diff --git a/demo/deployments/keycloakrealm/Hexa-Orchestrator-Realm-realm.json b/demo/deployments/keycloakrealm/Hexa-Orchestrator-Realm-realm.json
index ef99eed..4ce6be4 100644
--- a/demo/deployments/keycloakrealm/Hexa-Orchestrator-Realm-realm.json
+++ b/demo/deployments/keycloakrealm/Hexa-Orchestrator-Realm-realm.json
@@ -246,7 +246,15 @@
"containerId" : "36bd81a2-1092-436f-9677-ebe17fb35fd3",
"attributes" : { }
} ],
- "hexaclient" : [ ],
+ "hexaclient" : [ {
+ "id" : "7c68e39f-d149-4655-ae54-aaba6c4e404c",
+ "name" : "HexaRoles",
+ "description" : "",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "ccc5f622-1cb6-45bf-83f5-61e4aa97e8ac",
+ "attributes" : { }
+ } ],
"security-admin-console" : [ ],
"admin-cli" : [ ],
"account-console" : [ ],
@@ -336,7 +344,39 @@
} ]
}
},
- "groups" : [ ],
+ "groups" : [ {
+ "id" : "74dbc03b-8a9c-4b51-acf3-0de6235345a1",
+ "name" : "accounting",
+ "path" : "/accounting",
+ "subGroups" : [ ],
+ "attributes" : { },
+ "realmRoles" : [ ],
+ "clientRoles" : { }
+ }, {
+ "id" : "aad243ad-b638-451d-9d77-2c508717bc90",
+ "name" : "humanresources",
+ "path" : "/humanresources",
+ "subGroups" : [ ],
+ "attributes" : { },
+ "realmRoles" : [ ],
+ "clientRoles" : { }
+ }, {
+ "id" : "63f23660-539b-43a1-8381-a9950cf2cdea",
+ "name" : "marketing",
+ "path" : "/marketing",
+ "subGroups" : [ ],
+ "attributes" : { },
+ "realmRoles" : [ ],
+ "clientRoles" : { }
+ }, {
+ "id" : "ef7a3b30-cdab-42cb-9e51-204506022deb",
+ "name" : "sales",
+ "path" : "/sales",
+ "subGroups" : [ ],
+ "attributes" : { },
+ "realmRoles" : [ ],
+ "clientRoles" : { }
+ } ],
"defaultRole" : {
"id" : "fedd0314-21a4-44af-aaa5-8023fef2b01a",
"name" : "default-roles-hexa-orchestrator-realm",
@@ -377,44 +417,6 @@
"webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false,
"webAuthnPolicyPasswordlessAcceptableAaguids" : [ ],
"webAuthnPolicyPasswordlessExtraOrigins" : [ ],
- "users" : [ {
- "id" : "26b48d79-a2e9-43c5-909b-a991880b9180",
- "createdTimestamp" : 1717180238484,
- "username" : "phil.hunt@independentid.com",
- "enabled" : true,
- "totp" : false,
- "emailVerified" : true,
- "firstName" : "Phil",
- "lastName" : "Hunt",
- "email" : "phil.hunt@independentid.com",
- "credentials" : [ {
- "id" : "cff2b8ab-6a27-4a42-9b31-1ef68b1ed8e5",
- "type" : "password",
- "userLabel" : "My password",
- "createdDate" : 1717180270362,
- "secretData" : "{\"value\":\"izL+WdWt9Pu6/xNCxa+ogyoWYVnUOu9ffigIzMg8Eeo=\",\"salt\":\"dliYibHbb4TLbgtgwQhpxA==\",\"additionalParameters\":{}}",
- "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
- } ],
- "disableableCredentialTypes" : [ ],
- "requiredActions" : [ ],
- "realmRoles" : [ "default-roles-hexa-orchestrator-realm" ],
- "notBefore" : 0,
- "groups" : [ ]
- }, {
- "id" : "42d63382-d681-4a4c-bc68-69373c48c217",
- "createdTimestamp" : 1717818402408,
- "username" : "service-account-hexaclient",
- "enabled" : true,
- "totp" : false,
- "emailVerified" : false,
- "serviceAccountClientId" : "hexaclient",
- "credentials" : [ ],
- "disableableCredentialTypes" : [ ],
- "requiredActions" : [ ],
- "realmRoles" : [ "default-roles-hexa-orchestrator-realm" ],
- "notBefore" : 0,
- "groups" : [ ]
- } ],
"scopeMappings" : [ {
"clientScope" : "offline_access",
"roles" : [ "offline_access" ]
@@ -514,7 +516,9 @@
"publicClient" : true,
"frontchannelLogout" : false,
"protocol" : "openid-connect",
- "attributes" : { },
+ "attributes" : {
+ "post.logout.redirect.uris" : "+"
+ },
"authenticationFlowBindingOverrides" : { },
"fullScopeAllowed" : false,
"nodeReRegistrationTimeout" : 0,
@@ -540,7 +544,9 @@
"publicClient" : false,
"frontchannelLogout" : false,
"protocol" : "openid-connect",
- "attributes" : { },
+ "attributes" : {
+ "post.logout.redirect.uris" : "+"
+ },
"authenticationFlowBindingOverrides" : { },
"fullScopeAllowed" : false,
"nodeReRegistrationTimeout" : 0,
@@ -553,29 +559,32 @@
"description" : "Hexa Admin UI client",
"rootUrl" : "",
"adminUrl" : "",
- "baseUrl" : "",
+ "baseUrl" : "http://admin.hexa.org:8884/",
"surrogateAuthRequired" : false,
"enabled" : true,
"alwaysDisplayInConsole" : false,
"clientAuthenticatorType" : "client-secret",
"secret" : "uuXVzfbqH635Ob0oTON1uboONUqasmTt",
- "redirectUris" : [ "/*" ],
- "webOrigins" : [ "/*" ],
+ "redirectUris" : [ "http://localhost:8886/redirect", "http://localhost:8884/redirect", "https://admin.hexa.org:8884/redirect", "http://demo.hexa.org:8886/redirect", "http://admin.hexa.org:8884/redirect", "https://demo.hexa.org:8886/redirect" ],
+ "webOrigins" : [ "*" ],
"notBefore" : 0,
"bearerOnly" : false,
"consentRequired" : false,
- "standardFlowEnabled" : false,
+ "standardFlowEnabled" : true,
"implicitFlowEnabled" : false,
"directAccessGrantsEnabled" : false,
"serviceAccountsEnabled" : true,
"publicClient" : false,
- "frontchannelLogout" : true,
+ "frontchannelLogout" : false,
"protocol" : "openid-connect",
"attributes" : {
"oidc.ciba.grant.enabled" : "false",
- "oauth2.device.authorization.grant.enabled" : "false",
"client.secret.creation.time" : "1717818402",
- "backchannel.logout.session.required" : "true",
+ "backchannel.logout.session.required" : "false",
+ "login_theme" : "keycloak",
+ "post.logout.redirect.uris" : "+",
+ "display.on.consent.screen" : "false",
+ "oauth2.device.authorization.grant.enabled" : "false",
"backchannel.logout.revoke.offline.tokens" : "false"
},
"authenticationFlowBindingOverrides" : { },
@@ -590,6 +599,7 @@
"config" : {
"user.session.note" : "client_id",
"introspection.token.claim" : "true",
+ "userinfo.token.claim" : "true",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "client_id",
@@ -604,11 +614,27 @@
"config" : {
"user.session.note" : "clientAddress",
"introspection.token.claim" : "true",
+ "userinfo.token.claim" : "true",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "clientAddress",
"jsonType.label" : "String"
}
+ }, {
+ "id" : "0a0f97b3-60b3-4200-bf30-a3e1b6118ecb",
+ "name" : "Map Hexa Realm Roles",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-realm-role-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "introspection.token.claim" : "true",
+ "multivalued" : "true",
+ "userinfo.token.claim" : "true",
+ "id.token.claim" : "true",
+ "access.token.claim" : "false",
+ "claim.name" : "roles",
+ "jsonType.label" : "String"
+ }
}, {
"id" : "ba5963f5-c9f2-4e25-8b71-9692b604760b",
"name" : "Client Host",
@@ -618,14 +644,15 @@
"config" : {
"user.session.note" : "clientHost",
"introspection.token.claim" : "true",
+ "userinfo.token.claim" : "true",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "clientHost",
"jsonType.label" : "String"
}
} ],
- "defaultClientScopes" : [ "web-origins", "orchestrator", "roles" ],
- "optionalClientScopes" : [ "acr", "address", "phone", "offline_access", "profile", "microprofile-jwt", "email" ]
+ "defaultClientScopes" : [ "web-origins", "orchestrator", "roles", "email" ],
+ "optionalClientScopes" : [ "acr", "address", "phone", "offline_access", "profile", "microprofile-jwt" ]
}, {
"id" : "36bd81a2-1092-436f-9677-ebe17fb35fd3",
"clientId" : "realm-management",
@@ -646,7 +673,9 @@
"publicClient" : false,
"frontchannelLogout" : false,
"protocol" : "openid-connect",
- "attributes" : { },
+ "attributes" : {
+ "post.logout.redirect.uris" : "+"
+ },
"authenticationFlowBindingOverrides" : { },
"fullScopeAllowed" : false,
"nodeReRegistrationTimeout" : 0,
@@ -865,6 +894,7 @@
"config" : {
"introspection.token.claim" : "true",
"multivalued" : "true",
+ "userinfo.token.claim" : "true",
"user.attribute" : "foo",
"id.token.claim" : "true",
"access.token.claim" : "true",
@@ -890,7 +920,8 @@
"config" : {
"id.token.claim" : "true",
"introspection.token.claim" : "true",
- "access.token.claim" : "true"
+ "access.token.claim" : "true",
+ "userinfo.token.claim" : "true"
}
} ]
}, {
@@ -899,48 +930,51 @@
"description" : "OpenID Connect scope for add user roles to the access token",
"protocol" : "openid-connect",
"attributes" : {
- "include.in.token.scope" : "false",
- "display.on.consent.screen" : "true",
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "false",
"gui.order" : "",
"consent.screen.text" : "${rolesScopeConsentText}"
},
"protocolMappers" : [ {
- "id" : "dcf45026-be57-407b-8fd2-77da9a7a48af",
- "name" : "realm roles",
+ "id" : "6a883475-ffe7-4dde-9dcc-0d4d186e5161",
+ "name" : "audience resolve",
"protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-realm-role-mapper",
+ "protocolMapper" : "oidc-audience-resolve-mapper",
"consentRequired" : false,
"config" : {
"introspection.token.claim" : "true",
- "multivalued" : "true",
- "user.attribute" : "foo",
- "access.token.claim" : "true",
- "claim.name" : "realm_access.roles",
- "jsonType.label" : "String"
+ "access.token.claim" : "true"
}
}, {
- "id" : "28d89791-fa14-4815-ab32-829fd0f17796",
- "name" : "client roles",
+ "id" : "ccdab394-eab4-427e-b4d3-039eb9c4d59f",
+ "name" : "Group Membership",
"protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-client-role-mapper",
+ "protocolMapper" : "oidc-group-membership-mapper",
"consentRequired" : false,
"config" : {
+ "full.path" : "false",
"introspection.token.claim" : "true",
"multivalued" : "true",
- "user.attribute" : "foo",
- "access.token.claim" : "true",
- "claim.name" : "resource_access.${client_id}.roles",
- "jsonType.label" : "String"
+ "userinfo.token.claim" : "false",
+ "id.token.claim" : "true",
+ "access.token.claim" : "false",
+ "claim.name" : "roles"
}
}, {
- "id" : "6a883475-ffe7-4dde-9dcc-0d4d186e5161",
- "name" : "audience resolve",
+ "id" : "d9b7d557-02f7-42d7-9031-b34aad72a3ca",
+ "name" : "realm roles",
"protocol" : "openid-connect",
- "protocolMapper" : "oidc-audience-resolve-mapper",
+ "protocolMapper" : "oidc-usermodel-realm-role-mapper",
"consentRequired" : false,
"config" : {
"introspection.token.claim" : "true",
- "access.token.claim" : "true"
+ "multivalued" : "true",
+ "userinfo.token.claim" : "false",
+ "user.attribute" : "foo",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "realm_access.roles",
+ "jsonType.label" : "String"
}
} ]
}, {
@@ -1191,7 +1225,8 @@
"id.token.claim" : "true",
"access.token.claim" : "true",
"introspection.token.claim" : "true",
- "included.custom.audience" : "http://hexa-orchestrator:8885"
+ "included.custom.audience" : "http://hexa-orchestrator:8885",
+ "userinfo.token.claim" : "true"
}
} ]
}, {
@@ -1216,7 +1251,7 @@
}
} ]
} ],
- "defaultDefaultClientScopes" : [ "web-origins", "orchestrator" ],
+ "defaultDefaultClientScopes" : [ "web-origins", "orchestrator", "roles" ],
"defaultOptionalClientScopes" : [ ],
"browserSecurityHeaders" : {
"contentSecurityPolicyReportOnly" : "",
@@ -1229,6 +1264,10 @@
"strictTransportSecurity" : "max-age=31536000; includeSubDomains"
},
"smtpServer" : { },
+ "loginTheme" : "base",
+ "accountTheme" : "",
+ "adminTheme" : "",
+ "emailTheme" : "",
"eventsEnabled" : false,
"eventsListeners" : [ "jboss-logging" ],
"enabledEventTypes" : [ ],
@@ -1260,7 +1299,7 @@
"subType" : "authenticated",
"subComponents" : { },
"config" : {
- "allowed-protocol-mapper-types" : [ "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-attribute-mapper", "saml-role-list-mapper", "oidc-full-name-mapper", "saml-user-property-mapper", "saml-user-attribute-mapper", "oidc-usermodel-property-mapper", "oidc-address-mapper" ]
+ "allowed-protocol-mapper-types" : [ "saml-user-property-mapper", "oidc-full-name-mapper", "saml-user-attribute-mapper", "oidc-address-mapper", "saml-role-list-mapper", "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper", "oidc-sha256-pairwise-sub-mapper" ]
}
}, {
"id" : "ca978067-a3d8-41c9-8db4-9cc9ef353ce3",
@@ -1295,7 +1334,7 @@
"subType" : "anonymous",
"subComponents" : { },
"config" : {
- "allowed-protocol-mapper-types" : [ "saml-user-attribute-mapper", "oidc-address-mapper", "oidc-usermodel-property-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-role-list-mapper", "saml-user-property-mapper", "oidc-full-name-mapper", "oidc-usermodel-attribute-mapper" ]
+ "allowed-protocol-mapper-types" : [ "saml-user-property-mapper", "saml-role-list-mapper", "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-full-name-mapper", "oidc-address-mapper", "saml-user-attribute-mapper", "oidc-usermodel-property-mapper" ]
}
}, {
"id" : "c7138cef-30fa-47ed-8d0e-9b98cea803b4",
@@ -1885,8 +1924,8 @@
"attributes" : {
"cibaBackchannelTokenDeliveryMode" : "poll",
"cibaAuthRequestedUserHint" : "login_hint",
- "oauth2DevicePollingInterval" : "5",
"clientOfflineSessionMaxLifespan" : "0",
+ "oauth2DevicePollingInterval" : "5",
"clientSessionIdleTimeout" : "0",
"clientOfflineSessionIdleTimeout" : "0",
"cibaInterval" : "5",
@@ -1895,7 +1934,7 @@
"oauth2DeviceCodeLifespan" : "600",
"parRequestUriLifespan" : "60",
"clientSessionMaxLifespan" : "0",
- "frontendUrl" : "",
+ "frontendUrl" : "http://keycloak:8080/",
"acr.loa.map" : "{}"
},
"keycloakVersion" : "23.0.6",
@@ -1906,1979 +1945,4 @@
"clientPolicies" : {
"policies" : [ ]
}
-}, {
- "id" : "250a0d6a-335c-41ed-91d1-0633a945ac69",
- "realm" : "master",
- "displayName" : "Keycloak",
- "displayNameHtml" : "
Keycloak
",
- "notBefore" : 0,
- "defaultSignatureAlgorithm" : "RS256",
- "revokeRefreshToken" : false,
- "refreshTokenMaxReuse" : 0,
- "accessTokenLifespan" : 60,
- "accessTokenLifespanForImplicitFlow" : 900,
- "ssoSessionIdleTimeout" : 1800,
- "ssoSessionMaxLifespan" : 36000,
- "ssoSessionIdleTimeoutRememberMe" : 0,
- "ssoSessionMaxLifespanRememberMe" : 0,
- "offlineSessionIdleTimeout" : 2592000,
- "offlineSessionMaxLifespanEnabled" : false,
- "offlineSessionMaxLifespan" : 5184000,
- "clientSessionIdleTimeout" : 0,
- "clientSessionMaxLifespan" : 0,
- "clientOfflineSessionIdleTimeout" : 0,
- "clientOfflineSessionMaxLifespan" : 0,
- "accessCodeLifespan" : 60,
- "accessCodeLifespanUserAction" : 300,
- "accessCodeLifespanLogin" : 1800,
- "actionTokenGeneratedByAdminLifespan" : 43200,
- "actionTokenGeneratedByUserLifespan" : 300,
- "oauth2DeviceCodeLifespan" : 600,
- "oauth2DevicePollingInterval" : 5,
- "enabled" : true,
- "sslRequired" : "external",
- "registrationAllowed" : false,
- "registrationEmailAsUsername" : false,
- "rememberMe" : false,
- "verifyEmail" : false,
- "loginWithEmailAllowed" : true,
- "duplicateEmailsAllowed" : false,
- "resetPasswordAllowed" : false,
- "editUsernameAllowed" : false,
- "bruteForceProtected" : false,
- "permanentLockout" : false,
- "maxFailureWaitSeconds" : 900,
- "minimumQuickLoginWaitSeconds" : 60,
- "waitIncrementSeconds" : 60,
- "quickLoginCheckMilliSeconds" : 1000,
- "maxDeltaTimeSeconds" : 43200,
- "failureFactor" : 30,
- "roles" : {
- "realm" : [ {
- "id" : "00205ce3-79b1-434c-981c-b5c9cd93d670",
- "name" : "offline_access",
- "description" : "${role_offline-access}",
- "composite" : false,
- "clientRole" : false,
- "containerId" : "250a0d6a-335c-41ed-91d1-0633a945ac69",
- "attributes" : { }
- }, {
- "id" : "2e937590-4d3b-40ba-868a-5b13d319a65d",
- "name" : "uma_authorization",
- "description" : "${role_uma_authorization}",
- "composite" : false,
- "clientRole" : false,
- "containerId" : "250a0d6a-335c-41ed-91d1-0633a945ac69",
- "attributes" : { }
- }, {
- "id" : "0ebd5632-070c-4e49-9549-26846b49e35e",
- "name" : "create-realm",
- "description" : "${role_create-realm}",
- "composite" : false,
- "clientRole" : false,
- "containerId" : "250a0d6a-335c-41ed-91d1-0633a945ac69",
- "attributes" : { }
- }, {
- "id" : "898efc89-330a-4781-923b-2b09139a075b",
- "name" : "admin",
- "description" : "${role_admin}",
- "composite" : true,
- "composites" : {
- "realm" : [ "create-realm" ],
- "client" : {
- "Hexa-Orchestrator-Realm-realm" : [ "view-clients", "query-groups", "view-realm", "view-users", "view-authorization", "impersonation", "create-client", "view-identity-providers", "manage-users", "query-users", "manage-events", "view-events", "manage-identity-providers", "manage-authorization", "query-realms", "query-clients", "manage-realm", "manage-clients" ],
- "master-realm" : [ "create-client", "manage-identity-providers", "query-groups", "view-identity-providers", "query-clients", "view-authorization", "manage-realm", "manage-clients", "manage-events", "view-realm", "manage-authorization", "query-realms", "manage-users", "view-users", "view-events", "query-users", "impersonation", "view-clients" ]
- }
- },
- "clientRole" : false,
- "containerId" : "250a0d6a-335c-41ed-91d1-0633a945ac69",
- "attributes" : { }
- }, {
- "id" : "2acd0db2-2352-4133-8aa6-bf468d6d0aea",
- "name" : "default-roles-master",
- "description" : "${role_default-roles}",
- "composite" : true,
- "composites" : {
- "realm" : [ "offline_access", "uma_authorization" ],
- "client" : {
- "account" : [ "manage-account", "view-profile" ]
- }
- },
- "clientRole" : false,
- "containerId" : "250a0d6a-335c-41ed-91d1-0633a945ac69",
- "attributes" : { }
- } ],
- "client" : {
- "security-admin-console" : [ ],
- "Hexa-Orchestrator-Realm-realm" : [ {
- "id" : "26e41a17-7965-4303-baeb-b6586717b4f3",
- "name" : "view-authorization",
- "description" : "${role_view-authorization}",
- "composite" : false,
- "clientRole" : true,
- "containerId" : "f1402f1e-baeb-4887-a47e-a7e595038a2f",
- "attributes" : { }
- }, {
- "id" : "a2a473d3-23bc-4317-8e52-ce416f3b025c",
- "name" : "impersonation",
- "description" : "${role_impersonation}",
- "composite" : false,
- "clientRole" : true,
- "containerId" : "f1402f1e-baeb-4887-a47e-a7e595038a2f",
- "attributes" : { }
- }, {
- "id" : "838fda00-97b5-4f1f-9d1a-fdf6e6a915c1",
- "name" : "create-client",
- "description" : "${role_create-client}",
- "composite" : false,
- "clientRole" : true,
- "containerId" : "f1402f1e-baeb-4887-a47e-a7e595038a2f",
- "attributes" : { }
- }, {
- "id" : "b32135c8-fcae-4a0f-a87c-47e5ffcb5ea1",
- "name" : "view-identity-providers",
- "description" : "${role_view-identity-providers}",
- "composite" : false,
- "clientRole" : true,
- "containerId" : "f1402f1e-baeb-4887-a47e-a7e595038a2f",
- "attributes" : { }
- }, {
- "id" : "d89387aa-8d75-4169-baea-8df255c9eea8",
- "name" : "view-clients",
- "description" : "${role_view-clients}",
- "composite" : true,
- "composites" : {
- "client" : {
- "Hexa-Orchestrator-Realm-realm" : [ "query-clients" ]
- }
- },
- "clientRole" : true,
- "containerId" : "f1402f1e-baeb-4887-a47e-a7e595038a2f",
- "attributes" : { }
- }, {
- "id" : "b79aaa48-573c-463c-a1d3-1461cf255dc2",
- "name" : "manage-users",
- "description" : "${role_manage-users}",
- "composite" : false,
- "clientRole" : true,
- "containerId" : "f1402f1e-baeb-4887-a47e-a7e595038a2f",
- "attributes" : { }
- }, {
- "id" : "f0e627fb-63fa-4cae-b648-ca94c1946b0c",
- "name" : "query-users",
- "description" : "${role_query-users}",
- "composite" : false,
- "clientRole" : true,
- "containerId" : "f1402f1e-baeb-4887-a47e-a7e595038a2f",
- "attributes" : { }
- }, {
- "id" : "f1a11888-000a-4550-aa09-919411f506de",
- "name" : "manage-events",
- "description" : "${role_manage-events}",
- "composite" : false,
- "clientRole" : true,
- "containerId" : "f1402f1e-baeb-4887-a47e-a7e595038a2f",
- "attributes" : { }
- }, {
- "id" : "a70f28a7-f297-43a8-b832-972a60903f1a",
- "name" : "query-groups",
- "description" : "${role_query-groups}",
- "composite" : false,
- "clientRole" : true,
- "containerId" : "f1402f1e-baeb-4887-a47e-a7e595038a2f",
- "attributes" : { }
- }, {
- "id" : "8735920a-b9da-4b11-abac-8c3e33f1ee98",
- "name" : "view-events",
- "description" : "${role_view-events}",
- "composite" : false,
- "clientRole" : true,
- "containerId" : "f1402f1e-baeb-4887-a47e-a7e595038a2f",
- "attributes" : { }
- }, {
- "id" : "79b2d5ab-1140-42fb-a3dd-973817e95a2f",
- "name" : "view-realm",
- "description" : "${role_view-realm}",
- "composite" : false,
- "clientRole" : true,
- "containerId" : "f1402f1e-baeb-4887-a47e-a7e595038a2f",
- "attributes" : { }
- }, {
- "id" : "44c7e9aa-b647-4677-9422-4d0feae213cf",
- "name" : "manage-identity-providers",
- "description" : "${role_manage-identity-providers}",
- "composite" : false,
- "clientRole" : true,
- "containerId" : "f1402f1e-baeb-4887-a47e-a7e595038a2f",
- "attributes" : { }
- }, {
- "id" : "8fadc488-41e2-407c-8ef3-67e558946697",
- "name" : "manage-authorization",
- "description" : "${role_manage-authorization}",
- "composite" : false,
- "clientRole" : true,
- "containerId" : "f1402f1e-baeb-4887-a47e-a7e595038a2f",
- "attributes" : { }
- }, {
- "id" : "df9deb9f-fd24-4650-b552-1ee9698eed62",
- "name" : "query-realms",
- "description" : "${role_query-realms}",
- "composite" : false,
- "clientRole" : true,
- "containerId" : "f1402f1e-baeb-4887-a47e-a7e595038a2f",
- "attributes" : { }
- }, {
- "id" : "6a49d5c8-8c64-4992-b359-a4beccc1e7bf",
- "name" : "view-users",
- "description" : "${role_view-users}",
- "composite" : true,
- "composites" : {
- "client" : {
- "Hexa-Orchestrator-Realm-realm" : [ "query-users", "query-groups" ]
- }
- },
- "clientRole" : true,
- "containerId" : "f1402f1e-baeb-4887-a47e-a7e595038a2f",
- "attributes" : { }
- }, {
- "id" : "f609835f-8738-434d-9a78-c0223a0c4391",
- "name" : "query-clients",
- "description" : "${role_query-clients}",
- "composite" : false,
- "clientRole" : true,
- "containerId" : "f1402f1e-baeb-4887-a47e-a7e595038a2f",
- "attributes" : { }
- }, {
- "id" : "ae9b858c-7d0a-49c5-be5a-7b829512622f",
- "name" : "manage-realm",
- "description" : "${role_manage-realm}",
- "composite" : false,
- "clientRole" : true,
- "containerId" : "f1402f1e-baeb-4887-a47e-a7e595038a2f",
- "attributes" : { }
- }, {
- "id" : "a03faf2e-7a48-4950-bcc7-2338a0f85c5b",
- "name" : "manage-clients",
- "description" : "${role_manage-clients}",
- "composite" : false,
- "clientRole" : true,
- "containerId" : "f1402f1e-baeb-4887-a47e-a7e595038a2f",
- "attributes" : { }
- } ],
- "admin-cli" : [ ],
- "account-console" : [ ],
- "broker" : [ {
- "id" : "3e89bdae-3c5a-4470-88de-3cd90affcca1",
- "name" : "read-token",
- "description" : "${role_read-token}",
- "composite" : false,
- "clientRole" : true,
- "containerId" : "db3a3f0c-f9e0-43af-bff2-20da50bb1bdb",
- "attributes" : { }
- } ],
- "master-realm" : [ {
- "id" : "08d075eb-d72f-4f70-95af-1ee0101d3190",
- "name" : "view-realm",
- "description" : "${role_view-realm}",
- "composite" : false,
- "clientRole" : true,
- "containerId" : "0123d438-2cca-48e5-8c60-d3178670f6fd",
- "attributes" : { }
- }, {
- "id" : "a3bd494c-6cc8-466e-8f9c-b88695894bae",
- "name" : "create-client",
- "description" : "${role_create-client}",
- "composite" : false,
- "clientRole" : true,
- "containerId" : "0123d438-2cca-48e5-8c60-d3178670f6fd",
- "attributes" : { }
- }, {
- "id" : "3c8ae068-0519-4771-821d-bb08d2adf598",
- "name" : "manage-identity-providers",
- "description" : "${role_manage-identity-providers}",
- "composite" : false,
- "clientRole" : true,
- "containerId" : "0123d438-2cca-48e5-8c60-d3178670f6fd",
- "attributes" : { }
- }, {
- "id" : "98d34382-ac58-4337-a0c7-a24f2b90ae89",
- "name" : "query-groups",
- "description" : "${role_query-groups}",
- "composite" : false,
- "clientRole" : true,
- "containerId" : "0123d438-2cca-48e5-8c60-d3178670f6fd",
- "attributes" : { }
- }, {
- "id" : "c6a492bb-1e04-4488-9959-e03d39fa7a00",
- "name" : "manage-authorization",
- "description" : "${role_manage-authorization}",
- "composite" : false,
- "clientRole" : true,
- "containerId" : "0123d438-2cca-48e5-8c60-d3178670f6fd",
- "attributes" : { }
- }, {
- "id" : "444c64d3-769d-463c-917c-20e93ef43c38",
- "name" : "view-identity-providers",
- "description" : "${role_view-identity-providers}",
- "composite" : false,
- "clientRole" : true,
- "containerId" : "0123d438-2cca-48e5-8c60-d3178670f6fd",
- "attributes" : { }
- }, {
- "id" : "db6c9f4b-b5b9-400c-91b1-bb52f61de78e",
- "name" : "query-realms",
- "description" : "${role_query-realms}",
- "composite" : false,
- "clientRole" : true,
- "containerId" : "0123d438-2cca-48e5-8c60-d3178670f6fd",
- "attributes" : { }
- }, {
- "id" : "afc6db88-1308-4156-bb31-5625f9ea5fbb",
- "name" : "manage-users",
- "description" : "${role_manage-users}",
- "composite" : false,
- "clientRole" : true,
- "containerId" : "0123d438-2cca-48e5-8c60-d3178670f6fd",
- "attributes" : { }
- }, {
- "id" : "f4f8f823-11ff-4a1f-9f05-5a497123264f",
- "name" : "query-clients",
- "description" : "${role_query-clients}",
- "composite" : false,
- "clientRole" : true,
- "containerId" : "0123d438-2cca-48e5-8c60-d3178670f6fd",
- "attributes" : { }
- }, {
- "id" : "ee77c2fb-a151-4c04-b720-73ca50e7b62e",
- "name" : "view-users",
- "description" : "${role_view-users}",
- "composite" : true,
- "composites" : {
- "client" : {
- "master-realm" : [ "query-users", "query-groups" ]
- }
- },
- "clientRole" : true,
- "containerId" : "0123d438-2cca-48e5-8c60-d3178670f6fd",
- "attributes" : { }
- }, {
- "id" : "c1fc76f9-e3bd-470c-a633-6687d311b39d",
- "name" : "manage-realm",
- "description" : "${role_manage-realm}",
- "composite" : false,
- "clientRole" : true,
- "containerId" : "0123d438-2cca-48e5-8c60-d3178670f6fd",
- "attributes" : { }
- }, {
- "id" : "e4077a88-7881-400f-9ff0-daece64fe275",
- "name" : "view-authorization",
- "description" : "${role_view-authorization}",
- "composite" : false,
- "clientRole" : true,
- "containerId" : "0123d438-2cca-48e5-8c60-d3178670f6fd",
- "attributes" : { }
- }, {
- "id" : "35363e8c-512b-4e09-9db8-7b0aac3a951c",
- "name" : "manage-clients",
- "description" : "${role_manage-clients}",
- "composite" : false,
- "clientRole" : true,
- "containerId" : "0123d438-2cca-48e5-8c60-d3178670f6fd",
- "attributes" : { }
- }, {
- "id" : "92075945-934d-497f-9a83-137d9f36b23c",
- "name" : "view-events",
- "description" : "${role_view-events}",
- "composite" : false,
- "clientRole" : true,
- "containerId" : "0123d438-2cca-48e5-8c60-d3178670f6fd",
- "attributes" : { }
- }, {
- "id" : "90f7f569-da2c-4ac7-a1bd-d7ee995ed8a2",
- "name" : "query-users",
- "description" : "${role_query-users}",
- "composite" : false,
- "clientRole" : true,
- "containerId" : "0123d438-2cca-48e5-8c60-d3178670f6fd",
- "attributes" : { }
- }, {
- "id" : "0dc0e474-0219-4ca1-910e-5bdde43b4582",
- "name" : "impersonation",
- "description" : "${role_impersonation}",
- "composite" : false,
- "clientRole" : true,
- "containerId" : "0123d438-2cca-48e5-8c60-d3178670f6fd",
- "attributes" : { }
- }, {
- "id" : "24a9b8eb-f2b6-410e-8129-56c25da8fe60",
- "name" : "view-clients",
- "description" : "${role_view-clients}",
- "composite" : true,
- "composites" : {
- "client" : {
- "master-realm" : [ "query-clients" ]
- }
- },
- "clientRole" : true,
- "containerId" : "0123d438-2cca-48e5-8c60-d3178670f6fd",
- "attributes" : { }
- }, {
- "id" : "09ff139f-71fa-499e-8f9d-eff167b24c69",
- "name" : "manage-events",
- "description" : "${role_manage-events}",
- "composite" : false,
- "clientRole" : true,
- "containerId" : "0123d438-2cca-48e5-8c60-d3178670f6fd",
- "attributes" : { }
- } ],
- "account" : [ {
- "id" : "7648ae03-833e-42cb-8b49-c7ae7913998b",
- "name" : "delete-account",
- "description" : "${role_delete-account}",
- "composite" : false,
- "clientRole" : true,
- "containerId" : "5f54b7b9-4ae4-43ad-aee4-a862673b7bec",
- "attributes" : { }
- }, {
- "id" : "8566833f-dfb0-45c2-b2da-140ef1072a16",
- "name" : "view-applications",
- "description" : "${role_view-applications}",
- "composite" : false,
- "clientRole" : true,
- "containerId" : "5f54b7b9-4ae4-43ad-aee4-a862673b7bec",
- "attributes" : { }
- }, {
- "id" : "b01eb485-e9a2-4613-98f2-16d58f2362e8",
- "name" : "view-consent",
- "description" : "${role_view-consent}",
- "composite" : false,
- "clientRole" : true,
- "containerId" : "5f54b7b9-4ae4-43ad-aee4-a862673b7bec",
- "attributes" : { }
- }, {
- "id" : "74e658a3-7157-4a3a-afe5-539337cec87b",
- "name" : "view-groups",
- "description" : "${role_view-groups}",
- "composite" : false,
- "clientRole" : true,
- "containerId" : "5f54b7b9-4ae4-43ad-aee4-a862673b7bec",
- "attributes" : { }
- }, {
- "id" : "9d641c83-9c38-48f3-affb-5bc2e558fdde",
- "name" : "manage-account",
- "description" : "${role_manage-account}",
- "composite" : true,
- "composites" : {
- "client" : {
- "account" : [ "manage-account-links" ]
- }
- },
- "clientRole" : true,
- "containerId" : "5f54b7b9-4ae4-43ad-aee4-a862673b7bec",
- "attributes" : { }
- }, {
- "id" : "cbff58a7-69be-461a-adcc-d93850c80c39",
- "name" : "view-profile",
- "description" : "${role_view-profile}",
- "composite" : false,
- "clientRole" : true,
- "containerId" : "5f54b7b9-4ae4-43ad-aee4-a862673b7bec",
- "attributes" : { }
- }, {
- "id" : "f5ce199a-25e7-47bd-821f-919973ec97e3",
- "name" : "manage-account-links",
- "description" : "${role_manage-account-links}",
- "composite" : false,
- "clientRole" : true,
- "containerId" : "5f54b7b9-4ae4-43ad-aee4-a862673b7bec",
- "attributes" : { }
- }, {
- "id" : "6a8238b9-3399-4c4b-973c-8b1be4a5700d",
- "name" : "manage-consent",
- "description" : "${role_manage-consent}",
- "composite" : true,
- "composites" : {
- "client" : {
- "account" : [ "view-consent" ]
- }
- },
- "clientRole" : true,
- "containerId" : "5f54b7b9-4ae4-43ad-aee4-a862673b7bec",
- "attributes" : { }
- } ]
- }
- },
- "groups" : [ ],
- "defaultRole" : {
- "id" : "2acd0db2-2352-4133-8aa6-bf468d6d0aea",
- "name" : "default-roles-master",
- "description" : "${role_default-roles}",
- "composite" : true,
- "clientRole" : false,
- "containerId" : "250a0d6a-335c-41ed-91d1-0633a945ac69"
- },
- "requiredCredentials" : [ "password" ],
- "otpPolicyType" : "totp",
- "otpPolicyAlgorithm" : "HmacSHA1",
- "otpPolicyInitialCounter" : 0,
- "otpPolicyDigits" : 6,
- "otpPolicyLookAheadWindow" : 1,
- "otpPolicyPeriod" : 30,
- "otpPolicyCodeReusable" : false,
- "otpSupportedApplications" : [ "totpAppFreeOTPName", "totpAppGoogleName", "totpAppMicrosoftAuthenticatorName" ],
- "localizationTexts" : { },
- "webAuthnPolicyRpEntityName" : "keycloak",
- "webAuthnPolicySignatureAlgorithms" : [ "ES256" ],
- "webAuthnPolicyRpId" : "",
- "webAuthnPolicyAttestationConveyancePreference" : "not specified",
- "webAuthnPolicyAuthenticatorAttachment" : "not specified",
- "webAuthnPolicyRequireResidentKey" : "not specified",
- "webAuthnPolicyUserVerificationRequirement" : "not specified",
- "webAuthnPolicyCreateTimeout" : 0,
- "webAuthnPolicyAvoidSameAuthenticatorRegister" : false,
- "webAuthnPolicyAcceptableAaguids" : [ ],
- "webAuthnPolicyExtraOrigins" : [ ],
- "webAuthnPolicyPasswordlessRpEntityName" : "keycloak",
- "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ],
- "webAuthnPolicyPasswordlessRpId" : "",
- "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified",
- "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified",
- "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified",
- "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified",
- "webAuthnPolicyPasswordlessCreateTimeout" : 0,
- "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false,
- "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ],
- "webAuthnPolicyPasswordlessExtraOrigins" : [ ],
- "users" : [ {
- "id" : "c528565c-05a1-43fa-8a5f-95ea820d6b3f",
- "createdTimestamp" : 1717179838145,
- "username" : "admin",
- "enabled" : true,
- "totp" : false,
- "emailVerified" : false,
- "credentials" : [ {
- "id" : "6f62d292-8c55-411b-b6fd-092e55975d4f",
- "type" : "password",
- "createdDate" : 1717179838321,
- "secretData" : "{\"value\":\"l3gTBmpb32civyIqC6K1o3LLTMJSEwX3Ck2726IqjaE=\",\"salt\":\"v5/GoHN5bdy27ewaZOeBVQ==\",\"additionalParameters\":{}}",
- "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
- } ],
- "disableableCredentialTypes" : [ ],
- "requiredActions" : [ ],
- "realmRoles" : [ "default-roles-master", "admin" ],
- "clientRoles" : {
- "Hexa-Orchestrator-Realm-realm" : [ "view-authorization", "create-client", "view-identity-providers", "view-clients", "manage-users", "query-users", "manage-events", "query-groups", "view-events", "view-realm", "manage-identity-providers", "manage-authorization", "query-realms", "view-users", "query-clients", "manage-realm", "manage-clients" ]
- },
- "notBefore" : 0,
- "groups" : [ ]
- } ],
- "scopeMappings" : [ {
- "clientScope" : "offline_access",
- "roles" : [ "offline_access" ]
- } ],
- "clientScopeMappings" : {
- "account" : [ {
- "client" : "account-console",
- "roles" : [ "manage-account", "view-groups" ]
- } ]
- },
- "clients" : [ {
- "id" : "f1402f1e-baeb-4887-a47e-a7e595038a2f",
- "clientId" : "Hexa-Orchestrator-Realm-realm",
- "name" : "Hexa-Orchestrator-Realm Realm",
- "surrogateAuthRequired" : false,
- "enabled" : true,
- "alwaysDisplayInConsole" : false,
- "clientAuthenticatorType" : "client-secret",
- "redirectUris" : [ ],
- "webOrigins" : [ ],
- "notBefore" : 0,
- "bearerOnly" : true,
- "consentRequired" : false,
- "standardFlowEnabled" : true,
- "implicitFlowEnabled" : false,
- "directAccessGrantsEnabled" : false,
- "serviceAccountsEnabled" : false,
- "publicClient" : false,
- "frontchannelLogout" : false,
- "attributes" : { },
- "authenticationFlowBindingOverrides" : { },
- "fullScopeAllowed" : false,
- "nodeReRegistrationTimeout" : 0,
- "defaultClientScopes" : [ ],
- "optionalClientScopes" : [ ]
- }, {
- "id" : "5f54b7b9-4ae4-43ad-aee4-a862673b7bec",
- "clientId" : "account",
- "name" : "${client_account}",
- "rootUrl" : "${authBaseUrl}",
- "baseUrl" : "/realms/master/account/",
- "surrogateAuthRequired" : false,
- "enabled" : true,
- "alwaysDisplayInConsole" : false,
- "clientAuthenticatorType" : "client-secret",
- "redirectUris" : [ "/realms/master/account/*" ],
- "webOrigins" : [ ],
- "notBefore" : 0,
- "bearerOnly" : false,
- "consentRequired" : false,
- "standardFlowEnabled" : true,
- "implicitFlowEnabled" : false,
- "directAccessGrantsEnabled" : false,
- "serviceAccountsEnabled" : false,
- "publicClient" : true,
- "frontchannelLogout" : false,
- "protocol" : "openid-connect",
- "attributes" : {
- "post.logout.redirect.uris" : "+"
- },
- "authenticationFlowBindingOverrides" : { },
- "fullScopeAllowed" : false,
- "nodeReRegistrationTimeout" : 0,
- "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ],
- "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
- }, {
- "id" : "6375daf0-a1b2-43df-a0b3-213ba813bbdc",
- "clientId" : "account-console",
- "name" : "${client_account-console}",
- "rootUrl" : "${authBaseUrl}",
- "baseUrl" : "/realms/master/account/",
- "surrogateAuthRequired" : false,
- "enabled" : true,
- "alwaysDisplayInConsole" : false,
- "clientAuthenticatorType" : "client-secret",
- "redirectUris" : [ "/realms/master/account/*" ],
- "webOrigins" : [ ],
- "notBefore" : 0,
- "bearerOnly" : false,
- "consentRequired" : false,
- "standardFlowEnabled" : true,
- "implicitFlowEnabled" : false,
- "directAccessGrantsEnabled" : false,
- "serviceAccountsEnabled" : false,
- "publicClient" : true,
- "frontchannelLogout" : false,
- "protocol" : "openid-connect",
- "attributes" : {
- "post.logout.redirect.uris" : "+",
- "pkce.code.challenge.method" : "S256"
- },
- "authenticationFlowBindingOverrides" : { },
- "fullScopeAllowed" : false,
- "nodeReRegistrationTimeout" : 0,
- "protocolMappers" : [ {
- "id" : "98400c66-0adc-41bb-b723-cb61d2f164ea",
- "name" : "audience resolve",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-audience-resolve-mapper",
- "consentRequired" : false,
- "config" : { }
- } ],
- "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ],
- "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
- }, {
- "id" : "bbbce321-7116-4bf8-b09b-387d40e65da8",
- "clientId" : "admin-cli",
- "name" : "${client_admin-cli}",
- "surrogateAuthRequired" : false,
- "enabled" : true,
- "alwaysDisplayInConsole" : false,
- "clientAuthenticatorType" : "client-secret",
- "redirectUris" : [ ],
- "webOrigins" : [ ],
- "notBefore" : 0,
- "bearerOnly" : false,
- "consentRequired" : false,
- "standardFlowEnabled" : false,
- "implicitFlowEnabled" : false,
- "directAccessGrantsEnabled" : true,
- "serviceAccountsEnabled" : false,
- "publicClient" : true,
- "frontchannelLogout" : false,
- "protocol" : "openid-connect",
- "attributes" : { },
- "authenticationFlowBindingOverrides" : { },
- "fullScopeAllowed" : false,
- "nodeReRegistrationTimeout" : 0,
- "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ],
- "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
- }, {
- "id" : "db3a3f0c-f9e0-43af-bff2-20da50bb1bdb",
- "clientId" : "broker",
- "name" : "${client_broker}",
- "surrogateAuthRequired" : false,
- "enabled" : true,
- "alwaysDisplayInConsole" : false,
- "clientAuthenticatorType" : "client-secret",
- "redirectUris" : [ ],
- "webOrigins" : [ ],
- "notBefore" : 0,
- "bearerOnly" : true,
- "consentRequired" : false,
- "standardFlowEnabled" : true,
- "implicitFlowEnabled" : false,
- "directAccessGrantsEnabled" : false,
- "serviceAccountsEnabled" : false,
- "publicClient" : false,
- "frontchannelLogout" : false,
- "protocol" : "openid-connect",
- "attributes" : { },
- "authenticationFlowBindingOverrides" : { },
- "fullScopeAllowed" : false,
- "nodeReRegistrationTimeout" : 0,
- "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ],
- "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
- }, {
- "id" : "0123d438-2cca-48e5-8c60-d3178670f6fd",
- "clientId" : "master-realm",
- "name" : "master Realm",
- "surrogateAuthRequired" : false,
- "enabled" : true,
- "alwaysDisplayInConsole" : false,
- "clientAuthenticatorType" : "client-secret",
- "redirectUris" : [ ],
- "webOrigins" : [ ],
- "notBefore" : 0,
- "bearerOnly" : true,
- "consentRequired" : false,
- "standardFlowEnabled" : true,
- "implicitFlowEnabled" : false,
- "directAccessGrantsEnabled" : false,
- "serviceAccountsEnabled" : false,
- "publicClient" : false,
- "frontchannelLogout" : false,
- "attributes" : { },
- "authenticationFlowBindingOverrides" : { },
- "fullScopeAllowed" : false,
- "nodeReRegistrationTimeout" : 0,
- "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ],
- "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
- }, {
- "id" : "80455da6-806b-4d18-872c-13b17c6c4858",
- "clientId" : "security-admin-console",
- "name" : "${client_security-admin-console}",
- "rootUrl" : "${authAdminUrl}",
- "baseUrl" : "/admin/master/console/",
- "surrogateAuthRequired" : false,
- "enabled" : true,
- "alwaysDisplayInConsole" : false,
- "clientAuthenticatorType" : "client-secret",
- "redirectUris" : [ "/admin/master/console/*" ],
- "webOrigins" : [ "+" ],
- "notBefore" : 0,
- "bearerOnly" : false,
- "consentRequired" : false,
- "standardFlowEnabled" : true,
- "implicitFlowEnabled" : false,
- "directAccessGrantsEnabled" : false,
- "serviceAccountsEnabled" : false,
- "publicClient" : true,
- "frontchannelLogout" : false,
- "protocol" : "openid-connect",
- "attributes" : {
- "post.logout.redirect.uris" : "+",
- "pkce.code.challenge.method" : "S256"
- },
- "authenticationFlowBindingOverrides" : { },
- "fullScopeAllowed" : false,
- "nodeReRegistrationTimeout" : 0,
- "protocolMappers" : [ {
- "id" : "45edff09-1761-4306-aee0-eaf0c0c0f575",
- "name" : "locale",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-attribute-mapper",
- "consentRequired" : false,
- "config" : {
- "introspection.token.claim" : "true",
- "userinfo.token.claim" : "true",
- "user.attribute" : "locale",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "locale",
- "jsonType.label" : "String"
- }
- } ],
- "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ],
- "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
- } ],
- "clientScopes" : [ {
- "id" : "a6cd1634-b264-4862-89ca-08e6502aefeb",
- "name" : "address",
- "description" : "OpenID Connect built-in scope: address",
- "protocol" : "openid-connect",
- "attributes" : {
- "include.in.token.scope" : "true",
- "display.on.consent.screen" : "true",
- "consent.screen.text" : "${addressScopeConsentText}"
- },
- "protocolMappers" : [ {
- "id" : "42a4e93e-a4b9-440a-ae94-8ecbd23362b4",
- "name" : "address",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-address-mapper",
- "consentRequired" : false,
- "config" : {
- "user.attribute.formatted" : "formatted",
- "user.attribute.country" : "country",
- "introspection.token.claim" : "true",
- "user.attribute.postal_code" : "postal_code",
- "userinfo.token.claim" : "true",
- "user.attribute.street" : "street",
- "id.token.claim" : "true",
- "user.attribute.region" : "region",
- "access.token.claim" : "true",
- "user.attribute.locality" : "locality"
- }
- } ]
- }, {
- "id" : "b7d5a6e2-daf8-4a9e-a84d-a981db7e275d",
- "name" : "role_list",
- "description" : "SAML role list",
- "protocol" : "saml",
- "attributes" : {
- "consent.screen.text" : "${samlRoleListScopeConsentText}",
- "display.on.consent.screen" : "true"
- },
- "protocolMappers" : [ {
- "id" : "ca74261b-b1ed-4398-8b87-4af873b27bf2",
- "name" : "role list",
- "protocol" : "saml",
- "protocolMapper" : "saml-role-list-mapper",
- "consentRequired" : false,
- "config" : {
- "single" : "false",
- "attribute.nameformat" : "Basic",
- "attribute.name" : "Role"
- }
- } ]
- }, {
- "id" : "f7d8d56a-b569-46ca-9c06-7a6983b13b66",
- "name" : "offline_access",
- "description" : "OpenID Connect built-in scope: offline_access",
- "protocol" : "openid-connect",
- "attributes" : {
- "consent.screen.text" : "${offlineAccessScopeConsentText}",
- "display.on.consent.screen" : "true"
- }
- }, {
- "id" : "4bf3ed7f-ae03-4d14-b16c-ab6d0587d02f",
- "name" : "email",
- "description" : "OpenID Connect built-in scope: email",
- "protocol" : "openid-connect",
- "attributes" : {
- "include.in.token.scope" : "true",
- "display.on.consent.screen" : "true",
- "consent.screen.text" : "${emailScopeConsentText}"
- },
- "protocolMappers" : [ {
- "id" : "d0b2ce41-af5c-43bc-83b4-1aa53213a44e",
- "name" : "email verified",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
- "consentRequired" : false,
- "config" : {
- "introspection.token.claim" : "true",
- "userinfo.token.claim" : "true",
- "user.attribute" : "emailVerified",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "email_verified",
- "jsonType.label" : "boolean"
- }
- }, {
- "id" : "8b70ecd2-ac75-49b6-aa91-e4213c833b92",
- "name" : "email",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-attribute-mapper",
- "consentRequired" : false,
- "config" : {
- "introspection.token.claim" : "true",
- "userinfo.token.claim" : "true",
- "user.attribute" : "email",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "email",
- "jsonType.label" : "String"
- }
- } ]
- }, {
- "id" : "4da27057-9e72-4dd2-b929-1707bc4f9bb0",
- "name" : "roles",
- "description" : "OpenID Connect scope for add user roles to the access token",
- "protocol" : "openid-connect",
- "attributes" : {
- "include.in.token.scope" : "false",
- "display.on.consent.screen" : "true",
- "consent.screen.text" : "${rolesScopeConsentText}"
- },
- "protocolMappers" : [ {
- "id" : "52e0c8b5-1396-4508-91f1-da6abbc98c0a",
- "name" : "audience resolve",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-audience-resolve-mapper",
- "consentRequired" : false,
- "config" : {
- "introspection.token.claim" : "true",
- "access.token.claim" : "true"
- }
- }, {
- "id" : "8f7d997e-d50a-49ce-8751-cb3fa72f4d87",
- "name" : "realm roles",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-realm-role-mapper",
- "consentRequired" : false,
- "config" : {
- "introspection.token.claim" : "true",
- "multivalued" : "true",
- "user.attribute" : "foo",
- "access.token.claim" : "true",
- "claim.name" : "realm_access.roles",
- "jsonType.label" : "String"
- }
- }, {
- "id" : "99b66d78-97b7-4ff5-9fbd-60082005c218",
- "name" : "client roles",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-client-role-mapper",
- "consentRequired" : false,
- "config" : {
- "introspection.token.claim" : "true",
- "multivalued" : "true",
- "user.attribute" : "foo",
- "access.token.claim" : "true",
- "claim.name" : "resource_access.${client_id}.roles",
- "jsonType.label" : "String"
- }
- } ]
- }, {
- "id" : "80ec344e-379b-4332-aaba-1f75304518cb",
- "name" : "web-origins",
- "description" : "OpenID Connect scope for add allowed web origins to the access token",
- "protocol" : "openid-connect",
- "attributes" : {
- "include.in.token.scope" : "false",
- "display.on.consent.screen" : "false",
- "consent.screen.text" : ""
- },
- "protocolMappers" : [ {
- "id" : "70fb586a-95e7-4bcf-908a-5a429869d143",
- "name" : "allowed web origins",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-allowed-origins-mapper",
- "consentRequired" : false,
- "config" : {
- "introspection.token.claim" : "true",
- "access.token.claim" : "true"
- }
- } ]
- }, {
- "id" : "dd7e3856-b2ca-4862-b358-04599d2a3890",
- "name" : "profile",
- "description" : "OpenID Connect built-in scope: profile",
- "protocol" : "openid-connect",
- "attributes" : {
- "include.in.token.scope" : "true",
- "display.on.consent.screen" : "true",
- "consent.screen.text" : "${profileScopeConsentText}"
- },
- "protocolMappers" : [ {
- "id" : "4a7bf129-3e10-4622-8409-f78cbfe533b7",
- "name" : "middle name",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-attribute-mapper",
- "consentRequired" : false,
- "config" : {
- "introspection.token.claim" : "true",
- "userinfo.token.claim" : "true",
- "user.attribute" : "middleName",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "middle_name",
- "jsonType.label" : "String"
- }
- }, {
- "id" : "d58d845c-daed-42ab-b41f-09fa8ae616fe",
- "name" : "birthdate",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-attribute-mapper",
- "consentRequired" : false,
- "config" : {
- "introspection.token.claim" : "true",
- "userinfo.token.claim" : "true",
- "user.attribute" : "birthdate",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "birthdate",
- "jsonType.label" : "String"
- }
- }, {
- "id" : "d1c3d30e-0b84-41a1-9541-26ec27eae2cb",
- "name" : "full name",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-full-name-mapper",
- "consentRequired" : false,
- "config" : {
- "id.token.claim" : "true",
- "introspection.token.claim" : "true",
- "access.token.claim" : "true",
- "userinfo.token.claim" : "true"
- }
- }, {
- "id" : "7f764926-ee24-4aef-859e-3e0628d689ed",
- "name" : "website",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-attribute-mapper",
- "consentRequired" : false,
- "config" : {
- "introspection.token.claim" : "true",
- "userinfo.token.claim" : "true",
- "user.attribute" : "website",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "website",
- "jsonType.label" : "String"
- }
- }, {
- "id" : "84bffc56-322d-4c93-b926-d5f1ebcddb88",
- "name" : "updated at",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-attribute-mapper",
- "consentRequired" : false,
- "config" : {
- "introspection.token.claim" : "true",
- "userinfo.token.claim" : "true",
- "user.attribute" : "updatedAt",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "updated_at",
- "jsonType.label" : "long"
- }
- }, {
- "id" : "7d6b4477-9d58-462a-bc6f-68980967312a",
- "name" : "picture",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-attribute-mapper",
- "consentRequired" : false,
- "config" : {
- "introspection.token.claim" : "true",
- "userinfo.token.claim" : "true",
- "user.attribute" : "picture",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "picture",
- "jsonType.label" : "String"
- }
- }, {
- "id" : "b4ef3544-5e33-4741-ac11-bc91df0df847",
- "name" : "nickname",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-attribute-mapper",
- "consentRequired" : false,
- "config" : {
- "introspection.token.claim" : "true",
- "userinfo.token.claim" : "true",
- "user.attribute" : "nickname",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "nickname",
- "jsonType.label" : "String"
- }
- }, {
- "id" : "de6fdeab-de35-4722-80f6-2fb1183ba0bf",
- "name" : "gender",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-attribute-mapper",
- "consentRequired" : false,
- "config" : {
- "introspection.token.claim" : "true",
- "userinfo.token.claim" : "true",
- "user.attribute" : "gender",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "gender",
- "jsonType.label" : "String"
- }
- }, {
- "id" : "eeb3b0dd-a57a-43bf-bd75-7b5f811cc01a",
- "name" : "username",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-attribute-mapper",
- "consentRequired" : false,
- "config" : {
- "introspection.token.claim" : "true",
- "userinfo.token.claim" : "true",
- "user.attribute" : "username",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "preferred_username",
- "jsonType.label" : "String"
- }
- }, {
- "id" : "8e852d2a-c7c1-4257-9adf-49ad455574cd",
- "name" : "zoneinfo",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-attribute-mapper",
- "consentRequired" : false,
- "config" : {
- "introspection.token.claim" : "true",
- "userinfo.token.claim" : "true",
- "user.attribute" : "zoneinfo",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "zoneinfo",
- "jsonType.label" : "String"
- }
- }, {
- "id" : "b8b978e6-3c5c-4c7a-bba8-906064eec53a",
- "name" : "profile",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-attribute-mapper",
- "consentRequired" : false,
- "config" : {
- "introspection.token.claim" : "true",
- "userinfo.token.claim" : "true",
- "user.attribute" : "profile",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "profile",
- "jsonType.label" : "String"
- }
- }, {
- "id" : "e61d7d7f-9f06-47db-ac8f-97753b9e0110",
- "name" : "family name",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-attribute-mapper",
- "consentRequired" : false,
- "config" : {
- "introspection.token.claim" : "true",
- "userinfo.token.claim" : "true",
- "user.attribute" : "lastName",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "family_name",
- "jsonType.label" : "String"
- }
- }, {
- "id" : "e3a1f774-26a8-4693-bacb-bafe30d5cf39",
- "name" : "locale",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-attribute-mapper",
- "consentRequired" : false,
- "config" : {
- "introspection.token.claim" : "true",
- "userinfo.token.claim" : "true",
- "user.attribute" : "locale",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "locale",
- "jsonType.label" : "String"
- }
- }, {
- "id" : "3b95e7a1-fec7-49d5-8ea0-9504eafad852",
- "name" : "given name",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-attribute-mapper",
- "consentRequired" : false,
- "config" : {
- "introspection.token.claim" : "true",
- "userinfo.token.claim" : "true",
- "user.attribute" : "firstName",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "given_name",
- "jsonType.label" : "String"
- }
- } ]
- }, {
- "id" : "31850249-233f-47b0-998c-720ef761e44a",
- "name" : "phone",
- "description" : "OpenID Connect built-in scope: phone",
- "protocol" : "openid-connect",
- "attributes" : {
- "include.in.token.scope" : "true",
- "display.on.consent.screen" : "true",
- "consent.screen.text" : "${phoneScopeConsentText}"
- },
- "protocolMappers" : [ {
- "id" : "5817cf61-07ef-4886-a772-d22b02c21f0b",
- "name" : "phone number",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-attribute-mapper",
- "consentRequired" : false,
- "config" : {
- "introspection.token.claim" : "true",
- "userinfo.token.claim" : "true",
- "user.attribute" : "phoneNumber",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "phone_number",
- "jsonType.label" : "String"
- }
- }, {
- "id" : "29e65f04-6945-4718-849a-90cd15fb917f",
- "name" : "phone number verified",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-attribute-mapper",
- "consentRequired" : false,
- "config" : {
- "introspection.token.claim" : "true",
- "userinfo.token.claim" : "true",
- "user.attribute" : "phoneNumberVerified",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "phone_number_verified",
- "jsonType.label" : "boolean"
- }
- } ]
- }, {
- "id" : "d0659815-4408-4177-9bc0-695612a4ea78",
- "name" : "microprofile-jwt",
- "description" : "Microprofile - JWT built-in scope",
- "protocol" : "openid-connect",
- "attributes" : {
- "include.in.token.scope" : "true",
- "display.on.consent.screen" : "false"
- },
- "protocolMappers" : [ {
- "id" : "4aafc62b-655b-4fdb-a450-983f98855b46",
- "name" : "upn",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-attribute-mapper",
- "consentRequired" : false,
- "config" : {
- "introspection.token.claim" : "true",
- "userinfo.token.claim" : "true",
- "user.attribute" : "username",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "upn",
- "jsonType.label" : "String"
- }
- }, {
- "id" : "b979c1d6-b533-409c-960b-a893e4ab39c8",
- "name" : "groups",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-realm-role-mapper",
- "consentRequired" : false,
- "config" : {
- "introspection.token.claim" : "true",
- "multivalued" : "true",
- "user.attribute" : "foo",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "groups",
- "jsonType.label" : "String"
- }
- } ]
- }, {
- "id" : "c59ab31a-970d-4f06-839f-ae91c1f5e623",
- "name" : "acr",
- "description" : "OpenID Connect scope for add acr (authentication context class reference) to the token",
- "protocol" : "openid-connect",
- "attributes" : {
- "include.in.token.scope" : "false",
- "display.on.consent.screen" : "false"
- },
- "protocolMappers" : [ {
- "id" : "68302cbe-854b-471d-8f34-10d9aaded828",
- "name" : "acr loa level",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-acr-mapper",
- "consentRequired" : false,
- "config" : {
- "id.token.claim" : "true",
- "introspection.token.claim" : "true",
- "access.token.claim" : "true"
- }
- } ]
- } ],
- "defaultDefaultClientScopes" : [ "role_list", "profile", "email", "roles", "web-origins", "acr" ],
- "defaultOptionalClientScopes" : [ "offline_access", "address", "phone", "microprofile-jwt" ],
- "browserSecurityHeaders" : {
- "contentSecurityPolicyReportOnly" : "",
- "xContentTypeOptions" : "nosniff",
- "referrerPolicy" : "no-referrer",
- "xRobotsTag" : "none",
- "xFrameOptions" : "SAMEORIGIN",
- "xXSSProtection" : "1; mode=block",
- "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
- "strictTransportSecurity" : "max-age=31536000; includeSubDomains"
- },
- "smtpServer" : { },
- "eventsEnabled" : false,
- "eventsListeners" : [ "jboss-logging" ],
- "enabledEventTypes" : [ ],
- "adminEventsEnabled" : false,
- "adminEventsDetailsEnabled" : false,
- "identityProviders" : [ ],
- "identityProviderMappers" : [ ],
- "components" : {
- "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ {
- "id" : "38c85523-2e46-4194-8fad-40b6887d2b29",
- "name" : "Trusted Hosts",
- "providerId" : "trusted-hosts",
- "subType" : "anonymous",
- "subComponents" : { },
- "config" : {
- "host-sending-registration-request-must-match" : [ "true" ],
- "client-uris-must-match" : [ "true" ]
- }
- }, {
- "id" : "e6b09c83-a0ad-4029-b9fb-1bd9ef3e7197",
- "name" : "Allowed Protocol Mapper Types",
- "providerId" : "allowed-protocol-mappers",
- "subType" : "anonymous",
- "subComponents" : { },
- "config" : {
- "allowed-protocol-mapper-types" : [ "saml-user-attribute-mapper", "saml-user-property-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-property-mapper", "oidc-address-mapper", "saml-role-list-mapper", "oidc-full-name-mapper", "oidc-usermodel-attribute-mapper" ]
- }
- }, {
- "id" : "d9cf1ab3-2656-4685-b398-277350bfea38",
- "name" : "Allowed Client Scopes",
- "providerId" : "allowed-client-templates",
- "subType" : "anonymous",
- "subComponents" : { },
- "config" : {
- "allow-default-scopes" : [ "true" ]
- }
- }, {
- "id" : "35c706ad-dc91-4e73-9f27-c5182c444823",
- "name" : "Max Clients Limit",
- "providerId" : "max-clients",
- "subType" : "anonymous",
- "subComponents" : { },
- "config" : {
- "max-clients" : [ "200" ]
- }
- }, {
- "id" : "2cdcee53-14cb-4163-992f-e6f98ac2c3b8",
- "name" : "Allowed Client Scopes",
- "providerId" : "allowed-client-templates",
- "subType" : "authenticated",
- "subComponents" : { },
- "config" : {
- "allow-default-scopes" : [ "true" ]
- }
- }, {
- "id" : "2b6db77f-b514-4c6f-8fc4-40dbf27ec42b",
- "name" : "Allowed Protocol Mapper Types",
- "providerId" : "allowed-protocol-mappers",
- "subType" : "authenticated",
- "subComponents" : { },
- "config" : {
- "allowed-protocol-mapper-types" : [ "saml-user-property-mapper", "oidc-full-name-mapper", "oidc-address-mapper", "oidc-usermodel-attribute-mapper", "saml-role-list-mapper", "oidc-usermodel-property-mapper", "saml-user-attribute-mapper", "oidc-sha256-pairwise-sub-mapper" ]
- }
- }, {
- "id" : "30fdbf2e-b97a-418f-8663-155e0872016c",
- "name" : "Consent Required",
- "providerId" : "consent-required",
- "subType" : "anonymous",
- "subComponents" : { },
- "config" : { }
- }, {
- "id" : "64a0fcf5-f4b7-4e8c-be7b-bc0ce097e006",
- "name" : "Full Scope Disabled",
- "providerId" : "scope",
- "subType" : "anonymous",
- "subComponents" : { },
- "config" : { }
- } ],
- "org.keycloak.keys.KeyProvider" : [ {
- "id" : "04227216-afc4-4272-b466-21c14789b33f",
- "name" : "rsa-enc-generated",
- "providerId" : "rsa-enc-generated",
- "subComponents" : { },
- "config" : {
- "privateKey" : [ "MIIEogIBAAKCAQEAn9C7vDGtLiV3QtMOlmN/co76XEDgfEqyecU+9BvbS7i9eHofydCl+fBg4vpS1KgqztAbwex2hvNBb2tX8uO77K9m+yLyAYpsczQe44/2zXmg5aC1JbThe9KPrlmS9Y+Kqp5lYhPQe9wowHkb7UET8FnhiD/IG/sO9Tlrw8dGWNWD0HeA8K84CZszNTYpuolVSXXFmfELZ2LJvetcW7OZPQaavYcSqLqDXldb8mh5lekrYlk9lToodirnnIz13gvlgEGobLvd12EUTJgFbaa1rl8zFaVBjroCCBH9ZQq0v+kCjZ61isEAlIz5WtbYxyg6QClORxxb5FGsmkcGx8KqVQIDAQABAoIBAACuS8TaR7nLZxERA4R+5mtMHwm6YDp0IJzsMWYQ1R2Jd/H5DNGefFaIQG43Hf5riPzAkWqBSC/8l7bFzX+3Zw5aR1hvWa1jM/sTQ15s0PxaT3+RVudsnqYZMfHoNJWsB62aZyXEnj31pI0zw66xeRUSpo24cXEARmjWo2LkiNdjPI1Rox1cMElvvwAjfl/5NilVA9C9q9Ujn7M8RP0PJ4Jk2SFZqp9UedNwthWkydl72W9kAj05g40hjBP8Q3EXBZvGEKru3bpq0KYfUwXSTLxILgYOjWm8qB5i8yT4EMB3UJPqpPlKk7OMsZvVFpiWtJ7bHVfoyVpIwEbJ2YLFVrECgYEA0yCz2q0CSE9/iONrN1qlHypijkzzvysHfg8umcOAmfiunVNqk/f8aCbDFjJo7FjaUIoZgLOImSDZO5QyOsQSHwlI+WTHdFktbQ1EpVDfDWP8j3/qCc8DsYD532JoNgp6sSnWQgtzLdjTykHBJBJ1Ny5QgWiGuTKvJvzDMemLd2cCgYEAwcgp8gDUgPEXmNISumG82Bk6gfo0hRMLTjIQ6PyPoigkWI5seWAl8L/jj+CSuKIxlpcbxI2Qksa928YGKtLD9FBk1zF1o7tR2bwMpANcaz3PSYLdcipgQgA/Dq5FOgDsQrDIXkizmzx2Gs91xYGgTHUdkZ2MaN0vNhVUnI0dpuMCgYAnRFTPHhBnnImOzyVYxT4ivsJXzw4ihwE8u9wh8w+PE4Z+ck5HOP8z68mq7jM/igMIqba2ji2gtVBR2W1CKsdoCFUPNWQ3SoK9XpNe39ysY+VMVzETI/J+6AsRNf9F1csd+jcET5bbdxFk87fVWq18VtvYRbWQ6lFTQf2X4eTzjwKBgECmsF/eKQfP5+iDhd4LB78tQ5jjyivvu6DeEUg6Iw2dyOqGsegYzO+yhZCWAz14V4T/azM7a9WcWvF88sfMw7W6MLqe9LmooFk9ZRY/TNE2sPa8o3cYbj726BLUz6HXdvuVEXRrWwjatiihuJApfDqmBDR11MeTq9GmcjE833yzAoGAMnFeWgA+lwDfbDBroGVIdYxAaPJwYupCfPeRNcbWcftUBBpH35sAHL9yIwEfzYHonyI9dC1fAJuBX8UVzBrfXaEhpyazJLfi/mL22nap62+z89QCMRjndA4W4+mYWtNFyzeiB7r1ru5W1Gk/6XJPSq2I+KniIpzkiRKpRR2Nn6A=" ],
- "keyUse" : [ "ENC" ],
- "certificate" : [ "MIICmzCCAYMCBgGPz+TrZDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZtYXN0ZXIwHhcNMjQwNTMxMTgyMjE3WhcNMzQwNTMxMTgyMzU3WjARMQ8wDQYDVQQDDAZtYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCf0Lu8Ma0uJXdC0w6WY39yjvpcQOB8SrJ5xT70G9tLuL14eh/J0KX58GDi+lLUqCrO0BvB7HaG80Fva1fy47vsr2b7IvIBimxzNB7jj/bNeaDloLUltOF70o+uWZL1j4qqnmViE9B73CjAeRvtQRPwWeGIP8gb+w71OWvDx0ZY1YPQd4DwrzgJmzM1Nim6iVVJdcWZ8QtnYsm961xbs5k9Bpq9hxKouoNeV1vyaHmV6StiWT2VOih2KuecjPXeC+WAQahsu93XYRRMmAVtprWuXzMVpUGOugIIEf1lCrS/6QKNnrWKwQCUjPla1tjHKDpAKU5HHFvkUayaRwbHwqpVAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFq+XJffwQgVMkPQTeT1cOWSSCUjx82Bn1sthQUHGrHtjoeeD+0+eOksNGUqweHc9slNOTfkyT+jh+nyL7QU1WwvqpaKPlsOdEFbewsv6BDjStXdLblDP0aY2i9WVejW5+b6jBdVUzxuWah9eszPNFgc4DWxPPnYoK52lFFE36Iq+P96Dus43O5njd/ag7zRUH4QWPvyGkC3iP0SKOveUBh1b/vxqJeppUk5CxDCjne8Wl0iksRpgiqFMeiPbAYC8YaZggRuuZBugFNdC8WmrMeColEGqc0VslHsq0HAHv92IGMej1f0ppwEl6VfBx7ec235tzoqgjOMMTOixad8qco=" ],
- "priority" : [ "100" ],
- "algorithm" : [ "RSA-OAEP" ]
- }
- }, {
- "id" : "5389f325-f825-4830-bf27-d8c354499436",
- "name" : "aes-generated",
- "providerId" : "aes-generated",
- "subComponents" : { },
- "config" : {
- "kid" : [ "b11447e5-d9db-44bd-bccf-5cae8e6007e4" ],
- "secret" : [ "fSA7yH7YrjMQPinmq_l1qg" ],
- "priority" : [ "100" ]
- }
- }, {
- "id" : "f461ced8-875f-49ae-a78b-1a1c76406fb0",
- "name" : "hmac-generated",
- "providerId" : "hmac-generated",
- "subComponents" : { },
- "config" : {
- "kid" : [ "e1490d1c-641b-4f7a-a8a1-d147de37b417" ],
- "secret" : [ "OJ42xs0_2epe4ru9DZeF8F2SjNTT89R2BFvNsq0kRIwbYNnTN7Z3VKG6jl99v4fjEO5oC5d9xPmZ6-yEL4xgoA" ],
- "priority" : [ "100" ],
- "algorithm" : [ "HS256" ]
- }
- }, {
- "id" : "a36f30d1-e020-48d0-b7e9-3b1ebf75cbf8",
- "name" : "rsa-generated",
- "providerId" : "rsa-generated",
- "subComponents" : { },
- "config" : {
- "privateKey" : [ "MIIEowIBAAKCAQEAsVMxMNJz17IIeZzT2TX6iZ4Cz5gPYUqb+aoobnXUVL2tOFcuk2ZhcPnvN4XGIY0EcVvkP4F1rEt9GykLpngD/qf2ZgLLtubq4MHd+7tTVRPU5JfGlevsjW7rbb8a0YsaIldZMucjA0lKyZIBaMNXweRV5QiyJ3PC1aC5JYqnciXc6fZHQRmCu78JCinHKGjNl43NwCf+XNFyGiaIUpT9CZZLC/yvRmdJ0wKl+M/k5pyzMjwT4la/qBoNvogPvcIKqrI3oqmy/viS5Vph+irXABJcHmQnlun3f6OxwhM8Vauqb5VtqxHSXhdJpXVV/TYIcYA2BOtWyL3JgZ8+AeyZ0QIDAQABAoIBAAkWqXvGHZfdkR+ikR0d7iRli+FV+tvStiHavc3Djkl1m0468bEuWyouNTuUSK5piuPAgPdcTEqzZ8sflHBI0HOZ6kAaPpS2Sy2P4i/HzyKaLJw2xz/h4rLxD3IFjHtW9NTzwyefvySo+gNQz2+uK25NpLVjd7Yb8c1/Ol4ZODHadwHZYzm2WICiYeZyWXhLlacLDFJ+uc3pYG+/2ONqjUpXWx0f4jkKFxohFZa8Re46j3v+9a55OE6DDnoKUfL7YbF7VRHISEeHZJUGOCP3gLqa1vpJaD3xquYTI72ZqFpnjKVhsTB8CDKaMnHhJ+nKI8K+BPvDE0oPNiwoCjt9/s0CgYEA6qzPRMmFTz78KdLjU2FCfWOr6tWb5fuKe7aX4r0L9teFYOHfyYtfBR+YYpU7qE2ZjdpjCjOdA9uxwzFM5Oc3QUsyz/bQwPcfHWpbhunpVsZm+y1oK2KZd4HgnA9852gUrCfsXe4ZkJFx3mwRooz5r4vP0bq348Lwy4IE2BjlYmsCgYEAwXBC5eEqtKuQm1KxYru2qj0ggXlxeVnLZPbujPJ7VARw/B07qTkkJs79c8xOc27UOG4k+IBlOt3BnSjMM6ff3YD0C5jX8zAw8XKNDpHE6mHKWmCbdYJJk5kBXW8btVU/RKFC5G+FMwq61MYIfVTLgoTDPMB6tGc9PIqZh7VWm7MCgYEAo71FtUoikMNysD/ryz6eZNzJlEXMy+/xlRY27cZX9bg04P9Y5Mgw2WNNMOPNR0Y1sMtCtViD4rBEXNwmOcS2QgGVB5O/3hPPCvgtunm1DI3MRs9M0pCuYbsmG92WmeN+IQyOGI/MGJnS6I1g1JkmkfysWTq9mdZnqqcieCEO09cCgYAfw9mYelNS++FxQDEU75JdflA6MsEplk9KMyqVRrRt5ZTQMdS8Qz/mh5MjUueHGSoMYjn7/Mmi0wuaTTrLOMQQUb7BsMW1j7JZ09/KBrH5czmRgc/FijGe5T9OIpLAQlFzaa/cZ1vON/LaQfLe8e/BbR/KeCkuOs3ZhUEVAfhI9QKBgBd3ULYPqmwQxQEQBOs+V3VuA3FpLruDdG0/5SDLene+m+eqOpoGm/YdlDX63avXlp5+K9d/QOZrgK507MIQeizTOPHbvizI0FyZJYH5a/2dLkNG/+naCiMQAAcVRyKy0yVOuB5UV8dDSvCfWa31a/2WIQBpb9TxC7g5UqrL2FtV" ],
- "keyUse" : [ "SIG" ],
- "certificate" : [ "MIICmzCCAYMCBgGPz+TqVTANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZtYXN0ZXIwHhcNMjQwNTMxMTgyMjE3WhcNMzQwNTMxMTgyMzU3WjARMQ8wDQYDVQQDDAZtYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxUzEw0nPXsgh5nNPZNfqJngLPmA9hSpv5qihuddRUva04Vy6TZmFw+e83hcYhjQRxW+Q/gXWsS30bKQumeAP+p/ZmAsu25urgwd37u1NVE9Tkl8aV6+yNbuttvxrRixoiV1ky5yMDSUrJkgFow1fB5FXlCLInc8LVoLkliqdyJdzp9kdBGYK7vwkKKccoaM2Xjc3AJ/5c0XIaJohSlP0JlksL/K9GZ0nTAqX4z+TmnLMyPBPiVr+oGg2+iA+9wgqqsjeiqbL++JLlWmH6KtcAElweZCeW6fd/o7HCEzxVq6pvlW2rEdJeF0mldVX9NghxgDYE61bIvcmBnz4B7JnRAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAI3s19B2/D3xvAkFxBcT/IxwIxrclQ4NGJ/eI43U14qsRRkAQsVn9l8JiBlAVqiJGfXogXAV9dD/+qCpvH1fL4bjykkSGU4cGUgZa6OTdNDro3djmQB3YlIfXmHnWeS/Olf7lzxESnESGI7nyfcDxsPBY9QcaUwJBDPCQde0YJdHT235qf9mKSBtsUQSu/CeL09TlWc0xvqybwLDOTbl3DFfYNclaBozLsNx0SI/5xQWz7kuvo04CF4XvabJ9APqEoxf8eSjUUOZR9e7stZqUH1UJcbVUx1Rnepm3jI+hrePD825efUX/Db+zG4QhPu+Z+9wq3y/6C8niuIOsYPcHXY=" ],
- "priority" : [ "100" ]
- }
- } ]
- },
- "internationalizationEnabled" : false,
- "supportedLocales" : [ ],
- "authenticationFlows" : [ {
- "id" : "d506562a-6ad8-48f1-9133-2c2b915d86fe",
- "alias" : "Account verification options",
- "description" : "Method with which to verity the existing account",
- "providerId" : "basic-flow",
- "topLevel" : false,
- "builtIn" : true,
- "authenticationExecutions" : [ {
- "authenticator" : "idp-email-verification",
- "authenticatorFlow" : false,
- "requirement" : "ALTERNATIVE",
- "priority" : 10,
- "autheticatorFlow" : false,
- "userSetupAllowed" : false
- }, {
- "authenticatorFlow" : true,
- "requirement" : "ALTERNATIVE",
- "priority" : 20,
- "autheticatorFlow" : true,
- "flowAlias" : "Verify Existing Account by Re-authentication",
- "userSetupAllowed" : false
- } ]
- }, {
- "id" : "35fd6ccf-a1bf-461d-8109-63ac494ffbc4",
- "alias" : "Browser - Conditional OTP",
- "description" : "Flow to determine if the OTP is required for the authentication",
- "providerId" : "basic-flow",
- "topLevel" : false,
- "builtIn" : true,
- "authenticationExecutions" : [ {
- "authenticator" : "conditional-user-configured",
- "authenticatorFlow" : false,
- "requirement" : "REQUIRED",
- "priority" : 10,
- "autheticatorFlow" : false,
- "userSetupAllowed" : false
- }, {
- "authenticator" : "auth-otp-form",
- "authenticatorFlow" : false,
- "requirement" : "REQUIRED",
- "priority" : 20,
- "autheticatorFlow" : false,
- "userSetupAllowed" : false
- } ]
- }, {
- "id" : "ec137396-f8b8-4b59-914f-e33532b690ea",
- "alias" : "Direct Grant - Conditional OTP",
- "description" : "Flow to determine if the OTP is required for the authentication",
- "providerId" : "basic-flow",
- "topLevel" : false,
- "builtIn" : true,
- "authenticationExecutions" : [ {
- "authenticator" : "conditional-user-configured",
- "authenticatorFlow" : false,
- "requirement" : "REQUIRED",
- "priority" : 10,
- "autheticatorFlow" : false,
- "userSetupAllowed" : false
- }, {
- "authenticator" : "direct-grant-validate-otp",
- "authenticatorFlow" : false,
- "requirement" : "REQUIRED",
- "priority" : 20,
- "autheticatorFlow" : false,
- "userSetupAllowed" : false
- } ]
- }, {
- "id" : "c76b9364-efcd-4fc1-a4b5-2def0be58d22",
- "alias" : "First broker login - Conditional OTP",
- "description" : "Flow to determine if the OTP is required for the authentication",
- "providerId" : "basic-flow",
- "topLevel" : false,
- "builtIn" : true,
- "authenticationExecutions" : [ {
- "authenticator" : "conditional-user-configured",
- "authenticatorFlow" : false,
- "requirement" : "REQUIRED",
- "priority" : 10,
- "autheticatorFlow" : false,
- "userSetupAllowed" : false
- }, {
- "authenticator" : "auth-otp-form",
- "authenticatorFlow" : false,
- "requirement" : "REQUIRED",
- "priority" : 20,
- "autheticatorFlow" : false,
- "userSetupAllowed" : false
- } ]
- }, {
- "id" : "2c756d91-7fb4-4507-94b4-d6e85f78cc6d",
- "alias" : "Handle Existing Account",
- "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider",
- "providerId" : "basic-flow",
- "topLevel" : false,
- "builtIn" : true,
- "authenticationExecutions" : [ {
- "authenticator" : "idp-confirm-link",
- "authenticatorFlow" : false,
- "requirement" : "REQUIRED",
- "priority" : 10,
- "autheticatorFlow" : false,
- "userSetupAllowed" : false
- }, {
- "authenticatorFlow" : true,
- "requirement" : "REQUIRED",
- "priority" : 20,
- "autheticatorFlow" : true,
- "flowAlias" : "Account verification options",
- "userSetupAllowed" : false
- } ]
- }, {
- "id" : "64fa5a88-1e6a-4905-8254-d9ec5123be9c",
- "alias" : "Reset - Conditional OTP",
- "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.",
- "providerId" : "basic-flow",
- "topLevel" : false,
- "builtIn" : true,
- "authenticationExecutions" : [ {
- "authenticator" : "conditional-user-configured",
- "authenticatorFlow" : false,
- "requirement" : "REQUIRED",
- "priority" : 10,
- "autheticatorFlow" : false,
- "userSetupAllowed" : false
- }, {
- "authenticator" : "reset-otp",
- "authenticatorFlow" : false,
- "requirement" : "REQUIRED",
- "priority" : 20,
- "autheticatorFlow" : false,
- "userSetupAllowed" : false
- } ]
- }, {
- "id" : "4f432a19-893c-4a00-98cf-63dd3a459488",
- "alias" : "User creation or linking",
- "description" : "Flow for the existing/non-existing user alternatives",
- "providerId" : "basic-flow",
- "topLevel" : false,
- "builtIn" : true,
- "authenticationExecutions" : [ {
- "authenticatorConfig" : "create unique user config",
- "authenticator" : "idp-create-user-if-unique",
- "authenticatorFlow" : false,
- "requirement" : "ALTERNATIVE",
- "priority" : 10,
- "autheticatorFlow" : false,
- "userSetupAllowed" : false
- }, {
- "authenticatorFlow" : true,
- "requirement" : "ALTERNATIVE",
- "priority" : 20,
- "autheticatorFlow" : true,
- "flowAlias" : "Handle Existing Account",
- "userSetupAllowed" : false
- } ]
- }, {
- "id" : "0a8a49d9-b9c8-4e86-a66d-c41466ac2a8d",
- "alias" : "Verify Existing Account by Re-authentication",
- "description" : "Reauthentication of existing account",
- "providerId" : "basic-flow",
- "topLevel" : false,
- "builtIn" : true,
- "authenticationExecutions" : [ {
- "authenticator" : "idp-username-password-form",
- "authenticatorFlow" : false,
- "requirement" : "REQUIRED",
- "priority" : 10,
- "autheticatorFlow" : false,
- "userSetupAllowed" : false
- }, {
- "authenticatorFlow" : true,
- "requirement" : "CONDITIONAL",
- "priority" : 20,
- "autheticatorFlow" : true,
- "flowAlias" : "First broker login - Conditional OTP",
- "userSetupAllowed" : false
- } ]
- }, {
- "id" : "a11fb221-5cfa-4758-8b3a-222205a91a69",
- "alias" : "browser",
- "description" : "browser based authentication",
- "providerId" : "basic-flow",
- "topLevel" : true,
- "builtIn" : true,
- "authenticationExecutions" : [ {
- "authenticator" : "auth-cookie",
- "authenticatorFlow" : false,
- "requirement" : "ALTERNATIVE",
- "priority" : 10,
- "autheticatorFlow" : false,
- "userSetupAllowed" : false
- }, {
- "authenticator" : "auth-spnego",
- "authenticatorFlow" : false,
- "requirement" : "DISABLED",
- "priority" : 20,
- "autheticatorFlow" : false,
- "userSetupAllowed" : false
- }, {
- "authenticator" : "identity-provider-redirector",
- "authenticatorFlow" : false,
- "requirement" : "ALTERNATIVE",
- "priority" : 25,
- "autheticatorFlow" : false,
- "userSetupAllowed" : false
- }, {
- "authenticatorFlow" : true,
- "requirement" : "ALTERNATIVE",
- "priority" : 30,
- "autheticatorFlow" : true,
- "flowAlias" : "forms",
- "userSetupAllowed" : false
- } ]
- }, {
- "id" : "d7d1170f-3790-4151-9eda-1bbf8c7bc644",
- "alias" : "clients",
- "description" : "Base authentication for clients",
- "providerId" : "client-flow",
- "topLevel" : true,
- "builtIn" : true,
- "authenticationExecutions" : [ {
- "authenticator" : "client-secret",
- "authenticatorFlow" : false,
- "requirement" : "ALTERNATIVE",
- "priority" : 10,
- "autheticatorFlow" : false,
- "userSetupAllowed" : false
- }, {
- "authenticator" : "client-jwt",
- "authenticatorFlow" : false,
- "requirement" : "ALTERNATIVE",
- "priority" : 20,
- "autheticatorFlow" : false,
- "userSetupAllowed" : false
- }, {
- "authenticator" : "client-secret-jwt",
- "authenticatorFlow" : false,
- "requirement" : "ALTERNATIVE",
- "priority" : 30,
- "autheticatorFlow" : false,
- "userSetupAllowed" : false
- }, {
- "authenticator" : "client-x509",
- "authenticatorFlow" : false,
- "requirement" : "ALTERNATIVE",
- "priority" : 40,
- "autheticatorFlow" : false,
- "userSetupAllowed" : false
- } ]
- }, {
- "id" : "141b1258-4bed-45d3-8fc5-d3ecc7b6bcd3",
- "alias" : "direct grant",
- "description" : "OpenID Connect Resource Owner Grant",
- "providerId" : "basic-flow",
- "topLevel" : true,
- "builtIn" : true,
- "authenticationExecutions" : [ {
- "authenticator" : "direct-grant-validate-username",
- "authenticatorFlow" : false,
- "requirement" : "REQUIRED",
- "priority" : 10,
- "autheticatorFlow" : false,
- "userSetupAllowed" : false
- }, {
- "authenticator" : "direct-grant-validate-password",
- "authenticatorFlow" : false,
- "requirement" : "REQUIRED",
- "priority" : 20,
- "autheticatorFlow" : false,
- "userSetupAllowed" : false
- }, {
- "authenticatorFlow" : true,
- "requirement" : "CONDITIONAL",
- "priority" : 30,
- "autheticatorFlow" : true,
- "flowAlias" : "Direct Grant - Conditional OTP",
- "userSetupAllowed" : false
- } ]
- }, {
- "id" : "dfca87d3-c9bd-4d48-998b-ecfec593fd5c",
- "alias" : "docker auth",
- "description" : "Used by Docker clients to authenticate against the IDP",
- "providerId" : "basic-flow",
- "topLevel" : true,
- "builtIn" : true,
- "authenticationExecutions" : [ {
- "authenticator" : "docker-http-basic-authenticator",
- "authenticatorFlow" : false,
- "requirement" : "REQUIRED",
- "priority" : 10,
- "autheticatorFlow" : false,
- "userSetupAllowed" : false
- } ]
- }, {
- "id" : "23566e15-d34c-4765-93c7-60f3f5285d10",
- "alias" : "first broker login",
- "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
- "providerId" : "basic-flow",
- "topLevel" : true,
- "builtIn" : true,
- "authenticationExecutions" : [ {
- "authenticatorConfig" : "review profile config",
- "authenticator" : "idp-review-profile",
- "authenticatorFlow" : false,
- "requirement" : "REQUIRED",
- "priority" : 10,
- "autheticatorFlow" : false,
- "userSetupAllowed" : false
- }, {
- "authenticatorFlow" : true,
- "requirement" : "REQUIRED",
- "priority" : 20,
- "autheticatorFlow" : true,
- "flowAlias" : "User creation or linking",
- "userSetupAllowed" : false
- } ]
- }, {
- "id" : "dd7793ea-8771-46be-bb27-c8cafc8d0f5c",
- "alias" : "forms",
- "description" : "Username, password, otp and other auth forms.",
- "providerId" : "basic-flow",
- "topLevel" : false,
- "builtIn" : true,
- "authenticationExecutions" : [ {
- "authenticator" : "auth-username-password-form",
- "authenticatorFlow" : false,
- "requirement" : "REQUIRED",
- "priority" : 10,
- "autheticatorFlow" : false,
- "userSetupAllowed" : false
- }, {
- "authenticatorFlow" : true,
- "requirement" : "CONDITIONAL",
- "priority" : 20,
- "autheticatorFlow" : true,
- "flowAlias" : "Browser - Conditional OTP",
- "userSetupAllowed" : false
- } ]
- }, {
- "id" : "ed731473-6de8-4472-a82d-7dd816bc6724",
- "alias" : "registration",
- "description" : "registration flow",
- "providerId" : "basic-flow",
- "topLevel" : true,
- "builtIn" : true,
- "authenticationExecutions" : [ {
- "authenticator" : "registration-page-form",
- "authenticatorFlow" : true,
- "requirement" : "REQUIRED",
- "priority" : 10,
- "autheticatorFlow" : true,
- "flowAlias" : "registration form",
- "userSetupAllowed" : false
- } ]
- }, {
- "id" : "e4401422-c3ee-4467-a1cd-6f762bb61a19",
- "alias" : "registration form",
- "description" : "registration form",
- "providerId" : "form-flow",
- "topLevel" : false,
- "builtIn" : true,
- "authenticationExecutions" : [ {
- "authenticator" : "registration-user-creation",
- "authenticatorFlow" : false,
- "requirement" : "REQUIRED",
- "priority" : 20,
- "autheticatorFlow" : false,
- "userSetupAllowed" : false
- }, {
- "authenticator" : "registration-password-action",
- "authenticatorFlow" : false,
- "requirement" : "REQUIRED",
- "priority" : 50,
- "autheticatorFlow" : false,
- "userSetupAllowed" : false
- }, {
- "authenticator" : "registration-recaptcha-action",
- "authenticatorFlow" : false,
- "requirement" : "DISABLED",
- "priority" : 60,
- "autheticatorFlow" : false,
- "userSetupAllowed" : false
- }, {
- "authenticator" : "registration-terms-and-conditions",
- "authenticatorFlow" : false,
- "requirement" : "DISABLED",
- "priority" : 70,
- "autheticatorFlow" : false,
- "userSetupAllowed" : false
- } ]
- }, {
- "id" : "53713414-a5dc-41fa-a3f6-d8088b7424ac",
- "alias" : "reset credentials",
- "description" : "Reset credentials for a user if they forgot their password or something",
- "providerId" : "basic-flow",
- "topLevel" : true,
- "builtIn" : true,
- "authenticationExecutions" : [ {
- "authenticator" : "reset-credentials-choose-user",
- "authenticatorFlow" : false,
- "requirement" : "REQUIRED",
- "priority" : 10,
- "autheticatorFlow" : false,
- "userSetupAllowed" : false
- }, {
- "authenticator" : "reset-credential-email",
- "authenticatorFlow" : false,
- "requirement" : "REQUIRED",
- "priority" : 20,
- "autheticatorFlow" : false,
- "userSetupAllowed" : false
- }, {
- "authenticator" : "reset-password",
- "authenticatorFlow" : false,
- "requirement" : "REQUIRED",
- "priority" : 30,
- "autheticatorFlow" : false,
- "userSetupAllowed" : false
- }, {
- "authenticatorFlow" : true,
- "requirement" : "CONDITIONAL",
- "priority" : 40,
- "autheticatorFlow" : true,
- "flowAlias" : "Reset - Conditional OTP",
- "userSetupAllowed" : false
- } ]
- }, {
- "id" : "60b5bfb7-4b86-48a5-bdf4-8a300b71281c",
- "alias" : "saml ecp",
- "description" : "SAML ECP Profile Authentication Flow",
- "providerId" : "basic-flow",
- "topLevel" : true,
- "builtIn" : true,
- "authenticationExecutions" : [ {
- "authenticator" : "http-basic-authenticator",
- "authenticatorFlow" : false,
- "requirement" : "REQUIRED",
- "priority" : 10,
- "autheticatorFlow" : false,
- "userSetupAllowed" : false
- } ]
- } ],
- "authenticatorConfig" : [ {
- "id" : "12284c3a-32a1-49c8-812a-4d1cb64d9675",
- "alias" : "create unique user config",
- "config" : {
- "require.password.update.after.registration" : "false"
- }
- }, {
- "id" : "3017ca74-9b25-49d1-af0f-963d9b75c9d5",
- "alias" : "review profile config",
- "config" : {
- "update.profile.on.first.login" : "missing"
- }
- } ],
- "requiredActions" : [ {
- "alias" : "CONFIGURE_TOTP",
- "name" : "Configure OTP",
- "providerId" : "CONFIGURE_TOTP",
- "enabled" : true,
- "defaultAction" : false,
- "priority" : 10,
- "config" : { }
- }, {
- "alias" : "TERMS_AND_CONDITIONS",
- "name" : "Terms and Conditions",
- "providerId" : "TERMS_AND_CONDITIONS",
- "enabled" : false,
- "defaultAction" : false,
- "priority" : 20,
- "config" : { }
- }, {
- "alias" : "UPDATE_PASSWORD",
- "name" : "Update Password",
- "providerId" : "UPDATE_PASSWORD",
- "enabled" : true,
- "defaultAction" : false,
- "priority" : 30,
- "config" : { }
- }, {
- "alias" : "UPDATE_PROFILE",
- "name" : "Update Profile",
- "providerId" : "UPDATE_PROFILE",
- "enabled" : true,
- "defaultAction" : false,
- "priority" : 40,
- "config" : { }
- }, {
- "alias" : "VERIFY_EMAIL",
- "name" : "Verify Email",
- "providerId" : "VERIFY_EMAIL",
- "enabled" : true,
- "defaultAction" : false,
- "priority" : 50,
- "config" : { }
- }, {
- "alias" : "delete_account",
- "name" : "Delete Account",
- "providerId" : "delete_account",
- "enabled" : false,
- "defaultAction" : false,
- "priority" : 60,
- "config" : { }
- }, {
- "alias" : "webauthn-register",
- "name" : "Webauthn Register",
- "providerId" : "webauthn-register",
- "enabled" : true,
- "defaultAction" : false,
- "priority" : 70,
- "config" : { }
- }, {
- "alias" : "webauthn-register-passwordless",
- "name" : "Webauthn Register Passwordless",
- "providerId" : "webauthn-register-passwordless",
- "enabled" : true,
- "defaultAction" : false,
- "priority" : 80,
- "config" : { }
- }, {
- "alias" : "update_user_locale",
- "name" : "Update User Locale",
- "providerId" : "update_user_locale",
- "enabled" : true,
- "defaultAction" : false,
- "priority" : 1000,
- "config" : { }
- } ],
- "browserFlow" : "browser",
- "registrationFlow" : "registration",
- "directGrantFlow" : "direct grant",
- "resetCredentialsFlow" : "reset credentials",
- "clientAuthenticationFlow" : "clients",
- "dockerAuthenticationFlow" : "docker auth",
- "attributes" : {
- "cibaBackchannelTokenDeliveryMode" : "poll",
- "cibaExpiresIn" : "120",
- "cibaAuthRequestedUserHint" : "login_hint",
- "parRequestUriLifespan" : "60",
- "cibaInterval" : "5",
- "realmReusableOtpCode" : "false"
- },
- "keycloakVersion" : "23.0.6",
- "userManagedAccessAllowed" : false,
- "clientProfiles" : {
- "profiles" : [ ]
- },
- "clientPolicies" : {
- "policies" : [ ]
- }
}
\ No newline at end of file
diff --git a/demo/deployments/keycloakrealm/Hexa-Orchestrator-Realm-users-0.json b/demo/deployments/keycloakrealm/Hexa-Orchestrator-Realm-users-0.json
new file mode 100644
index 0000000..b35a444
--- /dev/null
+++ b/demo/deployments/keycloakrealm/Hexa-Orchestrator-Realm-users-0.json
@@ -0,0 +1,110 @@
+{
+ "realm" : "Hexa-Orchestrator-Realm",
+ "users" : [ {
+ "id" : "bc55c461-d8cc-48b2-8781-5bc3d63e2154",
+ "createdTimestamp" : 1720751924200,
+ "username" : "alice@hexaindustries.io",
+ "enabled" : true,
+ "totp" : false,
+ "emailVerified" : true,
+ "firstName" : "Alice",
+ "lastName" : "Jay",
+ "email" : "alice@hexaindustries.io",
+ "credentials" : [ {
+ "id" : "28263152-bd64-454e-ac5b-aba1d911174a",
+ "type" : "password",
+ "userLabel" : "My password",
+ "createdDate" : 1720751960315,
+ "secretData" : "{\"value\":\"x1APHjmN6WsgK6fcFBCC32i0+bmG5dlPbl6QBtSqXWQ=\",\"salt\":\"SGYXce8wdEinn1PZmsN5gg==\",\"additionalParameters\":{}}",
+ "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
+ } ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "default-roles-hexa-orchestrator-realm" ],
+ "notBefore" : 0,
+ "groups" : [ "/marketing", "/sales" ]
+ }, {
+ "id" : "d93ab6af-5608-42bc-8661-83a8a321f8dc",
+ "createdTimestamp" : 1720752047940,
+ "username" : "bob@hexaindustries.io",
+ "enabled" : true,
+ "totp" : false,
+ "emailVerified" : true,
+ "firstName" : "Bob",
+ "lastName" : "Roberts",
+ "email" : "bob@hexaindustries.io",
+ "credentials" : [ {
+ "id" : "b4d88c10-c035-424c-8fe4-2d3cd05b5afa",
+ "type" : "password",
+ "userLabel" : "My password",
+ "createdDate" : 1720752067566,
+ "secretData" : "{\"value\":\"vg4HLq8K2Y7OFr+7QJyMR+ba3JzwzpPDWt/v1zFR/V4=\",\"salt\":\"2OTilF36heOMn1+R8V4Lcw==\",\"additionalParameters\":{}}",
+ "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
+ } ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "default-roles-hexa-orchestrator-realm" ],
+ "notBefore" : 0,
+ "groups" : [ "/accounting", "/humanresources" ]
+ }, {
+ "id" : "fd9b4c1d-2065-441c-8eb5-09634273fcc8",
+ "createdTimestamp" : 1720812295818,
+ "username" : "carol@hexaindustries.io",
+ "enabled" : true,
+ "totp" : false,
+ "emailVerified" : true,
+ "firstName" : "Carol",
+ "lastName" : "Carlos",
+ "email" : "carol@hexaindustries.io",
+ "credentials" : [ {
+ "id" : "09ff98a4-f99b-473e-96d3-3ed8465c2879",
+ "type" : "password",
+ "userLabel" : "My password",
+ "createdDate" : 1720812315334,
+ "secretData" : "{\"value\":\"WqeIZUv3VsiNm3PFtmU8g/C/0z8a1EsQfjtsLXe0Rww=\",\"salt\":\"IkJWV/+wbIEoO4a/9/Ke9A==\",\"additionalParameters\":{}}",
+ "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
+ } ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "default-roles-hexa-orchestrator-realm" ],
+ "notBefore" : 0,
+ "groups" : [ ]
+ }, {
+ "id" : "80666dad-928a-4219-aa25-d511b03cf147",
+ "createdTimestamp" : 1720752172622,
+ "username" : "gerry@hexaindustries.io",
+ "enabled" : true,
+ "totp" : false,
+ "emailVerified" : true,
+ "firstName" : "Gerry",
+ "lastName" : "Bossman",
+ "email" : "gerry@hexaindustries.io",
+ "credentials" : [ {
+ "id" : "a5c5c1f0-12f0-45be-a1eb-10cdec94d5ee",
+ "type" : "password",
+ "userLabel" : "My password",
+ "createdDate" : 1720752188807,
+ "secretData" : "{\"value\":\"IVxC+Wofj1fpuzMWr6O8doeBkfs0J89fcJ3j0HBoh1k=\",\"salt\":\"qotJ3bvlJVzqh/IkbkHzKw==\",\"additionalParameters\":{}}",
+ "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
+ } ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "default-roles-hexa-orchestrator-realm" ],
+ "notBefore" : 0,
+ "groups" : [ "/accounting", "/humanresources", "/marketing", "/sales" ]
+ }, {
+ "id" : "42d63382-d681-4a4c-bc68-69373c48c217",
+ "createdTimestamp" : 1717818402408,
+ "username" : "service-account-hexaclient",
+ "enabled" : true,
+ "totp" : false,
+ "emailVerified" : false,
+ "serviceAccountClientId" : "hexaclient",
+ "credentials" : [ ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "default-roles-hexa-orchestrator-realm" ],
+ "notBefore" : 0,
+ "groups" : [ ]
+ } ]
+}
\ No newline at end of file
diff --git a/demo/docker-compose.shared.yml b/demo/docker-compose.shared.yml
new file mode 100644
index 0000000..80b99b8
--- /dev/null
+++ b/demo/docker-compose.shared.yml
@@ -0,0 +1,54 @@
+name: hexa_shared
+# This docker-compose file contains OIDC services used by multiple Hexa projects. Only
+# once instance of these services need be started if configuring multiple projects (e.g. Policy-Orchestrator and Policy-OPA)
+
+services:
+
+ postgres:
+ image: postgres:alpine
+ volumes:
+ - postgres_data:/var/lib/postgresql/data
+ environment:
+ POSTGRES_DB: ${POSTGRES_DB}
+ POSTGRES_USER: ${POSTGRES_USER}
+ POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
+ networks:
+ - keycloak_network
+
+ keycloak:
+ image: quay.io/keycloak/keycloak:23.0.6
+ container_name: keycloak
+ hostname: keycloak
+ command: start --import-realm
+ environment:
+ KC_HOSTNAME: localhost
+ KC_HOSTNAME_PORT: 8080
+ KC_HOSTNAME_STRICT_BACKCHANNEL: false
+ KC_HTTP_ENABLED: true
+ KC_HOSTNAME_STRICT_HTTPS: false
+ KC_HEALTH_ENABLED: true
+ KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN}
+ KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
+ KC_DB: postgres
+ KC_DB_URL: jdbc:postgresql://postgres/${POSTGRES_DB}
+ KC_DB_USERNAME: ${POSTGRES_USER}
+ KC_DB_PASSWORD: ${POSTGRES_PASSWORD}
+ ports:
+ - 8080:8080
+ depends_on:
+ - postgres
+ networks:
+ - keycloak_network
+ - hexa_network
+ volumes:
+ - "./deployments/keycloakrealm:/opt/keycloak/data/import"
+
+volumes:
+ postgres_data:
+ driver: local
+
+networks:
+ keycloak_network:
+ driver: bridge
+ hexa_network:
+ driver: bridge
\ No newline at end of file
diff --git a/demo/docker-compose.yml b/demo/docker-compose.yml
index c0f3057..e8d3be0 100644
--- a/demo/docker-compose.yml
+++ b/demo/docker-compose.yml
@@ -33,6 +33,7 @@ services:
hexa-admin-ui:
image: hexaorchestrator
container_name: hexa-admin-ui
+ hostname: admin.hexa.org
ports:
- "8884:8884"
command: /app/hexaAdminUi
@@ -46,8 +47,11 @@ services:
HEXA_OAUTH_CLIENT_ID: hexaclient
HEXA_OAUTH_CLIENT_SECRET: "uuXVzfbqH635Ob0oTON1uboONUqasmTt"
HEXA_OAUTH_TOKEN_ENDPOINT: http://keycloak:8080/realms/Hexa-Orchestrator-Realm/protocol/openid-connect/token
+ HEXA_OIDC_ENABLED: true
+ HEXA_OIDC_PROVIDER_URL: http://keycloak:8080/realms/Hexa-Orchestrator-Realm
+ HEXA_OIDC_REDIRECT_URL: http://admin.hexa.org:8884/redirect
volumes:
- - "./.certs:/home/certs:ro"
+ - "./.certs:/home/certs"
depends_on:
- hexa-orchestrator
@@ -79,8 +83,7 @@ services:
ports:
- "8889:8889"
command: /app/hexaBundleServer
- depends_on:
- - keycloak
+
environment:
PORT: 8889
HEXA_TKN_DIRECTORY: "/home/certs"
@@ -106,7 +109,6 @@ services:
- "8887"
depends_on:
- hexa-opaBundle-server
- - keycloak
command: /app/hexaOpa run --server --addr :8887 --tls-cert-file=/home/certs/hexaOpa-cert.pem --tls-private-key-file=/home/certs/hexaOpa-key.pem --log-level debug -c /home/config/config.yaml
environment:
# These environment values are referenced in ./deployments/hexaOpaServer/config/config.yaml
@@ -124,50 +126,7 @@ services:
networks:
- hexa_network
- postgres:
- image: postgres:alpine
- volumes:
- - postgres_data:/var/lib/postgresql/data
- environment:
- POSTGRES_DB: ${POSTGRES_DB}
- POSTGRES_USER: ${POSTGRES_USER}
- POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
- networks:
- - keycloak_network
-
- keycloak:
- image: quay.io/keycloak/keycloak:23.0.6
- container_name: keycloak
- command: start --import-realm
- environment:
- KC_HOSTNAME: localhost
- KC_HOSTNAME_PORT: 8080
- KC_HOSTNAME_STRICT_BACKCHANNEL: false
- KC_HTTP_ENABLED: true
- KC_HOSTNAME_STRICT_HTTPS: false
- KC_HEALTH_ENABLED: true
- KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN}
- KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
- KC_DB: postgres
- KC_DB_URL: jdbc:postgresql://postgres/${POSTGRES_DB}
- KC_DB_USERNAME: ${POSTGRES_USER}
- KC_DB_PASSWORD: ${POSTGRES_PASSWORD}
- ports:
- - 8080:8080
- depends_on:
- - postgres
- networks:
- - keycloak_network
- - hexa_network
- volumes:
- - "./deployments/keycloakrealm:/opt/keycloak/data/import"
-
-volumes:
- postgres_data:
- driver: local
-
networks:
- keycloak_network:
- driver: bridge
hexa_network:
- driver: bridge
\ No newline at end of file
+ name: hexa_shared_hexa_network
+ external: true
\ No newline at end of file