{ "id": "b5b70f0e-7a0f-4adb-b87b-3311d40e9686", "realm": "test.pub.solar", "notBefore": 0, "defaultSignatureAlgorithm": "RS256", "revokeRefreshToken": false, "refreshTokenMaxReuse": 0, "accessTokenLifespan": 300, "accessTokenLifespanForImplicitFlow": 900, "ssoSessionIdleTimeout": 1800, "ssoSessionMaxLifespan": 43200, "ssoSessionIdleTimeoutRememberMe": 7776000, "ssoSessionMaxLifespanRememberMe": 31536000, "offlineSessionIdleTimeout": 2592000, "offlineSessionMaxLifespanEnabled": false, "offlineSessionMaxLifespan": 5184000, "clientSessionIdleTimeout": 0, "clientSessionMaxLifespan": 0, "clientOfflineSessionIdleTimeout": 0, "clientOfflineSessionMaxLifespan": 0, "accessCodeLifespan": 60, "accessCodeLifespanUserAction": 300, "accessCodeLifespanLogin": 1800, "actionTokenGeneratedByAdminLifespan": 43200, "actionTokenGeneratedByUserLifespan": 300, "oauth2DeviceCodeLifespan": 600, "oauth2DevicePollingInterval": 5, "enabled": true, "sslRequired": "external", "registrationAllowed": true, "registrationEmailAsUsername": false, "rememberMe": true, "verifyEmail": true, "loginWithEmailAllowed": true, "duplicateEmailsAllowed": false, "resetPasswordAllowed": true, "editUsernameAllowed": false, "bruteForceProtected": false, "permanentLockout": false, "maxTemporaryLockouts": 0, "maxFailureWaitSeconds": 900, "minimumQuickLoginWaitSeconds": 60, "waitIncrementSeconds": 60, "quickLoginCheckMilliSeconds": 1000, "maxDeltaTimeSeconds": 43200, "failureFactor": 30, "roles": { "realm": [ { "id": "5e30b340-292f-4c23-982f-936b052634c1", "name": "offline_access", "description": "${role_offline-access}", "composite": false, "clientRole": false, "containerId": "b5b70f0e-7a0f-4adb-b87b-3311d40e9686", "attributes": {} }, { "id": "49dd91a4-2176-4a84-aab0-37eb7f41fc1f", "name": "default-roles-test.pub.solar", "description": "${role_default-roles}", "composite": true, "composites": { "realm": [ "offline_access", "uma_authorization" ], "client": { "account": [ "view-profile", "manage-account" ] } }, "clientRole": false, "containerId": "b5b70f0e-7a0f-4adb-b87b-3311d40e9686", "attributes": {} }, { "id": "541db75b-d73a-478c-bfbc-942b64d6286d", "name": "admin", "description": "Grafana admin role", "composite": false, "clientRole": false, "containerId": "b5b70f0e-7a0f-4adb-b87b-3311d40e9686", "attributes": {} }, { "id": "ca6ef8b3-aeca-420a-86d5-edb6698d83ef", "name": "uma_authorization", "description": "${role_uma_authorization}", "composite": false, "clientRole": false, "containerId": "b5b70f0e-7a0f-4adb-b87b-3311d40e9686", "attributes": {} } ], "client": { "nextcloud": [], "realm-management": [ { "id": "ae0cb0ed-998f-476d-b688-ac087a6ddc5a", "name": "manage-users", "description": "${role_manage-users}", "composite": false, "clientRole": true, "containerId": "9c267669-4de5-4203-a1c2-5b2de0003635", "attributes": {} }, { "id": "53b294e4-ab83-4c7f-ae21-e5df0d47d76d", "name": "query-realms", "description": "${role_query-realms}", "composite": false, "clientRole": true, "containerId": "9c267669-4de5-4203-a1c2-5b2de0003635", "attributes": {} }, { "id": "fce40cde-1df9-48b7-b18b-f61a95569f03", "name": "view-events", "description": "${role_view-events}", "composite": false, "clientRole": true, "containerId": "9c267669-4de5-4203-a1c2-5b2de0003635", "attributes": {} }, { "id": "471acf51-59c9-4e74-a470-8b9d650d7043", "name": "view-users", "description": "${role_view-users}", "composite": true, "composites": { "client": { "realm-management": [ "query-users", "query-groups" ] } }, "clientRole": true, "containerId": "9c267669-4de5-4203-a1c2-5b2de0003635", "attributes": {} }, { "id": "e2217f23-e8bf-44ab-ab43-6f3c6951b1ca", "name": "manage-events", "description": "${role_manage-events}", "composite": false, "clientRole": true, "containerId": "9c267669-4de5-4203-a1c2-5b2de0003635", "attributes": {} }, { "id": "07648931-6258-4276-ab5c-4b7f1aa66e44", "name": "manage-realm", "description": "${role_manage-realm}", "composite": false, "clientRole": true, "containerId": "9c267669-4de5-4203-a1c2-5b2de0003635", "attributes": {} }, { "id": "a3b51cd8-9a25-4361-9251-52dabdbf3af0", "name": "view-clients", "description": "${role_view-clients}", "composite": true, "composites": { "client": { "realm-management": [ "query-clients" ] } }, "clientRole": true, "containerId": "9c267669-4de5-4203-a1c2-5b2de0003635", "attributes": {} }, { "id": "e5db750b-6f51-41ac-885d-054300c072b2", "name": "view-realm", "description": "${role_view-realm}", "composite": false, "clientRole": true, "containerId": "9c267669-4de5-4203-a1c2-5b2de0003635", "attributes": {} }, { "id": "cfd61589-7ed6-4fc2-83d0-27f3ca1e6bbd", "name": "impersonation", "description": "${role_impersonation}", "composite": false, "clientRole": true, "containerId": "9c267669-4de5-4203-a1c2-5b2de0003635", "attributes": {} }, { "id": "434e0ec3-9e6e-4358-8814-dc5b783ae2b3", "name": "view-authorization", "description": "${role_view-authorization}", "composite": false, "clientRole": true, "containerId": "9c267669-4de5-4203-a1c2-5b2de0003635", "attributes": {} }, { "id": "32988bf3-3f8d-4150-b3a2-e342ec9a0587", "name": "query-groups", "description": "${role_query-groups}", "composite": false, "clientRole": true, "containerId": "9c267669-4de5-4203-a1c2-5b2de0003635", "attributes": {} }, { "id": "fa821c09-19a3-48da-9980-c093ba931902", "name": "manage-authorization", "description": "${role_manage-authorization}", "composite": false, "clientRole": true, "containerId": "9c267669-4de5-4203-a1c2-5b2de0003635", "attributes": {} }, { "id": "317528d1-b1f5-43f9-b88b-6afdc53fd975", "name": "create-client", "description": "${role_create-client}", "composite": false, "clientRole": true, "containerId": "9c267669-4de5-4203-a1c2-5b2de0003635", "attributes": {} }, { "id": "c446519c-24d0-4d60-b4c0-401bf6dd80d6", "name": "realm-admin", "description": "${role_realm-admin}", "composite": true, "composites": { "client": { "realm-management": [ "manage-users", "query-realms", "view-events", "view-users", "manage-realm", "manage-events", "view-clients", "view-realm", "impersonation", "view-authorization", "query-groups", "manage-authorization", "create-client", "query-users", "query-clients", "view-identity-providers", "manage-clients", "manage-identity-providers" ] } }, "clientRole": true, "containerId": "9c267669-4de5-4203-a1c2-5b2de0003635", "attributes": {} }, { "id": "c197af85-bdb6-4caf-9e77-1631479e51db", "name": "query-clients", "description": "${role_query-clients}", "composite": false, "clientRole": true, "containerId": "9c267669-4de5-4203-a1c2-5b2de0003635", "attributes": {} }, { "id": "c5865ad3-936b-4506-b4eb-33b154b4837c", "name": "query-users", "description": "${role_query-users}", "composite": false, "clientRole": true, "containerId": "9c267669-4de5-4203-a1c2-5b2de0003635", "attributes": {} }, { "id": "90a4b005-4ecd-479d-9a8e-824a15735045", "name": "view-identity-providers", "description": "${role_view-identity-providers}", "composite": false, "clientRole": true, "containerId": "9c267669-4de5-4203-a1c2-5b2de0003635", "attributes": {} }, { "id": "56875e67-b1f4-49e2-b120-8ce33b5f4460", "name": "manage-clients", "description": "${role_manage-clients}", "composite": false, "clientRole": true, "containerId": "9c267669-4de5-4203-a1c2-5b2de0003635", "attributes": {} }, { "id": "4d7dc40e-66b8-4712-8bde-8d8c504c39b7", "name": "manage-identity-providers", "description": "${role_manage-identity-providers}", "composite": false, "clientRole": true, "containerId": "9c267669-4de5-4203-a1c2-5b2de0003635", "attributes": {} } ], "matrix-authentication-service": [], "security-admin-console": [], "account-console": [], "tailscale": [], "broker": [ { "id": "100f0a26-618b-4de8-a4f5-4dabbb6c034c", "name": "read-token", "description": "${role_read-token}", "composite": false, "clientRole": true, "containerId": "2321d398-262d-4fd7-aef8-e6cc0ee017d7", "attributes": {} } ], "matrix": [ { "id": "8730c207-c839-4766-86f6-2e7006867ac9", "name": "uma_protection", "composite": false, "clientRole": true, "containerId": "cb5a2e5c-2c4a-4acd-9389-3d63c77e1011", "attributes": {} } ], "tt-rss": [], "mediawiki": [], "gitea": [], "grafana": [], "admin-cli": [], "mastodon": [], "openbikesensor-portal": [], "account": [ { "id": "53cb4bb7-ad4f-4cb6-b19b-60c367a9fca0", "name": "manage-account", "description": "${role_manage-account}", "composite": true, "composites": { "client": { "account": [ "manage-account-links" ] } }, "clientRole": true, "containerId": "ffda02c2-3535-4b98-ab04-fe7dcb7b80a4", "attributes": {} }, { "id": "22e2c8e7-3a1e-4681-9584-77f375255072", "name": "view-profile", "description": "${role_view-profile}", "composite": false, "clientRole": true, "containerId": "ffda02c2-3535-4b98-ab04-fe7dcb7b80a4", "attributes": {} }, { "id": "c2da86e7-0c40-4202-b01f-711f115444ac", "name": "delete-account", "description": "${role_delete-account}", "composite": false, "clientRole": true, "containerId": "ffda02c2-3535-4b98-ab04-fe7dcb7b80a4", "attributes": {} }, { "id": "4a8aa5fd-e4e5-4533-8886-6b0d54b10516", "name": "manage-account-links", "description": "${role_manage-account-links}", "composite": false, "clientRole": true, "containerId": "ffda02c2-3535-4b98-ab04-fe7dcb7b80a4", "attributes": {} }, { "id": "518f2427-8d18-4960-b958-2477fdfdae90", "name": "view-applications", "description": "${role_view-applications}", "composite": false, "clientRole": true, "containerId": "ffda02c2-3535-4b98-ab04-fe7dcb7b80a4", "attributes": {} }, { "id": "e29e2d62-1992-4437-ae33-b47346fcd59a", "name": "manage-consent", "description": "${role_manage-consent}", "composite": true, "composites": { "client": { "account": [ "view-consent" ] } }, "clientRole": true, "containerId": "ffda02c2-3535-4b98-ab04-fe7dcb7b80a4", "attributes": {} }, { "id": "96e61a70-2586-4c90-b2ea-52987b3894e1", "name": "view-groups", "description": "${role_view-groups}", "composite": false, "clientRole": true, "containerId": "ffda02c2-3535-4b98-ab04-fe7dcb7b80a4", "attributes": {} }, { "id": "f7531a5f-0b66-481e-8b6a-546ca6dff284", "name": "view-consent", "description": "${role_view-consent}", "composite": false, "clientRole": true, "containerId": "ffda02c2-3535-4b98-ab04-fe7dcb7b80a4", "attributes": {} } ] } }, "groups": [], "defaultRole": { "id": "49dd91a4-2176-4a84-aab0-37eb7f41fc1f", "name": "default-roles-test.pub.solar", "description": "${role_default-roles}", "composite": true, "clientRole": false, "containerId": "b5b70f0e-7a0f-4adb-b87b-3311d40e9686" }, "requiredCredentials": [ "password" ], "otpPolicyType": "totp", "otpPolicyAlgorithm": "HmacSHA1", "otpPolicyInitialCounter": 0, "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, "otpPolicyCodeReusable": false, "otpSupportedApplications": [ "totpAppFreeOTPName", "totpAppGoogleName", "totpAppMicrosoftAuthenticatorName" ], "localizationTexts": {}, "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ "ES256" ], "webAuthnPolicyRpId": "", "webAuthnPolicyAttestationConveyancePreference": "not specified", "webAuthnPolicyAuthenticatorAttachment": "not specified", "webAuthnPolicyRequireResidentKey": "not specified", "webAuthnPolicyUserVerificationRequirement": "not specified", "webAuthnPolicyCreateTimeout": 0, "webAuthnPolicyAvoidSameAuthenticatorRegister": false, "webAuthnPolicyAcceptableAaguids": [], "webAuthnPolicyExtraOrigins": [], "webAuthnPolicyPasswordlessRpEntityName": "keycloak", "webAuthnPolicyPasswordlessSignatureAlgorithms": [ "ES256" ], "webAuthnPolicyPasswordlessRpId": "", "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", "webAuthnPolicyPasswordlessCreateTimeout": 0, "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, "webAuthnPolicyPasswordlessAcceptableAaguids": [], "webAuthnPolicyPasswordlessExtraOrigins": [], "users": [ { "id": "eeecbf5f-4671-4f1b-9fa1-1cba5c7f5f7a", "username": "service-account-admin-cli", "emailVerified": true, "createdTimestamp": 1714175492873, "enabled": true, "totp": false, "serviceAccountClientId": "admin-cli", "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ "default-roles-test.pub.solar" ], "clientRoles": { "realm-management": [ "query-realms", "manage-users", "view-events", "view-users", "manage-events", "manage-realm", "view-clients", "view-realm", "impersonation", "view-authorization", "query-groups", "manage-authorization", "realm-admin", "create-client", "query-users", "query-clients", "view-identity-providers", "manage-identity-providers", "manage-clients" ] }, "notBefore": 0, "groups": [] }, { "id": "1237f773-ea8a-4db1-8fe5-5ec7924e6a10", "username": "service-account-matrix", "emailVerified": true, "createdTimestamp": 1669426534368, "enabled": true, "totp": false, "serviceAccountClientId": "matrix", "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ "default-roles-test.pub.solar" ], "clientRoles": { "matrix": [ "uma_protection" ] }, "notBefore": 0, "groups": [] } ], "scopeMappings": [ { "clientScope": "offline_access", "roles": [ "offline_access" ] } ], "clientScopeMappings": { "account": [ { "client": "account-console", "roles": [ "manage-account", "view-groups" ] } ] }, "clients": [ { "id": "ffda02c2-3535-4b98-ab04-fe7dcb7b80a4", "clientId": "account", "name": "${client_account}", "description": "", "rootUrl": "${authBaseUrl}", "adminUrl": "", "baseUrl": "/realms/test.pub.solar/account/", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "redirectUris": [ "/realms/test.pub.solar/account/*" ], "webOrigins": [], "notBefore": 0, "bearerOnly": false, "consentRequired": false, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": false, "serviceAccountsEnabled": false, "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { "tls-client-certificate-bound-access-tokens": "false", "oidc.ciba.grant.enabled": "false", "backchannel.logout.session.required": "true", "client_credentials.use_refresh_token": "false", "acr.loa.map": "{}", "require.pushed.authorization.requests": "false", "post.logout.redirect.uris": "+", "display.on.consent.screen": "false", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "token.response.type.bearer.lower-case": "false", "use.refresh.tokens": "true" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, "defaultClientScopes": [ "web-origins", "acr", "roles", "profile", "email" ], "optionalClientScopes": [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { "id": "16e24154-8351-4862-866e-ccb326d3143a", "clientId": "account-console", "name": "${client_account-console}", "description": "", "rootUrl": "${authBaseUrl}", "adminUrl": "", "baseUrl": "/realms/test.pub.solar/account/", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "redirectUris": [ "/realms/test.pub.solar/account/*" ], "webOrigins": [], "notBefore": 0, "bearerOnly": false, "consentRequired": false, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": false, "serviceAccountsEnabled": false, "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "use.refresh.tokens": "true", "tls-client-certificate-bound-access-tokens": "false", "oidc.ciba.grant.enabled": "false", "backchannel.logout.session.required": "true", "client_credentials.use_refresh_token": "false", "acr.loa.map": "{}", "require.pushed.authorization.requests": "false", "tls.client.certificate.bound.access.tokens": "false", "display.on.consent.screen": "false", "token.response.type.bearer.lower-case": "false" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, "protocolMappers": [ { "id": "a076f7e4-08b2-4804-8784-526bcbcbf293", "name": "audience resolve", "protocol": "openid-connect", "protocolMapper": "oidc-audience-resolve-mapper", "consentRequired": false, "config": {} } ], "defaultClientScopes": [ "web-origins", "acr", "roles", "profile", "email" ], "optionalClientScopes": [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { "id": "43795547-9881-429e-86f3-94cbb2961f4e", "clientId": "admin-cli", "name": "${client_admin-cli}", "description": "", "rootUrl": "", "adminUrl": "", "baseUrl": "", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "secret": "secret", "redirectUris": [], "webOrigins": [], "notBefore": 0, "bearerOnly": false, "consentRequired": false, "standardFlowEnabled": false, "implicitFlowEnabled": false, "directAccessGrantsEnabled": false, "serviceAccountsEnabled": true, "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { "oidc.ciba.grant.enabled": "false", "display.on.consent.screen": "false", "oauth2.device.authorization.grant.enabled": "false", "client.secret.creation.time": 1724701666039, "backchannel.logout.session.required": "true", "backchannel.logout.revoke.offline.tokens": "false" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, "protocolMappers": [ { "id": "ba37bbed-bf37-433e-a87c-17be807bebef", "name": "Client ID", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "client_id", "id.token.claim": "true", "introspection.token.claim": "true", "access.token.claim": "true", "claim.name": "client_id", "jsonType.label": "String" } }, { "id": "223f12dc-ea4e-415f-b219-579af08f077e", "name": "Client IP Address", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "clientAddress", "id.token.claim": "true", "introspection.token.claim": "true", "access.token.claim": "true", "claim.name": "clientAddress", "jsonType.label": "String" } }, { "id": "197639ae-6f64-41fb-88db-30e02507ee2a", "name": "Client Host", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "clientHost", "id.token.claim": "true", "introspection.token.claim": "true", "access.token.claim": "true", "claim.name": "clientHost", "jsonType.label": "String" } } ], "defaultClientScopes": [ "web-origins", "acr", "roles", "profile", "email" ], "optionalClientScopes": [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { "id": "2321d398-262d-4fd7-aef8-e6cc0ee017d7", "clientId": "broker", "name": "${client_broker}", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "redirectUris": [], "webOrigins": [], "notBefore": 0, "bearerOnly": true, "consentRequired": false, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": false, "serviceAccountsEnabled": false, "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", "attributes": {}, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, "defaultClientScopes": [ "web-origins", "acr", "roles", "profile", "email" ], "optionalClientScopes": [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { "id": "eb879c6d-d130-4eac-82c2-abb0c3b90eb1", "clientId": "gitea", "name": "", "description": "", "rootUrl": "https://git.test.pub.solar", "adminUrl": "https://git.test.pub.solar", "baseUrl": "https://git.test.pub.solar", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "secret": "secret", "redirectUris": [ "https://git.test.pub.solar/*" ], "webOrigins": [ "https://git.test.pub.solar" ], "notBefore": 0, "bearerOnly": false, "consentRequired": false, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": true, "serviceAccountsEnabled": false, "publicClient": false, "frontchannelLogout": true, "protocol": "openid-connect", "attributes": { "client.secret.creation.time": 1724701666039, "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "use.refresh.tokens": "true", "tls-client-certificate-bound-access-tokens": "false", "oidc.ciba.grant.enabled": "false", "backchannel.logout.session.required": "true", "client_credentials.use_refresh_token": "false", "acr.loa.map": "{}", "require.pushed.authorization.requests": "false", "display.on.consent.screen": "false", "token.response.type.bearer.lower-case": "false" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": true, "nodeReRegistrationTimeout": -1, "defaultClientScopes": [ "web-origins", "acr", "roles", "profile", "email" ], "optionalClientScopes": [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { "id": "8f4a114b-d41c-4942-b6a8-0d306ed84edf", "clientId": "grafana", "name": "", "description": "https://grafana.test.pub.solar", "rootUrl": "https://grafana.test.pub.solar", "adminUrl": "https://grafana.test.pub.solar", "baseUrl": "/login/generic_oauth", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "secret": "secret", "redirectUris": [ "https://grafana.test.pub.solar/login/generic_oauth" ], "webOrigins": [ "https://grafana.test.pub.solar" ], "notBefore": 0, "bearerOnly": false, "consentRequired": false, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": true, "serviceAccountsEnabled": false, "publicClient": false, "frontchannelLogout": true, "protocol": "openid-connect", "attributes": { "oidc.ciba.grant.enabled": "false", "client.secret.creation.time": 1724701666039, "backchannel.logout.session.required": "true", "post.logout.redirect.uris": "+", "display.on.consent.screen": "false", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": true, "nodeReRegistrationTimeout": -1, "defaultClientScopes": [ "web-origins", "acr", "roles", "profile", "email" ], "optionalClientScopes": [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { "id": "212cab9b-cf2c-4bfd-8a1a-1e0533c430f6", "clientId": "mastodon", "name": "mastodon", "description": "", "rootUrl": "https://mastodon.test.pub.solar", "adminUrl": "", "baseUrl": "https://mastodon.test.pub.solar", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "secret": "secret", "redirectUris": [ "", "https://mastodon.test.pub.solar/auth/auth/openid_connect/callback" ], "webOrigins": [ "https://mastodon.test.pub.solar/auth/openid_connect/callback" ], "notBefore": 0, "bearerOnly": false, "consentRequired": false, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": true, "serviceAccountsEnabled": false, "publicClient": false, "frontchannelLogout": true, "protocol": "openid-connect", "attributes": { "tls-client-certificate-bound-access-tokens": "false", "oidc.ciba.grant.enabled": "false", "client.secret.creation.time": 1724701666039, "backchannel.logout.session.required": "true", "client_credentials.use_refresh_token": "false", "acr.loa.map": "{}", "require.pushed.authorization.requests": "false", "display.on.consent.screen": "false", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "token.response.type.bearer.lower-case": "false", "use.refresh.tokens": "true" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": true, "nodeReRegistrationTimeout": -1, "defaultClientScopes": [ "web-origins", "acr", "roles", "profile", "email" ], "optionalClientScopes": [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { "id": "cb5a2e5c-2c4a-4acd-9389-3d63c77e1011", "clientId": "matrix", "name": "", "description": "", "rootUrl": "https://chat.test.pub.solar", "adminUrl": "", "baseUrl": "https://chat.test.pub.solar", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "secret": "secret", "redirectUris": [ "https://matrix.test.pub.solar/_synapse/client/oidc/callback", "https://matrix.test.test.pub.solar/_synapse/client/oidc/callback" ], "webOrigins": [], "notBefore": 0, "bearerOnly": false, "consentRequired": false, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": true, "serviceAccountsEnabled": true, "authorizationServicesEnabled": true, "publicClient": false, "frontchannelLogout": true, "protocol": "openid-connect", "attributes": { "client.secret.creation.time": 1724701666039, "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "use.refresh.tokens": "true", "tls-client-certificate-bound-access-tokens": "false", "oidc.ciba.grant.enabled": "false", "backchannel.logout.session.required": "true", "backchannel.logout.url": "https://chat.test.pub.solar/_synapse/client/oidc/backchannel_logout", "client_credentials.use_refresh_token": "false", "acr.loa.map": "{}", "require.pushed.authorization.requests": "false", "display.on.consent.screen": "false", "token.response.type.bearer.lower-case": "false" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": true, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { "id": "895d5d35-d9c9-489d-bddc-37c40a337188", "name": "Client Host", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "clientHost", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "clientHost", "jsonType.label": "String" } }, { "id": "969c7760-7d2a-4117-8505-53bd4d0c10b1", "name": "Client IP Address", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "clientAddress", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "clientAddress", "jsonType.label": "String" } }, { "id": "63d3be07-5ef2-4b84-92ec-1a739b2f58e4", "name": "Client ID", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "clientId", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "clientId", "jsonType.label": "String" } } ], "defaultClientScopes": [ "web-origins", "acr", "roles", "profile", "email" ], "optionalClientScopes": [ "address", "phone", "offline_access", "microprofile-jwt" ], "authorizationSettings": { "allowRemoteResourceManagement": true, "policyEnforcementMode": "ENFORCING", "resources": [ { "name": "Default Resource", "type": "urn:matrix:resources:default", "ownerManagedAccess": false, "attributes": {}, "_id": "559732a1-23b5-4af2-b14f-32b0ae2afa6e", "uris": [ "/*" ] } ], "policies": [ { "id": "95abcad9-b9ff-416e-8ab1-706bf6a7f406", "name": "Default Policy", "description": "A policy that grants access only for users within this realm", "type": "js", "logic": "POSITIVE", "decisionStrategy": "AFFIRMATIVE", "config": { "code": "// by default, grants any permission associated with this policy\n$evaluation.grant();\n" } }, { "id": "26997def-9683-47e4-a6c3-c7d5b69e4a38", "name": "Default Permission", "description": "A permission that applies to the default resource type", "type": "resource", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { "defaultResourceType": "urn:matrix:resources:default", "applyPolicies": "[\"Default Policy\"]" } } ], "scopes": [], "decisionStrategy": "UNANIMOUS" } }, { "id": "0bc9fc84-2636-4bc3-9394-61ec4b804939", "clientId": "matrix-authentication-service", "name": "", "description": "Used for our hosted https://github.com/matrix-org/matrix-authentication-service", "rootUrl": "https://matrix.test.pub.solar/", "adminUrl": "https://matrix.test.pub.solar/", "baseUrl": "https://matrix.test.pub.solar/", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "secret": "secret", "redirectUris": [ "http://[::]:8080/upstream/callback/01HHWGFGBGGCT7HFHD0R4K0AZF" ], "webOrigins": [ "+" ], "notBefore": 0, "bearerOnly": false, "consentRequired": false, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": true, "serviceAccountsEnabled": false, "publicClient": false, "frontchannelLogout": true, "protocol": "openid-connect", "attributes": { "oidc.ciba.grant.enabled": "false", "client.secret.creation.time": 1724701666039, "backchannel.logout.session.required": "true", "post.logout.redirect.uris": "+", "display.on.consent.screen": "false", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": true, "nodeReRegistrationTimeout": -1, "defaultClientScopes": [ "web-origins", "acr", "roles", "profile", "email" ], "optionalClientScopes": [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { "id": "f4fb631d-de88-48b2-be28-8ee74190c743", "clientId": "mediawiki", "name": "", "description": "", "rootUrl": "https://wiki.test.pub.solar", "adminUrl": "https://wiki.test.pub.solar", "baseUrl": "https://wiki.test.pub.solar", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "secret": "secret", "redirectUris": [ "https://wiki.test.pub.solar/*" ], "webOrigins": [ "https://wiki.test.pub.solar" ], "notBefore": 0, "bearerOnly": false, "consentRequired": false, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": true, "serviceAccountsEnabled": false, "publicClient": false, "frontchannelLogout": true, "protocol": "openid-connect", "attributes": { "oidc.ciba.grant.enabled": "false", "client.secret.creation.time": 1724701666039, "backchannel.logout.session.required": "true", "post.logout.redirect.uris": "+", "display.on.consent.screen": "false", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": true, "nodeReRegistrationTimeout": -1, "defaultClientScopes": [ "web-origins", "acr", "roles", "profile", "email" ], "optionalClientScopes": [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { "id": "d830160a-1c09-4dfd-b984-cd9e69e72649", "clientId": "nextcloud", "name": "", "description": "", "rootUrl": "https://cloud.test.pub.solar", "adminUrl": "https://cloud.test.pub.solar", "baseUrl": "https://cloud.test.pub.solar", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "secret": "secret", "redirectUris": [ "https://cloud.test.pub.solar/apps/user_oidc/code" ], "webOrigins": [ "https://cloud.test.pub.solar" ], "notBefore": 0, "bearerOnly": false, "consentRequired": false, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": true, "serviceAccountsEnabled": false, "publicClient": false, "frontchannelLogout": true, "protocol": "openid-connect", "attributes": { "client.secret.creation.time": 1724701666039, "post.logout.redirect.uris": "https://cloud.test.pub.solar##https://cloud.test.pub.solar/##https://cloud.test.pub.solar/*", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "use.refresh.tokens": "true", "tls-client-certificate-bound-access-tokens": "false", "oidc.ciba.grant.enabled": "false", "backchannel.logout.session.required": "true", "backchannel.logout.url": "https://cloud.test.pub.solar/apps/user_oidc/backchannel-logout/test.pub.solar%20ID", "client_credentials.use_refresh_token": "false", "require.pushed.authorization.requests": "false", "acr.loa.map": "{}", "display.on.consent.screen": "false", "token.response.type.bearer.lower-case": "false" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": true, "nodeReRegistrationTimeout": -1, "defaultClientScopes": [ "web-origins", "acr", "roles", "profile", "email" ], "optionalClientScopes": [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { "id": "49bc30c2-6e4c-4c57-a1ea-91073ee099e3", "clientId": "openbikesensor-portal", "name": "", "description": "", "rootUrl": "https://obs-portal.test.pub.solar", "adminUrl": "", "baseUrl": "https://obs-portal.test.pub.solar", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "secret": "secret", "redirectUris": [ "https://obs-portal.test.pub.solar/*" ], "webOrigins": [ "+" ], "notBefore": 0, "bearerOnly": false, "consentRequired": false, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": true, "serviceAccountsEnabled": false, "publicClient": false, "frontchannelLogout": true, "protocol": "openid-connect", "attributes": { "client.secret.creation.time": 1724701666039, "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "use.refresh.tokens": "true", "tls-client-certificate-bound-access-tokens": "false", "oidc.ciba.grant.enabled": "false", "backchannel.logout.session.required": "true", "client_credentials.use_refresh_token": "false", "acr.loa.map": "{}", "require.pushed.authorization.requests": "false", "display.on.consent.screen": "false", "token.response.type.bearer.lower-case": "false" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": true, "nodeReRegistrationTimeout": -1, "defaultClientScopes": [ "web-origins", "acr", "roles", "profile", "email" ], "optionalClientScopes": [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { "id": "9c267669-4de5-4203-a1c2-5b2de0003635", "clientId": "realm-management", "name": "${client_realm-management}", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "redirectUris": [], "webOrigins": [], "notBefore": 0, "bearerOnly": true, "consentRequired": false, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": false, "serviceAccountsEnabled": false, "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", "attributes": {}, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, "defaultClientScopes": [ "web-origins", "acr", "roles", "profile", "email" ], "optionalClientScopes": [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { "id": "50e53a35-6c81-4c2d-8207-54f4a3ac4c78", "clientId": "security-admin-console", "name": "${client_security-admin-console}", "rootUrl": "${authAdminUrl}", "baseUrl": "/admin/test.pub.solar/console/", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "redirectUris": [ "/admin/test.pub.solar/console/*" ], "webOrigins": [ "+" ], "notBefore": 0, "bearerOnly": false, "consentRequired": false, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": false, "serviceAccountsEnabled": false, "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, "protocolMappers": [ { "id": "9bdb45b8-f97c-442d-8ee3-769229817926", "name": "locale", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "user.attribute": "locale", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "locale", "jsonType.label": "String", "userinfo.token.claim": "true" } } ], "defaultClientScopes": [ "web-origins", "acr", "roles", "profile", "email" ], "optionalClientScopes": [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { "id": "92afe526-965a-45f3-9222-e410ec4b8be4", "clientId": "tailscale", "name": "", "description": "", "rootUrl": "", "adminUrl": "", "baseUrl": "", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "secret": "secret", "redirectUris": [ "https://login.tailscale.com/a/oauth_response" ], "webOrigins": [], "notBefore": 0, "bearerOnly": false, "consentRequired": false, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": true, "serviceAccountsEnabled": false, "publicClient": false, "frontchannelLogout": true, "protocol": "openid-connect", "attributes": { "oidc.ciba.grant.enabled": "false", "display.on.consent.screen": "false", "oauth2.device.authorization.grant.enabled": "false", "client.secret.creation.time": 1724701666039, "backchannel.logout.session.required": "true", "backchannel.logout.revoke.offline.tokens": "false" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": true, "nodeReRegistrationTimeout": -1, "defaultClientScopes": [ "web-origins", "acr", "roles", "profile", "email" ], "optionalClientScopes": [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { "id": "2d56c796-877e-46d8-8b3a-c3040cdbe615", "clientId": "tt-rss", "name": "tt-rss", "description": "", "rootUrl": "https://rss.test.pub.solar", "adminUrl": "https://rss.test.pub.solar", "baseUrl": "https://rss.test.pub.solar", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "secret": "secret", "redirectUris": [ "https://rss.test.pub.solar" ], "webOrigins": [ "https://rss.test.pub.solar" ], "notBefore": 0, "bearerOnly": false, "consentRequired": false, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": true, "serviceAccountsEnabled": false, "publicClient": false, "frontchannelLogout": true, "protocol": "openid-connect", "attributes": { "oidc.ciba.grant.enabled": "false", "display.on.consent.screen": "false", "oauth2.device.authorization.grant.enabled": "false", "client.secret.creation.time": 1724701666039, "backchannel.logout.session.required": "true", "backchannel.logout.revoke.offline.tokens": "false" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": true, "nodeReRegistrationTimeout": -1, "defaultClientScopes": [ "web-origins", "acr", "roles", "profile", "email" ], "optionalClientScopes": [ "address", "phone", "offline_access", "microprofile-jwt" ] } ], "clientScopes": [ { "id": "7a97955f-1df4-4521-a57d-b19a038b5008", "name": "microprofile-jwt", "description": "Microprofile - JWT built-in scope", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "true", "display.on.consent.screen": "false" }, "protocolMappers": [ { "id": "b222f3ee-2b6e-4bd4-8250-c1690b457262", "name": "groups", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-realm-role-mapper", "consentRequired": false, "config": { "user.attribute": "foo", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "groups", "jsonType.label": "String", "multivalued": "true" } }, { "id": "931ce4b0-3f94-409d-b28d-ce75a1d46676", "name": "upn", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { "user.attribute": "username", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "upn", "jsonType.label": "String", "userinfo.token.claim": "true" } } ] }, { "id": "6d0fe6eb-b776-4c3e-9468-763abec48df2", "name": "acr", "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "false", "display.on.consent.screen": "false" }, "protocolMappers": [ { "id": "b7d3f70f-b57f-44fe-9454-8f02aa7f8fe5", "name": "acr loa level", "protocol": "openid-connect", "protocolMapper": "oidc-acr-mapper", "consentRequired": false, "config": { "id.token.claim": "true", "access.token.claim": "true" } } ] }, { "id": "57645a5b-ce73-4e39-9c0b-76b92dca0ced", "name": "roles", "description": "OpenID Connect scope for add user roles to the access token", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "false", "consent.screen.text": "${rolesScopeConsentText}", "display.on.consent.screen": "true" }, "protocolMappers": [ { "id": "92a37264-4062-4cae-a935-d8dc2bef141d", "name": "roles", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-realm-role-mapper", "consentRequired": false, "config": { "id.token.claim": "true", "access.token.claim": "true", "claim.name": "roles", "jsonType.label": "String", "multivalued": "true", "userinfo.token.claim": "true" } }, { "id": "2bf1a28e-db9f-4aac-b9aa-3fe13bb135fb", "name": "client roles", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-client-role-mapper", "consentRequired": false, "config": { "user.attribute": "foo", "access.token.claim": "true", "claim.name": "resource_access.${client_id}.roles", "jsonType.label": "String", "multivalued": "true" } }, { "id": "d390481c-37a5-492f-bb9e-670fdc9b2a09", "name": "audience resolve", "protocol": "openid-connect", "protocolMapper": "oidc-audience-resolve-mapper", "consentRequired": false, "config": {} }, { "id": "71823193-58b0-474c-bdca-c369035fa572", "name": "realm roles", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-realm-role-mapper", "consentRequired": false, "config": { "user.attribute": "foo", "access.token.claim": "true", "claim.name": "realm_access.roles", "jsonType.label": "String", "multivalued": "true" } } ] }, { "id": "1768debd-6e76-488a-a46d-4f5eda32a10e", "name": "web-origins", "description": "OpenID Connect scope for add allowed web origins to the access token", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "false", "consent.screen.text": "", "display.on.consent.screen": "false" }, "protocolMappers": [ { "id": "91eaf891-9a35-4e8f-a17a-8827498729d8", "name": "allowed web origins", "protocol": "openid-connect", "protocolMapper": "oidc-allowed-origins-mapper", "consentRequired": false, "config": {} } ] }, { "id": "9ad3b314-4926-4fb9-9dad-bc2912739ece", "name": "profile", "description": "OpenID Connect built-in scope: profile", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "true", "consent.screen.text": "${profileScopeConsentText}", "display.on.consent.screen": "true" }, "protocolMappers": [ { "id": "9b4a04cc-34e3-4f6c-89c2-eb0c46a84c53", "name": "given name", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { "user.attribute": "firstName", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "given_name", "jsonType.label": "String", "userinfo.token.claim": "true" } }, { "id": "327f25d5-98d6-4355-b1bf-6d51f0add59e", "name": "username", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { "user.attribute": "username", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "preferred_username", "jsonType.label": "String", "userinfo.token.claim": "true" } }, { "id": "a0d8ba01-3158-4200-a0ed-b472971e1e10", "name": "website", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "user.attribute": "website", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "website", "jsonType.label": "String", "userinfo.token.claim": "true" } }, { "id": "f2257f8c-700d-425f-8cf2-e1d6795f2b01", "name": "nickname", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "user.attribute": "nickname", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "nickname", "jsonType.label": "String", "userinfo.token.claim": "true" } }, { "id": "0143f9a9-384c-4124-9e64-4cafb53eaf4f", "name": "gender", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "user.attribute": "gender", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "gender", "jsonType.label": "String", "userinfo.token.claim": "true" } }, { "id": "fc84b9a0-2505-4295-829b-5c0fd70378b2", "name": "middle name", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "user.attribute": "middleName", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "middle_name", "jsonType.label": "String", "userinfo.token.claim": "true" } }, { "id": "3a1a616f-9388-42b3-b8a1-ee08f158ec99", "name": "full name", "protocol": "openid-connect", "protocolMapper": "oidc-full-name-mapper", "consentRequired": false, "config": { "id.token.claim": "true", "access.token.claim": "true", "userinfo.token.claim": "true" } }, { "id": "927ff720-aa71-4c04-9d28-e32cd2937fd3", "name": "profile", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "user.attribute": "profile", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "profile", "jsonType.label": "String", "userinfo.token.claim": "true" } }, { "id": "01d095b6-e644-4c2f-9fcd-2b18c67a46c5", "name": "picture", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "user.attribute": "picture", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "picture", "jsonType.label": "String", "userinfo.token.claim": "true" } }, { "id": "230373d9-d8bb-4f5c-b6a9-aaedcc2a5618", "name": "zoneinfo", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "user.attribute": "zoneinfo", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "zoneinfo", "jsonType.label": "String", "userinfo.token.claim": "true" } }, { "id": "6db5cf0c-ecc8-45c7-bc40-425a0ef3a5f6", "name": "locale", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "user.attribute": "locale", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "locale", "jsonType.label": "String", "userinfo.token.claim": "true" } }, { "id": "c7cc861c-9dd8-496f-802f-bd6017e7bcbf", "name": "birthdate", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "user.attribute": "birthdate", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "birthdate", "jsonType.label": "String", "userinfo.token.claim": "true" } }, { "id": "a64dbb41-3312-4426-b60c-31707a4f7811", "name": "family name", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { "user.attribute": "lastName", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "family_name", "jsonType.label": "String", "userinfo.token.claim": "true" } }, { "id": "3636403b-8b38-451d-8400-70d2d75ea2a7", "name": "updated at", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "user.attribute": "updatedAt", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "updated_at", "jsonType.label": "long", "userinfo.token.claim": "true" } } ] }, { "id": "8f7ce907-4a00-475f-8d4f-5d83448256d6", "name": "offline_access", "description": "OpenID Connect built-in scope: offline_access", "protocol": "openid-connect", "attributes": { "consent.screen.text": "${offlineAccessScopeConsentText}", "display.on.consent.screen": "true" } }, { "id": "fe3ed7de-cf40-4c3c-921f-c0af091d8a3c", "name": "role_list", "description": "SAML role list", "protocol": "saml", "attributes": { "consent.screen.text": "${samlRoleListScopeConsentText}", "display.on.consent.screen": "true" }, "protocolMappers": [ { "id": "f5741693-65be-49bc-bf4f-c717ad1c159d", "name": "role list", "protocol": "saml", "protocolMapper": "saml-role-list-mapper", "consentRequired": false, "config": { "single": "true", "attribute.nameformat": "Basic", "attribute.name": "Role" } } ] }, { "id": "3dacdfcf-e86d-44fb-be12-e9d05c858121", "name": "email", "description": "OpenID Connect built-in scope: email", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "true", "consent.screen.text": "${emailScopeConsentText}", "display.on.consent.screen": "true" }, "protocolMappers": [ { "id": "3ba989a9-9659-4e1e-ab3e-2cd6357abca5", "name": "email verified", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { "user.attribute": "emailVerified", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "email_verified", "jsonType.label": "boolean", "userinfo.token.claim": "true" } }, { "id": "9c727f43-b33d-413a-830f-3640a58e3af7", "name": "email", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { "user.attribute": "email", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "email", "jsonType.label": "String", "userinfo.token.claim": "true" } } ] }, { "id": "e1a49b03-0235-47bf-8c6d-6f4134f2a627", "name": "phone", "description": "OpenID Connect built-in scope: phone", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "true", "consent.screen.text": "${phoneScopeConsentText}", "display.on.consent.screen": "true" }, "protocolMappers": [ { "id": "c2efaab6-8177-4f16-a27a-3ab93229b60a", "name": "phone number verified", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "user.attribute": "phoneNumberVerified", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "phone_number_verified", "jsonType.label": "boolean", "userinfo.token.claim": "true" } }, { "id": "92179260-b057-4bcc-a903-05f937a3254d", "name": "phone number", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "user.attribute": "phoneNumber", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "phone_number", "jsonType.label": "String", "userinfo.token.claim": "true" } } ] }, { "id": "6721b07c-704b-4ccc-a6b2-995df73c568f", "name": "address", "description": "OpenID Connect built-in scope: address", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "true", "consent.screen.text": "${addressScopeConsentText}", "display.on.consent.screen": "true" }, "protocolMappers": [ { "id": "1b28c15b-e6de-4a1d-83a0-58a519033338", "name": "address", "protocol": "openid-connect", "protocolMapper": "oidc-address-mapper", "consentRequired": false, "config": { "user.attribute.formatted": "formatted", "user.attribute.country": "country", "user.attribute.postal_code": "postal_code", "userinfo.token.claim": "true", "user.attribute.street": "street", "id.token.claim": "true", "user.attribute.region": "region", "access.token.claim": "true", "user.attribute.locality": "locality" } } ] } ], "defaultDefaultClientScopes": [ "role_list", "profile", "email", "roles", "web-origins", "acr" ], "defaultOptionalClientScopes": [ "offline_access", "address", "phone", "microprofile-jwt" ], "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", "xXSSProtection": "1; mode=block", "strictTransportSecurity": "max-age=31536000; includeSubDomains" }, "smtpServer": { "password": "**********", "replyToDisplayName": "test.pub.solar Support", "starttls": "false", "auth": "true", "port": "465", "replyTo": "admins@test.pub.solar", "host": "mail.test.pub.solar", "from": "keycloak@test.pub.solar", "fromDisplayName": "test.pub.solar ID", "envelopeFrom": "", "ssl": "true", "user": "admins@test.pub.solar" }, "loginTheme": "test.pub.solar", "accountTheme": "test.pub.solar", "adminTheme": "test.pub.solar", "emailTheme": "test.pub.solar", "eventsEnabled": false, "eventsListeners": [ "jboss-logging" ], "enabledEventTypes": [], "adminEventsEnabled": true, "adminEventsDetailsEnabled": false, "identityProviders": [], "identityProviderMappers": [], "components": { "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ { "id": "89713f44-8fd5-473f-abe9-f4d27fcbbb11", "name": "Trusted Hosts", "providerId": "trusted-hosts", "subType": "anonymous", "subComponents": {}, "config": { "host-sending-registration-request-must-match": [ "true" ], "client-uris-must-match": [ "true" ] } }, { "id": "109840f6-fe6d-413f-a92f-984ec519bace", "name": "Max Clients Limit", "providerId": "max-clients", "subType": "anonymous", "subComponents": {}, "config": { "max-clients": [ "200" ] } }, { "id": "12cd90ef-89e3-411e-8dc9-30b4b360526c", "name": "Allowed Client Scopes", "providerId": "allowed-client-templates", "subType": "anonymous", "subComponents": {}, "config": { "allow-default-scopes": [ "true" ] } }, { "id": "93f5007f-4271-4ab5-b055-61bd70789eea", "name": "Allowed Protocol Mapper Types", "providerId": "allowed-protocol-mappers", "subType": "authenticated", "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ "oidc-usermodel-property-mapper", "oidc-address-mapper", "saml-role-list-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-attribute-mapper", "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-full-name-mapper" ] } }, { "id": "551237c4-bd4a-4e65-ad2b-67adab62f368", "name": "Full Scope Disabled", "providerId": "scope", "subType": "anonymous", "subComponents": {}, "config": {} }, { "id": "330eb614-8b38-4414-ad7a-0ae51083044d", "name": "Allowed Client Scopes", "providerId": "allowed-client-templates", "subType": "authenticated", "subComponents": {}, "config": { "allow-default-scopes": [ "true" ] } }, { "id": "ca9bd5bb-21b2-401a-b5d0-0d5764f1b73a", "name": "Allowed Protocol Mapper Types", "providerId": "allowed-protocol-mappers", "subType": "anonymous", "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ "oidc-usermodel-property-mapper", "saml-user-attribute-mapper", "oidc-full-name-mapper", "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", "saml-role-list-mapper", "oidc-address-mapper", "oidc-sha256-pairwise-sub-mapper" ] } }, { "id": "49561521-b026-4fca-954b-49b7c527dc3a", "name": "Consent Required", "providerId": "consent-required", "subType": "anonymous", "subComponents": {}, "config": {} } ], "org.keycloak.userprofile.UserProfileProvider": [ { "id": "48ba8848-a3a6-4444-918f-9663abe09391", "providerId": "declarative-user-profile", "subComponents": {}, "config": { "kc.user.profile.config": [ "{\"attributes\":[{\"name\":\"username\",\"displayName\":\"${username}\",\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"validations\":{\"length\":{\"min\":3,\"max\":255},\"username-prohibited-characters\":{},\"up-username-not-idn-homograph\":{}}},{\"name\":\"email\",\"displayName\":\"${email}\",\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"validations\":{\"email\":{},\"length\":{\"max\":255}}},{\"name\":\"firstName\",\"displayName\":\"${firstName}\",\"permissions\":{\"edit\":[\"admin\",\"user\"],\"view\":[\"admin\",\"user\"]},\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"annotations\":{},\"group\":null},{\"name\":\"lastName\",\"displayName\":\"${lastName}\",\"permissions\":{\"edit\":[\"admin\",\"user\"],\"view\":[\"admin\",\"user\"]},\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"selector\":{\"scopes\":[\"microprofile-jwt\",\"acr\",\"roles\",\"web-origins\",\"profile\",\"offline_access\",\"role_list\",\"email\",\"phone\",\"address\"]},\"annotations\":{},\"group\":null}]}" ] } } ], "org.keycloak.keys.KeyProvider": [ { "id": "27867206-2a90-4889-90eb-2a289a17bba9", "name": "aes-generated", "providerId": "aes-generated", "subComponents": {}, "config": { "priority": [ "100" ] } }, { "id": "37c64054-1aa5-4ade-a132-084dfdbbf290", "name": "hmac-generated", "providerId": "hmac-generated", "subComponents": {}, "config": { "priority": [ "100" ], "algorithm": [ "HS256" ] } }, { "id": "e7e81798-74aa-4232-bced-f8d94af77186", "name": "rsa-generated", "providerId": "rsa-generated", "subComponents": {}, "config": { "priority": [ "100" ] } }, { "id": "1e1ffc41-1c09-4953-bcd7-ac4b0381328a", "name": "rsa-enc-generated", "providerId": "rsa-enc-generated", "subComponents": {}, "config": { "priority": [ "100" ], "algorithm": [ "RSA-OAEP" ] } }, { "id": "28bc97a0-1328-4f6a-a98b-64d7fd0de8c3", "name": "fallback-HS512", "providerId": "hmac-generated", "subComponents": {}, "config": { "priority": [ "-100" ], "algorithm": [ "HS512" ] } } ] }, "internationalizationEnabled": true, "supportedLocales": [ "de", "en" ], "defaultLocale": "en", "authenticationFlows": [ { "id": "ce72bdaa-3251-44c7-809f-5e246f29fad3", "alias": "2FA_new", "description": "", "providerId": "basic-flow", "topLevel": false, "builtIn": false, "authenticationExecutions": [ { "authenticator": "conditional-user-configured", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 0, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "webauthn-authenticator", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 1, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 2, "autheticatorFlow": false, "userSetupAllowed": false } ] }, { "id": "3db2c722-66fd-4069-882b-5a9d78688760", "alias": "Account verification options", "description": "Method with which to verity the existing account", "providerId": "basic-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticator": "idp-email-verification", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", "userSetupAllowed": false } ] }, { "id": "271b2e17-075d-4aad-9bab-c08e40b7d465", "alias": "Authentication forms", "description": "", "providerId": "basic-flow", "topLevel": false, "builtIn": false, "authenticationExecutions": [ { "authenticator": "auth-username-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 0, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 1, "autheticatorFlow": true, "flowAlias": "Passwordless_or_2FA_new", "userSetupAllowed": false } ] }, { "id": "ad1c9730-eaf3-4e13-9127-02f501b35255", "alias": "Browser - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticator": "conditional-user-configured", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, "autheticatorFlow": false, "userSetupAllowed": false } ] }, { "id": "f4b016fc-6074-485e-a4a8-ad139d08de18", "alias": "Direct Grant - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticator": "conditional-user-configured", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, "autheticatorFlow": false, "userSetupAllowed": false } ] }, { "id": "222bbd1e-409d-451c-93d1-c0725ff1f6b3", "alias": "First broker login - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticator": "conditional-user-configured", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, "autheticatorFlow": false, "userSetupAllowed": false } ] }, { "id": "4a5cf709-4c21-451c-a891-86605e7f3ead", "alias": "Handle Existing Account", "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", "providerId": "basic-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticator": "idp-confirm-link", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, "autheticatorFlow": true, "flowAlias": "Account verification options", "userSetupAllowed": false } ] }, { "id": "004c7828-a040-4bc3-b941-de7a284c94b0", "alias": "Password_and_2FA_new", "description": "", "providerId": "basic-flow", "topLevel": false, "builtIn": false, "authenticationExecutions": [ { "authenticator": "auth-password-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 0, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 3, "autheticatorFlow": true, "flowAlias": "2FA_new", "userSetupAllowed": false } ] }, { "id": "dff9260d-f49e-423d-b821-a5200232e8d0", "alias": "Passwordless_or_2FA_new", "description": "", "providerId": "basic-flow", "topLevel": false, "builtIn": false, "authenticationExecutions": [ { "authenticator": "webauthn-authenticator-passwordless", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 0, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 1, "autheticatorFlow": true, "flowAlias": "Password_and_2FA_new", "userSetupAllowed": false } ] }, { "id": "1722cdb4-38c3-417a-9380-2eda6a33f785", "alias": "Reset - Conditional OTP", "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", "providerId": "basic-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticator": "conditional-user-configured", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, "autheticatorFlow": false, "userSetupAllowed": false } ] }, { "id": "aa454877-1434-4c2e-8545-066b4f3b4054", "alias": "User creation or linking", "description": "Flow for the existing/non-existing user alternatives", "providerId": "basic-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticatorConfig": "create unique user config", "authenticator": "idp-create-user-if-unique", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, "autheticatorFlow": true, "flowAlias": "Handle Existing Account", "userSetupAllowed": false } ] }, { "id": "42835c0a-1717-43b8-82bf-5170b67da30f", "alias": "Verify Existing Account by Re-authentication", "description": "Reauthentication of existing account", "providerId": "basic-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticator": "idp-username-password-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", "userSetupAllowed": false } ] }, { "id": "f36074df-ca57-4156-a946-665b77ef9a98", "alias": "Webauthn Browser", "description": "browser based authentication with Webauthn enabled", "providerId": "basic-flow", "topLevel": true, "builtIn": false, "authenticationExecutions": [ { "authenticator": "auth-cookie", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorConfig": "Identity Provider Redirector", "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 31, "autheticatorFlow": true, "flowAlias": "Authentication forms", "userSetupAllowed": false } ] }, { "id": "84aeccff-bd3f-4432-9c41-6cdfd68ec8e5", "alias": "Webauthn Browser no required username 2FA", "description": "", "providerId": "basic-flow", "topLevel": false, "builtIn": false, "authenticationExecutions": [ { "authenticator": "conditional-user-configured", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 0, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "webauthn-authenticator", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 1, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 2, "autheticatorFlow": false, "userSetupAllowed": false } ] }, { "id": "9c5ad713-27b7-4dc1-a721-3460fc7ddfe0", "alias": "Webauthn Browser no required username Password_and_2FA", "description": "Flow to determine if password + 2FA is required for the authentication", "providerId": "basic-flow", "topLevel": false, "builtIn": false, "authenticationExecutions": [ { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 23, "autheticatorFlow": true, "flowAlias": "Webauthn Browser no required username 2FA", "userSetupAllowed": false } ] }, { "id": "ce06e5fa-237a-46d4-89da-94401f4b42e0", "alias": "browser", "description": "browser based authentication", "providerId": "basic-flow", "topLevel": true, "builtIn": true, "authenticationExecutions": [ { "authenticator": "auth-cookie", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, "autheticatorFlow": true, "flowAlias": "forms", "userSetupAllowed": false } ] }, { "id": "f922a19b-a3ae-4e31-981c-e5e05c48063d", "alias": "clients", "description": "Base authentication for clients", "providerId": "client-flow", "topLevel": true, "builtIn": true, "authenticationExecutions": [ { "authenticator": "client-secret", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, "autheticatorFlow": false, "userSetupAllowed": false } ] }, { "id": "4d29a72e-cfc1-4a39-be48-5fe985b46244", "alias": "direct grant", "description": "OpenID Connect Resource Owner Grant", "providerId": "basic-flow", "topLevel": true, "builtIn": true, "authenticationExecutions": [ { "authenticator": "direct-grant-validate-username", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", "userSetupAllowed": false } ] }, { "id": "2829ac62-1d83-4912-b63b-e8710ae0b4c2", "alias": "docker auth", "description": "Used by Docker clients to authenticate against the IDP", "providerId": "basic-flow", "topLevel": true, "builtIn": true, "authenticationExecutions": [ { "authenticator": "docker-http-basic-authenticator", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false } ] }, { "id": "401235ad-1f4d-4764-afb6-5a8adf244604", "alias": "first broker login", "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", "providerId": "basic-flow", "topLevel": true, "builtIn": true, "authenticationExecutions": [ { "authenticatorConfig": "review profile config", "authenticator": "idp-review-profile", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, "autheticatorFlow": true, "flowAlias": "User creation or linking", "userSetupAllowed": false } ] }, { "id": "d833da39-216f-4400-8e84-db5446a0e651", "alias": "forms", "description": "Username, password, otp and other auth forms.", "providerId": "basic-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticator": "auth-username-password-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", "userSetupAllowed": false } ] }, { "id": "b3edb2a4-48fa-40b6-bcf3-5f178fc1e45e", "alias": "registration", "description": "registration flow", "providerId": "basic-flow", "topLevel": true, "builtIn": true, "authenticationExecutions": [ { "authenticator": "registration-page-form", "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": true, "flowAlias": "registration form", "userSetupAllowed": false } ] }, { "id": "568f69e7-a69c-4299-ab41-c66473e98d01", "alias": "registration form", "description": "registration form", "providerId": "form-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticator": "registration-user-creation", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, "autheticatorFlow": false, "userSetupAllowed": false } ] }, { "id": "4ae2919a-2033-4201-b9fc-b9f3320e939f", "alias": "reset credentials", "description": "Reset credentials for a user if they forgot their password or something", "providerId": "basic-flow", "topLevel": true, "builtIn": true, "authenticationExecutions": [ { "authenticator": "reset-credentials-choose-user", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", "userSetupAllowed": false } ] }, { "id": "ff50f985-4ab1-428b-b0c8-2fd99f109198", "alias": "saml ecp", "description": "SAML ECP Profile Authentication Flow", "providerId": "basic-flow", "topLevel": true, "builtIn": true, "authenticationExecutions": [ { "authenticator": "http-basic-authenticator", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false } ] } ], "authenticatorConfig": [ { "id": "9794787b-bc86-4440-b6ae-eed8705e32ae", "alias": "Identity Provider Redirector", "config": { "defaultProvider": "oidc" } }, { "id": "01d47dfc-83a7-49c6-89a1-ac543fe92f58", "alias": "create unique user config", "config": { "require.password.update.after.registration": "false" } }, { "id": "7dce77a9-dba9-4fca-9aa4-8b78ed48ca4f", "alias": "review profile config", "config": { "update.profile.on.first.login": "missing" } } ], "requiredActions": [ { "alias": "CONFIGURE_TOTP", "name": "Configure OTP", "providerId": "CONFIGURE_TOTP", "enabled": true, "defaultAction": false, "priority": 10, "config": {} }, { "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, "config": {} }, { "alias": "UPDATE_PASSWORD", "name": "Update Password", "providerId": "UPDATE_PASSWORD", "enabled": true, "defaultAction": false, "priority": 30, "config": {} }, { "alias": "UPDATE_PROFILE", "name": "Update Profile", "providerId": "UPDATE_PROFILE", "enabled": true, "defaultAction": false, "priority": 40, "config": {} }, { "alias": "VERIFY_EMAIL", "name": "Verify Email", "providerId": "VERIFY_EMAIL", "enabled": true, "defaultAction": false, "priority": 50, "config": {} }, { "alias": "delete_account", "name": "Delete Account", "providerId": "delete_account", "enabled": false, "defaultAction": false, "priority": 60, "config": {} }, { "alias": "webauthn-register", "name": "Webauthn Register", "providerId": "webauthn-register", "enabled": true, "defaultAction": false, "priority": 70, "config": {} }, { "alias": "webauthn-register-passwordless", "name": "Webauthn Register Passwordless", "providerId": "webauthn-register-passwordless", "enabled": true, "defaultAction": false, "priority": 80, "config": {} }, { "alias": "update_user_locale", "name": "Update User Locale", "providerId": "update_user_locale", "enabled": true, "defaultAction": false, "priority": 1000, "config": {} } ], "browserFlow": "Webauthn Browser", "registrationFlow": "registration", "directGrantFlow": "direct grant", "resetCredentialsFlow": "reset credentials", "clientAuthenticationFlow": "clients", "dockerAuthenticationFlow": "docker auth", "attributes": { "cibaBackchannelTokenDeliveryMode": "poll", "cibaAuthRequestedUserHint": "login_hint", "oauth2DevicePollingInterval": "5", "clientOfflineSessionMaxLifespan": "0", "clientSessionIdleTimeout": "0", "userProfileEnabled": "true", "clientOfflineSessionIdleTimeout": "0", "cibaInterval": "5", "realmReusableOtpCode": "false", "cibaExpiresIn": "120", "oauth2DeviceCodeLifespan": "600", "parRequestUriLifespan": "60", "clientSessionMaxLifespan": "0" }, "keycloakVersion": "24.0.5", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] }, "clientPolicies": { "policies": [] } }