diff --git a/README.md b/README.md index d37bf13bb..2c31f4f56 100644 --- a/README.md +++ b/README.md @@ -6,6 +6,11 @@ # Quantum serverless +Quantum Serverless is a user-friendly tool that enables you to easily run complex quantum computing tasks. +With this software, you can execute Qiskit programs as long running jobs and distribute them across multiple CPUs, GPUs, and QPUs. +This means you can take on more complex quantum-classical programs and run them with ease. +You don't have to worry about configuration or scaling up computational resources, as Quantum Serverless takes care of everything for you. + ![diagram](./docs/images/qs_diagram.png) ### Table of Contents @@ -13,139 +18,31 @@ 1. [Installation](INSTALL.md) 2. [Quickstart](#quickstart-guide) 3. [Beginners Guide](docs/beginners_guide.md) -4. Modules: +4. [Getting started](docs/getting_started/) +5. Modules: 1. [Client](./client) 2. [Infrastructure](./infrastructure) -5. [Tutorials](docs/tutorials/) -6. [Guides](docs/guides/) -7. [How to Give Feedback](#how-to-give-feedback) -8. [Contribution Guidelines](#contribution-guidelines) -9. [References and Acknowledgements](#references-and-acknowledgements) -10. [License](#license) +6. [Tutorials](docs/tutorials/) +7. [Guides](docs/guides/) +8. [How to Give Feedback](#how-to-give-feedback) +9. [Contribution Guidelines](#contribution-guidelines) +10. [References and Acknowledgements](#references-and-acknowledgements) +11. [License](#license) ---------------------------------------------------------------------------------------------------- ### Quickstart -Steps -1. prepare infrastructure -2. write your program -3. run program - -#### Prepare infrastructure - -In the root folder of this project you can find `docker-compose.yml` -file, which is configured to run all necessary services for quickstart tutorials. - -Run in a root folder +1. Prepare local infrastructure ```shell docker-compose pull docker-compose up ``` -:memo: For more advanced ways to deploy the project you have the guide: -[Multi cloud deployment](https://qiskit-extensions.github.io/quantum-serverless/guides/08_multi_cloud_deployment.html). - -#### Write your program - -Create python file with necessary code. Let's call in `program.py` - -```python -# program.py -from qiskit import QuantumCircuit -from qiskit.circuit.random import random_circuit -from qiskit.quantum_info import SparsePauliOp -from qiskit.primitives import Estimator - -from quantum_serverless import QuantumServerless, run_qiskit_remote, get, put -from quantum_serverless.core.state import RedisStateHandler - -# 1. let's annotate out function to convert it -# to function that can be executed remotely -# using `run_qiskit_remote` decorator -@run_qiskit_remote() -def my_function(circuit: QuantumCircuit, obs: SparsePauliOp): - return Estimator().run([circuit], [obs]).result().values - - -# 2. Next let's create out serverless object to control -# where our remote function will be executed -serverless = QuantumServerless() - -# 2.1 (Optional) state handler to write/read results in/out of job -state_handler = RedisStateHandler("redis", 6379) - -circuits = [random_circuit(2, 2) for _ in range(3)] - -# 3. create serverless context -with serverless: - # 4. let's put some shared objects into remote storage that will be shared among all executions - obs_ref = put(SparsePauliOp(["ZZ"])) - - # 4. run our function and get back reference to it - # as now our function it remote one - function_reference = my_function(circuits[0], obs_ref) - - # 4.1 or we can run N of them in parallel (for all circuits) - function_references = [my_function(circ, obs_ref) for circ in circuits] - - # 5. to get results back from reference - # we need to call `get` on function reference - single_result = get(function_reference) - parallel_result = get(function_references) - print("Single execution:", single_result) - print("N parallel executions:", parallel_result) - - # 5.1 (Optional) write results to state. - state_handler.set("result", { - "status": "ok", - "single": single_result.tolist(), - "parallel_result": [entry.tolist() for entry in parallel_result] - }) -``` - -#### Run program - -Let's run our program now - -```python -from quantum_serverless import QuantumServerless, Program -from quantum_serverless.core.state import RedisStateHandler - -serverless = QuantumServerless({ - "providers": [{ - "name": "docker-compose", - "compute_resource": { - "name": "docker-compose", - "host": "localhost", # using our docker-compose infrastructure - } - }] -}) -serverless.set_provider("docker-compose") # set provider as docker-compose - -state_handler = RedisStateHandler("localhost", 6379) - -# create out program -program = Program( - name="my_program", - entrypoint="program.py" # set entrypoint as our program.py file -) - -job = serverless.run_program(program) - -job.status() -# - -job.logs() -# Single execution: [1.] -# N parallel executions: [array([1.]), array([0.]), array([-0.28650496])] - -state_handler.get("result") # (Optional) get written data -# {'status': 'ok', -# 'single': [1.0], -# 'parallel_result': [[1.0], [0.0], [-0.28650496]]} -``` +2. Open jupyter notebook in browser at [http://localhost:8888/](http://localhost:8888/). Password for notebook is `123` +3. Explore 3 getting started tutorials. +For more detailed examples and explanations refer to [Beginners Guide](docs/beginners_guide.md), [Getting started examples](docs/getting_started/), [Guides](docs/guides) and [Tutorials](docs/tutorials). ---------------------------------------------------------------------------------------------------- diff --git a/docker-compose.yml b/docker-compose.yml index 03eb8feaa..667e85427 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,6 +3,8 @@ services: jupyter: container_name: qs-jupyter image: qiskit/quantum-serverless-notebook:nightly-py39 + volumes: + - ./docs/getting_started:/home/jovyan/ ports: - 8888:8888 environment: @@ -73,7 +75,7 @@ services: KEYCLOAK_ADMIN_USER: admin KEYCLOAK_ADMIN_PASSWORD: 123 KEYCLOAK_HTTP_PORT: 8080 - KEYCLOAK_EXTRA_ARGS: "--import-realm" + KEYCLOAK_EXTRA_ARGS: "-Dkeycloak.import=/opt/keycloak/data/import/realm-export.json" ports: - '8085:8080' depends_on: @@ -85,19 +87,20 @@ services: gateway: container_name: gateway image: docker.io/qiskit/quantum-serverless-gateway:nightly - command: gunicorn gateway.wsgi:application --bind 0.0.0.0:8000 --workers=3 + command: python manage.py runserver 0.0.0.0:8000 ports: - 8000:8000 environment: - DEBUG=0 - RAY_HOST=http://ray-head:8265 - - CLIENT_ID=gateway-client + - CLIENT_ID=rayclient - DJANGO_SUPERUSER_USERNAME=admin - DJANGO_SUPERUSER_PASSWORD=123 - DJANGO_SUPERUSER_EMAIL=admin@noemail.com - - SETTING_KEYCLOAK_URL=http://keycloak:8080/auth - - SETTING_KEYCLOAK_REALM=Test - - SETTINGS_KEYCLOAK_CLIENT_SECRET=AQ3sZ4eiF7NhOtfxeUEGo0YN7uQBoUnO + - SETTING_KEYCLOAK_URL=http://keycloak:8080/ + - SETTING_KEYCLOAK_REALM=quantumserverless + - SETTINGS_KEYCLOAK_CLIENT_SECRET=supersecret + - SETTINGS_KEYCLOAK_CLIENT_NAME=rayclient - SITE_HOST=http://gateway:8000 networks: - safe-tier diff --git a/docs/getting_started/01_intro_level_1.ipynb b/docs/getting_started/01_intro_level_1.ipynb new file mode 100644 index 000000000..7e435c30f --- /dev/null +++ b/docs/getting_started/01_intro_level_1.ipynb @@ -0,0 +1,252 @@ +{ + "cells": [ + { + "cell_type": "markdown", + "id": "66030e20-b384-4dcf-9c5f-7664f7ad1693", + "metadata": {}, + "source": [ + "# Getting started - level 1\n", + "\n", + "Let's write `Hello World` program using quantum serverless. \n", + "\n", + "We will start with writing code for our program and saving it to [./source_files/gs_level_1.py](./source_files/gs_level_1.py) file. Our program will be a Qiskit hello world example, which prepares a Bell state and then returns the measured probability distribution\n", + "\n", + "```python\n", + "# source_files/gs_level_1.py\n", + "\n", + "from qiskit import QuantumCircuit\n", + "from qiskit.primitives import Sampler\n", + "\n", + "circuit = QuantumCircuit(2)\n", + "circuit.h(0)\n", + "circuit.cx(0, 1)\n", + "circuit.measure_all()\n", + "circuit.draw()\n", + "\n", + "sampler = Sampler()\n", + "\n", + "quasi_dists = sampler.run(circuit).result().quasi_dists\n", + "\n", + "print(f\"Quasi distribution: {quasi_dists[0]}\")\n", + "```\n", + "\n", + "Next we need to run this program. For that we need to import necessary classes and configure them. \n", + "One of those classes is `QuantumServerless`, which is a client class to interact with compute resources.\n", + "It will help us run programs, monitor progress and fetch results.\n", + "\n", + "`QuantumServerless` accepts `Provider` as a constructor argument. Provider stores configuration where our compute resources are and how to connect to them. For this example we will be using provider which is connected to local docker-compose setup. For more information on docker-compose check out [docker docs](https://docs.docker.com/compose/), but for now you can think of it as your local environment manager. So, in this example programs will be running locally on your machine. If you want to run it elsewhere, you need to provide corresponding host and authentication details." + ] + }, + { + "cell_type": "code", + "execution_count": 1, + "id": "81dd7807-7180-4b87-bbf9-832b7cf29d69", + "metadata": {}, + "outputs": [], + "source": [ + "from quantum_serverless import QuantumServerless, GatewayProvider" + ] + }, + { + "cell_type": "code", + "execution_count": 2, + "id": "acdec789-4967-48ee-8f6c-8d2b0ff57e91", + "metadata": {}, + "outputs": [ + { + "data": { + "text/plain": [ + "" + ] + }, + "execution_count": 2, + "metadata": {}, + "output_type": "execute_result" + } + ], + "source": [ + "provider = GatewayProvider(\n", + " username=\"user\", # this username has already been defined in local docker setup and does not need to be changed\n", + " password=\"password123\", # this password has already been defined in local docker setup and does not need to be changed\n", + " host=\"http://gateway:8000\", # address of provider\n", + ")\n", + "\n", + "serverless = QuantumServerless(provider)\n", + "serverless" + ] + }, + { + "cell_type": "markdown", + "id": "4dd85621-9ab0-4f34-9ab4-07ad773c5e00", + "metadata": {}, + "source": [ + "Now we need to run our program file, by creating an instance of `Program` and calling `run_program` method of our `QuantumServerless` client.\n", + "\n", + "`Program` accepts couple of required parameters:\n", + "- name - name of the program\n", + "- entrypoint - name of python file you want to execute\n", + "- working_dir - folder where your script is located. This is optional parameter and will be current folder by default. " + ] + }, + { + "cell_type": "code", + "execution_count": 3, + "id": "d51df836-3f22-467c-b637-5803145d5d8a", + "metadata": {}, + "outputs": [ + { + "data": { + "text/plain": [ + "" + ] + }, + "execution_count": 3, + "metadata": {}, + "output_type": "execute_result" + } + ], + "source": [ + "from quantum_serverless import Program\n", + "\n", + "program = Program(\n", + " title=\"Getting started program level 1\", # you can choose any name you like. It is used to differentiate if you have a lot of programs in array.\n", + " entrypoint=\"gs_level_1.py\", # entrypoint is file that will start your calculation\n", + " working_dir=\"./source_files/\" # where you files are located. By default it is current directory.\n", + ")\n", + "\n", + "job = serverless.run_program(program)\n", + "job" + ] + }, + { + "cell_type": "markdown", + "id": "39ee31d2-3553-4e19-bcb9-4cccd0df0e4c", + "metadata": {}, + "source": [ + "As result of `run_program` call we get `Job` which has `status` method to check status of program execution, `logs` to get logs of execution." + ] + }, + { + "cell_type": "code", + "execution_count": 4, + "id": "cc7ccea6-bbae-4184-ba7f-67b6c20a0b0b", + "metadata": {}, + "outputs": [ + { + "data": { + "text/plain": [ + "'SUCCEEDED'" + ] + }, + "execution_count": 4, + "metadata": {}, + "output_type": "execute_result" + } + ], + "source": [ + "job.status()" + ] + }, + { + "cell_type": "code", + "execution_count": 5, + "id": "ca76abfa-2ff5-425b-a225-058d91348e8b", + "metadata": {}, + "outputs": [ + { + "data": { + "text/plain": [ + "'Quasi distribution: {0: 0.4999999999999999, 3: 0.4999999999999999}\\n'" + ] + }, + "execution_count": 5, + "metadata": {}, + "output_type": "execute_result" + } + ], + "source": [ + "job.logs()" + ] + }, + { + "cell_type": "markdown", + "id": "3b1113ef-e8ad-4ed9-b07b-9da2f2b9ea1c", + "metadata": {}, + "source": [ + "Also this object has `job_id` property that can be used if you want to access job results later.\n", + "To do so we need to call `get_job_by_id` method of `QuantumServerless` client." + ] + }, + { + "cell_type": "code", + "execution_count": 6, + "id": "f942b76d-596c-4384-8f36-e5f73e72cefd", + "metadata": {}, + "outputs": [ + { + "data": { + "text/plain": [ + "'e4a801d2-f9eb-4392-b584-cbdd600755c8'" + ] + }, + "execution_count": 6, + "metadata": {}, + "output_type": "execute_result" + } + ], + "source": [ + "job.job_id" + ] + }, + { + "cell_type": "markdown", + "id": "a92069ba-0a3c-4c9f-8e8d-3916a2eb2093", + "metadata": {}, + "source": [ + "Users can fetch previously ran jobs from configured providers." + ] + }, + { + "cell_type": "code", + "execution_count": 7, + "id": "45e2927f-655b-47a4-8003-f16e5ba0a1cd", + "metadata": {}, + "outputs": [ + { + "data": { + "text/plain": [ + "" + ] + }, + "execution_count": 7, + "metadata": {}, + "output_type": "execute_result" + } + ], + "source": [ + "serverless.get_job_by_id(job.job_id)" + ] + } + ], + "metadata": { + "kernelspec": { + "display_name": "Python 3 (ipykernel)", + "language": "python", + "name": "python3" + }, + "language_info": { + "codemirror_mode": { + "name": "ipython", + "version": 3 + }, + "file_extension": ".py", + "mimetype": "text/x-python", + "name": "python", + "nbconvert_exporter": "python", + "pygments_lexer": "ipython3", + "version": "3.9.13" + } + }, + "nbformat": 4, + "nbformat_minor": 5 +} diff --git a/docs/getting_started/01_intro_level_2.ipynb b/docs/getting_started/01_intro_level_2.ipynb new file mode 100644 index 000000000..4cc87c039 --- /dev/null +++ b/docs/getting_started/01_intro_level_2.ipynb @@ -0,0 +1,436 @@ +{ + "cells": [ + { + "cell_type": "markdown", + "id": "3ff90cec-1b42-4744-9400-eb5a4bd1ef3a", + "metadata": {}, + "source": [ + "# Getting started - level 2\n", + "\n", + "In this tutorial we will explore a little bit more advanced example of a program that require some configuration, requirements setup, etc. \n", + "\n", + "Again we will start with writing code for our program and saving it to [./source_files/gs_level_2.py](./source_files/gs_level_2.py) file.\n", + "This time it will be VQE example from [Qiskit documentation](https://qiskit.org/documentation/nature/tutorials/07_leveraging_qiskit_runtime.html) and we also introduce dependency management and arguments to our programs.\n", + "\n", + "```python\n", + "# source_files/gs_level_2.py\n", + "\n", + "import argparse\n", + "\n", + "from qiskit_nature.units import DistanceUnit\n", + "from qiskit_nature.second_q.drivers import PySCFDriver\n", + "from qiskit_nature.second_q.mappers import QubitConverter\n", + "from qiskit_nature.second_q.mappers import ParityMapper\n", + "from qiskit_nature.second_q.properties import ParticleNumber\n", + "from qiskit_nature.second_q.transformers import ActiveSpaceTransformer\n", + "from qiskit.algorithms.minimum_eigensolvers import NumPyMinimumEigensolver\n", + "from qiskit_nature.second_q.algorithms.ground_state_solvers import GroundStateEigensolver\n", + "from qiskit.circuit.library import EfficientSU2\n", + "import numpy as np\n", + "from qiskit.utils import algorithm_globals\n", + "from qiskit.algorithms.optimizers import SPSA\n", + "from qiskit.algorithms.minimum_eigensolvers import VQE\n", + "from qiskit.primitives import Estimator\n", + "\n", + "\n", + "def run(bond_distance: float = 2.5):\n", + " driver = PySCFDriver(\n", + " atom=f\"Li 0 0 0; H 0 0 {bond_distance}\",\n", + " basis=\"sto3g\",\n", + " charge=0,\n", + " spin=0,\n", + " unit=DistanceUnit.ANGSTROM,\n", + " )\n", + " problem = driver.run()\n", + "\n", + " active_space_trafo = ActiveSpaceTransformer(\n", + " num_electrons=problem.num_particles, num_spatial_orbitals=3\n", + " )\n", + " problem = active_space_trafo.transform(problem)\n", + " qubit_converter = QubitConverter(ParityMapper(), two_qubit_reduction=True)\n", + "\n", + " ansatz = EfficientSU2(num_qubits=4, reps=1, entanglement=\"linear\", insert_barriers=True)\n", + "\n", + " np.random.seed(5)\n", + " algorithm_globals.random_seed = 5\n", + "\n", + "\n", + " optimizer = SPSA(maxiter=100)\n", + " initial_point = np.random.random(ansatz.num_parameters)\n", + "\n", + " estimator = Estimator()\n", + " local_vqe = VQE(\n", + " estimator,\n", + " ansatz,\n", + " optimizer,\n", + " initial_point=initial_point,\n", + " )\n", + "\n", + " local_vqe_groundstate_solver = GroundStateEigensolver(qubit_converter, local_vqe)\n", + " local_vqe_result = local_vqe_groundstate_solver.solve(problem)\n", + "\n", + " print(local_vqe_result)\n", + "\n", + "\n", + "if __name__ == \"__main__\":\n", + " parser = argparse.ArgumentParser()\n", + " parser.add_argument(\n", + " \"--bond_length\",\n", + " help=\"Bond length in Angstrom.\",\n", + " default=2.5,\n", + " type=float,\n", + " )\n", + " args = parser.parse_args()\n", + "\n", + " print(f\"Running for bond length {args.bond_length}.\")\n", + " run(args.bond_length)\n", + "\n", + "```\n", + "\n", + "As you can see here we used couple of additional things compared to `getting started level 1`. \n", + "\n", + "First, we are introducing dependency management by using the `qiskit-nature` module and `pyscf` extension.\n", + "We also using argument parsing to accept arguments to our program. In this case argument is `bond_length`. This means that we can, re-run our program over different bond lengths and produce a dissociation curve.\n", + "\n", + "\n", + "Next we need to run this program. For that we need to import necessary modules and configure `QuantumServerless` client. We are doing so by providing name and host for deployed infrastructure." + ] + }, + { + "cell_type": "code", + "execution_count": 1, + "id": "79434a17-1222-4d04-a81a-8140ed630ed6", + "metadata": {}, + "outputs": [], + "source": [ + "from quantum_serverless import QuantumServerless, GatewayProvider" + ] + }, + { + "cell_type": "code", + "execution_count": 2, + "id": "b6ec8969-8c3d-4b7f-8c4c-adc6dbb9c59f", + "metadata": {}, + "outputs": [ + { + "data": { + "text/plain": [ + "" + ] + }, + "execution_count": 2, + "metadata": {}, + "output_type": "execute_result" + } + ], + "source": [ + "provider = GatewayProvider(\n", + " username=\"user\", # this username has already been defined in local docker setup and does not need to be changed\n", + " password=\"password123\", # this password has already been defined in local docker setup and does not need to be changed\n", + " host=\"http://gateway:8000\", # address of provider\n", + ")\n", + "\n", + "serverless = QuantumServerless(provider)\n", + "serverless" + ] + }, + { + "cell_type": "markdown", + "id": "544f7c64-ae1e-4480-b5d0-93f0c335eccd", + "metadata": {}, + "source": [ + "In addition to that we will provide additional `dependencies` and `arguments` to our `Program` construction.\n", + "- `dependencies` parameter will install provided libraries to run our script. Dependencies can be python libraries available on PyPi or any package source installable via pip package manager .\n", + "- `arguments` parameter is a dictionary with arguments that will be passed for script execution" + ] + }, + { + "cell_type": "code", + "execution_count": 3, + "id": "3ee09b31-4c7f-4ff3-af8f-294e4256793e", + "metadata": {}, + "outputs": [ + { + "data": { + "text/plain": [ + "" + ] + }, + "execution_count": 3, + "metadata": {}, + "output_type": "execute_result" + } + ], + "source": [ + "from quantum_serverless import Program\n", + "\n", + "program = Program(\n", + " title=\"Getting started program level 2\",\n", + " entrypoint=\"gs_level_2.py\",\n", + " working_dir=\"./source_files\",\n", + " dependencies=[\"qiskit-nature\", \"qiskit-nature[pyscf]\"],\n", + " arguments={\n", + " \"bond_length\": 2.55\n", + " }\n", + ")\n", + "\n", + "job = serverless.run_program(program)\n", + "job" + ] + }, + { + "cell_type": "code", + "execution_count": 8, + "id": "420f2711-b8c6-4bf9-8651-c9d098348467", + "metadata": {}, + "outputs": [ + { + "data": { + "text/plain": [ + "'SUCCEEDED'" + ] + }, + "execution_count": 8, + "metadata": {}, + "output_type": "execute_result" + } + ], + "source": [ + "job.status()" + ] + }, + { + "cell_type": "code", + "execution_count": 9, + "id": "7e3b0cc7-2f08-4b69-a266-bbbe4e9a6c59", + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "Running for bond length 2.55.\n", + "=== GROUND STATE ENERGY ===\n", + " \n", + "* Electronic ground state energy (Hartree): -8.211426461751\n", + " - computed part: -8.211426461751\n", + " - ActiveSpaceTransformer extracted energy part: 0.0\n", + "~ Nuclear repulsion energy (Hartree): 0.622561424612\n", + "> Total ground state energy (Hartree): -7.588865037139\n", + " \n", + "=== MEASURED OBSERVABLES ===\n", + " \n", + " 0: # Particles: 3.997 S: 0.436 S^2: 0.626 M: 0.001\n", + " \n", + "=== DIPOLE MOMENTS ===\n", + " \n", + "~ Nuclear dipole moment (a.u.): [0.0 0.0 4.81880162]\n", + " \n", + " 0: \n", + " * Electronic dipole moment (a.u.): [0.0 0.0 1.53218981]\n", + " - computed part: [0.0 0.0 1.53218981]\n", + " - ActiveSpaceTransformer extracted energy part: [0.0 0.0 0.0]\n", + " > Dipole moment (a.u.): [0.0 0.0 3.28661181] Total: 3.28661181\n", + " (debye): [0.0 0.0 8.35373319] Total: 8.35373319\n", + " \n", + "\n" + ] + } + ], + "source": [ + "print(job.logs())" + ] + }, + { + "cell_type": "markdown", + "id": "94e3f04f-09df-4bc0-9715-643523207516", + "metadata": {}, + "source": [ + "---\n", + "If you want to run this program with different bond length you can run it 3 times. Programs are asynchronous, therefore each of instance of program will be running in parallel." + ] + }, + { + "cell_type": "code", + "execution_count": 10, + "id": "5f4d4317-bcc9-4e1a-942a-a38ca5331261", + "metadata": {}, + "outputs": [ + { + "data": { + "text/plain": [ + "[,\n", + " ,\n", + " ]" + ] + }, + "execution_count": 10, + "metadata": {}, + "output_type": "execute_result" + } + ], + "source": [ + "jobs = []\n", + "\n", + "for bond_length in [2.55, 3.0, 3.55]:\n", + " program = Program(\n", + " title=f\"Groundstate with bond length {bond_length}\",\n", + " entrypoint=\"gs_level_2.py\",\n", + " working_dir=\"./source_files\",\n", + " dependencies=[\"qiskit-nature\", \"qiskit-nature[pyscf]\"],\n", + " arguments={\n", + " \"bond_length\": bond_length\n", + " }\n", + " )\n", + " jobs.append(serverless.run_program(program))\n", + "\n", + "jobs" + ] + }, + { + "cell_type": "code", + "execution_count": 14, + "id": "46fe3955-ac35-43d9-a5de-2a4e2cad1483", + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "RUNNING\n", + "RUNNING\n", + "RUNNING\n" + ] + } + ], + "source": [ + "for job in jobs:\n", + " print(job.status())" + ] + }, + { + "cell_type": "code", + "execution_count": 10, + "id": "0988d6b4-03a4-4c87-ad1f-5b0526a7527e", + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "Running for bond length 2.55.\n", + "=== GROUND STATE ENERGY ===\n", + " \n", + "* Electronic ground state energy (Hartree): -8.211426461751\n", + " - computed part: -8.211426461751\n", + " - ActiveSpaceTransformer extracted energy part: 0.0\n", + "~ Nuclear repulsion energy (Hartree): 0.622561424612\n", + "> Total ground state energy (Hartree): -7.588865037139\n", + " \n", + "=== MEASURED OBSERVABLES ===\n", + " \n", + " 0: # Particles: 3.997 S: 0.436 S^2: 0.626 M: 0.001\n", + " \n", + "=== DIPOLE MOMENTS ===\n", + " \n", + "~ Nuclear dipole moment (a.u.): [0.0 0.0 4.81880162]\n", + " \n", + " 0: \n", + " * Electronic dipole moment (a.u.): [0.0 0.0 1.53218981]\n", + " - computed part: [0.0 0.0 1.53218981]\n", + " - ActiveSpaceTransformer extracted energy part: [0.0 0.0 0.0]\n", + " > Dipole moment (a.u.): [0.0 0.0 3.28661181] Total: 3.28661181\n", + " (debye): [0.0 0.0 8.35373319] Total: 8.35373319\n", + " \n", + "\n", + "Running for bond length 3.0.\n", + "=== GROUND STATE ENERGY ===\n", + " \n", + "* Electronic ground state energy (Hartree): -8.124024370249\n", + " - computed part: -8.124024370249\n", + " - ActiveSpaceTransformer extracted energy part: 0.0\n", + "~ Nuclear repulsion energy (Hartree): 0.52917721092\n", + "> Total ground state energy (Hartree): -7.594847159329\n", + " \n", + "=== MEASURED OBSERVABLES ===\n", + " \n", + " 0: # Particles: 3.998 S: 0.408 S^2: 0.575 M: 0.001\n", + " \n", + "=== DIPOLE MOMENTS ===\n", + " \n", + "~ Nuclear dipole moment (a.u.): [0.0 0.0 5.66917837]\n", + " \n", + " 0: \n", + " * Electronic dipole moment (a.u.): [0.0 0.0 2.91821215]\n", + " - computed part: [0.0 0.0 2.91821215]\n", + " - ActiveSpaceTransformer extracted energy part: [0.0 0.0 0.0]\n", + " > Dipole moment (a.u.): [0.0 0.0 2.75096622] Total: 2.75096622\n", + " (debye): [0.0 0.0 6.99225801] Total: 6.99225801\n", + " \n", + "\n", + "Running for bond length 3.55.\n", + "=== GROUND STATE ENERGY ===\n", + " \n", + "* Electronic ground state energy (Hartree): -8.049823374615\n", + " - computed part: -8.049823374615\n", + " - ActiveSpaceTransformer extracted energy part: 0.0\n", + "~ Nuclear repulsion energy (Hartree): 0.447192009228\n", + "> Total ground state energy (Hartree): -7.602631365386\n", + " \n", + "=== MEASURED OBSERVABLES ===\n", + " \n", + " 0: # Particles: 3.999 S: 0.378 S^2: 0.520 M: 0.001\n", + " \n", + "=== DIPOLE MOMENTS ===\n", + " \n", + "~ Nuclear dipole moment (a.u.): [0.0 0.0 6.70852774]\n", + " \n", + " 0: \n", + " * Electronic dipole moment (a.u.): [0.0 0.0 5.39179177]\n", + " - computed part: [0.0 0.0 5.39179177]\n", + " - ActiveSpaceTransformer extracted energy part: [0.0 0.0 0.0]\n", + " > Dipole moment (a.u.): [0.0 0.0 1.31673597] Total: 1.31673597\n", + " (debye): [0.0 0.0 3.34680868] Total: 3.34680868\n", + " \n", + "\n" + ] + } + ], + "source": [ + "for job in jobs:\n", + " print(job.logs())" + ] + }, + { + "cell_type": "markdown", + "id": "95a1d859-a089-4d7f-ad88-b2acae1ed66d", + "metadata": {}, + "source": [ + "---\n", + "Other way would be refactoring program file itself to accept list of bond length and run them in a loop inside a program.\n", + "If you want 3 independent results, then running 3 programs would be a better fit. But if you want to do some postprocessing after execution of multiple function, then refactoring program file to run 3 function and postprocess them would be better choice. But at the end it all boils down to user preference." + ] + } + ], + "metadata": { + "kernelspec": { + "display_name": "Python 3 (ipykernel)", + "language": "python", + "name": "python3" + }, + "language_info": { + "codemirror_mode": { + "name": "ipython", + "version": 3 + }, + "file_extension": ".py", + "mimetype": "text/x-python", + "name": "python", + "nbconvert_exporter": "python", + "pygments_lexer": "ipython3", + "version": "3.9.13" + } + }, + "nbformat": 4, + "nbformat_minor": 5 +} diff --git a/docs/getting_started/01_intro_level_3.ipynb b/docs/getting_started/01_intro_level_3.ipynb new file mode 100644 index 000000000..28c9cdf0e --- /dev/null +++ b/docs/getting_started/01_intro_level_3.ipynb @@ -0,0 +1,249 @@ +{ + "cells": [ + { + "cell_type": "markdown", + "id": "73944cc6-e22d-43ae-8716-78bb00360a0f", + "metadata": {}, + "source": [ + "# Getting started - level 3\n", + "\n", + "In this tutorial we will explore a little bit more advanced example of a program that require some configuration, requirements setup, etc. \n", + "\n", + "Again we will start with writing code for our program and saving it to [./source_files/gs_level_3.py](./source_files/gs_level_3.py) file.\n", + "This time, our program will run an estimator as a parallel function, computing the expectation value of a single observable over a set of random circuits. The results will be saved to a database, which means it will be stored in a formatted way and later on we can fetch results of or programs without looking at logs.\n", + "\n", + "```python\n", + "# source_files/gs_level_3.py\n", + "\n", + "from qiskit import QuantumCircuit\n", + "from qiskit.circuit.random import random_circuit\n", + "from qiskit.quantum_info import SparsePauliOp\n", + "from qiskit.primitives import Estimator\n", + "\n", + "from quantum_serverless import QuantumServerless, run_qiskit_remote, get, put, save_result\n", + "\n", + "# 1. let's annotate out function to convert it\n", + "# to function that can be executed remotely\n", + "# using `run_qiskit_remote` decorator\n", + "@run_qiskit_remote()\n", + "def my_function(circuit: QuantumCircuit, obs: SparsePauliOp):\n", + " \"\"\"Compute expectation value of an obs given a circuit\"\"\"\n", + " return Estimator().run([circuit], [obs]).result().values\n", + "\n", + "\n", + "# 2. Next let's create our serverless object that we will be using to create context\n", + "# which will allow us to run funcitons in parallel\n", + "serverless = QuantumServerless()\n", + "\n", + "circuits = [random_circuit(2, 2) for _ in range(3)]\n", + "\n", + "# 3. create serverless context which will allow us to run functions in parallel\n", + "with serverless.context():\n", + " # 4. The observable is the same for all expectation value calculations. So we can put that object into remote storage since it will be shared among all executions of my_function.\n", + " obs_ref = put(SparsePauliOp([\"ZZ\"]))\n", + "\n", + " # 5. we can run our function for a single input circuit \n", + " # and get back a reference to it as now our function is a remote one\n", + " function_reference = my_function(circuits[0], obs_ref)\n", + "\n", + " # 5.1 or we can run N of them in parallel (for all circuits)\n", + " # note: if we will be using real backends (QPUs) we should either use\n", + " # N separate backends to run them in parallel or\n", + " # one will be running after each other sequentially\n", + " function_references = [my_function(circ, obs_ref) for circ in circuits]\n", + "\n", + " # 6. to get results back from reference\n", + " # we need to call `get` on function reference\n", + " single_result = get(function_reference)\n", + " parallel_result = get(function_references)\n", + " print(\"Single execution:\", single_result)\n", + " print(\"N parallel executions:\", parallel_result)\n", + "\n", + " # 6.1 (Optional) write results to db.\n", + " save_result({\n", + " \"status\": \"ok\",\n", + " \"single\": single_result.tolist(),\n", + " \"parallel_result\": [entry.tolist() for entry in parallel_result]\n", + " })\n", + "\n", + "```\n", + "\n", + "As you can see we move to advanced section of using serverless. \n", + "\n", + "Here we are using `run_qiskit_remote` decorator to convert our function to asyncronous distributed one. \n", + "With that `my_function` is converted into asyncronous distributed function (as a result you will be getting function pointer), which means that the function no longer executes as part of your local python process, but executed on configured compute resources.\n", + "\n", + "Moreover, we are using `save_result` function in order to save results into database storage, so we can retrieve it later after program execution.\n", + "\n", + "Next we need to run this program. For that we need to import necessary modules and configure QuantumServerless client. We are doing so by providing name and host for deployed infrastructure." + ] + }, + { + "cell_type": "code", + "execution_count": 3, + "id": "9130c64a-1e7f-4d08-afff-b2905b2d95ad", + "metadata": {}, + "outputs": [], + "source": [ + "from quantum_serverless import QuantumServerless, GatewayProvider" + ] + }, + { + "cell_type": "code", + "execution_count": 4, + "id": "0f22daae-9f0e-4f7a-8a1f-5ade989d8be9", + "metadata": {}, + "outputs": [ + { + "data": { + "text/plain": [ + "" + ] + }, + "execution_count": 4, + "metadata": {}, + "output_type": "execute_result" + } + ], + "source": [ + "provider = GatewayProvider(\n", + " username=\"user\", # this username has already been defined in local docker setup and does not need to be changed\n", + " password=\"password123\", # this password has already been defined in local docker setup and does not need to be changed\n", + " host=\"http://gateway:8000\", # address of provider\n", + ")\n", + "\n", + "serverless = QuantumServerless(provider)\n", + "serverless" + ] + }, + { + "cell_type": "markdown", + "id": "3321b4a0-b60d-433a-992a-79e5868d309b", + "metadata": {}, + "source": [ + "Run program" + ] + }, + { + "cell_type": "code", + "execution_count": 6, + "id": "f556dd85-35da-48d1-9ae1-f04a386544d9", + "metadata": {}, + "outputs": [ + { + "data": { + "text/plain": [ + "" + ] + }, + "execution_count": 6, + "metadata": {}, + "output_type": "execute_result" + } + ], + "source": [ + "from quantum_serverless import Program \n", + "\n", + "program = Program(\n", + " title=\"Advanced program\",\n", + " entrypoint=\"gs_level_3.py\",\n", + " working_dir=\"./source_files/\"\n", + ")\n", + "\n", + "job = serverless.run_program(program)\n", + "job" + ] + }, + { + "cell_type": "code", + "execution_count": 7, + "id": "2de3fd64-9010-48d9-ac7c-f46a7b36ba81", + "metadata": {}, + "outputs": [ + { + "data": { + "text/plain": [ + "'SUCCEEDED'" + ] + }, + "execution_count": 7, + "metadata": {}, + "output_type": "execute_result" + } + ], + "source": [ + "job.status()" + ] + }, + { + "cell_type": "code", + "execution_count": 8, + "id": "d6586e7a-388b-42cc-a860-abd4f6d514b9", + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "Single execution: [1.]\n", + "N parallel executions: [array([1.]), array([0.97400357]), array([1.])]\n", + "\n" + ] + } + ], + "source": [ + "print(job.logs())" + ] + }, + { + "cell_type": "markdown", + "id": "29336f0b-ffcf-4cdb-931c-11faf09f15ff", + "metadata": {}, + "source": [ + "With `job.result()` we can get saved results inside of our function back. `.result()` call will return you whatever you passed in `save_result` inside the program file, while `.logs()` will return everything that was logged by job (stdio, e.g prints)." + ] + }, + { + "cell_type": "code", + "execution_count": 9, + "id": "1fb8931f-c8e2-49dd-923f-16fa3a7a5feb", + "metadata": {}, + "outputs": [ + { + "data": { + "text/plain": [ + "'{\"status\": \"ok\", \"single\": [1.0], \"parallel_result\": [[1.0], [0.9740035726118753], [1.0]]}'" + ] + }, + "execution_count": 9, + "metadata": {}, + "output_type": "execute_result" + } + ], + "source": [ + "job.result()" + ] + } + ], + "metadata": { + "kernelspec": { + "display_name": "Python 3 (ipykernel)", + "language": "python", + "name": "python3" + }, + "language_info": { + "codemirror_mode": { + "name": "ipython", + "version": 3 + }, + "file_extension": ".py", + "mimetype": "text/x-python", + "name": "python", + "nbconvert_exporter": "python", + "pygments_lexer": "ipython3", + "version": "3.7.13" + } + }, + "nbformat": 4, + "nbformat_minor": 5 +} diff --git a/docs/getting_started/index.rst b/docs/getting_started/index.rst new file mode 100644 index 000000000..b7aba0a31 --- /dev/null +++ b/docs/getting_started/index.rst @@ -0,0 +1,4 @@ +.. nbgallery:: + :glob: + + * diff --git a/docs/getting_started/source_files/__init__.py b/docs/getting_started/source_files/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/docs/getting_started/source_files/gs_level_1.py b/docs/getting_started/source_files/gs_level_1.py new file mode 100644 index 000000000..193eba6f2 --- /dev/null +++ b/docs/getting_started/source_files/gs_level_1.py @@ -0,0 +1,14 @@ +from qiskit import QuantumCircuit +from qiskit.primitives import Sampler + +circuit = QuantumCircuit(2) +circuit.h(0) +circuit.cx(0, 1) +circuit.measure_all() +circuit.draw() + +sampler = Sampler() + +quasi_dists = sampler.run(circuit).result().quasi_dists + +print(f"Quasi distribution: {quasi_dists[0]}") diff --git a/docs/getting_started/source_files/gs_level_2.py b/docs/getting_started/source_files/gs_level_2.py new file mode 100644 index 000000000..e6c30dc3c --- /dev/null +++ b/docs/getting_started/source_files/gs_level_2.py @@ -0,0 +1,69 @@ +import argparse + +from qiskit_nature.units import DistanceUnit +from qiskit_nature.second_q.drivers import PySCFDriver +from qiskit_nature.second_q.mappers import QubitConverter +from qiskit_nature.second_q.mappers import ParityMapper +from qiskit_nature.second_q.properties import ParticleNumber +from qiskit_nature.second_q.transformers import ActiveSpaceTransformer +from qiskit.algorithms.minimum_eigensolvers import NumPyMinimumEigensolver +from qiskit_nature.second_q.algorithms.ground_state_solvers import GroundStateEigensolver +from qiskit.circuit.library import EfficientSU2 +import numpy as np +from qiskit.utils import algorithm_globals +from qiskit.algorithms.optimizers import SPSA +from qiskit.algorithms.minimum_eigensolvers import VQE +from qiskit.primitives import Estimator + + +def run(bond_distance: float = 2.5): + driver = PySCFDriver( + atom=f"Li 0 0 0; H 0 0 {bond_distance}", + basis="sto3g", + charge=0, + spin=0, + unit=DistanceUnit.ANGSTROM, + ) + problem = driver.run() + + active_space_trafo = ActiveSpaceTransformer( + num_electrons=problem.num_particles, num_spatial_orbitals=3 + ) + problem = active_space_trafo.transform(problem) + qubit_converter = QubitConverter(ParityMapper(), two_qubit_reduction=True) + + ansatz = EfficientSU2(num_qubits=4, reps=1, entanglement="linear", insert_barriers=True) + + np.random.seed(5) + algorithm_globals.random_seed = 5 + + + optimizer = SPSA(maxiter=100) + initial_point = np.random.random(ansatz.num_parameters) + + estimator = Estimator() + local_vqe = VQE( + estimator, + ansatz, + optimizer, + initial_point=initial_point, + ) + + local_vqe_groundstate_solver = GroundStateEigensolver(qubit_converter, local_vqe) + local_vqe_result = local_vqe_groundstate_solver.solve(problem) + + print(local_vqe_result) + + +if __name__ == "__main__": + parser = argparse.ArgumentParser() + parser.add_argument( + "--bond_length", + help="Bond length in Angstrom.", + default=2.5, + type=float, + ) + args = parser.parse_args() + + print(f"Running for bond length {args.bond_length}.") + run(args.bond_length) diff --git a/docs/getting_started/source_files/gs_level_3.py b/docs/getting_started/source_files/gs_level_3.py new file mode 100644 index 000000000..8d0548a9a --- /dev/null +++ b/docs/getting_started/source_files/gs_level_3.py @@ -0,0 +1,48 @@ +from qiskit import QuantumCircuit +from qiskit.circuit.random import random_circuit +from qiskit.quantum_info import SparsePauliOp +from qiskit.primitives import Estimator + +from quantum_serverless import QuantumServerless, run_qiskit_remote, get, put, save_result + +# 1. let's annotate out function to convert it +# to function that can be executed remotely +# using `run_qiskit_remote` decorator +@run_qiskit_remote() +def my_function(circuit: QuantumCircuit, obs: SparsePauliOp): + """Compute expectation value of an obs given a circuit""" + return Estimator().run([circuit], [obs]).result().values + + + +# 2. Next let's create our serverless object that we will be using to create context +# which will allow us to run funcitons in parallel +serverless = QuantumServerless() + +circuits = [random_circuit(2, 2) for _ in range(3)] + +# 3. create serverless context which will allow us to run funcitons in parallel +with serverless.context(): + # 4. The observable is the same for all expectation value calculations. So we can put that object into remote storage since it will be shared among all executions of my_function. + obs_ref = put(SparsePauliOp(["ZZ"])) + + # 5. we can run our function for a single input circuit + # and get back a reference to it as now our function is a remote one + function_reference = my_function(circuits[0], obs_ref) + + # 5.1 or we can run N of them in parallel (for all circuits) + function_references = [my_function(circ, obs_ref) for circ in circuits] + + # 6. to get results back from reference + # we need to call `get` on function reference + single_result = get(function_reference) + parallel_result = get(function_references) + print("Single execution:", single_result) + print("N parallel executions:", parallel_result) + + # 6.1 (Optional) write results to db. + save_result({ + "status": "ok", + "single": single_result.tolist(), + "parallel_result": [entry.tolist() for entry in parallel_result] + }) diff --git a/docs/index.rst b/docs/index.rst index 3c3b8985c..d2c07e05e 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -12,6 +12,14 @@ The source code to the project is available `on GitHub + **Guides** .. toctree:: diff --git a/gateway/api/views.py b/gateway/api/views.py index 9366ad63c..4856884c9 100644 --- a/gateway/api/views.py +++ b/gateway/api/views.py @@ -19,6 +19,7 @@ from rest_framework.response import Response from rest_framework.views import APIView + from .models import NestedProgram, Job, ComputeResource from .permissions import IsOwner from .serializers import ProgramSerializer, JobSerializer diff --git a/infrastructure/docker/Dockerfile-notebook b/infrastructure/docker/Dockerfile-notebook index 8dcfea1e0..2ba1b6955 100644 --- a/infrastructure/docker/Dockerfile-notebook +++ b/infrastructure/docker/Dockerfile-notebook @@ -10,5 +10,6 @@ RUN rm -r ./qs COPY --chown=$NB_UID:$NB_UID ./docs/tutorials/ ./serverless/tutorials/ COPY --chown=$NB_UID:$NB_UID ./docs/guides/ ./serverless/guides/ +COPY --chown=$NB_UID:$NB_UID ./docs/getting_started/ ./serverless/getting_started/ ENV JUPYTER_ENABLE_LAB=no diff --git a/realm-export.json b/realm-export.json index 8b48511a6..184ed061a 100644 --- a/realm-export.json +++ b/realm-export.json @@ -1,6 +1,6 @@ { - "id": "Test", - "realm": "Test", + "id": "e165160a-1516-4a29-b65c-6f4479682dc3", + "realm": "quantumserverless", "notBefore": 0, "defaultSignatureAlgorithm": "RS256", "revokeRefreshToken": false, @@ -26,15 +26,15 @@ "oauth2DeviceCodeLifespan": 600, "oauth2DevicePollingInterval": 5, "enabled": true, - "sslRequired": "none", - "registrationAllowed": true, - "registrationEmailAsUsername": true, - "rememberMe": true, + "sslRequired": "external", + "registrationAllowed": false, + "registrationEmailAsUsername": false, + "rememberMe": false, "verifyEmail": false, "loginWithEmailAllowed": true, "duplicateEmailsAllowed": false, - "resetPasswordAllowed": true, - "editUsernameAllowed": true, + "resetPasswordAllowed": false, + "editUsernameAllowed": false, "bruteForceProtected": false, "permanentLockout": false, "maxFailureWaitSeconds": 900, @@ -46,295 +46,372 @@ "roles": { "realm": [ { - "id": "4833bad1-0ba1-4115-a2e1-3b96a90fe268", - "name": "default-roles-test", + "id": "aafad90c-2bb2-4fe9-9403-278abb4e3e95", + "name": "default-roles-quantumserverless", "description": "${role_default-roles}", "composite": true, "composites": { "realm": [ "offline_access", "uma_authorization" - ] + ], + "client": { + "account": [ + "manage-account", + "view-profile" + ] + } }, "clientRole": false, - "containerId": "Test", + "containerId": "e165160a-1516-4a29-b65c-6f4479682dc3", "attributes": {} }, { - "id": "556c8a27-7a33-4ea5-9232-525239ff6807", - "name": "offline_access", - "description": "${role_offline-access}", + "id": "84eed94c-1c9a-45c9-b826-31066ac74042", + "name": "uma_authorization", + "description": "${role_uma_authorization}", "composite": false, "clientRole": false, - "containerId": "Test", + "containerId": "e165160a-1516-4a29-b65c-6f4479682dc3", "attributes": {} }, { - "id": "0ad4b9c1-aad6-4b13-ae28-7ff0cb447dc0", - "name": "uma_authorization", - "description": "${role_uma_authorization}", + "id": "33e9530c-9233-4108-a3c1-c4dcd205fe60", + "name": "offline_access", + "description": "${role_offline-access}", "composite": false, "clientRole": false, - "containerId": "Test", + "containerId": "e165160a-1516-4a29-b65c-6f4479682dc3", "attributes": {} } ], "client": { "realm-management": [ { - "id": "5af1d2f0-30bb-4483-bab5-210e061e2f1d", - "name": "manage-identity-providers", - "description": "${role_manage-identity-providers}", + "id": "4354f1b3-b8d1-45c0-996f-2b37282b2039", + "name": "query-clients", + "description": "${role_query-clients}", "composite": false, "clientRole": true, - "containerId": "fb6c4935-1d0c-4e82-b262-443672d72930", + "containerId": "744a1aec-f818-4fd3-9fd5-d2f49c282e06", "attributes": {} }, { - "id": "68d8756c-1b28-4dd0-9bde-1255b8f753c4", - "name": "view-realm", - "description": "${role_view-realm}", + "id": "16595b14-fa8e-45ac-a4c5-8cbe51c82b9c", + "name": "view-identity-providers", + "description": "${role_view-identity-providers}", "composite": false, "clientRole": true, - "containerId": "fb6c4935-1d0c-4e82-b262-443672d72930", + "containerId": "744a1aec-f818-4fd3-9fd5-d2f49c282e06", "attributes": {} }, { - "id": "7b54160f-01d4-43d8-8bd3-101bd491a28e", - "name": "create-client", - "description": "${role_create-client}", + "id": "727f3927-0772-4427-8955-af4467bf340c", + "name": "impersonation", + "description": "${role_impersonation}", "composite": false, "clientRole": true, - "containerId": "fb6c4935-1d0c-4e82-b262-443672d72930", + "containerId": "744a1aec-f818-4fd3-9fd5-d2f49c282e06", "attributes": {} }, { - "id": "38bcccc5-64f6-475a-a875-8fe6d8d12f95", - "name": "view-users", - "description": "${role_view-users}", + "id": "9b8fe7cc-8568-4a47-a86e-93a2c09749a5", + "name": "realm-admin", + "description": "${role_realm-admin}", "composite": true, "composites": { "client": { "realm-management": [ + "query-clients", + "view-identity-providers", + "impersonation", + "manage-users", + "manage-identity-providers", "query-users", - "query-groups" + "view-clients", + "view-events", + "manage-authorization", + "manage-events", + "query-groups", + "view-realm", + "manage-clients", + "view-authorization", + "manage-realm", + "query-realms", + "create-client", + "view-users" ] } }, "clientRole": true, - "containerId": "fb6c4935-1d0c-4e82-b262-443672d72930", + "containerId": "744a1aec-f818-4fd3-9fd5-d2f49c282e06", "attributes": {} }, { - "id": "702884ce-65f4-4899-97b3-1ff3b585039f", - "name": "view-identity-providers", - "description": "${role_view-identity-providers}", + "id": "ed331d75-7f38-42af-8bc1-a9d724b90b61", + "name": "manage-users", + "description": "${role_manage-users}", "composite": false, "clientRole": true, - "containerId": "fb6c4935-1d0c-4e82-b262-443672d72930", + "containerId": "744a1aec-f818-4fd3-9fd5-d2f49c282e06", "attributes": {} }, { - "id": "07f8bd0b-e340-42b3-91c8-d1a2b5bd88c5", - "name": "manage-realm", - "description": "${role_manage-realm}", + "id": "ec1b4639-c703-4243-81b2-95e56f4a4e12", + "name": "manage-identity-providers", + "description": "${role_manage-identity-providers}", "composite": false, "clientRole": true, - "containerId": "fb6c4935-1d0c-4e82-b262-443672d72930", + "containerId": "744a1aec-f818-4fd3-9fd5-d2f49c282e06", "attributes": {} }, { - "id": "8c9d0de4-a7dc-43e9-a601-e3e57cb114df", - "name": "realm-admin", - "description": "${role_realm-admin}", + "id": "35859f1f-3bb8-459b-b387-4f66ac8ab6ac", + "name": "query-users", + "description": "${role_query-users}", + "composite": false, + "clientRole": true, + "containerId": "744a1aec-f818-4fd3-9fd5-d2f49c282e06", + "attributes": {} + }, + { + "id": "f7fad160-0d57-484e-bebf-3fdc25ad248f", + "name": "view-clients", + "description": "${role_view-clients}", "composite": true, "composites": { "client": { "realm-management": [ - "view-realm", - "manage-identity-providers", - "create-client", - "view-users", - "view-identity-providers", - "manage-realm", - "manage-authorization", - "query-realms", - "manage-users", - "query-groups", - "impersonation", - "manage-clients", - "manage-events", - "query-users", - "view-authorization", - "view-clients", - "view-events", "query-clients" ] } }, "clientRole": true, - "containerId": "fb6c4935-1d0c-4e82-b262-443672d72930", + "containerId": "744a1aec-f818-4fd3-9fd5-d2f49c282e06", "attributes": {} }, { - "id": "21f3ed07-221a-4d2c-a3ca-8df78cca9f76", - "name": "manage-authorization", - "description": "${role_manage-authorization}", + "id": "bba8481b-4c74-4136-bc9a-00aee0275302", + "name": "view-events", + "description": "${role_view-events}", "composite": false, "clientRole": true, - "containerId": "fb6c4935-1d0c-4e82-b262-443672d72930", + "containerId": "744a1aec-f818-4fd3-9fd5-d2f49c282e06", "attributes": {} }, { - "id": "69e415af-8434-4c00-838f-a608a6123e20", - "name": "query-realms", - "description": "${role_query-realms}", + "id": "02bd61cb-0bc2-4a1f-8b5e-0b353fa9a3d7", + "name": "manage-authorization", + "description": "${role_manage-authorization}", "composite": false, "clientRole": true, - "containerId": "fb6c4935-1d0c-4e82-b262-443672d72930", + "containerId": "744a1aec-f818-4fd3-9fd5-d2f49c282e06", "attributes": {} }, { - "id": "08a45a5b-d94a-486f-a021-75b7c85ecb67", - "name": "impersonation", - "description": "${role_impersonation}", + "id": "d4a59f44-a1a7-4be2-889c-77766d4cff12", + "name": "manage-events", + "description": "${role_manage-events}", "composite": false, "clientRole": true, - "containerId": "fb6c4935-1d0c-4e82-b262-443672d72930", + "containerId": "744a1aec-f818-4fd3-9fd5-d2f49c282e06", "attributes": {} }, { - "id": "a620f375-f013-4474-adb8-a8749d0fe039", - "name": "manage-users", - "description": "${role_manage-users}", + "id": "01a5a7d4-6c57-4312-ba6f-1abf21848343", + "name": "query-groups", + "description": "${role_query-groups}", "composite": false, "clientRole": true, - "containerId": "fb6c4935-1d0c-4e82-b262-443672d72930", + "containerId": "744a1aec-f818-4fd3-9fd5-d2f49c282e06", "attributes": {} }, { - "id": "02aaa954-c09e-41a9-9933-aed44514d94e", - "name": "query-groups", - "description": "${role_query-groups}", + "id": "43ccc28e-3a4b-44b5-8285-8f10755dee46", + "name": "view-realm", + "description": "${role_view-realm}", "composite": false, "clientRole": true, - "containerId": "fb6c4935-1d0c-4e82-b262-443672d72930", + "containerId": "744a1aec-f818-4fd3-9fd5-d2f49c282e06", "attributes": {} }, { - "id": "a1f26bd1-6703-4b88-9d17-eed35ba03fd5", + "id": "7107fc0d-ec23-4ff9-89cd-0294be30b437", "name": "manage-clients", "description": "${role_manage-clients}", "composite": false, "clientRole": true, - "containerId": "fb6c4935-1d0c-4e82-b262-443672d72930", + "containerId": "744a1aec-f818-4fd3-9fd5-d2f49c282e06", "attributes": {} }, { - "id": "eebbe4e0-0079-4f9a-91ca-27994aa35d91", - "name": "manage-events", - "description": "${role_manage-events}", + "id": "8a478cd7-9139-4b4c-ae23-1e04ef4add89", + "name": "view-authorization", + "description": "${role_view-authorization}", "composite": false, "clientRole": true, - "containerId": "fb6c4935-1d0c-4e82-b262-443672d72930", + "containerId": "744a1aec-f818-4fd3-9fd5-d2f49c282e06", "attributes": {} }, { - "id": "d58170d1-fee7-4eac-b2e0-5dd3a95a3433", - "name": "query-users", - "description": "${role_query-users}", + "id": "70dd0b05-3ee8-47ed-9023-17d50419e6cf", + "name": "manage-realm", + "description": "${role_manage-realm}", "composite": false, "clientRole": true, - "containerId": "fb6c4935-1d0c-4e82-b262-443672d72930", + "containerId": "744a1aec-f818-4fd3-9fd5-d2f49c282e06", "attributes": {} }, { - "id": "1ef1a2b4-ea4f-4951-8452-60fb9148e0ed", - "name": "view-authorization", - "description": "${role_view-authorization}", + "id": "ee14d66f-004d-4b4c-a5d4-fdd817983d17", + "name": "query-realms", + "description": "${role_query-realms}", "composite": false, "clientRole": true, - "containerId": "fb6c4935-1d0c-4e82-b262-443672d72930", + "containerId": "744a1aec-f818-4fd3-9fd5-d2f49c282e06", "attributes": {} }, { - "id": "e122d715-8b55-4997-b79b-ad81899f854a", - "name": "view-clients", - "description": "${role_view-clients}", + "id": "14b30847-c0b3-4cb6-bfd5-fbd44be055f3", + "name": "create-client", + "description": "${role_create-client}", + "composite": false, + "clientRole": true, + "containerId": "744a1aec-f818-4fd3-9fd5-d2f49c282e06", + "attributes": {} + }, + { + "id": "59b8e66a-4f6e-46a4-a139-5b6059dfd62b", + "name": "view-users", + "description": "${role_view-users}", "composite": true, "composites": { "client": { "realm-management": [ - "query-clients" + "query-groups", + "query-users" ] } }, "clientRole": true, - "containerId": "fb6c4935-1d0c-4e82-b262-443672d72930", + "containerId": "744a1aec-f818-4fd3-9fd5-d2f49c282e06", "attributes": {} - }, + } + ], + "rayclient": [], + "security-admin-console": [], + "admin-cli": [], + "account-console": [], + "broker": [ { - "id": "cf138fd9-4093-4715-a4e0-edaf6bbd1e56", - "name": "view-events", - "description": "${role_view-events}", + "id": "c6de7240-0694-42d7-be14-56d3964c9e07", + "name": "read-token", + "description": "${role_read-token}", + "composite": false, + "clientRole": true, + "containerId": "85eca027-a1f5-44d9-849e-2a37725808ad", + "attributes": {} + } + ], + "account": [ + { + "id": "efb98987-17f5-485a-80f8-d74a5bd7edb5", + "name": "manage-account-links", + "description": "${role_manage-account-links}", "composite": false, "clientRole": true, - "containerId": "fb6c4935-1d0c-4e82-b262-443672d72930", + "containerId": "8cb563b9-d51a-4d1a-891d-39f40e0b5d6c", "attributes": {} }, { - "id": "97d75e8b-ef13-4084-adc4-fa70df05d52f", - "name": "query-clients", - "description": "${role_query-clients}", + "id": "dbe777af-f7c7-4030-b1aa-df83e7d9de0e", + "name": "view-groups", + "description": "${role_view-groups}", "composite": false, "clientRole": true, - "containerId": "fb6c4935-1d0c-4e82-b262-443672d72930", + "containerId": "8cb563b9-d51a-4d1a-891d-39f40e0b5d6c", "attributes": {} - } - ], - "security-admin-console": [], - "admin-cli": [], - "gateway-client": [ + }, { - "id": "3f58b737-9ffa-455e-a36b-5a1b3f089080", - "name": "uma_protection", + "id": "17760ec2-5efa-423d-8c0a-53ed92366bfd", + "name": "view-applications", + "description": "${role_view-applications}", "composite": false, "clientRole": true, - "containerId": "9a76b2ec-b33e-40b0-9cad-e00ca7e77e40", + "containerId": "8cb563b9-d51a-4d1a-891d-39f40e0b5d6c", "attributes": {} - } - ], - "account-console": [], - "broker": [], - "account": [ + }, { - "id": "5d39ee7c-40a9-4656-a6f7-05efc0b00002", + "id": "b250e972-4d1c-41fc-a68b-6e273673f8d8", "name": "delete-account", "description": "${role_delete-account}", "composite": false, "clientRole": true, - "containerId": "930e41a3-40c7-42a1-9587-2b92f31e68c5", + "containerId": "8cb563b9-d51a-4d1a-891d-39f40e0b5d6c", + "attributes": {} + }, + { + "id": "be4828b4-483b-4975-96dd-f2c55f9f30d7", + "name": "manage-consent", + "description": "${role_manage-consent}", + "composite": true, + "composites": { + "client": { + "account": [ + "view-consent" + ] + } + }, + "clientRole": true, + "containerId": "8cb563b9-d51a-4d1a-891d-39f40e0b5d6c", + "attributes": {} + }, + { + "id": "a4df2eb7-206a-45fa-af6a-174826af5e4e", + "name": "view-consent", + "description": "${role_view-consent}", + "composite": false, + "clientRole": true, + "containerId": "8cb563b9-d51a-4d1a-891d-39f40e0b5d6c", "attributes": {} }, { - "id": "e6b688f3-4c5b-4381-96ff-9f6617a9c515", + "id": "f73af6e8-5aed-48d5-95b2-b69383c26f44", "name": "manage-account", + "description": "${role_manage-account}", + "composite": true, + "composites": { + "client": { + "account": [ + "manage-account-links" + ] + } + }, + "clientRole": true, + "containerId": "8cb563b9-d51a-4d1a-891d-39f40e0b5d6c", + "attributes": {} + }, + { + "id": "9755cf13-2aa7-4e97-9b01-07370d0d4033", + "name": "view-profile", + "description": "${role_view-profile}", "composite": false, "clientRole": true, - "containerId": "930e41a3-40c7-42a1-9587-2b92f31e68c5", + "containerId": "8cb563b9-d51a-4d1a-891d-39f40e0b5d6c", "attributes": {} } - ] + ], + "rayapiserver": [] } }, "groups": [], "defaultRole": { - "id": "4833bad1-0ba1-4115-a2e1-3b96a90fe268", - "name": "default-roles-test", + "id": "aafad90c-2bb2-4fe9-9403-278abb4e3e95", + "name": "default-roles-quantumserverless", "description": "${role_default-roles}", "composite": true, "clientRole": false, - "containerId": "Test" + "containerId": "e165160a-1516-4a29-b65c-6f4479682dc3" }, "requiredCredentials": [ "password" @@ -345,9 +422,10 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppFreeOTPName", + "totpAppGoogleName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -375,77 +453,40 @@ "webAuthnPolicyPasswordlessAcceptableAaguids": [], "users": [ { - "username": "john", - "enabled": true, - "emailVerified": true, - "email": "john@example.com", - "firstName": "John", - "lastName": "Doe", - "credentials": [ - { - "type": "password", - "value": "password123", - "temporary": false - } - ] - }, - { - "id": "33b940e2-0bdb-49a7-9356-e6e230f49619", - "createdTimestamp": 1640089861472, - "username": "service-account-admin-cli", + "id": "117269c7-3630-4810-a537-1be0f0749371", + "createdTimestamp": 1676908028992, + "username": "service-account-rayapiserver", "enabled": true, "totp": false, "emailVerified": false, - "serviceAccountClientId": "admin-cli", + "serviceAccountClientId": "rayapiserver", "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ - "offline_access", - "default-roles-test", - "uma_authorization" + "default-roles-quantumserverless" + ], + "notBefore": 0, + "groups": [] + }, + { + "username": "user", + "enabled": true, + "email": "user@quatunserverless.org", + "emailVerified": true, + "credentials": [ + { + "type": "password", + "value": "password123" + } ], "clientRoles": { "realm-management": [ - "manage-identity-providers", - "view-realm", - "create-client", - "view-users", - "view-identity-providers", - "manage-realm", - "realm-admin", - "manage-authorization", - "query-realms", - "impersonation", - "manage-users", - "query-groups", - "manage-clients", - "manage-events", - "query-users", - "view-authorization", - "view-clients", - "view-events", - "query-clients" + "realm-admin" ], "account": [ - "delete-account", "manage-account" ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "83d84b8e-f053-480e-8b13-713c4fac708d", - "createdTimestamp": 1640089810342, - "username": "service-account-gateway-client", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "gateway-client", - "disableableCredentialTypes": [], - "requiredActions": [], - "notBefore": 0, - "groups": [] + } } ], "scopeMappings": [ @@ -457,36 +498,29 @@ } ], "clientScopeMappings": { - "gateway-client": [ - { - "client": "admin-cli", - "roles": [ - "uma_protection" - ] - } - ], "account": [ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ] }, "clients": [ { - "id": "930e41a3-40c7-42a1-9587-2b92f31e68c5", + "id": "8cb563b9-d51a-4d1a-891d-39f40e0b5d6c", "clientId": "account", "name": "${client_account}", "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/Test/account/", + "baseUrl": "/realms/quantumserverless/account/", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "redirectUris": [ - "/realms/Test/account/*" + "/realms/quantumserverless/account/*" ], "webOrigins": [], "notBefore": 0, @@ -499,12 +533,15 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, "defaultClientScopes": [ "web-origins", + "acr", "roles", "profile", "email" @@ -517,17 +554,17 @@ ] }, { - "id": "207a4d3c-cc80-4bd2-91d4-815a1af38778", + "id": "24b16ed9-06d9-4340-898d-6cb1ac946657", "clientId": "account-console", "name": "${client_account-console}", "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/Test/account/", + "baseUrl": "/realms/quantumserverless/account/", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "redirectUris": [ - "/realms/Test/account/*" + "/realms/quantumserverless/account/*" ], "webOrigins": [], "notBefore": 0, @@ -541,6 +578,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -548,7 +586,7 @@ "nodeReRegistrationTimeout": 0, "protocolMappers": [ { - "id": "70d4fa1a-79b2-489e-b9a0-47a6772819a6", + "id": "12979a04-8cbb-49ce-8561-a85c6d0e5c5e", "name": "audience resolve", "protocol": "openid-connect", "protocolMapper": "oidc-audience-resolve-mapper", @@ -558,6 +596,7 @@ ], "defaultClientScopes": [ "web-origins", + "acr", "roles", "profile", "email" @@ -570,14 +609,13 @@ ] }, { - "id": "f8f4baad-a231-4a6a-b97c-5d68ac147279", + "id": "196abcdd-7de5-4864-8d81-75ca5ac23fa9", "clientId": "admin-cli", "name": "${client_admin-cli}", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "secret": "NKlUMjdSJBcnMkJBPhQwXQQfbtJfAyme", "redirectUris": [], "webOrigins": [], "notBefore": 0, @@ -586,87 +624,19 @@ "standardFlowEnabled": false, "implicitFlowEnabled": false, "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": true, - "authorizationServicesEnabled": true, - "publicClient": false, + "serviceAccountsEnabled": false, + "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "true", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "false", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" + "post.logout.redirect.uris": "+" }, "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, + "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "a73b0f3e-1b0c-4b14-893e-22f4985cfd60", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "030a393a-ff89-4d2e-aa30-063e95b7ce9f", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "8e4e8915-cba7-4be3-86e8-d6991a0cd273", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - } - ], "defaultClientScopes": [ "web-origins", + "acr", "roles", "profile", "email" @@ -676,53 +646,10 @@ "phone", "offline_access", "microprofile-jwt" - ], - "authorizationSettings": { - "allowRemoteResourceManagement": true, - "policyEnforcementMode": "ENFORCING", - "resources": [ - { - "name": "Default Resource", - "type": "urn:admin-cli:resources:default", - "ownerManagedAccess": false, - "attributes": {}, - "_id": "98ea544d-9474-4cde-a7d5-f4aa8438596b", - "uris": [ - "/*" - ] - } - ], - "policies": [ - { - "id": "3747a4f9-0b6b-4ad0-aba4-181193729727", - "name": "Default Policy", - "description": "A policy that grants access only for users within this realm", - "type": "js", - "logic": "POSITIVE", - "decisionStrategy": "AFFIRMATIVE", - "config": { - "code": "// by default, grants any permission associated with this policy\n$evaluation.grant();\n" - } - }, - { - "id": "762a6303-aab7-439b-8a41-0973964640ce", - "name": "Default Permission", - "description": "A permission that applies to the default resource type", - "type": "resource", - "logic": "POSITIVE", - "decisionStrategy": "UNANIMOUS", - "config": { - "defaultResourceType": "urn:admin-cli:resources:default", - "applyPolicies": "[\"Default Policy\"]" - } - } - ], - "scopes": [], - "decisionStrategy": "UNANIMOUS" - } + ] }, { - "id": "1d1a4841-fbfe-4bda-9bc8-fdc73497aa5c", + "id": "85eca027-a1f5-44d9-849e-2a37725808ad", "clientId": "broker", "name": "${client_broker}", "surrogateAuthRequired": false, @@ -741,12 +668,15 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, "defaultClientScopes": [ "web-origins", + "acr", "roles", "profile", "email" @@ -759,34 +689,92 @@ ] }, { - "id": "fb6c4935-1d0c-4e82-b262-443672d72930", - "clientId": "realm-management", - "name": "${client_realm-management}", + "id": "4f64e9b4-034d-48fd-b00b-0582e1017b71", + "clientId": "rayapiserver", + "name": "", + "description": "", + "rootUrl": "", + "adminUrl": "", + "baseUrl": "", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", + "secret": "supersecret", "redirectUris": [], "webOrigins": [], "notBefore": 0, - "bearerOnly": true, + "bearerOnly": false, "consentRequired": false, - "standardFlowEnabled": true, + "standardFlowEnabled": false, "implicitFlowEnabled": false, "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, + "serviceAccountsEnabled": true, "publicClient": false, - "frontchannelLogout": false, + "frontchannelLogout": true, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "oidc.ciba.grant.enabled": "false", + "client.secret.creation.time": "1676907939", + "backchannel.logout.session.required": "true", + "display.on.consent.screen": "false", + "oauth2.device.authorization.grant.enabled": "false", + "backchannel.logout.revoke.offline.tokens": "false" + }, "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "protocolMappers": [ + { + "id": "d9421bc1-c83e-4c5d-8f23-0338e2dc0a22", + "name": "Client IP Address", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientAddress", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientAddress", + "jsonType.label": "String" + } + }, + { + "id": "19625f49-50fd-467d-81ca-24c84139133f", + "name": "Client Host", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientHost", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientHost", + "jsonType.label": "String" + } + }, + { + "id": "48c6d133-d94e-4450-8bfe-16ab8c8ae2ad", + "name": "Client ID", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientId", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientId", + "jsonType.label": "String" + } + } + ], "defaultClientScopes": [ "web-origins", + "acr", "roles", "profile", - "email" + "email", + "rayapiserver" ], "optionalClientScopes": [ "address", @@ -796,56 +784,47 @@ ] }, { - "id": "97d658fa-02d4-43d5-9bba-4d0717a8466d", - "clientId": "security-admin-console", - "name": "${client_security-admin-console}", - "rootUrl": "${authAdminUrl}", - "baseUrl": "/admin/Test/console/", + "id": "5d01b1dd-fbc8-48b6-bf55-2748057607a8", + "clientId": "rayclient", + "name": "", + "description": "", + "rootUrl": "", + "adminUrl": "", + "baseUrl": "", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", + "secret": "supersecret", "redirectUris": [ - "/admin/Test/console/*" - ], - "webOrigins": [ - "+" + "http://localhost/oauth2/callback" ], + "webOrigins": [], "notBefore": 0, "bearerOnly": false, "consentRequired": false, "standardFlowEnabled": true, "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, + "directAccessGrantsEnabled": true, "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, + "publicClient": false, + "frontchannelLogout": true, "protocol": "openid-connect", "attributes": { - "pkce.code.challenge.method": "S256" + "oidc.ciba.grant.enabled": "false", + "client.secret.creation.time": "1675977386", + "backchannel.logout.session.required": "true", + "post.logout.redirect.uris": "+", + "display.on.consent.screen": "false", + "oauth2.device.authorization.grant.enabled": "false", + "backchannel.logout.revoke.offline.tokens": "false" }, "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "fb2e09ee-c7b0-49b2-870d-758173ec6be7", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - } - ], + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, "defaultClientScopes": [ "web-origins", + "acr", "roles", "profile", "email" @@ -858,13 +837,17 @@ ] }, { - "id": "9a76b2ec-b33e-40b0-9cad-e00ca7e77e40", "clientId": "gateway-client", + "name": "", + "description": "", + "rootUrl": "", + "adminUrl": "", + "baseUrl": "", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "secret": "AQ3sZ4eiF7NhOtfxeUEGo0YN7uQBoUnO", + "secret": "supersecret", "redirectUris": [ "*" ], @@ -875,87 +858,134 @@ "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": true, - "authorizationServicesEnabled": true, + "serviceAccountsEnabled": false, "publicClient": false, - "frontchannelLogout": false, + "frontchannelLogout": true, "protocol": "openid-connect", "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", + "client.secret.creation.time": "1679332636", "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", + "post.logout.redirect.uris": "*", "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" + "oauth2.device.authorization.grant.enabled": "false", + "backchannel.logout.revoke.offline.tokens": "false" }, "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, + "fullScopeAllowed": true, "nodeReRegistrationTimeout": -1, + "defaultClientScopes": [ + "web-origins", + "acr", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ], + "access": { + "view": true, + "configure": true, + "manage": true + } + }, + { + "id": "744a1aec-f818-4fd3-9fd5-d2f49c282e06", + "clientId": "realm-management", + "name": "${client_realm-management}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "acr", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "a6c685db-a00a-4250-bd64-31bd5b0d3b2a", + "clientId": "security-admin-console", + "name": "${client_security-admin-console}", + "rootUrl": "${authAdminUrl}", + "baseUrl": "/admin/quantumserverless/console/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "/admin/quantumserverless/console/*" + ], + "webOrigins": [ + "+" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+", + "pkce.code.challenge.method": "S256" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, "protocolMappers": [ { - "id": "3716053c-9672-4685-9fe5-0b44307c65c1", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "4cffb7d8-1aab-4b35-8111-df1ee341c76a", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "57540600-0bd8-42dd-8eb1-ca4177c2da57", - "name": "Client Host", + "id": "28149aa5-13e8-4c53-9304-3f94c29bdaea", + "name": "locale", "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "user.session.note": "clientHost", "userinfo.token.claim": "true", + "user.attribute": "locale", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientHost", + "claim.name": "locale", "jsonType.label": "String" } } ], "defaultClientScopes": [ "web-origins", + "acr", "roles", "profile", "email" @@ -965,55 +995,12 @@ "phone", "offline_access", "microprofile-jwt" - ], - "authorizationSettings": { - "allowRemoteResourceManagement": true, - "policyEnforcementMode": "ENFORCING", - "resources": [ - { - "name": "Default Resource", - "type": "urn:gateway-client:resources:default", - "ownerManagedAccess": false, - "attributes": {}, - "_id": "c4c07a91-21b2-4259-b923-4b3d6b05d93f", - "uris": [ - "/*" - ] - } - ], - "policies": [ - { - "id": "b1174446-ce63-4d3d-8829-f1b960a76b42", - "name": "Default Policy", - "description": "A policy that grants access only for users within this realm", - "type": "js", - "logic": "POSITIVE", - "decisionStrategy": "AFFIRMATIVE", - "config": { - "code": "// by default, grants any permission associated with this policy\n$evaluation.grant();\n" - } - }, - { - "id": "c595a3a7-c4d3-47b1-896d-50e5396d1eee", - "name": "Default Permission", - "description": "A permission that applies to the default resource type", - "type": "resource", - "logic": "POSITIVE", - "decisionStrategy": "UNANIMOUS", - "config": { - "defaultResourceType": "urn:gateway-client:resources:default", - "applyPolicies": "[\"Default Policy\"]" - } - } - ], - "scopes": [], - "decisionStrategy": "UNANIMOUS" - } + ] } ], "clientScopes": [ { - "id": "a894dbe0-76e7-4c22-b7b2-bd3f827e0ef5", + "id": "efb3ba35-32a8-42e2-a18c-a08d8648a645", "name": "role_list", "description": "SAML role list", "protocol": "saml", @@ -1023,7 +1010,7 @@ }, "protocolMappers": [ { - "id": "762589d9-35be-4ad7-bed4-4b718d6ef6ec", + "id": "e60166e0-7f32-4a57-a542-3528c09e947c", "name": "role list", "protocol": "saml", "protocolMapper": "saml-role-list-mapper", @@ -1037,81 +1024,17 @@ ] }, { - "id": "5a5ce089-2139-4d60-8d2a-fd198c5db2ec", - "name": "address", - "description": "OpenID Connect built-in scope: address", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${addressScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "927a5908-7652-4586-9b8a-eb5920ef4150", - "name": "address", - "protocol": "openid-connect", - "protocolMapper": "oidc-address-mapper", - "consentRequired": false, - "config": { - "user.attribute.formatted": "formatted", - "user.attribute.country": "country", - "user.attribute.postal_code": "postal_code", - "userinfo.token.claim": "true", - "user.attribute.street": "street", - "id.token.claim": "true", - "user.attribute.region": "region", - "access.token.claim": "true", - "user.attribute.locality": "locality" - } - } - ] - }, - { - "id": "bf4c9750-93e5-434e-8845-adb5d545b462", - "name": "microprofile-jwt", - "description": "Microprofile - JWT built-in scope", + "id": "e2a67045-72e6-4c3f-b498-20089b36d557", + "name": "offline_access", + "description": "OpenID Connect built-in scope: offline_access", "protocol": "openid-connect", "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ - { - "id": "c3557b80-20cf-41cc-9732-9ebc2bd65e8a", - "name": "upn", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "upn", - "jsonType.label": "String" - } - }, - { - "id": "9b1e384f-9aed-4592-a40e-734030fdcfcb", - "name": "groups", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "multivalued": "true", - "userinfo.token.claim": "true", - "user.attribute": "foo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "groups", - "jsonType.label": "String" - } - } - ] + "consent.screen.text": "${offlineAccessScopeConsentText}", + "display.on.consent.screen": "true" + } }, { - "id": "b19ae76e-fce0-4f6b-8d84-378f60d88f8d", + "id": "798a62ff-51bf-4872-80de-1b0b6f46ed9d", "name": "roles", "description": "OpenID Connect scope for add user roles to the access token", "protocol": "openid-connect", @@ -1122,7 +1045,15 @@ }, "protocolMappers": [ { - "id": "83b45cee-daa8-4a98-af4b-b9000f36f2fd", + "id": "f7e5d95a-a570-4971-8c9d-ec681071570c", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": {} + }, + { + "id": "d22b79cd-a184-42e4-9923-fc9d3c4041fa", "name": "client roles", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-client-role-mapper", @@ -1136,15 +1067,7 @@ } }, { - "id": "8695784f-2e6b-4571-982b-26b8ba72af98", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - }, - { - "id": "f36f78cb-da3f-4377-8b90-7d28078cc890", + "id": "ceeaafc0-dcab-4ce1-9c72-3044709d7be4", "name": "realm roles", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-realm-role-mapper", @@ -1160,107 +1083,75 @@ ] }, { - "id": "39baba4a-03aa-4309-8cd2-2591181f21ba", - "name": "web-origins", - "description": "OpenID Connect scope for add allowed web origins to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "false", - "consent.screen.text": "" - }, - "protocolMappers": [ - { - "id": "a2a22f05-cf5a-4206-9c7d-57fba22073c9", - "name": "allowed web origins", - "protocol": "openid-connect", - "protocolMapper": "oidc-allowed-origins-mapper", - "consentRequired": false, - "config": {} - } - ] - }, - { - "id": "20187807-6f9e-4438-abec-164ca4e39520", - "name": "phone", - "description": "OpenID Connect built-in scope: phone", + "id": "72852fcc-364d-4f5f-af44-28a13a477d8d", + "name": "profile", + "description": "OpenID Connect built-in scope: profile", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "true", "display.on.consent.screen": "true", - "consent.screen.text": "${phoneScopeConsentText}" + "consent.screen.text": "${profileScopeConsentText}" }, "protocolMappers": [ { - "id": "ec0661bc-d266-4af6-aac4-a1753b1291d4", - "name": "phone number", + "id": "41eac4db-bb5a-49b8-87e4-0cf2f3eab306", + "name": "updated at", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "phoneNumber", + "user.attribute": "updatedAt", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "phone_number", - "jsonType.label": "String" + "claim.name": "updated_at", + "jsonType.label": "long" } }, { - "id": "a9b3a239-bc80-4067-b787-a2c3ca0d2ec4", - "name": "phone number verified", + "id": "dcd614c9-696c-4fad-a33e-664c228b6401", + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + }, + { + "id": "8f05f9d8-75f1-4be2-b8c8-df24d7499c1a", + "name": "birthdate", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "phoneNumberVerified", + "user.attribute": "birthdate", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "phone_number_verified", - "jsonType.label": "boolean" + "claim.name": "birthdate", + "jsonType.label": "String" } - } - ] - }, - { - "id": "e3d6fefe-3579-47a1-807d-64fcf7a87dcf", - "name": "offline_access", - "description": "OpenID Connect built-in scope: offline_access", - "protocol": "openid-connect", - "attributes": { - "consent.screen.text": "${offlineAccessScopeConsentText}", - "display.on.consent.screen": "true" - } - }, - { - "id": "e832567a-5345-4f8c-8b35-012f65396f67", - "name": "profile", - "description": "OpenID Connect built-in scope: profile", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${profileScopeConsentText}" - }, - "protocolMappers": [ + }, { - "id": "fd7a31da-915a-40ae-b633-393615ce2762", - "name": "updated at", + "id": "38c8437c-d727-4958-af1d-ff4df2b51f38", + "name": "family name", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "updatedAt", + "user.attribute": "lastName", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "updated_at", + "claim.name": "family_name", "jsonType.label": "String" } }, { - "id": "75ffd8aa-4326-4923-bc3e-20b09bd875b0", + "id": "29067d4d-0bf4-4f90-ba5f-96ff7fcc00d1", "name": "middle name", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", @@ -1275,7 +1166,22 @@ } }, { - "id": "f2654fbe-5521-49e4-8e50-ca04651db68b", + "id": "2786ab57-a62e-4c2f-ad45-2da6bc3c6c26", + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" + } + }, + { + "id": "a475bef6-0b47-4757-9d67-762d73450523", "name": "locale", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", @@ -1290,171 +1196,281 @@ } }, { - "id": "3cf479a7-f66d-4274-af23-ed1c7909b6e5", - "name": "profile", + "id": "fd6ddfa6-b50e-402b-a9fb-e9d9f43eb85b", + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" + } + }, + { + "id": "bb1b0737-4a6e-4fd8-83b3-e37e7370efb4", + "name": "zoneinfo", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "profile", + "user.attribute": "zoneinfo", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "profile", + "claim.name": "zoneinfo", "jsonType.label": "String" } }, { - "id": "ef85df6a-0b3d-400b-b882-a2118ad44db5", - "name": "picture", + "id": "2a72a678-7b2e-498e-867a-49bc32c624a9", + "name": "website", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "picture", + "user.attribute": "website", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "picture", + "claim.name": "website", "jsonType.label": "String" } }, { - "id": "84451abc-bcbc-4451-9dcf-32836641765c", - "name": "birthdate", + "id": "0935915d-21bd-4a92-860d-d3d7e9c9e03e", + "name": "nickname", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "birthdate", + "user.attribute": "nickname", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "birthdate", + "claim.name": "nickname", "jsonType.label": "String" } }, { - "id": "67318bb2-5f53-4f75-a587-8f3319ebe843", - "name": "full name", + "id": "17957bd2-c4b2-4566-837c-a20bb8727a2e", + "name": "picture", "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { + "userinfo.token.claim": "true", + "user.attribute": "picture", "id.token.claim": "true", "access.token.claim": "true", - "userinfo.token.claim": "true" + "claim.name": "picture", + "jsonType.label": "String" } }, { - "id": "820f7a36-03eb-4503-aa11-5742efe7390e", - "name": "username", + "id": "51074a6f-5d59-4b26-b62a-7fb710029ce7", + "name": "gender", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "username", + "user.attribute": "gender", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "preferred_username", + "claim.name": "gender", "jsonType.label": "String" } }, { - "id": "233c42eb-c87d-4826-8bbc-4683c4f13a1a", - "name": "family name", + "id": "af54b82e-f672-4688-a440-25c6f2bd4e78", + "name": "profile", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "lastName", + "user.attribute": "profile", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "family_name", + "claim.name": "profile", "jsonType.label": "String" } - }, + } + ] + }, + { + "id": "6ebb70be-c92a-454c-b759-2a094afe96a9", + "name": "address", + "description": "OpenID Connect built-in scope: address", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${addressScopeConsentText}" + }, + "protocolMappers": [ { - "id": "eb34b957-ea38-41ac-9199-697e227985e7", - "name": "gender", + "id": "0aa5d230-954d-42fa-8cfa-9ad77ab61128", + "name": "address", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-address-mapper", "consentRequired": false, "config": { + "user.attribute.formatted": "formatted", + "user.attribute.country": "country", + "user.attribute.postal_code": "postal_code", "userinfo.token.claim": "true", - "user.attribute": "gender", + "user.attribute.street": "street", "id.token.claim": "true", + "user.attribute.region": "region", "access.token.claim": "true", - "claim.name": "gender", - "jsonType.label": "String" + "user.attribute.locality": "locality" } - }, + } + ] + }, + { + "id": "915b3bf7-466f-4a44-b52e-ac4ccab2307e", + "name": "microprofile-jwt", + "description": "Microprofile - JWT built-in scope", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ { - "id": "50ba7956-d15f-4d8c-90aa-da136f09dcb2", - "name": "website", + "id": "df0e9106-4fd5-4cfa-9554-939902d3f72f", + "name": "groups", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-usermodel-realm-role-mapper", "consentRequired": false, "config": { + "multivalued": "true", "userinfo.token.claim": "true", - "user.attribute": "website", + "user.attribute": "foo", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "website", + "claim.name": "groups", "jsonType.label": "String" } }, { - "id": "3f7b3d46-c9f0-43c2-90e9-e1a4874bdbcf", - "name": "given name", + "id": "e894e9a1-185b-40e4-b090-13a5dcb05e24", + "name": "upn", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "firstName", + "user.attribute": "username", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "given_name", + "claim.name": "upn", "jsonType.label": "String" } - }, + } + ] + }, + { + "id": "739c27ab-3430-4fda-8b9a-36f8c8e756bf", + "name": "phone", + "description": "OpenID Connect built-in scope: phone", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${phoneScopeConsentText}" + }, + "protocolMappers": [ { - "id": "01ac5e4b-4945-4667-be10-d29dc5e6ad47", - "name": "nickname", + "id": "67843942-48bf-40f8-a044-329edd454384", + "name": "phone number", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "nickname", + "user.attribute": "phoneNumber", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "nickname", + "claim.name": "phone_number", "jsonType.label": "String" } }, { - "id": "cdb0ce02-86a3-4e76-84f7-167ede3e0ecf", - "name": "zoneinfo", + "id": "ebd29556-5a0d-429e-96ad-a5f09fe97f5e", + "name": "phone number verified", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "zoneinfo", + "user.attribute": "phoneNumberVerified", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "zoneinfo", - "jsonType.label": "String" + "claim.name": "phone_number_verified", + "jsonType.label": "boolean" + } + } + ] + }, + { + "id": "97ee5b1a-63ee-4741-9b97-a933513934e2", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "67d4cdd7-13fc-4353-b32d-713b1a128d62", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + } + ] + }, + { + "id": "448b9039-0117-444d-a829-55ceaf53745a", + "name": "rayapiserver", + "description": "", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "gui.order": "", + "consent.screen.text": "" + }, + "protocolMappers": [ + { + "id": "946a541e-d0de-4126-8dd3-fc55ac79f934", + "name": "rayapiserver", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-mapper", + "consentRequired": false, + "config": { + "included.client.audience": "rayapiserver", + "id.token.claim": "true", + "access.token.claim": "true" } } ] }, { - "id": "04ef696e-7196-4c73-872d-10af8ebe4276", + "id": "81ea0941-13fd-4cfc-944a-7195e8636a35", "name": "email", "description": "OpenID Connect built-in scope: email", "protocol": "openid-connect", @@ -1465,7 +1481,7 @@ }, "protocolMappers": [ { - "id": "d8c56c76-ff18-4b37-b45a-237fcf8b2950", + "id": "f86d2554-a0e9-4efc-a39d-a5db3ac1b252", "name": "email verified", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-property-mapper", @@ -1480,7 +1496,7 @@ } }, { - "id": "d21719d1-850e-488f-a58d-a4e42c76f2a5", + "id": "a803daf8-d77d-4c4b-a5dc-b3e422b533ad", "name": "email", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-property-mapper", @@ -1495,6 +1511,27 @@ } } ] + }, + { + "id": "92a9ac5b-92c0-4516-abd2-28ab64dfe20f", + "name": "web-origins", + "description": "OpenID Connect scope for add allowed web origins to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false", + "consent.screen.text": "" + }, + "protocolMappers": [ + { + "id": "30b096fc-c615-4ad0-a8bc-5ff4ae8179e6", + "name": "allowed web origins", + "protocol": "openid-connect", + "protocolMapper": "oidc-allowed-origins-mapper", + "consentRequired": false, + "config": {} + } + ] } ], "defaultDefaultClientScopes": [ @@ -1502,7 +1539,8 @@ "profile", "email", "roles", - "web-origins" + "web-origins", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -1532,19 +1570,7 @@ "components": { "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ { - "id": "632544be-5a8c-4e7e-b3c8-4cb5faedcf66", - "name": "Max Clients Limit", - "providerId": "max-clients", - "subType": "anonymous", - "subComponents": {}, - "config": { - "max-clients": [ - "200" - ] - } - }, - { - "id": "3743b061-854b-43fd-8fcc-b687d015e9b5", + "id": "c7719aa8-cb64-41b0-9662-0ccf7cbd353f", "name": "Trusted Hosts", "providerId": "trusted-hosts", "subType": "anonymous", @@ -1559,7 +1585,26 @@ } }, { - "id": "7051cfe2-ab43-4faa-b40d-af6446b18167", + "id": "12c11176-207e-4409-a1b3-99aa1e1f8665", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "oidc-sha256-pairwise-sub-mapper", + "oidc-usermodel-attribute-mapper", + "oidc-full-name-mapper", + "oidc-address-mapper", + "saml-role-list-mapper", + "saml-user-property-mapper", + "oidc-usermodel-property-mapper", + "saml-user-attribute-mapper" + ] + } + }, + { + "id": "ac8014f0-e8db-46bf-80a9-e5c1b26e2a6f", "name": "Allowed Client Scopes", "providerId": "allowed-client-templates", "subType": "anonymous", @@ -1571,34 +1616,15 @@ } }, { - "id": "e0ec37dd-5965-48d3-81a6-3cb99629ccce", - "name": "Full Scope Disabled", - "providerId": "scope", + "id": "4cfbb988-5f41-428f-9413-b99237ba0ac9", + "name": "Consent Required", + "providerId": "consent-required", "subType": "anonymous", "subComponents": {}, "config": {} }, { - "id": "929899ea-bf1d-42b0-bd2a-9d1e432db44f", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "oidc-address-mapper", - "oidc-full-name-mapper", - "oidc-usermodel-property-mapper", - "saml-user-property-mapper", - "saml-role-list-mapper", - "oidc-sha256-pairwise-sub-mapper", - "saml-user-attribute-mapper", - "oidc-usermodel-attribute-mapper" - ] - } - }, - { - "id": "d4a2ebb9-a3ae-44be-8678-3e00952c4b94", + "id": "d3c4f159-594b-485c-bc07-a2f3dfef45a1", "name": "Allowed Client Scopes", "providerId": "allowed-client-templates", "subType": "authenticated", @@ -1610,55 +1636,48 @@ } }, { - "id": "891f4a61-7f6e-4523-af0f-f11c55e9113c", - "name": "Consent Required", - "providerId": "consent-required", + "id": "9a7c9d59-e643-4df6-a13e-838d10e42251", + "name": "Full Scope Disabled", + "providerId": "scope", "subType": "anonymous", "subComponents": {}, "config": {} }, { - "id": "bd63ffe9-c748-4d6a-85ea-4677fa6260c7", + "id": "4c2e8ffe-9c73-4ec0-8bb8-3ef0bb97777c", "name": "Allowed Protocol Mapper Types", "providerId": "allowed-protocol-mappers", - "subType": "authenticated", + "subType": "anonymous", "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "saml-user-property-mapper", - "oidc-usermodel-attribute-mapper", - "saml-user-attribute-mapper", - "oidc-usermodel-property-mapper", "oidc-address-mapper", - "oidc-full-name-mapper", + "oidc-usermodel-property-mapper", "saml-role-list-mapper", - "oidc-sha256-pairwise-sub-mapper" + "saml-user-property-mapper", + "oidc-full-name-mapper", + "oidc-sha256-pairwise-sub-mapper", + "saml-user-attribute-mapper", + "oidc-usermodel-attribute-mapper" ] } - } - ], - "org.keycloak.userprofile.UserProfileProvider": [ - { - "id": "41f8cc61-7aeb-44b5-ad6b-990382a76fad", - "providerId": "declarative-user-profile", - "subComponents": {}, - "config": {} - } - ], - "org.keycloak.keys.KeyProvider": [ + }, { - "id": "acd1a5ea-6013-4353-beb1-4b8b00f50970", - "name": "aes-generated", - "providerId": "aes-generated", + "id": "b65257b4-45b5-4721-9d21-3339cf937211", + "name": "Max Clients Limit", + "providerId": "max-clients", + "subType": "anonymous", "subComponents": {}, "config": { - "priority": [ - "100" + "max-clients": [ + "200" ] } - }, + } + ], + "org.keycloak.keys.KeyProvider": [ { - "id": "5b2b6b08-9d27-481a-9110-92ddba95a032", + "id": "de95f1d0-33eb-442f-bf2c-3684d19a083f", "name": "rsa-generated", "providerId": "rsa-generated", "subComponents": {}, @@ -1669,7 +1688,7 @@ } }, { - "id": "18f53e6d-9820-4064-ab92-4b4d59766399", + "id": "a426c7d7-a7de-4406-84e2-e73f9e854b4e", "name": "hmac-generated", "providerId": "hmac-generated", "subComponents": {}, @@ -1683,7 +1702,7 @@ } }, { - "id": "bb03bb29-3654-40bd-89cf-b97eb025fdf6", + "id": "55908bdd-159a-4c5c-b8ec-f4827ccde1d7", "name": "rsa-enc-generated", "providerId": "rsa-enc-generated", "subComponents": {}, @@ -1695,6 +1714,17 @@ "RSA-OAEP" ] } + }, + { + "id": "6368eb6c-d1d5-4d0a-b3d8-6c61f38808b2", + "name": "aes-generated", + "providerId": "aes-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ] + } } ] }, @@ -1702,7 +1732,7 @@ "supportedLocales": [], "authenticationFlows": [ { - "id": "9b9bd673-f110-4a4e-ac11-843a66e68b3a", + "id": "a9a29b0f-32e5-402f-b2cb-3d9759046ee1", "alias": "Account verification options", "description": "Method with which to verity the existing account", "providerId": "basic-flow", @@ -1714,21 +1744,21 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "6f683a06-820d-4ed6-9515-4df32eb81b2b", + "id": "387701d0-7ae1-41ec-873d-c2107cd90fbe", "alias": "Authentication Options", "description": "Authentication options.", "providerId": "basic-flow", @@ -1740,29 +1770,29 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "basic-auth-otp", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "941107ba-0473-434a-b421-002e4f1a69d5", + "id": "38674533-c339-4627-b25b-5bb9081425f2", "alias": "Browser - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -1774,21 +1804,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "ca433bce-5571-4ea7-a244-83943d7bb32a", + "id": "42c97c74-7561-4c46-ab6e-a66f261baf0c", "alias": "Direct Grant - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -1800,21 +1830,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "4889a6d9-7042-4834-9a2c-25cfcf7ceee7", + "id": "412ebb8b-4794-4044-a116-3396afdbe29e", "alias": "First broker login - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -1826,21 +1856,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "89683d07-86f4-4742-9427-c503aec8f5b2", + "id": "644fdce3-0270-4a86-9469-fa77778c41e1", "alias": "Handle Existing Account", "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", "providerId": "basic-flow", @@ -1852,21 +1882,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "f335ed3a-4d73-4a01-a454-e8028a75268b", + "id": "4b20ed55-2f08-4a4e-b5a4-fb98372f3a4a", "alias": "Reset - Conditional OTP", "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", "providerId": "basic-flow", @@ -1878,21 +1908,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "64fe78c2-bb50-4085-8cf7-3b398dacf85f", + "id": "61b52ad6-199e-45df-9bfd-14affce3fc79", "alias": "User creation or linking", "description": "Flow for the existing/non-existing user alternatives", "providerId": "basic-flow", @@ -1905,21 +1935,21 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "f7570db5-d586-4f6d-ba46-9c01a7c75208", + "id": "fe8e510e-05ac-4034-a408-23e335c78eb4", "alias": "Verify Existing Account by Re-authentication", "description": "Reauthentication of existing account", "providerId": "basic-flow", @@ -1931,21 +1961,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "d540056f-3c26-4bed-aafc-4e8b15f7a9c8", + "id": "9c7c4ea7-f617-4295-bba3-54592a6fbfd1", "alias": "browser", "description": "browser based authentication", "providerId": "basic-flow", @@ -1957,37 +1987,37 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "c68c0e86-4c68-4afb-9510-a13617149205", + "id": "75a73b01-3181-4ace-ba5c-d5765fa02ec6", "alias": "clients", "description": "Base authentication for clients", "providerId": "client-flow", @@ -1999,37 +2029,37 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "c20894af-e1c1-4003-80e0-2a1d3006b31f", + "id": "daae1984-a148-4888-92bf-5b3787d7d9c1", "alias": "direct grant", "description": "OpenID Connect Resource Owner Grant", "providerId": "basic-flow", @@ -2041,29 +2071,29 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "af8caa37-58f2-42fa-a65b-0bcf98bd9e6e", + "id": "f55cc7b8-781d-46fc-a89a-124b8a03a778", "alias": "docker auth", "description": "Used by Docker clients to authenticate against the IDP", "providerId": "basic-flow", @@ -2075,13 +2105,13 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "dd6c1bd1-b8d7-40b0-ab1a-db85cc3461d8", + "id": "0193e573-0c77-4103-9369-23dce00cc5d4", "alias": "first broker login", "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", "providerId": "basic-flow", @@ -2094,21 +2124,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "3ce923e0-c377-4ccb-9f95-061aabc04bef", + "id": "0b4ac7e4-ca44-46b1-9939-9e98f90d888a", "alias": "forms", "description": "Username, password, otp and other auth forms.", "providerId": "basic-flow", @@ -2120,21 +2150,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "771ee177-6a6d-47d7-97e1-16bc28583d27", + "id": "4d56ed78-15ca-4457-a14b-1a9831204372", "alias": "http challenge", "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", "providerId": "basic-flow", @@ -2146,21 +2176,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "d6c90c8d-5f7a-4653-81d7-188074cc2ffe", + "id": "8a8d4c7d-a55f-494f-9219-056eefcc562f", "alias": "registration", "description": "registration flow", "providerId": "basic-flow", @@ -2172,14 +2202,14 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "5aeb15de-bf71-4444-8867-62fd4d347e16", + "id": "afb69941-16d0-4536-a029-fc55a5cfd8a6", "alias": "registration form", "description": "registration form", "providerId": "form-flow", @@ -2191,37 +2221,37 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "6192846f-4ecf-4fea-9fe6-2ce2d6cef01b", + "id": "9d7fc369-9439-43bf-9680-f9cf66e267b0", "alias": "reset credentials", "description": "Reset credentials for a user if they forgot their password or something", "providerId": "basic-flow", @@ -2233,37 +2263,37 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "5bf41189-9e07-4178-b203-542b69d751a6", + "id": "8ccf5a6b-ebf0-4ecb-a921-5661949b39dc", "alias": "saml ecp", "description": "SAML ECP Profile Authentication Flow", "providerId": "basic-flow", @@ -2275,22 +2305,22 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } ], "authenticatorConfig": [ { - "id": "96c00f93-64c6-4e2f-b784-e03213c6582e", + "id": "b342e669-0e45-49a0-9059-5cb15936d6e5", "alias": "create unique user config", "config": { "require.password.update.after.registration": "false" } }, { - "id": "44007966-d7cc-47d3-b966-13e6278a878f", + "id": "113563dc-7a40-4146-a0dc-d02f24225499", "alias": "review profile config", "config": { "update.profile.on.first.login": "missing" @@ -2352,6 +2382,24 @@ "priority": 60, "config": {} }, + { + "alias": "webauthn-register", + "name": "Webauthn Register", + "providerId": "webauthn-register", + "enabled": true, + "defaultAction": false, + "priority": 70, + "config": {} + }, + { + "alias": "webauthn-register-passwordless", + "name": "Webauthn Register Passwordless", + "providerId": "webauthn-register-passwordless", + "enabled": true, + "defaultAction": false, + "priority": 80, + "config": {} + }, { "alias": "update_user_locale", "name": "Update User Locale", @@ -2379,9 +2427,10 @@ "parRequestUriLifespan": "60", "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false" }, - "keycloakVersion": "16.1.0", + "keycloakVersion": "20.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] @@ -2389,4 +2438,4 @@ "clientPolicies": { "policies": [] } -} +} \ No newline at end of file