diff --git a/demo/deployments/keycloakrealm/Hexa-Orchestrator-Realm-realm.json b/demo/deployments/keycloakrealm/Hexa-Orchestrator-Realm-realm.json index ef99eed..4ce6be4 100644 --- a/demo/deployments/keycloakrealm/Hexa-Orchestrator-Realm-realm.json +++ b/demo/deployments/keycloakrealm/Hexa-Orchestrator-Realm-realm.json @@ -246,7 +246,15 @@ "containerId" : "36bd81a2-1092-436f-9677-ebe17fb35fd3", "attributes" : { } } ], - "hexaclient" : [ ], + "hexaclient" : [ { + "id" : "7c68e39f-d149-4655-ae54-aaba6c4e404c", + "name" : "HexaRoles", + "description" : "", + "composite" : false, + "clientRole" : true, + "containerId" : "ccc5f622-1cb6-45bf-83f5-61e4aa97e8ac", + "attributes" : { } + } ], "security-admin-console" : [ ], "admin-cli" : [ ], "account-console" : [ ], @@ -336,7 +344,39 @@ } ] } }, - "groups" : [ ], + "groups" : [ { + "id" : "74dbc03b-8a9c-4b51-acf3-0de6235345a1", + "name" : "accounting", + "path" : "/accounting", + "subGroups" : [ ], + "attributes" : { }, + "realmRoles" : [ ], + "clientRoles" : { } + }, { + "id" : "aad243ad-b638-451d-9d77-2c508717bc90", + "name" : "humanresources", + "path" : "/humanresources", + "subGroups" : [ ], + "attributes" : { }, + "realmRoles" : [ ], + "clientRoles" : { } + }, { + "id" : "63f23660-539b-43a1-8381-a9950cf2cdea", + "name" : "marketing", + "path" : "/marketing", + "subGroups" : [ ], + "attributes" : { }, + "realmRoles" : [ ], + "clientRoles" : { } + }, { + "id" : "ef7a3b30-cdab-42cb-9e51-204506022deb", + "name" : "sales", + "path" : "/sales", + "subGroups" : [ ], + "attributes" : { }, + "realmRoles" : [ ], + "clientRoles" : { } + } ], "defaultRole" : { "id" : "fedd0314-21a4-44af-aaa5-8023fef2b01a", "name" : "default-roles-hexa-orchestrator-realm", @@ -377,44 +417,6 @@ "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false, "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ], "webAuthnPolicyPasswordlessExtraOrigins" : [ ], - "users" : [ { - "id" : "26b48d79-a2e9-43c5-909b-a991880b9180", - "createdTimestamp" : 1717180238484, - "username" : "phil.hunt@independentid.com", - "enabled" : true, - "totp" : false, - "emailVerified" : true, - "firstName" : "Phil", - "lastName" : "Hunt", - "email" : "phil.hunt@independentid.com", - "credentials" : [ { - "id" : "cff2b8ab-6a27-4a42-9b31-1ef68b1ed8e5", - "type" : "password", - "userLabel" : "My password", - "createdDate" : 1717180270362, - "secretData" : "{\"value\":\"izL+WdWt9Pu6/xNCxa+ogyoWYVnUOu9ffigIzMg8Eeo=\",\"salt\":\"dliYibHbb4TLbgtgwQhpxA==\",\"additionalParameters\":{}}", - "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" - } ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "realmRoles" : [ "default-roles-hexa-orchestrator-realm" ], - "notBefore" : 0, - "groups" : [ ] - }, { - "id" : "42d63382-d681-4a4c-bc68-69373c48c217", - "createdTimestamp" : 1717818402408, - "username" : "service-account-hexaclient", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "serviceAccountClientId" : "hexaclient", - "credentials" : [ ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "realmRoles" : [ "default-roles-hexa-orchestrator-realm" ], - "notBefore" : 0, - "groups" : [ ] - } ], "scopeMappings" : [ { "clientScope" : "offline_access", "roles" : [ "offline_access" ] @@ -514,7 +516,9 @@ "publicClient" : true, "frontchannelLogout" : false, "protocol" : "openid-connect", - "attributes" : { }, + "attributes" : { + "post.logout.redirect.uris" : "+" + }, "authenticationFlowBindingOverrides" : { }, "fullScopeAllowed" : false, "nodeReRegistrationTimeout" : 0, @@ -540,7 +544,9 @@ "publicClient" : false, "frontchannelLogout" : false, "protocol" : "openid-connect", - "attributes" : { }, + "attributes" : { + "post.logout.redirect.uris" : "+" + }, "authenticationFlowBindingOverrides" : { }, "fullScopeAllowed" : false, "nodeReRegistrationTimeout" : 0, @@ -553,29 +559,32 @@ "description" : "Hexa Admin UI client", "rootUrl" : "", "adminUrl" : "", - "baseUrl" : "", + "baseUrl" : "http://admin.hexa.org:8884/", "surrogateAuthRequired" : false, "enabled" : true, "alwaysDisplayInConsole" : false, "clientAuthenticatorType" : "client-secret", "secret" : "uuXVzfbqH635Ob0oTON1uboONUqasmTt", - "redirectUris" : [ "/*" ], - "webOrigins" : [ "/*" ], + "redirectUris" : [ "http://localhost:8886/redirect", "http://localhost:8884/redirect", "https://admin.hexa.org:8884/redirect", "http://demo.hexa.org:8886/redirect", "http://admin.hexa.org:8884/redirect", "https://demo.hexa.org:8886/redirect" ], + "webOrigins" : [ "*" ], "notBefore" : 0, "bearerOnly" : false, "consentRequired" : false, - "standardFlowEnabled" : false, + "standardFlowEnabled" : true, "implicitFlowEnabled" : false, "directAccessGrantsEnabled" : false, "serviceAccountsEnabled" : true, "publicClient" : false, - "frontchannelLogout" : true, + "frontchannelLogout" : false, "protocol" : "openid-connect", "attributes" : { "oidc.ciba.grant.enabled" : "false", - "oauth2.device.authorization.grant.enabled" : "false", "client.secret.creation.time" : "1717818402", - "backchannel.logout.session.required" : "true", + "backchannel.logout.session.required" : "false", + "login_theme" : "keycloak", + "post.logout.redirect.uris" : "+", + "display.on.consent.screen" : "false", + "oauth2.device.authorization.grant.enabled" : "false", "backchannel.logout.revoke.offline.tokens" : "false" }, "authenticationFlowBindingOverrides" : { }, @@ -590,6 +599,7 @@ "config" : { "user.session.note" : "client_id", "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "client_id", @@ -604,11 +614,27 @@ "config" : { "user.session.note" : "clientAddress", "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "clientAddress", "jsonType.label" : "String" } + }, { + "id" : "0a0f97b3-60b3-4200-bf30-a3e1b6118ecb", + "name" : "Map Hexa Realm Roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "multivalued" : "true", + "userinfo.token.claim" : "true", + "id.token.claim" : "true", + "access.token.claim" : "false", + "claim.name" : "roles", + "jsonType.label" : "String" + } }, { "id" : "ba5963f5-c9f2-4e25-8b71-9692b604760b", "name" : "Client Host", @@ -618,14 +644,15 @@ "config" : { "user.session.note" : "clientHost", "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "clientHost", "jsonType.label" : "String" } } ], - "defaultClientScopes" : [ "web-origins", "orchestrator", "roles" ], - "optionalClientScopes" : [ "acr", "address", "phone", "offline_access", "profile", "microprofile-jwt", "email" ] + "defaultClientScopes" : [ "web-origins", "orchestrator", "roles", "email" ], + "optionalClientScopes" : [ "acr", "address", "phone", "offline_access", "profile", "microprofile-jwt" ] }, { "id" : "36bd81a2-1092-436f-9677-ebe17fb35fd3", "clientId" : "realm-management", @@ -646,7 +673,9 @@ "publicClient" : false, "frontchannelLogout" : false, "protocol" : "openid-connect", - "attributes" : { }, + "attributes" : { + "post.logout.redirect.uris" : "+" + }, "authenticationFlowBindingOverrides" : { }, "fullScopeAllowed" : false, "nodeReRegistrationTimeout" : 0, @@ -865,6 +894,7 @@ "config" : { "introspection.token.claim" : "true", "multivalued" : "true", + "userinfo.token.claim" : "true", "user.attribute" : "foo", "id.token.claim" : "true", "access.token.claim" : "true", @@ -890,7 +920,8 @@ "config" : { "id.token.claim" : "true", "introspection.token.claim" : "true", - "access.token.claim" : "true" + "access.token.claim" : "true", + "userinfo.token.claim" : "true" } } ] }, { @@ -899,48 +930,51 @@ "description" : "OpenID Connect scope for add user roles to the access token", "protocol" : "openid-connect", "attributes" : { - "include.in.token.scope" : "false", - "display.on.consent.screen" : "true", + "include.in.token.scope" : "true", + "display.on.consent.screen" : "false", "gui.order" : "", "consent.screen.text" : "${rolesScopeConsentText}" }, "protocolMappers" : [ { - "id" : "dcf45026-be57-407b-8fd2-77da9a7a48af", - "name" : "realm roles", + "id" : "6a883475-ffe7-4dde-9dcc-0d4d186e5161", + "name" : "audience resolve", "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "protocolMapper" : "oidc-audience-resolve-mapper", "consentRequired" : false, "config" : { "introspection.token.claim" : "true", - "multivalued" : "true", - "user.attribute" : "foo", - "access.token.claim" : "true", - "claim.name" : "realm_access.roles", - "jsonType.label" : "String" + "access.token.claim" : "true" } }, { - "id" : "28d89791-fa14-4815-ab32-829fd0f17796", - "name" : "client roles", + "id" : "ccdab394-eab4-427e-b4d3-039eb9c4d59f", + "name" : "Group Membership", "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-client-role-mapper", + "protocolMapper" : "oidc-group-membership-mapper", "consentRequired" : false, "config" : { + "full.path" : "false", "introspection.token.claim" : "true", "multivalued" : "true", - "user.attribute" : "foo", - "access.token.claim" : "true", - "claim.name" : "resource_access.${client_id}.roles", - "jsonType.label" : "String" + "userinfo.token.claim" : "false", + "id.token.claim" : "true", + "access.token.claim" : "false", + "claim.name" : "roles" } }, { - "id" : "6a883475-ffe7-4dde-9dcc-0d4d186e5161", - "name" : "audience resolve", + "id" : "d9b7d557-02f7-42d7-9031-b34aad72a3ca", + "name" : "realm roles", "protocol" : "openid-connect", - "protocolMapper" : "oidc-audience-resolve-mapper", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", "consentRequired" : false, "config" : { "introspection.token.claim" : "true", - "access.token.claim" : "true" + "multivalued" : "true", + "userinfo.token.claim" : "false", + "user.attribute" : "foo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "realm_access.roles", + "jsonType.label" : "String" } } ] }, { @@ -1191,7 +1225,8 @@ "id.token.claim" : "true", "access.token.claim" : "true", "introspection.token.claim" : "true", - "included.custom.audience" : "http://hexa-orchestrator:8885" + "included.custom.audience" : "http://hexa-orchestrator:8885", + "userinfo.token.claim" : "true" } } ] }, { @@ -1216,7 +1251,7 @@ } } ] } ], - "defaultDefaultClientScopes" : [ "web-origins", "orchestrator" ], + "defaultDefaultClientScopes" : [ "web-origins", "orchestrator", "roles" ], "defaultOptionalClientScopes" : [ ], "browserSecurityHeaders" : { "contentSecurityPolicyReportOnly" : "", @@ -1229,6 +1264,10 @@ "strictTransportSecurity" : "max-age=31536000; includeSubDomains" }, "smtpServer" : { }, + "loginTheme" : "base", + "accountTheme" : "", + "adminTheme" : "", + "emailTheme" : "", "eventsEnabled" : false, "eventsListeners" : [ "jboss-logging" ], "enabledEventTypes" : [ ], @@ -1260,7 +1299,7 @@ "subType" : "authenticated", "subComponents" : { }, "config" : { - "allowed-protocol-mapper-types" : [ "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-attribute-mapper", "saml-role-list-mapper", "oidc-full-name-mapper", "saml-user-property-mapper", "saml-user-attribute-mapper", "oidc-usermodel-property-mapper", "oidc-address-mapper" ] + "allowed-protocol-mapper-types" : [ "saml-user-property-mapper", "oidc-full-name-mapper", "saml-user-attribute-mapper", "oidc-address-mapper", "saml-role-list-mapper", "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper", "oidc-sha256-pairwise-sub-mapper" ] } }, { "id" : "ca978067-a3d8-41c9-8db4-9cc9ef353ce3", @@ -1295,7 +1334,7 @@ "subType" : "anonymous", "subComponents" : { }, "config" : { - "allowed-protocol-mapper-types" : [ "saml-user-attribute-mapper", "oidc-address-mapper", "oidc-usermodel-property-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-role-list-mapper", "saml-user-property-mapper", "oidc-full-name-mapper", "oidc-usermodel-attribute-mapper" ] + "allowed-protocol-mapper-types" : [ "saml-user-property-mapper", "saml-role-list-mapper", "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-full-name-mapper", "oidc-address-mapper", "saml-user-attribute-mapper", "oidc-usermodel-property-mapper" ] } }, { "id" : "c7138cef-30fa-47ed-8d0e-9b98cea803b4", @@ -1885,8 +1924,8 @@ "attributes" : { "cibaBackchannelTokenDeliveryMode" : "poll", "cibaAuthRequestedUserHint" : "login_hint", - "oauth2DevicePollingInterval" : "5", "clientOfflineSessionMaxLifespan" : "0", + "oauth2DevicePollingInterval" : "5", "clientSessionIdleTimeout" : "0", "clientOfflineSessionIdleTimeout" : "0", "cibaInterval" : "5", @@ -1895,7 +1934,7 @@ "oauth2DeviceCodeLifespan" : "600", "parRequestUriLifespan" : "60", "clientSessionMaxLifespan" : "0", - "frontendUrl" : "", + "frontendUrl" : "http://keycloak:8080/", "acr.loa.map" : "{}" }, "keycloakVersion" : "23.0.6", @@ -1906,1979 +1945,4 @@ "clientPolicies" : { "policies" : [ ] } -}, { - "id" : "250a0d6a-335c-41ed-91d1-0633a945ac69", - "realm" : "master", - "displayName" : "Keycloak", - "displayNameHtml" : "
Keycloak
", - "notBefore" : 0, - "defaultSignatureAlgorithm" : "RS256", - "revokeRefreshToken" : false, - "refreshTokenMaxReuse" : 0, - "accessTokenLifespan" : 60, - "accessTokenLifespanForImplicitFlow" : 900, - "ssoSessionIdleTimeout" : 1800, - "ssoSessionMaxLifespan" : 36000, - "ssoSessionIdleTimeoutRememberMe" : 0, - "ssoSessionMaxLifespanRememberMe" : 0, - "offlineSessionIdleTimeout" : 2592000, - "offlineSessionMaxLifespanEnabled" : false, - "offlineSessionMaxLifespan" : 5184000, - "clientSessionIdleTimeout" : 0, - "clientSessionMaxLifespan" : 0, - "clientOfflineSessionIdleTimeout" : 0, - "clientOfflineSessionMaxLifespan" : 0, - "accessCodeLifespan" : 60, - "accessCodeLifespanUserAction" : 300, - "accessCodeLifespanLogin" : 1800, - "actionTokenGeneratedByAdminLifespan" : 43200, - "actionTokenGeneratedByUserLifespan" : 300, - "oauth2DeviceCodeLifespan" : 600, - "oauth2DevicePollingInterval" : 5, - "enabled" : true, - "sslRequired" : "external", - "registrationAllowed" : false, - "registrationEmailAsUsername" : false, - "rememberMe" : false, - "verifyEmail" : false, - "loginWithEmailAllowed" : true, - "duplicateEmailsAllowed" : false, - "resetPasswordAllowed" : false, - "editUsernameAllowed" : false, - "bruteForceProtected" : false, - "permanentLockout" : false, - "maxFailureWaitSeconds" : 900, - "minimumQuickLoginWaitSeconds" : 60, - "waitIncrementSeconds" : 60, - "quickLoginCheckMilliSeconds" : 1000, - "maxDeltaTimeSeconds" : 43200, - "failureFactor" : 30, - "roles" : { - "realm" : [ { - "id" : "00205ce3-79b1-434c-981c-b5c9cd93d670", - "name" : "offline_access", - "description" : "${role_offline-access}", - "composite" : false, - "clientRole" : false, - "containerId" : "250a0d6a-335c-41ed-91d1-0633a945ac69", - "attributes" : { } - }, { - "id" : "2e937590-4d3b-40ba-868a-5b13d319a65d", - "name" : "uma_authorization", - "description" : "${role_uma_authorization}", - "composite" : false, - "clientRole" : false, - "containerId" : "250a0d6a-335c-41ed-91d1-0633a945ac69", - "attributes" : { } - }, { - "id" : "0ebd5632-070c-4e49-9549-26846b49e35e", - "name" : "create-realm", - "description" : "${role_create-realm}", - "composite" : false, - "clientRole" : false, - "containerId" : "250a0d6a-335c-41ed-91d1-0633a945ac69", - "attributes" : { } - }, { - "id" : "898efc89-330a-4781-923b-2b09139a075b", - "name" : "admin", - "description" : "${role_admin}", - "composite" : true, - "composites" : { - "realm" : [ "create-realm" ], - "client" : { - "Hexa-Orchestrator-Realm-realm" : [ "view-clients", "query-groups", "view-realm", "view-users", "view-authorization", "impersonation", "create-client", "view-identity-providers", "manage-users", "query-users", "manage-events", "view-events", "manage-identity-providers", "manage-authorization", "query-realms", "query-clients", "manage-realm", "manage-clients" ], - "master-realm" : [ "create-client", "manage-identity-providers", "query-groups", "view-identity-providers", "query-clients", "view-authorization", "manage-realm", "manage-clients", "manage-events", "view-realm", "manage-authorization", "query-realms", "manage-users", "view-users", "view-events", "query-users", "impersonation", "view-clients" ] - } - }, - "clientRole" : false, - "containerId" : "250a0d6a-335c-41ed-91d1-0633a945ac69", - "attributes" : { } - }, { - "id" : "2acd0db2-2352-4133-8aa6-bf468d6d0aea", - "name" : "default-roles-master", - "description" : "${role_default-roles}", - "composite" : true, - "composites" : { - "realm" : [ "offline_access", "uma_authorization" ], - "client" : { - "account" : [ "manage-account", "view-profile" ] - } - }, - "clientRole" : false, - "containerId" : "250a0d6a-335c-41ed-91d1-0633a945ac69", - "attributes" : { } - } ], - "client" : { - "security-admin-console" : [ ], - "Hexa-Orchestrator-Realm-realm" : [ { - "id" : "26e41a17-7965-4303-baeb-b6586717b4f3", - "name" : "view-authorization", - "description" : "${role_view-authorization}", - "composite" : false, - "clientRole" : true, - "containerId" : "f1402f1e-baeb-4887-a47e-a7e595038a2f", - "attributes" : { } - }, { - "id" : "a2a473d3-23bc-4317-8e52-ce416f3b025c", - "name" : "impersonation", - "description" : "${role_impersonation}", - "composite" : false, - "clientRole" : true, - "containerId" : "f1402f1e-baeb-4887-a47e-a7e595038a2f", - "attributes" : { } - }, { - "id" : "838fda00-97b5-4f1f-9d1a-fdf6e6a915c1", - "name" : "create-client", - "description" : "${role_create-client}", - "composite" : false, - "clientRole" : true, - "containerId" : "f1402f1e-baeb-4887-a47e-a7e595038a2f", - "attributes" : { } - }, { - "id" : "b32135c8-fcae-4a0f-a87c-47e5ffcb5ea1", - "name" : "view-identity-providers", - "description" : "${role_view-identity-providers}", - "composite" : false, - "clientRole" : true, - "containerId" : "f1402f1e-baeb-4887-a47e-a7e595038a2f", - "attributes" : { } - }, { - "id" : "d89387aa-8d75-4169-baea-8df255c9eea8", - "name" : "view-clients", - "description" : "${role_view-clients}", - "composite" : true, - "composites" : { - "client" : { - "Hexa-Orchestrator-Realm-realm" : [ "query-clients" ] - } - }, - "clientRole" : true, - "containerId" : "f1402f1e-baeb-4887-a47e-a7e595038a2f", - "attributes" : { } - }, { - "id" : "b79aaa48-573c-463c-a1d3-1461cf255dc2", - "name" : "manage-users", - "description" : "${role_manage-users}", - "composite" : false, - "clientRole" : true, - "containerId" : "f1402f1e-baeb-4887-a47e-a7e595038a2f", - "attributes" : { } - }, { - "id" : "f0e627fb-63fa-4cae-b648-ca94c1946b0c", - "name" : "query-users", - "description" : "${role_query-users}", - "composite" : false, - "clientRole" : true, - "containerId" : "f1402f1e-baeb-4887-a47e-a7e595038a2f", - "attributes" : { } - }, { - "id" : "f1a11888-000a-4550-aa09-919411f506de", - "name" : "manage-events", - "description" : "${role_manage-events}", - "composite" : false, - "clientRole" : true, - "containerId" : "f1402f1e-baeb-4887-a47e-a7e595038a2f", - "attributes" : { } - }, { - "id" : "a70f28a7-f297-43a8-b832-972a60903f1a", - "name" : "query-groups", - "description" : "${role_query-groups}", - "composite" : false, - "clientRole" : true, - "containerId" : "f1402f1e-baeb-4887-a47e-a7e595038a2f", - "attributes" : { } - }, { - "id" : "8735920a-b9da-4b11-abac-8c3e33f1ee98", - "name" : "view-events", - "description" : "${role_view-events}", - "composite" : false, - "clientRole" : true, - "containerId" : "f1402f1e-baeb-4887-a47e-a7e595038a2f", - "attributes" : { } - }, { - "id" : "79b2d5ab-1140-42fb-a3dd-973817e95a2f", - "name" : "view-realm", - "description" : "${role_view-realm}", - "composite" : false, - "clientRole" : true, - "containerId" : "f1402f1e-baeb-4887-a47e-a7e595038a2f", - "attributes" : { } - }, { - "id" : "44c7e9aa-b647-4677-9422-4d0feae213cf", - "name" : "manage-identity-providers", - "description" : "${role_manage-identity-providers}", - "composite" : false, - "clientRole" : true, - "containerId" : "f1402f1e-baeb-4887-a47e-a7e595038a2f", - "attributes" : { } - }, { - "id" : "8fadc488-41e2-407c-8ef3-67e558946697", - "name" : "manage-authorization", - "description" : "${role_manage-authorization}", - "composite" : false, - "clientRole" : true, - "containerId" : "f1402f1e-baeb-4887-a47e-a7e595038a2f", - "attributes" : { } - }, { - "id" : "df9deb9f-fd24-4650-b552-1ee9698eed62", - "name" : "query-realms", - "description" : "${role_query-realms}", - "composite" : false, - "clientRole" : true, - "containerId" : "f1402f1e-baeb-4887-a47e-a7e595038a2f", - "attributes" : { } - }, { - "id" : "6a49d5c8-8c64-4992-b359-a4beccc1e7bf", - "name" : "view-users", - "description" : "${role_view-users}", - "composite" : true, - "composites" : { - "client" : { - "Hexa-Orchestrator-Realm-realm" : [ "query-users", "query-groups" ] - } - }, - "clientRole" : true, - "containerId" : "f1402f1e-baeb-4887-a47e-a7e595038a2f", - "attributes" : { } - }, { - "id" : "f609835f-8738-434d-9a78-c0223a0c4391", - "name" : "query-clients", - "description" : "${role_query-clients}", - "composite" : false, - "clientRole" : true, - "containerId" : "f1402f1e-baeb-4887-a47e-a7e595038a2f", - "attributes" : { } - }, { - "id" : "ae9b858c-7d0a-49c5-be5a-7b829512622f", - "name" : "manage-realm", - "description" : "${role_manage-realm}", - "composite" : false, - "clientRole" : true, - "containerId" : "f1402f1e-baeb-4887-a47e-a7e595038a2f", - "attributes" : { } - }, { - "id" : "a03faf2e-7a48-4950-bcc7-2338a0f85c5b", - "name" : "manage-clients", - "description" : "${role_manage-clients}", - "composite" : false, - "clientRole" : true, - "containerId" : "f1402f1e-baeb-4887-a47e-a7e595038a2f", - "attributes" : { } - } ], - "admin-cli" : [ ], - "account-console" : [ ], - "broker" : [ { - "id" : "3e89bdae-3c5a-4470-88de-3cd90affcca1", - "name" : "read-token", - "description" : "${role_read-token}", - "composite" : false, - "clientRole" : true, - "containerId" : "db3a3f0c-f9e0-43af-bff2-20da50bb1bdb", - "attributes" : { } - } ], - "master-realm" : [ { - "id" : "08d075eb-d72f-4f70-95af-1ee0101d3190", - "name" : "view-realm", - "description" : "${role_view-realm}", - "composite" : false, - "clientRole" : true, - "containerId" : "0123d438-2cca-48e5-8c60-d3178670f6fd", - "attributes" : { } - }, { - "id" : "a3bd494c-6cc8-466e-8f9c-b88695894bae", - "name" : "create-client", - "description" : "${role_create-client}", - "composite" : false, - "clientRole" : true, - "containerId" : "0123d438-2cca-48e5-8c60-d3178670f6fd", - "attributes" : { } - }, { - "id" : "3c8ae068-0519-4771-821d-bb08d2adf598", - "name" : "manage-identity-providers", - "description" : "${role_manage-identity-providers}", - "composite" : false, - "clientRole" : true, - "containerId" : "0123d438-2cca-48e5-8c60-d3178670f6fd", - "attributes" : { } - }, { - "id" : "98d34382-ac58-4337-a0c7-a24f2b90ae89", - "name" : "query-groups", - "description" : "${role_query-groups}", - "composite" : false, - "clientRole" : true, - "containerId" : "0123d438-2cca-48e5-8c60-d3178670f6fd", - "attributes" : { } - }, { - "id" : "c6a492bb-1e04-4488-9959-e03d39fa7a00", - "name" : "manage-authorization", - "description" : "${role_manage-authorization}", - "composite" : false, - "clientRole" : true, - "containerId" : "0123d438-2cca-48e5-8c60-d3178670f6fd", - "attributes" : { } - }, { - "id" : "444c64d3-769d-463c-917c-20e93ef43c38", - "name" : "view-identity-providers", - "description" : "${role_view-identity-providers}", - "composite" : false, - "clientRole" : true, - "containerId" : "0123d438-2cca-48e5-8c60-d3178670f6fd", - "attributes" : { } - }, { - "id" : "db6c9f4b-b5b9-400c-91b1-bb52f61de78e", - "name" : "query-realms", - "description" : "${role_query-realms}", - "composite" : false, - "clientRole" : true, - "containerId" : "0123d438-2cca-48e5-8c60-d3178670f6fd", - "attributes" : { } - }, { - "id" : "afc6db88-1308-4156-bb31-5625f9ea5fbb", - "name" : "manage-users", - "description" : "${role_manage-users}", - "composite" : false, - "clientRole" : true, - "containerId" : "0123d438-2cca-48e5-8c60-d3178670f6fd", - "attributes" : { } - }, { - "id" : "f4f8f823-11ff-4a1f-9f05-5a497123264f", - "name" : "query-clients", - "description" : "${role_query-clients}", - "composite" : false, - "clientRole" : true, - "containerId" : "0123d438-2cca-48e5-8c60-d3178670f6fd", - "attributes" : { } - }, { - "id" : "ee77c2fb-a151-4c04-b720-73ca50e7b62e", - "name" : "view-users", - "description" : "${role_view-users}", - "composite" : true, - "composites" : { - "client" : { - "master-realm" : [ "query-users", "query-groups" ] - } - }, - "clientRole" : true, - "containerId" : "0123d438-2cca-48e5-8c60-d3178670f6fd", - "attributes" : { } - }, { - "id" : "c1fc76f9-e3bd-470c-a633-6687d311b39d", - "name" : "manage-realm", - "description" : "${role_manage-realm}", - "composite" : false, - "clientRole" : true, - "containerId" : "0123d438-2cca-48e5-8c60-d3178670f6fd", - "attributes" : { } - }, { - "id" : "e4077a88-7881-400f-9ff0-daece64fe275", - "name" : "view-authorization", - "description" : "${role_view-authorization}", - "composite" : false, - "clientRole" : true, - "containerId" : "0123d438-2cca-48e5-8c60-d3178670f6fd", - "attributes" : { } - }, { - "id" : "35363e8c-512b-4e09-9db8-7b0aac3a951c", - "name" : "manage-clients", - "description" : "${role_manage-clients}", - "composite" : false, - "clientRole" : true, - "containerId" : "0123d438-2cca-48e5-8c60-d3178670f6fd", - "attributes" : { } - }, { - "id" : "92075945-934d-497f-9a83-137d9f36b23c", - "name" : "view-events", - "description" : "${role_view-events}", - "composite" : false, - "clientRole" : true, - "containerId" : "0123d438-2cca-48e5-8c60-d3178670f6fd", - "attributes" : { } - }, { - "id" : "90f7f569-da2c-4ac7-a1bd-d7ee995ed8a2", - "name" : "query-users", - "description" : "${role_query-users}", - "composite" : false, - "clientRole" : true, - "containerId" : "0123d438-2cca-48e5-8c60-d3178670f6fd", - "attributes" : { } - }, { - "id" : "0dc0e474-0219-4ca1-910e-5bdde43b4582", - "name" : "impersonation", - "description" : "${role_impersonation}", - "composite" : false, - "clientRole" : true, - "containerId" : "0123d438-2cca-48e5-8c60-d3178670f6fd", - "attributes" : { } - }, { - "id" : "24a9b8eb-f2b6-410e-8129-56c25da8fe60", - "name" : "view-clients", - "description" : "${role_view-clients}", - "composite" : true, - "composites" : { - "client" : { - "master-realm" : [ "query-clients" ] - } - }, - "clientRole" : true, - "containerId" : "0123d438-2cca-48e5-8c60-d3178670f6fd", - "attributes" : { } - }, { - "id" : "09ff139f-71fa-499e-8f9d-eff167b24c69", - "name" : "manage-events", - "description" : "${role_manage-events}", - "composite" : false, - "clientRole" : true, - "containerId" : "0123d438-2cca-48e5-8c60-d3178670f6fd", - "attributes" : { } - } ], - "account" : [ { - "id" : "7648ae03-833e-42cb-8b49-c7ae7913998b", - "name" : "delete-account", - "description" : "${role_delete-account}", - "composite" : false, - "clientRole" : true, - "containerId" : "5f54b7b9-4ae4-43ad-aee4-a862673b7bec", - "attributes" : { } - }, { - "id" : "8566833f-dfb0-45c2-b2da-140ef1072a16", - "name" : "view-applications", - "description" : "${role_view-applications}", - "composite" : false, - "clientRole" : true, - "containerId" : "5f54b7b9-4ae4-43ad-aee4-a862673b7bec", - "attributes" : { } - }, { - "id" : "b01eb485-e9a2-4613-98f2-16d58f2362e8", - "name" : "view-consent", - "description" : "${role_view-consent}", - "composite" : false, - "clientRole" : true, - "containerId" : "5f54b7b9-4ae4-43ad-aee4-a862673b7bec", - "attributes" : { } - }, { - "id" : "74e658a3-7157-4a3a-afe5-539337cec87b", - "name" : "view-groups", - "description" : "${role_view-groups}", - "composite" : false, - "clientRole" : true, - "containerId" : "5f54b7b9-4ae4-43ad-aee4-a862673b7bec", - "attributes" : { } - }, { - "id" : "9d641c83-9c38-48f3-affb-5bc2e558fdde", - "name" : "manage-account", - "description" : "${role_manage-account}", - "composite" : true, - "composites" : { - "client" : { - "account" : [ "manage-account-links" ] - } - }, - "clientRole" : true, - "containerId" : "5f54b7b9-4ae4-43ad-aee4-a862673b7bec", - "attributes" : { } - }, { - "id" : "cbff58a7-69be-461a-adcc-d93850c80c39", - "name" : "view-profile", - "description" : "${role_view-profile}", - "composite" : false, - "clientRole" : true, - "containerId" : "5f54b7b9-4ae4-43ad-aee4-a862673b7bec", - "attributes" : { } - }, { - "id" : "f5ce199a-25e7-47bd-821f-919973ec97e3", - "name" : "manage-account-links", - "description" : "${role_manage-account-links}", - "composite" : false, - "clientRole" : true, - "containerId" : "5f54b7b9-4ae4-43ad-aee4-a862673b7bec", - "attributes" : { } - }, { - "id" : "6a8238b9-3399-4c4b-973c-8b1be4a5700d", - "name" : "manage-consent", - "description" : "${role_manage-consent}", - "composite" : true, - "composites" : { - "client" : { - "account" : [ "view-consent" ] - } - }, - "clientRole" : true, - "containerId" : "5f54b7b9-4ae4-43ad-aee4-a862673b7bec", - "attributes" : { } - } ] - } - }, - "groups" : [ ], - "defaultRole" : { - "id" : "2acd0db2-2352-4133-8aa6-bf468d6d0aea", - "name" : "default-roles-master", - "description" : "${role_default-roles}", - "composite" : true, - "clientRole" : false, - "containerId" : "250a0d6a-335c-41ed-91d1-0633a945ac69" - }, - "requiredCredentials" : [ "password" ], - "otpPolicyType" : "totp", - "otpPolicyAlgorithm" : "HmacSHA1", - "otpPolicyInitialCounter" : 0, - "otpPolicyDigits" : 6, - "otpPolicyLookAheadWindow" : 1, - "otpPolicyPeriod" : 30, - "otpPolicyCodeReusable" : false, - "otpSupportedApplications" : [ "totpAppFreeOTPName", "totpAppGoogleName", "totpAppMicrosoftAuthenticatorName" ], - "localizationTexts" : { }, - "webAuthnPolicyRpEntityName" : "keycloak", - "webAuthnPolicySignatureAlgorithms" : [ "ES256" ], - "webAuthnPolicyRpId" : "", - "webAuthnPolicyAttestationConveyancePreference" : "not specified", - "webAuthnPolicyAuthenticatorAttachment" : "not specified", - "webAuthnPolicyRequireResidentKey" : "not specified", - "webAuthnPolicyUserVerificationRequirement" : "not specified", - "webAuthnPolicyCreateTimeout" : 0, - "webAuthnPolicyAvoidSameAuthenticatorRegister" : false, - "webAuthnPolicyAcceptableAaguids" : [ ], - "webAuthnPolicyExtraOrigins" : [ ], - "webAuthnPolicyPasswordlessRpEntityName" : "keycloak", - "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ], - "webAuthnPolicyPasswordlessRpId" : "", - "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified", - "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified", - "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified", - "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified", - "webAuthnPolicyPasswordlessCreateTimeout" : 0, - "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false, - "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ], - "webAuthnPolicyPasswordlessExtraOrigins" : [ ], - "users" : [ { - "id" : "c528565c-05a1-43fa-8a5f-95ea820d6b3f", - "createdTimestamp" : 1717179838145, - "username" : "admin", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "credentials" : [ { - "id" : "6f62d292-8c55-411b-b6fd-092e55975d4f", - "type" : "password", - "createdDate" : 1717179838321, - "secretData" : "{\"value\":\"l3gTBmpb32civyIqC6K1o3LLTMJSEwX3Ck2726IqjaE=\",\"salt\":\"v5/GoHN5bdy27ewaZOeBVQ==\",\"additionalParameters\":{}}", - "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" - } ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "realmRoles" : [ "default-roles-master", "admin" ], - "clientRoles" : { - "Hexa-Orchestrator-Realm-realm" : [ "view-authorization", "create-client", "view-identity-providers", "view-clients", "manage-users", "query-users", "manage-events", "query-groups", "view-events", "view-realm", "manage-identity-providers", "manage-authorization", "query-realms", "view-users", "query-clients", "manage-realm", "manage-clients" ] - }, - "notBefore" : 0, - "groups" : [ ] - } ], - "scopeMappings" : [ { - "clientScope" : "offline_access", - "roles" : [ "offline_access" ] - } ], - "clientScopeMappings" : { - "account" : [ { - "client" : "account-console", - "roles" : [ "manage-account", "view-groups" ] - } ] - }, - "clients" : [ { - "id" : "f1402f1e-baeb-4887-a47e-a7e595038a2f", - "clientId" : "Hexa-Orchestrator-Realm-realm", - "name" : "Hexa-Orchestrator-Realm Realm", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : true, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "attributes" : { }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ ], - "optionalClientScopes" : [ ] - }, { - "id" : "5f54b7b9-4ae4-43ad-aee4-a862673b7bec", - "clientId" : "account", - "name" : "${client_account}", - "rootUrl" : "${authBaseUrl}", - "baseUrl" : "/realms/master/account/", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ "/realms/master/account/*" ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "post.logout.redirect.uris" : "+" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "6375daf0-a1b2-43df-a0b3-213ba813bbdc", - "clientId" : "account-console", - "name" : "${client_account-console}", - "rootUrl" : "${authBaseUrl}", - "baseUrl" : "/realms/master/account/", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ "/realms/master/account/*" ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "post.logout.redirect.uris" : "+", - "pkce.code.challenge.method" : "S256" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "protocolMappers" : [ { - "id" : "98400c66-0adc-41bb-b723-cb61d2f164ea", - "name" : "audience resolve", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-audience-resolve-mapper", - "consentRequired" : false, - "config" : { } - } ], - "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "bbbce321-7116-4bf8-b09b-387d40e65da8", - "clientId" : "admin-cli", - "name" : "${client_admin-cli}", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : false, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : true, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "db3a3f0c-f9e0-43af-bff2-20da50bb1bdb", - "clientId" : "broker", - "name" : "${client_broker}", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : true, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "0123d438-2cca-48e5-8c60-d3178670f6fd", - "clientId" : "master-realm", - "name" : "master Realm", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : true, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "attributes" : { }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "80455da6-806b-4d18-872c-13b17c6c4858", - "clientId" : "security-admin-console", - "name" : "${client_security-admin-console}", - "rootUrl" : "${authAdminUrl}", - "baseUrl" : "/admin/master/console/", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ "/admin/master/console/*" ], - "webOrigins" : [ "+" ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "post.logout.redirect.uris" : "+", - "pkce.code.challenge.method" : "S256" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "protocolMappers" : [ { - "id" : "45edff09-1761-4306-aee0-eaf0c0c0f575", - "name" : "locale", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "locale", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "locale", - "jsonType.label" : "String" - } - } ], - "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - } ], - "clientScopes" : [ { - "id" : "a6cd1634-b264-4862-89ca-08e6502aefeb", - "name" : "address", - "description" : "OpenID Connect built-in scope: address", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${addressScopeConsentText}" - }, - "protocolMappers" : [ { - "id" : "42a4e93e-a4b9-440a-ae94-8ecbd23362b4", - "name" : "address", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-address-mapper", - "consentRequired" : false, - "config" : { - "user.attribute.formatted" : "formatted", - "user.attribute.country" : "country", - "introspection.token.claim" : "true", - "user.attribute.postal_code" : "postal_code", - "userinfo.token.claim" : "true", - "user.attribute.street" : "street", - "id.token.claim" : "true", - "user.attribute.region" : "region", - "access.token.claim" : "true", - "user.attribute.locality" : "locality" - } - } ] - }, { - "id" : "b7d5a6e2-daf8-4a9e-a84d-a981db7e275d", - "name" : "role_list", - "description" : "SAML role list", - "protocol" : "saml", - "attributes" : { - "consent.screen.text" : "${samlRoleListScopeConsentText}", - "display.on.consent.screen" : "true" - }, - "protocolMappers" : [ { - "id" : "ca74261b-b1ed-4398-8b87-4af873b27bf2", - "name" : "role list", - "protocol" : "saml", - "protocolMapper" : "saml-role-list-mapper", - "consentRequired" : false, - "config" : { - "single" : "false", - "attribute.nameformat" : "Basic", - "attribute.name" : "Role" - } - } ] - }, { - "id" : "f7d8d56a-b569-46ca-9c06-7a6983b13b66", - "name" : "offline_access", - "description" : "OpenID Connect built-in scope: offline_access", - "protocol" : "openid-connect", - "attributes" : { - "consent.screen.text" : "${offlineAccessScopeConsentText}", - "display.on.consent.screen" : "true" - } - }, { - "id" : "4bf3ed7f-ae03-4d14-b16c-ab6d0587d02f", - "name" : "email", - "description" : "OpenID Connect built-in scope: email", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${emailScopeConsentText}" - }, - "protocolMappers" : [ { - "id" : "d0b2ce41-af5c-43bc-83b4-1aa53213a44e", - "name" : "email verified", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "emailVerified", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "email_verified", - "jsonType.label" : "boolean" - } - }, { - "id" : "8b70ecd2-ac75-49b6-aa91-e4213c833b92", - "name" : "email", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "email", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "email", - "jsonType.label" : "String" - } - } ] - }, { - "id" : "4da27057-9e72-4dd2-b929-1707bc4f9bb0", - "name" : "roles", - "description" : "OpenID Connect scope for add user roles to the access token", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "false", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${rolesScopeConsentText}" - }, - "protocolMappers" : [ { - "id" : "52e0c8b5-1396-4508-91f1-da6abbc98c0a", - "name" : "audience resolve", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-audience-resolve-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "access.token.claim" : "true" - } - }, { - "id" : "8f7d997e-d50a-49ce-8751-cb3fa72f4d87", - "name" : "realm roles", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-realm-role-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "multivalued" : "true", - "user.attribute" : "foo", - "access.token.claim" : "true", - "claim.name" : "realm_access.roles", - "jsonType.label" : "String" - } - }, { - "id" : "99b66d78-97b7-4ff5-9fbd-60082005c218", - "name" : "client roles", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-client-role-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "multivalued" : "true", - "user.attribute" : "foo", - "access.token.claim" : "true", - "claim.name" : "resource_access.${client_id}.roles", - "jsonType.label" : "String" - } - } ] - }, { - "id" : "80ec344e-379b-4332-aaba-1f75304518cb", - "name" : "web-origins", - "description" : "OpenID Connect scope for add allowed web origins to the access token", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "false", - "display.on.consent.screen" : "false", - "consent.screen.text" : "" - }, - "protocolMappers" : [ { - "id" : "70fb586a-95e7-4bcf-908a-5a429869d143", - "name" : "allowed web origins", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-allowed-origins-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "access.token.claim" : "true" - } - } ] - }, { - "id" : "dd7e3856-b2ca-4862-b358-04599d2a3890", - "name" : "profile", - "description" : "OpenID Connect built-in scope: profile", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${profileScopeConsentText}" - }, - "protocolMappers" : [ { - "id" : "4a7bf129-3e10-4622-8409-f78cbfe533b7", - "name" : "middle name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "middleName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "middle_name", - "jsonType.label" : "String" - } - }, { - "id" : "d58d845c-daed-42ab-b41f-09fa8ae616fe", - "name" : "birthdate", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "birthdate", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "birthdate", - "jsonType.label" : "String" - } - }, { - "id" : "d1c3d30e-0b84-41a1-9541-26ec27eae2cb", - "name" : "full name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-full-name-mapper", - "consentRequired" : false, - "config" : { - "id.token.claim" : "true", - "introspection.token.claim" : "true", - "access.token.claim" : "true", - "userinfo.token.claim" : "true" - } - }, { - "id" : "7f764926-ee24-4aef-859e-3e0628d689ed", - "name" : "website", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "website", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "website", - "jsonType.label" : "String" - } - }, { - "id" : "84bffc56-322d-4c93-b926-d5f1ebcddb88", - "name" : "updated at", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "updatedAt", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "updated_at", - "jsonType.label" : "long" - } - }, { - "id" : "7d6b4477-9d58-462a-bc6f-68980967312a", - "name" : "picture", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "picture", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "picture", - "jsonType.label" : "String" - } - }, { - "id" : "b4ef3544-5e33-4741-ac11-bc91df0df847", - "name" : "nickname", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "nickname", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "nickname", - "jsonType.label" : "String" - } - }, { - "id" : "de6fdeab-de35-4722-80f6-2fb1183ba0bf", - "name" : "gender", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "gender", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "gender", - "jsonType.label" : "String" - } - }, { - "id" : "eeb3b0dd-a57a-43bf-bd75-7b5f811cc01a", - "name" : "username", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "username", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "preferred_username", - "jsonType.label" : "String" - } - }, { - "id" : "8e852d2a-c7c1-4257-9adf-49ad455574cd", - "name" : "zoneinfo", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "zoneinfo", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "zoneinfo", - "jsonType.label" : "String" - } - }, { - "id" : "b8b978e6-3c5c-4c7a-bba8-906064eec53a", - "name" : "profile", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "profile", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "profile", - "jsonType.label" : "String" - } - }, { - "id" : "e61d7d7f-9f06-47db-ac8f-97753b9e0110", - "name" : "family name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "lastName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "family_name", - "jsonType.label" : "String" - } - }, { - "id" : "e3a1f774-26a8-4693-bacb-bafe30d5cf39", - "name" : "locale", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "locale", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "locale", - "jsonType.label" : "String" - } - }, { - "id" : "3b95e7a1-fec7-49d5-8ea0-9504eafad852", - "name" : "given name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "firstName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "given_name", - "jsonType.label" : "String" - } - } ] - }, { - "id" : "31850249-233f-47b0-998c-720ef761e44a", - "name" : "phone", - "description" : "OpenID Connect built-in scope: phone", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${phoneScopeConsentText}" - }, - "protocolMappers" : [ { - "id" : "5817cf61-07ef-4886-a772-d22b02c21f0b", - "name" : "phone number", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "phoneNumber", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "phone_number", - "jsonType.label" : "String" - } - }, { - "id" : "29e65f04-6945-4718-849a-90cd15fb917f", - "name" : "phone number verified", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "phoneNumberVerified", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "phone_number_verified", - "jsonType.label" : "boolean" - } - } ] - }, { - "id" : "d0659815-4408-4177-9bc0-695612a4ea78", - "name" : "microprofile-jwt", - "description" : "Microprofile - JWT built-in scope", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "false" - }, - "protocolMappers" : [ { - "id" : "4aafc62b-655b-4fdb-a450-983f98855b46", - "name" : "upn", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "username", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "upn", - "jsonType.label" : "String" - } - }, { - "id" : "b979c1d6-b533-409c-960b-a893e4ab39c8", - "name" : "groups", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-realm-role-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "multivalued" : "true", - "user.attribute" : "foo", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "groups", - "jsonType.label" : "String" - } - } ] - }, { - "id" : "c59ab31a-970d-4f06-839f-ae91c1f5e623", - "name" : "acr", - "description" : "OpenID Connect scope for add acr (authentication context class reference) to the token", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "false", - "display.on.consent.screen" : "false" - }, - "protocolMappers" : [ { - "id" : "68302cbe-854b-471d-8f34-10d9aaded828", - "name" : "acr loa level", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-acr-mapper", - "consentRequired" : false, - "config" : { - "id.token.claim" : "true", - "introspection.token.claim" : "true", - "access.token.claim" : "true" - } - } ] - } ], - "defaultDefaultClientScopes" : [ "role_list", "profile", "email", "roles", "web-origins", "acr" ], - "defaultOptionalClientScopes" : [ "offline_access", "address", "phone", "microprofile-jwt" ], - "browserSecurityHeaders" : { - "contentSecurityPolicyReportOnly" : "", - "xContentTypeOptions" : "nosniff", - "referrerPolicy" : "no-referrer", - "xRobotsTag" : "none", - "xFrameOptions" : "SAMEORIGIN", - "xXSSProtection" : "1; mode=block", - "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - "strictTransportSecurity" : "max-age=31536000; includeSubDomains" - }, - "smtpServer" : { }, - "eventsEnabled" : false, - "eventsListeners" : [ "jboss-logging" ], - "enabledEventTypes" : [ ], - "adminEventsEnabled" : false, - "adminEventsDetailsEnabled" : false, - "identityProviders" : [ ], - "identityProviderMappers" : [ ], - "components" : { - "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ { - "id" : "38c85523-2e46-4194-8fad-40b6887d2b29", - "name" : "Trusted Hosts", - "providerId" : "trusted-hosts", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "host-sending-registration-request-must-match" : [ "true" ], - "client-uris-must-match" : [ "true" ] - } - }, { - "id" : "e6b09c83-a0ad-4029-b9fb-1bd9ef3e7197", - "name" : "Allowed Protocol Mapper Types", - "providerId" : "allowed-protocol-mappers", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "allowed-protocol-mapper-types" : [ "saml-user-attribute-mapper", "saml-user-property-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-property-mapper", "oidc-address-mapper", "saml-role-list-mapper", "oidc-full-name-mapper", "oidc-usermodel-attribute-mapper" ] - } - }, { - "id" : "d9cf1ab3-2656-4685-b398-277350bfea38", - "name" : "Allowed Client Scopes", - "providerId" : "allowed-client-templates", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "allow-default-scopes" : [ "true" ] - } - }, { - "id" : "35c706ad-dc91-4e73-9f27-c5182c444823", - "name" : "Max Clients Limit", - "providerId" : "max-clients", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "max-clients" : [ "200" ] - } - }, { - "id" : "2cdcee53-14cb-4163-992f-e6f98ac2c3b8", - "name" : "Allowed Client Scopes", - "providerId" : "allowed-client-templates", - "subType" : "authenticated", - "subComponents" : { }, - "config" : { - "allow-default-scopes" : [ "true" ] - } - }, { - "id" : "2b6db77f-b514-4c6f-8fc4-40dbf27ec42b", - "name" : "Allowed Protocol Mapper Types", - "providerId" : "allowed-protocol-mappers", - "subType" : "authenticated", - "subComponents" : { }, - "config" : { - "allowed-protocol-mapper-types" : [ "saml-user-property-mapper", "oidc-full-name-mapper", "oidc-address-mapper", "oidc-usermodel-attribute-mapper", "saml-role-list-mapper", "oidc-usermodel-property-mapper", "saml-user-attribute-mapper", "oidc-sha256-pairwise-sub-mapper" ] - } - }, { - "id" : "30fdbf2e-b97a-418f-8663-155e0872016c", - "name" : "Consent Required", - "providerId" : "consent-required", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { } - }, { - "id" : "64a0fcf5-f4b7-4e8c-be7b-bc0ce097e006", - "name" : "Full Scope Disabled", - "providerId" : "scope", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { } - } ], - "org.keycloak.keys.KeyProvider" : [ { - "id" : "04227216-afc4-4272-b466-21c14789b33f", - "name" : "rsa-enc-generated", - "providerId" : "rsa-enc-generated", - "subComponents" : { }, - "config" : { - "privateKey" : [ "MIIEogIBAAKCAQEAn9C7vDGtLiV3QtMOlmN/co76XEDgfEqyecU+9BvbS7i9eHofydCl+fBg4vpS1KgqztAbwex2hvNBb2tX8uO77K9m+yLyAYpsczQe44/2zXmg5aC1JbThe9KPrlmS9Y+Kqp5lYhPQe9wowHkb7UET8FnhiD/IG/sO9Tlrw8dGWNWD0HeA8K84CZszNTYpuolVSXXFmfELZ2LJvetcW7OZPQaavYcSqLqDXldb8mh5lekrYlk9lToodirnnIz13gvlgEGobLvd12EUTJgFbaa1rl8zFaVBjroCCBH9ZQq0v+kCjZ61isEAlIz5WtbYxyg6QClORxxb5FGsmkcGx8KqVQIDAQABAoIBAACuS8TaR7nLZxERA4R+5mtMHwm6YDp0IJzsMWYQ1R2Jd/H5DNGefFaIQG43Hf5riPzAkWqBSC/8l7bFzX+3Zw5aR1hvWa1jM/sTQ15s0PxaT3+RVudsnqYZMfHoNJWsB62aZyXEnj31pI0zw66xeRUSpo24cXEARmjWo2LkiNdjPI1Rox1cMElvvwAjfl/5NilVA9C9q9Ujn7M8RP0PJ4Jk2SFZqp9UedNwthWkydl72W9kAj05g40hjBP8Q3EXBZvGEKru3bpq0KYfUwXSTLxILgYOjWm8qB5i8yT4EMB3UJPqpPlKk7OMsZvVFpiWtJ7bHVfoyVpIwEbJ2YLFVrECgYEA0yCz2q0CSE9/iONrN1qlHypijkzzvysHfg8umcOAmfiunVNqk/f8aCbDFjJo7FjaUIoZgLOImSDZO5QyOsQSHwlI+WTHdFktbQ1EpVDfDWP8j3/qCc8DsYD532JoNgp6sSnWQgtzLdjTykHBJBJ1Ny5QgWiGuTKvJvzDMemLd2cCgYEAwcgp8gDUgPEXmNISumG82Bk6gfo0hRMLTjIQ6PyPoigkWI5seWAl8L/jj+CSuKIxlpcbxI2Qksa928YGKtLD9FBk1zF1o7tR2bwMpANcaz3PSYLdcipgQgA/Dq5FOgDsQrDIXkizmzx2Gs91xYGgTHUdkZ2MaN0vNhVUnI0dpuMCgYAnRFTPHhBnnImOzyVYxT4ivsJXzw4ihwE8u9wh8w+PE4Z+ck5HOP8z68mq7jM/igMIqba2ji2gtVBR2W1CKsdoCFUPNWQ3SoK9XpNe39ysY+VMVzETI/J+6AsRNf9F1csd+jcET5bbdxFk87fVWq18VtvYRbWQ6lFTQf2X4eTzjwKBgECmsF/eKQfP5+iDhd4LB78tQ5jjyivvu6DeEUg6Iw2dyOqGsegYzO+yhZCWAz14V4T/azM7a9WcWvF88sfMw7W6MLqe9LmooFk9ZRY/TNE2sPa8o3cYbj726BLUz6HXdvuVEXRrWwjatiihuJApfDqmBDR11MeTq9GmcjE833yzAoGAMnFeWgA+lwDfbDBroGVIdYxAaPJwYupCfPeRNcbWcftUBBpH35sAHL9yIwEfzYHonyI9dC1fAJuBX8UVzBrfXaEhpyazJLfi/mL22nap62+z89QCMRjndA4W4+mYWtNFyzeiB7r1ru5W1Gk/6XJPSq2I+KniIpzkiRKpRR2Nn6A=" ], - "keyUse" : [ "ENC" ], - "certificate" : [ "MIICmzCCAYMCBgGPz+TrZDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZtYXN0ZXIwHhcNMjQwNTMxMTgyMjE3WhcNMzQwNTMxMTgyMzU3WjARMQ8wDQYDVQQDDAZtYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCf0Lu8Ma0uJXdC0w6WY39yjvpcQOB8SrJ5xT70G9tLuL14eh/J0KX58GDi+lLUqCrO0BvB7HaG80Fva1fy47vsr2b7IvIBimxzNB7jj/bNeaDloLUltOF70o+uWZL1j4qqnmViE9B73CjAeRvtQRPwWeGIP8gb+w71OWvDx0ZY1YPQd4DwrzgJmzM1Nim6iVVJdcWZ8QtnYsm961xbs5k9Bpq9hxKouoNeV1vyaHmV6StiWT2VOih2KuecjPXeC+WAQahsu93XYRRMmAVtprWuXzMVpUGOugIIEf1lCrS/6QKNnrWKwQCUjPla1tjHKDpAKU5HHFvkUayaRwbHwqpVAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFq+XJffwQgVMkPQTeT1cOWSSCUjx82Bn1sthQUHGrHtjoeeD+0+eOksNGUqweHc9slNOTfkyT+jh+nyL7QU1WwvqpaKPlsOdEFbewsv6BDjStXdLblDP0aY2i9WVejW5+b6jBdVUzxuWah9eszPNFgc4DWxPPnYoK52lFFE36Iq+P96Dus43O5njd/ag7zRUH4QWPvyGkC3iP0SKOveUBh1b/vxqJeppUk5CxDCjne8Wl0iksRpgiqFMeiPbAYC8YaZggRuuZBugFNdC8WmrMeColEGqc0VslHsq0HAHv92IGMej1f0ppwEl6VfBx7ec235tzoqgjOMMTOixad8qco=" ], - "priority" : [ "100" ], - "algorithm" : [ "RSA-OAEP" ] - } - }, { - "id" : "5389f325-f825-4830-bf27-d8c354499436", - "name" : "aes-generated", - "providerId" : "aes-generated", - "subComponents" : { }, - "config" : { - "kid" : [ "b11447e5-d9db-44bd-bccf-5cae8e6007e4" ], - "secret" : [ "fSA7yH7YrjMQPinmq_l1qg" ], - "priority" : [ "100" ] - } - }, { - "id" : "f461ced8-875f-49ae-a78b-1a1c76406fb0", - "name" : "hmac-generated", - "providerId" : "hmac-generated", - "subComponents" : { }, - "config" : { - "kid" : [ "e1490d1c-641b-4f7a-a8a1-d147de37b417" ], - "secret" : [ "OJ42xs0_2epe4ru9DZeF8F2SjNTT89R2BFvNsq0kRIwbYNnTN7Z3VKG6jl99v4fjEO5oC5d9xPmZ6-yEL4xgoA" ], - "priority" : [ "100" ], - "algorithm" : [ "HS256" ] - } - }, { - "id" : "a36f30d1-e020-48d0-b7e9-3b1ebf75cbf8", - "name" : "rsa-generated", - "providerId" : "rsa-generated", - "subComponents" : { }, - "config" : { - "privateKey" : [ "MIIEowIBAAKCAQEAsVMxMNJz17IIeZzT2TX6iZ4Cz5gPYUqb+aoobnXUVL2tOFcuk2ZhcPnvN4XGIY0EcVvkP4F1rEt9GykLpngD/qf2ZgLLtubq4MHd+7tTVRPU5JfGlevsjW7rbb8a0YsaIldZMucjA0lKyZIBaMNXweRV5QiyJ3PC1aC5JYqnciXc6fZHQRmCu78JCinHKGjNl43NwCf+XNFyGiaIUpT9CZZLC/yvRmdJ0wKl+M/k5pyzMjwT4la/qBoNvogPvcIKqrI3oqmy/viS5Vph+irXABJcHmQnlun3f6OxwhM8Vauqb5VtqxHSXhdJpXVV/TYIcYA2BOtWyL3JgZ8+AeyZ0QIDAQABAoIBAAkWqXvGHZfdkR+ikR0d7iRli+FV+tvStiHavc3Djkl1m0468bEuWyouNTuUSK5piuPAgPdcTEqzZ8sflHBI0HOZ6kAaPpS2Sy2P4i/HzyKaLJw2xz/h4rLxD3IFjHtW9NTzwyefvySo+gNQz2+uK25NpLVjd7Yb8c1/Ol4ZODHadwHZYzm2WICiYeZyWXhLlacLDFJ+uc3pYG+/2ONqjUpXWx0f4jkKFxohFZa8Re46j3v+9a55OE6DDnoKUfL7YbF7VRHISEeHZJUGOCP3gLqa1vpJaD3xquYTI72ZqFpnjKVhsTB8CDKaMnHhJ+nKI8K+BPvDE0oPNiwoCjt9/s0CgYEA6qzPRMmFTz78KdLjU2FCfWOr6tWb5fuKe7aX4r0L9teFYOHfyYtfBR+YYpU7qE2ZjdpjCjOdA9uxwzFM5Oc3QUsyz/bQwPcfHWpbhunpVsZm+y1oK2KZd4HgnA9852gUrCfsXe4ZkJFx3mwRooz5r4vP0bq348Lwy4IE2BjlYmsCgYEAwXBC5eEqtKuQm1KxYru2qj0ggXlxeVnLZPbujPJ7VARw/B07qTkkJs79c8xOc27UOG4k+IBlOt3BnSjMM6ff3YD0C5jX8zAw8XKNDpHE6mHKWmCbdYJJk5kBXW8btVU/RKFC5G+FMwq61MYIfVTLgoTDPMB6tGc9PIqZh7VWm7MCgYEAo71FtUoikMNysD/ryz6eZNzJlEXMy+/xlRY27cZX9bg04P9Y5Mgw2WNNMOPNR0Y1sMtCtViD4rBEXNwmOcS2QgGVB5O/3hPPCvgtunm1DI3MRs9M0pCuYbsmG92WmeN+IQyOGI/MGJnS6I1g1JkmkfysWTq9mdZnqqcieCEO09cCgYAfw9mYelNS++FxQDEU75JdflA6MsEplk9KMyqVRrRt5ZTQMdS8Qz/mh5MjUueHGSoMYjn7/Mmi0wuaTTrLOMQQUb7BsMW1j7JZ09/KBrH5czmRgc/FijGe5T9OIpLAQlFzaa/cZ1vON/LaQfLe8e/BbR/KeCkuOs3ZhUEVAfhI9QKBgBd3ULYPqmwQxQEQBOs+V3VuA3FpLruDdG0/5SDLene+m+eqOpoGm/YdlDX63avXlp5+K9d/QOZrgK507MIQeizTOPHbvizI0FyZJYH5a/2dLkNG/+naCiMQAAcVRyKy0yVOuB5UV8dDSvCfWa31a/2WIQBpb9TxC7g5UqrL2FtV" ], - "keyUse" : [ "SIG" ], - "certificate" : [ "MIICmzCCAYMCBgGPz+TqVTANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZtYXN0ZXIwHhcNMjQwNTMxMTgyMjE3WhcNMzQwNTMxMTgyMzU3WjARMQ8wDQYDVQQDDAZtYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxUzEw0nPXsgh5nNPZNfqJngLPmA9hSpv5qihuddRUva04Vy6TZmFw+e83hcYhjQRxW+Q/gXWsS30bKQumeAP+p/ZmAsu25urgwd37u1NVE9Tkl8aV6+yNbuttvxrRixoiV1ky5yMDSUrJkgFow1fB5FXlCLInc8LVoLkliqdyJdzp9kdBGYK7vwkKKccoaM2Xjc3AJ/5c0XIaJohSlP0JlksL/K9GZ0nTAqX4z+TmnLMyPBPiVr+oGg2+iA+9wgqqsjeiqbL++JLlWmH6KtcAElweZCeW6fd/o7HCEzxVq6pvlW2rEdJeF0mldVX9NghxgDYE61bIvcmBnz4B7JnRAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAI3s19B2/D3xvAkFxBcT/IxwIxrclQ4NGJ/eI43U14qsRRkAQsVn9l8JiBlAVqiJGfXogXAV9dD/+qCpvH1fL4bjykkSGU4cGUgZa6OTdNDro3djmQB3YlIfXmHnWeS/Olf7lzxESnESGI7nyfcDxsPBY9QcaUwJBDPCQde0YJdHT235qf9mKSBtsUQSu/CeL09TlWc0xvqybwLDOTbl3DFfYNclaBozLsNx0SI/5xQWz7kuvo04CF4XvabJ9APqEoxf8eSjUUOZR9e7stZqUH1UJcbVUx1Rnepm3jI+hrePD825efUX/Db+zG4QhPu+Z+9wq3y/6C8niuIOsYPcHXY=" ], - "priority" : [ "100" ] - } - } ] - }, - "internationalizationEnabled" : false, - "supportedLocales" : [ ], - "authenticationFlows" : [ { - "id" : "d506562a-6ad8-48f1-9133-2c2b915d86fe", - "alias" : "Account verification options", - "description" : "Method with which to verity the existing account", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "idp-email-verification", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "ALTERNATIVE", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "Verify Existing Account by Re-authentication", - "userSetupAllowed" : false - } ] - }, { - "id" : "35fd6ccf-a1bf-461d-8109-63ac494ffbc4", - "alias" : "Browser - Conditional OTP", - "description" : "Flow to determine if the OTP is required for the authentication", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "auth-otp-form", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "ec137396-f8b8-4b59-914f-e33532b690ea", - "alias" : "Direct Grant - Conditional OTP", - "description" : "Flow to determine if the OTP is required for the authentication", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "direct-grant-validate-otp", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "c76b9364-efcd-4fc1-a4b5-2def0be58d22", - "alias" : "First broker login - Conditional OTP", - "description" : "Flow to determine if the OTP is required for the authentication", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "auth-otp-form", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "2c756d91-7fb4-4507-94b4-d6e85f78cc6d", - "alias" : "Handle Existing Account", - "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "idp-confirm-link", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "Account verification options", - "userSetupAllowed" : false - } ] - }, { - "id" : "64fa5a88-1e6a-4905-8254-d9ec5123be9c", - "alias" : "Reset - Conditional OTP", - "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "reset-otp", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "4f432a19-893c-4a00-98cf-63dd3a459488", - "alias" : "User creation or linking", - "description" : "Flow for the existing/non-existing user alternatives", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticatorConfig" : "create unique user config", - "authenticator" : "idp-create-user-if-unique", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "ALTERNATIVE", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "Handle Existing Account", - "userSetupAllowed" : false - } ] - }, { - "id" : "0a8a49d9-b9c8-4e86-a66d-c41466ac2a8d", - "alias" : "Verify Existing Account by Re-authentication", - "description" : "Reauthentication of existing account", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "idp-username-password-form", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "CONDITIONAL", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "First broker login - Conditional OTP", - "userSetupAllowed" : false - } ] - }, { - "id" : "a11fb221-5cfa-4758-8b3a-222205a91a69", - "alias" : "browser", - "description" : "browser based authentication", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "auth-cookie", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "auth-spnego", - "authenticatorFlow" : false, - "requirement" : "DISABLED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "identity-provider-redirector", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 25, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "ALTERNATIVE", - "priority" : 30, - "autheticatorFlow" : true, - "flowAlias" : "forms", - "userSetupAllowed" : false - } ] - }, { - "id" : "d7d1170f-3790-4151-9eda-1bbf8c7bc644", - "alias" : "clients", - "description" : "Base authentication for clients", - "providerId" : "client-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "client-secret", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "client-jwt", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "client-secret-jwt", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 30, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "client-x509", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 40, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "141b1258-4bed-45d3-8fc5-d3ecc7b6bcd3", - "alias" : "direct grant", - "description" : "OpenID Connect Resource Owner Grant", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "direct-grant-validate-username", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "direct-grant-validate-password", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "CONDITIONAL", - "priority" : 30, - "autheticatorFlow" : true, - "flowAlias" : "Direct Grant - Conditional OTP", - "userSetupAllowed" : false - } ] - }, { - "id" : "dfca87d3-c9bd-4d48-998b-ecfec593fd5c", - "alias" : "docker auth", - "description" : "Used by Docker clients to authenticate against the IDP", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "docker-http-basic-authenticator", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "23566e15-d34c-4765-93c7-60f3f5285d10", - "alias" : "first broker login", - "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticatorConfig" : "review profile config", - "authenticator" : "idp-review-profile", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "User creation or linking", - "userSetupAllowed" : false - } ] - }, { - "id" : "dd7793ea-8771-46be-bb27-c8cafc8d0f5c", - "alias" : "forms", - "description" : "Username, password, otp and other auth forms.", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "auth-username-password-form", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "CONDITIONAL", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "Browser - Conditional OTP", - "userSetupAllowed" : false - } ] - }, { - "id" : "ed731473-6de8-4472-a82d-7dd816bc6724", - "alias" : "registration", - "description" : "registration flow", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "registration-page-form", - "authenticatorFlow" : true, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : true, - "flowAlias" : "registration form", - "userSetupAllowed" : false - } ] - }, { - "id" : "e4401422-c3ee-4467-a1cd-6f762bb61a19", - "alias" : "registration form", - "description" : "registration form", - "providerId" : "form-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "registration-user-creation", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "registration-password-action", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 50, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "registration-recaptcha-action", - "authenticatorFlow" : false, - "requirement" : "DISABLED", - "priority" : 60, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "registration-terms-and-conditions", - "authenticatorFlow" : false, - "requirement" : "DISABLED", - "priority" : 70, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "53713414-a5dc-41fa-a3f6-d8088b7424ac", - "alias" : "reset credentials", - "description" : "Reset credentials for a user if they forgot their password or something", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "reset-credentials-choose-user", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "reset-credential-email", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "reset-password", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 30, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "CONDITIONAL", - "priority" : 40, - "autheticatorFlow" : true, - "flowAlias" : "Reset - Conditional OTP", - "userSetupAllowed" : false - } ] - }, { - "id" : "60b5bfb7-4b86-48a5-bdf4-8a300b71281c", - "alias" : "saml ecp", - "description" : "SAML ECP Profile Authentication Flow", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "http-basic-authenticator", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - } ], - "authenticatorConfig" : [ { - "id" : "12284c3a-32a1-49c8-812a-4d1cb64d9675", - "alias" : "create unique user config", - "config" : { - "require.password.update.after.registration" : "false" - } - }, { - "id" : "3017ca74-9b25-49d1-af0f-963d9b75c9d5", - "alias" : "review profile config", - "config" : { - "update.profile.on.first.login" : "missing" - } - } ], - "requiredActions" : [ { - "alias" : "CONFIGURE_TOTP", - "name" : "Configure OTP", - "providerId" : "CONFIGURE_TOTP", - "enabled" : true, - "defaultAction" : false, - "priority" : 10, - "config" : { } - }, { - "alias" : "TERMS_AND_CONDITIONS", - "name" : "Terms and Conditions", - "providerId" : "TERMS_AND_CONDITIONS", - "enabled" : false, - "defaultAction" : false, - "priority" : 20, - "config" : { } - }, { - "alias" : "UPDATE_PASSWORD", - "name" : "Update Password", - "providerId" : "UPDATE_PASSWORD", - "enabled" : true, - "defaultAction" : false, - "priority" : 30, - "config" : { } - }, { - "alias" : "UPDATE_PROFILE", - "name" : "Update Profile", - "providerId" : "UPDATE_PROFILE", - "enabled" : true, - "defaultAction" : false, - "priority" : 40, - "config" : { } - }, { - "alias" : "VERIFY_EMAIL", - "name" : "Verify Email", - "providerId" : "VERIFY_EMAIL", - "enabled" : true, - "defaultAction" : false, - "priority" : 50, - "config" : { } - }, { - "alias" : "delete_account", - "name" : "Delete Account", - "providerId" : "delete_account", - "enabled" : false, - "defaultAction" : false, - "priority" : 60, - "config" : { } - }, { - "alias" : "webauthn-register", - "name" : "Webauthn Register", - "providerId" : "webauthn-register", - "enabled" : true, - "defaultAction" : false, - "priority" : 70, - "config" : { } - }, { - "alias" : "webauthn-register-passwordless", - "name" : "Webauthn Register Passwordless", - "providerId" : "webauthn-register-passwordless", - "enabled" : true, - "defaultAction" : false, - "priority" : 80, - "config" : { } - }, { - "alias" : "update_user_locale", - "name" : "Update User Locale", - "providerId" : "update_user_locale", - "enabled" : true, - "defaultAction" : false, - "priority" : 1000, - "config" : { } - } ], - "browserFlow" : "browser", - "registrationFlow" : "registration", - "directGrantFlow" : "direct grant", - "resetCredentialsFlow" : "reset credentials", - "clientAuthenticationFlow" : "clients", - "dockerAuthenticationFlow" : "docker auth", - "attributes" : { - "cibaBackchannelTokenDeliveryMode" : "poll", - "cibaExpiresIn" : "120", - "cibaAuthRequestedUserHint" : "login_hint", - "parRequestUriLifespan" : "60", - "cibaInterval" : "5", - "realmReusableOtpCode" : "false" - }, - "keycloakVersion" : "23.0.6", - "userManagedAccessAllowed" : false, - "clientProfiles" : { - "profiles" : [ ] - }, - "clientPolicies" : { - "policies" : [ ] - } } \ No newline at end of file diff --git a/demo/deployments/keycloakrealm/Hexa-Orchestrator-Realm-users-0.json b/demo/deployments/keycloakrealm/Hexa-Orchestrator-Realm-users-0.json new file mode 100644 index 0000000..b35a444 --- /dev/null +++ b/demo/deployments/keycloakrealm/Hexa-Orchestrator-Realm-users-0.json @@ -0,0 +1,110 @@ +{ + "realm" : "Hexa-Orchestrator-Realm", + "users" : [ { + "id" : "bc55c461-d8cc-48b2-8781-5bc3d63e2154", + "createdTimestamp" : 1720751924200, + "username" : "alice@hexaindustries.io", + "enabled" : true, + "totp" : false, + "emailVerified" : true, + "firstName" : "Alice", + "lastName" : "Jay", + "email" : "alice@hexaindustries.io", + "credentials" : [ { + "id" : "28263152-bd64-454e-ac5b-aba1d911174a", + "type" : "password", + "userLabel" : "My password", + "createdDate" : 1720751960315, + "secretData" : "{\"value\":\"x1APHjmN6WsgK6fcFBCC32i0+bmG5dlPbl6QBtSqXWQ=\",\"salt\":\"SGYXce8wdEinn1PZmsN5gg==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-hexa-orchestrator-realm" ], + "notBefore" : 0, + "groups" : [ "/marketing", "/sales" ] + }, { + "id" : "d93ab6af-5608-42bc-8661-83a8a321f8dc", + "createdTimestamp" : 1720752047940, + "username" : "bob@hexaindustries.io", + "enabled" : true, + "totp" : false, + "emailVerified" : true, + "firstName" : "Bob", + "lastName" : "Roberts", + "email" : "bob@hexaindustries.io", + "credentials" : [ { + "id" : "b4d88c10-c035-424c-8fe4-2d3cd05b5afa", + "type" : "password", + "userLabel" : "My password", + "createdDate" : 1720752067566, + "secretData" : "{\"value\":\"vg4HLq8K2Y7OFr+7QJyMR+ba3JzwzpPDWt/v1zFR/V4=\",\"salt\":\"2OTilF36heOMn1+R8V4Lcw==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-hexa-orchestrator-realm" ], + "notBefore" : 0, + "groups" : [ "/accounting", "/humanresources" ] + }, { + "id" : "fd9b4c1d-2065-441c-8eb5-09634273fcc8", + "createdTimestamp" : 1720812295818, + "username" : "carol@hexaindustries.io", + "enabled" : true, + "totp" : false, + "emailVerified" : true, + "firstName" : "Carol", + "lastName" : "Carlos", + "email" : "carol@hexaindustries.io", + "credentials" : [ { + "id" : "09ff98a4-f99b-473e-96d3-3ed8465c2879", + "type" : "password", + "userLabel" : "My password", + "createdDate" : 1720812315334, + "secretData" : "{\"value\":\"WqeIZUv3VsiNm3PFtmU8g/C/0z8a1EsQfjtsLXe0Rww=\",\"salt\":\"IkJWV/+wbIEoO4a/9/Ke9A==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-hexa-orchestrator-realm" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "80666dad-928a-4219-aa25-d511b03cf147", + "createdTimestamp" : 1720752172622, + "username" : "gerry@hexaindustries.io", + "enabled" : true, + "totp" : false, + "emailVerified" : true, + "firstName" : "Gerry", + "lastName" : "Bossman", + "email" : "gerry@hexaindustries.io", + "credentials" : [ { + "id" : "a5c5c1f0-12f0-45be-a1eb-10cdec94d5ee", + "type" : "password", + "userLabel" : "My password", + "createdDate" : 1720752188807, + "secretData" : "{\"value\":\"IVxC+Wofj1fpuzMWr6O8doeBkfs0J89fcJ3j0HBoh1k=\",\"salt\":\"qotJ3bvlJVzqh/IkbkHzKw==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-hexa-orchestrator-realm" ], + "notBefore" : 0, + "groups" : [ "/accounting", "/humanresources", "/marketing", "/sales" ] + }, { + "id" : "42d63382-d681-4a4c-bc68-69373c48c217", + "createdTimestamp" : 1717818402408, + "username" : "service-account-hexaclient", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "serviceAccountClientId" : "hexaclient", + "credentials" : [ ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-hexa-orchestrator-realm" ], + "notBefore" : 0, + "groups" : [ ] + } ] +} \ No newline at end of file diff --git a/demo/docker-compose.shared.yml b/demo/docker-compose.shared.yml new file mode 100644 index 0000000..80b99b8 --- /dev/null +++ b/demo/docker-compose.shared.yml @@ -0,0 +1,54 @@ +name: hexa_shared +# This docker-compose file contains OIDC services used by multiple Hexa projects. Only +# once instance of these services need be started if configuring multiple projects (e.g. Policy-Orchestrator and Policy-OPA) + +services: + + postgres: + image: postgres:alpine + volumes: + - postgres_data:/var/lib/postgresql/data + environment: + POSTGRES_DB: ${POSTGRES_DB} + POSTGRES_USER: ${POSTGRES_USER} + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} + networks: + - keycloak_network + + keycloak: + image: quay.io/keycloak/keycloak:23.0.6 + container_name: keycloak + hostname: keycloak + command: start --import-realm + environment: + KC_HOSTNAME: localhost + KC_HOSTNAME_PORT: 8080 + KC_HOSTNAME_STRICT_BACKCHANNEL: false + KC_HTTP_ENABLED: true + KC_HOSTNAME_STRICT_HTTPS: false + KC_HEALTH_ENABLED: true + KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN} + KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD} + KC_DB: postgres + KC_DB_URL: jdbc:postgresql://postgres/${POSTGRES_DB} + KC_DB_USERNAME: ${POSTGRES_USER} + KC_DB_PASSWORD: ${POSTGRES_PASSWORD} + ports: + - 8080:8080 + depends_on: + - postgres + networks: + - keycloak_network + - hexa_network + volumes: + - "./deployments/keycloakrealm:/opt/keycloak/data/import" + +volumes: + postgres_data: + driver: local + +networks: + keycloak_network: + driver: bridge + hexa_network: + driver: bridge \ No newline at end of file diff --git a/demo/docker-compose.yml b/demo/docker-compose.yml index c0f3057..e8d3be0 100644 --- a/demo/docker-compose.yml +++ b/demo/docker-compose.yml @@ -33,6 +33,7 @@ services: hexa-admin-ui: image: hexaorchestrator container_name: hexa-admin-ui + hostname: admin.hexa.org ports: - "8884:8884" command: /app/hexaAdminUi @@ -46,8 +47,11 @@ services: HEXA_OAUTH_CLIENT_ID: hexaclient HEXA_OAUTH_CLIENT_SECRET: "uuXVzfbqH635Ob0oTON1uboONUqasmTt" HEXA_OAUTH_TOKEN_ENDPOINT: http://keycloak:8080/realms/Hexa-Orchestrator-Realm/protocol/openid-connect/token + HEXA_OIDC_ENABLED: true + HEXA_OIDC_PROVIDER_URL: http://keycloak:8080/realms/Hexa-Orchestrator-Realm + HEXA_OIDC_REDIRECT_URL: http://admin.hexa.org:8884/redirect volumes: - - "./.certs:/home/certs:ro" + - "./.certs:/home/certs" depends_on: - hexa-orchestrator @@ -79,8 +83,7 @@ services: ports: - "8889:8889" command: /app/hexaBundleServer - depends_on: - - keycloak + environment: PORT: 8889 HEXA_TKN_DIRECTORY: "/home/certs" @@ -106,7 +109,6 @@ services: - "8887" depends_on: - hexa-opaBundle-server - - keycloak command: /app/hexaOpa run --server --addr :8887 --tls-cert-file=/home/certs/hexaOpa-cert.pem --tls-private-key-file=/home/certs/hexaOpa-key.pem --log-level debug -c /home/config/config.yaml environment: # These environment values are referenced in ./deployments/hexaOpaServer/config/config.yaml @@ -124,50 +126,7 @@ services: networks: - hexa_network - postgres: - image: postgres:alpine - volumes: - - postgres_data:/var/lib/postgresql/data - environment: - POSTGRES_DB: ${POSTGRES_DB} - POSTGRES_USER: ${POSTGRES_USER} - POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} - networks: - - keycloak_network - - keycloak: - image: quay.io/keycloak/keycloak:23.0.6 - container_name: keycloak - command: start --import-realm - environment: - KC_HOSTNAME: localhost - KC_HOSTNAME_PORT: 8080 - KC_HOSTNAME_STRICT_BACKCHANNEL: false - KC_HTTP_ENABLED: true - KC_HOSTNAME_STRICT_HTTPS: false - KC_HEALTH_ENABLED: true - KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN} - KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD} - KC_DB: postgres - KC_DB_URL: jdbc:postgresql://postgres/${POSTGRES_DB} - KC_DB_USERNAME: ${POSTGRES_USER} - KC_DB_PASSWORD: ${POSTGRES_PASSWORD} - ports: - - 8080:8080 - depends_on: - - postgres - networks: - - keycloak_network - - hexa_network - volumes: - - "./deployments/keycloakrealm:/opt/keycloak/data/import" - -volumes: - postgres_data: - driver: local - networks: - keycloak_network: - driver: bridge hexa_network: - driver: bridge \ No newline at end of file + name: hexa_shared_hexa_network + external: true \ No newline at end of file