2233 lines
81 KiB
JSON
2233 lines
81 KiB
JSON
{
|
|
"realm" : "spiffworkflow-2",
|
|
"notBefore" : 0,
|
|
"defaultSignatureAlgorithm" : "RS256",
|
|
"revokeRefreshToken" : false,
|
|
"refreshTokenMaxReuse" : 0,
|
|
"accessTokenLifespan" : 1800,
|
|
"accessTokenLifespanForImplicitFlow" : 900,
|
|
"ssoSessionIdleTimeout" : 86400,
|
|
"ssoSessionMaxLifespan" : 864000,
|
|
"ssoSessionIdleTimeoutRememberMe" : 0,
|
|
"ssoSessionMaxLifespanRememberMe" : 0,
|
|
"offlineSessionIdleTimeout" : 2592000,
|
|
"offlineSessionMaxLifespanEnabled" : false,
|
|
"offlineSessionMaxLifespan" : 5184000,
|
|
"clientSessionIdleTimeout" : 0,
|
|
"clientSessionMaxLifespan" : 0,
|
|
"clientOfflineSessionIdleTimeout" : 0,
|
|
"clientOfflineSessionMaxLifespan" : 0,
|
|
"accessCodeLifespan" : 60,
|
|
"accessCodeLifespanUserAction" : 300,
|
|
"accessCodeLifespanLogin" : 1800,
|
|
"actionTokenGeneratedByAdminLifespan" : 43200,
|
|
"actionTokenGeneratedByUserLifespan" : 300,
|
|
"oauth2DeviceCodeLifespan" : 600,
|
|
"oauth2DevicePollingInterval" : 5,
|
|
"enabled" : true,
|
|
"sslRequired" : "external",
|
|
"registrationAllowed" : false,
|
|
"registrationEmailAsUsername" : false,
|
|
"rememberMe" : false,
|
|
"verifyEmail" : false,
|
|
"loginWithEmailAllowed" : true,
|
|
"duplicateEmailsAllowed" : false,
|
|
"resetPasswordAllowed" : false,
|
|
"editUsernameAllowed" : false,
|
|
"bruteForceProtected" : false,
|
|
"permanentLockout" : false,
|
|
"maxFailureWaitSeconds" : 900,
|
|
"minimumQuickLoginWaitSeconds" : 60,
|
|
"waitIncrementSeconds" : 60,
|
|
"quickLoginCheckMilliSeconds" : 1000,
|
|
"maxDeltaTimeSeconds" : 43200,
|
|
"failureFactor" : 30,
|
|
"roles" : {
|
|
"realm" : [ {
|
|
"name" : "default-roles-spiffworkflow",
|
|
"description" : "${role_default-roles}",
|
|
"composite" : true,
|
|
"composites" : {
|
|
"realm" : [ "offline_access", "uma_authorization" ],
|
|
"client" : {
|
|
"account" : [ "view-profile", "manage-account" ]
|
|
}
|
|
},
|
|
"clientRole" : false,
|
|
"containerId" : "spiffworkflow-2",
|
|
"attributes" : { }
|
|
}, {
|
|
"name" : "uma_authorization",
|
|
"description" : "${role_uma_authorization}",
|
|
"composite" : false,
|
|
"clientRole" : false,
|
|
"containerId" : "spiffworkflow-2",
|
|
"attributes" : { }
|
|
}, {
|
|
"name" : "admin",
|
|
"composite" : false,
|
|
"clientRole" : false,
|
|
"containerId" : "spiffworkflow-2",
|
|
"attributes" : { }
|
|
}, {
|
|
"name" : "repeat-form-role-realm",
|
|
"composite" : false,
|
|
"clientRole" : false,
|
|
"containerId" : "spiffworkflow-2",
|
|
"attributes" : { }
|
|
}, {
|
|
"name" : "offline_access",
|
|
"description" : "${role_offline-access}",
|
|
"composite" : false,
|
|
"clientRole" : false,
|
|
"containerId" : "spiffworkflow-2",
|
|
"attributes" : { }
|
|
} ],
|
|
"client" : {
|
|
"realm-management" : [ {
|
|
"name" : "manage-authorization",
|
|
"description" : "${role_manage-authorization}",
|
|
"composite" : false,
|
|
"clientRole" : true,
|
|
"containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2",
|
|
"attributes" : { }
|
|
}, {
|
|
"name" : "view-authorization",
|
|
"description" : "${role_view-authorization}",
|
|
"composite" : false,
|
|
"clientRole" : true,
|
|
"containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2",
|
|
"attributes" : { }
|
|
}, {
|
|
"name" : "query-groups",
|
|
"description" : "${role_query-groups}",
|
|
"composite" : false,
|
|
"clientRole" : true,
|
|
"containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2",
|
|
"attributes" : { }
|
|
}, {
|
|
"name" : "realm-admin",
|
|
"description" : "${role_realm-admin}",
|
|
"composite" : true,
|
|
"composites" : {
|
|
"client" : {
|
|
"realm-management" : [ "manage-authorization", "view-authorization", "query-groups", "view-clients", "view-realm", "manage-users", "query-users", "impersonation", "manage-clients", "view-identity-providers", "create-client", "query-realms", "view-users", "view-events", "manage-identity-providers", "manage-events", "query-clients", "manage-realm" ]
|
|
}
|
|
},
|
|
"clientRole" : true,
|
|
"containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2",
|
|
"attributes" : { }
|
|
}, {
|
|
"name" : "view-clients",
|
|
"description" : "${role_view-clients}",
|
|
"composite" : true,
|
|
"composites" : {
|
|
"client" : {
|
|
"realm-management" : [ "query-clients" ]
|
|
}
|
|
},
|
|
"clientRole" : true,
|
|
"containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2",
|
|
"attributes" : { }
|
|
}, {
|
|
"name" : "manage-users",
|
|
"description" : "${role_manage-users}",
|
|
"composite" : false,
|
|
"clientRole" : true,
|
|
"containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2",
|
|
"attributes" : { }
|
|
}, {
|
|
"name" : "view-realm",
|
|
"description" : "${role_view-realm}",
|
|
"composite" : false,
|
|
"clientRole" : true,
|
|
"containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2",
|
|
"attributes" : { }
|
|
}, {
|
|
"name" : "impersonation",
|
|
"description" : "${role_impersonation}",
|
|
"composite" : false,
|
|
"clientRole" : true,
|
|
"containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2",
|
|
"attributes" : { }
|
|
}, {
|
|
"name" : "query-users",
|
|
"description" : "${role_query-users}",
|
|
"composite" : false,
|
|
"clientRole" : true,
|
|
"containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2",
|
|
"attributes" : { }
|
|
}, {
|
|
"name" : "manage-clients",
|
|
"description" : "${role_manage-clients}",
|
|
"composite" : false,
|
|
"clientRole" : true,
|
|
"containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2",
|
|
"attributes" : { }
|
|
}, {
|
|
"name" : "create-client",
|
|
"description" : "${role_create-client}",
|
|
"composite" : false,
|
|
"clientRole" : true,
|
|
"containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2",
|
|
"attributes" : { }
|
|
}, {
|
|
"name" : "query-realms",
|
|
"description" : "${role_query-realms}",
|
|
"composite" : false,
|
|
"clientRole" : true,
|
|
"containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2",
|
|
"attributes" : { }
|
|
}, {
|
|
"name" : "view-identity-providers",
|
|
"description" : "${role_view-identity-providers}",
|
|
"composite" : false,
|
|
"clientRole" : true,
|
|
"containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2",
|
|
"attributes" : { }
|
|
}, {
|
|
"name" : "view-users",
|
|
"description" : "${role_view-users}",
|
|
"composite" : true,
|
|
"composites" : {
|
|
"client" : {
|
|
"realm-management" : [ "query-groups", "query-users" ]
|
|
}
|
|
},
|
|
"clientRole" : true,
|
|
"containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2",
|
|
"attributes" : { }
|
|
}, {
|
|
"name" : "view-events",
|
|
"description" : "${role_view-events}",
|
|
"composite" : false,
|
|
"clientRole" : true,
|
|
"containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2",
|
|
"attributes" : { }
|
|
}, {
|
|
"name" : "manage-events",
|
|
"description" : "${role_manage-events}",
|
|
"composite" : false,
|
|
"clientRole" : true,
|
|
"containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2",
|
|
"attributes" : { }
|
|
}, {
|
|
"name" : "manage-identity-providers",
|
|
"description" : "${role_manage-identity-providers}",
|
|
"composite" : false,
|
|
"clientRole" : true,
|
|
"containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2",
|
|
"attributes" : { }
|
|
}, {
|
|
"name" : "query-clients",
|
|
"description" : "${role_query-clients}",
|
|
"composite" : false,
|
|
"clientRole" : true,
|
|
"containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2",
|
|
"attributes" : { }
|
|
}, {
|
|
"name" : "manage-realm",
|
|
"description" : "${role_manage-realm}",
|
|
"composite" : false,
|
|
"clientRole" : true,
|
|
"containerId" : "4ce68130-aced-4e67-936a-8082dc843cc2",
|
|
"attributes" : { }
|
|
} ],
|
|
"spiffworkflow-frontend" : [ ],
|
|
"security-admin-console" : [ ],
|
|
"admin-cli" : [ ],
|
|
"spiffworkflow-backend" : [ {
|
|
"name" : "spiffworkflow-admin",
|
|
"composite" : false,
|
|
"clientRole" : true,
|
|
"containerId" : "f44558af-3601-4e54-b854-08396a247544",
|
|
"attributes" : { }
|
|
}, {
|
|
"name" : "uma_protection",
|
|
"composite" : false,
|
|
"clientRole" : true,
|
|
"containerId" : "f44558af-3601-4e54-b854-08396a247544",
|
|
"attributes" : { }
|
|
}, {
|
|
"name" : "repeat-form-role-2",
|
|
"composite" : false,
|
|
"clientRole" : true,
|
|
"containerId" : "f44558af-3601-4e54-b854-08396a247544",
|
|
"attributes" : {
|
|
"repeat-form-role-2-att-key" : [ "repeat-form-role-2-att-value" ]
|
|
}
|
|
} ],
|
|
"withAuth" : [ {
|
|
"name" : "uma_protection",
|
|
"composite" : false,
|
|
"clientRole" : true,
|
|
"containerId" : "5d94a8c3-f56b-4eff-ac39-8580053a7fbe",
|
|
"attributes" : { }
|
|
} ],
|
|
"broker" : [ {
|
|
"name" : "read-token",
|
|
"description" : "${role_read-token}",
|
|
"composite" : false,
|
|
"clientRole" : true,
|
|
"containerId" : "55d75754-cf1b-4875-bf3e-15add4be8c99",
|
|
"attributes" : { }
|
|
} ],
|
|
"account" : [ {
|
|
"name" : "delete-account",
|
|
"description" : "${role_delete-account}",
|
|
"composite" : false,
|
|
"clientRole" : true,
|
|
"containerId" : "e39b3c85-bb9d-4c73-8250-be087c82ae48",
|
|
"attributes" : { }
|
|
}, {
|
|
"name" : "manage-consent",
|
|
"description" : "${role_manage-consent}",
|
|
"composite" : true,
|
|
"composites" : {
|
|
"client" : {
|
|
"account" : [ "view-consent" ]
|
|
}
|
|
},
|
|
"clientRole" : true,
|
|
"containerId" : "e39b3c85-bb9d-4c73-8250-be087c82ae48",
|
|
"attributes" : { }
|
|
}, {
|
|
"name" : "view-consent",
|
|
"description" : "${role_view-consent}",
|
|
"composite" : false,
|
|
"clientRole" : true,
|
|
"containerId" : "e39b3c85-bb9d-4c73-8250-be087c82ae48",
|
|
"attributes" : { }
|
|
}, {
|
|
"name" : "manage-account-links",
|
|
"description" : "${role_manage-account-links}",
|
|
"composite" : false,
|
|
"clientRole" : true,
|
|
"containerId" : "e39b3c85-bb9d-4c73-8250-be087c82ae48",
|
|
"attributes" : { }
|
|
}, {
|
|
"name" : "view-profile",
|
|
"description" : "${role_view-profile}",
|
|
"composite" : false,
|
|
"clientRole" : true,
|
|
"containerId" : "e39b3c85-bb9d-4c73-8250-be087c82ae48",
|
|
"attributes" : { }
|
|
}, {
|
|
"name" : "manage-account",
|
|
"description" : "${role_manage-account}",
|
|
"composite" : true,
|
|
"composites" : {
|
|
"client" : {
|
|
"account" : [ "manage-account-links" ]
|
|
}
|
|
},
|
|
"clientRole" : true,
|
|
"containerId" : "e39b3c85-bb9d-4c73-8250-be087c82ae48",
|
|
"attributes" : { }
|
|
}, {
|
|
"name" : "view-groups",
|
|
"description" : "${role_view-groups}",
|
|
"composite" : false,
|
|
"clientRole" : true,
|
|
"containerId" : "e39b3c85-bb9d-4c73-8250-be087c82ae48",
|
|
"attributes" : { }
|
|
}, {
|
|
"name" : "view-applications",
|
|
"description" : "${role_view-applications}",
|
|
"composite" : false,
|
|
"clientRole" : true,
|
|
"containerId" : "e39b3c85-bb9d-4c73-8250-be087c82ae48",
|
|
"attributes" : { }
|
|
} ]
|
|
}
|
|
},
|
|
"groups" : [ ],
|
|
"defaultRole" : {
|
|
"name" : "default-roles-spiffworkflow",
|
|
"description" : "${role_default-roles}",
|
|
"composite" : true,
|
|
"clientRole" : false,
|
|
"containerId" : "spiffworkflow-2"
|
|
},
|
|
"requiredCredentials" : [ "password" ],
|
|
"otpPolicyType" : "totp",
|
|
"otpPolicyAlgorithm" : "HmacSHA1",
|
|
"otpPolicyInitialCounter" : 0,
|
|
"otpPolicyDigits" : 6,
|
|
"otpPolicyLookAheadWindow" : 1,
|
|
"otpPolicyPeriod" : 30,
|
|
"otpPolicyCodeReusable" : false,
|
|
"otpSupportedApplications" : [ "totpAppFreeOTPName", "totpAppGoogleName" ],
|
|
"webAuthnPolicyRpEntityName" : "keycloak",
|
|
"webAuthnPolicySignatureAlgorithms" : [ "ES256" ],
|
|
"webAuthnPolicyRpId" : "",
|
|
"webAuthnPolicyAttestationConveyancePreference" : "not specified",
|
|
"webAuthnPolicyAuthenticatorAttachment" : "not specified",
|
|
"webAuthnPolicyRequireResidentKey" : "not specified",
|
|
"webAuthnPolicyUserVerificationRequirement" : "not specified",
|
|
"webAuthnPolicyCreateTimeout" : 0,
|
|
"webAuthnPolicyAvoidSameAuthenticatorRegister" : false,
|
|
"webAuthnPolicyAcceptableAaguids" : [ ],
|
|
"webAuthnPolicyPasswordlessRpEntityName" : "keycloak",
|
|
"webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ],
|
|
"webAuthnPolicyPasswordlessRpId" : "",
|
|
"webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified",
|
|
"webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified",
|
|
"webAuthnPolicyPasswordlessRequireResidentKey" : "not specified",
|
|
"webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified",
|
|
"webAuthnPolicyPasswordlessCreateTimeout" : 0,
|
|
"webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false,
|
|
"webAuthnPolicyPasswordlessAcceptableAaguids" : [ ],
|
|
"users" : [ {
|
|
"createdTimestamp" : 1676302139599,
|
|
"username" : "admin",
|
|
"enabled" : true,
|
|
"totp" : false,
|
|
"emailVerified" : false,
|
|
"email" : "admin@spiffworkflow.org",
|
|
"credentials" : [ {
|
|
"type" : "password",
|
|
"createdDate" : 1676302139645,
|
|
"secretData" : "{\"value\":\"P6nrEJgmgdL+HbNA9tPkOyHYaLAqLg6cXh27ACgVQiOox4qwNE8Iv1L4ssispV4gsmuHiY+alio/2UMuyMGvEw==\",\"salt\":\"g214ckcAyig59U/3Oqwq4w==\",\"additionalParameters\":{}}",
|
|
"credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
|
|
} ],
|
|
"disableableCredentialTypes" : [ ],
|
|
"requiredActions" : [ ],
|
|
"realmRoles" : [ "default-roles-spiffworkflow" ],
|
|
"clientRoles" : {
|
|
"realm-management" : [ "realm-admin" ]
|
|
},
|
|
"notBefore" : 0,
|
|
"groups" : [ ]
|
|
}],
|
|
"scopeMappings" : [ {
|
|
"clientScope" : "offline_access",
|
|
"roles" : [ "offline_access" ]
|
|
} ],
|
|
"clients" : [ {
|
|
"clientId" : "account",
|
|
"name" : "${client_account}",
|
|
"rootUrl" : "${authBaseUrl}",
|
|
"baseUrl" : "/realms/spiffworkflow/account/",
|
|
"surrogateAuthRequired" : false,
|
|
"enabled" : false,
|
|
"alwaysDisplayInConsole" : false,
|
|
"clientAuthenticatorType" : "client-secret",
|
|
"redirectUris" : [ "/realms/spiffworkflow/account/*" ],
|
|
"webOrigins" : [ ],
|
|
"notBefore" : 0,
|
|
"bearerOnly" : false,
|
|
"consentRequired" : false,
|
|
"standardFlowEnabled" : true,
|
|
"implicitFlowEnabled" : false,
|
|
"directAccessGrantsEnabled" : false,
|
|
"serviceAccountsEnabled" : false,
|
|
"publicClient" : true,
|
|
"frontchannelLogout" : false,
|
|
"protocol" : "openid-connect",
|
|
"attributes" : {
|
|
"saml.force.post.binding" : "false",
|
|
"saml.multivalued.roles" : "false",
|
|
"frontchannel.logout.session.required" : "false",
|
|
"post.logout.redirect.uris" : "+",
|
|
"oauth2.device.authorization.grant.enabled" : "false",
|
|
"backchannel.logout.revoke.offline.tokens" : "false",
|
|
"saml.server.signature.keyinfo.ext" : "false",
|
|
"use.refresh.tokens" : "true",
|
|
"oidc.ciba.grant.enabled" : "false",
|
|
"backchannel.logout.session.required" : "false",
|
|
"client_credentials.use_refresh_token" : "false",
|
|
"require.pushed.authorization.requests" : "false",
|
|
"saml.client.signature" : "false",
|
|
"saml.allow.ecp.flow" : "false",
|
|
"id.token.as.detached.signature" : "false",
|
|
"saml.assertion.signature" : "false",
|
|
"saml.encrypt" : "false",
|
|
"saml.server.signature" : "false",
|
|
"exclude.session.state.from.auth.response" : "false",
|
|
"saml.artifact.binding" : "false",
|
|
"saml_force_name_id_format" : "false",
|
|
"acr.loa.map" : "{}",
|
|
"tls.client.certificate.bound.access.tokens" : "false",
|
|
"saml.authnstatement" : "false",
|
|
"display.on.consent.screen" : "false",
|
|
"token.response.type.bearer.lower-case" : "false",
|
|
"saml.onetimeuse.condition" : "false"
|
|
},
|
|
"authenticationFlowBindingOverrides" : { },
|
|
"fullScopeAllowed" : false,
|
|
"nodeReRegistrationTimeout" : 0,
|
|
"defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ],
|
|
"optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
|
|
}, {
|
|
"clientId" : "admin-cli",
|
|
"name" : "${client_admin-cli}",
|
|
"description" : "",
|
|
"rootUrl" : "",
|
|
"adminUrl" : "",
|
|
"baseUrl" : "",
|
|
"surrogateAuthRequired" : false,
|
|
"enabled" : true,
|
|
"alwaysDisplayInConsole" : false,
|
|
"clientAuthenticatorType" : "client-secret",
|
|
"redirectUris" : [ ],
|
|
"webOrigins" : [ ],
|
|
"notBefore" : 0,
|
|
"bearerOnly" : false,
|
|
"consentRequired" : false,
|
|
"standardFlowEnabled" : false,
|
|
"implicitFlowEnabled" : false,
|
|
"directAccessGrantsEnabled" : true,
|
|
"serviceAccountsEnabled" : false,
|
|
"publicClient" : true,
|
|
"frontchannelLogout" : false,
|
|
"protocol" : "openid-connect",
|
|
"attributes" : {
|
|
"saml.force.post.binding" : "false",
|
|
"saml.multivalued.roles" : "false",
|
|
"frontchannel.logout.session.required" : "false",
|
|
"post.logout.redirect.uris" : "+",
|
|
"oauth2.device.authorization.grant.enabled" : "false",
|
|
"backchannel.logout.revoke.offline.tokens" : "false",
|
|
"saml.server.signature.keyinfo.ext" : "false",
|
|
"use.refresh.tokens" : "true",
|
|
"oidc.ciba.grant.enabled" : "false",
|
|
"backchannel.logout.session.required" : "false",
|
|
"client_credentials.use_refresh_token" : "false",
|
|
"require.pushed.authorization.requests" : "false",
|
|
"saml.client.signature" : "false",
|
|
"saml.allow.ecp.flow" : "false",
|
|
"id.token.as.detached.signature" : "false",
|
|
"saml.assertion.signature" : "false",
|
|
"saml.encrypt" : "false",
|
|
"saml.server.signature" : "false",
|
|
"exclude.session.state.from.auth.response" : "false",
|
|
"saml.artifact.binding" : "false",
|
|
"saml_force_name_id_format" : "false",
|
|
"acr.loa.map" : "{}",
|
|
"tls.client.certificate.bound.access.tokens" : "false",
|
|
"saml.authnstatement" : "false",
|
|
"display.on.consent.screen" : "false",
|
|
"token.response.type.bearer.lower-case" : "false",
|
|
"saml.onetimeuse.condition" : "false"
|
|
},
|
|
"authenticationFlowBindingOverrides" : { },
|
|
"fullScopeAllowed" : false,
|
|
"nodeReRegistrationTimeout" : 0,
|
|
"defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ],
|
|
"optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
|
|
}, {
|
|
"clientId" : "broker",
|
|
"name" : "${client_broker}",
|
|
"surrogateAuthRequired" : false,
|
|
"enabled" : false,
|
|
"alwaysDisplayInConsole" : false,
|
|
"clientAuthenticatorType" : "client-secret",
|
|
"redirectUris" : [ ],
|
|
"webOrigins" : [ ],
|
|
"notBefore" : 0,
|
|
"bearerOnly" : true,
|
|
"consentRequired" : false,
|
|
"standardFlowEnabled" : true,
|
|
"implicitFlowEnabled" : false,
|
|
"directAccessGrantsEnabled" : false,
|
|
"serviceAccountsEnabled" : false,
|
|
"publicClient" : false,
|
|
"frontchannelLogout" : false,
|
|
"protocol" : "openid-connect",
|
|
"attributes" : {
|
|
"saml.force.post.binding" : "false",
|
|
"saml.multivalued.roles" : "false",
|
|
"frontchannel.logout.session.required" : "false",
|
|
"post.logout.redirect.uris" : "+",
|
|
"oauth2.device.authorization.grant.enabled" : "false",
|
|
"backchannel.logout.revoke.offline.tokens" : "false",
|
|
"saml.server.signature.keyinfo.ext" : "false",
|
|
"use.refresh.tokens" : "true",
|
|
"oidc.ciba.grant.enabled" : "false",
|
|
"backchannel.logout.session.required" : "false",
|
|
"client_credentials.use_refresh_token" : "false",
|
|
"require.pushed.authorization.requests" : "false",
|
|
"saml.client.signature" : "false",
|
|
"saml.allow.ecp.flow" : "false",
|
|
"id.token.as.detached.signature" : "false",
|
|
"saml.assertion.signature" : "false",
|
|
"saml.encrypt" : "false",
|
|
"saml.server.signature" : "false",
|
|
"exclude.session.state.from.auth.response" : "false",
|
|
"saml.artifact.binding" : "false",
|
|
"saml_force_name_id_format" : "false",
|
|
"acr.loa.map" : "{}",
|
|
"tls.client.certificate.bound.access.tokens" : "false",
|
|
"saml.authnstatement" : "false",
|
|
"display.on.consent.screen" : "false",
|
|
"token.response.type.bearer.lower-case" : "false",
|
|
"saml.onetimeuse.condition" : "false"
|
|
},
|
|
"authenticationFlowBindingOverrides" : { },
|
|
"fullScopeAllowed" : false,
|
|
"nodeReRegistrationTimeout" : 0,
|
|
"defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ],
|
|
"optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
|
|
}, {
|
|
"clientId" : "realm-management",
|
|
"name" : "${client_realm-management}",
|
|
"surrogateAuthRequired" : false,
|
|
"enabled" : false,
|
|
"alwaysDisplayInConsole" : false,
|
|
"clientAuthenticatorType" : "client-secret",
|
|
"redirectUris" : [ ],
|
|
"webOrigins" : [ ],
|
|
"notBefore" : 0,
|
|
"bearerOnly" : true,
|
|
"consentRequired" : false,
|
|
"standardFlowEnabled" : true,
|
|
"implicitFlowEnabled" : false,
|
|
"directAccessGrantsEnabled" : false,
|
|
"serviceAccountsEnabled" : false,
|
|
"publicClient" : false,
|
|
"frontchannelLogout" : false,
|
|
"protocol" : "openid-connect",
|
|
"attributes" : {
|
|
"saml.force.post.binding" : "false",
|
|
"saml.multivalued.roles" : "false",
|
|
"frontchannel.logout.session.required" : "false",
|
|
"post.logout.redirect.uris" : "+",
|
|
"oauth2.device.authorization.grant.enabled" : "false",
|
|
"backchannel.logout.revoke.offline.tokens" : "false",
|
|
"saml.server.signature.keyinfo.ext" : "false",
|
|
"use.refresh.tokens" : "true",
|
|
"oidc.ciba.grant.enabled" : "false",
|
|
"backchannel.logout.session.required" : "false",
|
|
"client_credentials.use_refresh_token" : "false",
|
|
"require.pushed.authorization.requests" : "false",
|
|
"saml.client.signature" : "false",
|
|
"saml.allow.ecp.flow" : "false",
|
|
"id.token.as.detached.signature" : "false",
|
|
"saml.assertion.signature" : "false",
|
|
"saml.encrypt" : "false",
|
|
"saml.server.signature" : "false",
|
|
"exclude.session.state.from.auth.response" : "false",
|
|
"saml.artifact.binding" : "false",
|
|
"saml_force_name_id_format" : "false",
|
|
"acr.loa.map" : "{}",
|
|
"tls.client.certificate.bound.access.tokens" : "false",
|
|
"saml.authnstatement" : "false",
|
|
"display.on.consent.screen" : "false",
|
|
"token.response.type.bearer.lower-case" : "false",
|
|
"saml.onetimeuse.condition" : "false"
|
|
},
|
|
"authenticationFlowBindingOverrides" : { },
|
|
"fullScopeAllowed" : false,
|
|
"nodeReRegistrationTimeout" : 0,
|
|
"defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ],
|
|
"optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
|
|
}, {
|
|
"clientId" : "security-admin-console",
|
|
"name" : "${client_security-admin-console}",
|
|
"rootUrl" : "${authAdminUrl}",
|
|
"baseUrl" : "/admin/spiffworkflow/console/",
|
|
"surrogateAuthRequired" : false,
|
|
"enabled" : false,
|
|
"alwaysDisplayInConsole" : false,
|
|
"clientAuthenticatorType" : "client-secret",
|
|
"redirectUris" : [ "/admin/spiffworkflow/console/*" ],
|
|
"webOrigins" : [ "+" ],
|
|
"notBefore" : 0,
|
|
"bearerOnly" : false,
|
|
"consentRequired" : false,
|
|
"standardFlowEnabled" : true,
|
|
"implicitFlowEnabled" : false,
|
|
"directAccessGrantsEnabled" : false,
|
|
"serviceAccountsEnabled" : false,
|
|
"publicClient" : true,
|
|
"frontchannelLogout" : false,
|
|
"protocol" : "openid-connect",
|
|
"attributes" : {
|
|
"saml.force.post.binding" : "false",
|
|
"saml.multivalued.roles" : "false",
|
|
"frontchannel.logout.session.required" : "false",
|
|
"post.logout.redirect.uris" : "+",
|
|
"oauth2.device.authorization.grant.enabled" : "false",
|
|
"backchannel.logout.revoke.offline.tokens" : "false",
|
|
"saml.server.signature.keyinfo.ext" : "false",
|
|
"use.refresh.tokens" : "true",
|
|
"oidc.ciba.grant.enabled" : "false",
|
|
"backchannel.logout.session.required" : "false",
|
|
"client_credentials.use_refresh_token" : "false",
|
|
"require.pushed.authorization.requests" : "false",
|
|
"saml.client.signature" : "false",
|
|
"pkce.code.challenge.method" : "S256",
|
|
"saml.allow.ecp.flow" : "false",
|
|
"id.token.as.detached.signature" : "false",
|
|
"saml.assertion.signature" : "false",
|
|
"saml.encrypt" : "false",
|
|
"saml.server.signature" : "false",
|
|
"exclude.session.state.from.auth.response" : "false",
|
|
"saml.artifact.binding" : "false",
|
|
"saml_force_name_id_format" : "false",
|
|
"acr.loa.map" : "{}",
|
|
"tls.client.certificate.bound.access.tokens" : "false",
|
|
"saml.authnstatement" : "false",
|
|
"display.on.consent.screen" : "false",
|
|
"token.response.type.bearer.lower-case" : "false",
|
|
"saml.onetimeuse.condition" : "false"
|
|
},
|
|
"authenticationFlowBindingOverrides" : { },
|
|
"fullScopeAllowed" : false,
|
|
"nodeReRegistrationTimeout" : 0,
|
|
"protocolMappers" : [ {
|
|
"name" : "locale",
|
|
"protocol" : "openid-connect",
|
|
"protocolMapper" : "oidc-usermodel-attribute-mapper",
|
|
"consentRequired" : false,
|
|
"config" : {
|
|
"userinfo.token.claim" : "true",
|
|
"user.attribute" : "locale",
|
|
"id.token.claim" : "true",
|
|
"access.token.claim" : "true",
|
|
"claim.name" : "locale",
|
|
"jsonType.label" : "String"
|
|
}
|
|
} ],
|
|
"defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ],
|
|
"optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
|
|
}, {
|
|
"clientId" : "spiffworkflow-backend",
|
|
"name" : "",
|
|
"description" : "",
|
|
"rootUrl" : "",
|
|
"adminUrl" : "",
|
|
"baseUrl" : "",
|
|
"surrogateAuthRequired" : false,
|
|
"enabled" : true,
|
|
"alwaysDisplayInConsole" : false,
|
|
"clientAuthenticatorType" : "client-secret",
|
|
"secret" : "JXeQExm0JhQPLumgHtIIqf52bDalHz0q",
|
|
"redirectUris" : [ "http://localhost:7000/*", "https://replace-me-with-spiff-backend-host-and-path/*", "http://67.205.133.116:7000/*", "http://167.172.242.138:7000/*" ],
|
|
"webOrigins" : [ ],
|
|
"notBefore" : 0,
|
|
"bearerOnly" : false,
|
|
"consentRequired" : false,
|
|
"standardFlowEnabled" : true,
|
|
"implicitFlowEnabled" : false,
|
|
"directAccessGrantsEnabled" : true,
|
|
"serviceAccountsEnabled" : true,
|
|
"authorizationServicesEnabled" : true,
|
|
"publicClient" : false,
|
|
"frontchannelLogout" : false,
|
|
"protocol" : "openid-connect",
|
|
"attributes" : {
|
|
"saml.force.post.binding" : "false",
|
|
"saml.multivalued.roles" : "false",
|
|
"frontchannel.logout.session.required" : "false",
|
|
"post.logout.redirect.uris" : "https://replace-me-with-spiff-frontend-host-and-path/*##http://localhost:7001/*",
|
|
"oauth2.device.authorization.grant.enabled" : "false",
|
|
"backchannel.logout.revoke.offline.tokens" : "false",
|
|
"saml.server.signature.keyinfo.ext" : "false",
|
|
"use.refresh.tokens" : "true",
|
|
"oidc.ciba.grant.enabled" : "false",
|
|
"backchannel.logout.session.required" : "true",
|
|
"client_credentials.use_refresh_token" : "false",
|
|
"require.pushed.authorization.requests" : "false",
|
|
"saml.client.signature" : "false",
|
|
"saml.allow.ecp.flow" : "false",
|
|
"id.token.as.detached.signature" : "false",
|
|
"saml.assertion.signature" : "false",
|
|
"client.secret.creation.time" : "1657115173",
|
|
"saml.encrypt" : "false",
|
|
"saml.server.signature" : "false",
|
|
"exclude.session.state.from.auth.response" : "false",
|
|
"saml.artifact.binding" : "false",
|
|
"saml_force_name_id_format" : "false",
|
|
"acr.loa.map" : "{}",
|
|
"tls.client.certificate.bound.access.tokens" : "false",
|
|
"saml.authnstatement" : "false",
|
|
"display.on.consent.screen" : "false",
|
|
"token.response.type.bearer.lower-case" : "false",
|
|
"saml.onetimeuse.condition" : "false"
|
|
},
|
|
"authenticationFlowBindingOverrides" : { },
|
|
"fullScopeAllowed" : true,
|
|
"nodeReRegistrationTimeout" : -1,
|
|
"protocolMappers" : [ {
|
|
"name" : "Client IP Address",
|
|
"protocol" : "openid-connect",
|
|
"protocolMapper" : "oidc-usersessionmodel-note-mapper",
|
|
"consentRequired" : false,
|
|
"config" : {
|
|
"user.session.note" : "clientAddress",
|
|
"userinfo.token.claim" : "true",
|
|
"id.token.claim" : "true",
|
|
"access.token.claim" : "true",
|
|
"claim.name" : "clientAddress",
|
|
"jsonType.label" : "String"
|
|
}
|
|
}, {
|
|
"name" : "Client Host",
|
|
"protocol" : "openid-connect",
|
|
"protocolMapper" : "oidc-usersessionmodel-note-mapper",
|
|
"consentRequired" : false,
|
|
"config" : {
|
|
"user.session.note" : "clientHost",
|
|
"userinfo.token.claim" : "true",
|
|
"id.token.claim" : "true",
|
|
"access.token.claim" : "true",
|
|
"claim.name" : "clientHost",
|
|
"jsonType.label" : "String"
|
|
}
|
|
}, {
|
|
"name" : "Client ID",
|
|
"protocol" : "openid-connect",
|
|
"protocolMapper" : "oidc-usersessionmodel-note-mapper",
|
|
"consentRequired" : false,
|
|
"config" : {
|
|
"user.session.note" : "clientId",
|
|
"userinfo.token.claim" : "true",
|
|
"id.token.claim" : "true",
|
|
"access.token.claim" : "true",
|
|
"claim.name" : "clientId",
|
|
"jsonType.label" : "String"
|
|
}
|
|
}, {
|
|
"name" : "spiffworkflow-employeeid",
|
|
"protocol" : "openid-connect",
|
|
"protocolMapper" : "oidc-usermodel-attribute-mapper",
|
|
"consentRequired" : false,
|
|
"config" : {
|
|
"aggregate.attrs" : "false",
|
|
"userinfo.token.claim" : "true",
|
|
"multivalued" : "false",
|
|
"user.attribute" : "spiffworkflow-employeeid",
|
|
"id.token.claim" : "true",
|
|
"access.token.claim" : "true",
|
|
"claim.name" : "spiffworkflow-employeeid"
|
|
}
|
|
} ],
|
|
"defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ],
|
|
"optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ],
|
|
"authorizationSettings" : {
|
|
"allowRemoteResourceManagement" : true,
|
|
"policyEnforcementMode" : "ENFORCING",
|
|
"resources" : [ {
|
|
"name" : "everything",
|
|
"ownerManagedAccess" : false,
|
|
"attributes" : { },
|
|
"uris" : [ "/*" ],
|
|
"scopes" : [ {
|
|
"name" : "read"
|
|
}, {
|
|
"name" : "update"
|
|
}, {
|
|
"name" : "delete"
|
|
}, {
|
|
"name" : "instantiate"
|
|
} ]
|
|
}, {
|
|
"name" : "Default Resource",
|
|
"type" : "urn:spiffworkflow-backend:resources:default",
|
|
"ownerManagedAccess" : false,
|
|
"attributes" : { },
|
|
"uris" : [ "/*" ]
|
|
}, {
|
|
"name" : "process-model-with-repeating-form-crud",
|
|
"type" : "process-model",
|
|
"ownerManagedAccess" : false,
|
|
"displayName" : "process-model-with-repeating-form-crud",
|
|
"attributes" : {
|
|
"test_resource_att1" : [ "this_is_the_value" ]
|
|
},
|
|
"uris" : [ "/process-models/category_number_one/process-model-with-repeating-form" ],
|
|
"scopes" : [ {
|
|
"name" : "read"
|
|
}, {
|
|
"name" : "update"
|
|
}, {
|
|
"name" : "delete"
|
|
}, {
|
|
"name" : "instantiate"
|
|
} ]
|
|
} ],
|
|
"policies" : [ {
|
|
"name" : "repeat-form-role-policy",
|
|
"type" : "role",
|
|
"logic" : "POSITIVE",
|
|
"decisionStrategy" : "UNANIMOUS",
|
|
"config" : {
|
|
"roles" : "[{\"id\":\"spiffworkflow-backend/repeat-form-role-2\",\"required\":false}]"
|
|
}
|
|
}, {
|
|
"name" : "admins have everything",
|
|
"type" : "role",
|
|
"logic" : "POSITIVE",
|
|
"decisionStrategy" : "UNANIMOUS",
|
|
"config" : {
|
|
"roles" : "[{\"id\":\"spiffworkflow-backend/spiffworkflow-admin\",\"required\":false}]"
|
|
}
|
|
}, {
|
|
"name" : "Default Policy",
|
|
"description" : "A policy that grants access only for users within this realm",
|
|
"type" : "role",
|
|
"logic" : "POSITIVE",
|
|
"decisionStrategy" : "AFFIRMATIVE",
|
|
"config" : {
|
|
"roles" : "[{\"id\":\"spiffworkflow-backend/repeat-form-role-2\",\"required\":false}]"
|
|
}
|
|
}, {
|
|
"name" : "repeat-form-read",
|
|
"type" : "scope",
|
|
"logic" : "POSITIVE",
|
|
"decisionStrategy" : "UNANIMOUS",
|
|
"config" : {
|
|
"resources" : "[\"process-model-with-repeating-form-crud\"]",
|
|
"scopes" : "[\"read\"]",
|
|
"applyPolicies" : "[\"repeat-form-role-policy\"]"
|
|
}
|
|
}, {
|
|
"name" : "all_permissions",
|
|
"type" : "resource",
|
|
"logic" : "POSITIVE",
|
|
"decisionStrategy" : "UNANIMOUS",
|
|
"config" : {
|
|
"resources" : "[\"everything\"]",
|
|
"applyPolicies" : "[\"admins have everything\"]"
|
|
}
|
|
}, {
|
|
"name" : "Default Permission",
|
|
"description" : "A permission that applies to the default resource type",
|
|
"type" : "resource",
|
|
"logic" : "POSITIVE",
|
|
"decisionStrategy" : "UNANIMOUS",
|
|
"config" : {
|
|
"defaultResourceType" : "urn:spiffworkflow-backend:resources:default",
|
|
"applyPolicies" : "[\"Default Policy\"]"
|
|
}
|
|
} ],
|
|
"scopes" : [ {
|
|
"name" : "read",
|
|
"displayName" : "read"
|
|
}, {
|
|
"name" : "update",
|
|
"displayName" : "update"
|
|
}, {
|
|
"name" : "delete",
|
|
"displayName" : "delete"
|
|
}, {
|
|
"name" : "instantiate",
|
|
"displayName" : "instantiate"
|
|
} ],
|
|
"decisionStrategy" : "UNANIMOUS"
|
|
}
|
|
}, {
|
|
"clientId" : "spiffworkflow-frontend",
|
|
"surrogateAuthRequired" : false,
|
|
"enabled" : true,
|
|
"alwaysDisplayInConsole" : false,
|
|
"clientAuthenticatorType" : "client-secret",
|
|
"redirectUris" : [ "https://api.unused-for-local-dev.spiffworkflow.org/*", "http://localhost:7001/*", "http://67.205.133.116:7000/*", "http://167.172.242.138:7001/*", "https://api.demo.spiffworkflow.org/*" ],
|
|
"webOrigins" : [ "*" ],
|
|
"notBefore" : 0,
|
|
"bearerOnly" : false,
|
|
"consentRequired" : false,
|
|
"standardFlowEnabled" : true,
|
|
"implicitFlowEnabled" : false,
|
|
"directAccessGrantsEnabled" : true,
|
|
"serviceAccountsEnabled" : false,
|
|
"publicClient" : true,
|
|
"frontchannelLogout" : false,
|
|
"protocol" : "openid-connect",
|
|
"attributes" : {
|
|
"saml.force.post.binding" : "false",
|
|
"saml.multivalued.roles" : "false",
|
|
"frontchannel.logout.session.required" : "false",
|
|
"post.logout.redirect.uris" : "+",
|
|
"oauth2.device.authorization.grant.enabled" : "false",
|
|
"backchannel.logout.revoke.offline.tokens" : "false",
|
|
"saml.server.signature.keyinfo.ext" : "false",
|
|
"use.refresh.tokens" : "true",
|
|
"oidc.ciba.grant.enabled" : "false",
|
|
"backchannel.logout.session.required" : "true",
|
|
"client_credentials.use_refresh_token" : "false",
|
|
"require.pushed.authorization.requests" : "false",
|
|
"saml.client.signature" : "false",
|
|
"saml.allow.ecp.flow" : "false",
|
|
"id.token.as.detached.signature" : "false",
|
|
"saml.assertion.signature" : "false",
|
|
"saml.encrypt" : "false",
|
|
"saml.server.signature" : "false",
|
|
"exclude.session.state.from.auth.response" : "false",
|
|
"saml.artifact.binding" : "false",
|
|
"saml_force_name_id_format" : "false",
|
|
"acr.loa.map" : "{}",
|
|
"tls.client.certificate.bound.access.tokens" : "false",
|
|
"saml.authnstatement" : "false",
|
|
"display.on.consent.screen" : "false",
|
|
"token.response.type.bearer.lower-case" : "false",
|
|
"saml.onetimeuse.condition" : "false"
|
|
},
|
|
"authenticationFlowBindingOverrides" : { },
|
|
"fullScopeAllowed" : true,
|
|
"nodeReRegistrationTimeout" : -1,
|
|
"defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ],
|
|
"optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
|
|
}, {
|
|
"clientId" : "withAuth",
|
|
"surrogateAuthRequired" : false,
|
|
"enabled" : true,
|
|
"alwaysDisplayInConsole" : false,
|
|
"clientAuthenticatorType" : "client-secret",
|
|
"secret" : "6o8kIKQznQtejHOdRhWeKorBJclMGcgA",
|
|
"redirectUris" : [ "https://api.unused-for-local-dev.spiffworkflow.org/*", "http://localhost:7001/*", "http://67.205.133.116:7000/*", "http://167.172.242.138:7001/*", "https://api.demo.spiffworkflow.org/*" ],
|
|
"webOrigins" : [ ],
|
|
"notBefore" : 0,
|
|
"bearerOnly" : false,
|
|
"consentRequired" : false,
|
|
"standardFlowEnabled" : true,
|
|
"implicitFlowEnabled" : false,
|
|
"directAccessGrantsEnabled" : true,
|
|
"serviceAccountsEnabled" : true,
|
|
"authorizationServicesEnabled" : true,
|
|
"publicClient" : false,
|
|
"frontchannelLogout" : false,
|
|
"protocol" : "openid-connect",
|
|
"attributes" : {
|
|
"saml.force.post.binding" : "false",
|
|
"saml.multivalued.roles" : "false",
|
|
"frontchannel.logout.session.required" : "false",
|
|
"post.logout.redirect.uris" : "+",
|
|
"oauth2.device.authorization.grant.enabled" : "false",
|
|
"backchannel.logout.revoke.offline.tokens" : "false",
|
|
"saml.server.signature.keyinfo.ext" : "false",
|
|
"use.refresh.tokens" : "true",
|
|
"oidc.ciba.grant.enabled" : "false",
|
|
"backchannel.logout.session.required" : "true",
|
|
"client_credentials.use_refresh_token" : "false",
|
|
"require.pushed.authorization.requests" : "false",
|
|
"saml.client.signature" : "false",
|
|
"saml.allow.ecp.flow" : "false",
|
|
"id.token.as.detached.signature" : "false",
|
|
"saml.assertion.signature" : "false",
|
|
"client.secret.creation.time" : "1657055472",
|
|
"saml.encrypt" : "false",
|
|
"saml.server.signature" : "false",
|
|
"exclude.session.state.from.auth.response" : "false",
|
|
"saml.artifact.binding" : "false",
|
|
"saml_force_name_id_format" : "false",
|
|
"acr.loa.map" : "{}",
|
|
"tls.client.certificate.bound.access.tokens" : "false",
|
|
"saml.authnstatement" : "false",
|
|
"display.on.consent.screen" : "false",
|
|
"token.response.type.bearer.lower-case" : "false",
|
|
"saml.onetimeuse.condition" : "false"
|
|
},
|
|
"authenticationFlowBindingOverrides" : { },
|
|
"fullScopeAllowed" : true,
|
|
"nodeReRegistrationTimeout" : -1,
|
|
"protocolMappers" : [ {
|
|
"name" : "Client ID",
|
|
"protocol" : "openid-connect",
|
|
"protocolMapper" : "oidc-usersessionmodel-note-mapper",
|
|
"consentRequired" : false,
|
|
"config" : {
|
|
"user.session.note" : "clientId",
|
|
"userinfo.token.claim" : "true",
|
|
"id.token.claim" : "true",
|
|
"access.token.claim" : "true",
|
|
"claim.name" : "clientId",
|
|
"jsonType.label" : "String"
|
|
}
|
|
}, {
|
|
"name" : "Client Host",
|
|
"protocol" : "openid-connect",
|
|
"protocolMapper" : "oidc-usersessionmodel-note-mapper",
|
|
"consentRequired" : false,
|
|
"config" : {
|
|
"user.session.note" : "clientHost",
|
|
"userinfo.token.claim" : "true",
|
|
"id.token.claim" : "true",
|
|
"access.token.claim" : "true",
|
|
"claim.name" : "clientHost",
|
|
"jsonType.label" : "String"
|
|
}
|
|
}, {
|
|
"name" : "Client IP Address",
|
|
"protocol" : "openid-connect",
|
|
"protocolMapper" : "oidc-usersessionmodel-note-mapper",
|
|
"consentRequired" : false,
|
|
"config" : {
|
|
"user.session.note" : "clientAddress",
|
|
"userinfo.token.claim" : "true",
|
|
"id.token.claim" : "true",
|
|
"access.token.claim" : "true",
|
|
"claim.name" : "clientAddress",
|
|
"jsonType.label" : "String"
|
|
}
|
|
} ],
|
|
"defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ],
|
|
"optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ],
|
|
"authorizationSettings" : {
|
|
"allowRemoteResourceManagement" : true,
|
|
"policyEnforcementMode" : "ENFORCING",
|
|
"resources" : [ {
|
|
"name" : "Default Resource",
|
|
"type" : "urn:withAuth:resources:default",
|
|
"ownerManagedAccess" : false,
|
|
"attributes" : { },
|
|
"uris" : [ "/*" ]
|
|
} ],
|
|
"policies" : [ {
|
|
"name" : "Default Policy",
|
|
"description" : "A policy that grants access only for users within this realm",
|
|
"type" : "role",
|
|
"logic" : "POSITIVE",
|
|
"decisionStrategy" : "AFFIRMATIVE",
|
|
"config" : {
|
|
"roles" : "[{\"id\":\"spiffworkflow-backend/repeat-form-role-2\",\"required\":false}]"
|
|
}
|
|
}, {
|
|
"name" : "Default Permission",
|
|
"description" : "A permission that applies to the default resource type",
|
|
"type" : "resource",
|
|
"logic" : "POSITIVE",
|
|
"decisionStrategy" : "UNANIMOUS",
|
|
"config" : {
|
|
"defaultResourceType" : "urn:withAuth:resources:default",
|
|
"applyPolicies" : "[\"Default Policy\"]"
|
|
}
|
|
} ],
|
|
"scopes" : [ ],
|
|
"decisionStrategy" : "UNANIMOUS"
|
|
}
|
|
} ],
|
|
"clientScopes" : [ {
|
|
"name" : "acr",
|
|
"description" : "OpenID Connect scope for add acr (authentication context class reference) to the token",
|
|
"protocol" : "openid-connect",
|
|
"attributes" : {
|
|
"include.in.token.scope" : "false",
|
|
"display.on.consent.screen" : "false"
|
|
},
|
|
"protocolMappers" : [ {
|
|
"name" : "acr loa level",
|
|
"protocol" : "openid-connect",
|
|
"protocolMapper" : "oidc-acr-mapper",
|
|
"consentRequired" : false,
|
|
"config" : {
|
|
"id.token.claim" : "true",
|
|
"access.token.claim" : "true",
|
|
"userinfo.token.claim" : "true"
|
|
}
|
|
} ]
|
|
}, {
|
|
"name" : "profile",
|
|
"description" : "OpenID Connect built-in scope: profile",
|
|
"protocol" : "openid-connect",
|
|
"attributes" : {
|
|
"include.in.token.scope" : "true",
|
|
"display.on.consent.screen" : "true",
|
|
"consent.screen.text" : "${profileScopeConsentText}"
|
|
},
|
|
"protocolMappers" : [ {
|
|
"name" : "full name",
|
|
"protocol" : "openid-connect",
|
|
"protocolMapper" : "oidc-full-name-mapper",
|
|
"consentRequired" : false,
|
|
"config" : {
|
|
"id.token.claim" : "true",
|
|
"access.token.claim" : "true",
|
|
"userinfo.token.claim" : "true"
|
|
}
|
|
}, {
|
|
"name" : "website",
|
|
"protocol" : "openid-connect",
|
|
"protocolMapper" : "oidc-usermodel-attribute-mapper",
|
|
"consentRequired" : false,
|
|
"config" : {
|
|
"userinfo.token.claim" : "true",
|
|
"user.attribute" : "website",
|
|
"id.token.claim" : "true",
|
|
"access.token.claim" : "true",
|
|
"claim.name" : "website",
|
|
"jsonType.label" : "String"
|
|
}
|
|
}, {
|
|
"name" : "given name",
|
|
"protocol" : "openid-connect",
|
|
"protocolMapper" : "oidc-usermodel-property-mapper",
|
|
"consentRequired" : false,
|
|
"config" : {
|
|
"userinfo.token.claim" : "true",
|
|
"user.attribute" : "firstName",
|
|
"id.token.claim" : "true",
|
|
"access.token.claim" : "true",
|
|
"claim.name" : "given_name",
|
|
"jsonType.label" : "String"
|
|
}
|
|
}, {
|
|
"name" : "nickname",
|
|
"protocol" : "openid-connect",
|
|
"protocolMapper" : "oidc-usermodel-attribute-mapper",
|
|
"consentRequired" : false,
|
|
"config" : {
|
|
"userinfo.token.claim" : "true",
|
|
"user.attribute" : "nickname",
|
|
"id.token.claim" : "true",
|
|
"access.token.claim" : "true",
|
|
"claim.name" : "nickname",
|
|
"jsonType.label" : "String"
|
|
}
|
|
}, {
|
|
"name" : "username",
|
|
"protocol" : "openid-connect",
|
|
"protocolMapper" : "oidc-usermodel-property-mapper",
|
|
"consentRequired" : false,
|
|
"config" : {
|
|
"userinfo.token.claim" : "true",
|
|
"user.attribute" : "username",
|
|
"id.token.claim" : "true",
|
|
"access.token.claim" : "true",
|
|
"claim.name" : "preferred_username",
|
|
"jsonType.label" : "String"
|
|
}
|
|
}, {
|
|
"name" : "zoneinfo",
|
|
"protocol" : "openid-connect",
|
|
"protocolMapper" : "oidc-usermodel-attribute-mapper",
|
|
"consentRequired" : false,
|
|
"config" : {
|
|
"userinfo.token.claim" : "true",
|
|
"user.attribute" : "zoneinfo",
|
|
"id.token.claim" : "true",
|
|
"access.token.claim" : "true",
|
|
"claim.name" : "zoneinfo",
|
|
"jsonType.label" : "String"
|
|
}
|
|
}, {
|
|
"name" : "family name",
|
|
"protocol" : "openid-connect",
|
|
"protocolMapper" : "oidc-usermodel-property-mapper",
|
|
"consentRequired" : false,
|
|
"config" : {
|
|
"userinfo.token.claim" : "true",
|
|
"user.attribute" : "lastName",
|
|
"id.token.claim" : "true",
|
|
"access.token.claim" : "true",
|
|
"claim.name" : "family_name",
|
|
"jsonType.label" : "String"
|
|
}
|
|
}, {
|
|
"name" : "profile",
|
|
"protocol" : "openid-connect",
|
|
"protocolMapper" : "oidc-usermodel-attribute-mapper",
|
|
"consentRequired" : false,
|
|
"config" : {
|
|
"userinfo.token.claim" : "true",
|
|
"user.attribute" : "profile",
|
|
"id.token.claim" : "true",
|
|
"access.token.claim" : "true",
|
|
"claim.name" : "profile",
|
|
"jsonType.label" : "String"
|
|
}
|
|
}, {
|
|
"name" : "gender",
|
|
"protocol" : "openid-connect",
|
|
"protocolMapper" : "oidc-usermodel-attribute-mapper",
|
|
"consentRequired" : false,
|
|
"config" : {
|
|
"userinfo.token.claim" : "true",
|
|
"user.attribute" : "gender",
|
|
"id.token.claim" : "true",
|
|
"access.token.claim" : "true",
|
|
"claim.name" : "gender",
|
|
"jsonType.label" : "String"
|
|
}
|
|
}, {
|
|
"name" : "updated at",
|
|
"protocol" : "openid-connect",
|
|
"protocolMapper" : "oidc-usermodel-attribute-mapper",
|
|
"consentRequired" : false,
|
|
"config" : {
|
|
"userinfo.token.claim" : "true",
|
|
"user.attribute" : "updatedAt",
|
|
"id.token.claim" : "true",
|
|
"access.token.claim" : "true",
|
|
"claim.name" : "updated_at",
|
|
"jsonType.label" : "long"
|
|
}
|
|
}, {
|
|
"name" : "middle name",
|
|
"protocol" : "openid-connect",
|
|
"protocolMapper" : "oidc-usermodel-attribute-mapper",
|
|
"consentRequired" : false,
|
|
"config" : {
|
|
"userinfo.token.claim" : "true",
|
|
"user.attribute" : "middleName",
|
|
"id.token.claim" : "true",
|
|
"access.token.claim" : "true",
|
|
"claim.name" : "middle_name",
|
|
"jsonType.label" : "String"
|
|
}
|
|
}, {
|
|
"name" : "picture",
|
|
"protocol" : "openid-connect",
|
|
"protocolMapper" : "oidc-usermodel-attribute-mapper",
|
|
"consentRequired" : false,
|
|
"config" : {
|
|
"userinfo.token.claim" : "true",
|
|
"user.attribute" : "picture",
|
|
"id.token.claim" : "true",
|
|
"access.token.claim" : "true",
|
|
"claim.name" : "picture",
|
|
"jsonType.label" : "String"
|
|
}
|
|
}, {
|
|
"name" : "birthdate",
|
|
"protocol" : "openid-connect",
|
|
"protocolMapper" : "oidc-usermodel-attribute-mapper",
|
|
"consentRequired" : false,
|
|
"config" : {
|
|
"userinfo.token.claim" : "true",
|
|
"user.attribute" : "birthdate",
|
|
"id.token.claim" : "true",
|
|
"access.token.claim" : "true",
|
|
"claim.name" : "birthdate",
|
|
"jsonType.label" : "String"
|
|
}
|
|
}, {
|
|
"name" : "locale",
|
|
"protocol" : "openid-connect",
|
|
"protocolMapper" : "oidc-usermodel-attribute-mapper",
|
|
"consentRequired" : false,
|
|
"config" : {
|
|
"userinfo.token.claim" : "true",
|
|
"user.attribute" : "locale",
|
|
"id.token.claim" : "true",
|
|
"access.token.claim" : "true",
|
|
"claim.name" : "locale",
|
|
"jsonType.label" : "String"
|
|
}
|
|
} ]
|
|
}, {
|
|
"name" : "email",
|
|
"description" : "OpenID Connect built-in scope: email",
|
|
"protocol" : "openid-connect",
|
|
"attributes" : {
|
|
"include.in.token.scope" : "true",
|
|
"display.on.consent.screen" : "true",
|
|
"consent.screen.text" : "${emailScopeConsentText}"
|
|
},
|
|
"protocolMappers" : [ {
|
|
"name" : "email",
|
|
"protocol" : "openid-connect",
|
|
"protocolMapper" : "oidc-usermodel-property-mapper",
|
|
"consentRequired" : false,
|
|
"config" : {
|
|
"userinfo.token.claim" : "true",
|
|
"user.attribute" : "email",
|
|
"id.token.claim" : "true",
|
|
"access.token.claim" : "true",
|
|
"claim.name" : "email",
|
|
"jsonType.label" : "String"
|
|
}
|
|
}, {
|
|
"name" : "email verified",
|
|
"protocol" : "openid-connect",
|
|
"protocolMapper" : "oidc-usermodel-property-mapper",
|
|
"consentRequired" : false,
|
|
"config" : {
|
|
"userinfo.token.claim" : "true",
|
|
"user.attribute" : "emailVerified",
|
|
"id.token.claim" : "true",
|
|
"access.token.claim" : "true",
|
|
"claim.name" : "email_verified",
|
|
"jsonType.label" : "boolean"
|
|
}
|
|
} ]
|
|
}, {
|
|
"name" : "phone",
|
|
"description" : "OpenID Connect built-in scope: phone",
|
|
"protocol" : "openid-connect",
|
|
"attributes" : {
|
|
"include.in.token.scope" : "true",
|
|
"display.on.consent.screen" : "true",
|
|
"consent.screen.text" : "${phoneScopeConsentText}"
|
|
},
|
|
"protocolMappers" : [ {
|
|
"name" : "phone number",
|
|
"protocol" : "openid-connect",
|
|
"protocolMapper" : "oidc-usermodel-attribute-mapper",
|
|
"consentRequired" : false,
|
|
"config" : {
|
|
"userinfo.token.claim" : "true",
|
|
"user.attribute" : "phoneNumber",
|
|
"id.token.claim" : "true",
|
|
"access.token.claim" : "true",
|
|
"claim.name" : "phone_number",
|
|
"jsonType.label" : "String"
|
|
}
|
|
}, {
|
|
"name" : "phone number verified",
|
|
"protocol" : "openid-connect",
|
|
"protocolMapper" : "oidc-usermodel-attribute-mapper",
|
|
"consentRequired" : false,
|
|
"config" : {
|
|
"userinfo.token.claim" : "true",
|
|
"user.attribute" : "phoneNumberVerified",
|
|
"id.token.claim" : "true",
|
|
"access.token.claim" : "true",
|
|
"claim.name" : "phone_number_verified",
|
|
"jsonType.label" : "boolean"
|
|
}
|
|
} ]
|
|
}, {
|
|
"name" : "microprofile-jwt",
|
|
"description" : "Microprofile - JWT built-in scope",
|
|
"protocol" : "openid-connect",
|
|
"attributes" : {
|
|
"include.in.token.scope" : "true",
|
|
"display.on.consent.screen" : "false"
|
|
},
|
|
"protocolMappers" : [ {
|
|
"name" : "groups",
|
|
"protocol" : "openid-connect",
|
|
"protocolMapper" : "oidc-usermodel-realm-role-mapper",
|
|
"consentRequired" : false,
|
|
"config" : {
|
|
"multivalued" : "true",
|
|
"userinfo.token.claim" : "true",
|
|
"user.attribute" : "foo",
|
|
"id.token.claim" : "true",
|
|
"access.token.claim" : "true",
|
|
"claim.name" : "groups",
|
|
"jsonType.label" : "String"
|
|
}
|
|
}, {
|
|
"name" : "upn",
|
|
"protocol" : "openid-connect",
|
|
"protocolMapper" : "oidc-usermodel-property-mapper",
|
|
"consentRequired" : false,
|
|
"config" : {
|
|
"userinfo.token.claim" : "true",
|
|
"user.attribute" : "username",
|
|
"id.token.claim" : "true",
|
|
"access.token.claim" : "true",
|
|
"claim.name" : "upn",
|
|
"jsonType.label" : "String"
|
|
}
|
|
} ]
|
|
}, {
|
|
"name" : "roles",
|
|
"description" : "OpenID Connect scope for add user roles to the access token",
|
|
"protocol" : "openid-connect",
|
|
"attributes" : {
|
|
"include.in.token.scope" : "false",
|
|
"display.on.consent.screen" : "true",
|
|
"consent.screen.text" : "${rolesScopeConsentText}"
|
|
},
|
|
"protocolMappers" : [ {
|
|
"name" : "audience resolve",
|
|
"protocol" : "openid-connect",
|
|
"protocolMapper" : "oidc-audience-resolve-mapper",
|
|
"consentRequired" : false,
|
|
"config" : { }
|
|
}, {
|
|
"name" : "realm roles",
|
|
"protocol" : "openid-connect",
|
|
"protocolMapper" : "oidc-usermodel-realm-role-mapper",
|
|
"consentRequired" : false,
|
|
"config" : {
|
|
"user.attribute" : "foo",
|
|
"access.token.claim" : "true",
|
|
"claim.name" : "realm_access.roles",
|
|
"jsonType.label" : "String",
|
|
"multivalued" : "true"
|
|
}
|
|
}, {
|
|
"name" : "client roles",
|
|
"protocol" : "openid-connect",
|
|
"protocolMapper" : "oidc-usermodel-client-role-mapper",
|
|
"consentRequired" : false,
|
|
"config" : {
|
|
"user.attribute" : "foo",
|
|
"access.token.claim" : "true",
|
|
"claim.name" : "resource_access.${client_id}.roles",
|
|
"jsonType.label" : "String",
|
|
"multivalued" : "true"
|
|
}
|
|
} ]
|
|
}, {
|
|
"name" : "offline_access",
|
|
"description" : "OpenID Connect built-in scope: offline_access",
|
|
"protocol" : "openid-connect",
|
|
"attributes" : {
|
|
"consent.screen.text" : "${offlineAccessScopeConsentText}",
|
|
"display.on.consent.screen" : "true"
|
|
}
|
|
}, {
|
|
"name" : "web-origins",
|
|
"description" : "OpenID Connect scope for add allowed web origins to the access token",
|
|
"protocol" : "openid-connect",
|
|
"attributes" : {
|
|
"include.in.token.scope" : "false",
|
|
"display.on.consent.screen" : "false",
|
|
"consent.screen.text" : ""
|
|
},
|
|
"protocolMappers" : [ {
|
|
"name" : "allowed web origins",
|
|
"protocol" : "openid-connect",
|
|
"protocolMapper" : "oidc-allowed-origins-mapper",
|
|
"consentRequired" : false,
|
|
"config" : { }
|
|
} ]
|
|
}, {
|
|
"name" : "role_list",
|
|
"description" : "SAML role list",
|
|
"protocol" : "saml",
|
|
"attributes" : {
|
|
"consent.screen.text" : "${samlRoleListScopeConsentText}",
|
|
"display.on.consent.screen" : "true"
|
|
},
|
|
"protocolMappers" : [ {
|
|
"name" : "role list",
|
|
"protocol" : "saml",
|
|
"protocolMapper" : "saml-role-list-mapper",
|
|
"consentRequired" : false,
|
|
"config" : {
|
|
"single" : "false",
|
|
"attribute.nameformat" : "Basic",
|
|
"attribute.name" : "Role"
|
|
}
|
|
} ]
|
|
}, {
|
|
"name" : "address",
|
|
"description" : "OpenID Connect built-in scope: address",
|
|
"protocol" : "openid-connect",
|
|
"attributes" : {
|
|
"include.in.token.scope" : "true",
|
|
"display.on.consent.screen" : "true",
|
|
"consent.screen.text" : "${addressScopeConsentText}"
|
|
},
|
|
"protocolMappers" : [ {
|
|
"name" : "address",
|
|
"protocol" : "openid-connect",
|
|
"protocolMapper" : "oidc-address-mapper",
|
|
"consentRequired" : false,
|
|
"config" : {
|
|
"user.attribute.formatted" : "formatted",
|
|
"user.attribute.country" : "country",
|
|
"user.attribute.postal_code" : "postal_code",
|
|
"userinfo.token.claim" : "true",
|
|
"user.attribute.street" : "street",
|
|
"id.token.claim" : "true",
|
|
"user.attribute.region" : "region",
|
|
"access.token.claim" : "true",
|
|
"user.attribute.locality" : "locality"
|
|
}
|
|
} ]
|
|
} ],
|
|
"defaultDefaultClientScopes" : [ "email", "profile", "role_list", "roles", "acr", "web-origins" ],
|
|
"defaultOptionalClientScopes" : [ "offline_access", "phone", "microprofile-jwt", "address" ],
|
|
"browserSecurityHeaders" : {
|
|
"contentSecurityPolicyReportOnly" : "",
|
|
"xContentTypeOptions" : "nosniff",
|
|
"xRobotsTag" : "none",
|
|
"xFrameOptions" : "SAMEORIGIN",
|
|
"contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
|
|
"xXSSProtection" : "1; mode=block",
|
|
"strictTransportSecurity" : "max-age=31536000; includeSubDomains"
|
|
},
|
|
"smtpServer" : { },
|
|
"eventsEnabled" : false,
|
|
"eventsListeners" : [ "jboss-logging" ],
|
|
"enabledEventTypes" : [ ],
|
|
"adminEventsEnabled" : false,
|
|
"adminEventsDetailsEnabled" : false,
|
|
"identityProviders" : [ ],
|
|
"identityProviderMappers" : [ ],
|
|
"components" : {
|
|
"org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ {
|
|
"name" : "Trusted Hosts",
|
|
"providerId" : "trusted-hosts",
|
|
"subType" : "anonymous",
|
|
"subComponents" : { },
|
|
"config" : {
|
|
"host-sending-registration-request-must-match" : [ "true" ],
|
|
"client-uris-must-match" : [ "true" ]
|
|
}
|
|
}, {
|
|
"name" : "Allowed Protocol Mapper Types",
|
|
"providerId" : "allowed-protocol-mappers",
|
|
"subType" : "authenticated",
|
|
"subComponents" : { },
|
|
"config" : {
|
|
"allowed-protocol-mapper-types" : [ "oidc-sha256-pairwise-sub-mapper", "oidc-address-mapper", "oidc-full-name-mapper", "saml-user-attribute-mapper", "oidc-usermodel-property-mapper", "saml-role-list-mapper", "saml-user-property-mapper", "oidc-usermodel-attribute-mapper" ]
|
|
}
|
|
}, {
|
|
"name" : "Max Clients Limit",
|
|
"providerId" : "max-clients",
|
|
"subType" : "anonymous",
|
|
"subComponents" : { },
|
|
"config" : {
|
|
"max-clients" : [ "200" ]
|
|
}
|
|
}, {
|
|
"name" : "Allowed Protocol Mapper Types",
|
|
"providerId" : "allowed-protocol-mappers",
|
|
"subType" : "anonymous",
|
|
"subComponents" : { },
|
|
"config" : {
|
|
"allowed-protocol-mapper-types" : [ "oidc-full-name-mapper", "saml-user-property-mapper", "oidc-usermodel-property-mapper", "saml-role-list-mapper", "oidc-address-mapper", "saml-user-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-attribute-mapper" ]
|
|
}
|
|
}, {
|
|
"name" : "Allowed Client Scopes",
|
|
"providerId" : "allowed-client-templates",
|
|
"subType" : "authenticated",
|
|
"subComponents" : { },
|
|
"config" : {
|
|
"allow-default-scopes" : [ "true" ]
|
|
}
|
|
}, {
|
|
"name" : "Consent Required",
|
|
"providerId" : "consent-required",
|
|
"subType" : "anonymous",
|
|
"subComponents" : { },
|
|
"config" : { }
|
|
}, {
|
|
"name" : "Full Scope Disabled",
|
|
"providerId" : "scope",
|
|
"subType" : "anonymous",
|
|
"subComponents" : { },
|
|
"config" : { }
|
|
}, {
|
|
"name" : "Allowed Client Scopes",
|
|
"providerId" : "allowed-client-templates",
|
|
"subType" : "anonymous",
|
|
"subComponents" : { },
|
|
"config" : {
|
|
"allow-default-scopes" : [ "true" ]
|
|
}
|
|
} ],
|
|
"org.keycloak.userprofile.UserProfileProvider" : [ {
|
|
"providerId" : "declarative-user-profile",
|
|
"subComponents" : { },
|
|
"config" : { }
|
|
} ],
|
|
"org.keycloak.keys.KeyProvider" : [ {
|
|
"name" : "hmac-generated",
|
|
"providerId" : "hmac-generated",
|
|
"subComponents" : { },
|
|
"config" : {
|
|
"kid" : [ "4e99c641-0494-49d5-979f-45cb5126f6f1" ],
|
|
"secret" : [ "4wV4voiQmFajEegv83Ugd8DxFoy3JpN4YzO5qMx4XfB7Abq8NKU4Az5AkSpxYBSdb5GJEQypA4aLmnaDyCWLIw" ],
|
|
"priority" : [ "100" ],
|
|
"algorithm" : [ "HS256" ]
|
|
}
|
|
}, {
|
|
"name" : "aes-generated",
|
|
"providerId" : "aes-generated",
|
|
"subComponents" : { },
|
|
"config" : {
|
|
"kid" : [ "76118b54-fc74-4149-9028-fab1fdc07860" ],
|
|
"secret" : [ "DvxTn0KA4TEUPqSFBw8qAw" ],
|
|
"priority" : [ "100" ]
|
|
}
|
|
}, {
|
|
"name" : "rsa-generated",
|
|
"providerId" : "rsa-generated",
|
|
"subComponents" : { },
|
|
"config" : {
|
|
"privateKey" : [ "MIIEpAIBAAKCAQEAimbfmG2pL3qesWhUrQayRyYBbRFE0Ul5Ii/AW8Kq6Kad9R2n2sT2BvXWnsWBH6KuINUFJz3Tb+gWy235Jy0Idmekwx63JR20//ZJ7dyQ+b1iadmYPpqyixGL7NrVxQYT0AEGLcD/Fwsh869F3jgfQt7N15q2arRnOrW5NMwi+IvtHxZRZ3UluxShut2577ef8cakwCv4zoTV29y+Z3XhtlKZ4WOCuqIHL3SRHwNkb+k8cY0Gwc88FHl/ihFR0fX/lc7W2AHRd98ex8il4kBFfShBZur8ZLE7QWQdXRY2EYYr3D/W6/5wf/R2fAvbVmGzcYGZ2qm6d+K1XH8VU3X84wIDAQABAoIBABXXrHwa+nOCz57CD3MLNoGiDuGOsySwisyJartQmraC7TTtDDurkASDMe72zq0WeJK368tIp6DmqQpL/eFf6xD8xHUC2PajnJg033AJuluftvNroupmcb0e9M1ZsBkbH29Zagc4iUmyuRYDWGx8wPpFvYjEYvuuIwiR+3vIp9A/0ZbcBwdtml3Of5gYTXChPj28PrA4K7oFib2Zu1aYCBEdF8h9bKRF/UlvyWeSajjddexSQ6gkEjzAEMpliCDbOGSFGwNu1pY7FF4EpyJbalzdpn44m5v9bqfS9/CDrIOOUus88Nn5wCD2OAmAQnWn0Hnh7at4A5fw3VBUmEt70ckCgYEAx0Fg8Gp3SuMaytrf9HJHJcltyDRsdSxysF1ZvDV9cDUsD28QOa/wFJRVsABxqElU+W6QEc20NMgOHVyPFed5UhQA6WfmydzGIcF5C6T5IbE/5Uk3ptGuPdI0aR7rlRfefQOnUBr28dz5UDBTb93t9+Klxcss+nLGRbugnFBAtTUCgYEAsdD+92nuF/GfET97vbHxtJ6+epHddttWlsa5PVeVOZBE/LUsOZRxmxm4afvZGOkhUrvmA1+U0arcp9crS5+Ol2LUGh/9efqLvoBImBxLwB37VcIYLJi0EVPrhVPh+9r3vah1YMBhtapS0VtuEZOr47Yz7asBg1s1Z06l+bD1JLcCgYA+3YS9NYn/qZl5aQcBs9B4vo2RfeC+M1DYDgvS0rmJ3mzRTcQ7vyOrCoXiarFxW/mgXN69jz4M7RVu9BX83jQrzj3fZjWteKdWXRlYsCseEzNKnwgc7MjhnmGEzQmc15QNs0plfqxs8MAEKcsZX1bGP873kbvWJMIjnCf3SWaxBQKBgQCh9zt2w19jIewA+vFMbXw7SGk6Hgk6zTlG50YtkMxU/YtJIAFjhUohu8DVkNhDr35x7MLribF1dYu9ueku3ew1CokmLsNkywllAVaebw+0s9qOV9hLLuC989HQxQJPtTj54SrhcPrPTZBYME7G5dqo9PrB3oTnUDoJmoLmOABjawKBgQCeyd12ShpKYHZS4ZvE87OfXanuNfpVxhcXOqYHpQz2W0a+oUu9e78MlwTVooR4O52W/Ohch2FPEzq/1DBjJrK6PrMY8DS018BIVpQ9DS35/Ga9NtSi8DX7jTXacYPwL9n/+//U3vw0mjaoMXgCv44nYu4ro62J6wvVM98hjQmLJw==" ],
|
|
"keyUse" : [ "SIG" ],
|
|
"certificate" : [ "MIICqTCCAZECBgGBz6+bXzANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1zcGlmZndvcmtmbG93MB4XDTIyMDcwNTE4NDUwMVoXDTMyMDcwNTE4NDY0MVowGDEWMBQGA1UEAwwNc3BpZmZ3b3JrZmxvdzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIpm35htqS96nrFoVK0GskcmAW0RRNFJeSIvwFvCquimnfUdp9rE9gb11p7FgR+iriDVBSc902/oFstt+SctCHZnpMMetyUdtP/2Se3ckPm9YmnZmD6asosRi+za1cUGE9ABBi3A/xcLIfOvRd44H0Lezdeatmq0Zzq1uTTMIviL7R8WUWd1JbsUobrdue+3n/HGpMAr+M6E1dvcvmd14bZSmeFjgrqiBy90kR8DZG/pPHGNBsHPPBR5f4oRUdH1/5XO1tgB0XffHsfIpeJARX0oQWbq/GSxO0FkHV0WNhGGK9w/1uv+cH/0dnwL21Zhs3GBmdqpunfitVx/FVN1/OMCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAaI7BEPZpf4MU7bMWmNgyfRTRDy5wtpyfuLPGHZ9EqtnvwwzsmlmXXsC55SLXx3wJETm+rFqeRFbo/hamlRajzzD317AUpE7nhnONTukmh6UuB8hXoWiQTD+YDYMy8kneSP4zvfm27F+TgUC4cvJSYuWVaCxFx52kxqW1hZkBzYUcfi21Qb1jRrbTbso37BxuVX+GdN015If3DPD6QnAhLPAYEFA9jiL16YeMdWHdvlXXmvriDegMUYQjFYPRh6iPzUEdG6KGHItF4AkOYBQAcoaYhfxpxofVlDdOqMZ/1c7AAbe4lR6/jYQ0CbHwdUu4dzJQe3vxr7GdxcB1ypvXPA==" ],
|
|
"priority" : [ "100" ]
|
|
}
|
|
}, {
|
|
"name" : "rsa-enc-generated",
|
|
"providerId" : "rsa-enc-generated",
|
|
"subComponents" : { },
|
|
"config" : {
|
|
"privateKey" : [ "MIIEowIBAAKCAQEAsqGsclDQDFSTn8HS1LiiNAnTwn3CS8HXPLDYMHr/jUQ8r5eD+vQY5ICh5V5c8l8J6ydbpzffFEKam54Ypp4yzaWJZ4huYBMf4vL7xrAZ4VXBreu16BIxOrThzrJe9WmI8+Annzo62mNYZbjf4WNpZDURmxZSo7v6Czprd5O6T4N5bxr8sjRRptZR8hxtrRvJnuC0jF+dLHIO5SKR1hUVG/gbpIBqGcsLkNC9nnS6M/N5YFzUIV5JhXo3+mrR/yvw7m+oS5yRsN0raCSXVenNP05Dhsd4FOYqoXBBcdgXXbiDxed0HWB/g5dASqyMydHriddGr8FU0W8/uZmF79wxPwIDAQABAoIBAFsWCaL5Bj1jWytZYDJMO5mhcTN5gPu0ShaObo66CVl1dCRtdEUg9xh9ZxBYf7ivMZWRKjEoUj44gDHd+d/sRyeJw3jhnraqydWl5TC5V1kJq4sN6GH/9M5kscf+OGGXgNgqcsnEnYICqm6kSLTbRkBstx+H0HfhQG09StNcpuIn4MsoMZT8XmZbXRLb3FhfpuTSX3t2nbSDRfUf7LI1EDnFQen/AJAA5lOHthLCdz4Gj1vfalOFjCMYOUWmL/mCDEb38F6QJZxkyhmS/r2kM09PFLOio6z3J8C8mVeq7uao0s5xAKj5SJqx4r+TTvL5aOF8JBWm8Hz1Vcip9/MjsQECgYEA/8Hpb4RggNyn+YzTxqxtPtbLFL0YywtNT+gutmJH1gyTjfx7p3dmA/NsdIeuJmBpZfA7oDXIqfj2M9QLfC5bdKnggQzrIO3BgClI88zOIWd229Bt6D1yx92k4+9eaRwOKBPn8+u0mCk8TBv32ecMLQ9o8AKNIHeCZQjByvOrIMECgYEAss0J3TzrRuEOpnxJ9fNOeB3rNpIFrpNua+oEQI4gDbBvyT7osBKkGqfXJpUQMftr8a6uBHLHV7/Wq6/aRkRhk+aER8h01DUIWGLmbCUdkFSJZ8iObMZQvURtckhzxxhYu0Ybwn0RJg/zzR4onTRO+eL1fTnb5Id55PyPt3Pp0f8CgYEAovDOoP6MYOyzk5h1/7gwrX04ytCicBGWQtdgk0/QBn3ir+3wdcPq2Y+HREKA3/BClfBUfIBnhGqZqHFqk8YQ/CWSY4Vwc30l71neIX0UwlFhdy+2JeSoMM9z0sfYtUxrdHsiJtO/LcXvpWmYIVpC9p4/s9FcShf5mhbXKE7PcsECgYBN7qqvAH94LF4rWJ8QEZWRK1E7Ptg1KFOHu79Qt+HmtZFzwPTA0c8vQxq22V/uuSxqcf2tOK4EZDxYJtTXrbRuN5pOg2PQnrDdfXX7iw3gu8gMMVFKvgGxDSM7HbNBAy6hqcQtuD+CPI/CRrPjGUqXBkKD63UZnacWlLK7fk1a1wKBgExUaqOBKmr0vldVn66E1XzZj4F4+fV5Ggka9289pBNBRlJFD4VmIYkDkOrLimyy2cYeCkocrOvF6HMJqTcOzD50pj44OWkYFRbs6vK0S7iLSX0eR158XOR9C+uZzp1vIA4sYwW3504HVdVoIU5M8ItSgDsFjGnvHopTGu3MBWPT" ],
|
|
"keyUse" : [ "ENC" ],
|
|
"certificate" : [ "MIICqTCCAZECBgGBz6+byzANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1zcGlmZndvcmtmbG93MB4XDTIyMDcwNTE4NDUwMVoXDTMyMDcwNTE4NDY0MVowGDEWMBQGA1UEAwwNc3BpZmZ3b3JrZmxvdzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALKhrHJQ0AxUk5/B0tS4ojQJ08J9wkvB1zyw2DB6/41EPK+Xg/r0GOSAoeVeXPJfCesnW6c33xRCmpueGKaeMs2liWeIbmATH+Ly+8awGeFVwa3rtegSMTq04c6yXvVpiPPgJ586OtpjWGW43+FjaWQ1EZsWUqO7+gs6a3eTuk+DeW8a/LI0UabWUfIcba0byZ7gtIxfnSxyDuUikdYVFRv4G6SAahnLC5DQvZ50ujPzeWBc1CFeSYV6N/pq0f8r8O5vqEuckbDdK2gkl1XpzT9OQ4bHeBTmKqFwQXHYF124g8XndB1gf4OXQEqsjMnR64nXRq/BVNFvP7mZhe/cMT8CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEArDDC7bYbuBg33PbUQi7P77lV7PuE9uQU1F3HqulhkARQeM/xmBdJRj9CHjj62shkI3An70tJtGBJkVAHltmvjC+A6IDO5I8IbnPkvWJFu9HwphdP/C1HXYmGPPe7yGdKpy6mdCZ+LMZP7BENhOlx9yXLDFYtcGvqZ4u3XvfsLqUsRGqZHNlhVJD13dUbI6pvbwMsb3gIxozgTIa2ySHMbHafln2UQk5jD0eOIVkaNAdlHqMHiBpPjkoVxnhAmJ/dUIAqKBvuIbCOu9N0kOQSl82LqC7CZ21JCyT86Ll3n1RTkxY5G3JzGW4dyJMOGSyVnWaQ9Z+C92ZMFcOt611M2A==" ],
|
|
"priority" : [ "100" ],
|
|
"algorithm" : [ "RSA-OAEP" ]
|
|
}
|
|
} ]
|
|
},
|
|
"internationalizationEnabled" : false,
|
|
"supportedLocales" : [ ],
|
|
"authenticationFlows" : [ {
|
|
"alias" : "Account verification options",
|
|
"description" : "Method with which to verity the existing account",
|
|
"providerId" : "basic-flow",
|
|
"topLevel" : false,
|
|
"builtIn" : true,
|
|
"authenticationExecutions" : [ {
|
|
"authenticator" : "idp-email-verification",
|
|
"authenticatorFlow" : false,
|
|
"requirement" : "ALTERNATIVE",
|
|
"priority" : 10,
|
|
"autheticatorFlow" : false,
|
|
"userSetupAllowed" : false
|
|
}, {
|
|
"authenticatorFlow" : true,
|
|
"requirement" : "ALTERNATIVE",
|
|
"priority" : 20,
|
|
"autheticatorFlow" : true,
|
|
"flowAlias" : "Verify Existing Account by Re-authentication",
|
|
"userSetupAllowed" : false
|
|
} ]
|
|
}, {
|
|
"alias" : "Authentication Options",
|
|
"description" : "Authentication options.",
|
|
"providerId" : "basic-flow",
|
|
"topLevel" : false,
|
|
"builtIn" : true,
|
|
"authenticationExecutions" : [ {
|
|
"authenticator" : "basic-auth",
|
|
"authenticatorFlow" : false,
|
|
"requirement" : "REQUIRED",
|
|
"priority" : 10,
|
|
"autheticatorFlow" : false,
|
|
"userSetupAllowed" : false
|
|
}, {
|
|
"authenticator" : "basic-auth-otp",
|
|
"authenticatorFlow" : false,
|
|
"requirement" : "DISABLED",
|
|
"priority" : 20,
|
|
"autheticatorFlow" : false,
|
|
"userSetupAllowed" : false
|
|
}, {
|
|
"authenticator" : "auth-spnego",
|
|
"authenticatorFlow" : false,
|
|
"requirement" : "DISABLED",
|
|
"priority" : 30,
|
|
"autheticatorFlow" : false,
|
|
"userSetupAllowed" : false
|
|
} ]
|
|
}, {
|
|
"alias" : "Browser - Conditional OTP",
|
|
"description" : "Flow to determine if the OTP is required for the authentication",
|
|
"providerId" : "basic-flow",
|
|
"topLevel" : false,
|
|
"builtIn" : true,
|
|
"authenticationExecutions" : [ {
|
|
"authenticator" : "conditional-user-configured",
|
|
"authenticatorFlow" : false,
|
|
"requirement" : "REQUIRED",
|
|
"priority" : 10,
|
|
"autheticatorFlow" : false,
|
|
"userSetupAllowed" : false
|
|
}, {
|
|
"authenticator" : "auth-otp-form",
|
|
"authenticatorFlow" : false,
|
|
"requirement" : "REQUIRED",
|
|
"priority" : 20,
|
|
"autheticatorFlow" : false,
|
|
"userSetupAllowed" : false
|
|
} ]
|
|
}, {
|
|
"alias" : "Direct Grant - Conditional OTP",
|
|
"description" : "Flow to determine if the OTP is required for the authentication",
|
|
"providerId" : "basic-flow",
|
|
"topLevel" : false,
|
|
"builtIn" : true,
|
|
"authenticationExecutions" : [ {
|
|
"authenticator" : "conditional-user-configured",
|
|
"authenticatorFlow" : false,
|
|
"requirement" : "REQUIRED",
|
|
"priority" : 10,
|
|
"autheticatorFlow" : false,
|
|
"userSetupAllowed" : false
|
|
}, {
|
|
"authenticator" : "direct-grant-validate-otp",
|
|
"authenticatorFlow" : false,
|
|
"requirement" : "REQUIRED",
|
|
"priority" : 20,
|
|
"autheticatorFlow" : false,
|
|
"userSetupAllowed" : false
|
|
} ]
|
|
}, {
|
|
"alias" : "First broker login - Conditional OTP",
|
|
"description" : "Flow to determine if the OTP is required for the authentication",
|
|
"providerId" : "basic-flow",
|
|
"topLevel" : false,
|
|
"builtIn" : true,
|
|
"authenticationExecutions" : [ {
|
|
"authenticator" : "conditional-user-configured",
|
|
"authenticatorFlow" : false,
|
|
"requirement" : "REQUIRED",
|
|
"priority" : 10,
|
|
"autheticatorFlow" : false,
|
|
"userSetupAllowed" : false
|
|
}, {
|
|
"authenticator" : "auth-otp-form",
|
|
"authenticatorFlow" : false,
|
|
"requirement" : "REQUIRED",
|
|
"priority" : 20,
|
|
"autheticatorFlow" : false,
|
|
"userSetupAllowed" : false
|
|
} ]
|
|
}, {
|
|
"alias" : "Handle Existing Account",
|
|
"description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider",
|
|
"providerId" : "basic-flow",
|
|
"topLevel" : false,
|
|
"builtIn" : true,
|
|
"authenticationExecutions" : [ {
|
|
"authenticator" : "idp-confirm-link",
|
|
"authenticatorFlow" : false,
|
|
"requirement" : "REQUIRED",
|
|
"priority" : 10,
|
|
"autheticatorFlow" : false,
|
|
"userSetupAllowed" : false
|
|
}, {
|
|
"authenticatorFlow" : true,
|
|
"requirement" : "REQUIRED",
|
|
"priority" : 20,
|
|
"autheticatorFlow" : true,
|
|
"flowAlias" : "Account verification options",
|
|
"userSetupAllowed" : false
|
|
} ]
|
|
}, {
|
|
"alias" : "Reset - Conditional OTP",
|
|
"description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.",
|
|
"providerId" : "basic-flow",
|
|
"topLevel" : false,
|
|
"builtIn" : true,
|
|
"authenticationExecutions" : [ {
|
|
"authenticator" : "conditional-user-configured",
|
|
"authenticatorFlow" : false,
|
|
"requirement" : "REQUIRED",
|
|
"priority" : 10,
|
|
"autheticatorFlow" : false,
|
|
"userSetupAllowed" : false
|
|
}, {
|
|
"authenticator" : "reset-otp",
|
|
"authenticatorFlow" : false,
|
|
"requirement" : "REQUIRED",
|
|
"priority" : 20,
|
|
"autheticatorFlow" : false,
|
|
"userSetupAllowed" : false
|
|
} ]
|
|
}, {
|
|
"alias" : "User creation or linking",
|
|
"description" : "Flow for the existing/non-existing user alternatives",
|
|
"providerId" : "basic-flow",
|
|
"topLevel" : false,
|
|
"builtIn" : true,
|
|
"authenticationExecutions" : [ {
|
|
"authenticatorConfig" : "create unique user config",
|
|
"authenticator" : "idp-create-user-if-unique",
|
|
"authenticatorFlow" : false,
|
|
"requirement" : "ALTERNATIVE",
|
|
"priority" : 10,
|
|
"autheticatorFlow" : false,
|
|
"userSetupAllowed" : false
|
|
}, {
|
|
"authenticatorFlow" : true,
|
|
"requirement" : "ALTERNATIVE",
|
|
"priority" : 20,
|
|
"autheticatorFlow" : true,
|
|
"flowAlias" : "Handle Existing Account",
|
|
"userSetupAllowed" : false
|
|
} ]
|
|
}, {
|
|
"alias" : "Verify Existing Account by Re-authentication",
|
|
"description" : "Reauthentication of existing account",
|
|
"providerId" : "basic-flow",
|
|
"topLevel" : false,
|
|
"builtIn" : true,
|
|
"authenticationExecutions" : [ {
|
|
"authenticator" : "idp-username-password-form",
|
|
"authenticatorFlow" : false,
|
|
"requirement" : "REQUIRED",
|
|
"priority" : 10,
|
|
"autheticatorFlow" : false,
|
|
"userSetupAllowed" : false
|
|
}, {
|
|
"authenticatorFlow" : true,
|
|
"requirement" : "CONDITIONAL",
|
|
"priority" : 20,
|
|
"autheticatorFlow" : true,
|
|
"flowAlias" : "First broker login - Conditional OTP",
|
|
"userSetupAllowed" : false
|
|
} ]
|
|
}, {
|
|
"alias" : "browser",
|
|
"description" : "browser based authentication",
|
|
"providerId" : "basic-flow",
|
|
"topLevel" : true,
|
|
"builtIn" : true,
|
|
"authenticationExecutions" : [ {
|
|
"authenticator" : "auth-cookie",
|
|
"authenticatorFlow" : false,
|
|
"requirement" : "ALTERNATIVE",
|
|
"priority" : 10,
|
|
"autheticatorFlow" : false,
|
|
"userSetupAllowed" : false
|
|
}, {
|
|
"authenticator" : "auth-spnego",
|
|
"authenticatorFlow" : false,
|
|
"requirement" : "DISABLED",
|
|
"priority" : 20,
|
|
"autheticatorFlow" : false,
|
|
"userSetupAllowed" : false
|
|
}, {
|
|
"authenticator" : "identity-provider-redirector",
|
|
"authenticatorFlow" : false,
|
|
"requirement" : "ALTERNATIVE",
|
|
"priority" : 25,
|
|
"autheticatorFlow" : false,
|
|
"userSetupAllowed" : false
|
|
}, {
|
|
"authenticatorFlow" : true,
|
|
"requirement" : "ALTERNATIVE",
|
|
"priority" : 30,
|
|
"autheticatorFlow" : true,
|
|
"flowAlias" : "forms",
|
|
"userSetupAllowed" : false
|
|
} ]
|
|
}, {
|
|
"alias" : "clients",
|
|
"description" : "Base authentication for clients",
|
|
"providerId" : "client-flow",
|
|
"topLevel" : true,
|
|
"builtIn" : true,
|
|
"authenticationExecutions" : [ {
|
|
"authenticator" : "client-secret",
|
|
"authenticatorFlow" : false,
|
|
"requirement" : "ALTERNATIVE",
|
|
"priority" : 10,
|
|
"autheticatorFlow" : false,
|
|
"userSetupAllowed" : false
|
|
}, {
|
|
"authenticator" : "client-jwt",
|
|
"authenticatorFlow" : false,
|
|
"requirement" : "ALTERNATIVE",
|
|
"priority" : 20,
|
|
"autheticatorFlow" : false,
|
|
"userSetupAllowed" : false
|
|
}, {
|
|
"authenticator" : "client-secret-jwt",
|
|
"authenticatorFlow" : false,
|
|
"requirement" : "ALTERNATIVE",
|
|
"priority" : 30,
|
|
"autheticatorFlow" : false,
|
|
"userSetupAllowed" : false
|
|
}, {
|
|
"authenticator" : "client-x509",
|
|
"authenticatorFlow" : false,
|
|
"requirement" : "ALTERNATIVE",
|
|
"priority" : 40,
|
|
"autheticatorFlow" : false,
|
|
"userSetupAllowed" : false
|
|
} ]
|
|
}, {
|
|
"alias" : "direct grant",
|
|
"description" : "OpenID Connect Resource Owner Grant",
|
|
"providerId" : "basic-flow",
|
|
"topLevel" : true,
|
|
"builtIn" : true,
|
|
"authenticationExecutions" : [ {
|
|
"authenticator" : "direct-grant-validate-username",
|
|
"authenticatorFlow" : false,
|
|
"requirement" : "REQUIRED",
|
|
"priority" : 10,
|
|
"autheticatorFlow" : false,
|
|
"userSetupAllowed" : false
|
|
}, {
|
|
"authenticator" : "direct-grant-validate-password",
|
|
"authenticatorFlow" : false,
|
|
"requirement" : "REQUIRED",
|
|
"priority" : 20,
|
|
"autheticatorFlow" : false,
|
|
"userSetupAllowed" : false
|
|
}, {
|
|
"authenticatorFlow" : true,
|
|
"requirement" : "CONDITIONAL",
|
|
"priority" : 30,
|
|
"autheticatorFlow" : true,
|
|
"flowAlias" : "Direct Grant - Conditional OTP",
|
|
"userSetupAllowed" : false
|
|
} ]
|
|
}, {
|
|
"alias" : "docker auth",
|
|
"description" : "Used by Docker clients to authenticate against the IDP",
|
|
"providerId" : "basic-flow",
|
|
"topLevel" : true,
|
|
"builtIn" : true,
|
|
"authenticationExecutions" : [ {
|
|
"authenticator" : "docker-http-basic-authenticator",
|
|
"authenticatorFlow" : false,
|
|
"requirement" : "REQUIRED",
|
|
"priority" : 10,
|
|
"autheticatorFlow" : false,
|
|
"userSetupAllowed" : false
|
|
} ]
|
|
}, {
|
|
"alias" : "first broker login",
|
|
"description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
|
|
"providerId" : "basic-flow",
|
|
"topLevel" : true,
|
|
"builtIn" : true,
|
|
"authenticationExecutions" : [ {
|
|
"authenticatorConfig" : "review profile config",
|
|
"authenticator" : "idp-review-profile",
|
|
"authenticatorFlow" : false,
|
|
"requirement" : "REQUIRED",
|
|
"priority" : 10,
|
|
"autheticatorFlow" : false,
|
|
"userSetupAllowed" : false
|
|
}, {
|
|
"authenticatorFlow" : true,
|
|
"requirement" : "REQUIRED",
|
|
"priority" : 20,
|
|
"autheticatorFlow" : true,
|
|
"flowAlias" : "User creation or linking",
|
|
"userSetupAllowed" : false
|
|
} ]
|
|
}, {
|
|
"alias" : "forms",
|
|
"description" : "Username, password, otp and other auth forms.",
|
|
"providerId" : "basic-flow",
|
|
"topLevel" : false,
|
|
"builtIn" : true,
|
|
"authenticationExecutions" : [ {
|
|
"authenticator" : "auth-username-password-form",
|
|
"authenticatorFlow" : false,
|
|
"requirement" : "REQUIRED",
|
|
"priority" : 10,
|
|
"autheticatorFlow" : false,
|
|
"userSetupAllowed" : false
|
|
}, {
|
|
"authenticatorFlow" : true,
|
|
"requirement" : "CONDITIONAL",
|
|
"priority" : 20,
|
|
"autheticatorFlow" : true,
|
|
"flowAlias" : "Browser - Conditional OTP",
|
|
"userSetupAllowed" : false
|
|
} ]
|
|
}, {
|
|
"alias" : "http challenge",
|
|
"description" : "An authentication flow based on challenge-response HTTP Authentication Schemes",
|
|
"providerId" : "basic-flow",
|
|
"topLevel" : true,
|
|
"builtIn" : true,
|
|
"authenticationExecutions" : [ {
|
|
"authenticator" : "no-cookie-redirect",
|
|
"authenticatorFlow" : false,
|
|
"requirement" : "REQUIRED",
|
|
"priority" : 10,
|
|
"autheticatorFlow" : false,
|
|
"userSetupAllowed" : false
|
|
}, {
|
|
"authenticatorFlow" : true,
|
|
"requirement" : "REQUIRED",
|
|
"priority" : 20,
|
|
"autheticatorFlow" : true,
|
|
"flowAlias" : "Authentication Options",
|
|
"userSetupAllowed" : false
|
|
} ]
|
|
}, {
|
|
"alias" : "registration",
|
|
"description" : "registration flow",
|
|
"providerId" : "basic-flow",
|
|
"topLevel" : true,
|
|
"builtIn" : true,
|
|
"authenticationExecutions" : [ {
|
|
"authenticator" : "registration-page-form",
|
|
"authenticatorFlow" : true,
|
|
"requirement" : "REQUIRED",
|
|
"priority" : 10,
|
|
"autheticatorFlow" : true,
|
|
"flowAlias" : "registration form",
|
|
"userSetupAllowed" : false
|
|
} ]
|
|
}, {
|
|
"alias" : "registration form",
|
|
"description" : "registration form",
|
|
"providerId" : "form-flow",
|
|
"topLevel" : false,
|
|
"builtIn" : true,
|
|
"authenticationExecutions" : [ {
|
|
"authenticator" : "registration-user-creation",
|
|
"authenticatorFlow" : false,
|
|
"requirement" : "REQUIRED",
|
|
"priority" : 20,
|
|
"autheticatorFlow" : false,
|
|
"userSetupAllowed" : false
|
|
}, {
|
|
"authenticator" : "registration-profile-action",
|
|
"authenticatorFlow" : false,
|
|
"requirement" : "REQUIRED",
|
|
"priority" : 40,
|
|
"autheticatorFlow" : false,
|
|
"userSetupAllowed" : false
|
|
}, {
|
|
"authenticator" : "registration-password-action",
|
|
"authenticatorFlow" : false,
|
|
"requirement" : "REQUIRED",
|
|
"priority" : 50,
|
|
"autheticatorFlow" : false,
|
|
"userSetupAllowed" : false
|
|
}, {
|
|
"authenticator" : "registration-recaptcha-action",
|
|
"authenticatorFlow" : false,
|
|
"requirement" : "DISABLED",
|
|
"priority" : 60,
|
|
"autheticatorFlow" : false,
|
|
"userSetupAllowed" : false
|
|
} ]
|
|
}, {
|
|
"alias" : "reset credentials",
|
|
"description" : "Reset credentials for a user if they forgot their password or something",
|
|
"providerId" : "basic-flow",
|
|
"topLevel" : true,
|
|
"builtIn" : true,
|
|
"authenticationExecutions" : [ {
|
|
"authenticator" : "reset-credentials-choose-user",
|
|
"authenticatorFlow" : false,
|
|
"requirement" : "REQUIRED",
|
|
"priority" : 10,
|
|
"autheticatorFlow" : false,
|
|
"userSetupAllowed" : false
|
|
}, {
|
|
"authenticator" : "reset-credential-email",
|
|
"authenticatorFlow" : false,
|
|
"requirement" : "REQUIRED",
|
|
"priority" : 20,
|
|
"autheticatorFlow" : false,
|
|
"userSetupAllowed" : false
|
|
}, {
|
|
"authenticator" : "reset-password",
|
|
"authenticatorFlow" : false,
|
|
"requirement" : "REQUIRED",
|
|
"priority" : 30,
|
|
"autheticatorFlow" : false,
|
|
"userSetupAllowed" : false
|
|
}, {
|
|
"authenticatorFlow" : true,
|
|
"requirement" : "CONDITIONAL",
|
|
"priority" : 40,
|
|
"autheticatorFlow" : true,
|
|
"flowAlias" : "Reset - Conditional OTP",
|
|
"userSetupAllowed" : false
|
|
} ]
|
|
}, {
|
|
"alias" : "saml ecp",
|
|
"description" : "SAML ECP Profile Authentication Flow",
|
|
"providerId" : "basic-flow",
|
|
"topLevel" : true,
|
|
"builtIn" : true,
|
|
"authenticationExecutions" : [ {
|
|
"authenticator" : "http-basic-authenticator",
|
|
"authenticatorFlow" : false,
|
|
"requirement" : "REQUIRED",
|
|
"priority" : 10,
|
|
"autheticatorFlow" : false,
|
|
"userSetupAllowed" : false
|
|
} ]
|
|
} ],
|
|
"authenticatorConfig" : [ {
|
|
"alias" : "create unique user config",
|
|
"config" : {
|
|
"require.password.update.after.registration" : "false"
|
|
}
|
|
}, {
|
|
"alias" : "review profile config",
|
|
"config" : {
|
|
"update.profile.on.first.login" : "missing"
|
|
}
|
|
} ],
|
|
"requiredActions" : [ {
|
|
"alias" : "CONFIGURE_TOTP",
|
|
"name" : "Configure OTP",
|
|
"providerId" : "CONFIGURE_TOTP",
|
|
"enabled" : true,
|
|
"defaultAction" : false,
|
|
"priority" : 10,
|
|
"config" : { }
|
|
}, {
|
|
"alias" : "terms_and_conditions",
|
|
"name" : "Terms and Conditions",
|
|
"providerId" : "terms_and_conditions",
|
|
"enabled" : false,
|
|
"defaultAction" : false,
|
|
"priority" : 20,
|
|
"config" : { }
|
|
}, {
|
|
"alias" : "UPDATE_PASSWORD",
|
|
"name" : "Update Password",
|
|
"providerId" : "UPDATE_PASSWORD",
|
|
"enabled" : true,
|
|
"defaultAction" : false,
|
|
"priority" : 30,
|
|
"config" : { }
|
|
}, {
|
|
"alias" : "UPDATE_PROFILE",
|
|
"name" : "Update Profile",
|
|
"providerId" : "UPDATE_PROFILE",
|
|
"enabled" : true,
|
|
"defaultAction" : false,
|
|
"priority" : 40,
|
|
"config" : { }
|
|
}, {
|
|
"alias" : "VERIFY_EMAIL",
|
|
"name" : "Verify Email",
|
|
"providerId" : "VERIFY_EMAIL",
|
|
"enabled" : true,
|
|
"defaultAction" : false,
|
|
"priority" : 50,
|
|
"config" : { }
|
|
}, {
|
|
"alias" : "delete_account",
|
|
"name" : "Delete Account",
|
|
"providerId" : "delete_account",
|
|
"enabled" : false,
|
|
"defaultAction" : false,
|
|
"priority" : 60,
|
|
"config" : { }
|
|
}, {
|
|
"alias" : "update_user_locale",
|
|
"name" : "Update User Locale",
|
|
"providerId" : "update_user_locale",
|
|
"enabled" : true,
|
|
"defaultAction" : false,
|
|
"priority" : 1000,
|
|
"config" : { }
|
|
} ],
|
|
"browserFlow" : "browser",
|
|
"registrationFlow" : "registration",
|
|
"directGrantFlow" : "direct grant",
|
|
"resetCredentialsFlow" : "reset credentials",
|
|
"clientAuthenticationFlow" : "clients",
|
|
"dockerAuthenticationFlow" : "docker auth",
|
|
"attributes" : {
|
|
"cibaBackchannelTokenDeliveryMode" : "poll",
|
|
"cibaAuthRequestedUserHint" : "login_hint",
|
|
"clientOfflineSessionMaxLifespan" : "0",
|
|
"oauth2DevicePollingInterval" : "5",
|
|
"clientSessionIdleTimeout" : "0",
|
|
"actionTokenGeneratedByUserLifespan-execute-actions" : "",
|
|
"actionTokenGeneratedByUserLifespan-verify-email" : "",
|
|
"clientOfflineSessionIdleTimeout" : "0",
|
|
"actionTokenGeneratedByUserLifespan-reset-credentials" : "",
|
|
"cibaInterval" : "5",
|
|
"realmReusableOtpCode" : "false",
|
|
"cibaExpiresIn" : "120",
|
|
"oauth2DeviceCodeLifespan" : "600",
|
|
"actionTokenGeneratedByUserLifespan-idp-verify-account-via-email" : "",
|
|
"parRequestUriLifespan" : "60",
|
|
"clientSessionMaxLifespan" : "0"
|
|
},
|
|
"keycloakVersion" : "20.0.1",
|
|
"userManagedAccessAllowed" : false,
|
|
"clientProfiles" : {
|
|
"profiles" : [ ]
|
|
},
|
|
"clientPolicies" : {
|
|
"policies" : [ ]
|
|
}
|
|
}
|