3216 lines
100 KiB
JSON
3216 lines
100 KiB
JSON
|
{
|
||
|
"id": "b5b70f0e-7a0f-4adb-b87b-3311d40e9686",
|
||
|
"realm": "test.pub.solar",
|
||
|
"notBefore": 0,
|
||
|
"defaultSignatureAlgorithm": "RS256",
|
||
|
"revokeRefreshToken": false,
|
||
|
"refreshTokenMaxReuse": 0,
|
||
|
"accessTokenLifespan": 300,
|
||
|
"accessTokenLifespanForImplicitFlow": 900,
|
||
|
"ssoSessionIdleTimeout": 1800,
|
||
|
"ssoSessionMaxLifespan": 43200,
|
||
|
"ssoSessionIdleTimeoutRememberMe": 7776000,
|
||
|
"ssoSessionMaxLifespanRememberMe": 31536000,
|
||
|
"offlineSessionIdleTimeout": 2592000,
|
||
|
"offlineSessionMaxLifespanEnabled": false,
|
||
|
"offlineSessionMaxLifespan": 5184000,
|
||
|
"clientSessionIdleTimeout": 0,
|
||
|
"clientSessionMaxLifespan": 0,
|
||
|
"clientOfflineSessionIdleTimeout": 0,
|
||
|
"clientOfflineSessionMaxLifespan": 0,
|
||
|
"accessCodeLifespan": 60,
|
||
|
"accessCodeLifespanUserAction": 300,
|
||
|
"accessCodeLifespanLogin": 1800,
|
||
|
"actionTokenGeneratedByAdminLifespan": 43200,
|
||
|
"actionTokenGeneratedByUserLifespan": 300,
|
||
|
"oauth2DeviceCodeLifespan": 600,
|
||
|
"oauth2DevicePollingInterval": 5,
|
||
|
"enabled": true,
|
||
|
"sslRequired": "external",
|
||
|
"registrationAllowed": true,
|
||
|
"registrationEmailAsUsername": false,
|
||
|
"rememberMe": true,
|
||
|
"verifyEmail": true,
|
||
|
"loginWithEmailAllowed": true,
|
||
|
"duplicateEmailsAllowed": false,
|
||
|
"resetPasswordAllowed": true,
|
||
|
"editUsernameAllowed": false,
|
||
|
"bruteForceProtected": false,
|
||
|
"permanentLockout": false,
|
||
|
"maxTemporaryLockouts": 0,
|
||
|
"maxFailureWaitSeconds": 900,
|
||
|
"minimumQuickLoginWaitSeconds": 60,
|
||
|
"waitIncrementSeconds": 60,
|
||
|
"quickLoginCheckMilliSeconds": 1000,
|
||
|
"maxDeltaTimeSeconds": 43200,
|
||
|
"failureFactor": 30,
|
||
|
"roles": {
|
||
|
"realm": [
|
||
|
{
|
||
|
"id": "5e30b340-292f-4c23-982f-936b052634c1",
|
||
|
"name": "offline_access",
|
||
|
"description": "${role_offline-access}",
|
||
|
"composite": false,
|
||
|
"clientRole": false,
|
||
|
"containerId": "b5b70f0e-7a0f-4adb-b87b-3311d40e9686",
|
||
|
"attributes": {}
|
||
|
},
|
||
|
{
|
||
|
"id": "49dd91a4-2176-4a84-aab0-37eb7f41fc1f",
|
||
|
"name": "default-roles-test.pub.solar",
|
||
|
"description": "${role_default-roles}",
|
||
|
"composite": true,
|
||
|
"composites": {
|
||
|
"realm": [
|
||
|
"offline_access",
|
||
|
"uma_authorization"
|
||
|
],
|
||
|
"client": {
|
||
|
"account": [
|
||
|
"view-profile",
|
||
|
"manage-account"
|
||
|
]
|
||
|
}
|
||
|
},
|
||
|
"clientRole": false,
|
||
|
"containerId": "b5b70f0e-7a0f-4adb-b87b-3311d40e9686",
|
||
|
"attributes": {}
|
||
|
},
|
||
|
{
|
||
|
"id": "541db75b-d73a-478c-bfbc-942b64d6286d",
|
||
|
"name": "admin",
|
||
|
"description": "Grafana admin role",
|
||
|
"composite": false,
|
||
|
"clientRole": false,
|
||
|
"containerId": "b5b70f0e-7a0f-4adb-b87b-3311d40e9686",
|
||
|
"attributes": {}
|
||
|
},
|
||
|
{
|
||
|
"id": "ca6ef8b3-aeca-420a-86d5-edb6698d83ef",
|
||
|
"name": "uma_authorization",
|
||
|
"description": "${role_uma_authorization}",
|
||
|
"composite": false,
|
||
|
"clientRole": false,
|
||
|
"containerId": "b5b70f0e-7a0f-4adb-b87b-3311d40e9686",
|
||
|
"attributes": {}
|
||
|
}
|
||
|
],
|
||
|
"client": {
|
||
|
"nextcloud": [],
|
||
|
"realm-management": [
|
||
|
{
|
||
|
"id": "ae0cb0ed-998f-476d-b688-ac087a6ddc5a",
|
||
|
"name": "manage-users",
|
||
|
"description": "${role_manage-users}",
|
||
|
"composite": false,
|
||
|
"clientRole": true,
|
||
|
"containerId": "9c267669-4de5-4203-a1c2-5b2de0003635",
|
||
|
"attributes": {}
|
||
|
},
|
||
|
{
|
||
|
"id": "53b294e4-ab83-4c7f-ae21-e5df0d47d76d",
|
||
|
"name": "query-realms",
|
||
|
"description": "${role_query-realms}",
|
||
|
"composite": false,
|
||
|
"clientRole": true,
|
||
|
"containerId": "9c267669-4de5-4203-a1c2-5b2de0003635",
|
||
|
"attributes": {}
|
||
|
},
|
||
|
{
|
||
|
"id": "fce40cde-1df9-48b7-b18b-f61a95569f03",
|
||
|
"name": "view-events",
|
||
|
"description": "${role_view-events}",
|
||
|
"composite": false,
|
||
|
"clientRole": true,
|
||
|
"containerId": "9c267669-4de5-4203-a1c2-5b2de0003635",
|
||
|
"attributes": {}
|
||
|
},
|
||
|
{
|
||
|
"id": "471acf51-59c9-4e74-a470-8b9d650d7043",
|
||
|
"name": "view-users",
|
||
|
"description": "${role_view-users}",
|
||
|
"composite": true,
|
||
|
"composites": {
|
||
|
"client": {
|
||
|
"realm-management": [
|
||
|
"query-users",
|
||
|
"query-groups"
|
||
|
]
|
||
|
}
|
||
|
},
|
||
|
"clientRole": true,
|
||
|
"containerId": "9c267669-4de5-4203-a1c2-5b2de0003635",
|
||
|
"attributes": {}
|
||
|
},
|
||
|
{
|
||
|
"id": "e2217f23-e8bf-44ab-ab43-6f3c6951b1ca",
|
||
|
"name": "manage-events",
|
||
|
"description": "${role_manage-events}",
|
||
|
"composite": false,
|
||
|
"clientRole": true,
|
||
|
"containerId": "9c267669-4de5-4203-a1c2-5b2de0003635",
|
||
|
"attributes": {}
|
||
|
},
|
||
|
{
|
||
|
"id": "07648931-6258-4276-ab5c-4b7f1aa66e44",
|
||
|
"name": "manage-realm",
|
||
|
"description": "${role_manage-realm}",
|
||
|
"composite": false,
|
||
|
"clientRole": true,
|
||
|
"containerId": "9c267669-4de5-4203-a1c2-5b2de0003635",
|
||
|
"attributes": {}
|
||
|
},
|
||
|
{
|
||
|
"id": "a3b51cd8-9a25-4361-9251-52dabdbf3af0",
|
||
|
"name": "view-clients",
|
||
|
"description": "${role_view-clients}",
|
||
|
"composite": true,
|
||
|
"composites": {
|
||
|
"client": {
|
||
|
"realm-management": [
|
||
|
"query-clients"
|
||
|
]
|
||
|
}
|
||
|
},
|
||
|
"clientRole": true,
|
||
|
"containerId": "9c267669-4de5-4203-a1c2-5b2de0003635",
|
||
|
"attributes": {}
|
||
|
},
|
||
|
{
|
||
|
"id": "e5db750b-6f51-41ac-885d-054300c072b2",
|
||
|
"name": "view-realm",
|
||
|
"description": "${role_view-realm}",
|
||
|
"composite": false,
|
||
|
"clientRole": true,
|
||
|
"containerId": "9c267669-4de5-4203-a1c2-5b2de0003635",
|
||
|
"attributes": {}
|
||
|
},
|
||
|
{
|
||
|
"id": "cfd61589-7ed6-4fc2-83d0-27f3ca1e6bbd",
|
||
|
"name": "impersonation",
|
||
|
"description": "${role_impersonation}",
|
||
|
"composite": false,
|
||
|
"clientRole": true,
|
||
|
"containerId": "9c267669-4de5-4203-a1c2-5b2de0003635",
|
||
|
"attributes": {}
|
||
|
},
|
||
|
{
|
||
|
"id": "434e0ec3-9e6e-4358-8814-dc5b783ae2b3",
|
||
|
"name": "view-authorization",
|
||
|
"description": "${role_view-authorization}",
|
||
|
"composite": false,
|
||
|
"clientRole": true,
|
||
|
"containerId": "9c267669-4de5-4203-a1c2-5b2de0003635",
|
||
|
"attributes": {}
|
||
|
},
|
||
|
{
|
||
|
"id": "32988bf3-3f8d-4150-b3a2-e342ec9a0587",
|
||
|
"name": "query-groups",
|
||
|
"description": "${role_query-groups}",
|
||
|
"composite": false,
|
||
|
"clientRole": true,
|
||
|
"containerId": "9c267669-4de5-4203-a1c2-5b2de0003635",
|
||
|
"attributes": {}
|
||
|
},
|
||
|
{
|
||
|
"id": "fa821c09-19a3-48da-9980-c093ba931902",
|
||
|
"name": "manage-authorization",
|
||
|
"description": "${role_manage-authorization}",
|
||
|
"composite": false,
|
||
|
"clientRole": true,
|
||
|
"containerId": "9c267669-4de5-4203-a1c2-5b2de0003635",
|
||
|
"attributes": {}
|
||
|
},
|
||
|
{
|
||
|
"id": "317528d1-b1f5-43f9-b88b-6afdc53fd975",
|
||
|
"name": "create-client",
|
||
|
"description": "${role_create-client}",
|
||
|
"composite": false,
|
||
|
"clientRole": true,
|
||
|
"containerId": "9c267669-4de5-4203-a1c2-5b2de0003635",
|
||
|
"attributes": {}
|
||
|
},
|
||
|
{
|
||
|
"id": "c446519c-24d0-4d60-b4c0-401bf6dd80d6",
|
||
|
"name": "realm-admin",
|
||
|
"description": "${role_realm-admin}",
|
||
|
"composite": true,
|
||
|
"composites": {
|
||
|
"client": {
|
||
|
"realm-management": [
|
||
|
"manage-users",
|
||
|
"query-realms",
|
||
|
"view-events",
|
||
|
"view-users",
|
||
|
"manage-realm",
|
||
|
"manage-events",
|
||
|
"view-clients",
|
||
|
"view-realm",
|
||
|
"impersonation",
|
||
|
"view-authorization",
|
||
|
"query-groups",
|
||
|
"manage-authorization",
|
||
|
"create-client",
|
||
|
"query-users",
|
||
|
"query-clients",
|
||
|
"view-identity-providers",
|
||
|
"manage-clients",
|
||
|
"manage-identity-providers"
|
||
|
]
|
||
|
}
|
||
|
},
|
||
|
"clientRole": true,
|
||
|
"containerId": "9c267669-4de5-4203-a1c2-5b2de0003635",
|
||
|
"attributes": {}
|
||
|
},
|
||
|
{
|
||
|
"id": "c197af85-bdb6-4caf-9e77-1631479e51db",
|
||
|
"name": "query-clients",
|
||
|
"description": "${role_query-clients}",
|
||
|
"composite": false,
|
||
|
"clientRole": true,
|
||
|
"containerId": "9c267669-4de5-4203-a1c2-5b2de0003635",
|
||
|
"attributes": {}
|
||
|
},
|
||
|
{
|
||
|
"id": "c5865ad3-936b-4506-b4eb-33b154b4837c",
|
||
|
"name": "query-users",
|
||
|
"description": "${role_query-users}",
|
||
|
"composite": false,
|
||
|
"clientRole": true,
|
||
|
"containerId": "9c267669-4de5-4203-a1c2-5b2de0003635",
|
||
|
"attributes": {}
|
||
|
},
|
||
|
{
|
||
|
"id": "90a4b005-4ecd-479d-9a8e-824a15735045",
|
||
|
"name": "view-identity-providers",
|
||
|
"description": "${role_view-identity-providers}",
|
||
|
"composite": false,
|
||
|
"clientRole": true,
|
||
|
"containerId": "9c267669-4de5-4203-a1c2-5b2de0003635",
|
||
|
"attributes": {}
|
||
|
},
|
||
|
{
|
||
|
"id": "56875e67-b1f4-49e2-b120-8ce33b5f4460",
|
||
|
"name": "manage-clients",
|
||
|
"description": "${role_manage-clients}",
|
||
|
"composite": false,
|
||
|
"clientRole": true,
|
||
|
"containerId": "9c267669-4de5-4203-a1c2-5b2de0003635",
|
||
|
"attributes": {}
|
||
|
},
|
||
|
{
|
||
|
"id": "4d7dc40e-66b8-4712-8bde-8d8c504c39b7",
|
||
|
"name": "manage-identity-providers",
|
||
|
"description": "${role_manage-identity-providers}",
|
||
|
"composite": false,
|
||
|
"clientRole": true,
|
||
|
"containerId": "9c267669-4de5-4203-a1c2-5b2de0003635",
|
||
|
"attributes": {}
|
||
|
}
|
||
|
],
|
||
|
"matrix-authentication-service": [],
|
||
|
"security-admin-console": [],
|
||
|
"account-console": [],
|
||
|
"tailscale": [],
|
||
|
"broker": [
|
||
|
{
|
||
|
"id": "100f0a26-618b-4de8-a4f5-4dabbb6c034c",
|
||
|
"name": "read-token",
|
||
|
"description": "${role_read-token}",
|
||
|
"composite": false,
|
||
|
"clientRole": true,
|
||
|
"containerId": "2321d398-262d-4fd7-aef8-e6cc0ee017d7",
|
||
|
"attributes": {}
|
||
|
}
|
||
|
],
|
||
|
"matrix": [
|
||
|
{
|
||
|
"id": "8730c207-c839-4766-86f6-2e7006867ac9",
|
||
|
"name": "uma_protection",
|
||
|
"composite": false,
|
||
|
"clientRole": true,
|
||
|
"containerId": "cb5a2e5c-2c4a-4acd-9389-3d63c77e1011",
|
||
|
"attributes": {}
|
||
|
}
|
||
|
],
|
||
|
"tt-rss": [],
|
||
|
"mediawiki": [],
|
||
|
"gitea": [],
|
||
|
"grafana": [],
|
||
|
"admin-cli": [],
|
||
|
"mastodon": [],
|
||
|
"openbikesensor-portal": [],
|
||
|
"account": [
|
||
|
{
|
||
|
"id": "53cb4bb7-ad4f-4cb6-b19b-60c367a9fca0",
|
||
|
"name": "manage-account",
|
||
|
"description": "${role_manage-account}",
|
||
|
"composite": true,
|
||
|
"composites": {
|
||
|
"client": {
|
||
|
"account": [
|
||
|
"manage-account-links"
|
||
|
]
|
||
|
}
|
||
|
},
|
||
|
"clientRole": true,
|
||
|
"containerId": "ffda02c2-3535-4b98-ab04-fe7dcb7b80a4",
|
||
|
"attributes": {}
|
||
|
},
|
||
|
{
|
||
|
"id": "22e2c8e7-3a1e-4681-9584-77f375255072",
|
||
|
"name": "view-profile",
|
||
|
"description": "${role_view-profile}",
|
||
|
"composite": false,
|
||
|
"clientRole": true,
|
||
|
"containerId": "ffda02c2-3535-4b98-ab04-fe7dcb7b80a4",
|
||
|
"attributes": {}
|
||
|
},
|
||
|
{
|
||
|
"id": "c2da86e7-0c40-4202-b01f-711f115444ac",
|
||
|
"name": "delete-account",
|
||
|
"description": "${role_delete-account}",
|
||
|
"composite": false,
|
||
|
"clientRole": true,
|
||
|
"containerId": "ffda02c2-3535-4b98-ab04-fe7dcb7b80a4",
|
||
|
"attributes": {}
|
||
|
},
|
||
|
{
|
||
|
"id": "4a8aa5fd-e4e5-4533-8886-6b0d54b10516",
|
||
|
"name": "manage-account-links",
|
||
|
"description": "${role_manage-account-links}",
|
||
|
"composite": false,
|
||
|
"clientRole": true,
|
||
|
"containerId": "ffda02c2-3535-4b98-ab04-fe7dcb7b80a4",
|
||
|
"attributes": {}
|
||
|
},
|
||
|
{
|
||
|
"id": "518f2427-8d18-4960-b958-2477fdfdae90",
|
||
|
"name": "view-applications",
|
||
|
"description": "${role_view-applications}",
|
||
|
"composite": false,
|
||
|
"clientRole": true,
|
||
|
"containerId": "ffda02c2-3535-4b98-ab04-fe7dcb7b80a4",
|
||
|
"attributes": {}
|
||
|
},
|
||
|
{
|
||
|
"id": "e29e2d62-1992-4437-ae33-b47346fcd59a",
|
||
|
"name": "manage-consent",
|
||
|
"description": "${role_manage-consent}",
|
||
|
"composite": true,
|
||
|
"composites": {
|
||
|
"client": {
|
||
|
"account": [
|
||
|
"view-consent"
|
||
|
]
|
||
|
}
|
||
|
},
|
||
|
"clientRole": true,
|
||
|
"containerId": "ffda02c2-3535-4b98-ab04-fe7dcb7b80a4",
|
||
|
"attributes": {}
|
||
|
},
|
||
|
{
|
||
|
"id": "96e61a70-2586-4c90-b2ea-52987b3894e1",
|
||
|
"name": "view-groups",
|
||
|
"description": "${role_view-groups}",
|
||
|
"composite": false,
|
||
|
"clientRole": true,
|
||
|
"containerId": "ffda02c2-3535-4b98-ab04-fe7dcb7b80a4",
|
||
|
"attributes": {}
|
||
|
},
|
||
|
{
|
||
|
"id": "f7531a5f-0b66-481e-8b6a-546ca6dff284",
|
||
|
"name": "view-consent",
|
||
|
"description": "${role_view-consent}",
|
||
|
"composite": false,
|
||
|
"clientRole": true,
|
||
|
"containerId": "ffda02c2-3535-4b98-ab04-fe7dcb7b80a4",
|
||
|
"attributes": {}
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
},
|
||
|
"groups": [],
|
||
|
"defaultRole": {
|
||
|
"id": "49dd91a4-2176-4a84-aab0-37eb7f41fc1f",
|
||
|
"name": "default-roles-test.pub.solar",
|
||
|
"description": "${role_default-roles}",
|
||
|
"composite": true,
|
||
|
"clientRole": false,
|
||
|
"containerId": "b5b70f0e-7a0f-4adb-b87b-3311d40e9686"
|
||
|
},
|
||
|
"requiredCredentials": [
|
||
|
"password"
|
||
|
],
|
||
|
"otpPolicyType": "totp",
|
||
|
"otpPolicyAlgorithm": "HmacSHA1",
|
||
|
"otpPolicyInitialCounter": 0,
|
||
|
"otpPolicyDigits": 6,
|
||
|
"otpPolicyLookAheadWindow": 1,
|
||
|
"otpPolicyPeriod": 30,
|
||
|
"otpPolicyCodeReusable": false,
|
||
|
"otpSupportedApplications": [
|
||
|
"totpAppFreeOTPName",
|
||
|
"totpAppGoogleName",
|
||
|
"totpAppMicrosoftAuthenticatorName"
|
||
|
],
|
||
|
"localizationTexts": {},
|
||
|
"webAuthnPolicyRpEntityName": "keycloak",
|
||
|
"webAuthnPolicySignatureAlgorithms": [
|
||
|
"ES256"
|
||
|
],
|
||
|
"webAuthnPolicyRpId": "",
|
||
|
"webAuthnPolicyAttestationConveyancePreference": "not specified",
|
||
|
"webAuthnPolicyAuthenticatorAttachment": "not specified",
|
||
|
"webAuthnPolicyRequireResidentKey": "not specified",
|
||
|
"webAuthnPolicyUserVerificationRequirement": "not specified",
|
||
|
"webAuthnPolicyCreateTimeout": 0,
|
||
|
"webAuthnPolicyAvoidSameAuthenticatorRegister": false,
|
||
|
"webAuthnPolicyAcceptableAaguids": [],
|
||
|
"webAuthnPolicyExtraOrigins": [],
|
||
|
"webAuthnPolicyPasswordlessRpEntityName": "keycloak",
|
||
|
"webAuthnPolicyPasswordlessSignatureAlgorithms": [
|
||
|
"ES256"
|
||
|
],
|
||
|
"webAuthnPolicyPasswordlessRpId": "",
|
||
|
"webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified",
|
||
|
"webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified",
|
||
|
"webAuthnPolicyPasswordlessRequireResidentKey": "not specified",
|
||
|
"webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified",
|
||
|
"webAuthnPolicyPasswordlessCreateTimeout": 0,
|
||
|
"webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false,
|
||
|
"webAuthnPolicyPasswordlessAcceptableAaguids": [],
|
||
|
"webAuthnPolicyPasswordlessExtraOrigins": [],
|
||
|
"users": [
|
||
|
{
|
||
|
"id": "eeecbf5f-4671-4f1b-9fa1-1cba5c7f5f7a",
|
||
|
"username": "service-account-admin-cli",
|
||
|
"emailVerified": true,
|
||
|
"createdTimestamp": 1714175492873,
|
||
|
"enabled": true,
|
||
|
"totp": false,
|
||
|
"serviceAccountClientId": "admin-cli",
|
||
|
"disableableCredentialTypes": [],
|
||
|
"requiredActions": [],
|
||
|
"realmRoles": [
|
||
|
"default-roles-test.pub.solar"
|
||
|
],
|
||
|
"clientRoles": {
|
||
|
"realm-management": [
|
||
|
"query-realms",
|
||
|
"manage-users",
|
||
|
"view-events",
|
||
|
"view-users",
|
||
|
"manage-events",
|
||
|
"manage-realm",
|
||
|
"view-clients",
|
||
|
"view-realm",
|
||
|
"impersonation",
|
||
|
"view-authorization",
|
||
|
"query-groups",
|
||
|
"manage-authorization",
|
||
|
"realm-admin",
|
||
|
"create-client",
|
||
|
"query-users",
|
||
|
"query-clients",
|
||
|
"view-identity-providers",
|
||
|
"manage-identity-providers",
|
||
|
"manage-clients"
|
||
|
]
|
||
|
},
|
||
|
"notBefore": 0,
|
||
|
"groups": []
|
||
|
},
|
||
|
{
|
||
|
"id": "1237f773-ea8a-4db1-8fe5-5ec7924e6a10",
|
||
|
"username": "service-account-matrix",
|
||
|
"emailVerified": true,
|
||
|
"createdTimestamp": 1669426534368,
|
||
|
"enabled": true,
|
||
|
"totp": false,
|
||
|
"serviceAccountClientId": "matrix",
|
||
|
"disableableCredentialTypes": [],
|
||
|
"requiredActions": [],
|
||
|
"realmRoles": [
|
||
|
"default-roles-test.pub.solar"
|
||
|
],
|
||
|
"clientRoles": {
|
||
|
"matrix": [
|
||
|
"uma_protection"
|
||
|
]
|
||
|
},
|
||
|
"notBefore": 0,
|
||
|
"groups": []
|
||
|
}
|
||
|
],
|
||
|
"scopeMappings": [
|
||
|
{
|
||
|
"clientScope": "offline_access",
|
||
|
"roles": [
|
||
|
"offline_access"
|
||
|
]
|
||
|
}
|
||
|
],
|
||
|
"clientScopeMappings": {
|
||
|
"account": [
|
||
|
{
|
||
|
"client": "account-console",
|
||
|
"roles": [
|
||
|
"manage-account",
|
||
|
"view-groups"
|
||
|
]
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
"clients": [
|
||
|
{
|
||
|
"id": "ffda02c2-3535-4b98-ab04-fe7dcb7b80a4",
|
||
|
"clientId": "account",
|
||
|
"name": "${client_account}",
|
||
|
"description": "",
|
||
|
"rootUrl": "${authBaseUrl}",
|
||
|
"adminUrl": "",
|
||
|
"baseUrl": "/realms/test.pub.solar/account/",
|
||
|
"surrogateAuthRequired": false,
|
||
|
"enabled": true,
|
||
|
"alwaysDisplayInConsole": false,
|
||
|
"clientAuthenticatorType": "client-secret",
|
||
|
"redirectUris": [
|
||
|
"/realms/test.pub.solar/account/*"
|
||
|
],
|
||
|
"webOrigins": [],
|
||
|
"notBefore": 0,
|
||
|
"bearerOnly": false,
|
||
|
"consentRequired": false,
|
||
|
"standardFlowEnabled": true,
|
||
|
"implicitFlowEnabled": false,
|
||
|
"directAccessGrantsEnabled": false,
|
||
|
"serviceAccountsEnabled": false,
|
||
|
"publicClient": true,
|
||
|
"frontchannelLogout": false,
|
||
|
"protocol": "openid-connect",
|
||
|
"attributes": {
|
||
|
"tls-client-certificate-bound-access-tokens": "false",
|
||
|
"oidc.ciba.grant.enabled": "false",
|
||
|
"backchannel.logout.session.required": "true",
|
||
|
"client_credentials.use_refresh_token": "false",
|
||
|
"acr.loa.map": "{}",
|
||
|
"require.pushed.authorization.requests": "false",
|
||
|
"post.logout.redirect.uris": "+",
|
||
|
"display.on.consent.screen": "false",
|
||
|
"oauth2.device.authorization.grant.enabled": "false",
|
||
|
"backchannel.logout.revoke.offline.tokens": "false",
|
||
|
"token.response.type.bearer.lower-case": "false",
|
||
|
"use.refresh.tokens": "true"
|
||
|
},
|
||
|
"authenticationFlowBindingOverrides": {},
|
||
|
"fullScopeAllowed": false,
|
||
|
"nodeReRegistrationTimeout": 0,
|
||
|
"defaultClientScopes": [
|
||
|
"web-origins",
|
||
|
"acr",
|
||
|
"roles",
|
||
|
"profile",
|
||
|
"email"
|
||
|
],
|
||
|
"optionalClientScopes": [
|
||
|
"address",
|
||
|
"phone",
|
||
|
"offline_access",
|
||
|
"microprofile-jwt"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"id": "16e24154-8351-4862-866e-ccb326d3143a",
|
||
|
"clientId": "account-console",
|
||
|
"name": "${client_account-console}",
|
||
|
"description": "",
|
||
|
"rootUrl": "${authBaseUrl}",
|
||
|
"adminUrl": "",
|
||
|
"baseUrl": "/realms/test.pub.solar/account/",
|
||
|
"surrogateAuthRequired": false,
|
||
|
"enabled": true,
|
||
|
"alwaysDisplayInConsole": false,
|
||
|
"clientAuthenticatorType": "client-secret",
|
||
|
"redirectUris": [
|
||
|
"/realms/test.pub.solar/account/*"
|
||
|
],
|
||
|
"webOrigins": [],
|
||
|
"notBefore": 0,
|
||
|
"bearerOnly": false,
|
||
|
"consentRequired": false,
|
||
|
"standardFlowEnabled": true,
|
||
|
"implicitFlowEnabled": false,
|
||
|
"directAccessGrantsEnabled": false,
|
||
|
"serviceAccountsEnabled": false,
|
||
|
"publicClient": true,
|
||
|
"frontchannelLogout": false,
|
||
|
"protocol": "openid-connect",
|
||
|
"attributes": {
|
||
|
"post.logout.redirect.uris": "+",
|
||
|
"oauth2.device.authorization.grant.enabled": "false",
|
||
|
"backchannel.logout.revoke.offline.tokens": "false",
|
||
|
"use.refresh.tokens": "true",
|
||
|
"tls-client-certificate-bound-access-tokens": "false",
|
||
|
"oidc.ciba.grant.enabled": "false",
|
||
|
"backchannel.logout.session.required": "true",
|
||
|
"client_credentials.use_refresh_token": "false",
|
||
|
"acr.loa.map": "{}",
|
||
|
"require.pushed.authorization.requests": "false",
|
||
|
"tls.client.certificate.bound.access.tokens": "false",
|
||
|
"display.on.consent.screen": "false",
|
||
|
"token.response.type.bearer.lower-case": "false"
|
||
|
},
|
||
|
"authenticationFlowBindingOverrides": {},
|
||
|
"fullScopeAllowed": false,
|
||
|
"nodeReRegistrationTimeout": 0,
|
||
|
"protocolMappers": [
|
||
|
{
|
||
|
"id": "a076f7e4-08b2-4804-8784-526bcbcbf293",
|
||
|
"name": "audience resolve",
|
||
|
"protocol": "openid-connect",
|
||
|
"protocolMapper": "oidc-audience-resolve-mapper",
|
||
|
"consentRequired": false,
|
||
|
"config": {}
|
||
|
}
|
||
|
],
|
||
|
"defaultClientScopes": [
|
||
|
"web-origins",
|
||
|
"acr",
|
||
|
"roles",
|
||
|
"profile",
|
||
|
"email"
|
||
|
],
|
||
|
"optionalClientScopes": [
|
||
|
"address",
|
||
|
"phone",
|
||
|
"offline_access",
|
||
|
"microprofile-jwt"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"id": "43795547-9881-429e-86f3-94cbb2961f4e",
|
||
|
"clientId": "admin-cli",
|
||
|
"name": "${client_admin-cli}",
|
||
|
"description": "",
|
||
|
"rootUrl": "",
|
||
|
"adminUrl": "",
|
||
|
"baseUrl": "",
|
||
|
"surrogateAuthRequired": false,
|
||
|
"enabled": true,
|
||
|
"alwaysDisplayInConsole": false,
|
||
|
"clientAuthenticatorType": "client-secret",
|
||
|
"secret": "secret",
|
||
|
"redirectUris": [],
|
||
|
"webOrigins": [],
|
||
|
"notBefore": 0,
|
||
|
"bearerOnly": false,
|
||
|
"consentRequired": false,
|
||
|
"standardFlowEnabled": false,
|
||
|
"implicitFlowEnabled": false,
|
||
|
"directAccessGrantsEnabled": false,
|
||
|
"serviceAccountsEnabled": true,
|
||
|
"publicClient": false,
|
||
|
"frontchannelLogout": false,
|
||
|
"protocol": "openid-connect",
|
||
|
"attributes": {
|
||
|
"oidc.ciba.grant.enabled": "false",
|
||
|
"display.on.consent.screen": "false",
|
||
|
"oauth2.device.authorization.grant.enabled": "false",
|
||
|
"client.secret.creation.time": 1724701666039,
|
||
|
"backchannel.logout.session.required": "true",
|
||
|
"backchannel.logout.revoke.offline.tokens": "false"
|
||
|
},
|
||
|
"authenticationFlowBindingOverrides": {},
|
||
|
"fullScopeAllowed": false,
|
||
|
"nodeReRegistrationTimeout": 0,
|
||
|
"protocolMappers": [
|
||
|
{
|
||
|
"id": "ba37bbed-bf37-433e-a87c-17be807bebef",
|
||
|
"name": "Client ID",
|
||
|
"protocol": "openid-connect",
|
||
|
"protocolMapper": "oidc-usersessionmodel-note-mapper",
|
||
|
"consentRequired": false,
|
||
|
"config": {
|
||
|
"user.session.note": "client_id",
|
||
|
"id.token.claim": "true",
|
||
|
"introspection.token.claim": "true",
|
||
|
"access.token.claim": "true",
|
||
|
"claim.name": "client_id",
|
||
|
"jsonType.label": "String"
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"id": "223f12dc-ea4e-415f-b219-579af08f077e",
|
||
|
"name": "Client IP Address",
|
||
|
"protocol": "openid-connect",
|
||
|
"protocolMapper": "oidc-usersessionmodel-note-mapper",
|
||
|
"consentRequired": false,
|
||
|
"config": {
|
||
|
"user.session.note": "clientAddress",
|
||
|
"id.token.claim": "true",
|
||
|
"introspection.token.claim": "true",
|
||
|
"access.token.claim": "true",
|
||
|
"claim.name": "clientAddress",
|
||
|
"jsonType.label": "String"
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"id": "197639ae-6f64-41fb-88db-30e02507ee2a",
|
||
|
"name": "Client Host",
|
||
|
"protocol": "openid-connect",
|
||
|
"protocolMapper": "oidc-usersessionmodel-note-mapper",
|
||
|
"consentRequired": false,
|
||
|
"config": {
|
||
|
"user.session.note": "clientHost",
|
||
|
"id.token.claim": "true",
|
||
|
"introspection.token.claim": "true",
|
||
|
"access.token.claim": "true",
|
||
|
"claim.name": "clientHost",
|
||
|
"jsonType.label": "String"
|
||
|
}
|
||
|
}
|
||
|
],
|
||
|
"defaultClientScopes": [
|
||
|
"web-origins",
|
||
|
"acr",
|
||
|
"roles",
|
||
|
"profile",
|
||
|
"email"
|
||
|
],
|
||
|
"optionalClientScopes": [
|
||
|
"address",
|
||
|
"phone",
|
||
|
"offline_access",
|
||
|
"microprofile-jwt"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"id": "2321d398-262d-4fd7-aef8-e6cc0ee017d7",
|
||
|
"clientId": "broker",
|
||
|
"name": "${client_broker}",
|
||
|
"surrogateAuthRequired": false,
|
||
|
"enabled": true,
|
||
|
"alwaysDisplayInConsole": false,
|
||
|
"clientAuthenticatorType": "client-secret",
|
||
|
"redirectUris": [],
|
||
|
"webOrigins": [],
|
||
|
"notBefore": 0,
|
||
|
"bearerOnly": true,
|
||
|
"consentRequired": false,
|
||
|
"standardFlowEnabled": true,
|
||
|
"implicitFlowEnabled": false,
|
||
|
"directAccessGrantsEnabled": false,
|
||
|
"serviceAccountsEnabled": false,
|
||
|
"publicClient": false,
|
||
|
"frontchannelLogout": false,
|
||
|
"protocol": "openid-connect",
|
||
|
"attributes": {},
|
||
|
"authenticationFlowBindingOverrides": {},
|
||
|
"fullScopeAllowed": false,
|
||
|
"nodeReRegistrationTimeout": 0,
|
||
|
"defaultClientScopes": [
|
||
|
"web-origins",
|
||
|
"acr",
|
||
|
"roles",
|
||
|
"profile",
|
||
|
"email"
|
||
|
],
|
||
|
"optionalClientScopes": [
|
||
|
"address",
|
||
|
"phone",
|
||
|
"offline_access",
|
||
|
"microprofile-jwt"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"id": "eb879c6d-d130-4eac-82c2-abb0c3b90eb1",
|
||
|
"clientId": "gitea",
|
||
|
"name": "",
|
||
|
"description": "",
|
||
|
"rootUrl": "https://git.test.pub.solar",
|
||
|
"adminUrl": "https://git.test.pub.solar",
|
||
|
"baseUrl": "https://git.test.pub.solar",
|
||
|
"surrogateAuthRequired": false,
|
||
|
"enabled": true,
|
||
|
"alwaysDisplayInConsole": false,
|
||
|
"clientAuthenticatorType": "client-secret",
|
||
|
"secret": "secret",
|
||
|
"redirectUris": [
|
||
|
"https://git.test.pub.solar/*"
|
||
|
],
|
||
|
"webOrigins": [
|
||
|
"https://git.test.pub.solar"
|
||
|
],
|
||
|
"notBefore": 0,
|
||
|
"bearerOnly": false,
|
||
|
"consentRequired": false,
|
||
|
"standardFlowEnabled": true,
|
||
|
"implicitFlowEnabled": false,
|
||
|
"directAccessGrantsEnabled": true,
|
||
|
"serviceAccountsEnabled": false,
|
||
|
"publicClient": false,
|
||
|
"frontchannelLogout": true,
|
||
|
"protocol": "openid-connect",
|
||
|
"attributes": {
|
||
|
"client.secret.creation.time": 1724701666039,
|
||
|
"post.logout.redirect.uris": "+",
|
||
|
"oauth2.device.authorization.grant.enabled": "false",
|
||
|
"backchannel.logout.revoke.offline.tokens": "false",
|
||
|
"use.refresh.tokens": "true",
|
||
|
"tls-client-certificate-bound-access-tokens": "false",
|
||
|
"oidc.ciba.grant.enabled": "false",
|
||
|
"backchannel.logout.session.required": "true",
|
||
|
"client_credentials.use_refresh_token": "false",
|
||
|
"acr.loa.map": "{}",
|
||
|
"require.pushed.authorization.requests": "false",
|
||
|
"display.on.consent.screen": "false",
|
||
|
"token.response.type.bearer.lower-case": "false"
|
||
|
},
|
||
|
"authenticationFlowBindingOverrides": {},
|
||
|
"fullScopeAllowed": true,
|
||
|
"nodeReRegistrationTimeout": -1,
|
||
|
"defaultClientScopes": [
|
||
|
"web-origins",
|
||
|
"acr",
|
||
|
"roles",
|
||
|
"profile",
|
||
|
"email"
|
||
|
],
|
||
|
"optionalClientScopes": [
|
||
|
"address",
|
||
|
"phone",
|
||
|
"offline_access",
|
||
|
"microprofile-jwt"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"id": "8f4a114b-d41c-4942-b6a8-0d306ed84edf",
|
||
|
"clientId": "grafana",
|
||
|
"name": "",
|
||
|
"description": "https://grafana.test.pub.solar",
|
||
|
"rootUrl": "https://grafana.test.pub.solar",
|
||
|
"adminUrl": "https://grafana.test.pub.solar",
|
||
|
"baseUrl": "/login/generic_oauth",
|
||
|
"surrogateAuthRequired": false,
|
||
|
"enabled": true,
|
||
|
"alwaysDisplayInConsole": false,
|
||
|
"clientAuthenticatorType": "client-secret",
|
||
|
"secret": "secret",
|
||
|
"redirectUris": [
|
||
|
"https://grafana.test.pub.solar/login/generic_oauth"
|
||
|
],
|
||
|
"webOrigins": [
|
||
|
"https://grafana.test.pub.solar"
|
||
|
],
|
||
|
"notBefore": 0,
|
||
|
"bearerOnly": false,
|
||
|
"consentRequired": false,
|
||
|
"standardFlowEnabled": true,
|
||
|
"implicitFlowEnabled": false,
|
||
|
"directAccessGrantsEnabled": true,
|
||
|
"serviceAccountsEnabled": false,
|
||
|
"publicClient": false,
|
||
|
"frontchannelLogout": true,
|
||
|
"protocol": "openid-connect",
|
||
|
"attributes": {
|
||
|
"oidc.ciba.grant.enabled": "false",
|
||
|
"client.secret.creation.time": 1724701666039,
|
||
|
"backchannel.logout.session.required": "true",
|
||
|
"post.logout.redirect.uris": "+",
|
||
|
"display.on.consent.screen": "false",
|
||
|
"oauth2.device.authorization.grant.enabled": "false",
|
||
|
"backchannel.logout.revoke.offline.tokens": "false"
|
||
|
},
|
||
|
"authenticationFlowBindingOverrides": {},
|
||
|
"fullScopeAllowed": true,
|
||
|
"nodeReRegistrationTimeout": -1,
|
||
|
"defaultClientScopes": [
|
||
|
"web-origins",
|
||
|
"acr",
|
||
|
"roles",
|
||
|
"profile",
|
||
|
"email"
|
||
|
],
|
||
|
"optionalClientScopes": [
|
||
|
"address",
|
||
|
"phone",
|
||
|
"offline_access",
|
||
|
"microprofile-jwt"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"id": "212cab9b-cf2c-4bfd-8a1a-1e0533c430f6",
|
||
|
"clientId": "mastodon",
|
||
|
"name": "mastodon",
|
||
|
"description": "",
|
||
|
"rootUrl": "https://mastodon.test.pub.solar",
|
||
|
"adminUrl": "",
|
||
|
"baseUrl": "https://mastodon.test.pub.solar",
|
||
|
"surrogateAuthRequired": false,
|
||
|
"enabled": true,
|
||
|
"alwaysDisplayInConsole": false,
|
||
|
"clientAuthenticatorType": "client-secret",
|
||
|
"secret": "secret",
|
||
|
"redirectUris": [
|
||
|
"",
|
||
|
"https://mastodon.test.pub.solar/auth/auth/openid_connect/callback"
|
||
|
],
|
||
|
"webOrigins": [
|
||
|
"https://mastodon.test.pub.solar/auth/openid_connect/callback"
|
||
|
],
|
||
|
"notBefore": 0,
|
||
|
"bearerOnly": false,
|
||
|
"consentRequired": false,
|
||
|
"standardFlowEnabled": true,
|
||
|
"implicitFlowEnabled": false,
|
||
|
"directAccessGrantsEnabled": true,
|
||
|
"serviceAccountsEnabled": false,
|
||
|
"publicClient": false,
|
||
|
"frontchannelLogout": true,
|
||
|
"protocol": "openid-connect",
|
||
|
"attributes": {
|
||
|
"tls-client-certificate-bound-access-tokens": "false",
|
||
|
"oidc.ciba.grant.enabled": "false",
|
||
|
"client.secret.creation.time": 1724701666039,
|
||
|
"backchannel.logout.session.required": "true",
|
||
|
"client_credentials.use_refresh_token": "false",
|
||
|
"acr.loa.map": "{}",
|
||
|
"require.pushed.authorization.requests": "false",
|
||
|
"display.on.consent.screen": "false",
|
||
|
"oauth2.device.authorization.grant.enabled": "false",
|
||
|
"backchannel.logout.revoke.offline.tokens": "false",
|
||
|
"token.response.type.bearer.lower-case": "false",
|
||
|
"use.refresh.tokens": "true"
|
||
|
},
|
||
|
"authenticationFlowBindingOverrides": {},
|
||
|
"fullScopeAllowed": true,
|
||
|
"nodeReRegistrationTimeout": -1,
|
||
|
"defaultClientScopes": [
|
||
|
"web-origins",
|
||
|
"acr",
|
||
|
"roles",
|
||
|
"profile",
|
||
|
"email"
|
||
|
],
|
||
|
"optionalClientScopes": [
|
||
|
"address",
|
||
|
"phone",
|
||
|
"offline_access",
|
||
|
"microprofile-jwt"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"id": "cb5a2e5c-2c4a-4acd-9389-3d63c77e1011",
|
||
|
"clientId": "matrix",
|
||
|
"name": "",
|
||
|
"description": "",
|
||
|
"rootUrl": "https://chat.test.pub.solar",
|
||
|
"adminUrl": "",
|
||
|
"baseUrl": "https://chat.test.pub.solar",
|
||
|
"surrogateAuthRequired": false,
|
||
|
"enabled": true,
|
||
|
"alwaysDisplayInConsole": false,
|
||
|
"clientAuthenticatorType": "client-secret",
|
||
|
"secret": "secret",
|
||
|
"redirectUris": [
|
||
|
"https://matrix.test.pub.solar/_synapse/client/oidc/callback",
|
||
|
"https://matrix.test.test.pub.solar/_synapse/client/oidc/callback"
|
||
|
],
|
||
|
"webOrigins": [],
|
||
|
"notBefore": 0,
|
||
|
"bearerOnly": false,
|
||
|
"consentRequired": false,
|
||
|
"standardFlowEnabled": true,
|
||
|
"implicitFlowEnabled": false,
|
||
|
"directAccessGrantsEnabled": true,
|
||
|
"serviceAccountsEnabled": true,
|
||
|
"authorizationServicesEnabled": true,
|
||
|
"publicClient": false,
|
||
|
"frontchannelLogout": true,
|
||
|
"protocol": "openid-connect",
|
||
|
"attributes": {
|
||
|
"client.secret.creation.time": 1724701666039,
|
||
|
"oauth2.device.authorization.grant.enabled": "false",
|
||
|
"backchannel.logout.revoke.offline.tokens": "false",
|
||
|
"use.refresh.tokens": "true",
|
||
|
"tls-client-certificate-bound-access-tokens": "false",
|
||
|
"oidc.ciba.grant.enabled": "false",
|
||
|
"backchannel.logout.session.required": "true",
|
||
|
"backchannel.logout.url": "https://chat.test.pub.solar/_synapse/client/oidc/backchannel_logout",
|
||
|
"client_credentials.use_refresh_token": "false",
|
||
|
"acr.loa.map": "{}",
|
||
|
"require.pushed.authorization.requests": "false",
|
||
|
"display.on.consent.screen": "false",
|
||
|
"token.response.type.bearer.lower-case": "false"
|
||
|
},
|
||
|
"authenticationFlowBindingOverrides": {},
|
||
|
"fullScopeAllowed": true,
|
||
|
"nodeReRegistrationTimeout": -1,
|
||
|
"protocolMappers": [
|
||
|
{
|
||
|
"id": "895d5d35-d9c9-489d-bddc-37c40a337188",
|
||
|
"name": "Client Host",
|
||
|
"protocol": "openid-connect",
|
||
|
"protocolMapper": "oidc-usersessionmodel-note-mapper",
|
||
|
"consentRequired": false,
|
||
|
"config": {
|
||
|
"user.session.note": "clientHost",
|
||
|
"id.token.claim": "true",
|
||
|
"access.token.claim": "true",
|
||
|
"claim.name": "clientHost",
|
||
|
"jsonType.label": "String"
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"id": "969c7760-7d2a-4117-8505-53bd4d0c10b1",
|
||
|
"name": "Client IP Address",
|
||
|
"protocol": "openid-connect",
|
||
|
"protocolMapper": "oidc-usersessionmodel-note-mapper",
|
||
|
"consentRequired": false,
|
||
|
"config": {
|
||
|
"user.session.note": "clientAddress",
|
||
|
"id.token.claim": "true",
|
||
|
"access.token.claim": "true",
|
||
|
"claim.name": "clientAddress",
|
||
|
"jsonType.label": "String"
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"id": "63d3be07-5ef2-4b84-92ec-1a739b2f58e4",
|
||
|
"name": "Client ID",
|
||
|
"protocol": "openid-connect",
|
||
|
"protocolMapper": "oidc-usersessionmodel-note-mapper",
|
||
|
"consentRequired": false,
|
||
|
"config": {
|
||
|
"user.session.note": "clientId",
|
||
|
"id.token.claim": "true",
|
||
|
"access.token.claim": "true",
|
||
|
"claim.name": "clientId",
|
||
|
"jsonType.label": "String"
|
||
|
}
|
||
|
}
|
||
|
],
|
||
|
"defaultClientScopes": [
|
||
|
"web-origins",
|
||
|
"acr",
|
||
|
"roles",
|
||
|
"profile",
|
||
|
"email"
|
||
|
],
|
||
|
"optionalClientScopes": [
|
||
|
"address",
|
||
|
"phone",
|
||
|
"offline_access",
|
||
|
"microprofile-jwt"
|
||
|
],
|
||
|
"authorizationSettings": {
|
||
|
"allowRemoteResourceManagement": true,
|
||
|
"policyEnforcementMode": "ENFORCING",
|
||
|
"resources": [
|
||
|
{
|
||
|
"name": "Default Resource",
|
||
|
"type": "urn:matrix:resources:default",
|
||
|
"ownerManagedAccess": false,
|
||
|
"attributes": {},
|
||
|
"_id": "559732a1-23b5-4af2-b14f-32b0ae2afa6e",
|
||
|
"uris": [
|
||
|
"/*"
|
||
|
]
|
||
|
}
|
||
|
],
|
||
|
"policies": [
|
||
|
{
|
||
|
"id": "95abcad9-b9ff-416e-8ab1-706bf6a7f406",
|
||
|
"name": "Default Policy",
|
||
|
"description": "A policy that grants access only for users within this realm",
|
||
|
"type": "js",
|
||
|
"logic": "POSITIVE",
|
||
|
"decisionStrategy": "AFFIRMATIVE",
|
||
|
"config": {
|
||
|
"code": "// by default, grants any permission associated with this policy\n$evaluation.grant();\n"
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"id": "26997def-9683-47e4-a6c3-c7d5b69e4a38",
|
||
|
"name": "Default Permission",
|
||
|
"description": "A permission that applies to the default resource type",
|
||
|
"type": "resource",
|
||
|
"logic": "POSITIVE",
|
||
|
"decisionStrategy": "UNANIMOUS",
|
||
|
"config": {
|
||
|
"defaultResourceType": "urn:matrix:resources:default",
|
||
|
"applyPolicies": "[\"Default Policy\"]"
|
||
|
}
|
||
|
}
|
||
|
],
|
||
|
"scopes": [],
|
||
|
"decisionStrategy": "UNANIMOUS"
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"id": "0bc9fc84-2636-4bc3-9394-61ec4b804939",
|
||
|
"clientId": "matrix-authentication-service",
|
||
|
"name": "",
|
||
|
"description": "Used for our hosted https://github.com/matrix-org/matrix-authentication-service",
|
||
|
"rootUrl": "https://matrix.test.pub.solar/",
|
||
|
"adminUrl": "https://matrix.test.pub.solar/",
|
||
|
"baseUrl": "https://matrix.test.pub.solar/",
|
||
|
"surrogateAuthRequired": false,
|
||
|
"enabled": true,
|
||
|
"alwaysDisplayInConsole": false,
|
||
|
"clientAuthenticatorType": "client-secret",
|
||
|
"secret": "secret",
|
||
|
"redirectUris": [
|
||
|
"http://[::]:8080/upstream/callback/01HHWGFGBGGCT7HFHD0R4K0AZF"
|
||
|
],
|
||
|
"webOrigins": [
|
||
|
"+"
|
||
|
],
|
||
|
"notBefore": 0,
|
||
|
"bearerOnly": false,
|
||
|
"consentRequired": false,
|
||
|
"standardFlowEnabled": true,
|
||
|
"implicitFlowEnabled": false,
|
||
|
"directAccessGrantsEnabled": true,
|
||
|
"serviceAccountsEnabled": false,
|
||
|
"publicClient": false,
|
||
|
"frontchannelLogout": true,
|
||
|
"protocol": "openid-connect",
|
||
|
"attributes": {
|
||
|
"oidc.ciba.grant.enabled": "false",
|
||
|
"client.secret.creation.time": 1724701666039,
|
||
|
"backchannel.logout.session.required": "true",
|
||
|
"post.logout.redirect.uris": "+",
|
||
|
"display.on.consent.screen": "false",
|
||
|
"oauth2.device.authorization.grant.enabled": "false",
|
||
|
"backchannel.logout.revoke.offline.tokens": "false"
|
||
|
},
|
||
|
"authenticationFlowBindingOverrides": {},
|
||
|
"fullScopeAllowed": true,
|
||
|
"nodeReRegistrationTimeout": -1,
|
||
|
"defaultClientScopes": [
|
||
|
"web-origins",
|
||
|
"acr",
|
||
|
"roles",
|
||
|
"profile",
|
||
|
"email"
|
||
|
],
|
||
|
"optionalClientScopes": [
|
||
|
"address",
|
||
|
"phone",
|
||
|
"offline_access",
|
||
|
"microprofile-jwt"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"id": "f4fb631d-de88-48b2-be28-8ee74190c743",
|
||
|
"clientId": "mediawiki",
|
||
|
"name": "",
|
||
|
"description": "",
|
||
|
"rootUrl": "https://wiki.test.pub.solar",
|
||
|
"adminUrl": "https://wiki.test.pub.solar",
|
||
|
"baseUrl": "https://wiki.test.pub.solar",
|
||
|
"surrogateAuthRequired": false,
|
||
|
"enabled": true,
|
||
|
"alwaysDisplayInConsole": false,
|
||
|
"clientAuthenticatorType": "client-secret",
|
||
|
"secret": "secret",
|
||
|
"redirectUris": [
|
||
|
"https://wiki.test.pub.solar/*"
|
||
|
],
|
||
|
"webOrigins": [
|
||
|
"https://wiki.test.pub.solar"
|
||
|
],
|
||
|
"notBefore": 0,
|
||
|
"bearerOnly": false,
|
||
|
"consentRequired": false,
|
||
|
"standardFlowEnabled": true,
|
||
|
"implicitFlowEnabled": false,
|
||
|
"directAccessGrantsEnabled": true,
|
||
|
"serviceAccountsEnabled": false,
|
||
|
"publicClient": false,
|
||
|
"frontchannelLogout": true,
|
||
|
"protocol": "openid-connect",
|
||
|
"attributes": {
|
||
|
"oidc.ciba.grant.enabled": "false",
|
||
|
"client.secret.creation.time": 1724701666039,
|
||
|
"backchannel.logout.session.required": "true",
|
||
|
"post.logout.redirect.uris": "+",
|
||
|
"display.on.consent.screen": "false",
|
||
|
"oauth2.device.authorization.grant.enabled": "false",
|
||
|
"backchannel.logout.revoke.offline.tokens": "false"
|
||
|
},
|
||
|
"authenticationFlowBindingOverrides": {},
|
||
|
"fullScopeAllowed": true,
|
||
|
"nodeReRegistrationTimeout": -1,
|
||
|
"defaultClientScopes": [
|
||
|
"web-origins",
|
||
|
"acr",
|
||
|
"roles",
|
||
|
"profile",
|
||
|
"email"
|
||
|
],
|
||
|
"optionalClientScopes": [
|
||
|
"address",
|
||
|
"phone",
|
||
|
"offline_access",
|
||
|
"microprofile-jwt"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"id": "d830160a-1c09-4dfd-b984-cd9e69e72649",
|
||
|
"clientId": "nextcloud",
|
||
|
"name": "",
|
||
|
"description": "",
|
||
|
"rootUrl": "https://cloud.test.pub.solar",
|
||
|
"adminUrl": "https://cloud.test.pub.solar",
|
||
|
"baseUrl": "https://cloud.test.pub.solar",
|
||
|
"surrogateAuthRequired": false,
|
||
|
"enabled": true,
|
||
|
"alwaysDisplayInConsole": false,
|
||
|
"clientAuthenticatorType": "client-secret",
|
||
|
"secret": "secret",
|
||
|
"redirectUris": [
|
||
|
"https://cloud.test.pub.solar/apps/user_oidc/code"
|
||
|
],
|
||
|
"webOrigins": [
|
||
|
"https://cloud.test.pub.solar"
|
||
|
],
|
||
|
"notBefore": 0,
|
||
|
"bearerOnly": false,
|
||
|
"consentRequired": false,
|
||
|
"standardFlowEnabled": true,
|
||
|
"implicitFlowEnabled": false,
|
||
|
"directAccessGrantsEnabled": true,
|
||
|
"serviceAccountsEnabled": false,
|
||
|
"publicClient": false,
|
||
|
"frontchannelLogout": true,
|
||
|
"protocol": "openid-connect",
|
||
|
"attributes": {
|
||
|
"client.secret.creation.time": 1724701666039,
|
||
|
"post.logout.redirect.uris": "https://cloud.test.pub.solar##https://cloud.test.pub.solar/##https://cloud.test.pub.solar/*",
|
||
|
"oauth2.device.authorization.grant.enabled": "false",
|
||
|
"backchannel.logout.revoke.offline.tokens": "false",
|
||
|
"use.refresh.tokens": "true",
|
||
|
"tls-client-certificate-bound-access-tokens": "false",
|
||
|
"oidc.ciba.grant.enabled": "false",
|
||
|
"backchannel.logout.session.required": "true",
|
||
|
"backchannel.logout.url": "https://cloud.test.pub.solar/apps/user_oidc/backchannel-logout/test.pub.solar%20ID",
|
||
|
"client_credentials.use_refresh_token": "false",
|
||
|
"require.pushed.authorization.requests": "false",
|
||
|
"acr.loa.map": "{}",
|
||
|
"display.on.consent.screen": "false",
|
||
|
"token.response.type.bearer.lower-case": "false"
|
||
|
},
|
||
|
"authenticationFlowBindingOverrides": {},
|
||
|
"fullScopeAllowed": true,
|
||
|
"nodeReRegistrationTimeout": -1,
|
||
|
"defaultClientScopes": [
|
||
|
"web-origins",
|
||
|
"acr",
|
||
|
"roles",
|
||
|
"profile",
|
||
|
"email"
|
||
|
],
|
||
|
"optionalClientScopes": [
|
||
|
"address",
|
||
|
"phone",
|
||
|
"offline_access",
|
||
|
"microprofile-jwt"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"id": "49bc30c2-6e4c-4c57-a1ea-91073ee099e3",
|
||
|
"clientId": "openbikesensor-portal",
|
||
|
"name": "",
|
||
|
"description": "",
|
||
|
"rootUrl": "https://obs-portal.test.pub.solar",
|
||
|
"adminUrl": "",
|
||
|
"baseUrl": "https://obs-portal.test.pub.solar",
|
||
|
"surrogateAuthRequired": false,
|
||
|
"enabled": true,
|
||
|
"alwaysDisplayInConsole": false,
|
||
|
"clientAuthenticatorType": "client-secret",
|
||
|
"secret": "secret",
|
||
|
"redirectUris": [
|
||
|
"https://obs-portal.test.pub.solar/*"
|
||
|
],
|
||
|
"webOrigins": [
|
||
|
"+"
|
||
|
],
|
||
|
"notBefore": 0,
|
||
|
"bearerOnly": false,
|
||
|
"consentRequired": false,
|
||
|
"standardFlowEnabled": true,
|
||
|
"implicitFlowEnabled": false,
|
||
|
"directAccessGrantsEnabled": true,
|
||
|
"serviceAccountsEnabled": false,
|
||
|
"publicClient": false,
|
||
|
"frontchannelLogout": true,
|
||
|
"protocol": "openid-connect",
|
||
|
"attributes": {
|
||
|
"client.secret.creation.time": 1724701666039,
|
||
|
"post.logout.redirect.uris": "+",
|
||
|
"oauth2.device.authorization.grant.enabled": "false",
|
||
|
"backchannel.logout.revoke.offline.tokens": "false",
|
||
|
"use.refresh.tokens": "true",
|
||
|
"tls-client-certificate-bound-access-tokens": "false",
|
||
|
"oidc.ciba.grant.enabled": "false",
|
||
|
"backchannel.logout.session.required": "true",
|
||
|
"client_credentials.use_refresh_token": "false",
|
||
|
"acr.loa.map": "{}",
|
||
|
"require.pushed.authorization.requests": "false",
|
||
|
"display.on.consent.screen": "false",
|
||
|
"token.response.type.bearer.lower-case": "false"
|
||
|
},
|
||
|
"authenticationFlowBindingOverrides": {},
|
||
|
"fullScopeAllowed": true,
|
||
|
"nodeReRegistrationTimeout": -1,
|
||
|
"defaultClientScopes": [
|
||
|
"web-origins",
|
||
|
"acr",
|
||
|
"roles",
|
||
|
"profile",
|
||
|
"email"
|
||
|
],
|
||
|
"optionalClientScopes": [
|
||
|
"address",
|
||
|
"phone",
|
||
|
"offline_access",
|
||
|
"microprofile-jwt"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"id": "9c267669-4de5-4203-a1c2-5b2de0003635",
|
||
|
"clientId": "realm-management",
|
||
|
"name": "${client_realm-management}",
|
||
|
"surrogateAuthRequired": false,
|
||
|
"enabled": true,
|
||
|
"alwaysDisplayInConsole": false,
|
||
|
"clientAuthenticatorType": "client-secret",
|
||
|
"redirectUris": [],
|
||
|
"webOrigins": [],
|
||
|
"notBefore": 0,
|
||
|
"bearerOnly": true,
|
||
|
"consentRequired": false,
|
||
|
"standardFlowEnabled": true,
|
||
|
"implicitFlowEnabled": false,
|
||
|
"directAccessGrantsEnabled": false,
|
||
|
"serviceAccountsEnabled": false,
|
||
|
"publicClient": false,
|
||
|
"frontchannelLogout": false,
|
||
|
"protocol": "openid-connect",
|
||
|
"attributes": {},
|
||
|
"authenticationFlowBindingOverrides": {},
|
||
|
"fullScopeAllowed": false,
|
||
|
"nodeReRegistrationTimeout": 0,
|
||
|
"defaultClientScopes": [
|
||
|
"web-origins",
|
||
|
"acr",
|
||
|
"roles",
|
||
|
"profile",
|
||
|
"email"
|
||
|
],
|
||
|
"optionalClientScopes": [
|
||
|
"address",
|
||
|
"phone",
|
||
|
"offline_access",
|
||
|
"microprofile-jwt"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"id": "50e53a35-6c81-4c2d-8207-54f4a3ac4c78",
|
||
|
"clientId": "security-admin-console",
|
||
|
"name": "${client_security-admin-console}",
|
||
|
"rootUrl": "${authAdminUrl}",
|
||
|
"baseUrl": "/admin/test.pub.solar/console/",
|
||
|
"surrogateAuthRequired": false,
|
||
|
"enabled": true,
|
||
|
"alwaysDisplayInConsole": false,
|
||
|
"clientAuthenticatorType": "client-secret",
|
||
|
"redirectUris": [
|
||
|
"/admin/test.pub.solar/console/*"
|
||
|
],
|
||
|
"webOrigins": [
|
||
|
"+"
|
||
|
],
|
||
|
"notBefore": 0,
|
||
|
"bearerOnly": false,
|
||
|
"consentRequired": false,
|
||
|
"standardFlowEnabled": true,
|
||
|
"implicitFlowEnabled": false,
|
||
|
"directAccessGrantsEnabled": false,
|
||
|
"serviceAccountsEnabled": false,
|
||
|
"publicClient": true,
|
||
|
"frontchannelLogout": false,
|
||
|
"protocol": "openid-connect",
|
||
|
"attributes": {
|
||
|
"post.logout.redirect.uris": "+",
|
||
|
"pkce.code.challenge.method": "S256"
|
||
|
},
|
||
|
"authenticationFlowBindingOverrides": {},
|
||
|
"fullScopeAllowed": false,
|
||
|
"nodeReRegistrationTimeout": 0,
|
||
|
"protocolMappers": [
|
||
|
{
|
||
|
"id": "9bdb45b8-f97c-442d-8ee3-769229817926",
|
||
|
"name": "locale",
|
||
|
"protocol": "openid-connect",
|
||
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
||
|
"consentRequired": false,
|
||
|
"config": {
|
||
|
"user.attribute": "locale",
|
||
|
"id.token.claim": "true",
|
||
|
"access.token.claim": "true",
|
||
|
"claim.name": "locale",
|
||
|
"jsonType.label": "String",
|
||
|
"userinfo.token.claim": "true"
|
||
|
}
|
||
|
}
|
||
|
],
|
||
|
"defaultClientScopes": [
|
||
|
"web-origins",
|
||
|
"acr",
|
||
|
"roles",
|
||
|
"profile",
|
||
|
"email"
|
||
|
],
|
||
|
"optionalClientScopes": [
|
||
|
"address",
|
||
|
"phone",
|
||
|
"offline_access",
|
||
|
"microprofile-jwt"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"id": "92afe526-965a-45f3-9222-e410ec4b8be4",
|
||
|
"clientId": "tailscale",
|
||
|
"name": "",
|
||
|
"description": "",
|
||
|
"rootUrl": "",
|
||
|
"adminUrl": "",
|
||
|
"baseUrl": "",
|
||
|
"surrogateAuthRequired": false,
|
||
|
"enabled": true,
|
||
|
"alwaysDisplayInConsole": false,
|
||
|
"clientAuthenticatorType": "client-secret",
|
||
|
"secret": "secret",
|
||
|
"redirectUris": [
|
||
|
"https://login.tailscale.com/a/oauth_response"
|
||
|
],
|
||
|
"webOrigins": [],
|
||
|
"notBefore": 0,
|
||
|
"bearerOnly": false,
|
||
|
"consentRequired": false,
|
||
|
"standardFlowEnabled": true,
|
||
|
"implicitFlowEnabled": false,
|
||
|
"directAccessGrantsEnabled": true,
|
||
|
"serviceAccountsEnabled": false,
|
||
|
"publicClient": false,
|
||
|
"frontchannelLogout": true,
|
||
|
"protocol": "openid-connect",
|
||
|
"attributes": {
|
||
|
"oidc.ciba.grant.enabled": "false",
|
||
|
"display.on.consent.screen": "false",
|
||
|
"oauth2.device.authorization.grant.enabled": "false",
|
||
|
"client.secret.creation.time": 1724701666039,
|
||
|
"backchannel.logout.session.required": "true",
|
||
|
"backchannel.logout.revoke.offline.tokens": "false"
|
||
|
},
|
||
|
"authenticationFlowBindingOverrides": {},
|
||
|
"fullScopeAllowed": true,
|
||
|
"nodeReRegistrationTimeout": -1,
|
||
|
"defaultClientScopes": [
|
||
|
"web-origins",
|
||
|
"acr",
|
||
|
"roles",
|
||
|
"profile",
|
||
|
"email"
|
||
|
],
|
||
|
"optionalClientScopes": [
|
||
|
"address",
|
||
|
"phone",
|
||
|
"offline_access",
|
||
|
"microprofile-jwt"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"id": "2d56c796-877e-46d8-8b3a-c3040cdbe615",
|
||
|
"clientId": "tt-rss",
|
||
|
"name": "tt-rss",
|
||
|
"description": "",
|
||
|
"rootUrl": "https://rss.test.pub.solar",
|
||
|
"adminUrl": "https://rss.test.pub.solar",
|
||
|
"baseUrl": "https://rss.test.pub.solar",
|
||
|
"surrogateAuthRequired": false,
|
||
|
"enabled": true,
|
||
|
"alwaysDisplayInConsole": false,
|
||
|
"clientAuthenticatorType": "client-secret",
|
||
|
"secret": "secret",
|
||
|
"redirectUris": [
|
||
|
"https://rss.test.pub.solar"
|
||
|
],
|
||
|
"webOrigins": [
|
||
|
"https://rss.test.pub.solar"
|
||
|
],
|
||
|
"notBefore": 0,
|
||
|
"bearerOnly": false,
|
||
|
"consentRequired": false,
|
||
|
"standardFlowEnabled": true,
|
||
|
"implicitFlowEnabled": false,
|
||
|
"directAccessGrantsEnabled": true,
|
||
|
"serviceAccountsEnabled": false,
|
||
|
"publicClient": false,
|
||
|
"frontchannelLogout": true,
|
||
|
"protocol": "openid-connect",
|
||
|
"attributes": {
|
||
|
"oidc.ciba.grant.enabled": "false",
|
||
|
"display.on.consent.screen": "false",
|
||
|
"oauth2.device.authorization.grant.enabled": "false",
|
||
|
"client.secret.creation.time": 1724701666039,
|
||
|
"backchannel.logout.session.required": "true",
|
||
|
"backchannel.logout.revoke.offline.tokens": "false"
|
||
|
},
|
||
|
"authenticationFlowBindingOverrides": {},
|
||
|
"fullScopeAllowed": true,
|
||
|
"nodeReRegistrationTimeout": -1,
|
||
|
"defaultClientScopes": [
|
||
|
"web-origins",
|
||
|
"acr",
|
||
|
"roles",
|
||
|
"profile",
|
||
|
"email"
|
||
|
],
|
||
|
"optionalClientScopes": [
|
||
|
"address",
|
||
|
"phone",
|
||
|
"offline_access",
|
||
|
"microprofile-jwt"
|
||
|
]
|
||
|
}
|
||
|
],
|
||
|
"clientScopes": [
|
||
|
{
|
||
|
"id": "7a97955f-1df4-4521-a57d-b19a038b5008",
|
||
|
"name": "microprofile-jwt",
|
||
|
"description": "Microprofile - JWT built-in scope",
|
||
|
"protocol": "openid-connect",
|
||
|
"attributes": {
|
||
|
"include.in.token.scope": "true",
|
||
|
"display.on.consent.screen": "false"
|
||
|
},
|
||
|
"protocolMappers": [
|
||
|
{
|
||
|
"id": "b222f3ee-2b6e-4bd4-8250-c1690b457262",
|
||
|
"name": "groups",
|
||
|
"protocol": "openid-connect",
|
||
|
"protocolMapper": "oidc-usermodel-realm-role-mapper",
|
||
|
"consentRequired": false,
|
||
|
"config": {
|
||
|
"user.attribute": "foo",
|
||
|
"id.token.claim": "true",
|
||
|
"access.token.claim": "true",
|
||
|
"claim.name": "groups",
|
||
|
"jsonType.label": "String",
|
||
|
"multivalued": "true"
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"id": "931ce4b0-3f94-409d-b28d-ce75a1d46676",
|
||
|
"name": "upn",
|
||
|
"protocol": "openid-connect",
|
||
|
"protocolMapper": "oidc-usermodel-property-mapper",
|
||
|
"consentRequired": false,
|
||
|
"config": {
|
||
|
"user.attribute": "username",
|
||
|
"id.token.claim": "true",
|
||
|
"access.token.claim": "true",
|
||
|
"claim.name": "upn",
|
||
|
"jsonType.label": "String",
|
||
|
"userinfo.token.claim": "true"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"id": "6d0fe6eb-b776-4c3e-9468-763abec48df2",
|
||
|
"name": "acr",
|
||
|
"description": "OpenID Connect scope for add acr (authentication context class reference) to the token",
|
||
|
"protocol": "openid-connect",
|
||
|
"attributes": {
|
||
|
"include.in.token.scope": "false",
|
||
|
"display.on.consent.screen": "false"
|
||
|
},
|
||
|
"protocolMappers": [
|
||
|
{
|
||
|
"id": "b7d3f70f-b57f-44fe-9454-8f02aa7f8fe5",
|
||
|
"name": "acr loa level",
|
||
|
"protocol": "openid-connect",
|
||
|
"protocolMapper": "oidc-acr-mapper",
|
||
|
"consentRequired": false,
|
||
|
"config": {
|
||
|
"id.token.claim": "true",
|
||
|
"access.token.claim": "true"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"id": "57645a5b-ce73-4e39-9c0b-76b92dca0ced",
|
||
|
"name": "roles",
|
||
|
"description": "OpenID Connect scope for add user roles to the access token",
|
||
|
"protocol": "openid-connect",
|
||
|
"attributes": {
|
||
|
"include.in.token.scope": "false",
|
||
|
"consent.screen.text": "${rolesScopeConsentText}",
|
||
|
"display.on.consent.screen": "true"
|
||
|
},
|
||
|
"protocolMappers": [
|
||
|
{
|
||
|
"id": "92a37264-4062-4cae-a935-d8dc2bef141d",
|
||
|
"name": "roles",
|
||
|
"protocol": "openid-connect",
|
||
|
"protocolMapper": "oidc-usermodel-realm-role-mapper",
|
||
|
"consentRequired": false,
|
||
|
"config": {
|
||
|
"id.token.claim": "true",
|
||
|
"access.token.claim": "true",
|
||
|
"claim.name": "roles",
|
||
|
"jsonType.label": "String",
|
||
|
"multivalued": "true",
|
||
|
"userinfo.token.claim": "true"
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"id": "2bf1a28e-db9f-4aac-b9aa-3fe13bb135fb",
|
||
|
"name": "client roles",
|
||
|
"protocol": "openid-connect",
|
||
|
"protocolMapper": "oidc-usermodel-client-role-mapper",
|
||
|
"consentRequired": false,
|
||
|
"config": {
|
||
|
"user.attribute": "foo",
|
||
|
"access.token.claim": "true",
|
||
|
"claim.name": "resource_access.${client_id}.roles",
|
||
|
"jsonType.label": "String",
|
||
|
"multivalued": "true"
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"id": "d390481c-37a5-492f-bb9e-670fdc9b2a09",
|
||
|
"name": "audience resolve",
|
||
|
"protocol": "openid-connect",
|
||
|
"protocolMapper": "oidc-audience-resolve-mapper",
|
||
|
"consentRequired": false,
|
||
|
"config": {}
|
||
|
},
|
||
|
{
|
||
|
"id": "71823193-58b0-474c-bdca-c369035fa572",
|
||
|
"name": "realm roles",
|
||
|
"protocol": "openid-connect",
|
||
|
"protocolMapper": "oidc-usermodel-realm-role-mapper",
|
||
|
"consentRequired": false,
|
||
|
"config": {
|
||
|
"user.attribute": "foo",
|
||
|
"access.token.claim": "true",
|
||
|
"claim.name": "realm_access.roles",
|
||
|
"jsonType.label": "String",
|
||
|
"multivalued": "true"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"id": "1768debd-6e76-488a-a46d-4f5eda32a10e",
|
||
|
"name": "web-origins",
|
||
|
"description": "OpenID Connect scope for add allowed web origins to the access token",
|
||
|
"protocol": "openid-connect",
|
||
|
"attributes": {
|
||
|
"include.in.token.scope": "false",
|
||
|
"consent.screen.text": "",
|
||
|
"display.on.consent.screen": "false"
|
||
|
},
|
||
|
"protocolMappers": [
|
||
|
{
|
||
|
"id": "91eaf891-9a35-4e8f-a17a-8827498729d8",
|
||
|
"name": "allowed web origins",
|
||
|
"protocol": "openid-connect",
|
||
|
"protocolMapper": "oidc-allowed-origins-mapper",
|
||
|
"consentRequired": false,
|
||
|
"config": {}
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"id": "9ad3b314-4926-4fb9-9dad-bc2912739ece",
|
||
|
"name": "profile",
|
||
|
"description": "OpenID Connect built-in scope: profile",
|
||
|
"protocol": "openid-connect",
|
||
|
"attributes": {
|
||
|
"include.in.token.scope": "true",
|
||
|
"consent.screen.text": "${profileScopeConsentText}",
|
||
|
"display.on.consent.screen": "true"
|
||
|
},
|
||
|
"protocolMappers": [
|
||
|
{
|
||
|
"id": "9b4a04cc-34e3-4f6c-89c2-eb0c46a84c53",
|
||
|
"name": "given name",
|
||
|
"protocol": "openid-connect",
|
||
|
"protocolMapper": "oidc-usermodel-property-mapper",
|
||
|
"consentRequired": false,
|
||
|
"config": {
|
||
|
"user.attribute": "firstName",
|
||
|
"id.token.claim": "true",
|
||
|
"access.token.claim": "true",
|
||
|
"claim.name": "given_name",
|
||
|
"jsonType.label": "String",
|
||
|
"userinfo.token.claim": "true"
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"id": "327f25d5-98d6-4355-b1bf-6d51f0add59e",
|
||
|
"name": "username",
|
||
|
"protocol": "openid-connect",
|
||
|
"protocolMapper": "oidc-usermodel-property-mapper",
|
||
|
"consentRequired": false,
|
||
|
"config": {
|
||
|
"user.attribute": "username",
|
||
|
"id.token.claim": "true",
|
||
|
"access.token.claim": "true",
|
||
|
"claim.name": "preferred_username",
|
||
|
"jsonType.label": "String",
|
||
|
"userinfo.token.claim": "true"
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"id": "a0d8ba01-3158-4200-a0ed-b472971e1e10",
|
||
|
"name": "website",
|
||
|
"protocol": "openid-connect",
|
||
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
||
|
"consentRequired": false,
|
||
|
"config": {
|
||
|
"user.attribute": "website",
|
||
|
"id.token.claim": "true",
|
||
|
"access.token.claim": "true",
|
||
|
"claim.name": "website",
|
||
|
"jsonType.label": "String",
|
||
|
"userinfo.token.claim": "true"
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"id": "f2257f8c-700d-425f-8cf2-e1d6795f2b01",
|
||
|
"name": "nickname",
|
||
|
"protocol": "openid-connect",
|
||
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
||
|
"consentRequired": false,
|
||
|
"config": {
|
||
|
"user.attribute": "nickname",
|
||
|
"id.token.claim": "true",
|
||
|
"access.token.claim": "true",
|
||
|
"claim.name": "nickname",
|
||
|
"jsonType.label": "String",
|
||
|
"userinfo.token.claim": "true"
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"id": "0143f9a9-384c-4124-9e64-4cafb53eaf4f",
|
||
|
"name": "gender",
|
||
|
"protocol": "openid-connect",
|
||
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
||
|
"consentRequired": false,
|
||
|
"config": {
|
||
|
"user.attribute": "gender",
|
||
|
"id.token.claim": "true",
|
||
|
"access.token.claim": "true",
|
||
|
"claim.name": "gender",
|
||
|
"jsonType.label": "String",
|
||
|
"userinfo.token.claim": "true"
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"id": "fc84b9a0-2505-4295-829b-5c0fd70378b2",
|
||
|
"name": "middle name",
|
||
|
"protocol": "openid-connect",
|
||
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
||
|
"consentRequired": false,
|
||
|
"config": {
|
||
|
"user.attribute": "middleName",
|
||
|
"id.token.claim": "true",
|
||
|
"access.token.claim": "true",
|
||
|
"claim.name": "middle_name",
|
||
|
"jsonType.label": "String",
|
||
|
"userinfo.token.claim": "true"
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"id": "3a1a616f-9388-42b3-b8a1-ee08f158ec99",
|
||
|
"name": "full name",
|
||
|
"protocol": "openid-connect",
|
||
|
"protocolMapper": "oidc-full-name-mapper",
|
||
|
"consentRequired": false,
|
||
|
"config": {
|
||
|
"id.token.claim": "true",
|
||
|
"access.token.claim": "true",
|
||
|
"userinfo.token.claim": "true"
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"id": "927ff720-aa71-4c04-9d28-e32cd2937fd3",
|
||
|
"name": "profile",
|
||
|
"protocol": "openid-connect",
|
||
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
||
|
"consentRequired": false,
|
||
|
"config": {
|
||
|
"user.attribute": "profile",
|
||
|
"id.token.claim": "true",
|
||
|
"access.token.claim": "true",
|
||
|
"claim.name": "profile",
|
||
|
"jsonType.label": "String",
|
||
|
"userinfo.token.claim": "true"
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"id": "01d095b6-e644-4c2f-9fcd-2b18c67a46c5",
|
||
|
"name": "picture",
|
||
|
"protocol": "openid-connect",
|
||
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
||
|
"consentRequired": false,
|
||
|
"config": {
|
||
|
"user.attribute": "picture",
|
||
|
"id.token.claim": "true",
|
||
|
"access.token.claim": "true",
|
||
|
"claim.name": "picture",
|
||
|
"jsonType.label": "String",
|
||
|
"userinfo.token.claim": "true"
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"id": "230373d9-d8bb-4f5c-b6a9-aaedcc2a5618",
|
||
|
"name": "zoneinfo",
|
||
|
"protocol": "openid-connect",
|
||
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
||
|
"consentRequired": false,
|
||
|
"config": {
|
||
|
"user.attribute": "zoneinfo",
|
||
|
"id.token.claim": "true",
|
||
|
"access.token.claim": "true",
|
||
|
"claim.name": "zoneinfo",
|
||
|
"jsonType.label": "String",
|
||
|
"userinfo.token.claim": "true"
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"id": "6db5cf0c-ecc8-45c7-bc40-425a0ef3a5f6",
|
||
|
"name": "locale",
|
||
|
"protocol": "openid-connect",
|
||
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
||
|
"consentRequired": false,
|
||
|
"config": {
|
||
|
"user.attribute": "locale",
|
||
|
"id.token.claim": "true",
|
||
|
"access.token.claim": "true",
|
||
|
"claim.name": "locale",
|
||
|
"jsonType.label": "String",
|
||
|
"userinfo.token.claim": "true"
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"id": "c7cc861c-9dd8-496f-802f-bd6017e7bcbf",
|
||
|
"name": "birthdate",
|
||
|
"protocol": "openid-connect",
|
||
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
||
|
"consentRequired": false,
|
||
|
"config": {
|
||
|
"user.attribute": "birthdate",
|
||
|
"id.token.claim": "true",
|
||
|
"access.token.claim": "true",
|
||
|
"claim.name": "birthdate",
|
||
|
"jsonType.label": "String",
|
||
|
"userinfo.token.claim": "true"
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"id": "a64dbb41-3312-4426-b60c-31707a4f7811",
|
||
|
"name": "family name",
|
||
|
"protocol": "openid-connect",
|
||
|
"protocolMapper": "oidc-usermodel-property-mapper",
|
||
|
"consentRequired": false,
|
||
|
"config": {
|
||
|
"user.attribute": "lastName",
|
||
|
"id.token.claim": "true",
|
||
|
"access.token.claim": "true",
|
||
|
"claim.name": "family_name",
|
||
|
"jsonType.label": "String",
|
||
|
"userinfo.token.claim": "true"
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"id": "3636403b-8b38-451d-8400-70d2d75ea2a7",
|
||
|
"name": "updated at",
|
||
|
"protocol": "openid-connect",
|
||
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
||
|
"consentRequired": false,
|
||
|
"config": {
|
||
|
"user.attribute": "updatedAt",
|
||
|
"id.token.claim": "true",
|
||
|
"access.token.claim": "true",
|
||
|
"claim.name": "updated_at",
|
||
|
"jsonType.label": "long",
|
||
|
"userinfo.token.claim": "true"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"id": "8f7ce907-4a00-475f-8d4f-5d83448256d6",
|
||
|
"name": "offline_access",
|
||
|
"description": "OpenID Connect built-in scope: offline_access",
|
||
|
"protocol": "openid-connect",
|
||
|
"attributes": {
|
||
|
"consent.screen.text": "${offlineAccessScopeConsentText}",
|
||
|
"display.on.consent.screen": "true"
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"id": "fe3ed7de-cf40-4c3c-921f-c0af091d8a3c",
|
||
|
"name": "role_list",
|
||
|
"description": "SAML role list",
|
||
|
"protocol": "saml",
|
||
|
"attributes": {
|
||
|
"consent.screen.text": "${samlRoleListScopeConsentText}",
|
||
|
"display.on.consent.screen": "true"
|
||
|
},
|
||
|
"protocolMappers": [
|
||
|
{
|
||
|
"id": "f5741693-65be-49bc-bf4f-c717ad1c159d",
|
||
|
"name": "role list",
|
||
|
"protocol": "saml",
|
||
|
"protocolMapper": "saml-role-list-mapper",
|
||
|
"consentRequired": false,
|
||
|
"config": {
|
||
|
"single": "true",
|
||
|
"attribute.nameformat": "Basic",
|
||
|
"attribute.name": "Role"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"id": "3dacdfcf-e86d-44fb-be12-e9d05c858121",
|
||
|
"name": "email",
|
||
|
"description": "OpenID Connect built-in scope: email",
|
||
|
"protocol": "openid-connect",
|
||
|
"attributes": {
|
||
|
"include.in.token.scope": "true",
|
||
|
"consent.screen.text": "${emailScopeConsentText}",
|
||
|
"display.on.consent.screen": "true"
|
||
|
},
|
||
|
"protocolMappers": [
|
||
|
{
|
||
|
"id": "3ba989a9-9659-4e1e-ab3e-2cd6357abca5",
|
||
|
"name": "email verified",
|
||
|
"protocol": "openid-connect",
|
||
|
"protocolMapper": "oidc-usermodel-property-mapper",
|
||
|
"consentRequired": false,
|
||
|
"config": {
|
||
|
"user.attribute": "emailVerified",
|
||
|
"id.token.claim": "true",
|
||
|
"access.token.claim": "true",
|
||
|
"claim.name": "email_verified",
|
||
|
"jsonType.label": "boolean",
|
||
|
"userinfo.token.claim": "true"
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"id": "9c727f43-b33d-413a-830f-3640a58e3af7",
|
||
|
"name": "email",
|
||
|
"protocol": "openid-connect",
|
||
|
"protocolMapper": "oidc-usermodel-property-mapper",
|
||
|
"consentRequired": false,
|
||
|
"config": {
|
||
|
"user.attribute": "email",
|
||
|
"id.token.claim": "true",
|
||
|
"access.token.claim": "true",
|
||
|
"claim.name": "email",
|
||
|
"jsonType.label": "String",
|
||
|
"userinfo.token.claim": "true"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"id": "e1a49b03-0235-47bf-8c6d-6f4134f2a627",
|
||
|
"name": "phone",
|
||
|
"description": "OpenID Connect built-in scope: phone",
|
||
|
"protocol": "openid-connect",
|
||
|
"attributes": {
|
||
|
"include.in.token.scope": "true",
|
||
|
"consent.screen.text": "${phoneScopeConsentText}",
|
||
|
"display.on.consent.screen": "true"
|
||
|
},
|
||
|
"protocolMappers": [
|
||
|
{
|
||
|
"id": "c2efaab6-8177-4f16-a27a-3ab93229b60a",
|
||
|
"name": "phone number verified",
|
||
|
"protocol": "openid-connect",
|
||
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
||
|
"consentRequired": false,
|
||
|
"config": {
|
||
|
"user.attribute": "phoneNumberVerified",
|
||
|
"id.token.claim": "true",
|
||
|
"access.token.claim": "true",
|
||
|
"claim.name": "phone_number_verified",
|
||
|
"jsonType.label": "boolean",
|
||
|
"userinfo.token.claim": "true"
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"id": "92179260-b057-4bcc-a903-05f937a3254d",
|
||
|
"name": "phone number",
|
||
|
"protocol": "openid-connect",
|
||
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
||
|
"consentRequired": false,
|
||
|
"config": {
|
||
|
"user.attribute": "phoneNumber",
|
||
|
"id.token.claim": "true",
|
||
|
"access.token.claim": "true",
|
||
|
"claim.name": "phone_number",
|
||
|
"jsonType.label": "String",
|
||
|
"userinfo.token.claim": "true"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"id": "6721b07c-704b-4ccc-a6b2-995df73c568f",
|
||
|
"name": "address",
|
||
|
"description": "OpenID Connect built-in scope: address",
|
||
|
"protocol": "openid-connect",
|
||
|
"attributes": {
|
||
|
"include.in.token.scope": "true",
|
||
|
"consent.screen.text": "${addressScopeConsentText}",
|
||
|
"display.on.consent.screen": "true"
|
||
|
},
|
||
|
"protocolMappers": [
|
||
|
{
|
||
|
"id": "1b28c15b-e6de-4a1d-83a0-58a519033338",
|
||
|
"name": "address",
|
||
|
"protocol": "openid-connect",
|
||
|
"protocolMapper": "oidc-address-mapper",
|
||
|
"consentRequired": false,
|
||
|
"config": {
|
||
|
"user.attribute.formatted": "formatted",
|
||
|
"user.attribute.country": "country",
|
||
|
"user.attribute.postal_code": "postal_code",
|
||
|
"userinfo.token.claim": "true",
|
||
|
"user.attribute.street": "street",
|
||
|
"id.token.claim": "true",
|
||
|
"user.attribute.region": "region",
|
||
|
"access.token.claim": "true",
|
||
|
"user.attribute.locality": "locality"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
],
|
||
|
"defaultDefaultClientScopes": [
|
||
|
"role_list",
|
||
|
"profile",
|
||
|
"email",
|
||
|
"roles",
|
||
|
"web-origins",
|
||
|
"acr"
|
||
|
],
|
||
|
"defaultOptionalClientScopes": [
|
||
|
"offline_access",
|
||
|
"address",
|
||
|
"phone",
|
||
|
"microprofile-jwt"
|
||
|
],
|
||
|
"browserSecurityHeaders": {
|
||
|
"contentSecurityPolicyReportOnly": "",
|
||
|
"xContentTypeOptions": "nosniff",
|
||
|
"xRobotsTag": "none",
|
||
|
"xFrameOptions": "SAMEORIGIN",
|
||
|
"contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
|
||
|
"xXSSProtection": "1; mode=block",
|
||
|
"strictTransportSecurity": "max-age=31536000; includeSubDomains"
|
||
|
},
|
||
|
"smtpServer": {
|
||
|
"password": "**********",
|
||
|
"replyToDisplayName": "test.pub.solar Support",
|
||
|
"starttls": "false",
|
||
|
"auth": "true",
|
||
|
"port": "465",
|
||
|
"replyTo": "admins@test.pub.solar",
|
||
|
"host": "mail.test.pub.solar",
|
||
|
"from": "keycloak@test.pub.solar",
|
||
|
"fromDisplayName": "test.pub.solar ID",
|
||
|
"envelopeFrom": "",
|
||
|
"ssl": "true",
|
||
|
"user": "admins@test.pub.solar"
|
||
|
},
|
||
|
"loginTheme": "test.pub.solar",
|
||
|
"accountTheme": "test.pub.solar",
|
||
|
"adminTheme": "test.pub.solar",
|
||
|
"emailTheme": "test.pub.solar",
|
||
|
"eventsEnabled": false,
|
||
|
"eventsListeners": [
|
||
|
"jboss-logging"
|
||
|
],
|
||
|
"enabledEventTypes": [],
|
||
|
"adminEventsEnabled": true,
|
||
|
"adminEventsDetailsEnabled": false,
|
||
|
"identityProviders": [],
|
||
|
"identityProviderMappers": [],
|
||
|
"components": {
|
||
|
"org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [
|
||
|
{
|
||
|
"id": "89713f44-8fd5-473f-abe9-f4d27fcbbb11",
|
||
|
"name": "Trusted Hosts",
|
||
|
"providerId": "trusted-hosts",
|
||
|
"subType": "anonymous",
|
||
|
"subComponents": {},
|
||
|
"config": {
|
||
|
"host-sending-registration-request-must-match": [
|
||
|
"true"
|
||
|
],
|
||
|
"client-uris-must-match": [
|
||
|
"true"
|
||
|
]
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"id": "109840f6-fe6d-413f-a92f-984ec519bace",
|
||
|
"name": "Max Clients Limit",
|
||
|
"providerId": "max-clients",
|
||
|
"subType": "anonymous",
|
||
|
"subComponents": {},
|
||
|
"config": {
|
||
|
"max-clients": [
|
||
|
"200"
|
||
|
]
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"id": "12cd90ef-89e3-411e-8dc9-30b4b360526c",
|
||
|
"name": "Allowed Client Scopes",
|
||
|
"providerId": "allowed-client-templates",
|
||
|
"subType": "anonymous",
|
||
|
"subComponents": {},
|
||
|
"config": {
|
||
|
"allow-default-scopes": [
|
||
|
"true"
|
||
|
]
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"id": "93f5007f-4271-4ab5-b055-61bd70789eea",
|
||
|
"name": "Allowed Protocol Mapper Types",
|
||
|
"providerId": "allowed-protocol-mappers",
|
||
|
"subType": "authenticated",
|
||
|
"subComponents": {},
|
||
|
"config": {
|
||
|
"allowed-protocol-mapper-types": [
|
||
|
"oidc-usermodel-property-mapper",
|
||
|
"oidc-address-mapper",
|
||
|
"saml-role-list-mapper",
|
||
|
"oidc-sha256-pairwise-sub-mapper",
|
||
|
"saml-user-attribute-mapper",
|
||
|
"saml-user-property-mapper",
|
||
|
"oidc-usermodel-attribute-mapper",
|
||
|
"oidc-full-name-mapper"
|
||
|
]
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"id": "551237c4-bd4a-4e65-ad2b-67adab62f368",
|
||
|
"name": "Full Scope Disabled",
|
||
|
"providerId": "scope",
|
||
|
"subType": "anonymous",
|
||
|
"subComponents": {},
|
||
|
"config": {}
|
||
|
},
|
||
|
{
|
||
|
"id": "330eb614-8b38-4414-ad7a-0ae51083044d",
|
||
|
"name": "Allowed Client Scopes",
|
||
|
"providerId": "allowed-client-templates",
|
||
|
"subType": "authenticated",
|
||
|
"subComponents": {},
|
||
|
"config": {
|
||
|
"allow-default-scopes": [
|
||
|
"true"
|
||
|
]
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"id": "ca9bd5bb-21b2-401a-b5d0-0d5764f1b73a",
|
||
|
"name": "Allowed Protocol Mapper Types",
|
||
|
"providerId": "allowed-protocol-mappers",
|
||
|
"subType": "anonymous",
|
||
|
"subComponents": {},
|
||
|
"config": {
|
||
|
"allowed-protocol-mapper-types": [
|
||
|
"oidc-usermodel-property-mapper",
|
||
|
"saml-user-attribute-mapper",
|
||
|
"oidc-full-name-mapper",
|
||
|
"saml-user-property-mapper",
|
||
|
"oidc-usermodel-attribute-mapper",
|
||
|
"saml-role-list-mapper",
|
||
|
"oidc-address-mapper",
|
||
|
"oidc-sha256-pairwise-sub-mapper"
|
||
|
]
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"id": "49561521-b026-4fca-954b-49b7c527dc3a",
|
||
|
"name": "Consent Required",
|
||
|
"providerId": "consent-required",
|
||
|
"subType": "anonymous",
|
||
|
"subComponents": {},
|
||
|
"config": {}
|
||
|
}
|
||
|
],
|
||
|
"org.keycloak.userprofile.UserProfileProvider": [
|
||
|
{
|
||
|
"id": "48ba8848-a3a6-4444-918f-9663abe09391",
|
||
|
"providerId": "declarative-user-profile",
|
||
|
"subComponents": {},
|
||
|
"config": {
|
||
|
"kc.user.profile.config": [
|
||
|
"{\"attributes\":[{\"name\":\"username\",\"displayName\":\"${username}\",\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"validations\":{\"length\":{\"min\":3,\"max\":255},\"username-prohibited-characters\":{},\"up-username-not-idn-homograph\":{}}},{\"name\":\"email\",\"displayName\":\"${email}\",\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"validations\":{\"email\":{},\"length\":{\"max\":255}}},{\"name\":\"firstName\",\"displayName\":\"${firstName}\",\"permissions\":{\"edit\":[\"admin\",\"user\"],\"view\":[\"admin\",\"user\"]},\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"annotations\":{},\"group\":null},{\"name\":\"lastName\",\"displayName\":\"${lastName}\",\"permissions\":{\"edit\":[\"admin\",\"user\"],\"view\":[\"admin\",\"user\"]},\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"selector\":{\"scopes\":[\"microprofile-jwt\",\"acr\",\"roles\",\"web-origins\",\"profile\",\"offline_access\",\"role_list\",\"email\",\"phone\",\"address\"]},\"annotations\":{},\"group\":null}]}"
|
||
|
]
|
||
|
}
|
||
|
}
|
||
|
],
|
||
|
"org.keycloak.keys.KeyProvider": [
|
||
|
{
|
||
|
"id": "27867206-2a90-4889-90eb-2a289a17bba9",
|
||
|
"name": "aes-generated",
|
||
|
"providerId": "aes-generated",
|
||
|
"subComponents": {},
|
||
|
"config": {
|
||
|
"priority": [
|
||
|
"100"
|
||
|
]
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"id": "37c64054-1aa5-4ade-a132-084dfdbbf290",
|
||
|
"name": "hmac-generated",
|
||
|
"providerId": "hmac-generated",
|
||
|
"subComponents": {},
|
||
|
"config": {
|
||
|
"priority": [
|
||
|
"100"
|
||
|
],
|
||
|
"algorithm": [
|
||
|
"HS256"
|
||
|
]
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"id": "e7e81798-74aa-4232-bced-f8d94af77186",
|
||
|
"name": "rsa-generated",
|
||
|
"providerId": "rsa-generated",
|
||
|
"subComponents": {},
|
||
|
"config": {
|
||
|
"priority": [
|
||
|
"100"
|
||
|
]
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"id": "1e1ffc41-1c09-4953-bcd7-ac4b0381328a",
|
||
|
"name": "rsa-enc-generated",
|
||
|
"providerId": "rsa-enc-generated",
|
||
|
"subComponents": {},
|
||
|
"config": {
|
||
|
"priority": [
|
||
|
"100"
|
||
|
],
|
||
|
"algorithm": [
|
||
|
"RSA-OAEP"
|
||
|
]
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"id": "28bc97a0-1328-4f6a-a98b-64d7fd0de8c3",
|
||
|
"name": "fallback-HS512",
|
||
|
"providerId": "hmac-generated",
|
||
|
"subComponents": {},
|
||
|
"config": {
|
||
|
"priority": [
|
||
|
"-100"
|
||
|
],
|
||
|
"algorithm": [
|
||
|
"HS512"
|
||
|
]
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
"internationalizationEnabled": true,
|
||
|
"supportedLocales": [
|
||
|
"de",
|
||
|
"en"
|
||
|
],
|
||
|
"defaultLocale": "en",
|
||
|
"authenticationFlows": [
|
||
|
{
|
||
|
"id": "ce72bdaa-3251-44c7-809f-5e246f29fad3",
|
||
|
"alias": "2FA_new",
|
||
|
"description": "",
|
||
|
"providerId": "basic-flow",
|
||
|
"topLevel": false,
|
||
|
"builtIn": false,
|
||
|
"authenticationExecutions": [
|
||
|
{
|
||
|
"authenticator": "conditional-user-configured",
|
||
|
"authenticatorFlow": false,
|
||
|
"requirement": "REQUIRED",
|
||
|
"priority": 0,
|
||
|
"autheticatorFlow": false,
|
||
|
"userSetupAllowed": false
|
||
|
},
|
||
|
{
|
||
|
"authenticator": "webauthn-authenticator",
|
||
|
"authenticatorFlow": false,
|
||
|
"requirement": "ALTERNATIVE",
|
||
|
"priority": 1,
|
||
|
"autheticatorFlow": false,
|
||
|
"userSetupAllowed": false
|
||
|
},
|
||
|
{
|
||
|
"authenticator": "auth-otp-form",
|
||
|
"authenticatorFlow": false,
|
||
|
"requirement": "ALTERNATIVE",
|
||
|
"priority": 2,
|
||
|
"autheticatorFlow": false,
|
||
|
"userSetupAllowed": false
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"id": "3db2c722-66fd-4069-882b-5a9d78688760",
|
||
|
"alias": "Account verification options",
|
||
|
"description": "Method with which to verity the existing account",
|
||
|
"providerId": "basic-flow",
|
||
|
"topLevel": false,
|
||
|
"builtIn": true,
|
||
|
"authenticationExecutions": [
|
||
|
{
|
||
|
"authenticator": "idp-email-verification",
|
||
|
"authenticatorFlow": false,
|
||
|
"requirement": "ALTERNATIVE",
|
||
|
"priority": 10,
|
||
|
"autheticatorFlow": false,
|
||
|
"userSetupAllowed": false
|
||
|
},
|
||
|
{
|
||
|
"authenticatorFlow": true,
|
||
|
"requirement": "ALTERNATIVE",
|
||
|
"priority": 20,
|
||
|
"autheticatorFlow": true,
|
||
|
"flowAlias": "Verify Existing Account by Re-authentication",
|
||
|
"userSetupAllowed": false
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"id": "271b2e17-075d-4aad-9bab-c08e40b7d465",
|
||
|
"alias": "Authentication forms",
|
||
|
"description": "",
|
||
|
"providerId": "basic-flow",
|
||
|
"topLevel": false,
|
||
|
"builtIn": false,
|
||
|
"authenticationExecutions": [
|
||
|
{
|
||
|
"authenticator": "auth-username-form",
|
||
|
"authenticatorFlow": false,
|
||
|
"requirement": "REQUIRED",
|
||
|
"priority": 0,
|
||
|
"autheticatorFlow": false,
|
||
|
"userSetupAllowed": false
|
||
|
},
|
||
|
{
|
||
|
"authenticatorFlow": true,
|
||
|
"requirement": "REQUIRED",
|
||
|
"priority": 1,
|
||
|
"autheticatorFlow": true,
|
||
|
"flowAlias": "Passwordless_or_2FA_new",
|
||
|
"userSetupAllowed": false
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"id": "ad1c9730-eaf3-4e13-9127-02f501b35255",
|
||
|
"alias": "Browser - Conditional OTP",
|
||
|
"description": "Flow to determine if the OTP is required for the authentication",
|
||
|
"providerId": "basic-flow",
|
||
|
"topLevel": false,
|
||
|
"builtIn": true,
|
||
|
"authenticationExecutions": [
|
||
|
{
|
||
|
"authenticator": "conditional-user-configured",
|
||
|
"authenticatorFlow": false,
|
||
|
"requirement": "REQUIRED",
|
||
|
"priority": 10,
|
||
|
"autheticatorFlow": false,
|
||
|
"userSetupAllowed": false
|
||
|
},
|
||
|
{
|
||
|
"authenticator": "auth-otp-form",
|
||
|
"authenticatorFlow": false,
|
||
|
"requirement": "REQUIRED",
|
||
|
"priority": 20,
|
||
|
"autheticatorFlow": false,
|
||
|
"userSetupAllowed": false
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"id": "f4b016fc-6074-485e-a4a8-ad139d08de18",
|
||
|
"alias": "Direct Grant - Conditional OTP",
|
||
|
"description": "Flow to determine if the OTP is required for the authentication",
|
||
|
"providerId": "basic-flow",
|
||
|
"topLevel": false,
|
||
|
"builtIn": true,
|
||
|
"authenticationExecutions": [
|
||
|
{
|
||
|
"authenticator": "conditional-user-configured",
|
||
|
"authenticatorFlow": false,
|
||
|
"requirement": "REQUIRED",
|
||
|
"priority": 10,
|
||
|
"autheticatorFlow": false,
|
||
|
"userSetupAllowed": false
|
||
|
},
|
||
|
{
|
||
|
"authenticator": "direct-grant-validate-otp",
|
||
|
"authenticatorFlow": false,
|
||
|
"requirement": "REQUIRED",
|
||
|
"priority": 20,
|
||
|
"autheticatorFlow": false,
|
||
|
"userSetupAllowed": false
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"id": "222bbd1e-409d-451c-93d1-c0725ff1f6b3",
|
||
|
"alias": "First broker login - Conditional OTP",
|
||
|
"description": "Flow to determine if the OTP is required for the authentication",
|
||
|
"providerId": "basic-flow",
|
||
|
"topLevel": false,
|
||
|
"builtIn": true,
|
||
|
"authenticationExecutions": [
|
||
|
{
|
||
|
"authenticator": "conditional-user-configured",
|
||
|
"authenticatorFlow": false,
|
||
|
"requirement": "REQUIRED",
|
||
|
"priority": 10,
|
||
|
"autheticatorFlow": false,
|
||
|
"userSetupAllowed": false
|
||
|
},
|
||
|
{
|
||
|
"authenticator": "auth-otp-form",
|
||
|
"authenticatorFlow": false,
|
||
|
"requirement": "REQUIRED",
|
||
|
"priority": 20,
|
||
|
"autheticatorFlow": false,
|
||
|
"userSetupAllowed": false
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"id": "4a5cf709-4c21-451c-a891-86605e7f3ead",
|
||
|
"alias": "Handle Existing Account",
|
||
|
"description": "Handle what to do if there is existing account with same email/username like authenticated identity provider",
|
||
|
"providerId": "basic-flow",
|
||
|
"topLevel": false,
|
||
|
"builtIn": true,
|
||
|
"authenticationExecutions": [
|
||
|
{
|
||
|
"authenticator": "idp-confirm-link",
|
||
|
"authenticatorFlow": false,
|
||
|
"requirement": "REQUIRED",
|
||
|
"priority": 10,
|
||
|
"autheticatorFlow": false,
|
||
|
"userSetupAllowed": false
|
||
|
},
|
||
|
{
|
||
|
"authenticatorFlow": true,
|
||
|
"requirement": "REQUIRED",
|
||
|
"priority": 20,
|
||
|
"autheticatorFlow": true,
|
||
|
"flowAlias": "Account verification options",
|
||
|
"userSetupAllowed": false
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"id": "004c7828-a040-4bc3-b941-de7a284c94b0",
|
||
|
"alias": "Password_and_2FA_new",
|
||
|
"description": "",
|
||
|
"providerId": "basic-flow",
|
||
|
"topLevel": false,
|
||
|
"builtIn": false,
|
||
|
"authenticationExecutions": [
|
||
|
{
|
||
|
"authenticator": "auth-password-form",
|
||
|
"authenticatorFlow": false,
|
||
|
"requirement": "REQUIRED",
|
||
|
"priority": 0,
|
||
|
"autheticatorFlow": false,
|
||
|
"userSetupAllowed": false
|
||
|
},
|
||
|
{
|
||
|
"authenticatorFlow": true,
|
||
|
"requirement": "CONDITIONAL",
|
||
|
"priority": 3,
|
||
|
"autheticatorFlow": true,
|
||
|
"flowAlias": "2FA_new",
|
||
|
"userSetupAllowed": false
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"id": "dff9260d-f49e-423d-b821-a5200232e8d0",
|
||
|
"alias": "Passwordless_or_2FA_new",
|
||
|
"description": "",
|
||
|
"providerId": "basic-flow",
|
||
|
"topLevel": false,
|
||
|
"builtIn": false,
|
||
|
"authenticationExecutions": [
|
||
|
{
|
||
|
"authenticator": "webauthn-authenticator-passwordless",
|
||
|
"authenticatorFlow": false,
|
||
|
"requirement": "ALTERNATIVE",
|
||
|
"priority": 0,
|
||
|
"autheticatorFlow": false,
|
||
|
"userSetupAllowed": false
|
||
|
},
|
||
|
{
|
||
|
"authenticatorFlow": true,
|
||
|
"requirement": "ALTERNATIVE",
|
||
|
"priority": 1,
|
||
|
"autheticatorFlow": true,
|
||
|
"flowAlias": "Password_and_2FA_new",
|
||
|
"userSetupAllowed": false
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"id": "1722cdb4-38c3-417a-9380-2eda6a33f785",
|
||
|
"alias": "Reset - Conditional OTP",
|
||
|
"description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.",
|
||
|
"providerId": "basic-flow",
|
||
|
"topLevel": false,
|
||
|
"builtIn": true,
|
||
|
"authenticationExecutions": [
|
||
|
{
|
||
|
"authenticator": "conditional-user-configured",
|
||
|
"authenticatorFlow": false,
|
||
|
"requirement": "REQUIRED",
|
||
|
"priority": 10,
|
||
|
"autheticatorFlow": false,
|
||
|
"userSetupAllowed": false
|
||
|
},
|
||
|
{
|
||
|
"authenticator": "reset-otp",
|
||
|
"authenticatorFlow": false,
|
||
|
"requirement": "REQUIRED",
|
||
|
"priority": 20,
|
||
|
"autheticatorFlow": false,
|
||
|
"userSetupAllowed": false
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"id": "aa454877-1434-4c2e-8545-066b4f3b4054",
|
||
|
"alias": "User creation or linking",
|
||
|
"description": "Flow for the existing/non-existing user alternatives",
|
||
|
"providerId": "basic-flow",
|
||
|
"topLevel": false,
|
||
|
"builtIn": true,
|
||
|
"authenticationExecutions": [
|
||
|
{
|
||
|
"authenticatorConfig": "create unique user config",
|
||
|
"authenticator": "idp-create-user-if-unique",
|
||
|
"authenticatorFlow": false,
|
||
|
"requirement": "ALTERNATIVE",
|
||
|
"priority": 10,
|
||
|
"autheticatorFlow": false,
|
||
|
"userSetupAllowed": false
|
||
|
},
|
||
|
{
|
||
|
"authenticatorFlow": true,
|
||
|
"requirement": "ALTERNATIVE",
|
||
|
"priority": 20,
|
||
|
"autheticatorFlow": true,
|
||
|
"flowAlias": "Handle Existing Account",
|
||
|
"userSetupAllowed": false
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"id": "42835c0a-1717-43b8-82bf-5170b67da30f",
|
||
|
"alias": "Verify Existing Account by Re-authentication",
|
||
|
"description": "Reauthentication of existing account",
|
||
|
"providerId": "basic-flow",
|
||
|
"topLevel": false,
|
||
|
"builtIn": true,
|
||
|
"authenticationExecutions": [
|
||
|
{
|
||
|
"authenticator": "idp-username-password-form",
|
||
|
"authenticatorFlow": false,
|
||
|
"requirement": "REQUIRED",
|
||
|
"priority": 10,
|
||
|
"autheticatorFlow": false,
|
||
|
"userSetupAllowed": false
|
||
|
},
|
||
|
{
|
||
|
"authenticatorFlow": true,
|
||
|
"requirement": "CONDITIONAL",
|
||
|
"priority": 20,
|
||
|
"autheticatorFlow": true,
|
||
|
"flowAlias": "First broker login - Conditional OTP",
|
||
|
"userSetupAllowed": false
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"id": "f36074df-ca57-4156-a946-665b77ef9a98",
|
||
|
"alias": "Webauthn Browser",
|
||
|
"description": "browser based authentication with Webauthn enabled",
|
||
|
"providerId": "basic-flow",
|
||
|
"topLevel": true,
|
||
|
"builtIn": false,
|
||
|
"authenticationExecutions": [
|
||
|
{
|
||
|
"authenticator": "auth-cookie",
|
||
|
"authenticatorFlow": false,
|
||
|
"requirement": "ALTERNATIVE",
|
||
|
"priority": 10,
|
||
|
"autheticatorFlow": false,
|
||
|
"userSetupAllowed": false
|
||
|
},
|
||
|
{
|
||
|
"authenticator": "auth-spnego",
|
||
|
"authenticatorFlow": false,
|
||
|
"requirement": "DISABLED",
|
||
|
"priority": 20,
|
||
|
"autheticatorFlow": false,
|
||
|
"userSetupAllowed": false
|
||
|
},
|
||
|
{
|
||
|
"authenticatorConfig": "Identity Provider Redirector",
|
||
|
"authenticator": "identity-provider-redirector",
|
||
|
"authenticatorFlow": false,
|
||
|
"requirement": "ALTERNATIVE",
|
||
|
"priority": 25,
|
||
|
"autheticatorFlow": false,
|
||
|
"userSetupAllowed": false
|
||
|
},
|
||
|
{
|
||
|
"authenticatorFlow": true,
|
||
|
"requirement": "ALTERNATIVE",
|
||
|
"priority": 31,
|
||
|
"autheticatorFlow": true,
|
||
|
"flowAlias": "Authentication forms",
|
||
|
"userSetupAllowed": false
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"id": "84aeccff-bd3f-4432-9c41-6cdfd68ec8e5",
|
||
|
"alias": "Webauthn Browser no required username 2FA",
|
||
|
"description": "",
|
||
|
"providerId": "basic-flow",
|
||
|
"topLevel": false,
|
||
|
"builtIn": false,
|
||
|
"authenticationExecutions": [
|
||
|
{
|
||
|
"authenticator": "conditional-user-configured",
|
||
|
"authenticatorFlow": false,
|
||
|
"requirement": "REQUIRED",
|
||
|
"priority": 0,
|
||
|
"autheticatorFlow": false,
|
||
|
"userSetupAllowed": false
|
||
|
},
|
||
|
{
|
||
|
"authenticator": "webauthn-authenticator",
|
||
|
"authenticatorFlow": false,
|
||
|
"requirement": "ALTERNATIVE",
|
||
|
"priority": 1,
|
||
|
"autheticatorFlow": false,
|
||
|
"userSetupAllowed": false
|
||
|
},
|
||
|
{
|
||
|
"authenticator": "auth-otp-form",
|
||
|
"authenticatorFlow": false,
|
||
|
"requirement": "ALTERNATIVE",
|
||
|
"priority": 2,
|
||
|
"autheticatorFlow": false,
|
||
|
"userSetupAllowed": false
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"id": "9c5ad713-27b7-4dc1-a721-3460fc7ddfe0",
|
||
|
"alias": "Webauthn Browser no required username Password_and_2FA",
|
||
|
"description": "Flow to determine if password + 2FA is required for the authentication",
|
||
|
"providerId": "basic-flow",
|
||
|
"topLevel": false,
|
||
|
"builtIn": false,
|
||
|
"authenticationExecutions": [
|
||
|
{
|
||
|
"authenticatorFlow": true,
|
||
|
"requirement": "CONDITIONAL",
|
||
|
"priority": 23,
|
||
|
"autheticatorFlow": true,
|
||
|
"flowAlias": "Webauthn Browser no required username 2FA",
|
||
|
"userSetupAllowed": false
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"id": "ce06e5fa-237a-46d4-89da-94401f4b42e0",
|
||
|
"alias": "browser",
|
||
|
"description": "browser based authentication",
|
||
|
"providerId": "basic-flow",
|
||
|
"topLevel": true,
|
||
|
"builtIn": true,
|
||
|
"authenticationExecutions": [
|
||
|
{
|
||
|
"authenticator": "auth-cookie",
|
||
|
"authenticatorFlow": false,
|
||
|
"requirement": "ALTERNATIVE",
|
||
|
"priority": 10,
|
||
|
"autheticatorFlow": false,
|
||
|
"userSetupAllowed": false
|
||
|
},
|
||
|
{
|
||
|
"authenticator": "auth-spnego",
|
||
|
"authenticatorFlow": false,
|
||
|
"requirement": "DISABLED",
|
||
|
"priority": 20,
|
||
|
"autheticatorFlow": false,
|
||
|
"userSetupAllowed": false
|
||
|
},
|
||
|
{
|
||
|
"authenticator": "identity-provider-redirector",
|
||
|
"authenticatorFlow": false,
|
||
|
"requirement": "ALTERNATIVE",
|
||
|
"priority": 25,
|
||
|
"autheticatorFlow": false,
|
||
|
"userSetupAllowed": false
|
||
|
},
|
||
|
{
|
||
|
"authenticatorFlow": true,
|
||
|
"requirement": "ALTERNATIVE",
|
||
|
"priority": 30,
|
||
|
"autheticatorFlow": true,
|
||
|
"flowAlias": "forms",
|
||
|
"userSetupAllowed": false
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"id": "f922a19b-a3ae-4e31-981c-e5e05c48063d",
|
||
|
"alias": "clients",
|
||
|
"description": "Base authentication for clients",
|
||
|
"providerId": "client-flow",
|
||
|
"topLevel": true,
|
||
|
"builtIn": true,
|
||
|
"authenticationExecutions": [
|
||
|
{
|
||
|
"authenticator": "client-secret",
|
||
|
"authenticatorFlow": false,
|
||
|
"requirement": "ALTERNATIVE",
|
||
|
"priority": 10,
|
||
|
"autheticatorFlow": false,
|
||
|
"userSetupAllowed": false
|
||
|
},
|
||
|
{
|
||
|
"authenticator": "client-jwt",
|
||
|
"authenticatorFlow": false,
|
||
|
"requirement": "ALTERNATIVE",
|
||
|
"priority": 20,
|
||
|
"autheticatorFlow": false,
|
||
|
"userSetupAllowed": false
|
||
|
},
|
||
|
{
|
||
|
"authenticator": "client-secret-jwt",
|
||
|
"authenticatorFlow": false,
|
||
|
"requirement": "ALTERNATIVE",
|
||
|
"priority": 30,
|
||
|
"autheticatorFlow": false,
|
||
|
"userSetupAllowed": false
|
||
|
},
|
||
|
{
|
||
|
"authenticator": "client-x509",
|
||
|
"authenticatorFlow": false,
|
||
|
"requirement": "ALTERNATIVE",
|
||
|
"priority": 40,
|
||
|
"autheticatorFlow": false,
|
||
|
"userSetupAllowed": false
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"id": "4d29a72e-cfc1-4a39-be48-5fe985b46244",
|
||
|
"alias": "direct grant",
|
||
|
"description": "OpenID Connect Resource Owner Grant",
|
||
|
"providerId": "basic-flow",
|
||
|
"topLevel": true,
|
||
|
"builtIn": true,
|
||
|
"authenticationExecutions": [
|
||
|
{
|
||
|
"authenticator": "direct-grant-validate-username",
|
||
|
"authenticatorFlow": false,
|
||
|
"requirement": "REQUIRED",
|
||
|
"priority": 10,
|
||
|
"autheticatorFlow": false,
|
||
|
"userSetupAllowed": false
|
||
|
},
|
||
|
{
|
||
|
"authenticator": "direct-grant-validate-password",
|
||
|
"authenticatorFlow": false,
|
||
|
"requirement": "REQUIRED",
|
||
|
"priority": 20,
|
||
|
"autheticatorFlow": false,
|
||
|
"userSetupAllowed": false
|
||
|
},
|
||
|
{
|
||
|
"authenticatorFlow": true,
|
||
|
"requirement": "CONDITIONAL",
|
||
|
"priority": 30,
|
||
|
"autheticatorFlow": true,
|
||
|
"flowAlias": "Direct Grant - Conditional OTP",
|
||
|
"userSetupAllowed": false
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"id": "2829ac62-1d83-4912-b63b-e8710ae0b4c2",
|
||
|
"alias": "docker auth",
|
||
|
"description": "Used by Docker clients to authenticate against the IDP",
|
||
|
"providerId": "basic-flow",
|
||
|
"topLevel": true,
|
||
|
"builtIn": true,
|
||
|
"authenticationExecutions": [
|
||
|
{
|
||
|
"authenticator": "docker-http-basic-authenticator",
|
||
|
"authenticatorFlow": false,
|
||
|
"requirement": "REQUIRED",
|
||
|
"priority": 10,
|
||
|
"autheticatorFlow": false,
|
||
|
"userSetupAllowed": false
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"id": "401235ad-1f4d-4764-afb6-5a8adf244604",
|
||
|
"alias": "first broker login",
|
||
|
"description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
|
||
|
"providerId": "basic-flow",
|
||
|
"topLevel": true,
|
||
|
"builtIn": true,
|
||
|
"authenticationExecutions": [
|
||
|
{
|
||
|
"authenticatorConfig": "review profile config",
|
||
|
"authenticator": "idp-review-profile",
|
||
|
"authenticatorFlow": false,
|
||
|
"requirement": "REQUIRED",
|
||
|
"priority": 10,
|
||
|
"autheticatorFlow": false,
|
||
|
"userSetupAllowed": false
|
||
|
},
|
||
|
{
|
||
|
"authenticatorFlow": true,
|
||
|
"requirement": "REQUIRED",
|
||
|
"priority": 20,
|
||
|
"autheticatorFlow": true,
|
||
|
"flowAlias": "User creation or linking",
|
||
|
"userSetupAllowed": false
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"id": "d833da39-216f-4400-8e84-db5446a0e651",
|
||
|
"alias": "forms",
|
||
|
"description": "Username, password, otp and other auth forms.",
|
||
|
"providerId": "basic-flow",
|
||
|
"topLevel": false,
|
||
|
"builtIn": true,
|
||
|
"authenticationExecutions": [
|
||
|
{
|
||
|
"authenticator": "auth-username-password-form",
|
||
|
"authenticatorFlow": false,
|
||
|
"requirement": "REQUIRED",
|
||
|
"priority": 10,
|
||
|
"autheticatorFlow": false,
|
||
|
"userSetupAllowed": false
|
||
|
},
|
||
|
{
|
||
|
"authenticatorFlow": true,
|
||
|
"requirement": "CONDITIONAL",
|
||
|
"priority": 20,
|
||
|
"autheticatorFlow": true,
|
||
|
"flowAlias": "Browser - Conditional OTP",
|
||
|
"userSetupAllowed": false
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"id": "b3edb2a4-48fa-40b6-bcf3-5f178fc1e45e",
|
||
|
"alias": "registration",
|
||
|
"description": "registration flow",
|
||
|
"providerId": "basic-flow",
|
||
|
"topLevel": true,
|
||
|
"builtIn": true,
|
||
|
"authenticationExecutions": [
|
||
|
{
|
||
|
"authenticator": "registration-page-form",
|
||
|
"authenticatorFlow": true,
|
||
|
"requirement": "REQUIRED",
|
||
|
"priority": 10,
|
||
|
"autheticatorFlow": true,
|
||
|
"flowAlias": "registration form",
|
||
|
"userSetupAllowed": false
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"id": "568f69e7-a69c-4299-ab41-c66473e98d01",
|
||
|
"alias": "registration form",
|
||
|
"description": "registration form",
|
||
|
"providerId": "form-flow",
|
||
|
"topLevel": false,
|
||
|
"builtIn": true,
|
||
|
"authenticationExecutions": [
|
||
|
{
|
||
|
"authenticator": "registration-user-creation",
|
||
|
"authenticatorFlow": false,
|
||
|
"requirement": "REQUIRED",
|
||
|
"priority": 20,
|
||
|
"autheticatorFlow": false,
|
||
|
"userSetupAllowed": false
|
||
|
},
|
||
|
{
|
||
|
"authenticator": "registration-password-action",
|
||
|
"authenticatorFlow": false,
|
||
|
"requirement": "REQUIRED",
|
||
|
"priority": 50,
|
||
|
"autheticatorFlow": false,
|
||
|
"userSetupAllowed": false
|
||
|
},
|
||
|
{
|
||
|
"authenticator": "registration-recaptcha-action",
|
||
|
"authenticatorFlow": false,
|
||
|
"requirement": "DISABLED",
|
||
|
"priority": 60,
|
||
|
"autheticatorFlow": false,
|
||
|
"userSetupAllowed": false
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"id": "4ae2919a-2033-4201-b9fc-b9f3320e939f",
|
||
|
"alias": "reset credentials",
|
||
|
"description": "Reset credentials for a user if they forgot their password or something",
|
||
|
"providerId": "basic-flow",
|
||
|
"topLevel": true,
|
||
|
"builtIn": true,
|
||
|
"authenticationExecutions": [
|
||
|
{
|
||
|
"authenticator": "reset-credentials-choose-user",
|
||
|
"authenticatorFlow": false,
|
||
|
"requirement": "REQUIRED",
|
||
|
"priority": 10,
|
||
|
"autheticatorFlow": false,
|
||
|
"userSetupAllowed": false
|
||
|
},
|
||
|
{
|
||
|
"authenticator": "reset-credential-email",
|
||
|
"authenticatorFlow": false,
|
||
|
"requirement": "REQUIRED",
|
||
|
"priority": 20,
|
||
|
"autheticatorFlow": false,
|
||
|
"userSetupAllowed": false
|
||
|
},
|
||
|
{
|
||
|
"authenticator": "reset-password",
|
||
|
"authenticatorFlow": false,
|
||
|
"requirement": "REQUIRED",
|
||
|
"priority": 30,
|
||
|
"autheticatorFlow": false,
|
||
|
"userSetupAllowed": false
|
||
|
},
|
||
|
{
|
||
|
"authenticatorFlow": true,
|
||
|
"requirement": "CONDITIONAL",
|
||
|
"priority": 40,
|
||
|
"autheticatorFlow": true,
|
||
|
"flowAlias": "Reset - Conditional OTP",
|
||
|
"userSetupAllowed": false
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"id": "ff50f985-4ab1-428b-b0c8-2fd99f109198",
|
||
|
"alias": "saml ecp",
|
||
|
"description": "SAML ECP Profile Authentication Flow",
|
||
|
"providerId": "basic-flow",
|
||
|
"topLevel": true,
|
||
|
"builtIn": true,
|
||
|
"authenticationExecutions": [
|
||
|
{
|
||
|
"authenticator": "http-basic-authenticator",
|
||
|
"authenticatorFlow": false,
|
||
|
"requirement": "REQUIRED",
|
||
|
"priority": 10,
|
||
|
"autheticatorFlow": false,
|
||
|
"userSetupAllowed": false
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
],
|
||
|
"authenticatorConfig": [
|
||
|
{
|
||
|
"id": "9794787b-bc86-4440-b6ae-eed8705e32ae",
|
||
|
"alias": "Identity Provider Redirector",
|
||
|
"config": {
|
||
|
"defaultProvider": "oidc"
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"id": "01d47dfc-83a7-49c6-89a1-ac543fe92f58",
|
||
|
"alias": "create unique user config",
|
||
|
"config": {
|
||
|
"require.password.update.after.registration": "false"
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"id": "7dce77a9-dba9-4fca-9aa4-8b78ed48ca4f",
|
||
|
"alias": "review profile config",
|
||
|
"config": {
|
||
|
"update.profile.on.first.login": "missing"
|
||
|
}
|
||
|
}
|
||
|
],
|
||
|
"requiredActions": [
|
||
|
{
|
||
|
"alias": "CONFIGURE_TOTP",
|
||
|
"name": "Configure OTP",
|
||
|
"providerId": "CONFIGURE_TOTP",
|
||
|
"enabled": true,
|
||
|
"defaultAction": false,
|
||
|
"priority": 10,
|
||
|
"config": {}
|
||
|
},
|
||
|
{
|
||
|
"alias": "TERMS_AND_CONDITIONS",
|
||
|
"name": "Terms and Conditions",
|
||
|
"providerId": "TERMS_AND_CONDITIONS",
|
||
|
"enabled": false,
|
||
|
"defaultAction": false,
|
||
|
"priority": 20,
|
||
|
"config": {}
|
||
|
},
|
||
|
{
|
||
|
"alias": "UPDATE_PASSWORD",
|
||
|
"name": "Update Password",
|
||
|
"providerId": "UPDATE_PASSWORD",
|
||
|
"enabled": true,
|
||
|
"defaultAction": false,
|
||
|
"priority": 30,
|
||
|
"config": {}
|
||
|
},
|
||
|
{
|
||
|
"alias": "UPDATE_PROFILE",
|
||
|
"name": "Update Profile",
|
||
|
"providerId": "UPDATE_PROFILE",
|
||
|
"enabled": true,
|
||
|
"defaultAction": false,
|
||
|
"priority": 40,
|
||
|
"config": {}
|
||
|
},
|
||
|
{
|
||
|
"alias": "VERIFY_EMAIL",
|
||
|
"name": "Verify Email",
|
||
|
"providerId": "VERIFY_EMAIL",
|
||
|
"enabled": true,
|
||
|
"defaultAction": false,
|
||
|
"priority": 50,
|
||
|
"config": {}
|
||
|
},
|
||
|
{
|
||
|
"alias": "delete_account",
|
||
|
"name": "Delete Account",
|
||
|
"providerId": "delete_account",
|
||
|
"enabled": false,
|
||
|
"defaultAction": false,
|
||
|
"priority": 60,
|
||
|
"config": {}
|
||
|
},
|
||
|
{
|
||
|
"alias": "webauthn-register",
|
||
|
"name": "Webauthn Register",
|
||
|
"providerId": "webauthn-register",
|
||
|
"enabled": true,
|
||
|
"defaultAction": false,
|
||
|
"priority": 70,
|
||
|
"config": {}
|
||
|
},
|
||
|
{
|
||
|
"alias": "webauthn-register-passwordless",
|
||
|
"name": "Webauthn Register Passwordless",
|
||
|
"providerId": "webauthn-register-passwordless",
|
||
|
"enabled": true,
|
||
|
"defaultAction": false,
|
||
|
"priority": 80,
|
||
|
"config": {}
|
||
|
},
|
||
|
{
|
||
|
"alias": "update_user_locale",
|
||
|
"name": "Update User Locale",
|
||
|
"providerId": "update_user_locale",
|
||
|
"enabled": true,
|
||
|
"defaultAction": false,
|
||
|
"priority": 1000,
|
||
|
"config": {}
|
||
|
}
|
||
|
],
|
||
|
"browserFlow": "Webauthn Browser",
|
||
|
"registrationFlow": "registration",
|
||
|
"directGrantFlow": "direct grant",
|
||
|
"resetCredentialsFlow": "reset credentials",
|
||
|
"clientAuthenticationFlow": "clients",
|
||
|
"dockerAuthenticationFlow": "docker auth",
|
||
|
"attributes": {
|
||
|
"cibaBackchannelTokenDeliveryMode": "poll",
|
||
|
"cibaAuthRequestedUserHint": "login_hint",
|
||
|
"oauth2DevicePollingInterval": "5",
|
||
|
"clientOfflineSessionMaxLifespan": "0",
|
||
|
"clientSessionIdleTimeout": "0",
|
||
|
"userProfileEnabled": "true",
|
||
|
"clientOfflineSessionIdleTimeout": "0",
|
||
|
"cibaInterval": "5",
|
||
|
"realmReusableOtpCode": "false",
|
||
|
"cibaExpiresIn": "120",
|
||
|
"oauth2DeviceCodeLifespan": "600",
|
||
|
"parRequestUriLifespan": "60",
|
||
|
"clientSessionMaxLifespan": "0"
|
||
|
},
|
||
|
"keycloakVersion": "24.0.5",
|
||
|
"userManagedAccessAllowed": false,
|
||
|
"clientProfiles": {
|
||
|
"profiles": []
|
||
|
},
|
||
|
"clientPolicies": {
|
||
|
"policies": []
|
||
|
}
|
||
|
}
|