From 0aab4dfa0dc52d01b3693e6aa7df372331e9ab36 Mon Sep 17 00:00:00 2001 From: Sergey Beryozkin Date: Mon, 22 Aug 2022 15:33:56 +0100 Subject: [PATCH] Get OIDC quickstarts working with 19.0.1 --- .../config/quarkus-realm.json | 1480 ++++++++++------ .../pom.xml | 2 +- .../src/main/resources/application.properties | 7 +- .../acme/quickstart/oidc/KeycloakServer.java | 4 +- .../config/quarkus-realm.json | 1511 ++++++++++------- 5 files changed, 1834 insertions(+), 1170 deletions(-) diff --git a/security-keycloak-authorization-quickstart/config/quarkus-realm.json b/security-keycloak-authorization-quickstart/config/quarkus-realm.json index 51d814ce5f..01906593ae 100644 --- a/security-keycloak-authorization-quickstart/config/quarkus-realm.json +++ b/security-keycloak-authorization-quickstart/config/quarkus-realm.json @@ -1,7 +1,8 @@ { - "id" : "11d78bf6-6d10-4484-baba-a1388379d68b", + "id" : "36382947-8ffa-4a8a-9881-2b7eeb84f800", "realm" : "quarkus", "notBefore" : 0, + "defaultSignatureAlgorithm" : "RS256", "revokeRefreshToken" : false, "refreshTokenMaxReuse" : 0, "accessTokenLifespan" : 300, @@ -13,11 +14,17 @@ "offlineSessionIdleTimeout" : 2592000, "offlineSessionMaxLifespanEnabled" : false, "offlineSessionMaxLifespan" : 5184000, + "clientSessionIdleTimeout" : 0, + "clientSessionMaxLifespan" : 0, + "clientOfflineSessionIdleTimeout" : 0, + "clientOfflineSessionMaxLifespan" : 0, "accessCodeLifespan" : 60, "accessCodeLifespanUserAction" : 300, "accessCodeLifespanLogin" : 1800, "actionTokenGeneratedByAdminLifespan" : 43200, "actionTokenGeneratedByUserLifespan" : 300, + "oauth2DeviceCodeLifespan" : 600, + "oauth2DevicePollingInterval" : 5, "enabled" : true, "sslRequired" : "external", "registrationAllowed" : false, @@ -37,185 +44,193 @@ "maxDeltaTimeSeconds" : 43200, "failureFactor" : 30, "roles" : { - "realm" : [ { + "realm" : [ + { "id" : "3fc80564-13ac-4e7b-9986-322f571e82bc", "name" : "confidential", "composite" : false, "clientRole" : false, - "containerId" : "11d78bf6-6d10-4484-baba-a1388379d68b", - "attributes" : { } - }, { - "id" : "39eb64c8-66a9-4983-9c81-27ea7e2f6273", - "name" : "uma_authorization", - "description" : "${role_uma_authorization}", - "composite" : false, - "clientRole" : false, - "containerId" : "11d78bf6-6d10-4484-baba-a1388379d68b", + "containerId" : "36382947-8ffa-4a8a-9881-2b7eeb84f800", "attributes" : { } }, { "id" : "8c1abe12-62fe-4a06-ae0d-f5fb67dddbb0", "name" : "admin", "composite" : false, "clientRole" : false, - "containerId" : "11d78bf6-6d10-4484-baba-a1388379d68b", + "containerId" : "36382947-8ffa-4a8a-9881-2b7eeb84f800", "attributes" : { } - }, { + }, { "id" : "5afce544-6a3c-495f-b805-fd737cf5081e", "name" : "user", "composite" : false, + "clientRole" : false, + "containerId" : "36382947-8ffa-4a8a-9881-2b7eeb84f800", + "attributes" : { } + }, + { + "id" : "2b6632ed-9e3b-4e28-86ed-1d0239c7cefc", + "name" : "uma_authorization", + "description" : "${role_uma_authorization}", + "composite" : false, + "clientRole" : false, + "containerId" : "36382947-8ffa-4a8a-9881-2b7eeb84f800", + "attributes" : { } + }, { + "id" : "d70f9032-c77a-4aca-88d8-d914ee2905a4", + "name" : "default-roles-quarkus", + "description" : "${role_default-roles}", + "composite" : true, + "composites" : { + "realm" : [ "offline_access", "uma_authorization" ], + "client" : { + "account" : [ "manage-account", "view-profile" ] + } + }, "clientRole" : false, - "containerId" : "11d78bf6-6d10-4484-baba-a1388379d68b", + "containerId" : "36382947-8ffa-4a8a-9881-2b7eeb84f800", "attributes" : { } }, { - "id" : "bc431d62-a80a-425b-961a-0fb3fc59006d", + "id" : "5dbf8bd3-db6f-4394-94f9-b311d08baf4c", "name" : "offline_access", "description" : "${role_offline-access}", "composite" : false, "clientRole" : false, - "containerId" : "11d78bf6-6d10-4484-baba-a1388379d68b", + "containerId" : "36382947-8ffa-4a8a-9881-2b7eeb84f800", "attributes" : { } } ], "client" : { "realm-management" : [ { - "id" : "7db1f38d-d436-4725-93fd-030a3bbe628e", - "name" : "manage-identity-providers", - "description" : "${role_manage-identity-providers}", - "composite" : false, - "clientRole" : true, - "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748", - "attributes" : { } - }, { - "id" : "1163b9bd-7319-4154-a25f-0101b2548d21", - "name" : "impersonation", - "description" : "${role_impersonation}", + "id" : "6c2447e9-a8ca-402b-953c-944123312933", + "name" : "query-clients", + "description" : "${role_query-clients}", "composite" : false, "clientRole" : true, - "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748", + "containerId" : "911f7ea1-5e42-4fdd-a0d9-767c62cbc41f", "attributes" : { } }, { - "id" : "73d0a556-072b-404f-bf8e-10e2544c8c27", + "id" : "d321086a-5816-404d-bcc7-7984dd83d36b", "name" : "view-identity-providers", "description" : "${role_view-identity-providers}", "composite" : false, "clientRole" : true, - "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748", + "containerId" : "911f7ea1-5e42-4fdd-a0d9-767c62cbc41f", "attributes" : { } }, { - "id" : "7e727e28-2095-4443-b2da-865e684f2308", - "name" : "view-realm", - "description" : "${role_view-realm}", + "id" : "6073c9f6-b1c2-4680-9d28-ab1254618b7b", + "name" : "manage-authorization", + "description" : "${role_manage-authorization}", "composite" : false, "clientRole" : true, - "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748", + "containerId" : "911f7ea1-5e42-4fdd-a0d9-767c62cbc41f", "attributes" : { } }, { - "id" : "df9e5352-f835-4467-bcaf-cb1b5f55c1ec", - "name" : "query-users", - "description" : "${role_query-users}", - "composite" : false, + "id" : "e2f20b42-23d3-4e88-a2ef-1bfeb6716020", + "name" : "view-users", + "description" : "${role_view-users}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "query-groups", "query-users" ] + } + }, "clientRole" : true, - "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748", + "containerId" : "911f7ea1-5e42-4fdd-a0d9-767c62cbc41f", "attributes" : { } }, { - "id" : "fa77909a-32a3-41ae-9983-2b92ae03080c", - "name" : "manage-clients", - "description" : "${role_manage-clients}", + "id" : "f07629cf-203d-4beb-8dbf-ec8aa1f035b3", + "name" : "impersonation", + "description" : "${role_impersonation}", "composite" : false, "clientRole" : true, - "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748", + "containerId" : "911f7ea1-5e42-4fdd-a0d9-767c62cbc41f", "attributes" : { } }, { - "id" : "a8780507-dc72-4433-8b95-b8e4f3c37d0e", - "name" : "manage-events", - "description" : "${role_manage-events}", + "id" : "832b6db4-d305-4141-b56c-6e93a78a3e68", + "name" : "create-client", + "description" : "${role_create-client}", "composite" : false, "clientRole" : true, - "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748", + "containerId" : "911f7ea1-5e42-4fdd-a0d9-767c62cbc41f", "attributes" : { } }, { - "id" : "f7f4697a-3977-42f6-af86-9bb006cf4d04", + "id" : "bfc8e0e6-341f-4355-bebb-da64f28ff13f", "name" : "realm-admin", "description" : "${role_realm-admin}", "composite" : true, "composites" : { "client" : { - "realm-management" : [ "impersonation", "manage-identity-providers", "view-identity-providers", "view-realm", "query-users", "manage-clients", "manage-events", "manage-realm", "view-authorization", "manage-authorization", "view-users", "create-client", "query-clients", "query-groups", "manage-users", "view-clients", "view-events", "query-realms" ] + "realm-management" : [ "query-clients", "view-identity-providers", "manage-authorization", "view-users", "impersonation", "create-client", "manage-events", "query-groups", "view-authorization", "query-users", "manage-realm", "manage-identity-providers", "view-realm", "view-clients", "manage-clients", "query-realms", "view-events", "manage-users" ] } }, "clientRole" : true, - "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748", + "containerId" : "911f7ea1-5e42-4fdd-a0d9-767c62cbc41f", "attributes" : { } }, { - "id" : "ca7dc1ce-a981-4efe-b3f0-a7192b6d3943", - "name" : "manage-realm", - "description" : "${role_manage-realm}", + "id" : "894aaa75-29f9-452c-9ea3-429a51404575", + "name" : "manage-events", + "description" : "${role_manage-events}", "composite" : false, "clientRole" : true, - "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748", + "containerId" : "911f7ea1-5e42-4fdd-a0d9-767c62cbc41f", "attributes" : { } }, { - "id" : "a0ab4faa-00a9-4f52-ac9f-8e764b6a8126", - "name" : "view-authorization", - "description" : "${role_view-authorization}", + "id" : "d6e53477-0d1f-46f6-ace8-0b81e658196a", + "name" : "query-groups", + "description" : "${role_query-groups}", "composite" : false, "clientRole" : true, - "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748", + "containerId" : "911f7ea1-5e42-4fdd-a0d9-767c62cbc41f", "attributes" : { } }, { - "id" : "0b4ed5e0-eceb-4d81-ba05-fa67022abe59", - "name" : "manage-authorization", - "description" : "${role_manage-authorization}", + "id" : "d7141f22-ae51-489e-861c-9cb12f943fec", + "name" : "view-authorization", + "description" : "${role_view-authorization}", "composite" : false, "clientRole" : true, - "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748", + "containerId" : "911f7ea1-5e42-4fdd-a0d9-767c62cbc41f", "attributes" : { } }, { - "id" : "c10336be-06f3-40ef-bef5-28d8c9b8a1e2", - "name" : "create-client", - "description" : "${role_create-client}", + "id" : "692bf834-049f-4f15-95cf-7b40cadf4272", + "name" : "query-users", + "description" : "${role_query-users}", "composite" : false, "clientRole" : true, - "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748", + "containerId" : "911f7ea1-5e42-4fdd-a0d9-767c62cbc41f", "attributes" : { } }, { - "id" : "1a1ffadc-11d5-44ea-bac0-d94372c8ae5c", - "name" : "view-users", - "description" : "${role_view-users}", - "composite" : true, - "composites" : { - "client" : { - "realm-management" : [ "query-groups", "query-users" ] - } - }, + "id" : "1cc2c76c-6b2f-47d0-bf0a-e260247f2e73", + "name" : "manage-realm", + "description" : "${role_manage-realm}", + "composite" : false, "clientRole" : true, - "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748", + "containerId" : "911f7ea1-5e42-4fdd-a0d9-767c62cbc41f", "attributes" : { } }, { - "id" : "5ba9a1a3-9027-4531-8253-b91f6058513c", - "name" : "query-clients", - "description" : "${role_query-clients}", + "id" : "a3f00bf1-2b0e-4127-bbd7-f2c8f9005ea9", + "name" : "manage-identity-providers", + "description" : "${role_manage-identity-providers}", "composite" : false, "clientRole" : true, - "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748", + "containerId" : "911f7ea1-5e42-4fdd-a0d9-767c62cbc41f", "attributes" : { } }, { - "id" : "b4fba807-7a7e-4e3e-bd31-45703305a9e3", - "name" : "query-groups", - "description" : "${role_query-groups}", + "id" : "349db29b-1e3f-4e94-91a5-3afb1f1ce789", + "name" : "view-realm", + "description" : "${role_view-realm}", "composite" : false, "clientRole" : true, - "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748", + "containerId" : "911f7ea1-5e42-4fdd-a0d9-767c62cbc41f", "attributes" : { } }, { - "id" : "c9384254-0af3-434c-b4ed-7c94f59a8247", - "name" : "manage-users", - "description" : "${role_manage-users}", + "id" : "e454c0c4-846e-4af3-8f27-2c864e30517f", + "name" : "manage-clients", + "description" : "${role_manage-clients}", "composite" : false, "clientRole" : true, - "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748", + "containerId" : "911f7ea1-5e42-4fdd-a0d9-767c62cbc41f", "attributes" : { } }, { - "id" : "9a0022f2-bd58-4418-828c-a8e7abe3346b", + "id" : "d085f668-dae1-4908-b755-39b223c16d29", "name" : "view-clients", "description" : "${role_view-clients}", "composite" : true, @@ -225,23 +240,31 @@ } }, "clientRole" : true, - "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748", + "containerId" : "911f7ea1-5e42-4fdd-a0d9-767c62cbc41f", "attributes" : { } }, { - "id" : "83df8311-4366-4d22-9425-eccc343faa3f", - "name" : "view-events", - "description" : "${role_view-events}", + "id" : "ba4367d7-94bb-43d8-b175-7842dbfe3102", + "name" : "manage-users", + "description" : "${role_manage-users}", "composite" : false, "clientRole" : true, - "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748", + "containerId" : "911f7ea1-5e42-4fdd-a0d9-767c62cbc41f", "attributes" : { } }, { - "id" : "e81bf277-047f-4bdd-afd6-59e2016c5066", + "id" : "632628d0-f783-4114-97b2-2622a76e5674", "name" : "query-realms", "description" : "${role_query-realms}", "composite" : false, "clientRole" : true, - "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748", + "containerId" : "911f7ea1-5e42-4fdd-a0d9-767c62cbc41f", + "attributes" : { } + }, { + "id" : "7ec35cf2-029b-47ac-a570-e32dfb4821e8", + "name" : "view-events", + "description" : "${role_view-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "911f7ea1-5e42-4fdd-a0d9-767c62cbc41f", "attributes" : { } } ], "security-admin-console" : [ ], @@ -252,51 +275,96 @@ "composite" : false, "clientRole" : true, "containerId" : "0ac5df91-e044-4051-bd03-106a3a5fb9cc", - "attributes" : { } - } ], + "attributes" : { } + } ], + "account-console" : [ ], "broker" : [ { - "id" : "d36865b0-7ade-4bcd-a7dc-1dacbd80f169", + "id" : "fa00b5ce-10f0-4643-91f4-4092121a55ec", "name" : "read-token", "description" : "${role_read-token}", "composite" : false, "clientRole" : true, - "containerId" : "53d4fe53-a039-471e-886a-28eddc950e95", + "containerId" : "371a2b90-ebb3-4255-9d2e-bc3949d5bd2a", "attributes" : { } } ], "account" : [ { - "id" : "539325a0-d9b3-4821-97ee-d42999296b62", - "name" : "view-profile", - "description" : "${role_view-profile}", + "id" : "1b242c4a-3141-40c5-bd67-66e6c21ad91b", + "name" : "manage-account", + "description" : "${role_manage-account}", + "composite" : true, + "composites" : { + "client" : { + "account" : [ "manage-account-links" ] + } + }, + "clientRole" : true, + "containerId" : "f362cd79-8596-407b-9e01-7c999e43d488", + "attributes" : { } + }, { + "id" : "4943cb69-5dc1-42ba-a7b4-60b841b49a92", + "name" : "delete-account", + "description" : "${role_delete-account}", "composite" : false, "clientRole" : true, - "containerId" : "e55e1234-38fa-432d-8d90-39f5e024688d", + "containerId" : "f362cd79-8596-407b-9e01-7c999e43d488", "attributes" : { } }, { - "id" : "e4af836c-c884-4a57-8b1d-fb673b0fe3a5", - "name" : "manage-account", - "description" : "${role_manage-account}", + "id" : "b910b7e5-7f8f-4c7f-ab9a-27a9df77e062", + "name" : "view-applications", + "description" : "${role_view-applications}", + "composite" : false, + "clientRole" : true, + "containerId" : "f362cd79-8596-407b-9e01-7c999e43d488", + "attributes" : { } + }, { + "id" : "db73da06-3099-4b11-97c6-13c403dab0ae", + "name" : "manage-consent", + "description" : "${role_manage-consent}", "composite" : true, "composites" : { "client" : { - "account" : [ "manage-account-links" ] + "account" : [ "view-consent" ] } }, "clientRole" : true, - "containerId" : "e55e1234-38fa-432d-8d90-39f5e024688d", + "containerId" : "f362cd79-8596-407b-9e01-7c999e43d488", + "attributes" : { } + }, { + "id" : "2d40ac4f-48be-47f9-bf1f-458354158de9", + "name" : "view-profile", + "description" : "${role_view-profile}", + "composite" : false, + "clientRole" : true, + "containerId" : "f362cd79-8596-407b-9e01-7c999e43d488", "attributes" : { } }, { - "id" : "35d1c998-bcae-4ab1-a026-4c67bff49a98", + "id" : "2713bb5d-2760-44f4-a276-28bcf6bdbe8e", "name" : "manage-account-links", "description" : "${role_manage-account-links}", "composite" : false, "clientRole" : true, - "containerId" : "e55e1234-38fa-432d-8d90-39f5e024688d", + "containerId" : "f362cd79-8596-407b-9e01-7c999e43d488", + "attributes" : { } + }, { + "id" : "228b74ca-9239-4fdc-a81c-59f324a9e4e8", + "name" : "view-consent", + "description" : "${role_view-consent}", + "composite" : false, + "clientRole" : true, + "containerId" : "f362cd79-8596-407b-9e01-7c999e43d488", "attributes" : { } } ] } }, "groups" : [ ], - "defaultRoles" : [ "uma_authorization", "offline_access" ], + "defaultRole" : { + "id" : "d70f9032-c77a-4aca-88d8-d914ee2905a4", + "name" : "default-roles-quarkus", + "description" : "${role_default-roles}", + "composite" : true, + "clientRole" : false, + "containerId" : "36382947-8ffa-4a8a-9881-2b7eeb84f800" + }, "requiredCredentials" : [ "password" ], "otpPolicyType" : "totp", "otpPolicyAlgorithm" : "HmacSHA1", @@ -305,21 +373,47 @@ "otpPolicyLookAheadWindow" : 1, "otpPolicyPeriod" : 30, "otpSupportedApplications" : [ "FreeOTP", "Google Authenticator" ], + "webAuthnPolicyRpEntityName" : "keycloak", + "webAuthnPolicySignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyRpId" : "", + "webAuthnPolicyAttestationConveyancePreference" : "not specified", + "webAuthnPolicyAuthenticatorAttachment" : "not specified", + "webAuthnPolicyRequireResidentKey" : "not specified", + "webAuthnPolicyUserVerificationRequirement" : "not specified", + "webAuthnPolicyCreateTimeout" : 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyAcceptableAaguids" : [ ], + "webAuthnPolicyPasswordlessRpEntityName" : "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyPasswordlessRpId" : "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified", + "webAuthnPolicyPasswordlessCreateTimeout" : 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ], "scopeMappings" : [ { "clientScope" : "offline_access", "roles" : [ "offline_access" ] } ], + "clientScopeMappings" : { + "account" : [ { + "client" : "account-console", + "roles" : [ "manage-account" ] + } ] + }, "clients" : [ { - "id" : "e55e1234-38fa-432d-8d90-39f5e024688d", + "id" : "f362cd79-8596-407b-9e01-7c999e43d488", "clientId" : "account", "name" : "${client_account}", - "baseUrl" : "/auth/realms/quarkus/account", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/quarkus/account/", "surrogateAuthRequired" : false, "enabled" : true, + "alwaysDisplayInConsole" : false, "clientAuthenticatorType" : "client-secret", - "secret" : "0136c3ef-0dfd-4b13-a6d0-2c8b6358edec", - "defaultRoles" : [ "view-profile", "manage-account" ], - "redirectUris" : [ "/auth/realms/quarkus/account/*" ], + "redirectUris" : [ "/realms/quarkus/account/*" ], "webOrigins" : [ ], "notBefore" : 0, "bearerOnly" : false, @@ -328,23 +422,64 @@ "implicitFlowEnabled" : false, "directAccessGrantsEnabled" : false, "serviceAccountsEnabled" : false, - "publicClient" : false, + "publicClient" : true, "frontchannelLogout" : false, "protocol" : "openid-connect", - "attributes" : { }, + "attributes" : { + "post.logout.redirect.uris" : "+" + }, "authenticationFlowBindingOverrides" : { }, "fullScopeAllowed" : false, "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ], + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "1148f171-a813-463d-bc3d-61b47c300a31", + "clientId" : "account-console", + "name" : "${client_account-console}", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/quarkus/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/realms/quarkus/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+", + "pkce.code.challenge.method" : "S256" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "32fb140b-17b0-4c5c-9138-d9a9bc2d3eb1", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { } + } ], + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { - "id" : "e9cc41a2-8e35-4d5e-949e-4879880c2ddb", + "id" : "16fb473f-45e3-40bb-81bf-4c7f69b92ae2", "clientId" : "admin-cli", "name" : "${client_admin-cli}", "surrogateAuthRequired" : false, "enabled" : true, + "alwaysDisplayInConsole" : false, "clientAuthenticatorType" : "client-secret", - "secret" : "a951803a-79c7-46a6-8197-e32835286971", "redirectUris" : [ ], "webOrigins" : [ ], "notBefore" : 0, @@ -361,20 +496,20 @@ "authenticationFlowBindingOverrides" : { }, "fullScopeAllowed" : false, "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ], + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { - "id" : "53d4fe53-a039-471e-886a-28eddc950e95", + "id" : "371a2b90-ebb3-4255-9d2e-bc3949d5bd2a", "clientId" : "broker", "name" : "${client_broker}", "surrogateAuthRequired" : false, "enabled" : true, + "alwaysDisplayInConsole" : false, "clientAuthenticatorType" : "client-secret", - "secret" : "e1f7edd7-e15c-43b4-8736-ff8204d16836", "redirectUris" : [ ], "webOrigins" : [ ], "notBefore" : 0, - "bearerOnly" : false, + "bearerOnly" : true, "consentRequired" : false, "standardFlowEnabled" : true, "implicitFlowEnabled" : false, @@ -387,30 +522,30 @@ "authenticationFlowBindingOverrides" : { }, "fullScopeAllowed" : false, "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ], + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { "id" : "0ac5df91-e044-4051-bd03-106a3a5fb9cc", "clientId" : "backend-service", - "surrogateAuthRequired" : false, - "enabled" : true, - "clientAuthenticatorType" : "client-secret", + "surrogateAuthRequired" : false, + "enabled" : true, + "clientAuthenticatorType" : "client-secret", "secret" : "secret", "redirectUris" : ["*"], - "webOrigins" : [ ], - "notBefore" : 0, + "webOrigins" : [ ], + "notBefore" : 0, "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, "directAccessGrantsEnabled" : true, "serviceAccountsEnabled" : true, "authorizationServicesEnabled" : true, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { }, - "authenticationFlowBindingOverrides" : { }, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, "fullScopeAllowed" : true, "nodeReRegistrationTimeout" : -1, "protocolMappers" : [ { @@ -527,14 +662,14 @@ "scopes": [], "decisionStrategy": "UNANIMOUS" } - }, { - "id" : "376bd940-e50a-4495-80fc-9c6c07312748", + }, { + "id" : "911f7ea1-5e42-4fdd-a0d9-767c62cbc41f", "clientId" : "realm-management", "name" : "${client_realm-management}", "surrogateAuthRequired" : false, "enabled" : true, + "alwaysDisplayInConsole" : false, "clientAuthenticatorType" : "client-secret", - "secret" : "c41b709a-a012-4c69-89d7-4f926dba0619", "redirectUris" : [ ], "webOrigins" : [ ], "notBefore" : 0, @@ -551,19 +686,20 @@ "authenticationFlowBindingOverrides" : { }, "fullScopeAllowed" : false, "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ], + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { - "id" : "a8732cac-ae0f-44ec-b7f3-bd2c41eff13c", + "id" : "36f4981a-8b47-45ec-a24c-0d6832dce7a6", "clientId" : "security-admin-console", "name" : "${client_security-admin-console}", - "baseUrl" : "/auth/admin/quarkus/console/index.html", + "rootUrl" : "${authAdminUrl}", + "baseUrl" : "/admin/quarkus/console/", "surrogateAuthRequired" : false, "enabled" : true, + "alwaysDisplayInConsole" : false, "clientAuthenticatorType" : "client-secret", - "secret" : "e571b211-2550-475d-b87f-116ff54091ee", - "redirectUris" : [ "/auth/admin/quarkus/console/*" ], - "webOrigins" : [ ], + "redirectUris" : [ "/admin/quarkus/console/*" ], + "webOrigins" : [ "+" ], "notBefore" : 0, "bearerOnly" : false, "consentRequired" : false, @@ -574,12 +710,15 @@ "publicClient" : true, "frontchannelLogout" : false, "protocol" : "openid-connect", - "attributes" : { }, + "attributes" : { + "post.logout.redirect.uris" : "+", + "pkce.code.challenge.method" : "S256" + }, "authenticationFlowBindingOverrides" : { }, "fullScopeAllowed" : false, "nodeReRegistrationTimeout" : 0, "protocolMappers" : [ { - "id" : "280528ca-5e96-4bb9-9fc0-20311caac32d", + "id" : "5ae0eba8-8f29-4048-8b57-b5b3878df79c", "name" : "locale", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", @@ -593,101 +732,117 @@ "jsonType.label" : "String" } } ], - "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ], + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] } ], "clientScopes" : [ { - "id" : "520cc3ef-2c6b-4d84-bcde-8c063241f4bd", - "name" : "address", - "description" : "OpenID Connect built-in scope: address", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${addressScopeConsentText}" - }, - "protocolMappers" : [ { - "id" : "c1d3bd07-0a5f-4f4f-b381-c58a7b723029", - "name" : "address", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-address-mapper", - "consentRequired" : false, - "config" : { - "user.attribute.formatted" : "formatted", - "user.attribute.country" : "country", - "user.attribute.postal_code" : "postal_code", - "userinfo.token.claim" : "true", - "user.attribute.street" : "street", - "id.token.claim" : "true", - "user.attribute.region" : "region", - "access.token.claim" : "true", - "user.attribute.locality" : "locality" - } - } ] - }, { - "id" : "19920c96-a383-4f35-8ee9-27833263cf03", - "name" : "email", - "description" : "OpenID Connect built-in scope: email", + "id" : "e17e3fdf-518f-44d8-9a8e-5743fe656c26", + "name" : "phone", + "description" : "OpenID Connect built-in scope: phone", "protocol" : "openid-connect", "attributes" : { "include.in.token.scope" : "true", "display.on.consent.screen" : "true", - "consent.screen.text" : "${emailScopeConsentText}" + "consent.screen.text" : "${phoneScopeConsentText}" }, "protocolMappers" : [ { - "id" : "36a0adf0-6c25-419f-98d7-cdeada8661aa", - "name" : "email", + "id" : "e12d0fe6-2aa8-4809-a8f5-69fc5d41ba0d", + "name" : "phone number", "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", + "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", - "user.attribute" : "email", + "user.attribute" : "phoneNumber", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "email", + "claim.name" : "phone_number", "jsonType.label" : "String" } }, { - "id" : "b0c39901-5e5d-4436-b685-908bb90ea1d9", - "name" : "email verified", + "id" : "005aa9ba-7a81-49be-b14f-fecbbfc22111", + "name" : "phone number verified", "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", + "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", - "user.attribute" : "emailVerified", + "user.attribute" : "phoneNumberVerified", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "email_verified", + "claim.name" : "phone_number_verified", "jsonType.label" : "boolean" } } ] }, { - "id" : "55b3ee1c-cbf9-4526-93d7-aa56a9c5f1cb", - "name" : "microprofile-jwt", - "description" : "Microprofile - JWT built-in scope", + "id" : "c0c00c6d-85fc-40ed-b15a-693825b9f3a8", + "name" : "roles", + "description" : "OpenID Connect scope for add user roles to the access token", "protocol" : "openid-connect", "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "false" + "include.in.token.scope" : "false", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${rolesScopeConsentText}" }, "protocolMappers" : [ { - "id" : "59128144-a21a-4744-bb55-e66ff0503b18", - "name" : "upn", + "id" : "9c4af8e8-d303-4520-ae81-f87190c2bbc6", + "name" : "realm roles", "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", "consentRequired" : false, "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "username", - "id.token.claim" : "true", + "user.attribute" : "foo", "access.token.claim" : "true", - "claim.name" : "upn", - "jsonType.label" : "String" + "claim.name" : "realm_access.roles", + "jsonType.label" : "String", + "multivalued" : "true" + } + }, { + "id" : "03a3006b-c808-4b19-a5ec-b01a14b3b00e", + "name" : "client roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-client-role-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "foo", + "access.token.claim" : "true", + "claim.name" : "resource_access.${client_id}.roles", + "jsonType.label" : "String", + "multivalued" : "true" + } + }, { + "id" : "e606f224-24c8-46e3-ac5a-01e7fadb1562", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { } + } ] + }, { + "id" : "74626818-9744-416e-ae77-d13be8940fee", + "name" : "microprofile-jwt", + "description" : "Microprofile - JWT built-in scope", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "13e76b05-7d24-43f4-ad4e-1d7655853512", + "name" : "upn", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "upn", + "jsonType.label" : "String" } }, { - "id" : "69351a63-7d6e-45d0-be47-088c83b20fdb", + "id" : "0adad4c2-dbea-4105-a0c0-a6062c60a3f6", "name" : "groups", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-realm-role-mapper", @@ -702,55 +857,84 @@ } } ] }, { - "id" : "3f190f54-8e3a-4c82-a799-bd12ddc475b2", - "name" : "offline_access", - "description" : "OpenID Connect built-in scope: offline_access", + "id" : "bd050b86-7be1-42a0-b2f6-b681183e560a", + "name" : "web-origins", + "description" : "OpenID Connect scope for add allowed web origins to the access token", "protocol" : "openid-connect", "attributes" : { - "consent.screen.text" : "${offlineAccessScopeConsentText}", - "display.on.consent.screen" : "true" - } + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false", + "consent.screen.text" : "" + }, + "protocolMappers" : [ { + "id" : "cc7f1c4e-c15b-425a-b2c4-c21e180f882f", + "name" : "allowed web origins", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-allowed-origins-mapper", + "consentRequired" : false, + "config" : { } + } ] }, { - "id" : "defa3480-5368-4f34-8075-49fb982b71b3", - "name" : "phone", - "description" : "OpenID Connect built-in scope: phone", + "id" : "47595a41-97d2-48b9-84e9-f66d9820ea9d", + "name" : "email", + "description" : "OpenID Connect built-in scope: email", "protocol" : "openid-connect", "attributes" : { "include.in.token.scope" : "true", "display.on.consent.screen" : "true", - "consent.screen.text" : "${phoneScopeConsentText}" + "consent.screen.text" : "${emailScopeConsentText}" }, "protocolMappers" : [ { - "id" : "069ae414-9e98-4612-a3d6-e8b5a1fa841d", - "name" : "phone number verified", + "id" : "9150603e-ebc9-467e-a254-72d910622fa7", + "name" : "email verified", "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", + "protocolMapper" : "oidc-usermodel-property-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", - "user.attribute" : "phoneNumberVerified", + "user.attribute" : "emailVerified", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "phone_number_verified", + "claim.name" : "email_verified", "jsonType.label" : "boolean" } }, { - "id" : "cea58e24-d0e0-4cc6-9e34-7b3bf7d6d85b", - "name" : "phone number", + "id" : "4f028250-4036-498d-894a-d356d251110a", + "name" : "email", "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", + "protocolMapper" : "oidc-usermodel-property-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", - "user.attribute" : "phoneNumber", + "user.attribute" : "email", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "phone_number", + "claim.name" : "email", "jsonType.label" : "String" } } ] }, { - "id" : "b7321e2e-dd8e-41cf-a527-c765155c3f78", + "id" : "e7401ec2-c877-4522-b390-d7ac13abfd22", + "name" : "acr", + "description" : "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "90848608-3013-47dc-b6bd-e7d16e150cdd", + "name" : "acr loa level", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-acr-mapper", + "consentRequired" : false, + "config" : { + "id.token.claim" : "true", + "access.token.claim" : "true" + } + } ] + }, { + "id" : "dad89a6f-c6d3-485c-87c0-79bf304310dd", "name" : "profile", "description" : "OpenID Connect built-in scope: profile", "protocol" : "openid-connect", @@ -760,292 +944,267 @@ "consent.screen.text" : "${profileScopeConsentText}" }, "protocolMappers" : [ { - "id" : "1d4d3df5-7af5-488e-8477-0ad7cb74d50a", - "name" : "nickname", + "id" : "8070e658-3ed6-444c-b117-372b0d3e76bc", + "name" : "birthdate", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", - "user.attribute" : "nickname", + "user.attribute" : "birthdate", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "nickname", + "claim.name" : "birthdate", "jsonType.label" : "String" } }, { - "id" : "1a5e26d6-211e-4f8a-b696-0ea9577db25a", - "name" : "zoneinfo", + "id" : "861faee7-38c1-4040-9bae-a1f9d24c4f60", + "name" : "middle name", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", - "user.attribute" : "zoneinfo", + "user.attribute" : "middleName", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "zoneinfo", + "claim.name" : "middle_name", "jsonType.label" : "String" } }, { - "id" : "18971685-6dd7-420f-9c09-879c4f2d54d8", - "name" : "updated at", + "id" : "7b1b5c7e-45ff-4052-b937-73b5a3689498", + "name" : "picture", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", - "user.attribute" : "updatedAt", + "user.attribute" : "picture", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "updated_at", + "claim.name" : "picture", "jsonType.label" : "String" } }, { - "id" : "b970d96b-0156-4db0-9beb-9c84c173e619", - "name" : "birthdate", + "id" : "ef20556e-624d-4c08-9aac-3e8ef9cb5c57", + "name" : "gender", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", - "user.attribute" : "birthdate", + "user.attribute" : "gender", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "birthdate", + "claim.name" : "gender", "jsonType.label" : "String" } }, { - "id" : "50287033-df21-45c6-aa46-c3060e6f9855", - "name" : "given name", + "id" : "03a03973-8d8d-495a-99af-f483e31eafcb", + "name" : "website", "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", + "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", - "user.attribute" : "firstName", + "user.attribute" : "website", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "given_name", + "claim.name" : "website", "jsonType.label" : "String" } }, { - "id" : "3dc6b97e-7063-4077-98d1-0cacf9029c7b", - "name" : "full name", + "id" : "a64f2a47-50b6-4c55-9d0f-b5971ae63992", + "name" : "given name", "protocol" : "openid-connect", - "protocolMapper" : "oidc-full-name-mapper", + "protocolMapper" : "oidc-usermodel-property-mapper", "consentRequired" : false, "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "firstName", "id.token.claim" : "true", "access.token.claim" : "true", - "userinfo.token.claim" : "true" + "claim.name" : "given_name", + "jsonType.label" : "String" } }, { - "id" : "3fb9391b-376c-42ef-b012-4df461c617cc", - "name" : "middle name", + "id" : "75f1df3a-0843-4786-ab2b-49c3b719eb92", + "name" : "locale", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", - "user.attribute" : "middleName", + "user.attribute" : "locale", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "middle_name", + "claim.name" : "locale", "jsonType.label" : "String" } }, { - "id" : "83f7fc4a-5386-4f86-a103-6585e138b61d", - "name" : "username", + "id" : "1b582634-b01b-4900-a7d4-9ee95fb4012c", + "name" : "updated at", "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", + "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", - "user.attribute" : "username", + "user.attribute" : "updatedAt", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "preferred_username", - "jsonType.label" : "String" + "claim.name" : "updated_at", + "jsonType.label" : "long" } }, { - "id" : "8ef177b3-f485-44b1-afee-1901393b00c7", - "name" : "family name", + "id" : "0c4f4ea2-2d31-4ab1-bf97-e46344ff4336", + "name" : "nickname", "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", + "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", - "user.attribute" : "lastName", + "user.attribute" : "nickname", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "family_name", + "claim.name" : "nickname", "jsonType.label" : "String" } }, { - "id" : "e994cbc7-2a1a-4465-b7b7-12b35b4fe49e", - "name" : "gender", + "id" : "55b83e07-ed5b-4441-980e-01b9234db5fe", + "name" : "profile", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", - "user.attribute" : "gender", + "user.attribute" : "profile", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "gender", + "claim.name" : "profile", "jsonType.label" : "String" } }, { - "id" : "abaa4c9e-1fa2-4b45-a1bb-b3d650de9aca", - "name" : "picture", + "id" : "e8e2523e-5044-47d4-863f-50b46e32307b", + "name" : "family name", "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", + "protocolMapper" : "oidc-usermodel-property-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", - "user.attribute" : "picture", + "user.attribute" : "lastName", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "picture", + "claim.name" : "family_name", "jsonType.label" : "String" } }, { - "id" : "bf21b514-81fd-4bbe-9236-bab5fcf54561", - "name" : "locale", + "id" : "233f533d-40a4-4df2-b5a7-4536c8fdc3b8", + "name" : "zoneinfo", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", - "user.attribute" : "locale", + "user.attribute" : "zoneinfo", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "locale", + "claim.name" : "zoneinfo", "jsonType.label" : "String" } }, { - "id" : "254f8de4-08e7-4d3d-a87f-4b238f0f922b", - "name" : "profile", + "id" : "ec6d80f6-3093-4b8f-b4a4-97b0ce8567b6", + "name" : "username", "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", + "protocolMapper" : "oidc-usermodel-property-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", - "user.attribute" : "profile", + "user.attribute" : "username", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "profile", + "claim.name" : "preferred_username", "jsonType.label" : "String" } }, { - "id" : "7934bf2a-cfc3-4b2d-a5cb-287f3ed2a977", - "name" : "website", + "id" : "aae53b7f-83fb-4aff-85f4-93fc5f69b213", + "name" : "full name", "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", + "protocolMapper" : "oidc-full-name-mapper", "consentRequired" : false, "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "website", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "website", - "jsonType.label" : "String" + "userinfo.token.claim" : "true" } } ] }, { - "id" : "f3dc793d-6011-4861-b538-399dde5434c0", - "name" : "role_list", - "description" : "SAML role list", - "protocol" : "saml", + "id" : "08d32803-c052-4b0a-98c4-538e627857b3", + "name" : "offline_access", + "description" : "OpenID Connect built-in scope: offline_access", + "protocol" : "openid-connect", "attributes" : { - "consent.screen.text" : "${samlRoleListScopeConsentText}", + "consent.screen.text" : "${offlineAccessScopeConsentText}", "display.on.consent.screen" : "true" - }, - "protocolMappers" : [ { - "id" : "22eeabf8-a3c3-4026-a351-367f8ace7927", - "name" : "role list", - "protocol" : "saml", - "protocolMapper" : "saml-role-list-mapper", - "consentRequired" : false, - "config" : { - "single" : "false", - "attribute.nameformat" : "Basic", - "attribute.name" : "Role" - } - } ] + } }, { - "id" : "f72c1acd-c367-41b1-8646-b6bd5fff3e3f", - "name" : "roles", - "description" : "OpenID Connect scope for add user roles to the access token", + "id" : "8cd9bda9-eff5-42e7-8e62-b9d2e0f37416", + "name" : "address", + "description" : "OpenID Connect built-in scope: address", "protocol" : "openid-connect", "attributes" : { - "include.in.token.scope" : "false", + "include.in.token.scope" : "true", "display.on.consent.screen" : "true", - "consent.screen.text" : "${rolesScopeConsentText}" + "consent.screen.text" : "${addressScopeConsentText}" }, "protocolMappers" : [ { - "id" : "cd8e589e-5fa7-4dae-bf6e-e8f6a3fd3cff", - "name" : "realm roles", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-realm-role-mapper", - "consentRequired" : false, - "config" : { - "user.attribute" : "foo", - "access.token.claim" : "true", - "claim.name" : "realm_access.roles", - "jsonType.label" : "String", - "multivalued" : "true" - } - }, { - "id" : "708b19d1-0709-4278-b5a1-bcbeec11f51a", - "name" : "audience resolve", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-audience-resolve-mapper", - "consentRequired" : false, - "config" : { } - }, { - "id" : "25e97210-30c7-4f35-be11-407f1fa674cb", - "name" : "client roles", + "id" : "3bf71763-9a1f-413c-b52d-bf99f611a211", + "name" : "address", "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-client-role-mapper", + "protocolMapper" : "oidc-address-mapper", "consentRequired" : false, "config" : { - "user.attribute" : "foo", + "user.attribute.formatted" : "formatted", + "user.attribute.country" : "country", + "user.attribute.postal_code" : "postal_code", + "userinfo.token.claim" : "true", + "user.attribute.street" : "street", + "id.token.claim" : "true", + "user.attribute.region" : "region", "access.token.claim" : "true", - "claim.name" : "resource_access.${client_id}.roles", - "jsonType.label" : "String", - "multivalued" : "true" + "user.attribute.locality" : "locality" } } ] }, { - "id" : "52618957-a4e8-4c6f-a902-217f2c41a2fd", - "name" : "web-origins", - "description" : "OpenID Connect scope for add allowed web origins to the access token", - "protocol" : "openid-connect", + "id" : "1a4f1401-2b80-47c9-922a-80f0d1537507", + "name" : "role_list", + "description" : "SAML role list", + "protocol" : "saml", "attributes" : { - "include.in.token.scope" : "false", - "display.on.consent.screen" : "false", - "consent.screen.text" : "" + "consent.screen.text" : "${samlRoleListScopeConsentText}", + "display.on.consent.screen" : "true" }, "protocolMappers" : [ { - "id" : "a66ddadf-312f-491f-993c-fa58685815c6", - "name" : "allowed web origins", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-allowed-origins-mapper", + "id" : "e80cfa11-e49b-46e5-a61d-633cc0e27e07", + "name" : "role list", + "protocol" : "saml", + "protocolMapper" : "saml-role-list-mapper", "consentRequired" : false, - "config" : { } + "config" : { + "single" : "false", + "attribute.nameformat" : "Basic", + "attribute.name" : "Role" + } } ] } ], - "defaultDefaultClientScopes" : [ "role_list", "profile", "email", "roles", "web-origins" ], + "defaultDefaultClientScopes" : [ "role_list", "profile", "email", "roles", "web-origins", "acr" ], "defaultOptionalClientScopes" : [ "offline_access", "address", "phone", "microprofile-jwt" ], "browserSecurityHeaders" : { "contentSecurityPolicyReportOnly" : "", "xContentTypeOptions" : "nosniff", "xRobotsTag" : "none", "xFrameOptions" : "SAMEORIGIN", - "xXSSProtection" : "1; mode=block", "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "xXSSProtection" : "1; mode=block", "strictTransportSecurity" : "max-age=31536000; includeSubDomains" }, "smtpServer" : { }, @@ -1054,106 +1213,121 @@ "enabledEventTypes" : [ ], "adminEventsEnabled" : false, "adminEventsDetailsEnabled" : false, + "identityProviders" : [ ], + "identityProviderMappers" : [ ], "components" : { "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ { - "id" : "a7679218-373d-48ca-88f8-429985faeae3", - "name" : "Allowed Protocol Mapper Types", - "providerId" : "allowed-protocol-mappers", + "id" : "486bf667-5362-4333-82e8-6057d5b3c37a", + "name" : "Trusted Hosts", + "providerId" : "trusted-hosts", "subType" : "anonymous", "subComponents" : { }, "config" : { - "allowed-protocol-mapper-types" : [ "oidc-full-name-mapper", "saml-user-attribute-mapper", "saml-user-property-mapper", "oidc-address-mapper", "saml-role-list-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper" ] - } - }, { - "id" : "2ebf6f9f-4bfc-44b9-ad7c-282f2274d35b", - "name" : "Allowed Client Scopes", - "providerId" : "allowed-client-templates", - "subType" : "authenticated", - "subComponents" : { }, - "config" : { - "allow-default-scopes" : [ "true" ] + "host-sending-registration-request-must-match" : [ "true" ], + "client-uris-must-match" : [ "true" ] } }, { - "id" : "552093c3-0a0a-4234-ad7c-ae660f0f0db1", - "name" : "Allowed Client Scopes", - "providerId" : "allowed-client-templates", + "id" : "c4b992b7-5969-4dab-845b-87b7f876f571", + "name" : "Max Clients Limit", + "providerId" : "max-clients", "subType" : "anonymous", "subComponents" : { }, "config" : { - "allow-default-scopes" : [ "true" ] + "max-clients" : [ "200" ] } }, { - "id" : "8f27cf74-cee7-4a73-851f-982ee45157ca", - "name" : "Trusted Hosts", - "providerId" : "trusted-hosts", - "subType" : "anonymous", + "id" : "6844e33b-6421-4633-a808-d06856bda363", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "authenticated", "subComponents" : { }, "config" : { - "host-sending-registration-request-must-match" : [ "true" ], - "client-uris-must-match" : [ "true" ] + "allowed-protocol-mapper-types" : [ "oidc-full-name-mapper", "saml-user-property-mapper", "oidc-address-mapper", "saml-user-attribute-mapper", "oidc-usermodel-property-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-attribute-mapper", "saml-role-list-mapper" ] } }, { - "id" : "ff570525-6c96-4500-9d73-c02e708b39de", + "id" : "8b7dd0da-a538-49db-b120-5386fc3846cf", "name" : "Full Scope Disabled", "providerId" : "scope", "subType" : "anonymous", "subComponents" : { }, "config" : { } }, { - "id" : "b52284eb-123a-4718-aac9-857530a24a9b", - "name" : "Max Clients Limit", - "providerId" : "max-clients", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "max-clients" : [ "200" ] - } - }, { - "id" : "2b8c0a6d-d5c0-4ea2-8a9c-4843d3e04ec6", + "id" : "d5a9a762-12a0-445f-b460-511d04e11445", "name" : "Consent Required", "providerId" : "consent-required", "subType" : "anonymous", "subComponents" : { }, "config" : { } }, { - "id" : "bf59de5a-2c93-43cc-a9aa-03be0129fe53", + "id" : "cb11bd78-941b-4596-99e5-5ce4a41d6dc1", "name" : "Allowed Protocol Mapper Types", "providerId" : "allowed-protocol-mappers", - "subType" : "authenticated", + "subType" : "anonymous", "subComponents" : { }, "config" : { - "allowed-protocol-mapper-types" : [ "saml-user-attribute-mapper", "oidc-full-name-mapper", "saml-role-list-mapper", "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-address-mapper", "oidc-usermodel-property-mapper", "oidc-sha256-pairwise-sub-mapper" ] + "allowed-protocol-mapper-types" : [ "oidc-full-name-mapper", "saml-role-list-mapper", "saml-user-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-property-mapper", "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-address-mapper" ] } - } ], - "org.keycloak.keys.KeyProvider" : [ { - "id" : "b3efd9cc-28b6-4404-82af-8a48a966b8ff", - "name" : "rsa-generated", - "providerId" : "rsa-generated", + }, { + "id" : "174400f3-6a13-4818-99a2-cf0f1a5ece0f", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "anonymous", "subComponents" : { }, "config" : { - "privateKey" : [ "MIIEowIBAAKCAQEAn5T13suF8mlS+pJXp0U1bto41nW55wpcs+Rps8ZVCRyJKWqzwSCYnI7lm0rB2wBpAAO4OPoj1zlmVoFmBPsDU9Xf7rjsJb5LIzIQDCZY44aSDZt6RR+gakPiQvlzHyW/RozYpngDJF7TsTD7rdRF1xQ4RprfBF8fwK/xsU7pxbeom5xDHZhz3fiw8s+7UdbmnazDHfAjU58aUrLGgVRfUsuoHjtsptYlOIXEifaeMetXZE+HhqLYRHQPDap5fbBJl773Trosn7N9nmzN4x1xxGj9So21WC5UboQs9sAIVgizc4omjZ5Y4RN9HLH7G4YwJctNntzmnJhDui9zAO+zSQIDAQABAoIBADi+F7rTtVoft0Cfnok8o6Y58/HVxHdxiMryUd95iy0FN4RBi48FTx6D9QKFz25Ws/8sU2n3D51srIXf1u24b1N0/f39RQKaqk7mcyxOylaEuBQcj5pah4ihgKd92UBfBKdKV5LBo6RgD3e2yhbiHr8+UlBQqzH7vOef6Bm6zIbfmi3N88swAJhP0YizRZFklsbmLsK6nkwyro00CHJvPVKSBbM+ad+/zIBsLw56MvNngB5TuFguUgoljd6M1T2z4utmZGlTUqrfE1onAVLJZoGnRohyIr7dJEg6YxWR70PxsgmkDKyeRvet9P1trO0n+OSprusfrC3cHJStabap1V0CgYEA1A/CtsqTnjdYYsB19eumZgdpzUgNc/YEAzZ/OWb8yTLoB2ncci+63A1rXHUXAqJFY7vtjn5mxv7SuASNbUrzq+6KfZvC1x9XEtnczqT/ypunNfxmIZuj8Nuu6vtURguZ8kPPwdkI8toTizRFeRE5ZDBvoQryiEVYugfHaHT5vzsCgYEAwKWODwquI0Lv9BuwdNVrBXQpkKh3ZfYOA7i9xvhxlM7xUu8OMCwwCPn3r7vrW5APjTqX4h330mJ44SLEs+7gbCUs4BbJBLA6g0ChlHa9PTkxp6tk2nDF/B34fxiZSRkE85L+d+at0Dc3hnlzLCJCzJawGpoPniPU9e4w0p4dN0sCgYAsGnMGjS8SUrRhJWHjGXVr9tK8TOXvXhULjgP7rj2Yoqu7Dvs4DFEyft/7RKbad2EzEtyfLA64CDtO5jN7rYDsGxpWcVSeZPg5BXJ0z8AbJTArfCjJiJMZ/rZsTIUEZFlKF2xYBolj6JLz+pUQTtK+0YwF1D8ItFN1rTR9twZSDQKBgQC6sPXNX+VH6LuPTjIf1x8CxwLs3EXxOpV0R9kp9GRl+HJnk6GlT30xhcThufQo5KAdllXQXIhoiuNoEoCbevhj9Vbax1oBQCNERSMRNEzKAx46xd9TzYwgeo7x5E3QR/3DaoVOfu+cY5ZcrF/PulgP2kxJS1mtQD5GIpGP2oinpwKBgGqiqTFPqRcelx76vBvTU+Jp1zM62T4AotbMrSQR/oUvqHe5Ytj/SbZx+wbbHAiyGgV700Mosyviik83YEAbR3kdOPjgYvAJJW2Y3jEMdQ7MwriXz8XLh5BGmYfVjkSOJXed9ua9WlYLKOJeXXv191BbDvrx5NXuJyVVU4vJx3YZ" ], - "certificate" : [ "MIICnTCCAYUCBgFp4EYIrjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdwcm90ZWFuMB4XDTE5MDQwMjIyNTYxOVoXDTI5MDQwMjIyNTc1OVowEjEQMA4GA1UEAwwHcHJvdGVhbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ+U9d7LhfJpUvqSV6dFNW7aONZ1uecKXLPkabPGVQkciSlqs8EgmJyO5ZtKwdsAaQADuDj6I9c5ZlaBZgT7A1PV3+647CW+SyMyEAwmWOOGkg2bekUfoGpD4kL5cx8lv0aM2KZ4AyRe07Ew+63URdcUOEaa3wRfH8Cv8bFO6cW3qJucQx2Yc934sPLPu1HW5p2swx3wI1OfGlKyxoFUX1LLqB47bKbWJTiFxIn2njHrV2RPh4ai2ER0Dw2qeX2wSZe+9066LJ+zfZ5szeMdccRo/UqNtVguVG6ELPbACFYIs3OKJo2eWOETfRyx+xuGMCXLTZ7c5pyYQ7ovcwDvs0kCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAVtmRKDb4OK5iSA46tagMBkp6L7WuPpCWuHGWwobEP+BecYsShW7zP3s12oA8SNSwbhvu0CRqgzxhuypgf3hKQFVU153Erv4hzkj+8S0s5LR/ZE7tDNY2lzJ3yQKXy3Md7EkuzzvOZ50MTrcSKAanWq/ZW1OTnrtGymj5zGJnTg7mMnJzEIGePxkvPu/QdchiPBLqxfZYm1jsFGY25djOC3N/KmVcRVmPRGuu6D8tBFHlKoPfZYPdbMvsvs24aupHKRcZ+ofTCpK+2Qo8c0pSSqeEYHGmuGqC6lC6ozxtxSABPO9Q1R1tZBU7Kg5HvXUwwmoVS3EGub46YbHqbmWMLg==" ], - "priority" : [ "100" ] + "allow-default-scopes" : [ "true" ] } }, { - "id" : "20460ca5-ec24-4a9b-839a-457743d3f841", + "id" : "d4455215-c88c-47a5-8527-9c21fef02a98", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allow-default-scopes" : [ "true" ] + } + } ], + "org.keycloak.keys.KeyProvider" : [ { + "id" : "620e8030-7114-450c-b188-f2307fa9eaac", "name" : "hmac-generated", "providerId" : "hmac-generated", "subComponents" : { }, "config" : { - "kid" : [ "96afd00e-85cf-4d35-b18e-061d3813d8b2" ], - "secret" : [ "qBFGKdUGf6xDgKphnRfoFzIzaFHJW4bYnZ9MinPFzN38X5_ctq-2u1q5RdZzeJukXvk2biHB8_s3DxWmmLZFsA" ], + "kid" : [ "6b97cca4-f3d2-41f6-a225-ba846090df11" ], + "secret" : [ "7cJw81x86C-kGsDRw3mJzd_M6pPO3fecUlXlL1TYRUlUR7lK6hngmkxK05LiG6swheQIZYs6UkTM1nLORncEJA" ], "priority" : [ "100" ], "algorithm" : [ "HS256" ] } }, { - "id" : "4f02d984-7a23-4ce1-8591-848a71390efe", + "id" : "e4432af5-5db8-4e30-8a0d-150a5ed675b5", + "name" : "rsa-enc-generated", + "providerId" : "rsa-enc-generated", + "subComponents" : { }, + "config" : { + "privateKey" : [ "MIIEowIBAAKCAQEAwVW0ULkeQ4JidUfS6+AWndVr9YqFd5zIO8iM0UXfyOesPfvwccmdJdSVTtEJTe99TujfUARRRdl3uIXr+q0E+mQyVWf0v+nzFfcQpVYq29XtfwXQK0JzvGUbWki+JnCcvXvSRnc/fjLy20psaupBT6YxYyIcvHi1JCaA7dk5iyi6FPLFkJrF0i605z+PfeWfdm07uZl4ZZ9D/+dKM4V7dnYwg8kB3x32rcIevujGs621a5ZYyl8QzJM9LMyehe3t3whNX/86vJxpg63YZyk7uhZRBvSXHZWru6Je+PEN+9rq5GYPZjg1GhCf9ty5YQ1rihAKInE1hmGIkPSUqAfXbQIDAQABAoIBABWmzvxRVwHResxOoGD5Jh9D9QS5ICxemxAS7C5NqHu78k64xdtAbIB9l8ENaQDY5swtCUFRUnbDnYRFP0HCGbIfAYIOE9tgTHBzzGHvzfnzsdbNZFxL42FAY3lPdzgf2XXhBZINrcco1ojXg1/P30OXxaUn/1beH88uHrdEYgzi719VRuoB73gyIF9P7jrl1n8UTE6wlPAOi5ZD2ERRM2bs2AW2v+dNB38CmhkWqpvjWkEEQl7JSaFDxm9mkdUopL2CPKTOM6YW3k/IVU9nMuRy1/xKDZyPO1AvNqzfMqTqDRVphAJRL+EIY6NAa6uv32g0AT1zCc3FrOuoDRvhOwMCgYEA6GkNOtu8+qqnTUdgBWUnmbcpTgw0g7tBjEzZcI4KpZfXt8IdnNBnuOtI7/Gv3fhSP9yyp60Kzl/M+JwzxbDYNuQZh9ETMFOUrdtdcyIftanttf/HhXv8yA15My3gZXSo4Zk5R15KfEAUPQyYbIY3QZkl/f3koenl2kc6/5Ncps8CgYEA1PVQNoOoAoEG7D1PU91W9NnMby+xCp4SUejS2ZajveKoEMKwYOM4Gw2Mczql+KKYDs6UU7ACrbsMSC+qgWX1b+PTXkuXkEBOt4BjnHDzVHEHZwAPKbY3dQttqZEQgDQEkhNvANseY9MNipGH2PsC+yWwvfGmXIIClsjuselIrQMCgYA0PHhWxFDDXlvgCKzSSZwO9pX4DtI20X24FQXCQIqwEWLQ0HZraoQFkgyAsae/kjKaW/ZjrYcCP5IIRsN0KX1PSRFb72gKsp52PRnR6NeLszfUcjrcC7QTGsQk9qi65O+YVSIEonLHXneuCQixS7FbsxpQ7iHXKoUY/G2MSAjJDQKBgHCHJ9mGfBLGpyfRxcck4DwFklb2NnDL0hZiFnhPdzpxOCmTFqw7pHv3Ds4coXLeR8cbNZl7Gg8/FWBXf5tcivKSyi+7dd0NfgrM1tXlgU6PYz/z8g8yb99zKIE/XB7CXd/qUO982XQaI7+i4suu54ZaBih4NlYPhNq0VhzAjlyNAoGBAKb3SZqb3wHSE+cR8fDP8hs3v7HPhPbPIpdFyzV3RKvW+3cLtSABImwcxPbk/P0CoFWkIq9kxYOVLSJNFA5ptWuG49kTpJFaYiPDu3UHOKGl2tmPLjOLp6aBVvnQb+1rfLYtNxyK8tneBaG0lSoamqoGgXuhiEeoCjgVxkSUA9dd" ], + "keyUse" : [ "ENC" ], + "certificate" : [ "MIICnTCCAYUCBgGCxUsqLDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdxdWFya3VzMB4XDTIyMDgyMjExMjE1M1oXDTMyMDgyMjExMjMzM1owEjEQMA4GA1UEAwwHcXVhcmt1czCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFVtFC5HkOCYnVH0uvgFp3Va/WKhXecyDvIjNFF38jnrD378HHJnSXUlU7RCU3vfU7o31AEUUXZd7iF6/qtBPpkMlVn9L/p8xX3EKVWKtvV7X8F0CtCc7xlG1pIviZwnL170kZ3P34y8ttKbGrqQU+mMWMiHLx4tSQmgO3ZOYsouhTyxZCaxdIutOc/j33ln3ZtO7mZeGWfQ//nSjOFe3Z2MIPJAd8d9q3CHr7oxrOttWuWWMpfEMyTPSzMnoXt7d8ITV//OrycaYOt2GcpO7oWUQb0lx2Vq7uiXvjxDfva6uRmD2Y4NRoQn/bcuWENa4oQCiJxNYZhiJD0lKgH120CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAUPXLzC6jIMVNboJeMo5THOLKqAIihwyfyESQWduZeiuSbX7fFxGRBM6oLNOnAbd08yuQnBlyNcfvTTN5vTc9LADy0bn9ukS4ZPwTNOSXWa6FcopzoKALwlVAY3JzGxoFOHK9bImlUNAbpel1xkJt0z+/yGdUWvYsRYRhLuMidb34Spi8Kt5gbbY+EQcgkHK99GNamSOqrUR1pEKOWCpncFUqXhSSSOzZlv+pbXUwEbQwUYVhS1n8kRfzkXMjuN+Ke++YFOfB314MT0pSgCtSDEboOrXIAm4HmPMyek7YZdrQqGAIWEYUafx132D954JNytzQEElKeyvbmdQJWapoWA==" ], + "priority" : [ "100" ], + "algorithm" : [ "RSA-OAEP" ] + } + }, { + "id" : "fdb97a8d-439a-4ead-adf9-a80696fbceab", "name" : "aes-generated", "providerId" : "aes-generated", "subComponents" : { }, "config" : { - "kid" : [ "b04473d3-8395-4016-b455-19a9e951106b" ], - "secret" : [ "x68mMOVdz3qKWzltzReV0g" ], + "kid" : [ "15eca0bc-c3dd-48b9-a184-374691b3f1b2" ], + "secret" : [ "qQMFjvi_x6lbFNJBiyJV6Q" ], + "priority" : [ "100" ] + } + }, { + "id" : "b6090ad3-b34f-4bc9-b331-ca0e734bfc09", + "name" : "rsa-generated", + "providerId" : "rsa-generated", + "subComponents" : { }, + "config" : { + "privateKey" : [ "MIIEpQIBAAKCAQEApBKpDmj7d6UubF1b1NUnrRYKKDaJQDitv/7cGP2Erq7apdDdT2qdtRAhyAgBlNHT8mOL3fR0NM5/s+TNE7jtD07pSffcWpsyemILvoxfNxlqHVRjzbkW6qsrwjoVcAjVuKTdfZu3Egpcn53piiRbbOjcACuTQ4MN6B51s7indLWEjDMXMXcA4QsGoOr8Gcsj1azucz+JXrettgKlwmmjf4ciiSm+zvYtcXzj1TlM9tKji9G1vxRgc8vFVj7wgqtr0XU3sEQtHJsKuxQpmzOW7kfwD9+tOQdQs+zG3YAftsdM5xdCG2d98dxTMFekH+zyCTphjqw9nBJyZxgpNPQQNQIDAQABAoIBAALaE5x4y9GbJbMj7W2PDu7rjAI4pQYXUYuLXRiX0crfggu2FWdE1tzsQW6iqY/NgnS/1aNmTBSCU4HsH1WRSHRv8vxrlaXMYxSDyFbDRdxp49FwaBOyfMRYBwr5gleZCyTTVoCIJBR7VsTQoiUjIKTWjQxnIzYnM5SuJ24qShNsXk3FsqD3xGMAy5yEaezk/PwqnCI2x6n1rY+6nUGcjMgrBiAd1PloiNVUGPkfOS4A765/1SStivlD0sLZf4Hx385JUwNpXlo3B+NxYYig2nvjg99wCJL8rv/bzNMxtSPSakRRmchAjI5Ibl8Bu+Q7P6GSbaVIyQtd01skzlNW7sECgYEA1GzWQCCrUKb6cld3UrzMGafjfyZBgaavR+Mv26RW/5f/G9cCkpqreTUurS4XhPmmQ+VLge6eVqzRv4Ym0P+gOpmhtjyVRswckrHfXlyAsxDDEVWCqd+55TVaP58xXfwDmvM2cNX3VV8GBWz3CpxRjg39POqS9V5XYENckZcv+20CgYEAxbqu33St+fU5aAJNjPIj7DDU3FWl1boK8f71oERSDeFIVFMiPYTKnh1Gso7yAaEi4JR2W+Tq+e3Fr9CMtcHJPeUxR3+rKhV/FnXygPQQxSKblttjPRmU4x8r1VrCxV3j6G3niWP9v+tJmp5vCZDmGJvPtvkUElX/rQzGHQJa4ukCgYEAp6ZaFXRzII0YPeOwBbmBb4IkNvZvXq65yYeQ/s0d6E0ChutTWXb+fAOwGfe1kjohsZYm2J4FkyyDwZ9TxUDqKTWU/imkOqLerhv5yRRCcpB5E5YkMIOkyDQqTOoL4TwDcGghAD6uHE+JhgCwnEwwxWdfBJOxdjuFxDCFv1XOBaUCgYEAk9YIebpbedAHo+RU51UD1syL2lGPNEVteZIPREzQrOALnECsESL/+0gYW9jUyLMZyKA3/m0h4swMSm+7RQom1MhQGA00hLqd0sVNE21oPHyrqBdQE5bU4xujQloh1j9k75t8yhSg3KWm2pwqmRRldXDJ1RxWDX+PMmuilH32RkECgYEAuf1N0W7MKWNbnM/0elcdm+IIYI0kg4qRUKNyLg2vrmOTxwGTFzh1qeJK5x8vUMonnLW5vP7wIX7cTrgh79fz+W7gxXoNeuljnoZiFdk1Qu4qLFFk+c7MOGTDZZiKXTdYSgGutWptcGtgYli+x7TetFXVOxS3ppszgGdZ61onCSI=" ], + "keyUse" : [ "SIG" ], + "certificate" : [ "MIICnTCCAYUCBgGCxUspezANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdxdWFya3VzMB4XDTIyMDgyMjExMjE1M1oXDTMyMDgyMjExMjMzM1owEjEQMA4GA1UEAwwHcXVhcmt1czCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKQSqQ5o+3elLmxdW9TVJ60WCig2iUA4rb/+3Bj9hK6u2qXQ3U9qnbUQIcgIAZTR0/Jji930dDTOf7PkzRO47Q9O6Un33FqbMnpiC76MXzcZah1UY825FuqrK8I6FXAI1bik3X2btxIKXJ+d6YokW2zo3AArk0ODDegedbO4p3S1hIwzFzF3AOELBqDq/BnLI9Ws7nM/iV63rbYCpcJpo3+HIokpvs72LXF849U5TPbSo4vRtb8UYHPLxVY+8IKra9F1N7BELRybCrsUKZszlu5H8A/frTkHULPsxt2AH7bHTOcXQhtnffHcUzBXpB/s8gk6YY6sPZwScmcYKTT0EDUCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAiscT2FdZOg4rWVvL2IuDsDI6hzLJaoImDKfzSD00eY9SbqxjjUpVJlXkj+KUkJtgk+wh01gSY5s0ePW/S54T5kSAL8GNbfnRr/d6X7TmfQPgZ/+BvVwjdl5PKMtN4ISoLZqdMqjCXEXsYgrd3t+2TUfXD66DoUMRUqaQ8mqsfa1kpZOgXaJKZveiOPer4Y/SsJmp2p7CKoaSCRFMEjv2N98PiYx3TQxWtNx8BOs/3NKmIQiW5IM7PfSTV3Zxutd+LQkii0xLh5heOHHi7WP166n5Mq31OBRcm/u6k9GdPAMxPXh0JGqzKrRZPiXw3Mip9v4VXyQvo9xjrtIThQn5uQ==" ], "priority" : [ "100" ] } } ] @@ -1161,7 +1335,124 @@ "internationalizationEnabled" : false, "supportedLocales" : [ ], "authenticationFlows" : [ { - "id" : "d6c3e282-a738-4b8b-98c2-378b9faf8344", + "id" : "aa90914c-d3f2-41b7-a3db-31bf9d56f159", + "alias" : "Account verification options", + "description" : "Method with which to verity the existing account", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-email-verification", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Verify Existing Account by Re-authentication", + "userSetupAllowed" : false + } ] + }, { + "id" : "8f9aca4e-1af0-4d3a-acc0-3dea78658f3f", + "alias" : "Authentication Options", + "description" : "Authentication options.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "basic-auth", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "basic-auth-otp", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-spnego", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 30, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "2f6b23b9-2c59-4b65-ab00-2789b296f300", + "alias" : "Browser - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-otp-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "e53b15a7-5bf9-4064-8db6-8a82e8320f47", + "alias" : "Direct Grant - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "direct-grant-validate-otp", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "898b7008-e384-4df8-bca4-add09c5551d3", + "alias" : "First broker login - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-otp-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "31fb288c-b29e-4370-93cf-ae6eca103063", "alias" : "Handle Existing Account", "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", "providerId" : "basic-flow", @@ -1169,25 +1460,66 @@ "builtIn" : true, "authenticationExecutions" : [ { "authenticator" : "idp-confirm-link", + "authenticatorFlow" : false, "requirement" : "REQUIRED", "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : false, + "userSetupAllowed" : false }, { - "authenticator" : "idp-email-verification", - "requirement" : "ALTERNATIVE", + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Account verification options", + "userSetupAllowed" : false + } ] + }, { + "id" : "0fc26a54-e662-4bfc-8bad-b16e4f9702a3", + "alias" : "Reset - Conditional OTP", + "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-otp", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "fed7521d-4732-4959-84f8-cff994343b90", + "alias" : "User creation or linking", + "description" : "Flow for the existing/non-existing user alternatives", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "create unique user config", + "authenticator" : "idp-create-user-if-unique", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false }, { + "authenticatorFlow" : true, "requirement" : "ALTERNATIVE", - "priority" : 30, - "flowAlias" : "Verify Existing Account by Re-authentication", - "userSetupAllowed" : false, - "autheticatorFlow" : true + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Handle Existing Account", + "userSetupAllowed" : false } ] }, { - "id" : "4855860b-4009-4f1b-ba6b-60581618ea62", + "id" : "e7013c43-177c-48ce-bcc8-b1d3e6f57280", "alias" : "Verify Existing Account by Re-authentication", "description" : "Reauthentication of existing account", "providerId" : "basic-flow", @@ -1195,19 +1527,21 @@ "builtIn" : true, "authenticationExecutions" : [ { "authenticator" : "idp-username-password-form", + "authenticatorFlow" : false, "requirement" : "REQUIRED", "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : false, + "userSetupAllowed" : false }, { - "authenticator" : "auth-otp-form", - "requirement" : "OPTIONAL", + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : true, + "flowAlias" : "First broker login - Conditional OTP", + "userSetupAllowed" : false } ] }, { - "id" : "8a9872b0-65f1-47ff-9565-fa826ac64cd4", + "id" : "497b288a-1cf1-4974-bbed-747b0ee5c1f8", "alias" : "browser", "description" : "browser based authentication", "providerId" : "basic-flow", @@ -1215,31 +1549,35 @@ "builtIn" : true, "authenticationExecutions" : [ { "authenticator" : "auth-cookie", + "authenticatorFlow" : false, "requirement" : "ALTERNATIVE", "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : false, + "userSetupAllowed" : false }, { "authenticator" : "auth-spnego", + "authenticatorFlow" : false, "requirement" : "DISABLED", "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : false, + "userSetupAllowed" : false }, { "authenticator" : "identity-provider-redirector", + "authenticatorFlow" : false, "requirement" : "ALTERNATIVE", "priority" : 25, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : false, + "userSetupAllowed" : false }, { + "authenticatorFlow" : true, "requirement" : "ALTERNATIVE", "priority" : 30, + "autheticatorFlow" : true, "flowAlias" : "forms", - "userSetupAllowed" : false, - "autheticatorFlow" : true + "userSetupAllowed" : false } ] }, { - "id" : "51b8ed14-62b6-49b3-b602-0b51508349e0", + "id" : "27505ab1-6d4c-43a0-aede-d21ea45cb785", "alias" : "clients", "description" : "Base authentication for clients", "providerId" : "client-flow", @@ -1247,31 +1585,35 @@ "builtIn" : true, "authenticationExecutions" : [ { "authenticator" : "client-secret", + "authenticatorFlow" : false, "requirement" : "ALTERNATIVE", "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : false, + "userSetupAllowed" : false }, { "authenticator" : "client-jwt", + "authenticatorFlow" : false, "requirement" : "ALTERNATIVE", "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : false, + "userSetupAllowed" : false }, { "authenticator" : "client-secret-jwt", + "authenticatorFlow" : false, "requirement" : "ALTERNATIVE", "priority" : 30, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : false, + "userSetupAllowed" : false }, { "authenticator" : "client-x509", + "authenticatorFlow" : false, "requirement" : "ALTERNATIVE", "priority" : 40, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : false, + "userSetupAllowed" : false } ] }, { - "id" : "9b65133a-ee71-494a-a659-6804513fc30b", + "id" : "6bfb83ac-b5de-47f9-bc4f-9f27b44d05fb", "alias" : "direct grant", "description" : "OpenID Connect Resource Owner Grant", "providerId" : "basic-flow", @@ -1279,25 +1621,28 @@ "builtIn" : true, "authenticationExecutions" : [ { "authenticator" : "direct-grant-validate-username", + "authenticatorFlow" : false, "requirement" : "REQUIRED", "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : false, + "userSetupAllowed" : false }, { "authenticator" : "direct-grant-validate-password", + "authenticatorFlow" : false, "requirement" : "REQUIRED", "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : false, + "userSetupAllowed" : false }, { - "authenticator" : "direct-grant-validate-otp", - "requirement" : "OPTIONAL", + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", "priority" : 30, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : true, + "flowAlias" : "Direct Grant - Conditional OTP", + "userSetupAllowed" : false } ] }, { - "id" : "f62bc4ad-25ac-4f83-963b-32820af3a683", + "id" : "228dbd4d-831b-486e-900b-294b9b82766c", "alias" : "docker auth", "description" : "Used by Docker clients to authenticate against the IDP", "providerId" : "basic-flow", @@ -1305,13 +1650,14 @@ "builtIn" : true, "authenticationExecutions" : [ { "authenticator" : "docker-http-basic-authenticator", + "authenticatorFlow" : false, "requirement" : "REQUIRED", "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : false, + "userSetupAllowed" : false } ] }, { - "id" : "1b423fe7-f312-404c-903b-f1260a77259b", + "id" : "f4eab5c7-a717-4646-9b3d-751e72ebbea6", "alias" : "first broker login", "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", "providerId" : "basic-flow", @@ -1320,26 +1666,21 @@ "authenticationExecutions" : [ { "authenticatorConfig" : "review profile config", "authenticator" : "idp-review-profile", + "authenticatorFlow" : false, "requirement" : "REQUIRED", "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : false, + "userSetupAllowed" : false }, { - "authenticatorConfig" : "create unique user config", - "authenticator" : "idp-create-user-if-unique", - "requirement" : "ALTERNATIVE", + "authenticatorFlow" : true, + "requirement" : "REQUIRED", "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "requirement" : "ALTERNATIVE", - "priority" : 30, - "flowAlias" : "Handle Existing Account", - "userSetupAllowed" : false, - "autheticatorFlow" : true + "autheticatorFlow" : true, + "flowAlias" : "User creation or linking", + "userSetupAllowed" : false } ] }, { - "id" : "9c9530b3-e3c6-481b-99e8-1461a9752e8e", + "id" : "e63a23e9-60f0-4d94-8481-3a3355d36ac3", "alias" : "forms", "description" : "Username, password, otp and other auth forms.", "providerId" : "basic-flow", @@ -1347,19 +1688,21 @@ "builtIn" : true, "authenticationExecutions" : [ { "authenticator" : "auth-username-password-form", + "authenticatorFlow" : false, "requirement" : "REQUIRED", "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : false, + "userSetupAllowed" : false }, { - "authenticator" : "auth-otp-form", - "requirement" : "OPTIONAL", + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : true, + "flowAlias" : "Browser - Conditional OTP", + "userSetupAllowed" : false } ] }, { - "id" : "70fb94ac-354c-4629-a5fe-5135d0137964", + "id" : "0e1f6a40-583d-4db5-8516-bf1f7b2f1656", "alias" : "http challenge", "description" : "An authentication flow based on challenge-response HTTP Authentication Schemes", "providerId" : "basic-flow", @@ -1367,31 +1710,21 @@ "builtIn" : true, "authenticationExecutions" : [ { "authenticator" : "no-cookie-redirect", + "authenticatorFlow" : false, "requirement" : "REQUIRED", "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : false, + "userSetupAllowed" : false }, { - "authenticator" : "basic-auth", + "authenticatorFlow" : true, "requirement" : "REQUIRED", "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "basic-auth-otp", - "requirement" : "DISABLED", - "priority" : 30, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "auth-spnego", - "requirement" : "DISABLED", - "priority" : 40, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : true, + "flowAlias" : "Authentication Options", + "userSetupAllowed" : false } ] }, { - "id" : "08292a4a-6722-4e33-a5d9-354c2628f567", + "id" : "5380b8c5-e19f-4cca-9c66-383f05385136", "alias" : "registration", "description" : "registration flow", "providerId" : "basic-flow", @@ -1399,14 +1732,15 @@ "builtIn" : true, "authenticationExecutions" : [ { "authenticator" : "registration-page-form", + "authenticatorFlow" : true, "requirement" : "REQUIRED", "priority" : 10, + "autheticatorFlow" : true, "flowAlias" : "registration form", - "userSetupAllowed" : false, - "autheticatorFlow" : true + "userSetupAllowed" : false } ] }, { - "id" : "668dc4b6-fe1a-4d24-ab5b-bc76e20ac390", + "id" : "1a7bcec3-694c-4934-b164-09754f9eb926", "alias" : "registration form", "description" : "registration form", "providerId" : "form-flow", @@ -1414,31 +1748,35 @@ "builtIn" : true, "authenticationExecutions" : [ { "authenticator" : "registration-user-creation", + "authenticatorFlow" : false, "requirement" : "REQUIRED", "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : false, + "userSetupAllowed" : false }, { "authenticator" : "registration-profile-action", + "authenticatorFlow" : false, "requirement" : "REQUIRED", "priority" : 40, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : false, + "userSetupAllowed" : false }, { "authenticator" : "registration-password-action", + "authenticatorFlow" : false, "requirement" : "REQUIRED", "priority" : 50, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : false, + "userSetupAllowed" : false }, { "authenticator" : "registration-recaptcha-action", + "authenticatorFlow" : false, "requirement" : "DISABLED", "priority" : 60, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : false, + "userSetupAllowed" : false } ] }, { - "id" : "a0e191f0-ce9a-4a75-b6e4-97332b05f7e5", + "id" : "57b0d393-33ff-46cc-bba0-ea476ce09b36", "alias" : "reset credentials", "description" : "Reset credentials for a user if they forgot their password or something", "providerId" : "basic-flow", @@ -1446,31 +1784,35 @@ "builtIn" : true, "authenticationExecutions" : [ { "authenticator" : "reset-credentials-choose-user", + "authenticatorFlow" : false, "requirement" : "REQUIRED", "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : false, + "userSetupAllowed" : false }, { "authenticator" : "reset-credential-email", + "authenticatorFlow" : false, "requirement" : "REQUIRED", "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : false, + "userSetupAllowed" : false }, { "authenticator" : "reset-password", + "authenticatorFlow" : false, "requirement" : "REQUIRED", "priority" : 30, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : false, + "userSetupAllowed" : false }, { - "authenticator" : "reset-otp", - "requirement" : "OPTIONAL", + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", "priority" : 40, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : true, + "flowAlias" : "Reset - Conditional OTP", + "userSetupAllowed" : false } ] }, { - "id" : "ad4beb21-8e9a-4fca-af41-0f757169f26c", + "id" : "35a457ca-fb99-4d62-9020-0c3bda5452ab", "alias" : "saml ecp", "description" : "SAML ECP Profile Authentication Flow", "providerId" : "basic-flow", @@ -1478,20 +1820,21 @@ "builtIn" : true, "authenticationExecutions" : [ { "authenticator" : "http-basic-authenticator", + "authenticatorFlow" : false, "requirement" : "REQUIRED", "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : false, + "userSetupAllowed" : false } ] } ], "authenticatorConfig" : [ { - "id" : "25632f91-6071-423a-8e9c-7322cdc1b011", + "id" : "19668cee-4ea3-4045-9b56-a8c1ff191de9", "alias" : "create unique user config", "config" : { "require.password.update.after.registration" : "false" } }, { - "id" : "02d7f70b-1ebc-4e72-a65c-d94a600895ac", + "id" : "70a075e5-e708-4da9-8ae8-d6ea0c87b144", "alias" : "review profile config", "config" : { "update.profile.on.first.login" : "missing" @@ -1537,6 +1880,38 @@ "defaultAction" : false, "priority" : 50, "config" : { } + }, { + "alias" : "delete_account", + "name" : "Delete Account", + "providerId" : "delete_account", + "enabled" : false, + "defaultAction" : false, + "priority" : 60, + "config" : { } + }, { + "alias" : "webauthn-register", + "name" : "Webauthn Register", + "providerId" : "webauthn-register", + "enabled" : true, + "defaultAction" : false, + "priority" : 70, + "config" : { } + }, { + "alias" : "webauthn-register-passwordless", + "name" : "Webauthn Register Passwordless", + "providerId" : "webauthn-register-passwordless", + "enabled" : true, + "defaultAction" : false, + "priority" : 80, + "config" : { } + }, { + "alias" : "update_user_locale", + "name" : "Update User Locale", + "providerId" : "update_user_locale", + "enabled" : true, + "defaultAction" : false, + "priority" : 1000, + "config" : { } } ], "browserFlow" : "browser", "registrationFlow" : "registration", @@ -1545,25 +1920,13 @@ "clientAuthenticationFlow" : "clients", "dockerAuthenticationFlow" : "docker auth", "attributes" : { - "_browser_header.xXSSProtection" : "1; mode=block", - "_browser_header.xFrameOptions" : "SAMEORIGIN", - "_browser_header.strictTransportSecurity" : "max-age=31536000; includeSubDomains", - "permanentLockout" : "false", - "quickLoginCheckMilliSeconds" : "1000", - "_browser_header.xRobotsTag" : "none", - "maxFailureWaitSeconds" : "900", - "minimumQuickLoginWaitSeconds" : "60", - "failureFactor" : "30", - "actionTokenGeneratedByUserLifespan" : "300", - "maxDeltaTimeSeconds" : "43200", - "_browser_header.xContentTypeOptions" : "nosniff", - "offlineSessionMaxLifespan" : "5184000", - "actionTokenGeneratedByAdminLifespan" : "43200", - "_browser_header.contentSecurityPolicyReportOnly" : "", - "bruteForceProtected" : "false", - "_browser_header.contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - "waitIncrementSeconds" : "60", - "offlineSessionMaxLifespanEnabled" : "false" + "cibaBackchannelTokenDeliveryMode" : "poll", + "cibaExpiresIn" : "120", + "cibaAuthRequestedUserHint" : "login_hint", + "oauth2DeviceCodeLifespan" : "600", + "oauth2DevicePollingInterval" : "5", + "parRequestUriLifespan" : "60", + "cibaInterval" : "5" }, "users" : [ { "id" : "af134cab-f41c-4675-b141-205f975db679", @@ -1634,26 +1997,13 @@ "realmRoles" : [ "confidential", "user" ], "notBefore" : 0, "groups" : [ ] - }, { - "id" : "948c59ec-46ed-4d99-aa43-02900029b930", - "createdTimestamp" : 1554245880023, - "username" : "service-account-backend-service", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "email" : "service-account-backend-service@placeholder.org", - "serviceAccountClientId" : "backend-service", - "credentials" : [ ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "realmRoles" : [ "offline_access" ], - "clientRoles" : { - "backend-service" : [ "uma_protection" ], - "account" : [ "view-profile", "manage-account" ] - }, - "notBefore" : 0, - "groups" : [ ] - } ], - "keycloakVersion" : "6.0.0", - "userManagedAccessAllowed" : false + }], + "keycloakVersion" : "19.0.1", + "userManagedAccessAllowed" : false, + "clientProfiles" : { + "profiles" : [ ] + }, + "clientPolicies" : { + "policies" : [ ] + } } diff --git a/security-openid-connect-multi-tenancy-quickstart/pom.xml b/security-openid-connect-multi-tenancy-quickstart/pom.xml index 129942ff0c..8ca94dea7b 100644 --- a/security-openid-connect-multi-tenancy-quickstart/pom.xml +++ b/security-openid-connect-multi-tenancy-quickstart/pom.xml @@ -13,7 +13,7 @@ quarkus-bom io.quarkus 999-SNAPSHOT - 18.0.2-legacy + 19.0.1-legacy 3.0.0-M7 11 11 diff --git a/security-openid-connect-multi-tenancy-quickstart/src/main/resources/application.properties b/security-openid-connect-multi-tenancy-quickstart/src/main/resources/application.properties index 14278ae5bf..06a43b1a34 100644 --- a/security-openid-connect-multi-tenancy-quickstart/src/main/resources/application.properties +++ b/security-openid-connect-multi-tenancy-quickstart/src/main/resources/application.properties @@ -1,10 +1,11 @@ # Default Tenant Configuration -quarkus.oidc.auth-server-url=http://localhost:8180/auth/realms/quarkus +%prod.keycloak.url=http://localhost:8081 +quarkus.oidc.auth-server-url=${keycloak.url}/realms/quarkus quarkus.oidc.client-id=multi-tenant-client quarkus.oidc.application-type=web-app # Tenant A Configuration -quarkus.oidc.tenant-a.auth-server-url=http://localhost:8180/auth/realms/tenant-a +quarkus.oidc.tenant-a.auth-server-url=${keycloak.url}/realms/tenant-a quarkus.oidc.tenant-a.client-id=multi-tenant-client quarkus.oidc.tenant-a.application-type=web-app @@ -12,4 +13,4 @@ quarkus.oidc.tenant-a.application-type=web-app quarkus.http.auth.permission.authenticated.paths=/* quarkus.http.auth.permission.authenticated.policy=authenticated -quarkus.log.category."com.gargoylesoftware.htmlunit".level=ERROR \ No newline at end of file +quarkus.log.category."com.gargoylesoftware.htmlunit".level=ERROR diff --git a/security-openid-connect-multi-tenancy-quickstart/src/test/java/org/acme/quickstart/oidc/KeycloakServer.java b/security-openid-connect-multi-tenancy-quickstart/src/test/java/org/acme/quickstart/oidc/KeycloakServer.java index 31323774cb..3b723bc891 100644 --- a/security-openid-connect-multi-tenancy-quickstart/src/test/java/org/acme/quickstart/oidc/KeycloakServer.java +++ b/security-openid-connect-multi-tenancy-quickstart/src/test/java/org/acme/quickstart/oidc/KeycloakServer.java @@ -17,7 +17,7 @@ public class KeycloakServer implements QuarkusTestResourceLifecycleManager { @Override public Map start() { keycloak = new FixedHostPortGenericContainer("quay.io/keycloak/keycloak:" + System.getProperty("keycloak.image.version")) - .withFixedExposedPort(8180, 8080) + .withExposedPorts(8080) .withEnv("DB_VENDOR", "H2") .withEnv("KEYCLOAK_USER", "admin") .withEnv("KEYCLOAK_PASSWORD", "admin") @@ -26,7 +26,7 @@ public Map start() { .withClasspathResourceMapping("tenant-a-realm.json", "/tmp/tenant-a-realm.json", BindMode.READ_ONLY, SelinuxContext.SINGLE) .waitingFor(Wait.forHttp("/auth")); keycloak.start(); - return Collections.emptyMap(); + return Map.of("keycloak.url", "http://localhost:" + keycloak.getMappedPort(8080) + "/auth"); } @Override diff --git a/security-openid-connect-web-authentication-quickstart/config/quarkus-realm.json b/security-openid-connect-web-authentication-quickstart/config/quarkus-realm.json index 67a5064281..1bdb7847f7 100644 --- a/security-openid-connect-web-authentication-quickstart/config/quarkus-realm.json +++ b/security-openid-connect-web-authentication-quickstart/config/quarkus-realm.json @@ -1,10 +1,11 @@ { - "id" : "11d78bf6-6d10-4484-baba-a1388379d68b", + "id" : "0395efe3-db9a-4daa-ab6a-d374f16216c7", "realm" : "quarkus", "notBefore" : 0, + "defaultSignatureAlgorithm" : "RS256", "revokeRefreshToken" : false, "refreshTokenMaxReuse" : 0, - "accessTokenLifespan" : 3, + "accessTokenLifespan" : 300, "accessTokenLifespanForImplicitFlow" : 900, "ssoSessionIdleTimeout" : 1800, "ssoSessionMaxLifespan" : 2, @@ -13,11 +14,17 @@ "offlineSessionIdleTimeout" : 2592000, "offlineSessionMaxLifespanEnabled" : false, "offlineSessionMaxLifespan" : 5184000, + "clientSessionIdleTimeout" : 0, + "clientSessionMaxLifespan" : 0, + "clientOfflineSessionIdleTimeout" : 0, + "clientOfflineSessionMaxLifespan" : 0, "accessCodeLifespan" : 60, "accessCodeLifespanUserAction" : 300, "accessCodeLifespanLogin" : 1800, "actionTokenGeneratedByAdminLifespan" : 43200, "actionTokenGeneratedByUserLifespan" : 300, + "oauth2DeviceCodeLifespan" : 600, + "oauth2DevicePollingInterval" : 5, "enabled" : true, "sslRequired" : "external", "registrationAllowed" : false, @@ -37,148 +44,170 @@ "maxDeltaTimeSeconds" : 43200, "failureFactor" : 30, "roles" : { - "realm" : [ { - "id" : "3fc80564-13ac-4e7b-9986-322f571e82bc", - "name" : "confidential", - "composite" : false, - "clientRole" : false, - "containerId" : "11d78bf6-6d10-4484-baba-a1388379d68b", - "attributes" : { } - }, { - "id" : "39eb64c8-66a9-4983-9c81-27ea7e2f6273", - "name" : "uma_authorization", - "description" : "${role_uma_authorization}", - "composite" : false, - "clientRole" : false, - "containerId" : "11d78bf6-6d10-4484-baba-a1388379d68b", - "attributes" : { } - }, { + "realm" : [ + { "id" : "8c1abe12-62fe-4a06-ae0d-f5fb67dddbb0", "name" : "admin", + "composite" : false, + "clientRole" : false, + "containerId" : "0395efe3-db9a-4daa-ab6a-d374f16216c7", + "attributes" : { } + }, { + "id" : "5afce544-6a3c-495f-b805-fd737cf5081e", + "name" : "user", + "composite" : false, + "clientRole" : false, + "containerId" : "0395efe3-db9a-4daa-ab6a-d374f16216c7", + "attributes" : { } + }, + { + "id" : "ea359555-0e61-4f96-a8de-f1091e6d39ac", + "name" : "offline_access", + "description" : "${role_offline-access}", "composite" : false, "clientRole" : false, - "containerId" : "11d78bf6-6d10-4484-baba-a1388379d68b", + "containerId" : "0395efe3-db9a-4daa-ab6a-d374f16216c7", "attributes" : { } }, { - "id" : "5afce544-6a3c-495f-b805-fd737cf5081e", - "name" : "user", - "composite" : false, + "id" : "8dd738a8-fde2-4867-b0b3-24ccaa320b6d", + "name" : "default-roles-quarkus", + "description" : "${role_default-roles}", + "composite" : true, + "composites" : { + "realm" : [ "offline_access", "uma_authorization" ], + "client" : { + "account" : [ "manage-account", "view-profile" ] + } + }, "clientRole" : false, - "containerId" : "11d78bf6-6d10-4484-baba-a1388379d68b", + "containerId" : "0395efe3-db9a-4daa-ab6a-d374f16216c7", "attributes" : { } }, { - "id" : "bc431d62-a80a-425b-961a-0fb3fc59006d", - "name" : "offline_access", - "description" : "${role_offline-access}", + "id" : "d1a873c8-2cf1-4161-8175-1229bc0aae01", + "name" : "uma_authorization", + "description" : "${role_uma_authorization}", "composite" : false, "clientRole" : false, - "containerId" : "11d78bf6-6d10-4484-baba-a1388379d68b", + "containerId" : "0395efe3-db9a-4daa-ab6a-d374f16216c7", "attributes" : { } } ], "client" : { "realm-management" : [ { - "id" : "7db1f38d-d436-4725-93fd-030a3bbe628e", - "name" : "manage-identity-providers", - "description" : "${role_manage-identity-providers}", + "id" : "f832cbf4-8028-4596-8282-89e8f8316473", + "name" : "query-clients", + "description" : "${role_query-clients}", "composite" : false, "clientRole" : true, - "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748", + "containerId" : "8b32e08f-2632-4f98-a895-ce13bcd25da3", "attributes" : { } }, { - "id" : "1163b9bd-7319-4154-a25f-0101b2548d21", - "name" : "impersonation", - "description" : "${role_impersonation}", + "id" : "f8279353-4cce-4d80-9de0-e891a3deff3a", + "name" : "realm-admin", + "description" : "${role_realm-admin}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "view-authorization", "query-clients", "manage-realm", "manage-authorization", "manage-users", "query-groups", "view-events", "view-clients", "manage-events", "view-realm", "manage-identity-providers", "query-realms", "view-users", "view-identity-providers", "query-users", "manage-clients", "impersonation", "create-client" ] + } + }, + "clientRole" : true, + "containerId" : "8b32e08f-2632-4f98-a895-ce13bcd25da3", + "attributes" : { } + }, { + "id" : "8ab22283-4a45-46d8-b135-d5593234fffc", + "name" : "view-authorization", + "description" : "${role_view-authorization}", "composite" : false, "clientRole" : true, - "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748", + "containerId" : "8b32e08f-2632-4f98-a895-ce13bcd25da3", "attributes" : { } }, { - "id" : "73d0a556-072b-404f-bf8e-10e2544c8c27", - "name" : "view-identity-providers", - "description" : "${role_view-identity-providers}", + "id" : "e7789c00-bc53-4931-b569-49068030c258", + "name" : "manage-realm", + "description" : "${role_manage-realm}", "composite" : false, "clientRole" : true, - "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748", + "containerId" : "8b32e08f-2632-4f98-a895-ce13bcd25da3", "attributes" : { } }, { - "id" : "7e727e28-2095-4443-b2da-865e684f2308", - "name" : "view-realm", - "description" : "${role_view-realm}", + "id" : "1df0b4e1-a2a2-42ef-a651-ffe14561a823", + "name" : "manage-authorization", + "description" : "${role_manage-authorization}", "composite" : false, "clientRole" : true, - "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748", + "containerId" : "8b32e08f-2632-4f98-a895-ce13bcd25da3", "attributes" : { } }, { - "id" : "df9e5352-f835-4467-bcaf-cb1b5f55c1ec", - "name" : "query-users", - "description" : "${role_query-users}", + "id" : "c688ae00-fa6b-4d91-9d81-1f5b0b98277e", + "name" : "manage-users", + "description" : "${role_manage-users}", "composite" : false, "clientRole" : true, - "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748", + "containerId" : "8b32e08f-2632-4f98-a895-ce13bcd25da3", "attributes" : { } }, { - "id" : "fa77909a-32a3-41ae-9983-2b92ae03080c", - "name" : "manage-clients", - "description" : "${role_manage-clients}", + "id" : "9c9f2b7d-c7d8-4d77-bd51-9fe9cfca3940", + "name" : "query-groups", + "description" : "${role_query-groups}", "composite" : false, "clientRole" : true, - "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748", + "containerId" : "8b32e08f-2632-4f98-a895-ce13bcd25da3", "attributes" : { } }, { - "id" : "a8780507-dc72-4433-8b95-b8e4f3c37d0e", - "name" : "manage-events", - "description" : "${role_manage-events}", + "id" : "c0d2d109-55be-4b82-ae1f-02b578eb7858", + "name" : "view-events", + "description" : "${role_view-events}", "composite" : false, "clientRole" : true, - "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748", + "containerId" : "8b32e08f-2632-4f98-a895-ce13bcd25da3", "attributes" : { } }, { - "id" : "f7f4697a-3977-42f6-af86-9bb006cf4d04", - "name" : "realm-admin", - "description" : "${role_realm-admin}", + "id" : "dbe0e3e3-dd09-4074-ab95-e34ab7d854e4", + "name" : "view-clients", + "description" : "${role_view-clients}", "composite" : true, "composites" : { "client" : { - "realm-management" : [ "impersonation", "manage-identity-providers", "view-identity-providers", "view-realm", "query-users", "manage-clients", "manage-events", "manage-realm", "view-authorization", "manage-authorization", "view-users", "create-client", "query-clients", "query-groups", "manage-users", "view-clients", "view-events", "query-realms" ] + "realm-management" : [ "query-clients" ] } }, "clientRole" : true, - "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748", + "containerId" : "8b32e08f-2632-4f98-a895-ce13bcd25da3", "attributes" : { } }, { - "id" : "ca7dc1ce-a981-4efe-b3f0-a7192b6d3943", - "name" : "manage-realm", - "description" : "${role_manage-realm}", + "id" : "474e8054-2f97-41a3-a93b-e5d02b6c7334", + "name" : "manage-events", + "description" : "${role_manage-events}", "composite" : false, "clientRole" : true, - "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748", + "containerId" : "8b32e08f-2632-4f98-a895-ce13bcd25da3", "attributes" : { } }, { - "id" : "a0ab4faa-00a9-4f52-ac9f-8e764b6a8126", - "name" : "view-authorization", - "description" : "${role_view-authorization}", + "id" : "bb97a499-d817-42d5-bd3f-0bba54be96b4", + "name" : "view-realm", + "description" : "${role_view-realm}", "composite" : false, "clientRole" : true, - "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748", + "containerId" : "8b32e08f-2632-4f98-a895-ce13bcd25da3", "attributes" : { } }, { - "id" : "0b4ed5e0-eceb-4d81-ba05-fa67022abe59", - "name" : "manage-authorization", - "description" : "${role_manage-authorization}", + "id" : "4acb952b-140f-4136-9b53-4d1aad72cb78", + "name" : "manage-identity-providers", + "description" : "${role_manage-identity-providers}", "composite" : false, "clientRole" : true, - "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748", + "containerId" : "8b32e08f-2632-4f98-a895-ce13bcd25da3", "attributes" : { } }, { - "id" : "c10336be-06f3-40ef-bef5-28d8c9b8a1e2", - "name" : "create-client", - "description" : "${role_create-client}", + "id" : "f1a57cf7-8a65-4c0d-98c3-c262cfc0b84e", + "name" : "query-realms", + "description" : "${role_query-realms}", "composite" : false, "clientRole" : true, - "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748", + "containerId" : "8b32e08f-2632-4f98-a895-ce13bcd25da3", "attributes" : { } }, { - "id" : "1a1ffadc-11d5-44ea-bac0-d94372c8ae5c", + "id" : "3b074f9a-95a1-4e77-b790-865d9ad4e429", "name" : "view-users", "description" : "${role_view-users}", "composite" : true, @@ -188,64 +217,52 @@ } }, "clientRole" : true, - "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748", + "containerId" : "8b32e08f-2632-4f98-a895-ce13bcd25da3", "attributes" : { } }, { - "id" : "5ba9a1a3-9027-4531-8253-b91f6058513c", - "name" : "query-clients", - "description" : "${role_query-clients}", + "id" : "39de6608-d322-4abd-99e1-955ac8a43388", + "name" : "view-identity-providers", + "description" : "${role_view-identity-providers}", "composite" : false, "clientRole" : true, - "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748", + "containerId" : "8b32e08f-2632-4f98-a895-ce13bcd25da3", "attributes" : { } }, { - "id" : "b4fba807-7a7e-4e3e-bd31-45703305a9e3", - "name" : "query-groups", - "description" : "${role_query-groups}", + "id" : "cbe1bad7-18e2-4c49-8080-628c2596552a", + "name" : "query-users", + "description" : "${role_query-users}", "composite" : false, "clientRole" : true, - "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748", + "containerId" : "8b32e08f-2632-4f98-a895-ce13bcd25da3", "attributes" : { } }, { - "id" : "c9384254-0af3-434c-b4ed-7c94f59a8247", - "name" : "manage-users", - "description" : "${role_manage-users}", + "id" : "e0fe80c5-2f31-415c-bfaf-b6f3e843eb96", + "name" : "impersonation", + "description" : "${role_impersonation}", "composite" : false, "clientRole" : true, - "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748", - "attributes" : { } - }, { - "id" : "9a0022f2-bd58-4418-828c-a8e7abe3346b", - "name" : "view-clients", - "description" : "${role_view-clients}", - "composite" : true, - "composites" : { - "client" : { - "realm-management" : [ "query-clients" ] - } - }, - "clientRole" : true, - "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748", + "containerId" : "8b32e08f-2632-4f98-a895-ce13bcd25da3", "attributes" : { } }, { - "id" : "83df8311-4366-4d22-9425-eccc343faa3f", - "name" : "view-events", - "description" : "${role_view-events}", + "id" : "8e65283c-046a-4706-8927-ef32cc5ca4d5", + "name" : "manage-clients", + "description" : "${role_manage-clients}", "composite" : false, "clientRole" : true, - "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748", + "containerId" : "8b32e08f-2632-4f98-a895-ce13bcd25da3", "attributes" : { } }, { - "id" : "e81bf277-047f-4bdd-afd6-59e2016c5066", - "name" : "query-realms", - "description" : "${role_query-realms}", + "id" : "3c837e32-7727-4f5b-ab46-7fab7f3a03e1", + "name" : "create-client", + "description" : "${role_create-client}", "composite" : false, "clientRole" : true, - "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748", + "containerId" : "8b32e08f-2632-4f98-a895-ce13bcd25da3", "attributes" : { } } ], "security-admin-console" : [ ], "admin-cli" : [ ], + "account-console" : [ ], "frontend" : [ { "id" : "df147a91-6da7-4bbc-866c-f30cf99b2637", "name" : "uma_protection", @@ -255,24 +272,61 @@ "attributes" : { } } ], "broker" : [ { - "id" : "d36865b0-7ade-4bcd-a7dc-1dacbd80f169", + "id" : "d0536a0c-3c9a-4cd9-8e16-cfa49c873224", "name" : "read-token", "description" : "${role_read-token}", "composite" : false, "clientRole" : true, - "containerId" : "53d4fe53-a039-471e-886a-28eddc950e95", + "containerId" : "35d1a8b5-c7d1-4cf8-9899-4883bd7466ca", "attributes" : { } } ], "account" : [ { - "id" : "539325a0-d9b3-4821-97ee-d42999296b62", - "name" : "view-profile", - "description" : "${role_view-profile}", + "id" : "2f6d52a4-18a9-437b-ad5f-403ea4314f47", + "name" : "manage-consent", + "description" : "${role_manage-consent}", + "composite" : true, + "composites" : { + "client" : { + "account" : [ "view-consent" ] + } + }, + "clientRole" : true, + "containerId" : "ef71b3ce-06f8-4576-9d92-59fdba1c0ba8", + "attributes" : { } + }, { + "id" : "b12ff323-839b-44fd-ba56-fad1c7b756aa", + "name" : "manage-account-links", + "description" : "${role_manage-account-links}", + "composite" : false, + "clientRole" : true, + "containerId" : "ef71b3ce-06f8-4576-9d92-59fdba1c0ba8", + "attributes" : { } + }, { + "id" : "b9440700-bc37-41b2-9ec5-45ad983e871a", + "name" : "view-applications", + "description" : "${role_view-applications}", "composite" : false, "clientRole" : true, - "containerId" : "e55e1234-38fa-432d-8d90-39f5e024688d", + "containerId" : "ef71b3ce-06f8-4576-9d92-59fdba1c0ba8", "attributes" : { } }, { - "id" : "e4af836c-c884-4a57-8b1d-fb673b0fe3a5", + "id" : "1e325982-3b41-48a3-8d7f-c50bc7b78d2f", + "name" : "view-consent", + "description" : "${role_view-consent}", + "composite" : false, + "clientRole" : true, + "containerId" : "ef71b3ce-06f8-4576-9d92-59fdba1c0ba8", + "attributes" : { } + }, { + "id" : "32a64f73-4b8d-47b0-aef2-b5932dec1530", + "name" : "delete-account", + "description" : "${role_delete-account}", + "composite" : false, + "clientRole" : true, + "containerId" : "ef71b3ce-06f8-4576-9d92-59fdba1c0ba8", + "attributes" : { } + }, { + "id" : "d45f699b-c955-4740-bd6f-2d403a1965fc", "name" : "manage-account", "description" : "${role_manage-account}", "composite" : true, @@ -282,21 +336,28 @@ } }, "clientRole" : true, - "containerId" : "e55e1234-38fa-432d-8d90-39f5e024688d", + "containerId" : "ef71b3ce-06f8-4576-9d92-59fdba1c0ba8", "attributes" : { } }, { - "id" : "35d1c998-bcae-4ab1-a026-4c67bff49a98", - "name" : "manage-account-links", - "description" : "${role_manage-account-links}", + "id" : "017724a2-595a-4963-aeaf-569b57f6fb8e", + "name" : "view-profile", + "description" : "${role_view-profile}", "composite" : false, "clientRole" : true, - "containerId" : "e55e1234-38fa-432d-8d90-39f5e024688d", + "containerId" : "ef71b3ce-06f8-4576-9d92-59fdba1c0ba8", "attributes" : { } } ] } }, "groups" : [ ], - "defaultRoles" : [ "uma_authorization", "offline_access" ], + "defaultRole" : { + "id" : "8dd738a8-fde2-4867-b0b3-24ccaa320b6d", + "name" : "default-roles-quarkus", + "description" : "${role_default-roles}", + "composite" : true, + "clientRole" : false, + "containerId" : "0395efe3-db9a-4daa-ab6a-d374f16216c7" + }, "requiredCredentials" : [ "password" ], "otpPolicyType" : "totp", "otpPolicyAlgorithm" : "HmacSHA1", @@ -305,21 +366,47 @@ "otpPolicyLookAheadWindow" : 1, "otpPolicyPeriod" : 30, "otpSupportedApplications" : [ "FreeOTP", "Google Authenticator" ], + "webAuthnPolicyRpEntityName" : "keycloak", + "webAuthnPolicySignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyRpId" : "", + "webAuthnPolicyAttestationConveyancePreference" : "not specified", + "webAuthnPolicyAuthenticatorAttachment" : "not specified", + "webAuthnPolicyRequireResidentKey" : "not specified", + "webAuthnPolicyUserVerificationRequirement" : "not specified", + "webAuthnPolicyCreateTimeout" : 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyAcceptableAaguids" : [ ], + "webAuthnPolicyPasswordlessRpEntityName" : "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyPasswordlessRpId" : "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified", + "webAuthnPolicyPasswordlessCreateTimeout" : 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ], "scopeMappings" : [ { "clientScope" : "offline_access", "roles" : [ "offline_access" ] } ], + "clientScopeMappings" : { + "account" : [ { + "client" : "account-console", + "roles" : [ "manage-account" ] + } ] + }, "clients" : [ { - "id" : "e55e1234-38fa-432d-8d90-39f5e024688d", + "id" : "ef71b3ce-06f8-4576-9d92-59fdba1c0ba8", "clientId" : "account", "name" : "${client_account}", - "baseUrl" : "/auth/realms/quarkus/account", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/quarkus/account/", "surrogateAuthRequired" : false, "enabled" : true, + "alwaysDisplayInConsole" : false, "clientAuthenticatorType" : "client-secret", - "secret" : "0136c3ef-0dfd-4b13-a6d0-2c8b6358edec", - "defaultRoles" : [ "view-profile", "manage-account" ], - "redirectUris" : [ "/auth/realms/quarkus/account/*" ], + "redirectUris" : [ "/realms/quarkus/account/*" ], "webOrigins" : [ ], "notBefore" : 0, "bearerOnly" : false, @@ -328,23 +415,64 @@ "implicitFlowEnabled" : false, "directAccessGrantsEnabled" : false, "serviceAccountsEnabled" : false, - "publicClient" : false, + "publicClient" : true, "frontchannelLogout" : false, "protocol" : "openid-connect", - "attributes" : { }, + "attributes" : { + "post.logout.redirect.uris" : "+" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "4468ef11-09d6-4392-bd5a-8d8d94dd64cf", + "clientId" : "account-console", + "name" : "${client_account-console}", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/quarkus/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/realms/quarkus/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+", + "pkce.code.challenge.method" : "S256" + }, "authenticationFlowBindingOverrides" : { }, "fullScopeAllowed" : false, "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ], + "protocolMappers" : [ { + "id" : "0f9abe95-e20d-4a1e-9016-27544279543f", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { } + } ], + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { - "id" : "e9cc41a2-8e35-4d5e-949e-4879880c2ddb", + "id" : "4a3e3010-ee9d-4b88-9c21-42558823cfd4", "clientId" : "admin-cli", "name" : "${client_admin-cli}", "surrogateAuthRequired" : false, "enabled" : true, + "alwaysDisplayInConsole" : false, "clientAuthenticatorType" : "client-secret", - "secret" : "a951803a-79c7-46a6-8197-e32835286971", "redirectUris" : [ ], "webOrigins" : [ ], "notBefore" : 0, @@ -361,20 +489,20 @@ "authenticationFlowBindingOverrides" : { }, "fullScopeAllowed" : false, "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ], + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { - "id" : "53d4fe53-a039-471e-886a-28eddc950e95", + "id" : "35d1a8b5-c7d1-4cf8-9899-4883bd7466ca", "clientId" : "broker", "name" : "${client_broker}", "surrogateAuthRequired" : false, "enabled" : true, + "alwaysDisplayInConsole" : false, "clientAuthenticatorType" : "client-secret", - "secret" : "e1f7edd7-e15c-43b4-8736-ff8204d16836", "redirectUris" : [ ], "webOrigins" : [ ], "notBefore" : 0, - "bearerOnly" : false, + "bearerOnly" : true, "consentRequired" : false, "standardFlowEnabled" : true, "implicitFlowEnabled" : false, @@ -387,28 +515,29 @@ "authenticationFlowBindingOverrides" : { }, "fullScopeAllowed" : false, "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ], + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { + }, + { "id" : "0ac5df91-e044-4051-bd03-106a3a5fb9cc", "clientId" : "frontend", - "surrogateAuthRequired" : false, - "enabled" : true, + "surrogateAuthRequired" : false, + "enabled" : true, "clientAuthenticatorType": "client-secret", "secret": "secret", "redirectUris" : ["*"], - "webOrigins" : [ ], - "notBefore" : 0, + "webOrigins" : [ ], + "notBefore" : 0, "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, "directAccessGrantsEnabled" : true, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { }, - "authenticationFlowBindingOverrides" : { }, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, "fullScopeAllowed" : true, "nodeReRegistrationTimeout" : -1, "protocolMappers" : [ { @@ -424,43 +553,16 @@ "claim.name" : "clientId", "jsonType.label" : "String" } - }, { - "id" : "8422cefe-7f42-4f3b-abad-5f06f7d4b748", - "name" : "Client IP Address", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usersessionmodel-note-mapper", - "consentRequired" : false, - "config" : { - "user.session.note" : "clientAddress", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "clientAddress", - "jsonType.label" : "String" - } - }, { - "id" : "988e47d6-2055-45eb-82d6-0b8b25c629fc", - "name" : "Client Host", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usersessionmodel-note-mapper", - "consentRequired" : false, - "config" : { - "user.session.note" : "clientHost", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "clientHost", - "jsonType.label" : "String" - } - } ], - "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "376bd940-e50a-4495-80fc-9c6c07312748", + }] + }, + { + "id" : "8b32e08f-2632-4f98-a895-ce13bcd25da3", "clientId" : "realm-management", "name" : "${client_realm-management}", "surrogateAuthRequired" : false, "enabled" : true, + "alwaysDisplayInConsole" : false, "clientAuthenticatorType" : "client-secret", - "secret" : "c41b709a-a012-4c69-89d7-4f926dba0619", "redirectUris" : [ ], "webOrigins" : [ ], "notBefore" : 0, @@ -477,19 +579,20 @@ "authenticationFlowBindingOverrides" : { }, "fullScopeAllowed" : false, "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ], + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { - "id" : "a8732cac-ae0f-44ec-b7f3-bd2c41eff13c", + "id" : "1d07ab95-bd0c-47f1-9fe9-cdf3a454b6e6", "clientId" : "security-admin-console", "name" : "${client_security-admin-console}", - "baseUrl" : "/auth/admin/quarkus/console/index.html", + "rootUrl" : "${authAdminUrl}", + "baseUrl" : "/admin/quarkus/console/", "surrogateAuthRequired" : false, "enabled" : true, + "alwaysDisplayInConsole" : false, "clientAuthenticatorType" : "client-secret", - "secret" : "e571b211-2550-475d-b87f-116ff54091ee", - "redirectUris" : [ "/auth/admin/quarkus/console/*" ], - "webOrigins" : [ ], + "redirectUris" : [ "/admin/quarkus/console/*" ], + "webOrigins" : [ "+" ], "notBefore" : 0, "bearerOnly" : false, "consentRequired" : false, @@ -500,12 +603,15 @@ "publicClient" : true, "frontchannelLogout" : false, "protocol" : "openid-connect", - "attributes" : { }, + "attributes" : { + "post.logout.redirect.uris" : "+", + "pkce.code.challenge.method" : "S256" + }, "authenticationFlowBindingOverrides" : { }, "fullScopeAllowed" : false, "nodeReRegistrationTimeout" : 0, "protocolMappers" : [ { - "id" : "280528ca-5e96-4bb9-9fc0-20311caac32d", + "id" : "76c9c4fe-a601-42f0-8ddf-555f2a608f6e", "name" : "locale", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", @@ -519,78 +625,11 @@ "jsonType.label" : "String" } } ], - "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ], + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] } ], "clientScopes" : [ { - "id" : "520cc3ef-2c6b-4d84-bcde-8c063241f4bd", - "name" : "address", - "description" : "OpenID Connect built-in scope: address", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${addressScopeConsentText}" - }, - "protocolMappers" : [ { - "id" : "c1d3bd07-0a5f-4f4f-b381-c58a7b723029", - "name" : "address", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-address-mapper", - "consentRequired" : false, - "config" : { - "user.attribute.formatted" : "formatted", - "user.attribute.country" : "country", - "user.attribute.postal_code" : "postal_code", - "userinfo.token.claim" : "true", - "user.attribute.street" : "street", - "id.token.claim" : "true", - "user.attribute.region" : "region", - "access.token.claim" : "true", - "user.attribute.locality" : "locality" - } - } ] - }, { - "id" : "19920c96-a383-4f35-8ee9-27833263cf03", - "name" : "email", - "description" : "OpenID Connect built-in scope: email", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${emailScopeConsentText}" - }, - "protocolMappers" : [ { - "id" : "36a0adf0-6c25-419f-98d7-cdeada8661aa", - "name" : "email", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "email", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "email", - "jsonType.label" : "String" - } - }, { - "id" : "b0c39901-5e5d-4436-b685-908bb90ea1d9", - "name" : "email verified", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "emailVerified", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "email_verified", - "jsonType.label" : "boolean" - } - } ] - }, { - "id" : "55b3ee1c-cbf9-4526-93d7-aa56a9c5f1cb", + "id" : "74dc68ce-3ac6-43ea-a567-457b0820418f", "name" : "microprofile-jwt", "description" : "Microprofile - JWT built-in scope", "protocol" : "openid-connect", @@ -599,7 +638,7 @@ "display.on.consent.screen" : "false" }, "protocolMappers" : [ { - "id" : "59128144-a21a-4744-bb55-e66ff0503b18", + "id" : "9b2a07f4-bbd9-4a95-a30d-00e99c490750", "name" : "upn", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-property-mapper", @@ -613,7 +652,7 @@ "jsonType.label" : "String" } }, { - "id" : "69351a63-7d6e-45d0-be47-088c83b20fdb", + "id" : "b7d103f0-85df-46bb-aded-092393e95b84", "name" : "groups", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-realm-role-mapper", @@ -628,79 +667,59 @@ } } ] }, { - "id" : "3f190f54-8e3a-4c82-a799-bd12ddc475b2", - "name" : "offline_access", - "description" : "OpenID Connect built-in scope: offline_access", - "protocol" : "openid-connect", - "attributes" : { - "consent.screen.text" : "${offlineAccessScopeConsentText}", - "display.on.consent.screen" : "true" - } - }, { - "id" : "defa3480-5368-4f34-8075-49fb982b71b3", - "name" : "phone", - "description" : "OpenID Connect built-in scope: phone", + "id" : "22f44eb8-2462-4ea6-a33b-738c1b0608f5", + "name" : "profile", + "description" : "OpenID Connect built-in scope: profile", "protocol" : "openid-connect", "attributes" : { "include.in.token.scope" : "true", "display.on.consent.screen" : "true", - "consent.screen.text" : "${phoneScopeConsentText}" + "consent.screen.text" : "${profileScopeConsentText}" }, "protocolMappers" : [ { - "id" : "069ae414-9e98-4612-a3d6-e8b5a1fa841d", - "name" : "phone number verified", + "id" : "8675a14d-9a42-40a2-a9a8-1857925b4af1", + "name" : "given name", "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", + "protocolMapper" : "oidc-usermodel-property-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", - "user.attribute" : "phoneNumberVerified", + "user.attribute" : "firstName", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "phone_number_verified", - "jsonType.label" : "boolean" + "claim.name" : "given_name", + "jsonType.label" : "String" } }, { - "id" : "cea58e24-d0e0-4cc6-9e34-7b3bf7d6d85b", - "name" : "phone number", + "id" : "225ff68e-1a3e-4be3-91a3-d29f08b6dfb3", + "name" : "middle name", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", - "user.attribute" : "phoneNumber", + "user.attribute" : "middleName", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "phone_number", + "claim.name" : "middle_name", "jsonType.label" : "String" } - } ] - }, { - "id" : "b7321e2e-dd8e-41cf-a527-c765155c3f78", - "name" : "profile", - "description" : "OpenID Connect built-in scope: profile", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${profileScopeConsentText}" - }, - "protocolMappers" : [ { - "id" : "1d4d3df5-7af5-488e-8477-0ad7cb74d50a", - "name" : "nickname", + }, { + "id" : "46f329be-4563-49f8-bfc7-5b815db901ad", + "name" : "profile", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", - "user.attribute" : "nickname", + "user.attribute" : "profile", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "nickname", + "claim.name" : "profile", "jsonType.label" : "String" } }, { - "id" : "1a5e26d6-211e-4f8a-b696-0ea9577db25a", + "id" : "902af13b-2d15-4a7b-93d0-6e4e602c759b", "name" : "zoneinfo", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", @@ -714,74 +733,74 @@ "jsonType.label" : "String" } }, { - "id" : "18971685-6dd7-420f-9c09-879c4f2d54d8", - "name" : "updated at", + "id" : "14940ea5-3373-43eb-a9da-5c2bfa779115", + "name" : "locale", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", - "user.attribute" : "updatedAt", + "user.attribute" : "locale", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "updated_at", + "claim.name" : "locale", "jsonType.label" : "String" } }, { - "id" : "b970d96b-0156-4db0-9beb-9c84c173e619", - "name" : "birthdate", + "id" : "1f978dd4-7986-45fe-959d-bc2878faac82", + "name" : "full name", "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", + "protocolMapper" : "oidc-full-name-mapper", "consentRequired" : false, "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "birthdate", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "birthdate", - "jsonType.label" : "String" + "userinfo.token.claim" : "true" } }, { - "id" : "50287033-df21-45c6-aa46-c3060e6f9855", - "name" : "given name", + "id" : "f09bf306-af87-4701-8fcc-888af6551194", + "name" : "website", "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", + "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", - "user.attribute" : "firstName", + "user.attribute" : "website", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "given_name", + "claim.name" : "website", "jsonType.label" : "String" } }, { - "id" : "3dc6b97e-7063-4077-98d1-0cacf9029c7b", - "name" : "full name", + "id" : "6344d5ba-4df6-48ba-a235-08788bdf9bc8", + "name" : "gender", "protocol" : "openid-connect", - "protocolMapper" : "oidc-full-name-mapper", + "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "gender", "id.token.claim" : "true", "access.token.claim" : "true", - "userinfo.token.claim" : "true" + "claim.name" : "gender", + "jsonType.label" : "String" } }, { - "id" : "3fb9391b-376c-42ef-b012-4df461c617cc", - "name" : "middle name", + "id" : "df8227d8-7e3f-4f13-ad06-c6d8e1106b55", + "name" : "updated at", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", - "user.attribute" : "middleName", + "user.attribute" : "updatedAt", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "middle_name", - "jsonType.label" : "String" + "claim.name" : "updated_at", + "jsonType.label" : "long" } }, { - "id" : "83f7fc4a-5386-4f86-a103-6585e138b61d", + "id" : "b8bba950-1043-4ae4-bde6-55cf5b3b60db", "name" : "username", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-property-mapper", @@ -795,157 +814,236 @@ "jsonType.label" : "String" } }, { - "id" : "8ef177b3-f485-44b1-afee-1901393b00c7", - "name" : "family name", + "id" : "56db3b5c-e060-4864-9334-10d249990e67", + "name" : "picture", "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", + "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", - "user.attribute" : "lastName", + "user.attribute" : "picture", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "family_name", + "claim.name" : "picture", "jsonType.label" : "String" } }, { - "id" : "e994cbc7-2a1a-4465-b7b7-12b35b4fe49e", - "name" : "gender", + "id" : "0ed0c5aa-7f57-44ea-b1ea-71808a07fcf0", + "name" : "family name", "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", + "protocolMapper" : "oidc-usermodel-property-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", - "user.attribute" : "gender", + "user.attribute" : "lastName", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "gender", + "claim.name" : "family_name", "jsonType.label" : "String" } }, { - "id" : "abaa4c9e-1fa2-4b45-a1bb-b3d650de9aca", - "name" : "picture", + "id" : "5f259c77-ce7f-48fc-8441-d1b655f55dc7", + "name" : "nickname", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", - "user.attribute" : "picture", + "user.attribute" : "nickname", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "picture", + "claim.name" : "nickname", "jsonType.label" : "String" } }, { - "id" : "bf21b514-81fd-4bbe-9236-bab5fcf54561", - "name" : "locale", + "id" : "6e7d78e6-19dc-47ec-ac13-938845f74b92", + "name" : "birthdate", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", - "user.attribute" : "locale", + "user.attribute" : "birthdate", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "locale", + "claim.name" : "birthdate", "jsonType.label" : "String" } + } ] + }, { + "id" : "1cbef836-6f50-4828-aac1-09291bd4d16c", + "name" : "roles", + "description" : "OpenID Connect scope for add user roles to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${rolesScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "07cf5ff2-eceb-4ce3-9383-b731108ea93c", + "name" : "client roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-client-role-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "foo", + "access.token.claim" : "true", + "claim.name" : "resource_access.${client_id}.roles", + "jsonType.label" : "String", + "multivalued" : "true" + } }, { - "id" : "254f8de4-08e7-4d3d-a87f-4b238f0f922b", - "name" : "profile", + "id" : "3d74ee3e-6dd7-4bb6-93a9-639da3d09bfa", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { } + }, { + "id" : "08ccc430-e99f-4bd7-85c7-07b0543a1415", + "name" : "realm roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "foo", + "access.token.claim" : "true", + "claim.name" : "realm_access.roles", + "jsonType.label" : "String", + "multivalued" : "true" + } + } ] + }, { + "id" : "25c01f28-9625-4e76-bc46-5bf5082f2a09", + "name" : "offline_access", + "description" : "OpenID Connect built-in scope: offline_access", + "protocol" : "openid-connect", + "attributes" : { + "consent.screen.text" : "${offlineAccessScopeConsentText}", + "display.on.consent.screen" : "true" + } + }, { + "id" : "e88633f3-7cb5-4b29-a944-8e623bf451fe", + "name" : "phone", + "description" : "OpenID Connect built-in scope: phone", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${phoneScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "ee3bab3e-d8c2-4ab8-8b28-dbfb401b8f1a", + "name" : "phone number verified", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", - "user.attribute" : "profile", + "user.attribute" : "phoneNumberVerified", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "profile", - "jsonType.label" : "String" + "claim.name" : "phone_number_verified", + "jsonType.label" : "boolean" } }, { - "id" : "7934bf2a-cfc3-4b2d-a5cb-287f3ed2a977", - "name" : "website", + "id" : "89493bd0-e4ac-4aa9-a621-afe27f4aa23d", + "name" : "phone number", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", - "user.attribute" : "website", + "user.attribute" : "phoneNumber", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "website", + "claim.name" : "phone_number", "jsonType.label" : "String" } } ] }, { - "id" : "f3dc793d-6011-4861-b538-399dde5434c0", - "name" : "role_list", - "description" : "SAML role list", - "protocol" : "saml", + "id" : "a08a2719-3b1c-46b9-88dc-6eea1a74491a", + "name" : "acr", + "description" : "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol" : "openid-connect", "attributes" : { - "consent.screen.text" : "${samlRoleListScopeConsentText}", - "display.on.consent.screen" : "true" + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false" }, "protocolMappers" : [ { - "id" : "22eeabf8-a3c3-4026-a351-367f8ace7927", - "name" : "role list", - "protocol" : "saml", - "protocolMapper" : "saml-role-list-mapper", + "id" : "d7e4a778-8538-4c80-a5be-4217a1274513", + "name" : "acr loa level", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-acr-mapper", "consentRequired" : false, "config" : { - "single" : "false", - "attribute.nameformat" : "Basic", - "attribute.name" : "Role" + "id.token.claim" : "true", + "access.token.claim" : "true" } } ] }, { - "id" : "f72c1acd-c367-41b1-8646-b6bd5fff3e3f", - "name" : "roles", - "description" : "OpenID Connect scope for add user roles to the access token", + "id" : "e8a1f505-df34-4d30-bcee-5c1dfe81bda4", + "name" : "email", + "description" : "OpenID Connect built-in scope: email", "protocol" : "openid-connect", "attributes" : { - "include.in.token.scope" : "false", + "include.in.token.scope" : "true", "display.on.consent.screen" : "true", - "consent.screen.text" : "${rolesScopeConsentText}" + "consent.screen.text" : "${emailScopeConsentText}" }, "protocolMappers" : [ { - "id" : "cd8e589e-5fa7-4dae-bf6e-e8f6a3fd3cff", - "name" : "realm roles", + "id" : "227e5311-26c7-4308-b74f-6ddf6f1ff4d3", + "name" : "email verified", "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "protocolMapper" : "oidc-usermodel-property-mapper", "consentRequired" : false, "config" : { - "user.attribute" : "foo", + "userinfo.token.claim" : "true", + "user.attribute" : "emailVerified", + "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "realm_access.roles", - "jsonType.label" : "String", - "multivalued" : "true" + "claim.name" : "email_verified", + "jsonType.label" : "boolean" } }, { - "id" : "708b19d1-0709-4278-b5a1-bcbeec11f51a", - "name" : "audience resolve", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-audience-resolve-mapper", - "consentRequired" : false, - "config" : { } - }, { - "id" : "25e97210-30c7-4f35-be11-407f1fa674cb", - "name" : "client roles", + "id" : "d6b97a93-af9a-4b57-bef1-52d96ee949fb", + "name" : "email", "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-client-role-mapper", + "protocolMapper" : "oidc-usermodel-property-mapper", "consentRequired" : false, "config" : { - "user.attribute" : "foo", + "userinfo.token.claim" : "true", + "user.attribute" : "email", + "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "resource_access.${client_id}.roles", - "jsonType.label" : "String", - "multivalued" : "true" + "claim.name" : "email", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "ee2857c9-11a6-44a8-9e27-7655e01003c3", + "name" : "role_list", + "description" : "SAML role list", + "protocol" : "saml", + "attributes" : { + "consent.screen.text" : "${samlRoleListScopeConsentText}", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "e6d19dfe-4477-4d25-b4ab-7aa0a9471920", + "name" : "role list", + "protocol" : "saml", + "protocolMapper" : "saml-role-list-mapper", + "consentRequired" : false, + "config" : { + "single" : "false", + "attribute.nameformat" : "Basic", + "attribute.name" : "Role" } } ] }, { - "id" : "52618957-a4e8-4c6f-a902-217f2c41a2fd", + "id" : "7e829769-0606-4c36-8866-61e857035e24", "name" : "web-origins", "description" : "OpenID Connect scope for add allowed web origins to the access token", "protocol" : "openid-connect", @@ -955,23 +1053,51 @@ "consent.screen.text" : "" }, "protocolMappers" : [ { - "id" : "a66ddadf-312f-491f-993c-fa58685815c6", + "id" : "fc0208ff-529f-4357-9ac7-9d67327156a7", "name" : "allowed web origins", "protocol" : "openid-connect", "protocolMapper" : "oidc-allowed-origins-mapper", "consentRequired" : false, "config" : { } } ] + }, { + "id" : "0b8e1216-27f9-447d-9737-3737106f65cb", + "name" : "address", + "description" : "OpenID Connect built-in scope: address", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${addressScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "9a175133-73f8-4779-a8d3-db456249de2f", + "name" : "address", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-address-mapper", + "consentRequired" : false, + "config" : { + "user.attribute.formatted" : "formatted", + "user.attribute.country" : "country", + "user.attribute.postal_code" : "postal_code", + "userinfo.token.claim" : "true", + "user.attribute.street" : "street", + "id.token.claim" : "true", + "user.attribute.region" : "region", + "access.token.claim" : "true", + "user.attribute.locality" : "locality" + } + } ] } ], - "defaultDefaultClientScopes" : [ "role_list", "profile", "email", "roles", "web-origins" ], + "defaultDefaultClientScopes" : [ "role_list", "profile", "email", "roles", "web-origins", "acr" ], "defaultOptionalClientScopes" : [ "offline_access", "address", "phone", "microprofile-jwt" ], "browserSecurityHeaders" : { "contentSecurityPolicyReportOnly" : "", "xContentTypeOptions" : "nosniff", "xRobotsTag" : "none", "xFrameOptions" : "SAMEORIGIN", - "xXSSProtection" : "1; mode=block", "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "xXSSProtection" : "1; mode=block", "strictTransportSecurity" : "max-age=31536000; includeSubDomains" }, "smtpServer" : { }, @@ -980,27 +1106,39 @@ "enabledEventTypes" : [ ], "adminEventsEnabled" : false, "adminEventsDetailsEnabled" : false, + "identityProviders" : [ ], + "identityProviderMappers" : [ ], "components" : { "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ { - "id" : "a7679218-373d-48ca-88f8-429985faeae3", + "id" : "59ee49a2-351c-4236-926c-c77ac83d23c7", + "name" : "Trusted Hosts", + "providerId" : "trusted-hosts", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "host-sending-registration-request-must-match" : [ "true" ], + "client-uris-must-match" : [ "true" ] + } + }, { + "id" : "dac3f4e0-4b15-401e-b815-e0b0dec7de0e", "name" : "Allowed Protocol Mapper Types", "providerId" : "allowed-protocol-mappers", "subType" : "anonymous", "subComponents" : { }, "config" : { - "allowed-protocol-mapper-types" : [ "oidc-full-name-mapper", "saml-user-attribute-mapper", "saml-user-property-mapper", "oidc-address-mapper", "saml-role-list-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper" ] + "allowed-protocol-mapper-types" : [ "oidc-usermodel-attribute-mapper", "oidc-address-mapper", "saml-user-attribute-mapper", "oidc-usermodel-property-mapper", "saml-user-property-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-full-name-mapper", "saml-role-list-mapper" ] } }, { - "id" : "2ebf6f9f-4bfc-44b9-ad7c-282f2274d35b", - "name" : "Allowed Client Scopes", - "providerId" : "allowed-client-templates", + "id" : "3412fbcf-a470-4447-9fbc-b68f1c25a381", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", "subType" : "authenticated", "subComponents" : { }, "config" : { - "allow-default-scopes" : [ "true" ] + "allowed-protocol-mapper-types" : [ "saml-user-attribute-mapper", "oidc-usermodel-attribute-mapper", "oidc-address-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-full-name-mapper", "oidc-usermodel-property-mapper", "saml-user-property-mapper", "saml-role-list-mapper" ] } }, { - "id" : "552093c3-0a0a-4234-ad7c-ae660f0f0db1", + "id" : "9a945cc3-12ab-480d-abc2-4dc2a83671af", "name" : "Allowed Client Scopes", "providerId" : "allowed-client-templates", "subType" : "anonymous", @@ -1009,77 +1147,80 @@ "allow-default-scopes" : [ "true" ] } }, { - "id" : "8f27cf74-cee7-4a73-851f-982ee45157ca", - "name" : "Trusted Hosts", - "providerId" : "trusted-hosts", + "id" : "8dd3a163-851e-4d95-928d-5cfabd50d2e7", + "name" : "Max Clients Limit", + "providerId" : "max-clients", "subType" : "anonymous", "subComponents" : { }, "config" : { - "host-sending-registration-request-must-match" : [ "true" ], - "client-uris-must-match" : [ "true" ] + "max-clients" : [ "200" ] } }, { - "id" : "ff570525-6c96-4500-9d73-c02e708b39de", + "id" : "b28958b6-cd80-41c5-959c-11cdc263afd7", "name" : "Full Scope Disabled", "providerId" : "scope", "subType" : "anonymous", "subComponents" : { }, "config" : { } }, { - "id" : "b52284eb-123a-4718-aac9-857530a24a9b", - "name" : "Max Clients Limit", - "providerId" : "max-clients", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "max-clients" : [ "200" ] - } - }, { - "id" : "2b8c0a6d-d5c0-4ea2-8a9c-4843d3e04ec6", + "id" : "8fab1e68-de29-4e8c-aa31-a8093b370afc", "name" : "Consent Required", "providerId" : "consent-required", "subType" : "anonymous", "subComponents" : { }, "config" : { } }, { - "id" : "bf59de5a-2c93-43cc-a9aa-03be0129fe53", - "name" : "Allowed Protocol Mapper Types", - "providerId" : "allowed-protocol-mappers", + "id" : "17a02fd3-9468-4411-a607-7a50f6731ef1", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", "subType" : "authenticated", "subComponents" : { }, "config" : { - "allowed-protocol-mapper-types" : [ "saml-user-attribute-mapper", "oidc-full-name-mapper", "saml-role-list-mapper", "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-address-mapper", "oidc-usermodel-property-mapper", "oidc-sha256-pairwise-sub-mapper" ] + "allow-default-scopes" : [ "true" ] } } ], "org.keycloak.keys.KeyProvider" : [ { - "id" : "b3efd9cc-28b6-4404-82af-8a48a966b8ff", - "name" : "rsa-generated", - "providerId" : "rsa-generated", + "id" : "d44192d3-3a3c-4e88-a545-e949c31aa86a", + "name" : "aes-generated", + "providerId" : "aes-generated", "subComponents" : { }, "config" : { - "privateKey" : [ "MIIEowIBAAKCAQEAn5T13suF8mlS+pJXp0U1bto41nW55wpcs+Rps8ZVCRyJKWqzwSCYnI7lm0rB2wBpAAO4OPoj1zlmVoFmBPsDU9Xf7rjsJb5LIzIQDCZY44aSDZt6RR+gakPiQvlzHyW/RozYpngDJF7TsTD7rdRF1xQ4RprfBF8fwK/xsU7pxbeom5xDHZhz3fiw8s+7UdbmnazDHfAjU58aUrLGgVRfUsuoHjtsptYlOIXEifaeMetXZE+HhqLYRHQPDap5fbBJl773Trosn7N9nmzN4x1xxGj9So21WC5UboQs9sAIVgizc4omjZ5Y4RN9HLH7G4YwJctNntzmnJhDui9zAO+zSQIDAQABAoIBADi+F7rTtVoft0Cfnok8o6Y58/HVxHdxiMryUd95iy0FN4RBi48FTx6D9QKFz25Ws/8sU2n3D51srIXf1u24b1N0/f39RQKaqk7mcyxOylaEuBQcj5pah4ihgKd92UBfBKdKV5LBo6RgD3e2yhbiHr8+UlBQqzH7vOef6Bm6zIbfmi3N88swAJhP0YizRZFklsbmLsK6nkwyro00CHJvPVKSBbM+ad+/zIBsLw56MvNngB5TuFguUgoljd6M1T2z4utmZGlTUqrfE1onAVLJZoGnRohyIr7dJEg6YxWR70PxsgmkDKyeRvet9P1trO0n+OSprusfrC3cHJStabap1V0CgYEA1A/CtsqTnjdYYsB19eumZgdpzUgNc/YEAzZ/OWb8yTLoB2ncci+63A1rXHUXAqJFY7vtjn5mxv7SuASNbUrzq+6KfZvC1x9XEtnczqT/ypunNfxmIZuj8Nuu6vtURguZ8kPPwdkI8toTizRFeRE5ZDBvoQryiEVYugfHaHT5vzsCgYEAwKWODwquI0Lv9BuwdNVrBXQpkKh3ZfYOA7i9xvhxlM7xUu8OMCwwCPn3r7vrW5APjTqX4h330mJ44SLEs+7gbCUs4BbJBLA6g0ChlHa9PTkxp6tk2nDF/B34fxiZSRkE85L+d+at0Dc3hnlzLCJCzJawGpoPniPU9e4w0p4dN0sCgYAsGnMGjS8SUrRhJWHjGXVr9tK8TOXvXhULjgP7rj2Yoqu7Dvs4DFEyft/7RKbad2EzEtyfLA64CDtO5jN7rYDsGxpWcVSeZPg5BXJ0z8AbJTArfCjJiJMZ/rZsTIUEZFlKF2xYBolj6JLz+pUQTtK+0YwF1D8ItFN1rTR9twZSDQKBgQC6sPXNX+VH6LuPTjIf1x8CxwLs3EXxOpV0R9kp9GRl+HJnk6GlT30xhcThufQo5KAdllXQXIhoiuNoEoCbevhj9Vbax1oBQCNERSMRNEzKAx46xd9TzYwgeo7x5E3QR/3DaoVOfu+cY5ZcrF/PulgP2kxJS1mtQD5GIpGP2oinpwKBgGqiqTFPqRcelx76vBvTU+Jp1zM62T4AotbMrSQR/oUvqHe5Ytj/SbZx+wbbHAiyGgV700Mosyviik83YEAbR3kdOPjgYvAJJW2Y3jEMdQ7MwriXz8XLh5BGmYfVjkSOJXed9ua9WlYLKOJeXXv191BbDvrx5NXuJyVVU4vJx3YZ" ], - "certificate" : [ "MIICnTCCAYUCBgFp4EYIrjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdwcm90ZWFuMB4XDTE5MDQwMjIyNTYxOVoXDTI5MDQwMjIyNTc1OVowEjEQMA4GA1UEAwwHcHJvdGVhbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ+U9d7LhfJpUvqSV6dFNW7aONZ1uecKXLPkabPGVQkciSlqs8EgmJyO5ZtKwdsAaQADuDj6I9c5ZlaBZgT7A1PV3+647CW+SyMyEAwmWOOGkg2bekUfoGpD4kL5cx8lv0aM2KZ4AyRe07Ew+63URdcUOEaa3wRfH8Cv8bFO6cW3qJucQx2Yc934sPLPu1HW5p2swx3wI1OfGlKyxoFUX1LLqB47bKbWJTiFxIn2njHrV2RPh4ai2ER0Dw2qeX2wSZe+9066LJ+zfZ5szeMdccRo/UqNtVguVG6ELPbACFYIs3OKJo2eWOETfRyx+xuGMCXLTZ7c5pyYQ7ovcwDvs0kCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAVtmRKDb4OK5iSA46tagMBkp6L7WuPpCWuHGWwobEP+BecYsShW7zP3s12oA8SNSwbhvu0CRqgzxhuypgf3hKQFVU153Erv4hzkj+8S0s5LR/ZE7tDNY2lzJ3yQKXy3Md7EkuzzvOZ50MTrcSKAanWq/ZW1OTnrtGymj5zGJnTg7mMnJzEIGePxkvPu/QdchiPBLqxfZYm1jsFGY25djOC3N/KmVcRVmPRGuu6D8tBFHlKoPfZYPdbMvsvs24aupHKRcZ+ofTCpK+2Qo8c0pSSqeEYHGmuGqC6lC6ozxtxSABPO9Q1R1tZBU7Kg5HvXUwwmoVS3EGub46YbHqbmWMLg==" ], + "kid" : [ "e5093b21-193e-4870-8704-da2e95624636" ], + "secret" : [ "gyHnYiP_hZm7e98viCL4Ww" ], "priority" : [ "100" ] } }, { - "id" : "20460ca5-ec24-4a9b-839a-457743d3f841", + "id" : "2cef76ac-9884-40c8-93e0-56b4990e0c7c", "name" : "hmac-generated", "providerId" : "hmac-generated", "subComponents" : { }, "config" : { - "kid" : [ "96afd00e-85cf-4d35-b18e-061d3813d8b2" ], - "secret" : [ "qBFGKdUGf6xDgKphnRfoFzIzaFHJW4bYnZ9MinPFzN38X5_ctq-2u1q5RdZzeJukXvk2biHB8_s3DxWmmLZFsA" ], + "kid" : [ "9a2ed006-ab72-4332-9e10-e90ffb402175" ], + "secret" : [ "Ky_l9LZOjTABVy8l-MRnyLuMMQHzYFoJ5yB4xo_YIaMFrJ9cT4Kinzq1bCIiu0j8adQF1xL8sh9rM2BRYu5cjA" ], "priority" : [ "100" ], "algorithm" : [ "HS256" ] } }, { - "id" : "4f02d984-7a23-4ce1-8591-848a71390efe", - "name" : "aes-generated", - "providerId" : "aes-generated", + "id" : "9b5c5506-a979-4d97-b3a1-7875b7e26baf", + "name" : "rsa-enc-generated", + "providerId" : "rsa-enc-generated", + "subComponents" : { }, + "config" : { + "privateKey" : [ "MIIEowIBAAKCAQEArM0cRQdpn00Vk/VLMyKZaoeRmFMIMr/7UJO5hlUuQa7DMDPQgyCl0opfhxUmhmkJcKrOV9Y9JeXLspvTI5Y/0WkI+NstQzbTgqFuW6TMocVMp1OZMjAePt6do96HyZLk4YXlUlScEE6QO4a2L6ZqjAkO/5H4jdV76dLFrsdq56OiAFfT13Tdxun8xz4B5knzjCpNWMzAqWW4rjjpFatiNPbUvV2Y/bd2v+DJvesrkF3BLaumhA8yRv/gYsu+D4fIXEJTsXO192aKE3UW0PJ23ThNjLHvJNf7AUpqbo/Iy3WDWEdIKzlCpLWN0FaMmuKNtU8XFM9Cx2OSxQgesiD2SwIDAQABAoIBAA3Q50IHpsspvSA6CQiuHmkOxmlqhINjDfalaqLe1aN2LYoBlcBrA4cZZCwacoMyciKtej3T1cpdaXnYc26ErInGpZ5/QhexK89/SIhDdwI2+OGAa1InC1jVSli+fP0OmLk4kBsskHI0IQ95V/PoXaitPFZ0kKE6elbs8LxNANmpsRKPUWy6ZEIwehhSZRVWrJnKRf/iB9DRLSkFXy9NCqURzGs0YAqJbXAmNC14m98EjTTbw9PgfvgQQwCRfWku6DM3rd2J4WXagAFZECDWCc6UFdJGTdhAsjW5B1fcpC6/rD9rONKVqmKf5N2oreHXnSxLHVwTX3H/o3IdgwYyLPECgYEA7DeZaXdonKSZEHuT5x3wyE6Asj+xfvH8sURvcat6XmgUZtD5uYdARr+MtyBJWwGDonzheaJ8yCHovuPS0nvbab0vizokzdLuxk70ehwujdCMowSygorF3Y38z6+Fk/ur8Jto3DCozS2qfRndPw9+joWJzskmQmsuOt/vf0IoDhsCgYEAu0Xl/pPJFAa9d4jwpbtmEKA8RZF05IbBTEpXfYIrLKDvvkHKYA5G60qfG/LNoGeDHHoXktEheiMsd8dmztOTcbQLGA+rANZi7gBMdapYj+Q84Wm8M9QZjD/wZhv/rPklZeSymJV45am985yT+KlFZIrtMzC1rHEa1jvOxTKee5ECgYAA1SVWSNR2kOH1O+pGi0V4/0XW2wCeKO4yFcKqzObuhEFmJ2Bp9f8VAMHXN2bqyjOTlAsbaaY08mGmopjwov0f/0m2nOraSt8Kleaos4a6ezyzqmWSrjiKUmDMvpqi7eUqQPH6rLU7m+iY7kloWn6gs/nLX8whucz86iMm+K25dwKBgECMZirqS2uAqzuRUsj9H7/pSvz7ltvR6rxd/2v+Ot1mF1xvls6m/SDKlq7ucJuyMgnVt1xegvhzOTeL3k65tF+DnDNN6zYdrvmz1qbT8TSfibB0Xm9K0wd5XmYDjovTUGWff0OCeapHaHaYaJRT29w82mdDicsHLSXcdXeY6/FRAoGBAJbnAYgoTWfTblyoXRjQwz9lhQoXaS3c8d0GAm3Ceamagtx+FSjRVuNB4rpSRgMLwbdI6yeEkcgeZHKrglW2psxHyu2FmDQsSx+oYnF/WYV/0wQjIxzzbSCZLckdiThT0G7VrAOC4hah/U3g5BVoPRFpmPr2OhDO/hY1sPYcisiI" ], + "keyUse" : [ "ENC" ], + "certificate" : [ "MIICnTCCAYUCBgGCxQ67czANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdxdWFya3VzMB4XDTIyMDgyMjEwMTU1M1oXDTMyMDgyMjEwMTczM1owEjEQMA4GA1UEAwwHcXVhcmt1czCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKzNHEUHaZ9NFZP1SzMimWqHkZhTCDK/+1CTuYZVLkGuwzAz0IMgpdKKX4cVJoZpCXCqzlfWPSXly7Kb0yOWP9FpCPjbLUM204KhblukzKHFTKdTmTIwHj7enaPeh8mS5OGF5VJUnBBOkDuGti+maowJDv+R+I3Ve+nSxa7HauejogBX09d03cbp/Mc+AeZJ84wqTVjMwKlluK446RWrYjT21L1dmP23dr/gyb3rK5BdwS2rpoQPMkb/4GLLvg+HyFxCU7FztfdmihN1FtDydt04TYyx7yTX+wFKam6PyMt1g1hHSCs5QqS1jdBWjJrijbVPFxTPQsdjksUIHrIg9ksCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAZ5Y7Yl2fDw2CHJnbxV/r5l9xtCWcpMnvfaaDF1ZdksjZ6XjsItQ3ok7Cok0rGgVdUEeUUDVT2qR7dgKP7JK8hQi2Mjb9IerJjCyp/RdwsTOUocORRTA9/Xj86ftoSqCiiT8sEGDnKqLRn2TVXT1qC5jxEgmGjEL1RacC3D1cIReadNuGjGyqEpLooBlp8+oBR1p4uVG2JS1MVOiHp3HLqP2rRAp8Yj2eDVQQk8pgrZWgxzTHir9RoQdgz6xT4nAYqahZccfchkFGkO4SKFtI9g85oPn6jvY6VTrCbh1hfZwnUyz2+mOBgIP4vtPKNj9XQojORO5jHB1ARxln1b4MVA==" ], + "priority" : [ "100" ], + "algorithm" : [ "RSA-OAEP" ] + } + }, { + "id" : "7027377c-4203-4f9d-b272-a5c9fc178e2b", + "name" : "rsa-generated", + "providerId" : "rsa-generated", "subComponents" : { }, "config" : { - "kid" : [ "b04473d3-8395-4016-b455-19a9e951106b" ], - "secret" : [ "x68mMOVdz3qKWzltzReV0g" ], + "privateKey" : [ "MIIEpAIBAAKCAQEA6i23lPm42omvehwgZbGbA1bgrbzj3t2y91Kr0fxmCg4Xs8xLA0iDFNFqnl7KOTTYLRSbLNIVrxv2PQxSWRDYYlaAGMzMyhwR6RZmiLM1PsXLhIvEnQLNAHhAIpSgbX2MG2lwMV/falX0zOouz/+KxOrOgLlED6F+rM9Lr02lPFAm8ZkKqipIgvDVwVFm0VeFRxu5Q8Yg8W7qyHDzVGOVzbiGt95wjpvssw8bl1RxHZWw6itpoGAG88dftC9gkDnAES//5xBnY8HzS7+4fcnGN7NbsClEvkYWAGLREbBZy1fbSE/yfUCOJ+WZSRDtG/NH7DZVPMnfXXLFfCtppowkrwIDAQABAoIBABdO45XdYSvHRoL157eXfOFRNV21jkyxbk21mcp1v8ZCbtODgvfZsMpSqbUHpEMbYmTiRyun4WajdtfOsSeSSKdJCsjtIXkAYDv98cirZaJQ15fivXgPPk5Mqb2HY4xiUZ6s2PDhJQCVe58ls/EZ8zr0UAd56S9RGKWkoFjbdpXRB7njpK0HfNUevp/0tmY6u1jtkW4LgXb/k2PDgSYRvTStjEyg2VGkOGkLRvyrEkCFm5kKwWHTCRc7xLPTwsNWdVHX1WH0+JxuoXk2izT1xRYIUFmoWS+YxOOABl0TrY8kPpg1bpwCDlhkoQwYRsTIeQJfSecT6e5nm/ivm9WNspkCgYEA/aavaeRlIt+peg0tAGjmik0igS66Zv/+seYdgBTLtMBOlSvPnqkI7gXBDHDnPLlRt80ysUrd6GIkUKI0xjU+RzwsRt/1266t4Mwg+zSzzHYZMvAaHXmz7x6w1gWWBZMm818aXe98s7Q7g/SvQ68Ylko5TAlTfKUXQVQkaLz208MCgYEA7FjenfWuyEmealCaC3pVDdPokJi3wnqZxKoDMjIY3nwszLA8lSAHeWNWxUCj9KIfUBhxxsr+X/EWj8Xc/Q35NY2UzjB+e3unAxTA09T/cl2+zLhW8KPSdOQ/5gv7xVUzi7R2Q7C09x9xq36i7s8x09xz8JReDYtcU1zAORshOKUCgYEAx0y/K27f4ITovxO3Nkk2S5jL8cDriZ6/Wry6lTbB0GYB2MexvLKIZ61xv/q+VkIuaUL7/74ZmkvyyMCKwup24rXu/Elg/pnD2YvKplcEpzRsHE/31Q0ZSltNCv0coYi75CHnr8NKslB9KvOI+p+LrBrp5kq1pIx7N0OL0BgZwM0CgYEA4gPaX5QioMZGB8Usiu1hiOes7xocII69naQ3ijj+L0TwUo32YWVPwHWO9PLr13VyHFZD96cHuxgCS1scCaLjPqM2OjeFvPByti+SdwCph+S+IWfnPBhtmfrsYEH1crAXqvHYZsMFS412Vlmz1kutiry24sn/Z1Rt5go8iF+5VUECgYBQEzxjjGwh1Y+HRKR8lYNg/nMA8d+wLdb0DoWSjuvXTZ7gaueifBmdpjj2LLfuh75DCpxOsNtJ/7p+B+bNru6Y9AbOi0oOaXFpka6N1pkU4IsrtDsZz3UjMfR43IilPMBi9XPvAA/XhYXmU54+8vPCWpisYCP8ipDkb5rdTI5R5A==" ], + "keyUse" : [ "SIG" ], + "certificate" : [ "MIICnTCCAYUCBgGCxQ66zzANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdxdWFya3VzMB4XDTIyMDgyMjEwMTU1M1oXDTMyMDgyMjEwMTczM1owEjEQMA4GA1UEAwwHcXVhcmt1czCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOott5T5uNqJr3ocIGWxmwNW4K28497dsvdSq9H8ZgoOF7PMSwNIgxTRap5eyjk02C0UmyzSFa8b9j0MUlkQ2GJWgBjMzMocEekWZoizNT7Fy4SLxJ0CzQB4QCKUoG19jBtpcDFf32pV9MzqLs//isTqzoC5RA+hfqzPS69NpTxQJvGZCqoqSILw1cFRZtFXhUcbuUPGIPFu6shw81Rjlc24hrfecI6b7LMPG5dUcR2VsOoraaBgBvPHX7QvYJA5wBEv/+cQZ2PB80u/uH3JxjezW7ApRL5GFgBi0RGwWctX20hP8n1AjiflmUkQ7RvzR+w2VTzJ311yxXwraaaMJK8CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAxmTlI3muToPlXrN/RZbfklFlCiIeUGDC2OMR5liZGhNVipOcIJYcQQA0U197uR+lGtHD+Shj3BBVpgKLQ+oh5Im9YNlrK8fOK6BYFAS7+KYSh/j3wiFKvQztxf+lyuoSQlmWCy4My4L/LnWD38ObAvgCeP9vY1nC1hfUW5L4KuXQQJqtr9nan3ByjHK67dyryUiSBTZICzF6EVn6uXBNsjpDzPdJ6Dc0eyoWjoUuQEiMDeuY8z4JaQtXXPFOeMPgKZ/d9kNMXvnv6JycpxWg6MunVP3iTpKVqaX2occAgpFqvJycxA9HNj8N0olBLLsVCNL5YHqoT3NB0wdZ2cboXw==" ], "priority" : [ "100" ] } } ] @@ -1087,7 +1228,124 @@ "internationalizationEnabled" : false, "supportedLocales" : [ ], "authenticationFlows" : [ { - "id" : "d6c3e282-a738-4b8b-98c2-378b9faf8344", + "id" : "880303ec-c883-4149-b104-ee590d73367c", + "alias" : "Account verification options", + "description" : "Method with which to verity the existing account", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-email-verification", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Verify Existing Account by Re-authentication", + "userSetupAllowed" : false + } ] + }, { + "id" : "184a1a17-135d-4c65-a4c9-686d944c9df0", + "alias" : "Authentication Options", + "description" : "Authentication options.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "basic-auth", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "basic-auth-otp", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-spnego", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 30, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "21f384bc-b470-4c4a-9bd4-d92475c8a467", + "alias" : "Browser - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-otp-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "c509b72b-02b1-4983-9ccf-13cb61a897a1", + "alias" : "Direct Grant - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "direct-grant-validate-otp", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "bd1485ba-940d-418b-b14e-140d1f0febd6", + "alias" : "First broker login - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-otp-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "4c8d142e-24b0-4389-8eed-21b7f6cea382", "alias" : "Handle Existing Account", "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", "providerId" : "basic-flow", @@ -1095,25 +1353,66 @@ "builtIn" : true, "authenticationExecutions" : [ { "authenticator" : "idp-confirm-link", + "authenticatorFlow" : false, "requirement" : "REQUIRED", "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : false, + "userSetupAllowed" : false }, { - "authenticator" : "idp-email-verification", - "requirement" : "ALTERNATIVE", + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Account verification options", + "userSetupAllowed" : false + } ] + }, { + "id" : "c3d38b32-7489-42e1-9f2f-ab3ab44a4b20", + "alias" : "Reset - Conditional OTP", + "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-otp", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "cdf5ccf3-f5ee-42fe-ac1e-87ebd883cd87", + "alias" : "User creation or linking", + "description" : "Flow for the existing/non-existing user alternatives", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "create unique user config", + "authenticator" : "idp-create-user-if-unique", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false }, { + "authenticatorFlow" : true, "requirement" : "ALTERNATIVE", - "priority" : 30, - "flowAlias" : "Verify Existing Account by Re-authentication", - "userSetupAllowed" : false, - "autheticatorFlow" : true + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Handle Existing Account", + "userSetupAllowed" : false } ] }, { - "id" : "4855860b-4009-4f1b-ba6b-60581618ea62", + "id" : "91db7259-f548-40a4-b79a-11e75c6e4b38", "alias" : "Verify Existing Account by Re-authentication", "description" : "Reauthentication of existing account", "providerId" : "basic-flow", @@ -1121,19 +1420,21 @@ "builtIn" : true, "authenticationExecutions" : [ { "authenticator" : "idp-username-password-form", + "authenticatorFlow" : false, "requirement" : "REQUIRED", "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : false, + "userSetupAllowed" : false }, { - "authenticator" : "auth-otp-form", - "requirement" : "OPTIONAL", + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : true, + "flowAlias" : "First broker login - Conditional OTP", + "userSetupAllowed" : false } ] }, { - "id" : "8a9872b0-65f1-47ff-9565-fa826ac64cd4", + "id" : "f97ff74d-b37d-4c53-8597-344d8aafba04", "alias" : "browser", "description" : "browser based authentication", "providerId" : "basic-flow", @@ -1141,31 +1442,35 @@ "builtIn" : true, "authenticationExecutions" : [ { "authenticator" : "auth-cookie", + "authenticatorFlow" : false, "requirement" : "ALTERNATIVE", "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : false, + "userSetupAllowed" : false }, { "authenticator" : "auth-spnego", + "authenticatorFlow" : false, "requirement" : "DISABLED", "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : false, + "userSetupAllowed" : false }, { "authenticator" : "identity-provider-redirector", + "authenticatorFlow" : false, "requirement" : "ALTERNATIVE", "priority" : 25, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : false, + "userSetupAllowed" : false }, { + "authenticatorFlow" : true, "requirement" : "ALTERNATIVE", "priority" : 30, + "autheticatorFlow" : true, "flowAlias" : "forms", - "userSetupAllowed" : false, - "autheticatorFlow" : true + "userSetupAllowed" : false } ] }, { - "id" : "51b8ed14-62b6-49b3-b602-0b51508349e0", + "id" : "dce6e6fe-71f8-471f-a846-5474b9bf6079", "alias" : "clients", "description" : "Base authentication for clients", "providerId" : "client-flow", @@ -1173,31 +1478,35 @@ "builtIn" : true, "authenticationExecutions" : [ { "authenticator" : "client-secret", + "authenticatorFlow" : false, "requirement" : "ALTERNATIVE", "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : false, + "userSetupAllowed" : false }, { "authenticator" : "client-jwt", + "authenticatorFlow" : false, "requirement" : "ALTERNATIVE", "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : false, + "userSetupAllowed" : false }, { "authenticator" : "client-secret-jwt", + "authenticatorFlow" : false, "requirement" : "ALTERNATIVE", "priority" : 30, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : false, + "userSetupAllowed" : false }, { "authenticator" : "client-x509", + "authenticatorFlow" : false, "requirement" : "ALTERNATIVE", "priority" : 40, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : false, + "userSetupAllowed" : false } ] }, { - "id" : "9b65133a-ee71-494a-a659-6804513fc30b", + "id" : "1834508b-29a6-4fd9-ae53-2facb69b0272", "alias" : "direct grant", "description" : "OpenID Connect Resource Owner Grant", "providerId" : "basic-flow", @@ -1205,25 +1514,28 @@ "builtIn" : true, "authenticationExecutions" : [ { "authenticator" : "direct-grant-validate-username", + "authenticatorFlow" : false, "requirement" : "REQUIRED", "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : false, + "userSetupAllowed" : false }, { "authenticator" : "direct-grant-validate-password", + "authenticatorFlow" : false, "requirement" : "REQUIRED", "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : false, + "userSetupAllowed" : false }, { - "authenticator" : "direct-grant-validate-otp", - "requirement" : "OPTIONAL", + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", "priority" : 30, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : true, + "flowAlias" : "Direct Grant - Conditional OTP", + "userSetupAllowed" : false } ] }, { - "id" : "f62bc4ad-25ac-4f83-963b-32820af3a683", + "id" : "45fa9807-f3b6-4828-8205-74b5472b1896", "alias" : "docker auth", "description" : "Used by Docker clients to authenticate against the IDP", "providerId" : "basic-flow", @@ -1231,13 +1543,14 @@ "builtIn" : true, "authenticationExecutions" : [ { "authenticator" : "docker-http-basic-authenticator", + "authenticatorFlow" : false, "requirement" : "REQUIRED", "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : false, + "userSetupAllowed" : false } ] }, { - "id" : "1b423fe7-f312-404c-903b-f1260a77259b", + "id" : "de577162-5071-41a8-8938-d6ae882cb63c", "alias" : "first broker login", "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", "providerId" : "basic-flow", @@ -1246,26 +1559,21 @@ "authenticationExecutions" : [ { "authenticatorConfig" : "review profile config", "authenticator" : "idp-review-profile", + "authenticatorFlow" : false, "requirement" : "REQUIRED", "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : false, + "userSetupAllowed" : false }, { - "authenticatorConfig" : "create unique user config", - "authenticator" : "idp-create-user-if-unique", - "requirement" : "ALTERNATIVE", + "authenticatorFlow" : true, + "requirement" : "REQUIRED", "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "requirement" : "ALTERNATIVE", - "priority" : 30, - "flowAlias" : "Handle Existing Account", - "userSetupAllowed" : false, - "autheticatorFlow" : true + "autheticatorFlow" : true, + "flowAlias" : "User creation or linking", + "userSetupAllowed" : false } ] }, { - "id" : "9c9530b3-e3c6-481b-99e8-1461a9752e8e", + "id" : "98b5750d-9cd4-4f44-870e-9f38f8e0fb40", "alias" : "forms", "description" : "Username, password, otp and other auth forms.", "providerId" : "basic-flow", @@ -1273,19 +1581,21 @@ "builtIn" : true, "authenticationExecutions" : [ { "authenticator" : "auth-username-password-form", + "authenticatorFlow" : false, "requirement" : "REQUIRED", "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : false, + "userSetupAllowed" : false }, { - "authenticator" : "auth-otp-form", - "requirement" : "OPTIONAL", + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : true, + "flowAlias" : "Browser - Conditional OTP", + "userSetupAllowed" : false } ] }, { - "id" : "70fb94ac-354c-4629-a5fe-5135d0137964", + "id" : "c6475f89-2c26-41ad-9b5c-5a1861a246d6", "alias" : "http challenge", "description" : "An authentication flow based on challenge-response HTTP Authentication Schemes", "providerId" : "basic-flow", @@ -1293,31 +1603,21 @@ "builtIn" : true, "authenticationExecutions" : [ { "authenticator" : "no-cookie-redirect", + "authenticatorFlow" : false, "requirement" : "REQUIRED", "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : false, + "userSetupAllowed" : false }, { - "authenticator" : "basic-auth", + "authenticatorFlow" : true, "requirement" : "REQUIRED", "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "basic-auth-otp", - "requirement" : "DISABLED", - "priority" : 30, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "auth-spnego", - "requirement" : "DISABLED", - "priority" : 40, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : true, + "flowAlias" : "Authentication Options", + "userSetupAllowed" : false } ] }, { - "id" : "08292a4a-6722-4e33-a5d9-354c2628f567", + "id" : "d4c78410-40e6-44da-8e64-3aa93da7bf2e", "alias" : "registration", "description" : "registration flow", "providerId" : "basic-flow", @@ -1325,14 +1625,15 @@ "builtIn" : true, "authenticationExecutions" : [ { "authenticator" : "registration-page-form", + "authenticatorFlow" : true, "requirement" : "REQUIRED", "priority" : 10, + "autheticatorFlow" : true, "flowAlias" : "registration form", - "userSetupAllowed" : false, - "autheticatorFlow" : true + "userSetupAllowed" : false } ] }, { - "id" : "668dc4b6-fe1a-4d24-ab5b-bc76e20ac390", + "id" : "e574f67a-f073-44a6-a8dd-8981295ce42d", "alias" : "registration form", "description" : "registration form", "providerId" : "form-flow", @@ -1340,31 +1641,35 @@ "builtIn" : true, "authenticationExecutions" : [ { "authenticator" : "registration-user-creation", + "authenticatorFlow" : false, "requirement" : "REQUIRED", "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : false, + "userSetupAllowed" : false }, { "authenticator" : "registration-profile-action", + "authenticatorFlow" : false, "requirement" : "REQUIRED", "priority" : 40, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : false, + "userSetupAllowed" : false }, { "authenticator" : "registration-password-action", + "authenticatorFlow" : false, "requirement" : "REQUIRED", "priority" : 50, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : false, + "userSetupAllowed" : false }, { "authenticator" : "registration-recaptcha-action", + "authenticatorFlow" : false, "requirement" : "DISABLED", "priority" : 60, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : false, + "userSetupAllowed" : false } ] }, { - "id" : "a0e191f0-ce9a-4a75-b6e4-97332b05f7e5", + "id" : "ee48ba58-5c24-4c99-b866-4896c35b6f08", "alias" : "reset credentials", "description" : "Reset credentials for a user if they forgot their password or something", "providerId" : "basic-flow", @@ -1372,31 +1677,35 @@ "builtIn" : true, "authenticationExecutions" : [ { "authenticator" : "reset-credentials-choose-user", + "authenticatorFlow" : false, "requirement" : "REQUIRED", "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : false, + "userSetupAllowed" : false }, { "authenticator" : "reset-credential-email", + "authenticatorFlow" : false, "requirement" : "REQUIRED", "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : false, + "userSetupAllowed" : false }, { "authenticator" : "reset-password", + "authenticatorFlow" : false, "requirement" : "REQUIRED", "priority" : 30, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : false, + "userSetupAllowed" : false }, { - "authenticator" : "reset-otp", - "requirement" : "OPTIONAL", + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", "priority" : 40, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : true, + "flowAlias" : "Reset - Conditional OTP", + "userSetupAllowed" : false } ] }, { - "id" : "ad4beb21-8e9a-4fca-af41-0f757169f26c", + "id" : "d3922b2b-abb0-4afd-9c5e-6616af0e6ab9", "alias" : "saml ecp", "description" : "SAML ECP Profile Authentication Flow", "providerId" : "basic-flow", @@ -1404,20 +1713,21 @@ "builtIn" : true, "authenticationExecutions" : [ { "authenticator" : "http-basic-authenticator", + "authenticatorFlow" : false, "requirement" : "REQUIRED", "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false + "autheticatorFlow" : false, + "userSetupAllowed" : false } ] } ], "authenticatorConfig" : [ { - "id" : "25632f91-6071-423a-8e9c-7322cdc1b011", + "id" : "1e7e9e2a-5a86-4663-90e0-dca022dd3f60", "alias" : "create unique user config", "config" : { "require.password.update.after.registration" : "false" } }, { - "id" : "02d7f70b-1ebc-4e72-a65c-d94a600895ac", + "id" : "755cc868-c0b3-41a0-bc6d-51839ed86fc5", "alias" : "review profile config", "config" : { "update.profile.on.first.login" : "missing" @@ -1463,6 +1773,38 @@ "defaultAction" : false, "priority" : 50, "config" : { } + }, { + "alias" : "delete_account", + "name" : "Delete Account", + "providerId" : "delete_account", + "enabled" : false, + "defaultAction" : false, + "priority" : 60, + "config" : { } + }, { + "alias" : "webauthn-register", + "name" : "Webauthn Register", + "providerId" : "webauthn-register", + "enabled" : true, + "defaultAction" : false, + "priority" : 70, + "config" : { } + }, { + "alias" : "webauthn-register-passwordless", + "name" : "Webauthn Register Passwordless", + "providerId" : "webauthn-register-passwordless", + "enabled" : true, + "defaultAction" : false, + "priority" : 80, + "config" : { } + }, { + "alias" : "update_user_locale", + "name" : "Update User Locale", + "providerId" : "update_user_locale", + "enabled" : true, + "defaultAction" : false, + "priority" : 1000, + "config" : { } } ], "browserFlow" : "browser", "registrationFlow" : "registration", @@ -1471,25 +1813,13 @@ "clientAuthenticationFlow" : "clients", "dockerAuthenticationFlow" : "docker auth", "attributes" : { - "_browser_header.xXSSProtection" : "1; mode=block", - "_browser_header.xFrameOptions" : "SAMEORIGIN", - "_browser_header.strictTransportSecurity" : "max-age=31536000; includeSubDomains", - "permanentLockout" : "false", - "quickLoginCheckMilliSeconds" : "1000", - "_browser_header.xRobotsTag" : "none", - "maxFailureWaitSeconds" : "900", - "minimumQuickLoginWaitSeconds" : "60", - "failureFactor" : "30", - "actionTokenGeneratedByUserLifespan" : "300", - "maxDeltaTimeSeconds" : "43200", - "_browser_header.xContentTypeOptions" : "nosniff", - "offlineSessionMaxLifespan" : "5184000", - "actionTokenGeneratedByAdminLifespan" : "43200", - "_browser_header.contentSecurityPolicyReportOnly" : "", - "bruteForceProtected" : "false", - "_browser_header.contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - "waitIncrementSeconds" : "60", - "offlineSessionMaxLifespanEnabled" : "false" + "cibaBackchannelTokenDeliveryMode" : "poll", + "cibaExpiresIn" : "120", + "cibaAuthRequestedUserHint" : "login_hint", + "oauth2DeviceCodeLifespan" : "600", + "oauth2DevicePollingInterval" : "5", + "parRequestUriLifespan" : "60", + "cibaInterval" : "5" }, "users" : [ { "id" : "af134cab-f41c-4675-b141-205f975db679", @@ -1537,30 +1867,13 @@ "realmRoles" : [ "user" ], "notBefore" : 0, "groups" : [ ] - }, { - "id" : "1eed6a8e-a853-4597-b4c6-c4c2533546a0", - "username" : "jdoe", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "credentials" : [ { - "type" : "password", - "hashedSaltedValue" : "JV3DUNLjqOadjbBOtC4rvacQI553CGaDGAzBS8MR5ReCr7SwF3E6CsW3T7/XO8ITZAsch8+A/6loeuCoVLLJrg==", - "salt" : "uCbOH7HZtyDtMd0E9DG/nw==", - "hashIterations" : 27500, - "counter" : 0, - "algorithm" : "pbkdf2-sha256", - "digits" : 0, - "period" : 0, - "createdDate" : 1554245879227, - "config" : { } - } ], - "disableableCredentialTypes" : [ "password" ], - "requiredActions" : [ ], - "realmRoles" : [ "confidential", "user" ], - "notBefore" : 0, - "groups" : [ ] - } ], - "keycloakVersion" : "6.0.0", - "userManagedAccessAllowed" : false + }], + "keycloakVersion" : "19.0.1", + "userManagedAccessAllowed" : false, + "clientProfiles" : { + "profiles" : [ ] + }, + "clientPolicies" : { + "policies" : [ ] + } }