You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1945 lines
62 KiB
YAML
1945 lines
62 KiB
YAML
apiVersion: k8s.keycloak.org/v2alpha1
|
|
kind: KeycloakRealmImport
|
|
metadata:
|
|
name: keycloak-realm-mobene
|
|
namespace: mobene-keycloak
|
|
spec:
|
|
keycloakCRName: keycloak-oidc
|
|
realm:
|
|
id: bfb1988b-2800-4230-a6bd-819ae7281698
|
|
realm: mobene
|
|
notBefore: 0
|
|
defaultSignatureAlgorithm: RS256
|
|
revokeRefreshToken: false
|
|
refreshTokenMaxReuse: 0
|
|
accessTokenLifespan: 300
|
|
accessTokenLifespanForImplicitFlow: 900
|
|
ssoSessionIdleTimeout: 1800
|
|
ssoSessionMaxLifespan: 36000
|
|
ssoSessionIdleTimeoutRememberMe: 0
|
|
ssoSessionMaxLifespanRememberMe: 0
|
|
offlineSessionIdleTimeout: 2592000
|
|
offlineSessionMaxLifespanEnabled: false
|
|
offlineSessionMaxLifespan: 5184000
|
|
clientSessionIdleTimeout: 0
|
|
clientSessionMaxLifespan: 0
|
|
clientOfflineSessionIdleTimeout: 0
|
|
clientOfflineSessionMaxLifespan: 0
|
|
accessCodeLifespan: 60
|
|
accessCodeLifespanUserAction: 300
|
|
accessCodeLifespanLogin: 1800
|
|
actionTokenGeneratedByAdminLifespan: 43200
|
|
actionTokenGeneratedByUserLifespan: 300
|
|
oauth2DeviceCodeLifespan: 600
|
|
oauth2DevicePollingInterval: 5
|
|
enabled: true
|
|
sslRequired: external
|
|
registrationAllowed: false
|
|
registrationEmailAsUsername: false
|
|
rememberMe: false
|
|
verifyEmail: false
|
|
loginWithEmailAllowed: false
|
|
duplicateEmailsAllowed: false
|
|
resetPasswordAllowed: false
|
|
editUsernameAllowed: false
|
|
bruteForceProtected: false
|
|
permanentLockout: false
|
|
maxFailureWaitSeconds: 900
|
|
minimumQuickLoginWaitSeconds: 60
|
|
waitIncrementSeconds: 60
|
|
quickLoginCheckMilliSeconds: 1000
|
|
maxDeltaTimeSeconds: 43200
|
|
failureFactor: 30
|
|
roles:
|
|
realm:
|
|
- id: 2a9238d8-b3af-4354-bd59-2079d83f92b4
|
|
name: uma_authorization
|
|
description: "${role_uma_authorization}"
|
|
composite: false
|
|
clientRole: false
|
|
containerId: bfb1988b-2800-4230-a6bd-819ae7281698
|
|
attributes: {}
|
|
- id: f6d774a1-cbcc-4785-a5eb-a8a625fed9b2
|
|
name: offline_access
|
|
description: "${role_offline-access}"
|
|
composite: false
|
|
clientRole: false
|
|
containerId: bfb1988b-2800-4230-a6bd-819ae7281698
|
|
attributes: {}
|
|
- id: 901dba93-4920-40ff-82b8-a5dc8dc1c30a
|
|
name: default-roles-mobene
|
|
description: "${role_default-roles}"
|
|
composite: true
|
|
composites:
|
|
realm:
|
|
- offline_access
|
|
- uma_authorization
|
|
client:
|
|
account:
|
|
- view-profile
|
|
- manage-account
|
|
clientRole: false
|
|
containerId: bfb1988b-2800-4230-a6bd-819ae7281698
|
|
attributes: {}
|
|
client:
|
|
realm-management:
|
|
- id: c9226008-369d-4104-8883-6a9e6ba79541
|
|
name: manage-events
|
|
description: "${role_manage-events}"
|
|
composite: false
|
|
clientRole: true
|
|
containerId: e552a2bd-b2f7-4ced-8244-6090b2f72c48
|
|
attributes: {}
|
|
- id: aaaf6377-5526-4b10-b8cc-7d3065ed7cf8
|
|
name: query-groups
|
|
description: "${role_query-groups}"
|
|
composite: false
|
|
clientRole: true
|
|
containerId: e552a2bd-b2f7-4ced-8244-6090b2f72c48
|
|
attributes: {}
|
|
- id: b7eee8a9-17e0-4f03-99b8-108be8c7bc85
|
|
name: query-users
|
|
description: "${role_query-users}"
|
|
composite: false
|
|
clientRole: true
|
|
containerId: e552a2bd-b2f7-4ced-8244-6090b2f72c48
|
|
attributes: {}
|
|
- id: 2910e721-52da-460c-afb3-59eb5aa1d6f8
|
|
name: manage-authorization
|
|
description: "${role_manage-authorization}"
|
|
composite: false
|
|
clientRole: true
|
|
containerId: e552a2bd-b2f7-4ced-8244-6090b2f72c48
|
|
attributes: {}
|
|
- id: 43c31132-e5e8-45d1-8783-e610ba7cd45e
|
|
name: view-realm
|
|
description: "${role_view-realm}"
|
|
composite: false
|
|
clientRole: true
|
|
containerId: e552a2bd-b2f7-4ced-8244-6090b2f72c48
|
|
attributes: {}
|
|
- id: 33453bfc-b486-4e04-a688-3391b651c086
|
|
name: manage-users
|
|
description: "${role_manage-users}"
|
|
composite: false
|
|
clientRole: true
|
|
containerId: e552a2bd-b2f7-4ced-8244-6090b2f72c48
|
|
attributes: {}
|
|
- id: ec47c40d-f14f-41e0-a781-6a34ae4b5b04
|
|
name: query-clients
|
|
description: "${role_query-clients}"
|
|
composite: false
|
|
clientRole: true
|
|
containerId: e552a2bd-b2f7-4ced-8244-6090b2f72c48
|
|
attributes: {}
|
|
- id: a70ae54f-ca15-4f1a-b153-318b8583258d
|
|
name: view-clients
|
|
description: "${role_view-clients}"
|
|
composite: true
|
|
composites:
|
|
client:
|
|
realm-management:
|
|
- query-clients
|
|
clientRole: true
|
|
containerId: e552a2bd-b2f7-4ced-8244-6090b2f72c48
|
|
attributes: {}
|
|
- id: 9e07b31d-ef22-4580-b8c4-4c72bf7bde4a
|
|
name: view-events
|
|
description: "${role_view-events}"
|
|
composite: false
|
|
clientRole: true
|
|
containerId: e552a2bd-b2f7-4ced-8244-6090b2f72c48
|
|
attributes: {}
|
|
- id: c3e6e3ea-2f56-46d9-a03b-9bcbe8170da6
|
|
name: manage-clients
|
|
description: "${role_manage-clients}"
|
|
composite: false
|
|
clientRole: true
|
|
containerId: e552a2bd-b2f7-4ced-8244-6090b2f72c48
|
|
attributes: {}
|
|
- id: e4e73526-08e9-41c8-90e8-520d499470c4
|
|
name: view-identity-providers
|
|
description: "${role_view-identity-providers}"
|
|
composite: false
|
|
clientRole: true
|
|
containerId: e552a2bd-b2f7-4ced-8244-6090b2f72c48
|
|
attributes: {}
|
|
- id: 92214a58-fd0b-4dad-9651-8d92b911e4b3
|
|
name: impersonation
|
|
description: "${role_impersonation}"
|
|
composite: false
|
|
clientRole: true
|
|
containerId: e552a2bd-b2f7-4ced-8244-6090b2f72c48
|
|
attributes: {}
|
|
- id: 7971518f-377f-485b-8867-4181bb4e9197
|
|
name: query-realms
|
|
description: "${role_query-realms}"
|
|
composite: false
|
|
clientRole: true
|
|
containerId: e552a2bd-b2f7-4ced-8244-6090b2f72c48
|
|
attributes: {}
|
|
- id: 6f8ccd8a-5992-4809-9155-7a28cc3507b6
|
|
name: manage-identity-providers
|
|
description: "${role_manage-identity-providers}"
|
|
composite: false
|
|
clientRole: true
|
|
containerId: e552a2bd-b2f7-4ced-8244-6090b2f72c48
|
|
attributes: {}
|
|
- id: 074e626e-b2c3-46e0-97d3-04579ca8b03a
|
|
name: manage-realm
|
|
description: "${role_manage-realm}"
|
|
composite: false
|
|
clientRole: true
|
|
containerId: e552a2bd-b2f7-4ced-8244-6090b2f72c48
|
|
attributes: {}
|
|
- id: c9b6ba15-c7dd-49ce-ad43-77e645d8d52d
|
|
name: view-authorization
|
|
description: "${role_view-authorization}"
|
|
composite: false
|
|
clientRole: true
|
|
containerId: e552a2bd-b2f7-4ced-8244-6090b2f72c48
|
|
attributes: {}
|
|
- id: 8b0f5ca6-d39e-4937-a59b-05a1b631b1c9
|
|
name: create-client
|
|
description: "${role_create-client}"
|
|
composite: false
|
|
clientRole: true
|
|
containerId: e552a2bd-b2f7-4ced-8244-6090b2f72c48
|
|
attributes: {}
|
|
- id: 0c3590cb-2637-4b84-8ff9-9adcaf70f17f
|
|
name: view-users
|
|
description: "${role_view-users}"
|
|
composite: true
|
|
composites:
|
|
client:
|
|
realm-management:
|
|
- query-groups
|
|
- query-users
|
|
clientRole: true
|
|
containerId: e552a2bd-b2f7-4ced-8244-6090b2f72c48
|
|
attributes: {}
|
|
- id: 48c12007-2a84-4f77-bcf6-c1c57154777e
|
|
name: realm-admin
|
|
description: "${role_realm-admin}"
|
|
composite: true
|
|
composites:
|
|
client:
|
|
realm-management:
|
|
- manage-events
|
|
- query-groups
|
|
- query-users
|
|
- manage-authorization
|
|
- view-realm
|
|
- manage-users
|
|
- query-clients
|
|
- view-clients
|
|
- view-events
|
|
- view-identity-providers
|
|
- manage-clients
|
|
- query-realms
|
|
- impersonation
|
|
- manage-identity-providers
|
|
- manage-realm
|
|
- view-authorization
|
|
- create-client
|
|
- view-users
|
|
clientRole: true
|
|
containerId: e552a2bd-b2f7-4ced-8244-6090b2f72c48
|
|
attributes: {}
|
|
cusqa-connect: []
|
|
security-admin-console: []
|
|
cusqa-wordpress: []
|
|
admin-cli: []
|
|
cusprod-connect: []
|
|
nsodev-wordpress: []
|
|
account-console: []
|
|
cusprod-wordpress: []
|
|
nsodev-connect: []
|
|
broker:
|
|
- id: 81ca3c13-7475-4e62-8a7d-89b67c7921ae
|
|
name: read-token
|
|
description: "${role_read-token}"
|
|
composite: false
|
|
clientRole: true
|
|
containerId: 03a053ea-5d0f-4e7b-af16-bfb44f21d937
|
|
attributes: {}
|
|
account:
|
|
- id: 1720b7f0-de16-41d8-86eb-7774794cf885
|
|
name: manage-account-links
|
|
description: "${role_manage-account-links}"
|
|
composite: false
|
|
clientRole: true
|
|
containerId: a485f7fd-bce2-45d1-ae86-06eddf7e2b8b
|
|
attributes: {}
|
|
- id: a36d55a9-647b-433f-a438-190cd0aa8455
|
|
name: view-groups
|
|
description: "${role_view-groups}"
|
|
composite: false
|
|
clientRole: true
|
|
containerId: a485f7fd-bce2-45d1-ae86-06eddf7e2b8b
|
|
attributes: {}
|
|
- id: c254ff7e-b3f6-40b7-bde0-cf33c3084ac7
|
|
name: manage-consent
|
|
description: "${role_manage-consent}"
|
|
composite: true
|
|
composites:
|
|
client:
|
|
account:
|
|
- view-consent
|
|
clientRole: true
|
|
containerId: a485f7fd-bce2-45d1-ae86-06eddf7e2b8b
|
|
attributes: {}
|
|
- id: ee6b2ba5-1867-41a8-a55a-4dd2cf0317a5
|
|
name: view-profile
|
|
description: "${role_view-profile}"
|
|
composite: false
|
|
clientRole: true
|
|
containerId: a485f7fd-bce2-45d1-ae86-06eddf7e2b8b
|
|
attributes: {}
|
|
- id: 0fc06305-ef99-4768-9652-996ebd7fda4b
|
|
name: view-consent
|
|
description: "${role_view-consent}"
|
|
composite: false
|
|
clientRole: true
|
|
containerId: a485f7fd-bce2-45d1-ae86-06eddf7e2b8b
|
|
attributes: {}
|
|
- id: 4f6e764a-3671-46c8-bbff-5b9bbe73218c
|
|
name: delete-account
|
|
description: "${role_delete-account}"
|
|
composite: false
|
|
clientRole: true
|
|
containerId: a485f7fd-bce2-45d1-ae86-06eddf7e2b8b
|
|
attributes: {}
|
|
- id: 6d7773a2-fb60-4844-9dad-c29ce47c06dd
|
|
name: manage-account
|
|
description: "${role_manage-account}"
|
|
composite: true
|
|
composites:
|
|
client:
|
|
account:
|
|
- manage-account-links
|
|
clientRole: true
|
|
containerId: a485f7fd-bce2-45d1-ae86-06eddf7e2b8b
|
|
attributes: {}
|
|
- id: c4de5bd3-9687-41cf-b85f-bc1683097aa3
|
|
name: view-applications
|
|
description: "${role_view-applications}"
|
|
composite: false
|
|
clientRole: true
|
|
containerId: a485f7fd-bce2-45d1-ae86-06eddf7e2b8b
|
|
attributes: {}
|
|
groups: []
|
|
defaultRole:
|
|
id: 901dba93-4920-40ff-82b8-a5dc8dc1c30a
|
|
name: default-roles-mobene
|
|
description: "${role_default-roles}"
|
|
composite: true
|
|
clientRole: false
|
|
containerId: bfb1988b-2800-4230-a6bd-819ae7281698
|
|
requiredCredentials:
|
|
- password
|
|
otpPolicyType: totp
|
|
otpPolicyAlgorithm: HmacSHA1
|
|
otpPolicyInitialCounter: 0
|
|
otpPolicyDigits: 6
|
|
otpPolicyLookAheadWindow: 1
|
|
otpPolicyPeriod: 30
|
|
otpPolicyCodeReusable: false
|
|
otpSupportedApplications:
|
|
- totpAppGoogleName
|
|
- totpAppFreeOTPName
|
|
webAuthnPolicyRpEntityName: keycloak
|
|
webAuthnPolicySignatureAlgorithms:
|
|
- ES256
|
|
webAuthnPolicyRpId: ''
|
|
webAuthnPolicyAttestationConveyancePreference: not specified
|
|
webAuthnPolicyAuthenticatorAttachment: not specified
|
|
webAuthnPolicyRequireResidentKey: not specified
|
|
webAuthnPolicyUserVerificationRequirement: not specified
|
|
webAuthnPolicyCreateTimeout: 0
|
|
webAuthnPolicyAvoidSameAuthenticatorRegister: false
|
|
webAuthnPolicyAcceptableAaguids: []
|
|
webAuthnPolicyPasswordlessRpEntityName: keycloak
|
|
webAuthnPolicyPasswordlessSignatureAlgorithms:
|
|
- ES256
|
|
webAuthnPolicyPasswordlessRpId: ''
|
|
webAuthnPolicyPasswordlessAttestationConveyancePreference: not specified
|
|
webAuthnPolicyPasswordlessAuthenticatorAttachment: not specified
|
|
webAuthnPolicyPasswordlessRequireResidentKey: not specified
|
|
webAuthnPolicyPasswordlessUserVerificationRequirement: not specified
|
|
webAuthnPolicyPasswordlessCreateTimeout: 0
|
|
webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister: false
|
|
webAuthnPolicyPasswordlessAcceptableAaguids: []
|
|
scopeMappings:
|
|
- clientScope: offline_access
|
|
roles:
|
|
- offline_access
|
|
clientScopeMappings:
|
|
account:
|
|
- client: account-console
|
|
roles:
|
|
- manage-account
|
|
- view-groups
|
|
clients:
|
|
- id: a485f7fd-bce2-45d1-ae86-06eddf7e2b8b
|
|
clientId: account
|
|
name: "${client_account}"
|
|
rootUrl: "${authBaseUrl}"
|
|
baseUrl: "/realms/mobene/account/"
|
|
surrogateAuthRequired: false
|
|
enabled: true
|
|
alwaysDisplayInConsole: false
|
|
clientAuthenticatorType: client-secret
|
|
redirectUris:
|
|
- "/realms/mobene/account/*"
|
|
webOrigins: []
|
|
notBefore: 0
|
|
bearerOnly: false
|
|
consentRequired: false
|
|
standardFlowEnabled: true
|
|
implicitFlowEnabled: false
|
|
directAccessGrantsEnabled: false
|
|
serviceAccountsEnabled: false
|
|
publicClient: true
|
|
frontchannelLogout: false
|
|
protocol: openid-connect
|
|
attributes:
|
|
post.logout.redirect.uris: "+"
|
|
authenticationFlowBindingOverrides: {}
|
|
fullScopeAllowed: false
|
|
nodeReRegistrationTimeout: 0
|
|
defaultClientScopes:
|
|
- web-origins
|
|
- acr
|
|
- profile
|
|
- roles
|
|
- email
|
|
optionalClientScopes:
|
|
- address
|
|
- phone
|
|
- offline_access
|
|
- microprofile-jwt
|
|
- id: b5adeabf-5360-4227-87fc-7a115ed72e62
|
|
clientId: account-console
|
|
name: "${client_account-console}"
|
|
rootUrl: "${authBaseUrl}"
|
|
baseUrl: "/realms/mobene/account/"
|
|
surrogateAuthRequired: false
|
|
enabled: true
|
|
alwaysDisplayInConsole: false
|
|
clientAuthenticatorType: client-secret
|
|
redirectUris:
|
|
- "/realms/mobene/account/*"
|
|
webOrigins: []
|
|
notBefore: 0
|
|
bearerOnly: false
|
|
consentRequired: false
|
|
standardFlowEnabled: true
|
|
implicitFlowEnabled: false
|
|
directAccessGrantsEnabled: false
|
|
serviceAccountsEnabled: false
|
|
publicClient: true
|
|
frontchannelLogout: false
|
|
protocol: openid-connect
|
|
attributes:
|
|
post.logout.redirect.uris: "+"
|
|
pkce.code.challenge.method: S256
|
|
authenticationFlowBindingOverrides: {}
|
|
fullScopeAllowed: false
|
|
nodeReRegistrationTimeout: 0
|
|
protocolMappers:
|
|
- id: 2e083b42-d172-45e3-94a1-bb28ef3a5fab
|
|
name: audience resolve
|
|
protocol: openid-connect
|
|
protocolMapper: oidc-audience-resolve-mapper
|
|
consentRequired: false
|
|
config: {}
|
|
defaultClientScopes:
|
|
- web-origins
|
|
- acr
|
|
- profile
|
|
- roles
|
|
- email
|
|
optionalClientScopes:
|
|
- address
|
|
- phone
|
|
- offline_access
|
|
- microprofile-jwt
|
|
- id: 5b32f4f8-4def-43ac-b09b-14dd2ccf5e6c
|
|
clientId: admin-cli
|
|
name: "${client_admin-cli}"
|
|
surrogateAuthRequired: false
|
|
enabled: true
|
|
alwaysDisplayInConsole: false
|
|
clientAuthenticatorType: client-secret
|
|
redirectUris: []
|
|
webOrigins: []
|
|
notBefore: 0
|
|
bearerOnly: false
|
|
consentRequired: false
|
|
standardFlowEnabled: false
|
|
implicitFlowEnabled: false
|
|
directAccessGrantsEnabled: true
|
|
serviceAccountsEnabled: false
|
|
publicClient: true
|
|
frontchannelLogout: false
|
|
protocol: openid-connect
|
|
attributes: {}
|
|
authenticationFlowBindingOverrides: {}
|
|
fullScopeAllowed: false
|
|
nodeReRegistrationTimeout: 0
|
|
defaultClientScopes:
|
|
- web-origins
|
|
- acr
|
|
- profile
|
|
- roles
|
|
- email
|
|
optionalClientScopes:
|
|
- address
|
|
- phone
|
|
- offline_access
|
|
- microprofile-jwt
|
|
- id: 03a053ea-5d0f-4e7b-af16-bfb44f21d937
|
|
clientId: broker
|
|
name: "${client_broker}"
|
|
surrogateAuthRequired: false
|
|
enabled: true
|
|
alwaysDisplayInConsole: false
|
|
clientAuthenticatorType: client-secret
|
|
redirectUris: []
|
|
webOrigins: []
|
|
notBefore: 0
|
|
bearerOnly: true
|
|
consentRequired: false
|
|
standardFlowEnabled: true
|
|
implicitFlowEnabled: false
|
|
directAccessGrantsEnabled: false
|
|
serviceAccountsEnabled: false
|
|
publicClient: false
|
|
frontchannelLogout: false
|
|
protocol: openid-connect
|
|
attributes: {}
|
|
authenticationFlowBindingOverrides: {}
|
|
fullScopeAllowed: false
|
|
nodeReRegistrationTimeout: 0
|
|
defaultClientScopes:
|
|
- web-origins
|
|
- acr
|
|
- profile
|
|
- roles
|
|
- email
|
|
optionalClientScopes:
|
|
- address
|
|
- phone
|
|
- offline_access
|
|
- microprofile-jwt
|
|
- id: c6d9d6c3-6c11-4a67-b4d3-81867f9e94ba
|
|
clientId: cusprod-connect
|
|
name: cusprod-connect
|
|
description: ''
|
|
rootUrl: ''
|
|
adminUrl: ''
|
|
baseUrl: ''
|
|
surrogateAuthRequired: false
|
|
enabled: true
|
|
alwaysDisplayInConsole: false
|
|
clientAuthenticatorType: client-secret
|
|
redirectUris: []
|
|
webOrigins: []
|
|
notBefore: 0
|
|
bearerOnly: false
|
|
consentRequired: false
|
|
standardFlowEnabled: true
|
|
implicitFlowEnabled: false
|
|
directAccessGrantsEnabled: true
|
|
serviceAccountsEnabled: false
|
|
publicClient: true
|
|
frontchannelLogout: true
|
|
protocol: openid-connect
|
|
attributes:
|
|
oidc.ciba.grant.enabled: 'false'
|
|
oauth2.device.authorization.grant.enabled: 'false'
|
|
display.on.consent.screen: 'false'
|
|
backchannel.logout.session.required: 'true'
|
|
backchannel.logout.revoke.offline.tokens: 'false'
|
|
authenticationFlowBindingOverrides: {}
|
|
fullScopeAllowed: true
|
|
nodeReRegistrationTimeout: -1
|
|
defaultClientScopes:
|
|
- web-origins
|
|
- acr
|
|
- profile
|
|
- roles
|
|
- email
|
|
optionalClientScopes:
|
|
- address
|
|
- phone
|
|
- offline_access
|
|
- microprofile-jwt
|
|
- id: 96ec3af2-99fb-480a-b438-0cb017004e8d
|
|
clientId: cusprod-wordpress
|
|
name: cusprod-wordpress
|
|
description: ''
|
|
rootUrl: ''
|
|
adminUrl: ''
|
|
baseUrl: ''
|
|
surrogateAuthRequired: false
|
|
enabled: true
|
|
alwaysDisplayInConsole: false
|
|
clientAuthenticatorType: client-secret
|
|
redirectUris: []
|
|
webOrigins: []
|
|
notBefore: 0
|
|
bearerOnly: false
|
|
consentRequired: false
|
|
standardFlowEnabled: true
|
|
implicitFlowEnabled: false
|
|
directAccessGrantsEnabled: true
|
|
serviceAccountsEnabled: false
|
|
publicClient: true
|
|
frontchannelLogout: true
|
|
protocol: openid-connect
|
|
attributes:
|
|
oidc.ciba.grant.enabled: 'false'
|
|
oauth2.device.authorization.grant.enabled: 'false'
|
|
display.on.consent.screen: 'false'
|
|
backchannel.logout.session.required: 'true'
|
|
backchannel.logout.revoke.offline.tokens: 'false'
|
|
authenticationFlowBindingOverrides: {}
|
|
fullScopeAllowed: true
|
|
nodeReRegistrationTimeout: -1
|
|
defaultClientScopes:
|
|
- web-origins
|
|
- acr
|
|
- profile
|
|
- roles
|
|
- email
|
|
optionalClientScopes:
|
|
- address
|
|
- phone
|
|
- offline_access
|
|
- microprofile-jwt
|
|
- id: 5bc08f6a-c928-4e94-ab1f-fd006784e0b6
|
|
clientId: cusqa-connect
|
|
name: cusqa-connect
|
|
description: ''
|
|
rootUrl: ''
|
|
adminUrl: ''
|
|
baseUrl: ''
|
|
surrogateAuthRequired: false
|
|
enabled: true
|
|
alwaysDisplayInConsole: false
|
|
clientAuthenticatorType: client-secret
|
|
redirectUris: []
|
|
webOrigins: []
|
|
notBefore: 0
|
|
bearerOnly: false
|
|
consentRequired: false
|
|
standardFlowEnabled: true
|
|
implicitFlowEnabled: false
|
|
directAccessGrantsEnabled: true
|
|
serviceAccountsEnabled: false
|
|
publicClient: true
|
|
frontchannelLogout: true
|
|
protocol: openid-connect
|
|
attributes:
|
|
oidc.ciba.grant.enabled: 'false'
|
|
oauth2.device.authorization.grant.enabled: 'false'
|
|
display.on.consent.screen: 'false'
|
|
backchannel.logout.session.required: 'true'
|
|
backchannel.logout.revoke.offline.tokens: 'false'
|
|
authenticationFlowBindingOverrides: {}
|
|
fullScopeAllowed: true
|
|
nodeReRegistrationTimeout: -1
|
|
defaultClientScopes:
|
|
- web-origins
|
|
- acr
|
|
- profile
|
|
- roles
|
|
- email
|
|
optionalClientScopes:
|
|
- address
|
|
- phone
|
|
- offline_access
|
|
- microprofile-jwt
|
|
- id: 20ca64e7-dec1-48cd-ad1b-ae66fda9b057
|
|
clientId: cusqa-wordpress
|
|
name: cusqa-wordpress
|
|
description: ''
|
|
rootUrl: ''
|
|
adminUrl: ''
|
|
baseUrl: ''
|
|
surrogateAuthRequired: false
|
|
enabled: true
|
|
alwaysDisplayInConsole: false
|
|
clientAuthenticatorType: client-secret
|
|
redirectUris: []
|
|
webOrigins: []
|
|
notBefore: 0
|
|
bearerOnly: false
|
|
consentRequired: false
|
|
standardFlowEnabled: true
|
|
implicitFlowEnabled: false
|
|
directAccessGrantsEnabled: true
|
|
serviceAccountsEnabled: false
|
|
publicClient: true
|
|
frontchannelLogout: true
|
|
protocol: openid-connect
|
|
attributes:
|
|
oidc.ciba.grant.enabled: 'false'
|
|
oauth2.device.authorization.grant.enabled: 'false'
|
|
display.on.consent.screen: 'false'
|
|
backchannel.logout.session.required: 'true'
|
|
backchannel.logout.revoke.offline.tokens: 'false'
|
|
authenticationFlowBindingOverrides: {}
|
|
fullScopeAllowed: true
|
|
nodeReRegistrationTimeout: -1
|
|
defaultClientScopes:
|
|
- web-origins
|
|
- acr
|
|
- profile
|
|
- roles
|
|
- email
|
|
optionalClientScopes:
|
|
- address
|
|
- phone
|
|
- offline_access
|
|
- microprofile-jwt
|
|
- id: 952f5b8a-522b-41b7-b6dc-48ae62147b01
|
|
clientId: nsodev-connect
|
|
name: nsodev-connect
|
|
description: ''
|
|
rootUrl: ''
|
|
adminUrl: ''
|
|
baseUrl: ''
|
|
surrogateAuthRequired: false
|
|
enabled: true
|
|
alwaysDisplayInConsole: false
|
|
clientAuthenticatorType: client-secret
|
|
redirectUris: []
|
|
webOrigins: []
|
|
notBefore: 0
|
|
bearerOnly: false
|
|
consentRequired: false
|
|
standardFlowEnabled: true
|
|
implicitFlowEnabled: false
|
|
directAccessGrantsEnabled: true
|
|
serviceAccountsEnabled: false
|
|
publicClient: true
|
|
frontchannelLogout: true
|
|
protocol: openid-connect
|
|
attributes:
|
|
oidc.ciba.grant.enabled: 'false'
|
|
oauth2.device.authorization.grant.enabled: 'false'
|
|
display.on.consent.screen: 'false'
|
|
backchannel.logout.session.required: 'true'
|
|
backchannel.logout.revoke.offline.tokens: 'false'
|
|
authenticationFlowBindingOverrides: {}
|
|
fullScopeAllowed: true
|
|
nodeReRegistrationTimeout: -1
|
|
defaultClientScopes:
|
|
- web-origins
|
|
- acr
|
|
- profile
|
|
- roles
|
|
- email
|
|
optionalClientScopes:
|
|
- address
|
|
- phone
|
|
- offline_access
|
|
- microprofile-jwt
|
|
- id: 1dad0137-3232-4c81-a9e7-c75bfff2ee4e
|
|
clientId: nsodev-wordpress
|
|
name: nsodev-wordpress
|
|
description: ''
|
|
rootUrl: ''
|
|
adminUrl: ''
|
|
baseUrl: ''
|
|
surrogateAuthRequired: false
|
|
enabled: true
|
|
alwaysDisplayInConsole: false
|
|
clientAuthenticatorType: client-secret
|
|
redirectUris: []
|
|
webOrigins: []
|
|
notBefore: 0
|
|
bearerOnly: false
|
|
consentRequired: false
|
|
standardFlowEnabled: true
|
|
implicitFlowEnabled: false
|
|
directAccessGrantsEnabled: true
|
|
serviceAccountsEnabled: false
|
|
publicClient: true
|
|
frontchannelLogout: true
|
|
protocol: openid-connect
|
|
attributes:
|
|
oidc.ciba.grant.enabled: 'false'
|
|
oauth2.device.authorization.grant.enabled: 'false'
|
|
display.on.consent.screen: 'false'
|
|
backchannel.logout.session.required: 'true'
|
|
backchannel.logout.revoke.offline.tokens: 'false'
|
|
authenticationFlowBindingOverrides: {}
|
|
fullScopeAllowed: true
|
|
nodeReRegistrationTimeout: -1
|
|
defaultClientScopes:
|
|
- web-origins
|
|
- acr
|
|
- profile
|
|
- roles
|
|
- email
|
|
optionalClientScopes:
|
|
- address
|
|
- phone
|
|
- offline_access
|
|
- microprofile-jwt
|
|
- id: e552a2bd-b2f7-4ced-8244-6090b2f72c48
|
|
clientId: realm-management
|
|
name: "${client_realm-management}"
|
|
surrogateAuthRequired: false
|
|
enabled: true
|
|
alwaysDisplayInConsole: false
|
|
clientAuthenticatorType: client-secret
|
|
redirectUris: []
|
|
webOrigins: []
|
|
notBefore: 0
|
|
bearerOnly: true
|
|
consentRequired: false
|
|
standardFlowEnabled: true
|
|
implicitFlowEnabled: false
|
|
directAccessGrantsEnabled: false
|
|
serviceAccountsEnabled: false
|
|
publicClient: false
|
|
frontchannelLogout: false
|
|
protocol: openid-connect
|
|
attributes: {}
|
|
authenticationFlowBindingOverrides: {}
|
|
fullScopeAllowed: false
|
|
nodeReRegistrationTimeout: 0
|
|
defaultClientScopes:
|
|
- web-origins
|
|
- acr
|
|
- profile
|
|
- roles
|
|
- email
|
|
optionalClientScopes:
|
|
- address
|
|
- phone
|
|
- offline_access
|
|
- microprofile-jwt
|
|
- id: ef958514-0cf7-4aac-b602-d8f83fb0a4e7
|
|
clientId: security-admin-console
|
|
name: "${client_security-admin-console}"
|
|
rootUrl: "${authAdminUrl}"
|
|
baseUrl: "/admin/mobene/console/"
|
|
surrogateAuthRequired: false
|
|
enabled: true
|
|
alwaysDisplayInConsole: false
|
|
clientAuthenticatorType: client-secret
|
|
redirectUris:
|
|
- "/admin/mobene/console/*"
|
|
webOrigins:
|
|
- "+"
|
|
notBefore: 0
|
|
bearerOnly: false
|
|
consentRequired: false
|
|
standardFlowEnabled: true
|
|
implicitFlowEnabled: false
|
|
directAccessGrantsEnabled: false
|
|
serviceAccountsEnabled: false
|
|
publicClient: true
|
|
frontchannelLogout: false
|
|
protocol: openid-connect
|
|
attributes:
|
|
post.logout.redirect.uris: "+"
|
|
pkce.code.challenge.method: S256
|
|
authenticationFlowBindingOverrides: {}
|
|
fullScopeAllowed: false
|
|
nodeReRegistrationTimeout: 0
|
|
protocolMappers:
|
|
- id: ef5982c3-9ef9-4949-88a7-5f0c003b0203
|
|
name: locale
|
|
protocol: openid-connect
|
|
protocolMapper: oidc-usermodel-attribute-mapper
|
|
consentRequired: false
|
|
config:
|
|
userinfo.token.claim: 'true'
|
|
user.attribute: locale
|
|
id.token.claim: 'true'
|
|
access.token.claim: 'true'
|
|
claim.name: locale
|
|
jsonType.label: String
|
|
defaultClientScopes:
|
|
- web-origins
|
|
- acr
|
|
- profile
|
|
- roles
|
|
- email
|
|
optionalClientScopes:
|
|
- address
|
|
- phone
|
|
- offline_access
|
|
- microprofile-jwt
|
|
clientScopes:
|
|
- id: b6a127fa-daf0-4cf7-9aeb-f3e48d82a4f6
|
|
name: profile
|
|
description: 'OpenID Connect built-in scope: profile'
|
|
protocol: openid-connect
|
|
attributes:
|
|
include.in.token.scope: 'true'
|
|
display.on.consent.screen: 'true'
|
|
consent.screen.text: "${profileScopeConsentText}"
|
|
protocolMappers:
|
|
- id: d620a6dc-0442-47a0-be52-f963259f3157
|
|
name: full name
|
|
protocol: openid-connect
|
|
protocolMapper: oidc-full-name-mapper
|
|
consentRequired: false
|
|
config:
|
|
id.token.claim: 'true'
|
|
access.token.claim: 'true'
|
|
userinfo.token.claim: 'true'
|
|
- id: f8867f25-421d-4fad-84dd-0ee9dbf07db3
|
|
name: nickname
|
|
protocol: openid-connect
|
|
protocolMapper: oidc-usermodel-attribute-mapper
|
|
consentRequired: false
|
|
config:
|
|
userinfo.token.claim: 'true'
|
|
user.attribute: nickname
|
|
id.token.claim: 'true'
|
|
access.token.claim: 'true'
|
|
claim.name: nickname
|
|
jsonType.label: String
|
|
- id: 40b20e3e-db96-4046-bb9e-06f6cfb69252
|
|
name: website
|
|
protocol: openid-connect
|
|
protocolMapper: oidc-usermodel-attribute-mapper
|
|
consentRequired: false
|
|
config:
|
|
userinfo.token.claim: 'true'
|
|
user.attribute: website
|
|
id.token.claim: 'true'
|
|
access.token.claim: 'true'
|
|
claim.name: website
|
|
jsonType.label: String
|
|
- id: e25f206a-affc-4fd5-b1cb-6cf6b4fd5241
|
|
name: middle name
|
|
protocol: openid-connect
|
|
protocolMapper: oidc-usermodel-attribute-mapper
|
|
consentRequired: false
|
|
config:
|
|
userinfo.token.claim: 'true'
|
|
user.attribute: middleName
|
|
id.token.claim: 'true'
|
|
access.token.claim: 'true'
|
|
claim.name: middle_name
|
|
jsonType.label: String
|
|
- id: 615087f9-8efe-4e03-9bbc-8e4d723f7f01
|
|
name: birthdate
|
|
protocol: openid-connect
|
|
protocolMapper: oidc-usermodel-attribute-mapper
|
|
consentRequired: false
|
|
config:
|
|
userinfo.token.claim: 'true'
|
|
user.attribute: birthdate
|
|
id.token.claim: 'true'
|
|
access.token.claim: 'true'
|
|
claim.name: birthdate
|
|
jsonType.label: String
|
|
- id: c5c15734-2b35-4d1d-bd83-7f4b628a789c
|
|
name: family name
|
|
protocol: openid-connect
|
|
protocolMapper: oidc-usermodel-property-mapper
|
|
consentRequired: false
|
|
config:
|
|
userinfo.token.claim: 'true'
|
|
user.attribute: lastName
|
|
id.token.claim: 'true'
|
|
access.token.claim: 'true'
|
|
claim.name: family_name
|
|
jsonType.label: String
|
|
- id: 9530d0cb-a779-4778-8373-e8cbb957b92d
|
|
name: given name
|
|
protocol: openid-connect
|
|
protocolMapper: oidc-usermodel-property-mapper
|
|
consentRequired: false
|
|
config:
|
|
userinfo.token.claim: 'true'
|
|
user.attribute: firstName
|
|
id.token.claim: 'true'
|
|
access.token.claim: 'true'
|
|
claim.name: given_name
|
|
jsonType.label: String
|
|
- id: 50d8374f-48e0-4562-bb80-16f40dc805ab
|
|
name: gender
|
|
protocol: openid-connect
|
|
protocolMapper: oidc-usermodel-attribute-mapper
|
|
consentRequired: false
|
|
config:
|
|
userinfo.token.claim: 'true'
|
|
user.attribute: gender
|
|
id.token.claim: 'true'
|
|
access.token.claim: 'true'
|
|
claim.name: gender
|
|
jsonType.label: String
|
|
- id: 74ea0bbf-6667-4c8b-9614-e5a4620a4891
|
|
name: profile
|
|
protocol: openid-connect
|
|
protocolMapper: oidc-usermodel-attribute-mapper
|
|
consentRequired: false
|
|
config:
|
|
userinfo.token.claim: 'true'
|
|
user.attribute: profile
|
|
id.token.claim: 'true'
|
|
access.token.claim: 'true'
|
|
claim.name: profile
|
|
jsonType.label: String
|
|
- id: dad1dd7f-1839-4fc8-9d46-e95619168c4f
|
|
name: picture
|
|
protocol: openid-connect
|
|
protocolMapper: oidc-usermodel-attribute-mapper
|
|
consentRequired: false
|
|
config:
|
|
userinfo.token.claim: 'true'
|
|
user.attribute: picture
|
|
id.token.claim: 'true'
|
|
access.token.claim: 'true'
|
|
claim.name: picture
|
|
jsonType.label: String
|
|
- id: 9d00e03b-46bb-4e66-ba70-b757bf23f4e3
|
|
name: username
|
|
protocol: openid-connect
|
|
protocolMapper: oidc-usermodel-property-mapper
|
|
consentRequired: false
|
|
config:
|
|
userinfo.token.claim: 'true'
|
|
user.attribute: username
|
|
id.token.claim: 'true'
|
|
access.token.claim: 'true'
|
|
claim.name: preferred_username
|
|
jsonType.label: String
|
|
- id: efac5303-4fad-4853-9481-6f23f9eec5ad
|
|
name: zoneinfo
|
|
protocol: openid-connect
|
|
protocolMapper: oidc-usermodel-attribute-mapper
|
|
consentRequired: false
|
|
config:
|
|
userinfo.token.claim: 'true'
|
|
user.attribute: zoneinfo
|
|
id.token.claim: 'true'
|
|
access.token.claim: 'true'
|
|
claim.name: zoneinfo
|
|
jsonType.label: String
|
|
- id: 4a162d4a-ac4c-4c73-a852-1b2516a0b667
|
|
name: locale
|
|
protocol: openid-connect
|
|
protocolMapper: oidc-usermodel-attribute-mapper
|
|
consentRequired: false
|
|
config:
|
|
userinfo.token.claim: 'true'
|
|
user.attribute: locale
|
|
id.token.claim: 'true'
|
|
access.token.claim: 'true'
|
|
claim.name: locale
|
|
jsonType.label: String
|
|
- id: 5f5c64f2-5910-4840-87ef-6606f4a9b8d4
|
|
name: updated at
|
|
protocol: openid-connect
|
|
protocolMapper: oidc-usermodel-attribute-mapper
|
|
consentRequired: false
|
|
config:
|
|
userinfo.token.claim: 'true'
|
|
user.attribute: updatedAt
|
|
id.token.claim: 'true'
|
|
access.token.claim: 'true'
|
|
claim.name: updated_at
|
|
jsonType.label: long
|
|
- id: f015154f-bdbe-4d71-9659-312efee62810
|
|
name: email
|
|
description: 'OpenID Connect built-in scope: email'
|
|
protocol: openid-connect
|
|
attributes:
|
|
include.in.token.scope: 'true'
|
|
display.on.consent.screen: 'true'
|
|
consent.screen.text: "${emailScopeConsentText}"
|
|
protocolMappers:
|
|
- id: c513dcd1-e39b-4816-8e99-42b6a9ab8f56
|
|
name: email
|
|
protocol: openid-connect
|
|
protocolMapper: oidc-usermodel-property-mapper
|
|
consentRequired: false
|
|
config:
|
|
userinfo.token.claim: 'true'
|
|
user.attribute: email
|
|
id.token.claim: 'true'
|
|
access.token.claim: 'true'
|
|
claim.name: email
|
|
jsonType.label: String
|
|
- id: 8ee3250a-152c-42c9-b753-905a2dc6fd0d
|
|
name: email verified
|
|
protocol: openid-connect
|
|
protocolMapper: oidc-usermodel-property-mapper
|
|
consentRequired: false
|
|
config:
|
|
userinfo.token.claim: 'true'
|
|
user.attribute: emailVerified
|
|
id.token.claim: 'true'
|
|
access.token.claim: 'true'
|
|
claim.name: email_verified
|
|
jsonType.label: boolean
|
|
- id: 388c8b8f-cf5a-4805-b26d-e6b44126bc13
|
|
name: role_list
|
|
description: SAML role list
|
|
protocol: saml
|
|
attributes:
|
|
consent.screen.text: "${samlRoleListScopeConsentText}"
|
|
display.on.consent.screen: 'true'
|
|
protocolMappers:
|
|
- id: c782ee51-70ec-464f-be86-799bf586e2da
|
|
name: role list
|
|
protocol: saml
|
|
protocolMapper: saml-role-list-mapper
|
|
consentRequired: false
|
|
config:
|
|
single: 'false'
|
|
attribute.nameformat: Basic
|
|
attribute.name: Role
|
|
- id: e5db3bee-2691-45c5-97ee-4a52ebcc7046
|
|
name: microprofile-jwt
|
|
description: Microprofile - JWT built-in scope
|
|
protocol: openid-connect
|
|
attributes:
|
|
include.in.token.scope: 'true'
|
|
display.on.consent.screen: 'false'
|
|
protocolMappers:
|
|
- id: cdb6c0f0-f7f4-4a4a-87d2-d877c8f670fd
|
|
name: upn
|
|
protocol: openid-connect
|
|
protocolMapper: oidc-usermodel-property-mapper
|
|
consentRequired: false
|
|
config:
|
|
userinfo.token.claim: 'true'
|
|
user.attribute: username
|
|
id.token.claim: 'true'
|
|
access.token.claim: 'true'
|
|
claim.name: upn
|
|
jsonType.label: String
|
|
- id: 9fdd3182-61e4-4aca-a6a7-9cc4113e07c1
|
|
name: groups
|
|
protocol: openid-connect
|
|
protocolMapper: oidc-usermodel-realm-role-mapper
|
|
consentRequired: false
|
|
config:
|
|
multivalued: 'true'
|
|
user.attribute: foo
|
|
id.token.claim: 'true'
|
|
access.token.claim: 'true'
|
|
claim.name: groups
|
|
jsonType.label: String
|
|
- id: dfcaac59-c25a-4802-99dc-3f8b7cc967bc
|
|
name: phone
|
|
description: 'OpenID Connect built-in scope: phone'
|
|
protocol: openid-connect
|
|
attributes:
|
|
include.in.token.scope: 'true'
|
|
display.on.consent.screen: 'true'
|
|
consent.screen.text: "${phoneScopeConsentText}"
|
|
protocolMappers:
|
|
- id: 413e716d-2fb5-4233-93ec-0d80ce8ee547
|
|
name: phone number verified
|
|
protocol: openid-connect
|
|
protocolMapper: oidc-usermodel-attribute-mapper
|
|
consentRequired: false
|
|
config:
|
|
userinfo.token.claim: 'true'
|
|
user.attribute: phoneNumberVerified
|
|
id.token.claim: 'true'
|
|
access.token.claim: 'true'
|
|
claim.name: phone_number_verified
|
|
jsonType.label: boolean
|
|
- id: a4af46e0-956a-4e08-a960-30c238ab9d55
|
|
name: phone number
|
|
protocol: openid-connect
|
|
protocolMapper: oidc-usermodel-attribute-mapper
|
|
consentRequired: false
|
|
config:
|
|
userinfo.token.claim: 'true'
|
|
user.attribute: phoneNumber
|
|
id.token.claim: 'true'
|
|
access.token.claim: 'true'
|
|
claim.name: phone_number
|
|
jsonType.label: String
|
|
- id: 05e987fd-a210-45a1-9248-7af5d967d543
|
|
name: offline_access
|
|
description: 'OpenID Connect built-in scope: offline_access'
|
|
protocol: openid-connect
|
|
attributes:
|
|
consent.screen.text: "${offlineAccessScopeConsentText}"
|
|
display.on.consent.screen: 'true'
|
|
- id: 1317af59-0eaf-4f7e-bf09-788e5f68ebac
|
|
name: acr
|
|
description: OpenID Connect scope for add acr (authentication context class reference)
|
|
to the token
|
|
protocol: openid-connect
|
|
attributes:
|
|
include.in.token.scope: 'false'
|
|
display.on.consent.screen: 'false'
|
|
protocolMappers:
|
|
- id: dd30915c-7040-49d4-a657-6ae33e7e292e
|
|
name: acr loa level
|
|
protocol: openid-connect
|
|
protocolMapper: oidc-acr-mapper
|
|
consentRequired: false
|
|
config:
|
|
id.token.claim: 'true'
|
|
access.token.claim: 'true'
|
|
- id: 5d2e9697-7b9b-4df1-b371-a8f722f25405
|
|
name: address
|
|
description: 'OpenID Connect built-in scope: address'
|
|
protocol: openid-connect
|
|
attributes:
|
|
include.in.token.scope: 'true'
|
|
display.on.consent.screen: 'true'
|
|
consent.screen.text: "${addressScopeConsentText}"
|
|
protocolMappers:
|
|
- id: c7c3ec32-73ce-44ad-bded-bbf4489ecfcd
|
|
name: address
|
|
protocol: openid-connect
|
|
protocolMapper: oidc-address-mapper
|
|
consentRequired: false
|
|
config:
|
|
user.attribute.formatted: formatted
|
|
user.attribute.country: country
|
|
user.attribute.postal_code: postal_code
|
|
userinfo.token.claim: 'true'
|
|
user.attribute.street: street
|
|
id.token.claim: 'true'
|
|
user.attribute.region: region
|
|
access.token.claim: 'true'
|
|
user.attribute.locality: locality
|
|
- id: 27ea2ab9-5de8-4012-8049-f763776e3705
|
|
name: roles
|
|
description: OpenID Connect scope for add user roles to the access token
|
|
protocol: openid-connect
|
|
attributes:
|
|
include.in.token.scope: 'false'
|
|
display.on.consent.screen: 'true'
|
|
consent.screen.text: "${rolesScopeConsentText}"
|
|
protocolMappers:
|
|
- id: 4d691db4-f748-4cc5-8eee-f40d720a86ae
|
|
name: realm roles
|
|
protocol: openid-connect
|
|
protocolMapper: oidc-usermodel-realm-role-mapper
|
|
consentRequired: false
|
|
config:
|
|
user.attribute: foo
|
|
access.token.claim: 'true'
|
|
claim.name: realm_access.roles
|
|
jsonType.label: String
|
|
multivalued: 'true'
|
|
- id: b55b5af9-62b1-43df-9329-3ca36639aa87
|
|
name: audience resolve
|
|
protocol: openid-connect
|
|
protocolMapper: oidc-audience-resolve-mapper
|
|
consentRequired: false
|
|
config: {}
|
|
- id: 5e9cca4b-22f5-4e71-ae66-8bf804afc5a2
|
|
name: client roles
|
|
protocol: openid-connect
|
|
protocolMapper: oidc-usermodel-client-role-mapper
|
|
consentRequired: false
|
|
config:
|
|
user.attribute: foo
|
|
access.token.claim: 'true'
|
|
claim.name: resource_access.${client_id}.roles
|
|
jsonType.label: String
|
|
multivalued: 'true'
|
|
- id: 4b51d798-24d6-40ae-8f99-989fdd6e4260
|
|
name: web-origins
|
|
description: OpenID Connect scope for add allowed web origins to the access token
|
|
protocol: openid-connect
|
|
attributes:
|
|
include.in.token.scope: 'false'
|
|
display.on.consent.screen: 'false'
|
|
consent.screen.text: ''
|
|
protocolMappers:
|
|
- id: a18a0fff-c0b0-499d-8434-9a907b02804e
|
|
name: allowed web origins
|
|
protocol: openid-connect
|
|
protocolMapper: oidc-allowed-origins-mapper
|
|
consentRequired: false
|
|
config: {}
|
|
defaultDefaultClientScopes:
|
|
- role_list
|
|
- profile
|
|
- email
|
|
- roles
|
|
- web-origins
|
|
- acr
|
|
defaultOptionalClientScopes:
|
|
- offline_access
|
|
- address
|
|
- phone
|
|
- microprofile-jwt
|
|
browserSecurityHeaders:
|
|
contentSecurityPolicyReportOnly: ''
|
|
xContentTypeOptions: nosniff
|
|
xRobotsTag: none
|
|
xFrameOptions: SAMEORIGIN
|
|
contentSecurityPolicy: frame-src 'self'; frame-ancestors 'self'; object-src 'none';
|
|
xXSSProtection: 1; mode=block
|
|
strictTransportSecurity: max-age=31536000; includeSubDomains
|
|
smtpServer: {}
|
|
eventsEnabled: false
|
|
eventsListeners:
|
|
- jboss-logging
|
|
enabledEventTypes: []
|
|
adminEventsEnabled: false
|
|
adminEventsDetailsEnabled: false
|
|
identityProviders: []
|
|
identityProviderMappers: []
|
|
components:
|
|
org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy:
|
|
- id: a461bd96-4e09-4e56-b12b-2c42772b5119
|
|
name: Allowed Client Scopes
|
|
providerId: allowed-client-templates
|
|
subType: authenticated
|
|
subComponents: {}
|
|
config:
|
|
allow-default-scopes:
|
|
- 'true'
|
|
- id: faf53e66-e909-4ac9-8f6c-4bd25fe15d91
|
|
name: Max Clients Limit
|
|
providerId: max-clients
|
|
subType: anonymous
|
|
subComponents: {}
|
|
config:
|
|
max-clients:
|
|
- '200'
|
|
- id: 8b962e4b-3bc8-46e0-a582-1b2d16a3a3f3
|
|
name: Allowed Protocol Mapper Types
|
|
providerId: allowed-protocol-mappers
|
|
subType: authenticated
|
|
subComponents: {}
|
|
config:
|
|
allowed-protocol-mapper-types:
|
|
- oidc-usermodel-property-mapper
|
|
- saml-user-attribute-mapper
|
|
- saml-user-property-mapper
|
|
- oidc-full-name-mapper
|
|
- oidc-sha256-pairwise-sub-mapper
|
|
- oidc-usermodel-attribute-mapper
|
|
- oidc-address-mapper
|
|
- saml-role-list-mapper
|
|
- id: d2664852-3a13-4a81-81f5-2bcf30111e19
|
|
name: Allowed Protocol Mapper Types
|
|
providerId: allowed-protocol-mappers
|
|
subType: anonymous
|
|
subComponents: {}
|
|
config:
|
|
allowed-protocol-mapper-types:
|
|
- saml-role-list-mapper
|
|
- oidc-sha256-pairwise-sub-mapper
|
|
- oidc-usermodel-attribute-mapper
|
|
- saml-user-property-mapper
|
|
- saml-user-attribute-mapper
|
|
- oidc-full-name-mapper
|
|
- oidc-address-mapper
|
|
- oidc-usermodel-property-mapper
|
|
- id: 88cb0451-cd5a-4819-9ef6-c70d66b03ad5
|
|
name: Consent Required
|
|
providerId: consent-required
|
|
subType: anonymous
|
|
subComponents: {}
|
|
config: {}
|
|
- id: 47468138-c080-4dab-9e82-d45cce6cebde
|
|
name: Trusted Hosts
|
|
providerId: trusted-hosts
|
|
subType: anonymous
|
|
subComponents: {}
|
|
config:
|
|
host-sending-registration-request-must-match:
|
|
- 'true'
|
|
client-uris-must-match:
|
|
- 'true'
|
|
- id: 3f77907c-734c-480d-b797-bf0000343347
|
|
name: Full Scope Disabled
|
|
providerId: scope
|
|
subType: anonymous
|
|
subComponents: {}
|
|
config: {}
|
|
- id: 3c296783-b8ce-4fc7-a240-d9c3ad51ae67
|
|
name: Allowed Client Scopes
|
|
providerId: allowed-client-templates
|
|
subType: anonymous
|
|
subComponents: {}
|
|
config:
|
|
allow-default-scopes:
|
|
- 'true'
|
|
org.keycloak.userprofile.UserProfileProvider:
|
|
- id: 23f53b89-6a71-49c8-a32c-cf3997a96b06
|
|
providerId: declarative-user-profile
|
|
subComponents: {}
|
|
config: {}
|
|
org.keycloak.keys.KeyProvider:
|
|
- id: 12741262-87b8-4249-9d76-9ad53f2eaf84
|
|
name: aes-generated
|
|
providerId: aes-generated
|
|
subComponents: {}
|
|
config:
|
|
priority:
|
|
- '100'
|
|
- id: a0a409cb-03d3-4326-addc-cbd0e9a2e8cc
|
|
name: hmac-generated
|
|
providerId: hmac-generated
|
|
subComponents: {}
|
|
config:
|
|
priority:
|
|
- '100'
|
|
algorithm:
|
|
- HS256
|
|
- id: fabe8b75-03ef-4065-82dd-942a6654eeb6
|
|
name: rsa-generated
|
|
providerId: rsa-generated
|
|
subComponents: {}
|
|
config:
|
|
priority:
|
|
- '100'
|
|
- id: ba611495-743f-4ec7-b782-1e9d05032a8f
|
|
name: rsa-enc-generated
|
|
providerId: rsa-enc-generated
|
|
subComponents: {}
|
|
config:
|
|
priority:
|
|
- '100'
|
|
algorithm:
|
|
- RSA-OAEP
|
|
internationalizationEnabled: false
|
|
supportedLocales: []
|
|
authenticationFlows:
|
|
- id: dd735485-6c6c-4e10-a532-d13084993ed0
|
|
alias: Account verification options
|
|
description: Method with which to verity the existing account
|
|
providerId: basic-flow
|
|
topLevel: false
|
|
builtIn: true
|
|
authenticationExecutions:
|
|
- authenticator: idp-email-verification
|
|
authenticatorFlow: false
|
|
requirement: ALTERNATIVE
|
|
priority: 10
|
|
autheticatorFlow: false
|
|
userSetupAllowed: false
|
|
- authenticatorFlow: true
|
|
requirement: ALTERNATIVE
|
|
priority: 20
|
|
autheticatorFlow: true
|
|
flowAlias: Verify Existing Account by Re-authentication
|
|
userSetupAllowed: false
|
|
- id: a0bd4e8b-bd03-4999-b91d-4bd8bed78f94
|
|
alias: Authentication Options
|
|
description: Authentication options.
|
|
providerId: basic-flow
|
|
topLevel: false
|
|
builtIn: true
|
|
authenticationExecutions:
|
|
- authenticator: basic-auth
|
|
authenticatorFlow: false
|
|
requirement: REQUIRED
|
|
priority: 10
|
|
autheticatorFlow: false
|
|
userSetupAllowed: false
|
|
- authenticator: basic-auth-otp
|
|
authenticatorFlow: false
|
|
requirement: DISABLED
|
|
priority: 20
|
|
autheticatorFlow: false
|
|
userSetupAllowed: false
|
|
- authenticator: auth-spnego
|
|
authenticatorFlow: false
|
|
requirement: DISABLED
|
|
priority: 30
|
|
autheticatorFlow: false
|
|
userSetupAllowed: false
|
|
- id: 7ec22fea-2ab5-404e-8c2d-6f7ac17ce005
|
|
alias: Browser - Conditional OTP
|
|
description: Flow to determine if the OTP is required for the authentication
|
|
providerId: basic-flow
|
|
topLevel: false
|
|
builtIn: true
|
|
authenticationExecutions:
|
|
- authenticator: conditional-user-configured
|
|
authenticatorFlow: false
|
|
requirement: REQUIRED
|
|
priority: 10
|
|
autheticatorFlow: false
|
|
userSetupAllowed: false
|
|
- authenticator: auth-otp-form
|
|
authenticatorFlow: false
|
|
requirement: REQUIRED
|
|
priority: 20
|
|
autheticatorFlow: false
|
|
userSetupAllowed: false
|
|
- id: d6cc5cca-3407-4c70-894a-a2b7c63063f9
|
|
alias: Direct Grant - Conditional OTP
|
|
description: Flow to determine if the OTP is required for the authentication
|
|
providerId: basic-flow
|
|
topLevel: false
|
|
builtIn: true
|
|
authenticationExecutions:
|
|
- authenticator: conditional-user-configured
|
|
authenticatorFlow: false
|
|
requirement: REQUIRED
|
|
priority: 10
|
|
autheticatorFlow: false
|
|
userSetupAllowed: false
|
|
- authenticator: direct-grant-validate-otp
|
|
authenticatorFlow: false
|
|
requirement: REQUIRED
|
|
priority: 20
|
|
autheticatorFlow: false
|
|
userSetupAllowed: false
|
|
- id: 4477f910-0e12-4b85-8eb5-a01b403a5763
|
|
alias: First broker login - Conditional OTP
|
|
description: Flow to determine if the OTP is required for the authentication
|
|
providerId: basic-flow
|
|
topLevel: false
|
|
builtIn: true
|
|
authenticationExecutions:
|
|
- authenticator: conditional-user-configured
|
|
authenticatorFlow: false
|
|
requirement: REQUIRED
|
|
priority: 10
|
|
autheticatorFlow: false
|
|
userSetupAllowed: false
|
|
- authenticator: auth-otp-form
|
|
authenticatorFlow: false
|
|
requirement: REQUIRED
|
|
priority: 20
|
|
autheticatorFlow: false
|
|
userSetupAllowed: false
|
|
- id: dfdb83ea-42d8-439c-802f-88976f237635
|
|
alias: Handle Existing Account
|
|
description: Handle what to do if there is existing account with same email/username
|
|
like authenticated identity provider
|
|
providerId: basic-flow
|
|
topLevel: false
|
|
builtIn: true
|
|
authenticationExecutions:
|
|
- authenticator: idp-confirm-link
|
|
authenticatorFlow: false
|
|
requirement: REQUIRED
|
|
priority: 10
|
|
autheticatorFlow: false
|
|
userSetupAllowed: false
|
|
- authenticatorFlow: true
|
|
requirement: REQUIRED
|
|
priority: 20
|
|
autheticatorFlow: true
|
|
flowAlias: Account verification options
|
|
userSetupAllowed: false
|
|
- id: 78ebb2ed-88ed-4300-84b2-e84940e22b25
|
|
alias: Reset - Conditional OTP
|
|
description: Flow to determine if the OTP should be reset or not. Set to REQUIRED
|
|
to force.
|
|
providerId: basic-flow
|
|
topLevel: false
|
|
builtIn: true
|
|
authenticationExecutions:
|
|
- authenticator: conditional-user-configured
|
|
authenticatorFlow: false
|
|
requirement: REQUIRED
|
|
priority: 10
|
|
autheticatorFlow: false
|
|
userSetupAllowed: false
|
|
- authenticator: reset-otp
|
|
authenticatorFlow: false
|
|
requirement: REQUIRED
|
|
priority: 20
|
|
autheticatorFlow: false
|
|
userSetupAllowed: false
|
|
- id: 47701b3d-0b64-4bcb-93a2-1470e82d5834
|
|
alias: User creation or linking
|
|
description: Flow for the existing/non-existing user alternatives
|
|
providerId: basic-flow
|
|
topLevel: false
|
|
builtIn: true
|
|
authenticationExecutions:
|
|
- authenticatorConfig: create unique user config
|
|
authenticator: idp-create-user-if-unique
|
|
authenticatorFlow: false
|
|
requirement: ALTERNATIVE
|
|
priority: 10
|
|
autheticatorFlow: false
|
|
userSetupAllowed: false
|
|
- authenticatorFlow: true
|
|
requirement: ALTERNATIVE
|
|
priority: 20
|
|
autheticatorFlow: true
|
|
flowAlias: Handle Existing Account
|
|
userSetupAllowed: false
|
|
- id: 22e479a5-6600-4ed8-b9c1-5dca2414e299
|
|
alias: Verify Existing Account by Re-authentication
|
|
description: Reauthentication of existing account
|
|
providerId: basic-flow
|
|
topLevel: false
|
|
builtIn: true
|
|
authenticationExecutions:
|
|
- authenticator: idp-username-password-form
|
|
authenticatorFlow: false
|
|
requirement: REQUIRED
|
|
priority: 10
|
|
autheticatorFlow: false
|
|
userSetupAllowed: false
|
|
- authenticatorFlow: true
|
|
requirement: CONDITIONAL
|
|
priority: 20
|
|
autheticatorFlow: true
|
|
flowAlias: First broker login - Conditional OTP
|
|
userSetupAllowed: false
|
|
- id: 28a88b4d-8b56-4c7c-920b-3bc5803996d3
|
|
alias: browser
|
|
description: browser based authentication
|
|
providerId: basic-flow
|
|
topLevel: true
|
|
builtIn: true
|
|
authenticationExecutions:
|
|
- authenticator: auth-cookie
|
|
authenticatorFlow: false
|
|
requirement: ALTERNATIVE
|
|
priority: 10
|
|
autheticatorFlow: false
|
|
userSetupAllowed: false
|
|
- authenticator: auth-spnego
|
|
authenticatorFlow: false
|
|
requirement: DISABLED
|
|
priority: 20
|
|
autheticatorFlow: false
|
|
userSetupAllowed: false
|
|
- authenticator: identity-provider-redirector
|
|
authenticatorFlow: false
|
|
requirement: ALTERNATIVE
|
|
priority: 25
|
|
autheticatorFlow: false
|
|
userSetupAllowed: false
|
|
- authenticatorFlow: true
|
|
requirement: ALTERNATIVE
|
|
priority: 30
|
|
autheticatorFlow: true
|
|
flowAlias: forms
|
|
userSetupAllowed: false
|
|
- id: 6f29b220-21bc-4bbf-a555-127950c45b7a
|
|
alias: clients
|
|
description: Base authentication for clients
|
|
providerId: client-flow
|
|
topLevel: true
|
|
builtIn: true
|
|
authenticationExecutions:
|
|
- authenticator: client-secret
|
|
authenticatorFlow: false
|
|
requirement: ALTERNATIVE
|
|
priority: 10
|
|
autheticatorFlow: false
|
|
userSetupAllowed: false
|
|
- authenticator: client-jwt
|
|
authenticatorFlow: false
|
|
requirement: ALTERNATIVE
|
|
priority: 20
|
|
autheticatorFlow: false
|
|
userSetupAllowed: false
|
|
- authenticator: client-secret-jwt
|
|
authenticatorFlow: false
|
|
requirement: ALTERNATIVE
|
|
priority: 30
|
|
autheticatorFlow: false
|
|
userSetupAllowed: false
|
|
- authenticator: client-x509
|
|
authenticatorFlow: false
|
|
requirement: ALTERNATIVE
|
|
priority: 40
|
|
autheticatorFlow: false
|
|
userSetupAllowed: false
|
|
- id: 66592dc5-1e89-4c43-9f47-536282fdcfa3
|
|
alias: direct grant
|
|
description: OpenID Connect Resource Owner Grant
|
|
providerId: basic-flow
|
|
topLevel: true
|
|
builtIn: true
|
|
authenticationExecutions:
|
|
- authenticator: direct-grant-validate-username
|
|
authenticatorFlow: false
|
|
requirement: REQUIRED
|
|
priority: 10
|
|
autheticatorFlow: false
|
|
userSetupAllowed: false
|
|
- authenticator: direct-grant-validate-password
|
|
authenticatorFlow: false
|
|
requirement: REQUIRED
|
|
priority: 20
|
|
autheticatorFlow: false
|
|
userSetupAllowed: false
|
|
- authenticatorFlow: true
|
|
requirement: CONDITIONAL
|
|
priority: 30
|
|
autheticatorFlow: true
|
|
flowAlias: Direct Grant - Conditional OTP
|
|
userSetupAllowed: false
|
|
- id: ee7a11b0-b371-45c6-b10c-73be447ac1e2
|
|
alias: docker auth
|
|
description: Used by Docker clients to authenticate against the IDP
|
|
providerId: basic-flow
|
|
topLevel: true
|
|
builtIn: true
|
|
authenticationExecutions:
|
|
- authenticator: docker-http-basic-authenticator
|
|
authenticatorFlow: false
|
|
requirement: REQUIRED
|
|
priority: 10
|
|
autheticatorFlow: false
|
|
userSetupAllowed: false
|
|
- id: 36fe37e7-4eab-4ab5-84a4-4eae04cf40ce
|
|
alias: first broker login
|
|
description: Actions taken after first broker login with identity provider account,
|
|
which is not yet linked to any Keycloak account
|
|
providerId: basic-flow
|
|
topLevel: true
|
|
builtIn: true
|
|
authenticationExecutions:
|
|
- authenticatorConfig: review profile config
|
|
authenticator: idp-review-profile
|
|
authenticatorFlow: false
|
|
requirement: REQUIRED
|
|
priority: 10
|
|
autheticatorFlow: false
|
|
userSetupAllowed: false
|
|
- authenticatorFlow: true
|
|
requirement: REQUIRED
|
|
priority: 20
|
|
autheticatorFlow: true
|
|
flowAlias: User creation or linking
|
|
userSetupAllowed: false
|
|
- id: 414c9398-58a3-4d0d-b333-a3ed3a5ea883
|
|
alias: forms
|
|
description: Username, password, otp and other auth forms.
|
|
providerId: basic-flow
|
|
topLevel: false
|
|
builtIn: true
|
|
authenticationExecutions:
|
|
- authenticator: auth-username-password-form
|
|
authenticatorFlow: false
|
|
requirement: REQUIRED
|
|
priority: 10
|
|
autheticatorFlow: false
|
|
userSetupAllowed: false
|
|
- authenticatorFlow: true
|
|
requirement: CONDITIONAL
|
|
priority: 20
|
|
autheticatorFlow: true
|
|
flowAlias: Browser - Conditional OTP
|
|
userSetupAllowed: false
|
|
- id: b55f8f02-5881-49fb-aa57-896b3c8dad33
|
|
alias: http challenge
|
|
description: An authentication flow based on challenge-response HTTP Authentication
|
|
Schemes
|
|
providerId: basic-flow
|
|
topLevel: true
|
|
builtIn: true
|
|
authenticationExecutions:
|
|
- authenticator: no-cookie-redirect
|
|
authenticatorFlow: false
|
|
requirement: REQUIRED
|
|
priority: 10
|
|
autheticatorFlow: false
|
|
userSetupAllowed: false
|
|
- authenticatorFlow: true
|
|
requirement: REQUIRED
|
|
priority: 20
|
|
autheticatorFlow: true
|
|
flowAlias: Authentication Options
|
|
userSetupAllowed: false
|
|
- id: f624c23d-9ab7-4419-90d8-3f8b08dd6c68
|
|
alias: registration
|
|
description: registration flow
|
|
providerId: basic-flow
|
|
topLevel: true
|
|
builtIn: true
|
|
authenticationExecutions:
|
|
- authenticator: registration-page-form
|
|
authenticatorFlow: true
|
|
requirement: REQUIRED
|
|
priority: 10
|
|
autheticatorFlow: true
|
|
flowAlias: registration form
|
|
userSetupAllowed: false
|
|
- id: 1d1fc4bd-be42-45a5-a943-c4b8604eb83d
|
|
alias: registration form
|
|
description: registration form
|
|
providerId: form-flow
|
|
topLevel: false
|
|
builtIn: true
|
|
authenticationExecutions:
|
|
- authenticator: registration-user-creation
|
|
authenticatorFlow: false
|
|
requirement: REQUIRED
|
|
priority: 20
|
|
autheticatorFlow: false
|
|
userSetupAllowed: false
|
|
- authenticator: registration-profile-action
|
|
authenticatorFlow: false
|
|
requirement: REQUIRED
|
|
priority: 40
|
|
autheticatorFlow: false
|
|
userSetupAllowed: false
|
|
- authenticator: registration-password-action
|
|
authenticatorFlow: false
|
|
requirement: REQUIRED
|
|
priority: 50
|
|
autheticatorFlow: false
|
|
userSetupAllowed: false
|
|
- authenticator: registration-recaptcha-action
|
|
authenticatorFlow: false
|
|
requirement: DISABLED
|
|
priority: 60
|
|
autheticatorFlow: false
|
|
userSetupAllowed: false
|
|
- id: f6d3a8b5-188d-4b11-a9a1-7075bd84084b
|
|
alias: reset credentials
|
|
description: Reset credentials for a user if they forgot their password or something
|
|
providerId: basic-flow
|
|
topLevel: true
|
|
builtIn: true
|
|
authenticationExecutions:
|
|
- authenticator: reset-credentials-choose-user
|
|
authenticatorFlow: false
|
|
requirement: REQUIRED
|
|
priority: 10
|
|
autheticatorFlow: false
|
|
userSetupAllowed: false
|
|
- authenticator: reset-credential-email
|
|
authenticatorFlow: false
|
|
requirement: REQUIRED
|
|
priority: 20
|
|
autheticatorFlow: false
|
|
userSetupAllowed: false
|
|
- authenticator: reset-password
|
|
authenticatorFlow: false
|
|
requirement: REQUIRED
|
|
priority: 30
|
|
autheticatorFlow: false
|
|
userSetupAllowed: false
|
|
- authenticatorFlow: true
|
|
requirement: CONDITIONAL
|
|
priority: 40
|
|
autheticatorFlow: true
|
|
flowAlias: Reset - Conditional OTP
|
|
userSetupAllowed: false
|
|
- id: 744f7008-da10-44ac-ab23-5eb885945470
|
|
alias: saml ecp
|
|
description: SAML ECP Profile Authentication Flow
|
|
providerId: basic-flow
|
|
topLevel: true
|
|
builtIn: true
|
|
authenticationExecutions:
|
|
- authenticator: http-basic-authenticator
|
|
authenticatorFlow: false
|
|
requirement: REQUIRED
|
|
priority: 10
|
|
autheticatorFlow: false
|
|
userSetupAllowed: false
|
|
authenticatorConfig:
|
|
- id: e88ef304-d3e5-459c-a3d9-2069dfb6fd0f
|
|
alias: create unique user config
|
|
config:
|
|
require.password.update.after.registration: 'false'
|
|
- id: 42724874-d3d6-4640-8efd-df4f0f9ca7a3
|
|
alias: review profile config
|
|
config:
|
|
update.profile.on.first.login: missing
|
|
requiredActions:
|
|
- alias: CONFIGURE_TOTP
|
|
name: Configure OTP
|
|
providerId: CONFIGURE_TOTP
|
|
enabled: true
|
|
defaultAction: false
|
|
priority: 10
|
|
config: {}
|
|
- alias: terms_and_conditions
|
|
name: Terms and Conditions
|
|
providerId: terms_and_conditions
|
|
enabled: false
|
|
defaultAction: false
|
|
priority: 20
|
|
config: {}
|
|
- alias: UPDATE_PASSWORD
|
|
name: Update Password
|
|
providerId: UPDATE_PASSWORD
|
|
enabled: true
|
|
defaultAction: false
|
|
priority: 30
|
|
config: {}
|
|
- alias: UPDATE_PROFILE
|
|
name: Update Profile
|
|
providerId: UPDATE_PROFILE
|
|
enabled: true
|
|
defaultAction: false
|
|
priority: 40
|
|
config: {}
|
|
- alias: VERIFY_EMAIL
|
|
name: Verify Email
|
|
providerId: VERIFY_EMAIL
|
|
enabled: true
|
|
defaultAction: false
|
|
priority: 50
|
|
config: {}
|
|
- alias: delete_account
|
|
name: Delete Account
|
|
providerId: delete_account
|
|
enabled: false
|
|
defaultAction: false
|
|
priority: 60
|
|
config: {}
|
|
- alias: webauthn-register
|
|
name: Webauthn Register
|
|
providerId: webauthn-register
|
|
enabled: true
|
|
defaultAction: false
|
|
priority: 70
|
|
config: {}
|
|
- alias: webauthn-register-passwordless
|
|
name: Webauthn Register Passwordless
|
|
providerId: webauthn-register-passwordless
|
|
enabled: true
|
|
defaultAction: false
|
|
priority: 80
|
|
config: {}
|
|
- alias: update_user_locale
|
|
name: Update User Locale
|
|
providerId: update_user_locale
|
|
enabled: true
|
|
defaultAction: false
|
|
priority: 1000
|
|
config: {}
|
|
browserFlow: browser
|
|
registrationFlow: registration
|
|
directGrantFlow: direct grant
|
|
resetCredentialsFlow: reset credentials
|
|
clientAuthenticationFlow: clients
|
|
dockerAuthenticationFlow: docker auth
|
|
attributes:
|
|
cibaBackchannelTokenDeliveryMode: poll
|
|
cibaExpiresIn: '120'
|
|
cibaAuthRequestedUserHint: login_hint
|
|
oauth2DeviceCodeLifespan: '600'
|
|
oauth2DevicePollingInterval: '5'
|
|
clientOfflineSessionMaxLifespan: '0'
|
|
clientSessionIdleTimeout: '0'
|
|
parRequestUriLifespan: '60'
|
|
clientSessionMaxLifespan: '0'
|
|
clientOfflineSessionIdleTimeout: '0'
|
|
cibaInterval: '5'
|
|
realmReusableOtpCode: 'false'
|
|
keycloakVersion: 20.0.1
|
|
userManagedAccessAllowed: false
|
|
clientProfiles:
|
|
profiles: []
|
|
clientPolicies:
|
|
policies: [] |