{ "realm" : "spiffworkflow-2", "notBefore" : 0, "defaultSignatureAlgorithm" : "RS256", "revokeRefreshToken" : false, "refreshTokenMaxReuse" : 0, "accessTokenLifespan" : 1800, "accessTokenLifespanForImplicitFlow" : 900, "ssoSessionIdleTimeout" : 86400, "ssoSessionMaxLifespan" : 864000, "ssoSessionIdleTimeoutRememberMe" : 0, "ssoSessionMaxLifespanRememberMe" : 0, "offlineSessionIdleTimeout" : 2592000, "offlineSessionMaxLifespanEnabled" : false, "offlineSessionMaxLifespan" : 5184000, "clientSessionIdleTimeout" : 0, "clientSessionMaxLifespan" : 0, "clientOfflineSessionIdleTimeout" : 0, "clientOfflineSessionMaxLifespan" : 0, "accessCodeLifespan" : 60, "accessCodeLifespanUserAction" : 300, "accessCodeLifespanLogin" : 1800, "actionTokenGeneratedByAdminLifespan" : 43200, "actionTokenGeneratedByUserLifespan" : 300, "oauth2DeviceCodeLifespan" : 600, "oauth2DevicePollingInterval" : 5, "enabled" : true, "sslRequired" : "external", "registrationAllowed" : false, "registrationEmailAsUsername" : false, "rememberMe" : false, "verifyEmail" : false, "loginWithEmailAllowed" : true, "duplicateEmailsAllowed" : false, "resetPasswordAllowed" : false, "editUsernameAllowed" : false, "bruteForceProtected" : false, "permanentLockout" : false, "maxFailureWaitSeconds" : 900, "minimumQuickLoginWaitSeconds" : 60, "waitIncrementSeconds" : 60, "quickLoginCheckMilliSeconds" : 1000, "maxDeltaTimeSeconds" : 43200, "failureFactor" : 30, "roles" : { "realm" : [ { "name" : "default-roles-spiffworkflow", "description" : "${role_default-roles}", "composite" : true, "composites" : { "realm" : [ "offline_access", "uma_authorization" ], "client" : { "account" : [ "view-profile", "manage-account" ] } }, "clientRole" : false, "containerId" : "spiffworkflow-2", "attributes" : { } }, { "name" : "uma_authorization", "description" : "${role_uma_authorization}", "composite" : false, "clientRole" : false, "containerId" : "spiffworkflow-2", "attributes" : { } }, { "name" : "admin", "composite" : false, "clientRole" : false, "containerId" : "spiffworkflow-2", "attributes" : { } }, { "name" : "repeat-form-role-realm", "composite" : false, "clientRole" : false, "containerId" : "spiffworkflow-2", "attributes" : { } }, { "name" : "offline_access", "description" : "${role_offline-access}", "composite" : false, "clientRole" : false, "containerId" : "spiffworkflow-2", "attributes" : { } } ], "client" : { "realm-management" : [ { "name" : "manage-authorization", "description" : "${role_manage-authorization}", "composite" : false, "clientRole" : true, "containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2", "attributes" : { } }, { "name" : "view-authorization", "description" : "${role_view-authorization}", "composite" : false, "clientRole" : true, "containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2", "attributes" : { } }, { "name" : "query-groups", "description" : "${role_query-groups}", "composite" : false, "clientRole" : true, "containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2", "attributes" : { } }, { "name" : "realm-admin", "description" : "${role_realm-admin}", "composite" : true, "composites" : { "client" : { "realm-management" : [ "manage-authorization", "view-authorization", "query-groups", "view-clients", "view-realm", "manage-users", "query-users", "impersonation", "manage-clients", "view-identity-providers", "create-client", "query-realms", "view-users", "view-events", "manage-identity-providers", "manage-events", "query-clients", "manage-realm" ] } }, "clientRole" : true, "containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2", "attributes" : { } }, { "name" : "view-clients", "description" : "${role_view-clients}", "composite" : true, "composites" : { "client" : { "realm-management" : [ "query-clients" ] } }, "clientRole" : true, "containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2", "attributes" : { } }, { "name" : "manage-users", "description" : "${role_manage-users}", "composite" : false, "clientRole" : true, "containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2", "attributes" : { } }, { "name" : "view-realm", "description" : "${role_view-realm}", "composite" : false, "clientRole" : true, "containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2", "attributes" : { } }, { "name" : "impersonation", "description" : "${role_impersonation}", "composite" : false, "clientRole" : true, "containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2", "attributes" : { } }, { "name" : "query-users", "description" : "${role_query-users}", "composite" : false, "clientRole" : true, "containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2", "attributes" : { } }, { "name" : "manage-clients", "description" : "${role_manage-clients}", "composite" : false, "clientRole" : true, "containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2", "attributes" : { } }, { "name" : "create-client", "description" : "${role_create-client}", "composite" : false, "clientRole" : true, "containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2", "attributes" : { } }, { "name" : "query-realms", "description" : "${role_query-realms}", "composite" : false, "clientRole" : true, "containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2", "attributes" : { } }, { "name" : "view-identity-providers", "description" : "${role_view-identity-providers}", "composite" : false, "clientRole" : true, "containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2", "attributes" : { } }, { "name" : "view-users", "description" : "${role_view-users}", "composite" : true, "composites" : { "client" : { "realm-management" : [ "query-groups", "query-users" ] } }, "clientRole" : true, "containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2", "attributes" : { } }, { "name" : "view-events", "description" : "${role_view-events}", "composite" : false, "clientRole" : true, "containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2", "attributes" : { } }, { "name" : "manage-events", "description" : "${role_manage-events}", "composite" : false, "clientRole" : true, "containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2", "attributes" : { } }, { "name" : "manage-identity-providers", "description" : "${role_manage-identity-providers}", "composite" : false, "clientRole" : true, "containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2", "attributes" : { } }, { "name" : "query-clients", "description" : "${role_query-clients}", "composite" : false, "clientRole" : true, "containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2", "attributes" : { } }, { "name" : "manage-realm", "description" : "${role_manage-realm}", "composite" : false, "clientRole" : true, "containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2", "attributes" : { } } ], "spiffworkflow-frontend" : [ ], "security-admin-console" : [ ], "admin-cli" : [ ], "spiffworkflow-backend" : [ { "name" : "spiffworkflow-admin", "composite" : false, "clientRole" : true, "containerId" : "f44558af-3601-4e54-b854-08396a247544", "attributes" : { } }, { "name" : "uma_protection", "composite" : false, "clientRole" : true, "containerId" : "f44558af-3601-4e54-b854-08396a247544", "attributes" : { } }, { "name" : "repeat-form-role-2", "composite" : false, "clientRole" : true, "containerId" : "f44558af-3601-4e54-b854-08396a247544", "attributes" : { "repeat-form-role-2-att-key" : [ "repeat-form-role-2-att-value" ] } } ], "withAuth" : [ { "name" : "uma_protection", "composite" : false, "clientRole" : true, "containerId" : "5d94a8c3-f56b-4eff-ac39-8580053a7fbe", "attributes" : { } } ], "broker" : [ { "name" : "read-token", "description" : "${role_read-token}", "composite" : false, "clientRole" : true, "containerId" : "55d75754-cf1b-4875-bf3e-15add4be8c99", "attributes" : { } } ], "account" : [ { "name" : "delete-account", "description" : "${role_delete-account}", "composite" : false, "clientRole" : true, "containerId" : "e39b3c85-bb9d-4c73-8250-be087c82ae48", "attributes" : { } }, { "name" : "manage-consent", "description" : "${role_manage-consent}", "composite" : true, "composites" : { "client" : { "account" : [ "view-consent" ] } }, "clientRole" : true, "containerId" : "e39b3c85-bb9d-4c73-8250-be087c82ae48", "attributes" : { } }, { "name" : "view-consent", "description" : "${role_view-consent}", "composite" : false, "clientRole" : true, "containerId" : "e39b3c85-bb9d-4c73-8250-be087c82ae48", "attributes" : { } }, { "name" : "manage-account-links", "description" : "${role_manage-account-links}", "composite" : false, "clientRole" : true, "containerId" : "e39b3c85-bb9d-4c73-8250-be087c82ae48", "attributes" : { } }, { "name" : "view-profile", "description" : "${role_view-profile}", "composite" : false, "clientRole" : true, "containerId" : "e39b3c85-bb9d-4c73-8250-be087c82ae48", "attributes" : { } }, { "name" : "manage-account", "description" : "${role_manage-account}", "composite" : true, "composites" : { "client" : { "account" : [ "manage-account-links" ] } }, "clientRole" : true, "containerId" : "e39b3c85-bb9d-4c73-8250-be087c82ae48", "attributes" : { } }, { "name" : "view-groups", "description" : "${role_view-groups}", "composite" : false, "clientRole" : true, "containerId" : "e39b3c85-bb9d-4c73-8250-be087c82ae48", "attributes" : { } }, { "name" : "view-applications", "description" : "${role_view-applications}", "composite" : false, "clientRole" : true, "containerId" : "e39b3c85-bb9d-4c73-8250-be087c82ae48", "attributes" : { } } ] } }, "groups" : [ ], "defaultRole" : { "name" : "default-roles-spiffworkflow", "description" : "${role_default-roles}", "composite" : true, "clientRole" : false, "containerId" : "spiffworkflow-2" }, "requiredCredentials" : [ "password" ], "otpPolicyType" : "totp", "otpPolicyAlgorithm" : "HmacSHA1", "otpPolicyInitialCounter" : 0, "otpPolicyDigits" : 6, "otpPolicyLookAheadWindow" : 1, "otpPolicyPeriod" : 30, "otpPolicyCodeReusable" : false, "otpSupportedApplications" : [ "totpAppFreeOTPName", "totpAppGoogleName" ], "webAuthnPolicyRpEntityName" : "keycloak", "webAuthnPolicySignatureAlgorithms" : [ "ES256" ], "webAuthnPolicyRpId" : "", "webAuthnPolicyAttestationConveyancePreference" : "not specified", "webAuthnPolicyAuthenticatorAttachment" : "not specified", "webAuthnPolicyRequireResidentKey" : "not specified", "webAuthnPolicyUserVerificationRequirement" : "not specified", "webAuthnPolicyCreateTimeout" : 0, "webAuthnPolicyAvoidSameAuthenticatorRegister" : false, "webAuthnPolicyAcceptableAaguids" : [ ], "webAuthnPolicyPasswordlessRpEntityName" : "keycloak", "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ], "webAuthnPolicyPasswordlessRpId" : "", "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified", "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified", "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified", "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified", "webAuthnPolicyPasswordlessCreateTimeout" : 0, "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false, "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ], "users" : [ { "createdTimestamp" : 1676302139599, "username" : "admin", "enabled" : true, "totp" : false, "emailVerified" : false, "email" : "admin@spiffworkflow.org", "credentials" : [ { "type" : "password", "createdDate" : 1676302139645, "secretData" : "{\"value\":\"P6nrEJgmgdL+HbNA9tPkOyHYaLAqLg6cXh27ACgVQiOox4qwNE8Iv1L4ssispV4gsmuHiY+alio/2UMuyMGvEw==\",\"salt\":\"g214ckcAyig59U/3Oqwq4w==\",\"additionalParameters\":{}}", "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" } ], "disableableCredentialTypes" : [ ], "requiredActions" : [ ], "realmRoles" : [ "default-roles-spiffworkflow" ], "clientRoles" : { "realm-management" : [ "realm-admin" ] }, "notBefore" : 0, "groups" : [ ] }], "scopeMappings" : [ { "clientScope" : "offline_access", "roles" : [ "offline_access" ] } ], "clients" : [ { "clientId" : "account", "name" : "${client_account}", "rootUrl" : "${authBaseUrl}", "baseUrl" : "/realms/spiffworkflow/account/", "surrogateAuthRequired" : false, "enabled" : false, "alwaysDisplayInConsole" : false, "clientAuthenticatorType" : "client-secret", "redirectUris" : [ "/realms/spiffworkflow/account/*" ], "webOrigins" : [ ], "notBefore" : 0, "bearerOnly" : false, "consentRequired" : false, "standardFlowEnabled" : true, "implicitFlowEnabled" : false, "directAccessGrantsEnabled" : false, "serviceAccountsEnabled" : false, "publicClient" : true, "frontchannelLogout" : false, "protocol" : "openid-connect", "attributes" : { "saml.force.post.binding" : "false", "saml.multivalued.roles" : "false", "frontchannel.logout.session.required" : "false", "post.logout.redirect.uris" : "+", "oauth2.device.authorization.grant.enabled" : "false", "backchannel.logout.revoke.offline.tokens" : "false", "saml.server.signature.keyinfo.ext" : "false", "use.refresh.tokens" : "true", "oidc.ciba.grant.enabled" : "false", "backchannel.logout.session.required" : "false", "client_credentials.use_refresh_token" : "false", "require.pushed.authorization.requests" : "false", "saml.client.signature" : "false", "saml.allow.ecp.flow" : "false", "id.token.as.detached.signature" : "false", "saml.assertion.signature" : "false", "saml.encrypt" : "false", "saml.server.signature" : "false", "exclude.session.state.from.auth.response" : "false", "saml.artifact.binding" : "false", "saml_force_name_id_format" : "false", "acr.loa.map" : "{}", "tls.client.certificate.bound.access.tokens" : "false", "saml.authnstatement" : "false", "display.on.consent.screen" : "false", "token.response.type.bearer.lower-case" : "false", "saml.onetimeuse.condition" : "false" }, "authenticationFlowBindingOverrides" : { }, "fullScopeAllowed" : false, "nodeReRegistrationTimeout" : 0, "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { "clientId" : "admin-cli", "name" : "${client_admin-cli}", "description" : "", "rootUrl" : "", "adminUrl" : "", "baseUrl" : "", "surrogateAuthRequired" : false, "enabled" : true, "alwaysDisplayInConsole" : false, "clientAuthenticatorType" : "client-secret", "redirectUris" : [ ], "webOrigins" : [ ], "notBefore" : 0, "bearerOnly" : false, "consentRequired" : false, "standardFlowEnabled" : false, "implicitFlowEnabled" : false, "directAccessGrantsEnabled" : true, "serviceAccountsEnabled" : false, "publicClient" : true, "frontchannelLogout" : false, "protocol" : "openid-connect", "attributes" : { "saml.force.post.binding" : "false", "saml.multivalued.roles" : "false", "frontchannel.logout.session.required" : "false", "post.logout.redirect.uris" : "+", "oauth2.device.authorization.grant.enabled" : "false", "backchannel.logout.revoke.offline.tokens" : "false", "saml.server.signature.keyinfo.ext" : "false", "use.refresh.tokens" : "true", "oidc.ciba.grant.enabled" : "false", "backchannel.logout.session.required" : "false", "client_credentials.use_refresh_token" : "false", "require.pushed.authorization.requests" : "false", "saml.client.signature" : "false", "saml.allow.ecp.flow" : "false", "id.token.as.detached.signature" : "false", "saml.assertion.signature" : "false", "saml.encrypt" : "false", "saml.server.signature" : "false", "exclude.session.state.from.auth.response" : "false", "saml.artifact.binding" : "false", "saml_force_name_id_format" : "false", "acr.loa.map" : "{}", "tls.client.certificate.bound.access.tokens" : "false", "saml.authnstatement" : "false", "display.on.consent.screen" : "false", "token.response.type.bearer.lower-case" : "false", "saml.onetimeuse.condition" : "false" }, "authenticationFlowBindingOverrides" : { }, "fullScopeAllowed" : false, "nodeReRegistrationTimeout" : 0, "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { "clientId" : "broker", "name" : "${client_broker}", "surrogateAuthRequired" : false, "enabled" : false, "alwaysDisplayInConsole" : false, "clientAuthenticatorType" : "client-secret", "redirectUris" : [ ], "webOrigins" : [ ], "notBefore" : 0, "bearerOnly" : true, "consentRequired" : false, "standardFlowEnabled" : true, "implicitFlowEnabled" : false, "directAccessGrantsEnabled" : false, "serviceAccountsEnabled" : false, "publicClient" : false, "frontchannelLogout" : false, "protocol" : "openid-connect", "attributes" : { "saml.force.post.binding" : "false", "saml.multivalued.roles" : "false", "frontchannel.logout.session.required" : "false", "post.logout.redirect.uris" : "+", "oauth2.device.authorization.grant.enabled" : "false", "backchannel.logout.revoke.offline.tokens" : "false", "saml.server.signature.keyinfo.ext" : "false", "use.refresh.tokens" : "true", "oidc.ciba.grant.enabled" : "false", "backchannel.logout.session.required" : "false", "client_credentials.use_refresh_token" : "false", "require.pushed.authorization.requests" : "false", "saml.client.signature" : "false", "saml.allow.ecp.flow" : "false", "id.token.as.detached.signature" : "false", "saml.assertion.signature" : "false", "saml.encrypt" : "false", "saml.server.signature" : "false", "exclude.session.state.from.auth.response" : "false", "saml.artifact.binding" : "false", "saml_force_name_id_format" : "false", "acr.loa.map" : "{}", "tls.client.certificate.bound.access.tokens" : "false", "saml.authnstatement" : "false", "display.on.consent.screen" : "false", "token.response.type.bearer.lower-case" : "false", "saml.onetimeuse.condition" : "false" }, "authenticationFlowBindingOverrides" : { }, "fullScopeAllowed" : false, "nodeReRegistrationTimeout" : 0, "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { "clientId" : "realm-management", "name" : "${client_realm-management}", "surrogateAuthRequired" : false, "enabled" : false, "alwaysDisplayInConsole" : false, "clientAuthenticatorType" : "client-secret", "redirectUris" : [ ], "webOrigins" : [ ], "notBefore" : 0, "bearerOnly" : true, "consentRequired" : false, "standardFlowEnabled" : true, "implicitFlowEnabled" : false, "directAccessGrantsEnabled" : false, "serviceAccountsEnabled" : false, "publicClient" : false, "frontchannelLogout" : false, "protocol" : "openid-connect", "attributes" : { "saml.force.post.binding" : "false", "saml.multivalued.roles" : "false", "frontchannel.logout.session.required" : "false", "post.logout.redirect.uris" : "+", "oauth2.device.authorization.grant.enabled" : "false", "backchannel.logout.revoke.offline.tokens" : "false", "saml.server.signature.keyinfo.ext" : "false", "use.refresh.tokens" : "true", "oidc.ciba.grant.enabled" : "false", "backchannel.logout.session.required" : "false", "client_credentials.use_refresh_token" : "false", "require.pushed.authorization.requests" : "false", "saml.client.signature" : "false", "saml.allow.ecp.flow" : "false", "id.token.as.detached.signature" : "false", "saml.assertion.signature" : "false", "saml.encrypt" : "false", "saml.server.signature" : "false", "exclude.session.state.from.auth.response" : "false", "saml.artifact.binding" : "false", "saml_force_name_id_format" : "false", "acr.loa.map" : "{}", "tls.client.certificate.bound.access.tokens" : "false", "saml.authnstatement" : "false", "display.on.consent.screen" : "false", "token.response.type.bearer.lower-case" : "false", "saml.onetimeuse.condition" : "false" }, "authenticationFlowBindingOverrides" : { }, "fullScopeAllowed" : false, "nodeReRegistrationTimeout" : 0, "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { "clientId" : "security-admin-console", "name" : "${client_security-admin-console}", "rootUrl" : "${authAdminUrl}", "baseUrl" : "/admin/spiffworkflow/console/", "surrogateAuthRequired" : false, "enabled" : false, "alwaysDisplayInConsole" : false, "clientAuthenticatorType" : "client-secret", "redirectUris" : [ "/admin/spiffworkflow/console/*" ], "webOrigins" : [ "+" ], "notBefore" : 0, "bearerOnly" : false, "consentRequired" : false, "standardFlowEnabled" : true, "implicitFlowEnabled" : false, "directAccessGrantsEnabled" : false, "serviceAccountsEnabled" : false, "publicClient" : true, "frontchannelLogout" : false, "protocol" : "openid-connect", "attributes" : { "saml.force.post.binding" : "false", "saml.multivalued.roles" : "false", "frontchannel.logout.session.required" : "false", "post.logout.redirect.uris" : "+", "oauth2.device.authorization.grant.enabled" : "false", "backchannel.logout.revoke.offline.tokens" : "false", "saml.server.signature.keyinfo.ext" : "false", "use.refresh.tokens" : "true", "oidc.ciba.grant.enabled" : "false", "backchannel.logout.session.required" : "false", "client_credentials.use_refresh_token" : "false", "require.pushed.authorization.requests" : "false", "saml.client.signature" : "false", "pkce.code.challenge.method" : "S256", "saml.allow.ecp.flow" : "false", "id.token.as.detached.signature" : "false", "saml.assertion.signature" : "false", "saml.encrypt" : "false", "saml.server.signature" : "false", "exclude.session.state.from.auth.response" : "false", "saml.artifact.binding" : "false", "saml_force_name_id_format" : "false", "acr.loa.map" : "{}", "tls.client.certificate.bound.access.tokens" : "false", "saml.authnstatement" : "false", "display.on.consent.screen" : "false", "token.response.type.bearer.lower-case" : "false", "saml.onetimeuse.condition" : "false" }, "authenticationFlowBindingOverrides" : { }, "fullScopeAllowed" : false, "nodeReRegistrationTimeout" : 0, "protocolMappers" : [ { "name" : "locale", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", "user.attribute" : "locale", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "locale", "jsonType.label" : "String" } } ], "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { "clientId" : "spiffworkflow-backend", "name" : "", "description" : "", "rootUrl" : "", "adminUrl" : "", "baseUrl" : "", "surrogateAuthRequired" : false, "enabled" : true, "alwaysDisplayInConsole" : false, "clientAuthenticatorType" : "client-secret", "secret" : "JXeQExm0JhQPLumgHtIIqf52bDalHz0q", "redirectUris" : [ "http://localhost:7000/*", "https://replace-me-with-spiff-backend-host-and-path/*", "http://67.205.133.116:7000/*", "http://167.172.242.138:7000/*" ], "webOrigins" : [ ], "notBefore" : 0, "bearerOnly" : false, "consentRequired" : false, "standardFlowEnabled" : true, "implicitFlowEnabled" : false, "directAccessGrantsEnabled" : true, "serviceAccountsEnabled" : true, "authorizationServicesEnabled" : true, "publicClient" : false, "frontchannelLogout" : false, "protocol" : "openid-connect", "attributes" : { "saml.force.post.binding" : "false", "saml.multivalued.roles" : "false", "frontchannel.logout.session.required" : "false", "post.logout.redirect.uris" : "https://replace-me-with-spiff-frontend-host-and-path/*##http://localhost:7001/*", "oauth2.device.authorization.grant.enabled" : "false", "backchannel.logout.revoke.offline.tokens" : "false", "saml.server.signature.keyinfo.ext" : "false", "use.refresh.tokens" : "true", "oidc.ciba.grant.enabled" : "false", "backchannel.logout.session.required" : "true", "client_credentials.use_refresh_token" : "false", "require.pushed.authorization.requests" : "false", "saml.client.signature" : "false", "saml.allow.ecp.flow" : "false", "id.token.as.detached.signature" : "false", "saml.assertion.signature" : "false", "client.secret.creation.time" : "1657115173", "saml.encrypt" : "false", "saml.server.signature" : "false", "exclude.session.state.from.auth.response" : "false", "saml.artifact.binding" : "false", "saml_force_name_id_format" : "false", "acr.loa.map" : "{}", "tls.client.certificate.bound.access.tokens" : "false", "saml.authnstatement" : "false", "display.on.consent.screen" : "false", "token.response.type.bearer.lower-case" : "false", "saml.onetimeuse.condition" : "false" }, "authenticationFlowBindingOverrides" : { }, "fullScopeAllowed" : true, "nodeReRegistrationTimeout" : -1, "protocolMappers" : [ { "name" : "Client IP Address", "protocol" : "openid-connect", "protocolMapper" : "oidc-usersessionmodel-note-mapper", "consentRequired" : false, "config" : { "user.session.note" : "clientAddress", "userinfo.token.claim" : "true", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "clientAddress", "jsonType.label" : "String" } }, { "name" : "Client Host", "protocol" : "openid-connect", "protocolMapper" : "oidc-usersessionmodel-note-mapper", "consentRequired" : false, "config" : { "user.session.note" : "clientHost", "userinfo.token.claim" : "true", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "clientHost", "jsonType.label" : "String" } }, { "name" : "Client ID", "protocol" : "openid-connect", "protocolMapper" : "oidc-usersessionmodel-note-mapper", "consentRequired" : false, "config" : { "user.session.note" : "clientId", "userinfo.token.claim" : "true", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "clientId", "jsonType.label" : "String" } }, { "name" : "spiffworkflow-employeeid", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "aggregate.attrs" : "false", "userinfo.token.claim" : "true", "multivalued" : "false", "user.attribute" : "spiffworkflow-employeeid", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "spiffworkflow-employeeid" } } ], "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ], "authorizationSettings" : { "allowRemoteResourceManagement" : true, "policyEnforcementMode" : "ENFORCING", "resources" : [ { "name" : "everything", "ownerManagedAccess" : false, "attributes" : { }, "uris" : [ "/*" ], "scopes" : [ { "name" : "read" }, { "name" : "update" }, { "name" : "delete" }, { "name" : "instantiate" } ] }, { "name" : "Default Resource", "type" : "urn:spiffworkflow-backend:resources:default", "ownerManagedAccess" : false, "attributes" : { }, "uris" : [ "/*" ] }, { "name" : "process-model-with-repeating-form-crud", "type" : "process-model", "ownerManagedAccess" : false, "displayName" : "process-model-with-repeating-form-crud", "attributes" : { "test_resource_att1" : [ "this_is_the_value" ] }, "uris" : [ "/process-models/category_number_one/process-model-with-repeating-form" ], "scopes" : [ { "name" : "read" }, { "name" : "update" }, { "name" : "delete" }, { "name" : "instantiate" } ] } ], "policies" : [ { "name" : "repeat-form-role-policy", "type" : "role", "logic" : "POSITIVE", "decisionStrategy" : "UNANIMOUS", "config" : { "roles" : "[{\"id\":\"spiffworkflow-backend/repeat-form-role-2\",\"required\":false}]" } }, { "name" : "admins have everything", "type" : "role", "logic" : "POSITIVE", "decisionStrategy" : "UNANIMOUS", "config" : { "roles" : "[{\"id\":\"spiffworkflow-backend/spiffworkflow-admin\",\"required\":false}]" } }, { "name" : "Default Policy", "description" : "A policy that grants access only for users within this realm", "type" : "role", "logic" : "POSITIVE", "decisionStrategy" : "AFFIRMATIVE", "config" : { "roles" : "[{\"id\":\"spiffworkflow-backend/repeat-form-role-2\",\"required\":false}]" } }, { "name" : "repeat-form-read", "type" : "scope", "logic" : "POSITIVE", "decisionStrategy" : "UNANIMOUS", "config" : { "resources" : "[\"process-model-with-repeating-form-crud\"]", "scopes" : "[\"read\"]", "applyPolicies" : "[\"repeat-form-role-policy\"]" } }, { "name" : "all_permissions", "type" : "resource", "logic" : "POSITIVE", "decisionStrategy" : "UNANIMOUS", "config" : { "resources" : "[\"everything\"]", "applyPolicies" : "[\"admins have everything\"]" } }, { "name" : "Default Permission", "description" : "A permission that applies to the default resource type", "type" : "resource", "logic" : "POSITIVE", "decisionStrategy" : "UNANIMOUS", "config" : { "defaultResourceType" : "urn:spiffworkflow-backend:resources:default", "applyPolicies" : "[\"Default Policy\"]" } } ], "scopes" : [ { "name" : "read", "displayName" : "read" }, { "name" : "update", "displayName" : "update" }, { "name" : "delete", "displayName" : "delete" }, { "name" : "instantiate", "displayName" : "instantiate" } ], "decisionStrategy" : "UNANIMOUS" } }, { "clientId" : "spiffworkflow-frontend", "surrogateAuthRequired" : false, "enabled" : true, "alwaysDisplayInConsole" : false, "clientAuthenticatorType" : "client-secret", "redirectUris" : [ "https://api.unused-for-local-dev.spiffworkflow.org/*", "http://localhost:7001/*", "http://67.205.133.116:7000/*", "http://167.172.242.138:7001/*", "https://api.demo.spiffworkflow.org/*" ], "webOrigins" : [ "*" ], "notBefore" : 0, "bearerOnly" : false, "consentRequired" : false, "standardFlowEnabled" : true, "implicitFlowEnabled" : false, "directAccessGrantsEnabled" : true, "serviceAccountsEnabled" : false, "publicClient" : true, "frontchannelLogout" : false, "protocol" : "openid-connect", "attributes" : { "saml.force.post.binding" : "false", "saml.multivalued.roles" : "false", "frontchannel.logout.session.required" : "false", "post.logout.redirect.uris" : "+", "oauth2.device.authorization.grant.enabled" : "false", "backchannel.logout.revoke.offline.tokens" : "false", "saml.server.signature.keyinfo.ext" : "false", "use.refresh.tokens" : "true", "oidc.ciba.grant.enabled" : "false", "backchannel.logout.session.required" : "true", "client_credentials.use_refresh_token" : "false", "require.pushed.authorization.requests" : "false", "saml.client.signature" : "false", "saml.allow.ecp.flow" : "false", "id.token.as.detached.signature" : "false", "saml.assertion.signature" : "false", "saml.encrypt" : "false", "saml.server.signature" : "false", "exclude.session.state.from.auth.response" : "false", "saml.artifact.binding" : "false", "saml_force_name_id_format" : "false", "acr.loa.map" : "{}", "tls.client.certificate.bound.access.tokens" : "false", "saml.authnstatement" : "false", "display.on.consent.screen" : "false", "token.response.type.bearer.lower-case" : "false", "saml.onetimeuse.condition" : "false" }, "authenticationFlowBindingOverrides" : { }, "fullScopeAllowed" : true, "nodeReRegistrationTimeout" : -1, "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { "clientId" : "withAuth", "surrogateAuthRequired" : false, "enabled" : true, "alwaysDisplayInConsole" : false, "clientAuthenticatorType" : "client-secret", "secret" : "6o8kIKQznQtejHOdRhWeKorBJclMGcgA", "redirectUris" : [ "https://api.unused-for-local-dev.spiffworkflow.org/*", "http://localhost:7001/*", "http://67.205.133.116:7000/*", "http://167.172.242.138:7001/*", "https://api.demo.spiffworkflow.org/*" ], "webOrigins" : [ ], "notBefore" : 0, "bearerOnly" : false, "consentRequired" : false, "standardFlowEnabled" : true, "implicitFlowEnabled" : false, "directAccessGrantsEnabled" : true, "serviceAccountsEnabled" : true, "authorizationServicesEnabled" : true, "publicClient" : false, "frontchannelLogout" : false, "protocol" : "openid-connect", "attributes" : { "saml.force.post.binding" : "false", "saml.multivalued.roles" : "false", "frontchannel.logout.session.required" : "false", "post.logout.redirect.uris" : "+", "oauth2.device.authorization.grant.enabled" : "false", "backchannel.logout.revoke.offline.tokens" : "false", "saml.server.signature.keyinfo.ext" : "false", "use.refresh.tokens" : "true", "oidc.ciba.grant.enabled" : "false", "backchannel.logout.session.required" : "true", "client_credentials.use_refresh_token" : "false", "require.pushed.authorization.requests" : "false", "saml.client.signature" : "false", "saml.allow.ecp.flow" : "false", "id.token.as.detached.signature" : "false", "saml.assertion.signature" : "false", "client.secret.creation.time" : "1657055472", "saml.encrypt" : "false", "saml.server.signature" : "false", "exclude.session.state.from.auth.response" : "false", "saml.artifact.binding" : "false", "saml_force_name_id_format" : "false", "acr.loa.map" : "{}", "tls.client.certificate.bound.access.tokens" : "false", "saml.authnstatement" : "false", "display.on.consent.screen" : "false", "token.response.type.bearer.lower-case" : "false", "saml.onetimeuse.condition" : "false" }, "authenticationFlowBindingOverrides" : { }, "fullScopeAllowed" : true, "nodeReRegistrationTimeout" : -1, "protocolMappers" : [ { "name" : "Client ID", "protocol" : "openid-connect", "protocolMapper" : "oidc-usersessionmodel-note-mapper", "consentRequired" : false, "config" : { "user.session.note" : "clientId", "userinfo.token.claim" : "true", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "clientId", "jsonType.label" : "String" } }, { "name" : "Client Host", "protocol" : "openid-connect", "protocolMapper" : "oidc-usersessionmodel-note-mapper", "consentRequired" : false, "config" : { "user.session.note" : "clientHost", "userinfo.token.claim" : "true", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "clientHost", "jsonType.label" : "String" } }, { "name" : "Client IP Address", "protocol" : "openid-connect", "protocolMapper" : "oidc-usersessionmodel-note-mapper", "consentRequired" : false, "config" : { "user.session.note" : "clientAddress", "userinfo.token.claim" : "true", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "clientAddress", "jsonType.label" : "String" } } ], "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ], "authorizationSettings" : { "allowRemoteResourceManagement" : true, "policyEnforcementMode" : "ENFORCING", "resources" : [ { "name" : "Default Resource", "type" : "urn:withAuth:resources:default", "ownerManagedAccess" : false, "attributes" : { }, "uris" : [ "/*" ] } ], "policies" : [ { "name" : "Default Policy", "description" : "A policy that grants access only for users within this realm", "type" : "role", "logic" : "POSITIVE", "decisionStrategy" : "AFFIRMATIVE", "config" : { "roles" : "[{\"id\":\"spiffworkflow-backend/repeat-form-role-2\",\"required\":false}]" } }, { "name" : "Default Permission", "description" : "A permission that applies to the default resource type", "type" : "resource", "logic" : "POSITIVE", "decisionStrategy" : "UNANIMOUS", "config" : { "defaultResourceType" : "urn:withAuth:resources:default", "applyPolicies" : "[\"Default Policy\"]" } } ], "scopes" : [ ], "decisionStrategy" : "UNANIMOUS" } } ], "clientScopes" : [ { "name" : "acr", "description" : "OpenID Connect scope for add acr (authentication context class reference) to the token", "protocol" : "openid-connect", "attributes" : { "include.in.token.scope" : "false", "display.on.consent.screen" : "false" }, "protocolMappers" : [ { "name" : "acr loa level", "protocol" : "openid-connect", "protocolMapper" : "oidc-acr-mapper", "consentRequired" : false, "config" : { "id.token.claim" : "true", "access.token.claim" : "true", "userinfo.token.claim" : "true" } } ] }, { "name" : "profile", "description" : "OpenID Connect built-in scope: profile", "protocol" : "openid-connect", "attributes" : { "include.in.token.scope" : "true", "display.on.consent.screen" : "true", "consent.screen.text" : "${profileScopeConsentText}" }, "protocolMappers" : [ { "name" : "full name", "protocol" : "openid-connect", "protocolMapper" : "oidc-full-name-mapper", "consentRequired" : false, "config" : { "id.token.claim" : "true", "access.token.claim" : "true", "userinfo.token.claim" : "true" } }, { "name" : "website", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", "user.attribute" : "website", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "website", "jsonType.label" : "String" } }, { "name" : "given name", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-property-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", "user.attribute" : "firstName", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "given_name", "jsonType.label" : "String" } }, { "name" : "nickname", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", "user.attribute" : "nickname", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "nickname", "jsonType.label" : "String" } }, { "name" : "username", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-property-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", "user.attribute" : "username", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "preferred_username", "jsonType.label" : "String" } }, { "name" : "zoneinfo", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", "user.attribute" : "zoneinfo", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "zoneinfo", "jsonType.label" : "String" } }, { "name" : "family name", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-property-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", "user.attribute" : "lastName", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "family_name", "jsonType.label" : "String" } }, { "name" : "profile", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", "user.attribute" : "profile", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "profile", "jsonType.label" : "String" } }, { "name" : "gender", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", "user.attribute" : "gender", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "gender", "jsonType.label" : "String" } }, { "name" : "updated at", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", "user.attribute" : "updatedAt", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "updated_at", "jsonType.label" : "long" } }, { "name" : "middle name", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", "user.attribute" : "middleName", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "middle_name", "jsonType.label" : "String" } }, { "name" : "picture", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", "user.attribute" : "picture", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "picture", "jsonType.label" : "String" } }, { "name" : "birthdate", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", "user.attribute" : "birthdate", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "birthdate", "jsonType.label" : "String" } }, { "name" : "locale", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", "user.attribute" : "locale", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "locale", "jsonType.label" : "String" } } ] }, { "name" : "email", "description" : "OpenID Connect built-in scope: email", "protocol" : "openid-connect", "attributes" : { "include.in.token.scope" : "true", "display.on.consent.screen" : "true", "consent.screen.text" : "${emailScopeConsentText}" }, "protocolMappers" : [ { "name" : "email", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-property-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", "user.attribute" : "email", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "email", "jsonType.label" : "String" } }, { "name" : "email verified", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-property-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", "user.attribute" : "emailVerified", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "email_verified", "jsonType.label" : "boolean" } } ] }, { "name" : "phone", "description" : "OpenID Connect built-in scope: phone", "protocol" : "openid-connect", "attributes" : { "include.in.token.scope" : "true", "display.on.consent.screen" : "true", "consent.screen.text" : "${phoneScopeConsentText}" }, "protocolMappers" : [ { "name" : "phone number", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", "user.attribute" : "phoneNumber", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "phone_number", "jsonType.label" : "String" } }, { "name" : "phone number verified", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", "user.attribute" : "phoneNumberVerified", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "phone_number_verified", "jsonType.label" : "boolean" } } ] }, { "name" : "microprofile-jwt", "description" : "Microprofile - JWT built-in scope", "protocol" : "openid-connect", "attributes" : { "include.in.token.scope" : "true", "display.on.consent.screen" : "false" }, "protocolMappers" : [ { "name" : "groups", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-realm-role-mapper", "consentRequired" : false, "config" : { "multivalued" : "true", "userinfo.token.claim" : "true", "user.attribute" : "foo", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "groups", "jsonType.label" : "String" } }, { "name" : "upn", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-property-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", "user.attribute" : "username", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "upn", "jsonType.label" : "String" } } ] }, { "name" : "roles", "description" : "OpenID Connect scope for add user roles to the access token", "protocol" : "openid-connect", "attributes" : { "include.in.token.scope" : "false", "display.on.consent.screen" : "true", "consent.screen.text" : "${rolesScopeConsentText}" }, "protocolMappers" : [ { "name" : "audience resolve", "protocol" : "openid-connect", "protocolMapper" : "oidc-audience-resolve-mapper", "consentRequired" : false, "config" : { } }, { "name" : "realm roles", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-realm-role-mapper", "consentRequired" : false, "config" : { "user.attribute" : "foo", "access.token.claim" : "true", "claim.name" : "realm_access.roles", "jsonType.label" : "String", "multivalued" : "true" } }, { "name" : "client roles", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-client-role-mapper", "consentRequired" : false, "config" : { "user.attribute" : "foo", "access.token.claim" : "true", "claim.name" : "resource_access.${client_id}.roles", "jsonType.label" : "String", "multivalued" : "true" } } ] }, { "name" : "offline_access", "description" : "OpenID Connect built-in scope: offline_access", "protocol" : "openid-connect", "attributes" : { "consent.screen.text" : "${offlineAccessScopeConsentText}", "display.on.consent.screen" : "true" } }, { "name" : "web-origins", "description" : "OpenID Connect scope for add allowed web origins to the access token", "protocol" : "openid-connect", "attributes" : { "include.in.token.scope" : "false", "display.on.consent.screen" : "false", "consent.screen.text" : "" }, "protocolMappers" : [ { "name" : "allowed web origins", "protocol" : "openid-connect", "protocolMapper" : "oidc-allowed-origins-mapper", "consentRequired" : false, "config" : { } } ] }, { "name" : "role_list", "description" : "SAML role list", "protocol" : "saml", "attributes" : { "consent.screen.text" : "${samlRoleListScopeConsentText}", "display.on.consent.screen" : "true" }, "protocolMappers" : [ { "name" : "role list", "protocol" : "saml", "protocolMapper" : "saml-role-list-mapper", "consentRequired" : false, "config" : { "single" : "false", "attribute.nameformat" : "Basic", "attribute.name" : "Role" } } ] }, { "name" : "address", "description" : "OpenID Connect built-in scope: address", "protocol" : "openid-connect", "attributes" : { "include.in.token.scope" : "true", "display.on.consent.screen" : "true", "consent.screen.text" : "${addressScopeConsentText}" }, "protocolMappers" : [ { "name" : "address", "protocol" : "openid-connect", "protocolMapper" : "oidc-address-mapper", "consentRequired" : false, "config" : { "user.attribute.formatted" : "formatted", "user.attribute.country" : "country", "user.attribute.postal_code" : "postal_code", "userinfo.token.claim" : "true", "user.attribute.street" : "street", "id.token.claim" : "true", "user.attribute.region" : "region", "access.token.claim" : "true", "user.attribute.locality" : "locality" } } ] } ], "defaultDefaultClientScopes" : [ "email", "profile", "role_list", "roles", "acr", "web-origins" ], "defaultOptionalClientScopes" : [ "offline_access", "phone", "microprofile-jwt", "address" ], "browserSecurityHeaders" : { "contentSecurityPolicyReportOnly" : "", "xContentTypeOptions" : "nosniff", "xRobotsTag" : "none", "xFrameOptions" : "SAMEORIGIN", "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", "xXSSProtection" : "1; mode=block", "strictTransportSecurity" : "max-age=31536000; includeSubDomains" }, "smtpServer" : { }, "eventsEnabled" : false, "eventsListeners" : [ "jboss-logging" ], "enabledEventTypes" : [ ], "adminEventsEnabled" : false, "adminEventsDetailsEnabled" : false, "identityProviders" : [ ], "identityProviderMappers" : [ ], "components" : { "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ { "name" : "Trusted Hosts", "providerId" : "trusted-hosts", "subType" : "anonymous", "subComponents" : { }, "config" : { "host-sending-registration-request-must-match" : [ "true" ], "client-uris-must-match" : [ "true" ] } }, { "name" : "Allowed Protocol Mapper Types", "providerId" : "allowed-protocol-mappers", "subType" : "authenticated", "subComponents" : { }, "config" : { "allowed-protocol-mapper-types" : [ "oidc-sha256-pairwise-sub-mapper", "oidc-address-mapper", "oidc-full-name-mapper", "saml-user-attribute-mapper", "oidc-usermodel-property-mapper", "saml-role-list-mapper", "saml-user-property-mapper", "oidc-usermodel-attribute-mapper" ] } }, { "name" : "Max Clients Limit", "providerId" : "max-clients", "subType" : "anonymous", "subComponents" : { }, "config" : { "max-clients" : [ "200" ] } }, { "name" : "Allowed Protocol Mapper Types", "providerId" : "allowed-protocol-mappers", "subType" : "anonymous", "subComponents" : { }, "config" : { "allowed-protocol-mapper-types" : [ "oidc-full-name-mapper", "saml-user-property-mapper", "oidc-usermodel-property-mapper", "saml-role-list-mapper", "oidc-address-mapper", "saml-user-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-attribute-mapper" ] } }, { "name" : "Allowed Client Scopes", "providerId" : "allowed-client-templates", "subType" : "authenticated", "subComponents" : { }, "config" : { "allow-default-scopes" : [ "true" ] } }, { "name" : "Consent Required", "providerId" : "consent-required", "subType" : "anonymous", "subComponents" : { }, "config" : { } }, { "name" : "Full Scope Disabled", "providerId" : "scope", "subType" : "anonymous", "subComponents" : { }, "config" : { } }, { "name" : "Allowed Client Scopes", "providerId" : "allowed-client-templates", "subType" : "anonymous", "subComponents" : { }, "config" : { "allow-default-scopes" : [ "true" ] } } ], "org.keycloak.userprofile.UserProfileProvider" : [ { "providerId" : "declarative-user-profile", "subComponents" : { }, "config" : { } } ], "org.keycloak.keys.KeyProvider" : [ { "name" : "hmac-generated", "providerId" : "hmac-generated", "subComponents" : { }, "config" : { "kid" : [ "4e99c641-0494-49d5-979f-45cb5126f6f1" ], "secret" : [ "4wV4voiQmFajEegv83Ugd8DxFoy3JpN4YzO5qMx4XfB7Abq8NKU4Az5AkSpxYBSdb5GJEQypA4aLmnaDyCWLIw" ], "priority" : [ "100" ], "algorithm" : [ "HS256" ] } }, { "name" : "aes-generated", "providerId" : "aes-generated", "subComponents" : { }, "config" : { "kid" : [ "76118b54-fc74-4149-9028-fab1fdc07860" ], "secret" : [ "DvxTn0KA4TEUPqSFBw8qAw" ], "priority" : [ "100" ] } }, { "name" : "rsa-generated", "providerId" : "rsa-generated", "subComponents" : { }, "config" : { "privateKey" : [ "MIIEpAIBAAKCAQEAimbfmG2pL3qesWhUrQayRyYBbRFE0Ul5Ii/AW8Kq6Kad9R2n2sT2BvXWnsWBH6KuINUFJz3Tb+gWy235Jy0Idmekwx63JR20//ZJ7dyQ+b1iadmYPpqyixGL7NrVxQYT0AEGLcD/Fwsh869F3jgfQt7N15q2arRnOrW5NMwi+IvtHxZRZ3UluxShut2577ef8cakwCv4zoTV29y+Z3XhtlKZ4WOCuqIHL3SRHwNkb+k8cY0Gwc88FHl/ihFR0fX/lc7W2AHRd98ex8il4kBFfShBZur8ZLE7QWQdXRY2EYYr3D/W6/5wf/R2fAvbVmGzcYGZ2qm6d+K1XH8VU3X84wIDAQABAoIBABXXrHwa+nOCz57CD3MLNoGiDuGOsySwisyJartQmraC7TTtDDurkASDMe72zq0WeJK368tIp6DmqQpL/eFf6xD8xHUC2PajnJg033AJuluftvNroupmcb0e9M1ZsBkbH29Zagc4iUmyuRYDWGx8wPpFvYjEYvuuIwiR+3vIp9A/0ZbcBwdtml3Of5gYTXChPj28PrA4K7oFib2Zu1aYCBEdF8h9bKRF/UlvyWeSajjddexSQ6gkEjzAEMpliCDbOGSFGwNu1pY7FF4EpyJbalzdpn44m5v9bqfS9/CDrIOOUus88Nn5wCD2OAmAQnWn0Hnh7at4A5fw3VBUmEt70ckCgYEAx0Fg8Gp3SuMaytrf9HJHJcltyDRsdSxysF1ZvDV9cDUsD28QOa/wFJRVsABxqElU+W6QEc20NMgOHVyPFed5UhQA6WfmydzGIcF5C6T5IbE/5Uk3ptGuPdI0aR7rlRfefQOnUBr28dz5UDBTb93t9+Klxcss+nLGRbugnFBAtTUCgYEAsdD+92nuF/GfET97vbHxtJ6+epHddttWlsa5PVeVOZBE/LUsOZRxmxm4afvZGOkhUrvmA1+U0arcp9crS5+Ol2LUGh/9efqLvoBImBxLwB37VcIYLJi0EVPrhVPh+9r3vah1YMBhtapS0VtuEZOr47Yz7asBg1s1Z06l+bD1JLcCgYA+3YS9NYn/qZl5aQcBs9B4vo2RfeC+M1DYDgvS0rmJ3mzRTcQ7vyOrCoXiarFxW/mgXN69jz4M7RVu9BX83jQrzj3fZjWteKdWXRlYsCseEzNKnwgc7MjhnmGEzQmc15QNs0plfqxs8MAEKcsZX1bGP873kbvWJMIjnCf3SWaxBQKBgQCh9zt2w19jIewA+vFMbXw7SGk6Hgk6zTlG50YtkMxU/YtJIAFjhUohu8DVkNhDr35x7MLribF1dYu9ueku3ew1CokmLsNkywllAVaebw+0s9qOV9hLLuC989HQxQJPtTj54SrhcPrPTZBYME7G5dqo9PrB3oTnUDoJmoLmOABjawKBgQCeyd12ShpKYHZS4ZvE87OfXanuNfpVxhcXOqYHpQz2W0a+oUu9e78MlwTVooR4O52W/Ohch2FPEzq/1DBjJrK6PrMY8DS018BIVpQ9DS35/Ga9NtSi8DX7jTXacYPwL9n/+//U3vw0mjaoMXgCv44nYu4ro62J6wvVM98hjQmLJw==" ], "keyUse" : [ "SIG" ], "certificate" : [ "MIICqTCCAZECBgGBz6+bXzANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1zcGlmZndvcmtmbG93MB4XDTIyMDcwNTE4NDUwMVoXDTMyMDcwNTE4NDY0MVowGDEWMBQGA1UEAwwNc3BpZmZ3b3JrZmxvdzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIpm35htqS96nrFoVK0GskcmAW0RRNFJeSIvwFvCquimnfUdp9rE9gb11p7FgR+iriDVBSc902/oFstt+SctCHZnpMMetyUdtP/2Se3ckPm9YmnZmD6asosRi+za1cUGE9ABBi3A/xcLIfOvRd44H0Lezdeatmq0Zzq1uTTMIviL7R8WUWd1JbsUobrdue+3n/HGpMAr+M6E1dvcvmd14bZSmeFjgrqiBy90kR8DZG/pPHGNBsHPPBR5f4oRUdH1/5XO1tgB0XffHsfIpeJARX0oQWbq/GSxO0FkHV0WNhGGK9w/1uv+cH/0dnwL21Zhs3GBmdqpunfitVx/FVN1/OMCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAaI7BEPZpf4MU7bMWmNgyfRTRDy5wtpyfuLPGHZ9EqtnvwwzsmlmXXsC55SLXx3wJETm+rFqeRFbo/hamlRajzzD317AUpE7nhnONTukmh6UuB8hXoWiQTD+YDYMy8kneSP4zvfm27F+TgUC4cvJSYuWVaCxFx52kxqW1hZkBzYUcfi21Qb1jRrbTbso37BxuVX+GdN015If3DPD6QnAhLPAYEFA9jiL16YeMdWHdvlXXmvriDegMUYQjFYPRh6iPzUEdG6KGHItF4AkOYBQAcoaYhfxpxofVlDdOqMZ/1c7AAbe4lR6/jYQ0CbHwdUu4dzJQe3vxr7GdxcB1ypvXPA==" ], "priority" : [ "100" ] } }, { "name" : "rsa-enc-generated", "providerId" : "rsa-enc-generated", "subComponents" : { }, "config" : { "privateKey" : [ "MIIEowIBAAKCAQEAsqGsclDQDFSTn8HS1LiiNAnTwn3CS8HXPLDYMHr/jUQ8r5eD+vQY5ICh5V5c8l8J6ydbpzffFEKam54Ypp4yzaWJZ4huYBMf4vL7xrAZ4VXBreu16BIxOrThzrJe9WmI8+Annzo62mNYZbjf4WNpZDURmxZSo7v6Czprd5O6T4N5bxr8sjRRptZR8hxtrRvJnuC0jF+dLHIO5SKR1hUVG/gbpIBqGcsLkNC9nnS6M/N5YFzUIV5JhXo3+mrR/yvw7m+oS5yRsN0raCSXVenNP05Dhsd4FOYqoXBBcdgXXbiDxed0HWB/g5dASqyMydHriddGr8FU0W8/uZmF79wxPwIDAQABAoIBAFsWCaL5Bj1jWytZYDJMO5mhcTN5gPu0ShaObo66CVl1dCRtdEUg9xh9ZxBYf7ivMZWRKjEoUj44gDHd+d/sRyeJw3jhnraqydWl5TC5V1kJq4sN6GH/9M5kscf+OGGXgNgqcsnEnYICqm6kSLTbRkBstx+H0HfhQG09StNcpuIn4MsoMZT8XmZbXRLb3FhfpuTSX3t2nbSDRfUf7LI1EDnFQen/AJAA5lOHthLCdz4Gj1vfalOFjCMYOUWmL/mCDEb38F6QJZxkyhmS/r2kM09PFLOio6z3J8C8mVeq7uao0s5xAKj5SJqx4r+TTvL5aOF8JBWm8Hz1Vcip9/MjsQECgYEA/8Hpb4RggNyn+YzTxqxtPtbLFL0YywtNT+gutmJH1gyTjfx7p3dmA/NsdIeuJmBpZfA7oDXIqfj2M9QLfC5bdKnggQzrIO3BgClI88zOIWd229Bt6D1yx92k4+9eaRwOKBPn8+u0mCk8TBv32ecMLQ9o8AKNIHeCZQjByvOrIMECgYEAss0J3TzrRuEOpnxJ9fNOeB3rNpIFrpNua+oEQI4gDbBvyT7osBKkGqfXJpUQMftr8a6uBHLHV7/Wq6/aRkRhk+aER8h01DUIWGLmbCUdkFSJZ8iObMZQvURtckhzxxhYu0Ybwn0RJg/zzR4onTRO+eL1fTnb5Id55PyPt3Pp0f8CgYEAovDOoP6MYOyzk5h1/7gwrX04ytCicBGWQtdgk0/QBn3ir+3wdcPq2Y+HREKA3/BClfBUfIBnhGqZqHFqk8YQ/CWSY4Vwc30l71neIX0UwlFhdy+2JeSoMM9z0sfYtUxrdHsiJtO/LcXvpWmYIVpC9p4/s9FcShf5mhbXKE7PcsECgYBN7qqvAH94LF4rWJ8QEZWRK1E7Ptg1KFOHu79Qt+HmtZFzwPTA0c8vQxq22V/uuSxqcf2tOK4EZDxYJtTXrbRuN5pOg2PQnrDdfXX7iw3gu8gMMVFKvgGxDSM7HbNBAy6hqcQtuD+CPI/CRrPjGUqXBkKD63UZnacWlLK7fk1a1wKBgExUaqOBKmr0vldVn66E1XzZj4F4+fV5Ggka9289pBNBRlJFD4VmIYkDkOrLimyy2cYeCkocrOvF6HMJqTcOzD50pj44OWkYFRbs6vK0S7iLSX0eR158XOR9C+uZzp1vIA4sYwW3504HVdVoIU5M8ItSgDsFjGnvHopTGu3MBWPT" ], "keyUse" : [ "ENC" ], "certificate" : [ "MIICqTCCAZECBgGBz6+byzANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1zcGlmZndvcmtmbG93MB4XDTIyMDcwNTE4NDUwMVoXDTMyMDcwNTE4NDY0MVowGDEWMBQGA1UEAwwNc3BpZmZ3b3JrZmxvdzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALKhrHJQ0AxUk5/B0tS4ojQJ08J9wkvB1zyw2DB6/41EPK+Xg/r0GOSAoeVeXPJfCesnW6c33xRCmpueGKaeMs2liWeIbmATH+Ly+8awGeFVwa3rtegSMTq04c6yXvVpiPPgJ586OtpjWGW43+FjaWQ1EZsWUqO7+gs6a3eTuk+DeW8a/LI0UabWUfIcba0byZ7gtIxfnSxyDuUikdYVFRv4G6SAahnLC5DQvZ50ujPzeWBc1CFeSYV6N/pq0f8r8O5vqEuckbDdK2gkl1XpzT9OQ4bHeBTmKqFwQXHYF124g8XndB1gf4OXQEqsjMnR64nXRq/BVNFvP7mZhe/cMT8CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEArDDC7bYbuBg33PbUQi7P77lV7PuE9uQU1F3HqulhkARQeM/xmBdJRj9CHjj62shkI3An70tJtGBJkVAHltmvjC+A6IDO5I8IbnPkvWJFu9HwphdP/C1HXYmGPPe7yGdKpy6mdCZ+LMZP7BENhOlx9yXLDFYtcGvqZ4u3XvfsLqUsRGqZHNlhVJD13dUbI6pvbwMsb3gIxozgTIa2ySHMbHafln2UQk5jD0eOIVkaNAdlHqMHiBpPjkoVxnhAmJ/dUIAqKBvuIbCOu9N0kOQSl82LqC7CZ21JCyT86Ll3n1RTkxY5G3JzGW4dyJMOGSyVnWaQ9Z+C92ZMFcOt611M2A==" ], "priority" : [ "100" ], "algorithm" : [ "RSA-OAEP" ] } } ] }, "internationalizationEnabled" : false, "supportedLocales" : [ ], "authenticationFlows" : [ { "alias" : "Account verification options", "description" : "Method with which to verity the existing account", "providerId" : "basic-flow", "topLevel" : false, "builtIn" : true, "authenticationExecutions" : [ { "authenticator" : "idp-email-verification", "authenticatorFlow" : false, "requirement" : "ALTERNATIVE", "priority" : 10, "autheticatorFlow" : false, "userSetupAllowed" : false }, { "authenticatorFlow" : true, "requirement" : "ALTERNATIVE", "priority" : 20, "autheticatorFlow" : true, "flowAlias" : "Verify Existing Account by Re-authentication", "userSetupAllowed" : false } ] }, { "alias" : "Authentication Options", "description" : "Authentication options.", "providerId" : "basic-flow", "topLevel" : false, "builtIn" : true, "authenticationExecutions" : [ { "authenticator" : "basic-auth", "authenticatorFlow" : false, "requirement" : "REQUIRED", "priority" : 10, "autheticatorFlow" : false, "userSetupAllowed" : false }, { "authenticator" : "basic-auth-otp", "authenticatorFlow" : false, "requirement" : "DISABLED", "priority" : 20, "autheticatorFlow" : false, "userSetupAllowed" : false }, { "authenticator" : "auth-spnego", "authenticatorFlow" : false, "requirement" : "DISABLED", "priority" : 30, "autheticatorFlow" : false, "userSetupAllowed" : false } ] }, { "alias" : "Browser - Conditional OTP", "description" : "Flow to determine if the OTP is required for the authentication", "providerId" : "basic-flow", "topLevel" : false, "builtIn" : true, "authenticationExecutions" : [ { "authenticator" : "conditional-user-configured", "authenticatorFlow" : false, "requirement" : "REQUIRED", "priority" : 10, "autheticatorFlow" : false, "userSetupAllowed" : false }, { "authenticator" : "auth-otp-form", "authenticatorFlow" : false, "requirement" : "REQUIRED", "priority" : 20, "autheticatorFlow" : false, "userSetupAllowed" : false } ] }, { "alias" : "Direct Grant - Conditional OTP", "description" : "Flow to determine if the OTP is required for the authentication", "providerId" : "basic-flow", "topLevel" : false, "builtIn" : true, "authenticationExecutions" : [ { "authenticator" : "conditional-user-configured", "authenticatorFlow" : false, "requirement" : "REQUIRED", "priority" : 10, "autheticatorFlow" : false, "userSetupAllowed" : false }, { "authenticator" : "direct-grant-validate-otp", "authenticatorFlow" : false, "requirement" : "REQUIRED", "priority" : 20, "autheticatorFlow" : false, "userSetupAllowed" : false } ] }, { "alias" : "First broker login - Conditional OTP", "description" : "Flow to determine if the OTP is required for the authentication", "providerId" : "basic-flow", "topLevel" : false, "builtIn" : true, "authenticationExecutions" : [ { "authenticator" : "conditional-user-configured", "authenticatorFlow" : false, "requirement" : "REQUIRED", "priority" : 10, "autheticatorFlow" : false, "userSetupAllowed" : false }, { "authenticator" : "auth-otp-form", "authenticatorFlow" : false, "requirement" : "REQUIRED", "priority" : 20, "autheticatorFlow" : false, "userSetupAllowed" : false } ] }, { "alias" : "Handle Existing Account", "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", "providerId" : "basic-flow", "topLevel" : false, "builtIn" : true, "authenticationExecutions" : [ { "authenticator" : "idp-confirm-link", "authenticatorFlow" : false, "requirement" : "REQUIRED", "priority" : 10, "autheticatorFlow" : false, "userSetupAllowed" : false }, { "authenticatorFlow" : true, "requirement" : "REQUIRED", "priority" : 20, "autheticatorFlow" : true, "flowAlias" : "Account verification options", "userSetupAllowed" : false } ] }, { "alias" : "Reset - Conditional OTP", "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", "providerId" : "basic-flow", "topLevel" : false, "builtIn" : true, "authenticationExecutions" : [ { "authenticator" : "conditional-user-configured", "authenticatorFlow" : false, "requirement" : "REQUIRED", "priority" : 10, "autheticatorFlow" : false, "userSetupAllowed" : false }, { "authenticator" : "reset-otp", "authenticatorFlow" : false, "requirement" : "REQUIRED", "priority" : 20, "autheticatorFlow" : false, "userSetupAllowed" : false } ] }, { "alias" : "User creation or linking", "description" : "Flow for the existing/non-existing user alternatives", "providerId" : "basic-flow", "topLevel" : false, "builtIn" : true, "authenticationExecutions" : [ { "authenticatorConfig" : "create unique user config", "authenticator" : "idp-create-user-if-unique", "authenticatorFlow" : false, "requirement" : "ALTERNATIVE", "priority" : 10, "autheticatorFlow" : false, "userSetupAllowed" : false }, { "authenticatorFlow" : true, "requirement" : "ALTERNATIVE", "priority" : 20, "autheticatorFlow" : true, "flowAlias" : "Handle Existing Account", "userSetupAllowed" : false } ] }, { "alias" : "Verify Existing Account by Re-authentication", "description" : "Reauthentication of existing account", "providerId" : "basic-flow", "topLevel" : false, "builtIn" : true, "authenticationExecutions" : [ { "authenticator" : "idp-username-password-form", "authenticatorFlow" : false, "requirement" : "REQUIRED", "priority" : 10, "autheticatorFlow" : false, "userSetupAllowed" : false }, { "authenticatorFlow" : true, "requirement" : "CONDITIONAL", "priority" : 20, "autheticatorFlow" : true, "flowAlias" : "First broker login - Conditional OTP", "userSetupAllowed" : false } ] }, { "alias" : "browser", "description" : "browser based authentication", "providerId" : "basic-flow", "topLevel" : true, "builtIn" : true, "authenticationExecutions" : [ { "authenticator" : "auth-cookie", "authenticatorFlow" : false, "requirement" : "ALTERNATIVE", "priority" : 10, "autheticatorFlow" : false, "userSetupAllowed" : false }, { "authenticator" : "auth-spnego", "authenticatorFlow" : false, "requirement" : "DISABLED", "priority" : 20, "autheticatorFlow" : false, "userSetupAllowed" : false }, { "authenticator" : "identity-provider-redirector", "authenticatorFlow" : false, "requirement" : "ALTERNATIVE", "priority" : 25, "autheticatorFlow" : false, "userSetupAllowed" : false }, { "authenticatorFlow" : true, "requirement" : "ALTERNATIVE", "priority" : 30, "autheticatorFlow" : true, "flowAlias" : "forms", "userSetupAllowed" : false } ] }, { "alias" : "clients", "description" : "Base authentication for clients", "providerId" : "client-flow", "topLevel" : true, "builtIn" : true, "authenticationExecutions" : [ { "authenticator" : "client-secret", "authenticatorFlow" : false, "requirement" : "ALTERNATIVE", "priority" : 10, "autheticatorFlow" : false, "userSetupAllowed" : false }, { "authenticator" : "client-jwt", "authenticatorFlow" : false, "requirement" : "ALTERNATIVE", "priority" : 20, "autheticatorFlow" : false, "userSetupAllowed" : false }, { "authenticator" : "client-secret-jwt", "authenticatorFlow" : false, "requirement" : "ALTERNATIVE", "priority" : 30, "autheticatorFlow" : false, "userSetupAllowed" : false }, { "authenticator" : "client-x509", "authenticatorFlow" : false, "requirement" : "ALTERNATIVE", "priority" : 40, "autheticatorFlow" : false, "userSetupAllowed" : false } ] }, { "alias" : "direct grant", "description" : "OpenID Connect Resource Owner Grant", "providerId" : "basic-flow", "topLevel" : true, "builtIn" : true, "authenticationExecutions" : [ { "authenticator" : "direct-grant-validate-username", "authenticatorFlow" : false, "requirement" : "REQUIRED", "priority" : 10, "autheticatorFlow" : false, "userSetupAllowed" : false }, { "authenticator" : "direct-grant-validate-password", "authenticatorFlow" : false, "requirement" : "REQUIRED", "priority" : 20, "autheticatorFlow" : false, "userSetupAllowed" : false }, { "authenticatorFlow" : true, "requirement" : "CONDITIONAL", "priority" : 30, "autheticatorFlow" : true, "flowAlias" : "Direct Grant - Conditional OTP", "userSetupAllowed" : false } ] }, { "alias" : "docker auth", "description" : "Used by Docker clients to authenticate against the IDP", "providerId" : "basic-flow", "topLevel" : true, "builtIn" : true, "authenticationExecutions" : [ { "authenticator" : "docker-http-basic-authenticator", "authenticatorFlow" : false, "requirement" : "REQUIRED", "priority" : 10, "autheticatorFlow" : false, "userSetupAllowed" : false } ] }, { "alias" : "first broker login", "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", "providerId" : "basic-flow", "topLevel" : true, "builtIn" : true, "authenticationExecutions" : [ { "authenticatorConfig" : "review profile config", "authenticator" : "idp-review-profile", "authenticatorFlow" : false, "requirement" : "REQUIRED", "priority" : 10, "autheticatorFlow" : false, "userSetupAllowed" : false }, { "authenticatorFlow" : true, "requirement" : "REQUIRED", "priority" : 20, "autheticatorFlow" : true, "flowAlias" : "User creation or linking", "userSetupAllowed" : false } ] }, { "alias" : "forms", "description" : "Username, password, otp and other auth forms.", "providerId" : "basic-flow", "topLevel" : false, "builtIn" : true, "authenticationExecutions" : [ { "authenticator" : "auth-username-password-form", "authenticatorFlow" : false, "requirement" : "REQUIRED", "priority" : 10, "autheticatorFlow" : false, "userSetupAllowed" : false }, { "authenticatorFlow" : true, "requirement" : "CONDITIONAL", "priority" : 20, "autheticatorFlow" : true, "flowAlias" : "Browser - Conditional OTP", "userSetupAllowed" : false } ] }, { "alias" : "http challenge", "description" : "An authentication flow based on challenge-response HTTP Authentication Schemes", "providerId" : "basic-flow", "topLevel" : true, "builtIn" : true, "authenticationExecutions" : [ { "authenticator" : "no-cookie-redirect", "authenticatorFlow" : false, "requirement" : "REQUIRED", "priority" : 10, "autheticatorFlow" : false, "userSetupAllowed" : false }, { "authenticatorFlow" : true, "requirement" : "REQUIRED", "priority" : 20, "autheticatorFlow" : true, "flowAlias" : "Authentication Options", "userSetupAllowed" : false } ] }, { "alias" : "registration", "description" : "registration flow", "providerId" : "basic-flow", "topLevel" : true, "builtIn" : true, "authenticationExecutions" : [ { "authenticator" : "registration-page-form", "authenticatorFlow" : true, "requirement" : "REQUIRED", "priority" : 10, "autheticatorFlow" : true, "flowAlias" : "registration form", "userSetupAllowed" : false } ] }, { "alias" : "registration form", "description" : "registration form", "providerId" : "form-flow", "topLevel" : false, "builtIn" : true, "authenticationExecutions" : [ { "authenticator" : "registration-user-creation", "authenticatorFlow" : false, "requirement" : "REQUIRED", "priority" : 20, "autheticatorFlow" : false, "userSetupAllowed" : false }, { "authenticator" : "registration-profile-action", "authenticatorFlow" : false, "requirement" : "REQUIRED", "priority" : 40, "autheticatorFlow" : false, "userSetupAllowed" : false }, { "authenticator" : "registration-password-action", "authenticatorFlow" : false, "requirement" : "REQUIRED", "priority" : 50, "autheticatorFlow" : false, "userSetupAllowed" : false }, { "authenticator" : "registration-recaptcha-action", "authenticatorFlow" : false, "requirement" : "DISABLED", "priority" : 60, "autheticatorFlow" : false, "userSetupAllowed" : false } ] }, { "alias" : "reset credentials", "description" : "Reset credentials for a user if they forgot their password or something", "providerId" : "basic-flow", "topLevel" : true, "builtIn" : true, "authenticationExecutions" : [ { "authenticator" : "reset-credentials-choose-user", "authenticatorFlow" : false, "requirement" : "REQUIRED", "priority" : 10, "autheticatorFlow" : false, "userSetupAllowed" : false }, { "authenticator" : "reset-credential-email", "authenticatorFlow" : false, "requirement" : "REQUIRED", "priority" : 20, "autheticatorFlow" : false, "userSetupAllowed" : false }, { "authenticator" : "reset-password", "authenticatorFlow" : false, "requirement" : "REQUIRED", "priority" : 30, "autheticatorFlow" : false, "userSetupAllowed" : false }, { "authenticatorFlow" : true, "requirement" : "CONDITIONAL", "priority" : 40, "autheticatorFlow" : true, "flowAlias" : "Reset - Conditional OTP", "userSetupAllowed" : false } ] }, { "alias" : "saml ecp", "description" : "SAML ECP Profile Authentication Flow", "providerId" : "basic-flow", "topLevel" : true, "builtIn" : true, "authenticationExecutions" : [ { "authenticator" : "http-basic-authenticator", "authenticatorFlow" : false, "requirement" : "REQUIRED", "priority" : 10, "autheticatorFlow" : false, "userSetupAllowed" : false } ] } ], "authenticatorConfig" : [ { "alias" : "create unique user config", "config" : { "require.password.update.after.registration" : "false" } }, { "alias" : "review profile config", "config" : { "update.profile.on.first.login" : "missing" } } ], "requiredActions" : [ { "alias" : "CONFIGURE_TOTP", "name" : "Configure OTP", "providerId" : "CONFIGURE_TOTP", "enabled" : true, "defaultAction" : false, "priority" : 10, "config" : { } }, { "alias" : "terms_and_conditions", "name" : "Terms and Conditions", "providerId" : "terms_and_conditions", "enabled" : false, "defaultAction" : false, "priority" : 20, "config" : { } }, { "alias" : "UPDATE_PASSWORD", "name" : "Update Password", "providerId" : "UPDATE_PASSWORD", "enabled" : true, "defaultAction" : false, "priority" : 30, "config" : { } }, { "alias" : "UPDATE_PROFILE", "name" : "Update Profile", "providerId" : "UPDATE_PROFILE", "enabled" : true, "defaultAction" : false, "priority" : 40, "config" : { } }, { "alias" : "VERIFY_EMAIL", "name" : "Verify Email", "providerId" : "VERIFY_EMAIL", "enabled" : true, "defaultAction" : false, "priority" : 50, "config" : { } }, { "alias" : "delete_account", "name" : "Delete Account", "providerId" : "delete_account", "enabled" : false, "defaultAction" : false, "priority" : 60, "config" : { } }, { "alias" : "update_user_locale", "name" : "Update User Locale", "providerId" : "update_user_locale", "enabled" : true, "defaultAction" : false, "priority" : 1000, "config" : { } } ], "browserFlow" : "browser", "registrationFlow" : "registration", "directGrantFlow" : "direct grant", "resetCredentialsFlow" : "reset credentials", "clientAuthenticationFlow" : "clients", "dockerAuthenticationFlow" : "docker auth", "attributes" : { "cibaBackchannelTokenDeliveryMode" : "poll", "cibaAuthRequestedUserHint" : "login_hint", "clientOfflineSessionMaxLifespan" : "0", "oauth2DevicePollingInterval" : "5", "clientSessionIdleTimeout" : "0", "actionTokenGeneratedByUserLifespan-execute-actions" : "", "actionTokenGeneratedByUserLifespan-verify-email" : "", "clientOfflineSessionIdleTimeout" : "0", "actionTokenGeneratedByUserLifespan-reset-credentials" : "", "cibaInterval" : "5", "realmReusableOtpCode" : "false", "cibaExpiresIn" : "120", "oauth2DeviceCodeLifespan" : "600", "actionTokenGeneratedByUserLifespan-idp-verify-account-via-email" : "", "parRequestUriLifespan" : "60", "clientSessionMaxLifespan" : "0" }, "keycloakVersion" : "20.0.1", "userManagedAccessAllowed" : false, "clientProfiles" : { "profiles" : [ ] }, "clientPolicies" : { "policies" : [ ] } }