spiff-arena/spiffworkflow-backend/bin/spiffworkflow-realm.json

2835 lines
107 KiB
JSON
Raw Normal View History

{
"id" : "spiffworkflow",
"realm" : "spiffworkflow",
"notBefore" : 0,
"defaultSignatureAlgorithm" : "RS256",
"revokeRefreshToken" : false,
"refreshTokenMaxReuse" : 0,
"accessTokenLifespan" : 1800,
"accessTokenLifespanForImplicitFlow" : 900,
"ssoSessionIdleTimeout" : 86400,
"ssoSessionMaxLifespan" : 864000,
"ssoSessionIdleTimeoutRememberMe" : 0,
"ssoSessionMaxLifespanRememberMe" : 0,
"offlineSessionIdleTimeout" : 2592000,
"offlineSessionMaxLifespanEnabled" : false,
"offlineSessionMaxLifespan" : 5184000,
"clientSessionIdleTimeout" : 0,
"clientSessionMaxLifespan" : 0,
"clientOfflineSessionIdleTimeout" : 0,
"clientOfflineSessionMaxLifespan" : 0,
"accessCodeLifespan" : 60,
"accessCodeLifespanUserAction" : 300,
"accessCodeLifespanLogin" : 1800,
"actionTokenGeneratedByAdminLifespan" : 43200,
"actionTokenGeneratedByUserLifespan" : 300,
"oauth2DeviceCodeLifespan" : 600,
"oauth2DevicePollingInterval" : 5,
"enabled" : true,
"sslRequired" : "external",
"registrationAllowed" : false,
"registrationEmailAsUsername" : false,
"rememberMe" : false,
"verifyEmail" : false,
"loginWithEmailAllowed" : true,
"duplicateEmailsAllowed" : false,
"resetPasswordAllowed" : false,
"editUsernameAllowed" : false,
"bruteForceProtected" : false,
"permanentLockout" : false,
"maxFailureWaitSeconds" : 900,
"minimumQuickLoginWaitSeconds" : 60,
"waitIncrementSeconds" : 60,
"quickLoginCheckMilliSeconds" : 1000,
"maxDeltaTimeSeconds" : 43200,
"failureFactor" : 30,
"roles" : {
"realm" : [ {
"id" : "c9f0ff93-642d-402b-965a-04d70719886b",
"name" : "default-roles-spiffworkflow",
"description" : "${role_default-roles}",
"composite" : true,
"composites" : {
"realm" : [ "offline_access", "uma_authorization" ],
"client" : {
"account" : [ "view-profile", "manage-account" ]
}
},
"clientRole" : false,
"containerId" : "spiffworkflow",
"attributes" : { }
}, {
"id" : "9f474167-5707-4c10-8f9e-bb54ec715cd3",
"name" : "uma_authorization",
"description" : "${role_uma_authorization}",
"composite" : false,
"clientRole" : false,
"containerId" : "spiffworkflow",
"attributes" : { }
}, {
"id" : "6738d143-2d1d-4458-8a98-01ea003fde14",
"name" : "admin",
"composite" : false,
"clientRole" : false,
"containerId" : "spiffworkflow",
"attributes" : { }
}, {
"id" : "6cbcdea5-0083-469d-9576-1d245fb3cdfd",
"name" : "repeat-form-role-realm",
"composite" : false,
"clientRole" : false,
"containerId" : "spiffworkflow",
"attributes" : { }
}, {
"id" : "b5a92aee-82d2-4687-8282-365df4df21a9",
"name" : "offline_access",
"description" : "${role_offline-access}",
"composite" : false,
"clientRole" : false,
"containerId" : "spiffworkflow",
"attributes" : { }
} ],
"client" : {
"realm-management" : [ {
"id" : "257c348c-4b9e-4fea-be39-5fdd28e8bb93",
"name" : "manage-authorization",
"description" : "${role_manage-authorization}",
"composite" : false,
"clientRole" : true,
"containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2",
"attributes" : { }
}, {
"id" : "1d224265-63a8-40ea-9316-47627d0aed8c",
"name" : "view-authorization",
"description" : "${role_view-authorization}",
"composite" : false,
"clientRole" : true,
"containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2",
"attributes" : { }
}, {
"id" : "535d7ca0-0f06-42d8-938b-e6e7aabffb42",
"name" : "query-groups",
"description" : "${role_query-groups}",
"composite" : false,
"clientRole" : true,
"containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2",
"attributes" : { }
}, {
"id" : "9ff52ab5-2558-4cb0-901f-6e6f1469d075",
"name" : "realm-admin",
"description" : "${role_realm-admin}",
"composite" : true,
"composites" : {
"client" : {
"realm-management" : [ "manage-authorization", "view-authorization", "query-groups", "view-clients", "view-realm", "manage-users", "query-users", "impersonation", "manage-clients", "view-identity-providers", "create-client", "query-realms", "view-users", "view-events", "manage-identity-providers", "manage-events", "query-clients", "manage-realm" ]
}
},
"clientRole" : true,
"containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2",
"attributes" : { }
}, {
"id" : "98db35e3-833f-4b61-83af-fc50484fda57",
"name" : "view-clients",
"description" : "${role_view-clients}",
"composite" : true,
"composites" : {
"client" : {
"realm-management" : [ "query-clients" ]
}
},
"clientRole" : true,
"containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2",
"attributes" : { }
}, {
"id" : "e0dc0e0c-eba4-4de7-b2eb-2ba095c4c6d4",
"name" : "manage-users",
"description" : "${role_manage-users}",
"composite" : false,
"clientRole" : true,
"containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2",
"attributes" : { }
}, {
"id" : "69ce3805-1897-4291-842b-b8e8e9f29bd7",
"name" : "view-realm",
"description" : "${role_view-realm}",
"composite" : false,
"clientRole" : true,
"containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2",
"attributes" : { }
}, {
"id" : "3e803641-96b1-44d8-9de5-7dee83a0a75b",
"name" : "impersonation",
"description" : "${role_impersonation}",
"composite" : false,
"clientRole" : true,
"containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2",
"attributes" : { }
}, {
"id" : "2c92c3e5-1a0a-4318-9b63-617c5dca0b66",
"name" : "query-users",
"description" : "${role_query-users}",
"composite" : false,
"clientRole" : true,
"containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2",
"attributes" : { }
}, {
"id" : "326a3718-390d-4e41-af00-2197d3ef6858",
"name" : "manage-clients",
"description" : "${role_manage-clients}",
"composite" : false,
"clientRole" : true,
"containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2",
"attributes" : { }
}, {
"id" : "e4c69181-5e0d-484e-ac31-be6beef57c28",
"name" : "create-client",
"description" : "${role_create-client}",
"composite" : false,
"clientRole" : true,
"containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2",
"attributes" : { }
}, {
"id" : "f4ac66cc-97b4-4590-beae-5ff23c9935b3",
"name" : "query-realms",
"description" : "${role_query-realms}",
"composite" : false,
"clientRole" : true,
"containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2",
"attributes" : { }
}, {
"id" : "a24704fe-13fd-40e6-bf2d-29014f63c069",
"name" : "view-identity-providers",
"description" : "${role_view-identity-providers}",
"composite" : false,
"clientRole" : true,
"containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2",
"attributes" : { }
}, {
"id" : "7deec87c-2716-40c1-a115-2a0fe840b119",
"name" : "view-users",
"description" : "${role_view-users}",
"composite" : true,
"composites" : {
"client" : {
"realm-management" : [ "query-groups", "query-users" ]
}
},
"clientRole" : true,
"containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2",
"attributes" : { }
}, {
"id" : "827c40ae-b4c2-4574-9f34-db33925cd19c",
"name" : "view-events",
"description" : "${role_view-events}",
"composite" : false,
"clientRole" : true,
"containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2",
"attributes" : { }
}, {
"id" : "cbe05c62-2b07-4ac7-a33a-ffca7c176252",
"name" : "manage-events",
"description" : "${role_manage-events}",
"composite" : false,
"clientRole" : true,
"containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2",
"attributes" : { }
}, {
"id" : "8ca56814-a817-4849-a515-45399eb1dcc1",
"name" : "manage-identity-providers",
"description" : "${role_manage-identity-providers}",
"composite" : false,
"clientRole" : true,
"containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2",
"attributes" : { }
}, {
"id" : "1134c6df-d0ff-498d-9dc4-ad989f7cfe93",
"name" : "query-clients",
"description" : "${role_query-clients}",
"composite" : false,
"clientRole" : true,
"containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2",
"attributes" : { }
}, {
"id" : "3bb14549-60f6-4078-8f4e-47a1162412f2",
"name" : "manage-realm",
"description" : "${role_manage-realm}",
"composite" : false,
"clientRole" : true,
"containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2",
"attributes" : { }
} ],
"spiffworkflow-frontend" : [ ],
"security-admin-console" : [ ],
"admin-cli" : [ ],
"spiffworkflow-backend" : [ {
"id" : "4d71d1bb-d627-43c8-bc07-d542f816e04b",
"name" : "spiffworkflow-admin",
"composite" : false,
"clientRole" : true,
"containerId" : "f44558af-3601-4e54-b854-08396a247544",
"attributes" : { }
}, {
"id" : "2341ca1c-24c8-4ddf-874c-7153c9408068",
"name" : "uma_protection",
"composite" : false,
"clientRole" : true,
"containerId" : "f44558af-3601-4e54-b854-08396a247544",
"attributes" : { }
}, {
"id" : "cf88054e-4bdc-491c-bf93-c660cdaad72d",
"name" : "repeat-form-role-2",
"composite" : false,
"clientRole" : true,
"containerId" : "f44558af-3601-4e54-b854-08396a247544",
"attributes" : {
"repeat-form-role-2-att-key" : [ "repeat-form-role-2-att-value" ]
}
} ],
"withAuth" : [ {
"id" : "87673823-6a5a-4cb2-baa7-6c8b5da5d402",
"name" : "uma_protection",
"composite" : false,
"clientRole" : true,
"containerId" : "5d94a8c3-f56b-4eff-ac39-8580053a7fbe",
"attributes" : { }
} ],
"broker" : [ {
"id" : "6d688d72-cf5b-4450-a902-cb2d41f0e04c",
"name" : "read-token",
"description" : "${role_read-token}",
"composite" : false,
"clientRole" : true,
"containerId" : "55d75754-cf1b-4875-bf3e-15add4be8c99",
"attributes" : { }
} ],
"account" : [ {
"id" : "9c51c3e1-028d-4a0d-96dc-6619196b49f0",
"name" : "delete-account",
"description" : "${role_delete-account}",
"composite" : false,
"clientRole" : true,
"containerId" : "e39b3c85-bb9d-4c73-8250-be087c82ae48",
"attributes" : { }
}, {
"id" : "f395d221-7f80-4fcf-90ac-0a89c8b15a9b",
"name" : "manage-consent",
"description" : "${role_manage-consent}",
"composite" : true,
"composites" : {
"client" : {
"account" : [ "view-consent" ]
}
},
"clientRole" : true,
"containerId" : "e39b3c85-bb9d-4c73-8250-be087c82ae48",
"attributes" : { }
}, {
"id" : "7abb4169-1960-4b4d-b5ae-6ea45cf91ee4",
"name" : "view-consent",
"description" : "${role_view-consent}",
"composite" : false,
"clientRole" : true,
"containerId" : "e39b3c85-bb9d-4c73-8250-be087c82ae48",
"attributes" : { }
}, {
"id" : "4d3c24ed-cc61-4a6e-ac78-47af4545b415",
"name" : "manage-account-links",
"description" : "${role_manage-account-links}",
"composite" : false,
"clientRole" : true,
"containerId" : "e39b3c85-bb9d-4c73-8250-be087c82ae48",
"attributes" : { }
}, {
"id" : "a4954091-9be9-4b7c-a196-1af934917ff7",
"name" : "view-profile",
"description" : "${role_view-profile}",
"composite" : false,
"clientRole" : true,
"containerId" : "e39b3c85-bb9d-4c73-8250-be087c82ae48",
"attributes" : { }
}, {
"id" : "0810773c-a57d-449e-a31f-1344e1eb4b9b",
"name" : "manage-account",
"description" : "${role_manage-account}",
"composite" : true,
"composites" : {
"client" : {
"account" : [ "manage-account-links" ]
}
},
"clientRole" : true,
"containerId" : "e39b3c85-bb9d-4c73-8250-be087c82ae48",
"attributes" : { }
}, {
"id" : "ae774a41-a274-4f99-9d7f-f4a0d5dbc085",
"name" : "view-applications",
"description" : "${role_view-applications}",
"composite" : false,
"clientRole" : true,
"containerId" : "e39b3c85-bb9d-4c73-8250-be087c82ae48",
"attributes" : { }
} ]
}
},
"groups" : [ ],
"defaultRole" : {
"id" : "c9f0ff93-642d-402b-965a-04d70719886b",
"name" : "default-roles-spiffworkflow",
"description" : "${role_default-roles}",
"composite" : true,
"clientRole" : false,
"containerId" : "spiffworkflow"
},
"requiredCredentials" : [ "password" ],
"otpPolicyType" : "totp",
"otpPolicyAlgorithm" : "HmacSHA1",
"otpPolicyInitialCounter" : 0,
"otpPolicyDigits" : 6,
"otpPolicyLookAheadWindow" : 1,
"otpPolicyPeriod" : 30,
"otpSupportedApplications" : [ "FreeOTP", "Google Authenticator" ],
"webAuthnPolicyRpEntityName" : "keycloak",
"webAuthnPolicySignatureAlgorithms" : [ "ES256" ],
"webAuthnPolicyRpId" : "",
"webAuthnPolicyAttestationConveyancePreference" : "not specified",
"webAuthnPolicyAuthenticatorAttachment" : "not specified",
"webAuthnPolicyRequireResidentKey" : "not specified",
"webAuthnPolicyUserVerificationRequirement" : "not specified",
"webAuthnPolicyCreateTimeout" : 0,
"webAuthnPolicyAvoidSameAuthenticatorRegister" : false,
"webAuthnPolicyAcceptableAaguids" : [ ],
"webAuthnPolicyPasswordlessRpEntityName" : "keycloak",
"webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ],
"webAuthnPolicyPasswordlessRpId" : "",
"webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified",
"webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified",
"webAuthnPolicyPasswordlessRequireResidentKey" : "not specified",
"webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified",
"webAuthnPolicyPasswordlessCreateTimeout" : 0,
"webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false,
"webAuthnPolicyPasswordlessAcceptableAaguids" : [ ],
"users" : [ {
"id" : "4048e9a7-8afa-4e69-9904-389657221abe",
"createdTimestamp" : 1665517741516,
"username" : "alex",
"enabled" : true,
"totp" : false,
"emailVerified" : false,
"credentials" : [ {
"id" : "81a61a3b-228d-42b3-b39a-f62d8e7f57ca",
"type" : "password",
"createdDate" : 1665517748308,
"secretData" : "{\"value\":\"13OdXlB1S1EqHL+3/0y4LYp/LGCn0UW8/Wh9ykgpUbRrwdX6dY3iiMlKePfTy5nXoH/ISmPlxNKOe5z7FWXsgg==\",\"salt\":\"pv0SEb7Ctk5tpu2y32L2kw==\",\"additionalParameters\":{}}",
"credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
} ],
"disableableCredentialTypes" : [ ],
"requiredActions" : [ ],
"realmRoles" : [ "default-roles-spiffworkflow" ],
"notBefore" : 0,
"groups" : [ ]
}, {
"id" : "b4dc5a30-4bd7-44fc-88b5-839fbb8567ea",
"createdTimestamp" : 1665518311550,
"username" : "amir",
"enabled" : true,
"totp" : false,
"emailVerified" : false,
"credentials" : [ {
"id" : "e589f3ad-bf7b-4756-89f7-7894c03c2831",
"type" : "password",
"createdDate" : 1665518319210,
"secretData" : "{\"value\":\"mamd7Hi6nV5suylSrUgwWon3Gw3WeOIvAJu9g39Mq1iYoXWj2rI870bGHiSITLaFBpdjLOEmlu9feKkULOXNpQ==\",\"salt\":\"wG7tkMQfPKRW9ymu4ekujQ==\",\"additionalParameters\":{}}",
"credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
} ],
"disableableCredentialTypes" : [ ],
"requiredActions" : [ ],
"realmRoles" : [ "default-roles-spiffworkflow" ],
"notBefore" : 0,
"groups" : [ ]
}, {
"id" : "4c436296-8471-4105-b551-80eee96b43bb",
"createdTimestamp" : 1657139858075,
"username" : "ciadmin1",
"enabled" : true,
"totp" : false,
"emailVerified" : false,
"credentials" : [ {
"id" : "111b5ea1-c2ab-470a-a16b-2373bc94de7a",
"type" : "password",
"createdDate" : 1657139904275,
"secretData" : "{\"value\":\"e5MjWAk7RPspQIh9gEOKyv3AV/DHNoWk8w1tf+MRLh2oxrKmnnizOj0eFtIadT/q/i5JRfUq5IYBPLL/4nEJDw==\",\"salt\":\"5inqMqqTR6+PBYriy3RPjA==\",\"additionalParameters\":{}}",
"credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
} ],
"disableableCredentialTypes" : [ ],
"requiredActions" : [ ],
"realmRoles" : [ "default-roles-spiffworkflow", "admin" ],
"clientRoles" : {
"spiffworkflow-backend" : [ "spiffworkflow-admin", "uma_protection" ]
Squashed 'spiffworkflow-backend/' changes from 03bf7a61..10c443a2 10c443a2 Merge pull request #130 from sartography/feature/data 71c803aa allow passing in the log level into the app w/ burnettk daeb82d9 Merge pull request #126 from sartography/dependabot/pip/typing-extensions-4.4.0 14c8f52c Merge pull request #123 from sartography/dependabot/pip/dot-github/workflows/poetry-1.2.2 92d204e6 Merge remote-tracking branch 'origin/main' into feature/data 1cb77901 run the save all bpmn script on server boot w/ burnettk 16a6f476 Bump typing-extensions from 4.3.0 to 4.4.0 d8ac61fc Bump poetry from 1.2.1 to 1.2.2 in /.github/workflows 3be27786 Merge pull request #131 from sartography/feature/permissions2 1fd8fc78 Merge remote-tracking branch 'origin/main' into feature/permissions2 d29621ae data setup on app boot 0b21a5d4 refactor bin/save_all_bpmn.py into service code 02fb9d61 lint c95db461 refactor scripts 98628fc2 This caused a problem with scopes when token timed out. d8b2323b merged in main and resolved conflicts d01b4fc7 updated sentry-sdk to resolve deprecation warnings 5851ddf5 update for mypy in python 3.9 508f9900 merged in main and resolved conflicts 68d69978 precommit w/ burnettk 85a4ee16 removed debug print statements w/ burnettk 93eb91f4 added keycloak configs and user perms for staging w/ burnettk e4ded8fc added method to import permissions from yml file w/ burnettk 22ba89ae use percents instead of asterisks to better support db syntax w/ burnettk 0c116ae8 postgres does not use backticks w/ burnettk 621ad3ef attempting to see if sql like statement works in other dbs as well w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 10c443a2d82752e8ed9d1679afe6409d81029006
2022-10-12 19:28:52 +00:00
},
"notBefore" : 0,
"groups" : [ ]
}, {
"id" : "56457e8f-47c6-4f9f-a72b-473dea5edfeb",
"createdTimestamp" : 1657139955336,
"username" : "ciuser1",
"enabled" : true,
"totp" : false,
"emailVerified" : false,
"credentials" : [ {
"id" : "762f36e9-47af-44da-8520-cf09d752497a",
"type" : "password",
"createdDate" : 1657139966468,
"secretData" : "{\"value\":\"Dpn9QBJSxvl54b0Fu+OKrKRwmDJbk28FQ3xhlOdJPvZVJU/SpdrcsH7ktYAIkVLkRC5qILSZuNPQ3vDGzE2r1Q==\",\"salt\":\"yXd7N8XIQBkJ7swHDeRzXw==\",\"additionalParameters\":{}}",
"credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
} ],
"disableableCredentialTypes" : [ ],
"requiredActions" : [ ],
"realmRoles" : [ "default-roles-spiffworkflow" ],
"clientRoles" : {
"spiffworkflow-backend" : [ "uma_protection" ]
Squashed 'spiffworkflow-backend/' changes from 03bf7a61..10c443a2 10c443a2 Merge pull request #130 from sartography/feature/data 71c803aa allow passing in the log level into the app w/ burnettk daeb82d9 Merge pull request #126 from sartography/dependabot/pip/typing-extensions-4.4.0 14c8f52c Merge pull request #123 from sartography/dependabot/pip/dot-github/workflows/poetry-1.2.2 92d204e6 Merge remote-tracking branch 'origin/main' into feature/data 1cb77901 run the save all bpmn script on server boot w/ burnettk 16a6f476 Bump typing-extensions from 4.3.0 to 4.4.0 d8ac61fc Bump poetry from 1.2.1 to 1.2.2 in /.github/workflows 3be27786 Merge pull request #131 from sartography/feature/permissions2 1fd8fc78 Merge remote-tracking branch 'origin/main' into feature/permissions2 d29621ae data setup on app boot 0b21a5d4 refactor bin/save_all_bpmn.py into service code 02fb9d61 lint c95db461 refactor scripts 98628fc2 This caused a problem with scopes when token timed out. d8b2323b merged in main and resolved conflicts d01b4fc7 updated sentry-sdk to resolve deprecation warnings 5851ddf5 update for mypy in python 3.9 508f9900 merged in main and resolved conflicts 68d69978 precommit w/ burnettk 85a4ee16 removed debug print statements w/ burnettk 93eb91f4 added keycloak configs and user perms for staging w/ burnettk e4ded8fc added method to import permissions from yml file w/ burnettk 22ba89ae use percents instead of asterisks to better support db syntax w/ burnettk 0c116ae8 postgres does not use backticks w/ burnettk 621ad3ef attempting to see if sql like statement works in other dbs as well w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 10c443a2d82752e8ed9d1679afe6409d81029006
2022-10-12 19:28:52 +00:00
},
"notBefore" : 0,
"groups" : [ ]
}, {
"id" : "d58b61cc-a77e-488f-a427-05f4e0572e20",
"createdTimestamp" : 1669132945413,
"username" : "core",
"enabled" : true,
"totp" : false,
"emailVerified" : false,
"firstName" : "",
"lastName" : "",
"credentials" : [ {
"id" : "ee80092b-8ee6-4699-8492-566e088b48f5",
"type" : "password",
"userLabel" : "My password",
"createdDate" : 1669132955862,
"secretData" : "{\"value\":\"x0f/IvOAsMmbQzgc1LXJ9O7dDepeFURi7lD4Wy0NZBrFRyQ3pMXM6FHNNjhVDeZMsTr2tesYYQ2BK3z9xIPPrA==\",\"salt\":\"vx4/Z41MiUnLqaVt+vMmOQ==\",\"additionalParameters\":{}}",
"credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
} ],
"disableableCredentialTypes" : [ ],
"requiredActions" : [ ],
"realmRoles" : [ "default-roles-spiffworkflow" ],
"notBefore" : 0,
"groups" : [ ]
}, {
"id" : "99e7e4ea-d4ae-4944-bd31-873dac7b004c",
"createdTimestamp" : 1665517024483,
"username" : "dan",
"enabled" : true,
"totp" : false,
"emailVerified" : false,
"credentials" : [ {
"id" : "d517c520-f500-4542-80e5-7144daef1e32",
"type" : "password",
"createdDate" : 1665517033429,
"secretData" : "{\"value\":\"rgWPI1YobMfDaaT3di2+af3gHU8bkreRElAHgYFA+dXHw0skiGVd1t57kNLEP49M6zKYjZzlOKr0qvAxQF0oSg==\",\"salt\":\"usMZebZnPYXhD6ID95bizg==\",\"additionalParameters\":{}}",
"credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
} ],
"disableableCredentialTypes" : [ ],
"requiredActions" : [ ],
"realmRoles" : [ "default-roles-spiffworkflow" ],
"notBefore" : 0,
"groups" : [ ]
}, {
"id" : "1834a79d-917f-4e4c-ab38-8ec376179fe9",
"createdTimestamp" : 1665517805115,
"username" : "daniel",
"enabled" : true,
"totp" : false,
"emailVerified" : false,
"credentials" : [ {
"id" : "f240495c-265b-42fc-99db-46928580d07d",
"type" : "password",
"createdDate" : 1665517812636,
"secretData" : "{\"value\":\"sRCF3tFOZrUbEW220cVHhQ7e89iKqjgAMyO0BaYCPZZw1tEjZ+drGj+bfwRbuuK0Nps3t//YGVELsejRogWkcw==\",\"salt\":\"XQtLR9oZctkyRTi2Be+Z0g==\",\"additionalParameters\":{}}",
"credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
} ],
"disableableCredentialTypes" : [ ],
"requiredActions" : [ ],
"realmRoles" : [ "default-roles-spiffworkflow" ],
"notBefore" : 0,
"groups" : [ ]
}, {
"id" : "72d32cba-e2e2-489d-9141-4d94e3bb2cda",
"createdTimestamp" : 1665517787787,
"username" : "elizabeth",
"enabled" : true,
"totp" : false,
"emailVerified" : false,
"credentials" : [ {
"id" : "ae951ec8-9fc9-4f1b-b340-bbbe463ae5c2",
"type" : "password",
"createdDate" : 1665517794484,
"secretData" : "{\"value\":\"oudGUsbh8utUavZ8OmoUvggCYxr+RHCgwcqpub5AgbITsK4DgY01X0SlDGRTdNGOIqoHse8zGBNmcyBNPWjC0w==\",\"salt\":\"auHilaAS2Lo7oa0UaA7L6A==\",\"additionalParameters\":{}}",
"credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
} ],
"disableableCredentialTypes" : [ ],
"requiredActions" : [ ],
"realmRoles" : [ "default-roles-spiffworkflow" ],
"notBefore" : 0,
"groups" : [ ]
}, {
"id" : "faf29027-dc54-4804-a408-4989a8c9c243",
"createdTimestamp" : 1669132994561,
"username" : "fin",
"enabled" : true,
"totp" : false,
"emailVerified" : false,
"firstName" : "",
"lastName" : "",
"credentials" : [ {
"id" : "2379940c-98b4-481a-b629-0bd1a4e91acf",
"type" : "password",
"userLabel" : "My password",
"createdDate" : 1669133003955,
"secretData" : "{\"value\":\"Wb9XtkrxJ9YdW7faHcWgQ+WK3JqBYCQ5wTn9rJa7Uo47I2TrniH+7/CBODIaiF3ipYAEZBkiCJDnPqg2qbZ+aA==\",\"salt\":\"bY1gRb+5sjbmrYWvxfl9CQ==\",\"additionalParameters\":{}}",
"credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
} ],
"disableableCredentialTypes" : [ ],
"requiredActions" : [ ],
"realmRoles" : [ "default-roles-spiffworkflow" ],
"notBefore" : 0,
"groups" : [ ]
}, {
"id" : "13e009b2-e96f-43b7-a227-465675ece81d",
"createdTimestamp" : 1669303701625,
"username" : "fin1",
"enabled" : true,
"totp" : false,
"emailVerified" : false,
"firstName" : "",
"lastName" : "",
"credentials" : [ {
"id" : "96216746-ff72-454e-8288-232428d10b42",
"type" : "password",
"userLabel" : "My password",
"createdDate" : 1669303725352,
"secretData" : "{\"value\":\"ukPIO1rlfpzbxb+FXHAwCdNQ4cq3yX+Ke11uFPpGy7xBNT5UgLzO3oIK34Cw1Ma3+gFqK6/OsT4Q5fZd/AsVJQ==\",\"salt\":\"iSIY1gAdz7wkAwnGer95Lw==\",\"additionalParameters\":{}}",
"credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
} ],
"disableableCredentialTypes" : [ ],
"requiredActions" : [ ],
"realmRoles" : [ "default-roles-spiffworkflow" ],
"notBefore" : 0,
"groups" : [ ]
}, {
"id" : "9b46f3be-a81d-4b76-92e6-2ac8462f5ec8",
"createdTimestamp" : 1665688255982,
"username" : "finance_user1",
"enabled" : true,
"totp" : false,
"emailVerified" : false,
"credentials" : [ {
"id" : "f14722ec-13a7-4d35-a4ec-0475d405ae58",
"type" : "password",
"createdDate" : 1665688275943,
"secretData" : "{\"value\":\"PlNhf8ShIvaSP3CUwCwAJ2tkqcTCVmCWUy4rbuLSXxEIiuGMu4XeZdsrE82R8PWuDQhlWn/YOUOk38xKZS2ySQ==\",\"salt\":\"m7JGY2cWgFBXMYQSSP2JQQ==\",\"additionalParameters\":{}}",
"credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
} ],
"disableableCredentialTypes" : [ ],
"requiredActions" : [ ],
"realmRoles" : [ "default-roles-spiffworkflow" ],
"notBefore" : 0,
"groups" : [ ]
}, {
"id" : "087bdc16-e362-4340-aa60-1ff71a45f844",
"createdTimestamp" : 1665516884829,
"username" : "harmeet",
"enabled" : true,
"totp" : false,
"emailVerified" : false,
"credentials" : [ {
"id" : "89c26090-9bd3-46ac-b038-883d02e3f125",
"type" : "password",
"createdDate" : 1665516905862,
"secretData" : "{\"value\":\"vDzTFQhjg8l8XgQ/YFYZSMLxQovFc/wflVBiRtAk/UWRKhJwuz3XInFbQ64wbYppBlXDYSmYis3luKv6YyUWjQ==\",\"salt\":\"58OQLETS0sM9VpXWoNa6rQ==\",\"additionalParameters\":{}}",
"credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
} ],
"disableableCredentialTypes" : [ ],
"requiredActions" : [ ],
"realmRoles" : [ "default-roles-spiffworkflow" ],
"notBefore" : 0,
"groups" : [ ]
}, {
"id" : "1561518b-c327-491e-9db3-23c2b5394104",
"createdTimestamp" : 1669303773974,
"username" : "j",
"enabled" : true,
"totp" : false,
"emailVerified" : false,
"firstName" : "",
"lastName" : "",
"credentials" : [ {
"id" : "e71ec785-9133-4b7d-8015-1978379af0bb",
"type" : "password",
"userLabel" : "My password",
"createdDate" : 1669303786522,
"secretData" : "{\"value\":\"g/nsCceqGWoU7thzq21RFSNUB8WP6l9/x2ghKFAKC1Xrqcf2At+u0r8GglqM6WmLthOTtrwICs98tS4ZPLmsbA==\",\"salt\":\"Na/OfJ9itENgaLPsIntzUQ==\",\"additionalParameters\":{}}",
"credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
} ],
"disableableCredentialTypes" : [ ],
"requiredActions" : [ ],
"realmRoles" : [ "default-roles-spiffworkflow" ],
"notBefore" : 0,
"groups" : [ ]
}, {
"id" : "13f5481e-c6b5-450d-8aaf-e13c1c1f5914",
"createdTimestamp" : 1665518332327,
"username" : "jakub",
"enabled" : true,
"totp" : false,
"emailVerified" : false,
"credentials" : [ {
"id" : "ce141fa5-b8d5-4bbe-93e7-22e7119f97c2",
"type" : "password",
"createdDate" : 1665518338651,
"secretData" : "{\"value\":\"+L4TmIGURzFtyRMFyKbPmQ8iYSC639K0GLNHXM+T/cLiMGxVr/wvWj5j435c1V9P+kwO2CnGtd09IsSN8cXuXg==\",\"salt\":\"a2eNeYyoci5fpkPJJy735g==\",\"additionalParameters\":{}}",
"credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
} ],
"disableableCredentialTypes" : [ ],
"requiredActions" : [ ],
"realmRoles" : [ "default-roles-spiffworkflow" ],
"notBefore" : 0,
"groups" : [ ]
}, {
"id" : "3965a6c8-31df-474f-9a45-c268ed98e3fd",
"createdTimestamp" : 1665518284693,
"username" : "jarrad",
"enabled" : true,
"totp" : false,
"emailVerified" : false,
"credentials" : [ {
"id" : "113e0343-1069-476d-83f9-21d98edb9cfa",
"type" : "password",
"createdDate" : 1665518292234,
"secretData" : "{\"value\":\"1CeBMYC3yiJ/cmIxHs/bSea3kxItLNnaIkPNRk2HefZiCdfUKcJ/QLI0O9QO108G2Lzg9McR33EB72zbFAfYUw==\",\"salt\":\"2kWgItvYvzJkgJU9ICWMAw==\",\"additionalParameters\":{}}",
"credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
} ],
"disableableCredentialTypes" : [ ],
"requiredActions" : [ ],
"realmRoles" : [ "default-roles-spiffworkflow" ],
"notBefore" : 0,
"groups" : [ ]
}, {
"id" : "58bcce19-41ec-4ae7-b930-b37be7ad4ba3",
"createdTimestamp" : 1665516949583,
"username" : "jason",
"enabled" : true,
"totp" : false,
"emailVerified" : false,
"credentials" : [ {
"id" : "40abf32e-f0cc-4a17-8231-1a69a02c1b0b",
"type" : "password",
"createdDate" : 1665516957192,
"secretData" : "{\"value\":\"nCnRYH5rLRMu1E7C260SowAdvJfQCSdf4LigcIzSkoPwT+qfLT5ut5m99zakNLeHLoCtGhO2lSVGUQWhdCUYJw==\",\"salt\":\"mW5QN/RSr55I04VI6FTERA==\",\"additionalParameters\":{}}",
"credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
} ],
"disableableCredentialTypes" : [ ],
"requiredActions" : [ ],
"realmRoles" : [ "default-roles-spiffworkflow" ],
"notBefore" : 0,
"groups" : [ ]
}, {
"id" : "29c11638-3b32-4024-8594-91c8b09e713c",
"createdTimestamp" : 1665518366585,
"username" : "jon",
"enabled" : true,
"totp" : false,
"emailVerified" : false,
"credentials" : [ {
"id" : "8b520e01-5b9b-44ab-9ee8-505bd0831a45",
"type" : "password",
"createdDate" : 1665518373016,
"secretData" : "{\"value\":\"lZBDnz49zW6EkT2t7JSQjOzBlYhjhkw3hHefcOC4tmet+h/dAuxSGRuLibJHBap2j6G9Z2SoRqtyS8bwGbR42g==\",\"salt\":\"MI90jmxbLAno0g5O4BCeHw==\",\"additionalParameters\":{}}",
"credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
} ],
"disableableCredentialTypes" : [ ],
"requiredActions" : [ ],
"realmRoles" : [ "default-roles-spiffworkflow" ],
"notBefore" : 0,
"groups" : [ ]
}, {
"id" : "af15c167-d0e7-4a41-ac2c-109188dd7166",
"createdTimestamp" : 1665516966482,
"username" : "kb",
"enabled" : true,
"totp" : false,
"emailVerified" : false,
"credentials" : [ {
"id" : "2c0be363-038f-48f1-86d6-91fdd28657cf",
"type" : "password",
"createdDate" : 1665516982394,
"secretData" : "{\"value\":\"yvliX8Mn+lgpxfMpkjfsV8CASgghEgPA2P1/DR1GP5LSFoGwGCEwj0SmeQAo+MQjBsn3nfvtL9asQvmIYdNZwQ==\",\"salt\":\"kFr1K94QCEx9eGD25rZR9g==\",\"additionalParameters\":{}}",
"credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
} ],
"disableableCredentialTypes" : [ ],
"requiredActions" : [ ],
"realmRoles" : [ "default-roles-spiffworkflow" ],
"notBefore" : 0,
"groups" : [ ]
}, {
"id" : "23c464ea-6a98-462c-a8b9-e8e561804361",
"createdTimestamp" : 1669132970114,
"username" : "lead",
"enabled" : true,
"totp" : false,
"emailVerified" : false,
"firstName" : "",
"lastName" : "",
"credentials" : [ {
"id" : "96e836a4-1a84-45c5-a9ed-651b0c90195e",
"type" : "password",
"userLabel" : "My password",
"createdDate" : 1669132979516,
"secretData" : "{\"value\":\"DsOkyXBHcwY0HAGta+m+E5jXDZwxGl/fgROCR7ph23oJ3j9833UVH5VLHfYcZ3YZixUIfskYMlcwW91uqO0oxQ==\",\"salt\":\"zOLZMvNnOIEB0t32DghWiQ==\",\"additionalParameters\":{}}",
"credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
} ],
"disableableCredentialTypes" : [ ],
"requiredActions" : [ ],
"realmRoles" : [ "default-roles-spiffworkflow" ],
"notBefore" : 0,
"groups" : [ ]
}, {
"id" : "fef2c863-be05-49f2-94d0-702238505a4d",
"createdTimestamp" : 1669303745591,
"username" : "lead1",
"enabled" : true,
"totp" : false,
"emailVerified" : false,
"firstName" : "",
"lastName" : "",
"credentials" : [ {
"id" : "4e17388b-6c44-44e1-b20a-a873c0feb9a8",
"type" : "password",
"userLabel" : "My password",
"createdDate" : 1669303762736,
"secretData" : "{\"value\":\"NNPFZcVk47adUPH1q3L27uPkULy9OocZkOzi4qUVvO+tvZJVH5sMrSUYqM8S71AqdHNZD1a8ge6amF6k6dDIkQ==\",\"salt\":\"7e48fZJBAeVferVYA4gNVw==\",\"additionalParameters\":{}}",
"credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
} ],
"disableableCredentialTypes" : [ ],
"requiredActions" : [ ],
"realmRoles" : [ "default-roles-spiffworkflow" ],
"notBefore" : 0,
"groups" : [ ]
}, {
"id" : "6f5bfa09-7494-4a2f-b871-cf327048cac7",
"createdTimestamp" : 1665517010600,
"username" : "manuchehr",
"enabled" : true,
"totp" : false,
"emailVerified" : false,
"credentials" : [ {
"id" : "07dabf55-b5d3-4f98-abba-3334086ecf5e",
"type" : "password",
"createdDate" : 1665517017682,
"secretData" : "{\"value\":\"1btDXHraz9l0Gp4g1xxdcuZffLsuKsW0tHwQGzoEtTlI/iZdrKPG9WFlCEFd84qtpdYPJD/tvzn6ZK6zU4/GlQ==\",\"salt\":\"jHtMiO+4jMv9GqLhC9wg4w==\",\"additionalParameters\":{}}",
"credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
} ],
"disableableCredentialTypes" : [ ],
"requiredActions" : [ ],
"realmRoles" : [ "default-roles-spiffworkflow" ],
"notBefore" : 0,
"groups" : [ ]
}, {
"id" : "d1c46b47-67c4-4d07-9cf4-6b1ceac88fc1",
"createdTimestamp" : 1665517760255,
"username" : "mike",
"enabled" : true,
"totp" : false,
"emailVerified" : false,
"credentials" : [ {
"id" : "1ed375fb-0f1a-4c2a-9243-2477242cf7bd",
"type" : "password",
"createdDate" : 1665517768715,
"secretData" : "{\"value\":\"S1cxZ3dgNB+A6yfMchDWEGP8OyZaaAOU/IUKn+QWFt255yoFqs28pfmwCsevdzuh0YfygO9GBgBv7qZQ2pknNQ==\",\"salt\":\"i+Q9zEHNxfi8TAHw17Dv6w==\",\"additionalParameters\":{}}",
"credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
} ],
"disableableCredentialTypes" : [ ],
"requiredActions" : [ ],
"realmRoles" : [ "default-roles-spiffworkflow" ],
"notBefore" : 0,
"groups" : [ ]
}, {
"id" : "cecacfd3-2f59-4ce2-87d9-bea91ef13c5b",
"createdTimestamp" : 1666102618518,
"username" : "natalia",
"enabled" : true,
"totp" : false,
"emailVerified" : false,
"credentials" : [ {
"id" : "b6aa9936-39cc-4931-bfeb-60e6753de5ba",
"type" : "password",
"createdDate" : 1666102626704,
"secretData" : "{\"value\":\"kGyQIqZM6n9rjGZkNScJbkFjLvRJ2I+ZzCtjQ80e+zX7QaXtIF3CEeSY6KTXVjE8Z74oyVBWTIibpiTblm5Ztw==\",\"salt\":\"0k+Y+QJiW0YhxuxxYigasg==\",\"additionalParameters\":{}}",
"credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
} ],
"disableableCredentialTypes" : [ ],
"requiredActions" : [ ],
"realmRoles" : [ "default-roles-spiffworkflow" ],
"notBefore" : 0,
"groups" : [ ]
}, {
"id" : "f3852a7d-8adf-494f-b39d-96ad4c899ee5",
"createdTimestamp" : 1665516926300,
"username" : "sasha",
"enabled" : true,
"totp" : false,
"emailVerified" : false,
"credentials" : [ {
"id" : "4a170af4-6f0c-4e7b-b70c-e674edf619df",
"type" : "password",
"createdDate" : 1665516934662,
"secretData" : "{\"value\":\"/cimS+PL6p+YnOCF9ZSA6UuwmmLZ7aVUZUthiFDqp/sn0c8GTpWmAdDIbJy2Ut+D4Rx605kRFQaekzRgSYPxcg==\",\"salt\":\"0dmUnLfqK745YHVSz6HOZg==\",\"additionalParameters\":{}}",
"credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
} ],
"disableableCredentialTypes" : [ ],
"requiredActions" : [ ],
"realmRoles" : [ "default-roles-spiffworkflow" ],
"notBefore" : 0,
"groups" : [ ]
}, {
"id" : "487d3a85-89dd-4839-957a-c3f6d70551f6",
"createdTimestamp" : 1657115173081,
"username" : "service-account-spiffworkflow-backend",
"enabled" : true,
"totp" : false,
"emailVerified" : false,
"serviceAccountClientId" : "spiffworkflow-backend",
"credentials" : [ ],
"disableableCredentialTypes" : [ ],
"requiredActions" : [ ],
"realmRoles" : [ "default-roles-spiffworkflow" ],
"clientRoles" : {
"spiffworkflow-backend" : [ "uma_protection" ]
},
"notBefore" : 0,
"groups" : [ ]
}, {
"id" : "22de68b1-4b06-4bc2-8da6-0c577e7e62ad",
"createdTimestamp" : 1657055472800,
"username" : "service-account-withauth",
"enabled" : true,
"totp" : false,
"emailVerified" : false,
"serviceAccountClientId" : "withAuth",
"credentials" : [ ],
"disableableCredentialTypes" : [ ],
"requiredActions" : [ ],
"realmRoles" : [ "default-roles-spiffworkflow" ],
"clientRoles" : {
"withAuth" : [ "uma_protection" ]
},
"notBefore" : 0,
"groups" : [ ]
} ],
"scopeMappings" : [ {
"clientScope" : "offline_access",
"roles" : [ "offline_access" ]
} ],
"clients" : [ {
"id" : "e39b3c85-bb9d-4c73-8250-be087c82ae48",
"clientId" : "account",
"name" : "${client_account}",
"rootUrl" : "${authBaseUrl}",
"baseUrl" : "/realms/spiffworkflow/account/",
"surrogateAuthRequired" : false,
"enabled" : false,
"alwaysDisplayInConsole" : false,
"clientAuthenticatorType" : "client-secret",
"redirectUris" : [ "/realms/spiffworkflow/account/*" ],
"webOrigins" : [ ],
"notBefore" : 0,
"bearerOnly" : false,
"consentRequired" : false,
"standardFlowEnabled" : true,
"implicitFlowEnabled" : false,
"directAccessGrantsEnabled" : false,
"serviceAccountsEnabled" : false,
"publicClient" : true,
"frontchannelLogout" : false,
"protocol" : "openid-connect",
"attributes" : {
"saml.force.post.binding" : "false",
"saml.multivalued.roles" : "false",
"frontchannel.logout.session.required" : "false",
"post.logout.redirect.uris" : "+",
"oauth2.device.authorization.grant.enabled" : "false",
"backchannel.logout.revoke.offline.tokens" : "false",
"saml.server.signature.keyinfo.ext" : "false",
"use.refresh.tokens" : "true",
"oidc.ciba.grant.enabled" : "false",
"backchannel.logout.session.required" : "false",
"client_credentials.use_refresh_token" : "false",
"require.pushed.authorization.requests" : "false",
"saml.client.signature" : "false",
"saml.allow.ecp.flow" : "false",
"id.token.as.detached.signature" : "false",
"saml.assertion.signature" : "false",
"saml.encrypt" : "false",
"saml.server.signature" : "false",
"exclude.session.state.from.auth.response" : "false",
"saml.artifact.binding" : "false",
"saml_force_name_id_format" : "false",
"acr.loa.map" : "{}",
"tls.client.certificate.bound.access.tokens" : "false",
"saml.authnstatement" : "false",
"display.on.consent.screen" : "false",
"token.response.type.bearer.lower-case" : "false",
"saml.onetimeuse.condition" : "false"
Squashed 'spiffworkflow-backend/' changes from 03bf7a61..10c443a2 10c443a2 Merge pull request #130 from sartography/feature/data 71c803aa allow passing in the log level into the app w/ burnettk daeb82d9 Merge pull request #126 from sartography/dependabot/pip/typing-extensions-4.4.0 14c8f52c Merge pull request #123 from sartography/dependabot/pip/dot-github/workflows/poetry-1.2.2 92d204e6 Merge remote-tracking branch 'origin/main' into feature/data 1cb77901 run the save all bpmn script on server boot w/ burnettk 16a6f476 Bump typing-extensions from 4.3.0 to 4.4.0 d8ac61fc Bump poetry from 1.2.1 to 1.2.2 in /.github/workflows 3be27786 Merge pull request #131 from sartography/feature/permissions2 1fd8fc78 Merge remote-tracking branch 'origin/main' into feature/permissions2 d29621ae data setup on app boot 0b21a5d4 refactor bin/save_all_bpmn.py into service code 02fb9d61 lint c95db461 refactor scripts 98628fc2 This caused a problem with scopes when token timed out. d8b2323b merged in main and resolved conflicts d01b4fc7 updated sentry-sdk to resolve deprecation warnings 5851ddf5 update for mypy in python 3.9 508f9900 merged in main and resolved conflicts 68d69978 precommit w/ burnettk 85a4ee16 removed debug print statements w/ burnettk 93eb91f4 added keycloak configs and user perms for staging w/ burnettk e4ded8fc added method to import permissions from yml file w/ burnettk 22ba89ae use percents instead of asterisks to better support db syntax w/ burnettk 0c116ae8 postgres does not use backticks w/ burnettk 621ad3ef attempting to see if sql like statement works in other dbs as well w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 10c443a2d82752e8ed9d1679afe6409d81029006
2022-10-12 19:28:52 +00:00
},
"authenticationFlowBindingOverrides" : { },
"fullScopeAllowed" : false,
"nodeReRegistrationTimeout" : 0,
"defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ],
"optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
}, {
"id" : "02fa6179-9399-4bb1-970f-c4d8e8b5f99f",
"clientId" : "admin-cli",
"name" : "${client_admin-cli}",
"surrogateAuthRequired" : false,
"enabled" : false,
"alwaysDisplayInConsole" : false,
"clientAuthenticatorType" : "client-secret",
"redirectUris" : [ ],
"webOrigins" : [ ],
"notBefore" : 0,
"bearerOnly" : false,
"consentRequired" : false,
"standardFlowEnabled" : false,
"implicitFlowEnabled" : false,
"directAccessGrantsEnabled" : true,
"serviceAccountsEnabled" : false,
"publicClient" : true,
"frontchannelLogout" : false,
"protocol" : "openid-connect",
"attributes" : {
"saml.force.post.binding" : "false",
"saml.multivalued.roles" : "false",
"frontchannel.logout.session.required" : "false",
"post.logout.redirect.uris" : "+",
"oauth2.device.authorization.grant.enabled" : "false",
"backchannel.logout.revoke.offline.tokens" : "false",
"saml.server.signature.keyinfo.ext" : "false",
"use.refresh.tokens" : "true",
"oidc.ciba.grant.enabled" : "false",
"backchannel.logout.session.required" : "false",
"client_credentials.use_refresh_token" : "false",
"require.pushed.authorization.requests" : "false",
"saml.client.signature" : "false",
"saml.allow.ecp.flow" : "false",
"id.token.as.detached.signature" : "false",
"saml.assertion.signature" : "false",
"saml.encrypt" : "false",
"saml.server.signature" : "false",
"exclude.session.state.from.auth.response" : "false",
"saml.artifact.binding" : "false",
"saml_force_name_id_format" : "false",
"acr.loa.map" : "{}",
"tls.client.certificate.bound.access.tokens" : "false",
"saml.authnstatement" : "false",
"display.on.consent.screen" : "false",
"token.response.type.bearer.lower-case" : "false",
"saml.onetimeuse.condition" : "false"
Squashed 'spiffworkflow-backend/' changes from 03bf7a61..10c443a2 10c443a2 Merge pull request #130 from sartography/feature/data 71c803aa allow passing in the log level into the app w/ burnettk daeb82d9 Merge pull request #126 from sartography/dependabot/pip/typing-extensions-4.4.0 14c8f52c Merge pull request #123 from sartography/dependabot/pip/dot-github/workflows/poetry-1.2.2 92d204e6 Merge remote-tracking branch 'origin/main' into feature/data 1cb77901 run the save all bpmn script on server boot w/ burnettk 16a6f476 Bump typing-extensions from 4.3.0 to 4.4.0 d8ac61fc Bump poetry from 1.2.1 to 1.2.2 in /.github/workflows 3be27786 Merge pull request #131 from sartography/feature/permissions2 1fd8fc78 Merge remote-tracking branch 'origin/main' into feature/permissions2 d29621ae data setup on app boot 0b21a5d4 refactor bin/save_all_bpmn.py into service code 02fb9d61 lint c95db461 refactor scripts 98628fc2 This caused a problem with scopes when token timed out. d8b2323b merged in main and resolved conflicts d01b4fc7 updated sentry-sdk to resolve deprecation warnings 5851ddf5 update for mypy in python 3.9 508f9900 merged in main and resolved conflicts 68d69978 precommit w/ burnettk 85a4ee16 removed debug print statements w/ burnettk 93eb91f4 added keycloak configs and user perms for staging w/ burnettk e4ded8fc added method to import permissions from yml file w/ burnettk 22ba89ae use percents instead of asterisks to better support db syntax w/ burnettk 0c116ae8 postgres does not use backticks w/ burnettk 621ad3ef attempting to see if sql like statement works in other dbs as well w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 10c443a2d82752e8ed9d1679afe6409d81029006
2022-10-12 19:28:52 +00:00
},
"authenticationFlowBindingOverrides" : { },
"fullScopeAllowed" : false,
"nodeReRegistrationTimeout" : 0,
"defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ],
"optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
}, {
"id" : "55d75754-cf1b-4875-bf3e-15add4be8c99",
"clientId" : "broker",
"name" : "${client_broker}",
"surrogateAuthRequired" : false,
"enabled" : false,
"alwaysDisplayInConsole" : false,
"clientAuthenticatorType" : "client-secret",
"redirectUris" : [ ],
"webOrigins" : [ ],
"notBefore" : 0,
"bearerOnly" : true,
"consentRequired" : false,
"standardFlowEnabled" : true,
"implicitFlowEnabled" : false,
"directAccessGrantsEnabled" : false,
"serviceAccountsEnabled" : false,
"publicClient" : false,
"frontchannelLogout" : false,
"protocol" : "openid-connect",
"attributes" : {
"saml.force.post.binding" : "false",
"saml.multivalued.roles" : "false",
"frontchannel.logout.session.required" : "false",
"post.logout.redirect.uris" : "+",
"oauth2.device.authorization.grant.enabled" : "false",
"backchannel.logout.revoke.offline.tokens" : "false",
"saml.server.signature.keyinfo.ext" : "false",
"use.refresh.tokens" : "true",
"oidc.ciba.grant.enabled" : "false",
"backchannel.logout.session.required" : "false",
"client_credentials.use_refresh_token" : "false",
"require.pushed.authorization.requests" : "false",
"saml.client.signature" : "false",
"saml.allow.ecp.flow" : "false",
"id.token.as.detached.signature" : "false",
"saml.assertion.signature" : "false",
"saml.encrypt" : "false",
"saml.server.signature" : "false",
"exclude.session.state.from.auth.response" : "false",
"saml.artifact.binding" : "false",
"saml_force_name_id_format" : "false",
"acr.loa.map" : "{}",
"tls.client.certificate.bound.access.tokens" : "false",
"saml.authnstatement" : "false",
"display.on.consent.screen" : "false",
"token.response.type.bearer.lower-case" : "false",
"saml.onetimeuse.condition" : "false"
Squashed 'spiffworkflow-backend/' changes from 03bf7a61..10c443a2 10c443a2 Merge pull request #130 from sartography/feature/data 71c803aa allow passing in the log level into the app w/ burnettk daeb82d9 Merge pull request #126 from sartography/dependabot/pip/typing-extensions-4.4.0 14c8f52c Merge pull request #123 from sartography/dependabot/pip/dot-github/workflows/poetry-1.2.2 92d204e6 Merge remote-tracking branch 'origin/main' into feature/data 1cb77901 run the save all bpmn script on server boot w/ burnettk 16a6f476 Bump typing-extensions from 4.3.0 to 4.4.0 d8ac61fc Bump poetry from 1.2.1 to 1.2.2 in /.github/workflows 3be27786 Merge pull request #131 from sartography/feature/permissions2 1fd8fc78 Merge remote-tracking branch 'origin/main' into feature/permissions2 d29621ae data setup on app boot 0b21a5d4 refactor bin/save_all_bpmn.py into service code 02fb9d61 lint c95db461 refactor scripts 98628fc2 This caused a problem with scopes when token timed out. d8b2323b merged in main and resolved conflicts d01b4fc7 updated sentry-sdk to resolve deprecation warnings 5851ddf5 update for mypy in python 3.9 508f9900 merged in main and resolved conflicts 68d69978 precommit w/ burnettk 85a4ee16 removed debug print statements w/ burnettk 93eb91f4 added keycloak configs and user perms for staging w/ burnettk e4ded8fc added method to import permissions from yml file w/ burnettk 22ba89ae use percents instead of asterisks to better support db syntax w/ burnettk 0c116ae8 postgres does not use backticks w/ burnettk 621ad3ef attempting to see if sql like statement works in other dbs as well w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 10c443a2d82752e8ed9d1679afe6409d81029006
2022-10-12 19:28:52 +00:00
},
"authenticationFlowBindingOverrides" : { },
"fullScopeAllowed" : false,
"nodeReRegistrationTimeout" : 0,
"defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ],
"optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
}, {
"id" : "4ce68130-aced-4e67-936a-8082dc843cc2",
"clientId" : "realm-management",
"name" : "${client_realm-management}",
"surrogateAuthRequired" : false,
"enabled" : false,
"alwaysDisplayInConsole" : false,
"clientAuthenticatorType" : "client-secret",
"redirectUris" : [ ],
"webOrigins" : [ ],
"notBefore" : 0,
"bearerOnly" : true,
"consentRequired" : false,
"standardFlowEnabled" : true,
"implicitFlowEnabled" : false,
"directAccessGrantsEnabled" : false,
"serviceAccountsEnabled" : false,
"publicClient" : false,
"frontchannelLogout" : false,
"protocol" : "openid-connect",
"attributes" : {
"saml.force.post.binding" : "false",
"saml.multivalued.roles" : "false",
"frontchannel.logout.session.required" : "false",
"post.logout.redirect.uris" : "+",
"oauth2.device.authorization.grant.enabled" : "false",
"backchannel.logout.revoke.offline.tokens" : "false",
"saml.server.signature.keyinfo.ext" : "false",
"use.refresh.tokens" : "true",
"oidc.ciba.grant.enabled" : "false",
"backchannel.logout.session.required" : "false",
"client_credentials.use_refresh_token" : "false",
"require.pushed.authorization.requests" : "false",
"saml.client.signature" : "false",
"saml.allow.ecp.flow" : "false",
"id.token.as.detached.signature" : "false",
"saml.assertion.signature" : "false",
"saml.encrypt" : "false",
"saml.server.signature" : "false",
"exclude.session.state.from.auth.response" : "false",
"saml.artifact.binding" : "false",
"saml_force_name_id_format" : "false",
"acr.loa.map" : "{}",
"tls.client.certificate.bound.access.tokens" : "false",
"saml.authnstatement" : "false",
"display.on.consent.screen" : "false",
"token.response.type.bearer.lower-case" : "false",
"saml.onetimeuse.condition" : "false"
Squashed 'spiffworkflow-backend/' changes from f9c2fa21e..5225a8b4c 5225a8b4c pyl 259f74a1e Merge branch 'main' into bug/refresh-token d452208ef Merge pull request #135 from sartography/feature/permissions3 8e1075406 Merge branch 'main' into bug/refresh-token 2b01d2fe7 fixed authentication_callback and getting the user w/ burnettk 476e36c7d mypy changes 6403e62c0 Fix migration after merging main 594a32b67 merged in main and resolved conflicts w/ burnettk b285ba1a1 added updated columns to secrets and updated flask-bpmn 7c53fc9fa Merge remote-tracking branch 'origin/main' into feature/permissions3 201a6918a pyl changes a6112f7fb Merge branch 'main' into bug/refresh-token 87f65a6c6 auth_token should be dictionary, not string f163de61c pyl 1f443bb94 PublicAuthenticationService -> AuthenticationService 6c491a3df Don't refresh token here. They just logged in. We are validating the returned token. If it is bad, raise an error. 91b8649f8 id_token -> auth_token fc94774bb Move `store_refresh_token` to authentication_service 00d66e9c5 mypy c4e415dbe mypy 1e75716eb Pre commit a72b03e09 Rename method. We pass it auth_tokens, not id_tokens 9a6700a6d Too many things expect g.token. Reverting my change 74883fb23 Noe store refresh_token, and try to use it if auth_token is expired Renamed some methods to use correct token type be0557013 Cleanup - remove unused code cf01f0d51 Add refresh_token model 1c0c937af added method to delete all permissions so we can recreate them w/ burnettk aaeaac879 Merge remote-tracking branch 'origin/main' into feature/permissions3 44856fce2 added api endpoint to check if user has permissions based on given target uris w/ burnettk ae830054d precommit w/ burnettk 94d50efb1 created common method to check whether an api method should have auth w/ burnettk c955335d0 precommit w/ burnettk 37caf1a69 added a finance user to keycloak and fixed up the staging permission yml w/ burnettk 93c456294 merged in main and resolved conflicts w/ burnettk 06a7c6485 remaining tests are now passing w/ burnettk 50529d04c added test to make sure api gives a 403 if a permission is not found w/ burnettk 6a9d0a68a api calls are somewhat respecting permissions now and the process api tests are passing d07fbbeff attempting to respect permissions w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 5225a8b4c101133567d4f7efa33632d36c29c81d
2022-10-20 20:00:12 +00:00
},
"authenticationFlowBindingOverrides" : { },
"fullScopeAllowed" : false,
"nodeReRegistrationTimeout" : 0,
"defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ],
"optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
}, {
"id" : "7c82344d-d4ae-4599-bbce-583cc8848199",
"clientId" : "security-admin-console",
"name" : "${client_security-admin-console}",
"rootUrl" : "${authAdminUrl}",
"baseUrl" : "/admin/spiffworkflow/console/",
"surrogateAuthRequired" : false,
"enabled" : false,
"alwaysDisplayInConsole" : false,
"clientAuthenticatorType" : "client-secret",
"redirectUris" : [ "/admin/spiffworkflow/console/*" ],
"webOrigins" : [ "+" ],
"notBefore" : 0,
"bearerOnly" : false,
"consentRequired" : false,
"standardFlowEnabled" : true,
"implicitFlowEnabled" : false,
"directAccessGrantsEnabled" : false,
"serviceAccountsEnabled" : false,
"publicClient" : true,
"frontchannelLogout" : false,
"protocol" : "openid-connect",
"attributes" : {
"saml.force.post.binding" : "false",
"saml.multivalued.roles" : "false",
"frontchannel.logout.session.required" : "false",
"post.logout.redirect.uris" : "+",
"oauth2.device.authorization.grant.enabled" : "false",
"backchannel.logout.revoke.offline.tokens" : "false",
"saml.server.signature.keyinfo.ext" : "false",
"use.refresh.tokens" : "true",
"oidc.ciba.grant.enabled" : "false",
"backchannel.logout.session.required" : "false",
"client_credentials.use_refresh_token" : "false",
"require.pushed.authorization.requests" : "false",
"saml.client.signature" : "false",
"pkce.code.challenge.method" : "S256",
"saml.allow.ecp.flow" : "false",
"id.token.as.detached.signature" : "false",
"saml.assertion.signature" : "false",
"saml.encrypt" : "false",
"saml.server.signature" : "false",
"exclude.session.state.from.auth.response" : "false",
"saml.artifact.binding" : "false",
"saml_force_name_id_format" : "false",
"acr.loa.map" : "{}",
"tls.client.certificate.bound.access.tokens" : "false",
"saml.authnstatement" : "false",
"display.on.consent.screen" : "false",
"token.response.type.bearer.lower-case" : "false",
"saml.onetimeuse.condition" : "false"
Squashed 'spiffworkflow-backend/' changes from 03bf7a61..10c443a2 10c443a2 Merge pull request #130 from sartography/feature/data 71c803aa allow passing in the log level into the app w/ burnettk daeb82d9 Merge pull request #126 from sartography/dependabot/pip/typing-extensions-4.4.0 14c8f52c Merge pull request #123 from sartography/dependabot/pip/dot-github/workflows/poetry-1.2.2 92d204e6 Merge remote-tracking branch 'origin/main' into feature/data 1cb77901 run the save all bpmn script on server boot w/ burnettk 16a6f476 Bump typing-extensions from 4.3.0 to 4.4.0 d8ac61fc Bump poetry from 1.2.1 to 1.2.2 in /.github/workflows 3be27786 Merge pull request #131 from sartography/feature/permissions2 1fd8fc78 Merge remote-tracking branch 'origin/main' into feature/permissions2 d29621ae data setup on app boot 0b21a5d4 refactor bin/save_all_bpmn.py into service code 02fb9d61 lint c95db461 refactor scripts 98628fc2 This caused a problem with scopes when token timed out. d8b2323b merged in main and resolved conflicts d01b4fc7 updated sentry-sdk to resolve deprecation warnings 5851ddf5 update for mypy in python 3.9 508f9900 merged in main and resolved conflicts 68d69978 precommit w/ burnettk 85a4ee16 removed debug print statements w/ burnettk 93eb91f4 added keycloak configs and user perms for staging w/ burnettk e4ded8fc added method to import permissions from yml file w/ burnettk 22ba89ae use percents instead of asterisks to better support db syntax w/ burnettk 0c116ae8 postgres does not use backticks w/ burnettk 621ad3ef attempting to see if sql like statement works in other dbs as well w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 10c443a2d82752e8ed9d1679afe6409d81029006
2022-10-12 19:28:52 +00:00
},
"authenticationFlowBindingOverrides" : { },
"fullScopeAllowed" : false,
"nodeReRegistrationTimeout" : 0,
"protocolMappers" : [ {
"id" : "949c8afa-a06e-4a86-9260-6f477fc9ad9d",
"name" : "locale",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-attribute-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "locale",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "locale",
"jsonType.label" : "String"
}
} ],
"defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ],
"optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
}, {
"id" : "f44558af-3601-4e54-b854-08396a247544",
"clientId" : "spiffworkflow-backend",
"surrogateAuthRequired" : false,
"enabled" : true,
"alwaysDisplayInConsole" : false,
"clientAuthenticatorType" : "client-secret",
"secret" : "JXeQExm0JhQPLumgHtIIqf52bDalHz0q",
"redirectUris" : [ "http://localhost:7000/*", "https://api.unused-for-local-dev.spiffworkflow.org/*", "http://67.205.133.116:7000/*", "http://167.172.242.138:7000/*", "https://api.demo.spiffworkflow.org/*" ],
"webOrigins" : [ ],
"notBefore" : 0,
"bearerOnly" : false,
"consentRequired" : false,
"standardFlowEnabled" : true,
"implicitFlowEnabled" : false,
"directAccessGrantsEnabled" : true,
"serviceAccountsEnabled" : true,
"authorizationServicesEnabled" : true,
"publicClient" : false,
"frontchannelLogout" : false,
"protocol" : "openid-connect",
"attributes" : {
"saml.force.post.binding" : "false",
"saml.multivalued.roles" : "false",
"frontchannel.logout.session.required" : "false",
"post.logout.redirect.uris" : "+",
"oauth2.device.authorization.grant.enabled" : "false",
"backchannel.logout.revoke.offline.tokens" : "false",
"saml.server.signature.keyinfo.ext" : "false",
"use.refresh.tokens" : "true",
"oidc.ciba.grant.enabled" : "false",
"backchannel.logout.session.required" : "true",
"client_credentials.use_refresh_token" : "false",
"require.pushed.authorization.requests" : "false",
"saml.client.signature" : "false",
"saml.allow.ecp.flow" : "false",
"id.token.as.detached.signature" : "false",
"saml.assertion.signature" : "false",
"client.secret.creation.time" : "1657115173",
"saml.encrypt" : "false",
"saml.server.signature" : "false",
"exclude.session.state.from.auth.response" : "false",
"saml.artifact.binding" : "false",
"saml_force_name_id_format" : "false",
"acr.loa.map" : "{}",
"tls.client.certificate.bound.access.tokens" : "false",
"saml.authnstatement" : "false",
"display.on.consent.screen" : "false",
"token.response.type.bearer.lower-case" : "false",
"saml.onetimeuse.condition" : "false"
},
"authenticationFlowBindingOverrides" : { },
"fullScopeAllowed" : true,
"nodeReRegistrationTimeout" : -1,
"protocolMappers" : [ {
"id" : "af3598ab-74a9-48ba-956f-431b14acd896",
"name" : "Client IP Address",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usersessionmodel-note-mapper",
"consentRequired" : false,
"config" : {
"user.session.note" : "clientAddress",
"userinfo.token.claim" : "true",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "clientAddress",
"jsonType.label" : "String"
}
}, {
"id" : "87369cf7-2a77-40fd-a926-a26d689831a0",
"name" : "Client Host",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usersessionmodel-note-mapper",
"consentRequired" : false,
"config" : {
"user.session.note" : "clientHost",
"userinfo.token.claim" : "true",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "clientHost",
"jsonType.label" : "String"
}
}, {
"id" : "2c78d7e8-0a99-43bd-bc29-0ba062ed8750",
"name" : "Client ID",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usersessionmodel-note-mapper",
"consentRequired" : false,
"config" : {
"user.session.note" : "clientId",
"userinfo.token.claim" : "true",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "clientId",
"jsonType.label" : "String"
}
} ],
"defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ],
"optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ],
"authorizationSettings" : {
"allowRemoteResourceManagement" : true,
"policyEnforcementMode" : "ENFORCING",
"resources" : [ {
"name" : "everything",
"ownerManagedAccess" : false,
"attributes" : { },
"_id" : "446bdcf4-a3bd-41c7-a0f8-67a225ba6b57",
"uris" : [ "/*" ],
"scopes" : [ {
"name" : "read"
}, {
"name" : "update"
}, {
"name" : "delete"
}, {
"name" : "instantiate"
} ]
}, {
"name" : "Default Resource",
"type" : "urn:spiffworkflow-backend:resources:default",
"ownerManagedAccess" : false,
"attributes" : { },
"_id" : "8e00e4a3-3fff-4521-b7f0-95f66c2f79d2",
"uris" : [ "/*" ]
}, {
"name" : "process-model-with-repeating-form-crud",
"type" : "process-model",
"ownerManagedAccess" : false,
"displayName" : "process-model-with-repeating-form-crud",
"attributes" : {
"test_resource_att1" : [ "this_is_the_value" ]
},
"_id" : "e294304c-796e-4c56-bdf2-8c854f65db59",
"uris" : [ "/process-models/category_number_one/process-model-with-repeating-form" ],
"scopes" : [ {
"name" : "read"
}, {
"name" : "update"
}, {
"name" : "delete"
}, {
"name" : "instantiate"
} ]
} ],
"policies" : [ {
"id" : "048d043e-d98c-44d8-8c85-656ba117053e",
"name" : "repeat-form-role-policy",
"type" : "role",
"logic" : "POSITIVE",
"decisionStrategy" : "UNANIMOUS",
"config" : {
"roles" : "[{\"id\":\"spiffworkflow-backend/repeat-form-role-2\",\"required\":false}]"
}
}, {
"id" : "ac55237b-6ec9-4f66-bb8e-bee94a5bb5e9",
"name" : "admins have everything",
"type" : "role",
"logic" : "POSITIVE",
"decisionStrategy" : "UNANIMOUS",
"config" : {
"roles" : "[{\"id\":\"spiffworkflow-backend/spiffworkflow-admin\",\"required\":false}]"
}
}, {
"id" : "7dac9bea-d415-4bc4-8817-7a71c2b3ce32",
"name" : "Default Policy",
"description" : "A policy that grants access only for users within this realm",
"type" : "role",
"logic" : "POSITIVE",
"decisionStrategy" : "AFFIRMATIVE",
"config" : {
"roles" : "[{\"id\":\"spiffworkflow-backend/repeat-form-role-2\",\"required\":false}]"
}
}, {
"id" : "5133ae0b-5e90-48a6-bdd9-3f323e10c44d",
"name" : "repeat-form-read",
"type" : "scope",
"logic" : "POSITIVE",
"decisionStrategy" : "UNANIMOUS",
"config" : {
"resources" : "[\"process-model-with-repeating-form-crud\"]",
"scopes" : "[\"read\"]",
"applyPolicies" : "[\"repeat-form-role-policy\"]"
}
}, {
"id" : "0a86ae38-7460-4bc2-b1f9-f933531303ac",
"name" : "all_permissions",
"type" : "resource",
"logic" : "POSITIVE",
"decisionStrategy" : "UNANIMOUS",
"config" : {
"resources" : "[\"everything\"]",
"applyPolicies" : "[\"admins have everything\"]"
}
}, {
"id" : "4b634627-51d9-4257-91d9-29503490e4fb",
"name" : "Default Permission",
"description" : "A permission that applies to the default resource type",
"type" : "resource",
"logic" : "POSITIVE",
"decisionStrategy" : "UNANIMOUS",
"config" : {
"defaultResourceType" : "urn:spiffworkflow-backend:resources:default",
"applyPolicies" : "[\"Default Policy\"]"
}
} ],
"scopes" : [ {
"id" : "c03b5c4e-f1bb-4066-8666-3c8a6f44ddb3",
"name" : "read",
"displayName" : "read"
}, {
"id" : "f55c3e81-9257-4618-9acb-32c57fc561a6",
"name" : "update",
"displayName" : "update"
}, {
"id" : "c8628417-7ffa-4675-9cda-955df62ea1db",
"name" : "delete",
"displayName" : "delete"
}, {
"id" : "50ef4129-aa88-4ecd-9afe-c7e5a1b66142",
"name" : "instantiate",
"displayName" : "instantiate"
} ],
"decisionStrategy" : "UNANIMOUS"
}
}, {
"id" : "9f340eba-2b84-43d0-a976-010e270e3981",
"clientId" : "spiffworkflow-frontend",
"surrogateAuthRequired" : false,
"enabled" : true,
"alwaysDisplayInConsole" : false,
"clientAuthenticatorType" : "client-secret",
"redirectUris" : [ "https://api.unused-for-local-dev.spiffworkflow.org/*", "http://localhost:7001/*", "http://67.205.133.116:7000/*", "http://167.172.242.138:7001/*", "https://api.demo.spiffworkflow.org/*" ],
"webOrigins" : [ "*" ],
"notBefore" : 0,
"bearerOnly" : false,
"consentRequired" : false,
"standardFlowEnabled" : true,
"implicitFlowEnabled" : false,
"directAccessGrantsEnabled" : true,
"serviceAccountsEnabled" : false,
"publicClient" : true,
"frontchannelLogout" : false,
"protocol" : "openid-connect",
"attributes" : {
"saml.force.post.binding" : "false",
"saml.multivalued.roles" : "false",
"frontchannel.logout.session.required" : "false",
"post.logout.redirect.uris" : "+",
"oauth2.device.authorization.grant.enabled" : "false",
"backchannel.logout.revoke.offline.tokens" : "false",
"saml.server.signature.keyinfo.ext" : "false",
"use.refresh.tokens" : "true",
"oidc.ciba.grant.enabled" : "false",
"backchannel.logout.session.required" : "true",
"client_credentials.use_refresh_token" : "false",
"require.pushed.authorization.requests" : "false",
"saml.client.signature" : "false",
"saml.allow.ecp.flow" : "false",
"id.token.as.detached.signature" : "false",
"saml.assertion.signature" : "false",
"saml.encrypt" : "false",
"saml.server.signature" : "false",
"exclude.session.state.from.auth.response" : "false",
"saml.artifact.binding" : "false",
"saml_force_name_id_format" : "false",
"acr.loa.map" : "{}",
"tls.client.certificate.bound.access.tokens" : "false",
"saml.authnstatement" : "false",
"display.on.consent.screen" : "false",
"token.response.type.bearer.lower-case" : "false",
"saml.onetimeuse.condition" : "false"
},
"authenticationFlowBindingOverrides" : { },
"fullScopeAllowed" : true,
"nodeReRegistrationTimeout" : -1,
"defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ],
"optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
}, {
"id" : "5d94a8c3-f56b-4eff-ac39-8580053a7fbe",
"clientId" : "withAuth",
"surrogateAuthRequired" : false,
"enabled" : true,
"alwaysDisplayInConsole" : false,
"clientAuthenticatorType" : "client-secret",
"secret" : "6o8kIKQznQtejHOdRhWeKorBJclMGcgA",
"redirectUris" : [ "https://api.unused-for-local-dev.spiffworkflow.org/*", "http://localhost:7001/*", "http://67.205.133.116:7000/*", "http://167.172.242.138:7001/*", "https://api.demo.spiffworkflow.org/*" ],
"webOrigins" : [ ],
"notBefore" : 0,
"bearerOnly" : false,
"consentRequired" : false,
"standardFlowEnabled" : true,
"implicitFlowEnabled" : false,
"directAccessGrantsEnabled" : true,
"serviceAccountsEnabled" : true,
"authorizationServicesEnabled" : true,
"publicClient" : false,
"frontchannelLogout" : false,
"protocol" : "openid-connect",
"attributes" : {
"saml.force.post.binding" : "false",
"saml.multivalued.roles" : "false",
"frontchannel.logout.session.required" : "false",
"post.logout.redirect.uris" : "+",
"oauth2.device.authorization.grant.enabled" : "false",
"backchannel.logout.revoke.offline.tokens" : "false",
"saml.server.signature.keyinfo.ext" : "false",
"use.refresh.tokens" : "true",
"oidc.ciba.grant.enabled" : "false",
"backchannel.logout.session.required" : "true",
"client_credentials.use_refresh_token" : "false",
"require.pushed.authorization.requests" : "false",
"saml.client.signature" : "false",
"saml.allow.ecp.flow" : "false",
"id.token.as.detached.signature" : "false",
"saml.assertion.signature" : "false",
"client.secret.creation.time" : "1657055472",
"saml.encrypt" : "false",
"saml.server.signature" : "false",
"exclude.session.state.from.auth.response" : "false",
"saml.artifact.binding" : "false",
"saml_force_name_id_format" : "false",
"acr.loa.map" : "{}",
"tls.client.certificate.bound.access.tokens" : "false",
"saml.authnstatement" : "false",
"display.on.consent.screen" : "false",
"token.response.type.bearer.lower-case" : "false",
"saml.onetimeuse.condition" : "false"
},
"authenticationFlowBindingOverrides" : { },
"fullScopeAllowed" : true,
"nodeReRegistrationTimeout" : -1,
"protocolMappers" : [ {
"id" : "abfc756f-fc57-45b4-8a40-0cd0f8081f0c",
"name" : "Client ID",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usersessionmodel-note-mapper",
"consentRequired" : false,
"config" : {
"user.session.note" : "clientId",
"userinfo.token.claim" : "true",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "clientId",
"jsonType.label" : "String"
}
}, {
"id" : "c05d38b7-9b4d-4286-b40c-f48b3cca42e3",
"name" : "Client Host",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usersessionmodel-note-mapper",
"consentRequired" : false,
"config" : {
"user.session.note" : "clientHost",
"userinfo.token.claim" : "true",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "clientHost",
"jsonType.label" : "String"
}
}, {
"id" : "b27d0bd8-b8d9-43cb-a07a-3ec4bdc818dc",
"name" : "Client IP Address",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usersessionmodel-note-mapper",
"consentRequired" : false,
"config" : {
"user.session.note" : "clientAddress",
"userinfo.token.claim" : "true",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "clientAddress",
"jsonType.label" : "String"
}
} ],
"defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ],
"optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ],
"authorizationSettings" : {
"allowRemoteResourceManagement" : true,
"policyEnforcementMode" : "ENFORCING",
"resources" : [ {
"name" : "Default Resource",
"type" : "urn:withAuth:resources:default",
"ownerManagedAccess" : false,
"attributes" : { },
"_id" : "c882ad40-c15d-4f88-ad60-c2ea2f486ce2",
"uris" : [ "/*" ]
} ],
"policies" : [ {
"id" : "b8b338bc-884d-43cf-96d8-3776f2b220f3",
"name" : "Default Policy",
"description" : "A policy that grants access only for users within this realm",
"type" : "role",
"logic" : "POSITIVE",
"decisionStrategy" : "AFFIRMATIVE",
"config" : {
"roles" : "[{\"id\":\"spiffworkflow-backend/repeat-form-role-2\",\"required\":false}]"
}
}, {
"id" : "4f5afa22-0fdf-4ed7-97b9-35400591bf6f",
"name" : "Default Permission",
"description" : "A permission that applies to the default resource type",
"type" : "resource",
"logic" : "POSITIVE",
"decisionStrategy" : "UNANIMOUS",
"config" : {
"defaultResourceType" : "urn:withAuth:resources:default",
"applyPolicies" : "[\"Default Policy\"]"
}
} ],
"scopes" : [ ],
"decisionStrategy" : "UNANIMOUS"
}
} ],
"clientScopes" : [ {
"id" : "fa3d9944-cf66-4af9-b931-1f3b02943e5b",
"name" : "acr",
"description" : "OpenID Connect scope for add acr (authentication context class reference) to the token",
"protocol" : "openid-connect",
"attributes" : {
"include.in.token.scope" : "false",
"display.on.consent.screen" : "false"
},
"protocolMappers" : [ {
"id" : "12ad0a69-d414-4b5b-9f5f-b647db5f8959",
"name" : "acr loa level",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-acr-mapper",
"consentRequired" : false,
"config" : {
"id.token.claim" : "true",
"access.token.claim" : "true",
"userinfo.token.claim" : "true"
}
} ]
}, {
"id" : "4e69d058-1229-4704-9411-decf25da0a49",
"name" : "profile",
"description" : "OpenID Connect built-in scope: profile",
"protocol" : "openid-connect",
"attributes" : {
"include.in.token.scope" : "true",
"display.on.consent.screen" : "true",
"consent.screen.text" : "${profileScopeConsentText}"
},
"protocolMappers" : [ {
"id" : "d0d7334e-3f11-45d2-9670-46dbc1977cb2",
"name" : "full name",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-full-name-mapper",
"consentRequired" : false,
"config" : {
"id.token.claim" : "true",
"access.token.claim" : "true",
"userinfo.token.claim" : "true"
}
}, {
"id" : "4efcf169-4df2-4cdb-b331-005aff1cee28",
"name" : "website",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-attribute-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "website",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "website",
"jsonType.label" : "String"
}
}, {
"id" : "3f639f2f-cf0e-4651-ab93-15a77023b5a0",
"name" : "given name",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-property-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "firstName",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "given_name",
"jsonType.label" : "String"
}
}, {
"id" : "16e93663-bf6a-4f6d-b5ab-8e68bf118f72",
"name" : "nickname",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-attribute-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "nickname",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "nickname",
"jsonType.label" : "String"
}
}, {
"id" : "b9c97283-8153-4c4d-b8d8-dd1bde17823b",
"name" : "username",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-property-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "username",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "preferred_username",
"jsonType.label" : "String"
}
}, {
"id" : "eeead6c7-1dae-4be1-9eca-988ffb38aaf4",
"name" : "zoneinfo",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-attribute-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "zoneinfo",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "zoneinfo",
"jsonType.label" : "String"
}
}, {
"id" : "d62991bc-2583-42be-bb08-8d1527c4f162",
"name" : "family name",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-property-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "lastName",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "family_name",
"jsonType.label" : "String"
}
}, {
"id" : "9f761222-f84d-4a25-a53f-13e196d38a46",
"name" : "profile",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-attribute-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "profile",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "profile",
"jsonType.label" : "String"
}
}, {
"id" : "ec866e3c-582f-4c99-920f-d57cf03d772d",
"name" : "gender",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-attribute-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "gender",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "gender",
"jsonType.label" : "String"
}
}, {
"id" : "b05e679c-e00e-427e-8e47-0a4fd411c7a6",
"name" : "updated at",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-attribute-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "updatedAt",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "updated_at",
"jsonType.label" : "long"
}
}, {
"id" : "505ff402-5533-48ea-91f9-ab4804c3826b",
"name" : "middle name",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-attribute-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "middleName",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "middle_name",
"jsonType.label" : "String"
}
}, {
"id" : "d546af31-b669-442b-9a9d-8a6478364002",
"name" : "picture",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-attribute-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "picture",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "picture",
"jsonType.label" : "String"
}
}, {
"id" : "5a75c993-290f-4bfb-9044-5d7d269378b2",
"name" : "birthdate",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-attribute-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "birthdate",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "birthdate",
"jsonType.label" : "String"
}
}, {
"id" : "2d387240-0f2f-4f30-8464-0e7c57946743",
"name" : "locale",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-attribute-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "locale",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "locale",
"jsonType.label" : "String"
}
} ]
}, {
"id" : "2efee39d-723c-44af-9eb1-4dde9635b249",
"name" : "email",
"description" : "OpenID Connect built-in scope: email",
"protocol" : "openid-connect",
"attributes" : {
"include.in.token.scope" : "true",
"display.on.consent.screen" : "true",
"consent.screen.text" : "${emailScopeConsentText}"
},
"protocolMappers" : [ {
"id" : "5bf7db0f-a915-43c2-bff4-475ee5c3259b",
"name" : "email",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-property-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "email",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "email",
"jsonType.label" : "String"
}
}, {
"id" : "687a8c7d-c93f-47d9-a176-78b0954429c7",
"name" : "email verified",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-property-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "emailVerified",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "email_verified",
"jsonType.label" : "boolean"
}
} ]
}, {
"id" : "4a7737cf-83e3-40e1-b36d-9566b34e4148",
"name" : "phone",
"description" : "OpenID Connect built-in scope: phone",
"protocol" : "openid-connect",
"attributes" : {
"include.in.token.scope" : "true",
"display.on.consent.screen" : "true",
"consent.screen.text" : "${phoneScopeConsentText}"
},
"protocolMappers" : [ {
"id" : "14bd2816-a2f3-4fde-9ac2-452dea2e9e58",
"name" : "phone number",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-attribute-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "phoneNumber",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "phone_number",
"jsonType.label" : "String"
}
}, {
"id" : "6172e315-8999-4df8-89fa-75ffd1981793",
"name" : "phone number verified",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-attribute-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "phoneNumberVerified",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "phone_number_verified",
"jsonType.label" : "boolean"
}
} ]
}, {
"id" : "5ad0c621-d3ec-4018-98c8-d6fb630d661f",
"name" : "microprofile-jwt",
"description" : "Microprofile - JWT built-in scope",
"protocol" : "openid-connect",
"attributes" : {
"include.in.token.scope" : "true",
"display.on.consent.screen" : "false"
},
"protocolMappers" : [ {
"id" : "252fdd9f-cc91-4ca3-aaab-cdf053360e94",
"name" : "groups",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-realm-role-mapper",
"consentRequired" : false,
"config" : {
"multivalued" : "true",
"userinfo.token.claim" : "true",
"user.attribute" : "foo",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "groups",
"jsonType.label" : "String"
}
}, {
"id" : "8e9b880e-6dd8-4e2f-ade2-77fc8fd0bc6d",
"name" : "upn",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-property-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "username",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "upn",
"jsonType.label" : "String"
}
} ]
}, {
"id" : "77ca4f26-3777-451b-a907-e258f46f7b95",
"name" : "roles",
"description" : "OpenID Connect scope for add user roles to the access token",
"protocol" : "openid-connect",
"attributes" : {
"include.in.token.scope" : "false",
"display.on.consent.screen" : "true",
"consent.screen.text" : "${rolesScopeConsentText}"
},
"protocolMappers" : [ {
"id" : "e7ebb9c0-5ed3-4c6f-bb69-22e01d26b49f",
"name" : "audience resolve",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-audience-resolve-mapper",
"consentRequired" : false,
"config" : { }
}, {
"id" : "66fd470f-419e-44cd-822e-43df8ee5fe1b",
"name" : "realm roles",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-realm-role-mapper",
"consentRequired" : false,
"config" : {
"user.attribute" : "foo",
"access.token.claim" : "true",
"claim.name" : "realm_access.roles",
"jsonType.label" : "String",
"multivalued" : "true"
}
}, {
"id" : "f3c313bc-7da7-4cf6-a0df-b62e77209b7c",
"name" : "client roles",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-client-role-mapper",
"consentRequired" : false,
"config" : {
"user.attribute" : "foo",
"access.token.claim" : "true",
"claim.name" : "resource_access.${client_id}.roles",
"jsonType.label" : "String",
"multivalued" : "true"
}
} ]
}, {
"id" : "3e9849f5-15ff-43c6-b929-40f26fda2c05",
"name" : "offline_access",
"description" : "OpenID Connect built-in scope: offline_access",
"protocol" : "openid-connect",
"attributes" : {
"consent.screen.text" : "${offlineAccessScopeConsentText}",
"display.on.consent.screen" : "true"
}
}, {
"id" : "ffda6ea6-8add-4c7e-9754-66d00c6735a1",
"name" : "web-origins",
"description" : "OpenID Connect scope for add allowed web origins to the access token",
"protocol" : "openid-connect",
"attributes" : {
"include.in.token.scope" : "false",
"display.on.consent.screen" : "false",
"consent.screen.text" : ""
},
"protocolMappers" : [ {
"id" : "05635d42-8bb3-440b-b871-b64c97f524da",
"name" : "allowed web origins",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-allowed-origins-mapper",
"consentRequired" : false,
"config" : { }
} ]
}, {
"id" : "6f56ae2b-253f-40f7-ba99-e8c5bbc71423",
"name" : "role_list",
"description" : "SAML role list",
"protocol" : "saml",
"attributes" : {
"consent.screen.text" : "${samlRoleListScopeConsentText}",
"display.on.consent.screen" : "true"
},
"protocolMappers" : [ {
"id" : "7036c17a-9306-4481-82a1-d8d9d77077e5",
"name" : "role list",
"protocol" : "saml",
"protocolMapper" : "saml-role-list-mapper",
"consentRequired" : false,
"config" : {
"single" : "false",
"attribute.nameformat" : "Basic",
"attribute.name" : "Role"
}
} ]
}, {
"id" : "ce4493c0-ccb4-45f9-a46e-a40cc3f6d4b2",
"name" : "address",
"description" : "OpenID Connect built-in scope: address",
"protocol" : "openid-connect",
"attributes" : {
"include.in.token.scope" : "true",
"display.on.consent.screen" : "true",
"consent.screen.text" : "${addressScopeConsentText}"
},
"protocolMappers" : [ {
"id" : "8a0d3248-d231-40b2-9b8e-3d63bd5a5d12",
"name" : "address",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-address-mapper",
"consentRequired" : false,
"config" : {
"user.attribute.formatted" : "formatted",
"user.attribute.country" : "country",
"user.attribute.postal_code" : "postal_code",
"userinfo.token.claim" : "true",
"user.attribute.street" : "street",
"id.token.claim" : "true",
"user.attribute.region" : "region",
"access.token.claim" : "true",
"user.attribute.locality" : "locality"
}
} ]
} ],
"defaultDefaultClientScopes" : [ "email", "profile", "role_list", "roles", "acr", "web-origins" ],
"defaultOptionalClientScopes" : [ "offline_access", "phone", "microprofile-jwt", "address" ],
"browserSecurityHeaders" : {
"contentSecurityPolicyReportOnly" : "",
"xContentTypeOptions" : "nosniff",
"xRobotsTag" : "none",
"xFrameOptions" : "SAMEORIGIN",
"contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
"xXSSProtection" : "1; mode=block",
"strictTransportSecurity" : "max-age=31536000; includeSubDomains"
},
"smtpServer" : { },
"eventsEnabled" : false,
"eventsListeners" : [ "jboss-logging" ],
"enabledEventTypes" : [ ],
"adminEventsEnabled" : false,
"adminEventsDetailsEnabled" : false,
"identityProviders" : [ ],
"identityProviderMappers" : [ ],
"components" : {
"org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ {
"id" : "b8617465-1c84-4a5f-a16f-a6f10f0f66b1",
"name" : "Trusted Hosts",
"providerId" : "trusted-hosts",
"subType" : "anonymous",
"subComponents" : { },
"config" : {
"host-sending-registration-request-must-match" : [ "true" ],
"client-uris-must-match" : [ "true" ]
}
}, {
"id" : "6061713a-c1f5-46e1-adfb-762b8768976a",
"name" : "Allowed Protocol Mapper Types",
"providerId" : "allowed-protocol-mappers",
"subType" : "authenticated",
"subComponents" : { },
"config" : {
"allowed-protocol-mapper-types" : [ "saml-user-attribute-mapper", "oidc-full-name-mapper", "saml-role-list-mapper", "saml-user-property-mapper", "oidc-address-mapper", "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper", "oidc-sha256-pairwise-sub-mapper" ]
}
}, {
"id" : "d68e938d-dde6-47d9-bdc8-8e8523eb08cd",
"name" : "Max Clients Limit",
"providerId" : "max-clients",
"subType" : "anonymous",
"subComponents" : { },
"config" : {
"max-clients" : [ "200" ]
}
}, {
"id" : "1209fa5d-37df-4f9a-b4fa-4a3cd94e21fe",
"name" : "Allowed Protocol Mapper Types",
"providerId" : "allowed-protocol-mappers",
"subType" : "anonymous",
"subComponents" : { },
"config" : {
"allowed-protocol-mapper-types" : [ "oidc-full-name-mapper", "saml-user-attribute-mapper", "saml-user-property-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-role-list-mapper", "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-address-mapper" ]
}
}, {
"id" : "3854361d-3fe5-47fb-9417-a99592e3dc5c",
"name" : "Allowed Client Scopes",
"providerId" : "allowed-client-templates",
"subType" : "authenticated",
"subComponents" : { },
"config" : {
"allow-default-scopes" : [ "true" ]
}
}, {
"id" : "4c4076ec-68ed-46c1-b0a5-3c8ed08dd4f6",
"name" : "Consent Required",
"providerId" : "consent-required",
"subType" : "anonymous",
"subComponents" : { },
"config" : { }
}, {
"id" : "bbbe2ea2-2a36-494b-b57f-8b202740ebf4",
"name" : "Full Scope Disabled",
"providerId" : "scope",
"subType" : "anonymous",
"subComponents" : { },
"config" : { }
}, {
"id" : "41eef3e1-bf71-4e8a-b729-fea8eb16b5d8",
"name" : "Allowed Client Scopes",
"providerId" : "allowed-client-templates",
"subType" : "anonymous",
"subComponents" : { },
"config" : {
"allow-default-scopes" : [ "true" ]
}
} ],
"org.keycloak.userprofile.UserProfileProvider" : [ {
"id" : "576f8c6a-00e6-45dd-a63d-614100fb2cc4",
"providerId" : "declarative-user-profile",
"subComponents" : { },
"config" : { }
} ],
"org.keycloak.keys.KeyProvider" : [ {
"id" : "1f9958a4-b3ac-4a1b-af95-fd8e6053864a",
"name" : "hmac-generated",
"providerId" : "hmac-generated",
"subComponents" : { },
"config" : {
"kid" : [ "4e99c641-0494-49d5-979f-45cb5126f6f1" ],
"secret" : [ "4wV4voiQmFajEegv83Ugd8DxFoy3JpN4YzO5qMx4XfB7Abq8NKU4Az5AkSpxYBSdb5GJEQypA4aLmnaDyCWLIw" ],
"priority" : [ "100" ],
"algorithm" : [ "HS256" ]
}
}, {
"id" : "70fe0720-f3b7-47b4-a625-ae8fb6635da1",
"name" : "aes-generated",
"providerId" : "aes-generated",
"subComponents" : { },
"config" : {
"kid" : [ "76118b54-fc74-4149-9028-fab1fdc07860" ],
"secret" : [ "DvxTn0KA4TEUPqSFBw8qAw" ],
"priority" : [ "100" ]
}
}, {
"id" : "a12fdd97-1d72-4d9e-9e6a-f9e0b5d4e5f0",
"name" : "rsa-generated",
"providerId" : "rsa-generated",
"subComponents" : { },
"config" : {
"privateKey" : [ "MIIEpAIBAAKCAQEAimbfmG2pL3qesWhUrQayRyYBbRFE0Ul5Ii/AW8Kq6Kad9R2n2sT2BvXWnsWBH6KuINUFJz3Tb+gWy235Jy0Idmekwx63JR20//ZJ7dyQ+b1iadmYPpqyixGL7NrVxQYT0AEGLcD/Fwsh869F3jgfQt7N15q2arRnOrW5NMwi+IvtHxZRZ3UluxShut2577ef8cakwCv4zoTV29y+Z3XhtlKZ4WOCuqIHL3SRHwNkb+k8cY0Gwc88FHl/ihFR0fX/lc7W2AHRd98ex8il4kBFfShBZur8ZLE7QWQdXRY2EYYr3D/W6/5wf/R2fAvbVmGzcYGZ2qm6d+K1XH8VU3X84wIDAQABAoIBABXXrHwa+nOCz57CD3MLNoGiDuGOsySwisyJartQmraC7TTtDDurkASDMe72zq0WeJK368tIp6DmqQpL/eFf6xD8xHUC2PajnJg033AJuluftvNroupmcb0e9M1ZsBkbH29Zagc4iUmyuRYDWGx8wPpFvYjEYvuuIwiR+3vIp9A/0ZbcBwdtml3Of5gYTXChPj28PrA4K7oFib2Zu1aYCBEdF8h9bKRF/UlvyWeSajjddexSQ6gkEjzAEMpliCDbOGSFGwNu1pY7FF4EpyJbalzdpn44m5v9bqfS9/CDrIOOUus88Nn5wCD2OAmAQnWn0Hnh7at4A5fw3VBUmEt70ckCgYEAx0Fg8Gp3SuMaytrf9HJHJcltyDRsdSxysF1ZvDV9cDUsD28QOa/wFJRVsABxqElU+W6QEc20NMgOHVyPFed5UhQA6WfmydzGIcF5C6T5IbE/5Uk3ptGuPdI0aR7rlRfefQOnUBr28dz5UDBTb93t9+Klxcss+nLGRbugnFBAtTUCgYEAsdD+92nuF/GfET97vbHxtJ6+epHddttWlsa5PVeVOZBE/LUsOZRxmxm4afvZGOkhUrvmA1+U0arcp9crS5+Ol2LUGh/9efqLvoBImBxLwB37VcIYLJi0EVPrhVPh+9r3vah1YMBhtapS0VtuEZOr47Yz7asBg1s1Z06l+bD1JLcCgYA+3YS9NYn/qZl5aQcBs9B4vo2RfeC+M1DYDgvS0rmJ3mzRTcQ7vyOrCoXiarFxW/mgXN69jz4M7RVu9BX83jQrzj3fZjWteKdWXRlYsCseEzNKnwgc7MjhnmGEzQmc15QNs0plfqxs8MAEKcsZX1bGP873kbvWJMIjnCf3SWaxBQKBgQCh9zt2w19jIewA+vFMbXw7SGk6Hgk6zTlG50YtkMxU/YtJIAFjhUohu8DVkNhDr35x7MLribF1dYu9ueku3ew1CokmLsNkywllAVaebw+0s9qOV9hLLuC989HQxQJPtTj54SrhcPrPTZBYME7G5dqo9PrB3oTnUDoJmoLmOABjawKBgQCeyd12ShpKYHZS4ZvE87OfXanuNfpVxhcXOqYHpQz2W0a+oUu9e78MlwTVooR4O52W/Ohch2FPEzq/1DBjJrK6PrMY8DS018BIVpQ9DS35/Ga9NtSi8DX7jTXacYPwL9n/+//U3vw0mjaoMXgCv44nYu4ro62J6wvVM98hjQmLJw==" ],
"keyUse" : [ "SIG" ],
"certificate" : [ "MIICqTCCAZECBgGBz6+bXzANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1zcGlmZndvcmtmbG93MB4XDTIyMDcwNTE4NDUwMVoXDTMyMDcwNTE4NDY0MVowGDEWMBQGA1UEAwwNc3BpZmZ3b3JrZmxvdzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIpm35htqS96nrFoVK0GskcmAW0RRNFJeSIvwFvCquimnfUdp9rE9gb11p7FgR+iriDVBSc902/oFstt+SctCHZnpMMetyUdtP/2Se3ckPm9YmnZmD6asosRi+za1cUGE9ABBi3A/xcLIfOvRd44H0Lezdeatmq0Zzq1uTTMIviL7R8WUWd1JbsUobrdue+3n/HGpMAr+M6E1dvcvmd14bZSmeFjgrqiBy90kR8DZG/pPHGNBsHPPBR5f4oRUdH1/5XO1tgB0XffHsfIpeJARX0oQWbq/GSxO0FkHV0WNhGGK9w/1uv+cH/0dnwL21Zhs3GBmdqpunfitVx/FVN1/OMCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAaI7BEPZpf4MU7bMWmNgyfRTRDy5wtpyfuLPGHZ9EqtnvwwzsmlmXXsC55SLXx3wJETm+rFqeRFbo/hamlRajzzD317AUpE7nhnONTukmh6UuB8hXoWiQTD+YDYMy8kneSP4zvfm27F+TgUC4cvJSYuWVaCxFx52kxqW1hZkBzYUcfi21Qb1jRrbTbso37BxuVX+GdN015If3DPD6QnAhLPAYEFA9jiL16YeMdWHdvlXXmvriDegMUYQjFYPRh6iPzUEdG6KGHItF4AkOYBQAcoaYhfxpxofVlDdOqMZ/1c7AAbe4lR6/jYQ0CbHwdUu4dzJQe3vxr7GdxcB1ypvXPA==" ],
"priority" : [ "100" ]
}
}, {
"id" : "e16c740d-3ae2-4cc5-a68d-49d99e079672",
"name" : "rsa-enc-generated",
"providerId" : "rsa-enc-generated",
"subComponents" : { },
"config" : {
"privateKey" : [ "MIIEowIBAAKCAQEAsqGsclDQDFSTn8HS1LiiNAnTwn3CS8HXPLDYMHr/jUQ8r5eD+vQY5ICh5V5c8l8J6ydbpzffFEKam54Ypp4yzaWJZ4huYBMf4vL7xrAZ4VXBreu16BIxOrThzrJe9WmI8+Annzo62mNYZbjf4WNpZDURmxZSo7v6Czprd5O6T4N5bxr8sjRRptZR8hxtrRvJnuC0jF+dLHIO5SKR1hUVG/gbpIBqGcsLkNC9nnS6M/N5YFzUIV5JhXo3+mrR/yvw7m+oS5yRsN0raCSXVenNP05Dhsd4FOYqoXBBcdgXXbiDxed0HWB/g5dASqyMydHriddGr8FU0W8/uZmF79wxPwIDAQABAoIBAFsWCaL5Bj1jWytZYDJMO5mhcTN5gPu0ShaObo66CVl1dCRtdEUg9xh9ZxBYf7ivMZWRKjEoUj44gDHd+d/sRyeJw3jhnraqydWl5TC5V1kJq4sN6GH/9M5kscf+OGGXgNgqcsnEnYICqm6kSLTbRkBstx+H0HfhQG09StNcpuIn4MsoMZT8XmZbXRLb3FhfpuTSX3t2nbSDRfUf7LI1EDnFQen/AJAA5lOHthLCdz4Gj1vfalOFjCMYOUWmL/mCDEb38F6QJZxkyhmS/r2kM09PFLOio6z3J8C8mVeq7uao0s5xAKj5SJqx4r+TTvL5aOF8JBWm8Hz1Vcip9/MjsQECgYEA/8Hpb4RggNyn+YzTxqxtPtbLFL0YywtNT+gutmJH1gyTjfx7p3dmA/NsdIeuJmBpZfA7oDXIqfj2M9QLfC5bdKnggQzrIO3BgClI88zOIWd229Bt6D1yx92k4+9eaRwOKBPn8+u0mCk8TBv32ecMLQ9o8AKNIHeCZQjByvOrIMECgYEAss0J3TzrRuEOpnxJ9fNOeB3rNpIFrpNua+oEQI4gDbBvyT7osBKkGqfXJpUQMftr8a6uBHLHV7/Wq6/aRkRhk+aER8h01DUIWGLmbCUdkFSJZ8iObMZQvURtckhzxxhYu0Ybwn0RJg/zzR4onTRO+eL1fTnb5Id55PyPt3Pp0f8CgYEAovDOoP6MYOyzk5h1/7gwrX04ytCicBGWQtdgk0/QBn3ir+3wdcPq2Y+HREKA3/BClfBUfIBnhGqZqHFqk8YQ/CWSY4Vwc30l71neIX0UwlFhdy+2JeSoMM9z0sfYtUxrdHsiJtO/LcXvpWmYIVpC9p4/s9FcShf5mhbXKE7PcsECgYBN7qqvAH94LF4rWJ8QEZWRK1E7Ptg1KFOHu79Qt+HmtZFzwPTA0c8vQxq22V/uuSxqcf2tOK4EZDxYJtTXrbRuN5pOg2PQnrDdfXX7iw3gu8gMMVFKvgGxDSM7HbNBAy6hqcQtuD+CPI/CRrPjGUqXBkKD63UZnacWlLK7fk1a1wKBgExUaqOBKmr0vldVn66E1XzZj4F4+fV5Ggka9289pBNBRlJFD4VmIYkDkOrLimyy2cYeCkocrOvF6HMJqTcOzD50pj44OWkYFRbs6vK0S7iLSX0eR158XOR9C+uZzp1vIA4sYwW3504HVdVoIU5M8ItSgDsFjGnvHopTGu3MBWPT" ],
"keyUse" : [ "ENC" ],
"certificate" : [ "MIICqTCCAZECBgGBz6+byzANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1zcGlmZndvcmtmbG93MB4XDTIyMDcwNTE4NDUwMVoXDTMyMDcwNTE4NDY0MVowGDEWMBQGA1UEAwwNc3BpZmZ3b3JrZmxvdzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALKhrHJQ0AxUk5/B0tS4ojQJ08J9wkvB1zyw2DB6/41EPK+Xg/r0GOSAoeVeXPJfCesnW6c33xRCmpueGKaeMs2liWeIbmATH+Ly+8awGeFVwa3rtegSMTq04c6yXvVpiPPgJ586OtpjWGW43+FjaWQ1EZsWUqO7+gs6a3eTuk+DeW8a/LI0UabWUfIcba0byZ7gtIxfnSxyDuUikdYVFRv4G6SAahnLC5DQvZ50ujPzeWBc1CFeSYV6N/pq0f8r8O5vqEuckbDdK2gkl1XpzT9OQ4bHeBTmKqFwQXHYF124g8XndB1gf4OXQEqsjMnR64nXRq/BVNFvP7mZhe/cMT8CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEArDDC7bYbuBg33PbUQi7P77lV7PuE9uQU1F3HqulhkARQeM/xmBdJRj9CHjj62shkI3An70tJtGBJkVAHltmvjC+A6IDO5I8IbnPkvWJFu9HwphdP/C1HXYmGPPe7yGdKpy6mdCZ+LMZP7BENhOlx9yXLDFYtcGvqZ4u3XvfsLqUsRGqZHNlhVJD13dUbI6pvbwMsb3gIxozgTIa2ySHMbHafln2UQk5jD0eOIVkaNAdlHqMHiBpPjkoVxnhAmJ/dUIAqKBvuIbCOu9N0kOQSl82LqC7CZ21JCyT86Ll3n1RTkxY5G3JzGW4dyJMOGSyVnWaQ9Z+C92ZMFcOt611M2A==" ],
"priority" : [ "100" ],
"algorithm" : [ "RSA-OAEP" ]
}
} ]
},
"internationalizationEnabled" : false,
"supportedLocales" : [ ],
"authenticationFlows" : [ {
"id" : "29b6cb47-f90e-4150-ad22-a51cc15e2b31",
"alias" : "Account verification options",
"description" : "Method with which to verity the existing account",
"providerId" : "basic-flow",
"topLevel" : false,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "idp-email-verification",
"authenticatorFlow" : false,
"requirement" : "ALTERNATIVE",
"priority" : 10,
"autheticatorFlow" : false,
"userSetupAllowed" : false
}, {
"authenticatorFlow" : true,
"requirement" : "ALTERNATIVE",
"priority" : 20,
"autheticatorFlow" : true,
"flowAlias" : "Verify Existing Account by Re-authentication",
"userSetupAllowed" : false
} ]
}, {
"id" : "7a565558-8cb9-428a-b0b0-b2b8e6e27df9",
"alias" : "Authentication Options",
"description" : "Authentication options.",
"providerId" : "basic-flow",
"topLevel" : false,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "basic-auth",
"authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 10,
"autheticatorFlow" : false,
"userSetupAllowed" : false
}, {
"authenticator" : "basic-auth-otp",
"authenticatorFlow" : false,
"requirement" : "DISABLED",
"priority" : 20,
"autheticatorFlow" : false,
"userSetupAllowed" : false
}, {
"authenticator" : "auth-spnego",
"authenticatorFlow" : false,
"requirement" : "DISABLED",
"priority" : 30,
"autheticatorFlow" : false,
"userSetupAllowed" : false
} ]
}, {
"id" : "3399b155-d1f0-445a-b260-d606feb7927d",
"alias" : "Browser - Conditional OTP",
"description" : "Flow to determine if the OTP is required for the authentication",
"providerId" : "basic-flow",
"topLevel" : false,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "conditional-user-configured",
"authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 10,
"autheticatorFlow" : false,
"userSetupAllowed" : false
}, {
"authenticator" : "auth-otp-form",
"authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 20,
"autheticatorFlow" : false,
"userSetupAllowed" : false
} ]
}, {
"id" : "95c39140-3898-4376-bbde-be0063558809",
"alias" : "Direct Grant - Conditional OTP",
"description" : "Flow to determine if the OTP is required for the authentication",
"providerId" : "basic-flow",
"topLevel" : false,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "conditional-user-configured",
"authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 10,
"autheticatorFlow" : false,
"userSetupAllowed" : false
}, {
"authenticator" : "direct-grant-validate-otp",
"authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 20,
"autheticatorFlow" : false,
"userSetupAllowed" : false
} ]
}, {
"id" : "6eed8cb3-f5b4-4e57-b41a-a96cefee2fcf",
"alias" : "First broker login - Conditional OTP",
"description" : "Flow to determine if the OTP is required for the authentication",
"providerId" : "basic-flow",
"topLevel" : false,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "conditional-user-configured",
"authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 10,
"autheticatorFlow" : false,
"userSetupAllowed" : false
}, {
"authenticator" : "auth-otp-form",
"authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 20,
"autheticatorFlow" : false,
"userSetupAllowed" : false
} ]
}, {
"id" : "3c22db0a-477b-40bb-833a-46b0b69992d0",
"alias" : "Handle Existing Account",
"description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider",
"providerId" : "basic-flow",
"topLevel" : false,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "idp-confirm-link",
"authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 10,
"autheticatorFlow" : false,
"userSetupAllowed" : false
}, {
"authenticatorFlow" : true,
"requirement" : "REQUIRED",
"priority" : 20,
"autheticatorFlow" : true,
"flowAlias" : "Account verification options",
"userSetupAllowed" : false
} ]
}, {
"id" : "939c4aad-e96b-4d96-ada1-49a23c645bcb",
"alias" : "Reset - Conditional OTP",
"description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.",
"providerId" : "basic-flow",
"topLevel" : false,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "conditional-user-configured",
"authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 10,
"autheticatorFlow" : false,
"userSetupAllowed" : false
}, {
"authenticator" : "reset-otp",
"authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 20,
"autheticatorFlow" : false,
"userSetupAllowed" : false
} ]
}, {
"id" : "ae08d416-c43f-4dad-a149-356c3f8ae8b9",
"alias" : "User creation or linking",
"description" : "Flow for the existing/non-existing user alternatives",
"providerId" : "basic-flow",
"topLevel" : false,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticatorConfig" : "create unique user config",
"authenticator" : "idp-create-user-if-unique",
"authenticatorFlow" : false,
"requirement" : "ALTERNATIVE",
"priority" : 10,
"autheticatorFlow" : false,
"userSetupAllowed" : false
}, {
"authenticatorFlow" : true,
"requirement" : "ALTERNATIVE",
"priority" : 20,
"autheticatorFlow" : true,
"flowAlias" : "Handle Existing Account",
"userSetupAllowed" : false
} ]
}, {
"id" : "cbea45de-9155-4b5c-a6df-d93a1ffa2621",
"alias" : "Verify Existing Account by Re-authentication",
"description" : "Reauthentication of existing account",
"providerId" : "basic-flow",
"topLevel" : false,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "idp-username-password-form",
"authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 10,
"autheticatorFlow" : false,
"userSetupAllowed" : false
}, {
"authenticatorFlow" : true,
"requirement" : "CONDITIONAL",
"priority" : 20,
"autheticatorFlow" : true,
"flowAlias" : "First broker login - Conditional OTP",
"userSetupAllowed" : false
} ]
}, {
"id" : "21f3ff6b-b2ea-4d86-9d4d-2a2d244043b4",
"alias" : "browser",
"description" : "browser based authentication",
"providerId" : "basic-flow",
"topLevel" : true,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "auth-cookie",
"authenticatorFlow" : false,
"requirement" : "ALTERNATIVE",
"priority" : 10,
"autheticatorFlow" : false,
"userSetupAllowed" : false
}, {
"authenticator" : "auth-spnego",
"authenticatorFlow" : false,
"requirement" : "DISABLED",
"priority" : 20,
"autheticatorFlow" : false,
"userSetupAllowed" : false
}, {
"authenticator" : "identity-provider-redirector",
"authenticatorFlow" : false,
"requirement" : "ALTERNATIVE",
"priority" : 25,
"autheticatorFlow" : false,
"userSetupAllowed" : false
}, {
"authenticatorFlow" : true,
"requirement" : "ALTERNATIVE",
"priority" : 30,
"autheticatorFlow" : true,
"flowAlias" : "forms",
"userSetupAllowed" : false
} ]
}, {
"id" : "6f2dd054-9768-412d-a4d4-6333eb3f85f3",
"alias" : "clients",
"description" : "Base authentication for clients",
"providerId" : "client-flow",
"topLevel" : true,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "client-secret",
"authenticatorFlow" : false,
"requirement" : "ALTERNATIVE",
"priority" : 10,
"autheticatorFlow" : false,
"userSetupAllowed" : false
}, {
"authenticator" : "client-jwt",
"authenticatorFlow" : false,
"requirement" : "ALTERNATIVE",
"priority" : 20,
"autheticatorFlow" : false,
"userSetupAllowed" : false
}, {
"authenticator" : "client-secret-jwt",
"authenticatorFlow" : false,
"requirement" : "ALTERNATIVE",
"priority" : 30,
"autheticatorFlow" : false,
"userSetupAllowed" : false
}, {
"authenticator" : "client-x509",
"authenticatorFlow" : false,
"requirement" : "ALTERNATIVE",
"priority" : 40,
"autheticatorFlow" : false,
"userSetupAllowed" : false
} ]
}, {
"id" : "3a3681cb-5de7-4875-b90f-58d1d07e2bcd",
"alias" : "direct grant",
"description" : "OpenID Connect Resource Owner Grant",
"providerId" : "basic-flow",
"topLevel" : true,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "direct-grant-validate-username",
"authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 10,
"autheticatorFlow" : false,
"userSetupAllowed" : false
}, {
"authenticator" : "direct-grant-validate-password",
"authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 20,
"autheticatorFlow" : false,
"userSetupAllowed" : false
}, {
"authenticatorFlow" : true,
"requirement" : "CONDITIONAL",
"priority" : 30,
"autheticatorFlow" : true,
"flowAlias" : "Direct Grant - Conditional OTP",
"userSetupAllowed" : false
} ]
}, {
"id" : "1c76ce4f-3419-4647-a311-3579390cced3",
"alias" : "docker auth",
"description" : "Used by Docker clients to authenticate against the IDP",
"providerId" : "basic-flow",
"topLevel" : true,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "docker-http-basic-authenticator",
"authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 10,
"autheticatorFlow" : false,
"userSetupAllowed" : false
} ]
}, {
"id" : "079762a1-a1ca-4aaa-beb1-c058ea11d98a",
"alias" : "first broker login",
"description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
"providerId" : "basic-flow",
"topLevel" : true,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticatorConfig" : "review profile config",
"authenticator" : "idp-review-profile",
"authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 10,
"autheticatorFlow" : false,
"userSetupAllowed" : false
}, {
"authenticatorFlow" : true,
"requirement" : "REQUIRED",
"priority" : 20,
"autheticatorFlow" : true,
"flowAlias" : "User creation or linking",
"userSetupAllowed" : false
} ]
}, {
"id" : "04e26750-5823-42b8-b56a-acce89457cb8",
"alias" : "forms",
"description" : "Username, password, otp and other auth forms.",
"providerId" : "basic-flow",
"topLevel" : false,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "auth-username-password-form",
"authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 10,
"autheticatorFlow" : false,
"userSetupAllowed" : false
}, {
"authenticatorFlow" : true,
"requirement" : "CONDITIONAL",
"priority" : 20,
"autheticatorFlow" : true,
"flowAlias" : "Browser - Conditional OTP",
"userSetupAllowed" : false
} ]
}, {
"id" : "564a1742-c2a0-47b6-9c19-59a8a1f9e171",
"alias" : "http challenge",
"description" : "An authentication flow based on challenge-response HTTP Authentication Schemes",
"providerId" : "basic-flow",
"topLevel" : true,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "no-cookie-redirect",
"authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 10,
"autheticatorFlow" : false,
"userSetupAllowed" : false
}, {
"authenticatorFlow" : true,
"requirement" : "REQUIRED",
"priority" : 20,
"autheticatorFlow" : true,
"flowAlias" : "Authentication Options",
"userSetupAllowed" : false
} ]
}, {
"id" : "dd0b51b1-13de-4bf0-a024-bcd74fb9328d",
"alias" : "registration",
"description" : "registration flow",
"providerId" : "basic-flow",
"topLevel" : true,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "registration-page-form",
"authenticatorFlow" : true,
"requirement" : "REQUIRED",
"priority" : 10,
"autheticatorFlow" : true,
"flowAlias" : "registration form",
"userSetupAllowed" : false
} ]
}, {
"id" : "8b17eabe-4ffb-448f-88b2-9cf92e4c4bbd",
"alias" : "registration form",
"description" : "registration form",
"providerId" : "form-flow",
"topLevel" : false,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "registration-user-creation",
"authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 20,
"autheticatorFlow" : false,
"userSetupAllowed" : false
}, {
"authenticator" : "registration-profile-action",
"authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 40,
"autheticatorFlow" : false,
"userSetupAllowed" : false
}, {
"authenticator" : "registration-password-action",
"authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 50,
"autheticatorFlow" : false,
"userSetupAllowed" : false
}, {
"authenticator" : "registration-recaptcha-action",
"authenticatorFlow" : false,
"requirement" : "DISABLED",
"priority" : 60,
"autheticatorFlow" : false,
"userSetupAllowed" : false
} ]
}, {
"id" : "1b5ab651-8ccc-40db-bc74-7da9e0fc4909",
"alias" : "reset credentials",
"description" : "Reset credentials for a user if they forgot their password or something",
"providerId" : "basic-flow",
"topLevel" : true,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "reset-credentials-choose-user",
"authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 10,
"autheticatorFlow" : false,
"userSetupAllowed" : false
}, {
"authenticator" : "reset-credential-email",
"authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 20,
"autheticatorFlow" : false,
"userSetupAllowed" : false
}, {
"authenticator" : "reset-password",
"authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 30,
"autheticatorFlow" : false,
"userSetupAllowed" : false
}, {
"authenticatorFlow" : true,
"requirement" : "CONDITIONAL",
"priority" : 40,
"autheticatorFlow" : true,
"flowAlias" : "Reset - Conditional OTP",
"userSetupAllowed" : false
} ]
}, {
"id" : "1c50ddbb-5e14-43c0-b0ad-a92db16b78c6",
"alias" : "saml ecp",
"description" : "SAML ECP Profile Authentication Flow",
"providerId" : "basic-flow",
"topLevel" : true,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "http-basic-authenticator",
"authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 10,
"autheticatorFlow" : false,
"userSetupAllowed" : false
} ]
} ],
"authenticatorConfig" : [ {
"id" : "99e421d5-9650-46db-8f9c-1363ec50b78e",
"alias" : "create unique user config",
"config" : {
"require.password.update.after.registration" : "false"
}
}, {
"id" : "75a7b814-a012-4941-a768-08162597214c",
"alias" : "review profile config",
"config" : {
"update.profile.on.first.login" : "missing"
}
} ],
"requiredActions" : [ {
"alias" : "CONFIGURE_TOTP",
"name" : "Configure OTP",
"providerId" : "CONFIGURE_TOTP",
"enabled" : true,
"defaultAction" : false,
"priority" : 10,
"config" : { }
}, {
"alias" : "terms_and_conditions",
"name" : "Terms and Conditions",
"providerId" : "terms_and_conditions",
"enabled" : false,
"defaultAction" : false,
"priority" : 20,
"config" : { }
}, {
"alias" : "UPDATE_PASSWORD",
"name" : "Update Password",
"providerId" : "UPDATE_PASSWORD",
"enabled" : true,
"defaultAction" : false,
"priority" : 30,
"config" : { }
}, {
"alias" : "UPDATE_PROFILE",
"name" : "Update Profile",
"providerId" : "UPDATE_PROFILE",
"enabled" : true,
"defaultAction" : false,
"priority" : 40,
"config" : { }
}, {
"alias" : "VERIFY_EMAIL",
"name" : "Verify Email",
"providerId" : "VERIFY_EMAIL",
"enabled" : true,
"defaultAction" : false,
"priority" : 50,
"config" : { }
}, {
"alias" : "delete_account",
"name" : "Delete Account",
"providerId" : "delete_account",
"enabled" : false,
"defaultAction" : false,
"priority" : 60,
"config" : { }
}, {
"alias" : "update_user_locale",
"name" : "Update User Locale",
"providerId" : "update_user_locale",
"enabled" : true,
"defaultAction" : false,
"priority" : 1000,
"config" : { }
} ],
"browserFlow" : "browser",
"registrationFlow" : "registration",
"directGrantFlow" : "direct grant",
"resetCredentialsFlow" : "reset credentials",
"clientAuthenticationFlow" : "clients",
"dockerAuthenticationFlow" : "docker auth",
"attributes" : {
"cibaBackchannelTokenDeliveryMode" : "poll",
"cibaAuthRequestedUserHint" : "login_hint",
"clientOfflineSessionMaxLifespan" : "0",
"oauth2DevicePollingInterval" : "5",
"clientSessionIdleTimeout" : "0",
"actionTokenGeneratedByUserLifespan-execute-actions" : "",
"actionTokenGeneratedByUserLifespan-verify-email" : "",
"clientOfflineSessionIdleTimeout" : "0",
"actionTokenGeneratedByUserLifespan-reset-credentials" : "",
"cibaInterval" : "5",
"cibaExpiresIn" : "120",
"oauth2DeviceCodeLifespan" : "600",
"actionTokenGeneratedByUserLifespan-idp-verify-account-via-email" : "",
"parRequestUriLifespan" : "60",
"clientSessionMaxLifespan" : "0"
},
"keycloakVersion" : "19.0.3",
"userManagedAccessAllowed" : false,
"clientProfiles" : {
"profiles" : [ ]
},
"clientPolicies" : {
"policies" : [ ]
}
}