Created
November 2, 2019 09:17
-
-
Save slaskawi/79847124a268b94c8391e01f13b21409 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "id": "browser-redirect-flow", | |
| "realm": "browser-redirect-flow", | |
| "authenticationFlows": [ | |
| { | |
| "id": "1e056673-f43b-47a0-ab0f-883b87e123fc", | |
| "alias": "Handle Existing Account", | |
| "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", | |
| "providerId": "basic-flow", | |
| "topLevel": false, | |
| "builtIn": true, | |
| "authenticationExecutions": [ | |
| { | |
| "authenticator": "idp-confirm-link", | |
| "requirement": "REQUIRED", | |
| "priority": 10, | |
| "userSetupAllowed": false, | |
| "autheticatorFlow": false | |
| }, | |
| { | |
| "authenticator": "idp-email-verification", | |
| "requirement": "ALTERNATIVE", | |
| "priority": 20, | |
| "userSetupAllowed": false, | |
| "autheticatorFlow": false | |
| }, | |
| { | |
| "requirement": "ALTERNATIVE", | |
| "priority": 30, | |
| "flowAlias": "Verify Existing Account by Re-authentication", | |
| "userSetupAllowed": false, | |
| "autheticatorFlow": true | |
| } | |
| ] | |
| }, | |
| { | |
| "id": "8e79bc6e-ea48-452d-b848-4822982a4fc5", | |
| "alias": "Verify Existing Account by Re-authentication", | |
| "description": "Reauthentication of existing account", | |
| "providerId": "basic-flow", | |
| "topLevel": false, | |
| "builtIn": true, | |
| "authenticationExecutions": [ | |
| { | |
| "authenticator": "idp-username-password-form", | |
| "requirement": "REQUIRED", | |
| "priority": 10, | |
| "userSetupAllowed": false, | |
| "autheticatorFlow": false | |
| }, | |
| { | |
| "authenticator": "auth-otp-form", | |
| "requirement": "OPTIONAL", | |
| "priority": 20, | |
| "userSetupAllowed": false, | |
| "autheticatorFlow": false | |
| } | |
| ] | |
| }, | |
| { | |
| "id": "d223dc78-42f4-49ad-a7f6-cec5357ed788", | |
| "alias": "browser", | |
| "description": "browser based authentication", | |
| "providerId": "basic-flow", | |
| "topLevel": true, | |
| "builtIn": true, | |
| "authenticationExecutions": [ | |
| { | |
| "authenticator": "auth-cookie", | |
| "requirement": "ALTERNATIVE", | |
| "priority": 10, | |
| "userSetupAllowed": false, | |
| "autheticatorFlow": false | |
| }, | |
| { | |
| "authenticator": "auth-spnego", | |
| "requirement": "DISABLED", | |
| "priority": 20, | |
| "userSetupAllowed": false, | |
| "autheticatorFlow": false | |
| }, | |
| { | |
| "authenticatorConfig": "keycloak-operator-browser-redirector", | |
| "authenticator": "identity-provider-redirector", | |
| "requirement": "ALTERNATIVE", | |
| "priority": 25, | |
| "userSetupAllowed": false, | |
| "autheticatorFlow": false | |
| }, | |
| { | |
| "requirement": "ALTERNATIVE", | |
| "priority": 30, | |
| "flowAlias": "forms", | |
| "userSetupAllowed": false, | |
| "autheticatorFlow": true | |
| } | |
| ] | |
| }, | |
| { | |
| "id": "0cd33e52-fa62-4ae4-b550-60b16bb8796d", | |
| "alias": "clients", | |
| "description": "Base authentication for clients", | |
| "providerId": "client-flow", | |
| "topLevel": true, | |
| "builtIn": true, | |
| "authenticationExecutions": [ | |
| { | |
| "authenticator": "client-secret", | |
| "requirement": "ALTERNATIVE", | |
| "priority": 10, | |
| "userSetupAllowed": false, | |
| "autheticatorFlow": false | |
| }, | |
| { | |
| "authenticator": "client-jwt", | |
| "requirement": "ALTERNATIVE", | |
| "priority": 20, | |
| "userSetupAllowed": false, | |
| "autheticatorFlow": false | |
| }, | |
| { | |
| "authenticator": "client-secret-jwt", | |
| "requirement": "ALTERNATIVE", | |
| "priority": 30, | |
| "userSetupAllowed": false, | |
| "autheticatorFlow": false | |
| }, | |
| { | |
| "authenticator": "client-x509", | |
| "requirement": "ALTERNATIVE", | |
| "priority": 40, | |
| "userSetupAllowed": false, | |
| "autheticatorFlow": false | |
| } | |
| ] | |
| }, | |
| { | |
| "id": "1c43b081-b41c-4530-a0de-f41984dd3f5d", | |
| "alias": "direct grant", | |
| "description": "OpenID Connect Resource Owner Grant", | |
| "providerId": "basic-flow", | |
| "topLevel": true, | |
| "builtIn": true, | |
| "authenticationExecutions": [ | |
| { | |
| "authenticator": "direct-grant-validate-username", | |
| "requirement": "REQUIRED", | |
| "priority": 10, | |
| "userSetupAllowed": false, | |
| "autheticatorFlow": false | |
| }, | |
| { | |
| "authenticator": "direct-grant-validate-password", | |
| "requirement": "REQUIRED", | |
| "priority": 20, | |
| "userSetupAllowed": false, | |
| "autheticatorFlow": false | |
| }, | |
| { | |
| "authenticator": "direct-grant-validate-otp", | |
| "requirement": "OPTIONAL", | |
| "priority": 30, | |
| "userSetupAllowed": false, | |
| "autheticatorFlow": false | |
| } | |
| ] | |
| }, | |
| { | |
| "id": "115ca8ae-4c11-4bd8-b22d-3b2f1eaf8005", | |
| "alias": "docker auth", | |
| "description": "Used by Docker clients to authenticate against the IDP", | |
| "providerId": "basic-flow", | |
| "topLevel": true, | |
| "builtIn": true, | |
| "authenticationExecutions": [ | |
| { | |
| "authenticator": "docker-http-basic-authenticator", | |
| "requirement": "REQUIRED", | |
| "priority": 10, | |
| "userSetupAllowed": false, | |
| "autheticatorFlow": false | |
| } | |
| ] | |
| }, | |
| { | |
| "id": "6b4a9ecd-e6bc-4cee-8a00-0b1b466cb742", | |
| "alias": "first broker login", | |
| "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", | |
| "providerId": "basic-flow", | |
| "topLevel": true, | |
| "builtIn": true, | |
| "authenticationExecutions": [ | |
| { | |
| "authenticatorConfig": "review profile config", | |
| "authenticator": "idp-review-profile", | |
| "requirement": "REQUIRED", | |
| "priority": 10, | |
| "userSetupAllowed": false, | |
| "autheticatorFlow": false | |
| }, | |
| { | |
| "authenticatorConfig": "create unique user config", | |
| "authenticator": "idp-create-user-if-unique", | |
| "requirement": "ALTERNATIVE", | |
| "priority": 20, | |
| "userSetupAllowed": false, | |
| "autheticatorFlow": false | |
| }, | |
| { | |
| "requirement": "ALTERNATIVE", | |
| "priority": 30, | |
| "flowAlias": "Handle Existing Account", | |
| "userSetupAllowed": false, | |
| "autheticatorFlow": true | |
| } | |
| ] | |
| }, | |
| { | |
| "id": "a6a3a46e-e392-465c-ad62-67ad64135b95", | |
| "alias": "forms", | |
| "description": "Username, password, otp and other auth forms.", | |
| "providerId": "basic-flow", | |
| "topLevel": false, | |
| "builtIn": true, | |
| "authenticationExecutions": [ | |
| { | |
| "authenticator": "auth-username-password-form", | |
| "requirement": "REQUIRED", | |
| "priority": 10, | |
| "userSetupAllowed": false, | |
| "autheticatorFlow": false | |
| }, | |
| { | |
| "authenticator": "auth-otp-form", | |
| "requirement": "OPTIONAL", | |
| "priority": 20, | |
| "userSetupAllowed": false, | |
| "autheticatorFlow": false | |
| } | |
| ] | |
| }, | |
| { | |
| "id": "48982c71-4c7a-4f6f-bce8-b28ed2669cb8", | |
| "alias": "http challenge", | |
| "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", | |
| "providerId": "basic-flow", | |
| "topLevel": true, | |
| "builtIn": true, | |
| "authenticationExecutions": [ | |
| { | |
| "authenticator": "no-cookie-redirect", | |
| "requirement": "REQUIRED", | |
| "priority": 10, | |
| "userSetupAllowed": false, | |
| "autheticatorFlow": false | |
| }, | |
| { | |
| "authenticator": "basic-auth", | |
| "requirement": "REQUIRED", | |
| "priority": 20, | |
| "userSetupAllowed": false, | |
| "autheticatorFlow": false | |
| }, | |
| { | |
| "authenticator": "basic-auth-otp", | |
| "requirement": "DISABLED", | |
| "priority": 30, | |
| "userSetupAllowed": false, | |
| "autheticatorFlow": false | |
| }, | |
| { | |
| "authenticator": "auth-spnego", | |
| "requirement": "DISABLED", | |
| "priority": 40, | |
| "userSetupAllowed": false, | |
| "autheticatorFlow": false | |
| } | |
| ] | |
| }, | |
| { | |
| "id": "5745e3ac-e338-4e82-93d6-b4c82ab4c5a0", | |
| "alias": "registration", | |
| "description": "registration flow", | |
| "providerId": "basic-flow", | |
| "topLevel": true, | |
| "builtIn": true, | |
| "authenticationExecutions": [ | |
| { | |
| "authenticator": "registration-page-form", | |
| "requirement": "REQUIRED", | |
| "priority": 10, | |
| "flowAlias": "registration form", | |
| "userSetupAllowed": false, | |
| "autheticatorFlow": true | |
| } | |
| ] | |
| }, | |
| { | |
| "id": "a819d7dc-7a7f-4012-bb98-f3b7bd4b1a03", | |
| "alias": "registration form", | |
| "description": "registration form", | |
| "providerId": "form-flow", | |
| "topLevel": false, | |
| "builtIn": true, | |
| "authenticationExecutions": [ | |
| { | |
| "authenticator": "registration-user-creation", | |
| "requirement": "REQUIRED", | |
| "priority": 20, | |
| "userSetupAllowed": false, | |
| "autheticatorFlow": false | |
| }, | |
| { | |
| "authenticator": "registration-profile-action", | |
| "requirement": "REQUIRED", | |
| "priority": 40, | |
| "userSetupAllowed": false, | |
| "autheticatorFlow": false | |
| }, | |
| { | |
| "authenticator": "registration-password-action", | |
| "requirement": "REQUIRED", | |
| "priority": 50, | |
| "userSetupAllowed": false, | |
| "autheticatorFlow": false | |
| }, | |
| { | |
| "authenticator": "registration-recaptcha-action", | |
| "requirement": "DISABLED", | |
| "priority": 60, | |
| "userSetupAllowed": false, | |
| "autheticatorFlow": false | |
| } | |
| ] | |
| }, | |
| { | |
| "id": "4049293d-7d2a-40bf-aa23-396a0d7ad060", | |
| "alias": "reset credentials", | |
| "description": "Reset credentials for a user if they forgot their password or something", | |
| "providerId": "basic-flow", | |
| "topLevel": true, | |
| "builtIn": true, | |
| "authenticationExecutions": [ | |
| { | |
| "authenticator": "reset-credentials-choose-user", | |
| "requirement": "REQUIRED", | |
| "priority": 10, | |
| "userSetupAllowed": false, | |
| "autheticatorFlow": false | |
| }, | |
| { | |
| "authenticator": "reset-credential-email", | |
| "requirement": "REQUIRED", | |
| "priority": 20, | |
| "userSetupAllowed": false, | |
| "autheticatorFlow": false | |
| }, | |
| { | |
| "authenticator": "reset-password", | |
| "requirement": "REQUIRED", | |
| "priority": 30, | |
| "userSetupAllowed": false, | |
| "autheticatorFlow": false | |
| }, | |
| { | |
| "authenticator": "reset-otp", | |
| "requirement": "OPTIONAL", | |
| "priority": 40, | |
| "userSetupAllowed": false, | |
| "autheticatorFlow": false | |
| } | |
| ] | |
| }, | |
| { | |
| "id": "80226044-2198-4bdb-9960-2e6efd81c509", | |
| "alias": "saml ecp", | |
| "description": "SAML ECP Profile Authentication Flow", | |
| "providerId": "basic-flow", | |
| "topLevel": true, | |
| "builtIn": true, | |
| "authenticationExecutions": [ | |
| { | |
| "authenticator": "http-basic-authenticator", | |
| "requirement": "REQUIRED", | |
| "priority": 10, | |
| "userSetupAllowed": false, | |
| "autheticatorFlow": false | |
| } | |
| ] | |
| } | |
| ], | |
| "authenticatorConfig": [ | |
| { | |
| "id": "dd09a269-7806-43db-a05c-a7c0552b5bad", | |
| "alias": "create unique user config", | |
| "config": { | |
| "require.password.update.after.registration": "false" | |
| } | |
| }, | |
| { | |
| "id": "98f0f93a-1136-4551-9afc-b78352e655b1", | |
| "alias": "keycloak-operator-browser-redirector", | |
| "config": { | |
| "defaultProvider": "asd" | |
| } | |
| }, | |
| { | |
| "id": "5370aaf7-879a-482c-a1d8-ea1ace236c3c", | |
| "alias": "review profile config", | |
| "config": { | |
| "update.profile.on.first.login": "missing" | |
| } | |
| } | |
| ] | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment