms", + "description" : "Username, password, otp and other auth forms.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-username-password-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Browser - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "79d2f519-4c71-4b5d-b3bd-ece20afd9df5", + "alias" : "registration", + "description" : "registration flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-page-form", + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : true, + "flowAlias" : "registration form", + "userSetupAllowed" : false + } ] + }, { + "id" : "59b95369-3692-4893-b486-7e3ba6988ed4", + "alias" : "registration form", + "description" : "registration form", + "providerId" : "form-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-user-creation", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "registration-password-action", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 50, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "registration-recaptcha-action", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 60, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "registration-terms-and-conditions", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 70, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "99fd2173-7c18-4a96-bf5b-a8e9837d59a8", + "alias" : "reset credentials", + "description" : "Reset credentials for a user if they forgot their password or something", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "reset-credentials-choose-user", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-credential-email", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-password", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 30, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 40, + "autheticatorFlow" : true, + "flowAlias" : "Reset - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "3e6cab02-e6eb-467b-a26d-130162ead379", + "alias" : "saml ecp", + "description" : "SAML ECP Profile Authentication Flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "http-basic-authenticator", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + } ], + "authenticatorConfig" : [ { + "id" : "31c0b196-6dd7-4dfd-ad43-cc11712cd469", + "alias" : "create unique user config", + "config" : { + "require.password.update.after.registration" : "false" + } + }, { + "id" : "6fcadc43-3f3d-4ff1-8d6e-a1cd8c465753", + "alias" : "review profile config", + "config" : { + "update.profile.on.first.login" : "missing" + } + } ], + "requiredActions" : [ { + "alias" : "CONFIGURE_TOTP", + "name" : "Configure OTP", + "providerId" : "CONFIGURE_TOTP", + "enabled" : true, + "defaultAction" : false, + "priority" : 10, + "config" : { } + }, { + "alias" : "TERMS_AND_CONDITIONS", + "name" : "Terms and Conditions", + "providerId" : "TERMS_AND_CONDITIONS", + "enabled" : false, + "defaultAction" : false, + "priority" : 20, + "config" : { } + }, { + "alias" : "UPDATE_PASSWORD", + "name" : "Update Password", + "providerId" : "UPDATE_PASSWORD", + "enabled" : true, + "defaultAction" : false, + "priority" : 30, + "config" : { } + }, { + "alias" : "UPDATE_PROFILE", + "name" : "Update Profile", + "providerId" : "UPDATE_PROFILE", + "enabled" : true, + "defaultAction" : false, + "priority" : 40, + "config" : { } + }, { + "alias" : "VERIFY_EMAIL", + "name" : "Verify Email", + "providerId" : "VERIFY_EMAIL", + "enabled" : true, + "defaultAction" : false, + "priority" : 50, + "config" : { } + }, { + "alias" : "delete_account", + "name" : "Delete Account", + "providerId" : "delete_account", + "enabled" : false, + "defaultAction" : false, + "priority" : 60, + "config" : { } + }, { + "alias" : "webauthn-register", + "name" : "Webauthn Register", + "providerId" : "webauthn-register", + "enabled" : true, + "defaultAction" : false, + "priority" : 70, + "config" : { } + }, { + "alias" : "webauthn-register-passwordless", + "name" : "Webauthn Register Passwordless", + "providerId" : "webauthn-register-passwordless", + "enabled" : true, + "defaultAction" : false, + "priority" : 80, + "config" : { } + }, { + "alias" : "VERIFY_PROFILE", + "name" : "Verify Profile", + "providerId" : "VERIFY_PROFILE", + "enabled" : true, + "defaultAction" : false, + "priority" : 90, + "config" : { } + }, { + "alias" : "update_user_locale", + "name" : "Update User Locale", + "providerId" : "update_user_locale", + "enabled" : true, + "defaultAction" : false, + "priority" : 1000, + "config" : { } + } ], + "browserFlow" : "browser", + "registrationFlow" : "registration", + "directGrantFlow" : "direct grant", + "resetCredentialsFlow" : "reset credentials", + "clientAuthenticationFlow" : "clients", + "dockerAuthenticationFlow" : "docker auth", + "firstBrokerLoginFlow" : "first broker login", + "attributes" : { + "cibaBackchannelTokenDeliveryMode" : "poll", + "cibaExpiresIn" : "120", + "cibaAuthRequestedUserHint" : "login_hint", + "parRequestUriLifespan" : "60", + "cibaInterval" : "5", + "realmReusableOtpCode" : "false" + }, + "keycloakVersion" : "24.0.1", + "userManagedAccessAllowed" : false, + "clientProfiles" : { + "profiles" : [ ] + }, + "clientPolicies" : { + "policies" : [ ] + } +} \ No newline at end of file diff --git a/keycloak/realms/master-users-0.json b/keycloak/realms/master-users-0.json new file mode 100644 index 00000000..86c04a45 --- /dev/null +++ b/keycloak/realms/master-users-0.json @@ -0,0 +1,26 @@ +{ + "realm" : "master", + "users" : [ { + "id" : "d483964a-1c4c-498d-ad99-bedd8f2a7746", + "username" : "admin", + "emailVerified" : false, + "createdTimestamp" : 1709811792253, + "enabled" : true, + "totp" : false, + "credentials" : [ { + "id" : "d08a0463-858d-49c3-894f-9b638e549e47", + "type" : "password", + "createdDate" : 1709811793466, + "secretData" : "{\"value\":\"asK+Bg4K0+yQbxEcLCMsG3S35VQetZYwh7zdeg4kuLwsX7m88uvKEk6ljxbH3LUDuBPNgzLI8xORaEJ8s1M69w==\",\"salt\":\"FBbTSluhb20qsCcKQug9xw==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":210000,\"algorithm\":\"pbkdf2-sha512\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "admin", "default-roles-master" ], + "clientRoles" : { + "mercury-realm" : [ "query-clients", "manage-events", "query-realms", "manage-clients", "query-groups", "query-users", "view-events", "manage-users", "manage-realm", "view-realm", "manage-identity-providers", "create-client", "view-authorization", "manage-authorization", "view-users", "view-identity-providers", "view-clients" ] + }, + "notBefore" : 0, + "groups" : [ ] + } ] +} \ No newline at end of file diff --git a/keycloak/realms/mercury-realm.json b/keycloak/realms/mercury-realm.json new file mode 100644 index 00000000..6af70b0e --- /dev/null +++ b/keycloak/realms/mercury-realm.json @@ -0,0 +1,1811 @@ +{ + "id" : "c613758c-7b5c-4def-bd86-beea4dfaae01", + "realm" : "mercury", + "notBefore" : 0, + "defaultSignatureAlgorithm" : "RS256", + "revokeRefreshToken" : false, + "refreshTokenMaxReuse" : 0, + "accessTokenLifespan" : 300, + "accessTokenLifespanForImplicitFlow" : 900, + "ssoSessionIdleTimeout" : 1800, + "ssoSessionMaxLifespan" : 36000, + "ssoSessionIdleTimeoutRememberMe" : 0, + "ssoSessionMaxLifespanRememberMe" : 0, + "offlineSessionIdleTimeout" : 2592000, + "offlineSessionMaxLifespanEnabled" : false, + "offlineSessionMaxLifespan" : 5184000, + "clientSessionIdleTimeout" : 0, + "clientSessionMaxLifespan" : 0, + "clientOfflineSessionIdleTimeout" : 0, + "clientOfflineSessionMaxLifespan" : 0, + "accessCodeLifespan" : 60, + "accessCodeLifespanUserAction" : 300, + "accessCodeLifespanLogin" : 1800, + "actionTokenGeneratedByAdminLifespan" : 43200, + "actionTokenGeneratedByUserLifespan" : 300, + "oauth2DeviceCodeLifespan" : 600, + "oauth2DevicePollingInterval" : 5, + "enabled" : true, + "sslRequired" : "external", + "registrationAllowed" : false, + "registrationEmailAsUsername" : false, + "rememberMe" : false, + "verifyEmail" : false, + "loginWithEmailAllowed" : true, + "duplicateEmailsAllowed" : false, + "resetPasswordAllowed" : false, + "editUsernameAllowed" : false, + "bruteForceProtected" : false, + "permanentLockout" : false, + "maxTemporaryLockouts" : 0, + "maxFailureWaitSeconds" : 900, + "minimumQuickLoginWaitSeconds" : 60, + "waitIncrementSeconds" : 60, + "quickLoginCheckMilliSeconds" : 1000, + "maxDeltaTimeSeconds" : 43200, + "failureFactor" : 30, + "roles" : { + "realm" : [ { + "id" : "7cf9d503-62a4-48a7-8d25-5792e54b7506", + "name" : "default-roles-mercury", + "description" : "${role_default-roles}", + "composite" : true, + "composites" : { + "realm" : [ "offline_access", "uma_authorization" ], + "client" : { + "account" : [ "manage-account", "view-profile" ] + } + }, + "clientRole" : false, + "containerId" : "c613758c-7b5c-4def-bd86-beea4dfaae01", + "attributes" : { } + }, { + "id" : "d76a7434-07d2-4c7f-8d40-ab4c573c1000", + "name" : "uma_authorization", + "description" : "${role_uma_authorization}", + "composite" : false, + "clientRole" : false, + "containerId" : "c613758c-7b5c-4def-bd86-beea4dfaae01", + "attributes" : { } + }, { + "id" : "d0bce8eb-6291-4555-bda9-5b9b9eae2cba", + "name" : "offline_access", + "description" : "${role_offline-access}", + "composite" : false, + "clientRole" : false, + "containerId" : "c613758c-7b5c-4def-bd86-beea4dfaae01", + "attributes" : { } + } ], + "client" : { + "realm-management" : [ { + "id" : "d27ca265-6fc8-4e32-b447-6cb4542aa868", + "name" : "query-realms", + "description" : "${role_query-realms}", + "composite" : false, + "clientRole" : true, + "containerId" : "d37386ce-72dd-4ebb-948e-52dc5932387e", + "attributes" : { } + }, { + "id" : "38a64acb-042f-4b45-a248-90621f77cd35", + "name" : "manage-realm", + "description" : "${role_manage-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "d37386ce-72dd-4ebb-948e-52dc5932387e", + "attributes" : { } + }, { + "id" : "ec93c901-d291-42bf-877d-9632790f76e2", + "name" : "manage-users", + "description" : "${role_manage-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "d37386ce-72dd-4ebb-948e-52dc5932387e", + "attributes" : { } + }, { + "id" : "6e768562-35cb-4b12-90ff-c2daf72b04cb", + "name" : "view-clients", + "description" : "${role_view-clients}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "query-clients" ] + } + }, + "clientRole" : true, + "containerId" : "d37386ce-72dd-4ebb-948e-52dc5932387e", + "attributes" : { } + }, { + "id" : "51de2a04-ef08-4e71-9df7-1cf9b6b4157c", + "name" : "view-events", + "description" : "${role_view-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "d37386ce-72dd-4ebb-948e-52dc5932387e", + "attributes" : { } + }, { + "id" : "ed9e323d-4ce1-4c1e-ab93-142e268e110c", + "name" : "view-identity-providers", + "description" : "${role_view-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "d37386ce-72dd-4ebb-948e-52dc5932387e", + "attributes" : { } + }, { + "id" : "bda3ef6a-a296-42a0-8319-02a0e7009a8e", + "name" : "view-authorization", + "description" : "${role_view-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "d37386ce-72dd-4ebb-948e-52dc5932387e", + "attributes" : { } + }, { + "id" : "b1bc35dc-9dd9-432f-84bc-ef1d8a89a8d2", + "name" : "query-groups", + "description" : "${role_query-groups}", + "composite" : false, + "clientRole" : true, + "containerId" : "d37386ce-72dd-4ebb-948e-52dc5932387e", + "attributes" : { } + }, { + "id" : "9606fd07-8187-4705-b869-bdbd96d33169", + "name" : "manage-identity-providers", + "description" : "${role_manage-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "d37386ce-72dd-4ebb-948e-52dc5932387e", + "attributes" : { } + }, { + "id" : "6d32ba8a-2301-42e4-b902-ec79c845f120", + "name" : "view-realm", + "description" : "${role_view-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "d37386ce-72dd-4ebb-948e-52dc5932387e", + "attributes" : { } + }, { + "id" : "7ec407ac-ed7a-4813-88d6-b5e2b6ff96e8", + "name" : "manage-events", + "description" : "${role_manage-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "d37386ce-72dd-4ebb-948e-52dc5932387e", + "attributes" : { } + }, { + "id" : "23a5161e-f843-4af8-9fec-ed52ce5823bd", + "name" : "create-client", + "description" : "${role_create-client}", + "composite" : false, + "clientRole" : true, + "containerId" : "d37386ce-72dd-4ebb-948e-52dc5932387e", + "attributes" : { } + }, { + "id" : "7d389b09-aa53-4fa6-8669-a35183362df1", + "name" : "impersonation", + "description" : "${role_impersonation}", + "composite" : false, + "clientRole" : true, + "containerId" : "d37386ce-72dd-4ebb-948e-52dc5932387e", + "attributes" : { } + }, { + "id" : "90fd08fe-ee8f-49a4-bef0-0e230e3c773d", + "name" : "manage-authorization", + "description" : "${role_manage-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "d37386ce-72dd-4ebb-948e-52dc5932387e", + "attributes" : { } + }, { + "id" : "7d24a70a-915a-4e11-9708-0d513de6d1da", + "name" : "query-users", + "description" : "${role_query-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "d37386ce-72dd-4ebb-948e-52dc5932387e", + "attributes" : { } + }, { + "id" : "f12fa7e2-5ab7-4c5d-b2e2-302730359978", + "name" : "manage-clients", + "description" : "${role_manage-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "d37386ce-72dd-4ebb-948e-52dc5932387e", + "attributes" : { } + }, { + "id" : "76b181a0-197a-4a80-bd5a-d608ca4825c3", + "name" : "query-clients", + "description" : "${role_query-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "d37386ce-72dd-4ebb-948e-52dc5932387e", + "attributes" : { } + }, { + "id" : "e70e3267-6b1d-4cb6-ad67-3d655a4d51ec", + "name" : "view-users", + "description" : "${role_view-users}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "query-users", "query-groups" ] + } + }, + "clientRole" : true, + "containerId" : "d37386ce-72dd-4ebb-948e-52dc5932387e", + "attributes" : { } + }, { + "id" : "6bd826eb-0b8a-4629-859a-34df10168c5e", + "name" : "realm-admin", + "description" : "${role_realm-admin}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "query-realms", "manage-realm", "manage-users", "view-clients", "view-events", "view-identity-providers", "view-authorization", "query-groups", "view-realm", "manage-identity-providers", "manage-events", "create-client", "impersonation", "query-users", "manage-authorization", "query-clients", "view-users", "manage-clients" ] + } + }, + "clientRole" : true, + "containerId" : "d37386ce-72dd-4ebb-948e-52dc5932387e", + "attributes" : { } + } ], + "mercury-client" : [ ], + "security-admin-console" : [ ], + "admin-cli" : [ ], + "account-console" : [ ], + "broker" : [ { + "id" : "b3d4bc2f-27bb-460e-a965-a7955b718b84", + "name" : "read-token", + "description" : "${role_read-token}", + "composite" : false, + "clientRole" : true, + "containerId" : "4135fc9d-2b1a-429c-8fc6-e98d129e27d6", + "attributes" : { } + } ], + "account" : [ { + "id" : "047b59ce-d344-4f5b-8008-0186a8131762", + "name" : "manage-account-links", + "description" : "${role_manage-account-links}", + "composite" : false, + "clientRole" : true, + "containerId" : "8210aec3-2dae-4c62-a92c-557fdda375a0", + "attributes" : { } + }, { + "id" : "ee86e862-c73e-4ddd-b8ba-72d0b9d5861f", + "name" : "view-consent", + "description" : "${role_view-consent}", + "composite" : false, + "clientRole" : true, + "containerId" : "8210aec3-2dae-4c62-a92c-557fdda375a0", + "attributes" : { } + }, { + "id" : "212633ae-782a-49ae-9e9a-67f389b8b601", + "name" : "manage-account", + "description" : "${role_manage-account}", + "composite" : true, + "composites" : { + "client" : { + "account" : [ "manage-account-links" ] + } + }, + "clientRole" : true, + "containerId" : "8210aec3-2dae-4c62-a92c-557fdda375a0", + "attributes" : { } + }, { + "id" : "4f72beec-6a36-4bde-8aa6-a28bf92d1058", + "name" : "manage-consent", + "description" : "${role_manage-consent}", + "composite" : true, + "composites" : { + "client" : { + "account" : [ "view-consent" ] + } + }, + "clientRole" : true, + "containerId" : "8210aec3-2dae-4c62-a92c-557fdda375a0", + "attributes" : { } + }, { + "id" : "fd016272-c927-4a63-8859-277303d6fc0a", + "name" : "view-applications", + "description" : "${role_view-applications}", + "composite" : false, + "clientRole" : true, + "containerId" : "8210aec3-2dae-4c62-a92c-557fdda375a0", + "attributes" : { } + }, { + "id" : "e442fe42-d668-478d-a1f5-c6554fc381a9", + "name" : "view-groups", + "description" : "${role_view-groups}", + "composite" : false, + "clientRole" : true, + "containerId" : "8210aec3-2dae-4c62-a92c-557fdda375a0", + "attributes" : { } + }, { + "id" : "6d615716-795b-440a-ae2e-21d5a29f511a", + "name" : "view-profile", + "description" : "${role_view-profile}", + "composite" : false, + "clientRole" : true, + "containerId" : "8210aec3-2dae-4c62-a92c-557fdda375a0", + "attributes" : { } + }, { + "id" : "69e4b480-198c-43f0-8c9a-2d3d42df46d8", + "name" : "delete-account", + "description" : "${role_delete-account}", + "composite" : false, + "clientRole" : true, + "containerId" : "8210aec3-2dae-4c62-a92c-557fdda375a0", + "attributes" : { } + } ] + } + }, + "groups" : [ ], + "defaultRole" : { + "id" : "7cf9d503-62a4-48a7-8d25-5792e54b7506", + "name" : "default-roles-mercury", + "description" : "${role_default-roles}", + "composite" : true, + "clientRole" : false, + "containerId" : "c613758c-7b5c-4def-bd86-beea4dfaae01" + }, + "requiredCredentials" : [ "password" ], + "otpPolicyType" : "totp", + "otpPolicyAlgorithm" : "HmacSHA1", + "otpPolicyInitialCounter" : 0, + "otpPolicyDigits" : 6, + "otpPolicyLookAheadWindow" : 1, + "otpPolicyPeriod" : 30, + "otpPolicyCodeReusable" : false, + "otpSupportedApplications" : [ "totpAppFreeOTPName", "totpAppGoogleName", "totpAppMicrosoftAuthenticatorName" ], + "localizationTexts" : { }, + "webAuthnPolicyRpEntityName" : "keycloak", + "webAuthnPolicySignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyRpId" : "", + "webAuthnPolicyAttestationConveyancePreference" : "not specified", + "webAuthnPolicyAuthenticatorAttachment" : "not specified", + "webAuthnPolicyRequireResidentKey" : "not specified", + "webAuthnPolicyUserVerificationRequirement" : "not specified", + "webAuthnPolicyCreateTimeout" : 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyAcceptableAaguids" : [ ], + "webAuthnPolicyExtraOrigins" : [ ], + "webAuthnPolicyPasswordlessRpEntityName" : "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyPasswordlessRpId" : "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified", + "webAuthnPolicyPasswordlessCreateTimeout" : 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ], + "webAuthnPolicyPasswordlessExtraOrigins" : [ ], + "scopeMappings" : [ { + "clientScope" : "offline_access", + "roles" : [ "offline_access" ] + } ], + "clientScopeMappings" : { + "account" : [ { + "client" : "account-console", + "roles" : [ "manage-account", "view-groups" ] + } ] + }, + "clients" : [ { + "id" : "8210aec3-2dae-4c62-a92c-557fdda375a0", + "clientId" : "account", + "name" : "${client_account}", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/mercury/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/realms/mercury/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "11450760-d522-431f-8035-8ac3b3bc7081", + "clientId" : "account-console", + "name" : "${client_account-console}", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/mercury/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/realms/mercury/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+", + "pkce.code.challenge.method" : "S256" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "2a38e91b-533a-43f9-b23a-efa0a23b5837", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { } + } ], + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "aae1cce0-4d4f-4f06-b886-4b4bf1f7d86c", + "clientId" : "admin-cli", + "name" : "${client_admin-cli}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : false, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "4135fc9d-2b1a-429c-8fc6-e98d129e27d6", + "clientId" : "broker", + "name" : "${client_broker}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : true, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "1e8e3830-947e-472b-82de-c4d8f2513a23", + "clientId" : "mercury-client", + "name" : "", + "description" : "", + "rootUrl" : "http://localhost:5173", + "adminUrl" : "http://localhost:5173", + "baseUrl" : "/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/*" ], + "webOrigins" : [ "http://localhost:5173" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : true, + "protocol" : "openid-connect", + "attributes" : { + "oidc.ciba.grant.enabled" : "false", + "post.logout.redirect.uris" : "/*", + "oauth2.device.authorization.grant.enabled" : "false", + "backchannel.logout.session.required" : "true", + "backchannel.logout.revoke.offline.tokens" : "false" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : -1, + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "d37386ce-72dd-4ebb-948e-52dc5932387e", + "clientId" : "realm-management", + "name" : "${client_realm-management}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : true, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "70b1558c-fa73-4dbf-9692-6c54b7de55a9", + "clientId" : "security-admin-console", + "name" : "${client_security-admin-console}", + "rootUrl" : "${authAdminUrl}", + "baseUrl" : "/admin/mercury/console/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/admin/mercury/console/*" ], + "webOrigins" : [ "+" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+", + "pkce.code.challenge.method" : "S256" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "d06b16b1-4668-445e-88d7-5f5b8527a317", + "name" : "locale", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "locale", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "locale", + "jsonType.label" : "String" + } + } ], + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + } ], + "clientScopes" : [ { + "id" : "dae49cb1-7fbc-4cb3-ace7-1ab5febba273", + "name" : "acr", + "description" : "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "caf4197e-0bb8-4fa5-b7eb-4544404d63db", + "name" : "acr loa level", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-acr-mapper", + "consentRequired" : false, + "config" : { + "id.token.claim" : "true", + "introspection.token.claim" : "true", + "access.token.claim" : "true" + } + } ] + }, { + "id" : "1e0f5f48-dabc-46c6-ba3a-9378bd51036f", + "name" : "role_list", + "description" : "SAML role list", + "protocol" : "saml", + "attributes" : { + "consent.screen.text" : "${samlRoleListScopeConsentText}", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "65380c5f-2832-4cd1-8eee-b5f33cd55f24", + "name" : "role list", + "protocol" : "saml", + "protocolMapper" : "saml-role-list-mapper", + "consentRequired" : false, + "config" : { + "single" : "false", + "attribute.nameformat" : "Basic", + "attribute.name" : "Role" + } + } ] + }, { + "id" : "69101a26-25e3-44b9-9063-53d1ed363bb6", + "name" : "address", + "description" : "OpenID Connect built-in scope: address", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${addressScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "36ac9844-d5e1-473d-a235-27e41f3fe370", + "name" : "address", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-address-mapper", + "consentRequired" : false, + "config" : { + "user.attribute.formatted" : "formatted", + "user.attribute.country" : "country", + "introspection.token.claim" : "true", + "user.attribute.postal_code" : "postal_code", + "userinfo.token.claim" : "true", + "user.attribute.street" : "street", + "id.token.claim" : "true", + "user.attribute.region" : "region", + "access.token.claim" : "true", + "user.attribute.locality" : "locality" + } + } ] + }, { + "id" : "d1f178fc-561e-49d0-8ab7-8b47721d468d", + "name" : "web-origins", + "description" : "OpenID Connect scope for add allowed web origins to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false", + "consent.screen.text" : "" + }, + "protocolMappers" : [ { + "id" : "9b869004-08b5-4cd0-a4c5-f9d19d83807a", + "name" : "allowed web origins", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-allowed-origins-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "access.token.claim" : "true" + } + } ] + }, { + "id" : "3400e596-f9d5-4873-a4af-4c13668ec261", + "name" : "roles", + "description" : "OpenID Connect scope for add user roles to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${rolesScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "5b302273-05a5-469d-a091-5d9d81b87bbc", + "name" : "realm roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "multivalued" : "true", + "user.attribute" : "foo", + "access.token.claim" : "true", + "claim.name" : "realm_access.roles", + "jsonType.label" : "String" + } + }, { + "id" : "0e50b492-ada2-48e7-806c-5846e02eec1a", + "name" : "client roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-client-role-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "multivalued" : "true", + "user.attribute" : "foo", + "access.token.claim" : "true", + "claim.name" : "resource_access.${client_id}.roles", + "jsonType.label" : "String" + } + }, { + "id" : "c792e9b0-65db-431d-ba6a-90ccc36f20b4", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "access.token.claim" : "true" + } + } ] + }, { + "id" : "81911342-2fb0-462f-98fa-df45a64cdc76", + "name" : "offline_access", + "description" : "OpenID Connect built-in scope: offline_access", + "protocol" : "openid-connect", + "attributes" : { + "consent.screen.text" : "${offlineAccessScopeConsentText}", + "display.on.consent.screen" : "true" + } + }, { + "id" : "404196d1-5b02-4ce7-9412-301f2320271f", + "name" : "email", + "description" : "OpenID Connect built-in scope: email", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${emailScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "cd971827-2f53-4442-b85b-744f4f3a0642", + "name" : "email", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "email", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email", + "jsonType.label" : "String" + } + }, { + "id" : "e414ab98-b685-4d09-a174-618ec0756485", + "name" : "email verified", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "emailVerified", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email_verified", + "jsonType.label" : "boolean" + } + } ] + }, { + "id" : "43d5ba8e-229c-4aa4-9a8b-18b6f95c2b07", + "name" : "profile", + "description" : "OpenID Connect built-in scope: profile", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${profileScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "44f441ba-155a-4042-807e-89b240571c63", + "name" : "given name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "firstName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "given_name", + "jsonType.label" : "String" + } + }, { + "id" : "7b286565-9e41-453e-925f-b26dc9cd8930", + "name" : "picture", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "picture", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "picture", + "jsonType.label" : "String" + } + }, { + "id" : "27095051-31c3-45c7-be1a-d00d6fc796e8", + "name" : "username", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "preferred_username", + "jsonType.label" : "String" + } + }, { + "id" : "515852ae-812c-4302-95cb-3644fc848d46", + "name" : "family name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "lastName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "family_name", + "jsonType.label" : "String" + } + }, { + "id" : "8ca626f4-ecb1-4b1b-9a49-e2646efb1b07", + "name" : "nickname", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "nickname", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "nickname", + "jsonType.label" : "String" + } + }, { + "id" : "6403cb5d-62fa-4f5b-a145-612df4ddce89", + "name" : "birthdate", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "birthdate", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "birthdate", + "jsonType.label" : "String" + } + }, { + "id" : "989e5a2b-274f-4cb4-b6df-871293e824b0", + "name" : "full name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-full-name-mapper", + "consentRequired" : false, + "config" : { + "id.token.claim" : "true", + "introspection.token.claim" : "true", + "access.token.claim" : "true", + "userinfo.token.claim" : "true" + } + }, { + "id" : "122b95b0-98a0-4115-a029-b421a882f85a", + "name" : "gender", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "gender", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "gender", + "jsonType.label" : "String" + } + }, { + "id" : "dff99349-5079-4ed0-ac33-e699df19c7c5", + "name" : "middle name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "middleName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "middle_name", + "jsonType.label" : "String" + } + }, { + "id" : "39881d35-1d42-45fc-a528-9f098be904e5", + "name" : "updated at", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "updatedAt", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "updated_at", + "jsonType.label" : "long" + } + }, { + "id" : "4790b67a-286d-4f7b-8114-10ca4f2e60c0", + "name" : "zoneinfo", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "zoneinfo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "zoneinfo", + "jsonType.label" : "String" + } + }, { + "id" : "0fc2c7b1-21f0-48e5-8c22-091c3949d89a", + "name" : "locale", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "locale", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "locale", + "jsonType.label" : "String" + } + }, { + "id" : "17a22ce9-c4d1-45bb-911a-44206e1e7d33", + "name" : "profile", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "profile", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "profile", + "jsonType.label" : "String" + } + }, { + "id" : "90d8ba7a-7c40-42ae-98f1-778c842ae8ab", + "name" : "website", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "website", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "website", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "e0c82c56-cc36-4838-aab4-ea0dfb7a0a47", + "name" : "phone", + "description" : "OpenID Connect built-in scope: phone", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${phoneScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "a9c0b4e4-50fc-4608-bf67-23488919eff0", + "name" : "phone number", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "phoneNumber", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "phone_number", + "jsonType.label" : "String" + } + }, { + "id" : "8184fe73-8312-44fc-95d5-77a3a3ef0f6a", + "name" : "phone number verified", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "phoneNumberVerified", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "phone_number_verified", + "jsonType.label" : "boolean" + } + } ] + }, { + "id" : "acef8c00-91d2-4701-ac8e-3aa0f3c6e9bf", + "name" : "microprofile-jwt", + "description" : "Microprofile - JWT built-in scope", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "60a62076-9b78-445a-ac39-4e8c54938213", + "name" : "upn", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "upn", + "jsonType.label" : "String" + } + }, { + "id" : "ef03e6f9-8f92-41b5-9e58-0499c2d15d30", + "name" : "groups", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "multivalued" : "true", + "user.attribute" : "foo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "groups", + "jsonType.label" : "String" + } + } ] + } ], + "defaultDefaultClientScopes" : [ "role_list", "profile", "email", "roles", "web-origins", "acr" ], + "defaultOptionalClientScopes" : [ "offline_access", "address", "phone", "microprofile-jwt" ], + "browserSecurityHeaders" : { + "contentSecurityPolicyReportOnly" : "", + "xContentTypeOptions" : "nosniff", + "referrerPolicy" : "no-referrer", + "xRobotsTag" : "none", + "xFrameOptions" : "SAMEORIGIN", + "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "xXSSProtection" : "1; mode=block", + "strictTransportSecurity" : "max-age=31536000; includeSubDomains" + }, + "smtpServer" : { }, + "eventsEnabled" : false, + "eventsListeners" : [ "jboss-logging" ], + "enabledEventTypes" : [ ], + "adminEventsEnabled" : false, + "adminEventsDetailsEnabled" : false, + "identityProviders" : [ ], + "identityProviderMappers" : [ ], + "components" : { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ { + "id" : "06543751-6efd-4f4d-a3b8-b87fda426531", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allow-default-scopes" : [ "true" ] + } + }, { + "id" : "9f1eb042-374e-486e-ad4e-74e523834a94", + "name" : "Max Clients Limit", + "providerId" : "max-clients", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "max-clients" : [ "200" ] + } + }, { + "id" : "91470b6e-0744-4e8e-ae72-ccca37c754ed", + "name" : "Trusted Hosts", + "providerId" : "trusted-hosts", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "host-sending-registration-request-must-match" : [ "true" ], + "client-uris-must-match" : [ "true" ] + } + }, { + "id" : "30b7a3f8-5240-4525-9f5f-daaac691a761", + "name" : "Full Scope Disabled", + "providerId" : "scope", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "9a80a925-5a35-4c9e-98b2-5b935ad329d6", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "saml-user-attribute-mapper", "saml-user-property-mapper", "oidc-usermodel-property-mapper", "oidc-full-name-mapper", "oidc-usermodel-attribute-mapper", "oidc-address-mapper", "saml-role-list-mapper", "oidc-sha256-pairwise-sub-mapper" ] + } + }, { + "id" : "834344b9-0e3e-44ab-afc6-b3eca79046ab", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "allow-default-scopes" : [ "true" ] + } + }, { + "id" : "fe2523d4-4fa6-4124-9296-c9e06b1fc649", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "saml-user-attribute-mapper", "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-full-name-mapper", "oidc-usermodel-property-mapper", "oidc-address-mapper", "saml-role-list-mapper", "saml-user-property-mapper" ] + } + }, { + "id" : "04ac11e0-5350-4fec-9643-542ac4707b6b", + "name" : "Consent Required", + "providerId" : "consent-required", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + } ], + "org.keycloak.keys.KeyProvider" : [ { + "id" : "5d62e3f8-f36a-4756-9ddd-a185bd6abcea", + "name" : "rsa-generated", + "providerId" : "rsa-generated", + "subComponents" : { }, + "config" : { + "privateKey" : [ "MIIEogIBAAKCAQEAwy5eCpA7ErQip9CvGPbB+IIdRAYusj24xIj8ugd4WXpsQaf3gEvOG71zuBZr3hpB8fm6TsYq6zXhPXpNAVrkavAsmsenG3twJg6CYwHpPK6VzKB1rSwaChOle9847F1/zdVgJTB+PMkbUgnLNpdyRG7IfoXj0/urFMiVFroysX9POBV/NdCh5M26U3SXOKwLujKL6TTCFL6bfZ7wO2hS/qBTeZRWhmwLOafIEprFppvSc5WPF3stHdcp39AC0NKQuXizSbGGHBzIY9qx6FSoJH432PEgvLjz08pdt0fcQGmIQpusSEfiDGMarMHU11bgkBzqI4HXIgKZ0wVSMGWnIwIDAQABAoIBACI6bmmB06o7BtzRHvPMykVvY/x67RN6+X0V3OQuzS875eI5t5C7OoDo33NIE1CW4Du0JLUN0ZcAEuj6GqkDLI2IYvodyzNpmUhDQSBlxGZM455IAXsGAecEfP/VLKFe4DvTkJHVCD5WskDX0NhZBMP1fZmal1KkjuMNLgAXVS6FK0V4C4uPdMHjC3Fth+4m0dnSFd12/X25qoMLNBTkT/CMipVuLW/IiXx/JzdyFbM6EMeHHOplJjRuLd3gVARtyQsp9n673l7MfNdXqvS9Z1P4N/t/9LKlZIwDPJ80mw14GZlhI1tHM0pLFIwaWjCD0bZiV/XoVvvN9Mn+4uuCy8ECgYEA9CaCF+aThoIX9UymNsqWsE29Mb8hp84eM0koz0bdV7B1Nuq82hBsGZ5X1Ggz6NZIOcrB8SzXeJhTwi3d4BI0+LUaKs2NksWGRmfzJVgUzQYZc1xiCoj0x//jbgIYBcg2zM9WMa+C3HOLt3xtitdCxA2vMJvHQcMHSgpz5TFLsGECgYEAzKduXGGukNpwgta3W/W9gbiu08U903MVNXhh7EvfRZf5oxidSTsKOoKYgYpXmfBiebq3I+h/60gMsrEeCn4/NN/tnAELOT4n8gzpKyBEk5wID/sZ8Ox2vbGmGogZLc5OxjK52Ky3EL7bBZC2g0VUXjbqxAQO2Z3dHdhj4F6CVgMCgYAAzBdkqJYWvFoDrQpl52dyj+5sOSmM+LlUhYqikqKqZKMdWMrhE2im9MNoqCZzPi/iMG1Nsk3J0QWE/s1Yq/aMUVsShLVPo2F63WAH4S/AM6Llo4mWazgRZx6A/3TAoBS9uneXlfEhcycjpD5fU7CeH0VRLVELP+3IKhySxQRwQQKBgBIApHeh7B436O/JfYWsX0g6+74LOr4QAIyck1ia8AAKN15+es+HTwYImOvERKJ4/+CfaR7Sg/Ypd1x8shzQMDUxgZBYkyks64yiUByIESA++IKXXxfPZT6YkvkAgd6CqHFM4wZJYy0o7NFXgoaXoa1L/WjSxo+kEGBguaByD9sLAoGASjCszstrqE3oiKW5+ASVi5KyaMGZ2w/ciLT9+KobS4Ufa4HPGzY5TCfWydY69uRiBTp3txCTyAv4BSBp5f/Bm3tHugv1fn6O5okp6ILCqO0/ay61S5HdMqBfpPZs8QLzcZP80GGCqv/xEO/40QwmNYes4XRMW/X9QBRVXjcEh6I=" ], + "keyUse" : [ "SIG" ], + "certificate" : [ "MIICnTCCAYUCBgGOGL+fIjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdtZXJjdXJ5MB4XDTI0MDMwNzExNDgxNVoXDTM0MDMwNzExNDk1NVowEjEQMA4GA1UEAwwHbWVyY3VyeTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMMuXgqQOxK0IqfQrxj2wfiCHUQGLrI9uMSI/LoHeFl6bEGn94BLzhu9c7gWa94aQfH5uk7GKus14T16TQFa5GrwLJrHpxt7cCYOgmMB6Tyulcygda0sGgoTpXvfOOxdf83VYCUwfjzJG1IJyzaXckRuyH6F49P7qxTIlRa6MrF/TzgVfzXQoeTNulN0lzisC7oyi+k0whS+m32e8DtoUv6gU3mUVoZsCzmnyBKaxaab0nOVjxd7LR3XKd/QAtDSkLl4s0mxhhwcyGPasehUqCR+N9jxILy489PKXbdH3EBpiEKbrEhH4gxjGqzB1NdW4JAc6iOB1yICmdMFUjBlpyMCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAWxmMoSyTdzBxDdYgWfdrGg1CA8pAm1Xaktp6ZjaPCy8ydR4xzcAdg5sUKEOouQWkaR6uDtNmaCGS2UxfWpjQyx84BYko+iLBIrAZ22NzbQP0LkjZh0yKrEmnyUeZiKMQijJaki8Q3d1bEJQ2yELLKl5C5L4gZ5Eq3GYCdyaB9nuMDuBV1WK7FVLskQ+NOBQFxzmXF3kUmVdJ5nr4yfuKbXtfA0RrITle737O7BJjrF6B4Cv9IhCPFUc8KplvozBZqiuEMSncj30ZAA/R3eMHXXFGULKHRw46IECHCa6bmNuT3WzoqVgUNMKuX4pF3a5CVGDN4B9W+yFp9xawic8VDg==" ], + "priority" : [ "100" ] + } + }, { + "id" : "592bd1c9-609d-4847-8ea7-abbef231cd0f", + "name" : "aes-generated", + "providerId" : "aes-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "aababe09-0b9f-44df-a05d-d6e20663e11f" ], + "secret" : [ "WMt4EfYG5ntN9zgfzIzXBg" ], + "priority" : [ "100" ] + } + }, { + "id" : "254b2bb0-0740-4355-91e4-0e79d77d7746", + "name" : "rsa-enc-generated", + "providerId" : "rsa-enc-generated", + "subComponents" : { }, + "config" : { + "privateKey" : [ "MIIEowIBAAKCAQEA1Pc/QiRx+bzLGEtHRkFGuxd4c5BzoPZEeUSmNSnkLDdUJM/cAUPL3ySlSrWLy6/Pl5cdGIgTyMk9AJxRgBW7wC2DJYG01jHwe4qNUEc6uZEewoIMWpFuKiENx1L+yngJ7yZMlYXj4Wr/krnxfN8DEe77S9hlW2kH1qaPFUN1x54Jz8n5SUbWFl6EVieyR9a1dwMvuRRdAafPwcpVzRN6VmtVBVdRI/pjA8sq22L9LgflAq2kSiCO8nSsXHxcY6F3jSi5VQXcPnzvBhwJkScP/jPsqg0Oruzo9nsQH3e5swWj7cpLrJ0LfDufeVzQHCNGrDSWJ47L6v1KWjgY1euDiQIDAQABAoIBAC2nJv9l0q0HpL37fTb5TVFUEbUsVS0/PaSFa9/fsBMudTJDANWgk/as42YljudGNAk6Ermsihkz0ojr+aisgAgNeZyztnFoWTYSmIKKEnOvQVnPCRjtLiGH3m1JRGdg3jhPDIHNJvGuv0TT6YmsQPs6MNKse+XhmRWRtQCI6pm0ydt55MCpG483AnlfV/RRmucrk9qz0O/pdAwuk2ubw1tz+j337Qj077wIPsdSxrLmSRj8TM11/jAyioZ2H85sajEoIos3/cNZsa155vCQrCvDeOeHgakKtaukK7Kou6dg1L638xS1PK+xPo5hSF7TIe1dHVfookwU1MfBNziTQcUCgYEA/D0Dg2XEqQt7B09yJeL+IJHqnCu1Ok61ee59Hj2T29iZ4qCR1IVSADgHwt2Amx33MSMuevIXxWmE+LvL6oCUYrXzTE6PVGi01H/eHvhDi9SjSGIA3OPM8vjGInJo2rlZUxUpAIrYYQxybTvBJa3zhvoclys51onx8zuDJFPpRKsCgYEA2CRM19b5bzypHGgSgsK7xMlH005BwAg8hHrunbDus16wYSzFuT8MOsNPBrHHhgVCiih35RIVgzaGAFLjUM3a3ma8qAV8zJ3eUM3vQ0+ywliMM517mZgGF0tac0hIbatUApKufWTtscNfB9z/kB2w6RGTb9DDfTE+7dv/FRes0JsCgYAiiQQLIIrtjjnZBWKel1auBOx3V3CnvBES0bllw46UAjMHmW5+B4bzqrg9UPCDzHWEz8lUYgMpL0pad/PydopafYkDQJpVN0TS93LlEJ7G7WUxyuFNXQ85kSAnpTx//fKh8nq7rUb0+qxMEmteilOWfnYdqHhxzE9JOzO4bJi6owKBgEqSQ5zYQ5jYUfRGB9TrgMMFOu2xe0fYz6BZlYf8am6iRbJRMyqVkQ+ZIOPLZG5d1DY8fhkfYyKxJgxojJrtWw0OXxqNQiCKexBf7KPJlIAu8rhAJku4wqk4y00o7CxCRyrYFrGWp9eD836QBfBf/hB7iuWyHjBMVEzWcSyCzZHvAoGBAOIdgx6A5flR967wkh/oCHv1D1PmTxlS/cH1DWwHiLtpFsy72rlsHP/SWR+nUdN+BkIJfeOZ8o0LRqK54g5Rw44eLE6OGsbub5bYNz4k9CJfvRh3uY//khzOMzN8wQUQK1uj1I505s8EQQtsZA+uXhWGrZe8FSIOVuiTipQkDa9E" ], + "keyUse" : [ "ENC" ], + "certificate" : [ "MIICnTCCAYUCBgGOGL+gHDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdtZXJjdXJ5MB4XDTI0MDMwNzExNDgxNVoXDTM0MDMwNzExNDk1NVowEjEQMA4GA1UEAwwHbWVyY3VyeTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANT3P0Ikcfm8yxhLR0ZBRrsXeHOQc6D2RHlEpjUp5Cw3VCTP3AFDy98kpUq1i8uvz5eXHRiIE8jJPQCcUYAVu8AtgyWBtNYx8HuKjVBHOrmRHsKCDFqRbiohDcdS/sp4Ce8mTJWF4+Fq/5K58XzfAxHu+0vYZVtpB9amjxVDdceeCc/J+UlG1hZehFYnskfWtXcDL7kUXQGnz8HKVc0TelZrVQVXUSP6YwPLKtti/S4H5QKtpEogjvJ0rFx8XGOhd40ouVUF3D587wYcCZEnD/4z7KoNDq7s6PZ7EB93ubMFo+3KS6ydC3w7n3lc0BwjRqw0lieOy+r9Slo4GNXrg4kCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAyRfmvls2UfY0qIhZqcV+8xysVtQAdczgQKUsh+lLpO586lbE54OOInnBeN6ImcYR2w+UHMefxl7t6sJf2OJGeLVKK2fkydG4r+G4mQ2ZKTWQKd9lrZ0jmovgsFRtqkfERHWNPBfyddKv2yEb0DLgOBZxzTBvStGhBmIpQpPjcgn8gRn8zga1eF3Igr6z/jxaaXn5JPm06L2iaAZy5iknrW56fPL1YalUunPcaTklXkl+ZUUprdx3C5xEMz4badA6QGwbX8HVxKDQbVkSs6rnWk1QSbp3mHmCbt88VyhiZ0TSn0bTRqOf+O/9mKDqANxyLs1mT7LAtThpx5gFR/JoPw==" ], + "priority" : [ "100" ], + "algorithm" : [ "RSA-OAEP" ] + } + }, { + "id" : "6b9c2275-e252-443f-a7df-3ca9434dfcc4", + "name" : "hmac-generated-hs512", + "providerId" : "hmac-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "17d0589d-2fd6-4b15-a630-aab003c7b60c" ], + "secret" : [ "Uc8c3tea6MO_tsLqSwgzWe3Gz-PUrnqUQHdDvGX49im2SLHC8QEQXvztcRNXgTgqDngCizYALvfhEoppYwZVf58ZxMIi94dwN41G5VaWEljeN9yy34k-B0A9UBSWM7cUe88G11uu3qb9Eq2G9CLYUnXau0wD5ut_4PIcXuFqsTM" ], + "priority" : [ "100" ], + "algorithm" : [ "HS512" ] + } + } ] + }, + "internationalizationEnabled" : false, + "supportedLocales" : [ ], + "authenticationFlows" : [ { + "id" : "8ac064df-d6eb-415b-b35e-9272444e5989", + "alias" : "Account verification options", + "description" : "Method with which to verity the existing account", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-email-verification", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Verify Existing Account by Re-authentication", + "userSetupAllowed" : false + } ] + }, { + "id" : "fc428191-5b32-4163-971b-e06243910cba", + "alias" : "Browser - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-otp-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "3b48c560-76b0-402f-984a-6f379009b2fa", + "alias" : "Direct Grant - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "direct-grant-validate-otp", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "4880026f-46fe-409a-a193-aa259876b6e2", + "alias" : "First broker login - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-otp-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "4e16f15f-0f4e-4d34-a751-3058815713f0", + "alias" : "Handle Existing Account", + "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-confirm-link", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Account verification options", + "userSetupAllowed" : false + } ] + }, { + "id" : "c436cd03-f846-4eae-aaa9-b0937f1f5628", + "alias" : "Reset - Conditional OTP", + "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-otp", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "c40bd066-576b-4363-8e6a-0f955358fd4e", + "alias" : "User creation or linking", + "description" : "Flow for the existing/non-existing user alternatives", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "create unique user config", + "authenticator" : "idp-create-user-if-unique", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Handle Existing Account", + "userSetupAllowed" : false + } ] + }, { + "id" : "68a167cb-352d-489c-92a3-e7c7f1b865c0", + "alias" : "Verify Existing Account by Re-authentication", + "description" : "Reauthentication of existing account", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-username-password-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "First broker login - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "6099a264-6faf-45ce-9209-bf15bd826809", + "alias" : "browser", + "description" : "browser based authentication", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-cookie", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-spnego", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "identity-provider-redirector", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 25, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 30, + "autheticatorFlow" : true, + "flowAlias" : "forms", + "userSetupAllowed" : false + } ] + }, { + "id" : "b32a2c98-1e14-4402-a320-8481bc672ed2", + "alias" : "clients", + "description" : "Base authentication for clients", + "providerId" : "client-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "client-secret", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-jwt", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-secret-jwt", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 30, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-x509", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 40, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "6a313b5b-1407-4859-8bb1-c3cd469ae4a3", + "alias" : "direct grant", + "description" : "OpenID Connect Resource Owner Grant", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "direct-grant-validate-username", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "direct-grant-validate-password", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 30, + "autheticatorFlow" : true, + "flowAlias" : "Direct Grant - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "2c04ac4a-7288-4638-bc34-10e9eaaa9ca0", + "alias" : "docker auth", + "description" : "Used by Docker clients to authenticate against the IDP", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "docker-http-basic-authenticator", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "38055377-0634-4429-89de-b9ea772b34fc", + "alias" : "first broker login", + "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "review profile config", + "authenticator" : "idp-review-profile", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "User creation or linking", + "userSetupAllowed" : false + } ] + }, { + "id" : "6e004d03-47a3-4fcb-9624-5b3728014251", + "alias" : "forms", + "description" : "Username, password, otp and other auth forms.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-username-password-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Browser - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "fc465524-c7be-4456-95d5-54e4c9b176cc", + "alias" : "registration", + "description" : "registration flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-page-form", + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : true, + "flowAlias" : "registration form", + "userSetupAllowed" : false + } ] + }, { + "id" : "a286a53e-42df-4b02-9628-2a00ae29eaed", + "alias" : "registration form", + "description" : "registration form", + "providerId" : "form-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-user-creation", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "registration-password-action", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 50, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "registration-recaptcha-action", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 60, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "registration-terms-and-conditions", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 70, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "a48d14b3-0bee-4f08-a4d7-faf4c39a65a7", + "alias" : "reset credentials", + "description" : "Reset credentials for a user if they forgot their password or something", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "reset-credentials-choose-user", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-credential-email", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-password", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 30, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 40, + "autheticatorFlow" : true, + "flowAlias" : "Reset - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "70fb377c-643f-4825-bddc-39d320a9c589", + "alias" : "saml ecp", + "description" : "SAML ECP Profile Authentication Flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "http-basic-authenticator", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + } ], + "authenticatorConfig" : [ { + "id" : "14fc038c-52ff-4364-bd24-b5c945e423a3", + "alias" : "create unique user config", + "config" : { + "require.password.update.after.registration" : "false" + } + }, { + "id" : "f4520a29-f179-4528-bf44-42b932f03513", + "alias" : "review profile config", + "config" : { + "update.profile.on.first.login" : "missing" + } + } ], + "requiredActions" : [ { + "alias" : "CONFIGURE_TOTP", + "name" : "Configure OTP", + "providerId" : "CONFIGURE_TOTP", + "enabled" : true, + "defaultAction" : false, + "priority" : 10, + "config" : { } + }, { + "alias" : "TERMS_AND_CONDITIONS", + "name" : "Terms and Conditions", + "providerId" : "TERMS_AND_CONDITIONS", + "enabled" : false, + "defaultAction" : false, + "priority" : 20, + "config" : { } + }, { + "alias" : "UPDATE_PASSWORD", + "name" : "Update Password", + "providerId" : "UPDATE_PASSWORD", + "enabled" : true, + "defaultAction" : false, + "priority" : 30, + "config" : { } + }, { + "alias" : "UPDATE_PROFILE", + "name" : "Update Profile", + "providerId" : "UPDATE_PROFILE", + "enabled" : true, + "defaultAction" : false, + "priority" : 40, + "config" : { } + }, { + "alias" : "VERIFY_EMAIL", + "name" : "Verify Email", + "providerId" : "VERIFY_EMAIL", + "enabled" : true, + "defaultAction" : false, + "priority" : 50, + "config" : { } + }, { + "alias" : "delete_account", + "name" : "Delete Account", + "providerId" : "delete_account", + "enabled" : false, + "defaultAction" : false, + "priority" : 60, + "config" : { } + }, { + "alias" : "webauthn-register", + "name" : "Webauthn Register", + "providerId" : "webauthn-register", + "enabled" : true, + "defaultAction" : false, + "priority" : 70, + "config" : { } + }, { + "alias" : "webauthn-register-passwordless", + "name" : "Webauthn Register Passwordless", + "providerId" : "webauthn-register-passwordless", + "enabled" : true, + "defaultAction" : false, + "priority" : 80, + "config" : { } + }, { + "alias" : "VERIFY_PROFILE", + "name" : "Verify Profile", + "providerId" : "VERIFY_PROFILE", + "enabled" : true, + "defaultAction" : false, + "priority" : 90, + "config" : { } + }, { + "alias" : "update_user_locale", + "name" : "Update User Locale", + "providerId" : "update_user_locale", + "enabled" : true, + "defaultAction" : false, + "priority" : 1000, + "config" : { } + } ], + "browserFlow" : "browser", + "registrationFlow" : "registration", + "directGrantFlow" : "direct grant", + "resetCredentialsFlow" : "reset credentials", + "clientAuthenticationFlow" : "clients", + "dockerAuthenticationFlow" : "docker auth", + "firstBrokerLoginFlow" : "first broker login", + "attributes" : { + "cibaBackchannelTokenDeliveryMode" : "poll", + "cibaExpiresIn" : "120", + "cibaAuthRequestedUserHint" : "login_hint", + "oauth2DeviceCodeLifespan" : "600", + "oauth2DevicePollingInterval" : "5", + "parRequestUriLifespan" : "60", + "cibaInterval" : "5", + "realmReusableOtpCode" : "false" + }, + "keycloakVersion" : "24.0.1", + "userManagedAccessAllowed" : false, + "clientProfiles" : { + "profiles" : [ ] + }, + "clientPolicies" : { + "policies" : [ ] + } +} \ No newline at end of file diff --git a/keycloak/realms/mercury-users-0.json b/keycloak/realms/mercury-users-0.json new file mode 100644 index 00000000..f9ed0d01 --- /dev/null +++ b/keycloak/realms/mercury-users-0.json @@ -0,0 +1,27 @@ +{ + "realm" : "mercury", + "users" : [ { + "id" : "4458155c-2881-44b2-8839-c6995faa2b26", + "username" : "user", + "firstName" : "John", + "lastName" : "Smith", + "email" : "user@example.com", + "emailVerified" : true, + "createdTimestamp" : 1709812316448, + "enabled" : true, + "totp" : false, + "credentials" : [ { + "id" : "504c030d-226b-4cc1-a1f3-296f64b372e5", + "type" : "password", + "userLabel" : "My password", + "createdDate" : 1709812346376, + "secretData" : "{\"value\":\"RX5OoQgC3FjMdqCxBdtVveP2761u5LgIp5AKfOBJQDnoNAGhVsiWDwGB1qzh0yBQSAqm+T0cQXGisbQnOYDNXg==\",\"salt\":\"lVg7FJZXP19QRSFkYqZOaw==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":210000,\"algorithm\":\"pbkdf2-sha512\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-mercury" ], + "notBefore" : 0, + "groups" : [ ] + } ] +} \ No newline at end of file