From a45cf7476f9564e2cafcaadb36e87e73f7a4bd16 Mon Sep 17 00:00:00 2001
From: Helmut Hutzler <helmut.hutzler@th-nuernberg.de>
Date: Mon, 24 Oct 2022 08:56:24 +0000
Subject: [PATCH] Production Keycloak Setup with SSL and Import Realm Feature
---
Keycloak/dk.yaml | 66 +
Keycloak/install-keycloak.sh | 46 +
Keycloak/ir-keycloak.yaml | 25 +
Keycloak/realm-config/RBAC-realm.json | 2320 +++++++++++++++++++++++++
4 files changed, 2457 insertions(+)
create mode 100644 Keycloak/dk.yaml
create mode 100755 Keycloak/install-keycloak.sh
create mode 100644 Keycloak/ir-keycloak.yaml
create mode 100644 Keycloak/realm-config/RBAC-realm.json
diff --git a/Keycloak/dk.yaml b/Keycloak/dk.yaml
new file mode 100644
index 0000000..00b6d54
--- /dev/null
+++ b/Keycloak/dk.yaml
@@ -0,0 +1,66 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ creationTimestamp: null
+ labels:
+ app: keycloak-oidc-deployment
+ name: keycloak-oidc-deployment
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: keycloak-oidc-deployment
+ strategy: {}
+ template:
+ metadata:
+ creationTimestamp: null
+ labels:
+ app: keycloak-oidc-deployment
+ spec:
+ containers:
+ - image: quay.io/keycloak/keycloak:latest
+ args: ["start","--import-realm", "--http-port", "8280" ]
+ name: keycloak-oidc
+ env:
+ - name: KEYCLOAK_ADMIN
+ value: admin
+ - name: KEYCLOAK_ADMIN_PASSWORD
+ value: admin
+ - name: KEYCLOAK_IMPORT
+ value: /import/RBAC-realm.json
+ - name: KC_LOG_LEVEL
+ value: DEBUG
+ - name: KC_PROXY
+ value: edge
+ - name: KC_HTTP_RELATIVE_PATH
+ value: /auth
+ - name: KC_HOSTNAME_STRICT
+ value: "false"
+ - name: KC_HOSTNAME
+ value: _INGRESS_HOST_
+ ports:
+ - name: http
+ containerPort: 8280
+ volumeMounts:
+ - name: keycloak-oidc-volume
+ mountPath: /opt/keycloak/data/import
+ resources: {}
+ volumes:
+ - name: keycloak-oidc-volume
+ configMap:
+ name: keycloak-oidc-configmap
+status: {}
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: keycloak-oidc-service
+spec:
+ type: LoadBalancer
+ selector:
+ app: keycloak-oidc-deployment
+ ports:
+ - protocol: TCP
+ port: 8285
+ targetPort: 8280
+ nodePort: 30444
diff --git a/Keycloak/install-keycloak.sh b/Keycloak/install-keycloak.sh
new file mode 100755
index 0000000..1e0f8d6
--- /dev/null
+++ b/Keycloak/install-keycloak.sh
@@ -0,0 +1,46 @@
+#!/bin/bash
+if [ -z "$2" ]; then
+ echo "Error : Missing FQN for Ingress-Host parameter or namespace "
+ echo "Sample: $0 kube-master-h1.informatik.fh-nuernberg.de testing"
+ exit 1
+fi
+INGRESS_HOST=$1
+NAME_SPACE=$2
+HOSTNAME=$(echo $INGRESS_HOST | awk -v FS='.' '{print $1}')
+TLS_CERT=${HOSTNAME}-tls-cert
+echo "Config Parmms:"
+echo " Hostname :" ${HOSTNAME}
+echo " IngressRoute host :" ${INGRESS_HOST}
+echo " TLS Cert :" ${TLS_CERT}
+echo " Namespace :" ${NAME_SPACE}
+
+kubectl delete ns ${NAME_SPACE}
+kubectl create ns ${NAME_SPACE}
+
+kubectl -n ${NAME_SPACE} create configmap keycloak-oidc-configmap --from-file=realm-config
+# kubectl -n ${NAME_SPACE} apply -f dk.yaml
+rm -rf $HOSTNAME
+mkdir $HOSTNAME
+cd $HOSTNAME
+echo "Config Parmms:" > Config_params.dat
+echo " Hostname :" ${HOSTNAME} >> Config_params.dat
+echo " IngressRoute host :" ${INGRESS_HOST} >> Config_params.dat
+echo " TLS Cert :" ${TLS_CERT} >> Config_params.dat
+echo " Namespace :" ${NAME_SPACE} >> Config_params.dat
+cat Config_params.dat
+
+openssl req -newkey rsa:2048 -x509 -sha256 -days 365 -nodes -out tls.crt -keyout tls.key -subj "/CN=${INGRESS_HOST}/emailAddress=Helmut.Hutzler@gmail.com"
+kubectl -n ${NAME_SPACE} create secret tls ${TLS_CERT} --key=tls.key --cert=tls.crt
+kubectl -n ${NAME_SPACE} describe secret ${TLS_CERT}
+
+cat ../ir-keycloak.yaml | sed "s/_INGRESS_HOST_/$INGRESS_HOST/g" | sed "s/_TLS_CERT_/$TLS_CERT/g" > ir-keycloak.yaml
+cat ../dk.yaml | sed "s/_INGRESS_HOST_/$INGRESS_HOST/g" | sed "s/_TLS_CERT_/$TLS_CERT/g" > dk.yaml
+
+kubectl -n ${NAME_SPACE} apply -f dk.yaml
+kubectl -n ${NAME_SPACE} apply -f ir-keycloak.yaml
+kubectl -n ${NAME_SPACE} describe ingressroute ingressroute-oidc-app
+kubectl -n ${NAME_SPACE} get all
+
+echo "Attention: curl script below may fail as it takes some time until keycloak instance is ready just - rerun it ! "
+echo "$ curl -v --insecure https://${INGRESS_HOST}/auth/realms/RBAC"
+
diff --git a/Keycloak/ir-keycloak.yaml b/Keycloak/ir-keycloak.yaml
new file mode 100644
index 0000000..565b324
--- /dev/null
+++ b/Keycloak/ir-keycloak.yaml
@@ -0,0 +1,25 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+ name: oidc-app-strip-path-prefix
+spec:
+ stripPrefix:
+ prefixes:
+ - /auth
+ - /nginx-blue
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+ name: ingressroute-oidc-app
+spec:
+ entryPoints:
+ - websecure
+ tls:
+ secretName: _TLS_CERT_
+ routes:
+ - match: Host(`_INGRESS_HOST_`) && PathPrefix(`/auth/`)
+ kind: Rule
+ services:
+ - name: keycloak-oidc-service
+ port: 8285
diff --git a/Keycloak/realm-config/RBAC-realm.json b/Keycloak/realm-config/RBAC-realm.json
new file mode 100644
index 0000000..d52cfbd
--- /dev/null
+++ b/Keycloak/realm-config/RBAC-realm.json
@@ -0,0 +1,2320 @@
+{
+ "id" : "RBAC",
+ "realm" : "RBAC",
+ "notBefore" : 1644491652,
+ "defaultSignatureAlgorithm" : "RS256",
+ "revokeRefreshToken" : false,
+ "refreshTokenMaxReuse" : 0,
+ "accessTokenLifespan" : 300,
+ "accessTokenLifespanForImplicitFlow" : 900,
+ "ssoSessionIdleTimeout" : 1800,
+ "ssoSessionMaxLifespan" : 36000,
+ "ssoSessionIdleTimeoutRememberMe" : 0,
+ "ssoSessionMaxLifespanRememberMe" : 0,
+ "offlineSessionIdleTimeout" : 2592000,
+ "offlineSessionMaxLifespanEnabled" : false,
+ "offlineSessionMaxLifespan" : 5184000,
+ "clientSessionIdleTimeout" : 0,
+ "clientSessionMaxLifespan" : 0,
+ "clientOfflineSessionIdleTimeout" : 0,
+ "clientOfflineSessionMaxLifespan" : 0,
+ "accessCodeLifespan" : 60,
+ "accessCodeLifespanUserAction" : 300,
+ "accessCodeLifespanLogin" : 1800,
+ "actionTokenGeneratedByAdminLifespan" : 43200,
+ "actionTokenGeneratedByUserLifespan" : 300,
+ "oauth2DeviceCodeLifespan" : 600,
+ "oauth2DevicePollingInterval" : 5,
+ "enabled" : true,
+ "sslRequired" : "external",
+ "registrationAllowed" : true,
+ "registrationEmailAsUsername" : false,
+ "rememberMe" : false,
+ "verifyEmail" : false,
+ "loginWithEmailAllowed" : false,
+ "duplicateEmailsAllowed" : false,
+ "resetPasswordAllowed" : false,
+ "editUsernameAllowed" : false,
+ "bruteForceProtected" : false,
+ "permanentLockout" : false,
+ "maxFailureWaitSeconds" : 900,
+ "minimumQuickLoginWaitSeconds" : 60,
+ "waitIncrementSeconds" : 60,
+ "quickLoginCheckMilliSeconds" : 1000,
+ "maxDeltaTimeSeconds" : 43200,
+ "failureFactor" : 30,
+ "roles" : {
+ "realm" : [ {
+ "id" : "c491d25d-2d80-4865-9a9e-cce00c6da4f9",
+ "name" : "rbac_agent_role",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "realm-management" : [ "view-users" ]
+ }
+ },
+ "clientRole" : false,
+ "containerId" : "RBAC",
+ "attributes" : { }
+ }, {
+ "id" : "72800914-1bb1-4a85-a7a8-ab129de1d837",
+ "name" : "default-roles-rbac",
+ "description" : "${role_default-roles}",
+ "composite" : true,
+ "composites" : {
+ "realm" : [ "offline_access", "uma_authorization" ],
+ "client" : {
+ "account" : [ "delete-account", "manage-account", "view-profile" ]
+ }
+ },
+ "clientRole" : false,
+ "containerId" : "RBAC",
+ "attributes" : { }
+ }, {
+ "id" : "30bf40a1-b4cc-4d87-a362-3001c8746f2e",
+ "name" : "uma_authorization",
+ "description" : "${role_uma_authorization}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "RBAC",
+ "attributes" : { }
+ }, {
+ "id" : "bd750d16-248d-4df8-91bd-9b64c02f4589",
+ "name" : "agent_role",
+ "description" : "Role to view Keycloak Users",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "realm-management" : [ "view-users" ]
+ }
+ },
+ "clientRole" : false,
+ "containerId" : "RBAC",
+ "attributes" : { }
+ }, {
+ "id" : "0e3c3c96-7fc4-4d75-93cb-a693945961b5",
+ "name" : "rbac_superadmin_role",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "RBAC",
+ "attributes" : { }
+ }, {
+ "id" : "b01f73e0-570c-4bc2-aa54-e2d50cd993a0",
+ "name" : "offline_access",
+ "description" : "${role_offline-access}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "RBAC",
+ "attributes" : { }
+ }, {
+ "id" : "e156e658-10f7-4e36-b22a-f3db5bdd2c68",
+ "name" : "rbac_admin_role",
+ "description" : "Role to delete Accounts from RBAC realm",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "realm-management" : [ "manage-users" ]
+ }
+ },
+ "clientRole" : false,
+ "containerId" : "RBAC",
+ "attributes" : { }
+ } ],
+ "client" : {
+ "angular-frontend" : [ ],
+ "realm-management" : [ {
+ "id" : "2af3f033-6219-4a0b-b39b-41e6fbce3d5c",
+ "name" : "view-users",
+ "description" : "${role_view-users}",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "realm-management" : [ "query-groups", "query-users" ]
+ }
+ },
+ "clientRole" : true,
+ "containerId" : "9e4b1da6-f197-4d3c-a093-18580c75c092",
+ "attributes" : { }
+ }, {
+ "id" : "7d6f3208-43ff-4912-8333-99f966f87e90",
+ "name" : "impersonation",
+ "description" : "${role_impersonation}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "9e4b1da6-f197-4d3c-a093-18580c75c092",
+ "attributes" : { }
+ }, {
+ "id" : "de773d88-1f7e-4b0a-ad00-d7bbf8ea0475",
+ "name" : "view-realm",
+ "description" : "${role_view-realm}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "9e4b1da6-f197-4d3c-a093-18580c75c092",
+ "attributes" : { }
+ }, {
+ "id" : "8e6af3b5-7ede-421f-b780-bbc3a1253c2d",
+ "name" : "realm-admin",
+ "description" : "${role_realm-admin}",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "realm-management" : [ "view-users", "impersonation", "view-realm", "create-client", "view-clients", "query-users", "manage-identity-providers", "query-groups", "manage-events", "view-events", "manage-users", "manage-realm", "view-identity-providers", "view-authorization", "manage-authorization", "query-realms", "query-clients", "manage-clients" ]
+ }
+ },
+ "clientRole" : true,
+ "containerId" : "9e4b1da6-f197-4d3c-a093-18580c75c092",
+ "attributes" : { }
+ }, {
+ "id" : "1d2ab9be-ecf9-4288-9092-ace3c03f3c9c",
+ "name" : "create-client",
+ "description" : "${role_create-client}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "9e4b1da6-f197-4d3c-a093-18580c75c092",
+ "attributes" : { }
+ }, {
+ "id" : "d27c29f3-1898-4168-bcaa-4d9f1401b972",
+ "name" : "view-clients",
+ "description" : "${role_view-clients}",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "realm-management" : [ "query-clients" ]
+ }
+ },
+ "clientRole" : true,
+ "containerId" : "9e4b1da6-f197-4d3c-a093-18580c75c092",
+ "attributes" : { }
+ }, {
+ "id" : "792dba88-f3f7-47d1-a0ac-25bbbce36da7",
+ "name" : "query-users",
+ "description" : "${role_query-users}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "9e4b1da6-f197-4d3c-a093-18580c75c092",
+ "attributes" : { }
+ }, {
+ "id" : "2f45818f-0b84-4786-9bc2-5e63c9c9e76f",
+ "name" : "manage-identity-providers",
+ "description" : "${role_manage-identity-providers}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "9e4b1da6-f197-4d3c-a093-18580c75c092",
+ "attributes" : { }
+ }, {
+ "id" : "e148a4e7-84ed-48c8-afa0-feb7cd70193f",
+ "name" : "query-groups",
+ "description" : "${role_query-groups}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "9e4b1da6-f197-4d3c-a093-18580c75c092",
+ "attributes" : { }
+ }, {
+ "id" : "662cb8cb-0334-4188-af0e-e04b5b12b0c9",
+ "name" : "manage-events",
+ "description" : "${role_manage-events}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "9e4b1da6-f197-4d3c-a093-18580c75c092",
+ "attributes" : { }
+ }, {
+ "id" : "942647ee-5b36-4f7a-bd60-97c899817904",
+ "name" : "manage-users",
+ "description" : "${role_manage-users}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "9e4b1da6-f197-4d3c-a093-18580c75c092",
+ "attributes" : { }
+ }, {
+ "id" : "199cf007-8a5f-40b2-b74b-e34e7e7a8db8",
+ "name" : "view-events",
+ "description" : "${role_view-events}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "9e4b1da6-f197-4d3c-a093-18580c75c092",
+ "attributes" : { }
+ }, {
+ "id" : "537cae15-c415-4bd2-8294-316aa4213606",
+ "name" : "manage-realm",
+ "description" : "${role_manage-realm}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "9e4b1da6-f197-4d3c-a093-18580c75c092",
+ "attributes" : { }
+ }, {
+ "id" : "91820f41-6e5a-42e3-a812-aa56fb3f7aea",
+ "name" : "view-authorization",
+ "description" : "${role_view-authorization}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "9e4b1da6-f197-4d3c-a093-18580c75c092",
+ "attributes" : { }
+ }, {
+ "id" : "6ab948f0-d79e-4422-96bf-b2ddef4f04f5",
+ "name" : "view-identity-providers",
+ "description" : "${role_view-identity-providers}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "9e4b1da6-f197-4d3c-a093-18580c75c092",
+ "attributes" : { }
+ }, {
+ "id" : "0c5227fd-dbd6-433d-af2b-f1b8c0cd53ec",
+ "name" : "manage-authorization",
+ "description" : "${role_manage-authorization}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "9e4b1da6-f197-4d3c-a093-18580c75c092",
+ "attributes" : { }
+ }, {
+ "id" : "c4bdec9c-2c9e-4a8c-901e-26d4351b3db5",
+ "name" : "query-realms",
+ "description" : "${role_query-realms}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "9e4b1da6-f197-4d3c-a093-18580c75c092",
+ "attributes" : { }
+ }, {
+ "id" : "d4538e72-e21b-487c-b1b0-5b2a24f28b23",
+ "name" : "query-clients",
+ "description" : "${role_query-clients}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "9e4b1da6-f197-4d3c-a093-18580c75c092",
+ "attributes" : { }
+ }, {
+ "id" : "77488278-c37f-4c27-9e80-0147aa8f001f",
+ "name" : "manage-clients",
+ "description" : "${role_manage-clients}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "9e4b1da6-f197-4d3c-a093-18580c75c092",
+ "attributes" : { }
+ } ],
+ "app-client" : [ {
+ "id" : "13e8852f-97ea-4700-9718-c8ebf1e8eb92",
+ "name" : "uma_protection",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "4ab5dce7-e7ac-4e1f-8336-738c9dc3dc00",
+ "attributes" : { }
+ } ],
+ "security-admin-console" : [ ],
+ "admin-cli" : [ ],
+ "account-console" : [ ],
+ "broker" : [ {
+ "id" : "d368cc93-cda0-4c1c-90c8-eed4683bccf7",
+ "name" : "read-token",
+ "description" : "${role_read-token}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "400bc977-7c6c-45a5-aa2e-b465851edabf",
+ "attributes" : { }
+ } ],
+ "account" : [ {
+ "id" : "e00eb430-09e0-4460-b247-7ff54ab64304",
+ "name" : "manage-consent",
+ "description" : "${role_manage-consent}",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "account" : [ "view-consent" ]
+ }
+ },
+ "clientRole" : true,
+ "containerId" : "3bd3905b-9abb-4d2e-87ce-6d4731adf56c",
+ "attributes" : { }
+ }, {
+ "id" : "a87a5d5f-a969-4e0f-b103-2cb5d78f8ae6",
+ "name" : "view-applications",
+ "description" : "${role_view-applications}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "3bd3905b-9abb-4d2e-87ce-6d4731adf56c",
+ "attributes" : { }
+ }, {
+ "id" : "0075c106-5517-47c2-a310-6fd29331c64d",
+ "name" : "delete-account",
+ "description" : "${role_delete-account}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "3bd3905b-9abb-4d2e-87ce-6d4731adf56c",
+ "attributes" : { }
+ }, {
+ "id" : "e050fa90-9ce9-456d-b203-38dbe7e59513",
+ "name" : "view-consent",
+ "description" : "${role_view-consent}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "3bd3905b-9abb-4d2e-87ce-6d4731adf56c",
+ "attributes" : { }
+ }, {
+ "id" : "c829ad87-0a69-42aa-8716-a31e9640d355",
+ "name" : "manage-account",
+ "description" : "${role_manage-account}",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "account" : [ "manage-account-links" ]
+ }
+ },
+ "clientRole" : true,
+ "containerId" : "3bd3905b-9abb-4d2e-87ce-6d4731adf56c",
+ "attributes" : { }
+ }, {
+ "id" : "6e95d9d4-b4ec-4cb7-bc6a-36951a0219b5",
+ "name" : "manage-account-links",
+ "description" : "${role_manage-account-links}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "3bd3905b-9abb-4d2e-87ce-6d4731adf56c",
+ "attributes" : { }
+ }, {
+ "id" : "06304910-37fd-4b67-9a6f-1771326eaced",
+ "name" : "view-profile",
+ "description" : "${role_view-profile}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "3bd3905b-9abb-4d2e-87ce-6d4731adf56c",
+ "attributes" : { }
+ } ]
+ }
+ },
+ "groups" : [ ],
+ "defaultRole" : {
+ "id" : "72800914-1bb1-4a85-a7a8-ab129de1d837",
+ "name" : "default-roles-rbac",
+ "description" : "${role_default-roles}",
+ "composite" : true,
+ "clientRole" : false,
+ "containerId" : "RBAC"
+ },
+ "requiredCredentials" : [ "password" ],
+ "otpPolicyType" : "totp",
+ "otpPolicyAlgorithm" : "HmacSHA1",
+ "otpPolicyInitialCounter" : 0,
+ "otpPolicyDigits" : 6,
+ "otpPolicyLookAheadWindow" : 1,
+ "otpPolicyPeriod" : 30,
+ "otpSupportedApplications" : [ "FreeOTP", "Google Authenticator" ],
+ "webAuthnPolicyRpEntityName" : "keycloak",
+ "webAuthnPolicySignatureAlgorithms" : [ "ES256" ],
+ "webAuthnPolicyRpId" : "",
+ "webAuthnPolicyAttestationConveyancePreference" : "not specified",
+ "webAuthnPolicyAuthenticatorAttachment" : "not specified",
+ "webAuthnPolicyRequireResidentKey" : "not specified",
+ "webAuthnPolicyUserVerificationRequirement" : "not specified",
+ "webAuthnPolicyCreateTimeout" : 0,
+ "webAuthnPolicyAvoidSameAuthenticatorRegister" : false,
+ "webAuthnPolicyAcceptableAaguids" : [ ],
+ "webAuthnPolicyPasswordlessRpEntityName" : "keycloak",
+ "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ],
+ "webAuthnPolicyPasswordlessRpId" : "",
+ "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified",
+ "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified",
+ "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified",
+ "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified",
+ "webAuthnPolicyPasswordlessCreateTimeout" : 0,
+ "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false,
+ "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ],
+ "users" : [ {
+ "id" : "8c2b1740-bcd7-45bd-a43c-fcf5e94c8701",
+ "createdTimestamp" : 1654075315434,
+ "username" : "helmut",
+ "enabled" : false,
+ "totp" : false,
+ "emailVerified" : false,
+ "credentials" : [ ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "default-roles-rbac" ],
+ "notBefore" : 0,
+ "groups" : [ ]
+ }, {
+ "id" : "0be2fccb-17f2-4582-b122-d5b5334baa0c",
+ "createdTimestamp" : 1654010017131,
+ "username" : "hutzler",
+ "enabled" : false,
+ "totp" : false,
+ "emailVerified" : false,
+ "credentials" : [ ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "default-roles-rbac" ],
+ "notBefore" : 0,
+ "groups" : [ ]
+ }, {
+ "id" : "e77b6103-dbb7-4f9b-9f5e-63dd37276ed5",
+ "createdTimestamp" : 1643300279528,
+ "username" : "service-account-app-client",
+ "enabled" : true,
+ "totp" : false,
+ "emailVerified" : false,
+ "serviceAccountClientId" : "app-client",
+ "credentials" : [ ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "default-roles-rbac" ],
+ "clientRoles" : {
+ "app-client" : [ "uma_protection" ]
+ },
+ "notBefore" : 0,
+ "groups" : [ ]
+ }, {
+ "id" : "181fd2e7-c08e-4742-8aeb-a294fac041f1",
+ "createdTimestamp" : 1660654618556,
+ "username" : "superadmin",
+ "enabled" : true,
+ "totp" : false,
+ "emailVerified" : false,
+ "firstName" : "Super",
+ "lastName" : "Admin",
+ "email" : "superadmin@web.de",
+ "credentials" : [ {
+ "id" : "b1352dff-33a9-456d-8ddf-5d0ca74fa9c3",
+ "type" : "password",
+ "createdDate" : 1660654643772,
+ "secretData" : "{\"value\":\"aXFHErOpX6cOVKy3wZiE1bsr7IcxIf89jCXaNKlHrOFAFkjTuZ+8AwOktYUJyOrN0+0xE1iy9qMDxNLX/qxxaQ==\",\"salt\":\"o+MQ0Ecw5KfYQ7ijHh2+JQ==\",\"additionalParameters\":{}}",
+ "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
+ } ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "rbac_agent_role", "default-roles-rbac", "rbac_superadmin_role", "rbac_admin_role" ],
+ "notBefore" : 0,
+ "groups" : [ ]
+ }, {
+ "id" : "eaec5671-cd86-4828-865d-796fdfc73682",
+ "createdTimestamp" : 1643361554696,
+ "username" : "testadmin",
+ "enabled" : true,
+ "totp" : false,
+ "emailVerified" : false,
+ "credentials" : [ {
+ "id" : "89363d45-8b34-405e-b160-c101422069e7",
+ "type" : "password",
+ "createdDate" : 1643361634635,
+ "secretData" : "{\"value\":\"yVDUck6UgM+xUot/wEGaBiW6sXKEyyOy3Os/xsSgOwOIHqzBq4HzLBMkejr0s3F9Vet0RKrchpoQJCtYf/q0Jw==\",\"salt\":\"KKMXcdmfMBElgm368fGycw==\",\"additionalParameters\":{}}",
+ "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
+ } ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "rbac_agent_role", "default-roles-rbac", "rbac_admin_role" ],
+ "notBefore" : 0,
+ "groups" : [ ]
+ }, {
+ "id" : "88c8411f-f3ac-4999-a26f-14e0335250a1",
+ "createdTimestamp" : 1652959664155,
+ "username" : "testagent",
+ "enabled" : true,
+ "totp" : false,
+ "emailVerified" : false,
+ "credentials" : [ {
+ "id" : "3b0cf91e-83c1-4373-b2b1-b72f7b193d08",
+ "type" : "password",
+ "createdDate" : 1652960638538,
+ "secretData" : "{\"value\":\"eQdQChHskIM51X3NOQ3ssAqNGZcskKLQyKrK8gXbT3DzdCCxnnFR0ZEWOQC0XRuWm36E8Bup/nRxfOpguhhWcA==\",\"salt\":\"Oaa+33jbm012HdniKiof8Q==\",\"additionalParameters\":{}}",
+ "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
+ } ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "rbac_agent_role", "default-roles-rbac" ],
+ "notBefore" : 0,
+ "groups" : [ ]
+ }, {
+ "id" : "d0f151cb-4a39-4cd5-b419-9949065a3eb9",
+ "createdTimestamp" : 1654073065563,
+ "username" : "testuser",
+ "enabled" : true,
+ "totp" : false,
+ "emailVerified" : false,
+ "firstName" : "functest",
+ "lastName" : "functest",
+ "credentials" : [ {
+ "id" : "6d4b5a03-37f9-4146-9b77-7143efab9572",
+ "type" : "password",
+ "createdDate" : 1654073065670,
+ "secretData" : "{\"value\":\"HTnvqZh4L/ax6Af0LEr/jVHeBRL+u6aRTve/HMnu8lNpGbUXJBTqDUIwPn43xnnCdfSbQeaSlyKtPQVbH/zaQA==\",\"salt\":\"7b3j2Qg2x8ORIT0J1Zv9QQ==\",\"additionalParameters\":{}}",
+ "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
+ } ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "default-roles-rbac" ],
+ "notBefore" : 0,
+ "groups" : [ ]
+ }, {
+ "id" : "30034b1a-ba21-4ca0-ae42-a4320c640a0d",
+ "createdTimestamp" : 1661177688725,
+ "username" : "u1",
+ "enabled" : true,
+ "totp" : false,
+ "emailVerified" : false,
+ "email" : "u1@web.de",
+ "credentials" : [ {
+ "id" : "aeaa264f-3a23-44fb-9068-8fef87459918",
+ "type" : "password",
+ "createdDate" : 1661177688835,
+ "secretData" : "{\"value\":\"XWz1mmU0OfnYTFlMSwiwnpnMSzcBzlLmRdDM6pHm9vPsPeLhHfj46sAZDk+1BNHgAxgBKaWzfiRplC+ocwO7cQ==\",\"salt\":\"RzzxXC3hF/EAGHy8kdQ3MQ==\",\"additionalParameters\":{}}",
+ "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
+ } ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "default-roles-rbac" ],
+ "notBefore" : 0,
+ "groups" : [ ]
+ }, {
+ "id" : "dc329bed-4f29-4281-96b1-818ed20b57de",
+ "createdTimestamp" : 1660645735351,
+ "username" : "user",
+ "enabled" : true,
+ "totp" : false,
+ "emailVerified" : false,
+ "firstName" : "hugo",
+ "lastName" : "xxx",
+ "email" : "xxx@xxx",
+ "credentials" : [ {
+ "id" : "11919518-d44c-41ca-85ee-0e2a2a512ac9",
+ "type" : "password",
+ "createdDate" : 1660645735454,
+ "secretData" : "{\"value\":\"5r+JMRkXw1vQDjWSNrq92Idq8F7cUw+K8byl/Y/9RwAKKfp8PieKjq8u/qNGI/M36z5N2HeCZdXQOQ8HsTql2A==\",\"salt\":\"vgYICxlek5rj0oZ10kJYfg==\",\"additionalParameters\":{}}",
+ "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
+ } ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "default-roles-rbac" ],
+ "notBefore" : 0,
+ "groups" : [ ]
+ }, {
+ "id" : "014e6007-c472-4c3c-aabc-0332e17432e2",
+ "createdTimestamp" : 1654013769731,
+ "username" : "user2",
+ "enabled" : false,
+ "totp" : false,
+ "emailVerified" : false,
+ "credentials" : [ ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "default-roles-rbac" ],
+ "notBefore" : 0,
+ "groups" : [ ]
+ } ],
+ "scopeMappings" : [ {
+ "clientScope" : "offline_access",
+ "roles" : [ "offline_access" ]
+ } ],
+ "clientScopeMappings" : {
+ "account" : [ {
+ "client" : "account-console",
+ "roles" : [ "manage-account" ]
+ } ]
+ },
+ "clients" : [ {
+ "id" : "3bd3905b-9abb-4d2e-87ce-6d4731adf56c",
+ "clientId" : "account",
+ "name" : "${client_account}",
+ "rootUrl" : "${authBaseUrl}",
+ "baseUrl" : "/realms/RBAC/account/",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "redirectUris" : [ "/realms/RBAC/account/*" ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : false,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : true,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : { },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "defaultClientScopes" : [ "web-origins", "roles", "profile", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "ed6b015f-7d22-4f25-a80a-84da1fe86c3a",
+ "clientId" : "account-console",
+ "name" : "${client_account-console}",
+ "rootUrl" : "${authBaseUrl}",
+ "baseUrl" : "/realms/RBAC/account/",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "redirectUris" : [ "/realms/RBAC/account/*" ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : false,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : true,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "pkce.code.challenge.method" : "S256"
+ },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "protocolMappers" : [ {
+ "id" : "bca9443f-f247-4096-8d32-584547f2170e",
+ "name" : "audience resolve",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-audience-resolve-mapper",
+ "consentRequired" : false,
+ "config" : { }
+ } ],
+ "defaultClientScopes" : [ "web-origins", "roles", "profile", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "fc822406-6dbc-4333-9e34-8f65eaeadbe1",
+ "clientId" : "admin-cli",
+ "name" : "${client_admin-cli}",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "redirectUris" : [ ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : false,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : true,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : true,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : { },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "defaultClientScopes" : [ "web-origins", "roles", "profile", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "1a427460-6954-4f38-8029-e7d08a31174d",
+ "clientId" : "angular-frontend",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "redirectUris" : [ "http://localhost:4200/*" ],
+ "webOrigins" : [ "+" ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : true,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : true,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "id.token.as.detached.signature" : "false",
+ "saml.assertion.signature" : "false",
+ "saml.force.post.binding" : "false",
+ "saml.multivalued.roles" : "false",
+ "saml.encrypt" : "false",
+ "oauth2.device.authorization.grant.enabled" : "false",
+ "backchannel.logout.revoke.offline.tokens" : "false",
+ "saml.server.signature" : "false",
+ "saml.server.signature.keyinfo.ext" : "false",
+ "use.refresh.tokens" : "true",
+ "exclude.session.state.from.auth.response" : "false",
+ "oidc.ciba.grant.enabled" : "false",
+ "saml.artifact.binding" : "false",
+ "backchannel.logout.session.required" : "true",
+ "client_credentials.use_refresh_token" : "false",
+ "saml_force_name_id_format" : "false",
+ "require.pushed.authorization.requests" : "false",
+ "saml.client.signature" : "false",
+ "tls.client.certificate.bound.access.tokens" : "false",
+ "saml.authnstatement" : "false",
+ "display.on.consent.screen" : "false",
+ "saml.onetimeuse.condition" : "false"
+ },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : true,
+ "nodeReRegistrationTimeout" : -1,
+ "protocolMappers" : [ {
+ "id" : "01b019a4-7f44-4cfd-99a0-367318da6174",
+ "name" : "default-roles-mapper",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-realm-role-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "multivalued" : "true",
+ "userinfo.token.claim" : "true",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "default_roles",
+ "jsonType.label" : "String"
+ }
+ } ],
+ "defaultClientScopes" : [ "web-origins", "roles", "profile", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "4ab5dce7-e7ac-4e1f-8336-738c9dc3dc00",
+ "clientId" : "app-client",
+ "baseUrl" : "http://localhost:4200",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "secret" : "0a32b2ad-7b58-4c5b-bffe-7d3673fe70a3",
+ "redirectUris" : [ "http://localhost:4200/*" ],
+ "webOrigins" : [ "*" ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : true,
+ "serviceAccountsEnabled" : true,
+ "authorizationServicesEnabled" : true,
+ "publicClient" : false,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "id.token.as.detached.signature" : "false",
+ "saml.assertion.signature" : "false",
+ "saml.force.post.binding" : "false",
+ "saml.multivalued.roles" : "false",
+ "saml.encrypt" : "false",
+ "oauth2.device.authorization.grant.enabled" : "false",
+ "backchannel.logout.revoke.offline.tokens" : "false",
+ "saml.server.signature" : "false",
+ "saml.server.signature.keyinfo.ext" : "false",
+ "use.refresh.tokens" : "true",
+ "exclude.session.state.from.auth.response" : "false",
+ "oidc.ciba.grant.enabled" : "false",
+ "saml.artifact.binding" : "false",
+ "backchannel.logout.session.required" : "true",
+ "client_credentials.use_refresh_token" : "false",
+ "saml_force_name_id_format" : "false",
+ "require.pushed.authorization.requests" : "false",
+ "saml.client.signature" : "false",
+ "tls.client.certificate.bound.access.tokens" : "false",
+ "saml.authnstatement" : "false",
+ "display.on.consent.screen" : "false",
+ "saml.onetimeuse.condition" : "false"
+ },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : true,
+ "nodeReRegistrationTimeout" : -1,
+ "protocolMappers" : [ {
+ "id" : "2a216800-9cfb-41b8-9761-260d59dc483a",
+ "name" : "Client IP Address",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usersessionmodel-note-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "user.session.note" : "clientAddress",
+ "userinfo.token.claim" : "true",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "clientAddress",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "d0d0853b-c62f-4b82-921d-9103fb70c852",
+ "name" : "Client Host",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usersessionmodel-note-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "user.session.note" : "clientHost",
+ "userinfo.token.claim" : "true",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "clientHost",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "780426d6-0157-4362-9450-c34a5abb9ef3",
+ "name" : "Client ID",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usersessionmodel-note-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "user.session.note" : "clientId",
+ "userinfo.token.claim" : "true",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "clientId",
+ "jsonType.label" : "String"
+ }
+ } ],
+ "defaultClientScopes" : [ "web-origins", "roles", "profile", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ],
+ "authorizationSettings" : {
+ "allowRemoteResourceManagement" : true,
+ "policyEnforcementMode" : "ENFORCING",
+ "resources" : [ {
+ "name" : "res:accounts",
+ "ownerManagedAccess" : false,
+ "attributes" : { },
+ "_id" : "c353cbb2-3460-4852-953f-605ab5c3a4be",
+ "uris" : [ "/accounts" ],
+ "scopes" : [ {
+ "name" : "scopes:viewall"
+ } ]
+ }, {
+ "name" : "res:account",
+ "ownerManagedAccess" : false,
+ "attributes" : { },
+ "_id" : "dcf3dbb7-3adf-4925-9a8c-853b420703ab",
+ "uris" : [ "/account/{id}", "/account", "/account/enable/{id}", "/account/disable/{id}" ],
+ "scopes" : [ {
+ "name" : "scopes:view"
+ }, {
+ "name" : "scopes:delete"
+ }, {
+ "name" : "scopes:create"
+ }, {
+ "name" : "scopes:nogo"
+ }, {
+ "name" : "scopes:manage"
+ } ]
+ }, {
+ "name" : "Default Resource",
+ "type" : "urn:app-client:resources:default",
+ "ownerManagedAccess" : false,
+ "attributes" : { },
+ "_id" : "4027b953-2868-499d-9d8c-b133badb96d6",
+ "uris" : [ "/*" ]
+ } ],
+ "policies" : [ {
+ "id" : "8843ffc6-d01b-4203-8e58-c9c00e66e283",
+ "name" : "admin_policy",
+ "description" : "For Admins Only - rbac_admin_role is required for this policy",
+ "type" : "role",
+ "logic" : "POSITIVE",
+ "decisionStrategy" : "UNANIMOUS",
+ "config" : {
+ "roles" : "[{\"id\":\"rbac_admin_role\",\"required\":true}]"
+ }
+ }, {
+ "id" : "ae1c8dda-b476-4c97-b316-ceac3201f3cb",
+ "name" : "agent_policy",
+ "description" : "For Agents ONLY - rbac_agent_role is required",
+ "type" : "role",
+ "logic" : "POSITIVE",
+ "decisionStrategy" : "UNANIMOUS",
+ "config" : {
+ "roles" : "[{\"id\":\"rbac_agent_role\",\"required\":true}]"
+ }
+ }, {
+ "id" : "bfde5c59-1b41-4fbe-8e19-00182eb3e89a",
+ "name" : "superadmin_policy",
+ "description" : "For Superadmins Only - rbac_supertadmin_role is required for this policy",
+ "type" : "role",
+ "logic" : "POSITIVE",
+ "decisionStrategy" : "UNANIMOUS",
+ "config" : {
+ "roles" : "[{\"id\":\"rbac_admin_role\",\"required\":false},{\"id\":\"rbac_superadmin_role\",\"required\":true}]"
+ }
+ }, {
+ "id" : "f819cb85-4fe7-4036-b1cc-9b90097de9ee",
+ "name" : "manage_account_perm",
+ "type" : "scope",
+ "logic" : "POSITIVE",
+ "decisionStrategy" : "UNANIMOUS",
+ "config" : {
+ "resources" : "[\"res:account\"]",
+ "scopes" : "[\"scopes:manage\",\"scopes:create\",\"scopes:view\"]",
+ "applyPolicies" : "[\"admin_policy\"]"
+ }
+ }, {
+ "id" : "79b2e75b-9a84-4e86-97f4-86b870b53ea7",
+ "name" : "view_accounts_perm",
+ "description" : "Permission to view all Realm Accounts",
+ "type" : "scope",
+ "logic" : "POSITIVE",
+ "decisionStrategy" : "UNANIMOUS",
+ "config" : {
+ "resources" : "[\"res:accounts\"]",
+ "scopes" : "[\"scopes:viewall\"]",
+ "applyPolicies" : "[\"agent_policy\"]"
+ }
+ }, {
+ "id" : "18fb959d-701e-4bdf-9e9f-d9d4ea8b3b31",
+ "name" : "view_account_perm",
+ "description" : "View a single Account",
+ "type" : "scope",
+ "logic" : "POSITIVE",
+ "decisionStrategy" : "UNANIMOUS",
+ "config" : {
+ "resources" : "[\"res:account\"]",
+ "scopes" : "[\"scopes:view\"]",
+ "applyPolicies" : "[\"agent_policy\"]"
+ }
+ }, {
+ "id" : "b8a2b520-ca2e-472e-ad18-fb8d5eba260b",
+ "name" : "delete_account_perm",
+ "description" : "Permission to delete Accounts",
+ "type" : "scope",
+ "logic" : "POSITIVE",
+ "decisionStrategy" : "UNANIMOUS",
+ "config" : {
+ "resources" : "[\"res:account\"]",
+ "scopes" : "[\"scopes:delete\"]",
+ "applyPolicies" : "[\"superadmin_policy\"]"
+ }
+ } ],
+ "scopes" : [ {
+ "id" : "4aaffa90-bbb7-4164-bfa4-5aada4e62617",
+ "name" : "scopes:create"
+ }, {
+ "id" : "254268b4-674e-4760-a0c3-9616e7c59c40",
+ "name" : "scopes:view"
+ }, {
+ "id" : "0d203e2c-c31b-4a59-a3a8-c7082b374e9f",
+ "name" : "scopes:delete"
+ }, {
+ "id" : "332e98d0-6081-4233-98d7-e151c857c279",
+ "name" : "scopes:nogo"
+ }, {
+ "id" : "64d5fdce-e1d4-403f-9f04-78692927bd8e",
+ "name" : "scopes:viewAllAccounts"
+ }, {
+ "id" : "bb6a0e22-ba69-4d5f-ac33-2aad41c8a6c4",
+ "name" : "scopes:viewall"
+ }, {
+ "id" : "4d02177a-7af4-4bad-9bae-de1a86c2840a",
+ "name" : "scopes:manage"
+ } ],
+ "decisionStrategy" : "AFFIRMATIVE"
+ }
+ }, {
+ "id" : "400bc977-7c6c-45a5-aa2e-b465851edabf",
+ "clientId" : "broker",
+ "name" : "${client_broker}",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "redirectUris" : [ ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : true,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : false,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : false,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : { },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "defaultClientScopes" : [ "web-origins", "roles", "profile", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "9e4b1da6-f197-4d3c-a093-18580c75c092",
+ "clientId" : "realm-management",
+ "name" : "${client_realm-management}",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "redirectUris" : [ ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : true,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : false,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : false,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : { },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "defaultClientScopes" : [ "web-origins", "roles", "profile", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "9cc4b133-10af-42b3-b89d-a3cbe00b40b3",
+ "clientId" : "security-admin-console",
+ "name" : "${client_security-admin-console}",
+ "rootUrl" : "${authAdminUrl}",
+ "baseUrl" : "/admin/RBAC/console/",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "redirectUris" : [ "/admin/RBAC/console/*" ],
+ "webOrigins" : [ "+" ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : false,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : true,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "pkce.code.challenge.method" : "S256"
+ },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "protocolMappers" : [ {
+ "id" : "7c9e7d97-dd0d-4d89-8b65-44f0d34a611a",
+ "name" : "locale",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "locale",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "locale",
+ "jsonType.label" : "String"
+ }
+ } ],
+ "defaultClientScopes" : [ "web-origins", "roles", "profile", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ } ],
+ "clientScopes" : [ {
+ "id" : "4b17f046-6fa6-4819-a28a-479b2faac838",
+ "name" : "acr",
+ "description" : "OpenID Connect scope for add acr (authentication context class reference) to the token",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "false",
+ "display.on.consent.screen" : "false"
+ },
+ "protocolMappers" : [ {
+ "id" : "351f0f53-0ca9-46e4-a939-482f894ef454",
+ "name" : "acr loa level",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-acr-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "userinfo.token.claim" : "true"
+ }
+ } ]
+ }, {
+ "id" : "b2afec67-6c79-40ce-8eac-840622ce6f6b",
+ "name" : "email",
+ "description" : "OpenID Connect built-in scope: email",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "true",
+ "consent.screen.text" : "${emailScopeConsentText}"
+ },
+ "protocolMappers" : [ {
+ "id" : "40f97642-a548-4940-8d09-4e793e6ebf00",
+ "name" : "email verified",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "emailVerified",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "email_verified",
+ "jsonType.label" : "boolean"
+ }
+ }, {
+ "id" : "7256d527-f96f-44c2-9142-a3f6a96d77da",
+ "name" : "email",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "email",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "email",
+ "jsonType.label" : "String"
+ }
+ } ]
+ }, {
+ "id" : "82cc7b82-b9ff-4258-846b-30b6ed1ce175",
+ "name" : "role_list",
+ "description" : "SAML role list",
+ "protocol" : "saml",
+ "attributes" : {
+ "consent.screen.text" : "${samlRoleListScopeConsentText}",
+ "display.on.consent.screen" : "true"
+ },
+ "protocolMappers" : [ {
+ "id" : "c83f9a01-ee32-40fb-9854-53d8da44344c",
+ "name" : "role list",
+ "protocol" : "saml",
+ "protocolMapper" : "saml-role-list-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "single" : "false",
+ "attribute.nameformat" : "Basic",
+ "attribute.name" : "Role"
+ }
+ } ]
+ }, {
+ "id" : "6dc4799b-dc84-46bf-867e-ac096d217e4f",
+ "name" : "address",
+ "description" : "OpenID Connect built-in scope: address",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "true",
+ "consent.screen.text" : "${addressScopeConsentText}"
+ },
+ "protocolMappers" : [ {
+ "id" : "d471a706-e3f1-4b8a-9c19-ee0880ca9248",
+ "name" : "address",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-address-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "user.attribute.formatted" : "formatted",
+ "user.attribute.country" : "country",
+ "user.attribute.postal_code" : "postal_code",
+ "userinfo.token.claim" : "true",
+ "user.attribute.street" : "street",
+ "id.token.claim" : "true",
+ "user.attribute.region" : "region",
+ "access.token.claim" : "true",
+ "user.attribute.locality" : "locality"
+ }
+ } ]
+ }, {
+ "id" : "4396ad4e-42bc-4f29-8be1-69479b4c84cb",
+ "name" : "offline_access",
+ "description" : "OpenID Connect built-in scope: offline_access",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "consent.screen.text" : "${offlineAccessScopeConsentText}",
+ "display.on.consent.screen" : "true"
+ }
+ }, {
+ "id" : "58ff44e5-8a92-4f09-a31c-9cf71de03c15",
+ "name" : "microprofile-jwt",
+ "description" : "Microprofile - JWT built-in scope",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "false"
+ },
+ "protocolMappers" : [ {
+ "id" : "5f95f201-76cc-4c29-a137-597f4d8c68ff",
+ "name" : "upn",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "username",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "upn",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "ce410fc2-26c8-4549-acb1-9f0bc85870c7",
+ "name" : "groups",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-realm-role-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "multivalued" : "true",
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "foo",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "groups",
+ "jsonType.label" : "String"
+ }
+ } ]
+ }, {
+ "id" : "5b9b8da1-078e-464f-94ba-550ed7fce6c9",
+ "name" : "roles",
+ "description" : "OpenID Connect scope for add user roles to the access token",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "false",
+ "display.on.consent.screen" : "true",
+ "consent.screen.text" : "${rolesScopeConsentText}"
+ },
+ "protocolMappers" : [ {
+ "id" : "29359870-87c0-473c-8c52-475488f09d8f",
+ "name" : "client roles",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-client-role-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "user.attribute" : "foo",
+ "access.token.claim" : "true",
+ "claim.name" : "resource_access.${client_id}.roles",
+ "jsonType.label" : "String",
+ "multivalued" : "true"
+ }
+ }, {
+ "id" : "9ad8eeee-42dc-4959-8ae2-c6ec1717ee0b",
+ "name" : "audience resolve",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-audience-resolve-mapper",
+ "consentRequired" : false,
+ "config" : { }
+ }, {
+ "id" : "a4322b6a-5581-462c-9e38-b04855dde3fe",
+ "name" : "realm roles",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-realm-role-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "user.attribute" : "foo",
+ "access.token.claim" : "true",
+ "claim.name" : "realm_access.roles",
+ "jsonType.label" : "String",
+ "multivalued" : "true"
+ }
+ } ]
+ }, {
+ "id" : "8776f1a3-7240-4285-acc5-f24dd23a7dc2",
+ "name" : "web-origins",
+ "description" : "OpenID Connect scope for add allowed web origins to the access token",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "false",
+ "display.on.consent.screen" : "false",
+ "consent.screen.text" : ""
+ },
+ "protocolMappers" : [ {
+ "id" : "a822d932-3921-4613-9510-dfeb39484266",
+ "name" : "allowed web origins",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-allowed-origins-mapper",
+ "consentRequired" : false,
+ "config" : { }
+ } ]
+ }, {
+ "id" : "1fb6a299-1854-468d-9ec9-dbfe8a4d2318",
+ "name" : "profile",
+ "description" : "OpenID Connect built-in scope: profile",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "true",
+ "consent.screen.text" : "${profileScopeConsentText}"
+ },
+ "protocolMappers" : [ {
+ "id" : "5567801b-5262-4208-a280-e5f02575348b",
+ "name" : "full name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-full-name-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "userinfo.token.claim" : "true"
+ }
+ }, {
+ "id" : "618baa5e-71e4-4d1f-9073-34714382bd18",
+ "name" : "website",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "website",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "website",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "605e024d-ce0e-4bf4-8536-82ea4499f3f1",
+ "name" : "middle name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "middleName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "middle_name",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "28e8a386-6058-4ba2-85fe-72c34558ad6d",
+ "name" : "nickname",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "nickname",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "nickname",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "e41ace96-aff3-44d4-ab58-bb04edba13fe",
+ "name" : "username",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "username",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "preferred_username",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "42b8752e-465c-486f-9ab0-1dd39cf4f36e",
+ "name" : "updated at",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "updatedAt",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "updated_at",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "ca641072-4750-4c6d-807d-0c6490a85d20",
+ "name" : "given name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "firstName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "given_name",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "edbdaee5-6038-407d-aa4f-df06340dbbc7",
+ "name" : "locale",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "locale",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "locale",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "dcb3d8bb-148e-433c-84af-4111d6530006",
+ "name" : "birthdate",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "birthdate",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "birthdate",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "0585da16-d517-47b6-9ce5-cd3d46c44fb3",
+ "name" : "zoneinfo",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "zoneinfo",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "zoneinfo",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "a4084e88-e798-4162-9788-b38c69bacf01",
+ "name" : "profile",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "profile",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "profile",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "3a3c7a87-54b7-46ce-92f0-193ce4f1affb",
+ "name" : "gender",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "gender",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "gender",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "b6d1e381-4219-454a-9480-9b7a8c185f75",
+ "name" : "picture",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "picture",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "picture",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "1c06514f-f9e9-420e-a984-657282add08b",
+ "name" : "family name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "lastName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "family_name",
+ "jsonType.label" : "String"
+ }
+ } ]
+ }, {
+ "id" : "8803c673-059d-43f7-b8cd-a61baade88c9",
+ "name" : "phone",
+ "description" : "OpenID Connect built-in scope: phone",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "true",
+ "consent.screen.text" : "${phoneScopeConsentText}"
+ },
+ "protocolMappers" : [ {
+ "id" : "d4b29093-b4d1-49d4-86cb-718cba861733",
+ "name" : "phone number verified",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "phoneNumberVerified",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "phone_number_verified",
+ "jsonType.label" : "boolean"
+ }
+ }, {
+ "id" : "195de5d6-b48b-46ad-8fb8-ccb6bf099389",
+ "name" : "phone number",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "phoneNumber",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "phone_number",
+ "jsonType.label" : "String"
+ }
+ } ]
+ } ],
+ "defaultDefaultClientScopes" : [ "profile", "roles", "role_list", "web-origins", "email", "acr" ],
+ "defaultOptionalClientScopes" : [ "offline_access", "microprofile-jwt", "address", "phone" ],
+ "browserSecurityHeaders" : {
+ "contentSecurityPolicyReportOnly" : "",
+ "xContentTypeOptions" : "nosniff",
+ "xRobotsTag" : "none",
+ "xFrameOptions" : "SAMEORIGIN",
+ "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
+ "xXSSProtection" : "1; mode=block",
+ "strictTransportSecurity" : "max-age=31536000; includeSubDomains"
+ },
+ "smtpServer" : {
+ "password" : "njinbncwnttbwkaj",
+ "starttls" : "",
+ "auth" : "true",
+ "port" : "465",
+ "host" : "smtp.gmail.com",
+ "from" : "helmut.hutzler@gmail.com",
+ "fromDisplayName" : "Keycloak-RBAC-Realm",
+ "ssl" : "true",
+ "user" : "helmut.hutzler"
+ },
+ "eventsEnabled" : false,
+ "eventsListeners" : [ "jboss-logging" ],
+ "enabledEventTypes" : [ ],
+ "adminEventsEnabled" : false,
+ "adminEventsDetailsEnabled" : false,
+ "identityProviders" : [ {
+ "alias" : "google",
+ "internalId" : "484a4c91-2b6c-4747-b03f-f04205dbaa59",
+ "providerId" : "google",
+ "enabled" : true,
+ "updateProfileFirstLoginMode" : "on",
+ "trustEmail" : false,
+ "storeToken" : false,
+ "addReadTokenRoleOnCreate" : false,
+ "authenticateByDefault" : false,
+ "linkOnly" : false,
+ "firstBrokerLoginFlowAlias" : "first broker login",
+ "config" : {
+ "syncMode" : "IMPORT",
+ "clientSecret" : "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",
+ "clientId" : "361534637475-b1n5l7qf6b4ejcmhgmj3pcfddt5uq63r.apps.googleusercontent.com",
+ "useJwksUrl" : "true"
+ }
+ } ],
+ "identityProviderMappers" : [ ],
+ "components" : {
+ "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ {
+ "id" : "3bd7ac17-aa4d-4b06-b188-3c359b59f34f",
+ "name" : "Trusted Hosts",
+ "providerId" : "trusted-hosts",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : {
+ "host-sending-registration-request-must-match" : [ "true" ],
+ "client-uris-must-match" : [ "true" ]
+ }
+ }, {
+ "id" : "44891f86-d593-4e3f-a9ac-52c5add433f0",
+ "name" : "Consent Required",
+ "providerId" : "consent-required",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : { }
+ }, {
+ "id" : "636ea0ca-a9d2-4c80-8039-80953dedc04e",
+ "name" : "Allowed Client Scopes",
+ "providerId" : "allowed-client-templates",
+ "subType" : "authenticated",
+ "subComponents" : { },
+ "config" : {
+ "allow-default-scopes" : [ "true" ]
+ }
+ }, {
+ "id" : "b6c3d8b7-e35f-4a70-8410-6cacba354c84",
+ "name" : "Allowed Client Scopes",
+ "providerId" : "allowed-client-templates",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : {
+ "allow-default-scopes" : [ "true" ]
+ }
+ }, {
+ "id" : "8552923e-d766-4a17-8946-4082d4b0cc14",
+ "name" : "Allowed Protocol Mapper Types",
+ "providerId" : "allowed-protocol-mappers",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : {
+ "allowed-protocol-mapper-types" : [ "oidc-full-name-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-attribute-mapper", "saml-user-attribute-mapper", "saml-role-list-mapper", "oidc-address-mapper", "oidc-usermodel-property-mapper", "saml-user-property-mapper" ]
+ }
+ }, {
+ "id" : "376a316e-e09c-4afb-b75d-d48c3e1a1af3",
+ "name" : "Max Clients Limit",
+ "providerId" : "max-clients",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : {
+ "max-clients" : [ "200" ]
+ }
+ }, {
+ "id" : "ab35d317-ff12-4819-b187-c43914c4c558",
+ "name" : "Full Scope Disabled",
+ "providerId" : "scope",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : { }
+ }, {
+ "id" : "31fd4c89-e603-4dba-97c7-5dce1f1c0de7",
+ "name" : "Allowed Protocol Mapper Types",
+ "providerId" : "allowed-protocol-mappers",
+ "subType" : "authenticated",
+ "subComponents" : { },
+ "config" : {
+ "allowed-protocol-mapper-types" : [ "oidc-usermodel-property-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-property-mapper", "saml-role-list-mapper", "oidc-full-name-mapper", "saml-user-attribute-mapper", "oidc-address-mapper", "oidc-usermodel-attribute-mapper" ]
+ }
+ } ],
+ "org.keycloak.userprofile.UserProfileProvider" : [ {
+ "id" : "2ed13baa-96b5-4599-8a21-a575df6c4dd8",
+ "providerId" : "declarative-user-profile",
+ "subComponents" : { },
+ "config" : { }
+ } ],
+ "org.keycloak.keys.KeyProvider" : [ {
+ "id" : "f23405ba-0ca1-4ae0-9c83-7a2478be5283",
+ "name" : "rsa-generated",
+ "providerId" : "rsa-generated",
+ "subComponents" : { },
+ "config" : {
+ "privateKey" : [ "MIIEpAIBAAKCAQEAhZvZ8iT0DaiTGiNS83UE3MSMC9DkUFbNdsTEBAY/GSq0KstQSx/4TSpgJTAi6s8XiZqmT90a4DrXXx3Ph0lVgNIrwmCMGb+jFc+MXbSV5luSnnWefi2L8Tf+Sz/xNdpyPsklwhXAMKQiEMfaUXl+T3TYQwlahUN/4Ca7FkABUSBjnYfnoC4j6Eew/LMpfF/a/gEg3DkF3krJQhb+56rEXh0S4fOdlEMwAbEsIlsdEtiInBugKrCm06OakMtoJZUZAr7M9kWIkn2qNwks4bhJv8WPWZXLmwOFb3gJ1On/A/Vu5FjGgbQKOFgkcCMRh/+jjAlKhW113RJxVnTBJVHbFQIDAQABAoIBAFfhFM9CIwxAztCoX00msNYMqRi0gxecoHP4I/2JpkMFZY+oPt3K32TR9H9BVBYhtJebkryA78aArVwwnWmcgJLEqmelXUEqXThhVS/lMZtcq+lx75eKmbtFWwtfuWX0kqRdZWptKAZWTtm+ughQ4xWcAwrEwjdZGGj00KVn3/XdZb1qrHqENsbGupnZzIe7Fooq/Da+7AvnLzBw8VE3Mio/n1Z6vdfQrtniKLUuOmvedmnic9nBQedFhBjLU2H41SXX5nUbNfl7940FFjMrwL77XNJA08O2HWQiRC29Ua1A1iiFeab4lq/ZtGfhESPHx00O18nchttcGBMtsq7sPRkCgYEAyVG6hlaOo6aug9ofBY5gQ33AtbCaSRI6aBQHBdy1AtUfm+kGQW73CwvCewC+mL8Un3e5sPsSbZBwdOOnUygcCc1juwipeiliEm5jqyTm2wpfJNcTzRuxNNFmG7hPhLOPn65iS93yNUafzZrYEJa0JCcHbEyM9uk82gmI7NHoZfMCgYEAqeYIHakpwvemlwVzwm2vmAo2woI5uY+94eysxZBeAp3G/v7CN94uuzLDkobBnQIsEIbIvMOSa1XyPUN6+ml5utNDdJQNwUvjlVrYZT3PZuB3y1bMybKiR+jdraO6IqQxGYV/f8eymEIqVv10YSijt/+qepN0UksC0BF8j1kt1NcCgYEAvdohOQbvxU0vTpCoqKi4B23UCoPdPAPAqN4aMWEOIvmxsWpzx8lJmFUitrThCVNJs4lIyKo9mq2YH+OArF8q8eOLpZppmRblsdQAkilevDpvt2JM/iSbXOAMlx+dfduIGmJtuHY6MBvGIDNih2JXx7A2w979IOybwlMzmYHq1BkCgYAtZ+/lVW92zs7z754XaU8TeC9YXotk31ilB6bJCiNF2br0LUvkuHmOyCtifqdB+fGi3RLK+A2qqAacfutf/05sMsgFYQgoD8scAHJy5EkIupbpfiIvCZG7XC3amTZGydDhfD8t/EXr0UsVgplW2hCfPTHnnn7o+2keCH5cpT3NcwKBgQCCGVrHvE8YDg95ix+2l+ymF16xPYmo3pabHq2W4Wlyvv3vkOwuz0IpWXVfi7IWzxlWPU7xrQBunSanF2BsBIg9WBlZiA7+X5WLOB5Gj2ou26UrGo5M7UP3wnpjxlOtQ4ZJ/3TXytmzNrNfxQuAOxgQAiOxYZP5jf49T65sfDVhrw==" ],
+ "keyUse" : [ "sig" ],
+ "certificate" : [ "MIIClzCCAX8CBgF+nE45ODANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSQkFDMB4XDTIyMDEyNzE2MDkzOVoXDTMyMDEyNzE2MTExOVowDzENMAsGA1UEAwwEUkJBQzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIWb2fIk9A2okxojUvN1BNzEjAvQ5FBWzXbExAQGPxkqtCrLUEsf+E0qYCUwIurPF4mapk/dGuA6118dz4dJVYDSK8JgjBm/oxXPjF20leZbkp51nn4ti/E3/ks/8TXacj7JJcIVwDCkIhDH2lF5fk902EMJWoVDf+AmuxZAAVEgY52H56AuI+hHsPyzKXxf2v4BINw5Bd5KyUIW/ueqxF4dEuHznZRDMAGxLCJbHRLYiJwboCqwptOjmpDLaCWVGQK+zPZFiJJ9qjcJLOG4Sb/Fj1mVy5sDhW94CdTp/wP1buRYxoG0CjhYJHAjEYf/o4wJSoVtdd0ScVZ0wSVR2xUCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAgoXsoCTACKNiCde2RGO4kd8DFhDrduTscm3AfpyQ7tQ7s34/7l64y7TKmnM0Qc6YEUFXEFY3b+q+CBlQLXYhfwxDe+FU3vut4lGn3R7XfipcC9dLoPOQy9tWR8vfFCrVR98O1k5d+b5H4wyMcgrX/2TunLuuN6OFauYHrFxPje4LdN7+/DzMy89lycmnWp+4PPwyLikbTbYw1HIu03U91vYWdstCBt8fStgzbW0IAQDUtPmqjwSFNmegzH0S6uEKb3nZMdVl8HEI1qiZh+46oX3tsQYFZu+xCHnzqehwX8r0z3k/zuYXa9n4fI2VbI/a85SrEHpYl6NeoyqoDuPMbg==" ],
+ "priority" : [ "100" ]
+ }
+ }, {
+ "id" : "e4db5ddf-bec2-4e2f-99ee-77bc86b26371",
+ "name" : "rsa-enc-generated",
+ "providerId" : "rsa-generated",
+ "subComponents" : { },
+ "config" : {
+ "privateKey" : [ "MIIEoQIBAAKCAQEAxMcqwVXrqxAZgpNhH7moFHmzEcpCdL2m5nKlAJCIdUPf76VEkxZIrqxffJ8ke3+b6PJB5mIMFAiZ196WdrImwzi5IAB+7GZ2iVKaTwYZ2TyzRVTlzsCYGNkw44g+SAsCnY/jHtt302e5l6peJN6Wt54dqT8avC8xBYmK4WgMOkUQaCfilcApTvK4r1/BlWp8x3fFi98Ggpdu3+4D0HMMlaaGEb1P0awrYip/IXQR18aEcUhsbr0cuwtDUHiZZMy/bD/5HmEPo0gTQTwHJ9EtPsmE46OBfMzaBjNPANf2IzYDqPEv7kqCMemZ7L5JC/nDUO7jExfscUGK0GAvbd65jwIDAQABAoH/dZqS8vlm39W/aUqrwUo0KgiR/Q/kp+Cw3wmlk7DN3UezjoY3dbDbv4lFiDWUmDqr84zV1drDXTXGvD1Lr6TJheNgwL+LG74hGfFER/ZdfHfKrKUQs4BnZnJnxZSnpGbwKTrVgpuoAbD8OqiXm3FsolDdaUlNsSqDIcwSNKT6qdeQp3rE3tVvVOIvqfSUBZiqOi4wlWroRuFnYfyoayQ7IF4EI8dcMZiyr9a8ppZ87zYP3tPkEjZ46iaNoZSesPEEMrgY7VQR29pSc2TakSHgqCzFwUrUk039D0EjiXt6uy6/pY/oWr6ooO13P29YUl1FR1y+weWtnWOdIYqUOq/hAoGBAOO9pILN32momn5cbm28s2ysg8bjp/hKQhfNsqGTCu+B1bv1FTpmOLubPvecvUn8bfLmQyXbMwS3HUAYoH3yAgcYiLmBSUCV87xPP0qqpvsKP279elEsn0NmAkyI6TEFGEAlWIXtGwYiY2QvNPZ+UlwOL1aEbxBSNA4BfyzaqYsfAoGBAN0x98pHtLwG24tlHGz7j24ZieKbfIIupjAlqBLrwWE6+LUvZ6phe/vaGauCf1U0h2yYlz5hK3wxvLTxWIYUJzxGxdAZ3uzbQ04SQNP6raKpk2gA0uA4hv9tlr43T8nHrNs5dJlpgXMR48BSnhUNTbuEnguFOAbElk7C6DAiqHORAoGACdg70U+29alNLGMwftvmYa8/bwyOSURkgQTqUOO7WEkjhSF+Dm02zJ1UZn3HDPi1hAeCJZPJK84CnK+z2F3qyoW7+1Dkar9QrvY6BS9FUprJzTF15SZpqA8z0D0m33CZ8MPshLWQMn6wDzefMXyacNJIJ5RH/Mug5m4YIkc9hv8CgYBkGI2SWxqdj9jf3rSbWMdSQnpUMpqIasXHufKyBT+wWThc/YPC5XRuxwagx2AJ1ciGyxJ+Jwi/nd5QX3r4ybvrmfdAMcTgmGR/uuDdTG4w0t4izWSgFNR6WERD9dHEdPhzCDAMkGMFCI5w5LImwqtvdRb0DagJ4AJIyAi8Z6KlEQKBgQCmTH7/cUpqbLqCXrbF65fi3tJOKR5ofX32M2ACFPK5f1PcNds8ER+GeqxLDcGclDmzflIezW1as7eJDbTvdsq9BIX9zRvnZuZVY9g9udeZJMIAAdFGyCccYsJ21vXSzvbUTFJ56Q0uAiLVDEdUx3Nupl8ScFfMxNSF5Il8OsFIxw==" ],
+ "keyUse" : [ "enc" ],
+ "certificate" : [ "MIIClzCCAX8CBgF+nE45nDANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSQkFDMB4XDTIyMDEyNzE2MDkzOVoXDTMyMDEyNzE2MTExOVowDzENMAsGA1UEAwwEUkJBQzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMTHKsFV66sQGYKTYR+5qBR5sxHKQnS9puZypQCQiHVD3++lRJMWSK6sX3yfJHt/m+jyQeZiDBQImdfelnayJsM4uSAAfuxmdolSmk8GGdk8s0VU5c7AmBjZMOOIPkgLAp2P4x7bd9NnuZeqXiTelreeHak/GrwvMQWJiuFoDDpFEGgn4pXAKU7yuK9fwZVqfMd3xYvfBoKXbt/uA9BzDJWmhhG9T9GsK2IqfyF0EdfGhHFIbG69HLsLQ1B4mWTMv2w/+R5hD6NIE0E8ByfRLT7JhOOjgXzM2gYzTwDX9iM2A6jxL+5KgjHpmey+SQv5w1Du4xMX7HFBitBgL23euY8CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAS2vbozy8y5hzwwquADG/apje7ar7N5HFK0oX2FbNtFfKBC83UU9oSIi64NuSPhGeLpfAlOVjpw60xfUPb9w0P5Vb6QgSJnY8y+s3WvZdf1pWstQ8IS35gaGlKWLowL8tHZUBPVCDuFiTmyCjCn/xIp6MDJSs9pi94Rh1yykGcHV9KF1sYzX3XKpC4zw+/XWVmS0uVjh2QzgiU9LAZtOYgqOJSzg6Zjs6KoAY6XuflxkM/aNb+6i5iBkMyz615lmkWTrJ6AjuLC3hGmfOXxt2xSgomSDeV4pVRULQVtBinZ3POy58sGorfE07N5ZFgTSDQMPgo1Zs177OzQUzaw9VCg==" ],
+ "priority" : [ "100" ]
+ }
+ }, {
+ "id" : "664dc2cb-ffce-47c6-a3c8-3858f3bf9cfe",
+ "name" : "aes-generated",
+ "providerId" : "aes-generated",
+ "subComponents" : { },
+ "config" : {
+ "kid" : [ "492c57ce-dd30-446c-83bc-3f8549ebd186" ],
+ "secret" : [ "3oe1YmHo5sCbUhtH4KzN5w" ],
+ "priority" : [ "100" ]
+ }
+ }, {
+ "id" : "17865e01-ca4f-4df5-96da-de6d238e108d",
+ "name" : "hmac-generated",
+ "providerId" : "hmac-generated",
+ "subComponents" : { },
+ "config" : {
+ "kid" : [ "780922b4-3f19-43f7-b0d3-775121bee15a" ],
+ "secret" : [ "3i3V2wkInB4PqCG2kQtfozlohGzLc0mHo-8g8mF49SyP6EFADx4L1mlUNgylHXufU67OasxX5cVpYX0nmIwiZg" ],
+ "priority" : [ "100" ],
+ "algorithm" : [ "HS256" ]
+ }
+ } ]
+ },
+ "internationalizationEnabled" : false,
+ "supportedLocales" : [ ],
+ "authenticationFlows" : [ {
+ "id" : "f7a0829c-84d1-4f5d-891b-438ff6b100cf",
+ "alias" : "Account verification options",
+ "description" : "Method with which to verity the existing account",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "idp-email-verification",
+ "authenticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticatorFlow" : true,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 20,
+ "autheticatorFlow" : true,
+ "flowAlias" : "Verify Existing Account by Re-authentication",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "2c04930e-51db-435f-b359-81d8a8d998b3",
+ "alias" : "Authentication Options",
+ "description" : "Authentication options.",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "basic-auth",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "basic-auth-otp",
+ "authenticatorFlow" : false,
+ "requirement" : "DISABLED",
+ "priority" : 20,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "auth-spnego",
+ "authenticatorFlow" : false,
+ "requirement" : "DISABLED",
+ "priority" : 30,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "fb8ac2a4-2a67-4369-b5ba-862ba363c582",
+ "alias" : "Browser - Conditional OTP",
+ "description" : "Flow to determine if the OTP is required for the authentication",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "conditional-user-configured",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "auth-otp-form",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "a385b148-84c7-49c6-90c8-976935908a8e",
+ "alias" : "Direct Grant - Conditional OTP",
+ "description" : "Flow to determine if the OTP is required for the authentication",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "conditional-user-configured",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "direct-grant-validate-otp",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "51879e4a-7597-4736-b484-ac6c1fbed64a",
+ "alias" : "First broker login - Conditional OTP",
+ "description" : "Flow to determine if the OTP is required for the authentication",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "conditional-user-configured",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "auth-otp-form",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "33794774-51b4-4794-af28-41368499a7f1",
+ "alias" : "Handle Existing Account",
+ "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "idp-confirm-link",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticatorFlow" : true,
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "autheticatorFlow" : true,
+ "flowAlias" : "Account verification options",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "9ec82261-37db-4b1c-a7c5-aa499a9f1391",
+ "alias" : "Reset - Conditional OTP",
+ "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "conditional-user-configured",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "reset-otp",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "4f1e0bd6-0b2e-42c4-9d70-0f4a3673b066",
+ "alias" : "User creation or linking",
+ "description" : "Flow for the existing/non-existing user alternatives",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticatorConfig" : "create unique user config",
+ "authenticator" : "idp-create-user-if-unique",
+ "authenticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticatorFlow" : true,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 20,
+ "autheticatorFlow" : true,
+ "flowAlias" : "Handle Existing Account",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "0ec96170-56fc-450e-b00d-30836f5133a9",
+ "alias" : "Verify Existing Account by Re-authentication",
+ "description" : "Reauthentication of existing account",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "idp-username-password-form",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticatorFlow" : true,
+ "requirement" : "CONDITIONAL",
+ "priority" : 20,
+ "autheticatorFlow" : true,
+ "flowAlias" : "First broker login - Conditional OTP",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "67b8f5d0-a22b-4991-8987-3ed49242c9e3",
+ "alias" : "browser",
+ "description" : "browser based authentication",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "auth-cookie",
+ "authenticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "auth-spnego",
+ "authenticatorFlow" : false,
+ "requirement" : "DISABLED",
+ "priority" : 20,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "identity-provider-redirector",
+ "authenticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 25,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticatorFlow" : true,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 30,
+ "autheticatorFlow" : true,
+ "flowAlias" : "forms",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "23c77dba-808f-4030-b3b7-7bd3597a513a",
+ "alias" : "clients",
+ "description" : "Base authentication for clients",
+ "providerId" : "client-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "client-secret",
+ "authenticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "client-jwt",
+ "authenticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 20,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "client-secret-jwt",
+ "authenticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 30,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "client-x509",
+ "authenticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 40,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "e26d8ff3-c2fb-4dd0-aa26-a9f87a00c2c9",
+ "alias" : "direct grant",
+ "description" : "OpenID Connect Resource Owner Grant",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "direct-grant-validate-username",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "direct-grant-validate-password",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticatorFlow" : true,
+ "requirement" : "CONDITIONAL",
+ "priority" : 30,
+ "autheticatorFlow" : true,
+ "flowAlias" : "Direct Grant - Conditional OTP",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "3cee69a0-70c3-4bf9-966b-ee61e99910a3",
+ "alias" : "docker auth",
+ "description" : "Used by Docker clients to authenticate against the IDP",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "docker-http-basic-authenticator",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "b4e626d0-44d6-427e-b4e2-7c58a0578d7c",
+ "alias" : "first broker login",
+ "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticatorConfig" : "review profile config",
+ "authenticator" : "idp-review-profile",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticatorFlow" : true,
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "autheticatorFlow" : true,
+ "flowAlias" : "User creation or linking",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "a55542b2-9506-42aa-8562-4c5d6fa37df8",
+ "alias" : "forms",
+ "description" : "Username, password, otp and other auth forms.",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "auth-username-password-form",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticatorFlow" : true,
+ "requirement" : "CONDITIONAL",
+ "priority" : 20,
+ "autheticatorFlow" : true,
+ "flowAlias" : "Browser - Conditional OTP",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "dbf57890-d4ce-493c-a5b2-85ee89712f8f",
+ "alias" : "http challenge",
+ "description" : "An authentication flow based on challenge-response HTTP Authentication Schemes",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "no-cookie-redirect",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticatorFlow" : true,
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "autheticatorFlow" : true,
+ "flowAlias" : "Authentication Options",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "c00e7d9c-4805-4309-a6b1-da1e22f1762d",
+ "alias" : "registration",
+ "description" : "registration flow",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "registration-page-form",
+ "authenticatorFlow" : true,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : true,
+ "flowAlias" : "registration form",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "2146fd4c-eb77-4adb-bb83-33657441ddd9",
+ "alias" : "registration form",
+ "description" : "registration form",
+ "providerId" : "form-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "registration-user-creation",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "registration-profile-action",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 40,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "registration-password-action",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 50,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "registration-recaptcha-action",
+ "authenticatorFlow" : false,
+ "requirement" : "DISABLED",
+ "priority" : 60,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "ad172e93-d2cc-4a67-99a0-ae743f55accc",
+ "alias" : "reset credentials",
+ "description" : "Reset credentials for a user if they forgot their password or something",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "reset-credentials-choose-user",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "reset-credential-email",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "reset-password",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 30,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticatorFlow" : true,
+ "requirement" : "CONDITIONAL",
+ "priority" : 40,
+ "autheticatorFlow" : true,
+ "flowAlias" : "Reset - Conditional OTP",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "7029b8c6-5dc1-4671-8e35-f68d07bc101a",
+ "alias" : "saml ecp",
+ "description" : "SAML ECP Profile Authentication Flow",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "http-basic-authenticator",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ } ]
+ } ],
+ "authenticatorConfig" : [ {
+ "id" : "f80f26f6-4a81-4585-912d-ae9d3218b89b",
+ "alias" : "create unique user config",
+ "config" : {
+ "require.password.update.after.registration" : "false"
+ }
+ }, {
+ "id" : "8cc00534-c1d2-4e3e-8b89-99c507be2318",
+ "alias" : "review profile config",
+ "config" : {
+ "update.profile.on.first.login" : "missing"
+ }
+ } ],
+ "requiredActions" : [ {
+ "alias" : "CONFIGURE_TOTP",
+ "name" : "Configure OTP",
+ "providerId" : "CONFIGURE_TOTP",
+ "enabled" : true,
+ "defaultAction" : false,
+ "priority" : 10,
+ "config" : { }
+ }, {
+ "alias" : "terms_and_conditions",
+ "name" : "Terms and Conditions",
+ "providerId" : "terms_and_conditions",
+ "enabled" : false,
+ "defaultAction" : false,
+ "priority" : 20,
+ "config" : { }
+ }, {
+ "alias" : "UPDATE_PASSWORD",
+ "name" : "Update Password",
+ "providerId" : "UPDATE_PASSWORD",
+ "enabled" : true,
+ "defaultAction" : false,
+ "priority" : 30,
+ "config" : { }
+ }, {
+ "alias" : "UPDATE_PROFILE",
+ "name" : "Update Profile",
+ "providerId" : "UPDATE_PROFILE",
+ "enabled" : true,
+ "defaultAction" : false,
+ "priority" : 40,
+ "config" : { }
+ }, {
+ "alias" : "VERIFY_EMAIL",
+ "name" : "Verify Email",
+ "providerId" : "VERIFY_EMAIL",
+ "enabled" : true,
+ "defaultAction" : false,
+ "priority" : 50,
+ "config" : { }
+ }, {
+ "alias" : "delete_account",
+ "name" : "Delete Account",
+ "providerId" : "delete_account",
+ "enabled" : true,
+ "defaultAction" : false,
+ "priority" : 60,
+ "config" : { }
+ }, {
+ "alias" : "update_user_locale",
+ "name" : "Update User Locale",
+ "providerId" : "update_user_locale",
+ "enabled" : true,
+ "defaultAction" : false,
+ "priority" : 1000,
+ "config" : { }
+ } ],
+ "browserFlow" : "browser",
+ "registrationFlow" : "registration",
+ "directGrantFlow" : "direct grant",
+ "resetCredentialsFlow" : "reset credentials",
+ "clientAuthenticationFlow" : "clients",
+ "dockerAuthenticationFlow" : "docker auth",
+ "attributes" : {
+ "cibaBackchannelTokenDeliveryMode" : "poll",
+ "cibaExpiresIn" : "120",
+ "cibaAuthRequestedUserHint" : "login_hint",
+ "oauth2DeviceCodeLifespan" : "600",
+ "clientOfflineSessionMaxLifespan" : "0",
+ "oauth2DevicePollingInterval" : "5",
+ "clientSessionIdleTimeout" : "0",
+ "userProfileEnabled" : "false",
+ "parRequestUriLifespan" : "60",
+ "clientSessionMaxLifespan" : "0",
+ "clientOfflineSessionIdleTimeout" : "0",
+ "cibaInterval" : "5"
+ },
+ "keycloakVersion" : "18.0.0",
+ "userManagedAccessAllowed" : true,
+ "clientProfiles" : {
+ "profiles" : [ ]
+ },
+ "clientPolicies" : {
+ "policies" : [ ]
+ }
+}
\ No newline at end of file
--
GitLab