From 413105401a49cce018855b9b78382ac05c611841 Mon Sep 17 00:00:00 2001 From: "Felix T.J. Dietrich" Date: Wed, 20 Nov 2024 18:55:18 +0100 Subject: [PATCH] Add settings page to delete user (#182) --- ...cloak-hephaestus-realm-example-config.json | 4456 +++++++++-------- server/application-server/openapi.yaml | 8 + server/application-server/pom.xml | 5 + .../www1/hephaestus/OpenAPIConfiguration.java | 112 +- .../hephaestus/config/KeycloakConfig.java | 35 + .../gitprovider/user/UserController.java | 38 +- .../src/main/resources/application-prod.yml | 7 + .../src/main/resources/application.yml | 5 + webapp/src/app/app.routes.ts | 2 + .../src/app/core/header/header.component.html | 4 + .../src/app/core/header/header.component.ts | 5 +- .../core/modules/openapi/api/user.service.ts | 58 + .../openapi/api/user.serviceInterface.ts | 6 + webapp/src/app/settings/settings.component.ts | 71 + 14 files changed, 2696 insertions(+), 2116 deletions(-) create mode 100644 server/application-server/src/main/java/de/tum/in/www1/hephaestus/config/KeycloakConfig.java create mode 100644 webapp/src/app/settings/settings.component.ts diff --git a/server/application-server/keycloak-hephaestus-realm-example-config.json b/server/application-server/keycloak-hephaestus-realm-example-config.json index 649340a4..dd795ec5 100644 --- a/server/application-server/keycloak-hephaestus-realm-example-config.json +++ b/server/application-server/keycloak-hephaestus-realm-example-config.json @@ -1,2086 +1,2394 @@ { - "id" : "69732d45-1431-4909-9335-9f39e304f823", - "realm" : "hephaestus", - "displayName" : "Hephaestus", - "displayNameHtml" : "", - "notBefore" : 0, - "defaultSignatureAlgorithm" : "RS256", - "revokeRefreshToken" : false, - "refreshTokenMaxReuse" : 0, - "accessTokenLifespan" : 300, - "accessTokenLifespanForImplicitFlow" : 900, - "ssoSessionIdleTimeout" : 1800, - "ssoSessionMaxLifespan" : 36000, - "ssoSessionIdleTimeoutRememberMe" : 0, - "ssoSessionMaxLifespanRememberMe" : 0, - "offlineSessionIdleTimeout" : 2592000, - "offlineSessionMaxLifespanEnabled" : false, - "offlineSessionMaxLifespan" : 5184000, - "clientSessionIdleTimeout" : 0, - "clientSessionMaxLifespan" : 0, - "clientOfflineSessionIdleTimeout" : 0, - "clientOfflineSessionMaxLifespan" : 0, - "accessCodeLifespan" : 60, - "accessCodeLifespanUserAction" : 300, - "accessCodeLifespanLogin" : 1800, - "actionTokenGeneratedByAdminLifespan" : 43200, - "actionTokenGeneratedByUserLifespan" : 300, - "oauth2DeviceCodeLifespan" : 600, - "oauth2DevicePollingInterval" : 5, - "enabled" : true, - "sslRequired" : "external", - "registrationAllowed" : false, - "registrationEmailAsUsername" : false, - "rememberMe" : false, - "verifyEmail" : false, - "loginWithEmailAllowed" : false, - "duplicateEmailsAllowed" : false, - "resetPasswordAllowed" : false, - "editUsernameAllowed" : false, - "bruteForceProtected" : false, - "permanentLockout" : false, - "maxTemporaryLockouts" : 0, - "maxFailureWaitSeconds" : 900, - "minimumQuickLoginWaitSeconds" : 60, - "waitIncrementSeconds" : 60, - "quickLoginCheckMilliSeconds" : 1000, - "maxDeltaTimeSeconds" : 43200, - "failureFactor" : 30, - "roles" : { - "realm" : [ { - "id" : "2c84cd55-3b48-4e4a-8c4d-c94cf6ae0810", - "name" : "offline_access", - "description" : "${role_offline-access}", - "composite" : false, - "clientRole" : false, - "containerId" : "69732d45-1431-4909-9335-9f39e304f823", - "attributes" : { } - }, { - "id" : "97e10494-a59d-4d17-bf44-951411184167", - "name" : "default-roles-hephaestus", - "description" : "${role_default-roles}", - "composite" : true, - "composites" : { - "realm" : [ "offline_access", "uma_authorization" ], - "client" : { - "account" : [ "view-profile", "manage-account" ] + "id": "69732d45-1431-4909-9335-9f39e304f823", + "realm": "hephaestus", + "displayName": "Hephaestus", + "displayNameHtml": "", + "notBefore": 0, + "defaultSignatureAlgorithm": "RS256", + "revokeRefreshToken": false, + "refreshTokenMaxReuse": 0, + "accessTokenLifespan": 300, + "accessTokenLifespanForImplicitFlow": 900, + "ssoSessionIdleTimeout": 1800, + "ssoSessionMaxLifespan": 36000, + "ssoSessionIdleTimeoutRememberMe": 0, + "ssoSessionMaxLifespanRememberMe": 0, + "offlineSessionIdleTimeout": 2592000, + "offlineSessionMaxLifespanEnabled": false, + "offlineSessionMaxLifespan": 5184000, + "clientSessionIdleTimeout": 0, + "clientSessionMaxLifespan": 0, + "clientOfflineSessionIdleTimeout": 0, + "clientOfflineSessionMaxLifespan": 0, + "accessCodeLifespan": 60, + "accessCodeLifespanUserAction": 300, + "accessCodeLifespanLogin": 1800, + "actionTokenGeneratedByAdminLifespan": 43200, + "actionTokenGeneratedByUserLifespan": 300, + "oauth2DeviceCodeLifespan": 600, + "oauth2DevicePollingInterval": 5, + "enabled": true, + "sslRequired": "external", + "registrationAllowed": false, + "registrationEmailAsUsername": false, + "rememberMe": false, + "verifyEmail": false, + "loginWithEmailAllowed": false, + "duplicateEmailsAllowed": false, + "resetPasswordAllowed": false, + "editUsernameAllowed": false, + "bruteForceProtected": false, + "permanentLockout": false, + "maxTemporaryLockouts": 0, + "maxFailureWaitSeconds": 900, + "minimumQuickLoginWaitSeconds": 60, + "waitIncrementSeconds": 60, + "quickLoginCheckMilliSeconds": 1000, + "maxDeltaTimeSeconds": 43200, + "failureFactor": 30, + "roles": { + "realm": [ + { + "id": "2c84cd55-3b48-4e4a-8c4d-c94cf6ae0810", + "name": "offline_access", + "description": "${role_offline-access}", + "composite": false, + "clientRole": false, + "containerId": "69732d45-1431-4909-9335-9f39e304f823", + "attributes": {} + }, + { + "id": "97e10494-a59d-4d17-bf44-951411184167", + "name": "default-roles-hephaestus", + "description": "${role_default-roles}", + "composite": true, + "composites": { + "realm": ["offline_access", "uma_authorization"], + "client": { + "account": ["view-profile", "manage-account"] + } + }, + "clientRole": false, + "containerId": "69732d45-1431-4909-9335-9f39e304f823", + "attributes": {} + }, + { + "id": "a0bcdf44-1bd1-4b3d-8667-021f2bc8802b", + "name": "uma_authorization", + "description": "${role_uma_authorization}", + "composite": false, + "clientRole": false, + "containerId": "69732d45-1431-4909-9335-9f39e304f823", + "attributes": {} + }, + { + "id": "4343b5c5-a9c1-4f09-a288-985a1e9600b7", + "name": "admin", + "description": "", + "composite": false, + "clientRole": false, + "containerId": "69732d45-1431-4909-9335-9f39e304f823", + "attributes": {} + } + ], + "client": { + "realm-management": [ + { + "id": "5d39be32-4468-482f-a91d-9fbe22248742", + "name": "manage-clients", + "description": "${role_manage-clients}", + "composite": false, + "clientRole": true, + "containerId": "5efe8644-a9eb-4fec-8293-b586b56bbeb2", + "attributes": {} + }, + { + "id": "652c45f7-cebe-4359-b5b7-b4f3e28d0d14", + "name": "manage-realm", + "description": "${role_manage-realm}", + "composite": false, + "clientRole": true, + "containerId": "5efe8644-a9eb-4fec-8293-b586b56bbeb2", + "attributes": {} + }, + { + "id": "6e9e7f1e-f494-48af-80da-182de15e5c5a", + "name": "impersonation", + "description": "${role_impersonation}", + "composite": false, + "clientRole": true, + "containerId": "5efe8644-a9eb-4fec-8293-b586b56bbeb2", + "attributes": {} + }, + { + "id": "28493c88-62eb-426c-ad10-89aa77b79d0c", + "name": "create-client", + "description": "${role_create-client}", + "composite": false, + "clientRole": true, + "containerId": "5efe8644-a9eb-4fec-8293-b586b56bbeb2", + "attributes": {} + }, + { + "id": "2c40b71c-0827-4667-b03a-3049213fd6fe", + "name": "view-realm", + "description": "${role_view-realm}", + "composite": false, + "clientRole": true, + "containerId": "5efe8644-a9eb-4fec-8293-b586b56bbeb2", + "attributes": {} + }, + { + "id": "4aed2108-69c8-48de-b042-5650341fe86a", + "name": "query-clients", + "description": "${role_query-clients}", + "composite": false, + "clientRole": true, + "containerId": "5efe8644-a9eb-4fec-8293-b586b56bbeb2", + "attributes": {} + }, + { + "id": "e78b4671-3cc1-4e95-84a2-f829d081ac8e", + "name": "realm-admin", + "description": "${role_realm-admin}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "manage-clients", + "manage-realm", + "impersonation", + "create-client", + "view-realm", + "query-clients", + "view-users", + "view-identity-providers", + "manage-events", + "view-events", + "manage-identity-providers", + "query-users", + "view-clients", + "manage-users", + "view-authorization", + "query-groups", + "query-realms", + "manage-authorization" + ] + } + }, + "clientRole": true, + "containerId": "5efe8644-a9eb-4fec-8293-b586b56bbeb2", + "attributes": {} + }, + { + "id": "6a701450-c66f-4ba3-b217-ce42127fd097", + "name": "manage-events", + "description": "${role_manage-events}", + "composite": false, + "clientRole": true, + "containerId": "5efe8644-a9eb-4fec-8293-b586b56bbeb2", + "attributes": {} + }, + { + "id": "3e633de5-5f4c-4005-a33c-efaf44491cb5", + "name": "view-identity-providers", + "description": "${role_view-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "5efe8644-a9eb-4fec-8293-b586b56bbeb2", + "attributes": {} + }, + { + "id": "102f5f2d-7e29-46f8-91b1-d90446faaf18", + "name": "view-users", + "description": "${role_view-users}", + "composite": true, + "composites": { + "client": { + "realm-management": ["query-users", "query-groups"] + } + }, + "clientRole": true, + "containerId": "5efe8644-a9eb-4fec-8293-b586b56bbeb2", + "attributes": {} + }, + { + "id": "54b2f7ef-a129-4e33-86f8-76bb0ca751ce", + "name": "view-events", + "description": "${role_view-events}", + "composite": false, + "clientRole": true, + "containerId": "5efe8644-a9eb-4fec-8293-b586b56bbeb2", + "attributes": {} + }, + { + "id": "19e94593-ce41-42e2-84da-2d2c03f7eab8", + "name": "manage-identity-providers", + "description": "${role_manage-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "5efe8644-a9eb-4fec-8293-b586b56bbeb2", + "attributes": {} + }, + { + "id": "d82cc9d1-21ab-41ed-aba1-18940def7769", + "name": "manage-users", + "description": "${role_manage-users}", + "composite": false, + "clientRole": true, + "containerId": "5efe8644-a9eb-4fec-8293-b586b56bbeb2", + "attributes": {} + }, + { + "id": "c2340cff-48e7-424e-9bee-1d0e8c1f55db", + "name": "query-users", + "description": "${role_query-users}", + "composite": false, + "clientRole": true, + "containerId": "5efe8644-a9eb-4fec-8293-b586b56bbeb2", + "attributes": {} + }, + { + "id": "c3664c6a-0061-49f9-8fb4-0bef297e25f6", + "name": "view-clients", + "description": "${role_view-clients}", + "composite": true, + "composites": { + "client": { + "realm-management": ["query-clients"] + } + }, + "clientRole": true, + "containerId": "5efe8644-a9eb-4fec-8293-b586b56bbeb2", + "attributes": {} + }, + { + "id": "918a71ab-4a8e-4c79-a41a-c6d6bcd227c4", + "name": "query-groups", + "description": "${role_query-groups}", + "composite": false, + "clientRole": true, + "containerId": "5efe8644-a9eb-4fec-8293-b586b56bbeb2", + "attributes": {} + }, + { + "id": "4154b55a-5877-4d62-af2f-dba98caa0b26", + "name": "view-authorization", + "description": "${role_view-authorization}", + "composite": false, + "clientRole": true, + "containerId": "5efe8644-a9eb-4fec-8293-b586b56bbeb2", + "attributes": {} + }, + { + "id": "116dc63e-b8dd-47c5-a2a1-0cbf5bd3437f", + "name": "query-realms", + "description": "${role_query-realms}", + "composite": false, + "clientRole": true, + "containerId": "5efe8644-a9eb-4fec-8293-b586b56bbeb2", + "attributes": {} + }, + { + "id": "70f66368-a626-45b6-a900-880fbc782edf", + "name": "manage-authorization", + "description": "${role_manage-authorization}", + "composite": false, + "clientRole": true, + "containerId": "5efe8644-a9eb-4fec-8293-b586b56bbeb2", + "attributes": {} + } + ], + "hephaestus": [], + "security-admin-console": [], + "admin-cli": [], + "account-console": [], + "broker": [ + { + "id": "5c040740-eadb-454c-ad1a-fbccb0dc6c13", + "name": "read-token", + "description": "${role_read-token}", + "composite": false, + "clientRole": true, + "containerId": "bac35493-ce58-4842-b70d-6322d2838f7e", + "attributes": {} + } + ], + "hephaestus-confidential": [ + { + "id": "aeabd04b-145b-4a89-8fca-b90cb8e27f53", + "name": "realm-admin", + "description": "", + "composite": true, + "composites": { + "client": { + "realm-management": ["manage-users"] + } + }, + "clientRole": true, + "containerId": "a0b56844-28ca-4134-91c3-99247ad6e2cf", + "attributes": {} + } + ], + "account": [ + { + "id": "7c46f836-e0b4-4635-9954-d615645beb0d", + "name": "manage-consent", + "description": "${role_manage-consent}", + "composite": true, + "composites": { + "client": { + "account": ["view-consent"] + } + }, + "clientRole": true, + "containerId": "e056b5cf-5a9e-4f1e-9070-5b718f99bd10", + "attributes": {} + }, + { + "id": "a941a94c-7bd5-4604-b23d-df6cea6dfab7", + "name": "manage-account-links", + "description": "${role_manage-account-links}", + "composite": false, + "clientRole": true, + "containerId": "e056b5cf-5a9e-4f1e-9070-5b718f99bd10", + "attributes": {} + }, + { + "id": "d8fb1923-8b74-4d38-826e-6e02355c7527", + "name": "view-applications", + "description": "${role_view-applications}", + "composite": false, + "clientRole": true, + "containerId": "e056b5cf-5a9e-4f1e-9070-5b718f99bd10", + "attributes": {} + }, + { + "id": "c00e6853-205d-41f7-a178-bc6ee2d0a1b4", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "e056b5cf-5a9e-4f1e-9070-5b718f99bd10", + "attributes": {} + }, + { + "id": "e016406e-12ba-4a2f-82bf-fc60fdbe2c0b", + "name": "delete-account", + "description": "${role_delete-account}", + "composite": false, + "clientRole": true, + "containerId": "e056b5cf-5a9e-4f1e-9070-5b718f99bd10", + "attributes": {} + }, + { + "id": "b0ddf57b-dede-4263-a917-9deef86bc93b", + "name": "view-profile", + "description": "${role_view-profile}", + "composite": false, + "clientRole": true, + "containerId": "e056b5cf-5a9e-4f1e-9070-5b718f99bd10", + "attributes": {} + }, + { + "id": "497eca79-c59f-4a67-b447-a9d75903973e", + "name": "view-consent", + "description": "${role_view-consent}", + "composite": false, + "clientRole": true, + "containerId": "e056b5cf-5a9e-4f1e-9070-5b718f99bd10", + "attributes": {} + }, + { + "id": "8f650738-fc6e-42c4-846a-5d940fbc5f2f", + "name": "manage-account", + "description": "${role_manage-account}", + "composite": true, + "composites": { + "client": { + "account": ["manage-account-links"] + } + }, + "clientRole": true, + "containerId": "e056b5cf-5a9e-4f1e-9070-5b718f99bd10", + "attributes": {} + } + ] } - }, - "clientRole" : false, - "containerId" : "69732d45-1431-4909-9335-9f39e304f823", - "attributes" : { } - }, { - "id" : "a0bcdf44-1bd1-4b3d-8667-021f2bc8802b", - "name" : "uma_authorization", - "description" : "${role_uma_authorization}", - "composite" : false, - "clientRole" : false, - "containerId" : "69732d45-1431-4909-9335-9f39e304f823", - "attributes" : { } - }, { - "id" : "4343b5c5-a9c1-4f09-a288-985a1e9600b7", - "name" : "admin", - "description" : "", - "composite" : false, - "clientRole" : false, - "containerId" : "69732d45-1431-4909-9335-9f39e304f823", - "attributes" : { } - } ], - "client" : { - "realm-management" : [ { - "id" : "5d39be32-4468-482f-a91d-9fbe22248742", - "name" : "manage-clients", - "description" : "${role_manage-clients}", - "composite" : false, - "clientRole" : true, - "containerId" : "5efe8644-a9eb-4fec-8293-b586b56bbeb2", - "attributes" : { } - }, { - "id" : "652c45f7-cebe-4359-b5b7-b4f3e28d0d14", - "name" : "manage-realm", - "description" : "${role_manage-realm}", - "composite" : false, - "clientRole" : true, - "containerId" : "5efe8644-a9eb-4fec-8293-b586b56bbeb2", - "attributes" : { } - }, { - "id" : "6e9e7f1e-f494-48af-80da-182de15e5c5a", - "name" : "impersonation", - "description" : "${role_impersonation}", - "composite" : false, - "clientRole" : true, - "containerId" : "5efe8644-a9eb-4fec-8293-b586b56bbeb2", - "attributes" : { } - }, { - "id" : "28493c88-62eb-426c-ad10-89aa77b79d0c", - "name" : "create-client", - "description" : "${role_create-client}", - "composite" : false, - "clientRole" : true, - "containerId" : "5efe8644-a9eb-4fec-8293-b586b56bbeb2", - "attributes" : { } - }, { - "id" : "2c40b71c-0827-4667-b03a-3049213fd6fe", - "name" : "view-realm", - "description" : "${role_view-realm}", - "composite" : false, - "clientRole" : true, - "containerId" : "5efe8644-a9eb-4fec-8293-b586b56bbeb2", - "attributes" : { } - }, { - "id" : "4aed2108-69c8-48de-b042-5650341fe86a", - "name" : "query-clients", - "description" : "${role_query-clients}", - "composite" : false, - "clientRole" : true, - "containerId" : "5efe8644-a9eb-4fec-8293-b586b56bbeb2", - "attributes" : { } - }, { - "id" : "e78b4671-3cc1-4e95-84a2-f829d081ac8e", - "name" : "realm-admin", - "description" : "${role_realm-admin}", - "composite" : true, - "composites" : { - "client" : { - "realm-management" : [ "manage-realm", "manage-clients", "impersonation", "create-client", "view-realm", "query-clients", "view-users", "view-identity-providers", "manage-events", "view-events", "manage-identity-providers", "view-clients", "manage-users", "query-users", "view-authorization", "query-groups", "query-realms", "manage-authorization" ] - } + }, + "groups": [], + "defaultRole": { + "id": "97e10494-a59d-4d17-bf44-951411184167", + "name": "default-roles-hephaestus", + "description": "${role_default-roles}", + "composite": true, + "clientRole": false, + "containerId": "69732d45-1431-4909-9335-9f39e304f823" + }, + "requiredCredentials": ["password"], + "otpPolicyType": "totp", + "otpPolicyAlgorithm": "HmacSHA1", + "otpPolicyInitialCounter": 0, + "otpPolicyDigits": 6, + "otpPolicyLookAheadWindow": 1, + "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, + "otpSupportedApplications": ["totpAppFreeOTPName", "totpAppGoogleName", "totpAppMicrosoftAuthenticatorName"], + "localizationTexts": {}, + "webAuthnPolicyRpEntityName": "keycloak", + "webAuthnPolicySignatureAlgorithms": ["ES256", "RS256"], + "webAuthnPolicyRpId": "", + "webAuthnPolicyAttestationConveyancePreference": "not specified", + "webAuthnPolicyAuthenticatorAttachment": "not specified", + "webAuthnPolicyRequireResidentKey": "not specified", + "webAuthnPolicyUserVerificationRequirement": "not specified", + "webAuthnPolicyCreateTimeout": 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyAcceptableAaguids": [], + "webAuthnPolicyExtraOrigins": [], + "webAuthnPolicyPasswordlessRpEntityName": "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms": ["ES256", "RS256"], + "webAuthnPolicyPasswordlessRpId": "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", + "webAuthnPolicyPasswordlessCreateTimeout": 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyPasswordlessAcceptableAaguids": [], + "webAuthnPolicyPasswordlessExtraOrigins": [], + "users": [ + { + "id": "9512503b-98f9-4acc-8b7d-59214034d579", + "username": "service-account-hephaestus-confidential", + "emailVerified": false, + "createdTimestamp": 1732055412681, + "enabled": true, + "totp": false, + "serviceAccountClientId": "hephaestus-confidential", + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": ["default-roles-hephaestus"], + "clientRoles": { + "realm-management": ["manage-users", "realm-admin"] + }, + "notBefore": 0, + "groups": [] + } + ], + "scopeMappings": [ + { + "clientScope": "offline_access", + "roles": ["offline_access"] + } + ], + "clientScopeMappings": { + "account": [ + { + "client": "account-console", + "roles": ["manage-account", "view-groups"] + } + ] + }, + "clients": [ + { + "id": "e056b5cf-5a9e-4f1e-9070-5b718f99bd10", + "clientId": "account", + "name": "${client_account}", + "rootUrl": "${authBaseUrl}", + "baseUrl": "/realms/hephaestus/account/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": ["/realms/hephaestus/account/*"], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "realm_client": "false", + "post.logout.redirect.uris": "+" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": ["web-origins", "acr", "profile", "roles", "basic", "email"], + "optionalClientScopes": ["address", "phone", "offline_access", "organization", "microprofile-jwt"] }, - "clientRole" : true, - "containerId" : "5efe8644-a9eb-4fec-8293-b586b56bbeb2", - "attributes" : { } - }, { - "id" : "6a701450-c66f-4ba3-b217-ce42127fd097", - "name" : "manage-events", - "description" : "${role_manage-events}", - "composite" : false, - "clientRole" : true, - "containerId" : "5efe8644-a9eb-4fec-8293-b586b56bbeb2", - "attributes" : { } - }, { - "id" : "3e633de5-5f4c-4005-a33c-efaf44491cb5", - "name" : "view-identity-providers", - "description" : "${role_view-identity-providers}", - "composite" : false, - "clientRole" : true, - "containerId" : "5efe8644-a9eb-4fec-8293-b586b56bbeb2", - "attributes" : { } - }, { - "id" : "102f5f2d-7e29-46f8-91b1-d90446faaf18", - "name" : "view-users", - "description" : "${role_view-users}", - "composite" : true, - "composites" : { - "client" : { - "realm-management" : [ "query-users", "query-groups" ] - } + { + "id": "f535e2e7-cf8a-458f-b702-8f4fc81ded81", + "clientId": "account-console", + "name": "${client_account-console}", + "rootUrl": "${authBaseUrl}", + "baseUrl": "/realms/hephaestus/account/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": ["/realms/hephaestus/account/*"], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "realm_client": "false", + "post.logout.redirect.uris": "+", + "pkce.code.challenge.method": "S256" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "c0935091-06a4-464c-a768-cf15ea43182c", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": {} + } + ], + "defaultClientScopes": ["web-origins", "acr", "profile", "roles", "basic", "email"], + "optionalClientScopes": ["address", "phone", "offline_access", "organization", "microprofile-jwt"] }, - "clientRole" : true, - "containerId" : "5efe8644-a9eb-4fec-8293-b586b56bbeb2", - "attributes" : { } - }, { - "id" : "54b2f7ef-a129-4e33-86f8-76bb0ca751ce", - "name" : "view-events", - "description" : "${role_view-events}", - "composite" : false, - "clientRole" : true, - "containerId" : "5efe8644-a9eb-4fec-8293-b586b56bbeb2", - "attributes" : { } - }, { - "id" : "19e94593-ce41-42e2-84da-2d2c03f7eab8", - "name" : "manage-identity-providers", - "description" : "${role_manage-identity-providers}", - "composite" : false, - "clientRole" : true, - "containerId" : "5efe8644-a9eb-4fec-8293-b586b56bbeb2", - "attributes" : { } - }, { - "id" : "d82cc9d1-21ab-41ed-aba1-18940def7769", - "name" : "manage-users", - "description" : "${role_manage-users}", - "composite" : false, - "clientRole" : true, - "containerId" : "5efe8644-a9eb-4fec-8293-b586b56bbeb2", - "attributes" : { } - }, { - "id" : "c2340cff-48e7-424e-9bee-1d0e8c1f55db", - "name" : "query-users", - "description" : "${role_query-users}", - "composite" : false, - "clientRole" : true, - "containerId" : "5efe8644-a9eb-4fec-8293-b586b56bbeb2", - "attributes" : { } - }, { - "id" : "c3664c6a-0061-49f9-8fb4-0bef297e25f6", - "name" : "view-clients", - "description" : "${role_view-clients}", - "composite" : true, - "composites" : { - "client" : { - "realm-management" : [ "query-clients" ] - } + { + "id": "13a66738-5ffc-417d-93c0-ea14dafba95f", + "clientId": "admin-cli", + "name": "${client_admin-cli}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "realm_client": "false", + "client.use.lightweight.access.token.enabled": "true", + "post.logout.redirect.uris": "+" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": ["web-origins", "acr", "profile", "roles", "basic", "email"], + "optionalClientScopes": ["address", "phone", "offline_access", "organization", "microprofile-jwt"] }, - "clientRole" : true, - "containerId" : "5efe8644-a9eb-4fec-8293-b586b56bbeb2", - "attributes" : { } - }, { - "id" : "918a71ab-4a8e-4c79-a41a-c6d6bcd227c4", - "name" : "query-groups", - "description" : "${role_query-groups}", - "composite" : false, - "clientRole" : true, - "containerId" : "5efe8644-a9eb-4fec-8293-b586b56bbeb2", - "attributes" : { } - }, { - "id" : "4154b55a-5877-4d62-af2f-dba98caa0b26", - "name" : "view-authorization", - "description" : "${role_view-authorization}", - "composite" : false, - "clientRole" : true, - "containerId" : "5efe8644-a9eb-4fec-8293-b586b56bbeb2", - "attributes" : { } - }, { - "id" : "116dc63e-b8dd-47c5-a2a1-0cbf5bd3437f", - "name" : "query-realms", - "description" : "${role_query-realms}", - "composite" : false, - "clientRole" : true, - "containerId" : "5efe8644-a9eb-4fec-8293-b586b56bbeb2", - "attributes" : { } - }, { - "id" : "70f66368-a626-45b6-a900-880fbc782edf", - "name" : "manage-authorization", - "description" : "${role_manage-authorization}", - "composite" : false, - "clientRole" : true, - "containerId" : "5efe8644-a9eb-4fec-8293-b586b56bbeb2", - "attributes" : { } - } ], - "hephaestus" : [ ], - "security-admin-console" : [ ], - "admin-cli" : [ ], - "account-console" : [ ], - "broker" : [ { - "id" : "5c040740-eadb-454c-ad1a-fbccb0dc6c13", - "name" : "read-token", - "description" : "${role_read-token}", - "composite" : false, - "clientRole" : true, - "containerId" : "bac35493-ce58-4842-b70d-6322d2838f7e", - "attributes" : { } - } ], - "hephaestus-confidential" : [ ], - "account" : [ { - "id" : "7c46f836-e0b4-4635-9954-d615645beb0d", - "name" : "manage-consent", - "description" : "${role_manage-consent}", - "composite" : true, - "composites" : { - "client" : { - "account" : [ "view-consent" ] - } + { + "id": "bac35493-ce58-4842-b70d-6322d2838f7e", + "clientId": "broker", + "name": "${client_broker}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "realm_client": "true", + "post.logout.redirect.uris": "+" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": ["web-origins", "acr", "profile", "roles", "basic", "email"], + "optionalClientScopes": ["address", "phone", "offline_access", "organization", "microprofile-jwt"] }, - "clientRole" : true, - "containerId" : "e056b5cf-5a9e-4f1e-9070-5b718f99bd10", - "attributes" : { } - }, { - "id" : "a941a94c-7bd5-4604-b23d-df6cea6dfab7", - "name" : "manage-account-links", - "description" : "${role_manage-account-links}", - "composite" : false, - "clientRole" : true, - "containerId" : "e056b5cf-5a9e-4f1e-9070-5b718f99bd10", - "attributes" : { } - }, { - "id" : "d8fb1923-8b74-4d38-826e-6e02355c7527", - "name" : "view-applications", - "description" : "${role_view-applications}", - "composite" : false, - "clientRole" : true, - "containerId" : "e056b5cf-5a9e-4f1e-9070-5b718f99bd10", - "attributes" : { } - }, { - "id" : "c00e6853-205d-41f7-a178-bc6ee2d0a1b4", - "name" : "view-groups", - "description" : "${role_view-groups}", - "composite" : false, - "clientRole" : true, - "containerId" : "e056b5cf-5a9e-4f1e-9070-5b718f99bd10", - "attributes" : { } - }, { - "id" : "e016406e-12ba-4a2f-82bf-fc60fdbe2c0b", - "name" : "delete-account", - "description" : "${role_delete-account}", - "composite" : false, - "clientRole" : true, - "containerId" : "e056b5cf-5a9e-4f1e-9070-5b718f99bd10", - "attributes" : { } - }, { - "id" : "b0ddf57b-dede-4263-a917-9deef86bc93b", - "name" : "view-profile", - "description" : "${role_view-profile}", - "composite" : false, - "clientRole" : true, - "containerId" : "e056b5cf-5a9e-4f1e-9070-5b718f99bd10", - "attributes" : { } - }, { - "id" : "497eca79-c59f-4a67-b447-a9d75903973e", - "name" : "view-consent", - "description" : "${role_view-consent}", - "composite" : false, - "clientRole" : true, - "containerId" : "e056b5cf-5a9e-4f1e-9070-5b718f99bd10", - "attributes" : { } - }, { - "id" : "8f650738-fc6e-42c4-846a-5d940fbc5f2f", - "name" : "manage-account", - "description" : "${role_manage-account}", - "composite" : true, - "composites" : { - "client" : { - "account" : [ "manage-account-links" ] - } + { + "id": "e252b764-192f-46e8-a16a-b5bd711d9562", + "clientId": "hephaestus", + "name": "", + "description": "", + "rootUrl": "http://localhost:4200", + "adminUrl": "", + "baseUrl": "", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": ["http://localhost:4200/*"], + "webOrigins": ["+"], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": true, + "protocol": "openid-connect", + "attributes": { + "realm_client": "false", + "oidc.ciba.grant.enabled": "false", + "backchannel.logout.session.required": "true", + "post.logout.redirect.uris": "http://localhost:4200/*", + "display.on.consent.screen": "false", + "oauth2.device.authorization.grant.enabled": "false", + "backchannel.logout.revoke.offline.tokens": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "defaultClientScopes": ["web-origins", "acr", "profile", "roles", "basic", "email"], + "optionalClientScopes": ["address", "phone", "offline_access", "organization", "microprofile-jwt"] }, - "clientRole" : true, - "containerId" : "e056b5cf-5a9e-4f1e-9070-5b718f99bd10", - "attributes" : { } - } ] - } - }, - "groups" : [ ], - "defaultRole" : { - "id" : "97e10494-a59d-4d17-bf44-951411184167", - "name" : "default-roles-hephaestus", - "description" : "${role_default-roles}", - "composite" : true, - "clientRole" : false, - "containerId" : "69732d45-1431-4909-9335-9f39e304f823" - }, - "requiredCredentials" : [ "password" ], - "otpPolicyType" : "totp", - "otpPolicyAlgorithm" : "HmacSHA1", - "otpPolicyInitialCounter" : 0, - "otpPolicyDigits" : 6, - "otpPolicyLookAheadWindow" : 1, - "otpPolicyPeriod" : 30, - "otpPolicyCodeReusable" : false, - "otpSupportedApplications" : [ "totpAppFreeOTPName", "totpAppGoogleName", "totpAppMicrosoftAuthenticatorName" ], - "localizationTexts" : { }, - "webAuthnPolicyRpEntityName" : "keycloak", - "webAuthnPolicySignatureAlgorithms" : [ "ES256", "RS256" ], - "webAuthnPolicyRpId" : "", - "webAuthnPolicyAttestationConveyancePreference" : "not specified", - "webAuthnPolicyAuthenticatorAttachment" : "not specified", - "webAuthnPolicyRequireResidentKey" : "not specified", - "webAuthnPolicyUserVerificationRequirement" : "not specified", - "webAuthnPolicyCreateTimeout" : 0, - "webAuthnPolicyAvoidSameAuthenticatorRegister" : false, - "webAuthnPolicyAcceptableAaguids" : [ ], - "webAuthnPolicyExtraOrigins" : [ ], - "webAuthnPolicyPasswordlessRpEntityName" : "keycloak", - "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256", "RS256" ], - "webAuthnPolicyPasswordlessRpId" : "", - "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified", - "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified", - "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified", - "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified", - "webAuthnPolicyPasswordlessCreateTimeout" : 0, - "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false, - "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ], - "webAuthnPolicyPasswordlessExtraOrigins" : [ ], - "users" : [ { - "id" : "9d394368-150d-4559-b005-758a50cbb353", - "username" : "admin", - "firstName" : "Admin", - "lastName" : "Heph", - "email" : "admin@test.de", - "emailVerified" : true, - "createdTimestamp" : 1728164083186, - "enabled" : true, - "totp" : false, - "credentials" : [ { - "id" : "3da23015-0fac-48c2-a8e3-eeb716b61191", - "type" : "password", - "userLabel" : "My password", - "createdDate" : 1728164095322, - "secretData" : "{\"value\":\"BTbtjHu/bRIKqfSJhKGphtBmss3tMTulJbyEliEtauA=\",\"salt\":\"T5PabTudL9XbW/hfyARmSw==\",\"additionalParameters\":{}}", - "credentialData" : "{\"hashIterations\":5,\"algorithm\":\"argon2\",\"additionalParameters\":{\"hashLength\":[\"32\"],\"memory\":[\"7168\"],\"type\":[\"id\"],\"version\":[\"1.3\"],\"parallelism\":[\"1\"]}}" - } ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "realmRoles" : [ "default-roles-hephaestus", "admin" ], - "notBefore" : 0, - "groups" : [ ] - }, { - "id" : "6089efcd-06c1-4688-b23f-992871bfc299", - "username" : "testuser", - "firstName" : "Test", - "lastName" : "User", - "email" : "testuser@test.de", - "emailVerified" : false, - "createdTimestamp" : 1728164130587, - "enabled" : true, - "totp" : false, - "credentials" : [ { - "id" : "d29517ce-b1cf-4058-b851-33c5364fff21", - "type" : "password", - "userLabel" : "My password", - "createdDate" : 1728164143708, - "secretData" : "{\"value\":\"CaelkV+Qy8IH8fV6kG97jePGwsnUpTNzRkxdfKb+IuY=\",\"salt\":\"4UtFbmsnpzl+YS7CwCuZDA==\",\"additionalParameters\":{}}", - "credentialData" : "{\"hashIterations\":5,\"algorithm\":\"argon2\",\"additionalParameters\":{\"hashLength\":[\"32\"],\"memory\":[\"7168\"],\"type\":[\"id\"],\"version\":[\"1.3\"],\"parallelism\":[\"1\"]}}" - } ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "realmRoles" : [ "default-roles-hephaestus" ], - "notBefore" : 0, - "groups" : [ ] - } ], - "scopeMappings" : [ { - "clientScope" : "offline_access", - "roles" : [ "offline_access" ] - } ], - "clientScopeMappings" : { - "account" : [ { - "client" : "account-console", - "roles" : [ "manage-account", "view-groups" ] - } ] - }, - "clients" : [ { - "id" : "e056b5cf-5a9e-4f1e-9070-5b718f99bd10", - "clientId" : "account", - "name" : "${client_account}", - "rootUrl" : "${authBaseUrl}", - "baseUrl" : "/realms/hephaestus/account/", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ "/realms/hephaestus/account/*" ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "realm_client" : "false", - "post.logout.redirect.uris" : "+" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "basic", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "organization", "microprofile-jwt" ] - }, { - "id" : "f535e2e7-cf8a-458f-b702-8f4fc81ded81", - "clientId" : "account-console", - "name" : "${client_account-console}", - "rootUrl" : "${authBaseUrl}", - "baseUrl" : "/realms/hephaestus/account/", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ "/realms/hephaestus/account/*" ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "realm_client" : "false", - "post.logout.redirect.uris" : "+", - "pkce.code.challenge.method" : "S256" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "protocolMappers" : [ { - "id" : "c0935091-06a4-464c-a768-cf15ea43182c", - "name" : "audience resolve", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-audience-resolve-mapper", - "consentRequired" : false, - "config" : { } - } ], - "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "basic", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "organization", "microprofile-jwt" ] - }, { - "id" : "13a66738-5ffc-417d-93c0-ea14dafba95f", - "clientId" : "admin-cli", - "name" : "${client_admin-cli}", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : false, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : true, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "realm_client" : "false", - "client.use.lightweight.access.token.enabled" : "true" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : true, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "basic", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "organization", "microprofile-jwt" ] - }, { - "id" : "bac35493-ce58-4842-b70d-6322d2838f7e", - "clientId" : "broker", - "name" : "${client_broker}", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : true, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "realm_client" : "true" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "basic", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "organization", "microprofile-jwt" ] - }, { - "id" : "e252b764-192f-46e8-a16a-b5bd711d9562", - "clientId" : "hephaestus", - "name" : "", - "description" : "", - "rootUrl" : "http://localhost:4200", - "adminUrl" : "", - "baseUrl" : "", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ "http://localhost:4200/*" ], - "webOrigins" : [ "+" ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : true, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : true, - "protocol" : "openid-connect", - "attributes" : { - "realm_client" : "false", - "oidc.ciba.grant.enabled" : "false", - "backchannel.logout.session.required" : "true", - "post.logout.redirect.uris" : "http://localhost:4200/*", - "display.on.consent.screen" : "false", - "oauth2.device.authorization.grant.enabled" : "false", - "backchannel.logout.revoke.offline.tokens" : "false" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : true, - "nodeReRegistrationTimeout" : -1, - "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "basic", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "organization", "microprofile-jwt" ] - }, { - "id" : "a0b56844-28ca-4134-91c3-99247ad6e2cf", - "clientId" : "hephaestus-confidential", - "name" : "", - "description" : "", - "rootUrl" : "http://localhost:8080", - "adminUrl" : "http://localhost:8080", - "baseUrl" : "http://localhost:8080/", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "0g0QtFmz6GB1Jv03SszCFepPro0hiP7G", - "redirectUris" : [ "http://localhost:8080/login/oauth2/code/keycloak" ], - "webOrigins" : [ "+" ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : true, - "protocol" : "openid-connect", - "attributes" : { - "realm_client" : "false", - "oidc.ciba.grant.enabled" : "false", - "client.secret.creation.time" : "1728160951", - "backchannel.logout.session.required" : "true", - "post.logout.redirect.uris" : "http://localhost:8080/", - "display.on.consent.screen" : "false", - "oauth2.device.authorization.grant.enabled" : "false", - "use.jwks.url" : "false", - "backchannel.logout.revoke.offline.tokens" : "false" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : true, - "nodeReRegistrationTimeout" : -1, - "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "basic", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "organization", "microprofile-jwt" ] - }, { - "id" : "5efe8644-a9eb-4fec-8293-b586b56bbeb2", - "clientId" : "realm-management", - "name" : "${client_realm-management}", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : true, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "realm_client" : "true" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "basic", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "organization", "microprofile-jwt" ] - }, { - "id" : "7b12cc2f-fe73-4987-8151-a610a3c966c7", - "clientId" : "security-admin-console", - "name" : "${client_security-admin-console}", - "rootUrl" : "${authAdminUrl}", - "baseUrl" : "/admin/hephaestus/console/", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ "/admin/hephaestus/console/*" ], - "webOrigins" : [ "+" ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "realm_client" : "false", - "client.use.lightweight.access.token.enabled" : "true", - "post.logout.redirect.uris" : "+", - "pkce.code.challenge.method" : "S256" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : true, - "nodeReRegistrationTimeout" : 0, - "protocolMappers" : [ { - "id" : "58d3f8f1-39b1-4636-93de-a1a6ffdcb47c", - "name" : "locale", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "locale", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "locale", - "jsonType.label" : "String" - } - } ], - "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "basic", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "organization", "microprofile-jwt" ] - } ], - "clientScopes" : [ { - "id" : "79c7da3a-81a6-452a-b4cc-2d3a8b4e80f6", - "name" : "profile", - "description" : "OpenID Connect built-in scope: profile", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "consent.screen.text" : "${profileScopeConsentText}", - "display.on.consent.screen" : "true" - }, - "protocolMappers" : [ { - "id" : "6cbe8cae-c58f-4da1-8445-8dab4bd94966", - "name" : "profile", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "profile", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "profile", - "jsonType.label" : "String" - } - }, { - "id" : "9406ae58-c99e-4080-ac8b-3d99dcfa2383", - "name" : "zoneinfo", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "zoneinfo", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "zoneinfo", - "jsonType.label" : "String" - } - }, { - "id" : "c9c6c0e3-4fab-4d3e-a589-baad4a9860fb", - "name" : "birthdate", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "birthdate", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "birthdate", - "jsonType.label" : "String" - } - }, { - "id" : "b2476817-0946-4cba-a50f-383fd95252db", - "name" : "locale", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "locale", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "locale", - "jsonType.label" : "String" - } - }, { - "id" : "222eb11d-14bf-4d18-9b4f-ebe60e71d29e", - "name" : "website", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "website", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "website", - "jsonType.label" : "String" - } - }, { - "id" : "bf484a0e-11ee-43e0-a240-55901d47ffb7", - "name" : "nickname", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "nickname", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "nickname", - "jsonType.label" : "String" - } - }, { - "id" : "482ace7f-c063-483d-8788-25fa45bacbb4", - "name" : "middle name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "middleName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "middle_name", - "jsonType.label" : "String" - } - }, { - "id" : "98f6a432-5ce5-4cf5-b99e-5ecf50424f41", - "name" : "updated at", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "updatedAt", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "updated_at", - "jsonType.label" : "long" - } - }, { - "id" : "fa3d4a1b-a835-48e1-ac3a-19dbf6f732ee", - "name" : "username", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "username", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "preferred_username", - "jsonType.label" : "String" - } - }, { - "id" : "803eac69-2d9d-43e8-a5b5-f93369440ff5", - "name" : "given name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "firstName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "given_name", - "jsonType.label" : "String" - } - }, { - "id" : "f934033c-e042-414b-8ffc-d20363467595", - "name" : "family name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "lastName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "family_name", - "jsonType.label" : "String" - } - }, { - "id" : "90916393-5fa4-45f4-9b33-1c4fa246f0d0", - "name" : "picture", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "picture", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "picture", - "jsonType.label" : "String" - } - }, { - "id" : "dd127c7c-cc1d-4986-91d2-e35298a9188d", - "name" : "gender", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "gender", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "gender", - "jsonType.label" : "String" - } - }, { - "id" : "9f997d51-8ce7-4d24-afcc-23054e68f083", - "name" : "full name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-full-name-mapper", - "consentRequired" : false, - "config" : { - "id.token.claim" : "true", - "introspection.token.claim" : "true", - "access.token.claim" : "true", - "userinfo.token.claim" : "true" - } - } ] - }, { - "id" : "8ae11c15-2b57-4376-81c9-5178ca01141d", - "name" : "email", - "description" : "OpenID Connect built-in scope: email", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "consent.screen.text" : "${emailScopeConsentText}", - "display.on.consent.screen" : "true" - }, - "protocolMappers" : [ { - "id" : "2a8fcde0-c6e2-4f4f-9120-24c3236b1feb", - "name" : "email verified", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "emailVerified", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "email_verified", - "jsonType.label" : "boolean" - } - }, { - "id" : "74a748aa-7333-4590-9b26-81a98f12addd", - "name" : "email", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "email", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "email", - "jsonType.label" : "String" - } - } ] - }, { - "id" : "4d196069-3b93-47c3-bb58-225541755f1a", - "name" : "acr", - "description" : "OpenID Connect scope for add acr (authentication context class reference) to the token", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "false", - "display.on.consent.screen" : "false" - }, - "protocolMappers" : [ { - "id" : "49a28a8b-89a4-44d3-9124-06d6f1d6ac84", - "name" : "acr loa level", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-acr-mapper", - "consentRequired" : false, - "config" : { - "id.token.claim" : "true", - "introspection.token.claim" : "true", - "access.token.claim" : "true" - } - } ] - }, { - "id" : "3bf3dd35-3667-4ed9-a5fc-b385b8bccced", - "name" : "offline_access", - "description" : "OpenID Connect built-in scope: offline_access", - "protocol" : "openid-connect", - "attributes" : { - "consent.screen.text" : "${offlineAccessScopeConsentText}", - "display.on.consent.screen" : "true" - } - }, { - "id" : "772189c7-99ab-4217-8b8a-1a2f904d571e", - "name" : "basic", - "description" : "OpenID Connect scope for add all basic claims to the token", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "false", - "display.on.consent.screen" : "false" - }, - "protocolMappers" : [ { - "id" : "0d72f910-b47e-435e-85cd-97a4c513ea55", - "name" : "auth_time", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usersessionmodel-note-mapper", - "consentRequired" : false, - "config" : { - "user.session.note" : "AUTH_TIME", - "id.token.claim" : "true", - "introspection.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "auth_time", - "jsonType.label" : "long" - } - }, { - "id" : "1bc4aa92-2849-45d6-a460-09aca7fb68c6", - "name" : "sub", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-sub-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "access.token.claim" : "true" - } - } ] - }, { - "id" : "41d27626-b651-4298-b9ec-5a6fb170f7e2", - "name" : "web-origins", - "description" : "OpenID Connect scope for add allowed web origins to the access token", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "false", - "consent.screen.text" : "", - "display.on.consent.screen" : "false" - }, - "protocolMappers" : [ { - "id" : "e3bfb3b9-8f0e-47ef-a348-dedf2339b6a3", - "name" : "allowed web origins", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-allowed-origins-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "access.token.claim" : "true" - } - } ] - }, { - "id" : "911c8968-b150-47e0-9bc9-46faf6a824e3", - "name" : "address", - "description" : "OpenID Connect built-in scope: address", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "consent.screen.text" : "${addressScopeConsentText}", - "display.on.consent.screen" : "true" - }, - "protocolMappers" : [ { - "id" : "9578f861-b6af-4355-96e5-033048ae902f", - "name" : "address", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-address-mapper", - "consentRequired" : false, - "config" : { - "user.attribute.formatted" : "formatted", - "user.attribute.country" : "country", - "introspection.token.claim" : "true", - "user.attribute.postal_code" : "postal_code", - "userinfo.token.claim" : "true", - "user.attribute.street" : "street", - "id.token.claim" : "true", - "user.attribute.region" : "region", - "access.token.claim" : "true", - "user.attribute.locality" : "locality" - } - } ] - }, { - "id" : "835e378e-fc46-4630-8330-cb6b0b3b41d8", - "name" : "phone", - "description" : "OpenID Connect built-in scope: phone", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "consent.screen.text" : "${phoneScopeConsentText}", - "display.on.consent.screen" : "true" - }, - "protocolMappers" : [ { - "id" : "1c87e0d2-927d-4a13-8e2c-b2ef9fb90e1e", - "name" : "phone number verified", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "phoneNumberVerified", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "phone_number_verified", - "jsonType.label" : "boolean" - } - }, { - "id" : "684e356f-6678-48f3-bf14-2fc6c588ae35", - "name" : "phone number", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "phoneNumber", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "phone_number", - "jsonType.label" : "String" - } - } ] - }, { - "id" : "37d66c21-8e27-477a-a375-104e3c24dc3a", - "name" : "organization", - "description" : "Additional claims about the organization a subject belongs to", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "consent.screen.text" : "${organizationScopeConsentText}", - "display.on.consent.screen" : "true" - }, - "protocolMappers" : [ { - "id" : "5db0eef8-66b0-41f8-b8e8-492a8deccc92", - "name" : "organization", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-organization-membership-mapper", - "consentRequired" : false, - "config" : { - "id.token.claim" : "true", - "introspection.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "organization", - "jsonType.label" : "String", - "multivalued" : "true" - } - } ] - }, { - "id" : "6b5aa1ab-aa2a-4e54-8305-19625d8302c5", - "name" : "role_list", - "description" : "SAML role list", - "protocol" : "saml", - "attributes" : { - "consent.screen.text" : "${samlRoleListScopeConsentText}", - "display.on.consent.screen" : "true" + { + "id": "a0b56844-28ca-4134-91c3-99247ad6e2cf", + "clientId": "hephaestus-confidential", + "name": "", + "description": "", + "rootUrl": "http://localhost:8080", + "adminUrl": "http://localhost:8080", + "baseUrl": "http://localhost:8080/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "0g0QtFmz6GB1Jv03SszCFepPro0hiP7G", + "redirectUris": ["http://localhost:8080/*"], + "webOrigins": ["+"], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": true, + "publicClient": false, + "frontchannelLogout": true, + "protocol": "openid-connect", + "attributes": { + "realm_client": "false", + "oidc.ciba.grant.enabled": "false", + "client.secret.creation.time": "1728160951", + "backchannel.logout.session.required": "true", + "post.logout.redirect.uris": "http://localhost:8080/", + "display.on.consent.screen": "false", + "oauth2.device.authorization.grant.enabled": "false", + "use.jwks.url": "false", + "backchannel.logout.revoke.offline.tokens": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "protocolMappers": [ + { + "id": "184aca95-d1f4-4369-a076-6db0ebcf0e48", + "name": "Client Host", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientHost", + "id.token.claim": "true", + "introspection.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientHost", + "jsonType.label": "String" + } + }, + { + "id": "980073f4-9de7-4bf7-ac68-dc0484854b94", + "name": "Client ID", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "client_id", + "id.token.claim": "true", + "introspection.token.claim": "true", + "access.token.claim": "true", + "claim.name": "client_id", + "jsonType.label": "String" + } + }, + { + "id": "5fe7cc96-5ca4-4f25-ac48-30fd3d7c1446", + "name": "Client IP Address", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientAddress", + "id.token.claim": "true", + "introspection.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientAddress", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": ["web-origins", "acr", "profile", "roles", "basic", "email"], + "optionalClientScopes": ["address", "phone", "offline_access", "organization", "microprofile-jwt"] + }, + { + "id": "5efe8644-a9eb-4fec-8293-b586b56bbeb2", + "clientId": "realm-management", + "name": "${client_realm-management}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "realm_client": "true", + "post.logout.redirect.uris": "+" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": ["web-origins", "acr", "profile", "roles", "basic", "email"], + "optionalClientScopes": ["address", "phone", "offline_access", "organization", "microprofile-jwt"] + }, + { + "id": "7b12cc2f-fe73-4987-8151-a610a3c966c7", + "clientId": "security-admin-console", + "name": "${client_security-admin-console}", + "rootUrl": "${authAdminUrl}", + "baseUrl": "/admin/hephaestus/console/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": ["/admin/hephaestus/console/*"], + "webOrigins": ["+"], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "realm_client": "false", + "client.use.lightweight.access.token.enabled": "true", + "post.logout.redirect.uris": "+", + "pkce.code.challenge.method": "S256" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "58d3f8f1-39b1-4636-93de-a1a6ffdcb47c", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": ["web-origins", "acr", "profile", "roles", "basic", "email"], + "optionalClientScopes": ["address", "phone", "offline_access", "organization", "microprofile-jwt"] + } + ], + "clientScopes": [ + { + "id": "79c7da3a-81a6-452a-b4cc-2d3a8b4e80f6", + "name": "profile", + "description": "OpenID Connect built-in scope: profile", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "consent.screen.text": "${profileScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "6cbe8cae-c58f-4da1-8445-8dab4bd94966", + "name": "profile", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "profile", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "profile", + "jsonType.label": "String" + } + }, + { + "id": "9406ae58-c99e-4080-ac8b-3d99dcfa2383", + "name": "zoneinfo", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "zoneinfo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "zoneinfo", + "jsonType.label": "String" + } + }, + { + "id": "c9c6c0e3-4fab-4d3e-a589-baad4a9860fb", + "name": "birthdate", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "birthdate", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "birthdate", + "jsonType.label": "String" + } + }, + { + "id": "b2476817-0946-4cba-a50f-383fd95252db", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + }, + { + "id": "222eb11d-14bf-4d18-9b4f-ebe60e71d29e", + "name": "website", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "website", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "website", + "jsonType.label": "String" + } + }, + { + "id": "bf484a0e-11ee-43e0-a240-55901d47ffb7", + "name": "nickname", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "nickname", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "nickname", + "jsonType.label": "String" + } + }, + { + "id": "482ace7f-c063-483d-8788-25fa45bacbb4", + "name": "middle name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "middleName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "middle_name", + "jsonType.label": "String" + } + }, + { + "id": "98f6a432-5ce5-4cf5-b99e-5ecf50424f41", + "name": "updated at", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "updatedAt", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "updated_at", + "jsonType.label": "long" + } + }, + { + "id": "fa3d4a1b-a835-48e1-ac3a-19dbf6f732ee", + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" + } + }, + { + "id": "803eac69-2d9d-43e8-a5b5-f93369440ff5", + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" + } + }, + { + "id": "f934033c-e042-414b-8ffc-d20363467595", + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String" + } + }, + { + "id": "90916393-5fa4-45f4-9b33-1c4fa246f0d0", + "name": "picture", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "picture", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "picture", + "jsonType.label": "String" + } + }, + { + "id": "dd127c7c-cc1d-4986-91d2-e35298a9188d", + "name": "gender", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "gender", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "gender", + "jsonType.label": "String" + } + }, + { + "id": "9f997d51-8ce7-4d24-afcc-23054e68f083", + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "introspection.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + } + ] + }, + { + "id": "8ae11c15-2b57-4376-81c9-5178ca01141d", + "name": "email", + "description": "OpenID Connect built-in scope: email", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "consent.screen.text": "${emailScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "2a8fcde0-c6e2-4f4f-9120-24c3236b1feb", + "name": "email verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "emailVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email_verified", + "jsonType.label": "boolean" + } + }, + { + "id": "74a748aa-7333-4590-9b26-81a98f12addd", + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "4d196069-3b93-47c3-bb58-225541755f1a", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "49a28a8b-89a4-44d3-9124-06d6f1d6ac84", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "introspection.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + } + ] + }, + { + "id": "3bf3dd35-3667-4ed9-a5fc-b385b8bccced", + "name": "offline_access", + "description": "OpenID Connect built-in scope: offline_access", + "protocol": "openid-connect", + "attributes": { + "consent.screen.text": "${offlineAccessScopeConsentText}", + "display.on.consent.screen": "true" + } + }, + { + "id": "772189c7-99ab-4217-8b8a-1a2f904d571e", + "name": "basic", + "description": "OpenID Connect scope for add all basic claims to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "0d72f910-b47e-435e-85cd-97a4c513ea55", + "name": "auth_time", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "AUTH_TIME", + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "auth_time", + "jsonType.label": "long" + } + }, + { + "id": "1bc4aa92-2849-45d6-a460-09aca7fb68c6", + "name": "sub", + "protocol": "openid-connect", + "protocolMapper": "oidc-sub-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, + { + "id": "41d27626-b651-4298-b9ec-5a6fb170f7e2", + "name": "web-origins", + "description": "OpenID Connect scope for add allowed web origins to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "consent.screen.text": "", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "e3bfb3b9-8f0e-47ef-a348-dedf2339b6a3", + "name": "allowed web origins", + "protocol": "openid-connect", + "protocolMapper": "oidc-allowed-origins-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, + { + "id": "911c8968-b150-47e0-9bc9-46faf6a824e3", + "name": "address", + "description": "OpenID Connect built-in scope: address", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "consent.screen.text": "${addressScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "9578f861-b6af-4355-96e5-033048ae902f", + "name": "address", + "protocol": "openid-connect", + "protocolMapper": "oidc-address-mapper", + "consentRequired": false, + "config": { + "user.attribute.formatted": "formatted", + "user.attribute.country": "country", + "introspection.token.claim": "true", + "user.attribute.postal_code": "postal_code", + "userinfo.token.claim": "true", + "user.attribute.street": "street", + "id.token.claim": "true", + "user.attribute.region": "region", + "access.token.claim": "true", + "user.attribute.locality": "locality" + } + } + ] + }, + { + "id": "835e378e-fc46-4630-8330-cb6b0b3b41d8", + "name": "phone", + "description": "OpenID Connect built-in scope: phone", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "consent.screen.text": "${phoneScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "1c87e0d2-927d-4a13-8e2c-b2ef9fb90e1e", + "name": "phone number verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "phoneNumberVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number_verified", + "jsonType.label": "boolean" + } + }, + { + "id": "684e356f-6678-48f3-bf14-2fc6c588ae35", + "name": "phone number", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "phoneNumber", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "37d66c21-8e27-477a-a375-104e3c24dc3a", + "name": "organization", + "description": "Additional claims about the organization a subject belongs to", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "consent.screen.text": "${organizationScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "5db0eef8-66b0-41f8-b8e8-492a8deccc92", + "name": "organization", + "protocol": "openid-connect", + "protocolMapper": "oidc-organization-membership-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "multivalued": "true", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "organization", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "6b5aa1ab-aa2a-4e54-8305-19625d8302c5", + "name": "role_list", + "description": "SAML role list", + "protocol": "saml", + "attributes": { + "consent.screen.text": "${samlRoleListScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "89115602-84e7-4527-a7c6-e9068626dd75", + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", + "consentRequired": false, + "config": { + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" + } + } + ] + }, + { + "id": "0da153bc-c512-4291-8ecb-9e4d2f04e84a", + "name": "roles", + "description": "OpenID Connect scope for add user roles to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "consent.screen.text": "${rolesScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "18e94f40-5433-4258-890a-d210b34bef43", + "name": "client roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-client-role-mapper", + "consentRequired": false, + "config": { + "user.attribute": "foo", + "introspection.token.claim": "true", + "access.token.claim": "true", + "claim.name": "resource_access.${client_id}.roles", + "jsonType.label": "String", + "multivalued": "true" + } + }, + { + "id": "c8ea1e27-1eb3-4179-a5ba-3888de80791b", + "name": "realm roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "user.attribute": "foo", + "introspection.token.claim": "true", + "access.token.claim": "true", + "claim.name": "realm_access.roles", + "jsonType.label": "String", + "multivalued": "true" + } + }, + { + "id": "43da0b25-27ce-480c-a8d8-eb96e2a1aac6", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, + { + "id": "02ec6185-0610-45cd-b7c8-765736164389", + "name": "saml_organization", + "description": "Organization Membership", + "protocol": "saml", + "attributes": { + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "9b84b9d6-7f7f-43fa-aef3-11cf08a24751", + "name": "organization", + "protocol": "saml", + "protocolMapper": "saml-organization-membership-mapper", + "consentRequired": false, + "config": {} + } + ] + }, + { + "id": "88df9ce0-d2f4-4290-8f3c-4bdf701935d3", + "name": "microprofile-jwt", + "description": "Microprofile - JWT built-in scope", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "eb7ea7aa-740a-447c-b4d2-bac5f799e885", + "name": "groups", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "multivalued": "true", + "userinfo.token.claim": "true", + "user.attribute": "foo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "groups", + "jsonType.label": "String" + } + }, + { + "id": "dc1fa0ab-686f-4068-b164-d1c9fff45e05", + "name": "upn", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "upn", + "jsonType.label": "String" + } + } + ] + } + ], + "defaultDefaultClientScopes": [ + "role_list", + "saml_organization", + "profile", + "email", + "roles", + "web-origins", + "acr", + "basic" + ], + "defaultOptionalClientScopes": ["offline_access", "address", "phone", "microprofile-jwt", "organization"], + "browserSecurityHeaders": { + "contentSecurityPolicyReportOnly": "", + "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", + "xRobotsTag": "none", + "xFrameOptions": "SAMEORIGIN", + "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "xXSSProtection": "1; mode=block", + "strictTransportSecurity": "max-age=31536000; includeSubDomains" }, - "protocolMappers" : [ { - "id" : "89115602-84e7-4527-a7c6-e9068626dd75", - "name" : "role list", - "protocol" : "saml", - "protocolMapper" : "saml-role-list-mapper", - "consentRequired" : false, - "config" : { - "single" : "false", - "attribute.nameformat" : "Basic", - "attribute.name" : "Role" - } - } ] - }, { - "id" : "0da153bc-c512-4291-8ecb-9e4d2f04e84a", - "name" : "roles", - "description" : "OpenID Connect scope for add user roles to the access token", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "false", - "consent.screen.text" : "${rolesScopeConsentText}", - "display.on.consent.screen" : "true" + "smtpServer": {}, + "eventsEnabled": false, + "eventsListeners": ["jboss-logging"], + "enabledEventTypes": [], + "adminEventsEnabled": false, + "adminEventsDetailsEnabled": false, + "identityProviders": [], + "identityProviderMappers": [], + "components": { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ + { + "id": "16fe477e-8a5a-4380-a5eb-7745eec891b4", + "name": "Consent Required", + "providerId": "consent-required", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "a033bc0d-09d6-419a-bfc0-d4995481776f", + "name": "Trusted Hosts", + "providerId": "trusted-hosts", + "subType": "anonymous", + "subComponents": {}, + "config": { + "host-sending-registration-request-must-match": ["true"], + "client-uris-must-match": ["true"] + } + }, + { + "id": "3c2dd507-9e0d-4e5e-b4cc-e82b5293ae98", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allow-default-scopes": ["true"] + } + }, + { + "id": "8b889e60-dc84-4f14-a2ba-147fa6a4cce8", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "a502be67-07d2-4923-a2bd-e52c41e65e2c", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allow-default-scopes": ["true"] + } + }, + { + "id": "968fe0a6-8f46-4d5b-9206-d8713996165a", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "saml-role-list-mapper", + "saml-user-property-mapper", + "oidc-sha256-pairwise-sub-mapper", + "oidc-address-mapper", + "oidc-usermodel-property-mapper", + "oidc-usermodel-attribute-mapper", + "oidc-full-name-mapper", + "saml-user-attribute-mapper" + ] + } + }, + { + "id": "18382a69-ff16-46a3-ad34-01fa7b96cb93", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "saml-user-property-mapper", + "oidc-address-mapper", + "oidc-usermodel-property-mapper", + "oidc-full-name-mapper", + "oidc-sha256-pairwise-sub-mapper", + "oidc-usermodel-attribute-mapper", + "saml-user-attribute-mapper", + "saml-role-list-mapper" + ] + } + }, + { + "id": "4eb21c3a-e868-4f12-9faa-c498903f8b58", + "name": "Max Clients Limit", + "providerId": "max-clients", + "subType": "anonymous", + "subComponents": {}, + "config": { + "max-clients": ["200"] + } + } + ], + "org.keycloak.keys.KeyProvider": [ + { + "id": "6447c1d0-4b09-4140-848b-ec14db7531b4", + "name": "hmac-generated-hs512", + "providerId": "hmac-generated", + "subComponents": {}, + "config": { + "priority": ["100"], + "algorithm": ["HS512"] + } + }, + { + "id": "d89fd5f0-2406-4ec4-b617-562870a59547", + "name": "rsa-enc-generated", + "providerId": "rsa-enc-generated", + "subComponents": {}, + "config": { + "priority": ["100"], + "algorithm": ["RSA-OAEP"] + } + }, + { + "id": "d9ce5a63-3167-4216-a290-ffa39975a506", + "name": "rsa-generated", + "providerId": "rsa-generated", + "subComponents": {}, + "config": { + "priority": ["100"] + } + }, + { + "id": "cc996409-8e41-4671-b18b-8d4255fd30d0", + "name": "aes-generated", + "providerId": "aes-generated", + "subComponents": {}, + "config": { + "priority": ["100"] + } + } + ] }, - "protocolMappers" : [ { - "id" : "18e94f40-5433-4258-890a-d210b34bef43", - "name" : "client roles", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-client-role-mapper", - "consentRequired" : false, - "config" : { - "user.attribute" : "foo", - "introspection.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "resource_access.${client_id}.roles", - "jsonType.label" : "String", - "multivalued" : "true" - } - }, { - "id" : "c8ea1e27-1eb3-4179-a5ba-3888de80791b", - "name" : "realm roles", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-realm-role-mapper", - "consentRequired" : false, - "config" : { - "user.attribute" : "foo", - "introspection.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "realm_access.roles", - "jsonType.label" : "String", - "multivalued" : "true" - } - }, { - "id" : "43da0b25-27ce-480c-a8d8-eb96e2a1aac6", - "name" : "audience resolve", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-audience-resolve-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "access.token.claim" : "true" - } - } ] - }, { - "id" : "02ec6185-0610-45cd-b7c8-765736164389", - "name" : "saml_organization", - "description" : "Organization Membership", - "protocol" : "saml", - "attributes" : { - "display.on.consent.screen" : "false" + "internationalizationEnabled": false, + "supportedLocales": [], + "authenticationFlows": [ + { + "id": "f85d840f-75c3-4df4-ae43-0501b35e3000", + "alias": "Account verification options", + "description": "Method with which to verity the existing account", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-email-verification", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Verify Existing Account by Re-authentication", + "userSetupAllowed": false + } + ] + }, + { + "id": "fdd5bf34-07a2-4f7f-a27b-607316c1cdc9", + "alias": "Browser - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-otp-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "5fe895b4-993d-4a89-9d08-f4e9898c67f6", + "alias": "Browser - Conditional Organization", + "description": "Flow to determine if the organization identity-first login is to be used", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "organization", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "500616bb-c431-4096-a49e-0df1ef41cff5", + "alias": "Direct Grant - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "direct-grant-validate-otp", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "4607238a-087e-4403-905d-3833ab84002b", + "alias": "First Broker Login - Conditional Organization", + "description": "Flow to determine if the authenticator that adds organization members is to be used", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "idp-add-organization-member", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "643831d9-db9a-464d-a9b1-ccc3effac995", + "alias": "First broker login - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-otp-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "ee88c7af-8c55-42ab-9469-5715fa035705", + "alias": "Handle Existing Account", + "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-confirm-link", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Account verification options", + "userSetupAllowed": false + } + ] + }, + { + "id": "47788773-ba07-46ad-9d5b-5d28434db7d0", + "alias": "Organization", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 10, + "autheticatorFlow": true, + "flowAlias": "Browser - Conditional Organization", + "userSetupAllowed": false + } + ] + }, + { + "id": "9b885aa9-5f5d-4e9f-b433-4c5ccbee1011", + "alias": "Reset - Conditional OTP", + "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-otp", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "8abdbd0c-81db-42a2-a7e4-dc48b5a93230", + "alias": "User creation or linking", + "description": "Flow for the existing/non-existing user alternatives", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorConfig": "create unique user config", + "authenticator": "idp-create-user-if-unique", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Handle Existing Account", + "userSetupAllowed": false + } + ] + }, + { + "id": "f21b5b62-8026-409e-b520-a81589b6b506", + "alias": "Verify Existing Account by Re-authentication", + "description": "Reauthentication of existing account", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-username-password-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "First broker login - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "cf9f8864-670f-4067-9242-146f6660c603", + "alias": "browser", + "description": "Browser based authentication", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-cookie", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-spnego", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "identity-provider-redirector", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 25, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 26, + "autheticatorFlow": true, + "flowAlias": "Organization", + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 30, + "autheticatorFlow": true, + "flowAlias": "forms", + "userSetupAllowed": false + } + ] + }, + { + "id": "ad9e7782-cd6b-4250-87ca-be3b841e7c3f", + "alias": "clients", + "description": "Base authentication for clients", + "providerId": "client-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "client-secret", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-jwt", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-secret-jwt", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 30, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-x509", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 40, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "7781a9a1-f376-4755-b91c-aab751a0f884", + "alias": "direct grant", + "description": "OpenID Connect Resource Owner Grant", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "direct-grant-validate-username", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "direct-grant-validate-password", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 30, + "autheticatorFlow": true, + "flowAlias": "Direct Grant - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "c554d494-b117-4a66-97b7-1ac09fb14442", + "alias": "docker auth", + "description": "Used by Docker clients to authenticate against the IDP", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "docker-http-basic-authenticator", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "dd085248-fef6-41cb-8a5a-4826a4f3522e", + "alias": "first broker login", + "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorConfig": "review profile config", + "authenticator": "idp-review-profile", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "User creation or linking", + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 50, + "autheticatorFlow": true, + "flowAlias": "First Broker Login - Conditional Organization", + "userSetupAllowed": false + } + ] + }, + { + "id": "215253c4-d9f1-4ca6-8bbf-70da1323832f", + "alias": "forms", + "description": "Username, password, otp and other auth forms.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-username-password-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Browser - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "7319086a-99d5-474a-ab8f-9d908ad8dd18", + "alias": "registration", + "description": "Registration flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-page-form", + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": true, + "flowAlias": "registration form", + "userSetupAllowed": false + } + ] + }, + { + "id": "0e642b52-d4b8-483c-835f-5d4b9ff89dda", + "alias": "registration form", + "description": "Registration form", + "providerId": "form-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-user-creation", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "registration-password-action", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 50, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "registration-recaptcha-action", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 60, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "registration-terms-and-conditions", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 70, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "62dcd4c7-c2d7-4b18-9ff2-d383eb1239ab", + "alias": "reset credentials", + "description": "Reset credentials for a user if they forgot their password or something", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "reset-credentials-choose-user", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-credential-email", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-password", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 30, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 40, + "autheticatorFlow": true, + "flowAlias": "Reset - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "49b8c4ba-4385-4773-ab75-3229ab9d309e", + "alias": "saml ecp", + "description": "SAML ECP Profile Authentication Flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "http-basic-authenticator", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + } + ], + "authenticatorConfig": [ + { + "id": "bd1ac3c1-5c3a-493a-abc1-0f31269f372c", + "alias": "create unique user config", + "config": { + "require.password.update.after.registration": "false" + } + }, + { + "id": "3d23706b-e877-4f86-88ab-1587a3642dbd", + "alias": "review profile config", + "config": { + "update.profile.on.first.login": "missing" + } + } + ], + "requiredActions": [ + { + "alias": "CONFIGURE_TOTP", + "name": "Configure OTP", + "providerId": "CONFIGURE_TOTP", + "enabled": true, + "defaultAction": false, + "priority": 10, + "config": {} + }, + { + "alias": "TERMS_AND_CONDITIONS", + "name": "Terms and Conditions", + "providerId": "TERMS_AND_CONDITIONS", + "enabled": false, + "defaultAction": false, + "priority": 20, + "config": {} + }, + { + "alias": "UPDATE_PASSWORD", + "name": "Update Password", + "providerId": "UPDATE_PASSWORD", + "enabled": true, + "defaultAction": false, + "priority": 30, + "config": {} + }, + { + "alias": "UPDATE_PROFILE", + "name": "Update Profile", + "providerId": "UPDATE_PROFILE", + "enabled": true, + "defaultAction": false, + "priority": 40, + "config": {} + }, + { + "alias": "VERIFY_EMAIL", + "name": "Verify Email", + "providerId": "VERIFY_EMAIL", + "enabled": true, + "defaultAction": false, + "priority": 50, + "config": {} + }, + { + "alias": "delete_account", + "name": "Delete Account", + "providerId": "delete_account", + "enabled": false, + "defaultAction": false, + "priority": 60, + "config": {} + }, + { + "alias": "webauthn-register", + "name": "Webauthn Register", + "providerId": "webauthn-register", + "enabled": true, + "defaultAction": false, + "priority": 70, + "config": {} + }, + { + "alias": "webauthn-register-passwordless", + "name": "Webauthn Register Passwordless", + "providerId": "webauthn-register-passwordless", + "enabled": true, + "defaultAction": false, + "priority": 80, + "config": {} + }, + { + "alias": "VERIFY_PROFILE", + "name": "Verify Profile", + "providerId": "VERIFY_PROFILE", + "enabled": true, + "defaultAction": false, + "priority": 90, + "config": {} + }, + { + "alias": "delete_credential", + "name": "Delete Credential", + "providerId": "delete_credential", + "enabled": true, + "defaultAction": false, + "priority": 100, + "config": {} + }, + { + "alias": "update_user_locale", + "name": "Update User Locale", + "providerId": "update_user_locale", + "enabled": true, + "defaultAction": false, + "priority": 1000, + "config": {} + } + ], + "browserFlow": "browser", + "registrationFlow": "registration", + "directGrantFlow": "direct grant", + "resetCredentialsFlow": "reset credentials", + "clientAuthenticationFlow": "clients", + "dockerAuthenticationFlow": "docker auth", + "firstBrokerLoginFlow": "first broker login", + "attributes": { + "cibaBackchannelTokenDeliveryMode": "poll", + "cibaAuthRequestedUserHint": "login_hint", + "clientOfflineSessionMaxLifespan": "0", + "oauth2DevicePollingInterval": "5", + "clientSessionIdleTimeout": "0", + "clientOfflineSessionIdleTimeout": "0", + "cibaInterval": "5", + "realmReusableOtpCode": "false", + "cibaExpiresIn": "120", + "oauth2DeviceCodeLifespan": "600", + "parRequestUriLifespan": "60", + "clientSessionMaxLifespan": "0", + "frontendUrl": "", + "organizationsEnabled": "false", + "acr.loa.map": "{}" }, - "protocolMappers" : [ { - "id" : "9b84b9d6-7f7f-43fa-aef3-11cf08a24751", - "name" : "organization", - "protocol" : "saml", - "protocolMapper" : "saml-organization-membership-mapper", - "consentRequired" : false, - "config" : { } - } ] - }, { - "id" : "88df9ce0-d2f4-4290-8f3c-4bdf701935d3", - "name" : "microprofile-jwt", - "description" : "Microprofile - JWT built-in scope", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "false" + "keycloakVersion": "26.0.0", + "userManagedAccessAllowed": false, + "organizationsEnabled": false, + "clientProfiles": { + "profiles": [] }, - "protocolMappers" : [ { - "id" : "eb7ea7aa-740a-447c-b4d2-bac5f799e885", - "name" : "groups", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-realm-role-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "multivalued" : "true", - "user.attribute" : "foo", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "groups", - "jsonType.label" : "String" - } - }, { - "id" : "dc1fa0ab-686f-4068-b164-d1c9fff45e05", - "name" : "upn", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "username", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "upn", - "jsonType.label" : "String" - } - } ] - } ], - "defaultDefaultClientScopes" : [ "role_list", "saml_organization", "profile", "email", "roles", "web-origins", "acr", "basic" ], - "defaultOptionalClientScopes" : [ "offline_access", "address", "phone", "microprofile-jwt", "organization" ], - "browserSecurityHeaders" : { - "contentSecurityPolicyReportOnly" : "", - "xContentTypeOptions" : "nosniff", - "referrerPolicy" : "no-referrer", - "xRobotsTag" : "none", - "xFrameOptions" : "SAMEORIGIN", - "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - "xXSSProtection" : "1; mode=block", - "strictTransportSecurity" : "max-age=31536000; includeSubDomains" - }, - "smtpServer" : { }, - "eventsEnabled" : false, - "eventsListeners" : [ "jboss-logging" ], - "enabledEventTypes" : [ ], - "adminEventsEnabled" : false, - "adminEventsDetailsEnabled" : false, - "identityProviders" : [ ], - "identityProviderMappers" : [ ], - "components" : { - "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ { - "id" : "16fe477e-8a5a-4380-a5eb-7745eec891b4", - "name" : "Consent Required", - "providerId" : "consent-required", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { } - }, { - "id" : "a033bc0d-09d6-419a-bfc0-d4995481776f", - "name" : "Trusted Hosts", - "providerId" : "trusted-hosts", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "host-sending-registration-request-must-match" : [ "true" ], - "client-uris-must-match" : [ "true" ] - } - }, { - "id" : "3c2dd507-9e0d-4e5e-b4cc-e82b5293ae98", - "name" : "Allowed Client Scopes", - "providerId" : "allowed-client-templates", - "subType" : "authenticated", - "subComponents" : { }, - "config" : { - "allow-default-scopes" : [ "true" ] - } - }, { - "id" : "8b889e60-dc84-4f14-a2ba-147fa6a4cce8", - "name" : "Full Scope Disabled", - "providerId" : "scope", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { } - }, { - "id" : "a502be67-07d2-4923-a2bd-e52c41e65e2c", - "name" : "Allowed Client Scopes", - "providerId" : "allowed-client-templates", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "allow-default-scopes" : [ "true" ] - } - }, { - "id" : "968fe0a6-8f46-4d5b-9206-d8713996165a", - "name" : "Allowed Protocol Mapper Types", - "providerId" : "allowed-protocol-mappers", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "allowed-protocol-mapper-types" : [ "saml-role-list-mapper", "saml-user-attribute-mapper", "oidc-address-mapper", "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-property-mapper", "oidc-full-name-mapper", "saml-user-property-mapper" ] - } - }, { - "id" : "18382a69-ff16-46a3-ad34-01fa7b96cb93", - "name" : "Allowed Protocol Mapper Types", - "providerId" : "allowed-protocol-mappers", - "subType" : "authenticated", - "subComponents" : { }, - "config" : { - "allowed-protocol-mapper-types" : [ "oidc-usermodel-property-mapper", "saml-user-attribute-mapper", "saml-user-property-mapper", "oidc-address-mapper", "saml-role-list-mapper", "oidc-full-name-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-attribute-mapper" ] - } - }, { - "id" : "4eb21c3a-e868-4f12-9faa-c498903f8b58", - "name" : "Max Clients Limit", - "providerId" : "max-clients", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "max-clients" : [ "200" ] - } - } ], - "org.keycloak.keys.KeyProvider" : [ { - "id" : "6447c1d0-4b09-4140-848b-ec14db7531b4", - "name" : "hmac-generated-hs512", - "providerId" : "hmac-generated", - "subComponents" : { }, - "config" : { - "kid" : [ "9fbefe4d-c500-4853-aeb8-a6893f7c7203" ], - "secret" : [ "MGArI5-LH4LdC-kGdQ9ZSvqlVB3oLTZlEvZ-pkl2MukIGC_jxxh14P4GElp62GZD2GkH-hJf9H2Xc1DHEhk-mqXFcmJZbb1NeYH_cgu3AAYgtO3trAVftcdhbhMnzVSrLc4QFII-Um6OrC3YlnRE3wBGPe7NJ44l1URc1jsEZh4" ], - "priority" : [ "100" ], - "algorithm" : [ "HS512" ] - } - }, { - "id" : "d89fd5f0-2406-4ec4-b617-562870a59547", - "name" : "rsa-enc-generated", - "providerId" : "rsa-enc-generated", - "subComponents" : { }, - "config" : { - "privateKey" : [ "MIIEpAIBAAKCAQEAx+KBq+YPmK7IcQ4gtSr2jHdBAcja0uU3bPnMBsIkSO/lqEV6bTb3OsDqpUykYEMPg1STDqJMiQiPzRgiv7v3pQgwbJNQpMiLFtXoNBb3aTLqbtTrHrLu3HXuAZ6+krLSPk1PFOdrokovYDFNMPPWEqVHGJxkwqXq3Zt77p+xJAWjhxJyUUnTlcLdtj9QK0+8eewpy4gKo9AmMympB/BQcBh+kQ/8iNhVmNxlwNtePqvv+YmJKaVHMrl+slfBoUU0ZhfCZQmSy+MFC5GX3OfN9gVzPtDtdNLVbG6dXXxE7KoxlrShBWae4LiSi/17keRJW1yKUe24nqVc3MSpeVU3swIDAQABAoIBACqVXN7MUoJKqjU7t0ghcQkX1ueUbNoFLzuuNAM0lRpc0WZ59s0RqrX/p32zyEkhwEpQWEwD055WDpy5CZ4jY2zrQ7W95K5WcxtYUvHV+ruUt1EJV1Xg9PZOwXfi4+LI6fWP7ssbSlj2yQULO9C0AeVTBMR/fQ/i3Rh9KXf62Xg8wugRRgH11XxSscJRJq+fk9Ig5rx0IsbAJqollQJQxhOhXPUe4Dk1U8jmyuG/ZCPFSqMU+670S3nbsWvog0lAaHik1nPFfqxXntXgQTW8wJxnqjxCHHZGUKjgCEqTqynEQs83dLhnCABSc0S9hU5/GE1+EdL6qlcv6/VreP+7z4ECgYEA5Jk1rGwfxzeGP3fW/VDAK3uMQLvhHUvd63xiu+slSAu5epjmOrgvEDHFN8A2CgfgyPr25Szg+16Mn2U/0ul/YzEEz8z+BXdons/z/uPxvFKFRlWf1qB3UiwigFXJQti4QHqe1YHvvqx4iFUgjtVsfcOkpr57ofnrIMVT9VXeT2ECgYEA39gvwg8Lnx9XwM5TCT2tdqHzWTZ4eqg9FeQPqQQw3GEnhYTfZoC6DFamwCBcd0ALif/KOD/NPGyYVNbB6sxjLWpencyrPveVzsEdVtra46syT60nsC4v5M+O3q2i10sSdVrTBK+oTQTKJnc+I3xStM8ocdcO1SbeMBy7Nh1vg5MCgYBIwgbWUTewFZkR/FeeGqR/cnxKYkIdK/d/KwDV5Nrh2nF3dtDYYaUBF4Y432GTwbwm29HXUXhuKULCvNwaihz0ejaY2RsErGPNIEz9lJltIiqvHzOXgU1ZBxkYFbXQI+BJDX4eYJPo8UYPxmBtdbppMOrn83qwLDZNIOE/FcyDIQKBgQCpmGwmxatydhbQmAJFwBtLBM0RTLnfhNQzX8WVsv0qG9oLyW5RhTpw2r4gVuR33WhguBKIp55iJ40KymPF9/E0maDyQf2FCaTRL3OBOPQbBrxprbGiRHw5CiEfCcOVBuYHUDcNF+GV6QkYN8Q2sp0fLM1h4yTzzi0Nmtck2wyATQKBgQC3+Tkk2ej+S4FAKh0msrg5phseO8CkRcQFhdxyhc0nz2ENJs3xd9RnTkNEGSZxoUk4AlgdCbIZoi447gbj5Q9rahUe3PgRzKsbqpxMyrW13f4R4uKWgr+gcYh0bb/9zFGz7Yw/yd9VxjO6wOsGXYVaW5oLXtfSjCJJsp/54lnpIw==" ], - "keyUse" : [ "ENC" ], - "certificate" : [ "MIICozCCAYsCBgGSXmLbbDANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDDApoZXBoYWVzdHVzMB4XDTI0MTAwNTIwMzEyOVoXDTM0MTAwNTIwMzMwOVowFTETMBEGA1UEAwwKaGVwaGFlc3R1czCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfigavmD5iuyHEOILUq9ox3QQHI2tLlN2z5zAbCJEjv5ahFem029zrA6qVMpGBDD4NUkw6iTIkIj80YIr+796UIMGyTUKTIixbV6DQW92ky6m7U6x6y7tx17gGevpKy0j5NTxTna6JKL2AxTTDz1hKlRxicZMKl6t2be+6fsSQFo4cSclFJ05XC3bY/UCtPvHnsKcuICqPQJjMpqQfwUHAYfpEP/IjYVZjcZcDbXj6r7/mJiSmlRzK5frJXwaFFNGYXwmUJksvjBQuRl9znzfYFcz7Q7XTS1WxunV18ROyqMZa0oQVmnuC4kov9e5HkSVtcilHtuJ6lXNzEqXlVN7MCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAEEKp/6JbjbYTRBKIOT44Wa3O9VGJ65B2B1rakXPSInXhgbKHeLxZyY69O56yOrIzLcb/Q1ufD1F9+THzVuRPnh505BTjsM2JUF8E7m7Paz2uPng3K+NnRp8TQOZfrkSS39cgtsZ/3BP1u+5Ra/vm0/ShYOJ8kl94YzSJ0MY1oVNyUtsG+v33IZZsLcN4HPR80wdCedqn5Yt4mGie0uBMD8lYBfr/ie0D113A5XSKq0GXw6vOWL5/88+ZUK64f8g/ujFX/kUc9emhA852v2QI5azrEQZfALLe7r9I4dLhu/ULMNMYV7JZukmgjevbTD3oGHI2OY5RSy9eNnqo4Don8Q==" ], - "priority" : [ "100" ], - "algorithm" : [ "RSA-OAEP" ] - } - }, { - "id" : "d9ce5a63-3167-4216-a290-ffa39975a506", - "name" : "rsa-generated", - "providerId" : "rsa-generated", - "subComponents" : { }, - "config" : { - "privateKey" : [ "MIIEowIBAAKCAQEAzQkKjEUeGuE+s0GHi6W4ljjn3H+07Ts9I3xuQbU8wTK2qrZOnlV7FxOD40xhNnTUXl5XsdkZ51/40hxcFZNCNWEJ6s31WF86Y7NrigNkIZDIgW1B0Dsz4w9DbSeg8eJh2h0494+39vIra7lYi7DtcRD+Bi4HwaOtbP2NpxPYOm2FgRCvnjnH1PtkDg3hcQPVDSWPFegbbIolmC2yupi3zulbGi4+dzl75V5cDTpJ7y84Aqo14KIUMqs2hTSmCKncTiU+kcxc/wZCLLFycLTLwGRkz2Zw0U68ZxGhCDazD3tj9eN1p35km2Fd46qSvqR3rhEi+Q4J3E27oKoPW2kPMQIDAQABAoIBABt59zJl/stOXRcrlG0H580l0hiP+qCB/Eb5oVLn5TzkvWryJGX+gZDNmjKHJU3laSI+VVUtiVWi3FbX2xU/FzPNDcWsFRFjLZF31VT48F25J82EZTnw/RqUDI6frWdM1Z0jpmMynM4YlO4KOA38R02MH+aXG439D7wX3HhD5gmqLubZJ0V+xJowCR9punK3B0IhEUW0sQJxUn4qjzDS6CQRUdUY1vFyHVu//yCYniIVIR9W0SuOv9oM5Hk+k16wg5pWK/BP7ZsMoYmVJBJl2wgyV/X3H/2s5XO6JPV522pO/SNFye6PP41P6N7SQgSvCjJDYbCNm2uNK41vxVfsuxkCgYEA/qZWsHOvP1oS+Ezzqr7TKTmFQtX091EHJB3IZoD5lutA5W4we4sDUtbBKyejKRQJ1j+ncFSumucDVZkBARP1Zbxdbfq6hRp+IteKUE/9id1h8ZI0OoV038IHY3j77SKOWuS9PzeLowDcuvkjGeSzEk2jzl3mS+wc+2lI3LDxwx0CgYEAzh9bINQsAB96ehUdIfGW8Ni7d6x1H8oeUBfMUGWTRBKeN3wyWEXx11PchUBAMyBlZsL/ff1mnVCW4lUXr+/xRhWr0uhtl4Dk22UbTxa8Bncao53/Px6hPIp3zkBBja2LY2RItFI2Dsm9i1P0+XjyyLjGaSwpiQ68XvU++8mUjCUCgYBrLhfOrOJWB9N0Lu9gLnEyKMOuHd+9OJ2I1gBDJIXov5vQ9U/yr8/2Te1//G7wGz8IrkILRZk4GYONw5hom73t1Bp+78kRvNTaVV4h74kHPea7ho31E7bddw0lEQb4CFNibmQ492gOc450I+hiPaAhVAxeD6eezQJlzyqbuN4JAQKBgQC0Z51Kzmj0cpiv4WruGpURl5/8zmR0vmJpl2qrszuBiQoRZhJqUE2rOSr5NZL7LI+TsXgMvYzig3aMAg4JXui9fpo0rlm9EIM9wvBz+GH5BqW6Lr8Ib7aPVmIlkvfNGOe2xj8cFBhcORY8q+7tqn5UT+TYiF6SJuOX+O53UadCQQKBgBfLIjuO2fdCkXbfteh++GBsuPfjq8ueQVkgxLWSIIW7DH0TWszwXaF1U9SsnI7QLT+E6jyUnhBkQDbabcNSQiXXLG1VWdO/vPMZsjxMkr8TptnA+QoWH0suwyGMhAmW2/KDO6rr5yRHRBpxYGyZYjZyWjX/ZN40QBf0HEIHtZYF" ], - "keyUse" : [ "SIG" ], - "certificate" : [ "MIICozCCAYsCBgGSXmLbFzANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDDApoZXBoYWVzdHVzMB4XDTI0MTAwNTIwMzEyOVoXDTM0MTAwNTIwMzMwOVowFTETMBEGA1UEAwwKaGVwaGFlc3R1czCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM0JCoxFHhrhPrNBh4uluJY459x/tO07PSN8bkG1PMEytqq2Tp5VexcTg+NMYTZ01F5eV7HZGedf+NIcXBWTQjVhCerN9VhfOmOza4oDZCGQyIFtQdA7M+MPQ20noPHiYdodOPePt/byK2u5WIuw7XEQ/gYuB8GjrWz9jacT2DpthYEQr545x9T7ZA4N4XED1Q0ljxXoG2yKJZgtsrqYt87pWxouPnc5e+VeXA06Se8vOAKqNeCiFDKrNoU0pgip3E4lPpHMXP8GQiyxcnC0y8BkZM9mcNFOvGcRoQg2sw97Y/Xjdad+ZJthXeOqkr6kd64RIvkOCdxNu6CqD1tpDzECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAomBGjy7IDy5+86O/rFzgumCWQQMsx/MMGFV+jk2wEphkV2qNDxzT2waDbrKVqCZhV//G61f6aVeSZkTPGZDWrA19Ac/9LqBPRnW9QaefbDiYnW2i6abvpSpSzDiYBi6msDTzId0oP05zUdMg7Eud0OgaTJ+Q9/VFLmBHmQaTXaV/7PAl3XFFoy+ckeS9ZFHZRwKqzQ2F5aoyu55EBiCgreDYkFvpaIbN3A+ElNpwui7QY0RG1rClEya9p9ibZ2WEX4zjp9D+IMKctjpw1csYUwJ8SpqMtO9TQM98zJES2aPl7oo5DnVnUtGxhJSr64Gp8uo/qYzWHWaM6h4IX6jGWg==" ], - "priority" : [ "100" ] - } - }, { - "id" : "cc996409-8e41-4671-b18b-8d4255fd30d0", - "name" : "aes-generated", - "providerId" : "aes-generated", - "subComponents" : { }, - "config" : { - "kid" : [ "6cc95ace-9442-4db5-a891-49e3aafe74b4" ], - "secret" : [ "nRELQmJK5tzxp0Wqydpcng" ], - "priority" : [ "100" ] - } - } ] - }, - "internationalizationEnabled" : false, - "supportedLocales" : [ ], - "authenticationFlows" : [ { - "id" : "f85d840f-75c3-4df4-ae43-0501b35e3000", - "alias" : "Account verification options", - "description" : "Method with which to verity the existing account", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "idp-email-verification", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "ALTERNATIVE", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "Verify Existing Account by Re-authentication", - "userSetupAllowed" : false - } ] - }, { - "id" : "fdd5bf34-07a2-4f7f-a27b-607316c1cdc9", - "alias" : "Browser - Conditional OTP", - "description" : "Flow to determine if the OTP is required for the authentication", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "auth-otp-form", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "5fe895b4-993d-4a89-9d08-f4e9898c67f6", - "alias" : "Browser - Conditional Organization", - "description" : "Flow to determine if the organization identity-first login is to be used", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "organization", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "500616bb-c431-4096-a49e-0df1ef41cff5", - "alias" : "Direct Grant - Conditional OTP", - "description" : "Flow to determine if the OTP is required for the authentication", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "direct-grant-validate-otp", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "4607238a-087e-4403-905d-3833ab84002b", - "alias" : "First Broker Login - Conditional Organization", - "description" : "Flow to determine if the authenticator that adds organization members is to be used", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "idp-add-organization-member", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "643831d9-db9a-464d-a9b1-ccc3effac995", - "alias" : "First broker login - Conditional OTP", - "description" : "Flow to determine if the OTP is required for the authentication", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "auth-otp-form", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "ee88c7af-8c55-42ab-9469-5715fa035705", - "alias" : "Handle Existing Account", - "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "idp-confirm-link", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "Account verification options", - "userSetupAllowed" : false - } ] - }, { - "id" : "47788773-ba07-46ad-9d5b-5d28434db7d0", - "alias" : "Organization", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticatorFlow" : true, - "requirement" : "CONDITIONAL", - "priority" : 10, - "autheticatorFlow" : true, - "flowAlias" : "Browser - Conditional Organization", - "userSetupAllowed" : false - } ] - }, { - "id" : "9b885aa9-5f5d-4e9f-b433-4c5ccbee1011", - "alias" : "Reset - Conditional OTP", - "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "reset-otp", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "8abdbd0c-81db-42a2-a7e4-dc48b5a93230", - "alias" : "User creation or linking", - "description" : "Flow for the existing/non-existing user alternatives", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticatorConfig" : "create unique user config", - "authenticator" : "idp-create-user-if-unique", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "ALTERNATIVE", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "Handle Existing Account", - "userSetupAllowed" : false - } ] - }, { - "id" : "f21b5b62-8026-409e-b520-a81589b6b506", - "alias" : "Verify Existing Account by Re-authentication", - "description" : "Reauthentication of existing account", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "idp-username-password-form", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "CONDITIONAL", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "First broker login - Conditional OTP", - "userSetupAllowed" : false - } ] - }, { - "id" : "cf9f8864-670f-4067-9242-146f6660c603", - "alias" : "browser", - "description" : "Browser based authentication", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "auth-cookie", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "auth-spnego", - "authenticatorFlow" : false, - "requirement" : "DISABLED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "identity-provider-redirector", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 25, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "ALTERNATIVE", - "priority" : 26, - "autheticatorFlow" : true, - "flowAlias" : "Organization", - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "ALTERNATIVE", - "priority" : 30, - "autheticatorFlow" : true, - "flowAlias" : "forms", - "userSetupAllowed" : false - } ] - }, { - "id" : "ad9e7782-cd6b-4250-87ca-be3b841e7c3f", - "alias" : "clients", - "description" : "Base authentication for clients", - "providerId" : "client-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "client-secret", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "client-jwt", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "client-secret-jwt", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 30, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "client-x509", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 40, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "7781a9a1-f376-4755-b91c-aab751a0f884", - "alias" : "direct grant", - "description" : "OpenID Connect Resource Owner Grant", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "direct-grant-validate-username", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "direct-grant-validate-password", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "CONDITIONAL", - "priority" : 30, - "autheticatorFlow" : true, - "flowAlias" : "Direct Grant - Conditional OTP", - "userSetupAllowed" : false - } ] - }, { - "id" : "c554d494-b117-4a66-97b7-1ac09fb14442", - "alias" : "docker auth", - "description" : "Used by Docker clients to authenticate against the IDP", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "docker-http-basic-authenticator", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "dd085248-fef6-41cb-8a5a-4826a4f3522e", - "alias" : "first broker login", - "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticatorConfig" : "review profile config", - "authenticator" : "idp-review-profile", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "User creation or linking", - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "CONDITIONAL", - "priority" : 50, - "autheticatorFlow" : true, - "flowAlias" : "First Broker Login - Conditional Organization", - "userSetupAllowed" : false - } ] - }, { - "id" : "215253c4-d9f1-4ca6-8bbf-70da1323832f", - "alias" : "forms", - "description" : "Username, password, otp and other auth forms.", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "auth-username-password-form", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "CONDITIONAL", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "Browser - Conditional OTP", - "userSetupAllowed" : false - } ] - }, { - "id" : "7319086a-99d5-474a-ab8f-9d908ad8dd18", - "alias" : "registration", - "description" : "Registration flow", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "registration-page-form", - "authenticatorFlow" : true, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : true, - "flowAlias" : "registration form", - "userSetupAllowed" : false - } ] - }, { - "id" : "0e642b52-d4b8-483c-835f-5d4b9ff89dda", - "alias" : "registration form", - "description" : "Registration form", - "providerId" : "form-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "registration-user-creation", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "registration-password-action", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 50, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "registration-recaptcha-action", - "authenticatorFlow" : false, - "requirement" : "DISABLED", - "priority" : 60, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "registration-terms-and-conditions", - "authenticatorFlow" : false, - "requirement" : "DISABLED", - "priority" : 70, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "62dcd4c7-c2d7-4b18-9ff2-d383eb1239ab", - "alias" : "reset credentials", - "description" : "Reset credentials for a user if they forgot their password or something", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "reset-credentials-choose-user", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "reset-credential-email", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "reset-password", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 30, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "CONDITIONAL", - "priority" : 40, - "autheticatorFlow" : true, - "flowAlias" : "Reset - Conditional OTP", - "userSetupAllowed" : false - } ] - }, { - "id" : "49b8c4ba-4385-4773-ab75-3229ab9d309e", - "alias" : "saml ecp", - "description" : "SAML ECP Profile Authentication Flow", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "http-basic-authenticator", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - } ], - "authenticatorConfig" : [ { - "id" : "bd1ac3c1-5c3a-493a-abc1-0f31269f372c", - "alias" : "create unique user config", - "config" : { - "require.password.update.after.registration" : "false" - } - }, { - "id" : "3d23706b-e877-4f86-88ab-1587a3642dbd", - "alias" : "review profile config", - "config" : { - "update.profile.on.first.login" : "missing" + "clientPolicies": { + "policies": [] } - } ], - "requiredActions" : [ { - "alias" : "CONFIGURE_TOTP", - "name" : "Configure OTP", - "providerId" : "CONFIGURE_TOTP", - "enabled" : true, - "defaultAction" : false, - "priority" : 10, - "config" : { } - }, { - "alias" : "TERMS_AND_CONDITIONS", - "name" : "Terms and Conditions", - "providerId" : "TERMS_AND_CONDITIONS", - "enabled" : false, - "defaultAction" : false, - "priority" : 20, - "config" : { } - }, { - "alias" : "UPDATE_PASSWORD", - "name" : "Update Password", - "providerId" : "UPDATE_PASSWORD", - "enabled" : true, - "defaultAction" : false, - "priority" : 30, - "config" : { } - }, { - "alias" : "UPDATE_PROFILE", - "name" : "Update Profile", - "providerId" : "UPDATE_PROFILE", - "enabled" : true, - "defaultAction" : false, - "priority" : 40, - "config" : { } - }, { - "alias" : "VERIFY_EMAIL", - "name" : "Verify Email", - "providerId" : "VERIFY_EMAIL", - "enabled" : true, - "defaultAction" : false, - "priority" : 50, - "config" : { } - }, { - "alias" : "delete_account", - "name" : "Delete Account", - "providerId" : "delete_account", - "enabled" : false, - "defaultAction" : false, - "priority" : 60, - "config" : { } - }, { - "alias" : "webauthn-register", - "name" : "Webauthn Register", - "providerId" : "webauthn-register", - "enabled" : true, - "defaultAction" : false, - "priority" : 70, - "config" : { } - }, { - "alias" : "webauthn-register-passwordless", - "name" : "Webauthn Register Passwordless", - "providerId" : "webauthn-register-passwordless", - "enabled" : true, - "defaultAction" : false, - "priority" : 80, - "config" : { } - }, { - "alias" : "VERIFY_PROFILE", - "name" : "Verify Profile", - "providerId" : "VERIFY_PROFILE", - "enabled" : true, - "defaultAction" : false, - "priority" : 90, - "config" : { } - }, { - "alias" : "delete_credential", - "name" : "Delete Credential", - "providerId" : "delete_credential", - "enabled" : true, - "defaultAction" : false, - "priority" : 100, - "config" : { } - }, { - "alias" : "update_user_locale", - "name" : "Update User Locale", - "providerId" : "update_user_locale", - "enabled" : true, - "defaultAction" : false, - "priority" : 1000, - "config" : { } - } ], - "browserFlow" : "browser", - "registrationFlow" : "registration", - "directGrantFlow" : "direct grant", - "resetCredentialsFlow" : "reset credentials", - "clientAuthenticationFlow" : "clients", - "dockerAuthenticationFlow" : "docker auth", - "firstBrokerLoginFlow" : "first broker login", - "attributes" : { - "cibaBackchannelTokenDeliveryMode" : "poll", - "cibaAuthRequestedUserHint" : "login_hint", - "oauth2DevicePollingInterval" : "5", - "clientOfflineSessionMaxLifespan" : "0", - "clientSessionIdleTimeout" : "0", - "clientOfflineSessionIdleTimeout" : "0", - "cibaInterval" : "5", - "realmReusableOtpCode" : "false", - "cibaExpiresIn" : "120", - "oauth2DeviceCodeLifespan" : "600", - "parRequestUriLifespan" : "60", - "clientSessionMaxLifespan" : "0", - "frontendUrl" : "", - "organizationsEnabled" : "false", - "acr.loa.map" : "{}" - }, - "keycloakVersion" : "26.0.0", - "userManagedAccessAllowed" : false, - "organizationsEnabled" : false, - "clientProfiles" : { - "profiles" : [ ] - }, - "clientPolicies" : { - "policies" : [ ] - } -} \ No newline at end of file +} diff --git a/server/application-server/openapi.yaml b/server/application-server/openapi.yaml index c9fb4d0e..d01f4540 100644 --- a/server/application-server/openapi.yaml +++ b/server/application-server/openapi.yaml @@ -99,6 +99,14 @@ paths: application/json: schema: $ref: "#/components/schemas/AuthUserInfo" + /user: + delete: + tags: + - user + operationId: deleteUser + responses: + "200": + description: OK components: schemas: PullRequestInfo: diff --git a/server/application-server/pom.xml b/server/application-server/pom.xml index ee059f6d..0ec743a1 100644 --- a/server/application-server/pom.xml +++ b/server/application-server/pom.xml @@ -201,6 +201,11 @@ org.hibernate.validator hibernate-validator + + org.keycloak + keycloak-admin-client + 26.0.3 + diff --git a/server/application-server/src/main/java/de/tum/in/www1/hephaestus/OpenAPIConfiguration.java b/server/application-server/src/main/java/de/tum/in/www1/hephaestus/OpenAPIConfiguration.java index a225cbe5..3079f977 100644 --- a/server/application-server/src/main/java/de/tum/in/www1/hephaestus/OpenAPIConfiguration.java +++ b/server/application-server/src/main/java/de/tum/in/www1/hephaestus/OpenAPIConfiguration.java @@ -44,63 +44,99 @@ public OpenApiCustomizer schemaCustomizer() { return openApi -> { var components = openApi.getComponents(); - // Only include schemas with DTO suffix and remove the suffix - var schemas = components - .getSchemas() - .entrySet() - .stream() - .filter(entry -> entry.getKey().endsWith("DTO")) - .collect(Collectors.toMap(entry -> entry.getKey().substring(0, entry.getKey().length() - 3), + if (components != null && components.getSchemas() != null) { + // Only include schemas with DTO suffix and remove the suffix + var schemas = components + .getSchemas() + .entrySet() + .stream() + .filter(entry -> entry.getKey().endsWith("DTO")) + .collect(Collectors.toMap( + entry -> entry.getKey().substring(0, entry.getKey().length() - 3), entry -> { var schema = entry.getValue(); schema.setName(entry.getKey().substring(0, entry.getKey().length() - 3)); return schema; - })); + } + )); - // Remove DTO suffix from attribute names - schemas.forEach((key, value) -> { - Map> properties = value.getProperties(); - if (properties != null) { - properties.forEach((propertyKey, propertyValue) -> { - removeDTOSuffixesFromSchemaRecursively(propertyValue); - }); - } - }); + // Remove DTO suffix from attribute names + schemas.forEach((key, value) -> { + Map> properties = value.getProperties(); + if (properties != null) { + properties.forEach((propertyKey, propertyValue) -> { + removeDTOSuffixesFromSchemaRecursively(propertyValue); + }); + } + }); - components.setSchemas(schemas); + components.setSchemas(schemas); + } else { + logger.warn("Components or Schemas are null in OpenAPI configuration."); + } var paths = openApi.getPaths(); - paths.forEach((path, pathItem) -> { - logger.info(path); - pathItem.readOperations().forEach(operation -> { - // Remove DTO suffix from reponse schemas - var responses = operation.getResponses(); - responses.forEach((responseCode, response) -> { - var content = response.getContent(); - content.forEach((contentType, mediaType) -> { - removeDTOSuffixesFromSchemaRecursively(mediaType.getSchema()); + if (paths != null) { + paths.forEach((path, pathItem) -> { + logger.info("Processing path: {}", path); + pathItem.readOperations().forEach(operation -> { + // Remove DTO suffix from response schemas + var responses = operation.getResponses(); + if (responses != null) { + responses.forEach((responseCode, response) -> { + var content = response.getContent(); + if (content != null) { + content.forEach((contentType, mediaType) -> { + if (mediaType != null && mediaType.getSchema() != null) { + removeDTOSuffixesFromSchemaRecursively(mediaType.getSchema()); + } else { + logger.warn("MediaType or Schema is null for content type: {}", contentType); + } + }); + } else { + logger.warn("Response with code {} has no content.", responseCode); + } + }); + } - }); + // Remove -controller suffix from tags + if (operation.getTags() != null) { + operation.setTags( + operation.getTags() + .stream() + .filter(tag -> { + if (tag.length() > 11) { + return true; + } else { + logger.warn("Tag '{}' is shorter than expected and cannot be trimmed.", tag); + return false; + } + }) + .map(tag -> tag.substring(0, tag.length() - 11)) + .collect(Collectors.toList()) + ); + } }); - - // Remove -controller suffix from tags - operation.setTags(operation.getTags() - .stream() - .map(tag -> tag.substring(0, tag.length() - 11)).toList()); }); - }); - - + } else { + logger.warn("Paths are null in OpenAPI configuration."); + } }; } private void removeDTOSuffixesFromSchemaRecursively(Schema schema) { + if (schema == null) { + return; + } + if (schema.get$ref() != null && schema.get$ref().endsWith("DTO")) { - schema.set$ref(schema.get$ref().substring(0, schema.get$ref().length() - 3)); + String newRef = schema.get$ref().substring(0, schema.get$ref().length() - 3); + schema.set$ref(newRef); + logger.debug("Updated $ref from {} to {}", schema.get$ref(), newRef); } if (schema.getItems() != null) { removeDTOSuffixesFromSchemaRecursively(schema.getItems()); } } -} \ No newline at end of file +} diff --git a/server/application-server/src/main/java/de/tum/in/www1/hephaestus/config/KeycloakConfig.java b/server/application-server/src/main/java/de/tum/in/www1/hephaestus/config/KeycloakConfig.java new file mode 100644 index 00000000..9eea4f0d --- /dev/null +++ b/server/application-server/src/main/java/de/tum/in/www1/hephaestus/config/KeycloakConfig.java @@ -0,0 +1,35 @@ +package de.tum.in.www1.hephaestus.config; +import org.keycloak.OAuth2Constants; +import org.keycloak.admin.client.Keycloak; +import org.keycloak.admin.client.KeycloakBuilder; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.beans.factory.annotation.Value; + + +@Configuration +public class KeycloakConfig { + + @Value("${keycloak.url}") + private String authServerUrl; + + @Value("${keycloak.realm}") + private String realm; + + @Value("${keycloak.client-id}") + private String clientId; + + @Value("${keycloak.client-secret}") + private String clientSecret; + + @Bean + public Keycloak keycloakClient() { + return KeycloakBuilder.builder() + .serverUrl(authServerUrl) + .realm(realm) + .grantType(OAuth2Constants.CLIENT_CREDENTIALS) + .clientId(clientId) + .clientSecret(clientSecret) + .build(); + } +} diff --git a/server/application-server/src/main/java/de/tum/in/www1/hephaestus/gitprovider/user/UserController.java b/server/application-server/src/main/java/de/tum/in/www1/hephaestus/gitprovider/user/UserController.java index bd9ef741..35f0e773 100644 --- a/server/application-server/src/main/java/de/tum/in/www1/hephaestus/gitprovider/user/UserController.java +++ b/server/application-server/src/main/java/de/tum/in/www1/hephaestus/gitprovider/user/UserController.java @@ -1,8 +1,16 @@ package de.tum.in.www1.hephaestus.gitprovider.user; import java.util.Optional; - +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.keycloak.admin.client.Keycloak; +import org.keycloak.admin.client.resource.UsersResource; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Value; import org.springframework.http.ResponseEntity; +import org.springframework.security.oauth2.core.oidc.StandardClaimNames; +import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken; +import org.springframework.web.bind.annotation.DeleteMapping; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestMapping; @@ -11,7 +19,16 @@ @RestController @RequestMapping("/user") public class UserController { - private final UserService userService; + + private static final Logger logger = LoggerFactory.getLogger(UserController.class); + + @Autowired + private UserService userService; + @Autowired + private Keycloak keycloak; + @Value("${keycloak.realm}") + private String realm; + public UserController(UserService actorService) { this.userService = actorService; @@ -22,4 +39,21 @@ public ResponseEntity getUserProfile(@PathVariable String login) Optional userProfile = userService.getUserProfile(login); return userProfile.map(ResponseEntity::ok).orElseGet(() -> ResponseEntity.notFound().build()); } + + @DeleteMapping + public ResponseEntity deleteUser(JwtAuthenticationToken auth) { + if (auth == null) { + logger.error("No authentication token found."); + return ResponseEntity.badRequest().body(null); + } + + String userId = auth.getToken().getClaimAsString(StandardClaimNames.SUB); + logger.info("Deleting user {}", userId); + var response = keycloak.realm(realm).users().delete(userId); + if (response.getStatus() != 204) { + logger.error("Failed to delete user account: {}", response.getStatusInfo().getReasonPhrase()); + return ResponseEntity.badRequest().body(null); + } + return ResponseEntity.ok().build(); + } } diff --git a/server/application-server/src/main/resources/application-prod.yml b/server/application-server/src/main/resources/application-prod.yml index be9eaadc..6c8c4c88 100644 --- a/server/application-server/src/main/resources/application-prod.yml +++ b/server/application-server/src/main/resources/application-prod.yml @@ -23,6 +23,13 @@ hephaestus: enabled: ${LEADERBOARD_NOTIFICATION_ENABLED:true} channel-id: ${LEADERBOARD_NOTIFICATION_CHANNEL_ID:G6TCVL6HL} +keycloak: + url: ${KEYCLOAK_URL} + realm: ${KEYCLOAK_REALM} + client-id: ${KEYCLOAK_CLIENT_ID} + client-secret: ${KEYCLOAK_CLIENT_SECRET} + + nats: enabled: ${NATS_ENABLED:false} timeframe: ${MONITORING_TIMEFRAME:7} diff --git a/server/application-server/src/main/resources/application.yml b/server/application-server/src/main/resources/application.yml index 2dc51f1a..c7ec6ed7 100644 --- a/server/application-server/src/main/resources/application.yml +++ b/server/application-server/src/main/resources/application.yml @@ -41,6 +41,11 @@ hephaestus: enabled: false channel-id: "" +keycloak: + url: http://localhost:8081 + realm: hephaestus + client-id: hephaestus-confidential + client-secret: 0g0QtFmz6GB1Jv03SszCFepPro0hiP7G nats: enabled: false diff --git a/webapp/src/app/app.routes.ts b/webapp/src/app/app.routes.ts index e8cc848a..14889f4a 100644 --- a/webapp/src/app/app.routes.ts +++ b/webapp/src/app/app.routes.ts @@ -4,6 +4,7 @@ import { HomeComponent } from '@app/home/home.component'; import { AdminComponent } from '@app/admin/admin.component'; import { AdminGuard } from '@app/core/security/admin.guard'; import { UserProfileComponent } from '@app/user/user-profile.component'; +import { SettingsComponent } from '@app/settings/settings.component'; import { ImprintComponent } from '@app/legal/imprint/imprint.component'; export const routes: Routes = [ @@ -15,5 +16,6 @@ export const routes: Routes = [ canActivate: [AdminGuard] }, { path: 'user/:id', component: UserProfileComponent }, + { path: 'settings', component: SettingsComponent }, { path: 'imprint', component: ImprintComponent } ]; diff --git a/webapp/src/app/core/header/header.component.html b/webapp/src/app/core/header/header.component.html index 8be8e399..2db35759 100644 --- a/webapp/src/app/core/header/header.component.html +++ b/webapp/src/app/core/header/header.component.html @@ -25,6 +25,10 @@ My Profile + + + Settings + + + +

Are you absolutely sure?

+

This action cannot be undone. This will permanently delete your account and remove your data from our servers.

+ + + + + + + + + ` +}) +export class SettingsComponent { + router = inject(Router); + securityStore = inject(SecurityStore); + userService = inject(UserService); + + mutation = injectMutation(() => ({ + mutationFn: () => lastValueFrom(this.userService.deleteUser()), + onSuccess: () => { + this.securityStore.signOut(); + this.router.navigate(['/']); + } + })); + + deleteAccount() { + this.mutation.mutate(); + } +}