diff --git a/docker-compose.yml b/docker-compose.yml index 51ff63bf..c61c80d5 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,6 +1,6 @@ version: "3.9" services: - keycloak_server: + keycloak-server: build: context: ./docker/keycloak dockerfile: Dockerfile @@ -8,6 +8,9 @@ services: ports: - "8080:8080" + volumes: + - ./docker/keycloak/import:/opt/keycloak/data/import + environment: KEYCLOAK_ADMIN: admin KEYCLOAK_ADMIN_PASSWORD: admin @@ -40,7 +43,7 @@ services: - openldap - db - selenium - - keycloak_server + - keycloak-server nginx-proxy: image: jwilder/nginx-proxy diff --git a/docker/keycloak/Dockerfile b/docker/keycloak/Dockerfile index 52afabcf..a909ff0f 100644 --- a/docker/keycloak/Dockerfile +++ b/docker/keycloak/Dockerfile @@ -2,6 +2,11 @@ FROM quay.io/keycloak/keycloak:20.0.1 COPY ./import/*.json /opt/keycloak/data/import/ -RUN /opt/keycloak/bin/kc.sh import --dir /opt/keycloak/data/import +#RUN /opt/keycloak/bin/kc.sh import --dir /opt/keycloak/data/import -Dkeycloak.profile.feature.upload_scripts=enabled +RUN /opt/keycloak/bin/kc.sh import --dir /opt/keycloak/data/import + +ENV ROOT_LOGLEVEL=ALL + +ENV KEYCLOAK_LOGLEVEL=DEBUG CMD ["start-dev"] \ No newline at end of file diff --git a/docker/keycloak/import/master-realm.json b/docker/keycloak/import/master-realm.json new file mode 100644 index 00000000..3dfefa25 --- /dev/null +++ b/docker/keycloak/import/master-realm.json @@ -0,0 +1,1969 @@ +{ + "id" : "4de57131-169c-49b1-b2c8-0904d236c8df", + "realm" : "master", + "displayName" : "Keycloak", + "displayNameHtml" : "
Keycloak
", + "notBefore" : 0, + "defaultSignatureAlgorithm" : "RS256", + "revokeRefreshToken" : false, + "refreshTokenMaxReuse" : 0, + "accessTokenLifespan" : 60, + "accessTokenLifespanForImplicitFlow" : 900, + "ssoSessionIdleTimeout" : 1800, + "ssoSessionMaxLifespan" : 36000, + "ssoSessionIdleTimeoutRememberMe" : 0, + "ssoSessionMaxLifespanRememberMe" : 0, + "offlineSessionIdleTimeout" : 2592000, + "offlineSessionMaxLifespanEnabled" : false, + "offlineSessionMaxLifespan" : 5184000, + "clientSessionIdleTimeout" : 0, + "clientSessionMaxLifespan" : 0, + "clientOfflineSessionIdleTimeout" : 0, + "clientOfflineSessionMaxLifespan" : 0, + "accessCodeLifespan" : 60, + "accessCodeLifespanUserAction" : 300, + "accessCodeLifespanLogin" : 1800, + "actionTokenGeneratedByAdminLifespan" : 43200, + "actionTokenGeneratedByUserLifespan" : 300, + "oauth2DeviceCodeLifespan" : 600, + "oauth2DevicePollingInterval" : 5, + "enabled" : true, + "sslRequired" : "external", + "registrationAllowed" : false, + "registrationEmailAsUsername" : false, + "rememberMe" : false, + "verifyEmail" : false, + "loginWithEmailAllowed" : true, + "duplicateEmailsAllowed" : false, + "resetPasswordAllowed" : false, + "editUsernameAllowed" : false, + "bruteForceProtected" : false, + "permanentLockout" : false, + "maxFailureWaitSeconds" : 900, + "minimumQuickLoginWaitSeconds" : 60, + "waitIncrementSeconds" : 60, + "quickLoginCheckMilliSeconds" : 1000, + "maxDeltaTimeSeconds" : 43200, + "failureFactor" : 30, + "roles" : { + "realm" : [ { + "id" : "5c515fa6-5568-4bee-8590-962c0848ec4f", + "name" : "uma_authorization", + "description" : "${role_uma_authorization}", + "composite" : false, + "clientRole" : false, + "containerId" : "4de57131-169c-49b1-b2c8-0904d236c8df", + "attributes" : { } + }, { + "id" : "f337adf9-1716-45f6-968f-12d4ea438f1e", + "name" : "admin", + "description" : "${role_admin}", + "composite" : true, + "composites" : { + "realm" : [ "create-realm" ], + "client" : { + "tapir-realm" : [ "view-clients", "query-realms", "manage-identity-providers", "manage-events", "view-users", "manage-authorization", "manage-users", "manage-realm", "create-client", "query-users", "manage-clients", "view-realm", "query-clients", "query-groups", "view-identity-providers", "impersonation", "view-authorization", "view-events" ], + "master-realm" : [ "manage-realm", "manage-authorization", "manage-events", "query-clients", "impersonation", "create-client", "view-clients", "view-identity-providers", "query-users", "query-groups", "manage-clients", "manage-users", "view-events", "view-users", "query-realms", "manage-identity-providers", "view-authorization", "view-realm" ] + } + }, + "clientRole" : false, + "containerId" : "4de57131-169c-49b1-b2c8-0904d236c8df", + "attributes" : { } + }, { + "id" : "a4c4b876-21ff-44a2-936c-f633a9da545d", + "name" : "create-realm", + "description" : "${role_create-realm}", + "composite" : false, + "clientRole" : false, + "containerId" : "4de57131-169c-49b1-b2c8-0904d236c8df", + "attributes" : { } + }, { + "id" : "d795ccfb-1672-4c6f-b77d-2e7b26eb830c", + "name" : "offline_access", + "description" : "${role_offline-access}", + "composite" : false, + "clientRole" : false, + "containerId" : "4de57131-169c-49b1-b2c8-0904d236c8df", + "attributes" : { } + }, { + "id" : "a9e5bb90-6f19-4176-b7c6-70f2ff1eb453", + "name" : "default-roles-master", + "description" : "${role_default-roles}", + "composite" : true, + "composites" : { + "realm" : [ "offline_access", "uma_authorization" ], + "client" : { + "account" : [ "manage-account", "view-profile" ] + } + }, + "clientRole" : false, + "containerId" : "4de57131-169c-49b1-b2c8-0904d236c8df", + "attributes" : { } + } ], + "client" : { + "security-admin-console" : [ ], + "admin-cli" : [ ], + "tapir-realm" : [ { + "id" : "7e296c53-b666-4916-8d58-6b88fa86f85d", + "name" : "manage-authorization", + "description" : "${role_manage-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "6af0b05e-e240-4cd9-89d7-22181427b5cd", + "attributes" : { } + }, { + "id" : "a4b7a064-5883-46e0-93b5-a2524778df52", + "name" : "view-clients", + "description" : "${role_view-clients}", + "composite" : true, + "composites" : { + "client" : { + "tapir-realm" : [ "query-clients" ] + } + }, + "clientRole" : true, + "containerId" : "6af0b05e-e240-4cd9-89d7-22181427b5cd", + "attributes" : { } + }, { + "id" : "c30584d5-9676-4d14-9e9e-c8b0fa10b1d6", + "name" : "manage-users", + "description" : "${role_manage-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "6af0b05e-e240-4cd9-89d7-22181427b5cd", + "attributes" : { } + }, { + "id" : "f766d83d-1821-425d-9f19-868a38aad566", + "name" : "query-realms", + "description" : "${role_query-realms}", + "composite" : false, + "clientRole" : true, + "containerId" : "6af0b05e-e240-4cd9-89d7-22181427b5cd", + "attributes" : { } + }, { + "id" : "580ed7dc-0f1e-4712-a4d0-ec625cd0a740", + "name" : "manage-realm", + "description" : "${role_manage-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "6af0b05e-e240-4cd9-89d7-22181427b5cd", + "attributes" : { } + }, { + "id" : "0cd9a4cc-2105-4360-8119-d57e0540948d", + "name" : "create-client", + "description" : "${role_create-client}", + "composite" : false, + "clientRole" : true, + "containerId" : "6af0b05e-e240-4cd9-89d7-22181427b5cd", + "attributes" : { } + }, { + "id" : "740428fb-a410-4568-8ef4-99bf2fe4b571", + "name" : "query-users", + "description" : "${role_query-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "6af0b05e-e240-4cd9-89d7-22181427b5cd", + "attributes" : { } + }, { + "id" : "6bd2dc4f-c490-42a3-a02d-540a0c193d18", + "name" : "manage-clients", + "description" : "${role_manage-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "6af0b05e-e240-4cd9-89d7-22181427b5cd", + "attributes" : { } + }, { + "id" : "81744ff2-c688-4002-9ddf-c68a12fee925", + "name" : "manage-events", + "description" : "${role_manage-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "6af0b05e-e240-4cd9-89d7-22181427b5cd", + "attributes" : { } + }, { + "id" : "15d03578-bab6-424b-8b5e-e737531f4462", + "name" : "manage-identity-providers", + "description" : "${role_manage-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "6af0b05e-e240-4cd9-89d7-22181427b5cd", + "attributes" : { } + }, { + "id" : "8bc1238a-4137-47a4-a65d-5182cbabf437", + "name" : "view-realm", + "description" : "${role_view-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "6af0b05e-e240-4cd9-89d7-22181427b5cd", + "attributes" : { } + }, { + "id" : "a1387b3b-ec7a-48ba-b9b6-d23a2e83c7ca", + "name" : "query-clients", + "description" : "${role_query-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "6af0b05e-e240-4cd9-89d7-22181427b5cd", + "attributes" : { } + }, { + "id" : "6265e86f-3d66-45c8-8c52-b6d572c7af12", + "name" : "view-users", + "description" : "${role_view-users}", + "composite" : true, + "composites" : { + "client" : { + "tapir-realm" : [ "query-groups", "query-users" ] + } + }, + "clientRole" : true, + "containerId" : "6af0b05e-e240-4cd9-89d7-22181427b5cd", + "attributes" : { } + }, { + "id" : "9acc596d-85e7-4b15-83dc-57cf5fe81dc1", + "name" : "query-groups", + "description" : "${role_query-groups}", + "composite" : false, + "clientRole" : true, + "containerId" : "6af0b05e-e240-4cd9-89d7-22181427b5cd", + "attributes" : { } + }, { + "id" : "f1eb51f6-3ef2-4ba4-9897-8f11de4c2831", + "name" : "view-identity-providers", + "description" : "${role_view-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "6af0b05e-e240-4cd9-89d7-22181427b5cd", + "attributes" : { } + }, { + "id" : "8f5f2b10-f765-4f4e-b77a-f7496edaf75e", + "name" : "impersonation", + "description" : "${role_impersonation}", + "composite" : false, + "clientRole" : true, + "containerId" : "6af0b05e-e240-4cd9-89d7-22181427b5cd", + "attributes" : { } + }, { + "id" : "1cc6b699-0d11-4dc6-8918-e9c0a729223c", + "name" : "view-authorization", + "description" : "${role_view-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "6af0b05e-e240-4cd9-89d7-22181427b5cd", + "attributes" : { } + }, { + "id" : "6ed873a7-5862-4829-88b4-d78057e08cd2", + "name" : "view-events", + "description" : "${role_view-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "6af0b05e-e240-4cd9-89d7-22181427b5cd", + "attributes" : { } + } ], + "account-console" : [ ], + "broker" : [ { + "id" : "d5816828-530c-4f1c-86c4-8d84328f6464", + "name" : "read-token", + "description" : "${role_read-token}", + "composite" : false, + "clientRole" : true, + "containerId" : "da9d9650-7a75-48b2-87de-ce95a972c3f3", + "attributes" : { } + } ], + "master-realm" : [ { + "id" : "d917ebc8-94a7-43d6-be2c-bff8db5c2d35", + "name" : "manage-realm", + "description" : "${role_manage-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "e5d236f3-ca0d-4940-b8bb-b2f6488e5af2", + "attributes" : { } + }, { + "id" : "c1cf874e-d277-4483-b410-74bb56ebac6b", + "name" : "manage-authorization", + "description" : "${role_manage-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "e5d236f3-ca0d-4940-b8bb-b2f6488e5af2", + "attributes" : { } + }, { + "id" : "f9a221bd-751a-4f10-963b-cedad70c2ebd", + "name" : "manage-clients", + "description" : "${role_manage-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "e5d236f3-ca0d-4940-b8bb-b2f6488e5af2", + "attributes" : { } + }, { + "id" : "23b0a112-4d91-4065-978c-8b29b376ff77", + "name" : "manage-events", + "description" : "${role_manage-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "e5d236f3-ca0d-4940-b8bb-b2f6488e5af2", + "attributes" : { } + }, { + "id" : "b5d58356-3948-4af1-a503-ad803203c290", + "name" : "query-groups", + "description" : "${role_query-groups}", + "composite" : false, + "clientRole" : true, + "containerId" : "e5d236f3-ca0d-4940-b8bb-b2f6488e5af2", + "attributes" : { } + }, { + "id" : "5ff5552c-ed6a-4dd2-a020-98fdfc66c229", + "name" : "query-users", + "description" : "${role_query-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "e5d236f3-ca0d-4940-b8bb-b2f6488e5af2", + "attributes" : { } + }, { + "id" : "eedbb273-75a8-4fb0-a07b-f313c0e76bcc", + "name" : "manage-users", + "description" : "${role_manage-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "e5d236f3-ca0d-4940-b8bb-b2f6488e5af2", + "attributes" : { } + }, { + "id" : "250f2e3d-7cec-41c0-963c-aa1e57527e4b", + "name" : "view-events", + "description" : "${role_view-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "e5d236f3-ca0d-4940-b8bb-b2f6488e5af2", + "attributes" : { } + }, { + "id" : "5dd7fff7-dd6d-4003-9cae-2f273f81cf42", + "name" : "view-users", + "description" : "${role_view-users}", + "composite" : true, + "composites" : { + "client" : { + "master-realm" : [ "query-users", "query-groups" ] + } + }, + "clientRole" : true, + "containerId" : "e5d236f3-ca0d-4940-b8bb-b2f6488e5af2", + "attributes" : { } + }, { + "id" : "f5e88e3f-6987-4648-8194-dca5e460675d", + "name" : "query-clients", + "description" : "${role_query-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "e5d236f3-ca0d-4940-b8bb-b2f6488e5af2", + "attributes" : { } + }, { + "id" : "27935353-fd63-4210-9d09-dc2cc8262cb9", + "name" : "query-realms", + "description" : "${role_query-realms}", + "composite" : false, + "clientRole" : true, + "containerId" : "e5d236f3-ca0d-4940-b8bb-b2f6488e5af2", + "attributes" : { } + }, { + "id" : "dd0df2d0-f6b4-4a06-bc5b-0d3de01f0c1f", + "name" : "impersonation", + "description" : "${role_impersonation}", + "composite" : false, + "clientRole" : true, + "containerId" : "e5d236f3-ca0d-4940-b8bb-b2f6488e5af2", + "attributes" : { } + }, { + "id" : "dd914a84-86b5-48ec-b3d8-57036c0ddcdd", + "name" : "create-client", + "description" : "${role_create-client}", + "composite" : false, + "clientRole" : true, + "containerId" : "e5d236f3-ca0d-4940-b8bb-b2f6488e5af2", + "attributes" : { } + }, { + "id" : "5976d2fe-a5bf-49cb-a9a8-9e9e49b153f6", + "name" : "manage-identity-providers", + "description" : "${role_manage-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "e5d236f3-ca0d-4940-b8bb-b2f6488e5af2", + "attributes" : { } + }, { + "id" : "d1b7eed5-6b13-4634-a5d6-08d86e69df6c", + "name" : "view-authorization", + "description" : "${role_view-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "e5d236f3-ca0d-4940-b8bb-b2f6488e5af2", + "attributes" : { } + }, { + "id" : "623bbf46-193c-454d-b649-2ee64de4e6e2", + "name" : "view-clients", + "description" : "${role_view-clients}", + "composite" : true, + "composites" : { + "client" : { + "master-realm" : [ "query-clients" ] + } + }, + "clientRole" : true, + "containerId" : "e5d236f3-ca0d-4940-b8bb-b2f6488e5af2", + "attributes" : { } + }, { + "id" : "c618f456-6b12-49b1-b493-0988ba16338c", + "name" : "view-identity-providers", + "description" : "${role_view-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "e5d236f3-ca0d-4940-b8bb-b2f6488e5af2", + "attributes" : { } + }, { + "id" : "33cea7b3-76d2-4da2-ae01-80fa9e53ff97", + "name" : "view-realm", + "description" : "${role_view-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "e5d236f3-ca0d-4940-b8bb-b2f6488e5af2", + "attributes" : { } + } ], + "account" : [ { + "id" : "524dee08-1bf0-43c7-96f9-e1e8351b506e", + "name" : "view-consent", + "description" : "${role_view-consent}", + "composite" : false, + "clientRole" : true, + "containerId" : "37f354f1-4946-4cb0-a1d8-16ba7229536b", + "attributes" : { } + }, { + "id" : "9b8173bc-a572-4120-bf0c-2507b294d2e7", + "name" : "delete-account", + "description" : "${role_delete-account}", + "composite" : false, + "clientRole" : true, + "containerId" : "37f354f1-4946-4cb0-a1d8-16ba7229536b", + "attributes" : { } + }, { + "id" : "7b66c505-7f2b-4b97-923e-626a262d44a9", + "name" : "view-groups", + "description" : "${role_view-groups}", + "composite" : false, + "clientRole" : true, + "containerId" : "37f354f1-4946-4cb0-a1d8-16ba7229536b", + "attributes" : { } + }, { + "id" : "d4845e72-599d-4514-80d5-ab2f0edf1549", + "name" : "manage-account", + "description" : "${role_manage-account}", + "composite" : true, + "composites" : { + "client" : { + "account" : [ "manage-account-links" ] + } + }, + "clientRole" : true, + "containerId" : "37f354f1-4946-4cb0-a1d8-16ba7229536b", + "attributes" : { } + }, { + "id" : "e3bc2ed2-1847-4b00-8dd3-b9ed1b292b9e", + "name" : "manage-consent", + "description" : "${role_manage-consent}", + "composite" : true, + "composites" : { + "client" : { + "account" : [ "view-consent" ] + } + }, + "clientRole" : true, + "containerId" : "37f354f1-4946-4cb0-a1d8-16ba7229536b", + "attributes" : { } + }, { + "id" : "c30d72f4-8358-495f-a088-f09a68422447", + "name" : "view-applications", + "description" : "${role_view-applications}", + "composite" : false, + "clientRole" : true, + "containerId" : "37f354f1-4946-4cb0-a1d8-16ba7229536b", + "attributes" : { } + }, { + "id" : "81601270-ba57-4279-b069-3ae94b882a15", + "name" : "manage-account-links", + "description" : "${role_manage-account-links}", + "composite" : false, + "clientRole" : true, + "containerId" : "37f354f1-4946-4cb0-a1d8-16ba7229536b", + "attributes" : { } + }, { + "id" : "1aab3614-f432-4066-80b0-0dd8009f162c", + "name" : "view-profile", + "description" : "${role_view-profile}", + "composite" : false, + "clientRole" : true, + "containerId" : "37f354f1-4946-4cb0-a1d8-16ba7229536b", + "attributes" : { } + } ] + } + }, + "groups" : [ ], + "defaultRole" : { + "id" : "a9e5bb90-6f19-4176-b7c6-70f2ff1eb453", + "name" : "default-roles-master", + "description" : "${role_default-roles}", + "composite" : true, + "clientRole" : false, + "containerId" : "4de57131-169c-49b1-b2c8-0904d236c8df" + }, + "requiredCredentials" : [ "password" ], + "otpPolicyType" : "totp", + "otpPolicyAlgorithm" : "HmacSHA1", + "otpPolicyInitialCounter" : 0, + "otpPolicyDigits" : 6, + "otpPolicyLookAheadWindow" : 1, + "otpPolicyPeriod" : 30, + "otpPolicyCodeReusable" : false, + "otpSupportedApplications" : [ "totpAppFreeOTPName", "totpAppGoogleName" ], + "webAuthnPolicyRpEntityName" : "keycloak", + "webAuthnPolicySignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyRpId" : "", + "webAuthnPolicyAttestationConveyancePreference" : "not specified", + "webAuthnPolicyAuthenticatorAttachment" : "not specified", + "webAuthnPolicyRequireResidentKey" : "not specified", + "webAuthnPolicyUserVerificationRequirement" : "not specified", + "webAuthnPolicyCreateTimeout" : 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyAcceptableAaguids" : [ ], + "webAuthnPolicyPasswordlessRpEntityName" : "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyPasswordlessRpId" : "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified", + "webAuthnPolicyPasswordlessCreateTimeout" : 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ], + "scopeMappings" : [ { + "clientScope" : "offline_access", + "roles" : [ "offline_access" ] + } ], + "clientScopeMappings" : { + "account" : [ { + "client" : "account-console", + "roles" : [ "manage-account", "view-groups" ] + } ] + }, + "clients" : [ { + "id" : "37f354f1-4946-4cb0-a1d8-16ba7229536b", + "clientId" : "account", + "name" : "${client_account}", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/master/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/realms/master/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "639e9288-1a75-4da3-920c-cf0b8cccbe11", + "clientId" : "account-console", + "name" : "${client_account-console}", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/master/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/realms/master/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+", + "pkce.code.challenge.method" : "S256" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "c145d12d-52cd-42b5-b3a8-5e452949bcf7", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { } + } ], + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "44427399-fa3f-47d5-9d15-69ce89b64eb2", + "clientId" : "admin-cli", + "name" : "${client_admin-cli}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : false, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "da9d9650-7a75-48b2-87de-ce95a972c3f3", + "clientId" : "broker", + "name" : "${client_broker}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : true, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "e5d236f3-ca0d-4940-b8bb-b2f6488e5af2", + "clientId" : "master-realm", + "name" : "master Realm", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : true, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "c00e8afd-4265-4f2c-b456-09fe4d07cd7c", + "clientId" : "security-admin-console", + "name" : "${client_security-admin-console}", + "rootUrl" : "${authAdminUrl}", + "baseUrl" : "/admin/master/console/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/admin/master/console/*" ], + "webOrigins" : [ "+" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+", + "pkce.code.challenge.method" : "S256" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "04c5130f-3806-494d-a66e-9ca118fda231", + "name" : "locale", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "locale", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "locale", + "jsonType.label" : "String" + } + } ], + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "6af0b05e-e240-4cd9-89d7-22181427b5cd", + "clientId" : "tapir-realm", + "name" : "tapir Realm", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : true, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ ], + "optionalClientScopes" : [ ] + } ], + "clientScopes" : [ { + "id" : "df521300-1166-4168-a98d-89b9b5be857e", + "name" : "phone", + "description" : "OpenID Connect built-in scope: phone", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${phoneScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "4eff374d-a414-4ab2-b4dd-5e9f61a728d3", + "name" : "phone number", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "phoneNumber", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "phone_number", + "jsonType.label" : "String" + } + }, { + "id" : "667f78c7-1323-42bb-8613-447b26e45b03", + "name" : "phone number verified", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "phoneNumberVerified", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "phone_number_verified", + "jsonType.label" : "boolean" + } + } ] + }, { + "id" : "e9c8c8eb-cc15-451f-9830-0175b0713d6d", + "name" : "profile", + "description" : "OpenID Connect built-in scope: profile", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${profileScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "a920ff41-8384-4479-991e-c476e96f7a3a", + "name" : "username", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "preferred_username", + "jsonType.label" : "String" + } + }, { + "id" : "dc7c7ee4-96b4-4fc1-83b9-a530ebf9c61a", + "name" : "nickname", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "nickname", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "nickname", + "jsonType.label" : "String" + } + }, { + "id" : "be54d415-c6aa-4e43-91f7-e814efbca534", + "name" : "gender", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "gender", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "gender", + "jsonType.label" : "String" + } + }, { + "id" : "ef0e2a88-3ffa-4157-a5d5-728152a5fa7f", + "name" : "given name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "firstName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "given_name", + "jsonType.label" : "String" + } + }, { + "id" : "c9713ae3-87df-4529-804e-2de9a781e2ac", + "name" : "zoneinfo", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "zoneinfo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "zoneinfo", + "jsonType.label" : "String" + } + }, { + "id" : "3e929b6d-2ddb-4146-96be-1bd057568279", + "name" : "full name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-full-name-mapper", + "consentRequired" : false, + "config" : { + "id.token.claim" : "true", + "access.token.claim" : "true", + "userinfo.token.claim" : "true" + } + }, { + "id" : "6a55726a-f650-4c32-a5d2-e38f9940e159", + "name" : "family name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "lastName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "family_name", + "jsonType.label" : "String" + } + }, { + "id" : "e5956cb7-4cd8-4977-82e6-6df1e980ef89", + "name" : "profile", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "profile", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "profile", + "jsonType.label" : "String" + } + }, { + "id" : "11d6c1bf-5f80-4660-b98f-843defa31dbd", + "name" : "middle name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "middleName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "middle_name", + "jsonType.label" : "String" + } + }, { + "id" : "250d381e-522b-48af-b295-c73bbd752409", + "name" : "locale", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "locale", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "locale", + "jsonType.label" : "String" + } + }, { + "id" : "a6ff620b-f6e5-45b7-bc46-50300c35d3da", + "name" : "updated at", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "updatedAt", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "updated_at", + "jsonType.label" : "long" + } + }, { + "id" : "47d6ff63-873b-4a87-811c-4f7a535a8f74", + "name" : "birthdate", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "birthdate", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "birthdate", + "jsonType.label" : "String" + } + }, { + "id" : "b42ab19b-77be-4b8e-9afe-0dc72a4a6ab1", + "name" : "website", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "website", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "website", + "jsonType.label" : "String" + } + }, { + "id" : "0f82b76c-48bc-4939-9da2-62dfea5a65d8", + "name" : "picture", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "picture", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "picture", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "2f6eea9a-f53f-42af-a358-ed69b0e49919", + "name" : "roles", + "description" : "OpenID Connect scope for add user roles to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${rolesScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "54613663-f856-432b-9cf6-6b0028678ee5", + "name" : "realm roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "foo", + "access.token.claim" : "true", + "claim.name" : "realm_access.roles", + "jsonType.label" : "String", + "multivalued" : "true" + } + }, { + "id" : "207ad76a-1387-4de3-aac3-8f71e93a0a15", + "name" : "client roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-client-role-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "foo", + "access.token.claim" : "true", + "claim.name" : "resource_access.${client_id}.roles", + "jsonType.label" : "String", + "multivalued" : "true" + } + }, { + "id" : "f34abfca-46eb-4157-aa84-dd4232f53c10", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { } + } ] + }, { + "id" : "e8d2acf2-733f-4a4f-8057-9c1a65a43271", + "name" : "web-origins", + "description" : "OpenID Connect scope for add allowed web origins to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false", + "consent.screen.text" : "" + }, + "protocolMappers" : [ { + "id" : "cc9ed165-7645-405d-a15c-7dbea71eaa90", + "name" : "allowed web origins", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-allowed-origins-mapper", + "consentRequired" : false, + "config" : { } + } ] + }, { + "id" : "7fa6f5f1-1674-4b95-b9ff-8194a7308900", + "name" : "email", + "description" : "OpenID Connect built-in scope: email", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${emailScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "1d515def-7503-4512-b57c-b92a596aa47c", + "name" : "email verified", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "emailVerified", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email_verified", + "jsonType.label" : "boolean" + } + }, { + "id" : "80641b78-4bce-42ed-b46e-b459de0bedba", + "name" : "email", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "email", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "7239de69-1db3-46b3-8cc2-7497c9edb28b", + "name" : "offline_access", + "description" : "OpenID Connect built-in scope: offline_access", + "protocol" : "openid-connect", + "attributes" : { + "consent.screen.text" : "${offlineAccessScopeConsentText}", + "display.on.consent.screen" : "true" + } + }, { + "id" : "271099b1-70f7-44ba-b33b-1853a12665d8", + "name" : "address", + "description" : "OpenID Connect built-in scope: address", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${addressScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "aa45b318-4eff-4d08-bb62-19c8e2e15fea", + "name" : "address", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-address-mapper", + "consentRequired" : false, + "config" : { + "user.attribute.formatted" : "formatted", + "user.attribute.country" : "country", + "user.attribute.postal_code" : "postal_code", + "userinfo.token.claim" : "true", + "user.attribute.street" : "street", + "id.token.claim" : "true", + "user.attribute.region" : "region", + "access.token.claim" : "true", + "user.attribute.locality" : "locality" + } + } ] + }, { + "id" : "aa80bab5-d159-48f0-ac7e-95618020ab0d", + "name" : "acr", + "description" : "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "95a80173-d6ef-402d-a450-d370baf4690f", + "name" : "acr loa level", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-acr-mapper", + "consentRequired" : false, + "config" : { + "id.token.claim" : "true", + "access.token.claim" : "true" + } + } ] + }, { + "id" : "e4383f97-bb8a-496d-babd-528984754811", + "name" : "microprofile-jwt", + "description" : "Microprofile - JWT built-in scope", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "183957f9-218f-45f8-a5f4-43467a763d67", + "name" : "groups", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "multivalued" : "true", + "user.attribute" : "foo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "groups", + "jsonType.label" : "String" + } + }, { + "id" : "a7e633e7-297b-4393-bf69-0cb0fc4f6264", + "name" : "upn", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "upn", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "611f1b2c-d452-4b47-b14e-815e83bba280", + "name" : "role_list", + "description" : "SAML role list", + "protocol" : "saml", + "attributes" : { + "consent.screen.text" : "${samlRoleListScopeConsentText}", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "9aa7e6ea-8f4a-47a2-8ed8-d04e6d9eea03", + "name" : "role list", + "protocol" : "saml", + "protocolMapper" : "saml-role-list-mapper", + "consentRequired" : false, + "config" : { + "single" : "false", + "attribute.nameformat" : "Basic", + "attribute.name" : "Role" + } + } ] + } ], + "defaultDefaultClientScopes" : [ "role_list", "profile", "email", "roles", "web-origins", "acr" ], + "defaultOptionalClientScopes" : [ "offline_access", "address", "phone", "microprofile-jwt" ], + "browserSecurityHeaders" : { + "contentSecurityPolicyReportOnly" : "", + "xContentTypeOptions" : "nosniff", + "xRobotsTag" : "none", + "xFrameOptions" : "SAMEORIGIN", + "xXSSProtection" : "1; mode=block", + "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "strictTransportSecurity" : "max-age=31536000; includeSubDomains" + }, + "smtpServer" : { }, + "eventsEnabled" : false, + "eventsListeners" : [ "jboss-logging" ], + "enabledEventTypes" : [ ], + "adminEventsEnabled" : false, + "adminEventsDetailsEnabled" : false, + "identityProviders" : [ ], + "identityProviderMappers" : [ ], + "components" : { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ { + "id" : "88d64c97-46ba-4d28-b6de-ff1578344950", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allow-default-scopes" : [ "true" ] + } + }, { + "id" : "362f7bd2-c334-4ab0-bfc8-b76f63a8b908", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "allow-default-scopes" : [ "true" ] + } + }, { + "id" : "a9ddb042-c519-4370-ae5c-7e0570373040", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "oidc-usermodel-attribute-mapper", "oidc-address-mapper", "saml-user-property-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-full-name-mapper", "saml-user-attribute-mapper", "oidc-usermodel-property-mapper", "saml-role-list-mapper" ] + } + }, { + "id" : "05012fb3-c364-44c3-956f-c73ba629f978", + "name" : "Max Clients Limit", + "providerId" : "max-clients", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "max-clients" : [ "200" ] + } + }, { + "id" : "ba9f3240-4079-4947-b45c-d168936c79d3", + "name" : "Consent Required", + "providerId" : "consent-required", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "50b24de6-f733-42b9-bc96-b67edd9db2c7", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "saml-user-attribute-mapper", "oidc-usermodel-attribute-mapper", "oidc-address-mapper", "oidc-full-name-mapper", "oidc-usermodel-property-mapper", "saml-user-property-mapper", "saml-role-list-mapper", "oidc-sha256-pairwise-sub-mapper" ] + } + }, { + "id" : "2f66467e-445a-45b5-a876-2099dabe4d1e", + "name" : "Trusted Hosts", + "providerId" : "trusted-hosts", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "host-sending-registration-request-must-match" : [ "true" ], + "client-uris-must-match" : [ "true" ] + } + }, { + "id" : "046190d8-8a6e-4e42-aadc-e689a5c6c547", + "name" : "Full Scope Disabled", + "providerId" : "scope", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + } ], + "org.keycloak.keys.KeyProvider" : [ { + "id" : "96438a99-a161-4a5b-b74b-6c7fe240cd48", + "name" : "rsa-enc-generated", + "providerId" : "rsa-enc-generated", + "subComponents" : { }, + "config" : { + "privateKey" : [ "MIIEowIBAAKCAQEAh5d51uqeaV8NvCi0D5JR8UBZpTTwbg41CEsZdnEHfo/3BlGRQkm9GJoipYjDUdAtiQPnf7fNB6boMXHtaR2/UjIXV8yCA+UnslHOnMTgd63fJ5rp8ZUhEXqVY58Ke9oxFk6/VN3KP8ex+XVktaQzFaIpSq6w64AsEGqMs+6czCRGGSlVOXQMMCCvC/zhdv4edM/mFdKU3xLPnBnoYfpqVzo4DPGf9tdkp6cSX0He504x5cC3A/YpUrL/qGN1xGNAcPR36ICEKF0tnjasyx3fhhXA4NqzTWc55QArx9WAGmqFzPpNrao3gRE1Tdvqag3gfksaiU6sOOfAc8OhcB5FnQIDAQABAoIBAAiH9I5xNRXX+UcsgBsXCkj6/ZjvfNgj1IeIzW7pENRlo6B2EIUNRX9EhWeztDxTyZBRxVFBGSlBLGHzXda2XIOuq07RdcsKcjtd5SQdHqq7rxXGFrA7QTkhD2tU8Jssdi2wjIkUVPsQf1y8xjZygL9R9GCin0w17y/PkGTqygVDBI0yTXjgobxzRI31ocqZCyDpFFVk3QlAXQBM9M4aPKSOecJ2EyX85p9SNUdVwsTei35ES5ajH/BqFGgjXrzXGowllppNxvT4qWT/rjYysuolUDpc+caUIODs/UroHD2ETzFa+o8ierRMglQkwB+93jKJSbZlrTDPH8GuYSXOT7ECgYEAvzlypRlx49Bt+fu1MBVagBjhkJtF2w2uc61FRUtsPq1jPZCJ9OKBbxg2uVOFFxBCJjI3YDM+1+Iw54M9gwGk56LhGkNH6bYjMZx9z0r60ASxRJL4+foXnugcAmQoT9sN6YEsdpDlikuy4r3KJ9E24fAyKap/8XO53xPWOU+ZG60CgYEAtYWvShqcaOfOv5qVDiMFjunNPPOrXRps0riozyoWscyhd8lfwt/kXnAsoiXI2X62Y1heRuuzAPHQOSEkYhiZw/PMjaism38d/3FEhtFIHOD2aEgIfK5bysodSATajtHwpfCkoxVwnnzPKIGxITrO6rRPsbwIGGZOFSUAM/2PD7ECgYEAny8XfNC9ukOcCWm73xcni1MrEtHvSPcOrkUjURgEN/jmkC1uamjUDsM9avFX7WcfaeSLrI18VwJ4a4EZB6GqwRkaAl7X0npIudfn81QbjmcZmlgu4wmJ+EKIboUp+bAE2MkrVlgwfPufIpmTW6oR4euuFnlUoI8Rv94nivX0ItECgYB2hhu2nzmRpgpxQVYiLOvsLO095zz1RdPYo4pV+n1nCt5DgNFuRRKwNz5tgY5rtTkSFRk55Zyz+TCknOdMxhNgx0fBF2nc/ltv911vSidz88/wt1gTUSXOe7oy1DiBGMOxFjfp5I3sbkI1iLlHoUaKKcH/o28Fv4csd0RyrhVDgQKBgCxE9p5WUAIeoLt6CwXX59wZtQk1nYxMGKyPCJzepy2rxkh2s+3OCKCJNJXhMEJJxORAl68G9ruf4vedWeoYLnMEf1evVZukmwzxvSLtUZ0CAgqzQGXDDeH/02S6IX/R2aLLVn5m+NlUjbpiaYn8TOxdGzj1bygK3maRS53Ge1lj" ], + "keyUse" : [ "ENC" ], + "certificate" : [ "MIICmzCCAYMCBgGEYvVtlTANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZtYXN0ZXIwHhcNMjIxMTEwMTkxMTAyWhcNMzIxMTEwMTkxMjQyWjARMQ8wDQYDVQQDDAZtYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCHl3nW6p5pXw28KLQPklHxQFmlNPBuDjUISxl2cQd+j/cGUZFCSb0YmiKliMNR0C2JA+d/t80Hpugxce1pHb9SMhdXzIID5SeyUc6cxOB3rd8nmunxlSERepVjnwp72jEWTr9U3co/x7H5dWS1pDMVoilKrrDrgCwQaoyz7pzMJEYZKVU5dAwwIK8L/OF2/h50z+YV0pTfEs+cGehh+mpXOjgM8Z/212SnpxJfQd7nTjHlwLcD9ilSsv+oY3XEY0Bw9HfogIQoXS2eNqzLHd+GFcDg2rNNZznlACvH1YAaaoXM+k2tqjeBETVN2+pqDeB+SxqJTqw458Bzw6FwHkWdAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGk1B653PuBjM0xB7mlPeYtEhw4seu94l7+e4fu6iklAySpRodr7RDevJ9FvlS7ptyc9V+Exk6Fkzv88N5HUiLTZd4BFbR17WLLzUJ2rJ5lbbBn8l0I1xfdu/jhNiFCpSia/T1L1Nhkchm1BYCKFkL9aMARgzCKMZz8g7rAKjtsb2KWptDjkRR0zlJW2clKuSTZ79JTZAKGAmpe/BxHyoBjpPYQxqLjx2N37i701Lre6/Q3RR/o9cf0U/bSYST/KMGkY2wIoUDUTghQeZBCjz13H0JxD8f7673Mp/qFuob4/smWwrd2QpEA68hIcDqkc9XcOD+mgWrqnb49yAqrpMU0=" ], + "priority" : [ "100" ], + "algorithm" : [ "RSA-OAEP" ] + } + }, { + "id" : "1f721a51-2f5b-419d-b76f-9f9ca8501055", + "name" : "hmac-generated", + "providerId" : "hmac-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "96c03768-77b9-44c8-9793-902a91388305" ], + "secret" : [ "qxluFr5FaNgLOzTEn5seiTWsu7o0vpMJ-UvT4tMLuB0uG9ocuFYg6VXag3Ko8RAyinzOPzsPgMoA9pUOwW1fmg" ], + "priority" : [ "100" ], + "algorithm" : [ "HS256" ] + } + }, { + "id" : "cc69c699-bf06-4414-97d4-eb7f05562595", + "name" : "rsa-generated", + "providerId" : "rsa-generated", + "subComponents" : { }, + "config" : { + "privateKey" : [ "MIIEowIBAAKCAQEA74ETI3DSWJaPhb64w5QI0c5+s0W7I9dPyk0pO1KO5JLVKTKDlC2xyBPbPnef29NBzQJILuxCjVbqa/Y3CZ7rUBllH5aHq6gBcwJ1ObbmiDVzEMESodbzshxLAsbF4rg2MsGZRucUV8se2DkP2JkC0uv1rXf3zqx5iJHyk2ck3Mfn89pHnAcWW+mUfBiCt8yP5pj80w0omWUnVWyAZ6zrRTnHVqYhw+tDOdyvKTyT5olBtmL84sq5C3q91J3WDTBBc4U3VuYcQkRf0BBj3sa8AXedxs+FOEpNu4eudNr9zj9zUlY0XvoXbZxmf7PSNCNAvIFQK/eMr4WG/BnahU6SGwIDAQABAoIBAD1UYiA7LcH9m/b1pb5/U9rV89/YRVmiMw5sv9gvBeRGLUuFYeg540KGwye13jueV0U2BmHtogUrco/+1o0iIsO6HQj/tPIh7W0T/gyvZ00N0s9BgZHrxy+eyx6E4/twjIBmzuc3GSB6JQXdZs9iLzTvs1OeWtiTlfOA3Ase6HOYRlrnO0oggo4tPK7BpqpRmA19dy6gLhwCnBh0OUNiQlUwxFjqU/yRB322+NJ2m2zxYFVCzFmNWrwF758Z2dWnIkyicDJbAdauAxyO8I0h3Qt0IWJx/bOoRdLvgtiUKRn9Ai3yBn8w+/L2K9mVZOUbpjKKZ4ArRNyfrETW3kanOQECgYEA+2w9oCjqauR7lwgvDdJcp3L/qMCX2NKWELUMWDoN5eQectvXgrbFshef1HEWeaOvtc4Zp/oKy6yhYfnU1/eqvmjdPyA8w1MbIBIMY3rjhCGMhZPB2GSk061OKVBR92INMtfHClBJazKMINB6jHGHPbxU0FQrIe+/uTD+rtYkS9sCgYEA891Jg7P6F8M3hMJ/aqVNs69nWDhMimGZms4iUdv8mJfSqjbqIGU125g1Xxsg21QDmUqB/hsnpy3XcTHtMTl6CpDK2+twUsa1aPN3ZlG6fHgUJY20bzREteVC649FPT6s5R7gfoSVmBCvVUc7ARO5ZwGBzTRpZmNSlreQJ7myxsECgYB0q8n9JH+Dkvt3HqkXNOMiIU9aM+VDDJXustVDq8z/PViT3Eips78R4bydjMztLXRAXZ+yP2n7EeTh3llSzu9A5NCmloMb8NjJjRaKo2Ao1Jis8+AkVq/WOrnmmgsvTSTqzw7iTleDkzVLlPMJcTVdBKQm+Kf7W5IQkhfdcintuQKBgQCj8rWl0a3lo90DaC95Z0Dh+J6l9NOghRVbuhHgruEXRZrfzKOCvAiFZcMb+YURb14sBKd4SpFSF8Or2kD4wweFauq3B4YwYF89+9Dd/Tw+ygvhY29XA/DdyRBAhcWq8yQRtbx/0mswHKeD0audgcE3uw+lAgOKTmQL58UGsBW9AQKBgFfQ/eOXICe8Ty/f6EwBQz6fKu65aJvVw1MRLmCzmxTkqbA7SanF0L1nRkqtls8cGliI8CHQz9u8TrHm07+iByN7g5QBygGWrH0uJAauzo7uuBtqb+RWVsro2mpURFrAVllP8dFz7uz6FRf3kdU/FKhKouguK7JepQWLj6RPZ1mA" ], + "keyUse" : [ "SIG" ], + "certificate" : [ "MIICmzCCAYMCBgGEYvVrojANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZtYXN0ZXIwHhcNMjIxMTEwMTkxMTAxWhcNMzIxMTEwMTkxMjQxWjARMQ8wDQYDVQQDDAZtYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDvgRMjcNJYlo+FvrjDlAjRzn6zRbsj10/KTSk7Uo7kktUpMoOULbHIE9s+d5/b00HNAkgu7EKNVupr9jcJnutQGWUfloerqAFzAnU5tuaINXMQwRKh1vOyHEsCxsXiuDYywZlG5xRXyx7YOQ/YmQLS6/Wtd/fOrHmIkfKTZyTcx+fz2kecBxZb6ZR8GIK3zI/mmPzTDSiZZSdVbIBnrOtFOcdWpiHD60M53K8pPJPmiUG2YvziyrkLer3UndYNMEFzhTdW5hxCRF/QEGPexrwBd53Gz4U4Sk27h6502v3OP3NSVjRe+hdtnGZ/s9I0I0C8gVAr94yvhYb8GdqFTpIbAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFF+AGYRivAH6OYLvjkkjD7caZmba73q5IraDLKkjfYtti41D+CrAsGuItUjjPJ6g5nkntyv9QC4TLKjuuE09LKVL9xzc8DNtTQnolBx9uyYzkVYGOQfixLQzFQ2FXspb4G95IjTzpNkxb3MHR1/8NPI5/PcnKjPPXlJcOhGapTz9YzGvGAP6pEyWy2RYy72Fs8e+uEtB0RiNcSp6vL7wYE7IQ2h5ZruD98fkA6+kIgZtk5pvLPb/5/8i+K//NLcoe9UfTXAq9fbvYO1YhzmeWHGKQs/G1HV89dyuc41ni+Ll9Lv3qkURJk2RFnkzdjlYsKJf6gW+9lBTq/FlXNMCKU=" ], + "priority" : [ "100" ] + } + }, { + "id" : "95918622-5701-42ae-a152-ac6236df6207", + "name" : "aes-generated", + "providerId" : "aes-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "b75de354-b9c6-426a-831f-b3cdcedf2ac7" ], + "secret" : [ "qmBjG0FmOLbrmnd7Lw_eIA" ], + "priority" : [ "100" ] + } + } ] + }, + "internationalizationEnabled" : false, + "supportedLocales" : [ ], + "authenticationFlows" : [ { + "id" : "ab62324d-b3f4-4b42-8c03-92b4e92e3b02", + "alias" : "Account verification options", + "description" : "Method with which to verity the existing account", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-email-verification", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Verify Existing Account by Re-authentication", + "userSetupAllowed" : false + } ] + }, { + "id" : "111be1a7-024c-4784-8f57-a34523142a85", + "alias" : "Authentication Options", + "description" : "Authentication options.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "basic-auth", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "basic-auth-otp", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-spnego", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 30, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "618a5b51-8a38-4d2d-8c06-c103b7cb4e7b", + "alias" : "Browser - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-otp-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "b88b8e8f-e991-4426-bbb9-c51095153878", + "alias" : "Direct Grant - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "direct-grant-validate-otp", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "f590cc44-3df2-4092-b4c7-6f0312342d35", + "alias" : "First broker login - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-otp-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "2621fe70-bed3-4364-b5a5-9302a5536dbf", + "alias" : "Handle Existing Account", + "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-confirm-link", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Account verification options", + "userSetupAllowed" : false + } ] + }, { + "id" : "3bff4c4a-c3ba-49e3-92de-49a819ace349", + "alias" : "Reset - Conditional OTP", + "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-otp", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "7bb5a0e5-e4e5-4a02-896a-af11e702bb93", + "alias" : "User creation or linking", + "description" : "Flow for the existing/non-existing user alternatives", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "create unique user config", + "authenticator" : "idp-create-user-if-unique", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Handle Existing Account", + "userSetupAllowed" : false + } ] + }, { + "id" : "25e0e258-f103-4e63-ad0b-143727c97492", + "alias" : "Verify Existing Account by Re-authentication", + "description" : "Reauthentication of existing account", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-username-password-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "First broker login - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "318e240d-464b-4fc5-9712-967b9758b8c3", + "alias" : "browser", + "description" : "browser based authentication", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-cookie", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-spnego", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "identity-provider-redirector", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 25, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 30, + "autheticatorFlow" : true, + "flowAlias" : "forms", + "userSetupAllowed" : false + } ] + }, { + "id" : "4e6cc5a6-8988-43c0-a480-d388a341daa0", + "alias" : "clients", + "description" : "Base authentication for clients", + "providerId" : "client-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "client-secret", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-jwt", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-secret-jwt", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 30, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-x509", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 40, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "d02d7482-53e0-41d3-bcf1-4e38391a4327", + "alias" : "direct grant", + "description" : "OpenID Connect Resource Owner Grant", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "direct-grant-validate-username", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "direct-grant-validate-password", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 30, + "autheticatorFlow" : true, + "flowAlias" : "Direct Grant - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "56e6d3d7-bcd9-437c-b69c-736eaefaeb25", + "alias" : "docker auth", + "description" : "Used by Docker clients to authenticate against the IDP", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "docker-http-basic-authenticator", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "f83946c6-160d-4401-8b67-4959df8bc8b0", + "alias" : "first broker login", + "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "review profile config", + "authenticator" : "idp-review-profile", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "User creation or linking", + "userSetupAllowed" : false + } ] + }, { + "id" : "8e6d25a4-c030-4d1a-8eb9-1cb489602047", + "alias" : "forms", + "description" : "Username, password, otp and other auth forms.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-username-password-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Browser - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "4600902f-b78c-4c89-a0d8-cfae0954de7d", + "alias" : "http challenge", + "description" : "An authentication flow based on challenge-response HTTP Authentication Schemes", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "no-cookie-redirect", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Authentication Options", + "userSetupAllowed" : false + } ] + }, { + "id" : "4ad1e848-c14e-4e5c-91da-cfb5cc76fdaf", + "alias" : "registration", + "description" : "registration flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-page-form", + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : true, + "flowAlias" : "registration form", + "userSetupAllowed" : false + } ] + }, { + "id" : "86ecf777-f1d3-404a-80a9-328bac74391a", + "alias" : "registration form", + "description" : "registration form", + "providerId" : "form-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-user-creation", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "registration-profile-action", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 40, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "registration-password-action", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 50, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "registration-recaptcha-action", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 60, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "a64c4447-4c3e-4bb9-86ec-8aee6d396923", + "alias" : "reset credentials", + "description" : "Reset credentials for a user if they forgot their password or something", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "reset-credentials-choose-user", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-credential-email", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-password", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 30, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 40, + "autheticatorFlow" : true, + "flowAlias" : "Reset - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "986a4e55-c6cc-4b17-8e4d-54ed8cbe538e", + "alias" : "saml ecp", + "description" : "SAML ECP Profile Authentication Flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "http-basic-authenticator", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + } ], + "authenticatorConfig" : [ { + "id" : "4d15e048-4dd2-436c-8c2d-30eaa2595ff6", + "alias" : "create unique user config", + "config" : { + "require.password.update.after.registration" : "false" + } + }, { + "id" : "37ba61d6-1e59-4591-801a-9e6e9ccd0489", + "alias" : "review profile config", + "config" : { + "update.profile.on.first.login" : "missing" + } + } ], + "requiredActions" : [ { + "alias" : "CONFIGURE_TOTP", + "name" : "Configure OTP", + "providerId" : "CONFIGURE_TOTP", + "enabled" : true, + "defaultAction" : false, + "priority" : 10, + "config" : { } + }, { + "alias" : "terms_and_conditions", + "name" : "Terms and Conditions", + "providerId" : "terms_and_conditions", + "enabled" : false, + "defaultAction" : false, + "priority" : 20, + "config" : { } + }, { + "alias" : "UPDATE_PASSWORD", + "name" : "Update Password", + "providerId" : "UPDATE_PASSWORD", + "enabled" : true, + "defaultAction" : false, + "priority" : 30, + "config" : { } + }, { + "alias" : "UPDATE_PROFILE", + "name" : "Update Profile", + "providerId" : "UPDATE_PROFILE", + "enabled" : true, + "defaultAction" : false, + "priority" : 40, + "config" : { } + }, { + "alias" : "VERIFY_EMAIL", + "name" : "Verify Email", + "providerId" : "VERIFY_EMAIL", + "enabled" : true, + "defaultAction" : false, + "priority" : 50, + "config" : { } + }, { + "alias" : "delete_account", + "name" : "Delete Account", + "providerId" : "delete_account", + "enabled" : false, + "defaultAction" : false, + "priority" : 60, + "config" : { } + }, { + "alias" : "webauthn-register", + "name" : "Webauthn Register", + "providerId" : "webauthn-register", + "enabled" : true, + "defaultAction" : false, + "priority" : 70, + "config" : { } + }, { + "alias" : "webauthn-register-passwordless", + "name" : "Webauthn Register Passwordless", + "providerId" : "webauthn-register-passwordless", + "enabled" : true, + "defaultAction" : false, + "priority" : 80, + "config" : { } + }, { + "alias" : "update_user_locale", + "name" : "Update User Locale", + "providerId" : "update_user_locale", + "enabled" : true, + "defaultAction" : false, + "priority" : 1000, + "config" : { } + } ], + "browserFlow" : "browser", + "registrationFlow" : "registration", + "directGrantFlow" : "direct grant", + "resetCredentialsFlow" : "reset credentials", + "clientAuthenticationFlow" : "clients", + "dockerAuthenticationFlow" : "docker auth", + "attributes" : { + "cibaBackchannelTokenDeliveryMode" : "poll", + "cibaExpiresIn" : "120", + "cibaAuthRequestedUserHint" : "login_hint", + "parRequestUriLifespan" : "60", + "cibaInterval" : "5", + "realmReusableOtpCode" : "false" + }, + "keycloakVersion" : "20.0.1", + "userManagedAccessAllowed" : false, + "clientProfiles" : { + "profiles" : [ ] + }, + "clientPolicies" : { + "policies" : [ ] + } +} \ No newline at end of file diff --git a/docker/keycloak/import/master-users-0.json b/docker/keycloak/import/master-users-0.json new file mode 100644 index 00000000..0cf2c641 --- /dev/null +++ b/docker/keycloak/import/master-users-0.json @@ -0,0 +1,26 @@ +{ + "realm" : "master", + "users" : [ { + "id" : "79f966df-ef86-4f02-8169-a281a5e46a46", + "createdTimestamp" : 1668107562816, + "username" : "admin", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "credentials" : [ { + "id" : "56c23cab-8dbd-4b05-8488-6e04f9f1b7f0", + "type" : "password", + "createdDate" : 1668107563088, + "secretData" : "{\"value\":\"LOXX87O/b+p710gy1N34H2YaQuhTGbwNKNnlBQBsMeA78Rz9D782UJhZNGUGdSgrtXrkbmAUtt7z6U6A3tU50g==\",\"salt\":\"mr4y5EsBiNDozDja6jVzfQ==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "admin", "default-roles-master" ], + "clientRoles" : { + "tapir-realm" : [ "manage-authorization", "view-clients", "manage-users", "query-realms", "manage-realm", "create-client", "query-users", "manage-clients", "view-realm", "manage-events", "manage-identity-providers", "query-clients", "view-users", "query-groups", "view-identity-providers", "view-authorization", "view-events" ] + }, + "notBefore" : 0, + "groups" : [ ] + } ] +} \ No newline at end of file diff --git a/docker/keycloak/import/tapir-realm.json b/docker/keycloak/import/tapir-realm.json new file mode 100644 index 00000000..107cebe5 --- /dev/null +++ b/docker/keycloak/import/tapir-realm.json @@ -0,0 +1,1817 @@ +{ + "id" : "cb071420-4bf8-47f3-93c7-c1aff23d5f55", + "realm" : "tapir", + "notBefore" : 0, + "defaultSignatureAlgorithm" : "RS256", + "revokeRefreshToken" : false, + "refreshTokenMaxReuse" : 0, + "accessTokenLifespan" : 300, + "accessTokenLifespanForImplicitFlow" : 900, + "ssoSessionIdleTimeout" : 1800, + "ssoSessionMaxLifespan" : 36000, + "ssoSessionIdleTimeoutRememberMe" : 0, + "ssoSessionMaxLifespanRememberMe" : 0, + "offlineSessionIdleTimeout" : 2592000, + "offlineSessionMaxLifespanEnabled" : false, + "offlineSessionMaxLifespan" : 5184000, + "clientSessionIdleTimeout" : 0, + "clientSessionMaxLifespan" : 0, + "clientOfflineSessionIdleTimeout" : 0, + "clientOfflineSessionMaxLifespan" : 0, + "accessCodeLifespan" : 60, + "accessCodeLifespanUserAction" : 300, + "accessCodeLifespanLogin" : 1800, + "actionTokenGeneratedByAdminLifespan" : 43200, + "actionTokenGeneratedByUserLifespan" : 300, + "oauth2DeviceCodeLifespan" : 600, + "oauth2DevicePollingInterval" : 5, + "enabled" : true, + "sslRequired" : "external", + "registrationAllowed" : false, + "registrationEmailAsUsername" : false, + "rememberMe" : false, + "verifyEmail" : false, + "loginWithEmailAllowed" : true, + "duplicateEmailsAllowed" : false, + "resetPasswordAllowed" : false, + "editUsernameAllowed" : false, + "bruteForceProtected" : false, + "permanentLockout" : false, + "maxFailureWaitSeconds" : 900, + "minimumQuickLoginWaitSeconds" : 60, + "waitIncrementSeconds" : 60, + "quickLoginCheckMilliSeconds" : 1000, + "maxDeltaTimeSeconds" : 43200, + "failureFactor" : 30, + "roles" : { + "realm" : [ { + "id" : "1aeb5396-c1db-430c-bd15-4dd0393dbc71", + "name" : "offline_access", + "description" : "${role_offline-access}", + "composite" : false, + "clientRole" : false, + "containerId" : "cb071420-4bf8-47f3-93c7-c1aff23d5f55", + "attributes" : { } + }, { + "id" : "5c86a05f-e1c0-483e-b85a-fa5a6b4a443c", + "name" : "default-roles-tapir", + "description" : "${role_default-roles}", + "composite" : true, + "composites" : { + "realm" : [ "offline_access", "uma_authorization" ], + "client" : { + "account" : [ "manage-account", "view-profile" ] + } + }, + "clientRole" : false, + "containerId" : "cb071420-4bf8-47f3-93c7-c1aff23d5f55", + "attributes" : { } + }, { + "id" : "a1978ee6-f88e-4350-b0cf-a0eabcc4267b", + "name" : "uma_authorization", + "description" : "${role_uma_authorization}", + "composite" : false, + "clientRole" : false, + "containerId" : "cb071420-4bf8-47f3-93c7-c1aff23d5f55", + "attributes" : { } + } ], + "client" : { + "realm-management" : [ { + "id" : "27212231-eb02-48f4-a146-6b7cbc24bb47", + "name" : "manage-users", + "description" : "${role_manage-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "90520fda-b4b8-4fc9-9c08-d8b90f456f31", + "attributes" : { } + }, { + "id" : "a7f741a7-3f8f-43a0-9f41-c0fea67e096a", + "name" : "manage-identity-providers", + "description" : "${role_manage-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "90520fda-b4b8-4fc9-9c08-d8b90f456f31", + "attributes" : { } + }, { + "id" : "7564d0f4-51ab-4b8f-b5d0-9c6e0444fe20", + "name" : "query-clients", + "description" : "${role_query-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "90520fda-b4b8-4fc9-9c08-d8b90f456f31", + "attributes" : { } + }, { + "id" : "d8af56dc-f337-4826-a168-134fd8209186", + "name" : "manage-authorization", + "description" : "${role_manage-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "90520fda-b4b8-4fc9-9c08-d8b90f456f31", + "attributes" : { } + }, { + "id" : "6ce3e381-1e71-457e-ab2c-77e53282eee0", + "name" : "manage-clients", + "description" : "${role_manage-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "90520fda-b4b8-4fc9-9c08-d8b90f456f31", + "attributes" : { } + }, { + "id" : "9b6267c8-bbd1-445f-aaa0-06c7d9f29586", + "name" : "query-realms", + "description" : "${role_query-realms}", + "composite" : false, + "clientRole" : true, + "containerId" : "90520fda-b4b8-4fc9-9c08-d8b90f456f31", + "attributes" : { } + }, { + "id" : "521ea42b-4d16-46d2-8472-c8703a349156", + "name" : "query-groups", + "description" : "${role_query-groups}", + "composite" : false, + "clientRole" : true, + "containerId" : "90520fda-b4b8-4fc9-9c08-d8b90f456f31", + "attributes" : { } + }, { + "id" : "fa57c93f-501a-4763-9aac-9de212432462", + "name" : "realm-admin", + "description" : "${role_realm-admin}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "manage-users", "manage-identity-providers", "query-clients", "manage-authorization", "manage-clients", "query-realms", "query-groups", "view-events", "query-users", "create-client", "view-identity-providers", "view-realm", "view-authorization", "view-clients", "view-users", "impersonation", "manage-realm", "manage-events" ] + } + }, + "clientRole" : true, + "containerId" : "90520fda-b4b8-4fc9-9c08-d8b90f456f31", + "attributes" : { } + }, { + "id" : "c430651a-144e-4e04-8362-0edc4409d724", + "name" : "view-events", + "description" : "${role_view-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "90520fda-b4b8-4fc9-9c08-d8b90f456f31", + "attributes" : { } + }, { + "id" : "be20fab9-8548-4cfa-a10a-57d93b9533e1", + "name" : "query-users", + "description" : "${role_query-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "90520fda-b4b8-4fc9-9c08-d8b90f456f31", + "attributes" : { } + }, { + "id" : "f0558505-be32-4f75-80e7-5b5d5776b6ba", + "name" : "create-client", + "description" : "${role_create-client}", + "composite" : false, + "clientRole" : true, + "containerId" : "90520fda-b4b8-4fc9-9c08-d8b90f456f31", + "attributes" : { } + }, { + "id" : "9b2f24d0-df8d-4894-b02a-f7b4594facf0", + "name" : "view-identity-providers", + "description" : "${role_view-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "90520fda-b4b8-4fc9-9c08-d8b90f456f31", + "attributes" : { } + }, { + "id" : "204715bc-eacf-40e4-b1fe-3e7c3a51fc0e", + "name" : "view-realm", + "description" : "${role_view-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "90520fda-b4b8-4fc9-9c08-d8b90f456f31", + "attributes" : { } + }, { + "id" : "8067a3f2-470b-41ac-a11f-331f5ee3b64b", + "name" : "view-authorization", + "description" : "${role_view-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "90520fda-b4b8-4fc9-9c08-d8b90f456f31", + "attributes" : { } + }, { + "id" : "a1abdb5e-03ab-4a8c-8b7a-d26624b41363", + "name" : "view-clients", + "description" : "${role_view-clients}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "query-clients" ] + } + }, + "clientRole" : true, + "containerId" : "90520fda-b4b8-4fc9-9c08-d8b90f456f31", + "attributes" : { } + }, { + "id" : "c98f9544-e73c-4ffc-aa01-891df7fafcb2", + "name" : "view-users", + "description" : "${role_view-users}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "query-groups", "query-users" ] + } + }, + "clientRole" : true, + "containerId" : "90520fda-b4b8-4fc9-9c08-d8b90f456f31", + "attributes" : { } + }, { + "id" : "c45a8a87-0f4d-4379-8a93-17c8cf4137e3", + "name" : "impersonation", + "description" : "${role_impersonation}", + "composite" : false, + "clientRole" : true, + "containerId" : "90520fda-b4b8-4fc9-9c08-d8b90f456f31", + "attributes" : { } + }, { + "id" : "a1a557e5-712b-4f73-acc0-f3306c971fd5", + "name" : "manage-events", + "description" : "${role_manage-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "90520fda-b4b8-4fc9-9c08-d8b90f456f31", + "attributes" : { } + }, { + "id" : "24a3d8cf-781d-40c3-ab02-5fda9e0a32cd", + "name" : "manage-realm", + "description" : "${role_manage-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "90520fda-b4b8-4fc9-9c08-d8b90f456f31", + "attributes" : { } + } ], + "security-admin-console" : [ ], + "tapirweb" : [ ], + "admin-cli" : [ ], + "account-console" : [ ], + "broker" : [ { + "id" : "f2f532f0-81f4-44c2-b9eb-ac8c52501a50", + "name" : "read-token", + "description" : "${role_read-token}", + "composite" : false, + "clientRole" : true, + "containerId" : "48367576-010a-4d41-904b-ee22c83c0a65", + "attributes" : { } + } ], + "account" : [ { + "id" : "5c0ca1f7-b06a-4c79-bb13-1880ea6b2c00", + "name" : "manage-account-links", + "description" : "${role_manage-account-links}", + "composite" : false, + "clientRole" : true, + "containerId" : "f19291b7-bc68-43e4-90c3-ea4c50043f75", + "attributes" : { } + }, { + "id" : "ea9863fb-2e4e-499d-a148-0b76dbc86762", + "name" : "manage-consent", + "description" : "${role_manage-consent}", + "composite" : true, + "composites" : { + "client" : { + "account" : [ "view-consent" ] + } + }, + "clientRole" : true, + "containerId" : "f19291b7-bc68-43e4-90c3-ea4c50043f75", + "attributes" : { } + }, { + "id" : "cf765f09-79d3-402a-8475-77296d9195da", + "name" : "manage-account", + "description" : "${role_manage-account}", + "composite" : true, + "composites" : { + "client" : { + "account" : [ "manage-account-links" ] + } + }, + "clientRole" : true, + "containerId" : "f19291b7-bc68-43e4-90c3-ea4c50043f75", + "attributes" : { } + }, { + "id" : "d139189f-36ea-4086-9aa0-eab8d5f3456f", + "name" : "view-consent", + "description" : "${role_view-consent}", + "composite" : false, + "clientRole" : true, + "containerId" : "f19291b7-bc68-43e4-90c3-ea4c50043f75", + "attributes" : { } + }, { + "id" : "0533de2f-d1ab-46af-b65c-aefec590c6b2", + "name" : "view-profile", + "description" : "${role_view-profile}", + "composite" : false, + "clientRole" : true, + "containerId" : "f19291b7-bc68-43e4-90c3-ea4c50043f75", + "attributes" : { } + }, { + "id" : "25c1d85b-513c-45df-8108-639fee86d059", + "name" : "delete-account", + "description" : "${role_delete-account}", + "composite" : false, + "clientRole" : true, + "containerId" : "f19291b7-bc68-43e4-90c3-ea4c50043f75", + "attributes" : { } + }, { + "id" : "eecc23f2-5d1f-4539-8fd9-dee587814de7", + "name" : "view-applications", + "description" : "${role_view-applications}", + "composite" : false, + "clientRole" : true, + "containerId" : "f19291b7-bc68-43e4-90c3-ea4c50043f75", + "attributes" : { } + }, { + "id" : "1d5123ba-180d-4cc5-837a-fef8c5b11cca", + "name" : "view-groups", + "description" : "${role_view-groups}", + "composite" : false, + "clientRole" : true, + "containerId" : "f19291b7-bc68-43e4-90c3-ea4c50043f75", + "attributes" : { } + } ] + } + }, + "groups" : [ ], + "defaultRole" : { + "id" : "5c86a05f-e1c0-483e-b85a-fa5a6b4a443c", + "name" : "default-roles-tapir", + "description" : "${role_default-roles}", + "composite" : true, + "clientRole" : false, + "containerId" : "cb071420-4bf8-47f3-93c7-c1aff23d5f55" + }, + "requiredCredentials" : [ "password" ], + "otpPolicyType" : "totp", + "otpPolicyAlgorithm" : "HmacSHA1", + "otpPolicyInitialCounter" : 0, + "otpPolicyDigits" : 6, + "otpPolicyLookAheadWindow" : 1, + "otpPolicyPeriod" : 30, + "otpPolicyCodeReusable" : false, + "otpSupportedApplications" : [ "totpAppFreeOTPName", "totpAppGoogleName" ], + "webAuthnPolicyRpEntityName" : "keycloak", + "webAuthnPolicySignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyRpId" : "", + "webAuthnPolicyAttestationConveyancePreference" : "not specified", + "webAuthnPolicyAuthenticatorAttachment" : "not specified", + "webAuthnPolicyRequireResidentKey" : "not specified", + "webAuthnPolicyUserVerificationRequirement" : "not specified", + "webAuthnPolicyCreateTimeout" : 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyAcceptableAaguids" : [ ], + "webAuthnPolicyPasswordlessRpEntityName" : "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyPasswordlessRpId" : "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified", + "webAuthnPolicyPasswordlessCreateTimeout" : 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ], + "scopeMappings" : [ { + "clientScope" : "offline_access", + "roles" : [ "offline_access" ] + } ], + "clientScopeMappings" : { + "account" : [ { + "client" : "account-console", + "roles" : [ "manage-account", "view-groups" ] + } ] + }, + "clients" : [ { + "id" : "f19291b7-bc68-43e4-90c3-ea4c50043f75", + "clientId" : "account", + "name" : "${client_account}", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/tapir/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/realms/tapir/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "8081c387-41ae-4233-abc4-00768054bc29", + "clientId" : "account-console", + "name" : "${client_account-console}", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/tapir/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/realms/tapir/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+", + "pkce.code.challenge.method" : "S256" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "0f3d8542-2d4e-41be-bb1f-f3ae93709b34", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { } + } ], + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "b19fda04-bc55-42d7-ad05-8988db37dd74", + "clientId" : "admin-cli", + "name" : "${client_admin-cli}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : false, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "48367576-010a-4d41-904b-ee22c83c0a65", + "clientId" : "broker", + "name" : "${client_broker}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : true, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "90520fda-b4b8-4fc9-9c08-d8b90f456f31", + "clientId" : "realm-management", + "name" : "${client_realm-management}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : true, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "2c135f32-ca07-4a21-8d85-9fef1cd96cab", + "clientId" : "security-admin-console", + "name" : "${client_security-admin-console}", + "rootUrl" : "${authAdminUrl}", + "baseUrl" : "/admin/tapir/console/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/admin/tapir/console/*" ], + "webOrigins" : [ "+" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+", + "pkce.code.challenge.method" : "S256" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "9c1a67cf-0a11-4a13-ad5f-3c260d631c63", + "name" : "locale", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "locale", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "locale", + "jsonType.label" : "String" + } + } ], + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "5a23aa9b-b98a-4566-9771-54c9d3b93725", + "clientId" : "tapirweb", + "name" : "", + "description" : "", + "rootUrl" : "", + "adminUrl" : "", + "baseUrl" : "", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : true, + "protocol" : "openid-connect", + "attributes" : { + "oidc.ciba.grant.enabled" : "false", + "oauth2.device.authorization.grant.enabled" : "false", + "display.on.consent.screen" : "false", + "backchannel.logout.session.required" : "true", + "backchannel.logout.revoke.offline.tokens" : "false" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : -1, + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + } ], + "clientScopes" : [ { + "id" : "1248388a-df25-4e02-8a2b-4d3673823dd5", + "name" : "offline_access", + "description" : "OpenID Connect built-in scope: offline_access", + "protocol" : "openid-connect", + "attributes" : { + "consent.screen.text" : "${offlineAccessScopeConsentText}", + "display.on.consent.screen" : "true" + } + }, { + "id" : "40b01fed-0677-4785-aece-87a8f1fad772", + "name" : "web-origins", + "description" : "OpenID Connect scope for add allowed web origins to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false", + "consent.screen.text" : "" + }, + "protocolMappers" : [ { + "id" : "7fe19943-7aa9-4838-81c7-361fb60ed426", + "name" : "allowed web origins", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-allowed-origins-mapper", + "consentRequired" : false, + "config" : { } + } ] + }, { + "id" : "051bed5d-66d0-4ce2-8c51-f72dd6956b03", + "name" : "address", + "description" : "OpenID Connect built-in scope: address", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${addressScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "d5d436f6-7ddf-4afd-9953-048046244edc", + "name" : "address", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-address-mapper", + "consentRequired" : false, + "config" : { + "user.attribute.formatted" : "formatted", + "user.attribute.country" : "country", + "user.attribute.postal_code" : "postal_code", + "userinfo.token.claim" : "true", + "user.attribute.street" : "street", + "id.token.claim" : "true", + "user.attribute.region" : "region", + "access.token.claim" : "true", + "user.attribute.locality" : "locality" + } + } ] + }, { + "id" : "04fd37af-305a-4bf7-a745-9984c3066498", + "name" : "acr", + "description" : "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "81e1e02a-78ca-4d56-a6b3-3f4c667a45fc", + "name" : "acr loa level", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-acr-mapper", + "consentRequired" : false, + "config" : { + "id.token.claim" : "true", + "access.token.claim" : "true" + } + } ] + }, { + "id" : "04ad2991-b923-4c80-a1d0-4b8573331b0e", + "name" : "role_list", + "description" : "SAML role list", + "protocol" : "saml", + "attributes" : { + "consent.screen.text" : "${samlRoleListScopeConsentText}", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "9fef2e05-e3ea-4213-9924-1a4ae574896a", + "name" : "role list", + "protocol" : "saml", + "protocolMapper" : "saml-role-list-mapper", + "consentRequired" : false, + "config" : { + "single" : "false", + "attribute.nameformat" : "Basic", + "attribute.name" : "Role" + } + } ] + }, { + "id" : "eed39259-f929-4f77-9341-878c530a9fb3", + "name" : "email", + "description" : "OpenID Connect built-in scope: email", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${emailScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "74ccd966-968f-47be-ba32-68ab45639934", + "name" : "email", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "email", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email", + "jsonType.label" : "String" + } + }, { + "id" : "243d33e1-ccee-4265-bf90-7fe0a48ffe50", + "name" : "email verified", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "emailVerified", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email_verified", + "jsonType.label" : "boolean" + } + } ] + }, { + "id" : "3aca2f14-255a-4eaf-b1cd-1fb532c4e5a9", + "name" : "microprofile-jwt", + "description" : "Microprofile - JWT built-in scope", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "53ed4c40-921a-4122-ab47-b3dc0639d74c", + "name" : "groups", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "multivalued" : "true", + "user.attribute" : "foo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "groups", + "jsonType.label" : "String" + } + }, { + "id" : "04cd15c7-facb-4521-ad0d-094a50c467c3", + "name" : "upn", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "upn", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "cffe02ab-2c11-4e22-a5ef-27e0c0257fe8", + "name" : "roles", + "description" : "OpenID Connect scope for add user roles to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${rolesScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "629f6867-deb4-4313-9d7b-3bd37231b377", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { } + }, { + "id" : "6ec7b5c1-ae6c-4611-b569-792915edb6d8", + "name" : "realm roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "foo", + "access.token.claim" : "true", + "claim.name" : "realm_access.roles", + "jsonType.label" : "String", + "multivalued" : "true" + } + }, { + "id" : "86974809-5ba5-45b5-a891-52cb3ceb1c0f", + "name" : "client roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-client-role-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "foo", + "access.token.claim" : "true", + "claim.name" : "resource_access.${client_id}.roles", + "jsonType.label" : "String", + "multivalued" : "true" + } + } ] + }, { + "id" : "517fbd79-6f63-48dc-b609-374c3a038733", + "name" : "profile", + "description" : "OpenID Connect built-in scope: profile", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${profileScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "a26fe1df-3f74-490d-90e7-24a386333027", + "name" : "locale", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "locale", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "locale", + "jsonType.label" : "String" + } + }, { + "id" : "35e206d9-b075-495d-87b2-6310ad6f742c", + "name" : "picture", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "picture", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "picture", + "jsonType.label" : "String" + } + }, { + "id" : "cc427dff-db3a-4da7-b45b-b19cc33b67c3", + "name" : "profile", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "profile", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "profile", + "jsonType.label" : "String" + } + }, { + "id" : "da9cc209-e71c-4042-a9c3-b191c5430529", + "name" : "nickname", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "nickname", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "nickname", + "jsonType.label" : "String" + } + }, { + "id" : "02bee6b8-a42f-4766-ae37-a7268d1f31e6", + "name" : "given name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "firstName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "given_name", + "jsonType.label" : "String" + } + }, { + "id" : "2cd8aba4-2dec-49a2-a295-978d27750d6d", + "name" : "username", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "preferred_username", + "jsonType.label" : "String" + } + }, { + "id" : "9946bf29-e933-4857-bbc9-116908a0590f", + "name" : "birthdate", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "birthdate", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "birthdate", + "jsonType.label" : "String" + } + }, { + "id" : "f87f3368-5a51-40a8-9d96-54a57c17120f", + "name" : "gender", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "gender", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "gender", + "jsonType.label" : "String" + } + }, { + "id" : "d16f4e26-b313-47ac-8838-a84afa01ec44", + "name" : "updated at", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "updatedAt", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "updated_at", + "jsonType.label" : "long" + } + }, { + "id" : "4e8e92fe-307e-4905-94fb-eb8e371669aa", + "name" : "full name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-full-name-mapper", + "consentRequired" : false, + "config" : { + "id.token.claim" : "true", + "access.token.claim" : "true", + "userinfo.token.claim" : "true" + } + }, { + "id" : "abd2af24-c248-4d03-b30a-b2af2847ab37", + "name" : "family name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "lastName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "family_name", + "jsonType.label" : "String" + } + }, { + "id" : "09462f82-5d6e-428f-8cc4-0f53fbd874a7", + "name" : "middle name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "middleName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "middle_name", + "jsonType.label" : "String" + } + }, { + "id" : "970d0ed0-406e-4272-9376-c9422c3223a3", + "name" : "website", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "website", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "website", + "jsonType.label" : "String" + } + }, { + "id" : "99fba8a9-0c09-4de5-a922-444c125f111f", + "name" : "zoneinfo", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "zoneinfo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "zoneinfo", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "0e0e5319-e8d3-4dab-860e-0b4ee2388ef9", + "name" : "phone", + "description" : "OpenID Connect built-in scope: phone", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${phoneScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "af70fbb4-20cd-425d-b5ef-99492b0bb87a", + "name" : "phone number", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "phoneNumber", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "phone_number", + "jsonType.label" : "String" + } + }, { + "id" : "cafa8227-796f-48ac-adc3-3d302c2d048f", + "name" : "phone number verified", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "phoneNumberVerified", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "phone_number_verified", + "jsonType.label" : "boolean" + } + } ] + } ], + "defaultDefaultClientScopes" : [ "role_list", "profile", "email", "roles", "web-origins", "acr" ], + "defaultOptionalClientScopes" : [ "offline_access", "address", "phone", "microprofile-jwt" ], + "browserSecurityHeaders" : { + "contentSecurityPolicyReportOnly" : "", + "xContentTypeOptions" : "nosniff", + "xRobotsTag" : "none", + "xFrameOptions" : "SAMEORIGIN", + "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "xXSSProtection" : "1; mode=block", + "strictTransportSecurity" : "max-age=31536000; includeSubDomains" + }, + "smtpServer" : { }, + "eventsEnabled" : false, + "eventsListeners" : [ "jboss-logging" ], + "enabledEventTypes" : [ ], + "adminEventsEnabled" : false, + "adminEventsDetailsEnabled" : false, + "identityProviders" : [ ], + "identityProviderMappers" : [ ], + "components" : { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ { + "id" : "8ec5f951-7920-4440-929c-2756eaaffce4", + "name" : "Consent Required", + "providerId" : "consent-required", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "57462e25-502a-456d-9775-a8e9c1621194", + "name" : "Full Scope Disabled", + "providerId" : "scope", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "10f06cc1-3df5-4b6a-8ef9-0768d7e96504", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allow-default-scopes" : [ "true" ] + } + }, { + "id" : "175ad763-bd1e-4a52-adab-acbc00fb75ed", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "oidc-full-name-mapper", "oidc-usermodel-attribute-mapper", "saml-role-list-mapper", "oidc-address-mapper", "saml-user-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-property-mapper", "oidc-usermodel-property-mapper" ] + } + }, { + "id" : "aaa0fcd4-4211-4755-844a-502c31e2549c", + "name" : "Max Clients Limit", + "providerId" : "max-clients", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "max-clients" : [ "200" ] + } + }, { + "id" : "45361461-ef7e-4413-a73b-01518757914f", + "name" : "Trusted Hosts", + "providerId" : "trusted-hosts", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "host-sending-registration-request-must-match" : [ "true" ], + "client-uris-must-match" : [ "true" ] + } + }, { + "id" : "b112b928-c1aa-4229-973a-3d60ddfb476d", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "saml-role-list-mapper", "oidc-full-name-mapper", "saml-user-property-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-property-mapper", "oidc-address-mapper", "saml-user-attribute-mapper", "oidc-usermodel-attribute-mapper" ] + } + }, { + "id" : "d72fc74e-7583-458b-ac52-6ddd5580e5b2", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "allow-default-scopes" : [ "true" ] + } + } ], + "org.keycloak.keys.KeyProvider" : [ { + "id" : "918f1323-f9b2-4e86-8571-1b5043bfbde1", + "name" : "rsa-generated", + "providerId" : "rsa-generated", + "subComponents" : { }, + "config" : { + "privateKey" : [ "MIIEpAIBAAKCAQEAxmav4eqhSN0MfKNbfJ1FpbfnSuYD65YccTOxbgY+AQplx64ujh/Cl3mT0CCzoQ3IijsV4r+2sNJQDjKM3X4/oy+KRYVq9Y+zWhhvvmA1uwl3mEfzkPmKGOIDNGd5N35ohTAJpBs/3QIJ0xqF05OlhLNjJqTRX7yvszCKIJ5HWgLzqSqmFMs/qwY8xWMOg3/z6ThgTFtmzqN0PwgJzXS81EHFpvMpBqT933LXaYxQOnYda6lIy4hW1siyl3QDx9t2zt6GC4d8o/bZwvJEYUmK5J681nfgIXpxwbzpxRmNvpqNzGmHwuBUd/8fMjpsVnu+VNWvXe2YcefAvIHdQ0unMwIDAQABAoIBAAn8UBzkRMLYkVDSnf+rIL7C/0qnQgpA72SJMAR0HvnJbq76ptAzbAVYsqZWhwPzoCTI7YSQlp7Wrv3P8IQTXxuVAHYYTXZXibTepv0jdYDY7KKG+IzS6m7vLS8diB3RaGxPqySN1IyIljsASj0IYNvJdZOT1w/k/MjdiA41OS0gAxzcCM6R0kUWgbTUxmCbCOPmOUIgMYY3dBF/VRn5KF8LUZ1Yf046mJ5HlcWRNV5grbNKhEozq7RA/a+5Djnp8YjdWsALsd6iJK1s38DrhgWzbsc4pt+i3jlqFyqjyeYONCa/wiL0RVCJjRuj3LlM7hT8TmQ7LFfMwkU2TMfZy1UCgYEA+J5FNfToC54tVqRVv3YunYW6EWPmK606hd/q4YB3aoGIGOYJcRASuQM3WMaxT3tLqd/gwyRiK7VHJFZOBw75Uri+r5ok6GCPjyzJWvgI0kSCwGUJMimZeA3RVJ+A3lkUoSg6so9dSH0nX3ZQpOQg0XI19Oa0aXPOINT+lf4aHQ8CgYEAzEq4S1Qv+RyUsd7j2SuN1eigVBSzMRY8UkywYL0x6kUW/WDwL/iYzNguS/uuzvPcLLCD6FtxTaKE77ekQ6k7R/8VHlGHrw1si3bNC5Nzo3WBHWpz6TOyuuTAgI/jYf3dm9oXP3kY7oCnlH1mWvj/lhV3xKstzsu4/lIHS5rU250CgYEA1MEEM0dQZ9jFrbZV1tF41L5CW21k5A2K3lOfObho+JC+eagpfkKl8wOIkoT96Sl2t3lpazUweXzY04SzoyCyRZLpQ3aijOVNFNXbvegyDFYqmiAcPXwR5AXXFBam/h+3Iq49hN5gko7fabbjDihW2UVmXRwsWW2LgNckwhDAIgsCgYBJ5Kj+jkf/6ieaos11avyVp9v+LbKXCbzt49FUXHqmizECm0Klh1z1kyhD0ZhsQOadv4cmz5SPCT7eWmVvF9Jae1iPK9xRJCDj3SfTjRUhxcna8vtUGaAHW+CJYAJWGnZC/kK0cb/j3ONAoY8ZTsFb7w3wNB6Qkz2pt8/tt+ZQPQKBgQDIR8Z0w763IgB/5eiv8l0SH/n2TZzY2xhK+ey2YlLRYXVl9SfqMKa16+w9GVJeqf7JSdld6sqmGhwTM/GduYxPqu+WXUggI8i3t4/jtkqv7j8E/orEAvOcP4/XNOiNIkRwfsWoTIPr95Z7+sncfjYrspNKyJA3zc7+9Ns6bzDXNQ==" ], + "keyUse" : [ "SIG" ], + "certificate" : [ "MIICmTCCAYECBgGEYvXh9TANBgkqhkiG9w0BAQsFADAQMQ4wDAYDVQQDDAV0YXBpcjAeFw0yMjExMTAxOTExMzJaFw0zMjExMTAxOTEzMTJaMBAxDjAMBgNVBAMMBXRhcGlyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxmav4eqhSN0MfKNbfJ1FpbfnSuYD65YccTOxbgY+AQplx64ujh/Cl3mT0CCzoQ3IijsV4r+2sNJQDjKM3X4/oy+KRYVq9Y+zWhhvvmA1uwl3mEfzkPmKGOIDNGd5N35ohTAJpBs/3QIJ0xqF05OlhLNjJqTRX7yvszCKIJ5HWgLzqSqmFMs/qwY8xWMOg3/z6ThgTFtmzqN0PwgJzXS81EHFpvMpBqT933LXaYxQOnYda6lIy4hW1siyl3QDx9t2zt6GC4d8o/bZwvJEYUmK5J681nfgIXpxwbzpxRmNvpqNzGmHwuBUd/8fMjpsVnu+VNWvXe2YcefAvIHdQ0unMwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBDkwxd8mClrbWhKT47KI4y+tEtKLl5YA2jUrLzwE0AgXwPOca7kAEgyLJtCwc8aV7tNI+A5hTwQuknmESOvL017GmvMxYYlBlikV3jV4/AKZqXfc3gfjwxR1xwVFBSd54WBBxkTVhd6dDNVGbuq9M+McgqfGacxCyYUmyINDfRgkVp4eFXb/LXZ81XUYHnPXdSG9hiX4yXe1cqgrcvphy6Q6DLXd+7AzTcWWv9s5VKV7Z6V+XM3lclqHYMFivzFepmkO1EfafGd/vF/KsRC595G4uGt2KeDqyXl77CSZWx9hGCVeBIty8aATvH2SZwZa4sY0ntILD8hrY5oGMDP0LY" ], + "priority" : [ "100" ] + } + }, { + "id" : "06af4665-0f00-4c86-a288-da0fca58cd55", + "name" : "aes-generated", + "providerId" : "aes-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "df200d69-971e-4e35-b0da-da1763816977" ], + "secret" : [ "PnrHHsASMKpbad1YvBoIUw" ], + "priority" : [ "100" ] + } + }, { + "id" : "e0bdb617-06aa-4e6f-ad03-c1674872a905", + "name" : "rsa-enc-generated", + "providerId" : "rsa-enc-generated", + "subComponents" : { }, + "config" : { + "privateKey" : [ "MIIEowIBAAKCAQEA3WnnWDfo/OpPfBGv7+OI599o8SkG2lYFOT7rEiUKFSTFdYhpzYeKS58QBN9es6iGWoc2cGXp1szQ3nwZXxfLs7i3HnKOTyoyxFRldd2fgOP45gnGdlp3VmrUTCMxyyfYD8Lmq9orQQQJgvSO6brvpvIfc90B0PA7ozJPdJgFfVkGwFoHa7AfrCC7KwfSmZG4jjVJLftuCKSbKm5rHnk/e8QGRoKsQbTx0ojLEle9lyH3k2p19uHsVng+l/iA2wCTrMsP7RF1ZwaOffoYLjgnRcK9DJCeRj/pj+6rx7Bs+DG3y8/ZAUY00DIYf7g+x+5NGRXFX9PC0jCcuuxQadEmdwIDAQABAoIBAFkd6Rme104E2R0s2U2KnW4Gg+ydAL8cZFnYMzFIazh7ZmaaE0vARC+PxBjR9wIE0J7bUVQIEQh9w4vpEyUtJLYfoMTGgvTmHSzcc0Hvg+WS3HlqcdDtNJ85vF0wxTfpv5MIdWOyGjq+7z0gRe1ZamAdj/9IcxSvvLFA7K4XCg6a6O6LJ206t/3TzZ8KfXUkm+3zhzcq1SsDSo/K1Le0XCkq6oI+UBdkSvG0YVfdMi5jyn3zp7Jk8DOUuTyj2Fi5K+/PyLGxuk3zcTvnLxMVdddRDJ5dNNKLF1JabvjpTBdOVe8C6Ht9B152y4Az250nezd6ROjxccujApounpvGoFECgYEA78BM4eFs/h7RpOJY3rsUCStoDoHok9IlxBrWdZli8Z/oskKztTv4LFiwvOxadBcOdAMb0+slOvcOvjhTjMXsrhDCAEeE/jfR+9LhMdKF7EgDeG1VgCW+nqJMeWo0VOQyY/Mj7FPnHh21tONBCujRibmC1Vex42aQ5EDgLscMo5UCgYEA7GtyWeyco39V7Lzy7AfuT8QrBuYNGo8UKo1+VS/ns6ZpBnDYtJ+PDqvowdhJFUqGJDlFUc3QCfmO6o2Y1PtYNs/X/Mj8yrqIm3K08pp2nO1WQo0Bq/CQGpo7DtTkpYh+JCSEpLNfuIstx0q3ab6DG+6wkrcwToNuqz80FtIO3tsCgYASVN7MCqN9zrdy5weqiB1hEhuTuGUjIFdY5kBtn3vMQ9DUCHubKOmx4lopJ91GsRie0DoJexpOpuNOshnZUqzlJkzfHpjRo0z/90DWwWUSCvOQ+rMl6Dzp/jjgs7kqoIQl1kpx4Hx0dgsVuKaZgfG7mR6i12C3pXkAquE5Umjp/QKBgGC/W41HEZaqrjvx2qsSV8iWq1DoZaZftM3xFyi/MN9IkyQKm/PWc9F6MgbZfpbS52/9a8udIKxkTsLXbRqDPMc5aNbOXPyNNwf9+eRpp25yhWE4mN2G1UG9qbtZDbRb1drugsVvjhVUB0jN357LUpXkqKdxhbgreudjNuq7zVAPAoGBANk14n9y2Fq9MUnKmfmuGXLnE4GJayzMRtlw39H4HgMGnsQ3R1em3HtR0eO0qOhg5cU8CmGBRPdr0Ez3xi3Ae6cP7LU2z6YIBvEQSkpiliUKb8lUzKFsKLU+qcw2SsJQngGqNWyp5EEuWfHeddXDxTHYSGf9K1YzQ/bjBvJbno3L" ], + "keyUse" : [ "ENC" ], + "certificate" : [ "MIICmTCCAYECBgGEYvXkwjANBgkqhkiG9w0BAQsFADAQMQ4wDAYDVQQDDAV0YXBpcjAeFw0yMjExMTAxOTExMzJaFw0zMjExMTAxOTEzMTJaMBAxDjAMBgNVBAMMBXRhcGlyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3WnnWDfo/OpPfBGv7+OI599o8SkG2lYFOT7rEiUKFSTFdYhpzYeKS58QBN9es6iGWoc2cGXp1szQ3nwZXxfLs7i3HnKOTyoyxFRldd2fgOP45gnGdlp3VmrUTCMxyyfYD8Lmq9orQQQJgvSO6brvpvIfc90B0PA7ozJPdJgFfVkGwFoHa7AfrCC7KwfSmZG4jjVJLftuCKSbKm5rHnk/e8QGRoKsQbTx0ojLEle9lyH3k2p19uHsVng+l/iA2wCTrMsP7RF1ZwaOffoYLjgnRcK9DJCeRj/pj+6rx7Bs+DG3y8/ZAUY00DIYf7g+x+5NGRXFX9PC0jCcuuxQadEmdwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQDGB3wgX992oIvQiNGVBG4s2sjjZ4LcOMeMuWldihLOLL/dQRRnX8TjsEdB6m3EjdN5fatf09eYNZLWlHeYnCLNxUDPoJH5q1CC7RzCefgpy/Bvkk3J2Zw1coKP1pVNVqzDd12+jN0P8sh5vNW2JW9yevRspGzuhdX9md3XgTvrySRCzzIpItkl37CYSWZtiRbu0kHXIEyLvaEawNY2pMxzdgNnHsYoDXPH5T01LWWJJBURMM033gdjCAR6reI+w6EnBXKVmZTf9B4Sn5q8iQ29llQ8JOrlBheum+AyXA/okvqumCbUKSKS6xcnDiee0NmPy3a8TQeZq42BolsGZ2/w" ], + "priority" : [ "100" ], + "algorithm" : [ "RSA-OAEP" ] + } + }, { + "id" : "1dbff244-5a37-46c6-af71-75802573608f", + "name" : "hmac-generated", + "providerId" : "hmac-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "f8ff75c8-0598-4ae8-b13d-a7ad0d8966dd" ], + "secret" : [ "jOwVK6jZ6LRH6mtInBwYBEjhaVS6j8YwBCy0pq3wGGlOqprQFRoHnmueFLt6XGxlyXmefUes2OXl8tHSMln8lA" ], + "priority" : [ "100" ], + "algorithm" : [ "HS256" ] + } + } ] + }, + "internationalizationEnabled" : false, + "supportedLocales" : [ ], + "authenticationFlows" : [ { + "id" : "cd28e600-7124-4981-a423-e9ad42f724de", + "alias" : "Account verification options", + "description" : "Method with which to verity the existing account", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-email-verification", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Verify Existing Account by Re-authentication", + "userSetupAllowed" : false + } ] + }, { + "id" : "2fba87f1-b9d9-4c6d-9d9e-241c3e673986", + "alias" : "Authentication Options", + "description" : "Authentication options.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "basic-auth", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "basic-auth-otp", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-spnego", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 30, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "96af74e2-40be-49a1-a795-7e758ad855dd", + "alias" : "Browser - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-otp-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "6d1c5777-6eb2-45d3-952c-abf9cf1132b1", + "alias" : "Direct Grant - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "direct-grant-validate-otp", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "02e85931-4941-4b64-a15c-2002e24909c4", + "alias" : "First broker login - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-otp-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "8925de5e-3cf8-48b7-8286-995aa66d63c8", + "alias" : "Handle Existing Account", + "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-confirm-link", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Account verification options", + "userSetupAllowed" : false + } ] + }, { + "id" : "3dd1e111-0ec8-46af-8802-9131253354ba", + "alias" : "Reset - Conditional OTP", + "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-otp", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "c9377acf-bb0e-488f-95f7-818e0a8f8c66", + "alias" : "User creation or linking", + "description" : "Flow for the existing/non-existing user alternatives", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "create unique user config", + "authenticator" : "idp-create-user-if-unique", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Handle Existing Account", + "userSetupAllowed" : false + } ] + }, { + "id" : "af8a1329-dbd1-4af2-b04d-40f034e7258b", + "alias" : "Verify Existing Account by Re-authentication", + "description" : "Reauthentication of existing account", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-username-password-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "First broker login - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "dc407010-73c0-48ff-b54b-5c1986a82a37", + "alias" : "browser", + "description" : "browser based authentication", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-cookie", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-spnego", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "identity-provider-redirector", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 25, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 30, + "autheticatorFlow" : true, + "flowAlias" : "forms", + "userSetupAllowed" : false + } ] + }, { + "id" : "34935b2b-425d-4a48-ae9c-d84e5133748b", + "alias" : "clients", + "description" : "Base authentication for clients", + "providerId" : "client-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "client-secret", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-jwt", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-secret-jwt", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 30, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-x509", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 40, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "3b181595-1045-4858-8a4e-7ada58eec931", + "alias" : "direct grant", + "description" : "OpenID Connect Resource Owner Grant", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "direct-grant-validate-username", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "direct-grant-validate-password", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 30, + "autheticatorFlow" : true, + "flowAlias" : "Direct Grant - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "4eb93e56-d217-4bef-9e51-8967f5201016", + "alias" : "docker auth", + "description" : "Used by Docker clients to authenticate against the IDP", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "docker-http-basic-authenticator", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "498e4e9f-935e-4edd-a478-154d7bfad43b", + "alias" : "first broker login", + "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "review profile config", + "authenticator" : "idp-review-profile", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "User creation or linking", + "userSetupAllowed" : false + } ] + }, { + "id" : "a6c38b78-3c62-43d7-aa01-3dbe5a288cd4", + "alias" : "forms", + "description" : "Username, password, otp and other auth forms.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-username-password-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Browser - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "e9162a69-03bc-46d6-afad-d81ffbfed838", + "alias" : "http challenge", + "description" : "An authentication flow based on challenge-response HTTP Authentication Schemes", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "no-cookie-redirect", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Authentication Options", + "userSetupAllowed" : false + } ] + }, { + "id" : "e3fdb905-acbb-4200-b78f-15af8a6455de", + "alias" : "registration", + "description" : "registration flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-page-form", + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : true, + "flowAlias" : "registration form", + "userSetupAllowed" : false + } ] + }, { + "id" : "0ee55010-a42e-444c-bb90-92452fd6109d", + "alias" : "registration form", + "description" : "registration form", + "providerId" : "form-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-user-creation", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "registration-profile-action", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 40, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "registration-password-action", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 50, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "registration-recaptcha-action", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 60, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "8a22dcdf-56b7-4998-a355-b44b17b0667b", + "alias" : "reset credentials", + "description" : "Reset credentials for a user if they forgot their password or something", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "reset-credentials-choose-user", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-credential-email", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-password", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 30, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 40, + "autheticatorFlow" : true, + "flowAlias" : "Reset - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "c3f28e9d-4f33-4b87-aa0c-c38ce129250c", + "alias" : "saml ecp", + "description" : "SAML ECP Profile Authentication Flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "http-basic-authenticator", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + } ], + "authenticatorConfig" : [ { + "id" : "ed350df9-a2e6-4049-8a11-27afc3bc0877", + "alias" : "create unique user config", + "config" : { + "require.password.update.after.registration" : "false" + } + }, { + "id" : "c74cbe6d-62f6-4219-b84d-efbae0df7739", + "alias" : "review profile config", + "config" : { + "update.profile.on.first.login" : "missing" + } + } ], + "requiredActions" : [ { + "alias" : "CONFIGURE_TOTP", + "name" : "Configure OTP", + "providerId" : "CONFIGURE_TOTP", + "enabled" : true, + "defaultAction" : false, + "priority" : 10, + "config" : { } + }, { + "alias" : "terms_and_conditions", + "name" : "Terms and Conditions", + "providerId" : "terms_and_conditions", + "enabled" : false, + "defaultAction" : false, + "priority" : 20, + "config" : { } + }, { + "alias" : "UPDATE_PASSWORD", + "name" : "Update Password", + "providerId" : "UPDATE_PASSWORD", + "enabled" : true, + "defaultAction" : false, + "priority" : 30, + "config" : { } + }, { + "alias" : "UPDATE_PROFILE", + "name" : "Update Profile", + "providerId" : "UPDATE_PROFILE", + "enabled" : true, + "defaultAction" : false, + "priority" : 40, + "config" : { } + }, { + "alias" : "VERIFY_EMAIL", + "name" : "Verify Email", + "providerId" : "VERIFY_EMAIL", + "enabled" : true, + "defaultAction" : false, + "priority" : 50, + "config" : { } + }, { + "alias" : "delete_account", + "name" : "Delete Account", + "providerId" : "delete_account", + "enabled" : false, + "defaultAction" : false, + "priority" : 60, + "config" : { } + }, { + "alias" : "webauthn-register", + "name" : "Webauthn Register", + "providerId" : "webauthn-register", + "enabled" : true, + "defaultAction" : false, + "priority" : 70, + "config" : { } + }, { + "alias" : "webauthn-register-passwordless", + "name" : "Webauthn Register Passwordless", + "providerId" : "webauthn-register-passwordless", + "enabled" : true, + "defaultAction" : false, + "priority" : 80, + "config" : { } + }, { + "alias" : "update_user_locale", + "name" : "Update User Locale", + "providerId" : "update_user_locale", + "enabled" : true, + "defaultAction" : false, + "priority" : 1000, + "config" : { } + } ], + "browserFlow" : "browser", + "registrationFlow" : "registration", + "directGrantFlow" : "direct grant", + "resetCredentialsFlow" : "reset credentials", + "clientAuthenticationFlow" : "clients", + "dockerAuthenticationFlow" : "docker auth", + "attributes" : { + "cibaBackchannelTokenDeliveryMode" : "poll", + "cibaExpiresIn" : "120", + "cibaAuthRequestedUserHint" : "login_hint", + "oauth2DeviceCodeLifespan" : "600", + "oauth2DevicePollingInterval" : "5", + "parRequestUriLifespan" : "60", + "cibaInterval" : "5", + "realmReusableOtpCode" : "false" + }, + "keycloakVersion" : "20.0.1", + "userManagedAccessAllowed" : false, + "clientProfiles" : { + "profiles" : [ ] + }, + "clientPolicies" : { + "policies" : [ ] + } +} \ No newline at end of file diff --git a/docker/keycloak/import/tapir.json b/docker/keycloak/import/tapir.json deleted file mode 100644 index b6428b66..00000000 --- a/docker/keycloak/import/tapir.json +++ /dev/null @@ -1,1949 +0,0 @@ -{ - "id" : "e96b3225-836e-41b9-aac2-f1edd9e40da7", - "realm" : "Tapir", - "notBefore" : 0, - "defaultSignatureAlgorithm" : "RS256", - "revokeRefreshToken" : false, - "refreshTokenMaxReuse" : 0, - "accessTokenLifespan" : 300, - "accessTokenLifespanForImplicitFlow" : 900, - "ssoSessionIdleTimeout" : 1800, - "ssoSessionMaxLifespan" : 36000, - "ssoSessionIdleTimeoutRememberMe" : 0, - "ssoSessionMaxLifespanRememberMe" : 0, - "offlineSessionIdleTimeout" : 2592000, - "offlineSessionMaxLifespanEnabled" : false, - "offlineSessionMaxLifespan" : 5184000, - "clientSessionIdleTimeout" : 0, - "clientSessionMaxLifespan" : 0, - "clientOfflineSessionIdleTimeout" : 0, - "clientOfflineSessionMaxLifespan" : 0, - "accessCodeLifespan" : 60, - "accessCodeLifespanUserAction" : 300, - "accessCodeLifespanLogin" : 1800, - "actionTokenGeneratedByAdminLifespan" : 43200, - "actionTokenGeneratedByUserLifespan" : 300, - "oauth2DeviceCodeLifespan" : 600, - "oauth2DevicePollingInterval" : 5, - "enabled" : true, - "sslRequired" : "external", - "registrationAllowed" : false, - "registrationEmailAsUsername" : false, - "rememberMe" : false, - "verifyEmail" : false, - "loginWithEmailAllowed" : true, - "duplicateEmailsAllowed" : false, - "resetPasswordAllowed" : false, - "editUsernameAllowed" : false, - "bruteForceProtected" : false, - "permanentLockout" : false, - "maxFailureWaitSeconds" : 900, - "minimumQuickLoginWaitSeconds" : 60, - "waitIncrementSeconds" : 60, - "quickLoginCheckMilliSeconds" : 1000, - "maxDeltaTimeSeconds" : 43200, - "failureFactor" : 30, - "roles" : { - "realm" : [ { - "id" : "63232a9b-3564-4eef-99db-9ebef7a1bf8e", - "name" : "uma_authorization", - "description" : "${role_uma_authorization}", - "composite" : false, - "clientRole" : false, - "containerId" : "e96b3225-836e-41b9-aac2-f1edd9e40da7", - "attributes" : { } - }, { - "id" : "128bd531-f9a1-4e9d-a0f4-7f863700bc37", - "name" : "offline_access", - "description" : "${role_offline-access}", - "composite" : false, - "clientRole" : false, - "containerId" : "e96b3225-836e-41b9-aac2-f1edd9e40da7", - "attributes" : { } - }, { - "id" : "c2680db5-730e-46fc-ae10-53e6534e4425", - "name" : "default-roles-tapir", - "description" : "${role_default-roles}", - "composite" : true, - "composites" : { - "realm" : [ "offline_access", "uma_authorization" ], - "client" : { - "account" : [ "manage-account", "view-profile" ] - } - }, - "clientRole" : false, - "containerId" : "e96b3225-836e-41b9-aac2-f1edd9e40da7", - "attributes" : { } - } ], - "client" : { - "realm-management" : [ { - "id" : "5852244f-7e91-4ccb-8160-8ed58b5a6198", - "name" : "manage-clients", - "description" : "${role_manage-clients}", - "composite" : false, - "clientRole" : true, - "containerId" : "76f84ae7-607f-4139-91a4-d5df3c967a4d", - "attributes" : { } - }, { - "id" : "34e84ea2-0870-4381-bf81-85c9f85557da", - "name" : "create-client", - "description" : "${role_create-client}", - "composite" : false, - "clientRole" : true, - "containerId" : "76f84ae7-607f-4139-91a4-d5df3c967a4d", - "attributes" : { } - }, { - "id" : "fb85914f-16ff-4630-930c-bd40b2cf1452", - "name" : "manage-identity-providers", - "description" : "${role_manage-identity-providers}", - "composite" : false, - "clientRole" : true, - "containerId" : "76f84ae7-607f-4139-91a4-d5df3c967a4d", - "attributes" : { } - }, { - "id" : "9b22c5c8-f951-442f-9a30-7c17402962e9", - "name" : "manage-realm", - "description" : "${role_manage-realm}", - "composite" : false, - "clientRole" : true, - "containerId" : "76f84ae7-607f-4139-91a4-d5df3c967a4d", - "attributes" : { } - }, { - "id" : "9ae61da5-df73-40ea-bb3e-9694013c3734", - "name" : "query-realms", - "description" : "${role_query-realms}", - "composite" : false, - "clientRole" : true, - "containerId" : "76f84ae7-607f-4139-91a4-d5df3c967a4d", - "attributes" : { } - }, { - "id" : "432861b4-3885-4700-b609-ef55ad5ce764", - "name" : "view-authorization", - "description" : "${role_view-authorization}", - "composite" : false, - "clientRole" : true, - "containerId" : "76f84ae7-607f-4139-91a4-d5df3c967a4d", - "attributes" : { } - }, { - "id" : "d3df7858-c1be-4af0-a3b7-f75d1ca998d0", - "name" : "query-groups", - "description" : "${role_query-groups}", - "composite" : false, - "clientRole" : true, - "containerId" : "76f84ae7-607f-4139-91a4-d5df3c967a4d", - "attributes" : { } - }, { - "id" : "b7a892eb-9a8e-482a-bff9-4bdbd0434aa5", - "name" : "query-users", - "description" : "${role_query-users}", - "composite" : false, - "clientRole" : true, - "containerId" : "76f84ae7-607f-4139-91a4-d5df3c967a4d", - "attributes" : { } - }, { - "id" : "06df3594-bf19-4e3a-aa6e-ad5407ad7dd9", - "name" : "view-clients", - "description" : "${role_view-clients}", - "composite" : true, - "composites" : { - "client" : { - "realm-management" : [ "query-clients" ] - } - }, - "clientRole" : true, - "containerId" : "76f84ae7-607f-4139-91a4-d5df3c967a4d", - "attributes" : { } - }, { - "id" : "d24c4a78-7a38-45fe-8b9a-1204edbf728f", - "name" : "query-clients", - "description" : "${role_query-clients}", - "composite" : false, - "clientRole" : true, - "containerId" : "76f84ae7-607f-4139-91a4-d5df3c967a4d", - "attributes" : { } - }, { - "id" : "d7e30a1b-f081-4c2c-937f-182bdb1a5f79", - "name" : "view-events", - "description" : "${role_view-events}", - "composite" : false, - "clientRole" : true, - "containerId" : "76f84ae7-607f-4139-91a4-d5df3c967a4d", - "attributes" : { } - }, { - "id" : "5a4b4c06-7dde-4b71-bd0d-d937ed1a8236", - "name" : "realm-admin", - "description" : "${role_realm-admin}", - "composite" : true, - "composites" : { - "client" : { - "realm-management" : [ "manage-clients", "create-client", "query-realms", "manage-realm", "manage-identity-providers", "view-authorization", "view-clients", "query-users", "query-groups", "query-clients", "view-events", "manage-events", "view-identity-providers", "view-users", "impersonation", "view-realm", "manage-authorization", "manage-users" ] - } - }, - "clientRole" : true, - "containerId" : "76f84ae7-607f-4139-91a4-d5df3c967a4d", - "attributes" : { } - }, { - "id" : "40dceb3f-ec22-4121-a92e-6015a975e5cd", - "name" : "manage-events", - "description" : "${role_manage-events}", - "composite" : false, - "clientRole" : true, - "containerId" : "76f84ae7-607f-4139-91a4-d5df3c967a4d", - "attributes" : { } - }, { - "id" : "30cccf7b-ca9d-4547-a8c1-29b879b3f6ea", - "name" : "view-identity-providers", - "description" : "${role_view-identity-providers}", - "composite" : false, - "clientRole" : true, - "containerId" : "76f84ae7-607f-4139-91a4-d5df3c967a4d", - "attributes" : { } - }, { - "id" : "05f46da5-92ee-4e37-a9ba-a9902b741591", - "name" : "view-users", - "description" : "${role_view-users}", - "composite" : true, - "composites" : { - "client" : { - "realm-management" : [ "query-users", "query-groups" ] - } - }, - "clientRole" : true, - "containerId" : "76f84ae7-607f-4139-91a4-d5df3c967a4d", - "attributes" : { } - }, { - "id" : "442267ed-520e-4cbe-aaf8-9091223c6b2d", - "name" : "impersonation", - "description" : "${role_impersonation}", - "composite" : false, - "clientRole" : true, - "containerId" : "76f84ae7-607f-4139-91a4-d5df3c967a4d", - "attributes" : { } - }, { - "id" : "a83e63c2-154b-45e0-8d3d-3e3578ddbec5", - "name" : "view-realm", - "description" : "${role_view-realm}", - "composite" : false, - "clientRole" : true, - "containerId" : "76f84ae7-607f-4139-91a4-d5df3c967a4d", - "attributes" : { } - }, { - "id" : "b75c33aa-8b43-43ac-afab-4b4bc5254726", - "name" : "manage-authorization", - "description" : "${role_manage-authorization}", - "composite" : false, - "clientRole" : true, - "containerId" : "76f84ae7-607f-4139-91a4-d5df3c967a4d", - "attributes" : { } - }, { - "id" : "68688f5f-7a04-4088-9ab8-4fb061f1857d", - "name" : "manage-users", - "description" : "${role_manage-users}", - "composite" : false, - "clientRole" : true, - "containerId" : "76f84ae7-607f-4139-91a4-d5df3c967a4d", - "attributes" : { } - } ], - "security-admin-console" : [ ], - "tapirweb" : [ { - "id" : "8c49c9b0-f388-4263-a5a1-fd829996e97e", - "name" : "uma_protection", - "composite" : false, - "clientRole" : true, - "containerId" : "261c3cbb-3d3e-43d4-b2e3-3db8a90ba352", - "attributes" : { } - } ], - "admin-cli" : [ ], - "account-console" : [ ], - "broker" : [ { - "id" : "74b2e455-d103-4c96-9741-294303654596", - "name" : "read-token", - "description" : "${role_read-token}", - "composite" : false, - "clientRole" : true, - "containerId" : "7f8c0f9c-2de3-4796-a049-d2a1759d570b", - "attributes" : { } - } ], - "account" : [ { - "id" : "04621b0a-aef2-425a-a2f4-d30c246cb471", - "name" : "view-groups", - "description" : "${role_view-groups}", - "composite" : false, - "clientRole" : true, - "containerId" : "8c0bca91-6612-42e4-b3e7-0c74a228f127", - "attributes" : { } - }, { - "id" : "643bc72b-c430-4c2c-8145-09d9364181d0", - "name" : "view-consent", - "description" : "${role_view-consent}", - "composite" : false, - "clientRole" : true, - "containerId" : "8c0bca91-6612-42e4-b3e7-0c74a228f127", - "attributes" : { } - }, { - "id" : "3ab2204a-6e14-4974-a438-13aa922c113b", - "name" : "manage-account", - "description" : "${role_manage-account}", - "composite" : true, - "composites" : { - "client" : { - "account" : [ "manage-account-links" ] - } - }, - "clientRole" : true, - "containerId" : "8c0bca91-6612-42e4-b3e7-0c74a228f127", - "attributes" : { } - }, { - "id" : "8bfab575-d99b-4754-baa4-4c618406216e", - "name" : "delete-account", - "description" : "${role_delete-account}", - "composite" : false, - "clientRole" : true, - "containerId" : "8c0bca91-6612-42e4-b3e7-0c74a228f127", - "attributes" : { } - }, { - "id" : "db0adfc4-af9c-42f6-8a84-9effffe57b71", - "name" : "manage-consent", - "description" : "${role_manage-consent}", - "composite" : true, - "composites" : { - "client" : { - "account" : [ "view-consent" ] - } - }, - "clientRole" : true, - "containerId" : "8c0bca91-6612-42e4-b3e7-0c74a228f127", - "attributes" : { } - }, { - "id" : "9b13f47b-bcff-45a2-9c96-d4a31618467e", - "name" : "view-applications", - "description" : "${role_view-applications}", - "composite" : false, - "clientRole" : true, - "containerId" : "8c0bca91-6612-42e4-b3e7-0c74a228f127", - "attributes" : { } - }, { - "id" : "e92b8cca-e74c-4deb-8d96-dc86a858848f", - "name" : "manage-account-links", - "description" : "${role_manage-account-links}", - "composite" : false, - "clientRole" : true, - "containerId" : "8c0bca91-6612-42e4-b3e7-0c74a228f127", - "attributes" : { } - }, { - "id" : "6df643f7-2b53-4751-a9d8-2c590ba7c19d", - "name" : "view-profile", - "description" : "${role_view-profile}", - "composite" : false, - "clientRole" : true, - "containerId" : "8c0bca91-6612-42e4-b3e7-0c74a228f127", - "attributes" : { } - } ] - } - }, - "groups" : [ ], - "defaultRole" : { - "id" : "c2680db5-730e-46fc-ae10-53e6534e4425", - "name" : "default-roles-tapir", - "description" : "${role_default-roles}", - "composite" : true, - "clientRole" : false, - "containerId" : "e96b3225-836e-41b9-aac2-f1edd9e40da7" - }, - "requiredCredentials" : [ "password" ], - "otpPolicyType" : "totp", - "otpPolicyAlgorithm" : "HmacSHA1", - "otpPolicyInitialCounter" : 0, - "otpPolicyDigits" : 6, - "otpPolicyLookAheadWindow" : 1, - "otpPolicyPeriod" : 30, - "otpPolicyCodeReusable" : false, - "otpSupportedApplications" : [ "totpAppGoogleName", "totpAppFreeOTPName" ], - "webAuthnPolicyRpEntityName" : "keycloak", - "webAuthnPolicySignatureAlgorithms" : [ "ES256" ], - "webAuthnPolicyRpId" : "", - "webAuthnPolicyAttestationConveyancePreference" : "not specified", - "webAuthnPolicyAuthenticatorAttachment" : "not specified", - "webAuthnPolicyRequireResidentKey" : "not specified", - "webAuthnPolicyUserVerificationRequirement" : "not specified", - "webAuthnPolicyCreateTimeout" : 0, - "webAuthnPolicyAvoidSameAuthenticatorRegister" : false, - "webAuthnPolicyAcceptableAaguids" : [ ], - "webAuthnPolicyPasswordlessRpEntityName" : "keycloak", - "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ], - "webAuthnPolicyPasswordlessRpId" : "", - "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified", - "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified", - "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified", - "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified", - "webAuthnPolicyPasswordlessCreateTimeout" : 0, - "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false, - "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ], - "users" : [ { - "id" : "f30b86b0-61be-4564-969f-e9dfdf719b71", - "createdTimestamp" : 1668017062420, - "username" : "demo", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "firstName" : "", - "lastName" : "", - "credentials" : [ { - "id" : "e66694d9-b6a7-4ed0-8d1f-5b63e0c856b0", - "type" : "password", - "userLabel" : "My password", - "createdDate" : 1668017124395, - "secretData" : "{\"value\":\"7ff5RPDaUErK6NSFjLhJcAgAh1VNCFQDrwsPeWlTXbgEzZKk2lsVUWBzLTrIfiGJL5MVeeH4UNs55Tq5k0Oyrw==\",\"salt\":\"lcDMkucOqgwuaePJjCU2Jg==\",\"additionalParameters\":{}}", - "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" - } ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "realmRoles" : [ "default-roles-tapir" ], - "notBefore" : 0, - "groups" : [ ] - }, { - "id" : "1f431641-bd72-4626-8c23-298f7c29b144", - "createdTimestamp" : 1668019014615, - "username" : "service-account-tapirweb", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "serviceAccountClientId" : "tapirweb", - "credentials" : [ ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "realmRoles" : [ "default-roles-tapir" ], - "clientRoles" : { - "tapirweb" : [ "uma_protection" ] - }, - "notBefore" : 0, - "groups" : [ ] - } ], - "scopeMappings" : [ { - "clientScope" : "offline_access", - "roles" : [ "offline_access" ] - } ], - "clientScopeMappings" : { - "account" : [ { - "client" : "account-console", - "roles" : [ "manage-account", "view-groups" ] - } ] - }, - "clients" : [ { - "id" : "8c0bca91-6612-42e4-b3e7-0c74a228f127", - "clientId" : "account", - "name" : "${client_account}", - "rootUrl" : "${authBaseUrl}", - "baseUrl" : "/realms/Tapir/account/", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ "/realms/Tapir/account/*" ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "post.logout.redirect.uris" : "+" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "9daee011-d7c6-4b53-9118-007e6a83d100", - "clientId" : "account-console", - "name" : "${client_account-console}", - "rootUrl" : "${authBaseUrl}", - "baseUrl" : "/realms/Tapir/account/", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ "/realms/Tapir/account/*" ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "post.logout.redirect.uris" : "+", - "pkce.code.challenge.method" : "S256" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "protocolMappers" : [ { - "id" : "ba1ee97c-bd1f-4f60-bf39-dc81cd10bc6d", - "name" : "audience resolve", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-audience-resolve-mapper", - "consentRequired" : false, - "config" : { } - } ], - "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "dfb1ac38-aff6-4aa9-9204-0f6ac6ec4bb8", - "clientId" : "admin-cli", - "name" : "${client_admin-cli}", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : false, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : true, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "7f8c0f9c-2de3-4796-a049-d2a1759d570b", - "clientId" : "broker", - "name" : "${client_broker}", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : true, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "76f84ae7-607f-4139-91a4-d5df3c967a4d", - "clientId" : "realm-management", - "name" : "${client_realm-management}", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : true, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "2cf716c7-de23-4105-b446-6cfc3635f543", - "clientId" : "security-admin-console", - "name" : "${client_security-admin-console}", - "rootUrl" : "${authAdminUrl}", - "baseUrl" : "/admin/Tapir/console/", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ "/admin/Tapir/console/*" ], - "webOrigins" : [ "+" ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "post.logout.redirect.uris" : "+", - "pkce.code.challenge.method" : "S256" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "protocolMappers" : [ { - "id" : "a45e48d9-68ad-4972-aeef-07eaf2bfa113", - "name" : "locale", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "locale", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "locale", - "jsonType.label" : "String" - } - } ], - "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "261c3cbb-3d3e-43d4-b2e3-3db8a90ba352", - "clientId" : "tapirweb", - "name" : "Tapir Web", - "description" : "", - "rootUrl" : "", - "adminUrl" : "", - "baseUrl" : "", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "c7cV4p1vDVEYFFgoJ3Ji356LLx5zFMgi", - "redirectUris" : [ "https://www.keycloak.org/app/*" ], - "webOrigins" : [ "https://www.keycloak.org/" ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : true, - "serviceAccountsEnabled" : true, - "authorizationServicesEnabled" : true, - "publicClient" : false, - "frontchannelLogout" : true, - "protocol" : "openid-connect", - "attributes" : { - "client.secret.creation.time" : "1668019014", - "oauth2.device.authorization.grant.enabled" : "false", - "backchannel.logout.revoke.offline.tokens" : "false", - "use.refresh.tokens" : "true", - "tls-client-certificate-bound-access-tokens" : "false", - "oidc.ciba.grant.enabled" : "false", - "backchannel.logout.session.required" : "true", - "client_credentials.use_refresh_token" : "false", - "acr.loa.map" : "{}", - "require.pushed.authorization.requests" : "false", - "display.on.consent.screen" : "false", - "token.response.type.bearer.lower-case" : "false" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : true, - "nodeReRegistrationTimeout" : -1, - "protocolMappers" : [ { - "id" : "e61e668d-90f6-42da-917a-88ee53ceb4ca", - "name" : "Client Host", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usersessionmodel-note-mapper", - "consentRequired" : false, - "config" : { - "user.session.note" : "clientHost", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "clientHost", - "jsonType.label" : "String" - } - }, { - "id" : "fdaf358a-9fe1-460d-bc15-6967decbd60e", - "name" : "Client IP Address", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usersessionmodel-note-mapper", - "consentRequired" : false, - "config" : { - "user.session.note" : "clientAddress", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "clientAddress", - "jsonType.label" : "String" - } - }, { - "id" : "1d609748-7ff0-4b7e-b6d9-0f11bcf6b6bf", - "name" : "Client ID", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usersessionmodel-note-mapper", - "consentRequired" : false, - "config" : { - "user.session.note" : "clientId", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "clientId", - "jsonType.label" : "String" - } - } ], - "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ], - "authorizationSettings" : { - "allowRemoteResourceManagement" : true, - "policyEnforcementMode" : "ENFORCING", - "resources" : [ { - "name" : "Default Resource", - "type" : "urn:tapirweb:resources:default", - "ownerManagedAccess" : false, - "attributes" : { }, - "_id" : "45e47399-e388-4ee4-8507-16ffe562d226", - "uris" : [ "/*" ] - } ], - "policies" : [ { - "id" : "7e19249e-f55d-4c2d-978a-7a29d0c45f67", - "name" : "Default Policy", - "description" : "A policy that grants access only for users within this realm", - "type" : "js", - "logic" : "POSITIVE", - "decisionStrategy" : "AFFIRMATIVE", - "config" : { - "code" : "// by default, grants any permission associated with this policy\n$evaluation.grant();\n" - } - }, { - "id" : "efb9d6b4-a943-46ea-9a31-3fcd9ede681f", - "name" : "Default Permission", - "description" : "A permission that applies to the default resource type", - "type" : "resource", - "logic" : "POSITIVE", - "decisionStrategy" : "UNANIMOUS", - "config" : { - "defaultResourceType" : "urn:tapirweb:resources:default", - "applyPolicies" : "[\"Default Policy\"]" - } - } ], - "scopes" : [ ], - "decisionStrategy" : "UNANIMOUS" - } - } ], - "clientScopes" : [ { - "id" : "d9f03ebc-4cb1-45c7-b84e-ebb7bf7b6e43", - "name" : "role_list", - "description" : "SAML role list", - "protocol" : "saml", - "attributes" : { - "consent.screen.text" : "${samlRoleListScopeConsentText}", - "display.on.consent.screen" : "true" - }, - "protocolMappers" : [ { - "id" : "d4b76cf2-2723-4eff-8d4d-40104b74f594", - "name" : "role list", - "protocol" : "saml", - "protocolMapper" : "saml-role-list-mapper", - "consentRequired" : false, - "config" : { - "single" : "false", - "attribute.nameformat" : "Basic", - "attribute.name" : "Role" - } - } ] - }, { - "id" : "28b4ae29-0392-4e5c-9213-d2304546d6bc", - "name" : "profile", - "description" : "OpenID Connect built-in scope: profile", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${profileScopeConsentText}" - }, - "protocolMappers" : [ { - "id" : "99e0d088-cffb-456d-a4a8-303ccf342168", - "name" : "picture", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "picture", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "picture", - "jsonType.label" : "String" - } - }, { - "id" : "b5a3e4e7-a4d9-4068-a688-b35ce36ad90d", - "name" : "website", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "website", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "website", - "jsonType.label" : "String" - } - }, { - "id" : "657ad50c-1569-4e2b-8863-a0fc64d3b0ac", - "name" : "updated at", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "updatedAt", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "updated_at", - "jsonType.label" : "long" - } - }, { - "id" : "cfb5a9f9-77e3-46ef-baca-e90b924130c2", - "name" : "family name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "lastName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "family_name", - "jsonType.label" : "String" - } - }, { - "id" : "a0b8986d-f877-4d0d-8938-49603c93d0ed", - "name" : "given name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "firstName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "given_name", - "jsonType.label" : "String" - } - }, { - "id" : "2f4d670b-0b14-494b-baac-b729884e43cd", - "name" : "full name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-full-name-mapper", - "consentRequired" : false, - "config" : { - "id.token.claim" : "true", - "access.token.claim" : "true", - "userinfo.token.claim" : "true" - } - }, { - "id" : "b60636df-ad0c-4a04-8467-88fe20b6d01e", - "name" : "username", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "username", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "preferred_username", - "jsonType.label" : "String" - } - }, { - "id" : "53207a5e-8792-4e92-9454-bde3cd126026", - "name" : "locale", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "locale", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "locale", - "jsonType.label" : "String" - } - }, { - "id" : "032893c5-cead-458a-a700-4f01828c68a5", - "name" : "middle name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "middleName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "middle_name", - "jsonType.label" : "String" - } - }, { - "id" : "107c22f6-e630-418c-b357-fd38773f544f", - "name" : "zoneinfo", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "zoneinfo", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "zoneinfo", - "jsonType.label" : "String" - } - }, { - "id" : "cb7048ca-2d86-4684-8d6c-ffbc92a9e6e0", - "name" : "gender", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "gender", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "gender", - "jsonType.label" : "String" - } - }, { - "id" : "aac32f17-3c81-4013-a51f-dd770653574d", - "name" : "nickname", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "nickname", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "nickname", - "jsonType.label" : "String" - } - }, { - "id" : "c4fa892e-0d5c-4591-ae85-f9c19b644dc5", - "name" : "birthdate", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "birthdate", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "birthdate", - "jsonType.label" : "String" - } - }, { - "id" : "731ab44a-a575-43cc-8ff5-f9463d2e07fc", - "name" : "profile", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "profile", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "profile", - "jsonType.label" : "String" - } - } ] - }, { - "id" : "5ced7abf-1af7-4b39-9499-71594a8e7738", - "name" : "email", - "description" : "OpenID Connect built-in scope: email", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${emailScopeConsentText}" - }, - "protocolMappers" : [ { - "id" : "560258ff-f380-4fdb-ad5f-82f1af7fb347", - "name" : "email verified", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "emailVerified", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "email_verified", - "jsonType.label" : "boolean" - } - }, { - "id" : "e178adb8-baa3-403e-b810-68847fec83ee", - "name" : "email", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "email", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "email", - "jsonType.label" : "String" - } - } ] - }, { - "id" : "c574c80e-f763-4162-9b73-77ddcb742788", - "name" : "microprofile-jwt", - "description" : "Microprofile - JWT built-in scope", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "false" - }, - "protocolMappers" : [ { - "id" : "db486fd1-6cf0-48e6-a847-ba3be55738f7", - "name" : "upn", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "username", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "upn", - "jsonType.label" : "String" - } - }, { - "id" : "c5faad56-4d89-43ad-98a9-1fb9cec1d35a", - "name" : "groups", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-realm-role-mapper", - "consentRequired" : false, - "config" : { - "multivalued" : "true", - "user.attribute" : "foo", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "groups", - "jsonType.label" : "String" - } - } ] - }, { - "id" : "2498ee3e-ff43-4add-91b6-a7059545edbc", - "name" : "address", - "description" : "OpenID Connect built-in scope: address", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${addressScopeConsentText}" - }, - "protocolMappers" : [ { - "id" : "77138603-0845-461d-b044-99a1cf570b33", - "name" : "address", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-address-mapper", - "consentRequired" : false, - "config" : { - "user.attribute.formatted" : "formatted", - "user.attribute.country" : "country", - "user.attribute.postal_code" : "postal_code", - "userinfo.token.claim" : "true", - "user.attribute.street" : "street", - "id.token.claim" : "true", - "user.attribute.region" : "region", - "access.token.claim" : "true", - "user.attribute.locality" : "locality" - } - } ] - }, { - "id" : "afddc3d6-4acb-4f2c-b5b0-27a37663be7a", - "name" : "roles", - "description" : "OpenID Connect scope for add user roles to the access token", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "false", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${rolesScopeConsentText}" - }, - "protocolMappers" : [ { - "id" : "77c49d4a-981e-4137-b337-01447cd92cd8", - "name" : "realm roles", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-realm-role-mapper", - "consentRequired" : false, - "config" : { - "user.attribute" : "foo", - "access.token.claim" : "true", - "claim.name" : "realm_access.roles", - "jsonType.label" : "String", - "multivalued" : "true" - } - }, { - "id" : "b639cefd-b847-4d21-a46e-3229abc9fff4", - "name" : "audience resolve", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-audience-resolve-mapper", - "consentRequired" : false, - "config" : { } - }, { - "id" : "8c3ed4ef-5a0b-4a06-9844-467b56f8c37a", - "name" : "client roles", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-client-role-mapper", - "consentRequired" : false, - "config" : { - "user.attribute" : "foo", - "access.token.claim" : "true", - "claim.name" : "resource_access.${client_id}.roles", - "jsonType.label" : "String", - "multivalued" : "true" - } - } ] - }, { - "id" : "dc65d38f-2687-4c96-8e9f-80f6d250c72b", - "name" : "web-origins", - "description" : "OpenID Connect scope for add allowed web origins to the access token", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "false", - "display.on.consent.screen" : "false", - "consent.screen.text" : "" - }, - "protocolMappers" : [ { - "id" : "71d90df6-fece-441d-9f2d-161cd2755192", - "name" : "allowed web origins", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-allowed-origins-mapper", - "consentRequired" : false, - "config" : { } - } ] - }, { - "id" : "7ab0d9eb-191e-410f-aff6-35b4bd92c52f", - "name" : "acr", - "description" : "OpenID Connect scope for add acr (authentication context class reference) to the token", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "false", - "display.on.consent.screen" : "false" - }, - "protocolMappers" : [ { - "id" : "558304dd-b744-4159-9526-fd1561d3876b", - "name" : "acr loa level", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-acr-mapper", - "consentRequired" : false, - "config" : { - "id.token.claim" : "true", - "access.token.claim" : "true" - } - } ] - }, { - "id" : "39c94ae7-350e-4db1-bf59-cee583bfedab", - "name" : "offline_access", - "description" : "OpenID Connect built-in scope: offline_access", - "protocol" : "openid-connect", - "attributes" : { - "consent.screen.text" : "${offlineAccessScopeConsentText}", - "display.on.consent.screen" : "true" - } - }, { - "id" : "989e77e6-a9d0-44bc-ba1e-4076d44d9e1e", - "name" : "phone", - "description" : "OpenID Connect built-in scope: phone", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${phoneScopeConsentText}" - }, - "protocolMappers" : [ { - "id" : "82ed1e95-6d16-4c1d-af0d-18b953011233", - "name" : "phone number", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "phoneNumber", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "phone_number", - "jsonType.label" : "String" - } - }, { - "id" : "567116e5-684c-4741-83f6-dc31c11f364f", - "name" : "phone number verified", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "phoneNumberVerified", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "phone_number_verified", - "jsonType.label" : "boolean" - } - } ] - } ], - "defaultDefaultClientScopes" : [ "role_list", "profile", "email", "roles", "web-origins", "acr" ], - "defaultOptionalClientScopes" : [ "offline_access", "address", "phone", "microprofile-jwt" ], - "browserSecurityHeaders" : { - "contentSecurityPolicyReportOnly" : "", - "xContentTypeOptions" : "nosniff", - "xRobotsTag" : "none", - "xFrameOptions" : "SAMEORIGIN", - "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - "xXSSProtection" : "1; mode=block", - "strictTransportSecurity" : "max-age=31536000; includeSubDomains" - }, - "smtpServer" : { }, - "eventsEnabled" : false, - "eventsListeners" : [ "jboss-logging" ], - "enabledEventTypes" : [ ], - "adminEventsEnabled" : false, - "adminEventsDetailsEnabled" : false, - "identityProviders" : [ ], - "identityProviderMappers" : [ ], - "components" : { - "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ { - "id" : "fbbfd09a-53ac-4051-8699-9ac76c4e3fc5", - "name" : "Full Scope Disabled", - "providerId" : "scope", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { } - }, { - "id" : "8a0e4c0f-b414-4694-b571-defbf572b676", - "name" : "Allowed Protocol Mapper Types", - "providerId" : "allowed-protocol-mappers", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "allowed-protocol-mapper-types" : [ "oidc-usermodel-property-mapper", "saml-role-list-mapper", "oidc-usermodel-attribute-mapper", "oidc-full-name-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-attribute-mapper", "saml-user-property-mapper", "oidc-address-mapper" ] - } - }, { - "id" : "97990496-801c-461e-a28e-ce26eeed96cf", - "name" : "Consent Required", - "providerId" : "consent-required", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { } - }, { - "id" : "8f8d0345-a8ea-4c26-9c10-c26e8ab6dc20", - "name" : "Allowed Client Scopes", - "providerId" : "allowed-client-templates", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "allow-default-scopes" : [ "true" ] - } - }, { - "id" : "fa789aa7-229b-4c4a-9723-58b867a88c5c", - "name" : "Trusted Hosts", - "providerId" : "trusted-hosts", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "host-sending-registration-request-must-match" : [ "true" ], - "client-uris-must-match" : [ "true" ] - } - }, { - "id" : "2e0dff6f-a923-4cb4-8b1d-739bdc83dba1", - "name" : "Allowed Client Scopes", - "providerId" : "allowed-client-templates", - "subType" : "authenticated", - "subComponents" : { }, - "config" : { - "allow-default-scopes" : [ "true" ] - } - }, { - "id" : "153102d1-7fe7-4586-8ad0-2037516ba215", - "name" : "Max Clients Limit", - "providerId" : "max-clients", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "max-clients" : [ "200" ] - } - }, { - "id" : "37247755-9771-4a86-bcd5-043c07ee84b7", - "name" : "Allowed Protocol Mapper Types", - "providerId" : "allowed-protocol-mappers", - "subType" : "authenticated", - "subComponents" : { }, - "config" : { - "allowed-protocol-mapper-types" : [ "oidc-address-mapper", "oidc-usermodel-attribute-mapper", "saml-role-list-mapper", "saml-user-attribute-mapper", "saml-user-property-mapper", "oidc-usermodel-property-mapper", "oidc-full-name-mapper", "oidc-sha256-pairwise-sub-mapper" ] - } - } ], - "org.keycloak.keys.KeyProvider" : [ { - "id" : "4ba512ce-1edc-4f24-a361-45dfd36ba610", - "name" : "aes-generated", - "providerId" : "aes-generated", - "subComponents" : { }, - "config" : { - "kid" : [ "4b71927b-a38d-445c-bf6c-adb0619804d0" ], - "secret" : [ "g5kZcwrjF8GhOPy_6hZx_A" ], - "priority" : [ "100" ] - } - }, { - "id" : "87e1546f-cdf2-451b-8e4d-96c9fd443552", - "name" : "hmac-generated", - "providerId" : "hmac-generated", - "subComponents" : { }, - "config" : { - "kid" : [ "a0556e21-74d8-44d5-af04-f66bed9f59cf" ], - "secret" : [ "ic5qiIP_F8SWBH9n3dXdUEcTtMT86pq-28jh2NUeFJfRleSa6F1bQD6tXddho8VNXpVScjuzSBwH2CjNxyAkxg" ], - "priority" : [ "100" ], - "algorithm" : [ "HS256" ] - } - }, { - "id" : "ac87db63-2912-42ca-ad9f-b8b93671a68b", - "name" : "rsa-generated", - "providerId" : "rsa-generated", - "subComponents" : { }, - "config" : { - "privateKey" : [ "MIIEowIBAAKCAQEAvfWRrjoobGggTN3bsS9cfpGobY+tYIs3zsR8jknb9iNerV4Q1tctso2P5lQRrfpqQyY/AUN/HdANz0fTXXR5SUioTNJGvCYCbkrc6y4c+C6HebHV1Be4Mumgb8/O81j3ys28CzCxeuGXtTme1io96nF+m7U+5fjcbovAeHYh1JeSGQyHRHJqBTWPGmMBV6yMsRx943nkCTL6fMgFWNlSMPHAXlQCM0DWFDhqpf0RQjV48OBT9rBS99uCXAoMOzzryAFP3iL6Y4uEF9iH+a5KbBdhU1iH7dg2Lqzi+8nCS0koanlDpkBtS1MkFwfxeaQ3Bt8XKnsn1VFVQE5RfHnKYwIDAQABAoIBAAEINCBo25Xf5TtGhYt83oRZIywPzysrESHBeuqaLj+tVUEhggJIGn5pYmT2ZB/HHELqB3KaLadMhcBegQNYPfqpRfcyAWA4MMB4oeqMPX4s2jCTXE3ll2jb0vGy9PUIVLf2sirxpFWhPA0hWbR5K2t0poXSWCKRkTQuevvcR/RDgQfyGnZ6WBQ8NK0c6iU2oImXs84J9B1wwADx/XYLpyFfmWLoQp3bnbSsDBR9INSpg/QXDiZ5xqxma0I+44uYofe9WXRo0CJs2X135t4ROe1iJ3FS3t1yU7lKznZ15o27C8dEYD5z0kvknymwsaCvkzoS47eHDH2f5Y3/VYd7TkkCgYEA4YwMtv/zYnVyWixTX2jPdBqDyr2Yibf2T8kTiEYsh0JnVVAJt2ZIB2uyNaRJ7//7yGEnUiHjd4R0i/G00G4O+4mMWCckw4OEZl2W730GpV2tpnSOuS+0SgnU4DDILTEDsUHcJIaBiKqmY4TtaUNv9jRYAqmknP3UcHFQz9ElYhsCgYEA15twmd6dskysiM1bo7U0049UMXbLOZ30nrx9FMOee3JvIYn3/W6ZhbO4Sof60rm8kutRDKNGeLkvChGg7unHbpKwlCO7WxNDY2Dlnx5h7t/ZGdd3yl1k9+CM/A+SPO1gjZTQ6VluZZYoN+rZVkXGYCRmrL8UBUvfcPv8xLXy/VkCgYAnGH+buQIXLwSDXOuWvjQ3i+EMY5DtTlYDvncESCWvzHLc9uK4R6J0ptZdNf0a/ORH9485TWaAcRVCrMMK3gj60PziyuY0fbeVhuOC38knIPXYxJt4viwiKVIdCleofbaGI0RlkGsjpXDyDziX5nih1LDsxTsje1w3oWzAmSBBwQKBgQCQ/LdY0aoMJ6FykV5JlWaDygOdC7yX7097m1clqnKdoxN2Y1g/tatJjNSmUhDqufpEdjfXnsiaEDXAuKAXaWAyTDSwOeMY2LhdUOC5Au5qe198EDg+/lUSl49XRYVasWpXazadZQVnDPXYvHYQnPVM282r5waolSAZ02pkQdK4aQKBgE4DEum2O441yxRTtl09TXTkqoYvrRlwetjnWzgMIS7oDXMy3+1Epjut6v/73Fd4SxfbzblEekFGP/Y9RQbhjICZAIhqpDiBaJ2dWdEEDuhRhMYvnXCeNlVW1Lz0FpBVm9qMUHfRm7aAyS4PSPaFHFNYZOUiT1Ln9BCdTZ7yC3qG" ], - "keyUse" : [ "SIG" ], - "certificate" : [ "MIICmTCCAYECBgGEXYRFATANBgkqhkiG9w0BAQsFADAQMQ4wDAYDVQQDDAVUYXBpcjAeFw0yMjExMDkxNzQ5MjBaFw0zMjExMDkxNzUxMDBaMBAxDjAMBgNVBAMMBVRhcGlyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvfWRrjoobGggTN3bsS9cfpGobY+tYIs3zsR8jknb9iNerV4Q1tctso2P5lQRrfpqQyY/AUN/HdANz0fTXXR5SUioTNJGvCYCbkrc6y4c+C6HebHV1Be4Mumgb8/O81j3ys28CzCxeuGXtTme1io96nF+m7U+5fjcbovAeHYh1JeSGQyHRHJqBTWPGmMBV6yMsRx943nkCTL6fMgFWNlSMPHAXlQCM0DWFDhqpf0RQjV48OBT9rBS99uCXAoMOzzryAFP3iL6Y4uEF9iH+a5KbBdhU1iH7dg2Lqzi+8nCS0koanlDpkBtS1MkFwfxeaQ3Bt8XKnsn1VFVQE5RfHnKYwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBaP09s3OV9eQd5/6Q0hATSx0P1aAxC4rgV64/Vhs+Q5kQ5KAPdjLGRG1kj9n3QyO2qvKzbcFtpXad3kAMWVflKXcCvxToCFGG6p+PR8DwZjTlNXB7shkuv2FLqNbjrkQ1K9jvz2TotMaoBSG4nGDIf8Bl4Cc7RKn0OAlPxhRgxR/e0JVs02ZVO3HL2YzRpsl+y4J7ta7hOehCPVGB4DvYFKCWP62RD0a9EuX9jr6Dd0TdeOeY1kE8Nbjtn6foRD40VdHPadgKQ+VuncX41ilhFtGaQOcpTWSwpomPzptCiCds1wZbRM7V335q4xIWqzVv/sUMhgRK2YRyfWA5fHN8Z" ], - "priority" : [ "100" ] - } - }, { - "id" : "0030c663-a4a1-4fd0-b7f7-393f3f4585c9", - "name" : "rsa-enc-generated", - "providerId" : "rsa-enc-generated", - "subComponents" : { }, - "config" : { - "privateKey" : [ "MIIEpAIBAAKCAQEAqpq5dxdBUPnxiZgH/cbupd2fFj/WC8UlzZfUYjxcqUgYFs1vPXh/JSLPUR6t655VCdtW4TQyf3V3rK/XsA75AALkOHw2WKuAqT1USnLb5v4hKXf6S9/4xBjZtIO/9NXl6PygNhI7o2Z1y6BRTc2ksy2xhNHqBI1h75crgq4DxGGxKSknrok6mgZb0xVMaGfqcvKReEWuSDSfXc0An2EUlsOv3N9YhyK/dsV70gbtvjeHv86DvFcIbu9KXueippXRjd2uEuZSxknhSbP9EjLaTqTQchNqHqHOHmDS7UxZJHlI5E5NP1C/HryY8o+75vxSGiITgll7vcB5nvsI9G7kEwIDAQABAoIBAEQhXgeNJexspGTKbgaOtydOBgYgoB47MQmVpJ9Gc8q2m8gfalkmEcCG0jwXAGWj6VnyWhO9gJ0eEBjKcFxC3nV+sh1MnXdzpgHwGAVTMTZiLmQdIbvDSdkmA2rvYm0oLpSIroJpbZ+nf0s+Trm/chKMIORl4ArJW18PA7VAQQjfQ51DOFmJWzf3R3o/3qqEs4hvKT813a/N0UUUenfRRdQIjAsd9UfscC2snoStbFcMPkrmdtBiSU8cMklAkCrkf0hlzR7ygInEAiLUWQ2/BEvY7jR2rf7LlpDzsijF6KAFf1hDiKEjJ+SdMCBvpzReRW1y1TWDSScZMj+GzoATMGECgYEA148T31C2MeajH/d1n4QvzuEYapRHSHAJXdoGJbA0mAVlvV+7Vb43Tqq2vK+ZVR1TLvTiX8ebLPvR+oUNytLW7msKbB4VvlBOsMsKfGFA7Mv8iCVBJQczTZD/20lJj3R/5oE2fwS5mWt9LrZ3fdMMwPpp/2l9nUEqqes3NL9C3Y0CgYEAypyPONN/fji+NOrtpOLvKDxB+a1X/LJ04VCzVftiMLCu+dkHDczGvVh45JqziwwXRoeAVQfvDmq6E0UlJXVAGTL5O+Jt6ORFfYF0cwQMKUQ9XuaxxXzoj7BLxRXnxwIKDuAcX+M5glov1e6gt3wnB5l51676yqBmxNt3oZcCUB8CgYEAvYTaH/lCdtUkjrJvA/SgY++cG/iKQ7HdSlqqFPC7DP2R2dIVTumSjuOhDnwE/8RsolhDv5orYH12vB/HZI/C0JPj8fLxgwXwaZfafEi1YHxoZvr6L6gI/yWBDjd9KVdwLCVm2H47ABx1T2C15jZsfC6uixUgj+X/sK1ROFsAWvECgYEAg/zrXCSDSHGkjwp/10syau6eOA1RZT/H3kPZH+kMNRXUVtSnwLimuxBYaOvSjIFK5Fo/IqVxeN3T69u+cCFqqT/IltdRrEaQcksT1h1L4tIefKUiJ7nQMlKxeWlkvQK6FKiwM1Lt0tn3kZDLR9xr/IphkjzeCYPmjtU9oJmkGxcCgYA10htQxTFf0CKBYJKpFPYasO6Crjniu9fZpTr9lp+xinSBCZfv/33XXg2n5rJ0qk59g3OWkmWEHT39YX7mTuj0g3lYCgsQi7umfUGWj9vCg1xLOsU+/3ODwYR+RNCzY+4x9tX5dOPAkChb2BGORPger0qOxYx/s4Z5/KqDG6Ff7g==" ], - "keyUse" : [ "ENC" ], - "certificate" : [ "MIICmTCCAYECBgGEXYRFbDANBgkqhkiG9w0BAQsFADAQMQ4wDAYDVQQDDAVUYXBpcjAeFw0yMjExMDkxNzQ5MjBaFw0zMjExMDkxNzUxMDBaMBAxDjAMBgNVBAMMBVRhcGlyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqpq5dxdBUPnxiZgH/cbupd2fFj/WC8UlzZfUYjxcqUgYFs1vPXh/JSLPUR6t655VCdtW4TQyf3V3rK/XsA75AALkOHw2WKuAqT1USnLb5v4hKXf6S9/4xBjZtIO/9NXl6PygNhI7o2Z1y6BRTc2ksy2xhNHqBI1h75crgq4DxGGxKSknrok6mgZb0xVMaGfqcvKReEWuSDSfXc0An2EUlsOv3N9YhyK/dsV70gbtvjeHv86DvFcIbu9KXueippXRjd2uEuZSxknhSbP9EjLaTqTQchNqHqHOHmDS7UxZJHlI5E5NP1C/HryY8o+75vxSGiITgll7vcB5nvsI9G7kEwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQB7DHyAKK2Zm2Q1tHgs8bVToRwkerp6CKI6H3RCJAAbNpaONSPZPEEVMARgvQsp39cKuQ9w6GV+soNT/Y8q5QU5bjt3TPXK/m42RcskeVQZNElYszQSbnG0jLYc+R9d5GxuXxhYgiZtwq6ZmUmlPAWifZcq8p+l1F4wxUM/lBZ64D3kPby1eQxVQSuOo3tT5LpnvvsprQuXqx/Qibd4KoFqJmTV46Q/Yvs9ijB5aoBo6rxWU5DcTLm90iAIignNyFV3OPFbPMnDo+dqHzUldIlN1BnjshxqInOe1Rl86E2+UO/OL/oO254e53HfMKtQ4yDkKB7BK9Gnz6IFuvPhGIfr" ], - "priority" : [ "100" ], - "algorithm" : [ "RSA-OAEP" ] - } - } ] - }, - "internationalizationEnabled" : false, - "supportedLocales" : [ ], - "authenticationFlows" : [ { - "id" : "e9b75869-01dd-4956-8094-a609c0928815", - "alias" : "Account verification options", - "description" : "Method with which to verity the existing account", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "idp-email-verification", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "ALTERNATIVE", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "Verify Existing Account by Re-authentication", - "userSetupAllowed" : false - } ] - }, { - "id" : "52ab5701-80b9-4fe9-ad50-34fc892c98d3", - "alias" : "Authentication Options", - "description" : "Authentication options.", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "basic-auth", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "basic-auth-otp", - "authenticatorFlow" : false, - "requirement" : "DISABLED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "auth-spnego", - "authenticatorFlow" : false, - "requirement" : "DISABLED", - "priority" : 30, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "77c269f8-eefb-4c3c-9251-c25fd54ba90f", - "alias" : "Browser - Conditional OTP", - "description" : "Flow to determine if the OTP is required for the authentication", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "auth-otp-form", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "49f3ac92-7813-4096-b9d8-b272b5448f79", - "alias" : "Direct Grant - Conditional OTP", - "description" : "Flow to determine if the OTP is required for the authentication", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "direct-grant-validate-otp", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "5368bf15-aede-427d-be78-4871c125183f", - "alias" : "First broker login - Conditional OTP", - "description" : "Flow to determine if the OTP is required for the authentication", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "auth-otp-form", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "68cd0e16-5e6e-4d71-af6c-0b46162cff81", - "alias" : "Handle Existing Account", - "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "idp-confirm-link", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "Account verification options", - "userSetupAllowed" : false - } ] - }, { - "id" : "aff649a8-0986-4eb3-98d0-78b26554c4f5", - "alias" : "Reset - Conditional OTP", - "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "reset-otp", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "502f331d-e02e-4ffc-b5a0-aef7bab016a0", - "alias" : "User creation or linking", - "description" : "Flow for the existing/non-existing user alternatives", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticatorConfig" : "create unique user config", - "authenticator" : "idp-create-user-if-unique", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "ALTERNATIVE", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "Handle Existing Account", - "userSetupAllowed" : false - } ] - }, { - "id" : "aeb8c6e1-145f-425c-9d49-37a3b72b966d", - "alias" : "Verify Existing Account by Re-authentication", - "description" : "Reauthentication of existing account", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "idp-username-password-form", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "CONDITIONAL", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "First broker login - Conditional OTP", - "userSetupAllowed" : false - } ] - }, { - "id" : "3e8f92b4-c951-4230-a2df-e0637717d183", - "alias" : "browser", - "description" : "browser based authentication", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "auth-cookie", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "auth-spnego", - "authenticatorFlow" : false, - "requirement" : "DISABLED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "identity-provider-redirector", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 25, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "ALTERNATIVE", - "priority" : 30, - "autheticatorFlow" : true, - "flowAlias" : "forms", - "userSetupAllowed" : false - } ] - }, { - "id" : "365f931b-6d85-48a2-a7e7-ed281939906d", - "alias" : "clients", - "description" : "Base authentication for clients", - "providerId" : "client-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "client-secret", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "client-jwt", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "client-secret-jwt", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 30, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "client-x509", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 40, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "ce38766a-0611-42cb-a621-644edfddc0ab", - "alias" : "direct grant", - "description" : "OpenID Connect Resource Owner Grant", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "direct-grant-validate-username", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "direct-grant-validate-password", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "CONDITIONAL", - "priority" : 30, - "autheticatorFlow" : true, - "flowAlias" : "Direct Grant - Conditional OTP", - "userSetupAllowed" : false - } ] - }, { - "id" : "d363245e-51ea-46f8-98ec-5fd38fb87a72", - "alias" : "docker auth", - "description" : "Used by Docker clients to authenticate against the IDP", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "docker-http-basic-authenticator", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "eb259e2b-fb72-403f-91d5-197408f49494", - "alias" : "first broker login", - "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticatorConfig" : "review profile config", - "authenticator" : "idp-review-profile", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "User creation or linking", - "userSetupAllowed" : false - } ] - }, { - "id" : "88770d13-34bb-4b90-9c64-0e6c43cadd0b", - "alias" : "forms", - "description" : "Username, password, otp and other auth forms.", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "auth-username-password-form", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "CONDITIONAL", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "Browser - Conditional OTP", - "userSetupAllowed" : false - } ] - }, { - "id" : "27279902-9d42-44d8-92f8-ff36ef8ecded", - "alias" : "http challenge", - "description" : "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "no-cookie-redirect", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "Authentication Options", - "userSetupAllowed" : false - } ] - }, { - "id" : "aae3efd1-5cf3-4503-a55d-3f35400845a2", - "alias" : "registration", - "description" : "registration flow", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "registration-page-form", - "authenticatorFlow" : true, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : true, - "flowAlias" : "registration form", - "userSetupAllowed" : false - } ] - }, { - "id" : "f35d4813-d46a-4f21-987c-64b1962ddef4", - "alias" : "registration form", - "description" : "registration form", - "providerId" : "form-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "registration-user-creation", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "registration-profile-action", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 40, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "registration-password-action", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 50, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "registration-recaptcha-action", - "authenticatorFlow" : false, - "requirement" : "DISABLED", - "priority" : 60, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "d64bc855-5175-4f6c-aaed-ebdfb2faaeb8", - "alias" : "reset credentials", - "description" : "Reset credentials for a user if they forgot their password or something", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "reset-credentials-choose-user", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "reset-credential-email", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "reset-password", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 30, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "CONDITIONAL", - "priority" : 40, - "autheticatorFlow" : true, - "flowAlias" : "Reset - Conditional OTP", - "userSetupAllowed" : false - } ] - }, { - "id" : "3795d0a0-290b-4bfa-a1ef-67db986ba54c", - "alias" : "saml ecp", - "description" : "SAML ECP Profile Authentication Flow", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "http-basic-authenticator", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - } ], - "authenticatorConfig" : [ { - "id" : "8eb0c3ab-086b-4ee5-8d32-51df6e384225", - "alias" : "create unique user config", - "config" : { - "require.password.update.after.registration" : "false" - } - }, { - "id" : "0198a62d-dee4-431c-806d-36fce267a768", - "alias" : "review profile config", - "config" : { - "update.profile.on.first.login" : "missing" - } - } ], - "requiredActions" : [ { - "alias" : "CONFIGURE_TOTP", - "name" : "Configure OTP", - "providerId" : "CONFIGURE_TOTP", - "enabled" : true, - "defaultAction" : false, - "priority" : 10, - "config" : { } - }, { - "alias" : "terms_and_conditions", - "name" : "Terms and Conditions", - "providerId" : "terms_and_conditions", - "enabled" : false, - "defaultAction" : false, - "priority" : 20, - "config" : { } - }, { - "alias" : "UPDATE_PASSWORD", - "name" : "Update Password", - "providerId" : "UPDATE_PASSWORD", - "enabled" : true, - "defaultAction" : false, - "priority" : 30, - "config" : { } - }, { - "alias" : "UPDATE_PROFILE", - "name" : "Update Profile", - "providerId" : "UPDATE_PROFILE", - "enabled" : true, - "defaultAction" : false, - "priority" : 40, - "config" : { } - }, { - "alias" : "VERIFY_EMAIL", - "name" : "Verify Email", - "providerId" : "VERIFY_EMAIL", - "enabled" : true, - "defaultAction" : false, - "priority" : 50, - "config" : { } - }, { - "alias" : "delete_account", - "name" : "Delete Account", - "providerId" : "delete_account", - "enabled" : false, - "defaultAction" : false, - "priority" : 60, - "config" : { } - }, { - "alias" : "webauthn-register", - "name" : "Webauthn Register", - "providerId" : "webauthn-register", - "enabled" : true, - "defaultAction" : false, - "priority" : 70, - "config" : { } - }, { - "alias" : "webauthn-register-passwordless", - "name" : "Webauthn Register Passwordless", - "providerId" : "webauthn-register-passwordless", - "enabled" : true, - "defaultAction" : false, - "priority" : 80, - "config" : { } - }, { - "alias" : "update_user_locale", - "name" : "Update User Locale", - "providerId" : "update_user_locale", - "enabled" : true, - "defaultAction" : false, - "priority" : 1000, - "config" : { } - } ], - "browserFlow" : "browser", - "registrationFlow" : "registration", - "directGrantFlow" : "direct grant", - "resetCredentialsFlow" : "reset credentials", - "clientAuthenticationFlow" : "clients", - "dockerAuthenticationFlow" : "docker auth", - "attributes" : { - "cibaBackchannelTokenDeliveryMode" : "poll", - "cibaExpiresIn" : "120", - "cibaAuthRequestedUserHint" : "login_hint", - "oauth2DeviceCodeLifespan" : "600", - "oauth2DevicePollingInterval" : "5", - "parRequestUriLifespan" : "60", - "cibaInterval" : "5", - "realmReusableOtpCode" : "false" - }, - "keycloakVersion" : "20.0.1", - "userManagedAccessAllowed" : false, - "clientProfiles" : { - "profiles" : [ ] - }, - "clientPolicies" : { - "policies" : [ ] - } -} \ No newline at end of file diff --git a/tapir/accounts/backends.py b/tapir/accounts/backends.py new file mode 100644 index 00000000..622e9f82 --- /dev/null +++ b/tapir/accounts/backends.py @@ -0,0 +1,36 @@ +from django.contrib.auth import get_user_model +from django.contrib.auth.backends import BaseBackend +from django.conf import settings +from keycloak import KeycloakOpenID, KeycloakAuthenticationError + + +class KeycloakAuthorizationCredentialsBackend(BaseBackend): + + def get_user(self, user_id): + UserModel = get_user_model() + + try: + user = UserModel.objects.get(pk=user_id) + except UserModel.DoesNotExist: + return None + + # needs to validate token before returning user + return user + + def authenticate(self, request, username=None, password=None): + config = settings.KEYCLOAK_CONFIG + kk = KeycloakOpenID( + server_url=config["SERVER_URL"], + client_id=config["CLIENT_ID"], + realm_name=config["REALM_NAME"], + client_secret_key=config["CLIENT_SECRET_KEY"], + ) + try: + token = kk.token("demo", "demo") + except KeycloakAuthenticationError: + return None + + remote_user = kk.introspect(token["access_token"]) + # User a another model, that uses remore_user fill/update this instead of AUTH_USER_MODEL + UserModel = get_user_model() + return UserModel.objects.last() diff --git a/tapir/accounts/tests/test_keycloak.py b/tapir/accounts/tests/test_keycloak.py new file mode 100644 index 00000000..25f8ce33 --- /dev/null +++ b/tapir/accounts/tests/test_keycloak.py @@ -0,0 +1,16 @@ +from tapir.utils.tests_utils import TapirFactoryTestBase +from tapir.accounts.tests.factories.factories import TapirUserFactory +from django.test import RequestFactory + +class KeyCloakAuthentication(TapirFactoryTestBase): + + def setUp(self): + # Every test needs access to the request factory. + self.factory = RequestFactory() + + def test_bla(self): + from django.contrib.auth import authenticate, login + request = self.factory.get('/') + user = TapirUserFactory() + auth_user = authenticate(request, username='asd', password='asd') + login(request, auth_user) \ No newline at end of file diff --git a/tapir/accounts/urls.py b/tapir/accounts/urls.py index 7d22c493..a413f532 100644 --- a/tapir/accounts/urls.py +++ b/tapir/accounts/urls.py @@ -4,6 +4,7 @@ from tapir.accounts import views + accounts_urlpatterns = [ path( "", generic.RedirectView.as_view(pattern_name="accounts:user_me"), name="index" @@ -64,3 +65,4 @@ name="password_reset_complete", ), ] + diff --git a/tapir/accounts/views.py b/tapir/accounts/views.py index 276c04d0..b11caa60 100644 --- a/tapir/accounts/views.py +++ b/tapir/accounts/views.py @@ -88,3 +88,29 @@ def send_user_welcome_email(request, pk): messages.info(request, _("Account welcome email sent.")) return redirect(tapir_user.get_absolute_url()) + + + +def logged(request): + from django.http import HttpResponse + from keycloak import KeycloakOpenID + keycloak_openid = KeycloakOpenID( + server_url="http://keycloak-server:8080", # add auth? + client_id="tapirweb", + realm_name="tapir", + client_secret_key="UYAoNSPYkJd8IpktSYOXp24PBHT6LN1r" + ) + + token = keycloak_openid.token( + grant_type='authorization_code', + code=request.GET['code'], + redirect_uri="http://localhost:8000/accounts/logged" + ) + print("----------------------------------") + print(token) + print("----------------------------------") + userinfo = keycloak_openid.userinfo(token['access_token']) + print("----------------------------------") + print(userinfo) + print("----------------------------------") + return HttpResponse(token) diff --git a/tapir/settings.py b/tapir/settings.py index 8d4e8944..ce59f2a4 100644 --- a/tapir/settings.py +++ b/tapir/settings.py @@ -258,8 +258,11 @@ SILKY_META = True KEYCLOAK_CONFIG = dict( - SERVER_URL=env("KEYCLOCK_SERVER_URL", default="http://keycloak_server:8080"), - REALM_NAME=env("KEYCLOCK_REALM_NAME", default="Tapir"), + SERVER_URL=env("KEYCLOCK_SERVER_URL", default="http://keycloak-server:8080"), CLIENT_ID=env("KEYCLOCK_CLIENT_ID", default="tapirweb"), - CLIENT_SECRET_KEY=env("KEYCLOCK_CLIENT_SECRET_KEY", default="c7cV4p1vDVEYFFgoJ3Ji356LLx5zFMgi"), -) \ No newline at end of file + REALM_NAME=env("KEYCLOCK_REALM_NAME", default="tapir"), + CLIENT_SECRET_KEY=env("KEYCLOCK_CLIENT_SECRET_KEY", default="UYAoNSPYkJd8IpktSYOXp24PBHT6LN1r"), +) +AUTHENTICATION_BACKENDS = [ + 'tapir.accounts.backends.KeycloakAuthorizationCredentialsBackend' +] \ No newline at end of file