mirror of
https://github.com/SecurityBrewery/catalyst.git
synced 2025-12-06 07:12:46 +01:00
1998 lines
60 KiB
JSON
1998 lines
60 KiB
JSON
{
|
|
"id": "catalyst",
|
|
"realm": "catalyst",
|
|
"notBefore": 0,
|
|
"defaultSignatureAlgorithm": "RS256",
|
|
"revokeRefreshToken": false,
|
|
"refreshTokenMaxReuse": 0,
|
|
"accessTokenLifespan": 300,
|
|
"accessTokenLifespanForImplicitFlow": 900,
|
|
"ssoSessionIdleTimeout": 1800,
|
|
"ssoSessionMaxLifespan": 36000,
|
|
"ssoSessionIdleTimeoutRememberMe": 0,
|
|
"ssoSessionMaxLifespanRememberMe": 0,
|
|
"offlineSessionIdleTimeout": 2592000,
|
|
"offlineSessionMaxLifespanEnabled": false,
|
|
"offlineSessionMaxLifespan": 5184000,
|
|
"clientSessionIdleTimeout": 0,
|
|
"clientSessionMaxLifespan": 0,
|
|
"clientOfflineSessionIdleTimeout": 0,
|
|
"clientOfflineSessionMaxLifespan": 0,
|
|
"accessCodeLifespan": 60,
|
|
"accessCodeLifespanUserAction": 300,
|
|
"accessCodeLifespanLogin": 1800,
|
|
"actionTokenGeneratedByAdminLifespan": 43200,
|
|
"actionTokenGeneratedByUserLifespan": 300,
|
|
"oauth2DeviceCodeLifespan": 600,
|
|
"oauth2DevicePollingInterval": 5,
|
|
"enabled": true,
|
|
"sslRequired": "external",
|
|
"registrationAllowed": false,
|
|
"registrationEmailAsUsername": false,
|
|
"rememberMe": false,
|
|
"verifyEmail": false,
|
|
"loginWithEmailAllowed": true,
|
|
"duplicateEmailsAllowed": false,
|
|
"resetPasswordAllowed": false,
|
|
"editUsernameAllowed": false,
|
|
"bruteForceProtected": false,
|
|
"permanentLockout": false,
|
|
"maxFailureWaitSeconds": 900,
|
|
"minimumQuickLoginWaitSeconds": 60,
|
|
"waitIncrementSeconds": 60,
|
|
"quickLoginCheckMilliSeconds": 1000,
|
|
"maxDeltaTimeSeconds": 43200,
|
|
"failureFactor": 30,
|
|
"defaultRole": {
|
|
"id": "43c7a86b-0423-4699-bc4f-94979c8995c6",
|
|
"name": "default-roles-catalyst",
|
|
"description": "${role_default-roles}",
|
|
"composite": true,
|
|
"clientRole": false,
|
|
"containerId": "catalyst"
|
|
},
|
|
"requiredCredentials": [
|
|
"password"
|
|
],
|
|
"otpPolicyType": "totp",
|
|
"otpPolicyAlgorithm": "HmacSHA1",
|
|
"otpPolicyInitialCounter": 0,
|
|
"otpPolicyDigits": 6,
|
|
"otpPolicyLookAheadWindow": 1,
|
|
"otpPolicyPeriod": 30,
|
|
"otpSupportedApplications": [
|
|
"FreeOTP",
|
|
"Google Authenticator"
|
|
],
|
|
"webAuthnPolicyRpEntityName": "keycloak",
|
|
"webAuthnPolicySignatureAlgorithms": [
|
|
"ES256"
|
|
],
|
|
"webAuthnPolicyRpId": "",
|
|
"webAuthnPolicyAttestationConveyancePreference": "not specified",
|
|
"webAuthnPolicyAuthenticatorAttachment": "not specified",
|
|
"webAuthnPolicyRequireResidentKey": "not specified",
|
|
"webAuthnPolicyUserVerificationRequirement": "not specified",
|
|
"webAuthnPolicyCreateTimeout": 0,
|
|
"webAuthnPolicyAvoidSameAuthenticatorRegister": false,
|
|
"webAuthnPolicyAcceptableAaguids": [],
|
|
"webAuthnPolicyPasswordlessRpEntityName": "keycloak",
|
|
"webAuthnPolicyPasswordlessSignatureAlgorithms": [
|
|
"ES256"
|
|
],
|
|
"webAuthnPolicyPasswordlessRpId": "",
|
|
"webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified",
|
|
"webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified",
|
|
"webAuthnPolicyPasswordlessRequireResidentKey": "not specified",
|
|
"webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified",
|
|
"webAuthnPolicyPasswordlessCreateTimeout": 0,
|
|
"webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false,
|
|
"webAuthnPolicyPasswordlessAcceptableAaguids": [],
|
|
"users": [
|
|
{
|
|
"id": "2da488d4-f934-4cfc-92fe-16bfbfd693e2",
|
|
"createdTimestamp": 1625168814915,
|
|
"username": "service-account-reader",
|
|
"enabled": true,
|
|
"totp": false,
|
|
"emailVerified": false,
|
|
"serviceAccountClientId": "reader",
|
|
"disableableCredentialTypes": [],
|
|
"requiredActions": [],
|
|
"notBefore": 0
|
|
},
|
|
{
|
|
"username" : "alice",
|
|
"enabled": true,
|
|
"email" : "alice@example.org",
|
|
"firstName": "Alice",
|
|
"lastName": "Alert Analyst",
|
|
"credentials" : [
|
|
{ "type" : "password", "value" : "alice" }
|
|
]
|
|
},
|
|
{
|
|
"username" : "bob",
|
|
"enabled": true,
|
|
"email" : "bob@example.org",
|
|
"firstName": "Bob",
|
|
"lastName": "Incident Handler",
|
|
"credentials" : [
|
|
{ "type" : "password", "value" : "bob" }
|
|
]
|
|
},
|
|
{
|
|
"username" : "carol",
|
|
"enabled": true,
|
|
"email" : "carol@example.org",
|
|
"firstName": "Carol",
|
|
"lastName": "Forensicator",
|
|
"credentials" : [
|
|
{ "type" : "password", "value" : "carol" }
|
|
]
|
|
},
|
|
{
|
|
"username" : "dave",
|
|
"enabled": true,
|
|
"email" : "dave@example.org",
|
|
"firstName": "Dave",
|
|
"lastName": "Admin",
|
|
"credentials" : [
|
|
{ "type" : "password", "value" : "dave" }
|
|
]
|
|
},
|
|
{
|
|
"username" : "eve",
|
|
"enabled": true,
|
|
"email" : "eve@example.org",
|
|
"firstName": "Eve",
|
|
"lastName": "Team Lead",
|
|
"credentials" : [
|
|
{ "type" : "password", "value" : "eve" }
|
|
]
|
|
}
|
|
],
|
|
"scopeMappings": [
|
|
{
|
|
"clientScope": "offline_access",
|
|
"roles": [
|
|
"offline_access"
|
|
]
|
|
}
|
|
],
|
|
"clientScopeMappings": {
|
|
"account": [
|
|
{
|
|
"client": "account-console",
|
|
"roles": [
|
|
"manage-account"
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"clients": [
|
|
{
|
|
"id": "86c72872-e504-4a19-89d6-5c3843a107c6",
|
|
"clientId": "account",
|
|
"name": "${client_account}",
|
|
"rootUrl": "${authBaseUrl}",
|
|
"baseUrl": "/realms/catalyst/account/",
|
|
"surrogateAuthRequired": false,
|
|
"enabled": true,
|
|
"alwaysDisplayInConsole": false,
|
|
"clientAuthenticatorType": "client-secret",
|
|
"redirectUris": [
|
|
"/realms/catalyst/account/*"
|
|
],
|
|
"webOrigins": [],
|
|
"notBefore": 0,
|
|
"bearerOnly": false,
|
|
"consentRequired": false,
|
|
"standardFlowEnabled": true,
|
|
"implicitFlowEnabled": false,
|
|
"directAccessGrantsEnabled": false,
|
|
"serviceAccountsEnabled": false,
|
|
"publicClient": true,
|
|
"frontchannelLogout": false,
|
|
"protocol": "openid-connect",
|
|
"attributes": {},
|
|
"authenticationFlowBindingOverrides": {},
|
|
"fullScopeAllowed": false,
|
|
"nodeReRegistrationTimeout": 0,
|
|
"defaultClientScopes": [
|
|
"web-origins",
|
|
"roles",
|
|
"profile",
|
|
"email"
|
|
],
|
|
"optionalClientScopes": [
|
|
"address",
|
|
"phone",
|
|
"offline_access",
|
|
"microprofile-jwt"
|
|
]
|
|
},
|
|
{
|
|
"id": "50acde65-ed47-42ed-9447-0b4b43983cf9",
|
|
"clientId": "account-console",
|
|
"name": "${client_account-console}",
|
|
"rootUrl": "${authBaseUrl}",
|
|
"baseUrl": "/realms/catalyst/account/",
|
|
"surrogateAuthRequired": false,
|
|
"enabled": true,
|
|
"alwaysDisplayInConsole": false,
|
|
"clientAuthenticatorType": "client-secret",
|
|
"redirectUris": [
|
|
"/realms/catalyst/account/*"
|
|
],
|
|
"webOrigins": [],
|
|
"notBefore": 0,
|
|
"bearerOnly": false,
|
|
"consentRequired": false,
|
|
"standardFlowEnabled": true,
|
|
"implicitFlowEnabled": false,
|
|
"directAccessGrantsEnabled": false,
|
|
"serviceAccountsEnabled": false,
|
|
"publicClient": true,
|
|
"frontchannelLogout": false,
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"pkce.code.challenge.method": "S256"
|
|
},
|
|
"authenticationFlowBindingOverrides": {},
|
|
"fullScopeAllowed": false,
|
|
"nodeReRegistrationTimeout": 0,
|
|
"protocolMappers": [
|
|
{
|
|
"id": "8f05de9b-20b0-4cb0-9885-c1f08b16494d",
|
|
"name": "audience resolve",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-audience-resolve-mapper",
|
|
"consentRequired": false,
|
|
"config": {}
|
|
}
|
|
],
|
|
"defaultClientScopes": [
|
|
"web-origins",
|
|
"roles",
|
|
"profile",
|
|
"email"
|
|
],
|
|
"optionalClientScopes": [
|
|
"address",
|
|
"phone",
|
|
"offline_access",
|
|
"microprofile-jwt"
|
|
]
|
|
},
|
|
{
|
|
"id": "ce10e93d-9e15-4420-a8fd-c8fb8d262596",
|
|
"clientId": "admin-cli",
|
|
"name": "${client_admin-cli}",
|
|
"surrogateAuthRequired": false,
|
|
"enabled": true,
|
|
"alwaysDisplayInConsole": false,
|
|
"clientAuthenticatorType": "client-secret",
|
|
"redirectUris": [],
|
|
"webOrigins": [],
|
|
"notBefore": 0,
|
|
"bearerOnly": false,
|
|
"consentRequired": false,
|
|
"standardFlowEnabled": false,
|
|
"implicitFlowEnabled": false,
|
|
"directAccessGrantsEnabled": true,
|
|
"serviceAccountsEnabled": false,
|
|
"publicClient": true,
|
|
"frontchannelLogout": false,
|
|
"protocol": "openid-connect",
|
|
"attributes": {},
|
|
"authenticationFlowBindingOverrides": {},
|
|
"fullScopeAllowed": false,
|
|
"nodeReRegistrationTimeout": 0,
|
|
"defaultClientScopes": [
|
|
"web-origins",
|
|
"roles",
|
|
"profile",
|
|
"email"
|
|
],
|
|
"optionalClientScopes": [
|
|
"address",
|
|
"phone",
|
|
"offline_access",
|
|
"microprofile-jwt"
|
|
]
|
|
},
|
|
{
|
|
"id": "ff18f8fb-27be-47c2-9a76-3ceb17ccccd8",
|
|
"clientId": "broker",
|
|
"name": "${client_broker}",
|
|
"surrogateAuthRequired": false,
|
|
"enabled": true,
|
|
"alwaysDisplayInConsole": false,
|
|
"clientAuthenticatorType": "client-secret",
|
|
"redirectUris": [],
|
|
"webOrigins": [],
|
|
"notBefore": 0,
|
|
"bearerOnly": true,
|
|
"consentRequired": false,
|
|
"standardFlowEnabled": true,
|
|
"implicitFlowEnabled": false,
|
|
"directAccessGrantsEnabled": false,
|
|
"serviceAccountsEnabled": false,
|
|
"publicClient": false,
|
|
"frontchannelLogout": false,
|
|
"protocol": "openid-connect",
|
|
"attributes": {},
|
|
"authenticationFlowBindingOverrides": {},
|
|
"fullScopeAllowed": false,
|
|
"nodeReRegistrationTimeout": 0,
|
|
"defaultClientScopes": [
|
|
"web-origins",
|
|
"roles",
|
|
"profile",
|
|
"email"
|
|
],
|
|
"optionalClientScopes": [
|
|
"address",
|
|
"phone",
|
|
"offline_access",
|
|
"microprofile-jwt"
|
|
]
|
|
},
|
|
{
|
|
"id": "43419de7-4beb-4401-9a7f-34aedf158305",
|
|
"clientId": "reader",
|
|
"surrogateAuthRequired": false,
|
|
"enabled": true,
|
|
"alwaysDisplayInConsole": false,
|
|
"clientAuthenticatorType": "client-secret",
|
|
"secret": "**********",
|
|
"redirectUris": [],
|
|
"webOrigins": [],
|
|
"notBefore": 0,
|
|
"bearerOnly": false,
|
|
"consentRequired": false,
|
|
"standardFlowEnabled": false,
|
|
"implicitFlowEnabled": false,
|
|
"directAccessGrantsEnabled": false,
|
|
"serviceAccountsEnabled": true,
|
|
"publicClient": false,
|
|
"frontchannelLogout": false,
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"saml.assertion.signature": "false",
|
|
"id.token.as.detached.signature": "false",
|
|
"saml.multivalued.roles": "false",
|
|
"saml.force.post.binding": "false",
|
|
"saml.encrypt": "false",
|
|
"oauth2.device.authorization.grant.enabled": "false",
|
|
"backchannel.logout.revoke.offline.tokens": "false",
|
|
"saml.server.signature": "false",
|
|
"saml.server.signature.keyinfo.ext": "false",
|
|
"use.refresh.tokens": "true",
|
|
"exclude.session.state.from.auth.response": "false",
|
|
"oidc.ciba.grant.enabled": "false",
|
|
"saml.artifact.binding": "false",
|
|
"backchannel.logout.session.required": "true",
|
|
"client_credentials.use_refresh_token": "false",
|
|
"saml_force_name_id_format": "false",
|
|
"saml.client.signature": "false",
|
|
"tls.client.certificate.bound.access.tokens": "false",
|
|
"saml.authnstatement": "false",
|
|
"display.on.consent.screen": "false",
|
|
"saml.onetimeuse.condition": "false"
|
|
},
|
|
"authenticationFlowBindingOverrides": {},
|
|
"fullScopeAllowed": true,
|
|
"nodeReRegistrationTimeout": -1,
|
|
"protocolMappers": [
|
|
{
|
|
"id": "8da9dcd5-8da3-4280-bdaa-24c4c61b46b2",
|
|
"name": "Client Host",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usersessionmodel-note-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"user.session.note": "clientHost",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "clientHost",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "1e98ec8d-f131-4ef6-9363-a46930896cd3",
|
|
"name": "Client ID",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usersessionmodel-note-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"user.session.note": "clientId",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "clientId",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "85483f67-1ed0-40d1-a67a-29817b99d2b9",
|
|
"name": "Client IP Address",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usersessionmodel-note-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"user.session.note": "clientAddress",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "clientAddress",
|
|
"jsonType.label": "String"
|
|
}
|
|
}
|
|
],
|
|
"defaultClientScopes": [
|
|
"web-origins",
|
|
"roles",
|
|
"profile",
|
|
"groups",
|
|
"email"
|
|
],
|
|
"optionalClientScopes": [
|
|
"address",
|
|
"phone",
|
|
"offline_access",
|
|
"microprofile-jwt"
|
|
]
|
|
},
|
|
{
|
|
"id": "d2286137-1944-4a9b-b826-4d5a6f7cdf28",
|
|
"clientId": "catalyst",
|
|
"rootUrl": "http://catalyst.internal.com/",
|
|
"adminUrl": "http://catalyst.internal.com/",
|
|
"surrogateAuthRequired": false,
|
|
"enabled": true,
|
|
"alwaysDisplayInConsole": false,
|
|
"clientAuthenticatorType": "client-secret",
|
|
"secret": "d3ec0d91-b6ea-482d-8a4e-2f5a7ca0b4cb",
|
|
"redirectUris": [
|
|
"http://catalyst.internal.com/*",
|
|
"http://localhost:8000/callback",
|
|
"http://localhost/callback"
|
|
],
|
|
"webOrigins": [
|
|
"http://catalyst.internal.com",
|
|
"http://localhost:8000",
|
|
"http://localhost",
|
|
"+"
|
|
],
|
|
"notBefore": 0,
|
|
"bearerOnly": false,
|
|
"consentRequired": false,
|
|
"standardFlowEnabled": true,
|
|
"implicitFlowEnabled": false,
|
|
"directAccessGrantsEnabled": true,
|
|
"serviceAccountsEnabled": false,
|
|
"publicClient": false,
|
|
"frontchannelLogout": false,
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"id.token.as.detached.signature": "false",
|
|
"saml.assertion.signature": "false",
|
|
"saml.force.post.binding": "false",
|
|
"saml.multivalued.roles": "false",
|
|
"saml.encrypt": "false",
|
|
"oauth2.device.authorization.grant.enabled": "false",
|
|
"backchannel.logout.revoke.offline.tokens": "false",
|
|
"saml.server.signature": "false",
|
|
"saml.server.signature.keyinfo.ext": "false",
|
|
"use.refresh.tokens": "true",
|
|
"exclude.session.state.from.auth.response": "false",
|
|
"oidc.ciba.grant.enabled": "false",
|
|
"saml.artifact.binding": "false",
|
|
"backchannel.logout.session.required": "true",
|
|
"client_credentials.use_refresh_token": "false",
|
|
"saml_force_name_id_format": "false",
|
|
"saml.client.signature": "false",
|
|
"tls.client.certificate.bound.access.tokens": "false",
|
|
"saml.authnstatement": "false",
|
|
"display.on.consent.screen": "false",
|
|
"saml.onetimeuse.condition": "false"
|
|
},
|
|
"authenticationFlowBindingOverrides": {},
|
|
"fullScopeAllowed": true,
|
|
"nodeReRegistrationTimeout": -1,
|
|
"defaultClientScopes": [
|
|
"web-origins",
|
|
"roles",
|
|
"profile",
|
|
"email"
|
|
],
|
|
"optionalClientScopes": [
|
|
"address",
|
|
"phone",
|
|
"offline_access",
|
|
"microprofile-jwt"
|
|
]
|
|
},
|
|
{
|
|
"id": "6cd83d64-0384-4e16-890d-2fa470b144ab",
|
|
"clientId": "realm-management",
|
|
"name": "${client_realm-management}",
|
|
"surrogateAuthRequired": false,
|
|
"enabled": true,
|
|
"alwaysDisplayInConsole": false,
|
|
"clientAuthenticatorType": "client-secret",
|
|
"redirectUris": [],
|
|
"webOrigins": [],
|
|
"notBefore": 0,
|
|
"bearerOnly": true,
|
|
"consentRequired": false,
|
|
"standardFlowEnabled": true,
|
|
"implicitFlowEnabled": false,
|
|
"directAccessGrantsEnabled": false,
|
|
"serviceAccountsEnabled": false,
|
|
"publicClient": false,
|
|
"frontchannelLogout": false,
|
|
"protocol": "openid-connect",
|
|
"attributes": {},
|
|
"authenticationFlowBindingOverrides": {},
|
|
"fullScopeAllowed": false,
|
|
"nodeReRegistrationTimeout": 0,
|
|
"defaultClientScopes": [
|
|
"web-origins",
|
|
"roles",
|
|
"profile",
|
|
"email"
|
|
],
|
|
"optionalClientScopes": [
|
|
"address",
|
|
"phone",
|
|
"offline_access",
|
|
"microprofile-jwt"
|
|
]
|
|
},
|
|
{
|
|
"id": "31f01a93-e892-4874-92be-62e1ba4c49b5",
|
|
"clientId": "security-admin-console",
|
|
"name": "${client_security-admin-console}",
|
|
"rootUrl": "${authAdminUrl}",
|
|
"baseUrl": "/admin/catalyst/console/",
|
|
"surrogateAuthRequired": false,
|
|
"enabled": true,
|
|
"alwaysDisplayInConsole": false,
|
|
"clientAuthenticatorType": "client-secret",
|
|
"redirectUris": [
|
|
"/admin/catalyst/console/*"
|
|
],
|
|
"webOrigins": [
|
|
"+"
|
|
],
|
|
"notBefore": 0,
|
|
"bearerOnly": false,
|
|
"consentRequired": false,
|
|
"standardFlowEnabled": true,
|
|
"implicitFlowEnabled": false,
|
|
"directAccessGrantsEnabled": false,
|
|
"serviceAccountsEnabled": false,
|
|
"publicClient": true,
|
|
"frontchannelLogout": false,
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"pkce.code.challenge.method": "S256"
|
|
},
|
|
"authenticationFlowBindingOverrides": {},
|
|
"fullScopeAllowed": false,
|
|
"nodeReRegistrationTimeout": 0,
|
|
"protocolMappers": [
|
|
{
|
|
"id": "bff3e1b7-5125-419d-a97b-720622e79a81",
|
|
"name": "locale",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "locale",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "locale",
|
|
"jsonType.label": "String"
|
|
}
|
|
}
|
|
],
|
|
"defaultClientScopes": [
|
|
"web-origins",
|
|
"roles",
|
|
"profile",
|
|
"email"
|
|
],
|
|
"optionalClientScopes": [
|
|
"address",
|
|
"phone",
|
|
"offline_access",
|
|
"microprofile-jwt"
|
|
]
|
|
}
|
|
],
|
|
"clientScopes": [
|
|
{
|
|
"id": "90b39bdb-75ff-4928-ba7a-085b2f735409",
|
|
"name": "roles",
|
|
"description": "OpenID Connect scope for add user roles to the access token",
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"include.in.token.scope": "false",
|
|
"display.on.consent.screen": "true",
|
|
"consent.screen.text": "${rolesScopeConsentText}"
|
|
},
|
|
"protocolMappers": [
|
|
{
|
|
"id": "8fbf5a86-4629-4b1a-b66d-d957c8158e77",
|
|
"name": "audience resolve",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-audience-resolve-mapper",
|
|
"consentRequired": false,
|
|
"config": {}
|
|
},
|
|
{
|
|
"id": "065c0856-09e2-4b2e-ae83-7ca0edc487ac",
|
|
"name": "realm roles",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-realm-role-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"user.attribute": "foo",
|
|
"access.token.claim": "true",
|
|
"claim.name": "realm_access.roles",
|
|
"jsonType.label": "String",
|
|
"multivalued": "true"
|
|
}
|
|
},
|
|
{
|
|
"id": "2fca9b42-c6da-4d6a-94ee-c2c8b2731dfe",
|
|
"name": "client roles",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-client-role-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"user.attribute": "foo",
|
|
"access.token.claim": "true",
|
|
"claim.name": "resource_access.${client_id}.roles",
|
|
"jsonType.label": "String",
|
|
"multivalued": "true"
|
|
}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "3b637bf5-80f8-4419-921f-334b2c4dd11f",
|
|
"name": "groups",
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"include.in.token.scope": "true",
|
|
"display.on.consent.screen": "true"
|
|
},
|
|
"protocolMappers": [
|
|
{
|
|
"id": "0acdd906-0208-4afa-b33a-01e59b280fac",
|
|
"name": "groups",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-realm-role-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"multivalued": "true",
|
|
"user.attribute": "foo",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "groups",
|
|
"jsonType.label": "String"
|
|
}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "7afd7e91-0f50-42dc-bfd7-5898ee70b908",
|
|
"name": "profile",
|
|
"description": "OpenID Connect built-in scope: profile",
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"include.in.token.scope": "true",
|
|
"display.on.consent.screen": "true",
|
|
"consent.screen.text": "${profileScopeConsentText}"
|
|
},
|
|
"protocolMappers": [
|
|
{
|
|
"id": "975e3e1f-daca-4c91-b0ba-69242bbe0945",
|
|
"name": "middle name",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "middleName",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "middle_name",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "fef97135-a66c-48d2-a942-6798e387be15",
|
|
"name": "username",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-property-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "username",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "preferred_username",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "b3c5f39f-a126-4840-9103-2ae574344049",
|
|
"name": "gender",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "gender",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "gender",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "04a542fe-c6b1-4880-a0a9-e9a6934bf1f3",
|
|
"name": "picture",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "picture",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "picture",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "78d162f9-b23f-45ca-a671-f2f528229da2",
|
|
"name": "profile",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "profile",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "profile",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "30aecb8d-36fc-465e-a141-dc2b58ff675f",
|
|
"name": "birthdate",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "birthdate",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "birthdate",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "b20432db-d804-4821-989e-e48030d8b562",
|
|
"name": "locale",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "locale",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "locale",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "842ee2fa-5ecb-47f6-a890-f8cbd1ee1eb0",
|
|
"name": "full name",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-full-name-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"userinfo.token.claim": "true"
|
|
}
|
|
},
|
|
{
|
|
"id": "7ca293bf-c6ba-45cc-b49d-a824ae1284b8",
|
|
"name": "family name",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-property-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "lastName",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "family_name",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "4d7f731d-0133-4501-8fd6-3a9918b7d7df",
|
|
"name": "nickname",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "nickname",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "nickname",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "68c7909b-e46d-421e-943d-0fc30d1fa0ab",
|
|
"name": "updated at",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "updatedAt",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "updated_at",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "9f041128-9b6e-4013-af57-e3599ea30465",
|
|
"name": "given name",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-property-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "firstName",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "given_name",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "6cfa184f-1163-4b6a-a4da-a96e4720cec6",
|
|
"name": "website",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "website",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "website",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "8328b25a-9b10-4059-ac90-20ffa2d8d331",
|
|
"name": "zoneinfo",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "zoneinfo",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "zoneinfo",
|
|
"jsonType.label": "String"
|
|
}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "bcac8ddc-27db-4734-99db-ab9f892ea1a6",
|
|
"name": "microprofile-jwt",
|
|
"description": "Microprofile - JWT built-in scope",
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"include.in.token.scope": "true",
|
|
"display.on.consent.screen": "false"
|
|
},
|
|
"protocolMappers": [
|
|
{
|
|
"id": "272bbae0-68d0-4466-a756-742a26ad9e7d",
|
|
"name": "upn",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-property-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "username",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "upn",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "df5f04b5-544c-4cd4-8ea6-6ce101a72216",
|
|
"name": "groups",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-realm-role-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"multivalued": "true",
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "foo",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "groups",
|
|
"jsonType.label": "String"
|
|
}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "cda6829b-af33-462c-99d1-198bcfe1a648",
|
|
"name": "phone",
|
|
"description": "OpenID Connect built-in scope: phone",
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"include.in.token.scope": "true",
|
|
"display.on.consent.screen": "true",
|
|
"consent.screen.text": "${phoneScopeConsentText}"
|
|
},
|
|
"protocolMappers": [
|
|
{
|
|
"id": "834b65c6-72ac-4884-9fc6-d81e68d00e2e",
|
|
"name": "phone number verified",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "phoneNumberVerified",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "phone_number_verified",
|
|
"jsonType.label": "boolean"
|
|
}
|
|
},
|
|
{
|
|
"id": "1d6d57b3-4500-4888-8473-c10b5c91dbb6",
|
|
"name": "phone number",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "phoneNumber",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "phone_number",
|
|
"jsonType.label": "String"
|
|
}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "ed16c65e-eede-4dfa-a1c7-332cd0d3d2b0",
|
|
"name": "web-origins",
|
|
"description": "OpenID Connect scope for add allowed web origins to the access token",
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"include.in.token.scope": "false",
|
|
"display.on.consent.screen": "false",
|
|
"consent.screen.text": ""
|
|
},
|
|
"protocolMappers": [
|
|
{
|
|
"id": "f6507f62-0e6b-4e46-8124-216eed351d9a",
|
|
"name": "allowed web origins",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-allowed-origins-mapper",
|
|
"consentRequired": false,
|
|
"config": {}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "22de1ea1-162c-4bca-a864-ce1c41a98984",
|
|
"name": "email",
|
|
"description": "OpenID Connect built-in scope: email",
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"include.in.token.scope": "true",
|
|
"display.on.consent.screen": "true",
|
|
"consent.screen.text": "${emailScopeConsentText}"
|
|
},
|
|
"protocolMappers": [
|
|
{
|
|
"id": "5bb8438c-d485-4134-bc7c-006337364a8c",
|
|
"name": "email",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-property-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "email",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "email",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "3914a22d-f4f2-4278-8df6-17b3a2d79c11",
|
|
"name": "email verified",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-property-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "emailVerified",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "email_verified",
|
|
"jsonType.label": "boolean"
|
|
}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "44eb06c1-1f84-4f20-9fe5-af2dd2652883",
|
|
"name": "role_list",
|
|
"description": "SAML role list",
|
|
"protocol": "saml",
|
|
"attributes": {
|
|
"consent.screen.text": "${samlRoleListScopeConsentText}",
|
|
"display.on.consent.screen": "true"
|
|
},
|
|
"protocolMappers": [
|
|
{
|
|
"id": "377fcde9-859d-4022-81e1-b08c523e9eea",
|
|
"name": "role list",
|
|
"protocol": "saml",
|
|
"protocolMapper": "saml-role-list-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"single": "false",
|
|
"attribute.nameformat": "Basic",
|
|
"attribute.name": "Role"
|
|
}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "9b141075-26c2-45d9-b4be-fd3c3cbb3c51",
|
|
"name": "address",
|
|
"description": "OpenID Connect built-in scope: address",
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"include.in.token.scope": "true",
|
|
"display.on.consent.screen": "true",
|
|
"consent.screen.text": "${addressScopeConsentText}"
|
|
},
|
|
"protocolMappers": [
|
|
{
|
|
"id": "7cec2511-c0ef-4f79-842f-3c68573dc5a7",
|
|
"name": "address",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-address-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"user.attribute.formatted": "formatted",
|
|
"user.attribute.country": "country",
|
|
"user.attribute.postal_code": "postal_code",
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute.street": "street",
|
|
"id.token.claim": "true",
|
|
"user.attribute.region": "region",
|
|
"access.token.claim": "true",
|
|
"user.attribute.locality": "locality"
|
|
}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "40730fee-dab9-408b-934d-bc6eeea12ff8",
|
|
"name": "offline_access",
|
|
"description": "OpenID Connect built-in scope: offline_access",
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"consent.screen.text": "${offlineAccessScopeConsentText}",
|
|
"display.on.consent.screen": "true"
|
|
}
|
|
}
|
|
],
|
|
"defaultDefaultClientScopes": [
|
|
"role_list",
|
|
"profile",
|
|
"email",
|
|
"roles",
|
|
"web-origins"
|
|
],
|
|
"defaultOptionalClientScopes": [
|
|
"offline_access",
|
|
"address",
|
|
"phone",
|
|
"microprofile-jwt"
|
|
],
|
|
"browserSecurityHeaders": {
|
|
"contentSecurityPolicyReportOnly": "",
|
|
"xContentTypeOptions": "nosniff",
|
|
"xRobotsTag": "none",
|
|
"xFrameOptions": "SAMEORIGIN",
|
|
"contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
|
|
"xXSSProtection": "1; mode=block",
|
|
"strictTransportSecurity": "max-age=31536000; includeSubDomains"
|
|
},
|
|
"smtpServer": {},
|
|
"eventsEnabled": false,
|
|
"eventsListeners": [
|
|
"jboss-logging"
|
|
],
|
|
"enabledEventTypes": [],
|
|
"adminEventsEnabled": false,
|
|
"adminEventsDetailsEnabled": false,
|
|
"identityProviders": [],
|
|
"identityProviderMappers": [],
|
|
"components": {
|
|
"org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [
|
|
{
|
|
"id": "4b06a544-5815-47c4-8e21-e5e0c44af05b",
|
|
"name": "Trusted Hosts",
|
|
"providerId": "trusted-hosts",
|
|
"subType": "anonymous",
|
|
"subComponents": {},
|
|
"config": {
|
|
"host-sending-registration-request-must-match": [
|
|
"true"
|
|
],
|
|
"client-uris-must-match": [
|
|
"true"
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"id": "b58228d2-64f7-4880-bdb4-b37902896176",
|
|
"name": "Allowed Protocol Mapper Types",
|
|
"providerId": "allowed-protocol-mappers",
|
|
"subType": "authenticated",
|
|
"subComponents": {},
|
|
"config": {
|
|
"allowed-protocol-mapper-types": [
|
|
"saml-user-attribute-mapper",
|
|
"oidc-sha256-pairwise-sub-mapper",
|
|
"oidc-address-mapper",
|
|
"oidc-full-name-mapper",
|
|
"saml-user-property-mapper",
|
|
"oidc-usermodel-property-mapper",
|
|
"saml-role-list-mapper",
|
|
"oidc-usermodel-attribute-mapper"
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"id": "2122720d-ea69-4bfa-834e-f1dd12ad55df",
|
|
"name": "Max Clients Limit",
|
|
"providerId": "max-clients",
|
|
"subType": "anonymous",
|
|
"subComponents": {},
|
|
"config": {
|
|
"max-clients": [
|
|
"200"
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"id": "e1a99694-7f99-416d-8e80-2ab92c53034a",
|
|
"name": "Consent Required",
|
|
"providerId": "consent-required",
|
|
"subType": "anonymous",
|
|
"subComponents": {},
|
|
"config": {}
|
|
},
|
|
{
|
|
"id": "83ae6ccc-24c1-47d5-9bae-59879a90e2a4",
|
|
"name": "Allowed Client Scopes",
|
|
"providerId": "allowed-client-templates",
|
|
"subType": "anonymous",
|
|
"subComponents": {},
|
|
"config": {
|
|
"allow-default-scopes": [
|
|
"true"
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"id": "15dcc7e3-13a1-45d2-b95c-f92cb7b86471",
|
|
"name": "Allowed Client Scopes",
|
|
"providerId": "allowed-client-templates",
|
|
"subType": "authenticated",
|
|
"subComponents": {},
|
|
"config": {
|
|
"allow-default-scopes": [
|
|
"true"
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"id": "c9f2eefd-43dd-49fb-b143-f61135c4fc9d",
|
|
"name": "Full Scope Disabled",
|
|
"providerId": "scope",
|
|
"subType": "anonymous",
|
|
"subComponents": {},
|
|
"config": {}
|
|
},
|
|
{
|
|
"id": "ef9fa331-eaed-4408-999f-5c2e86e883ea",
|
|
"name": "Allowed Protocol Mapper Types",
|
|
"providerId": "allowed-protocol-mappers",
|
|
"subType": "anonymous",
|
|
"subComponents": {},
|
|
"config": {
|
|
"allowed-protocol-mapper-types": [
|
|
"saml-user-attribute-mapper",
|
|
"oidc-usermodel-property-mapper",
|
|
"oidc-address-mapper",
|
|
"saml-user-property-mapper",
|
|
"oidc-full-name-mapper",
|
|
"oidc-usermodel-attribute-mapper",
|
|
"oidc-sha256-pairwise-sub-mapper",
|
|
"saml-role-list-mapper"
|
|
]
|
|
}
|
|
}
|
|
],
|
|
"org.keycloak.keys.KeyProvider": [
|
|
{
|
|
"id": "9681f0d2-cf07-481a-b51b-755824f4c848",
|
|
"name": "hmac-generated",
|
|
"providerId": "hmac-generated",
|
|
"subComponents": {},
|
|
"config": {
|
|
"priority": [
|
|
"100"
|
|
],
|
|
"algorithm": [
|
|
"HS256"
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"id": "b7310fea-0031-46be-a62d-bcfc363a6b38",
|
|
"name": "rsa-generated",
|
|
"providerId": "rsa-generated",
|
|
"subComponents": {},
|
|
"config": {
|
|
"priority": [
|
|
"100"
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"id": "e462b05b-9e22-403c-b715-582c2c7d9d31",
|
|
"name": "aes-generated",
|
|
"providerId": "aes-generated",
|
|
"subComponents": {},
|
|
"config": {
|
|
"priority": [
|
|
"100"
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"internationalizationEnabled": false,
|
|
"supportedLocales": [],
|
|
"authenticationFlows": [
|
|
{
|
|
"id": "25cc92da-3b9c-420f-aed4-47fc9a862cf1",
|
|
"alias": "Account verification options",
|
|
"description": "Method with which to verity the existing account",
|
|
"providerId": "basic-flow",
|
|
"topLevel": false,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "idp-email-verification",
|
|
"authenticatorFlow": false,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 10,
|
|
"userSetupAllowed": false,
|
|
"autheticatorFlow": false
|
|
},
|
|
{
|
|
"authenticatorFlow": true,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 20,
|
|
"flowAlias": "Verify Existing Account by Re-authentication",
|
|
"userSetupAllowed": false,
|
|
"autheticatorFlow": true
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "9a50d2e9-9b6c-43d4-9e96-5e0057b9989e",
|
|
"alias": "Authentication Options",
|
|
"description": "Authentication options.",
|
|
"providerId": "basic-flow",
|
|
"topLevel": false,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "basic-auth",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"userSetupAllowed": false,
|
|
"autheticatorFlow": false
|
|
},
|
|
{
|
|
"authenticator": "basic-auth-otp",
|
|
"authenticatorFlow": false,
|
|
"requirement": "DISABLED",
|
|
"priority": 20,
|
|
"userSetupAllowed": false,
|
|
"autheticatorFlow": false
|
|
},
|
|
{
|
|
"authenticator": "auth-spnego",
|
|
"authenticatorFlow": false,
|
|
"requirement": "DISABLED",
|
|
"priority": 30,
|
|
"userSetupAllowed": false,
|
|
"autheticatorFlow": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "9c08f7ff-0ae1-4917-acde-a86918c21392",
|
|
"alias": "Browser - Conditional OTP",
|
|
"description": "Flow to determine if the OTP is required for the authentication",
|
|
"providerId": "basic-flow",
|
|
"topLevel": false,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "conditional-user-configured",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"userSetupAllowed": false,
|
|
"autheticatorFlow": false
|
|
},
|
|
{
|
|
"authenticator": "auth-otp-form",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 20,
|
|
"userSetupAllowed": false,
|
|
"autheticatorFlow": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "cc263684-5287-48c3-b36f-cf0307e5866f",
|
|
"alias": "Direct Grant - Conditional OTP",
|
|
"description": "Flow to determine if the OTP is required for the authentication",
|
|
"providerId": "basic-flow",
|
|
"topLevel": false,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "conditional-user-configured",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"userSetupAllowed": false,
|
|
"autheticatorFlow": false
|
|
},
|
|
{
|
|
"authenticator": "direct-grant-validate-otp",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 20,
|
|
"userSetupAllowed": false,
|
|
"autheticatorFlow": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "2d1b3b73-d844-48e6-9564-ebb612eb1ecd",
|
|
"alias": "First broker login - Conditional OTP",
|
|
"description": "Flow to determine if the OTP is required for the authentication",
|
|
"providerId": "basic-flow",
|
|
"topLevel": false,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "conditional-user-configured",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"userSetupAllowed": false,
|
|
"autheticatorFlow": false
|
|
},
|
|
{
|
|
"authenticator": "auth-otp-form",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 20,
|
|
"userSetupAllowed": false,
|
|
"autheticatorFlow": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "05ead699-855a-4a82-a040-93fccf6ddc91",
|
|
"alias": "Handle Existing Account",
|
|
"description": "Handle what to do if there is existing account with same email/username like authenticated identity provider",
|
|
"providerId": "basic-flow",
|
|
"topLevel": false,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "idp-confirm-link",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"userSetupAllowed": false,
|
|
"autheticatorFlow": false
|
|
},
|
|
{
|
|
"authenticatorFlow": true,
|
|
"requirement": "REQUIRED",
|
|
"priority": 20,
|
|
"flowAlias": "Account verification options",
|
|
"userSetupAllowed": false,
|
|
"autheticatorFlow": true
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "2c0e2ddf-4de7-44ff-8e3c-7d547e6cc52b",
|
|
"alias": "Reset - Conditional OTP",
|
|
"description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.",
|
|
"providerId": "basic-flow",
|
|
"topLevel": false,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "conditional-user-configured",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"userSetupAllowed": false,
|
|
"autheticatorFlow": false
|
|
},
|
|
{
|
|
"authenticator": "reset-otp",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 20,
|
|
"userSetupAllowed": false,
|
|
"autheticatorFlow": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "9ce700a0-743c-42f9-be51-83e11beb1521",
|
|
"alias": "User creation or linking",
|
|
"description": "Flow for the existing/non-existing user alternatives",
|
|
"providerId": "basic-flow",
|
|
"topLevel": false,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticatorConfig": "create unique user config",
|
|
"authenticator": "idp-create-user-if-unique",
|
|
"authenticatorFlow": false,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 10,
|
|
"userSetupAllowed": false,
|
|
"autheticatorFlow": false
|
|
},
|
|
{
|
|
"authenticatorFlow": true,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 20,
|
|
"flowAlias": "Handle Existing Account",
|
|
"userSetupAllowed": false,
|
|
"autheticatorFlow": true
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "f2454788-daaa-4c04-ad4f-b3d686727665",
|
|
"alias": "Verify Existing Account by Re-authentication",
|
|
"description": "Reauthentication of existing account",
|
|
"providerId": "basic-flow",
|
|
"topLevel": false,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "idp-username-password-form",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"userSetupAllowed": false,
|
|
"autheticatorFlow": false
|
|
},
|
|
{
|
|
"authenticatorFlow": true,
|
|
"requirement": "CONDITIONAL",
|
|
"priority": 20,
|
|
"flowAlias": "First broker login - Conditional OTP",
|
|
"userSetupAllowed": false,
|
|
"autheticatorFlow": true
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "fd57d3fe-8353-4d51-ab6b-531f1b6484d0",
|
|
"alias": "browser",
|
|
"description": "browser based authentication",
|
|
"providerId": "basic-flow",
|
|
"topLevel": true,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "auth-cookie",
|
|
"authenticatorFlow": false,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 10,
|
|
"userSetupAllowed": false,
|
|
"autheticatorFlow": false
|
|
},
|
|
{
|
|
"authenticator": "auth-spnego",
|
|
"authenticatorFlow": false,
|
|
"requirement": "DISABLED",
|
|
"priority": 20,
|
|
"userSetupAllowed": false,
|
|
"autheticatorFlow": false
|
|
},
|
|
{
|
|
"authenticator": "identity-provider-redirector",
|
|
"authenticatorFlow": false,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 25,
|
|
"userSetupAllowed": false,
|
|
"autheticatorFlow": false
|
|
},
|
|
{
|
|
"authenticatorFlow": true,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 30,
|
|
"flowAlias": "forms",
|
|
"userSetupAllowed": false,
|
|
"autheticatorFlow": true
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "0895ae02-6132-41aa-8e2a-ae7ef8a1a090",
|
|
"alias": "clients",
|
|
"description": "Base authentication for clients",
|
|
"providerId": "client-flow",
|
|
"topLevel": true,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "client-secret",
|
|
"authenticatorFlow": false,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 10,
|
|
"userSetupAllowed": false,
|
|
"autheticatorFlow": false
|
|
},
|
|
{
|
|
"authenticator": "client-jwt",
|
|
"authenticatorFlow": false,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 20,
|
|
"userSetupAllowed": false,
|
|
"autheticatorFlow": false
|
|
},
|
|
{
|
|
"authenticator": "client-secret-jwt",
|
|
"authenticatorFlow": false,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 30,
|
|
"userSetupAllowed": false,
|
|
"autheticatorFlow": false
|
|
},
|
|
{
|
|
"authenticator": "client-x509",
|
|
"authenticatorFlow": false,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 40,
|
|
"userSetupAllowed": false,
|
|
"autheticatorFlow": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "f1cd5fb9-4201-4645-a4f7-72e2404f9b5f",
|
|
"alias": "direct grant",
|
|
"description": "OpenID Connect Resource Owner Grant",
|
|
"providerId": "basic-flow",
|
|
"topLevel": true,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "direct-grant-validate-username",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"userSetupAllowed": false,
|
|
"autheticatorFlow": false
|
|
},
|
|
{
|
|
"authenticator": "direct-grant-validate-password",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 20,
|
|
"userSetupAllowed": false,
|
|
"autheticatorFlow": false
|
|
},
|
|
{
|
|
"authenticatorFlow": true,
|
|
"requirement": "CONDITIONAL",
|
|
"priority": 30,
|
|
"flowAlias": "Direct Grant - Conditional OTP",
|
|
"userSetupAllowed": false,
|
|
"autheticatorFlow": true
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "34571ce1-2cc9-4ee6-be67-88761c35fb1e",
|
|
"alias": "docker auth",
|
|
"description": "Used by Docker clients to authenticate against the IDP",
|
|
"providerId": "basic-flow",
|
|
"topLevel": true,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "docker-http-basic-authenticator",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"userSetupAllowed": false,
|
|
"autheticatorFlow": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "708e0448-2e55-4e93-8d27-2bcb30fb484e",
|
|
"alias": "first broker login",
|
|
"description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
|
|
"providerId": "basic-flow",
|
|
"topLevel": true,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticatorConfig": "review profile config",
|
|
"authenticator": "idp-review-profile",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"userSetupAllowed": false,
|
|
"autheticatorFlow": false
|
|
},
|
|
{
|
|
"authenticatorFlow": true,
|
|
"requirement": "REQUIRED",
|
|
"priority": 20,
|
|
"flowAlias": "User creation or linking",
|
|
"userSetupAllowed": false,
|
|
"autheticatorFlow": true
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "4e1d40ab-f072-4deb-ba28-3938d306a5e2",
|
|
"alias": "forms",
|
|
"description": "Username, password, otp and other auth forms.",
|
|
"providerId": "basic-flow",
|
|
"topLevel": false,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "auth-username-password-form",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"userSetupAllowed": false,
|
|
"autheticatorFlow": false
|
|
},
|
|
{
|
|
"authenticatorFlow": true,
|
|
"requirement": "CONDITIONAL",
|
|
"priority": 20,
|
|
"flowAlias": "Browser - Conditional OTP",
|
|
"userSetupAllowed": false,
|
|
"autheticatorFlow": true
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "fad42d83-0a6b-441a-a217-73ea14f7460d",
|
|
"alias": "http challenge",
|
|
"description": "An authentication flow based on challenge-response HTTP Authentication Schemes",
|
|
"providerId": "basic-flow",
|
|
"topLevel": true,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "no-cookie-redirect",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"userSetupAllowed": false,
|
|
"autheticatorFlow": false
|
|
},
|
|
{
|
|
"authenticatorFlow": true,
|
|
"requirement": "REQUIRED",
|
|
"priority": 20,
|
|
"flowAlias": "Authentication Options",
|
|
"userSetupAllowed": false,
|
|
"autheticatorFlow": true
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "f44f939f-75c5-4080-880b-00ccb4a7496e",
|
|
"alias": "registration",
|
|
"description": "registration flow",
|
|
"providerId": "basic-flow",
|
|
"topLevel": true,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "registration-page-form",
|
|
"authenticatorFlow": true,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"flowAlias": "registration form",
|
|
"userSetupAllowed": false,
|
|
"autheticatorFlow": true
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "e7350e5b-1f96-4b34-94ac-0fd465f1d7a9",
|
|
"alias": "registration form",
|
|
"description": "registration form",
|
|
"providerId": "form-flow",
|
|
"topLevel": false,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "registration-user-creation",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 20,
|
|
"userSetupAllowed": false,
|
|
"autheticatorFlow": false
|
|
},
|
|
{
|
|
"authenticator": "registration-profile-action",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 40,
|
|
"userSetupAllowed": false,
|
|
"autheticatorFlow": false
|
|
},
|
|
{
|
|
"authenticator": "registration-password-action",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 50,
|
|
"userSetupAllowed": false,
|
|
"autheticatorFlow": false
|
|
},
|
|
{
|
|
"authenticator": "registration-recaptcha-action",
|
|
"authenticatorFlow": false,
|
|
"requirement": "DISABLED",
|
|
"priority": 60,
|
|
"userSetupAllowed": false,
|
|
"autheticatorFlow": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "34cc3df0-1908-4a02-89df-08560e2a3e6c",
|
|
"alias": "reset credentials",
|
|
"description": "Reset credentials for a user if they forgot their password or something",
|
|
"providerId": "basic-flow",
|
|
"topLevel": true,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "reset-credentials-choose-user",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"userSetupAllowed": false,
|
|
"autheticatorFlow": false
|
|
},
|
|
{
|
|
"authenticator": "reset-credential-email",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 20,
|
|
"userSetupAllowed": false,
|
|
"autheticatorFlow": false
|
|
},
|
|
{
|
|
"authenticator": "reset-password",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 30,
|
|
"userSetupAllowed": false,
|
|
"autheticatorFlow": false
|
|
},
|
|
{
|
|
"authenticatorFlow": true,
|
|
"requirement": "CONDITIONAL",
|
|
"priority": 40,
|
|
"flowAlias": "Reset - Conditional OTP",
|
|
"userSetupAllowed": false,
|
|
"autheticatorFlow": true
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "d92671ab-6873-4eac-863a-becb6cdaa9f4",
|
|
"alias": "saml ecp",
|
|
"description": "SAML ECP Profile Authentication Flow",
|
|
"providerId": "basic-flow",
|
|
"topLevel": true,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "http-basic-authenticator",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"userSetupAllowed": false,
|
|
"autheticatorFlow": false
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"authenticatorConfig": [
|
|
{
|
|
"id": "d73bbeaf-a93d-4b97-8c6b-d01b015f2861",
|
|
"alias": "create unique user config",
|
|
"config": {
|
|
"require.password.update.after.registration": "false"
|
|
}
|
|
},
|
|
{
|
|
"id": "a459ffde-e6fc-41d8-9ab8-c7b65b4384c3",
|
|
"alias": "review profile config",
|
|
"config": {
|
|
"update.profile.on.first.login": "missing"
|
|
}
|
|
}
|
|
],
|
|
"requiredActions": [
|
|
{
|
|
"alias": "CONFIGURE_TOTP",
|
|
"name": "Configure OTP",
|
|
"providerId": "CONFIGURE_TOTP",
|
|
"enabled": true,
|
|
"defaultAction": false,
|
|
"priority": 10,
|
|
"config": {}
|
|
},
|
|
{
|
|
"alias": "terms_and_conditions",
|
|
"name": "Terms and Conditions",
|
|
"providerId": "terms_and_conditions",
|
|
"enabled": false,
|
|
"defaultAction": false,
|
|
"priority": 20,
|
|
"config": {}
|
|
},
|
|
{
|
|
"alias": "UPDATE_PASSWORD",
|
|
"name": "Update Password",
|
|
"providerId": "UPDATE_PASSWORD",
|
|
"enabled": true,
|
|
"defaultAction": false,
|
|
"priority": 30,
|
|
"config": {}
|
|
},
|
|
{
|
|
"alias": "UPDATE_PROFILE",
|
|
"name": "Update Profile",
|
|
"providerId": "UPDATE_PROFILE",
|
|
"enabled": true,
|
|
"defaultAction": false,
|
|
"priority": 40,
|
|
"config": {}
|
|
},
|
|
{
|
|
"alias": "VERIFY_EMAIL",
|
|
"name": "Verify Email",
|
|
"providerId": "VERIFY_EMAIL",
|
|
"enabled": true,
|
|
"defaultAction": false,
|
|
"priority": 50,
|
|
"config": {}
|
|
},
|
|
{
|
|
"alias": "delete_account",
|
|
"name": "Delete Account",
|
|
"providerId": "delete_account",
|
|
"enabled": false,
|
|
"defaultAction": false,
|
|
"priority": 60,
|
|
"config": {}
|
|
},
|
|
{
|
|
"alias": "update_user_locale",
|
|
"name": "Update User Locale",
|
|
"providerId": "update_user_locale",
|
|
"enabled": true,
|
|
"defaultAction": false,
|
|
"priority": 1000,
|
|
"config": {}
|
|
}
|
|
],
|
|
"browserFlow": "browser",
|
|
"registrationFlow": "registration",
|
|
"directGrantFlow": "direct grant",
|
|
"resetCredentialsFlow": "reset credentials",
|
|
"clientAuthenticationFlow": "clients",
|
|
"dockerAuthenticationFlow": "docker auth",
|
|
"attributes": {
|
|
"cibaBackchannelTokenDeliveryMode": "poll",
|
|
"cibaExpiresIn": "120",
|
|
"cibaAuthRequestedUserHint": "login_hint",
|
|
"oauth2DeviceCodeLifespan": "600",
|
|
"clientOfflineSessionMaxLifespan": "0",
|
|
"oauth2DevicePollingInterval": "5",
|
|
"clientSessionIdleTimeout": "0",
|
|
"clientSessionMaxLifespan": "0",
|
|
"clientOfflineSessionIdleTimeout": "0",
|
|
"cibaInterval": "5"
|
|
},
|
|
"keycloakVersion": "14.0.0",
|
|
"userManagedAccessAllowed": false,
|
|
"clientProfiles": {
|
|
"profiles": []
|
|
},
|
|
"clientPolicies": {
|
|
"policies": []
|
|
}
|
|
}
|