-
-
Save melkosoft/b219d31afab076c8f55259cfcf36e849 to your computer and use it in GitHub Desktop.
Docker-compose file for Elasticsearch+Kibana+Keycloak with configuration files
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# config.yaml | |
--- | |
_meta: | |
type: "config" | |
config_version: 2 | |
config: | |
dynamic: | |
do_not_fail_on_forbidden: true | |
kibana: | |
server_username: kibanaserver | |
multitenancy_enabled: true | |
index: '.kibana' | |
http: | |
anonymous_auth_enabled: false | |
xff: | |
enabled: false | |
internalProxies: '192\.168\.0\.10|192\.168\.0\.11' # regex pattern | |
authc: | |
basic_internal_auth_domain: | |
http_enabled: true | |
order: 0 | |
http_authenticator: | |
type: basic | |
challenge: false | |
authentication_backend: | |
type: internal | |
openid_auth_domain: | |
http_enabled: true | |
transport_enabled: true | |
order: 1 | |
http_authenticator: | |
type: openid | |
challenge: false | |
config: | |
subject_key: email | |
roles_key: roles | |
openid_connect_url: "https://keycloak:8443/auth/realms/oauth2/.well-known/openid-configuration" | |
enable_ssl: true | |
verify_hostnames: false | |
# Added from OD forum thread https://github.com/opendistro-for-elasticsearch/security/issues/419 | |
openid_connect_idp.enable_ssl: true | |
openid_connect_idp.verify_hostnames: false | |
openid_connect_idp.pemtrustedcas_filepath: "/usr/share/elasticsearch/config/root-ca.pem" | |
authentication_backend: | |
type: noop |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
version: '3.2' | |
services: | |
node1: | |
image: amazon/opendistro-for-elasticsearch:1.11.0 | |
container_name: node1 | |
hostname: node1 | |
domainname: mylab.io | |
environment: | |
- NODE_TLS_REJECT_UNAUTHORIZED=0 | |
- cluster.name=es-cluster | |
- node.name=node1 | |
- discovery.type=single-node | |
- bootstrap.memory_lock=true # along with the memlock settings below, disables swapping | |
- bootstrap.system_call_filter=false | |
- "ES_JAVA_OPTS=-Xms1g -Xmx1g" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM | |
ulimits: | |
memlock: | |
soft: -1 | |
hard: -1 | |
nofile: | |
soft: 65536 # maximum number of open files for the Elasticsearch user, set to at least 65536 on modern systems | |
hard: 65536 | |
volumes: | |
- "data1:/usr/share/elasticsearch/data" | |
- "./sysctl/elastic.conf:/etc/sysctl.d/elastic.conf" | |
- "./esconfig/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml" | |
- "./esconfig/log4j2.properties.debug:/usr/share/elasticsearch/config/log4j2.properties" | |
- "./ssl/root-ca.pem:/usr/share/elasticsearch/config/root-ca.pem:ro" | |
- "./ssl/node1.pem:/usr/share/elasticsearch/config/node.pem:ro" | |
- "./ssl/node1.key:/usr/share/elasticsearch/config/node.key:ro" | |
- "./ssl/root-ca.pem:/usr/share/elasticsearch/config/admin-root-ca.pem:ro" | |
- "./ssl/admin.pem:/usr/share/elasticsearch/config/admin.pem:ro" | |
- "./ssl/admin.key:/usr/share/elasticsearch/config/admin.key:ro" | |
# Security Plugin configuration | |
- "./security/config.yml.keycloak:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/config.yml" | |
- "./security/action_groups.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/action_groups.yml" | |
- "./security/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml" | |
- "./security/roles.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/roles.yml" | |
- "./security/roles_mapping.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/roles_mapping.yml" | |
- "./security/tenants.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/tenants.yml" | |
- "./security/whitelist.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/whitelist.yml" | |
- "./security/audit.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/audit.yml" | |
- "./security/nodes_dn.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/nodes_dn.yml" | |
ports: | |
- 9200:9200 | |
- 9300:9300 | |
networks: | |
- es-net | |
kibana: | |
# image: mmamaenko/opendistro-kibana:1.10.2 | |
image: amazon/opendistro-for-elasticsearch-kibana:1.11.0 | |
container_name: kibana | |
hostname: kibana | |
domainname: mylab.io | |
volumes: | |
- "./kibana/kibana.yml.keycloak:/usr/share/kibana/config/kibana.yml" | |
- "./ssl/kibana.pem:/usr/share/kibana/config/kibana.pem:ro" | |
- "./ssl/kibana.key:/usr/share/kibana/config/kibana.key:ro" | |
- "./ssl/root-ca.pem:/usr/share/kibana/config/root-ca.pem:ro" | |
ports: | |
- 5601:5601 | |
expose: | |
- "5601" | |
environment: | |
# To allow selfsigned certificates for OpenID provider | |
NODE_TLS_REJECT_UNAUTHORIZED: 0 | |
CLUSTER_NAME: es-cluster | |
SERVER_SSL_ENABLED: "true" | |
ELASTICSEARCH_HOSTS: https://node1:9200 | |
ELASTICSEARCH_URL: https://node1:9200 | |
SERVER_SSL_KEY: /usr/share/kibana/config/kibana.key | |
SERVER_SSL_CERTIFICATE: /usr/share/kibana/config/kibana.pem | |
networks: | |
- es-net | |
keycloak: | |
image: quay.io/keycloak/keycloak:latest | |
container_name: keycloak | |
hostname: keycloak | |
domainname: mylab.io | |
environment: | |
DB_VENDOR: h2 | |
KEYCLOAK_USER: admin | |
KEYCLOAK_PASSWORD: admin | |
KEYCLOAK_LOGLEVEL: ALL # ALL, DEBUG, ERROR, FATAL, INFO, OFF, TRACE and WARN | |
KEYCLOAK_IMPORT: /tmp/realm.json | |
volumes: | |
- type: bind | |
source: ./ssl/root-ca.pem | |
target: /etc/x509/https/ca.crt | |
- type: bind | |
source: ./ssl/keycloak.pem | |
target: /etc/x509/https/tls.crt | |
- type: bind | |
source: ./ssl/keycloak.key | |
target: /etc/x509/https/tls.key | |
- type: bind | |
source: ./keycloak/oauth2-keycloak.json | |
target: /tmp/realm.json | |
ports: | |
- 8443:8443 | |
expose: | |
- "8443" | |
networks: | |
- es-net | |
volumes: | |
data1: | |
networks: | |
es-net: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cluster.name: "es-cluster" | |
network.host: 0.0.0.0 | |
opendistro_security.advanced_modules_enabled: true | |
opendistro_security.roles_mapping_resolution: BOTH | |
opendistro_security.audit.ignore_users: ['kibanaserver'] | |
#opendistro_security.audit.enable_rest: true | |
#opendistro_security.audit.enable_transport: false | |
#opendistro_security.audit.config.log4j.level: INFO | |
#opendistro_security.audit.type: debug | |
#opendistro.alerting.filter_by_backend_roles: true | |
# TLS Configuration Transport Layer | |
opendistro_security.ssl.transport.pemcert_filepath: node.pem | |
opendistro_security.ssl.transport.pemkey_filepath: node.key | |
opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem | |
# opendistro_security.ssl.transport.pemkey_password: ${TRANSPORT_TLS_PEM_PASS} | |
opendistro_security.ssl.transport.enforce_hostname_verification: false | |
opendistro_security.ssl.transport.resolve_hostname: false | |
# TLS Configuration REST Layer | |
opendistro_security.ssl.http.enabled: true | |
opendistro_security.ssl.http.pemcert_filepath: node.pem | |
opendistro_security.ssl.http.pemkey_filepath: node.key | |
opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem | |
# opendistro_security.ssl.http.pemkey_password: ${HTTP_TLS_PEM_PASS} | |
# Demo Certificate Option Disabled | |
opendistro_security.allow_unsafe_democertificates: true | |
opendistro_security.allow_default_init_securityindex: true | |
opendistro_security.authcz.admin_dn: | |
- 'CN=admin' | |
- 'CN=admin,OU=HP Business Platform,O=HP Inc,L=Palo Alto,ST=California,C=US' | |
opendistro_security.nodes_dn: | |
- 'CN=node1' | |
- 'CN=node1.mylab.local,OU=HP Business Platform,O=HP Inc,L=Palo Alto,ST=California,C=US' | |
- ‘/CN=.*regex/’ | |
opendistro_security.audit.type: internal_elasticsearch | |
opendistro_security.enable_snapshot_restore_privilege: true | |
opendistro_security.check_snapshot_restore_write_privileges: true | |
opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"] | |
cluster.routing.allocation.disk.threshold_enabled: false | |
opendistro_security.audit.config.disabled_rest_categories: NONE | |
opendistro_security.audit.config.disabled_transport_categories: NONE |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server.name: kibana | |
server.host: "0" | |
elasticsearch.hosts: https://node1:9200 | |
elasticsearch.ssl.verificationMode: none | |
elasticsearch.requestTimeout: 360000 | |
elasticsearch.username: kibanaserver | |
elasticsearch.password: kibanaserver | |
elasticsearch.requestHeadersWhitelist: ["securitytenant","Authorization", "security_tenant", "x-forwarded-for", "x-forwarded-by"] | |
opendistro_security.multitenancy.enabled: true | |
opendistro_security.multitenancy.tenants.enable_global: true | |
opendistro_security.multitenancy.tenants.enable_private: true | |
opendistro_security.multitenancy.tenants.preferred: ["Private", "Global"] | |
opendistro_security.readonly_mode.roles: ["kibana_read_only"] | |
opendistro_security.cookie.ttl: 86400000 | |
opendistro_security.session.ttl: 86400000 | |
opendistro_security.session.keepalive: true | |
opendistro_security.auth.type: "openid" | |
opendistro_security.openid.connect_url: "https://keycloak:8443/auth/realms/oauth2/.well-known/openid-configuration" | |
opendistro_security.openid.client_id: "kibana-sso" | |
opendistro_security.openid.client_secret: "6f7ae385-e1ad-44bf-89e1-1368353efd28" | |
opendistro_security.openid.scope: "openid profile email" | |
opendistro_security.openid.base_redirect_url: "https://kibana:5601" | |
# OpenID provider's trusted ca certificate | |
opendistro_security.openid.root_ca: "/usr/share/kibana/config/root-ca.pem" | |
opendistro_security.cookie.secure: true | |
opendistro_security.cookie.password: "c5e7d83df5bd4f41bd462288430d064c" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"id": "oauth2", | |
"realm": "oauth2", | |
"notBefore": 0, | |
"revokeRefreshToken": false, | |
"refreshTokenMaxReuse": 0, | |
"accessTokenLifespan": 300, | |
"accessTokenLifespanForImplicitFlow": 900, | |
"ssoSessionIdleTimeout": 1800, | |
"ssoSessionMaxLifespan": 36000, | |
"ssoSessionIdleTimeoutRememberMe": 0, | |
"ssoSessionMaxLifespanRememberMe": 0, | |
"offlineSessionIdleTimeout": 2592000, | |
"offlineSessionMaxLifespanEnabled": false, | |
"offlineSessionMaxLifespan": 5184000, | |
"clientSessionIdleTimeout": 0, | |
"clientSessionMaxLifespan": 0, | |
"accessCodeLifespan": 60, | |
"accessCodeLifespanUserAction": 300, | |
"accessCodeLifespanLogin": 1800, | |
"actionTokenGeneratedByAdminLifespan": 43200, | |
"actionTokenGeneratedByUserLifespan": 300, | |
"enabled": true, | |
"sslRequired": "external", | |
"registrationAllowed": false, | |
"registrationEmailAsUsername": false, | |
"rememberMe": false, | |
"verifyEmail": false, | |
"loginWithEmailAllowed": true, | |
"duplicateEmailsAllowed": false, | |
"resetPasswordAllowed": false, | |
"editUsernameAllowed": false, | |
"bruteForceProtected": false, | |
"permanentLockout": false, | |
"maxFailureWaitSeconds": 900, | |
"minimumQuickLoginWaitSeconds": 60, | |
"waitIncrementSeconds": 60, | |
"quickLoginCheckMilliSeconds": 1000, | |
"maxDeltaTimeSeconds": 43200, | |
"failureFactor": 30, | |
"roles": { | |
"realm": [ | |
{ | |
"id": "6f629b9a-c2a2-4139-a3e1-3fe28e6b988d", | |
"name": "offline_access", | |
"description": "${role_offline-access}", | |
"composite": false, | |
"clientRole": false, | |
"containerId": "oauth2", | |
"attributes": {} | |
}, | |
{ | |
"id": "861dd8d7-382d-482c-b27b-c2ef4eb1c7e7", | |
"name": "uma_authorization", | |
"description": "${role_uma_authorization}", | |
"composite": false, | |
"clientRole": false, | |
"containerId": "oauth2", | |
"attributes": {} | |
} | |
], | |
"client": { | |
"realm-management": [ | |
{ | |
"id": "1d12592a-4a1d-4416-bd1d-f79588a5a6ae", | |
"name": "manage-users", | |
"description": "${role_manage-users}", | |
"composite": false, | |
"clientRole": true, | |
"containerId": "708238f6-e017-4340-8801-75db81cf9b7f", | |
"attributes": {} | |
}, | |
{ | |
"id": "9ce850f6-2a9b-4456-8ba4-7e09a49fa730", | |
"name": "view-realm", | |
"description": "${role_view-realm}", | |
"composite": false, | |
"clientRole": true, | |
"containerId": "708238f6-e017-4340-8801-75db81cf9b7f", | |
"attributes": {} | |
}, | |
{ | |
"id": "a5facdd9-1708-4eb0-b626-9281c24afef2", | |
"name": "manage-identity-providers", | |
"description": "${role_manage-identity-providers}", | |
"composite": false, | |
"clientRole": true, | |
"containerId": "708238f6-e017-4340-8801-75db81cf9b7f", | |
"attributes": {} | |
}, | |
{ | |
"id": "30b16c30-5d8d-4c55-960a-ae0af016c7d1", | |
"name": "view-identity-providers", | |
"description": "${role_view-identity-providers}", | |
"composite": false, | |
"clientRole": true, | |
"containerId": "708238f6-e017-4340-8801-75db81cf9b7f", | |
"attributes": {} | |
}, | |
{ | |
"id": "f6a4c390-d61a-4579-966f-d2685fb204a6", | |
"name": "create-client", | |
"description": "${role_create-client}", | |
"composite": false, | |
"clientRole": true, | |
"containerId": "708238f6-e017-4340-8801-75db81cf9b7f", | |
"attributes": {} | |
}, | |
{ | |
"id": "4fe78d46-30a2-4972-acc8-96325885f109", | |
"name": "query-groups", | |
"description": "${role_query-groups}", | |
"composite": false, | |
"clientRole": true, | |
"containerId": "708238f6-e017-4340-8801-75db81cf9b7f", | |
"attributes": {} | |
}, | |
{ | |
"id": "da59275c-6a36-4f50-bf03-443639aa9fe0", | |
"name": "manage-events", | |
"description": "${role_manage-events}", | |
"composite": false, | |
"clientRole": true, | |
"containerId": "708238f6-e017-4340-8801-75db81cf9b7f", | |
"attributes": {} | |
}, | |
{ | |
"id": "6f842241-4bbc-4f73-aace-949632641d72", | |
"name": "view-users", | |
"description": "${role_view-users}", | |
"composite": true, | |
"composites": { | |
"client": { | |
"realm-management": [ | |
"query-groups", | |
"query-users" | |
] | |
} | |
}, | |
"clientRole": true, | |
"containerId": "708238f6-e017-4340-8801-75db81cf9b7f", | |
"attributes": {} | |
}, | |
{ | |
"id": "657a75ef-1bf9-47e4-b99d-9fdeb42c29fe", | |
"name": "view-authorization", | |
"description": "${role_view-authorization}", | |
"composite": false, | |
"clientRole": true, | |
"containerId": "708238f6-e017-4340-8801-75db81cf9b7f", | |
"attributes": {} | |
}, | |
{ | |
"id": "77ea0c0a-98d7-4c4b-8dc8-2e9f1f70f1bf", | |
"name": "manage-clients", | |
"description": "${role_manage-clients}", | |
"composite": false, | |
"clientRole": true, | |
"containerId": "708238f6-e017-4340-8801-75db81cf9b7f", | |
"attributes": {} | |
}, | |
{ | |
"id": "10bf0359-da8b-43e6-b5e3-05cabf30b295", | |
"name": "manage-authorization", | |
"description": "${role_manage-authorization}", | |
"composite": false, | |
"clientRole": true, | |
"containerId": "708238f6-e017-4340-8801-75db81cf9b7f", | |
"attributes": {} | |
}, | |
{ | |
"id": "3aa6b0c0-10ae-4895-8a3d-00d75d00da9a", | |
"name": "query-realms", | |
"description": "${role_query-realms}", | |
"composite": false, | |
"clientRole": true, | |
"containerId": "708238f6-e017-4340-8801-75db81cf9b7f", | |
"attributes": {} | |
}, | |
{ | |
"id": "7c2692af-796f-43d1-8758-52fc2037ecdb", | |
"name": "view-clients", | |
"description": "${role_view-clients}", | |
"composite": true, | |
"composites": { | |
"client": { | |
"realm-management": [ | |
"query-clients" | |
] | |
} | |
}, | |
"clientRole": true, | |
"containerId": "708238f6-e017-4340-8801-75db81cf9b7f", | |
"attributes": {} | |
}, | |
{ | |
"id": "18088c94-450d-45fd-91b0-71955c01ab2d", | |
"name": "query-clients", | |
"description": "${role_query-clients}", | |
"composite": false, | |
"clientRole": true, | |
"containerId": "708238f6-e017-4340-8801-75db81cf9b7f", | |
"attributes": {} | |
}, | |
{ | |
"id": "d8fd42e8-aefa-4547-9eef-e49314076949", | |
"name": "realm-admin", | |
"description": "${role_realm-admin}", | |
"composite": true, | |
"composites": { | |
"client": { | |
"realm-management": [ | |
"manage-users", | |
"view-realm", | |
"manage-identity-providers", | |
"view-identity-providers", | |
"query-groups", | |
"create-client", | |
"manage-events", | |
"view-authorization", | |
"view-users", | |
"manage-clients", | |
"manage-authorization", | |
"query-realms", | |
"query-clients", | |
"view-clients", | |
"impersonation", | |
"view-events", | |
"manage-realm", | |
"query-users" | |
] | |
} | |
}, | |
"clientRole": true, | |
"containerId": "708238f6-e017-4340-8801-75db81cf9b7f", | |
"attributes": {} | |
}, | |
{ | |
"id": "81020359-0582-473a-b507-e541545ecdbf", | |
"name": "view-events", | |
"description": "${role_view-events}", | |
"composite": false, | |
"clientRole": true, | |
"containerId": "708238f6-e017-4340-8801-75db81cf9b7f", | |
"attributes": {} | |
}, | |
{ | |
"id": "6ae95855-07f1-4365-835e-e4021950d9d2", | |
"name": "impersonation", | |
"description": "${role_impersonation}", | |
"composite": false, | |
"clientRole": true, | |
"containerId": "708238f6-e017-4340-8801-75db81cf9b7f", | |
"attributes": {} | |
}, | |
{ | |
"id": "79a0d744-2b85-4192-a4b6-f9211a7464ab", | |
"name": "manage-realm", | |
"description": "${role_manage-realm}", | |
"composite": false, | |
"clientRole": true, | |
"containerId": "708238f6-e017-4340-8801-75db81cf9b7f", | |
"attributes": {} | |
}, | |
{ | |
"id": "18a4e568-63fa-40f9-b496-f44ec7ed2868", | |
"name": "query-users", | |
"description": "${role_query-users}", | |
"composite": false, | |
"clientRole": true, | |
"containerId": "708238f6-e017-4340-8801-75db81cf9b7f", | |
"attributes": {} | |
} | |
], | |
"security-admin-console": [], | |
"kibana-sso": [], | |
"admin-cli": [], | |
"account-console": [], | |
"broker": [ | |
{ | |
"id": "7affa861-fdb4-444c-926f-73f5af84d527", | |
"name": "read-token", | |
"description": "${role_read-token}", | |
"composite": false, | |
"clientRole": true, | |
"containerId": "325749dc-2443-4b4d-a05d-90b1239dea4f", | |
"attributes": {} | |
} | |
], | |
"account": [ | |
{ | |
"id": "1d0c7eea-b2c2-4faa-bd42-5a39d6526198", | |
"name": "manage-consent", | |
"description": "${role_manage-consent}", | |
"composite": true, | |
"composites": { | |
"client": { | |
"account": [ | |
"view-consent" | |
] | |
} | |
}, | |
"clientRole": true, | |
"containerId": "b1de2932-2596-412c-bda3-d9408d759d3f", | |
"attributes": {} | |
}, | |
{ | |
"id": "139b9f73-8ec8-4db3-b2a1-606c155a9d42", | |
"name": "view-consent", | |
"description": "${role_view-consent}", | |
"composite": false, | |
"clientRole": true, | |
"containerId": "b1de2932-2596-412c-bda3-d9408d759d3f", | |
"attributes": {} | |
}, | |
{ | |
"id": "46380579-3c7f-41d0-8591-a761252f55c6", | |
"name": "manage-account", | |
"description": "${role_manage-account}", | |
"composite": true, | |
"composites": { | |
"client": { | |
"account": [ | |
"manage-account-links" | |
] | |
} | |
}, | |
"clientRole": true, | |
"containerId": "b1de2932-2596-412c-bda3-d9408d759d3f", | |
"attributes": {} | |
}, | |
{ | |
"id": "925a5374-f066-47f6-bd36-81dbdb8c4b2a", | |
"name": "manage-account-links", | |
"description": "${role_manage-account-links}", | |
"composite": false, | |
"clientRole": true, | |
"containerId": "b1de2932-2596-412c-bda3-d9408d759d3f", | |
"attributes": {} | |
}, | |
{ | |
"id": "6776aea7-0e08-4208-a8fe-fb49d503e692", | |
"name": "view-applications", | |
"description": "${role_view-applications}", | |
"composite": false, | |
"clientRole": true, | |
"containerId": "b1de2932-2596-412c-bda3-d9408d759d3f", | |
"attributes": {} | |
}, | |
{ | |
"id": "0c9fb8ac-fe60-4121-912a-da3fad7024a5", | |
"name": "view-profile", | |
"description": "${role_view-profile}", | |
"composite": false, | |
"clientRole": true, | |
"containerId": "b1de2932-2596-412c-bda3-d9408d759d3f", | |
"attributes": {} | |
} | |
] | |
} | |
}, | |
"groups": [], | |
"defaultRoles": [ | |
"offline_access", | |
"uma_authorization" | |
], | |
"requiredCredentials": [ | |
"password" | |
], | |
"otpPolicyType": "totp", | |
"otpPolicyAlgorithm": "HmacSHA1", | |
"otpPolicyInitialCounter": 0, | |
"otpPolicyDigits": 6, | |
"otpPolicyLookAheadWindow": 1, | |
"otpPolicyPeriod": 30, | |
"otpSupportedApplications": [ | |
"FreeOTP", | |
"Google Authenticator" | |
], | |
"webAuthnPolicyRpEntityName": "keycloak", | |
"webAuthnPolicySignatureAlgorithms": [ | |
"ES256" | |
], | |
"webAuthnPolicyRpId": "", | |
"webAuthnPolicyAttestationConveyancePreference": "not specified", | |
"webAuthnPolicyAuthenticatorAttachment": "not specified", | |
"webAuthnPolicyRequireResidentKey": "not specified", | |
"webAuthnPolicyUserVerificationRequirement": "not specified", | |
"webAuthnPolicyCreateTimeout": 0, | |
"webAuthnPolicyAvoidSameAuthenticatorRegister": false, | |
"webAuthnPolicyAcceptableAaguids": [], | |
"webAuthnPolicyPasswordlessRpEntityName": "keycloak", | |
"webAuthnPolicyPasswordlessSignatureAlgorithms": [ | |
"ES256" | |
], | |
"webAuthnPolicyPasswordlessRpId": "", | |
"webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", | |
"webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", | |
"webAuthnPolicyPasswordlessRequireResidentKey": "not specified", | |
"webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", | |
"webAuthnPolicyPasswordlessCreateTimeout": 0, | |
"webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, | |
"webAuthnPolicyPasswordlessAcceptableAaguids": [], | |
"scopeMappings": [ | |
{ | |
"clientScope": "offline_access", | |
"roles": [ | |
"offline_access" | |
] | |
} | |
], | |
"clientScopeMappings": { | |
"account": [ | |
{ | |
"client": "account-console", | |
"roles": [ | |
"manage-account" | |
] | |
} | |
] | |
}, | |
"clients": [ | |
{ | |
"id": "b1de2932-2596-412c-bda3-d9408d759d3f", | |
"clientId": "account", | |
"name": "${client_account}", | |
"rootUrl": "${authBaseUrl}", | |
"baseUrl": "/realms/oauth2/account/", | |
"surrogateAuthRequired": false, | |
"enabled": true, | |
"alwaysDisplayInConsole": false, | |
"clientAuthenticatorType": "client-secret", | |
"secret": "**********", | |
"defaultRoles": [ | |
"view-profile", | |
"manage-account" | |
], | |
"redirectUris": [ | |
"/realms/oauth2/account/*" | |
], | |
"webOrigins": [], | |
"notBefore": 0, | |
"bearerOnly": false, | |
"consentRequired": false, | |
"standardFlowEnabled": true, | |
"implicitFlowEnabled": false, | |
"directAccessGrantsEnabled": false, | |
"serviceAccountsEnabled": false, | |
"publicClient": false, | |
"frontchannelLogout": false, | |
"protocol": "openid-connect", | |
"attributes": {}, | |
"authenticationFlowBindingOverrides": {}, | |
"fullScopeAllowed": false, | |
"nodeReRegistrationTimeout": 0, | |
"defaultClientScopes": [ | |
"web-origins", | |
"role_list", | |
"profile", | |
"roles", | |
"email" | |
], | |
"optionalClientScopes": [ | |
"address", | |
"phone", | |
"offline_access", | |
"microprofile-jwt" | |
] | |
}, | |
{ | |
"id": "d0337df2-508c-41d2-aa38-92016af04aa2", | |
"clientId": "account-console", | |
"name": "${client_account-console}", | |
"rootUrl": "${authBaseUrl}", | |
"baseUrl": "/realms/oauth2/account/", | |
"surrogateAuthRequired": false, | |
"enabled": true, | |
"alwaysDisplayInConsole": false, | |
"clientAuthenticatorType": "client-secret", | |
"secret": "**********", | |
"redirectUris": [ | |
"/realms/oauth2/account/*" | |
], | |
"webOrigins": [], | |
"notBefore": 0, | |
"bearerOnly": false, | |
"consentRequired": false, | |
"standardFlowEnabled": true, | |
"implicitFlowEnabled": false, | |
"directAccessGrantsEnabled": false, | |
"serviceAccountsEnabled": false, | |
"publicClient": true, | |
"frontchannelLogout": false, | |
"protocol": "openid-connect", | |
"attributes": { | |
"pkce.code.challenge.method": "S256" | |
}, | |
"authenticationFlowBindingOverrides": {}, | |
"fullScopeAllowed": false, | |
"nodeReRegistrationTimeout": 0, | |
"protocolMappers": [ | |
{ | |
"id": "94108452-1564-4b9a-b477-6f84e81aa058", | |
"name": "audience resolve", | |
"protocol": "openid-connect", | |
"protocolMapper": "oidc-audience-resolve-mapper", | |
"consentRequired": false, | |
"config": {} | |
} | |
], | |
"defaultClientScopes": [ | |
"web-origins", | |
"role_list", | |
"profile", | |
"roles", | |
"email" | |
], | |
"optionalClientScopes": [ | |
"address", | |
"phone", | |
"offline_access", | |
"microprofile-jwt" | |
] | |
}, | |
{ | |
"id": "4a70c262-09ab-4472-8de7-d9103b475f68", | |
"clientId": "admin-cli", | |
"name": "${client_admin-cli}", | |
"surrogateAuthRequired": false, | |
"enabled": true, | |
"alwaysDisplayInConsole": false, | |
"clientAuthenticatorType": "client-secret", | |
"secret": "**********", | |
"redirectUris": [], | |
"webOrigins": [], | |
"notBefore": 0, | |
"bearerOnly": false, | |
"consentRequired": false, | |
"standardFlowEnabled": false, | |
"implicitFlowEnabled": false, | |
"directAccessGrantsEnabled": true, | |
"serviceAccountsEnabled": false, | |
"publicClient": true, | |
"frontchannelLogout": false, | |
"protocol": "openid-connect", | |
"attributes": {}, | |
"authenticationFlowBindingOverrides": {}, | |
"fullScopeAllowed": false, | |
"nodeReRegistrationTimeout": 0, | |
"defaultClientScopes": [ | |
"web-origins", | |
"role_list", | |
"profile", | |
"roles", | |
"email" | |
], | |
"optionalClientScopes": [ | |
"address", | |
"phone", | |
"offline_access", | |
"microprofile-jwt" | |
] | |
}, | |
{ | |
"id": "325749dc-2443-4b4d-a05d-90b1239dea4f", | |
"clientId": "broker", | |
"name": "${client_broker}", | |
"surrogateAuthRequired": false, | |
"enabled": true, | |
"alwaysDisplayInConsole": false, | |
"clientAuthenticatorType": "client-secret", | |
"secret": "**********", | |
"redirectUris": [], | |
"webOrigins": [], | |
"notBefore": 0, | |
"bearerOnly": false, | |
"consentRequired": false, | |
"standardFlowEnabled": true, | |
"implicitFlowEnabled": false, | |
"directAccessGrantsEnabled": false, | |
"serviceAccountsEnabled": false, | |
"publicClient": false, | |
"frontchannelLogout": false, | |
"protocol": "openid-connect", | |
"attributes": {}, | |
"authenticationFlowBindingOverrides": {}, | |
"fullScopeAllowed": false, | |
"nodeReRegistrationTimeout": 0, | |
"defaultClientScopes": [ | |
"web-origins", | |
"role_list", | |
"profile", | |
"roles", | |
"email" | |
], | |
"optionalClientScopes": [ | |
"address", | |
"phone", | |
"offline_access", | |
"microprofile-jwt" | |
] | |
}, | |
{ | |
"id": "821e677e-f046-4743-aae3-b13e787bfbce", | |
"clientId": "kibana-sso", | |
"surrogateAuthRequired": false, | |
"enabled": true, | |
"alwaysDisplayInConsole": false, | |
"clientAuthenticatorType": "client-secret", | |
"secret": "6f7ae385-e1ad-44bf-89e1-1368353efd28", | |
"redirectUris": [ | |
"https://kibana:5601/*" | |
], | |
"webOrigins": [], | |
"notBefore": 0, | |
"bearerOnly": false, | |
"consentRequired": false, | |
"standardFlowEnabled": true, | |
"implicitFlowEnabled": false, | |
"directAccessGrantsEnabled": true, | |
"serviceAccountsEnabled": false, | |
"publicClient": false, | |
"frontchannelLogout": false, | |
"protocol": "openid-connect", | |
"attributes": { | |
"saml.assertion.signature": "false", | |
"saml.force.post.binding": "false", | |
"saml.multivalued.roles": "false", | |
"saml.encrypt": "false", | |
"saml.server.signature": "false", | |
"saml.server.signature.keyinfo.ext": "false", | |
"exclude.session.state.from.auth.response": "false", | |
"saml_force_name_id_format": "false", | |
"saml.client.signature": "false", | |
"tls.client.certificate.bound.access.tokens": "false", | |
"saml.authnstatement": "false", | |
"display.on.consent.screen": "false", | |
"saml.onetimeuse.condition": "false" | |
}, | |
"authenticationFlowBindingOverrides": {}, | |
"fullScopeAllowed": true, | |
"nodeReRegistrationTimeout": -1, | |
"defaultClientScopes": [ | |
"web-origins", | |
"role_list", | |
"profile", | |
"roles", | |
"email" | |
], | |
"optionalClientScopes": [ | |
"address", | |
"phone", | |
"offline_access", | |
"microprofile-jwt" | |
] | |
}, | |
{ | |
"id": "708238f6-e017-4340-8801-75db81cf9b7f", | |
"clientId": "realm-management", | |
"name": "${client_realm-management}", | |
"surrogateAuthRequired": false, | |
"enabled": true, | |
"alwaysDisplayInConsole": false, | |
"clientAuthenticatorType": "client-secret", | |
"secret": "**********", | |
"redirectUris": [], | |
"webOrigins": [], | |
"notBefore": 0, | |
"bearerOnly": true, | |
"consentRequired": false, | |
"standardFlowEnabled": true, | |
"implicitFlowEnabled": false, | |
"directAccessGrantsEnabled": false, | |
"serviceAccountsEnabled": false, | |
"publicClient": false, | |
"frontchannelLogout": false, | |
"protocol": "openid-connect", | |
"attributes": {}, | |
"authenticationFlowBindingOverrides": {}, | |
"fullScopeAllowed": false, | |
"nodeReRegistrationTimeout": 0, | |
"defaultClientScopes": [ | |
"web-origins", | |
"role_list", | |
"profile", | |
"roles", | |
"email" | |
], | |
"optionalClientScopes": [ | |
"address", | |
"phone", | |
"offline_access", | |
"microprofile-jwt" | |
] | |
}, | |
{ | |
"id": "b75d6995-0e57-46b9-8ab6-1c56d9713083", | |
"clientId": "security-admin-console", | |
"name": "${client_security-admin-console}", | |
"rootUrl": "${authAdminUrl}", | |
"baseUrl": "/admin/oauth2/console/", | |
"surrogateAuthRequired": false, | |
"enabled": true, | |
"alwaysDisplayInConsole": false, | |
"clientAuthenticatorType": "client-secret", | |
"secret": "**********", | |
"redirectUris": [ | |
"/admin/oauth2/console/*" | |
], | |
"webOrigins": [ | |
"+" | |
], | |
"notBefore": 0, | |
"bearerOnly": false, | |
"consentRequired": false, | |
"standardFlowEnabled": true, | |
"implicitFlowEnabled": false, | |
"directAccessGrantsEnabled": false, | |
"serviceAccountsEnabled": false, | |
"publicClient": true, | |
"frontchannelLogout": false, | |
"protocol": "openid-connect", | |
"attributes": { | |
"pkce.code.challenge.method": "S256" | |
}, | |
"authenticationFlowBindingOverrides": {}, | |
"fullScopeAllowed": false, | |
"nodeReRegistrationTimeout": 0, | |
"protocolMappers": [ | |
{ | |
"id": "e50e9a19-7db1-445d-8493-cabd9d1c7c3e", | |
"name": "locale", | |
"protocol": "openid-connect", | |
"protocolMapper": "oidc-usermodel-attribute-mapper", | |
"consentRequired": false, | |
"config": { | |
"userinfo.token.claim": "true", | |
"user.attribute": "locale", | |
"id.token.claim": "true", | |
"access.token.claim": "true", | |
"claim.name": "locale", | |
"jsonType.label": "String" | |
} | |
} | |
], | |
"defaultClientScopes": [ | |
"web-origins", | |
"role_list", | |
"profile", | |
"roles", | |
"email" | |
], | |
"optionalClientScopes": [ | |
"address", | |
"phone", | |
"offline_access", | |
"microprofile-jwt" | |
] | |
} | |
], | |
"clientScopes": [ | |
{ | |
"id": "40ed2a10-f177-4fcc-9a0a-a52866517a88", | |
"name": "address", | |
"description": "OpenID Connect built-in scope: address", | |
"protocol": "openid-connect", | |
"attributes": { | |
"include.in.token.scope": "true", | |
"display.on.consent.screen": "true", | |
"consent.screen.text": "${addressScopeConsentText}" | |
}, | |
"protocolMappers": [ | |
{ | |
"id": "0dfb1649-fdcf-4d63-902c-9d14468e6916", | |
"name": "address", | |
"protocol": "openid-connect", | |
"protocolMapper": "oidc-address-mapper", | |
"consentRequired": false, | |
"config": { | |
"user.attribute.formatted": "formatted", | |
"user.attribute.country": "country", | |
"user.attribute.postal_code": "postal_code", | |
"userinfo.token.claim": "true", | |
"user.attribute.street": "street", | |
"id.token.claim": "true", | |
"user.attribute.region": "region", | |
"access.token.claim": "true", | |
"user.attribute.locality": "locality" | |
} | |
} | |
] | |
}, | |
{ | |
"id": "79cc3317-d690-4f0b-9a65-d6ede3dcad73", | |
"name": "email", | |
"description": "OpenID Connect built-in scope: email", | |
"protocol": "openid-connect", | |
"attributes": { | |
"include.in.token.scope": "true", | |
"display.on.consent.screen": "true", | |
"consent.screen.text": "${emailScopeConsentText}" | |
}, | |
"protocolMappers": [ | |
{ | |
"id": "33419616-e8b3-404a-960a-3fec42c8ebb5", | |
"name": "email verified", | |
"protocol": "openid-connect", | |
"protocolMapper": "oidc-usermodel-property-mapper", | |
"consentRequired": false, | |
"config": { | |
"userinfo.token.claim": "true", | |
"user.attribute": "emailVerified", | |
"id.token.claim": "true", | |
"access.token.claim": "true", | |
"claim.name": "email_verified", | |
"jsonType.label": "boolean" | |
} | |
}, | |
{ | |
"id": "5b33c16c-2b66-469c-b40f-42f78120a2db", | |
"name": "email", | |
"protocol": "openid-connect", | |
"protocolMapper": "oidc-usermodel-property-mapper", | |
"consentRequired": false, | |
"config": { | |
"userinfo.token.claim": "true", | |
"user.attribute": "email", | |
"id.token.claim": "true", | |
"access.token.claim": "true", | |
"claim.name": "email", | |
"jsonType.label": "String" | |
} | |
} | |
] | |
}, | |
{ | |
"id": "e9687a5d-e81b-4ee2-9d03-827afe13986a", | |
"name": "microprofile-jwt", | |
"description": "Microprofile - JWT built-in scope", | |
"protocol": "openid-connect", | |
"attributes": { | |
"include.in.token.scope": "true", | |
"display.on.consent.screen": "false" | |
}, | |
"protocolMappers": [ | |
{ | |
"id": "71504622-8101-4464-afb7-8d70961278d7", | |
"name": "upn", | |
"protocol": "openid-connect", | |
"protocolMapper": "oidc-usermodel-property-mapper", | |
"consentRequired": false, | |
"config": { | |
"userinfo.token.claim": "true", | |
"user.attribute": "username", | |
"id.token.claim": "true", | |
"access.token.claim": "true", | |
"claim.name": "upn", | |
"jsonType.label": "String" | |
} | |
}, | |
{ | |
"id": "8ae586f0-d9df-4979-966c-24d182282cab", | |
"name": "groups", | |
"protocol": "openid-connect", | |
"protocolMapper": "oidc-usermodel-realm-role-mapper", | |
"consentRequired": false, | |
"config": { | |
"multivalued": "true", | |
"user.attribute": "foo", | |
"id.token.claim": "true", | |
"access.token.claim": "true", | |
"claim.name": "groups", | |
"jsonType.label": "String" | |
} | |
} | |
] | |
}, | |
{ | |
"id": "92984543-1d57-4d35-bc03-86185289a7f8", | |
"name": "offline_access", | |
"description": "OpenID Connect built-in scope: offline_access", | |
"protocol": "openid-connect", | |
"attributes": { | |
"consent.screen.text": "${offlineAccessScopeConsentText}", | |
"display.on.consent.screen": "true" | |
} | |
}, | |
{ | |
"id": "e460010c-7737-4e85-b5cb-338a0a6f92a5", | |
"name": "phone", | |
"description": "OpenID Connect built-in scope: phone", | |
"protocol": "openid-connect", | |
"attributes": { | |
"include.in.token.scope": "true", | |
"display.on.consent.screen": "true", | |
"consent.screen.text": "${phoneScopeConsentText}" | |
}, | |
"protocolMappers": [ | |
{ | |
"id": "5b6911c7-d223-43ea-a689-dbac741426a4", | |
"name": "phone number verified", | |
"protocol": "openid-connect", | |
"protocolMapper": "oidc-usermodel-attribute-mapper", | |
"consentRequired": false, | |
"config": { | |
"userinfo.token.claim": "true", | |
"user.attribute": "phoneNumberVerified", | |
"id.token.claim": "true", | |
"access.token.claim": "true", | |
"claim.name": "phone_number_verified", | |
"jsonType.label": "boolean" | |
} | |
}, | |
{ | |
"id": "ec102341-baac-41d8-a698-906d58f0bc7e", | |
"name": "phone number", | |
"protocol": "openid-connect", | |
"protocolMapper": "oidc-usermodel-attribute-mapper", | |
"consentRequired": false, | |
"config": { | |
"userinfo.token.claim": "true", | |
"user.attribute": "phoneNumber", | |
"id.token.claim": "true", | |
"access.token.claim": "true", | |
"claim.name": "phone_number", | |
"jsonType.label": "String" | |
} | |
} | |
] | |
}, | |
{ | |
"id": "6d2e1fd1-ae15-481d-9761-cdcc958e0ed4", | |
"name": "profile", | |
"description": "OpenID Connect built-in scope: profile", | |
"protocol": "openid-connect", | |
"attributes": { | |
"include.in.token.scope": "true", | |
"display.on.consent.screen": "true", | |
"consent.screen.text": "${profileScopeConsentText}" | |
}, | |
"protocolMappers": [ | |
{ | |
"id": "1c37bc91-aaf1-4a4c-b613-d178bb465e3e", | |
"name": "username", | |
"protocol": "openid-connect", | |
"protocolMapper": "oidc-usermodel-property-mapper", | |
"consentRequired": false, | |
"config": { | |
"userinfo.token.claim": "true", | |
"user.attribute": "username", | |
"id.token.claim": "true", | |
"access.token.claim": "true", | |
"claim.name": "preferred_username", | |
"jsonType.label": "String" | |
} | |
}, | |
{ | |
"id": "7d281e72-5a25-4599-9196-b5c70f27c09d", | |
"name": "website", | |
"protocol": "openid-connect", | |
"protocolMapper": "oidc-usermodel-attribute-mapper", | |
"consentRequired": false, | |
"config": { | |
"userinfo.token.claim": "true", | |
"user.attribute": "website", | |
"id.token.claim": "true", | |
"access.token.claim": "true", | |
"claim.name": "website", | |
"jsonType.label": "String" | |
} | |
}, | |
{ | |
"id": "51d26638-7e61-433d-bcea-44528066de47", | |
"name": "birthdate", | |
"protocol": "openid-connect", | |
"protocolMapper": "oidc-usermodel-attribute-mapper", | |
"consentRequired": false, | |
"config": { | |
"userinfo.token.claim": "true", | |
"user.attribute": "birthdate", | |
"id.token.claim": "true", | |
"access.token.claim": "true", | |
"claim.name": "birthdate", | |
"jsonType.label": "String" | |
} | |
}, | |
{ | |
"id": "d209c2c1-515a-491c-bf9e-afdbdcfcac0e", | |
"name": "given name", | |
"protocol": "openid-connect", | |
"protocolMapper": "oidc-usermodel-property-mapper", | |
"consentRequired": false, | |
"config": { | |
"userinfo.token.claim": "true", | |
"user.attribute": "firstName", | |
"id.token.claim": "true", | |
"access.token.claim": "true", | |
"claim.name": "given_name", | |
"jsonType.label": "String" | |
} | |
}, | |
{ | |
"id": "45862a33-9351-4255-823e-a605de891cda", | |
"name": "locale", | |
"protocol": "openid-connect", | |
"protocolMapper": "oidc-usermodel-attribute-mapper", | |
"consentRequired": false, | |
"config": { | |
"userinfo.token.claim": "true", | |
"user.attribute": "locale", | |
"id.token.claim": "true", | |
"access.token.claim": "true", | |
"claim.name": "locale", | |
"jsonType.label": "String" | |
} | |
}, | |
{ | |
"id": "7a0cd1c0-ce59-47cd-9eea-66e89efbdf55", | |
"name": "middle name", | |
"protocol": "openid-connect", | |
"protocolMapper": "oidc-usermodel-attribute-mapper", | |
"consentRequired": false, | |
"config": { | |
"userinfo.token.claim": "true", | |
"user.attribute": "middleName", | |
"id.token.claim": "true", | |
"access.token.claim": "true", | |
"claim.name": "middle_name", | |
"jsonType.label": "String" | |
} | |
}, | |
{ | |
"id": "4286f1cc-293c-4475-a2d1-441b86c6e5a7", | |
"name": "updated at", | |
"protocol": "openid-connect", | |
"protocolMapper": "oidc-usermodel-attribute-mapper", | |
"consentRequired": false, | |
"config": { | |
"userinfo.token.claim": "true", | |
"user.attribute": "updatedAt", | |
"id.token.claim": "true", | |
"access.token.claim": "true", | |
"claim.name": "updated_at", | |
"jsonType.label": "String" | |
} | |
}, | |
{ | |
"id": "d75e0f03-d6dc-48a3-b52d-f562c63af58c", | |
"name": "profile", | |
"protocol": "openid-connect", | |
"protocolMapper": "oidc-usermodel-attribute-mapper", | |
"consentRequired": false, | |
"config": { | |
"userinfo.token.claim": "true", | |
"user.attribute": "profile", | |
"id.token.claim": "true", | |
"access.token.claim": "true", | |
"claim.name": "profile", | |
"jsonType.label": "String" | |
} | |
}, | |
{ | |
"id": "805fdd94-db2a-433b-9890-4ff47c5b1473", | |
"name": "zoneinfo", | |
"protocol": "openid-connect", | |
"protocolMapper": "oidc-usermodel-attribute-mapper", | |
"consentRequired": false, | |
"config": { | |
"userinfo.token.claim": "true", | |
"user.attribute": "zoneinfo", | |
"id.token.claim": "true", | |
"access.token.claim": "true", | |
"claim.name": "zoneinfo", | |
"jsonType.label": "String" | |
} | |
}, | |
{ | |
"id": "868d1cb8-145d-4230-af7f-3b838e5c8123", | |
"name": "picture", | |
"protocol": "openid-connect", | |
"protocolMapper": "oidc-usermodel-attribute-mapper", | |
"consentRequired": false, | |
"config": { | |
"userinfo.token.claim": "true", | |
"user.attribute": "picture", | |
"id.token.claim": "true", | |
"access.token.claim": "true", | |
"claim.name": "picture", | |
"jsonType.label": "String" | |
} | |
}, | |
{ | |
"id": "1916057a-8060-46c7-884b-9280cf60794f", | |
"name": "family name", | |
"protocol": "openid-connect", | |
"protocolMapper": "oidc-usermodel-property-mapper", | |
"consentRequired": false, | |
"config": { | |
"userinfo.token.claim": "true", | |
"user.attribute": "lastName", | |
"id.token.claim": "true", | |
"access.token.claim": "true", | |
"claim.name": "family_name", | |
"jsonType.label": "String" | |
} | |
}, | |
{ | |
"id": "23e06868-7b06-49e6-9e10-34127aaab5a6", | |
"name": "full name", | |
"protocol": "openid-connect", | |
"protocolMapper": "oidc-full-name-mapper", | |
"consentRequired": false, | |
"config": { | |
"id.token.claim": "true", | |
"access.token.claim": "true", | |
"userinfo.token.claim": "true" | |
} | |
}, | |
{ | |
"id": "d8746e45-1ed4-4545-a178-cc420420197a", | |
"name": "nickname", | |
"protocol": "openid-connect", | |
"protocolMapper": "oidc-usermodel-attribute-mapper", | |
"consentRequired": false, | |
"config": { | |
"userinfo.token.claim": "true", | |
"user.attribute": "nickname", | |
"id.token.claim": "true", | |
"access.token.claim": "true", | |
"claim.name": "nickname", | |
"jsonType.label": "String" | |
} | |
}, | |
{ | |
"id": "5a090870-4acd-4bd7-a055-4e346779ea43", | |
"name": "gender", | |
"protocol": "openid-connect", | |
"protocolMapper": "oidc-usermodel-attribute-mapper", | |
"consentRequired": false, | |
"config": { | |
"userinfo.token.claim": "true", | |
"user.attribute": "gender", | |
"id.token.claim": "true", | |
"access.token.claim": "true", | |
"claim.name": "gender", | |
"jsonType.label": "String" | |
} | |
} | |
] | |
}, | |
{ | |
"id": "57f0ccb8-ced7-47d9-b4ec-0f831c9b5efe", | |
"name": "role_list", | |
"description": "SAML role list", | |
"protocol": "saml", | |
"attributes": { | |
"consent.screen.text": "${samlRoleListScopeConsentText}", | |
"display.on.consent.screen": "true" | |
}, | |
"protocolMappers": [ | |
{ | |
"id": "eea1ff68-0954-4998-a734-6c9a19cf4746", | |
"name": "role list", | |
"protocol": "saml", | |
"protocolMapper": "saml-role-list-mapper", | |
"consentRequired": false, | |
"config": { | |
"single": "false", | |
"attribute.nameformat": "Basic", | |
"attribute.name": "Role" | |
} | |
} | |
] | |
}, | |
{ | |
"id": "b672bc42-9228-4a61-a5d7-b8df186f7c80", | |
"name": "roles", | |
"description": "OpenID Connect scope for add user roles to the access token", | |
"protocol": "openid-connect", | |
"attributes": { | |
"include.in.token.scope": "false", | |
"display.on.consent.screen": "true", | |
"consent.screen.text": "${rolesScopeConsentText}" | |
}, | |
"protocolMappers": [ | |
{ | |
"id": "bc441921-9e8f-443e-bb93-d4c3162ba258", | |
"name": "realm roles", | |
"protocol": "openid-connect", | |
"protocolMapper": "oidc-usermodel-realm-role-mapper", | |
"consentRequired": false, | |
"config": { | |
"multivalued": "true", | |
"user.attribute": "foo", | |
"access.token.claim": "true", | |
"claim.name": "realm_access.roles", | |
"jsonType.label": "String" | |
} | |
}, | |
{ | |
"id": "a5c037db-930f-4a98-bc27-51253aac9278", | |
"name": "client roles", | |
"protocol": "openid-connect", | |
"protocolMapper": "oidc-usermodel-client-role-mapper", | |
"consentRequired": false, | |
"config": { | |
"multivalued": "true", | |
"user.attribute": "foo", | |
"access.token.claim": "true", | |
"claim.name": "resource_access.${client_id}.roles", | |
"jsonType.label": "String" | |
} | |
}, | |
{ | |
"id": "b5037622-f190-46bd-871b-342aa4ff27cb", | |
"name": "audience resolve", | |
"protocol": "openid-connect", | |
"protocolMapper": "oidc-audience-resolve-mapper", | |
"consentRequired": false, | |
"config": {} | |
} | |
] | |
}, | |
{ | |
"id": "b29118a0-75fa-48c4-bc63-543581560c7f", | |
"name": "web-origins", | |
"description": "OpenID Connect scope for add allowed web origins to the access token", | |
"protocol": "openid-connect", | |
"attributes": { | |
"include.in.token.scope": "false", | |
"display.on.consent.screen": "false", | |
"consent.screen.text": "" | |
}, | |
"protocolMappers": [ | |
{ | |
"id": "2c5dd8ac-b2ee-4fb9-aefb-703644a1f1f4", | |
"name": "allowed web origins", | |
"protocol": "openid-connect", | |
"protocolMapper": "oidc-allowed-origins-mapper", | |
"consentRequired": false, | |
"config": {} | |
} | |
] | |
} | |
], | |
"defaultDefaultClientScopes": [ | |
"role_list", | |
"profile", | |
"email", | |
"web-origins", | |
"roles" | |
], | |
"defaultOptionalClientScopes": [ | |
"address", | |
"offline_access", | |
"phone", | |
"microprofile-jwt" | |
], | |
"browserSecurityHeaders": { | |
"contentSecurityPolicyReportOnly": "", | |
"xContentTypeOptions": "nosniff", | |
"xRobotsTag": "none", | |
"xFrameOptions": "SAMEORIGIN", | |
"contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", | |
"xXSSProtection": "1; mode=block", | |
"strictTransportSecurity": "max-age=31536000; includeSubDomains" | |
}, | |
"smtpServer": {}, | |
"eventsEnabled": false, | |
"eventsListeners": [ | |
"jboss-logging" | |
], | |
"enabledEventTypes": [], | |
"adminEventsEnabled": false, | |
"adminEventsDetailsEnabled": false, | |
"components": { | |
"org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ | |
{ | |
"id": "ed954090-5ba7-41ba-ac3b-88f7df63d846", | |
"name": "Full Scope Disabled", | |
"providerId": "scope", | |
"subType": "anonymous", | |
"subComponents": {}, | |
"config": {} | |
}, | |
{ | |
"id": "729418d3-d88c-4c4e-a4f3-19e1c114bfdc", | |
"name": "Consent Required", | |
"providerId": "consent-required", | |
"subType": "anonymous", | |
"subComponents": {}, | |
"config": {} | |
}, | |
{ | |
"id": "fc9eb7d0-6629-4f13-805d-386687744523", | |
"name": "Max Clients Limit", | |
"providerId": "max-clients", | |
"subType": "anonymous", | |
"subComponents": {}, | |
"config": { | |
"max-clients": [ | |
"200" | |
] | |
} | |
}, | |
{ | |
"id": "2c6414ce-dcc9-4cc4-8890-dca360541437", | |
"name": "Allowed Protocol Mapper Types", | |
"providerId": "allowed-protocol-mappers", | |
"subType": "anonymous", | |
"subComponents": {}, | |
"config": { | |
"allowed-protocol-mapper-types": [ | |
"oidc-full-name-mapper", | |
"oidc-sha256-pairwise-sub-mapper", | |
"oidc-usermodel-property-mapper", | |
"saml-role-list-mapper", | |
"oidc-address-mapper", | |
"saml-user-property-mapper", | |
"saml-user-attribute-mapper", | |
"oidc-usermodel-attribute-mapper" | |
] | |
} | |
}, | |
{ | |
"id": "8dae4e42-0678-4bca-9285-b07bffd2ed9d", | |
"name": "Allowed Protocol Mapper Types", | |
"providerId": "allowed-protocol-mappers", | |
"subType": "authenticated", | |
"subComponents": {}, | |
"config": { | |
"allowed-protocol-mapper-types": [ | |
"saml-user-attribute-mapper", | |
"oidc-full-name-mapper", | |
"oidc-address-mapper", | |
"saml-role-list-mapper", | |
"oidc-usermodel-attribute-mapper", | |
"oidc-sha256-pairwise-sub-mapper", | |
"saml-user-property-mapper", | |
"oidc-usermodel-property-mapper" | |
] | |
} | |
}, | |
{ | |
"id": "b2bc3318-27f7-402a-baf2-2d96cd9c74a3", | |
"name": "Trusted Hosts", | |
"providerId": "trusted-hosts", | |
"subType": "anonymous", | |
"subComponents": {}, | |
"config": { | |
"host-sending-registration-request-must-match": [ | |
"true" | |
], | |
"client-uris-must-match": [ | |
"true" | |
] | |
} | |
}, | |
{ | |
"id": "e44da897-b514-42b2-9eb0-723d1556b051", | |
"name": "Allowed Client Scopes", | |
"providerId": "allowed-client-templates", | |
"subType": "anonymous", | |
"subComponents": {}, | |
"config": { | |
"allow-default-scopes": [ | |
"true" | |
] | |
} | |
}, | |
{ | |
"id": "18b85480-45f5-45d7-8237-835d7ace1e0f", | |
"name": "Allowed Client Scopes", | |
"providerId": "allowed-client-templates", | |
"subType": "authenticated", | |
"subComponents": {}, | |
"config": { | |
"allow-default-scopes": [ | |
"true" | |
] | |
} | |
} | |
], | |
"org.keycloak.keys.KeyProvider": [ | |
{ | |
"id": "d8bc4960-cef0-4235-82cb-f149e3ba2804", | |
"name": "hmac-generated", | |
"providerId": "hmac-generated", | |
"subComponents": {}, | |
"config": { | |
"priority": [ | |
"100" | |
], | |
"algorithm": [ | |
"HS256" | |
] | |
} | |
}, | |
{ | |
"id": "da6cfa08-427f-499d-9b4d-43c8b8d34cbb", | |
"name": "rsa-generated", | |
"providerId": "rsa-generated", | |
"subComponents": {}, | |
"config": { | |
"priority": [ | |
"100" | |
] | |
} | |
}, | |
{ | |
"id": "1adae1ee-0010-4ccb-a9de-dc0f0fb78d8b", | |
"name": "aes-generated", | |
"providerId": "aes-generated", | |
"subComponents": {}, | |
"config": { | |
"priority": [ | |
"100" | |
] | |
} | |
} | |
] | |
}, | |
"internationalizationEnabled": false, | |
"supportedLocales": [], | |
"authenticationFlows": [ | |
{ | |
"id": "3e6adee2-88c6-4492-9a53-cf5c5de4f883", | |
"alias": "Account verification options", | |
"description": "Method with which to verity the existing account", | |
"providerId": "basic-flow", | |
"topLevel": false, | |
"builtIn": true, | |
"authenticationExecutions": [ | |
{ | |
"authenticator": "idp-email-verification", | |
"requirement": "ALTERNATIVE", | |
"priority": 10, | |
"userSetupAllowed": false, | |
"autheticatorFlow": false | |
}, | |
{ | |
"requirement": "ALTERNATIVE", | |
"priority": 20, | |
"flowAlias": "Verify Existing Account by Re-authentication", | |
"userSetupAllowed": false, | |
"autheticatorFlow": true | |
} | |
] | |
}, | |
{ | |
"id": "7ed053ae-aaa4-407f-b381-c8acc92c8b0b", | |
"alias": "Authentication Options", | |
"description": "Authentication options.", | |
"providerId": "basic-flow", | |
"topLevel": false, | |
"builtIn": true, | |
"authenticationExecutions": [ | |
{ | |
"authenticator": "basic-auth", | |
"requirement": "REQUIRED", | |
"priority": 10, | |
"userSetupAllowed": false, | |
"autheticatorFlow": false | |
}, | |
{ | |
"authenticator": "basic-auth-otp", | |
"requirement": "DISABLED", | |
"priority": 20, | |
"userSetupAllowed": false, | |
"autheticatorFlow": false | |
}, | |
{ | |
"authenticator": "auth-spnego", | |
"requirement": "DISABLED", | |
"priority": 30, | |
"userSetupAllowed": false, | |
"autheticatorFlow": false | |
} | |
] | |
}, | |
{ | |
"id": "3854ff10-dd36-4902-ba78-0386398ef6d1", | |
"alias": "Browser - Conditional OTP", | |
"description": "Flow to determine if the OTP is required for the authentication", | |
"providerId": "basic-flow", | |
"topLevel": false, | |
"builtIn": true, | |
"authenticationExecutions": [ | |
{ | |
"authenticator": "conditional-user-configured", | |
"requirement": "REQUIRED", | |
"priority": 10, | |
"userSetupAllowed": false, | |
"autheticatorFlow": false | |
}, | |
{ | |
"authenticator": "auth-otp-form", | |
"requirement": "REQUIRED", | |
"priority": 20, | |
"userSetupAllowed": false, | |
"autheticatorFlow": false | |
} | |
] | |
}, | |
{ | |
"id": "9e5373da-ffcc-4502-9fba-a02bcb821b68", | |
"alias": "Direct Grant - Conditional OTP", | |
"description": "Flow to determine if the OTP is required for the authentication", | |
"providerId": "basic-flow", | |
"topLevel": false, | |
"builtIn": true, | |
"authenticationExecutions": [ | |
{ | |
"authenticator": "conditional-user-configured", | |
"requirement": "REQUIRED", | |
"priority": 10, | |
"userSetupAllowed": false, | |
"autheticatorFlow": false | |
}, | |
{ | |
"authenticator": "direct-grant-validate-otp", | |
"requirement": "REQUIRED", | |
"priority": 20, | |
"userSetupAllowed": false, | |
"autheticatorFlow": false | |
} | |
] | |
}, | |
{ | |
"id": "005a8d4a-f1ec-407f-87b8-beb4f31ccafa", | |
"alias": "First broker login - Conditional OTP", | |
"description": "Flow to determine if the OTP is required for the authentication", | |
"providerId": "basic-flow", | |
"topLevel": false, | |
"builtIn": true, | |
"authenticationExecutions": [ | |
{ | |
"authenticator": "conditional-user-configured", | |
"requirement": "REQUIRED", | |
"priority": 10, | |
"userSetupAllowed": false, | |
"autheticatorFlow": false | |
}, | |
{ | |
"authenticator": "auth-otp-form", | |
"requirement": "REQUIRED", | |
"priority": 20, | |
"userSetupAllowed": false, | |
"autheticatorFlow": false | |
} | |
] | |
}, | |
{ | |
"id": "f2e2053b-61f5-4097-95df-a16696d509ad", | |
"alias": "Handle Existing Account", | |
"description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", | |
"providerId": "basic-flow", | |
"topLevel": false, | |
"builtIn": true, | |
"authenticationExecutions": [ | |
{ | |
"authenticator": "idp-confirm-link", | |
"requirement": "REQUIRED", | |
"priority": 10, | |
"userSetupAllowed": false, | |
"autheticatorFlow": false | |
}, | |
{ | |
"requirement": "REQUIRED", | |
"priority": 20, | |
"flowAlias": "Account verification options", | |
"userSetupAllowed": false, | |
"autheticatorFlow": true | |
} | |
] | |
}, | |
{ | |
"id": "a3e41bfd-b34d-4d0d-a82c-613f46f26ad6", | |
"alias": "Reset - Conditional OTP", | |
"description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", | |
"providerId": "basic-flow", | |
"topLevel": false, | |
"builtIn": true, | |
"authenticationExecutions": [ | |
{ | |
"authenticator": "conditional-user-configured", | |
"requirement": "REQUIRED", | |
"priority": 10, | |
"userSetupAllowed": false, | |
"autheticatorFlow": false | |
}, | |
{ | |
"authenticator": "reset-otp", | |
"requirement": "REQUIRED", | |
"priority": 20, | |
"userSetupAllowed": false, | |
"autheticatorFlow": false | |
} | |
] | |
}, | |
{ | |
"id": "f2f686e2-a9e4-4a59-9ffe-d4a7c7bd94ca", | |
"alias": "User creation or linking", | |
"description": "Flow for the existing/non-existing user alternatives", | |
"providerId": "basic-flow", | |
"topLevel": false, | |
"builtIn": true, | |
"authenticationExecutions": [ | |
{ | |
"authenticatorConfig": "create unique user config", | |
"authenticator": "idp-create-user-if-unique", | |
"requirement": "ALTERNATIVE", | |
"priority": 10, | |
"userSetupAllowed": false, | |
"autheticatorFlow": false | |
}, | |
{ | |
"requirement": "ALTERNATIVE", | |
"priority": 20, | |
"flowAlias": "Handle Existing Account", | |
"userSetupAllowed": false, | |
"autheticatorFlow": true | |
} | |
] | |
}, | |
{ | |
"id": "88e01e53-0fca-44d6-8914-36853a6fff74", | |
"alias": "Verify Existing Account by Re-authentication", | |
"description": "Reauthentication of existing account", | |
"providerId": "basic-flow", | |
"topLevel": false, | |
"builtIn": true, | |
"authenticationExecutions": [ | |
{ | |
"authenticator": "idp-username-password-form", | |
"requirement": "REQUIRED", | |
"priority": 10, | |
"userSetupAllowed": false, | |
"autheticatorFlow": false | |
}, | |
{ | |
"requirement": "CONDITIONAL", | |
"priority": 20, | |
"flowAlias": "First broker login - Conditional OTP", | |
"userSetupAllowed": false, | |
"autheticatorFlow": true | |
} | |
] | |
}, | |
{ | |
"id": "d382e445-b639-454c-a58c-5795b41db39e", | |
"alias": "browser", | |
"description": "browser based authentication", | |
"providerId": "basic-flow", | |
"topLevel": true, | |
"builtIn": true, | |
"authenticationExecutions": [ | |
{ | |
"authenticator": "auth-cookie", | |
"requirement": "ALTERNATIVE", | |
"priority": 10, | |
"userSetupAllowed": false, | |
"autheticatorFlow": false | |
}, | |
{ | |
"authenticator": "auth-spnego", | |
"requirement": "DISABLED", | |
"priority": 20, | |
"userSetupAllowed": false, | |
"autheticatorFlow": false | |
}, | |
{ | |
"authenticator": "identity-provider-redirector", | |
"requirement": "ALTERNATIVE", | |
"priority": 25, | |
"userSetupAllowed": false, | |
"autheticatorFlow": false | |
}, | |
{ | |
"requirement": "ALTERNATIVE", | |
"priority": 30, | |
"flowAlias": "forms", | |
"userSetupAllowed": false, | |
"autheticatorFlow": true | |
} | |
] | |
}, | |
{ | |
"id": "c42b9daf-4157-4ee1-8a65-76df7e20ef5e", | |
"alias": "clients", | |
"description": "Base authentication for clients", | |
"providerId": "client-flow", | |
"topLevel": true, | |
"builtIn": true, | |
"authenticationExecutions": [ | |
{ | |
"authenticator": "client-secret", | |
"requirement": "ALTERNATIVE", | |
"priority": 10, | |
"userSetupAllowed": false, | |
"autheticatorFlow": false | |
}, | |
{ | |
"authenticator": "client-jwt", | |
"requirement": "ALTERNATIVE", | |
"priority": 20, | |
"userSetupAllowed": false, | |
"autheticatorFlow": false | |
}, | |
{ | |
"authenticator": "client-secret-jwt", | |
"requirement": "ALTERNATIVE", | |
"priority": 30, | |
"userSetupAllowed": false, | |
"autheticatorFlow": false | |
}, | |
{ | |
"authenticator": "client-x509", | |
"requirement": "ALTERNATIVE", | |
"priority": 40, | |
"userSetupAllowed": false, | |
"autheticatorFlow": false | |
} | |
] | |
}, | |
{ | |
"id": "238770e1-230b-414b-a0fc-0dd7f8108874", | |
"alias": "direct grant", | |
"description": "OpenID Connect Resource Owner Grant", | |
"providerId": "basic-flow", | |
"topLevel": true, | |
"builtIn": true, | |
"authenticationExecutions": [ | |
{ | |
"authenticator": "direct-grant-validate-username", | |
"requirement": "REQUIRED", | |
"priority": 10, | |
"userSetupAllowed": false, | |
"autheticatorFlow": false | |
}, | |
{ | |
"authenticator": "direct-grant-validate-password", | |
"requirement": "REQUIRED", | |
"priority": 20, | |
"userSetupAllowed": false, | |
"autheticatorFlow": false | |
}, | |
{ | |
"requirement": "CONDITIONAL", | |
"priority": 30, | |
"flowAlias": "Direct Grant - Conditional OTP", | |
"userSetupAllowed": false, | |
"autheticatorFlow": true | |
} | |
] | |
}, | |
{ | |
"id": "30607748-fb41-401f-868f-5970749f8305", | |
"alias": "docker auth", | |
"description": "Used by Docker clients to authenticate against the IDP", | |
"providerId": "basic-flow", | |
"topLevel": true, | |
"builtIn": true, | |
"authenticationExecutions": [ | |
{ | |
"authenticator": "docker-http-basic-authenticator", | |
"requirement": "REQUIRED", | |
"priority": 10, | |
"userSetupAllowed": false, | |
"autheticatorFlow": false | |
} | |
] | |
}, | |
{ | |
"id": "bc428445-a78f-42ab-98b8-e152b9a11776", | |
"alias": "first broker login", | |
"description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", | |
"providerId": "basic-flow", | |
"topLevel": true, | |
"builtIn": true, | |
"authenticationExecutions": [ | |
{ | |
"authenticatorConfig": "review profile config", | |
"authenticator": "idp-review-profile", | |
"requirement": "REQUIRED", | |
"priority": 10, | |
"userSetupAllowed": false, | |
"autheticatorFlow": false | |
}, | |
{ | |
"requirement": "REQUIRED", | |
"priority": 20, | |
"flowAlias": "User creation or linking", | |
"userSetupAllowed": false, | |
"autheticatorFlow": true | |
} | |
] | |
}, | |
{ | |
"id": "dab0ca2f-f9e0-43e1-a6b7-c38b5cc3ffa0", | |
"alias": "forms", | |
"description": "Username, password, otp and other auth forms.", | |
"providerId": "basic-flow", | |
"topLevel": false, | |
"builtIn": true, | |
"authenticationExecutions": [ | |
{ | |
"authenticator": "auth-username-password-form", | |
"requirement": "REQUIRED", | |
"priority": 10, | |
"userSetupAllowed": false, | |
"autheticatorFlow": false | |
}, | |
{ | |
"requirement": "CONDITIONAL", | |
"priority": 20, | |
"flowAlias": "Browser - Conditional OTP", | |
"userSetupAllowed": false, | |
"autheticatorFlow": true | |
} | |
] | |
}, | |
{ | |
"id": "ca898a0d-b294-4b9c-b17f-57e503110b5b", | |
"alias": "http challenge", | |
"description": "An authentication flow based on challenge-response HTTP Authentication Schemes", | |
"providerId": "basic-flow", | |
"topLevel": true, | |
"builtIn": true, | |
"authenticationExecutions": [ | |
{ | |
"authenticator": "no-cookie-redirect", | |
"requirement": "REQUIRED", | |
"priority": 10, | |
"userSetupAllowed": false, | |
"autheticatorFlow": false | |
}, | |
{ | |
"requirement": "REQUIRED", | |
"priority": 20, | |
"flowAlias": "Authentication Options", | |
"userSetupAllowed": false, | |
"autheticatorFlow": true | |
} | |
] | |
}, | |
{ | |
"id": "9f0f3a4b-c07d-4a3d-a938-a9ba2ba5bee9", | |
"alias": "registration", | |
"description": "registration flow", | |
"providerId": "basic-flow", | |
"topLevel": true, | |
"builtIn": true, | |
"authenticationExecutions": [ | |
{ | |
"authenticator": "registration-page-form", | |
"requirement": "REQUIRED", | |
"priority": 10, | |
"flowAlias": "registration form", | |
"userSetupAllowed": false, | |
"autheticatorFlow": true | |
} | |
] | |
}, | |
{ | |
"id": "a273ef41-7460-4742-a72c-ddc8d4331424", | |
"alias": "registration form", | |
"description": "registration form", | |
"providerId": "form-flow", | |
"topLevel": false, | |
"builtIn": true, | |
"authenticationExecutions": [ | |
{ | |
"authenticator": "registration-user-creation", | |
"requirement": "REQUIRED", | |
"priority": 20, | |
"userSetupAllowed": false, | |
"autheticatorFlow": false | |
}, | |
{ | |
"authenticator": "registration-profile-action", | |
"requirement": "REQUIRED", | |
"priority": 40, | |
"userSetupAllowed": false, | |
"autheticatorFlow": false | |
}, | |
{ | |
"authenticator": "registration-password-action", | |
"requirement": "REQUIRED", | |
"priority": 50, | |
"userSetupAllowed": false, | |
"autheticatorFlow": false | |
}, | |
{ | |
"authenticator": "registration-recaptcha-action", | |
"requirement": "DISABLED", | |
"priority": 60, | |
"userSetupAllowed": false, | |
"autheticatorFlow": false | |
} | |
] | |
}, | |
{ | |
"id": "54e791c3-f046-49a1-a514-9b7de8282bdf", | |
"alias": "reset credentials", | |
"description": "Reset credentials for a user if they forgot their password or something", | |
"providerId": "basic-flow", | |
"topLevel": true, | |
"builtIn": true, | |
"authenticationExecutions": [ | |
{ | |
"authenticator": "reset-credentials-choose-user", | |
"requirement": "REQUIRED", | |
"priority": 10, | |
"userSetupAllowed": false, | |
"autheticatorFlow": false | |
}, | |
{ | |
"authenticator": "reset-credential-email", | |
"requirement": "REQUIRED", | |
"priority": 20, | |
"userSetupAllowed": false, | |
"autheticatorFlow": false | |
}, | |
{ | |
"authenticator": "reset-password", | |
"requirement": "REQUIRED", | |
"priority": 30, | |
"userSetupAllowed": false, | |
"autheticatorFlow": false | |
}, | |
{ | |
"requirement": "CONDITIONAL", | |
"priority": 40, | |
"flowAlias": "Reset - Conditional OTP", | |
"userSetupAllowed": false, | |
"autheticatorFlow": true | |
} | |
] | |
}, | |
{ | |
"id": "9f921b9a-7bbf-4809-b3f7-7dfb8ee0714f", | |
"alias": "saml ecp", | |
"description": "SAML ECP Profile Authentication Flow", | |
"providerId": "basic-flow", | |
"topLevel": true, | |
"builtIn": true, | |
"authenticationExecutions": [ | |
{ | |
"authenticator": "http-basic-authenticator", | |
"requirement": "REQUIRED", | |
"priority": 10, | |
"userSetupAllowed": false, | |
"autheticatorFlow": false | |
} | |
] | |
} | |
], | |
"authenticatorConfig": [ | |
{ | |
"id": "cd5c1416-bea5-41b7-92b2-b7778118a980", | |
"alias": "create unique user config", | |
"config": { | |
"require.password.update.after.registration": "false" | |
} | |
}, | |
{ | |
"id": "4020a9b6-be5a-4719-99e8-dad623285171", | |
"alias": "review profile config", | |
"config": { | |
"update.profile.on.first.login": "missing" | |
} | |
} | |
], | |
"requiredActions": [ | |
{ | |
"alias": "CONFIGURE_TOTP", | |
"name": "Configure OTP", | |
"providerId": "CONFIGURE_TOTP", | |
"enabled": true, | |
"defaultAction": false, | |
"priority": 10, | |
"config": {} | |
}, | |
{ | |
"alias": "terms_and_conditions", | |
"name": "Terms and Conditions", | |
"providerId": "terms_and_conditions", | |
"enabled": false, | |
"defaultAction": false, | |
"priority": 20, | |
"config": {} | |
}, | |
{ | |
"alias": "UPDATE_PASSWORD", | |
"name": "Update Password", | |
"providerId": "UPDATE_PASSWORD", | |
"enabled": true, | |
"defaultAction": false, | |
"priority": 30, | |
"config": {} | |
}, | |
{ | |
"alias": "UPDATE_PROFILE", | |
"name": "Update Profile", | |
"providerId": "UPDATE_PROFILE", | |
"enabled": true, | |
"defaultAction": false, | |
"priority": 40, | |
"config": {} | |
}, | |
{ | |
"alias": "VERIFY_EMAIL", | |
"name": "Verify Email", | |
"providerId": "VERIFY_EMAIL", | |
"enabled": true, | |
"defaultAction": false, | |
"priority": 50, | |
"config": {} | |
}, | |
{ | |
"alias": "update_user_locale", | |
"name": "Update User Locale", | |
"providerId": "update_user_locale", | |
"enabled": true, | |
"defaultAction": false, | |
"priority": 1000, | |
"config": {} | |
} | |
], | |
"browserFlow": "browser", | |
"registrationFlow": "registration", | |
"directGrantFlow": "direct grant", | |
"resetCredentialsFlow": "reset credentials", | |
"clientAuthenticationFlow": "clients", | |
"dockerAuthenticationFlow": "docker auth", | |
"attributes": {}, | |
"keycloakVersion": "10.0.1", | |
"userManagedAccessAllowed": false | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment