From e2f2a71b8322309e6d5b6d1bfecad2d03dbf8c6d Mon Sep 17 00:00:00 2001 From: Kristaps Fabians Geikins Date: Fri, 23 Aug 2024 14:08:17 +0300 Subject: [PATCH] local OIDC provider for testing (#2608) * local OIDC provider for testing * minor adjustments * addressed comments --- docker-compose-deps.yml | 35 + packages/server/.env-example | 7 + .../db/11-docker_postgres_keycloack_init.sql | 14 + setup/keycloak/speckle-realm.json | 2166 +++++++++++++++++ setup/keycloak/speckle-users-0.json | 30 + 5 files changed, 2252 insertions(+) create mode 100644 setup/db/11-docker_postgres_keycloack_init.sql create mode 100644 setup/keycloak/speckle-realm.json create mode 100644 setup/keycloak/speckle-users-0.json diff --git a/docker-compose-deps.yml b/docker-compose-deps.yml index b074f14b4..cf556f7be 100644 --- a/docker-compose-deps.yml +++ b/docker-compose-deps.yml @@ -14,6 +14,7 @@ services: volumes: - postgres-data:/var/lib/postgresql/data/ - ./setup/db/10-docker_postgres_init.sql:/docker-entrypoint-initdb.d/10-docker_postgres_init.sql + - ./setup/db/11-docker_postgres_keycloack_init.sql:/docker-entrypoint-initdb.d/11-docker_postgres_keycloack_init.sql ports: - '127.0.0.1:5432:5432' @@ -35,6 +36,40 @@ services: - '127.0.0.1:9000:9000' - '127.0.0.1:9001:9001' + # Local OIDC provider for testing + keycloak: + image: quay.io/keycloak/keycloak:25.0 + depends_on: + - postgres + environment: + KC_DB: postgres + KC_DB_URL: jdbc:postgresql://postgres:5432/keycloak + KC_DB_USERNAME: keycloak + KC_DB_PASSWORD: keycloak + + KC_HOSTNAME: 127.0.0.1 + KC_HOSTNAME_PORT: 9000 + KC_HOSTNAME_STRICT: false + KC_HOSTNAME_STRICT_HTTPS: false + + KC_LOG_LEVEL: info + KC_METRICS_ENABLED: true + KC_HEALTH_ENABLED: true + KEYCLOAK_ADMIN: admin + KEYCLOAK_ADMIN_PASSWORD: admin + ports: + - 8443:8443 + - 9010:9000 + - 8090:8080 + command: start-dev --import-realm + volumes: + - ./setup/keycloak:/opt/keycloak/data/import + # user: root + # command: export --dir /opt/keycloak/backup --realm speckle + # volumes: + # - ./keycloak-backup:/opt/keycloak/backup + + # Local email server for email troubleshooting maildev: restart: always image: maildev/maildev diff --git a/packages/server/.env-example b/packages/server/.env-example index d0c801fdd..4b601046d 100644 --- a/packages/server/.env-example +++ b/packages/server/.env-example @@ -116,6 +116,13 @@ STRATEGY_LOCAL=true # OIDC_CLIENT_ID="-> FILL IN <-" # OIDC_CLIENT_SECRET="-> FILL IN <-" +# Local OIDC provider for dev purposes: admin:admin for admin panel @ http://127.0.0.1:8090/admin, speckle:speckle for initial user @ http://127.0.0.1:8090/realms/speckle/account +STRATEGY_OIDC=true +OIDC_NAME="Local Keycloak" +OIDC_DISCOVERY_URL="http://127.0.0.1:8090/realms/speckle/.well-known/openid-configuration" +OIDC_CLIENT_ID="account" +OIDC_CLIENT_SECRET="gLb9IEutYQ0npyvA8iHxPsObY3duGB0w" + ############################################################ # Tracing & co. # Note: all data is anonymous, and it helps us deliver diff --git a/setup/db/11-docker_postgres_keycloack_init.sql b/setup/db/11-docker_postgres_keycloack_init.sql new file mode 100644 index 000000000..ad4c644dc --- /dev/null +++ b/setup/db/11-docker_postgres_keycloack_init.sql @@ -0,0 +1,14 @@ +CREATE USER keycloak WITH + LOGIN + NOSUPERUSER + INHERIT + PASSWORD 'keycloak'; + +CREATE DATABASE keycloak + WITH + OWNER = keycloak + ENCODING = 'UTF8' + LC_COLLATE = 'en_US.utf8' + LC_CTYPE = 'en_US.utf8' + TABLESPACE = pg_default + CONNECTION LIMIT = -1; \ No newline at end of file diff --git a/setup/keycloak/speckle-realm.json b/setup/keycloak/speckle-realm.json new file mode 100644 index 000000000..21fdcaff9 --- /dev/null +++ b/setup/keycloak/speckle-realm.json @@ -0,0 +1,2166 @@ +{ + "id": "6034e1e8-0743-406c-bc55-d14c830835d6", + "realm": "speckle", + "notBefore": 0, + "defaultSignatureAlgorithm": "RS256", + "revokeRefreshToken": false, + "refreshTokenMaxReuse": 0, + "accessTokenLifespan": 300, + "accessTokenLifespanForImplicitFlow": 900, + "ssoSessionIdleTimeout": 1800, + "ssoSessionMaxLifespan": 36000, + "ssoSessionIdleTimeoutRememberMe": 0, + "ssoSessionMaxLifespanRememberMe": 0, + "offlineSessionIdleTimeout": 2592000, + "offlineSessionMaxLifespanEnabled": false, + "offlineSessionMaxLifespan": 5184000, + "clientSessionIdleTimeout": 0, + "clientSessionMaxLifespan": 0, + "clientOfflineSessionIdleTimeout": 0, + "clientOfflineSessionMaxLifespan": 0, + "accessCodeLifespan": 60, + "accessCodeLifespanUserAction": 300, + "accessCodeLifespanLogin": 1800, + "actionTokenGeneratedByAdminLifespan": 43200, + "actionTokenGeneratedByUserLifespan": 300, + "oauth2DeviceCodeLifespan": 600, + "oauth2DevicePollingInterval": 5, + "enabled": true, + "sslRequired": "external", + "registrationAllowed": true, + "registrationEmailAsUsername": false, + "rememberMe": true, + "verifyEmail": false, + "loginWithEmailAllowed": true, + "duplicateEmailsAllowed": false, + "resetPasswordAllowed": true, + "editUsernameAllowed": false, + "bruteForceProtected": false, + "permanentLockout": false, + "maxTemporaryLockouts": 0, + "maxFailureWaitSeconds": 900, + "minimumQuickLoginWaitSeconds": 60, + "waitIncrementSeconds": 60, + "quickLoginCheckMilliSeconds": 1000, + "maxDeltaTimeSeconds": 43200, + "failureFactor": 30, + "roles": { + "realm": [ + { + "id": "b29a31e1-a1b3-478e-af8b-9d26ab12dc65", + "name": "offline_access", + "description": "${role_offline-access}", + "composite": false, + "clientRole": false, + "containerId": "6034e1e8-0743-406c-bc55-d14c830835d6", + "attributes": {} + }, + { + "id": "0a184e5d-449a-4513-b616-6b67887c49b2", + "name": "default-roles-speckle", + "description": "${role_default-roles}", + "composite": true, + "composites": { + "realm": ["offline_access", "uma_authorization"], + "client": { + "account": ["view-profile", "manage-account"] + } + }, + "clientRole": false, + "containerId": "6034e1e8-0743-406c-bc55-d14c830835d6", + "attributes": {} + }, + { + "id": "581282ce-a065-45a7-aada-684be6183e7f", + "name": "uma_authorization", + "description": "${role_uma_authorization}", + "composite": false, + "clientRole": false, + "containerId": "6034e1e8-0743-406c-bc55-d14c830835d6", + "attributes": {} + } + ], + "client": { + "realm-management": [ + { + "id": "99e3369c-1413-4db4-9f60-0a45c8ce2975", + "name": "view-events", + "description": "${role_view-events}", + "composite": false, + "clientRole": true, + "containerId": "93f01f1a-14eb-48c4-b303-61f20284dc50", + "attributes": {} + }, + { + "id": "d70b09c1-04d0-4e4d-ab1f-5af0d085d9d0", + "name": "manage-users", + "description": "${role_manage-users}", + "composite": false, + "clientRole": true, + "containerId": "93f01f1a-14eb-48c4-b303-61f20284dc50", + "attributes": {} + }, + { + "id": "1f8d1c0b-b67d-4b84-8c02-7875846fab0f", + "name": "manage-events", + "description": "${role_manage-events}", + "composite": false, + "clientRole": true, + "containerId": "93f01f1a-14eb-48c4-b303-61f20284dc50", + "attributes": {} + }, + { + "id": "ac5bdcce-f5ae-4285-affe-7906b7e01e3b", + "name": "query-groups", + "description": "${role_query-groups}", + "composite": false, + "clientRole": true, + "containerId": "93f01f1a-14eb-48c4-b303-61f20284dc50", + "attributes": {} + }, + { + "id": "7b597598-abd9-4bb9-a5b0-bf7f9228c7ac", + "name": "manage-realm", + "description": "${role_manage-realm}", + "composite": false, + "clientRole": true, + "containerId": "93f01f1a-14eb-48c4-b303-61f20284dc50", + "attributes": {} + }, + { + "id": "afa15b75-dfbc-4d8f-ae49-10c923f346a1", + "name": "view-clients", + "description": "${role_view-clients}", + "composite": true, + "composites": { + "client": { + "realm-management": ["query-clients"] + } + }, + "clientRole": true, + "containerId": "93f01f1a-14eb-48c4-b303-61f20284dc50", + "attributes": {} + }, + { + "id": "5dd24615-a482-4ad5-b01b-e704f56dcf92", + "name": "query-clients", + "description": "${role_query-clients}", + "composite": false, + "clientRole": true, + "containerId": "93f01f1a-14eb-48c4-b303-61f20284dc50", + "attributes": {} + }, + { + "id": "93885446-deef-436e-9155-bf032a18eb11", + "name": "manage-identity-providers", + "description": "${role_manage-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "93f01f1a-14eb-48c4-b303-61f20284dc50", + "attributes": {} + }, + { + "id": "323e8d2a-2c7b-4dc5-94c8-82a588ca342f", + "name": "view-realm", + "description": "${role_view-realm}", + "composite": false, + "clientRole": true, + "containerId": "93f01f1a-14eb-48c4-b303-61f20284dc50", + "attributes": {} + }, + { + "id": "3a6a3495-fd9f-489e-ba1b-8c801e7b354d", + "name": "create-client", + "description": "${role_create-client}", + "composite": false, + "clientRole": true, + "containerId": "93f01f1a-14eb-48c4-b303-61f20284dc50", + "attributes": {} + }, + { + "id": "01dca7bd-d593-45ef-8d2c-5c211c879781", + "name": "manage-authorization", + "description": "${role_manage-authorization}", + "composite": false, + "clientRole": true, + "containerId": "93f01f1a-14eb-48c4-b303-61f20284dc50", + "attributes": {} + }, + { + "id": "cfd2392c-6fb9-4551-970c-fa0948cf26dc", + "name": "query-users", + "description": "${role_query-users}", + "composite": false, + "clientRole": true, + "containerId": "93f01f1a-14eb-48c4-b303-61f20284dc50", + "attributes": {} + }, + { + "id": "a5ee9049-af12-4722-9383-e5ae4de46267", + "name": "view-users", + "description": "${role_view-users}", + "composite": true, + "composites": { + "client": { + "realm-management": ["query-users", "query-groups"] + } + }, + "clientRole": true, + "containerId": "93f01f1a-14eb-48c4-b303-61f20284dc50", + "attributes": {} + }, + { + "id": "c6352eda-d7b1-4709-a548-823736a14cd2", + "name": "manage-clients", + "description": "${role_manage-clients}", + "composite": false, + "clientRole": true, + "containerId": "93f01f1a-14eb-48c4-b303-61f20284dc50", + "attributes": {} + }, + { + "id": "b1834365-a7be-4af7-b5ab-476b27c7fa67", + "name": "view-authorization", + "description": "${role_view-authorization}", + "composite": false, + "clientRole": true, + "containerId": "93f01f1a-14eb-48c4-b303-61f20284dc50", + "attributes": {} + }, + { + "id": "1d3e6252-d2c8-4d6a-a705-9bd8b8ea8105", + "name": "realm-admin", + "description": "${role_realm-admin}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "view-events", + "manage-users", + "manage-events", + "query-groups", + "view-clients", + "manage-realm", + "query-clients", + "manage-identity-providers", + "view-realm", + "create-client", + "manage-authorization", + "query-users", + "view-users", + "manage-clients", + "view-authorization", + "view-identity-providers", + "query-realms", + "impersonation" + ] + } + }, + "clientRole": true, + "containerId": "93f01f1a-14eb-48c4-b303-61f20284dc50", + "attributes": {} + }, + { + "id": "ea80b141-c2e4-4e82-a5cd-ece3af6db0e2", + "name": "impersonation", + "description": "${role_impersonation}", + "composite": false, + "clientRole": true, + "containerId": "93f01f1a-14eb-48c4-b303-61f20284dc50", + "attributes": {} + }, + { + "id": "c614b68d-1c7a-4921-b0d4-5434139b8451", + "name": "query-realms", + "description": "${role_query-realms}", + "composite": false, + "clientRole": true, + "containerId": "93f01f1a-14eb-48c4-b303-61f20284dc50", + "attributes": {} + }, + { + "id": "86309bc1-d1ba-414d-a782-735ad8e9f669", + "name": "view-identity-providers", + "description": "${role_view-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "93f01f1a-14eb-48c4-b303-61f20284dc50", + "attributes": {} + } + ], + "security-admin-console": [], + "admin-cli": [], + "account-console": [], + "broker": [ + { + "id": "ae9969ea-3438-483c-bf62-145a503cd68c", + "name": "read-token", + "description": "${role_read-token}", + "composite": false, + "clientRole": true, + "containerId": "3a395141-f99a-443e-801e-c42d1a8cb4cc", + "attributes": {} + } + ], + "account": [ + { + "id": "21fc370f-51a0-4245-bbca-0161892035f9", + "name": "manage-account-links", + "description": "${role_manage-account-links}", + "composite": false, + "clientRole": true, + "containerId": "e48f6e6b-b7c4-4a7d-bd56-ed4ccc3bbe61", + "attributes": {} + }, + { + "id": "1a689fdc-feab-4a56-81b0-d4569c4da77a", + "name": "view-profile", + "description": "${role_view-profile}", + "composite": false, + "clientRole": true, + "containerId": "e48f6e6b-b7c4-4a7d-bd56-ed4ccc3bbe61", + "attributes": {} + }, + { + "id": "fe0596ce-fb80-48a5-bcc1-08599abe4439", + "name": "manage-account", + "description": "${role_manage-account}", + "composite": true, + "composites": { + "client": { + "account": ["manage-account-links"] + } + }, + "clientRole": true, + "containerId": "e48f6e6b-b7c4-4a7d-bd56-ed4ccc3bbe61", + "attributes": {} + }, + { + "id": "3d3d46f5-5123-4eaf-bc3f-6dd625d79120", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "e48f6e6b-b7c4-4a7d-bd56-ed4ccc3bbe61", + "attributes": {} + }, + { + "id": "d23eb406-7de1-4ff2-a843-9cf57d85ebda", + "name": "view-applications", + "description": "${role_view-applications}", + "composite": false, + "clientRole": true, + "containerId": "e48f6e6b-b7c4-4a7d-bd56-ed4ccc3bbe61", + "attributes": {} + }, + { + "id": "b6e0b2d7-24ae-4509-8189-857b680900f8", + "name": "delete-account", + "description": "${role_delete-account}", + "composite": false, + "clientRole": true, + "containerId": "e48f6e6b-b7c4-4a7d-bd56-ed4ccc3bbe61", + "attributes": {} + }, + { + "id": "88c6f498-7459-46fa-90b5-e13f7bd3c87a", + "name": "view-consent", + "description": "${role_view-consent}", + "composite": false, + "clientRole": true, + "containerId": "e48f6e6b-b7c4-4a7d-bd56-ed4ccc3bbe61", + "attributes": {} + }, + { + "id": "d8fdb873-d424-43a4-abe6-47678242d2a2", + "name": "manage-consent", + "description": "${role_manage-consent}", + "composite": true, + "composites": { + "client": { + "account": ["view-consent"] + } + }, + "clientRole": true, + "containerId": "e48f6e6b-b7c4-4a7d-bd56-ed4ccc3bbe61", + "attributes": {} + } + ] + } + }, + "groups": [], + "defaultRole": { + "id": "0a184e5d-449a-4513-b616-6b67887c49b2", + "name": "default-roles-speckle", + "description": "${role_default-roles}", + "composite": true, + "clientRole": false, + "containerId": "6034e1e8-0743-406c-bc55-d14c830835d6" + }, + "requiredCredentials": ["password"], + "otpPolicyType": "totp", + "otpPolicyAlgorithm": "HmacSHA1", + "otpPolicyInitialCounter": 0, + "otpPolicyDigits": 6, + "otpPolicyLookAheadWindow": 1, + "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, + "otpSupportedApplications": [ + "totpAppFreeOTPName", + "totpAppGoogleName", + "totpAppMicrosoftAuthenticatorName" + ], + "localizationTexts": {}, + "webAuthnPolicyRpEntityName": "keycloak", + "webAuthnPolicySignatureAlgorithms": ["ES256"], + "webAuthnPolicyRpId": "", + "webAuthnPolicyAttestationConveyancePreference": "not specified", + "webAuthnPolicyAuthenticatorAttachment": "not specified", + "webAuthnPolicyRequireResidentKey": "not specified", + "webAuthnPolicyUserVerificationRequirement": "not specified", + "webAuthnPolicyCreateTimeout": 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyAcceptableAaguids": [], + "webAuthnPolicyExtraOrigins": [], + "webAuthnPolicyPasswordlessRpEntityName": "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms": ["ES256"], + "webAuthnPolicyPasswordlessRpId": "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", + "webAuthnPolicyPasswordlessCreateTimeout": 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyPasswordlessAcceptableAaguids": [], + "webAuthnPolicyPasswordlessExtraOrigins": [], + "scopeMappings": [ + { + "clientScope": "offline_access", + "roles": ["offline_access"] + } + ], + "clientScopeMappings": { + "account": [ + { + "client": "account-console", + "roles": ["manage-account", "view-groups"] + } + ] + }, + "clients": [ + { + "id": "e48f6e6b-b7c4-4a7d-bd56-ed4ccc3bbe61", + "clientId": "account", + "name": "${client_account}", + "description": "", + "rootUrl": "${authBaseUrl}", + "adminUrl": "", + "baseUrl": "/realms/speckle/account/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "gLb9IEutYQ0npyvA8iHxPsObY3duGB0w", + "redirectUris": [ + "http://localhost:8080/*", + "http://localhost:3000/*", + "http://127.0.0.1:8080/*", + "http://127.0.0.1:3000/*", + "http://speckle.internal/*", + "http://speckle.internal:3000/*", + "/realms/speckle/account/*" + ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "oidc.ciba.grant.enabled": "false", + "client.secret.creation.time": "1723104861", + "backchannel.logout.session.required": "true", + "post.logout.redirect.uris": "+", + "display.on.consent.screen": "false", + "oauth2.device.authorization.grant.enabled": "false", + "backchannel.logout.revoke.offline.tokens": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "acr", + "roles", + "profile", + "basic", + "email" + ], + "optionalClientScopes": ["address", "phone", "offline_access", "microprofile-jwt"] + }, + { + "id": "21a48de6-ef1d-4750-8368-343e335f9542", + "clientId": "account-console", + "name": "${client_account-console}", + "rootUrl": "${authBaseUrl}", + "baseUrl": "/realms/speckle/account/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": ["/realms/speckle/account/*"], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+", + "pkce.code.challenge.method": "S256" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "30552494-17eb-45b3-b7d0-d49777848511", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": {} + } + ], + "defaultClientScopes": [ + "web-origins", + "acr", + "roles", + "profile", + "basic", + "email" + ], + "optionalClientScopes": ["address", "phone", "offline_access", "microprofile-jwt"] + }, + { + "id": "f4c36733-7dce-43ee-b0a1-44390b87f0bd", + "clientId": "admin-cli", + "name": "${client_admin-cli}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "acr", + "roles", + "profile", + "basic", + "email" + ], + "optionalClientScopes": ["address", "phone", "offline_access", "microprofile-jwt"] + }, + { + "id": "3a395141-f99a-443e-801e-c42d1a8cb4cc", + "clientId": "broker", + "name": "${client_broker}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "acr", + "roles", + "profile", + "basic", + "email" + ], + "optionalClientScopes": ["address", "phone", "offline_access", "microprofile-jwt"] + }, + { + "id": "93f01f1a-14eb-48c4-b303-61f20284dc50", + "clientId": "realm-management", + "name": "${client_realm-management}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "acr", + "roles", + "profile", + "basic", + "email" + ], + "optionalClientScopes": ["address", "phone", "offline_access", "microprofile-jwt"] + }, + { + "id": "800e724b-c44b-475b-9d6a-f8499228f952", + "clientId": "security-admin-console", + "name": "${client_security-admin-console}", + "rootUrl": "${authAdminUrl}", + "baseUrl": "/admin/speckle/console/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": ["/admin/speckle/console/*"], + "webOrigins": ["+"], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+", + "pkce.code.challenge.method": "S256" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "5dc0e1c7-0b10-4158-a6d1-1c225ff54269", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "acr", + "roles", + "profile", + "basic", + "email" + ], + "optionalClientScopes": ["address", "phone", "offline_access", "microprofile-jwt"] + } + ], + "clientScopes": [ + { + "id": "dff1aa94-9051-49f8-8070-663c37bf810c", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "7f7f55dc-bf33-4ee8-b6e2-9fd0272d158b", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "introspection.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, + { + "id": "0a472739-b440-4bea-b4e9-bd931bdff25d", + "name": "basic", + "description": "OpenID Connect scope for add all basic claims to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "93179872-b4e0-45e9-91b5-ec42c5b8d7d4", + "name": "auth_time", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "AUTH_TIME", + "id.token.claim": "true", + "introspection.token.claim": "true", + "access.token.claim": "true", + "claim.name": "auth_time", + "jsonType.label": "long" + } + }, + { + "id": "8d80d05b-7a19-4731-a562-f88fc2a3ce5a", + "name": "sub", + "protocol": "openid-connect", + "protocolMapper": "oidc-sub-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, + { + "id": "f8c2f73b-3258-4cc1-a656-ef4ee7e326d3", + "name": "roles", + "description": "OpenID Connect scope for add user roles to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "consent.screen.text": "${rolesScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "65cf30f8-79d9-48f1-bdaa-25c94c08b0a7", + "name": "client roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-client-role-mapper", + "consentRequired": false, + "config": { + "user.attribute": "foo", + "introspection.token.claim": "true", + "access.token.claim": "true", + "claim.name": "resource_access.${client_id}.roles", + "jsonType.label": "String", + "multivalued": "true" + } + }, + { + "id": "bdf46036-3e02-444c-83b9-6c4515edcf18", + "name": "realm roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "user.attribute": "foo", + "introspection.token.claim": "true", + "access.token.claim": "true", + "claim.name": "realm_access.roles", + "jsonType.label": "String", + "multivalued": "true" + } + }, + { + "id": "e4259cb1-1cfa-420a-b328-bdc1d249b908", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, + { + "id": "89a9af13-5610-4919-b221-7b65d594554a", + "name": "microprofile-jwt", + "description": "Microprofile - JWT built-in scope", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "4e422d39-9f63-403d-ba6d-f8bda9c9c1c8", + "name": "upn", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "upn", + "jsonType.label": "String" + } + }, + { + "id": "254d50d0-4109-40c3-9f57-00e30d8448c3", + "name": "groups", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "multivalued": "true", + "user.attribute": "foo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "groups", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "a1bd108d-2dc5-4c91-823e-e6e9aeab471b", + "name": "profile", + "description": "OpenID Connect built-in scope: profile", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "consent.screen.text": "${profileScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "af3d8c27-38ba-44c0-b6f1-146d34bc8bcf", + "name": "gender", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "gender", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "gender", + "jsonType.label": "String" + } + }, + { + "id": "9c88153a-6498-4740-bcd8-f171ba339db9", + "name": "updated at", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "updatedAt", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "updated_at", + "jsonType.label": "long" + } + }, + { + "id": "649338c1-e16c-49ab-ad78-86fc26f1fdcb", + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String" + } + }, + { + "id": "a4480056-a269-4bf6-ba18-558ad0430ca0", + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "introspection.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + }, + { + "id": "ec38535b-901d-421d-b536-416073a26d59", + "name": "nickname", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "nickname", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "nickname", + "jsonType.label": "String" + } + }, + { + "id": "d915323f-122e-44ae-9c1f-e55e24690bd7", + "name": "website", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "website", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "website", + "jsonType.label": "String" + } + }, + { + "id": "af8a0a74-b4e4-40d8-b457-46d797b70c64", + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" + } + }, + { + "id": "edc2a72e-3729-489b-af44-4461351cc57f", + "name": "profile", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "profile", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "profile", + "jsonType.label": "String" + } + }, + { + "id": "9de9ca4d-681d-4110-8cd0-efb61224b8be", + "name": "birthdate", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "birthdate", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "birthdate", + "jsonType.label": "String" + } + }, + { + "id": "cae906d7-8c61-42cd-b21b-844a7594e013", + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" + } + }, + { + "id": "25d9a9dd-0091-4da5-938f-726a5342f469", + "name": "picture", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "picture", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "picture", + "jsonType.label": "String" + } + }, + { + "id": "6c12a820-a13d-4bed-8984-5ea90d036977", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + }, + { + "id": "1efe7a7c-7060-4403-bde6-e84c32d515f2", + "name": "zoneinfo", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "zoneinfo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "zoneinfo", + "jsonType.label": "String" + } + }, + { + "id": "d273e320-50c8-449d-b064-64b7de25dede", + "name": "middle name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "middleName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "middle_name", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "af9cfbd6-8da9-40b1-895d-e7b55dca5c54", + "name": "offline_access", + "description": "OpenID Connect built-in scope: offline_access", + "protocol": "openid-connect", + "attributes": { + "consent.screen.text": "${offlineAccessScopeConsentText}", + "display.on.consent.screen": "true" + } + }, + { + "id": "c20b8d69-1288-429a-bbab-700c87c83c49", + "name": "address", + "description": "OpenID Connect built-in scope: address", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "consent.screen.text": "${addressScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "c25b6316-3df0-45c5-81ff-095df760f377", + "name": "address", + "protocol": "openid-connect", + "protocolMapper": "oidc-address-mapper", + "consentRequired": false, + "config": { + "user.attribute.formatted": "formatted", + "user.attribute.country": "country", + "introspection.token.claim": "true", + "user.attribute.postal_code": "postal_code", + "userinfo.token.claim": "true", + "user.attribute.street": "street", + "id.token.claim": "true", + "user.attribute.region": "region", + "access.token.claim": "true", + "user.attribute.locality": "locality" + } + } + ] + }, + { + "id": "20578d0f-d7ec-4d21-989d-701b923bc06c", + "name": "web-origins", + "description": "OpenID Connect scope for add allowed web origins to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "consent.screen.text": "", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "31100389-c118-452e-bb6f-4f6fa62985a3", + "name": "allowed web origins", + "protocol": "openid-connect", + "protocolMapper": "oidc-allowed-origins-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, + { + "id": "0bacede0-3962-4f42-8255-b72389e6785c", + "name": "email", + "description": "OpenID Connect built-in scope: email", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "consent.screen.text": "${emailScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "0b642538-f270-4b11-a97e-5507a4bf68f7", + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + }, + { + "id": "524c233c-981d-4181-837b-3d7b765b4fc7", + "name": "email verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "emailVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email_verified", + "jsonType.label": "boolean" + } + } + ] + }, + { + "id": "c8d1be69-6b3e-4923-86f2-02c5778bc008", + "name": "phone", + "description": "OpenID Connect built-in scope: phone", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "consent.screen.text": "${phoneScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "676401ce-60cc-46a9-93b9-dca0b0f1faf6", + "name": "phone number verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "phoneNumberVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number_verified", + "jsonType.label": "boolean" + } + }, + { + "id": "dd4d15e6-d124-43a8-841f-ea642ef5bc93", + "name": "phone number", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "phoneNumber", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "6cbdd9ec-8bd3-4121-8eba-4327233dbf53", + "name": "role_list", + "description": "SAML role list", + "protocol": "saml", + "attributes": { + "consent.screen.text": "${samlRoleListScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "96fb77a8-968a-415f-a03c-971b5a175c5f", + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", + "consentRequired": false, + "config": { + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" + } + } + ] + } + ], + "defaultDefaultClientScopes": [ + "role_list", + "profile", + "email", + "roles", + "web-origins", + "acr", + "basic" + ], + "defaultOptionalClientScopes": [ + "offline_access", + "address", + "phone", + "microprofile-jwt" + ], + "browserSecurityHeaders": { + "contentSecurityPolicyReportOnly": "", + "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", + "xRobotsTag": "none", + "xFrameOptions": "SAMEORIGIN", + "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "xXSSProtection": "1; mode=block", + "strictTransportSecurity": "max-age=31536000; includeSubDomains" + }, + "smtpServer": {}, + "eventsEnabled": false, + "eventsListeners": ["jboss-logging"], + "enabledEventTypes": [], + "adminEventsEnabled": false, + "adminEventsDetailsEnabled": false, + "identityProviders": [], + "identityProviderMappers": [], + "components": { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ + { + "id": "14a3a641-eff4-4177-98ff-80081fae612f", + "name": "Max Clients Limit", + "providerId": "max-clients", + "subType": "anonymous", + "subComponents": {}, + "config": { + "max-clients": ["200"] + } + }, + { + "id": "3f211d4a-277e-4198-a49f-8451076ce8b3", + "name": "Consent Required", + "providerId": "consent-required", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "b9a91b05-a18a-4b45-a1b8-29b2fbd07ffd", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "96a2eabb-81ec-44fd-83be-64a560f2a384", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allow-default-scopes": ["true"] + } + }, + { + "id": "df2ed699-faca-4981-b0eb-ad3c2723696b", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "oidc-address-mapper", + "saml-user-property-mapper", + "oidc-usermodel-attribute-mapper", + "oidc-usermodel-property-mapper", + "oidc-sha256-pairwise-sub-mapper", + "saml-user-attribute-mapper", + "saml-role-list-mapper", + "oidc-full-name-mapper" + ] + } + }, + { + "id": "0701ed0c-0451-4c5d-a00f-a4be764a7622", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "saml-role-list-mapper", + "saml-user-attribute-mapper", + "oidc-full-name-mapper", + "saml-user-property-mapper", + "oidc-usermodel-property-mapper", + "oidc-sha256-pairwise-sub-mapper", + "oidc-usermodel-attribute-mapper", + "oidc-address-mapper" + ] + } + }, + { + "id": "af33cccd-fd22-4022-b5a0-22d25f63618e", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allow-default-scopes": ["true"] + } + }, + { + "id": "04daef40-4061-491c-9a4b-ff800e2fa21c", + "name": "Trusted Hosts", + "providerId": "trusted-hosts", + "subType": "anonymous", + "subComponents": {}, + "config": { + "host-sending-registration-request-must-match": ["true"], + "client-uris-must-match": ["true"] + } + } + ], + "org.keycloak.userprofile.UserProfileProvider": [ + { + "id": "20918307-6ef4-4025-8eea-dd65bceeec34", + "providerId": "declarative-user-profile", + "subComponents": {}, + "config": { + "kc.user.profile.config": [ + "{\"attributes\":[{\"name\":\"username\",\"displayName\":\"${username}\",\"validations\":{\"length\":{\"min\":3,\"max\":255},\"username-prohibited-characters\":{},\"up-username-not-idn-homograph\":{}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"email\",\"displayName\":\"${email}\",\"validations\":{\"email\":{},\"length\":{\"max\":255}},\"annotations\":{},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"firstName\",\"displayName\":\"${firstName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"lastName\",\"displayName\":\"${lastName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false}],\"groups\":[{\"name\":\"user-metadata\",\"displayHeader\":\"User metadata\",\"displayDescription\":\"Attributes, which refer to user metadata\"}]}" + ] + } + } + ], + "org.keycloak.keys.KeyProvider": [ + { + "id": "378e4484-59bd-4011-83ec-c29d3a00f096", + "name": "rsa-enc-generated", + "providerId": "rsa-enc-generated", + "subComponents": {}, + "config": { + "privateKey": [ + "MIIEpAIBAAKCAQEAqO6k1YaaZtF5El4q89LEKq0Ys+mASKCKcUOSr75YAj+43YQy7hR1cSkOD4eMCuSRhkLiitdX00YYcNZQFZk3+RqARaTduTfIKSisbOSuc0kokj8NbKpuBopKO6pyIpnTWf4/tzSWPtrU4oE+OZtLPs8eoQC+XL+kiVWWfaU/Zcihrcp3WHxNYn7lWMhFzskDu7Ez9Gz8lJamvaI0Da11jrPgBPs0a+riv+ttaURkA5u5ExyRdE4a5ZNxQnJF//QS9fqpkkrhA7u/OrN+qfaHMRgjgVrVO4Bk8HdKqMKNBftlEmz2ElUp9Egdfp/wWF9ytOt8RxH5FF5n+51kz/82DQIDAQABAoIBABMqtnWKluClEi9RE18EMiEkcBnTm6xB2MtWjyFU/5/LspIhknS8SgHrlk6RQsSmn9NDqff2TF7qhFHjIwV8U6M2DEk6ljSSXWm8FWoqfReT/KAxOrjyUlb4IEmKQnZmDRqYFAsZkpVxlzdW0iRPmBc5gUBjuPWFgenaFd/OHLYTwQD93EExVpPD2DgzIsxADY9ncs5MgXLeJbHmVv1bgvFYslKM0hpxRfytgYc4QkV0Tk5uQIrTs6kP1WyykEqIjKlOWMVwSZBkEGyqFy1kSt9q5AQFKBveM0nQQ+SPId4DKFi9biQpzR+Yzvty0y5Pdfc/MSoi7b/2ReppoExax7ECgYEA0jJ4q8+E+dln7IUzqK7hrYUctR1JFqARVPQRctUDnWvDqbNFZvsZLVlGV61kJtli7PEmfdvZfQ1/NicymJADJr4mbe2mX6eBTsFdzmSg+pdVyI4NAxvD/xlrRC2FIR1IJSkltN6EZ/LgIhoIAx9IMbJL+iizxNc7PeBjipWHEDECgYEAzb5FG74RivG6gbzR3s8fc+i4YTTTdx4h9RQ7BgligdabJr2Rqi1V3SrTc+Mu4csndl9Pdj0IDlrsgn4Mtya8IP40VjqpaUe4yfH2VhhfNLKxg3eJewUEfmvcf6P576BmZLXBaQhedGhdwz+xaGB7AkrA47hWK0G9yTo39dLEyJ0CgYEAgp+429R3Z6kSayqP4tjjCCk7oNXVMMlCXA/ctAbqWy64BkKQ86FBkSv0idIH9hiL4IEwEXDJZGw5zNZpG+QLAU2TpibUiIcY1W9XM0bXv0LCnYKhVXgwwdvzDAhZvi1rQySh+Rd7IvoNDUQuDHqpK7EIhCo9JSs39oj2cw3fRFECgYEAysLIAsY3LbJ6tt8qCaYf/jAMfaf8+ziUCJ6uaI2ZKhIgh3ZtdsQFCdjp2Ry8mEOJGYxmmEUfil4rFZM53snqv60mURCw4pOPVl4CAek08o9kiAanU7inLBwKizRD3dc68ed5u5RG2fv8464CnbXvpFudaw7AxRKeAhFBEx9rVbUCgYAJPk9YI5qH4ed/E/cWGrNrRG9ds/e3JeZ5QJ33Dew0jOvG+TyJQDFk76SCP913VsNCGRIJS3V6AO428hRnAMNbuiMAEVpO27mz1b8YzjDiDB3ydcG1EIusKxDXXv83C6C04LN/jaVx0zcxUBKD/pTCXt/QuCbcw7KzMqHb7zLsww==" + ], + "keyUse": ["ENC"], + "certificate": [ + "MIICnTCCAYUCBgGRMQ1NojANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdzcGVja2xlMB4XDTI0MDgwODA4MTIyMVoXDTM0MDgwODA4MTQwMVowEjEQMA4GA1UEAwwHc3BlY2tsZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKjupNWGmmbReRJeKvPSxCqtGLPpgEiginFDkq++WAI/uN2EMu4UdXEpDg+HjArkkYZC4orXV9NGGHDWUBWZN/kagEWk3bk3yCkorGzkrnNJKJI/DWyqbgaKSjuqciKZ01n+P7c0lj7a1OKBPjmbSz7PHqEAvly/pIlVln2lP2XIoa3Kd1h8TWJ+5VjIRc7JA7uxM/Rs/JSWpr2iNA2tdY6z4AT7NGvq4r/rbWlEZAObuRMckXROGuWTcUJyRf/0EvX6qZJK4QO7vzqzfqn2hzEYI4Fa1TuAZPB3SqjCjQX7ZRJs9hJVKfRIHX6f8FhfcrTrfEcR+RReZ/udZM//Ng0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAjbgmcsbbZMz6HLWGqdcr+sCnpSNF1L3Bwf3rtQ1bxgzbW3CcQfNIKWzAW9kjfY8t3z3v2SUrRwn3PV2zst9o+t5VhoSaaLcePXnBcvfIHxMdSCQDk+6pllnRnffBgihRufBs3SDWzIDOKtsXOtYib1t7obLy9MOUvZ6jMKG4S7dCdkS3efRzhNsA6g8b7zfqv1QxhcnftNkm+WeAqi6n5n/GgQwcVs8ki5JaXmby7M8NgKZdeS1+pqpff5yol128x5qlNyelUmG3xyObsGsgJLVv+Jbv8+REKpXfvYzkkvtg1qPvEoAL1asOxqzWqVsscMm7wFnV6L6beOCu7qdgTQ==" + ], + "priority": ["100"], + "algorithm": ["RSA-OAEP"] + } + }, + { + "id": "5ec56840-aadd-4d94-b77d-147ed099a0ef", + "name": "hmac-generated-hs512", + "providerId": "hmac-generated", + "subComponents": {}, + "config": { + "kid": ["9c9eaf6f-e6e5-40cf-ae7d-545e2ef41431"], + "secret": [ + "n8pdCHhgUoPSsN2SJc95lAFf9c1oMeqPZJJXAqhF-QvtB3c3BU_gsakXm-FHo05k-ntiIcFm1z0-NqDGDK7DVhvT4IBTmBIuVk9hPn81hjURang3k2xfC3jIPvpzpWt-hXdZ9byqSRKV8D8BtXbHxSwHENZQsypEh2Ivteok_Vs" + ], + "priority": ["100"], + "algorithm": ["HS512"] + } + }, + { + "id": "9f5d7eaa-5415-413f-9354-e5e78ed13d8c", + "name": "aes-generated", + "providerId": "aes-generated", + "subComponents": {}, + "config": { + "kid": ["8de8bc69-8faf-4469-aefe-ad91c5d82a5a"], + "secret": ["W09Ei6AgzLlz0I8oOyRCFA"], + "priority": ["100"] + } + }, + { + "id": "2cbaab9c-8d27-4b8a-81d2-cf210ded7f69", + "name": "rsa-generated", + "providerId": "rsa-generated", + "subComponents": {}, + "config": { + "privateKey": [ + "MIIEowIBAAKCAQEAuJ2YEnWyF22kmGCavEq2+yNk84DHDLI2EdZgqNp/mO8kqZFFwAnYzyhMoyZve8aVVlI5A4loGxU6n8JgMF/B4PDzi/TSjPbaq+shp06HX6739QxViSdtVOaCJV0Dp00DdJlQ0igSxWsAAYGpF7gCB7iJP1VRSYrwMTrauEUka9NRdmZAVueFJkX+B6qTbb151Zpcb/1u/7bY/5jnitl8Vx3ACVuS1hGOPxj3oKmSND1yLbcnT1CceyOXS2PGN7ZJ86+TjBkCkqAtWFFHtDD1VMPiwpzQyBS+XGM8/4Sb+oDD1tWsZY5UNjru4DSun0WJWynDtJ8CG4XFwBpM9UbwwwIDAQABAoIBADEcDvt+HolX68xzCkZjU6ibwjt6Orj4YSS+k8jnEsFCgEyxLc5HcEqvDC/sRgS1jz0+sxbrQuvNamJcKQ1FM8RcJFVLI4VHF2VbL4EbhSxhVWl0xf4tpEpM5Tr+Mr4a4Pvv2s2ExnWIoKBF9w6trrCSGMRltDFtibZ20v7ouacKw1NlrJw43DPvWVnAxsmvq+GveAt6moQpIyHxW4kEFq/OJirTIiogb9HbyHAyqxmce84JwbeUui2/FWD9omw7/+HIS9pFL7jU3Ls8sO5TPOWAzgL7VGggUWLF7UcKKirbnuRU7GAjv3R5ZiEftCHW0Rzi6+aTloAIOYgzFMWIWHkCgYEA+muixHBM55DIT6JHg3gThFw2dAwvpCvpBbIpMdAu3nzNBWohzs3hHt+Y8/LsIK7IChw56BFkzq6cAaqpwhxElvQ9vp2v9/96ct9cyzpCeiUgiv6c5GKnOdx4Z/YxkmeirpkFf4oCS2pTTkbb9BgY+1fO41EhXeoLvCXJzFXePWsCgYEAvLqdxj/RveZhCQEkaS6y14jr0qwk7e8OUnuPZEi+SInEQjmmQQlGPBsGe24U6fN65HHTPghlu1VvfjDD84fNH1XBvBs72asRJbfktJXFScyLgoeXLJFLR+GZusnhomEChMFZ5Zus7u09jwsjZCdnP7aKYFGkYKw6N+G3Lu6OWAkCgYEA6zhlaG0v36eAcES3Ncd5Va+kOncj3Oqd9Aq4ZSDulW/WyIo7fVynY++VZTe+Eqj6H30J63FDJlyfD3W2BS22Q7DhuoW1v5YK95HVQNPVk5QCMG0fA+uitlfgBY8cWy/bgHMd1gHVS+9wlqs6edqUxKpjG+SeGe/4298G4Vea7EcCgYAG3j+5pD7sy0KCwmDh1wo5H8l9PDiH1ChQRiDcxGzwVNsokdKEEWNV8qHUwhfOv8acI6xNWJ7jJ2PMUtf+t9V2K3fGcbNG45vXJI8VJ1Irsl7tXCPbQlpb/lDK5Gfqsd8Wl7a+zWCIvWd9GimqjmiKgAkfIjl6LypbOEKjWZkiiQKBgG+dehtU4+xAxbFjuBkBFU4EiaVo2d4jNU/X9GO9YOyCi1ecvF8x+LBFWO4kWKDvvkHMRV5HoJUOcyM8K5BB4ZQMr12I5rtEAh44XT7Mcp+OEbShGEs7JFU+aFy/EGtdBp4jzdfiri+IiLQATZE61lNjK1y+2BhMjSY3U8Ug60U1" + ], + "keyUse": ["SIG"], + "certificate": [ + "MIICnTCCAYUCBgGRMQ1MgDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdzcGVja2xlMB4XDTI0MDgwODA4MTIyMFoXDTM0MDgwODA4MTQwMFowEjEQMA4GA1UEAwwHc3BlY2tsZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALidmBJ1shdtpJhgmrxKtvsjZPOAxwyyNhHWYKjaf5jvJKmRRcAJ2M8oTKMmb3vGlVZSOQOJaBsVOp/CYDBfweDw84v00oz22qvrIadOh1+u9/UMVYknbVTmgiVdA6dNA3SZUNIoEsVrAAGBqRe4Age4iT9VUUmK8DE62rhFJGvTUXZmQFbnhSZF/geqk229edWaXG/9bv+22P+Y54rZfFcdwAlbktYRjj8Y96CpkjQ9ci23J09QnHsjl0tjxje2SfOvk4wZApKgLVhRR7Qw9VTD4sKc0MgUvlxjPP+Em/qAw9bVrGWOVDY67uA0rp9FiVspw7SfAhuFxcAaTPVG8MMCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAbJwv4h4worFEFIYl+dGr4UfItKkTNqNspf9DaqoK2itR/X3dSjm1nEzZaE0qIFdSGGswBMUpPJXo6KD3hvWZ3ntGdiy2/9E6YCLbmXSN6TkgPifVaGw7aRS+snSXRHBXue4Bi+/9Sse0c0p6Z4oP1y/C2tgVEqNmoQH26D+6Wv24w970t05dxpZHC6ISccZuox4pF/xWQERHiFhlyhUAaEsXa5tAYgBySda5a44px4IlAbl34dVcafGiiXh1xfy+IjSfko16OCOauQItUoTPInoFqDqffBynw7DhVRXDo5rfaxCm9xgZSqqDuClVzMc+0162jrg3LnY4VHZnoJRh1A==" + ], + "priority": ["100"] + } + } + ] + }, + "internationalizationEnabled": false, + "supportedLocales": [], + "authenticationFlows": [ + { + "id": "5ad21fff-1342-4cdc-b69e-bdae6ec16ccf", + "alias": "Account verification options", + "description": "Method with which to verity the existing account", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-email-verification", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Verify Existing Account by Re-authentication", + "userSetupAllowed": false + } + ] + }, + { + "id": "7f5d2b3c-2042-4d91-af7d-979b42eb998c", + "alias": "Browser - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-otp-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "6bb57892-5bda-4695-8523-939ebb66486f", + "alias": "Direct Grant - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "direct-grant-validate-otp", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "159619d0-ac22-4fdc-8d2d-225780dfcd8c", + "alias": "First broker login - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-otp-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "7297fa36-0d4f-4a46-9511-a2afbeed03b3", + "alias": "Handle Existing Account", + "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-confirm-link", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Account verification options", + "userSetupAllowed": false + } + ] + }, + { + "id": "ccb01bf2-6374-4175-82ba-ff984cffcbf0", + "alias": "Reset - Conditional OTP", + "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-otp", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "2749507a-0594-4000-889a-652417db7a7e", + "alias": "User creation or linking", + "description": "Flow for the existing/non-existing user alternatives", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorConfig": "create unique user config", + "authenticator": "idp-create-user-if-unique", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Handle Existing Account", + "userSetupAllowed": false + } + ] + }, + { + "id": "0c63b0c9-69f6-4878-85d6-06f0ce2e47e2", + "alias": "Verify Existing Account by Re-authentication", + "description": "Reauthentication of existing account", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-username-password-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "First broker login - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "f6d684c0-9641-4f4e-adae-c2cc30f21ec6", + "alias": "browser", + "description": "browser based authentication", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-cookie", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-spnego", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "identity-provider-redirector", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 25, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 30, + "autheticatorFlow": true, + "flowAlias": "forms", + "userSetupAllowed": false + } + ] + }, + { + "id": "0d33e19f-cc64-4fbb-abb6-a656ed6aa94d", + "alias": "clients", + "description": "Base authentication for clients", + "providerId": "client-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "client-secret", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-jwt", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-secret-jwt", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 30, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-x509", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 40, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "f291d250-9b25-4a57-9617-0017863affed", + "alias": "direct grant", + "description": "OpenID Connect Resource Owner Grant", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "direct-grant-validate-username", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "direct-grant-validate-password", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 30, + "autheticatorFlow": true, + "flowAlias": "Direct Grant - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "bfd7c74f-8670-4c8e-80f3-1daed6bba003", + "alias": "docker auth", + "description": "Used by Docker clients to authenticate against the IDP", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "docker-http-basic-authenticator", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "92b8e7e2-4498-408e-932f-f4aba6be4204", + "alias": "first broker login", + "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorConfig": "review profile config", + "authenticator": "idp-review-profile", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "User creation or linking", + "userSetupAllowed": false + } + ] + }, + { + "id": "30af24ea-6090-4208-8609-ba36a6ee219e", + "alias": "forms", + "description": "Username, password, otp and other auth forms.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-username-password-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Browser - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "80891cfa-75da-4acb-913e-d33f3eeaa9bc", + "alias": "registration", + "description": "registration flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-page-form", + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": true, + "flowAlias": "registration form", + "userSetupAllowed": false + } + ] + }, + { + "id": "af0c1820-f6ae-478f-b73c-dcf88fd42086", + "alias": "registration form", + "description": "registration form", + "providerId": "form-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-user-creation", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "registration-password-action", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 50, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "registration-recaptcha-action", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 60, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "registration-terms-and-conditions", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 70, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "abe3a285-9fb3-499b-ac50-adbc484e075d", + "alias": "reset credentials", + "description": "Reset credentials for a user if they forgot their password or something", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "reset-credentials-choose-user", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-credential-email", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-password", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 30, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 40, + "autheticatorFlow": true, + "flowAlias": "Reset - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "163fcd5e-de61-4843-be4d-8e01f42566b6", + "alias": "saml ecp", + "description": "SAML ECP Profile Authentication Flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "http-basic-authenticator", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + } + ], + "authenticatorConfig": [ + { + "id": "ae5aab89-c28b-47c3-b237-6531c919deea", + "alias": "create unique user config", + "config": { + "require.password.update.after.registration": "false" + } + }, + { + "id": "887e4380-1d97-44b3-b7ad-7ff6277f9d57", + "alias": "review profile config", + "config": { + "update.profile.on.first.login": "missing" + } + } + ], + "requiredActions": [ + { + "alias": "CONFIGURE_TOTP", + "name": "Configure OTP", + "providerId": "CONFIGURE_TOTP", + "enabled": true, + "defaultAction": false, + "priority": 10, + "config": {} + }, + { + "alias": "TERMS_AND_CONDITIONS", + "name": "Terms and Conditions", + "providerId": "TERMS_AND_CONDITIONS", + "enabled": false, + "defaultAction": false, + "priority": 20, + "config": {} + }, + { + "alias": "UPDATE_PASSWORD", + "name": "Update Password", + "providerId": "UPDATE_PASSWORD", + "enabled": true, + "defaultAction": false, + "priority": 30, + "config": {} + }, + { + "alias": "UPDATE_PROFILE", + "name": "Update Profile", + "providerId": "UPDATE_PROFILE", + "enabled": true, + "defaultAction": false, + "priority": 40, + "config": {} + }, + { + "alias": "VERIFY_EMAIL", + "name": "Verify Email", + "providerId": "VERIFY_EMAIL", + "enabled": true, + "defaultAction": false, + "priority": 50, + "config": {} + }, + { + "alias": "delete_account", + "name": "Delete Account", + "providerId": "delete_account", + "enabled": false, + "defaultAction": false, + "priority": 60, + "config": {} + }, + { + "alias": "webauthn-register", + "name": "Webauthn Register", + "providerId": "webauthn-register", + "enabled": true, + "defaultAction": false, + "priority": 70, + "config": {} + }, + { + "alias": "webauthn-register-passwordless", + "name": "Webauthn Register Passwordless", + "providerId": "webauthn-register-passwordless", + "enabled": true, + "defaultAction": false, + "priority": 80, + "config": {} + }, + { + "alias": "VERIFY_PROFILE", + "name": "Verify Profile", + "providerId": "VERIFY_PROFILE", + "enabled": true, + "defaultAction": false, + "priority": 90, + "config": {} + }, + { + "alias": "delete_credential", + "name": "Delete Credential", + "providerId": "delete_credential", + "enabled": true, + "defaultAction": false, + "priority": 100, + "config": {} + }, + { + "alias": "update_user_locale", + "name": "Update User Locale", + "providerId": "update_user_locale", + "enabled": true, + "defaultAction": false, + "priority": 1000, + "config": {} + } + ], + "browserFlow": "browser", + "registrationFlow": "registration", + "directGrantFlow": "direct grant", + "resetCredentialsFlow": "reset credentials", + "clientAuthenticationFlow": "clients", + "dockerAuthenticationFlow": "docker auth", + "firstBrokerLoginFlow": "first broker login", + "attributes": { + "cibaBackchannelTokenDeliveryMode": "poll", + "cibaAuthRequestedUserHint": "login_hint", + "oauth2DevicePollingInterval": "5", + "clientOfflineSessionMaxLifespan": "0", + "clientSessionIdleTimeout": "0", + "clientOfflineSessionIdleTimeout": "0", + "cibaInterval": "5", + "realmReusableOtpCode": "false", + "cibaExpiresIn": "120", + "oauth2DeviceCodeLifespan": "600", + "parRequestUriLifespan": "60", + "clientSessionMaxLifespan": "0", + "organizationsEnabled": "false" + }, + "keycloakVersion": "25.0.2", + "userManagedAccessAllowed": false, + "organizationsEnabled": false, + "clientProfiles": { + "profiles": [] + }, + "clientPolicies": { + "policies": [] + } +} diff --git a/setup/keycloak/speckle-users-0.json b/setup/keycloak/speckle-users-0.json new file mode 100644 index 000000000..c2985f623 --- /dev/null +++ b/setup/keycloak/speckle-users-0.json @@ -0,0 +1,30 @@ +{ + "realm": "speckle", + "users": [ + { + "id": "45aa3ddd-7e18-4cd1-b908-7ce24e0c1129", + "username": "speckle", + "firstName": "speckle", + "lastName": "speckle", + "email": "speckle@keycloak.com", + "emailVerified": true, + "createdTimestamp": 1723105000956, + "enabled": true, + "totp": false, + "credentials": [ + { + "id": "ae1ffa2c-ff10-4d4e-a0f8-796b3f775c18", + "type": "password", + "createdDate": 1723105000980, + "secretData": "{\"value\":\"8QG5nJiQkscKrfVDc0TTSJ70lRCKadxvkPAFBs3TB1g=\",\"salt\":\"TPnXJz5JYxGl8wIlcXqiVw==\",\"additionalParameters\":{}}", + "credentialData": "{\"hashIterations\":5,\"algorithm\":\"argon2\",\"additionalParameters\":{\"hashLength\":[\"32\"],\"memory\":[\"7168\"],\"type\":[\"id\"],\"version\":[\"1.3\"],\"parallelism\":[\"1\"]}}" + } + ], + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": ["default-roles-speckle"], + "notBefore": 0, + "groups": [] + } + ] +}