sartography
/
spiff-arena
mirror of https://github.com/sartography/spiff-arena.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
spiff-arena/spiffworkflow-backend/keycloak/realm_exports/spiffworkflow-2-realm.json

2233 lines
81 KiB
JSON
Raw Normal View History

added spiffworkflow-2 realm based on spiffworkflow realm w/ burnettk
2023-11-28 17:41:16 +00:00
{
"realm" : "spiffworkflow-2",
"notBefore" : 0,
"defaultSignatureAlgorithm" : "RS256",
"revokeRefreshToken" : false,
"refreshTokenMaxReuse" : 0,
"accessTokenLifespan" : 1800,
"accessTokenLifespanForImplicitFlow" : 900,
"ssoSessionIdleTimeout" : 86400,
"ssoSessionMaxLifespan" : 864000,
"ssoSessionIdleTimeoutRememberMe" : 0,
"ssoSessionMaxLifespanRememberMe" : 0,
"offlineSessionIdleTimeout" : 2592000,
"offlineSessionMaxLifespanEnabled" : false,
"offlineSessionMaxLifespan" : 5184000,
"clientSessionIdleTimeout" : 0,
"clientSessionMaxLifespan" : 0,
"clientOfflineSessionIdleTimeout" : 0,
"clientOfflineSessionMaxLifespan" : 0,
"accessCodeLifespan" : 60,
"accessCodeLifespanUserAction" : 300,
"accessCodeLifespanLogin" : 1800,
"actionTokenGeneratedByAdminLifespan" : 43200,
"actionTokenGeneratedByUserLifespan" : 300,
"oauth2DeviceCodeLifespan" : 600,
"oauth2DevicePollingInterval" : 5,
"enabled" : true,
"sslRequired" : "external",
"registrationAllowed" : false,
"registrationEmailAsUsername" : false,
"rememberMe" : false,
"verifyEmail" : false,
"loginWithEmailAllowed" : true,
"duplicateEmailsAllowed" : false,
"resetPasswordAllowed" : false,
"editUsernameAllowed" : false,
"bruteForceProtected" : false,
"permanentLockout" : false,
"maxFailureWaitSeconds" : 900,
"minimumQuickLoginWaitSeconds" : 60,
"waitIncrementSeconds" : 60,
"quickLoginCheckMilliSeconds" : 1000,
"maxDeltaTimeSeconds" : 43200,
"failureFactor" : 30,
"roles" : {
"realm" : [ {
"name" : "default-roles-spiffworkflow",
"description" : "${role_default-roles}",
"composite" : true,
"composites" : {
"realm" : [ "offline_access", "uma_authorization" ],
"client" : {
"account" : [ "view-profile", "manage-account" ]
}
},
"clientRole" : false,
"containerId" : "spiffworkflow-2",
"attributes" : { }
}, {
"name" : "uma_authorization",
"description" : "${role_uma_authorization}",
"composite" : false,
"clientRole" : false,
"containerId" : "spiffworkflow-2",
"attributes" : { }
}, {
"name" : "admin",
"composite" : false,
"clientRole" : false,
"containerId" : "spiffworkflow-2",
"attributes" : { }
}, {
"name" : "repeat-form-role-realm",
"composite" : false,
"clientRole" : false,
"containerId" : "spiffworkflow-2",
"attributes" : { }
}, {
"name" : "offline_access",
"description" : "${role_offline-access}",
"composite" : false,
"clientRole" : false,
"containerId" : "spiffworkflow-2",
"attributes" : { }
} ],
"client" : {
"realm-management" : [ {
"name" : "manage-authorization",
"description" : "${role_manage-authorization}",
"composite" : false,
"clientRole" : true,
"containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2",
"attributes" : { }
}, {
"name" : "view-authorization",
"description" : "${role_view-authorization}",
"composite" : false,
"clientRole" : true,
"containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2",
"attributes" : { }
}, {
"name" : "query-groups",
"description" : "${role_query-groups}",
"composite" : false,
"clientRole" : true,
"containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2",
"attributes" : { }
}, {
"name" : "realm-admin",
"description" : "${role_realm-admin}",
"composite" : true,
"composites" : {
"client" : {
"realm-management" : [ "manage-authorization", "view-authorization", "query-groups", "view-clients", "view-realm", "manage-users", "query-users", "impersonation", "manage-clients", "view-identity-providers", "create-client", "query-realms", "view-users", "view-events", "manage-identity-providers", "manage-events", "query-clients", "manage-realm" ]
}
},
"clientRole" : true,
"containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2",
"attributes" : { }
}, {
"name" : "view-clients",
"description" : "${role_view-clients}",
"composite" : true,
"composites" : {
"client" : {
"realm-management" : [ "query-clients" ]
}
},
"clientRole" : true,
"containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2",
"attributes" : { }
}, {
"name" : "manage-users",
"description" : "${role_manage-users}",
"composite" : false,
"clientRole" : true,
"containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2",
"attributes" : { }
}, {
"name" : "view-realm",
"description" : "${role_view-realm}",
"composite" : false,
"clientRole" : true,
"containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2",
"attributes" : { }
}, {
"name" : "impersonation",
"description" : "${role_impersonation}",
"composite" : false,
"clientRole" : true,
"containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2",
"attributes" : { }
}, {
"name" : "query-users",
"description" : "${role_query-users}",
"composite" : false,
"clientRole" : true,
"containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2",
"attributes" : { }
}, {
"name" : "manage-clients",
"description" : "${role_manage-clients}",
"composite" : false,
"clientRole" : true,
"containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2",
"attributes" : { }
}, {
"name" : "create-client",
"description" : "${role_create-client}",
"composite" : false,
"clientRole" : true,
"containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2",
"attributes" : { }
}, {
"name" : "query-realms",
"description" : "${role_query-realms}",
"composite" : false,
"clientRole" : true,
"containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2",
"attributes" : { }
}, {
"name" : "view-identity-providers",
"description" : "${role_view-identity-providers}",
"composite" : false,
"clientRole" : true,
"containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2",
"attributes" : { }
}, {
"name" : "view-users",
"description" : "${role_view-users}",
"composite" : true,
"composites" : {
"client" : {
"realm-management" : [ "query-groups", "query-users" ]
}
},
"clientRole" : true,
"containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2",
"attributes" : { }
}, {
"name" : "view-events",
"description" : "${role_view-events}",
"composite" : false,
"clientRole" : true,
"containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2",
"attributes" : { }
}, {
"name" : "manage-events",
"description" : "${role_manage-events}",
"composite" : false,
"clientRole" : true,
"containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2",
"attributes" : { }
}, {
"name" : "manage-identity-providers",
"description" : "${role_manage-identity-providers}",
"composite" : false,
"clientRole" : true,
"containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2",
"attributes" : { }
}, {
"name" : "query-clients",
"description" : "${role_query-clients}",
"composite" : false,
"clientRole" : true,
"containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2",
"attributes" : { }
}, {
"name" : "manage-realm",
"description" : "${role_manage-realm}",
"composite" : false,
"clientRole" : true,
"containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2",
"attributes" : { }
} ],
"spiffworkflow-frontend" : [ ],
"security-admin-console" : [ ],
"admin-cli" : [ ],
"spiffworkflow-backend" : [ {
"name" : "spiffworkflow-admin",
"composite" : false,
"clientRole" : true,
"containerId" : "f44558af-3601-4e54-b854-08396a247544",
"attributes" : { }
}, {
"name" : "uma_protection",
"composite" : false,
"clientRole" : true,
"containerId" : "f44558af-3601-4e54-b854-08396a247544",
"attributes" : { }
}, {
"name" : "repeat-form-role-2",
"composite" : false,
"clientRole" : true,
"containerId" : "f44558af-3601-4e54-b854-08396a247544",
"attributes" : {
"repeat-form-role-2-att-key" : [ "repeat-form-role-2-att-value" ]
}
} ],
"withAuth" : [ {
"name" : "uma_protection",
"composite" : false,
"clientRole" : true,
"containerId" : "5d94a8c3-f56b-4eff-ac39-8580053a7fbe",
"attributes" : { }
} ],
"broker" : [ {
"name" : "read-token",
"description" : "${role_read-token}",
"composite" : false,
"clientRole" : true,
"containerId" : "55d75754-cf1b-4875-bf3e-15add4be8c99",
"attributes" : { }
} ],
"account" : [ {
"name" : "delete-account",
"description" : "${role_delete-account}",
"composite" : false,
"clientRole" : true,
"containerId" : "e39b3c85-bb9d-4c73-8250-be087c82ae48",
"attributes" : { }
}, {
"name" : "manage-consent",
"description" : "${role_manage-consent}",
"composite" : true,
"composites" : {
"client" : {
"account" : [ "view-consent" ]
}
},
"clientRole" : true,
"containerId" : "e39b3c85-bb9d-4c73-8250-be087c82ae48",
"attributes" : { }
}, {
"name" : "view-consent",
"description" : "${role_view-consent}",
"composite" : false,
"clientRole" : true,
"containerId" : "e39b3c85-bb9d-4c73-8250-be087c82ae48",
"attributes" : { }
}, {
"name" : "manage-account-links",
"description" : "${role_manage-account-links}",
"composite" : false,
"clientRole" : true,
"containerId" : "e39b3c85-bb9d-4c73-8250-be087c82ae48",
"attributes" : { }
}, {
"name" : "view-profile",
"description" : "${role_view-profile}",
"composite" : false,
"clientRole" : true,
"containerId" : "e39b3c85-bb9d-4c73-8250-be087c82ae48",
"attributes" : { }
}, {
"name" : "manage-account",
"description" : "${role_manage-account}",
"composite" : true,
"composites" : {
"client" : {
"account" : [ "manage-account-links" ]
}
},
"clientRole" : true,
"containerId" : "e39b3c85-bb9d-4c73-8250-be087c82ae48",
"attributes" : { }
}, {
"name" : "view-groups",
"description" : "${role_view-groups}",
"composite" : false,
"clientRole" : true,
"containerId" : "e39b3c85-bb9d-4c73-8250-be087c82ae48",
"attributes" : { }
}, {
"name" : "view-applications",
"description" : "${role_view-applications}",
"composite" : false,
"clientRole" : true,
"containerId" : "e39b3c85-bb9d-4c73-8250-be087c82ae48",
"attributes" : { }
} ]
}
},
"groups" : [ ],
"defaultRole" : {
"name" : "default-roles-spiffworkflow",
"description" : "${role_default-roles}",
"composite" : true,
"clientRole" : false,
"containerId" : "spiffworkflow-2"
},
"requiredCredentials" : [ "password" ],
"otpPolicyType" : "totp",
"otpPolicyAlgorithm" : "HmacSHA1",
"otpPolicyInitialCounter" : 0,
"otpPolicyDigits" : 6,
"otpPolicyLookAheadWindow" : 1,
"otpPolicyPeriod" : 30,
"otpPolicyCodeReusable" : false,
"otpSupportedApplications" : [ "totpAppFreeOTPName", "totpAppGoogleName" ],
"webAuthnPolicyRpEntityName" : "keycloak",
"webAuthnPolicySignatureAlgorithms" : [ "ES256" ],
"webAuthnPolicyRpId" : "",
"webAuthnPolicyAttestationConveyancePreference" : "not specified",
"webAuthnPolicyAuthenticatorAttachment" : "not specified",
"webAuthnPolicyRequireResidentKey" : "not specified",
"webAuthnPolicyUserVerificationRequirement" : "not specified",
"webAuthnPolicyCreateTimeout" : 0,
"webAuthnPolicyAvoidSameAuthenticatorRegister" : false,
"webAuthnPolicyAcceptableAaguids" : [ ],
"webAuthnPolicyPasswordlessRpEntityName" : "keycloak",
"webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ],
"webAuthnPolicyPasswordlessRpId" : "",
"webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified",
"webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified",
"webAuthnPolicyPasswordlessRequireResidentKey" : "not specified",
"webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified",
"webAuthnPolicyPasswordlessCreateTimeout" : 0,
"webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false,
"webAuthnPolicyPasswordlessAcceptableAaguids" : [ ],
"users" : [ {
"createdTimestamp" : 1676302139599,
"username" : "admin",
"enabled" : true,
"totp" : false,
"emailVerified" : false,
"email" : "admin@spiffworkflow.org",
"credentials" : [ {
"type" : "password",
"createdDate" : 1676302139645,
"secretData" : "{\"value\":\"P6nrEJgmgdL+HbNA9tPkOyHYaLAqLg6cXh27ACgVQiOox4qwNE8Iv1L4ssispV4gsmuHiY+alio/2UMuyMGvEw==\",\"salt\":\"g214ckcAyig59U/3Oqwq4w==\",\"additionalParameters\":{}}",
"credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
} ],
"disableableCredentialTypes" : [ ],
"requiredActions" : [ ],
"realmRoles" : [ "default-roles-spiffworkflow" ],
"clientRoles" : {
"realm-management" : [ "realm-admin" ]
},
"notBefore" : 0,
"groups" : [ ]
}],
"scopeMappings" : [ {
"clientScope" : "offline_access",
"roles" : [ "offline_access" ]
} ],
"clients" : [ {
"clientId" : "account",
"name" : "${client_account}",
"rootUrl" : "${authBaseUrl}",
"baseUrl" : "/realms/spiffworkflow/account/",
"surrogateAuthRequired" : false,
"enabled" : false,
"alwaysDisplayInConsole" : false,
"clientAuthenticatorType" : "client-secret",
"redirectUris" : [ "/realms/spiffworkflow/account/*" ],
"webOrigins" : [ ],
"notBefore" : 0,
"bearerOnly" : false,
"consentRequired" : false,
"standardFlowEnabled" : true,
"implicitFlowEnabled" : false,
"directAccessGrantsEnabled" : false,
"serviceAccountsEnabled" : false,
"publicClient" : true,
"frontchannelLogout" : false,
"protocol" : "openid-connect",
"attributes" : {
"saml.force.post.binding" : "false",
"saml.multivalued.roles" : "false",
"frontchannel.logout.session.required" : "false",
"post.logout.redirect.uris" : "+",
"oauth2.device.authorization.grant.enabled" : "false",
"backchannel.logout.revoke.offline.tokens" : "false",
"saml.server.signature.keyinfo.ext" : "false",
"use.refresh.tokens" : "true",
"oidc.ciba.grant.enabled" : "false",
"backchannel.logout.session.required" : "false",
"client_credentials.use_refresh_token" : "false",
"require.pushed.authorization.requests" : "false",
"saml.client.signature" : "false",
"saml.allow.ecp.flow" : "false",
"id.token.as.detached.signature" : "false",
"saml.assertion.signature" : "false",
"saml.encrypt" : "false",
"saml.server.signature" : "false",
"exclude.session.state.from.auth.response" : "false",
"saml.artifact.binding" : "false",
"saml_force_name_id_format" : "false",
"acr.loa.map" : "{}",
"tls.client.certificate.bound.access.tokens" : "false",
"saml.authnstatement" : "false",
"display.on.consent.screen" : "false",
"token.response.type.bearer.lower-case" : "false",
"saml.onetimeuse.condition" : "false"
},
"authenticationFlowBindingOverrides" : { },
"fullScopeAllowed" : false,
"nodeReRegistrationTimeout" : 0,
"defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ],
"optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
}, {
"clientId" : "admin-cli",
"name" : "${client_admin-cli}",
"description" : "",
"rootUrl" : "",
"adminUrl" : "",
"baseUrl" : "",
"surrogateAuthRequired" : false,
"enabled" : true,
"alwaysDisplayInConsole" : false,
"clientAuthenticatorType" : "client-secret",
"redirectUris" : [ ],
"webOrigins" : [ ],
"notBefore" : 0,
"bearerOnly" : false,
"consentRequired" : false,
"standardFlowEnabled" : false,
"implicitFlowEnabled" : false,
"directAccessGrantsEnabled" : true,
"serviceAccountsEnabled" : false,
"publicClient" : true,
"frontchannelLogout" : false,
"protocol" : "openid-connect",
"attributes" : {
"saml.force.post.binding" : "false",
"saml.multivalued.roles" : "false",
"frontchannel.logout.session.required" : "false",
"post.logout.redirect.uris" : "+",
"oauth2.device.authorization.grant.enabled" : "false",
"backchannel.logout.revoke.offline.tokens" : "false",
"saml.server.signature.keyinfo.ext" : "false",
"use.refresh.tokens" : "true",
"oidc.ciba.grant.enabled" : "false",
"backchannel.logout.session.required" : "false",
"client_credentials.use_refresh_token" : "false",
"require.pushed.authorization.requests" : "false",
"saml.client.signature" : "false",
"saml.allow.ecp.flow" : "false",
"id.token.as.detached.signature" : "false",
"saml.assertion.signature" : "false",
"saml.encrypt" : "false",
"saml.server.signature" : "false",
"exclude.session.state.from.auth.response" : "false",
"saml.artifact.binding" : "false",
"saml_force_name_id_format" : "false",
"acr.loa.map" : "{}",
"tls.client.certificate.bound.access.tokens" : "false",
"saml.authnstatement" : "false",
"display.on.consent.screen" : "false",
"token.response.type.bearer.lower-case" : "false",
"saml.onetimeuse.condition" : "false"
},
"authenticationFlowBindingOverrides" : { },
"fullScopeAllowed" : false,
"nodeReRegistrationTimeout" : 0,
"defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ],
"optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
}, {
"clientId" : "broker",
"name" : "${client_broker}",
"surrogateAuthRequired" : false,
"enabled" : false,
"alwaysDisplayInConsole" : false,
"clientAuthenticatorType" : "client-secret",
"redirectUris" : [ ],
"webOrigins" : [ ],
"notBefore" : 0,
"bearerOnly" : true,
"consentRequired" : false,
"standardFlowEnabled" : true,
"implicitFlowEnabled" : false,
"directAccessGrantsEnabled" : false,
"serviceAccountsEnabled" : false,
"publicClient" : false,
"frontchannelLogout" : false,
"protocol" : "openid-connect",
"attributes" : {
"saml.force.post.binding" : "false",
"saml.multivalued.roles" : "false",
"frontchannel.logout.session.required" : "false",
"post.logout.redirect.uris" : "+",
"oauth2.device.authorization.grant.enabled" : "false",
"backchannel.logout.revoke.offline.tokens" : "false",
"saml.server.signature.keyinfo.ext" : "false",
"use.refresh.tokens" : "true",
"oidc.ciba.grant.enabled" : "false",
"backchannel.logout.session.required" : "false",
"client_credentials.use_refresh_token" : "false",
"require.pushed.authorization.requests" : "false",
"saml.client.signature" : "false",
"saml.allow.ecp.flow" : "false",
"id.token.as.detached.signature" : "false",
"saml.assertion.signature" : "false",
"saml.encrypt" : "false",
"saml.server.signature" : "false",
"exclude.session.state.from.auth.response" : "false",
"saml.artifact.binding" : "false",
"saml_force_name_id_format" : "false",
"acr.loa.map" : "{}",
"tls.client.certificate.bound.access.tokens" : "false",
"saml.authnstatement" : "false",
"display.on.consent.screen" : "false",
"token.response.type.bearer.lower-case" : "false",
"saml.onetimeuse.condition" : "false"
},
"authenticationFlowBindingOverrides" : { },
"fullScopeAllowed" : false,
"nodeReRegistrationTimeout" : 0,
"defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ],
"optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
}, {
"clientId" : "realm-management",
"name" : "${client_realm-management}",
"surrogateAuthRequired" : false,
"enabled" : false,
"alwaysDisplayInConsole" : false,
"clientAuthenticatorType" : "client-secret",
"redirectUris" : [ ],
"webOrigins" : [ ],
"notBefore" : 0,
"bearerOnly" : true,
"consentRequired" : false,
"standardFlowEnabled" : true,
"implicitFlowEnabled" : false,
"directAccessGrantsEnabled" : false,
"serviceAccountsEnabled" : false,
"publicClient" : false,
"frontchannelLogout" : false,
"protocol" : "openid-connect",
"attributes" : {
"saml.force.post.binding" : "false",
"saml.multivalued.roles" : "false",
"frontchannel.logout.session.required" : "false",
"post.logout.redirect.uris" : "+",
"oauth2.device.authorization.grant.enabled" : "false",
"backchannel.logout.revoke.offline.tokens" : "false",
"saml.server.signature.keyinfo.ext" : "false",
"use.refresh.tokens" : "true",
"oidc.ciba.grant.enabled" : "false",
"backchannel.logout.session.required" : "false",
"client_credentials.use_refresh_token" : "false",
"require.pushed.authorization.requests" : "false",
"saml.client.signature" : "false",
"saml.allow.ecp.flow" : "false",
"id.token.as.detached.signature" : "false",
"saml.assertion.signature" : "false",
"saml.encrypt" : "false",
"saml.server.signature" : "false",
"exclude.session.state.from.auth.response" : "false",
"saml.artifact.binding" : "false",
"saml_force_name_id_format" : "false",
"acr.loa.map" : "{}",
"tls.client.certificate.bound.access.tokens" : "false",
"saml.authnstatement" : "false",
"display.on.consent.screen" : "false",
"token.response.type.bearer.lower-case" : "false",
"saml.onetimeuse.condition" : "false"
},
"authenticationFlowBindingOverrides" : { },
"fullScopeAllowed" : false,
"nodeReRegistrationTimeout" : 0,
"defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ],
"optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
}, {
"clientId" : "security-admin-console",
"name" : "${client_security-admin-console}",
"rootUrl" : "${authAdminUrl}",
"baseUrl" : "/admin/spiffworkflow/console/",
"surrogateAuthRequired" : false,
"enabled" : false,
"alwaysDisplayInConsole" : false,
"clientAuthenticatorType" : "client-secret",
"redirectUris" : [ "/admin/spiffworkflow/console/*" ],
"webOrigins" : [ "+" ],
"notBefore" : 0,
"bearerOnly" : false,
"consentRequired" : false,
"standardFlowEnabled" : true,
"implicitFlowEnabled" : false,
"directAccessGrantsEnabled" : false,
"serviceAccountsEnabled" : false,
"publicClient" : true,
"frontchannelLogout" : false,
"protocol" : "openid-connect",
"attributes" : {
"saml.force.post.binding" : "false",
"saml.multivalued.roles" : "false",
"frontchannel.logout.session.required" : "false",
"post.logout.redirect.uris" : "+",
"oauth2.device.authorization.grant.enabled" : "false",
"backchannel.logout.revoke.offline.tokens" : "false",
"saml.server.signature.keyinfo.ext" : "false",
"use.refresh.tokens" : "true",
"oidc.ciba.grant.enabled" : "false",
"backchannel.logout.session.required" : "false",
"client_credentials.use_refresh_token" : "false",
"require.pushed.authorization.requests" : "false",
"saml.client.signature" : "false",
"pkce.code.challenge.method" : "S256",
"saml.allow.ecp.flow" : "false",
"id.token.as.detached.signature" : "false",
"saml.assertion.signature" : "false",
"saml.encrypt" : "false",
"saml.server.signature" : "false",
"exclude.session.state.from.auth.response" : "false",
"saml.artifact.binding" : "false",
"saml_force_name_id_format" : "false",
"acr.loa.map" : "{}",
"tls.client.certificate.bound.access.tokens" : "false",
"saml.authnstatement" : "false",
"display.on.consent.screen" : "false",
"token.response.type.bearer.lower-case" : "false",
"saml.onetimeuse.condition" : "false"
},
"authenticationFlowBindingOverrides" : { },
"fullScopeAllowed" : false,
"nodeReRegistrationTimeout" : 0,
"protocolMappers" : [ {
"name" : "locale",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-attribute-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "locale",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "locale",
"jsonType.label" : "String"
}
} ],
"defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ],
"optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
}, {
"clientId" : "spiffworkflow-backend",
"name" : "",
"description" : "",
"rootUrl" : "",
"adminUrl" : "",
"baseUrl" : "",
"surrogateAuthRequired" : false,
"enabled" : true,
"alwaysDisplayInConsole" : false,
"clientAuthenticatorType" : "client-secret",
"secret" : "JXeQExm0JhQPLumgHtIIqf52bDalHz0q",
"redirectUris" : [ "http://localhost:7000/*", "https://replace-me-with-spiff-backend-host-and-path/*", "http://67.205.133.116:7000/*", "http://167.172.242.138:7000/*" ],
"webOrigins" : [ ],
"notBefore" : 0,
"bearerOnly" : false,
"consentRequired" : false,
"standardFlowEnabled" : true,
"implicitFlowEnabled" : false,
"directAccessGrantsEnabled" : true,
"serviceAccountsEnabled" : true,
"authorizationServicesEnabled" : true,
"publicClient" : false,
"frontchannelLogout" : false,
"protocol" : "openid-connect",
"attributes" : {
"saml.force.post.binding" : "false",
"saml.multivalued.roles" : "false",
"frontchannel.logout.session.required" : "false",
"post.logout.redirect.uris" : "https://replace-me-with-spiff-frontend-host-and-path/*##http://localhost:7001/*",
"oauth2.device.authorization.grant.enabled" : "false",
"backchannel.logout.revoke.offline.tokens" : "false",
"saml.server.signature.keyinfo.ext" : "false",
"use.refresh.tokens" : "true",
"oidc.ciba.grant.enabled" : "false",
"backchannel.logout.session.required" : "true",
"client_credentials.use_refresh_token" : "false",
"require.pushed.authorization.requests" : "false",
"saml.client.signature" : "false",
"saml.allow.ecp.flow" : "false",
"id.token.as.detached.signature" : "false",
"saml.assertion.signature" : "false",
"client.secret.creation.time" : "1657115173",
"saml.encrypt" : "false",
"saml.server.signature" : "false",
"exclude.session.state.from.auth.response" : "false",
"saml.artifact.binding" : "false",
"saml_force_name_id_format" : "false",
"acr.loa.map" : "{}",
"tls.client.certificate.bound.access.tokens" : "false",
"saml.authnstatement" : "false",
"display.on.consent.screen" : "false",
"token.response.type.bearer.lower-case" : "false",
"saml.onetimeuse.condition" : "false"
},
"authenticationFlowBindingOverrides" : { },
"fullScopeAllowed" : true,
"nodeReRegistrationTimeout" : -1,
"protocolMappers" : [ {
"name" : "Client IP Address",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usersessionmodel-note-mapper",
"consentRequired" : false,
"config" : {
"user.session.note" : "clientAddress",
"userinfo.token.claim" : "true",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "clientAddress",
"jsonType.label" : "String"
}
}, {
"name" : "Client Host",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usersessionmodel-note-mapper",
"consentRequired" : false,
"config" : {
"user.session.note" : "clientHost",
"userinfo.token.claim" : "true",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "clientHost",
"jsonType.label" : "String"
}
}, {
"name" : "Client ID",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usersessionmodel-note-mapper",
"consentRequired" : false,
"config" : {
"user.session.note" : "clientId",
"userinfo.token.claim" : "true",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "clientId",
"jsonType.label" : "String"
}
}, {
"name" : "spiffworkflow-employeeid",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-attribute-mapper",
"consentRequired" : false,
"config" : {
"aggregate.attrs" : "false",
"userinfo.token.claim" : "true",
"multivalued" : "false",
"user.attribute" : "spiffworkflow-employeeid",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "spiffworkflow-employeeid"
}
} ],
"defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ],
"optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ],
"authorizationSettings" : {
"allowRemoteResourceManagement" : true,
"policyEnforcementMode" : "ENFORCING",
"resources" : [ {
"name" : "everything",
"ownerManagedAccess" : false,
"attributes" : { },
"uris" : [ "/*" ],
"scopes" : [ {
"name" : "read"
}, {
"name" : "update"
}, {
"name" : "delete"
}, {
"name" : "instantiate"
} ]
}, {
"name" : "Default Resource",
"type" : "urn:spiffworkflow-backend:resources:default",
"ownerManagedAccess" : false,
"attributes" : { },
"uris" : [ "/*" ]
}, {
"name" : "process-model-with-repeating-form-crud",
"type" : "process-model",
"ownerManagedAccess" : false,
"displayName" : "process-model-with-repeating-form-crud",
"attributes" : {
"test_resource_att1" : [ "this_is_the_value" ]
},
"uris" : [ "/process-models/category_number_one/process-model-with-repeating-form" ],
"scopes" : [ {
"name" : "read"
}, {
"name" : "update"
}, {
"name" : "delete"
}, {
"name" : "instantiate"
} ]
} ],
"policies" : [ {
"name" : "repeat-form-role-policy",
"type" : "role",
"logic" : "POSITIVE",
"decisionStrategy" : "UNANIMOUS",
"config" : {
"roles" : "[{\"id\":\"spiffworkflow-backend/repeat-form-role-2\",\"required\":false}]"
}
}, {
"name" : "admins have everything",
"type" : "role",
"logic" : "POSITIVE",
"decisionStrategy" : "UNANIMOUS",
"config" : {
"roles" : "[{\"id\":\"spiffworkflow-backend/spiffworkflow-admin\",\"required\":false}]"
}
}, {
"name" : "Default Policy",
"description" : "A policy that grants access only for users within this realm",
"type" : "role",
"logic" : "POSITIVE",
"decisionStrategy" : "AFFIRMATIVE",
"config" : {
"roles" : "[{\"id\":\"spiffworkflow-backend/repeat-form-role-2\",\"required\":false}]"
}
}, {
"name" : "repeat-form-read",
"type" : "scope",
"logic" : "POSITIVE",
"decisionStrategy" : "UNANIMOUS",
"config" : {
"resources" : "[\"process-model-with-repeating-form-crud\"]",
"scopes" : "[\"read\"]",
"applyPolicies" : "[\"repeat-form-role-policy\"]"
}
}, {
"name" : "all_permissions",
"type" : "resource",
"logic" : "POSITIVE",
"decisionStrategy" : "UNANIMOUS",
"config" : {
"resources" : "[\"everything\"]",
"applyPolicies" : "[\"admins have everything\"]"
}
}, {
"name" : "Default Permission",
"description" : "A permission that applies to the default resource type",
"type" : "resource",
"logic" : "POSITIVE",
"decisionStrategy" : "UNANIMOUS",
"config" : {
"defaultResourceType" : "urn:spiffworkflow-backend:resources:default",
"applyPolicies" : "[\"Default Policy\"]"
}
} ],
"scopes" : [ {
"name" : "read",
"displayName" : "read"
}, {
"name" : "update",
"displayName" : "update"
}, {
"name" : "delete",
"displayName" : "delete"
}, {
"name" : "instantiate",
"displayName" : "instantiate"
} ],
"decisionStrategy" : "UNANIMOUS"
}
}, {
"clientId" : "spiffworkflow-frontend",
"surrogateAuthRequired" : false,
"enabled" : true,
"alwaysDisplayInConsole" : false,
"clientAuthenticatorType" : "client-secret",
"redirectUris" : [ "https://api.unused-for-local-dev.spiffworkflow.org/*", "http://localhost:7001/*", "http://67.205.133.116:7000/*", "http://167.172.242.138:7001/*", "https://api.demo.spiffworkflow.org/*" ],
"webOrigins" : [ "*" ],
"notBefore" : 0,
"bearerOnly" : false,
"consentRequired" : false,
"standardFlowEnabled" : true,
"implicitFlowEnabled" : false,
"directAccessGrantsEnabled" : true,
"serviceAccountsEnabled" : false,
"publicClient" : true,
"frontchannelLogout" : false,
"protocol" : "openid-connect",
"attributes" : {
"saml.force.post.binding" : "false",
"saml.multivalued.roles" : "false",
"frontchannel.logout.session.required" : "false",
"post.logout.redirect.uris" : "+",
"oauth2.device.authorization.grant.enabled" : "false",
"backchannel.logout.revoke.offline.tokens" : "false",
"saml.server.signature.keyinfo.ext" : "false",
"use.refresh.tokens" : "true",
"oidc.ciba.grant.enabled" : "false",
"backchannel.logout.session.required" : "true",
"client_credentials.use_refresh_token" : "false",
"require.pushed.authorization.requests" : "false",
"saml.client.signature" : "false",
"saml.allow.ecp.flow" : "false",
"id.token.as.detached.signature" : "false",
"saml.assertion.signature" : "false",
"saml.encrypt" : "false",
"saml.server.signature" : "false",
"exclude.session.state.from.auth.response" : "false",
"saml.artifact.binding" : "false",
"saml_force_name_id_format" : "false",
"acr.loa.map" : "{}",
"tls.client.certificate.bound.access.tokens" : "false",
"saml.authnstatement" : "false",
"display.on.consent.screen" : "false",
"token.response.type.bearer.lower-case" : "false",
"saml.onetimeuse.condition" : "false"
},
"authenticationFlowBindingOverrides" : { },
"fullScopeAllowed" : true,
"nodeReRegistrationTimeout" : -1,
"defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ],
"optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
}, {
"clientId" : "withAuth",
"surrogateAuthRequired" : false,
"enabled" : true,
"alwaysDisplayInConsole" : false,
"clientAuthenticatorType" : "client-secret",
"secret" : "6o8kIKQznQtejHOdRhWeKorBJclMGcgA",
"redirectUris" : [ "https://api.unused-for-local-dev.spiffworkflow.org/*", "http://localhost:7001/*", "http://67.205.133.116:7000/*", "http://167.172.242.138:7001/*", "https://api.demo.spiffworkflow.org/*" ],
"webOrigins" : [ ],
"notBefore" : 0,
"bearerOnly" : false,
"consentRequired" : false,
"standardFlowEnabled" : true,
"implicitFlowEnabled" : false,
"directAccessGrantsEnabled" : true,
"serviceAccountsEnabled" : true,
"authorizationServicesEnabled" : true,
"publicClient" : false,
"frontchannelLogout" : false,
"protocol" : "openid-connect",
"attributes" : {
"saml.force.post.binding" : "false",
"saml.multivalued.roles" : "false",
"frontchannel.logout.session.required" : "false",
"post.logout.redirect.uris" : "+",
"oauth2.device.authorization.grant.enabled" : "false",
"backchannel.logout.revoke.offline.tokens" : "false",
"saml.server.signature.keyinfo.ext" : "false",
"use.refresh.tokens" : "true",
"oidc.ciba.grant.enabled" : "false",
"backchannel.logout.session.required" : "true",
"client_credentials.use_refresh_token" : "false",
"require.pushed.authorization.requests" : "false",
"saml.client.signature" : "false",
"saml.allow.ecp.flow" : "false",
"id.token.as.detached.signature" : "false",
"saml.assertion.signature" : "false",
"client.secret.creation.time" : "1657055472",
"saml.encrypt" : "false",
"saml.server.signature" : "false",
"exclude.session.state.from.auth.response" : "false",
"saml.artifact.binding" : "false",
"saml_force_name_id_format" : "false",
"acr.loa.map" : "{}",
"tls.client.certificate.bound.access.tokens" : "false",
"saml.authnstatement" : "false",
"display.on.consent.screen" : "false",
"token.response.type.bearer.lower-case" : "false",
"saml.onetimeuse.condition" : "false"
},
"authenticationFlowBindingOverrides" : { },
"fullScopeAllowed" : true,
"nodeReRegistrationTimeout" : -1,
"protocolMappers" : [ {
"name" : "Client ID",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usersessionmodel-note-mapper",
"consentRequired" : false,
"config" : {
"user.session.note" : "clientId",
"userinfo.token.claim" : "true",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "clientId",
"jsonType.label" : "String"
}
}, {
"name" : "Client Host",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usersessionmodel-note-mapper",
"consentRequired" : false,
"config" : {
"user.session.note" : "clientHost",
"userinfo.token.claim" : "true",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "clientHost",
"jsonType.label" : "String"
}
}, {
"name" : "Client IP Address",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usersessionmodel-note-mapper",
"consentRequired" : false,
"config" : {
"user.session.note" : "clientAddress",
"userinfo.token.claim" : "true",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "clientAddress",
"jsonType.label" : "String"
}
} ],
"defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ],
"optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ],
"authorizationSettings" : {
"allowRemoteResourceManagement" : true,
"policyEnforcementMode" : "ENFORCING",
"resources" : [ {
"name" : "Default Resource",
"type" : "urn:withAuth:resources:default",
"ownerManagedAccess" : false,
"attributes" : { },
"uris" : [ "/*" ]
} ],
"policies" : [ {
"name" : "Default Policy",
"description" : "A policy that grants access only for users within this realm",
"type" : "role",
"logic" : "POSITIVE",
"decisionStrategy" : "AFFIRMATIVE",
"config" : {
"roles" : "[{\"id\":\"spiffworkflow-backend/repeat-form-role-2\",\"required\":false}]"
}
}, {
"name" : "Default Permission",
"description" : "A permission that applies to the default resource type",
"type" : "resource",
"logic" : "POSITIVE",
"decisionStrategy" : "UNANIMOUS",
"config" : {
"defaultResourceType" : "urn:withAuth:resources:default",
"applyPolicies" : "[\"Default Policy\"]"
}
} ],
"scopes" : [ ],
"decisionStrategy" : "UNANIMOUS"
}
} ],
"clientScopes" : [ {
"name" : "acr",
"description" : "OpenID Connect scope for add acr (authentication context class reference) to the token",
"protocol" : "openid-connect",
"attributes" : {
"include.in.token.scope" : "false",
"display.on.consent.screen" : "false"
},
"protocolMappers" : [ {
"name" : "acr loa level",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-acr-mapper",
"consentRequired" : false,
"config" : {
"id.token.claim" : "true",
"access.token.claim" : "true",
"userinfo.token.claim" : "true"
}
} ]
}, {
"name" : "profile",
"description" : "OpenID Connect built-in scope: profile",
"protocol" : "openid-connect",
"attributes" : {
"include.in.token.scope" : "true",
"display.on.consent.screen" : "true",
"consent.screen.text" : "${profileScopeConsentText}"
},
"protocolMappers" : [ {
"name" : "full name",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-full-name-mapper",
"consentRequired" : false,
"config" : {
"id.token.claim" : "true",
"access.token.claim" : "true",
"userinfo.token.claim" : "true"
}
}, {
"name" : "website",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-attribute-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "website",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "website",
"jsonType.label" : "String"
}
}, {
"name" : "given name",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-property-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "firstName",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "given_name",
"jsonType.label" : "String"
}
}, {
"name" : "nickname",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-attribute-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "nickname",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "nickname",
"jsonType.label" : "String"
}
}, {
"name" : "username",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-property-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "username",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "preferred_username",
"jsonType.label" : "String"
}
}, {
"name" : "zoneinfo",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-attribute-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "zoneinfo",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "zoneinfo",
"jsonType.label" : "String"
}
}, {
"name" : "family name",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-property-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "lastName",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "family_name",
"jsonType.label" : "String"
}
}, {
"name" : "profile",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-attribute-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "profile",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "profile",
"jsonType.label" : "String"
}
}, {
"name" : "gender",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-attribute-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "gender",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "gender",
"jsonType.label" : "String"
}
}, {
"name" : "updated at",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-attribute-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "updatedAt",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "updated_at",
"jsonType.label" : "long"
}
}, {
"name" : "middle name",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-attribute-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "middleName",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "middle_name",
"jsonType.label" : "String"
}
}, {
"name" : "picture",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-attribute-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "picture",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "picture",
"jsonType.label" : "String"
}
}, {
"name" : "birthdate",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-attribute-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "birthdate",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "birthdate",
"jsonType.label" : "String"
}
}, {
"name" : "locale",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-attribute-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "locale",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "locale",
"jsonType.label" : "String"
}
} ]
}, {
"name" : "email",
"description" : "OpenID Connect built-in scope: email",
"protocol" : "openid-connect",
"attributes" : {
"include.in.token.scope" : "true",
"display.on.consent.screen" : "true",
"consent.screen.text" : "${emailScopeConsentText}"
},
"protocolMappers" : [ {
"name" : "email",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-property-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "email",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "email",
"jsonType.label" : "String"
}
}, {
"name" : "email verified",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-property-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "emailVerified",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "email_verified",
"jsonType.label" : "boolean"
}
} ]
}, {
"name" : "phone",
"description" : "OpenID Connect built-in scope: phone",
"protocol" : "openid-connect",
"attributes" : {
"include.in.token.scope" : "true",
"display.on.consent.screen" : "true",
"consent.screen.text" : "${phoneScopeConsentText}"
},
"protocolMappers" : [ {
"name" : "phone number",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-attribute-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "phoneNumber",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "phone_number",
"jsonType.label" : "String"
}
}, {
"name" : "phone number verified",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-attribute-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "phoneNumberVerified",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "phone_number_verified",
"jsonType.label" : "boolean"
}
} ]
}, {
"name" : "microprofile-jwt",
"description" : "Microprofile - JWT built-in scope",
"protocol" : "openid-connect",
"attributes" : {
"include.in.token.scope" : "true",
"display.on.consent.screen" : "false"
},
"protocolMappers" : [ {
"name" : "groups",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-realm-role-mapper",
"consentRequired" : false,
"config" : {
"multivalued" : "true",
"userinfo.token.claim" : "true",
"user.attribute" : "foo",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "groups",
"jsonType.label" : "String"
}
}, {
"name" : "upn",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-property-mapper",
"consentRequired" : false,
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "username",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "upn",
"jsonType.label" : "String"
}
} ]
}, {
"name" : "roles",
"description" : "OpenID Connect scope for add user roles to the access token",
"protocol" : "openid-connect",
"attributes" : {
"include.in.token.scope" : "false",
"display.on.consent.screen" : "true",
"consent.screen.text" : "${rolesScopeConsentText}"
},
"protocolMappers" : [ {
"name" : "audience resolve",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-audience-resolve-mapper",
"consentRequired" : false,
"config" : { }
}, {
"name" : "realm roles",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-realm-role-mapper",
"consentRequired" : false,
"config" : {
"user.attribute" : "foo",
"access.token.claim" : "true",
"claim.name" : "realm_access.roles",
"jsonType.label" : "String",
"multivalued" : "true"
}
}, {
"name" : "client roles",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-client-role-mapper",
"consentRequired" : false,
"config" : {
"user.attribute" : "foo",
"access.token.claim" : "true",
"claim.name" : "resource_access.${client_id}.roles",
"jsonType.label" : "String",
"multivalued" : "true"
}
} ]
}, {
"name" : "offline_access",
"description" : "OpenID Connect built-in scope: offline_access",
"protocol" : "openid-connect",
"attributes" : {
"consent.screen.text" : "${offlineAccessScopeConsentText}",
"display.on.consent.screen" : "true"
}
}, {
"name" : "web-origins",
"description" : "OpenID Connect scope for add allowed web origins to the access token",
"protocol" : "openid-connect",
"attributes" : {
"include.in.token.scope" : "false",
"display.on.consent.screen" : "false",
"consent.screen.text" : ""
},
"protocolMappers" : [ {
"name" : "allowed web origins",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-allowed-origins-mapper",
"consentRequired" : false,
"config" : { }
} ]
}, {
"name" : "role_list",
"description" : "SAML role list",
"protocol" : "saml",
"attributes" : {
"consent.screen.text" : "${samlRoleListScopeConsentText}",
"display.on.consent.screen" : "true"
},
"protocolMappers" : [ {
"name" : "role list",
"protocol" : "saml",
"protocolMapper" : "saml-role-list-mapper",
"consentRequired" : false,
"config" : {
"single" : "false",
"attribute.nameformat" : "Basic",
"attribute.name" : "Role"
}
} ]
}, {
"name" : "address",
"description" : "OpenID Connect built-in scope: address",
"protocol" : "openid-connect",
"attributes" : {
"include.in.token.scope" : "true",
"display.on.consent.screen" : "true",
"consent.screen.text" : "${addressScopeConsentText}"
},
"protocolMappers" : [ {
"name" : "address",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-address-mapper",
"consentRequired" : false,
"config" : {
"user.attribute.formatted" : "formatted",
"user.attribute.country" : "country",
"user.attribute.postal_code" : "postal_code",
"userinfo.token.claim" : "true",
"user.attribute.street" : "street",
"id.token.claim" : "true",
"user.attribute.region" : "region",
"access.token.claim" : "true",
"user.attribute.locality" : "locality"
}
} ]
} ],
"defaultDefaultClientScopes" : [ "email", "profile", "role_list", "roles", "acr", "web-origins" ],
"defaultOptionalClientScopes" : [ "offline_access", "phone", "microprofile-jwt", "address" ],
"browserSecurityHeaders" : {
"contentSecurityPolicyReportOnly" : "",
"xContentTypeOptions" : "nosniff",
"xRobotsTag" : "none",
"xFrameOptions" : "SAMEORIGIN",
"contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
"xXSSProtection" : "1; mode=block",
"strictTransportSecurity" : "max-age=31536000; includeSubDomains"
},
"smtpServer" : { },
"eventsEnabled" : false,
"eventsListeners" : [ "jboss-logging" ],
"enabledEventTypes" : [ ],
"adminEventsEnabled" : false,
"adminEventsDetailsEnabled" : false,
"identityProviders" : [ ],
"identityProviderMappers" : [ ],
"components" : {
"org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ {
"name" : "Trusted Hosts",
"providerId" : "trusted-hosts",
"subType" : "anonymous",
"subComponents" : { },
"config" : {
"host-sending-registration-request-must-match" : [ "true" ],
"client-uris-must-match" : [ "true" ]
}
}, {
"name" : "Allowed Protocol Mapper Types",
"providerId" : "allowed-protocol-mappers",
"subType" : "authenticated",
"subComponents" : { },
"config" : {
"allowed-protocol-mapper-types" : [ "oidc-sha256-pairwise-sub-mapper", "oidc-address-mapper", "oidc-full-name-mapper", "saml-user-attribute-mapper", "oidc-usermodel-property-mapper", "saml-role-list-mapper", "saml-user-property-mapper", "oidc-usermodel-attribute-mapper" ]
}
}, {
"name" : "Max Clients Limit",
"providerId" : "max-clients",
"subType" : "anonymous",
"subComponents" : { },
"config" : {
"max-clients" : [ "200" ]
}
}, {
"name" : "Allowed Protocol Mapper Types",
"providerId" : "allowed-protocol-mappers",
"subType" : "anonymous",
"subComponents" : { },
"config" : {
"allowed-protocol-mapper-types" : [ "oidc-full-name-mapper", "saml-user-property-mapper", "oidc-usermodel-property-mapper", "saml-role-list-mapper", "oidc-address-mapper", "saml-user-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-attribute-mapper" ]
}
}, {
"name" : "Allowed Client Scopes",
"providerId" : "allowed-client-templates",
"subType" : "authenticated",
"subComponents" : { },
"config" : {
"allow-default-scopes" : [ "true" ]
}
}, {
"name" : "Consent Required",
"providerId" : "consent-required",
"subType" : "anonymous",
"subComponents" : { },
"config" : { }
}, {
"name" : "Full Scope Disabled",
"providerId" : "scope",
"subType" : "anonymous",
"subComponents" : { },
"config" : { }
}, {
"name" : "Allowed Client Scopes",
"providerId" : "allowed-client-templates",
"subType" : "anonymous",
"subComponents" : { },
"config" : {
"allow-default-scopes" : [ "true" ]
}
} ],
"org.keycloak.userprofile.UserProfileProvider" : [ {
"providerId" : "declarative-user-profile",
"subComponents" : { },
"config" : { }
} ],
"org.keycloak.keys.KeyProvider" : [ {
"name" : "hmac-generated",
"providerId" : "hmac-generated",
"subComponents" : { },
"config" : {
"kid" : [ "4e99c641-0494-49d5-979f-45cb5126f6f1" ],
"secret" : [ "4wV4voiQmFajEegv83Ugd8DxFoy3JpN4YzO5qMx4XfB7Abq8NKU4Az5AkSpxYBSdb5GJEQypA4aLmnaDyCWLIw" ],
"priority" : [ "100" ],
"algorithm" : [ "HS256" ]
}
}, {
"name" : "aes-generated",
"providerId" : "aes-generated",
"subComponents" : { },
"config" : {
"kid" : [ "76118b54-fc74-4149-9028-fab1fdc07860" ],
"secret" : [ "DvxTn0KA4TEUPqSFBw8qAw" ],
"priority" : [ "100" ]
}
}, {
"name" : "rsa-generated",
"providerId" : "rsa-generated",
"subComponents" : { },
"config" : {
"privateKey" : [ "MIIEpAIBAAKCAQEAimbfmG2pL3qesWhUrQayRyYBbRFE0Ul5Ii/AW8Kq6Kad9R2n2sT2BvXWnsWBH6KuINUFJz3Tb+gWy235Jy0Idmekwx63JR20//ZJ7dyQ+b1iadmYPpqyixGL7NrVxQYT0AEGLcD/Fwsh869F3jgfQt7N15q2arRnOrW5NMwi+IvtHxZRZ3UluxShut2577ef8cakwCv4zoTV29y+Z3XhtlKZ4WOCuqIHL3SRHwNkb+k8cY0Gwc88FHl/ihFR0fX/lc7W2AHRd98ex8il4kBFfShBZur8ZLE7QWQdXRY2EYYr3D/W6/5wf/R2fAvbVmGzcYGZ2qm6d+K1XH8VU3X84wIDAQABAoIBABXXrHwa+nOCz57CD3MLNoGiDuGOsySwisyJartQmraC7TTtDDurkASDMe72zq0WeJK368tIp6DmqQpL/eFf6xD8xHUC2PajnJg033AJuluftvNroupmcb0e9M1ZsBkbH29Zagc4iUmyuRYDWGx8wPpFvYjEYvuuIwiR+3vIp9A/0ZbcBwdtml3Of5gYTXChPj28PrA4K7oFib2Zu1aYCBEdF8h9bKRF/UlvyWeSajjddexSQ6gkEjzAEMpliCDbOGSFGwNu1pY7FF4EpyJbalzdpn44m5v9bqfS9/CDrIOOUus88Nn5wCD2OAmAQnWn0Hnh7at4A5fw3VBUmEt70ckCgYEAx0Fg8Gp3SuMaytrf9HJHJcltyDRsdSxysF1ZvDV9cDUsD28QOa/wFJRVsABxqElU+W6QEc20NMgOHVyPFed5UhQA6WfmydzGIcF5C6T5IbE/5Uk3ptGuPdI0aR7rlRfefQOnUBr28dz5UDBTb93t9+Klxcss+nLGRbugnFBAtTUCgYEAsdD+92nuF/GfET97vbHxtJ6+epHddttWlsa5PVeVOZBE/LUsOZRxmxm4afvZGOkhUrvmA1+U0arcp9crS5+Ol2LUGh/9efqLvoBImBxLwB37VcIYLJi0EVPrhVPh+9r3vah1YMBhtapS0VtuEZOr47Yz7asBg1s1Z06l+bD1JLcCgYA+3YS9NYn/qZl5aQcBs9B4vo2RfeC+M1DYDgvS0rmJ3mzRTcQ7vyOrCoXiarFxW/mgXN69jz4M7RVu9BX83jQrzj3fZjWteKdWXRlYsCseEzNKnwgc7MjhnmGEzQmc15QNs0plfqxs8MAEKcsZX1bGP873kbvWJMIjnCf3SWaxBQKBgQCh9zt2w19jIewA+vFMbXw7SGk6Hgk6zTlG50YtkMxU/YtJIAFjhUohu8DVkNhDr35x7MLribF1dYu9ueku3ew1CokmLsNkywllAVaebw+0s9qOV9hLLuC989HQxQJPtTj54SrhcPrPTZBYME7G5dqo9PrB3oTnUDoJmoLmOABjawKBgQCeyd12ShpKYHZS4ZvE87OfXanuNfpVxhcXOqYHpQz2W0a+oUu9e78MlwTVooR4O52W/Ohch2FPEzq/1DBjJrK6PrMY8DS018BIVpQ9DS35/Ga9NtSi8DX7jTXacYPwL9n/+//U3vw0mjaoMXgCv44nYu4ro62J6wvVM98hjQmLJw==" ],
"keyUse" : [ "SIG" ],
"certificate" : [ "MIICqTCCAZECBgGBz6+bXzANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1zcGlmZndvcmtmbG93MB4XDTIyMDcwNTE4NDUwMVoXDTMyMDcwNTE4NDY0MVowGDEWMBQGA1UEAwwNc3BpZmZ3b3JrZmxvdzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIpm35htqS96nrFoVK0GskcmAW0RRNFJeSIvwFvCquimnfUdp9rE9gb11p7FgR+iriDVBSc902/oFstt+SctCHZnpMMetyUdtP/2Se3ckPm9YmnZmD6asosRi+za1cUGE9ABBi3A/xcLIfOvRd44H0Lezdeatmq0Zzq1uTTMIviL7R8WUWd1JbsUobrdue+3n/HGpMAr+M6E1dvcvmd14bZSmeFjgrqiBy90kR8DZG/pPHGNBsHPPBR5f4oRUdH1/5XO1tgB0XffHsfIpeJARX0oQWbq/GSxO0FkHV0WNhGGK9w/1uv+cH/0dnwL21Zhs3GBmdqpunfitVx/FVN1/OMCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAaI7BEPZpf4MU7bMWmNgyfRTRDy5wtpyfuLPGHZ9EqtnvwwzsmlmXXsC55SLXx3wJETm+rFqeRFbo/hamlRajzzD317AUpE7nhnONTukmh6UuB8hXoWiQTD+YDYMy8kneSP4zvfm27F+TgUC4cvJSYuWVaCxFx52kxqW1hZkBzYUcfi21Qb1jRrbTbso37BxuVX+GdN015If3DPD6QnAhLPAYEFA9jiL16YeMdWHdvlXXmvriDegMUYQjFYPRh6iPzUEdG6KGHItF4AkOYBQAcoaYhfxpxofVlDdOqMZ/1c7AAbe4lR6/jYQ0CbHwdUu4dzJQe3vxr7GdxcB1ypvXPA==" ],
"priority" : [ "100" ]
}
}, {
"name" : "rsa-enc-generated",
"providerId" : "rsa-enc-generated",
"subComponents" : { },
"config" : {
"privateKey" : [ "MIIEowIBAAKCAQEAsqGsclDQDFSTn8HS1LiiNAnTwn3CS8HXPLDYMHr/jUQ8r5eD+vQY5ICh5V5c8l8J6ydbpzffFEKam54Ypp4yzaWJZ4huYBMf4vL7xrAZ4VXBreu16BIxOrThzrJe9WmI8+Annzo62mNYZbjf4WNpZDURmxZSo7v6Czprd5O6T4N5bxr8sjRRptZR8hxtrRvJnuC0jF+dLHIO5SKR1hUVG/gbpIBqGcsLkNC9nnS6M/N5YFzUIV5JhXo3+mrR/yvw7m+oS5yRsN0raCSXVenNP05Dhsd4FOYqoXBBcdgXXbiDxed0HWB/g5dASqyMydHriddGr8FU0W8/uZmF79wxPwIDAQABAoIBAFsWCaL5Bj1jWytZYDJMO5mhcTN5gPu0ShaObo66CVl1dCRtdEUg9xh9ZxBYf7ivMZWRKjEoUj44gDHd+d/sRyeJw3jhnraqydWl5TC5V1kJq4sN6GH/9M5kscf+OGGXgNgqcsnEnYICqm6kSLTbRkBstx+H0HfhQG09StNcpuIn4MsoMZT8XmZbXRLb3FhfpuTSX3t2nbSDRfUf7LI1EDnFQen/AJAA5lOHthLCdz4Gj1vfalOFjCMYOUWmL/mCDEb38F6QJZxkyhmS/r2kM09PFLOio6z3J8C8mVeq7uao0s5xAKj5SJqx4r+TTvL5aOF8JBWm8Hz1Vcip9/MjsQECgYEA/8Hpb4RggNyn+YzTxqxtPtbLFL0YywtNT+gutmJH1gyTjfx7p3dmA/NsdIeuJmBpZfA7oDXIqfj2M9QLfC5bdKnggQzrIO3BgClI88zOIWd229Bt6D1yx92k4+9eaRwOKBPn8+u0mCk8TBv32ecMLQ9o8AKNIHeCZQjByvOrIMECgYEAss0J3TzrRuEOpnxJ9fNOeB3rNpIFrpNua+oEQI4gDbBvyT7osBKkGqfXJpUQMftr8a6uBHLHV7/Wq6/aRkRhk+aER8h01DUIWGLmbCUdkFSJZ8iObMZQvURtckhzxxhYu0Ybwn0RJg/zzR4onTRO+eL1fTnb5Id55PyPt3Pp0f8CgYEAovDOoP6MYOyzk5h1/7gwrX04ytCicBGWQtdgk0/QBn3ir+3wdcPq2Y+HREKA3/BClfBUfIBnhGqZqHFqk8YQ/CWSY4Vwc30l71neIX0UwlFhdy+2JeSoMM9z0sfYtUxrdHsiJtO/LcXvpWmYIVpC9p4/s9FcShf5mhbXKE7PcsECgYBN7qqvAH94LF4rWJ8QEZWRK1E7Ptg1KFOHu79Qt+HmtZFzwPTA0c8vQxq22V/uuSxqcf2tOK4EZDxYJtTXrbRuN5pOg2PQnrDdfXX7iw3gu8gMMVFKvgGxDSM7HbNBAy6hqcQtuD+CPI/CRrPjGUqXBkKD63UZnacWlLK7fk1a1wKBgExUaqOBKmr0vldVn66E1XzZj4F4+fV5Ggka9289pBNBRlJFD4VmIYkDkOrLimyy2cYeCkocrOvF6HMJqTcOzD50pj44OWkYFRbs6vK0S7iLSX0eR158XOR9C+uZzp1vIA4sYwW3504HVdVoIU5M8ItSgDsFjGnvHopTGu3MBWPT" ],
"keyUse" : [ "ENC" ],
"certificate" : [ "MIICqTCCAZECBgGBz6+byzANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1zcGlmZndvcmtmbG93MB4XDTIyMDcwNTE4NDUwMVoXDTMyMDcwNTE4NDY0MVowGDEWMBQGA1UEAwwNc3BpZmZ3b3JrZmxvdzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALKhrHJQ0AxUk5/B0tS4ojQJ08J9wkvB1zyw2DB6/41EPK+Xg/r0GOSAoeVeXPJfCesnW6c33xRCmpueGKaeMs2liWeIbmATH+Ly+8awGeFVwa3rtegSMTq04c6yXvVpiPPgJ586OtpjWGW43+FjaWQ1EZsWUqO7+gs6a3eTuk+DeW8a/LI0UabWUfIcba0byZ7gtIxfnSxyDuUikdYVFRv4G6SAahnLC5DQvZ50ujPzeWBc1CFeSYV6N/pq0f8r8O5vqEuckbDdK2gkl1XpzT9OQ4bHeBTmKqFwQXHYF124g8XndB1gf4OXQEqsjMnR64nXRq/BVNFvP7mZhe/cMT8CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEArDDC7bYbuBg33PbUQi7P77lV7PuE9uQU1F3HqulhkARQeM/xmBdJRj9CHjj62shkI3An70tJtGBJkVAHltmvjC+A6IDO5I8IbnPkvWJFu9HwphdP/C1HXYmGPPe7yGdKpy6mdCZ+LMZP7BENhOlx9yXLDFYtcGvqZ4u3XvfsLqUsRGqZHNlhVJD13dUbI6pvbwMsb3gIxozgTIa2ySHMbHafln2UQk5jD0eOIVkaNAdlHqMHiBpPjkoVxnhAmJ/dUIAqKBvuIbCOu9N0kOQSl82LqC7CZ21JCyT86Ll3n1RTkxY5G3JzGW4dyJMOGSyVnWaQ9Z+C92ZMFcOt611M2A==" ],
"priority" : [ "100" ],
"algorithm" : [ "RSA-OAEP" ]
}
} ]
},
"internationalizationEnabled" : false,
"supportedLocales" : [ ],
"authenticationFlows" : [ {
"alias" : "Account verification options",
"description" : "Method with which to verity the existing account",
"providerId" : "basic-flow",
"topLevel" : false,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "idp-email-verification",
"authenticatorFlow" : false,
"requirement" : "ALTERNATIVE",
"priority" : 10,
"autheticatorFlow" : false,
"userSetupAllowed" : false
}, {
"authenticatorFlow" : true,
"requirement" : "ALTERNATIVE",
"priority" : 20,
"autheticatorFlow" : true,
"flowAlias" : "Verify Existing Account by Re-authentication",
"userSetupAllowed" : false
} ]
}, {
"alias" : "Authentication Options",
"description" : "Authentication options.",
"providerId" : "basic-flow",
"topLevel" : false,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "basic-auth",
"authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 10,
"autheticatorFlow" : false,
"userSetupAllowed" : false
}, {
"authenticator" : "basic-auth-otp",
"authenticatorFlow" : false,
"requirement" : "DISABLED",
"priority" : 20,
"autheticatorFlow" : false,
"userSetupAllowed" : false
}, {
"authenticator" : "auth-spnego",
"authenticatorFlow" : false,
"requirement" : "DISABLED",
"priority" : 30,
"autheticatorFlow" : false,
"userSetupAllowed" : false
} ]
}, {
"alias" : "Browser - Conditional OTP",
"description" : "Flow to determine if the OTP is required for the authentication",
"providerId" : "basic-flow",
"topLevel" : false,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "conditional-user-configured",
"authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 10,
"autheticatorFlow" : false,
"userSetupAllowed" : false
}, {
"authenticator" : "auth-otp-form",
"authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 20,
"autheticatorFlow" : false,
"userSetupAllowed" : false
} ]
}, {
"alias" : "Direct Grant - Conditional OTP",
"description" : "Flow to determine if the OTP is required for the authentication",
"providerId" : "basic-flow",
"topLevel" : false,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "conditional-user-configured",
"authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 10,
"autheticatorFlow" : false,
"userSetupAllowed" : false
}, {
"authenticator" : "direct-grant-validate-otp",
"authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 20,
"autheticatorFlow" : false,
"userSetupAllowed" : false
} ]
}, {
"alias" : "First broker login - Conditional OTP",
"description" : "Flow to determine if the OTP is required for the authentication",
"providerId" : "basic-flow",
"topLevel" : false,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "conditional-user-configured",
"authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 10,
"autheticatorFlow" : false,
"userSetupAllowed" : false
}, {
"authenticator" : "auth-otp-form",
"authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 20,
"autheticatorFlow" : false,
"userSetupAllowed" : false
} ]
}, {
"alias" : "Handle Existing Account",
"description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider",
"providerId" : "basic-flow",
"topLevel" : false,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "idp-confirm-link",
"authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 10,
"autheticatorFlow" : false,
"userSetupAllowed" : false
}, {
"authenticatorFlow" : true,
"requirement" : "REQUIRED",
"priority" : 20,
"autheticatorFlow" : true,
"flowAlias" : "Account verification options",
"userSetupAllowed" : false
} ]
}, {
"alias" : "Reset - Conditional OTP",
"description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.",
"providerId" : "basic-flow",
"topLevel" : false,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "conditional-user-configured",
"authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 10,
"autheticatorFlow" : false,
"userSetupAllowed" : false
}, {
"authenticator" : "reset-otp",
"authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 20,
"autheticatorFlow" : false,
"userSetupAllowed" : false
} ]
}, {
"alias" : "User creation or linking",
"description" : "Flow for the existing/non-existing user alternatives",
"providerId" : "basic-flow",
"topLevel" : false,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticatorConfig" : "create unique user config",
"authenticator" : "idp-create-user-if-unique",
"authenticatorFlow" : false,
"requirement" : "ALTERNATIVE",
"priority" : 10,
"autheticatorFlow" : false,
"userSetupAllowed" : false
}, {
"authenticatorFlow" : true,
"requirement" : "ALTERNATIVE",
"priority" : 20,
"autheticatorFlow" : true,
"flowAlias" : "Handle Existing Account",
"userSetupAllowed" : false
} ]
}, {
"alias" : "Verify Existing Account by Re-authentication",
"description" : "Reauthentication of existing account",
"providerId" : "basic-flow",
"topLevel" : false,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "idp-username-password-form",
"authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 10,
"autheticatorFlow" : false,
"userSetupAllowed" : false
}, {
"authenticatorFlow" : true,
"requirement" : "CONDITIONAL",
"priority" : 20,
"autheticatorFlow" : true,
"flowAlias" : "First broker login - Conditional OTP",
"userSetupAllowed" : false
} ]
}, {
"alias" : "browser",
"description" : "browser based authentication",
"providerId" : "basic-flow",
"topLevel" : true,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "auth-cookie",
"authenticatorFlow" : false,
"requirement" : "ALTERNATIVE",
"priority" : 10,
"autheticatorFlow" : false,
"userSetupAllowed" : false
}, {
"authenticator" : "auth-spnego",
"authenticatorFlow" : false,
"requirement" : "DISABLED",
"priority" : 20,
"autheticatorFlow" : false,
"userSetupAllowed" : false
}, {
"authenticator" : "identity-provider-redirector",
"authenticatorFlow" : false,
"requirement" : "ALTERNATIVE",
"priority" : 25,
"autheticatorFlow" : false,
"userSetupAllowed" : false
}, {
"authenticatorFlow" : true,
"requirement" : "ALTERNATIVE",
"priority" : 30,
"autheticatorFlow" : true,
"flowAlias" : "forms",
"userSetupAllowed" : false
} ]
}, {
"alias" : "clients",
"description" : "Base authentication for clients",
"providerId" : "client-flow",
"topLevel" : true,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "client-secret",
"authenticatorFlow" : false,
"requirement" : "ALTERNATIVE",
"priority" : 10,
"autheticatorFlow" : false,
"userSetupAllowed" : false
}, {
"authenticator" : "client-jwt",
"authenticatorFlow" : false,
"requirement" : "ALTERNATIVE",
"priority" : 20,
"autheticatorFlow" : false,
"userSetupAllowed" : false
}, {
"authenticator" : "client-secret-jwt",
"authenticatorFlow" : false,
"requirement" : "ALTERNATIVE",
"priority" : 30,
"autheticatorFlow" : false,
"userSetupAllowed" : false
}, {
"authenticator" : "client-x509",
"authenticatorFlow" : false,
"requirement" : "ALTERNATIVE",
"priority" : 40,
"autheticatorFlow" : false,
"userSetupAllowed" : false
} ]
}, {
"alias" : "direct grant",
"description" : "OpenID Connect Resource Owner Grant",
"providerId" : "basic-flow",
"topLevel" : true,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "direct-grant-validate-username",
"authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 10,
"autheticatorFlow" : false,
"userSetupAllowed" : false
}, {
"authenticator" : "direct-grant-validate-password",
"authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 20,
"autheticatorFlow" : false,
"userSetupAllowed" : false
}, {
"authenticatorFlow" : true,
"requirement" : "CONDITIONAL",
"priority" : 30,
"autheticatorFlow" : true,
"flowAlias" : "Direct Grant - Conditional OTP",
"userSetupAllowed" : false
} ]
}, {
"alias" : "docker auth",
"description" : "Used by Docker clients to authenticate against the IDP",
"providerId" : "basic-flow",
"topLevel" : true,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "docker-http-basic-authenticator",
"authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 10,
"autheticatorFlow" : false,
"userSetupAllowed" : false
} ]
}, {
"alias" : "first broker login",
"description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
"providerId" : "basic-flow",
"topLevel" : true,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticatorConfig" : "review profile config",
"authenticator" : "idp-review-profile",
"authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 10,
"autheticatorFlow" : false,
"userSetupAllowed" : false
}, {
"authenticatorFlow" : true,
"requirement" : "REQUIRED",
"priority" : 20,
"autheticatorFlow" : true,
"flowAlias" : "User creation or linking",
"userSetupAllowed" : false
} ]
}, {
"alias" : "forms",
"description" : "Username, password, otp and other auth forms.",
"providerId" : "basic-flow",
"topLevel" : false,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "auth-username-password-form",
"authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 10,
"autheticatorFlow" : false,
"userSetupAllowed" : false
}, {
"authenticatorFlow" : true,
"requirement" : "CONDITIONAL",
"priority" : 20,
"autheticatorFlow" : true,
"flowAlias" : "Browser - Conditional OTP",
"userSetupAllowed" : false
} ]
}, {
"alias" : "http challenge",
"description" : "An authentication flow based on challenge-response HTTP Authentication Schemes",
"providerId" : "basic-flow",
"topLevel" : true,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "no-cookie-redirect",
"authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 10,
"autheticatorFlow" : false,
"userSetupAllowed" : false
}, {
"authenticatorFlow" : true,
"requirement" : "REQUIRED",
"priority" : 20,
"autheticatorFlow" : true,
"flowAlias" : "Authentication Options",
"userSetupAllowed" : false
} ]
}, {
"alias" : "registration",
"description" : "registration flow",
"providerId" : "basic-flow",
"topLevel" : true,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "registration-page-form",
"authenticatorFlow" : true,
"requirement" : "REQUIRED",
"priority" : 10,
"autheticatorFlow" : true,
"flowAlias" : "registration form",
"userSetupAllowed" : false
} ]
}, {
"alias" : "registration form",
"description" : "registration form",
"providerId" : "form-flow",
"topLevel" : false,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "registration-user-creation",
"authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 20,
"autheticatorFlow" : false,
"userSetupAllowed" : false
}, {
"authenticator" : "registration-profile-action",
"authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 40,
"autheticatorFlow" : false,
"userSetupAllowed" : false
}, {
"authenticator" : "registration-password-action",
"authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 50,
"autheticatorFlow" : false,
"userSetupAllowed" : false
}, {
"authenticator" : "registration-recaptcha-action",
"authenticatorFlow" : false,
"requirement" : "DISABLED",
"priority" : 60,
"autheticatorFlow" : false,
"userSetupAllowed" : false
} ]
}, {
"alias" : "reset credentials",
"description" : "Reset credentials for a user if they forgot their password or something",
"providerId" : "basic-flow",
"topLevel" : true,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "reset-credentials-choose-user",
"authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 10,
"autheticatorFlow" : false,
"userSetupAllowed" : false
}, {
"authenticator" : "reset-credential-email",
"authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 20,
"autheticatorFlow" : false,
"userSetupAllowed" : false
}, {
"authenticator" : "reset-password",
"authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 30,
"autheticatorFlow" : false,
"userSetupAllowed" : false
}, {
"authenticatorFlow" : true,
"requirement" : "CONDITIONAL",
"priority" : 40,
"autheticatorFlow" : true,
"flowAlias" : "Reset - Conditional OTP",
"userSetupAllowed" : false
} ]
}, {
"alias" : "saml ecp",
"description" : "SAML ECP Profile Authentication Flow",
"providerId" : "basic-flow",
"topLevel" : true,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "http-basic-authenticator",
"authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 10,
"autheticatorFlow" : false,
"userSetupAllowed" : false
} ]
} ],
"authenticatorConfig" : [ {
"alias" : "create unique user config",
"config" : {
"require.password.update.after.registration" : "false"
}
}, {
"alias" : "review profile config",
"config" : {
"update.profile.on.first.login" : "missing"
}
} ],
"requiredActions" : [ {
"alias" : "CONFIGURE_TOTP",
"name" : "Configure OTP",
"providerId" : "CONFIGURE_TOTP",
"enabled" : true,
"defaultAction" : false,
"priority" : 10,
"config" : { }
}, {
"alias" : "terms_and_conditions",
"name" : "Terms and Conditions",
"providerId" : "terms_and_conditions",
"enabled" : false,
"defaultAction" : false,
"priority" : 20,
"config" : { }
}, {
"alias" : "UPDATE_PASSWORD",
"name" : "Update Password",
"providerId" : "UPDATE_PASSWORD",
"enabled" : true,
"defaultAction" : false,
"priority" : 30,
"config" : { }
}, {
"alias" : "UPDATE_PROFILE",
"name" : "Update Profile",
"providerId" : "UPDATE_PROFILE",
"enabled" : true,
"defaultAction" : false,
"priority" : 40,
"config" : { }
}, {
"alias" : "VERIFY_EMAIL",
"name" : "Verify Email",
"providerId" : "VERIFY_EMAIL",
"enabled" : true,
"defaultAction" : false,
"priority" : 50,
"config" : { }
}, {
"alias" : "delete_account",
"name" : "Delete Account",
"providerId" : "delete_account",
"enabled" : false,
"defaultAction" : false,
"priority" : 60,
"config" : { }
}, {
"alias" : "update_user_locale",
"name" : "Update User Locale",
"providerId" : "update_user_locale",
"enabled" : true,
"defaultAction" : false,
"priority" : 1000,
"config" : { }
} ],
"browserFlow" : "browser",
"registrationFlow" : "registration",
"directGrantFlow" : "direct grant",
"resetCredentialsFlow" : "reset credentials",
"clientAuthenticationFlow" : "clients",
"dockerAuthenticationFlow" : "docker auth",
"attributes" : {
"cibaBackchannelTokenDeliveryMode" : "poll",
"cibaAuthRequestedUserHint" : "login_hint",
"clientOfflineSessionMaxLifespan" : "0",
"oauth2DevicePollingInterval" : "5",
"clientSessionIdleTimeout" : "0",
"actionTokenGeneratedByUserLifespan-execute-actions" : "",
"actionTokenGeneratedByUserLifespan-verify-email" : "",
"clientOfflineSessionIdleTimeout" : "0",
"actionTokenGeneratedByUserLifespan-reset-credentials" : "",
"cibaInterval" : "5",
"realmReusableOtpCode" : "false",
"cibaExpiresIn" : "120",
"oauth2DeviceCodeLifespan" : "600",
"actionTokenGeneratedByUserLifespan-idp-verify-account-via-email" : "",
"parRequestUriLifespan" : "60",
"clientSessionMaxLifespan" : "0"
},
"keycloakVersion" : "20.0.1",
"userManagedAccessAllowed" : false,
"clientProfiles" : {
"profiles" : [ ]
},
"clientPolicies" : {
"policies" : [ ]
}
}