From dfa7be81da8432855c5b2f5935470c5f3f5c7b62 Mon Sep 17 00:00:00 2001 From: Piotr Maszczak Date: Tue, 14 May 2024 21:59:39 +0200 Subject: [PATCH 1/2] Update vitest to use single thread --- backend/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backend/package.json b/backend/package.json index 1582f93..8cdf9c4 100644 --- a/backend/package.json +++ b/backend/package.json @@ -7,7 +7,7 @@ "license": "ISC", "scripts": { "start": "tsc-watch --noEmit --onSuccess \"tsx ./src/index.ts\"", - "test": "vitest", + "test": "vitest --single-thread", "coverage": "vitest --coverage", "build": "tsc", "prod": "node build/index.js" From 80ab5e6686a20c60675db0b943ce1e43ac25d449 Mon Sep 17 00:00:00 2001 From: Piterson25 Date: Tue, 14 May 2024 20:02:54 +0000 Subject: [PATCH 2/2] Apply formatting --- backend/src/driver/driver.ts | 4 +- backend/src/models/ChangePasswordReq.ts | 15 +- backend/src/models/Response.ts | 4 +- backend/src/models/routes/Search.ts | 14 +- backend/src/routes/usersRoute.ts | 7 +- frontend/src/components/Profile.tsx | 3 +- keycloak/import/mercury-realm.json | 4317 ++++++++++++----------- keycloak/import/mercury-users-0.json | 75 +- 8 files changed, 2414 insertions(+), 2025 deletions(-) diff --git a/backend/src/driver/driver.ts b/backend/src/driver/driver.ts index a670730..b580763 100644 --- a/backend/src/driver/driver.ts +++ b/backend/src/driver/driver.ts @@ -4,11 +4,11 @@ const username = process.env.NEO4J_USERNAME; const password = process.env.NEO4J_PASSWORD; if (!username) { - throw new Error("NEO4J_USERNAME environment variable not provided!") + throw new Error("NEO4J_USERNAME environment variable not provided!"); } if (!password) { - throw new Error("NEO4J_PASSWORD environment variable not provided!") + throw new Error("NEO4J_PASSWORD environment variable not provided!"); } const driver = neo4j.driver( diff --git a/backend/src/models/ChangePasswordReq.ts b/backend/src/models/ChangePasswordReq.ts index 3310774..04665b5 100644 --- a/backend/src/models/ChangePasswordReq.ts +++ b/backend/src/models/ChangePasswordReq.ts @@ -1,11 +1,13 @@ import { z } from "zod"; import { userPasswordSchema } from "./User.js"; -type ChangePasswordReq = { - old_password: string; - new_password: string; - repeat_password: string; -} | {} +type ChangePasswordReq = + | { + old_password: string; + new_password: string; + repeat_password: string; + } + | {}; export const changePasswordReqSchema: z.ZodType = z .object({ @@ -16,6 +18,7 @@ export const changePasswordReqSchema: z.ZodType = z .refine((data) => data.new_password === data.repeat_password, { message: "Passwords don't match", path: ["repeat_password"], - }).or(z.object({})) + }) + .or(z.object({})); export default ChangePasswordReq; diff --git a/backend/src/models/Response.ts b/backend/src/models/Response.ts index 8a8291a..d0f80c3 100644 --- a/backend/src/models/Response.ts +++ b/backend/src/models/Response.ts @@ -9,8 +9,8 @@ export interface CustomResponse extends Response { } export type Errors = { - [key: string]: Errors | string -} + [key: string]: Errors | string; +}; export interface ErrorResponse { status: "error"; diff --git a/backend/src/models/routes/Search.ts b/backend/src/models/routes/Search.ts index a694989..38b51b7 100644 --- a/backend/src/models/routes/Search.ts +++ b/backend/src/models/routes/Search.ts @@ -1,5 +1,5 @@ import { ZodType, z } from "zod"; -import Page, { pageSchema } from "./Page.js" +import Page, { pageSchema } from "./Page.js"; import { userCountrySchema } from "../User.js"; interface Search extends Page { @@ -8,10 +8,12 @@ interface Search extends Page { userId?: string; } -export const searchSchema = z.object({ - q: z.string().min(0).max(64), - country: z.union([userCountrySchema, z.literal("")]), - userId: z.optional(z.string().uuid()) -}).merge(pageSchema) satisfies ZodType +export const searchSchema = z + .object({ + q: z.string().min(0).max(64), + country: z.union([userCountrySchema, z.literal("")]), + userId: z.optional(z.string().uuid()), + }) + .merge(pageSchema) satisfies ZodType; export default Search; diff --git a/backend/src/routes/usersRoute.ts b/backend/src/routes/usersRoute.ts index b51db37..9fe8b1a 100644 --- a/backend/src/routes/usersRoute.ts +++ b/backend/src/routes/usersRoute.ts @@ -264,14 +264,15 @@ usersRouter.post( session, userId, parsedPasswords, - req.token + req.token, ); if (!changePasswordResult.success) { - const {userExists, isUserIssued, passwordCorrect} = changePasswordResult; + const { userExists, isUserIssued, passwordCorrect } = + changePasswordResult; if (!userExists) { - return userNotFoundRes(res) + return userNotFoundRes(res); } if (isUserIssued) { diff --git a/frontend/src/components/Profile.tsx b/frontend/src/components/Profile.tsx index 833ed21..271eb0f 100644 --- a/frontend/src/components/Profile.tsx +++ b/frontend/src/components/Profile.tsx @@ -14,7 +14,8 @@ function Profile(props: ProfilePageFormProps) { const { user, handleEditClick, deleteUser } = props; - const countryName = countriesData.find((v) => v.Code == user.country)?.Country + const countryName = countriesData.find((v) => v.Code == user.country) + ?.Country; return (
diff --git a/keycloak/import/mercury-realm.json b/keycloak/import/mercury-realm.json index 15bab31..51806c9 100644 --- a/keycloak/import/mercury-realm.json +++ b/keycloak/import/mercury-realm.json @@ -1,2010 +1,2389 @@ { - "id" : "c613758c-7b5c-4def-bd86-beea4dfaae01", - "realm" : "mercury", - "displayName" : "Mercury", - "displayNameHtml" : "", - "notBefore" : 0, - "defaultSignatureAlgorithm" : "RS256", - "revokeRefreshToken" : false, - "refreshTokenMaxReuse" : 0, - "accessTokenLifespan" : 300, - "accessTokenLifespanForImplicitFlow" : 900, - "ssoSessionIdleTimeout" : 1800, - "ssoSessionMaxLifespan" : 36000, - "ssoSessionIdleTimeoutRememberMe" : 0, - "ssoSessionMaxLifespanRememberMe" : 0, - "offlineSessionIdleTimeout" : 2592000, - "offlineSessionMaxLifespanEnabled" : false, - "offlineSessionMaxLifespan" : 5184000, - "clientSessionIdleTimeout" : 0, - "clientSessionMaxLifespan" : 0, - "clientOfflineSessionIdleTimeout" : 0, - "clientOfflineSessionMaxLifespan" : 0, - "accessCodeLifespan" : 60, - "accessCodeLifespanUserAction" : 300, - "accessCodeLifespanLogin" : 1800, - "actionTokenGeneratedByAdminLifespan" : 43200, - "actionTokenGeneratedByUserLifespan" : 300, - "oauth2DeviceCodeLifespan" : 600, - "oauth2DevicePollingInterval" : 5, - "enabled" : true, - "sslRequired" : "external", - "registrationAllowed" : false, - "registrationEmailAsUsername" : true, - "rememberMe" : false, - "verifyEmail" : false, - "loginWithEmailAllowed" : true, - "duplicateEmailsAllowed" : false, - "resetPasswordAllowed" : false, - "editUsernameAllowed" : false, - "bruteForceProtected" : false, - "permanentLockout" : false, - "maxTemporaryLockouts" : 0, - "maxFailureWaitSeconds" : 900, - "minimumQuickLoginWaitSeconds" : 60, - "waitIncrementSeconds" : 60, - "quickLoginCheckMilliSeconds" : 1000, - "maxDeltaTimeSeconds" : 43200, - "failureFactor" : 30, - "roles" : { - "realm" : [ { - "id" : "7cf9d503-62a4-48a7-8d25-5792e54b7506", - "name" : "default-roles-mercury", - "description" : "${role_default-roles}", - "composite" : true, - "composites" : { - "realm" : [ "offline_access", "uma_authorization" ], - "client" : { - "account" : [ "manage-account", "view-profile" ] + "id": "c613758c-7b5c-4def-bd86-beea4dfaae01", + "realm": "mercury", + "displayName": "Mercury", + "displayNameHtml": "", + "notBefore": 0, + "defaultSignatureAlgorithm": "RS256", + "revokeRefreshToken": false, + "refreshTokenMaxReuse": 0, + "accessTokenLifespan": 300, + "accessTokenLifespanForImplicitFlow": 900, + "ssoSessionIdleTimeout": 1800, + "ssoSessionMaxLifespan": 36000, + "ssoSessionIdleTimeoutRememberMe": 0, + "ssoSessionMaxLifespanRememberMe": 0, + "offlineSessionIdleTimeout": 2592000, + "offlineSessionMaxLifespanEnabled": false, + "offlineSessionMaxLifespan": 5184000, + "clientSessionIdleTimeout": 0, + "clientSessionMaxLifespan": 0, + "clientOfflineSessionIdleTimeout": 0, + "clientOfflineSessionMaxLifespan": 0, + "accessCodeLifespan": 60, + "accessCodeLifespanUserAction": 300, + "accessCodeLifespanLogin": 1800, + "actionTokenGeneratedByAdminLifespan": 43200, + "actionTokenGeneratedByUserLifespan": 300, + "oauth2DeviceCodeLifespan": 600, + "oauth2DevicePollingInterval": 5, + "enabled": true, + "sslRequired": "external", + "registrationAllowed": false, + "registrationEmailAsUsername": true, + "rememberMe": false, + "verifyEmail": false, + "loginWithEmailAllowed": true, + "duplicateEmailsAllowed": false, + "resetPasswordAllowed": false, + "editUsernameAllowed": false, + "bruteForceProtected": false, + "permanentLockout": false, + "maxTemporaryLockouts": 0, + "maxFailureWaitSeconds": 900, + "minimumQuickLoginWaitSeconds": 60, + "waitIncrementSeconds": 60, + "quickLoginCheckMilliSeconds": 1000, + "maxDeltaTimeSeconds": 43200, + "failureFactor": 30, + "roles": { + "realm": [ + { + "id": "7cf9d503-62a4-48a7-8d25-5792e54b7506", + "name": "default-roles-mercury", + "description": "${role_default-roles}", + "composite": true, + "composites": { + "realm": ["offline_access", "uma_authorization"], + "client": { + "account": ["manage-account", "view-profile"] + } + }, + "clientRole": false, + "containerId": "c613758c-7b5c-4def-bd86-beea4dfaae01", + "attributes": {} + }, + { + "id": "d76a7434-07d2-4c7f-8d40-ab4c573c1000", + "name": "uma_authorization", + "description": "${role_uma_authorization}", + "composite": false, + "clientRole": false, + "containerId": "c613758c-7b5c-4def-bd86-beea4dfaae01", + "attributes": {} + }, + { + "id": "d0bce8eb-6291-4555-bda9-5b9b9eae2cba", + "name": "offline_access", + "description": "${role_offline-access}", + "composite": false, + "clientRole": false, + "containerId": "c613758c-7b5c-4def-bd86-beea4dfaae01", + "attributes": {} + } + ], + "client": { + "mercury-testing": [ + { + "id": "ec7ee8cd-a704-4f7d-a92c-076f6584ddc5", + "name": "uma_protection", + "composite": false, + "clientRole": true, + "containerId": "0d35d127-15ad-4b38-acbf-32ece7ad625e", + "attributes": {} + } + ], + "realm-management": [ + { + "id": "d27ca265-6fc8-4e32-b447-6cb4542aa868", + "name": "query-realms", + "description": "${role_query-realms}", + "composite": false, + "clientRole": true, + "containerId": "d37386ce-72dd-4ebb-948e-52dc5932387e", + "attributes": {} + }, + { + "id": "38a64acb-042f-4b45-a248-90621f77cd35", + "name": "manage-realm", + "description": "${role_manage-realm}", + "composite": false, + "clientRole": true, + "containerId": "d37386ce-72dd-4ebb-948e-52dc5932387e", + "attributes": {} + }, + { + "id": "ec93c901-d291-42bf-877d-9632790f76e2", + "name": "manage-users", + "description": "${role_manage-users}", + "composite": false, + "clientRole": true, + "containerId": "d37386ce-72dd-4ebb-948e-52dc5932387e", + "attributes": {} + }, + { + "id": "6e768562-35cb-4b12-90ff-c2daf72b04cb", + "name": "view-clients", + "description": "${role_view-clients}", + "composite": true, + "composites": { + "client": { + "realm-management": ["query-clients"] + } + }, + "clientRole": true, + "containerId": "d37386ce-72dd-4ebb-948e-52dc5932387e", + "attributes": {} + }, + { + "id": "51de2a04-ef08-4e71-9df7-1cf9b6b4157c", + "name": "view-events", + "description": "${role_view-events}", + "composite": false, + "clientRole": true, + "containerId": "d37386ce-72dd-4ebb-948e-52dc5932387e", + "attributes": {} + }, + { + "id": "ed9e323d-4ce1-4c1e-ab93-142e268e110c", + "name": "view-identity-providers", + "description": "${role_view-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "d37386ce-72dd-4ebb-948e-52dc5932387e", + "attributes": {} + }, + { + "id": "bda3ef6a-a296-42a0-8319-02a0e7009a8e", + "name": "view-authorization", + "description": "${role_view-authorization}", + "composite": false, + "clientRole": true, + "containerId": "d37386ce-72dd-4ebb-948e-52dc5932387e", + "attributes": {} + }, + { + "id": "b1bc35dc-9dd9-432f-84bc-ef1d8a89a8d2", + "name": "query-groups", + "description": "${role_query-groups}", + "composite": false, + "clientRole": true, + "containerId": "d37386ce-72dd-4ebb-948e-52dc5932387e", + "attributes": {} + }, + { + "id": "9606fd07-8187-4705-b869-bdbd96d33169", + "name": "manage-identity-providers", + "description": "${role_manage-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "d37386ce-72dd-4ebb-948e-52dc5932387e", + "attributes": {} + }, + { + "id": "6d32ba8a-2301-42e4-b902-ec79c845f120", + "name": "view-realm", + "description": "${role_view-realm}", + "composite": false, + "clientRole": true, + "containerId": "d37386ce-72dd-4ebb-948e-52dc5932387e", + "attributes": {} + }, + { + "id": "7ec407ac-ed7a-4813-88d6-b5e2b6ff96e8", + "name": "manage-events", + "description": "${role_manage-events}", + "composite": false, + "clientRole": true, + "containerId": "d37386ce-72dd-4ebb-948e-52dc5932387e", + "attributes": {} + }, + { + "id": "23a5161e-f843-4af8-9fec-ed52ce5823bd", + "name": "create-client", + "description": "${role_create-client}", + "composite": false, + "clientRole": true, + "containerId": "d37386ce-72dd-4ebb-948e-52dc5932387e", + "attributes": {} + }, + { + "id": "7d389b09-aa53-4fa6-8669-a35183362df1", + "name": "impersonation", + "description": "${role_impersonation}", + "composite": false, + "clientRole": true, + "containerId": "d37386ce-72dd-4ebb-948e-52dc5932387e", + "attributes": {} + }, + { + "id": "90fd08fe-ee8f-49a4-bef0-0e230e3c773d", + "name": "manage-authorization", + "description": "${role_manage-authorization}", + "composite": false, + "clientRole": true, + "containerId": "d37386ce-72dd-4ebb-948e-52dc5932387e", + "attributes": {} + }, + { + "id": "7d24a70a-915a-4e11-9708-0d513de6d1da", + "name": "query-users", + "description": "${role_query-users}", + "composite": false, + "clientRole": true, + "containerId": "d37386ce-72dd-4ebb-948e-52dc5932387e", + "attributes": {} + }, + { + "id": "f12fa7e2-5ab7-4c5d-b2e2-302730359978", + "name": "manage-clients", + "description": "${role_manage-clients}", + "composite": false, + "clientRole": true, + "containerId": "d37386ce-72dd-4ebb-948e-52dc5932387e", + "attributes": {} + }, + { + "id": "76b181a0-197a-4a80-bd5a-d608ca4825c3", + "name": "query-clients", + "description": "${role_query-clients}", + "composite": false, + "clientRole": true, + "containerId": "d37386ce-72dd-4ebb-948e-52dc5932387e", + "attributes": {} + }, + { + "id": "e70e3267-6b1d-4cb6-ad67-3d655a4d51ec", + "name": "view-users", + "description": "${role_view-users}", + "composite": true, + "composites": { + "client": { + "realm-management": ["query-users", "query-groups"] + } + }, + "clientRole": true, + "containerId": "d37386ce-72dd-4ebb-948e-52dc5932387e", + "attributes": {} + }, + { + "id": "6bd826eb-0b8a-4629-859a-34df10168c5e", + "name": "realm-admin", + "description": "${role_realm-admin}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "query-realms", + "manage-realm", + "manage-users", + "view-clients", + "view-events", + "view-identity-providers", + "view-authorization", + "query-groups", + "view-realm", + "manage-identity-providers", + "manage-events", + "create-client", + "impersonation", + "query-users", + "manage-authorization", + "query-clients", + "view-users", + "manage-clients" + ] + } + }, + "clientRole": true, + "containerId": "d37386ce-72dd-4ebb-948e-52dc5932387e", + "attributes": {} + } + ], + "mercury-backend": [], + "mercury-client": [], + "security-admin-console": [], + "admin-cli": [], + "account-console": [], + "broker": [ + { + "id": "b3d4bc2f-27bb-460e-a965-a7955b718b84", + "name": "read-token", + "description": "${role_read-token}", + "composite": false, + "clientRole": true, + "containerId": "4135fc9d-2b1a-429c-8fc6-e98d129e27d6", + "attributes": {} + } + ], + "account": [ + { + "id": "047b59ce-d344-4f5b-8008-0186a8131762", + "name": "manage-account-links", + "description": "${role_manage-account-links}", + "composite": false, + "clientRole": true, + "containerId": "8210aec3-2dae-4c62-a92c-557fdda375a0", + "attributes": {} + }, + { + "id": "ee86e862-c73e-4ddd-b8ba-72d0b9d5861f", + "name": "view-consent", + "description": "${role_view-consent}", + "composite": false, + "clientRole": true, + "containerId": "8210aec3-2dae-4c62-a92c-557fdda375a0", + "attributes": {} + }, + { + "id": "212633ae-782a-49ae-9e9a-67f389b8b601", + "name": "manage-account", + "description": "${role_manage-account}", + "composite": true, + "composites": { + "client": { + "account": ["manage-account-links"] + } + }, + "clientRole": true, + "containerId": "8210aec3-2dae-4c62-a92c-557fdda375a0", + "attributes": {} + }, + { + "id": "4f72beec-6a36-4bde-8aa6-a28bf92d1058", + "name": "manage-consent", + "description": "${role_manage-consent}", + "composite": true, + "composites": { + "client": { + "account": ["view-consent"] + } + }, + "clientRole": true, + "containerId": "8210aec3-2dae-4c62-a92c-557fdda375a0", + "attributes": {} + }, + { + "id": "fd016272-c927-4a63-8859-277303d6fc0a", + "name": "view-applications", + "description": "${role_view-applications}", + "composite": false, + "clientRole": true, + "containerId": "8210aec3-2dae-4c62-a92c-557fdda375a0", + "attributes": {} + }, + { + "id": "e442fe42-d668-478d-a1f5-c6554fc381a9", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "8210aec3-2dae-4c62-a92c-557fdda375a0", + "attributes": {} + }, + { + "id": "6d615716-795b-440a-ae2e-21d5a29f511a", + "name": "view-profile", + "description": "${role_view-profile}", + "composite": false, + "clientRole": true, + "containerId": "8210aec3-2dae-4c62-a92c-557fdda375a0", + "attributes": {} + }, + { + "id": "69e4b480-198c-43f0-8c9a-2d3d42df46d8", + "name": "delete-account", + "description": "${role_delete-account}", + "composite": false, + "clientRole": true, + "containerId": "8210aec3-2dae-4c62-a92c-557fdda375a0", + "attributes": {} + } + ] + } + }, + "groups": [], + "defaultRole": { + "id": "7cf9d503-62a4-48a7-8d25-5792e54b7506", + "name": "default-roles-mercury", + "description": "${role_default-roles}", + "composite": true, + "clientRole": false, + "containerId": "c613758c-7b5c-4def-bd86-beea4dfaae01" + }, + "requiredCredentials": ["password"], + "otpPolicyType": "totp", + "otpPolicyAlgorithm": "HmacSHA1", + "otpPolicyInitialCounter": 0, + "otpPolicyDigits": 6, + "otpPolicyLookAheadWindow": 1, + "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, + "otpSupportedApplications": [ + "totpAppFreeOTPName", + "totpAppGoogleName", + "totpAppMicrosoftAuthenticatorName" + ], + "localizationTexts": {}, + "webAuthnPolicyRpEntityName": "keycloak", + "webAuthnPolicySignatureAlgorithms": ["ES256"], + "webAuthnPolicyRpId": "", + "webAuthnPolicyAttestationConveyancePreference": "not specified", + "webAuthnPolicyAuthenticatorAttachment": "not specified", + "webAuthnPolicyRequireResidentKey": "not specified", + "webAuthnPolicyUserVerificationRequirement": "not specified", + "webAuthnPolicyCreateTimeout": 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyAcceptableAaguids": [], + "webAuthnPolicyExtraOrigins": [], + "webAuthnPolicyPasswordlessRpEntityName": "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms": ["ES256"], + "webAuthnPolicyPasswordlessRpId": "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", + "webAuthnPolicyPasswordlessCreateTimeout": 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyPasswordlessAcceptableAaguids": [], + "webAuthnPolicyPasswordlessExtraOrigins": [], + "scopeMappings": [ + { + "clientScope": "offline_access", + "roles": ["offline_access"] + } + ], + "clientScopeMappings": { + "account": [ + { + "client": "account-console", + "roles": ["manage-account", "view-groups"] + } + ] + }, + "clients": [ + { + "id": "8210aec3-2dae-4c62-a92c-557fdda375a0", + "clientId": "account", + "name": "${client_account}", + "rootUrl": "${authBaseUrl}", + "baseUrl": "/realms/mercury/account/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": ["/realms/mercury/account/*"], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "acr", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "11450760-d522-431f-8035-8ac3b3bc7081", + "clientId": "account-console", + "name": "${client_account-console}", + "rootUrl": "${authBaseUrl}", + "baseUrl": "/realms/mercury/account/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": ["/realms/mercury/account/*"], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+", + "pkce.code.challenge.method": "S256" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "2a38e91b-533a-43f9-b23a-efa0a23b5837", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": {} } + ], + "defaultClientScopes": [ + "web-origins", + "acr", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "aae1cce0-4d4f-4f06-b886-4b4bf1f7d86c", + "clientId": "admin-cli", + "name": "${client_admin-cli}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "acr", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "4135fc9d-2b1a-429c-8fc6-e98d129e27d6", + "clientId": "broker", + "name": "${client_broker}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "acr", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "3e5a100b-6e1d-43dc-aa9b-8406a2917496", + "clientId": "mercury-backend", + "name": "", + "description": "", + "rootUrl": "", + "adminUrl": "", + "baseUrl": "", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "fOP43IDxXavjRogZMQWKW1qmJAz5zeEf", + "redirectUris": ["/*"], + "webOrigins": ["/*"], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": true, + "publicClient": false, + "frontchannelLogout": true, + "protocol": "openid-connect", + "attributes": { + "oidc.ciba.grant.enabled": "false", + "client.secret.creation.time": "1710663416", + "backchannel.logout.session.required": "true", + "post.logout.redirect.uris": "+", + "oauth2.device.authorization.grant.enabled": "false", + "backchannel.logout.revoke.offline.tokens": "false" }, - "clientRole" : false, - "containerId" : "c613758c-7b5c-4def-bd86-beea4dfaae01", - "attributes" : { } - }, { - "id" : "d76a7434-07d2-4c7f-8d40-ab4c573c1000", - "name" : "uma_authorization", - "description" : "${role_uma_authorization}", - "composite" : false, - "clientRole" : false, - "containerId" : "c613758c-7b5c-4def-bd86-beea4dfaae01", - "attributes" : { } - }, { - "id" : "d0bce8eb-6291-4555-bda9-5b9b9eae2cba", - "name" : "offline_access", - "description" : "${role_offline-access}", - "composite" : false, - "clientRole" : false, - "containerId" : "c613758c-7b5c-4def-bd86-beea4dfaae01", - "attributes" : { } - } ], - "client" : { - "mercury-testing" : [ { - "id" : "ec7ee8cd-a704-4f7d-a92c-076f6584ddc5", - "name" : "uma_protection", - "composite" : false, - "clientRole" : true, - "containerId" : "0d35d127-15ad-4b38-acbf-32ece7ad625e", - "attributes" : { } - } ], - "realm-management" : [ { - "id" : "d27ca265-6fc8-4e32-b447-6cb4542aa868", - "name" : "query-realms", - "description" : "${role_query-realms}", - "composite" : false, - "clientRole" : true, - "containerId" : "d37386ce-72dd-4ebb-948e-52dc5932387e", - "attributes" : { } - }, { - "id" : "38a64acb-042f-4b45-a248-90621f77cd35", - "name" : "manage-realm", - "description" : "${role_manage-realm}", - "composite" : false, - "clientRole" : true, - "containerId" : "d37386ce-72dd-4ebb-948e-52dc5932387e", - "attributes" : { } - }, { - "id" : "ec93c901-d291-42bf-877d-9632790f76e2", - "name" : "manage-users", - "description" : "${role_manage-users}", - "composite" : false, - "clientRole" : true, - "containerId" : "d37386ce-72dd-4ebb-948e-52dc5932387e", - "attributes" : { } - }, { - "id" : "6e768562-35cb-4b12-90ff-c2daf72b04cb", - "name" : "view-clients", - "description" : "${role_view-clients}", - "composite" : true, - "composites" : { - "client" : { - "realm-management" : [ "query-clients" ] + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "protocolMappers": [ + { + "id": "b12bed1f-ac65-4dad-93cb-ff7c2ada5c4c", + "name": "Client IP Address", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientAddress", + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientAddress", + "jsonType.label": "String" } }, - "clientRole" : true, - "containerId" : "d37386ce-72dd-4ebb-948e-52dc5932387e", - "attributes" : { } - }, { - "id" : "51de2a04-ef08-4e71-9df7-1cf9b6b4157c", - "name" : "view-events", - "description" : "${role_view-events}", - "composite" : false, - "clientRole" : true, - "containerId" : "d37386ce-72dd-4ebb-948e-52dc5932387e", - "attributes" : { } - }, { - "id" : "ed9e323d-4ce1-4c1e-ab93-142e268e110c", - "name" : "view-identity-providers", - "description" : "${role_view-identity-providers}", - "composite" : false, - "clientRole" : true, - "containerId" : "d37386ce-72dd-4ebb-948e-52dc5932387e", - "attributes" : { } - }, { - "id" : "bda3ef6a-a296-42a0-8319-02a0e7009a8e", - "name" : "view-authorization", - "description" : "${role_view-authorization}", - "composite" : false, - "clientRole" : true, - "containerId" : "d37386ce-72dd-4ebb-948e-52dc5932387e", - "attributes" : { } - }, { - "id" : "b1bc35dc-9dd9-432f-84bc-ef1d8a89a8d2", - "name" : "query-groups", - "description" : "${role_query-groups}", - "composite" : false, - "clientRole" : true, - "containerId" : "d37386ce-72dd-4ebb-948e-52dc5932387e", - "attributes" : { } - }, { - "id" : "9606fd07-8187-4705-b869-bdbd96d33169", - "name" : "manage-identity-providers", - "description" : "${role_manage-identity-providers}", - "composite" : false, - "clientRole" : true, - "containerId" : "d37386ce-72dd-4ebb-948e-52dc5932387e", - "attributes" : { } - }, { - "id" : "6d32ba8a-2301-42e4-b902-ec79c845f120", - "name" : "view-realm", - "description" : "${role_view-realm}", - "composite" : false, - "clientRole" : true, - "containerId" : "d37386ce-72dd-4ebb-948e-52dc5932387e", - "attributes" : { } - }, { - "id" : "7ec407ac-ed7a-4813-88d6-b5e2b6ff96e8", - "name" : "manage-events", - "description" : "${role_manage-events}", - "composite" : false, - "clientRole" : true, - "containerId" : "d37386ce-72dd-4ebb-948e-52dc5932387e", - "attributes" : { } - }, { - "id" : "23a5161e-f843-4af8-9fec-ed52ce5823bd", - "name" : "create-client", - "description" : "${role_create-client}", - "composite" : false, - "clientRole" : true, - "containerId" : "d37386ce-72dd-4ebb-948e-52dc5932387e", - "attributes" : { } - }, { - "id" : "7d389b09-aa53-4fa6-8669-a35183362df1", - "name" : "impersonation", - "description" : "${role_impersonation}", - "composite" : false, - "clientRole" : true, - "containerId" : "d37386ce-72dd-4ebb-948e-52dc5932387e", - "attributes" : { } - }, { - "id" : "90fd08fe-ee8f-49a4-bef0-0e230e3c773d", - "name" : "manage-authorization", - "description" : "${role_manage-authorization}", - "composite" : false, - "clientRole" : true, - "containerId" : "d37386ce-72dd-4ebb-948e-52dc5932387e", - "attributes" : { } - }, { - "id" : "7d24a70a-915a-4e11-9708-0d513de6d1da", - "name" : "query-users", - "description" : "${role_query-users}", - "composite" : false, - "clientRole" : true, - "containerId" : "d37386ce-72dd-4ebb-948e-52dc5932387e", - "attributes" : { } - }, { - "id" : "f12fa7e2-5ab7-4c5d-b2e2-302730359978", - "name" : "manage-clients", - "description" : "${role_manage-clients}", - "composite" : false, - "clientRole" : true, - "containerId" : "d37386ce-72dd-4ebb-948e-52dc5932387e", - "attributes" : { } - }, { - "id" : "76b181a0-197a-4a80-bd5a-d608ca4825c3", - "name" : "query-clients", - "description" : "${role_query-clients}", - "composite" : false, - "clientRole" : true, - "containerId" : "d37386ce-72dd-4ebb-948e-52dc5932387e", - "attributes" : { } - }, { - "id" : "e70e3267-6b1d-4cb6-ad67-3d655a4d51ec", - "name" : "view-users", - "description" : "${role_view-users}", - "composite" : true, - "composites" : { - "client" : { - "realm-management" : [ "query-users", "query-groups" ] + { + "id": "362a6af3-d2cc-47ac-9281-fc8197ae7f5b", + "name": "Client Host", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientHost", + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientHost", + "jsonType.label": "String" } }, - "clientRole" : true, - "containerId" : "d37386ce-72dd-4ebb-948e-52dc5932387e", - "attributes" : { } - }, { - "id" : "6bd826eb-0b8a-4629-859a-34df10168c5e", - "name" : "realm-admin", - "description" : "${role_realm-admin}", - "composite" : true, - "composites" : { - "client" : { - "realm-management" : [ "query-realms", "manage-realm", "manage-users", "view-clients", "view-events", "view-identity-providers", "view-authorization", "query-groups", "view-realm", "manage-identity-providers", "manage-events", "create-client", "impersonation", "query-users", "manage-authorization", "query-clients", "view-users", "manage-clients" ] + { + "id": "f195fc9d-fd7e-4217-b3af-35734bcda798", + "name": "Client ID", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "client_id", + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "client_id", + "jsonType.label": "String" } - }, - "clientRole" : true, - "containerId" : "d37386ce-72dd-4ebb-948e-52dc5932387e", - "attributes" : { } - } ], - "mercury-backend" : [ ], - "mercury-client" : [ ], - "security-admin-console" : [ ], - "admin-cli" : [ ], - "account-console" : [ ], - "broker" : [ { - "id" : "b3d4bc2f-27bb-460e-a965-a7955b718b84", - "name" : "read-token", - "description" : "${role_read-token}", - "composite" : false, - "clientRole" : true, - "containerId" : "4135fc9d-2b1a-429c-8fc6-e98d129e27d6", - "attributes" : { } - } ], - "account" : [ { - "id" : "047b59ce-d344-4f5b-8008-0186a8131762", - "name" : "manage-account-links", - "description" : "${role_manage-account-links}", - "composite" : false, - "clientRole" : true, - "containerId" : "8210aec3-2dae-4c62-a92c-557fdda375a0", - "attributes" : { } - }, { - "id" : "ee86e862-c73e-4ddd-b8ba-72d0b9d5861f", - "name" : "view-consent", - "description" : "${role_view-consent}", - "composite" : false, - "clientRole" : true, - "containerId" : "8210aec3-2dae-4c62-a92c-557fdda375a0", - "attributes" : { } - }, { - "id" : "212633ae-782a-49ae-9e9a-67f389b8b601", - "name" : "manage-account", - "description" : "${role_manage-account}", - "composite" : true, - "composites" : { - "client" : { - "account" : [ "manage-account-links" ] + } + ], + "defaultClientScopes": [ + "web-origins", + "acr", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "1e8e3830-947e-472b-82de-c4d8f2513a23", + "clientId": "mercury-client", + "name": "", + "description": "", + "rootUrl": "http://localhost:5173", + "adminUrl": "http://localhost:5173", + "baseUrl": "/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": ["/*"], + "webOrigins": ["http://localhost:5173"], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": true, + "protocol": "openid-connect", + "attributes": { + "oidc.ciba.grant.enabled": "false", + "post.logout.redirect.uris": "/*", + "oauth2.device.authorization.grant.enabled": "false", + "backchannel.logout.session.required": "true", + "backchannel.logout.revoke.offline.tokens": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "defaultClientScopes": [ + "web-origins", + "acr", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "0d35d127-15ad-4b38-acbf-32ece7ad625e", + "clientId": "mercury-testing", + "name": "", + "description": "", + "rootUrl": "", + "adminUrl": "", + "baseUrl": "", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "5mwGU0Efyh3cT2WVX7ffA8UAWEAmrBag", + "redirectUris": ["/*"], + "webOrigins": ["/*"], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": true, + "publicClient": false, + "frontchannelLogout": true, + "protocol": "openid-connect", + "attributes": { + "client.secret.creation.time": "1713952561", + "oauth2.device.authorization.grant.enabled": "false", + "backchannel.logout.revoke.offline.tokens": "false", + "use.refresh.tokens": "true", + "oidc.ciba.grant.enabled": "false", + "client.use.lightweight.access.token.enabled": "false", + "backchannel.logout.session.required": "true", + "client_credentials.use_refresh_token": "false", + "tls.client.certificate.bound.access.tokens": "false", + "require.pushed.authorization.requests": "false", + "acr.loa.map": "{}", + "display.on.consent.screen": "false", + "token.response.type.bearer.lower-case": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "protocolMappers": [ + { + "id": "075230d9-4d35-4d94-8190-0353836753d9", + "name": "Client IP Address", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientAddress", + "introspection.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientAddress", + "jsonType.label": "String" } }, - "clientRole" : true, - "containerId" : "8210aec3-2dae-4c62-a92c-557fdda375a0", - "attributes" : { } - }, { - "id" : "4f72beec-6a36-4bde-8aa6-a28bf92d1058", - "name" : "manage-consent", - "description" : "${role_manage-consent}", - "composite" : true, - "composites" : { - "client" : { - "account" : [ "view-consent" ] + { + "id": "4c6e8372-d0c1-4566-bc8f-0c27b40c02f6", + "name": "Client Host", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientHost", + "introspection.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientHost", + "jsonType.label": "String" } }, - "clientRole" : true, - "containerId" : "8210aec3-2dae-4c62-a92c-557fdda375a0", - "attributes" : { } - }, { - "id" : "fd016272-c927-4a63-8859-277303d6fc0a", - "name" : "view-applications", - "description" : "${role_view-applications}", - "composite" : false, - "clientRole" : true, - "containerId" : "8210aec3-2dae-4c62-a92c-557fdda375a0", - "attributes" : { } - }, { - "id" : "e442fe42-d668-478d-a1f5-c6554fc381a9", - "name" : "view-groups", - "description" : "${role_view-groups}", - "composite" : false, - "clientRole" : true, - "containerId" : "8210aec3-2dae-4c62-a92c-557fdda375a0", - "attributes" : { } - }, { - "id" : "6d615716-795b-440a-ae2e-21d5a29f511a", - "name" : "view-profile", - "description" : "${role_view-profile}", - "composite" : false, - "clientRole" : true, - "containerId" : "8210aec3-2dae-4c62-a92c-557fdda375a0", - "attributes" : { } - }, { - "id" : "69e4b480-198c-43f0-8c9a-2d3d42df46d8", - "name" : "delete-account", - "description" : "${role_delete-account}", - "composite" : false, - "clientRole" : true, - "containerId" : "8210aec3-2dae-4c62-a92c-557fdda375a0", - "attributes" : { } - } ] + { + "id": "500eff02-aca6-4a79-9429-10ffd6f23f0a", + "name": "Client ID", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "client_id", + "introspection.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "client_id", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "acr", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "d37386ce-72dd-4ebb-948e-52dc5932387e", + "clientId": "realm-management", + "name": "${client_realm-management}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "acr", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "70b1558c-fa73-4dbf-9692-6c54b7de55a9", + "clientId": "security-admin-console", + "name": "${client_security-admin-console}", + "rootUrl": "${authAdminUrl}", + "baseUrl": "/admin/mercury/console/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": ["/admin/mercury/console/*"], + "webOrigins": ["+"], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+", + "pkce.code.challenge.method": "S256" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "d06b16b1-4668-445e-88d7-5f5b8527a317", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "acr", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] } - }, - "groups" : [ ], - "defaultRole" : { - "id" : "7cf9d503-62a4-48a7-8d25-5792e54b7506", - "name" : "default-roles-mercury", - "description" : "${role_default-roles}", - "composite" : true, - "clientRole" : false, - "containerId" : "c613758c-7b5c-4def-bd86-beea4dfaae01" - }, - "requiredCredentials" : [ "password" ], - "otpPolicyType" : "totp", - "otpPolicyAlgorithm" : "HmacSHA1", - "otpPolicyInitialCounter" : 0, - "otpPolicyDigits" : 6, - "otpPolicyLookAheadWindow" : 1, - "otpPolicyPeriod" : 30, - "otpPolicyCodeReusable" : false, - "otpSupportedApplications" : [ "totpAppFreeOTPName", "totpAppGoogleName", "totpAppMicrosoftAuthenticatorName" ], - "localizationTexts" : { }, - "webAuthnPolicyRpEntityName" : "keycloak", - "webAuthnPolicySignatureAlgorithms" : [ "ES256" ], - "webAuthnPolicyRpId" : "", - "webAuthnPolicyAttestationConveyancePreference" : "not specified", - "webAuthnPolicyAuthenticatorAttachment" : "not specified", - "webAuthnPolicyRequireResidentKey" : "not specified", - "webAuthnPolicyUserVerificationRequirement" : "not specified", - "webAuthnPolicyCreateTimeout" : 0, - "webAuthnPolicyAvoidSameAuthenticatorRegister" : false, - "webAuthnPolicyAcceptableAaguids" : [ ], - "webAuthnPolicyExtraOrigins" : [ ], - "webAuthnPolicyPasswordlessRpEntityName" : "keycloak", - "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ], - "webAuthnPolicyPasswordlessRpId" : "", - "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified", - "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified", - "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified", - "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified", - "webAuthnPolicyPasswordlessCreateTimeout" : 0, - "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false, - "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ], - "webAuthnPolicyPasswordlessExtraOrigins" : [ ], - "scopeMappings" : [ { - "clientScope" : "offline_access", - "roles" : [ "offline_access" ] - } ], - "clientScopeMappings" : { - "account" : [ { - "client" : "account-console", - "roles" : [ "manage-account", "view-groups" ] - } ] - }, - "clients" : [ { - "id" : "8210aec3-2dae-4c62-a92c-557fdda375a0", - "clientId" : "account", - "name" : "${client_account}", - "rootUrl" : "${authBaseUrl}", - "baseUrl" : "/realms/mercury/account/", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ "/realms/mercury/account/*" ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "post.logout.redirect.uris" : "+" + ], + "clientScopes": [ + { + "id": "dae49cb1-7fbc-4cb3-ace7-1ab5febba273", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "caf4197e-0bb8-4fa5-b7eb-4544404d63db", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "introspection.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + } + ] }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "11450760-d522-431f-8035-8ac3b3bc7081", - "clientId" : "account-console", - "name" : "${client_account-console}", - "rootUrl" : "${authBaseUrl}", - "baseUrl" : "/realms/mercury/account/", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ "/realms/mercury/account/*" ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "post.logout.redirect.uris" : "+", - "pkce.code.challenge.method" : "S256" + { + "id": "1e0f5f48-dabc-46c6-ba3a-9378bd51036f", + "name": "role_list", + "description": "SAML role list", + "protocol": "saml", + "attributes": { + "consent.screen.text": "${samlRoleListScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "65380c5f-2832-4cd1-8eee-b5f33cd55f24", + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", + "consentRequired": false, + "config": { + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" + } + } + ] }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "protocolMappers" : [ { - "id" : "2a38e91b-533a-43f9-b23a-efa0a23b5837", - "name" : "audience resolve", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-audience-resolve-mapper", - "consentRequired" : false, - "config" : { } - } ], - "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "aae1cce0-4d4f-4f06-b886-4b4bf1f7d86c", - "clientId" : "admin-cli", - "name" : "${client_admin-cli}", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : false, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : true, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "post.logout.redirect.uris" : "+" + { + "id": "69101a26-25e3-44b9-9063-53d1ed363bb6", + "name": "address", + "description": "OpenID Connect built-in scope: address", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${addressScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "36ac9844-d5e1-473d-a235-27e41f3fe370", + "name": "address", + "protocol": "openid-connect", + "protocolMapper": "oidc-address-mapper", + "consentRequired": false, + "config": { + "user.attribute.formatted": "formatted", + "user.attribute.country": "country", + "introspection.token.claim": "true", + "user.attribute.postal_code": "postal_code", + "userinfo.token.claim": "true", + "user.attribute.street": "street", + "id.token.claim": "true", + "user.attribute.region": "region", + "access.token.claim": "true", + "user.attribute.locality": "locality" + } + } + ] }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "4135fc9d-2b1a-429c-8fc6-e98d129e27d6", - "clientId" : "broker", - "name" : "${client_broker}", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : true, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "post.logout.redirect.uris" : "+" + { + "id": "d1f178fc-561e-49d0-8ab7-8b47721d468d", + "name": "web-origins", + "description": "OpenID Connect scope for add allowed web origins to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false", + "consent.screen.text": "" + }, + "protocolMappers": [ + { + "id": "9b869004-08b5-4cd0-a4c5-f9d19d83807a", + "name": "allowed web origins", + "protocol": "openid-connect", + "protocolMapper": "oidc-allowed-origins-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "access.token.claim": "true" + } + } + ] }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "3e5a100b-6e1d-43dc-aa9b-8406a2917496", - "clientId" : "mercury-backend", - "name" : "", - "description" : "", - "rootUrl" : "", - "adminUrl" : "", - "baseUrl" : "", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "fOP43IDxXavjRogZMQWKW1qmJAz5zeEf", - "redirectUris" : [ "/*" ], - "webOrigins" : [ "/*" ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : false, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : true, - "publicClient" : false, - "frontchannelLogout" : true, - "protocol" : "openid-connect", - "attributes" : { - "oidc.ciba.grant.enabled" : "false", - "client.secret.creation.time" : "1710663416", - "backchannel.logout.session.required" : "true", - "post.logout.redirect.uris" : "+", - "oauth2.device.authorization.grant.enabled" : "false", - "backchannel.logout.revoke.offline.tokens" : "false" + { + "id": "3400e596-f9d5-4873-a4af-4c13668ec261", + "name": "roles", + "description": "OpenID Connect scope for add user roles to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "true", + "consent.screen.text": "${rolesScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "5b302273-05a5-469d-a091-5d9d81b87bbc", + "name": "realm roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "multivalued": "true", + "user.attribute": "foo", + "access.token.claim": "true", + "claim.name": "realm_access.roles", + "jsonType.label": "String" + } + }, + { + "id": "0e50b492-ada2-48e7-806c-5846e02eec1a", + "name": "client roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-client-role-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "multivalued": "true", + "user.attribute": "foo", + "access.token.claim": "true", + "claim.name": "resource_access.${client_id}.roles", + "jsonType.label": "String" + } + }, + { + "id": "c792e9b0-65db-431d-ba6a-90ccc36f20b4", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "access.token.claim": "true" + } + } + ] }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : true, - "nodeReRegistrationTimeout" : -1, - "protocolMappers" : [ { - "id" : "b12bed1f-ac65-4dad-93cb-ff7c2ada5c4c", - "name" : "Client IP Address", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usersessionmodel-note-mapper", - "consentRequired" : false, - "config" : { - "user.session.note" : "clientAddress", - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "clientAddress", - "jsonType.label" : "String" + { + "id": "81911342-2fb0-462f-98fa-df45a64cdc76", + "name": "offline_access", + "description": "OpenID Connect built-in scope: offline_access", + "protocol": "openid-connect", + "attributes": { + "consent.screen.text": "${offlineAccessScopeConsentText}", + "display.on.consent.screen": "true" } - }, { - "id" : "362a6af3-d2cc-47ac-9281-fc8197ae7f5b", - "name" : "Client Host", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usersessionmodel-note-mapper", - "consentRequired" : false, - "config" : { - "user.session.note" : "clientHost", - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "clientHost", - "jsonType.label" : "String" - } - }, { - "id" : "f195fc9d-fd7e-4217-b3af-35734bcda798", - "name" : "Client ID", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usersessionmodel-note-mapper", - "consentRequired" : false, - "config" : { - "user.session.note" : "client_id", - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "client_id", - "jsonType.label" : "String" - } - } ], - "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "1e8e3830-947e-472b-82de-c4d8f2513a23", - "clientId" : "mercury-client", - "name" : "", - "description" : "", - "rootUrl" : "http://localhost:5173", - "adminUrl" : "http://localhost:5173", - "baseUrl" : "/", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ "/*" ], - "webOrigins" : [ "http://localhost:5173" ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : true, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : true, - "protocol" : "openid-connect", - "attributes" : { - "oidc.ciba.grant.enabled" : "false", - "post.logout.redirect.uris" : "/*", - "oauth2.device.authorization.grant.enabled" : "false", - "backchannel.logout.session.required" : "true", - "backchannel.logout.revoke.offline.tokens" : "false" }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : true, - "nodeReRegistrationTimeout" : -1, - "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "0d35d127-15ad-4b38-acbf-32ece7ad625e", - "clientId" : "mercury-testing", - "name" : "", - "description" : "", - "rootUrl" : "", - "adminUrl" : "", - "baseUrl" : "", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "5mwGU0Efyh3cT2WVX7ffA8UAWEAmrBag", - "redirectUris" : [ "/*" ], - "webOrigins" : [ "/*" ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : false, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : true, - "serviceAccountsEnabled" : true, - "publicClient" : false, - "frontchannelLogout" : true, - "protocol" : "openid-connect", - "attributes" : { - "client.secret.creation.time" : "1713952561", - "oauth2.device.authorization.grant.enabled" : "false", - "backchannel.logout.revoke.offline.tokens" : "false", - "use.refresh.tokens" : "true", - "oidc.ciba.grant.enabled" : "false", - "client.use.lightweight.access.token.enabled" : "false", - "backchannel.logout.session.required" : "true", - "client_credentials.use_refresh_token" : "false", - "tls.client.certificate.bound.access.tokens" : "false", - "require.pushed.authorization.requests" : "false", - "acr.loa.map" : "{}", - "display.on.consent.screen" : "false", - "token.response.type.bearer.lower-case" : "false" + { + "id": "404196d1-5b02-4ce7-9412-301f2320271f", + "name": "email", + "description": "OpenID Connect built-in scope: email", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${emailScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "cd971827-2f53-4442-b85b-744f4f3a0642", + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + }, + { + "id": "e414ab98-b685-4d09-a174-618ec0756485", + "name": "email verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "emailVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email_verified", + "jsonType.label": "boolean" + } + } + ] }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : true, - "nodeReRegistrationTimeout" : -1, - "protocolMappers" : [ { - "id" : "075230d9-4d35-4d94-8190-0353836753d9", - "name" : "Client IP Address", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usersessionmodel-note-mapper", - "consentRequired" : false, - "config" : { - "user.session.note" : "clientAddress", - "introspection.token.claim" : "true", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "clientAddress", - "jsonType.label" : "String" - } - }, { - "id" : "4c6e8372-d0c1-4566-bc8f-0c27b40c02f6", - "name" : "Client Host", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usersessionmodel-note-mapper", - "consentRequired" : false, - "config" : { - "user.session.note" : "clientHost", - "introspection.token.claim" : "true", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "clientHost", - "jsonType.label" : "String" + { + "id": "43d5ba8e-229c-4aa4-9a8b-18b6f95c2b07", + "name": "profile", + "description": "OpenID Connect built-in scope: profile", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${profileScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "44f441ba-155a-4042-807e-89b240571c63", + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" + } + }, + { + "id": "7b286565-9e41-453e-925f-b26dc9cd8930", + "name": "picture", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "picture", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "picture", + "jsonType.label": "String" + } + }, + { + "id": "27095051-31c3-45c7-be1a-d00d6fc796e8", + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" + } + }, + { + "id": "515852ae-812c-4302-95cb-3644fc848d46", + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String" + } + }, + { + "id": "8ca626f4-ecb1-4b1b-9a49-e2646efb1b07", + "name": "nickname", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "nickname", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "nickname", + "jsonType.label": "String" + } + }, + { + "id": "6403cb5d-62fa-4f5b-a145-612df4ddce89", + "name": "birthdate", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "birthdate", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "birthdate", + "jsonType.label": "String" + } + }, + { + "id": "989e5a2b-274f-4cb4-b6df-871293e824b0", + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "introspection.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + }, + { + "id": "122b95b0-98a0-4115-a029-b421a882f85a", + "name": "gender", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "gender", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "gender", + "jsonType.label": "String" + } + }, + { + "id": "dff99349-5079-4ed0-ac33-e699df19c7c5", + "name": "middle name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "middleName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "middle_name", + "jsonType.label": "String" + } + }, + { + "id": "39881d35-1d42-45fc-a528-9f098be904e5", + "name": "updated at", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "updatedAt", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "updated_at", + "jsonType.label": "long" + } + }, + { + "id": "4790b67a-286d-4f7b-8114-10ca4f2e60c0", + "name": "zoneinfo", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "zoneinfo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "zoneinfo", + "jsonType.label": "String" + } + }, + { + "id": "0fc2c7b1-21f0-48e5-8c22-091c3949d89a", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + }, + { + "id": "17a22ce9-c4d1-45bb-911a-44206e1e7d33", + "name": "profile", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "profile", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "profile", + "jsonType.label": "String" + } + }, + { + "id": "90d8ba7a-7c40-42ae-98f1-778c842ae8ab", + "name": "website", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "website", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "website", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "e0c82c56-cc36-4838-aab4-ea0dfb7a0a47", + "name": "phone", + "description": "OpenID Connect built-in scope: phone", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${phoneScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "a9c0b4e4-50fc-4608-bf67-23488919eff0", + "name": "phone number", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "phoneNumber", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number", + "jsonType.label": "String" + } + }, + { + "id": "8184fe73-8312-44fc-95d5-77a3a3ef0f6a", + "name": "phone number verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "phoneNumberVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number_verified", + "jsonType.label": "boolean" + } + } + ] + }, + { + "id": "acef8c00-91d2-4701-ac8e-3aa0f3c6e9bf", + "name": "microprofile-jwt", + "description": "Microprofile - JWT built-in scope", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "60a62076-9b78-445a-ac39-4e8c54938213", + "name": "upn", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "upn", + "jsonType.label": "String" + } + }, + { + "id": "ef03e6f9-8f92-41b5-9e58-0499c2d15d30", + "name": "groups", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "multivalued": "true", + "userinfo.token.claim": "true", + "user.attribute": "foo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "groups", + "jsonType.label": "String" + } + } + ] + } + ], + "defaultDefaultClientScopes": [ + "role_list", + "profile", + "email", + "roles", + "web-origins", + "acr" + ], + "defaultOptionalClientScopes": [ + "offline_access", + "address", + "phone", + "microprofile-jwt" + ], + "browserSecurityHeaders": { + "contentSecurityPolicyReportOnly": "", + "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", + "xRobotsTag": "none", + "xFrameOptions": "SAMEORIGIN", + "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "xXSSProtection": "1; mode=block", + "strictTransportSecurity": "max-age=31536000; includeSubDomains" + }, + "smtpServer": {}, + "loginTheme": "mercury", + "accountTheme": "", + "adminTheme": "", + "emailTheme": "", + "eventsEnabled": false, + "eventsListeners": ["jboss-logging"], + "enabledEventTypes": [], + "adminEventsEnabled": false, + "adminEventsDetailsEnabled": false, + "identityProviders": [], + "identityProviderMappers": [], + "components": { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ + { + "id": "06543751-6efd-4f4d-a3b8-b87fda426531", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allow-default-scopes": ["true"] + } + }, + { + "id": "9f1eb042-374e-486e-ad4e-74e523834a94", + "name": "Max Clients Limit", + "providerId": "max-clients", + "subType": "anonymous", + "subComponents": {}, + "config": { + "max-clients": ["200"] + } + }, + { + "id": "91470b6e-0744-4e8e-ae72-ccca37c754ed", + "name": "Trusted Hosts", + "providerId": "trusted-hosts", + "subType": "anonymous", + "subComponents": {}, + "config": { + "host-sending-registration-request-must-match": ["true"], + "client-uris-must-match": ["true"] + } + }, + { + "id": "30b7a3f8-5240-4525-9f5f-daaac691a761", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "9a80a925-5a35-4c9e-98b2-5b935ad329d6", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "saml-user-attribute-mapper", + "oidc-sha256-pairwise-sub-mapper", + "saml-user-property-mapper", + "oidc-full-name-mapper", + "saml-role-list-mapper", + "oidc-address-mapper", + "oidc-usermodel-attribute-mapper", + "oidc-usermodel-property-mapper" + ] + } + }, + { + "id": "834344b9-0e3e-44ab-afc6-b3eca79046ab", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allow-default-scopes": ["true"] + } + }, + { + "id": "fe2523d4-4fa6-4124-9296-c9e06b1fc649", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "oidc-usermodel-attribute-mapper", + "oidc-address-mapper", + "oidc-sha256-pairwise-sub-mapper", + "saml-user-property-mapper", + "saml-role-list-mapper", + "saml-user-attribute-mapper", + "oidc-usermodel-property-mapper", + "oidc-full-name-mapper" + ] + } + }, + { + "id": "04ac11e0-5350-4fec-9643-542ac4707b6b", + "name": "Consent Required", + "providerId": "consent-required", + "subType": "anonymous", + "subComponents": {}, + "config": {} } - }, { - "id" : "500eff02-aca6-4a79-9429-10ffd6f23f0a", - "name" : "Client ID", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usersessionmodel-note-mapper", - "consentRequired" : false, - "config" : { - "user.session.note" : "client_id", - "introspection.token.claim" : "true", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "client_id", - "jsonType.label" : "String" + ], + "org.keycloak.keys.KeyProvider": [ + { + "id": "5d62e3f8-f36a-4756-9ddd-a185bd6abcea", + "name": "rsa-generated", + "providerId": "rsa-generated", + "subComponents": {}, + "config": { + "privateKey": [ + "MIIEogIBAAKCAQEAwy5eCpA7ErQip9CvGPbB+IIdRAYusj24xIj8ugd4WXpsQaf3gEvOG71zuBZr3hpB8fm6TsYq6zXhPXpNAVrkavAsmsenG3twJg6CYwHpPK6VzKB1rSwaChOle9847F1/zdVgJTB+PMkbUgnLNpdyRG7IfoXj0/urFMiVFroysX9POBV/NdCh5M26U3SXOKwLujKL6TTCFL6bfZ7wO2hS/qBTeZRWhmwLOafIEprFppvSc5WPF3stHdcp39AC0NKQuXizSbGGHBzIY9qx6FSoJH432PEgvLjz08pdt0fcQGmIQpusSEfiDGMarMHU11bgkBzqI4HXIgKZ0wVSMGWnIwIDAQABAoIBACI6bmmB06o7BtzRHvPMykVvY/x67RN6+X0V3OQuzS875eI5t5C7OoDo33NIE1CW4Du0JLUN0ZcAEuj6GqkDLI2IYvodyzNpmUhDQSBlxGZM455IAXsGAecEfP/VLKFe4DvTkJHVCD5WskDX0NhZBMP1fZmal1KkjuMNLgAXVS6FK0V4C4uPdMHjC3Fth+4m0dnSFd12/X25qoMLNBTkT/CMipVuLW/IiXx/JzdyFbM6EMeHHOplJjRuLd3gVARtyQsp9n673l7MfNdXqvS9Z1P4N/t/9LKlZIwDPJ80mw14GZlhI1tHM0pLFIwaWjCD0bZiV/XoVvvN9Mn+4uuCy8ECgYEA9CaCF+aThoIX9UymNsqWsE29Mb8hp84eM0koz0bdV7B1Nuq82hBsGZ5X1Ggz6NZIOcrB8SzXeJhTwi3d4BI0+LUaKs2NksWGRmfzJVgUzQYZc1xiCoj0x//jbgIYBcg2zM9WMa+C3HOLt3xtitdCxA2vMJvHQcMHSgpz5TFLsGECgYEAzKduXGGukNpwgta3W/W9gbiu08U903MVNXhh7EvfRZf5oxidSTsKOoKYgYpXmfBiebq3I+h/60gMsrEeCn4/NN/tnAELOT4n8gzpKyBEk5wID/sZ8Ox2vbGmGogZLc5OxjK52Ky3EL7bBZC2g0VUXjbqxAQO2Z3dHdhj4F6CVgMCgYAAzBdkqJYWvFoDrQpl52dyj+5sOSmM+LlUhYqikqKqZKMdWMrhE2im9MNoqCZzPi/iMG1Nsk3J0QWE/s1Yq/aMUVsShLVPo2F63WAH4S/AM6Llo4mWazgRZx6A/3TAoBS9uneXlfEhcycjpD5fU7CeH0VRLVELP+3IKhySxQRwQQKBgBIApHeh7B436O/JfYWsX0g6+74LOr4QAIyck1ia8AAKN15+es+HTwYImOvERKJ4/+CfaR7Sg/Ypd1x8shzQMDUxgZBYkyks64yiUByIESA++IKXXxfPZT6YkvkAgd6CqHFM4wZJYy0o7NFXgoaXoa1L/WjSxo+kEGBguaByD9sLAoGASjCszstrqE3oiKW5+ASVi5KyaMGZ2w/ciLT9+KobS4Ufa4HPGzY5TCfWydY69uRiBTp3txCTyAv4BSBp5f/Bm3tHugv1fn6O5okp6ILCqO0/ay61S5HdMqBfpPZs8QLzcZP80GGCqv/xEO/40QwmNYes4XRMW/X9QBRVXjcEh6I=" + ], + "keyUse": ["SIG"], + "certificate": [ + "MIICnTCCAYUCBgGOGL+fIjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdtZXJjdXJ5MB4XDTI0MDMwNzExNDgxNVoXDTM0MDMwNzExNDk1NVowEjEQMA4GA1UEAwwHbWVyY3VyeTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMMuXgqQOxK0IqfQrxj2wfiCHUQGLrI9uMSI/LoHeFl6bEGn94BLzhu9c7gWa94aQfH5uk7GKus14T16TQFa5GrwLJrHpxt7cCYOgmMB6Tyulcygda0sGgoTpXvfOOxdf83VYCUwfjzJG1IJyzaXckRuyH6F49P7qxTIlRa6MrF/TzgVfzXQoeTNulN0lzisC7oyi+k0whS+m32e8DtoUv6gU3mUVoZsCzmnyBKaxaab0nOVjxd7LR3XKd/QAtDSkLl4s0mxhhwcyGPasehUqCR+N9jxILy489PKXbdH3EBpiEKbrEhH4gxjGqzB1NdW4JAc6iOB1yICmdMFUjBlpyMCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAWxmMoSyTdzBxDdYgWfdrGg1CA8pAm1Xaktp6ZjaPCy8ydR4xzcAdg5sUKEOouQWkaR6uDtNmaCGS2UxfWpjQyx84BYko+iLBIrAZ22NzbQP0LkjZh0yKrEmnyUeZiKMQijJaki8Q3d1bEJQ2yELLKl5C5L4gZ5Eq3GYCdyaB9nuMDuBV1WK7FVLskQ+NOBQFxzmXF3kUmVdJ5nr4yfuKbXtfA0RrITle737O7BJjrF6B4Cv9IhCPFUc8KplvozBZqiuEMSncj30ZAA/R3eMHXXFGULKHRw46IECHCa6bmNuT3WzoqVgUNMKuX4pF3a5CVGDN4B9W+yFp9xawic8VDg==" + ], + "priority": ["100"] + } + }, + { + "id": "592bd1c9-609d-4847-8ea7-abbef231cd0f", + "name": "aes-generated", + "providerId": "aes-generated", + "subComponents": {}, + "config": { + "kid": ["aababe09-0b9f-44df-a05d-d6e20663e11f"], + "secret": ["WMt4EfYG5ntN9zgfzIzXBg"], + "priority": ["100"] + } + }, + { + "id": "254b2bb0-0740-4355-91e4-0e79d77d7746", + "name": "rsa-enc-generated", + "providerId": "rsa-enc-generated", + "subComponents": {}, + "config": { + "privateKey": [ + "MIIEowIBAAKCAQEA1Pc/QiRx+bzLGEtHRkFGuxd4c5BzoPZEeUSmNSnkLDdUJM/cAUPL3ySlSrWLy6/Pl5cdGIgTyMk9AJxRgBW7wC2DJYG01jHwe4qNUEc6uZEewoIMWpFuKiENx1L+yngJ7yZMlYXj4Wr/krnxfN8DEe77S9hlW2kH1qaPFUN1x54Jz8n5SUbWFl6EVieyR9a1dwMvuRRdAafPwcpVzRN6VmtVBVdRI/pjA8sq22L9LgflAq2kSiCO8nSsXHxcY6F3jSi5VQXcPnzvBhwJkScP/jPsqg0Oruzo9nsQH3e5swWj7cpLrJ0LfDufeVzQHCNGrDSWJ47L6v1KWjgY1euDiQIDAQABAoIBAC2nJv9l0q0HpL37fTb5TVFUEbUsVS0/PaSFa9/fsBMudTJDANWgk/as42YljudGNAk6Ermsihkz0ojr+aisgAgNeZyztnFoWTYSmIKKEnOvQVnPCRjtLiGH3m1JRGdg3jhPDIHNJvGuv0TT6YmsQPs6MNKse+XhmRWRtQCI6pm0ydt55MCpG483AnlfV/RRmucrk9qz0O/pdAwuk2ubw1tz+j337Qj077wIPsdSxrLmSRj8TM11/jAyioZ2H85sajEoIos3/cNZsa155vCQrCvDeOeHgakKtaukK7Kou6dg1L638xS1PK+xPo5hSF7TIe1dHVfookwU1MfBNziTQcUCgYEA/D0Dg2XEqQt7B09yJeL+IJHqnCu1Ok61ee59Hj2T29iZ4qCR1IVSADgHwt2Amx33MSMuevIXxWmE+LvL6oCUYrXzTE6PVGi01H/eHvhDi9SjSGIA3OPM8vjGInJo2rlZUxUpAIrYYQxybTvBJa3zhvoclys51onx8zuDJFPpRKsCgYEA2CRM19b5bzypHGgSgsK7xMlH005BwAg8hHrunbDus16wYSzFuT8MOsNPBrHHhgVCiih35RIVgzaGAFLjUM3a3ma8qAV8zJ3eUM3vQ0+ywliMM517mZgGF0tac0hIbatUApKufWTtscNfB9z/kB2w6RGTb9DDfTE+7dv/FRes0JsCgYAiiQQLIIrtjjnZBWKel1auBOx3V3CnvBES0bllw46UAjMHmW5+B4bzqrg9UPCDzHWEz8lUYgMpL0pad/PydopafYkDQJpVN0TS93LlEJ7G7WUxyuFNXQ85kSAnpTx//fKh8nq7rUb0+qxMEmteilOWfnYdqHhxzE9JOzO4bJi6owKBgEqSQ5zYQ5jYUfRGB9TrgMMFOu2xe0fYz6BZlYf8am6iRbJRMyqVkQ+ZIOPLZG5d1DY8fhkfYyKxJgxojJrtWw0OXxqNQiCKexBf7KPJlIAu8rhAJku4wqk4y00o7CxCRyrYFrGWp9eD836QBfBf/hB7iuWyHjBMVEzWcSyCzZHvAoGBAOIdgx6A5flR967wkh/oCHv1D1PmTxlS/cH1DWwHiLtpFsy72rlsHP/SWR+nUdN+BkIJfeOZ8o0LRqK54g5Rw44eLE6OGsbub5bYNz4k9CJfvRh3uY//khzOMzN8wQUQK1uj1I505s8EQQtsZA+uXhWGrZe8FSIOVuiTipQkDa9E" + ], + "keyUse": ["ENC"], + "certificate": [ + "MIICnTCCAYUCBgGOGL+gHDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdtZXJjdXJ5MB4XDTI0MDMwNzExNDgxNVoXDTM0MDMwNzExNDk1NVowEjEQMA4GA1UEAwwHbWVyY3VyeTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANT3P0Ikcfm8yxhLR0ZBRrsXeHOQc6D2RHlEpjUp5Cw3VCTP3AFDy98kpUq1i8uvz5eXHRiIE8jJPQCcUYAVu8AtgyWBtNYx8HuKjVBHOrmRHsKCDFqRbiohDcdS/sp4Ce8mTJWF4+Fq/5K58XzfAxHu+0vYZVtpB9amjxVDdceeCc/J+UlG1hZehFYnskfWtXcDL7kUXQGnz8HKVc0TelZrVQVXUSP6YwPLKtti/S4H5QKtpEogjvJ0rFx8XGOhd40ouVUF3D587wYcCZEnD/4z7KoNDq7s6PZ7EB93ubMFo+3KS6ydC3w7n3lc0BwjRqw0lieOy+r9Slo4GNXrg4kCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAyRfmvls2UfY0qIhZqcV+8xysVtQAdczgQKUsh+lLpO586lbE54OOInnBeN6ImcYR2w+UHMefxl7t6sJf2OJGeLVKK2fkydG4r+G4mQ2ZKTWQKd9lrZ0jmovgsFRtqkfERHWNPBfyddKv2yEb0DLgOBZxzTBvStGhBmIpQpPjcgn8gRn8zga1eF3Igr6z/jxaaXn5JPm06L2iaAZy5iknrW56fPL1YalUunPcaTklXkl+ZUUprdx3C5xEMz4badA6QGwbX8HVxKDQbVkSs6rnWk1QSbp3mHmCbt88VyhiZ0TSn0bTRqOf+O/9mKDqANxyLs1mT7LAtThpx5gFR/JoPw==" + ], + "priority": ["100"], + "algorithm": ["RSA-OAEP"] + } + }, + { + "id": "6b9c2275-e252-443f-a7df-3ca9434dfcc4", + "name": "hmac-generated-hs512", + "providerId": "hmac-generated", + "subComponents": {}, + "config": { + "kid": ["17d0589d-2fd6-4b15-a630-aab003c7b60c"], + "secret": [ + "Uc8c3tea6MO_tsLqSwgzWe3Gz-PUrnqUQHdDvGX49im2SLHC8QEQXvztcRNXgTgqDngCizYALvfhEoppYwZVf58ZxMIi94dwN41G5VaWEljeN9yy34k-B0A9UBSWM7cUe88G11uu3qb9Eq2G9CLYUnXau0wD5ut_4PIcXuFqsTM" + ], + "priority": ["100"], + "algorithm": ["HS512"] + } } - } ], - "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "d37386ce-72dd-4ebb-948e-52dc5932387e", - "clientId" : "realm-management", - "name" : "${client_realm-management}", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : true, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "post.logout.redirect.uris" : "+" + ] + }, + "internationalizationEnabled": false, + "supportedLocales": [], + "authenticationFlows": [ + { + "id": "8ac064df-d6eb-415b-b35e-9272444e5989", + "alias": "Account verification options", + "description": "Method with which to verity the existing account", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-email-verification", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Verify Existing Account by Re-authentication", + "userSetupAllowed": false + } + ] }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "70b1558c-fa73-4dbf-9692-6c54b7de55a9", - "clientId" : "security-admin-console", - "name" : "${client_security-admin-console}", - "rootUrl" : "${authAdminUrl}", - "baseUrl" : "/admin/mercury/console/", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ "/admin/mercury/console/*" ], - "webOrigins" : [ "+" ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "post.logout.redirect.uris" : "+", - "pkce.code.challenge.method" : "S256" + { + "id": "fc428191-5b32-4163-971b-e06243910cba", + "alias": "Browser - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-otp-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "protocolMappers" : [ { - "id" : "d06b16b1-4668-445e-88d7-5f5b8527a317", - "name" : "locale", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "locale", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "locale", - "jsonType.label" : "String" - } - } ], - "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - } ], - "clientScopes" : [ { - "id" : "dae49cb1-7fbc-4cb3-ace7-1ab5febba273", - "name" : "acr", - "description" : "OpenID Connect scope for add acr (authentication context class reference) to the token", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "false", - "display.on.consent.screen" : "false" + { + "id": "3b48c560-76b0-402f-984a-6f379009b2fa", + "alias": "Direct Grant - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "direct-grant-validate-otp", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] }, - "protocolMappers" : [ { - "id" : "caf4197e-0bb8-4fa5-b7eb-4544404d63db", - "name" : "acr loa level", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-acr-mapper", - "consentRequired" : false, - "config" : { - "id.token.claim" : "true", - "introspection.token.claim" : "true", - "access.token.claim" : "true", - "userinfo.token.claim" : "true" - } - } ] - }, { - "id" : "1e0f5f48-dabc-46c6-ba3a-9378bd51036f", - "name" : "role_list", - "description" : "SAML role list", - "protocol" : "saml", - "attributes" : { - "consent.screen.text" : "${samlRoleListScopeConsentText}", - "display.on.consent.screen" : "true" + { + "id": "4880026f-46fe-409a-a193-aa259876b6e2", + "alias": "First broker login - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-otp-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] }, - "protocolMappers" : [ { - "id" : "65380c5f-2832-4cd1-8eee-b5f33cd55f24", - "name" : "role list", - "protocol" : "saml", - "protocolMapper" : "saml-role-list-mapper", - "consentRequired" : false, - "config" : { - "single" : "false", - "attribute.nameformat" : "Basic", - "attribute.name" : "Role" - } - } ] - }, { - "id" : "69101a26-25e3-44b9-9063-53d1ed363bb6", - "name" : "address", - "description" : "OpenID Connect built-in scope: address", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${addressScopeConsentText}" + { + "id": "4e16f15f-0f4e-4d34-a751-3058815713f0", + "alias": "Handle Existing Account", + "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-confirm-link", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Account verification options", + "userSetupAllowed": false + } + ] }, - "protocolMappers" : [ { - "id" : "36ac9844-d5e1-473d-a235-27e41f3fe370", - "name" : "address", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-address-mapper", - "consentRequired" : false, - "config" : { - "user.attribute.formatted" : "formatted", - "user.attribute.country" : "country", - "introspection.token.claim" : "true", - "user.attribute.postal_code" : "postal_code", - "userinfo.token.claim" : "true", - "user.attribute.street" : "street", - "id.token.claim" : "true", - "user.attribute.region" : "region", - "access.token.claim" : "true", - "user.attribute.locality" : "locality" - } - } ] - }, { - "id" : "d1f178fc-561e-49d0-8ab7-8b47721d468d", - "name" : "web-origins", - "description" : "OpenID Connect scope for add allowed web origins to the access token", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "false", - "display.on.consent.screen" : "false", - "consent.screen.text" : "" + { + "id": "c436cd03-f846-4eae-aaa9-b0937f1f5628", + "alias": "Reset - Conditional OTP", + "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-otp", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] }, - "protocolMappers" : [ { - "id" : "9b869004-08b5-4cd0-a4c5-f9d19d83807a", - "name" : "allowed web origins", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-allowed-origins-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "access.token.claim" : "true" - } - } ] - }, { - "id" : "3400e596-f9d5-4873-a4af-4c13668ec261", - "name" : "roles", - "description" : "OpenID Connect scope for add user roles to the access token", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "false", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${rolesScopeConsentText}" + { + "id": "c40bd066-576b-4363-8e6a-0f955358fd4e", + "alias": "User creation or linking", + "description": "Flow for the existing/non-existing user alternatives", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorConfig": "create unique user config", + "authenticator": "idp-create-user-if-unique", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Handle Existing Account", + "userSetupAllowed": false + } + ] }, - "protocolMappers" : [ { - "id" : "5b302273-05a5-469d-a091-5d9d81b87bbc", - "name" : "realm roles", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-realm-role-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "multivalued" : "true", - "user.attribute" : "foo", - "access.token.claim" : "true", - "claim.name" : "realm_access.roles", - "jsonType.label" : "String" - } - }, { - "id" : "0e50b492-ada2-48e7-806c-5846e02eec1a", - "name" : "client roles", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-client-role-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "multivalued" : "true", - "user.attribute" : "foo", - "access.token.claim" : "true", - "claim.name" : "resource_access.${client_id}.roles", - "jsonType.label" : "String" - } - }, { - "id" : "c792e9b0-65db-431d-ba6a-90ccc36f20b4", - "name" : "audience resolve", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-audience-resolve-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "access.token.claim" : "true" - } - } ] - }, { - "id" : "81911342-2fb0-462f-98fa-df45a64cdc76", - "name" : "offline_access", - "description" : "OpenID Connect built-in scope: offline_access", - "protocol" : "openid-connect", - "attributes" : { - "consent.screen.text" : "${offlineAccessScopeConsentText}", - "display.on.consent.screen" : "true" - } - }, { - "id" : "404196d1-5b02-4ce7-9412-301f2320271f", - "name" : "email", - "description" : "OpenID Connect built-in scope: email", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${emailScopeConsentText}" + { + "id": "68a167cb-352d-489c-92a3-e7c7f1b865c0", + "alias": "Verify Existing Account by Re-authentication", + "description": "Reauthentication of existing account", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-username-password-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "First broker login - Conditional OTP", + "userSetupAllowed": false + } + ] }, - "protocolMappers" : [ { - "id" : "cd971827-2f53-4442-b85b-744f4f3a0642", - "name" : "email", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "email", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "email", - "jsonType.label" : "String" - } - }, { - "id" : "e414ab98-b685-4d09-a174-618ec0756485", - "name" : "email verified", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "emailVerified", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "email_verified", - "jsonType.label" : "boolean" - } - } ] - }, { - "id" : "43d5ba8e-229c-4aa4-9a8b-18b6f95c2b07", - "name" : "profile", - "description" : "OpenID Connect built-in scope: profile", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${profileScopeConsentText}" + { + "id": "6099a264-6faf-45ce-9209-bf15bd826809", + "alias": "browser", + "description": "browser based authentication", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-cookie", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-spnego", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "identity-provider-redirector", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 25, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 30, + "autheticatorFlow": true, + "flowAlias": "forms", + "userSetupAllowed": false + } + ] }, - "protocolMappers" : [ { - "id" : "44f441ba-155a-4042-807e-89b240571c63", - "name" : "given name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "firstName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "given_name", - "jsonType.label" : "String" - } - }, { - "id" : "7b286565-9e41-453e-925f-b26dc9cd8930", - "name" : "picture", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "picture", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "picture", - "jsonType.label" : "String" - } - }, { - "id" : "27095051-31c3-45c7-be1a-d00d6fc796e8", - "name" : "username", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "username", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "preferred_username", - "jsonType.label" : "String" - } - }, { - "id" : "515852ae-812c-4302-95cb-3644fc848d46", - "name" : "family name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "lastName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "family_name", - "jsonType.label" : "String" - } - }, { - "id" : "8ca626f4-ecb1-4b1b-9a49-e2646efb1b07", - "name" : "nickname", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "nickname", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "nickname", - "jsonType.label" : "String" - } - }, { - "id" : "6403cb5d-62fa-4f5b-a145-612df4ddce89", - "name" : "birthdate", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "birthdate", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "birthdate", - "jsonType.label" : "String" - } - }, { - "id" : "989e5a2b-274f-4cb4-b6df-871293e824b0", - "name" : "full name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-full-name-mapper", - "consentRequired" : false, - "config" : { - "id.token.claim" : "true", - "introspection.token.claim" : "true", - "access.token.claim" : "true", - "userinfo.token.claim" : "true" - } - }, { - "id" : "122b95b0-98a0-4115-a029-b421a882f85a", - "name" : "gender", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "gender", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "gender", - "jsonType.label" : "String" - } - }, { - "id" : "dff99349-5079-4ed0-ac33-e699df19c7c5", - "name" : "middle name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "middleName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "middle_name", - "jsonType.label" : "String" - } - }, { - "id" : "39881d35-1d42-45fc-a528-9f098be904e5", - "name" : "updated at", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "updatedAt", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "updated_at", - "jsonType.label" : "long" - } - }, { - "id" : "4790b67a-286d-4f7b-8114-10ca4f2e60c0", - "name" : "zoneinfo", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "zoneinfo", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "zoneinfo", - "jsonType.label" : "String" - } - }, { - "id" : "0fc2c7b1-21f0-48e5-8c22-091c3949d89a", - "name" : "locale", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "locale", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "locale", - "jsonType.label" : "String" - } - }, { - "id" : "17a22ce9-c4d1-45bb-911a-44206e1e7d33", - "name" : "profile", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "profile", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "profile", - "jsonType.label" : "String" - } - }, { - "id" : "90d8ba7a-7c40-42ae-98f1-778c842ae8ab", - "name" : "website", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "website", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "website", - "jsonType.label" : "String" - } - } ] - }, { - "id" : "e0c82c56-cc36-4838-aab4-ea0dfb7a0a47", - "name" : "phone", - "description" : "OpenID Connect built-in scope: phone", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${phoneScopeConsentText}" + { + "id": "b32a2c98-1e14-4402-a320-8481bc672ed2", + "alias": "clients", + "description": "Base authentication for clients", + "providerId": "client-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "client-secret", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-jwt", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-secret-jwt", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 30, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-x509", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 40, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] }, - "protocolMappers" : [ { - "id" : "a9c0b4e4-50fc-4608-bf67-23488919eff0", - "name" : "phone number", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "phoneNumber", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "phone_number", - "jsonType.label" : "String" - } - }, { - "id" : "8184fe73-8312-44fc-95d5-77a3a3ef0f6a", - "name" : "phone number verified", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "phoneNumberVerified", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "phone_number_verified", - "jsonType.label" : "boolean" - } - } ] - }, { - "id" : "acef8c00-91d2-4701-ac8e-3aa0f3c6e9bf", - "name" : "microprofile-jwt", - "description" : "Microprofile - JWT built-in scope", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "false" + { + "id": "6a313b5b-1407-4859-8bb1-c3cd469ae4a3", + "alias": "direct grant", + "description": "OpenID Connect Resource Owner Grant", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "direct-grant-validate-username", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "direct-grant-validate-password", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 30, + "autheticatorFlow": true, + "flowAlias": "Direct Grant - Conditional OTP", + "userSetupAllowed": false + } + ] }, - "protocolMappers" : [ { - "id" : "60a62076-9b78-445a-ac39-4e8c54938213", - "name" : "upn", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "username", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "upn", - "jsonType.label" : "String" - } - }, { - "id" : "ef03e6f9-8f92-41b5-9e58-0499c2d15d30", - "name" : "groups", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-realm-role-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "multivalued" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "foo", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "groups", - "jsonType.label" : "String" - } - } ] - } ], - "defaultDefaultClientScopes" : [ "role_list", "profile", "email", "roles", "web-origins", "acr" ], - "defaultOptionalClientScopes" : [ "offline_access", "address", "phone", "microprofile-jwt" ], - "browserSecurityHeaders" : { - "contentSecurityPolicyReportOnly" : "", - "xContentTypeOptions" : "nosniff", - "referrerPolicy" : "no-referrer", - "xRobotsTag" : "none", - "xFrameOptions" : "SAMEORIGIN", - "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - "xXSSProtection" : "1; mode=block", - "strictTransportSecurity" : "max-age=31536000; includeSubDomains" - }, - "smtpServer" : { }, - "loginTheme" : "mercury", - "accountTheme" : "", - "adminTheme" : "", - "emailTheme" : "", - "eventsEnabled" : false, - "eventsListeners" : [ "jboss-logging" ], - "enabledEventTypes" : [ ], - "adminEventsEnabled" : false, - "adminEventsDetailsEnabled" : false, - "identityProviders" : [ ], - "identityProviderMappers" : [ ], - "components" : { - "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ { - "id" : "06543751-6efd-4f4d-a3b8-b87fda426531", - "name" : "Allowed Client Scopes", - "providerId" : "allowed-client-templates", - "subType" : "authenticated", - "subComponents" : { }, - "config" : { - "allow-default-scopes" : [ "true" ] - } - }, { - "id" : "9f1eb042-374e-486e-ad4e-74e523834a94", - "name" : "Max Clients Limit", - "providerId" : "max-clients", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "max-clients" : [ "200" ] - } - }, { - "id" : "91470b6e-0744-4e8e-ae72-ccca37c754ed", - "name" : "Trusted Hosts", - "providerId" : "trusted-hosts", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "host-sending-registration-request-must-match" : [ "true" ], - "client-uris-must-match" : [ "true" ] - } - }, { - "id" : "30b7a3f8-5240-4525-9f5f-daaac691a761", - "name" : "Full Scope Disabled", - "providerId" : "scope", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { } - }, { - "id" : "9a80a925-5a35-4c9e-98b2-5b935ad329d6", - "name" : "Allowed Protocol Mapper Types", - "providerId" : "allowed-protocol-mappers", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "allowed-protocol-mapper-types" : [ "saml-user-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-property-mapper", "oidc-full-name-mapper", "saml-role-list-mapper", "oidc-address-mapper", "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper" ] - } - }, { - "id" : "834344b9-0e3e-44ab-afc6-b3eca79046ab", - "name" : "Allowed Client Scopes", - "providerId" : "allowed-client-templates", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "allow-default-scopes" : [ "true" ] - } - }, { - "id" : "fe2523d4-4fa6-4124-9296-c9e06b1fc649", - "name" : "Allowed Protocol Mapper Types", - "providerId" : "allowed-protocol-mappers", - "subType" : "authenticated", - "subComponents" : { }, - "config" : { - "allowed-protocol-mapper-types" : [ "oidc-usermodel-attribute-mapper", "oidc-address-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-property-mapper", "saml-role-list-mapper", "saml-user-attribute-mapper", "oidc-usermodel-property-mapper", "oidc-full-name-mapper" ] - } - }, { - "id" : "04ac11e0-5350-4fec-9643-542ac4707b6b", - "name" : "Consent Required", - "providerId" : "consent-required", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { } - } ], - "org.keycloak.keys.KeyProvider" : [ { - "id" : "5d62e3f8-f36a-4756-9ddd-a185bd6abcea", - "name" : "rsa-generated", - "providerId" : "rsa-generated", - "subComponents" : { }, - "config" : { - "privateKey" : [ "MIIEogIBAAKCAQEAwy5eCpA7ErQip9CvGPbB+IIdRAYusj24xIj8ugd4WXpsQaf3gEvOG71zuBZr3hpB8fm6TsYq6zXhPXpNAVrkavAsmsenG3twJg6CYwHpPK6VzKB1rSwaChOle9847F1/zdVgJTB+PMkbUgnLNpdyRG7IfoXj0/urFMiVFroysX9POBV/NdCh5M26U3SXOKwLujKL6TTCFL6bfZ7wO2hS/qBTeZRWhmwLOafIEprFppvSc5WPF3stHdcp39AC0NKQuXizSbGGHBzIY9qx6FSoJH432PEgvLjz08pdt0fcQGmIQpusSEfiDGMarMHU11bgkBzqI4HXIgKZ0wVSMGWnIwIDAQABAoIBACI6bmmB06o7BtzRHvPMykVvY/x67RN6+X0V3OQuzS875eI5t5C7OoDo33NIE1CW4Du0JLUN0ZcAEuj6GqkDLI2IYvodyzNpmUhDQSBlxGZM455IAXsGAecEfP/VLKFe4DvTkJHVCD5WskDX0NhZBMP1fZmal1KkjuMNLgAXVS6FK0V4C4uPdMHjC3Fth+4m0dnSFd12/X25qoMLNBTkT/CMipVuLW/IiXx/JzdyFbM6EMeHHOplJjRuLd3gVARtyQsp9n673l7MfNdXqvS9Z1P4N/t/9LKlZIwDPJ80mw14GZlhI1tHM0pLFIwaWjCD0bZiV/XoVvvN9Mn+4uuCy8ECgYEA9CaCF+aThoIX9UymNsqWsE29Mb8hp84eM0koz0bdV7B1Nuq82hBsGZ5X1Ggz6NZIOcrB8SzXeJhTwi3d4BI0+LUaKs2NksWGRmfzJVgUzQYZc1xiCoj0x//jbgIYBcg2zM9WMa+C3HOLt3xtitdCxA2vMJvHQcMHSgpz5TFLsGECgYEAzKduXGGukNpwgta3W/W9gbiu08U903MVNXhh7EvfRZf5oxidSTsKOoKYgYpXmfBiebq3I+h/60gMsrEeCn4/NN/tnAELOT4n8gzpKyBEk5wID/sZ8Ox2vbGmGogZLc5OxjK52Ky3EL7bBZC2g0VUXjbqxAQO2Z3dHdhj4F6CVgMCgYAAzBdkqJYWvFoDrQpl52dyj+5sOSmM+LlUhYqikqKqZKMdWMrhE2im9MNoqCZzPi/iMG1Nsk3J0QWE/s1Yq/aMUVsShLVPo2F63WAH4S/AM6Llo4mWazgRZx6A/3TAoBS9uneXlfEhcycjpD5fU7CeH0VRLVELP+3IKhySxQRwQQKBgBIApHeh7B436O/JfYWsX0g6+74LOr4QAIyck1ia8AAKN15+es+HTwYImOvERKJ4/+CfaR7Sg/Ypd1x8shzQMDUxgZBYkyks64yiUByIESA++IKXXxfPZT6YkvkAgd6CqHFM4wZJYy0o7NFXgoaXoa1L/WjSxo+kEGBguaByD9sLAoGASjCszstrqE3oiKW5+ASVi5KyaMGZ2w/ciLT9+KobS4Ufa4HPGzY5TCfWydY69uRiBTp3txCTyAv4BSBp5f/Bm3tHugv1fn6O5okp6ILCqO0/ay61S5HdMqBfpPZs8QLzcZP80GGCqv/xEO/40QwmNYes4XRMW/X9QBRVXjcEh6I=" ], - "keyUse" : [ "SIG" ], - "certificate" : [ "MIICnTCCAYUCBgGOGL+fIjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdtZXJjdXJ5MB4XDTI0MDMwNzExNDgxNVoXDTM0MDMwNzExNDk1NVowEjEQMA4GA1UEAwwHbWVyY3VyeTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMMuXgqQOxK0IqfQrxj2wfiCHUQGLrI9uMSI/LoHeFl6bEGn94BLzhu9c7gWa94aQfH5uk7GKus14T16TQFa5GrwLJrHpxt7cCYOgmMB6Tyulcygda0sGgoTpXvfOOxdf83VYCUwfjzJG1IJyzaXckRuyH6F49P7qxTIlRa6MrF/TzgVfzXQoeTNulN0lzisC7oyi+k0whS+m32e8DtoUv6gU3mUVoZsCzmnyBKaxaab0nOVjxd7LR3XKd/QAtDSkLl4s0mxhhwcyGPasehUqCR+N9jxILy489PKXbdH3EBpiEKbrEhH4gxjGqzB1NdW4JAc6iOB1yICmdMFUjBlpyMCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAWxmMoSyTdzBxDdYgWfdrGg1CA8pAm1Xaktp6ZjaPCy8ydR4xzcAdg5sUKEOouQWkaR6uDtNmaCGS2UxfWpjQyx84BYko+iLBIrAZ22NzbQP0LkjZh0yKrEmnyUeZiKMQijJaki8Q3d1bEJQ2yELLKl5C5L4gZ5Eq3GYCdyaB9nuMDuBV1WK7FVLskQ+NOBQFxzmXF3kUmVdJ5nr4yfuKbXtfA0RrITle737O7BJjrF6B4Cv9IhCPFUc8KplvozBZqiuEMSncj30ZAA/R3eMHXXFGULKHRw46IECHCa6bmNuT3WzoqVgUNMKuX4pF3a5CVGDN4B9W+yFp9xawic8VDg==" ], - "priority" : [ "100" ] - } - }, { - "id" : "592bd1c9-609d-4847-8ea7-abbef231cd0f", - "name" : "aes-generated", - "providerId" : "aes-generated", - "subComponents" : { }, - "config" : { - "kid" : [ "aababe09-0b9f-44df-a05d-d6e20663e11f" ], - "secret" : [ "WMt4EfYG5ntN9zgfzIzXBg" ], - "priority" : [ "100" ] - } - }, { - "id" : "254b2bb0-0740-4355-91e4-0e79d77d7746", - "name" : "rsa-enc-generated", - "providerId" : "rsa-enc-generated", - "subComponents" : { }, - "config" : { - "privateKey" : [ "MIIEowIBAAKCAQEA1Pc/QiRx+bzLGEtHRkFGuxd4c5BzoPZEeUSmNSnkLDdUJM/cAUPL3ySlSrWLy6/Pl5cdGIgTyMk9AJxRgBW7wC2DJYG01jHwe4qNUEc6uZEewoIMWpFuKiENx1L+yngJ7yZMlYXj4Wr/krnxfN8DEe77S9hlW2kH1qaPFUN1x54Jz8n5SUbWFl6EVieyR9a1dwMvuRRdAafPwcpVzRN6VmtVBVdRI/pjA8sq22L9LgflAq2kSiCO8nSsXHxcY6F3jSi5VQXcPnzvBhwJkScP/jPsqg0Oruzo9nsQH3e5swWj7cpLrJ0LfDufeVzQHCNGrDSWJ47L6v1KWjgY1euDiQIDAQABAoIBAC2nJv9l0q0HpL37fTb5TVFUEbUsVS0/PaSFa9/fsBMudTJDANWgk/as42YljudGNAk6Ermsihkz0ojr+aisgAgNeZyztnFoWTYSmIKKEnOvQVnPCRjtLiGH3m1JRGdg3jhPDIHNJvGuv0TT6YmsQPs6MNKse+XhmRWRtQCI6pm0ydt55MCpG483AnlfV/RRmucrk9qz0O/pdAwuk2ubw1tz+j337Qj077wIPsdSxrLmSRj8TM11/jAyioZ2H85sajEoIos3/cNZsa155vCQrCvDeOeHgakKtaukK7Kou6dg1L638xS1PK+xPo5hSF7TIe1dHVfookwU1MfBNziTQcUCgYEA/D0Dg2XEqQt7B09yJeL+IJHqnCu1Ok61ee59Hj2T29iZ4qCR1IVSADgHwt2Amx33MSMuevIXxWmE+LvL6oCUYrXzTE6PVGi01H/eHvhDi9SjSGIA3OPM8vjGInJo2rlZUxUpAIrYYQxybTvBJa3zhvoclys51onx8zuDJFPpRKsCgYEA2CRM19b5bzypHGgSgsK7xMlH005BwAg8hHrunbDus16wYSzFuT8MOsNPBrHHhgVCiih35RIVgzaGAFLjUM3a3ma8qAV8zJ3eUM3vQ0+ywliMM517mZgGF0tac0hIbatUApKufWTtscNfB9z/kB2w6RGTb9DDfTE+7dv/FRes0JsCgYAiiQQLIIrtjjnZBWKel1auBOx3V3CnvBES0bllw46UAjMHmW5+B4bzqrg9UPCDzHWEz8lUYgMpL0pad/PydopafYkDQJpVN0TS93LlEJ7G7WUxyuFNXQ85kSAnpTx//fKh8nq7rUb0+qxMEmteilOWfnYdqHhxzE9JOzO4bJi6owKBgEqSQ5zYQ5jYUfRGB9TrgMMFOu2xe0fYz6BZlYf8am6iRbJRMyqVkQ+ZIOPLZG5d1DY8fhkfYyKxJgxojJrtWw0OXxqNQiCKexBf7KPJlIAu8rhAJku4wqk4y00o7CxCRyrYFrGWp9eD836QBfBf/hB7iuWyHjBMVEzWcSyCzZHvAoGBAOIdgx6A5flR967wkh/oCHv1D1PmTxlS/cH1DWwHiLtpFsy72rlsHP/SWR+nUdN+BkIJfeOZ8o0LRqK54g5Rw44eLE6OGsbub5bYNz4k9CJfvRh3uY//khzOMzN8wQUQK1uj1I505s8EQQtsZA+uXhWGrZe8FSIOVuiTipQkDa9E" ], - "keyUse" : [ "ENC" ], - "certificate" : [ "MIICnTCCAYUCBgGOGL+gHDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdtZXJjdXJ5MB4XDTI0MDMwNzExNDgxNVoXDTM0MDMwNzExNDk1NVowEjEQMA4GA1UEAwwHbWVyY3VyeTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANT3P0Ikcfm8yxhLR0ZBRrsXeHOQc6D2RHlEpjUp5Cw3VCTP3AFDy98kpUq1i8uvz5eXHRiIE8jJPQCcUYAVu8AtgyWBtNYx8HuKjVBHOrmRHsKCDFqRbiohDcdS/sp4Ce8mTJWF4+Fq/5K58XzfAxHu+0vYZVtpB9amjxVDdceeCc/J+UlG1hZehFYnskfWtXcDL7kUXQGnz8HKVc0TelZrVQVXUSP6YwPLKtti/S4H5QKtpEogjvJ0rFx8XGOhd40ouVUF3D587wYcCZEnD/4z7KoNDq7s6PZ7EB93ubMFo+3KS6ydC3w7n3lc0BwjRqw0lieOy+r9Slo4GNXrg4kCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAyRfmvls2UfY0qIhZqcV+8xysVtQAdczgQKUsh+lLpO586lbE54OOInnBeN6ImcYR2w+UHMefxl7t6sJf2OJGeLVKK2fkydG4r+G4mQ2ZKTWQKd9lrZ0jmovgsFRtqkfERHWNPBfyddKv2yEb0DLgOBZxzTBvStGhBmIpQpPjcgn8gRn8zga1eF3Igr6z/jxaaXn5JPm06L2iaAZy5iknrW56fPL1YalUunPcaTklXkl+ZUUprdx3C5xEMz4badA6QGwbX8HVxKDQbVkSs6rnWk1QSbp3mHmCbt88VyhiZ0TSn0bTRqOf+O/9mKDqANxyLs1mT7LAtThpx5gFR/JoPw==" ], - "priority" : [ "100" ], - "algorithm" : [ "RSA-OAEP" ] + { + "id": "2c04ac4a-7288-4638-bc34-10e9eaaa9ca0", + "alias": "docker auth", + "description": "Used by Docker clients to authenticate against the IDP", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "docker-http-basic-authenticator", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "38055377-0634-4429-89de-b9ea772b34fc", + "alias": "first broker login", + "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorConfig": "review profile config", + "authenticator": "idp-review-profile", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "User creation or linking", + "userSetupAllowed": false + } + ] + }, + { + "id": "6e004d03-47a3-4fcb-9624-5b3728014251", + "alias": "forms", + "description": "Username, password, otp and other auth forms.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-username-password-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Browser - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "fc465524-c7be-4456-95d5-54e4c9b176cc", + "alias": "registration", + "description": "registration flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-page-form", + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": true, + "flowAlias": "registration form", + "userSetupAllowed": false + } + ] + }, + { + "id": "a286a53e-42df-4b02-9628-2a00ae29eaed", + "alias": "registration form", + "description": "registration form", + "providerId": "form-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-user-creation", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "registration-password-action", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 50, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "registration-recaptcha-action", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 60, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "registration-terms-and-conditions", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 70, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "a48d14b3-0bee-4f08-a4d7-faf4c39a65a7", + "alias": "reset credentials", + "description": "Reset credentials for a user if they forgot their password or something", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "reset-credentials-choose-user", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-credential-email", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-password", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 30, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 40, + "autheticatorFlow": true, + "flowAlias": "Reset - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "70fb377c-643f-4825-bddc-39d320a9c589", + "alias": "saml ecp", + "description": "SAML ECP Profile Authentication Flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "http-basic-authenticator", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + } + ], + "authenticatorConfig": [ + { + "id": "14fc038c-52ff-4364-bd24-b5c945e423a3", + "alias": "create unique user config", + "config": { + "require.password.update.after.registration": "false" } - }, { - "id" : "6b9c2275-e252-443f-a7df-3ca9434dfcc4", - "name" : "hmac-generated-hs512", - "providerId" : "hmac-generated", - "subComponents" : { }, - "config" : { - "kid" : [ "17d0589d-2fd6-4b15-a630-aab003c7b60c" ], - "secret" : [ "Uc8c3tea6MO_tsLqSwgzWe3Gz-PUrnqUQHdDvGX49im2SLHC8QEQXvztcRNXgTgqDngCizYALvfhEoppYwZVf58ZxMIi94dwN41G5VaWEljeN9yy34k-B0A9UBSWM7cUe88G11uu3qb9Eq2G9CLYUnXau0wD5ut_4PIcXuFqsTM" ], - "priority" : [ "100" ], - "algorithm" : [ "HS512" ] + }, + { + "id": "f4520a29-f179-4528-bf44-42b932f03513", + "alias": "review profile config", + "config": { + "update.profile.on.first.login": "missing" } - } ] - }, - "internationalizationEnabled" : false, - "supportedLocales" : [ ], - "authenticationFlows" : [ { - "id" : "8ac064df-d6eb-415b-b35e-9272444e5989", - "alias" : "Account verification options", - "description" : "Method with which to verity the existing account", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "idp-email-verification", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "ALTERNATIVE", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "Verify Existing Account by Re-authentication", - "userSetupAllowed" : false - } ] - }, { - "id" : "fc428191-5b32-4163-971b-e06243910cba", - "alias" : "Browser - Conditional OTP", - "description" : "Flow to determine if the OTP is required for the authentication", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "auth-otp-form", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "3b48c560-76b0-402f-984a-6f379009b2fa", - "alias" : "Direct Grant - Conditional OTP", - "description" : "Flow to determine if the OTP is required for the authentication", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "direct-grant-validate-otp", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "4880026f-46fe-409a-a193-aa259876b6e2", - "alias" : "First broker login - Conditional OTP", - "description" : "Flow to determine if the OTP is required for the authentication", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "auth-otp-form", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "4e16f15f-0f4e-4d34-a751-3058815713f0", - "alias" : "Handle Existing Account", - "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "idp-confirm-link", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "Account verification options", - "userSetupAllowed" : false - } ] - }, { - "id" : "c436cd03-f846-4eae-aaa9-b0937f1f5628", - "alias" : "Reset - Conditional OTP", - "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "reset-otp", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "c40bd066-576b-4363-8e6a-0f955358fd4e", - "alias" : "User creation or linking", - "description" : "Flow for the existing/non-existing user alternatives", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticatorConfig" : "create unique user config", - "authenticator" : "idp-create-user-if-unique", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "ALTERNATIVE", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "Handle Existing Account", - "userSetupAllowed" : false - } ] - }, { - "id" : "68a167cb-352d-489c-92a3-e7c7f1b865c0", - "alias" : "Verify Existing Account by Re-authentication", - "description" : "Reauthentication of existing account", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "idp-username-password-form", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "CONDITIONAL", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "First broker login - Conditional OTP", - "userSetupAllowed" : false - } ] - }, { - "id" : "6099a264-6faf-45ce-9209-bf15bd826809", - "alias" : "browser", - "description" : "browser based authentication", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "auth-cookie", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "auth-spnego", - "authenticatorFlow" : false, - "requirement" : "DISABLED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "identity-provider-redirector", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 25, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "ALTERNATIVE", - "priority" : 30, - "autheticatorFlow" : true, - "flowAlias" : "forms", - "userSetupAllowed" : false - } ] - }, { - "id" : "b32a2c98-1e14-4402-a320-8481bc672ed2", - "alias" : "clients", - "description" : "Base authentication for clients", - "providerId" : "client-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "client-secret", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "client-jwt", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "client-secret-jwt", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 30, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "client-x509", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 40, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "6a313b5b-1407-4859-8bb1-c3cd469ae4a3", - "alias" : "direct grant", - "description" : "OpenID Connect Resource Owner Grant", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "direct-grant-validate-username", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "direct-grant-validate-password", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "CONDITIONAL", - "priority" : 30, - "autheticatorFlow" : true, - "flowAlias" : "Direct Grant - Conditional OTP", - "userSetupAllowed" : false - } ] - }, { - "id" : "2c04ac4a-7288-4638-bc34-10e9eaaa9ca0", - "alias" : "docker auth", - "description" : "Used by Docker clients to authenticate against the IDP", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "docker-http-basic-authenticator", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "38055377-0634-4429-89de-b9ea772b34fc", - "alias" : "first broker login", - "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticatorConfig" : "review profile config", - "authenticator" : "idp-review-profile", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "User creation or linking", - "userSetupAllowed" : false - } ] - }, { - "id" : "6e004d03-47a3-4fcb-9624-5b3728014251", - "alias" : "forms", - "description" : "Username, password, otp and other auth forms.", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "auth-username-password-form", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "CONDITIONAL", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "Browser - Conditional OTP", - "userSetupAllowed" : false - } ] - }, { - "id" : "fc465524-c7be-4456-95d5-54e4c9b176cc", - "alias" : "registration", - "description" : "registration flow", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "registration-page-form", - "authenticatorFlow" : true, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : true, - "flowAlias" : "registration form", - "userSetupAllowed" : false - } ] - }, { - "id" : "a286a53e-42df-4b02-9628-2a00ae29eaed", - "alias" : "registration form", - "description" : "registration form", - "providerId" : "form-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "registration-user-creation", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "registration-password-action", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 50, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "registration-recaptcha-action", - "authenticatorFlow" : false, - "requirement" : "DISABLED", - "priority" : 60, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "registration-terms-and-conditions", - "authenticatorFlow" : false, - "requirement" : "DISABLED", - "priority" : 70, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "a48d14b3-0bee-4f08-a4d7-faf4c39a65a7", - "alias" : "reset credentials", - "description" : "Reset credentials for a user if they forgot their password or something", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "reset-credentials-choose-user", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "reset-credential-email", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "reset-password", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 30, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "CONDITIONAL", - "priority" : 40, - "autheticatorFlow" : true, - "flowAlias" : "Reset - Conditional OTP", - "userSetupAllowed" : false - } ] - }, { - "id" : "70fb377c-643f-4825-bddc-39d320a9c589", - "alias" : "saml ecp", - "description" : "SAML ECP Profile Authentication Flow", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "http-basic-authenticator", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - } ], - "authenticatorConfig" : [ { - "id" : "14fc038c-52ff-4364-bd24-b5c945e423a3", - "alias" : "create unique user config", - "config" : { - "require.password.update.after.registration" : "false" } - }, { - "id" : "f4520a29-f179-4528-bf44-42b932f03513", - "alias" : "review profile config", - "config" : { - "update.profile.on.first.login" : "missing" + ], + "requiredActions": [ + { + "alias": "CONFIGURE_TOTP", + "name": "Configure OTP", + "providerId": "CONFIGURE_TOTP", + "enabled": true, + "defaultAction": false, + "priority": 10, + "config": {} + }, + { + "alias": "TERMS_AND_CONDITIONS", + "name": "Terms and Conditions", + "providerId": "TERMS_AND_CONDITIONS", + "enabled": false, + "defaultAction": false, + "priority": 20, + "config": {} + }, + { + "alias": "UPDATE_PASSWORD", + "name": "Update Password", + "providerId": "UPDATE_PASSWORD", + "enabled": true, + "defaultAction": false, + "priority": 30, + "config": {} + }, + { + "alias": "UPDATE_PROFILE", + "name": "Update Profile", + "providerId": "UPDATE_PROFILE", + "enabled": true, + "defaultAction": false, + "priority": 40, + "config": {} + }, + { + "alias": "VERIFY_EMAIL", + "name": "Verify Email", + "providerId": "VERIFY_EMAIL", + "enabled": true, + "defaultAction": false, + "priority": 50, + "config": {} + }, + { + "alias": "delete_account", + "name": "Delete Account", + "providerId": "delete_account", + "enabled": false, + "defaultAction": false, + "priority": 60, + "config": {} + }, + { + "alias": "webauthn-register", + "name": "Webauthn Register", + "providerId": "webauthn-register", + "enabled": true, + "defaultAction": false, + "priority": 70, + "config": {} + }, + { + "alias": "webauthn-register-passwordless", + "name": "Webauthn Register Passwordless", + "providerId": "webauthn-register-passwordless", + "enabled": true, + "defaultAction": false, + "priority": 80, + "config": {} + }, + { + "alias": "VERIFY_PROFILE", + "name": "Verify Profile", + "providerId": "VERIFY_PROFILE", + "enabled": true, + "defaultAction": false, + "priority": 90, + "config": {} + }, + { + "alias": "update_user_locale", + "name": "Update User Locale", + "providerId": "update_user_locale", + "enabled": true, + "defaultAction": false, + "priority": 1000, + "config": {} } - } ], - "requiredActions" : [ { - "alias" : "CONFIGURE_TOTP", - "name" : "Configure OTP", - "providerId" : "CONFIGURE_TOTP", - "enabled" : true, - "defaultAction" : false, - "priority" : 10, - "config" : { } - }, { - "alias" : "TERMS_AND_CONDITIONS", - "name" : "Terms and Conditions", - "providerId" : "TERMS_AND_CONDITIONS", - "enabled" : false, - "defaultAction" : false, - "priority" : 20, - "config" : { } - }, { - "alias" : "UPDATE_PASSWORD", - "name" : "Update Password", - "providerId" : "UPDATE_PASSWORD", - "enabled" : true, - "defaultAction" : false, - "priority" : 30, - "config" : { } - }, { - "alias" : "UPDATE_PROFILE", - "name" : "Update Profile", - "providerId" : "UPDATE_PROFILE", - "enabled" : true, - "defaultAction" : false, - "priority" : 40, - "config" : { } - }, { - "alias" : "VERIFY_EMAIL", - "name" : "Verify Email", - "providerId" : "VERIFY_EMAIL", - "enabled" : true, - "defaultAction" : false, - "priority" : 50, - "config" : { } - }, { - "alias" : "delete_account", - "name" : "Delete Account", - "providerId" : "delete_account", - "enabled" : false, - "defaultAction" : false, - "priority" : 60, - "config" : { } - }, { - "alias" : "webauthn-register", - "name" : "Webauthn Register", - "providerId" : "webauthn-register", - "enabled" : true, - "defaultAction" : false, - "priority" : 70, - "config" : { } - }, { - "alias" : "webauthn-register-passwordless", - "name" : "Webauthn Register Passwordless", - "providerId" : "webauthn-register-passwordless", - "enabled" : true, - "defaultAction" : false, - "priority" : 80, - "config" : { } - }, { - "alias" : "VERIFY_PROFILE", - "name" : "Verify Profile", - "providerId" : "VERIFY_PROFILE", - "enabled" : true, - "defaultAction" : false, - "priority" : 90, - "config" : { } - }, { - "alias" : "update_user_locale", - "name" : "Update User Locale", - "providerId" : "update_user_locale", - "enabled" : true, - "defaultAction" : false, - "priority" : 1000, - "config" : { } - } ], - "browserFlow" : "browser", - "registrationFlow" : "registration", - "directGrantFlow" : "direct grant", - "resetCredentialsFlow" : "reset credentials", - "clientAuthenticationFlow" : "clients", - "dockerAuthenticationFlow" : "docker auth", - "firstBrokerLoginFlow" : "first broker login", - "attributes" : { - "cibaBackchannelTokenDeliveryMode" : "poll", - "cibaExpiresIn" : "120", - "cibaAuthRequestedUserHint" : "login_hint", - "oauth2DeviceCodeLifespan" : "600", - "clientOfflineSessionMaxLifespan" : "0", - "oauth2DevicePollingInterval" : "5", - "clientSessionIdleTimeout" : "0", - "parRequestUriLifespan" : "60", - "clientSessionMaxLifespan" : "0", - "clientOfflineSessionIdleTimeout" : "0", - "cibaInterval" : "5", - "realmReusableOtpCode" : "false" + ], + "browserFlow": "browser", + "registrationFlow": "registration", + "directGrantFlow": "direct grant", + "resetCredentialsFlow": "reset credentials", + "clientAuthenticationFlow": "clients", + "dockerAuthenticationFlow": "docker auth", + "firstBrokerLoginFlow": "first broker login", + "attributes": { + "cibaBackchannelTokenDeliveryMode": "poll", + "cibaExpiresIn": "120", + "cibaAuthRequestedUserHint": "login_hint", + "oauth2DeviceCodeLifespan": "600", + "clientOfflineSessionMaxLifespan": "0", + "oauth2DevicePollingInterval": "5", + "clientSessionIdleTimeout": "0", + "parRequestUriLifespan": "60", + "clientSessionMaxLifespan": "0", + "clientOfflineSessionIdleTimeout": "0", + "cibaInterval": "5", + "realmReusableOtpCode": "false" }, - "keycloakVersion" : "24.0.1", - "userManagedAccessAllowed" : false, - "clientProfiles" : { - "profiles" : [ ] + "keycloakVersion": "24.0.1", + "userManagedAccessAllowed": false, + "clientProfiles": { + "profiles": [] }, - "clientPolicies" : { - "policies" : [ ] + "clientPolicies": { + "policies": [] } -} \ No newline at end of file +} diff --git a/keycloak/import/mercury-users-0.json b/keycloak/import/mercury-users-0.json index 2107c93..e77de51 100644 --- a/keycloak/import/mercury-users-0.json +++ b/keycloak/import/mercury-users-0.json @@ -1,38 +1,41 @@ { - "realm" : "mercury", - "users" : [ { - "id" : "88a81486-ad52-42c8-b180-f143663a3ef9", - "username" : "service-account-mercury-backend", - "emailVerified" : false, - "createdTimestamp" : 1710663416356, - "enabled" : true, - "totp" : false, - "serviceAccountClientId" : "mercury-backend", - "credentials" : [ ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "realmRoles" : [ "default-roles-mercury" ], - "clientRoles" : { - "realm-management" : [ "manage-users", "view-users" ] + "realm": "mercury", + "users": [ + { + "id": "88a81486-ad52-42c8-b180-f143663a3ef9", + "username": "service-account-mercury-backend", + "emailVerified": false, + "createdTimestamp": 1710663416356, + "enabled": true, + "totp": false, + "serviceAccountClientId": "mercury-backend", + "credentials": [], + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": ["default-roles-mercury"], + "clientRoles": { + "realm-management": ["manage-users", "view-users"] + }, + "notBefore": 0, + "groups": [] }, - "notBefore" : 0, - "groups" : [ ] - }, { - "id" : "2b7c328b-bd51-4192-910b-b0e0a92976dd", - "username" : "service-account-mercury-testing", - "emailVerified" : false, - "createdTimestamp" : 1713953000752, - "enabled" : true, - "totp" : false, - "serviceAccountClientId" : "mercury-testing", - "credentials" : [ ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "realmRoles" : [ "default-roles-mercury" ], - "clientRoles" : { - "mercury-testing" : [ "uma_protection" ] - }, - "notBefore" : 0, - "groups" : [ ] - } ] -} \ No newline at end of file + { + "id": "2b7c328b-bd51-4192-910b-b0e0a92976dd", + "username": "service-account-mercury-testing", + "emailVerified": false, + "createdTimestamp": 1713953000752, + "enabled": true, + "totp": false, + "serviceAccountClientId": "mercury-testing", + "credentials": [], + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": ["default-roles-mercury"], + "clientRoles": { + "mercury-testing": ["uma_protection"] + }, + "notBefore": 0, + "groups": [] + } + ] +}