From bacc90938d90612704ee8183a34828ec9bf24fca Mon Sep 17 00:00:00 2001 From: Zsolt Parragi Date: Tue, 17 Feb 2026 19:49:37 +0100 Subject: [PATCH] Improving the example test setup Previous it was just a JSON export of a realm created manually This commit adds a script that creates this realm, and improves it by containing: * Two realms (pgrealm and wrongrealm) * Two clients (pgtest, pgtest2) * Two scopes (pgscope, pgscope2) on both realms * Two users (testuser, testuser2) on both realms Added script that recreates the current keycloak example config It also enables the direct access grant, and adds a help CLI script that gets a token directly for testing. --- test/generate-realm.sh | 254 ++++ test/get-token.sh | 64 + test/import/pgrealm.json | 1219 ++++++++++--------- test/import/wrongrealm.json | 2230 +++++++++++++++++++++++++++++++++++ test/start-keycloak.sh | 76 ++ 5 files changed, 3268 insertions(+), 575 deletions(-) create mode 100755 test/generate-realm.sh create mode 100755 test/get-token.sh mode change 100755 => 100644 test/import/pgrealm.json create mode 100644 test/import/wrongrealm.json create mode 100755 test/start-keycloak.sh diff --git a/test/generate-realm.sh b/test/generate-realm.sh new file mode 100755 index 0000000..b7bcc0c --- /dev/null +++ b/test/generate-realm.sh @@ -0,0 +1,254 @@ +#!/bin/bash +# generate-realm.sh - Generates test/import realm JSON files programmatically. +# +# This script is the source of truth for the Keycloak test realm configuration. +# It starts a temporary Keycloak instance, configures the realms using kcadm.sh, +# and exports the complete realms (including users with credentials) to JSON. +# +# Realms created: +# - pgrealm: The primary test realm. +# - wrongrealm: An identical realm used to test wrong-issuer scenarios. +# +# To update the realm JSON files, modify this script and re-run it. +# +# Requirements: podman or docker, curl, jq +# +# Usage: ./generate-realm.sh + +set -euo pipefail + +SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)" +IMPORT_DIR="$SCRIPT_DIR/import" + +CONTAINER_NAME="kc-realm-gen-$$" +EXPORT_CONTAINER="kc-realm-export-$$" +VOLUME_NAME="kc-realm-gen-data-$$" +KC_PORT=18080 +KC_IMAGE="quay.io/keycloak/keycloak:latest" + +# --- Detect dependencies --- + +if command -v podman &>/dev/null; then + RT=podman +elif command -v docker &>/dev/null; then + RT=docker +else + echo "Error: Neither podman nor docker found" >&2 + exit 1 +fi + +for cmd in curl jq; do + if ! command -v "$cmd" &>/dev/null; then + echo "Error: $cmd is required but not found" >&2 + exit 1 + fi +done + +echo "Using container runtime: $RT" + +# --- Cleanup --- + +cleanup() { + echo "Cleaning up..." + $RT stop "$CONTAINER_NAME" 2>/dev/null || true + $RT rm -f "$CONTAINER_NAME" 2>/dev/null || true + $RT rm -f "$EXPORT_CONTAINER" 2>/dev/null || true + $RT volume rm "$VOLUME_NAME" 2>/dev/null || true +} +trap cleanup EXIT + +# --- Helpers --- + +kcadm() { + $RT exec -i "$CONTAINER_NAME" /opt/keycloak/bin/kcadm.sh "$@" +} + +# Configure a realm with the standard test resources: +# - client scope 'pgscope', 'pgscope2' +# - client 'pgtest' and 'pgtest2' (public, device flow enabled) +# - user 'testuser' (testuser@example.com / asdfasdf) +# - user 'testuser2' (testuser2@example.com / asdfasdf) +# - role 'pgrole' (assigned to testuser2, required for pgtest2/pgscope2) +setup_realm() { + local realm=$1 + + echo "==> Creating realm '$realm'..." + kcadm create realms -s "realm=$realm" -s enabled=true + + # kcadm doesn't handle empty-body PUTs well, so we use curl for scope assignments. + local token + token=$(curl -sf -X POST "http://localhost:$KC_PORT/realms/master/protocol/openid-connect/token" \ + -d "client_id=admin-cli" \ + -d "username=admin" \ + -d "password=admin" \ + -d "grant_type=password" | jq -r '.access_token') + + echo " Creating client scopes 'pgscope' and 'pgscope2'..." + local scope_name scope_id + for scope_name in pgscope pgscope2; do + kcadm create client-scopes -r "$realm" -f - < Starting Keycloak..." +$RT volume create "$VOLUME_NAME" >/dev/null +$RT run -d --name "$CONTAINER_NAME" \ + -p "127.0.0.1:$KC_PORT:8080" \ + -v "$VOLUME_NAME:/opt/keycloak/data" \ + -e KC_BOOTSTRAP_ADMIN_USERNAME=admin \ + -e KC_BOOTSTRAP_ADMIN_PASSWORD=admin \ + "$KC_IMAGE" start-dev >/dev/null + +echo "==> Waiting for Keycloak to start..." +for i in $(seq 1 90); do + if curl -sf "http://localhost:$KC_PORT/realms/master" >/dev/null 2>&1; then + echo " Keycloak is ready." + break + fi + if [ "$i" -eq 90 ]; then + echo "Error: Keycloak did not start within 90 seconds" >&2 + $RT logs "$CONTAINER_NAME" 2>&1 | tail -20 + exit 1 + fi + sleep 1 +done + +# --- Step 2: Authenticate --- + +kcadm config credentials \ + --server http://localhost:8080 \ + --realm master \ + --user admin \ + --password admin + +# --- Step 3: Create realms --- + +setup_realm pgrealm +setup_realm wrongrealm + +# --- Step 4: Export realms --- + +echo "==> Stopping Keycloak for export..." +$RT stop "$CONTAINER_NAME" >/dev/null + +echo "==> Exporting realms..." +# Run kc.sh export in a new container with the same data volume. +# Using --dir so each realm gets its own file, with users included. +$RT run --name "$EXPORT_CONTAINER" \ + -v "$VOLUME_NAME:/opt/keycloak/data" \ + "$KC_IMAGE" \ + export --dir /tmp/export --users realm_file + +# Copy the exported realm files from the (stopped) container +$RT cp "$EXPORT_CONTAINER:/tmp/export/pgrealm-realm.json" "$IMPORT_DIR/pgrealm.json" +$RT cp "$EXPORT_CONTAINER:/tmp/export/wrongrealm-realm.json" "$IMPORT_DIR/wrongrealm.json" + +echo "==> Realms exported to $IMPORT_DIR/" +echo " Done!" diff --git a/test/get-token.sh b/test/get-token.sh new file mode 100755 index 0000000..9af2898 --- /dev/null +++ b/test/get-token.sh @@ -0,0 +1,64 @@ +#!/bin/bash +# get-token.sh - Get an access token from Keycloak via the password grant. +# +# Usage: +# ./get-token.sh [options] +# +# Options: +# -r REALM Realm name (default: pgrealm) +# -u USER Username (default: testuser) +# -p PASSWORD Password (default: asdfasdf) +# -c CLIENT Client ID (default: pgtest) +# -s SCOPES Space-separated scopes (default: "email pgscope") +# -h HOST Keycloak base URL (default: https://localhost:8443) +# -f FIELD Output a specific field instead of the full JSON response +# (e.g. "access_token", "refresh_token", "expires_in") +# +# Examples: +# ./get-token.sh # full JSON response +# ./get-token.sh -f access_token # just the access token +# ./get-token.sh -u testuser2 -s "email pgscope pgscope2" +# ./get-token.sh -r wrongrealm -f access_token + +set -euo pipefail + +REALM="pgrealm" +USER="testuser" +PASSWORD="asdfasdf" +CLIENT="pgtest" +SCOPES="email pgscope" +HOST="https://localhost:8443" +FIELD="" + +while getopts "r:u:p:c:s:h:f:" opt; do + case $opt in + r) REALM="$OPTARG" ;; + u) USER="$OPTARG" ;; + p) PASSWORD="$OPTARG" ;; + c) CLIENT="$OPTARG" ;; + s) SCOPES="$OPTARG" ;; + h) HOST="$OPTARG" ;; + f) FIELD="$OPTARG" ;; + *) echo "Usage: $0 [-r realm] [-u user] [-p password] [-c client] [-s scopes] [-h host] [-f field]" >&2; exit 1 ;; + esac +done + +TOKEN_URL="$HOST/realms/$REALM/protocol/openid-connect/token" + +RESPONSE=$(curl -sk -X POST "$TOKEN_URL" \ + -d "grant_type=password" \ + -d "client_id=$CLIENT" \ + -d "username=$USER" \ + -d "password=$PASSWORD" \ + -d "scope=$SCOPES") + +if echo "$RESPONSE" | jq -e '.error' >/dev/null 2>&1; then + echo "Error: $(echo "$RESPONSE" | jq -r '.error_description // .error')" >&2 + exit 1 +fi + +if [ -n "$FIELD" ]; then + echo "$RESPONSE" | jq -r --arg f "$FIELD" '.[$f]' +else + echo "$RESPONSE" | jq . +fi diff --git a/test/import/pgrealm.json b/test/import/pgrealm.json old mode 100755 new mode 100644 index 8e7d3de..776ba12 --- a/test/import/pgrealm.json +++ b/test/import/pgrealm.json @@ -1,5 +1,5 @@ { - "id" : "c865b5d7-3da6-4564-a758-175b0d5f0a82", + "id" : "2db4f2a1-4bd2-4d50-a66a-b52c2834fc42", "realm" : "pgrealm", "notBefore" : 0, "defaultSignatureAlgorithm" : "RS256", @@ -47,23 +47,30 @@ "failureFactor" : 30, "roles" : { "realm" : [ { - "id" : "98c611b4-4408-44cc-9f06-bf44f063fd38", + "id" : "177ea22b-8040-4ec2-8cba-d0000b7a93ba", "name" : "offline_access", "description" : "${role_offline-access}", "composite" : false, "clientRole" : false, - "containerId" : "c865b5d7-3da6-4564-a758-175b0d5f0a82", + "containerId" : "2db4f2a1-4bd2-4d50-a66a-b52c2834fc42", "attributes" : { } }, { - "id" : "94cb936a-648e-41f5-b654-987cdf4ba065", + "id" : "fbba9280-8a69-4642-9350-f00ebbb66bbf", + "name" : "pgrole", + "composite" : false, + "clientRole" : false, + "containerId" : "2db4f2a1-4bd2-4d50-a66a-b52c2834fc42", + "attributes" : { } + }, { + "id" : "735d3a03-3065-44b5-862d-78c6a97528fe", "name" : "uma_authorization", "description" : "${role_uma_authorization}", "composite" : false, "clientRole" : false, - "containerId" : "c865b5d7-3da6-4564-a758-175b0d5f0a82", + "containerId" : "2db4f2a1-4bd2-4d50-a66a-b52c2834fc42", "attributes" : { } }, { - "id" : "46c10297-3403-4665-a476-81e6b104c273", + "id" : "5396753b-1d12-4f41-869d-8ab9efd13370", "name" : "default-roles-pgrealm", "description" : "${role_default-roles}", "composite" : true, @@ -74,276 +81,277 @@ } }, "clientRole" : false, - "containerId" : "c865b5d7-3da6-4564-a758-175b0d5f0a82", + "containerId" : "2db4f2a1-4bd2-4d50-a66a-b52c2834fc42", "attributes" : { } } ], "client" : { "realm-management" : [ { - "id" : "b3682025-7810-44b6-a627-25b51234f8ff", - "name" : "realm-admin", - "description" : "${role_realm-admin}", - "composite" : true, - "composites" : { - "client" : { - "realm-management" : [ "manage-users", "query-realms", "view-events", "manage-events", "manage-realm", "manage-authorization", "view-users", "view-realm", "impersonation", "view-clients", "view-identity-providers", "manage-clients", "manage-identity-providers", "query-clients", "query-groups", "query-users", "create-client", "view-authorization" ] - } - }, + "id" : "85da8b84-ab6b-4674-b714-0415011b11cb", + "name" : "manage-clients", + "description" : "${role_manage-clients}", + "composite" : false, "clientRole" : true, - "containerId" : "eae55b27-6418-48d9-a563-f0507724ecf9", + "containerId" : "ea70eba2-a086-4782-a3c9-ea0e47658cfb", "attributes" : { } }, { - "id" : "30c7f757-0ef3-4c77-9eea-0ebf72ca9499", - "name" : "manage-users", - "description" : "${role_manage-users}", + "id" : "f836391c-7f95-4cc8-8bb4-c84b4207d4d1", + "name" : "query-clients", + "description" : "${role_query-clients}", "composite" : false, "clientRole" : true, - "containerId" : "eae55b27-6418-48d9-a563-f0507724ecf9", + "containerId" : "ea70eba2-a086-4782-a3c9-ea0e47658cfb", "attributes" : { } }, { - "id" : "94509a37-e0d5-4385-95d3-e48826c8b14d", - "name" : "query-realms", - "description" : "${role_query-realms}", + "id" : "f1e66a87-6e44-4465-85fe-0a6bc90c81d1", + "name" : "query-groups", + "description" : "${role_query-groups}", "composite" : false, "clientRole" : true, - "containerId" : "eae55b27-6418-48d9-a563-f0507724ecf9", + "containerId" : "ea70eba2-a086-4782-a3c9-ea0e47658cfb", "attributes" : { } }, { - "id" : "e43320a0-1ca2-4053-9aa8-6cea398812cb", - "name" : "view-events", - "description" : "${role_view-events}", - "composite" : false, + "id" : "401b87d6-7da7-410f-8bfe-6e7c198ed999", + "name" : "realm-admin", + "description" : "${role_realm-admin}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "manage-clients", "query-clients", "query-groups", "manage-events", "view-realm", "view-users", "view-events", "manage-authorization", "view-identity-providers", "query-realms", "query-users", "manage-realm", "manage-users", "view-authorization", "create-client", "impersonation", "manage-identity-providers", "view-clients" ] + } + }, "clientRole" : true, - "containerId" : "eae55b27-6418-48d9-a563-f0507724ecf9", + "containerId" : "ea70eba2-a086-4782-a3c9-ea0e47658cfb", "attributes" : { } }, { - "id" : "294afd20-6539-454f-bc85-8d27d76db6ca", + "id" : "e64d9dea-e804-46bd-ad0c-27d271f5ea9d", "name" : "manage-events", "description" : "${role_manage-events}", "composite" : false, "clientRole" : true, - "containerId" : "eae55b27-6418-48d9-a563-f0507724ecf9", + "containerId" : "ea70eba2-a086-4782-a3c9-ea0e47658cfb", "attributes" : { } }, { - "id" : "6f28aff0-9164-42e2-99e7-a8a9d4e8393a", - "name" : "manage-realm", - "description" : "${role_manage-realm}", - "composite" : false, - "clientRole" : true, - "containerId" : "eae55b27-6418-48d9-a563-f0507724ecf9", - "attributes" : { } - }, { - "id" : "e0132887-aeea-477b-a6bb-7aa4f322ceee", - "name" : "manage-authorization", - "description" : "${role_manage-authorization}", + "id" : "e52fe8b9-b6e6-405b-9db7-6d84092862a0", + "name" : "view-realm", + "description" : "${role_view-realm}", "composite" : false, "clientRole" : true, - "containerId" : "eae55b27-6418-48d9-a563-f0507724ecf9", + "containerId" : "ea70eba2-a086-4782-a3c9-ea0e47658cfb", "attributes" : { } }, { - "id" : "ef1d0795-8eb8-4289-a1c6-34ee8730eac5", - "name" : "view-realm", - "description" : "${role_view-realm}", + "id" : "fdf5de49-d6b2-41f8-9991-35686fd9c80a", + "name" : "view-events", + "description" : "${role_view-events}", "composite" : false, "clientRole" : true, - "containerId" : "eae55b27-6418-48d9-a563-f0507724ecf9", + "containerId" : "ea70eba2-a086-4782-a3c9-ea0e47658cfb", "attributes" : { } }, { - "id" : "242603d7-58de-48ac-a2c8-4d6771ccf1ad", + "id" : "9099dcf1-3305-47b8-8486-722fda54c28f", "name" : "view-users", "description" : "${role_view-users}", "composite" : true, "composites" : { "client" : { - "realm-management" : [ "query-groups", "query-users" ] + "realm-management" : [ "query-users", "query-groups" ] } }, "clientRole" : true, - "containerId" : "eae55b27-6418-48d9-a563-f0507724ecf9", + "containerId" : "ea70eba2-a086-4782-a3c9-ea0e47658cfb", "attributes" : { } }, { - "id" : "b55f17ca-db71-4368-91e9-f21e3533f860", - "name" : "impersonation", - "description" : "${role_impersonation}", + "id" : "aeaaebaa-75c0-4b49-b98c-a2283b6e64e7", + "name" : "manage-authorization", + "description" : "${role_manage-authorization}", "composite" : false, "clientRole" : true, - "containerId" : "eae55b27-6418-48d9-a563-f0507724ecf9", + "containerId" : "ea70eba2-a086-4782-a3c9-ea0e47658cfb", "attributes" : { } }, { - "id" : "41803869-cbc5-4273-ae19-ad1a80e57d8f", - "name" : "view-clients", - "description" : "${role_view-clients}", - "composite" : true, - "composites" : { - "client" : { - "realm-management" : [ "query-clients" ] - } - }, + "id" : "405b7169-97b6-44af-b74a-cd330e919554", + "name" : "view-identity-providers", + "description" : "${role_view-identity-providers}", + "composite" : false, "clientRole" : true, - "containerId" : "eae55b27-6418-48d9-a563-f0507724ecf9", + "containerId" : "ea70eba2-a086-4782-a3c9-ea0e47658cfb", "attributes" : { } }, { - "id" : "d894718e-630c-4fc9-9c6b-474d4932a7e8", - "name" : "view-identity-providers", - "description" : "${role_view-identity-providers}", + "id" : "708ef33e-9548-45a3-b182-a84f9f5c8f6c", + "name" : "query-realms", + "description" : "${role_query-realms}", "composite" : false, "clientRole" : true, - "containerId" : "eae55b27-6418-48d9-a563-f0507724ecf9", + "containerId" : "ea70eba2-a086-4782-a3c9-ea0e47658cfb", "attributes" : { } }, { - "id" : "c1c37850-1a9f-4036-a2f6-46f623113d58", - "name" : "manage-clients", - "description" : "${role_manage-clients}", + "id" : "8fb250bd-d066-491c-be77-178d29006067", + "name" : "query-users", + "description" : "${role_query-users}", "composite" : false, "clientRole" : true, - "containerId" : "eae55b27-6418-48d9-a563-f0507724ecf9", + "containerId" : "ea70eba2-a086-4782-a3c9-ea0e47658cfb", "attributes" : { } }, { - "id" : "e4091215-5bb7-41f5-ba32-14c90c3d7133", - "name" : "manage-identity-providers", - "description" : "${role_manage-identity-providers}", + "id" : "5571fd40-d360-41d9-bc5b-dcded62afbbd", + "name" : "manage-realm", + "description" : "${role_manage-realm}", "composite" : false, "clientRole" : true, - "containerId" : "eae55b27-6418-48d9-a563-f0507724ecf9", + "containerId" : "ea70eba2-a086-4782-a3c9-ea0e47658cfb", "attributes" : { } }, { - "id" : "65659dd5-cc08-4f4a-904a-b0e2d903eedd", - "name" : "query-clients", - "description" : "${role_query-clients}", + "id" : "9fd66bd0-3564-4754-b675-15a80014aac9", + "name" : "manage-users", + "description" : "${role_manage-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "ea70eba2-a086-4782-a3c9-ea0e47658cfb", + "attributes" : { } + }, { + "id" : "28ba8e20-0e2c-4fb7-9c78-fcca62d0e555", + "name" : "view-authorization", + "description" : "${role_view-authorization}", "composite" : false, "clientRole" : true, - "containerId" : "eae55b27-6418-48d9-a563-f0507724ecf9", + "containerId" : "ea70eba2-a086-4782-a3c9-ea0e47658cfb", "attributes" : { } }, { - "id" : "c79393a8-8dd2-430a-99ae-49e22d10bc5d", + "id" : "6be30740-a177-488d-8346-a2dbe466e602", "name" : "create-client", "description" : "${role_create-client}", "composite" : false, "clientRole" : true, - "containerId" : "eae55b27-6418-48d9-a563-f0507724ecf9", + "containerId" : "ea70eba2-a086-4782-a3c9-ea0e47658cfb", "attributes" : { } }, { - "id" : "89d95445-3698-4fd7-af3e-587396bc16fb", - "name" : "query-groups", - "description" : "${role_query-groups}", + "id" : "cca768af-5f6c-4d32-9665-d96b74713df9", + "name" : "impersonation", + "description" : "${role_impersonation}", "composite" : false, "clientRole" : true, - "containerId" : "eae55b27-6418-48d9-a563-f0507724ecf9", + "containerId" : "ea70eba2-a086-4782-a3c9-ea0e47658cfb", "attributes" : { } }, { - "id" : "a9488ae3-8477-47ee-b6d2-b02332ddef64", - "name" : "query-users", - "description" : "${role_query-users}", + "id" : "222c48db-12bd-4132-80ad-dc40cea32f54", + "name" : "manage-identity-providers", + "description" : "${role_manage-identity-providers}", "composite" : false, "clientRole" : true, - "containerId" : "eae55b27-6418-48d9-a563-f0507724ecf9", + "containerId" : "ea70eba2-a086-4782-a3c9-ea0e47658cfb", "attributes" : { } }, { - "id" : "626d0112-af63-431b-b422-c9f699fe5e4f", - "name" : "view-authorization", - "description" : "${role_view-authorization}", - "composite" : false, + "id" : "50d7e63b-b6d1-48bb-82a4-ee22e225a31a", + "name" : "view-clients", + "description" : "${role_view-clients}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "query-clients" ] + } + }, "clientRole" : true, - "containerId" : "eae55b27-6418-48d9-a563-f0507724ecf9", + "containerId" : "ea70eba2-a086-4782-a3c9-ea0e47658cfb", "attributes" : { } } ], + "pgtest2" : [ ], "security-admin-console" : [ ], "admin-cli" : [ ], "pgtest" : [ ], "account-console" : [ ], "broker" : [ { - "id" : "67c81405-ee83-4dc7-a54b-fd2fb29e6f85", + "id" : "9aca1acd-cd3d-405b-866f-a93afbb29fc3", "name" : "read-token", "description" : "${role_read-token}", "composite" : false, "clientRole" : true, - "containerId" : "2d154eab-24dd-4047-931c-a8407fba5fe2", + "containerId" : "72b348a9-e35a-4e7a-a775-119a1d008f80", "attributes" : { } } ], "account" : [ { - "id" : "2c311c5e-714f-4882-9531-f62b9f722d5f", - "name" : "manage-account", - "description" : "${role_manage-account}", + "id" : "f2ba3817-6d83-4571-9662-02b08ffcc326", + "name" : "view-consent", + "description" : "${role_view-consent}", + "composite" : false, + "clientRole" : true, + "containerId" : "fa0cccae-6b87-4380-b74b-0f02c96b7246", + "attributes" : { } + }, { + "id" : "864be0bd-2379-46e3-9e44-870fe7df0af9", + "name" : "manage-consent", + "description" : "${role_manage-consent}", "composite" : true, "composites" : { "client" : { - "account" : [ "manage-account-links" ] + "account" : [ "view-consent" ] } }, "clientRole" : true, - "containerId" : "5a33b207-3c3b-4f9c-a1d2-a68b41c4f094", - "attributes" : { } - }, { - "id" : "cfce8d64-5e85-44bf-b7c0-87eef1625bbb", - "name" : "view-profile", - "description" : "${role_view-profile}", - "composite" : false, - "clientRole" : true, - "containerId" : "5a33b207-3c3b-4f9c-a1d2-a68b41c4f094", + "containerId" : "fa0cccae-6b87-4380-b74b-0f02c96b7246", "attributes" : { } }, { - "id" : "19d9a744-4274-4eb0-8a17-d28ef71506a0", - "name" : "manage-consent", - "description" : "${role_manage-consent}", + "id" : "0ee92d66-73f8-4665-b75b-dba0f3a817d9", + "name" : "manage-account", + "description" : "${role_manage-account}", "composite" : true, "composites" : { "client" : { - "account" : [ "view-consent" ] + "account" : [ "manage-account-links" ] } }, "clientRole" : true, - "containerId" : "5a33b207-3c3b-4f9c-a1d2-a68b41c4f094", + "containerId" : "fa0cccae-6b87-4380-b74b-0f02c96b7246", "attributes" : { } }, { - "id" : "ea72af26-0172-4c00-b66d-1224dd9dc7ec", + "id" : "3474a274-282d-4a25-8ae3-d4d341881a3e", "name" : "view-groups", "description" : "${role_view-groups}", "composite" : false, "clientRole" : true, - "containerId" : "5a33b207-3c3b-4f9c-a1d2-a68b41c4f094", + "containerId" : "fa0cccae-6b87-4380-b74b-0f02c96b7246", "attributes" : { } }, { - "id" : "6e50ff72-d861-401a-9894-fdfa54f6f58d", - "name" : "view-consent", - "description" : "${role_view-consent}", + "id" : "5e4de0b1-b325-45d4-8a69-66a7435366e0", + "name" : "delete-account", + "description" : "${role_delete-account}", "composite" : false, "clientRole" : true, - "containerId" : "5a33b207-3c3b-4f9c-a1d2-a68b41c4f094", + "containerId" : "fa0cccae-6b87-4380-b74b-0f02c96b7246", "attributes" : { } }, { - "id" : "37c6f79c-fd83-4d6f-a4e4-255a5970a207", - "name" : "view-applications", - "description" : "${role_view-applications}", + "id" : "7a20438c-559b-4645-b74c-236fc33cdefa", + "name" : "manage-account-links", + "description" : "${role_manage-account-links}", "composite" : false, "clientRole" : true, - "containerId" : "5a33b207-3c3b-4f9c-a1d2-a68b41c4f094", + "containerId" : "fa0cccae-6b87-4380-b74b-0f02c96b7246", "attributes" : { } }, { - "id" : "5507450a-8670-4573-bab7-9aca550ab1f4", - "name" : "manage-account-links", - "description" : "${role_manage-account-links}", + "id" : "4041f7d4-67e4-4c81-a4cb-61fdfe548d2e", + "name" : "view-profile", + "description" : "${role_view-profile}", "composite" : false, "clientRole" : true, - "containerId" : "5a33b207-3c3b-4f9c-a1d2-a68b41c4f094", + "containerId" : "fa0cccae-6b87-4380-b74b-0f02c96b7246", "attributes" : { } }, { - "id" : "4ef781b0-b193-4ed9-b55d-6c5b388e07f7", - "name" : "delete-account", - "description" : "${role_delete-account}", + "id" : "e65f28ee-39e1-4931-9688-14a0f0cb1723", + "name" : "view-applications", + "description" : "${role_view-applications}", "composite" : false, "clientRole" : true, - "containerId" : "5a33b207-3c3b-4f9c-a1d2-a68b41c4f094", + "containerId" : "fa0cccae-6b87-4380-b74b-0f02c96b7246", "attributes" : { } } ] } }, "groups" : [ ], "defaultRole" : { - "id" : "46c10297-3403-4665-a476-81e6b104c273", + "id" : "5396753b-1d12-4f41-869d-8ab9efd13370", "name" : "default-roles-pgrealm", "description" : "${role_default-roles}", "composite" : true, "clientRole" : false, - "containerId" : "c865b5d7-3da6-4564-a758-175b0d5f0a82" + "containerId" : "2db4f2a1-4bd2-4d50-a66a-b52c2834fc42" }, "requiredCredentials" : [ "password" ], "otpPolicyType" : "totp", @@ -378,21 +386,20 @@ "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ], "webAuthnPolicyPasswordlessExtraOrigins" : [ ], "users" : [ { - "id" : "1424179e-d0bb-4bfd-8c8c-97829509b28f", + "id" : "936e62c9-1a36-4395-b940-9d78ecee1c74", "username" : "testuser", "firstName" : "Pg", "lastName" : "User", "email" : "testuser@example.com", "emailVerified" : true, "enabled" : true, - "createdTimestamp" : 1762982384324, + "createdTimestamp" : 1772045909678, "totp" : false, "credentials" : [ { - "id" : "084d9463-6912-43b0-a1fb-246b68814aab", + "id" : "124a51e0-6532-402f-95f6-673b8c6d9074", "type" : "password", - "userLabel" : "My password", - "createdDate" : 1762982407709, - "secretData" : "{\"value\":\"pxpUdNZu/emJLXyjc7zqx+MxYjIksPZj7o/txf3SnpM=\",\"salt\":\"211XF96kQVoSLJjrmCQkLA==\",\"additionalParameters\":{}}", + "createdDate" : 1772045910610, + "secretData" : "{\"value\":\"m6og8YHCRVD9DxBha2hifVlOISDZt/yIONoBiYsHlqQ=\",\"salt\":\"LeqQdqDiY873Nb5+AeWshg==\",\"additionalParameters\":{}}", "credentialData" : "{\"hashIterations\":5,\"algorithm\":\"argon2\",\"additionalParameters\":{\"hashLength\":[\"32\"],\"memory\":[\"7168\"],\"type\":[\"id\"],\"version\":[\"1.3\"],\"parallelism\":[\"1\"]}}" } ], "disableableCredentialTypes" : [ ], @@ -400,8 +407,36 @@ "realmRoles" : [ "default-roles-pgrealm" ], "notBefore" : 0, "groups" : [ ] + }, { + "id" : "f54a113e-4d98-457e-8f41-785049d0b7de", + "username" : "testuser2", + "firstName" : "Pg", + "lastName" : "User", + "email" : "testuser2@example.com", + "emailVerified" : true, + "enabled" : true, + "createdTimestamp" : 1772045911476, + "totp" : false, + "credentials" : [ { + "id" : "e020dd48-d269-4f50-9713-4495524b6eae", + "type" : "password", + "createdDate" : 1772045912357, + "secretData" : "{\"value\":\"hQJJy8tsqe4uWvmQxGeYGkc3n+mHBaW7EVj+oWkV1dw=\",\"salt\":\"PL2YHb4NrA7gwaze2CM/Ew==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":5,\"algorithm\":\"argon2\",\"additionalParameters\":{\"hashLength\":[\"32\"],\"memory\":[\"7168\"],\"type\":[\"id\"],\"version\":[\"1.3\"],\"parallelism\":[\"1\"]}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "pgrole", "default-roles-pgrealm" ], + "notBefore" : 0, + "groups" : [ ] } ], "scopeMappings" : [ { + "client" : "pgtest2", + "roles" : [ "pgrole" ] + }, { + "clientScope" : "pgscope2", + "roles" : [ "pgrole" ] + }, { "clientScope" : "offline_access", "roles" : [ "offline_access" ] } ], @@ -412,7 +447,7 @@ } ] }, "clients" : [ { - "id" : "5a33b207-3c3b-4f9c-a1d2-a68b41c4f094", + "id" : "fa0cccae-6b87-4380-b74b-0f02c96b7246", "clientId" : "account", "name" : "${client_account}", "rootUrl" : "${authBaseUrl}", @@ -440,10 +475,10 @@ "authenticationFlowBindingOverrides" : { }, "fullScopeAllowed" : false, "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "basic", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "organization", "microprofile-jwt" ] + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "basic", "email" ], + "optionalClientScopes" : [ "address", "phone", "organization", "offline_access", "microprofile-jwt" ] }, { - "id" : "bd2f481c-b546-4ef7-ac66-e878370edd1f", + "id" : "fad1f739-1aad-4195-a95e-72bb5bb7d850", "clientId" : "account-console", "name" : "${client_account-console}", "rootUrl" : "${authBaseUrl}", @@ -473,17 +508,17 @@ "fullScopeAllowed" : false, "nodeReRegistrationTimeout" : 0, "protocolMappers" : [ { - "id" : "dd967eba-18d6-4621-81fd-9a6e742cafb8", + "id" : "e3046f24-6d16-48d4-8014-d3121f39beb6", "name" : "audience resolve", "protocol" : "openid-connect", "protocolMapper" : "oidc-audience-resolve-mapper", "consentRequired" : false, "config" : { } } ], - "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "basic", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "organization", "microprofile-jwt" ] + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "basic", "email" ], + "optionalClientScopes" : [ "address", "phone", "organization", "offline_access", "microprofile-jwt" ] }, { - "id" : "2aa2910c-e0bc-4bf3-9567-b6a62b9ba9d1", + "id" : "44f1f558-d2ea-4596-870b-aebc45bfe896", "clientId" : "admin-cli", "name" : "${client_admin-cli}", "surrogateAuthRequired" : false, @@ -504,16 +539,15 @@ "protocol" : "openid-connect", "attributes" : { "realm_client" : "false", - "client.use.lightweight.access.token.enabled" : "true", - "post.logout.redirect.uris" : "+" + "client.use.lightweight.access.token.enabled" : "true" }, "authenticationFlowBindingOverrides" : { }, "fullScopeAllowed" : true, "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "basic", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "organization", "microprofile-jwt" ] + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "basic", "email" ], + "optionalClientScopes" : [ "address", "phone", "organization", "offline_access", "microprofile-jwt" ] }, { - "id" : "2d154eab-24dd-4047-931c-a8407fba5fe2", + "id" : "72b348a9-e35a-4e7a-a775-119a1d008f80", "clientId" : "broker", "name" : "${client_broker}", "surrogateAuthRequired" : false, @@ -533,22 +567,17 @@ "frontchannelLogout" : false, "protocol" : "openid-connect", "attributes" : { - "realm_client" : "true", - "post.logout.redirect.uris" : "+" + "realm_client" : "true" }, "authenticationFlowBindingOverrides" : { }, "fullScopeAllowed" : false, "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "basic", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "organization", "microprofile-jwt" ] + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "basic", "email" ], + "optionalClientScopes" : [ "address", "phone", "organization", "offline_access", "microprofile-jwt" ] }, { - "id" : "cd5d149f-304f-4ee0-91cc-c693f3136a01", + "id" : "54a5e0ce-3f93-44f8-9a98-f6f1db49f8d6", "clientId" : "pgtest", - "name" : "PgTest", - "description" : "", - "rootUrl" : "", - "adminUrl" : "", - "baseUrl" : "", + "name" : "pgtest", "surrogateAuthRequired" : false, "enabled" : true, "alwaysDisplayInConsole" : true, @@ -560,28 +589,57 @@ "consentRequired" : false, "standardFlowEnabled" : true, "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : true, + "protocol" : "openid-connect", + "attributes" : { + "realm_client" : "false", + "backchannel.logout.session.required" : "true", + "post.logout.redirect.uris" : "+", + "oauth2.device.authorization.grant.enabled" : "true", + "backchannel.logout.revoke.offline.tokens" : "false" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : -1, + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "basic", "email" ], + "optionalClientScopes" : [ "address", "phone", "organization", "offline_access", "microprofile-jwt", "pgscope", "pgscope2" ] + }, { + "id" : "0800ebdf-3e66-427b-8454-4fd7e8221e92", + "clientId" : "pgtest2", + "name" : "pgtest2", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : true, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/*" ], + "webOrigins" : [ "/*" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, "serviceAccountsEnabled" : false, "publicClient" : true, "frontchannelLogout" : true, "protocol" : "openid-connect", "attributes" : { "realm_client" : "false", - "oidc.ciba.grant.enabled" : "false", "backchannel.logout.session.required" : "true", - "standard.token.exchange.enabled" : "false", "post.logout.redirect.uris" : "+", "oauth2.device.authorization.grant.enabled" : "true", - "backchannel.logout.revoke.offline.tokens" : "false", - "dpop.bound.access.tokens" : "false" + "backchannel.logout.revoke.offline.tokens" : "false" }, "authenticationFlowBindingOverrides" : { }, "fullScopeAllowed" : true, "nodeReRegistrationTimeout" : -1, - "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "basic", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "organization", "microprofile-jwt", "pgscope" ] + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "basic", "email" ], + "optionalClientScopes" : [ "address", "phone", "organization", "offline_access", "microprofile-jwt", "pgscope", "pgscope2" ] }, { - "id" : "eae55b27-6418-48d9-a563-f0507724ecf9", + "id" : "ea70eba2-a086-4782-a3c9-ea0e47658cfb", "clientId" : "realm-management", "name" : "${client_realm-management}", "surrogateAuthRequired" : false, @@ -601,16 +659,15 @@ "frontchannelLogout" : false, "protocol" : "openid-connect", "attributes" : { - "realm_client" : "true", - "post.logout.redirect.uris" : "+" + "realm_client" : "true" }, "authenticationFlowBindingOverrides" : { }, "fullScopeAllowed" : false, "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "basic", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "organization", "microprofile-jwt" ] + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "basic", "email" ], + "optionalClientScopes" : [ "address", "phone", "organization", "offline_access", "microprofile-jwt" ] }, { - "id" : "3e2958db-2935-460b-84c4-135da86d8d67", + "id" : "2ed8e434-3a2e-4e16-b84e-1c6c0bc14650", "clientId" : "security-admin-console", "name" : "${client_security-admin-console}", "rootUrl" : "${authAdminUrl}", @@ -641,7 +698,7 @@ "fullScopeAllowed" : true, "nodeReRegistrationTimeout" : 0, "protocolMappers" : [ { - "id" : "063c0021-98d1-4ab1-a75a-ee0163402c28", + "id" : "cedc0237-0d19-4c29-a8a7-121ae7bcfbfc", "name" : "locale", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", @@ -656,83 +713,73 @@ "jsonType.label" : "String" } } ], - "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "basic", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "organization", "microprofile-jwt" ] + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "basic", "email" ], + "optionalClientScopes" : [ "address", "phone", "organization", "offline_access", "microprofile-jwt" ] } ], "clientScopes" : [ { - "id" : "b5b71299-56c1-4cfe-ba08-e735fba86859", - "name" : "microprofile-jwt", - "description" : "Microprofile - JWT built-in scope", + "id" : "ce9f45a3-9fca-4abb-98df-b0e3f4578ad4", + "name" : "phone", + "description" : "OpenID Connect built-in scope: phone", "protocol" : "openid-connect", "attributes" : { "include.in.token.scope" : "true", - "display.on.consent.screen" : "false" + "consent.screen.text" : "${phoneScopeConsentText}", + "display.on.consent.screen" : "true" }, "protocolMappers" : [ { - "id" : "8ede0519-f2c5-4183-80d3-0eb6f42dfac0", - "name" : "groups", + "id" : "7d29aed2-c743-468e-89ab-fc84ae8a0c7d", + "name" : "phone number", "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "introspection.token.claim" : "true", - "multivalued" : "true", "userinfo.token.claim" : "true", - "user.attribute" : "foo", + "user.attribute" : "phoneNumber", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "groups", + "claim.name" : "phone_number", "jsonType.label" : "String" } }, { - "id" : "534a12f6-7f53-423e-a447-4f09bd8bd74a", - "name" : "upn", + "id" : "0b66f4ae-f53b-45db-a84e-12abd82f65df", + "name" : "phone number verified", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "introspection.token.claim" : "true", "userinfo.token.claim" : "true", - "user.attribute" : "username", + "user.attribute" : "phoneNumberVerified", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "upn", - "jsonType.label" : "String" + "claim.name" : "phone_number_verified", + "jsonType.label" : "boolean" } } ] }, { - "id" : "8193a191-110a-4c7d-ab57-9d3a86f25cba", - "name" : "offline_access", - "description" : "OpenID Connect built-in scope: offline_access", - "protocol" : "openid-connect", - "attributes" : { - "consent.screen.text" : "${offlineAccessScopeConsentText}", - "display.on.consent.screen" : "true" - } - }, { - "id" : "06601773-4722-4769-987d-3c18ef02d5df", - "name" : "acr", - "description" : "OpenID Connect scope for add acr (authentication context class reference) to the token", + "id" : "bf35844c-e871-4c1b-aaa4-95122866d4fc", + "name" : "web-origins", + "description" : "OpenID Connect scope for add allowed web origins to the access token", "protocol" : "openid-connect", "attributes" : { "include.in.token.scope" : "false", + "consent.screen.text" : "", "display.on.consent.screen" : "false" }, "protocolMappers" : [ { - "id" : "a1248e3d-d081-43bd-814a-c1d32ebfe056", - "name" : "acr loa level", + "id" : "df9410cf-8b4b-4543-a3f5-7c0bf5f5688e", + "name" : "allowed web origins", "protocol" : "openid-connect", - "protocolMapper" : "oidc-acr-mapper", + "protocolMapper" : "oidc-allowed-origins-mapper", "consentRequired" : false, "config" : { - "id.token.claim" : "true", "introspection.token.claim" : "true", - "access.token.claim" : "true", - "userinfo.token.claim" : "true" + "access.token.claim" : "true" } } ] }, { - "id" : "f08e7346-f3c5-47aa-91f6-62aae8041b05", + "id" : "04a0f643-cd47-40da-becb-0cfdb803b67a", "name" : "saml_organization", "description" : "Organization Membership", "protocol" : "saml", @@ -740,7 +787,7 @@ "display.on.consent.screen" : "false" }, "protocolMappers" : [ { - "id" : "5e33e422-d374-4edf-8570-3340c23125dc", + "id" : "5d555dc1-70b4-463f-8dd8-096679610d61", "name" : "organization", "protocol" : "saml", "protocolMapper" : "saml-organization-membership-mapper", @@ -748,241 +795,392 @@ "config" : { } } ] }, { - "id" : "9118b66a-4cb9-45ae-a3cc-4c53dae487ad", - "name" : "role_list", - "description" : "SAML role list", - "protocol" : "saml", + "id" : "059861f2-d129-4b0b-bffc-b82022cf896e", + "name" : "basic", + "description" : "OpenID Connect scope for add all basic claims to the token", + "protocol" : "openid-connect", "attributes" : { - "consent.screen.text" : "${samlRoleListScopeConsentText}", - "display.on.consent.screen" : "true" + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false" }, "protocolMappers" : [ { - "id" : "bf1ddbcc-db16-432a-9640-6d1f0d667eb4", - "name" : "role list", - "protocol" : "saml", - "protocolMapper" : "saml-role-list-mapper", + "id" : "74656928-2ff2-40c9-97dc-6c9278c85eea", + "name" : "auth_time", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usersessionmodel-note-mapper", "consentRequired" : false, "config" : { - "single" : "false", - "attribute.nameformat" : "Basic", - "attribute.name" : "Role" - } - } ] + "user.session.note" : "AUTH_TIME", + "id.token.claim" : "true", + "introspection.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "auth_time", + "jsonType.label" : "long" + } + }, { + "id" : "21ac83cc-cbc9-419b-bc26-fef602d2da42", + "name" : "sub", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-sub-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "access.token.claim" : "true" + } + } ] }, { - "id" : "915e46d1-25a4-40ad-bd76-a5f480ff078c", - "name" : "phone", - "description" : "OpenID Connect built-in scope: phone", + "id" : "6908f5f1-747f-4e59-9997-28cecd0d4bec", + "name" : "pgscope2", "protocol" : "openid-connect", "attributes" : { "include.in.token.scope" : "true", - "consent.screen.text" : "${phoneScopeConsentText}", + "consent.screen.text" : "PgTest Scope", + "display.on.consent.screen" : "true" + } + }, { + "id" : "cfd8098b-827c-449a-95f1-8640973ad6d6", + "name" : "role_list", + "description" : "SAML role list", + "protocol" : "saml", + "attributes" : { + "consent.screen.text" : "${samlRoleListScopeConsentText}", "display.on.consent.screen" : "true" }, "protocolMappers" : [ { - "id" : "40681b83-2854-4073-a8f5-5ea42a9ea6d4", - "name" : "phone number", + "id" : "eb3e4c3e-2063-4a06-887c-1603e2f5ecac", + "name" : "role list", + "protocol" : "saml", + "protocolMapper" : "saml-role-list-mapper", + "consentRequired" : false, + "config" : { + "single" : "false", + "attribute.nameformat" : "Basic", + "attribute.name" : "Role" + } + } ] + }, { + "id" : "5b250107-b092-470a-8181-3dc7a4edb379", + "name" : "roles", + "description" : "OpenID Connect scope for add user roles to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "consent.screen.text" : "${rolesScopeConsentText}", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "ceafb627-fd18-4bf3-acbd-8399f7fc7e87", + "name" : "audience resolve", "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", + "protocolMapper" : "oidc-audience-resolve-mapper", "consentRequired" : false, "config" : { "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "phoneNumber", - "id.token.claim" : "true", + "access.token.claim" : "true" + } + }, { + "id" : "2b4c8a6f-7cbc-40c6-b63d-6c5e06ade689", + "name" : "client roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-client-role-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "foo", + "introspection.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "phone_number", - "jsonType.label" : "String" + "claim.name" : "resource_access.${client_id}.roles", + "jsonType.label" : "String", + "multivalued" : "true" } }, { - "id" : "3e79f28e-e0da-45a0-a39c-1ed1defb3470", - "name" : "phone number verified", + "id" : "4a99c36e-65f1-47d8-9724-0dee145471fa", + "name" : "realm roles", "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", "consentRequired" : false, "config" : { + "user.attribute" : "foo", "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "phoneNumberVerified", - "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "phone_number_verified", - "jsonType.label" : "boolean" + "claim.name" : "realm_access.roles", + "jsonType.label" : "String", + "multivalued" : "true" } } ] }, { - "id" : "74965444-85b5-4ab7-9bf8-1a1b47418bc9", - "name" : "profile", - "description" : "OpenID Connect built-in scope: profile", + "id" : "af930dce-4630-405d-a4e2-5673ff97d445", + "name" : "offline_access", + "description" : "OpenID Connect built-in scope: offline_access", + "protocol" : "openid-connect", + "attributes" : { + "consent.screen.text" : "${offlineAccessScopeConsentText}", + "display.on.consent.screen" : "true" + } + }, { + "id" : "1c77a993-1d2f-4762-bbd6-973ce8a7f78e", + "name" : "acr", + "description" : "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "63efa650-bcb3-4453-b5bd-de09e701cea6", + "name" : "acr loa level", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-acr-mapper", + "consentRequired" : false, + "config" : { + "id.token.claim" : "true", + "introspection.token.claim" : "true", + "access.token.claim" : "true" + } + } ] + }, { + "id" : "3f6c9142-0826-484b-b908-a25668d4a570", + "name" : "pgscope", "protocol" : "openid-connect", "attributes" : { "include.in.token.scope" : "true", - "consent.screen.text" : "${profileScopeConsentText}", + "consent.screen.text" : "PgTest Scope", "display.on.consent.screen" : "true" + } + }, { + "id" : "55795111-021d-4597-95be-cf9c0a88893d", + "name" : "microprofile-jwt", + "description" : "Microprofile - JWT built-in scope", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "false" }, "protocolMappers" : [ { - "id" : "95babc88-7f7b-43e8-b56a-bde21a9f5104", - "name" : "profile", + "id" : "7e52a61b-4118-4583-b4c7-1b534c0a3258", + "name" : "groups", "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", "consentRequired" : false, "config" : { "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "profile", + "multivalued" : "true", + "user.attribute" : "foo", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "profile", + "claim.name" : "groups", "jsonType.label" : "String" } }, { - "id" : "f08dfabb-79b8-4930-a54f-5fae8489d515", - "name" : "middle name", + "id" : "100f7c60-0bf0-40aa-9d53-caee6775de2a", + "name" : "upn", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "introspection.token.claim" : "true", "userinfo.token.claim" : "true", - "user.attribute" : "middleName", + "user.attribute" : "username", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "middle_name", + "claim.name" : "upn", "jsonType.label" : "String" } - }, { - "id" : "37f1a7f6-5f01-4b7e-93d3-6cfad55bb9d2", - "name" : "zoneinfo", + } ] + }, { + "id" : "d9ddda61-0ce9-444e-8643-8e41de912035", + "name" : "service_account", + "description" : "Specific scope for a client enabled for service accounts", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "f2e280c1-6e1a-4279-9a51-01eb901a1501", + "name" : "Client IP Address", "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", + "protocolMapper" : "oidc-usersessionmodel-note-mapper", "consentRequired" : false, "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "zoneinfo", + "user.session.note" : "clientAddress", "id.token.claim" : "true", + "introspection.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "zoneinfo", + "claim.name" : "clientAddress", "jsonType.label" : "String" } }, { - "id" : "08086719-aa3f-45ef-9a19-1e47e1f72beb", - "name" : "gender", + "id" : "6a417887-24e7-449d-91f2-72b2ee66035c", + "name" : "Client ID", "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", + "protocolMapper" : "oidc-usersessionmodel-note-mapper", "consentRequired" : false, "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "gender", + "user.session.note" : "client_id", "id.token.claim" : "true", + "introspection.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "gender", + "claim.name" : "client_id", "jsonType.label" : "String" } }, { - "id" : "4680bfbd-d04e-4069-b377-c99c14e00d81", - "name" : "locale", + "id" : "9adb0e60-f032-44fa-9ff0-0cfb5c1ed268", + "name" : "Client Host", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usersessionmodel-note-mapper", + "consentRequired" : false, + "config" : { + "user.session.note" : "clientHost", + "id.token.claim" : "true", + "introspection.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "clientHost", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "79cf4b32-700c-4341-a142-c2c741ab3b5c", + "name" : "email", + "description" : "OpenID Connect built-in scope: email", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "consent.screen.text" : "${emailScopeConsentText}", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "4ee373e0-4b65-4686-b642-9c0a8c559845", + "name" : "email", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "introspection.token.claim" : "true", "userinfo.token.claim" : "true", - "user.attribute" : "locale", + "user.attribute" : "email", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "locale", + "claim.name" : "email", "jsonType.label" : "String" } }, { - "id" : "dd9c6b5c-b5e2-44a2-9f36-fc0de59f500b", - "name" : "full name", + "id" : "af212f93-e6c5-4f08-95c2-e100b01badb3", + "name" : "email verified", "protocol" : "openid-connect", - "protocolMapper" : "oidc-full-name-mapper", + "protocolMapper" : "oidc-usermodel-property-mapper", "consentRequired" : false, "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "emailVerified", "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email_verified", + "jsonType.label" : "boolean" + } + } ] + }, { + "id" : "21e7b93e-c7f6-4d89-811e-77a673c4906c", + "name" : "profile", + "description" : "OpenID Connect built-in scope: profile", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "consent.screen.text" : "${profileScopeConsentText}", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "c7325886-67bc-4d35-82a5-2521310c4bb4", + "name" : "birthdate", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "birthdate", + "id.token.claim" : "true", "access.token.claim" : "true", - "userinfo.token.claim" : "true" + "claim.name" : "birthdate", + "jsonType.label" : "String" } }, { - "id" : "8a2ea915-6b5a-4d12-85be-1175ac510a72", - "name" : "family name", + "id" : "8dea36b0-c5cd-4668-ad24-22ab7e88c7f4", + "name" : "given name", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "introspection.token.claim" : "true", "userinfo.token.claim" : "true", - "user.attribute" : "lastName", + "user.attribute" : "firstName", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "family_name", + "claim.name" : "given_name", "jsonType.label" : "String" } }, { - "id" : "7c433f10-e559-4218-88d2-5ce47adff500", - "name" : "username", + "id" : "c417f98d-2153-4da3-944f-e23122c0f243", + "name" : "locale", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "introspection.token.claim" : "true", "userinfo.token.claim" : "true", - "user.attribute" : "username", + "user.attribute" : "locale", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "preferred_username", + "claim.name" : "locale", "jsonType.label" : "String" } }, { - "id" : "5ae75fde-b747-4a34-8501-8ac2b50ebd64", - "name" : "website", + "id" : "6b589f30-0461-4814-b11a-a5aa6b1f2862", + "name" : "middle name", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "introspection.token.claim" : "true", "userinfo.token.claim" : "true", - "user.attribute" : "website", + "user.attribute" : "middleName", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "website", + "claim.name" : "middle_name", "jsonType.label" : "String" } }, { - "id" : "90867523-6847-422a-8844-f613b642e3b9", - "name" : "picture", + "id" : "7226e47c-f572-442d-99a0-1682d441af71", + "name" : "family name", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "introspection.token.claim" : "true", "userinfo.token.claim" : "true", - "user.attribute" : "picture", + "user.attribute" : "lastName", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "picture", + "claim.name" : "family_name", "jsonType.label" : "String" } }, { - "id" : "a155a513-a9b5-43c8-b446-cb3fc211f757", - "name" : "birthdate", + "id" : "77cadc89-4707-48fe-848f-5d6d672e26ef", + "name" : "username", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "introspection.token.claim" : "true", "userinfo.token.claim" : "true", - "user.attribute" : "birthdate", + "user.attribute" : "username", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "birthdate", + "claim.name" : "preferred_username", "jsonType.label" : "String" } }, { - "id" : "6face6d3-deb9-44b5-8e74-d375ec4ef89c", + "id" : "98134c03-fc55-425a-899c-70aab7c8e68f", "name" : "updated at", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", @@ -997,154 +1195,110 @@ "jsonType.label" : "long" } }, { - "id" : "49ecbe04-1ba8-4305-89bf-31bf0606e989", - "name" : "given name", + "id" : "a38fd1a2-8ea5-4cac-a8d3-e6027e284bbd", + "name" : "picture", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "introspection.token.claim" : "true", "userinfo.token.claim" : "true", - "user.attribute" : "firstName", + "user.attribute" : "picture", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "given_name", + "claim.name" : "picture", "jsonType.label" : "String" } }, { - "id" : "ded284d5-9a12-4cc8-9adc-67526b3f48db", - "name" : "nickname", + "id" : "6de44047-1dd5-4121-aa7f-971225130583", + "name" : "zoneinfo", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "introspection.token.claim" : "true", "userinfo.token.claim" : "true", - "user.attribute" : "nickname", + "user.attribute" : "zoneinfo", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "nickname", + "claim.name" : "zoneinfo", "jsonType.label" : "String" } - } ] - }, { - "id" : "2de86c94-93ff-4dbf-ab8e-8cf71cf1ca00", - "name" : "basic", - "description" : "OpenID Connect scope for add all basic claims to the token", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "false", - "display.on.consent.screen" : "false" - }, - "protocolMappers" : [ { - "id" : "077dc5dc-36c7-43d8-81fb-a4ee692c51f8", - "name" : "sub", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-sub-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "access.token.claim" : "true" - } }, { - "id" : "49389342-90eb-43db-ade9-c757f5653b47", - "name" : "auth_time", + "id" : "c84edd3b-1a64-4526-9a29-fa4a0f4207ef", + "name" : "full name", "protocol" : "openid-connect", - "protocolMapper" : "oidc-usersessionmodel-note-mapper", + "protocolMapper" : "oidc-full-name-mapper", "consentRequired" : false, "config" : { - "user.session.note" : "AUTH_TIME", - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", "id.token.claim" : "true", + "introspection.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "auth_time", - "jsonType.label" : "long" + "userinfo.token.claim" : "true" } - } ] - }, { - "id" : "4ce3e7a9-336a-4e0f-8573-627470910b2c", - "name" : "organization", - "description" : "Additional claims about the organization a subject belongs to", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "consent.screen.text" : "${organizationScopeConsentText}", - "display.on.consent.screen" : "true" - }, - "protocolMappers" : [ { - "id" : "6156daf9-a54f-418d-b7ff-7c6aa1ada6c5", - "name" : "organization", + }, { + "id" : "95b0102c-bf0b-4238-a345-9004c78bdc47", + "name" : "nickname", "protocol" : "openid-connect", - "protocolMapper" : "oidc-organization-membership-mapper", + "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "introspection.token.claim" : "true", - "multivalued" : "true", "userinfo.token.claim" : "true", + "user.attribute" : "nickname", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "organization", + "claim.name" : "nickname", "jsonType.label" : "String" } - } ] - }, { - "id" : "73980328-76d8-40a2-b21d-817bcb88b483", - "name" : "service_account", - "description" : "Specific scope for a client enabled for service accounts", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "false", - "display.on.consent.screen" : "false" - }, - "protocolMappers" : [ { - "id" : "8721b3ca-0f14-400c-b927-1f23a476fe0d", - "name" : "Client Host", + }, { + "id" : "760fdd7d-94e4-4369-8fa3-b7b3accba658", + "name" : "website", "protocol" : "openid-connect", - "protocolMapper" : "oidc-usersessionmodel-note-mapper", + "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { - "user.session.note" : "clientHost", "introspection.token.claim" : "true", "userinfo.token.claim" : "true", + "user.attribute" : "website", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "clientHost", + "claim.name" : "website", "jsonType.label" : "String" } }, { - "id" : "7418d7f9-6fe7-42a8-89e2-f0fd0755492e", - "name" : "Client ID", + "id" : "c16c6613-c325-4021-879c-89b0895bfb67", + "name" : "profile", "protocol" : "openid-connect", - "protocolMapper" : "oidc-usersessionmodel-note-mapper", + "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { - "user.session.note" : "client_id", "introspection.token.claim" : "true", "userinfo.token.claim" : "true", + "user.attribute" : "profile", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "client_id", + "claim.name" : "profile", "jsonType.label" : "String" } }, { - "id" : "dd85e14f-eb31-49c8-98b8-734cba900567", - "name" : "Client IP Address", + "id" : "38ed968b-9af3-4576-a5ea-20035d8abe3a", + "name" : "gender", "protocol" : "openid-connect", - "protocolMapper" : "oidc-usersessionmodel-note-mapper", + "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { - "user.session.note" : "clientAddress", "introspection.token.claim" : "true", "userinfo.token.claim" : "true", + "user.attribute" : "gender", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "clientAddress", + "claim.name" : "gender", "jsonType.label" : "String" } } ] }, { - "id" : "904ba7a8-e536-4303-8966-c54883ff5366", + "id" : "a9094039-33db-4539-9339-0fd267d33d0f", "name" : "address", "description" : "OpenID Connect built-in scope: address", "protocol" : "openid-connect", @@ -1154,7 +1308,7 @@ "display.on.consent.screen" : "true" }, "protocolMappers" : [ { - "id" : "676b901f-a947-47f0-8388-2932cea48d7d", + "id" : "37a135bf-4a88-43b6-8088-8316d5610ac3", "name" : "address", "protocol" : "openid-connect", "protocolMapper" : "oidc-address-mapper", @@ -1173,130 +1327,33 @@ } } ] }, { - "id" : "53c3441b-2cf3-4515-971e-1d53edd586df", - "name" : "web-origins", - "description" : "OpenID Connect scope for add allowed web origins to the access token", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "false", - "consent.screen.text" : "", - "display.on.consent.screen" : "false" - }, - "protocolMappers" : [ { - "id" : "e2f617be-d73f-471d-aa90-83a328170cb1", - "name" : "allowed web origins", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-allowed-origins-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "access.token.claim" : "true" - } - } ] - }, { - "id" : "9f74799b-40db-428e-a1cb-7bdc8cb62a28", - "name" : "email", - "description" : "OpenID Connect built-in scope: email", + "id" : "758e1992-5d02-4e79-9069-1d835dd2165e", + "name" : "organization", + "description" : "Additional claims about the organization a subject belongs to", "protocol" : "openid-connect", "attributes" : { "include.in.token.scope" : "true", - "consent.screen.text" : "${emailScopeConsentText}", + "consent.screen.text" : "${organizationScopeConsentText}", "display.on.consent.screen" : "true" }, "protocolMappers" : [ { - "id" : "c32211ad-33a9-41e0-a93b-fdaebdc0e803", - "name" : "email verified", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "emailVerified", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "email_verified", - "jsonType.label" : "boolean" - } - }, { - "id" : "845eb82f-b457-4220-bd15-e5ce4863e660", - "name" : "email", + "id" : "d7c0efe8-551c-4395-b932-f59e7696cf69", + "name" : "organization", "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", + "protocolMapper" : "oidc-organization-membership-mapper", "consentRequired" : false, "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "email", "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "email", - "jsonType.label" : "String" - } - } ] - }, { - "id" : "1a6455a5-43b7-4505-a0c5-7b2580736ebd", - "name" : "roles", - "description" : "OpenID Connect scope for add user roles to the access token", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "false", - "consent.screen.text" : "${rolesScopeConsentText}", - "display.on.consent.screen" : "true" - }, - "protocolMappers" : [ { - "id" : "9016a07c-1e75-4e01-9f39-c30b1ced4e2a", - "name" : "audience resolve", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-audience-resolve-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "access.token.claim" : "true" - } - }, { - "id" : "d3cd61e0-6468-4acf-96ee-7df14feb66bd", - "name" : "realm roles", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-realm-role-mapper", - "consentRequired" : false, - "config" : { - "user.attribute" : "foo", - "introspection.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "realm_access.roles", - "jsonType.label" : "String", - "multivalued" : "true" - } - }, { - "id" : "0e525f5d-6305-46d6-b06b-f5dd2ba76f66", - "name" : "client roles", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-client-role-mapper", - "consentRequired" : false, - "config" : { - "user.attribute" : "foo", "introspection.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "resource_access.${client_id}.roles", + "claim.name" : "organization", "jsonType.label" : "String", "multivalued" : "true" } } ] - }, { - "id" : "1009eac2-7ca2-4e5d-a21f-a2f208734cc7", - "name" : "pgscope", - "description" : "", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "gui.order" : "", - "consent.screen.text" : "PgTest Scope" - } } ], "defaultDefaultClientScopes" : [ "role_list", "saml_organization", "profile", "email", "roles", "web-origins", "acr", "basic" ], - "defaultOptionalClientScopes" : [ "offline_access", "address", "phone", "microprofile-jwt", "organization", "pgscope" ], + "defaultOptionalClientScopes" : [ "offline_access", "address", "phone", "microprofile-jwt", "organization", "pgscope", "pgscope2" ], "browserSecurityHeaders" : { "contentSecurityPolicyReportOnly" : "", "xContentTypeOptions" : "nosniff", @@ -1316,16 +1373,32 @@ "identityProviderMappers" : [ ], "components" : { "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ { - "id" : "e4de3675-9b8e-4253-b765-b61023771c77", + "id" : "52ce14f5-ad7c-4e30-9d76-8782d67fbac1", + "name" : "Allowed Registration Web Origins", + "providerId" : "registration-web-origins", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "92a5541f-cc4a-462f-9f23-0a326e7ba296", + "name" : "Max Clients Limit", + "providerId" : "max-clients", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "max-clients" : [ "200" ] + } + }, { + "id" : "dd13b3c2-eb9c-40d3-9543-e5ad0fb13a47", "name" : "Allowed Protocol Mapper Types", "providerId" : "allowed-protocol-mappers", "subType" : "anonymous", "subComponents" : { }, "config" : { - "allowed-protocol-mapper-types" : [ "oidc-address-mapper", "saml-user-property-mapper", "saml-user-attribute-mapper", "oidc-usermodel-attribute-mapper", "oidc-full-name-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-role-list-mapper", "oidc-usermodel-property-mapper" ] + "allowed-protocol-mapper-types" : [ "oidc-full-name-mapper", "oidc-address-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-attribute-mapper", "saml-user-attribute-mapper", "saml-role-list-mapper", "oidc-usermodel-property-mapper", "saml-user-property-mapper" ] } }, { - "id" : "c3a659a6-47e4-47f0-b773-406f9c09cb7f", + "id" : "ad85d46b-b50c-4288-ae0e-3d6962d222ca", "name" : "Trusted Hosts", "providerId" : "trusted-hosts", "subType" : "anonymous", @@ -1335,39 +1408,30 @@ "client-uris-must-match" : [ "true" ] } }, { - "id" : "64079c95-80df-49bf-bf28-6370f9b88ea4", - "name" : "Full Scope Disabled", - "providerId" : "scope", + "id" : "80683a55-2dea-40bc-b3c3-8eb13d3bb9f3", + "name" : "Consent Required", + "providerId" : "consent-required", "subType" : "anonymous", "subComponents" : { }, "config" : { } }, { - "id" : "00daa7fb-cfdd-4ff2-bfe5-1c10730f5ca7", - "name" : "Max Clients Limit", - "providerId" : "max-clients", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "max-clients" : [ "200" ] - } - }, { - "id" : "5da59b25-d603-4fe5-9dcf-926d42e5068e", + "id" : "75823119-2911-475e-a9c9-71ef9d27da41", "name" : "Allowed Protocol Mapper Types", "providerId" : "allowed-protocol-mappers", "subType" : "authenticated", "subComponents" : { }, "config" : { - "allowed-protocol-mapper-types" : [ "oidc-usermodel-property-mapper", "oidc-address-mapper", "oidc-usermodel-attribute-mapper", "saml-user-attribute-mapper", "saml-user-property-mapper", "oidc-full-name-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-role-list-mapper" ] + "allowed-protocol-mapper-types" : [ "saml-user-property-mapper", "oidc-address-mapper", "saml-user-attribute-mapper", "oidc-full-name-mapper", "saml-role-list-mapper", "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper" ] } }, { - "id" : "6d3df074-15a8-46db-9813-1ad1df703f1e", - "name" : "Consent Required", - "providerId" : "consent-required", - "subType" : "anonymous", + "id" : "5b49cca0-06f4-462a-92e7-787ea8e0d74b", + "name" : "Allowed Registration Web Origins", + "providerId" : "registration-web-origins", + "subType" : "authenticated", "subComponents" : { }, "config" : { } }, { - "id" : "2a4880d6-eef3-4077-9d40-22b87b31d1d3", + "id" : "67359a7c-4406-4720-b27e-0e50e33479f4", "name" : "Allowed Client Scopes", "providerId" : "allowed-client-templates", "subType" : "authenticated", @@ -1376,7 +1440,14 @@ "allow-default-scopes" : [ "true" ] } }, { - "id" : "0b8d8caf-1ed0-4edf-acf7-626870a97d09", + "id" : "70f420c3-acfa-4f7b-a3f5-0fc4734c928a", + "name" : "Full Scope Disabled", + "providerId" : "scope", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "09d10587-f135-4cb7-96cc-6a7d050b2127", "name" : "Allowed Client Scopes", "providerId" : "allowed-client-templates", "subType" : "anonymous", @@ -1386,54 +1457,56 @@ } } ], "org.keycloak.keys.KeyProvider" : [ { - "id" : "83a76a04-43dd-42b3-bcf0-6cc618f363a2", - "name" : "rsa-generated", - "providerId" : "rsa-generated", - "subComponents" : { }, - "config" : { - "privateKey" : [ "MIIEowIBAAKCAQEAurTutsfHt4UQNNcc1z85AP6I1hQZAEp4wGjpYgUw40PjWvZg+/EzW+V4P+Eq3q/fZqHCmYZgKFyTl3jsHCkfw1GZ3NDWlznMLoOFlGB10WDLnDWIQq4pV2SjuDq8UO0zrZgVxG2FXRj30+f65NYXSAILTrfuGO3nIRsMylhkCHclCOcnZzQ+j7fl7+0sULVqi071i4N8uBQ0Rd80RjuD4gYRtmNT0nS5iIbe60XXmQK+VT/GgVWNVBnb7PShAAYe4Ty7V3ItWxlL5J9ws0uSgDoZ6KdD0DO9HsDTx6DieAprLZod3l+O1xzDFeCj4vvPWzxtUbg2tuA7nJ+2QSTamQIDAQABAoIBACgJBisRecTjdo8uFVQejXWmHudw1c+XKH9xv6GyJUKGWyk1LaS4mt+4u+lOuieYJNpYE2diRhpBh7ByUIbVVqdGRyzvZyR0U1EiCLHBYWItVFvBqt9JgznnLagiiCD+TBeMRhahuXg2E2ZQFx+cvM9HCO+vRxH3aZlSuJJnE8QwkbytLfZYxGJzleBomxj1chaVZrtBkoSRgbK5C+p0UES+1ddOjmqnqxPf/NQgPkIWcHVfd6CMQZae6mM0F1yosgkOVgcJPHZ7dCiu5E84+AduZaflU5t1Xt7KGsyConEYIq/d28+YQ44eb0cewkQ9dEzOrh9h/HRD1Jm1+V2RghECgYEA9xlcFQJ9fkmZ+o+NHGa+uVNTguRTtbo7SR+Xonolenj7UII0xEFwBBHkRpTDiWYIyJpCHZniBRjSc7BXfcW/OOELWVJT1BKevIsAG9retaEtrhFaWh1xY95gQ8A5mPGMYGrByS0B5QsL8jvvegZ+A2O69aCwZxjtUoJCBzadTM0CgYEAwW6pSCQ2meMgqgh4e0qX9txce5Xktc+FjcjVEMuXDYa3F7sWgGNY8q4V8u2Bn9vZ6BuT0gmJdm+f7BZi6BUYc4f99Jp5DyC7N75E3f9LctxYPN92PM6YQw+Ail7arEiG05UhGCsku7J9U2aTHyGzsLW1Clp7EkR7MUk+0rxvxP0CgYBuKa4157BPNz0gyhMdUGlDcnTO7ECtymNYDG+sDkzbN0jD8ejYflwUVG2zUeuDPCw6Uxua2to7b3+T+FBpUFoaX6qRnfSlnc+LO2VHBeM4kq0s56uidXHyFlhQnEiReU8eRTo0GI65sJ0Y18PCYVaY6EOX8pXywNg9arlJQf4LGQKBgF3hl8ery9RkqDXeZptwWNE3oqtY1OhpECkAkGjWZznpaHPcGc+2aDVgyMZe/8rWqaw9tkD63/zbsIKlWtvJYVSxbFCLqLXu7O7hKguVHMliqHDjBD//BWeG3pxJ7Vgw2z9V4foY9nsi5jDUWBOEB/J8PqIHyDPViPUi15rwWk8BAoGBAPJeKZDr63RT85dBQf6tOM2qO6Hp2clKQSSEVmOViUzf/cYPoMLh+vrKwIGQ6ptWXOyss+pOlvdgWohssmjMVmhSfeOWFSBIEu+ikYRjeKtk2jwSM2yGKn7uG3DqAxbbduTAlgX5Zwxn3MzcevD516qvuexO5liv7LUew//xFr8z" ], - "certificate" : [ "MIICnTCCAYUCBgGaeA6Q8TANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdwZ3JlYWxtMB4XDTI1MTExMjEyMzE1MVoXDTM1MTExMjEyMzMzMVowEjEQMA4GA1UEAwwHcGdyZWFsbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALq07rbHx7eFEDTXHNc/OQD+iNYUGQBKeMBo6WIFMOND41r2YPvxM1vleD/hKt6v32ahwpmGYChck5d47BwpH8NRmdzQ1pc5zC6DhZRgddFgy5w1iEKuKVdko7g6vFDtM62YFcRthV0Y99Pn+uTWF0gCC0637hjt5yEbDMpYZAh3JQjnJ2c0Po+35e/tLFC1aotO9YuDfLgUNEXfNEY7g+IGEbZjU9J0uYiG3utF15kCvlU/xoFVjVQZ2+z0oQAGHuE8u1dyLVsZS+SfcLNLkoA6GeinQ9AzvR7A08eg4ngKay2aHd5fjtccwxXgo+L7z1s8bVG4NrbgO5yftkEk2pkCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAa/mn9JCn47GV92EskAPWR7enkDY52QsiGGuq+ZA8axHhyNNCROdpyX6WpYda8X0Mxq1uvOu6bBUgbrsulF6EOqUUfQFjAcEMr5dOci5NRz+Q4gEIwvqXkOEkmPBV/2wAlYGZEBCB7aoBPafzu3tQhdQL11c2R+RrfoPNk92gZtDVL9e+5OsQeUK1WsBWwGBkWS6FfdJbedgmwbT/4CwcUBsxmYZ+1nvgzSy0MgmUrb+Bn5+ZGSDoZcnDLgTMJvzjre6Flx/f6DyfdITX5Tmj2MrxoM0iLNyKjEZbyEawuzHjFbBJ2E4cP1OwjPw1GAeK2MjCw+h7E69TTG3G2tz8Ig==" ], - "priority" : [ "100" ] - } - }, { - "id" : "03e1f292-044d-4ca7-b111-a185fbef64f9", + "id" : "4029123e-750e-4a4b-a3ca-55a368cf3f0a", "name" : "rsa-enc-generated", "providerId" : "rsa-enc-generated", "subComponents" : { }, "config" : { - "privateKey" : [ "MIIEowIBAAKCAQEA2Ta6VrO1mvXBqGa0JqulGcqKo4fDkR8iSZqieIQldkp5K8UviuyZkai+CwvIEdnAWxF/UdX4gxoWpRySCyW5pSNJGfpWOpXxxErdLcj5wR3ThVsL/cUXKsnl4jyFX12monH8xC3uMgC05unwt7NNJ2fKTEbPGXcSUcqyPq14agYjheC8Wdd8FHE7tbyEXF+mE9mZoFz92Z1ikoaQgYDOr9XSqn/cozvCT+lQKWUdsbdYRpEiNopSp0KSXekZg/Q7rnP2/t2CdTeI2mA8mbbY2P8dM6sdr6Js8WHiWrAtsZ1FjUez8yDkvNIEy78bJaRAuptsqf7/Z5CWrIsB8L7xSwIDAQABAoIBADrDGPbyp/sTaAAIRM0/WytWhVoHFOuSGiMCX9itmzrcm9ow/pMdPdBPb5YqakYV+/lHCwQXGCNTb/Pb/lBgtM/Nc23BMQmpXd3mCN7lg1dwm7P0dRKCeql7NCMXj1dEzRseLizeZhWF5mqfuBziN0mlRO+MqmMvuLeC1+Sn5i78GYbQ3Q472DYXVGMPHeiO9nsPH60t91eqCtWX4aWK32M+0caiGkmeBDit0cLEx8NJxpU5Hq9FVxZ6JnoCswXaDdb/yeUxn64/IwmsZ6j112qUp6bqAds2hphLf3A7d+ozczJPTYAgjGBiNXZ2h1wd462vu+/xSRCzczyGIv6lvJECgYEA8jUf9k0QA0PSW3c0DfvuYNUiYj87bfSSe3zG+Qar/spNwwmBKq0IrqCFGTnB/ktJoSh/V3cEuxbxu0uF6oFFX/8SLfsYA9jkRi8nV9/++BkzElC4ZCy8XnrZmjGpLEMWSZx9qYgyXqsWO5NDmGuhJEI66nc9iVHzRv17Zv099PsCgYEA5ZU/O+4j/8speJY3EazVwJ0AkkM9aGT0OdWIu9MMITWWMlzzrd9LZu57pnpL3bU64kiTWzp8Xg/tFI05+xnMkj8Zzqkkuu6suL+L14esBJTLyVa2VCjJBaLSw1+7Tk+WBE/DXYQxQv4ufksHneu3Lai0z2Ub91R7i8ttuh03I/ECgYBrhSPULe+O03u9eNRV5OG0gMkLvjA+ppSkVwbpI4oUyG/uxfheHoQ9KSsMwLQalAdykEy/YilqeEwFLgibypkmfU/vs4i8pHrpoSMhAmHodx9R4R2J8sYIVxbkOWl1Ka7qLJsoODrMBb0P41bdgeH9+5y12wspO4T4naw7Uu4/IwKBgQDTFGBaGn5QrRrI+ttQzeaNPAyNbXLlK4R8M/6OKeFKGzmnvlxwrQ9naLaY/nIIOpsT94Q76U71MJFaRupbGoJCp+9zWYIiuFRnW/0XwW5/m8qtp6LlR8Zi/yvmY3sT6gpUln1Z2rNsE8TtatBq+pClUypCUITg5nTct8F/z2KmEQKBgBekc6LJn+lAfMIyraEoL8wgEIjayNdqkThEBrllgXvejMuSn+OC4nRsGtRo4xpUFKmbg/+WpoIrDs5b8au/szJPp6ycVQ1Nk2Vl2piPITYma/xNoy6vOmyLpTy8IH1Db3XxGd+ydkRDvjv0u3V5NWJKDtBpoj02uhRekQzYLtXf" ], - "certificate" : [ "MIICnTCCAYUCBgGaeA6RKzANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdwZ3JlYWxtMB4XDTI1MTExMjEyMzE1MVoXDTM1MTExMjEyMzMzMVowEjEQMA4GA1UEAwwHcGdyZWFsbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANk2ulaztZr1wahmtCarpRnKiqOHw5EfIkmaoniEJXZKeSvFL4rsmZGovgsLyBHZwFsRf1HV+IMaFqUckgsluaUjSRn6VjqV8cRK3S3I+cEd04VbC/3FFyrJ5eI8hV9dpqJx/MQt7jIAtObp8LezTSdnykxGzxl3ElHKsj6teGoGI4XgvFnXfBRxO7W8hFxfphPZmaBc/dmdYpKGkIGAzq/V0qp/3KM7wk/pUCllHbG3WEaRIjaKUqdCkl3pGYP0O65z9v7dgnU3iNpgPJm22Nj/HTOrHa+ibPFh4lqwLbGdRY1Hs/Mg5LzSBMu/GyWkQLqbbKn+/2eQlqyLAfC+8UsCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAqQ2cAiRLqZ7pjfC/ltBylLy3J84jRd0315OjlaN+Rd6Re63D2xFGg2d2t4cOqgvk4heCFJKwDLEmadda/FIUQisCJ88SQAA5nRERUFiYA1ROZaA8lub8HPy67AeVSOoPQOLOgQSvE92GUJ1iyAZzMXqO+WKz9cM2E6N0n3Abbu7/ngdTBRslp5pK4+/ypaQsVYHEN5wTQh852Uj0Q9yvWGXsPSny24ZBnAJqMpmMzHOrqBUou84YmoURn7zt43U4EgOh2EOCzhozi8jnWWenYz4JWdXY7mZcAjdMyMqOTbnVeULebcUiAOsoVmbPcnlwd2f8N2MuJiyaDBf+HcCkaw==" ], + "privateKey" : [ "MIIEowIBAAKCAQEAow0bFgt8B51ZvDjFbrSFfFA93S8oT+XuvvTtduQdWZjv9WUdBQ4SeAHuTDRxdZJ+5lh/VaWbegjLhAat/0VloMTTom9FMZluovpuCRSUbJtRutL5va3PASs4yuL5yiaRff1CJ1qbxnsWvyD2Qy865sZjCAmJTaMB7OAnwciFpNM8d3/I5FlXjSJXIXzWZbdQfikNGW8bXuS277sIwxTAWft9+oIRXgtgkk/EflLg6cAJm+hQSJHMQHENxPb8URrZgOJoWWg2KkGvfq6Zr7oerfIg0wFnZM9w2Qwx6pSHFubpLt2rkJuBiIjzEQbTlOOEje9g0d7o+U/Wwn5XuBux7QIDAQABAoIBACPwJpE0VNEk2HuJE9MzzNw6n3gaBcuehYHnYFO9Mc7my7UN5ViQ4nc7DbgUMxHUCU5iISbSirNaLulZw44pUJ4f4/nAhsLI677WbdxogdJyZZBFIjCxl5fNXAY0AxSQba8UXDlqWj1kMf5MmJr0VQo6nedOmsnW7Py1521p8jMC1gSasykF1w6GUSMfshUt9azTUO0vC2TC/1lykmBfvgofdSzn9P8ErTn25Z7S1tb5QXkAD+TdhuDmlloUt1+jmL+UxxBLtZzBJhs8NbBT408YC18okn9W+ic2Gtd7BFa9KP6quapwdDNRLLL6c/wM08cUCI6Em1dToZWP7jNTmoECgYEA1M348OTEbOmhXtVomOY00401chRkYeyqkFatxfyv1PU3mMFPQqk+y2WFfl5p/HpubCr9xYulxCvMS8k8oR8LZeapD0cK1pQlb3th9lq8XB+jpBibjl5Q1zlH8MVX7yK4/hJP7xNCu04rIJKwPd+dkxtW7iThOhSEMPrOod1E0Q0CgYEAxCXIkAPRPf+VLe9gTRQKVTGV1ztF3xwW4ZjAfZQvP68H7SgYEOrkyYP7bOyGPNrtcKt2JKP6qDZuk261q2ISI3VnwF/QzQykV8EMJcbrFkbcgZkiR0KeQuMpCnGa4UIK8GnhpVvnCdNEx7u51LPJscpcMsJO3zlQaFnMY7BzbGECgYAl25q86EXVhl6x609XXCTrucRXTi9piFvzn6f8f+6b+R/x6fn6xvcn4iC0kYFTbEh2r9NDsItF8fC/Tsadd1Nkxnsu/5l7ARID2jRcSloWHX7UM5iA5GCHWWZl/AWfwlKcyI813fxSLB7aBZ6a80wqHoQBi8gRuBKoUAYwn5edhQKBgQCTBMb5uwLA96r3TS7fVyAPjyUCuDi87C7yVS4ickmf8C9+wMiZFZb6vGRd1kMfpfDGvJ3HBOnB31quQxMELHPwA/YKKUc2Cj28UMQsJJbckayBrygURYieFeoTG+e842WToakx6lqX8LTjCIBXP5L0IftNSHsZsbnlHTmnlwBMwQKBgHGg7q3EEjSkQTDYndYuknbBWDNUoRlvn8sqhFPYGKQhR8Yl9Zey7qmoeRNV8dWxTLdv/NZ8si3YdK8R+Gjd/ay65/nj1wi+SSbNru8M4z3+UMQQ6zSr8VMg8eygR8SJppOoHECEtmIo7XHmeQK4ZRcHguhoUhyCqflE5K/GyMrW" ], + "keyUse" : [ "ENC" ], + "certificate" : [ "MIICnTCCAYUCBgGcliqe2DANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdwZ3JlYWxtMB4XDTI2MDIyNTE4NTY0MVoXDTM2MDIyNTE4NTgyMVowEjEQMA4GA1UEAwwHcGdyZWFsbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMNGxYLfAedWbw4xW60hXxQPd0vKE/l7r707XbkHVmY7/VlHQUOEngB7kw0cXWSfuZYf1Wlm3oIy4QGrf9FZaDE06JvRTGZbqL6bgkUlGybUbrS+b2tzwErOMri+comkX39Qidam8Z7Fr8g9kMvOubGYwgJiU2jAezgJ8HIhaTTPHd/yORZV40iVyF81mW3UH4pDRlvG17ktu+7CMMUwFn7ffqCEV4LYJJPxH5S4OnACZvoUEiRzEBxDcT2/FEa2YDiaFloNipBr36uma+6Hq3yINMBZ2TPcNkMMeqUhxbm6S7dq5CbgYiI8xEG05TjhI3vYNHe6PlP1sJ+V7gbse0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEASk/LCf0KLcWtTI2jEZkEC8Y9pNXh+a0ux1/ZBhK4WNbs2FznpCgtmmDkPkNlzbbl4KxhyaEXtWELXSAFyUMvqHbWSDWLIbzPseoyk7zqz7piZqQ1Ztdow13xu4DRtlP9NpAo2KM3aDqyD5hmHeUR+RJ04tXW4ji0e11H+Kpspy/G3P2iQVgAhNmCxwHpwrDEcL2NdSs0wJgsbTexwDXCz10UZYWerL0YZWzT/ZGI8furA/CSDTWBzl0XLy/7nqr0XLhuxefacsQpabQDFyV+Mu3x1+n0SCAi/cbarl0PHmfVBUaHwl+He2znPX+Ccayul3wmjMg1U5JXlT2P8bkHBQ==" ], "priority" : [ "100" ], "algorithm" : [ "RSA-OAEP" ] } }, { - "id" : "ee0fac60-e115-4b93-9acb-5b0f9071fdf0", - "name" : "hmac-generated-hs512", - "providerId" : "hmac-generated", + "id" : "ca519c23-d873-4062-862c-53065271ae9f", + "name" : "aes-generated", + "providerId" : "aes-generated", "subComponents" : { }, "config" : { - "kid" : [ "07ba0877-0765-492d-ac8c-12ae3d906b31" ], - "secret" : [ "gt5B-XEnnScTWxxWgkXTJWv7s7nov8BgpV5uLTNsSnXntd07P40fT_Wt50WZdaEj_Q949e9voOUhcA-8Na3bo26j9P9HaWOf0x_imXwwP9GY650pDxPPyo29I1NS-sjH0fHIDgYzDNy3kJDIb6tkuDsKZ5DlQ6Hhmj8vK7DBNRc" ], - "priority" : [ "100" ], - "algorithm" : [ "HS512" ] + "kid" : [ "f86530a8-7f15-40e5-b4aa-dd4648aeb07c" ], + "secret" : [ "FmnmLIvhXqJ9GU71K6ulVA" ], + "priority" : [ "100" ] } }, { - "id" : "37e3bb94-4c3d-4b0f-aa6f-fb288265ae95", - "name" : "aes-generated", - "providerId" : "aes-generated", + "id" : "b2b944b3-0120-4960-b799-080914b9f5de", + "name" : "rsa-generated", + "providerId" : "rsa-generated", "subComponents" : { }, "config" : { - "kid" : [ "4f855448-4c80-43a6-9a63-1309bffa0e67" ], - "secret" : [ "0KQ-M1O-tcpkQBh-OV10mQ" ], + "privateKey" : [ "MIIEowIBAAKCAQEA2ASB4A5GEbOjpwR+1iJu/HlDVJ+1yTVD5Yt52H//5eJd7noTS9OYf2L7X0HdNr+a1Rt13YRjgZLy081epwSkmOqk0Iqo+r/8IKJuX9lu6aaATu6AFhulePjWFOZwHdaeYtiKUwTF2hTgSPMeSnuLwpJeHEHfjC0m3J8haP5jD+nJY1ZNtNahWKXq/1JxdUVET85v2mvFSANEd8L5Pje1wvMcac3dZxgfYWvG/z0XpKRl7VPCTtdYr4OJDT8VSx0PXf/qGoka8B/BFhsoQXiykj2N0RJSbZpOcmr3dKovWm122UfKLCj61+4voy/Oe19mbCg701+FhpKuyDtONq/YJwIDAQABAoIBABnthJHaNL0oL32QU7xWWrWcGnbxn9X8OjThkP4+8tNACzU2BX3lnQQL4zm+Q+kv20uL5bxGXn6CyaRJc1HJrrXvUq6jOKq22Md+p4/X9HDqprOSpeDBcGg85Hk9ZXn3X4BkFvTlpEJ2R1YKNE8NVYDvpN3FvFQXZqGMH2xPkvVUSksZ4p7wA2lkCl9qnDaWBgU6U9yY7pqxiRA8P9pNZnuMiNFKi13Lc9glOZbfCqw3KN4nOptM6rij64toZeLG5rsI8omLH3/oDIbr2s74mkBuOoIZP6GlEMi1wWIPGTRsZEpko8MAQAogbi7cUIjjSsvQXsTfL/arkYVO1KHGfkECgYEA9AQsVzvKnF0ckZp2+QwCKRgcuPag6Q/WIor0yoitP29a8dwi4xp/oQMnH4rdSfqlIWeO1WCr94Tb4lsULoRunZpwLwMvCxg3rP3Z7sYfX4YGqBM4PyO9xiTN3oOT9TedSQ3+TL//bNh5VRWy8DPG48GOa327wrhDR96o9ZTdP0ECgYEA4qBUDqX1lySMq8a1STyvUCjAGgA80D6SeRTBHlDfZ5+fgmQeWRs8sSwe0EXlgV8bY4b2/fotdjGi8UWQL72PRD3igVjJvJrGkhuYLQG3i04ctkUzhYzTef8Q/Za47KhmSeBHzxEG0rE+Byf+GalIlKj32+8l1018xKZbICzHJWcCgYEArazOtmPbCEGJVOSgqw9t9juwLcFzs43O9hT6t7BhxpWGIEBzIDq6/imVTfDzIXVg1I61bY95thj8u3Xhvl4JsOi70eotMHNTJTAkTbr7l2x4DmZnkSDqMD3/vNDfnRexPc7U4WGB9cF5UiK4khf4BiC8MityWNv3Hw8OKISEmEECgYBy3TJdjk5RAgxukDOYYDK3XUAorZAlOGHDDvrm47Sn7+bIDvi2zzBO2H7xr0uo68yVAHY1ulTKgFQHF+wB1oFD5F3mk1sExin5KhVSUnl2GOxCkgaQHRWe0uIIthkakivuK8gZspaTuZQnymRnGz8XYiDmj2rNmo+vmGW9hBSX5wKBgFwomsnvDjmqLVT/ZJUhmozTfmVSmqgMXVDp/Lrh4F8f1ABxDmxcj2cwsemRnMwP0nM92F37WApCY3uRqJ0NJSugeOmgGEZUIs3/h/Pxzt8ZkJzuDGYB51B/+Y/ROkmoHSEsAs+CqfZIWNuIL98M2Aa3oOWs71UnTQ9YTYE4jwiC" ], + "keyUse" : [ "SIG" ], + "certificate" : [ "MIICnTCCAYUCBgGcliqd4DANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdwZ3JlYWxtMB4XDTI2MDIyNTE4NTY0MVoXDTM2MDIyNTE4NTgyMVowEjEQMA4GA1UEAwwHcGdyZWFsbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANgEgeAORhGzo6cEftYibvx5Q1Sftck1Q+WLedh//+XiXe56E0vTmH9i+19B3Ta/mtUbdd2EY4GS8tPNXqcEpJjqpNCKqPq//CCibl/ZbummgE7ugBYbpXj41hTmcB3WnmLYilMExdoU4EjzHkp7i8KSXhxB34wtJtyfIWj+Yw/pyWNWTbTWoVil6v9ScXVFRE/Ob9prxUgDRHfC+T43tcLzHGnN3WcYH2Frxv89F6SkZe1Twk7XWK+DiQ0/FUsdD13/6hqJGvAfwRYbKEF4spI9jdESUm2aTnJq93SqL1ptdtlHyiwo+tfuL6MvzntfZmwoO9NfhYaSrsg7Tjav2CcCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAEQ2ERxlenMLkDKe1Su5ED5Nd2w+3WqtPKJ4eu1448Q83MRwz86u+zCM+HzdQAJb1OlP3JCCZYaSIpmROcVNcq7UpYqCtlNC2CMKLC7dzIsdtLcwL5PbofuU8YpiJpWYSvdR+A5kCV2kxlKcW59W1qDTljsXNXm2iplRitJ9pNnzW9BXfLdmn3M4noeXIhTO4Nx6B/NnUAbl7Qxa7BX8aC6jf+9xSdN6SVfeNbae50+xn3opuczSuwe/rUKHhjS7uzgShePwciQFUlF1CYfMLvRFnt8LR6HdxjzSfttBCeT2wyXgpDf4KKBwTsMPfKAlk4neWmdaMAfBdXcBRMtWjYg==" ], "priority" : [ "100" ] } + }, { + "id" : "d7e9112a-5337-44fe-8994-adafbb099bc5", + "name" : "hmac-generated-hs512", + "providerId" : "hmac-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "d7a51cbe-8043-4f90-806b-9c31fa63ea24" ], + "secret" : [ "q-HyDE1ZZP-b3fsiB9BVYQ9kuoCATXfIF35sAklXsc-GkBBFiq2Ltmc5ernSYUmvIq_P-v81DAPALXG3GgiVVB-nIteNI2Wrc4C8LCiiBWbBn-_osTPajrly287ynpQub0OOvWlAPE1x3J9eHLFnVLl1ykuton6K-qaHrJMv_Bo" ], + "priority" : [ "100" ], + "algorithm" : [ "HS512" ] + } } ] }, "internationalizationEnabled" : false, "authenticationFlows" : [ { - "id" : "5ecad7a3-cde6-4e1d-941f-f708782ed918", + "id" : "abd8f129-7969-45a9-8ee3-0d99c62799a7", "alias" : "Account verification options", - "description" : "Method with which to verity the existing account", + "description" : "Method with which to verify the existing account", "providerId" : "basic-flow", "topLevel" : false, "builtIn" : true, @@ -1453,7 +1526,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "c60b5841-c0ce-4553-90ac-c1be0baab937", + "id" : "86d224c4-a482-45f5-b755-70f12b8d825b", "alias" : "Browser - Conditional 2FA", "description" : "Flow to determine if any 2FA is required for the authentication", "providerId" : "basic-flow", @@ -1497,7 +1570,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "0b5fb73f-9858-4499-a25b-9eed7b716274", + "id" : "4f2b64f0-aec1-45c6-8f01-0a1512cde574", "alias" : "Browser - Conditional Organization", "description" : "Flow to determine if the organization identity-first login is to be used", "providerId" : "basic-flow", @@ -1519,7 +1592,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "f57f282a-8f22-4698-9ab6-6f6469789dff", + "id" : "b81c80af-ec0e-4e43-9c30-d6623f85ba0a", "alias" : "Direct Grant - Conditional OTP", "description" : "Flow to determine if the OTP is required for the authentication", "providerId" : "basic-flow", @@ -1541,7 +1614,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "e39dba82-6cbe-49dc-b4fa-617cb069ae3b", + "id" : "0583fa21-07e3-42db-a9fa-29769b410dc0", "alias" : "First Broker Login - Conditional Organization", "description" : "Flow to determine if the authenticator that adds organization members is to be used", "providerId" : "basic-flow", @@ -1563,7 +1636,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "260935b1-5bf6-4b9c-baa1-9ca7c6664d50", + "id" : "a7f19b21-0f44-49d4-aef8-57d3a3f9e8bd", "alias" : "First broker login - Conditional 2FA", "description" : "Flow to determine if any 2FA is required for the authentication", "providerId" : "basic-flow", @@ -1607,7 +1680,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "2032f044-8bf3-4c63-92e8-edcd3a2a0b70", + "id" : "9de5a90c-a32a-43ec-8fd9-aa5ca3e661c0", "alias" : "Handle Existing Account", "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", "providerId" : "basic-flow", @@ -1629,7 +1702,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "8d7bf98d-8e39-4369-89d6-a94519fff242", + "id" : "52bfdf29-881c-4c25-b873-b1e6c402a7cf", "alias" : "Organization", "providerId" : "basic-flow", "topLevel" : false, @@ -1643,7 +1716,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "e75b3623-a95e-46ba-8b48-e4e986e56f8b", + "id" : "c92f79a1-67ff-48f1-92c1-e83ed118bc6f", "alias" : "Reset - Conditional OTP", "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", "providerId" : "basic-flow", @@ -1665,7 +1738,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "1b4a95e2-9e47-424c-92da-99df0991d134", + "id" : "f1bb4595-0762-4b60-a2fd-0c43c235b4d7", "alias" : "User creation or linking", "description" : "Flow for the existing/non-existing user alternatives", "providerId" : "basic-flow", @@ -1688,7 +1761,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "ed5a25de-890c-4c27-9660-eaa5d412de6b", + "id" : "1a7ec15e-0298-426e-80b8-6984be1996ef", "alias" : "Verify Existing Account by Re-authentication", "description" : "Reauthentication of existing account", "providerId" : "basic-flow", @@ -1710,7 +1783,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "1c684a4e-5b4b-45fa-94ac-4dbc00bfdca9", + "id" : "59b3ee0c-4bf4-4708-a4de-aa8a18bfd216", "alias" : "browser", "description" : "Browser based authentication", "providerId" : "basic-flow", @@ -1753,7 +1826,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "5eb33a68-8367-4341-ab26-a5a3bcd502d5", + "id" : "d5572c36-d3f1-4fd1-b1e2-51e56b70d537", "alias" : "clients", "description" : "Base authentication for clients", "providerId" : "client-flow", @@ -1789,7 +1862,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "4fd033ba-87b1-4666-a2d0-e6c0dc1785e4", + "id" : "1ec1d615-8b3b-4eda-bff7-b6ff844c5d39", "alias" : "direct grant", "description" : "OpenID Connect Resource Owner Grant", "providerId" : "basic-flow", @@ -1818,7 +1891,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "af495aa6-1ffd-4fd7-b74b-76dacc819202", + "id" : "d9ceb645-d84d-4eda-9f74-53f0aadf4b36", "alias" : "docker auth", "description" : "Used by Docker clients to authenticate against the IDP", "providerId" : "basic-flow", @@ -1833,7 +1906,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "8c25766b-461b-4ca6-83a5-9e6896813dc5", + "id" : "60a2bb4c-5da4-4b81-83a8-e4e4c391ac56", "alias" : "first broker login", "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", "providerId" : "basic-flow", @@ -1863,7 +1936,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "9c61ae2a-07f9-47c8-9bf1-ebdb2d4b6c22", + "id" : "01b43efb-f3f6-46e3-8254-9860603e2ca1", "alias" : "forms", "description" : "Username, password, otp and other auth forms.", "providerId" : "basic-flow", @@ -1885,7 +1958,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "5d3f9a06-a748-43ea-9e0f-0b7900e40436", + "id" : "062ab2b2-f1ec-4b80-8c25-12c05e060025", "alias" : "registration", "description" : "Registration flow", "providerId" : "basic-flow", @@ -1901,7 +1974,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "2a0ebcef-c988-46d3-9210-23042d5e4b75", + "id" : "ed745ccd-1ee9-471e-80f0-1fc9a16aa982", "alias" : "registration form", "description" : "Registration form", "providerId" : "form-flow", @@ -1937,7 +2010,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "c275fa8c-9526-4321-a1bb-0f1da66414f8", + "id" : "5f240ba2-550e-45c4-b40b-42034a50d9ce", "alias" : "reset credentials", "description" : "Reset credentials for a user if they forgot their password or something", "providerId" : "basic-flow", @@ -1973,7 +2046,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "081e7047-0e24-4e38-b829-451560845be4", + "id" : "5ec87f42-6fed-4b45-97b7-80fd6919d3bc", "alias" : "saml ecp", "description" : "SAML ECP Profile Authentication Flow", "providerId" : "basic-flow", @@ -1989,25 +2062,25 @@ } ] } ], "authenticatorConfig" : [ { - "id" : "40e4486a-182f-4fe5-b983-a3fc7c4a679e", + "id" : "b0979bfa-5fd1-4b2e-8e25-0fcc11b2083f", "alias" : "browser-conditional-credential", "config" : { "credentials" : "webauthn-passwordless" } }, { - "id" : "db30be12-95c7-43b0-966f-267d8db86370", + "id" : "a15d07f5-aa41-4f6c-b8fc-d01b5bb8d0e4", "alias" : "create unique user config", "config" : { "require.password.update.after.registration" : "false" } }, { - "id" : "1402a975-9fbb-40f3-a38e-ebd665c2ef9d", + "id" : "e7e3823f-9888-4913-a149-b8b3d8734896", "alias" : "first-broker-login-conditional-credential", "config" : { "credentials" : "webauthn-passwordless" } }, { - "id" : "84f0bd2c-8a4a-4f4f-81d3-d4a0edad7f2a", + "id" : "91a7869e-2031-4fd4-9fb2-040d64c1f5a6", "alias" : "review profile config", "config" : { "update.profile.on.first.login" : "missing" @@ -2138,16 +2211,12 @@ "cibaExpiresIn" : "120", "cibaAuthRequestedUserHint" : "login_hint", "oauth2DeviceCodeLifespan" : "600", - "clientOfflineSessionMaxLifespan" : "0", "oauth2DevicePollingInterval" : "5", - "clientSessionIdleTimeout" : "0", "parRequestUriLifespan" : "60", - "clientSessionMaxLifespan" : "0", - "clientOfflineSessionIdleTimeout" : "0", "cibaInterval" : "5", "realmReusableOtpCode" : "false" }, - "keycloakVersion" : "26.4.2", + "keycloakVersion" : "26.5.3", "userManagedAccessAllowed" : false, "organizationsEnabled" : false, "verifiableCredentialsEnabled" : false, diff --git a/test/import/wrongrealm.json b/test/import/wrongrealm.json new file mode 100644 index 0000000..df6df38 --- /dev/null +++ b/test/import/wrongrealm.json @@ -0,0 +1,2230 @@ +{ + "id" : "51b7b8a4-2b45-4aa7-af4d-2584f818f661", + "realm" : "wrongrealm", + "notBefore" : 0, + "defaultSignatureAlgorithm" : "RS256", + "revokeRefreshToken" : false, + "refreshTokenMaxReuse" : 0, + "accessTokenLifespan" : 300, + "accessTokenLifespanForImplicitFlow" : 900, + "ssoSessionIdleTimeout" : 1800, + "ssoSessionMaxLifespan" : 36000, + "ssoSessionIdleTimeoutRememberMe" : 0, + "ssoSessionMaxLifespanRememberMe" : 0, + "offlineSessionIdleTimeout" : 2592000, + "offlineSessionMaxLifespanEnabled" : false, + "offlineSessionMaxLifespan" : 5184000, + "clientSessionIdleTimeout" : 0, + "clientSessionMaxLifespan" : 0, + "clientOfflineSessionIdleTimeout" : 0, + "clientOfflineSessionMaxLifespan" : 0, + "accessCodeLifespan" : 60, + "accessCodeLifespanUserAction" : 300, + "accessCodeLifespanLogin" : 1800, + "actionTokenGeneratedByAdminLifespan" : 43200, + "actionTokenGeneratedByUserLifespan" : 300, + "oauth2DeviceCodeLifespan" : 600, + "oauth2DevicePollingInterval" : 5, + "enabled" : true, + "sslRequired" : "external", + "registrationAllowed" : false, + "registrationEmailAsUsername" : false, + "rememberMe" : false, + "verifyEmail" : false, + "loginWithEmailAllowed" : true, + "duplicateEmailsAllowed" : false, + "resetPasswordAllowed" : false, + "editUsernameAllowed" : false, + "bruteForceProtected" : false, + "permanentLockout" : false, + "maxTemporaryLockouts" : 0, + "bruteForceStrategy" : "MULTIPLE", + "maxFailureWaitSeconds" : 900, + "minimumQuickLoginWaitSeconds" : 60, + "waitIncrementSeconds" : 60, + "quickLoginCheckMilliSeconds" : 1000, + "maxDeltaTimeSeconds" : 43200, + "failureFactor" : 30, + "roles" : { + "realm" : [ { + "id" : "1eb9e896-3889-4a0d-86d4-60c0e4dc1589", + "name" : "default-roles-wrongrealm", + "description" : "${role_default-roles}", + "composite" : true, + "composites" : { + "realm" : [ "offline_access", "uma_authorization" ], + "client" : { + "account" : [ "manage-account", "view-profile" ] + } + }, + "clientRole" : false, + "containerId" : "51b7b8a4-2b45-4aa7-af4d-2584f818f661", + "attributes" : { } + }, { + "id" : "ce599e4d-6dea-49f0-9e4b-f0ed367cc508", + "name" : "offline_access", + "description" : "${role_offline-access}", + "composite" : false, + "clientRole" : false, + "containerId" : "51b7b8a4-2b45-4aa7-af4d-2584f818f661", + "attributes" : { } + }, { + "id" : "7481a0da-3a23-49a4-b4f6-ebbbdb975b84", + "name" : "uma_authorization", + "description" : "${role_uma_authorization}", + "composite" : false, + "clientRole" : false, + "containerId" : "51b7b8a4-2b45-4aa7-af4d-2584f818f661", + "attributes" : { } + }, { + "id" : "59ebaf01-ab22-4c87-a27e-052ef71d2a2e", + "name" : "pgrole", + "composite" : false, + "clientRole" : false, + "containerId" : "51b7b8a4-2b45-4aa7-af4d-2584f818f661", + "attributes" : { } + } ], + "client" : { + "realm-management" : [ { + "id" : "b7f6d7aa-25cf-4c43-b88c-59969a9689be", + "name" : "view-users", + "description" : "${role_view-users}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "query-groups", "query-users" ] + } + }, + "clientRole" : true, + "containerId" : "54440a52-5b91-43b7-9b04-99f64bfefb8c", + "attributes" : { } + }, { + "id" : "1a013e2e-6bd7-4c8f-b01c-392807b78653", + "name" : "impersonation", + "description" : "${role_impersonation}", + "composite" : false, + "clientRole" : true, + "containerId" : "54440a52-5b91-43b7-9b04-99f64bfefb8c", + "attributes" : { } + }, { + "id" : "9b00e60c-f0eb-49c9-be02-a61ec0b14451", + "name" : "view-clients", + "description" : "${role_view-clients}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "query-clients" ] + } + }, + "clientRole" : true, + "containerId" : "54440a52-5b91-43b7-9b04-99f64bfefb8c", + "attributes" : { } + }, { + "id" : "4f24a612-e6a7-4ead-ab85-8c73d39d417e", + "name" : "manage-realm", + "description" : "${role_manage-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "54440a52-5b91-43b7-9b04-99f64bfefb8c", + "attributes" : { } + }, { + "id" : "51ea5f7a-4a25-4153-af2a-0792d3ba2c8b", + "name" : "query-clients", + "description" : "${role_query-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "54440a52-5b91-43b7-9b04-99f64bfefb8c", + "attributes" : { } + }, { + "id" : "c58ca465-3d56-48d2-beb3-b947e5c0ac4a", + "name" : "view-events", + "description" : "${role_view-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "54440a52-5b91-43b7-9b04-99f64bfefb8c", + "attributes" : { } + }, { + "id" : "f38e817a-dfcc-4756-97b4-a7b184817042", + "name" : "manage-identity-providers", + "description" : "${role_manage-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "54440a52-5b91-43b7-9b04-99f64bfefb8c", + "attributes" : { } + }, { + "id" : "c94d5093-e3b3-42e1-bfe7-f446ef412399", + "name" : "create-client", + "description" : "${role_create-client}", + "composite" : false, + "clientRole" : true, + "containerId" : "54440a52-5b91-43b7-9b04-99f64bfefb8c", + "attributes" : { } + }, { + "id" : "51351f83-905a-4187-bf47-cbeb7deebbdc", + "name" : "manage-events", + "description" : "${role_manage-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "54440a52-5b91-43b7-9b04-99f64bfefb8c", + "attributes" : { } + }, { + "id" : "9f1ac9f8-06c4-4369-be0b-cd30fe665cea", + "name" : "manage-users", + "description" : "${role_manage-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "54440a52-5b91-43b7-9b04-99f64bfefb8c", + "attributes" : { } + }, { + "id" : "a4a99baf-56db-4483-b887-df6df953e26e", + "name" : "view-realm", + "description" : "${role_view-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "54440a52-5b91-43b7-9b04-99f64bfefb8c", + "attributes" : { } + }, { + "id" : "73578d0e-7cd3-48eb-b692-fd25c8ac4261", + "name" : "manage-authorization", + "description" : "${role_manage-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "54440a52-5b91-43b7-9b04-99f64bfefb8c", + "attributes" : { } + }, { + "id" : "5d57ea72-4387-4fd9-8d06-96a6fc2c5bc9", + "name" : "query-users", + "description" : "${role_query-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "54440a52-5b91-43b7-9b04-99f64bfefb8c", + "attributes" : { } + }, { + "id" : "37ad0949-f46c-41e5-be9c-bd30bb1ca26b", + "name" : "manage-clients", + "description" : "${role_manage-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "54440a52-5b91-43b7-9b04-99f64bfefb8c", + "attributes" : { } + }, { + "id" : "46ee8cc9-eb94-4b13-9614-6700064f96c6", + "name" : "query-groups", + "description" : "${role_query-groups}", + "composite" : false, + "clientRole" : true, + "containerId" : "54440a52-5b91-43b7-9b04-99f64bfefb8c", + "attributes" : { } + }, { + "id" : "9d4d41d2-1ce2-4e4b-8e8d-9239506b3f9c", + "name" : "view-identity-providers", + "description" : "${role_view-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "54440a52-5b91-43b7-9b04-99f64bfefb8c", + "attributes" : { } + }, { + "id" : "098395ae-fcb4-48a8-82c9-5e9d9f6ce20b", + "name" : "view-authorization", + "description" : "${role_view-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "54440a52-5b91-43b7-9b04-99f64bfefb8c", + "attributes" : { } + }, { + "id" : "d3719344-eb0a-4118-ad04-a3de454a812f", + "name" : "realm-admin", + "description" : "${role_realm-admin}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "view-users", "impersonation", "view-clients", "manage-realm", "query-clients", "view-events", "manage-identity-providers", "manage-events", "manage-users", "view-realm", "create-client", "query-users", "manage-authorization", "manage-clients", "query-groups", "view-identity-providers", "view-authorization", "query-realms" ] + } + }, + "clientRole" : true, + "containerId" : "54440a52-5b91-43b7-9b04-99f64bfefb8c", + "attributes" : { } + }, { + "id" : "5475f425-68c9-4c73-a156-b1a7f387c13f", + "name" : "query-realms", + "description" : "${role_query-realms}", + "composite" : false, + "clientRole" : true, + "containerId" : "54440a52-5b91-43b7-9b04-99f64bfefb8c", + "attributes" : { } + } ], + "pgtest2" : [ ], + "security-admin-console" : [ ], + "admin-cli" : [ ], + "pgtest" : [ ], + "account-console" : [ ], + "broker" : [ { + "id" : "99702545-8d93-4476-a366-6286d609435c", + "name" : "read-token", + "description" : "${role_read-token}", + "composite" : false, + "clientRole" : true, + "containerId" : "5c9ec777-6ac6-47cf-8f32-4cc0ed81b9f9", + "attributes" : { } + } ], + "account" : [ { + "id" : "68a8b77d-9ee6-4f51-937b-b69d01e1f830", + "name" : "view-consent", + "description" : "${role_view-consent}", + "composite" : false, + "clientRole" : true, + "containerId" : "52984308-8706-4415-b42e-587778ae958f", + "attributes" : { } + }, { + "id" : "0faa99b2-dd43-41d6-92b8-22b8b3684e12", + "name" : "delete-account", + "description" : "${role_delete-account}", + "composite" : false, + "clientRole" : true, + "containerId" : "52984308-8706-4415-b42e-587778ae958f", + "attributes" : { } + }, { + "id" : "3b78b53a-a0bd-41ce-b31a-c6eca7fab7d0", + "name" : "view-groups", + "description" : "${role_view-groups}", + "composite" : false, + "clientRole" : true, + "containerId" : "52984308-8706-4415-b42e-587778ae958f", + "attributes" : { } + }, { + "id" : "2f41177a-614e-461a-bd2f-43a7157b7ea7", + "name" : "view-applications", + "description" : "${role_view-applications}", + "composite" : false, + "clientRole" : true, + "containerId" : "52984308-8706-4415-b42e-587778ae958f", + "attributes" : { } + }, { + "id" : "2ec98030-23e8-4c23-8681-ee483ce44d14", + "name" : "manage-consent", + "description" : "${role_manage-consent}", + "composite" : true, + "composites" : { + "client" : { + "account" : [ "view-consent" ] + } + }, + "clientRole" : true, + "containerId" : "52984308-8706-4415-b42e-587778ae958f", + "attributes" : { } + }, { + "id" : "f3a97b4e-3d79-4f61-a960-2d63ccc9c03a", + "name" : "manage-account", + "description" : "${role_manage-account}", + "composite" : true, + "composites" : { + "client" : { + "account" : [ "manage-account-links" ] + } + }, + "clientRole" : true, + "containerId" : "52984308-8706-4415-b42e-587778ae958f", + "attributes" : { } + }, { + "id" : "4b22244b-ea6d-4cad-9b07-f24336fba44b", + "name" : "manage-account-links", + "description" : "${role_manage-account-links}", + "composite" : false, + "clientRole" : true, + "containerId" : "52984308-8706-4415-b42e-587778ae958f", + "attributes" : { } + }, { + "id" : "b2cc653d-c135-46af-92d2-a34af648c3d8", + "name" : "view-profile", + "description" : "${role_view-profile}", + "composite" : false, + "clientRole" : true, + "containerId" : "52984308-8706-4415-b42e-587778ae958f", + "attributes" : { } + } ] + } + }, + "groups" : [ ], + "defaultRole" : { + "id" : "1eb9e896-3889-4a0d-86d4-60c0e4dc1589", + "name" : "default-roles-wrongrealm", + "description" : "${role_default-roles}", + "composite" : true, + "clientRole" : false, + "containerId" : "51b7b8a4-2b45-4aa7-af4d-2584f818f661" + }, + "requiredCredentials" : [ "password" ], + "otpPolicyType" : "totp", + "otpPolicyAlgorithm" : "HmacSHA1", + "otpPolicyInitialCounter" : 0, + "otpPolicyDigits" : 6, + "otpPolicyLookAheadWindow" : 1, + "otpPolicyPeriod" : 30, + "otpPolicyCodeReusable" : false, + "otpSupportedApplications" : [ "totpAppFreeOTPName", "totpAppGoogleName", "totpAppMicrosoftAuthenticatorName" ], + "localizationTexts" : { }, + "webAuthnPolicyRpEntityName" : "keycloak", + "webAuthnPolicySignatureAlgorithms" : [ "ES256", "RS256" ], + "webAuthnPolicyRpId" : "", + "webAuthnPolicyAttestationConveyancePreference" : "not specified", + "webAuthnPolicyAuthenticatorAttachment" : "not specified", + "webAuthnPolicyRequireResidentKey" : "not specified", + "webAuthnPolicyUserVerificationRequirement" : "not specified", + "webAuthnPolicyCreateTimeout" : 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyAcceptableAaguids" : [ ], + "webAuthnPolicyExtraOrigins" : [ ], + "webAuthnPolicyPasswordlessRpEntityName" : "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256", "RS256" ], + "webAuthnPolicyPasswordlessRpId" : "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey" : "Yes", + "webAuthnPolicyPasswordlessUserVerificationRequirement" : "required", + "webAuthnPolicyPasswordlessCreateTimeout" : 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ], + "webAuthnPolicyPasswordlessExtraOrigins" : [ ], + "users" : [ { + "id" : "b78a8b46-23cb-43ba-bfd0-bbd604fa102d", + "username" : "testuser", + "firstName" : "Pg", + "lastName" : "User", + "email" : "testuser@example.com", + "emailVerified" : true, + "enabled" : true, + "createdTimestamp" : 1772045926267, + "totp" : false, + "credentials" : [ { + "id" : "5361b7e5-8339-4159-9d34-87e3e9f871d4", + "type" : "password", + "createdDate" : 1772045927165, + "secretData" : "{\"value\":\"B1gd6HuP6+dywfsjDviuqVSGDIpGj0oALWHK+EU5z1w=\",\"salt\":\"TlcGZXUyveHz/Qsa6Ub/tw==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":5,\"algorithm\":\"argon2\",\"additionalParameters\":{\"hashLength\":[\"32\"],\"memory\":[\"7168\"],\"type\":[\"id\"],\"version\":[\"1.3\"],\"parallelism\":[\"1\"]}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-wrongrealm" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "eaa8cd24-3033-4a29-96ec-a1ea4e345366", + "username" : "testuser2", + "firstName" : "Pg", + "lastName" : "User", + "email" : "testuser2@example.com", + "emailVerified" : true, + "enabled" : true, + "createdTimestamp" : 1772045928019, + "totp" : false, + "credentials" : [ { + "id" : "4b2d4d53-b3f7-4c39-b4b1-a2fc14907549", + "type" : "password", + "createdDate" : 1772045928915, + "secretData" : "{\"value\":\"rz0LRwKnKteTmsi4GPuNO9kUGhKkNUKPycwMDK4XdSU=\",\"salt\":\"+CrIY7ny8Px/SoGU/Bor7w==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":5,\"algorithm\":\"argon2\",\"additionalParameters\":{\"hashLength\":[\"32\"],\"memory\":[\"7168\"],\"type\":[\"id\"],\"version\":[\"1.3\"],\"parallelism\":[\"1\"]}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-wrongrealm", "pgrole" ], + "notBefore" : 0, + "groups" : [ ] + } ], + "scopeMappings" : [ { + "client" : "pgtest2", + "roles" : [ "pgrole" ] + }, { + "clientScope" : "offline_access", + "roles" : [ "offline_access" ] + }, { + "clientScope" : "pgscope2", + "roles" : [ "pgrole" ] + } ], + "clientScopeMappings" : { + "account" : [ { + "client" : "account-console", + "roles" : [ "manage-account", "view-groups" ] + } ] + }, + "clients" : [ { + "id" : "52984308-8706-4415-b42e-587778ae958f", + "clientId" : "account", + "name" : "${client_account}", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/wrongrealm/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/realms/wrongrealm/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "realm_client" : "false", + "post.logout.redirect.uris" : "+" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "basic", "email" ], + "optionalClientScopes" : [ "address", "phone", "organization", "offline_access", "microprofile-jwt" ] + }, { + "id" : "6bf29756-800f-46d5-bf99-b35176883238", + "clientId" : "account-console", + "name" : "${client_account-console}", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/wrongrealm/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/realms/wrongrealm/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "realm_client" : "false", + "post.logout.redirect.uris" : "+", + "pkce.code.challenge.method" : "S256" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "acc06c3e-2e3d-4d8c-9531-b459ccfe7c7f", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { } + } ], + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "basic", "email" ], + "optionalClientScopes" : [ "address", "phone", "organization", "offline_access", "microprofile-jwt" ] + }, { + "id" : "d2766b0d-07fc-4e83-bd66-6740d1315eee", + "clientId" : "admin-cli", + "name" : "${client_admin-cli}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : false, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "realm_client" : "false", + "client.use.lightweight.access.token.enabled" : "true" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "basic", "email" ], + "optionalClientScopes" : [ "address", "phone", "organization", "offline_access", "microprofile-jwt" ] + }, { + "id" : "5c9ec777-6ac6-47cf-8f32-4cc0ed81b9f9", + "clientId" : "broker", + "name" : "${client_broker}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : true, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "realm_client" : "true" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "basic", "email" ], + "optionalClientScopes" : [ "address", "phone", "organization", "offline_access", "microprofile-jwt" ] + }, { + "id" : "67d90622-9610-4ff7-b032-b8a2e62c3adf", + "clientId" : "pgtest", + "name" : "pgtest", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : true, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/*" ], + "webOrigins" : [ "/*" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : true, + "protocol" : "openid-connect", + "attributes" : { + "realm_client" : "false", + "backchannel.logout.session.required" : "true", + "post.logout.redirect.uris" : "+", + "oauth2.device.authorization.grant.enabled" : "true", + "backchannel.logout.revoke.offline.tokens" : "false" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : -1, + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "basic", "email" ], + "optionalClientScopes" : [ "address", "phone", "organization", "offline_access", "microprofile-jwt", "pgscope", "pgscope2" ] + }, { + "id" : "0d900f87-8bd8-4f4e-8ba5-0194db26ce40", + "clientId" : "pgtest2", + "name" : "pgtest2", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : true, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/*" ], + "webOrigins" : [ "/*" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : true, + "protocol" : "openid-connect", + "attributes" : { + "realm_client" : "false", + "backchannel.logout.session.required" : "true", + "post.logout.redirect.uris" : "+", + "oauth2.device.authorization.grant.enabled" : "true", + "backchannel.logout.revoke.offline.tokens" : "false" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : -1, + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "basic", "email" ], + "optionalClientScopes" : [ "address", "phone", "organization", "offline_access", "microprofile-jwt", "pgscope", "pgscope2" ] + }, { + "id" : "54440a52-5b91-43b7-9b04-99f64bfefb8c", + "clientId" : "realm-management", + "name" : "${client_realm-management}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : true, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "realm_client" : "true" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "basic", "email" ], + "optionalClientScopes" : [ "address", "phone", "organization", "offline_access", "microprofile-jwt" ] + }, { + "id" : "f0fdafef-08c2-42c5-abfd-395366b51905", + "clientId" : "security-admin-console", + "name" : "${client_security-admin-console}", + "rootUrl" : "${authAdminUrl}", + "baseUrl" : "/admin/wrongrealm/console/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/admin/wrongrealm/console/*" ], + "webOrigins" : [ "+" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "realm_client" : "false", + "client.use.lightweight.access.token.enabled" : "true", + "post.logout.redirect.uris" : "+", + "pkce.code.challenge.method" : "S256" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "bc821515-0e48-4ec5-8fe7-9cef9937e9ee", + "name" : "locale", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "locale", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "locale", + "jsonType.label" : "String" + } + } ], + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "basic", "email" ], + "optionalClientScopes" : [ "address", "phone", "organization", "offline_access", "microprofile-jwt" ] + } ], + "clientScopes" : [ { + "id" : "c4ff1cf8-2950-488c-ac9a-289a11e560b2", + "name" : "acr", + "description" : "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "27691372-1b84-468b-bae5-5ad6dee8a9e7", + "name" : "acr loa level", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-acr-mapper", + "consentRequired" : false, + "config" : { + "id.token.claim" : "true", + "introspection.token.claim" : "true", + "access.token.claim" : "true" + } + } ] + }, { + "id" : "fc9a7f8b-b00b-4210-80b1-deaa4688b2ad", + "name" : "basic", + "description" : "OpenID Connect scope for add all basic claims to the token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "6eb004ad-f0d3-4a0f-bd72-1a69cb89a3e0", + "name" : "sub", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-sub-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "access.token.claim" : "true" + } + }, { + "id" : "9da7c39c-747a-426c-923e-a1c7e37c6876", + "name" : "auth_time", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usersessionmodel-note-mapper", + "consentRequired" : false, + "config" : { + "user.session.note" : "AUTH_TIME", + "id.token.claim" : "true", + "introspection.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "auth_time", + "jsonType.label" : "long" + } + } ] + }, { + "id" : "20e780ec-39e7-4203-87d0-364a622edd19", + "name" : "organization", + "description" : "Additional claims about the organization a subject belongs to", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "consent.screen.text" : "${organizationScopeConsentText}", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "4eaaf3e1-5095-47b7-b7ef-946bc7a720c0", + "name" : "organization", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-organization-membership-mapper", + "consentRequired" : false, + "config" : { + "id.token.claim" : "true", + "introspection.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "organization", + "jsonType.label" : "String", + "multivalued" : "true" + } + } ] + }, { + "id" : "0e395b41-6803-4d75-891d-72447411365c", + "name" : "service_account", + "description" : "Specific scope for a client enabled for service accounts", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "ba8a94fe-b527-47d0-bed8-2b408c50cd32", + "name" : "Client ID", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usersessionmodel-note-mapper", + "consentRequired" : false, + "config" : { + "user.session.note" : "client_id", + "id.token.claim" : "true", + "introspection.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "client_id", + "jsonType.label" : "String" + } + }, { + "id" : "e06704c8-e6d7-4246-a649-0508a07d0bc2", + "name" : "Client IP Address", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usersessionmodel-note-mapper", + "consentRequired" : false, + "config" : { + "user.session.note" : "clientAddress", + "id.token.claim" : "true", + "introspection.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "clientAddress", + "jsonType.label" : "String" + } + }, { + "id" : "76a33128-6d0b-4b49-8a75-3a5ca85cf706", + "name" : "Client Host", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usersessionmodel-note-mapper", + "consentRequired" : false, + "config" : { + "user.session.note" : "clientHost", + "id.token.claim" : "true", + "introspection.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "clientHost", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "4a3b7c8c-981c-41de-8029-f72e9f4d7562", + "name" : "pgscope", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "consent.screen.text" : "PgTest Scope", + "display.on.consent.screen" : "true" + } + }, { + "id" : "c9c56a1d-ee81-49af-92eb-44300755e06e", + "name" : "email", + "description" : "OpenID Connect built-in scope: email", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "consent.screen.text" : "${emailScopeConsentText}", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "b4d96df8-432a-4276-9452-3e68e27a6e14", + "name" : "email verified", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "emailVerified", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email_verified", + "jsonType.label" : "boolean" + } + }, { + "id" : "ae36824a-b370-49d6-bf52-174d9296e863", + "name" : "email", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "email", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "e009477c-5636-4af9-b1f2-fbee71f4eb73", + "name" : "role_list", + "description" : "SAML role list", + "protocol" : "saml", + "attributes" : { + "consent.screen.text" : "${samlRoleListScopeConsentText}", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "cdfdb912-f828-4ee0-b6ad-b0d599e95615", + "name" : "role list", + "protocol" : "saml", + "protocolMapper" : "saml-role-list-mapper", + "consentRequired" : false, + "config" : { + "single" : "false", + "attribute.nameformat" : "Basic", + "attribute.name" : "Role" + } + } ] + }, { + "id" : "20cbb791-bfc8-4885-86e2-9ef2f08e7068", + "name" : "profile", + "description" : "OpenID Connect built-in scope: profile", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "consent.screen.text" : "${profileScopeConsentText}", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "da5e16c4-6916-4ded-8f1d-98a535cb69f6", + "name" : "given name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "firstName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "given_name", + "jsonType.label" : "String" + } + }, { + "id" : "b2d03371-89be-4d24-93bb-9cc77747b54c", + "name" : "nickname", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "nickname", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "nickname", + "jsonType.label" : "String" + } + }, { + "id" : "bb5bc173-1848-4537-8c8d-51f75e31be1a", + "name" : "profile", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "profile", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "profile", + "jsonType.label" : "String" + } + }, { + "id" : "5aa0fb34-680f-428e-ba63-0e54f58b6c70", + "name" : "middle name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "middleName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "middle_name", + "jsonType.label" : "String" + } + }, { + "id" : "bdf4a279-8167-4c6e-a92a-713515dcafba", + "name" : "zoneinfo", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "zoneinfo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "zoneinfo", + "jsonType.label" : "String" + } + }, { + "id" : "75c01d4e-76cb-4725-9dbd-1ca09b2a754c", + "name" : "website", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "website", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "website", + "jsonType.label" : "String" + } + }, { + "id" : "d9c0c7f5-d73d-455b-a2d0-cff8ea117653", + "name" : "family name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "lastName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "family_name", + "jsonType.label" : "String" + } + }, { + "id" : "baad031f-8c07-4a3e-a25b-157b3950496f", + "name" : "gender", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "gender", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "gender", + "jsonType.label" : "String" + } + }, { + "id" : "119fb955-b4af-48de-bf45-585952a0a59b", + "name" : "locale", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "locale", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "locale", + "jsonType.label" : "String" + } + }, { + "id" : "3998e573-ef44-423a-ae30-734a1bb65da4", + "name" : "birthdate", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "birthdate", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "birthdate", + "jsonType.label" : "String" + } + }, { + "id" : "db1d80f9-edd5-4f20-9289-0f9dab3e7afc", + "name" : "username", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "preferred_username", + "jsonType.label" : "String" + } + }, { + "id" : "31b6a1cf-418c-4636-8219-443fb1e215b1", + "name" : "picture", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "picture", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "picture", + "jsonType.label" : "String" + } + }, { + "id" : "19eee8bf-d171-4683-aaf1-48144d20e7e2", + "name" : "updated at", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "updatedAt", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "updated_at", + "jsonType.label" : "long" + } + }, { + "id" : "995eb083-e3c4-4bd7-bb26-b40efc70156b", + "name" : "full name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-full-name-mapper", + "consentRequired" : false, + "config" : { + "id.token.claim" : "true", + "introspection.token.claim" : "true", + "access.token.claim" : "true", + "userinfo.token.claim" : "true" + } + } ] + }, { + "id" : "c4624f85-b2d4-4444-a3a2-6e631c312178", + "name" : "roles", + "description" : "OpenID Connect scope for add user roles to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "consent.screen.text" : "${rolesScopeConsentText}", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "2ddb6f2d-eb4f-455b-a8d6-5ddea810d961", + "name" : "realm roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "foo", + "introspection.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "realm_access.roles", + "jsonType.label" : "String", + "multivalued" : "true" + } + }, { + "id" : "48e6f8e6-ecc5-4d9e-8ca5-05b3b684977f", + "name" : "client roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-client-role-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "foo", + "introspection.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "resource_access.${client_id}.roles", + "jsonType.label" : "String", + "multivalued" : "true" + } + }, { + "id" : "f8bdd3b7-8f3a-4b7a-9f33-580e6736ffa0", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "access.token.claim" : "true" + } + } ] + }, { + "id" : "3e7c6bfd-066c-4402-a220-7b14a2c43492", + "name" : "saml_organization", + "description" : "Organization Membership", + "protocol" : "saml", + "attributes" : { + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "40c76122-7308-48e9-ad37-61ce48282fab", + "name" : "organization", + "protocol" : "saml", + "protocolMapper" : "saml-organization-membership-mapper", + "consentRequired" : false, + "config" : { } + } ] + }, { + "id" : "531febbc-0233-49a3-8cdb-91fbb9d0e95f", + "name" : "web-origins", + "description" : "OpenID Connect scope for add allowed web origins to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "consent.screen.text" : "", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "de2a3a3f-cb55-4e67-be30-501f7bca8b19", + "name" : "allowed web origins", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-allowed-origins-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "access.token.claim" : "true" + } + } ] + }, { + "id" : "afc3764a-b103-458e-a175-6b4999a31181", + "name" : "address", + "description" : "OpenID Connect built-in scope: address", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "consent.screen.text" : "${addressScopeConsentText}", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "5f851efc-a198-4c45-9feb-62edb74ec6ef", + "name" : "address", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-address-mapper", + "consentRequired" : false, + "config" : { + "user.attribute.formatted" : "formatted", + "user.attribute.country" : "country", + "introspection.token.claim" : "true", + "user.attribute.postal_code" : "postal_code", + "userinfo.token.claim" : "true", + "user.attribute.street" : "street", + "id.token.claim" : "true", + "user.attribute.region" : "region", + "access.token.claim" : "true", + "user.attribute.locality" : "locality" + } + } ] + }, { + "id" : "59e7c2ab-d4fc-45c8-993d-dc37cfa74ed4", + "name" : "microprofile-jwt", + "description" : "Microprofile - JWT built-in scope", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "682240b1-02a1-4eed-a3d1-90f2fead2631", + "name" : "groups", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "multivalued" : "true", + "user.attribute" : "foo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "groups", + "jsonType.label" : "String" + } + }, { + "id" : "31d1fce2-fc3e-4971-9870-3be426b518ce", + "name" : "upn", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "upn", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "5a5dc63d-9c8d-4d04-a9f0-b014846e521b", + "name" : "offline_access", + "description" : "OpenID Connect built-in scope: offline_access", + "protocol" : "openid-connect", + "attributes" : { + "consent.screen.text" : "${offlineAccessScopeConsentText}", + "display.on.consent.screen" : "true" + } + }, { + "id" : "038376c8-2cea-4004-9f9a-915b5b4eef65", + "name" : "phone", + "description" : "OpenID Connect built-in scope: phone", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "consent.screen.text" : "${phoneScopeConsentText}", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "72828c32-f614-4db3-8abd-4e1d2f8164f1", + "name" : "phone number verified", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "phoneNumberVerified", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "phone_number_verified", + "jsonType.label" : "boolean" + } + }, { + "id" : "0ffce7f2-cfb4-4e75-90b9-11d06d84576d", + "name" : "phone number", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "phoneNumber", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "phone_number", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "fb9d3455-3c58-411f-b74f-2196f49d13b7", + "name" : "pgscope2", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "consent.screen.text" : "PgTest Scope", + "display.on.consent.screen" : "true" + } + } ], + "defaultDefaultClientScopes" : [ "role_list", "saml_organization", "profile", "email", "roles", "web-origins", "acr", "basic" ], + "defaultOptionalClientScopes" : [ "offline_access", "address", "phone", "microprofile-jwt", "organization", "pgscope", "pgscope2" ], + "browserSecurityHeaders" : { + "contentSecurityPolicyReportOnly" : "", + "xContentTypeOptions" : "nosniff", + "referrerPolicy" : "no-referrer", + "xRobotsTag" : "none", + "xFrameOptions" : "SAMEORIGIN", + "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "strictTransportSecurity" : "max-age=31536000; includeSubDomains" + }, + "smtpServer" : { }, + "eventsEnabled" : false, + "eventsListeners" : [ "jboss-logging" ], + "enabledEventTypes" : [ ], + "adminEventsEnabled" : false, + "adminEventsDetailsEnabled" : false, + "identityProviders" : [ ], + "identityProviderMappers" : [ ], + "components" : { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ { + "id" : "0bd981e0-c4f5-4c8b-9edf-8f2c17b431c5", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "saml-user-property-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper", "saml-user-attribute-mapper", "oidc-full-name-mapper", "saml-role-list-mapper", "oidc-address-mapper" ] + } + }, { + "id" : "fec62563-22a7-42d1-a4eb-241e758d977d", + "name" : "Trusted Hosts", + "providerId" : "trusted-hosts", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "host-sending-registration-request-must-match" : [ "true" ], + "client-uris-must-match" : [ "true" ] + } + }, { + "id" : "1366de28-bc13-48e1-a558-83c2602d9c79", + "name" : "Max Clients Limit", + "providerId" : "max-clients", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "max-clients" : [ "200" ] + } + }, { + "id" : "4716e769-2565-455b-bbe5-0e7cfcd3ff85", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "oidc-usermodel-attribute-mapper", "saml-user-property-mapper", "saml-user-attribute-mapper", "oidc-usermodel-property-mapper", "saml-role-list-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-full-name-mapper", "oidc-address-mapper" ] + } + }, { + "id" : "c253a72b-7add-41cb-b6d4-0c29f667f3ec", + "name" : "Allowed Registration Web Origins", + "providerId" : "registration-web-origins", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { } + }, { + "id" : "282b3b91-9c19-41fa-a15a-54fab5ee9222", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "allow-default-scopes" : [ "true" ] + } + }, { + "id" : "b7e052d5-99a3-454c-9035-ffcd7e68ed68", + "name" : "Allowed Registration Web Origins", + "providerId" : "registration-web-origins", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "3b858a82-59c6-4482-86be-dd0993d0415f", + "name" : "Consent Required", + "providerId" : "consent-required", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "d89c7497-0412-4bc4-935d-1eca0c364317", + "name" : "Full Scope Disabled", + "providerId" : "scope", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "211c43bf-5cc8-4dde-9b67-c9efd2da4748", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allow-default-scopes" : [ "true" ] + } + } ], + "org.keycloak.keys.KeyProvider" : [ { + "id" : "d4943f13-87ac-426d-ac74-9979e2957f80", + "name" : "rsa-generated", + "providerId" : "rsa-generated", + "subComponents" : { }, + "config" : { + "privateKey" : [ "MIIEpAIBAAKCAQEAu0twF/ci4V+HyFjO5E3Z4hk6qCO2ioSek169fumdngChiYZMQQrEqEEwfzqnk1S2yipGD/idj3o24XPJOEi4ILLi6sMhaEJav+2dVfvsu40mbGvXmMyay58bcsnYx1TPWSQkQQyjp4r2iw9N9/880ZTsTrubCnW3QE4PQQpOnj27jxO3s7SbuaArjLrUtCEcdamvWtgBvlqPW7h1CYE4r3gzTjoFzZIuuCTW+6BQ9qrINwW/yQPtfyIeIaXJrKuEHGD5VM6sSMpdyeeFOJGzZUnsnePY/1nvZVAoyb6sfmASEBVWo6xRRVig5n06L0RwSE4X4g3r1gmcf3fB4U7yaQIDAQABAoIBAAM3D0yKBIJD5ovM4nhO0c+syTH7svV7w1EaTjxwfDErJ5q5wHNZYPjWbaOxeRDxYlXkFeHOTb4ZxflmyGx76xU8nOKUyO0GPpKO3KWONokdqiwwSboowPt/1rPIvTzmusx371tigSiuHP9UGu2H5x5d5RSQ6d9rF+M1s9NU/vZ+Z0WRSx/ZYTVgf1G0TM+FGTOrwUjMpSbHtLBvMLi83hamG61GerpVmlE0t65Qp3QhcmleWJ4uImEsVqZ0mdODhP4r++Cd+UM0/ILYMzk4jrgK7Fq7hNnlnq+j8QWUzJmU0EE4cBPTF2A9g+dmED2lc7kcF2ct6sYI52MFX497QKUCgYEA4RVg2EPAmBYe8O2/nvKDvYuZvuTfQ+Loku2BH9wpGqfm2mgDP6L0ZpGH6vQzuQ8yOMBSGgQpLJE8vaP1dv14s8KPWsXvBuRqivF/naU12K7/ctvz1eqmlN397vkaXgPB0q3n/49Zhmogmk9Fjg9WWgSHbOI4pqCGldWK1IsTcfcCgYEA1QVKCi9ws5gxp1jA1q3WjO7Zyo95UlquaLcPs9tKRqT90TBcjC6jGEs91FsWoUhupvGjCgBNirN6d0sdQgv2ZXhRCg4cbkhUDgxasN3RvedL+megdltc+jafq+3PRfkLgvWz/Dmap4J/N8Mko8VuzKLvvSRljSCmbcN3YEkTpp8CgYA3fmvYJiwv0xRh1lwuNiCg9PA9DnS1ahZpU0FIt6Eyvz69jnNulyCmwS6/kOHHuKVrNI+JdokoQc61+tykL644s7lgafiavGpAQ3ZxSbBS8iJtESm3DhlwDqNy7dvAXjDFXrcaXR93cmcDZJQDiGiD3SX+hG/vNRi5jGKkMH3k1QKBgQCObBfhkXBPkxz3nx5nKhj9ZyBUDvL1fc2IE4S7Io2Zh+xvdV8bFn9S2dN/7FrIAG6CzaHNKQCvEGp74cuxAeB+XSAJkf+uOEuCjP4BrHzz8/XXeHtPRqx2WhkNUVU4mlb4+x+YLkdZYaV++cjAelsnFHUnR3NiFQdQ8dQZmyI5TwKBgQCMrCJKYrYMgm7ehUjvDXDZEIFykWOJSQ+CrMne3rTiXBCuvVd9IEclmhRBFB3AnIf9SvIB6tqKMIZLUydC/q1C1MPDRfJHGe/7yS6goCy4P62erB2j3H40H5xjJ+RZ8+0W6TFNu1Vr67fNF9rYVm63AmKY6I7G63lwKqroWkFNhg==" ], + "keyUse" : [ "SIG" ], + "certificate" : [ "MIICozCCAYsCBgGclirg4DANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDDAp3cm9uZ3JlYWxtMB4XDTI2MDIyNTE4NTY1OFoXDTM2MDIyNTE4NTgzOFowFTETMBEGA1UEAwwKd3JvbmdyZWFsbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALtLcBf3IuFfh8hYzuRN2eIZOqgjtoqEnpNevX7pnZ4AoYmGTEEKxKhBMH86p5NUtsoqRg/4nY96NuFzyThIuCCy4urDIWhCWr/tnVX77LuNJmxr15jMmsufG3LJ2MdUz1kkJEEMo6eK9osPTff/PNGU7E67mwp1t0BOD0EKTp49u48Tt7O0m7mgK4y61LQhHHWpr1rYAb5aj1u4dQmBOK94M046Bc2SLrgk1vugUPaqyDcFv8kD7X8iHiGlyayrhBxg+VTOrEjKXcnnhTiRs2VJ7J3j2P9Z72VQKMm+rH5gEhAVVqOsUUVYoOZ9Oi9EcEhOF+IN69YJnH93weFO8mkCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAfBMn3833gOyVCNTWw5qlqiCroWG9++BDuBP0AuqARSlcJAaCMFyggH2BVCvPEgqDrOcnDQIN7GgJ35RNDQbncKMwY7qv9D5iI1BzkhTikrry52gLwvXKxp393YIIHg4fYpbrPpdbG2eDBhVRhRq8U1n3q5C+VYDMTqbRlFgtHKpA+vnEh3M69gfgPjuVTDajQsF4bYwgz3GRA7v5MNW3SJY9xRxlDudteWwG13dCjJkrHv61jPX0rejtybx0EbGV3xUzuGCX+hb/OXSeuCReJvKKyI5JxVxLP1KfSq3Eaw/4U500JGjYU75y9s1aWOwenIgf6d16ZYILmeHJyOzyvQ==" ], + "priority" : [ "100" ] + } + }, { + "id" : "6f2d98bd-32a8-4c28-83d3-11eda8138516", + "name" : "rsa-enc-generated", + "providerId" : "rsa-enc-generated", + "subComponents" : { }, + "config" : { + "privateKey" : [ "MIIEogIBAAKCAQEAxnPxjvdFTbd1rZ8pwOfGj5wgz0oTqq2Sn/r0UBINPNyj4Q/DvxuTDBDRaR0PAyrHWqzXQieYLaVT7Ez4rTSG9QB3w9q9ar4DbFvrH8tf3ndaze7BLk/A6Q6+94d3ElOY8IRrwB+oDj/3miGmgEvmDK7OgXzChbRziCqKaYdD3h+UpIbIai5qunN+MWFKxQgejjBRRp73DkgoBWwG4pl0b+HvHij3YFfZ6pe4H7ULY2196mk9o3tmg7bQvPxdFfCIn2RZ7VQO6xjTfhYJOFqftDwaG53SddVl553FIYVus/prem2pmpxa4n9x2ES4Quagr9Mn0uRCeiVzCm4VfzPSOQIDAQABAoIBAAS/swTVCXFD5dq+/4iIc1Gt7oIPV3ui1iqiXnTJDcyKShihYDGDRyhHgb9WbOzKOgWDM853NJbJCUJTEDNS2bTkqzkCU7yJafsOkwiKfRONfxyE7VX+nhLloa+6K+ECI5uDy7FIAKVAphvn2LxitJFSoInsMppw+D/GptPCIx9eTr78mvNuYAl7Ekxn2BNeh+fLYzcF26MLSTknzb+xU2kJuKYDGnrduuHBX/mCq1q6hecyD4R37CUsCnnstqh/LGorrOJi/uLGYQIbd/vxDhayXVOL4NORFGIpuDCvAAupktV6dEvG9giUFG1+M8gNbHr2pHNAfGA4U9G9jZnn2aECgYEA+o9R5Q9GWEbMxcR5SfetfoIBjQonyoVkyvk+AHttbYZt9w1HFH0gImjZbZfTcz+8yjbrkPgrsZI7knVguSuxU9wR3ld4vIdSf/N7uVxuni0RCimEkBSDCv/knMFpten51vn9eD5/zgv4LKuljmxGvGMKxcuaWoChKYNX3th0FJECgYEAysL/w47tOCSLSpwkCZUPU7iObFixq05WsG58eiPnvECPfDX6ag3+LODUQAVELA0FHbB6FtoB8g+cB7j8y4HNHcWNUlEHuCARnXNDabTR14jO6PIwDUuqwd6bGtemZaIHrn01Qmvc6vBiIdyncZ9Awj39U82YE7BvGbpyQ/ZLlykCgYBaYUhRL+lX/nHvBKgbnlPexlZ44ajozKVG8hEDa4JVd6BC9W8mXNwyjU+g0JtdfyhCaP0gFeTs8Kq8ccqqALC+Zyuq4DKVDtsbfGCsxELCm88Bs2g18LA0T4nPYZUYIYYVnadosGK5mGe09VWKwlPhsHg6UO8kpjF8H/yaTcnRgQKBgFCOxPs3b/xcWJMeEhtUg7BppPxbCMvc5ghW/VGxrkJXDCr3bzRvtsqx0OJWtU0jJyMymG830ooPtZhD4Pwh6BKqCInp870t0JHT17bJxo1xp3NZtcmyhHdeMBWsFEpQ4+hpip2HKVCWjQaTGlvEQABsjJedGYzJDnsUXo2t7z5xAoGAcKxYRzaegwP852Q9pfUMEJBwduJ28qBvJ741djlV/A9Bbw+AzYKnFQKfNHWy/hfWqoCGWt24NM3462gIwl60WnEBZwgYP9e6I/IosSEGR2i914OnMaHr+TGeoS9zNobKoFbBaapOtp8xdS5turjeIzHYOOqrC0BRS0rxEWJbWCQ=" ], + "keyUse" : [ "ENC" ], + "certificate" : [ "MIICozCCAYsCBgGclirhETANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDDAp3cm9uZ3JlYWxtMB4XDTI2MDIyNTE4NTY1OFoXDTM2MDIyNTE4NTgzOFowFTETMBEGA1UEAwwKd3JvbmdyZWFsbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMZz8Y73RU23da2fKcDnxo+cIM9KE6qtkp/69FASDTzco+EPw78bkwwQ0WkdDwMqx1qs10InmC2lU+xM+K00hvUAd8PavWq+A2xb6x/LX953Ws3uwS5PwOkOvveHdxJTmPCEa8AfqA4/95ohpoBL5gyuzoF8woW0c4gqimmHQ94flKSGyGouarpzfjFhSsUIHo4wUUae9w5IKAVsBuKZdG/h7x4o92BX2eqXuB+1C2NtfeppPaN7ZoO20Lz8XRXwiJ9kWe1UDusY034WCThan7Q8Ghud0nXVZeedxSGFbrP6a3ptqZqcWuJ/cdhEuELmoK/TJ9LkQnolcwpuFX8z0jkCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAD0m5jqSqc+K1m/ZDp1Qis/voPYDMGfQwdZGjFGx/fyvThWnN21069WHp89LPULceDEWZbzEEUdPXH3zpbPGbshBG47yf6rqn4FS+XIR40WKQvQqlA785QeYZnK4PaY0RcKQHNOAMc9cLJokghrU1m5jOrCvN0LyikxeDKAZQOWt3CHTnysnmkpdnpGvUlS4CKgX+o2TjMHgQmp5cTcpBs/me0Z7MR6CqTIH6Zllt5pWMIR3Ha451aB17Kcod9bl+NvxUBuHUM5Q49/XAHEeqSKX0xQZxxFuSsLAWU3EjUu+Y+0Ys25Dm/7NBwT1PDaScR9VUvicLwDZ80L7us43n4Q==" ], + "priority" : [ "100" ], + "algorithm" : [ "RSA-OAEP" ] + } + }, { + "id" : "7eee8c4d-b061-4644-ad1a-bed7477a13f1", + "name" : "hmac-generated-hs512", + "providerId" : "hmac-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "959c2eab-5f9b-4199-9f4b-e9a1fd81a3a2" ], + "secret" : [ "jCKsoNaSnT5Mad_XLc_nu_hVG_Yy1CcUA9masilniSjR5_oHPjK2z-QiWqfFlWC2vqM85_uF6c6V1OwUUMiivtO5JIB7Il0JqtObo5Gf_GLnh1eDQtdI7bu7nCZFnxv14THH1uJrQeVObxOPEuweFiQ1s1P3KDdYuy5CQ18uhe8" ], + "priority" : [ "100" ], + "algorithm" : [ "HS512" ] + } + }, { + "id" : "962d25d8-bd38-4c64-bf52-48152b66c9db", + "name" : "aes-generated", + "providerId" : "aes-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "548f889f-b40e-4b49-9d26-a8e397739c70" ], + "secret" : [ "KJqLQAag1FyVKLbOyDyuQg" ], + "priority" : [ "100" ] + } + } ] + }, + "internationalizationEnabled" : false, + "authenticationFlows" : [ { + "id" : "b6fdc281-0de3-47dc-8d94-1d8f1a4e320d", + "alias" : "Account verification options", + "description" : "Method with which to verify the existing account", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-email-verification", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Verify Existing Account by Re-authentication", + "userSetupAllowed" : false + } ] + }, { + "id" : "d4df04c3-326c-4997-9d26-eb968c5ce0cd", + "alias" : "Browser - Conditional 2FA", + "description" : "Flow to determine if any 2FA is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorConfig" : "browser-conditional-credential", + "authenticator" : "conditional-credential", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-otp-form", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 30, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "webauthn-authenticator", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 40, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-recovery-authn-code-form", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 50, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "02cfa0c8-2736-45f3-afa9-4f6f44f9ae37", + "alias" : "Browser - Conditional Organization", + "description" : "Flow to determine if the organization identity-first login is to be used", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "organization", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "d86beec7-c88f-4f5d-913e-a8f2dc280c5e", + "alias" : "Direct Grant - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "direct-grant-validate-otp", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "8268c0e1-c75e-4372-b30b-ff7df0608b75", + "alias" : "First Broker Login - Conditional Organization", + "description" : "Flow to determine if the authenticator that adds organization members is to be used", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "idp-add-organization-member", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "81222f9c-f693-49b9-882a-d6a8f4a2b8aa", + "alias" : "First broker login - Conditional 2FA", + "description" : "Flow to determine if any 2FA is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorConfig" : "first-broker-login-conditional-credential", + "authenticator" : "conditional-credential", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-otp-form", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 30, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "webauthn-authenticator", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 40, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-recovery-authn-code-form", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 50, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "2c539ec6-150f-49c9-8b34-ef2e7aa3c8fe", + "alias" : "Handle Existing Account", + "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-confirm-link", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Account verification options", + "userSetupAllowed" : false + } ] + }, { + "id" : "283aaaae-0fad-4f97-b79c-39f7c49c623a", + "alias" : "Organization", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 10, + "autheticatorFlow" : true, + "flowAlias" : "Browser - Conditional Organization", + "userSetupAllowed" : false + } ] + }, { + "id" : "15c98191-994a-4964-99d2-3bc5933999f7", + "alias" : "Reset - Conditional OTP", + "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-otp", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "f745ca3a-aef2-4ee2-bfbd-287a37d61111", + "alias" : "User creation or linking", + "description" : "Flow for the existing/non-existing user alternatives", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "create unique user config", + "authenticator" : "idp-create-user-if-unique", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Handle Existing Account", + "userSetupAllowed" : false + } ] + }, { + "id" : "69be3529-5d25-48c4-9ebf-99e72b7d69d7", + "alias" : "Verify Existing Account by Re-authentication", + "description" : "Reauthentication of existing account", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-username-password-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "First broker login - Conditional 2FA", + "userSetupAllowed" : false + } ] + }, { + "id" : "e49f2a8c-40c9-49d7-ba88-b3476632432b", + "alias" : "browser", + "description" : "Browser based authentication", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-cookie", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-spnego", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "identity-provider-redirector", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 25, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 26, + "autheticatorFlow" : true, + "flowAlias" : "Organization", + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 30, + "autheticatorFlow" : true, + "flowAlias" : "forms", + "userSetupAllowed" : false + } ] + }, { + "id" : "fba0dd3a-a5b4-4adc-8310-b1aab8b257ac", + "alias" : "clients", + "description" : "Base authentication for clients", + "providerId" : "client-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "client-secret", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-jwt", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-secret-jwt", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 30, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-x509", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 40, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "c31aa1de-94ca-4081-95e1-786e90885620", + "alias" : "direct grant", + "description" : "OpenID Connect Resource Owner Grant", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "direct-grant-validate-username", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "direct-grant-validate-password", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 30, + "autheticatorFlow" : true, + "flowAlias" : "Direct Grant - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "c07258a6-79a6-42d9-b65f-71f892a6342f", + "alias" : "docker auth", + "description" : "Used by Docker clients to authenticate against the IDP", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "docker-http-basic-authenticator", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "d6425ca9-f41c-408b-8058-db0da130352f", + "alias" : "first broker login", + "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "review profile config", + "authenticator" : "idp-review-profile", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "User creation or linking", + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 60, + "autheticatorFlow" : true, + "flowAlias" : "First Broker Login - Conditional Organization", + "userSetupAllowed" : false + } ] + }, { + "id" : "1e8c6436-f5cf-46d9-8b61-4d1619c31441", + "alias" : "forms", + "description" : "Username, password, otp and other auth forms.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-username-password-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Browser - Conditional 2FA", + "userSetupAllowed" : false + } ] + }, { + "id" : "f0f7dcb5-c4f4-4607-a1a2-067e0456b777", + "alias" : "registration", + "description" : "Registration flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-page-form", + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : true, + "flowAlias" : "registration form", + "userSetupAllowed" : false + } ] + }, { + "id" : "8f335107-676e-4181-8d85-5951e3ad1918", + "alias" : "registration form", + "description" : "Registration form", + "providerId" : "form-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-user-creation", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "registration-password-action", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 50, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "registration-recaptcha-action", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 60, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "registration-terms-and-conditions", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 70, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "688b11b2-6097-4024-aa42-1e117474139d", + "alias" : "reset credentials", + "description" : "Reset credentials for a user if they forgot their password or something", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "reset-credentials-choose-user", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-credential-email", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-password", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 30, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 40, + "autheticatorFlow" : true, + "flowAlias" : "Reset - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "17b9f0c7-bc73-4a72-9320-8ac05798c56f", + "alias" : "saml ecp", + "description" : "SAML ECP Profile Authentication Flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "http-basic-authenticator", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + } ], + "authenticatorConfig" : [ { + "id" : "82cc53de-bb29-4c4d-83de-e3f27de192e4", + "alias" : "browser-conditional-credential", + "config" : { + "credentials" : "webauthn-passwordless" + } + }, { + "id" : "deb317d9-fb5c-474d-9918-b20a4fd65b07", + "alias" : "create unique user config", + "config" : { + "require.password.update.after.registration" : "false" + } + }, { + "id" : "5141a232-d40c-403a-b6de-0a3ca7388859", + "alias" : "first-broker-login-conditional-credential", + "config" : { + "credentials" : "webauthn-passwordless" + } + }, { + "id" : "0094d663-972f-4fa5-93c3-e03d6d68426d", + "alias" : "review profile config", + "config" : { + "update.profile.on.first.login" : "missing" + } + } ], + "requiredActions" : [ { + "alias" : "CONFIGURE_TOTP", + "name" : "Configure OTP", + "providerId" : "CONFIGURE_TOTP", + "enabled" : true, + "defaultAction" : false, + "priority" : 10, + "config" : { } + }, { + "alias" : "TERMS_AND_CONDITIONS", + "name" : "Terms and Conditions", + "providerId" : "TERMS_AND_CONDITIONS", + "enabled" : false, + "defaultAction" : false, + "priority" : 20, + "config" : { } + }, { + "alias" : "UPDATE_PASSWORD", + "name" : "Update Password", + "providerId" : "UPDATE_PASSWORD", + "enabled" : true, + "defaultAction" : false, + "priority" : 30, + "config" : { } + }, { + "alias" : "UPDATE_PROFILE", + "name" : "Update Profile", + "providerId" : "UPDATE_PROFILE", + "enabled" : true, + "defaultAction" : false, + "priority" : 40, + "config" : { } + }, { + "alias" : "VERIFY_EMAIL", + "name" : "Verify Email", + "providerId" : "VERIFY_EMAIL", + "enabled" : true, + "defaultAction" : false, + "priority" : 50, + "config" : { } + }, { + "alias" : "delete_account", + "name" : "Delete Account", + "providerId" : "delete_account", + "enabled" : false, + "defaultAction" : false, + "priority" : 60, + "config" : { } + }, { + "alias" : "UPDATE_EMAIL", + "name" : "Update Email", + "providerId" : "UPDATE_EMAIL", + "enabled" : false, + "defaultAction" : false, + "priority" : 70, + "config" : { } + }, { + "alias" : "webauthn-register", + "name" : "Webauthn Register", + "providerId" : "webauthn-register", + "enabled" : true, + "defaultAction" : false, + "priority" : 80, + "config" : { } + }, { + "alias" : "webauthn-register-passwordless", + "name" : "Webauthn Register Passwordless", + "providerId" : "webauthn-register-passwordless", + "enabled" : true, + "defaultAction" : false, + "priority" : 90, + "config" : { } + }, { + "alias" : "VERIFY_PROFILE", + "name" : "Verify Profile", + "providerId" : "VERIFY_PROFILE", + "enabled" : true, + "defaultAction" : false, + "priority" : 100, + "config" : { } + }, { + "alias" : "delete_credential", + "name" : "Delete Credential", + "providerId" : "delete_credential", + "enabled" : true, + "defaultAction" : false, + "priority" : 110, + "config" : { } + }, { + "alias" : "idp_link", + "name" : "Linking Identity Provider", + "providerId" : "idp_link", + "enabled" : true, + "defaultAction" : false, + "priority" : 120, + "config" : { } + }, { + "alias" : "CONFIGURE_RECOVERY_AUTHN_CODES", + "name" : "Recovery Authentication Codes", + "providerId" : "CONFIGURE_RECOVERY_AUTHN_CODES", + "enabled" : true, + "defaultAction" : false, + "priority" : 130, + "config" : { } + }, { + "alias" : "update_user_locale", + "name" : "Update User Locale", + "providerId" : "update_user_locale", + "enabled" : true, + "defaultAction" : false, + "priority" : 1000, + "config" : { } + } ], + "browserFlow" : "browser", + "registrationFlow" : "registration", + "directGrantFlow" : "direct grant", + "resetCredentialsFlow" : "reset credentials", + "clientAuthenticationFlow" : "clients", + "dockerAuthenticationFlow" : "docker auth", + "firstBrokerLoginFlow" : "first broker login", + "attributes" : { + "cibaBackchannelTokenDeliveryMode" : "poll", + "cibaExpiresIn" : "120", + "cibaAuthRequestedUserHint" : "login_hint", + "oauth2DeviceCodeLifespan" : "600", + "oauth2DevicePollingInterval" : "5", + "parRequestUriLifespan" : "60", + "cibaInterval" : "5", + "realmReusableOtpCode" : "false" + }, + "keycloakVersion" : "26.5.3", + "userManagedAccessAllowed" : false, + "organizationsEnabled" : false, + "verifiableCredentialsEnabled" : false, + "adminPermissionsEnabled" : false, + "clientProfiles" : { + "profiles" : [ ] + }, + "clientPolicies" : { + "policies" : [ ] + } +} \ No newline at end of file diff --git a/test/start-keycloak.sh b/test/start-keycloak.sh new file mode 100755 index 0000000..45cc759 --- /dev/null +++ b/test/start-keycloak.sh @@ -0,0 +1,76 @@ +#!/bin/bash +# start-keycloak.sh - Start a Keycloak instance with the test realms. +# +# Imports all realm JSON files from test/import/ (pgrealm, wrongrealm). +# Keycloak listens on https://localhost:8443 with a self-signed certificate. +# +# Usage: +# ./start-keycloak.sh # start in background +# ./start-keycloak.sh --stop # stop the running instance +# +# Admin console: https://localhost:8443/admin (admin/admin) + +set -euo pipefail + +SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)" +CONTAINER_NAME="kc-test" +KC_PORT=8443 +KC_IMAGE="quay.io/keycloak/keycloak:latest" + +if command -v podman &>/dev/null; then + RT=podman +elif command -v docker &>/dev/null; then + RT=docker +else + echo "Error: Neither podman nor docker found" >&2 + exit 1 +fi + +# --- Stop --- + +if [ "${1:-}" = "--stop" ]; then + echo "Stopping Keycloak..." + $RT stop "$CONTAINER_NAME" 2>/dev/null || true + $RT rm -f "$CONTAINER_NAME" 2>/dev/null || true + echo "Done." + exit 0 +fi + +# --- Start --- + +# Stop any existing instance +$RT stop "$CONTAINER_NAME" 2>/dev/null || true +$RT rm -f "$CONTAINER_NAME" 2>/dev/null || true + +echo "Starting Keycloak on https://localhost:$KC_PORT ..." +$RT run -d --rm --name "$CONTAINER_NAME" \ + -p "127.0.0.1:$KC_PORT:8443" \ + -e KC_BOOTSTRAP_ADMIN_USERNAME=admin \ + -e KC_BOOTSTRAP_ADMIN_PASSWORD=admin \ + -e KC_HTTPS_CERTIFICATE_FILE=/keys/crt.pem \ + -e KC_HTTPS_CERTIFICATE_KEY_FILE=/keys/key.pem \ + -v "$SCRIPT_DIR/import:/opt/keycloak/data/import" \ + -v "$SCRIPT_DIR/keys:/keys/" \ + "$KC_IMAGE" \ + start-dev --import-realm >/dev/null + +echo "Waiting for Keycloak to start..." +for i in $(seq 1 90); do + if curl -ksf "https://localhost:$KC_PORT/realms/pgrealm" >/dev/null 2>&1; then + echo "Keycloak is ready." + echo "" + echo " Realms:" + echo " https://localhost:$KC_PORT/realms/pgrealm" + echo " https://localhost:$KC_PORT/realms/wrongrealm" + echo " Admin: https://localhost:$KC_PORT/admin (admin/admin)" + echo "" + echo " Stop with: $0 --stop" + exit 0 + fi + if [ "$i" -eq 90 ]; then + echo "Error: Keycloak did not start within 90 seconds" >&2 + $RT logs "$CONTAINER_NAME" 2>&1 | tail -20 + exit 1 + fi + sleep 1 +done