From de5e924b5256711162a98494c9bbb0da8204b1ac Mon Sep 17 00:00:00 2001 From: Dimitris ZARRAS Date: Thu, 16 Nov 2023 14:23:38 +0200 Subject: [PATCH 1/3] Remove unused Keycloak realm. --- keycloak/keycloak-realms/eudiw-realm.json | 2009 --------------------- 1 file changed, 2009 deletions(-) delete mode 100644 keycloak/keycloak-realms/eudiw-realm.json diff --git a/keycloak/keycloak-realms/eudiw-realm.json b/keycloak/keycloak-realms/eudiw-realm.json deleted file mode 100644 index 1b99b520..00000000 --- a/keycloak/keycloak-realms/eudiw-realm.json +++ /dev/null @@ -1,2009 +0,0 @@ -{ - "id" : "f8a65a95-0c78-478e-ae42-641d50abf1c7", - "realm" : "eudiw", - "notBefore" : 0, - "defaultSignatureAlgorithm" : "RS256", - "revokeRefreshToken" : false, - "refreshTokenMaxReuse" : 0, - "accessTokenLifespan" : 300, - "accessTokenLifespanForImplicitFlow" : 900, - "ssoSessionIdleTimeout" : 1800, - "ssoSessionMaxLifespan" : 36000, - "ssoSessionIdleTimeoutRememberMe" : 0, - "ssoSessionMaxLifespanRememberMe" : 0, - "offlineSessionIdleTimeout" : 2592000, - "offlineSessionMaxLifespanEnabled" : false, - "offlineSessionMaxLifespan" : 5184000, - "clientSessionIdleTimeout" : 0, - "clientSessionMaxLifespan" : 0, - "clientOfflineSessionIdleTimeout" : 0, - "clientOfflineSessionMaxLifespan" : 0, - "accessCodeLifespan" : 60, - "accessCodeLifespanUserAction" : 300, - "accessCodeLifespanLogin" : 1800, - "actionTokenGeneratedByAdminLifespan" : 43200, - "actionTokenGeneratedByUserLifespan" : 300, - "oauth2DeviceCodeLifespan" : 600, - "oauth2DevicePollingInterval" : 5, - "enabled" : true, - "sslRequired" : "external", - "registrationAllowed" : false, - "registrationEmailAsUsername" : false, - "rememberMe" : false, - "verifyEmail" : false, - "loginWithEmailAllowed" : true, - "duplicateEmailsAllowed" : false, - "resetPasswordAllowed" : false, - "editUsernameAllowed" : false, - "bruteForceProtected" : false, - "permanentLockout" : false, - "maxFailureWaitSeconds" : 900, - "minimumQuickLoginWaitSeconds" : 60, - "waitIncrementSeconds" : 60, - "quickLoginCheckMilliSeconds" : 1000, - "maxDeltaTimeSeconds" : 43200, - "failureFactor" : 30, - "roles" : { - "realm" : [ { - "id" : "389f68e4-f785-430f-ae87-50684f47a005", - "name" : "pid-holder", - "description" : "", - "composite" : false, - "clientRole" : false, - "containerId" : "f8a65a95-0c78-478e-ae42-641d50abf1c7", - "attributes" : { } - }, { - "id" : "786b4ad7-8b8f-45a5-92d8-63cd38feae8e", - "name" : "offline_access", - "description" : "${role_offline-access}", - "composite" : false, - "clientRole" : false, - "containerId" : "f8a65a95-0c78-478e-ae42-641d50abf1c7", - "attributes" : { } - }, { - "id" : "361e3125-6973-4108-b8a7-648d0c2099ea", - "name" : "pid-issuer", - "description" : "", - "composite" : false, - "clientRole" : false, - "containerId" : "f8a65a95-0c78-478e-ae42-641d50abf1c7", - "attributes" : { } - }, { - "id" : "8f03b5d6-a305-455b-9ad9-91480abb7865", - "name" : "default-roles-eudiw", - "description" : "${role_default-roles}", - "composite" : true, - "composites" : { - "realm" : [ "offline_access", "pid-holder", "uma_authorization" ], - "client" : { - "account" : [ "view-profile", "manage-account" ] - } - }, - "clientRole" : false, - "containerId" : "f8a65a95-0c78-478e-ae42-641d50abf1c7", - "attributes" : { } - }, { - "id" : "7102a6ce-fd4d-40c4-ac69-7ea47a2d30bb", - "name" : "uma_authorization", - "description" : "${role_uma_authorization}", - "composite" : false, - "clientRole" : false, - "containerId" : "f8a65a95-0c78-478e-ae42-641d50abf1c7", - "attributes" : { } - } ], - "client" : { - "curl" : [ ], - "realm-management" : [ { - "id" : "2ca09ee6-9f9a-499b-93df-f70067bb422c", - "name" : "view-realm", - "description" : "${role_view-realm}", - "composite" : false, - "clientRole" : true, - "containerId" : "a93892b2-874a-40d2-89ee-1028b81d654f", - "attributes" : { } - }, { - "id" : "0b43c3d8-cc8e-48a1-862f-b84a19e72fcc", - "name" : "view-users", - "description" : "${role_view-users}", - "composite" : true, - "composites" : { - "client" : { - "realm-management" : [ "query-users", "query-groups" ] - } - }, - "clientRole" : true, - "containerId" : "a93892b2-874a-40d2-89ee-1028b81d654f", - "attributes" : { } - }, { - "id" : "5f60e666-250b-4e43-a1cb-127c46d2a96d", - "name" : "create-client", - "description" : "${role_create-client}", - "composite" : false, - "clientRole" : true, - "containerId" : "a93892b2-874a-40d2-89ee-1028b81d654f", - "attributes" : { } - }, { - "id" : "1ff86eaf-f1de-4045-8ac4-a03511eade3d", - "name" : "manage-events", - "description" : "${role_manage-events}", - "composite" : false, - "clientRole" : true, - "containerId" : "a93892b2-874a-40d2-89ee-1028b81d654f", - "attributes" : { } - }, { - "id" : "38f460ff-dd08-4319-a85f-8da56c963d52", - "name" : "manage-users", - "description" : "${role_manage-users}", - "composite" : false, - "clientRole" : true, - "containerId" : "a93892b2-874a-40d2-89ee-1028b81d654f", - "attributes" : { } - }, { - "id" : "253500b7-cb78-461c-b2a6-d5c0880576f4", - "name" : "view-identity-providers", - "description" : "${role_view-identity-providers}", - "composite" : false, - "clientRole" : true, - "containerId" : "a93892b2-874a-40d2-89ee-1028b81d654f", - "attributes" : { } - }, { - "id" : "1b675b9a-8355-4bf2-8fe1-3dce4a0ebc0f", - "name" : "query-groups", - "description" : "${role_query-groups}", - "composite" : false, - "clientRole" : true, - "containerId" : "a93892b2-874a-40d2-89ee-1028b81d654f", - "attributes" : { } - }, { - "id" : "51a2057d-ec39-42a5-871a-ae93cd584b65", - "name" : "manage-realm", - "description" : "${role_manage-realm}", - "composite" : false, - "clientRole" : true, - "containerId" : "a93892b2-874a-40d2-89ee-1028b81d654f", - "attributes" : { } - }, { - "id" : "187be7da-84c1-4b0b-a52e-b672159b5370", - "name" : "view-clients", - "description" : "${role_view-clients}", - "composite" : true, - "composites" : { - "client" : { - "realm-management" : [ "query-clients" ] - } - }, - "clientRole" : true, - "containerId" : "a93892b2-874a-40d2-89ee-1028b81d654f", - "attributes" : { } - }, { - "id" : "e29cd27f-a09d-4e6e-ad1d-acca2eef004d", - "name" : "manage-authorization", - "description" : "${role_manage-authorization}", - "composite" : false, - "clientRole" : true, - "containerId" : "a93892b2-874a-40d2-89ee-1028b81d654f", - "attributes" : { } - }, { - "id" : "e0ff451f-069e-450c-b68c-362ef8d40f35", - "name" : "query-realms", - "description" : "${role_query-realms}", - "composite" : false, - "clientRole" : true, - "containerId" : "a93892b2-874a-40d2-89ee-1028b81d654f", - "attributes" : { } - }, { - "id" : "ef5b922f-0e09-464f-975e-2ea1874ad115", - "name" : "view-authorization", - "description" : "${role_view-authorization}", - "composite" : false, - "clientRole" : true, - "containerId" : "a93892b2-874a-40d2-89ee-1028b81d654f", - "attributes" : { } - }, { - "id" : "992d6943-463e-4b40-93fb-658e806a41d6", - "name" : "view-events", - "description" : "${role_view-events}", - "composite" : false, - "clientRole" : true, - "containerId" : "a93892b2-874a-40d2-89ee-1028b81d654f", - "attributes" : { } - }, { - "id" : "2d3457b0-5356-4c84-88e5-86871abea6cb", - "name" : "manage-clients", - "description" : "${role_manage-clients}", - "composite" : false, - "clientRole" : true, - "containerId" : "a93892b2-874a-40d2-89ee-1028b81d654f", - "attributes" : { } - }, { - "id" : "1faac53a-51c1-46c0-a630-3b26dec58588", - "name" : "impersonation", - "description" : "${role_impersonation}", - "composite" : false, - "clientRole" : true, - "containerId" : "a93892b2-874a-40d2-89ee-1028b81d654f", - "attributes" : { } - }, { - "id" : "ec971cfc-f673-4b5c-8c6f-30b1658a9697", - "name" : "query-clients", - "description" : "${role_query-clients}", - "composite" : false, - "clientRole" : true, - "containerId" : "a93892b2-874a-40d2-89ee-1028b81d654f", - "attributes" : { } - }, { - "id" : "e9e72f2b-5015-43c7-9064-f61102e2fde2", - "name" : "realm-admin", - "description" : "${role_realm-admin}", - "composite" : true, - "composites" : { - "client" : { - "realm-management" : [ "view-users", "view-realm", "create-client", "manage-events", "manage-users", "view-identity-providers", "query-groups", "view-clients", "manage-realm", "manage-authorization", "query-realms", "view-events", "view-authorization", "manage-clients", "impersonation", "query-clients", "query-users", "manage-identity-providers" ] - } - }, - "clientRole" : true, - "containerId" : "a93892b2-874a-40d2-89ee-1028b81d654f", - "attributes" : { } - }, { - "id" : "131d9394-b52c-4689-99d5-115c33bfcc3a", - "name" : "query-users", - "description" : "${role_query-users}", - "composite" : false, - "clientRole" : true, - "containerId" : "a93892b2-874a-40d2-89ee-1028b81d654f", - "attributes" : { } - }, { - "id" : "559bb26b-dbe7-4f23-be9b-f052a319436e", - "name" : "manage-identity-providers", - "description" : "${role_manage-identity-providers}", - "composite" : false, - "clientRole" : true, - "containerId" : "a93892b2-874a-40d2-89ee-1028b81d654f", - "attributes" : { } - } ], - "pid-issuer" : [ { - "id" : "823f5c2c-9074-4ee6-8e5a-13863fdc6d8f", - "name" : "uma_protection", - "composite" : false, - "clientRole" : true, - "containerId" : "e0140bd4-1713-44d3-aa8e-487eab0622a6", - "attributes" : { } - } ], - "wallet" : [ ], - "security-admin-console" : [ ], - "admin-cli" : [ ], - "account-console" : [ ], - "broker" : [ { - "id" : "06976394-03ee-48e0-9a45-79fc7b1398d9", - "name" : "read-token", - "description" : "${role_read-token}", - "composite" : false, - "clientRole" : true, - "containerId" : "e38cab94-c9a1-4ce6-b695-88794e0c5fae", - "attributes" : { } - } ], - "account" : [ { - "id" : "b6fd44e8-0292-4c1a-96ec-f367017a78c1", - "name" : "view-profile", - "description" : "${role_view-profile}", - "composite" : false, - "clientRole" : true, - "containerId" : "0c0f8c78-2196-4ae6-b4d3-375e15731907", - "attributes" : { } - }, { - "id" : "e59d4a12-bb14-4a9b-9d48-cc5f9444cbd6", - "name" : "manage-account-links", - "description" : "${role_manage-account-links}", - "composite" : false, - "clientRole" : true, - "containerId" : "0c0f8c78-2196-4ae6-b4d3-375e15731907", - "attributes" : { } - }, { - "id" : "95c9fe5c-a617-4493-8992-e949ab61de81", - "name" : "delete-account", - "description" : "${role_delete-account}", - "composite" : false, - "clientRole" : true, - "containerId" : "0c0f8c78-2196-4ae6-b4d3-375e15731907", - "attributes" : { } - }, { - "id" : "d75ecfba-9f31-4ec3-b814-e3690d0f2e68", - "name" : "view-groups", - "description" : "${role_view-groups}", - "composite" : false, - "clientRole" : true, - "containerId" : "0c0f8c78-2196-4ae6-b4d3-375e15731907", - "attributes" : { } - }, { - "id" : "a0e4cd7f-584f-4ab4-b8fe-701e5b801d6e", - "name" : "manage-consent", - "description" : "${role_manage-consent}", - "composite" : true, - "composites" : { - "client" : { - "account" : [ "view-consent" ] - } - }, - "clientRole" : true, - "containerId" : "0c0f8c78-2196-4ae6-b4d3-375e15731907", - "attributes" : { } - }, { - "id" : "0336a43b-2580-47c1-a853-9d31892d49c7", - "name" : "view-consent", - "description" : "${role_view-consent}", - "composite" : false, - "clientRole" : true, - "containerId" : "0c0f8c78-2196-4ae6-b4d3-375e15731907", - "attributes" : { } - }, { - "id" : "159560d9-6730-4915-b3f1-629e5601ec28", - "name" : "manage-account", - "description" : "${role_manage-account}", - "composite" : true, - "composites" : { - "client" : { - "account" : [ "manage-account-links" ] - } - }, - "clientRole" : true, - "containerId" : "0c0f8c78-2196-4ae6-b4d3-375e15731907", - "attributes" : { } - }, { - "id" : "6fe2eae1-a642-4f32-8161-9951e4780f2b", - "name" : "view-applications", - "description" : "${role_view-applications}", - "composite" : false, - "clientRole" : true, - "containerId" : "0c0f8c78-2196-4ae6-b4d3-375e15731907", - "attributes" : { } - } ] - } - }, - "groups" : [ { - "id" : "a5aef290-7147-4f3e-9931-d93f42306aac", - "name" : "all-users-group", - "path" : "/all-users-group", - "attributes" : { }, - "realmRoles" : [ "pid-holder" ], - "clientRoles" : { }, - "subGroups" : [ ] - }, { - "id" : "73d26f4f-bf84-407d-8251-2a24758e65b8", - "name" : "pkpop", - "path" : "/pkpop", - "attributes" : { }, - "realmRoles" : [ "pid-holder" ], - "clientRoles" : { }, - "subGroups" : [ ] - } ], - "defaultRole" : { - "id" : "8f03b5d6-a305-455b-9ad9-91480abb7865", - "name" : "default-roles-eudiw", - "description" : "${role_default-roles}", - "composite" : true, - "clientRole" : false, - "containerId" : "f8a65a95-0c78-478e-ae42-641d50abf1c7" - }, - "requiredCredentials" : [ "password" ], - "otpPolicyType" : "totp", - "otpPolicyAlgorithm" : "HmacSHA1", - "otpPolicyInitialCounter" : 0, - "otpPolicyDigits" : 6, - "otpPolicyLookAheadWindow" : 1, - "otpPolicyPeriod" : 30, - "otpPolicyCodeReusable" : false, - "otpSupportedApplications" : [ "totpAppFreeOTPName", "totpAppGoogleName", "totpAppMicrosoftAuthenticatorName" ], - "localizationTexts" : { }, - "webAuthnPolicyRpEntityName" : "keycloak", - "webAuthnPolicySignatureAlgorithms" : [ "ES256" ], - "webAuthnPolicyRpId" : "", - "webAuthnPolicyAttestationConveyancePreference" : "not specified", - "webAuthnPolicyAuthenticatorAttachment" : "not specified", - "webAuthnPolicyRequireResidentKey" : "not specified", - "webAuthnPolicyUserVerificationRequirement" : "not specified", - "webAuthnPolicyCreateTimeout" : 0, - "webAuthnPolicyAvoidSameAuthenticatorRegister" : false, - "webAuthnPolicyAcceptableAaguids" : [ ], - "webAuthnPolicyPasswordlessRpEntityName" : "keycloak", - "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ], - "webAuthnPolicyPasswordlessRpId" : "", - "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified", - "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified", - "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified", - "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified", - "webAuthnPolicyPasswordlessCreateTimeout" : 0, - "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false, - "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ], - "users" : [ { - "id" : "62f4c191-aef3-4243-a11a-836bb56b463b", - "createdTimestamp" : 1695976552021, - "username" : "service-account-pid-issuer", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "serviceAccountClientId" : "pid-issuer", - "credentials" : [ ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "realmRoles" : [ "default-roles-eudiw" ], - "clientRoles" : { - "pid-issuer" : [ "uma_protection" ] - }, - "notBefore" : 0, - "groups" : [ ] - }, { - "id" : "ab84be11-f952-43ca-a51a-2b1c1d30560d", - "createdTimestamp" : 1695904007444, - "username" : "usera", - "enabled" : true, - "totp" : false, - "emailVerified" : true, - "firstName" : "firstnamea", - "lastName" : "lastnamea", - "attributes" : { - "attributeA" : [ "valueA" ] - }, - "credentials" : [ { - "id" : "21f14bff-9870-44b4-9f67-54e137c6cd50", - "type" : "password", - "userLabel" : "My password", - "createdDate" : 1695904015786, - "secretData" : "{\"value\":\"Rb9tScGmeWLW28VgTGAkyRnd4AWGDJq/6kYlcYXQDHo=\",\"salt\":\"X9k9vccy0y4hetxFAptm5w==\",\"additionalParameters\":{}}", - "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" - } ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "realmRoles" : [ "default-roles-eudiw" ], - "notBefore" : 0, - "groups" : [ ] - } ], - "scopeMappings" : [ { - "clientScope" : "pid-mso-mdoc-scope", - "roles" : [ "pid-holder" ] - }, { - "clientScope" : "pid-sdjwt-vc-scope", - "roles" : [ "pid-holder" ] - }, { - "clientScope" : "offline_access", - "roles" : [ "offline_access" ] - } ], - "clientScopeMappings" : { - "account" : [ { - "client" : "account-console", - "roles" : [ "manage-account", "view-groups" ] - } ] - }, - "clients" : [ { - "id" : "0c0f8c78-2196-4ae6-b4d3-375e15731907", - "clientId" : "account", - "name" : "${client_account}", - "rootUrl" : "${authBaseUrl}", - "baseUrl" : "/realms/eudiw/account/", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ "/realms/eudiw/account/*" ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "post.logout.redirect.uris" : "+" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "5ea096e2-66d8-47d7-8bf9-57c364cb8e47", - "clientId" : "account-console", - "name" : "${client_account-console}", - "rootUrl" : "${authBaseUrl}", - "baseUrl" : "/realms/eudiw/account/", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ "/realms/eudiw/account/*" ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "post.logout.redirect.uris" : "+", - "pkce.code.challenge.method" : "S256" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "protocolMappers" : [ { - "id" : "fe69c5f9-e2cd-42b9-888b-f98d148903ba", - "name" : "audience resolve", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-audience-resolve-mapper", - "consentRequired" : false, - "config" : { } - } ], - "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "e87b7bd5-3f22-4f79-a38b-e5dab0329e10", - "clientId" : "admin-cli", - "name" : "${client_admin-cli}", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : false, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : true, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "e38cab94-c9a1-4ce6-b695-88794e0c5fae", - "clientId" : "broker", - "name" : "${client_broker}", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : true, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "1483a1a4-ea4d-4f08-85c3-1bd2b528a80b", - "clientId" : "curl", - "name" : "", - "description" : "", - "rootUrl" : "", - "adminUrl" : "", - "baseUrl" : "", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "sPlh7MNoPEiYKoM3KXERFd515b6U8g87", - "redirectUris" : [ "*" ], - "webOrigins" : [ "*" ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : true, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : true, - "protocol" : "openid-connect", - "attributes" : { - "oidc.ciba.grant.enabled" : "false", - "client.secret.creation.time" : "1695908544", - "backchannel.logout.session.required" : "true", - "oauth2.device.authorization.grant.enabled" : "false", - "display.on.consent.screen" : "false", - "backchannel.logout.revoke.offline.tokens" : "false" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : true, - "nodeReRegistrationTimeout" : -1, - "defaultClientScopes" : [ "web-origins", "pid-mso-mdoc-scope", "acr", "roles", "profile", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "e0140bd4-1713-44d3-aa8e-487eab0622a6", - "clientId" : "pid-issuer", - "name" : "PID Issuer resource server", - "description" : "PID Issuer resource server", - "rootUrl" : "http://localhost:8080", - "adminUrl" : "http://localhost:8080", - "baseUrl" : "", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "HjnvVoAOKOCI3UOTR1rkY09gkuXyQNDj", - "redirectUris" : [ "*" ], - "webOrigins" : [ "*" ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : true, - "serviceAccountsEnabled" : true, - "authorizationServicesEnabled" : true, - "publicClient" : false, - "frontchannelLogout" : true, - "protocol" : "openid-connect", - "attributes" : { - "oidc.ciba.grant.enabled" : "false", - "oauth2.device.authorization.grant.enabled" : "false", - "client.secret.creation.time" : "1695976552", - "backchannel.logout.session.required" : "true", - "backchannel.logout.revoke.offline.tokens" : "false" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : true, - "nodeReRegistrationTimeout" : -1, - "protocolMappers" : [ { - "id" : "5a24f723-a06f-4a02-86d4-af8bf4b7ede7", - "name" : "Client ID", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usersessionmodel-note-mapper", - "consentRequired" : false, - "config" : { - "user.session.note" : "client_id", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "client_id", - "jsonType.label" : "String" - } - }, { - "id" : "54296496-4cf3-45e9-bd3e-6040b9eff0b1", - "name" : "Client Host", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usersessionmodel-note-mapper", - "consentRequired" : false, - "config" : { - "user.session.note" : "clientHost", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "clientHost", - "jsonType.label" : "String" - } - }, { - "id" : "c479f1c8-e774-4f19-86c6-cb89aca53f11", - "name" : "Client IP Address", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usersessionmodel-note-mapper", - "consentRequired" : false, - "config" : { - "user.session.note" : "clientAddress", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "clientAddress", - "jsonType.label" : "String" - } - } ], - "defaultClientScopes" : [ "web-origins", "pid-mso-mdoc-scope", "acr", "pid-sdjwt-vc-scope", "roles", "profile", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "a93892b2-874a-40d2-89ee-1028b81d654f", - "clientId" : "realm-management", - "name" : "${client_realm-management}", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : true, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "6a804e81-3405-427a-a968-cfc09204ec1d", - "clientId" : "security-admin-console", - "name" : "${client_security-admin-console}", - "rootUrl" : "${authAdminUrl}", - "baseUrl" : "/admin/eudiw/console/", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ "/admin/eudiw/console/*" ], - "webOrigins" : [ "+" ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "post.logout.redirect.uris" : "+", - "pkce.code.challenge.method" : "S256" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "protocolMappers" : [ { - "id" : "c90302ca-259a-49bb-af08-1bf3a6c62448", - "name" : "locale", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "locale", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "locale", - "jsonType.label" : "String" - } - } ], - "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "96c77216-b349-4fbc-b9c2-ba22240de17a", - "clientId" : "wallet", - "name" : "EUDI Wallet", - "description" : "", - "rootUrl" : "http://localhost:8080", - "adminUrl" : "http://localhost:8080", - "baseUrl" : "", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ "http://localhost:8080/*", "http://localhost:8080", "http://eudiw/*", "urn:ietf:wg:oauth:2.0:oob" ], - "webOrigins" : [ "*" ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : true, - "protocol" : "openid-connect", - "attributes" : { - "oidc.ciba.grant.enabled" : "false", - "oauth2.device.authorization.grant.enabled" : "false", - "display.on.consent.screen" : "false", - "backchannel.logout.session.required" : "true", - "backchannel.logout.revoke.offline.tokens" : "false" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : true, - "nodeReRegistrationTimeout" : -1, - "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], - "optionalClientScopes" : [ "pid-mso-mdoc-scope", "address", "pid-sdjwt-vc-scope", "phone", "offline_access", "microprofile-jwt" ] - } ], - "clientScopes" : [ { - "id" : "1f00341c-b3d5-4d62-9670-98ac6eebfbed", - "name" : "role_list", - "description" : "SAML role list", - "protocol" : "saml", - "attributes" : { - "consent.screen.text" : "${samlRoleListScopeConsentText}", - "display.on.consent.screen" : "true" - }, - "protocolMappers" : [ { - "id" : "b10f7eec-81f1-4f89-ae27-659950eb8ed3", - "name" : "role list", - "protocol" : "saml", - "protocolMapper" : "saml-role-list-mapper", - "consentRequired" : false, - "config" : { - "single" : "false", - "attribute.nameformat" : "Basic", - "attribute.name" : "Role" - } - } ] - }, { - "id" : "7d53c3c8-1098-4607-bf40-d7253e969b9e", - "name" : "roles", - "description" : "OpenID Connect scope for add user roles to the access token", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "false", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${rolesScopeConsentText}" - }, - "protocolMappers" : [ { - "id" : "5947d025-22c8-46f1-b157-20af1bd7b0a6", - "name" : "realm roles", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-realm-role-mapper", - "consentRequired" : false, - "config" : { - "user.attribute" : "foo", - "access.token.claim" : "true", - "claim.name" : "realm_access.roles", - "jsonType.label" : "String", - "multivalued" : "true" - } - }, { - "id" : "02baf2f9-e3b0-4c22-aa82-cc3f04d5ab6d", - "name" : "audience resolve", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-audience-resolve-mapper", - "consentRequired" : false, - "config" : { } - }, { - "id" : "f2128785-4efb-4fcb-8eef-bb4c212363ae", - "name" : "client roles", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-client-role-mapper", - "consentRequired" : false, - "config" : { - "user.attribute" : "foo", - "access.token.claim" : "true", - "claim.name" : "resource_access.${client_id}.roles", - "jsonType.label" : "String", - "multivalued" : "true" - } - } ] - }, { - "id" : "9279e71b-0534-403a-8886-31a83a417651", - "name" : "pid-mso-mdoc-scope", - "description" : "pid-mso-mdoc-scope", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "gui.order" : "", - "consent.screen.text" : "" - } - }, { - "id" : "01a1d1b5-c1e5-419c-acff-0b995b4d53fc", - "name" : "pid-sdjwt-vc-scope", - "description" : "pid-sdjwt-vc-scope", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "gui.order" : "", - "consent.screen.text" : "" - } - }, { - "id" : "7e78bf2c-36a7-478f-b251-7a1eb8b08325", - "name" : "profile", - "description" : "OpenID Connect built-in scope: profile", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${profileScopeConsentText}" - }, - "protocolMappers" : [ { - "id" : "09df2e0b-6023-4a32-8e89-4c0666f800f9", - "name" : "username", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "username", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "preferred_username", - "jsonType.label" : "String" - } - }, { - "id" : "dd7aebd2-34d7-43e6-bbc5-c8cd4ab61076", - "name" : "updated at", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "updatedAt", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "updated_at", - "jsonType.label" : "long" - } - }, { - "id" : "b9214d3a-f694-4484-9150-d4c9fddfefb7", - "name" : "website", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "website", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "website", - "jsonType.label" : "String" - } - }, { - "id" : "34cf8538-b244-4cba-8535-effe96c44999", - "name" : "locale", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "locale", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "locale", - "jsonType.label" : "String" - } - }, { - "id" : "b71868a5-d2f3-4e38-8aa5-307f62794aaf", - "name" : "birthdate", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "birthdate", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "birthdate", - "jsonType.label" : "String" - } - }, { - "id" : "438b137b-3d6c-41b1-b12a-15b72c5c98eb", - "name" : "family name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "lastName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "family_name", - "jsonType.label" : "String" - } - }, { - "id" : "acdd6ab6-dc91-4cc5-9c7d-1f7c80beae94", - "name" : "middle name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "middleName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "middle_name", - "jsonType.label" : "String" - } - }, { - "id" : "936ed9ab-9bb0-4dc7-8cc0-3951a9cf2c9f", - "name" : "nickname", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "nickname", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "nickname", - "jsonType.label" : "String" - } - }, { - "id" : "bccb71c7-1292-43cb-993f-a60ca8517736", - "name" : "profile", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "profile", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "profile", - "jsonType.label" : "String" - } - }, { - "id" : "2e9a6e03-2224-4514-8f80-ab18969c76be", - "name" : "gender", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "gender", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "gender", - "jsonType.label" : "String" - } - }, { - "id" : "917c9711-0bfa-440c-9bd5-30224d1b019d", - "name" : "full name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-full-name-mapper", - "consentRequired" : false, - "config" : { - "id.token.claim" : "true", - "access.token.claim" : "true", - "userinfo.token.claim" : "true" - } - }, { - "id" : "44e46e28-fba0-447a-ac90-f15e10128742", - "name" : "zoneinfo", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "zoneinfo", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "zoneinfo", - "jsonType.label" : "String" - } - }, { - "id" : "2f712d2c-499c-4ec2-bb16-63ee4bb06aa1", - "name" : "given name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "firstName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "given_name", - "jsonType.label" : "String" - } - }, { - "id" : "33ac4056-f9f8-4975-bbe8-59835ec7f8cb", - "name" : "picture", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "picture", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "picture", - "jsonType.label" : "String" - } - } ] - }, { - "id" : "b75772aa-94c5-490c-ab6c-7440a6a4ce98", - "name" : "acr", - "description" : "OpenID Connect scope for add acr (authentication context class reference) to the token", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "false", - "display.on.consent.screen" : "false" - }, - "protocolMappers" : [ { - "id" : "f0c087d3-8519-4691-81b1-67fd102391ba", - "name" : "acr loa level", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-acr-mapper", - "consentRequired" : false, - "config" : { - "id.token.claim" : "true", - "access.token.claim" : "true" - } - } ] - }, { - "id" : "862bb75c-e6aa-477b-801a-59b4e0d37f6c", - "name" : "address", - "description" : "OpenID Connect built-in scope: address", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${addressScopeConsentText}" - }, - "protocolMappers" : [ { - "id" : "2ff2d2b7-b0c2-4ad7-8c19-2c66f7098733", - "name" : "address", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-address-mapper", - "consentRequired" : false, - "config" : { - "user.attribute.formatted" : "formatted", - "user.attribute.country" : "country", - "user.attribute.postal_code" : "postal_code", - "userinfo.token.claim" : "true", - "user.attribute.street" : "street", - "id.token.claim" : "true", - "user.attribute.region" : "region", - "access.token.claim" : "true", - "user.attribute.locality" : "locality" - } - } ] - }, { - "id" : "e6c0305e-744a-4af3-a37e-a4c10689ee18", - "name" : "email", - "description" : "OpenID Connect built-in scope: email", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "gui.order" : "", - "consent.screen.text" : "${emailScopeConsentText}" - }, - "protocolMappers" : [ { - "id" : "f00514be-e685-4ab1-bef6-9e30663b6d4b", - "name" : "email", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "email", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "email", - "jsonType.label" : "String" - } - }, { - "id" : "e3e84ac0-8d23-4f9e-8fd0-4041ea9beb7f", - "name" : "email verified", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "emailVerified", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "email_verified", - "jsonType.label" : "boolean" - } - } ] - }, { - "id" : "5345786f-3bf6-4428-b1a1-2b06387a8550", - "name" : "offline_access", - "description" : "OpenID Connect built-in scope: offline_access", - "protocol" : "openid-connect", - "attributes" : { - "consent.screen.text" : "${offlineAccessScopeConsentText}", - "display.on.consent.screen" : "true" - } - }, { - "id" : "dfc2d6fd-f2cf-4a90-aac6-3f090a8ece3c", - "name" : "phone", - "description" : "OpenID Connect built-in scope: phone", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${phoneScopeConsentText}" - }, - "protocolMappers" : [ { - "id" : "8129e49a-5380-45ea-aef4-adb7978a6e0b", - "name" : "phone number verified", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "phoneNumberVerified", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "phone_number_verified", - "jsonType.label" : "boolean" - } - }, { - "id" : "326d78d4-29d0-4680-ba92-4e87a80523c0", - "name" : "phone number", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "phoneNumber", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "phone_number", - "jsonType.label" : "String" - } - } ] - }, { - "id" : "77f33156-0531-4a04-83b3-41621708eda4", - "name" : "microprofile-jwt", - "description" : "Microprofile - JWT built-in scope", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "false" - }, - "protocolMappers" : [ { - "id" : "f45dac80-37f2-4941-9214-d2eb2d45ed52", - "name" : "upn", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "username", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "upn", - "jsonType.label" : "String" - } - }, { - "id" : "8e3cf33c-7064-4973-908c-f7c7e43b8481", - "name" : "groups", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-realm-role-mapper", - "consentRequired" : false, - "config" : { - "multivalued" : "true", - "user.attribute" : "foo", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "groups", - "jsonType.label" : "String" - } - } ] - }, { - "id" : "0f7e28e7-6032-48dd-9dfa-fa3fb3862a24", - "name" : "web-origins", - "description" : "OpenID Connect scope for add allowed web origins to the access token", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "false", - "display.on.consent.screen" : "false", - "consent.screen.text" : "" - }, - "protocolMappers" : [ { - "id" : "9a1cd101-d191-4ad2-b227-7b8873306509", - "name" : "allowed web origins", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-allowed-origins-mapper", - "consentRequired" : false, - "config" : { } - } ] - } ], - "defaultDefaultClientScopes" : [ "role_list", "profile", "roles", "web-origins", "acr", "pid-sdjwt-vc-scope", "pid-mso-mdoc-scope", "email" ], - "defaultOptionalClientScopes" : [ "offline_access", "address", "phone", "microprofile-jwt" ], - "browserSecurityHeaders" : { - "contentSecurityPolicyReportOnly" : "", - "xContentTypeOptions" : "nosniff", - "referrerPolicy" : "no-referrer", - "xRobotsTag" : "none", - "xFrameOptions" : "SAMEORIGIN", - "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - "xXSSProtection" : "1; mode=block", - "strictTransportSecurity" : "max-age=31536000; includeSubDomains" - }, - "smtpServer" : { }, - "eventsEnabled" : true, - "eventsExpiration" : 432000, - "eventsListeners" : [ "jboss-logging" ], - "enabledEventTypes" : [ "SEND_RESET_PASSWORD", "UPDATE_CONSENT_ERROR", "GRANT_CONSENT", "VERIFY_PROFILE_ERROR", "REMOVE_TOTP", "REVOKE_GRANT", "UPDATE_TOTP", "LOGIN_ERROR", "CLIENT_LOGIN", "RESET_PASSWORD_ERROR", "IMPERSONATE_ERROR", "CODE_TO_TOKEN_ERROR", "CUSTOM_REQUIRED_ACTION", "OAUTH2_DEVICE_CODE_TO_TOKEN_ERROR", "RESTART_AUTHENTICATION", "IMPERSONATE", "UPDATE_PROFILE_ERROR", "LOGIN", "OAUTH2_DEVICE_VERIFY_USER_CODE", "UPDATE_PASSWORD_ERROR", "CLIENT_INITIATED_ACCOUNT_LINKING", "USER_DISABLED_BY_PERMANENT_LOCKOUT", "TOKEN_EXCHANGE", "AUTHREQID_TO_TOKEN", "LOGOUT", "REGISTER", "DELETE_ACCOUNT_ERROR", "CLIENT_REGISTER", "IDENTITY_PROVIDER_LINK_ACCOUNT", "DELETE_ACCOUNT", "UPDATE_PASSWORD", "CLIENT_DELETE", "FEDERATED_IDENTITY_LINK_ERROR", "IDENTITY_PROVIDER_FIRST_LOGIN", "CLIENT_DELETE_ERROR", "VERIFY_EMAIL", "CLIENT_LOGIN_ERROR", "RESTART_AUTHENTICATION_ERROR", "EXECUTE_ACTIONS", "REMOVE_FEDERATED_IDENTITY_ERROR", "TOKEN_EXCHANGE_ERROR", "PERMISSION_TOKEN", "SEND_IDENTITY_PROVIDER_LINK_ERROR", "EXECUTE_ACTION_TOKEN_ERROR", "SEND_VERIFY_EMAIL", "OAUTH2_DEVICE_AUTH", "EXECUTE_ACTIONS_ERROR", "REMOVE_FEDERATED_IDENTITY", "OAUTH2_DEVICE_CODE_TO_TOKEN", "IDENTITY_PROVIDER_POST_LOGIN", "IDENTITY_PROVIDER_LINK_ACCOUNT_ERROR", "OAUTH2_DEVICE_VERIFY_USER_CODE_ERROR", "UPDATE_EMAIL", "REGISTER_ERROR", "REVOKE_GRANT_ERROR", "EXECUTE_ACTION_TOKEN", "LOGOUT_ERROR", "UPDATE_EMAIL_ERROR", "CLIENT_UPDATE_ERROR", "AUTHREQID_TO_TOKEN_ERROR", "UPDATE_PROFILE", "CLIENT_REGISTER_ERROR", "FEDERATED_IDENTITY_LINK", "SEND_IDENTITY_PROVIDER_LINK", "SEND_VERIFY_EMAIL_ERROR", "RESET_PASSWORD", "CLIENT_INITIATED_ACCOUNT_LINKING_ERROR", "OAUTH2_DEVICE_AUTH_ERROR", "UPDATE_CONSENT", "REMOVE_TOTP_ERROR", "VERIFY_EMAIL_ERROR", "SEND_RESET_PASSWORD_ERROR", "CLIENT_UPDATE", "CUSTOM_REQUIRED_ACTION_ERROR", "IDENTITY_PROVIDER_POST_LOGIN_ERROR", "UPDATE_TOTP_ERROR", "CODE_TO_TOKEN", "VERIFY_PROFILE", "GRANT_CONSENT_ERROR", "IDENTITY_PROVIDER_FIRST_LOGIN_ERROR" ], - "adminEventsEnabled" : true, - "adminEventsDetailsEnabled" : true, - "identityProviders" : [ ], - "identityProviderMappers" : [ ], - "components" : { - "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ { - "id" : "a186a61a-89d7-42b5-9921-267e25ac181a", - "name" : "Trusted Hosts", - "providerId" : "trusted-hosts", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "host-sending-registration-request-must-match" : [ "true" ], - "client-uris-must-match" : [ "true" ] - } - }, { - "id" : "346749a4-c2ac-4d91-922b-7d08abc92806", - "name" : "Allowed Client Scopes", - "providerId" : "allowed-client-templates", - "subType" : "authenticated", - "subComponents" : { }, - "config" : { - "allow-default-scopes" : [ "true" ] - } - }, { - "id" : "d4c2bb61-78f9-41cf-9a8e-ca5e73ef23f7", - "name" : "Allowed Client Scopes", - "providerId" : "allowed-client-templates", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "allow-default-scopes" : [ "true" ] - } - }, { - "id" : "d6bb3dc4-b8ee-41b0-8265-2e644a051d68", - "name" : "Allowed Protocol Mapper Types", - "providerId" : "allowed-protocol-mappers", - "subType" : "authenticated", - "subComponents" : { }, - "config" : { - "allowed-protocol-mapper-types" : [ "oidc-address-mapper", "oidc-full-name-mapper", "oidc-usermodel-attribute-mapper", "saml-role-list-mapper", "saml-user-property-mapper", "saml-user-attribute-mapper", "oidc-usermodel-property-mapper", "oidc-sha256-pairwise-sub-mapper" ] - } - }, { - "id" : "ea4f36f7-4073-41b8-8bac-6a7ecc04f1f1", - "name" : "Full Scope Disabled", - "providerId" : "scope", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { } - }, { - "id" : "8f2f1097-9dff-4a9e-b73d-cab3772872f8", - "name" : "Allowed Protocol Mapper Types", - "providerId" : "allowed-protocol-mappers", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "allowed-protocol-mapper-types" : [ "saml-role-list-mapper", "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper", "saml-user-property-mapper", "saml-user-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-address-mapper", "oidc-full-name-mapper" ] - } - }, { - "id" : "5a02bb9c-3e82-416d-8315-37da5f71eb83", - "name" : "Consent Required", - "providerId" : "consent-required", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { } - }, { - "id" : "43cf1581-1ca2-48be-924e-d6ef47f9c097", - "name" : "Max Clients Limit", - "providerId" : "max-clients", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "max-clients" : [ "200" ] - } - } ], - "org.keycloak.userprofile.UserProfileProvider" : [ { - "id" : "1e9b8e5f-635d-4ed7-aeac-59d8d12a6da5", - "providerId" : "declarative-user-profile", - "subComponents" : { }, - "config" : { } - } ], - "org.keycloak.keys.KeyProvider" : [ { - "id" : "a0eebc7c-7a0a-4992-9a76-b28c1830458b", - "name" : "hmac-generated", - "providerId" : "hmac-generated", - "subComponents" : { }, - "config" : { - "kid" : [ "2a73700a-e6a9-4dc0-b030-9aa2e066ae61" ], - "secret" : [ "HGqFbk6Ee_efurD7w1zPdpORNm29mT7Wsk2Hb7CdjzgZ23rG9zbKiXZmbPhr3yo6mf67UWPkEd4kUkHCcqSHxA" ], - "priority" : [ "100" ], - "algorithm" : [ "HS256" ] - } - }, { - "id" : "91b51cdd-f73a-4dac-b4b0-bbfe10a7b896", - "name" : "rsa-enc-generated", - "providerId" : "rsa-enc-generated", - "subComponents" : { }, - "config" : { - "privateKey" : [ "MIIEogIBAAKCAQEAlvVczbt9sKwvSXlZMLX0zCC9pHDKJ7uP51pymNOYS/y2ScDnlvEr5eKnztyC8tvNrUJT25xJxZHrUGeFVuwDDFinykM6wLr78M0sEWN8P7ulMDSm/I4T/iSnoo9/Y4Gkcv8REyMwVoeLoMco6u1238tQbnqlMiJppqZiJzGljRgSkagGn0qwHFONC96cWnPqQlgesbF4eL2DIzMqb7k4gWfM0yy8F4IPKx4/jm/HpMhy8D8BUtiWRiaFajjZxDfjCIgUITxeu5jqlD4ZGYw/BR/tDyiIZD0G8ZQTRm2x0XpeP7Hf35T9PHDdoBTEoAU9CHgMXH9I2eVnzjomL1WGCQIDAQABAoIBAAJ+gowip00qYEd+iOOKiheTdw2JK/ec4OkfaTM8lAwRE0/Rk81sHL/Q70cRvABKl6QfmRsHsH9ZJIkA4N25eOi065I42KSzWQ6Eg5lrPH0O8dEV51X7jovvvgiZ4bfWEGoN2eQfBS8LrFoZmEzxGoyr1Z9oiSOP4eyjycROOpTWApeqrfjyAKOVsDG1+FUN57rigIluv/h6/D+ENPALrepyeNKhvxjVCbX/ajWzrwfC6R6wj9JBVHhjJ2EraHZxkV/Bko7Xhq3mE0MTBEP5qkDK/N+oXuSS8n+qQ0A7r4IsUsADmI2rJUxT/FQQsZ4TguIJgswHnFJ13brVh5Ff0WECgYEAy4GLlOvE5hQyVE/tijJwxPZDQeVnK6oBdIFmcwE8Gp58bImTMIiV1UbgNDW4884o8JnaaAzmo5ylG1MNiaBnKaDjIAMz9jNWluMpDxVQUn0ddWV0qSwq4xdDbc8/cAFw25laqff/AqdqpsyxndjACWC+1C4qBWWhwOvKpvdqxlECgYEAveXauG2+Gsg6REzjFi/CC9bBD9iklZ72hFWu6/ED5t0YNxEfE5LgT3+mYgRuNW73lif2DZwIl0KOyPY2rBDtpxlAC+Omsc5oM1FM2udH2fLSnLq+OGENKp+P5mOU0qcmqs21Bx2RrjU9uAZ9qcrPvqiIqoFn2VgaTRLkDtlb/jkCgYA2Gh+QnMmA3VewAHvHJLfENTAWQbWW7yBp58jjxC1FamLru/tsiLNEuw3581pTPri1lkFxLhTW5Fskk4Ti1Mj4UTRwm0liJ63aeVO+Fc1/0JFXV3yXSQ2xx8p+U/2qekeVqgRncW3TN8zrwTlrHGeZVqYE5Kz5OFazYjxC/T3esQKBgEl2RzO7uKRRu0C64cqudQnxbUR9EcaT9VficcXyugiwlXKQHA6NblsyzaHzhtMC96LOGMDREP27ENOrdCECd32CJiWzTsRQTj00AWBZwpEM/+8DyxyyZs6LZbbB5UvMwAephpOXG8lh7Vton2p0/AMM3bngT9Vj4ODaIwGfkpf5AoGACO7SeUtRLpxEwi75t+nxAyiNIsUW5q86BTBDpyLdkNVqhQxo0bg85TXG2qYazu8dV5/EErHjCWoIBLtKThqNaTvLX4VI+e5o6RIk9UqJH9LzISTouB9ldDrMWUc64ZclvHHiFpUXDiLUjsWa/f/n0gLqFGGsx+LU/WbKiPp1c+0=" ], - "keyUse" : [ "ENC" ], - "certificate" : [ "MIICmTCCAYECBgGK27t1BDANBgkqhkiG9w0BAQsFADAQMQ4wDAYDVQQDDAVldWRpdzAeFw0yMzA5MjgxMjE4MzBaFw0zMzA5MjgxMjIwMTBaMBAxDjAMBgNVBAMMBWV1ZGl3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlvVczbt9sKwvSXlZMLX0zCC9pHDKJ7uP51pymNOYS/y2ScDnlvEr5eKnztyC8tvNrUJT25xJxZHrUGeFVuwDDFinykM6wLr78M0sEWN8P7ulMDSm/I4T/iSnoo9/Y4Gkcv8REyMwVoeLoMco6u1238tQbnqlMiJppqZiJzGljRgSkagGn0qwHFONC96cWnPqQlgesbF4eL2DIzMqb7k4gWfM0yy8F4IPKx4/jm/HpMhy8D8BUtiWRiaFajjZxDfjCIgUITxeu5jqlD4ZGYw/BR/tDyiIZD0G8ZQTRm2x0XpeP7Hf35T9PHDdoBTEoAU9CHgMXH9I2eVnzjomL1WGCQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBByMb9FHOg3D5uJQ9CyWg8xI5AADnFNaKE0fVS80Jlw76aKxPx/8S2TNlC/gWT0xjilYz3Ub4rZVVBHpieyZ7jEK65mc5NP6ouAySC5TUx2WZCyv3Nbg6HLAAm3d5wH/3xAJhGr6jTTSHuFCeup02b7UJOikGHx2HZv0sYlajb6j6sqDN9/xJiRuSK8hHaZ04cAK1dMMDm2QubAtZZXeIPb0bIct0hy+QBukUA+hpVfkg1ADYsAgFtd5dtL4HLg8SPsNuEr5cN0Szfo3FLyuarcivarMOdc9g94OTBISKpUStobAL6+PK7o3UJMF8ZjvG77XikFw6te38X+EcWSPcC" ], - "priority" : [ "100" ], - "algorithm" : [ "RSA-OAEP" ] - } - }, { - "id" : "24576524-338a-4591-80d7-638855fbbdc7", - "name" : "aes-generated", - "providerId" : "aes-generated", - "subComponents" : { }, - "config" : { - "kid" : [ "a2a9f6f1-540e-4b60-a553-cbbe4a59ce8b" ], - "secret" : [ "E_0k7yhDE19GApZasYxDiA" ], - "priority" : [ "100" ] - } - }, { - "id" : "3f25d7d3-e293-472f-ace2-c2cbdfa7bec4", - "name" : "rsa-generated", - "providerId" : "rsa-generated", - "subComponents" : { }, - "config" : { - "privateKey" : [ "MIIEpAIBAAKCAQEA5EJvy7BmsbTdVfrPYAigDN88oENUU4V3CZLKs+MMGEnkZ/ZG2NjtK5wDI+UBNS+9yFPp9/Ffp5iwajqrribq9dO3Ak88C4Z08TKRiqkxlMz1YQ4GfXcdKIvovSzjeUGvWn1K61rRlN/yjNMi7jHBIQlw5l84zEKDxbr0NS4hg6edNLzbSOMOzjUNvdRKI6RBZ+3XEbWL2KJXjbWABPj4e/aF40sEaqtD2HJtTWhyfk+hgMpflJiZ3lK+5/LpOL5iRNjEkExH2fnPZa/3l4Z5AY6txgVkLTm2KsNVCwhxBPzjuVJnTPQjB3KM2v/xq6p8xNT/gIz9bQs/IJnU0uTvXQIDAQABAoIBAAGut/gYv7NSD1Pi2C140s3DMzL8pTTV06feMengPzRcoMlx9eve1y78LcRRd1ArjLQR0I/BPBLoiZKkmH84xTdQOvpSTw0RRLlCITxdM+dtqwrKUHYTSp7x0aKSxFh5rfja2klOQZGnABQw8V2dG0XT2nzUy5EGcVhaszaMR9usxkNclF1hjCEHtcEcTVUm/gxXIbwj/L3WwwCVWJPP9Yfrji60Z8YZnqfs6XymVrYNk/5dLkUoQOrdpdLPeUNjWCuiId16RbCJ3eaxdjg4mgTMdN2AITbf71GU3kjDUbLMEQaKOI5EBm25QjjEcUnmhniG5TqY0yQ7kCNXVq88CWcCgYEA8hKnd8ySBaKnHH0S3o1NLv3RYTiYOqkWDYyxfOjGk6jLQZjIZqmVvAUbOw5hWAYwoF1J7DVgF9hfLnRFIGeOpsZt3mmhVaehuH4WD5PJ3HBMOIlDG3qwRanv5ss+YvJWLwcET88MRO4GiyHx2Q40nSK/bHuQiSzkZ1OtUCJnz78CgYEA8WRVgVWtZFEm8ep1Z1WD0k3tyRgPVgwdpzRZXHkRnteDoxauRarYVoRX2S7hlsxN6t+6aISuwk9jvGvgA6NnJ/Rby+YEiAFyKhB6uUhiIRsYd8In1+Sc8eBOQliHOhwpzyMguyM0dG7oiMTHNKJAuG12uJLeYs7JfX7/NEA2h+MCgYEAy/gF3f6kR1VPA8UrghSDpYW+x/F862iPqWkUIFCvCbofUa1fpolcHmobEL7ELPxCOs2APSSYTF9HjAfyOySm4UWvS8mrZFX0AVVUV1nKrBB/WN/niJ7vKjPPbaNxdMQG9GcwLeMizm3VW6SFeMPsdz7RFqJjHgKSjbHHBg+Hc1cCgYEAuyqfvdOvyOu/da3kcEX3GxZ/e//izEZCq8XEUBYzmmTiVY8dezk32wVslCJsmh85fxcQE0BlvJYP8CX4oPmO34TxtExaURZF7eWvMoC0TZUTyK/LcvN42XahV4IK//ycUlabZ16pqmngdUOWbfIsmpONjRmbwyMxSdQxjtMHNR8CgYB/cpJF8LeQYPXFwXZWET6yCIXIgbp92Urk1G1xXI0rUZKuD8eo6Ukw3s5bpBzzisfTgFbxrTVyojIs9LdzGwXsnBKLub25aJ9XnjtxTMg5/yfyR9+Xf0WllkmjrvRkX+7t190fxEkJWjA19h7NATZmMS9i/d2iGBFyn4gjV3yM7A==" ], - "keyUse" : [ "SIG" ], - "certificate" : [ "MIICmTCCAYECBgGK27t0hTANBgkqhkiG9w0BAQsFADAQMQ4wDAYDVQQDDAVldWRpdzAeFw0yMzA5MjgxMjE4MjlaFw0zMzA5MjgxMjIwMDlaMBAxDjAMBgNVBAMMBWV1ZGl3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5EJvy7BmsbTdVfrPYAigDN88oENUU4V3CZLKs+MMGEnkZ/ZG2NjtK5wDI+UBNS+9yFPp9/Ffp5iwajqrribq9dO3Ak88C4Z08TKRiqkxlMz1YQ4GfXcdKIvovSzjeUGvWn1K61rRlN/yjNMi7jHBIQlw5l84zEKDxbr0NS4hg6edNLzbSOMOzjUNvdRKI6RBZ+3XEbWL2KJXjbWABPj4e/aF40sEaqtD2HJtTWhyfk+hgMpflJiZ3lK+5/LpOL5iRNjEkExH2fnPZa/3l4Z5AY6txgVkLTm2KsNVCwhxBPzjuVJnTPQjB3KM2v/xq6p8xNT/gIz9bQs/IJnU0uTvXQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCQt2ITr1AQMTVEwtYrfiZtFjmJgpgMyWImShIwadrEaq3NALHxENETeL0mczsiGs19lo6yTVxJIUvxIvKjIr8cHFWks0P+b2PGf2sPQjsqBbmH+qOgSfCPTARGhG9v4Jy6xI10lbnH2/2uRAd45rmI1lJ3SuMV2s/q9cmXnfsqS3XVnQ6o00GxijQxZ2u/fxhzaUnwTZCRjvNUJ1hayhPSHkCiWUCbBvMBypGqZ07zv1AdiQUAZeOKEsn+91sk5NXYS9DLMxzgGR8zMg7Y5ud3ztqn0tYYYO0wOVgvNOK66nLSmjIYal0PmMx7qeOKLiTaNJPTctduCLkRn07TcjUP" ], - "priority" : [ "100" ] - } - } ] - }, - "internationalizationEnabled" : false, - "supportedLocales" : [ ], - "authenticationFlows" : [ { - "id" : "af5bd970-22ec-4525-bc78-4f677b144905", - "alias" : "Account verification options", - "description" : "Method with which to verity the existing account", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "idp-email-verification", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "ALTERNATIVE", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "Verify Existing Account by Re-authentication", - "userSetupAllowed" : false - } ] - }, { - "id" : "cfc82f04-b125-4805-afef-172b0027414d", - "alias" : "Browser - Conditional OTP", - "description" : "Flow to determine if the OTP is required for the authentication", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "auth-otp-form", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "49936c3d-4a1c-4ab3-9bad-441d93570af4", - "alias" : "Direct Grant - Conditional OTP", - "description" : "Flow to determine if the OTP is required for the authentication", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "direct-grant-validate-otp", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "ce7e2672-e155-4792-8bf0-dce64a156299", - "alias" : "First broker login - Conditional OTP", - "description" : "Flow to determine if the OTP is required for the authentication", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "auth-otp-form", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "9b65ca3b-6b9e-416c-a1d9-e76a2690ba0b", - "alias" : "Handle Existing Account", - "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "idp-confirm-link", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "Account verification options", - "userSetupAllowed" : false - } ] - }, { - "id" : "949b0b4d-d482-4960-a455-ad71c562e316", - "alias" : "Reset - Conditional OTP", - "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "reset-otp", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "3e5542ea-84e4-4fb9-9970-2d2de3c8c5a2", - "alias" : "User creation or linking", - "description" : "Flow for the existing/non-existing user alternatives", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticatorConfig" : "create unique user config", - "authenticator" : "idp-create-user-if-unique", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "ALTERNATIVE", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "Handle Existing Account", - "userSetupAllowed" : false - } ] - }, { - "id" : "710ae612-fc79-4f6a-a65a-0153a4cae118", - "alias" : "Verify Existing Account by Re-authentication", - "description" : "Reauthentication of existing account", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "idp-username-password-form", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "CONDITIONAL", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "First broker login - Conditional OTP", - "userSetupAllowed" : false - } ] - }, { - "id" : "6f18ad26-cd42-4b15-8986-df37acad70cb", - "alias" : "browser", - "description" : "browser based authentication", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "auth-cookie", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "auth-spnego", - "authenticatorFlow" : false, - "requirement" : "DISABLED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "identity-provider-redirector", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 25, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "ALTERNATIVE", - "priority" : 30, - "autheticatorFlow" : true, - "flowAlias" : "forms", - "userSetupAllowed" : false - } ] - }, { - "id" : "304ffc8e-2be1-46ad-9521-3c2de0396ee2", - "alias" : "clients", - "description" : "Base authentication for clients", - "providerId" : "client-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "client-secret", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "client-jwt", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "client-secret-jwt", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 30, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "client-x509", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 40, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "9fac50b7-aa07-464e-9923-716f19aa3944", - "alias" : "direct grant", - "description" : "OpenID Connect Resource Owner Grant", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "direct-grant-validate-username", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "direct-grant-validate-password", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "CONDITIONAL", - "priority" : 30, - "autheticatorFlow" : true, - "flowAlias" : "Direct Grant - Conditional OTP", - "userSetupAllowed" : false - } ] - }, { - "id" : "c6cbb76e-e193-4ec8-a404-5011063febc9", - "alias" : "docker auth", - "description" : "Used by Docker clients to authenticate against the IDP", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "docker-http-basic-authenticator", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "cb6a0ace-c540-4083-8a93-01b8d80ad56f", - "alias" : "first broker login", - "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticatorConfig" : "review profile config", - "authenticator" : "idp-review-profile", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "User creation or linking", - "userSetupAllowed" : false - } ] - }, { - "id" : "76cdbc0e-aa9f-4126-b97c-d17ca378739e", - "alias" : "forms", - "description" : "Username, password, otp and other auth forms.", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "auth-username-password-form", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "CONDITIONAL", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "Browser - Conditional OTP", - "userSetupAllowed" : false - } ] - }, { - "id" : "88a36d74-8995-4409-81dc-0e3487190682", - "alias" : "registration", - "description" : "registration flow", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "registration-page-form", - "authenticatorFlow" : true, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : true, - "flowAlias" : "registration form", - "userSetupAllowed" : false - } ] - }, { - "id" : "01921348-13b4-4bfd-8858-2a5860e966fc", - "alias" : "registration form", - "description" : "registration form", - "providerId" : "form-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "registration-user-creation", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "registration-profile-action", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 40, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "registration-password-action", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 50, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "registration-recaptcha-action", - "authenticatorFlow" : false, - "requirement" : "DISABLED", - "priority" : 60, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "65b7ce13-384a-45a5-8e02-c4601b519bdf", - "alias" : "reset credentials", - "description" : "Reset credentials for a user if they forgot their password or something", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "reset-credentials-choose-user", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "reset-credential-email", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "reset-password", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 30, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "CONDITIONAL", - "priority" : 40, - "autheticatorFlow" : true, - "flowAlias" : "Reset - Conditional OTP", - "userSetupAllowed" : false - } ] - }, { - "id" : "506026a9-e345-4906-aed5-698b7277d780", - "alias" : "saml ecp", - "description" : "SAML ECP Profile Authentication Flow", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "http-basic-authenticator", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - } ], - "authenticatorConfig" : [ { - "id" : "50254a4a-7255-4cc2-8994-b43bdc8fae0b", - "alias" : "create unique user config", - "config" : { - "require.password.update.after.registration" : "false" - } - }, { - "id" : "ceda5aa6-4e01-492c-b96a-56b7a46446c2", - "alias" : "review profile config", - "config" : { - "update.profile.on.first.login" : "missing" - } - } ], - "requiredActions" : [ { - "alias" : "CONFIGURE_TOTP", - "name" : "Configure OTP", - "providerId" : "CONFIGURE_TOTP", - "enabled" : true, - "defaultAction" : false, - "priority" : 10, - "config" : { } - }, { - "alias" : "TERMS_AND_CONDITIONS", - "name" : "Terms and Conditions", - "providerId" : "TERMS_AND_CONDITIONS", - "enabled" : false, - "defaultAction" : false, - "priority" : 20, - "config" : { } - }, { - "alias" : "UPDATE_PASSWORD", - "name" : "Update Password", - "providerId" : "UPDATE_PASSWORD", - "enabled" : true, - "defaultAction" : false, - "priority" : 30, - "config" : { } - }, { - "alias" : "UPDATE_PROFILE", - "name" : "Update Profile", - "providerId" : "UPDATE_PROFILE", - "enabled" : true, - "defaultAction" : false, - "priority" : 40, - "config" : { } - }, { - "alias" : "VERIFY_EMAIL", - "name" : "Verify Email", - "providerId" : "VERIFY_EMAIL", - "enabled" : true, - "defaultAction" : false, - "priority" : 50, - "config" : { } - }, { - "alias" : "delete_account", - "name" : "Delete Account", - "providerId" : "delete_account", - "enabled" : false, - "defaultAction" : false, - "priority" : 60, - "config" : { } - }, { - "alias" : "webauthn-register", - "name" : "Webauthn Register", - "providerId" : "webauthn-register", - "enabled" : true, - "defaultAction" : false, - "priority" : 70, - "config" : { } - }, { - "alias" : "webauthn-register-passwordless", - "name" : "Webauthn Register Passwordless", - "providerId" : "webauthn-register-passwordless", - "enabled" : true, - "defaultAction" : false, - "priority" : 80, - "config" : { } - }, { - "alias" : "update_user_locale", - "name" : "Update User Locale", - "providerId" : "update_user_locale", - "enabled" : true, - "defaultAction" : false, - "priority" : 1000, - "config" : { } - } ], - "browserFlow" : "browser", - "registrationFlow" : "registration", - "directGrantFlow" : "direct grant", - "resetCredentialsFlow" : "reset credentials", - "clientAuthenticationFlow" : "clients", - "dockerAuthenticationFlow" : "docker auth", - "attributes" : { - "cibaBackchannelTokenDeliveryMode" : "poll", - "cibaAuthRequestedUserHint" : "login_hint", - "oauth2DevicePollingInterval" : "5", - "clientOfflineSessionMaxLifespan" : "0", - "clientSessionIdleTimeout" : "0", - "clientOfflineSessionIdleTimeout" : "0", - "cibaInterval" : "5", - "realmReusableOtpCode" : "false", - "cibaExpiresIn" : "120", - "oauth2DeviceCodeLifespan" : "600", - "parRequestUriLifespan" : "60", - "clientSessionMaxLifespan" : "0", - "adminEventsExpiration" : "432000" - }, - "keycloakVersion" : "999.0.0-SNAPSHOT", - "userManagedAccessAllowed" : false, - "clientProfiles" : { - "profiles" : [ ] - }, - "clientPolicies" : { - "policies" : [ ] - } -} \ No newline at end of file From 33bf200f3f2b3cae1e3304b5464e20ff11cf864a Mon Sep 17 00:00:00 2001 From: Dimitris ZARRAS Date: Thu, 16 Nov 2023 14:24:25 +0200 Subject: [PATCH 2/3] Remove unneeded README. --- keycloak/README.md | 19 ------------------- 1 file changed, 19 deletions(-) delete mode 100644 keycloak/README.md diff --git a/keycloak/README.md b/keycloak/README.md deleted file mode 100644 index 27e33b75..00000000 --- a/keycloak/README.md +++ /dev/null @@ -1,19 +0,0 @@ -# install keycloak - -set to your hosts file: -[IP ADDRESS OF YOUR LAPTOP] keycloak.local - -NOTE: do not use 127.0.0.1 for your IP Address, use the actual IP Address of your laptop. - -in the vm you run the wallet app, the JVM needs the Keycloak localhost -certificate in the trust list, for the latter use: - -```bash -sudo keytool -import \ - -trustcacerts \ - --cacerts \ - -alias keycloaklocalAlias \ - -file ./haproxy/certs/localhost.tls.crt \ - -storepass changeit \ - -noprompt -``` \ No newline at end of file From bf85dd1442a2a513331b385ec0f901f2d2801b63 Mon Sep 17 00:00:00 2001 From: Dimitris ZARRAS Date: Thu, 16 Nov 2023 15:14:42 +0200 Subject: [PATCH 3/3] Expose Keycloak via /idp --- http-client.env.json | 6 +++--- keycloak/docker-compose.yaml | 5 +++-- keycloak/haproxy/haproxy.conf | 4 ++-- keycloak/keycloak-extra/health-check.sh | 2 +- src/main/resources/application.properties | 2 +- 5 files changed, 10 insertions(+), 9 deletions(-) diff --git a/http-client.env.json b/http-client.env.json index e3426643..c000935e 100644 --- a/http-client.env.json +++ b/http-client.env.json @@ -1,8 +1,8 @@ { "dev": { - "issuer_authorizationServer": "https://localhost/realms/pid-issuer-realm", - "token_endpoint": "https://localhost/realms/pid-issuer-realm/protocol/openid-connect/token", - "userinfo_endpoint": "https://localhost/realms/pid-issuer-realm/protocol/openid-connect/userinfo", + "issuer_authorizationServer": "https://localhost/idp/realms/pid-issuer-realm", + "token_endpoint": "https://localhost/idp/realms/pid-issuer-realm/protocol/openid-connect/token", + "userinfo_endpoint": "https://localhost/idp/realms/pid-issuer-realm/protocol/openid-connect/userinfo", "issuer_publicUrl": "http://localhost:8080", "credential_endpoint": "http://localhost:8080/wallet/credentialEndpoint", "request_scope": "openid eu.europa.ec.eudiw.pid_mso_mdoc eu.europa.ec.eudiw.pid_vc_sd_jwt", diff --git a/keycloak/docker-compose.yaml b/keycloak/docker-compose.yaml index 1cd46594..ed350bec 100644 --- a/keycloak/docker-compose.yaml +++ b/keycloak/docker-compose.yaml @@ -31,9 +31,10 @@ services: command: - start-dev - --import-realm - - --proxy=edge - - --hostname-strict=false environment: + - KC_PROXY=edge + - KC_HTTP_RELATIVE_PATH=/idp + - KC_HOSTNAME_STRICT=false - KC_HEALTH_ENABLED=true - KC_METRICS_ENABLED=true - KC_DB=postgres diff --git a/keycloak/haproxy/haproxy.conf b/keycloak/haproxy/haproxy.conf index 391a23b1..0f3b03df 100755 --- a/keycloak/haproxy/haproxy.conf +++ b/keycloak/haproxy/haproxy.conf @@ -19,11 +19,11 @@ defaults frontend all_http_frontend bind 0.0.0.0:80 - default_backend keycloak-backend + use_backend keycloak-backend if { path_beg /idp } frontend all_https_frontend bind 0.0.0.0:443 ssl crt /etc/ssl/certs/localhost.tls.pem - default_backend keycloak-backend + use_backend keycloak-backend if { path_beg /idp } backend keycloak-backend balance roundrobin diff --git a/keycloak/keycloak-extra/health-check.sh b/keycloak/keycloak-extra/health-check.sh index 62013776..8bffcad0 100755 --- a/keycloak/keycloak-extra/health-check.sh +++ b/keycloak/keycloak-extra/health-check.sh @@ -1,7 +1,7 @@ #!/bin/bash exec 3<>/dev/tcp/localhost/8080 -echo -e "GET /health/ready HTTP/1.1\nhost: localhost:8080\n" >&3 +echo -e "GET ${KC_HTTP_RELATIVE_PATH}/health/ready HTTP/1.1\nhost: localhost:8080\n" >&3 timeout --preserve-status 1 cat <&3 | grep -m 1 status | grep -m 1 UP ERROR=$? diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 3ca5e437..a6abdf33 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -11,7 +11,7 @@ server.port=8080 # issuer.clientId=pid-issuer issuer.publicUrl=http://localhost:${server.port} -issuer.authorizationServer=https://localhost/realms/pid-issuer-realm +issuer.authorizationServer=https://localhost/idp/realms/pid-issuer-realm issuer.authorizationServer.introspection=${issuer.authorizationServer}/protocol/openid-connect/token/introspect issuer.authorizationServer.userinfo=${issuer.authorizationServer}/protocol/openid-connect/userinfo issuer.credentialResponseEncryption.required=true