From 22940471ba95e47dec3843683d0eb6a8e6a2cd65 Mon Sep 17 00:00:00 2001 From: Nordine Bittich Date: Sat, 16 Apr 2022 15:07:31 +0200 Subject: [PATCH 1/8] keycloak 17 & prometheus fix --- config/prometheus/prometheus_dev.yml | 8 ++++---- docker-compose.dev.yml | 10 +++++----- docker-compose.monorepo.yml | 4 +--- docker-compose.override.example.yml | 4 ++-- docker-compose.yml | 18 +++++++++--------- 5 files changed, 21 insertions(+), 23 deletions(-) diff --git a/config/prometheus/prometheus_dev.yml b/config/prometheus/prometheus_dev.yml index 6a1ffbb..33790c1 100644 --- a/config/prometheus/prometheus_dev.yml +++ b/config/prometheus/prometheus_dev.yml @@ -11,8 +11,8 @@ scrape_configs: - targets: ['api-backend:80'] oauth2: client_id: 'prometheus' - client_secret: 'hvOb5EiiEJvaDW6IszZAD4U4m8ZfEH2x' - token_url: http://keycloak:8080/auth/realms/Artcoded/protocol/openid-connect/token + client_secret: 'U03e8p3LXIbV4VJPopEUbN55cjGAm3oE' + token_url: http://keycloak:8080/realms/Artcoded/protocol/openid-connect/token - job_name: 'triplestore' metrics_path: '/actuator/prometheus' scrape_interval: 5s @@ -20,5 +20,5 @@ scrape_configs: - targets: ['triplestore:80'] oauth2: client_id: 'prometheus' - client_secret: 'hvOb5EiiEJvaDW6IszZAD4U4m8ZfEH2x' - token_url: http://keycloak:8080/auth/realms/Artcoded/protocol/openid-connect/token \ No newline at end of file + client_secret: 'U03e8p3LXIbV4VJPopEUbN55cjGAm3oE' + token_url: http://keycloak:8080/realms/Artcoded/protocol/openid-connect/token \ No newline at end of file diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml index 40b3695..30dca54 100644 --- a/docker-compose.dev.yml +++ b/docker-compose.dev.yml @@ -2,9 +2,9 @@ version: "3.5" services: keycloak: environment: - KEYCLOAK_USER: admin - KEYCLOAK_PASSWORD: root KEYCLOAK_IMPORT: /tmp/realms/artcoded-realm.json + KC_HOSTNAME: auth.somehost.org + user: root ports: - 8080:8080 networks: @@ -37,7 +37,7 @@ services: MAILE_SENDER_SSL_ENABLE: "false" MAIL_SENDER_PORT: 25 MONGO_DB_DATABASE_NAME: artcoded_test - JWK_SET_URI: http://auth.somehost.org:8080/auth/realms/Artcoded/protocol/openid-connect/certs + JWK_SET_URI: http://auth.somehost.org:8080/realms/Artcoded/protocol/openid-connect/certs back-office: image: nbittich/back-office:latest networks: @@ -102,14 +102,14 @@ services: - 8888:80 prometheus: - user: "1000" + user: root restart: "no" volumes: - ./config/prometheus/prometheus_dev.yml:/etc/prometheus/prometheus.yml ports: - "9090:9090" grafana: - user: "1000" + user: root restart: "no" ports: - 3000:3000 diff --git a/docker-compose.monorepo.yml b/docker-compose.monorepo.yml index 8b620fe..f964b75 100644 --- a/docker-compose.monorepo.yml +++ b/docker-compose.monorepo.yml @@ -2,8 +2,6 @@ version: "3.5" services: keycloak: environment: - KEYCLOAK_USER: admin - KEYCLOAK_PASSWORD: root KEYCLOAK_IMPORT: /tmp/realms/artcoded-realm.json ports: - 8080:8080 @@ -37,7 +35,7 @@ services: MAILE_SENDER_SSL_ENABLE: "false" MAIL_SENDER_PORT: 25 MONGO_DB_DATABASE_NAME: artcoded_test - JWK_SET_URI: http://auth.somehost.org:8080/auth/realms/Artcoded/protocol/openid-connect/certs + JWK_SET_URI: http://auth.somehost.org:8080/realms/Artcoded/protocol/openid-connect/certs back-office: build: ../backoffice/. networks: diff --git a/docker-compose.override.example.yml b/docker-compose.override.example.yml index de2ec1d..95d3911 100644 --- a/docker-compose.override.example.yml +++ b/docker-compose.override.example.yml @@ -27,7 +27,7 @@ services: MONGO_DB_USERNAME: __MONGO_INITDB_ROOT_USERNAME__ ARTEMIS_USER: artemis ARTEMIS_PASSWORD: __ARTEMIS_PASSWORD__ - JWK_SET_URI: http://keycloak:8080/auth/realms/Artcoded/protocol/openid-connect/certs + JWK_SET_URI: http://keycloak:8080/realms/Artcoded/protocol/openid-connect/certs back-office: networks: artcoded: @@ -121,7 +121,7 @@ services: ARTEMIS_USER: artemis ARTEMIS_URL: tcp://artemis:61616 ARTEMIS_PASSWORD: __ARTEMIS_PASSWORD__ - JWK_SET_URI: http://keycloak:8080/auth/realms/Artcoded/protocol/openid-connect/certs + JWK_SET_URI: http://keycloak:8080/realms/Artcoded/protocol/openid-connect/certs grafana: restart: unless-stopped user: "1000" diff --git a/docker-compose.yml b/docker-compose.yml index e1bee67..a43d675 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -35,17 +35,17 @@ services: - ./data/keycloak-postgres:/var/lib/postgresql/data keycloak: restart: always - image: jboss/keycloak:16.1.1 + image: nbittich/keycloak:17.0.1 networks: artcoded: environment: - DB_USER: keycloak - DB_DATABASE: keycloak - DB_VENDOR: "POSTGRES" - PROXY_ADDRESS_FORWARDING: "true" - DB_PORT: 5432 - DB_PASSWORD: keycloak - DB_ADDR: postgresql + KC_DB_USERNAME: keycloak + KC_DB_PASSWORD: keycloak + KC_DB: "postgres" + KC_DB_URL: "jdbc:postgresql://postgresql:5432/keycloak" + KC_PROXY: edge + command: start + ####### Redis ####### redis: image: redis:alpine @@ -132,7 +132,7 @@ services: MIGRATION_PATH: /migrations MIGRATION_DEFAULT_GRAPH: "https://bittich.be/application" SERVER_PORT: 80 - JWK_SET_URI: http://auth.somehost.org:8080/auth/realms/Artcoded/protocol/openid-connect/certs + JWK_SET_URI: http://auth.somehost.org:8080/realms/Artcoded/protocol/openid-connect/certs volumes: - openj9cache:/opt/shareclasses - ./data/tdb2:/triplestore From ffe69412d683aa8847d5f62a91ce23e0b7ac887c Mon Sep 17 00:00:00 2001 From: Nordine Bittich Date: Sat, 16 Apr 2022 15:12:32 +0200 Subject: [PATCH 2/8] override example --- docker-compose.override.example.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docker-compose.override.example.yml b/docker-compose.override.example.yml index 95d3911..bb14fee 100644 --- a/docker-compose.override.example.yml +++ b/docker-compose.override.example.yml @@ -67,10 +67,10 @@ services: aliases: - auth.bittich.be environment: - #KEYCLOAK_USER: __KEYCLOAK_USER__ - #KEYCLOAK_PASSWORD: __KEYCLOAK_PASSWORD__ - DB_PASSWORD: __POSTGRES_PASSWORD__ - DB_ADDR: postgresql + KC_DB_PASSWORD: __POSTGRES_PASSWORD__ + KC_HOSTNAME: __KEYCLOAK_HOSTNAME__ + # user: root + artemis: environment: ARTEMIS_USER: artemis From dcde068d0b7c99d293cd1abb4d160c4e5d364b57 Mon Sep 17 00:00:00 2001 From: Nordine Bittich Date: Sat, 16 Apr 2022 15:33:00 +0200 Subject: [PATCH 3/8] use tagged version --- docker-compose.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index a43d675..818840a 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -79,7 +79,7 @@ services: SERVER_PORT: 80 ####### Api Backend ####### api-backend: - image: nbittich/api-backend:2022.1.0 + image: nbittich/api-backend:2022.2.0 restart: always networks: artcoded: @@ -105,7 +105,7 @@ services: PROFILE_ACTIVE: prod ####### BACK OFFICE ####### back-office: - image: nbittich/back-office:v2022.1.2 + image: nbittich/back-office:v2022.2.0 restart: always networks: artcoded: @@ -139,7 +139,7 @@ services: - ./data/migrations:/migrations ####### Website ####### website: - image: nbittich/website:v2022.1.0 + image: nbittich/website:v2022.1.1 restart: always networks: artcoded: From 991b837b93efd9cf6b3cb2964838de3f0b5cb785 Mon Sep 17 00:00:00 2001 From: Nordine Bittich Date: Sat, 16 Apr 2022 15:53:14 +0200 Subject: [PATCH 4/8] wip --- README.md | 5 + .../keycloak-dev/export/artcoded-realm.json | 1943 +++++++++++++++++ docker-compose.dev.yml | 4 +- 3 files changed, 1950 insertions(+), 2 deletions(-) create mode 100644 config/keycloak-dev/export/artcoded-realm.json diff --git a/README.md b/README.md index 081e6ff..713f172 100644 --- a/README.md +++ b/README.md @@ -19,4 +19,9 @@ https://openartcoded.github.io/doc/installation/compiled.html -Dkeycloak.migration.realmName=Artcoded \ -Dkeycloak.migration.usersExportStrategy=REALM_FILE \ -Dkeycloak.migration.file=/tmp/export/artcoded-realm.json + + docker exec -it app-docker_keycloak_1 /opt/keycloak/bin/kc.sh export \ + --file /tmp/export/artcoded-realm.json \ + --realm Artcoded + --users different_file ``` diff --git a/config/keycloak-dev/export/artcoded-realm.json b/config/keycloak-dev/export/artcoded-realm.json new file mode 100644 index 0000000..d704043 --- /dev/null +++ b/config/keycloak-dev/export/artcoded-realm.json @@ -0,0 +1,1943 @@ +{ + "id" : "Artcoded", + "realm" : "Artcoded", + "notBefore" : 0, + "defaultSignatureAlgorithm" : "RS256", + "revokeRefreshToken" : false, + "refreshTokenMaxReuse" : 0, + "accessTokenLifespan" : 300, + "accessTokenLifespanForImplicitFlow" : 900, + "ssoSessionIdleTimeout" : 1800, + "ssoSessionMaxLifespan" : 36000, + "ssoSessionIdleTimeoutRememberMe" : 0, + "ssoSessionMaxLifespanRememberMe" : 0, + "offlineSessionIdleTimeout" : 2592000, + "offlineSessionMaxLifespanEnabled" : false, + "offlineSessionMaxLifespan" : 5184000, + "clientSessionIdleTimeout" : 0, + "clientSessionMaxLifespan" : 0, + "clientOfflineSessionIdleTimeout" : 0, + "clientOfflineSessionMaxLifespan" : 0, + "accessCodeLifespan" : 60, + "accessCodeLifespanUserAction" : 300, + "accessCodeLifespanLogin" : 1800, + "actionTokenGeneratedByAdminLifespan" : 43200, + "actionTokenGeneratedByUserLifespan" : 300, + "oauth2DeviceCodeLifespan" : 600, + "oauth2DevicePollingInterval" : 5, + "enabled" : true, + "sslRequired" : "external", + "registrationAllowed" : false, + "registrationEmailAsUsername" : false, + "rememberMe" : false, + "verifyEmail" : false, + "loginWithEmailAllowed" : true, + "duplicateEmailsAllowed" : false, + "resetPasswordAllowed" : false, + "editUsernameAllowed" : false, + "bruteForceProtected" : false, + "permanentLockout" : false, + "maxFailureWaitSeconds" : 900, + "minimumQuickLoginWaitSeconds" : 60, + "waitIncrementSeconds" : 60, + "quickLoginCheckMilliSeconds" : 1000, + "maxDeltaTimeSeconds" : 43200, + "failureFactor" : 30, + "roles" : { + "realm" : [ { + "id" : "af358593-cdeb-4a4a-aa78-48ce51bc9123", + "name" : "PROMETHEUS", + "composite" : false, + "clientRole" : false, + "containerId" : "Artcoded", + "attributes" : { } + }, { + "id" : "7297c4e7-62fd-4707-9d29-5aa70366e123", + "name" : "default-roles-artcoded", + "description" : "${role_default-roles}", + "composite" : true, + "composites" : { + "realm" : [ "offline_access", "uma_authorization" ], + "client" : { + "account" : [ "manage-account", "view-profile" ] + } + }, + "clientRole" : false, + "containerId" : "Artcoded", + "attributes" : { } + }, { + "id" : "a7e7f92a-1c0c-41b1-947b-1559bfe0cc43", + "name" : "offline_access", + "description" : "${role_offline-access}", + "composite" : false, + "clientRole" : false, + "containerId" : "Artcoded", + "attributes" : { } + }, { + "id" : "4bb46b3c-836a-43fb-a4fc-f64e12ca1719", + "name" : "uma_authorization", + "description" : "${role_uma_authorization}", + "composite" : false, + "clientRole" : false, + "containerId" : "Artcoded", + "attributes" : { } + }, { + "id" : "390ec1fb-3a86-4b67-b601-aed3dd0afcda", + "name" : "ROLE_PROMETHEUS", + "composite" : false, + "clientRole" : false, + "containerId" : "Artcoded", + "attributes" : { } + }, { + "id" : "5e37a96f-fa07-4db2-bb13-f5f8d6032212", + "name" : "ADMIN", + "composite" : false, + "clientRole" : false, + "containerId" : "Artcoded", + "attributes" : { } + }, { + "id" : "8d7e9d23-41e1-43f4-a4f4-3fa8af7531ff", + "name" : "ROLE_ADMIN", + "composite" : false, + "clientRole" : false, + "containerId" : "Artcoded", + "attributes" : { } + } ], + "client" : { + "realm-management" : [ { + "id" : "87863276-3b30-4710-a519-1f08c4c8db34", + "name" : "realm-admin", + "description" : "${role_realm-admin}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "view-authorization", "view-users", "create-client", "manage-events", "manage-users", "view-clients", "impersonation", "view-identity-providers", "view-events", "manage-authorization", "view-realm", "query-users", "manage-realm", "query-clients", "manage-clients", "query-groups", "query-realms", "manage-identity-providers" ] + } + }, + "clientRole" : true, + "containerId" : "597faf03-295b-4b0e-9103-257a2211bf20", + "attributes" : { } + }, { + "id" : "2fd1e911-f7a9-4822-97b9-073dc9cfdc9b", + "name" : "view-authorization", + "description" : "${role_view-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "597faf03-295b-4b0e-9103-257a2211bf20", + "attributes" : { } + }, { + "id" : "de038599-8eb1-408d-94dc-81df35a2c3cf", + "name" : "view-users", + "description" : "${role_view-users}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "query-users", "query-groups" ] + } + }, + "clientRole" : true, + "containerId" : "597faf03-295b-4b0e-9103-257a2211bf20", + "attributes" : { } + }, { + "id" : "eb487cb2-cbc8-43bc-ae02-80adfc247a95", + "name" : "create-client", + "description" : "${role_create-client}", + "composite" : false, + "clientRole" : true, + "containerId" : "597faf03-295b-4b0e-9103-257a2211bf20", + "attributes" : { } + }, { + "id" : "d8098414-50e8-4aac-86ab-c0e69b0829b3", + "name" : "manage-events", + "description" : "${role_manage-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "597faf03-295b-4b0e-9103-257a2211bf20", + "attributes" : { } + }, { + "id" : "6e234a21-54ab-490e-a594-7107b1061db6", + "name" : "manage-users", + "description" : "${role_manage-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "597faf03-295b-4b0e-9103-257a2211bf20", + "attributes" : { } + }, { + "id" : "c1b0fad5-ccf7-46fc-8e4f-eb8c65c5156d", + "name" : "view-clients", + "description" : "${role_view-clients}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "query-clients" ] + } + }, + "clientRole" : true, + "containerId" : "597faf03-295b-4b0e-9103-257a2211bf20", + "attributes" : { } + }, { + "id" : "618c3ebd-7470-47c7-a3de-9af186350fef", + "name" : "impersonation", + "description" : "${role_impersonation}", + "composite" : false, + "clientRole" : true, + "containerId" : "597faf03-295b-4b0e-9103-257a2211bf20", + "attributes" : { } + }, { + "id" : "8fb1f1e6-7309-442b-af76-e86f64734f82", + "name" : "view-identity-providers", + "description" : "${role_view-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "597faf03-295b-4b0e-9103-257a2211bf20", + "attributes" : { } + }, { + "id" : "bafaaf66-a850-404e-98f6-6c021b9def34", + "name" : "view-events", + "description" : "${role_view-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "597faf03-295b-4b0e-9103-257a2211bf20", + "attributes" : { } + }, { + "id" : "58d5d679-d9b1-480f-8338-8cc0a1838887", + "name" : "manage-authorization", + "description" : "${role_manage-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "597faf03-295b-4b0e-9103-257a2211bf20", + "attributes" : { } + }, { + "id" : "c0bc3eb1-8c68-416a-9757-af3759dc7611", + "name" : "view-realm", + "description" : "${role_view-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "597faf03-295b-4b0e-9103-257a2211bf20", + "attributes" : { } + }, { + "id" : "d4c58a7d-117b-479a-8f4b-8cd7765c9bca", + "name" : "query-users", + "description" : "${role_query-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "597faf03-295b-4b0e-9103-257a2211bf20", + "attributes" : { } + }, { + "id" : "c52f6a49-2195-4915-bf0f-e9ddfe6d9b5a", + "name" : "manage-realm", + "description" : "${role_manage-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "597faf03-295b-4b0e-9103-257a2211bf20", + "attributes" : { } + }, { + "id" : "7f37ec87-15a1-44cc-b9be-306af017fb5f", + "name" : "query-clients", + "description" : "${role_query-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "597faf03-295b-4b0e-9103-257a2211bf20", + "attributes" : { } + }, { + "id" : "ad8fd192-c5a0-4e4e-857d-d7d00ca0fede", + "name" : "manage-clients", + "description" : "${role_manage-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "597faf03-295b-4b0e-9103-257a2211bf20", + "attributes" : { } + }, { + "id" : "868f7c24-0356-40bf-96b5-2d192934b8b2", + "name" : "query-groups", + "description" : "${role_query-groups}", + "composite" : false, + "clientRole" : true, + "containerId" : "597faf03-295b-4b0e-9103-257a2211bf20", + "attributes" : { } + }, { + "id" : "8079d2cb-57b8-4280-a3c1-1f29973a7b6f", + "name" : "query-realms", + "description" : "${role_query-realms}", + "composite" : false, + "clientRole" : true, + "containerId" : "597faf03-295b-4b0e-9103-257a2211bf20", + "attributes" : { } + }, { + "id" : "f6245c62-aa68-480f-bf0a-0bac5fcf1d78", + "name" : "manage-identity-providers", + "description" : "${role_manage-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "597faf03-295b-4b0e-9103-257a2211bf20", + "attributes" : { } + } ], + "security-admin-console" : [ ], + "admin-cli" : [ ], + "account-console" : [ ], + "prometheus" : [ { + "id" : "30363092-09c9-4603-96e0-a3cc8a204eac", + "name" : "ROLE_PROMETHEUS", + "composite" : false, + "clientRole" : true, + "containerId" : "90222c20-4d1a-4478-80c3-bf5b482c48ab", + "attributes" : { } + } ], + "broker" : [ { + "id" : "777e278f-042e-4049-9d3a-5cf12a939d20", + "name" : "read-token", + "description" : "${role_read-token}", + "composite" : false, + "clientRole" : true, + "containerId" : "8ef063f7-1c7b-4881-a3ee-7dc532504a12", + "attributes" : { } + } ], + "account" : [ { + "id" : "54dfade2-be06-4971-bc69-6ccab8f2bacc", + "name" : "view-consent", + "description" : "${role_view-consent}", + "composite" : false, + "clientRole" : true, + "containerId" : "dc870d19-7877-4aac-b6bd-685ba007a7d3", + "attributes" : { } + }, { + "id" : "560995a7-11e2-4393-92a5-d17aaadfe312", + "name" : "manage-account", + "description" : "${role_manage-account}", + "composite" : true, + "composites" : { + "client" : { + "account" : [ "manage-account-links" ] + } + }, + "clientRole" : true, + "containerId" : "dc870d19-7877-4aac-b6bd-685ba007a7d3", + "attributes" : { } + }, { + "id" : "4d32f1e7-a6c6-44cd-945c-67b52d443804", + "name" : "manage-account-links", + "description" : "${role_manage-account-links}", + "composite" : false, + "clientRole" : true, + "containerId" : "dc870d19-7877-4aac-b6bd-685ba007a7d3", + "attributes" : { } + }, { + "id" : "6acf2565-51b7-41c4-9348-1e5491e91e23", + "name" : "view-applications", + "description" : "${role_view-applications}", + "composite" : false, + "clientRole" : true, + "containerId" : "dc870d19-7877-4aac-b6bd-685ba007a7d3", + "attributes" : { } + }, { + "id" : "67601d56-b226-4bad-be30-a58ee1811471", + "name" : "view-profile", + "description" : "${role_view-profile}", + "composite" : false, + "clientRole" : true, + "containerId" : "dc870d19-7877-4aac-b6bd-685ba007a7d3", + "attributes" : { } + }, { + "id" : "dd1196ab-e71a-4c96-aa68-c04c8e966064", + "name" : "delete-account", + "description" : "${role_delete-account}", + "composite" : false, + "clientRole" : true, + "containerId" : "dc870d19-7877-4aac-b6bd-685ba007a7d3", + "attributes" : { } + }, { + "id" : "76674307-d820-4ca2-a91b-25dbe0f03428", + "name" : "manage-consent", + "description" : "${role_manage-consent}", + "composite" : true, + "composites" : { + "client" : { + "account" : [ "view-consent" ] + } + }, + "clientRole" : true, + "containerId" : "dc870d19-7877-4aac-b6bd-685ba007a7d3", + "attributes" : { } + } ], + "frontend-client" : [ ] + } + }, + "groups" : [ ], + "defaultRole" : { + "id" : "7297c4e7-62fd-4707-9d29-5aa70366e123", + "name" : "default-roles-artcoded", + "description" : "${role_default-roles}", + "composite" : true, + "clientRole" : false, + "containerId" : "Artcoded" + }, + "requiredCredentials" : [ "password" ], + "otpPolicyType" : "totp", + "otpPolicyAlgorithm" : "HmacSHA1", + "otpPolicyInitialCounter" : 0, + "otpPolicyDigits" : 6, + "otpPolicyLookAheadWindow" : 1, + "otpPolicyPeriod" : 30, + "otpSupportedApplications" : [ "FreeOTP", "Google Authenticator" ], + "webAuthnPolicyRpEntityName" : "keycloak", + "webAuthnPolicySignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyRpId" : "", + "webAuthnPolicyAttestationConveyancePreference" : "not specified", + "webAuthnPolicyAuthenticatorAttachment" : "not specified", + "webAuthnPolicyRequireResidentKey" : "not specified", + "webAuthnPolicyUserVerificationRequirement" : "not specified", + "webAuthnPolicyCreateTimeout" : 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyAcceptableAaguids" : [ ], + "webAuthnPolicyPasswordlessRpEntityName" : "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyPasswordlessRpId" : "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified", + "webAuthnPolicyPasswordlessCreateTimeout" : 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ], + "users" : [ { + "id" : "bb51592f-6e10-445e-9791-e191559f9035", + "createdTimestamp" : 1648712228948, + "username" : "nordine", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "credentials" : [ { + "id" : "4b0c14dc-fda5-484e-8255-306f176426d3", + "type" : "password", + "createdDate" : 1648712237351, + "secretData" : "{\"value\":\"KICOvKRjsSududqxMwqYJ5Q2lca5pzP3DGf1Y+k3R2bZf0PVparnfPi3zwgIE/yas32NiSy+vWthgTCEBUWkIw==\",\"salt\":\"DR0Rxw2OgDAvV8S0m5rcRw==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-artcoded", "ADMIN", "ROLE_ADMIN" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "9ce97140-221b-4d3a-934d-57fb4637b782", + "createdTimestamp" : 1650104302269, + "username" : "service-account-prometheus", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "serviceAccountClientId" : "prometheus", + "credentials" : [ ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "PROMETHEUS", "default-roles-artcoded", "ROLE_PROMETHEUS" ], + "notBefore" : 0, + "groups" : [ ] + } ], + "scopeMappings" : [ { + "clientScope" : "offline_access", + "roles" : [ "offline_access" ] + } ], + "clientScopeMappings" : { + "account" : [ { + "client" : "account-console", + "roles" : [ "manage-account" ] + } ] + }, + "clients" : [ { + "id" : "dc870d19-7877-4aac-b6bd-685ba007a7d3", + "clientId" : "account", + "name" : "${client_account}", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/Artcoded/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/realms/Artcoded/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "0ba98e8b-92a5-49ed-aff0-d2e58c5629fb", + "clientId" : "account-console", + "name" : "${client_account-console}", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/Artcoded/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/realms/Artcoded/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "pkce.code.challenge.method" : "S256" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "f84cfd83-6560-4e3d-9902-8f23001a3db3", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { } + } ], + "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "0b8e6bf3-6220-4ba0-bf01-8dc2ec6d10bb", + "clientId" : "admin-cli", + "name" : "${client_admin-cli}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : false, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "8ef063f7-1c7b-4881-a3ee-7dc532504a12", + "clientId" : "broker", + "name" : "${client_broker}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : true, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "15732c28-a00f-4f10-82f6-5f46cd17d978", + "clientId" : "frontend-client", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "http://localhost:4200/*", "https://backoffice.somehost.org/*" ], + "webOrigins" : [ "*" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "id.token.as.detached.signature" : "false", + "saml.assertion.signature" : "false", + "saml.force.post.binding" : "false", + "saml.multivalued.roles" : "false", + "saml.encrypt" : "false", + "oauth2.device.authorization.grant.enabled" : "false", + "backchannel.logout.revoke.offline.tokens" : "false", + "saml.server.signature" : "false", + "saml.server.signature.keyinfo.ext" : "false", + "use.refresh.tokens" : "true", + "exclude.session.state.from.auth.response" : "false", + "oidc.ciba.grant.enabled" : "false", + "saml.artifact.binding" : "false", + "backchannel.logout.session.required" : "true", + "client_credentials.use_refresh_token" : "false", + "saml_force_name_id_format" : "false", + "require.pushed.authorization.requests" : "false", + "saml.client.signature" : "false", + "tls.client.certificate.bound.access.tokens" : "false", + "saml.authnstatement" : "false", + "display.on.consent.screen" : "false", + "saml.onetimeuse.condition" : "false" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : -1, + "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "90222c20-4d1a-4478-80c3-bf5b482c48ab", + "clientId" : "prometheus", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "U03e8p3LXIbV4VJPopEUbN55cjGAm3oE", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : false, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : true, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "id.token.as.detached.signature" : "false", + "saml.assertion.signature" : "false", + "saml.force.post.binding" : "false", + "saml.multivalued.roles" : "false", + "saml.encrypt" : "false", + "oauth2.device.authorization.grant.enabled" : "false", + "backchannel.logout.revoke.offline.tokens" : "false", + "saml.server.signature" : "false", + "saml.server.signature.keyinfo.ext" : "false", + "use.refresh.tokens" : "true", + "exclude.session.state.from.auth.response" : "false", + "oidc.ciba.grant.enabled" : "false", + "saml.artifact.binding" : "false", + "backchannel.logout.session.required" : "true", + "client_credentials.use_refresh_token" : "false", + "saml_force_name_id_format" : "false", + "require.pushed.authorization.requests" : "false", + "saml.client.signature" : "false", + "tls.client.certificate.bound.access.tokens" : "false", + "saml.authnstatement" : "false", + "display.on.consent.screen" : "false", + "saml.onetimeuse.condition" : "false" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : -1, + "protocolMappers" : [ { + "id" : "b1d77c19-1ea9-4f64-bb85-af5c05d2016d", + "name" : "Client Host", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usersessionmodel-note-mapper", + "consentRequired" : false, + "config" : { + "user.session.note" : "clientHost", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "clientHost", + "jsonType.label" : "String" + } + }, { + "id" : "ad7f1c1a-2e76-462d-befd-781384f014ba", + "name" : "Client IP Address", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usersessionmodel-note-mapper", + "consentRequired" : false, + "config" : { + "user.session.note" : "clientAddress", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "clientAddress", + "jsonType.label" : "String" + } + }, { + "id" : "e5b930ed-fd68-45a3-8ff9-ed012daa84f4", + "name" : "Client ID", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usersessionmodel-note-mapper", + "consentRequired" : false, + "config" : { + "user.session.note" : "clientId", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "clientId", + "jsonType.label" : "String" + } + } ], + "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "597faf03-295b-4b0e-9103-257a2211bf20", + "clientId" : "realm-management", + "name" : "${client_realm-management}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : true, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "1fcec55e-f37c-4f09-9d3a-759d2ccef64d", + "clientId" : "security-admin-console", + "name" : "${client_security-admin-console}", + "rootUrl" : "${authAdminUrl}", + "baseUrl" : "/admin/Artcoded/console/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/admin/Artcoded/console/*" ], + "webOrigins" : [ "+" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "pkce.code.challenge.method" : "S256" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "a2543271-5a95-4c7d-bfba-96a9275e1fd8", + "name" : "locale", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "locale", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "locale", + "jsonType.label" : "String" + } + } ], + "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + } ], + "clientScopes" : [ { + "id" : "5300c420-8973-490f-807f-74d6cbd52910", + "name" : "role_list", + "description" : "SAML role list", + "protocol" : "saml", + "attributes" : { + "consent.screen.text" : "${samlRoleListScopeConsentText}", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "56c4e945-6280-48e4-86fa-c817f3df6c8a", + "name" : "role list", + "protocol" : "saml", + "protocolMapper" : "saml-role-list-mapper", + "consentRequired" : false, + "config" : { + "single" : "false", + "attribute.nameformat" : "Basic", + "attribute.name" : "Role" + } + } ] + }, { + "id" : "8f094a54-b567-4d9a-9e60-184c99253601", + "name" : "offline_access", + "description" : "OpenID Connect built-in scope: offline_access", + "protocol" : "openid-connect", + "attributes" : { + "consent.screen.text" : "${offlineAccessScopeConsentText}", + "display.on.consent.screen" : "true" + } + }, { + "id" : "2c4b636a-3e76-47a8-8c0b-199541fa0313", + "name" : "profile", + "description" : "OpenID Connect built-in scope: profile", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${profileScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "3bdeb376-a795-4e55-af8e-bd0fa16a6468", + "name" : "username", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "preferred_username", + "jsonType.label" : "String" + } + }, { + "id" : "cf9a62d7-7602-4ffd-988d-eebcf2c1da91", + "name" : "family name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "lastName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "family_name", + "jsonType.label" : "String" + } + }, { + "id" : "8ecd8b81-060b-4532-b4bd-564d8d8d716f", + "name" : "nickname", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "nickname", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "nickname", + "jsonType.label" : "String" + } + }, { + "id" : "e84aa28a-d9d6-4d9b-b132-d6c93eeea267", + "name" : "picture", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "picture", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "picture", + "jsonType.label" : "String" + } + }, { + "id" : "254d7ab3-d4db-4f50-91de-a8a662bf3cd0", + "name" : "zoneinfo", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "zoneinfo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "zoneinfo", + "jsonType.label" : "String" + } + }, { + "id" : "a1294243-71fe-4a5b-a65e-ce9c8ae92727", + "name" : "full name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-full-name-mapper", + "consentRequired" : false, + "config" : { + "id.token.claim" : "true", + "access.token.claim" : "true", + "userinfo.token.claim" : "true" + } + }, { + "id" : "22fdafb0-4be0-4295-b244-9328f4e60b06", + "name" : "given name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "firstName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "given_name", + "jsonType.label" : "String" + } + }, { + "id" : "dfb14c21-83de-4246-92a5-b64d7f69cd7e", + "name" : "updated at", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "updatedAt", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "updated_at", + "jsonType.label" : "String" + } + }, { + "id" : "7d8c7bdc-7876-431e-b197-ce6e5c8a6f03", + "name" : "gender", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "gender", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "gender", + "jsonType.label" : "String" + } + }, { + "id" : "4ebb3e0b-fd02-4b6d-80ab-618f03ead054", + "name" : "profile", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "profile", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "profile", + "jsonType.label" : "String" + } + }, { + "id" : "c9891a5f-f886-44e3-a518-caaa40f7d183", + "name" : "locale", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "locale", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "locale", + "jsonType.label" : "String" + } + }, { + "id" : "1b4034b0-1519-4f58-883d-4a32f0665bb9", + "name" : "middle name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "middleName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "middle_name", + "jsonType.label" : "String" + } + }, { + "id" : "646ba012-b828-44f8-bbf6-8243e8aeb17d", + "name" : "birthdate", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "birthdate", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "birthdate", + "jsonType.label" : "String" + } + }, { + "id" : "b46e9224-4875-4f65-97e9-4ab6b7ae9621", + "name" : "website", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "website", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "website", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "4cedf110-49de-4b26-bbba-04cef94e177c", + "name" : "microprofile-jwt", + "description" : "Microprofile - JWT built-in scope", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "651e1c05-61df-492f-9b61-ca2422bfabca", + "name" : "upn", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "upn", + "jsonType.label" : "String" + } + }, { + "id" : "4167d432-e6d0-48f1-aba0-e9a8e7f1dc6e", + "name" : "groups", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "multivalued" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "foo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "groups", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "c971b265-3341-4354-b419-81bd2de151f4", + "name" : "web-origins", + "description" : "OpenID Connect scope for add allowed web origins to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false", + "consent.screen.text" : "" + }, + "protocolMappers" : [ { + "id" : "b217b419-008c-4861-a481-1bcbaebec0da", + "name" : "allowed web origins", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-allowed-origins-mapper", + "consentRequired" : false, + "config" : { } + } ] + }, { + "id" : "8ccb133b-b642-4701-8f66-8640fc0a7a94", + "name" : "email", + "description" : "OpenID Connect built-in scope: email", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${emailScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "0911e978-e267-4575-a383-879058ad7883", + "name" : "email verified", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "emailVerified", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email_verified", + "jsonType.label" : "boolean" + } + }, { + "id" : "29f1d35b-6c40-4983-9e05-ee0322549919", + "name" : "email", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "email", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "c62cb511-5af5-4712-b8cb-ecb640a61e03", + "name" : "roles", + "description" : "OpenID Connect scope for add user roles to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${rolesScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "51e08a2b-ea65-4fcd-8719-4a2dac04eebf", + "name" : "realm roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "foo", + "access.token.claim" : "true", + "claim.name" : "realm_access.roles", + "jsonType.label" : "String", + "multivalued" : "true" + } + }, { + "id" : "00df31e0-24b6-4578-ba96-ea4eee865b05", + "name" : "client roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-client-role-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "foo", + "access.token.claim" : "true", + "claim.name" : "resource_access.${client_id}.roles", + "jsonType.label" : "String", + "multivalued" : "true" + } + }, { + "id" : "7318e23a-0370-4d03-a16a-21bd5b473fbd", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { } + } ] + }, { + "id" : "8c7b791c-efad-438e-9b9e-278994b4458e", + "name" : "address", + "description" : "OpenID Connect built-in scope: address", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${addressScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "7cb97de5-035d-44d3-89b4-177b7dd5942c", + "name" : "address", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-address-mapper", + "consentRequired" : false, + "config" : { + "user.attribute.formatted" : "formatted", + "user.attribute.country" : "country", + "user.attribute.postal_code" : "postal_code", + "userinfo.token.claim" : "true", + "user.attribute.street" : "street", + "id.token.claim" : "true", + "user.attribute.region" : "region", + "access.token.claim" : "true", + "user.attribute.locality" : "locality" + } + } ] + }, { + "id" : "3c60beda-4b2f-406d-84d2-63ec782be326", + "name" : "phone", + "description" : "OpenID Connect built-in scope: phone", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${phoneScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "e997ae1e-610c-4a98-8996-3a71e6e9d167", + "name" : "phone number verified", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "phoneNumberVerified", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "phone_number_verified", + "jsonType.label" : "boolean" + } + }, { + "id" : "059e6f4c-d845-482f-b568-2dec52e99118", + "name" : "phone number", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "phoneNumber", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "phone_number", + "jsonType.label" : "String" + } + } ] + } ], + "defaultDefaultClientScopes" : [ "role_list", "profile", "email", "roles", "web-origins" ], + "defaultOptionalClientScopes" : [ "offline_access", "address", "phone", "microprofile-jwt" ], + "browserSecurityHeaders" : { + "contentSecurityPolicyReportOnly" : "", + "xContentTypeOptions" : "nosniff", + "xRobotsTag" : "none", + "xFrameOptions" : "SAMEORIGIN", + "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "xXSSProtection" : "1; mode=block", + "strictTransportSecurity" : "max-age=31536000; includeSubDomains" + }, + "smtpServer" : { }, + "eventsEnabled" : false, + "eventsListeners" : [ "jboss-logging" ], + "enabledEventTypes" : [ ], + "adminEventsEnabled" : false, + "adminEventsDetailsEnabled" : false, + "identityProviders" : [ ], + "identityProviderMappers" : [ ], + "components" : { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ { + "id" : "b9bdf93b-562c-481a-8303-b3685adbb64d", + "name" : "Max Clients Limit", + "providerId" : "max-clients", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "max-clients" : [ "200" ] + } + }, { + "id" : "b6ea75e2-e478-4a43-8859-05f6242e999a", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "allow-default-scopes" : [ "true" ] + } + }, { + "id" : "a8e20e46-528d-4181-a933-c82015c4f6a0", + "name" : "Trusted Hosts", + "providerId" : "trusted-hosts", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "host-sending-registration-request-must-match" : [ "true" ], + "client-uris-must-match" : [ "true" ] + } + }, { + "id" : "53424a1d-5e8d-43b7-ba79-a8052cb6e3c9", + "name" : "Consent Required", + "providerId" : "consent-required", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "c0af9f07-5eae-4f7a-98cd-5d919a3ba0c7", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allow-default-scopes" : [ "true" ] + } + }, { + "id" : "046428fc-15ab-46b5-9e7c-a872776ae4f2", + "name" : "Full Scope Disabled", + "providerId" : "scope", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "aaad8d15-f3b3-4d29-9ae1-fdbc88ff9eb6", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "oidc-usermodel-property-mapper", "saml-user-attribute-mapper", "oidc-address-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-full-name-mapper", "oidc-usermodel-attribute-mapper", "saml-user-property-mapper", "saml-role-list-mapper" ] + } + }, { + "id" : "a6e1773c-3aaf-465f-b2e9-5b922dbb3705", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "oidc-usermodel-property-mapper", "saml-role-list-mapper", "oidc-address-mapper", "saml-user-attribute-mapper", "oidc-full-name-mapper", "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-property-mapper" ] + } + } ], + "org.keycloak.keys.KeyProvider" : [ { + "id" : "5eb5e625-23bd-46fd-8cb6-0d661b45f1c3", + "name" : "rsa-enc-generated", + "providerId" : "rsa-enc-generated", + "subComponents" : { }, + "config" : { + "privateKey" : [ "MIIEogIBAAKCAQEAw3MP+OW07oJCdXk8RM2g5yOjkMsTG8dPEeDI9zW6xC4ZvjiAY8Xdx+IhJH9AySiXyATQhq1y+AkzY+/E/iiNu3E7bOfpJTEw43jD3luAI1thH21lfV4wKHMS0fAviQRO5lTQ1p8nHXaq6a51SaKNik+1ZHdXFJxPYOWebRw7OtI0XZVvd6maFDJLKFbnUaNa5InA3XzoaTNNhGdf/Vv6pezXUmNqvq+L13sJi4Z36/eCDT+ScZrPxOeBislTWRLx7oSWqhx2/kujT3VdjCDKj1pzL8kTkm/NGJi2CId1Twg6Fb/U4AeF1mHVgsYbYB7khoNwJqCsVlECIQHxp/XeSQIDAQABAoIBAA78ZpAeBMZ45GGffxiDb7/pQqRafceWe6CSTLZvvzdFlaG5MVb1F/E4jHQA8dW6sBCdFeQNrpAIHJGgE8mtEFj78KOEEKNSZz45x0LoXyXW3taLC8oWC7k+QYYpVWu7EdWlUTHzmAsxSx+JyeJwfUvKmszuPZYN+iQi1wfkr0HuM9a7wj+Aovse/+FExWFpW9rEtdAsOmPamD1lZz//DMh8q8jWBh4Rbm+RQGIRQhxk/t9YPlLsdLg7CucBCOITTCWnwcxbQXrJ7ETLbWbTBZXlh+IFaTlyDJqeIh3sYDeR3ThJwizAir2rsFvSn+TzIftmkFS4hgbBYCTo4xb+xRUCgYEA5iNhwL7cEl5bGSlDcjfZkclHntDlzW8B/H6ll5pnPT42uhnUILDo4M+Q5bz4TlidhtK8cGsEetCiT/T3TxMZPHTV0mm95vPkrH9w8uM7qH3FD6BmJPKB4m8sDZ4fI3RCuT6kBnsps5nVgz372i1bP5ZexQivJLQQopWUnPAV9f8CgYEA2WnBG4cWDTMDnpkZ8gJd3rNnMQh2KoLuN3/XC4MWUvP91M1HW17aW7WNUfJwZrpErDHykS4HtAi2IfFSQG8hSDM68eSDJlOxIzNGLU8OlOdLBSFhcTRrv7te3X9sPEGtQ5imm8eCzs/2PC7vdYpwjleV1OCp6eSc2BEOEDPu+7cCgYAC8yEln0yiz6LLR8Qdiqm3PKU2W+cWIv4bhmQI9WmtV0bMS9h0MtBJUV/CEhH8rxYVzE2uAzEjgdkSvUkOMmh4Zeb3s3NDqoybyWZhNphlKHeGI8AraRBRHqup4QT1J2BTj4H6s0lti+M4s2qu+TXaMss0K1BTYBt2egRVnp4pcQKBgFlGWrxSARUUcJUMayH8JM2Qv3vb7KHSN71kakpY3q7bb8yVKorzbRiheVFACzWzoQVQUTmaPCGKPje73zmEKJd8KeUwH0Z6sU8x+8wZHXS5cQ2/QkL48pG9f9vWOfyYP2x1X1yyVR1VOdhGsZ+DZGqevnC2fC8F5/21KyAuIyELAoGAcnegszdb7jpUNoYqhImedIrycBt9UvOzkhTaxF+Bb+Z8t5a/imjOJy6xNSn02YwJo3oc+fP7mvRgYtv7EGvTI8jnBFr7c5Yaa+dwvIYFebjHpN2mKHUWcgnNHs9HbJZvl0Grn1ALj6/R8oIau58Ovj7lEaVAnCOJbgTGV/OZwmw=" ], + "keyUse" : [ "ENC" ], + "certificate" : [ "MIICnzCCAYcCBgF/3ueIEzANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDDAhBcnRjb2RlZDAeFw0yMjAzMzEwNzM0NDlaFw0zMjAzMzEwNzM2MjlaMBMxETAPBgNVBAMMCEFydGNvZGVkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw3MP+OW07oJCdXk8RM2g5yOjkMsTG8dPEeDI9zW6xC4ZvjiAY8Xdx+IhJH9AySiXyATQhq1y+AkzY+/E/iiNu3E7bOfpJTEw43jD3luAI1thH21lfV4wKHMS0fAviQRO5lTQ1p8nHXaq6a51SaKNik+1ZHdXFJxPYOWebRw7OtI0XZVvd6maFDJLKFbnUaNa5InA3XzoaTNNhGdf/Vv6pezXUmNqvq+L13sJi4Z36/eCDT+ScZrPxOeBislTWRLx7oSWqhx2/kujT3VdjCDKj1pzL8kTkm/NGJi2CId1Twg6Fb/U4AeF1mHVgsYbYB7khoNwJqCsVlECIQHxp/XeSQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQC6FzSPKCK05mBG7Yx16DmUtpI6hp3YDIhoyKpMIW2LCuSqgeWOrjtPnQWlxY2FEN98LFGAhtVlWP5jkm1GjO2L/f/Lxb6m8eCBtwO7vF4IVhAFYsP2HOBVoppnoaTzzhKCZXLhikzS3BtVDBbOvxD1xyKsm3T1Mqe5vA4/se0v3YqMlrMHfbmcVukYEhrK/d6fz4RmrUTkfUSmJYUqghJCV7105T01nkyw61QJAENQXtelFjcq7D1HLXScl2gufMygpVEsljCQOpVVgWLDqxyhdq2N78ZJlnnYBIw2BBHGtz7rbkFMbgCkI8Ptml2fPLP3YwTzfcJcFkHHS+xkagCT" ], + "priority" : [ "100" ], + "algorithm" : [ "RSA-OAEP" ] + } + }, { + "id" : "3e9ba72e-ad2b-4cce-9dc6-e43a763a913f", + "name" : "hmac-generated", + "providerId" : "hmac-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "49f8b289-e317-4214-a33a-177f925b4647" ], + "secret" : [ "wB33HCHjcfYX0ApS4llSf_r44Ri2zRe-l849Rj9xam1OL9KNAXAdzunj1laryp41ndsWQVMpIdY4kzUVkx7zVw" ], + "priority" : [ "100" ], + "algorithm" : [ "HS256" ] + } + }, { + "id" : "ba37da26-a19b-483d-8088-cd7bc41cf627", + "name" : "rsa-generated", + "providerId" : "rsa-generated", + "subComponents" : { }, + "config" : { + "privateKey" : [ "MIIEpAIBAAKCAQEAqf22hfIZBSV6Lww/fwFduoMLhah8m69ycxnCVzMR4yIvgX2uN5SDfBS6RzFh6lkTfqqXFaXovrWxP37YOQlEW6trAVlZMkq5N5l7gQvLeNxTS4XPPcIssdgDrJeCntDWoQyFaT+7fLZXbKA8/05o5tvr64mv0eHpDkW+f79ODhcV+T1ImDObsmHfgoA+LU5BgqRwPbHNnyFGvWs16g7xVoJg5ZhFSFZcR2PvYIeq4bIDM+VR1/60oo8nZ47xGkW7OJivcVrUuYUlbaAMQyhnA0fmWaNdBTWXMX98pOfKQzM/PyQn6jeCarAxfLABpDuVLZ40vmzSTYiHb6B0X4mT9wIDAQABAoIBAQCUEsPuM2+l8vpWhyW8PPVnJQVhXN2GQ7K/Hj4R9RNstXeKJW8fTQeniuqkXxi6qPL5UCGhIs71aJFIDPbN4AuiilQAbdLrovlpvBE/3IVV9x27WIiodD64f8Dbk3KdYq7CxIRlpLVtMew/W+kmPyfTiNgdaOc1PMLkws3ouzyDuh2Ny9w0DG5DRthwc03jHeiO3qCa3923JC0X507kTvwbJwY3oSJF3EnSP5l/dHCUXuImfKfDtC7Tpqju6KawFEGcU3FB/ZmDJUqE2RyJPGpuwnoSsJMBrAHMkdG3B8yYAlM5PzDNR414Uy9gcmI262Vl9hombn5MBomAsipZ+AMZAoGBAONPp9uUjFOIxdQOg3NZVmaPm4kjDPvhVoCoLmOj9XWXvJb22me9zcEcBZ+vWXyADacYP+APe+4wxp7dBb3UTvnqZo+u38G2SAmWmy4UwJvDwyOQkALg9EPNvde625vOBONVExAlPaqijwdQ61zJe8BtXvc64Ur312x899Ix+TTrAoGBAL9yEK8AnDVjQqLpa9HThCRGRef7E33B/7lsVgGwXdUeTGGlM1/m9pUj1lUdDXHtEYMH4UYjvcqxIc0mUPoVzUakOVY5njYuKgLiOiZNU1L/o5LmhGQuWXaLbnUls3bQao5tp5fQfYFpv48ZIKyLOZuIehxbwJERaKqpkJQ9a0olAoGAPSp7DbAcToIYUaaSIqDgifqMrMs8vC53m2kmCnPdIgZxneHRBWdijVsf/Ecv+jtu8Q6qaX1hKMgBOlBZMiqGEePMM0+oMDT/j2zyVuUIqyFzSgelaNDlibU8J2fFnlhConWLCqYqwNa7TAmvO6mP3kjP7BDw/L5SPoQmH26JE38CgYB5NWm0swkzj/2/kVPPTECsisV1w3QqueoDZsDpXtV5ui4X4HUvcdaKxF7OEo/RoovkztdlBfoC27UP4wN/4s/NuuoGWoJ9wSqeGsdAOtLXiLzyo/oMR4Ai2tJ7XvxJ7FiahniGWN0tU1uR6RHTzG4TuAu/6qN39XK0IplEEcLc9QKBgQCAGV5SIf43Nm5TiTPgC9SVpq/IeceeKqGaJBIMLPTH4tJYezxycQq68JgrUfM1mIuqSjnIDh0Oo7M3PX4JJB8/PAWN5spbx/gqdG9RFWEOX31k1jass9eMHyGoNY0CKhr/3k9mwc9R9Eig4fnIiHWljPXmRs487XCWWLRHGLAvaQ==" ], + "keyUse" : [ "SIG" ], + "certificate" : [ "MIICnzCCAYcCBgF/3ueHvzANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDDAhBcnRjb2RlZDAeFw0yMjAzMzEwNzM0NDlaFw0zMjAzMzEwNzM2MjlaMBMxETAPBgNVBAMMCEFydGNvZGVkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqf22hfIZBSV6Lww/fwFduoMLhah8m69ycxnCVzMR4yIvgX2uN5SDfBS6RzFh6lkTfqqXFaXovrWxP37YOQlEW6trAVlZMkq5N5l7gQvLeNxTS4XPPcIssdgDrJeCntDWoQyFaT+7fLZXbKA8/05o5tvr64mv0eHpDkW+f79ODhcV+T1ImDObsmHfgoA+LU5BgqRwPbHNnyFGvWs16g7xVoJg5ZhFSFZcR2PvYIeq4bIDM+VR1/60oo8nZ47xGkW7OJivcVrUuYUlbaAMQyhnA0fmWaNdBTWXMX98pOfKQzM/PyQn6jeCarAxfLABpDuVLZ40vmzSTYiHb6B0X4mT9wIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBD1zLOxm6aCxyCJOWJXvjXCB9SSq0rJYBgGlLhxgHjGSlyxprGjaaB9FQPPBaeMRUKzmGKp6htVGrVICoq1i0pBcDmltp2Dx+Q/rri51qcKXGXLA6apLGHrogNfG5vF2yBgac6aq22dHgBj0VJ0fn8Gk/zbiA/nHPjXtKkk2dW2GznItPVN7MjCV3LWFEQoeU2PZBzKf6ii53s8wp0seFz2Aalso3wyvzLIiI0Zt1eVz0p6Q01Q+5wa2bDR051h8wqTrGLgCMN+/5dGCPcznkSvtyddhbllE/amVupFrFUd46b9YJw5DuagnlfMqE/8TWGoG/ZmQOEZOXGpqKrJG9I" ], + "priority" : [ "100" ] + } + }, { + "id" : "6a6aa9dc-cafc-4b12-a82c-0c1da62f9b38", + "name" : "aes-generated", + "providerId" : "aes-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "2c55f662-afd5-4ff1-bd94-3dad9c1817ad" ], + "secret" : [ "k-mpUWCQ8GKtSdT2K7KIwQ" ], + "priority" : [ "100" ] + } + } ] + }, + "internationalizationEnabled" : false, + "supportedLocales" : [ ], + "authenticationFlows" : [ { + "id" : "86ad1d59-2640-41a6-a13f-567d456c7485", + "alias" : "Account verification options", + "description" : "Method with which to verity the existing account", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-email-verification", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Verify Existing Account by Re-authentication", + "userSetupAllowed" : false + } ] + }, { + "id" : "b2d92c7d-1bc2-4110-a6a0-c160305b11d2", + "alias" : "Authentication Options", + "description" : "Authentication options.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "basic-auth", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "basic-auth-otp", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-spnego", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 30, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "226b5dea-d5fd-4279-8589-752ab8ce515b", + "alias" : "Browser - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-otp-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "9bddc70f-f2be-4a96-81eb-f1d70d17f8ee", + "alias" : "Direct Grant - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "direct-grant-validate-otp", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "5ced70e4-1b0d-4d49-adf3-cc688efaa424", + "alias" : "First broker login - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-otp-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "8da916da-1d27-4b14-8fc7-8f4d3e632a0c", + "alias" : "Handle Existing Account", + "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-confirm-link", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Account verification options", + "userSetupAllowed" : false + } ] + }, { + "id" : "3a761472-1c63-4f61-905d-9711a458589e", + "alias" : "Reset - Conditional OTP", + "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-otp", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "c149151b-b3bd-46f5-b78e-738419607d38", + "alias" : "User creation or linking", + "description" : "Flow for the existing/non-existing user alternatives", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "create unique user config", + "authenticator" : "idp-create-user-if-unique", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Handle Existing Account", + "userSetupAllowed" : false + } ] + }, { + "id" : "a14fbe23-1c2f-4176-b927-47ed9937abe0", + "alias" : "Verify Existing Account by Re-authentication", + "description" : "Reauthentication of existing account", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-username-password-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "First broker login - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "d81b5739-7e43-456c-830c-bb3c48c0703f", + "alias" : "browser", + "description" : "browser based authentication", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-cookie", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-spnego", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "identity-provider-redirector", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 25, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 30, + "autheticatorFlow" : true, + "flowAlias" : "forms", + "userSetupAllowed" : false + } ] + }, { + "id" : "a3b02244-f537-45f7-836f-9a6e209fc212", + "alias" : "clients", + "description" : "Base authentication for clients", + "providerId" : "client-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "client-secret", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-jwt", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-secret-jwt", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 30, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-x509", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 40, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "cb4f0a5b-6bff-4c5b-8cbb-718a92db46a5", + "alias" : "direct grant", + "description" : "OpenID Connect Resource Owner Grant", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "direct-grant-validate-username", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "direct-grant-validate-password", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 30, + "autheticatorFlow" : true, + "flowAlias" : "Direct Grant - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "723b8748-6842-4ffe-bb1e-527120908417", + "alias" : "docker auth", + "description" : "Used by Docker clients to authenticate against the IDP", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "docker-http-basic-authenticator", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "6006d539-100b-4caf-93d8-e22bd1cf3480", + "alias" : "first broker login", + "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "review profile config", + "authenticator" : "idp-review-profile", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "User creation or linking", + "userSetupAllowed" : false + } ] + }, { + "id" : "06f08def-3b6e-481f-8e12-29cc239c2c26", + "alias" : "forms", + "description" : "Username, password, otp and other auth forms.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-username-password-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Browser - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "55b11935-b2a5-4d99-a155-38c29650af97", + "alias" : "http challenge", + "description" : "An authentication flow based on challenge-response HTTP Authentication Schemes", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "no-cookie-redirect", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Authentication Options", + "userSetupAllowed" : false + } ] + }, { + "id" : "7e7a8b8a-9c8d-4c1f-8002-4512646ecb26", + "alias" : "registration", + "description" : "registration flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-page-form", + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : true, + "flowAlias" : "registration form", + "userSetupAllowed" : false + } ] + }, { + "id" : "4d3a5046-c8f2-4e6c-91b1-4a904861aabe", + "alias" : "registration form", + "description" : "registration form", + "providerId" : "form-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-user-creation", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "registration-profile-action", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 40, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "registration-password-action", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 50, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "registration-recaptcha-action", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 60, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "546f1eb2-2fdb-4fe8-b5aa-e7d059fb7612", + "alias" : "reset credentials", + "description" : "Reset credentials for a user if they forgot their password or something", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "reset-credentials-choose-user", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-credential-email", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-password", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 30, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 40, + "autheticatorFlow" : true, + "flowAlias" : "Reset - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "ffaa5b3c-ff7d-4c5a-b23d-9539deaf579e", + "alias" : "saml ecp", + "description" : "SAML ECP Profile Authentication Flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "http-basic-authenticator", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + } ], + "authenticatorConfig" : [ { + "id" : "4805b52b-2a3d-438a-a06b-a832b0394b73", + "alias" : "create unique user config", + "config" : { + "require.password.update.after.registration" : "false" + } + }, { + "id" : "eb170ce4-8b95-4426-83a5-3ef3a0a154e3", + "alias" : "review profile config", + "config" : { + "update.profile.on.first.login" : "missing" + } + } ], + "requiredActions" : [ { + "alias" : "CONFIGURE_TOTP", + "name" : "Configure OTP", + "providerId" : "CONFIGURE_TOTP", + "enabled" : true, + "defaultAction" : false, + "priority" : 10, + "config" : { } + }, { + "alias" : "terms_and_conditions", + "name" : "Terms and Conditions", + "providerId" : "terms_and_conditions", + "enabled" : false, + "defaultAction" : false, + "priority" : 20, + "config" : { } + }, { + "alias" : "UPDATE_PASSWORD", + "name" : "Update Password", + "providerId" : "UPDATE_PASSWORD", + "enabled" : true, + "defaultAction" : false, + "priority" : 30, + "config" : { } + }, { + "alias" : "UPDATE_PROFILE", + "name" : "Update Profile", + "providerId" : "UPDATE_PROFILE", + "enabled" : true, + "defaultAction" : false, + "priority" : 40, + "config" : { } + }, { + "alias" : "VERIFY_EMAIL", + "name" : "Verify Email", + "providerId" : "VERIFY_EMAIL", + "enabled" : true, + "defaultAction" : false, + "priority" : 50, + "config" : { } + }, { + "alias" : "delete_account", + "name" : "Delete Account", + "providerId" : "delete_account", + "enabled" : false, + "defaultAction" : false, + "priority" : 60, + "config" : { } + }, { + "alias" : "update_user_locale", + "name" : "Update User Locale", + "providerId" : "update_user_locale", + "enabled" : true, + "defaultAction" : false, + "priority" : 1000, + "config" : { } + } ], + "browserFlow" : "browser", + "registrationFlow" : "registration", + "directGrantFlow" : "direct grant", + "resetCredentialsFlow" : "reset credentials", + "clientAuthenticationFlow" : "clients", + "dockerAuthenticationFlow" : "docker auth", + "attributes" : { + "cibaBackchannelTokenDeliveryMode" : "poll", + "cibaExpiresIn" : "120", + "cibaAuthRequestedUserHint" : "login_hint", + "oauth2DeviceCodeLifespan" : "600", + "clientOfflineSessionMaxLifespan" : "0", + "oauth2DevicePollingInterval" : "5", + "clientSessionIdleTimeout" : "0", + "parRequestUriLifespan" : "60", + "clientSessionMaxLifespan" : "0", + "clientOfflineSessionIdleTimeout" : "0", + "cibaInterval" : "5" + }, + "keycloakVersion" : "17.0.1", + "userManagedAccessAllowed" : false, + "clientProfiles" : { + "profiles" : [ ] + }, + "clientPolicies" : { + "policies" : [ ] + } +} \ No newline at end of file diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml index 30dca54..53cef68 100644 --- a/docker-compose.dev.yml +++ b/docker-compose.dev.yml @@ -12,8 +12,8 @@ services: aliases: - auth.somehost.org volumes: - # - ./keycloak/realms/export:/tmp/export - - ./config/keycloak-dev:/tmp/realms + # - ./config/keycloak-dev/export:/tmp/export + # - ./config/keycloak-dev:/tmp/realms api-backend: image: nbittich/api-backend:latest ports: From fb4da3309edc24a903d9c9292c639c3dacf0a781 Mon Sep 17 00:00:00 2001 From: Nordine Bittich Date: Sat, 16 Apr 2022 16:05:17 +0200 Subject: [PATCH 5/8] export/import --- README.md | 19 +++++++++++-------- .../{export => import}/artcoded-realm.json | 0 .../{ => old_realms_v16}/artcoded-realm.bck | 0 .../{ => old_realms_v16}/artcoded-realm.json | 0 docker-compose.dev.yml | 3 ++- docker-compose.monorepo.yml | 4 ++-- 6 files changed, 15 insertions(+), 11 deletions(-) rename config/keycloak-dev/{export => import}/artcoded-realm.json (100%) rename config/keycloak-dev/{ => old_realms_v16}/artcoded-realm.bck (100%) rename config/keycloak-dev/{ => old_realms_v16}/artcoded-realm.json (100%) diff --git a/README.md b/README.md index 713f172..7542612 100644 --- a/README.md +++ b/README.md @@ -12,16 +12,19 @@ https://openartcoded.github.io/doc/installation/compiled.html * run the command: ``` - docker exec -it app-docker_keycloak_1 /opt/jboss/keycloak/bin/standalone.sh \ - -Djboss.socket.binding.port-offset=100 \ - -Dkeycloak.migration.action=export \ - -Dkeycloak.migration.provider=singleFile \ - -Dkeycloak.migration.realmName=Artcoded \ - -Dkeycloak.migration.usersExportStrategy=REALM_FILE \ - -Dkeycloak.migration.file=/tmp/export/artcoded-realm.json - docker exec -it app-docker_keycloak_1 /opt/keycloak/bin/kc.sh export \ --file /tmp/export/artcoded-realm.json \ --realm Artcoded --users different_file ``` + +### Importing realm + +* move the exported realm to `config/keycloak-dev/import` + +* run the command: + + ``` + docker exec -it app-docker_keycloak_1 /opt/keycloak/bin/kc.sh import \ + --file /tmp/import/artcoded-realm.json + ``` \ No newline at end of file diff --git a/config/keycloak-dev/export/artcoded-realm.json b/config/keycloak-dev/import/artcoded-realm.json similarity index 100% rename from config/keycloak-dev/export/artcoded-realm.json rename to config/keycloak-dev/import/artcoded-realm.json diff --git a/config/keycloak-dev/artcoded-realm.bck b/config/keycloak-dev/old_realms_v16/artcoded-realm.bck similarity index 100% rename from config/keycloak-dev/artcoded-realm.bck rename to config/keycloak-dev/old_realms_v16/artcoded-realm.bck diff --git a/config/keycloak-dev/artcoded-realm.json b/config/keycloak-dev/old_realms_v16/artcoded-realm.json similarity index 100% rename from config/keycloak-dev/artcoded-realm.json rename to config/keycloak-dev/old_realms_v16/artcoded-realm.json diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml index 53cef68..ffa9a6c 100644 --- a/docker-compose.dev.yml +++ b/docker-compose.dev.yml @@ -12,7 +12,8 @@ services: aliases: - auth.somehost.org volumes: - # - ./config/keycloak-dev/export:/tmp/export + - ./config/keycloak-dev/export:/tmp/export + - ./config/keycloak-dev/import:/tmp/import # - ./config/keycloak-dev:/tmp/realms api-backend: image: nbittich/api-backend:latest diff --git a/docker-compose.monorepo.yml b/docker-compose.monorepo.yml index f964b75..c0958d3 100644 --- a/docker-compose.monorepo.yml +++ b/docker-compose.monorepo.yml @@ -10,8 +10,8 @@ services: aliases: - auth.somehost.org volumes: - # - ./keycloak/realms/export:/tmp/export - - ./config/keycloak-dev:/tmp/realms + - ./config/keycloak-dev/export:/tmp/export + - ./config/keycloak-dev/import:/tmp/import api-backend: build: ../backend/. ports: From 7718df25e249a2e243ff7cca25a7ca9c9ea251ba Mon Sep 17 00:00:00 2001 From: Nordine Bittich Date: Sat, 16 Apr 2022 16:13:39 +0200 Subject: [PATCH 6/8] realm --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 7542612..c77b04f 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,7 @@ https://openartcoded.github.io/doc/installation/compiled.html docker exec -it app-docker_keycloak_1 /opt/keycloak/bin/kc.sh export \ --file /tmp/export/artcoded-realm.json \ --realm Artcoded - --users different_file + --users single_file ``` ### Importing realm From e39840078de20a62437141ef4a377a7ea68bafe7 Mon Sep 17 00:00:00 2001 From: Nordine Bittich Date: Sat, 16 Apr 2022 16:16:39 +0200 Subject: [PATCH 7/8] cleanup --- docker-compose.dev.yml | 1 - docker-compose.monorepo.yml | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml index ffa9a6c..85448de 100644 --- a/docker-compose.dev.yml +++ b/docker-compose.dev.yml @@ -2,7 +2,6 @@ version: "3.5" services: keycloak: environment: - KEYCLOAK_IMPORT: /tmp/realms/artcoded-realm.json KC_HOSTNAME: auth.somehost.org user: root ports: diff --git a/docker-compose.monorepo.yml b/docker-compose.monorepo.yml index c0958d3..faea9d8 100644 --- a/docker-compose.monorepo.yml +++ b/docker-compose.monorepo.yml @@ -2,7 +2,7 @@ version: "3.5" services: keycloak: environment: - KEYCLOAK_IMPORT: /tmp/realms/artcoded-realm.json + KC_HOSTNAME: auth.somehost.org ports: - 8080:8080 networks: From bb72e803ca4fd504a851c5a5fad75d11a83df546 Mon Sep 17 00:00:00 2001 From: Nordine Bittich Date: Sat, 16 Apr 2022 19:06:15 +0200 Subject: [PATCH 8/8] keycloak bump --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 818840a..660c44c 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -35,7 +35,7 @@ services: - ./data/keycloak-postgres:/var/lib/postgresql/data keycloak: restart: always - image: nbittich/keycloak:17.0.1 + image: nbittich/keycloak:17.0.2 networks: artcoded: environment: