diff --git a/README.md b/README.md
index ff101c202a22c0384d415346133633e97751780f..885764e45eccbdd36a271e95a8bc480cbbed6af9 100644
--- a/README.md
+++ b/README.md
@@ -8,7 +8,7 @@ with environment variables which will be injected in its container.
## Prerequisites
-* Install [docker](https://docs.docker.com/engine/install/) and [docker-compose](https://docs.docker.com/compose/install/).
+* Install [docker](https://docs.docker.com/engine/install/) and [docker-compose version 1.27+](https://docs.docker.com/compose/install/).
* [Install Go](https://golang.org/doc/install) and set the
[`$GOPATH` variable](https://github.com/golang/go/wiki/SettingGOPATH).
@@ -126,6 +126,23 @@ the `root` token.
> Warning: Never use Vault DEV mode in production!
+### Keycloak
+
+Keycloak is used for service-to-service authentication. Keycloak server runs in development mode and contains
+preconfigured `client_id` and `client_secret` for every service. It is available at `localhost:8500` on the host machine or
+at `http://keycloak:8080` inside the docker-compose network.
+
+Example request for JWT token acquire:
+```shell
+curl --location --request POST 'localhost:8500/realms/workspace/protocol/openid-connect/token' \
+--header 'Content-Type: application/x-www-form-urlencoded' \
+--data-urlencode 'client_id=workspace' \
+--data-urlencode 'grant_type=client_credentials' \
+--data-urlencode 'client_secret=79bdTGYCKLz9wYSY61vpQF5d4CyZBpsZ'
+```
+
+Example JWKS URL for acquiring public keys for validating tokens: `localhost:8500/realms/workspace/protocol/openid-connect/certs`
+
### License
[Apache 2.0 license](LICENSE)
diff --git a/docker-compose.yml b/docker-compose.yml
index 3600dc78c66a3ac5e43d053e129dc25a96b50ee4..8a04c883c435e00267270158324d85098ecb1c8b 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,4 +1,4 @@
-version: '3.4'
+version: '3.8'
services:
nginx:
@@ -28,10 +28,16 @@ services:
ports:
- "8081:8080"
depends_on:
- - mongo
- - cache
- - task
- - signer
+ mongo:
+ condition: service_started
+ cache:
+ condition: service_started
+ task:
+ condition: service_started
+ signer:
+ condition: service_started
+ keycloak:
+ condition: service_healthy
task:
container_name: task
@@ -45,8 +51,12 @@ services:
ports:
- "8082:8080"
depends_on:
- - mongo
- - cache
+ mongo:
+ condition: service_started
+ cache:
+ condition: service_started
+ keycloak:
+ condition: service_healthy
cache:
container_name: cache
@@ -60,8 +70,12 @@ services:
ports:
- "8083:8080"
depends_on:
- - redis
- - nats
+ redis:
+ condition: service_started
+ nats:
+ condition: service_started
+ keycloak:
+ condition: service_healthy
infohub:
container_name: infohub
@@ -75,9 +89,14 @@ services:
ports:
- "8084:8080"
depends_on:
- - mongo
- - policy
- - signer
+ mongo:
+ condition: service_started
+ policy:
+ condition: service_started
+ signer:
+ condition: service_started
+ keycloak:
+ condition: service_healthy
signer:
container_name: signer
@@ -92,8 +111,12 @@ services:
- "8085:8080"
- "2112:2112"
depends_on:
- - vault
- - vault-init
+ vault:
+ condition: service_started
+ vault-init:
+ condition: service_started
+ keycloak:
+ condition: service_healthy
didresolver:
container_name: didresolver
@@ -181,3 +204,24 @@ services:
- "8222:8222"
- "6222:6222"
- "4222:4222"
+
+ keycloak:
+ container_name: keycloak
+ image: quay.io/keycloak/keycloak:18.0.0
+ environment:
+ KEYCLOAK_ADMIN: admin
+ KEYCLOAK_ADMIN_PASSWORD: admin
+ command:
+ - start-dev
+ - --import-realm
+ - --health-enabled=true
+ volumes:
+ - ./keycloak/config.json:/opt/keycloak/data/import/config.json
+ healthcheck:
+ test: [ "CMD-SHELL", "curl -f localhost:8080/health || exit 1" ]
+ interval: 3s
+ timeout: 2s
+ retries: 10
+ start_period: 5s
+ ports:
+ - "8500:8080"
diff --git a/env/cache.env b/env/cache.env
index 0f36d567951423349d606a6c1db648d7cf06134e..ac8c9ef70a374f149aea787435ea9512956e72e8 100644
--- a/env/cache.env
+++ b/env/cache.env
@@ -10,6 +10,9 @@ REDIS_PASS=""
REDIS_DB=0
REDIS_EXPIRATION="1h"
NATS_ADDR="nats:4222"
-AUTH_ENABLED="true"
-AUTH_JWK_URL="http://jwks:8080/key"
+AUTH_ENABLED="false"
+AUTH_JWK_URL="http://keycloak:8080/realms/workspace/protocol/openid-connect/certs"
AUTH_REFRESH_INTERVAL="1h"
+OAUTH_CLIENT_ID="workspace"
+OAUTH_CLIENT_SECRET="79bdTGYCKLz9wYSY61vpQF5d4CyZBpsZ"
+OAUTH_TOKEN_URL="http://keycloak:8080/realms/workspace/protocol/openid-connect/token"
diff --git a/env/infohub.env b/env/infohub.env
index ac2077170ca587927e5476629abea6460d1b803a..12732536f1c3b7d74a9ef212dfa98e4f8482a479 100644
--- a/env/infohub.env
+++ b/env/infohub.env
@@ -11,3 +11,9 @@ CACHE_ADDR="http://cache:8080"
POLICY_ADDR="http://policy:8080"
SIGNER_ADDR="http://signer:8080"
ISSUER_URI="did:web:17a1-2a00-4802-2c0-9295-59ff-6a60-b735-32ea.eu.ngrok.io:policy:policy:example:returnDID:1.0:evaluation"
+AUTH_ENABLED="false"
+AUTH_JWK_URL="http://keycloak:8080/realms/workspace/protocol/openid-connect/certs"
+AUTH_REFRESH_INTERVAL="1h"
+OAUTH_CLIENT_ID="workspace"
+OAUTH_CLIENT_SECRET="79bdTGYCKLz9wYSY61vpQF5d4CyZBpsZ"
+OAUTH_TOKEN_URL="http://keycloak:8080/realms/workspace/protocol/openid-connect/token"
diff --git a/env/policy.env b/env/policy.env
index abf02c5845c8254834ddfaa9c6b3a0a0eeaed473..b8a5a9d4ed011709448e35120b7b085850277829 100644
--- a/env/policy.env
+++ b/env/policy.env
@@ -14,3 +14,9 @@ TASK_ADDR="http://task:8080"
SIGNER_ADDR="http://signer:8080"
DID_RESOLVER_ADDR="http://didresolver:8080"
OCM_ADDR="https://gaiax.vereign.com/ocm"
+AUTH_ENABLED="false"
+AUTH_JWK_URL="http://keycloak:8080/realms/workspace/protocol/openid-connect/certs"
+AUTH_REFRESH_INTERVAL="1h"
+OAUTH_CLIENT_ID="workspace"
+OAUTH_CLIENT_SECRET="79bdTGYCKLz9wYSY61vpQF5d4CyZBpsZ"
+OAUTH_TOKEN_URL="http://keycloak:8080/realms/workspace/protocol/openid-connect/token"
diff --git a/env/signer.env b/env/signer.env
index ca37a56055b28d5a0f859960cd55c1b8d3afd037..a07c5818973a0301a56fcffea922c4e2849a32aa 100644
--- a/env/signer.env
+++ b/env/signer.env
@@ -9,3 +9,6 @@ VAULT_TOKEN=root
VAULT_SIGNING_KEY="key1"
VAULT_SUPPORTED_KEYS="ed25519,ecdsa-p256,ecdsa-p384,ecdsa-p521"
CREDENTIAL_ISSUER="did:web:17a1-2a00-4802-2c0-9295-59ff-6a60-b735-32ea.eu.ngrok.io:policy:policy:example:returnDID:1.0:evaluation"
+AUTH_ENABLED="false"
+AUTH_JWK_URL="http://keycloak:8080/realms/workspace/protocol/openid-connect/certs"
+AUTH_REFRESH_INTERVAL="1h"
\ No newline at end of file
diff --git a/env/task.env b/env/task.env
index 88d518562cae57ae453a22a7f6884172d5e4a37b..12c0a0fd8861cddc21d5103f771b366a0a69bc35 100644
--- a/env/task.env
+++ b/env/task.env
@@ -9,4 +9,9 @@ MONGO_USER="root"
MONGO_PASS="root"
POLICY_ADDR="http://policy:8080"
CACHE_ADDR="http://cache:8080"
-
+AUTH_ENABLED="false"
+AUTH_JWK_URL="http://keycloak:8080/realms/workspace/protocol/openid-connect/certs"
+AUTH_REFRESH_INTERVAL="1h"
+OAUTH_CLIENT_ID="workspace"
+OAUTH_CLIENT_SECRET="79bdTGYCKLz9wYSY61vpQF5d4CyZBpsZ"
+OAUTH_TOKEN_URL="http://keycloak:8080/realms/workspace/protocol/openid-connect/token"
diff --git a/keycloak/config.json b/keycloak/config.json
new file mode 100755
index 0000000000000000000000000000000000000000..7feaef64fa9c1f5d467a31e03983889aa75c6370
--- /dev/null
+++ b/keycloak/config.json
@@ -0,0 +1,1885 @@
+{
+ "id" : "workspace",
+ "realm" : "workspace",
+ "notBefore" : 0,
+ "defaultSignatureAlgorithm" : "RS256",
+ "revokeRefreshToken" : false,
+ "refreshTokenMaxReuse" : 0,
+ "accessTokenLifespan" : 300,
+ "accessTokenLifespanForImplicitFlow" : 900,
+ "ssoSessionIdleTimeout" : 1800,
+ "ssoSessionMaxLifespan" : 36000,
+ "ssoSessionIdleTimeoutRememberMe" : 0,
+ "ssoSessionMaxLifespanRememberMe" : 0,
+ "offlineSessionIdleTimeout" : 2592000,
+ "offlineSessionMaxLifespanEnabled" : false,
+ "offlineSessionMaxLifespan" : 5184000,
+ "clientSessionIdleTimeout" : 0,
+ "clientSessionMaxLifespan" : 0,
+ "clientOfflineSessionIdleTimeout" : 0,
+ "clientOfflineSessionMaxLifespan" : 0,
+ "accessCodeLifespan" : 60,
+ "accessCodeLifespanUserAction" : 300,
+ "accessCodeLifespanLogin" : 1800,
+ "actionTokenGeneratedByAdminLifespan" : 43200,
+ "actionTokenGeneratedByUserLifespan" : 300,
+ "oauth2DeviceCodeLifespan" : 600,
+ "oauth2DevicePollingInterval" : 5,
+ "enabled" : true,
+ "sslRequired" : "external",
+ "registrationAllowed" : false,
+ "registrationEmailAsUsername" : false,
+ "rememberMe" : false,
+ "verifyEmail" : false,
+ "loginWithEmailAllowed" : true,
+ "duplicateEmailsAllowed" : false,
+ "resetPasswordAllowed" : false,
+ "editUsernameAllowed" : false,
+ "bruteForceProtected" : false,
+ "permanentLockout" : false,
+ "maxFailureWaitSeconds" : 900,
+ "minimumQuickLoginWaitSeconds" : 60,
+ "waitIncrementSeconds" : 60,
+ "quickLoginCheckMilliSeconds" : 1000,
+ "maxDeltaTimeSeconds" : 43200,
+ "failureFactor" : 30,
+ "roles" : {
+ "realm" : [ {
+ "id" : "1c526b7a-28c0-47a5-aec0-29f943075f91",
+ "name" : "uma_authorization",
+ "description" : "${role_uma_authorization}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "workspace",
+ "attributes" : { }
+ }, {
+ "id" : "b26c1bab-a4d3-4ca2-ad30-dc105874ee96",
+ "name" : "default-roles-workspace",
+ "description" : "${role_default-roles}",
+ "composite" : true,
+ "composites" : {
+ "realm" : [ "offline_access", "uma_authorization" ],
+ "client" : {
+ "account" : [ "manage-account", "view-profile" ]
+ }
+ },
+ "clientRole" : false,
+ "containerId" : "workspace",
+ "attributes" : { }
+ }, {
+ "id" : "5d066a2a-170a-4e18-93c8-c41693182373",
+ "name" : "offline_access",
+ "description" : "${role_offline-access}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "workspace",
+ "attributes" : { }
+ } ],
+ "client" : {
+ "realm-management" : [ {
+ "id" : "88096272-d90e-4f76-ba17-840ee69db754",
+ "name" : "create-client",
+ "description" : "${role_create-client}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "601c29ae-ce82-452e-9b12-b408ccde392f",
+ "attributes" : { }
+ }, {
+ "id" : "765d436c-af28-4e14-9408-c82820f3e372",
+ "name" : "manage-realm",
+ "description" : "${role_manage-realm}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "601c29ae-ce82-452e-9b12-b408ccde392f",
+ "attributes" : { }
+ }, {
+ "id" : "a4143506-925d-429c-958a-e18ecbd56c09",
+ "name" : "view-authorization",
+ "description" : "${role_view-authorization}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "601c29ae-ce82-452e-9b12-b408ccde392f",
+ "attributes" : { }
+ }, {
+ "id" : "e4891fb9-e1fa-4033-a4ff-56e5352dce16",
+ "name" : "impersonation",
+ "description" : "${role_impersonation}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "601c29ae-ce82-452e-9b12-b408ccde392f",
+ "attributes" : { }
+ }, {
+ "id" : "907f9311-aecd-451d-8807-80da72a99fbf",
+ "name" : "manage-identity-providers",
+ "description" : "${role_manage-identity-providers}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "601c29ae-ce82-452e-9b12-b408ccde392f",
+ "attributes" : { }
+ }, {
+ "id" : "732a76cd-56e2-4fa9-957a-903b6bc44a95",
+ "name" : "view-users",
+ "description" : "${role_view-users}",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "realm-management" : [ "query-groups", "query-users" ]
+ }
+ },
+ "clientRole" : true,
+ "containerId" : "601c29ae-ce82-452e-9b12-b408ccde392f",
+ "attributes" : { }
+ }, {
+ "id" : "d3eec519-c389-466e-b41f-530779ad3d59",
+ "name" : "manage-authorization",
+ "description" : "${role_manage-authorization}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "601c29ae-ce82-452e-9b12-b408ccde392f",
+ "attributes" : { }
+ }, {
+ "id" : "732c2aca-c712-4a5b-8df6-5a9b5d9a9835",
+ "name" : "query-clients",
+ "description" : "${role_query-clients}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "601c29ae-ce82-452e-9b12-b408ccde392f",
+ "attributes" : { }
+ }, {
+ "id" : "641a0557-6674-406c-8bc4-3a7bf279e40c",
+ "name" : "query-users",
+ "description" : "${role_query-users}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "601c29ae-ce82-452e-9b12-b408ccde392f",
+ "attributes" : { }
+ }, {
+ "id" : "904cbf7c-3068-4dba-9733-18b74366e860",
+ "name" : "view-identity-providers",
+ "description" : "${role_view-identity-providers}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "601c29ae-ce82-452e-9b12-b408ccde392f",
+ "attributes" : { }
+ }, {
+ "id" : "5ec30d1b-8cd3-4982-ad20-9d4650572ee6",
+ "name" : "view-events",
+ "description" : "${role_view-events}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "601c29ae-ce82-452e-9b12-b408ccde392f",
+ "attributes" : { }
+ }, {
+ "id" : "a96452be-2801-4674-be18-f747f5c80f0f",
+ "name" : "manage-clients",
+ "description" : "${role_manage-clients}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "601c29ae-ce82-452e-9b12-b408ccde392f",
+ "attributes" : { }
+ }, {
+ "id" : "0a7f2d45-7725-40b0-a21a-f8554341e780",
+ "name" : "view-clients",
+ "description" : "${role_view-clients}",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "realm-management" : [ "query-clients" ]
+ }
+ },
+ "clientRole" : true,
+ "containerId" : "601c29ae-ce82-452e-9b12-b408ccde392f",
+ "attributes" : { }
+ }, {
+ "id" : "3dc64ab3-9b0c-4bee-b952-793966f69a93",
+ "name" : "realm-admin",
+ "description" : "${role_realm-admin}",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "realm-management" : [ "create-client", "manage-realm", "view-authorization", "impersonation", "view-users", "manage-identity-providers", "manage-authorization", "query-users", "query-clients", "view-identity-providers", "view-events", "view-clients", "manage-clients", "view-realm", "query-groups", "manage-events", "query-realms", "manage-users" ]
+ }
+ },
+ "clientRole" : true,
+ "containerId" : "601c29ae-ce82-452e-9b12-b408ccde392f",
+ "attributes" : { }
+ }, {
+ "id" : "d68a606e-f4f1-4594-b7cf-4b03d88bf1d6",
+ "name" : "view-realm",
+ "description" : "${role_view-realm}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "601c29ae-ce82-452e-9b12-b408ccde392f",
+ "attributes" : { }
+ }, {
+ "id" : "0badd04d-f7cd-48b4-8977-aed9dd6a7576",
+ "name" : "query-groups",
+ "description" : "${role_query-groups}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "601c29ae-ce82-452e-9b12-b408ccde392f",
+ "attributes" : { }
+ }, {
+ "id" : "039099f1-0b07-4e23-bff7-059c61fb4dfa",
+ "name" : "manage-events",
+ "description" : "${role_manage-events}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "601c29ae-ce82-452e-9b12-b408ccde392f",
+ "attributes" : { }
+ }, {
+ "id" : "c8876ad0-ff8b-4c07-b613-6e9ee27dffda",
+ "name" : "query-realms",
+ "description" : "${role_query-realms}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "601c29ae-ce82-452e-9b12-b408ccde392f",
+ "attributes" : { }
+ }, {
+ "id" : "dab08df7-f16d-46bd-8fed-4d3af256a481",
+ "name" : "manage-users",
+ "description" : "${role_manage-users}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "601c29ae-ce82-452e-9b12-b408ccde392f",
+ "attributes" : { }
+ } ],
+ "workspace" : [ ],
+ "security-admin-console" : [ ],
+ "admin-cli" : [ ],
+ "account-console" : [ ],
+ "broker" : [ {
+ "id" : "e8383f80-dca9-44f6-b87a-06197be407bf",
+ "name" : "read-token",
+ "description" : "${role_read-token}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "d8ff5a88-70e9-4255-b952-c8a7ac2fe45a",
+ "attributes" : { }
+ } ],
+ "account" : [ {
+ "id" : "1d34a5b2-2f7f-4c91-bc74-71b0a06db79d",
+ "name" : "view-applications",
+ "description" : "${role_view-applications}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "91ee30e5-b866-47f8-a85b-0d8c9a8bbd1a",
+ "attributes" : { }
+ }, {
+ "id" : "75d9c49a-c7ac-4d01-9aab-3a631953a81d",
+ "name" : "view-consent",
+ "description" : "${role_view-consent}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "91ee30e5-b866-47f8-a85b-0d8c9a8bbd1a",
+ "attributes" : { }
+ }, {
+ "id" : "8fbbdc70-82de-4993-8728-2f12e1e47885",
+ "name" : "delete-account",
+ "description" : "${role_delete-account}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "91ee30e5-b866-47f8-a85b-0d8c9a8bbd1a",
+ "attributes" : { }
+ }, {
+ "id" : "06d84f72-07a5-47fd-8c2d-0c551003328d",
+ "name" : "manage-account",
+ "description" : "${role_manage-account}",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "account" : [ "manage-account-links" ]
+ }
+ },
+ "clientRole" : true,
+ "containerId" : "91ee30e5-b866-47f8-a85b-0d8c9a8bbd1a",
+ "attributes" : { }
+ }, {
+ "id" : "e9948c4f-4001-4322-bd7c-bcc53ab57b3d",
+ "name" : "manage-consent",
+ "description" : "${role_manage-consent}",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "account" : [ "view-consent" ]
+ }
+ },
+ "clientRole" : true,
+ "containerId" : "91ee30e5-b866-47f8-a85b-0d8c9a8bbd1a",
+ "attributes" : { }
+ }, {
+ "id" : "aaa57ba7-a8bc-4aac-998c-889e91ba4cb2",
+ "name" : "view-profile",
+ "description" : "${role_view-profile}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "91ee30e5-b866-47f8-a85b-0d8c9a8bbd1a",
+ "attributes" : { }
+ }, {
+ "id" : "b966c1e2-26c7-43ea-8a28-c87812afcfcf",
+ "name" : "manage-account-links",
+ "description" : "${role_manage-account-links}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "91ee30e5-b866-47f8-a85b-0d8c9a8bbd1a",
+ "attributes" : { }
+ } ]
+ }
+ },
+ "groups" : [ ],
+ "defaultRole" : {
+ "id" : "b26c1bab-a4d3-4ca2-ad30-dc105874ee96",
+ "name" : "default-roles-workspace",
+ "description" : "${role_default-roles}",
+ "composite" : true,
+ "clientRole" : false,
+ "containerId" : "workspace"
+ },
+ "requiredCredentials" : [ "password" ],
+ "otpPolicyType" : "totp",
+ "otpPolicyAlgorithm" : "HmacSHA1",
+ "otpPolicyInitialCounter" : 0,
+ "otpPolicyDigits" : 6,
+ "otpPolicyLookAheadWindow" : 1,
+ "otpPolicyPeriod" : 30,
+ "otpSupportedApplications" : [ "FreeOTP", "Google Authenticator" ],
+ "webAuthnPolicyRpEntityName" : "keycloak",
+ "webAuthnPolicySignatureAlgorithms" : [ "ES256" ],
+ "webAuthnPolicyRpId" : "",
+ "webAuthnPolicyAttestationConveyancePreference" : "not specified",
+ "webAuthnPolicyAuthenticatorAttachment" : "not specified",
+ "webAuthnPolicyRequireResidentKey" : "not specified",
+ "webAuthnPolicyUserVerificationRequirement" : "not specified",
+ "webAuthnPolicyCreateTimeout" : 0,
+ "webAuthnPolicyAvoidSameAuthenticatorRegister" : false,
+ "webAuthnPolicyAcceptableAaguids" : [ ],
+ "webAuthnPolicyPasswordlessRpEntityName" : "keycloak",
+ "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ],
+ "webAuthnPolicyPasswordlessRpId" : "",
+ "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified",
+ "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified",
+ "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified",
+ "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified",
+ "webAuthnPolicyPasswordlessCreateTimeout" : 0,
+ "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false,
+ "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ],
+ "users" : [ {
+ "id" : "1c9732e6-1a50-43aa-a21b-9218f1ce1003",
+ "createdTimestamp" : 1666785775228,
+ "username" : "service-account-workspace",
+ "enabled" : true,
+ "totp" : false,
+ "emailVerified" : false,
+ "serviceAccountClientId" : "workspace",
+ "credentials" : [ ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "default-roles-workspace" ],
+ "notBefore" : 0,
+ "groups" : [ ]
+ }, {
+ "id" : "e95d61a5-a3f3-498c-8de8-ed2907c4839f",
+ "createdTimestamp" : 1666784357923,
+ "username" : "signer",
+ "enabled" : true,
+ "totp" : false,
+ "emailVerified" : false,
+ "credentials" : [ {
+ "id" : "38f10b1e-bdc5-458d-b25a-99e70b49853d",
+ "type" : "password",
+ "createdDate" : 1666784368658,
+ "secretData" : "{\"value\":\"Z4nmpZQdCIud4I+OBH9HolRiyyc42ne51BbGmNitTH6twSZCe+qd25riOAkVBilphHzEUrbVYOmh7QeRNVmLWg==\",\"salt\":\"gEJ5XnTMnevuZPk6wZIUvQ==\",\"additionalParameters\":{}}",
+ "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
+ } ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "default-roles-workspace" ],
+ "notBefore" : 0,
+ "groups" : [ ]
+ } ],
+ "scopeMappings" : [ {
+ "clientScope" : "offline_access",
+ "roles" : [ "offline_access" ]
+ } ],
+ "clientScopeMappings" : {
+ "account" : [ {
+ "client" : "account-console",
+ "roles" : [ "manage-account" ]
+ } ]
+ },
+ "clients" : [ {
+ "id" : "91ee30e5-b866-47f8-a85b-0d8c9a8bbd1a",
+ "clientId" : "account",
+ "name" : "${client_account}",
+ "rootUrl" : "${authBaseUrl}",
+ "baseUrl" : "/realms/workspace/account/",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "redirectUris" : [ "/realms/workspace/account/*" ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : false,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : true,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : { },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "684d6aa5-714e-4c29-b195-4f2d2dcc5593",
+ "clientId" : "account-console",
+ "name" : "${client_account-console}",
+ "rootUrl" : "${authBaseUrl}",
+ "baseUrl" : "/realms/workspace/account/",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "redirectUris" : [ "/realms/workspace/account/*" ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : false,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : true,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "pkce.code.challenge.method" : "S256"
+ },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "protocolMappers" : [ {
+ "id" : "a23f97e6-2f46-4a2c-8506-dc837f1c116d",
+ "name" : "audience resolve",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-audience-resolve-mapper",
+ "consentRequired" : false,
+ "config" : { }
+ } ],
+ "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "6ba2bf58-3032-4f5e-bbdc-b1b55b3cafcf",
+ "clientId" : "admin-cli",
+ "name" : "${client_admin-cli}",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "redirectUris" : [ ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : false,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : true,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : true,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : { },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "d8ff5a88-70e9-4255-b952-c8a7ac2fe45a",
+ "clientId" : "broker",
+ "name" : "${client_broker}",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "redirectUris" : [ ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : true,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : false,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : false,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : { },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "601c29ae-ce82-452e-9b12-b408ccde392f",
+ "clientId" : "realm-management",
+ "name" : "${client_realm-management}",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "redirectUris" : [ ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : true,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : false,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : false,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : { },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "0769b24b-b997-40ea-a4ec-4c017d3bc89c",
+ "clientId" : "security-admin-console",
+ "name" : "${client_security-admin-console}",
+ "rootUrl" : "${authAdminUrl}",
+ "baseUrl" : "/admin/workspace/console/",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "redirectUris" : [ "/admin/workspace/console/*" ],
+ "webOrigins" : [ "+" ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : false,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : true,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "pkce.code.challenge.method" : "S256"
+ },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "protocolMappers" : [ {
+ "id" : "2522f1da-d381-47e9-910c-17e1fc9341cc",
+ "name" : "locale",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "locale",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "locale",
+ "jsonType.label" : "String"
+ }
+ } ],
+ "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "3bf9b7e9-cb9d-408c-97e0-1a22f9c6ac53",
+ "clientId" : "workspace",
+ "rootUrl" : "http://localhost:8500/",
+ "adminUrl" : "http://localhost:8500/",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "secret" : "79bdTGYCKLz9wYSY61vpQF5d4CyZBpsZ",
+ "redirectUris" : [ "http://localhost:8500/*" ],
+ "webOrigins" : [ "http://localhost:8500" ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : false,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : false,
+ "serviceAccountsEnabled" : true,
+ "publicClient" : false,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "access.token.lifespan" : "3600",
+ "saml.force.post.binding" : "false",
+ "saml.multivalued.roles" : "false",
+ "frontchannel.logout.session.required" : "false",
+ "oauth2.device.authorization.grant.enabled" : "false",
+ "backchannel.logout.revoke.offline.tokens" : "false",
+ "saml.server.signature.keyinfo.ext" : "false",
+ "use.refresh.tokens" : "false",
+ "oidc.ciba.grant.enabled" : "false",
+ "backchannel.logout.session.required" : "true",
+ "client_credentials.use_refresh_token" : "false",
+ "require.pushed.authorization.requests" : "false",
+ "saml.client.signature" : "false",
+ "saml.allow.ecp.flow" : "false",
+ "id.token.as.detached.signature" : "false",
+ "saml.assertion.signature" : "false",
+ "client.secret.creation.time" : "1666783980",
+ "saml.encrypt" : "false",
+ "saml.server.signature" : "false",
+ "exclude.session.state.from.auth.response" : "false",
+ "saml.artifact.binding" : "false",
+ "saml_force_name_id_format" : "false",
+ "acr.loa.map" : "{}",
+ "tls.client.certificate.bound.access.tokens" : "false",
+ "saml.authnstatement" : "false",
+ "display.on.consent.screen" : "false",
+ "token.response.type.bearer.lower-case" : "false",
+ "saml.onetimeuse.condition" : "false"
+ },
+ "authenticationFlowBindingOverrides" : {
+ "direct_grant" : "4a4ecd57-0047-4916-89d1-a8b86850d648",
+ "browser" : "43e280fc-b6d6-4eed-906f-6e312abdb664"
+ },
+ "fullScopeAllowed" : true,
+ "nodeReRegistrationTimeout" : -1,
+ "protocolMappers" : [ {
+ "id" : "6b09eee9-d37c-4d25-879a-c0e9d79a2b1c",
+ "name" : "Client ID",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usersessionmodel-note-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "user.session.note" : "clientId",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "clientId",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "c033ad91-09ed-4a12-b560-9ea70b9e000f",
+ "name" : "Client Host",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usersessionmodel-note-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "user.session.note" : "clientHost",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "clientHost",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "b900d147-9753-49b0-8afd-00269e064936",
+ "name" : "Client IP Address",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usersessionmodel-note-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "user.session.note" : "clientAddress",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "clientAddress",
+ "jsonType.label" : "String"
+ }
+ } ],
+ "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ } ],
+ "clientScopes" : [ {
+ "id" : "940b2557-8009-48f7-b856-5f4396df463b",
+ "name" : "web-origins",
+ "description" : "OpenID Connect scope for add allowed web origins to the access token",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "false",
+ "display.on.consent.screen" : "false",
+ "consent.screen.text" : ""
+ },
+ "protocolMappers" : [ {
+ "id" : "adfcd344-6c9c-4923-ad80-c7a71a920428",
+ "name" : "allowed web origins",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-allowed-origins-mapper",
+ "consentRequired" : false,
+ "config" : { }
+ } ]
+ }, {
+ "id" : "dccea698-7706-4f4e-af80-3b0b7aed0df4",
+ "name" : "roles",
+ "description" : "OpenID Connect scope for add user roles to the access token",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "false",
+ "display.on.consent.screen" : "true",
+ "consent.screen.text" : "${rolesScopeConsentText}"
+ },
+ "protocolMappers" : [ {
+ "id" : "03de2044-d565-4dad-97c7-bb127cbf5c87",
+ "name" : "client roles",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-client-role-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "user.attribute" : "foo",
+ "access.token.claim" : "true",
+ "claim.name" : "resource_access.${client_id}.roles",
+ "jsonType.label" : "String",
+ "multivalued" : "true"
+ }
+ }, {
+ "id" : "085c7590-822f-46ef-a2d5-bae5665d06b1",
+ "name" : "audience resolve",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-audience-resolve-mapper",
+ "consentRequired" : false,
+ "config" : { }
+ }, {
+ "id" : "818d871e-abc9-408c-992c-33cd9445467f",
+ "name" : "realm roles",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-realm-role-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "user.attribute" : "foo",
+ "access.token.claim" : "true",
+ "claim.name" : "realm_access.roles",
+ "jsonType.label" : "String",
+ "multivalued" : "true"
+ }
+ } ]
+ }, {
+ "id" : "3e932ca1-1169-4b98-b5e8-821e1678a8c2",
+ "name" : "role_list",
+ "description" : "SAML role list",
+ "protocol" : "saml",
+ "attributes" : {
+ "consent.screen.text" : "${samlRoleListScopeConsentText}",
+ "display.on.consent.screen" : "true"
+ },
+ "protocolMappers" : [ {
+ "id" : "4db78a1a-5eff-427c-a729-3811b33fa2d8",
+ "name" : "role list",
+ "protocol" : "saml",
+ "protocolMapper" : "saml-role-list-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "single" : "false",
+ "attribute.nameformat" : "Basic",
+ "attribute.name" : "Role"
+ }
+ } ]
+ }, {
+ "id" : "ff8d7148-3b1c-434f-82e5-2a06639a594d",
+ "name" : "microprofile-jwt",
+ "description" : "Microprofile - JWT built-in scope",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "false"
+ },
+ "protocolMappers" : [ {
+ "id" : "581331a9-f58c-44af-8871-40c9db911175",
+ "name" : "upn",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "username",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "upn",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "3a5a3cdf-98ca-4297-a610-f20d6596f6ea",
+ "name" : "groups",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-realm-role-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "multivalued" : "true",
+ "user.attribute" : "foo",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "groups",
+ "jsonType.label" : "String"
+ }
+ } ]
+ }, {
+ "id" : "e7c4c3d2-8ae9-469d-bd67-262171d3aec8",
+ "name" : "address",
+ "description" : "OpenID Connect built-in scope: address",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "true",
+ "consent.screen.text" : "${addressScopeConsentText}"
+ },
+ "protocolMappers" : [ {
+ "id" : "f9aa0066-0101-4429-9364-4f1a1d4222c6",
+ "name" : "address",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-address-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "user.attribute.formatted" : "formatted",
+ "user.attribute.country" : "country",
+ "user.attribute.postal_code" : "postal_code",
+ "userinfo.token.claim" : "true",
+ "user.attribute.street" : "street",
+ "id.token.claim" : "true",
+ "user.attribute.region" : "region",
+ "access.token.claim" : "true",
+ "user.attribute.locality" : "locality"
+ }
+ } ]
+ }, {
+ "id" : "116d668b-c651-45e8-bf86-4eeeb5f15ab8",
+ "name" : "profile",
+ "description" : "OpenID Connect built-in scope: profile",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "true",
+ "consent.screen.text" : "${profileScopeConsentText}"
+ },
+ "protocolMappers" : [ {
+ "id" : "8f2d9d2c-f4e4-4a4e-85c7-467009799c27",
+ "name" : "middle name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "middleName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "middle_name",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "31acc2d9-f2db-4954-ad59-3df731c2ef0b",
+ "name" : "nickname",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "nickname",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "nickname",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "cac418c2-beaf-4476-9f3e-fe4bacc325c9",
+ "name" : "zoneinfo",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "zoneinfo",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "zoneinfo",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "1408f824-2e67-459b-aea7-264b65906fe7",
+ "name" : "locale",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "locale",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "locale",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "5e02164d-f50c-4b45-9e35-e02f5cd04cea",
+ "name" : "family name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "lastName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "family_name",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "ece559ef-6dd7-41e5-adfe-07cd8d4792c6",
+ "name" : "gender",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "gender",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "gender",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "3f1ea1f0-ea30-486c-8735-38b7a890478f",
+ "name" : "given name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "firstName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "given_name",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "9281d2ea-b77e-4be6-851e-3bcf72851de4",
+ "name" : "full name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-full-name-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "userinfo.token.claim" : "true"
+ }
+ }, {
+ "id" : "b0701d18-9ebe-4ac0-bd6c-f0dcbdcd8440",
+ "name" : "username",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "username",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "preferred_username",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "6d250a51-da6b-4c89-a9d5-350be8542718",
+ "name" : "website",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "website",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "website",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "fa0111d1-10ca-4915-a58f-10348dbc6ad3",
+ "name" : "picture",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "picture",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "picture",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "a7b30dbd-82a4-4be4-88c0-9b256910399c",
+ "name" : "updated at",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "updatedAt",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "updated_at",
+ "jsonType.label" : "long"
+ }
+ }, {
+ "id" : "0c771fb7-9c49-4358-a9f8-d636db6d2a2a",
+ "name" : "birthdate",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "birthdate",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "birthdate",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "0f67d221-254c-454e-8148-832a089a772f",
+ "name" : "profile",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "profile",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "profile",
+ "jsonType.label" : "String"
+ }
+ } ]
+ }, {
+ "id" : "29363996-9330-4536-9c87-bff67af5882e",
+ "name" : "acr",
+ "description" : "OpenID Connect scope for add acr (authentication context class reference) to the token",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "false",
+ "display.on.consent.screen" : "false"
+ },
+ "protocolMappers" : [ {
+ "id" : "aaa4a9dc-4d62-4941-8afc-d25d7539908d",
+ "name" : "acr loa level",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-acr-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "id.token.claim" : "true",
+ "access.token.claim" : "true"
+ }
+ } ]
+ }, {
+ "id" : "23c17eda-4e0c-479d-ab8e-c38672241c76",
+ "name" : "email",
+ "description" : "OpenID Connect built-in scope: email",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "true",
+ "consent.screen.text" : "${emailScopeConsentText}"
+ },
+ "protocolMappers" : [ {
+ "id" : "eaa32e7e-693f-44be-9178-243d5cab3db5",
+ "name" : "email",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "email",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "email",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "fc3190df-a543-43d9-bcc3-c0ed1726fb74",
+ "name" : "email verified",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "emailVerified",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "email_verified",
+ "jsonType.label" : "boolean"
+ }
+ } ]
+ }, {
+ "id" : "1ee99458-3ff2-4742-b008-5685646d8016",
+ "name" : "offline_access",
+ "description" : "OpenID Connect built-in scope: offline_access",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "consent.screen.text" : "${offlineAccessScopeConsentText}",
+ "display.on.consent.screen" : "true"
+ }
+ }, {
+ "id" : "7976bdeb-8636-47e3-a8c0-58eafbfdb63c",
+ "name" : "phone",
+ "description" : "OpenID Connect built-in scope: phone",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "true",
+ "consent.screen.text" : "${phoneScopeConsentText}"
+ },
+ "protocolMappers" : [ {
+ "id" : "b30fdd74-4ee8-42d1-9d4a-2b140559c403",
+ "name" : "phone number verified",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "phoneNumberVerified",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "phone_number_verified",
+ "jsonType.label" : "boolean"
+ }
+ }, {
+ "id" : "b12022f3-403d-48e2-a05c-39ece78e94c7",
+ "name" : "phone number",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "phoneNumber",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "phone_number",
+ "jsonType.label" : "String"
+ }
+ } ]
+ } ],
+ "defaultDefaultClientScopes" : [ "role_list", "profile", "email", "roles", "web-origins", "acr" ],
+ "defaultOptionalClientScopes" : [ "offline_access", "address", "phone", "microprofile-jwt" ],
+ "browserSecurityHeaders" : {
+ "contentSecurityPolicyReportOnly" : "",
+ "xContentTypeOptions" : "nosniff",
+ "xRobotsTag" : "none",
+ "xFrameOptions" : "SAMEORIGIN",
+ "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
+ "xXSSProtection" : "1; mode=block",
+ "strictTransportSecurity" : "max-age=31536000; includeSubDomains"
+ },
+ "smtpServer" : { },
+ "eventsEnabled" : false,
+ "eventsListeners" : [ "jboss-logging" ],
+ "enabledEventTypes" : [ ],
+ "adminEventsEnabled" : false,
+ "adminEventsDetailsEnabled" : false,
+ "identityProviders" : [ ],
+ "identityProviderMappers" : [ ],
+ "components" : {
+ "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ {
+ "id" : "e0066bd7-e9fe-450a-8445-2a1d566b4ce0",
+ "name" : "Allowed Client Scopes",
+ "providerId" : "allowed-client-templates",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : {
+ "allow-default-scopes" : [ "true" ]
+ }
+ }, {
+ "id" : "b13748f7-f1ed-491a-a7bd-e025199b5077",
+ "name" : "Full Scope Disabled",
+ "providerId" : "scope",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : { }
+ }, {
+ "id" : "9c441c99-9602-4917-b5c1-59b6cf5ecd35",
+ "name" : "Allowed Protocol Mapper Types",
+ "providerId" : "allowed-protocol-mappers",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : {
+ "allowed-protocol-mapper-types" : [ "oidc-full-name-mapper", "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-property-mapper", "oidc-address-mapper", "saml-user-attribute-mapper", "saml-user-property-mapper", "saml-role-list-mapper" ]
+ }
+ }, {
+ "id" : "18028b17-78ac-476c-b7f2-691540c5fc51",
+ "name" : "Allowed Client Scopes",
+ "providerId" : "allowed-client-templates",
+ "subType" : "authenticated",
+ "subComponents" : { },
+ "config" : {
+ "allow-default-scopes" : [ "true" ]
+ }
+ }, {
+ "id" : "bb0a56dc-98bb-4369-ab58-3a7af6431737",
+ "name" : "Consent Required",
+ "providerId" : "consent-required",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : { }
+ }, {
+ "id" : "5f88c6ec-1267-476f-882d-81ce3f1b34a3",
+ "name" : "Max Clients Limit",
+ "providerId" : "max-clients",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : {
+ "max-clients" : [ "200" ]
+ }
+ }, {
+ "id" : "46ba84aa-79f0-4bd6-878e-f6b12c1ece68",
+ "name" : "Allowed Protocol Mapper Types",
+ "providerId" : "allowed-protocol-mappers",
+ "subType" : "authenticated",
+ "subComponents" : { },
+ "config" : {
+ "allowed-protocol-mapper-types" : [ "saml-user-attribute-mapper", "oidc-address-mapper", "saml-role-list-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-full-name-mapper", "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", "saml-user-property-mapper" ]
+ }
+ }, {
+ "id" : "0ec2625b-e6e2-4f74-8a97-96365f14591f",
+ "name" : "Trusted Hosts",
+ "providerId" : "trusted-hosts",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : {
+ "host-sending-registration-request-must-match" : [ "true" ],
+ "client-uris-must-match" : [ "true" ]
+ }
+ } ],
+ "org.keycloak.keys.KeyProvider" : [ {
+ "id" : "f99df0e5-f7f8-4efc-b148-64c4443085e2",
+ "name" : "rsa-enc-generated",
+ "providerId" : "rsa-enc-generated",
+ "subComponents" : { },
+ "config" : {
+ "privateKey" : [ "MIIEowIBAAKCAQEAkpCN6rfjcPfVOX1G7TBVOVTH/oTijxrXdFrUc3TW28xvTHnnDnlHMhjl96IGuveMnktapvmxx5J/9KpRKtZLRGzpDScHyEwYw/eX/b5jfmI86MvcprH40qUV6G20VNNHneK5RHLBFgqaBbK+ov8HEKuGCFOdDtKcmynCa5CLEetGXvFXpAne5oMa+dOJJ+6RsnrsVYfj317LF90uAHSfwtu3C9XL682uh6jPtChwNNP8PQzOjTLl8h8NOJNJE2kZphgvBwTAOidABUMUXD2h7raLas7jTl181TbH8p5b5XeqihBn/EXaEuAGrPFnDBcJv57r9trJbHRV6FxV1PR06wIDAQABAoIBAGJHgIKGMINODLLyKJ9gK6W4DivDm9BuJU+moJOTI4hb+74CeEeiV3VmcL6u7WhuGuMCkJUrFmVG/XpowujArdQCW/wv0e4j6O9vlYHXKwxSf5lzKlC1Qq6teJVVCvlee8WJhMY7VPKcxU9Q3riZ3nj1K3ll6AlKfS0mwXIziK3IXFCqk0IvwmDQbKFXfF2TrSTosXcEIQE1B3NZ0lFT2Jn7yVjPQmIjFXkAcQP8EX2cg7agorZIK8/zK/fAitxPgXbfDd043WBDf5/bl78aIa/MnMnqtXxQVULW94sET6wPr+kWX5078kRVcTqU6v8FDmJH0q8V6cH+Wy/yuPDFgOECgYEAzELbikF1royhlaaPJAji1fls7psJDXOtPaYbY7gXu7zveETVDdaco1KmxGa7/W19r+mOg2L1k4Q54uLCB/304kVX1JYw55tCzr0Pn7QSiKp/6RcbzeHiPwziM11tidK7y2Jyi7YnqR3Aa/Q3XzrmyzU9rsg9WtFZbfGsXoxaR2MCgYEAt7BqjLUzDdOsGxKU/vlGLjLo7Z4JBqWJ9bE47ohn1MMCxRUs4UJ4GnsHaj2/RqXXZy+YefvRcq13lGi8L680o9Ttw2ZiYHvvbgMPEq60gIPY+45pACfEUReuhXLbZ9Qgf6ZW2HdnHZqoYr1xwJXZ8I4McJpSZZm3z3LoQbv55tkCgYBJILqGoe7m4fRLpojipsfHQXgtaJXyGfLw+lId/l+I2BiH32TDgo0rr8CC2iD9l0CDRUO/aCNxf8pVn0dGIzaT9619L5Qspxpg97DrRUXJZflLUvmiWPduCUfGifFYgXi4VPObb0h9tGgafiGA146fO91sgMXuiLrSsM48P1Vm7wKBgEUNp/B/idLP2SpQQPzdPtnNP61cNK5v+r4HQozBcK8WJGtse3OvJjFmQLJaxhZL7/8VcG+jD+jZd1OuT9hpOBPCzyMe0SrOTIMB2V+/l5GcfyyKK8ToLjACBBScyghtQU5bfNhhgr0pT9XWu/WXH9gDvn9yNDmHoQb2foN/pAF5AoGBAIgbqGX1En34P24eVm1hKABxFJBB2kAAh4O7Uf3eN29AjE31nxjmoSMk+8cqTIgYmCn8/cpddddskriBvozycvc63bVKQKKamKyhg0jlwNXPJbFW91lGoi/dLrP3efbNTMaWLAUSkDurajw6jrqBUZFcx/zz9s0+4YhauzPY7juh" ],
+ "keyUse" : [ "ENC" ],
+ "certificate" : [ "MIICoTCCAYkCBgGEFBCzazANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAl3b3Jrc3BhY2UwHhcNMjIxMDI2MTEzMDQ5WhcNMzIxMDI2MTEzMjI5WjAUMRIwEAYDVQQDDAl3b3Jrc3BhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCSkI3qt+Nw99U5fUbtMFU5VMf+hOKPGtd0WtRzdNbbzG9MeecOeUcyGOX3oga694yeS1qm+bHHkn/0qlEq1ktEbOkNJwfITBjD95f9vmN+Yjzoy9ymsfjSpRXobbRU00ed4rlEcsEWCpoFsr6i/wcQq4YIU50O0pybKcJrkIsR60Ze8VekCd7mgxr504kn7pGyeuxVh+PfXssX3S4AdJ/C27cL1cvrza6HqM+0KHA00/w9DM6NMuXyHw04k0kTaRmmGC8HBMA6J0AFQxRcPaHutotqzuNOXXzVNsfynlvld6qKEGf8RdoS4Aas8WcMFwm/nuv22slsdFXoXFXU9HTrAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAEA9oSzfIM1KQO3lDDj+cBFVAlFd4iZsmYQVkYxlPu7ipRGJfve3I7hSTVUisy499ybVWpZuhAgNASwD0Tf4dwJeRer8c5EuK7yhbkLQ4PiAb3Um75G7zwQhHEGG8Mb+N+cpSVyI3P4gNcEBIND9ilO/nj4qDpB9AaDal2rALG9tC1Rh/0rgmbv0Y1Bm5n5quGem4kwZl0SvVfuPc7TAi1bY5fwK0eEQSLWsoT/+ZWc/eqDPWZMihF+lKjXHdWwPW9hGwbgHQTP8c+35au7x5H30subU1UqzhpqzJF8fkGyd4QiAdD0hbfPRNf2MIy2aKeP1afWnBcH15teMo+eQ7Vo=" ],
+ "priority" : [ "100" ],
+ "algorithm" : [ "RSA-OAEP" ]
+ }
+ }, {
+ "id" : "a5915b2a-8b94-446d-8209-05a6a1993442",
+ "name" : "rsa-generated",
+ "providerId" : "rsa-generated",
+ "subComponents" : { },
+ "config" : {
+ "privateKey" : [ "MIIEogIBAAKCAQEAlKbQCmhCAS3tCnth6DkcmNyz3SMe5AxVrX8KZuC9du35o7LqUe3Uec09KxA0YXmppcnm2rahe0PhWpOyK53NZcnyVaDBVfKa3QDtx+6ROWWHGdTMKEvaZQ+zRF8TKMstNA83OxQdxAFQykfWz6tWHmoS9pb3XQ/gGWhrWlK4z4/NhddeVlAl3vkAhVKa/7npE/c5T8VPNRnB3f2tbPfZZlTTDZIm3cxXYDR5IRGy5wGqHUhcpAfg4G4D6s6D9mMESuEWWQnVSYUWpOr6ugOISq8Xp2ys1ds7aQD/fako89iUtodCkYyUJpHzw4OlAqrhE63RR4lAmN76wyGcAnLtoQIDAQABAoIBAG5HLnF6FPVhB8hN7j1kGSYCHWFBi8osqGcUpzfZJFWViCx8L79mC8nsi6Nl2yYxJrz6gsvgzv1uR0F17qjS4azQ23nQz30ehOrNpJk9D/mfq1Frf6WpWDS/KAPh8InD6R4E57lpXAer3i6iiub3OeVIVhcfuhUNEPhocbPJSJeZ+p2D+NsrJjw2lnG2C2RiFg/ae0BaAk72YafDTbrXySc+xohIp/7oYQAiFJ7gYxUSS94UzDma9PvlGJaBmor7vNZpruAPYjVMmvARSPavmWQ3rV/0SKqR/MG20hOBh00faKxefvO2rQ5RZRQPrKAVoiCFPY7QUMyf0Es3FhqpfF0CgYEAx8UizVR/tS4/IihvaBxSTxc6pyl5UGRmIfHqrsrtES5L0u8G6BLLI3lRu6Y0fd0F/Spz7e8m5BulisdmI56fh6sreBDxAtslE3rMrBLWl9fY4Ur3fJZsN4+761PL3tqJYCRkx8KDvaGOh9ba71sdngrHyUE+PIhM/S1D3JRpjasCgYEAvn455qdiu5mHCbYpCfaOzODCLZNSTh44kX0lx3SsJYL6eWyLhzSbMNWwOZNqsIV/YqlvzZ0kLoRrBRBgoBf0pVSC1kKA8yLsIoA2WAEsslapPLfuPiOF/zYgwO+4Z/daqfxhMdAdq1JvwB8ec5h9xm1x/yLhNYXzBbnCNpEZ7eMCgYAHYsN5ofEiyrXs1l/gEoP8hphVi9P/Y+bexGnv0nLXWsXU4592vxMhmZ+q92cjbCOHi6VDm77tWhRRwDOHh5rQUkTGKKIwf9esE7MzfXLPpFxRYAssYQdZOogxGCUGdT/0/QN42zkxrqJtZUUs6kp7CF0AlNfvNv7ZsW273wTUBwKBgEAYMp00JtleX/xZiVdr2UKAQXWaQzA7pOb3B9YjoKSCfIqMhin4/lqhG8lTm6tHT8Q/pHm3bOwl6+hpSUm0pcFXPSqgd8jXMEKvhxl3U7WxyQHAFW5c/4IOkVi5j/+TT7MwUveywbjaZPVsww87+N3iB2BEOSiMKGf9x6YajnHnAoGAa5dfz7t8mB/0mMyzqk9a5sWNY5+3OtONBe8LCLVc49MZZCMWNIsM9V9Pb2KtbptPy8tKkgzCHLnLgFhfKSv+ArB39PyH2UFYZWZOBOfU8iZIJQ860YXyK4KXmdO43cqTXREnFL1LWRHNo3lWX0mOq3MXc7JvaTTt6Urlkau7poc=" ],
+ "keyUse" : [ "SIG" ],
+ "certificate" : [ "MIICoTCCAYkCBgGEFBCy0jANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAl3b3Jrc3BhY2UwHhcNMjIxMDI2MTEzMDQ5WhcNMzIxMDI2MTEzMjI5WjAUMRIwEAYDVQQDDAl3b3Jrc3BhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCUptAKaEIBLe0Ke2HoORyY3LPdIx7kDFWtfwpm4L127fmjsupR7dR5zT0rEDRheamlyebatqF7Q+Fak7Irnc1lyfJVoMFV8prdAO3H7pE5ZYcZ1MwoS9plD7NEXxMoyy00Dzc7FB3EAVDKR9bPq1YeahL2lvddD+AZaGtaUrjPj82F115WUCXe+QCFUpr/uekT9zlPxU81GcHd/a1s99lmVNMNkibdzFdgNHkhEbLnAaodSFykB+DgbgPqzoP2YwRK4RZZCdVJhRak6vq6A4hKrxenbKzV2ztpAP99qSjz2JS2h0KRjJQmkfPDg6UCquETrdFHiUCY3vrDIZwCcu2hAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGftTJ9CvjZnkOgKx8QZuDwmT5FfSUQMSsVmWDML8+HUGT/t/ZYYebLXqSVu1ig6G+LL96wxAWeWhZegB3cIkbpCJy6Fr0GRVMpbagB5/hHyF+mHJ4rRV/b/N5+cCcxFEllp2KUW9wLSJPoHKwL66Xias9MMr+AyaHKvWU5oA5tNPl1ljeu/kIYVCB03r/KsAjyGW4dC7zsbdMMVpKNhZI5KfydwSH40zHZCOSXXutaBYefare2MhrV0juX+yoCeuAJLK7dHNqeeDZOHo/Vqip+XFSDR5UkjmpjTrLquiVnFwvKG1yk9AO8rM/PwKR/t5L60cpsW3+96hVjjOkkMrZ8=" ],
+ "priority" : [ "100" ]
+ }
+ }, {
+ "id" : "a6fdf757-aaf5-4996-ac42-a161505b5b8b",
+ "name" : "hmac-generated",
+ "providerId" : "hmac-generated",
+ "subComponents" : { },
+ "config" : {
+ "kid" : [ "3b241b88-b87f-4d01-bfd0-4c4bf8da41b5" ],
+ "secret" : [ "xfFIz9tJIM2BFlnvEfFg1ZcNCJJh14LYKGWQIFW-fHNKrHv18MnCWzb4xAEe2IGK2diRUE7BifyZYGppAc2Cig" ],
+ "priority" : [ "100" ],
+ "algorithm" : [ "HS256" ]
+ }
+ }, {
+ "id" : "b51a7097-8ceb-4775-bbb0-8415c19b02b1",
+ "name" : "aes-generated",
+ "providerId" : "aes-generated",
+ "subComponents" : { },
+ "config" : {
+ "kid" : [ "1925490f-36b6-404e-8ae8-1f92d4f0425e" ],
+ "secret" : [ "oIx5m32a854CgZ7ZFPtIJA" ],
+ "priority" : [ "100" ]
+ }
+ } ]
+ },
+ "internationalizationEnabled" : false,
+ "supportedLocales" : [ ],
+ "authenticationFlows" : [ {
+ "id" : "7631336c-e417-4ecc-a59d-122821b3ce81",
+ "alias" : "Account verification options",
+ "description" : "Method with which to verity the existing account",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "idp-email-verification",
+ "authenticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticatorFlow" : true,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 20,
+ "autheticatorFlow" : true,
+ "flowAlias" : "Verify Existing Account by Re-authentication",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "258c2127-3a30-4bab-853f-a587530c3b9b",
+ "alias" : "Authentication Options",
+ "description" : "Authentication options.",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "basic-auth",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "basic-auth-otp",
+ "authenticatorFlow" : false,
+ "requirement" : "DISABLED",
+ "priority" : 20,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "auth-spnego",
+ "authenticatorFlow" : false,
+ "requirement" : "DISABLED",
+ "priority" : 30,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "7d81a6d9-4d03-4e62-b88f-1120567c2011",
+ "alias" : "Browser - Conditional OTP",
+ "description" : "Flow to determine if the OTP is required for the authentication",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "conditional-user-configured",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "auth-otp-form",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "11faf1fe-3295-49a1-930f-ba3325a660ab",
+ "alias" : "Direct Grant - Conditional OTP",
+ "description" : "Flow to determine if the OTP is required for the authentication",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "conditional-user-configured",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "direct-grant-validate-otp",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "15650875-afc5-453f-93a0-d583128f3290",
+ "alias" : "First broker login - Conditional OTP",
+ "description" : "Flow to determine if the OTP is required for the authentication",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "conditional-user-configured",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "auth-otp-form",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "f0b232a5-e235-4f22-be36-143e6481a2dc",
+ "alias" : "Handle Existing Account",
+ "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "idp-confirm-link",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticatorFlow" : true,
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "autheticatorFlow" : true,
+ "flowAlias" : "Account verification options",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "7603e3d5-c254-4540-a9f0-df264476848f",
+ "alias" : "Reset - Conditional OTP",
+ "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "conditional-user-configured",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "reset-otp",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "59742bbc-7b18-41d5-8c86-c7c8004fd608",
+ "alias" : "User creation or linking",
+ "description" : "Flow for the existing/non-existing user alternatives",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticatorConfig" : "create unique user config",
+ "authenticator" : "idp-create-user-if-unique",
+ "authenticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticatorFlow" : true,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 20,
+ "autheticatorFlow" : true,
+ "flowAlias" : "Handle Existing Account",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "14d3d5f1-d181-4265-b921-b573d80d3a6e",
+ "alias" : "Verify Existing Account by Re-authentication",
+ "description" : "Reauthentication of existing account",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "idp-username-password-form",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticatorFlow" : true,
+ "requirement" : "CONDITIONAL",
+ "priority" : 20,
+ "autheticatorFlow" : true,
+ "flowAlias" : "First broker login - Conditional OTP",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "43e280fc-b6d6-4eed-906f-6e312abdb664",
+ "alias" : "browser",
+ "description" : "browser based authentication",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "auth-cookie",
+ "authenticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "auth-spnego",
+ "authenticatorFlow" : false,
+ "requirement" : "DISABLED",
+ "priority" : 20,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "identity-provider-redirector",
+ "authenticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 25,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticatorFlow" : true,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 30,
+ "autheticatorFlow" : true,
+ "flowAlias" : "forms",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "50c732b5-f9de-4d1d-ad6f-b502ad85fcd0",
+ "alias" : "clients",
+ "description" : "Base authentication for clients",
+ "providerId" : "client-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "client-secret",
+ "authenticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "client-jwt",
+ "authenticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 20,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "client-secret-jwt",
+ "authenticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 30,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "client-x509",
+ "authenticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 40,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "4a4ecd57-0047-4916-89d1-a8b86850d648",
+ "alias" : "direct grant",
+ "description" : "OpenID Connect Resource Owner Grant",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "direct-grant-validate-username",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "direct-grant-validate-password",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticatorFlow" : true,
+ "requirement" : "CONDITIONAL",
+ "priority" : 30,
+ "autheticatorFlow" : true,
+ "flowAlias" : "Direct Grant - Conditional OTP",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "ca557f1e-8863-4f62-aa3f-b5ee357b1bfb",
+ "alias" : "docker auth",
+ "description" : "Used by Docker clients to authenticate against the IDP",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "docker-http-basic-authenticator",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "12c8619b-953e-47cb-be0c-91c23104e11a",
+ "alias" : "first broker login",
+ "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticatorConfig" : "review profile config",
+ "authenticator" : "idp-review-profile",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticatorFlow" : true,
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "autheticatorFlow" : true,
+ "flowAlias" : "User creation or linking",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "ced73c79-5847-49ec-abb6-0c2481d65d76",
+ "alias" : "forms",
+ "description" : "Username, password, otp and other auth forms.",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "auth-username-password-form",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticatorFlow" : true,
+ "requirement" : "CONDITIONAL",
+ "priority" : 20,
+ "autheticatorFlow" : true,
+ "flowAlias" : "Browser - Conditional OTP",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "5f7fe35f-a018-483b-9501-c7fafeb6cd69",
+ "alias" : "http challenge",
+ "description" : "An authentication flow based on challenge-response HTTP Authentication Schemes",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "no-cookie-redirect",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticatorFlow" : true,
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "autheticatorFlow" : true,
+ "flowAlias" : "Authentication Options",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "9a37cda7-731f-448b-87ee-7700080ac7a2",
+ "alias" : "registration",
+ "description" : "registration flow",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "registration-page-form",
+ "authenticatorFlow" : true,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : true,
+ "flowAlias" : "registration form",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "719fbc94-8477-4e26-b383-dbe06780d14e",
+ "alias" : "registration form",
+ "description" : "registration form",
+ "providerId" : "form-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "registration-user-creation",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "registration-profile-action",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 40,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "registration-password-action",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 50,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "registration-recaptcha-action",
+ "authenticatorFlow" : false,
+ "requirement" : "DISABLED",
+ "priority" : 60,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "3d9f5eeb-752c-4720-935e-8e810eec6aaf",
+ "alias" : "reset credentials",
+ "description" : "Reset credentials for a user if they forgot their password or something",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "reset-credentials-choose-user",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "reset-credential-email",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "reset-password",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 30,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticatorFlow" : true,
+ "requirement" : "CONDITIONAL",
+ "priority" : 40,
+ "autheticatorFlow" : true,
+ "flowAlias" : "Reset - Conditional OTP",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "57386993-0407-43eb-8994-cb9b50a6386a",
+ "alias" : "saml ecp",
+ "description" : "SAML ECP Profile Authentication Flow",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "http-basic-authenticator",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ } ]
+ } ],
+ "authenticatorConfig" : [ {
+ "id" : "377719f3-5189-411a-8900-791c5323f058",
+ "alias" : "create unique user config",
+ "config" : {
+ "require.password.update.after.registration" : "false"
+ }
+ }, {
+ "id" : "2cf372e5-ad11-402c-a4b7-ce4c59dd44e1",
+ "alias" : "review profile config",
+ "config" : {
+ "update.profile.on.first.login" : "missing"
+ }
+ } ],
+ "requiredActions" : [ {
+ "alias" : "CONFIGURE_TOTP",
+ "name" : "Configure OTP",
+ "providerId" : "CONFIGURE_TOTP",
+ "enabled" : true,
+ "defaultAction" : false,
+ "priority" : 10,
+ "config" : { }
+ }, {
+ "alias" : "terms_and_conditions",
+ "name" : "Terms and Conditions",
+ "providerId" : "terms_and_conditions",
+ "enabled" : false,
+ "defaultAction" : false,
+ "priority" : 20,
+ "config" : { }
+ }, {
+ "alias" : "UPDATE_PASSWORD",
+ "name" : "Update Password",
+ "providerId" : "UPDATE_PASSWORD",
+ "enabled" : true,
+ "defaultAction" : false,
+ "priority" : 30,
+ "config" : { }
+ }, {
+ "alias" : "UPDATE_PROFILE",
+ "name" : "Update Profile",
+ "providerId" : "UPDATE_PROFILE",
+ "enabled" : true,
+ "defaultAction" : false,
+ "priority" : 40,
+ "config" : { }
+ }, {
+ "alias" : "VERIFY_EMAIL",
+ "name" : "Verify Email",
+ "providerId" : "VERIFY_EMAIL",
+ "enabled" : true,
+ "defaultAction" : false,
+ "priority" : 50,
+ "config" : { }
+ }, {
+ "alias" : "delete_account",
+ "name" : "Delete Account",
+ "providerId" : "delete_account",
+ "enabled" : false,
+ "defaultAction" : false,
+ "priority" : 60,
+ "config" : { }
+ }, {
+ "alias" : "update_user_locale",
+ "name" : "Update User Locale",
+ "providerId" : "update_user_locale",
+ "enabled" : true,
+ "defaultAction" : false,
+ "priority" : 1000,
+ "config" : { }
+ } ],
+ "browserFlow" : "browser",
+ "registrationFlow" : "registration",
+ "directGrantFlow" : "direct grant",
+ "resetCredentialsFlow" : "reset credentials",
+ "clientAuthenticationFlow" : "clients",
+ "dockerAuthenticationFlow" : "docker auth",
+ "attributes" : {
+ "cibaBackchannelTokenDeliveryMode" : "poll",
+ "cibaExpiresIn" : "120",
+ "cibaAuthRequestedUserHint" : "login_hint",
+ "oauth2DeviceCodeLifespan" : "600",
+ "oauth2DevicePollingInterval" : "5",
+ "parRequestUriLifespan" : "60",
+ "cibaInterval" : "5"
+ },
+ "keycloakVersion" : "18.0.0",
+ "userManagedAccessAllowed" : false,
+ "clientProfiles" : {
+ "profiles" : [ ]
+ },
+ "clientPolicies" : {
+ "policies" : [ ]
+ }
+}
\ No newline at end of file