Kristaps Fabians Geikins
e2f2a71b83
* local OIDC provider for testing * minor adjustments * addressed comments
2167 lines
74 KiB
JSON
2167 lines
74 KiB
JSON
{
|
|
"id": "6034e1e8-0743-406c-bc55-d14c830835d6",
|
|
"realm": "speckle",
|
|
"notBefore": 0,
|
|
"defaultSignatureAlgorithm": "RS256",
|
|
"revokeRefreshToken": false,
|
|
"refreshTokenMaxReuse": 0,
|
|
"accessTokenLifespan": 300,
|
|
"accessTokenLifespanForImplicitFlow": 900,
|
|
"ssoSessionIdleTimeout": 1800,
|
|
"ssoSessionMaxLifespan": 36000,
|
|
"ssoSessionIdleTimeoutRememberMe": 0,
|
|
"ssoSessionMaxLifespanRememberMe": 0,
|
|
"offlineSessionIdleTimeout": 2592000,
|
|
"offlineSessionMaxLifespanEnabled": false,
|
|
"offlineSessionMaxLifespan": 5184000,
|
|
"clientSessionIdleTimeout": 0,
|
|
"clientSessionMaxLifespan": 0,
|
|
"clientOfflineSessionIdleTimeout": 0,
|
|
"clientOfflineSessionMaxLifespan": 0,
|
|
"accessCodeLifespan": 60,
|
|
"accessCodeLifespanUserAction": 300,
|
|
"accessCodeLifespanLogin": 1800,
|
|
"actionTokenGeneratedByAdminLifespan": 43200,
|
|
"actionTokenGeneratedByUserLifespan": 300,
|
|
"oauth2DeviceCodeLifespan": 600,
|
|
"oauth2DevicePollingInterval": 5,
|
|
"enabled": true,
|
|
"sslRequired": "external",
|
|
"registrationAllowed": true,
|
|
"registrationEmailAsUsername": false,
|
|
"rememberMe": true,
|
|
"verifyEmail": false,
|
|
"loginWithEmailAllowed": true,
|
|
"duplicateEmailsAllowed": false,
|
|
"resetPasswordAllowed": true,
|
|
"editUsernameAllowed": false,
|
|
"bruteForceProtected": false,
|
|
"permanentLockout": false,
|
|
"maxTemporaryLockouts": 0,
|
|
"maxFailureWaitSeconds": 900,
|
|
"minimumQuickLoginWaitSeconds": 60,
|
|
"waitIncrementSeconds": 60,
|
|
"quickLoginCheckMilliSeconds": 1000,
|
|
"maxDeltaTimeSeconds": 43200,
|
|
"failureFactor": 30,
|
|
"roles": {
|
|
"realm": [
|
|
{
|
|
"id": "b29a31e1-a1b3-478e-af8b-9d26ab12dc65",
|
|
"name": "offline_access",
|
|
"description": "${role_offline-access}",
|
|
"composite": false,
|
|
"clientRole": false,
|
|
"containerId": "6034e1e8-0743-406c-bc55-d14c830835d6",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "0a184e5d-449a-4513-b616-6b67887c49b2",
|
|
"name": "default-roles-speckle",
|
|
"description": "${role_default-roles}",
|
|
"composite": true,
|
|
"composites": {
|
|
"realm": ["offline_access", "uma_authorization"],
|
|
"client": {
|
|
"account": ["view-profile", "manage-account"]
|
|
}
|
|
},
|
|
"clientRole": false,
|
|
"containerId": "6034e1e8-0743-406c-bc55-d14c830835d6",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "581282ce-a065-45a7-aada-684be6183e7f",
|
|
"name": "uma_authorization",
|
|
"description": "${role_uma_authorization}",
|
|
"composite": false,
|
|
"clientRole": false,
|
|
"containerId": "6034e1e8-0743-406c-bc55-d14c830835d6",
|
|
"attributes": {}
|
|
}
|
|
],
|
|
"client": {
|
|
"realm-management": [
|
|
{
|
|
"id": "99e3369c-1413-4db4-9f60-0a45c8ce2975",
|
|
"name": "view-events",
|
|
"description": "${role_view-events}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "93f01f1a-14eb-48c4-b303-61f20284dc50",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "d70b09c1-04d0-4e4d-ab1f-5af0d085d9d0",
|
|
"name": "manage-users",
|
|
"description": "${role_manage-users}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "93f01f1a-14eb-48c4-b303-61f20284dc50",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "1f8d1c0b-b67d-4b84-8c02-7875846fab0f",
|
|
"name": "manage-events",
|
|
"description": "${role_manage-events}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "93f01f1a-14eb-48c4-b303-61f20284dc50",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "ac5bdcce-f5ae-4285-affe-7906b7e01e3b",
|
|
"name": "query-groups",
|
|
"description": "${role_query-groups}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "93f01f1a-14eb-48c4-b303-61f20284dc50",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "7b597598-abd9-4bb9-a5b0-bf7f9228c7ac",
|
|
"name": "manage-realm",
|
|
"description": "${role_manage-realm}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "93f01f1a-14eb-48c4-b303-61f20284dc50",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "afa15b75-dfbc-4d8f-ae49-10c923f346a1",
|
|
"name": "view-clients",
|
|
"description": "${role_view-clients}",
|
|
"composite": true,
|
|
"composites": {
|
|
"client": {
|
|
"realm-management": ["query-clients"]
|
|
}
|
|
},
|
|
"clientRole": true,
|
|
"containerId": "93f01f1a-14eb-48c4-b303-61f20284dc50",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "5dd24615-a482-4ad5-b01b-e704f56dcf92",
|
|
"name": "query-clients",
|
|
"description": "${role_query-clients}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "93f01f1a-14eb-48c4-b303-61f20284dc50",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "93885446-deef-436e-9155-bf032a18eb11",
|
|
"name": "manage-identity-providers",
|
|
"description": "${role_manage-identity-providers}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "93f01f1a-14eb-48c4-b303-61f20284dc50",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "323e8d2a-2c7b-4dc5-94c8-82a588ca342f",
|
|
"name": "view-realm",
|
|
"description": "${role_view-realm}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "93f01f1a-14eb-48c4-b303-61f20284dc50",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "3a6a3495-fd9f-489e-ba1b-8c801e7b354d",
|
|
"name": "create-client",
|
|
"description": "${role_create-client}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "93f01f1a-14eb-48c4-b303-61f20284dc50",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "01dca7bd-d593-45ef-8d2c-5c211c879781",
|
|
"name": "manage-authorization",
|
|
"description": "${role_manage-authorization}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "93f01f1a-14eb-48c4-b303-61f20284dc50",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "cfd2392c-6fb9-4551-970c-fa0948cf26dc",
|
|
"name": "query-users",
|
|
"description": "${role_query-users}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "93f01f1a-14eb-48c4-b303-61f20284dc50",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "a5ee9049-af12-4722-9383-e5ae4de46267",
|
|
"name": "view-users",
|
|
"description": "${role_view-users}",
|
|
"composite": true,
|
|
"composites": {
|
|
"client": {
|
|
"realm-management": ["query-users", "query-groups"]
|
|
}
|
|
},
|
|
"clientRole": true,
|
|
"containerId": "93f01f1a-14eb-48c4-b303-61f20284dc50",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "c6352eda-d7b1-4709-a548-823736a14cd2",
|
|
"name": "manage-clients",
|
|
"description": "${role_manage-clients}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "93f01f1a-14eb-48c4-b303-61f20284dc50",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "b1834365-a7be-4af7-b5ab-476b27c7fa67",
|
|
"name": "view-authorization",
|
|
"description": "${role_view-authorization}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "93f01f1a-14eb-48c4-b303-61f20284dc50",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "1d3e6252-d2c8-4d6a-a705-9bd8b8ea8105",
|
|
"name": "realm-admin",
|
|
"description": "${role_realm-admin}",
|
|
"composite": true,
|
|
"composites": {
|
|
"client": {
|
|
"realm-management": [
|
|
"view-events",
|
|
"manage-users",
|
|
"manage-events",
|
|
"query-groups",
|
|
"view-clients",
|
|
"manage-realm",
|
|
"query-clients",
|
|
"manage-identity-providers",
|
|
"view-realm",
|
|
"create-client",
|
|
"manage-authorization",
|
|
"query-users",
|
|
"view-users",
|
|
"manage-clients",
|
|
"view-authorization",
|
|
"view-identity-providers",
|
|
"query-realms",
|
|
"impersonation"
|
|
]
|
|
}
|
|
},
|
|
"clientRole": true,
|
|
"containerId": "93f01f1a-14eb-48c4-b303-61f20284dc50",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "ea80b141-c2e4-4e82-a5cd-ece3af6db0e2",
|
|
"name": "impersonation",
|
|
"description": "${role_impersonation}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "93f01f1a-14eb-48c4-b303-61f20284dc50",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "c614b68d-1c7a-4921-b0d4-5434139b8451",
|
|
"name": "query-realms",
|
|
"description": "${role_query-realms}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "93f01f1a-14eb-48c4-b303-61f20284dc50",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "86309bc1-d1ba-414d-a782-735ad8e9f669",
|
|
"name": "view-identity-providers",
|
|
"description": "${role_view-identity-providers}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "93f01f1a-14eb-48c4-b303-61f20284dc50",
|
|
"attributes": {}
|
|
}
|
|
],
|
|
"security-admin-console": [],
|
|
"admin-cli": [],
|
|
"account-console": [],
|
|
"broker": [
|
|
{
|
|
"id": "ae9969ea-3438-483c-bf62-145a503cd68c",
|
|
"name": "read-token",
|
|
"description": "${role_read-token}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "3a395141-f99a-443e-801e-c42d1a8cb4cc",
|
|
"attributes": {}
|
|
}
|
|
],
|
|
"account": [
|
|
{
|
|
"id": "21fc370f-51a0-4245-bbca-0161892035f9",
|
|
"name": "manage-account-links",
|
|
"description": "${role_manage-account-links}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "e48f6e6b-b7c4-4a7d-bd56-ed4ccc3bbe61",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "1a689fdc-feab-4a56-81b0-d4569c4da77a",
|
|
"name": "view-profile",
|
|
"description": "${role_view-profile}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "e48f6e6b-b7c4-4a7d-bd56-ed4ccc3bbe61",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "fe0596ce-fb80-48a5-bcc1-08599abe4439",
|
|
"name": "manage-account",
|
|
"description": "${role_manage-account}",
|
|
"composite": true,
|
|
"composites": {
|
|
"client": {
|
|
"account": ["manage-account-links"]
|
|
}
|
|
},
|
|
"clientRole": true,
|
|
"containerId": "e48f6e6b-b7c4-4a7d-bd56-ed4ccc3bbe61",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "3d3d46f5-5123-4eaf-bc3f-6dd625d79120",
|
|
"name": "view-groups",
|
|
"description": "${role_view-groups}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "e48f6e6b-b7c4-4a7d-bd56-ed4ccc3bbe61",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "d23eb406-7de1-4ff2-a843-9cf57d85ebda",
|
|
"name": "view-applications",
|
|
"description": "${role_view-applications}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "e48f6e6b-b7c4-4a7d-bd56-ed4ccc3bbe61",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "b6e0b2d7-24ae-4509-8189-857b680900f8",
|
|
"name": "delete-account",
|
|
"description": "${role_delete-account}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "e48f6e6b-b7c4-4a7d-bd56-ed4ccc3bbe61",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "88c6f498-7459-46fa-90b5-e13f7bd3c87a",
|
|
"name": "view-consent",
|
|
"description": "${role_view-consent}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "e48f6e6b-b7c4-4a7d-bd56-ed4ccc3bbe61",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "d8fdb873-d424-43a4-abe6-47678242d2a2",
|
|
"name": "manage-consent",
|
|
"description": "${role_manage-consent}",
|
|
"composite": true,
|
|
"composites": {
|
|
"client": {
|
|
"account": ["view-consent"]
|
|
}
|
|
},
|
|
"clientRole": true,
|
|
"containerId": "e48f6e6b-b7c4-4a7d-bd56-ed4ccc3bbe61",
|
|
"attributes": {}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"groups": [],
|
|
"defaultRole": {
|
|
"id": "0a184e5d-449a-4513-b616-6b67887c49b2",
|
|
"name": "default-roles-speckle",
|
|
"description": "${role_default-roles}",
|
|
"composite": true,
|
|
"clientRole": false,
|
|
"containerId": "6034e1e8-0743-406c-bc55-d14c830835d6"
|
|
},
|
|
"requiredCredentials": ["password"],
|
|
"otpPolicyType": "totp",
|
|
"otpPolicyAlgorithm": "HmacSHA1",
|
|
"otpPolicyInitialCounter": 0,
|
|
"otpPolicyDigits": 6,
|
|
"otpPolicyLookAheadWindow": 1,
|
|
"otpPolicyPeriod": 30,
|
|
"otpPolicyCodeReusable": false,
|
|
"otpSupportedApplications": [
|
|
"totpAppFreeOTPName",
|
|
"totpAppGoogleName",
|
|
"totpAppMicrosoftAuthenticatorName"
|
|
],
|
|
"localizationTexts": {},
|
|
"webAuthnPolicyRpEntityName": "keycloak",
|
|
"webAuthnPolicySignatureAlgorithms": ["ES256"],
|
|
"webAuthnPolicyRpId": "",
|
|
"webAuthnPolicyAttestationConveyancePreference": "not specified",
|
|
"webAuthnPolicyAuthenticatorAttachment": "not specified",
|
|
"webAuthnPolicyRequireResidentKey": "not specified",
|
|
"webAuthnPolicyUserVerificationRequirement": "not specified",
|
|
"webAuthnPolicyCreateTimeout": 0,
|
|
"webAuthnPolicyAvoidSameAuthenticatorRegister": false,
|
|
"webAuthnPolicyAcceptableAaguids": [],
|
|
"webAuthnPolicyExtraOrigins": [],
|
|
"webAuthnPolicyPasswordlessRpEntityName": "keycloak",
|
|
"webAuthnPolicyPasswordlessSignatureAlgorithms": ["ES256"],
|
|
"webAuthnPolicyPasswordlessRpId": "",
|
|
"webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified",
|
|
"webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified",
|
|
"webAuthnPolicyPasswordlessRequireResidentKey": "not specified",
|
|
"webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified",
|
|
"webAuthnPolicyPasswordlessCreateTimeout": 0,
|
|
"webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false,
|
|
"webAuthnPolicyPasswordlessAcceptableAaguids": [],
|
|
"webAuthnPolicyPasswordlessExtraOrigins": [],
|
|
"scopeMappings": [
|
|
{
|
|
"clientScope": "offline_access",
|
|
"roles": ["offline_access"]
|
|
}
|
|
],
|
|
"clientScopeMappings": {
|
|
"account": [
|
|
{
|
|
"client": "account-console",
|
|
"roles": ["manage-account", "view-groups"]
|
|
}
|
|
]
|
|
},
|
|
"clients": [
|
|
{
|
|
"id": "e48f6e6b-b7c4-4a7d-bd56-ed4ccc3bbe61",
|
|
"clientId": "account",
|
|
"name": "${client_account}",
|
|
"description": "",
|
|
"rootUrl": "${authBaseUrl}",
|
|
"adminUrl": "",
|
|
"baseUrl": "/realms/speckle/account/",
|
|
"surrogateAuthRequired": false,
|
|
"enabled": true,
|
|
"alwaysDisplayInConsole": false,
|
|
"clientAuthenticatorType": "client-secret",
|
|
"secret": "gLb9IEutYQ0npyvA8iHxPsObY3duGB0w",
|
|
"redirectUris": [
|
|
"http://localhost:8080/*",
|
|
"http://localhost:3000/*",
|
|
"http://127.0.0.1:8080/*",
|
|
"http://127.0.0.1:3000/*",
|
|
"http://speckle.internal/*",
|
|
"http://speckle.internal:3000/*",
|
|
"/realms/speckle/account/*"
|
|
],
|
|
"webOrigins": [],
|
|
"notBefore": 0,
|
|
"bearerOnly": false,
|
|
"consentRequired": false,
|
|
"standardFlowEnabled": true,
|
|
"implicitFlowEnabled": false,
|
|
"directAccessGrantsEnabled": false,
|
|
"serviceAccountsEnabled": false,
|
|
"publicClient": false,
|
|
"frontchannelLogout": false,
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"oidc.ciba.grant.enabled": "false",
|
|
"client.secret.creation.time": "1723104861",
|
|
"backchannel.logout.session.required": "true",
|
|
"post.logout.redirect.uris": "+",
|
|
"display.on.consent.screen": "false",
|
|
"oauth2.device.authorization.grant.enabled": "false",
|
|
"backchannel.logout.revoke.offline.tokens": "false"
|
|
},
|
|
"authenticationFlowBindingOverrides": {},
|
|
"fullScopeAllowed": false,
|
|
"nodeReRegistrationTimeout": 0,
|
|
"defaultClientScopes": [
|
|
"web-origins",
|
|
"acr",
|
|
"roles",
|
|
"profile",
|
|
"basic",
|
|
"email"
|
|
],
|
|
"optionalClientScopes": ["address", "phone", "offline_access", "microprofile-jwt"]
|
|
},
|
|
{
|
|
"id": "21a48de6-ef1d-4750-8368-343e335f9542",
|
|
"clientId": "account-console",
|
|
"name": "${client_account-console}",
|
|
"rootUrl": "${authBaseUrl}",
|
|
"baseUrl": "/realms/speckle/account/",
|
|
"surrogateAuthRequired": false,
|
|
"enabled": true,
|
|
"alwaysDisplayInConsole": false,
|
|
"clientAuthenticatorType": "client-secret",
|
|
"redirectUris": ["/realms/speckle/account/*"],
|
|
"webOrigins": [],
|
|
"notBefore": 0,
|
|
"bearerOnly": false,
|
|
"consentRequired": false,
|
|
"standardFlowEnabled": true,
|
|
"implicitFlowEnabled": false,
|
|
"directAccessGrantsEnabled": false,
|
|
"serviceAccountsEnabled": false,
|
|
"publicClient": true,
|
|
"frontchannelLogout": false,
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"post.logout.redirect.uris": "+",
|
|
"pkce.code.challenge.method": "S256"
|
|
},
|
|
"authenticationFlowBindingOverrides": {},
|
|
"fullScopeAllowed": false,
|
|
"nodeReRegistrationTimeout": 0,
|
|
"protocolMappers": [
|
|
{
|
|
"id": "30552494-17eb-45b3-b7d0-d49777848511",
|
|
"name": "audience resolve",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-audience-resolve-mapper",
|
|
"consentRequired": false,
|
|
"config": {}
|
|
}
|
|
],
|
|
"defaultClientScopes": [
|
|
"web-origins",
|
|
"acr",
|
|
"roles",
|
|
"profile",
|
|
"basic",
|
|
"email"
|
|
],
|
|
"optionalClientScopes": ["address", "phone", "offline_access", "microprofile-jwt"]
|
|
},
|
|
{
|
|
"id": "f4c36733-7dce-43ee-b0a1-44390b87f0bd",
|
|
"clientId": "admin-cli",
|
|
"name": "${client_admin-cli}",
|
|
"surrogateAuthRequired": false,
|
|
"enabled": true,
|
|
"alwaysDisplayInConsole": false,
|
|
"clientAuthenticatorType": "client-secret",
|
|
"redirectUris": [],
|
|
"webOrigins": [],
|
|
"notBefore": 0,
|
|
"bearerOnly": false,
|
|
"consentRequired": false,
|
|
"standardFlowEnabled": false,
|
|
"implicitFlowEnabled": false,
|
|
"directAccessGrantsEnabled": true,
|
|
"serviceAccountsEnabled": false,
|
|
"publicClient": true,
|
|
"frontchannelLogout": false,
|
|
"protocol": "openid-connect",
|
|
"attributes": {},
|
|
"authenticationFlowBindingOverrides": {},
|
|
"fullScopeAllowed": false,
|
|
"nodeReRegistrationTimeout": 0,
|
|
"defaultClientScopes": [
|
|
"web-origins",
|
|
"acr",
|
|
"roles",
|
|
"profile",
|
|
"basic",
|
|
"email"
|
|
],
|
|
"optionalClientScopes": ["address", "phone", "offline_access", "microprofile-jwt"]
|
|
},
|
|
{
|
|
"id": "3a395141-f99a-443e-801e-c42d1a8cb4cc",
|
|
"clientId": "broker",
|
|
"name": "${client_broker}",
|
|
"surrogateAuthRequired": false,
|
|
"enabled": true,
|
|
"alwaysDisplayInConsole": false,
|
|
"clientAuthenticatorType": "client-secret",
|
|
"redirectUris": [],
|
|
"webOrigins": [],
|
|
"notBefore": 0,
|
|
"bearerOnly": true,
|
|
"consentRequired": false,
|
|
"standardFlowEnabled": true,
|
|
"implicitFlowEnabled": false,
|
|
"directAccessGrantsEnabled": false,
|
|
"serviceAccountsEnabled": false,
|
|
"publicClient": false,
|
|
"frontchannelLogout": false,
|
|
"protocol": "openid-connect",
|
|
"attributes": {},
|
|
"authenticationFlowBindingOverrides": {},
|
|
"fullScopeAllowed": false,
|
|
"nodeReRegistrationTimeout": 0,
|
|
"defaultClientScopes": [
|
|
"web-origins",
|
|
"acr",
|
|
"roles",
|
|
"profile",
|
|
"basic",
|
|
"email"
|
|
],
|
|
"optionalClientScopes": ["address", "phone", "offline_access", "microprofile-jwt"]
|
|
},
|
|
{
|
|
"id": "93f01f1a-14eb-48c4-b303-61f20284dc50",
|
|
"clientId": "realm-management",
|
|
"name": "${client_realm-management}",
|
|
"surrogateAuthRequired": false,
|
|
"enabled": true,
|
|
"alwaysDisplayInConsole": false,
|
|
"clientAuthenticatorType": "client-secret",
|
|
"redirectUris": [],
|
|
"webOrigins": [],
|
|
"notBefore": 0,
|
|
"bearerOnly": true,
|
|
"consentRequired": false,
|
|
"standardFlowEnabled": true,
|
|
"implicitFlowEnabled": false,
|
|
"directAccessGrantsEnabled": false,
|
|
"serviceAccountsEnabled": false,
|
|
"publicClient": false,
|
|
"frontchannelLogout": false,
|
|
"protocol": "openid-connect",
|
|
"attributes": {},
|
|
"authenticationFlowBindingOverrides": {},
|
|
"fullScopeAllowed": false,
|
|
"nodeReRegistrationTimeout": 0,
|
|
"defaultClientScopes": [
|
|
"web-origins",
|
|
"acr",
|
|
"roles",
|
|
"profile",
|
|
"basic",
|
|
"email"
|
|
],
|
|
"optionalClientScopes": ["address", "phone", "offline_access", "microprofile-jwt"]
|
|
},
|
|
{
|
|
"id": "800e724b-c44b-475b-9d6a-f8499228f952",
|
|
"clientId": "security-admin-console",
|
|
"name": "${client_security-admin-console}",
|
|
"rootUrl": "${authAdminUrl}",
|
|
"baseUrl": "/admin/speckle/console/",
|
|
"surrogateAuthRequired": false,
|
|
"enabled": true,
|
|
"alwaysDisplayInConsole": false,
|
|
"clientAuthenticatorType": "client-secret",
|
|
"redirectUris": ["/admin/speckle/console/*"],
|
|
"webOrigins": ["+"],
|
|
"notBefore": 0,
|
|
"bearerOnly": false,
|
|
"consentRequired": false,
|
|
"standardFlowEnabled": true,
|
|
"implicitFlowEnabled": false,
|
|
"directAccessGrantsEnabled": false,
|
|
"serviceAccountsEnabled": false,
|
|
"publicClient": true,
|
|
"frontchannelLogout": false,
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"post.logout.redirect.uris": "+",
|
|
"pkce.code.challenge.method": "S256"
|
|
},
|
|
"authenticationFlowBindingOverrides": {},
|
|
"fullScopeAllowed": false,
|
|
"nodeReRegistrationTimeout": 0,
|
|
"protocolMappers": [
|
|
{
|
|
"id": "5dc0e1c7-0b10-4158-a6d1-1c225ff54269",
|
|
"name": "locale",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"introspection.token.claim": "true",
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "locale",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "locale",
|
|
"jsonType.label": "String"
|
|
}
|
|
}
|
|
],
|
|
"defaultClientScopes": [
|
|
"web-origins",
|
|
"acr",
|
|
"roles",
|
|
"profile",
|
|
"basic",
|
|
"email"
|
|
],
|
|
"optionalClientScopes": ["address", "phone", "offline_access", "microprofile-jwt"]
|
|
}
|
|
],
|
|
"clientScopes": [
|
|
{
|
|
"id": "dff1aa94-9051-49f8-8070-663c37bf810c",
|
|
"name": "acr",
|
|
"description": "OpenID Connect scope for add acr (authentication context class reference) to the token",
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"include.in.token.scope": "false",
|
|
"display.on.consent.screen": "false"
|
|
},
|
|
"protocolMappers": [
|
|
{
|
|
"id": "7f7f55dc-bf33-4ee8-b6e2-9fd0272d158b",
|
|
"name": "acr loa level",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-acr-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"id.token.claim": "true",
|
|
"introspection.token.claim": "true",
|
|
"access.token.claim": "true"
|
|
}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "0a472739-b440-4bea-b4e9-bd931bdff25d",
|
|
"name": "basic",
|
|
"description": "OpenID Connect scope for add all basic claims to the token",
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"include.in.token.scope": "false",
|
|
"display.on.consent.screen": "false"
|
|
},
|
|
"protocolMappers": [
|
|
{
|
|
"id": "93179872-b4e0-45e9-91b5-ec42c5b8d7d4",
|
|
"name": "auth_time",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usersessionmodel-note-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"user.session.note": "AUTH_TIME",
|
|
"id.token.claim": "true",
|
|
"introspection.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "auth_time",
|
|
"jsonType.label": "long"
|
|
}
|
|
},
|
|
{
|
|
"id": "8d80d05b-7a19-4731-a562-f88fc2a3ce5a",
|
|
"name": "sub",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-sub-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"introspection.token.claim": "true",
|
|
"access.token.claim": "true"
|
|
}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "f8c2f73b-3258-4cc1-a656-ef4ee7e326d3",
|
|
"name": "roles",
|
|
"description": "OpenID Connect scope for add user roles to the access token",
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"include.in.token.scope": "false",
|
|
"consent.screen.text": "${rolesScopeConsentText}",
|
|
"display.on.consent.screen": "true"
|
|
},
|
|
"protocolMappers": [
|
|
{
|
|
"id": "65cf30f8-79d9-48f1-bdaa-25c94c08b0a7",
|
|
"name": "client roles",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-client-role-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"user.attribute": "foo",
|
|
"introspection.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "resource_access.${client_id}.roles",
|
|
"jsonType.label": "String",
|
|
"multivalued": "true"
|
|
}
|
|
},
|
|
{
|
|
"id": "bdf46036-3e02-444c-83b9-6c4515edcf18",
|
|
"name": "realm roles",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-realm-role-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"user.attribute": "foo",
|
|
"introspection.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "realm_access.roles",
|
|
"jsonType.label": "String",
|
|
"multivalued": "true"
|
|
}
|
|
},
|
|
{
|
|
"id": "e4259cb1-1cfa-420a-b328-bdc1d249b908",
|
|
"name": "audience resolve",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-audience-resolve-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"introspection.token.claim": "true",
|
|
"access.token.claim": "true"
|
|
}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "89a9af13-5610-4919-b221-7b65d594554a",
|
|
"name": "microprofile-jwt",
|
|
"description": "Microprofile - JWT built-in scope",
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"include.in.token.scope": "true",
|
|
"display.on.consent.screen": "false"
|
|
},
|
|
"protocolMappers": [
|
|
{
|
|
"id": "4e422d39-9f63-403d-ba6d-f8bda9c9c1c8",
|
|
"name": "upn",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"introspection.token.claim": "true",
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "username",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "upn",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "254d50d0-4109-40c3-9f57-00e30d8448c3",
|
|
"name": "groups",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-realm-role-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"introspection.token.claim": "true",
|
|
"multivalued": "true",
|
|
"user.attribute": "foo",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "groups",
|
|
"jsonType.label": "String"
|
|
}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "a1bd108d-2dc5-4c91-823e-e6e9aeab471b",
|
|
"name": "profile",
|
|
"description": "OpenID Connect built-in scope: profile",
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"include.in.token.scope": "true",
|
|
"consent.screen.text": "${profileScopeConsentText}",
|
|
"display.on.consent.screen": "true"
|
|
},
|
|
"protocolMappers": [
|
|
{
|
|
"id": "af3d8c27-38ba-44c0-b6f1-146d34bc8bcf",
|
|
"name": "gender",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"introspection.token.claim": "true",
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "gender",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "gender",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "9c88153a-6498-4740-bcd8-f171ba339db9",
|
|
"name": "updated at",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"introspection.token.claim": "true",
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "updatedAt",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "updated_at",
|
|
"jsonType.label": "long"
|
|
}
|
|
},
|
|
{
|
|
"id": "649338c1-e16c-49ab-ad78-86fc26f1fdcb",
|
|
"name": "family name",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"introspection.token.claim": "true",
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "lastName",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "family_name",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "a4480056-a269-4bf6-ba18-558ad0430ca0",
|
|
"name": "full name",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-full-name-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"id.token.claim": "true",
|
|
"introspection.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"userinfo.token.claim": "true"
|
|
}
|
|
},
|
|
{
|
|
"id": "ec38535b-901d-421d-b536-416073a26d59",
|
|
"name": "nickname",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"introspection.token.claim": "true",
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "nickname",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "nickname",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "d915323f-122e-44ae-9c1f-e55e24690bd7",
|
|
"name": "website",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"introspection.token.claim": "true",
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "website",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "website",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "af8a0a74-b4e4-40d8-b457-46d797b70c64",
|
|
"name": "username",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"introspection.token.claim": "true",
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "username",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "preferred_username",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "edc2a72e-3729-489b-af44-4461351cc57f",
|
|
"name": "profile",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"introspection.token.claim": "true",
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "profile",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "profile",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "9de9ca4d-681d-4110-8cd0-efb61224b8be",
|
|
"name": "birthdate",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"introspection.token.claim": "true",
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "birthdate",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "birthdate",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "cae906d7-8c61-42cd-b21b-844a7594e013",
|
|
"name": "given name",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"introspection.token.claim": "true",
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "firstName",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "given_name",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "25d9a9dd-0091-4da5-938f-726a5342f469",
|
|
"name": "picture",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"introspection.token.claim": "true",
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "picture",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "picture",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "6c12a820-a13d-4bed-8984-5ea90d036977",
|
|
"name": "locale",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"introspection.token.claim": "true",
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "locale",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "locale",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "1efe7a7c-7060-4403-bde6-e84c32d515f2",
|
|
"name": "zoneinfo",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"introspection.token.claim": "true",
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "zoneinfo",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "zoneinfo",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "d273e320-50c8-449d-b064-64b7de25dede",
|
|
"name": "middle name",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"introspection.token.claim": "true",
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "middleName",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "middle_name",
|
|
"jsonType.label": "String"
|
|
}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "af9cfbd6-8da9-40b1-895d-e7b55dca5c54",
|
|
"name": "offline_access",
|
|
"description": "OpenID Connect built-in scope: offline_access",
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"consent.screen.text": "${offlineAccessScopeConsentText}",
|
|
"display.on.consent.screen": "true"
|
|
}
|
|
},
|
|
{
|
|
"id": "c20b8d69-1288-429a-bbab-700c87c83c49",
|
|
"name": "address",
|
|
"description": "OpenID Connect built-in scope: address",
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"include.in.token.scope": "true",
|
|
"consent.screen.text": "${addressScopeConsentText}",
|
|
"display.on.consent.screen": "true"
|
|
},
|
|
"protocolMappers": [
|
|
{
|
|
"id": "c25b6316-3df0-45c5-81ff-095df760f377",
|
|
"name": "address",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-address-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"user.attribute.formatted": "formatted",
|
|
"user.attribute.country": "country",
|
|
"introspection.token.claim": "true",
|
|
"user.attribute.postal_code": "postal_code",
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute.street": "street",
|
|
"id.token.claim": "true",
|
|
"user.attribute.region": "region",
|
|
"access.token.claim": "true",
|
|
"user.attribute.locality": "locality"
|
|
}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "20578d0f-d7ec-4d21-989d-701b923bc06c",
|
|
"name": "web-origins",
|
|
"description": "OpenID Connect scope for add allowed web origins to the access token",
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"include.in.token.scope": "false",
|
|
"consent.screen.text": "",
|
|
"display.on.consent.screen": "false"
|
|
},
|
|
"protocolMappers": [
|
|
{
|
|
"id": "31100389-c118-452e-bb6f-4f6fa62985a3",
|
|
"name": "allowed web origins",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-allowed-origins-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"introspection.token.claim": "true",
|
|
"access.token.claim": "true"
|
|
}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "0bacede0-3962-4f42-8255-b72389e6785c",
|
|
"name": "email",
|
|
"description": "OpenID Connect built-in scope: email",
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"include.in.token.scope": "true",
|
|
"consent.screen.text": "${emailScopeConsentText}",
|
|
"display.on.consent.screen": "true"
|
|
},
|
|
"protocolMappers": [
|
|
{
|
|
"id": "0b642538-f270-4b11-a97e-5507a4bf68f7",
|
|
"name": "email",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"introspection.token.claim": "true",
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "email",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "email",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "524c233c-981d-4181-837b-3d7b765b4fc7",
|
|
"name": "email verified",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-property-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"introspection.token.claim": "true",
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "emailVerified",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "email_verified",
|
|
"jsonType.label": "boolean"
|
|
}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "c8d1be69-6b3e-4923-86f2-02c5778bc008",
|
|
"name": "phone",
|
|
"description": "OpenID Connect built-in scope: phone",
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"include.in.token.scope": "true",
|
|
"consent.screen.text": "${phoneScopeConsentText}",
|
|
"display.on.consent.screen": "true"
|
|
},
|
|
"protocolMappers": [
|
|
{
|
|
"id": "676401ce-60cc-46a9-93b9-dca0b0f1faf6",
|
|
"name": "phone number verified",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"introspection.token.claim": "true",
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "phoneNumberVerified",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "phone_number_verified",
|
|
"jsonType.label": "boolean"
|
|
}
|
|
},
|
|
{
|
|
"id": "dd4d15e6-d124-43a8-841f-ea642ef5bc93",
|
|
"name": "phone number",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"introspection.token.claim": "true",
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "phoneNumber",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "phone_number",
|
|
"jsonType.label": "String"
|
|
}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "6cbdd9ec-8bd3-4121-8eba-4327233dbf53",
|
|
"name": "role_list",
|
|
"description": "SAML role list",
|
|
"protocol": "saml",
|
|
"attributes": {
|
|
"consent.screen.text": "${samlRoleListScopeConsentText}",
|
|
"display.on.consent.screen": "true"
|
|
},
|
|
"protocolMappers": [
|
|
{
|
|
"id": "96fb77a8-968a-415f-a03c-971b5a175c5f",
|
|
"name": "role list",
|
|
"protocol": "saml",
|
|
"protocolMapper": "saml-role-list-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"single": "false",
|
|
"attribute.nameformat": "Basic",
|
|
"attribute.name": "Role"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"defaultDefaultClientScopes": [
|
|
"role_list",
|
|
"profile",
|
|
"email",
|
|
"roles",
|
|
"web-origins",
|
|
"acr",
|
|
"basic"
|
|
],
|
|
"defaultOptionalClientScopes": [
|
|
"offline_access",
|
|
"address",
|
|
"phone",
|
|
"microprofile-jwt"
|
|
],
|
|
"browserSecurityHeaders": {
|
|
"contentSecurityPolicyReportOnly": "",
|
|
"xContentTypeOptions": "nosniff",
|
|
"referrerPolicy": "no-referrer",
|
|
"xRobotsTag": "none",
|
|
"xFrameOptions": "SAMEORIGIN",
|
|
"contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
|
|
"xXSSProtection": "1; mode=block",
|
|
"strictTransportSecurity": "max-age=31536000; includeSubDomains"
|
|
},
|
|
"smtpServer": {},
|
|
"eventsEnabled": false,
|
|
"eventsListeners": ["jboss-logging"],
|
|
"enabledEventTypes": [],
|
|
"adminEventsEnabled": false,
|
|
"adminEventsDetailsEnabled": false,
|
|
"identityProviders": [],
|
|
"identityProviderMappers": [],
|
|
"components": {
|
|
"org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [
|
|
{
|
|
"id": "14a3a641-eff4-4177-98ff-80081fae612f",
|
|
"name": "Max Clients Limit",
|
|
"providerId": "max-clients",
|
|
"subType": "anonymous",
|
|
"subComponents": {},
|
|
"config": {
|
|
"max-clients": ["200"]
|
|
}
|
|
},
|
|
{
|
|
"id": "3f211d4a-277e-4198-a49f-8451076ce8b3",
|
|
"name": "Consent Required",
|
|
"providerId": "consent-required",
|
|
"subType": "anonymous",
|
|
"subComponents": {},
|
|
"config": {}
|
|
},
|
|
{
|
|
"id": "b9a91b05-a18a-4b45-a1b8-29b2fbd07ffd",
|
|
"name": "Full Scope Disabled",
|
|
"providerId": "scope",
|
|
"subType": "anonymous",
|
|
"subComponents": {},
|
|
"config": {}
|
|
},
|
|
{
|
|
"id": "96a2eabb-81ec-44fd-83be-64a560f2a384",
|
|
"name": "Allowed Client Scopes",
|
|
"providerId": "allowed-client-templates",
|
|
"subType": "anonymous",
|
|
"subComponents": {},
|
|
"config": {
|
|
"allow-default-scopes": ["true"]
|
|
}
|
|
},
|
|
{
|
|
"id": "df2ed699-faca-4981-b0eb-ad3c2723696b",
|
|
"name": "Allowed Protocol Mapper Types",
|
|
"providerId": "allowed-protocol-mappers",
|
|
"subType": "anonymous",
|
|
"subComponents": {},
|
|
"config": {
|
|
"allowed-protocol-mapper-types": [
|
|
"oidc-address-mapper",
|
|
"saml-user-property-mapper",
|
|
"oidc-usermodel-attribute-mapper",
|
|
"oidc-usermodel-property-mapper",
|
|
"oidc-sha256-pairwise-sub-mapper",
|
|
"saml-user-attribute-mapper",
|
|
"saml-role-list-mapper",
|
|
"oidc-full-name-mapper"
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"id": "0701ed0c-0451-4c5d-a00f-a4be764a7622",
|
|
"name": "Allowed Protocol Mapper Types",
|
|
"providerId": "allowed-protocol-mappers",
|
|
"subType": "authenticated",
|
|
"subComponents": {},
|
|
"config": {
|
|
"allowed-protocol-mapper-types": [
|
|
"saml-role-list-mapper",
|
|
"saml-user-attribute-mapper",
|
|
"oidc-full-name-mapper",
|
|
"saml-user-property-mapper",
|
|
"oidc-usermodel-property-mapper",
|
|
"oidc-sha256-pairwise-sub-mapper",
|
|
"oidc-usermodel-attribute-mapper",
|
|
"oidc-address-mapper"
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"id": "af33cccd-fd22-4022-b5a0-22d25f63618e",
|
|
"name": "Allowed Client Scopes",
|
|
"providerId": "allowed-client-templates",
|
|
"subType": "authenticated",
|
|
"subComponents": {},
|
|
"config": {
|
|
"allow-default-scopes": ["true"]
|
|
}
|
|
},
|
|
{
|
|
"id": "04daef40-4061-491c-9a4b-ff800e2fa21c",
|
|
"name": "Trusted Hosts",
|
|
"providerId": "trusted-hosts",
|
|
"subType": "anonymous",
|
|
"subComponents": {},
|
|
"config": {
|
|
"host-sending-registration-request-must-match": ["true"],
|
|
"client-uris-must-match": ["true"]
|
|
}
|
|
}
|
|
],
|
|
"org.keycloak.userprofile.UserProfileProvider": [
|
|
{
|
|
"id": "20918307-6ef4-4025-8eea-dd65bceeec34",
|
|
"providerId": "declarative-user-profile",
|
|
"subComponents": {},
|
|
"config": {
|
|
"kc.user.profile.config": [
|
|
"{\"attributes\":[{\"name\":\"username\",\"displayName\":\"${username}\",\"validations\":{\"length\":{\"min\":3,\"max\":255},\"username-prohibited-characters\":{},\"up-username-not-idn-homograph\":{}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"email\",\"displayName\":\"${email}\",\"validations\":{\"email\":{},\"length\":{\"max\":255}},\"annotations\":{},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"firstName\",\"displayName\":\"${firstName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"lastName\",\"displayName\":\"${lastName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false}],\"groups\":[{\"name\":\"user-metadata\",\"displayHeader\":\"User metadata\",\"displayDescription\":\"Attributes, which refer to user metadata\"}]}"
|
|
]
|
|
}
|
|
}
|
|
],
|
|
"org.keycloak.keys.KeyProvider": [
|
|
{
|
|
"id": "378e4484-59bd-4011-83ec-c29d3a00f096",
|
|
"name": "rsa-enc-generated",
|
|
"providerId": "rsa-enc-generated",
|
|
"subComponents": {},
|
|
"config": {
|
|
"privateKey": [
|
|
"MIIEpAIBAAKCAQEAqO6k1YaaZtF5El4q89LEKq0Ys+mASKCKcUOSr75YAj+43YQy7hR1cSkOD4eMCuSRhkLiitdX00YYcNZQFZk3+RqARaTduTfIKSisbOSuc0kokj8NbKpuBopKO6pyIpnTWf4/tzSWPtrU4oE+OZtLPs8eoQC+XL+kiVWWfaU/Zcihrcp3WHxNYn7lWMhFzskDu7Ez9Gz8lJamvaI0Da11jrPgBPs0a+riv+ttaURkA5u5ExyRdE4a5ZNxQnJF//QS9fqpkkrhA7u/OrN+qfaHMRgjgVrVO4Bk8HdKqMKNBftlEmz2ElUp9Egdfp/wWF9ytOt8RxH5FF5n+51kz/82DQIDAQABAoIBABMqtnWKluClEi9RE18EMiEkcBnTm6xB2MtWjyFU/5/LspIhknS8SgHrlk6RQsSmn9NDqff2TF7qhFHjIwV8U6M2DEk6ljSSXWm8FWoqfReT/KAxOrjyUlb4IEmKQnZmDRqYFAsZkpVxlzdW0iRPmBc5gUBjuPWFgenaFd/OHLYTwQD93EExVpPD2DgzIsxADY9ncs5MgXLeJbHmVv1bgvFYslKM0hpxRfytgYc4QkV0Tk5uQIrTs6kP1WyykEqIjKlOWMVwSZBkEGyqFy1kSt9q5AQFKBveM0nQQ+SPId4DKFi9biQpzR+Yzvty0y5Pdfc/MSoi7b/2ReppoExax7ECgYEA0jJ4q8+E+dln7IUzqK7hrYUctR1JFqARVPQRctUDnWvDqbNFZvsZLVlGV61kJtli7PEmfdvZfQ1/NicymJADJr4mbe2mX6eBTsFdzmSg+pdVyI4NAxvD/xlrRC2FIR1IJSkltN6EZ/LgIhoIAx9IMbJL+iizxNc7PeBjipWHEDECgYEAzb5FG74RivG6gbzR3s8fc+i4YTTTdx4h9RQ7BgligdabJr2Rqi1V3SrTc+Mu4csndl9Pdj0IDlrsgn4Mtya8IP40VjqpaUe4yfH2VhhfNLKxg3eJewUEfmvcf6P576BmZLXBaQhedGhdwz+xaGB7AkrA47hWK0G9yTo39dLEyJ0CgYEAgp+429R3Z6kSayqP4tjjCCk7oNXVMMlCXA/ctAbqWy64BkKQ86FBkSv0idIH9hiL4IEwEXDJZGw5zNZpG+QLAU2TpibUiIcY1W9XM0bXv0LCnYKhVXgwwdvzDAhZvi1rQySh+Rd7IvoNDUQuDHqpK7EIhCo9JSs39oj2cw3fRFECgYEAysLIAsY3LbJ6tt8qCaYf/jAMfaf8+ziUCJ6uaI2ZKhIgh3ZtdsQFCdjp2Ry8mEOJGYxmmEUfil4rFZM53snqv60mURCw4pOPVl4CAek08o9kiAanU7inLBwKizRD3dc68ed5u5RG2fv8464CnbXvpFudaw7AxRKeAhFBEx9rVbUCgYAJPk9YI5qH4ed/E/cWGrNrRG9ds/e3JeZ5QJ33Dew0jOvG+TyJQDFk76SCP913VsNCGRIJS3V6AO428hRnAMNbuiMAEVpO27mz1b8YzjDiDB3ydcG1EIusKxDXXv83C6C04LN/jaVx0zcxUBKD/pTCXt/QuCbcw7KzMqHb7zLsww=="
|
|
],
|
|
"keyUse": ["ENC"],
|
|
"certificate": [
|
|
"MIICnTCCAYUCBgGRMQ1NojANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdzcGVja2xlMB4XDTI0MDgwODA4MTIyMVoXDTM0MDgwODA4MTQwMVowEjEQMA4GA1UEAwwHc3BlY2tsZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKjupNWGmmbReRJeKvPSxCqtGLPpgEiginFDkq++WAI/uN2EMu4UdXEpDg+HjArkkYZC4orXV9NGGHDWUBWZN/kagEWk3bk3yCkorGzkrnNJKJI/DWyqbgaKSjuqciKZ01n+P7c0lj7a1OKBPjmbSz7PHqEAvly/pIlVln2lP2XIoa3Kd1h8TWJ+5VjIRc7JA7uxM/Rs/JSWpr2iNA2tdY6z4AT7NGvq4r/rbWlEZAObuRMckXROGuWTcUJyRf/0EvX6qZJK4QO7vzqzfqn2hzEYI4Fa1TuAZPB3SqjCjQX7ZRJs9hJVKfRIHX6f8FhfcrTrfEcR+RReZ/udZM//Ng0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAjbgmcsbbZMz6HLWGqdcr+sCnpSNF1L3Bwf3rtQ1bxgzbW3CcQfNIKWzAW9kjfY8t3z3v2SUrRwn3PV2zst9o+t5VhoSaaLcePXnBcvfIHxMdSCQDk+6pllnRnffBgihRufBs3SDWzIDOKtsXOtYib1t7obLy9MOUvZ6jMKG4S7dCdkS3efRzhNsA6g8b7zfqv1QxhcnftNkm+WeAqi6n5n/GgQwcVs8ki5JaXmby7M8NgKZdeS1+pqpff5yol128x5qlNyelUmG3xyObsGsgJLVv+Jbv8+REKpXfvYzkkvtg1qPvEoAL1asOxqzWqVsscMm7wFnV6L6beOCu7qdgTQ=="
|
|
],
|
|
"priority": ["100"],
|
|
"algorithm": ["RSA-OAEP"]
|
|
}
|
|
},
|
|
{
|
|
"id": "5ec56840-aadd-4d94-b77d-147ed099a0ef",
|
|
"name": "hmac-generated-hs512",
|
|
"providerId": "hmac-generated",
|
|
"subComponents": {},
|
|
"config": {
|
|
"kid": ["9c9eaf6f-e6e5-40cf-ae7d-545e2ef41431"],
|
|
"secret": [
|
|
"n8pdCHhgUoPSsN2SJc95lAFf9c1oMeqPZJJXAqhF-QvtB3c3BU_gsakXm-FHo05k-ntiIcFm1z0-NqDGDK7DVhvT4IBTmBIuVk9hPn81hjURang3k2xfC3jIPvpzpWt-hXdZ9byqSRKV8D8BtXbHxSwHENZQsypEh2Ivteok_Vs"
|
|
],
|
|
"priority": ["100"],
|
|
"algorithm": ["HS512"]
|
|
}
|
|
},
|
|
{
|
|
"id": "9f5d7eaa-5415-413f-9354-e5e78ed13d8c",
|
|
"name": "aes-generated",
|
|
"providerId": "aes-generated",
|
|
"subComponents": {},
|
|
"config": {
|
|
"kid": ["8de8bc69-8faf-4469-aefe-ad91c5d82a5a"],
|
|
"secret": ["W09Ei6AgzLlz0I8oOyRCFA"],
|
|
"priority": ["100"]
|
|
}
|
|
},
|
|
{
|
|
"id": "2cbaab9c-8d27-4b8a-81d2-cf210ded7f69",
|
|
"name": "rsa-generated",
|
|
"providerId": "rsa-generated",
|
|
"subComponents": {},
|
|
"config": {
|
|
"privateKey": [
|
|
"MIIEowIBAAKCAQEAuJ2YEnWyF22kmGCavEq2+yNk84DHDLI2EdZgqNp/mO8kqZFFwAnYzyhMoyZve8aVVlI5A4loGxU6n8JgMF/B4PDzi/TSjPbaq+shp06HX6739QxViSdtVOaCJV0Dp00DdJlQ0igSxWsAAYGpF7gCB7iJP1VRSYrwMTrauEUka9NRdmZAVueFJkX+B6qTbb151Zpcb/1u/7bY/5jnitl8Vx3ACVuS1hGOPxj3oKmSND1yLbcnT1CceyOXS2PGN7ZJ86+TjBkCkqAtWFFHtDD1VMPiwpzQyBS+XGM8/4Sb+oDD1tWsZY5UNjru4DSun0WJWynDtJ8CG4XFwBpM9UbwwwIDAQABAoIBADEcDvt+HolX68xzCkZjU6ibwjt6Orj4YSS+k8jnEsFCgEyxLc5HcEqvDC/sRgS1jz0+sxbrQuvNamJcKQ1FM8RcJFVLI4VHF2VbL4EbhSxhVWl0xf4tpEpM5Tr+Mr4a4Pvv2s2ExnWIoKBF9w6trrCSGMRltDFtibZ20v7ouacKw1NlrJw43DPvWVnAxsmvq+GveAt6moQpIyHxW4kEFq/OJirTIiogb9HbyHAyqxmce84JwbeUui2/FWD9omw7/+HIS9pFL7jU3Ls8sO5TPOWAzgL7VGggUWLF7UcKKirbnuRU7GAjv3R5ZiEftCHW0Rzi6+aTloAIOYgzFMWIWHkCgYEA+muixHBM55DIT6JHg3gThFw2dAwvpCvpBbIpMdAu3nzNBWohzs3hHt+Y8/LsIK7IChw56BFkzq6cAaqpwhxElvQ9vp2v9/96ct9cyzpCeiUgiv6c5GKnOdx4Z/YxkmeirpkFf4oCS2pTTkbb9BgY+1fO41EhXeoLvCXJzFXePWsCgYEAvLqdxj/RveZhCQEkaS6y14jr0qwk7e8OUnuPZEi+SInEQjmmQQlGPBsGe24U6fN65HHTPghlu1VvfjDD84fNH1XBvBs72asRJbfktJXFScyLgoeXLJFLR+GZusnhomEChMFZ5Zus7u09jwsjZCdnP7aKYFGkYKw6N+G3Lu6OWAkCgYEA6zhlaG0v36eAcES3Ncd5Va+kOncj3Oqd9Aq4ZSDulW/WyIo7fVynY++VZTe+Eqj6H30J63FDJlyfD3W2BS22Q7DhuoW1v5YK95HVQNPVk5QCMG0fA+uitlfgBY8cWy/bgHMd1gHVS+9wlqs6edqUxKpjG+SeGe/4298G4Vea7EcCgYAG3j+5pD7sy0KCwmDh1wo5H8l9PDiH1ChQRiDcxGzwVNsokdKEEWNV8qHUwhfOv8acI6xNWJ7jJ2PMUtf+t9V2K3fGcbNG45vXJI8VJ1Irsl7tXCPbQlpb/lDK5Gfqsd8Wl7a+zWCIvWd9GimqjmiKgAkfIjl6LypbOEKjWZkiiQKBgG+dehtU4+xAxbFjuBkBFU4EiaVo2d4jNU/X9GO9YOyCi1ecvF8x+LBFWO4kWKDvvkHMRV5HoJUOcyM8K5BB4ZQMr12I5rtEAh44XT7Mcp+OEbShGEs7JFU+aFy/EGtdBp4jzdfiri+IiLQATZE61lNjK1y+2BhMjSY3U8Ug60U1"
|
|
],
|
|
"keyUse": ["SIG"],
|
|
"certificate": [
|
|
"MIICnTCCAYUCBgGRMQ1MgDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdzcGVja2xlMB4XDTI0MDgwODA4MTIyMFoXDTM0MDgwODA4MTQwMFowEjEQMA4GA1UEAwwHc3BlY2tsZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALidmBJ1shdtpJhgmrxKtvsjZPOAxwyyNhHWYKjaf5jvJKmRRcAJ2M8oTKMmb3vGlVZSOQOJaBsVOp/CYDBfweDw84v00oz22qvrIadOh1+u9/UMVYknbVTmgiVdA6dNA3SZUNIoEsVrAAGBqRe4Age4iT9VUUmK8DE62rhFJGvTUXZmQFbnhSZF/geqk229edWaXG/9bv+22P+Y54rZfFcdwAlbktYRjj8Y96CpkjQ9ci23J09QnHsjl0tjxje2SfOvk4wZApKgLVhRR7Qw9VTD4sKc0MgUvlxjPP+Em/qAw9bVrGWOVDY67uA0rp9FiVspw7SfAhuFxcAaTPVG8MMCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAbJwv4h4worFEFIYl+dGr4UfItKkTNqNspf9DaqoK2itR/X3dSjm1nEzZaE0qIFdSGGswBMUpPJXo6KD3hvWZ3ntGdiy2/9E6YCLbmXSN6TkgPifVaGw7aRS+snSXRHBXue4Bi+/9Sse0c0p6Z4oP1y/C2tgVEqNmoQH26D+6Wv24w970t05dxpZHC6ISccZuox4pF/xWQERHiFhlyhUAaEsXa5tAYgBySda5a44px4IlAbl34dVcafGiiXh1xfy+IjSfko16OCOauQItUoTPInoFqDqffBynw7DhVRXDo5rfaxCm9xgZSqqDuClVzMc+0162jrg3LnY4VHZnoJRh1A=="
|
|
],
|
|
"priority": ["100"]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"internationalizationEnabled": false,
|
|
"supportedLocales": [],
|
|
"authenticationFlows": [
|
|
{
|
|
"id": "5ad21fff-1342-4cdc-b69e-bdae6ec16ccf",
|
|
"alias": "Account verification options",
|
|
"description": "Method with which to verity the existing account",
|
|
"providerId": "basic-flow",
|
|
"topLevel": false,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "idp-email-verification",
|
|
"authenticatorFlow": false,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticatorFlow": true,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 20,
|
|
"autheticatorFlow": true,
|
|
"flowAlias": "Verify Existing Account by Re-authentication",
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "7f5d2b3c-2042-4d91-af7d-979b42eb998c",
|
|
"alias": "Browser - Conditional OTP",
|
|
"description": "Flow to determine if the OTP is required for the authentication",
|
|
"providerId": "basic-flow",
|
|
"topLevel": false,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "conditional-user-configured",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "auth-otp-form",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 20,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "6bb57892-5bda-4695-8523-939ebb66486f",
|
|
"alias": "Direct Grant - Conditional OTP",
|
|
"description": "Flow to determine if the OTP is required for the authentication",
|
|
"providerId": "basic-flow",
|
|
"topLevel": false,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "conditional-user-configured",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "direct-grant-validate-otp",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 20,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "159619d0-ac22-4fdc-8d2d-225780dfcd8c",
|
|
"alias": "First broker login - Conditional OTP",
|
|
"description": "Flow to determine if the OTP is required for the authentication",
|
|
"providerId": "basic-flow",
|
|
"topLevel": false,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "conditional-user-configured",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "auth-otp-form",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 20,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "7297fa36-0d4f-4a46-9511-a2afbeed03b3",
|
|
"alias": "Handle Existing Account",
|
|
"description": "Handle what to do if there is existing account with same email/username like authenticated identity provider",
|
|
"providerId": "basic-flow",
|
|
"topLevel": false,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "idp-confirm-link",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticatorFlow": true,
|
|
"requirement": "REQUIRED",
|
|
"priority": 20,
|
|
"autheticatorFlow": true,
|
|
"flowAlias": "Account verification options",
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "ccb01bf2-6374-4175-82ba-ff984cffcbf0",
|
|
"alias": "Reset - Conditional OTP",
|
|
"description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.",
|
|
"providerId": "basic-flow",
|
|
"topLevel": false,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "conditional-user-configured",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "reset-otp",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 20,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "2749507a-0594-4000-889a-652417db7a7e",
|
|
"alias": "User creation or linking",
|
|
"description": "Flow for the existing/non-existing user alternatives",
|
|
"providerId": "basic-flow",
|
|
"topLevel": false,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticatorConfig": "create unique user config",
|
|
"authenticator": "idp-create-user-if-unique",
|
|
"authenticatorFlow": false,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticatorFlow": true,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 20,
|
|
"autheticatorFlow": true,
|
|
"flowAlias": "Handle Existing Account",
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "0c63b0c9-69f6-4878-85d6-06f0ce2e47e2",
|
|
"alias": "Verify Existing Account by Re-authentication",
|
|
"description": "Reauthentication of existing account",
|
|
"providerId": "basic-flow",
|
|
"topLevel": false,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "idp-username-password-form",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticatorFlow": true,
|
|
"requirement": "CONDITIONAL",
|
|
"priority": 20,
|
|
"autheticatorFlow": true,
|
|
"flowAlias": "First broker login - Conditional OTP",
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "f6d684c0-9641-4f4e-adae-c2cc30f21ec6",
|
|
"alias": "browser",
|
|
"description": "browser based authentication",
|
|
"providerId": "basic-flow",
|
|
"topLevel": true,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "auth-cookie",
|
|
"authenticatorFlow": false,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "auth-spnego",
|
|
"authenticatorFlow": false,
|
|
"requirement": "DISABLED",
|
|
"priority": 20,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "identity-provider-redirector",
|
|
"authenticatorFlow": false,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 25,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticatorFlow": true,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 30,
|
|
"autheticatorFlow": true,
|
|
"flowAlias": "forms",
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "0d33e19f-cc64-4fbb-abb6-a656ed6aa94d",
|
|
"alias": "clients",
|
|
"description": "Base authentication for clients",
|
|
"providerId": "client-flow",
|
|
"topLevel": true,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "client-secret",
|
|
"authenticatorFlow": false,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "client-jwt",
|
|
"authenticatorFlow": false,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 20,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "client-secret-jwt",
|
|
"authenticatorFlow": false,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 30,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "client-x509",
|
|
"authenticatorFlow": false,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 40,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "f291d250-9b25-4a57-9617-0017863affed",
|
|
"alias": "direct grant",
|
|
"description": "OpenID Connect Resource Owner Grant",
|
|
"providerId": "basic-flow",
|
|
"topLevel": true,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "direct-grant-validate-username",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "direct-grant-validate-password",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 20,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticatorFlow": true,
|
|
"requirement": "CONDITIONAL",
|
|
"priority": 30,
|
|
"autheticatorFlow": true,
|
|
"flowAlias": "Direct Grant - Conditional OTP",
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "bfd7c74f-8670-4c8e-80f3-1daed6bba003",
|
|
"alias": "docker auth",
|
|
"description": "Used by Docker clients to authenticate against the IDP",
|
|
"providerId": "basic-flow",
|
|
"topLevel": true,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "docker-http-basic-authenticator",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "92b8e7e2-4498-408e-932f-f4aba6be4204",
|
|
"alias": "first broker login",
|
|
"description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
|
|
"providerId": "basic-flow",
|
|
"topLevel": true,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticatorConfig": "review profile config",
|
|
"authenticator": "idp-review-profile",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticatorFlow": true,
|
|
"requirement": "REQUIRED",
|
|
"priority": 20,
|
|
"autheticatorFlow": true,
|
|
"flowAlias": "User creation or linking",
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "30af24ea-6090-4208-8609-ba36a6ee219e",
|
|
"alias": "forms",
|
|
"description": "Username, password, otp and other auth forms.",
|
|
"providerId": "basic-flow",
|
|
"topLevel": false,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "auth-username-password-form",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticatorFlow": true,
|
|
"requirement": "CONDITIONAL",
|
|
"priority": 20,
|
|
"autheticatorFlow": true,
|
|
"flowAlias": "Browser - Conditional OTP",
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "80891cfa-75da-4acb-913e-d33f3eeaa9bc",
|
|
"alias": "registration",
|
|
"description": "registration flow",
|
|
"providerId": "basic-flow",
|
|
"topLevel": true,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "registration-page-form",
|
|
"authenticatorFlow": true,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"autheticatorFlow": true,
|
|
"flowAlias": "registration form",
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "af0c1820-f6ae-478f-b73c-dcf88fd42086",
|
|
"alias": "registration form",
|
|
"description": "registration form",
|
|
"providerId": "form-flow",
|
|
"topLevel": false,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "registration-user-creation",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 20,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "registration-password-action",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 50,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "registration-recaptcha-action",
|
|
"authenticatorFlow": false,
|
|
"requirement": "DISABLED",
|
|
"priority": 60,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "registration-terms-and-conditions",
|
|
"authenticatorFlow": false,
|
|
"requirement": "DISABLED",
|
|
"priority": 70,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "abe3a285-9fb3-499b-ac50-adbc484e075d",
|
|
"alias": "reset credentials",
|
|
"description": "Reset credentials for a user if they forgot their password or something",
|
|
"providerId": "basic-flow",
|
|
"topLevel": true,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "reset-credentials-choose-user",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "reset-credential-email",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 20,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "reset-password",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 30,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticatorFlow": true,
|
|
"requirement": "CONDITIONAL",
|
|
"priority": 40,
|
|
"autheticatorFlow": true,
|
|
"flowAlias": "Reset - Conditional OTP",
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "163fcd5e-de61-4843-be4d-8e01f42566b6",
|
|
"alias": "saml ecp",
|
|
"description": "SAML ECP Profile Authentication Flow",
|
|
"providerId": "basic-flow",
|
|
"topLevel": true,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "http-basic-authenticator",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"authenticatorConfig": [
|
|
{
|
|
"id": "ae5aab89-c28b-47c3-b237-6531c919deea",
|
|
"alias": "create unique user config",
|
|
"config": {
|
|
"require.password.update.after.registration": "false"
|
|
}
|
|
},
|
|
{
|
|
"id": "887e4380-1d97-44b3-b7ad-7ff6277f9d57",
|
|
"alias": "review profile config",
|
|
"config": {
|
|
"update.profile.on.first.login": "missing"
|
|
}
|
|
}
|
|
],
|
|
"requiredActions": [
|
|
{
|
|
"alias": "CONFIGURE_TOTP",
|
|
"name": "Configure OTP",
|
|
"providerId": "CONFIGURE_TOTP",
|
|
"enabled": true,
|
|
"defaultAction": false,
|
|
"priority": 10,
|
|
"config": {}
|
|
},
|
|
{
|
|
"alias": "TERMS_AND_CONDITIONS",
|
|
"name": "Terms and Conditions",
|
|
"providerId": "TERMS_AND_CONDITIONS",
|
|
"enabled": false,
|
|
"defaultAction": false,
|
|
"priority": 20,
|
|
"config": {}
|
|
},
|
|
{
|
|
"alias": "UPDATE_PASSWORD",
|
|
"name": "Update Password",
|
|
"providerId": "UPDATE_PASSWORD",
|
|
"enabled": true,
|
|
"defaultAction": false,
|
|
"priority": 30,
|
|
"config": {}
|
|
},
|
|
{
|
|
"alias": "UPDATE_PROFILE",
|
|
"name": "Update Profile",
|
|
"providerId": "UPDATE_PROFILE",
|
|
"enabled": true,
|
|
"defaultAction": false,
|
|
"priority": 40,
|
|
"config": {}
|
|
},
|
|
{
|
|
"alias": "VERIFY_EMAIL",
|
|
"name": "Verify Email",
|
|
"providerId": "VERIFY_EMAIL",
|
|
"enabled": true,
|
|
"defaultAction": false,
|
|
"priority": 50,
|
|
"config": {}
|
|
},
|
|
{
|
|
"alias": "delete_account",
|
|
"name": "Delete Account",
|
|
"providerId": "delete_account",
|
|
"enabled": false,
|
|
"defaultAction": false,
|
|
"priority": 60,
|
|
"config": {}
|
|
},
|
|
{
|
|
"alias": "webauthn-register",
|
|
"name": "Webauthn Register",
|
|
"providerId": "webauthn-register",
|
|
"enabled": true,
|
|
"defaultAction": false,
|
|
"priority": 70,
|
|
"config": {}
|
|
},
|
|
{
|
|
"alias": "webauthn-register-passwordless",
|
|
"name": "Webauthn Register Passwordless",
|
|
"providerId": "webauthn-register-passwordless",
|
|
"enabled": true,
|
|
"defaultAction": false,
|
|
"priority": 80,
|
|
"config": {}
|
|
},
|
|
{
|
|
"alias": "VERIFY_PROFILE",
|
|
"name": "Verify Profile",
|
|
"providerId": "VERIFY_PROFILE",
|
|
"enabled": true,
|
|
"defaultAction": false,
|
|
"priority": 90,
|
|
"config": {}
|
|
},
|
|
{
|
|
"alias": "delete_credential",
|
|
"name": "Delete Credential",
|
|
"providerId": "delete_credential",
|
|
"enabled": true,
|
|
"defaultAction": false,
|
|
"priority": 100,
|
|
"config": {}
|
|
},
|
|
{
|
|
"alias": "update_user_locale",
|
|
"name": "Update User Locale",
|
|
"providerId": "update_user_locale",
|
|
"enabled": true,
|
|
"defaultAction": false,
|
|
"priority": 1000,
|
|
"config": {}
|
|
}
|
|
],
|
|
"browserFlow": "browser",
|
|
"registrationFlow": "registration",
|
|
"directGrantFlow": "direct grant",
|
|
"resetCredentialsFlow": "reset credentials",
|
|
"clientAuthenticationFlow": "clients",
|
|
"dockerAuthenticationFlow": "docker auth",
|
|
"firstBrokerLoginFlow": "first broker login",
|
|
"attributes": {
|
|
"cibaBackchannelTokenDeliveryMode": "poll",
|
|
"cibaAuthRequestedUserHint": "login_hint",
|
|
"oauth2DevicePollingInterval": "5",
|
|
"clientOfflineSessionMaxLifespan": "0",
|
|
"clientSessionIdleTimeout": "0",
|
|
"clientOfflineSessionIdleTimeout": "0",
|
|
"cibaInterval": "5",
|
|
"realmReusableOtpCode": "false",
|
|
"cibaExpiresIn": "120",
|
|
"oauth2DeviceCodeLifespan": "600",
|
|
"parRequestUriLifespan": "60",
|
|
"clientSessionMaxLifespan": "0",
|
|
"organizationsEnabled": "false"
|
|
},
|
|
"keycloakVersion": "25.0.2",
|
|
"userManagedAccessAllowed": false,
|
|
"organizationsEnabled": false,
|
|
"clientProfiles": {
|
|
"profiles": []
|
|
},
|
|
"clientPolicies": {
|
|
"policies": []
|
|
}
|
|
}
|