sartography
/
spiff-arena
mirror of https://github.com/sartography/spiff-arena.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
spiff-arena/spiffworkflow-backend/bin/spiffworkflow-realm.json

3183 lines
110 KiB
JSON
Raw Normal View History

Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 14:22:22 +00:00
{
"id": "spiffworkflow",
"realm": "spiffworkflow",
"notBefore": 0,
"defaultSignatureAlgorithm": "RS256",
"revokeRefreshToken": false,
"refreshTokenMaxReuse": 0,
Squashed 'spiffworkflow-backend/' changes from 945b3c0d..653a86b1 653a86b1 update keycloak version and lint df1443e3 new keycloak realm json with 30 minute access token lifespan and 1 day refresh token lifespan ac31f4bf wait longer before importing realms for new keycloak w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 653a86b1aebebd8248f735d28cf91664585cb378
2022-10-24 21:53:02 +00:00
"accessTokenLifespan": 1800,
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 14:22:22 +00:00
"accessTokenLifespanForImplicitFlow": 900,
Squashed 'spiffworkflow-backend/' changes from 945b3c0d..653a86b1 653a86b1 update keycloak version and lint df1443e3 new keycloak realm json with 30 minute access token lifespan and 1 day refresh token lifespan ac31f4bf wait longer before importing realms for new keycloak w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 653a86b1aebebd8248f735d28cf91664585cb378
2022-10-24 21:53:02 +00:00
"ssoSessionIdleTimeout": 86400,
"ssoSessionMaxLifespan": 864000,
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 14:22:22 +00:00
"ssoSessionIdleTimeoutRememberMe": 0,
"ssoSessionMaxLifespanRememberMe": 0,
"offlineSessionIdleTimeout": 2592000,
"offlineSessionMaxLifespanEnabled": false,
"offlineSessionMaxLifespan": 5184000,
"clientSessionIdleTimeout": 0,
"clientSessionMaxLifespan": 0,
"clientOfflineSessionIdleTimeout": 0,
"clientOfflineSessionMaxLifespan": 0,
"accessCodeLifespan": 60,
"accessCodeLifespanUserAction": 300,
"accessCodeLifespanLogin": 1800,
"actionTokenGeneratedByAdminLifespan": 43200,
"actionTokenGeneratedByUserLifespan": 300,
"oauth2DeviceCodeLifespan": 600,
"oauth2DevicePollingInterval": 5,
"enabled": true,
Squashed 'spiffworkflow-backend/' changes from 47554b073..1965bfe2d 1965bfe2d use ssl git-subtree-dir: spiffworkflow-backend git-subtree-split: 1965bfe2d907f8f518810af7b658298068ae863b
2022-10-17 21:36:41 +00:00
"sslRequired": "external",
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 14:22:22 +00:00
"registrationAllowed": false,
"registrationEmailAsUsername": false,
"rememberMe": false,
"verifyEmail": false,
"loginWithEmailAllowed": true,
"duplicateEmailsAllowed": false,
"resetPasswordAllowed": false,
"editUsernameAllowed": false,
"bruteForceProtected": false,
"permanentLockout": false,
"maxFailureWaitSeconds": 900,
"minimumQuickLoginWaitSeconds": 60,
"waitIncrementSeconds": 60,
"quickLoginCheckMilliSeconds": 1000,
"maxDeltaTimeSeconds": 43200,
"failureFactor": 30,
"roles": {
"realm": [
{
"id": "c9f0ff93-642d-402b-965a-04d70719886b",
"name": "default-roles-spiffworkflow",
"description": "${role_default-roles}",
"composite": true,
"composites": {
"realm": ["offline_access", "uma_authorization"],
"client": {
"account": ["view-profile", "manage-account"]
}
},
"clientRole": false,
"containerId": "spiffworkflow",
"attributes": {}
},
{
"id": "9f474167-5707-4c10-8f9e-bb54ec715cd3",
"name": "uma_authorization",
"description": "${role_uma_authorization}",
"composite": false,
"clientRole": false,
"containerId": "spiffworkflow",
"attributes": {}
},
{
"id": "6738d143-2d1d-4458-8a98-01ea003fde14",
"name": "admin",
"composite": false,
"clientRole": false,
"containerId": "spiffworkflow",
"attributes": {}
},
{
"id": "6cbcdea5-0083-469d-9576-1d245fb3cdfd",
"name": "repeat-form-role-realm",
"composite": false,
"clientRole": false,
"containerId": "spiffworkflow",
"attributes": {}
},
{
"id": "b5a92aee-82d2-4687-8282-365df4df21a9",
"name": "offline_access",
"description": "${role_offline-access}",
"composite": false,
"clientRole": false,
"containerId": "spiffworkflow",
"attributes": {}
}
],
"client": {
"realm-management": [
{
"id": "257c348c-4b9e-4fea-be39-5fdd28e8bb93",
"name": "manage-authorization",
"description": "${role_manage-authorization}",
"composite": false,
"clientRole": true,
"containerId": "4ce68130-aced-4e67-936a-8082dc843cc2",
"attributes": {}
},
{
"id": "1d224265-63a8-40ea-9316-47627d0aed8c",
"name": "view-authorization",
"description": "${role_view-authorization}",
"composite": false,
"clientRole": true,
"containerId": "4ce68130-aced-4e67-936a-8082dc843cc2",
"attributes": {}
},
{
"id": "535d7ca0-0f06-42d8-938b-e6e7aabffb42",
"name": "query-groups",
"description": "${role_query-groups}",
"composite": false,
"clientRole": true,
"containerId": "4ce68130-aced-4e67-936a-8082dc843cc2",
"attributes": {}
},
{
"id": "9ff52ab5-2558-4cb0-901f-6e6f1469d075",
"name": "realm-admin",
"description": "${role_realm-admin}",
"composite": true,
"composites": {
"client": {
"realm-management": [
"manage-authorization",
"view-authorization",
"query-groups",
"view-clients",
"view-realm",
"manage-users",
"query-users",
"impersonation",
"manage-clients",
"view-identity-providers",
"create-client",
"query-realms",
"view-users",
"view-events",
"manage-identity-providers",
"manage-events",
"query-clients",
"manage-realm"
]
}
},
"clientRole": true,
"containerId": "4ce68130-aced-4e67-936a-8082dc843cc2",
"attributes": {}
},
{
"id": "98db35e3-833f-4b61-83af-fc50484fda57",
"name": "view-clients",
"description": "${role_view-clients}",
"composite": true,
"composites": {
"client": {
"realm-management": ["query-clients"]
}
},
"clientRole": true,
"containerId": "4ce68130-aced-4e67-936a-8082dc843cc2",
"attributes": {}
},
{
"id": "e0dc0e0c-eba4-4de7-b2eb-2ba095c4c6d4",
"name": "manage-users",
"description": "${role_manage-users}",
"composite": false,
"clientRole": true,
"containerId": "4ce68130-aced-4e67-936a-8082dc843cc2",
"attributes": {}
},
{
"id": "69ce3805-1897-4291-842b-b8e8e9f29bd7",
"name": "view-realm",
"description": "${role_view-realm}",
"composite": false,
"clientRole": true,
"containerId": "4ce68130-aced-4e67-936a-8082dc843cc2",
"attributes": {}
},
{
"id": "3e803641-96b1-44d8-9de5-7dee83a0a75b",
"name": "impersonation",
"description": "${role_impersonation}",
"composite": false,
"clientRole": true,
"containerId": "4ce68130-aced-4e67-936a-8082dc843cc2",
"attributes": {}
},
{
"id": "2c92c3e5-1a0a-4318-9b63-617c5dca0b66",
"name": "query-users",
"description": "${role_query-users}",
"composite": false,
"clientRole": true,
"containerId": "4ce68130-aced-4e67-936a-8082dc843cc2",
"attributes": {}
},
{
"id": "326a3718-390d-4e41-af00-2197d3ef6858",
"name": "manage-clients",
"description": "${role_manage-clients}",
"composite": false,
"clientRole": true,
"containerId": "4ce68130-aced-4e67-936a-8082dc843cc2",
"attributes": {}
},
{
"id": "e4c69181-5e0d-484e-ac31-be6beef57c28",
"name": "create-client",
"description": "${role_create-client}",
"composite": false,
"clientRole": true,
"containerId": "4ce68130-aced-4e67-936a-8082dc843cc2",
"attributes": {}
},
{
"id": "f4ac66cc-97b4-4590-beae-5ff23c9935b3",
"name": "query-realms",
"description": "${role_query-realms}",
"composite": false,
"clientRole": true,
"containerId": "4ce68130-aced-4e67-936a-8082dc843cc2",
"attributes": {}
},
{
"id": "a24704fe-13fd-40e6-bf2d-29014f63c069",
"name": "view-identity-providers",
"description": "${role_view-identity-providers}",
"composite": false,
"clientRole": true,
"containerId": "4ce68130-aced-4e67-936a-8082dc843cc2",
"attributes": {}
},
{
"id": "7deec87c-2716-40c1-a115-2a0fe840b119",
"name": "view-users",
"description": "${role_view-users}",
"composite": true,
"composites": {
"client": {
"realm-management": ["query-groups", "query-users"]
}
},
"clientRole": true,
"containerId": "4ce68130-aced-4e67-936a-8082dc843cc2",
"attributes": {}
},
{
"id": "827c40ae-b4c2-4574-9f34-db33925cd19c",
"name": "view-events",
"description": "${role_view-events}",
"composite": false,
"clientRole": true,
"containerId": "4ce68130-aced-4e67-936a-8082dc843cc2",
"attributes": {}
},
{
"id": "cbe05c62-2b07-4ac7-a33a-ffca7c176252",
"name": "manage-events",
"description": "${role_manage-events}",
"composite": false,
"clientRole": true,
"containerId": "4ce68130-aced-4e67-936a-8082dc843cc2",
"attributes": {}
},
{
"id": "8ca56814-a817-4849-a515-45399eb1dcc1",
"name": "manage-identity-providers",
"description": "${role_manage-identity-providers}",
"composite": false,
"clientRole": true,
"containerId": "4ce68130-aced-4e67-936a-8082dc843cc2",
"attributes": {}
},
{
"id": "1134c6df-d0ff-498d-9dc4-ad989f7cfe93",
"name": "query-clients",
"description": "${role_query-clients}",
"composite": false,
"clientRole": true,
"containerId": "4ce68130-aced-4e67-936a-8082dc843cc2",
"attributes": {}
},
{
"id": "3bb14549-60f6-4078-8f4e-47a1162412f2",
"name": "manage-realm",
"description": "${role_manage-realm}",
"composite": false,
"clientRole": true,
"containerId": "4ce68130-aced-4e67-936a-8082dc843cc2",
"attributes": {}
}
],
"spiffworkflow-frontend": [],
"security-admin-console": [],
"admin-cli": [],
"spiffworkflow-backend": [
{
"id": "4d71d1bb-d627-43c8-bc07-d542f816e04b",
"name": "spiffworkflow-admin",
"composite": false,
"clientRole": true,
"containerId": "f44558af-3601-4e54-b854-08396a247544",
"attributes": {}
},
{
"id": "2341ca1c-24c8-4ddf-874c-7153c9408068",
"name": "uma_protection",
"composite": false,
"clientRole": true,
"containerId": "f44558af-3601-4e54-b854-08396a247544",
"attributes": {}
},
{
"id": "cf88054e-4bdc-491c-bf93-c660cdaad72d",
"name": "repeat-form-role-2",
"composite": false,
"clientRole": true,
"containerId": "f44558af-3601-4e54-b854-08396a247544",
"attributes": {
"repeat-form-role-2-att-key": ["repeat-form-role-2-att-value"]
}
}
],
"withAuth": [
{
"id": "87673823-6a5a-4cb2-baa7-6c8b5da5d402",
"name": "uma_protection",
"composite": false,
"clientRole": true,
"containerId": "5d94a8c3-f56b-4eff-ac39-8580053a7fbe",
"attributes": {}
}
],
"broker": [
{
"id": "6d688d72-cf5b-4450-a902-cb2d41f0e04c",
"name": "read-token",
"description": "${role_read-token}",
"composite": false,
"clientRole": true,
"containerId": "55d75754-cf1b-4875-bf3e-15add4be8c99",
"attributes": {}
}
],
"account": [
{
"id": "9c51c3e1-028d-4a0d-96dc-6619196b49f0",
"name": "delete-account",
"description": "${role_delete-account}",
"composite": false,
"clientRole": true,
"containerId": "e39b3c85-bb9d-4c73-8250-be087c82ae48",
"attributes": {}
},
{
"id": "f395d221-7f80-4fcf-90ac-0a89c8b15a9b",
"name": "manage-consent",
"description": "${role_manage-consent}",
"composite": true,
"composites": {
"client": {
"account": ["view-consent"]
}
},
"clientRole": true,
"containerId": "e39b3c85-bb9d-4c73-8250-be087c82ae48",
"attributes": {}
},
{
"id": "7abb4169-1960-4b4d-b5ae-6ea45cf91ee4",
"name": "view-consent",
"description": "${role_view-consent}",
"composite": false,
"clientRole": true,
"containerId": "e39b3c85-bb9d-4c73-8250-be087c82ae48",
"attributes": {}
},
{
"id": "4d3c24ed-cc61-4a6e-ac78-47af4545b415",
"name": "manage-account-links",
"description": "${role_manage-account-links}",
"composite": false,
"clientRole": true,
"containerId": "e39b3c85-bb9d-4c73-8250-be087c82ae48",
"attributes": {}
},
{
"id": "a4954091-9be9-4b7c-a196-1af934917ff7",
"name": "view-profile",
"description": "${role_view-profile}",
"composite": false,
"clientRole": true,
"containerId": "e39b3c85-bb9d-4c73-8250-be087c82ae48",
"attributes": {}
},
{
"id": "0810773c-a57d-449e-a31f-1344e1eb4b9b",
"name": "manage-account",
"description": "${role_manage-account}",
"composite": true,
"composites": {
"client": {
"account": ["manage-account-links"]
}
},
"clientRole": true,
"containerId": "e39b3c85-bb9d-4c73-8250-be087c82ae48",
"attributes": {}
},
{
"id": "ae774a41-a274-4f99-9d7f-f4a0d5dbc085",
"name": "view-applications",
"description": "${role_view-applications}",
"composite": false,
"clientRole": true,
"containerId": "e39b3c85-bb9d-4c73-8250-be087c82ae48",
"attributes": {}
}
]
}
},
"groups": [],
"defaultRole": {
"id": "c9f0ff93-642d-402b-965a-04d70719886b",
"name": "default-roles-spiffworkflow",
"description": "${role_default-roles}",
"composite": true,
"clientRole": false,
"containerId": "spiffworkflow"
},
"requiredCredentials": ["password"],
"otpPolicyType": "totp",
"otpPolicyAlgorithm": "HmacSHA1",
"otpPolicyInitialCounter": 0,
"otpPolicyDigits": 6,
"otpPolicyLookAheadWindow": 1,
"otpPolicyPeriod": 30,
"otpSupportedApplications": ["FreeOTP", "Google Authenticator"],
"webAuthnPolicyRpEntityName": "keycloak",
"webAuthnPolicySignatureAlgorithms": ["ES256"],
"webAuthnPolicyRpId": "",
"webAuthnPolicyAttestationConveyancePreference": "not specified",
"webAuthnPolicyAuthenticatorAttachment": "not specified",
"webAuthnPolicyRequireResidentKey": "not specified",
"webAuthnPolicyUserVerificationRequirement": "not specified",
"webAuthnPolicyCreateTimeout": 0,
"webAuthnPolicyAvoidSameAuthenticatorRegister": false,
"webAuthnPolicyAcceptableAaguids": [],
"webAuthnPolicyPasswordlessRpEntityName": "keycloak",
"webAuthnPolicyPasswordlessSignatureAlgorithms": ["ES256"],
"webAuthnPolicyPasswordlessRpId": "",
"webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified",
"webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified",
"webAuthnPolicyPasswordlessRequireResidentKey": "not specified",
"webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified",
"webAuthnPolicyPasswordlessCreateTimeout": 0,
"webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false,
"webAuthnPolicyPasswordlessAcceptableAaguids": [],
"users": [
Squashed 'spiffworkflow-backend/' changes from 03bf7a61..10c443a2 10c443a2 Merge pull request #130 from sartography/feature/data 71c803aa allow passing in the log level into the app w/ burnettk daeb82d9 Merge pull request #126 from sartography/dependabot/pip/typing-extensions-4.4.0 14c8f52c Merge pull request #123 from sartography/dependabot/pip/dot-github/workflows/poetry-1.2.2 92d204e6 Merge remote-tracking branch 'origin/main' into feature/data 1cb77901 run the save all bpmn script on server boot w/ burnettk 16a6f476 Bump typing-extensions from 4.3.0 to 4.4.0 d8ac61fc Bump poetry from 1.2.1 to 1.2.2 in /.github/workflows 3be27786 Merge pull request #131 from sartography/feature/permissions2 1fd8fc78 Merge remote-tracking branch 'origin/main' into feature/permissions2 d29621ae data setup on app boot 0b21a5d4 refactor bin/save_all_bpmn.py into service code 02fb9d61 lint c95db461 refactor scripts 98628fc2 This caused a problem with scopes when token timed out. d8b2323b merged in main and resolved conflicts d01b4fc7 updated sentry-sdk to resolve deprecation warnings 5851ddf5 update for mypy in python 3.9 508f9900 merged in main and resolved conflicts 68d69978 precommit w/ burnettk 85a4ee16 removed debug print statements w/ burnettk 93eb91f4 added keycloak configs and user perms for staging w/ burnettk e4ded8fc added method to import permissions from yml file w/ burnettk 22ba89ae use percents instead of asterisks to better support db syntax w/ burnettk 0c116ae8 postgres does not use backticks w/ burnettk 621ad3ef attempting to see if sql like statement works in other dbs as well w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 10c443a2d82752e8ed9d1679afe6409d81029006
2022-10-12 19:28:52 +00:00
{
"id": "4048e9a7-8afa-4e69-9904-389657221abe",
"createdTimestamp": 1665517741516,
"username": "alex",
"enabled": true,
"totp": false,
"emailVerified": false,
"credentials": [
{
"id": "81a61a3b-228d-42b3-b39a-f62d8e7f57ca",
"type": "password",
"createdDate": 1665517748308,
"secretData": "{\"value\":\"13OdXlB1S1EqHL+3/0y4LYp/LGCn0UW8/Wh9ykgpUbRrwdX6dY3iiMlKePfTy5nXoH/ISmPlxNKOe5z7FWXsgg==\",\"salt\":\"pv0SEb7Ctk5tpu2y32L2kw==\",\"additionalParameters\":{}}",
"credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
}
],
"disableableCredentialTypes": [],
"requiredActions": [],
"realmRoles": ["default-roles-spiffworkflow"],
"notBefore": 0,
"groups": []
},
{
"id": "b4dc5a30-4bd7-44fc-88b5-839fbb8567ea",
"createdTimestamp": 1665518311550,
"username": "amir",
"enabled": true,
"totp": false,
"emailVerified": false,
"credentials": [
{
"id": "e589f3ad-bf7b-4756-89f7-7894c03c2831",
"type": "password",
"createdDate": 1665518319210,
"secretData": "{\"value\":\"mamd7Hi6nV5suylSrUgwWon3Gw3WeOIvAJu9g39Mq1iYoXWj2rI870bGHiSITLaFBpdjLOEmlu9feKkULOXNpQ==\",\"salt\":\"wG7tkMQfPKRW9ymu4ekujQ==\",\"additionalParameters\":{}}",
"credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
}
],
"disableableCredentialTypes": [],
"requiredActions": [],
"realmRoles": ["default-roles-spiffworkflow"],
"notBefore": 0,
"groups": []
},
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 14:22:22 +00:00
{
"id": "4c436296-8471-4105-b551-80eee96b43bb",
"createdTimestamp": 1657139858075,
"username": "ciadmin1",
"enabled": true,
"totp": false,
"emailVerified": false,
"credentials": [
{
"id": "111b5ea1-c2ab-470a-a16b-2373bc94de7a",
"type": "password",
"createdDate": 1657139904275,
"secretData": "{\"value\":\"e5MjWAk7RPspQIh9gEOKyv3AV/DHNoWk8w1tf+MRLh2oxrKmnnizOj0eFtIadT/q/i5JRfUq5IYBPLL/4nEJDw==\",\"salt\":\"5inqMqqTR6+PBYriy3RPjA==\",\"additionalParameters\":{}}",
"credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
}
],
"disableableCredentialTypes": [],
"requiredActions": [],
"realmRoles": ["default-roles-spiffworkflow", "admin"],
"clientRoles": {
"spiffworkflow-backend": ["spiffworkflow-admin", "uma_protection"]
},
"notBefore": 0,
"groups": []
},
{
"id": "56457e8f-47c6-4f9f-a72b-473dea5edfeb",
"createdTimestamp": 1657139955336,
"username": "ciuser1",
"enabled": true,
"totp": false,
"emailVerified": false,
"credentials": [
{
"id": "762f36e9-47af-44da-8520-cf09d752497a",
"type": "password",
"createdDate": 1657139966468,
"secretData": "{\"value\":\"Dpn9QBJSxvl54b0Fu+OKrKRwmDJbk28FQ3xhlOdJPvZVJU/SpdrcsH7ktYAIkVLkRC5qILSZuNPQ3vDGzE2r1Q==\",\"salt\":\"yXd7N8XIQBkJ7swHDeRzXw==\",\"additionalParameters\":{}}",
"credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
}
],
"disableableCredentialTypes": [],
"requiredActions": [],
"realmRoles": ["default-roles-spiffworkflow"],
"clientRoles": {
"spiffworkflow-backend": ["uma_protection"]
},
"notBefore": 0,
"groups": []
},
Squashed 'spiffworkflow-backend/' changes from 03bf7a61..10c443a2 10c443a2 Merge pull request #130 from sartography/feature/data 71c803aa allow passing in the log level into the app w/ burnettk daeb82d9 Merge pull request #126 from sartography/dependabot/pip/typing-extensions-4.4.0 14c8f52c Merge pull request #123 from sartography/dependabot/pip/dot-github/workflows/poetry-1.2.2 92d204e6 Merge remote-tracking branch 'origin/main' into feature/data 1cb77901 run the save all bpmn script on server boot w/ burnettk 16a6f476 Bump typing-extensions from 4.3.0 to 4.4.0 d8ac61fc Bump poetry from 1.2.1 to 1.2.2 in /.github/workflows 3be27786 Merge pull request #131 from sartography/feature/permissions2 1fd8fc78 Merge remote-tracking branch 'origin/main' into feature/permissions2 d29621ae data setup on app boot 0b21a5d4 refactor bin/save_all_bpmn.py into service code 02fb9d61 lint c95db461 refactor scripts 98628fc2 This caused a problem with scopes when token timed out. d8b2323b merged in main and resolved conflicts d01b4fc7 updated sentry-sdk to resolve deprecation warnings 5851ddf5 update for mypy in python 3.9 508f9900 merged in main and resolved conflicts 68d69978 precommit w/ burnettk 85a4ee16 removed debug print statements w/ burnettk 93eb91f4 added keycloak configs and user perms for staging w/ burnettk e4ded8fc added method to import permissions from yml file w/ burnettk 22ba89ae use percents instead of asterisks to better support db syntax w/ burnettk 0c116ae8 postgres does not use backticks w/ burnettk 621ad3ef attempting to see if sql like statement works in other dbs as well w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 10c443a2d82752e8ed9d1679afe6409d81029006
2022-10-12 19:28:52 +00:00
{
"id": "99e7e4ea-d4ae-4944-bd31-873dac7b004c",
"createdTimestamp": 1665517024483,
"username": "dan",
"enabled": true,
"totp": false,
"emailVerified": false,
"credentials": [
{
"id": "d517c520-f500-4542-80e5-7144daef1e32",
"type": "password",
"createdDate": 1665517033429,
"secretData": "{\"value\":\"rgWPI1YobMfDaaT3di2+af3gHU8bkreRElAHgYFA+dXHw0skiGVd1t57kNLEP49M6zKYjZzlOKr0qvAxQF0oSg==\",\"salt\":\"usMZebZnPYXhD6ID95bizg==\",\"additionalParameters\":{}}",
"credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
}
],
"disableableCredentialTypes": [],
"requiredActions": [],
"realmRoles": ["default-roles-spiffworkflow"],
"notBefore": 0,
"groups": []
},
{
"id": "1834a79d-917f-4e4c-ab38-8ec376179fe9",
"createdTimestamp": 1665517805115,
"username": "daniel",
"enabled": true,
"totp": false,
"emailVerified": false,
"credentials": [
{
"id": "f240495c-265b-42fc-99db-46928580d07d",
"type": "password",
"createdDate": 1665517812636,
"secretData": "{\"value\":\"sRCF3tFOZrUbEW220cVHhQ7e89iKqjgAMyO0BaYCPZZw1tEjZ+drGj+bfwRbuuK0Nps3t//YGVELsejRogWkcw==\",\"salt\":\"XQtLR9oZctkyRTi2Be+Z0g==\",\"additionalParameters\":{}}",
"credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
}
],
"disableableCredentialTypes": [],
"requiredActions": [],
"realmRoles": ["default-roles-spiffworkflow"],
"notBefore": 0,
"groups": []
},
{
"id": "72d32cba-e2e2-489d-9141-4d94e3bb2cda",
"createdTimestamp": 1665517787787,
"username": "elizabeth",
"enabled": true,
"totp": false,
"emailVerified": false,
"credentials": [
{
"id": "ae951ec8-9fc9-4f1b-b340-bbbe463ae5c2",
"type": "password",
"createdDate": 1665517794484,
"secretData": "{\"value\":\"oudGUsbh8utUavZ8OmoUvggCYxr+RHCgwcqpub5AgbITsK4DgY01X0SlDGRTdNGOIqoHse8zGBNmcyBNPWjC0w==\",\"salt\":\"auHilaAS2Lo7oa0UaA7L6A==\",\"additionalParameters\":{}}",
"credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
}
],
"disableableCredentialTypes": [],
"requiredActions": [],
"realmRoles": ["default-roles-spiffworkflow"],
"notBefore": 0,
"groups": []
},
Squashed 'spiffworkflow-backend/' changes from f9c2fa21e..5225a8b4c 5225a8b4c pyl 259f74a1e Merge branch 'main' into bug/refresh-token d452208ef Merge pull request #135 from sartography/feature/permissions3 8e1075406 Merge branch 'main' into bug/refresh-token 2b01d2fe7 fixed authentication_callback and getting the user w/ burnettk 476e36c7d mypy changes 6403e62c0 Fix migration after merging main 594a32b67 merged in main and resolved conflicts w/ burnettk b285ba1a1 added updated columns to secrets and updated flask-bpmn 7c53fc9fa Merge remote-tracking branch 'origin/main' into feature/permissions3 201a6918a pyl changes a6112f7fb Merge branch 'main' into bug/refresh-token 87f65a6c6 auth_token should be dictionary, not string f163de61c pyl 1f443bb94 PublicAuthenticationService -> AuthenticationService 6c491a3df Don't refresh token here. They just logged in. We are validating the returned token. If it is bad, raise an error. 91b8649f8 id_token -> auth_token fc94774bb Move `store_refresh_token` to authentication_service 00d66e9c5 mypy c4e415dbe mypy 1e75716eb Pre commit a72b03e09 Rename method. We pass it auth_tokens, not id_tokens 9a6700a6d Too many things expect g.token. Reverting my change 74883fb23 Noe store refresh_token, and try to use it if auth_token is expired Renamed some methods to use correct token type be0557013 Cleanup - remove unused code cf01f0d51 Add refresh_token model 1c0c937af added method to delete all permissions so we can recreate them w/ burnettk aaeaac879 Merge remote-tracking branch 'origin/main' into feature/permissions3 44856fce2 added api endpoint to check if user has permissions based on given target uris w/ burnettk ae830054d precommit w/ burnettk 94d50efb1 created common method to check whether an api method should have auth w/ burnettk c955335d0 precommit w/ burnettk 37caf1a69 added a finance user to keycloak and fixed up the staging permission yml w/ burnettk 93c456294 merged in main and resolved conflicts w/ burnettk 06a7c6485 remaining tests are now passing w/ burnettk 50529d04c added test to make sure api gives a 403 if a permission is not found w/ burnettk 6a9d0a68a api calls are somewhat respecting permissions now and the process api tests are passing d07fbbeff attempting to respect permissions w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 5225a8b4c101133567d4f7efa33632d36c29c81d
2022-10-20 20:00:12 +00:00
{
"id": "9b46f3be-a81d-4b76-92e6-2ac8462f5ec8",
"createdTimestamp": 1665688255982,
"username": "finance_user1",
"enabled": true,
"totp": false,
"emailVerified": false,
"credentials": [
{
"id": "f14722ec-13a7-4d35-a4ec-0475d405ae58",
"type": "password",
"createdDate": 1665688275943,
"secretData": "{\"value\":\"PlNhf8ShIvaSP3CUwCwAJ2tkqcTCVmCWUy4rbuLSXxEIiuGMu4XeZdsrE82R8PWuDQhlWn/YOUOk38xKZS2ySQ==\",\"salt\":\"m7JGY2cWgFBXMYQSSP2JQQ==\",\"additionalParameters\":{}}",
"credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
}
],
"disableableCredentialTypes": [],
"requiredActions": [],
"realmRoles": ["default-roles-spiffworkflow"],
"notBefore": 0,
"groups": []
},
Squashed 'spiffworkflow-backend/' changes from 03bf7a61..10c443a2 10c443a2 Merge pull request #130 from sartography/feature/data 71c803aa allow passing in the log level into the app w/ burnettk daeb82d9 Merge pull request #126 from sartography/dependabot/pip/typing-extensions-4.4.0 14c8f52c Merge pull request #123 from sartography/dependabot/pip/dot-github/workflows/poetry-1.2.2 92d204e6 Merge remote-tracking branch 'origin/main' into feature/data 1cb77901 run the save all bpmn script on server boot w/ burnettk 16a6f476 Bump typing-extensions from 4.3.0 to 4.4.0 d8ac61fc Bump poetry from 1.2.1 to 1.2.2 in /.github/workflows 3be27786 Merge pull request #131 from sartography/feature/permissions2 1fd8fc78 Merge remote-tracking branch 'origin/main' into feature/permissions2 d29621ae data setup on app boot 0b21a5d4 refactor bin/save_all_bpmn.py into service code 02fb9d61 lint c95db461 refactor scripts 98628fc2 This caused a problem with scopes when token timed out. d8b2323b merged in main and resolved conflicts d01b4fc7 updated sentry-sdk to resolve deprecation warnings 5851ddf5 update for mypy in python 3.9 508f9900 merged in main and resolved conflicts 68d69978 precommit w/ burnettk 85a4ee16 removed debug print statements w/ burnettk 93eb91f4 added keycloak configs and user perms for staging w/ burnettk e4ded8fc added method to import permissions from yml file w/ burnettk 22ba89ae use percents instead of asterisks to better support db syntax w/ burnettk 0c116ae8 postgres does not use backticks w/ burnettk 621ad3ef attempting to see if sql like statement works in other dbs as well w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 10c443a2d82752e8ed9d1679afe6409d81029006
2022-10-12 19:28:52 +00:00
{
"id": "087bdc16-e362-4340-aa60-1ff71a45f844",
"createdTimestamp": 1665516884829,
"username": "harmeet",
"enabled": true,
"totp": false,
"emailVerified": false,
"credentials": [
{
"id": "89c26090-9bd3-46ac-b038-883d02e3f125",
"type": "password",
"createdDate": 1665516905862,
"secretData": "{\"value\":\"vDzTFQhjg8l8XgQ/YFYZSMLxQovFc/wflVBiRtAk/UWRKhJwuz3XInFbQ64wbYppBlXDYSmYis3luKv6YyUWjQ==\",\"salt\":\"58OQLETS0sM9VpXWoNa6rQ==\",\"additionalParameters\":{}}",
"credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
}
],
"disableableCredentialTypes": [],
"requiredActions": [],
"realmRoles": ["default-roles-spiffworkflow"],
"notBefore": 0,
"groups": []
},
{
"id": "13f5481e-c6b5-450d-8aaf-e13c1c1f5914",
"createdTimestamp": 1665518332327,
"username": "jakub",
"enabled": true,
"totp": false,
"emailVerified": false,
"credentials": [
{
"id": "ce141fa5-b8d5-4bbe-93e7-22e7119f97c2",
"type": "password",
"createdDate": 1665518338651,
"secretData": "{\"value\":\"+L4TmIGURzFtyRMFyKbPmQ8iYSC639K0GLNHXM+T/cLiMGxVr/wvWj5j435c1V9P+kwO2CnGtd09IsSN8cXuXg==\",\"salt\":\"a2eNeYyoci5fpkPJJy735g==\",\"additionalParameters\":{}}",
"credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
}
],
"disableableCredentialTypes": [],
"requiredActions": [],
"realmRoles": ["default-roles-spiffworkflow"],
"notBefore": 0,
"groups": []
},
{
"id": "3965a6c8-31df-474f-9a45-c268ed98e3fd",
"createdTimestamp": 1665518284693,
"username": "jarrad",
"enabled": true,
"totp": false,
"emailVerified": false,
"credentials": [
{
"id": "113e0343-1069-476d-83f9-21d98edb9cfa",
"type": "password",
"createdDate": 1665518292234,
"secretData": "{\"value\":\"1CeBMYC3yiJ/cmIxHs/bSea3kxItLNnaIkPNRk2HefZiCdfUKcJ/QLI0O9QO108G2Lzg9McR33EB72zbFAfYUw==\",\"salt\":\"2kWgItvYvzJkgJU9ICWMAw==\",\"additionalParameters\":{}}",
"credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
}
],
"disableableCredentialTypes": [],
"requiredActions": [],
"realmRoles": ["default-roles-spiffworkflow"],
"notBefore": 0,
"groups": []
},
{
"id": "58bcce19-41ec-4ae7-b930-b37be7ad4ba3",
"createdTimestamp": 1665516949583,
"username": "jason",
"enabled": true,
"totp": false,
"emailVerified": false,
"credentials": [
{
"id": "40abf32e-f0cc-4a17-8231-1a69a02c1b0b",
"type": "password",
"createdDate": 1665516957192,
"secretData": "{\"value\":\"nCnRYH5rLRMu1E7C260SowAdvJfQCSdf4LigcIzSkoPwT+qfLT5ut5m99zakNLeHLoCtGhO2lSVGUQWhdCUYJw==\",\"salt\":\"mW5QN/RSr55I04VI6FTERA==\",\"additionalParameters\":{}}",
"credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
}
],
"disableableCredentialTypes": [],
"requiredActions": [],
"realmRoles": ["default-roles-spiffworkflow"],
"notBefore": 0,
"groups": []
},
{
"id": "29c11638-3b32-4024-8594-91c8b09e713c",
"createdTimestamp": 1665518366585,
"username": "jon",
"enabled": true,
"totp": false,
"emailVerified": false,
"credentials": [
{
"id": "8b520e01-5b9b-44ab-9ee8-505bd0831a45",
"type": "password",
"createdDate": 1665518373016,
"secretData": "{\"value\":\"lZBDnz49zW6EkT2t7JSQjOzBlYhjhkw3hHefcOC4tmet+h/dAuxSGRuLibJHBap2j6G9Z2SoRqtyS8bwGbR42g==\",\"salt\":\"MI90jmxbLAno0g5O4BCeHw==\",\"additionalParameters\":{}}",
"credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
}
],
"disableableCredentialTypes": [],
"requiredActions": [],
"realmRoles": ["default-roles-spiffworkflow"],
"notBefore": 0,
"groups": []
},
{
"id": "af15c167-d0e7-4a41-ac2c-109188dd7166",
"createdTimestamp": 1665516966482,
"username": "kb",
"enabled": true,
"totp": false,
"emailVerified": false,
"credentials": [
{
"id": "2c0be363-038f-48f1-86d6-91fdd28657cf",
"type": "password",
"createdDate": 1665516982394,
"secretData": "{\"value\":\"yvliX8Mn+lgpxfMpkjfsV8CASgghEgPA2P1/DR1GP5LSFoGwGCEwj0SmeQAo+MQjBsn3nfvtL9asQvmIYdNZwQ==\",\"salt\":\"kFr1K94QCEx9eGD25rZR9g==\",\"additionalParameters\":{}}",
"credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
}
],
"disableableCredentialTypes": [],
"requiredActions": [],
"realmRoles": ["default-roles-spiffworkflow"],
"notBefore": 0,
"groups": []
},
{
"id": "6f5bfa09-7494-4a2f-b871-cf327048cac7",
"createdTimestamp": 1665517010600,
"username": "manuchehr",
"enabled": true,
"totp": false,
"emailVerified": false,
"credentials": [
{
"id": "07dabf55-b5d3-4f98-abba-3334086ecf5e",
"type": "password",
"createdDate": 1665517017682,
"secretData": "{\"value\":\"1btDXHraz9l0Gp4g1xxdcuZffLsuKsW0tHwQGzoEtTlI/iZdrKPG9WFlCEFd84qtpdYPJD/tvzn6ZK6zU4/GlQ==\",\"salt\":\"jHtMiO+4jMv9GqLhC9wg4w==\",\"additionalParameters\":{}}",
"credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
}
],
"disableableCredentialTypes": [],
"requiredActions": [],
"realmRoles": ["default-roles-spiffworkflow"],
"notBefore": 0,
"groups": []
},
{
"id": "d1c46b47-67c4-4d07-9cf4-6b1ceac88fc1",
"createdTimestamp": 1665517760255,
"username": "mike",
"enabled": true,
"totp": false,
"emailVerified": false,
"credentials": [
{
"id": "1ed375fb-0f1a-4c2a-9243-2477242cf7bd",
"type": "password",
"createdDate": 1665517768715,
"secretData": "{\"value\":\"S1cxZ3dgNB+A6yfMchDWEGP8OyZaaAOU/IUKn+QWFt255yoFqs28pfmwCsevdzuh0YfygO9GBgBv7qZQ2pknNQ==\",\"salt\":\"i+Q9zEHNxfi8TAHw17Dv6w==\",\"additionalParameters\":{}}",
"credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
}
],
"disableableCredentialTypes": [],
"requiredActions": [],
"realmRoles": ["default-roles-spiffworkflow"],
"notBefore": 0,
"groups": []
},
Squashed 'spiffworkflow-backend/' changes from 2fbc6777b..ffb6d366f ffb6d366f added natalia to keycloak configs w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: ffb6d366f932ccfebad337fd4ca36ff3ba445413
2022-10-18 14:22:31 +00:00
{
"id": "cecacfd3-2f59-4ce2-87d9-bea91ef13c5b",
"createdTimestamp": 1666102618518,
"username": "natalia",
"enabled": true,
"totp": false,
"emailVerified": false,
"credentials": [
{
"id": "b6aa9936-39cc-4931-bfeb-60e6753de5ba",
"type": "password",
"createdDate": 1666102626704,
"secretData": "{\"value\":\"kGyQIqZM6n9rjGZkNScJbkFjLvRJ2I+ZzCtjQ80e+zX7QaXtIF3CEeSY6KTXVjE8Z74oyVBWTIibpiTblm5Ztw==\",\"salt\":\"0k+Y+QJiW0YhxuxxYigasg==\",\"additionalParameters\":{}}",
"credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
}
],
"disableableCredentialTypes": [],
"requiredActions": [],
"realmRoles": ["default-roles-spiffworkflow"],
"notBefore": 0,
"groups": []
},
Squashed 'spiffworkflow-backend/' changes from 03bf7a61..10c443a2 10c443a2 Merge pull request #130 from sartography/feature/data 71c803aa allow passing in the log level into the app w/ burnettk daeb82d9 Merge pull request #126 from sartography/dependabot/pip/typing-extensions-4.4.0 14c8f52c Merge pull request #123 from sartography/dependabot/pip/dot-github/workflows/poetry-1.2.2 92d204e6 Merge remote-tracking branch 'origin/main' into feature/data 1cb77901 run the save all bpmn script on server boot w/ burnettk 16a6f476 Bump typing-extensions from 4.3.0 to 4.4.0 d8ac61fc Bump poetry from 1.2.1 to 1.2.2 in /.github/workflows 3be27786 Merge pull request #131 from sartography/feature/permissions2 1fd8fc78 Merge remote-tracking branch 'origin/main' into feature/permissions2 d29621ae data setup on app boot 0b21a5d4 refactor bin/save_all_bpmn.py into service code 02fb9d61 lint c95db461 refactor scripts 98628fc2 This caused a problem with scopes when token timed out. d8b2323b merged in main and resolved conflicts d01b4fc7 updated sentry-sdk to resolve deprecation warnings 5851ddf5 update for mypy in python 3.9 508f9900 merged in main and resolved conflicts 68d69978 precommit w/ burnettk 85a4ee16 removed debug print statements w/ burnettk 93eb91f4 added keycloak configs and user perms for staging w/ burnettk e4ded8fc added method to import permissions from yml file w/ burnettk 22ba89ae use percents instead of asterisks to better support db syntax w/ burnettk 0c116ae8 postgres does not use backticks w/ burnettk 621ad3ef attempting to see if sql like statement works in other dbs as well w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 10c443a2d82752e8ed9d1679afe6409d81029006
2022-10-12 19:28:52 +00:00
{
"id": "f3852a7d-8adf-494f-b39d-96ad4c899ee5",
"createdTimestamp": 1665516926300,
"username": "sasha",
"enabled": true,
"totp": false,
"emailVerified": false,
"credentials": [
{
"id": "4a170af4-6f0c-4e7b-b70c-e674edf619df",
"type": "password",
"createdDate": 1665516934662,
"secretData": "{\"value\":\"/cimS+PL6p+YnOCF9ZSA6UuwmmLZ7aVUZUthiFDqp/sn0c8GTpWmAdDIbJy2Ut+D4Rx605kRFQaekzRgSYPxcg==\",\"salt\":\"0dmUnLfqK745YHVSz6HOZg==\",\"additionalParameters\":{}}",
"credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
}
],
"disableableCredentialTypes": [],
"requiredActions": [],
"realmRoles": ["default-roles-spiffworkflow"],
"notBefore": 0,
"groups": []
},
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 14:22:22 +00:00
{
"id": "487d3a85-89dd-4839-957a-c3f6d70551f6",
"createdTimestamp": 1657115173081,
"username": "service-account-spiffworkflow-backend",
"enabled": true,
"totp": false,
"emailVerified": false,
"serviceAccountClientId": "spiffworkflow-backend",
"credentials": [],
"disableableCredentialTypes": [],
"requiredActions": [],
"realmRoles": ["default-roles-spiffworkflow"],
"clientRoles": {
"spiffworkflow-backend": ["uma_protection"]
},
"notBefore": 0,
"groups": []
},
{
"id": "22de68b1-4b06-4bc2-8da6-0c577e7e62ad",
"createdTimestamp": 1657055472800,
"username": "service-account-withauth",
"enabled": true,
"totp": false,
"emailVerified": false,
"serviceAccountClientId": "withAuth",
"credentials": [],
"disableableCredentialTypes": [],
"requiredActions": [],
"realmRoles": ["default-roles-spiffworkflow"],
"clientRoles": {
"withAuth": ["uma_protection"]
},
"notBefore": 0,
"groups": []
}
],
"scopeMappings": [
{
"clientScope": "offline_access",
"roles": ["offline_access"]
}
],
"clients": [
{
"id": "e39b3c85-bb9d-4c73-8250-be087c82ae48",
"clientId": "account",
"name": "${client_account}",
"rootUrl": "${authBaseUrl}",
"baseUrl": "/realms/spiffworkflow/account/",
"surrogateAuthRequired": false,
"enabled": false,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"redirectUris": ["/realms/spiffworkflow/account/*"],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": false,
"serviceAccountsEnabled": false,
"publicClient": true,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {
"saml.force.post.binding": "false",
"saml.multivalued.roles": "false",
"frontchannel.logout.session.required": "false",
Squashed 'spiffworkflow-backend/' changes from 945b3c0d..653a86b1 653a86b1 update keycloak version and lint df1443e3 new keycloak realm json with 30 minute access token lifespan and 1 day refresh token lifespan ac31f4bf wait longer before importing realms for new keycloak w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 653a86b1aebebd8248f735d28cf91664585cb378
2022-10-24 21:53:02 +00:00
"post.logout.redirect.uris": "+",
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 14:22:22 +00:00
"oauth2.device.authorization.grant.enabled": "false",
"backchannel.logout.revoke.offline.tokens": "false",
"saml.server.signature.keyinfo.ext": "false",
"use.refresh.tokens": "true",
"oidc.ciba.grant.enabled": "false",
"backchannel.logout.session.required": "false",
"client_credentials.use_refresh_token": "false",
"require.pushed.authorization.requests": "false",
"saml.client.signature": "false",
"saml.allow.ecp.flow": "false",
"id.token.as.detached.signature": "false",
"saml.assertion.signature": "false",
"saml.encrypt": "false",
"saml.server.signature": "false",
"exclude.session.state.from.auth.response": "false",
"saml.artifact.binding": "false",
"saml_force_name_id_format": "false",
"acr.loa.map": "{}",
"tls.client.certificate.bound.access.tokens": "false",
"saml.authnstatement": "false",
"display.on.consent.screen": "false",
"token.response.type.bearer.lower-case": "false",
"saml.onetimeuse.condition": "false"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": false,
"nodeReRegistrationTimeout": 0,
"defaultClientScopes": [
"web-origins",
"acr",
"profile",
"roles",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
]
},
{
"id": "02fa6179-9399-4bb1-970f-c4d8e8b5f99f",
"clientId": "admin-cli",
"name": "${client_admin-cli}",
"surrogateAuthRequired": false,
"enabled": false,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"redirectUris": [],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": false,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": false,
"publicClient": true,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {
"saml.force.post.binding": "false",
"saml.multivalued.roles": "false",
"frontchannel.logout.session.required": "false",
Squashed 'spiffworkflow-backend/' changes from 945b3c0d..653a86b1 653a86b1 update keycloak version and lint df1443e3 new keycloak realm json with 30 minute access token lifespan and 1 day refresh token lifespan ac31f4bf wait longer before importing realms for new keycloak w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 653a86b1aebebd8248f735d28cf91664585cb378
2022-10-24 21:53:02 +00:00
"post.logout.redirect.uris": "+",
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 14:22:22 +00:00
"oauth2.device.authorization.grant.enabled": "false",
"backchannel.logout.revoke.offline.tokens": "false",
"saml.server.signature.keyinfo.ext": "false",
"use.refresh.tokens": "true",
"oidc.ciba.grant.enabled": "false",
"backchannel.logout.session.required": "false",
"client_credentials.use_refresh_token": "false",
"require.pushed.authorization.requests": "false",
"saml.client.signature": "false",
"saml.allow.ecp.flow": "false",
"id.token.as.detached.signature": "false",
"saml.assertion.signature": "false",
"saml.encrypt": "false",
"saml.server.signature": "false",
"exclude.session.state.from.auth.response": "false",
"saml.artifact.binding": "false",
"saml_force_name_id_format": "false",
"acr.loa.map": "{}",
"tls.client.certificate.bound.access.tokens": "false",
"saml.authnstatement": "false",
"display.on.consent.screen": "false",
"token.response.type.bearer.lower-case": "false",
"saml.onetimeuse.condition": "false"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": false,
"nodeReRegistrationTimeout": 0,
"defaultClientScopes": [
"web-origins",
"acr",
"profile",
"roles",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
]
},
{
"id": "55d75754-cf1b-4875-bf3e-15add4be8c99",
"clientId": "broker",
"name": "${client_broker}",
"surrogateAuthRequired": false,
"enabled": false,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"redirectUris": [],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": true,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": false,
"serviceAccountsEnabled": false,
"publicClient": false,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {
"saml.force.post.binding": "false",
"saml.multivalued.roles": "false",
"frontchannel.logout.session.required": "false",
Squashed 'spiffworkflow-backend/' changes from 945b3c0d..653a86b1 653a86b1 update keycloak version and lint df1443e3 new keycloak realm json with 30 minute access token lifespan and 1 day refresh token lifespan ac31f4bf wait longer before importing realms for new keycloak w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 653a86b1aebebd8248f735d28cf91664585cb378
2022-10-24 21:53:02 +00:00
"post.logout.redirect.uris": "+",
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 14:22:22 +00:00
"oauth2.device.authorization.grant.enabled": "false",
"backchannel.logout.revoke.offline.tokens": "false",
"saml.server.signature.keyinfo.ext": "false",
"use.refresh.tokens": "true",
"oidc.ciba.grant.enabled": "false",
"backchannel.logout.session.required": "false",
"client_credentials.use_refresh_token": "false",
"require.pushed.authorization.requests": "false",
"saml.client.signature": "false",
"saml.allow.ecp.flow": "false",
"id.token.as.detached.signature": "false",
"saml.assertion.signature": "false",
"saml.encrypt": "false",
"saml.server.signature": "false",
"exclude.session.state.from.auth.response": "false",
"saml.artifact.binding": "false",
"saml_force_name_id_format": "false",
"acr.loa.map": "{}",
"tls.client.certificate.bound.access.tokens": "false",
"saml.authnstatement": "false",
"display.on.consent.screen": "false",
"token.response.type.bearer.lower-case": "false",
"saml.onetimeuse.condition": "false"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": false,
"nodeReRegistrationTimeout": 0,
"defaultClientScopes": [
"web-origins",
"acr",
"profile",
"roles",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
]
},
{
"id": "4ce68130-aced-4e67-936a-8082dc843cc2",
"clientId": "realm-management",
"name": "${client_realm-management}",
"surrogateAuthRequired": false,
"enabled": false,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"redirectUris": [],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": true,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": false,
"serviceAccountsEnabled": false,
"publicClient": false,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {
"saml.force.post.binding": "false",
"saml.multivalued.roles": "false",
"frontchannel.logout.session.required": "false",
Squashed 'spiffworkflow-backend/' changes from 945b3c0d..653a86b1 653a86b1 update keycloak version and lint df1443e3 new keycloak realm json with 30 minute access token lifespan and 1 day refresh token lifespan ac31f4bf wait longer before importing realms for new keycloak w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 653a86b1aebebd8248f735d28cf91664585cb378
2022-10-24 21:53:02 +00:00
"post.logout.redirect.uris": "+",
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 14:22:22 +00:00
"oauth2.device.authorization.grant.enabled": "false",
"backchannel.logout.revoke.offline.tokens": "false",
"saml.server.signature.keyinfo.ext": "false",
"use.refresh.tokens": "true",
"oidc.ciba.grant.enabled": "false",
"backchannel.logout.session.required": "false",
"client_credentials.use_refresh_token": "false",
"require.pushed.authorization.requests": "false",
"saml.client.signature": "false",
"saml.allow.ecp.flow": "false",
"id.token.as.detached.signature": "false",
"saml.assertion.signature": "false",
"saml.encrypt": "false",
"saml.server.signature": "false",
"exclude.session.state.from.auth.response": "false",
"saml.artifact.binding": "false",
"saml_force_name_id_format": "false",
"acr.loa.map": "{}",
"tls.client.certificate.bound.access.tokens": "false",
"saml.authnstatement": "false",
"display.on.consent.screen": "false",
"token.response.type.bearer.lower-case": "false",
"saml.onetimeuse.condition": "false"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": false,
"nodeReRegistrationTimeout": 0,
"defaultClientScopes": [
"web-origins",
"acr",
"profile",
"roles",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
]
},
{
"id": "7c82344d-d4ae-4599-bbce-583cc8848199",
"clientId": "security-admin-console",
"name": "${client_security-admin-console}",
"rootUrl": "${authAdminUrl}",
"baseUrl": "/admin/spiffworkflow/console/",
"surrogateAuthRequired": false,
"enabled": false,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"redirectUris": ["/admin/spiffworkflow/console/*"],
"webOrigins": ["+"],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": false,
"serviceAccountsEnabled": false,
"publicClient": true,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {
"saml.force.post.binding": "false",
"saml.multivalued.roles": "false",
"frontchannel.logout.session.required": "false",
Squashed 'spiffworkflow-backend/' changes from 945b3c0d..653a86b1 653a86b1 update keycloak version and lint df1443e3 new keycloak realm json with 30 minute access token lifespan and 1 day refresh token lifespan ac31f4bf wait longer before importing realms for new keycloak w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 653a86b1aebebd8248f735d28cf91664585cb378
2022-10-24 21:53:02 +00:00
"post.logout.redirect.uris": "+",
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 14:22:22 +00:00
"oauth2.device.authorization.grant.enabled": "false",
"backchannel.logout.revoke.offline.tokens": "false",
"saml.server.signature.keyinfo.ext": "false",
"use.refresh.tokens": "true",
"oidc.ciba.grant.enabled": "false",
"backchannel.logout.session.required": "false",
"client_credentials.use_refresh_token": "false",
"require.pushed.authorization.requests": "false",
"saml.client.signature": "false",
"pkce.code.challenge.method": "S256",
"saml.allow.ecp.flow": "false",
"id.token.as.detached.signature": "false",
"saml.assertion.signature": "false",
"saml.encrypt": "false",
"saml.server.signature": "false",
"exclude.session.state.from.auth.response": "false",
"saml.artifact.binding": "false",
"saml_force_name_id_format": "false",
"acr.loa.map": "{}",
"tls.client.certificate.bound.access.tokens": "false",
"saml.authnstatement": "false",
"display.on.consent.screen": "false",
"token.response.type.bearer.lower-case": "false",
"saml.onetimeuse.condition": "false"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": false,
"nodeReRegistrationTimeout": 0,
"protocolMappers": [
{
"id": "949c8afa-a06e-4a86-9260-6f477fc9ad9d",
"name": "locale",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "locale",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "locale",
"jsonType.label": "String"
}
}
],
"defaultClientScopes": [
"web-origins",
"acr",
"profile",
"roles",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
]
},
{
"id": "f44558af-3601-4e54-b854-08396a247544",
"clientId": "spiffworkflow-backend",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"secret": "JXeQExm0JhQPLumgHtIIqf52bDalHz0q",
"redirectUris": [
"http://localhost:7000/*",
Squashed 'spiffworkflow-backend/' changes from 3fff3539..593f33ca 593f33ca wait for db to be ready option 706094a8 demo env and no ssl for spiff realm on that env git-subtree-dir: spiffworkflow-backend git-subtree-split: 593f33ca52ffb049fefd529c3a6bc011cb62e950
2022-10-17 02:32:16 +00:00
"http://67.205.133.116:7000/*",
Squashed 'spiffworkflow-backend/' changes from 2fbc6777b..ffb6d366f ffb6d366f added natalia to keycloak configs w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: ffb6d366f932ccfebad337fd4ca36ff3ba445413
2022-10-18 14:22:31 +00:00
"http://167.172.242.138:7000/*",
Squashed 'spiffworkflow-backend/' changes from 0de4c06d0..4d7e5e531 4d7e5e531 we will set these at runtime 39c9e8785 templated SPIFF_SUBDOMAIN for keycloak 1a51f9091 update flask-bpmn 354e6edb1 Merge pull request #8 from sartography/feature/clean_up_sentry_errors 0c11a0b75 pyl passes w/ burnettk 9c57a876e avoid sending two errors to sentry w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 4d7e5e53185431b113eb7c038b687134499422c8
2022-10-28 02:03:49 +00:00
"https://api.{{SPIFF_SUBDOMAIN}}.spiffworkflow.org/*",
Squashed 'spiffworkflow-backend/' changes from 2fbc6777b..ffb6d366f ffb6d366f added natalia to keycloak configs w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: ffb6d366f932ccfebad337fd4ca36ff3ba445413
2022-10-18 14:22:31 +00:00
"https://api.demo.spiffworkflow.org/*"
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 14:22:22 +00:00
],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": true,
"authorizationServicesEnabled": true,
"publicClient": false,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {
"saml.force.post.binding": "false",
"saml.multivalued.roles": "false",
"frontchannel.logout.session.required": "false",
Squashed 'spiffworkflow-backend/' changes from 945b3c0d..653a86b1 653a86b1 update keycloak version and lint df1443e3 new keycloak realm json with 30 minute access token lifespan and 1 day refresh token lifespan ac31f4bf wait longer before importing realms for new keycloak w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 653a86b1aebebd8248f735d28cf91664585cb378
2022-10-24 21:53:02 +00:00
"post.logout.redirect.uris": "+",
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 14:22:22 +00:00
"oauth2.device.authorization.grant.enabled": "false",
"backchannel.logout.revoke.offline.tokens": "false",
"saml.server.signature.keyinfo.ext": "false",
"use.refresh.tokens": "true",
"oidc.ciba.grant.enabled": "false",
"backchannel.logout.session.required": "true",
"client_credentials.use_refresh_token": "false",
"require.pushed.authorization.requests": "false",
"saml.client.signature": "false",
"saml.allow.ecp.flow": "false",
"id.token.as.detached.signature": "false",
"saml.assertion.signature": "false",
"client.secret.creation.time": "1657115173",
"saml.encrypt": "false",
"saml.server.signature": "false",
"exclude.session.state.from.auth.response": "false",
"saml.artifact.binding": "false",
"saml_force_name_id_format": "false",
"acr.loa.map": "{}",
"tls.client.certificate.bound.access.tokens": "false",
"saml.authnstatement": "false",
"display.on.consent.screen": "false",
"token.response.type.bearer.lower-case": "false",
"saml.onetimeuse.condition": "false"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": true,
"nodeReRegistrationTimeout": -1,
"protocolMappers": [
{
"id": "af3598ab-74a9-48ba-956f-431b14acd896",
"name": "Client IP Address",
"protocol": "openid-connect",
"protocolMapper": "oidc-usersessionmodel-note-mapper",
"consentRequired": false,
"config": {
"user.session.note": "clientAddress",
"userinfo.token.claim": "true",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "clientAddress",
"jsonType.label": "String"
}
},
{
"id": "87369cf7-2a77-40fd-a926-a26d689831a0",
"name": "Client Host",
"protocol": "openid-connect",
"protocolMapper": "oidc-usersessionmodel-note-mapper",
"consentRequired": false,
"config": {
"user.session.note": "clientHost",
"userinfo.token.claim": "true",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "clientHost",
"jsonType.label": "String"
}
},
{
"id": "2c78d7e8-0a99-43bd-bc29-0ba062ed8750",
"name": "Client ID",
"protocol": "openid-connect",
"protocolMapper": "oidc-usersessionmodel-note-mapper",
"consentRequired": false,
"config": {
"user.session.note": "clientId",
"userinfo.token.claim": "true",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "clientId",
"jsonType.label": "String"
}
}
],
"defaultClientScopes": [
"web-origins",
"acr",
"profile",
"roles",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
],
"authorizationSettings": {
"allowRemoteResourceManagement": true,
"policyEnforcementMode": "ENFORCING",
"resources": [
{
"name": "everything",
"ownerManagedAccess": false,
"attributes": {},
"_id": "446bdcf4-a3bd-41c7-a0f8-67a225ba6b57",
"uris": ["/*"],
"scopes": [
{
"name": "read"
},
{
"name": "update"
},
{
"name": "delete"
},
{
"name": "instantiate"
}
]
},
Squashed 'spiffworkflow-backend/' changes from 03bf7a61..10c443a2 10c443a2 Merge pull request #130 from sartography/feature/data 71c803aa allow passing in the log level into the app w/ burnettk daeb82d9 Merge pull request #126 from sartography/dependabot/pip/typing-extensions-4.4.0 14c8f52c Merge pull request #123 from sartography/dependabot/pip/dot-github/workflows/poetry-1.2.2 92d204e6 Merge remote-tracking branch 'origin/main' into feature/data 1cb77901 run the save all bpmn script on server boot w/ burnettk 16a6f476 Bump typing-extensions from 4.3.0 to 4.4.0 d8ac61fc Bump poetry from 1.2.1 to 1.2.2 in /.github/workflows 3be27786 Merge pull request #131 from sartography/feature/permissions2 1fd8fc78 Merge remote-tracking branch 'origin/main' into feature/permissions2 d29621ae data setup on app boot 0b21a5d4 refactor bin/save_all_bpmn.py into service code 02fb9d61 lint c95db461 refactor scripts 98628fc2 This caused a problem with scopes when token timed out. d8b2323b merged in main and resolved conflicts d01b4fc7 updated sentry-sdk to resolve deprecation warnings 5851ddf5 update for mypy in python 3.9 508f9900 merged in main and resolved conflicts 68d69978 precommit w/ burnettk 85a4ee16 removed debug print statements w/ burnettk 93eb91f4 added keycloak configs and user perms for staging w/ burnettk e4ded8fc added method to import permissions from yml file w/ burnettk 22ba89ae use percents instead of asterisks to better support db syntax w/ burnettk 0c116ae8 postgres does not use backticks w/ burnettk 621ad3ef attempting to see if sql like statement works in other dbs as well w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 10c443a2d82752e8ed9d1679afe6409d81029006
2022-10-12 19:28:52 +00:00
{
"name": "Default Resource",
"type": "urn:spiffworkflow-backend:resources:default",
"ownerManagedAccess": false,
"attributes": {},
"_id": "8e00e4a3-3fff-4521-b7f0-95f66c2f79d2",
"uris": ["/*"]
},
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 14:22:22 +00:00
{
"name": "process-model-with-repeating-form-crud",
"type": "process-model",
"ownerManagedAccess": false,
"displayName": "process-model-with-repeating-form-crud",
"attributes": {
"test_resource_att1": ["this_is_the_value"]
},
"_id": "e294304c-796e-4c56-bdf2-8c854f65db59",
"uris": [
"/process-models/category_number_one/process-model-with-repeating-form"
],
"scopes": [
{
"name": "read"
},
{
"name": "update"
},
{
"name": "delete"
},
{
"name": "instantiate"
}
]
}
],
"policies": [
{
"id": "048d043e-d98c-44d8-8c85-656ba117053e",
"name": "repeat-form-role-policy",
"type": "role",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"config": {
"roles": "[{\"id\":\"spiffworkflow-backend/repeat-form-role-2\",\"required\":false}]"
}
},
{
"id": "ac55237b-6ec9-4f66-bb8e-bee94a5bb5e9",
"name": "admins have everything",
"type": "role",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"config": {
"roles": "[{\"id\":\"spiffworkflow-backend/spiffworkflow-admin\",\"required\":false}]"
}
},
{
"id": "7dac9bea-d415-4bc4-8817-7a71c2b3ce32",
"name": "Default Policy",
"description": "A policy that grants access only for users within this realm",
"type": "role",
"logic": "POSITIVE",
"decisionStrategy": "AFFIRMATIVE",
"config": {
"roles": "[{\"id\":\"spiffworkflow-backend/repeat-form-role-2\",\"required\":false}]"
}
},
{
"id": "5133ae0b-5e90-48a6-bdd9-3f323e10c44d",
"name": "repeat-form-read",
"type": "scope",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"config": {
"resources": "[\"process-model-with-repeating-form-crud\"]",
"scopes": "[\"read\"]",
"applyPolicies": "[\"repeat-form-role-policy\"]"
}
},
{
"id": "0a86ae38-7460-4bc2-b1f9-f933531303ac",
"name": "all_permissions",
"type": "resource",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"config": {
"resources": "[\"everything\"]",
"applyPolicies": "[\"admins have everything\"]"
}
},
{
"id": "4b634627-51d9-4257-91d9-29503490e4fb",
"name": "Default Permission",
"description": "A permission that applies to the default resource type",
"type": "resource",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"config": {
"defaultResourceType": "urn:spiffworkflow-backend:resources:default",
"applyPolicies": "[\"Default Policy\"]"
}
}
],
"scopes": [
{
"id": "c03b5c4e-f1bb-4066-8666-3c8a6f44ddb3",
"name": "read",
"displayName": "read"
},
{
"id": "f55c3e81-9257-4618-9acb-32c57fc561a6",
"name": "update",
"displayName": "update"
},
{
"id": "c8628417-7ffa-4675-9cda-955df62ea1db",
"name": "delete",
"displayName": "delete"
},
{
"id": "50ef4129-aa88-4ecd-9afe-c7e5a1b66142",
"name": "instantiate",
"displayName": "instantiate"
}
],
"decisionStrategy": "UNANIMOUS"
}
},
{
"id": "9f340eba-2b84-43d0-a976-010e270e3981",
"clientId": "spiffworkflow-frontend",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"redirectUris": [
"http://localhost:7001/*",
Squashed 'spiffworkflow-backend/' changes from 3fff3539..593f33ca 593f33ca wait for db to be ready option 706094a8 demo env and no ssl for spiff realm on that env git-subtree-dir: spiffworkflow-backend git-subtree-split: 593f33ca52ffb049fefd529c3a6bc011cb62e950
2022-10-17 02:32:16 +00:00
"http://67.205.133.116:7000/*",
Squashed 'spiffworkflow-backend/' changes from 2fbc6777b..ffb6d366f ffb6d366f added natalia to keycloak configs w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: ffb6d366f932ccfebad337fd4ca36ff3ba445413
2022-10-18 14:22:31 +00:00
"http://167.172.242.138:7001/*",
Squashed 'spiffworkflow-backend/' changes from 0de4c06d0..4d7e5e531 4d7e5e531 we will set these at runtime 39c9e8785 templated SPIFF_SUBDOMAIN for keycloak 1a51f9091 update flask-bpmn 354e6edb1 Merge pull request #8 from sartography/feature/clean_up_sentry_errors 0c11a0b75 pyl passes w/ burnettk 9c57a876e avoid sending two errors to sentry w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 4d7e5e53185431b113eb7c038b687134499422c8
2022-10-28 02:03:49 +00:00
"https://api.{{SPIFF_SUBDOMAIN}}.spiffworkflow.org/*",
Squashed 'spiffworkflow-backend/' changes from 2fbc6777b..ffb6d366f ffb6d366f added natalia to keycloak configs w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: ffb6d366f932ccfebad337fd4ca36ff3ba445413
2022-10-18 14:22:31 +00:00
"https://api.demo.spiffworkflow.org/*"
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 14:22:22 +00:00
],
"webOrigins": ["*"],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": false,
"publicClient": true,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {
"saml.force.post.binding": "false",
"saml.multivalued.roles": "false",
"frontchannel.logout.session.required": "false",
Squashed 'spiffworkflow-backend/' changes from 945b3c0d..653a86b1 653a86b1 update keycloak version and lint df1443e3 new keycloak realm json with 30 minute access token lifespan and 1 day refresh token lifespan ac31f4bf wait longer before importing realms for new keycloak w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 653a86b1aebebd8248f735d28cf91664585cb378
2022-10-24 21:53:02 +00:00
"post.logout.redirect.uris": "+",
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 14:22:22 +00:00
"oauth2.device.authorization.grant.enabled": "false",
"backchannel.logout.revoke.offline.tokens": "false",
"saml.server.signature.keyinfo.ext": "false",
"use.refresh.tokens": "true",
"oidc.ciba.grant.enabled": "false",
"backchannel.logout.session.required": "true",
"client_credentials.use_refresh_token": "false",
"require.pushed.authorization.requests": "false",
"saml.client.signature": "false",
"saml.allow.ecp.flow": "false",
"id.token.as.detached.signature": "false",
"saml.assertion.signature": "false",
"saml.encrypt": "false",
"saml.server.signature": "false",
"exclude.session.state.from.auth.response": "false",
"saml.artifact.binding": "false",
"saml_force_name_id_format": "false",
"acr.loa.map": "{}",
"tls.client.certificate.bound.access.tokens": "false",
"saml.authnstatement": "false",
"display.on.consent.screen": "false",
"token.response.type.bearer.lower-case": "false",
"saml.onetimeuse.condition": "false"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": true,
"nodeReRegistrationTimeout": -1,
"defaultClientScopes": [
"web-origins",
"acr",
"profile",
"roles",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
]
},
{
"id": "5d94a8c3-f56b-4eff-ac39-8580053a7fbe",
"clientId": "withAuth",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"secret": "6o8kIKQznQtejHOdRhWeKorBJclMGcgA",
"redirectUris": [
"http://localhost:7001/*",
Squashed 'spiffworkflow-backend/' changes from 3fff3539..593f33ca 593f33ca wait for db to be ready option 706094a8 demo env and no ssl for spiff realm on that env git-subtree-dir: spiffworkflow-backend git-subtree-split: 593f33ca52ffb049fefd529c3a6bc011cb62e950
2022-10-17 02:32:16 +00:00
"http://67.205.133.116:7000/*",
Squashed 'spiffworkflow-backend/' changes from 2fbc6777b..ffb6d366f ffb6d366f added natalia to keycloak configs w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: ffb6d366f932ccfebad337fd4ca36ff3ba445413
2022-10-18 14:22:31 +00:00
"http://167.172.242.138:7001/*",
Squashed 'spiffworkflow-backend/' changes from 0de4c06d0..4d7e5e531 4d7e5e531 we will set these at runtime 39c9e8785 templated SPIFF_SUBDOMAIN for keycloak 1a51f9091 update flask-bpmn 354e6edb1 Merge pull request #8 from sartography/feature/clean_up_sentry_errors 0c11a0b75 pyl passes w/ burnettk 9c57a876e avoid sending two errors to sentry w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 4d7e5e53185431b113eb7c038b687134499422c8
2022-10-28 02:03:49 +00:00
"https://api.{{SPIFF_SUBDOMAIN}}.spiffworkflow.org/*",
Squashed 'spiffworkflow-backend/' changes from 2fbc6777b..ffb6d366f ffb6d366f added natalia to keycloak configs w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: ffb6d366f932ccfebad337fd4ca36ff3ba445413
2022-10-18 14:22:31 +00:00
"https://api.demo.spiffworkflow.org/*"
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 14:22:22 +00:00
],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": true,
"authorizationServicesEnabled": true,
"publicClient": false,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {
"saml.force.post.binding": "false",
"saml.multivalued.roles": "false",
"frontchannel.logout.session.required": "false",
Squashed 'spiffworkflow-backend/' changes from 945b3c0d..653a86b1 653a86b1 update keycloak version and lint df1443e3 new keycloak realm json with 30 minute access token lifespan and 1 day refresh token lifespan ac31f4bf wait longer before importing realms for new keycloak w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 653a86b1aebebd8248f735d28cf91664585cb378
2022-10-24 21:53:02 +00:00
"post.logout.redirect.uris": "+",
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 14:22:22 +00:00
"oauth2.device.authorization.grant.enabled": "false",
"backchannel.logout.revoke.offline.tokens": "false",
"saml.server.signature.keyinfo.ext": "false",
"use.refresh.tokens": "true",
"oidc.ciba.grant.enabled": "false",
"backchannel.logout.session.required": "true",
"client_credentials.use_refresh_token": "false",
"require.pushed.authorization.requests": "false",
"saml.client.signature": "false",
"saml.allow.ecp.flow": "false",
"id.token.as.detached.signature": "false",
"saml.assertion.signature": "false",
"client.secret.creation.time": "1657055472",
"saml.encrypt": "false",
"saml.server.signature": "false",
"exclude.session.state.from.auth.response": "false",
"saml.artifact.binding": "false",
"saml_force_name_id_format": "false",
"acr.loa.map": "{}",
"tls.client.certificate.bound.access.tokens": "false",
"saml.authnstatement": "false",
"display.on.consent.screen": "false",
"token.response.type.bearer.lower-case": "false",
"saml.onetimeuse.condition": "false"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": true,
"nodeReRegistrationTimeout": -1,
"protocolMappers": [
{
"id": "abfc756f-fc57-45b4-8a40-0cd0f8081f0c",
"name": "Client ID",
"protocol": "openid-connect",
"protocolMapper": "oidc-usersessionmodel-note-mapper",
"consentRequired": false,
"config": {
"user.session.note": "clientId",
"userinfo.token.claim": "true",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "clientId",
"jsonType.label": "String"
}
},
{
"id": "c05d38b7-9b4d-4286-b40c-f48b3cca42e3",
"name": "Client Host",
"protocol": "openid-connect",
"protocolMapper": "oidc-usersessionmodel-note-mapper",
"consentRequired": false,
"config": {
"user.session.note": "clientHost",
"userinfo.token.claim": "true",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "clientHost",
"jsonType.label": "String"
}
},
{
"id": "b27d0bd8-b8d9-43cb-a07a-3ec4bdc818dc",
"name": "Client IP Address",
"protocol": "openid-connect",
"protocolMapper": "oidc-usersessionmodel-note-mapper",
"consentRequired": false,
"config": {
"user.session.note": "clientAddress",
"userinfo.token.claim": "true",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "clientAddress",
"jsonType.label": "String"
}
}
],
"defaultClientScopes": [
"web-origins",
"acr",
"profile",
"roles",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
],
"authorizationSettings": {
"allowRemoteResourceManagement": true,
"policyEnforcementMode": "ENFORCING",
"resources": [
{
"name": "Default Resource",
"type": "urn:withAuth:resources:default",
"ownerManagedAccess": false,
"attributes": {},
"_id": "c882ad40-c15d-4f88-ad60-c2ea2f486ce2",
"uris": ["/*"]
}
],
"policies": [
{
"id": "b8b338bc-884d-43cf-96d8-3776f2b220f3",
"name": "Default Policy",
"description": "A policy that grants access only for users within this realm",
"type": "role",
"logic": "POSITIVE",
"decisionStrategy": "AFFIRMATIVE",
"config": {
"roles": "[{\"id\":\"spiffworkflow-backend/repeat-form-role-2\",\"required\":false}]"
}
},
{
"id": "4f5afa22-0fdf-4ed7-97b9-35400591bf6f",
"name": "Default Permission",
"description": "A permission that applies to the default resource type",
"type": "resource",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"config": {
"defaultResourceType": "urn:withAuth:resources:default",
"applyPolicies": "[\"Default Policy\"]"
}
}
],
"scopes": [],
"decisionStrategy": "UNANIMOUS"
}
}
],
"clientScopes": [
{
"id": "fa3d9944-cf66-4af9-b931-1f3b02943e5b",
"name": "acr",
"description": "OpenID Connect scope for add acr (authentication context class reference) to the token",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "false",
"display.on.consent.screen": "false"
},
"protocolMappers": [
{
"id": "12ad0a69-d414-4b5b-9f5f-b647db5f8959",
"name": "acr loa level",
"protocol": "openid-connect",
"protocolMapper": "oidc-acr-mapper",
"consentRequired": false,
"config": {
"id.token.claim": "true",
"access.token.claim": "true",
"userinfo.token.claim": "true"
}
}
]
},
{
"id": "4e69d058-1229-4704-9411-decf25da0a49",
"name": "profile",
"description": "OpenID Connect built-in scope: profile",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"display.on.consent.screen": "true",
"consent.screen.text": "${profileScopeConsentText}"
},
"protocolMappers": [
{
"id": "d0d7334e-3f11-45d2-9670-46dbc1977cb2",
"name": "full name",
"protocol": "openid-connect",
"protocolMapper": "oidc-full-name-mapper",
"consentRequired": false,
"config": {
"id.token.claim": "true",
"access.token.claim": "true",
"userinfo.token.claim": "true"
}
},
{
"id": "4efcf169-4df2-4cdb-b331-005aff1cee28",
"name": "website",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "website",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "website",
"jsonType.label": "String"
}
},
{
"id": "3f639f2f-cf0e-4651-ab93-15a77023b5a0",
"name": "given name",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "firstName",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "given_name",
"jsonType.label": "String"
}
},
{
"id": "16e93663-bf6a-4f6d-b5ab-8e68bf118f72",
"name": "nickname",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "nickname",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "nickname",
"jsonType.label": "String"
}
},
{
"id": "b9c97283-8153-4c4d-b8d8-dd1bde17823b",
"name": "username",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "username",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "preferred_username",
"jsonType.label": "String"
}
},
{
"id": "eeead6c7-1dae-4be1-9eca-988ffb38aaf4",
"name": "zoneinfo",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "zoneinfo",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "zoneinfo",
"jsonType.label": "String"
}
},
{
"id": "d62991bc-2583-42be-bb08-8d1527c4f162",
"name": "family name",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "lastName",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "family_name",
"jsonType.label": "String"
}
},
{
"id": "9f761222-f84d-4a25-a53f-13e196d38a46",
"name": "profile",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "profile",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "profile",
"jsonType.label": "String"
}
},
{
"id": "ec866e3c-582f-4c99-920f-d57cf03d772d",
"name": "gender",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "gender",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "gender",
"jsonType.label": "String"
}
},
{
"id": "b05e679c-e00e-427e-8e47-0a4fd411c7a6",
"name": "updated at",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "updatedAt",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "updated_at",
"jsonType.label": "long"
}
},
{
"id": "505ff402-5533-48ea-91f9-ab4804c3826b",
"name": "middle name",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "middleName",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "middle_name",
"jsonType.label": "String"
}
},
{
"id": "d546af31-b669-442b-9a9d-8a6478364002",
"name": "picture",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "picture",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "picture",
"jsonType.label": "String"
}
},
{
"id": "5a75c993-290f-4bfb-9044-5d7d269378b2",
"name": "birthdate",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "birthdate",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "birthdate",
"jsonType.label": "String"
}
},
{
"id": "2d387240-0f2f-4f30-8464-0e7c57946743",
"name": "locale",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "locale",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "locale",
"jsonType.label": "String"
}
}
]
},
{
"id": "2efee39d-723c-44af-9eb1-4dde9635b249",
"name": "email",
"description": "OpenID Connect built-in scope: email",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"display.on.consent.screen": "true",
"consent.screen.text": "${emailScopeConsentText}"
},
"protocolMappers": [
{
"id": "5bf7db0f-a915-43c2-bff4-475ee5c3259b",
"name": "email",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "email",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "email",
"jsonType.label": "String"
}
},
{
"id": "687a8c7d-c93f-47d9-a176-78b0954429c7",
"name": "email verified",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "emailVerified",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "email_verified",
"jsonType.label": "boolean"
}
}
]
},
{
"id": "4a7737cf-83e3-40e1-b36d-9566b34e4148",
"name": "phone",
"description": "OpenID Connect built-in scope: phone",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"display.on.consent.screen": "true",
"consent.screen.text": "${phoneScopeConsentText}"
},
"protocolMappers": [
{
"id": "14bd2816-a2f3-4fde-9ac2-452dea2e9e58",
"name": "phone number",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "phoneNumber",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "phone_number",
"jsonType.label": "String"
}
},
{
"id": "6172e315-8999-4df8-89fa-75ffd1981793",
"name": "phone number verified",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "phoneNumberVerified",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "phone_number_verified",
"jsonType.label": "boolean"
}
}
]
},
{
"id": "5ad0c621-d3ec-4018-98c8-d6fb630d661f",
"name": "microprofile-jwt",
"description": "Microprofile - JWT built-in scope",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"display.on.consent.screen": "false"
},
"protocolMappers": [
{
"id": "252fdd9f-cc91-4ca3-aaab-cdf053360e94",
"name": "groups",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-realm-role-mapper",
"consentRequired": false,
"config": {
"multivalued": "true",
"userinfo.token.claim": "true",
"user.attribute": "foo",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "groups",
"jsonType.label": "String"
}
},
{
"id": "8e9b880e-6dd8-4e2f-ade2-77fc8fd0bc6d",
"name": "upn",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "username",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "upn",
"jsonType.label": "String"
}
}
]
},
{
"id": "77ca4f26-3777-451b-a907-e258f46f7b95",
"name": "roles",
"description": "OpenID Connect scope for add user roles to the access token",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "false",
"display.on.consent.screen": "true",
"consent.screen.text": "${rolesScopeConsentText}"
},
"protocolMappers": [
{
"id": "e7ebb9c0-5ed3-4c6f-bb69-22e01d26b49f",
"name": "audience resolve",
"protocol": "openid-connect",
"protocolMapper": "oidc-audience-resolve-mapper",
"consentRequired": false,
"config": {}
},
{
"id": "66fd470f-419e-44cd-822e-43df8ee5fe1b",
"name": "realm roles",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-realm-role-mapper",
"consentRequired": false,
"config": {
"user.attribute": "foo",
"access.token.claim": "true",
"claim.name": "realm_access.roles",
"jsonType.label": "String",
"multivalued": "true"
}
},
{
"id": "f3c313bc-7da7-4cf6-a0df-b62e77209b7c",
"name": "client roles",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-client-role-mapper",
"consentRequired": false,
"config": {
"user.attribute": "foo",
"access.token.claim": "true",
"claim.name": "resource_access.${client_id}.roles",
"jsonType.label": "String",
"multivalued": "true"
}
}
]
},
{
"id": "3e9849f5-15ff-43c6-b929-40f26fda2c05",
"name": "offline_access",
"description": "OpenID Connect built-in scope: offline_access",
"protocol": "openid-connect",
"attributes": {
"consent.screen.text": "${offlineAccessScopeConsentText}",
"display.on.consent.screen": "true"
}
},
{
"id": "ffda6ea6-8add-4c7e-9754-66d00c6735a1",
"name": "web-origins",
"description": "OpenID Connect scope for add allowed web origins to the access token",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "false",
"display.on.consent.screen": "false",
"consent.screen.text": ""
},
"protocolMappers": [
{
"id": "05635d42-8bb3-440b-b871-b64c97f524da",
"name": "allowed web origins",
"protocol": "openid-connect",
"protocolMapper": "oidc-allowed-origins-mapper",
"consentRequired": false,
"config": {}
}
]
},
{
"id": "6f56ae2b-253f-40f7-ba99-e8c5bbc71423",
"name": "role_list",
"description": "SAML role list",
"protocol": "saml",
"attributes": {
"consent.screen.text": "${samlRoleListScopeConsentText}",
"display.on.consent.screen": "true"
},
"protocolMappers": [
{
"id": "7036c17a-9306-4481-82a1-d8d9d77077e5",
"name": "role list",
"protocol": "saml",
"protocolMapper": "saml-role-list-mapper",
"consentRequired": false,
"config": {
"single": "false",
"attribute.nameformat": "Basic",
"attribute.name": "Role"
}
}
]
},
{
"id": "ce4493c0-ccb4-45f9-a46e-a40cc3f6d4b2",
"name": "address",
"description": "OpenID Connect built-in scope: address",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"display.on.consent.screen": "true",
"consent.screen.text": "${addressScopeConsentText}"
},
"protocolMappers": [
{
"id": "8a0d3248-d231-40b2-9b8e-3d63bd5a5d12",
"name": "address",
"protocol": "openid-connect",
"protocolMapper": "oidc-address-mapper",
"consentRequired": false,
"config": {
"user.attribute.formatted": "formatted",
"user.attribute.country": "country",
"user.attribute.postal_code": "postal_code",
"userinfo.token.claim": "true",
"user.attribute.street": "street",
"id.token.claim": "true",
"user.attribute.region": "region",
"access.token.claim": "true",
"user.attribute.locality": "locality"
}
}
]
}
],
"defaultDefaultClientScopes": [
"email",
"profile",
"role_list",
"roles",
"acr",
"web-origins"
],
"defaultOptionalClientScopes": [
"offline_access",
"phone",
"microprofile-jwt",
"address"
],
"browserSecurityHeaders": {
"contentSecurityPolicyReportOnly": "",
"xContentTypeOptions": "nosniff",
"xRobotsTag": "none",
"xFrameOptions": "SAMEORIGIN",
"contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
"xXSSProtection": "1; mode=block",
"strictTransportSecurity": "max-age=31536000; includeSubDomains"
},
"smtpServer": {},
"eventsEnabled": false,
"eventsListeners": ["jboss-logging"],
"enabledEventTypes": [],
"adminEventsEnabled": false,
"adminEventsDetailsEnabled": false,
"identityProviders": [],
"identityProviderMappers": [],
"components": {
"org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [
{
"id": "b8617465-1c84-4a5f-a16f-a6f10f0f66b1",
"name": "Trusted Hosts",
"providerId": "trusted-hosts",
"subType": "anonymous",
"subComponents": {},
"config": {
"host-sending-registration-request-must-match": ["true"],
"client-uris-must-match": ["true"]
}
},
{
"id": "6061713a-c1f5-46e1-adfb-762b8768976a",
"name": "Allowed Protocol Mapper Types",
"providerId": "allowed-protocol-mappers",
"subType": "authenticated",
"subComponents": {},
"config": {
"allowed-protocol-mapper-types": [
Squashed 'spiffworkflow-backend/' changes from 2fbc6777b..ffb6d366f ffb6d366f added natalia to keycloak configs w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: ffb6d366f932ccfebad337fd4ca36ff3ba445413
2022-10-18 14:22:31 +00:00
"oidc-full-name-mapper",
Squashed 'spiffworkflow-backend/' changes from 945b3c0d..653a86b1 653a86b1 update keycloak version and lint df1443e3 new keycloak realm json with 30 minute access token lifespan and 1 day refresh token lifespan ac31f4bf wait longer before importing realms for new keycloak w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 653a86b1aebebd8248f735d28cf91664585cb378
2022-10-24 21:53:02 +00:00
"oidc-usermodel-property-mapper",
"oidc-sha256-pairwise-sub-mapper",
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 14:22:22 +00:00
"saml-user-property-mapper",
Squashed 'spiffworkflow-backend/' changes from 945b3c0d..653a86b1 653a86b1 update keycloak version and lint df1443e3 new keycloak realm json with 30 minute access token lifespan and 1 day refresh token lifespan ac31f4bf wait longer before importing realms for new keycloak w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 653a86b1aebebd8248f735d28cf91664585cb378
2022-10-24 21:53:02 +00:00
"oidc-usermodel-attribute-mapper",
Squashed 'spiffworkflow-backend/' changes from 03bf7a61..10c443a2 10c443a2 Merge pull request #130 from sartography/feature/data 71c803aa allow passing in the log level into the app w/ burnettk daeb82d9 Merge pull request #126 from sartography/dependabot/pip/typing-extensions-4.4.0 14c8f52c Merge pull request #123 from sartography/dependabot/pip/dot-github/workflows/poetry-1.2.2 92d204e6 Merge remote-tracking branch 'origin/main' into feature/data 1cb77901 run the save all bpmn script on server boot w/ burnettk 16a6f476 Bump typing-extensions from 4.3.0 to 4.4.0 d8ac61fc Bump poetry from 1.2.1 to 1.2.2 in /.github/workflows 3be27786 Merge pull request #131 from sartography/feature/permissions2 1fd8fc78 Merge remote-tracking branch 'origin/main' into feature/permissions2 d29621ae data setup on app boot 0b21a5d4 refactor bin/save_all_bpmn.py into service code 02fb9d61 lint c95db461 refactor scripts 98628fc2 This caused a problem with scopes when token timed out. d8b2323b merged in main and resolved conflicts d01b4fc7 updated sentry-sdk to resolve deprecation warnings 5851ddf5 update for mypy in python 3.9 508f9900 merged in main and resolved conflicts 68d69978 precommit w/ burnettk 85a4ee16 removed debug print statements w/ burnettk 93eb91f4 added keycloak configs and user perms for staging w/ burnettk e4ded8fc added method to import permissions from yml file w/ burnettk 22ba89ae use percents instead of asterisks to better support db syntax w/ burnettk 0c116ae8 postgres does not use backticks w/ burnettk 621ad3ef attempting to see if sql like statement works in other dbs as well w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 10c443a2d82752e8ed9d1679afe6409d81029006
2022-10-12 19:28:52 +00:00
"oidc-address-mapper",
Squashed 'spiffworkflow-backend/' changes from 945b3c0d..653a86b1 653a86b1 update keycloak version and lint df1443e3 new keycloak realm json with 30 minute access token lifespan and 1 day refresh token lifespan ac31f4bf wait longer before importing realms for new keycloak w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 653a86b1aebebd8248f735d28cf91664585cb378
2022-10-24 21:53:02 +00:00
"saml-role-list-mapper",
"saml-user-attribute-mapper"
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 14:22:22 +00:00
]
}
},
{
"id": "d68e938d-dde6-47d9-bdc8-8e8523eb08cd",
"name": "Max Clients Limit",
"providerId": "max-clients",
"subType": "anonymous",
"subComponents": {},
"config": {
"max-clients": ["200"]
}
},
{
"id": "1209fa5d-37df-4f9a-b4fa-4a3cd94e21fe",
"name": "Allowed Protocol Mapper Types",
"providerId": "allowed-protocol-mappers",
"subType": "anonymous",
"subComponents": {},
"config": {
"allowed-protocol-mapper-types": [
Squashed 'spiffworkflow-backend/' changes from 2fbc6777b..ffb6d366f ffb6d366f added natalia to keycloak configs w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: ffb6d366f932ccfebad337fd4ca36ff3ba445413
2022-10-18 14:22:31 +00:00
"oidc-full-name-mapper",
Squashed 'spiffworkflow-backend/' changes from 945b3c0d..653a86b1 653a86b1 update keycloak version and lint df1443e3 new keycloak realm json with 30 minute access token lifespan and 1 day refresh token lifespan ac31f4bf wait longer before importing realms for new keycloak w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 653a86b1aebebd8248f735d28cf91664585cb378
2022-10-24 21:53:02 +00:00
"saml-user-property-mapper",
Squashed 'spiffworkflow-backend/' changes from 2fbc6777b..ffb6d366f ffb6d366f added natalia to keycloak configs w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: ffb6d366f932ccfebad337fd4ca36ff3ba445413
2022-10-18 14:22:31 +00:00
"oidc-usermodel-attribute-mapper",
Squashed 'spiffworkflow-backend/' changes from 945b3c0d..653a86b1 653a86b1 update keycloak version and lint df1443e3 new keycloak realm json with 30 minute access token lifespan and 1 day refresh token lifespan ac31f4bf wait longer before importing realms for new keycloak w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 653a86b1aebebd8248f735d28cf91664585cb378
2022-10-24 21:53:02 +00:00
"saml-role-list-mapper",
Squashed 'spiffworkflow-backend/' changes from 2fbc6777b..ffb6d366f ffb6d366f added natalia to keycloak configs w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: ffb6d366f932ccfebad337fd4ca36ff3ba445413
2022-10-18 14:22:31 +00:00
"oidc-sha256-pairwise-sub-mapper",
Squashed 'spiffworkflow-backend/' changes from 945b3c0d..653a86b1 653a86b1 update keycloak version and lint df1443e3 new keycloak realm json with 30 minute access token lifespan and 1 day refresh token lifespan ac31f4bf wait longer before importing realms for new keycloak w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 653a86b1aebebd8248f735d28cf91664585cb378
2022-10-24 21:53:02 +00:00
"oidc-usermodel-property-mapper",
"saml-user-attribute-mapper",
"oidc-address-mapper"
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 14:22:22 +00:00
]
}
},
{
"id": "3854361d-3fe5-47fb-9417-a99592e3dc5c",
"name": "Allowed Client Scopes",
"providerId": "allowed-client-templates",
"subType": "authenticated",
"subComponents": {},
"config": {
"allow-default-scopes": ["true"]
}
},
{
"id": "4c4076ec-68ed-46c1-b0a5-3c8ed08dd4f6",
"name": "Consent Required",
"providerId": "consent-required",
"subType": "anonymous",
"subComponents": {},
"config": {}
},
{
"id": "bbbe2ea2-2a36-494b-b57f-8b202740ebf4",
"name": "Full Scope Disabled",
"providerId": "scope",
"subType": "anonymous",
"subComponents": {},
"config": {}
},
{
"id": "41eef3e1-bf71-4e8a-b729-fea8eb16b5d8",
"name": "Allowed Client Scopes",
"providerId": "allowed-client-templates",
"subType": "anonymous",
"subComponents": {},
"config": {
"allow-default-scopes": ["true"]
}
}
],
"org.keycloak.userprofile.UserProfileProvider": [
{
Squashed 'spiffworkflow-backend/' changes from 945b3c0d..653a86b1 653a86b1 update keycloak version and lint df1443e3 new keycloak realm json with 30 minute access token lifespan and 1 day refresh token lifespan ac31f4bf wait longer before importing realms for new keycloak w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 653a86b1aebebd8248f735d28cf91664585cb378
2022-10-24 21:53:02 +00:00
"id": "576f8c6a-00e6-45dd-a63d-614100fb2cc4",
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 14:22:22 +00:00
"providerId": "declarative-user-profile",
"subComponents": {},
"config": {}
}
],
"org.keycloak.keys.KeyProvider": [
{
"id": "1f9958a4-b3ac-4a1b-af95-fd8e6053864a",
"name": "hmac-generated",
"providerId": "hmac-generated",
"subComponents": {},
"config": {
"kid": ["4e99c641-0494-49d5-979f-45cb5126f6f1"],
"secret": [
"4wV4voiQmFajEegv83Ugd8DxFoy3JpN4YzO5qMx4XfB7Abq8NKU4Az5AkSpxYBSdb5GJEQypA4aLmnaDyCWLIw"
],
"priority": ["100"],
"algorithm": ["HS256"]
}
},
{
"id": "70fe0720-f3b7-47b4-a625-ae8fb6635da1",
"name": "aes-generated",
"providerId": "aes-generated",
"subComponents": {},
"config": {
"kid": ["76118b54-fc74-4149-9028-fab1fdc07860"],
"secret": ["DvxTn0KA4TEUPqSFBw8qAw"],
"priority": ["100"]
}
},
{
"id": "a12fdd97-1d72-4d9e-9e6a-f9e0b5d4e5f0",
"name": "rsa-generated",
"providerId": "rsa-generated",
"subComponents": {},
"config": {
"privateKey": [
"MIIEpAIBAAKCAQEAimbfmG2pL3qesWhUrQayRyYBbRFE0Ul5Ii/AW8Kq6Kad9R2n2sT2BvXWnsWBH6KuINUFJz3Tb+gWy235Jy0Idmekwx63JR20//ZJ7dyQ+b1iadmYPpqyixGL7NrVxQYT0AEGLcD/Fwsh869F3jgfQt7N15q2arRnOrW5NMwi+IvtHxZRZ3UluxShut2577ef8cakwCv4zoTV29y+Z3XhtlKZ4WOCuqIHL3SRHwNkb+k8cY0Gwc88FHl/ihFR0fX/lc7W2AHRd98ex8il4kBFfShBZur8ZLE7QWQdXRY2EYYr3D/W6/5wf/R2fAvbVmGzcYGZ2qm6d+K1XH8VU3X84wIDAQABAoIBABXXrHwa+nOCz57CD3MLNoGiDuGOsySwisyJartQmraC7TTtDDurkASDMe72zq0WeJK368tIp6DmqQpL/eFf6xD8xHUC2PajnJg033AJuluftvNroupmcb0e9M1ZsBkbH29Zagc4iUmyuRYDWGx8wPpFvYjEYvuuIwiR+3vIp9A/0ZbcBwdtml3Of5gYTXChPj28PrA4K7oFib2Zu1aYCBEdF8h9bKRF/UlvyWeSajjddexSQ6gkEjzAEMpliCDbOGSFGwNu1pY7FF4EpyJbalzdpn44m5v9bqfS9/CDrIOOUus88Nn5wCD2OAmAQnWn0Hnh7at4A5fw3VBUmEt70ckCgYEAx0Fg8Gp3SuMaytrf9HJHJcltyDRsdSxysF1ZvDV9cDUsD28QOa/wFJRVsABxqElU+W6QEc20NMgOHVyPFed5UhQA6WfmydzGIcF5C6T5IbE/5Uk3ptGuPdI0aR7rlRfefQOnUBr28dz5UDBTb93t9+Klxcss+nLGRbugnFBAtTUCgYEAsdD+92nuF/GfET97vbHxtJ6+epHddttWlsa5PVeVOZBE/LUsOZRxmxm4afvZGOkhUrvmA1+U0arcp9crS5+Ol2LUGh/9efqLvoBImBxLwB37VcIYLJi0EVPrhVPh+9r3vah1YMBhtapS0VtuEZOr47Yz7asBg1s1Z06l+bD1JLcCgYA+3YS9NYn/qZl5aQcBs9B4vo2RfeC+M1DYDgvS0rmJ3mzRTcQ7vyOrCoXiarFxW/mgXN69jz4M7RVu9BX83jQrzj3fZjWteKdWXRlYsCseEzNKnwgc7MjhnmGEzQmc15QNs0plfqxs8MAEKcsZX1bGP873kbvWJMIjnCf3SWaxBQKBgQCh9zt2w19jIewA+vFMbXw7SGk6Hgk6zTlG50YtkMxU/YtJIAFjhUohu8DVkNhDr35x7MLribF1dYu9ueku3ew1CokmLsNkywllAVaebw+0s9qOV9hLLuC989HQxQJPtTj54SrhcPrPTZBYME7G5dqo9PrB3oTnUDoJmoLmOABjawKBgQCeyd12ShpKYHZS4ZvE87OfXanuNfpVxhcXOqYHpQz2W0a+oUu9e78MlwTVooR4O52W/Ohch2FPEzq/1DBjJrK6PrMY8DS018BIVpQ9DS35/Ga9NtSi8DX7jTXacYPwL9n/+//U3vw0mjaoMXgCv44nYu4ro62J6wvVM98hjQmLJw=="
],
"keyUse": ["SIG"],
"certificate": [
"MIICqTCCAZECBgGBz6+bXzANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1zcGlmZndvcmtmbG93MB4XDTIyMDcwNTE4NDUwMVoXDTMyMDcwNTE4NDY0MVowGDEWMBQGA1UEAwwNc3BpZmZ3b3JrZmxvdzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIpm35htqS96nrFoVK0GskcmAW0RRNFJeSIvwFvCquimnfUdp9rE9gb11p7FgR+iriDVBSc902/oFstt+SctCHZnpMMetyUdtP/2Se3ckPm9YmnZmD6asosRi+za1cUGE9ABBi3A/xcLIfOvRd44H0Lezdeatmq0Zzq1uTTMIviL7R8WUWd1JbsUobrdue+3n/HGpMAr+M6E1dvcvmd14bZSmeFjgrqiBy90kR8DZG/pPHGNBsHPPBR5f4oRUdH1/5XO1tgB0XffHsfIpeJARX0oQWbq/GSxO0FkHV0WNhGGK9w/1uv+cH/0dnwL21Zhs3GBmdqpunfitVx/FVN1/OMCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAaI7BEPZpf4MU7bMWmNgyfRTRDy5wtpyfuLPGHZ9EqtnvwwzsmlmXXsC55SLXx3wJETm+rFqeRFbo/hamlRajzzD317AUpE7nhnONTukmh6UuB8hXoWiQTD+YDYMy8kneSP4zvfm27F+TgUC4cvJSYuWVaCxFx52kxqW1hZkBzYUcfi21Qb1jRrbTbso37BxuVX+GdN015If3DPD6QnAhLPAYEFA9jiL16YeMdWHdvlXXmvriDegMUYQjFYPRh6iPzUEdG6KGHItF4AkOYBQAcoaYhfxpxofVlDdOqMZ/1c7AAbe4lR6/jYQ0CbHwdUu4dzJQe3vxr7GdxcB1ypvXPA=="
],
"priority": ["100"]
}
},
{
"id": "e16c740d-3ae2-4cc5-a68d-49d99e079672",
"name": "rsa-enc-generated",
"providerId": "rsa-enc-generated",
"subComponents": {},
"config": {
"privateKey": [
"MIIEowIBAAKCAQEAsqGsclDQDFSTn8HS1LiiNAnTwn3CS8HXPLDYMHr/jUQ8r5eD+vQY5ICh5V5c8l8J6ydbpzffFEKam54Ypp4yzaWJZ4huYBMf4vL7xrAZ4VXBreu16BIxOrThzrJe9WmI8+Annzo62mNYZbjf4WNpZDURmxZSo7v6Czprd5O6T4N5bxr8sjRRptZR8hxtrRvJnuC0jF+dLHIO5SKR1hUVG/gbpIBqGcsLkNC9nnS6M/N5YFzUIV5JhXo3+mrR/yvw7m+oS5yRsN0raCSXVenNP05Dhsd4FOYqoXBBcdgXXbiDxed0HWB/g5dASqyMydHriddGr8FU0W8/uZmF79wxPwIDAQABAoIBAFsWCaL5Bj1jWytZYDJMO5mhcTN5gPu0ShaObo66CVl1dCRtdEUg9xh9ZxBYf7ivMZWRKjEoUj44gDHd+d/sRyeJw3jhnraqydWl5TC5V1kJq4sN6GH/9M5kscf+OGGXgNgqcsnEnYICqm6kSLTbRkBstx+H0HfhQG09StNcpuIn4MsoMZT8XmZbXRLb3FhfpuTSX3t2nbSDRfUf7LI1EDnFQen/AJAA5lOHthLCdz4Gj1vfalOFjCMYOUWmL/mCDEb38F6QJZxkyhmS/r2kM09PFLOio6z3J8C8mVeq7uao0s5xAKj5SJqx4r+TTvL5aOF8JBWm8Hz1Vcip9/MjsQECgYEA/8Hpb4RggNyn+YzTxqxtPtbLFL0YywtNT+gutmJH1gyTjfx7p3dmA/NsdIeuJmBpZfA7oDXIqfj2M9QLfC5bdKnggQzrIO3BgClI88zOIWd229Bt6D1yx92k4+9eaRwOKBPn8+u0mCk8TBv32ecMLQ9o8AKNIHeCZQjByvOrIMECgYEAss0J3TzrRuEOpnxJ9fNOeB3rNpIFrpNua+oEQI4gDbBvyT7osBKkGqfXJpUQMftr8a6uBHLHV7/Wq6/aRkRhk+aER8h01DUIWGLmbCUdkFSJZ8iObMZQvURtckhzxxhYu0Ybwn0RJg/zzR4onTRO+eL1fTnb5Id55PyPt3Pp0f8CgYEAovDOoP6MYOyzk5h1/7gwrX04ytCicBGWQtdgk0/QBn3ir+3wdcPq2Y+HREKA3/BClfBUfIBnhGqZqHFqk8YQ/CWSY4Vwc30l71neIX0UwlFhdy+2JeSoMM9z0sfYtUxrdHsiJtO/LcXvpWmYIVpC9p4/s9FcShf5mhbXKE7PcsECgYBN7qqvAH94LF4rWJ8QEZWRK1E7Ptg1KFOHu79Qt+HmtZFzwPTA0c8vQxq22V/uuSxqcf2tOK4EZDxYJtTXrbRuN5pOg2PQnrDdfXX7iw3gu8gMMVFKvgGxDSM7HbNBAy6hqcQtuD+CPI/CRrPjGUqXBkKD63UZnacWlLK7fk1a1wKBgExUaqOBKmr0vldVn66E1XzZj4F4+fV5Ggka9289pBNBRlJFD4VmIYkDkOrLimyy2cYeCkocrOvF6HMJqTcOzD50pj44OWkYFRbs6vK0S7iLSX0eR158XOR9C+uZzp1vIA4sYwW3504HVdVoIU5M8ItSgDsFjGnvHopTGu3MBWPT"
],
"keyUse": ["ENC"],
"certificate": [
"MIICqTCCAZECBgGBz6+byzANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1zcGlmZndvcmtmbG93MB4XDTIyMDcwNTE4NDUwMVoXDTMyMDcwNTE4NDY0MVowGDEWMBQGA1UEAwwNc3BpZmZ3b3JrZmxvdzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALKhrHJQ0AxUk5/B0tS4ojQJ08J9wkvB1zyw2DB6/41EPK+Xg/r0GOSAoeVeXPJfCesnW6c33xRCmpueGKaeMs2liWeIbmATH+Ly+8awGeFVwa3rtegSMTq04c6yXvVpiPPgJ586OtpjWGW43+FjaWQ1EZsWUqO7+gs6a3eTuk+DeW8a/LI0UabWUfIcba0byZ7gtIxfnSxyDuUikdYVFRv4G6SAahnLC5DQvZ50ujPzeWBc1CFeSYV6N/pq0f8r8O5vqEuckbDdK2gkl1XpzT9OQ4bHeBTmKqFwQXHYF124g8XndB1gf4OXQEqsjMnR64nXRq/BVNFvP7mZhe/cMT8CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEArDDC7bYbuBg33PbUQi7P77lV7PuE9uQU1F3HqulhkARQeM/xmBdJRj9CHjj62shkI3An70tJtGBJkVAHltmvjC+A6IDO5I8IbnPkvWJFu9HwphdP/C1HXYmGPPe7yGdKpy6mdCZ+LMZP7BENhOlx9yXLDFYtcGvqZ4u3XvfsLqUsRGqZHNlhVJD13dUbI6pvbwMsb3gIxozgTIa2ySHMbHafln2UQk5jD0eOIVkaNAdlHqMHiBpPjkoVxnhAmJ/dUIAqKBvuIbCOu9N0kOQSl82LqC7CZ21JCyT86Ll3n1RTkxY5G3JzGW4dyJMOGSyVnWaQ9Z+C92ZMFcOt611M2A=="
],
"priority": ["100"],
"algorithm": ["RSA-OAEP"]
}
}
]
},
"internationalizationEnabled": false,
"supportedLocales": [],
"authenticationFlows": [
{
Squashed 'spiffworkflow-backend/' changes from 945b3c0d..653a86b1 653a86b1 update keycloak version and lint df1443e3 new keycloak realm json with 30 minute access token lifespan and 1 day refresh token lifespan ac31f4bf wait longer before importing realms for new keycloak w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 653a86b1aebebd8248f735d28cf91664585cb378
2022-10-24 21:53:02 +00:00
"id": "ff21c216-5ea8-4d26-95ca-2b467a9d5059",
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 14:22:22 +00:00
"alias": "Account verification options",
"description": "Method with which to verity the existing account",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "idp-email-verification",
"authenticatorFlow": false,
"requirement": "ALTERNATIVE",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticatorFlow": true,
"requirement": "ALTERNATIVE",
"priority": 20,
"autheticatorFlow": true,
"flowAlias": "Verify Existing Account by Re-authentication",
"userSetupAllowed": false
}
]
},
{
Squashed 'spiffworkflow-backend/' changes from 945b3c0d..653a86b1 653a86b1 update keycloak version and lint df1443e3 new keycloak realm json with 30 minute access token lifespan and 1 day refresh token lifespan ac31f4bf wait longer before importing realms for new keycloak w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 653a86b1aebebd8248f735d28cf91664585cb378
2022-10-24 21:53:02 +00:00
"id": "256108f7-b791-4e54-b4cb-a551afdf870a",
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 14:22:22 +00:00
"alias": "Authentication Options",
"description": "Authentication options.",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "basic-auth",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "basic-auth-otp",
"authenticatorFlow": false,
"requirement": "DISABLED",
"priority": 20,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "auth-spnego",
"authenticatorFlow": false,
"requirement": "DISABLED",
"priority": 30,
"autheticatorFlow": false,
"userSetupAllowed": false
}
]
},
{
Squashed 'spiffworkflow-backend/' changes from 945b3c0d..653a86b1 653a86b1 update keycloak version and lint df1443e3 new keycloak realm json with 30 minute access token lifespan and 1 day refresh token lifespan ac31f4bf wait longer before importing realms for new keycloak w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 653a86b1aebebd8248f735d28cf91664585cb378
2022-10-24 21:53:02 +00:00
"id": "fa9b2739-d814-4f83-805f-2ab0f5692cc8",
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 14:22:22 +00:00
"alias": "Browser - Conditional OTP",
"description": "Flow to determine if the OTP is required for the authentication",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "conditional-user-configured",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "auth-otp-form",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 20,
"autheticatorFlow": false,
"userSetupAllowed": false
}
]
},
{
Squashed 'spiffworkflow-backend/' changes from 945b3c0d..653a86b1 653a86b1 update keycloak version and lint df1443e3 new keycloak realm json with 30 minute access token lifespan and 1 day refresh token lifespan ac31f4bf wait longer before importing realms for new keycloak w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 653a86b1aebebd8248f735d28cf91664585cb378
2022-10-24 21:53:02 +00:00
"id": "76819f1b-04b8-412e-933c-3e30b48f350b",
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 14:22:22 +00:00
"alias": "Direct Grant - Conditional OTP",
"description": "Flow to determine if the OTP is required for the authentication",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "conditional-user-configured",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "direct-grant-validate-otp",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 20,
"autheticatorFlow": false,
"userSetupAllowed": false
}
]
},
{
Squashed 'spiffworkflow-backend/' changes from 945b3c0d..653a86b1 653a86b1 update keycloak version and lint df1443e3 new keycloak realm json with 30 minute access token lifespan and 1 day refresh token lifespan ac31f4bf wait longer before importing realms for new keycloak w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 653a86b1aebebd8248f735d28cf91664585cb378
2022-10-24 21:53:02 +00:00
"id": "54f89ad2-b2b2-4554-8528-04a8b4e73e68",
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 14:22:22 +00:00
"alias": "First broker login - Conditional OTP",
"description": "Flow to determine if the OTP is required for the authentication",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "conditional-user-configured",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "auth-otp-form",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 20,
"autheticatorFlow": false,
"userSetupAllowed": false
}
]
},
{
Squashed 'spiffworkflow-backend/' changes from 945b3c0d..653a86b1 653a86b1 update keycloak version and lint df1443e3 new keycloak realm json with 30 minute access token lifespan and 1 day refresh token lifespan ac31f4bf wait longer before importing realms for new keycloak w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 653a86b1aebebd8248f735d28cf91664585cb378
2022-10-24 21:53:02 +00:00
"id": "08664454-8aa7-4f07-990b-9b59ddd19a26",
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 14:22:22 +00:00
"alias": "Handle Existing Account",
"description": "Handle what to do if there is existing account with same email/username like authenticated identity provider",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "idp-confirm-link",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticatorFlow": true,
"requirement": "REQUIRED",
"priority": 20,
"autheticatorFlow": true,
"flowAlias": "Account verification options",
"userSetupAllowed": false
}
]
},
{
Squashed 'spiffworkflow-backend/' changes from 945b3c0d..653a86b1 653a86b1 update keycloak version and lint df1443e3 new keycloak realm json with 30 minute access token lifespan and 1 day refresh token lifespan ac31f4bf wait longer before importing realms for new keycloak w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 653a86b1aebebd8248f735d28cf91664585cb378
2022-10-24 21:53:02 +00:00
"id": "29af9cfb-11d1-4781-aee3-844b436d4c08",
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 14:22:22 +00:00
"alias": "Reset - Conditional OTP",
"description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "conditional-user-configured",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "reset-otp",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 20,
"autheticatorFlow": false,
"userSetupAllowed": false
}
]
},
{
Squashed 'spiffworkflow-backend/' changes from 945b3c0d..653a86b1 653a86b1 update keycloak version and lint df1443e3 new keycloak realm json with 30 minute access token lifespan and 1 day refresh token lifespan ac31f4bf wait longer before importing realms for new keycloak w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 653a86b1aebebd8248f735d28cf91664585cb378
2022-10-24 21:53:02 +00:00
"id": "2c2d44f6-115e-420e-bc86-1d58914b16ac",
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 14:22:22 +00:00
"alias": "User creation or linking",
"description": "Flow for the existing/non-existing user alternatives",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticatorConfig": "create unique user config",
"authenticator": "idp-create-user-if-unique",
"authenticatorFlow": false,
"requirement": "ALTERNATIVE",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticatorFlow": true,
"requirement": "ALTERNATIVE",
"priority": 20,
"autheticatorFlow": true,
"flowAlias": "Handle Existing Account",
"userSetupAllowed": false
}
]
},
{
Squashed 'spiffworkflow-backend/' changes from 945b3c0d..653a86b1 653a86b1 update keycloak version and lint df1443e3 new keycloak realm json with 30 minute access token lifespan and 1 day refresh token lifespan ac31f4bf wait longer before importing realms for new keycloak w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 653a86b1aebebd8248f735d28cf91664585cb378
2022-10-24 21:53:02 +00:00
"id": "050e3be8-d313-49ec-a891-fa84592c6cc4",
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 14:22:22 +00:00
"alias": "Verify Existing Account by Re-authentication",
"description": "Reauthentication of existing account",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "idp-username-password-form",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticatorFlow": true,
"requirement": "CONDITIONAL",
"priority": 20,
"autheticatorFlow": true,
"flowAlias": "First broker login - Conditional OTP",
"userSetupAllowed": false
}
]
},
{
Squashed 'spiffworkflow-backend/' changes from 945b3c0d..653a86b1 653a86b1 update keycloak version and lint df1443e3 new keycloak realm json with 30 minute access token lifespan and 1 day refresh token lifespan ac31f4bf wait longer before importing realms for new keycloak w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 653a86b1aebebd8248f735d28cf91664585cb378
2022-10-24 21:53:02 +00:00
"id": "d04138a1-dfa4-4854-a59e-b7f4693b56e6",
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 14:22:22 +00:00
"alias": "browser",
"description": "browser based authentication",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "auth-cookie",
"authenticatorFlow": false,
"requirement": "ALTERNATIVE",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "auth-spnego",
"authenticatorFlow": false,
"requirement": "DISABLED",
"priority": 20,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "identity-provider-redirector",
"authenticatorFlow": false,
"requirement": "ALTERNATIVE",
"priority": 25,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticatorFlow": true,
"requirement": "ALTERNATIVE",
"priority": 30,
"autheticatorFlow": true,
"flowAlias": "forms",
"userSetupAllowed": false
}
]
},
{
Squashed 'spiffworkflow-backend/' changes from 945b3c0d..653a86b1 653a86b1 update keycloak version and lint df1443e3 new keycloak realm json with 30 minute access token lifespan and 1 day refresh token lifespan ac31f4bf wait longer before importing realms for new keycloak w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 653a86b1aebebd8248f735d28cf91664585cb378
2022-10-24 21:53:02 +00:00
"id": "998cd89f-b1da-4101-9c75-658998ad3503",
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 14:22:22 +00:00
"alias": "clients",
"description": "Base authentication for clients",
"providerId": "client-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "client-secret",
"authenticatorFlow": false,
"requirement": "ALTERNATIVE",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "client-jwt",
"authenticatorFlow": false,
"requirement": "ALTERNATIVE",
"priority": 20,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "client-secret-jwt",
"authenticatorFlow": false,
"requirement": "ALTERNATIVE",
"priority": 30,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "client-x509",
"authenticatorFlow": false,
"requirement": "ALTERNATIVE",
"priority": 40,
"autheticatorFlow": false,
"userSetupAllowed": false
}
]
},
{
Squashed 'spiffworkflow-backend/' changes from 945b3c0d..653a86b1 653a86b1 update keycloak version and lint df1443e3 new keycloak realm json with 30 minute access token lifespan and 1 day refresh token lifespan ac31f4bf wait longer before importing realms for new keycloak w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 653a86b1aebebd8248f735d28cf91664585cb378
2022-10-24 21:53:02 +00:00
"id": "e75753f0-6cd8-4fe5-88d5-55affdbbc5d1",
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 14:22:22 +00:00
"alias": "direct grant",
"description": "OpenID Connect Resource Owner Grant",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "direct-grant-validate-username",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "direct-grant-validate-password",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 20,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticatorFlow": true,
"requirement": "CONDITIONAL",
"priority": 30,
"autheticatorFlow": true,
"flowAlias": "Direct Grant - Conditional OTP",
"userSetupAllowed": false
}
]
},
{
Squashed 'spiffworkflow-backend/' changes from 945b3c0d..653a86b1 653a86b1 update keycloak version and lint df1443e3 new keycloak realm json with 30 minute access token lifespan and 1 day refresh token lifespan ac31f4bf wait longer before importing realms for new keycloak w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 653a86b1aebebd8248f735d28cf91664585cb378
2022-10-24 21:53:02 +00:00
"id": "3854b6cc-eb08-473b-95f8-71eaab9219de",
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 14:22:22 +00:00
"alias": "docker auth",
"description": "Used by Docker clients to authenticate against the IDP",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "docker-http-basic-authenticator",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
}
]
},
{
Squashed 'spiffworkflow-backend/' changes from 945b3c0d..653a86b1 653a86b1 update keycloak version and lint df1443e3 new keycloak realm json with 30 minute access token lifespan and 1 day refresh token lifespan ac31f4bf wait longer before importing realms for new keycloak w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 653a86b1aebebd8248f735d28cf91664585cb378
2022-10-24 21:53:02 +00:00
"id": "a52f25a7-8509-468c-925c-4bb02e8ccd8e",
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 14:22:22 +00:00
"alias": "first broker login",
"description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticatorConfig": "review profile config",
"authenticator": "idp-review-profile",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticatorFlow": true,
"requirement": "REQUIRED",
"priority": 20,
"autheticatorFlow": true,
"flowAlias": "User creation or linking",
"userSetupAllowed": false
}
]
},
{
Squashed 'spiffworkflow-backend/' changes from 945b3c0d..653a86b1 653a86b1 update keycloak version and lint df1443e3 new keycloak realm json with 30 minute access token lifespan and 1 day refresh token lifespan ac31f4bf wait longer before importing realms for new keycloak w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 653a86b1aebebd8248f735d28cf91664585cb378
2022-10-24 21:53:02 +00:00
"id": "cc9b12fa-7f7d-44ef-aa11-d7e374b2ec0d",
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 14:22:22 +00:00
"alias": "forms",
"description": "Username, password, otp and other auth forms.",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "auth-username-password-form",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticatorFlow": true,
"requirement": "CONDITIONAL",
"priority": 20,
"autheticatorFlow": true,
"flowAlias": "Browser - Conditional OTP",
"userSetupAllowed": false
}
]
},
{
Squashed 'spiffworkflow-backend/' changes from 945b3c0d..653a86b1 653a86b1 update keycloak version and lint df1443e3 new keycloak realm json with 30 minute access token lifespan and 1 day refresh token lifespan ac31f4bf wait longer before importing realms for new keycloak w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 653a86b1aebebd8248f735d28cf91664585cb378
2022-10-24 21:53:02 +00:00
"id": "289ec9b7-c2b8-4222-922a-81be4450ac2e",
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 14:22:22 +00:00
"alias": "http challenge",
"description": "An authentication flow based on challenge-response HTTP Authentication Schemes",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "no-cookie-redirect",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticatorFlow": true,
"requirement": "REQUIRED",
"priority": 20,
"autheticatorFlow": true,
"flowAlias": "Authentication Options",
"userSetupAllowed": false
}
]
},
{
Squashed 'spiffworkflow-backend/' changes from 945b3c0d..653a86b1 653a86b1 update keycloak version and lint df1443e3 new keycloak realm json with 30 minute access token lifespan and 1 day refresh token lifespan ac31f4bf wait longer before importing realms for new keycloak w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 653a86b1aebebd8248f735d28cf91664585cb378
2022-10-24 21:53:02 +00:00
"id": "295c9bc2-0252-4fd3-b7da-47d4d2f0a09b",
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 14:22:22 +00:00
"alias": "registration",
"description": "registration flow",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "registration-page-form",
"authenticatorFlow": true,
"requirement": "REQUIRED",
"priority": 10,
"autheticatorFlow": true,
"flowAlias": "registration form",
"userSetupAllowed": false
}
]
},
{
Squashed 'spiffworkflow-backend/' changes from 945b3c0d..653a86b1 653a86b1 update keycloak version and lint df1443e3 new keycloak realm json with 30 minute access token lifespan and 1 day refresh token lifespan ac31f4bf wait longer before importing realms for new keycloak w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 653a86b1aebebd8248f735d28cf91664585cb378
2022-10-24 21:53:02 +00:00
"id": "260f9fad-5f32-4507-9e39-6e46bc26e74e",
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 14:22:22 +00:00
"alias": "registration form",
"description": "registration form",
"providerId": "form-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "registration-user-creation",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 20,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "registration-profile-action",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 40,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "registration-password-action",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 50,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "registration-recaptcha-action",
"authenticatorFlow": false,
"requirement": "DISABLED",
"priority": 60,
"autheticatorFlow": false,
"userSetupAllowed": false
}
]
},
{
Squashed 'spiffworkflow-backend/' changes from 945b3c0d..653a86b1 653a86b1 update keycloak version and lint df1443e3 new keycloak realm json with 30 minute access token lifespan and 1 day refresh token lifespan ac31f4bf wait longer before importing realms for new keycloak w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 653a86b1aebebd8248f735d28cf91664585cb378
2022-10-24 21:53:02 +00:00
"id": "39ef84e4-b7a0-434d-ba2a-5869b78e7aa0",
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 14:22:22 +00:00
"alias": "reset credentials",
"description": "Reset credentials for a user if they forgot their password or something",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "reset-credentials-choose-user",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "reset-credential-email",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 20,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "reset-password",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 30,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticatorFlow": true,
"requirement": "CONDITIONAL",
"priority": 40,
"autheticatorFlow": true,
"flowAlias": "Reset - Conditional OTP",
"userSetupAllowed": false
}
]
},
{
Squashed 'spiffworkflow-backend/' changes from 945b3c0d..653a86b1 653a86b1 update keycloak version and lint df1443e3 new keycloak realm json with 30 minute access token lifespan and 1 day refresh token lifespan ac31f4bf wait longer before importing realms for new keycloak w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 653a86b1aebebd8248f735d28cf91664585cb378
2022-10-24 21:53:02 +00:00
"id": "e47473b7-22e0-4bd0-a253-60300aadd9b9",
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 14:22:22 +00:00
"alias": "saml ecp",
"description": "SAML ECP Profile Authentication Flow",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "http-basic-authenticator",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
}
]
}
],
"authenticatorConfig": [
{
Squashed 'spiffworkflow-backend/' changes from 945b3c0d..653a86b1 653a86b1 update keycloak version and lint df1443e3 new keycloak realm json with 30 minute access token lifespan and 1 day refresh token lifespan ac31f4bf wait longer before importing realms for new keycloak w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 653a86b1aebebd8248f735d28cf91664585cb378
2022-10-24 21:53:02 +00:00
"id": "a85a0c1d-f3a2-4183-862e-394a22f12c28",
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 14:22:22 +00:00
"alias": "create unique user config",
"config": {
"require.password.update.after.registration": "false"
}
},
{
Squashed 'spiffworkflow-backend/' changes from 945b3c0d..653a86b1 653a86b1 update keycloak version and lint df1443e3 new keycloak realm json with 30 minute access token lifespan and 1 day refresh token lifespan ac31f4bf wait longer before importing realms for new keycloak w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 653a86b1aebebd8248f735d28cf91664585cb378
2022-10-24 21:53:02 +00:00
"id": "9167b412-f119-4f29-8b38-211437556f63",
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 14:22:22 +00:00
"alias": "review profile config",
"config": {
"update.profile.on.first.login": "missing"
}
}
],
"requiredActions": [
{
"alias": "CONFIGURE_TOTP",
"name": "Configure OTP",
"providerId": "CONFIGURE_TOTP",
"enabled": true,
"defaultAction": false,
"priority": 10,
"config": {}
},
{
"alias": "terms_and_conditions",
"name": "Terms and Conditions",
"providerId": "terms_and_conditions",
"enabled": false,
"defaultAction": false,
"priority": 20,
"config": {}
},
{
"alias": "UPDATE_PASSWORD",
"name": "Update Password",
"providerId": "UPDATE_PASSWORD",
"enabled": true,
"defaultAction": false,
"priority": 30,
"config": {}
},
{
"alias": "UPDATE_PROFILE",
"name": "Update Profile",
"providerId": "UPDATE_PROFILE",
"enabled": true,
"defaultAction": false,
"priority": 40,
"config": {}
},
{
"alias": "VERIFY_EMAIL",
"name": "Verify Email",
"providerId": "VERIFY_EMAIL",
"enabled": true,
"defaultAction": false,
"priority": 50,
"config": {}
},
{
"alias": "delete_account",
"name": "Delete Account",
"providerId": "delete_account",
"enabled": false,
"defaultAction": false,
"priority": 60,
"config": {}
},
{
"alias": "update_user_locale",
"name": "Update User Locale",
"providerId": "update_user_locale",
"enabled": true,
"defaultAction": false,
"priority": 1000,
"config": {}
}
],
"browserFlow": "browser",
"registrationFlow": "registration",
"directGrantFlow": "direct grant",
"resetCredentialsFlow": "reset credentials",
"clientAuthenticationFlow": "clients",
"dockerAuthenticationFlow": "docker auth",
"attributes": {
"cibaBackchannelTokenDeliveryMode": "poll",
"cibaAuthRequestedUserHint": "login_hint",
"clientOfflineSessionMaxLifespan": "0",
"oauth2DevicePollingInterval": "5",
"clientSessionIdleTimeout": "0",
Squashed 'spiffworkflow-backend/' changes from 945b3c0d..653a86b1 653a86b1 update keycloak version and lint df1443e3 new keycloak realm json with 30 minute access token lifespan and 1 day refresh token lifespan ac31f4bf wait longer before importing realms for new keycloak w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 653a86b1aebebd8248f735d28cf91664585cb378
2022-10-24 21:53:02 +00:00
"actionTokenGeneratedByUserLifespan-execute-actions": "",
"actionTokenGeneratedByUserLifespan-verify-email": "",
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 14:22:22 +00:00
"clientOfflineSessionIdleTimeout": "0",
Squashed 'spiffworkflow-backend/' changes from 945b3c0d..653a86b1 653a86b1 update keycloak version and lint df1443e3 new keycloak realm json with 30 minute access token lifespan and 1 day refresh token lifespan ac31f4bf wait longer before importing realms for new keycloak w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 653a86b1aebebd8248f735d28cf91664585cb378
2022-10-24 21:53:02 +00:00
"actionTokenGeneratedByUserLifespan-reset-credentials": "",
"cibaInterval": "5",
"cibaExpiresIn": "120",
"oauth2DeviceCodeLifespan": "600",
"actionTokenGeneratedByUserLifespan-idp-verify-account-via-email": "",
"parRequestUriLifespan": "60",
"clientSessionMaxLifespan": "0"
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 14:22:22 +00:00
},
Squashed 'spiffworkflow-backend/' changes from 945b3c0d..653a86b1 653a86b1 update keycloak version and lint df1443e3 new keycloak realm json with 30 minute access token lifespan and 1 day refresh token lifespan ac31f4bf wait longer before importing realms for new keycloak w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 653a86b1aebebd8248f735d28cf91664585cb378
2022-10-24 21:53:02 +00:00
"keycloakVersion": "19.0.3",
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 14:22:22 +00:00
"userManagedAccessAllowed": false,
"clientProfiles": {
"profiles": []
},
"clientPolicies": {
"policies": []
}
}