mirror of
https://github.com/sartography/spiff-arena.git
synced 2025-02-10 16:36:31 +00:00
2661 lines
88 KiB
JSON
2661 lines
88 KiB
JSON
{
|
|
"realm": "spiffworkflow-2",
|
|
"notBefore": 0,
|
|
"defaultSignatureAlgorithm": "RS256",
|
|
"revokeRefreshToken": false,
|
|
"refreshTokenMaxReuse": 0,
|
|
"accessTokenLifespan": 1800,
|
|
"accessTokenLifespanForImplicitFlow": 900,
|
|
"ssoSessionIdleTimeout": 86400,
|
|
"ssoSessionMaxLifespan": 864000,
|
|
"ssoSessionIdleTimeoutRememberMe": 0,
|
|
"ssoSessionMaxLifespanRememberMe": 0,
|
|
"offlineSessionIdleTimeout": 2592000,
|
|
"offlineSessionMaxLifespanEnabled": false,
|
|
"offlineSessionMaxLifespan": 5184000,
|
|
"clientSessionIdleTimeout": 0,
|
|
"clientSessionMaxLifespan": 0,
|
|
"clientOfflineSessionIdleTimeout": 0,
|
|
"clientOfflineSessionMaxLifespan": 0,
|
|
"accessCodeLifespan": 60,
|
|
"accessCodeLifespanUserAction": 300,
|
|
"accessCodeLifespanLogin": 1800,
|
|
"actionTokenGeneratedByAdminLifespan": 43200,
|
|
"actionTokenGeneratedByUserLifespan": 300,
|
|
"oauth2DeviceCodeLifespan": 600,
|
|
"oauth2DevicePollingInterval": 5,
|
|
"enabled": true,
|
|
"sslRequired": "external",
|
|
"registrationAllowed": false,
|
|
"registrationEmailAsUsername": false,
|
|
"rememberMe": false,
|
|
"verifyEmail": false,
|
|
"loginWithEmailAllowed": true,
|
|
"duplicateEmailsAllowed": false,
|
|
"resetPasswordAllowed": false,
|
|
"editUsernameAllowed": false,
|
|
"bruteForceProtected": false,
|
|
"permanentLockout": false,
|
|
"maxFailureWaitSeconds": 900,
|
|
"minimumQuickLoginWaitSeconds": 60,
|
|
"waitIncrementSeconds": 60,
|
|
"quickLoginCheckMilliSeconds": 1000,
|
|
"maxDeltaTimeSeconds": 43200,
|
|
"failureFactor": 30,
|
|
"roles": {
|
|
"realm": [
|
|
{
|
|
"name": "default-roles-spiffworkflow",
|
|
"description": "${role_default-roles}",
|
|
"composite": true,
|
|
"composites": {
|
|
"realm": ["offline_access", "uma_authorization"],
|
|
"client": {
|
|
"account": ["view-profile", "manage-account"]
|
|
}
|
|
},
|
|
"clientRole": false,
|
|
"containerId": "spiffworkflow-2",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"name": "uma_authorization",
|
|
"description": "${role_uma_authorization}",
|
|
"composite": false,
|
|
"clientRole": false,
|
|
"containerId": "spiffworkflow-2",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"name": "admin",
|
|
"composite": false,
|
|
"clientRole": false,
|
|
"containerId": "spiffworkflow-2",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"name": "repeat-form-role-realm",
|
|
"composite": false,
|
|
"clientRole": false,
|
|
"containerId": "spiffworkflow-2",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"name": "offline_access",
|
|
"description": "${role_offline-access}",
|
|
"composite": false,
|
|
"clientRole": false,
|
|
"containerId": "spiffworkflow-2",
|
|
"attributes": {}
|
|
}
|
|
],
|
|
"client": {
|
|
"realm-management": [
|
|
{
|
|
"name": "manage-authorization",
|
|
"description": "${role_manage-authorization}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "4ce68130-aced-4e67-936a-8082dc843cc2",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"name": "view-authorization",
|
|
"description": "${role_view-authorization}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "4ce68130-aced-4e67-936a-8082dc843cc2",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"name": "query-groups",
|
|
"description": "${role_query-groups}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "4ce68130-aced-4e67-936a-8082dc843cc2",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"name": "realm-admin",
|
|
"description": "${role_realm-admin}",
|
|
"composite": true,
|
|
"composites": {
|
|
"client": {
|
|
"realm-management": [
|
|
"manage-authorization",
|
|
"view-authorization",
|
|
"query-groups",
|
|
"view-clients",
|
|
"view-realm",
|
|
"manage-users",
|
|
"query-users",
|
|
"impersonation",
|
|
"manage-clients",
|
|
"view-identity-providers",
|
|
"create-client",
|
|
"query-realms",
|
|
"view-users",
|
|
"view-events",
|
|
"manage-identity-providers",
|
|
"manage-events",
|
|
"query-clients",
|
|
"manage-realm"
|
|
]
|
|
}
|
|
},
|
|
"clientRole": true,
|
|
"containerId": "4ce68130-aced-4e67-936a-8082dc843cc2",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"name": "view-clients",
|
|
"description": "${role_view-clients}",
|
|
"composite": true,
|
|
"composites": {
|
|
"client": {
|
|
"realm-management": ["query-clients"]
|
|
}
|
|
},
|
|
"clientRole": true,
|
|
"containerId": "4ce68130-aced-4e67-936a-8082dc843cc2",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"name": "manage-users",
|
|
"description": "${role_manage-users}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "4ce68130-aced-4e67-936a-8082dc843cc2",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"name": "view-realm",
|
|
"description": "${role_view-realm}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "4ce68130-aced-4e67-936a-8082dc843cc2",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"name": "impersonation",
|
|
"description": "${role_impersonation}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "4ce68130-aced-4e67-936a-8082dc843cc2",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"name": "query-users",
|
|
"description": "${role_query-users}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "4ce68130-aced-4e67-936a-8082dc843cc2",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"name": "manage-clients",
|
|
"description": "${role_manage-clients}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "4ce68130-aced-4e67-936a-8082dc843cc2",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"name": "create-client",
|
|
"description": "${role_create-client}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "4ce68130-aced-4e67-936a-8082dc843cc2",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"name": "query-realms",
|
|
"description": "${role_query-realms}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "4ce68130-aced-4e67-936a-8082dc843cc2",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"name": "view-identity-providers",
|
|
"description": "${role_view-identity-providers}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "4ce68130-aced-4e67-936a-8082dc843cc2",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"name": "view-users",
|
|
"description": "${role_view-users}",
|
|
"composite": true,
|
|
"composites": {
|
|
"client": {
|
|
"realm-management": ["query-groups", "query-users"]
|
|
}
|
|
},
|
|
"clientRole": true,
|
|
"containerId": "4ce68130-aced-4e67-936a-8082dc843cc2",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"name": "view-events",
|
|
"description": "${role_view-events}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "4ce68130-aced-4e67-936a-8082dc843cc2",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"name": "manage-events",
|
|
"description": "${role_manage-events}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "4ce68130-aced-4e67-936a-8082dc843cc2",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"name": "manage-identity-providers",
|
|
"description": "${role_manage-identity-providers}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "4ce68130-aced-4e67-936a-8082dc843cc2",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"name": "query-clients",
|
|
"description": "${role_query-clients}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "4ce68130-aced-4e67-936a-8082dc843cc2",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"name": "manage-realm",
|
|
"description": "${role_manage-realm}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "4ce68130-aced-4e67-936a-8082dc843cc2",
|
|
"attributes": {}
|
|
}
|
|
],
|
|
"spiffworkflow-frontend": [],
|
|
"security-admin-console": [],
|
|
"admin-cli": [],
|
|
"spiffworkflow-backend": [
|
|
{
|
|
"name": "spiffworkflow-admin",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "f44558af-3601-4e54-b854-08396a247544",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"name": "uma_protection",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "f44558af-3601-4e54-b854-08396a247544",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"name": "repeat-form-role-2",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "f44558af-3601-4e54-b854-08396a247544",
|
|
"attributes": {
|
|
"repeat-form-role-2-att-key": ["repeat-form-role-2-att-value"]
|
|
}
|
|
}
|
|
],
|
|
"withAuth": [
|
|
{
|
|
"name": "uma_protection",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "5d94a8c3-f56b-4eff-ac39-8580053a7fbe",
|
|
"attributes": {}
|
|
}
|
|
],
|
|
"broker": [
|
|
{
|
|
"name": "read-token",
|
|
"description": "${role_read-token}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "55d75754-cf1b-4875-bf3e-15add4be8c99",
|
|
"attributes": {}
|
|
}
|
|
],
|
|
"account": [
|
|
{
|
|
"name": "delete-account",
|
|
"description": "${role_delete-account}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "e39b3c85-bb9d-4c73-8250-be087c82ae48",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"name": "manage-consent",
|
|
"description": "${role_manage-consent}",
|
|
"composite": true,
|
|
"composites": {
|
|
"client": {
|
|
"account": ["view-consent"]
|
|
}
|
|
},
|
|
"clientRole": true,
|
|
"containerId": "e39b3c85-bb9d-4c73-8250-be087c82ae48",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"name": "view-consent",
|
|
"description": "${role_view-consent}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "e39b3c85-bb9d-4c73-8250-be087c82ae48",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"name": "manage-account-links",
|
|
"description": "${role_manage-account-links}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "e39b3c85-bb9d-4c73-8250-be087c82ae48",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"name": "view-profile",
|
|
"description": "${role_view-profile}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "e39b3c85-bb9d-4c73-8250-be087c82ae48",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"name": "manage-account",
|
|
"description": "${role_manage-account}",
|
|
"composite": true,
|
|
"composites": {
|
|
"client": {
|
|
"account": ["manage-account-links"]
|
|
}
|
|
},
|
|
"clientRole": true,
|
|
"containerId": "e39b3c85-bb9d-4c73-8250-be087c82ae48",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"name": "view-groups",
|
|
"description": "${role_view-groups}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "e39b3c85-bb9d-4c73-8250-be087c82ae48",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"name": "view-applications",
|
|
"description": "${role_view-applications}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "e39b3c85-bb9d-4c73-8250-be087c82ae48",
|
|
"attributes": {}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"groups": [],
|
|
"defaultRole": {
|
|
"name": "default-roles-spiffworkflow",
|
|
"description": "${role_default-roles}",
|
|
"composite": true,
|
|
"clientRole": false,
|
|
"containerId": "spiffworkflow-2"
|
|
},
|
|
"requiredCredentials": ["password"],
|
|
"otpPolicyType": "totp",
|
|
"otpPolicyAlgorithm": "HmacSHA1",
|
|
"otpPolicyInitialCounter": 0,
|
|
"otpPolicyDigits": 6,
|
|
"otpPolicyLookAheadWindow": 1,
|
|
"otpPolicyPeriod": 30,
|
|
"otpPolicyCodeReusable": false,
|
|
"otpSupportedApplications": ["totpAppFreeOTPName", "totpAppGoogleName"],
|
|
"webAuthnPolicyRpEntityName": "keycloak",
|
|
"webAuthnPolicySignatureAlgorithms": ["ES256"],
|
|
"webAuthnPolicyRpId": "",
|
|
"webAuthnPolicyAttestationConveyancePreference": "not specified",
|
|
"webAuthnPolicyAuthenticatorAttachment": "not specified",
|
|
"webAuthnPolicyRequireResidentKey": "not specified",
|
|
"webAuthnPolicyUserVerificationRequirement": "not specified",
|
|
"webAuthnPolicyCreateTimeout": 0,
|
|
"webAuthnPolicyAvoidSameAuthenticatorRegister": false,
|
|
"webAuthnPolicyAcceptableAaguids": [],
|
|
"webAuthnPolicyPasswordlessRpEntityName": "keycloak",
|
|
"webAuthnPolicyPasswordlessSignatureAlgorithms": ["ES256"],
|
|
"webAuthnPolicyPasswordlessRpId": "",
|
|
"webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified",
|
|
"webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified",
|
|
"webAuthnPolicyPasswordlessRequireResidentKey": "not specified",
|
|
"webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified",
|
|
"webAuthnPolicyPasswordlessCreateTimeout": 0,
|
|
"webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false,
|
|
"webAuthnPolicyPasswordlessAcceptableAaguids": [],
|
|
"users": [
|
|
{
|
|
"createdTimestamp": 1676302139599,
|
|
"username": "admin",
|
|
"enabled": true,
|
|
"totp": false,
|
|
"emailVerified": false,
|
|
"email": "admin@spiffworkflow.org",
|
|
"credentials": [
|
|
{
|
|
"type": "password",
|
|
"createdDate": 1676302139645,
|
|
"secretData": "{\"value\":\"P6nrEJgmgdL+HbNA9tPkOyHYaLAqLg6cXh27ACgVQiOox4qwNE8Iv1L4ssispV4gsmuHiY+alio/2UMuyMGvEw==\",\"salt\":\"g214ckcAyig59U/3Oqwq4w==\",\"additionalParameters\":{}}",
|
|
"credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
|
|
}
|
|
],
|
|
"disableableCredentialTypes": [],
|
|
"requiredActions": [],
|
|
"realmRoles": ["default-roles-spiffworkflow"],
|
|
"clientRoles": {
|
|
"realm-management": ["realm-admin"]
|
|
},
|
|
"notBefore": 0,
|
|
"groups": []
|
|
}
|
|
],
|
|
"scopeMappings": [
|
|
{
|
|
"clientScope": "offline_access",
|
|
"roles": ["offline_access"]
|
|
}
|
|
],
|
|
"clients": [
|
|
{
|
|
"clientId": "account",
|
|
"name": "${client_account}",
|
|
"rootUrl": "${authBaseUrl}",
|
|
"baseUrl": "/realms/spiffworkflow/account/",
|
|
"surrogateAuthRequired": false,
|
|
"enabled": false,
|
|
"alwaysDisplayInConsole": false,
|
|
"clientAuthenticatorType": "client-secret",
|
|
"redirectUris": ["/realms/spiffworkflow/account/*"],
|
|
"webOrigins": [],
|
|
"notBefore": 0,
|
|
"bearerOnly": false,
|
|
"consentRequired": false,
|
|
"standardFlowEnabled": true,
|
|
"implicitFlowEnabled": false,
|
|
"directAccessGrantsEnabled": false,
|
|
"serviceAccountsEnabled": false,
|
|
"publicClient": true,
|
|
"frontchannelLogout": false,
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"saml.force.post.binding": "false",
|
|
"saml.multivalued.roles": "false",
|
|
"frontchannel.logout.session.required": "false",
|
|
"post.logout.redirect.uris": "+",
|
|
"oauth2.device.authorization.grant.enabled": "false",
|
|
"backchannel.logout.revoke.offline.tokens": "false",
|
|
"saml.server.signature.keyinfo.ext": "false",
|
|
"use.refresh.tokens": "true",
|
|
"oidc.ciba.grant.enabled": "false",
|
|
"backchannel.logout.session.required": "false",
|
|
"client_credentials.use_refresh_token": "false",
|
|
"require.pushed.authorization.requests": "false",
|
|
"saml.client.signature": "false",
|
|
"saml.allow.ecp.flow": "false",
|
|
"id.token.as.detached.signature": "false",
|
|
"saml.assertion.signature": "false",
|
|
"saml.encrypt": "false",
|
|
"saml.server.signature": "false",
|
|
"exclude.session.state.from.auth.response": "false",
|
|
"saml.artifact.binding": "false",
|
|
"saml_force_name_id_format": "false",
|
|
"acr.loa.map": "{}",
|
|
"tls.client.certificate.bound.access.tokens": "false",
|
|
"saml.authnstatement": "false",
|
|
"display.on.consent.screen": "false",
|
|
"token.response.type.bearer.lower-case": "false",
|
|
"saml.onetimeuse.condition": "false"
|
|
},
|
|
"authenticationFlowBindingOverrides": {},
|
|
"fullScopeAllowed": false,
|
|
"nodeReRegistrationTimeout": 0,
|
|
"defaultClientScopes": [
|
|
"web-origins",
|
|
"acr",
|
|
"profile",
|
|
"roles",
|
|
"email"
|
|
],
|
|
"optionalClientScopes": [
|
|
"address",
|
|
"phone",
|
|
"offline_access",
|
|
"microprofile-jwt"
|
|
]
|
|
},
|
|
{
|
|
"clientId": "admin-cli",
|
|
"name": "${client_admin-cli}",
|
|
"description": "",
|
|
"rootUrl": "",
|
|
"adminUrl": "",
|
|
"baseUrl": "",
|
|
"surrogateAuthRequired": false,
|
|
"enabled": true,
|
|
"alwaysDisplayInConsole": false,
|
|
"clientAuthenticatorType": "client-secret",
|
|
"redirectUris": [],
|
|
"webOrigins": [],
|
|
"notBefore": 0,
|
|
"bearerOnly": false,
|
|
"consentRequired": false,
|
|
"standardFlowEnabled": false,
|
|
"implicitFlowEnabled": false,
|
|
"directAccessGrantsEnabled": true,
|
|
"serviceAccountsEnabled": false,
|
|
"publicClient": true,
|
|
"frontchannelLogout": false,
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"saml.force.post.binding": "false",
|
|
"saml.multivalued.roles": "false",
|
|
"frontchannel.logout.session.required": "false",
|
|
"post.logout.redirect.uris": "+",
|
|
"oauth2.device.authorization.grant.enabled": "false",
|
|
"backchannel.logout.revoke.offline.tokens": "false",
|
|
"saml.server.signature.keyinfo.ext": "false",
|
|
"use.refresh.tokens": "true",
|
|
"oidc.ciba.grant.enabled": "false",
|
|
"backchannel.logout.session.required": "false",
|
|
"client_credentials.use_refresh_token": "false",
|
|
"require.pushed.authorization.requests": "false",
|
|
"saml.client.signature": "false",
|
|
"saml.allow.ecp.flow": "false",
|
|
"id.token.as.detached.signature": "false",
|
|
"saml.assertion.signature": "false",
|
|
"saml.encrypt": "false",
|
|
"saml.server.signature": "false",
|
|
"exclude.session.state.from.auth.response": "false",
|
|
"saml.artifact.binding": "false",
|
|
"saml_force_name_id_format": "false",
|
|
"acr.loa.map": "{}",
|
|
"tls.client.certificate.bound.access.tokens": "false",
|
|
"saml.authnstatement": "false",
|
|
"display.on.consent.screen": "false",
|
|
"token.response.type.bearer.lower-case": "false",
|
|
"saml.onetimeuse.condition": "false"
|
|
},
|
|
"authenticationFlowBindingOverrides": {},
|
|
"fullScopeAllowed": false,
|
|
"nodeReRegistrationTimeout": 0,
|
|
"defaultClientScopes": [
|
|
"web-origins",
|
|
"acr",
|
|
"profile",
|
|
"roles",
|
|
"email"
|
|
],
|
|
"optionalClientScopes": [
|
|
"address",
|
|
"phone",
|
|
"offline_access",
|
|
"microprofile-jwt"
|
|
]
|
|
},
|
|
{
|
|
"clientId": "broker",
|
|
"name": "${client_broker}",
|
|
"surrogateAuthRequired": false,
|
|
"enabled": false,
|
|
"alwaysDisplayInConsole": false,
|
|
"clientAuthenticatorType": "client-secret",
|
|
"redirectUris": [],
|
|
"webOrigins": [],
|
|
"notBefore": 0,
|
|
"bearerOnly": true,
|
|
"consentRequired": false,
|
|
"standardFlowEnabled": true,
|
|
"implicitFlowEnabled": false,
|
|
"directAccessGrantsEnabled": false,
|
|
"serviceAccountsEnabled": false,
|
|
"publicClient": false,
|
|
"frontchannelLogout": false,
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"saml.force.post.binding": "false",
|
|
"saml.multivalued.roles": "false",
|
|
"frontchannel.logout.session.required": "false",
|
|
"post.logout.redirect.uris": "+",
|
|
"oauth2.device.authorization.grant.enabled": "false",
|
|
"backchannel.logout.revoke.offline.tokens": "false",
|
|
"saml.server.signature.keyinfo.ext": "false",
|
|
"use.refresh.tokens": "true",
|
|
"oidc.ciba.grant.enabled": "false",
|
|
"backchannel.logout.session.required": "false",
|
|
"client_credentials.use_refresh_token": "false",
|
|
"require.pushed.authorization.requests": "false",
|
|
"saml.client.signature": "false",
|
|
"saml.allow.ecp.flow": "false",
|
|
"id.token.as.detached.signature": "false",
|
|
"saml.assertion.signature": "false",
|
|
"saml.encrypt": "false",
|
|
"saml.server.signature": "false",
|
|
"exclude.session.state.from.auth.response": "false",
|
|
"saml.artifact.binding": "false",
|
|
"saml_force_name_id_format": "false",
|
|
"acr.loa.map": "{}",
|
|
"tls.client.certificate.bound.access.tokens": "false",
|
|
"saml.authnstatement": "false",
|
|
"display.on.consent.screen": "false",
|
|
"token.response.type.bearer.lower-case": "false",
|
|
"saml.onetimeuse.condition": "false"
|
|
},
|
|
"authenticationFlowBindingOverrides": {},
|
|
"fullScopeAllowed": false,
|
|
"nodeReRegistrationTimeout": 0,
|
|
"defaultClientScopes": [
|
|
"web-origins",
|
|
"acr",
|
|
"profile",
|
|
"roles",
|
|
"email"
|
|
],
|
|
"optionalClientScopes": [
|
|
"address",
|
|
"phone",
|
|
"offline_access",
|
|
"microprofile-jwt"
|
|
]
|
|
},
|
|
{
|
|
"clientId": "realm-management",
|
|
"name": "${client_realm-management}",
|
|
"surrogateAuthRequired": false,
|
|
"enabled": false,
|
|
"alwaysDisplayInConsole": false,
|
|
"clientAuthenticatorType": "client-secret",
|
|
"redirectUris": [],
|
|
"webOrigins": [],
|
|
"notBefore": 0,
|
|
"bearerOnly": true,
|
|
"consentRequired": false,
|
|
"standardFlowEnabled": true,
|
|
"implicitFlowEnabled": false,
|
|
"directAccessGrantsEnabled": false,
|
|
"serviceAccountsEnabled": false,
|
|
"publicClient": false,
|
|
"frontchannelLogout": false,
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"saml.force.post.binding": "false",
|
|
"saml.multivalued.roles": "false",
|
|
"frontchannel.logout.session.required": "false",
|
|
"post.logout.redirect.uris": "+",
|
|
"oauth2.device.authorization.grant.enabled": "false",
|
|
"backchannel.logout.revoke.offline.tokens": "false",
|
|
"saml.server.signature.keyinfo.ext": "false",
|
|
"use.refresh.tokens": "true",
|
|
"oidc.ciba.grant.enabled": "false",
|
|
"backchannel.logout.session.required": "false",
|
|
"client_credentials.use_refresh_token": "false",
|
|
"require.pushed.authorization.requests": "false",
|
|
"saml.client.signature": "false",
|
|
"saml.allow.ecp.flow": "false",
|
|
"id.token.as.detached.signature": "false",
|
|
"saml.assertion.signature": "false",
|
|
"saml.encrypt": "false",
|
|
"saml.server.signature": "false",
|
|
"exclude.session.state.from.auth.response": "false",
|
|
"saml.artifact.binding": "false",
|
|
"saml_force_name_id_format": "false",
|
|
"acr.loa.map": "{}",
|
|
"tls.client.certificate.bound.access.tokens": "false",
|
|
"saml.authnstatement": "false",
|
|
"display.on.consent.screen": "false",
|
|
"token.response.type.bearer.lower-case": "false",
|
|
"saml.onetimeuse.condition": "false"
|
|
},
|
|
"authenticationFlowBindingOverrides": {},
|
|
"fullScopeAllowed": false,
|
|
"nodeReRegistrationTimeout": 0,
|
|
"defaultClientScopes": [
|
|
"web-origins",
|
|
"acr",
|
|
"profile",
|
|
"roles",
|
|
"email"
|
|
],
|
|
"optionalClientScopes": [
|
|
"address",
|
|
"phone",
|
|
"offline_access",
|
|
"microprofile-jwt"
|
|
]
|
|
},
|
|
{
|
|
"clientId": "security-admin-console",
|
|
"name": "${client_security-admin-console}",
|
|
"rootUrl": "${authAdminUrl}",
|
|
"baseUrl": "/admin/spiffworkflow/console/",
|
|
"surrogateAuthRequired": false,
|
|
"enabled": false,
|
|
"alwaysDisplayInConsole": false,
|
|
"clientAuthenticatorType": "client-secret",
|
|
"redirectUris": ["/admin/spiffworkflow/console/*"],
|
|
"webOrigins": ["+"],
|
|
"notBefore": 0,
|
|
"bearerOnly": false,
|
|
"consentRequired": false,
|
|
"standardFlowEnabled": true,
|
|
"implicitFlowEnabled": false,
|
|
"directAccessGrantsEnabled": false,
|
|
"serviceAccountsEnabled": false,
|
|
"publicClient": true,
|
|
"frontchannelLogout": false,
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"saml.force.post.binding": "false",
|
|
"saml.multivalued.roles": "false",
|
|
"frontchannel.logout.session.required": "false",
|
|
"post.logout.redirect.uris": "+",
|
|
"oauth2.device.authorization.grant.enabled": "false",
|
|
"backchannel.logout.revoke.offline.tokens": "false",
|
|
"saml.server.signature.keyinfo.ext": "false",
|
|
"use.refresh.tokens": "true",
|
|
"oidc.ciba.grant.enabled": "false",
|
|
"backchannel.logout.session.required": "false",
|
|
"client_credentials.use_refresh_token": "false",
|
|
"require.pushed.authorization.requests": "false",
|
|
"saml.client.signature": "false",
|
|
"pkce.code.challenge.method": "S256",
|
|
"saml.allow.ecp.flow": "false",
|
|
"id.token.as.detached.signature": "false",
|
|
"saml.assertion.signature": "false",
|
|
"saml.encrypt": "false",
|
|
"saml.server.signature": "false",
|
|
"exclude.session.state.from.auth.response": "false",
|
|
"saml.artifact.binding": "false",
|
|
"saml_force_name_id_format": "false",
|
|
"acr.loa.map": "{}",
|
|
"tls.client.certificate.bound.access.tokens": "false",
|
|
"saml.authnstatement": "false",
|
|
"display.on.consent.screen": "false",
|
|
"token.response.type.bearer.lower-case": "false",
|
|
"saml.onetimeuse.condition": "false"
|
|
},
|
|
"authenticationFlowBindingOverrides": {},
|
|
"fullScopeAllowed": false,
|
|
"nodeReRegistrationTimeout": 0,
|
|
"protocolMappers": [
|
|
{
|
|
"name": "locale",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "locale",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "locale",
|
|
"jsonType.label": "String"
|
|
}
|
|
}
|
|
],
|
|
"defaultClientScopes": [
|
|
"web-origins",
|
|
"acr",
|
|
"profile",
|
|
"roles",
|
|
"email"
|
|
],
|
|
"optionalClientScopes": [
|
|
"address",
|
|
"phone",
|
|
"offline_access",
|
|
"microprofile-jwt"
|
|
]
|
|
},
|
|
{
|
|
"clientId": "spiffworkflow-backend",
|
|
"name": "",
|
|
"description": "",
|
|
"rootUrl": "",
|
|
"adminUrl": "",
|
|
"baseUrl": "",
|
|
"surrogateAuthRequired": false,
|
|
"enabled": true,
|
|
"alwaysDisplayInConsole": false,
|
|
"clientAuthenticatorType": "client-secret",
|
|
"secret": "JXeQExm0JhQPLumgHtIIqf52bDalHz0q",
|
|
"redirectUris": [
|
|
"http://localhost:7000/*",
|
|
"https://replace-me-with-spiff-backend-host-and-path/*",
|
|
"http://67.205.133.116:7000/*",
|
|
"http://167.172.242.138:7000/*"
|
|
],
|
|
"webOrigins": [],
|
|
"notBefore": 0,
|
|
"bearerOnly": false,
|
|
"consentRequired": false,
|
|
"standardFlowEnabled": true,
|
|
"implicitFlowEnabled": false,
|
|
"directAccessGrantsEnabled": true,
|
|
"serviceAccountsEnabled": true,
|
|
"authorizationServicesEnabled": true,
|
|
"publicClient": false,
|
|
"frontchannelLogout": false,
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"saml.force.post.binding": "false",
|
|
"saml.multivalued.roles": "false",
|
|
"frontchannel.logout.session.required": "false",
|
|
"post.logout.redirect.uris": "https://replace-me-with-spiff-frontend-host-and-path/*##http://localhost:7001/*",
|
|
"oauth2.device.authorization.grant.enabled": "false",
|
|
"backchannel.logout.revoke.offline.tokens": "false",
|
|
"saml.server.signature.keyinfo.ext": "false",
|
|
"use.refresh.tokens": "true",
|
|
"oidc.ciba.grant.enabled": "false",
|
|
"backchannel.logout.session.required": "true",
|
|
"client_credentials.use_refresh_token": "false",
|
|
"require.pushed.authorization.requests": "false",
|
|
"saml.client.signature": "false",
|
|
"saml.allow.ecp.flow": "false",
|
|
"id.token.as.detached.signature": "false",
|
|
"saml.assertion.signature": "false",
|
|
"client.secret.creation.time": "1657115173",
|
|
"saml.encrypt": "false",
|
|
"saml.server.signature": "false",
|
|
"exclude.session.state.from.auth.response": "false",
|
|
"saml.artifact.binding": "false",
|
|
"saml_force_name_id_format": "false",
|
|
"acr.loa.map": "{}",
|
|
"tls.client.certificate.bound.access.tokens": "false",
|
|
"saml.authnstatement": "false",
|
|
"display.on.consent.screen": "false",
|
|
"token.response.type.bearer.lower-case": "false",
|
|
"saml.onetimeuse.condition": "false"
|
|
},
|
|
"authenticationFlowBindingOverrides": {},
|
|
"fullScopeAllowed": true,
|
|
"nodeReRegistrationTimeout": -1,
|
|
"protocolMappers": [
|
|
{
|
|
"name": "Client IP Address",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usersessionmodel-note-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"user.session.note": "clientAddress",
|
|
"userinfo.token.claim": "true",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "clientAddress",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"name": "Client Host",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usersessionmodel-note-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"user.session.note": "clientHost",
|
|
"userinfo.token.claim": "true",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "clientHost",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"name": "Client ID",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usersessionmodel-note-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"user.session.note": "clientId",
|
|
"userinfo.token.claim": "true",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "clientId",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"name": "spiffworkflow-employeeid",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"aggregate.attrs": "false",
|
|
"userinfo.token.claim": "true",
|
|
"multivalued": "false",
|
|
"user.attribute": "spiffworkflow-employeeid",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "spiffworkflow-employeeid"
|
|
}
|
|
}
|
|
],
|
|
"defaultClientScopes": [
|
|
"web-origins",
|
|
"acr",
|
|
"profile",
|
|
"roles",
|
|
"email"
|
|
],
|
|
"optionalClientScopes": [
|
|
"address",
|
|
"phone",
|
|
"offline_access",
|
|
"microprofile-jwt"
|
|
],
|
|
"authorizationSettings": {
|
|
"allowRemoteResourceManagement": true,
|
|
"policyEnforcementMode": "ENFORCING",
|
|
"resources": [
|
|
{
|
|
"name": "everything",
|
|
"ownerManagedAccess": false,
|
|
"attributes": {},
|
|
"uris": ["/*"],
|
|
"scopes": [
|
|
{
|
|
"name": "read"
|
|
},
|
|
{
|
|
"name": "update"
|
|
},
|
|
{
|
|
"name": "delete"
|
|
},
|
|
{
|
|
"name": "instantiate"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"name": "Default Resource",
|
|
"type": "urn:spiffworkflow-backend:resources:default",
|
|
"ownerManagedAccess": false,
|
|
"attributes": {},
|
|
"uris": ["/*"]
|
|
},
|
|
{
|
|
"name": "process-model-with-repeating-form-crud",
|
|
"type": "process-model",
|
|
"ownerManagedAccess": false,
|
|
"displayName": "process-model-with-repeating-form-crud",
|
|
"attributes": {
|
|
"test_resource_att1": ["this_is_the_value"]
|
|
},
|
|
"uris": [
|
|
"/process-models/category_number_one/process-model-with-repeating-form"
|
|
],
|
|
"scopes": [
|
|
{
|
|
"name": "read"
|
|
},
|
|
{
|
|
"name": "update"
|
|
},
|
|
{
|
|
"name": "delete"
|
|
},
|
|
{
|
|
"name": "instantiate"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"policies": [
|
|
{
|
|
"name": "repeat-form-role-policy",
|
|
"type": "role",
|
|
"logic": "POSITIVE",
|
|
"decisionStrategy": "UNANIMOUS",
|
|
"config": {
|
|
"roles": "[{\"id\":\"spiffworkflow-backend/repeat-form-role-2\",\"required\":false}]"
|
|
}
|
|
},
|
|
{
|
|
"name": "admins have everything",
|
|
"type": "role",
|
|
"logic": "POSITIVE",
|
|
"decisionStrategy": "UNANIMOUS",
|
|
"config": {
|
|
"roles": "[{\"id\":\"spiffworkflow-backend/spiffworkflow-admin\",\"required\":false}]"
|
|
}
|
|
},
|
|
{
|
|
"name": "Default Policy",
|
|
"description": "A policy that grants access only for users within this realm",
|
|
"type": "role",
|
|
"logic": "POSITIVE",
|
|
"decisionStrategy": "AFFIRMATIVE",
|
|
"config": {
|
|
"roles": "[{\"id\":\"spiffworkflow-backend/repeat-form-role-2\",\"required\":false}]"
|
|
}
|
|
},
|
|
{
|
|
"name": "repeat-form-read",
|
|
"type": "scope",
|
|
"logic": "POSITIVE",
|
|
"decisionStrategy": "UNANIMOUS",
|
|
"config": {
|
|
"resources": "[\"process-model-with-repeating-form-crud\"]",
|
|
"scopes": "[\"read\"]",
|
|
"applyPolicies": "[\"repeat-form-role-policy\"]"
|
|
}
|
|
},
|
|
{
|
|
"name": "all_permissions",
|
|
"type": "resource",
|
|
"logic": "POSITIVE",
|
|
"decisionStrategy": "UNANIMOUS",
|
|
"config": {
|
|
"resources": "[\"everything\"]",
|
|
"applyPolicies": "[\"admins have everything\"]"
|
|
}
|
|
},
|
|
{
|
|
"name": "Default Permission",
|
|
"description": "A permission that applies to the default resource type",
|
|
"type": "resource",
|
|
"logic": "POSITIVE",
|
|
"decisionStrategy": "UNANIMOUS",
|
|
"config": {
|
|
"defaultResourceType": "urn:spiffworkflow-backend:resources:default",
|
|
"applyPolicies": "[\"Default Policy\"]"
|
|
}
|
|
}
|
|
],
|
|
"scopes": [
|
|
{
|
|
"name": "read",
|
|
"displayName": "read"
|
|
},
|
|
{
|
|
"name": "update",
|
|
"displayName": "update"
|
|
},
|
|
{
|
|
"name": "delete",
|
|
"displayName": "delete"
|
|
},
|
|
{
|
|
"name": "instantiate",
|
|
"displayName": "instantiate"
|
|
}
|
|
],
|
|
"decisionStrategy": "UNANIMOUS"
|
|
}
|
|
},
|
|
{
|
|
"clientId": "spiffworkflow-frontend",
|
|
"surrogateAuthRequired": false,
|
|
"enabled": true,
|
|
"alwaysDisplayInConsole": false,
|
|
"clientAuthenticatorType": "client-secret",
|
|
"redirectUris": [
|
|
"https://api.unused-for-local-dev.spiffworkflow.org/*",
|
|
"http://localhost:7001/*",
|
|
"http://67.205.133.116:7000/*",
|
|
"http://167.172.242.138:7001/*",
|
|
"https://api.demo.spiffworkflow.org/*"
|
|
],
|
|
"webOrigins": ["*"],
|
|
"notBefore": 0,
|
|
"bearerOnly": false,
|
|
"consentRequired": false,
|
|
"standardFlowEnabled": true,
|
|
"implicitFlowEnabled": false,
|
|
"directAccessGrantsEnabled": true,
|
|
"serviceAccountsEnabled": false,
|
|
"publicClient": true,
|
|
"frontchannelLogout": false,
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"saml.force.post.binding": "false",
|
|
"saml.multivalued.roles": "false",
|
|
"frontchannel.logout.session.required": "false",
|
|
"post.logout.redirect.uris": "+",
|
|
"oauth2.device.authorization.grant.enabled": "false",
|
|
"backchannel.logout.revoke.offline.tokens": "false",
|
|
"saml.server.signature.keyinfo.ext": "false",
|
|
"use.refresh.tokens": "true",
|
|
"oidc.ciba.grant.enabled": "false",
|
|
"backchannel.logout.session.required": "true",
|
|
"client_credentials.use_refresh_token": "false",
|
|
"require.pushed.authorization.requests": "false",
|
|
"saml.client.signature": "false",
|
|
"saml.allow.ecp.flow": "false",
|
|
"id.token.as.detached.signature": "false",
|
|
"saml.assertion.signature": "false",
|
|
"saml.encrypt": "false",
|
|
"saml.server.signature": "false",
|
|
"exclude.session.state.from.auth.response": "false",
|
|
"saml.artifact.binding": "false",
|
|
"saml_force_name_id_format": "false",
|
|
"acr.loa.map": "{}",
|
|
"tls.client.certificate.bound.access.tokens": "false",
|
|
"saml.authnstatement": "false",
|
|
"display.on.consent.screen": "false",
|
|
"token.response.type.bearer.lower-case": "false",
|
|
"saml.onetimeuse.condition": "false"
|
|
},
|
|
"authenticationFlowBindingOverrides": {},
|
|
"fullScopeAllowed": true,
|
|
"nodeReRegistrationTimeout": -1,
|
|
"defaultClientScopes": [
|
|
"web-origins",
|
|
"acr",
|
|
"profile",
|
|
"roles",
|
|
"email"
|
|
],
|
|
"optionalClientScopes": [
|
|
"address",
|
|
"phone",
|
|
"offline_access",
|
|
"microprofile-jwt"
|
|
]
|
|
},
|
|
{
|
|
"clientId": "withAuth",
|
|
"surrogateAuthRequired": false,
|
|
"enabled": true,
|
|
"alwaysDisplayInConsole": false,
|
|
"clientAuthenticatorType": "client-secret",
|
|
"secret": "6o8kIKQznQtejHOdRhWeKorBJclMGcgA",
|
|
"redirectUris": [
|
|
"https://api.unused-for-local-dev.spiffworkflow.org/*",
|
|
"http://localhost:7001/*",
|
|
"http://67.205.133.116:7000/*",
|
|
"http://167.172.242.138:7001/*",
|
|
"https://api.demo.spiffworkflow.org/*"
|
|
],
|
|
"webOrigins": [],
|
|
"notBefore": 0,
|
|
"bearerOnly": false,
|
|
"consentRequired": false,
|
|
"standardFlowEnabled": true,
|
|
"implicitFlowEnabled": false,
|
|
"directAccessGrantsEnabled": true,
|
|
"serviceAccountsEnabled": true,
|
|
"authorizationServicesEnabled": true,
|
|
"publicClient": false,
|
|
"frontchannelLogout": false,
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"saml.force.post.binding": "false",
|
|
"saml.multivalued.roles": "false",
|
|
"frontchannel.logout.session.required": "false",
|
|
"post.logout.redirect.uris": "+",
|
|
"oauth2.device.authorization.grant.enabled": "false",
|
|
"backchannel.logout.revoke.offline.tokens": "false",
|
|
"saml.server.signature.keyinfo.ext": "false",
|
|
"use.refresh.tokens": "true",
|
|
"oidc.ciba.grant.enabled": "false",
|
|
"backchannel.logout.session.required": "true",
|
|
"client_credentials.use_refresh_token": "false",
|
|
"require.pushed.authorization.requests": "false",
|
|
"saml.client.signature": "false",
|
|
"saml.allow.ecp.flow": "false",
|
|
"id.token.as.detached.signature": "false",
|
|
"saml.assertion.signature": "false",
|
|
"client.secret.creation.time": "1657055472",
|
|
"saml.encrypt": "false",
|
|
"saml.server.signature": "false",
|
|
"exclude.session.state.from.auth.response": "false",
|
|
"saml.artifact.binding": "false",
|
|
"saml_force_name_id_format": "false",
|
|
"acr.loa.map": "{}",
|
|
"tls.client.certificate.bound.access.tokens": "false",
|
|
"saml.authnstatement": "false",
|
|
"display.on.consent.screen": "false",
|
|
"token.response.type.bearer.lower-case": "false",
|
|
"saml.onetimeuse.condition": "false"
|
|
},
|
|
"authenticationFlowBindingOverrides": {},
|
|
"fullScopeAllowed": true,
|
|
"nodeReRegistrationTimeout": -1,
|
|
"protocolMappers": [
|
|
{
|
|
"name": "Client ID",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usersessionmodel-note-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"user.session.note": "clientId",
|
|
"userinfo.token.claim": "true",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "clientId",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"name": "Client Host",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usersessionmodel-note-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"user.session.note": "clientHost",
|
|
"userinfo.token.claim": "true",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "clientHost",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"name": "Client IP Address",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usersessionmodel-note-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"user.session.note": "clientAddress",
|
|
"userinfo.token.claim": "true",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "clientAddress",
|
|
"jsonType.label": "String"
|
|
}
|
|
}
|
|
],
|
|
"defaultClientScopes": [
|
|
"web-origins",
|
|
"acr",
|
|
"profile",
|
|
"roles",
|
|
"email"
|
|
],
|
|
"optionalClientScopes": [
|
|
"address",
|
|
"phone",
|
|
"offline_access",
|
|
"microprofile-jwt"
|
|
],
|
|
"authorizationSettings": {
|
|
"allowRemoteResourceManagement": true,
|
|
"policyEnforcementMode": "ENFORCING",
|
|
"resources": [
|
|
{
|
|
"name": "Default Resource",
|
|
"type": "urn:withAuth:resources:default",
|
|
"ownerManagedAccess": false,
|
|
"attributes": {},
|
|
"uris": ["/*"]
|
|
}
|
|
],
|
|
"policies": [
|
|
{
|
|
"name": "Default Policy",
|
|
"description": "A policy that grants access only for users within this realm",
|
|
"type": "role",
|
|
"logic": "POSITIVE",
|
|
"decisionStrategy": "AFFIRMATIVE",
|
|
"config": {
|
|
"roles": "[{\"id\":\"spiffworkflow-backend/repeat-form-role-2\",\"required\":false}]"
|
|
}
|
|
},
|
|
{
|
|
"name": "Default Permission",
|
|
"description": "A permission that applies to the default resource type",
|
|
"type": "resource",
|
|
"logic": "POSITIVE",
|
|
"decisionStrategy": "UNANIMOUS",
|
|
"config": {
|
|
"defaultResourceType": "urn:withAuth:resources:default",
|
|
"applyPolicies": "[\"Default Policy\"]"
|
|
}
|
|
}
|
|
],
|
|
"scopes": [],
|
|
"decisionStrategy": "UNANIMOUS"
|
|
}
|
|
}
|
|
],
|
|
"clientScopes": [
|
|
{
|
|
"name": "acr",
|
|
"description": "OpenID Connect scope for add acr (authentication context class reference) to the token",
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"include.in.token.scope": "false",
|
|
"display.on.consent.screen": "false"
|
|
},
|
|
"protocolMappers": [
|
|
{
|
|
"name": "acr loa level",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-acr-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"userinfo.token.claim": "true"
|
|
}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"name": "profile",
|
|
"description": "OpenID Connect built-in scope: profile",
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"include.in.token.scope": "true",
|
|
"display.on.consent.screen": "true",
|
|
"consent.screen.text": "${profileScopeConsentText}"
|
|
},
|
|
"protocolMappers": [
|
|
{
|
|
"name": "full name",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-full-name-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"userinfo.token.claim": "true"
|
|
}
|
|
},
|
|
{
|
|
"name": "website",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "website",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "website",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"name": "given name",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-property-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "firstName",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "given_name",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"name": "nickname",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "nickname",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "nickname",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"name": "username",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-property-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "username",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "preferred_username",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"name": "zoneinfo",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "zoneinfo",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "zoneinfo",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"name": "family name",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-property-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "lastName",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "family_name",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"name": "profile",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "profile",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "profile",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"name": "gender",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "gender",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "gender",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"name": "updated at",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "updatedAt",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "updated_at",
|
|
"jsonType.label": "long"
|
|
}
|
|
},
|
|
{
|
|
"name": "middle name",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "middleName",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "middle_name",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"name": "picture",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "picture",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "picture",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"name": "birthdate",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "birthdate",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "birthdate",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"name": "locale",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "locale",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "locale",
|
|
"jsonType.label": "String"
|
|
}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"name": "email",
|
|
"description": "OpenID Connect built-in scope: email",
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"include.in.token.scope": "true",
|
|
"display.on.consent.screen": "true",
|
|
"consent.screen.text": "${emailScopeConsentText}"
|
|
},
|
|
"protocolMappers": [
|
|
{
|
|
"name": "email",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-property-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "email",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "email",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"name": "email verified",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-property-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "emailVerified",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "email_verified",
|
|
"jsonType.label": "boolean"
|
|
}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"name": "phone",
|
|
"description": "OpenID Connect built-in scope: phone",
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"include.in.token.scope": "true",
|
|
"display.on.consent.screen": "true",
|
|
"consent.screen.text": "${phoneScopeConsentText}"
|
|
},
|
|
"protocolMappers": [
|
|
{
|
|
"name": "phone number",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "phoneNumber",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "phone_number",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"name": "phone number verified",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "phoneNumberVerified",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "phone_number_verified",
|
|
"jsonType.label": "boolean"
|
|
}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"name": "microprofile-jwt",
|
|
"description": "Microprofile - JWT built-in scope",
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"include.in.token.scope": "true",
|
|
"display.on.consent.screen": "false"
|
|
},
|
|
"protocolMappers": [
|
|
{
|
|
"name": "groups",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-realm-role-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"multivalued": "true",
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "foo",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "groups",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"name": "upn",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-property-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "username",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "upn",
|
|
"jsonType.label": "String"
|
|
}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"name": "roles",
|
|
"description": "OpenID Connect scope for add user roles to the access token",
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"include.in.token.scope": "false",
|
|
"display.on.consent.screen": "true",
|
|
"consent.screen.text": "${rolesScopeConsentText}"
|
|
},
|
|
"protocolMappers": [
|
|
{
|
|
"name": "audience resolve",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-audience-resolve-mapper",
|
|
"consentRequired": false,
|
|
"config": {}
|
|
},
|
|
{
|
|
"name": "realm roles",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-realm-role-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"user.attribute": "foo",
|
|
"access.token.claim": "true",
|
|
"claim.name": "realm_access.roles",
|
|
"jsonType.label": "String",
|
|
"multivalued": "true"
|
|
}
|
|
},
|
|
{
|
|
"name": "client roles",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-client-role-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"user.attribute": "foo",
|
|
"access.token.claim": "true",
|
|
"claim.name": "resource_access.${client_id}.roles",
|
|
"jsonType.label": "String",
|
|
"multivalued": "true"
|
|
}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"name": "offline_access",
|
|
"description": "OpenID Connect built-in scope: offline_access",
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"consent.screen.text": "${offlineAccessScopeConsentText}",
|
|
"display.on.consent.screen": "true"
|
|
}
|
|
},
|
|
{
|
|
"name": "web-origins",
|
|
"description": "OpenID Connect scope for add allowed web origins to the access token",
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"include.in.token.scope": "false",
|
|
"display.on.consent.screen": "false",
|
|
"consent.screen.text": ""
|
|
},
|
|
"protocolMappers": [
|
|
{
|
|
"name": "allowed web origins",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-allowed-origins-mapper",
|
|
"consentRequired": false,
|
|
"config": {}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"name": "role_list",
|
|
"description": "SAML role list",
|
|
"protocol": "saml",
|
|
"attributes": {
|
|
"consent.screen.text": "${samlRoleListScopeConsentText}",
|
|
"display.on.consent.screen": "true"
|
|
},
|
|
"protocolMappers": [
|
|
{
|
|
"name": "role list",
|
|
"protocol": "saml",
|
|
"protocolMapper": "saml-role-list-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"single": "false",
|
|
"attribute.nameformat": "Basic",
|
|
"attribute.name": "Role"
|
|
}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"name": "address",
|
|
"description": "OpenID Connect built-in scope: address",
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"include.in.token.scope": "true",
|
|
"display.on.consent.screen": "true",
|
|
"consent.screen.text": "${addressScopeConsentText}"
|
|
},
|
|
"protocolMappers": [
|
|
{
|
|
"name": "address",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-address-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"user.attribute.formatted": "formatted",
|
|
"user.attribute.country": "country",
|
|
"user.attribute.postal_code": "postal_code",
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute.street": "street",
|
|
"id.token.claim": "true",
|
|
"user.attribute.region": "region",
|
|
"access.token.claim": "true",
|
|
"user.attribute.locality": "locality"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"defaultDefaultClientScopes": [
|
|
"email",
|
|
"profile",
|
|
"role_list",
|
|
"roles",
|
|
"acr",
|
|
"web-origins"
|
|
],
|
|
"defaultOptionalClientScopes": [
|
|
"offline_access",
|
|
"phone",
|
|
"microprofile-jwt",
|
|
"address"
|
|
],
|
|
"browserSecurityHeaders": {
|
|
"contentSecurityPolicyReportOnly": "",
|
|
"xContentTypeOptions": "nosniff",
|
|
"xRobotsTag": "none",
|
|
"xFrameOptions": "SAMEORIGIN",
|
|
"contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
|
|
"xXSSProtection": "1; mode=block",
|
|
"strictTransportSecurity": "max-age=31536000; includeSubDomains"
|
|
},
|
|
"smtpServer": {},
|
|
"eventsEnabled": false,
|
|
"eventsListeners": ["jboss-logging"],
|
|
"enabledEventTypes": [],
|
|
"adminEventsEnabled": false,
|
|
"adminEventsDetailsEnabled": false,
|
|
"identityProviders": [],
|
|
"identityProviderMappers": [],
|
|
"components": {
|
|
"org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [
|
|
{
|
|
"name": "Trusted Hosts",
|
|
"providerId": "trusted-hosts",
|
|
"subType": "anonymous",
|
|
"subComponents": {},
|
|
"config": {
|
|
"host-sending-registration-request-must-match": ["true"],
|
|
"client-uris-must-match": ["true"]
|
|
}
|
|
},
|
|
{
|
|
"name": "Allowed Protocol Mapper Types",
|
|
"providerId": "allowed-protocol-mappers",
|
|
"subType": "authenticated",
|
|
"subComponents": {},
|
|
"config": {
|
|
"allowed-protocol-mapper-types": [
|
|
"oidc-sha256-pairwise-sub-mapper",
|
|
"oidc-address-mapper",
|
|
"oidc-full-name-mapper",
|
|
"saml-user-attribute-mapper",
|
|
"oidc-usermodel-property-mapper",
|
|
"saml-role-list-mapper",
|
|
"saml-user-property-mapper",
|
|
"oidc-usermodel-attribute-mapper"
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"name": "Max Clients Limit",
|
|
"providerId": "max-clients",
|
|
"subType": "anonymous",
|
|
"subComponents": {},
|
|
"config": {
|
|
"max-clients": ["200"]
|
|
}
|
|
},
|
|
{
|
|
"name": "Allowed Protocol Mapper Types",
|
|
"providerId": "allowed-protocol-mappers",
|
|
"subType": "anonymous",
|
|
"subComponents": {},
|
|
"config": {
|
|
"allowed-protocol-mapper-types": [
|
|
"oidc-full-name-mapper",
|
|
"saml-user-property-mapper",
|
|
"oidc-usermodel-property-mapper",
|
|
"saml-role-list-mapper",
|
|
"oidc-address-mapper",
|
|
"saml-user-attribute-mapper",
|
|
"oidc-sha256-pairwise-sub-mapper",
|
|
"oidc-usermodel-attribute-mapper"
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"name": "Allowed Client Scopes",
|
|
"providerId": "allowed-client-templates",
|
|
"subType": "authenticated",
|
|
"subComponents": {},
|
|
"config": {
|
|
"allow-default-scopes": ["true"]
|
|
}
|
|
},
|
|
{
|
|
"name": "Consent Required",
|
|
"providerId": "consent-required",
|
|
"subType": "anonymous",
|
|
"subComponents": {},
|
|
"config": {}
|
|
},
|
|
{
|
|
"name": "Full Scope Disabled",
|
|
"providerId": "scope",
|
|
"subType": "anonymous",
|
|
"subComponents": {},
|
|
"config": {}
|
|
},
|
|
{
|
|
"name": "Allowed Client Scopes",
|
|
"providerId": "allowed-client-templates",
|
|
"subType": "anonymous",
|
|
"subComponents": {},
|
|
"config": {
|
|
"allow-default-scopes": ["true"]
|
|
}
|
|
}
|
|
],
|
|
"org.keycloak.userprofile.UserProfileProvider": [
|
|
{
|
|
"providerId": "declarative-user-profile",
|
|
"subComponents": {},
|
|
"config": {}
|
|
}
|
|
],
|
|
"org.keycloak.keys.KeyProvider": [
|
|
{
|
|
"name": "hmac-generated",
|
|
"providerId": "hmac-generated",
|
|
"subComponents": {},
|
|
"config": {
|
|
"kid": ["4e99c641-0494-49d5-979f-45cb5126f6f1"],
|
|
"secret": [
|
|
"4wV4voiQmFajEegv83Ugd8DxFoy3JpN4YzO5qMx4XfB7Abq8NKU4Az5AkSpxYBSdb5GJEQypA4aLmnaDyCWLIw"
|
|
],
|
|
"priority": ["100"],
|
|
"algorithm": ["HS256"]
|
|
}
|
|
},
|
|
{
|
|
"name": "aes-generated",
|
|
"providerId": "aes-generated",
|
|
"subComponents": {},
|
|
"config": {
|
|
"kid": ["76118b54-fc74-4149-9028-fab1fdc07860"],
|
|
"secret": ["DvxTn0KA4TEUPqSFBw8qAw"],
|
|
"priority": ["100"]
|
|
}
|
|
},
|
|
{
|
|
"name": "rsa-generated",
|
|
"providerId": "rsa-generated",
|
|
"subComponents": {},
|
|
"config": {
|
|
"privateKey": [
|
|
"MIIEpAIBAAKCAQEAimbfmG2pL3qesWhUrQayRyYBbRFE0Ul5Ii/AW8Kq6Kad9R2n2sT2BvXWnsWBH6KuINUFJz3Tb+gWy235Jy0Idmekwx63JR20//ZJ7dyQ+b1iadmYPpqyixGL7NrVxQYT0AEGLcD/Fwsh869F3jgfQt7N15q2arRnOrW5NMwi+IvtHxZRZ3UluxShut2577ef8cakwCv4zoTV29y+Z3XhtlKZ4WOCuqIHL3SRHwNkb+k8cY0Gwc88FHl/ihFR0fX/lc7W2AHRd98ex8il4kBFfShBZur8ZLE7QWQdXRY2EYYr3D/W6/5wf/R2fAvbVmGzcYGZ2qm6d+K1XH8VU3X84wIDAQABAoIBABXXrHwa+nOCz57CD3MLNoGiDuGOsySwisyJartQmraC7TTtDDurkASDMe72zq0WeJK368tIp6DmqQpL/eFf6xD8xHUC2PajnJg033AJuluftvNroupmcb0e9M1ZsBkbH29Zagc4iUmyuRYDWGx8wPpFvYjEYvuuIwiR+3vIp9A/0ZbcBwdtml3Of5gYTXChPj28PrA4K7oFib2Zu1aYCBEdF8h9bKRF/UlvyWeSajjddexSQ6gkEjzAEMpliCDbOGSFGwNu1pY7FF4EpyJbalzdpn44m5v9bqfS9/CDrIOOUus88Nn5wCD2OAmAQnWn0Hnh7at4A5fw3VBUmEt70ckCgYEAx0Fg8Gp3SuMaytrf9HJHJcltyDRsdSxysF1ZvDV9cDUsD28QOa/wFJRVsABxqElU+W6QEc20NMgOHVyPFed5UhQA6WfmydzGIcF5C6T5IbE/5Uk3ptGuPdI0aR7rlRfefQOnUBr28dz5UDBTb93t9+Klxcss+nLGRbugnFBAtTUCgYEAsdD+92nuF/GfET97vbHxtJ6+epHddttWlsa5PVeVOZBE/LUsOZRxmxm4afvZGOkhUrvmA1+U0arcp9crS5+Ol2LUGh/9efqLvoBImBxLwB37VcIYLJi0EVPrhVPh+9r3vah1YMBhtapS0VtuEZOr47Yz7asBg1s1Z06l+bD1JLcCgYA+3YS9NYn/qZl5aQcBs9B4vo2RfeC+M1DYDgvS0rmJ3mzRTcQ7vyOrCoXiarFxW/mgXN69jz4M7RVu9BX83jQrzj3fZjWteKdWXRlYsCseEzNKnwgc7MjhnmGEzQmc15QNs0plfqxs8MAEKcsZX1bGP873kbvWJMIjnCf3SWaxBQKBgQCh9zt2w19jIewA+vFMbXw7SGk6Hgk6zTlG50YtkMxU/YtJIAFjhUohu8DVkNhDr35x7MLribF1dYu9ueku3ew1CokmLsNkywllAVaebw+0s9qOV9hLLuC989HQxQJPtTj54SrhcPrPTZBYME7G5dqo9PrB3oTnUDoJmoLmOABjawKBgQCeyd12ShpKYHZS4ZvE87OfXanuNfpVxhcXOqYHpQz2W0a+oUu9e78MlwTVooR4O52W/Ohch2FPEzq/1DBjJrK6PrMY8DS018BIVpQ9DS35/Ga9NtSi8DX7jTXacYPwL9n/+//U3vw0mjaoMXgCv44nYu4ro62J6wvVM98hjQmLJw=="
|
|
],
|
|
"keyUse": ["SIG"],
|
|
"certificate": [
|
|
"MIICqTCCAZECBgGBz6+bXzANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1zcGlmZndvcmtmbG93MB4XDTIyMDcwNTE4NDUwMVoXDTMyMDcwNTE4NDY0MVowGDEWMBQGA1UEAwwNc3BpZmZ3b3JrZmxvdzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIpm35htqS96nrFoVK0GskcmAW0RRNFJeSIvwFvCquimnfUdp9rE9gb11p7FgR+iriDVBSc902/oFstt+SctCHZnpMMetyUdtP/2Se3ckPm9YmnZmD6asosRi+za1cUGE9ABBi3A/xcLIfOvRd44H0Lezdeatmq0Zzq1uTTMIviL7R8WUWd1JbsUobrdue+3n/HGpMAr+M6E1dvcvmd14bZSmeFjgrqiBy90kR8DZG/pPHGNBsHPPBR5f4oRUdH1/5XO1tgB0XffHsfIpeJARX0oQWbq/GSxO0FkHV0WNhGGK9w/1uv+cH/0dnwL21Zhs3GBmdqpunfitVx/FVN1/OMCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAaI7BEPZpf4MU7bMWmNgyfRTRDy5wtpyfuLPGHZ9EqtnvwwzsmlmXXsC55SLXx3wJETm+rFqeRFbo/hamlRajzzD317AUpE7nhnONTukmh6UuB8hXoWiQTD+YDYMy8kneSP4zvfm27F+TgUC4cvJSYuWVaCxFx52kxqW1hZkBzYUcfi21Qb1jRrbTbso37BxuVX+GdN015If3DPD6QnAhLPAYEFA9jiL16YeMdWHdvlXXmvriDegMUYQjFYPRh6iPzUEdG6KGHItF4AkOYBQAcoaYhfxpxofVlDdOqMZ/1c7AAbe4lR6/jYQ0CbHwdUu4dzJQe3vxr7GdxcB1ypvXPA=="
|
|
],
|
|
"priority": ["100"]
|
|
}
|
|
},
|
|
{
|
|
"name": "rsa-enc-generated",
|
|
"providerId": "rsa-enc-generated",
|
|
"subComponents": {},
|
|
"config": {
|
|
"privateKey": [
|
|
"MIIEowIBAAKCAQEAsqGsclDQDFSTn8HS1LiiNAnTwn3CS8HXPLDYMHr/jUQ8r5eD+vQY5ICh5V5c8l8J6ydbpzffFEKam54Ypp4yzaWJZ4huYBMf4vL7xrAZ4VXBreu16BIxOrThzrJe9WmI8+Annzo62mNYZbjf4WNpZDURmxZSo7v6Czprd5O6T4N5bxr8sjRRptZR8hxtrRvJnuC0jF+dLHIO5SKR1hUVG/gbpIBqGcsLkNC9nnS6M/N5YFzUIV5JhXo3+mrR/yvw7m+oS5yRsN0raCSXVenNP05Dhsd4FOYqoXBBcdgXXbiDxed0HWB/g5dASqyMydHriddGr8FU0W8/uZmF79wxPwIDAQABAoIBAFsWCaL5Bj1jWytZYDJMO5mhcTN5gPu0ShaObo66CVl1dCRtdEUg9xh9ZxBYf7ivMZWRKjEoUj44gDHd+d/sRyeJw3jhnraqydWl5TC5V1kJq4sN6GH/9M5kscf+OGGXgNgqcsnEnYICqm6kSLTbRkBstx+H0HfhQG09StNcpuIn4MsoMZT8XmZbXRLb3FhfpuTSX3t2nbSDRfUf7LI1EDnFQen/AJAA5lOHthLCdz4Gj1vfalOFjCMYOUWmL/mCDEb38F6QJZxkyhmS/r2kM09PFLOio6z3J8C8mVeq7uao0s5xAKj5SJqx4r+TTvL5aOF8JBWm8Hz1Vcip9/MjsQECgYEA/8Hpb4RggNyn+YzTxqxtPtbLFL0YywtNT+gutmJH1gyTjfx7p3dmA/NsdIeuJmBpZfA7oDXIqfj2M9QLfC5bdKnggQzrIO3BgClI88zOIWd229Bt6D1yx92k4+9eaRwOKBPn8+u0mCk8TBv32ecMLQ9o8AKNIHeCZQjByvOrIMECgYEAss0J3TzrRuEOpnxJ9fNOeB3rNpIFrpNua+oEQI4gDbBvyT7osBKkGqfXJpUQMftr8a6uBHLHV7/Wq6/aRkRhk+aER8h01DUIWGLmbCUdkFSJZ8iObMZQvURtckhzxxhYu0Ybwn0RJg/zzR4onTRO+eL1fTnb5Id55PyPt3Pp0f8CgYEAovDOoP6MYOyzk5h1/7gwrX04ytCicBGWQtdgk0/QBn3ir+3wdcPq2Y+HREKA3/BClfBUfIBnhGqZqHFqk8YQ/CWSY4Vwc30l71neIX0UwlFhdy+2JeSoMM9z0sfYtUxrdHsiJtO/LcXvpWmYIVpC9p4/s9FcShf5mhbXKE7PcsECgYBN7qqvAH94LF4rWJ8QEZWRK1E7Ptg1KFOHu79Qt+HmtZFzwPTA0c8vQxq22V/uuSxqcf2tOK4EZDxYJtTXrbRuN5pOg2PQnrDdfXX7iw3gu8gMMVFKvgGxDSM7HbNBAy6hqcQtuD+CPI/CRrPjGUqXBkKD63UZnacWlLK7fk1a1wKBgExUaqOBKmr0vldVn66E1XzZj4F4+fV5Ggka9289pBNBRlJFD4VmIYkDkOrLimyy2cYeCkocrOvF6HMJqTcOzD50pj44OWkYFRbs6vK0S7iLSX0eR158XOR9C+uZzp1vIA4sYwW3504HVdVoIU5M8ItSgDsFjGnvHopTGu3MBWPT"
|
|
],
|
|
"keyUse": ["ENC"],
|
|
"certificate": [
|
|
"MIICqTCCAZECBgGBz6+byzANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1zcGlmZndvcmtmbG93MB4XDTIyMDcwNTE4NDUwMVoXDTMyMDcwNTE4NDY0MVowGDEWMBQGA1UEAwwNc3BpZmZ3b3JrZmxvdzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALKhrHJQ0AxUk5/B0tS4ojQJ08J9wkvB1zyw2DB6/41EPK+Xg/r0GOSAoeVeXPJfCesnW6c33xRCmpueGKaeMs2liWeIbmATH+Ly+8awGeFVwa3rtegSMTq04c6yXvVpiPPgJ586OtpjWGW43+FjaWQ1EZsWUqO7+gs6a3eTuk+DeW8a/LI0UabWUfIcba0byZ7gtIxfnSxyDuUikdYVFRv4G6SAahnLC5DQvZ50ujPzeWBc1CFeSYV6N/pq0f8r8O5vqEuckbDdK2gkl1XpzT9OQ4bHeBTmKqFwQXHYF124g8XndB1gf4OXQEqsjMnR64nXRq/BVNFvP7mZhe/cMT8CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEArDDC7bYbuBg33PbUQi7P77lV7PuE9uQU1F3HqulhkARQeM/xmBdJRj9CHjj62shkI3An70tJtGBJkVAHltmvjC+A6IDO5I8IbnPkvWJFu9HwphdP/C1HXYmGPPe7yGdKpy6mdCZ+LMZP7BENhOlx9yXLDFYtcGvqZ4u3XvfsLqUsRGqZHNlhVJD13dUbI6pvbwMsb3gIxozgTIa2ySHMbHafln2UQk5jD0eOIVkaNAdlHqMHiBpPjkoVxnhAmJ/dUIAqKBvuIbCOu9N0kOQSl82LqC7CZ21JCyT86Ll3n1RTkxY5G3JzGW4dyJMOGSyVnWaQ9Z+C92ZMFcOt611M2A=="
|
|
],
|
|
"priority": ["100"],
|
|
"algorithm": ["RSA-OAEP"]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"internationalizationEnabled": false,
|
|
"supportedLocales": [],
|
|
"authenticationFlows": [
|
|
{
|
|
"alias": "Account verification options",
|
|
"description": "Method with which to verity the existing account",
|
|
"providerId": "basic-flow",
|
|
"topLevel": false,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "idp-email-verification",
|
|
"authenticatorFlow": false,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticatorFlow": true,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 20,
|
|
"autheticatorFlow": true,
|
|
"flowAlias": "Verify Existing Account by Re-authentication",
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"alias": "Authentication Options",
|
|
"description": "Authentication options.",
|
|
"providerId": "basic-flow",
|
|
"topLevel": false,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "basic-auth",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "basic-auth-otp",
|
|
"authenticatorFlow": false,
|
|
"requirement": "DISABLED",
|
|
"priority": 20,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "auth-spnego",
|
|
"authenticatorFlow": false,
|
|
"requirement": "DISABLED",
|
|
"priority": 30,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"alias": "Browser - Conditional OTP",
|
|
"description": "Flow to determine if the OTP is required for the authentication",
|
|
"providerId": "basic-flow",
|
|
"topLevel": false,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "conditional-user-configured",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "auth-otp-form",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 20,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"alias": "Direct Grant - Conditional OTP",
|
|
"description": "Flow to determine if the OTP is required for the authentication",
|
|
"providerId": "basic-flow",
|
|
"topLevel": false,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "conditional-user-configured",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "direct-grant-validate-otp",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 20,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"alias": "First broker login - Conditional OTP",
|
|
"description": "Flow to determine if the OTP is required for the authentication",
|
|
"providerId": "basic-flow",
|
|
"topLevel": false,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "conditional-user-configured",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "auth-otp-form",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 20,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"alias": "Handle Existing Account",
|
|
"description": "Handle what to do if there is existing account with same email/username like authenticated identity provider",
|
|
"providerId": "basic-flow",
|
|
"topLevel": false,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "idp-confirm-link",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticatorFlow": true,
|
|
"requirement": "REQUIRED",
|
|
"priority": 20,
|
|
"autheticatorFlow": true,
|
|
"flowAlias": "Account verification options",
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"alias": "Reset - Conditional OTP",
|
|
"description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.",
|
|
"providerId": "basic-flow",
|
|
"topLevel": false,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "conditional-user-configured",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "reset-otp",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 20,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"alias": "User creation or linking",
|
|
"description": "Flow for the existing/non-existing user alternatives",
|
|
"providerId": "basic-flow",
|
|
"topLevel": false,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticatorConfig": "create unique user config",
|
|
"authenticator": "idp-create-user-if-unique",
|
|
"authenticatorFlow": false,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticatorFlow": true,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 20,
|
|
"autheticatorFlow": true,
|
|
"flowAlias": "Handle Existing Account",
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"alias": "Verify Existing Account by Re-authentication",
|
|
"description": "Reauthentication of existing account",
|
|
"providerId": "basic-flow",
|
|
"topLevel": false,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "idp-username-password-form",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticatorFlow": true,
|
|
"requirement": "CONDITIONAL",
|
|
"priority": 20,
|
|
"autheticatorFlow": true,
|
|
"flowAlias": "First broker login - Conditional OTP",
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"alias": "browser",
|
|
"description": "browser based authentication",
|
|
"providerId": "basic-flow",
|
|
"topLevel": true,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "auth-cookie",
|
|
"authenticatorFlow": false,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "auth-spnego",
|
|
"authenticatorFlow": false,
|
|
"requirement": "DISABLED",
|
|
"priority": 20,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "identity-provider-redirector",
|
|
"authenticatorFlow": false,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 25,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticatorFlow": true,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 30,
|
|
"autheticatorFlow": true,
|
|
"flowAlias": "forms",
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"alias": "clients",
|
|
"description": "Base authentication for clients",
|
|
"providerId": "client-flow",
|
|
"topLevel": true,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "client-secret",
|
|
"authenticatorFlow": false,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "client-jwt",
|
|
"authenticatorFlow": false,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 20,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "client-secret-jwt",
|
|
"authenticatorFlow": false,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 30,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "client-x509",
|
|
"authenticatorFlow": false,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 40,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"alias": "direct grant",
|
|
"description": "OpenID Connect Resource Owner Grant",
|
|
"providerId": "basic-flow",
|
|
"topLevel": true,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "direct-grant-validate-username",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "direct-grant-validate-password",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 20,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticatorFlow": true,
|
|
"requirement": "CONDITIONAL",
|
|
"priority": 30,
|
|
"autheticatorFlow": true,
|
|
"flowAlias": "Direct Grant - Conditional OTP",
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"alias": "docker auth",
|
|
"description": "Used by Docker clients to authenticate against the IDP",
|
|
"providerId": "basic-flow",
|
|
"topLevel": true,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "docker-http-basic-authenticator",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"alias": "first broker login",
|
|
"description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
|
|
"providerId": "basic-flow",
|
|
"topLevel": true,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticatorConfig": "review profile config",
|
|
"authenticator": "idp-review-profile",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticatorFlow": true,
|
|
"requirement": "REQUIRED",
|
|
"priority": 20,
|
|
"autheticatorFlow": true,
|
|
"flowAlias": "User creation or linking",
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"alias": "forms",
|
|
"description": "Username, password, otp and other auth forms.",
|
|
"providerId": "basic-flow",
|
|
"topLevel": false,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "auth-username-password-form",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticatorFlow": true,
|
|
"requirement": "CONDITIONAL",
|
|
"priority": 20,
|
|
"autheticatorFlow": true,
|
|
"flowAlias": "Browser - Conditional OTP",
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"alias": "http challenge",
|
|
"description": "An authentication flow based on challenge-response HTTP Authentication Schemes",
|
|
"providerId": "basic-flow",
|
|
"topLevel": true,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "no-cookie-redirect",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticatorFlow": true,
|
|
"requirement": "REQUIRED",
|
|
"priority": 20,
|
|
"autheticatorFlow": true,
|
|
"flowAlias": "Authentication Options",
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"alias": "registration",
|
|
"description": "registration flow",
|
|
"providerId": "basic-flow",
|
|
"topLevel": true,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "registration-page-form",
|
|
"authenticatorFlow": true,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"autheticatorFlow": true,
|
|
"flowAlias": "registration form",
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"alias": "registration form",
|
|
"description": "registration form",
|
|
"providerId": "form-flow",
|
|
"topLevel": false,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "registration-user-creation",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 20,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "registration-profile-action",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 40,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "registration-password-action",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 50,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "registration-recaptcha-action",
|
|
"authenticatorFlow": false,
|
|
"requirement": "DISABLED",
|
|
"priority": 60,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"alias": "reset credentials",
|
|
"description": "Reset credentials for a user if they forgot their password or something",
|
|
"providerId": "basic-flow",
|
|
"topLevel": true,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "reset-credentials-choose-user",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "reset-credential-email",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 20,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "reset-password",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 30,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticatorFlow": true,
|
|
"requirement": "CONDITIONAL",
|
|
"priority": 40,
|
|
"autheticatorFlow": true,
|
|
"flowAlias": "Reset - Conditional OTP",
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"alias": "saml ecp",
|
|
"description": "SAML ECP Profile Authentication Flow",
|
|
"providerId": "basic-flow",
|
|
"topLevel": true,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "http-basic-authenticator",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"authenticatorConfig": [
|
|
{
|
|
"alias": "create unique user config",
|
|
"config": {
|
|
"require.password.update.after.registration": "false"
|
|
}
|
|
},
|
|
{
|
|
"alias": "review profile config",
|
|
"config": {
|
|
"update.profile.on.first.login": "missing"
|
|
}
|
|
}
|
|
],
|
|
"requiredActions": [
|
|
{
|
|
"alias": "CONFIGURE_TOTP",
|
|
"name": "Configure OTP",
|
|
"providerId": "CONFIGURE_TOTP",
|
|
"enabled": true,
|
|
"defaultAction": false,
|
|
"priority": 10,
|
|
"config": {}
|
|
},
|
|
{
|
|
"alias": "terms_and_conditions",
|
|
"name": "Terms and Conditions",
|
|
"providerId": "terms_and_conditions",
|
|
"enabled": false,
|
|
"defaultAction": false,
|
|
"priority": 20,
|
|
"config": {}
|
|
},
|
|
{
|
|
"alias": "UPDATE_PASSWORD",
|
|
"name": "Update Password",
|
|
"providerId": "UPDATE_PASSWORD",
|
|
"enabled": true,
|
|
"defaultAction": false,
|
|
"priority": 30,
|
|
"config": {}
|
|
},
|
|
{
|
|
"alias": "UPDATE_PROFILE",
|
|
"name": "Update Profile",
|
|
"providerId": "UPDATE_PROFILE",
|
|
"enabled": true,
|
|
"defaultAction": false,
|
|
"priority": 40,
|
|
"config": {}
|
|
},
|
|
{
|
|
"alias": "VERIFY_EMAIL",
|
|
"name": "Verify Email",
|
|
"providerId": "VERIFY_EMAIL",
|
|
"enabled": true,
|
|
"defaultAction": false,
|
|
"priority": 50,
|
|
"config": {}
|
|
},
|
|
{
|
|
"alias": "delete_account",
|
|
"name": "Delete Account",
|
|
"providerId": "delete_account",
|
|
"enabled": false,
|
|
"defaultAction": false,
|
|
"priority": 60,
|
|
"config": {}
|
|
},
|
|
{
|
|
"alias": "update_user_locale",
|
|
"name": "Update User Locale",
|
|
"providerId": "update_user_locale",
|
|
"enabled": true,
|
|
"defaultAction": false,
|
|
"priority": 1000,
|
|
"config": {}
|
|
}
|
|
],
|
|
"browserFlow": "browser",
|
|
"registrationFlow": "registration",
|
|
"directGrantFlow": "direct grant",
|
|
"resetCredentialsFlow": "reset credentials",
|
|
"clientAuthenticationFlow": "clients",
|
|
"dockerAuthenticationFlow": "docker auth",
|
|
"attributes": {
|
|
"cibaBackchannelTokenDeliveryMode": "poll",
|
|
"cibaAuthRequestedUserHint": "login_hint",
|
|
"clientOfflineSessionMaxLifespan": "0",
|
|
"oauth2DevicePollingInterval": "5",
|
|
"clientSessionIdleTimeout": "0",
|
|
"actionTokenGeneratedByUserLifespan-execute-actions": "",
|
|
"actionTokenGeneratedByUserLifespan-verify-email": "",
|
|
"clientOfflineSessionIdleTimeout": "0",
|
|
"actionTokenGeneratedByUserLifespan-reset-credentials": "",
|
|
"cibaInterval": "5",
|
|
"realmReusableOtpCode": "false",
|
|
"cibaExpiresIn": "120",
|
|
"oauth2DeviceCodeLifespan": "600",
|
|
"actionTokenGeneratedByUserLifespan-idp-verify-account-via-email": "",
|
|
"parRequestUriLifespan": "60",
|
|
"clientSessionMaxLifespan": "0"
|
|
},
|
|
"keycloakVersion": "20.0.1",
|
|
"userManagedAccessAllowed": false,
|
|
"clientProfiles": {
|
|
"profiles": []
|
|
},
|
|
"clientPolicies": {
|
|
"policies": []
|
|
}
|
|
}
|