diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index f40fb471..16d6e133 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -209,6 +209,9 @@ jobs:
- name: SonarCloud Scan
uses: sonarsource/sonarcloud-github-action@master
+ # thought about just skipping dependabot, but skipping all pull requests seems better, since none of them will have access to sonarcloud
+ # if: ${{ github.actor != 'dependabot[bot]' }}
+ if: ${{ github.event_name != 'pull_request' }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
diff --git a/bin/finance-realm.json b/bin/finance-realm.json
new file mode 100644
index 00000000..9468a515
--- /dev/null
+++ b/bin/finance-realm.json
@@ -0,0 +1,1827 @@
+{
+ "id" : "finance",
+ "realm" : "finance",
+ "notBefore" : 0,
+ "defaultSignatureAlgorithm" : "RS256",
+ "revokeRefreshToken" : false,
+ "refreshTokenMaxReuse" : 0,
+ "accessTokenLifespan" : 300,
+ "accessTokenLifespanForImplicitFlow" : 900,
+ "ssoSessionIdleTimeout" : 1800,
+ "ssoSessionMaxLifespan" : 36000,
+ "ssoSessionIdleTimeoutRememberMe" : 0,
+ "ssoSessionMaxLifespanRememberMe" : 0,
+ "offlineSessionIdleTimeout" : 2592000,
+ "offlineSessionMaxLifespanEnabled" : false,
+ "offlineSessionMaxLifespan" : 5184000,
+ "clientSessionIdleTimeout" : 0,
+ "clientSessionMaxLifespan" : 0,
+ "clientOfflineSessionIdleTimeout" : 0,
+ "clientOfflineSessionMaxLifespan" : 0,
+ "accessCodeLifespan" : 60,
+ "accessCodeLifespanUserAction" : 300,
+ "accessCodeLifespanLogin" : 1800,
+ "actionTokenGeneratedByAdminLifespan" : 43200,
+ "actionTokenGeneratedByUserLifespan" : 300,
+ "oauth2DeviceCodeLifespan" : 600,
+ "oauth2DevicePollingInterval" : 5,
+ "enabled" : true,
+ "sslRequired" : "external",
+ "registrationAllowed" : false,
+ "registrationEmailAsUsername" : false,
+ "rememberMe" : false,
+ "verifyEmail" : false,
+ "loginWithEmailAllowed" : true,
+ "duplicateEmailsAllowed" : false,
+ "resetPasswordAllowed" : false,
+ "editUsernameAllowed" : false,
+ "bruteForceProtected" : false,
+ "permanentLockout" : false,
+ "maxFailureWaitSeconds" : 900,
+ "minimumQuickLoginWaitSeconds" : 60,
+ "waitIncrementSeconds" : 60,
+ "quickLoginCheckMilliSeconds" : 1000,
+ "maxDeltaTimeSeconds" : 43200,
+ "failureFactor" : 30,
+ "roles" : {
+ "realm" : [ {
+ "id" : "91c53dd8-cef7-41c1-b5dd-d1ea56f3b3c6",
+ "name" : "uma_authorization",
+ "description" : "${role_uma_authorization}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "finance",
+ "attributes" : { }
+ }, {
+ "id" : "66340ad0-99c3-41ff-b252-fdda5d4e25e2",
+ "name" : "offline_access",
+ "description" : "${role_offline-access}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "finance",
+ "attributes" : { }
+ }, {
+ "id" : "e242e32c-d024-4ce1-a14d-edb0bdc698ca",
+ "name" : "default-roles-finance",
+ "description" : "${role_default-roles}",
+ "composite" : true,
+ "composites" : {
+ "realm" : [ "offline_access", "uma_authorization" ],
+ "client" : {
+ "account" : [ "view-profile", "manage-account" ]
+ }
+ },
+ "clientRole" : false,
+ "containerId" : "finance",
+ "attributes" : { }
+ } ],
+ "client" : {
+ "myclient" : [ ],
+ "realm-management" : [ {
+ "id" : "93da3502-aff8-4360-af69-c873b213cbe0",
+ "name" : "view-identity-providers",
+ "description" : "${role_view-identity-providers}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "f7cfc114-24d1-4c1a-9079-c630fe150ebe",
+ "attributes" : { }
+ }, {
+ "id" : "2078ed6a-713b-43ae-a77f-63eafec8a6a9",
+ "name" : "manage-realm",
+ "description" : "${role_manage-realm}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "f7cfc114-24d1-4c1a-9079-c630fe150ebe",
+ "attributes" : { }
+ }, {
+ "id" : "047c723f-f838-441b-9524-f074a8385e0b",
+ "name" : "query-realms",
+ "description" : "${role_query-realms}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "f7cfc114-24d1-4c1a-9079-c630fe150ebe",
+ "attributes" : { }
+ }, {
+ "id" : "93aa19cf-0b88-4858-a3e0-394096e7e3fa",
+ "name" : "manage-events",
+ "description" : "${role_manage-events}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "f7cfc114-24d1-4c1a-9079-c630fe150ebe",
+ "attributes" : { }
+ }, {
+ "id" : "8a2b5032-d73f-45f8-91b5-6948baa114a8",
+ "name" : "view-events",
+ "description" : "${role_view-events}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "f7cfc114-24d1-4c1a-9079-c630fe150ebe",
+ "attributes" : { }
+ }, {
+ "id" : "d2cee878-d3cf-48dc-9350-f5cc5eaece2d",
+ "name" : "impersonation",
+ "description" : "${role_impersonation}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "f7cfc114-24d1-4c1a-9079-c630fe150ebe",
+ "attributes" : { }
+ }, {
+ "id" : "722e7467-5670-4cc6-aedd-111cf79c47bc",
+ "name" : "manage-identity-providers",
+ "description" : "${role_manage-identity-providers}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "f7cfc114-24d1-4c1a-9079-c630fe150ebe",
+ "attributes" : { }
+ }, {
+ "id" : "10813786-1ef3-45d0-b91e-4b5bf48a210a",
+ "name" : "manage-authorization",
+ "description" : "${role_manage-authorization}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "f7cfc114-24d1-4c1a-9079-c630fe150ebe",
+ "attributes" : { }
+ }, {
+ "id" : "8ae7aa75-86b1-4cf3-b08f-20b1ba101b35",
+ "name" : "realm-admin",
+ "description" : "${role_realm-admin}",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "realm-management" : [ "view-identity-providers", "manage-realm", "query-realms", "view-events", "manage-events", "impersonation", "manage-identity-providers", "manage-authorization", "view-realm", "manage-clients", "create-client", "manage-users", "view-clients", "query-clients", "query-groups", "view-users", "view-authorization", "query-users" ]
+ }
+ },
+ "clientRole" : true,
+ "containerId" : "f7cfc114-24d1-4c1a-9079-c630fe150ebe",
+ "attributes" : { }
+ }, {
+ "id" : "dbe4b8ec-0d4e-4bec-b216-f32ee9e5066f",
+ "name" : "manage-clients",
+ "description" : "${role_manage-clients}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "f7cfc114-24d1-4c1a-9079-c630fe150ebe",
+ "attributes" : { }
+ }, {
+ "id" : "38975601-e621-41ed-ae11-1129e623a521",
+ "name" : "view-realm",
+ "description" : "${role_view-realm}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "f7cfc114-24d1-4c1a-9079-c630fe150ebe",
+ "attributes" : { }
+ }, {
+ "id" : "4ed08d6b-3007-4756-9d8d-4b6fb15a5cfa",
+ "name" : "create-client",
+ "description" : "${role_create-client}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "f7cfc114-24d1-4c1a-9079-c630fe150ebe",
+ "attributes" : { }
+ }, {
+ "id" : "21071417-8445-40f2-9213-dca727200d48",
+ "name" : "manage-users",
+ "description" : "${role_manage-users}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "f7cfc114-24d1-4c1a-9079-c630fe150ebe",
+ "attributes" : { }
+ }, {
+ "id" : "a8201ba5-009e-44aa-8bd9-00c3a9bd8d9d",
+ "name" : "view-clients",
+ "description" : "${role_view-clients}",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "realm-management" : [ "query-clients" ]
+ }
+ },
+ "clientRole" : true,
+ "containerId" : "f7cfc114-24d1-4c1a-9079-c630fe150ebe",
+ "attributes" : { }
+ }, {
+ "id" : "37bce984-5fe7-4a65-b79c-dd8e39711299",
+ "name" : "query-clients",
+ "description" : "${role_query-clients}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "f7cfc114-24d1-4c1a-9079-c630fe150ebe",
+ "attributes" : { }
+ }, {
+ "id" : "e9fa2bd5-19e5-49bd-b378-0dd57ce3e613",
+ "name" : "query-groups",
+ "description" : "${role_query-groups}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "f7cfc114-24d1-4c1a-9079-c630fe150ebe",
+ "attributes" : { }
+ }, {
+ "id" : "1269ce35-e8ab-420e-8859-6e125e77fc0d",
+ "name" : "view-authorization",
+ "description" : "${role_view-authorization}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "f7cfc114-24d1-4c1a-9079-c630fe150ebe",
+ "attributes" : { }
+ }, {
+ "id" : "0f0a08d3-f9bc-411e-8b83-57755b5a9781",
+ "name" : "view-users",
+ "description" : "${role_view-users}",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "realm-management" : [ "query-groups", "query-users" ]
+ }
+ },
+ "clientRole" : true,
+ "containerId" : "f7cfc114-24d1-4c1a-9079-c630fe150ebe",
+ "attributes" : { }
+ }, {
+ "id" : "e121c64b-aad1-46d3-89b4-d1f4153c90b6",
+ "name" : "query-users",
+ "description" : "${role_query-users}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "f7cfc114-24d1-4c1a-9079-c630fe150ebe",
+ "attributes" : { }
+ } ],
+ "security-admin-console" : [ ],
+ "admin-cli" : [ ],
+ "account-console" : [ ],
+ "broker" : [ {
+ "id" : "267cd124-0c66-416a-a106-7033901670ea",
+ "name" : "read-token",
+ "description" : "${role_read-token}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "c37d2d5b-15f6-48bc-8325-3be33787dae4",
+ "attributes" : { }
+ } ],
+ "account" : [ {
+ "id" : "4a1f6c73-951a-48ef-b29c-216dafe7a28b",
+ "name" : "delete-account",
+ "description" : "${role_delete-account}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "e2e246a4-d75f-4163-8605-703d16a26f27",
+ "attributes" : { }
+ }, {
+ "id" : "6d79ccbb-1bbf-441d-8aa4-4157e150a34f",
+ "name" : "manage-consent",
+ "description" : "${role_manage-consent}",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "account" : [ "view-consent" ]
+ }
+ },
+ "clientRole" : true,
+ "containerId" : "e2e246a4-d75f-4163-8605-703d16a26f27",
+ "attributes" : { }
+ }, {
+ "id" : "f9536a0a-a36b-454f-b1d5-773544618853",
+ "name" : "view-profile",
+ "description" : "${role_view-profile}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "e2e246a4-d75f-4163-8605-703d16a26f27",
+ "attributes" : { }
+ }, {
+ "id" : "f1b737bd-afaa-45a4-8613-1e37db0d05e5",
+ "name" : "view-applications",
+ "description" : "${role_view-applications}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "e2e246a4-d75f-4163-8605-703d16a26f27",
+ "attributes" : { }
+ }, {
+ "id" : "34d08665-3194-43fd-94c4-482039ca32db",
+ "name" : "view-consent",
+ "description" : "${role_view-consent}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "e2e246a4-d75f-4163-8605-703d16a26f27",
+ "attributes" : { }
+ }, {
+ "id" : "96e2cb37-6d07-4dce-804d-c9b286a815e6",
+ "name" : "manage-account",
+ "description" : "${role_manage-account}",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "account" : [ "manage-account-links" ]
+ }
+ },
+ "clientRole" : true,
+ "containerId" : "e2e246a4-d75f-4163-8605-703d16a26f27",
+ "attributes" : { }
+ }, {
+ "id" : "c2d5d2d2-c524-4a75-a98a-510083496448",
+ "name" : "manage-account-links",
+ "description" : "${role_manage-account-links}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "e2e246a4-d75f-4163-8605-703d16a26f27",
+ "attributes" : { }
+ } ]
+ }
+ },
+ "groups" : [ ],
+ "defaultRole" : {
+ "id" : "e242e32c-d024-4ce1-a14d-edb0bdc698ca",
+ "name" : "default-roles-finance",
+ "description" : "${role_default-roles}",
+ "composite" : true,
+ "clientRole" : false,
+ "containerId" : "finance"
+ },
+ "requiredCredentials" : [ "password" ],
+ "otpPolicyType" : "totp",
+ "otpPolicyAlgorithm" : "HmacSHA1",
+ "otpPolicyInitialCounter" : 0,
+ "otpPolicyDigits" : 6,
+ "otpPolicyLookAheadWindow" : 1,
+ "otpPolicyPeriod" : 30,
+ "otpSupportedApplications" : [ "FreeOTP", "Google Authenticator" ],
+ "webAuthnPolicyRpEntityName" : "keycloak",
+ "webAuthnPolicySignatureAlgorithms" : [ "ES256" ],
+ "webAuthnPolicyRpId" : "",
+ "webAuthnPolicyAttestationConveyancePreference" : "not specified",
+ "webAuthnPolicyAuthenticatorAttachment" : "not specified",
+ "webAuthnPolicyRequireResidentKey" : "not specified",
+ "webAuthnPolicyUserVerificationRequirement" : "not specified",
+ "webAuthnPolicyCreateTimeout" : 0,
+ "webAuthnPolicyAvoidSameAuthenticatorRegister" : false,
+ "webAuthnPolicyAcceptableAaguids" : [ ],
+ "webAuthnPolicyPasswordlessRpEntityName" : "keycloak",
+ "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ],
+ "webAuthnPolicyPasswordlessRpId" : "",
+ "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified",
+ "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified",
+ "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified",
+ "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified",
+ "webAuthnPolicyPasswordlessCreateTimeout" : 0,
+ "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false,
+ "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ],
+ "users" : [ {
+ "id" : "005c3d73-6330-4fdb-99c2-55222ecfb45c",
+ "createdTimestamp" : 1653320371308,
+ "username" : "user1",
+ "enabled" : true,
+ "totp" : false,
+ "emailVerified" : false,
+ "credentials" : [ {
+ "id" : "10256a1f-6966-49c9-a052-46098b447820",
+ "type" : "password",
+ "createdDate" : 1653326993658,
+ "secretData" : "{\"value\":\"+1pFlfNSbupUdw/TCFYOwLVlBkaqQPox767DifigdbBH/+n7EUVk1QBMCEOByX3Eah2AHAHHjOgBSiK6G3OXUQ==\",\"salt\":\"UZPJ0/Rtkbfb/9xnxmiAbw==\",\"additionalParameters\":{}}",
+ "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
+ } ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "default-roles-finance" ],
+ "notBefore" : 0,
+ "groups" : [ ]
+ } ],
+ "scopeMappings" : [ {
+ "clientScope" : "offline_access",
+ "roles" : [ "offline_access" ]
+ } ],
+ "clients" : [ {
+ "id" : "e2e246a4-d75f-4163-8605-703d16a26f27",
+ "clientId" : "account",
+ "name" : "${client_account}",
+ "rootUrl" : "${authBaseUrl}",
+ "baseUrl" : "/realms/finance/account/",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "redirectUris" : [ "/realms/finance/account/*" ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : false,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : true,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : { },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "b676e1d8-4b72-47f7-bac9-b46c19b6c1d5",
+ "clientId" : "account-console",
+ "name" : "${client_account-console}",
+ "rootUrl" : "${authBaseUrl}",
+ "baseUrl" : "/realms/finance/account/",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "redirectUris" : [ "/realms/finance/account/*" ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : false,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : true,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "pkce.code.challenge.method" : "S256"
+ },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "protocolMappers" : [ {
+ "id" : "cbfda10b-14c2-4a4a-ac0b-b3164b1a6707",
+ "name" : "audience resolve",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-audience-resolve-mapper",
+ "consentRequired" : false,
+ "config" : { }
+ } ],
+ "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "91b23b28-6e4b-4bd6-9444-883c01164cbf",
+ "clientId" : "admin-cli",
+ "name" : "${client_admin-cli}",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "redirectUris" : [ ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : false,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : true,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : true,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : { },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "c37d2d5b-15f6-48bc-8325-3be33787dae4",
+ "clientId" : "broker",
+ "name" : "${client_broker}",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "redirectUris" : [ ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : true,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : false,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : false,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : { },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "df91423f-c80a-40e9-90f7-9619b9937a88",
+ "clientId" : "myclient",
+ "rootUrl" : "https://www.keycloak.org/app/",
+ "adminUrl" : "https://www.keycloak.org/app/",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "secret" : "OAh6rkjXIiPJDtPOz4459i3VtdlxGcce",
+ "redirectUris" : [ "http://localhost:5000/*" ],
+ "webOrigins" : [ "https://www.keycloak.org" ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : true,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : false,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "saml.force.post.binding" : "false",
+ "saml.multivalued.roles" : "false",
+ "frontchannel.logout.session.required" : "false",
+ "oauth2.device.authorization.grant.enabled" : "false",
+ "backchannel.logout.revoke.offline.tokens" : "false",
+ "saml.server.signature.keyinfo.ext" : "false",
+ "use.refresh.tokens" : "true",
+ "oidc.ciba.grant.enabled" : "false",
+ "backchannel.logout.session.required" : "true",
+ "client_credentials.use_refresh_token" : "false",
+ "require.pushed.authorization.requests" : "false",
+ "saml.client.signature" : "false",
+ "saml.allow.ecp.flow" : "false",
+ "id.token.as.detached.signature" : "false",
+ "saml.assertion.signature" : "false",
+ "client.secret.creation.time" : "1653320645",
+ "saml.encrypt" : "false",
+ "saml.server.signature" : "false",
+ "exclude.session.state.from.auth.response" : "false",
+ "saml.artifact.binding" : "false",
+ "saml_force_name_id_format" : "false",
+ "acr.loa.map" : "{}",
+ "tls.client.certificate.bound.access.tokens" : "false",
+ "saml.authnstatement" : "false",
+ "display.on.consent.screen" : "false",
+ "token.response.type.bearer.lower-case" : "false",
+ "saml.onetimeuse.condition" : "false"
+ },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : true,
+ "nodeReRegistrationTimeout" : -1,
+ "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "f7cfc114-24d1-4c1a-9079-c630fe150ebe",
+ "clientId" : "realm-management",
+ "name" : "${client_realm-management}",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "redirectUris" : [ ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : true,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : false,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : false,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : { },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "b5dcaf49-414a-4dc9-a322-343b3a42bc2c",
+ "clientId" : "security-admin-console",
+ "name" : "${client_security-admin-console}",
+ "rootUrl" : "${authAdminUrl}",
+ "baseUrl" : "/admin/finance/console/",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "redirectUris" : [ "/admin/finance/console/*" ],
+ "webOrigins" : [ "+" ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : false,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : true,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "pkce.code.challenge.method" : "S256"
+ },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "protocolMappers" : [ {
+ "id" : "88310466-5078-4046-bf2c-f224409ca180",
+ "name" : "locale",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "locale",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "locale",
+ "jsonType.label" : "String"
+ }
+ } ],
+ "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ } ],
+ "clientScopes" : [ {
+ "id" : "af549e77-9526-4df2-99c4-d03b930f3754",
+ "name" : "offline_access",
+ "description" : "OpenID Connect built-in scope: offline_access",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "consent.screen.text" : "${offlineAccessScopeConsentText}",
+ "display.on.consent.screen" : "true"
+ }
+ }, {
+ "id" : "b491f331-3ba8-4caf-bb5c-60605fbea094",
+ "name" : "web-origins",
+ "description" : "OpenID Connect scope for add allowed web origins to the access token",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "false",
+ "display.on.consent.screen" : "false",
+ "consent.screen.text" : ""
+ },
+ "protocolMappers" : [ {
+ "id" : "636f662f-1f3b-490b-a350-50dbdb33dbd6",
+ "name" : "allowed web origins",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-allowed-origins-mapper",
+ "consentRequired" : false,
+ "config" : { }
+ } ]
+ }, {
+ "id" : "3075a8bb-feec-4317-b6b8-199fff003e78",
+ "name" : "microprofile-jwt",
+ "description" : "Microprofile - JWT built-in scope",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "false"
+ },
+ "protocolMappers" : [ {
+ "id" : "9b0b611e-5a74-42cb-8a8b-db57b072798c",
+ "name" : "upn",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "username",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "upn",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "a71a281e-3397-4b59-8c8f-90a0c2596ced",
+ "name" : "groups",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-realm-role-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "multivalued" : "true",
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "foo",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "groups",
+ "jsonType.label" : "String"
+ }
+ } ]
+ }, {
+ "id" : "497f4647-6fda-4414-b28a-de9dd2fa71be",
+ "name" : "email",
+ "description" : "OpenID Connect built-in scope: email",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "true",
+ "consent.screen.text" : "${emailScopeConsentText}"
+ },
+ "protocolMappers" : [ {
+ "id" : "38883a67-1be8-4b3b-b49b-2958eb3ac537",
+ "name" : "email",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "email",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "email",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "cfe47ce1-29f0-47b2-a4ee-62583d0219ef",
+ "name" : "email verified",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "emailVerified",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "email_verified",
+ "jsonType.label" : "boolean"
+ }
+ } ]
+ }, {
+ "id" : "57757394-3904-49dd-b006-761f9deb8b3c",
+ "name" : "address",
+ "description" : "OpenID Connect built-in scope: address",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "true",
+ "consent.screen.text" : "${addressScopeConsentText}"
+ },
+ "protocolMappers" : [ {
+ "id" : "49fd59ae-f76c-4563-a55b-246c0927c71b",
+ "name" : "address",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-address-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "user.attribute.formatted" : "formatted",
+ "user.attribute.country" : "country",
+ "user.attribute.postal_code" : "postal_code",
+ "userinfo.token.claim" : "true",
+ "user.attribute.street" : "street",
+ "id.token.claim" : "true",
+ "user.attribute.region" : "region",
+ "access.token.claim" : "true",
+ "user.attribute.locality" : "locality"
+ }
+ } ]
+ }, {
+ "id" : "854568f7-6ee5-457b-b14c-5624e6712d47",
+ "name" : "acr",
+ "description" : "OpenID Connect scope for add acr (authentication context class reference) to the token",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "false",
+ "display.on.consent.screen" : "false"
+ },
+ "protocolMappers" : [ {
+ "id" : "122e4c4b-6db8-4ca0-b2ae-040bd4062fc1",
+ "name" : "acr loa level",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-acr-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "userinfo.token.claim" : "true"
+ }
+ } ]
+ }, {
+ "id" : "b08be6ff-96fc-4ef1-811f-73d3c8eef401",
+ "name" : "phone",
+ "description" : "OpenID Connect built-in scope: phone",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "true",
+ "consent.screen.text" : "${phoneScopeConsentText}"
+ },
+ "protocolMappers" : [ {
+ "id" : "a6b7b8bd-b6ca-43e0-aa97-c6ef2985ae71",
+ "name" : "phone number",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "phoneNumber",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "phone_number",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "8375a9f1-5355-457f-96b4-33fb687c9352",
+ "name" : "phone number verified",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "phoneNumberVerified",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "phone_number_verified",
+ "jsonType.label" : "boolean"
+ }
+ } ]
+ }, {
+ "id" : "20dd9fdb-e39f-4e8d-873e-4d03b0f52fd6",
+ "name" : "profile",
+ "description" : "OpenID Connect built-in scope: profile",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "true",
+ "consent.screen.text" : "${profileScopeConsentText}"
+ },
+ "protocolMappers" : [ {
+ "id" : "a4fa4e5c-7503-4974-9efa-166fe982df0b",
+ "name" : "given name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "firstName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "given_name",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "88b23bba-5a2e-4f46-b786-d049c0f84175",
+ "name" : "profile",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "profile",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "profile",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "949c9cd3-5a2c-43ee-9b65-20c36957c023",
+ "name" : "picture",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "picture",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "picture",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "dea37916-c26a-405d-aefc-9d66ffaea3e2",
+ "name" : "username",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "username",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "preferred_username",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "31891161-c569-4168-a8c9-250fd63c8e9e",
+ "name" : "gender",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "gender",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "gender",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "a4e05e95-4c9f-45e7-8d88-d439ee6a1cc9",
+ "name" : "birthdate",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "birthdate",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "birthdate",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "7ce53f52-eadc-4b71-b66b-029d01291e8f",
+ "name" : "zoneinfo",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "zoneinfo",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "zoneinfo",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "dffa1341-02d6-4bd6-aa20-3de3d2ecb500",
+ "name" : "nickname",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "nickname",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "nickname",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "dd4882ce-352c-4118-b5d2-9e5e67158a56",
+ "name" : "middle name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "middleName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "middle_name",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "f4c115d4-8fdd-409f-8ae1-6f7669dd0400",
+ "name" : "full name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-full-name-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "userinfo.token.claim" : "true"
+ }
+ }, {
+ "id" : "9fda30b9-b251-4177-9046-557478df1c3f",
+ "name" : "family name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "lastName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "family_name",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "b05b341f-1f37-439c-90fc-0366c964d34a",
+ "name" : "locale",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "locale",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "locale",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "c1969485-c36f-437b-a681-42bfb3a15b37",
+ "name" : "website",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "website",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "website",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "7d95cd7f-8f25-474a-a9ef-1bd793f7c52f",
+ "name" : "updated at",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "updatedAt",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "updated_at",
+ "jsonType.label" : "long"
+ }
+ } ]
+ }, {
+ "id" : "57a8e94a-3275-4d31-8409-a33e4efea380",
+ "name" : "role_list",
+ "description" : "SAML role list",
+ "protocol" : "saml",
+ "attributes" : {
+ "consent.screen.text" : "${samlRoleListScopeConsentText}",
+ "display.on.consent.screen" : "true"
+ },
+ "protocolMappers" : [ {
+ "id" : "e1582dca-683f-4743-bdc8-4fa9b6580f1e",
+ "name" : "role list",
+ "protocol" : "saml",
+ "protocolMapper" : "saml-role-list-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "single" : "false",
+ "attribute.nameformat" : "Basic",
+ "attribute.name" : "Role"
+ }
+ } ]
+ }, {
+ "id" : "1d67898f-ed21-4943-adaf-749fdf007e32",
+ "name" : "roles",
+ "description" : "OpenID Connect scope for add user roles to the access token",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "false",
+ "display.on.consent.screen" : "true",
+ "consent.screen.text" : "${rolesScopeConsentText}"
+ },
+ "protocolMappers" : [ {
+ "id" : "5b736866-be1d-42b3-ab22-56614b40a55c",
+ "name" : "client roles",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-client-role-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "user.attribute" : "foo",
+ "access.token.claim" : "true",
+ "claim.name" : "resource_access.${client_id}.roles",
+ "jsonType.label" : "String",
+ "multivalued" : "true"
+ }
+ }, {
+ "id" : "7a5031af-da7f-4832-b1ae-97a3d36eba0d",
+ "name" : "audience resolve",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-audience-resolve-mapper",
+ "consentRequired" : false,
+ "config" : { }
+ }, {
+ "id" : "8ecfdd17-b555-42c3-b86b-088b88531575",
+ "name" : "realm roles",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-realm-role-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "user.attribute" : "foo",
+ "access.token.claim" : "true",
+ "claim.name" : "realm_access.roles",
+ "jsonType.label" : "String",
+ "multivalued" : "true"
+ }
+ } ]
+ } ],
+ "defaultDefaultClientScopes" : [ "roles", "profile", "email", "role_list", "acr", "web-origins" ],
+ "defaultOptionalClientScopes" : [ "microprofile-jwt", "address", "offline_access", "phone" ],
+ "browserSecurityHeaders" : {
+ "contentSecurityPolicyReportOnly" : "",
+ "xContentTypeOptions" : "nosniff",
+ "xRobotsTag" : "none",
+ "xFrameOptions" : "SAMEORIGIN",
+ "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
+ "xXSSProtection" : "1; mode=block",
+ "strictTransportSecurity" : "max-age=31536000; includeSubDomains"
+ },
+ "smtpServer" : { },
+ "eventsEnabled" : false,
+ "eventsListeners" : [ "jboss-logging" ],
+ "enabledEventTypes" : [ ],
+ "adminEventsEnabled" : false,
+ "adminEventsDetailsEnabled" : false,
+ "identityProviders" : [ ],
+ "identityProviderMappers" : [ ],
+ "components" : {
+ "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ {
+ "id" : "07e852dc-d1b8-446e-8e6c-cc8cba09d67b",
+ "name" : "Allowed Client Scopes",
+ "providerId" : "allowed-client-templates",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : {
+ "allow-default-scopes" : [ "true" ]
+ }
+ }, {
+ "id" : "6a31e7b4-c1e4-4b98-aff8-b797635c8685",
+ "name" : "Full Scope Disabled",
+ "providerId" : "scope",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : { }
+ }, {
+ "id" : "3b45a6bb-607a-42ba-828d-cbe3bb4822d1",
+ "name" : "Allowed Protocol Mapper Types",
+ "providerId" : "allowed-protocol-mappers",
+ "subType" : "authenticated",
+ "subComponents" : { },
+ "config" : {
+ "allowed-protocol-mapper-types" : [ "oidc-usermodel-attribute-mapper", "saml-role-list-mapper", "saml-user-attribute-mapper", "oidc-address-mapper", "saml-user-property-mapper", "oidc-full-name-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-property-mapper" ]
+ }
+ }, {
+ "id" : "3d0c68f7-fadc-45e5-9cb1-011569ff4848",
+ "name" : "Max Clients Limit",
+ "providerId" : "max-clients",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : {
+ "max-clients" : [ "200" ]
+ }
+ }, {
+ "id" : "568cdc09-0bc8-4d55-9571-ec79111afda2",
+ "name" : "Allowed Protocol Mapper Types",
+ "providerId" : "allowed-protocol-mappers",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : {
+ "allowed-protocol-mapper-types" : [ "oidc-address-mapper", "saml-role-list-mapper", "saml-user-property-mapper", "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-full-name-mapper", "saml-user-attribute-mapper" ]
+ }
+ }, {
+ "id" : "04676764-b892-4c0a-86ec-9bb2ab43941a",
+ "name" : "Consent Required",
+ "providerId" : "consent-required",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : { }
+ }, {
+ "id" : "7876d668-bfec-44c2-8531-43d05ce26a55",
+ "name" : "Allowed Client Scopes",
+ "providerId" : "allowed-client-templates",
+ "subType" : "authenticated",
+ "subComponents" : { },
+ "config" : {
+ "allow-default-scopes" : [ "true" ]
+ }
+ }, {
+ "id" : "84af08d2-2d53-491c-b474-ff048c113893",
+ "name" : "Trusted Hosts",
+ "providerId" : "trusted-hosts",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : {
+ "host-sending-registration-request-must-match" : [ "true" ],
+ "client-uris-must-match" : [ "true" ]
+ }
+ } ],
+ "org.keycloak.keys.KeyProvider" : [ {
+ "id" : "7702a515-b69c-49e0-81c9-41995c9336a2",
+ "name" : "rsa-enc-generated",
+ "providerId" : "rsa-enc-generated",
+ "subComponents" : { },
+ "config" : {
+ "privateKey" : [ "MIIEpQIBAAKCAQEA0vzcavVrsY6k9yLNvLlYv+0HYoz8tJMsG121qIlYRmHMqehXNdQeTCwG9eT22CnCwIeuarzO7G5nx1Gr6+Xtwijpw9+F1apmXgw41bXAvF0v7ujvxCoUVczKEfjP/9dpFWbgXYiB+A2/FzBgpPtGAqpdt0JVkMbINwYyOKc8hNfEJpogvb7VLzyiVSTBSHg7MK+U2XwQZ7p9hwY4Y+yTBRr9NKlrZhiwY49+iBg5bBYINeCmK6dYQp0IsdvSKSXfgHKGbIF9b8uVTyjJPHe6JMirxRWFWRRU8s5QdMeA2/kbnx9UV4nVi9XixAg7/94qe/HGeZvf3uqcEdmQrchHgQIDAQABAoIBAARfNPoKZ9bgC88LK5QziwE/Gh4SqdHcEtfmUzNQ1UFwGVuT8uqsoIwXhXVm7y5/fweaSCTyEJ+ZkhDxQky7EPgq/N0QLqfExiZAvpS/FWVR0QJ0VTONY6p7edxxeW3lusm0vgVyJK9NKZ6DZB1HD6ZSfWqktz0uwUtSl4vQ+1INVOFPNKNP+DpKeyol4BLZ8KLWEZcxCOm8s6i+5DQTODQE+a1+wAzsqQii7iHuOKkLZVGdDBWMd1ydP6mBtH99bMheFOkaSy+zsVV042JVv88ohh95emx95zCFIRSgvS4OqGCRBpk57feHD+XF7nWfIY3QoOPMez1DEbWKKvEsxzkCgYEA8mf+Cpinay2U+x6ep234H+RDMSEzpcluxV8dUyZWSmW1akP5YZq1alW01S4clOP6/vHjQmRrN3yG1/s5karBgyJcE8BUAmM0jJaGOAIfJRJVJqbGo4B1/eKfOBHhNSItwjWXujCqGOQmUTOB3r0t9tTa4PLXtPFnZ2yCniMYzD8CgYEA3tHSY1ZeAST2LVC4NBu5IlDQmQUT/YM4+17aAzhq35N8oS2vXq+7INx4fXRO2pWq/cO7d6Xz8dGozQlSUl2a+mFRZmJuRkQ5Viv2fELNz1cByz7Otn5yqk5VQAUN628sijHXsFlLt9sk7ohDNcHSqp1AnQ6dI2+HK3uDWHZg/D8CgYEAqDKkQXH+6Q1tzHlImOBjRK28OcDR9303kVgYHvQA+ApuwNd9mM4ihzAFE861IlK2fGQWzqCjDJMpdX/qSDr1nyoePc47/JQdiFeBticyuSRpVTJvrk+aj5nJ5LvzSkz290T8jMLro+3a8IkO2iDmXdkALwoRxomiuE7Aqz2rHT0CgYEAhGfqvVz1P3jXUNZGn7BZsyqSyltaJat0kOssYf2EhJb/2EdtjraeXEim0OXsdbe6hFFrdQ4IiAouZKjFYmx9S4vI8y5KmTaxW6OENRL9edgaGMyZyZgaS1mBDynxu5W0weocYY6uj/KJX7VZOviSVxBa9PlaJ1R+3jfnNQojV8ECgYEAxRphKa2E6b9dANF1uyincbmafp/yJ0bStmzyY2gbAak/gBQw8Nyamo/CVDIGusQJdb0hsd7hB8QjC20i/T1uFz2KE4w1RzTHvtiO4z3FBdlYDJ+nZOQb8KRH8YATRn4gtAxeM1mOiT9ZT3t1LMTNZOVBMXnN1xQQa/iIZ+96Iow=" ],
+ "keyUse" : [ "ENC" ],
+ "certificate" : [ "MIICnTCCAYUCBgGA8Y4ipTANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdmaW5hbmNlMB4XDTIyMDUyMzE1MzI0NVoXDTMyMDUyMzE1MzQyNVowEjEQMA4GA1UEAwwHZmluYW5jZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANL83Gr1a7GOpPcizby5WL/tB2KM/LSTLBtdtaiJWEZhzKnoVzXUHkwsBvXk9tgpwsCHrmq8zuxuZ8dRq+vl7cIo6cPfhdWqZl4MONW1wLxdL+7o78QqFFXMyhH4z//XaRVm4F2IgfgNvxcwYKT7RgKqXbdCVZDGyDcGMjinPITXxCaaIL2+1S88olUkwUh4OzCvlNl8EGe6fYcGOGPskwUa/TSpa2YYsGOPfogYOWwWCDXgpiunWEKdCLHb0ikl34ByhmyBfW/LlU8oyTx3uiTIq8UVhVkUVPLOUHTHgNv5G58fVFeJ1YvV4sQIO//eKnvxxnmb397qnBHZkK3IR4ECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAngNl7wr2JsoTsAML0aUMFhRKuZKhsOluUlR5BaU5FpCIM902YqVtDmlDaPJhbGr6+JvDsAaHvhqiv9V4ShzcjYEiYJzDYnvJb3tA+AhSXAIU1WpeVEikeiHltb6repc2BFvMmVKOWntv6JSi35WopxQU6WwCjquZdYFGLDFrS2TsOo4N5n6h15IDUNLQxd+g4v4u8rWO/f0vmtLinIurW8CpK3uq5rm6gfy8ooJ7VKbyF0EP3wecLZr32NQ4DZpct1CSl6pr3Rvh9JMWrIr+5kXkVFLpnuOT0d5Y4ZiKPBZd1+rLLqblj6U6UPa7kcxay8R+jU5YrZLZO3VuIM3R7A==" ],
+ "priority" : [ "100" ],
+ "algorithm" : [ "RSA-OAEP" ]
+ }
+ }, {
+ "id" : "1c415214-0b91-4853-810c-aea64593896e",
+ "name" : "rsa-generated",
+ "providerId" : "rsa-generated",
+ "subComponents" : { },
+ "config" : {
+ "privateKey" : [ "MIIEogIBAAKCAQEAge/hw7KOQWkafuPbIMWNtxOmaAhc/nEI5RjEbDCyU3eqKOT7NYdRM0IpcAG0L6K+LW38c5oUrnHw525z9DJ8rNedMCRJsLZiJlz+PdJBWlfFImS3jzDRL0lbqZLvF3In9dIAsOFvHN8CQdnU8QPWQ22S+LIdMed3M1FPV4wtnv3QGATDGEbwiALgF12wpOUQP+bJrdBSpkQMGY8WTWMe5OXbXCvhp9XDExaXrrJigCLqug6WrNeo7UKEi5yaOgwC/msNXxQmXKBIke7WaLuX2mFmJ7jRDHI09WmYGTRMyi+bebRq063IulTNXWsVfOYhC63PAoT9QwiChKlRtey7gQIDAQABAoIBAFTP1+Pds17clK/IWGpuqE6cY9y5wMFP1Id9ABDCRFOY4xdoRtQsrAKyJ8v1QMBrEIkkpkhqhR9MPftBrCvznE9ROUeIGBVhJnV183k0uPWYHpORfALZ0WB1GIB56Ne76ntYhJzvuI/2vElxPr3GTF+csPblg4rkU3jKlOhHFiwU++IAJ9zTO97XqSPSvt5VmpjKNRRN0dodY1cVxPiCybi1F6Xk4E5XTqWoBxggVwM4BbXxDply+Ec7+RULfE2TTFb6YNHbnyV8xE1TlCZPU4+Tws6izJZi/YPwBWgv6CZF1zTLkNMPiCp3+isZN79wpqYKvjk0Y1SrtcawIi/9ocECgYEA2FTiFWdvzHn9vgw2wTxCb2pY46TTeQ/kjSKqIQDYZwzy2kNFDF/NZXIFp3FdROO0LJyrBwtp5PdDMDrKWhEu2eVNNFoqaCcS/LpY+m0MNw5fhQSfyHm8jPUZGsrKHh24T7hRi0S7N92gTos0bp0JURJ4/E+4MFE86Woic9pnrqkCgYEAmcNvOKtk1pczO1x26gpGQe3jd1F/LhPKDb2JvFrEviFczXT26AeTX9Tpe+S9sDwLrmTHmeKRITFO+bpUv0CqsAR+4EPZg1CYtcL8xC7wjmxqI7fyfeeREs0t7sojD2pa4m+aY1PwH3GD8Gs/V6Ei6JoDn2fHw64cLtiT8Y1EZRkCgYBon0yjy12PR2RHGEMW2xzKI2WP2rQHdX80HpKm2XDPDb0Zf7USEfcU27sOSs4vtev6M16nTobNHCQbXCNmwa6l5Lac3gpqSpNtNHY5zqk8qy/Y9e6MlwtwJE0a3v426Gqt61dMglYE46NWuQ4HfNz3n3Zxl+BdRbyuqgy1eOfx2QKBgGxO2EIPoGjzehffKrfyYsi/21DJrA71y4ZgMuvk996BO5BRSjXoWCvRmmE1n1PLB+Ngg6RmjhnWVK3dTSKmV1TC5efsgwNXOyoU3d0Gv1VjEmR0hq+e9HZM5oTkB0wtezUyrYo3rtVHLUulD6oXC7LSAak//dtdAecRkSw9eKbJAoGAdKWKSl1CJ5MKKbLcCcNY474Ifzop+ZJF+wHwBnKwsNuDhAuccXeqlkfspE+sEiKhdHxRp2FgWbvbp83d1HFM1eRZcF8xNxNTQ1kGIjFO73ONroQBzOQq6N2XTWmdQWsNB/0gqlfQ0g6ltrNIWQJ6dBTh45C/c8wwFPRJ3IdQD/s=" ],
+ "keyUse" : [ "SIG" ],
+ "certificate" : [ "MIICnTCCAYUCBgGA8Y4idDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdmaW5hbmNlMB4XDTIyMDUyMzE1MzI0NVoXDTMyMDUyMzE1MzQyNVowEjEQMA4GA1UEAwwHZmluYW5jZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIHv4cOyjkFpGn7j2yDFjbcTpmgIXP5xCOUYxGwwslN3qijk+zWHUTNCKXABtC+ivi1t/HOaFK5x8Oduc/QyfKzXnTAkSbC2YiZc/j3SQVpXxSJkt48w0S9JW6mS7xdyJ/XSALDhbxzfAkHZ1PED1kNtkviyHTHndzNRT1eMLZ790BgEwxhG8IgC4BddsKTlED/mya3QUqZEDBmPFk1jHuTl21wr4afVwxMWl66yYoAi6roOlqzXqO1ChIucmjoMAv5rDV8UJlygSJHu1mi7l9phZie40QxyNPVpmBk0TMovm3m0atOtyLpUzV1rFXzmIQutzwKE/UMIgoSpUbXsu4ECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAUAB+19re9bQdlSZv4O6xSqI+7bMtdNxQxxb2wr1Iy8dmH7gPIg4DY7qilFnGvyY0B1CrOomov4tTha8v4YUvX2/Q3Ped5AHWlymWLbM/Mnxc8mcAsa3UmIgF8zEKkIEeXz876owXaUIy+o+hx6uDr6J/GvTtIYW/t7hVWkbHUxozJBrxYL9AKqFIBlc9B2jMiV81qNvHN17OWZRRXwP6mk+zY1CTJrbDaeK0bThF66Ff0uJMuK4CYJyyDDXL+9CguIW0G8hIhFeDXKZ/aAoVCULo+b653REYitpHD8PuuldDkthSSSZq9PnR+7ttDQ+Zt/8rWe+tBNzJCIx4vzY2rg==" ],
+ "priority" : [ "100" ]
+ }
+ }, {
+ "id" : "0c1cb39b-19a4-4103-b5e5-ead9993d25d8",
+ "name" : "aes-generated",
+ "providerId" : "aes-generated",
+ "subComponents" : { },
+ "config" : {
+ "kid" : [ "01cccc91-2bd5-4107-9abe-73eefa08844e" ],
+ "secret" : [ "UFMiYfKaAgrSES3eknZGNA" ],
+ "priority" : [ "100" ]
+ }
+ }, {
+ "id" : "2be427e9-7d31-46f2-b315-27eabf13c750",
+ "name" : "hmac-generated",
+ "providerId" : "hmac-generated",
+ "subComponents" : { },
+ "config" : {
+ "kid" : [ "88dc0a34-df52-4ba9-b120-f64f5f58814b" ],
+ "secret" : [ "NsTtKtnEUPVAGynVRWUNbyBPGPogEB1DfhTikcPF357dwL1yD_4tiv7HmjJ8CSvQP4ILuuTxhDqO3z-zjAoROA" ],
+ "priority" : [ "100" ],
+ "algorithm" : [ "HS256" ]
+ }
+ } ]
+ },
+ "internationalizationEnabled" : false,
+ "supportedLocales" : [ ],
+ "authenticationFlows" : [ {
+ "id" : "0fde2792-dcf5-487d-ac16-f7fe6aa6452a",
+ "alias" : "Account verification options",
+ "description" : "Method with which to verity the existing account",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "idp-email-verification",
+ "authenticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticatorFlow" : true,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 20,
+ "autheticatorFlow" : true,
+ "flowAlias" : "Verify Existing Account by Re-authentication",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "86dddafa-1c63-408b-a7f1-cf82c7fdf3dd",
+ "alias" : "Authentication Options",
+ "description" : "Authentication options.",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "basic-auth",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "basic-auth-otp",
+ "authenticatorFlow" : false,
+ "requirement" : "DISABLED",
+ "priority" : 20,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "auth-spnego",
+ "authenticatorFlow" : false,
+ "requirement" : "DISABLED",
+ "priority" : 30,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "a47eb419-ed9e-42fd-b4ec-6074323fa6ba",
+ "alias" : "Browser - Conditional OTP",
+ "description" : "Flow to determine if the OTP is required for the authentication",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "conditional-user-configured",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "auth-otp-form",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "3368f154-d4ba-4839-95a3-e02fb50bf17c",
+ "alias" : "Direct Grant - Conditional OTP",
+ "description" : "Flow to determine if the OTP is required for the authentication",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "conditional-user-configured",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "direct-grant-validate-otp",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "81ce715c-c31d-4ac6-9f41-587c1a105786",
+ "alias" : "First broker login - Conditional OTP",
+ "description" : "Flow to determine if the OTP is required for the authentication",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "conditional-user-configured",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "auth-otp-form",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "cc14c5a6-5a36-4601-99c1-e0b8b5c33c57",
+ "alias" : "Handle Existing Account",
+ "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "idp-confirm-link",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticatorFlow" : true,
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "autheticatorFlow" : true,
+ "flowAlias" : "Account verification options",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "fd19942f-8d99-4179-961e-9bc52c124fe6",
+ "alias" : "Reset - Conditional OTP",
+ "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "conditional-user-configured",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "reset-otp",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "b27dd02c-9023-414e-949d-9b44c47768ab",
+ "alias" : "User creation or linking",
+ "description" : "Flow for the existing/non-existing user alternatives",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticatorConfig" : "create unique user config",
+ "authenticator" : "idp-create-user-if-unique",
+ "authenticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticatorFlow" : true,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 20,
+ "autheticatorFlow" : true,
+ "flowAlias" : "Handle Existing Account",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "6460144e-b28b-45a5-940c-a73855c53e1a",
+ "alias" : "Verify Existing Account by Re-authentication",
+ "description" : "Reauthentication of existing account",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "idp-username-password-form",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticatorFlow" : true,
+ "requirement" : "CONDITIONAL",
+ "priority" : 20,
+ "autheticatorFlow" : true,
+ "flowAlias" : "First broker login - Conditional OTP",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "da8c0b0c-f3d3-49e4-88eb-127d27029c76",
+ "alias" : "browser",
+ "description" : "browser based authentication",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "auth-cookie",
+ "authenticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "auth-spnego",
+ "authenticatorFlow" : false,
+ "requirement" : "DISABLED",
+ "priority" : 20,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "identity-provider-redirector",
+ "authenticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 25,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticatorFlow" : true,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 30,
+ "autheticatorFlow" : true,
+ "flowAlias" : "forms",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "5103be99-4355-4031-9a32-ad8837f6d972",
+ "alias" : "clients",
+ "description" : "Base authentication for clients",
+ "providerId" : "client-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "client-secret",
+ "authenticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "client-jwt",
+ "authenticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 20,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "client-secret-jwt",
+ "authenticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 30,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "client-x509",
+ "authenticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 40,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "6996f613-218b-4442-9596-84ac217c87dd",
+ "alias" : "direct grant",
+ "description" : "OpenID Connect Resource Owner Grant",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "direct-grant-validate-username",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "direct-grant-validate-password",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticatorFlow" : true,
+ "requirement" : "CONDITIONAL",
+ "priority" : 30,
+ "autheticatorFlow" : true,
+ "flowAlias" : "Direct Grant - Conditional OTP",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "a5198547-b614-43b7-a7bf-152a82199c67",
+ "alias" : "docker auth",
+ "description" : "Used by Docker clients to authenticate against the IDP",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "docker-http-basic-authenticator",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "8a7d1775-6a9e-45c8-8797-d6bbdde5a359",
+ "alias" : "first broker login",
+ "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticatorConfig" : "review profile config",
+ "authenticator" : "idp-review-profile",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticatorFlow" : true,
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "autheticatorFlow" : true,
+ "flowAlias" : "User creation or linking",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "e707bd54-507a-4534-a192-53fe8939e094",
+ "alias" : "forms",
+ "description" : "Username, password, otp and other auth forms.",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "auth-username-password-form",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticatorFlow" : true,
+ "requirement" : "CONDITIONAL",
+ "priority" : 20,
+ "autheticatorFlow" : true,
+ "flowAlias" : "Browser - Conditional OTP",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "ed74db0e-1714-44d3-824e-a687be5b8c47",
+ "alias" : "http challenge",
+ "description" : "An authentication flow based on challenge-response HTTP Authentication Schemes",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "no-cookie-redirect",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticatorFlow" : true,
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "autheticatorFlow" : true,
+ "flowAlias" : "Authentication Options",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "02fcb19a-ed47-4bef-a33d-5329bf683e36",
+ "alias" : "registration",
+ "description" : "registration flow",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "registration-page-form",
+ "authenticatorFlow" : true,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : true,
+ "flowAlias" : "registration form",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "21b1748a-8641-4102-a7fa-783818f22b61",
+ "alias" : "registration form",
+ "description" : "registration form",
+ "providerId" : "form-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "registration-user-creation",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "registration-profile-action",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 40,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "registration-password-action",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 50,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "registration-recaptcha-action",
+ "authenticatorFlow" : false,
+ "requirement" : "DISABLED",
+ "priority" : 60,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "3b8ac3fc-33c3-4256-86a9-ffffdacb23a2",
+ "alias" : "reset credentials",
+ "description" : "Reset credentials for a user if they forgot their password or something",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "reset-credentials-choose-user",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "reset-credential-email",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "reset-password",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 30,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticatorFlow" : true,
+ "requirement" : "CONDITIONAL",
+ "priority" : 40,
+ "autheticatorFlow" : true,
+ "flowAlias" : "Reset - Conditional OTP",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "4990a687-af96-4554-bd1f-f734fcd9ca1f",
+ "alias" : "saml ecp",
+ "description" : "SAML ECP Profile Authentication Flow",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "http-basic-authenticator",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ } ]
+ } ],
+ "authenticatorConfig" : [ {
+ "id" : "d0afe54f-2e16-4643-974e-1ed037675314",
+ "alias" : "create unique user config",
+ "config" : {
+ "require.password.update.after.registration" : "false"
+ }
+ }, {
+ "id" : "44a4393f-8f1c-4192-9645-2c413b1f39ff",
+ "alias" : "review profile config",
+ "config" : {
+ "update.profile.on.first.login" : "missing"
+ }
+ } ],
+ "requiredActions" : [ {
+ "alias" : "CONFIGURE_TOTP",
+ "name" : "Configure OTP",
+ "providerId" : "CONFIGURE_TOTP",
+ "enabled" : true,
+ "defaultAction" : false,
+ "priority" : 10,
+ "config" : { }
+ }, {
+ "alias" : "terms_and_conditions",
+ "name" : "Terms and Conditions",
+ "providerId" : "terms_and_conditions",
+ "enabled" : false,
+ "defaultAction" : false,
+ "priority" : 20,
+ "config" : { }
+ }, {
+ "alias" : "UPDATE_PASSWORD",
+ "name" : "Update Password",
+ "providerId" : "UPDATE_PASSWORD",
+ "enabled" : true,
+ "defaultAction" : false,
+ "priority" : 30,
+ "config" : { }
+ }, {
+ "alias" : "UPDATE_PROFILE",
+ "name" : "Update Profile",
+ "providerId" : "UPDATE_PROFILE",
+ "enabled" : true,
+ "defaultAction" : false,
+ "priority" : 40,
+ "config" : { }
+ }, {
+ "alias" : "VERIFY_EMAIL",
+ "name" : "Verify Email",
+ "providerId" : "VERIFY_EMAIL",
+ "enabled" : true,
+ "defaultAction" : false,
+ "priority" : 50,
+ "config" : { }
+ }, {
+ "alias" : "delete_account",
+ "name" : "Delete Account",
+ "providerId" : "delete_account",
+ "enabled" : false,
+ "defaultAction" : false,
+ "priority" : 60,
+ "config" : { }
+ }, {
+ "alias" : "update_user_locale",
+ "name" : "Update User Locale",
+ "providerId" : "update_user_locale",
+ "enabled" : true,
+ "defaultAction" : false,
+ "priority" : 1000,
+ "config" : { }
+ } ],
+ "browserFlow" : "browser",
+ "registrationFlow" : "registration",
+ "directGrantFlow" : "direct grant",
+ "resetCredentialsFlow" : "reset credentials",
+ "clientAuthenticationFlow" : "clients",
+ "dockerAuthenticationFlow" : "docker auth",
+ "attributes" : {
+ "cibaBackchannelTokenDeliveryMode" : "poll",
+ "cibaExpiresIn" : "120",
+ "cibaAuthRequestedUserHint" : "login_hint",
+ "oauth2DeviceCodeLifespan" : "600",
+ "clientOfflineSessionMaxLifespan" : "0",
+ "oauth2DevicePollingInterval" : "5",
+ "clientSessionIdleTimeout" : "0",
+ "parRequestUriLifespan" : "60",
+ "clientSessionMaxLifespan" : "0",
+ "clientOfflineSessionIdleTimeout" : "0",
+ "cibaInterval" : "5"
+ },
+ "keycloakVersion" : "18.0.0",
+ "userManagedAccessAllowed" : false,
+ "clientProfiles" : {
+ "profiles" : [ ]
+ },
+ "clientPolicies" : {
+ "policies" : [ ]
+ }
+}
\ No newline at end of file
diff --git a/bin/keycloak_test_secrets.json b/bin/keycloak_test_secrets.json
new file mode 100644
index 00000000..9bdcb023
--- /dev/null
+++ b/bin/keycloak_test_secrets.json
@@ -0,0 +1,14 @@
+{
+ "web": {
+ "issuer": "http://localhost:8080/realms/finance",
+ "auth_uri": "http://localhost:8080/realms/finance/protocol/openid-connect/auth",
+ "client_id": "myclient",
+ "client_secret": "OAh6rkjXIiPJDtPOz4459i3VtdlxGcce",
+ "redirect_uris": [
+ "http://localhost:5000/*"
+ ],
+ "userinfo_uri": "http://localhost:8080/realms/finance/protocol/openid-connect/userinfo",
+ "token_uri": "http://localhost:8080/realms/finance/protocol/openid-connect/token",
+ "token_introspection_uri": "http://localhost:8080/realms/finance/protocol/openid-connect/token/introspect"
+ }
+}
diff --git a/bin/keycloak_test_server.py b/bin/keycloak_test_server.py
new file mode 100644
index 00000000..16f3619b
--- /dev/null
+++ b/bin/keycloak_test_server.py
@@ -0,0 +1,87 @@
+import json
+import logging
+
+from flask import Flask, g
+from flask_oidc import OpenIDConnect
+import requests
+
+logging.basicConfig(level=logging.DEBUG)
+
+app = Flask(__name__)
+app.config.update({
+ 'SECRET_KEY': 'SomethingNotEntirelySecret',
+ 'TESTING': True,
+ 'DEBUG': True,
+ 'OIDC_CLIENT_SECRETS': 'bin/keycloak_test_secrets.json',
+ 'OIDC_ID_TOKEN_COOKIE_SECURE': False,
+ 'OIDC_REQUIRE_VERIFIED_EMAIL': False,
+ 'OIDC_USER_INFO_ENABLED': True,
+ 'OIDC_OPENID_REALM': 'flask-demo',
+ 'OIDC_SCOPES': ['openid', 'email', 'profile'],
+ 'OIDC_INTROSPECTION_AUTH_METHOD': 'client_secret_post'
+})
+
+oidc = OpenIDConnect(app)
+
+
+@app.route('/')
+def hello_world():
+ if oidc.user_loggedin:
+ return ('Hello, %s, See private '
+ 'Log out') % \
+ oidc.user_getfield('preferred_username')
+ else:
+ return 'Welcome anonymous, Log in'
+
+
+@app.route('/private')
+@oidc.require_login
+def hello_me():
+ """Example for protected endpoint that extracts private information from the OpenID Connect id_token.
+ Uses the accompanied access_token to access a backend service.
+ """
+
+ info = oidc.user_getinfo(['preferred_username', 'email', 'sub'])
+
+ username = info.get('preferred_username')
+ email = info.get('email')
+ user_id = info.get('sub')
+
+ if user_id in oidc.credentials_store:
+ try:
+ from oauth2client.client import OAuth2Credentials
+ access_token = OAuth2Credentials.from_json(oidc.credentials_store[user_id]).access_token
+ print('access_token=<%s>' % access_token)
+ headers = {'Authorization': 'Bearer %s' % (access_token)}
+ # YOLO
+ # greeting = requests.get('http://localhost:8080/greeting', headers=headers).text
+ except:
+ print("Could not access greeting-service")
+ greeting = "Hello %s" % username
+
+ return ("""%s your email is %s and your user_id is %s!
+ """ %
+ (greeting, email, user_id))
+
+
+@app.route('/api', methods=['POST'])
+@oidc.accept_token(require_token=True, scopes_required=['openid'])
+def hello_api():
+ """OAuth 2.0 protected API endpoint accessible via AccessToken"""
+
+ return json.dumps({'hello': 'Welcome %s' % g.oidc_token_info['sub']})
+
+
+@app.route('/logout')
+def logout():
+ """Performs local logout by removing the session cookie."""
+
+ oidc.logout()
+ return 'Hi, you have been logged out! Return'
+
+
+if __name__ == '__main__':
+ app.run()
diff --git a/bin/start_keycloak b/bin/start_keycloak
new file mode 100755
index 00000000..c39f408d
--- /dev/null
+++ b/bin/start_keycloak
@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+
+function error_handler() {
+ >&2 echo "Exited with BAD EXIT CODE '${2}' in ${0} script at line: ${1}."
+ exit "$2"
+}
+trap 'error_handler ${LINENO} $?' ERR
+set -o errtrace -o errexit -o nounset -o pipefail
+
+docker run -p 8080:8080 -d --rm --name keycloak -e KEYCLOAK_LOGLEVEL=ALL -e ROOT_LOGLEVEL=ALL -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak:18.0.0 start-dev
+
+# to export:
+# /opt/keycloak/bin/kc.sh export --dir /tmp/hey --users realm_file
+
+# NOTE: creds - user1 / password
+
+docker cp bin/finance-realm.json keycloak:/tmp
+docker exec keycloak /opt/keycloak/bin/kc.sh import --file /tmp/finance-realm.json
+docker logs -f keycloak