Skip to content

Instantly share code, notes, and snippets.

@lurodrig

lurodrig/keycloak-test-realm-single-group-attribte-off.json

Created October 1, 2020 07:47
Show Gist options
  • Save lurodrig/51ac7c6276bb8d02f20cd7202d1a2937 to your computer and use it in GitHub Desktop.
Save lurodrig/51ac7c6276bb8d02f20cd7202d1a2937 to your computer and use it in GitHub Desktop.
Download ZIP
Keycloak test realm with client group mapper with single attribute turned OFF
Raw
keycloak-test-realm-single-group-attribte-off.json
{
"id": "testrealm",
"realm": "testrealm",
"notBefore": 0,
"revokeRefreshToken": false,
"refreshTokenMaxReuse": 0,
"accessTokenLifespan": 300,
"accessTokenLifespanForImplicitFlow": 900,
"ssoSessionIdleTimeout": 1800,
"ssoSessionMaxLifespan": 36000,
"ssoSessionIdleTimeoutRememberMe": 0,
"ssoSessionMaxLifespanRememberMe": 0,
"offlineSessionIdleTimeout": 2592000,
"offlineSessionMaxLifespanEnabled": false,
"offlineSessionMaxLifespan": 5184000,
"accessCodeLifespan": 60,
"accessCodeLifespanUserAction": 300,
"accessCodeLifespanLogin": 1800,
"actionTokenGeneratedByAdminLifespan": 43200,
"actionTokenGeneratedByUserLifespan": 300,
"enabled": true,
"sslRequired": "external",
"registrationAllowed": false,
"registrationEmailAsUsername": false,
"rememberMe": false,
"verifyEmail": false,
"loginWithEmailAllowed": true,
"duplicateEmailsAllowed": false,
"resetPasswordAllowed": false,
"editUsernameAllowed": false,
"bruteForceProtected": false,
"permanentLockout": false,
"maxFailureWaitSeconds": 900,
"minimumQuickLoginWaitSeconds": 60,
"waitIncrementSeconds": 60,
"quickLoginCheckMilliSeconds": 1000,
"maxDeltaTimeSeconds": 43200,
"failureFactor": 30,
"roles": {
"realm": [
{
"id": "73180f75-bc3e-4a0f-80a4-7541118904a0",
"name": "offline_access",
"description": "${role_offline-access}",
"composite": false,
"clientRole": false,
"containerId": "testrealm",
"attributes": {}
},
{
"id": "39baaa2a-da4a-4f4c-b599-5e059f4cd19d",
"name": "uma_authorization",
"description": "${role_uma_authorization}",
"composite": false,
"clientRole": false,
"containerId": "testrealm",
"attributes": {}
}
],
"client": {
"realm-management": [
{
"id": "ad1b9d4c-ac55-49e6-90da-49640586dd11",
"name": "view-authorization",
"description": "${role_view-authorization}",
"composite": false,
"clientRole": true,
"containerId": "b6f6604d-f54f-4ce9-8a62-341908bda3a3",
"attributes": {}
},
{
"id": "56a8e24f-66d4-4a9e-a2ea-437d146bbf80",
"name": "view-events",
"description": "${role_view-events}",
"composite": false,
"clientRole": true,
"containerId": "b6f6604d-f54f-4ce9-8a62-341908bda3a3",
"attributes": {}
},
{
"id": "c27e5381-2f63-4c7f-93d8-7a4114c6960f",
"name": "query-clients",
"description": "${role_query-clients}",
"composite": false,
"clientRole": true,
"containerId": "b6f6604d-f54f-4ce9-8a62-341908bda3a3",
"attributes": {}
},
{
"id": "048fa2c1-45cc-4333-ae62-06ed9da98c5a",
"name": "impersonation",
"description": "${role_impersonation}",
"composite": false,
"clientRole": true,
"containerId": "b6f6604d-f54f-4ce9-8a62-341908bda3a3",
"attributes": {}
},
{
"id": "30be4ff3-351b-4d0a-a48c-39acdbfd47ce",
"name": "create-client",
"description": "${role_create-client}",
"composite": false,
"clientRole": true,
"containerId": "b6f6604d-f54f-4ce9-8a62-341908bda3a3",
"attributes": {}
},
{
"id": "f3843e9a-171f-4d70-9113-60fa11ed0528",
"name": "view-clients",
"description": "${role_view-clients}",
"composite": true,
"composites": {
"client": {
"realm-management": [
"query-clients"
]
}
},
"clientRole": true,
"containerId": "b6f6604d-f54f-4ce9-8a62-341908bda3a3",
"attributes": {}
},
{
"id": "234b36db-47bd-4177-a920-bbecd257ff5a",
"name": "manage-identity-providers",
"description": "${role_manage-identity-providers}",
"composite": false,
"clientRole": true,
"containerId": "b6f6604d-f54f-4ce9-8a62-341908bda3a3",
"attributes": {}
},
{
"id": "6aa78739-6227-4fe7-ae41-fbdae8d86dd8",
"name": "query-users",
"description": "${role_query-users}",
"composite": false,
"clientRole": true,
"containerId": "b6f6604d-f54f-4ce9-8a62-341908bda3a3",
"attributes": {}
},
{
"id": "fba76f66-cc87-423a-91a9-5efef48bc965",
"name": "manage-users",
"description": "${role_manage-users}",
"composite": false,
"clientRole": true,
"containerId": "b6f6604d-f54f-4ce9-8a62-341908bda3a3",
"attributes": {}
},
{
"id": "24b28b06-f41e-4312-8704-761bd2f6e6a5",
"name": "view-identity-providers",
"description": "${role_view-identity-providers}",
"composite": false,
"clientRole": true,
"containerId": "b6f6604d-f54f-4ce9-8a62-341908bda3a3",
"attributes": {}
},
{
"id": "b30ea0ad-8aa2-448e-9ba7-8030dcb0155b",
"name": "manage-clients",
"description": "${role_manage-clients}",
"composite": false,
"clientRole": true,
"containerId": "b6f6604d-f54f-4ce9-8a62-341908bda3a3",
"attributes": {}
},
{
"id": "361fe598-5da1-4281-969b-5636019c8c85",
"name": "manage-realm",
"description": "${role_manage-realm}",
"composite": false,
"clientRole": true,
"containerId": "b6f6604d-f54f-4ce9-8a62-341908bda3a3",
"attributes": {}
},
{
"id": "00c53551-c151-47c7-ba3d-ad2896e0f4db",
"name": "view-users",
"description": "${role_view-users}",
"composite": true,
"composites": {
"client": {
"realm-management": [
"query-groups",
"query-users"
]
}
},
"clientRole": true,
"containerId": "b6f6604d-f54f-4ce9-8a62-341908bda3a3",
"attributes": {}
},
{
"id": "81450938-1815-4e50-a112-e338f9af06b9",
"name": "realm-admin",
"description": "${role_realm-admin}",
"composite": true,
"composites": {
"client": {
"realm-management": [
"view-authorization",
"view-events",
"query-clients",
"impersonation",
"create-client",
"view-clients",
"manage-identity-providers",
"query-users",
"manage-users",
"view-identity-providers",
"manage-clients",
"manage-realm",
"view-users",
"manage-authorization",
"query-groups",
"manage-events",
"query-realms",
"view-realm"
]
}
},
"clientRole": true,
"containerId": "b6f6604d-f54f-4ce9-8a62-341908bda3a3",
"attributes": {}
},
{
"id": "a904eb43-2d0a-40d1-bbe0-fc6aa3c29e16",
"name": "manage-authorization",
"description": "${role_manage-authorization}",
"composite": false,
"clientRole": true,
"containerId": "b6f6604d-f54f-4ce9-8a62-341908bda3a3",
"attributes": {}
},
{
"id": "16b92f01-ee54-41c9-b88e-e81f87b7faea",
"name": "manage-events",
"description": "${role_manage-events}",
"composite": false,
"clientRole": true,
"containerId": "b6f6604d-f54f-4ce9-8a62-341908bda3a3",
"attributes": {}
},
{
"id": "0987744a-c2a9-4196-9f02-557038a5a742",
"name": "query-groups",
"description": "${role_query-groups}",
"composite": false,
"clientRole": true,
"containerId": "b6f6604d-f54f-4ce9-8a62-341908bda3a3",
"attributes": {}
},
{
"id": "d1eace2c-1ccf-46b5-8d17-5690a206c4ad",
"name": "query-realms",
"description": "${role_query-realms}",
"composite": false,
"clientRole": true,
"containerId": "b6f6604d-f54f-4ce9-8a62-341908bda3a3",
"attributes": {}
},
{
"id": "cc6d1a1c-d112-4597-8455-c62c9535890a",
"name": "view-realm",
"description": "${role_view-realm}",
"composite": false,
"clientRole": true,
"containerId": "b6f6604d-f54f-4ce9-8a62-341908bda3a3",
"attributes": {}
}
],
"security-admin-console": [],
"admin-cli": [],
"jeedy_sso_local_sample": [],
"broker": [
{
"id": "1d0359ff-8c48-4274-84dc-a0cc87573718",
"name": "read-token",
"description": "${role_read-token}",
"composite": false,
"clientRole": true,
"containerId": "4ed4c845-c2d7-4f9e-8eab-17f4c1295b27",
"attributes": {}
}
],
"account": [
{
"id": "41c1d51a-ba1d-4d39-b46e-e6323cc80339",
"name": "manage-account",
"description": "${role_manage-account}",
"composite": true,
"composites": {
"client": {
"account": [
"manage-account-links"
]
}
},
"clientRole": true,
"containerId": "19cb2eb5-15f5-4f31-8152-a92d743f6da3",
"attributes": {}
},
{
"id": "8db4cadf-160e-4c63-a356-8f1c53280e6e",
"name": "manage-account-links",
"description": "${role_manage-account-links}",
"composite": false,
"clientRole": true,
"containerId": "19cb2eb5-15f5-4f31-8152-a92d743f6da3",
"attributes": {}
},
{
"id": "c90c948d-7501-404f-8e37-a5dc426c7c36",
"name": "view-profile",
"description": "${role_view-profile}",
"composite": false,
"clientRole": true,
"containerId": "19cb2eb5-15f5-4f31-8152-a92d743f6da3",
"attributes": {}
}
]
}
},
"groups": [
{
"id": "f973fba8-91b9-4255-9a8d-baf75a40983b",
"name": "CERN Users",
"path": "/CERN Users",
"attributes": {},
"realmRoles": [],
"clientRoles": {},
"subGroups": []
},
{
"id": "ab6042c7-430d-4aae-a644-79a6ca5ab974",
"name": "edh-team",
"path": "/edh-team",
"attributes": {},
"realmRoles": [],
"clientRoles": {},
"subGroups": []
},
{
"id": "52b96ed5-8b87-443e-b25b-4eb2f645df56",
"name": "it-dep-db",
"path": "/it-dep-db",
"attributes": {},
"realmRoles": [],
"clientRoles": {},
"subGroups": []
},
{
"id": "fa549d53-8c1f-495c-997a-bc22c9a76ff2",
"name": "it-dep-db-dar",
"path": "/it-dep-db-dar",
"attributes": {},
"realmRoles": [],
"clientRoles": {},
"subGroups": []
}
],
"defaultRoles": [
"uma_authorization",
"offline_access"
],
"requiredCredentials": [
"password"
],
"otpPolicyType": "totp",
"otpPolicyAlgorithm": "HmacSHA1",
"otpPolicyInitialCounter": 0,
"otpPolicyDigits": 6,
"otpPolicyLookAheadWindow": 1,
"otpPolicyPeriod": 30,
"otpSupportedApplications": [
"FreeOTP",
"Google Authenticator"
],
"scopeMappings": [
{
"clientScope": "offline_access",
"roles": [
"offline_access"
]
}
],
"clients": [
{
"id": "a0a18665-ffeb-4cf9-a158-850480874966",
"clientId": "security-admin-console",
"name": "${client_security-admin-console}",
"baseUrl": "/auth/admin/testrealm/console/index.html",
"surrogateAuthRequired": false,
"enabled": true,
"clientAuthenticatorType": "client-secret",
"secret": "**********",
"redirectUris": [
"/auth/admin/testrealm/console/*"
],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": false,
"serviceAccountsEnabled": false,
"publicClient": true,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": false,
"nodeReRegistrationTimeout": 0,
"protocolMappers": [
{
"id": "0ae7d69a-cbca-4f16-a6b2-3e97b63cbec6",
"name": "locale",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "locale",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "locale",
"jsonType.label": "String"
}
}
],
"defaultClientScopes": [
"web-origins",
"roles"
],
"optionalClientScopes": [
"microprofile-jwt"
]
},
{
"id": "b6f6604d-f54f-4ce9-8a62-341908bda3a3",
"clientId": "realm-management",
"name": "${client_realm-management}",
"surrogateAuthRequired": false,
"enabled": true,
"clientAuthenticatorType": "client-secret",
"secret": "**********",
"redirectUris": [],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": true,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": false,
"serviceAccountsEnabled": false,
"publicClient": false,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": false,
"nodeReRegistrationTimeout": 0,
"defaultClientScopes": [],
"optionalClientScopes": []
},
{
"id": "4ed4c845-c2d7-4f9e-8eab-17f4c1295b27",
"clientId": "broker",
"name": "${client_broker}",
"surrogateAuthRequired": false,
"enabled": true,
"clientAuthenticatorType": "client-secret",
"secret": "**********",
"redirectUris": [],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": false,
"serviceAccountsEnabled": false,
"publicClient": false,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": false,
"nodeReRegistrationTimeout": 0,
"defaultClientScopes": [
"web-origins",
"roles"
],
"optionalClientScopes": [
"microprofile-jwt"
]
},
{
"id": "19cb2eb5-15f5-4f31-8152-a92d743f6da3",
"clientId": "account",
"name": "${client_account}",
"baseUrl": "/auth/realms/testrealm/account",
"surrogateAuthRequired": false,
"enabled": true,
"clientAuthenticatorType": "client-secret",
"secret": "**********",
"defaultRoles": [
"manage-account",
"view-profile"
],
"redirectUris": [
"/auth/realms/testrealm/account/*"
],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": false,
"serviceAccountsEnabled": false,
"publicClient": false,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": false,
"nodeReRegistrationTimeout": 0,
"defaultClientScopes": [
"web-origins",
"roles"
],
"optionalClientScopes": [
"microprofile-jwt"
]
},
{
"id": "6cfe8f8f-1828-4ffc-b782-fe96a0f58b3a",
"clientId": "admin-cli",
"name": "${client_admin-cli}",
"surrogateAuthRequired": false,
"enabled": true,
"clientAuthenticatorType": "client-secret",
"secret": "**********",
"redirectUris": [],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": false,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": false,
"publicClient": true,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": false,
"nodeReRegistrationTimeout": 0,
"defaultClientScopes": [
"web-origins",
"roles"
],
"optionalClientScopes": [
"microprofile-jwt"
]
},
{
"id": "6564dcd2-cf28-47fe-a8fa-41baae762e73",
"clientId": "jeedy_sso_local_sample",
"surrogateAuthRequired": false,
"enabled": true,
"clientAuthenticatorType": "client-secret",
"secret": "**********",
"redirectUris": [
"http://localhost.cern.ch:8080/sample/"
],
"webOrigins": [
"https://localhost.cern.ch:8080"
],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": false,
"serviceAccountsEnabled": false,
"publicClient": false,
"frontchannelLogout": false,
"protocol": "saml",
"attributes": {
"saml_single_logout_service_url_redirect": "http://localhost.cern.ch:8080/sample/saml",
"saml.client.signature": "false",
"saml.authnstatement": "true",
"saml_assertion_consumer_url_post": "http://localhost.cern.ch:8080/sample/saml",
"saml_name_id_format": "username",
"saml.server.signature": "false",
"saml.server.signature.keyinfo.ext": "false",
"saml_signature_canonicalization_method": "http://www.w3.org/2001/10/xml-exc-c14n#"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": true,
"nodeReRegistrationTimeout": -1,
"defaultClientScopes": [
"CommonProtocolMappers"
],
"optionalClientScopes": [
"offline_access"
]
}
],
"clientScopes": [
{
"id": "af49ddf1-8b11-44ff-9857-0a2b8b7df352",
"name": "CommonProtocolMappers",
"description": "Protocol mappers that are common to any client in our setup",
"protocol": "saml",
"attributes": {},
"protocolMappers": [
{
"id": "dbefdd30-bb1f-4173-947f-a98dc9802d8b",
"name": "DepartmentMapper",
"protocol": "saml",
"protocolMapper": "saml-user-attribute-mapper",
"consentRequired": false,
"config": {
"attribute.nameformat": "Unspecified",
"user.attribute": "http://schemas.xmlsoap.org/claims/Department",
"friendly.name": "DepartmentMapper",
"attribute.name": "http://schemas.xmlsoap.org/claims/Department"
}
},
{
"id": "a7f8d0de-5131-4a07-b82a-c3cf5f1e5726",
"name": "AuthLevelMapper",
"protocol": "saml",
"protocolMapper": "saml-user-attribute-mapper",
"consentRequired": false,
"config": {
"attribute.nameformat": "Unspecified",
"user.attribute": "http://schemas.xmlsoap.org/claims/AuthLevel",
"friendly.name": "AuthLevelMapper",
"attribute.name": "http://schemas.xmlsoap.org/claims/AuthLevel"
}
},
{
"id": "b1ea0ffe-793f-4a98-af87-8a36a390f90a",
"name": "IdentityClassMapper",
"protocol": "saml",
"protocolMapper": "saml-user-attribute-mapper",
"consentRequired": false,
"config": {
"attribute.nameformat": "Unspecified",
"user.attribute": "http://schemas.xmlsoap.org/claims/IdentityClass",
"friendly.name": "IdentityClassMapper",
"attribute.name": "http://schemas.xmlsoap.org/claims/IdentityClass"
}
},
{
"id": "814ddb79-796f-4626-838d-8485982efeb4",
"name": "FirstNameMapper",
"protocol": "saml",
"protocolMapper": "saml-user-attribute-mapper",
"consentRequired": false,
"config": {
"attribute.nameformat": "Unspecified",
"user.attribute": "http://schemas.xmlsoap.org/claims/FirstName",
"friendly.name": "FirstNameMapper",
"attribute.name": "http://schemas.xmlsoap.org/claims/FirstName"
}
},
{
"id": "626c6e7a-ff6f-4255-8f85-cb4ed8776c0a",
"name": "BuildingMapper",
"protocol": "saml",
"protocolMapper": "saml-user-attribute-mapper",
"consentRequired": false,
"config": {
"attribute.nameformat": "Unspecified",
"user.attribute": "http://schemas.xmlsoap.org/claims/Building",
"friendly.name": "BuildingMapper",
"attribute.name": "http://schemas.xmlsoap.org/claims/Building"
}
},
{
"id": "6be8d3e5-7e43-480a-8775-90591f1bd85b",
"name": "LastnameMapper",
"protocol": "saml",
"protocolMapper": "saml-user-attribute-mapper",
"consentRequired": false,
"config": {
"attribute.nameformat": "Unspecified",
"user.attribute": "http://schemas.xmlsoap.org/claims/Lastname",
"friendly.name": "LastnameMapper",
"attribute.name": "http://schemas.xmlsoap.org/claims/Lastname"
}
},
{
"id": "f8e195b9-1b52-4558-bd82-dcdc5ce10eb0",
"name": "GroupMapper",
"protocol": "saml",
"protocolMapper": "saml-group-membership-mapper",
"consentRequired": false,
"config": {
"single": "false",
"attribute.nameformat": "Unspecified",
"full.path": "false",
"friendly.name": "Groups",
"attribute.name": "http://schemas.xmlsoap.org/claims/Group"
}
},
{
"id": "9c5048d6-bcc0-4c3d-8322-f50370515725",
"name": "CommonNameMapper",
"protocol": "saml",
"protocolMapper": "saml-user-attribute-mapper",
"consentRequired": false,
"config": {
"attribute.nameformat": "Unspecified",
"user.attribute": "http://schemas.xmlsoap.org/claims/CommonName",
"friendly.name": "CommonNameMapper",
"attribute.name": "http://schemas.xmlsoap.org/claims/CommonName"
}
},
{
"id": "b71355a8-9ff3-4da8-9fd3-65644589b79d",
"name": "PreferredLanguageMapper",
"protocol": "saml",
"protocolMapper": "saml-user-attribute-mapper",
"consentRequired": false,
"config": {
"attribute.nameformat": "Unspecified",
"user.attribute": "http://schemas.xmlsoap.org/claims/PreferredLanguage",
"friendly.name": "PreferredLanguageMapper",
"attribute.name": "http://schemas.xmlsoap.org/claims/PreferredLanguage"
}
},
{
"id": "e1360bd9-b2c7-4062-b5ab-3a9baf563424",
"name": "PersonIDMapper",
"protocol": "saml",
"protocolMapper": "saml-user-attribute-mapper",
"consentRequired": false,
"config": {
"attribute.nameformat": "Unspecified",
"user.attribute": "http://schemas.xmlsoap.org/claims/PersonID",
"friendly.name": "PersonIDMapper",
"attribute.name": "http://schemas.xmlsoap.org/claims/PersonID"
}
},
{
"id": "e8a379fc-6e4c-4a6b-82a5-bde3dc6721bd",
"name": "HomeInstituteMapper",
"protocol": "saml",
"protocolMapper": "saml-user-attribute-mapper",
"consentRequired": false,
"config": {
"attribute.nameformat": "Unspecified",
"user.attribute": "http://schemas.xmlsoap.org/claims/HomeInstitute",
"friendly.name": "HomeInstituteMapper",
"attribute.name": "http://schemas.xmlsoap.org/claims/HomeInstitute"
}
},
{
"id": "a0c78e28-e96b-4d15-b81f-0dd22b43f523",
"name": "uidNumberMapper",
"protocol": "saml",
"protocolMapper": "saml-user-attribute-mapper",
"consentRequired": false,
"config": {
"attribute.nameformat": "Unspecified",
"user.attribute": "http://schemas.xmlsoap.org/claims/uidNumber",
"friendly.name": "uidNumberMapper",
"attribute.name": "http://schemas.xmlsoap.org/claims/uidNumber"
}
}
]
},
{
"id": "e8ecd39d-36fd-45db-8258-bcf173972f94",
"name": "microprofile-jwt",
"description": "Microprofile - JWT built-in scope",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"display.on.consent.screen": "false"
},
"protocolMappers": [
{
"id": "94f17ad9-57e0-4a1e-b4be-0e519c0aecd2",
"name": "upn",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "username",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "upn",
"jsonType.label": "String"
}
},
{
"id": "7e9333bc-2b72-4ff6-bb9d-338b9b5af51e",
"name": "groups",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-realm-role-mapper",
"consentRequired": false,
"config": {
"multivalued": "true",
"user.attribute": "foo",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "groups",
"jsonType.label": "String"
}
}
]
},
{
"id": "39399c30-6e10-4789-97fe-d3ae891b4870",
"name": "offline_access",
"description": "OpenID Connect built-in scope: offline_access",
"protocol": "openid-connect",
"attributes": {
"consent.screen.text": "${offlineAccessScopeConsentText}",
"display.on.consent.screen": "true"
}
},
{
"id": "90b29f3a-8456-4576-aade-eb3b7858f06c",
"name": "roles",
"description": "OpenID Connect scope for add user roles to the access token",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "false",
"display.on.consent.screen": "true",
"consent.screen.text": "${rolesScopeConsentText}"
},
"protocolMappers": [
{
"id": "96f8990c-a499-4be5-a1d7-7285468aad5c",
"name": "audience resolve",
"protocol": "openid-connect",
"protocolMapper": "oidc-audience-resolve-mapper",
"consentRequired": false,
"config": {}
},
{
"id": "a3c75bd5-0598-48e6-a6f2-0e378a0ae683",
"name": "realm roles",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-realm-role-mapper",
"consentRequired": false,
"config": {
"multivalued": "true",
"user.attribute": "foo",
"access.token.claim": "true",
"claim.name": "realm_access.roles",
"jsonType.label": "String"
}
},
{
"id": "ee09ed01-63fe-4962-8e81-9e91b4fa85f9",
"name": "client roles",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-client-role-mapper",
"consentRequired": false,
"config": {
"multivalued": "true",
"user.attribute": "foo",
"access.token.claim": "true",
"claim.name": "resource_access.${client_id}.roles",
"jsonType.label": "String"
}
}
]
},
{
"id": "83b173e4-80b5-41cf-a10e-def76b3af549",
"name": "web-origins",
"description": "OpenID Connect scope for add allowed web origins to the access token",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "false",
"display.on.consent.screen": "false",
"consent.screen.text": ""
},
"protocolMappers": [
{
"id": "abe45cf4-d010-4048-8c95-31d106f76cd3",
"name": "allowed web origins",
"protocol": "openid-connect",
"protocolMapper": "oidc-allowed-origins-mapper",
"consentRequired": false,
"config": {}
}
]
}
],
"defaultDefaultClientScopes": [
"web-origins",
"roles"
],
"defaultOptionalClientScopes": [
"offline_access",
"microprofile-jwt"
],
"browserSecurityHeaders": {
"contentSecurityPolicyReportOnly": "",
"xContentTypeOptions": "nosniff",
"xRobotsTag": "none",
"xFrameOptions": "SAMEORIGIN",
"xXSSProtection": "1; mode=block",
"contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
"strictTransportSecurity": "max-age=31536000; includeSubDomains"
},
"smtpServer": {},
"eventsEnabled": false,
"eventsListeners": [
"jboss-logging"
],
"enabledEventTypes": [],
"adminEventsEnabled": false,
"adminEventsDetailsEnabled": false,
"components": {
"org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [
{
"id": "cfeeb673-f48c-47c0-b133-18f53b08f297",
"name": "Allowed Client Scopes",
"providerId": "allowed-client-templates",
"subType": "anonymous",
"subComponents": {},
"config": {
"allow-default-scopes": [
"true"
]
}
},
{
"id": "a39153ad-355e-4986-bd51-f5e2b7c9ac36",
"name": "Consent Required",
"providerId": "consent-required",
"subType": "anonymous",
"subComponents": {},
"config": {}
},
{
"id": "17dc4b4f-749f-459e-8452-c7d800e50f9c",
"name": "Allowed Protocol Mapper Types",
"providerId": "allowed-protocol-mappers",
"subType": "authenticated",
"subComponents": {},
"config": {
"allowed-protocol-mapper-types": [
"oidc-usermodel-attribute-mapper",
"oidc-address-mapper",
"oidc-usermodel-property-mapper",
"oidc-sha256-pairwise-sub-mapper",
"saml-user-property-mapper",
"oidc-full-name-mapper",
"saml-user-attribute-mapper",
"saml-role-list-mapper"
]
}
},
{
"id": "86b97991-4852-4692-af59-290fc0798d9a",
"name": "Trusted Hosts",
"providerId": "trusted-hosts",
"subType": "anonymous",
"subComponents": {},
"config": {
"host-sending-registration-request-must-match": [
"true"
],
"client-uris-must-match": [
"true"
]
}
},
{
"id": "3d5e4b92-dd42-415e-b598-c999396816ae",
"name": "Allowed Protocol Mapper Types",
"providerId": "allowed-protocol-mappers",
"subType": "anonymous",
"subComponents": {},
"config": {
"allowed-protocol-mapper-types": [
"saml-user-property-mapper",
"saml-user-attribute-mapper",
"oidc-full-name-mapper",
"oidc-sha256-pairwise-sub-mapper",
"oidc-address-mapper",
"oidc-usermodel-attribute-mapper",
"saml-role-list-mapper",
"oidc-usermodel-property-mapper"
]
}
},
{
"id": "823702a5-6c67-4a49-a2dc-279c505cbf8a",
"name": "Full Scope Disabled",
"providerId": "scope",
"subType": "anonymous",
"subComponents": {},
"config": {}
},
{
"id": "2d80e431-b0e6-4b31-ac24-35b0bffb7c8d",
"name": "Max Clients Limit",
"providerId": "max-clients",
"subType": "anonymous",
"subComponents": {},
"config": {
"max-clients": [
"200"
]
}
},
{
"id": "d52a7c14-a217-4bb0-8e7f-35528f7fe52d",
"name": "Allowed Client Scopes",
"providerId": "allowed-client-templates",
"subType": "authenticated",
"subComponents": {},
"config": {
"allow-default-scopes": [
"true"
]
}
}
],
"org.keycloak.keys.KeyProvider": [
{
"id": "2125c8a1-fc92-4d6e-a5e3-8b86abf0e7d0",
"name": "hmac-generated",
"providerId": "hmac-generated",
"subComponents": {},
"config": {
"priority": [
"100"
],
"algorithm": [
"HS256"
]
}
},
{
"id": "c898423a-2a05-419f-9296-6d74f8aea0aa",
"name": "aes-generated",
"providerId": "aes-generated",
"subComponents": {},
"config": {
"priority": [
"100"
]
}
},
{
"id": "67ff006f-65b1-4f97-b957-d3d45ed8b89e",
"name": "rsa-generated",
"providerId": "rsa-generated",
"subComponents": {},
"config": {
"priority": [
"100"
]
}
}
]
},
"internationalizationEnabled": false,
"supportedLocales": [],
"authenticationFlows": [
{
"id": "761416ac-14e5-45ef-bd25-ad683426fd84",
"alias": "Handle Existing Account",
"description": "Handle what to do if there is existing account with same email/username like authenticated identity provider",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "idp-confirm-link",
"requirement": "REQUIRED",
"priority": 10,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "idp-email-verification",
"requirement": "ALTERNATIVE",
"priority": 20,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"requirement": "ALTERNATIVE",
"priority": 30,
"flowAlias": "Verify Existing Account by Re-authentication",
"userSetupAllowed": false,
"autheticatorFlow": true
}
]
},
{
"id": "0f9e0279-720e-40e7-84b5-4e93e0d58fb0",
"alias": "Verify Existing Account by Re-authentication",
"description": "Reauthentication of existing account",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "idp-username-password-form",
"requirement": "REQUIRED",
"priority": 10,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "auth-otp-form",
"requirement": "OPTIONAL",
"priority": 20,
"userSetupAllowed": false,
"autheticatorFlow": false
}
]
},
{
"id": "746e0ec5-f49f-45a0-974c-abbd9cf3e1a5",
"alias": "browser",
"description": "browser based authentication",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "auth-cookie",
"requirement": "ALTERNATIVE",
"priority": 10,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "auth-spnego",
"requirement": "DISABLED",
"priority": 20,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "identity-provider-redirector",
"requirement": "ALTERNATIVE",
"priority": 25,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"requirement": "ALTERNATIVE",
"priority": 30,
"flowAlias": "forms",
"userSetupAllowed": false,
"autheticatorFlow": true
}
]
},
{
"id": "c9fb2f26-3885-4c36-8c57-3a58d207e831",
"alias": "clients",
"description": "Base authentication for clients",
"providerId": "client-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "client-secret",
"requirement": "ALTERNATIVE",
"priority": 10,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "client-jwt",
"requirement": "ALTERNATIVE",
"priority": 20,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "client-secret-jwt",
"requirement": "ALTERNATIVE",
"priority": 30,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "client-x509",
"requirement": "ALTERNATIVE",
"priority": 40,
"userSetupAllowed": false,
"autheticatorFlow": false
}
]
},
{
"id": "0d107962-d58d-4952-a6e1-fd9495152b20",
"alias": "direct grant",
"description": "OpenID Connect Resource Owner Grant",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "direct-grant-validate-username",
"requirement": "REQUIRED",
"priority": 10,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "direct-grant-validate-password",
"requirement": "REQUIRED",
"priority": 20,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "direct-grant-validate-otp",
"requirement": "OPTIONAL",
"priority": 30,
"userSetupAllowed": false,
"autheticatorFlow": false
}
]
},
{
"id": "ae6c8af7-68f6-4ba3-b70e-4990c8023c4a",
"alias": "docker auth",
"description": "Used by Docker clients to authenticate against the IDP",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "docker-http-basic-authenticator",
"requirement": "REQUIRED",
"priority": 10,
"userSetupAllowed": false,
"autheticatorFlow": false
}
]
},
{
"id": "ff04f6d9-70bf-4756-b367-22d2b91225b6",
"alias": "first broker login",
"description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticatorConfig": "review profile config",
"authenticator": "idp-review-profile",
"requirement": "REQUIRED",
"priority": 10,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticatorConfig": "create unique user config",
"authenticator": "idp-create-user-if-unique",
"requirement": "ALTERNATIVE",
"priority": 20,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"requirement": "ALTERNATIVE",
"priority": 30,
"flowAlias": "Handle Existing Account",
"userSetupAllowed": false,
"autheticatorFlow": true
}
]
},
{
"id": "95024ea7-2238-4fd8-9877-c99912c58790",
"alias": "forms",
"description": "Username, password, otp and other auth forms.",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "auth-username-password-form",
"requirement": "REQUIRED",
"priority": 10,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "auth-otp-form",
"requirement": "OPTIONAL",
"priority": 20,
"userSetupAllowed": false,
"autheticatorFlow": false
}
]
},
{
"id": "486af3f7-967a-4d2a-9f82-5b73d120a1e2",
"alias": "http challenge",
"description": "An authentication flow based on challenge-response HTTP Authentication Schemes",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "no-cookie-redirect",
"requirement": "REQUIRED",
"priority": 10,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "basic-auth",
"requirement": "REQUIRED",
"priority": 20,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "basic-auth-otp",
"requirement": "DISABLED",
"priority": 30,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "auth-spnego",
"requirement": "DISABLED",
"priority": 40,
"userSetupAllowed": false,
"autheticatorFlow": false
}
]
},
{
"id": "6725439f-dbcb-43f6-9024-ab7568faece2",
"alias": "registration",
"description": "registration flow",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "registration-page-form",
"requirement": "REQUIRED",
"priority": 10,
"flowAlias": "registration form",
"userSetupAllowed": false,
"autheticatorFlow": true
}
]
},
{
"id": "54d85108-73b4-4145-a4ba-330bb83cbde1",
"alias": "registration form",
"description": "registration form",
"providerId": "form-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "registration-user-creation",
"requirement": "REQUIRED",
"priority": 20,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "registration-profile-action",
"requirement": "REQUIRED",
"priority": 40,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "registration-password-action",
"requirement": "REQUIRED",
"priority": 50,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "registration-recaptcha-action",
"requirement": "DISABLED",
"priority": 60,
"userSetupAllowed": false,
"autheticatorFlow": false
}
]
},
{
"id": "2c0ff921-286c-45a7-ad88-4ff410a55280",
"alias": "reset credentials",
"description": "Reset credentials for a user if they forgot their password or something",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "reset-credentials-choose-user",
"requirement": "REQUIRED",
"priority": 10,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "reset-credential-email",
"requirement": "REQUIRED",
"priority": 20,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "reset-password",
"requirement": "REQUIRED",
"priority": 30,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "reset-otp",
"requirement": "OPTIONAL",
"priority": 40,
"userSetupAllowed": false,
"autheticatorFlow": false
}
]
},
{
"id": "65aa8cee-da81-4b72-9323-7655231cc6b3",
"alias": "saml ecp",
"description": "SAML ECP Profile Authentication Flow",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "http-basic-authenticator",
"requirement": "REQUIRED",
"priority": 10,
"userSetupAllowed": false,
"autheticatorFlow": false
}
]
}
],
"authenticatorConfig": [
{
"id": "091ebc37-8925-416e-9933-0ddeb5b73495",
"alias": "create unique user config",
"config": {
"require.password.update.after.registration": "false"
}
},
{
"id": "90abf977-b874-4743-9037-a63adf1f257e",
"alias": "review profile config",
"config": {
"update.profile.on.first.login": "missing"
}
}
],
"requiredActions": [
{
"alias": "CONFIGURE_TOTP",
"name": "Configure OTP",
"providerId": "CONFIGURE_TOTP",
"enabled": true,
"defaultAction": false,
"priority": 10,
"config": {}
},
{
"alias": "terms_and_conditions",
"name": "Terms and Conditions",
"providerId": "terms_and_conditions",
"enabled": false,
"defaultAction": false,
"priority": 20,
"config": {}
},
{
"alias": "UPDATE_PASSWORD",
"name": "Update Password",
"providerId": "UPDATE_PASSWORD",
"enabled": true,
"defaultAction": false,
"priority": 30,
"config": {}
},
{
"alias": "UPDATE_PROFILE",
"name": "Update Profile",
"providerId": "UPDATE_PROFILE",
"enabled": true,
"defaultAction": false,
"priority": 40,
"config": {}
},
{
"alias": "VERIFY_EMAIL",
"name": "Verify Email",
"providerId": "VERIFY_EMAIL",
"enabled": true,
"defaultAction": false,
"priority": 50,
"config": {}
}
],
"browserFlow": "browser",
"registrationFlow": "registration",
"directGrantFlow": "direct grant",
"resetCredentialsFlow": "reset credentials",
"clientAuthenticationFlow": "clients",
"dockerAuthenticationFlow": "docker auth",
"attributes": {
"_browser_header.xXSSProtection": "1; mode=block",
"_browser_header.xFrameOptions": "SAMEORIGIN",
"_browser_header.strictTransportSecurity": "max-age=31536000; includeSubDomains",
"permanentLockout": "false",
"quickLoginCheckMilliSeconds": "1000",
"_browser_header.xRobotsTag": "none",
"maxFailureWaitSeconds": "900",
"minimumQuickLoginWaitSeconds": "60",
"failureFactor": "30",
"actionTokenGeneratedByUserLifespan": "300",
"maxDeltaTimeSeconds": "43200",
"_browser_header.xContentTypeOptions": "nosniff",
"offlineSessionMaxLifespan": "5184000",
"actionTokenGeneratedByAdminLifespan": "43200",
"_browser_header.contentSecurityPolicyReportOnly": "",
"bruteForceProtected": "false",
"_browser_header.contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
"waitIncrementSeconds": "60",
"offlineSessionMaxLifespanEnabled": "false"
},
"keycloakVersion": "7.0.1",
"userManagedAccessAllowed": false
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment