diff --git a/templates/keycloak_realm_import.yaml-test b/templates/keycloak_realm_import.yaml-test deleted file mode 100644 index 20c6e85..0000000 --- a/templates/keycloak_realm_import.yaml-test +++ /dev/null @@ -1,1945 +0,0 @@ -apiVersion: k8s.keycloak.org/v2alpha1 -kind: KeycloakRealmImport -metadata: - name: keycloak-realm-mobene - namespace: mobene-keycloak -spec: - keycloakCRName: keycloak-oidc - realm: - id: bfb1988b-2800-4230-a6bd-819ae7281698 - realm: mobene - notBefore: 0 - defaultSignatureAlgorithm: RS256 - revokeRefreshToken: false - refreshTokenMaxReuse: 0 - accessTokenLifespan: 300 - accessTokenLifespanForImplicitFlow: 900 - ssoSessionIdleTimeout: 1800 - ssoSessionMaxLifespan: 36000 - ssoSessionIdleTimeoutRememberMe: 0 - ssoSessionMaxLifespanRememberMe: 0 - offlineSessionIdleTimeout: 2592000 - offlineSessionMaxLifespanEnabled: false - offlineSessionMaxLifespan: 5184000 - clientSessionIdleTimeout: 0 - clientSessionMaxLifespan: 0 - clientOfflineSessionIdleTimeout: 0 - clientOfflineSessionMaxLifespan: 0 - accessCodeLifespan: 60 - accessCodeLifespanUserAction: 300 - accessCodeLifespanLogin: 1800 - actionTokenGeneratedByAdminLifespan: 43200 - actionTokenGeneratedByUserLifespan: 300 - oauth2DeviceCodeLifespan: 600 - oauth2DevicePollingInterval: 5 - enabled: true - sslRequired: external - registrationAllowed: false - registrationEmailAsUsername: false - rememberMe: false - verifyEmail: false - loginWithEmailAllowed: false - duplicateEmailsAllowed: false - resetPasswordAllowed: false - editUsernameAllowed: false - bruteForceProtected: false - permanentLockout: false - maxFailureWaitSeconds: 900 - minimumQuickLoginWaitSeconds: 60 - waitIncrementSeconds: 60 - quickLoginCheckMilliSeconds: 1000 - maxDeltaTimeSeconds: 43200 - failureFactor: 30 - roles: - realm: - - id: 2a9238d8-b3af-4354-bd59-2079d83f92b4 - name: uma_authorization - description: "${role_uma_authorization}" - composite: false - clientRole: false - containerId: bfb1988b-2800-4230-a6bd-819ae7281698 - attributes: {} - - id: f6d774a1-cbcc-4785-a5eb-a8a625fed9b2 - name: offline_access - description: "${role_offline-access}" - composite: false - clientRole: false - containerId: bfb1988b-2800-4230-a6bd-819ae7281698 - attributes: {} - - id: 901dba93-4920-40ff-82b8-a5dc8dc1c30a - name: default-roles-mobene - description: "${role_default-roles}" - composite: true - composites: - realm: - - offline_access - - uma_authorization - client: - account: - - view-profile - - manage-account - clientRole: false - containerId: bfb1988b-2800-4230-a6bd-819ae7281698 - attributes: {} - client: - realm-management: - - id: c9226008-369d-4104-8883-6a9e6ba79541 - name: manage-events - description: "${role_manage-events}" - composite: false - clientRole: true - containerId: e552a2bd-b2f7-4ced-8244-6090b2f72c48 - attributes: {} - - id: aaaf6377-5526-4b10-b8cc-7d3065ed7cf8 - name: query-groups - description: "${role_query-groups}" - composite: false - clientRole: true - containerId: e552a2bd-b2f7-4ced-8244-6090b2f72c48 - attributes: {} - - id: b7eee8a9-17e0-4f03-99b8-108be8c7bc85 - name: query-users - description: "${role_query-users}" - composite: false - clientRole: true - containerId: e552a2bd-b2f7-4ced-8244-6090b2f72c48 - attributes: {} - - id: 2910e721-52da-460c-afb3-59eb5aa1d6f8 - name: manage-authorization - description: "${role_manage-authorization}" - composite: false - clientRole: true - containerId: e552a2bd-b2f7-4ced-8244-6090b2f72c48 - attributes: {} - - id: 43c31132-e5e8-45d1-8783-e610ba7cd45e - name: view-realm - description: "${role_view-realm}" - composite: false - clientRole: true - containerId: e552a2bd-b2f7-4ced-8244-6090b2f72c48 - attributes: {} - - id: 33453bfc-b486-4e04-a688-3391b651c086 - name: manage-users - description: "${role_manage-users}" - composite: false - clientRole: true - containerId: e552a2bd-b2f7-4ced-8244-6090b2f72c48 - attributes: {} - - id: ec47c40d-f14f-41e0-a781-6a34ae4b5b04 - name: query-clients - description: "${role_query-clients}" - composite: false - clientRole: true - containerId: e552a2bd-b2f7-4ced-8244-6090b2f72c48 - attributes: {} - - id: a70ae54f-ca15-4f1a-b153-318b8583258d - name: view-clients - description: "${role_view-clients}" - composite: true - composites: - client: - realm-management: - - query-clients - clientRole: true - containerId: e552a2bd-b2f7-4ced-8244-6090b2f72c48 - attributes: {} - - id: 9e07b31d-ef22-4580-b8c4-4c72bf7bde4a - name: view-events - description: "${role_view-events}" - composite: false - clientRole: true - containerId: e552a2bd-b2f7-4ced-8244-6090b2f72c48 - attributes: {} - - id: c3e6e3ea-2f56-46d9-a03b-9bcbe8170da6 - name: manage-clients - description: "${role_manage-clients}" - composite: false - clientRole: true - containerId: e552a2bd-b2f7-4ced-8244-6090b2f72c48 - attributes: {} - - id: e4e73526-08e9-41c8-90e8-520d499470c4 - name: view-identity-providers - description: "${role_view-identity-providers}" - composite: false - clientRole: true - containerId: e552a2bd-b2f7-4ced-8244-6090b2f72c48 - attributes: {} - - id: 92214a58-fd0b-4dad-9651-8d92b911e4b3 - name: impersonation - description: "${role_impersonation}" - composite: false - clientRole: true - containerId: e552a2bd-b2f7-4ced-8244-6090b2f72c48 - attributes: {} - - id: 7971518f-377f-485b-8867-4181bb4e9197 - name: query-realms - description: "${role_query-realms}" - composite: false - clientRole: true - containerId: e552a2bd-b2f7-4ced-8244-6090b2f72c48 - attributes: {} - - id: 6f8ccd8a-5992-4809-9155-7a28cc3507b6 - name: manage-identity-providers - description: "${role_manage-identity-providers}" - composite: false - clientRole: true - containerId: e552a2bd-b2f7-4ced-8244-6090b2f72c48 - attributes: {} - - id: 074e626e-b2c3-46e0-97d3-04579ca8b03a - name: manage-realm - description: "${role_manage-realm}" - composite: false - clientRole: true - containerId: e552a2bd-b2f7-4ced-8244-6090b2f72c48 - attributes: {} - - id: c9b6ba15-c7dd-49ce-ad43-77e645d8d52d - name: view-authorization - description: "${role_view-authorization}" - composite: false - clientRole: true - containerId: e552a2bd-b2f7-4ced-8244-6090b2f72c48 - attributes: {} - - id: 8b0f5ca6-d39e-4937-a59b-05a1b631b1c9 - name: create-client - description: "${role_create-client}" - composite: false - clientRole: true - containerId: e552a2bd-b2f7-4ced-8244-6090b2f72c48 - attributes: {} - - id: 0c3590cb-2637-4b84-8ff9-9adcaf70f17f - name: view-users - description: "${role_view-users}" - composite: true - composites: - client: - realm-management: - - query-groups - - query-users - clientRole: true - containerId: e552a2bd-b2f7-4ced-8244-6090b2f72c48 - attributes: {} - - id: 48c12007-2a84-4f77-bcf6-c1c57154777e - name: realm-admin - description: "${role_realm-admin}" - composite: true - composites: - client: - realm-management: - - manage-events - - query-groups - - query-users - - manage-authorization - - view-realm - - manage-users - - query-clients - - view-clients - - view-events - - view-identity-providers - - manage-clients - - query-realms - - impersonation - - manage-identity-providers - - manage-realm - - view-authorization - - create-client - - view-users - clientRole: true - containerId: e552a2bd-b2f7-4ced-8244-6090b2f72c48 - attributes: {} - cusqa-connect: [] - security-admin-console: [] - cusqa-wordpress: [] - admin-cli: [] - cusprod-connect: [] - nsodev-wordpress: [] - account-console: [] - cusprod-wordpress: [] - nsodev-connect: [] - broker: - - id: 81ca3c13-7475-4e62-8a7d-89b67c7921ae - name: read-token - description: "${role_read-token}" - composite: false - clientRole: true - containerId: 03a053ea-5d0f-4e7b-af16-bfb44f21d937 - attributes: {} - account: - - id: 1720b7f0-de16-41d8-86eb-7774794cf885 - name: manage-account-links - description: "${role_manage-account-links}" - composite: false - clientRole: true - containerId: a485f7fd-bce2-45d1-ae86-06eddf7e2b8b - attributes: {} - - id: a36d55a9-647b-433f-a438-190cd0aa8455 - name: view-groups - description: "${role_view-groups}" - composite: false - clientRole: true - containerId: a485f7fd-bce2-45d1-ae86-06eddf7e2b8b - attributes: {} - - id: c254ff7e-b3f6-40b7-bde0-cf33c3084ac7 - name: manage-consent - description: "${role_manage-consent}" - composite: true - composites: - client: - account: - - view-consent - clientRole: true - containerId: a485f7fd-bce2-45d1-ae86-06eddf7e2b8b - attributes: {} - - id: ee6b2ba5-1867-41a8-a55a-4dd2cf0317a5 - name: view-profile - description: "${role_view-profile}" - composite: false - clientRole: true - containerId: a485f7fd-bce2-45d1-ae86-06eddf7e2b8b - attributes: {} - - id: 0fc06305-ef99-4768-9652-996ebd7fda4b - name: view-consent - description: "${role_view-consent}" - composite: false - clientRole: true - containerId: a485f7fd-bce2-45d1-ae86-06eddf7e2b8b - attributes: {} - - id: 4f6e764a-3671-46c8-bbff-5b9bbe73218c - name: delete-account - description: "${role_delete-account}" - composite: false - clientRole: true - containerId: a485f7fd-bce2-45d1-ae86-06eddf7e2b8b - attributes: {} - - id: 6d7773a2-fb60-4844-9dad-c29ce47c06dd - name: manage-account - description: "${role_manage-account}" - composite: true - composites: - client: - account: - - manage-account-links - clientRole: true - containerId: a485f7fd-bce2-45d1-ae86-06eddf7e2b8b - attributes: {} - - id: c4de5bd3-9687-41cf-b85f-bc1683097aa3 - name: view-applications - description: "${role_view-applications}" - composite: false - clientRole: true - containerId: a485f7fd-bce2-45d1-ae86-06eddf7e2b8b - attributes: {} - groups: [] - defaultRole: - id: 901dba93-4920-40ff-82b8-a5dc8dc1c30a - name: default-roles-mobene - description: "${role_default-roles}" - composite: true - clientRole: false - containerId: bfb1988b-2800-4230-a6bd-819ae7281698 - requiredCredentials: - - password - otpPolicyType: totp - otpPolicyAlgorithm: HmacSHA1 - otpPolicyInitialCounter: 0 - otpPolicyDigits: 6 - otpPolicyLookAheadWindow: 1 - otpPolicyPeriod: 30 - otpPolicyCodeReusable: false - otpSupportedApplications: - - totpAppGoogleName - - totpAppFreeOTPName - webAuthnPolicyRpEntityName: keycloak - webAuthnPolicySignatureAlgorithms: - - ES256 - webAuthnPolicyRpId: '' - webAuthnPolicyAttestationConveyancePreference: not specified - webAuthnPolicyAuthenticatorAttachment: not specified - webAuthnPolicyRequireResidentKey: not specified - webAuthnPolicyUserVerificationRequirement: not specified - webAuthnPolicyCreateTimeout: 0 - webAuthnPolicyAvoidSameAuthenticatorRegister: false - webAuthnPolicyAcceptableAaguids: [] - webAuthnPolicyPasswordlessRpEntityName: keycloak - webAuthnPolicyPasswordlessSignatureAlgorithms: - - ES256 - webAuthnPolicyPasswordlessRpId: '' - webAuthnPolicyPasswordlessAttestationConveyancePreference: not specified - webAuthnPolicyPasswordlessAuthenticatorAttachment: not specified - webAuthnPolicyPasswordlessRequireResidentKey: not specified - webAuthnPolicyPasswordlessUserVerificationRequirement: not specified - webAuthnPolicyPasswordlessCreateTimeout: 0 - webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister: false - webAuthnPolicyPasswordlessAcceptableAaguids: [] - scopeMappings: - - clientScope: offline_access - roles: - - offline_access - clientScopeMappings: - account: - - client: account-console - roles: - - manage-account - - view-groups - clients: - - id: a485f7fd-bce2-45d1-ae86-06eddf7e2b8b - clientId: account - name: "${client_account}" - rootUrl: "${authBaseUrl}" - baseUrl: "/realms/mobene/account/" - surrogateAuthRequired: false - enabled: true - alwaysDisplayInConsole: false - clientAuthenticatorType: client-secret - redirectUris: - - "/realms/mobene/account/*" - webOrigins: [] - notBefore: 0 - bearerOnly: false - consentRequired: false - standardFlowEnabled: true - implicitFlowEnabled: false - directAccessGrantsEnabled: false - serviceAccountsEnabled: false - publicClient: true - frontchannelLogout: false - protocol: openid-connect - attributes: - post.logout.redirect.uris: "+" - authenticationFlowBindingOverrides: {} - fullScopeAllowed: false - nodeReRegistrationTimeout: 0 - defaultClientScopes: - - web-origins - - acr - - profile - - roles - - email - optionalClientScopes: - - address - - phone - - offline_access - - microprofile-jwt - - id: b5adeabf-5360-4227-87fc-7a115ed72e62 - clientId: account-console - name: "${client_account-console}" - rootUrl: "${authBaseUrl}" - baseUrl: "/realms/mobene/account/" - surrogateAuthRequired: false - enabled: true - alwaysDisplayInConsole: false - clientAuthenticatorType: client-secret - redirectUris: - - "/realms/mobene/account/*" - webOrigins: [] - notBefore: 0 - bearerOnly: false - consentRequired: false - standardFlowEnabled: true - implicitFlowEnabled: false - directAccessGrantsEnabled: false - serviceAccountsEnabled: false - publicClient: true - frontchannelLogout: false - protocol: openid-connect - attributes: - post.logout.redirect.uris: "+" - pkce.code.challenge.method: S256 - authenticationFlowBindingOverrides: {} - fullScopeAllowed: false - nodeReRegistrationTimeout: 0 - protocolMappers: - - id: 2e083b42-d172-45e3-94a1-bb28ef3a5fab - name: audience resolve - protocol: openid-connect - protocolMapper: oidc-audience-resolve-mapper - consentRequired: false - config: {} - defaultClientScopes: - - web-origins - - acr - - profile - - roles - - email - optionalClientScopes: - - address - - phone - - offline_access - - microprofile-jwt - - id: 5b32f4f8-4def-43ac-b09b-14dd2ccf5e6c - clientId: admin-cli - name: "${client_admin-cli}" - surrogateAuthRequired: false - enabled: true - alwaysDisplayInConsole: false - clientAuthenticatorType: client-secret - redirectUris: [] - webOrigins: [] - notBefore: 0 - bearerOnly: false - consentRequired: false - standardFlowEnabled: false - implicitFlowEnabled: false - directAccessGrantsEnabled: true - serviceAccountsEnabled: false - publicClient: true - frontchannelLogout: false - protocol: openid-connect - attributes: {} - authenticationFlowBindingOverrides: {} - fullScopeAllowed: false - nodeReRegistrationTimeout: 0 - defaultClientScopes: - - web-origins - - acr - - profile - - roles - - email - optionalClientScopes: - - address - - phone - - offline_access - - microprofile-jwt - - id: 03a053ea-5d0f-4e7b-af16-bfb44f21d937 - clientId: broker - name: "${client_broker}" - surrogateAuthRequired: false - enabled: true - alwaysDisplayInConsole: false - clientAuthenticatorType: client-secret - redirectUris: [] - webOrigins: [] - notBefore: 0 - bearerOnly: true - consentRequired: false - standardFlowEnabled: true - implicitFlowEnabled: false - directAccessGrantsEnabled: false - serviceAccountsEnabled: false - publicClient: false - frontchannelLogout: false - protocol: openid-connect - attributes: {} - authenticationFlowBindingOverrides: {} - fullScopeAllowed: false - nodeReRegistrationTimeout: 0 - defaultClientScopes: - - web-origins - - acr - - profile - - roles - - email - optionalClientScopes: - - address - - phone - - offline_access - - microprofile-jwt - - id: c6d9d6c3-6c11-4a67-b4d3-81867f9e94ba - clientId: cusprod-connect - name: cusprod-connect - description: '' - rootUrl: '' - adminUrl: '' - baseUrl: '' - surrogateAuthRequired: false - enabled: true - alwaysDisplayInConsole: false - clientAuthenticatorType: client-secret - redirectUris: [] - webOrigins: [] - notBefore: 0 - bearerOnly: false - consentRequired: false - standardFlowEnabled: true - implicitFlowEnabled: false - directAccessGrantsEnabled: true - serviceAccountsEnabled: false - publicClient: true - frontchannelLogout: true - protocol: openid-connect - attributes: - oidc.ciba.grant.enabled: 'false' - oauth2.device.authorization.grant.enabled: 'false' - display.on.consent.screen: 'false' - backchannel.logout.session.required: 'true' - backchannel.logout.revoke.offline.tokens: 'false' - authenticationFlowBindingOverrides: {} - fullScopeAllowed: true - nodeReRegistrationTimeout: -1 - defaultClientScopes: - - web-origins - - acr - - profile - - roles - - email - optionalClientScopes: - - address - - phone - - offline_access - - microprofile-jwt - - id: 96ec3af2-99fb-480a-b438-0cb017004e8d - clientId: cusprod-wordpress - name: cusprod-wordpress - description: '' - rootUrl: '' - adminUrl: '' - baseUrl: '' - surrogateAuthRequired: false - enabled: true - alwaysDisplayInConsole: false - clientAuthenticatorType: client-secret - redirectUris: [] - webOrigins: [] - notBefore: 0 - bearerOnly: false - consentRequired: false - standardFlowEnabled: true - implicitFlowEnabled: false - directAccessGrantsEnabled: true - serviceAccountsEnabled: false - publicClient: true - frontchannelLogout: true - protocol: openid-connect - attributes: - oidc.ciba.grant.enabled: 'false' - oauth2.device.authorization.grant.enabled: 'false' - display.on.consent.screen: 'false' - backchannel.logout.session.required: 'true' - backchannel.logout.revoke.offline.tokens: 'false' - authenticationFlowBindingOverrides: {} - fullScopeAllowed: true - nodeReRegistrationTimeout: -1 - defaultClientScopes: - - web-origins - - acr - - profile - - roles - - email - optionalClientScopes: - - address - - phone - - offline_access - - microprofile-jwt - - id: 5bc08f6a-c928-4e94-ab1f-fd006784e0b6 - clientId: cusqa-connect - name: cusqa-connect - description: '' - rootUrl: '' - adminUrl: '' - baseUrl: '' - surrogateAuthRequired: false - enabled: true - alwaysDisplayInConsole: false - clientAuthenticatorType: client-secret - redirectUris: [] - webOrigins: [] - notBefore: 0 - bearerOnly: false - consentRequired: false - standardFlowEnabled: true - implicitFlowEnabled: false - directAccessGrantsEnabled: true - serviceAccountsEnabled: false - publicClient: true - frontchannelLogout: true - protocol: openid-connect - attributes: - oidc.ciba.grant.enabled: 'false' - oauth2.device.authorization.grant.enabled: 'false' - display.on.consent.screen: 'false' - backchannel.logout.session.required: 'true' - backchannel.logout.revoke.offline.tokens: 'false' - authenticationFlowBindingOverrides: {} - fullScopeAllowed: true - nodeReRegistrationTimeout: -1 - defaultClientScopes: - - web-origins - - acr - - profile - - roles - - email - optionalClientScopes: - - address - - phone - - offline_access - - microprofile-jwt - - id: 20ca64e7-dec1-48cd-ad1b-ae66fda9b057 - clientId: cusqa-wordpress - name: cusqa-wordpress - description: '' - rootUrl: '' - adminUrl: '' - baseUrl: '' - surrogateAuthRequired: false - enabled: true - alwaysDisplayInConsole: false - clientAuthenticatorType: client-secret - redirectUris: [] - webOrigins: [] - notBefore: 0 - bearerOnly: false - consentRequired: false - standardFlowEnabled: true - implicitFlowEnabled: false - directAccessGrantsEnabled: true - serviceAccountsEnabled: false - publicClient: true - frontchannelLogout: true - protocol: openid-connect - attributes: - oidc.ciba.grant.enabled: 'false' - oauth2.device.authorization.grant.enabled: 'false' - display.on.consent.screen: 'false' - backchannel.logout.session.required: 'true' - backchannel.logout.revoke.offline.tokens: 'false' - authenticationFlowBindingOverrides: {} - fullScopeAllowed: true - nodeReRegistrationTimeout: -1 - defaultClientScopes: - - web-origins - - acr - - profile - - roles - - email - optionalClientScopes: - - address - - phone - - offline_access - - microprofile-jwt - - id: 952f5b8a-522b-41b7-b6dc-48ae62147b01 - clientId: nsodev-connect - name: nsodev-connect - description: '' - rootUrl: '' - adminUrl: '' - baseUrl: '' - surrogateAuthRequired: false - enabled: true - alwaysDisplayInConsole: false - clientAuthenticatorType: client-secret - redirectUris: [] - webOrigins: [] - notBefore: 0 - bearerOnly: false - consentRequired: false - standardFlowEnabled: true - implicitFlowEnabled: false - directAccessGrantsEnabled: true - serviceAccountsEnabled: false - publicClient: true - frontchannelLogout: true - protocol: openid-connect - attributes: - oidc.ciba.grant.enabled: 'false' - oauth2.device.authorization.grant.enabled: 'false' - display.on.consent.screen: 'false' - backchannel.logout.session.required: 'true' - backchannel.logout.revoke.offline.tokens: 'false' - authenticationFlowBindingOverrides: {} - fullScopeAllowed: true - nodeReRegistrationTimeout: -1 - defaultClientScopes: - - web-origins - - acr - - profile - - roles - - email - optionalClientScopes: - - address - - phone - - offline_access - - microprofile-jwt - - id: 1dad0137-3232-4c81-a9e7-c75bfff2ee4e - clientId: nsodev-wordpress - name: nsodev-wordpress - description: '' - rootUrl: '' - adminUrl: '' - baseUrl: '' - surrogateAuthRequired: false - enabled: true - alwaysDisplayInConsole: false - clientAuthenticatorType: client-secret - redirectUris: [] - webOrigins: [] - notBefore: 0 - bearerOnly: false - consentRequired: false - standardFlowEnabled: true - implicitFlowEnabled: false - directAccessGrantsEnabled: true - serviceAccountsEnabled: false - publicClient: true - frontchannelLogout: true - protocol: openid-connect - attributes: - oidc.ciba.grant.enabled: 'false' - oauth2.device.authorization.grant.enabled: 'false' - display.on.consent.screen: 'false' - backchannel.logout.session.required: 'true' - backchannel.logout.revoke.offline.tokens: 'false' - authenticationFlowBindingOverrides: {} - fullScopeAllowed: true - nodeReRegistrationTimeout: -1 - defaultClientScopes: - - web-origins - - acr - - profile - - roles - - email - optionalClientScopes: - - address - - phone - - offline_access - - microprofile-jwt - - id: e552a2bd-b2f7-4ced-8244-6090b2f72c48 - clientId: realm-management - name: "${client_realm-management}" - surrogateAuthRequired: false - enabled: true - alwaysDisplayInConsole: false - clientAuthenticatorType: client-secret - redirectUris: [] - webOrigins: [] - notBefore: 0 - bearerOnly: true - consentRequired: false - standardFlowEnabled: true - implicitFlowEnabled: false - directAccessGrantsEnabled: false - serviceAccountsEnabled: false - publicClient: false - frontchannelLogout: false - protocol: openid-connect - attributes: {} - authenticationFlowBindingOverrides: {} - fullScopeAllowed: false - nodeReRegistrationTimeout: 0 - defaultClientScopes: - - web-origins - - acr - - profile - - roles - - email - optionalClientScopes: - - address - - phone - - offline_access - - microprofile-jwt - - id: ef958514-0cf7-4aac-b602-d8f83fb0a4e7 - clientId: security-admin-console - name: "${client_security-admin-console}" - rootUrl: "${authAdminUrl}" - baseUrl: "/admin/mobene/console/" - surrogateAuthRequired: false - enabled: true - alwaysDisplayInConsole: false - clientAuthenticatorType: client-secret - redirectUris: - - "/admin/mobene/console/*" - webOrigins: - - "+" - notBefore: 0 - bearerOnly: false - consentRequired: false - standardFlowEnabled: true - implicitFlowEnabled: false - directAccessGrantsEnabled: false - serviceAccountsEnabled: false - publicClient: true - frontchannelLogout: false - protocol: openid-connect - attributes: - post.logout.redirect.uris: "+" - pkce.code.challenge.method: S256 - authenticationFlowBindingOverrides: {} - fullScopeAllowed: false - nodeReRegistrationTimeout: 0 - protocolMappers: - - id: ef5982c3-9ef9-4949-88a7-5f0c003b0203 - name: locale - protocol: openid-connect - protocolMapper: oidc-usermodel-attribute-mapper - consentRequired: false - config: - userinfo.token.claim: 'true' - user.attribute: locale - id.token.claim: 'true' - access.token.claim: 'true' - claim.name: locale - jsonType.label: String - defaultClientScopes: - - web-origins - - acr - - profile - - roles - - email - optionalClientScopes: - - address - - phone - - offline_access - - microprofile-jwt - clientScopes: - - id: b6a127fa-daf0-4cf7-9aeb-f3e48d82a4f6 - name: profile - description: 'OpenID Connect built-in scope: profile' - protocol: openid-connect - attributes: - include.in.token.scope: 'true' - display.on.consent.screen: 'true' - consent.screen.text: "${profileScopeConsentText}" - protocolMappers: - - id: d620a6dc-0442-47a0-be52-f963259f3157 - name: full name - protocol: openid-connect - protocolMapper: oidc-full-name-mapper - consentRequired: false - config: - id.token.claim: 'true' - access.token.claim: 'true' - userinfo.token.claim: 'true' - - id: f8867f25-421d-4fad-84dd-0ee9dbf07db3 - name: nickname - protocol: openid-connect - protocolMapper: oidc-usermodel-attribute-mapper - consentRequired: false - config: - userinfo.token.claim: 'true' - user.attribute: nickname - id.token.claim: 'true' - access.token.claim: 'true' - claim.name: nickname - jsonType.label: String - - id: 40b20e3e-db96-4046-bb9e-06f6cfb69252 - name: website - protocol: openid-connect - protocolMapper: oidc-usermodel-attribute-mapper - consentRequired: false - config: - userinfo.token.claim: 'true' - user.attribute: website - id.token.claim: 'true' - access.token.claim: 'true' - claim.name: website - jsonType.label: String - - id: e25f206a-affc-4fd5-b1cb-6cf6b4fd5241 - name: middle name - protocol: openid-connect - protocolMapper: oidc-usermodel-attribute-mapper - consentRequired: false - config: - userinfo.token.claim: 'true' - user.attribute: middleName - id.token.claim: 'true' - access.token.claim: 'true' - claim.name: middle_name - jsonType.label: String - - id: 615087f9-8efe-4e03-9bbc-8e4d723f7f01 - name: birthdate - protocol: openid-connect - protocolMapper: oidc-usermodel-attribute-mapper - consentRequired: false - config: - userinfo.token.claim: 'true' - user.attribute: birthdate - id.token.claim: 'true' - access.token.claim: 'true' - claim.name: birthdate - jsonType.label: String - - id: c5c15734-2b35-4d1d-bd83-7f4b628a789c - name: family name - protocol: openid-connect - protocolMapper: oidc-usermodel-property-mapper - consentRequired: false - config: - userinfo.token.claim: 'true' - user.attribute: lastName - id.token.claim: 'true' - access.token.claim: 'true' - claim.name: family_name - jsonType.label: String - - id: 9530d0cb-a779-4778-8373-e8cbb957b92d - name: given name - protocol: openid-connect - protocolMapper: oidc-usermodel-property-mapper - consentRequired: false - config: - userinfo.token.claim: 'true' - user.attribute: firstName - id.token.claim: 'true' - access.token.claim: 'true' - claim.name: given_name - jsonType.label: String - - id: 50d8374f-48e0-4562-bb80-16f40dc805ab - name: gender - protocol: openid-connect - protocolMapper: oidc-usermodel-attribute-mapper - consentRequired: false - config: - userinfo.token.claim: 'true' - user.attribute: gender - id.token.claim: 'true' - access.token.claim: 'true' - claim.name: gender - jsonType.label: String - - id: 74ea0bbf-6667-4c8b-9614-e5a4620a4891 - name: profile - protocol: openid-connect - protocolMapper: oidc-usermodel-attribute-mapper - consentRequired: false - config: - userinfo.token.claim: 'true' - user.attribute: profile - id.token.claim: 'true' - access.token.claim: 'true' - claim.name: profile - jsonType.label: String - - id: dad1dd7f-1839-4fc8-9d46-e95619168c4f - name: picture - protocol: openid-connect - protocolMapper: oidc-usermodel-attribute-mapper - consentRequired: false - config: - userinfo.token.claim: 'true' - user.attribute: picture - id.token.claim: 'true' - access.token.claim: 'true' - claim.name: picture - jsonType.label: String - - id: 9d00e03b-46bb-4e66-ba70-b757bf23f4e3 - name: username - protocol: openid-connect - protocolMapper: oidc-usermodel-property-mapper - consentRequired: false - config: - userinfo.token.claim: 'true' - user.attribute: username - id.token.claim: 'true' - access.token.claim: 'true' - claim.name: preferred_username - jsonType.label: String - - id: efac5303-4fad-4853-9481-6f23f9eec5ad - name: zoneinfo - protocol: openid-connect - protocolMapper: oidc-usermodel-attribute-mapper - consentRequired: false - config: - userinfo.token.claim: 'true' - user.attribute: zoneinfo - id.token.claim: 'true' - access.token.claim: 'true' - claim.name: zoneinfo - jsonType.label: String - - id: 4a162d4a-ac4c-4c73-a852-1b2516a0b667 - name: locale - protocol: openid-connect - protocolMapper: oidc-usermodel-attribute-mapper - consentRequired: false - config: - userinfo.token.claim: 'true' - user.attribute: locale - id.token.claim: 'true' - access.token.claim: 'true' - claim.name: locale - jsonType.label: String - - id: 5f5c64f2-5910-4840-87ef-6606f4a9b8d4 - name: updated at - protocol: openid-connect - protocolMapper: oidc-usermodel-attribute-mapper - consentRequired: false - config: - userinfo.token.claim: 'true' - user.attribute: updatedAt - id.token.claim: 'true' - access.token.claim: 'true' - claim.name: updated_at - jsonType.label: long - - id: f015154f-bdbe-4d71-9659-312efee62810 - name: email - description: 'OpenID Connect built-in scope: email' - protocol: openid-connect - attributes: - include.in.token.scope: 'true' - display.on.consent.screen: 'true' - consent.screen.text: "${emailScopeConsentText}" - protocolMappers: - - id: c513dcd1-e39b-4816-8e99-42b6a9ab8f56 - name: email - protocol: openid-connect - protocolMapper: oidc-usermodel-property-mapper - consentRequired: false - config: - userinfo.token.claim: 'true' - user.attribute: email - id.token.claim: 'true' - access.token.claim: 'true' - claim.name: email - jsonType.label: String - - id: 8ee3250a-152c-42c9-b753-905a2dc6fd0d - name: email verified - protocol: openid-connect - protocolMapper: oidc-usermodel-property-mapper - consentRequired: false - config: - userinfo.token.claim: 'true' - user.attribute: emailVerified - id.token.claim: 'true' - access.token.claim: 'true' - claim.name: email_verified - jsonType.label: boolean - - id: 388c8b8f-cf5a-4805-b26d-e6b44126bc13 - name: role_list - description: SAML role list - protocol: saml - attributes: - consent.screen.text: "${samlRoleListScopeConsentText}" - display.on.consent.screen: 'true' - protocolMappers: - - id: c782ee51-70ec-464f-be86-799bf586e2da - name: role list - protocol: saml - protocolMapper: saml-role-list-mapper - consentRequired: false - config: - single: 'false' - attribute.nameformat: Basic - attribute.name: Role - - id: e5db3bee-2691-45c5-97ee-4a52ebcc7046 - name: microprofile-jwt - description: Microprofile - JWT built-in scope - protocol: openid-connect - attributes: - include.in.token.scope: 'true' - display.on.consent.screen: 'false' - protocolMappers: - - id: cdb6c0f0-f7f4-4a4a-87d2-d877c8f670fd - name: upn - protocol: openid-connect - protocolMapper: oidc-usermodel-property-mapper - consentRequired: false - config: - userinfo.token.claim: 'true' - user.attribute: username - id.token.claim: 'true' - access.token.claim: 'true' - claim.name: upn - jsonType.label: String - - id: 9fdd3182-61e4-4aca-a6a7-9cc4113e07c1 - name: groups - protocol: openid-connect - protocolMapper: oidc-usermodel-realm-role-mapper - consentRequired: false - config: - multivalued: 'true' - user.attribute: foo - id.token.claim: 'true' - access.token.claim: 'true' - claim.name: groups - jsonType.label: String - - id: dfcaac59-c25a-4802-99dc-3f8b7cc967bc - name: phone - description: 'OpenID Connect built-in scope: phone' - protocol: openid-connect - attributes: - include.in.token.scope: 'true' - display.on.consent.screen: 'true' - consent.screen.text: "${phoneScopeConsentText}" - protocolMappers: - - id: 413e716d-2fb5-4233-93ec-0d80ce8ee547 - name: phone number verified - protocol: openid-connect - protocolMapper: oidc-usermodel-attribute-mapper - consentRequired: false - config: - userinfo.token.claim: 'true' - user.attribute: phoneNumberVerified - id.token.claim: 'true' - access.token.claim: 'true' - claim.name: phone_number_verified - jsonType.label: boolean - - id: a4af46e0-956a-4e08-a960-30c238ab9d55 - name: phone number - protocol: openid-connect - protocolMapper: oidc-usermodel-attribute-mapper - consentRequired: false - config: - userinfo.token.claim: 'true' - user.attribute: phoneNumber - id.token.claim: 'true' - access.token.claim: 'true' - claim.name: phone_number - jsonType.label: String - - id: 05e987fd-a210-45a1-9248-7af5d967d543 - name: offline_access - description: 'OpenID Connect built-in scope: offline_access' - protocol: openid-connect - attributes: - consent.screen.text: "${offlineAccessScopeConsentText}" - display.on.consent.screen: 'true' - - id: 1317af59-0eaf-4f7e-bf09-788e5f68ebac - name: acr - description: OpenID Connect scope for add acr (authentication context class reference) - to the token - protocol: openid-connect - attributes: - include.in.token.scope: 'false' - display.on.consent.screen: 'false' - protocolMappers: - - id: dd30915c-7040-49d4-a657-6ae33e7e292e - name: acr loa level - protocol: openid-connect - protocolMapper: oidc-acr-mapper - consentRequired: false - config: - id.token.claim: 'true' - access.token.claim: 'true' - - id: 5d2e9697-7b9b-4df1-b371-a8f722f25405 - name: address - description: 'OpenID Connect built-in scope: address' - protocol: openid-connect - attributes: - include.in.token.scope: 'true' - display.on.consent.screen: 'true' - consent.screen.text: "${addressScopeConsentText}" - protocolMappers: - - id: c7c3ec32-73ce-44ad-bded-bbf4489ecfcd - name: address - protocol: openid-connect - protocolMapper: oidc-address-mapper - consentRequired: false - config: - user.attribute.formatted: formatted - user.attribute.country: country - user.attribute.postal_code: postal_code - userinfo.token.claim: 'true' - user.attribute.street: street - id.token.claim: 'true' - user.attribute.region: region - access.token.claim: 'true' - user.attribute.locality: locality - - id: 27ea2ab9-5de8-4012-8049-f763776e3705 - name: roles - description: OpenID Connect scope for add user roles to the access token - protocol: openid-connect - attributes: - include.in.token.scope: 'false' - display.on.consent.screen: 'true' - consent.screen.text: "${rolesScopeConsentText}" - protocolMappers: - - id: 4d691db4-f748-4cc5-8eee-f40d720a86ae - name: realm roles - protocol: openid-connect - protocolMapper: oidc-usermodel-realm-role-mapper - consentRequired: false - config: - user.attribute: foo - access.token.claim: 'true' - claim.name: realm_access.roles - jsonType.label: String - multivalued: 'true' - - id: b55b5af9-62b1-43df-9329-3ca36639aa87 - name: audience resolve - protocol: openid-connect - protocolMapper: oidc-audience-resolve-mapper - consentRequired: false - config: {} - - id: 5e9cca4b-22f5-4e71-ae66-8bf804afc5a2 - name: client roles - protocol: openid-connect - protocolMapper: oidc-usermodel-client-role-mapper - consentRequired: false - config: - user.attribute: foo - access.token.claim: 'true' - claim.name: resource_access.${client_id}.roles - jsonType.label: String - multivalued: 'true' - - id: 4b51d798-24d6-40ae-8f99-989fdd6e4260 - name: web-origins - description: OpenID Connect scope for add allowed web origins to the access token - protocol: openid-connect - attributes: - include.in.token.scope: 'false' - display.on.consent.screen: 'false' - consent.screen.text: '' - protocolMappers: - - id: a18a0fff-c0b0-499d-8434-9a907b02804e - name: allowed web origins - protocol: openid-connect - protocolMapper: oidc-allowed-origins-mapper - consentRequired: false - config: {} - defaultDefaultClientScopes: - - role_list - - profile - - email - - roles - - web-origins - - acr - defaultOptionalClientScopes: - - offline_access - - address - - phone - - microprofile-jwt - browserSecurityHeaders: - contentSecurityPolicyReportOnly: '' - xContentTypeOptions: nosniff - xRobotsTag: none - xFrameOptions: SAMEORIGIN - contentSecurityPolicy: frame-src 'self'; frame-ancestors 'self'; object-src 'none'; - xXSSProtection: 1; mode=block - strictTransportSecurity: max-age=31536000; includeSubDomains - smtpServer: {} - eventsEnabled: false - eventsListeners: - - jboss-logging - enabledEventTypes: [] - adminEventsEnabled: false - adminEventsDetailsEnabled: false - identityProviders: [] - identityProviderMappers: [] - components: - org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy: - - id: a461bd96-4e09-4e56-b12b-2c42772b5119 - name: Allowed Client Scopes - providerId: allowed-client-templates - subType: authenticated - subComponents: {} - config: - allow-default-scopes: - - 'true' - - id: faf53e66-e909-4ac9-8f6c-4bd25fe15d91 - name: Max Clients Limit - providerId: max-clients - subType: anonymous - subComponents: {} - config: - max-clients: - - '200' - - id: 8b962e4b-3bc8-46e0-a582-1b2d16a3a3f3 - name: Allowed Protocol Mapper Types - providerId: allowed-protocol-mappers - subType: authenticated - subComponents: {} - config: - allowed-protocol-mapper-types: - - oidc-usermodel-property-mapper - - saml-user-attribute-mapper - - saml-user-property-mapper - - oidc-full-name-mapper - - oidc-sha256-pairwise-sub-mapper - - oidc-usermodel-attribute-mapper - - oidc-address-mapper - - saml-role-list-mapper - - id: d2664852-3a13-4a81-81f5-2bcf30111e19 - name: Allowed Protocol Mapper Types - providerId: allowed-protocol-mappers - subType: anonymous - subComponents: {} - config: - allowed-protocol-mapper-types: - - saml-role-list-mapper - - oidc-sha256-pairwise-sub-mapper - - oidc-usermodel-attribute-mapper - - saml-user-property-mapper - - saml-user-attribute-mapper - - oidc-full-name-mapper - - oidc-address-mapper - - oidc-usermodel-property-mapper - - id: 88cb0451-cd5a-4819-9ef6-c70d66b03ad5 - name: Consent Required - providerId: consent-required - subType: anonymous - subComponents: {} - config: {} - - id: 47468138-c080-4dab-9e82-d45cce6cebde - name: Trusted Hosts - providerId: trusted-hosts - subType: anonymous - subComponents: {} - config: - host-sending-registration-request-must-match: - - 'true' - client-uris-must-match: - - 'true' - - id: 3f77907c-734c-480d-b797-bf0000343347 - name: Full Scope Disabled - providerId: scope - subType: anonymous - subComponents: {} - config: {} - - id: 3c296783-b8ce-4fc7-a240-d9c3ad51ae67 - name: Allowed Client Scopes - providerId: allowed-client-templates - subType: anonymous - subComponents: {} - config: - allow-default-scopes: - - 'true' - org.keycloak.userprofile.UserProfileProvider: - - id: 23f53b89-6a71-49c8-a32c-cf3997a96b06 - providerId: declarative-user-profile - subComponents: {} - config: {} - org.keycloak.keys.KeyProvider: - - id: 12741262-87b8-4249-9d76-9ad53f2eaf84 - name: aes-generated - providerId: aes-generated - subComponents: {} - config: - priority: - - '100' - - id: a0a409cb-03d3-4326-addc-cbd0e9a2e8cc - name: hmac-generated - providerId: hmac-generated - subComponents: {} - config: - priority: - - '100' - algorithm: - - HS256 - - id: fabe8b75-03ef-4065-82dd-942a6654eeb6 - name: rsa-generated - providerId: rsa-generated - subComponents: {} - config: - priority: - - '100' - - id: ba611495-743f-4ec7-b782-1e9d05032a8f - name: rsa-enc-generated - providerId: rsa-enc-generated - subComponents: {} - config: - priority: - - '100' - algorithm: - - RSA-OAEP - internationalizationEnabled: false - supportedLocales: [] - authenticationFlows: - - id: dd735485-6c6c-4e10-a532-d13084993ed0 - alias: Account verification options - description: Method with which to verity the existing account - providerId: basic-flow - topLevel: false - builtIn: true - authenticationExecutions: - - authenticator: idp-email-verification - authenticatorFlow: false - requirement: ALTERNATIVE - priority: 10 - autheticatorFlow: false - userSetupAllowed: false - - authenticatorFlow: true - requirement: ALTERNATIVE - priority: 20 - autheticatorFlow: true - flowAlias: Verify Existing Account by Re-authentication - userSetupAllowed: false - - id: a0bd4e8b-bd03-4999-b91d-4bd8bed78f94 - alias: Authentication Options - description: Authentication options. - providerId: basic-flow - topLevel: false - builtIn: true - authenticationExecutions: - - authenticator: basic-auth - authenticatorFlow: false - requirement: REQUIRED - priority: 10 - autheticatorFlow: false - userSetupAllowed: false - - authenticator: basic-auth-otp - authenticatorFlow: false - requirement: DISABLED - priority: 20 - autheticatorFlow: false - userSetupAllowed: false - - authenticator: auth-spnego - authenticatorFlow: false - requirement: DISABLED - priority: 30 - autheticatorFlow: false - userSetupAllowed: false - - id: 7ec22fea-2ab5-404e-8c2d-6f7ac17ce005 - alias: Browser - Conditional OTP - description: Flow to determine if the OTP is required for the authentication - providerId: basic-flow - topLevel: false - builtIn: true - authenticationExecutions: - - authenticator: conditional-user-configured - authenticatorFlow: false - requirement: REQUIRED - priority: 10 - autheticatorFlow: false - userSetupAllowed: false - - authenticator: auth-otp-form - authenticatorFlow: false - requirement: REQUIRED - priority: 20 - autheticatorFlow: false - userSetupAllowed: false - - id: d6cc5cca-3407-4c70-894a-a2b7c63063f9 - alias: Direct Grant - Conditional OTP - description: Flow to determine if the OTP is required for the authentication - providerId: basic-flow - topLevel: false - builtIn: true - authenticationExecutions: - - authenticator: conditional-user-configured - authenticatorFlow: false - requirement: REQUIRED - priority: 10 - autheticatorFlow: false - userSetupAllowed: false - - authenticator: direct-grant-validate-otp - authenticatorFlow: false - requirement: REQUIRED - priority: 20 - autheticatorFlow: false - userSetupAllowed: false - - id: 4477f910-0e12-4b85-8eb5-a01b403a5763 - alias: First broker login - Conditional OTP - description: Flow to determine if the OTP is required for the authentication - providerId: basic-flow - topLevel: false - builtIn: true - authenticationExecutions: - - authenticator: conditional-user-configured - authenticatorFlow: false - requirement: REQUIRED - priority: 10 - autheticatorFlow: false - userSetupAllowed: false - - authenticator: auth-otp-form - authenticatorFlow: false - requirement: REQUIRED - priority: 20 - autheticatorFlow: false - userSetupAllowed: false - - id: dfdb83ea-42d8-439c-802f-88976f237635 - alias: Handle Existing Account - description: Handle what to do if there is existing account with same email/username - like authenticated identity provider - providerId: basic-flow - topLevel: false - builtIn: true - authenticationExecutions: - - authenticator: idp-confirm-link - authenticatorFlow: false - requirement: REQUIRED - priority: 10 - autheticatorFlow: false - userSetupAllowed: false - - authenticatorFlow: true - requirement: REQUIRED - priority: 20 - autheticatorFlow: true - flowAlias: Account verification options - userSetupAllowed: false - - id: 78ebb2ed-88ed-4300-84b2-e84940e22b25 - alias: Reset - Conditional OTP - description: Flow to determine if the OTP should be reset or not. Set to REQUIRED - to force. - providerId: basic-flow - topLevel: false - builtIn: true - authenticationExecutions: - - authenticator: conditional-user-configured - authenticatorFlow: false - requirement: REQUIRED - priority: 10 - autheticatorFlow: false - userSetupAllowed: false - - authenticator: reset-otp - authenticatorFlow: false - requirement: REQUIRED - priority: 20 - autheticatorFlow: false - userSetupAllowed: false - - id: 47701b3d-0b64-4bcb-93a2-1470e82d5834 - alias: User creation or linking - description: Flow for the existing/non-existing user alternatives - providerId: basic-flow - topLevel: false - builtIn: true - authenticationExecutions: - - authenticatorConfig: create unique user config - authenticator: idp-create-user-if-unique - authenticatorFlow: false - requirement: ALTERNATIVE - priority: 10 - autheticatorFlow: false - userSetupAllowed: false - - authenticatorFlow: true - requirement: ALTERNATIVE - priority: 20 - autheticatorFlow: true - flowAlias: Handle Existing Account - userSetupAllowed: false - - id: 22e479a5-6600-4ed8-b9c1-5dca2414e299 - alias: Verify Existing Account by Re-authentication - description: Reauthentication of existing account - providerId: basic-flow - topLevel: false - builtIn: true - authenticationExecutions: - - authenticator: idp-username-password-form - authenticatorFlow: false - requirement: REQUIRED - priority: 10 - autheticatorFlow: false - userSetupAllowed: false - - authenticatorFlow: true - requirement: CONDITIONAL - priority: 20 - autheticatorFlow: true - flowAlias: First broker login - Conditional OTP - userSetupAllowed: false - - id: 28a88b4d-8b56-4c7c-920b-3bc5803996d3 - alias: browser - description: browser based authentication - providerId: basic-flow - topLevel: true - builtIn: true - authenticationExecutions: - - authenticator: auth-cookie - authenticatorFlow: false - requirement: ALTERNATIVE - priority: 10 - autheticatorFlow: false - userSetupAllowed: false - - authenticator: auth-spnego - authenticatorFlow: false - requirement: DISABLED - priority: 20 - autheticatorFlow: false - userSetupAllowed: false - - authenticator: identity-provider-redirector - authenticatorFlow: false - requirement: ALTERNATIVE - priority: 25 - autheticatorFlow: false - userSetupAllowed: false - - authenticatorFlow: true - requirement: ALTERNATIVE - priority: 30 - autheticatorFlow: true - flowAlias: forms - userSetupAllowed: false - - id: 6f29b220-21bc-4bbf-a555-127950c45b7a - alias: clients - description: Base authentication for clients - providerId: client-flow - topLevel: true - builtIn: true - authenticationExecutions: - - authenticator: client-secret - authenticatorFlow: false - requirement: ALTERNATIVE - priority: 10 - autheticatorFlow: false - userSetupAllowed: false - - authenticator: client-jwt - authenticatorFlow: false - requirement: ALTERNATIVE - priority: 20 - autheticatorFlow: false - userSetupAllowed: false - - authenticator: client-secret-jwt - authenticatorFlow: false - requirement: ALTERNATIVE - priority: 30 - autheticatorFlow: false - userSetupAllowed: false - - authenticator: client-x509 - authenticatorFlow: false - requirement: ALTERNATIVE - priority: 40 - autheticatorFlow: false - userSetupAllowed: false - - id: 66592dc5-1e89-4c43-9f47-536282fdcfa3 - alias: direct grant - description: OpenID Connect Resource Owner Grant - providerId: basic-flow - topLevel: true - builtIn: true - authenticationExecutions: - - authenticator: direct-grant-validate-username - authenticatorFlow: false - requirement: REQUIRED - priority: 10 - autheticatorFlow: false - userSetupAllowed: false - - authenticator: direct-grant-validate-password - authenticatorFlow: false - requirement: REQUIRED - priority: 20 - autheticatorFlow: false - userSetupAllowed: false - - authenticatorFlow: true - requirement: CONDITIONAL - priority: 30 - autheticatorFlow: true - flowAlias: Direct Grant - Conditional OTP - userSetupAllowed: false - - id: ee7a11b0-b371-45c6-b10c-73be447ac1e2 - alias: docker auth - description: Used by Docker clients to authenticate against the IDP - providerId: basic-flow - topLevel: true - builtIn: true - authenticationExecutions: - - authenticator: docker-http-basic-authenticator - authenticatorFlow: false - requirement: REQUIRED - priority: 10 - autheticatorFlow: false - userSetupAllowed: false - - id: 36fe37e7-4eab-4ab5-84a4-4eae04cf40ce - alias: first broker login - description: Actions taken after first broker login with identity provider account, - which is not yet linked to any Keycloak account - providerId: basic-flow - topLevel: true - builtIn: true - authenticationExecutions: - - authenticatorConfig: review profile config - authenticator: idp-review-profile - authenticatorFlow: false - requirement: REQUIRED - priority: 10 - autheticatorFlow: false - userSetupAllowed: false - - authenticatorFlow: true - requirement: REQUIRED - priority: 20 - autheticatorFlow: true - flowAlias: User creation or linking - userSetupAllowed: false - - id: 414c9398-58a3-4d0d-b333-a3ed3a5ea883 - alias: forms - description: Username, password, otp and other auth forms. - providerId: basic-flow - topLevel: false - builtIn: true - authenticationExecutions: - - authenticator: auth-username-password-form - authenticatorFlow: false - requirement: REQUIRED - priority: 10 - autheticatorFlow: false - userSetupAllowed: false - - authenticatorFlow: true - requirement: CONDITIONAL - priority: 20 - autheticatorFlow: true - flowAlias: Browser - Conditional OTP - userSetupAllowed: false - - id: b55f8f02-5881-49fb-aa57-896b3c8dad33 - alias: http challenge - description: An authentication flow based on challenge-response HTTP Authentication - Schemes - providerId: basic-flow - topLevel: true - builtIn: true - authenticationExecutions: - - authenticator: no-cookie-redirect - authenticatorFlow: false - requirement: REQUIRED - priority: 10 - autheticatorFlow: false - userSetupAllowed: false - - authenticatorFlow: true - requirement: REQUIRED - priority: 20 - autheticatorFlow: true - flowAlias: Authentication Options - userSetupAllowed: false - - id: f624c23d-9ab7-4419-90d8-3f8b08dd6c68 - alias: registration - description: registration flow - providerId: basic-flow - topLevel: true - builtIn: true - authenticationExecutions: - - authenticator: registration-page-form - authenticatorFlow: true - requirement: REQUIRED - priority: 10 - autheticatorFlow: true - flowAlias: registration form - userSetupAllowed: false - - id: 1d1fc4bd-be42-45a5-a943-c4b8604eb83d - alias: registration form - description: registration form - providerId: form-flow - topLevel: false - builtIn: true - authenticationExecutions: - - authenticator: registration-user-creation - authenticatorFlow: false - requirement: REQUIRED - priority: 20 - autheticatorFlow: false - userSetupAllowed: false - - authenticator: registration-profile-action - authenticatorFlow: false - requirement: REQUIRED - priority: 40 - autheticatorFlow: false - userSetupAllowed: false - - authenticator: registration-password-action - authenticatorFlow: false - requirement: REQUIRED - priority: 50 - autheticatorFlow: false - userSetupAllowed: false - - authenticator: registration-recaptcha-action - authenticatorFlow: false - requirement: DISABLED - priority: 60 - autheticatorFlow: false - userSetupAllowed: false - - id: f6d3a8b5-188d-4b11-a9a1-7075bd84084b - alias: reset credentials - description: Reset credentials for a user if they forgot their password or something - providerId: basic-flow - topLevel: true - builtIn: true - authenticationExecutions: - - authenticator: reset-credentials-choose-user - authenticatorFlow: false - requirement: REQUIRED - priority: 10 - autheticatorFlow: false - userSetupAllowed: false - - authenticator: reset-credential-email - authenticatorFlow: false - requirement: REQUIRED - priority: 20 - autheticatorFlow: false - userSetupAllowed: false - - authenticator: reset-password - authenticatorFlow: false - requirement: REQUIRED - priority: 30 - autheticatorFlow: false - userSetupAllowed: false - - authenticatorFlow: true - requirement: CONDITIONAL - priority: 40 - autheticatorFlow: true - flowAlias: Reset - Conditional OTP - userSetupAllowed: false - - id: 744f7008-da10-44ac-ab23-5eb885945470 - alias: saml ecp - description: SAML ECP Profile Authentication Flow - providerId: basic-flow - topLevel: true - builtIn: true - authenticationExecutions: - - authenticator: http-basic-authenticator - authenticatorFlow: false - requirement: REQUIRED - priority: 10 - autheticatorFlow: false - userSetupAllowed: false - authenticatorConfig: - - id: e88ef304-d3e5-459c-a3d9-2069dfb6fd0f - alias: create unique user config - config: - require.password.update.after.registration: 'false' - - id: 42724874-d3d6-4640-8efd-df4f0f9ca7a3 - alias: review profile config - config: - update.profile.on.first.login: missing - requiredActions: - - alias: CONFIGURE_TOTP - name: Configure OTP - providerId: CONFIGURE_TOTP - enabled: true - defaultAction: false - priority: 10 - config: {} - - alias: terms_and_conditions - name: Terms and Conditions - providerId: terms_and_conditions - enabled: false - defaultAction: false - priority: 20 - config: {} - - alias: UPDATE_PASSWORD - name: Update Password - providerId: UPDATE_PASSWORD - enabled: true - defaultAction: false - priority: 30 - config: {} - - alias: UPDATE_PROFILE - name: Update Profile - providerId: UPDATE_PROFILE - enabled: true - defaultAction: false - priority: 40 - config: {} - - alias: VERIFY_EMAIL - name: Verify Email - providerId: VERIFY_EMAIL - enabled: true - defaultAction: false - priority: 50 - config: {} - - alias: delete_account - name: Delete Account - providerId: delete_account - enabled: false - defaultAction: false - priority: 60 - config: {} - - alias: webauthn-register - name: Webauthn Register - providerId: webauthn-register - enabled: true - defaultAction: false - priority: 70 - config: {} - - alias: webauthn-register-passwordless - name: Webauthn Register Passwordless - providerId: webauthn-register-passwordless - enabled: true - defaultAction: false - priority: 80 - config: {} - - alias: update_user_locale - name: Update User Locale - providerId: update_user_locale - enabled: true - defaultAction: false - priority: 1000 - config: {} - browserFlow: browser - registrationFlow: registration - directGrantFlow: direct grant - resetCredentialsFlow: reset credentials - clientAuthenticationFlow: clients - dockerAuthenticationFlow: docker auth - attributes: - cibaBackchannelTokenDeliveryMode: poll - cibaExpiresIn: '120' - cibaAuthRequestedUserHint: login_hint - oauth2DeviceCodeLifespan: '600' - oauth2DevicePollingInterval: '5' - clientOfflineSessionMaxLifespan: '0' - clientSessionIdleTimeout: '0' - parRequestUriLifespan: '60' - clientSessionMaxLifespan: '0' - clientOfflineSessionIdleTimeout: '0' - cibaInterval: '5' - realmReusableOtpCode: 'false' - keycloakVersion: 20.0.1 - userManagedAccessAllowed: false - clientProfiles: - profiles: [] - clientPolicies: - policies: [] \ No newline at end of file