From 38c748b0cf74bc701917cc0c3229e636f2885664 Mon Sep 17 00:00:00 2001 From: jasquat Date: Fri, 14 Apr 2023 12:09:51 -0400 Subject: [PATCH] added script to add passwords to keycloak user list and moved user lists out of this repo w/ burnettk --- .../keycloak/bin/add_passwords_to_user_list | 51 + .../keycloak/realm_exports/finance-realm.json | 2175 ----------------- .../keycloak/realm_exports/quarkus-realm.json | 1964 --------------- .../keycloak/test_user_lists/admin | 4 - .../keycloak/test_user_lists/example | 2 + .../keycloak/test_user_lists/sartography | 9 - .../keycloak/test_user_lists/status | 97 - 7 files changed, 53 insertions(+), 4249 deletions(-) create mode 100755 spiffworkflow-backend/keycloak/bin/add_passwords_to_user_list delete mode 100644 spiffworkflow-backend/keycloak/realm_exports/finance-realm.json delete mode 100644 spiffworkflow-backend/keycloak/realm_exports/quarkus-realm.json delete mode 100644 spiffworkflow-backend/keycloak/test_user_lists/admin create mode 100644 spiffworkflow-backend/keycloak/test_user_lists/example delete mode 100644 spiffworkflow-backend/keycloak/test_user_lists/sartography delete mode 100644 spiffworkflow-backend/keycloak/test_user_lists/status diff --git a/spiffworkflow-backend/keycloak/bin/add_passwords_to_user_list b/spiffworkflow-backend/keycloak/bin/add_passwords_to_user_list new file mode 100755 index 00000000..f28492f7 --- /dev/null +++ b/spiffworkflow-backend/keycloak/bin/add_passwords_to_user_list @@ -0,0 +1,51 @@ +#!/usr/bin/env bash + +function error_handler() { + >&2 echo "Exited with BAD EXIT CODE '${2}' in ${0} script at line: ${1}." + exit "$2" +} +trap 'error_handler ${LINENO} $?' ERR +set -o errtrace -o errexit -o nounset -o pipefail + + +user_file_with_one_email_per_line="${1:-}" +if [[ -z "${1:-}" ]]; then + >&2 echo "usage: $(basename "$0") [user_file_with_one_email_per_line] [--replace_all_passwords - optional]" + exit 1 +fi + +replace_all_passwords="" +if grep -q '\-\-replace_all_passwords\>' <<<"$@" ; then + replace_all_passwords='true' +fi + +first_line_processed="false" + +generator_command=xkcdpass +if ! command -v "$generator_command" >/dev/null; then + generator_command=uuidgen +fi + +user_file_tmp="/tmp/$(basename "$user_file_with_one_email_per_line")" +cp "$user_file_with_one_email_per_line" "$user_file_tmp" + +while read -r input_line; do + if ! grep -qE '^#' <<<"$input_line" ; then + if [[ "$first_line_processed" == "false" ]]; then + first_line_processed=true + else + user_email=$(awk -F ',' '{print $1}' <<<"$input_line") + username=$(awk -F '@' '{print $1}' <<<"$user_email") + password=$(awk -F ',' '{print $2}' <<<"$input_line") + if [[ -z "$password" ]]; then + new_password=$($generator_command) + perl -pi -e "s/(${username}@[^,]+,)(,.*)/\1${new_password}\2/" "$user_file_tmp" + elif [[ -n "$replace_all_passwords" ]]; then + new_password=$($generator_command) + perl -pi -e "s/(${username}@[^,]+,)[^,]+(,.*)/\1${new_password}\2/" "$user_file_tmp" + fi + fi + fi +done <"$user_file_with_one_email_per_line" + +mv "$user_file_tmp" "$user_file_with_one_email_per_line" diff --git a/spiffworkflow-backend/keycloak/realm_exports/finance-realm.json b/spiffworkflow-backend/keycloak/realm_exports/finance-realm.json deleted file mode 100644 index b0705c5b..00000000 --- a/spiffworkflow-backend/keycloak/realm_exports/finance-realm.json +++ /dev/null @@ -1,2175 +0,0 @@ -{ - "id": "finance", - "realm": "finance", - "notBefore": 0, - "defaultSignatureAlgorithm": "RS256", - "revokeRefreshToken": false, - "refreshTokenMaxReuse": 0, - "accessTokenLifespan": 300, - "accessTokenLifespanForImplicitFlow": 900, - "ssoSessionIdleTimeout": 1800, - "ssoSessionMaxLifespan": 36000, - "ssoSessionIdleTimeoutRememberMe": 0, - "ssoSessionMaxLifespanRememberMe": 0, - "offlineSessionIdleTimeout": 2592000, - "offlineSessionMaxLifespanEnabled": false, - "offlineSessionMaxLifespan": 5184000, - "clientSessionIdleTimeout": 0, - "clientSessionMaxLifespan": 0, - "clientOfflineSessionIdleTimeout": 0, - "clientOfflineSessionMaxLifespan": 0, - "accessCodeLifespan": 60, - "accessCodeLifespanUserAction": 300, - "accessCodeLifespanLogin": 1800, - "actionTokenGeneratedByAdminLifespan": 43200, - "actionTokenGeneratedByUserLifespan": 300, - "oauth2DeviceCodeLifespan": 600, - "oauth2DevicePollingInterval": 5, - "enabled": true, - "sslRequired": "external", - "registrationAllowed": false, - "registrationEmailAsUsername": false, - "rememberMe": false, - "verifyEmail": false, - "loginWithEmailAllowed": true, - "duplicateEmailsAllowed": false, - "resetPasswordAllowed": false, - "editUsernameAllowed": false, - "bruteForceProtected": false, - "permanentLockout": false, - "maxFailureWaitSeconds": 900, - "minimumQuickLoginWaitSeconds": 60, - "waitIncrementSeconds": 60, - "quickLoginCheckMilliSeconds": 1000, - "maxDeltaTimeSeconds": 43200, - "failureFactor": 30, - "roles": { - "realm": [ - { - "id": "91c53dd8-cef7-41c1-b5dd-d1ea56f3b3c6", - "name": "uma_authorization", - "description": "${role_uma_authorization}", - "composite": false, - "clientRole": false, - "containerId": "finance", - "attributes": {} - }, - { - "id": "66340ad0-99c3-41ff-b252-fdda5d4e25e2", - "name": "offline_access", - "description": "${role_offline-access}", - "composite": false, - "clientRole": false, - "containerId": "finance", - "attributes": {} - }, - { - "id": "e242e32c-d024-4ce1-a14d-edb0bdc698ca", - "name": "default-roles-finance", - "description": "${role_default-roles}", - "composite": true, - "composites": { - "realm": ["offline_access", "uma_authorization"], - "client": { - "account": ["view-profile", "manage-account"] - } - }, - "clientRole": false, - "containerId": "finance", - "attributes": {} - } - ], - "client": { - "myclient": [], - "realm-management": [ - { - "id": "93da3502-aff8-4360-af69-c873b213cbe0", - "name": "view-identity-providers", - "description": "${role_view-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "f7cfc114-24d1-4c1a-9079-c630fe150ebe", - "attributes": {} - }, - { - "id": "2078ed6a-713b-43ae-a77f-63eafec8a6a9", - "name": "manage-realm", - "description": "${role_manage-realm}", - "composite": false, - "clientRole": true, - "containerId": "f7cfc114-24d1-4c1a-9079-c630fe150ebe", - "attributes": {} - }, - { - "id": "047c723f-f838-441b-9524-f074a8385e0b", - "name": "query-realms", - "description": "${role_query-realms}", - "composite": false, - "clientRole": true, - "containerId": "f7cfc114-24d1-4c1a-9079-c630fe150ebe", - "attributes": {} - }, - { - "id": "93aa19cf-0b88-4858-a3e0-394096e7e3fa", - "name": "manage-events", - "description": "${role_manage-events}", - "composite": false, - "clientRole": true, - "containerId": "f7cfc114-24d1-4c1a-9079-c630fe150ebe", - "attributes": {} - }, - { - "id": "8a2b5032-d73f-45f8-91b5-6948baa114a8", - "name": "view-events", - "description": "${role_view-events}", - "composite": false, - "clientRole": true, - "containerId": "f7cfc114-24d1-4c1a-9079-c630fe150ebe", - "attributes": {} - }, - { - "id": "d2cee878-d3cf-48dc-9350-f5cc5eaece2d", - "name": "impersonation", - "description": "${role_impersonation}", - "composite": false, - "clientRole": true, - "containerId": "f7cfc114-24d1-4c1a-9079-c630fe150ebe", - "attributes": {} - }, - { - "id": "722e7467-5670-4cc6-aedd-111cf79c47bc", - "name": "manage-identity-providers", - "description": "${role_manage-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "f7cfc114-24d1-4c1a-9079-c630fe150ebe", - "attributes": {} - }, - { - "id": "10813786-1ef3-45d0-b91e-4b5bf48a210a", - "name": "manage-authorization", - "description": "${role_manage-authorization}", - "composite": false, - "clientRole": true, - "containerId": "f7cfc114-24d1-4c1a-9079-c630fe150ebe", - "attributes": {} - }, - { - "id": "8ae7aa75-86b1-4cf3-b08f-20b1ba101b35", - "name": "realm-admin", - "description": "${role_realm-admin}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "view-identity-providers", - "manage-realm", - "query-realms", - "view-events", - "manage-events", - "impersonation", - "manage-identity-providers", - "manage-authorization", - "view-realm", - "manage-clients", - "create-client", - "manage-users", - "view-clients", - "query-clients", - "query-groups", - "view-users", - "view-authorization", - "query-users" - ] - } - }, - "clientRole": true, - "containerId": "f7cfc114-24d1-4c1a-9079-c630fe150ebe", - "attributes": {} - }, - { - "id": "dbe4b8ec-0d4e-4bec-b216-f32ee9e5066f", - "name": "manage-clients", - "description": "${role_manage-clients}", - "composite": false, - "clientRole": true, - "containerId": "f7cfc114-24d1-4c1a-9079-c630fe150ebe", - "attributes": {} - }, - { - "id": "38975601-e621-41ed-ae11-1129e623a521", - "name": "view-realm", - "description": "${role_view-realm}", - "composite": false, - "clientRole": true, - "containerId": "f7cfc114-24d1-4c1a-9079-c630fe150ebe", - "attributes": {} - }, - { - "id": "4ed08d6b-3007-4756-9d8d-4b6fb15a5cfa", - "name": "create-client", - "description": "${role_create-client}", - "composite": false, - "clientRole": true, - "containerId": "f7cfc114-24d1-4c1a-9079-c630fe150ebe", - "attributes": {} - }, - { - "id": "21071417-8445-40f2-9213-dca727200d48", - "name": "manage-users", - "description": "${role_manage-users}", - "composite": false, - "clientRole": true, - "containerId": "f7cfc114-24d1-4c1a-9079-c630fe150ebe", - "attributes": {} - }, - { - "id": "a8201ba5-009e-44aa-8bd9-00c3a9bd8d9d", - "name": "view-clients", - "description": "${role_view-clients}", - "composite": true, - "composites": { - "client": { - "realm-management": ["query-clients"] - } - }, - "clientRole": true, - "containerId": "f7cfc114-24d1-4c1a-9079-c630fe150ebe", - "attributes": {} - }, - { - "id": "37bce984-5fe7-4a65-b79c-dd8e39711299", - "name": "query-clients", - "description": "${role_query-clients}", - "composite": false, - "clientRole": true, - "containerId": "f7cfc114-24d1-4c1a-9079-c630fe150ebe", - "attributes": {} - }, - { - "id": "e9fa2bd5-19e5-49bd-b378-0dd57ce3e613", - "name": "query-groups", - "description": "${role_query-groups}", - "composite": false, - "clientRole": true, - "containerId": "f7cfc114-24d1-4c1a-9079-c630fe150ebe", - "attributes": {} - }, - { - "id": "1269ce35-e8ab-420e-8859-6e125e77fc0d", - "name": "view-authorization", - "description": "${role_view-authorization}", - "composite": false, - "clientRole": true, - "containerId": "f7cfc114-24d1-4c1a-9079-c630fe150ebe", - "attributes": {} - }, - { - "id": "0f0a08d3-f9bc-411e-8b83-57755b5a9781", - "name": "view-users", - "description": "${role_view-users}", - "composite": true, - "composites": { - "client": { - "realm-management": ["query-groups", "query-users"] - } - }, - "clientRole": true, - "containerId": "f7cfc114-24d1-4c1a-9079-c630fe150ebe", - "attributes": {} - }, - { - "id": "e121c64b-aad1-46d3-89b4-d1f4153c90b6", - "name": "query-users", - "description": "${role_query-users}", - "composite": false, - "clientRole": true, - "containerId": "f7cfc114-24d1-4c1a-9079-c630fe150ebe", - "attributes": {} - } - ], - "security-admin-console": [], - "admin-cli": [], - "account-console": [], - "broker": [ - { - "id": "267cd124-0c66-416a-a106-7033901670ea", - "name": "read-token", - "description": "${role_read-token}", - "composite": false, - "clientRole": true, - "containerId": "c37d2d5b-15f6-48bc-8325-3be33787dae4", - "attributes": {} - } - ], - "account": [ - { - "id": "4a1f6c73-951a-48ef-b29c-216dafe7a28b", - "name": "delete-account", - "description": "${role_delete-account}", - "composite": false, - "clientRole": true, - "containerId": "e2e246a4-d75f-4163-8605-703d16a26f27", - "attributes": {} - }, - { - "id": "6d79ccbb-1bbf-441d-8aa4-4157e150a34f", - "name": "manage-consent", - "description": "${role_manage-consent}", - "composite": true, - "composites": { - "client": { - "account": ["view-consent"] - } - }, - "clientRole": true, - "containerId": "e2e246a4-d75f-4163-8605-703d16a26f27", - "attributes": {} - }, - { - "id": "f9536a0a-a36b-454f-b1d5-773544618853", - "name": "view-profile", - "description": "${role_view-profile}", - "composite": false, - "clientRole": true, - "containerId": "e2e246a4-d75f-4163-8605-703d16a26f27", - "attributes": {} - }, - { - "id": "f1b737bd-afaa-45a4-8613-1e37db0d05e5", - "name": "view-applications", - "description": "${role_view-applications}", - "composite": false, - "clientRole": true, - "containerId": "e2e246a4-d75f-4163-8605-703d16a26f27", - "attributes": {} - }, - { - "id": "34d08665-3194-43fd-94c4-482039ca32db", - "name": "view-consent", - "description": "${role_view-consent}", - "composite": false, - "clientRole": true, - "containerId": "e2e246a4-d75f-4163-8605-703d16a26f27", - "attributes": {} - }, - { - "id": "96e2cb37-6d07-4dce-804d-c9b286a815e6", - "name": "manage-account", - "description": "${role_manage-account}", - "composite": true, - "composites": { - "client": { - "account": ["manage-account-links"] - } - }, - "clientRole": true, - "containerId": "e2e246a4-d75f-4163-8605-703d16a26f27", - "attributes": {} - }, - { - "id": "c2d5d2d2-c524-4a75-a98a-510083496448", - "name": "manage-account-links", - "description": "${role_manage-account-links}", - "composite": false, - "clientRole": true, - "containerId": "e2e246a4-d75f-4163-8605-703d16a26f27", - "attributes": {} - } - ] - } - }, - "groups": [], - "defaultRole": { - "id": "e242e32c-d024-4ce1-a14d-edb0bdc698ca", - "name": "default-roles-finance", - "description": "${role_default-roles}", - "composite": true, - "clientRole": false, - "containerId": "finance" - }, - "requiredCredentials": ["password"], - "otpPolicyType": "totp", - "otpPolicyAlgorithm": "HmacSHA1", - "otpPolicyInitialCounter": 0, - "otpPolicyDigits": 6, - "otpPolicyLookAheadWindow": 1, - "otpPolicyPeriod": 30, - "otpSupportedApplications": ["FreeOTP", "Google Authenticator"], - "webAuthnPolicyRpEntityName": "keycloak", - "webAuthnPolicySignatureAlgorithms": ["ES256"], - "webAuthnPolicyRpId": "", - "webAuthnPolicyAttestationConveyancePreference": "not specified", - "webAuthnPolicyAuthenticatorAttachment": "not specified", - "webAuthnPolicyRequireResidentKey": "not specified", - "webAuthnPolicyUserVerificationRequirement": "not specified", - "webAuthnPolicyCreateTimeout": 0, - "webAuthnPolicyAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyAcceptableAaguids": [], - "webAuthnPolicyPasswordlessRpEntityName": "keycloak", - "webAuthnPolicyPasswordlessSignatureAlgorithms": ["ES256"], - "webAuthnPolicyPasswordlessRpId": "", - "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", - "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", - "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", - "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", - "webAuthnPolicyPasswordlessCreateTimeout": 0, - "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyPasswordlessAcceptableAaguids": [], - "users": [ - { - "id": "005c3d73-6330-4fdb-99c2-55222ecfb45c", - "createdTimestamp": 1653320371308, - "username": "user1", - "enabled": true, - "totp": false, - "emailVerified": false, - "credentials": [ - { - "id": "10256a1f-6966-49c9-a052-46098b447820", - "type": "password", - "createdDate": 1653326993658, - "secretData": "{\"value\":\"+1pFlfNSbupUdw/TCFYOwLVlBkaqQPox767DifigdbBH/+n7EUVk1QBMCEOByX3Eah2AHAHHjOgBSiK6G3OXUQ==\",\"salt\":\"UZPJ0/Rtkbfb/9xnxmiAbw==\",\"additionalParameters\":{}}", - "credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" - } - ], - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": ["default-roles-finance"], - "notBefore": 0, - "groups": [] - } - ], - "scopeMappings": [ - { - "clientScope": "offline_access", - "roles": ["offline_access"] - } - ], - "clients": [ - { - "id": "e2e246a4-d75f-4163-8605-703d16a26f27", - "clientId": "account", - "name": "${client_account}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/finance/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": ["/realms/finance/account/*"], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "acr", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "b676e1d8-4b72-47f7-bac9-b46c19b6c1d5", - "clientId": "account-console", - "name": "${client_account-console}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/finance/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": ["/realms/finance/account/*"], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "pkce.code.challenge.method": "S256" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "cbfda10b-14c2-4a4a-ac0b-b3164b1a6707", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - } - ], - "defaultClientScopes": [ - "web-origins", - "acr", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "91b23b28-6e4b-4bd6-9444-883c01164cbf", - "clientId": "admin-cli", - "name": "${client_admin-cli}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "acr", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "c37d2d5b-15f6-48bc-8325-3be33787dae4", - "clientId": "broker", - "name": "${client_broker}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "acr", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "df91423f-c80a-40e9-90f7-9619b9937a88", - "clientId": "myclient", - "rootUrl": "https://www.keycloak.org/app/", - "adminUrl": "https://www.keycloak.org/app/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "OAh6rkjXIiPJDtPOz4459i3VtdlxGcce", - "redirectUris": ["http://localhost:5005/*"], - "webOrigins": ["https://www.keycloak.org"], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "frontchannel.logout.session.required": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "oidc.ciba.grant.enabled": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "saml.allow.ecp.flow": "false", - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "client.secret.creation.time": "1653320645", - "saml.encrypt": "false", - "saml.server.signature": "false", - "exclude.session.state.from.auth.response": "false", - "saml.artifact.binding": "false", - "saml_force_name_id_format": "false", - "acr.loa.map": "{}", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "token.response.type.bearer.lower-case": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "acr", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "f7cfc114-24d1-4c1a-9079-c630fe150ebe", - "clientId": "realm-management", - "name": "${client_realm-management}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "acr", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "b5dcaf49-414a-4dc9-a322-343b3a42bc2c", - "clientId": "security-admin-console", - "name": "${client_security-admin-console}", - "rootUrl": "${authAdminUrl}", - "baseUrl": "/admin/finance/console/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": ["/admin/finance/console/*"], - "webOrigins": ["+"], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "pkce.code.challenge.method": "S256" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "88310466-5078-4046-bf2c-f224409ca180", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "acr", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - } - ], - "clientScopes": [ - { - "id": "af549e77-9526-4df2-99c4-d03b930f3754", - "name": "offline_access", - "description": "OpenID Connect built-in scope: offline_access", - "protocol": "openid-connect", - "attributes": { - "consent.screen.text": "${offlineAccessScopeConsentText}", - "display.on.consent.screen": "true" - } - }, - { - "id": "b491f331-3ba8-4caf-bb5c-60605fbea094", - "name": "web-origins", - "description": "OpenID Connect scope for add allowed web origins to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "false", - "consent.screen.text": "" - }, - "protocolMappers": [ - { - "id": "636f662f-1f3b-490b-a350-50dbdb33dbd6", - "name": "allowed web origins", - "protocol": "openid-connect", - "protocolMapper": "oidc-allowed-origins-mapper", - "consentRequired": false, - "config": {} - } - ] - }, - { - "id": "3075a8bb-feec-4317-b6b8-199fff003e78", - "name": "microprofile-jwt", - "description": "Microprofile - JWT built-in scope", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ - { - "id": "9b0b611e-5a74-42cb-8a8b-db57b072798c", - "name": "upn", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "upn", - "jsonType.label": "String" - } - }, - { - "id": "a71a281e-3397-4b59-8c8f-90a0c2596ced", - "name": "groups", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "multivalued": "true", - "userinfo.token.claim": "true", - "user.attribute": "foo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "groups", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "497f4647-6fda-4414-b28a-de9dd2fa71be", - "name": "email", - "description": "OpenID Connect built-in scope: email", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${emailScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "38883a67-1be8-4b3b-b49b-2958eb3ac537", - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" - } - }, - { - "id": "cfe47ce1-29f0-47b2-a4ee-62583d0219ef", - "name": "email verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "emailVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email_verified", - "jsonType.label": "boolean" - } - } - ] - }, - { - "id": "57757394-3904-49dd-b006-761f9deb8b3c", - "name": "address", - "description": "OpenID Connect built-in scope: address", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${addressScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "49fd59ae-f76c-4563-a55b-246c0927c71b", - "name": "address", - "protocol": "openid-connect", - "protocolMapper": "oidc-address-mapper", - "consentRequired": false, - "config": { - "user.attribute.formatted": "formatted", - "user.attribute.country": "country", - "user.attribute.postal_code": "postal_code", - "userinfo.token.claim": "true", - "user.attribute.street": "street", - "id.token.claim": "true", - "user.attribute.region": "region", - "access.token.claim": "true", - "user.attribute.locality": "locality" - } - } - ] - }, - { - "id": "854568f7-6ee5-457b-b14c-5624e6712d47", - "name": "acr", - "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ - { - "id": "122e4c4b-6db8-4ca0-b2ae-040bd4062fc1", - "name": "acr loa level", - "protocol": "openid-connect", - "protocolMapper": "oidc-acr-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - } - ] - }, - { - "id": "b08be6ff-96fc-4ef1-811f-73d3c8eef401", - "name": "phone", - "description": "OpenID Connect built-in scope: phone", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${phoneScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "a6b7b8bd-b6ca-43e0-aa97-c6ef2985ae71", - "name": "phone number", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumber", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number", - "jsonType.label": "String" - } - }, - { - "id": "8375a9f1-5355-457f-96b4-33fb687c9352", - "name": "phone number verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumberVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number_verified", - "jsonType.label": "boolean" - } - } - ] - }, - { - "id": "20dd9fdb-e39f-4e8d-873e-4d03b0f52fd6", - "name": "profile", - "description": "OpenID Connect built-in scope: profile", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${profileScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "a4fa4e5c-7503-4974-9efa-166fe982df0b", - "name": "given name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "firstName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" - } - }, - { - "id": "88b23bba-5a2e-4f46-b786-d049c0f84175", - "name": "profile", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "profile", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "profile", - "jsonType.label": "String" - } - }, - { - "id": "949c9cd3-5a2c-43ee-9b65-20c36957c023", - "name": "picture", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "picture", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "picture", - "jsonType.label": "String" - } - }, - { - "id": "dea37916-c26a-405d-aefc-9d66ffaea3e2", - "name": "username", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" - } - }, - { - "id": "31891161-c569-4168-a8c9-250fd63c8e9e", - "name": "gender", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "gender", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "gender", - "jsonType.label": "String" - } - }, - { - "id": "a4e05e95-4c9f-45e7-8d88-d439ee6a1cc9", - "name": "birthdate", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "birthdate", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "birthdate", - "jsonType.label": "String" - } - }, - { - "id": "7ce53f52-eadc-4b71-b66b-029d01291e8f", - "name": "zoneinfo", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "zoneinfo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "zoneinfo", - "jsonType.label": "String" - } - }, - { - "id": "dffa1341-02d6-4bd6-aa20-3de3d2ecb500", - "name": "nickname", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "nickname", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "nickname", - "jsonType.label": "String" - } - }, - { - "id": "dd4882ce-352c-4118-b5d2-9e5e67158a56", - "name": "middle name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "middleName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "middle_name", - "jsonType.label": "String" - } - }, - { - "id": "f4c115d4-8fdd-409f-8ae1-6f7669dd0400", - "name": "full name", - "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "id": "9fda30b9-b251-4177-9046-557478df1c3f", - "name": "family name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "lastName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" - } - }, - { - "id": "b05b341f-1f37-439c-90fc-0366c964d34a", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - }, - { - "id": "c1969485-c36f-437b-a681-42bfb3a15b37", - "name": "website", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "website", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "website", - "jsonType.label": "String" - } - }, - { - "id": "7d95cd7f-8f25-474a-a9ef-1bd793f7c52f", - "name": "updated at", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "updatedAt", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "updated_at", - "jsonType.label": "long" - } - } - ] - }, - { - "id": "57a8e94a-3275-4d31-8409-a33e4efea380", - "name": "role_list", - "description": "SAML role list", - "protocol": "saml", - "attributes": { - "consent.screen.text": "${samlRoleListScopeConsentText}", - "display.on.consent.screen": "true" - }, - "protocolMappers": [ - { - "id": "e1582dca-683f-4743-bdc8-4fa9b6580f1e", - "name": "role list", - "protocol": "saml", - "protocolMapper": "saml-role-list-mapper", - "consentRequired": false, - "config": { - "single": "false", - "attribute.nameformat": "Basic", - "attribute.name": "Role" - } - } - ] - }, - { - "id": "1d67898f-ed21-4943-adaf-749fdf007e32", - "name": "roles", - "description": "OpenID Connect scope for add user roles to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "true", - "consent.screen.text": "${rolesScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "5b736866-be1d-42b3-ab22-56614b40a55c", - "name": "client roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-client-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "resource_access.${client_id}.roles", - "jsonType.label": "String", - "multivalued": "true" - } - }, - { - "id": "7a5031af-da7f-4832-b1ae-97a3d36eba0d", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - }, - { - "id": "8ecfdd17-b555-42c3-b86b-088b88531575", - "name": "realm roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "realm_access.roles", - "jsonType.label": "String", - "multivalued": "true" - } - } - ] - } - ], - "defaultDefaultClientScopes": [ - "roles", - "profile", - "email", - "role_list", - "acr", - "web-origins" - ], - "defaultOptionalClientScopes": [ - "microprofile-jwt", - "address", - "offline_access", - "phone" - ], - "browserSecurityHeaders": { - "contentSecurityPolicyReportOnly": "", - "xContentTypeOptions": "nosniff", - "xRobotsTag": "none", - "xFrameOptions": "SAMEORIGIN", - "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - "xXSSProtection": "1; mode=block", - "strictTransportSecurity": "max-age=31536000; includeSubDomains" - }, - "smtpServer": {}, - "eventsEnabled": false, - "eventsListeners": ["jboss-logging"], - "enabledEventTypes": [], - "adminEventsEnabled": false, - "adminEventsDetailsEnabled": false, - "identityProviders": [], - "identityProviderMappers": [], - "components": { - "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ - { - "id": "07e852dc-d1b8-446e-8e6c-cc8cba09d67b", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allow-default-scopes": ["true"] - } - }, - { - "id": "6a31e7b4-c1e4-4b98-aff8-b797635c8685", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "3b45a6bb-607a-42ba-828d-cbe3bb4822d1", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "oidc-usermodel-attribute-mapper", - "saml-role-list-mapper", - "saml-user-attribute-mapper", - "oidc-address-mapper", - "saml-user-property-mapper", - "oidc-full-name-mapper", - "oidc-sha256-pairwise-sub-mapper", - "oidc-usermodel-property-mapper" - ] - } - }, - { - "id": "3d0c68f7-fadc-45e5-9cb1-011569ff4848", - "name": "Max Clients Limit", - "providerId": "max-clients", - "subType": "anonymous", - "subComponents": {}, - "config": { - "max-clients": ["200"] - } - }, - { - "id": "568cdc09-0bc8-4d55-9571-ec79111afda2", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "oidc-address-mapper", - "saml-role-list-mapper", - "saml-user-property-mapper", - "oidc-usermodel-property-mapper", - "oidc-usermodel-attribute-mapper", - "oidc-sha256-pairwise-sub-mapper", - "oidc-full-name-mapper", - "saml-user-attribute-mapper" - ] - } - }, - { - "id": "04676764-b892-4c0a-86ec-9bb2ab43941a", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "7876d668-bfec-44c2-8531-43d05ce26a55", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allow-default-scopes": ["true"] - } - }, - { - "id": "84af08d2-2d53-491c-b474-ff048c113893", - "name": "Trusted Hosts", - "providerId": "trusted-hosts", - "subType": "anonymous", - "subComponents": {}, - "config": { - "host-sending-registration-request-must-match": ["true"], - "client-uris-must-match": ["true"] - } - } - ], - "org.keycloak.keys.KeyProvider": [ - { - "id": "7702a515-b69c-49e0-81c9-41995c9336a2", - "name": "rsa-enc-generated", - "providerId": "rsa-enc-generated", - "subComponents": {}, - "config": { - "privateKey": [ - "MIIEpQIBAAKCAQEA0vzcavVrsY6k9yLNvLlYv+0HYoz8tJMsG121qIlYRmHMqehXNdQeTCwG9eT22CnCwIeuarzO7G5nx1Gr6+Xtwijpw9+F1apmXgw41bXAvF0v7ujvxCoUVczKEfjP/9dpFWbgXYiB+A2/FzBgpPtGAqpdt0JVkMbINwYyOKc8hNfEJpogvb7VLzyiVSTBSHg7MK+U2XwQZ7p9hwY4Y+yTBRr9NKlrZhiwY49+iBg5bBYINeCmK6dYQp0IsdvSKSXfgHKGbIF9b8uVTyjJPHe6JMirxRWFWRRU8s5QdMeA2/kbnx9UV4nVi9XixAg7/94qe/HGeZvf3uqcEdmQrchHgQIDAQABAoIBAARfNPoKZ9bgC88LK5QziwE/Gh4SqdHcEtfmUzNQ1UFwGVuT8uqsoIwXhXVm7y5/fweaSCTyEJ+ZkhDxQky7EPgq/N0QLqfExiZAvpS/FWVR0QJ0VTONY6p7edxxeW3lusm0vgVyJK9NKZ6DZB1HD6ZSfWqktz0uwUtSl4vQ+1INVOFPNKNP+DpKeyol4BLZ8KLWEZcxCOm8s6i+5DQTODQE+a1+wAzsqQii7iHuOKkLZVGdDBWMd1ydP6mBtH99bMheFOkaSy+zsVV042JVv88ohh95emx95zCFIRSgvS4OqGCRBpk57feHD+XF7nWfIY3QoOPMez1DEbWKKvEsxzkCgYEA8mf+Cpinay2U+x6ep234H+RDMSEzpcluxV8dUyZWSmW1akP5YZq1alW01S4clOP6/vHjQmRrN3yG1/s5karBgyJcE8BUAmM0jJaGOAIfJRJVJqbGo4B1/eKfOBHhNSItwjWXujCqGOQmUTOB3r0t9tTa4PLXtPFnZ2yCniMYzD8CgYEA3tHSY1ZeAST2LVC4NBu5IlDQmQUT/YM4+17aAzhq35N8oS2vXq+7INx4fXRO2pWq/cO7d6Xz8dGozQlSUl2a+mFRZmJuRkQ5Viv2fELNz1cByz7Otn5yqk5VQAUN628sijHXsFlLt9sk7ohDNcHSqp1AnQ6dI2+HK3uDWHZg/D8CgYEAqDKkQXH+6Q1tzHlImOBjRK28OcDR9303kVgYHvQA+ApuwNd9mM4ihzAFE861IlK2fGQWzqCjDJMpdX/qSDr1nyoePc47/JQdiFeBticyuSRpVTJvrk+aj5nJ5LvzSkz290T8jMLro+3a8IkO2iDmXdkALwoRxomiuE7Aqz2rHT0CgYEAhGfqvVz1P3jXUNZGn7BZsyqSyltaJat0kOssYf2EhJb/2EdtjraeXEim0OXsdbe6hFFrdQ4IiAouZKjFYmx9S4vI8y5KmTaxW6OENRL9edgaGMyZyZgaS1mBDynxu5W0weocYY6uj/KJX7VZOviSVxBa9PlaJ1R+3jfnNQojV8ECgYEAxRphKa2E6b9dANF1uyincbmafp/yJ0bStmzyY2gbAak/gBQw8Nyamo/CVDIGusQJdb0hsd7hB8QjC20i/T1uFz2KE4w1RzTHvtiO4z3FBdlYDJ+nZOQb8KRH8YATRn4gtAxeM1mOiT9ZT3t1LMTNZOVBMXnN1xQQa/iIZ+96Iow=" - ], - "keyUse": ["ENC"], - "certificate": [ - "MIICnTCCAYUCBgGA8Y4ipTANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdmaW5hbmNlMB4XDTIyMDUyMzE1MzI0NVoXDTMyMDUyMzE1MzQyNVowEjEQMA4GA1UEAwwHZmluYW5jZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANL83Gr1a7GOpPcizby5WL/tB2KM/LSTLBtdtaiJWEZhzKnoVzXUHkwsBvXk9tgpwsCHrmq8zuxuZ8dRq+vl7cIo6cPfhdWqZl4MONW1wLxdL+7o78QqFFXMyhH4z//XaRVm4F2IgfgNvxcwYKT7RgKqXbdCVZDGyDcGMjinPITXxCaaIL2+1S88olUkwUh4OzCvlNl8EGe6fYcGOGPskwUa/TSpa2YYsGOPfogYOWwWCDXgpiunWEKdCLHb0ikl34ByhmyBfW/LlU8oyTx3uiTIq8UVhVkUVPLOUHTHgNv5G58fVFeJ1YvV4sQIO//eKnvxxnmb397qnBHZkK3IR4ECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAngNl7wr2JsoTsAML0aUMFhRKuZKhsOluUlR5BaU5FpCIM902YqVtDmlDaPJhbGr6+JvDsAaHvhqiv9V4ShzcjYEiYJzDYnvJb3tA+AhSXAIU1WpeVEikeiHltb6repc2BFvMmVKOWntv6JSi35WopxQU6WwCjquZdYFGLDFrS2TsOo4N5n6h15IDUNLQxd+g4v4u8rWO/f0vmtLinIurW8CpK3uq5rm6gfy8ooJ7VKbyF0EP3wecLZr32NQ4DZpct1CSl6pr3Rvh9JMWrIr+5kXkVFLpnuOT0d5Y4ZiKPBZd1+rLLqblj6U6UPa7kcxay8R+jU5YrZLZO3VuIM3R7A==" - ], - "priority": ["100"], - "algorithm": ["RSA-OAEP"] - } - }, - { - "id": "1c415214-0b91-4853-810c-aea64593896e", - "name": "rsa-generated", - "providerId": "rsa-generated", - "subComponents": {}, - "config": { - "privateKey": [ - "MIIEogIBAAKCAQEAge/hw7KOQWkafuPbIMWNtxOmaAhc/nEI5RjEbDCyU3eqKOT7NYdRM0IpcAG0L6K+LW38c5oUrnHw525z9DJ8rNedMCRJsLZiJlz+PdJBWlfFImS3jzDRL0lbqZLvF3In9dIAsOFvHN8CQdnU8QPWQ22S+LIdMed3M1FPV4wtnv3QGATDGEbwiALgF12wpOUQP+bJrdBSpkQMGY8WTWMe5OXbXCvhp9XDExaXrrJigCLqug6WrNeo7UKEi5yaOgwC/msNXxQmXKBIke7WaLuX2mFmJ7jRDHI09WmYGTRMyi+bebRq063IulTNXWsVfOYhC63PAoT9QwiChKlRtey7gQIDAQABAoIBAFTP1+Pds17clK/IWGpuqE6cY9y5wMFP1Id9ABDCRFOY4xdoRtQsrAKyJ8v1QMBrEIkkpkhqhR9MPftBrCvznE9ROUeIGBVhJnV183k0uPWYHpORfALZ0WB1GIB56Ne76ntYhJzvuI/2vElxPr3GTF+csPblg4rkU3jKlOhHFiwU++IAJ9zTO97XqSPSvt5VmpjKNRRN0dodY1cVxPiCybi1F6Xk4E5XTqWoBxggVwM4BbXxDply+Ec7+RULfE2TTFb6YNHbnyV8xE1TlCZPU4+Tws6izJZi/YPwBWgv6CZF1zTLkNMPiCp3+isZN79wpqYKvjk0Y1SrtcawIi/9ocECgYEA2FTiFWdvzHn9vgw2wTxCb2pY46TTeQ/kjSKqIQDYZwzy2kNFDF/NZXIFp3FdROO0LJyrBwtp5PdDMDrKWhEu2eVNNFoqaCcS/LpY+m0MNw5fhQSfyHm8jPUZGsrKHh24T7hRi0S7N92gTos0bp0JURJ4/E+4MFE86Woic9pnrqkCgYEAmcNvOKtk1pczO1x26gpGQe3jd1F/LhPKDb2JvFrEviFczXT26AeTX9Tpe+S9sDwLrmTHmeKRITFO+bpUv0CqsAR+4EPZg1CYtcL8xC7wjmxqI7fyfeeREs0t7sojD2pa4m+aY1PwH3GD8Gs/V6Ei6JoDn2fHw64cLtiT8Y1EZRkCgYBon0yjy12PR2RHGEMW2xzKI2WP2rQHdX80HpKm2XDPDb0Zf7USEfcU27sOSs4vtev6M16nTobNHCQbXCNmwa6l5Lac3gpqSpNtNHY5zqk8qy/Y9e6MlwtwJE0a3v426Gqt61dMglYE46NWuQ4HfNz3n3Zxl+BdRbyuqgy1eOfx2QKBgGxO2EIPoGjzehffKrfyYsi/21DJrA71y4ZgMuvk996BO5BRSjXoWCvRmmE1n1PLB+Ngg6RmjhnWVK3dTSKmV1TC5efsgwNXOyoU3d0Gv1VjEmR0hq+e9HZM5oTkB0wtezUyrYo3rtVHLUulD6oXC7LSAak//dtdAecRkSw9eKbJAoGAdKWKSl1CJ5MKKbLcCcNY474Ifzop+ZJF+wHwBnKwsNuDhAuccXeqlkfspE+sEiKhdHxRp2FgWbvbp83d1HFM1eRZcF8xNxNTQ1kGIjFO73ONroQBzOQq6N2XTWmdQWsNB/0gqlfQ0g6ltrNIWQJ6dBTh45C/c8wwFPRJ3IdQD/s=" - ], - "keyUse": ["SIG"], - "certificate": [ - "MIICnTCCAYUCBgGA8Y4idDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdmaW5hbmNlMB4XDTIyMDUyMzE1MzI0NVoXDTMyMDUyMzE1MzQyNVowEjEQMA4GA1UEAwwHZmluYW5jZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIHv4cOyjkFpGn7j2yDFjbcTpmgIXP5xCOUYxGwwslN3qijk+zWHUTNCKXABtC+ivi1t/HOaFK5x8Oduc/QyfKzXnTAkSbC2YiZc/j3SQVpXxSJkt48w0S9JW6mS7xdyJ/XSALDhbxzfAkHZ1PED1kNtkviyHTHndzNRT1eMLZ790BgEwxhG8IgC4BddsKTlED/mya3QUqZEDBmPFk1jHuTl21wr4afVwxMWl66yYoAi6roOlqzXqO1ChIucmjoMAv5rDV8UJlygSJHu1mi7l9phZie40QxyNPVpmBk0TMovm3m0atOtyLpUzV1rFXzmIQutzwKE/UMIgoSpUbXsu4ECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAUAB+19re9bQdlSZv4O6xSqI+7bMtdNxQxxb2wr1Iy8dmH7gPIg4DY7qilFnGvyY0B1CrOomov4tTha8v4YUvX2/Q3Ped5AHWlymWLbM/Mnxc8mcAsa3UmIgF8zEKkIEeXz876owXaUIy+o+hx6uDr6J/GvTtIYW/t7hVWkbHUxozJBrxYL9AKqFIBlc9B2jMiV81qNvHN17OWZRRXwP6mk+zY1CTJrbDaeK0bThF66Ff0uJMuK4CYJyyDDXL+9CguIW0G8hIhFeDXKZ/aAoVCULo+b653REYitpHD8PuuldDkthSSSZq9PnR+7ttDQ+Zt/8rWe+tBNzJCIx4vzY2rg==" - ], - "priority": ["100"] - } - }, - { - "id": "0c1cb39b-19a4-4103-b5e5-ead9993d25d8", - "name": "aes-generated", - "providerId": "aes-generated", - "subComponents": {}, - "config": { - "kid": ["01cccc91-2bd5-4107-9abe-73eefa08844e"], - "secret": ["UFMiYfKaAgrSES3eknZGNA"], - "priority": ["100"] - } - }, - { - "id": "2be427e9-7d31-46f2-b315-27eabf13c750", - "name": "hmac-generated", - "providerId": "hmac-generated", - "subComponents": {}, - "config": { - "kid": ["88dc0a34-df52-4ba9-b120-f64f5f58814b"], - "secret": [ - "NsTtKtnEUPVAGynVRWUNbyBPGPogEB1DfhTikcPF357dwL1yD_4tiv7HmjJ8CSvQP4ILuuTxhDqO3z-zjAoROA" - ], - "priority": ["100"], - "algorithm": ["HS256"] - } - } - ] - }, - "internationalizationEnabled": false, - "supportedLocales": [], - "authenticationFlows": [ - { - "id": "0fde2792-dcf5-487d-ac16-f7fe6aa6452a", - "alias": "Account verification options", - "description": "Method with which to verity the existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-email-verification", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false - } - ] - }, - { - "id": "86dddafa-1c63-408b-a7f1-cf82c7fdf3dd", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "a47eb419-ed9e-42fd-b4ec-6074323fa6ba", - "alias": "Browser - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "3368f154-d4ba-4839-95a3-e02fb50bf17c", - "alias": "Direct Grant - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "direct-grant-validate-otp", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "81ce715c-c31d-4ac6-9f41-587c1a105786", - "alias": "First broker login - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "cc14c5a6-5a36-4601-99c1-e0b8b5c33c57", - "alias": "Handle Existing Account", - "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-confirm-link", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "Account verification options", - "userSetupAllowed": false - } - ] - }, - { - "id": "fd19942f-8d99-4179-961e-9bc52c124fe6", - "alias": "Reset - Conditional OTP", - "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "reset-otp", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "b27dd02c-9023-414e-949d-9b44c47768ab", - "alias": "User creation or linking", - "description": "Flow for the existing/non-existing user alternatives", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "create unique user config", - "authenticator": "idp-create-user-if-unique", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "Handle Existing Account", - "userSetupAllowed": false - } - ] - }, - { - "id": "6460144e-b28b-45a5-940c-a73855c53e1a", - "alias": "Verify Existing Account by Re-authentication", - "description": "Reauthentication of existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false - } - ] - }, - { - "id": "da8c0b0c-f3d3-49e4-88eb-127d27029c76", - "alias": "browser", - "description": "browser based authentication", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-cookie", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "identity-provider-redirector", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 25, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 30, - "autheticatorFlow": true, - "flowAlias": "forms", - "userSetupAllowed": false - } - ] - }, - { - "id": "5103be99-4355-4031-9a32-ad8837f6d972", - "alias": "clients", - "description": "Base authentication for clients", - "providerId": "client-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "client-secret", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "client-jwt", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "client-secret-jwt", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 30, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "client-x509", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 40, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "6996f613-218b-4442-9596-84ac217c87dd", - "alias": "direct grant", - "description": "OpenID Connect Resource Owner Grant", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "direct-grant-validate-username", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "direct-grant-validate-password", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 30, - "autheticatorFlow": true, - "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false - } - ] - }, - { - "id": "a5198547-b614-43b7-a7bf-152a82199c67", - "alias": "docker auth", - "description": "Used by Docker clients to authenticate against the IDP", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "docker-http-basic-authenticator", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "8a7d1775-6a9e-45c8-8797-d6bbdde5a359", - "alias": "first broker login", - "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "review profile config", - "authenticator": "idp-review-profile", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "User creation or linking", - "userSetupAllowed": false - } - ] - }, - { - "id": "e707bd54-507a-4534-a192-53fe8939e094", - "alias": "forms", - "description": "Username, password, otp and other auth forms.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false - } - ] - }, - { - "id": "ed74db0e-1714-44d3-824e-a687be5b8c47", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "Authentication Options", - "userSetupAllowed": false - } - ] - }, - { - "id": "02fcb19a-ed47-4bef-a33d-5329bf683e36", - "alias": "registration", - "description": "registration flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-page-form", - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": true, - "flowAlias": "registration form", - "userSetupAllowed": false - } - ] - }, - { - "id": "21b1748a-8641-4102-a7fa-783818f22b61", - "alias": "registration form", - "description": "registration form", - "providerId": "form-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-user-creation", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "registration-profile-action", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 40, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "registration-password-action", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 50, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "registration-recaptcha-action", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 60, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "3b8ac3fc-33c3-4256-86a9-ffffdacb23a2", - "alias": "reset credentials", - "description": "Reset credentials for a user if they forgot their password or something", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "reset-credentials-choose-user", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "reset-credential-email", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "reset-password", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 30, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 40, - "autheticatorFlow": true, - "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false - } - ] - }, - { - "id": "4990a687-af96-4554-bd1f-f734fcd9ca1f", - "alias": "saml ecp", - "description": "SAML ECP Profile Authentication Flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "http-basic-authenticator", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - } - ], - "authenticatorConfig": [ - { - "id": "d0afe54f-2e16-4643-974e-1ed037675314", - "alias": "create unique user config", - "config": { - "require.password.update.after.registration": "false" - } - }, - { - "id": "44a4393f-8f1c-4192-9645-2c413b1f39ff", - "alias": "review profile config", - "config": { - "update.profile.on.first.login": "missing" - } - } - ], - "requiredActions": [ - { - "alias": "CONFIGURE_TOTP", - "name": "Configure OTP", - "providerId": "CONFIGURE_TOTP", - "enabled": true, - "defaultAction": false, - "priority": 10, - "config": {} - }, - { - "alias": "terms_and_conditions", - "name": "Terms and Conditions", - "providerId": "terms_and_conditions", - "enabled": false, - "defaultAction": false, - "priority": 20, - "config": {} - }, - { - "alias": "UPDATE_PASSWORD", - "name": "Update Password", - "providerId": "UPDATE_PASSWORD", - "enabled": true, - "defaultAction": false, - "priority": 30, - "config": {} - }, - { - "alias": "UPDATE_PROFILE", - "name": "Update Profile", - "providerId": "UPDATE_PROFILE", - "enabled": true, - "defaultAction": false, - "priority": 40, - "config": {} - }, - { - "alias": "VERIFY_EMAIL", - "name": "Verify Email", - "providerId": "VERIFY_EMAIL", - "enabled": true, - "defaultAction": false, - "priority": 50, - "config": {} - }, - { - "alias": "delete_account", - "name": "Delete Account", - "providerId": "delete_account", - "enabled": false, - "defaultAction": false, - "priority": 60, - "config": {} - }, - { - "alias": "update_user_locale", - "name": "Update User Locale", - "providerId": "update_user_locale", - "enabled": true, - "defaultAction": false, - "priority": 1000, - "config": {} - } - ], - "browserFlow": "browser", - "registrationFlow": "registration", - "directGrantFlow": "direct grant", - "resetCredentialsFlow": "reset credentials", - "clientAuthenticationFlow": "clients", - "dockerAuthenticationFlow": "docker auth", - "attributes": { - "cibaBackchannelTokenDeliveryMode": "poll", - "cibaExpiresIn": "120", - "cibaAuthRequestedUserHint": "login_hint", - "oauth2DeviceCodeLifespan": "600", - "clientOfflineSessionMaxLifespan": "0", - "oauth2DevicePollingInterval": "5", - "clientSessionIdleTimeout": "0", - "parRequestUriLifespan": "60", - "clientSessionMaxLifespan": "0", - "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" - }, - "keycloakVersion": "18.0.0", - "userManagedAccessAllowed": false, - "clientProfiles": { - "profiles": [] - }, - "clientPolicies": { - "policies": [] - } -} diff --git a/spiffworkflow-backend/keycloak/realm_exports/quarkus-realm.json b/spiffworkflow-backend/keycloak/realm_exports/quarkus-realm.json deleted file mode 100644 index 5a8750cb..00000000 --- a/spiffworkflow-backend/keycloak/realm_exports/quarkus-realm.json +++ /dev/null @@ -1,1964 +0,0 @@ -{ - "id": "11d78bf6-6d10-4484-baba-a1388379d68b", - "realm": "quarkus", - "notBefore": 0, - "revokeRefreshToken": false, - "refreshTokenMaxReuse": 0, - "accessTokenLifespan": 300, - "accessTokenLifespanForImplicitFlow": 900, - "ssoSessionIdleTimeout": 1800, - "ssoSessionMaxLifespan": 36000, - "ssoSessionIdleTimeoutRememberMe": 0, - "ssoSessionMaxLifespanRememberMe": 0, - "offlineSessionIdleTimeout": 2592000, - "offlineSessionMaxLifespanEnabled": false, - "offlineSessionMaxLifespan": 5184000, - "accessCodeLifespan": 60, - "accessCodeLifespanUserAction": 300, - "accessCodeLifespanLogin": 1800, - "actionTokenGeneratedByAdminLifespan": 43200, - "actionTokenGeneratedByUserLifespan": 300, - "enabled": true, - "sslRequired": "external", - "registrationAllowed": false, - "registrationEmailAsUsername": false, - "rememberMe": false, - "verifyEmail": false, - "loginWithEmailAllowed": true, - "duplicateEmailsAllowed": false, - "resetPasswordAllowed": false, - "editUsernameAllowed": false, - "bruteForceProtected": false, - "permanentLockout": false, - "maxFailureWaitSeconds": 900, - "minimumQuickLoginWaitSeconds": 60, - "waitIncrementSeconds": 60, - "quickLoginCheckMilliSeconds": 1000, - "maxDeltaTimeSeconds": 43200, - "failureFactor": 30, - "roles": { - "realm": [ - { - "id": "3fc80564-13ac-4e7b-9986-322f571e82bc", - "name": "confidential", - "composite": false, - "clientRole": false, - "containerId": "11d78bf6-6d10-4484-baba-a1388379d68b", - "attributes": {} - }, - { - "id": "39eb64c8-66a9-4983-9c81-27ea7e2f6273", - "name": "uma_authorization", - "description": "${role_uma_authorization}", - "composite": false, - "clientRole": false, - "containerId": "11d78bf6-6d10-4484-baba-a1388379d68b", - "attributes": {} - }, - { - "id": "8c1abe12-62fe-4a06-ae0d-f5fb67dddbb0", - "name": "admin", - "composite": false, - "clientRole": false, - "containerId": "11d78bf6-6d10-4484-baba-a1388379d68b", - "attributes": {} - }, - { - "id": "5afce544-6a3c-495f-b805-fd737cf5081e", - "name": "user", - "composite": false, - "clientRole": false, - "containerId": "11d78bf6-6d10-4484-baba-a1388379d68b", - "attributes": {} - }, - { - "id": "bc431d62-a80a-425b-961a-0fb3fc59006d", - "name": "offline_access", - "description": "${role_offline-access}", - "composite": false, - "clientRole": false, - "containerId": "11d78bf6-6d10-4484-baba-a1388379d68b", - "attributes": {} - } - ], - "client": { - "realm-management": [ - { - "id": "7db1f38d-d436-4725-93fd-030a3bbe628e", - "name": "manage-identity-providers", - "description": "${role_manage-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "376bd940-e50a-4495-80fc-9c6c07312748", - "attributes": {} - }, - { - "id": "1163b9bd-7319-4154-a25f-0101b2548d21", - "name": "impersonation", - "description": "${role_impersonation}", - "composite": false, - "clientRole": true, - "containerId": "376bd940-e50a-4495-80fc-9c6c07312748", - "attributes": {} - }, - { - "id": "73d0a556-072b-404f-bf8e-10e2544c8c27", - "name": "view-identity-providers", - "description": "${role_view-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "376bd940-e50a-4495-80fc-9c6c07312748", - "attributes": {} - }, - { - "id": "7e727e28-2095-4443-b2da-865e684f2308", - "name": "view-realm", - "description": "${role_view-realm}", - "composite": false, - "clientRole": true, - "containerId": "376bd940-e50a-4495-80fc-9c6c07312748", - "attributes": {} - }, - { - "id": "df9e5352-f835-4467-bcaf-cb1b5f55c1ec", - "name": "query-users", - "description": "${role_query-users}", - "composite": false, - "clientRole": true, - "containerId": "376bd940-e50a-4495-80fc-9c6c07312748", - "attributes": {} - }, - { - "id": "fa77909a-32a3-41ae-9983-2b92ae03080c", - "name": "manage-clients", - "description": "${role_manage-clients}", - "composite": false, - "clientRole": true, - "containerId": "376bd940-e50a-4495-80fc-9c6c07312748", - "attributes": {} - }, - { - "id": "a8780507-dc72-4433-8b95-b8e4f3c37d0e", - "name": "manage-events", - "description": "${role_manage-events}", - "composite": false, - "clientRole": true, - "containerId": "376bd940-e50a-4495-80fc-9c6c07312748", - "attributes": {} - }, - { - "id": "f7f4697a-3977-42f6-af86-9bb006cf4d04", - "name": "realm-admin", - "description": "${role_realm-admin}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "impersonation", - "manage-identity-providers", - "view-identity-providers", - "view-realm", - "query-users", - "manage-clients", - "manage-events", - "manage-realm", - "view-authorization", - "manage-authorization", - "view-users", - "create-client", - "query-clients", - "query-groups", - "manage-users", - "view-clients", - "view-events", - "query-realms" - ] - } - }, - "clientRole": true, - "containerId": "376bd940-e50a-4495-80fc-9c6c07312748", - "attributes": {} - }, - { - "id": "ca7dc1ce-a981-4efe-b3f0-a7192b6d3943", - "name": "manage-realm", - "description": "${role_manage-realm}", - "composite": false, - "clientRole": true, - "containerId": "376bd940-e50a-4495-80fc-9c6c07312748", - "attributes": {} - }, - { - "id": "a0ab4faa-00a9-4f52-ac9f-8e764b6a8126", - "name": "view-authorization", - "description": "${role_view-authorization}", - "composite": false, - "clientRole": true, - "containerId": "376bd940-e50a-4495-80fc-9c6c07312748", - "attributes": {} - }, - { - "id": "0b4ed5e0-eceb-4d81-ba05-fa67022abe59", - "name": "manage-authorization", - "description": "${role_manage-authorization}", - "composite": false, - "clientRole": true, - "containerId": "376bd940-e50a-4495-80fc-9c6c07312748", - "attributes": {} - }, - { - "id": "c10336be-06f3-40ef-bef5-28d8c9b8a1e2", - "name": "create-client", - "description": "${role_create-client}", - "composite": false, - "clientRole": true, - "containerId": "376bd940-e50a-4495-80fc-9c6c07312748", - "attributes": {} - }, - { - "id": "1a1ffadc-11d5-44ea-bac0-d94372c8ae5c", - "name": "view-users", - "description": "${role_view-users}", - "composite": true, - "composites": { - "client": { - "realm-management": ["query-groups", "query-users"] - } - }, - "clientRole": true, - "containerId": "376bd940-e50a-4495-80fc-9c6c07312748", - "attributes": {} - }, - { - "id": "5ba9a1a3-9027-4531-8253-b91f6058513c", - "name": "query-clients", - "description": "${role_query-clients}", - "composite": false, - "clientRole": true, - "containerId": "376bd940-e50a-4495-80fc-9c6c07312748", - "attributes": {} - }, - { - "id": "b4fba807-7a7e-4e3e-bd31-45703305a9e3", - "name": "query-groups", - "description": "${role_query-groups}", - "composite": false, - "clientRole": true, - "containerId": "376bd940-e50a-4495-80fc-9c6c07312748", - "attributes": {} - }, - { - "id": "c9384254-0af3-434c-b4ed-7c94f59a8247", - "name": "manage-users", - "description": "${role_manage-users}", - "composite": false, - "clientRole": true, - "containerId": "376bd940-e50a-4495-80fc-9c6c07312748", - "attributes": {} - }, - { - "id": "9a0022f2-bd58-4418-828c-a8e7abe3346b", - "name": "view-clients", - "description": "${role_view-clients}", - "composite": true, - "composites": { - "client": { - "realm-management": ["query-clients"] - } - }, - "clientRole": true, - "containerId": "376bd940-e50a-4495-80fc-9c6c07312748", - "attributes": {} - }, - { - "id": "83df8311-4366-4d22-9425-eccc343faa3f", - "name": "view-events", - "description": "${role_view-events}", - "composite": false, - "clientRole": true, - "containerId": "376bd940-e50a-4495-80fc-9c6c07312748", - "attributes": {} - }, - { - "id": "e81bf277-047f-4bdd-afd6-59e2016c5066", - "name": "query-realms", - "description": "${role_query-realms}", - "composite": false, - "clientRole": true, - "containerId": "376bd940-e50a-4495-80fc-9c6c07312748", - "attributes": {} - } - ], - "security-admin-console": [], - "admin-cli": [], - "backend-service": [ - { - "id": "df147a91-6da7-4bbc-866c-f30cf99b2637", - "name": "uma_protection", - "composite": false, - "clientRole": true, - "containerId": "0ac5df91-e044-4051-bd03-106a3a5fb9cc", - "attributes": {} - } - ], - "broker": [ - { - "id": "d36865b0-7ade-4bcd-a7dc-1dacbd80f169", - "name": "read-token", - "description": "${role_read-token}", - "composite": false, - "clientRole": true, - "containerId": "53d4fe53-a039-471e-886a-28eddc950e95", - "attributes": {} - } - ], - "account": [ - { - "id": "539325a0-d9b3-4821-97ee-d42999296b62", - "name": "view-profile", - "description": "${role_view-profile}", - "composite": false, - "clientRole": true, - "containerId": "e55e1234-38fa-432d-8d90-39f5e024688d", - "attributes": {} - }, - { - "id": "e4af836c-c884-4a57-8b1d-fb673b0fe3a5", - "name": "manage-account", - "description": "${role_manage-account}", - "composite": true, - "composites": { - "client": { - "account": ["manage-account-links"] - } - }, - "clientRole": true, - "containerId": "e55e1234-38fa-432d-8d90-39f5e024688d", - "attributes": {} - }, - { - "id": "35d1c998-bcae-4ab1-a026-4c67bff49a98", - "name": "manage-account-links", - "description": "${role_manage-account-links}", - "composite": false, - "clientRole": true, - "containerId": "e55e1234-38fa-432d-8d90-39f5e024688d", - "attributes": {} - } - ] - } - }, - "groups": [], - "defaultRoles": ["uma_authorization", "offline_access"], - "requiredCredentials": ["password"], - "otpPolicyType": "totp", - "otpPolicyAlgorithm": "HmacSHA1", - "otpPolicyInitialCounter": 0, - "otpPolicyDigits": 6, - "otpPolicyLookAheadWindow": 1, - "otpPolicyPeriod": 30, - "otpSupportedApplications": ["FreeOTP", "Google Authenticator"], - "scopeMappings": [ - { - "clientScope": "offline_access", - "roles": ["offline_access"] - } - ], - "clients": [ - { - "id": "e55e1234-38fa-432d-8d90-39f5e024688d", - "clientId": "account", - "name": "${client_account}", - "baseUrl": "/auth/realms/quarkus/account", - "surrogateAuthRequired": false, - "enabled": true, - "clientAuthenticatorType": "client-secret", - "secret": "0136c3ef-0dfd-4b13-a6d0-2c8b6358edec", - "defaultRoles": ["view-profile", "manage-account"], - "redirectUris": ["/auth/realms/quarkus/account/*"], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "role_list", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "e9cc41a2-8e35-4d5e-949e-4879880c2ddb", - "clientId": "admin-cli", - "name": "${client_admin-cli}", - "surrogateAuthRequired": false, - "enabled": true, - "clientAuthenticatorType": "client-secret", - "secret": "a951803a-79c7-46a6-8197-e32835286971", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "role_list", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "53d4fe53-a039-471e-886a-28eddc950e95", - "clientId": "broker", - "name": "${client_broker}", - "surrogateAuthRequired": false, - "enabled": true, - "clientAuthenticatorType": "client-secret", - "secret": "e1f7edd7-e15c-43b4-8736-ff8204d16836", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "role_list", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "0ac5df91-e044-4051-bd03-106a3a5fb9cc", - "clientId": "backend-service", - "surrogateAuthRequired": false, - "enabled": true, - "clientAuthenticatorType": "client-secret", - "secret": "secret", - "redirectUris": ["*"], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": true, - "authorizationServicesEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "3eac903f-c16b-4a78-a7e8-eb8f4d402b71", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "8422cefe-7f42-4f3b-abad-5f06f7d4b748", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "988e47d6-2055-45eb-82d6-0b8b25c629fc", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "role_list", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ], - "authorizationSettings": { - "allowRemoteResourceManagement": true, - "policyEnforcementMode": "ENFORCING", - "resources": [ - { - "name": "User Resource", - "ownerManagedAccess": false, - "attributes": {}, - "_id": "df1b74a9-3f10-499d-a581-368de48e512b", - "uris": ["/api/users/*"] - }, - { - "name": "Administration Resource", - "ownerManagedAccess": false, - "attributes": {}, - "_id": "7124e2f1-e6dc-44b4-87ab-24b010090b97", - "uris": ["/api/admin/*"] - } - ], - "policies": [ - { - "id": "b8710fa6-160e-4de0-adf3-398c7007a0af", - "name": "Any User Policy", - "description": "Any user granted with the user role can access something", - "type": "role", - "logic": "POSITIVE", - "decisionStrategy": "UNANIMOUS", - "config": { - "roles": "[{\"id\":\"user\",\"required\":false}]" - } - }, - { - "id": "fcef30b2-68b2-4b78-9f3d-9162c6cdf5cb", - "name": "Only Administrators", - "description": "Only administrators can access", - "type": "role", - "logic": "POSITIVE", - "decisionStrategy": "UNANIMOUS", - "config": { - "roles": "[{\"id\":\"admin\",\"required\":false}]" - } - }, - { - "id": "3479dd56-02e9-4222-94fe-6a13cd065195", - "name": "User Resource Permission", - "type": "resource", - "logic": "POSITIVE", - "decisionStrategy": "UNANIMOUS", - "config": { - "resources": "[\"User Resource\"]", - "applyPolicies": "[\"Any User Policy\"]" - } - }, - { - "id": "60188298-d55b-4066-b231-6a7c56ff7cc5", - "name": "Administration Resource Permission", - "type": "resource", - "logic": "POSITIVE", - "decisionStrategy": "UNANIMOUS", - "config": { - "resources": "[\"Administration Resource\"]", - "applyPolicies": "[\"Only Administrators\"]" - } - } - ], - "scopes": [], - "decisionStrategy": "UNANIMOUS" - } - }, - { - "id": "376bd940-e50a-4495-80fc-9c6c07312748", - "clientId": "realm-management", - "name": "${client_realm-management}", - "surrogateAuthRequired": false, - "enabled": true, - "clientAuthenticatorType": "client-secret", - "secret": "c41b709a-a012-4c69-89d7-4f926dba0619", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "role_list", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "a8732cac-ae0f-44ec-b7f3-bd2c41eff13c", - "clientId": "security-admin-console", - "name": "${client_security-admin-console}", - "baseUrl": "/auth/admin/quarkus/console/index.html", - "surrogateAuthRequired": false, - "enabled": true, - "clientAuthenticatorType": "client-secret", - "secret": "e571b211-2550-475d-b87f-116ff54091ee", - "redirectUris": ["/auth/admin/quarkus/console/*"], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "280528ca-5e96-4bb9-9fc0-20311caac32d", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "role_list", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - } - ], - "clientScopes": [ - { - "id": "520cc3ef-2c6b-4d84-bcde-8c063241f4bd", - "name": "address", - "description": "OpenID Connect built-in scope: address", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${addressScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "c1d3bd07-0a5f-4f4f-b381-c58a7b723029", - "name": "address", - "protocol": "openid-connect", - "protocolMapper": "oidc-address-mapper", - "consentRequired": false, - "config": { - "user.attribute.formatted": "formatted", - "user.attribute.country": "country", - "user.attribute.postal_code": "postal_code", - "userinfo.token.claim": "true", - "user.attribute.street": "street", - "id.token.claim": "true", - "user.attribute.region": "region", - "access.token.claim": "true", - "user.attribute.locality": "locality" - } - } - ] - }, - { - "id": "19920c96-a383-4f35-8ee9-27833263cf03", - "name": "email", - "description": "OpenID Connect built-in scope: email", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${emailScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "36a0adf0-6c25-419f-98d7-cdeada8661aa", - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" - } - }, - { - "id": "b0c39901-5e5d-4436-b685-908bb90ea1d9", - "name": "email verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "emailVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email_verified", - "jsonType.label": "boolean" - } - } - ] - }, - { - "id": "55b3ee1c-cbf9-4526-93d7-aa56a9c5f1cb", - "name": "microprofile-jwt", - "description": "Microprofile - JWT built-in scope", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ - { - "id": "59128144-a21a-4744-bb55-e66ff0503b18", - "name": "upn", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "upn", - "jsonType.label": "String" - } - }, - { - "id": "69351a63-7d6e-45d0-be47-088c83b20fdb", - "name": "groups", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "multivalued": "true", - "user.attribute": "foo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "groups", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "3f190f54-8e3a-4c82-a799-bd12ddc475b2", - "name": "offline_access", - "description": "OpenID Connect built-in scope: offline_access", - "protocol": "openid-connect", - "attributes": { - "consent.screen.text": "${offlineAccessScopeConsentText}", - "display.on.consent.screen": "true" - } - }, - { - "id": "defa3480-5368-4f34-8075-49fb982b71b3", - "name": "phone", - "description": "OpenID Connect built-in scope: phone", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${phoneScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "069ae414-9e98-4612-a3d6-e8b5a1fa841d", - "name": "phone number verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumberVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number_verified", - "jsonType.label": "boolean" - } - }, - { - "id": "cea58e24-d0e0-4cc6-9e34-7b3bf7d6d85b", - "name": "phone number", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumber", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "b7321e2e-dd8e-41cf-a527-c765155c3f78", - "name": "profile", - "description": "OpenID Connect built-in scope: profile", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${profileScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "1d4d3df5-7af5-488e-8477-0ad7cb74d50a", - "name": "nickname", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "nickname", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "nickname", - "jsonType.label": "String" - } - }, - { - "id": "1a5e26d6-211e-4f8a-b696-0ea9577db25a", - "name": "zoneinfo", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "zoneinfo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "zoneinfo", - "jsonType.label": "String" - } - }, - { - "id": "18971685-6dd7-420f-9c09-879c4f2d54d8", - "name": "updated at", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "updatedAt", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "updated_at", - "jsonType.label": "String" - } - }, - { - "id": "b970d96b-0156-4db0-9beb-9c84c173e619", - "name": "birthdate", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "birthdate", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "birthdate", - "jsonType.label": "String" - } - }, - { - "id": "50287033-df21-45c6-aa46-c3060e6f9855", - "name": "given name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "firstName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" - } - }, - { - "id": "3dc6b97e-7063-4077-98d1-0cacf9029c7b", - "name": "full name", - "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "id": "3fb9391b-376c-42ef-b012-4df461c617cc", - "name": "middle name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "middleName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "middle_name", - "jsonType.label": "String" - } - }, - { - "id": "83f7fc4a-5386-4f86-a103-6585e138b61d", - "name": "username", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" - } - }, - { - "id": "8ef177b3-f485-44b1-afee-1901393b00c7", - "name": "family name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "lastName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" - } - }, - { - "id": "e994cbc7-2a1a-4465-b7b7-12b35b4fe49e", - "name": "gender", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "gender", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "gender", - "jsonType.label": "String" - } - }, - { - "id": "abaa4c9e-1fa2-4b45-a1bb-b3d650de9aca", - "name": "picture", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "picture", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "picture", - "jsonType.label": "String" - } - }, - { - "id": "bf21b514-81fd-4bbe-9236-bab5fcf54561", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - }, - { - "id": "254f8de4-08e7-4d3d-a87f-4b238f0f922b", - "name": "profile", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "profile", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "profile", - "jsonType.label": "String" - } - }, - { - "id": "7934bf2a-cfc3-4b2d-a5cb-287f3ed2a977", - "name": "website", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "website", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "website", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "f3dc793d-6011-4861-b538-399dde5434c0", - "name": "role_list", - "description": "SAML role list", - "protocol": "saml", - "attributes": { - "consent.screen.text": "${samlRoleListScopeConsentText}", - "display.on.consent.screen": "true" - }, - "protocolMappers": [ - { - "id": "22eeabf8-a3c3-4026-a351-367f8ace7927", - "name": "role list", - "protocol": "saml", - "protocolMapper": "saml-role-list-mapper", - "consentRequired": false, - "config": { - "single": "false", - "attribute.nameformat": "Basic", - "attribute.name": "Role" - } - } - ] - }, - { - "id": "f72c1acd-c367-41b1-8646-b6bd5fff3e3f", - "name": "roles", - "description": "OpenID Connect scope for add user roles to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "true", - "consent.screen.text": "${rolesScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "cd8e589e-5fa7-4dae-bf6e-e8f6a3fd3cff", - "name": "realm roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "realm_access.roles", - "jsonType.label": "String", - "multivalued": "true" - } - }, - { - "id": "708b19d1-0709-4278-b5a1-bcbeec11f51a", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - }, - { - "id": "25e97210-30c7-4f35-be11-407f1fa674cb", - "name": "client roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-client-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "resource_access.${client_id}.roles", - "jsonType.label": "String", - "multivalued": "true" - } - } - ] - }, - { - "id": "52618957-a4e8-4c6f-a902-217f2c41a2fd", - "name": "web-origins", - "description": "OpenID Connect scope for add allowed web origins to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "false", - "consent.screen.text": "" - }, - "protocolMappers": [ - { - "id": "a66ddadf-312f-491f-993c-fa58685815c6", - "name": "allowed web origins", - "protocol": "openid-connect", - "protocolMapper": "oidc-allowed-origins-mapper", - "consentRequired": false, - "config": {} - } - ] - } - ], - "defaultDefaultClientScopes": [ - "role_list", - "profile", - "email", - "roles", - "web-origins" - ], - "defaultOptionalClientScopes": [ - "offline_access", - "address", - "phone", - "microprofile-jwt" - ], - "browserSecurityHeaders": { - "contentSecurityPolicyReportOnly": "", - "xContentTypeOptions": "nosniff", - "xRobotsTag": "none", - "xFrameOptions": "SAMEORIGIN", - "xXSSProtection": "1; mode=block", - "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - "strictTransportSecurity": "max-age=31536000; includeSubDomains" - }, - "smtpServer": {}, - "eventsEnabled": false, - "eventsListeners": ["jboss-logging"], - "enabledEventTypes": [], - "adminEventsEnabled": false, - "adminEventsDetailsEnabled": false, - "components": { - "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ - { - "id": "a7679218-373d-48ca-88f8-429985faeae3", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "oidc-full-name-mapper", - "saml-user-attribute-mapper", - "saml-user-property-mapper", - "oidc-address-mapper", - "saml-role-list-mapper", - "oidc-sha256-pairwise-sub-mapper", - "oidc-usermodel-attribute-mapper", - "oidc-usermodel-property-mapper" - ] - } - }, - { - "id": "2ebf6f9f-4bfc-44b9-ad7c-282f2274d35b", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allow-default-scopes": ["true"] - } - }, - { - "id": "552093c3-0a0a-4234-ad7c-ae660f0f0db1", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allow-default-scopes": ["true"] - } - }, - { - "id": "8f27cf74-cee7-4a73-851f-982ee45157ca", - "name": "Trusted Hosts", - "providerId": "trusted-hosts", - "subType": "anonymous", - "subComponents": {}, - "config": { - "host-sending-registration-request-must-match": ["true"], - "client-uris-must-match": ["true"] - } - }, - { - "id": "ff570525-6c96-4500-9d73-c02e708b39de", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "b52284eb-123a-4718-aac9-857530a24a9b", - "name": "Max Clients Limit", - "providerId": "max-clients", - "subType": "anonymous", - "subComponents": {}, - "config": { - "max-clients": ["200"] - } - }, - { - "id": "2b8c0a6d-d5c0-4ea2-8a9c-4843d3e04ec6", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "bf59de5a-2c93-43cc-a9aa-03be0129fe53", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "saml-user-attribute-mapper", - "oidc-full-name-mapper", - "saml-role-list-mapper", - "saml-user-property-mapper", - "oidc-usermodel-attribute-mapper", - "oidc-address-mapper", - "oidc-usermodel-property-mapper", - "oidc-sha256-pairwise-sub-mapper" - ] - } - } - ], - "org.keycloak.keys.KeyProvider": [ - { - "id": "b3efd9cc-28b6-4404-82af-8a48a966b8ff", - "name": "rsa-generated", - "providerId": "rsa-generated", - "subComponents": {}, - "config": { - "privateKey": [ - "MIIEowIBAAKCAQEAn5T13suF8mlS+pJXp0U1bto41nW55wpcs+Rps8ZVCRyJKWqzwSCYnI7lm0rB2wBpAAO4OPoj1zlmVoFmBPsDU9Xf7rjsJb5LIzIQDCZY44aSDZt6RR+gakPiQvlzHyW/RozYpngDJF7TsTD7rdRF1xQ4RprfBF8fwK/xsU7pxbeom5xDHZhz3fiw8s+7UdbmnazDHfAjU58aUrLGgVRfUsuoHjtsptYlOIXEifaeMetXZE+HhqLYRHQPDap5fbBJl773Trosn7N9nmzN4x1xxGj9So21WC5UboQs9sAIVgizc4omjZ5Y4RN9HLH7G4YwJctNntzmnJhDui9zAO+zSQIDAQABAoIBADi+F7rTtVoft0Cfnok8o6Y58/HVxHdxiMryUd95iy0FN4RBi48FTx6D9QKFz25Ws/8sU2n3D51srIXf1u24b1N0/f39RQKaqk7mcyxOylaEuBQcj5pah4ihgKd92UBfBKdKV5LBo6RgD3e2yhbiHr8+UlBQqzH7vOef6Bm6zIbfmi3N88swAJhP0YizRZFklsbmLsK6nkwyro00CHJvPVKSBbM+ad+/zIBsLw56MvNngB5TuFguUgoljd6M1T2z4utmZGlTUqrfE1onAVLJZoGnRohyIr7dJEg6YxWR70PxsgmkDKyeRvet9P1trO0n+OSprusfrC3cHJStabap1V0CgYEA1A/CtsqTnjdYYsB19eumZgdpzUgNc/YEAzZ/OWb8yTLoB2ncci+63A1rXHUXAqJFY7vtjn5mxv7SuASNbUrzq+6KfZvC1x9XEtnczqT/ypunNfxmIZuj8Nuu6vtURguZ8kPPwdkI8toTizRFeRE5ZDBvoQryiEVYugfHaHT5vzsCgYEAwKWODwquI0Lv9BuwdNVrBXQpkKh3ZfYOA7i9xvhxlM7xUu8OMCwwCPn3r7vrW5APjTqX4h330mJ44SLEs+7gbCUs4BbJBLA6g0ChlHa9PTkxp6tk2nDF/B34fxiZSRkE85L+d+at0Dc3hnlzLCJCzJawGpoPniPU9e4w0p4dN0sCgYAsGnMGjS8SUrRhJWHjGXVr9tK8TOXvXhULjgP7rj2Yoqu7Dvs4DFEyft/7RKbad2EzEtyfLA64CDtO5jN7rYDsGxpWcVSeZPg5BXJ0z8AbJTArfCjJiJMZ/rZsTIUEZFlKF2xYBolj6JLz+pUQTtK+0YwF1D8ItFN1rTR9twZSDQKBgQC6sPXNX+VH6LuPTjIf1x8CxwLs3EXxOpV0R9kp9GRl+HJnk6GlT30xhcThufQo5KAdllXQXIhoiuNoEoCbevhj9Vbax1oBQCNERSMRNEzKAx46xd9TzYwgeo7x5E3QR/3DaoVOfu+cY5ZcrF/PulgP2kxJS1mtQD5GIpGP2oinpwKBgGqiqTFPqRcelx76vBvTU+Jp1zM62T4AotbMrSQR/oUvqHe5Ytj/SbZx+wbbHAiyGgV700Mosyviik83YEAbR3kdOPjgYvAJJW2Y3jEMdQ7MwriXz8XLh5BGmYfVjkSOJXed9ua9WlYLKOJeXXv191BbDvrx5NXuJyVVU4vJx3YZ" - ], - "certificate": [ - "MIICnTCCAYUCBgFp4EYIrjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdwcm90ZWFuMB4XDTE5MDQwMjIyNTYxOVoXDTI5MDQwMjIyNTc1OVowEjEQMA4GA1UEAwwHcHJvdGVhbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ+U9d7LhfJpUvqSV6dFNW7aONZ1uecKXLPkabPGVQkciSlqs8EgmJyO5ZtKwdsAaQADuDj6I9c5ZlaBZgT7A1PV3+647CW+SyMyEAwmWOOGkg2bekUfoGpD4kL5cx8lv0aM2KZ4AyRe07Ew+63URdcUOEaa3wRfH8Cv8bFO6cW3qJucQx2Yc934sPLPu1HW5p2swx3wI1OfGlKyxoFUX1LLqB47bKbWJTiFxIn2njHrV2RPh4ai2ER0Dw2qeX2wSZe+9066LJ+zfZ5szeMdccRo/UqNtVguVG6ELPbACFYIs3OKJo2eWOETfRyx+xuGMCXLTZ7c5pyYQ7ovcwDvs0kCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAVtmRKDb4OK5iSA46tagMBkp6L7WuPpCWuHGWwobEP+BecYsShW7zP3s12oA8SNSwbhvu0CRqgzxhuypgf3hKQFVU153Erv4hzkj+8S0s5LR/ZE7tDNY2lzJ3yQKXy3Md7EkuzzvOZ50MTrcSKAanWq/ZW1OTnrtGymj5zGJnTg7mMnJzEIGePxkvPu/QdchiPBLqxfZYm1jsFGY25djOC3N/KmVcRVmPRGuu6D8tBFHlKoPfZYPdbMvsvs24aupHKRcZ+ofTCpK+2Qo8c0pSSqeEYHGmuGqC6lC6ozxtxSABPO9Q1R1tZBU7Kg5HvXUwwmoVS3EGub46YbHqbmWMLg==" - ], - "priority": ["100"] - } - }, - { - "id": "20460ca5-ec24-4a9b-839a-457743d3f841", - "name": "hmac-generated", - "providerId": "hmac-generated", - "subComponents": {}, - "config": { - "kid": ["96afd00e-85cf-4d35-b18e-061d3813d8b2"], - "secret": [ - "qBFGKdUGf6xDgKphnRfoFzIzaFHJW4bYnZ9MinPFzN38X5_ctq-2u1q5RdZzeJukXvk2biHB8_s3DxWmmLZFsA" - ], - "priority": ["100"], - "algorithm": ["HS256"] - } - }, - { - "id": "4f02d984-7a23-4ce1-8591-848a71390efe", - "name": "aes-generated", - "providerId": "aes-generated", - "subComponents": {}, - "config": { - "kid": ["b04473d3-8395-4016-b455-19a9e951106b"], - "secret": ["x68mMOVdz3qKWzltzReV0g"], - "priority": ["100"] - } - } - ] - }, - "internationalizationEnabled": false, - "supportedLocales": [], - "authenticationFlows": [ - { - "id": "d6c3e282-a738-4b8b-98c2-378b9faf8344", - "alias": "Handle Existing Account", - "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-confirm-link", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "idp-email-verification", - "requirement": "ALTERNATIVE", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "requirement": "ALTERNATIVE", - "priority": 30, - "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "4855860b-4009-4f1b-ba6b-60581618ea62", - "alias": "Verify Existing Account by Re-authentication", - "description": "Reauthentication of existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-username-password-form", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-otp-form", - "requirement": "OPTIONAL", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "8a9872b0-65f1-47ff-9565-fa826ac64cd4", - "alias": "browser", - "description": "browser based authentication", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-cookie", - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "identity-provider-redirector", - "requirement": "ALTERNATIVE", - "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "requirement": "ALTERNATIVE", - "priority": 30, - "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "51b8ed14-62b6-49b3-b602-0b51508349e0", - "alias": "clients", - "description": "Base authentication for clients", - "providerId": "client-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "client-secret", - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-jwt", - "requirement": "ALTERNATIVE", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-secret-jwt", - "requirement": "ALTERNATIVE", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-x509", - "requirement": "ALTERNATIVE", - "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "9b65133a-ee71-494a-a659-6804513fc30b", - "alias": "direct grant", - "description": "OpenID Connect Resource Owner Grant", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "direct-grant-validate-username", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "direct-grant-validate-password", - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "direct-grant-validate-otp", - "requirement": "OPTIONAL", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "f62bc4ad-25ac-4f83-963b-32820af3a683", - "alias": "docker auth", - "description": "Used by Docker clients to authenticate against the IDP", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "docker-http-basic-authenticator", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "1b423fe7-f312-404c-903b-f1260a77259b", - "alias": "first broker login", - "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "review profile config", - "authenticator": "idp-review-profile", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorConfig": "create unique user config", - "authenticator": "idp-create-user-if-unique", - "requirement": "ALTERNATIVE", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "requirement": "ALTERNATIVE", - "priority": 30, - "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "9c9530b3-e3c6-481b-99e8-1461a9752e8e", - "alias": "forms", - "description": "Username, password, otp and other auth forms.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-username-password-form", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-otp-form", - "requirement": "OPTIONAL", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "70fb94ac-354c-4629-a5fe-5135d0137964", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth", - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "requirement": "DISABLED", - "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "08292a4a-6722-4e33-a5d9-354c2628f567", - "alias": "registration", - "description": "registration flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-page-form", - "requirement": "REQUIRED", - "priority": 10, - "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "668dc4b6-fe1a-4d24-ab5b-bc76e20ac390", - "alias": "registration form", - "description": "registration form", - "providerId": "form-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-user-creation", - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-profile-action", - "requirement": "REQUIRED", - "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-password-action", - "requirement": "REQUIRED", - "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-recaptcha-action", - "requirement": "DISABLED", - "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "a0e191f0-ce9a-4a75-b6e4-97332b05f7e5", - "alias": "reset credentials", - "description": "Reset credentials for a user if they forgot their password or something", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "reset-credentials-choose-user", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-credential-email", - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-password", - "requirement": "REQUIRED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-otp", - "requirement": "OPTIONAL", - "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "ad4beb21-8e9a-4fca-af41-0f757169f26c", - "alias": "saml ecp", - "description": "SAML ECP Profile Authentication Flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "http-basic-authenticator", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - } - ], - "authenticatorConfig": [ - { - "id": "25632f91-6071-423a-8e9c-7322cdc1b011", - "alias": "create unique user config", - "config": { - "require.password.update.after.registration": "false" - } - }, - { - "id": "02d7f70b-1ebc-4e72-a65c-d94a600895ac", - "alias": "review profile config", - "config": { - "update.profile.on.first.login": "missing" - } - } - ], - "requiredActions": [ - { - "alias": "CONFIGURE_TOTP", - "name": "Configure OTP", - "providerId": "CONFIGURE_TOTP", - "enabled": true, - "defaultAction": false, - "priority": 10, - "config": {} - }, - { - "alias": "terms_and_conditions", - "name": "Terms and Conditions", - "providerId": "terms_and_conditions", - "enabled": false, - "defaultAction": false, - "priority": 20, - "config": {} - }, - { - "alias": "UPDATE_PASSWORD", - "name": "Update Password", - "providerId": "UPDATE_PASSWORD", - "enabled": true, - "defaultAction": false, - "priority": 30, - "config": {} - }, - { - "alias": "UPDATE_PROFILE", - "name": "Update Profile", - "providerId": "UPDATE_PROFILE", - "enabled": true, - "defaultAction": false, - "priority": 40, - "config": {} - }, - { - "alias": "VERIFY_EMAIL", - "name": "Verify Email", - "providerId": "VERIFY_EMAIL", - "enabled": true, - "defaultAction": false, - "priority": 50, - "config": {} - } - ], - "browserFlow": "browser", - "registrationFlow": "registration", - "directGrantFlow": "direct grant", - "resetCredentialsFlow": "reset credentials", - "clientAuthenticationFlow": "clients", - "dockerAuthenticationFlow": "docker auth", - "attributes": { - "_browser_header.xXSSProtection": "1; mode=block", - "_browser_header.xFrameOptions": "SAMEORIGIN", - "_browser_header.strictTransportSecurity": "max-age=31536000; includeSubDomains", - "permanentLockout": "false", - "quickLoginCheckMilliSeconds": "1000", - "_browser_header.xRobotsTag": "none", - "maxFailureWaitSeconds": "900", - "minimumQuickLoginWaitSeconds": "60", - "failureFactor": "30", - "actionTokenGeneratedByUserLifespan": "300", - "maxDeltaTimeSeconds": "43200", - "_browser_header.xContentTypeOptions": "nosniff", - "offlineSessionMaxLifespan": "5184000", - "actionTokenGeneratedByAdminLifespan": "43200", - "_browser_header.contentSecurityPolicyReportOnly": "", - "bruteForceProtected": "false", - "_browser_header.contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - "waitIncrementSeconds": "60", - "offlineSessionMaxLifespanEnabled": "false" - }, - "users": [ - { - "id": "af134cab-f41c-4675-b141-205f975db679", - "username": "admin", - "enabled": true, - "totp": false, - "emailVerified": false, - "credentials": [ - { - "type": "password", - "hashedSaltedValue": "NICTtwsvSxJ5hL8hLAuleDUv9jwZcuXgxviMXvR++cciyPtiIEStEaJUyfA9DOir59awjPrHOumsclPVjNBplA==", - "salt": "T/2P5o5oxFJUEk68BRURRg==", - "hashIterations": 27500, - "counter": 0, - "algorithm": "pbkdf2-sha256", - "digits": 0, - "period": 0, - "createdDate": 1554245879354, - "config": {} - } - ], - "disableableCredentialTypes": ["password"], - "requiredActions": [], - "realmRoles": ["admin", "user"], - "notBefore": 0, - "groups": [] - }, - { - "id": "eb4123a3-b722-4798-9af5-8957f823657a", - "username": "alice", - "enabled": true, - "totp": false, - "emailVerified": false, - "credentials": [ - { - "type": "password", - "hashedSaltedValue": "A3okqV2T/ybXTVEgKfosoSjP8Yc9IZbFP/SY4cEd6hag7TABQrQ6nUSuwagGt96l8cw1DTijO75PqX6uiTXMzw==", - "salt": "sl4mXx6T9FypPH/s9TngfQ==", - "hashIterations": 27500, - "counter": 0, - "algorithm": "pbkdf2-sha256", - "digits": 0, - "period": 0, - "createdDate": 1554245879116, - "config": {} - } - ], - "disableableCredentialTypes": ["password"], - "requiredActions": [], - "realmRoles": ["user"], - "notBefore": 0, - "groups": [] - }, - { - "id": "1eed6a8e-a853-4597-b4c6-c4c2533546a0", - "username": "jdoe", - "enabled": true, - "totp": false, - "emailVerified": false, - "credentials": [ - { - "type": "password", - "hashedSaltedValue": "JV3DUNLjqOadjbBOtC4rvacQI553CGaDGAzBS8MR5ReCr7SwF3E6CsW3T7/XO8ITZAsch8+A/6loeuCoVLLJrg==", - "salt": "uCbOH7HZtyDtMd0E9DG/nw==", - "hashIterations": 27500, - "counter": 0, - "algorithm": "pbkdf2-sha256", - "digits": 0, - "period": 0, - "createdDate": 1554245879227, - "config": {} - } - ], - "disableableCredentialTypes": ["password"], - "requiredActions": [], - "realmRoles": ["confidential", "user"], - "notBefore": 0, - "groups": [] - }, - { - "id": "948c59ec-46ed-4d99-aa43-02900029b930", - "createdTimestamp": 1554245880023, - "username": "service-account-backend-service", - "enabled": true, - "totp": false, - "emailVerified": false, - "email": "service-account-backend-service@placeholder.org", - "serviceAccountClientId": "backend-service", - "credentials": [], - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": ["offline_access"], - "clientRoles": { - "backend-service": ["uma_protection"], - "account": ["view-profile", "manage-account"] - }, - "notBefore": 0, - "groups": [] - } - ], - "keycloakVersion": "6.0.0", - "userManagedAccessAllowed": false -} diff --git a/spiffworkflow-backend/keycloak/test_user_lists/admin b/spiffworkflow-backend/keycloak/test_user_lists/admin deleted file mode 100644 index a764901c..00000000 --- a/spiffworkflow-backend/keycloak/test_user_lists/admin +++ /dev/null @@ -1,4 +0,0 @@ -email,spiffworkflow-employeeid -admin@spiffworkflow.org -jason@sartography.com -kevin@sartography.com diff --git a/spiffworkflow-backend/keycloak/test_user_lists/example b/spiffworkflow-backend/keycloak/test_user_lists/example new file mode 100644 index 00000000..f5482311 --- /dev/null +++ b/spiffworkflow-backend/keycloak/test_user_lists/example @@ -0,0 +1,2 @@ +email,pass,custom_attribute_one +admin@example.com,hot_fake_password,user_attribute_admin diff --git a/spiffworkflow-backend/keycloak/test_user_lists/sartography b/spiffworkflow-backend/keycloak/test_user_lists/sartography deleted file mode 100644 index 9b587465..00000000 --- a/spiffworkflow-backend/keycloak/test_user_lists/sartography +++ /dev/null @@ -1,9 +0,0 @@ -email,pass,spiffworkflow-employeeid -alex@sartography.com,,111 -dan@sartography.com,,115 -daniel@sartography.com,, -elizabeth@sartography.com,, -j@sartography.com,, -jon@sartography.com,, -kb@sartography.com,, -madhurya@sartography.com,,160 diff --git a/spiffworkflow-backend/keycloak/test_user_lists/status b/spiffworkflow-backend/keycloak/test_user_lists/status deleted file mode 100644 index eb866ed7..00000000 --- a/spiffworkflow-backend/keycloak/test_user_lists/status +++ /dev/null @@ -1,97 +0,0 @@ -email,pass,spiffworkflow-employeeid -# admin@spiffworkflow.org -amir@status.im -app.program-lead@status.im,,121 -codex-a1.sme@status.im,,209 -codex.project-lead@status.im,,153 -codex.sme@status.im,,185 -codex1.sme@status.im,,186 -codex2.sme@status.im,,187 -codex3.sme@status.im,,188 -codex4.sme@status.im,,189 -codex5.sme@status.im,,190 -core-a1.contributor@status.im,,202 -core-a2.contributor@status.im,,203 -core1.contributor@status.im,,155 -core2.contributor@status.im,,156 -core3.contributor@status.im,,157 -core4.contributor@status.im,,158 -core5.contributor@status.im,,159 -core6.contributor@status.im,core6.contributorx,199 -core@status.im,,113 -dao.project.lead@status.im -desktop-a1.sme@status.im,,210 -desktop.program.lead@status.im -desktop.project-lead@status.im,,192 -desktop.project.lead@status.im -desktop.sme@status.im,,193 -desktop1.sme@status.im,,194 -desktop2.sme@status.im,,195 -desktop3.sme@status.im,,196 -desktop4.sme@status.im,,197 -desktop5.sme@status.im,,198 -fin@status.im,,118 -finance_user1@status.im -fluffy.project-lead@status.im,,162 -harmeet@status.im,,109 -infra-a1.sme@status.im,,204 -infra.project-lead@status.im,infra.project-leadx,130 -infra.sme@status.im,,119 -infra1.sme@status.im,,131 -infra2.sme@status.im,,132 -infra3.sme@status.im,,167 -infra4.sme@status.im,,175 -infra5.sme@status.im,,176 -infra6.sme@status.im,infra6.smex,212 -jakub@status.im -jamescheung@status.im,,234 -jarrad@status.im -lead@status.im,,114 -legal-a1.sme@status.im,,205 -legal.project-lead@status.im,legal.project-leadx,133 -legal.sme@status.im,,125 -legal1.sme@status.im,,134 -legal2.sme@status.im,,165 -legal3.sme@status.im,,166 -legal4.sme@status.im,,177 -legal5.sme@status.im,,178 -legal6.sme@status.im,legal6.smex,213 -logos.program-lead@status.im,,160 -manuchehr@status.im,,110 -nimbus.program-lead@status.im,,161 -peopleops.partner-a1.sme@status.im,,208 -peopleops.partner.sme@status.im,,148 -peopleops.partner1.sme@status.im,,149 -peopleops.partner2.sme@status.im,,173 -peopleops.partner3.sme@status.im,,174 -peopleops.partner4.sme@status.im,,181 -peopleops.partner5.sme@status.im,,182 -peopleops.partner6.sme@status.im,peopleops.partner6.smex,216 -peopleops.partner@status.im,,150 -peopleops.project-lead@status.im,peopleops.project-leadx,147 -peopleops.talent.sme@status.im,,143 -peopleops.talent1.sme@status.im,,142 -peopleops.talent@status.im,,141 -ppg.ba-a1.sme@status.im,,207 -ppg.ba.project-lead@status.im,,137 -ppg.ba.sme@status.im,,138 -ppg.ba1.sme@status.im,,170 -ppg.ba2.sme@status.im,,171 -ppg.ba3.sme@status.im,,172 -ppg.ba4.sme@status.im,,200 -ppg.ba5.sme@status.im,,201 -ppg.ba6.sme@status.im,ppg.ba6.smex,236 -ppg.ba@status.im,,127 -sasha@status.im,,112 -security-a1.sme@status.im,,206 -security.project-lead@status.im,,151 -security.sme@status.im,,123 -security1.sme@status.im,,135 -security2.sme@status.im,,168 -security3.sme@status.im,,169 -security4.sme@status.im,,179 -security5.sme@status.im,,180 -security6.sme@status.im,security6.smex,211 -services.lead@status.im,,122 -vac.program-lead@status.im,,163 -web.project-lead@status.im,web.project-leadx,235