apiVersion: k8s.keycloak.org/v2alpha1 kind: KeycloakRealmImport metadata: name: keycloak-realm-mobene namespace: mobene-keycloak spec: keycloakCRName: keycloak-oidc realm: id: bfb1988b-2800-4230-a6bd-819ae7281698 realm: mobene notBefore: 0 defaultSignatureAlgorithm: RS256 revokeRefreshToken: false refreshTokenMaxReuse: 0 accessTokenLifespan: 300 accessTokenLifespanForImplicitFlow: 900 ssoSessionIdleTimeout: 1800 ssoSessionMaxLifespan: 36000 ssoSessionIdleTimeoutRememberMe: 0 ssoSessionMaxLifespanRememberMe: 0 offlineSessionIdleTimeout: 2592000 offlineSessionMaxLifespanEnabled: false offlineSessionMaxLifespan: 5184000 clientSessionIdleTimeout: 0 clientSessionMaxLifespan: 0 clientOfflineSessionIdleTimeout: 0 clientOfflineSessionMaxLifespan: 0 accessCodeLifespan: 60 accessCodeLifespanUserAction: 300 accessCodeLifespanLogin: 1800 actionTokenGeneratedByAdminLifespan: 43200 actionTokenGeneratedByUserLifespan: 300 oauth2DeviceCodeLifespan: 600 oauth2DevicePollingInterval: 5 enabled: true sslRequired: external registrationAllowed: false registrationEmailAsUsername: false rememberMe: false verifyEmail: false loginWithEmailAllowed: false duplicateEmailsAllowed: false resetPasswordAllowed: false editUsernameAllowed: false bruteForceProtected: false permanentLockout: false maxFailureWaitSeconds: 900 minimumQuickLoginWaitSeconds: 60 waitIncrementSeconds: 60 quickLoginCheckMilliSeconds: 1000 maxDeltaTimeSeconds: 43200 failureFactor: 30 roles: realm: - id: 2a9238d8-b3af-4354-bd59-2079d83f92b4 name: uma_authorization description: "${role_uma_authorization}" composite: false clientRole: false containerId: bfb1988b-2800-4230-a6bd-819ae7281698 attributes: {} - id: f6d774a1-cbcc-4785-a5eb-a8a625fed9b2 name: offline_access description: "${role_offline-access}" composite: false clientRole: false containerId: bfb1988b-2800-4230-a6bd-819ae7281698 attributes: {} - id: 901dba93-4920-40ff-82b8-a5dc8dc1c30a name: default-roles-mobene description: "${role_default-roles}" composite: true composites: realm: - offline_access - uma_authorization client: account: - view-profile - manage-account clientRole: false containerId: bfb1988b-2800-4230-a6bd-819ae7281698 attributes: {} client: realm-management: - id: c9226008-369d-4104-8883-6a9e6ba79541 name: manage-events description: "${role_manage-events}" composite: false clientRole: true containerId: e552a2bd-b2f7-4ced-8244-6090b2f72c48 attributes: {} - id: aaaf6377-5526-4b10-b8cc-7d3065ed7cf8 name: query-groups description: "${role_query-groups}" composite: false clientRole: true containerId: e552a2bd-b2f7-4ced-8244-6090b2f72c48 attributes: {} - id: b7eee8a9-17e0-4f03-99b8-108be8c7bc85 name: query-users description: "${role_query-users}" composite: false clientRole: true containerId: e552a2bd-b2f7-4ced-8244-6090b2f72c48 attributes: {} - id: 2910e721-52da-460c-afb3-59eb5aa1d6f8 name: manage-authorization description: "${role_manage-authorization}" composite: false clientRole: true containerId: e552a2bd-b2f7-4ced-8244-6090b2f72c48 attributes: {} - id: 43c31132-e5e8-45d1-8783-e610ba7cd45e name: view-realm description: "${role_view-realm}" composite: false clientRole: true containerId: e552a2bd-b2f7-4ced-8244-6090b2f72c48 attributes: {} - id: 33453bfc-b486-4e04-a688-3391b651c086 name: manage-users description: "${role_manage-users}" composite: false clientRole: true containerId: e552a2bd-b2f7-4ced-8244-6090b2f72c48 attributes: {} - id: ec47c40d-f14f-41e0-a781-6a34ae4b5b04 name: query-clients description: "${role_query-clients}" composite: false clientRole: true containerId: e552a2bd-b2f7-4ced-8244-6090b2f72c48 attributes: {} - id: a70ae54f-ca15-4f1a-b153-318b8583258d name: view-clients description: "${role_view-clients}" composite: true composites: client: realm-management: - query-clients clientRole: true containerId: e552a2bd-b2f7-4ced-8244-6090b2f72c48 attributes: {} - id: 9e07b31d-ef22-4580-b8c4-4c72bf7bde4a name: view-events description: "${role_view-events}" composite: false clientRole: true containerId: e552a2bd-b2f7-4ced-8244-6090b2f72c48 attributes: {} - id: c3e6e3ea-2f56-46d9-a03b-9bcbe8170da6 name: manage-clients description: "${role_manage-clients}" composite: false clientRole: true containerId: e552a2bd-b2f7-4ced-8244-6090b2f72c48 attributes: {} - id: e4e73526-08e9-41c8-90e8-520d499470c4 name: view-identity-providers description: "${role_view-identity-providers}" composite: false clientRole: true containerId: e552a2bd-b2f7-4ced-8244-6090b2f72c48 attributes: {} - id: 92214a58-fd0b-4dad-9651-8d92b911e4b3 name: impersonation description: "${role_impersonation}" composite: false clientRole: true containerId: e552a2bd-b2f7-4ced-8244-6090b2f72c48 attributes: {} - id: 7971518f-377f-485b-8867-4181bb4e9197 name: query-realms description: "${role_query-realms}" composite: false clientRole: true containerId: e552a2bd-b2f7-4ced-8244-6090b2f72c48 attributes: {} - id: 6f8ccd8a-5992-4809-9155-7a28cc3507b6 name: manage-identity-providers description: "${role_manage-identity-providers}" composite: false clientRole: true containerId: e552a2bd-b2f7-4ced-8244-6090b2f72c48 attributes: {} - id: 074e626e-b2c3-46e0-97d3-04579ca8b03a name: manage-realm description: "${role_manage-realm}" composite: false clientRole: true containerId: e552a2bd-b2f7-4ced-8244-6090b2f72c48 attributes: {} - id: c9b6ba15-c7dd-49ce-ad43-77e645d8d52d name: view-authorization description: "${role_view-authorization}" composite: false clientRole: true containerId: e552a2bd-b2f7-4ced-8244-6090b2f72c48 attributes: {} - id: 8b0f5ca6-d39e-4937-a59b-05a1b631b1c9 name: create-client description: "${role_create-client}" composite: false clientRole: true containerId: e552a2bd-b2f7-4ced-8244-6090b2f72c48 attributes: {} - id: 0c3590cb-2637-4b84-8ff9-9adcaf70f17f name: view-users description: "${role_view-users}" composite: true composites: client: realm-management: - query-groups - query-users clientRole: true containerId: e552a2bd-b2f7-4ced-8244-6090b2f72c48 attributes: {} - id: 48c12007-2a84-4f77-bcf6-c1c57154777e name: realm-admin description: "${role_realm-admin}" composite: true composites: client: realm-management: - manage-events - query-groups - query-users - manage-authorization - view-realm - manage-users - query-clients - view-clients - view-events - view-identity-providers - manage-clients - query-realms - impersonation - manage-identity-providers - manage-realm - view-authorization - create-client - view-users clientRole: true containerId: e552a2bd-b2f7-4ced-8244-6090b2f72c48 attributes: {} cusqa-connect: [] security-admin-console: [] cusqa-wordpress: [] admin-cli: [] cusprod-connect: [] nsodev-wordpress: [] account-console: [] cusprod-wordpress: [] nsodev-connect: [] broker: - id: 81ca3c13-7475-4e62-8a7d-89b67c7921ae name: read-token description: "${role_read-token}" composite: false clientRole: true containerId: 03a053ea-5d0f-4e7b-af16-bfb44f21d937 attributes: {} account: - id: 1720b7f0-de16-41d8-86eb-7774794cf885 name: manage-account-links description: "${role_manage-account-links}" composite: false clientRole: true containerId: a485f7fd-bce2-45d1-ae86-06eddf7e2b8b attributes: {} - id: a36d55a9-647b-433f-a438-190cd0aa8455 name: view-groups description: "${role_view-groups}" composite: false clientRole: true containerId: a485f7fd-bce2-45d1-ae86-06eddf7e2b8b attributes: {} - id: c254ff7e-b3f6-40b7-bde0-cf33c3084ac7 name: manage-consent description: "${role_manage-consent}" composite: true composites: client: account: - view-consent clientRole: true containerId: a485f7fd-bce2-45d1-ae86-06eddf7e2b8b attributes: {} - id: ee6b2ba5-1867-41a8-a55a-4dd2cf0317a5 name: view-profile description: "${role_view-profile}" composite: false clientRole: true containerId: a485f7fd-bce2-45d1-ae86-06eddf7e2b8b attributes: {} - id: 0fc06305-ef99-4768-9652-996ebd7fda4b name: view-consent description: "${role_view-consent}" composite: false clientRole: true containerId: a485f7fd-bce2-45d1-ae86-06eddf7e2b8b attributes: {} - id: 4f6e764a-3671-46c8-bbff-5b9bbe73218c name: delete-account description: "${role_delete-account}" composite: false clientRole: true containerId: a485f7fd-bce2-45d1-ae86-06eddf7e2b8b attributes: {} - id: 6d7773a2-fb60-4844-9dad-c29ce47c06dd name: manage-account description: "${role_manage-account}" composite: true composites: client: account: - manage-account-links clientRole: true containerId: a485f7fd-bce2-45d1-ae86-06eddf7e2b8b attributes: {} - id: c4de5bd3-9687-41cf-b85f-bc1683097aa3 name: view-applications description: "${role_view-applications}" composite: false clientRole: true containerId: a485f7fd-bce2-45d1-ae86-06eddf7e2b8b attributes: {} groups: [] defaultRole: id: 901dba93-4920-40ff-82b8-a5dc8dc1c30a name: default-roles-mobene description: "${role_default-roles}" composite: true clientRole: false containerId: bfb1988b-2800-4230-a6bd-819ae7281698 requiredCredentials: - password otpPolicyType: totp otpPolicyAlgorithm: HmacSHA1 otpPolicyInitialCounter: 0 otpPolicyDigits: 6 otpPolicyLookAheadWindow: 1 otpPolicyPeriod: 30 otpPolicyCodeReusable: false otpSupportedApplications: - totpAppGoogleName - totpAppFreeOTPName webAuthnPolicyRpEntityName: keycloak webAuthnPolicySignatureAlgorithms: - ES256 webAuthnPolicyRpId: '' webAuthnPolicyAttestationConveyancePreference: not specified webAuthnPolicyAuthenticatorAttachment: not specified webAuthnPolicyRequireResidentKey: not specified webAuthnPolicyUserVerificationRequirement: not specified webAuthnPolicyCreateTimeout: 0 webAuthnPolicyAvoidSameAuthenticatorRegister: false webAuthnPolicyAcceptableAaguids: [] webAuthnPolicyPasswordlessRpEntityName: keycloak webAuthnPolicyPasswordlessSignatureAlgorithms: - ES256 webAuthnPolicyPasswordlessRpId: '' webAuthnPolicyPasswordlessAttestationConveyancePreference: not specified webAuthnPolicyPasswordlessAuthenticatorAttachment: not specified webAuthnPolicyPasswordlessRequireResidentKey: not specified webAuthnPolicyPasswordlessUserVerificationRequirement: not specified webAuthnPolicyPasswordlessCreateTimeout: 0 webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister: false webAuthnPolicyPasswordlessAcceptableAaguids: [] scopeMappings: - clientScope: offline_access roles: - offline_access clientScopeMappings: account: - client: account-console roles: - manage-account - view-groups clients: - id: a485f7fd-bce2-45d1-ae86-06eddf7e2b8b clientId: account name: "${client_account}" rootUrl: "${authBaseUrl}" baseUrl: "/realms/mobene/account/" surrogateAuthRequired: false enabled: true alwaysDisplayInConsole: false clientAuthenticatorType: client-secret redirectUris: - "/realms/mobene/account/*" webOrigins: [] notBefore: 0 bearerOnly: false consentRequired: false standardFlowEnabled: true implicitFlowEnabled: false directAccessGrantsEnabled: false serviceAccountsEnabled: false publicClient: true frontchannelLogout: false protocol: openid-connect attributes: post.logout.redirect.uris: "+" authenticationFlowBindingOverrides: {} fullScopeAllowed: false nodeReRegistrationTimeout: 0 defaultClientScopes: - web-origins - acr - profile - roles - email optionalClientScopes: - address - phone - offline_access - microprofile-jwt - id: b5adeabf-5360-4227-87fc-7a115ed72e62 clientId: account-console name: "${client_account-console}" rootUrl: "${authBaseUrl}" baseUrl: "/realms/mobene/account/" surrogateAuthRequired: false enabled: true alwaysDisplayInConsole: false clientAuthenticatorType: client-secret redirectUris: - "/realms/mobene/account/*" webOrigins: [] notBefore: 0 bearerOnly: false consentRequired: false standardFlowEnabled: true implicitFlowEnabled: false directAccessGrantsEnabled: false serviceAccountsEnabled: false publicClient: true frontchannelLogout: false protocol: openid-connect attributes: post.logout.redirect.uris: "+" pkce.code.challenge.method: S256 authenticationFlowBindingOverrides: {} fullScopeAllowed: false nodeReRegistrationTimeout: 0 protocolMappers: - id: 2e083b42-d172-45e3-94a1-bb28ef3a5fab name: audience resolve protocol: openid-connect protocolMapper: oidc-audience-resolve-mapper consentRequired: false config: {} defaultClientScopes: - web-origins - acr - profile - roles - email optionalClientScopes: - address - phone - offline_access - microprofile-jwt - id: 5b32f4f8-4def-43ac-b09b-14dd2ccf5e6c clientId: admin-cli name: "${client_admin-cli}" surrogateAuthRequired: false enabled: true alwaysDisplayInConsole: false clientAuthenticatorType: client-secret redirectUris: [] webOrigins: [] notBefore: 0 bearerOnly: false consentRequired: false standardFlowEnabled: false implicitFlowEnabled: false directAccessGrantsEnabled: true serviceAccountsEnabled: false publicClient: true frontchannelLogout: false protocol: openid-connect attributes: {} authenticationFlowBindingOverrides: {} fullScopeAllowed: false nodeReRegistrationTimeout: 0 defaultClientScopes: - web-origins - acr - profile - roles - email optionalClientScopes: - address - phone - offline_access - microprofile-jwt - id: 03a053ea-5d0f-4e7b-af16-bfb44f21d937 clientId: broker name: "${client_broker}" surrogateAuthRequired: false enabled: true alwaysDisplayInConsole: false clientAuthenticatorType: client-secret redirectUris: [] webOrigins: [] notBefore: 0 bearerOnly: true consentRequired: false standardFlowEnabled: true implicitFlowEnabled: false directAccessGrantsEnabled: false serviceAccountsEnabled: false publicClient: false frontchannelLogout: false protocol: openid-connect attributes: {} authenticationFlowBindingOverrides: {} fullScopeAllowed: false nodeReRegistrationTimeout: 0 defaultClientScopes: - web-origins - acr - profile - roles - email optionalClientScopes: - address - phone - offline_access - microprofile-jwt - id: c6d9d6c3-6c11-4a67-b4d3-81867f9e94ba clientId: cusprod-connect name: cusprod-connect description: '' rootUrl: '' adminUrl: '' baseUrl: '' surrogateAuthRequired: false enabled: true alwaysDisplayInConsole: false clientAuthenticatorType: client-secret redirectUris: [] webOrigins: [] notBefore: 0 bearerOnly: false consentRequired: false standardFlowEnabled: true implicitFlowEnabled: false directAccessGrantsEnabled: true serviceAccountsEnabled: false publicClient: true frontchannelLogout: true protocol: openid-connect attributes: oidc.ciba.grant.enabled: 'false' oauth2.device.authorization.grant.enabled: 'false' display.on.consent.screen: 'false' backchannel.logout.session.required: 'true' backchannel.logout.revoke.offline.tokens: 'false' authenticationFlowBindingOverrides: {} fullScopeAllowed: true nodeReRegistrationTimeout: -1 defaultClientScopes: - web-origins - acr - profile - roles - email optionalClientScopes: - address - phone - offline_access - microprofile-jwt - id: 96ec3af2-99fb-480a-b438-0cb017004e8d clientId: cusprod-wordpress name: cusprod-wordpress description: '' rootUrl: '' adminUrl: '' baseUrl: '' surrogateAuthRequired: false enabled: true alwaysDisplayInConsole: false clientAuthenticatorType: client-secret redirectUris: [] webOrigins: [] notBefore: 0 bearerOnly: false consentRequired: false standardFlowEnabled: true implicitFlowEnabled: false directAccessGrantsEnabled: true serviceAccountsEnabled: false publicClient: true frontchannelLogout: true protocol: openid-connect attributes: oidc.ciba.grant.enabled: 'false' oauth2.device.authorization.grant.enabled: 'false' display.on.consent.screen: 'false' backchannel.logout.session.required: 'true' backchannel.logout.revoke.offline.tokens: 'false' authenticationFlowBindingOverrides: {} fullScopeAllowed: true nodeReRegistrationTimeout: -1 defaultClientScopes: - web-origins - acr - profile - roles - email optionalClientScopes: - address - phone - offline_access - microprofile-jwt - id: 5bc08f6a-c928-4e94-ab1f-fd006784e0b6 clientId: cusqa-connect name: cusqa-connect description: '' rootUrl: '' adminUrl: '' baseUrl: '' surrogateAuthRequired: false enabled: true alwaysDisplayInConsole: false clientAuthenticatorType: client-secret redirectUris: [] webOrigins: [] notBefore: 0 bearerOnly: false consentRequired: false standardFlowEnabled: true implicitFlowEnabled: false directAccessGrantsEnabled: true serviceAccountsEnabled: false publicClient: true frontchannelLogout: true protocol: openid-connect attributes: oidc.ciba.grant.enabled: 'false' oauth2.device.authorization.grant.enabled: 'false' display.on.consent.screen: 'false' backchannel.logout.session.required: 'true' backchannel.logout.revoke.offline.tokens: 'false' authenticationFlowBindingOverrides: {} fullScopeAllowed: true nodeReRegistrationTimeout: -1 defaultClientScopes: - web-origins - acr - profile - roles - email optionalClientScopes: - address - phone - offline_access - microprofile-jwt - id: 20ca64e7-dec1-48cd-ad1b-ae66fda9b057 clientId: cusqa-wordpress name: cusqa-wordpress description: '' rootUrl: '' adminUrl: '' baseUrl: '' surrogateAuthRequired: false enabled: true alwaysDisplayInConsole: false clientAuthenticatorType: client-secret redirectUris: [] webOrigins: [] notBefore: 0 bearerOnly: false consentRequired: false standardFlowEnabled: true implicitFlowEnabled: false directAccessGrantsEnabled: true serviceAccountsEnabled: false publicClient: true frontchannelLogout: true protocol: openid-connect attributes: oidc.ciba.grant.enabled: 'false' oauth2.device.authorization.grant.enabled: 'false' display.on.consent.screen: 'false' backchannel.logout.session.required: 'true' backchannel.logout.revoke.offline.tokens: 'false' authenticationFlowBindingOverrides: {} fullScopeAllowed: true nodeReRegistrationTimeout: -1 defaultClientScopes: - web-origins - acr - profile - roles - email optionalClientScopes: - address - phone - offline_access - microprofile-jwt - id: 952f5b8a-522b-41b7-b6dc-48ae62147b01 clientId: nsodev-connect name: nsodev-connect description: '' rootUrl: '' adminUrl: '' baseUrl: '' surrogateAuthRequired: false enabled: true alwaysDisplayInConsole: false clientAuthenticatorType: client-secret redirectUris: [] webOrigins: [] notBefore: 0 bearerOnly: false consentRequired: false standardFlowEnabled: true implicitFlowEnabled: false directAccessGrantsEnabled: true serviceAccountsEnabled: false publicClient: true frontchannelLogout: true protocol: openid-connect attributes: oidc.ciba.grant.enabled: 'false' oauth2.device.authorization.grant.enabled: 'false' display.on.consent.screen: 'false' backchannel.logout.session.required: 'true' backchannel.logout.revoke.offline.tokens: 'false' authenticationFlowBindingOverrides: {} fullScopeAllowed: true nodeReRegistrationTimeout: -1 defaultClientScopes: - web-origins - acr - profile - roles - email optionalClientScopes: - address - phone - offline_access - microprofile-jwt - id: 1dad0137-3232-4c81-a9e7-c75bfff2ee4e clientId: nsodev-wordpress name: nsodev-wordpress description: '' rootUrl: '' adminUrl: '' baseUrl: '' surrogateAuthRequired: false enabled: true alwaysDisplayInConsole: false clientAuthenticatorType: client-secret redirectUris: [] webOrigins: [] notBefore: 0 bearerOnly: false consentRequired: false standardFlowEnabled: true implicitFlowEnabled: false directAccessGrantsEnabled: true serviceAccountsEnabled: false publicClient: true frontchannelLogout: true protocol: openid-connect attributes: oidc.ciba.grant.enabled: 'false' oauth2.device.authorization.grant.enabled: 'false' display.on.consent.screen: 'false' backchannel.logout.session.required: 'true' backchannel.logout.revoke.offline.tokens: 'false' authenticationFlowBindingOverrides: {} fullScopeAllowed: true nodeReRegistrationTimeout: -1 defaultClientScopes: - web-origins - acr - profile - roles - email optionalClientScopes: - address - phone - offline_access - microprofile-jwt - id: e552a2bd-b2f7-4ced-8244-6090b2f72c48 clientId: realm-management name: "${client_realm-management}" surrogateAuthRequired: false enabled: true alwaysDisplayInConsole: false clientAuthenticatorType: client-secret redirectUris: [] webOrigins: [] notBefore: 0 bearerOnly: true consentRequired: false standardFlowEnabled: true implicitFlowEnabled: false directAccessGrantsEnabled: false serviceAccountsEnabled: false publicClient: false frontchannelLogout: false protocol: openid-connect attributes: {} authenticationFlowBindingOverrides: {} fullScopeAllowed: false nodeReRegistrationTimeout: 0 defaultClientScopes: - web-origins - acr - profile - roles - email optionalClientScopes: - address - phone - offline_access - microprofile-jwt - id: ef958514-0cf7-4aac-b602-d8f83fb0a4e7 clientId: security-admin-console name: "${client_security-admin-console}" rootUrl: "${authAdminUrl}" baseUrl: "/admin/mobene/console/" surrogateAuthRequired: false enabled: true alwaysDisplayInConsole: false clientAuthenticatorType: client-secret redirectUris: - "/admin/mobene/console/*" webOrigins: - "+" notBefore: 0 bearerOnly: false consentRequired: false standardFlowEnabled: true implicitFlowEnabled: false directAccessGrantsEnabled: false serviceAccountsEnabled: false publicClient: true frontchannelLogout: false protocol: openid-connect attributes: post.logout.redirect.uris: "+" pkce.code.challenge.method: S256 authenticationFlowBindingOverrides: {} fullScopeAllowed: false nodeReRegistrationTimeout: 0 protocolMappers: - id: ef5982c3-9ef9-4949-88a7-5f0c003b0203 name: locale protocol: openid-connect protocolMapper: oidc-usermodel-attribute-mapper consentRequired: false config: userinfo.token.claim: 'true' user.attribute: locale id.token.claim: 'true' access.token.claim: 'true' claim.name: locale jsonType.label: String defaultClientScopes: - web-origins - acr - profile - roles - email optionalClientScopes: - address - phone - offline_access - microprofile-jwt clientScopes: - id: b6a127fa-daf0-4cf7-9aeb-f3e48d82a4f6 name: profile description: 'OpenID Connect built-in scope: profile' protocol: openid-connect attributes: include.in.token.scope: 'true' display.on.consent.screen: 'true' consent.screen.text: "${profileScopeConsentText}" protocolMappers: - id: d620a6dc-0442-47a0-be52-f963259f3157 name: full name protocol: openid-connect protocolMapper: oidc-full-name-mapper consentRequired: false config: id.token.claim: 'true' access.token.claim: 'true' userinfo.token.claim: 'true' - id: f8867f25-421d-4fad-84dd-0ee9dbf07db3 name: nickname protocol: openid-connect protocolMapper: oidc-usermodel-attribute-mapper consentRequired: false config: userinfo.token.claim: 'true' user.attribute: nickname id.token.claim: 'true' access.token.claim: 'true' claim.name: nickname jsonType.label: String - id: 40b20e3e-db96-4046-bb9e-06f6cfb69252 name: website protocol: openid-connect protocolMapper: oidc-usermodel-attribute-mapper consentRequired: false config: userinfo.token.claim: 'true' user.attribute: website id.token.claim: 'true' access.token.claim: 'true' claim.name: website jsonType.label: String - id: e25f206a-affc-4fd5-b1cb-6cf6b4fd5241 name: middle name protocol: openid-connect protocolMapper: oidc-usermodel-attribute-mapper consentRequired: false config: userinfo.token.claim: 'true' user.attribute: middleName id.token.claim: 'true' access.token.claim: 'true' claim.name: middle_name jsonType.label: String - id: 615087f9-8efe-4e03-9bbc-8e4d723f7f01 name: birthdate protocol: openid-connect protocolMapper: oidc-usermodel-attribute-mapper consentRequired: false config: userinfo.token.claim: 'true' user.attribute: birthdate id.token.claim: 'true' access.token.claim: 'true' claim.name: birthdate jsonType.label: String - id: c5c15734-2b35-4d1d-bd83-7f4b628a789c name: family name protocol: openid-connect protocolMapper: oidc-usermodel-property-mapper consentRequired: false config: userinfo.token.claim: 'true' user.attribute: lastName id.token.claim: 'true' access.token.claim: 'true' claim.name: family_name jsonType.label: String - id: 9530d0cb-a779-4778-8373-e8cbb957b92d name: given name protocol: openid-connect protocolMapper: oidc-usermodel-property-mapper consentRequired: false config: userinfo.token.claim: 'true' user.attribute: firstName id.token.claim: 'true' access.token.claim: 'true' claim.name: given_name jsonType.label: String - id: 50d8374f-48e0-4562-bb80-16f40dc805ab name: gender protocol: openid-connect protocolMapper: oidc-usermodel-attribute-mapper consentRequired: false config: userinfo.token.claim: 'true' user.attribute: gender id.token.claim: 'true' access.token.claim: 'true' claim.name: gender jsonType.label: String - id: 74ea0bbf-6667-4c8b-9614-e5a4620a4891 name: profile protocol: openid-connect protocolMapper: oidc-usermodel-attribute-mapper consentRequired: false config: userinfo.token.claim: 'true' user.attribute: profile id.token.claim: 'true' access.token.claim: 'true' claim.name: profile jsonType.label: String - id: dad1dd7f-1839-4fc8-9d46-e95619168c4f name: picture protocol: openid-connect protocolMapper: oidc-usermodel-attribute-mapper consentRequired: false config: userinfo.token.claim: 'true' user.attribute: picture id.token.claim: 'true' access.token.claim: 'true' claim.name: picture jsonType.label: String - id: 9d00e03b-46bb-4e66-ba70-b757bf23f4e3 name: username protocol: openid-connect protocolMapper: oidc-usermodel-property-mapper consentRequired: false config: userinfo.token.claim: 'true' user.attribute: username id.token.claim: 'true' access.token.claim: 'true' claim.name: preferred_username jsonType.label: String - id: efac5303-4fad-4853-9481-6f23f9eec5ad name: zoneinfo protocol: openid-connect protocolMapper: oidc-usermodel-attribute-mapper consentRequired: false config: userinfo.token.claim: 'true' user.attribute: zoneinfo id.token.claim: 'true' access.token.claim: 'true' claim.name: zoneinfo jsonType.label: String - id: 4a162d4a-ac4c-4c73-a852-1b2516a0b667 name: locale protocol: openid-connect protocolMapper: oidc-usermodel-attribute-mapper consentRequired: false config: userinfo.token.claim: 'true' user.attribute: locale id.token.claim: 'true' access.token.claim: 'true' claim.name: locale jsonType.label: String - id: 5f5c64f2-5910-4840-87ef-6606f4a9b8d4 name: updated at protocol: openid-connect protocolMapper: oidc-usermodel-attribute-mapper consentRequired: false config: userinfo.token.claim: 'true' user.attribute: updatedAt id.token.claim: 'true' access.token.claim: 'true' claim.name: updated_at jsonType.label: long - id: f015154f-bdbe-4d71-9659-312efee62810 name: email description: 'OpenID Connect built-in scope: email' protocol: openid-connect attributes: include.in.token.scope: 'true' display.on.consent.screen: 'true' consent.screen.text: "${emailScopeConsentText}" protocolMappers: - id: c513dcd1-e39b-4816-8e99-42b6a9ab8f56 name: email protocol: openid-connect protocolMapper: oidc-usermodel-property-mapper consentRequired: false config: userinfo.token.claim: 'true' user.attribute: email id.token.claim: 'true' access.token.claim: 'true' claim.name: email jsonType.label: String - id: 8ee3250a-152c-42c9-b753-905a2dc6fd0d name: email verified protocol: openid-connect protocolMapper: oidc-usermodel-property-mapper consentRequired: false config: userinfo.token.claim: 'true' user.attribute: emailVerified id.token.claim: 'true' access.token.claim: 'true' claim.name: email_verified jsonType.label: boolean - id: 388c8b8f-cf5a-4805-b26d-e6b44126bc13 name: role_list description: SAML role list protocol: saml attributes: consent.screen.text: "${samlRoleListScopeConsentText}" display.on.consent.screen: 'true' protocolMappers: - id: c782ee51-70ec-464f-be86-799bf586e2da name: role list protocol: saml protocolMapper: saml-role-list-mapper consentRequired: false config: single: 'false' attribute.nameformat: Basic attribute.name: Role - id: e5db3bee-2691-45c5-97ee-4a52ebcc7046 name: microprofile-jwt description: Microprofile - JWT built-in scope protocol: openid-connect attributes: include.in.token.scope: 'true' display.on.consent.screen: 'false' protocolMappers: - id: cdb6c0f0-f7f4-4a4a-87d2-d877c8f670fd name: upn protocol: openid-connect protocolMapper: oidc-usermodel-property-mapper consentRequired: false config: userinfo.token.claim: 'true' user.attribute: username id.token.claim: 'true' access.token.claim: 'true' claim.name: upn jsonType.label: String - id: 9fdd3182-61e4-4aca-a6a7-9cc4113e07c1 name: groups protocol: openid-connect protocolMapper: oidc-usermodel-realm-role-mapper consentRequired: false config: multivalued: 'true' user.attribute: foo id.token.claim: 'true' access.token.claim: 'true' claim.name: groups jsonType.label: String - id: dfcaac59-c25a-4802-99dc-3f8b7cc967bc name: phone description: 'OpenID Connect built-in scope: phone' protocol: openid-connect attributes: include.in.token.scope: 'true' display.on.consent.screen: 'true' consent.screen.text: "${phoneScopeConsentText}" protocolMappers: - id: 413e716d-2fb5-4233-93ec-0d80ce8ee547 name: phone number verified protocol: openid-connect protocolMapper: oidc-usermodel-attribute-mapper consentRequired: false config: userinfo.token.claim: 'true' user.attribute: phoneNumberVerified id.token.claim: 'true' access.token.claim: 'true' claim.name: phone_number_verified jsonType.label: boolean - id: a4af46e0-956a-4e08-a960-30c238ab9d55 name: phone number protocol: openid-connect protocolMapper: oidc-usermodel-attribute-mapper consentRequired: false config: userinfo.token.claim: 'true' user.attribute: phoneNumber id.token.claim: 'true' access.token.claim: 'true' claim.name: phone_number jsonType.label: String - id: 05e987fd-a210-45a1-9248-7af5d967d543 name: offline_access description: 'OpenID Connect built-in scope: offline_access' protocol: openid-connect attributes: consent.screen.text: "${offlineAccessScopeConsentText}" display.on.consent.screen: 'true' - id: 1317af59-0eaf-4f7e-bf09-788e5f68ebac name: acr description: OpenID Connect scope for add acr (authentication context class reference) to the token protocol: openid-connect attributes: include.in.token.scope: 'false' display.on.consent.screen: 'false' protocolMappers: - id: dd30915c-7040-49d4-a657-6ae33e7e292e name: acr loa level protocol: openid-connect protocolMapper: oidc-acr-mapper consentRequired: false config: id.token.claim: 'true' access.token.claim: 'true' - id: 5d2e9697-7b9b-4df1-b371-a8f722f25405 name: address description: 'OpenID Connect built-in scope: address' protocol: openid-connect attributes: include.in.token.scope: 'true' display.on.consent.screen: 'true' consent.screen.text: "${addressScopeConsentText}" protocolMappers: - id: c7c3ec32-73ce-44ad-bded-bbf4489ecfcd name: address protocol: openid-connect protocolMapper: oidc-address-mapper consentRequired: false config: user.attribute.formatted: formatted user.attribute.country: country user.attribute.postal_code: postal_code userinfo.token.claim: 'true' user.attribute.street: street id.token.claim: 'true' user.attribute.region: region access.token.claim: 'true' user.attribute.locality: locality - id: 27ea2ab9-5de8-4012-8049-f763776e3705 name: roles description: OpenID Connect scope for add user roles to the access token protocol: openid-connect attributes: include.in.token.scope: 'false' display.on.consent.screen: 'true' consent.screen.text: "${rolesScopeConsentText}" protocolMappers: - id: 4d691db4-f748-4cc5-8eee-f40d720a86ae name: realm roles protocol: openid-connect protocolMapper: oidc-usermodel-realm-role-mapper consentRequired: false config: user.attribute: foo access.token.claim: 'true' claim.name: realm_access.roles jsonType.label: String multivalued: 'true' - id: b55b5af9-62b1-43df-9329-3ca36639aa87 name: audience resolve protocol: openid-connect protocolMapper: oidc-audience-resolve-mapper consentRequired: false config: {} - id: 5e9cca4b-22f5-4e71-ae66-8bf804afc5a2 name: client roles protocol: openid-connect protocolMapper: oidc-usermodel-client-role-mapper consentRequired: false config: user.attribute: foo access.token.claim: 'true' claim.name: resource_access.${client_id}.roles jsonType.label: String multivalued: 'true' - id: 4b51d798-24d6-40ae-8f99-989fdd6e4260 name: web-origins description: OpenID Connect scope for add allowed web origins to the access token protocol: openid-connect attributes: include.in.token.scope: 'false' display.on.consent.screen: 'false' consent.screen.text: '' protocolMappers: - id: a18a0fff-c0b0-499d-8434-9a907b02804e name: allowed web origins protocol: openid-connect protocolMapper: oidc-allowed-origins-mapper consentRequired: false config: {} defaultDefaultClientScopes: - role_list - profile - email - roles - web-origins - acr defaultOptionalClientScopes: - offline_access - address - phone - microprofile-jwt browserSecurityHeaders: contentSecurityPolicyReportOnly: '' xContentTypeOptions: nosniff xRobotsTag: none xFrameOptions: SAMEORIGIN contentSecurityPolicy: frame-src 'self'; frame-ancestors 'self'; object-src 'none'; xXSSProtection: 1; mode=block strictTransportSecurity: max-age=31536000; includeSubDomains smtpServer: {} eventsEnabled: false eventsListeners: - jboss-logging enabledEventTypes: [] adminEventsEnabled: false adminEventsDetailsEnabled: false identityProviders: [] identityProviderMappers: [] components: org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy: - id: a461bd96-4e09-4e56-b12b-2c42772b5119 name: Allowed Client Scopes providerId: allowed-client-templates subType: authenticated subComponents: {} config: allow-default-scopes: - 'true' - id: faf53e66-e909-4ac9-8f6c-4bd25fe15d91 name: Max Clients Limit providerId: max-clients subType: anonymous subComponents: {} config: max-clients: - '200' - id: 8b962e4b-3bc8-46e0-a582-1b2d16a3a3f3 name: Allowed Protocol Mapper Types providerId: allowed-protocol-mappers subType: authenticated subComponents: {} config: allowed-protocol-mapper-types: - oidc-usermodel-property-mapper - saml-user-attribute-mapper - saml-user-property-mapper - oidc-full-name-mapper - oidc-sha256-pairwise-sub-mapper - oidc-usermodel-attribute-mapper - oidc-address-mapper - saml-role-list-mapper - id: d2664852-3a13-4a81-81f5-2bcf30111e19 name: Allowed Protocol Mapper Types providerId: allowed-protocol-mappers subType: anonymous subComponents: {} config: allowed-protocol-mapper-types: - saml-role-list-mapper - oidc-sha256-pairwise-sub-mapper - oidc-usermodel-attribute-mapper - saml-user-property-mapper - saml-user-attribute-mapper - oidc-full-name-mapper - oidc-address-mapper - oidc-usermodel-property-mapper - id: 88cb0451-cd5a-4819-9ef6-c70d66b03ad5 name: Consent Required providerId: consent-required subType: anonymous subComponents: {} config: {} - id: 47468138-c080-4dab-9e82-d45cce6cebde name: Trusted Hosts providerId: trusted-hosts subType: anonymous subComponents: {} config: host-sending-registration-request-must-match: - 'true' client-uris-must-match: - 'true' - id: 3f77907c-734c-480d-b797-bf0000343347 name: Full Scope Disabled providerId: scope subType: anonymous subComponents: {} config: {} - id: 3c296783-b8ce-4fc7-a240-d9c3ad51ae67 name: Allowed Client Scopes providerId: allowed-client-templates subType: anonymous subComponents: {} config: allow-default-scopes: - 'true' org.keycloak.userprofile.UserProfileProvider: - id: 23f53b89-6a71-49c8-a32c-cf3997a96b06 providerId: declarative-user-profile subComponents: {} config: {} org.keycloak.keys.KeyProvider: - id: 12741262-87b8-4249-9d76-9ad53f2eaf84 name: aes-generated providerId: aes-generated subComponents: {} config: priority: - '100' - id: a0a409cb-03d3-4326-addc-cbd0e9a2e8cc name: hmac-generated providerId: hmac-generated subComponents: {} config: priority: - '100' algorithm: - HS256 - id: fabe8b75-03ef-4065-82dd-942a6654eeb6 name: rsa-generated providerId: rsa-generated subComponents: {} config: priority: - '100' - id: ba611495-743f-4ec7-b782-1e9d05032a8f name: rsa-enc-generated providerId: rsa-enc-generated subComponents: {} config: priority: - '100' algorithm: - RSA-OAEP internationalizationEnabled: false supportedLocales: [] authenticationFlows: - id: dd735485-6c6c-4e10-a532-d13084993ed0 alias: Account verification options description: Method with which to verity the existing account providerId: basic-flow topLevel: false builtIn: true authenticationExecutions: - authenticator: idp-email-verification authenticatorFlow: false requirement: ALTERNATIVE priority: 10 autheticatorFlow: false userSetupAllowed: false - authenticatorFlow: true requirement: ALTERNATIVE priority: 20 autheticatorFlow: true flowAlias: Verify Existing Account by Re-authentication userSetupAllowed: false - id: a0bd4e8b-bd03-4999-b91d-4bd8bed78f94 alias: Authentication Options description: Authentication options. providerId: basic-flow topLevel: false builtIn: true authenticationExecutions: - authenticator: basic-auth authenticatorFlow: false requirement: REQUIRED priority: 10 autheticatorFlow: false userSetupAllowed: false - authenticator: basic-auth-otp authenticatorFlow: false requirement: DISABLED priority: 20 autheticatorFlow: false userSetupAllowed: false - authenticator: auth-spnego authenticatorFlow: false requirement: DISABLED priority: 30 autheticatorFlow: false userSetupAllowed: false - id: 7ec22fea-2ab5-404e-8c2d-6f7ac17ce005 alias: Browser - Conditional OTP description: Flow to determine if the OTP is required for the authentication providerId: basic-flow topLevel: false builtIn: true authenticationExecutions: - authenticator: conditional-user-configured authenticatorFlow: false requirement: REQUIRED priority: 10 autheticatorFlow: false userSetupAllowed: false - authenticator: auth-otp-form authenticatorFlow: false requirement: REQUIRED priority: 20 autheticatorFlow: false userSetupAllowed: false - id: d6cc5cca-3407-4c70-894a-a2b7c63063f9 alias: Direct Grant - Conditional OTP description: Flow to determine if the OTP is required for the authentication providerId: basic-flow topLevel: false builtIn: true authenticationExecutions: - authenticator: conditional-user-configured authenticatorFlow: false requirement: REQUIRED priority: 10 autheticatorFlow: false userSetupAllowed: false - authenticator: direct-grant-validate-otp authenticatorFlow: false requirement: REQUIRED priority: 20 autheticatorFlow: false userSetupAllowed: false - id: 4477f910-0e12-4b85-8eb5-a01b403a5763 alias: First broker login - Conditional OTP description: Flow to determine if the OTP is required for the authentication providerId: basic-flow topLevel: false builtIn: true authenticationExecutions: - authenticator: conditional-user-configured authenticatorFlow: false requirement: REQUIRED priority: 10 autheticatorFlow: false userSetupAllowed: false - authenticator: auth-otp-form authenticatorFlow: false requirement: REQUIRED priority: 20 autheticatorFlow: false userSetupAllowed: false - id: dfdb83ea-42d8-439c-802f-88976f237635 alias: Handle Existing Account description: Handle what to do if there is existing account with same email/username like authenticated identity provider providerId: basic-flow topLevel: false builtIn: true authenticationExecutions: - authenticator: idp-confirm-link authenticatorFlow: false requirement: REQUIRED priority: 10 autheticatorFlow: false userSetupAllowed: false - authenticatorFlow: true requirement: REQUIRED priority: 20 autheticatorFlow: true flowAlias: Account verification options userSetupAllowed: false - id: 78ebb2ed-88ed-4300-84b2-e84940e22b25 alias: Reset - Conditional OTP description: Flow to determine if the OTP should be reset or not. Set to REQUIRED to force. providerId: basic-flow topLevel: false builtIn: true authenticationExecutions: - authenticator: conditional-user-configured authenticatorFlow: false requirement: REQUIRED priority: 10 autheticatorFlow: false userSetupAllowed: false - authenticator: reset-otp authenticatorFlow: false requirement: REQUIRED priority: 20 autheticatorFlow: false userSetupAllowed: false - id: 47701b3d-0b64-4bcb-93a2-1470e82d5834 alias: User creation or linking description: Flow for the existing/non-existing user alternatives providerId: basic-flow topLevel: false builtIn: true authenticationExecutions: - authenticatorConfig: create unique user config authenticator: idp-create-user-if-unique authenticatorFlow: false requirement: ALTERNATIVE priority: 10 autheticatorFlow: false userSetupAllowed: false - authenticatorFlow: true requirement: ALTERNATIVE priority: 20 autheticatorFlow: true flowAlias: Handle Existing Account userSetupAllowed: false - id: 22e479a5-6600-4ed8-b9c1-5dca2414e299 alias: Verify Existing Account by Re-authentication description: Reauthentication of existing account providerId: basic-flow topLevel: false builtIn: true authenticationExecutions: - authenticator: idp-username-password-form authenticatorFlow: false requirement: REQUIRED priority: 10 autheticatorFlow: false userSetupAllowed: false - authenticatorFlow: true requirement: CONDITIONAL priority: 20 autheticatorFlow: true flowAlias: First broker login - Conditional OTP userSetupAllowed: false - id: 28a88b4d-8b56-4c7c-920b-3bc5803996d3 alias: browser description: browser based authentication providerId: basic-flow topLevel: true builtIn: true authenticationExecutions: - authenticator: auth-cookie authenticatorFlow: false requirement: ALTERNATIVE priority: 10 autheticatorFlow: false userSetupAllowed: false - authenticator: auth-spnego authenticatorFlow: false requirement: DISABLED priority: 20 autheticatorFlow: false userSetupAllowed: false - authenticator: identity-provider-redirector authenticatorFlow: false requirement: ALTERNATIVE priority: 25 autheticatorFlow: false userSetupAllowed: false - authenticatorFlow: true requirement: ALTERNATIVE priority: 30 autheticatorFlow: true flowAlias: forms userSetupAllowed: false - id: 6f29b220-21bc-4bbf-a555-127950c45b7a alias: clients description: Base authentication for clients providerId: client-flow topLevel: true builtIn: true authenticationExecutions: - authenticator: client-secret authenticatorFlow: false requirement: ALTERNATIVE priority: 10 autheticatorFlow: false userSetupAllowed: false - authenticator: client-jwt authenticatorFlow: false requirement: ALTERNATIVE priority: 20 autheticatorFlow: false userSetupAllowed: false - authenticator: client-secret-jwt authenticatorFlow: false requirement: ALTERNATIVE priority: 30 autheticatorFlow: false userSetupAllowed: false - authenticator: client-x509 authenticatorFlow: false requirement: ALTERNATIVE priority: 40 autheticatorFlow: false userSetupAllowed: false - id: 66592dc5-1e89-4c43-9f47-536282fdcfa3 alias: direct grant description: OpenID Connect Resource Owner Grant providerId: basic-flow topLevel: true builtIn: true authenticationExecutions: - authenticator: direct-grant-validate-username authenticatorFlow: false requirement: REQUIRED priority: 10 autheticatorFlow: false userSetupAllowed: false - authenticator: direct-grant-validate-password authenticatorFlow: false requirement: REQUIRED priority: 20 autheticatorFlow: false userSetupAllowed: false - authenticatorFlow: true requirement: CONDITIONAL priority: 30 autheticatorFlow: true flowAlias: Direct Grant - Conditional OTP userSetupAllowed: false - id: ee7a11b0-b371-45c6-b10c-73be447ac1e2 alias: docker auth description: Used by Docker clients to authenticate against the IDP providerId: basic-flow topLevel: true builtIn: true authenticationExecutions: - authenticator: docker-http-basic-authenticator authenticatorFlow: false requirement: REQUIRED priority: 10 autheticatorFlow: false userSetupAllowed: false - id: 36fe37e7-4eab-4ab5-84a4-4eae04cf40ce alias: first broker login description: Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account providerId: basic-flow topLevel: true builtIn: true authenticationExecutions: - authenticatorConfig: review profile config authenticator: idp-review-profile authenticatorFlow: false requirement: REQUIRED priority: 10 autheticatorFlow: false userSetupAllowed: false - authenticatorFlow: true requirement: REQUIRED priority: 20 autheticatorFlow: true flowAlias: User creation or linking userSetupAllowed: false - id: 414c9398-58a3-4d0d-b333-a3ed3a5ea883 alias: forms description: Username, password, otp and other auth forms. providerId: basic-flow topLevel: false builtIn: true authenticationExecutions: - authenticator: auth-username-password-form authenticatorFlow: false requirement: REQUIRED priority: 10 autheticatorFlow: false userSetupAllowed: false - authenticatorFlow: true requirement: CONDITIONAL priority: 20 autheticatorFlow: true flowAlias: Browser - Conditional OTP userSetupAllowed: false - id: b55f8f02-5881-49fb-aa57-896b3c8dad33 alias: http challenge description: An authentication flow based on challenge-response HTTP Authentication Schemes providerId: basic-flow topLevel: true builtIn: true authenticationExecutions: - authenticator: no-cookie-redirect authenticatorFlow: false requirement: REQUIRED priority: 10 autheticatorFlow: false userSetupAllowed: false - authenticatorFlow: true requirement: REQUIRED priority: 20 autheticatorFlow: true flowAlias: Authentication Options userSetupAllowed: false - id: f624c23d-9ab7-4419-90d8-3f8b08dd6c68 alias: registration description: registration flow providerId: basic-flow topLevel: true builtIn: true authenticationExecutions: - authenticator: registration-page-form authenticatorFlow: true requirement: REQUIRED priority: 10 autheticatorFlow: true flowAlias: registration form userSetupAllowed: false - id: 1d1fc4bd-be42-45a5-a943-c4b8604eb83d alias: registration form description: registration form providerId: form-flow topLevel: false builtIn: true authenticationExecutions: - authenticator: registration-user-creation authenticatorFlow: false requirement: REQUIRED priority: 20 autheticatorFlow: false userSetupAllowed: false - authenticator: registration-profile-action authenticatorFlow: false requirement: REQUIRED priority: 40 autheticatorFlow: false userSetupAllowed: false - authenticator: registration-password-action authenticatorFlow: false requirement: REQUIRED priority: 50 autheticatorFlow: false userSetupAllowed: false - authenticator: registration-recaptcha-action authenticatorFlow: false requirement: DISABLED priority: 60 autheticatorFlow: false userSetupAllowed: false - id: f6d3a8b5-188d-4b11-a9a1-7075bd84084b alias: reset credentials description: Reset credentials for a user if they forgot their password or something providerId: basic-flow topLevel: true builtIn: true authenticationExecutions: - authenticator: reset-credentials-choose-user authenticatorFlow: false requirement: REQUIRED priority: 10 autheticatorFlow: false userSetupAllowed: false - authenticator: reset-credential-email authenticatorFlow: false requirement: REQUIRED priority: 20 autheticatorFlow: false userSetupAllowed: false - authenticator: reset-password authenticatorFlow: false requirement: REQUIRED priority: 30 autheticatorFlow: false userSetupAllowed: false - authenticatorFlow: true requirement: CONDITIONAL priority: 40 autheticatorFlow: true flowAlias: Reset - Conditional OTP userSetupAllowed: false - id: 744f7008-da10-44ac-ab23-5eb885945470 alias: saml ecp description: SAML ECP Profile Authentication Flow providerId: basic-flow topLevel: true builtIn: true authenticationExecutions: - authenticator: http-basic-authenticator authenticatorFlow: false requirement: REQUIRED priority: 10 autheticatorFlow: false userSetupAllowed: false authenticatorConfig: - id: e88ef304-d3e5-459c-a3d9-2069dfb6fd0f alias: create unique user config config: require.password.update.after.registration: 'false' - id: 42724874-d3d6-4640-8efd-df4f0f9ca7a3 alias: review profile config config: update.profile.on.first.login: missing requiredActions: - alias: CONFIGURE_TOTP name: Configure OTP providerId: CONFIGURE_TOTP enabled: true defaultAction: false priority: 10 config: {} - alias: terms_and_conditions name: Terms and Conditions providerId: terms_and_conditions enabled: false defaultAction: false priority: 20 config: {} - alias: UPDATE_PASSWORD name: Update Password providerId: UPDATE_PASSWORD enabled: true defaultAction: false priority: 30 config: {} - alias: UPDATE_PROFILE name: Update Profile providerId: UPDATE_PROFILE enabled: true defaultAction: false priority: 40 config: {} - alias: VERIFY_EMAIL name: Verify Email providerId: VERIFY_EMAIL enabled: true defaultAction: false priority: 50 config: {} - alias: delete_account name: Delete Account providerId: delete_account enabled: false defaultAction: false priority: 60 config: {} - alias: webauthn-register name: Webauthn Register providerId: webauthn-register enabled: true defaultAction: false priority: 70 config: {} - alias: webauthn-register-passwordless name: Webauthn Register Passwordless providerId: webauthn-register-passwordless enabled: true defaultAction: false priority: 80 config: {} - alias: update_user_locale name: Update User Locale providerId: update_user_locale enabled: true defaultAction: false priority: 1000 config: {} browserFlow: browser registrationFlow: registration directGrantFlow: direct grant resetCredentialsFlow: reset credentials clientAuthenticationFlow: clients dockerAuthenticationFlow: docker auth attributes: cibaBackchannelTokenDeliveryMode: poll cibaExpiresIn: '120' cibaAuthRequestedUserHint: login_hint oauth2DeviceCodeLifespan: '600' oauth2DevicePollingInterval: '5' clientOfflineSessionMaxLifespan: '0' clientSessionIdleTimeout: '0' parRequestUriLifespan: '60' clientSessionMaxLifespan: '0' clientOfflineSessionIdleTimeout: '0' cibaInterval: '5' realmReusableOtpCode: 'false' keycloakVersion: 20.0.1 userManagedAccessAllowed: false clientProfiles: profiles: [] clientPolicies: policies: []