diff --git a/README.md b/README.md index 88a876c9..37cef586 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ This repository contains the reference configuration to deploy the Catena-X (CX) specific Keycloak instances. -The instances depend on the [helm chart from Bitnami](https://artifacthub.io/packages/helm/bitnami/keycloak) (chart version 19.3.0, app version 23.0.7). +The instances depend on the [helm chart from Bitnami](https://artifacthub.io/packages/helm/bitnami/keycloak) (chart version 23.0.0, app version 25.0.6). The repository is split up in: diff --git a/charts/centralidp/Chart.yaml b/charts/centralidp/Chart.yaml index 5920cf43..0260f8ae 100644 --- a/charts/centralidp/Chart.yaml +++ b/charts/centralidp/Chart.yaml @@ -21,7 +21,7 @@ apiVersion: v2 name: centralidp type: application version: 4.0.0-alpha.2 -appVersion: 23.0.7 +appVersion: 25.0.6 description: Helm chart for Central Keycloak Instance home: https://github.com/eclipse-tractusx/portal-iam sources: @@ -29,4 +29,4 @@ sources: dependencies: - name: keycloak repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami - version: 19.3.0 + version: 23.0.0 diff --git a/charts/centralidp/README.md b/charts/centralidp/README.md index 62e8cf02..88796c04 100644 --- a/charts/centralidp/README.md +++ b/charts/centralidp/README.md @@ -1,6 +1,6 @@ # Helm chart for Central Keycloak Instance -![Version: 4.0.0-alpha.2](https://img.shields.io/badge/Version-4.0.0--alpha.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 23.0.7](https://img.shields.io/badge/AppVersion-23.0.7-informational?style=flat-square) +![Version: 4.0.0-alpha.2](https://img.shields.io/badge/Version-4.0.0--alpha.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 25.0.6](https://img.shields.io/badge/AppVersion-25.0.6-informational?style=flat-square) This helm chart installs the Helm chart for Central Keycloak Instance. @@ -36,7 +36,7 @@ dependencies: | Repository | Name | Version | |------------|------|---------| -| https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami | keycloak | 19.3.0 | +| https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami | keycloak | 23.0.0 | ## Values @@ -46,7 +46,6 @@ dependencies: | keycloak.auth.adminPassword | string | `""` | centralidp Keycloak administrator password. | | keycloak.auth.existingSecret | string | `""` | Secret containing the password for admin username 'admin'. | | keycloak.production | bool | `false` | Run Keycloak in production mode. TLS configuration is required except when using proxy=edge. | -| keycloak.proxy | string | `"passthrough"` | reverse Proxy mode edge, reencrypt, passthrough or none; ref: https://www.keycloak.org/server/reverseproxy; If your ingress controller has the SSL Termination, you should set proxy to edge. | | keycloak.httpRelativePath | string | `"/auth/"` | Setting the path relative to '/' for serving resources: as we're migrating from 16.1.1 version which was using the trailing 'auth', we're setting it to '/auth/'. ref: https://www.keycloak.org/migration/migrating-to-quarkus#_default_context_path_changed | | keycloak.replicaCount | int | `1` | | | keycloak.extraVolumes[0].name | string | `"themes"` | | @@ -111,7 +110,8 @@ Please see notes at [Values.seeding](values.yaml#L153) for upgrading the configu ### To 4.0.0 -Documentation is WIP. +This major changes from the Keycloak version from 23.0.7 to 25.0.6. +No major issues are expected during the upgrade. Nonetheless, a blue-green deployment approach - [as outlined for previous major version upgrades](#upgrade-approach) - is recommended. ### To 3.0.1 diff --git a/charts/centralidp/README.md.gotmpl b/charts/centralidp/README.md.gotmpl index dc4d2013..40558b05 100644 --- a/charts/centralidp/README.md.gotmpl +++ b/charts/centralidp/README.md.gotmpl @@ -44,7 +44,8 @@ Please see notes at [Values.seeding](values.yaml#L153) for upgrading the configu ### To 4.0.0 -Documentation is WIP. +This major changes from the Keycloak version from 23.0.7 to 25.0.6. +No major issues are expected during the upgrade. Nonetheless, a blue-green deployment approach - [as outlined for previous major version upgrades](#upgrade-approach) - is recommended. ### To 3.0.1 diff --git a/charts/centralidp/values.yaml b/charts/centralidp/values.yaml index 9eaa7d4d..947fb741 100644 --- a/charts/centralidp/values.yaml +++ b/charts/centralidp/values.yaml @@ -26,10 +26,6 @@ keycloak: existingSecret: "" # -- Run Keycloak in production mode. TLS configuration is required except when using proxy=edge. production: false - # -- reverse Proxy mode edge, reencrypt, passthrough or none; - # ref: https://www.keycloak.org/server/reverseproxy; - # If your ingress controller has the SSL Termination, you should set proxy to edge. - proxy: passthrough # -- Setting the path relative to '/' for serving resources: # as we're migrating from 16.1.1 version which was using the trailing 'auth', we're setting it to '/auth/'. # ref: https://www.keycloak.org/migration/migrating-to-quarkus#_default_context_path_changed diff --git a/charts/sharedidp/Chart.yaml b/charts/sharedidp/Chart.yaml index f19cd267..ad0c0d80 100644 --- a/charts/sharedidp/Chart.yaml +++ b/charts/sharedidp/Chart.yaml @@ -21,7 +21,7 @@ apiVersion: v2 name: sharedidp type: application version: 4.0.0-alpha.1 -appVersion: 23.0.7 +appVersion: 25.0.6 description: Helm chart for Shared Keycloak Instance home: https://github.com/eclipse-tractusx/portal-iam sources: @@ -29,4 +29,4 @@ sources: dependencies: - name: keycloak repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami - version: 19.3.0 + version: 23.0.0 diff --git a/charts/sharedidp/README.md b/charts/sharedidp/README.md index 0f170e26..82485c5a 100644 --- a/charts/sharedidp/README.md +++ b/charts/sharedidp/README.md @@ -1,6 +1,6 @@ # Helm chart for Shared Keycloak Instance -![Version: 4.0.0-alpha.1](https://img.shields.io/badge/Version-4.0.0--alpha.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 23.0.7](https://img.shields.io/badge/AppVersion-23.0.7-informational?style=flat-square) +![Version: 4.0.0-alpha.1](https://img.shields.io/badge/Version-4.0.0--alpha.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 25.0.6](https://img.shields.io/badge/AppVersion-25.0.6-informational?style=flat-square) This helm chart installs the Helm chart for Shared Keycloak Instance. @@ -36,7 +36,7 @@ dependencies: | Repository | Name | Version | |------------|------|---------| -| https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami | keycloak | 19.3.0 | +| https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami | keycloak | 23.0.0 | ## Values @@ -46,7 +46,6 @@ dependencies: | keycloak.auth.adminPassword | string | `""` | sharedidp Keycloak administrator password. | | keycloak.auth.existingSecret | string | `""` | Secret containing the password for admin username 'admin'. | | keycloak.production | bool | `false` | Run Keycloak in production mode. TLS configuration is required except when using proxy=edge. | -| keycloak.proxy | string | `"passthrough"` | reverse Proxy mode edge, reencrypt, passthrough or none; ref: https://www.keycloak.org/server/reverseproxy; If your ingress controller has the SSL Termination, you should set proxy to edge. | | keycloak.httpRelativePath | string | `"/auth/"` | Setting the path relative to '/' for serving resources: as we're migrating from 16.1.1 version which was using the trailing 'auth', we're setting it to '/auth/'. ref: https://www.keycloak.org/migration/migrating-to-quarkus#_default_context_path_changed | | keycloak.replicaCount | int | `1` | | | keycloak.extraVolumes[0].name | string | `"themes-catenax-shared"` | | @@ -118,7 +117,8 @@ Autogenerated with [helm docs](https://github.com/norwoodj/helm-docs) ### To 4.0.0 -Documentation is WIP. +This major changes from the Keycloak version from 23.0.7 to 25.0.6. +No major issues are expected during the upgrade. Nonetheless, a blue-green deployment approach - [as outlined for previous major version upgrades](#upgrade-approach) - is recommended. ### To 3.0.1 diff --git a/charts/sharedidp/README.md.gotmpl b/charts/sharedidp/README.md.gotmpl index fd6a6bea..a7d8f385 100644 --- a/charts/sharedidp/README.md.gotmpl +++ b/charts/sharedidp/README.md.gotmpl @@ -42,7 +42,8 @@ Autogenerated with [helm docs](https://github.com/norwoodj/helm-docs) ### To 4.0.0 -Documentation is WIP. +This major changes from the Keycloak version from 23.0.7 to 25.0.6. +No major issues are expected during the upgrade. Nonetheless, a blue-green deployment approach - [as outlined for previous major version upgrades](#upgrade-approach) - is recommended. ### To 3.0.1 diff --git a/charts/sharedidp/templates/job-seeding.yaml b/charts/sharedidp/templates/job-seeding.yaml index 3f3ad8b0..118130c0 100644 --- a/charts/sharedidp/templates/job-seeding.yaml +++ b/charts/sharedidp/templates/job-seeding.yaml @@ -126,6 +126,8 @@ spec: secretKeyRef: name: "{{ template "sharedidp.secret.realmSeeding.cxOperator" . }}" key: "initial-user-password" + - name: "KEYCLOAKSEEDING__REALMS__0__USERS__0__REALMROLES__0" + value: "default-roles-cx-operator" ############################# ## CX-OPERATOR MAIL CONFIG diff --git a/charts/sharedidp/values.yaml b/charts/sharedidp/values.yaml index ba5f5c45..bbdb46ac 100644 --- a/charts/sharedidp/values.yaml +++ b/charts/sharedidp/values.yaml @@ -26,10 +26,6 @@ keycloak: existingSecret: "" # -- Run Keycloak in production mode. TLS configuration is required except when using proxy=edge. production: false - # -- reverse Proxy mode edge, reencrypt, passthrough or none; - # ref: https://www.keycloak.org/server/reverseproxy; - # If your ingress controller has the SSL Termination, you should set proxy to edge. - proxy: passthrough # -- Setting the path relative to '/' for serving resources: # as we're migrating from 16.1.1 version which was using the trailing 'auth', we're setting it to '/auth/'. # ref: https://www.keycloak.org/migration/migrating-to-quarkus#_default_context_path_changed diff --git a/environments/helm-values/centralidp/values-int.yaml b/environments/helm-values/centralidp/values-int.yaml index 681485d4..6e51fe01 100644 --- a/environments/helm-values/centralidp/values-int.yaml +++ b/environments/helm-values/centralidp/values-int.yaml @@ -19,7 +19,6 @@ keycloak: production: true - proxy: edge auth: adminPassword: "" ingress: diff --git a/environments/helm-values/centralidp/values-stable.yaml b/environments/helm-values/centralidp/values-stable.yaml index 88c3987d..205ee0d3 100644 --- a/environments/helm-values/centralidp/values-stable.yaml +++ b/environments/helm-values/centralidp/values-stable.yaml @@ -19,7 +19,6 @@ keycloak: production: true - proxy: edge auth: adminPassword: "" ingress: diff --git a/import/realm-config/generic/catenax-central/CX-Central-realm.json b/import/realm-config/generic/catenax-central/CX-Central-realm.json index 70dee756..934dc4d6 100644 --- a/import/realm-config/generic/catenax-central/CX-Central-realm.json +++ b/import/realm-config/generic/catenax-central/CX-Central-realm.json @@ -38,6 +38,7 @@ "editUsernameAllowed": false, "bruteForceProtected": true, "permanentLockout": false, + "maxTemporaryLockouts": 0, "maxFailureWaitSeconds": 900, "minimumQuickLoginWaitSeconds": 60, "waitIncrementSeconds": 60, @@ -47,25 +48,7 @@ "roles": { "realm": [ { - "id": "9ed742fe-ac2e-462c-ab1f-09895db556b6", - "name": "uma_authorization", - "description": "${role_uma_authorization}", - "composite": false, - "clientRole": false, - "containerId": "CX-Central", - "attributes": {} - }, - { - "id": "fd7248cf-7b65-4dbf-ae84-7a967e8ec7c2", - "name": "user", - "description": "basic user", - "composite": false, - "clientRole": false, - "containerId": "CX-Central", - "attributes": {} - }, - { - "id": "4c19f2aa-f9b9-473e-ba5c-46c2f4e52c8b", + "id": "4a50b303-b315-4298-9ced-328556345fa0", "name": "default-roles-cx-central", "description": "${role_default-roles}", "composite": true, @@ -75,12 +58,12 @@ "uma_authorization" ], "client": { - "Cl23-CX-Policy-Hub": [ - "view_policy_hub" - ], "account": [ "manage-account", "view-profile" + ], + "Cl23-CX-Policy-Hub": [ + "view_policy_hub" ] } }, @@ -89,13 +72,31 @@ "attributes": {} }, { - "id": "1ec798aa-cd95-43bd-9494-b1883e451fbb", + "id": "434ad24a-f4a4-42e8-9e86-7971e6bb9a9f", "name": "offline_access", "description": "${role_offline-access}", "composite": false, "clientRole": false, "containerId": "CX-Central", "attributes": {} + }, + { + "id": "6a7e1912-0dea-4326-94fe-3d446ab8775c", + "name": "user", + "description": "basic user", + "composite": false, + "clientRole": false, + "containerId": "CX-Central", + "attributes": {} + }, + { + "id": "840eca9d-41cb-4f73-af62-f6fe4e62e08d", + "name": "uma_authorization", + "description": "${role_uma_authorization}", + "composite": false, + "clientRole": false, + "containerId": "CX-Central", + "attributes": {} } ], "client": { @@ -111,115 +112,161 @@ "sa-cl22-01": [], "Cl24-CX-SSI-CredentialIssuer": [ { - "id": "244d2705-e543-4594-9242-e66ff906748e", - "name": "request_ssicredential", + "id": "ee754e05-f5d1-4ec2-91bf-db39341bffa3", + "name": "view_use_case_participation", "description": "", "composite": false, "clientRole": true, - "containerId": "60306526-b937-4244-ac89-cc1283c8ed74", + "containerId": "8f0db9fa-8c92-48de-93e6-e7f619fb5ac5", "attributes": {} }, { - "id": "e5909b95-c17b-455d-b995-8d768f271e07", + "id": "6b023c6e-3086-4a79-b1ad-1c6200ad7a9a", "name": "revoke_credential", "description": "", "composite": false, "clientRole": true, - "containerId": "60306526-b937-4244-ac89-cc1283c8ed74", + "containerId": "8f0db9fa-8c92-48de-93e6-e7f619fb5ac5", "attributes": {} }, { - "id": "b7b8d3ae-8b64-42c4-bcbf-f56f6f2a9293", - "name": "revoke_credentials_issuer", + "id": "9b978360-7a25-4951-97a8-7ad3301e99bd", + "name": "view_certificates", "description": "", "composite": false, "clientRole": true, - "containerId": "60306526-b937-4244-ac89-cc1283c8ed74", + "containerId": "8f0db9fa-8c92-48de-93e6-e7f619fb5ac5", "attributes": {} }, { - "id": "1bd890e7-fe5f-4bc0-92ef-ac5f48e621a6", - "name": "view_use_case_participation", + "id": "c83db2ed-365d-467f-81da-adcaca946d9a", + "name": "decision_ssicredential", "description": "", "composite": false, "clientRole": true, - "containerId": "60306526-b937-4244-ac89-cc1283c8ed74", + "containerId": "8f0db9fa-8c92-48de-93e6-e7f619fb5ac5", "attributes": {} }, { - "id": "f79b9b99-7a31-470a-9827-e07eb20c7c4f", - "name": "view_certificates", + "id": "e302aeb3-4611-4570-a8ac-6f69031d43d2", + "name": "revoke_credentials_issuer", "description": "", "composite": false, "clientRole": true, - "containerId": "60306526-b937-4244-ac89-cc1283c8ed74", + "containerId": "8f0db9fa-8c92-48de-93e6-e7f619fb5ac5", "attributes": {} }, { - "id": "60db179e-d678-4a51-bc31-6c2e55345824", - "name": "view_credential_requests", + "id": "c8e1149b-de27-4ac2-8f10-7e1e133c2da2", + "name": "request_ssicredential", "description": "", "composite": false, "clientRole": true, - "containerId": "60306526-b937-4244-ac89-cc1283c8ed74", + "containerId": "8f0db9fa-8c92-48de-93e6-e7f619fb5ac5", "attributes": {} }, { - "id": "b23c7037-0635-44c4-915d-0d77d64046a5", - "name": "decision_ssicredential", + "id": "b4ad329e-9318-4ac8-b69c-eb8cc84cf23b", + "name": "view_credential_requests", "description": "", "composite": false, "clientRole": true, - "containerId": "60306526-b937-4244-ac89-cc1283c8ed74", + "containerId": "8f0db9fa-8c92-48de-93e6-e7f619fb5ac5", "attributes": {} } ], "Cl2-CX-Portal": [ { - "id": "39ff444c-888a-4bf6-b8e1-343b66f8a067", - "name": "decline_new_partner", - "description": "User can decline a partner application", + "id": "23abd6c3-6620-4703-82b3-3582dd4381ea", + "name": "delete_own_user_account", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "c51f3a5a-02e0-414f-9c60-c2ec5c53bb09", - "name": "update_company_role", + "id": "4f73c905-9e5d-4cbb-bbb0-4ba4e4da36f5", + "name": "view_tech_user_management", + "description": "View technical users", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "46905bb9-8d3b-4666-891f-a67e8f963b3b", - "name": "view_documents", - "description": "User can view/download documents", + "id": "41fd9f3b-8523-4cfd-a1c4-8b5f4a26adef", + "name": "CX User", + "composite": true, + "composites": { + "client": { + "technical_roles_management": [ + "BPDM Pool Consumer" + ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], + "Cl1-CX-Registration": [ + "view_registration" + ], + "Cl24-CX-SSI-CredentialIssuer": [ + "view_credential_requests" + ], + "Cl2-CX-Portal": [ + "delete_own_user_account", + "delete_notifications", + "view_subscription", + "view_service_subscriptions", + "view_own_user_account", + "view_certificates", + "view_membership", + "update_own_user_account", + "view_service_marketplace", + "view_company_data", + "view_service_offering", + "view_partner_network", + "view_documents", + "view_notifications", + "view_apps", + "view_user_management" + ], + "Cl3-CX-Semantic": [ + "view_semantic_model" + ] + } + }, + "clientRole": true, + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", + "attributes": {} + }, + { + "id": "734af99a-62ad-44a1-870d-2ec1acfc46cc", + "name": "unsubscribe_apps", + "description": "", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "0769d6ca-3056-42da-84cd-35f2d535d79e", - "name": "delete_connectors", - "description": "Delete company connectors", + "id": "3a7b57e5-5205-4db4-8d15-4af7a5a012f0", + "name": "add_tech_user_management", + "description": "Create / request technical users for my org", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "54bd7ad1-0773-4c9e-b1be-5cf41faa1c05", - "name": "update_service_offering", + "id": "a7820378-d198-4f0c-924e-2bf86684707c", + "name": "view_connectors", + "description": "Look up company connectors and their details", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "d566bb6c-e621-4517-9322-26093231b77c", + "id": "319dc1ff-cd0e-49d6-87fe-15c77ec06d90", "name": "Service Manager", "composite": true, "composites": { @@ -231,825 +278,606 @@ "view_wallet" ], "Cl1-CX-Registration": [ - "delete_documents", - "view_registration" + "view_registration", + "delete_documents" ], "Cl24-CX-SSI-CredentialIssuer": [ "view_credential_requests" ], "Cl2-CX-Portal": [ - "view_license_types", - "delete_connectors", - "update_service_offering", - "view_technical_setup", "view_tech_user_management", - "view_service_marketplace", + "delete_own_user_account", + "delete_notifications", "CX User", - "view_service_offering", - "view_autosetup_status", - "add_connectors", + "add_tech_user_management", + "view_license_types", + "view_connectors", + "delete_tech_user_management", + "view_subscription", "view_own_user_account", + "add_self_descriptions", + "view_certificates", "view_use_cases", + "view_membership", + "view_technical_setup", + "view_partner_network", + "view_autosetup_status", + "technical_roles_management", "service_management", "view_idp", - "add_tech_user_management", - "view_membership", - "update_own_user_account", "add_service_offering", - "add_self_descriptions", "view_service_subscriptions", + "delete_connectors", + "add_connectors", "activate_subscription", - "view_notifications", - "view_certificates", - "technical_roles_management", - "delete_tech_user_management", - "delete_own_user_account", - "view_subscription", - "delete_notifications", - "view_connectors", - "view_partner_network" + "view_service_marketplace", + "update_own_user_account", + "view_service_offering", + "update_service_offering", + "view_notifications" ], "Cl3-CX-Semantic": [ "add_semantic_model", - "update_semantic_model", "view_semantic_model", - "delete_semantic_model" + "delete_semantic_model", + "update_semantic_model" ] } }, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "4d1ca50b-8a6e-47ee-9a9b-ed5a919bc0d5", - "name": "invite_new_partner", + "id": "1d5d0fa8-d207-4086-bfef-ca79591d52b6", + "name": "disable_idp", + "description": "disable an assigned idp", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "34742e28-1497-4222-ad1f-93ab9feac92e", - "name": "view_app_subscription", - "description": "view app subscriptions in pending, active and inactive", + "id": "5546af2e-8f02-4707-a31b-1cafca70c620", + "name": "delete_tech_user_management", + "description": "Delete a technical user", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "d41dd839-6562-4be4-8364-de787c367458", - "name": "delete_documents", + "id": "5f8eba43-3bbd-4a83-aace-28af28308b04", + "name": "view_subscription", + "description": "View my company subscriptions", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "8cceb06a-fa9d-4251-a336-9173d268c6d3", - "name": "app_management", - "description": "can manage apps", + "id": "663faf7d-e060-428b-988a-34d4468d33c4", + "name": "add_apps", + "description": "Users with this role can publish new apps in the Marketplace", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "1290996a-0229-49b8-8aa4-732f4d27f5fa", - "name": "view_company_data", - "description": "view_company_data", + "id": "853cc861-110e-4bbf-8e37-ce51f36736c3", + "name": "view_own_user_account", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "ff9d65f5-dbdf-4971-8042-f36bb23cc52c", - "name": "approve_app_release", - "description": "User can approve apps to get released on the marketplace", + "id": "99738b16-5f9a-4fb9-955a-b89538f973eb", + "name": "view_submitted_applications", + "description": "Users with this right can view submitted applications and the respective application status", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "27521792-5070-4dd9-93ed-d4fea69877e2", - "name": "view_app_language", - "description": "View available app language", + "id": "fc2e1d61-44b3-45b7-b5ff-ed6ab5e8d653", + "name": "add_self_descriptions", + "description": "add self descriptions", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "c41486f4-86d3-4b9b-9fb0-ceeaaf718268", - "name": "modify_user_account", - "description": "Users with this right can modify users related to their company", + "id": "c7fd1b1b-bfa1-49e2-b65e-78988d197922", + "name": "view_certificates", + "composite": false, + "clientRole": true, + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", + "attributes": {} + }, + { + "id": "2954131f-4352-473d-8ab7-ed316508e285", + "name": "view_use_cases", + "description": "Users can view available use cases in the network", + "composite": false, + "clientRole": true, + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", + "attributes": {} + }, + { + "id": "ab4580b8-27df-4d61-af88-b833d07a1318", + "name": "subscribe_service", + "description": "subscribe_service", + "composite": false, + "clientRole": true, + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", + "attributes": {} + }, + { + "id": "5ad43989-2b54-466b-8fac-7febaa709c2e", + "name": "view_membership", + "description": "view_membership", + "composite": false, + "clientRole": true, + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", + "attributes": {} + }, + { + "id": "7d04e5d9-d38f-4577-b067-caa0f0b48f2a", + "name": "view_company_data", + "description": "view_company_data", + "composite": false, + "clientRole": true, + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", + "attributes": {} + }, + { + "id": "6e675aa5-c3ea-4dee-925d-7867c15c2397", + "name": "view_technical_setup", + "description": "Users with this right can setup EDC /IDP/etc.", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "19c0e799-4ffd-4709-8b38-45540c677e50", + "id": "44a40a71-d1c3-4745-8d9b-ff5c269006a9", "name": "view_autosetup_status", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "03490917-fd0d-4893-b901-3a426d3958db", - "name": "App Developer", + "id": "bb722687-58d6-40f7-9c27-a5150aae3f45", + "name": "Business Partner Data Manager", + "description": "", "composite": true, "composites": { "client": { "technical_roles_management": [ - "BPDM Pool Consumer" - ], - "Cl5-CX-Custodian": [ - "view_wallet" - ], - "Cl1-CX-Registration": [ - "view_registration" + "BPDM Pool Consumer", + "BPDM Sharing Output Consumer", + "BPDM Sharing Input Manager" ], "Cl24-CX-SSI-CredentialIssuer": [ "view_credential_requests" ], "Cl2-CX-Portal": [ - "view_license_types", - "view_technical_setup", - "view_tech_user_management", - "view_service_subscriptions", - "app_management", - "view_certificates", - "view_app_language", - "technical_roles_management", - "CX User", - "edit_apps", - "view_use_cases", - "view_apps" + "CX User" ] } }, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "5c0d11f9-a90d-4960-9917-450b70b419f2", - "name": "Business Admin", - "composite": true, - "composites": { - "client": { - "technical_roles_management": [ - "BPDM Pool Consumer" - ], - "Cl5-CX-Custodian": [ - "view_wallet" - ], - "Cl1-CX-Registration": [ - "view_registration" - ], - "Cl24-CX-SSI-CredentialIssuer": [ - "view_credential_requests", - "revoke_credential", - "request_ssicredential", - "view_use_case_participation", - "view_certificates" - ], - "Cl2-CX-Portal": [ - "view_documents", - "view_app_subscription", - "add_user_account", - "view_company_data", - "view_service_marketplace", - "modify_user_account", - "view_service_offering", - "view_autosetup_status", - "unsubscribe_apps", - "upload_certificates", - "view_own_user_account", - "view_user_management", - "subscribe_apps", - "subscribe_service", - "view_membership", - "update_own_user_account", - "request_ssicredential", - "view_service_subscriptions", - "view_notifications", - "view_certificates", - "delete_certificates", - "view_client_roles", - "delete_own_user_account", - "unsubscribe_services", - "view_apps", - "view_subscription", - "view_use_case_participation", - "delete_notifications", - "view_partner_network", - "view_idp" - ], - "Cl3-CX-Semantic": [ - "add_semantic_model", - "update_semantic_model", - "view_semantic_model", - "delete_semantic_model" - ] - } - }, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "37dc74e9-9f50-49d2-9b95-402b04aa84ff", - "name": "add_connectors", - "description": "Add new connector (registration and self-description)", + "id": "1c502a5f-6560-4718-90c3-ecb1186666c7", + "name": "technical_roles_management", + "description": "technical roles management", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "c75a196c-2b82-4cd5-b572-0b70ec38e8fb", - "name": "configure_partner_registration", + "id": "f3eadb0f-7339-4a40-a6a6-95cb5c6ebacc", + "name": "service_management", "description": "", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "c9ccade7-ef44-44d2-9607-dae18ad5d2cd", - "name": "service_management", - "description": "", + "id": "c95730d8-58d6-4557-9244-4532313af853", + "name": "view_documents", + "description": "User can view/download documents", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "9f7a5a51-6a38-4d53-816a-6db01ef52111", - "name": "view_own_user_account", + "id": "4a53d366-314e-4bcf-91db-6bb1d463d637", + "name": "view_user_account", + "description": "Users with this role can view the user account of others", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "1d12d087-bcaf-4ad5-b21f-77fdce13b423", - "name": "view_user_management", - "description": "Users with this right can access the user management in CX", + "id": "6bb139c0-6c36-49bb-bfc3-a5835c21317f", + "name": "delete_user_account", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "bcfd6c59-c999-440a-91ac-396a2b0322d4", - "name": "view_idp", - "description": "User can view IdP details", + "id": "eae5dc26-bde0-4f8d-b99c-c00719735a63", + "name": "approve_app_release", + "description": "User can approve apps to get released on the marketplace", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "0cf91728-4ab6-413c-af72-4d8aee959c51", - "name": "add_apps", - "description": "Users with this role can publish new apps in the Marketplace", + "id": "4e69e88a-56f9-4088-b3f9-5d91a0585b54", + "name": "decline_app_release", + "description": "User can decline apps to not get released on the marketplace", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "146c2388-2e26-4505-b85d-6824a4f80a2e", - "name": "add_tech_user_management", - "description": "Create / request technical users for my org", + "id": "1d56de30-4e0d-47d9-9979-644fc4f4fbb7", + "name": "view_idp", + "description": "User can view IdP details", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "a88b7f46-d6c8-46bf-96e4-ec824e8eaee4", - "name": "update_application_bpn_credential", - "description": "", + "id": "900c01e7-aef9-4ff1-b05c-9347eb4b7c66", + "name": "view_use_case_participation", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "0d41349d-30a8-42c1-9e1c-2b67d69fba30", - "name": "update_own_user_account", + "id": "c80fc400-be67-4c53-ae42-a1d3cc66db94", + "name": "view_user_management", + "description": "Users with this right can access the user management in CX", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "b584419b-1973-4c80-b5f9-0d5989263bd4", - "name": "add_self_descriptions", - "description": "add self descriptions", + "id": "f0e1a96d-24e1-4283-9c1c-8bffa882efc8", + "name": "add_user_account", + "description": "Users with this right can add user accounts under their CX company", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "03897cfe-32c2-4a94-a554-0685d7de63ba", - "name": "request_ssicredential", + "id": "122a6004-a891-4312-9105-10879652b018", + "name": "upload_certificates", "description": "", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "f42c35ab-9a75-4be8-9c7d-3ca39a156eba", - "name": "view_user_account", - "description": "Users with this role can view the user account of others", + "id": "4745330d-6345-4674-a355-da6727e7cf2d", + "name": "approve_service_release", + "description": "approve_service_release", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "e5267609-478c-40b6-bf96-6495bba42cd5", - "name": "view_service_subscriptions", - "description": "User is able to view service subscription under own service", + "id": "a28b1610-a663-49e7-adbc-1b954f963d98", + "name": "add_service_offering", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "065e25ce-29db-41f2-87aa-f4003d62df62", - "name": "activate_subscription", - "description": "Activation of subscriptions", + "id": "13d8a819-c26c-4ce0-8c4d-02332ea34a76", + "name": "delete_apps", + "description": "User with this role can delete apps published in the Marketplace", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "0de2c803-1130-4ebf-9dfb-5016aadb9ca2", - "name": "setup_idp", + "id": "c0d8b798-72ce-4630-aade-d070704c0266", + "name": "delete_documents", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "26eacd86-808a-4869-ad64-564cda6b3e2f", - "name": "delete_certificates", + "id": "e556508c-37e5-4c3b-ad25-6b4d098241a7", + "name": "view_managed_idp", "description": "", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "6560b255-cbc6-4fb7-8afe-d61732e34ab1", - "name": "view_client_roles", - "description": "Users with this right can view the client roles of an app", + "id": "1f8bfb15-93c3-4981-8f07-e603c498c44b", + "name": "add_connectors", + "description": "Add new connector (registration and self-description)", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "9c81a6b2-737b-477c-9836-479605350a5f", - "name": "subscribe_service", - "description": "subscribe_service", - "composite": false, + "id": "13bba2f4-3e85-453a-bedf-a68581253e46", + "name": "Purchaser", + "composite": true, + "composites": { + "client": { + "technical_roles_management": [ + "BPDM Pool Consumer" + ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], + "Cl1-CX-Registration": [ + "view_registration" + ], + "Cl24-CX-SSI-CredentialIssuer": [ + "view_credential_requests" + ], + "Cl2-CX-Portal": [ + "CX User", + "unsubscribe_apps", + "delete_certificates", + "upload_certificates", + "unsubscribe_services", + "view_service_subscriptions", + "view_certificates", + "subscribe_service", + "view_app_subscription", + "subscribe_apps" + ] + } + }, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "3c3c8452-fd50-40bd-b223-9660233dd6af", - "name": "delete_user_account", + "id": "f4e7e6af-5107-4aff-aeba-649a4664a88c", + "name": "modify_user_account", + "description": "Users with this right can modify users related to their company", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "c78c4b1f-5578-4b31-8be4-c386fd58c55c", - "name": "view_subscription", - "description": "View my company subscriptions", + "id": "c15a401b-4ffe-406c-9d52-1c82009cd0dc", + "name": "send_mail", + "description": "", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "f4eca60a-55c3-4b53-b3ee-f93a73d497f1", - "name": "delete_notifications", - "description": "User can delete notifications", + "id": "87331d2c-8f61-4464-bfcc-2f3fc05fa757", + "name": "activate_subscription", + "description": "Activation of subscriptions", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "2e210651-de0f-4f3d-9701-6736c39dfd36", - "name": "submit_connector_sd", - "composite": false, + "id": "3cc2dbf1-3072-470b-92b1-49ef33ac0dd7", + "name": "Company Admin", + "composite": true, + "composites": { + "client": { + "technical_roles_management": [ + "BPDM Pool Consumer" + ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], + "Cl1-CX-Registration": [ + "view_registration" + ], + "Cl24-CX-SSI-CredentialIssuer": [ + "request_ssicredential", + "view_credential_requests", + "view_use_case_participation", + "revoke_credential", + "view_certificates" + ], + "Cl2-CX-Portal": [ + "view_tech_user_management", + "delete_own_user_account", + "unsubscribe_apps", + "add_tech_user_management", + "view_connectors", + "disable_idp", + "view_subscription", + "delete_tech_user_management", + "view_own_user_account", + "add_self_descriptions", + "view_certificates", + "view_use_cases", + "subscribe_service", + "view_membership", + "view_company_data", + "view_technical_setup", + "view_autosetup_status", + "technical_roles_management", + "view_documents", + "view_user_account", + "delete_user_account", + "view_user_management", + "view_idp", + "view_use_case_participation", + "add_user_account", + "upload_certificates", + "delete_documents", + "view_managed_idp", + "add_connectors", + "modify_user_account", + "update_own_user_account", + "modify_connectors", + "update_company_role", + "delete_notifications", + "view_client_roles", + "configure_partner_registration", + "request_ssicredential", + "view_app_subscription", + "view_partner_network", + "view_apps", + "add_idp", + "delete_certificates", + "setup_idp", + "unsubscribe_services", + "delete_connectors", + "view_service_marketplace", + "view_service_offering", + "subscribe_apps", + "view_app_language", + "delete_idp", + "view_notifications" + ], + "Cl3-CX-Semantic": [ + "add_semantic_model", + "view_semantic_model", + "delete_semantic_model", + "update_semantic_model" + ] + } + }, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "5c5c64c9-46c8-4876-88d0-91cdba553718", - "name": "view_license_types", + "id": "b89b547a-4b65-4207-a70e-cd4da014a7bd", + "name": "update_own_user_account", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "cbf9e4ee-77f1-4310-b461-67995552324e", - "name": "view_submitted_applications", - "description": "Users with this right can view submitted applications and the respective application status", + "id": "2da040d4-d1b9-44d9-bdcf-e03a9bae8f77", + "name": "decline_new_partner", + "description": "User can decline a partner application", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "c6e35f9f-f7c0-4899-9ce6-7cce7ea79304", - "name": "approve_new_partner", - "description": "User with this right can let new partners access the portal by approving the company registration request inside the admin board", + "id": "6c546099-edb7-4e08-b9f7-ed63701b7606", + "name": "modify_connectors", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "67ac93fa-6616-466a-b1db-5293b13c15bb", - "name": "view_technical_setup", - "description": "Users with this right can setup EDC /IDP/etc.", + "id": "cfa2ed20-e789-4738-9506-cbc1a08f4a6d", + "name": "update_company_role", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "a34170d5-779d-489b-b2bb-e1b99b88b638", - "name": "view_tech_user_management", - "description": "View technical users", + "id": "69c9f49b-43a2-41f4-b81c-6ad48b5eeb4d", + "name": "update_application_checklist_value", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "5998f67b-b190-443d-ab9b-3e76bbd73cab", - "name": "add_user_account", - "description": "Users with this right can add user accounts under their CX company", + "id": "295dce25-fb38-4395-8603-9b6b67810b1b", + "name": "update_service_offering", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "5654ef02-0b23-422e-8eb3-7bd95778db8f", - "name": "IT Admin", - "composite": true, - "composites": { - "client": { - "technical_roles_management": [ - "BPDM Pool Consumer" - ], - "Cl5-CX-Custodian": [ - "view_wallet" - ], - "Cl1-CX-Registration": [ - "view_registration" - ], - "Cl24-CX-SSI-CredentialIssuer": [ - "view_credential_requests", - "view_use_case_participation", - "revoke_credential", - "request_ssicredential", - "view_certificates" - ], - "Cl2-CX-Portal": [ - "view_documents", - "delete_connectors", - "view_company_data", - "modify_user_account", - "add_connectors", - "configure_partner_registration", - "view_own_user_account", - "view_user_management", - "view_idp", - "add_tech_user_management", - "update_own_user_account", - "add_self_descriptions", - "view_user_account", - "request_ssicredential", - "view_service_subscriptions", - "setup_idp", - "view_client_roles", - "subscribe_service", - "delete_user_account", - "view_subscription", - "delete_notifications", - "view_technical_setup", - "view_tech_user_management", - "add_user_account", - "view_managed_idp", - "view_service_marketplace", - "view_service_offering", - "disable_idp", - "add_idp", - "delete_idp", - "view_membership", - "view_notifications", - "view_certificates", - "technical_roles_management", - "delete_tech_user_management", - "delete_own_user_account", - "view_apps", - "modify_connectors", - "view_use_case_participation", - "view_connectors", - "view_partner_network" - ], - "Cl3-CX-Semantic": [ - "view_semantic_model" - ] - } - }, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "f70ac54f-c8fa-4d87-b7a6-e5a8c028cafe", - "name": "Sales Manager", - "composite": true, - "composites": { - "client": { - "technical_roles_management": [ - "BPDM Pool Consumer" - ], - "Cl5-CX-Custodian": [ - "view_wallet" - ], - "Cl1-CX-Registration": [ - "view_registration" - ], - "Cl24-CX-SSI-CredentialIssuer": [ - "view_credential_requests" - ], - "Cl2-CX-Portal": [ - "view_app_subscription", - "view_service_subscriptions", - "app_management", - "activate_subscription", - "view_certificates", - "subscribe_service", - "CX User", - "view_service_offering", - "unsubscribe_apps", - "unsubscribe_services", - "service_management", - "subscribe_apps" - ] - } - }, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "4f2b58a5-0ebd-4b91-b354-4fefd40cc811", - "name": "delete_apps", - "description": "User with this role can delete apps published in the Marketplace", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "5bcbf360-c331-4fbf-b1d2-b16b1a1ec25a", - "name": "approve_service_release", - "description": "approve_service_release", + "id": "c7d70f8e-828f-4c75-afe9-bf448de54b48", + "name": "delete_notifications", + "description": "User can delete notifications", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "21faf04f-5a8b-478a-ac93-face954ee15d", - "name": "view_managed_idp", - "description": "", + "id": "9070e274-260e-4c6c-b893-e5ea53ff4960", + "name": "view_client_roles", + "description": "Users with this right can view the client roles of an app", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "e22b8f21-abf0-4fb1-8b26-f468ed9f86ac", - "name": "Business Partner Data Manager", + "id": "794741c2-85b7-4c8f-85dd-10c4d486f492", + "name": "configure_partner_registration", "description": "", - "composite": true, - "composites": { - "client": { - "technical_roles_management": [ - "BPDM Pool Consumer", - "BPDM Sharing Output Consumer", - "BPDM Sharing Input Manager" - ], - "Cl24-CX-SSI-CredentialIssuer": [ - "view_credential_requests" - ], - "Cl2-CX-Portal": [ - "CX User" - ] - } - }, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "43a0826f-ba1a-44d4-952f-e4b879be353c", - "name": "view_service_marketplace", - "description": "view_service_marketplace", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "4581b083-0c1e-42a2-bb4c-85dfd14cfa23", - "name": "Company Admin", - "composite": true, - "composites": { - "client": { - "technical_roles_management": [ - "BPDM Pool Consumer" - ], - "Cl5-CX-Custodian": [ - "view_wallet" - ], - "Cl1-CX-Registration": [ - "view_registration" - ], - "Cl24-CX-SSI-CredentialIssuer": [ - "view_credential_requests", - "view_use_case_participation", - "revoke_credential", - "request_ssicredential", - "view_certificates" - ], - "Cl2-CX-Portal": [ - "update_company_role", - "view_documents", - "delete_connectors", - "view_app_subscription", - "delete_documents", - "view_company_data", - "view_app_language", - "modify_user_account", - "view_autosetup_status", - "add_connectors", - "configure_partner_registration", - "view_own_user_account", - "view_user_management", - "view_idp", - "add_tech_user_management", - "update_own_user_account", - "add_self_descriptions", - "view_user_account", - "request_ssicredential", - "setup_idp", - "delete_certificates", - "view_client_roles", - "subscribe_service", - "delete_user_account", - "view_subscription", - "delete_notifications", - "view_technical_setup", - "view_tech_user_management", - "add_user_account", - "view_managed_idp", - "view_service_marketplace", - "view_service_offering", - "unsubscribe_apps", - "disable_idp", - "upload_certificates", - "view_use_cases", - "subscribe_apps", - "add_idp", - "delete_idp", - "view_membership", - "view_notifications", - "view_certificates", - "technical_roles_management", - "delete_tech_user_management", - "delete_own_user_account", - "unsubscribe_services", - "view_apps", - "modify_connectors", - "view_use_case_participation", - "view_connectors", - "view_partner_network" - ], - "Cl3-CX-Semantic": [ - "view_semantic_model", - "delete_semantic_model", - "add_semantic_model", - "update_semantic_model" - ] - } - }, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "496ae7df-fabd-4977-bb81-d6eb96ad81ed", - "name": "CX User", - "composite": true, - "composites": { - "client": { - "technical_roles_management": [ - "BPDM Pool Consumer" - ], - "Cl5-CX-Custodian": [ - "view_wallet" - ], - "Cl1-CX-Registration": [ - "view_registration" - ], - "Cl24-CX-SSI-CredentialIssuer": [ - "view_credential_requests" - ], - "Cl2-CX-Portal": [ - "view_documents", - "view_membership", - "update_own_user_account", - "view_service_subscriptions", - "view_company_data", - "view_notifications", - "view_certificates", - "view_service_marketplace", - "view_service_offering", - "delete_own_user_account", - "view_own_user_account", - "view_apps", - "view_user_management", - "view_subscription", - "delete_notifications", - "view_partner_network" - ], - "Cl3-CX-Semantic": [ - "view_semantic_model" - ] - } - }, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "a1bc8bb5-03bb-465e-8795-c68e3920c51d", - "name": "view_service_offering", + "id": "9828c9a3-8bdb-4651-875f-46bd314c9b6f", + "name": "view_license_types", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "d4833daf-92a0-4509-9b45-4957ca1933d3", - "name": "unsubscribe_apps", + "id": "c079a9bf-ea92-4b29-87b3-7d054c0631e1", + "name": "store_didDocument", "description": "", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "d9609443-abd1-462f-8881-3e7d8213d785", - "name": "disable_idp", - "description": "disable an assigned idp", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "a5492307-2072-4c5d-9de3-f507f3d3302e", + "id": "c44562e5-caf4-4100-8d35-d9ef1477ab3a", "name": "App Manager", "composite": true, "composites": { @@ -1066,134 +894,129 @@ "Cl24-CX-SSI-CredentialIssuer": [ "view_credential_requests" ], - "Cl2-CX-Portal": [ - "add_apps", - "add_tech_user_management", - "view_license_types", - "view_app_subscription", - "view_service_subscriptions", - "activate_subscription", - "delete_apps", - "view_certificates", - "delete_tech_user_management", - "CX User", - "view_autosetup_status", - "App Developer", - "edit_apps", - "view_connectors" - ], "Cl3-CX-Semantic": [ "add_semantic_model", "update_semantic_model", "view_semantic_model", "delete_semantic_model" + ], + "Cl2-CX-Portal": [ + "CX User", + "add_tech_user_management", + "view_license_types", + "view_connectors", + "delete_apps", + "delete_tech_user_management", + "add_apps", + "view_service_subscriptions", + "edit_apps", + "view_certificates", + "activate_subscription", + "view_app_subscription", + "App Developer", + "view_autosetup_status" ] } }, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "48c262f0-3f56-4bab-94d5-f3c30fb5d9f9", - "name": "upload_certificates", - "description": "", + "id": "6e3dd610-efb9-4d82-b147-acfc5a33330f", + "name": "edit_apps", + "description": "Users with this role can edit apps which are published in the marketplace", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "174783fa-1473-4921-8ac4-8d18703836b3", - "name": "send_mail", + "id": "bba412b2-a8e3-419d-bb6a-61fd4fa5cfb5", + "name": "request_ssicredential", "description": "", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "b4bead06-e3c4-4fce-9e06-43d9d9537766", - "name": "view_use_cases", - "description": "Users can view available use cases in the network", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "51e6dede-686f-43d5-925a-693784f8a661", - "name": "subscribe_apps", - "description": "User is able to start the app subscription process", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "8d3a5c8d-d4dc-4aaa-8941-9cd38cd3906e", - "name": "update_application_checklist_value", + "id": "2463d679-8f68-4262-a720-2f53ab6cbfca", + "name": "app_management", + "description": "can manage apps", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "9b440b50-0ddd-4a6f-9a22-24073aea801e", - "name": "add_idp", - "description": "User can create a new idp under his organisation", + "id": "be37e2f1-bffe-4779-88bf-c353721eed3a", + "name": "view_app_subscription", + "description": "view app subscriptions in pending, active and inactive", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "c190da2a-aad4-4a02-9904-88207ba322a6", - "name": "delete_idp", - "description": "User can delete company idps", - "composite": false, + "id": "019eab18-2a57-477e-aec2-e96a53fa0dcc", + "name": "App Developer", + "composite": true, + "composites": { + "client": { + "technical_roles_management": [ + "BPDM Pool Consumer" + ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], + "Cl1-CX-Registration": [ + "view_registration" + ], + "Cl24-CX-SSI-CredentialIssuer": [ + "view_credential_requests" + ], + "Cl2-CX-Portal": [ + "view_tech_user_management", + "CX User", + "view_license_types", + "view_service_subscriptions", + "edit_apps", + "view_certificates", + "view_use_cases", + "view_technical_setup", + "app_management", + "view_app_language", + "technical_roles_management", + "view_apps" + ] + } + }, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "8cebb227-d72c-428e-92fd-6b4c01cbb899", - "name": "view_membership", - "description": "view_membership", + "id": "96f84726-631a-4b2a-9046-66ad9c83c2b8", + "name": "view_partner_network", + "description": "Partner Network view", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "ee373634-1eb3-4702-a269-774f36f54453", + "id": "158d4301-b8ca-46bd-8ddf-5a4ccc04a2b2", "name": "decline_service_release", "description": "decline_service_release", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "b06c2999-6008-4fb6-a22f-93fdac150656", - "name": "decline_app_release", - "description": "User can decline apps to not get released on the marketplace", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "3a3af42c-c564-44ca-b83c-6d5c3bbd6087", - "name": "add_service_offering", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "765bced5-b422-4f91-b35f-19d648595e6a", - "name": "Purchaser", + "id": "ad124f04-a38f-41c8-a47e-93258e747a0e", + "name": "Business Admin", "composite": true, "composites": { "client": { @@ -1207,82 +1030,113 @@ "view_registration" ], "Cl24-CX-SSI-CredentialIssuer": [ - "view_credential_requests" + "view_credential_requests", + "request_ssicredential", + "view_use_case_participation", + "revoke_credential", + "view_certificates" ], "Cl2-CX-Portal": [ - "view_app_subscription", - "view_service_subscriptions", + "delete_own_user_account", + "delete_notifications", + "unsubscribe_apps", + "view_client_roles", + "view_subscription", + "view_own_user_account", + "request_ssicredential", "view_certificates", - "delete_certificates", "subscribe_service", - "CX User", - "unsubscribe_apps", - "unsubscribe_services", + "view_membership", + "view_company_data", + "view_app_subscription", + "view_partner_network", + "view_autosetup_status", + "view_documents", + "view_apps", + "view_user_management", + "view_use_case_participation", + "view_idp", + "add_user_account", + "delete_certificates", "upload_certificates", - "subscribe_apps" + "unsubscribe_services", + "view_service_subscriptions", + "modify_user_account", + "view_service_marketplace", + "update_own_user_account", + "view_service_offering", + "subscribe_apps", + "view_notifications" + ], + "Cl3-CX-Semantic": [ + "add_semantic_model", + "view_semantic_model", + "delete_semantic_model", + "update_semantic_model" ] } }, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "f9ec0166-c20b-4f1f-9f0d-11349fec657c", - "name": "view_notifications", - "description": "User can view notification details", + "id": "ea91e242-9951-4320-91df-051a6274f1ec", + "name": "view_apps", + "description": "Users with this role can view apps in the App Marketplace", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "8432f49c-8d6c-4b86-aebc-b259056037db", - "name": "update_application_membership_credential", - "description": "", + "id": "86343501-dcd8-46f5-8a1a-0ff906d4504b", + "name": "add_idp", + "description": "User can create a new idp under his organisation", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "f1231514-aa65-408a-bf0d-c9d6d210e99a", - "name": "view_certificates", + "id": "ad046384-7b91-468f-bccc-b35c002a682a", + "name": "delete_certificates", + "description": "", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "7b816094-20e7-44fb-a45f-3ecb9d9d7157", + "id": "5052990e-ef14-43f5-adcb-8ff4efb3a425", "name": "CX Admin", "composite": true, "composites": { "client": { "Cl16-CX-BPDMGate": [ - "read_input_changelog", - "read_output_changelog", "read_output_partner", "read_input_partner", - "read_stats", + "read_input_changelog", + "read_output_changelog", "write_input_partner", - "read_sharing_state", - "write_sharing_state" + "write_sharing_state", + "read_stats", + "read_sharing_state" ], "Cl7-CX-BPDM": [ "write_metadata", - "read_partner_member", "read_partner", - "read_changelog", - "read_changelog_member", "write_partner", - "read_metadata" + "read_changelog", + "read_partner_member", + "read_metadata", + "read_changelog_member" ], "Cl5-CX-Custodian": [ "add_wallet", - "view_wallet", + "delete_wallet", "update_wallet", - "delete_wallet" + "view_wallet" ], "technical_roles_management": [ "BPDM Pool Consumer" @@ -1292,422 +1146,472 @@ ], "Cl24-CX-SSI-CredentialIssuer": [ "revoke_credentials_issuer", - "view_certificates", "view_credential_requests", - "view_use_case_participation", "revoke_credential", "decision_ssicredential", - "request_ssicredential" + "request_ssicredential", + "view_use_case_participation", + "view_certificates" ], "Cl2-CX-Portal": [ - "view_documents", - "delete_connectors", - "update_service_offering", - "invite_new_partner", - "view_app_subscription", - "view_company_data", - "approve_app_release", - "view_autosetup_status", - "view_own_user_account", - "view_idp", - "add_apps", - "update_own_user_account", - "setup_idp", + "add_tech_user_management", "view_subscription", - "delete_notifications", - "view_license_types", - "approve_new_partner", + "add_apps", + "add_self_descriptions", + "view_use_cases", + "subscribe_service", "view_technical_setup", - "view_tech_user_management", + "view_autosetup_status", + "view_user_account", + "delete_user_account", + "approve_app_release", + "view_idp", + "decline_app_release", + "view_use_case_participation", + "add_user_account", "approve_service_release", + "delete_apps", "view_managed_idp", - "unsubscribe_apps", - "disable_idp", - "subscribe_apps", - "add_idp", - "delete_idp", - "view_membership", - "decline_service_release", - "decline_app_release", - "add_service_offering", - "view_notifications", - "view_certificates", - "create_ssi_notifications", - "unsubscribe_services", + "delete_documents", "modify_connectors", - "view_use_case_participation", - "view_partner_network", "decline_new_partner", "update_company_role", - "delete_documents", - "app_management", + "configure_partner_registration", + "edit_apps", + "view_partner_network", + "view_apps", + "add_idp", + "setup_idp", + "unsubscribe_services", + "view_service_subscriptions", + "delete_connectors", + "approve_new_partner", + "delete_idp", "view_app_language", - "modify_user_account", - "add_connectors", + "view_notifications", + "view_tech_user_management", + "delete_own_user_account", + "unsubscribe_apps", + "view_connectors", + "disable_idp", + "delete_tech_user_management", + "view_own_user_account", + "view_submitted_applications", + "view_certificates", + "view_membership", + "view_company_data", + "technical_roles_management", + "view_documents", "service_management", "view_user_management", - "add_tech_user_management", - "add_self_descriptions", - "view_user_account", - "request_ssicredential", - "view_service_subscriptions", + "add_service_offering", + "add_connectors", + "modify_user_account", "activate_subscription", - "view_client_roles", - "subscribe_service", - "delete_user_account", - "view_submitted_applications", - "add_user_account", - "delete_apps", + "update_own_user_account", + "update_service_offering", + "delete_notifications", + "view_client_roles", + "view_license_types", + "request_ssicredential", + "view_app_subscription", + "app_management", + "decline_service_release", + "invite_new_partner", + "create_ssi_notifications", "view_service_marketplace", "view_service_offering", - "view_use_cases", - "technical_roles_management", - "delete_tech_user_management", - "delete_own_user_account", - "edit_apps", - "view_apps", - "view_connectors", - "configure_partner_registration" + "subscribe_apps" ], "Cl3-CX-Semantic": [ - "delete_semantic_model", "add_semantic_model", - "update_semantic_model", - "view_semantic_model" + "view_semantic_model", + "delete_semantic_model", + "update_semantic_model" ] } }, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "dc88f8a9-654c-4a97-8339-d6ad5aae7256", - "name": "store_didDocument", - "description": "", + "id": "ed9713fb-fa73-4f8c-a3cb-290b9b922fd1", + "name": "setup_idp", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "92b5a061-8e54-4562-a86c-94c0bacef12d", - "name": "technical_roles_management", - "description": "technical roles management", + "id": "83e72d63-a0d3-4710-b89a-35efaf149335", + "name": "unsubscribe_services", + "description": "", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "4ac0c3dc-1401-4ed6-a5f8-d8e08e2f5c78", - "name": "delete_tech_user_management", - "description": "Delete a technical user", + "id": "837a6c2d-41d9-45a8-b988-bddcbc4812ef", + "name": "update_application_bpn_credential", + "description": "", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "f02debf4-92ff-4b7f-a56c-db7c6321ceda", - "name": "delete_own_user_account", + "id": "36caf4ed-fb68-4a5a-93ed-2eac06772dbd", + "name": "view_service_subscriptions", + "description": "User is able to view service subscription under own service", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "22b05ced-cd8e-4769-a368-b8266bf967ef", - "name": "create_ssi_notifications", - "description": "User can create notifications for ssi credentials", + "id": "84b817dd-7f24-46fd-a8e2-777cab26be87", + "name": "delete_connectors", + "description": "Delete company connectors", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "13fe64aa-6de6-4b94-9e3d-af9b2c7f2917", - "name": "edit_apps", - "description": "Users with this role can edit apps which are published in the marketplace", + "id": "1c5a8953-7b11-4d59-b450-fd94ec9b5014", + "name": "invite_new_partner", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "60832277-251d-47f0-b40b-004f7224d0fc", - "name": "unsubscribe_services", - "description": "", + "id": "2b7a628f-54b9-48ae-a431-b57362c2c14b", + "name": "create_ssi_notifications", + "description": "User can create notifications for ssi credentials", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "817fa189-808e-465c-b75d-838336ab7a84", - "name": "view_apps", - "description": "Users with this role can view apps in the App Marketplace", + "id": "7bbdddf0-972d-4f0b-a273-907edd8bf405", + "name": "approve_new_partner", + "description": "User with this right can let new partners access the portal by approving the company registration request inside the admin board", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "dc2b47a7-8e7e-49a1-b23a-e099168b8229", - "name": "modify_connectors", + "id": "63bee7be-cad5-4859-b262-5739d4cb7f35", + "name": "submit_connector_sd", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "42873085-5177-4ff5-88df-0290e568babd", - "name": "view_use_case_participation", + "id": "3f3a519e-a645-4b2a-89b0-e3233753b9ab", + "name": "view_service_marketplace", + "description": "view_service_marketplace", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "e5ec6a66-8fad-4066-bcdd-92041f894831", - "name": "view_connectors", - "description": "Look up company connectors and their details", + "id": "8371107c-8198-493f-a741-ef1a60db7656", + "name": "view_service_offering", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "104c094b-eaf5-4b0e-9758-f14dedf925da", - "name": "view_partner_network", - "description": "Partner Network view", + "id": "5abf6b13-3e00-4fdc-918b-29ac74f5baab", + "name": "subscribe_apps", + "description": "User is able to start the app subscription process", "composite": false, "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} - } - ], - "Cl22-CX-BPND": [ + }, { - "id": "798bcaf7-fec5-414f-91ef-352967bfd72a", - "name": "add_bpn_discovery", + "id": "7c9a2443-0923-495b-89ad-1657090a1d2f", + "name": "delete_idp", + "description": "User can delete company idps", "composite": false, "clientRole": true, - "containerId": "48fc6e9e-a736-4b0b-9fea-59ad847b02e0", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "07c35188-e159-4f5b-b05e-a393c5b8c115", - "name": "delete_bpn_discovery", - "composite": false, + "id": "40cc640e-0de7-429b-bafd-fbed102f1aff", + "name": "IT Admin", + "composite": true, + "composites": { + "client": { + "technical_roles_management": [ + "BPDM Pool Consumer" + ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], + "Cl1-CX-Registration": [ + "view_registration" + ], + "Cl24-CX-SSI-CredentialIssuer": [ + "request_ssicredential", + "view_credential_requests", + "view_use_case_participation", + "revoke_credential", + "view_certificates" + ], + "Cl2-CX-Portal": [ + "view_tech_user_management", + "delete_own_user_account", + "add_tech_user_management", + "view_connectors", + "disable_idp", + "view_subscription", + "delete_tech_user_management", + "view_own_user_account", + "add_self_descriptions", + "view_certificates", + "subscribe_service", + "view_membership", + "view_company_data", + "view_technical_setup", + "technical_roles_management", + "view_documents", + "view_user_account", + "delete_user_account", + "view_user_management", + "view_idp", + "view_use_case_participation", + "add_user_account", + "view_managed_idp", + "add_connectors", + "modify_user_account", + "update_own_user_account", + "modify_connectors", + "delete_notifications", + "view_client_roles", + "configure_partner_registration", + "request_ssicredential", + "view_partner_network", + "view_apps", + "add_idp", + "setup_idp", + "view_service_subscriptions", + "delete_connectors", + "view_service_marketplace", + "view_service_offering", + "delete_idp", + "view_notifications" + ], + "Cl3-CX-Semantic": [ + "view_semantic_model" + ] + } + }, "clientRole": true, - "containerId": "48fc6e9e-a736-4b0b-9fea-59ad847b02e0", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "05bc014a-ce02-4965-bdea-34d5b206e0e5", - "name": "view_bpn_discovery", + "id": "c3e93a9b-aa21-410e-a9d2-ff9e7f5ade48", + "name": "view_app_language", + "description": "View available app language", "composite": false, "clientRole": true, - "containerId": "48fc6e9e-a736-4b0b-9fea-59ad847b02e0", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} - } - ], - "Cl21-CX-DF": [ + }, { - "id": "44a9692a-6d97-4ce0-9d1c-bcdd273792a9", - "name": "view_discovery_endpoint", - "description": "", - "composite": false, + "id": "14d61d19-b246-4e8f-9657-a062bc80fcf2", + "name": "Sales Manager", + "composite": true, + "composites": { + "client": { + "technical_roles_management": [ + "BPDM Pool Consumer" + ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], + "Cl1-CX-Registration": [ + "view_registration" + ], + "Cl24-CX-SSI-CredentialIssuer": [ + "view_credential_requests" + ], + "Cl2-CX-Portal": [ + "CX User", + "unsubscribe_apps", + "unsubscribe_services", + "view_service_subscriptions", + "view_certificates", + "activate_subscription", + "subscribe_service", + "view_service_offering", + "view_app_subscription", + "app_management", + "subscribe_apps", + "service_management" + ] + } + }, "clientRole": true, - "containerId": "bf1cfe3e-3950-4fdc-8a58-13b73cec6740", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "3bb6b58e-b10b-4705-aef9-56f359e46111", - "name": "delete_discovery_endpoint", - "description": "", + "id": "b575ad54-0bc8-4b5b-90e4-d8a94d81a6d3", + "name": "view_notifications", + "description": "User can view notification details", "composite": false, "clientRole": true, - "containerId": "bf1cfe3e-3950-4fdc-8a58-13b73cec6740", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} }, { - "id": "518d41c9-c7c7-4ab4-be2b-2b467977ecc9", - "name": "add_discovery_endpoint", + "id": "6eb16651-8e2b-40e8-ae4e-4032ce86593f", + "name": "update_application_membership_credential", "description": "", "composite": false, "clientRole": true, - "containerId": "bf1cfe3e-3950-4fdc-8a58-13b73cec6740", + "containerId": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "attributes": {} } ], - "sa-cl8-cx-1": [], - "Cl7-CX-BPDM": [ - { - "id": "52df2421-b796-4b47-9b3f-7e0bc1cd785e", - "name": "read_metadata", - "description": "", - "composite": false, - "clientRole": true, - "containerId": "04cd6d38-674f-4588-980a-8f120bddcc44", - "attributes": {} - }, + "Cl22-CX-BPND": [ { - "id": "b6f32a00-39ab-4074-89c2-ae43cb27936f", - "name": "read_changelog", - "description": "", + "id": "7c8140b6-8482-4892-9725-336a1e0cd6a7", + "name": "view_bpn_discovery", "composite": false, "clientRole": true, - "containerId": "04cd6d38-674f-4588-980a-8f120bddcc44", + "containerId": "93a98bea-a0fb-47ff-9ae1-2d987327df3f", "attributes": {} }, { - "id": "43eaf830-14a0-4935-a4d2-0f0060ca1e65", - "name": "read_partner_member", - "description": "", + "id": "edcdf2ac-ae0d-48a8-8051-61e6454bad9b", + "name": "add_bpn_discovery", "composite": false, "clientRole": true, - "containerId": "04cd6d38-674f-4588-980a-8f120bddcc44", + "containerId": "93a98bea-a0fb-47ff-9ae1-2d987327df3f", "attributes": {} }, { - "id": "063fdc97-a010-4b9f-a646-8182a401bb75", - "name": "write_metadata", - "description": "", + "id": "a80d0c41-ebcc-4472-84bd-f7f791476ff1", + "name": "delete_bpn_discovery", "composite": false, "clientRole": true, - "containerId": "04cd6d38-674f-4588-980a-8f120bddcc44", + "containerId": "93a98bea-a0fb-47ff-9ae1-2d987327df3f", "attributes": {} - }, + } + ], + "Cl21-CX-DF": [ { - "id": "379d1ca0-7253-4277-82d8-143bacf84d56", - "name": "read_changelog_member", + "id": "13cac913-5511-4fd2-9e91-e434fe36f546", + "name": "view_discovery_endpoint", "description": "", "composite": false, "clientRole": true, - "containerId": "04cd6d38-674f-4588-980a-8f120bddcc44", + "containerId": "60e1415e-a5c9-44a2-8387-4769fd5b5059", "attributes": {} }, { - "id": "02fc3e0c-91c2-4b3c-acee-1fee157ea2b6", - "name": "write_partner", + "id": "6f69e0ff-dc14-4c63-b786-7df307ff4049", + "name": "add_discovery_endpoint", "description": "", "composite": false, "clientRole": true, - "containerId": "04cd6d38-674f-4588-980a-8f120bddcc44", + "containerId": "60e1415e-a5c9-44a2-8387-4769fd5b5059", "attributes": {} }, { - "id": "682935a7-cd27-4bb3-b369-78d248e6a558", - "name": "read_partner", + "id": "e625a270-e4ac-4e00-a93c-b2032f4167fd", + "name": "delete_discovery_endpoint", "description": "", "composite": false, "clientRole": true, - "containerId": "04cd6d38-674f-4588-980a-8f120bddcc44", + "containerId": "60e1415e-a5c9-44a2-8387-4769fd5b5059", "attributes": {} } ], - "Cl25-CX-BPDM-Orchestrator": [ - { - "id": "4b20dc8b-0231-41a0-acef-662ed5353c18", - "name": "create_result_poolSync", - "description": "Allowed to create results for reserved golden record tasks in the 'PoolSync' queue.", - "composite": false, - "clientRole": true, - "containerId": "632271be-e00c-47c2-b2e9-4b12d75c8c5b", - "attributes": {} - }, + "sa-cl8-cx-1": [], + "Cl7-CX-BPDM": [ { - "id": "0a5befef-6ecf-4bc8-ab94-7f0e3731c858", - "name": "read_task", - "description": "Allowed to read the processing state and result of golden record tasks.", + "id": "7bd7d9df-eb03-4511-9984-82e835c2688a", + "name": "write_partner", + "description": "", "composite": false, "clientRole": true, - "containerId": "632271be-e00c-47c2-b2e9-4b12d75c8c5b", + "containerId": "2ef350bf-f017-4696-9f97-e01db49341d2", "attributes": {} }, { - "id": "4632b001-25e2-4ef8-bd04-05f7b9e0453d", - "name": "create_result_cleanAndSync", - "description": "Allowed to create results for reserved golden record tasks in the 'CleanAndSync' queue.", + "id": "b82f6737-59bc-464d-a0aa-797b8b78e5f4", + "name": "read_changelog", + "description": "", "composite": false, "clientRole": true, - "containerId": "632271be-e00c-47c2-b2e9-4b12d75c8c5b", + "containerId": "2ef350bf-f017-4696-9f97-e01db49341d2", "attributes": {} }, { - "id": "d335c39d-d160-40d6-86b1-11a6e1889ddd", - "name": "create_task", - "description": "Allowed to create new golden record tasks", + "id": "d85cedc3-83c2-4822-822f-68b7d7e5c550", + "name": "read_partner", + "description": "", "composite": false, "clientRole": true, - "containerId": "632271be-e00c-47c2-b2e9-4b12d75c8c5b", + "containerId": "2ef350bf-f017-4696-9f97-e01db49341d2", "attributes": {} }, { - "id": "1f15361f-c5ee-40e5-9169-fd32b3d0c8da", - "name": "create_reservation_clean", - "description": "Allowed to create reservations for golden record tasks inside the 'Clean' queue.", + "id": "80d44073-d229-48b5-8135-15fce5b43b0e", + "name": "read_partner_member", + "description": "", "composite": false, "clientRole": true, - "containerId": "632271be-e00c-47c2-b2e9-4b12d75c8c5b", + "containerId": "2ef350bf-f017-4696-9f97-e01db49341d2", "attributes": {} }, { - "id": "90451361-9282-4cee-bb43-96f084a43d7e", - "name": "create_reservation_poolSync", - "description": "Allowed to create reservations for golden record tasks in the 'PoolSync' queue.", + "id": "f87acf00-b5c3-45c2-aa41-6b740e9d5563", + "name": "read_changelog_member", + "description": "", "composite": false, "clientRole": true, - "containerId": "632271be-e00c-47c2-b2e9-4b12d75c8c5b", + "containerId": "2ef350bf-f017-4696-9f97-e01db49341d2", "attributes": {} }, { - "id": "f972bf5c-7454-4c3f-882b-0535eacd7dd9", - "name": "create_result_clean", - "description": "Allowed to create results for reserved golden record tasks in the 'Clean' queue.", + "id": "64b0cbff-1f11-417b-9134-7f1adcdeb277", + "name": "write_metadata", + "description": "", "composite": false, "clientRole": true, - "containerId": "632271be-e00c-47c2-b2e9-4b12d75c8c5b", + "containerId": "2ef350bf-f017-4696-9f97-e01db49341d2", "attributes": {} }, - { - "id": "dbb4cbda-671b-4b8c-8ed8-a9c3e8ad7256", - "name": "create_reservation_cleanAndSync", - "description": "Allowed to create reservations for golden record tasks in the 'CleanAndSync' queue", + { + "id": "de92a46c-98c7-4b89-bec8-8c73aa354ded", + "name": "read_metadata", + "description": "", "composite": false, "clientRole": true, - "containerId": "632271be-e00c-47c2-b2e9-4b12d75c8c5b", + "containerId": "2ef350bf-f017-4696-9f97-e01db49341d2", "attributes": {} } ], - "sa-cl25-cx-1": [], - "sa-cl25-cx-2": [], - "sa-cl25-cx-3": [], - "sa-cl7-cx-1": [], "technical_roles_management": [ { - "id": "1e3bef93-036c-44a8-b37a-04ca9effcfcb", - "name": "BPDM Sharing Input Consumer", - "description": "", - "composite": true, - "composites": { - "client": { - "Cl16-CX-BPDMGate": [ - "read_input_changelog", - "read_stats", - "read_input_partner", - "read_sharing_state" - ] - } - }, - "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", - "attributes": {} - }, - { - "id": "4776c000-7232-4804-a133-aff0c01966ba", + "id": "9ca307cf-cff2-4eef-aef5-3d09b7e9053a", "name": "Semantic Model Management", "description": "", "composite": true, @@ -1719,26 +1623,34 @@ } }, "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "containerId": "114605ea-9c64-4dff-9bc7-90fe02a004c3", "attributes": {} }, { - "id": "dee6cf7a-fb6b-451c-9ef7-87459893e48f", - "name": "Registration External", + "id": "16eccbd3-58af-4ea1-baea-adade8469ae1", + "name": "Dataspace Discovery", "composite": true, "composites": { "client": { + "Cl22-CX-BPND": [ + "view_bpn_discovery", + "add_bpn_discovery", + "delete_bpn_discovery" + ], + "Cl21-CX-DF": [ + "view_discovery_endpoint" + ], "Cl2-CX-Portal": [ - "configure_partner_registration" + "view_connectors" ] } }, "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "containerId": "114605ea-9c64-4dff-9bc7-90fe02a004c3", "attributes": {} }, { - "id": "8ce375c0-bab3-4df7-939f-a61cd0fa0ab1", + "id": "5597527e-3fc6-4a8b-b763-487d078bc641", "name": "Offer Management", "description": "", "composite": true, @@ -1746,62 +1658,59 @@ "client": { "Cl2-CX-Portal": [ "view_tech_user_management", - "add_service_offering", - "add_connectors", + "activate_subscription", "app_management", - "activate_subscription" + "add_service_offering", + "add_connectors" ] } }, "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "containerId": "114605ea-9c64-4dff-9bc7-90fe02a004c3", "attributes": {} }, { - "id": "97ac9e26-5db1-4b16-a7ef-a20473b7472d", - "name": "BPDM Sharing Input Manager", + "id": "05be73bb-b186-40da-b3a7-efa03c9d0fa3", + "name": "BPDM Pool Admin", "description": "", "composite": true, "composites": { "client": { - "Cl16-CX-BPDMGate": [ - "read_input_changelog", - "read_stats", - "write_sharing_state", - "write_input_partner", - "read_input_partner", - "read_sharing_state" + "Cl7-CX-BPDM": [ + "write_partner", + "read_changelog", + "read_partner", + "read_partner_member", + "write_metadata", + "read_changelog_member", + "read_metadata" ] } }, "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "containerId": "114605ea-9c64-4dff-9bc7-90fe02a004c3", "attributes": {} }, { - "id": "21afd9a8-aecb-4383-9726-4e19f5ed4ed2", - "name": "BPDM Pool Admin", + "id": "19ce2a65-11f9-440f-a78c-186e6db985e9", + "name": "BPDM Pool Consumer", "description": "", "composite": true, "composites": { "client": { "Cl7-CX-BPDM": [ - "read_metadata", - "read_changelog", "read_partner_member", - "write_metadata", "read_changelog_member", - "write_partner", - "read_partner" + "read_metadata" ] } }, "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "containerId": "114605ea-9c64-4dff-9bc7-90fe02a004c3", "attributes": {} }, { - "id": "50e20aeb-1dc7-464e-9a69-e48c34fa2078", + "id": "2e8f3f6a-60a8-48e6-b0fa-81f27e111a89", "name": "BPDM Sharing Output Consumer", "description": "", "composite": true, @@ -1809,279 +1718,356 @@ "client": { "Cl16-CX-BPDMGate": [ "read_output_changelog", - "read_stats", + "read_sharing_state", "read_output_partner", - "read_sharing_state" + "read_stats" ] } }, "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "containerId": "114605ea-9c64-4dff-9bc7-90fe02a004c3", "attributes": {} }, { - "id": "f456f008-49b1-40ea-ad89-61ad5470b5dc", - "name": "BPDM Pool Consumer", + "id": "24e0133b-fdeb-4b9e-9cd6-c965718f2d00", + "name": "BPDM Orchestrator Processor CleanAndSync", + "description": "Allowed to process golden record tasks in the 'CleanAndSync' queue", + "composite": true, + "composites": { + "client": { + "Cl25-CX-BPDM-Orchestrator": [ + "create_result_cleanAndSync", + "create_reservation_cleanAndSync" + ] + } + }, + "clientRole": true, + "containerId": "114605ea-9c64-4dff-9bc7-90fe02a004c3", + "attributes": {} + }, + { + "id": "8529b128-6439-48b7-8c38-7640133fbca3", + "name": "BPDM Pool Sharing Consumer", "description": "", "composite": true, "composites": { "client": { "Cl7-CX-BPDM": [ - "read_metadata", - "read_changelog_member", - "read_partner_member" + "read_changelog", + "read_partner", + "read_metadata" ] } }, "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "containerId": "114605ea-9c64-4dff-9bc7-90fe02a004c3", "attributes": {} }, { - "id": "d5781775-3fbd-4f46-84ea-b19164393205", - "name": "Dataspace Discovery", + "id": "d5203308-34fd-4357-b72b-5cc617a7c873", + "name": "Registration Internal", + "description": "Technical user enabling the invitation API to integrate 3rd party software.", "composite": true, "composites": { "client": { - "Cl22-CX-BPND": [ - "add_bpn_discovery", - "delete_bpn_discovery", - "view_bpn_discovery" - ], - "Cl21-CX-DF": [ - "view_discovery_endpoint" - ], "Cl2-CX-Portal": [ - "view_connectors" + "view_submitted_applications", + "invite_new_partner" ] } }, "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "containerId": "114605ea-9c64-4dff-9bc7-90fe02a004c3", "attributes": {} }, { - "id": "bb22abe9-7a62-4861-b00e-617298017db9", - "name": "BPDM Sharing Admin", - "description": "", + "id": "a20fd6e3-3a61-4e54-b47f-a0840d6a3c03", + "name": "BPDM Orchestrator Admin", + "description": "Full read and write access to the BPDM Orchestrator component", "composite": true, "composites": { "client": { - "Cl16-CX-BPDMGate": [ - "read_input_changelog", - "read_output_changelog", - "read_stats", - "write_sharing_state", - "read_output_partner", - "write_input_partner", - "read_input_partner", - "read_sharing_state" + "Cl25-CX-BPDM-Orchestrator": [ + "create_task", + "read_task", + "create_reservation_poolSync", + "create_reservation_clean", + "create_result_cleanAndSync", + "create_reservation_cleanAndSync", + "create_result_clean", + "create_result_poolSync" ] } }, "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "containerId": "114605ea-9c64-4dff-9bc7-90fe02a004c3", "attributes": {} }, { - "id": "0324b0ed-43c0-4493-ad4b-4f202e288df0", - "name": "CX Membership Info", - "description": "", + "id": "bbcf0d08-99d1-4350-8820-aebe67e73f37", + "name": "BPDM Orchestrator Processor PoolSync", + "description": "Allowed to process golden record tasks in the 'PoolSync' queue", "composite": true, "composites": { "client": { - "Cl2-CX-Portal": [ - "view_membership" + "Cl25-CX-BPDM-Orchestrator": [ + "create_reservation_poolSync", + "create_result_poolSync" ] } }, "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "containerId": "114605ea-9c64-4dff-9bc7-90fe02a004c3", "attributes": {} }, { - "id": "6f153999-e1a9-4cc7-b9c0-f53e7c5f7a42", - "name": "Identity Wallet Management", + "id": "2d1909fd-36b6-4d8e-a81c-a9a319cd2f7f", + "name": "Registration External", "composite": true, "composites": { "client": { - "Cl5-CX-Custodian": [ - "view_wallet", - "update_wallet" + "Cl2-CX-Portal": [ + "configure_partner_registration" ] } }, "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "containerId": "114605ea-9c64-4dff-9bc7-90fe02a004c3", "attributes": {} }, { - "id": "58bc6143-972c-4bc1-bd07-78618ec20f5f", - "name": "BPDM Pool Sharing Consumer", + "id": "8b9c2f78-8527-4b80-9e0d-2c6dfb693860", + "name": "BPDM Sharing Input Consumer", "description": "", "composite": true, "composites": { "client": { - "Cl7-CX-BPDM": [ - "read_metadata", - "read_changelog", - "read_partner" + "Cl16-CX-BPDMGate": [ + "read_sharing_state", + "read_input_partner", + "read_input_changelog", + "read_stats" ] } }, "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "containerId": "114605ea-9c64-4dff-9bc7-90fe02a004c3", "attributes": {} }, { - "id": "3fbeeb23-c281-43a4-b76a-f0805e919905", - "name": "BPDM Orchestrator Admin", - "description": "Full read and write access to the BPDM Orchestrator component", + "id": "5ee770e3-95d5-4678-9615-2370d65c2d8d", + "name": "CX Membership Info", + "description": "", "composite": true, "composites": { "client": { - "Cl25-CX-BPDM-Orchestrator": [ - "create_result_poolSync", - "read_task", - "create_result_cleanAndSync", - "create_task", - "create_reservation_clean", - "create_reservation_poolSync", - "create_result_clean", - "create_reservation_cleanAndSync" + "Cl2-CX-Portal": [ + "view_membership" ] } }, "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "containerId": "114605ea-9c64-4dff-9bc7-90fe02a004c3", "attributes": {} }, { - "id": "a0dab74a-13d2-4ced-b0af-fa8a3894c2ec", - "name": "BPDM Orchestrator Task Creator", - "description": "Allowed to create new golden record tasks, monitor the processing state and result.", + "id": "2a441cfc-2296-4e38-803e-ac9e3cfc6b89", + "name": "Identity Wallet Management", "composite": true, "composites": { "client": { - "Cl25-CX-BPDM-Orchestrator": [ - "read_task", - "create_task" + "Cl5-CX-Custodian": [ + "view_wallet", + "update_wallet" ] } }, "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "containerId": "114605ea-9c64-4dff-9bc7-90fe02a004c3", "attributes": {} }, { - "id": "efb560b1-3649-4af9-931e-4799c61504e6", - "name": "BPDM Orchestrator Processor Clean", - "description": "Allowed to process golden record tasks in the 'Clean' queue", + "id": "4fc0a657-085c-4ad3-bf69-02a43196db25", + "name": "BPDM Sharing Admin", + "description": "", "composite": true, "composites": { "client": { - "Cl25-CX-BPDM-Orchestrator": [ - "create_reservation_clean", - "create_result_clean" + "Cl16-CX-BPDMGate": [ + "read_output_changelog", + "read_sharing_state", + "write_sharing_state", + "read_output_partner", + "read_input_partner", + "read_input_changelog", + "read_stats", + "write_input_partner" ] } }, "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "containerId": "114605ea-9c64-4dff-9bc7-90fe02a004c3", "attributes": {} }, { - "id": "4444626e-b5dd-4c8d-8897-0b7ad3ccdf21", - "name": "BPDM Orchestrator Processor CleanAndSync", - "description": "Allowed to process golden record tasks in the 'CleanAndSync' queue", + "id": "0e7b8361-bafa-4a5e-af2d-b8c9fa2459f2", + "name": "BPDM Orchestrator Task Creator", + "description": "Allowed to create new golden record tasks, monitor the processing state and result.", "composite": true, "composites": { "client": { "Cl25-CX-BPDM-Orchestrator": [ - "create_result_cleanAndSync", - "create_reservation_cleanAndSync" + "create_task", + "read_task" ] } }, "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "containerId": "114605ea-9c64-4dff-9bc7-90fe02a004c3", "attributes": {} }, { - "id": "a1e82d28-ab78-40ac-aae5-cda1f3615c61", - "name": "BPDM Orchestrator Processor PoolSync", - "description": "Allowed to process golden record tasks in the 'PoolSync' queue", + "id": "f18e0207-1620-47ed-bf0d-bfa865b4d468", + "name": "BPDM Sharing Input Manager", + "description": "", "composite": true, "composites": { "client": { - "Cl25-CX-BPDM-Orchestrator": [ - "create_result_poolSync", - "create_reservation_poolSync" + "Cl16-CX-BPDMGate": [ + "read_sharing_state", + "write_sharing_state", + "read_input_partner", + "read_input_changelog", + "read_stats", + "write_input_partner" ] } }, "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "containerId": "114605ea-9c64-4dff-9bc7-90fe02a004c3", "attributes": {} }, { - "id": "884698bc-bb74-4661-a90f-3ba214b74593", - "name": "Registration Internal", - "description": "Technical user enabling the invitation API to integrate 3rd party software.", + "id": "4645a525-78dd-4a29-9665-a411467d935d", + "name": "BPDM Orchestrator Processor Clean", + "description": "Allowed to process golden record tasks in the 'Clean' queue", "composite": true, "composites": { "client": { - "Cl2-CX-Portal": [ - "invite_new_partner", - "view_submitted_applications" + "Cl25-CX-BPDM-Orchestrator": [ + "create_reservation_clean", + "create_result_clean" ] } }, "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "containerId": "114605ea-9c64-4dff-9bc7-90fe02a004c3", "attributes": {} } ], "admin-cli": [], "realm-management": [ { - "id": "aafa6845-0920-4013-a283-594c9dc7ac32", + "id": "1bc613dc-adca-47fb-afdb-fd9bfea1ad6b", + "name": "manage-users", + "description": "${role_manage-users}", + "composite": false, + "clientRole": true, + "containerId": "834cf665-f6bc-416c-986b-6aa3c9906290", + "attributes": {} + }, + { + "id": "ac682165-cfca-48b0-8cf5-21b5686068ca", + "name": "manage-authorization", + "description": "${role_manage-authorization}", + "composite": false, + "clientRole": true, + "containerId": "834cf665-f6bc-416c-986b-6aa3c9906290", + "attributes": {} + }, + { + "id": "2d8a2a59-0bd7-4493-9fa9-c8a8c1e48189", + "name": "query-users", + "description": "${role_query-users}", + "composite": false, + "clientRole": true, + "containerId": "834cf665-f6bc-416c-986b-6aa3c9906290", + "attributes": {} + }, + { + "id": "11a4ccb3-87d3-44ab-994e-2d3756d4072f", + "name": "view-events", + "description": "${role_view-events}", + "composite": false, + "clientRole": true, + "containerId": "834cf665-f6bc-416c-986b-6aa3c9906290", + "attributes": {} + }, + { + "id": "6d0bc95f-935d-4e60-a157-d0c03fb25fd3", "name": "view-realm", "description": "${role_view-realm}", "composite": false, "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", + "containerId": "834cf665-f6bc-416c-986b-6aa3c9906290", + "attributes": {} + }, + { + "id": "059e9b39-7f08-4035-a9ac-ac99a476662d", + "name": "query-clients", + "description": "${role_query-clients}", + "composite": false, + "clientRole": true, + "containerId": "834cf665-f6bc-416c-986b-6aa3c9906290", "attributes": {} }, { - "id": "08811aa8-7a05-489d-9f5e-bd51fd39fbc3", + "id": "11262a8d-3dba-4b8e-b8ec-9fb27d5b0de0", + "name": "view-authorization", + "description": "${role_view-authorization}", + "composite": false, + "clientRole": true, + "containerId": "834cf665-f6bc-416c-986b-6aa3c9906290", + "attributes": {} + }, + { + "id": "c470f16b-6e98-414c-ab83-5252b5e58a3f", + "name": "manage-identity-providers", + "description": "${role_manage-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "834cf665-f6bc-416c-986b-6aa3c9906290", + "attributes": {} + }, + { + "id": "bdc3838a-be75-475e-a5a3-24f8c870d088", "name": "manage-realm", "description": "${role_manage-realm}", "composite": false, "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", + "containerId": "834cf665-f6bc-416c-986b-6aa3c9906290", "attributes": {} }, { - "id": "172dbf29-cc79-438f-9f56-24d0941f04ea", - "name": "impersonation", - "description": "${role_impersonation}", + "id": "ac32c9fb-19a9-4cdf-b203-3869f96e62db", + "name": "query-realms", + "description": "${role_query-realms}", "composite": false, "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", + "containerId": "834cf665-f6bc-416c-986b-6aa3c9906290", "attributes": {} }, { - "id": "6ecdc37e-e84c-4b2f-b7f8-950ad361b831", - "name": "manage-events", - "description": "${role_manage-events}", + "id": "de7a4458-04c3-4416-80cc-4dff7101297d", + "name": "manage-clients", + "description": "${role_manage-clients}", "composite": false, "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", + "containerId": "834cf665-f6bc-416c-986b-6aa3c9906290", "attributes": {} }, { - "id": "3bc03769-6258-4202-9f83-2f9f33821ccb", + "id": "616ffd03-0734-426f-b191-a76cfacdc37a", "name": "view-users", "description": "${role_view-users}", "composite": true, @@ -2094,116 +2080,80 @@ } }, "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", - "attributes": {} - }, - { - "id": "93db5b47-913a-4c45-a227-33f0b5c90701", - "name": "create-client", - "description": "${role_create-client}", - "composite": false, - "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", + "containerId": "834cf665-f6bc-416c-986b-6aa3c9906290", "attributes": {} }, { - "id": "8cce49c4-c187-4573-ad0d-fddabc764ab3", - "name": "view-events", - "description": "${role_view-events}", + "id": "22314456-9956-4634-9554-a9267b228bfb", + "name": "manage-events", + "description": "${role_manage-events}", "composite": false, "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", + "containerId": "834cf665-f6bc-416c-986b-6aa3c9906290", "attributes": {} }, { - "id": "a2621233-2118-44ef-aa5b-c1c75854e395", - "name": "query-clients", - "description": "${role_query-clients}", + "id": "250b7497-c1b7-45a2-967e-39991f748678", + "name": "query-groups", + "description": "${role_query-groups}", "composite": false, "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", + "containerId": "834cf665-f6bc-416c-986b-6aa3c9906290", "attributes": {} }, { - "id": "fa001419-f155-4709-af5a-7753fa0d5798", + "id": "25643939-8ee8-4a30-ada5-687c02cbe3fa", "name": "view-identity-providers", "description": "${role_view-identity-providers}", "composite": false, "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", + "containerId": "834cf665-f6bc-416c-986b-6aa3c9906290", "attributes": {} }, { - "id": "257abe39-01cd-44d1-96c3-e179d83effb6", - "name": "manage-users", - "description": "${role_manage-users}", + "id": "1b44f1f7-21f9-4252-87c9-d1fc711da051", + "name": "impersonation", + "description": "${role_impersonation}", "composite": false, "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", + "containerId": "834cf665-f6bc-416c-986b-6aa3c9906290", "attributes": {} }, { - "id": "ad4b404c-de7f-4224-bb64-fc132a6c54c1", + "id": "c1da3950-6b7e-4480-96d1-a3be3b5a49a0", "name": "realm-admin", "description": "${role_realm-admin}", "composite": true, "composites": { "client": { "realm-management": [ + "manage-users", + "manage-authorization", + "query-users", "view-realm", - "manage-realm", - "impersonation", - "manage-events", - "view-users", - "create-client", "view-events", "query-clients", - "view-identity-providers", - "manage-users", - "query-realms", - "manage-identity-providers", "view-authorization", - "view-clients", - "manage-authorization", - "query-users", + "manage-identity-providers", + "manage-realm", + "query-realms", + "view-users", "manage-clients", - "query-groups" + "manage-events", + "query-groups", + "view-identity-providers", + "impersonation", + "view-clients", + "create-client" ] } }, "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", - "attributes": {} - }, - { - "id": "13ba5952-cd79-4aea-9511-0741b2578980", - "name": "query-realms", - "description": "${role_query-realms}", - "composite": false, - "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", - "attributes": {} - }, - { - "id": "9842d196-88db-4df8-9c99-e383fa2e1b95", - "name": "manage-identity-providers", - "description": "${role_manage-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", - "attributes": {} - }, - { - "id": "14d19c59-046b-4772-8c2d-9dc1ccc82f46", - "name": "view-authorization", - "description": "${role_view-authorization}", - "composite": false, - "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", + "containerId": "834cf665-f6bc-416c-986b-6aa3c9906290", "attributes": {} }, { - "id": "01feddbc-f742-42a9-ba3c-64f8ac2d5ba3", + "id": "525dd709-1e1a-4c21-b711-ca5ceca54d06", "name": "view-clients", "description": "${role_view-clients}", "composite": true, @@ -2215,452 +2165,486 @@ } }, "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", - "attributes": {} - }, - { - "id": "f36cf8ec-3f54-4df5-80e6-36b44c0b1803", - "name": "manage-authorization", - "description": "${role_manage-authorization}", - "composite": false, - "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", - "attributes": {} - }, - { - "id": "b0c29452-6401-4f9d-a808-25b861c19006", - "name": "query-users", - "description": "${role_query-users}", - "composite": false, - "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", - "attributes": {} - }, - { - "id": "acf55e28-5dad-462b-abf5-51f598a7b8e8", - "name": "manage-clients", - "description": "${role_manage-clients}", - "composite": false, - "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", + "containerId": "834cf665-f6bc-416c-986b-6aa3c9906290", "attributes": {} }, { - "id": "08547466-edfb-4676-9fb5-e4f4a6ee7363", - "name": "query-groups", - "description": "${role_query-groups}", + "id": "ece0a58c-d177-4fdb-9b45-e5c6961675cb", + "name": "create-client", + "description": "${role_create-client}", "composite": false, "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", + "containerId": "834cf665-f6bc-416c-986b-6aa3c9906290", "attributes": {} } ], "Cl16-CX-BPDMGate": [ { - "id": "913fa128-8614-49c9-9214-93958fc69758", - "name": "read_input_changelog", + "id": "c3338f4e-9457-4482-9208-af9657d1ed92", + "name": "read_output_changelog", "description": "", "composite": false, "clientRole": true, - "containerId": "52f90723-b4c1-44c3-bef2-fd8ebe59ae6c", + "containerId": "cfe530fb-da05-417b-bbb1-b66a0910ab25", "attributes": {} }, { - "id": "39b49fc2-e48b-4653-97ce-43229b411691", - "name": "read_output_changelog", + "id": "0a259e3d-2085-4a4b-aac9-946ec574d8b8", + "name": "read_sharing_state", "description": "", "composite": false, "clientRole": true, - "containerId": "52f90723-b4c1-44c3-bef2-fd8ebe59ae6c", + "containerId": "cfe530fb-da05-417b-bbb1-b66a0910ab25", "attributes": {} }, { - "id": "8512daa5-2a72-49ce-a6e1-e05539a067ae", - "name": "read_stats", + "id": "f75a27cb-6841-4713-81c1-ee61d7f1d511", + "name": "write_sharing_state", "description": "", "composite": false, "clientRole": true, - "containerId": "52f90723-b4c1-44c3-bef2-fd8ebe59ae6c", + "containerId": "cfe530fb-da05-417b-bbb1-b66a0910ab25", "attributes": {} }, { - "id": "d28cdadc-e85f-432a-bd1f-a4350fa8b11a", - "name": "write_sharing_state", + "id": "ad83e09f-2d8e-43c3-9a59-a8411aacae54", + "name": "read_input_partner", "description": "", "composite": false, "clientRole": true, - "containerId": "52f90723-b4c1-44c3-bef2-fd8ebe59ae6c", + "containerId": "cfe530fb-da05-417b-bbb1-b66a0910ab25", "attributes": {} }, { - "id": "328fb08e-d257-442b-b8bd-da3b3fca85a0", + "id": "54d865e8-3e37-48d5-acd3-7ec2fb0e2b40", "name": "read_output_partner", "description": "", "composite": false, "clientRole": true, - "containerId": "52f90723-b4c1-44c3-bef2-fd8ebe59ae6c", + "containerId": "cfe530fb-da05-417b-bbb1-b66a0910ab25", "attributes": {} }, { - "id": "88712f3f-d043-4739-9645-e814bcef399f", - "name": "write_input_partner", + "id": "cfdf8d0f-5e3b-4113-a7f7-85a0837baaf8", + "name": "read_input_changelog", "description": "", "composite": false, "clientRole": true, - "containerId": "52f90723-b4c1-44c3-bef2-fd8ebe59ae6c", + "containerId": "cfe530fb-da05-417b-bbb1-b66a0910ab25", "attributes": {} }, { - "id": "2c2dbbc9-3b33-4d40-9fa4-13b745134e43", - "name": "read_input_partner", + "id": "a90f6429-3366-4ef3-b36a-f211aa8d67d9", + "name": "read_stats", "description": "", "composite": false, "clientRole": true, - "containerId": "52f90723-b4c1-44c3-bef2-fd8ebe59ae6c", + "containerId": "cfe530fb-da05-417b-bbb1-b66a0910ab25", "attributes": {} }, { - "id": "88edfd18-e528-4622-9152-8e848db2db7d", - "name": "read_sharing_state", + "id": "15431cbc-e6a7-4766-80f8-d5e2aab62fad", + "name": "write_input_partner", "description": "", "composite": false, "clientRole": true, - "containerId": "52f90723-b4c1-44c3-bef2-fd8ebe59ae6c", + "containerId": "cfe530fb-da05-417b-bbb1-b66a0910ab25", "attributes": {} } ], "Cl5-CX-Custodian": [ { - "id": "11c06d7d-8cab-42e8-b8bb-599940c61f2b", - "name": "delete_wallet", - "description": "User can delete his wallet", + "id": "b61aeafb-7691-4a74-a24e-4bdf471bc63c", + "name": "delete_wallets", "composite": false, "clientRole": true, - "containerId": "e6ab12bb-3b26-472c-ad0b-3d871bd1461b", + "containerId": "2adfe458-adcc-4ff6-a5bb-c000a74a0e1b", "attributes": {} }, { - "id": "7cbf7bf7-be0b-4372-9b5d-56bfcfad4ef7", - "name": "add_wallets", + "id": "d5f95fb6-7b41-4a03-8919-98b44b67e52f", + "name": "update_wallets", "composite": false, "clientRole": true, - "containerId": "e6ab12bb-3b26-472c-ad0b-3d871bd1461b", + "containerId": "2adfe458-adcc-4ff6-a5bb-c000a74a0e1b", "attributes": {} }, { - "id": "4e985f0a-4d33-409c-93a2-8d1b1de000e6", - "name": "delete_wallets", + "id": "96aa42e8-e5eb-431f-990b-218d356f4b3f", + "name": "add_wallets", "composite": false, "clientRole": true, - "containerId": "e6ab12bb-3b26-472c-ad0b-3d871bd1461b", + "containerId": "2adfe458-adcc-4ff6-a5bb-c000a74a0e1b", "attributes": {} }, { - "id": "823ef0fd-ad22-4817-b31b-4638139b435c", - "name": "update_wallets", + "id": "758018ba-f303-4b3a-b330-1f94ec73d0fb", + "name": "view_wallets", "composite": false, "clientRole": true, - "containerId": "e6ab12bb-3b26-472c-ad0b-3d871bd1461b", + "containerId": "2adfe458-adcc-4ff6-a5bb-c000a74a0e1b", "attributes": {} }, { - "id": "191ff80d-5525-4dc5-a761-80783a4d8c04", - "name": "add_wallet", - "description": "Add a new wallet", + "id": "79daebe2-8855-4688-9a7c-f78f05e5ef17", + "name": "view_wallet", + "description": "Can view own wallet", "composite": false, "clientRole": true, - "containerId": "e6ab12bb-3b26-472c-ad0b-3d871bd1461b", + "containerId": "2adfe458-adcc-4ff6-a5bb-c000a74a0e1b", "attributes": {} }, { - "id": "d6521ed5-9154-49a8-9ac4-c0a12573b201", - "name": "view_wallet", - "description": "Can view own wallet", + "id": "ef20c4ff-e5b9-4adc-839d-24bb531b830f", + "name": "delete_wallet", + "description": "User can delete his wallet", "composite": false, "clientRole": true, - "containerId": "e6ab12bb-3b26-472c-ad0b-3d871bd1461b", + "containerId": "2adfe458-adcc-4ff6-a5bb-c000a74a0e1b", "attributes": {} }, { - "id": "dbdb11f0-f21a-4012-9610-43934407c309", + "id": "edda346c-3950-462d-bc4c-d781f33eab85", "name": "update_wallet", "description": "Change existing wallet", "composite": false, "clientRole": true, - "containerId": "e6ab12bb-3b26-472c-ad0b-3d871bd1461b", + "containerId": "2adfe458-adcc-4ff6-a5bb-c000a74a0e1b", "attributes": {} }, { - "id": "82b61160-ff26-4dd0-abf5-33d6ec57cdc7", - "name": "view_wallets", + "id": "a6587abc-726c-432b-a4f2-dc8ac7e81cb1", + "name": "add_wallet", + "description": "Add a new wallet", "composite": false, "clientRole": true, - "containerId": "e6ab12bb-3b26-472c-ad0b-3d871bd1461b", + "containerId": "2adfe458-adcc-4ff6-a5bb-c000a74a0e1b", "attributes": {} } ], "Cl1-CX-Registration": [ { - "id": "3c7b8dec-3ef8-4665-82a3-2d8aeed059d8", - "name": "view_documents", + "id": "525c493b-a8b0-43df-9c2b-b1825051478c", + "name": "Company Admin", + "composite": true, + "composites": { + "client": { + "Cl7-CX-BPDM": [ + "read_partner_member", + "read_metadata", + "read_partner", + "read_changelog_member" + ], + "Cl1-CX-Registration": [ + "view_registration", + "view_company_roles", + "sign_consent", + "add_company_data", + "delete_documents", + "upload_documents", + "view_documents", + "invite_user", + "submit_registration" + ] + } + }, + "clientRole": true, + "containerId": "ea027af2-9a4f-4fd7-833c-5841d8409be1", + "attributes": {} + }, + { + "id": "274efee6-925d-4f79-b5be-e90dd9547bb1", + "name": "Legal Manager", + "composite": true, + "composites": { + "client": { + "Cl1-CX-Registration": [ + "add_company_data", + "delete_documents", + "upload_documents", + "view_registration", + "view_documents", + "invite_user", + "view_company_roles", + "submit_registration", + "sign_consent" + ] + } + }, + "clientRole": true, + "containerId": "ea027af2-9a4f-4fd7-833c-5841d8409be1", + "attributes": {} + }, + { + "id": "2c54ed6f-d761-4396-bc9b-2a5efa64b84c", + "name": "view_registration", + "description": "Permission to access & view the registration process", "composite": false, "clientRole": true, - "containerId": "fcc06fed-6259-4a49-8e1b-e7eae940145e", + "containerId": "ea027af2-9a4f-4fd7-833c-5841d8409be1", "attributes": {} }, { - "id": "21fce69f-e42a-4f03-a47f-74441f5719c7", + "id": "48ef0cc3-a67f-4087-be63-139395597465", "name": "view_company_roles", "description": "View Company Roles and Descriptions", "composite": false, "clientRole": true, - "containerId": "fcc06fed-6259-4a49-8e1b-e7eae940145e", + "containerId": "ea027af2-9a4f-4fd7-833c-5841d8409be1", "attributes": {} }, { - "id": "9fe7f83e-c5af-408f-9e02-66ca6d318d9b", - "name": "delete_documents", - "description": "delete_documents", + "id": "db0fc4b4-f67e-4c8d-809e-48eaf8f74d26", + "name": "sign_consent", + "description": "User is able to confirm Terms & Conditions", "composite": false, "clientRole": true, - "containerId": "fcc06fed-6259-4a49-8e1b-e7eae940145e", + "containerId": "ea027af2-9a4f-4fd7-833c-5841d8409be1", "attributes": {} }, { - "id": "009c93b3-8cb7-4961-9492-9d2fc9574583", - "name": "upload_documents", - "description": "User is able to upload documents in the registration service", + "id": "bb13a7fb-1d7e-41ad-b93a-50c395ca58eb", + "name": "add_company_data", + "description": "User is able to add / edit company data under the registration process", "composite": false, "clientRole": true, - "containerId": "fcc06fed-6259-4a49-8e1b-e7eae940145e", + "containerId": "ea027af2-9a4f-4fd7-833c-5841d8409be1", "attributes": {} }, { - "id": "9607136e-9daf-4057-9274-767d4de473ab", - "name": "add_company_data", - "description": "User is able to add / edit company data under the registration process", + "id": "39267716-1340-40cb-9148-10eafac726ca", + "name": "delete_documents", + "description": "delete_documents", "composite": false, "clientRole": true, - "containerId": "fcc06fed-6259-4a49-8e1b-e7eae940145e", + "containerId": "ea027af2-9a4f-4fd7-833c-5841d8409be1", "attributes": {} }, { - "id": "b1b1e25d-0e14-4fc0-882a-126f3f6cbbc0", - "name": "view_registration", - "description": "Permission to access & view the registration process", + "id": "693f74cc-cb56-45fb-aae6-b637eaede089", + "name": "upload_documents", + "description": "User is able to upload documents in the registration service", "composite": false, "clientRole": true, - "containerId": "fcc06fed-6259-4a49-8e1b-e7eae940145e", + "containerId": "ea027af2-9a4f-4fd7-833c-5841d8409be1", "attributes": {} }, { - "id": "fd523149-5499-412d-82b0-d8aeccbb5c5e", - "name": "Company Admin", + "id": "ead0ff99-4e3b-4683-98e1-6d912fc42132", + "name": "Signing Manager", "composite": true, "composites": { "client": { - "Cl7-CX-BPDM": [ - "read_metadata", - "read_partner_member", - "read_changelog_member", - "read_partner" - ], "Cl1-CX-Registration": [ - "view_documents", - "view_company_roles", + "add_company_data", "delete_documents", "upload_documents", - "add_company_data", "view_registration", + "view_documents", + "invite_user", + "view_company_roles", "submit_registration", - "sign_consent", - "invite_user" + "sign_consent" ] } }, "clientRole": true, - "containerId": "fcc06fed-6259-4a49-8e1b-e7eae940145e", + "containerId": "ea027af2-9a4f-4fd7-833c-5841d8409be1", + "attributes": {} + }, + { + "id": "809d2b85-3ed1-4aee-ab50-72a858203865", + "name": "invite_user", + "description": "User is able to add additional users to the registration process", + "composite": false, + "clientRole": true, + "containerId": "ea027af2-9a4f-4fd7-833c-5841d8409be1", + "attributes": {} + }, + { + "id": "6a338306-a561-408c-9ae4-7df65ce341cb", + "name": "view_documents", + "composite": false, + "clientRole": true, + "containerId": "ea027af2-9a4f-4fd7-833c-5841d8409be1", + "attributes": {} + }, + { + "id": "28fe4b38-aab1-47d8-b35a-8d7b383b7fe9", + "name": "submit_registration", + "description": "User is able to submit the registration to Catena-X", + "composite": false, + "clientRole": true, + "containerId": "ea027af2-9a4f-4fd7-833c-5841d8409be1", "attributes": {} }, { - "id": "e5f03bf6-0b3c-4539-8873-d146bd18e504", + "id": "b0d2351b-dd63-4c4e-9d25-54cffc334826", "name": "CX Admin", "composite": true, "composites": { "client": { "Cl1-CX-Registration": [ "add_company_data", + "delete_documents", + "upload_documents", "view_registration", "view_documents", + "invite_user", "view_company_roles", "submit_registration", - "sign_consent", - "delete_documents", - "upload_documents", - "invite_user" + "sign_consent" ] } }, "clientRole": true, - "containerId": "fcc06fed-6259-4a49-8e1b-e7eae940145e", + "containerId": "ea027af2-9a4f-4fd7-833c-5841d8409be1", + "attributes": {} + } + ], + "Cl25-CX-BPDM-Orchestrator": [ + { + "id": "cebbaa29-d555-44bc-85d5-f5287efd0dac", + "name": "create_task", + "description": "Allowed to create new golden record tasks", + "composite": false, + "clientRole": true, + "containerId": "d4d7cb1e-1361-4b9d-ba5d-8fdab5783377", "attributes": {} }, { - "id": "086cf0b0-7181-4a8a-89d3-137fd02e0847", - "name": "submit_registration", - "description": "User is able to submit the registration to Catena-X", + "id": "8e4319cf-5035-4390-8ee6-ca225bc5cf86", + "name": "read_task", + "description": "Allowed to read the processing state and result of golden record tasks.", + "composite": false, + "clientRole": true, + "containerId": "d4d7cb1e-1361-4b9d-ba5d-8fdab5783377", + "attributes": {} + }, + { + "id": "df7fb7d5-56e0-4852-bd55-b63968f7c9a5", + "name": "create_reservation_poolSync", + "description": "Allowed to create reservations for golden record tasks in the 'PoolSync' queue.", + "composite": false, + "clientRole": true, + "containerId": "d4d7cb1e-1361-4b9d-ba5d-8fdab5783377", + "attributes": {} + }, + { + "id": "21bbd02a-15a2-495c-b2ad-a3168555c2fe", + "name": "create_reservation_clean", + "description": "Allowed to create reservations for golden record tasks inside the 'Clean' queue.", "composite": false, "clientRole": true, - "containerId": "fcc06fed-6259-4a49-8e1b-e7eae940145e", + "containerId": "d4d7cb1e-1361-4b9d-ba5d-8fdab5783377", "attributes": {} }, { - "id": "87ecd7bb-039a-4e0a-a1a8-ca17b32d7891", - "name": "Signing Manager", - "composite": true, - "composites": { - "client": { - "Cl1-CX-Registration": [ - "add_company_data", - "view_registration", - "view_documents", - "view_company_roles", - "submit_registration", - "sign_consent", - "delete_documents", - "upload_documents", - "invite_user" - ] - } - }, + "id": "99535c1a-7b14-4baa-9244-b98912335609", + "name": "create_reservation_cleanAndSync", + "description": "Allowed to create reservations for golden record tasks in the 'CleanAndSync' queue", + "composite": false, "clientRole": true, - "containerId": "fcc06fed-6259-4a49-8e1b-e7eae940145e", + "containerId": "d4d7cb1e-1361-4b9d-ba5d-8fdab5783377", "attributes": {} }, { - "id": "e12709ce-c1fc-454a-a095-4088cab26539", - "name": "sign_consent", - "description": "User is able to confirm Terms & Conditions", + "id": "ebe03e32-ca7e-42c3-b78e-940b23e4b109", + "name": "create_result_cleanAndSync", + "description": "Allowed to create results for reserved golden record tasks in the 'CleanAndSync' queue.", "composite": false, "clientRole": true, - "containerId": "fcc06fed-6259-4a49-8e1b-e7eae940145e", + "containerId": "d4d7cb1e-1361-4b9d-ba5d-8fdab5783377", "attributes": {} }, { - "id": "461ea134-91cd-4482-a0cb-6f8406846807", - "name": "Legal Manager", - "composite": true, - "composites": { - "client": { - "Cl1-CX-Registration": [ - "add_company_data", - "view_registration", - "view_documents", - "view_company_roles", - "submit_registration", - "sign_consent", - "delete_documents", - "upload_documents", - "invite_user" - ] - } - }, + "id": "47f504b2-16f4-494d-8af4-12871e0ccefa", + "name": "create_result_clean", + "description": "Allowed to create results for reserved golden record tasks in the 'Clean' queue.", + "composite": false, "clientRole": true, - "containerId": "fcc06fed-6259-4a49-8e1b-e7eae940145e", + "containerId": "d4d7cb1e-1361-4b9d-ba5d-8fdab5783377", "attributes": {} }, { - "id": "44d50090-3343-48d8-9843-7eeb15276869", - "name": "invite_user", - "description": "User is able to add additional users to the registration process", + "id": "e0711559-ad68-4f51-80f3-61ced1cf70eb", + "name": "create_result_poolSync", + "description": "Allowed to create results for reserved golden record tasks in the 'PoolSync' queue.", "composite": false, "clientRole": true, - "containerId": "fcc06fed-6259-4a49-8e1b-e7eae940145e", + "containerId": "d4d7cb1e-1361-4b9d-ba5d-8fdab5783377", "attributes": {} } ], + "sa-cl7-cx-1": [], "sa-cl21-01": [], "sa-cl7-cx-5": [], "broker": [ { - "id": "d1330d07-b783-43ad-b545-85a230060023", + "id": "378c139e-458b-4da1-9835-a0b7022a3e5e", "name": "read-token", "description": "${role_read-token}", "composite": false, "clientRole": true, - "containerId": "03885031-084a-4317-aa51-de9b4acf8fa9", + "containerId": "3e5c5d5c-39df-42d2-a67e-61eb22893873", "attributes": {} } ], "sa-cl7-cx-7": [], "Cl3-CX-Semantic": [ { - "id": "beef62b1-2e1c-4fc2-8813-7f3981ebfde2", - "name": "view_semantic_model", - "description": "View existing data models", + "id": "c0e0ba3a-0a90-4536-a064-b9ee8608334e", + "name": "add_semantic_model", + "description": "Add semantic model", "composite": false, "clientRole": true, - "containerId": "36e2745d-f331-4fa5-bbfa-90947d7f1dc4", + "containerId": "13583bc5-87ca-48c5-bbeb-4080a9c2b33f", "attributes": {} }, { - "id": "fa8261a8-fe09-4867-a558-438737917185", - "name": "delete_semantic_model", - "description": "User can delete existing semantic models", + "id": "af43927e-762c-44ac-8712-aca597403f05", + "name": "view_semantic_model", + "description": "View existing data models", "composite": false, "clientRole": true, - "containerId": "36e2745d-f331-4fa5-bbfa-90947d7f1dc4", + "containerId": "13583bc5-87ca-48c5-bbeb-4080a9c2b33f", "attributes": {} }, { - "id": "a46242a3-26db-4b86-b836-bf0339168c56", - "name": "add_semantic_model", - "description": "Add semantic model", + "id": "ed3fb460-e41a-4c42-8b9e-1392b05c893a", + "name": "update_semantic_model", + "description": "User can update existing semantic models", "composite": false, "clientRole": true, - "containerId": "36e2745d-f331-4fa5-bbfa-90947d7f1dc4", + "containerId": "13583bc5-87ca-48c5-bbeb-4080a9c2b33f", "attributes": {} }, { - "id": "f7d88948-b75d-4ed0-851d-b4c645ae27ca", - "name": "update_semantic_model", - "description": "User can update existing semantic models", + "id": "96e19ab8-aedf-4325-86aa-3fb3aa788bc5", + "name": "delete_semantic_model", + "description": "User can delete existing semantic models", "composite": false, "clientRole": true, - "containerId": "36e2745d-f331-4fa5-bbfa-90947d7f1dc4", + "containerId": "13583bc5-87ca-48c5-bbeb-4080a9c2b33f", "attributes": {} } ], "sa-cl1-reg-2": [], "sa-cl5-custodian-2": [], + "sa-cl25-cx-3": [], + "sa-cl25-cx-2": [], "account": [ { - "id": "9a1e745f-e0b5-4efc-9336-3ba403a79cb8", - "name": "manage-consent", - "description": "${role_manage-consent}", - "composite": true, - "composites": { - "client": { - "account": [ - "view-consent" - ] - } - }, - "clientRole": true, - "containerId": "60313b78-e131-4358-9817-163ee938cc59", - "attributes": {} - }, - { - "id": "93070949-280d-4183-9761-94792722cc1d", + "id": "7698b3f6-ccaf-4497-8ed2-aa0ce3029994", "name": "delete-account", "description": "${role_delete-account}", "composite": false, "clientRole": true, - "containerId": "60313b78-e131-4358-9817-163ee938cc59", + "containerId": "f857cec8-cabf-4050-9b29-bede81a79fbc", "attributes": {} }, { - "id": "20d5e725-3d3b-4bfe-9a62-5e650ae55b53", + "id": "f475fc98-2e6f-45cf-9201-e503193193d2", "name": "manage-account", "description": "${role_manage-account}", "composite": true, @@ -2672,71 +2656,88 @@ } }, "clientRole": true, - "containerId": "60313b78-e131-4358-9817-163ee938cc59", + "containerId": "f857cec8-cabf-4050-9b29-bede81a79fbc", "attributes": {} }, { - "id": "d0312a58-8fba-4fea-9a07-bd5e1515f9d8", - "name": "view-profile", - "description": "${role_view-profile}", + "id": "c98db63d-e514-4ad8-b83c-4861bbfb85f6", + "name": "view-groups", + "description": "${role_view-groups}", "composite": false, "clientRole": true, - "containerId": "60313b78-e131-4358-9817-163ee938cc59", + "containerId": "f857cec8-cabf-4050-9b29-bede81a79fbc", "attributes": {} }, { - "id": "1bc65f13-4eda-4954-9944-6699ec3913b3", - "name": "manage-account-links", - "description": "${role_manage-account-links}", + "id": "a0770389-8db4-4470-8d1e-b5b3ba21fe3c", + "name": "view-consent", + "description": "${role_view-consent}", + "composite": false, + "clientRole": true, + "containerId": "f857cec8-cabf-4050-9b29-bede81a79fbc", + "attributes": {} + }, + { + "id": "2babaeda-dc33-4501-92e3-b57321b8f598", + "name": "view-profile", + "description": "${role_view-profile}", "composite": false, "clientRole": true, - "containerId": "60313b78-e131-4358-9817-163ee938cc59", + "containerId": "f857cec8-cabf-4050-9b29-bede81a79fbc", "attributes": {} }, { - "id": "8b60326c-d508-4563-a41f-7973383d7501", + "id": "20a77362-9a59-44ef-8d86-d2755452ea84", "name": "view-applications", "description": "${role_view-applications}", "composite": false, "clientRole": true, - "containerId": "60313b78-e131-4358-9817-163ee938cc59", + "containerId": "f857cec8-cabf-4050-9b29-bede81a79fbc", "attributes": {} }, { - "id": "1cf8486a-4671-452c-bda9-115842957c8e", - "name": "view-groups", - "description": "${role_view-groups}", - "composite": false, + "id": "65d0ed57-d130-48f9-a88d-f860590313e6", + "name": "manage-consent", + "description": "${role_manage-consent}", + "composite": true, + "composites": { + "client": { + "account": [ + "view-consent" + ] + } + }, "clientRole": true, - "containerId": "60313b78-e131-4358-9817-163ee938cc59", + "containerId": "f857cec8-cabf-4050-9b29-bede81a79fbc", "attributes": {} }, { - "id": "ef74a99a-0297-43c7-ae30-109c08a5aa69", - "name": "view-consent", - "description": "${role_view-consent}", + "id": "74ba83db-88fc-4e0a-9051-93f245bac054", + "name": "manage-account-links", + "description": "${role_manage-account-links}", "composite": false, "clientRole": true, - "containerId": "60313b78-e131-4358-9817-163ee938cc59", + "containerId": "f857cec8-cabf-4050-9b29-bede81a79fbc", "attributes": {} } ], "Cl23-CX-Policy-Hub": [ { - "id": "c9dd28a0-8abe-428b-88e0-56c9de63758a", + "id": "2a5acc39-4f71-407b-9c4a-f431b132ad49", "name": "view_policy_hub", "description": "", "composite": false, "clientRole": true, - "containerId": "6546aea2-dbb9-4ffb-a034-c8544c4aebe0", + "containerId": "42b62ecb-2fc8-4bb4-93a9-3db19d7cd544", "attributes": {} } - ] + ], + "sa-cl25-cx-1": [] } }, "groups": [], "defaultRole": { - "id": "4c19f2aa-f9b9-473e-ba5c-46c2f4e52c8b", + "id": "4a50b303-b315-4298-9ced-328556345fa0", "name": "default-roles-cx-central", "description": "${role_default-roles}", "composite": true, @@ -2788,17 +2789,17 @@ "users": [ { "id": "e69c1397-eee8-434a-b83b-dc7944bb9bdd", - "createdTimestamp": 1651730911692, "username": "service-account-sa-cl1-reg-2", - "enabled": true, - "totp": false, "emailVerified": false, - "serviceAccountClientId": "sa-cl1-reg-2", "attributes": { "bpn": [ "BPNL00000003CRHK" ] }, + "createdTimestamp": 1651730911692, + "enabled": true, + "totp": false, + "serviceAccountClientId": "sa-cl1-reg-2", "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ @@ -2816,17 +2817,17 @@ }, { "id": "f0c69a64-dfbe-46e4-92db-75f6f4670909", - "createdTimestamp": 1676572155414, "username": "service-account-sa-cl2-01", - "enabled": true, - "totp": false, "emailVerified": false, - "serviceAccountClientId": "sa-cl2-01", "attributes": { "bpn": [ "BPNL00000003CRHK" ] }, + "createdTimestamp": 1676572155414, + "enabled": true, + "totp": false, + "serviceAccountClientId": "sa-cl2-01", "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ @@ -2842,17 +2843,17 @@ }, { "id": "18c3a6b3-ecfe-4572-bbb4-af0c1823f206", - "createdTimestamp": 1676572207640, "username": "service-account-sa-cl2-02", - "enabled": true, - "totp": false, "emailVerified": false, - "serviceAccountClientId": "sa-cl2-02", "attributes": { "bpn": [ "BPNL00000003CRHK" ] }, + "createdTimestamp": 1676572207640, + "enabled": true, + "totp": false, + "serviceAccountClientId": "sa-cl2-02", "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ @@ -2869,17 +2870,17 @@ }, { "id": "a0bbb8fa-cc40-44e3-828d-342e782fd284", - "createdTimestamp": 1681380138448, "username": "service-account-sa-cl2-03", - "enabled": true, - "totp": false, "emailVerified": false, - "serviceAccountClientId": "sa-cl2-03", "attributes": { "bpn": [ "BPNL00000003CRHK" ] }, + "createdTimestamp": 1681380138448, + "enabled": true, + "totp": false, + "serviceAccountClientId": "sa-cl2-03", "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ @@ -2890,17 +2891,17 @@ }, { "id": "b2c10c26-2bd6-4181-bb79-b88aa4b250e7", - "createdTimestamp": 1712762229098, "username": "service-account-sa-cl2-04", - "enabled": true, - "totp": false, "emailVerified": false, - "serviceAccountClientId": "sa-cl2-04", "attributes": { "bpn": [ "BPNL00000003CRHK" ] }, + "createdTimestamp": 1712762229098, + "enabled": true, + "totp": false, + "serviceAccountClientId": "sa-cl2-04", "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ @@ -2908,12 +2909,12 @@ ], "clientRoles": { "Cl24-CX-SSI-CredentialIssuer": [ - "request_ssicredential", - "revoke_credential", - "revoke_credentials_issuer", "view_use_case_participation", + "revoke_credential", "view_certificates", - "decision_ssicredential" + "decision_ssicredential", + "revoke_credentials_issuer", + "request_ssicredential" ] }, "notBefore": 0, @@ -2921,17 +2922,17 @@ }, { "id": "a548bfdc-232e-4cd7-8a66-2eab09e1b302", - "createdTimestamp": 1712764151096, "username": "service-account-sa-cl2-05", - "enabled": true, - "totp": false, "emailVerified": false, - "serviceAccountClientId": "sa-cl2-05", "attributes": { "bpn": [ "BPNL00000003CRHK" ] }, + "createdTimestamp": 1712764151096, + "enabled": true, + "totp": false, + "serviceAccountClientId": "sa-cl2-05", "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ @@ -2948,17 +2949,17 @@ }, { "id": "319d6b7f-bd88-4103-8124-e8ac4c791acf", - "createdTimestamp": 1681915810810, "username": "service-account-sa-cl21-01", - "enabled": true, - "totp": false, "emailVerified": false, - "serviceAccountClientId": "sa-cl21-01", "attributes": { "bpn": [ "BPNL00000003CRHK" ] }, + "createdTimestamp": 1681915810810, + "enabled": true, + "totp": false, + "serviceAccountClientId": "sa-cl21-01", "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ @@ -2967,8 +2968,8 @@ "clientRoles": { "Cl21-CX-DF": [ "view_discovery_endpoint", - "delete_discovery_endpoint", - "add_discovery_endpoint" + "add_discovery_endpoint", + "delete_discovery_endpoint" ] }, "notBefore": 0, @@ -2976,17 +2977,17 @@ }, { "id": "b52bd8e5-98ce-48b4-af43-0b43b45d0358", - "createdTimestamp": 1681915925763, "username": "service-account-sa-cl22-01", - "enabled": true, - "totp": false, "emailVerified": false, - "serviceAccountClientId": "sa-cl22-01", "attributes": { "bpn": [ "BPNL00000003CRHK" ] }, + "createdTimestamp": 1681915925763, + "enabled": true, + "totp": false, + "serviceAccountClientId": "sa-cl22-01", "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ @@ -2994,9 +2995,9 @@ ], "clientRoles": { "Cl22-CX-BPND": [ + "view_bpn_discovery", "add_bpn_discovery", - "delete_bpn_discovery", - "view_bpn_discovery" + "delete_bpn_discovery" ] }, "notBefore": 0, @@ -3004,17 +3005,17 @@ }, { "id": "9c771d3f-236e-4319-9046-863b234834ea", - "createdTimestamp": 1712762697169, "username": "service-account-sa-cl24-01", - "enabled": true, - "totp": false, "emailVerified": false, - "serviceAccountClientId": "sa-cl24-01", "attributes": { "bpn": [ "BPNL00000003CRHK" ] }, + "createdTimestamp": 1712762697169, + "enabled": true, + "totp": false, + "serviceAccountClientId": "sa-cl24-01", "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ @@ -3023,26 +3024,26 @@ "clientRoles": { "Cl2-CX-Portal": [ "update_application_bpn_credential", - "send_mail", - "update_application_membership_credential" + "update_application_membership_credential", + "send_mail" ] }, "notBefore": 0, "groups": [] }, { - "id": "965ae857-1e91-4e0b-bdb5-4efd1fc7ea9c", - "createdTimestamp": 1658347753956, - "username": "service-account-sa-cl3-cx-1", - "enabled": true, - "totp": false, + "id": "bbb919dd-b3aa-4ec3-8786-582787886276", + "username": "service-account-sa-cl25-cx-1", "emailVerified": false, - "serviceAccountClientId": "sa-cl3-cx-1", "attributes": { "bpn": [ "BPNL00000003CRHK" ] }, + "createdTimestamp": 1722276592957, + "enabled": true, + "totp": false, + "serviceAccountClientId": "sa-cl25-cx-1", "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ @@ -3050,63 +3051,52 @@ ], "clientRoles": { "technical_roles_management": [ - "Semantic Model Management" - ], - "Cl3-CX-Semantic": [ - "delete_semantic_model", - "add_semantic_model", - "update_semantic_model" + "BPDM Orchestrator Processor Clean", + "BPDM Orchestrator Processor CleanAndSync" ] }, "notBefore": 0, "groups": [] }, { - "id": "ca2657a8-eba9-4cb4-8b66-8cc30911dfa1", - "createdTimestamp": 1657558751239, - "username": "service-account-sa-cl5-custodian-2", - "enabled": true, - "totp": false, + "id": "e24da044-7290-45f4-a2ea-cb8165393f0a", + "username": "service-account-sa-cl25-cx-2", "emailVerified": false, - "serviceAccountClientId": "sa-cl5-custodian-2", "attributes": { "bpn": [ "BPNL00000003CRHK" ] }, + "createdTimestamp": 1722276592957, + "enabled": true, + "totp": false, + "serviceAccountClientId": "sa-cl25-cx-2", "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ "default-roles-cx-central" ], "clientRoles": { - "Cl5-CX-Custodian": [ - "delete_wallet", - "add_wallets", - "delete_wallets", - "update_wallets", - "add_wallet", - "view_wallet", - "update_wallet", - "view_wallets" + "technical_roles_management": [ + "BPDM Orchestrator Processor PoolSync" ] }, "notBefore": 0, "groups": [] }, { - "id": "f014ed5d-9e05-4f29-a5c0-227c7e7b479e", - "createdTimestamp": 1670157703230, - "username": "service-account-sa-cl7-cx-5", - "enabled": true, - "totp": false, + "id": "72351810-a1b4-42e6-9686-8abe6b0d5cb0", + "username": "service-account-sa-cl25-cx-3", "emailVerified": false, - "serviceAccountClientId": "sa-cl7-cx-5", "attributes": { "bpn": [ "BPNL00000003CRHK" ] }, + "createdTimestamp": 1722276592957, + "enabled": true, + "totp": false, + "serviceAccountClientId": "sa-cl25-cx-3", "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ @@ -3114,27 +3104,25 @@ ], "clientRoles": { "technical_roles_management": [ - "BPDM Sharing Admin", - "BPDM Pool Admin", - "BPDM Orchestrator Admin" + "BPDM Orchestrator Task Creator" ] }, "notBefore": 0, "groups": [] }, { - "id": "e24da044-7290-45f4-a2ea-cb8165393f0a", - "createdTimestamp": 1722276592957, - "username": "service-account-sa-cl25-cx-2", - "enabled": true, - "totp": false, + "id": "965ae857-1e91-4e0b-bdb5-4efd1fc7ea9c", + "username": "service-account-sa-cl3-cx-1", "emailVerified": false, - "serviceAccountClientId": "sa-cl25-cx-2", "attributes": { "bpn": [ "BPNL00000003CRHK" ] }, + "createdTimestamp": 1658347753956, + "enabled": true, + "totp": false, + "serviceAccountClientId": "sa-cl3-cx-1", "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ @@ -3142,51 +3130,63 @@ ], "clientRoles": { "technical_roles_management": [ - "BPDM Orchestrator Processor PoolSync" + "Semantic Model Management" + ], + "Cl3-CX-Semantic": [ + "add_semantic_model", + "update_semantic_model", + "delete_semantic_model" ] }, "notBefore": 0, "groups": [] }, { - "id": "72351810-a1b4-42e6-9686-8abe6b0d5cb0", - "createdTimestamp": 1722276592957, - "username": "service-account-sa-cl25-cx-3", - "enabled": true, - "totp": false, + "id": "ca2657a8-eba9-4cb4-8b66-8cc30911dfa1", + "username": "service-account-sa-cl5-custodian-2", "emailVerified": false, - "serviceAccountClientId": "sa-cl25-cx-3", "attributes": { "bpn": [ "BPNL00000003CRHK" ] }, + "createdTimestamp": 1657558751239, + "enabled": true, + "totp": false, + "serviceAccountClientId": "sa-cl5-custodian-2", "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ "default-roles-cx-central" ], "clientRoles": { - "technical_roles_management": [ - "BPDM Orchestrator Task Creator" + "Cl5-CX-Custodian": [ + "delete_wallets", + "update_wallets", + "add_wallets", + "view_wallets", + "view_wallet", + "delete_wallet", + "update_wallet", + "add_wallet" ] }, "notBefore": 0, "groups": [] }, { - "id": "bbb919dd-b3aa-4ec3-8786-582787886276", - "createdTimestamp": 1722276592957, - "username": "service-account-sa-cl25-cx-1", - "enabled": true, - "totp": false, + "id": "95796de5-c9c6-46fc-a3f7-7af782ea9024", + "username": "service-account-sa-cl7-cx-1", "emailVerified": false, - "serviceAccountClientId": "sa-cl25-cx-1", "attributes": { "bpn": [ "BPNL00000003CRHK" ] }, + "createdTimestamp": 1722276592957, + "enabled": true, + "totp": false, + "serviceAccountClientId": "sa-cl7-cx-1", "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ @@ -3194,26 +3194,25 @@ ], "clientRoles": { "technical_roles_management": [ - "BPDM Orchestrator Processor CleanAndSync", - "BPDM Orchestrator Processor Clean" + "BPDM Pool Sharing Consumer" ] }, "notBefore": 0, "groups": [] }, { - "id": "3f9fc7e8-d312-4912-a9a1-4db8849ce8f7", - "createdTimestamp": 1722276592957, - "username": "service-account-sa-cl7-cx-7", - "enabled": true, - "totp": false, + "id": "f014ed5d-9e05-4f29-a5c0-227c7e7b479e", + "username": "service-account-sa-cl7-cx-5", "emailVerified": false, - "serviceAccountClientId": "sa-cl7-cx-7", "attributes": { "bpn": [ "BPNL00000003CRHK" ] }, + "createdTimestamp": 1670157703230, + "enabled": true, + "totp": false, + "serviceAccountClientId": "sa-cl7-cx-5", "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ @@ -3221,61 +3220,63 @@ ], "clientRoles": { "technical_roles_management": [ - "BPDM Sharing Admin", + "BPDM Orchestrator Admin", "BPDM Pool Admin", - "BPDM Orchestrator Admin" + "BPDM Sharing Admin" ] }, "notBefore": 0, "groups": [] }, { - "id": "dcb9a153-e1b4-4fac-bc51-7032023e9db9", - "createdTimestamp": 1675867052982, - "username": "service-account-sa-cl8-cx-1", - "enabled": true, - "totp": false, + "id": "3f9fc7e8-d312-4912-a9a1-4db8849ce8f7", + "username": "service-account-sa-cl7-cx-7", "emailVerified": false, - "serviceAccountClientId": "sa-cl8-cx-1", "attributes": { "bpn": [ "BPNL00000003CRHK" ] }, + "createdTimestamp": 1722276592957, + "enabled": true, + "totp": false, + "serviceAccountClientId": "sa-cl7-cx-7", "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ "default-roles-cx-central" ], "clientRoles": { - "Cl2-CX-Portal": [ - "add_self_descriptions" + "technical_roles_management": [ + "BPDM Orchestrator Admin", + "BPDM Pool Admin", + "BPDM Sharing Admin" ] }, "notBefore": 0, "groups": [] }, { - "id": "95796de5-c9c6-46fc-a3f7-7af782ea9024", - "createdTimestamp": 1722276592957, - "username": "service-account-sa-cl7-cx-1", - "enabled": true, - "totp": false, + "id": "dcb9a153-e1b4-4fac-bc51-7032023e9db9", + "username": "service-account-sa-cl8-cx-1", "emailVerified": false, - "serviceAccountClientId": "sa-cl7-cx-1", "attributes": { "bpn": [ "BPNL00000003CRHK" ] }, + "createdTimestamp": 1675867052982, + "enabled": true, + "totp": false, + "serviceAccountClientId": "sa-cl8-cx-1", "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ "default-roles-cx-central" ], "clientRoles": { - "technical_roles_management": [ - "BPDM Pool Sharing Consumer" + "Cl2-CX-Portal": [ + "add_self_descriptions" ] }, "notBefore": 0, @@ -3323,52 +3324,52 @@ ], "technical_roles_management": [ { - "client": "sa-cl3-cx-1", + "client": "sa-cl25-cx-1", "roles": [ - "Dataspace Discovery", - "Semantic Model Management", - "Identity Wallet Management" + "BPDM Orchestrator Processor CleanAndSync", + "BPDM Orchestrator Processor Clean" ] }, { - "client": "sa-cl7-cx-5", + "client": "sa-cl25-cx-2", "roles": [ - "BPDM Pool Admin", - "BPDM Sharing Admin", - "BPDM Orchestrator Admin" + "BPDM Orchestrator Processor PoolSync" ] }, { - "client": "sa-cl7-cx-7", + "client": "sa-cl25-cx-3", "roles": [ - "BPDM Pool Admin", - "BPDM Sharing Admin", - "BPDM Orchestrator Admin" + "BPDM Orchestrator Task Creator" ] }, { - "client": "sa-cl25-cx-1", + "client": "sa-cl3-cx-1", "roles": [ - "BPDM Orchestrator Processor CleanAndSync", - "BPDM Orchestrator Processor Clean" + "Dataspace Discovery", + "Semantic Model Management", + "Identity Wallet Management" ] }, { - "client": "sa-cl25-cx-2", + "client": "sa-cl7-cx-1", "roles": [ - "BPDM Orchestrator Processor PoolSync" + "BPDM Pool Sharing Consumer" ] }, { - "client": "sa-cl25-cx-3", + "client": "sa-cl7-cx-5", "roles": [ - "BPDM Orchestrator Task Creator" + "BPDM Pool Admin", + "BPDM Orchestrator Admin", + "BPDM Sharing Admin" ] }, { - "client": "sa-cl7-cx-1", + "client": "sa-cl7-cx-7", "roles": [ - "BPDM Pool Sharing Consumer" + "BPDM Pool Admin", + "BPDM Orchestrator Admin", + "BPDM Sharing Admin" ] } ], @@ -3379,9 +3380,9 @@ "delete_wallet", "delete_wallets", "update_wallets", - "add_wallet", - "update_wallet", "view_wallets", + "update_wallet", + "add_wallet", "view_wallet", "add_wallets" ] @@ -3391,8 +3392,8 @@ { "client": "sa-cl2-04", "roles": [ - "revoke_credentials_issuer", "view_use_case_participation", + "revoke_credentials_issuer", "view_certificates", "request_ssicredential", "revoke_credential", @@ -3433,9 +3434,9 @@ "client": "sa-cl24-01", "roles": [ "send_mail", - "create_ssi_notifications", "update_application_membership_credential", - "update_application_bpn_credential" + "update_application_bpn_credential", + "create_ssi_notifications" ] }, { @@ -3458,7 +3459,7 @@ }, "clients": [ { - "id": "60313b78-e131-4358-9817-163ee938cc59", + "id": "f857cec8-cabf-4050-9b29-bede81a79fbc", "clientId": "account", "name": "${client_account}", "rootUrl": "${authBaseUrl}", @@ -3514,6 +3515,7 @@ "defaultClientScopes": [ "web-origins", "roles", + "basic", "email" ], "optionalClientScopes": [ @@ -3524,7 +3526,7 @@ ] }, { - "id": "edb1e627-426a-4593-93c0-e9b4bc45c4d6", + "id": "94da412e-8196-4530-a489-d68242d07bce", "clientId": "account-console", "name": "${client_account-console}", "rootUrl": "${authBaseUrl}", @@ -3550,29 +3552,29 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "id.token.as.detached.signature": "false", + "saml.assertion.signature": "false", "saml.force.post.binding": "false", "saml.multivalued.roles": "false", + "saml.encrypt": "false", "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", + "saml.server.signature": "false", "saml.server.signature.keyinfo.ext": "false", "use.refresh.tokens": "true", + "exclude.session.state.from.auth.response": "false", "oidc.ciba.grant.enabled": "false", + "saml.artifact.binding": "false", "backchannel.logout.session.required": "false", "client_credentials.use_refresh_token": "false", + "saml_force_name_id_format": "false", "require.pushed.authorization.requests": "false", "saml.client.signature": "false", - "pkce.code.challenge.method": "S256", - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.encrypt": "false", - "saml.server.signature": "false", - "exclude.session.state.from.auth.response": "false", - "saml.artifact.binding": "false", - "saml_force_name_id_format": "false", "tls.client.certificate.bound.access.tokens": "false", "saml.authnstatement": "false", "display.on.consent.screen": "false", + "pkce.code.challenge.method": "S256", "saml.onetimeuse.condition": "false" }, "authenticationFlowBindingOverrides": {}, @@ -3580,33 +3582,34 @@ "nodeReRegistrationTimeout": 0, "protocolMappers": [ { - "id": "62ea7826-6e5b-4200-8f5b-ff69b672d0a3", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - }, - { - "id": "dc24237b-46fa-418b-a806-24d371e4385a", + "id": "2b8ed4f5-d5b4-41ff-b210-6b087a8e113c", "name": "idp mapper", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", "user.attribute": "idp", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "tenant", - "jsonType.label": "String" + "jsonType.label": "String", + "userinfo.token.claim": "true" } + }, + { + "id": "06e0a213-da8b-475e-ad22-5ee63e81f793", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": {} } ], "defaultClientScopes": [ "web-origins", - "roles", "profile", + "roles", + "basic", "email" ], "optionalClientScopes": [ @@ -3617,7 +3620,7 @@ ] }, { - "id": "38d072af-d85b-4b39-ad55-13ed5ce45791", + "id": "59ee799c-7811-4299-bad4-dfa0111ffdc4", "clientId": "admin-cli", "name": "${client_admin-cli}", "surrogateAuthRequired": false, @@ -3644,8 +3647,9 @@ "nodeReRegistrationTimeout": 0, "defaultClientScopes": [ "web-origins", - "roles", "profile", + "roles", + "basic", "email" ], "optionalClientScopes": [ @@ -3656,7 +3660,7 @@ ] }, { - "id": "03885031-084a-4317-aa51-de9b4acf8fa9", + "id": "3e5c5d5c-39df-42d2-a67e-61eb22893873", "clientId": "broker", "name": "${client_broker}", "surrogateAuthRequired": false, @@ -3683,8 +3687,8 @@ "nodeReRegistrationTimeout": 0, "defaultClientScopes": [ "web-origins", - "roles", "profile", + "roles", "email" ], "optionalClientScopes": [ @@ -3695,7 +3699,7 @@ ] }, { - "id": "52f90723-b4c1-44c3-bef2-fd8ebe59ae6c", + "id": "cfe530fb-da05-417b-bbb1-b66a0910ab25", "clientId": "Cl16-CX-BPDMGate", "name": "", "description": " Portal Gate", @@ -3708,7 +3712,7 @@ "clientAuthenticatorType": "client-secret", "secret": "**********", "redirectUris": [ - "https://partners-gate.example.org/*" + "http://partners-gate.example.org/*" ], "webOrigins": [ "+" @@ -3753,8 +3757,9 @@ "nodeReRegistrationTimeout": -1, "defaultClientScopes": [ "web-origins", - "roles", "profile", + "roles", + "basic", "email" ], "optionalClientScopes": [ @@ -3765,7 +3770,7 @@ ] }, { - "id": "fcc06fed-6259-4a49-8e1b-e7eae940145e", + "id": "ea027af2-9a4f-4fd7-833c-5841d8409be1", "clientId": "Cl1-CX-Registration", "rootUrl": "", "adminUrl": "", @@ -3774,7 +3779,8 @@ "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "redirectUris": [ - "https://portal.example.org/*" + "http://portal.example.org*", + "http://localhost:3000/*" ], "webOrigins": [ "+" @@ -3819,53 +3825,54 @@ "nodeReRegistrationTimeout": -1, "protocolMappers": [ { - "id": "71f9d485-62aa-41c2-a491-bcb47c447121", + "id": "eb6bdb39-2d51-42b2-ac40-c3f0538a8ba2", "name": "idp mapper", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", "user.attribute": "tenant", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "tenant", - "jsonType.label": "String" + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { - "id": "4c180350-8f09-4eed-88f4-4b003a6b5fd1", - "name": "organisation-mapper", + "id": "537af27c-2dae-4675-9bc1-7a022939ee16", + "name": "audience-mapper", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-audience-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", - "user.attribute": "organisation", + "included.client.audience": "Cl1-CX-Registration", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "organisation", - "jsonType.label": "String" + "userinfo.token.claim": "true" } }, { - "id": "2b1dfde9-aff2-406b-b258-edbf574fc4dd", - "name": "audience-mapper", + "id": "1ecd77a7-bdd3-49b8-b1bd-3b647e5bb12e", + "name": "organisation-mapper", "protocol": "openid-connect", - "protocolMapper": "oidc-audience-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "included.client.audience": "Cl1-CX-Registration", + "user.attribute": "organisation", "id.token.claim": "true", "access.token.claim": "true", + "claim.name": "organisation", + "jsonType.label": "String", "userinfo.token.claim": "true" } } ], "defaultClientScopes": [ "web-origins", - "roles", "profile", + "roles", + "basic", "email" ], "optionalClientScopes": [ @@ -3876,7 +3883,7 @@ ] }, { - "id": "bf1cfe3e-3950-4fdc-8a58-13b73cec6740", + "id": "60e1415e-a5c9-44a2-8387-4769fd5b5059", "clientId": "Cl21-CX-DF", "description": "Client for Asset Discovery Service", "surrogateAuthRequired": false, @@ -3925,8 +3932,8 @@ "nodeReRegistrationTimeout": -1, "defaultClientScopes": [ "web-origins", - "roles", "profile", + "roles", "email" ], "optionalClientScopes": [ @@ -3937,7 +3944,7 @@ ] }, { - "id": "48fc6e9e-a736-4b0b-9fea-59ad847b02e0", + "id": "93a98bea-a0fb-47ff-9ae1-2d987327df3f", "clientId": "Cl22-CX-BPND", "description": "Client for Business Partner Discovery Service", "surrogateAuthRequired": false, @@ -3986,8 +3993,8 @@ "nodeReRegistrationTimeout": -1, "defaultClientScopes": [ "web-origins", - "roles", "profile", + "roles", "email" ], "optionalClientScopes": [ @@ -3998,7 +4005,7 @@ ] }, { - "id": "6546aea2-dbb9-4ffb-a034-c8544c4aebe0", + "id": "42b62ecb-2fc8-4bb4-93a9-3db19d7cd544", "clientId": "Cl23-CX-Policy-Hub", "name": "", "description": "Client for Policy-Hub", @@ -4029,8 +4036,8 @@ "protocol": "openid-connect", "attributes": { "oidc.ciba.grant.enabled": "false", - "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.session.required": "true", + "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false" }, "authenticationFlowBindingOverrides": {}, @@ -4038,7 +4045,7 @@ "nodeReRegistrationTimeout": -1, "protocolMappers": [ { - "id": "a438c97e-80c6-40f5-9a27-05d4fb68ff40", + "id": "7f650fab-7a9f-47a0-a15f-5dacc3a12b72", "name": "catenax-policy-hub-audience-mapper", "protocol": "openid-connect", "protocolMapper": "oidc-audience-mapper", @@ -4046,15 +4053,17 @@ "config": { "included.client.audience": "Cl23-CX-Policy-Hub", "id.token.claim": "true", - "access.token.claim": "true" + "access.token.claim": "true", + "userinfo.token.claim": "true" } } ], "defaultClientScopes": [ "web-origins", "acr", - "roles", "profile", + "roles", + "basic", "email" ], "optionalClientScopes": [ @@ -4065,7 +4074,7 @@ ] }, { - "id": "60306526-b937-4244-ac89-cc1283c8ed74", + "id": "8f0db9fa-8c92-48de-93e6-e7f619fb5ac5", "clientId": "Cl24-CX-SSI-CredentialIssuer", "name": "", "description": "Client for SSI Credential Issuer", @@ -4073,39 +4082,152 @@ "adminUrl": "", "baseUrl": "", "surrogateAuthRequired": false, - "enabled": true, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "/*" + ], + "webOrigins": [ + "/*" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": true, + "protocol": "openid-connect", + "attributes": { + "oidc.ciba.grant.enabled": "false", + "backchannel.logout.session.required": "true", + "oauth2.device.authorization.grant.enabled": "false", + "backchannel.logout.revoke.offline.tokens": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "basic", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "d4d7cb1e-1361-4b9d-ba5d-8fdab5783377", + "clientId": "Cl25-CX-BPDM-Orchestrator", + "name": "BPDM Orchestrator", + "description": "Roles resource for the BPDM Orchestrator component", + "rootUrl": "", + "adminUrl": "", + "baseUrl": "", + "surrogateAuthRequired": false, + "enabled": false, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/*" - ], - "webOrigins": [ - "/*" - ], + "secret": "**********", + "redirectUris": [], + "webOrigins": [], "notBefore": 0, "bearerOnly": false, "consentRequired": false, - "standardFlowEnabled": true, + "standardFlowEnabled": false, "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, + "directAccessGrantsEnabled": false, "serviceAccountsEnabled": false, - "publicClient": true, + "publicClient": false, "frontchannelLogout": true, "protocol": "openid-connect", "attributes": { "oidc.ciba.grant.enabled": "false", - "oauth2.device.authorization.grant.enabled": "false", + "client.secret.creation.time": "1722276592", "backchannel.logout.session.required": "true", + "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false" }, "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, + "fullScopeAllowed": false, "nodeReRegistrationTimeout": -1, + "protocolMappers": [ + { + "id": "be8f652d-bd66-4403-98e8-51989ef063b2", + "name": "Client IP Address", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientAddress", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientAddress", + "jsonType.label": "String", + "userinfo.token.claim": "true" + } + }, + { + "id": "160e7b31-2f17-4260-b01d-ea9b89cefec5", + "name": "BPN", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "bpn", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "bpn", + "jsonType.label": "String" + } + }, + { + "id": "cbe200e9-cb5d-4e94-9ff1-9048565ad503", + "name": "Client ID", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "client_id", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "client_id", + "jsonType.label": "String", + "userinfo.token.claim": "true" + } + }, + { + "id": "d3ab39f4-f943-4caa-8e49-cd07c40ede74", + "name": "Client Host", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientHost", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientHost", + "jsonType.label": "String", + "userinfo.token.claim": "true" + } + } + ], "defaultClientScopes": [ "web-origins", - "acr", - "roles", "profile", + "roles", + "basic", "email" ], "optionalClientScopes": [ @@ -4116,11 +4238,11 @@ ] }, { - "id": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "id": "5d09a280-1a45-4519-a086-c0f5d49e4ed8", "clientId": "Cl2-CX-Portal", "name": "", "description": "", - "rootUrl": "https://portal.example.org/home", + "rootUrl": "http://portal.example.org/home", "adminUrl": "", "baseUrl": "", "surrogateAuthRequired": false, @@ -4128,7 +4250,8 @@ "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "redirectUris": [ - "https://portal.example.org/*" + "http://portal.example.org/*", + "http://localhost:3000/*" ], "webOrigins": [ "+" @@ -4173,7 +4296,7 @@ "nodeReRegistrationTimeout": -1, "protocolMappers": [ { - "id": "35d0aa44-dd27-4dbd-8f3a-7047ae461fdd", + "id": "eeae1a28-2af2-44e6-85fb-c863726ed3fe", "name": "catenax-registration audience-mapper", "protocol": "openid-connect", "protocolMapper": "oidc-audience-mapper", @@ -4186,7 +4309,7 @@ } }, { - "id": "e97b646a-3753-4da5-b6f7-3a2860741b20", + "id": "43ef2105-97eb-4069-a59f-fa3aff3a7075", "name": "catenax-portal audience-mapper", "protocol": "openid-connect", "protocolMapper": "oidc-audience-mapper", @@ -4201,8 +4324,9 @@ ], "defaultClientScopes": [ "web-origins", - "roles", "profile", + "roles", + "basic", "catena", "email" ], @@ -4214,16 +4338,16 @@ ] }, { - "id": "36e2745d-f331-4fa5-bbfa-90947d7f1dc4", + "id": "13583bc5-87ca-48c5-bbeb-4080a9c2b33f", "clientId": "Cl3-CX-Semantic", "rootUrl": "", - "adminUrl": "https://portal.example.org/home", + "adminUrl": "http://portal.example.org/home", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "redirectUris": [ - "https://portal.example.org/*" + "http://portal.example.org/*" ], "webOrigins": [ "+" @@ -4268,7 +4392,7 @@ "nodeReRegistrationTimeout": -1, "protocolMappers": [ { - "id": "1de1f28c-00d2-42b6-bc74-e57d8e73f7df", + "id": "0c7a224b-abd1-47c5-afa6-24f0751de824", "name": "catenax-registration audience-mapper", "protocol": "openid-connect", "protocolMapper": "oidc-audience-mapper", @@ -4281,7 +4405,7 @@ } }, { - "id": "faf297ed-30d7-4e15-8051-40c540c14604", + "id": "72bec416-affe-49ac-b02f-3ce25c3616f5", "name": "catenax-portal audience-mapper", "protocol": "openid-connect", "protocolMapper": "oidc-audience-mapper", @@ -4296,8 +4420,9 @@ ], "defaultClientScopes": [ "web-origins", - "roles", "profile", + "roles", + "basic", "catena", "email" ], @@ -4309,7 +4434,7 @@ ] }, { - "id": "e6ab12bb-3b26-472c-ad0b-3d871bd1461b", + "id": "2adfe458-adcc-4ff6-a5bb-c000a74a0e1b", "clientId": "Cl5-CX-Custodian", "name": "Cl5-CX-Custodian", "surrogateAuthRequired": false, @@ -4318,7 +4443,7 @@ "clientAuthenticatorType": "client-secret", "secret": "**********", "redirectUris": [ - "https://managed-identity-wallets.example.org/*" + "http://managed-identity-wallets.example.org/*" ], "webOrigins": [], "notBefore": 0, @@ -4332,26 +4457,26 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "id.token.as.detached.signature": "false", + "saml.assertion.signature": "false", "saml.force.post.binding": "false", "saml.multivalued.roles": "false", + "saml.encrypt": "false", "token.endpoint.auth.signing.alg": "RS256", "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", + "saml.server.signature": "false", "saml.server.signature.keyinfo.ext": "false", "use.refresh.tokens": "true", + "exclude.session.state.from.auth.response": "false", "oidc.ciba.grant.enabled": "false", + "saml.artifact.binding": "false", "backchannel.logout.session.required": "true", "client_credentials.use_refresh_token": "false", + "saml_force_name_id_format": "false", "require.pushed.authorization.requests": "false", "saml.client.signature": "false", - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.encrypt": "false", - "saml.server.signature": "false", - "exclude.session.state.from.auth.response": "false", - "saml.artifact.binding": "false", - "saml_force_name_id_format": "false", "tls.client.certificate.bound.access.tokens": "false", "saml.authnstatement": "false", "display.on.consent.screen": "false", @@ -4362,58 +4487,59 @@ "nodeReRegistrationTimeout": -1, "protocolMappers": [ { - "id": "6f273a17-cf91-43dc-9dac-4ec36250d133", + "id": "6763c9ed-8bef-4b84-92f2-ff58ac237a76", "name": "Client IP Address", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "clientAddress", - "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "clientAddress", - "jsonType.label": "String" + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { - "id": "7a4001a7-aeaf-419c-ae46-6a190bc5e13f", - "name": "Client Host", + "id": "3810f901-db45-4490-b0de-a4bb251fddd7", + "name": "Client ID", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", + "user.session.note": "client_id", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" + "claim.name": "client_id", + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { - "id": "9fd2abb2-445e-4622-a068-e3d48eb97634", - "name": "Client ID", + "id": "c502d75b-a02d-4a3c-9aaf-d8ca02eb41ca", + "name": "Client Host", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "client_id", - "userinfo.token.claim": "true", + "user.session.note": "clientHost", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "client_id", - "jsonType.label": "String" + "claim.name": "clientHost", + "jsonType.label": "String", + "userinfo.token.claim": "true" } } ], "defaultClientScopes": [ - "roles" + "roles", + "basic" ], "optionalClientScopes": [] }, { - "id": "04cd6d38-674f-4588-980a-8f120bddcc44", + "id": "2ef350bf-f017-4696-9f97-e01db49341d2", "clientId": "Cl7-CX-BPDM", "name": "", "description": " BPDM Pool", @@ -4426,7 +4552,7 @@ "clientAuthenticatorType": "client-secret", "secret": "**********", "redirectUris": [ - "https://partners-pool.example.org/*" + "http://partners-pool.example.org/*" ], "webOrigins": [ "+" @@ -4471,119 +4597,9 @@ "nodeReRegistrationTimeout": -1, "defaultClientScopes": [ "web-origins", - "roles", "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "983159fa-37f3-4519-9c98-8fe23d8ab8bf", - "clientId": "Cl25-CX-BPDM-Orchestrator", - "name": "BPDM Orchestrator", - "description": "Roles resource for the BPDM Orchestrator component", - "rootUrl": "", - "adminUrl": "", - "baseUrl": "", - "surrogateAuthRequired": false, - "enabled": false, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": true, - "protocol": "openid-connect", - "attributes": { - "oidc.ciba.grant.enabled": "false", - "oauth2.device.authorization.grant.enabled": "false", - "client.secret.creation.time": "1722276592", - "backchannel.logout.session.required": "true", - "backchannel.logout.revoke.offline.tokens": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "de42377c-8b7a-466c-91d6-c95d8a8533b8", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "3f29cf79-e84c-4c1a-bf71-29238f655bfc", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "client_id", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "client_id", - "jsonType.label": "String" - } - }, - { - "id": "831b2dfd-0c87-4328-b5ed-49a4efced60e", - "name": "BPN", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "bpn", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "bpn", - "jsonType.label": "String" - } - }, - { - "id": "200ce257-7bee-4662-988a-750bf3e03790", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", "roles", - "profile", + "basic", "email" ], "optionalClientScopes": [ @@ -4594,112 +4610,35 @@ ] }, { - "id": "4ebeb21b-055e-403f-8bfa-738bb935395d", - "clientId": "sa-cl25-cx-1", - "name": "BPDM Dummy Cleaning Task Processor", - "description": "Technical User for the BPDM cleaning service dummy component to process golden record tasks from the Orchestrator", - "rootUrl": "", - "adminUrl": "", - "baseUrl": "", + "id": "834cf665-f6bc-416c-986b-6aa3c9906290", + "clientId": "realm-management", + "name": "${client_realm-management}", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "/*" - ], - "webOrigins": [ - "/*" - ], + "redirectUris": [], + "webOrigins": [], "notBefore": 0, - "bearerOnly": false, + "bearerOnly": true, "consentRequired": false, - "standardFlowEnabled": false, + "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, + "serviceAccountsEnabled": false, "publicClient": false, - "frontchannelLogout": true, + "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { - "oidc.ciba.grant.enabled": "false", - "oauth2.device.authorization.grant.enabled": "false", - "client.secret.creation.time": "1722276592", - "backchannel.logout.session.required": "true", - "backchannel.logout.revoke.offline.tokens": "false" + "post.logout.redirect.uris": "+" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "5386537c-2b62-4675-94aa-38f7f056a50e", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "introspection.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "eb517cbb-1f6c-4862-a230-fecf893df8bf", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "client_id", - "introspection.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "client_id", - "jsonType.label": "String" - } - }, - { - "id": "c9d1f428-0ad8-4665-9d40-82cd4eb63109", - "name": "BPN", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "bpn", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "bpn", - "jsonType.label": "String" - } - }, - { - "id": "64f17173-6918-444d-9aa7-e97ab6f5d7e0", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "introspection.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - } - ], + "nodeReRegistrationTimeout": 0, "defaultClientScopes": [ "web-origins", - "acr", - "roles", "profile", + "roles", "email" ], "optionalClientScopes": [ @@ -4710,24 +4649,18 @@ ] }, { - "id": "0dffae1b-5a95-4253-857e-b84c6904d012", - "clientId": "sa-cl25-cx-2", - "name": "BPDM Pool Task Processor", - "description": "Technical User for the BPDM Pool component to process golden record tasks from the Orchestrator", - "rootUrl": "", - "adminUrl": "", - "baseUrl": "", + "id": "bcf9c6d0-849e-44b9-91ae-f660d3da2d60", + "clientId": "sa-cl1-reg-2", + "description": "Technical User for Portal-Backend to call Keycloak (portal helm chart: backend.keycloak.central.clientId)", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "secret": "**********", "redirectUris": [ - "/*" - ], - "webOrigins": [ - "/*" + "*" ], + "webOrigins": [], "notBefore": 0, "bearerOnly": false, "consentRequired": false, @@ -4736,51 +4669,69 @@ "directAccessGrantsEnabled": false, "serviceAccountsEnabled": true, "publicClient": false, - "frontchannelLogout": true, + "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { - "oidc.ciba.grant.enabled": "false", + "id.token.as.detached.signature": "false", + "saml.assertion.signature": "false", + "saml.force.post.binding": "false", + "saml.multivalued.roles": "false", + "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", - "client.secret.creation.time": "1722276592", + "backchannel.logout.revoke.offline.tokens": "false", + "saml.server.signature": "false", + "saml.server.signature.keyinfo.ext": "false", + "use.refresh.tokens": "true", + "exclude.session.state.from.auth.response": "false", + "oidc.ciba.grant.enabled": "false", + "saml.artifact.binding": "false", "backchannel.logout.session.required": "true", - "backchannel.logout.revoke.offline.tokens": "false" + "client_credentials.use_refresh_token": "false", + "saml_force_name_id_format": "false", + "saml.client.signature": "false", + "require.pushed.authorization.requests": "false", + "tls.client.certificate.bound.access.tokens": "false", + "saml.authnstatement": "false", + "display.on.consent.screen": "false", + "saml.onetimeuse.condition": "false" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { - "id": "33525cbd-2aae-49b9-8fda-ae2d0752ed21", - "name": "Client IP Address", + "id": "bd4c3977-c3f1-49c1-8dba-0ecb32cd67d9", + "name": "Client ID", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "clientAddress", - "introspection.token.claim": "true", + "user.session.note": "client_id", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" + "claim.name": "client_id", + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { - "id": "061cf481-3df4-4b07-921a-fc574ca2ea75", - "name": "Client ID", + "id": "27d3c964-a95e-4794-95bc-d727dbedf698", + "name": "Client IP Address", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "client_id", - "introspection.token.claim": "true", + "user.session.note": "clientAddress", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "client_id", - "jsonType.label": "String" + "claim.name": "clientAddress", + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { - "id": "02952ea5-5834-42d4-a16c-519448474085", + "id": "a52117d9-de75-4d40-978a-0a2f8422fade", "name": "BPN", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", @@ -4796,26 +4747,26 @@ } }, { - "id": "97681229-fdb3-46fa-96a6-f0a18455deeb", + "id": "8dddbbe5-3902-4269-ae43-2f9154b89ede", "name": "Client Host", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "clientHost", - "introspection.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "clientHost", - "jsonType.label": "String" + "jsonType.label": "String", + "userinfo.token.claim": "true" } } ], "defaultClientScopes": [ "web-origins", - "acr", - "roles", "profile", + "roles", + "basic", "email" ], "optionalClientScopes": [ @@ -4826,24 +4777,16 @@ ] }, { - "id": "dfb5e903-2509-4d52-bef5-2c6a85e34d5c", - "clientId": "sa-cl25-cx-3", - "name": "BPDM Portal Gate Task Creator", - "description": "Technical User for the BPDM Portal Gate to create and monitor golden record tasks inside the Orchestrator", - "rootUrl": "", - "adminUrl": "", - "baseUrl": "", + "id": "18a25559-2609-4a05-8194-5cafaf197452", + "clientId": "sa-cl2-01", + "description": "Technical User Clearinghouse update application", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "secret": "**********", - "redirectUris": [ - "/*" - ], - "webOrigins": [ - "/*" - ], + "redirectUris": [], + "webOrigins": [], "notBefore": 0, "bearerOnly": false, "consentRequired": false, @@ -4852,86 +4795,104 @@ "directAccessGrantsEnabled": false, "serviceAccountsEnabled": true, "publicClient": false, - "frontchannelLogout": true, + "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { - "oidc.ciba.grant.enabled": "false", + "id.token.as.detached.signature": "false", + "saml.assertion.signature": "false", + "saml.force.post.binding": "false", + "saml.multivalued.roles": "false", + "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", - "client.secret.creation.time": "1722276592", + "backchannel.logout.revoke.offline.tokens": "false", + "saml.server.signature": "false", + "saml.server.signature.keyinfo.ext": "false", + "use.refresh.tokens": "true", + "exclude.session.state.from.auth.response": "false", + "oidc.ciba.grant.enabled": "false", + "saml.artifact.binding": "false", "backchannel.logout.session.required": "true", - "backchannel.logout.revoke.offline.tokens": "false" + "client_credentials.use_refresh_token": "false", + "saml_force_name_id_format": "false", + "require.pushed.authorization.requests": "false", + "saml.client.signature": "false", + "tls.client.certificate.bound.access.tokens": "false", + "saml.authnstatement": "false", + "display.on.consent.screen": "false", + "saml.onetimeuse.condition": "false" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { - "id": "cef30c81-427c-496b-a715-289f237a47a8", - "name": "Client IP Address", + "id": "efad316a-7de1-417b-8b70-4a6215651370", + "name": "Client Host", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "clientAddress", - "introspection.token.claim": "true", + "user.session.note": "clientHost", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" + "claim.name": "clientHost", + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { - "id": "7b517bee-6230-4ab6-ad4b-21e1935ab91f", - "name": "Client ID", + "id": "c58b2219-b586-415d-8faa-3035ceb9b79c", + "name": "BPN", "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "user.session.note": "client_id", "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "bpn", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "client_id", + "claim.name": "bpn", "jsonType.label": "String" } }, { - "id": "84d26429-8401-4271-a9bf-61c519b2f2d1", - "name": "BPN", + "id": "969f09ef-198d-466f-8426-e967f6c90474", + "name": "Client ID", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "bpn", + "user.session.note": "client_id", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "bpn", - "jsonType.label": "String" + "claim.name": "client_id", + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { - "id": "43488006-09e9-4e43-9223-8a492b955c61", - "name": "Client Host", + "id": "7a15e6c4-f4aa-422a-adaa-e382ddccd372", + "name": "Client IP Address", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "clientHost", - "introspection.token.claim": "true", + "user.session.note": "clientAddress", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" + "claim.name": "clientAddress", + "jsonType.label": "String", + "userinfo.token.claim": "true" } } ], "defaultClientScopes": [ "web-origins", - "acr", - "roles", "profile", + "roles", + "basic", "email" ], "optionalClientScopes": [ @@ -4942,24 +4903,16 @@ ] }, { - "id": "fd3c0f0d-40f6-4522-9a87-17ea147e7cfe", - "clientId": "sa-cl7-cx-1", - "name": "BPDM Portal Gate Pool Consumer", - "description": "Technical User for the BPDM Portal Gate to consume golden record data from the Pool", - "rootUrl": "", - "adminUrl": "", - "baseUrl": "", + "id": "2081fd1e-c3c1-4be8-94c1-e4731fdab7f1", + "clientId": "sa-cl2-02", + "description": "Technical User SelfDescription (SD) update application", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "secret": "**********", - "redirectUris": [ - "/*" - ], - "webOrigins": [ - "/*" - ], + "redirectUris": [], + "webOrigins": [], "notBefore": 0, "bearerOnly": false, "consentRequired": false, @@ -4968,51 +4921,84 @@ "directAccessGrantsEnabled": false, "serviceAccountsEnabled": true, "publicClient": false, - "frontchannelLogout": true, + "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { - "oidc.ciba.grant.enabled": "false", + "id.token.as.detached.signature": "false", + "saml.assertion.signature": "false", + "saml.force.post.binding": "false", + "saml.multivalued.roles": "false", + "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", - "client.secret.creation.time": "1722276592", + "backchannel.logout.revoke.offline.tokens": "false", + "saml.server.signature": "false", + "saml.server.signature.keyinfo.ext": "false", + "use.refresh.tokens": "true", + "exclude.session.state.from.auth.response": "false", + "oidc.ciba.grant.enabled": "false", + "saml.artifact.binding": "false", "backchannel.logout.session.required": "true", - "backchannel.logout.revoke.offline.tokens": "false" + "client_credentials.use_refresh_token": "false", + "saml_force_name_id_format": "false", + "saml.client.signature": "false", + "require.pushed.authorization.requests": "false", + "tls.client.certificate.bound.access.tokens": "false", + "saml.authnstatement": "false", + "display.on.consent.screen": "false", + "saml.onetimeuse.condition": "false" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { - "id": "a38f5a71-c7e9-47e8-966d-fb6ec3bcf382", + "id": "b01783bf-19b6-4391-b35b-bb0e0515cab2", + "name": "Client Host", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientHost", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientHost", + "jsonType.label": "String", + "userinfo.token.claim": "true" + } + }, + { + "id": "74bc9af7-fc27-4061-800b-d50837669083", "name": "Client IP Address", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "clientAddress", - "introspection.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "clientAddress", - "jsonType.label": "String" + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { - "id": "d28bf27f-b56c-4ccc-b912-f4c58f8f5d0c", + "id": "101c1ec4-b266-4171-832c-91a7db154017", "name": "Client ID", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "client_id", - "introspection.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "client_id", - "jsonType.label": "String" + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { - "id": "9d722fd1-f545-434e-b7c9-e519b8e3519c", + "id": "fe275404-a57d-49d3-a55e-2701c3735f86", "name": "BPN", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", @@ -5026,67 +5012,13 @@ "claim.name": "bpn", "jsonType.label": "String" } - }, - { - "id": "cfd2e1ca-f87e-40b4-9e45-40656fd414a0", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "introspection.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } } ], "defaultClientScopes": [ "web-origins", - "acr", - "roles", "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "213ea3ce-b036-405f-8abd-3ee08ff72857", - "clientId": "realm-management", - "name": "${client_realm-management}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "post.logout.redirect.uris": "+" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", "roles", - "profile", + "basic", "email" ], "optionalClientScopes": [ @@ -5097,17 +5029,15 @@ ] }, { - "id": "cdf11dff-530a-4fd4-97b9-84e4d60ac21e", - "clientId": "sa-cl1-reg-2", - "description": "Technical User for Portal-Backend to call Keycloak (portal helm chart: backend.keycloak.central.clientId)", + "id": "34e5154a-e6ae-4d06-9724-99bfed09164f", + "clientId": "sa-cl2-03", + "description": "Technical User AutoSetup trigger - Portal to Vendor Autosetup (portal helm chart: backend.processesworker.offerprovider.clientId)", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "secret": "**********", - "redirectUris": [ - "*" - ], + "redirectUris": [], "webOrigins": [], "notBefore": 0, "bearerOnly": false, @@ -5137,8 +5067,8 @@ "backchannel.logout.session.required": "true", "client_credentials.use_refresh_token": "false", "saml_force_name_id_format": "false", - "saml.client.signature": "false", "require.pushed.authorization.requests": "false", + "saml.client.signature": "false", "tls.client.certificate.bound.access.tokens": "false", "saml.authnstatement": "false", "display.on.consent.screen": "false", @@ -5149,71 +5079,72 @@ "nodeReRegistrationTimeout": -1, "protocolMappers": [ { - "id": "479039e1-718d-48d1-a2e1-a818c5cb8832", - "name": "BPN", + "id": "064775e5-aedb-493e-a1b7-7643642830e8", + "name": "Client IP Address", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "bpn", + "user.session.note": "clientAddress", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "bpn", - "jsonType.label": "String" + "claim.name": "clientAddress", + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { - "id": "7ef011ab-1e39-4d57-9f23-3b389394b57f", - "name": "Client Host", + "id": "2133b3a1-e415-414c-9738-26bdfc7f77e5", + "name": "BPN", "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "user.session.note": "clientHost", + "introspection.token.claim": "true", "userinfo.token.claim": "true", + "user.attribute": "bpn", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientHost", + "claim.name": "bpn", "jsonType.label": "String" } }, { - "id": "dcd989ce-2636-4d01-ba95-0fa20e02383f", + "id": "484b3362-053e-47c2-9a8b-5f34e6d0419b", "name": "Client ID", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "client_id", - "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "client_id", - "jsonType.label": "String" + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { - "id": "9d83df9b-abf7-4504-aac4-e7966f8a877c", - "name": "Client IP Address", + "id": "78a50784-1e9d-4bd8-90d6-244c546c2935", + "name": "Client Host", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", + "user.session.note": "clientHost", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" + "claim.name": "clientHost", + "jsonType.label": "String", + "userinfo.token.claim": "true" } } ], "defaultClientScopes": [ "web-origins", - "roles", "profile", + "roles", + "basic", "email" ], "optionalClientScopes": [ @@ -5224,16 +5155,24 @@ ] }, { - "id": "6bf6f4e5-562c-4382-945f-e5fef59423e2", - "clientId": "sa-cl2-01", - "description": "Technical User Clearinghouse update application", + "id": "00b5aa80-6c7f-48e6-85c4-73c227460df4", + "clientId": "sa-cl2-04", + "name": "", + "description": "Technical User SSI Credential Issuer - Portal to SSI Credential Issuer (portal helm chart: backend.processesworker.issuerComponent.clientId)", + "rootUrl": "", + "adminUrl": "", + "baseUrl": "", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "secret": "**********", - "redirectUris": [], - "webOrigins": [], + "redirectUris": [ + "/*" + ], + "webOrigins": [ + "/*" + ], "notBefore": 0, "bearerOnly": false, "consentRequired": false, @@ -5242,103 +5181,91 @@ "directAccessGrantsEnabled": false, "serviceAccountsEnabled": true, "publicClient": false, - "frontchannelLogout": false, + "frontchannelLogout": true, "protocol": "openid-connect", "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "post.logout.redirect.uris": "+", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", + "client.secret.creation.time": "1712762229", "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", + "oauth2.device.authorization.grant.enabled": "false", "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" + "backchannel.logout.revoke.offline.tokens": "false" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { - "id": "1acda193-a63f-4ec1-aa17-3e15d2b7c3ae", - "name": "BPN", + "id": "e2dbed3d-523d-4321-b99a-0bcaf3485109", + "name": "Client ID", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { + "user.session.note": "client_id", "introspection.token.claim": "true", "userinfo.token.claim": "true", - "user.attribute": "bpn", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "bpn", + "claim.name": "client_id", "jsonType.label": "String" } }, { - "id": "9a62e6ee-4e3c-4cb9-81b7-53e8dfbdd210", - "name": "Client IP Address", + "id": "4035a78e-f4ef-45a2-b036-7032d56be99a", + "name": "Client Host", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "clientAddress", + "user.session.note": "clientHost", + "introspection.token.claim": "true", "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientAddress", + "claim.name": "clientHost", "jsonType.label": "String" } }, { - "id": "b0d195d1-f5be-4249-ac88-133fcf138f4d", - "name": "Client ID", + "id": "ba742fa9-2b80-496c-9547-fbaa60fa227d", + "name": "Client IP Address", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "client_id", + "user.session.note": "clientAddress", + "introspection.token.claim": "true", "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "client_id", + "claim.name": "clientAddress", "jsonType.label": "String" } }, { - "id": "6920d343-be3f-4e3b-9330-841521ff4a2c", - "name": "Client Host", + "id": "6850fc6e-443c-4368-99a9-fda01f11ffac", + "name": "BPN", "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "user.session.note": "clientHost", + "introspection.token.claim": "true", "userinfo.token.claim": "true", + "user.attribute": "bpn", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientHost", + "claim.name": "bpn", "jsonType.label": "String" } } ], "defaultClientScopes": [ "web-origins", - "roles", + "acr", "profile", + "roles", + "basic", "email" ], "optionalClientScopes": [ @@ -5349,16 +5276,24 @@ ] }, { - "id": "2d19b59b-4970-4cc0-a561-a9dac9d49045", - "clientId": "sa-cl2-02", - "description": "Technical User SelfDescription (SD) update application", + "id": "4603597b-54c7-4a66-9e30-bc916fb62b2f", + "clientId": "sa-cl2-05", + "name": "", + "description": "Technical User Dim Layer - Dim Layer to Portal (dim helm chart: processesworker.callback.clientId)", + "rootUrl": "", + "adminUrl": "", + "baseUrl": "", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "secret": "**********", - "redirectUris": [], - "webOrigins": [], + "redirectUris": [ + "/*" + ], + "webOrigins": [ + "/*" + ], "notBefore": 0, "bearerOnly": false, "consentRequired": false, @@ -5367,45 +5302,28 @@ "directAccessGrantsEnabled": false, "serviceAccountsEnabled": true, "publicClient": false, - "frontchannelLogout": false, + "frontchannelLogout": true, "protocol": "openid-connect", "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "post.logout.redirect.uris": "+", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "require.pushed.authorization.requests": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" + "client.secret.creation.time": "1712764151", + "backchannel.logout.session.required": "true", + "oauth2.device.authorization.grant.enabled": "false", + "backchannel.logout.revoke.offline.tokens": "false" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { - "id": "89fa847a-3f52-4ea3-a09b-5f3552cabccd", + "id": "741fdb2f-05ac-41a9-805c-55a8305a8597", "name": "Client IP Address", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "clientAddress", + "introspection.token.claim": "true", "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", @@ -5414,56 +5332,60 @@ } }, { - "id": "6c3d92dd-e8db-4ecd-a819-bd2d64f73f6c", - "name": "Client ID", + "id": "c159046e-614a-4478-aa32-3d9453c0bbb9", + "name": "BPN", "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "user.session.note": "client_id", + "introspection.token.claim": "true", "userinfo.token.claim": "true", + "user.attribute": "bpn", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "client_id", + "claim.name": "bpn", "jsonType.label": "String" } }, { - "id": "c57a542f-40fa-401a-9329-ec501da2f8e1", - "name": "BPN", + "id": "184d93d6-dbfc-43a0-9d16-461702a50d32", + "name": "Client Host", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { + "user.session.note": "clientHost", "introspection.token.claim": "true", "userinfo.token.claim": "true", - "user.attribute": "bpn", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "bpn", + "claim.name": "clientHost", "jsonType.label": "String" } }, { - "id": "25202b04-d387-45ae-a285-a40d4eaa5b8c", - "name": "Client Host", + "id": "88f001c6-3a05-4b67-bdc2-bf70c3421cd0", + "name": "Client ID", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "clientHost", + "user.session.note": "client_id", + "introspection.token.claim": "true", "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientHost", + "claim.name": "client_id", "jsonType.label": "String" } } ], "defaultClientScopes": [ "web-origins", - "roles", + "acr", "profile", + "roles", + "basic", "email" ], "optionalClientScopes": [ @@ -5474,9 +5396,9 @@ ] }, { - "id": "cad1382b-0dd4-4ac7-8183-1c08386c84e8", - "clientId": "sa-cl2-03", - "description": "Technical User AutoSetup trigger - Portal to Vendor Autosetup (portal helm chart: backend.processesworker.offerprovider.clientId)", + "id": "4824b073-6765-47ef-bda5-276566a88f60", + "clientId": "sa-cl21-01", + "description": "Technical User Discovery Finder", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, @@ -5495,10 +5417,10 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { - "id.token.as.detached.signature": "false", "saml.assertion.signature": "false", - "saml.force.post.binding": "false", + "id.token.as.detached.signature": "false", "saml.multivalued.roles": "false", + "saml.force.post.binding": "false", "saml.encrypt": "false", "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", @@ -5512,9 +5434,9 @@ "backchannel.logout.session.required": "true", "client_credentials.use_refresh_token": "false", "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", "saml.client.signature": "false", "tls.client.certificate.bound.access.tokens": "false", + "require.pushed.authorization.requests": "false", "saml.authnstatement": "false", "display.on.consent.screen": "false", "saml.onetimeuse.condition": "false" @@ -5524,71 +5446,71 @@ "nodeReRegistrationTimeout": -1, "protocolMappers": [ { - "id": "f57ed439-7c35-4a6c-a097-aa750249c442", - "name": "Client IP Address", + "id": "b97f428a-3d8b-46c3-88bd-3ce9bea5e73e", + "name": "Client ID", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", + "user.session.note": "client_id", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" + "claim.name": "client_id", + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { - "id": "7866847b-250a-45ac-979f-741f04330aa4", + "id": "dc2874cd-12d7-4308-b805-72084f0dd7a2", "name": "BPN", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", "user.attribute": "bpn", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "bpn", - "jsonType.label": "String" + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { - "id": "ea42e697-8fa8-4359-b342-715683a67a15", - "name": "Client ID", + "id": "fdfded5d-c7f9-4efe-918a-956b6c554b4b", + "name": "Client Host", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "client_id", - "userinfo.token.claim": "true", + "user.session.note": "clientHost", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "client_id", - "jsonType.label": "String" + "claim.name": "clientHost", + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { - "id": "743f3d13-5eb1-4fd7-a092-019c052f5db0", - "name": "Client Host", + "id": "19890ff6-52a8-47be-b51c-4779e0d46c5f", + "name": "Client IP Address", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", + "user.session.note": "clientAddress", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" + "claim.name": "clientAddress", + "jsonType.label": "String", + "userinfo.token.claim": "true" } } ], "defaultClientScopes": [ "web-origins", - "roles", "profile", + "roles", + "basic", "email" ], "optionalClientScopes": [ @@ -5599,24 +5521,16 @@ ] }, { - "id": "aa736d92-8ab7-428a-b9f8-d7ef1c02a36a", - "clientId": "sa-cl2-04", - "name": "", - "description": "Technical User SSI Credential Issuer - Portal to SSI Credential Issuer (portal helm chart: backend.processesworker.issuerComponent.clientId)", - "rootUrl": "", - "adminUrl": "", - "baseUrl": "", + "id": "4427819f-a247-45ef-976b-dda6a054f566", + "clientId": "sa-cl22-01", + "description": "Technical User BPN Discovery", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "secret": "**********", - "redirectUris": [ - "/*" - ], - "webOrigins": [ - "/*" - ], + "redirectUris": [], + "webOrigins": [], "notBefore": 0, "bearerOnly": false, "consentRequired": false, @@ -5625,87 +5539,103 @@ "directAccessGrantsEnabled": false, "serviceAccountsEnabled": true, "publicClient": false, - "frontchannelLogout": true, + "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "saml.assertion.signature": "false", + "id.token.as.detached.signature": "false", + "saml.multivalued.roles": "false", + "saml.force.post.binding": "false", + "saml.encrypt": "false", + "post.logout.redirect.uris": "+", + "oauth2.device.authorization.grant.enabled": "false", + "backchannel.logout.revoke.offline.tokens": "false", + "saml.server.signature": "false", + "saml.server.signature.keyinfo.ext": "false", + "use.refresh.tokens": "true", + "exclude.session.state.from.auth.response": "false", "oidc.ciba.grant.enabled": "false", - "client.secret.creation.time": "1712762229", + "saml.artifact.binding": "false", "backchannel.logout.session.required": "true", - "oauth2.device.authorization.grant.enabled": "false", + "client_credentials.use_refresh_token": "false", + "saml_force_name_id_format": "false", + "saml.client.signature": "false", + "tls.client.certificate.bound.access.tokens": "false", + "require.pushed.authorization.requests": "false", + "saml.authnstatement": "false", "display.on.consent.screen": "false", - "backchannel.logout.revoke.offline.tokens": "false" + "saml.onetimeuse.condition": "false" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { - "id": "d33b18c2-4848-4883-a2bc-1a24a689b658", + "id": "b5722720-383d-4083-b2ac-1639c5c7234c", "name": "Client IP Address", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "clientAddress", - "introspection.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "clientAddress", - "jsonType.label": "String" + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { - "id": "53adca2a-f30d-46d8-b39e-11b1102641f2", + "id": "416523df-0420-4f3b-ad7a-d6e03aac3d9b", "name": "Client ID", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "client_id", - "introspection.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "client_id", - "jsonType.label": "String" + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { - "id": "fbaf8306-4b29-45bc-9175-dfc496d9ccd5", - "name": "Client Host", + "id": "9a8ec21f-4cd6-46ac-8e35-45acfdc79bc4", + "name": "BPN", "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "user.session.note": "clientHost", - "introspection.token.claim": "true", + "user.attribute": "bpn", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" + "claim.name": "bpn", + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { - "id": "7d509f6d-4526-4aeb-b3b7-1885f0d1e66d", - "name": "BPN", + "id": "b8095c37-176c-497b-a7c8-ef6e758b9c03", + "name": "Client Host", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "bpn", + "user.session.note": "clientHost", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "bpn", - "jsonType.label": "String" + "claim.name": "clientHost", + "jsonType.label": "String", + "userinfo.token.claim": "true" } } ], "defaultClientScopes": [ "web-origins", - "acr", - "roles", "profile", + "roles", + "basic", "email" ], "optionalClientScopes": [ @@ -5716,10 +5646,10 @@ ] }, { - "id": "04b94188-8879-4358-b9c0-1337d761dfb1", - "clientId": "sa-cl2-05", + "id": "7fd354b7-5564-4452-9b77-0d1ae7b89167", + "clientId": "sa-cl24-01", "name": "", - "description": "Technical User Dim Layer - Dim Layer to Portal (dim helm chart: processesworker.callback.clientId)", + "description": "Technical User for SSI Credential Issuer (credential issuer helm chart: processesworker.portal.clientId)", "rootUrl": "", "adminUrl": "", "baseUrl": "", @@ -5746,9 +5676,10 @@ "protocol": "openid-connect", "attributes": { "oidc.ciba.grant.enabled": "false", - "oauth2.device.authorization.grant.enabled": "false", - "client.secret.creation.time": "1712764151", + "client.secret.creation.time": "1712762671", "backchannel.logout.session.required": "true", + "oauth2.device.authorization.grant.enabled": "false", + "display.on.consent.screen": "false", "backchannel.logout.revoke.offline.tokens": "false" }, "authenticationFlowBindingOverrides": {}, @@ -5756,63 +5687,66 @@ "nodeReRegistrationTimeout": -1, "protocolMappers": [ { - "id": "519ad98b-ae9d-461e-8fb1-982d77515c2c", - "name": "Client Host", + "id": "9fffc3ac-2632-47d2-9bcb-6269e86d771d", + "name": "Client ID", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "clientHost", + "user.session.note": "client_id", "introspection.token.claim": "true", + "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientHost", + "claim.name": "client_id", "jsonType.label": "String" } }, { - "id": "5e256bb8-1ffa-42b8-b2fb-41a1e015f732", - "name": "Client IP Address", + "id": "a060c924-3e16-4358-8b51-e91237f2e926", + "name": "BPN", "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "user.session.note": "clientAddress", "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "bpn", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientAddress", + "claim.name": "bpn", "jsonType.label": "String" } }, { - "id": "c03ffe07-024e-45c6-96d0-568a40939f20", - "name": "BPN", + "id": "478ef1fc-d3a8-40cf-9a2b-3935f770a525", + "name": "Client IP Address", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { + "user.session.note": "clientAddress", "introspection.token.claim": "true", "userinfo.token.claim": "true", - "user.attribute": "bpn", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "bpn", + "claim.name": "clientAddress", "jsonType.label": "String" } }, { - "id": "1b16d7c2-8ae2-4899-9c9c-f77e89e1fd18", - "name": "Client ID", + "id": "344a8049-d6e7-4b00-9ca1-2643f5187ffa", + "name": "Client Host", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "client_id", + "user.session.note": "clientHost", "introspection.token.claim": "true", + "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "client_id", + "claim.name": "clientHost", "jsonType.label": "String" } } @@ -5820,8 +5754,9 @@ "defaultClientScopes": [ "web-origins", "acr", - "roles", "profile", + "roles", + "basic", "email" ], "optionalClientScopes": [ @@ -5832,16 +5767,24 @@ ] }, { - "id": "b09392dd-8b0f-4a32-bb0b-d00a4091b890", - "clientId": "sa-cl21-01", - "description": "Technical User Discovery Finder", + "id": "1ed83a83-be64-4f0c-a512-4a57bd69f712", + "clientId": "sa-cl25-cx-1", + "name": "BPDM Dummy Cleaning Task Processor", + "description": "Technical User for the BPDM cleaning service dummy component to process golden record tasks from the Orchestrator", + "rootUrl": "", + "adminUrl": "", + "baseUrl": "", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "secret": "**********", - "redirectUris": [], - "webOrigins": [], + "redirectUris": [ + "/*" + ], + "webOrigins": [ + "/*" + ], "notBefore": 0, "bearerOnly": false, "consentRequired": false, @@ -5850,90 +5793,76 @@ "directAccessGrantsEnabled": false, "serviceAccountsEnabled": true, "publicClient": false, - "frontchannelLogout": false, + "frontchannelLogout": true, "protocol": "openid-connect", "attributes": { - "saml.assertion.signature": "false", - "id.token.as.detached.signature": "false", - "saml.multivalued.roles": "false", - "saml.force.post.binding": "false", - "saml.encrypt": "false", - "post.logout.redirect.uris": "+", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", + "client.secret.creation.time": "1722276592", "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "require.pushed.authorization.requests": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" + "oauth2.device.authorization.grant.enabled": "false", + "backchannel.logout.revoke.offline.tokens": "false" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { - "id": "f61880f7-a1d1-47cf-a3eb-906fa83aabda", - "name": "Client ID", + "id": "4f75450f-1f64-4822-98fa-5ca47a7dc880", + "name": "Client IP Address", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "client_id", + "user.session.note": "clientAddress", + "introspection.token.claim": "true", "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "client_id", + "claim.name": "clientAddress", "jsonType.label": "String" } }, { - "id": "3c2deac0-fd68-4c39-933c-27123ff073f9", - "name": "Client IP Address", + "id": "22d9b379-09ab-4f00-9c1a-5c7c233603f8", + "name": "BPN", "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "user.session.note": "clientAddress", + "introspection.token.claim": "true", "userinfo.token.claim": "true", + "user.attribute": "bpn", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientAddress", + "claim.name": "bpn", "jsonType.label": "String" } }, { - "id": "8f318235-669e-4236-b8ea-f596b802f672", - "name": "BPN", + "id": "2009be57-8161-40dc-ad79-f91e0bb15ece", + "name": "Client ID", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { + "user.session.note": "client_id", + "introspection.token.claim": "true", "userinfo.token.claim": "true", - "user.attribute": "bpn", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "bpn", + "claim.name": "client_id", "jsonType.label": "String" } }, { - "id": "b74416e5-2376-4f8e-a49b-8a03a053454a", + "id": "9db370a5-cd57-44a4-ac99-438ce8845ea4", "name": "Client Host", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "clientHost", + "introspection.token.claim": "true", "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", @@ -5944,8 +5873,10 @@ ], "defaultClientScopes": [ "web-origins", - "roles", + "acr", "profile", + "roles", + "basic", "email" ], "optionalClientScopes": [ @@ -5956,16 +5887,24 @@ ] }, { - "id": "f1806543-d0ca-41cb-b029-883cdfb11a8e", - "clientId": "sa-cl22-01", - "description": "Technical User BPN Discovery", + "id": "7d0280de-db7f-4f63-ac6f-984f71b22ec2", + "clientId": "sa-cl25-cx-2", + "name": "BPDM Pool Task Processor", + "description": "Technical User for the BPDM Pool component to process golden record tasks from the Orchestrator", + "rootUrl": "", + "adminUrl": "", + "baseUrl": "", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "secret": "**********", - "redirectUris": [], - "webOrigins": [], + "redirectUris": [ + "/*" + ], + "webOrigins": [ + "/*" + ], "notBefore": 0, "bearerOnly": false, "consentRequired": false, @@ -5974,60 +5913,44 @@ "directAccessGrantsEnabled": false, "serviceAccountsEnabled": true, "publicClient": false, - "frontchannelLogout": false, + "frontchannelLogout": true, "protocol": "openid-connect", "attributes": { - "saml.assertion.signature": "false", - "id.token.as.detached.signature": "false", - "saml.multivalued.roles": "false", - "saml.force.post.binding": "false", - "saml.encrypt": "false", - "post.logout.redirect.uris": "+", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", + "client.secret.creation.time": "1722276592", "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "require.pushed.authorization.requests": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" + "oauth2.device.authorization.grant.enabled": "false", + "backchannel.logout.revoke.offline.tokens": "false" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { - "id": "09824b45-f47e-4213-90d5-7aec6a078314", - "name": "BPN", + "id": "0682c23e-4a5c-453c-8f90-d673a26249cb", + "name": "Client Host", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { + "user.session.note": "clientHost", + "introspection.token.claim": "true", "userinfo.token.claim": "true", - "user.attribute": "bpn", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "bpn", + "claim.name": "clientHost", "jsonType.label": "String" } }, { - "id": "0c72334b-238a-4f7b-bda6-3814bcd3b06e", + "id": "1a60719c-cf79-4abf-9832-c0b54fdbadd7", "name": "Client ID", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "client_id", + "introspection.token.claim": "true", "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", @@ -6036,40 +5959,44 @@ } }, { - "id": "5b4c8ff8-6c2d-4ece-a91d-6d3113688f6e", - "name": "Client Host", + "id": "67eb9289-f0b5-44ef-b7ab-b06a1f1ff8ce", + "name": "Client IP Address", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "clientHost", + "user.session.note": "clientAddress", + "introspection.token.claim": "true", "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientHost", + "claim.name": "clientAddress", "jsonType.label": "String" } }, { - "id": "36e185ed-3af8-489d-a94b-a280ae205e03", - "name": "Client IP Address", + "id": "2f6416a1-a59c-4fae-9bf8-52c288d86fb8", + "name": "BPN", "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "user.session.note": "clientAddress", + "introspection.token.claim": "true", "userinfo.token.claim": "true", + "user.attribute": "bpn", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientAddress", + "claim.name": "bpn", "jsonType.label": "String" } } ], "defaultClientScopes": [ "web-origins", - "roles", + "acr", "profile", + "roles", + "basic", "email" ], "optionalClientScopes": [ @@ -6080,10 +6007,10 @@ ] }, { - "id": "7278c4a3-539b-4ec5-8bdd-ba2eb55c2e83", - "clientId": "sa-cl24-01", - "name": "", - "description": "Technical User for SSI Credential Issuer (credential issuer helm chart: processesworker.portal.clientId)", + "id": "a1d9d140-8934-462a-afb3-64bcc70f1f36", + "clientId": "sa-cl25-cx-3", + "name": "BPDM Portal Gate Task Creator", + "description": "Technical User for the BPDM Portal Gate to create and monitor golden record tasks inside the Orchestrator", "rootUrl": "", "adminUrl": "", "baseUrl": "", @@ -6110,10 +6037,9 @@ "protocol": "openid-connect", "attributes": { "oidc.ciba.grant.enabled": "false", - "client.secret.creation.time": "1712762671", + "client.secret.creation.time": "1722276592", "backchannel.logout.session.required": "true", "oauth2.device.authorization.grant.enabled": "false", - "display.on.consent.screen": "false", "backchannel.logout.revoke.offline.tokens": "false" }, "authenticationFlowBindingOverrides": {}, @@ -6121,63 +6047,66 @@ "nodeReRegistrationTimeout": -1, "protocolMappers": [ { - "id": "452b40a8-0662-4039-8f30-c8b0e5e0e0a7", - "name": "Client Host", + "id": "d1db8b63-a6b4-49b9-92a6-d1a850e0d7ed", + "name": "BPN", "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "user.session.note": "clientHost", "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "bpn", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientHost", + "claim.name": "bpn", "jsonType.label": "String" } }, { - "id": "eb60d2ec-5147-4cf3-aa57-74399be1cb2a", - "name": "Client IP Address", + "id": "e0fc02e4-fa60-4508-9e67-e39b2fde3c62", + "name": "Client Host", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "clientAddress", + "user.session.note": "clientHost", "introspection.token.claim": "true", + "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientAddress", + "claim.name": "clientHost", "jsonType.label": "String" } }, { - "id": "5c3664df-0b87-4fbd-a8d6-b8cca657d46e", - "name": "Client ID", + "id": "6b7d0924-86e5-4576-8bd8-e2a182880754", + "name": "Client IP Address", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "client_id", + "user.session.note": "clientAddress", "introspection.token.claim": "true", + "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "client_id", + "claim.name": "clientAddress", "jsonType.label": "String" } }, { - "id": "62fbd871-2e40-4117-bda0-e8ecfae8019e", - "name": "BPN", + "id": "f5dd8f34-faf7-4406-8f12-1a1d4b876786", + "name": "Client ID", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { + "user.session.note": "client_id", "introspection.token.claim": "true", "userinfo.token.claim": "true", - "user.attribute": "bpn", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "bpn", + "claim.name": "client_id", "jsonType.label": "String" } } @@ -6185,8 +6114,9 @@ "defaultClientScopes": [ "web-origins", "acr", - "roles", "profile", + "roles", + "basic", "email" ], "optionalClientScopes": [ @@ -6197,7 +6127,7 @@ ] }, { - "id": "7beaee76-d447-4531-9433-fd9ce19d1460", + "id": "ad373cbd-07c0-41cb-abe3-5b9c05427d3a", "clientId": "sa-cl3-cx-1", "name": "Technical User CX internal - communication GitHub and Semantic Hub", "surrogateAuthRequired": false, @@ -6249,7 +6179,7 @@ "nodeReRegistrationTimeout": -1, "protocolMappers": [ { - "id": "702c92a9-9f89-4130-9d37-c1620529ca13", + "id": "b56b5ea2-227d-457f-a427-c3fee26cffd6", "name": "BPN", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", @@ -6263,55 +6193,56 @@ } }, { - "id": "b5ba389e-26b0-452f-b784-ea1492cf4a0a", - "name": "Client ID", + "id": "811f9416-dca2-4c93-a141-94d5ab4e4ca4", + "name": "Client IP Address", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "client_id", - "userinfo.token.claim": "true", + "user.session.note": "clientAddress", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "client_id", - "jsonType.label": "String" + "claim.name": "clientAddress", + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { - "id": "ef10553b-3bf7-46fe-910a-1bf8d7c74595", - "name": "Client IP Address", + "id": "1a478f3a-a758-48c1-9d66-37055ae393bb", + "name": "Client Host", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", + "user.session.note": "clientHost", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" + "claim.name": "clientHost", + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { - "id": "8e82412f-7088-4562-81f2-35b85f1859f5", - "name": "Client Host", + "id": "99c1e7de-117e-42f9-8cf6-76dd88eab410", + "name": "Client ID", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", + "user.session.note": "client_id", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" + "claim.name": "client_id", + "jsonType.label": "String", + "userinfo.token.claim": "true" } } ], "defaultClientScopes": [ "web-origins", - "roles", "profile", + "roles", + "basic", "email" ], "optionalClientScopes": [ @@ -6322,7 +6253,7 @@ ] }, { - "id": "50fa6455-a775-4683-b407-57a33a9b9f3b", + "id": "84637579-3b2c-4d20-bd12-532d95199ab9", "clientId": "sa-cl5-custodian-2", "name": "", "description": "Technical User for Portal to call Managed Identity Wallet (portal helm chart: backend.processesworker.custodian.clientId)", @@ -6362,29 +6293,140 @@ "use.refresh.tokens": "true", "exclude.session.state.from.auth.response": "false", "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", + "saml.artifact.binding": "false", + "backchannel.logout.session.required": "true", + "client_credentials.use_refresh_token": "false", + "saml_force_name_id_format": "false", + "require.pushed.authorization.requests": "false", + "saml.client.signature": "false", + "tls.client.certificate.bound.access.tokens": "false", + "saml.authnstatement": "false", + "display.on.consent.screen": "false", + "saml.onetimeuse.condition": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": -1, + "protocolMappers": [ + { + "id": "62ef1b4a-3d4d-4acb-ba1c-08fb45e61daa", + "name": "BPN", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "user.attribute": "bpn", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "bpn", + "jsonType.label": "String", + "userinfo.token.claim": "true" + } + }, + { + "id": "37d40167-cf74-4786-b2bd-46f6d0f53202", + "name": "Client ID", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "client_id", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "client_id", + "jsonType.label": "String", + "userinfo.token.claim": "true" + } + }, + { + "id": "fd75b6e2-ed46-4fcc-8dab-1cb572271124", + "name": "Client IP Address", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientAddress", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientAddress", + "jsonType.label": "String", + "userinfo.token.claim": "true" + } + }, + { + "id": "2acf28d2-d4a0-46ae-949a-4b6bb0a3f861", + "name": "Client Host", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientHost", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientHost", + "jsonType.label": "String", + "userinfo.token.claim": "true" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "roles", + "basic" + ], + "optionalClientScopes": [ + "microprofile-jwt" + ] + }, + { + "id": "3ceff74a-bccd-4569-b73e-620bed70cfa8", + "clientId": "sa-cl7-cx-1", + "name": "BPDM Portal Gate Pool Consumer", + "description": "Technical User for the BPDM Portal Gate to consume golden record data from the Pool", + "rootUrl": "", + "adminUrl": "", + "baseUrl": "", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "redirectUris": [ + "/*" + ], + "webOrigins": [ + "/*" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": true, + "publicClient": false, + "frontchannelLogout": true, + "protocol": "openid-connect", + "attributes": { + "oidc.ciba.grant.enabled": "false", + "client.secret.creation.time": "1722276592", "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" + "oauth2.device.authorization.grant.enabled": "false", + "backchannel.logout.revoke.offline.tokens": "false" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { - "id": "3d2518d7-950b-40da-b9d4-ca0fe3c6a328", + "id": "5871dd70-8db3-44d2-8c03-f207049f0716", "name": "Client Host", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "clientHost", + "introspection.token.claim": "true", "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", @@ -6393,13 +6435,14 @@ } }, { - "id": "728abacc-c436-4d67-b699-92957a69b519", + "id": "a24bf808-71b5-4818-9690-995963c3d264", "name": "Client IP Address", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "clientAddress", + "introspection.token.claim": "true", "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", @@ -6408,12 +6451,13 @@ } }, { - "id": "98c6f360-6714-455a-bc94-4fa0b5072866", + "id": "08b8a84e-3adb-4626-875c-e3ac89dc3d38", "name": "BPN", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { + "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "bpn", "id.token.claim": "true", @@ -6423,13 +6467,14 @@ } }, { - "id": "a7bf4bbd-2764-46c8-b211-5d9676b1380a", + "id": "07499101-fc08-460b-96e8-1d01d4791635", "name": "Client ID", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "client_id", + "introspection.token.claim": "true", "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", @@ -6440,14 +6485,21 @@ ], "defaultClientScopes": [ "web-origins", - "roles" + "acr", + "profile", + "roles", + "basic", + "email" ], "optionalClientScopes": [ + "address", + "phone", + "offline_access", "microprofile-jwt" ] }, { - "id": "183aae87-c9cf-4d70-934b-629aa6974c54", + "id": "32592910-c7b8-48c7-a913-b36b8c7b28cc", "clientId": "sa-cl7-cx-5", "description": "User for Portal to access BPDM for Company Address publishing into the BPDM (portal helm chart: backend.processesworker.bpdm.clientId)", "surrogateAuthRequired": false, @@ -6497,63 +6549,63 @@ "nodeReRegistrationTimeout": -1, "protocolMappers": [ { - "id": "2413cb54-b0a2-4e08-be68-9288b1b0b617", - "name": "BPN", + "id": "e11d6f44-a837-4ebf-adb8-0c81ce2a0012", + "name": "Client IP Address", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "bpn", + "user.session.note": "clientAddress", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "bpn", - "jsonType.label": "String" + "claim.name": "clientAddress", + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { - "id": "08dbaf87-e25e-489c-bec9-f062af3de2df", - "name": "Client IP Address", + "id": "602a3dab-2fe5-47c4-a47f-10e819565b40", + "name": "Client ID", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", + "user.session.note": "client_id", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" + "claim.name": "client_id", + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { - "id": "2420c9fc-2c5a-4e54-b6c1-3d72e4eb9e85", + "id": "6788184a-5394-4f5c-b273-681ed6cd8a1e", "name": "Client Host", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "clientHost", - "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "clientHost", - "jsonType.label": "String" + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { - "id": "fb8aa3d7-44dd-4348-9a43-a48fadb0a858", - "name": "Client ID", + "id": "00c2fda1-8ff5-4a1e-8793-005df838015e", + "name": "BPN", "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "user.session.note": "client_id", + "introspection.token.claim": "true", "userinfo.token.claim": "true", + "user.attribute": "bpn", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "client_id", + "claim.name": "bpn", "jsonType.label": "String" } } @@ -6562,6 +6614,7 @@ "web-origins", "roles", "profile", + "basic", "email" ], "optionalClientScopes": [ @@ -6572,7 +6625,7 @@ ] }, { - "id": "5ec47b9d-6808-4e11-88b0-a7863d4ebf4f", + "id": "91eff831-37f5-4d38-8727-1234bcf1bf8b", "clientId": "sa-cl7-cx-7", "name": "", "description": "Technical User for BPDM services to communicate between each other to realize the golden record process: used by the Portal Gate, Pool and Cleaning Service.", @@ -6602,9 +6655,9 @@ "protocol": "openid-connect", "attributes": { "oidc.ciba.grant.enabled": "false", - "oauth2.device.authorization.grant.enabled": "false", "client.secret.creation.time": "1722276592", "backchannel.logout.session.required": "true", + "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false" }, "authenticationFlowBindingOverrides": {}, @@ -6612,53 +6665,55 @@ "nodeReRegistrationTimeout": -1, "protocolMappers": [ { - "id": "e883740c-6417-432e-9c0c-a68878e03909", - "name": "Client IP Address", + "id": "847701da-5768-40e1-83da-d021990056ba", + "name": "Client Host", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "clientAddress", + "user.session.note": "clientHost", "introspection.token.claim": "true", + "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientAddress", + "claim.name": "clientHost", "jsonType.label": "String" } }, { - "id": "4524a57a-d00c-4472-b425-b5337c5ef498", - "name": "Client Host", + "id": "8b43a06f-1c70-4ea8-98dc-9beddcc2511a", + "name": "BPN", "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "user.session.note": "clientHost", "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "bpn", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientHost", + "claim.name": "bpn", "jsonType.label": "String" } }, { - "id": "61fd448d-d12f-4148-b8dd-f084af1cb485", - "name": "BPN", + "id": "e846a94f-de18-41f9-a604-5fcfb5b70b7e", + "name": "Client IP Address", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { + "user.session.note": "clientAddress", "introspection.token.claim": "true", "userinfo.token.claim": "true", - "user.attribute": "bpn", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "bpn", + "claim.name": "clientAddress", "jsonType.label": "String" } }, { - "id": "7e3f9e39-dcba-464e-9797-94e8ad9aef40", + "id": "d9f531bf-71be-46fb-8667-e5f3e7f8a952", "name": "Client ID", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", @@ -6666,6 +6721,7 @@ "config": { "user.session.note": "client_id", "introspection.token.claim": "true", + "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "client_id", @@ -6678,6 +6734,7 @@ "acr", "roles", "profile", + "basic", "email" ], "optionalClientScopes": [ @@ -6688,7 +6745,7 @@ ] }, { - "id": "c2bdc736-ca35-43c4-8e18-27e7425df9f0", + "id": "4ed85fe4-0efb-46cf-ad17-c7778e0f360b", "clientId": "sa-cl8-cx-1", "description": "Technical User for Portal to SD (portal helm chart: backend.processesworker.sdfactory.clientId)", "surrogateAuthRequired": false, @@ -6740,77 +6797,78 @@ "nodeReRegistrationTimeout": -1, "protocolMappers": [ { - "id": "459ecd6f-7d60-490a-9e78-b82bfc5592bc", - "name": "BPN", + "id": "896494dc-2f89-4abf-a84b-0dd562edb7d7", + "name": "Client IP Address", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "bpn", + "user.session.note": "clientAddress", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "bpn", - "jsonType.label": "String" + "claim.name": "clientAddress", + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { - "id": "5049595f-673e-4ce2-9ce2-90e11c0fc6e9", - "name": "Client IP Address", + "id": "beefa361-6e50-4f40-be4d-acb98496ce1d", + "name": "BPN", "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "user.session.note": "clientAddress", + "introspection.token.claim": "true", "userinfo.token.claim": "true", + "user.attribute": "bpn", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientAddress", + "claim.name": "bpn", "jsonType.label": "String" } }, { - "id": "b8086ec0-3da2-4f98-a7fd-19d007709e6f", + "id": "117af2b0-ea2d-4800-8c09-c83b1f3e8f14", "name": "Client Host", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "clientHost", - "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "clientHost", - "jsonType.label": "String" + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { - "id": "55da2734-a7e2-4d89-b210-7cb0a24fced4", + "id": "1d3c1774-1c4f-40f3-945e-3b3fb6d0bcbf", "name": "Client ID", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "client_id", - "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "client_id", - "jsonType.label": "String" + "jsonType.label": "String", + "userinfo.token.claim": "true" } } ], "defaultClientScopes": [ "web-origins", - "roles" + "roles", + "basic" ], "optionalClientScopes": [ "microprofile-jwt" ] }, { - "id": "d5265cd8-d128-4dc9-8602-d49d1df0a86c", + "id": "78fc514d-b77c-4d04-bb6c-2bd52d578f4b", "clientId": "security-admin-console", "name": "${client_security-admin-console}", "rootUrl": "${authAdminUrl}", @@ -6844,25 +6902,26 @@ "nodeReRegistrationTimeout": 0, "protocolMappers": [ { - "id": "12d9df9a-241b-4ec2-bafa-3f26ccaa1890", + "id": "f1dc2ec5-3256-46ea-b879-45c925df4d3d", "name": "locale", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", "user.attribute": "locale", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "locale", - "jsonType.label": "String" + "jsonType.label": "String", + "userinfo.token.claim": "true" } } ], "defaultClientScopes": [ "web-origins", - "roles", "profile", + "roles", + "basic", "email" ], "optionalClientScopes": [ @@ -6873,7 +6932,7 @@ ] }, { - "id": "6df310ed-500e-43d5-b510-fa4668e939ee", + "id": "114605ea-9c64-4dff-9bc7-90fe02a004c3", "clientId": "technical_roles_management", "surrogateAuthRequired": false, "enabled": true, @@ -6935,7 +6994,7 @@ ], "clientScopes": [ { - "id": "32795711-2e76-43f9-8138-3ce5b9eae1a2", + "id": "e6ce522a-c5af-4be9-9b84-4288d4344783", "name": "catena", "protocol": "openid-connect", "attributes": { @@ -6950,12 +7009,12 @@ "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", "user.attribute": "organisation", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "organisation", - "jsonType.label": "String" + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { @@ -6965,12 +7024,12 @@ "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", "user.attribute": "username", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "preferred_username", - "jsonType.label": "String" + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { @@ -6980,519 +7039,557 @@ "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", "user.attribute": "bpn", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "bpn", - "jsonType.label": "String" + "jsonType.label": "String", + "userinfo.token.claim": "true" } } ] }, { - "id": "13834c57-9211-4e3e-b892-0632a3c15225", - "name": "phone", - "description": "OpenID Connect built-in scope: phone", + "id": "954bae49-cdf9-4463-a8f9-cedc172bcb50", + "name": "email", + "description": "OpenID Connect built-in scope: email", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${phoneScopeConsentText}" + "consent.screen.text": "${emailScopeConsentText}", + "display.on.consent.screen": "true" }, "protocolMappers": [ { - "id": "6c0bfbc5-e3d7-45f9-a0bc-61e30225e22b", - "name": "phone number verified", + "id": "a4c25827-ae7f-4141-afe4-b13524b3f6e1", + "name": "email", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumberVerified", + "user.attribute": "email", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "phone_number_verified", - "jsonType.label": "boolean" + "claim.name": "email", + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { - "id": "8868b283-df78-4c9a-b78e-1c29e4b9b61c", - "name": "phone number", + "id": "3f2cafaf-199d-47b0-8d7c-741c0a9fa86e", + "name": "email verified", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumber", + "user.attribute": "emailVerified", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "phone_number", - "jsonType.label": "String" + "claim.name": "email_verified", + "jsonType.label": "boolean", + "userinfo.token.claim": "true" } } ] }, { - "id": "23e5acb7-2d8c-4bca-8565-36fb57ee7ee0", - "name": "role_list", - "description": "SAML role list", - "protocol": "saml", + "id": "6a635762-74c7-4256-809f-c6606a61e3f3", + "name": "web-origins", + "description": "OpenID Connect scope for add allowed web origins to the access token", + "protocol": "openid-connect", "attributes": { - "consent.screen.text": "${samlRoleListScopeConsentText}", - "display.on.consent.screen": "true" + "include.in.token.scope": "false", + "consent.screen.text": "", + "display.on.consent.screen": "false" }, "protocolMappers": [ { - "id": "0adf14b5-a345-4d20-83cc-2a353c686161", - "name": "role list", - "protocol": "saml", - "protocolMapper": "saml-role-list-mapper", + "id": "43886c4f-43c1-4071-9e14-7da0ecc66bb6", + "name": "allowed web origins", + "protocol": "openid-connect", + "protocolMapper": "oidc-allowed-origins-mapper", "consentRequired": false, - "config": { - "single": "false", - "attribute.nameformat": "Basic", - "attribute.name": "Role" - } + "config": {} } ] }, { - "id": "fc35a8f5-fedd-4b66-b3fa-9427e3947dc5", - "name": "roles", - "description": "OpenID Connect scope for add user roles to the access token", + "id": "c34356c8-8024-443f-8f6f-3fdaf15bfc89", + "name": "offline_access", + "description": "OpenID Connect built-in scope: offline_access", "protocol": "openid-connect", "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "true", - "consent.screen.text": "${rolesScopeConsentText}" + "consent.screen.text": "${offlineAccessScopeConsentText}", + "display.on.consent.screen": "true" + } + }, + { + "id": "e486c0c0-489e-4d82-99d8-3da02c934ee4", + "name": "profile", + "description": "OpenID Connect built-in scope: profile", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "consent.screen.text": "${profileScopeConsentText}", + "display.on.consent.screen": "true" }, "protocolMappers": [ { - "id": "73a111cf-271c-4b9f-abca-e4894e29229d", - "name": "realm roles", + "id": "5499bdf8-9e42-4912-9cf0-8afdd45915c1", + "name": "nickname", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "user.attribute": "foo", + "user.attribute": "nickname", + "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "realm_access.roles", + "claim.name": "nickname", "jsonType.label": "String", - "multivalued": "true" + "userinfo.token.claim": "true" } }, { - "id": "c06270fe-f203-4c9b-92a8-ff716b81127a", - "name": "audience resolve", + "id": "eb0a1b6f-0c50-42de-827c-87e8e7c1aae6", + "name": "picture", "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, - "config": {} + "config": { + "user.attribute": "picture", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "picture", + "jsonType.label": "String", + "userinfo.token.claim": "true" + } }, { - "id": "8e22da0e-f450-444a-80b4-824a69532949", - "name": "client roles", + "id": "dd78db4b-fe72-4982-8c31-b6757ef03b28", + "name": "gender", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-client-role-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "user.attribute": "foo", + "user.attribute": "gender", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "gender", + "jsonType.label": "String", + "userinfo.token.claim": "true" + } + }, + { + "id": "69eefa8f-d7eb-4e2d-ade7-601b2774f57f", + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "user.attribute": "username", + "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "resource_access.${client_id}.roles", + "claim.name": "preferred_username", "jsonType.label": "String", - "multivalued": "true" + "userinfo.token.claim": "true" } - } - ] - }, - { - "id": "09dc23a3-1b9f-4b9d-aa87-e875f0f20655", - "name": "address", - "description": "OpenID Connect built-in scope: address", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${addressScopeConsentText}" - }, - "protocolMappers": [ + }, { - "id": "0543fff7-3732-433b-8a24-d2784bba1501", - "name": "address", + "id": "8e955fb2-3dc1-4c07-a85b-1cbd216b1c74", + "name": "family name", "protocol": "openid-connect", - "protocolMapper": "oidc-address-mapper", + "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { - "user.attribute.country": "country", - "user.attribute.postal_code": "postal_code", - "userinfo.token.claim": "true", - "user.attribute.street": "street", + "user.attribute": "lastName", "id.token.claim": "true", - "user.attribute.region": "region", "access.token.claim": "true", - "user.attribute.locality": "locality" + "claim.name": "family_name", + "jsonType.label": "String", + "userinfo.token.claim": "true" } - } - ] - }, - { - "id": "34a2f332-9752-4a7f-9d61-b4dbd40946b4", - "name": "microprofile-jwt", - "description": "Microprofile - JWT built-in scope", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ + }, { - "id": "955c2cb6-3abb-44d1-a3eb-9ebec0cf6094", - "name": "upn", + "id": "d4770741-a6bc-4c54-b44b-c67092d1aedd", + "name": "middle name", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", + "user.attribute": "middleName", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "upn", - "jsonType.label": "String" + "claim.name": "middle_name", + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { - "id": "48b4aa99-383c-4178-b966-c0ae710d8c21", - "name": "groups", + "id": "b73b2460-2caa-4543-80dc-c87adf126236", + "name": "profile", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "multivalued": "true", - "userinfo.token.claim": "true", - "user.attribute": "foo", + "user.attribute": "profile", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "groups", - "jsonType.label": "String" + "claim.name": "profile", + "jsonType.label": "String", + "userinfo.token.claim": "true" } - } - ] - }, - { - "id": "e24a7d06-7406-4b2f-854e-a5653f8b964f", - "name": "profile", - "description": "OpenID Connect built-in scope: profile", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${profileScopeConsentText}" - }, - "protocolMappers": [ + }, { - "id": "987e5408-e6ef-4cd2-a51f-451fb7c0dc4e", + "id": "61f01758-a1b3-4787-93e5-9409fb94e664", "name": "locale", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", "user.attribute": "locale", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "locale", - "jsonType.label": "String" + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { - "id": "1a9bd37a-377a-48ae-9b95-a1c0c5f3fa08", - "name": "username", + "id": "37cb17d3-d52e-4224-bd16-66b39d1191c0", + "name": "birthdate", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", + "user.attribute": "birthdate", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" + "claim.name": "birthdate", + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { - "id": "dca5ee31-87cb-407b-aba6-d6c846e6a6b4", + "id": "c574876a-4baf-4f76-9846-5f367211a5af", "name": "zoneinfo", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", "user.attribute": "zoneinfo", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "zoneinfo", - "jsonType.label": "String" + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { - "id": "6af98429-3234-4f57-95c0-7df4209cb349", - "name": "family name", + "id": "b6bd8981-aa88-4024-ada2-13696fc48dda", + "name": "given name", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", - "user.attribute": "lastName", + "user.attribute": "firstName", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" + "claim.name": "given_name", + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { - "id": "b7e70ea0-1b54-469b-b818-dcb7d4657d9b", - "name": "given name", + "id": "8a7bb347-cbfc-4bde-a356-e9188bba9276", + "name": "full name", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", + "protocolMapper": "oidc-full-name-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", - "user.attribute": "firstName", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" + "userinfo.token.claim": "true" } }, { - "id": "02aff4ea-454c-41cf-8bf6-1bea1e933812", - "name": "nickname", + "id": "9d80076b-d6de-4df3-bbb9-4f3ea86ebc71", + "name": "website", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", - "user.attribute": "nickname", + "user.attribute": "website", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "nickname", - "jsonType.label": "String" + "claim.name": "website", + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { - "id": "438a5f2c-727b-4ba2-82de-d5cf4b8d4daa", - "name": "gender", + "id": "66158ae3-abbe-4647-b666-8c506050217d", + "name": "updated at", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", - "user.attribute": "gender", + "user.attribute": "updatedAt", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "gender", - "jsonType.label": "String" + "claim.name": "updated_at", + "jsonType.label": "String", + "userinfo.token.claim": "true" } - }, + } + ] + }, + { + "id": "74969d63-cabe-40d2-b0a1-639af234932a", + "name": "microprofile-jwt", + "description": "Microprofile - JWT built-in scope", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ { - "id": "70bf1855-c34a-4bd3-a06d-f3d62d91693b", - "name": "middle name", + "id": "d7700771-1707-41ac-b328-ad9c7daef0cb", + "name": "groups", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-usermodel-realm-role-mapper", "consentRequired": false, "config": { + "multivalued": "true", "userinfo.token.claim": "true", - "user.attribute": "middleName", + "user.attribute": "foo", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "middle_name", + "claim.name": "groups", "jsonType.label": "String" } }, { - "id": "0c9106a1-9c93-47bd-85b3-8607ba8485c2", - "name": "full name", + "id": "6d555789-7885-4e79-8f76-b79f3e0757ab", + "name": "upn", "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", + "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { + "user.attribute": "username", "id.token.claim": "true", "access.token.claim": "true", + "claim.name": "upn", + "jsonType.label": "String", "userinfo.token.claim": "true" } - }, + } + ] + }, + { + "id": "585e978d-81f7-4a55-a6b9-76162491094f", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ { - "id": "4386dc68-8dd3-4439-8c63-eabcdb92fd76", - "name": "birthdate", + "id": "7286d1ec-110a-4d05-a6b9-6a67554070ae", + "name": "acr loa level", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-acr-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", - "user.attribute": "birthdate", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "birthdate", - "jsonType.label": "String" + "userinfo.token.claim": "true" } - }, + } + ] + }, + { + "id": "60a38dbf-70ee-4875-82f2-165b47758955", + "name": "roles", + "description": "OpenID Connect scope for add user roles to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "consent.screen.text": "${rolesScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ { - "id": "78be8eb6-ca31-434c-8441-6abbfe553a22", - "name": "profile", + "id": "19276da0-eed8-4e9c-ac40-6a43f6dab43a", + "name": "client roles", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-usermodel-client-role-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", - "user.attribute": "profile", - "id.token.claim": "true", + "user.attribute": "foo", "access.token.claim": "true", - "claim.name": "profile", - "jsonType.label": "String" + "claim.name": "resource_access.${client_id}.roles", + "jsonType.label": "String", + "multivalued": "true" } }, { - "id": "fb918735-48a7-4f96-8830-606815788dfb", - "name": "picture", + "id": "21314dd4-fd5f-417f-acbb-1a6112ac5a18", + "name": "audience resolve", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-audience-resolve-mapper", "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "picture", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "picture", - "jsonType.label": "String" - } + "config": {} }, { - "id": "6e4e8483-7c58-4539-98d1-4b02ff5dc6f5", - "name": "updated at", + "id": "4ef2ef6e-25c1-4384-9b04-c67e29d6ca50", + "name": "realm roles", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-usermodel-realm-role-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", - "user.attribute": "updatedAt", - "id.token.claim": "true", + "user.attribute": "foo", "access.token.claim": "true", - "claim.name": "updated_at", - "jsonType.label": "String" + "claim.name": "realm_access.roles", + "jsonType.label": "String", + "multivalued": "true" } - }, + } + ] + }, + { + "id": "85db8729-720a-4257-90f0-0d5a7ff5cc98", + "name": "address", + "description": "OpenID Connect built-in scope: address", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "consent.screen.text": "${addressScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ { - "id": "58e59849-6457-4c8b-b713-2c5a008461c6", - "name": "website", + "id": "d8cae4a7-cec7-4878-b389-7f05f8382426", + "name": "address", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-address-mapper", "consentRequired": false, "config": { + "user.attribute.country": "country", + "user.attribute.postal_code": "postal_code", "userinfo.token.claim": "true", - "user.attribute": "website", + "user.attribute.street": "street", "id.token.claim": "true", + "user.attribute.region": "region", "access.token.claim": "true", - "claim.name": "website", - "jsonType.label": "String" + "user.attribute.locality": "locality" } } ] }, { - "id": "99ca536c-58c2-432f-904e-10926bbc207b", - "name": "offline_access", - "description": "OpenID Connect built-in scope: offline_access", - "protocol": "openid-connect", - "attributes": { - "consent.screen.text": "${offlineAccessScopeConsentText}", - "display.on.consent.screen": "true" - } - }, - { - "id": "8a14f08a-0ba9-44ae-83bd-5a65b9d0fe8c", - "name": "email", - "description": "OpenID Connect built-in scope: email", + "id": "fe9940f8-a33d-42c2-9b3b-7ebf03804be8", + "name": "phone", + "description": "OpenID Connect built-in scope: phone", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${emailScopeConsentText}" + "consent.screen.text": "${phoneScopeConsentText}", + "display.on.consent.screen": "true" }, "protocolMappers": [ { - "id": "2c452702-a301-4cc7-b76c-619b23f44fa0", - "name": "email verified", + "id": "6a02572c-8eb0-45e8-bbdb-ebd39cd8ea7c", + "name": "phone number", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", - "user.attribute": "emailVerified", + "user.attribute": "phoneNumber", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "email_verified", - "jsonType.label": "boolean" + "claim.name": "phone_number", + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { - "id": "1e6f0566-fc33-4e1f-bf4e-686676fcde70", - "name": "email", + "id": "2a971b6b-3e7f-4fed-8cc2-95ea8191433a", + "name": "phone number verified", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", - "user.attribute": "email", + "user.attribute": "phoneNumberVerified", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" + "claim.name": "phone_number_verified", + "jsonType.label": "boolean", + "userinfo.token.claim": "true" } } ] }, { - "id": "2629904c-d708-4072-9fe4-98e4a30c7dde", - "name": "web-origins", - "description": "OpenID Connect scope for add allowed web origins to the access token", + "id": "ea4972a9-9ca1-4de1-a7f7-a59a1176a138", + "name": "basic", + "description": "OpenID Connect scope for add all basic claims to the token", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "false", - "display.on.consent.screen": "false", - "consent.screen.text": "" + "display.on.consent.screen": "false" }, "protocolMappers": [ { - "id": "07ab75f1-40a3-4b2c-ae83-94dac6e529e2", - "name": "allowed web origins", + "id": "66fc44de-6d98-466b-84e1-171aaa458ce3", + "name": "sub", "protocol": "openid-connect", - "protocolMapper": "oidc-allowed-origins-mapper", + "protocolMapper": "oidc-sub-mapper", "consentRequired": false, - "config": {} + "config": { + "introspection.token.claim": "true", + "access.token.claim": "true" + } + }, + { + "id": "cb7dd3f0-d146-4529-9679-5898b418ae3f", + "name": "auth_time", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "AUTH_TIME", + "id.token.claim": "true", + "introspection.token.claim": "true", + "access.token.claim": "true", + "claim.name": "auth_time", + "jsonType.label": "long" + } } ] }, { - "id": "b0cb460b-b342-4c93-8e43-b4b29dd26d40", - "name": "acr", - "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", - "protocol": "openid-connect", + "id": "5d07139c-4307-4e8d-809c-437845c53bb2", + "name": "role_list", + "description": "SAML role list", + "protocol": "saml", "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "false" + "consent.screen.text": "${samlRoleListScopeConsentText}", + "display.on.consent.screen": "true" }, "protocolMappers": [ { - "id": "a49b8ad7-3e2d-4a04-a2a0-bc0bcce786c9", - "name": "acr loa level", - "protocol": "openid-connect", - "protocolMapper": "oidc-acr-mapper", + "id": "14e2e79f-36f8-44d6-a6d2-ed15c07e4c5b", + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", "consentRequired": false, "config": { - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" } } ] @@ -7500,11 +7597,12 @@ ], "defaultDefaultClientScopes": [ "role_list", + "profile", "email", "roles", "web-origins", - "profile", - "acr" + "acr", + "basic" ], "defaultOptionalClientScopes": [ "offline_access", @@ -7515,7 +7613,6 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", - "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -7615,7 +7712,7 @@ { "alias": "CX-Operator", "displayName": "CX-Operator", - "internalId": "fbc571fd-cd44-4cec-a36e-4eba647fe712", + "internalId": "c5a8426b-9d7b-497d-80b0-ca2ada92fb2b", "providerId": "keycloak-oidc", "enabled": true, "updateProfileFirstLoginMode": "on", @@ -7629,11 +7726,11 @@ "hideOnLoginPage": "false", "validateSignature": "true", "clientId": "central-idp", - "tokenUrl": "https://sharedidp.example.org/auth/realms/CX-Operator/protocol/openid-connect/token", - "jwksUrl": "https://sharedidp.example.org/auth/realms/CX-Operator/protocol/openid-connect/certs", - "authorizationUrl": "https://sharedidp.example.org/auth/realms/CX-Operator/protocol/openid-connect/auth", + "tokenUrl": "http://sharedidp.example.org/auth/realms/CX-Operator/protocol/openid-connect/token", + "jwksUrl": "http://sharedidp.example.org/auth/realms/CX-Operator/protocol/openid-connect/certs", + "authorizationUrl": "http://sharedidp.example.org/auth/realms/CX-Operator/protocol/openid-connect/auth", "clientAuthMethod": "private_key_jwt", - "logoutUrl": "https://sharedidp.example.org/auth/realms/CX-Operator/protocol/openid-connect/logout", + "logoutUrl": "http://sharedidp.example.org/auth/realms/CX-Operator/protocol/openid-connect/logout", "clientAssertionSigningAlg": "RS256", "syncMode": "FORCE", "useJwksUrl": "true" @@ -7642,7 +7739,7 @@ ], "identityProviderMappers": [ { - "id": "05407473-42a0-4630-90ed-ce2d6d70108e", + "id": "0aba0869-4849-4834-a2f3-6d8e908ef38b", "name": "organisation-mapper", "identityProviderAlias": "CX-Operator", "identityProviderMapper": "hardcoded-attribute-idp-mapper", @@ -7656,19 +7753,50 @@ "components": { "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ { - "id": "ab25cbe7-60bc-49ed-aa4a-707f84a70893", - "name": "Max Clients Limit", - "providerId": "max-clients", + "id": "d8efed13-f59b-4ba8-88fb-e2c4f5c4c42b", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } + }, + { + "id": "b19653bb-2f86-4586-a79b-5025982badb6", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", "subType": "anonymous", "subComponents": {}, "config": { - "max-clients": [ - "200" + "allowed-protocol-mapper-types": [ + "saml-user-attribute-mapper", + "oidc-address-mapper", + "oidc-sha256-pairwise-sub-mapper", + "oidc-usermodel-attribute-mapper", + "saml-user-property-mapper", + "oidc-full-name-mapper", + "saml-role-list-mapper", + "oidc-usermodel-property-mapper" + ] + } + }, + { + "id": "fbeb0743-ed8b-4d5b-b2f9-ec4a98d9c8fd", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" ] } }, { - "id": "277b586e-0b26-40e9-90d1-e76305d69a10", + "id": "c0772464-095b-4c45-a7b6-39460a815da6", "name": "Consent Required", "providerId": "consent-required", "subType": "anonymous", @@ -7676,7 +7804,7 @@ "config": {} }, { - "id": "552bd2e5-c656-4796-8d61-b87c3508aab5", + "id": "4434b0b5-bbb8-494a-a0ff-d66893d88d68", "name": "Trusted Hosts", "providerId": "trusted-hosts", "subType": "anonymous", @@ -7691,26 +7819,7 @@ } }, { - "id": "de1bbb33-9e18-4fc1-9ea3-1fd8ad22eae9", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "oidc-address-mapper", - "oidc-usermodel-property-mapper", - "saml-user-attribute-mapper", - "saml-role-list-mapper", - "oidc-sha256-pairwise-sub-mapper", - "saml-user-property-mapper", - "oidc-usermodel-attribute-mapper", - "oidc-full-name-mapper" - ] - } - }, - { - "id": "b521525f-30e3-4b93-b42b-8c0dd53fc3af", + "id": "a4850d49-9df2-450d-943e-225f02d8aea2", "name": "Full Scope Disabled", "providerId": "scope", "subType": "anonymous", @@ -7718,90 +7827,79 @@ "config": {} }, { - "id": "a4df1d6a-2c46-44f4-9d06-62eb9b754bab", + "id": "e0d17fcf-cb52-4c26-8ab4-11b9e9a270fd", "name": "Allowed Protocol Mapper Types", "providerId": "allowed-protocol-mappers", - "subType": "anonymous", + "subType": "authenticated", "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ "oidc-address-mapper", - "oidc-usermodel-attribute-mapper", - "saml-user-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", - "oidc-usermodel-property-mapper", - "saml-role-list-mapper", "saml-user-property-mapper", + "saml-role-list-mapper", + "oidc-usermodel-property-mapper", + "saml-user-attribute-mapper", + "oidc-usermodel-attribute-mapper", "oidc-full-name-mapper" ] } }, { - "id": "f7e25fe0-dfe5-451a-8f54-ceea0cf201b4", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", + "id": "aaa639c0-d94c-44f4-95cd-6d0eb8e72cb1", + "name": "Max Clients Limit", + "providerId": "max-clients", "subType": "anonymous", "subComponents": {}, "config": { - "allow-default-scopes": [ - "true" - ] - } - }, - { - "id": "d15d2dae-9c9c-4c7d-83f3-726f29194489", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" + "max-clients": [ + "200" ] } } ], "org.keycloak.userprofile.UserProfileProvider": [ { - "id": "8574d707-4fa1-4cd3-851d-9c5ab5491356", + "id": "28c95b37-8ccd-42f5-be92-9cfbcff47848", "providerId": "declarative-user-profile", "subComponents": {}, - "config": {} + "config": { + "kc.user.profile.config": [ + "{\"attributes\":[{\"name\":\"username\",\"displayName\":\"${username}\",\"validations\":{\"length\":{\"min\":3,\"max\":255},\"username-prohibited-characters\":{},\"up-username-not-idn-homograph\":{}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"email\",\"displayName\":\"${email}\",\"validations\":{\"email\":{},\"length\":{\"max\":255}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"firstName\",\"displayName\":\"${firstName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"lastName\",\"displayName\":\"${lastName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false}],\"groups\":[{\"name\":\"user-metadata\",\"displayHeader\":\"User metadata\",\"displayDescription\":\"Attributes, which refer to user metadata\"}],\"unmanagedAttributePolicy\":\"ENABLED\"}" + ] + } } ], "org.keycloak.keys.KeyProvider": [ { - "id": "2bd55ad0-2f32-40f3-9749-c2d422fb697d", - "name": "hmac-generated", - "providerId": "hmac-generated", + "id": "e30e81eb-fa28-4c4b-93ae-ced53fb9fb62", + "name": "rsa-enc-generated", + "providerId": "rsa-enc-generated", "subComponents": {}, "config": { "priority": [ "100" ], "algorithm": [ - "HS256" + "RSA-OAEP" ] } }, { - "id": "676a20ad-a79d-4175-998a-672bf4826e92", - "name": "rsa-enc-generated", - "providerId": "rsa-enc-generated", + "id": "bdaabfca-7391-4321-9a28-918f35226f02", + "name": "rsa-generated", + "providerId": "rsa-generated", "subComponents": {}, "config": { "priority": [ "100" - ], - "algorithm": [ - "RSA-OAEP" ] } }, { - "id": "50220023-09bf-443a-a8b3-f306279cbb5b", - "name": "rsa-generated", - "providerId": "rsa-generated", + "id": "35e6f9f0-3934-49d4-8503-2735998ab314", + "name": "aes-generated", + "providerId": "aes-generated", "subComponents": {}, "config": { "priority": [ @@ -7810,13 +7908,30 @@ } }, { - "id": "a510d16e-c3f7-4a88-b853-625a2cd357b4", - "name": "aes-generated", - "providerId": "aes-generated", + "id": "2dad0067-8462-4b92-ae96-f06f58c4e7ce", + "name": "hmac-generated-hs512", + "providerId": "hmac-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ], + "algorithm": [ + "HS512" + ] + } + }, + { + "id": "5836315d-2cb6-4dc7-beec-4f52aa609461", + "name": "hmac-generated", + "providerId": "hmac-generated", "subComponents": {}, "config": { "priority": [ "100" + ], + "algorithm": [ + "HS256" ] } } @@ -7827,10 +7942,9 @@ "de", "en" ], - "defaultLocale": "en", "authenticationFlows": [ { - "id": "fff7e51f-802f-4826-b18e-551667d2f5af", + "id": "b85acc77-a0fd-492e-841f-051eb40cd92f", "alias": "Account verification options", "description": "Method with which to verity the existing account", "providerId": "basic-flow", @@ -7856,7 +7970,7 @@ ] }, { - "id": "078aeee3-8e08-4904-9455-10e86293fdc3", + "id": "a5422b70-5a80-46e1-882c-edf421ce0c6d", "alias": "Browser - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -7882,7 +7996,7 @@ ] }, { - "id": "97a6d2ad-95fe-4a49-ba16-4fe37716f8ca", + "id": "d3365b5f-aded-4ca2-adf1-ceb7b9023d69", "alias": "Direct Grant - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -7908,7 +8022,7 @@ ] }, { - "id": "43a7d34e-262c-42ef-874a-42a7151ef7fe", + "id": "687f5531-3dcd-478f-998b-22207de05099", "alias": "First broker login - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -7934,7 +8048,7 @@ ] }, { - "id": "49dbe5c0-a28e-4bc1-a735-01b1d44526f8", + "id": "992302c6-cb66-454f-8f55-c03880d66512", "alias": "Handle Existing Account", "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", "providerId": "basic-flow", @@ -7960,7 +8074,7 @@ ] }, { - "id": "8843a182-cb40-40c8-acb8-a96c131820bc", + "id": "c5eea5f4-0acf-4263-a390-5c0c98293363", "alias": "Login without auto user creation", "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", "providerId": "basic-flow", @@ -7972,14 +8086,14 @@ "authenticator": "idp-review-profile", "authenticatorFlow": false, "requirement": "REQUIRED", - "priority": 10, + "priority": 0, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", - "priority": 20, + "priority": 1, "autheticatorFlow": true, "flowAlias": "Login without auto user creation User creation or linking", "userSetupAllowed": false @@ -7987,7 +8101,7 @@ ] }, { - "id": "bad3c307-e0c7-47b3-8124-3d850c5dbb8f", + "id": "04aff745-a5d9-4a3e-9553-79bea685cb4f", "alias": "Login without auto user creation Account verification options", "description": "Method with which to verity the existing account", "providerId": "basic-flow", @@ -7998,14 +8112,14 @@ "authenticator": "idp-email-verification", "authenticatorFlow": false, "requirement": "ALTERNATIVE", - "priority": 10, + "priority": 0, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", - "priority": 20, + "priority": 1, "autheticatorFlow": true, "flowAlias": "Login without auto user creation Verify Existing Account by Re-authentication", "userSetupAllowed": false @@ -8013,7 +8127,7 @@ ] }, { - "id": "0875bc85-b5cc-4268-8faf-3706d2d377ad", + "id": "0294d6de-01c0-496c-8597-2a509855d779", "alias": "Login without auto user creation First broker login - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -8024,7 +8138,7 @@ "authenticator": "conditional-user-configured", "authenticatorFlow": false, "requirement": "REQUIRED", - "priority": 10, + "priority": 0, "autheticatorFlow": false, "userSetupAllowed": false }, @@ -8032,14 +8146,14 @@ "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", - "priority": 20, + "priority": 1, "autheticatorFlow": false, "userSetupAllowed": false } ] }, { - "id": "a98586a2-cdf9-411d-aea8-48c4cf7b139a", + "id": "f111f3b0-bda1-4352-92b2-4881a12d6af8", "alias": "Login without auto user creation Handle Existing Account", "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", "providerId": "basic-flow", @@ -8050,14 +8164,14 @@ "authenticator": "idp-confirm-link", "authenticatorFlow": false, "requirement": "REQUIRED", - "priority": 10, + "priority": 0, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", - "priority": 20, + "priority": 1, "autheticatorFlow": true, "flowAlias": "Login without auto user creation Account verification options", "userSetupAllowed": false @@ -8065,7 +8179,7 @@ ] }, { - "id": "5c6cb05b-6984-4884-ada0-302a352cae52", + "id": "0eb07b77-6732-4a43-a9f1-d8d9b259dc04", "alias": "Login without auto user creation User creation or linking", "description": "Flow for the existing/non-existing user alternatives", "providerId": "basic-flow", @@ -8077,14 +8191,14 @@ "authenticator": "idp-create-user-if-unique", "authenticatorFlow": false, "requirement": "DISABLED", - "priority": 10, + "priority": 0, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", - "priority": 20, + "priority": 1, "autheticatorFlow": true, "flowAlias": "Login without auto user creation Handle Existing Account", "userSetupAllowed": false @@ -8092,7 +8206,7 @@ ] }, { - "id": "87cd4301-f245-4e81-9877-51bea2f77c4f", + "id": "3dac707d-500f-431c-8990-fa72012109b8", "alias": "Login without auto user creation Verify Existing Account by Re-authentication", "description": "Reauthentication of existing account", "providerId": "basic-flow", @@ -8103,14 +8217,14 @@ "authenticator": "idp-username-password-form", "authenticatorFlow": false, "requirement": "REQUIRED", - "priority": 10, + "priority": 0, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", - "priority": 20, + "priority": 1, "autheticatorFlow": true, "flowAlias": "Login without auto user creation First broker login - Conditional OTP", "userSetupAllowed": false @@ -8118,7 +8232,7 @@ ] }, { - "id": "75deb0f4-5ce1-4daa-ac6a-ad992dee52cc", + "id": "03b28db9-25de-474b-9238-1d27b9b33f35", "alias": "Reset - Conditional OTP", "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", "providerId": "basic-flow", @@ -8144,7 +8258,7 @@ ] }, { - "id": "70aac624-4ea6-45b7-a3fc-d8456ef2efdc", + "id": "134e7c36-1c17-4391-b8aa-a2363a7f11b7", "alias": "User creation or linking", "description": "Flow for the existing/non-existing user alternatives", "providerId": "basic-flow", @@ -8171,7 +8285,7 @@ ] }, { - "id": "6913a8ea-93d4-4ff7-a6c4-388b2b88cb60", + "id": "22872037-65f9-4d83-b526-4974498be36c", "alias": "Verify Existing Account by Re-authentication", "description": "Reauthentication of existing account", "providerId": "basic-flow", @@ -8197,7 +8311,7 @@ ] }, { - "id": "ffae9561-c06f-4b23-9748-8120ab8baaa8", + "id": "12e95146-d54c-43e7-a34b-1828645a0c8b", "alias": "WebAuth Browser", "description": "browser based authentication", "providerId": "basic-flow", @@ -8208,7 +8322,7 @@ "authenticator": "auth-cookie", "authenticatorFlow": false, "requirement": "ALTERNATIVE", - "priority": 10, + "priority": 0, "autheticatorFlow": false, "userSetupAllowed": false }, @@ -8216,7 +8330,7 @@ "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", - "priority": 20, + "priority": 1, "autheticatorFlow": false, "userSetupAllowed": false }, @@ -8224,14 +8338,14 @@ "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", - "priority": 25, + "priority": 2, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", - "priority": 30, + "priority": 3, "autheticatorFlow": true, "flowAlias": "WebAuth Browser forms", "userSetupAllowed": false @@ -8239,7 +8353,7 @@ ] }, { - "id": "98520dfb-3e2a-4280-964a-5c6a492fd9e2", + "id": "3fcc23ba-4ca6-48a4-9029-7ca28616980f", "alias": "WebAuth Browser Browser - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -8250,7 +8364,7 @@ "authenticator": "conditional-user-configured", "authenticatorFlow": false, "requirement": "REQUIRED", - "priority": 10, + "priority": 0, "autheticatorFlow": false, "userSetupAllowed": false }, @@ -8258,7 +8372,7 @@ "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "ALTERNATIVE", - "priority": 20, + "priority": 1, "autheticatorFlow": false, "userSetupAllowed": false }, @@ -8266,14 +8380,14 @@ "authenticator": "webauthn-authenticator", "authenticatorFlow": false, "requirement": "REQUIRED", - "priority": 21, + "priority": 2, "autheticatorFlow": false, "userSetupAllowed": false } ] }, { - "id": "b6215c1f-1023-4748-9e9e-ae700573c9ea", + "id": "ddca21ed-8955-4523-b736-d1d702d8f415", "alias": "WebAuth Browser forms", "description": "Username, password, otp and other auth forms.", "providerId": "basic-flow", @@ -8284,14 +8398,14 @@ "authenticator": "auth-username-password-form", "authenticatorFlow": false, "requirement": "REQUIRED", - "priority": 10, + "priority": 0, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", - "priority": 20, + "priority": 1, "autheticatorFlow": true, "flowAlias": "WebAuth Browser Browser - Conditional OTP", "userSetupAllowed": false @@ -8299,7 +8413,7 @@ ] }, { - "id": "d6521692-2a35-4fab-99a0-655393e7be1c", + "id": "adde4bc0-e2d9-4513-8472-8e2f0f0b0ca9", "alias": "browser", "description": "browser based authentication", "providerId": "basic-flow", @@ -8341,7 +8455,7 @@ ] }, { - "id": "c8b74991-78e2-4948-9b71-9cd95692244a", + "id": "5a58b82e-fd7c-4adc-a787-1dc83d1fb43e", "alias": "clients", "description": "Base authentication for clients", "providerId": "client-flow", @@ -8383,7 +8497,7 @@ ] }, { - "id": "6fc680e7-1083-4ae3-993c-18793394c1d8", + "id": "ad9bf369-03b6-4ffc-ad3b-16275bda1f20", "alias": "direct grant", "description": "OpenID Connect Resource Owner Grant", "providerId": "basic-flow", @@ -8417,7 +8531,7 @@ ] }, { - "id": "fcc00603-9695-436a-8173-bad95ae06eb7", + "id": "30540c6a-8fc4-45e8-9a89-3a7b6ebdef65", "alias": "docker auth", "description": "Used by Docker clients to authenticate against the IDP", "providerId": "basic-flow", @@ -8435,7 +8549,7 @@ ] }, { - "id": "5ecaed63-22cf-4937-93a1-e4e03c3f84d3", + "id": "4b990dc9-ceb7-426d-bdad-cef47fce82b1", "alias": "first broker login", "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", "providerId": "basic-flow", @@ -8462,7 +8576,7 @@ ] }, { - "id": "fc1db14a-88b6-4ffd-92bf-ef2aff4b20e4", + "id": "17d1c327-3419-49ce-8cf0-c2b1925da72e", "alias": "forms", "description": "Username, password, otp and other auth forms.", "providerId": "basic-flow", @@ -8488,7 +8602,7 @@ ] }, { - "id": "4e8828db-1033-4383-988c-8a80f5294c8c", + "id": "9739e153-f4cd-4127-8d53-6dd7cb595d9a", "alias": "registration", "description": "registration flow", "providerId": "basic-flow", @@ -8507,7 +8621,7 @@ ] }, { - "id": "5ba3a31b-4969-4b6a-9ade-6b519fd285cb", + "id": "cd4259f7-2b28-4b04-8252-b13dfc00e9dd", "alias": "registration form", "description": "registration form", "providerId": "form-flow", @@ -8541,7 +8655,7 @@ ] }, { - "id": "d182f5b3-f390-4748-bd2b-65d225d27a76", + "id": "9f60c93b-912e-4e2e-9601-125457b3ca6e", "alias": "reset credentials", "description": "Reset credentials for a user if they forgot their password or something", "providerId": "basic-flow", @@ -8583,7 +8697,7 @@ ] }, { - "id": "afd142c8-1d76-4054-bfa3-66c0ad5244b6", + "id": "d76d6584-e2e6-4118-b2cb-0156becb9e46", "alias": "saml ecp", "description": "SAML ECP Profile Authentication Flow", "providerId": "basic-flow", @@ -8603,14 +8717,14 @@ ], "authenticatorConfig": [ { - "id": "54a381ca-598a-4516-bc2c-04aeea23c6cf", + "id": "1ae05e56-d46c-4323-9ae9-70d726ee0f3a", "alias": "create unique user config", "config": { "require.password.update.after.registration": "false" } }, { - "id": "ad18ac62-bb08-478a-8260-0abad5be4c3d", + "id": "cf2f3097-698c-4832-8ef7-239a84a1b2f8", "alias": "review profile config", "config": { "update.profile.on.first.login": "missing" @@ -8672,6 +8786,33 @@ "priority": 60, "config": {} }, + { + "alias": "webauthn-register", + "name": "Webauthn Register", + "providerId": "webauthn-register", + "enabled": true, + "defaultAction": false, + "priority": 70, + "config": {} + }, + { + "alias": "webauthn-register-passwordless", + "name": "Webauthn Register Passwordless", + "providerId": "webauthn-register-passwordless", + "enabled": true, + "defaultAction": false, + "priority": 80, + "config": {} + }, + { + "alias": "delete_credential", + "name": "Delete Credential", + "providerId": "delete_credential", + "enabled": true, + "defaultAction": false, + "priority": 100, + "config": {} + }, { "alias": "update_user_locale", "name": "Update User Locale", @@ -8688,23 +8829,24 @@ "resetCredentialsFlow": "reset credentials", "clientAuthenticationFlow": "clients", "dockerAuthenticationFlow": "docker auth", + "firstBrokerLoginFlow": "first broker login", "attributes": { "cibaBackchannelTokenDeliveryMode": "poll", + "cibaExpiresIn": "120", "cibaAuthRequestedUserHint": "login_hint", - "clientOfflineSessionMaxLifespan": "0", + "oauth2DeviceCodeLifespan": "600", "oauth2DevicePollingInterval": "5", + "clientOfflineSessionMaxLifespan": "0", "clientSessionIdleTimeout": "0", - "userProfileEnabled": "false", + "parRequestUriLifespan": "60", + "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", "cibaInterval": "5", - "realmReusableOtpCode": "false", - "cibaExpiresIn": "120", - "oauth2DeviceCodeLifespan": "600", - "parRequestUriLifespan": "60", - "clientSessionMaxLifespan": "0" + "realmReusableOtpCode": "false" }, - "keycloakVersion": "23.0.7", + "keycloakVersion": "25.0.6", "userManagedAccessAllowed": false, + "organizationsEnabled": false, "clientProfiles": { "profiles": [] }, diff --git a/import/realm-config/generic/catenax-shared/CX-Operator-realm.json b/import/realm-config/generic/catenax-shared/CX-Operator-realm.json index 28b38da0..87e3283e 100644 --- a/import/realm-config/generic/catenax-shared/CX-Operator-realm.json +++ b/import/realm-config/generic/catenax-shared/CX-Operator-realm.json @@ -38,6 +38,7 @@ "editUsernameAllowed": false, "bruteForceProtected": true, "permanentLockout": false, + "maxTemporaryLockouts": 0, "maxFailureWaitSeconds": 900, "minimumQuickLoginWaitSeconds": 60, "waitIncrementSeconds": 60, @@ -47,7 +48,25 @@ "roles": { "realm": [ { - "id": "f9e700c4-3479-4df9-8f66-32d3d0aa402f", + "id": "ebeeeabb-c001-42e3-9f8d-ad4daa1fb84f", + "name": "offline_access", + "description": "${role_offline-access}", + "composite": false, + "clientRole": false, + "containerId": "CX-Operator", + "attributes": {} + }, + { + "id": "5b804047-bf88-449e-979c-01c5f0497ae4", + "name": "uma_authorization", + "description": "${role_uma_authorization}", + "composite": false, + "clientRole": false, + "containerId": "CX-Operator", + "attributes": {} + }, + { + "id": "7654cfd2-ffe4-4ff3-990b-2adc4a7599ba", "name": "default-roles-cx-operator", "description": "${role_default-roles}", "composite": true, @@ -58,120 +77,66 @@ ], "client": { "account": [ - "view-profile", - "manage-account" + "manage-account", + "view-profile" ] } }, "clientRole": false, "containerId": "CX-Operator", "attributes": {} - }, - { - "id": "fd28e000-c7c7-4637-9137-43aab13a4f5b", - "name": "offline_access", - "description": "${role_offline-access}", - "composite": false, - "clientRole": false, - "containerId": "CX-Operator", - "attributes": {} - }, - { - "id": "44683915-2421-4815-ba4a-81ba4af2e700", - "name": "uma_authorization", - "description": "${role_uma_authorization}", - "composite": false, - "clientRole": false, - "containerId": "CX-Operator", - "attributes": {} } ], "client": { "central-idp": [], "realm-management": [ { - "id": "54175197-ae2d-486c-b52a-f1de1772ef8f", - "name": "view-events", - "description": "${role_view-events}", + "id": "c07d9ba0-0a43-40f9-91ac-76cf06dfe404", + "name": "query-clients", + "description": "${role_query-clients}", "composite": false, "clientRole": true, - "containerId": "d4e536b1-c583-49b0-9fe4-39c895f91958", + "containerId": "2d8b7670-4067-4d71-9f4e-8125896adff2", "attributes": {} }, { - "id": "00e3c5bb-6c52-40de-8c2b-fcce4090b3fc", - "name": "manage-clients", - "description": "${role_manage-clients}", + "id": "311713ce-694e-4db5-b2e9-b6ee41dad4c2", + "name": "manage-authorization", + "description": "${role_manage-authorization}", "composite": false, "clientRole": true, - "containerId": "d4e536b1-c583-49b0-9fe4-39c895f91958", + "containerId": "2d8b7670-4067-4d71-9f4e-8125896adff2", "attributes": {} }, { - "id": "de03316f-e10e-4261-9914-49b6b66f4159", - "name": "view-identity-providers", - "description": "${role_view-identity-providers}", + "id": "9980cff7-40d9-4cf4-b621-25a602361594", + "name": "view-events", + "description": "${role_view-events}", "composite": false, "clientRole": true, - "containerId": "d4e536b1-c583-49b0-9fe4-39c895f91958", + "containerId": "2d8b7670-4067-4d71-9f4e-8125896adff2", "attributes": {} }, { - "id": "0ac296ac-bf3d-461f-96e6-cd0fcce4b97f", + "id": "3cc06fe9-8cb0-4f60-99b3-7a7c58d38e49", "name": "impersonation", "description": "${role_impersonation}", "composite": false, "clientRole": true, - "containerId": "d4e536b1-c583-49b0-9fe4-39c895f91958", + "containerId": "2d8b7670-4067-4d71-9f4e-8125896adff2", "attributes": {} }, { - "id": "ca00badd-aeca-4378-aab2-6f133972f3c4", - "name": "query-groups", - "description": "${role_query-groups}", - "composite": false, - "clientRole": true, - "containerId": "d4e536b1-c583-49b0-9fe4-39c895f91958", - "attributes": {} - }, - { - "id": "85556a10-4077-4929-8fa8-eb910cbcd39a", - "name": "query-realms", - "description": "${role_query-realms}", - "composite": false, - "clientRole": true, - "containerId": "d4e536b1-c583-49b0-9fe4-39c895f91958", - "attributes": {} - }, - { - "id": "d5fc862f-243c-4cf4-86b9-c269c0a6cf18", - "name": "manage-users", - "description": "${role_manage-users}", - "composite": false, - "clientRole": true, - "containerId": "d4e536b1-c583-49b0-9fe4-39c895f91958", - "attributes": {} - }, - { - "id": "4fba3f08-7718-4dbd-8eae-ec72ac38b4dd", - "name": "query-clients", - "description": "${role_query-clients}", - "composite": false, - "clientRole": true, - "containerId": "d4e536b1-c583-49b0-9fe4-39c895f91958", - "attributes": {} - }, - { - "id": "23a20fb4-0ea9-4f7f-8540-fcf9f7aaa030", - "name": "query-users", - "description": "${role_query-users}", + "id": "a49d666e-f209-4626-8181-fff482206ea8", + "name": "manage-realm", + "description": "${role_manage-realm}", "composite": false, "clientRole": true, - "containerId": "d4e536b1-c583-49b0-9fe4-39c895f91958", + "containerId": "2d8b7670-4067-4d71-9f4e-8125896adff2", "attributes": {} }, { - "id": "f4b36def-8935-466c-986e-230cf8e74816", + "id": "4c89988f-dc0b-4416-a7e6-1d058ccb3fb8", "name": "view-clients", "description": "${role_view-clients}", "composite": true, @@ -183,120 +148,156 @@ } }, "clientRole": true, - "containerId": "d4e536b1-c583-49b0-9fe4-39c895f91958", + "containerId": "2d8b7670-4067-4d71-9f4e-8125896adff2", "attributes": {} }, { - "id": "3075363d-78e1-45fc-aeaf-1c6f0202346a", - "name": "realm-admin", - "description": "${role_realm-admin}", + "id": "cba77e80-6297-402a-b9ef-0605b5d7b208", + "name": "view-identity-providers", + "description": "${role_view-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "2d8b7670-4067-4d71-9f4e-8125896adff2", + "attributes": {} + }, + { + "id": "4ccac8a9-b78e-4284-b9b9-ed853367488e", + "name": "view-users", + "description": "${role_view-users}", "composite": true, "composites": { "client": { "realm-management": [ - "view-events", - "manage-clients", - "view-identity-providers", - "impersonation", - "query-groups", - "query-realms", - "manage-users", - "query-clients", "query-users", - "view-clients", - "manage-authorization", - "create-client", - "manage-identity-providers", - "view-users", - "manage-events", - "manage-realm", - "view-realm", - "view-authorization" + "query-groups" ] } }, "clientRole": true, - "containerId": "d4e536b1-c583-49b0-9fe4-39c895f91958", + "containerId": "2d8b7670-4067-4d71-9f4e-8125896adff2", "attributes": {} }, { - "id": "e1f16553-28d3-42db-99c7-e6204246a2c1", - "name": "manage-authorization", - "description": "${role_manage-authorization}", + "id": "8e9e4408-0b80-4d92-a7c2-875fdb7ac47e", + "name": "view-realm", + "description": "${role_view-realm}", "composite": false, "clientRole": true, - "containerId": "d4e536b1-c583-49b0-9fe4-39c895f91958", + "containerId": "2d8b7670-4067-4d71-9f4e-8125896adff2", "attributes": {} }, { - "id": "8a140563-d3d7-4cbb-a023-ac2ccf444158", + "id": "ddf689dd-89bc-432e-9398-0ba48432606b", "name": "create-client", "description": "${role_create-client}", "composite": false, "clientRole": true, - "containerId": "d4e536b1-c583-49b0-9fe4-39c895f91958", + "containerId": "2d8b7670-4067-4d71-9f4e-8125896adff2", "attributes": {} }, { - "id": "e8622ce0-182b-4c04-ba25-8ed5c50d0683", + "id": "c0404c22-91f6-41d3-8bf4-2623bb132bf1", "name": "manage-identity-providers", "description": "${role_manage-identity-providers}", "composite": false, "clientRole": true, - "containerId": "d4e536b1-c583-49b0-9fe4-39c895f91958", + "containerId": "2d8b7670-4067-4d71-9f4e-8125896adff2", "attributes": {} }, { - "id": "0435d9b3-43a6-4b44-a661-2c7381e88ad7", - "name": "view-users", - "description": "${role_view-users}", + "id": "23caca41-4c57-4afe-b50a-bef6ceafec6f", + "name": "realm-admin", + "description": "${role_realm-admin}", "composite": true, "composites": { "client": { "realm-management": [ + "query-clients", + "manage-authorization", + "view-events", + "impersonation", + "view-clients", + "manage-realm", + "view-identity-providers", + "view-users", + "view-realm", + "create-client", + "manage-identity-providers", + "manage-events", + "query-users", + "query-realms", + "manage-clients", "query-groups", - "query-users" + "view-authorization", + "manage-users" ] } }, "clientRole": true, - "containerId": "d4e536b1-c583-49b0-9fe4-39c895f91958", + "containerId": "2d8b7670-4067-4d71-9f4e-8125896adff2", "attributes": {} }, { - "id": "320ceb6f-8744-4fa7-9d1b-32c8a9f0ffc6", + "id": "1b32b294-8698-4b0b-ba9b-d1d85396f3fc", "name": "manage-events", "description": "${role_manage-events}", "composite": false, "clientRole": true, - "containerId": "d4e536b1-c583-49b0-9fe4-39c895f91958", + "containerId": "2d8b7670-4067-4d71-9f4e-8125896adff2", "attributes": {} }, { - "id": "09370612-e580-4ab5-8827-5ed0e7faa0bb", - "name": "manage-realm", - "description": "${role_manage-realm}", + "id": "b0b55834-6f22-48ce-bb66-16ed081ab79b", + "name": "query-users", + "description": "${role_query-users}", "composite": false, "clientRole": true, - "containerId": "d4e536b1-c583-49b0-9fe4-39c895f91958", + "containerId": "2d8b7670-4067-4d71-9f4e-8125896adff2", "attributes": {} }, { - "id": "1846e5e3-6823-4ff5-9026-1751f159069a", - "name": "view-realm", - "description": "${role_view-realm}", + "id": "df4b1e8d-99d0-4e60-86db-d7467f664b72", + "name": "query-realms", + "description": "${role_query-realms}", + "composite": false, + "clientRole": true, + "containerId": "2d8b7670-4067-4d71-9f4e-8125896adff2", + "attributes": {} + }, + { + "id": "098322a8-fbc8-44d0-84da-63b6bc78736c", + "name": "manage-clients", + "description": "${role_manage-clients}", + "composite": false, + "clientRole": true, + "containerId": "2d8b7670-4067-4d71-9f4e-8125896adff2", + "attributes": {} + }, + { + "id": "2b023ea4-b953-48a9-bf4e-fd61daf9fae0", + "name": "query-groups", + "description": "${role_query-groups}", "composite": false, "clientRole": true, - "containerId": "d4e536b1-c583-49b0-9fe4-39c895f91958", + "containerId": "2d8b7670-4067-4d71-9f4e-8125896adff2", "attributes": {} }, { - "id": "a8063557-4d74-435b-ab1e-2ba52c5308f8", + "id": "254081a2-d91b-4c92-a725-f1c3bcd60e31", "name": "view-authorization", "description": "${role_view-authorization}", "composite": false, "clientRole": true, - "containerId": "d4e536b1-c583-49b0-9fe4-39c895f91958", + "containerId": "2d8b7670-4067-4d71-9f4e-8125896adff2", + "attributes": {} + }, + { + "id": "c4b8c8f5-022a-4945-b5df-2ee7810aec5f", + "name": "manage-users", + "description": "${role_manage-users}", + "composite": false, + "clientRole": true, + "containerId": "2d8b7670-4067-4d71-9f4e-8125896adff2", "attributes": {} } ], @@ -305,27 +306,27 @@ "account-console": [], "broker": [ { - "id": "62ca4922-3ea7-42c0-86b5-227149277c34", + "id": "2d4f2b41-1284-4a2d-9a8f-41c400604177", "name": "read-token", "description": "${role_read-token}", "composite": false, "clientRole": true, - "containerId": "be1cf7e1-0270-41d1-9ce3-f9ed840fd432", + "containerId": "dce6fe4e-c4dd-4140-b49e-d5e81158b766", "attributes": {} } ], "account": [ { - "id": "ff99d820-6dff-49f0-b831-ce7fe6801b42", - "name": "view-profile", - "description": "${role_view-profile}", + "id": "a37b2652-f20a-493b-90f1-c2fe8a1664c4", + "name": "delete-account", + "description": "${role_delete-account}", "composite": false, "clientRole": true, - "containerId": "d5894718-53cc-4aec-9bd9-102fcbd191b3", + "containerId": "7f197ef3-fe78-4a4b-824d-a7af9d3ad0fe", "attributes": {} }, { - "id": "fb06b072-0737-4fe4-84dd-bca8d32d4550", + "id": "c0dc9b26-5d49-48bf-a7d2-d6a850ab74fb", "name": "manage-account", "description": "${role_manage-account}", "composite": true, @@ -337,38 +338,56 @@ } }, "clientRole": true, - "containerId": "d5894718-53cc-4aec-9bd9-102fcbd191b3", + "containerId": "7f197ef3-fe78-4a4b-824d-a7af9d3ad0fe", "attributes": {} }, { - "id": "bbbe2dd8-5c93-4885-8b0a-7e227d2f861d", - "name": "view-applications", - "description": "${role_view-applications}", + "id": "1c5af82d-8570-47d2-89d8-580b5f68fa80", + "name": "view-groups", + "description": "${role_view-groups}", "composite": false, "clientRole": true, - "containerId": "d5894718-53cc-4aec-9bd9-102fcbd191b3", + "containerId": "7f197ef3-fe78-4a4b-824d-a7af9d3ad0fe", "attributes": {} }, { - "id": "cd0cf14c-0739-4da9-9283-98c8a7739c97", + "id": "8cd38034-cafb-40f4-8c3e-14f5cc839ffc", "name": "manage-account-links", "description": "${role_manage-account-links}", "composite": false, "clientRole": true, - "containerId": "d5894718-53cc-4aec-9bd9-102fcbd191b3", + "containerId": "7f197ef3-fe78-4a4b-824d-a7af9d3ad0fe", "attributes": {} }, { - "id": "91d84ea1-42af-48c9-ab3d-b160c423120d", + "id": "88c93576-2d88-499b-91d1-42c7c273435a", "name": "view-consent", "description": "${role_view-consent}", "composite": false, "clientRole": true, - "containerId": "d5894718-53cc-4aec-9bd9-102fcbd191b3", + "containerId": "7f197ef3-fe78-4a4b-824d-a7af9d3ad0fe", + "attributes": {} + }, + { + "id": "c7253753-94a6-49e6-86e2-981d29a0cfd8", + "name": "view-applications", + "description": "${role_view-applications}", + "composite": false, + "clientRole": true, + "containerId": "7f197ef3-fe78-4a4b-824d-a7af9d3ad0fe", + "attributes": {} + }, + { + "id": "66a814c6-b6b3-4ea8-b384-cb5c85a880a1", + "name": "view-profile", + "description": "${role_view-profile}", + "composite": false, + "clientRole": true, + "containerId": "7f197ef3-fe78-4a4b-824d-a7af9d3ad0fe", "attributes": {} }, { - "id": "c61934bc-75a9-48b6-b37f-131c72b8ac37", + "id": "4c7a24a3-ba8f-43e3-a696-834fc0972136", "name": "manage-consent", "description": "${role_manage-consent}", "composite": true, @@ -380,25 +399,7 @@ } }, "clientRole": true, - "containerId": "d5894718-53cc-4aec-9bd9-102fcbd191b3", - "attributes": {} - }, - { - "id": "494cdeb4-6193-410e-bc20-0547b2377ab6", - "name": "view-groups", - "description": "${role_view-groups}", - "composite": false, - "clientRole": true, - "containerId": "d5894718-53cc-4aec-9bd9-102fcbd191b3", - "attributes": {} - }, - { - "id": "0e19abe7-b5aa-48ae-b5ef-f589fefff5db", - "name": "delete-account", - "description": "${role_delete-account}", - "composite": false, - "clientRole": true, - "containerId": "d5894718-53cc-4aec-9bd9-102fcbd191b3", + "containerId": "7f197ef3-fe78-4a4b-824d-a7af9d3ad0fe", "attributes": {} } ] @@ -406,7 +407,7 @@ }, "groups": [], "defaultRole": { - "id": "f9e700c4-3479-4df9-8f66-32d3d0aa402f", + "id": "7654cfd2-ffe4-4ff3-990b-2adc4a7599ba", "name": "default-roles-cx-operator", "description": "${role_default-roles}", "composite": true, @@ -425,10 +426,11 @@ "otpPolicyPeriod": 30, "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "totpAppGoogleName", "totpAppFreeOTPName", + "totpAppGoogleName", "totpAppMicrosoftAuthenticatorName" ], + "localizationTexts": {}, "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ "ES256" @@ -441,6 +443,7 @@ "webAuthnPolicyCreateTimeout": 0, "webAuthnPolicyAvoidSameAuthenticatorRegister": false, "webAuthnPolicyAcceptableAaguids": [], + "webAuthnPolicyExtraOrigins": [], "webAuthnPolicyPasswordlessRpEntityName": "keycloak", "webAuthnPolicyPasswordlessSignatureAlgorithms": [ "ES256" @@ -453,6 +456,7 @@ "webAuthnPolicyPasswordlessCreateTimeout": 0, "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, "webAuthnPolicyPasswordlessAcceptableAaguids": [], + "webAuthnPolicyPasswordlessExtraOrigins": [], "scopeMappings": [ { "clientScope": "offline_access", @@ -474,7 +478,7 @@ }, "clients": [ { - "id": "d5894718-53cc-4aec-9bd9-102fcbd191b3", + "id": "7f197ef3-fe78-4a4b-824d-a7af9d3ad0fe", "clientId": "account", "name": "${client_account}", "rootUrl": "${authBaseUrl}", @@ -505,8 +509,9 @@ "nodeReRegistrationTimeout": 0, "defaultClientScopes": [ "web-origins", - "roles", "profile", + "roles", + "basic", "email" ], "optionalClientScopes": [ @@ -517,7 +522,7 @@ ] }, { - "id": "586494f5-d21b-4dc9-b618-ae6dde896a59", + "id": "7e42c908-0636-448c-ab8a-2e1db1bea870", "clientId": "account-console", "name": "${client_account-console}", "rootUrl": "${authBaseUrl}", @@ -549,7 +554,7 @@ "nodeReRegistrationTimeout": 0, "protocolMappers": [ { - "id": "3dd58884-4647-477e-a7ef-1b299aa2a26c", + "id": "5b277f30-6945-4834-906b-a3aa83e9b369", "name": "audience resolve", "protocol": "openid-connect", "protocolMapper": "oidc-audience-resolve-mapper", @@ -559,8 +564,9 @@ ], "defaultClientScopes": [ "web-origins", - "roles", "profile", + "roles", + "basic", "email" ], "optionalClientScopes": [ @@ -571,7 +577,7 @@ ] }, { - "id": "793217d8-80d5-46ec-9507-aca5a8dbdfbc", + "id": "0d5f7f59-4931-4786-8684-1c4f72d908b0", "clientId": "admin-cli", "name": "${client_admin-cli}", "surrogateAuthRequired": false, @@ -598,8 +604,9 @@ "nodeReRegistrationTimeout": 0, "defaultClientScopes": [ "web-origins", - "roles", "profile", + "roles", + "basic", "email" ], "optionalClientScopes": [ @@ -610,7 +617,7 @@ ] }, { - "id": "be1cf7e1-0270-41d1-9ce3-f9ed840fd432", + "id": "dce6fe4e-c4dd-4140-b49e-d5e81158b766", "clientId": "broker", "name": "${client_broker}", "surrogateAuthRequired": false, @@ -637,8 +644,8 @@ "nodeReRegistrationTimeout": 0, "defaultClientScopes": [ "web-origins", - "roles", "profile", + "roles", "email" ], "optionalClientScopes": [ @@ -649,7 +656,7 @@ ] }, { - "id": "e01bbf6a-966b-4a04-91cc-1be54398d023", + "id": "e3363830-9f2c-4ba6-aa84-5f8742b86ac8", "clientId": "central-idp", "surrogateAuthRequired": false, "enabled": true, @@ -687,6 +694,7 @@ "web-origins", "roles", "profile", + "basic", "email" ], "optionalClientScopes": [ @@ -697,7 +705,7 @@ ] }, { - "id": "d4e536b1-c583-49b0-9fe4-39c895f91958", + "id": "2d8b7670-4067-4d71-9f4e-8125896adff2", "clientId": "realm-management", "name": "${client_realm-management}", "surrogateAuthRequired": false, @@ -724,8 +732,8 @@ "nodeReRegistrationTimeout": 0, "defaultClientScopes": [ "web-origins", - "roles", "profile", + "roles", "email" ], "optionalClientScopes": [ @@ -736,7 +744,7 @@ ] }, { - "id": "5d4be671-a85b-4102-91c0-3d444e9549bb", + "id": "ab8f713f-7042-4451-961b-46803790a424", "clientId": "security-admin-console", "name": "${client_security-admin-console}", "rootUrl": "${authAdminUrl}", @@ -770,25 +778,26 @@ "nodeReRegistrationTimeout": 0, "protocolMappers": [ { - "id": "2f451e93-4f2f-450a-acb0-6b170c9158a3", + "id": "df95e97b-93a1-424c-abe6-04aeda0d5720", "name": "locale", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", "user.attribute": "locale", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "locale", - "jsonType.label": "String" + "jsonType.label": "String", + "userinfo.token.claim": "true" } } ], "defaultClientScopes": [ "web-origins", - "roles", "profile", + "roles", + "basic", "email" ], "optionalClientScopes": [ @@ -801,7 +810,7 @@ ], "clientScopes": [ { - "id": "362f247c-98b6-4577-9fdf-58e9b8b02ff1", + "id": "1ef619d3-7119-4a13-b497-4bed5dc25a28", "name": "microprofile-jwt", "description": "Microprofile - JWT built-in scope", "protocol": "openid-connect", @@ -811,7 +820,7 @@ }, "protocolMappers": [ { - "id": "85d44bfa-e5ae-4982-af15-1557b52e9fec", + "id": "d4a7027f-9473-4c80-88e7-10f1903eaf33", "name": "groups", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-realm-role-mapper", @@ -827,379 +836,411 @@ } }, { - "id": "c073d69f-8ff1-4f66-8108-1da31b9a01ca", + "id": "86c46289-33a6-4ce4-b1d3-6c1171c53a9f", "name": "upn", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", "user.attribute": "username", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "upn", - "jsonType.label": "String" + "jsonType.label": "String", + "userinfo.token.claim": "true" } } ] }, { - "id": "ea162d29-da0d-4caa-8210-122ea067481b", - "name": "roles", - "description": "OpenID Connect scope for add user roles to the access token", + "id": "6a7b7170-8730-4263-968e-ed74bf3a8579", + "name": "email", + "description": "OpenID Connect built-in scope: email", "protocol": "openid-connect", "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "true", - "consent.screen.text": "${rolesScopeConsentText}" + "include.in.token.scope": "true", + "consent.screen.text": "${emailScopeConsentText}", + "display.on.consent.screen": "true" }, "protocolMappers": [ { - "id": "ec42fa8f-1393-41be-ba33-377b8dd0246f", - "name": "realm roles", + "id": "0f877855-04e2-4a8f-9589-59cbebadcb47", + "name": "email", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", + "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { - "user.attribute": "foo", + "user.attribute": "email", + "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "realm_access.roles", + "claim.name": "email", "jsonType.label": "String", - "multivalued": "true" + "userinfo.token.claim": "true" } }, { - "id": "0ab73adc-4dd1-4a32-abe2-12093cd10b43", - "name": "audience resolve", + "id": "60f1430a-3892-4363-adc8-746a97765b4f", + "name": "email verified", "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", + "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, - "config": {} - }, + "config": { + "user.attribute": "emailVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email_verified", + "jsonType.label": "boolean", + "userinfo.token.claim": "true" + } + } + ] + }, + { + "id": "776c4012-ef7a-4be5-b4b6-50749c7f0703", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ { - "id": "4cb009ee-b9e9-4d10-b5b5-3ccce89d12c0", - "name": "client roles", + "id": "3f95c8f9-8069-441b-a411-4e98bfe408c2", + "name": "acr loa level", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-client-role-mapper", + "protocolMapper": "oidc-acr-mapper", "consentRequired": false, "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "resource_access.${client_id}.roles", - "jsonType.label": "String", - "multivalued": "true" + "id.token.claim": "true", + "access.token.claim": "true" } } ] }, { - "id": "fe93e386-dcff-4871-b6f3-d37906ab0d43", - "name": "email", - "description": "OpenID Connect built-in scope: email", + "id": "995581a5-e473-40e3-b67c-66328645d852", + "name": "basic", + "description": "OpenID Connect scope for add all basic claims to the token", "protocol": "openid-connect", "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${emailScopeConsentText}" + "include.in.token.scope": "false", + "display.on.consent.screen": "false" }, "protocolMappers": [ { - "id": "870e4c2e-83fe-4ea6-bf70-24627de5cbd9", - "name": "email", + "id": "45b070ad-e22c-45d6-a5f1-f2d3ddefbe5b", + "name": "sub", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", + "protocolMapper": "oidc-sub-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", - "user.attribute": "email", + "introspection.token.claim": "true", + "access.token.claim": "true" + } + }, + { + "id": "e7a71afe-f374-4ff6-8bbd-30273eeb706b", + "name": "auth_time", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "AUTH_TIME", "id.token.claim": "true", + "introspection.token.claim": "true", "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" + "claim.name": "auth_time", + "jsonType.label": "long" } - }, + } + ] + }, + { + "id": "8cea38ce-a737-483f-8d81-cb3540ed6f2f", + "name": "role_list", + "description": "SAML role list", + "protocol": "saml", + "attributes": { + "consent.screen.text": "${samlRoleListScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ { - "id": "b504ae92-cf77-40d0-853f-3f7521c45c73", - "name": "email verified", + "id": "c349b6fa-7f47-4af9-8fcf-c36474807c73", + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", + "consentRequired": false, + "config": { + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" + } + } + ] + }, + { + "id": "5e2d54a0-c663-4206-a714-746445fef636", + "name": "address", + "description": "OpenID Connect built-in scope: address", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "consent.screen.text": "${addressScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "a9197743-3d02-420b-8605-b6004c768d6c", + "name": "address", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", + "protocolMapper": "oidc-address-mapper", "consentRequired": false, "config": { + "user.attribute.country": "country", + "user.attribute.postal_code": "postal_code", "userinfo.token.claim": "true", - "user.attribute": "emailVerified", + "user.attribute.street": "street", "id.token.claim": "true", + "user.attribute.region": "region", "access.token.claim": "true", - "claim.name": "email_verified", - "jsonType.label": "boolean" + "user.attribute.locality": "locality" } } ] }, { - "id": "60891e8b-ce9f-475c-b6ae-8d3ce862c43a", + "id": "fb17c354-b0d8-47f4-b418-e9617f9795f0", "name": "phone", "description": "OpenID Connect built-in scope: phone", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${phoneScopeConsentText}" + "consent.screen.text": "${phoneScopeConsentText}", + "display.on.consent.screen": "true" }, "protocolMappers": [ { - "id": "78ee36f2-b876-4e61-a821-19a41ae70fd9", + "id": "bdc54f4e-ca14-4df3-94f8-bb87fee686c2", "name": "phone number", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", "user.attribute": "phoneNumber", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "phone_number", - "jsonType.label": "String" + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { - "id": "e4402c22-40ad-4be3-a3b5-567baffdcb8c", + "id": "ba6f0602-df8f-40b9-a619-9a8c61231e99", "name": "phone number verified", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", "user.attribute": "phoneNumberVerified", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "phone_number_verified", - "jsonType.label": "boolean" + "jsonType.label": "boolean", + "userinfo.token.claim": "true" } } ] }, { - "id": "56f5418e-2b15-4f99-a54f-746b27ffa788", - "name": "web-origins", - "description": "OpenID Connect scope for add allowed web origins to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "false", - "consent.screen.text": "" - }, - "protocolMappers": [ - { - "id": "023fc147-52ae-4ea9-b106-d713d4625f48", - "name": "allowed web origins", - "protocol": "openid-connect", - "protocolMapper": "oidc-allowed-origins-mapper", - "consentRequired": false, - "config": {} - } - ] - }, - { - "id": "e3617a84-1cc3-4a5d-a6ef-f44d823a86b6", - "name": "acr", - "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "id": "e34d4d51-0fcd-48ef-ab88-8657ec2d942a", + "name": "offline_access", + "description": "OpenID Connect built-in scope: offline_access", "protocol": "openid-connect", "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ - { - "id": "1c46faaa-c4c9-439b-bf07-55199453e9d1", - "name": "acr loa level", - "protocol": "openid-connect", - "protocolMapper": "oidc-acr-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true" - } - } - ] + "consent.screen.text": "${offlineAccessScopeConsentText}", + "display.on.consent.screen": "true" + } }, { - "id": "d63e6bfd-63b3-4853-9f80-8c8bb6a5b95b", + "id": "5d7c41ac-1861-4b1a-8681-faf555563975", "name": "profile", "description": "OpenID Connect built-in scope: profile", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${profileScopeConsentText}" + "consent.screen.text": "${profileScopeConsentText}", + "display.on.consent.screen": "true" }, "protocolMappers": [ { - "id": "7550baf2-3541-46cc-827d-452328409445", - "name": "birthdate", + "id": "db85c992-b411-4338-956d-5ac97622c328", + "name": "username", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", - "user.attribute": "birthdate", + "user.attribute": "username", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "birthdate", - "jsonType.label": "String" + "claim.name": "preferred_username", + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { - "id": "5c617319-cb7e-4925-bd25-5ed43f9681e0", - "name": "website", + "id": "924e5307-be2e-4224-a32c-2147812bd4cc", + "name": "zoneinfo", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", - "user.attribute": "website", + "user.attribute": "zoneinfo", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "website", - "jsonType.label": "String" + "claim.name": "zoneinfo", + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { - "id": "1d8185f2-3051-4f6e-a6c7-3be7569883e4", - "name": "family name", + "id": "9473bc06-7488-4a0b-8336-0306f45710a3", + "name": "middle name", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", - "user.attribute": "lastName", + "user.attribute": "middleName", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" + "claim.name": "middle_name", + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { - "id": "b01c009c-28bb-405e-bdba-0a7e0d819663", - "name": "given name", + "id": "fbcb5ec5-d0f7-4b65-a898-63d51a023da5", + "name": "nickname", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", - "user.attribute": "firstName", + "user.attribute": "nickname", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" + "claim.name": "nickname", + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { - "id": "525eee5e-159b-4365-b5b6-4b95e98a48f2", - "name": "profile", + "id": "09858cbe-627f-4e62-acad-ec6fc665751c", + "name": "website", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", - "user.attribute": "profile", + "user.attribute": "website", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "profile", - "jsonType.label": "String" + "claim.name": "website", + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { - "id": "3bfec154-789d-43e1-b9d1-eabadc087ec0", - "name": "middle name", + "id": "8d86d725-fd06-4172-bfef-24c568216ed2", + "name": "birthdate", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", - "user.attribute": "middleName", + "user.attribute": "birthdate", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "middle_name", - "jsonType.label": "String" + "claim.name": "birthdate", + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { - "id": "e926db58-7353-4562-ac69-feb767ff9a45", - "name": "zoneinfo", + "id": "2b50cc9e-03f4-4b16-9cff-92ec95a890fa", + "name": "family name", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", - "user.attribute": "zoneinfo", + "user.attribute": "lastName", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "zoneinfo", - "jsonType.label": "String" + "claim.name": "family_name", + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { - "id": "b742dd79-d660-4d89-b45b-c5a803b64baa", - "name": "locale", + "id": "fefbfbee-e118-4585-ac32-ab2578129f85", + "name": "gender", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", + "user.attribute": "gender", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" + "claim.name": "gender", + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { - "id": "ba11b750-af17-4bd9-a418-8c2c2a39146f", - "name": "updated at", + "id": "08a2d956-42d8-4f21-9a0d-8089dbf9c6d2", + "name": "given name", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", - "user.attribute": "updatedAt", + "user.attribute": "firstName", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "updated_at", - "jsonType.label": "String" + "claim.name": "given_name", + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { - "id": "9532afdc-0222-4e79-b09f-c4d8c3c2a9ae", - "name": "username", + "id": "bcbe6735-6c03-4819-8c90-c13638d59c34", + "name": "profile", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", + "user.attribute": "profile", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" + "claim.name": "profile", + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { - "id": "5777b34c-7bd8-4148-8851-209fc716556d", - "name": "picture", + "id": "84a611d0-3729-49dc-92a6-0c369af08538", + "name": "updated at", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", - "user.attribute": "picture", + "user.attribute": "updatedAt", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "picture", - "jsonType.label": "String" + "claim.name": "updated_at", + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { - "id": "7e11dcd2-0f73-4445-bda9-fff2a021a386", + "id": "400b0682-ce63-4593-affd-e0813a62110d", "name": "full name", "protocol": "openid-connect", "protocolMapper": "oidc-full-name-mapper", @@ -1211,101 +1252,106 @@ } }, { - "id": "c82ce218-3c8d-4539-a746-c66f0a1887f6", - "name": "nickname", + "id": "d630f7d8-ac82-425e-8f00-b8d784a3006f", + "name": "picture", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", - "user.attribute": "nickname", + "user.attribute": "picture", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "nickname", - "jsonType.label": "String" + "claim.name": "picture", + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { - "id": "05608ade-80a4-4684-a020-6135ca6b39c7", - "name": "gender", + "id": "e057ea10-9f8b-4737-bd58-a5485a848393", + "name": "locale", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", - "user.attribute": "gender", + "user.attribute": "locale", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "gender", - "jsonType.label": "String" + "claim.name": "locale", + "jsonType.label": "String", + "userinfo.token.claim": "true" } } ] }, { - "id": "f8a41bb2-8aae-4c7f-bca0-d241b1571896", - "name": "address", - "description": "OpenID Connect built-in scope: address", + "id": "09a7f414-e791-4151-923c-176547570434", + "name": "web-origins", + "description": "OpenID Connect scope for add allowed web origins to the access token", "protocol": "openid-connect", "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${addressScopeConsentText}" + "include.in.token.scope": "false", + "consent.screen.text": "", + "display.on.consent.screen": "false" }, "protocolMappers": [ { - "id": "df21b649-0b05-4ba1-b0fa-0b3729af5b59", - "name": "address", + "id": "66e53331-de27-4a97-87f8-22d7464cbb53", + "name": "allowed web origins", "protocol": "openid-connect", - "protocolMapper": "oidc-address-mapper", + "protocolMapper": "oidc-allowed-origins-mapper", "consentRequired": false, - "config": { - "user.attribute.formatted": "formatted", - "user.attribute.country": "country", - "user.attribute.postal_code": "postal_code", - "userinfo.token.claim": "true", - "user.attribute.street": "street", - "id.token.claim": "true", - "user.attribute.region": "region", - "access.token.claim": "true", - "user.attribute.locality": "locality" - } + "config": {} } ] }, { - "id": "38880d3f-296c-496c-bf6e-010c83d1243b", - "name": "role_list", - "description": "SAML role list", - "protocol": "saml", + "id": "ca8e8026-a245-4489-acd4-e8dd7a58b709", + "name": "roles", + "description": "OpenID Connect scope for add user roles to the access token", + "protocol": "openid-connect", "attributes": { - "consent.screen.text": "${samlRoleListScopeConsentText}", + "include.in.token.scope": "false", + "consent.screen.text": "${rolesScopeConsentText}", "display.on.consent.screen": "true" }, "protocolMappers": [ { - "id": "df3cbe76-8bc8-4d47-a17b-4ea5fdf1e70f", - "name": "role list", - "protocol": "saml", - "protocolMapper": "saml-role-list-mapper", + "id": "e2e0819e-2c3d-4801-8c0e-0bbc1a275b65", + "name": "client roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-client-role-mapper", "consentRequired": false, "config": { - "single": "false", - "attribute.nameformat": "Basic", - "attribute.name": "Role" + "user.attribute": "foo", + "access.token.claim": "true", + "claim.name": "resource_access.${client_id}.roles", + "jsonType.label": "String", + "multivalued": "true" + } + }, + { + "id": "152df526-5e3c-4d45-ab97-0c82931f0446", + "name": "realm roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "user.attribute": "foo", + "access.token.claim": "true", + "claim.name": "realm_access.roles", + "jsonType.label": "String", + "multivalued": "true" } + }, + { + "id": "ac283686-ec65-4e0d-8144-5b3e26b8a03d", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": {} } ] - }, - { - "id": "e2d302a0-1df7-4dae-9128-a1d5d9a6c160", - "name": "offline_access", - "description": "OpenID Connect built-in scope: offline_access", - "protocol": "openid-connect", - "attributes": { - "consent.screen.text": "${offlineAccessScopeConsentText}", - "display.on.consent.screen": "true" - } } ], "defaultDefaultClientScopes": [ @@ -1314,7 +1360,8 @@ "email", "roles", "web-origins", - "acr" + "acr", + "basic" ], "defaultOptionalClientScopes": [ "offline_access", @@ -1325,7 +1372,6 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", - "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -1355,26 +1401,34 @@ "components": { "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ { - "id": "e9eefa38-4c5f-4afb-bf8b-70f36d4d3180", + "id": "33fd2e40-9d31-4419-8bb2-6a886afaf898", + "name": "Consent Required", + "providerId": "consent-required", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "0011e3aa-ad59-42cf-ba51-7fb8b7e0baee", "name": "Allowed Protocol Mapper Types", "providerId": "allowed-protocol-mappers", - "subType": "anonymous", + "subType": "authenticated", "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-sha256-pairwise-sub-mapper", - "oidc-full-name-mapper", - "oidc-usermodel-attribute-mapper", "saml-role-list-mapper", - "saml-user-attribute-mapper", - "oidc-usermodel-property-mapper", + "oidc-full-name-mapper", "oidc-address-mapper", - "saml-user-property-mapper" + "oidc-sha256-pairwise-sub-mapper", + "saml-user-property-mapper", + "saml-user-attribute-mapper", + "oidc-usermodel-attribute-mapper", + "oidc-usermodel-property-mapper" ] } }, { - "id": "d159b35a-dab0-4f35-a1c6-4403db711c60", + "id": "9410fd46-8281-43e0-99d7-fbc84a19b816", "name": "Allowed Client Scopes", "providerId": "allowed-client-templates", "subType": "authenticated", @@ -1386,7 +1440,27 @@ } }, { - "id": "f0681c21-2cd2-4860-9bde-e73b2a2adb14", + "id": "acb17500-ac28-441a-b6e0-66b2b8183d57", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "c1ebf8d5-fb73-431c-b6d0-214b568790a5", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } + }, + { + "id": "86dd7f44-9200-4caa-83c7-af9ae486b5df", "name": "Trusted Hosts", "providerId": "trusted-hosts", "subType": "anonymous", @@ -1401,68 +1475,77 @@ } }, { - "id": "4cc22082-1d2a-4f91-bc0f-c7dccb010ef3", + "id": "e5ebf176-5640-46a6-8892-7c4bf7b38f0a", + "name": "Max Clients Limit", + "providerId": "max-clients", + "subType": "anonymous", + "subComponents": {}, + "config": { + "max-clients": [ + "200" + ] + } + }, + { + "id": "5c0f187c-99b0-4add-b65d-cf748fcd82c1", "name": "Allowed Protocol Mapper Types", "providerId": "allowed-protocol-mappers", - "subType": "authenticated", + "subType": "anonymous", "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "saml-user-attribute-mapper", - "oidc-full-name-mapper", "saml-user-property-mapper", - "oidc-usermodel-property-mapper", + "oidc-full-name-mapper", "oidc-sha256-pairwise-sub-mapper", + "saml-role-list-mapper", "oidc-address-mapper", "oidc-usermodel-attribute-mapper", - "saml-role-list-mapper" + "oidc-usermodel-property-mapper", + "saml-user-attribute-mapper" ] } - }, + } + ], + "org.keycloak.userprofile.UserProfileProvider": [ { - "id": "ff800f90-97c0-4f08-b95f-397a9325bbb5", - "name": "Max Clients Limit", - "providerId": "max-clients", - "subType": "anonymous", + "id": "5a546cbb-8995-41ac-84a3-d4efd814d97f", + "providerId": "declarative-user-profile", "subComponents": {}, "config": { - "max-clients": [ - "200" + "kc.user.profile.config": [ + "{\"attributes\":[{\"name\":\"username\",\"displayName\":\"${username}\",\"validations\":{\"length\":{\"min\":3,\"max\":255},\"username-prohibited-characters\":{},\"up-username-not-idn-homograph\":{}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"email\",\"displayName\":\"${email}\",\"validations\":{\"email\":{},\"length\":{\"max\":255}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"firstName\",\"displayName\":\"${firstName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"lastName\",\"displayName\":\"${lastName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false}],\"groups\":[{\"name\":\"user-metadata\",\"displayHeader\":\"User metadata\",\"displayDescription\":\"Attributes, which refer to user metadata\"}],\"unmanagedAttributePolicy\":\"ENABLED\"}" ] } - }, + } + ], + "org.keycloak.keys.KeyProvider": [ { - "id": "84e3090c-5cb3-4157-a366-0427efeafdd1", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", + "id": "17719652-b78e-4671-8733-202ccb02bdce", + "name": "hmac-generated-hs512", + "providerId": "hmac-generated", "subComponents": {}, - "config": {} + "config": { + "priority": [ + "100" + ], + "algorithm": [ + "HS512" + ] + } }, { - "id": "6c46f360-1831-4f1d-97c0-a36503a61243", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "anonymous", + "id": "5fa34255-624d-4d58-bbe2-0e91cdaad403", + "name": "aes-generated", + "providerId": "aes-generated", "subComponents": {}, "config": { - "allow-default-scopes": [ - "true" + "priority": [ + "100" ] } }, { - "id": "d5109c64-e80b-47dc-839a-a43daf933a0d", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} - } - ], - "org.keycloak.keys.KeyProvider": [ - { - "id": "4f40e663-8063-4190-9d1b-2c4f231a157b", + "id": "56cda47b-96ed-4887-8eb5-b725d4740c1e", "name": "hmac-generated", "providerId": "hmac-generated", "subComponents": {}, @@ -1476,7 +1559,7 @@ } }, { - "id": "46984e4d-ce4b-4f6b-ae36-52068ebd71c5", + "id": "2e578cba-8e54-4a4e-a539-f1592e947d8f", "name": "rsa-enc-generated", "providerId": "rsa-enc-generated", "subComponents": {}, @@ -1490,18 +1573,7 @@ } }, { - "id": "2e8584a5-4683-4c75-9a71-18b6b593fec7", - "name": "aes-generated", - "providerId": "aes-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ] - } - }, - { - "id": "73e2090a-8890-499c-b4b8-cb652fcbc182", + "id": "4e79102d-f14e-4790-bec2-bcc72ee70654", "name": "rsa-generated", "providerId": "rsa-generated", "subComponents": {}, @@ -1517,7 +1589,7 @@ "supportedLocales": [], "authenticationFlows": [ { - "id": "5cf1632b-e3e5-415e-8dbf-5ecbd8986351", + "id": "32fadbd3-da6a-44e4-a0ac-12a107822f78", "alias": "Account verification options", "description": "Method with which to verity the existing account", "providerId": "basic-flow", @@ -1543,7 +1615,7 @@ ] }, { - "id": "5648b9f5-5ccb-4e71-b5d9-909535f54c9b", + "id": "85f0324b-7fca-450c-a663-8c7e46c939cf", "alias": "Browser - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -1569,7 +1641,7 @@ ] }, { - "id": "c36a1a61-fd22-4e7c-a2d1-0eb5d1cddd9c", + "id": "1f5a4497-7353-4e32-8b70-5bbb78054c52", "alias": "Direct Grant - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -1595,7 +1667,7 @@ ] }, { - "id": "b99f1894-6f56-42db-b213-525897383d8b", + "id": "30b6dcee-72d5-41b3-accd-0a855b8dee47", "alias": "First broker login - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -1621,7 +1693,7 @@ ] }, { - "id": "0b944dd1-c049-491b-bb93-8a6170ca9a03", + "id": "beb32cf8-ab32-4ee1-aa30-0a2500105850", "alias": "Handle Existing Account", "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", "providerId": "basic-flow", @@ -1647,7 +1719,7 @@ ] }, { - "id": "062e7e60-160d-42f3-8ea9-f84c3058f292", + "id": "d691b176-eb82-4bbf-b053-2a276020ff9a", "alias": "Reset - Conditional OTP", "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", "providerId": "basic-flow", @@ -1673,7 +1745,7 @@ ] }, { - "id": "9b18252b-0fcd-44db-b2b3-7c57e7cf1fd4", + "id": "9252e706-2cc0-45f9-a281-b64028d5ea14", "alias": "User creation or linking", "description": "Flow for the existing/non-existing user alternatives", "providerId": "basic-flow", @@ -1700,7 +1772,7 @@ ] }, { - "id": "9daf1573-3740-4003-88d4-217a15173a7e", + "id": "5a60ff09-2381-4288-a33e-2b21167e8755", "alias": "Verify Existing Account by Re-authentication", "description": "Reauthentication of existing account", "providerId": "basic-flow", @@ -1726,7 +1798,7 @@ ] }, { - "id": "d7b85965-d6a8-4ba6-a3cd-dec0cc8582e6", + "id": "215522e3-92d4-49aa-842a-08700908cd4b", "alias": "browser", "description": "browser based authentication", "providerId": "basic-flow", @@ -1768,7 +1840,7 @@ ] }, { - "id": "9b1e9a02-aab8-4464-81e3-cec8a8b73770", + "id": "788c1fe7-d9d0-4d59-b2e2-3288fb38d04f", "alias": "clients", "description": "Base authentication for clients", "providerId": "client-flow", @@ -1810,7 +1882,7 @@ ] }, { - "id": "abcc3b95-68be-4d60-a08d-987f4de5ea4c", + "id": "c428ac31-7a14-4999-afbf-8ef17680bbb9", "alias": "direct grant", "description": "OpenID Connect Resource Owner Grant", "providerId": "basic-flow", @@ -1844,7 +1916,7 @@ ] }, { - "id": "181af168-b624-44e6-94d2-d1ad1bb8a5e1", + "id": "bafb47f4-9672-4402-a28f-f7c44e8967fe", "alias": "docker auth", "description": "Used by Docker clients to authenticate against the IDP", "providerId": "basic-flow", @@ -1862,7 +1934,7 @@ ] }, { - "id": "72e85b7d-ab76-413f-8c1b-c546bf4364d8", + "id": "e03ff2e9-1a81-4bc5-8bb3-710759e9c745", "alias": "first broker login", "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", "providerId": "basic-flow", @@ -1889,7 +1961,7 @@ ] }, { - "id": "110fc25a-e5a4-4731-a100-afe1877df3ff", + "id": "4d29c9c9-ca6e-4915-9c8f-4c82779ca347", "alias": "forms", "description": "Username, password, otp and other auth forms.", "providerId": "basic-flow", @@ -1915,7 +1987,7 @@ ] }, { - "id": "edb80050-768e-41ba-9b6d-11721a5105b2", + "id": "ca0d5e43-3647-45aa-a114-4402ff455606", "alias": "registration", "description": "registration flow", "providerId": "basic-flow", @@ -1934,7 +2006,7 @@ ] }, { - "id": "ee90c4ba-a47b-41a4-b12c-720e31551eeb", + "id": "a14d5a10-d288-4989-a29b-13ff8c7f7a6c", "alias": "registration form", "description": "registration form", "providerId": "form-flow", @@ -1949,14 +2021,6 @@ "autheticatorFlow": false, "userSetupAllowed": false }, - { - "authenticator": "registration-profile-action", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 40, - "autheticatorFlow": false, - "userSetupAllowed": false - }, { "authenticator": "registration-password-action", "authenticatorFlow": false, @@ -1976,7 +2040,7 @@ ] }, { - "id": "6000a4fa-e7d1-421f-8d0b-d19a838162bf", + "id": "e6adc406-5776-4e77-9c26-5744fae78474", "alias": "reset credentials", "description": "Reset credentials for a user if they forgot their password or something", "providerId": "basic-flow", @@ -2018,7 +2082,7 @@ ] }, { - "id": "3b66d772-5c58-4dcc-aaa9-46b3cc0dde27", + "id": "9e99269d-de83-4f78-92f5-a49dd7603b17", "alias": "saml ecp", "description": "SAML ECP Profile Authentication Flow", "providerId": "basic-flow", @@ -2038,14 +2102,14 @@ ], "authenticatorConfig": [ { - "id": "2a83b474-2330-4e5b-aef7-2537482d98af", + "id": "e0679afc-3080-4df3-8102-a54db00f63e6", "alias": "create unique user config", "config": { "require.password.update.after.registration": "false" } }, { - "id": "71f681b4-6fc0-4fd6-aeaf-3b94a146983f", + "id": "8d137d4e-cad8-49f0-a3eb-50be7bd4fd53", "alias": "review profile config", "config": { "update.profile.on.first.login": "missing" @@ -2107,6 +2171,33 @@ "priority": 60, "config": {} }, + { + "alias": "webauthn-register", + "name": "Webauthn Register", + "providerId": "webauthn-register", + "enabled": true, + "defaultAction": false, + "priority": 70, + "config": {} + }, + { + "alias": "webauthn-register-passwordless", + "name": "Webauthn Register Passwordless", + "providerId": "webauthn-register-passwordless", + "enabled": true, + "defaultAction": false, + "priority": 80, + "config": {} + }, + { + "alias": "delete_credential", + "name": "Delete Credential", + "providerId": "delete_credential", + "enabled": true, + "defaultAction": false, + "priority": 100, + "config": {} + }, { "alias": "update_user_locale", "name": "Update User Locale", @@ -2123,13 +2214,14 @@ "resetCredentialsFlow": "reset credentials", "clientAuthenticationFlow": "clients", "dockerAuthenticationFlow": "docker auth", + "firstBrokerLoginFlow": "first broker login", "attributes": { "cibaBackchannelTokenDeliveryMode": "poll", "cibaExpiresIn": "120", "cibaAuthRequestedUserHint": "login_hint", "oauth2DeviceCodeLifespan": "600", - "clientOfflineSessionMaxLifespan": "0", "oauth2DevicePollingInterval": "5", + "clientOfflineSessionMaxLifespan": "0", "clientSessionIdleTimeout": "0", "parRequestUriLifespan": "60", "clientSessionMaxLifespan": "0", @@ -2137,8 +2229,9 @@ "cibaInterval": "5", "realmReusableOtpCode": "false" }, - "keycloakVersion": "23.0.7", + "keycloakVersion": "25.0.6", "userManagedAccessAllowed": false, + "organizationsEnabled": false, "clientProfiles": { "profiles": [] }, diff --git a/import/realm-config/generic/catenax-shared/master-realm.json b/import/realm-config/generic/catenax-shared/master-realm.json index b8730206..111becbb 100644 --- a/import/realm-config/generic/catenax-shared/master-realm.json +++ b/import/realm-config/generic/catenax-shared/master-realm.json @@ -1,5 +1,5 @@ { - "id": "master", + "id": "7f36d25a-81fa-408b-a4ea-f1420eaceed8", "realm": "master", "displayName": "Shared Identity Provider", "displayNameHtml": "
Keycloak
", @@ -26,7 +26,7 @@ "actionTokenGeneratedByAdminLifespan": 43200, "actionTokenGeneratedByUserLifespan": 300, "oauth2DeviceCodeLifespan": 600, - "oauth2DevicePollingInterval": 600, + "oauth2DevicePollingInterval": 5, "enabled": true, "sslRequired": "external", "registrationAllowed": false, @@ -39,6 +39,7 @@ "editUsernameAllowed": false, "bruteForceProtected": false, "permanentLockout": false, + "maxTemporaryLockouts": 0, "maxFailureWaitSeconds": 900, "minimumQuickLoginWaitSeconds": 60, "waitIncrementSeconds": 60, @@ -48,7 +49,7 @@ "roles": { "realm": [ { - "id": "00d3332e-7a24-4b78-80c4-f2c763ea006a", + "id": "afd5055f-b7e6-4d87-a96f-a6dd45b01cfd", "name": "cx-admin", "description": "Catena-X Admin\n- used for partner invite", "composite": true, @@ -58,18 +59,45 @@ ], "client": { "master-realm": [ - "manage-clients", "manage-users", - "manage-realm" + "manage-realm", + "manage-clients" ] } }, "clientRole": false, - "containerId": "master", + "containerId": "7f36d25a-81fa-408b-a4ea-f1420eaceed8", + "attributes": {} + }, + { + "id": "6e7445ff-4a7b-49b9-9d2b-fe5081d3776d", + "name": "offline_access", + "description": "${role_offline-access}", + "composite": false, + "clientRole": false, + "containerId": "7f36d25a-81fa-408b-a4ea-f1420eaceed8", + "attributes": {} + }, + { + "id": "cbd8767a-ff2c-4b1c-b8ed-dae0e8f04101", + "name": "create-realm", + "description": "${role_create-realm}", + "composite": false, + "clientRole": false, + "containerId": "7f36d25a-81fa-408b-a4ea-f1420eaceed8", "attributes": {} }, { - "id": "33990584-d02c-4459-8e50-e71c36bbd286", + "id": "b35feedd-0746-43a5-85b0-b5688d3d77a8", + "name": "uma_authorization", + "description": "${role_uma_authorization}", + "composite": false, + "clientRole": false, + "containerId": "7f36d25a-81fa-408b-a4ea-f1420eaceed8", + "attributes": {} + }, + { + "id": "8b9ae63a-ff7f-4246-90a0-4ee0c506d8a4", "name": "default-roles-master", "description": "${role_default-roles}", "composite": true, @@ -80,17 +108,17 @@ ], "client": { "account": [ - "manage-account", - "view-profile" + "view-profile", + "manage-account" ] } }, "clientRole": false, - "containerId": "master", + "containerId": "7f36d25a-81fa-408b-a4ea-f1420eaceed8", "attributes": {} }, { - "id": "4a156096-0057-47df-a606-f76644f5c34f", + "id": "f2a8fb17-6788-470b-895d-d51d0f4709ea", "name": "admin", "description": "${role_admin}", "composite": true, @@ -100,76 +128,49 @@ ], "client": { "CX-Operator-realm": [ - "manage-authorization", - "view-identity-providers", "view-realm", - "impersonation", - "query-clients", - "manage-identity-providers", - "query-groups", - "manage-events", - "view-events", - "manage-realm", "view-users", + "manage-authorization", "view-authorization", - "manage-users", - "view-clients", "query-realms", + "view-clients", + "manage-users", + "manage-realm", + "impersonation", "query-users", + "view-events", + "query-clients", + "manage-events", + "create-client", "manage-clients", - "create-client" + "query-groups", + "view-identity-providers", + "manage-identity-providers" ], "master-realm": [ - "query-clients", - "manage-identity-providers", - "manage-authorization", + "create-client", + "view-authorization", + "view-realm", "manage-users", + "manage-realm", "query-users", - "query-groups", + "query-realms", + "manage-identity-providers", "view-clients", - "view-authorization", - "view-events", - "manage-realm", - "create-client", - "manage-clients", - "view-users", - "view-identity-providers", "manage-events", + "manage-authorization", + "query-groups", + "view-identity-providers", "impersonation", - "view-realm", - "query-realms" + "query-clients", + "view-events", + "manage-clients", + "view-users" ] } }, "clientRole": false, - "containerId": "master", - "attributes": {} - }, - { - "id": "0bba2da6-005c-4ded-bf09-671f5cc1e6a0", - "name": "create-realm", - "description": "${role_create-realm}", - "composite": false, - "clientRole": false, - "containerId": "master", - "attributes": {} - }, - { - "id": "e4108209-6e10-4a8a-ad1c-2f9fdd2a92a7", - "name": "offline_access", - "description": "${role_offline-access}", - "composite": false, - "clientRole": false, - "containerId": "master", - "attributes": {} - }, - { - "id": "c67fb695-8c3b-4e4d-83b9-13607c232e9b", - "name": "uma_authorization", - "description": "${role_uma_authorization}", - "composite": false, - "clientRole": false, - "containerId": "master", + "containerId": "7f36d25a-81fa-408b-a4ea-f1420eaceed8", "attributes": {} } ], @@ -177,88 +178,96 @@ "sa-cl1-reg-1": [], "CX-Operator-realm": [ { - "id": "013ce7f0-c788-4a82-a631-41ba84097f7f", - "name": "manage-authorization", - "description": "${role_manage-authorization}", + "id": "e59bb2b6-6a0c-4357-b667-51722fa0bbe4", + "name": "view-events", + "description": "${role_view-events}", "composite": false, "clientRole": true, - "containerId": "64acfb98-b4e9-42da-936f-815848d841c5", + "containerId": "ec4d9499-c045-4808-81cd-4ce48cdba9cd", "attributes": {} }, { - "id": "9330bbe7-fc70-46cc-803b-52abfb1f4e2c", - "name": "view-identity-providers", - "description": "${role_view-identity-providers}", + "id": "d6b0f784-f982-41d0-bd9d-04e06a8b93b6", + "name": "query-clients", + "description": "${role_query-clients}", "composite": false, "clientRole": true, - "containerId": "64acfb98-b4e9-42da-936f-815848d841c5", + "containerId": "ec4d9499-c045-4808-81cd-4ce48cdba9cd", "attributes": {} }, { - "id": "6cf11fe7-61de-48f4-8838-e384de5892de", - "name": "view-realm", - "description": "${role_view-realm}", + "id": "ca1c9d83-795e-462f-8090-a005aefe3d28", + "name": "manage-events", + "description": "${role_manage-events}", "composite": false, "clientRole": true, - "containerId": "64acfb98-b4e9-42da-936f-815848d841c5", + "containerId": "ec4d9499-c045-4808-81cd-4ce48cdba9cd", "attributes": {} }, { - "id": "d2c74cbe-ed9f-4c84-bd46-9c76a43049b0", - "name": "impersonation", - "description": "${role_impersonation}", + "id": "b3787b83-1899-4c32-a922-d2d65a3eedfe", + "name": "view-realm", + "description": "${role_view-realm}", "composite": false, "clientRole": true, - "containerId": "64acfb98-b4e9-42da-936f-815848d841c5", + "containerId": "ec4d9499-c045-4808-81cd-4ce48cdba9cd", "attributes": {} }, { - "id": "f8e8d48c-03ad-4bd2-ad6b-6c034627c6a7", - "name": "query-clients", - "description": "${role_query-clients}", + "id": "7edef173-03fa-49e8-8d30-cb069a4e420d", + "name": "manage-authorization", + "description": "${role_manage-authorization}", "composite": false, "clientRole": true, - "containerId": "64acfb98-b4e9-42da-936f-815848d841c5", + "containerId": "ec4d9499-c045-4808-81cd-4ce48cdba9cd", "attributes": {} }, { - "id": "ddc29dcc-d29b-4b87-b592-bee9dd0ff1d7", - "name": "manage-identity-providers", - "description": "${role_manage-identity-providers}", - "composite": false, + "id": "48fa1036-d3a3-4b10-9e99-b7cc3b7c8f12", + "name": "view-users", + "description": "${role_view-users}", + "composite": true, + "composites": { + "client": { + "CX-Operator-realm": [ + "query-groups", + "query-users" + ] + } + }, "clientRole": true, - "containerId": "64acfb98-b4e9-42da-936f-815848d841c5", + "containerId": "ec4d9499-c045-4808-81cd-4ce48cdba9cd", "attributes": {} }, { - "id": "5eee98ad-a283-4418-bec3-20c51ff9704f", + "id": "3234a64a-d7fd-4b10-91b8-a91792db8f5e", "name": "view-authorization", "description": "${role_view-authorization}", "composite": false, "clientRole": true, - "containerId": "64acfb98-b4e9-42da-936f-815848d841c5", + "containerId": "ec4d9499-c045-4808-81cd-4ce48cdba9cd", "attributes": {} }, { - "id": "d8ce081f-2f0c-47e0-8f52-a6e2cdd88f5f", - "name": "query-groups", - "description": "${role_query-groups}", + "id": "fb135d50-fe44-4e7f-b30c-22019aefcce2", + "name": "query-realms", + "description": "${role_query-realms}", "composite": false, "clientRole": true, - "containerId": "64acfb98-b4e9-42da-936f-815848d841c5", + "containerId": "ec4d9499-c045-4808-81cd-4ce48cdba9cd", "attributes": {} }, { - "id": "9f0a7c15-bc5e-4a92-b6c9-1f55e305a2ac", + "id": "9e79014b-2f60-44f8-8d91-cd8ff1c605a6", "name": "manage-users", "description": "${role_manage-users}", "composite": false, "clientRole": true, - "containerId": "64acfb98-b4e9-42da-936f-815848d841c5", + "containerId": "ec4d9499-c045-4808-81cd-4ce48cdba9cd", "attributes": {} }, { - "id": "3f40fcea-c033-408e-b48b-82256ee7393c", + "id": "094c6b2f-cbbc-44ab-9da7-5b04f14d0763", "name": "view-clients", "description": "${role_view-clients}", "composite": true, @@ -270,87 +279,79 @@ } }, "clientRole": true, - "containerId": "64acfb98-b4e9-42da-936f-815848d841c5", + "containerId": "ec4d9499-c045-4808-81cd-4ce48cdba9cd", "attributes": {} }, { - "id": "41974713-fd5c-45ff-9ac3-753bc74c65b6", - "name": "manage-events", - "description": "${role_manage-events}", + "id": "0e311182-19b0-42b4-a7f5-3fca2c748004", + "name": "impersonation", + "description": "${role_impersonation}", "composite": false, "clientRole": true, - "containerId": "64acfb98-b4e9-42da-936f-815848d841c5", + "containerId": "ec4d9499-c045-4808-81cd-4ce48cdba9cd", "attributes": {} }, { - "id": "246730b0-406d-4c40-9d5f-513f9881d43f", - "name": "query-realms", - "description": "${role_query-realms}", + "id": "07b313c9-8f34-4a9a-8ef5-63b96916b091", + "name": "manage-realm", + "description": "${role_manage-realm}", "composite": false, "clientRole": true, - "containerId": "64acfb98-b4e9-42da-936f-815848d841c5", + "containerId": "ec4d9499-c045-4808-81cd-4ce48cdba9cd", "attributes": {} }, { - "id": "6ea05980-fc04-48b4-b5f9-cd5670407992", - "name": "query-users", - "description": "${role_query-users}", + "id": "b4425b7c-55e3-4288-981a-2a19aeaaa098", + "name": "create-client", + "description": "${role_create-client}", "composite": false, "clientRole": true, - "containerId": "64acfb98-b4e9-42da-936f-815848d841c5", + "containerId": "ec4d9499-c045-4808-81cd-4ce48cdba9cd", "attributes": {} }, { - "id": "961b7bc5-b100-4905-b0c5-8d8509fcacc0", + "id": "e574a75e-2f68-4039-b7e1-aa38800c6f7c", "name": "manage-clients", "description": "${role_manage-clients}", "composite": false, "clientRole": true, - "containerId": "64acfb98-b4e9-42da-936f-815848d841c5", + "containerId": "ec4d9499-c045-4808-81cd-4ce48cdba9cd", "attributes": {} }, { - "id": "123094e6-257b-4628-ada7-412b06b7d25b", - "name": "view-events", - "description": "${role_view-events}", + "id": "4f5e1f27-993e-4fe9-b6e9-a6faa29789b0", + "name": "query-groups", + "description": "${role_query-groups}", "composite": false, "clientRole": true, - "containerId": "64acfb98-b4e9-42da-936f-815848d841c5", + "containerId": "ec4d9499-c045-4808-81cd-4ce48cdba9cd", "attributes": {} }, { - "id": "5253ff75-4e36-4423-bc23-5f482a354d3f", - "name": "manage-realm", - "description": "${role_manage-realm}", + "id": "8e9ffe89-b7ad-4a7d-a569-9c9ebe395410", + "name": "view-identity-providers", + "description": "${role_view-identity-providers}", "composite": false, "clientRole": true, - "containerId": "64acfb98-b4e9-42da-936f-815848d841c5", + "containerId": "ec4d9499-c045-4808-81cd-4ce48cdba9cd", "attributes": {} }, { - "id": "f254a28f-13c1-46ac-8a40-f0cb85b743b7", - "name": "view-users", - "description": "${role_view-users}", - "composite": true, - "composites": { - "client": { - "CX-Operator-realm": [ - "query-users", - "query-groups" - ] - } - }, + "id": "bbd100c3-37f5-4edf-9565-3a7357d5b58b", + "name": "query-users", + "description": "${role_query-users}", + "composite": false, "clientRole": true, - "containerId": "64acfb98-b4e9-42da-936f-815848d841c5", + "containerId": "ec4d9499-c045-4808-81cd-4ce48cdba9cd", "attributes": {} }, { - "id": "0ade4dd7-4f7c-4d5c-a6b3-a9099436db74", - "name": "create-client", - "description": "${role_create-client}", + "id": "2b8df7ba-0772-48b9-8d20-11eb7a61784b", + "name": "manage-identity-providers", + "description": "${role_manage-identity-providers}", "composite": false, "clientRole": true, - "containerId": "64acfb98-b4e9-42da-936f-815848d841c5", + "containerId": "ec4d9499-c045-4808-81cd-4ce48cdba9cd", "attributes": {} } ], @@ -359,279 +360,279 @@ "account-console": [], "broker": [ { - "id": "af71a761-9a75-41ff-a6ee-c77e72f595db", + "id": "45f59053-81b6-4d62-b063-f6a760cdc8bc", "name": "read-token", "description": "${role_read-token}", "composite": false, "clientRole": true, - "containerId": "d8fbcdf8-75f5-4066-8a3e-646335c66435", + "containerId": "78d0cbc0-5e1f-44d1-8053-0c32ed2ef7a9", "attributes": {} } ], "master-realm": [ { - "id": "a20a1fb2-d04d-4346-8489-8d2485d11127", - "name": "query-clients", - "description": "${role_query-clients}", + "id": "64a8bd6e-6e80-4d57-88dd-5cfea6433479", + "name": "create-client", + "description": "${role_create-client}", "composite": false, "clientRole": true, - "containerId": "8d85399b-1ab9-470e-9c90-fe147d4a2b69", + "containerId": "33fe6bc6-0991-4095-be79-61c9327e45d2", "attributes": {} }, { - "id": "4fb77de6-a224-4dd9-8be6-c7c75aa7ea84", - "name": "manage-identity-providers", - "description": "${role_manage-identity-providers}", + "id": "d6e371e1-84d4-4601-ad6d-28383d7ad183", + "name": "view-authorization", + "description": "${role_view-authorization}", "composite": false, "clientRole": true, - "containerId": "8d85399b-1ab9-470e-9c90-fe147d4a2b69", + "containerId": "33fe6bc6-0991-4095-be79-61c9327e45d2", "attributes": {} }, { - "id": "46d4a01d-56b7-4b5b-a623-358f5a5ad341", - "name": "manage-authorization", - "description": "${role_manage-authorization}", + "id": "7339ec0b-2fc7-49a8-8d0d-1bec1f2db60f", + "name": "view-realm", + "description": "${role_view-realm}", "composite": false, "clientRole": true, - "containerId": "8d85399b-1ab9-470e-9c90-fe147d4a2b69", + "containerId": "33fe6bc6-0991-4095-be79-61c9327e45d2", "attributes": {} }, { - "id": "88892c66-831f-4606-ae14-bb53eab7cf2e", - "name": "manage-clients", - "description": "${role_manage-clients}", + "id": "fe6e6d68-fcf3-4b15-ba60-7ab6417ddfc8", + "name": "manage-users", + "description": "${role_manage-users}", "composite": false, "clientRole": true, - "containerId": "8d85399b-1ab9-470e-9c90-fe147d4a2b69", + "containerId": "33fe6bc6-0991-4095-be79-61c9327e45d2", "attributes": {} }, { - "id": "d4bcfbb7-d5df-4162-bc9d-ce29268b2034", - "name": "manage-users", - "description": "${role_manage-users}", + "id": "bcd3ace9-2154-42d6-b7f0-a487b0413a28", + "name": "manage-authorization", + "description": "${role_manage-authorization}", "composite": false, "clientRole": true, - "containerId": "8d85399b-1ab9-470e-9c90-fe147d4a2b69", + "containerId": "33fe6bc6-0991-4095-be79-61c9327e45d2", "attributes": {} }, { - "id": "d8a10613-a444-4807-941c-8f96738a25d9", - "name": "query-users", - "description": "${role_query-users}", + "id": "d3585fb5-5821-40d3-bf01-4b1731920df7", + "name": "manage-realm", + "description": "${role_manage-realm}", "composite": false, "clientRole": true, - "containerId": "8d85399b-1ab9-470e-9c90-fe147d4a2b69", + "containerId": "33fe6bc6-0991-4095-be79-61c9327e45d2", "attributes": {} }, { - "id": "87da293a-6386-4115-a829-d98d15e0f061", + "id": "983334c6-5d41-455c-bb8e-0bb4f6dbf20d", "name": "query-groups", "description": "${role_query-groups}", "composite": false, "clientRole": true, - "containerId": "8d85399b-1ab9-470e-9c90-fe147d4a2b69", + "containerId": "33fe6bc6-0991-4095-be79-61c9327e45d2", "attributes": {} }, { - "id": "b91789fa-33a0-4eac-9ff2-b1e4c20141e5", - "name": "view-users", - "description": "${role_view-users}", - "composite": true, - "composites": { - "client": { - "master-realm": [ - "query-users", - "query-groups" - ] - } - }, + "id": "7b7eaa69-81b9-4ede-81a7-f6dd221e4468", + "name": "query-users", + "description": "${role_query-users}", + "composite": false, "clientRole": true, - "containerId": "8d85399b-1ab9-470e-9c90-fe147d4a2b69", + "containerId": "33fe6bc6-0991-4095-be79-61c9327e45d2", "attributes": {} }, { - "id": "ca4523e1-fc8d-4fe3-acff-415dca8969f9", + "id": "4b310845-b4fc-4da0-af2f-472e0a598fc2", "name": "view-identity-providers", "description": "${role_view-identity-providers}", "composite": false, "clientRole": true, - "containerId": "8d85399b-1ab9-470e-9c90-fe147d4a2b69", + "containerId": "33fe6bc6-0991-4095-be79-61c9327e45d2", "attributes": {} }, { - "id": "d0e98072-144d-45c4-91bb-b91f8816dcb2", - "name": "view-clients", - "description": "${role_view-clients}", - "composite": true, - "composites": { - "client": { - "master-realm": [ - "query-clients" - ] - } - }, + "id": "f582812b-9208-42fd-88d0-e8ab133af89e", + "name": "impersonation", + "description": "${role_impersonation}", + "composite": false, "clientRole": true, - "containerId": "8d85399b-1ab9-470e-9c90-fe147d4a2b69", + "containerId": "33fe6bc6-0991-4095-be79-61c9327e45d2", "attributes": {} }, { - "id": "2f3d396e-6741-49af-858a-e2c13b6a6267", - "name": "view-authorization", - "description": "${role_view-authorization}", + "id": "07f54d70-1574-4880-a4b4-58d6952b96c1", + "name": "query-realms", + "description": "${role_query-realms}", "composite": false, "clientRole": true, - "containerId": "8d85399b-1ab9-470e-9c90-fe147d4a2b69", + "containerId": "33fe6bc6-0991-4095-be79-61c9327e45d2", "attributes": {} }, { - "id": "f73ca8b5-06eb-4422-b488-1d1c5ad3fd3e", - "name": "manage-events", - "description": "${role_manage-events}", + "id": "542e65cc-2ee7-4a2c-b3cb-e90f83409a34", + "name": "manage-identity-providers", + "description": "${role_manage-identity-providers}", "composite": false, "clientRole": true, - "containerId": "8d85399b-1ab9-470e-9c90-fe147d4a2b69", + "containerId": "33fe6bc6-0991-4095-be79-61c9327e45d2", "attributes": {} }, { - "id": "6b7bb957-3a9a-497d-9fef-ca7c0c841539", - "name": "view-events", - "description": "${role_view-events}", + "id": "8de7c43f-63a9-474e-97dc-d7db05cfdea5", + "name": "query-clients", + "description": "${role_query-clients}", "composite": false, "clientRole": true, - "containerId": "8d85399b-1ab9-470e-9c90-fe147d4a2b69", + "containerId": "33fe6bc6-0991-4095-be79-61c9327e45d2", "attributes": {} }, { - "id": "ad26c837-0a2c-4c7e-bf26-9d862409cd9d", - "name": "impersonation", - "description": "${role_impersonation}", - "composite": false, + "id": "053e76e8-e83b-4c1c-b68b-5e3076c354af", + "name": "view-clients", + "description": "${role_view-clients}", + "composite": true, + "composites": { + "client": { + "master-realm": [ + "query-clients" + ] + } + }, "clientRole": true, - "containerId": "8d85399b-1ab9-470e-9c90-fe147d4a2b69", + "containerId": "33fe6bc6-0991-4095-be79-61c9327e45d2", "attributes": {} }, { - "id": "7e01d1cd-a8d2-4dfb-b8a9-072aedbab4d6", - "name": "view-realm", - "description": "${role_view-realm}", + "id": "f41846aa-112e-4d5e-a801-15673dcaa989", + "name": "manage-events", + "description": "${role_manage-events}", "composite": false, "clientRole": true, - "containerId": "8d85399b-1ab9-470e-9c90-fe147d4a2b69", + "containerId": "33fe6bc6-0991-4095-be79-61c9327e45d2", "attributes": {} }, { - "id": "9de47466-4370-4375-b2ec-ba9d07e76ca3", - "name": "manage-realm", - "description": "${role_manage-realm}", + "id": "956836f3-77d6-41a1-8c86-2d34bd0a8cf7", + "name": "manage-clients", + "description": "${role_manage-clients}", "composite": false, "clientRole": true, - "containerId": "8d85399b-1ab9-470e-9c90-fe147d4a2b69", + "containerId": "33fe6bc6-0991-4095-be79-61c9327e45d2", "attributes": {} }, { - "id": "ed3cf7ba-92dc-43cd-9763-00f2dfbefc6a", - "name": "query-realms", - "description": "${role_query-realms}", + "id": "364bf214-d5f6-497c-b283-8d5fbad26b49", + "name": "view-events", + "description": "${role_view-events}", "composite": false, "clientRole": true, - "containerId": "8d85399b-1ab9-470e-9c90-fe147d4a2b69", + "containerId": "33fe6bc6-0991-4095-be79-61c9327e45d2", "attributes": {} }, { - "id": "793c4ee8-7d58-4a9c-9c7e-8f6e3fafa7ad", - "name": "create-client", - "description": "${role_create-client}", - "composite": false, - "clientRole": true, - "containerId": "8d85399b-1ab9-470e-9c90-fe147d4a2b69", + "id": "1d9ca518-a1cd-4804-a876-282d1314ede9", + "name": "view-users", + "description": "${role_view-users}", + "composite": true, + "composites": { + "client": { + "master-realm": [ + "query-users", + "query-groups" + ] + } + }, + "clientRole": true, + "containerId": "33fe6bc6-0991-4095-be79-61c9327e45d2", "attributes": {} } ], "account": [ { - "id": "cf082508-5c71-410d-9c04-22e92208e1d2", - "name": "manage-account", - "description": "${role_manage-account}", + "id": "de3e9e10-49e4-4be4-89dd-a60f0f02c0b9", + "name": "delete-account", + "description": "${role_delete-account}", + "composite": false, + "clientRole": true, + "containerId": "46f8cb9f-d756-421d-b80d-062b20e1756b", + "attributes": {} + }, + { + "id": "ad8468c2-cc46-49c5-9581-0128aaa4c85b", + "name": "manage-consent", + "description": "${role_manage-consent}", "composite": true, "composites": { "client": { "account": [ - "manage-account-links" + "view-consent" ] } }, "clientRole": true, - "containerId": "a1983134-1fff-4e2f-ab64-dcfd20268f9a", + "containerId": "46f8cb9f-d756-421d-b80d-062b20e1756b", "attributes": {} }, { - "id": "1c486d7a-6257-4bf7-8f74-8828a0b63428", + "id": "542800d6-610c-46bf-9d25-4e6c0335a577", "name": "manage-account-links", "description": "${role_manage-account-links}", "composite": false, "clientRole": true, - "containerId": "a1983134-1fff-4e2f-ab64-dcfd20268f9a", + "containerId": "46f8cb9f-d756-421d-b80d-062b20e1756b", "attributes": {} }, { - "id": "d513e52a-0b42-4cb4-8bc0-b7c66d7cf8f9", + "id": "f5bea343-9389-4d6f-aa8c-60f87e4fd619", "name": "view-groups", "description": "${role_view-groups}", "composite": false, "clientRole": true, - "containerId": "a1983134-1fff-4e2f-ab64-dcfd20268f9a", + "containerId": "46f8cb9f-d756-421d-b80d-062b20e1756b", + "attributes": {} + }, + { + "id": "c8b424fd-135b-4d1f-a6d1-234cd3522d5b", + "name": "manage-account", + "description": "${role_manage-account}", + "composite": true, + "composites": { + "client": { + "account": [ + "manage-account-links" + ] + } + }, + "clientRole": true, + "containerId": "46f8cb9f-d756-421d-b80d-062b20e1756b", "attributes": {} }, { - "id": "e0176946-c4b2-4eed-a130-31801dee9e4d", + "id": "186fd6de-0eca-47da-8e22-5f4853d9d0b4", "name": "view-applications", "description": "${role_view-applications}", "composite": false, "clientRole": true, - "containerId": "a1983134-1fff-4e2f-ab64-dcfd20268f9a", + "containerId": "46f8cb9f-d756-421d-b80d-062b20e1756b", "attributes": {} }, { - "id": "43e434f2-62a2-477c-8624-ec303b9268aa", + "id": "50bac5bb-e1a9-4aab-8f6b-594d33ea8119", "name": "view-profile", "description": "${role_view-profile}", "composite": false, "clientRole": true, - "containerId": "a1983134-1fff-4e2f-ab64-dcfd20268f9a", + "containerId": "46f8cb9f-d756-421d-b80d-062b20e1756b", "attributes": {} }, { - "id": "c6ae9e18-f32b-4401-80a8-d3af924ed72d", + "id": "14535ab5-18db-47a8-8702-cc330e3c9f55", "name": "view-consent", "description": "${role_view-consent}", "composite": false, "clientRole": true, - "containerId": "a1983134-1fff-4e2f-ab64-dcfd20268f9a", - "attributes": {} - }, - { - "id": "af589f31-2daf-4f6c-9b52-acfe2d5df92d", - "name": "delete-account", - "description": "${role_delete-account}", - "composite": false, - "clientRole": true, - "containerId": "a1983134-1fff-4e2f-ab64-dcfd20268f9a", - "attributes": {} - }, - { - "id": "b78fed2a-063e-4563-8f1d-09e68771f872", - "name": "manage-consent", - "description": "${role_manage-consent}", - "composite": true, - "composites": { - "client": { - "account": [ - "view-consent" - ] - } - }, - "clientRole": true, - "containerId": "a1983134-1fff-4e2f-ab64-dcfd20268f9a", + "containerId": "46f8cb9f-d756-421d-b80d-062b20e1756b", "attributes": {} } ], @@ -640,12 +641,12 @@ }, "groups": [], "defaultRole": { - "id": "33990584-d02c-4459-8e50-e71c36bbd286", + "id": "8b9ae63a-ff7f-4246-90a0-4ee0c506d8a4", "name": "default-roles-master", "description": "${role_default-roles}", "composite": true, "clientRole": false, - "containerId": "master" + "containerId": "7f36d25a-81fa-408b-a4ea-f1420eaceed8" }, "requiredCredentials": [ "password" @@ -658,10 +659,11 @@ "otpPolicyPeriod": 30, "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "totpAppGoogleName", "totpAppFreeOTPName", + "totpAppGoogleName", "totpAppMicrosoftAuthenticatorName" ], + "localizationTexts": {}, "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ "ES256" @@ -674,6 +676,7 @@ "webAuthnPolicyCreateTimeout": 0, "webAuthnPolicyAvoidSameAuthenticatorRegister": false, "webAuthnPolicyAcceptableAaguids": [], + "webAuthnPolicyExtraOrigins": [], "webAuthnPolicyPasswordlessRpEntityName": "keycloak", "webAuthnPolicyPasswordlessSignatureAlgorithms": [ "ES256" @@ -686,14 +689,15 @@ "webAuthnPolicyPasswordlessCreateTimeout": 0, "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, "webAuthnPolicyPasswordlessAcceptableAaguids": [], + "webAuthnPolicyPasswordlessExtraOrigins": [], "users": [ { "id": "68139542-dfb7-46ba-86a3-774d6f386c26", - "createdTimestamp": 1651783160914, "username": "service-account-sa-cl1-reg-1", + "emailVerified": false, + "createdTimestamp": 1651783160914, "enabled": true, "totp": false, - "emailVerified": false, "serviceAccountClientId": "sa-cl1-reg-1", "disableableCredentialTypes": [], "requiredActions": [], @@ -705,37 +709,37 @@ }, { "id": "16c63ad1-51dd-4cb2-8d2f-0845ecd63420", - "createdTimestamp": 1667916488132, "username": "service-account-sacx-operator", + "emailVerified": false, + "createdTimestamp": 1667916488132, "enabled": true, "totp": false, - "emailVerified": false, "serviceAccountClientId": "saCX-Operator", "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ - "default-roles-master", - "create-realm" + "create-realm", + "default-roles-master" ], "clientRoles": { "CX-Operator-realm": [ - "manage-authorization", - "view-identity-providers", - "view-realm", + "view-events", "query-clients", - "manage-identity-providers", + "view-realm", + "manage-events", + "manage-authorization", + "view-users", "view-authorization", - "query-groups", + "query-realms", "manage-users", "view-clients", - "manage-events", - "query-realms", - "query-users", - "manage-clients", - "view-events", - "view-users", "manage-realm", - "create-client" + "manage-clients", + "create-client", + "query-groups", + "view-identity-providers", + "query-users", + "manage-identity-providers" ] }, "notBefore": 0, @@ -763,7 +767,7 @@ }, "clients": [ { - "id": "a1983134-1fff-4e2f-ab64-dcfd20268f9a", + "id": "46f8cb9f-d756-421d-b80d-062b20e1756b", "clientId": "account", "name": "${client_account}", "rootUrl": "${authBaseUrl}", @@ -794,10 +798,11 @@ "nodeReRegistrationTimeout": 0, "defaultClientScopes": [ "web-origins", - "profile", + "acr", "roles", - "email", - "acr" + "profile", + "basic", + "email" ], "optionalClientScopes": [ "address", @@ -807,7 +812,7 @@ ] }, { - "id": "ae3d7f21-5fe2-4a4e-aceb-c2d787da96e2", + "id": "2e4bc793-869e-4a48-bd7a-2379869dd8a1", "clientId": "account-console", "name": "${client_account-console}", "rootUrl": "${authBaseUrl}", @@ -839,7 +844,7 @@ "nodeReRegistrationTimeout": 0, "protocolMappers": [ { - "id": "b4e9445d-2c6d-4911-b959-e081b164bf9b", + "id": "c11bbb75-969c-4161-9da6-dbac15e2ef2d", "name": "audience resolve", "protocol": "openid-connect", "protocolMapper": "oidc-audience-resolve-mapper", @@ -849,8 +854,9 @@ ], "defaultClientScopes": [ "web-origins", - "profile", "roles", + "profile", + "basic", "email" ], "optionalClientScopes": [ @@ -861,7 +867,7 @@ ] }, { - "id": "f44bc41d-754a-4ae6-96b4-66dbaa4da64e", + "id": "144f05c9-9f1e-4cba-9c78-8848594eb03b", "clientId": "admin-cli", "name": "${client_admin-cli}", "surrogateAuthRequired": false, @@ -888,10 +894,11 @@ "nodeReRegistrationTimeout": 0, "defaultClientScopes": [ "web-origins", - "profile", + "acr", "roles", - "email", - "acr" + "profile", + "basic", + "email" ], "optionalClientScopes": [ "address", @@ -901,7 +908,7 @@ ] }, { - "id": "d8fbcdf8-75f5-4066-8a3e-646335c66435", + "id": "78d0cbc0-5e1f-44d1-8053-0c32ed2ef7a9", "clientId": "broker", "name": "${client_broker}", "surrogateAuthRequired": false, @@ -928,8 +935,8 @@ "nodeReRegistrationTimeout": 0, "defaultClientScopes": [ "web-origins", - "profile", "roles", + "profile", "email" ], "optionalClientScopes": [ @@ -940,7 +947,7 @@ ] }, { - "id": "64acfb98-b4e9-42da-936f-815848d841c5", + "id": "ec4d9499-c045-4808-81cd-4ce48cdba9cd", "clientId": "CX-Operator-realm", "name": "CX-Operator Realm", "surrogateAuthRequired": false, @@ -965,11 +972,22 @@ "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [], - "optionalClientScopes": [] + "defaultClientScopes": [ + "web-origins", + "acr", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] }, { - "id": "8d85399b-1ab9-470e-9c90-fe147d4a2b69", + "id": "33fe6bc6-0991-4095-be79-61c9327e45d2", "clientId": "master-realm", "name": "master Realm", "surrogateAuthRequired": false, @@ -996,8 +1014,8 @@ "nodeReRegistrationTimeout": 0, "defaultClientScopes": [ "web-origins", - "profile", "roles", + "profile", "email" ], "optionalClientScopes": [ @@ -1008,7 +1026,7 @@ ] }, { - "id": "378c7cad-c6dc-49db-b3dd-fea6d9365edb", + "id": "23dc8d54-172b-4246-a05e-3c7a4fb6ae4b", "clientId": "sa-cl1-reg-1", "description": "Technical User for Portal-Backend to call Keycloak (portal helm chart: backend.keycloak.shared.clientId)", "surrogateAuthRequired": false, @@ -1060,48 +1078,48 @@ "nodeReRegistrationTimeout": -1, "protocolMappers": [ { - "id": "ae96ff8d-954f-4477-a287-aa8526abd333", - "name": "Client ID", + "id": "adbf27fd-3c29-4e9b-ace5-02be64abd8de", + "name": "Client IP Address", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", + "user.session.note": "clientAddress", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" + "claim.name": "clientAddress", + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { - "id": "9579b4d3-2acf-4e56-a39a-04d6f6b368aa", - "name": "Client IP Address", + "id": "87184c27-1aaa-44ff-8abd-401ce077b36c", + "name": "Client Host", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", + "user.session.note": "clientHost", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" + "claim.name": "clientHost", + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { - "id": "b297c502-919d-4300-95f7-a05f77530160", - "name": "Client Host", + "id": "778ee48d-7d32-40da-b0e1-1575cd5758d9", + "name": "Client ID", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", + "user.session.note": "clientId", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" + "claim.name": "clientId", + "jsonType.label": "String", + "userinfo.token.claim": "true" } } ], @@ -1109,6 +1127,7 @@ "web-origins", "profile", "roles", + "basic", "email" ], "optionalClientScopes": [ @@ -1119,7 +1138,7 @@ ] }, { - "id": "22dcd29e-f435-4662-98db-5a9b35d1109e", + "id": "fffecd61-4366-4ae4-a440-29242901b34f", "clientId": "saCX-Operator", "name": "saCX-Operator", "surrogateAuthRequired": false, @@ -1144,8 +1163,8 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { - "post.logout.redirect.uris": "+", "backchannel.logout.session.required": "true", + "post.logout.redirect.uris": "+", "backchannel.logout.revoke.offline.tokens": "false" }, "authenticationFlowBindingOverrides": {}, @@ -1153,48 +1172,48 @@ "nodeReRegistrationTimeout": -1, "protocolMappers": [ { - "id": "ed69a2eb-aa9c-4fb4-9923-db99100accf8", - "name": "Client Host", + "id": "42dbc032-5d11-47b9-a2b8-62c1113da0f5", + "name": "Client IP Address", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", + "user.session.note": "clientAddress", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" + "claim.name": "clientAddress", + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { - "id": "132b1ccb-7448-4b74-bf5f-9ebc412ff2e1", - "name": "Client IP Address", + "id": "da43f7ba-490a-4d58-a477-b814eabd7df3", + "name": "Client ID", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", + "user.session.note": "clientId", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" + "claim.name": "clientId", + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { - "id": "a5678011-108c-4c90-ba38-2c07a32abcd9", - "name": "Client ID", + "id": "22df3a4c-e4ab-42e8-92bf-2cd849f16278", + "name": "Client Host", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", + "user.session.note": "clientHost", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" + "claim.name": "clientHost", + "jsonType.label": "String", + "userinfo.token.claim": "true" } } ], @@ -1202,6 +1221,7 @@ "web-origins", "profile", "roles", + "basic", "email" ], "optionalClientScopes": [ @@ -1212,7 +1232,7 @@ ] }, { - "id": "dbfbfd57-b92a-4ce1-9b00-aa4a0ba7d616", + "id": "434f4855-245d-47a2-a36c-cc497cfd3ffa", "clientId": "security-admin-console", "name": "${client_security-admin-console}", "rootUrl": "${authAdminUrl}", @@ -1246,27 +1266,28 @@ "nodeReRegistrationTimeout": 0, "protocolMappers": [ { - "id": "a43fc1aa-bea4-44ab-af81-fca46bd17c16", + "id": "73c10482-4cb6-4d45-ad46-1c5a5b80761f", "name": "locale", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", "user.attribute": "locale", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "locale", - "jsonType.label": "String" + "jsonType.label": "String", + "userinfo.token.claim": "true" } } ], "defaultClientScopes": [ "web-origins", - "profile", + "acr", "roles", - "email", - "acr" + "profile", + "basic", + "email" ], "optionalClientScopes": [ "address", @@ -1278,420 +1299,517 @@ ], "clientScopes": [ { - "id": "ddf08713-aa3b-42f5-ba5f-eaa38ce9b45d", - "name": "phone", - "description": "OpenID Connect built-in scope: phone", + "id": "60d26b66-d47a-46a1-872a-22f8daa8152f", + "name": "offline_access", + "description": "OpenID Connect built-in scope: offline_access", "protocol": "openid-connect", "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${phoneScopeConsentText}" + "consent.screen.text": "${offlineAccessScopeConsentText}", + "display.on.consent.screen": "true" + } + }, + { + "id": "b073bbe3-b3b8-4bd8-9bb4-1094de35d74e", + "name": "basic", + "description": "OpenID Connect scope for add all basic claims to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" }, "protocolMappers": [ { - "id": "d09c784b-c13f-4f0e-8f63-5893b19a6ee5", - "name": "phone number verified", + "id": "ece5db8e-3333-43c3-9294-07a2d6628f7c", + "name": "sub", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-sub-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumberVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number_verified", - "jsonType.label": "boolean" + "introspection.token.claim": "true", + "access.token.claim": "true" } }, { - "id": "93cc264c-f041-4000-a057-86ed3bec9bae", - "name": "phone number", + "id": "fd90b5e3-6658-4303-a255-4137aba39653", + "name": "auth_time", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumber", + "user.session.note": "AUTH_TIME", "id.token.claim": "true", + "introspection.token.claim": "true", "access.token.claim": "true", - "claim.name": "phone_number", - "jsonType.label": "String" + "claim.name": "auth_time", + "jsonType.label": "long" } } ] }, { - "id": "97d5e593-ae0b-4107-ae85-71feffeb2328", - "name": "profile", - "description": "OpenID Connect built-in scope: profile", + "id": "89e90cc2-ed3d-4bee-8281-f9b9b453599c", + "name": "email", + "description": "OpenID Connect built-in scope: email", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${profileScopeConsentText}" + "consent.screen.text": "${emailScopeConsentText}", + "display.on.consent.screen": "true" }, "protocolMappers": [ { - "id": "653a4a7f-fa55-4762-8f80-97b0c70c0fb1", - "name": "full name", + "id": "519e0d59-c25e-4826-8c23-ee21c5e07ee7", + "name": "email verified", "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", + "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { + "user.attribute": "emailVerified", "id.token.claim": "true", "access.token.claim": "true", + "claim.name": "email_verified", + "jsonType.label": "boolean", "userinfo.token.claim": "true" } }, { - "id": "6ddf096b-ab83-4e07-92de-1af9450981d6", - "name": "middle name", + "id": "18558c59-7e37-4c5e-8ed4-6fe27b870386", + "name": "email", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", - "user.attribute": "middleName", + "user.attribute": "email", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "middle_name", - "jsonType.label": "String" + "claim.name": "email", + "jsonType.label": "String", + "userinfo.token.claim": "true" } - }, + } + ] + }, + { + "id": "c2d82e42-ed9a-424b-9ee3-03134cc23b81", + "name": "microprofile-jwt", + "description": "Microprofile - JWT built-in scope", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ { - "id": "582ce909-19cc-47ac-983b-b160c1033aac", - "name": "username", + "id": "6053d0b1-e82f-4661-9bbb-21b0eb075936", + "name": "upn", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", "user.attribute": "username", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" + "claim.name": "upn", + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { - "id": "a5a0ca1e-72ed-427c-aeaf-264561a902dc", - "name": "profile", + "id": "90c8e939-230f-46bb-be52-ff82092a2f7d", + "name": "groups", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-usermodel-realm-role-mapper", "consentRequired": false, "config": { + "multivalued": "true", "userinfo.token.claim": "true", - "user.attribute": "profile", + "user.attribute": "foo", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "profile", + "claim.name": "groups", "jsonType.label": "String" } - }, + } + ] + }, + { + "id": "bafe8308-0a73-44f2-bf09-05f522b22380", + "name": "phone", + "description": "OpenID Connect built-in scope: phone", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "consent.screen.text": "${phoneScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ { - "id": "13e09171-a147-4279-aa95-00f24ca40209", - "name": "picture", + "id": "b00611b5-b3a7-4d0f-9ffb-127810e19b3a", + "name": "phone number", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", - "user.attribute": "picture", + "user.attribute": "phoneNumber", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "picture", - "jsonType.label": "String" + "claim.name": "phone_number", + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { - "id": "ce567836-1d68-477e-a369-faac9988f5d5", - "name": "gender", + "id": "85d4e20c-d17c-49fc-a1a1-4151ae06c45b", + "name": "phone number verified", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", - "user.attribute": "gender", + "user.attribute": "phoneNumberVerified", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "gender", - "jsonType.label": "String" + "claim.name": "phone_number_verified", + "jsonType.label": "boolean", + "userinfo.token.claim": "true" } - }, + } + ] + }, + { + "id": "c559d752-52a9-4b50-a2e9-fabe00d8494d", + "name": "roles", + "description": "OpenID Connect scope for add user roles to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "consent.screen.text": "${rolesScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ { - "id": "7fac83c8-8542-4e58-ac0a-8cd2f35a14e2", - "name": "birthdate", + "id": "24a58b75-ce09-4284-a07c-995d8b1f7942", + "name": "realm roles", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-usermodel-realm-role-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", - "user.attribute": "birthdate", - "id.token.claim": "true", + "user.attribute": "foo", "access.token.claim": "true", - "claim.name": "birthdate", - "jsonType.label": "String" + "claim.name": "realm_access.roles", + "jsonType.label": "String", + "multivalued": "true" } }, { - "id": "563b1f24-7a17-45d5-9e9b-ec02f55f29ac", - "name": "updated at", + "id": "9f348140-ffae-4bba-a4c3-921e4414539c", + "name": "client roles", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-usermodel-client-role-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", - "user.attribute": "updatedAt", - "id.token.claim": "true", + "user.attribute": "foo", "access.token.claim": "true", - "claim.name": "updated_at", - "jsonType.label": "String" + "claim.name": "resource_access.${client_id}.roles", + "jsonType.label": "String", + "multivalued": "true" } }, { - "id": "ddf6bfd2-162a-4148-82e8-bfcc972d38d9", - "name": "locale", + "id": "c69d0557-c90a-4ee2-b4df-1163f696dd24", + "name": "audience resolve", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": {} + } + ] + }, + { + "id": "33a1f7e5-c6b4-4925-89df-b681881c83ef", + "name": "address", + "description": "OpenID Connect built-in scope: address", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "consent.screen.text": "${addressScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "24ac7e18-ae3c-4057-9d08-8ea8e9b0f347", + "name": "address", + "protocol": "openid-connect", + "protocolMapper": "oidc-address-mapper", "consentRequired": false, "config": { + "user.attribute.country": "country", + "user.attribute.postal_code": "postal_code", "userinfo.token.claim": "true", - "user.attribute": "locale", + "user.attribute.street": "street", "id.token.claim": "true", + "user.attribute.region": "region", "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" + "user.attribute.locality": "locality" } - }, + } + ] + }, + { + "id": "3d36b943-5522-4385-94e0-c11cc36ca92c", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ { - "id": "63b37003-4667-4204-ba10-82bd805eedbd", - "name": "website", + "id": "ba0da916-2ec0-4d46-8ce8-34f85265d7da", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, + { + "id": "db945bba-36ff-490c-83e1-973f75bc701a", + "name": "profile", + "description": "OpenID Connect built-in scope: profile", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "consent.screen.text": "${profileScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "afdc5bb8-4dd5-43cc-ab0c-5f34af6c6770", + "name": "picture", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", - "user.attribute": "website", + "user.attribute": "picture", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "website", - "jsonType.label": "String" + "claim.name": "picture", + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { - "id": "43168770-1852-4bd3-a001-ecb8f43e2d01", - "name": "family name", + "id": "9a39f00e-117d-4518-8d55-8c7cd757cdd7", + "name": "given name", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", - "user.attribute": "lastName", + "user.attribute": "firstName", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" + "claim.name": "given_name", + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { - "id": "4f43d257-bcd4-424b-ac4c-7ed6106bda7b", - "name": "nickname", + "id": "cebbe569-d00c-40ae-ad59-04fe261f0ed1", + "name": "locale", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", - "user.attribute": "nickname", + "user.attribute": "locale", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "nickname", - "jsonType.label": "String" + "claim.name": "locale", + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { - "id": "bcfd9120-456b-4e56-bb19-8412b3bb8e65", + "id": "60695914-3529-42da-a6f1-6afa963d2ccc", "name": "zoneinfo", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", "user.attribute": "zoneinfo", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "zoneinfo", - "jsonType.label": "String" + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { - "id": "248c6b5b-6c56-47c4-8e3e-78d0f1c4b354", - "name": "given name", + "id": "950cc6da-3790-40f2-9a1c-ba0c43c7e034", + "name": "website", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", - "user.attribute": "firstName", + "user.attribute": "website", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" + "claim.name": "website", + "jsonType.label": "String", + "userinfo.token.claim": "true" } - } - ] - }, - { - "id": "a3a199ea-9bf8-4650-a94e-ca76e033ecfb", - "name": "email", - "description": "OpenID Connect built-in scope: email", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${emailScopeConsentText}" - }, - "protocolMappers": [ + }, { - "id": "5e823a7c-6cfe-44c6-8f9a-46f04f9c81a8", - "name": "email verified", + "id": "20605bb8-6f0d-49f7-aa8a-1c79275ad585", + "name": "profile", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", - "user.attribute": "emailVerified", + "user.attribute": "profile", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "email_verified", - "jsonType.label": "boolean" + "claim.name": "profile", + "jsonType.label": "String", + "userinfo.token.claim": "true" } }, { - "id": "e8260072-8d11-40ff-8e4a-173cb34ce149", - "name": "email", + "id": "b3f98c69-04ad-49ec-b298-7636ba443576", + "name": "birthdate", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", - "user.attribute": "email", + "user.attribute": "birthdate", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" + "claim.name": "birthdate", + "jsonType.label": "String", + "userinfo.token.claim": "true" } - } - ] - }, - { - "id": "a12fb442-8024-430a-b984-d798c793941f", - "name": "acr", - "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ + }, { - "id": "1b751695-4f70-40e5-888b-c8965dbd89ba", - "name": "acr loa level", + "id": "b605d516-6899-467f-b19e-4b8514f61437", + "name": "updated at", "protocol": "openid-connect", - "protocolMapper": "oidc-acr-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { + "user.attribute": "updatedAt", "id.token.claim": "true", - "access.token.claim": "true" + "access.token.claim": "true", + "claim.name": "updated_at", + "jsonType.label": "String", + "userinfo.token.claim": "true" } - } - ] - }, - { - "id": "6d17b7a8-1436-4b95-b728-43fb616c9206", - "name": "role_list", - "description": "SAML role list", - "protocol": "saml", - "attributes": { - "consent.screen.text": "${samlRoleListScopeConsentText}", - "display.on.consent.screen": "true" - }, - "protocolMappers": [ + }, { - "id": "0935b850-6bb3-48df-8569-48559e133cac", - "name": "role list", - "protocol": "saml", - "protocolMapper": "saml-role-list-mapper", + "id": "3e476d95-2b09-4131-bb71-07bf52993c6f", + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String", + "userinfo.token.claim": "true" + } + }, + { + "id": "7d06386b-2f5f-413d-94dc-4d8d4d618c22", + "name": "middle name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "user.attribute": "middleName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "middle_name", + "jsonType.label": "String", + "userinfo.token.claim": "true" + } + }, + { + "id": "b4f53c9a-e050-4db6-8749-af1c13ec5ebc", + "name": "gender", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "single": "false", - "attribute.nameformat": "Basic", - "attribute.name": "Role" + "user.attribute": "gender", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "gender", + "jsonType.label": "String", + "userinfo.token.claim": "true" } - } - ] - }, - { - "id": "6a998c2f-6cbd-404c-99d5-18cc0fbc1b69", - "name": "roles", - "description": "OpenID Connect scope for add user roles to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "true", - "consent.screen.text": "${rolesScopeConsentText}" - }, - "protocolMappers": [ + }, { - "id": "e1ea2afa-d72e-491a-b0d7-570dad902381", - "name": "audience resolve", + "id": "b2dd6fcf-81a6-4941-bc4d-bbd67ed4f1a9", + "name": "full name", "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", + "protocolMapper": "oidc-full-name-mapper", "consentRequired": false, - "config": {} + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } }, { - "id": "9ce88d9e-4509-4c33-8839-aea32dec751b", - "name": "realm roles", + "id": "5f666303-fe83-48b5-8490-41e9affb0736", + "name": "username", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", + "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { - "user.attribute": "foo", + "user.attribute": "username", + "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "realm_access.roles", + "claim.name": "preferred_username", "jsonType.label": "String", - "multivalued": "true" + "userinfo.token.claim": "true" } }, { - "id": "24569b37-2897-4fe3-b57c-4c9f30260a24", - "name": "client roles", + "id": "42372ab1-c198-4494-8952-0cb62b90b455", + "name": "nickname", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-client-role-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "user.attribute": "foo", + "user.attribute": "nickname", + "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "resource_access.${client_id}.roles", + "claim.name": "nickname", "jsonType.label": "String", - "multivalued": "true" + "userinfo.token.claim": "true" } } ] }, { - "id": "fb833196-4695-4980-9773-d701170d8df6", + "id": "e9bacdb5-c350-491f-ba7f-72f51ac598a3", "name": "web-origins", "description": "OpenID Connect scope for add allowed web origins to the access token", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "false", - "display.on.consent.screen": "false", - "consent.screen.text": "" + "consent.screen.text": "", + "display.on.consent.screen": "false" }, "protocolMappers": [ { - "id": "b2381aa1-9ccc-4eca-af18-d144a265c6e9", + "id": "5ef7f813-8aa8-4c1f-991b-b1d2ec5d15c7", "name": "allowed web origins", "protocol": "openid-connect", "protocolMapper": "oidc-allowed-origins-mapper", @@ -1701,85 +1819,25 @@ ] }, { - "id": "095a37c3-0e99-41ac-98fc-0be41134a718", - "name": "offline_access", - "description": "OpenID Connect built-in scope: offline_access", - "protocol": "openid-connect", + "id": "099b6a43-3ff4-4eaa-a226-8b5557746551", + "name": "role_list", + "description": "SAML role list", + "protocol": "saml", "attributes": { - "consent.screen.text": "${offlineAccessScopeConsentText}", + "consent.screen.text": "${samlRoleListScopeConsentText}", "display.on.consent.screen": "true" - } - }, - { - "id": "440d4070-c9c0-4ddc-8b9c-f75b13c6bf73", - "name": "address", - "description": "OpenID Connect built-in scope: address", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${addressScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "e23fb472-ae87-45b9-9bfe-902c705202d6", - "name": "address", - "protocol": "openid-connect", - "protocolMapper": "oidc-address-mapper", - "consentRequired": false, - "config": { - "user.attribute.formatted": "formatted", - "user.attribute.country": "country", - "user.attribute.postal_code": "postal_code", - "userinfo.token.claim": "true", - "user.attribute.street": "street", - "id.token.claim": "true", - "user.attribute.region": "region", - "access.token.claim": "true", - "user.attribute.locality": "locality" - } - } - ] - }, - { - "id": "c05c8d76-8345-4f32-aef0-0f9074deeea3", - "name": "microprofile-jwt", - "description": "Microprofile - JWT built-in scope", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "false" }, "protocolMappers": [ { - "id": "64575817-79e6-4ce4-97f2-d98d84ed85aa", - "name": "upn", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "upn", - "jsonType.label": "String" - } - }, - { - "id": "24e7717d-ef9a-462b-8153-812155508de6", - "name": "groups", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", + "id": "c5ffa1ee-53cf-4287-bbad-277333077c37", + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", "consentRequired": false, "config": { - "multivalued": "true", - "userinfo.token.claim": "true", - "user.attribute": "foo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "groups", - "jsonType.label": "String" + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" } } ] @@ -1791,7 +1849,8 @@ "email", "roles", "web-origins", - "acr" + "acr", + "basic" ], "defaultOptionalClientScopes": [ "offline_access", @@ -1802,7 +1861,6 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", - "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -1902,34 +1960,34 @@ "components": { "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ { - "id": "b090f376-44ea-48f2-8fd6-921e13adb786", - "name": "Trusted Hosts", - "providerId": "trusted-hosts", + "id": "f70f2ee3-bf29-493a-b329-8216e8314420", + "name": "Full Scope Disabled", + "providerId": "scope", "subType": "anonymous", "subComponents": {}, - "config": { - "host-sending-registration-request-must-match": [ - "true" - ], - "client-uris-must-match": [ - "true" - ] - } + "config": {} }, { - "id": "1d220609-5565-43d8-95c9-0c1c79516531", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "authenticated", + "id": "85ece1db-dd8a-42b6-b1f8-2033dcdd12aa", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "anonymous", "subComponents": {}, "config": { - "allow-default-scopes": [ - "true" + "allowed-protocol-mapper-types": [ + "saml-user-attribute-mapper", + "saml-user-property-mapper", + "saml-role-list-mapper", + "oidc-address-mapper", + "oidc-usermodel-attribute-mapper", + "oidc-full-name-mapper", + "oidc-usermodel-property-mapper", + "oidc-sha256-pairwise-sub-mapper" ] } }, { - "id": "5f3cb95d-2844-4740-8496-3926809020e2", + "id": "2a12cc59-65f2-4596-9508-101bcb3e7b5e", "name": "Max Clients Limit", "providerId": "max-clients", "subType": "anonymous", @@ -1941,7 +1999,7 @@ } }, { - "id": "e9c810f9-fce0-4d9e-8dcb-79ae397bc814", + "id": "b559e39f-31e0-4021-8c3a-e11f9bc6ce92", "name": "Consent Required", "providerId": "consent-required", "subType": "anonymous", @@ -1949,75 +2007,79 @@ "config": {} }, { - "id": "54be4ec2-8fc2-4882-8058-79a3d69bce80", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", + "id": "8a6d2c61-c9c1-4d4f-affd-c4a4d28d8d2a", + "name": "Trusted Hosts", + "providerId": "trusted-hosts", "subType": "anonymous", "subComponents": {}, "config": { - "allow-default-scopes": [ + "host-sending-registration-request-must-match": [ + "true" + ], + "client-uris-must-match": [ "true" ] } }, { - "id": "ecadeac0-7496-47fd-b10d-79f3461bb896", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "anonymous", + "id": "3d2fe62b-13b5-4d77-910c-5d84ac19fe61", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "authenticated", "subComponents": {}, "config": { - "allowed-protocol-mapper-types": [ - "oidc-sha256-pairwise-sub-mapper", - "oidc-usermodel-property-mapper", - "saml-role-list-mapper", - "oidc-usermodel-attribute-mapper", - "saml-user-attribute-mapper", - "oidc-address-mapper", - "oidc-full-name-mapper", - "saml-user-property-mapper" + "allow-default-scopes": [ + "true" ] } }, { - "id": "3c52ce03-6518-460c-ac6a-89fd37bad747", - "name": "Full Scope Disabled", - "providerId": "scope", + "id": "2b30c659-fe1b-4ab2-872d-76d8d91ecb76", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", "subType": "anonymous", "subComponents": {}, - "config": {} + "config": { + "allow-default-scopes": [ + "true" + ] + } }, { - "id": "20b218ed-2ef8-4b75-a4fe-6715d8aeb8d8", + "id": "bc086ab5-1cdb-45aa-be6c-977740c436cd", "name": "Allowed Protocol Mapper Types", "providerId": "allowed-protocol-mappers", "subType": "authenticated", "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ + "oidc-full-name-mapper", + "oidc-usermodel-property-mapper", + "oidc-sha256-pairwise-sub-mapper", "oidc-address-mapper", - "oidc-usermodel-attribute-mapper", - "saml-role-list-mapper", + "saml-user-property-mapper", "saml-user-attribute-mapper", - "oidc-sha256-pairwise-sub-mapper", - "oidc-usermodel-property-mapper", - "oidc-full-name-mapper", - "saml-user-property-mapper" + "oidc-usermodel-attribute-mapper", + "saml-role-list-mapper" ] } } ], "org.keycloak.userprofile.UserProfileProvider": [ { - "id": "ad484781-1154-4e4c-8c49-865ddaeba6b6", + "id": "56d6f094-ed23-431e-8b79-f1da33399438", "providerId": "declarative-user-profile", "subComponents": {}, - "config": {} + "config": { + "kc.user.profile.config": [ + "{\"attributes\":[{\"name\":\"username\",\"displayName\":\"${username}\",\"validations\":{\"length\":{\"min\":3,\"max\":255},\"username-prohibited-characters\":{},\"up-username-not-idn-homograph\":{}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"email\",\"displayName\":\"${email}\",\"validations\":{\"email\":{},\"length\":{\"max\":255}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"firstName\",\"displayName\":\"${firstName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"lastName\",\"displayName\":\"${lastName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false}],\"groups\":[{\"name\":\"user-metadata\",\"displayHeader\":\"User metadata\",\"displayDescription\":\"Attributes, which refer to user metadata\"}],\"unmanagedAttributePolicy\":\"ENABLED\"}" + ] + } } ], "org.keycloak.keys.KeyProvider": [ { - "id": "87eaeab2-63ed-4199-b5ac-dfd536a8ee4e", + "id": "894b58f4-32d3-4bf0-b3e7-8e607a2f997f", "name": "rsa-generated", "providerId": "rsa-generated", "subComponents": {}, @@ -2028,8 +2090,8 @@ } }, { - "id": "b5bbb5c7-5db4-434f-a5ac-996d527a5b60", - "name": "hmac-generated", + "id": "61fc48b9-a97c-4687-9393-7cd6d0888c09", + "name": "hmac-generated-hs512", "providerId": "hmac-generated", "subComponents": {}, "config": { @@ -2037,12 +2099,12 @@ "100" ], "algorithm": [ - "HS256" + "HS512" ] } }, { - "id": "abbe387e-c190-47d5-8a8e-247318b060ba", + "id": "a108ae46-2661-429c-b9df-b50957289370", "name": "rsa-enc-generated", "providerId": "rsa-enc-generated", "subComponents": {}, @@ -2056,7 +2118,7 @@ } }, { - "id": "535ed0da-498d-41a4-95e7-3848efb05e5d", + "id": "20e10b58-2af2-4f7f-bc2d-b16a5f0ad290", "name": "aes-generated", "providerId": "aes-generated", "subComponents": {}, @@ -2065,6 +2127,20 @@ "100" ] } + }, + { + "id": "8e593e0a-229b-4b7c-a0eb-f262ced78883", + "name": "hmac-generated", + "providerId": "hmac-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ], + "algorithm": [ + "HS256" + ] + } } ] }, @@ -2072,7 +2148,7 @@ "supportedLocales": [], "authenticationFlows": [ { - "id": "3d998361-ced1-4717-a609-0cd29ddb5c10", + "id": "333b2b14-0502-4213-b791-e99ff3d2a711", "alias": "Account verification options", "description": "Method with which to verity the existing account", "providerId": "basic-flow", @@ -2098,7 +2174,7 @@ ] }, { - "id": "b06c4a1f-ff23-46fb-ad3c-b33630566ae3", + "id": "26524d81-51f0-4567-aede-51e047dda534", "alias": "Browser - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -2124,7 +2200,7 @@ ] }, { - "id": "e7a4d910-2be1-4700-8dc3-47de78f2ef4b", + "id": "9b7be5dd-281f-441f-8a12-6be05e46b4b4", "alias": "Direct Grant - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -2150,7 +2226,7 @@ ] }, { - "id": "15066608-6f4d-4413-baed-5fc00a0d5ae1", + "id": "735a079f-239e-4777-afc9-2c14369de5f1", "alias": "First broker login - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -2176,7 +2252,7 @@ ] }, { - "id": "77d93705-cef6-4aff-8a59-b0833027a752", + "id": "e66cdbd1-8a93-491b-b176-37aa39f54f2e", "alias": "Handle Existing Account", "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", "providerId": "basic-flow", @@ -2202,7 +2278,7 @@ ] }, { - "id": "82539f5c-fee7-4c82-b4d8-10f9dae5e58c", + "id": "3b2cc6ac-852f-437a-bbf3-ec76b8fa0b26", "alias": "Reset - Conditional OTP", "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", "providerId": "basic-flow", @@ -2228,7 +2304,7 @@ ] }, { - "id": "00d44f6d-ba56-42c9-87f7-7e5fe7251391", + "id": "6039556c-4f81-4d31-9190-39a82955a60c", "alias": "User creation or linking", "description": "Flow for the existing/non-existing user alternatives", "providerId": "basic-flow", @@ -2255,7 +2331,7 @@ ] }, { - "id": "e8aa7cf8-ea7d-4b1a-ad19-db042d891477", + "id": "9558efdd-1263-4d2b-94c2-212b23747542", "alias": "Verify Existing Account by Re-authentication", "description": "Reauthentication of existing account", "providerId": "basic-flow", @@ -2281,7 +2357,7 @@ ] }, { - "id": "69b7b61c-275f-44a9-aa2a-18938d5c2c7e", + "id": "59c20a66-bbb7-4345-90cf-ea51bcfacfb2", "alias": "browser", "description": "browser based authentication", "providerId": "basic-flow", @@ -2323,7 +2399,7 @@ ] }, { - "id": "721b40e1-cc93-451b-8c7d-60914e7ddfa8", + "id": "0c91217f-2286-4736-9c31-2e86b7836ecd", "alias": "clients", "description": "Base authentication for clients", "providerId": "client-flow", @@ -2365,7 +2441,7 @@ ] }, { - "id": "0c61e7f1-487b-44f2-acae-6fb11103ee8e", + "id": "b2119c4d-d9a5-4261-8d81-fe42111fe39c", "alias": "direct grant", "description": "OpenID Connect Resource Owner Grant", "providerId": "basic-flow", @@ -2399,7 +2475,7 @@ ] }, { - "id": "65711f5a-315d-40d0-841f-61592f336d10", + "id": "e7c19061-12f6-493a-822b-c966f76f240f", "alias": "docker auth", "description": "Used by Docker clients to authenticate against the IDP", "providerId": "basic-flow", @@ -2417,7 +2493,7 @@ ] }, { - "id": "d04622b6-e0ec-4158-bc36-fc9b1c639250", + "id": "bbbe8448-00bc-4588-b28f-ccf9a01dd6e8", "alias": "first broker login", "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", "providerId": "basic-flow", @@ -2444,7 +2520,7 @@ ] }, { - "id": "6e4faf19-5fd9-4c16-9a73-8293ff9594f9", + "id": "34000d58-9009-47ac-a53b-cb71e91a8086", "alias": "forms", "description": "Username, password, otp and other auth forms.", "providerId": "basic-flow", @@ -2470,7 +2546,7 @@ ] }, { - "id": "41811fbf-e0a9-490e-bbfc-2cd4a35c58ce", + "id": "fa5ccedd-7d9e-4f3f-9a3e-392bdea288cd", "alias": "registration", "description": "registration flow", "providerId": "basic-flow", @@ -2489,7 +2565,7 @@ ] }, { - "id": "d71a5383-0fcc-434a-a2a4-a81bcad8efd1", + "id": "5085904d-4691-4ec8-9d27-eb5b8c47d275", "alias": "registration form", "description": "registration form", "providerId": "form-flow", @@ -2505,33 +2581,33 @@ "userSetupAllowed": false }, { - "authenticator": "registration-profile-action", + "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", - "priority": 40, + "priority": 50, "autheticatorFlow": false, "userSetupAllowed": false }, { - "authenticator": "registration-password-action", + "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 50, + "requirement": "DISABLED", + "priority": 60, "autheticatorFlow": false, "userSetupAllowed": false }, { - "authenticator": "registration-recaptcha-action", + "authenticator": "registration-terms-and-conditions", "authenticatorFlow": false, "requirement": "DISABLED", - "priority": 60, + "priority": 70, "autheticatorFlow": false, "userSetupAllowed": false } ] }, { - "id": "1a078d78-3192-4860-9418-cc72912f6460", + "id": "a335f5e2-ecdb-4e6e-af83-5b26c85982d9", "alias": "reset credentials", "description": "Reset credentials for a user if they forgot their password or something", "providerId": "basic-flow", @@ -2573,7 +2649,7 @@ ] }, { - "id": "a90a4a58-b805-4f6d-9f6c-e580f9fbb763", + "id": "d33da0c9-9541-4ac3-bdea-65d620011c38", "alias": "saml ecp", "description": "SAML ECP Profile Authentication Flow", "providerId": "basic-flow", @@ -2593,14 +2669,14 @@ ], "authenticatorConfig": [ { - "id": "fefbed37-3ac2-465a-b20f-868d2e5bbf15", + "id": "fc09b331-52f6-4bb7-96e4-5d1686d479a8", "alias": "create unique user config", "config": { "require.password.update.after.registration": "false" } }, { - "id": "04c7fe17-7769-4a79-992a-c8b44f407d6f", + "id": "30f5aa3e-5a0c-4f3d-b1fa-3ac109eb836e", "alias": "review profile config", "config": { "update.profile.on.first.login": "missing" @@ -2662,6 +2738,33 @@ "priority": 60, "config": {} }, + { + "alias": "webauthn-register", + "name": "Webauthn Register", + "providerId": "webauthn-register", + "enabled": true, + "defaultAction": false, + "priority": 70, + "config": {} + }, + { + "alias": "webauthn-register-passwordless", + "name": "Webauthn Register Passwordless", + "providerId": "webauthn-register-passwordless", + "enabled": true, + "defaultAction": false, + "priority": 80, + "config": {} + }, + { + "alias": "delete_credential", + "name": "Delete Credential", + "providerId": "delete_credential", + "enabled": true, + "defaultAction": false, + "priority": 100, + "config": {} + }, { "alias": "update_user_locale", "name": "Update User Locale", @@ -2678,23 +2781,24 @@ "resetCredentialsFlow": "reset credentials", "clientAuthenticationFlow": "clients", "dockerAuthenticationFlow": "docker auth", + "firstBrokerLoginFlow": "first broker login", "attributes": { "cibaBackchannelTokenDeliveryMode": "poll", + "cibaExpiresIn": "120", "cibaAuthRequestedUserHint": "login_hint", + "oauth2DeviceCodeLifespan": "600", "clientOfflineSessionMaxLifespan": "0", - "oauth2DevicePollingInterval": "600", + "oauth2DevicePollingInterval": "5", "clientSessionIdleTimeout": "0", - "userProfileEnabled": "false", + "parRequestUriLifespan": "60", + "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", "cibaInterval": "5", - "realmReusableOtpCode": "false", - "cibaExpiresIn": "120", - "oauth2DeviceCodeLifespan": "600", - "parRequestUriLifespan": "60", - "clientSessionMaxLifespan": "0" + "realmReusableOtpCode": "false" }, - "keycloakVersion": "23.0.7", + "keycloakVersion": "25.0.6", "userManagedAccessAllowed": false, + "organizationsEnabled": false, "clientProfiles": { "profiles": [] },