Skip to content

Instantly share code, notes, and snippets.

@sshaaf

sshaaf/KeycloakRealmImportCR.yaml Secret

Created September 7, 2023 19:55
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save sshaaf/7b5a0fc6c81289440cb797e049b99472 to your computer and use it in GitHub Desktop.
Save sshaaf/7b5a0fc6c81289440cb797e049b99472 to your computer and use it in GitHub Desktop.
Download ZIP
Keycloak example quarkus realm export CR
Raw
KeycloakRealmImportCR.yaml
apiVersion: k8s.keycloak.org/v2alpha1
kind: KeycloakRealmImport
metadata:
name: quarkus
spec:
keycloakCRName: example-kc
realm:
id: quarkus
realm: quarkus
notBefore: 0
revokeRefreshToken: false
refreshTokenMaxReuse: 0
accessTokenLifespan: 300
accessTokenLifespanForImplicitFlow: 900
ssoSessionIdleTimeout: 1800
ssoSessionMaxLifespan: 36000
ssoSessionIdleTimeoutRememberMe: 0
ssoSessionMaxLifespanRememberMe: 0
offlineSessionIdleTimeout: 2592000
offlineSessionMaxLifespanEnabled: false
offlineSessionMaxLifespan: 5184000
accessCodeLifespan: 60
accessCodeLifespanUserAction: 300
accessCodeLifespanLogin: 1800
actionTokenGeneratedByAdminLifespan: 43200
actionTokenGeneratedByUserLifespan: 300
enabled: true
sslRequired: external
registrationAllowed: false
registrationEmailAsUsername: false
rememberMe: false
verifyEmail: false
loginWithEmailAllowed: true
duplicateEmailsAllowed: false
resetPasswordAllowed: false
editUsernameAllowed: false
bruteForceProtected: false
permanentLockout: false
maxFailureWaitSeconds: 900
minimumQuickLoginWaitSeconds: 60
waitIncrementSeconds: 60
quickLoginCheckMilliSeconds: 1000
maxDeltaTimeSeconds: 43200
failureFactor: 30
roles:
realm:
- id: 3ce83241-464b-4ca0-8f0f-17002a797aab
name: admin
composite: false
clientRole: false
containerId: quarkus
attributes: {}
- id: 68615956-51ca-49ca-865a-f9cb2571b027
name: confidential
composite: false
clientRole: false
containerId: quarkus
attributes: {}
- id: c6d57a00-eb97-460d-91b0-89e6a94a7aa5
name: offline_access
description: "${role_offline-access}"
composite: false
clientRole: false
containerId: quarkus
attributes: {}
- id: c50286f6-3562-473f-ad45-9767b982ff45
name: uma_authorization
description: "${role_uma_authorization}"
composite: false
clientRole: false
containerId: quarkus
attributes: {}
- id: d3246456-8f5d-4722-8364-a46a8d25dc7c
name: user
composite: false
clientRole: false
containerId: quarkus
attributes: {}
client:
realm-management:
- id: 4b24739e-3a0a-48d2-b202-713430d775d2
name: manage-identity-providers
description: "${role_manage-identity-providers}"
composite: false
clientRole: true
containerId: dd29e998-54e9-4067-884e-4f986e990c1d
attributes: {}
- id: bcc6637a-294c-4529-a706-33b8c49f40fc
name: view-users
description: "${role_view-users}"
composite: true
composites:
client:
realm-management:
- query-groups
- query-users
clientRole: true
containerId: dd29e998-54e9-4067-884e-4f986e990c1d
attributes: {}
- id: 1238e880-907f-4e8b-a032-4d09a922adf8
name: query-clients
description: "${role_query-clients}"
composite: false
clientRole: true
containerId: dd29e998-54e9-4067-884e-4f986e990c1d
attributes: {}
- id: 183e58f4-136b-4c91-b20a-5c76857a671e
name: view-identity-providers
description: "${role_view-identity-providers}"
composite: false
clientRole: true
containerId: dd29e998-54e9-4067-884e-4f986e990c1d
attributes: {}
- id: f65a9a54-d689-4c45-87cd-f177babdeaef
name: view-events
description: "${role_view-events}"
composite: false
clientRole: true
containerId: dd29e998-54e9-4067-884e-4f986e990c1d
attributes: {}
- id: 9aec187f-d623-45c7-a8b3-5aa32d115f50
name: manage-events
description: "${role_manage-events}"
composite: false
clientRole: true
containerId: dd29e998-54e9-4067-884e-4f986e990c1d
attributes: {}
- id: 52521d81-e7d6-4929-95cb-0a084c5bacb8
name: view-clients
description: "${role_view-clients}"
composite: true
composites:
client:
realm-management:
- query-clients
clientRole: true
containerId: dd29e998-54e9-4067-884e-4f986e990c1d
attributes: {}
- id: e92c753a-7b17-4adc-9962-04f24040e404
name: query-realms
description: "${role_query-realms}"
composite: false
clientRole: true
containerId: dd29e998-54e9-4067-884e-4f986e990c1d
attributes: {}
- id: 1285d11d-08f4-4753-b27e-d5f7b0e76fca
name: manage-clients
description: "${role_manage-clients}"
composite: false
clientRole: true
containerId: dd29e998-54e9-4067-884e-4f986e990c1d
attributes: {}
- id: b0ee027f-5aa6-48eb-837f-4635590576ec
name: view-authorization
description: "${role_view-authorization}"
composite: false
clientRole: true
containerId: dd29e998-54e9-4067-884e-4f986e990c1d
attributes: {}
- id: f1176efb-e24b-4fab-8b37-8265aefd10e1
name: query-users
description: "${role_query-users}"
composite: false
clientRole: true
containerId: dd29e998-54e9-4067-884e-4f986e990c1d
attributes: {}
- id: 61ac3405-ccbd-4cdf-8cac-c918e1d77e1f
name: query-groups
description: "${role_query-groups}"
composite: false
clientRole: true
containerId: dd29e998-54e9-4067-884e-4f986e990c1d
attributes: {}
- id: 968be265-6868-416a-91a1-e5bd882349ab
name: manage-authorization
description: "${role_manage-authorization}"
composite: false
clientRole: true
containerId: dd29e998-54e9-4067-884e-4f986e990c1d
attributes: {}
- id: e77611fc-5ec5-4438-96c3-b291aae78d0c
name: manage-users
description: "${role_manage-users}"
composite: false
clientRole: true
containerId: dd29e998-54e9-4067-884e-4f986e990c1d
attributes: {}
- id: f5163480-f5fc-4355-8be1-8cc96ff7d99d
name: realm-admin
description: "${role_realm-admin}"
composite: true
composites:
client:
realm-management:
- manage-identity-providers
- query-clients
- view-users
- view-identity-providers
- view-events
- view-clients
- manage-events
- query-realms
- manage-clients
- view-authorization
- query-groups
- query-users
- manage-authorization
- manage-users
- manage-realm
- create-client
- view-realm
- impersonation
clientRole: true
containerId: dd29e998-54e9-4067-884e-4f986e990c1d
attributes: {}
- id: 165b24e1-9488-4cc7-87cd-e74b1cdc5619
name: manage-realm
description: "${role_manage-realm}"
composite: false
clientRole: true
containerId: dd29e998-54e9-4067-884e-4f986e990c1d
attributes: {}
- id: 6e633885-b1fb-4ca8-9ef9-7c4c8f8732e8
name: view-realm
description: "${role_view-realm}"
composite: false
clientRole: true
containerId: dd29e998-54e9-4067-884e-4f986e990c1d
attributes: {}
- id: 64ec1233-2cee-4d9b-ab6f-0bd06702c684
name: create-client
description: "${role_create-client}"
composite: false
clientRole: true
containerId: dd29e998-54e9-4067-884e-4f986e990c1d
attributes: {}
- id: 683bddad-81c6-4dca-87b6-e14b0b2ae524
name: impersonation
description: "${role_impersonation}"
composite: false
clientRole: true
containerId: dd29e998-54e9-4067-884e-4f986e990c1d
attributes: {}
security-admin-console: []
admin-cli: []
backend-service:
- id: 5b9947c6-eb74-4de6-8623-0285720993f3
name: uma_protection
composite: false
clientRole: true
containerId: 302430aa-3929-42cf-8ba2-2b9d2e71dc3a
attributes: {}
broker:
- id: bee1f77b-34a9-4386-9eca-eb19db248394
name: read-token
description: "${role_read-token}"
composite: false
clientRole: true
containerId: 2a02328b-6aa6-49a8-b56c-7036c273c70b
attributes: {}
account:
- id: 1ffcc7fe-50a8-4300-b172-10f651e5a5bd
name: view-profile
description: "${role_view-profile}"
composite: false
clientRole: true
containerId: 35b5a50f-a32a-4bd1-b4b3-50f0ade135c7
attributes: {}
- id: d3ffeda8-8d57-4b63-ae1d-90f88bc4b068
name: manage-account-links
description: "${role_manage-account-links}"
composite: false
clientRole: true
containerId: 35b5a50f-a32a-4bd1-b4b3-50f0ade135c7
attributes: {}
- id: 74f86380-8e18-407f-ad16-529044f9c7dc
name: manage-account
description: "${role_manage-account}"
composite: true
composites:
client:
account:
- manage-account-links
clientRole: true
containerId: 35b5a50f-a32a-4bd1-b4b3-50f0ade135c7
attributes: {}
groups: []
requiredCredentials:
- password
otpPolicyType: totp
otpPolicyAlgorithm: HmacSHA1
otpPolicyInitialCounter: 0
otpPolicyDigits: 6
otpPolicyLookAheadWindow: 1
otpPolicyPeriod: 30
otpSupportedApplications:
- FreeOTP
- Google Authenticator
webAuthnPolicyRpEntityName: keycloak
webAuthnPolicySignatureAlgorithms:
- ES256
webAuthnPolicyRpId: ''
webAuthnPolicyAttestationConveyancePreference: not specified
webAuthnPolicyAuthenticatorAttachment: not specified
webAuthnPolicyRequireResidentKey: not specified
webAuthnPolicyUserVerificationRequirement: not specified
webAuthnPolicyCreateTimeout: 0
webAuthnPolicyAvoidSameAuthenticatorRegister: false
webAuthnPolicyAcceptableAaguids: []
clients:
- id: 302430aa-3929-42cf-8ba2-2b9d2e71dc3a
clientId: backend-service
surrogateAuthRequired: false
enabled: true
clientAuthenticatorType: client-secret
secret: secret
redirectUris:
- "*"
webOrigins: []
notBefore: 0
bearerOnly: false
consentRequired: false
standardFlowEnabled: true
implicitFlowEnabled: false
directAccessGrantsEnabled: true
serviceAccountsEnabled: true
publicClient: false
frontchannelLogout: false
protocol: openid-connect
attributes: {}
authenticationFlowBindingOverrides: {}
fullScopeAllowed: true
nodeReRegistrationTimeout: -1
protocolMappers:
- id: 1390addb-ba10-4455-a1ea-8455c3770cf1
name: Client ID
protocol: openid-connect
protocolMapper: oidc-usersessionmodel-note-mapper
consentRequired: false
config:
user.session.note: clientId
userinfo.token.claim: 'true'
id.token.claim: 'true'
access.token.claim: 'true'
claim.name: clientId
jsonType.label: String
- id: cdafda09-f6d9-41e3-87ef-6789e861689a
name: Client Host
protocol: openid-connect
protocolMapper: oidc-usersessionmodel-note-mapper
consentRequired: false
config:
user.session.note: clientHost
userinfo.token.claim: 'true'
id.token.claim: 'true'
access.token.claim: 'true'
claim.name: clientHost
jsonType.label: String
- id: 95b47211-912c-43f5-84ce-5bfbc761325d
name: Client IP Address
protocol: openid-connect
protocolMapper: oidc-usersessionmodel-note-mapper
consentRequired: false
config:
user.session.note: clientAddress
userinfo.token.claim: 'true'
id.token.claim: 'true'
access.token.claim: 'true'
claim.name: clientAddress
jsonType.label: String
defaultClientScopes:
- web-origins
- role_list
- roles
- profile
- email
optionalClientScopes:
- address
- phone
- offline_access
- microprofile-jwt
- id: dd29e998-54e9-4067-884e-4f986e990c1d
clientId: realm-management
name: "${client_realm-management}"
surrogateAuthRequired: false
enabled: true
clientAuthenticatorType: client-secret
secret: c41b709a-a012-4c69-89d7-4f926dba0619
redirectUris: []
webOrigins: []
notBefore: 0
bearerOnly: true
consentRequired: false
standardFlowEnabled: true
implicitFlowEnabled: false
directAccessGrantsEnabled: false
serviceAccountsEnabled: false
publicClient: false
frontchannelLogout: false
protocol: openid-connect
attributes: {}
authenticationFlowBindingOverrides: {}
fullScopeAllowed: false
nodeReRegistrationTimeout: 0
defaultClientScopes:
- web-origins
- role_list
- roles
- profile
- email
optionalClientScopes:
- address
- phone
- offline_access
- microprofile-jwt
- id: c6e812f9-326b-4e66-9197-157a5d43b172
clientId: admin-cli
name: "${client_admin-cli}"
surrogateAuthRequired: false
enabled: true
clientAuthenticatorType: client-secret
secret: a951803a-79c7-46a6-8197-e32835286971
redirectUris: []
webOrigins: []
notBefore: 0
bearerOnly: false
consentRequired: false
standardFlowEnabled: false
implicitFlowEnabled: false
directAccessGrantsEnabled: true
serviceAccountsEnabled: false
publicClient: true
frontchannelLogout: false
protocol: openid-connect
attributes: {}
authenticationFlowBindingOverrides: {}
fullScopeAllowed: false
nodeReRegistrationTimeout: 0
defaultClientScopes:
- web-origins
- role_list
- roles
- profile
- email
optionalClientScopes:
- address
- phone
- offline_access
- microprofile-jwt
- id: 35b5a50f-a32a-4bd1-b4b3-50f0ade135c7
clientId: account
name: "${client_account}"
rootUrl: "${authBaseUrl}"
baseUrl: "/realms/quarkus/account/"
surrogateAuthRequired: false
enabled: true
clientAuthenticatorType: client-secret
secret: 0136c3ef-0dfd-4b13-a6d0-2c8b6358edec
redirectUris:
- "/realms/quarkus/account/*"
webOrigins: []
notBefore: 0
bearerOnly: false
consentRequired: false
standardFlowEnabled: true
implicitFlowEnabled: false
directAccessGrantsEnabled: false
serviceAccountsEnabled: false
publicClient: false
frontchannelLogout: false
protocol: openid-connect
attributes: {}
authenticationFlowBindingOverrides: {}
fullScopeAllowed: false
nodeReRegistrationTimeout: 0
defaultClientScopes:
- web-origins
- role_list
- roles
- profile
- email
optionalClientScopes:
- address
- phone
- offline_access
- microprofile-jwt
- id: 2a02328b-6aa6-49a8-b56c-7036c273c70b
clientId: broker
name: "${client_broker}"
surrogateAuthRequired: false
enabled: true
clientAuthenticatorType: client-secret
secret: e1f7edd7-e15c-43b4-8736-ff8204d16836
redirectUris: []
webOrigins: []
notBefore: 0
bearerOnly: false
consentRequired: false
standardFlowEnabled: true
implicitFlowEnabled: false
directAccessGrantsEnabled: false
serviceAccountsEnabled: false
publicClient: false
frontchannelLogout: false
protocol: openid-connect
attributes: {}
authenticationFlowBindingOverrides: {}
fullScopeAllowed: false
nodeReRegistrationTimeout: 0
defaultClientScopes:
- web-origins
- role_list
- roles
- profile
- email
optionalClientScopes:
- address
- phone
- offline_access
- microprofile-jwt
- id: 6517b152-0693-4b28-a798-a0deea3e8644
clientId: security-admin-console
name: "${client_security-admin-console}"
rootUrl: "${authAdminUrl}"
baseUrl: "/admin/quarkus/console/"
surrogateAuthRequired: false
enabled: true
clientAuthenticatorType: client-secret
secret: e571b211-2550-475d-b87f-116ff54091ee
redirectUris:
- "/admin/quarkus/console/*"
webOrigins:
- "+"
notBefore: 0
bearerOnly: false
consentRequired: false
standardFlowEnabled: true
implicitFlowEnabled: false
directAccessGrantsEnabled: false
serviceAccountsEnabled: false
publicClient: true
frontchannelLogout: false
protocol: openid-connect
attributes: {}
authenticationFlowBindingOverrides: {}
fullScopeAllowed: false
nodeReRegistrationTimeout: 0
protocolMappers:
- id: 9c7093a9-4da1-47e4-b2a5-afe180782220
name: locale
protocol: openid-connect
protocolMapper: oidc-usermodel-attribute-mapper
consentRequired: false
config:
userinfo.token.claim: 'true'
user.attribute: locale
id.token.claim: 'true'
access.token.claim: 'true'
claim.name: locale
jsonType.label: String
defaultClientScopes:
- web-origins
- role_list
- roles
- profile
- email
optionalClientScopes:
- address
- phone
- offline_access
- microprofile-jwt
clientScopes:
- id: 35bfd94e-681f-456a-bca0-0d0d8d986a96
name: address
description: 'OpenID Connect built-in scope: address'
protocol: openid-connect
attributes:
include.in.token.scope: 'true'
display.on.consent.screen: 'true'
consent.screen.text: "${addressScopeConsentText}"
protocolMappers:
- id: 1f710637-5a3c-45f3-b4d3-74046993e0eb
name: address
protocol: openid-connect
protocolMapper: oidc-address-mapper
consentRequired: false
config:
user.attribute.formatted: formatted
user.attribute.country: country
user.attribute.postal_code: postal_code
userinfo.token.claim: 'true'
user.attribute.street: street
id.token.claim: 'true'
user.attribute.region: region
access.token.claim: 'true'
user.attribute.locality: locality
- id: eb0bdf87-6cda-4684-89a8-f7bd6f0c7bba
name: email
description: 'OpenID Connect built-in scope: email'
protocol: openid-connect
attributes:
include.in.token.scope: 'true'
display.on.consent.screen: 'true'
consent.screen.text: "${emailScopeConsentText}"
protocolMappers:
- id: 1ea39fbb-c692-4a1d-a143-a05b030889cb
name: email
protocol: openid-connect
protocolMapper: oidc-usermodel-property-mapper
consentRequired: false
config:
userinfo.token.claim: 'true'
user.attribute: email
id.token.claim: 'true'
access.token.claim: 'true'
claim.name: email
jsonType.label: String
- id: f97bd1de-6c95-4c5b-804c-f8b354457453
name: email verified
protocol: openid-connect
protocolMapper: oidc-usermodel-property-mapper
consentRequired: false
config:
userinfo.token.claim: 'true'
user.attribute: emailVerified
id.token.claim: 'true'
access.token.claim: 'true'
claim.name: email_verified
jsonType.label: boolean
- id: 55621a1e-cd6b-45a7-9f06-a678e0801b9c
name: microprofile-jwt
description: Microprofile - JWT built-in scope
protocol: openid-connect
attributes:
include.in.token.scope: 'true'
display.on.consent.screen: 'false'
protocolMappers:
- id: 6c4f32b0-8ae4-4b4b-b4fa-a053df0bbb3a
name: groups
protocol: openid-connect
protocolMapper: oidc-usermodel-realm-role-mapper
consentRequired: false
config:
multivalued: 'true'
user.attribute: foo
id.token.claim: 'true'
access.token.claim: 'true'
claim.name: groups
jsonType.label: String
- id: 2687cb87-1dbf-435c-8ef9-f2fe38127405
name: upn
protocol: openid-connect
protocolMapper: oidc-usermodel-property-mapper
consentRequired: false
config:
userinfo.token.claim: 'true'
user.attribute: username
id.token.claim: 'true'
access.token.claim: 'true'
claim.name: upn
jsonType.label: String
- id: 97aca0c9-7f14-4783-bb48-681de54f0b31
name: offline_access
description: 'OpenID Connect built-in scope: offline_access'
protocol: openid-connect
attributes:
consent.screen.text: "${offlineAccessScopeConsentText}"
display.on.consent.screen: 'true'
- id: 541f2eae-d481-4d00-be30-89f4f60d169f
name: phone
description: 'OpenID Connect built-in scope: phone'
protocol: openid-connect
attributes:
include.in.token.scope: 'true'
display.on.consent.screen: 'true'
consent.screen.text: "${phoneScopeConsentText}"
protocolMappers:
- id: eda935c3-7294-403c-85bd-fee7216af822
name: phone number
protocol: openid-connect
protocolMapper: oidc-usermodel-attribute-mapper
consentRequired: false
config:
userinfo.token.claim: 'true'
user.attribute: phoneNumber
id.token.claim: 'true'
access.token.claim: 'true'
claim.name: phone_number
jsonType.label: String
- id: 0b8c0161-5042-4912-a753-c262569ed5bc
name: phone number verified
protocol: openid-connect
protocolMapper: oidc-usermodel-attribute-mapper
consentRequired: false
config:
userinfo.token.claim: 'true'
user.attribute: phoneNumberVerified
id.token.claim: 'true'
access.token.claim: 'true'
claim.name: phone_number_verified
jsonType.label: boolean
- id: d20498e8-4ec8-4496-9d8f-c09131dd5d15
name: profile
description: 'OpenID Connect built-in scope: profile'
protocol: openid-connect
attributes:
include.in.token.scope: 'true'
display.on.consent.screen: 'true'
consent.screen.text: "${profileScopeConsentText}"
protocolMappers:
- id: 7da35ca7-5c93-4d23-b6b7-761d80c966c8
name: given name
protocol: openid-connect
protocolMapper: oidc-usermodel-property-mapper
consentRequired: false
config:
userinfo.token.claim: 'true'
user.attribute: firstName
id.token.claim: 'true'
access.token.claim: 'true'
claim.name: given_name
jsonType.label: String
- id: a443a633-7cd2-406d-85f1-6e3d3173eff9
name: profile
protocol: openid-connect
protocolMapper: oidc-usermodel-attribute-mapper
consentRequired: false
config:
userinfo.token.claim: 'true'
user.attribute: profile
id.token.claim: 'true'
access.token.claim: 'true'
claim.name: profile
jsonType.label: String
- id: d04d2dd6-04fc-4230-90eb-7074056cfdee
name: family name
protocol: openid-connect
protocolMapper: oidc-usermodel-property-mapper
consentRequired: false
config:
userinfo.token.claim: 'true'
user.attribute: lastName
id.token.claim: 'true'
access.token.claim: 'true'
claim.name: family_name
jsonType.label: String
- id: ef68a07b-ed0a-418b-9c6d-7ecd58946813
name: updated at
protocol: openid-connect
protocolMapper: oidc-usermodel-attribute-mapper
consentRequired: false
config:
userinfo.token.claim: 'true'
user.attribute: updatedAt
id.token.claim: 'true'
access.token.claim: 'true'
claim.name: updated_at
jsonType.label: String
- id: 144acdba-ee08-4349-b806-a4394bd5f351
name: website
protocol: openid-connect
protocolMapper: oidc-usermodel-attribute-mapper
consentRequired: false
config:
userinfo.token.claim: 'true'
user.attribute: website
id.token.claim: 'true'
access.token.claim: 'true'
claim.name: website
jsonType.label: String
- id: 4b435d62-1f62-4513-a131-208318731d7b
name: gender
protocol: openid-connect
protocolMapper: oidc-usermodel-attribute-mapper
consentRequired: false
config:
userinfo.token.claim: 'true'
user.attribute: gender
id.token.claim: 'true'
access.token.claim: 'true'
claim.name: gender
jsonType.label: String
- id: 794b162d-460a-4465-b90d-66dabc4b3cce
name: middle name
protocol: openid-connect
protocolMapper: oidc-usermodel-attribute-mapper
consentRequired: false
config:
userinfo.token.claim: 'true'
user.attribute: middleName
id.token.claim: 'true'
access.token.claim: 'true'
claim.name: middle_name
jsonType.label: String
- id: 779b131a-d0cc-420d-90b3-075b19210379
name: picture
protocol: openid-connect
protocolMapper: oidc-usermodel-attribute-mapper
consentRequired: false
config:
userinfo.token.claim: 'true'
user.attribute: picture
id.token.claim: 'true'
access.token.claim: 'true'
claim.name: picture
jsonType.label: String
- id: 0e0f1e8d-60f9-4435-b753-136d70e56af8
name: username
protocol: openid-connect
protocolMapper: oidc-usermodel-property-mapper
consentRequired: false
config:
userinfo.token.claim: 'true'
user.attribute: username
id.token.claim: 'true'
access.token.claim: 'true'
claim.name: preferred_username
jsonType.label: String
- id: 8451d26b-904d-4858-9db1-87fe137c1172
name: birthdate
protocol: openid-connect
protocolMapper: oidc-usermodel-attribute-mapper
consentRequired: false
config:
userinfo.token.claim: 'true'
user.attribute: birthdate
id.token.claim: 'true'
access.token.claim: 'true'
claim.name: birthdate
jsonType.label: String
- id: 011fe224-355f-4e3c-a3d4-6a325eec561d
name: nickname
protocol: openid-connect
protocolMapper: oidc-usermodel-attribute-mapper
consentRequired: false
config:
userinfo.token.claim: 'true'
user.attribute: nickname
id.token.claim: 'true'
access.token.claim: 'true'
claim.name: nickname
jsonType.label: String
- id: 06f656a1-67f1-4c53-92df-9e5823853191
name: full name
protocol: openid-connect
protocolMapper: oidc-full-name-mapper
consentRequired: false
config:
id.token.claim: 'true'
access.token.claim: 'true'
userinfo.token.claim: 'true'
- id: '03293b81-5599-4163-81b8-eb05c3d14ed2'
name: zoneinfo
protocol: openid-connect
protocolMapper: oidc-usermodel-attribute-mapper
consentRequired: false
config:
userinfo.token.claim: 'true'
user.attribute: zoneinfo
id.token.claim: 'true'
access.token.claim: 'true'
claim.name: zoneinfo
jsonType.label: String
- id: d21642b7-8190-4de4-8d0d-09b0e505c02c
name: locale
protocol: openid-connect
protocolMapper: oidc-usermodel-attribute-mapper
consentRequired: false
config:
userinfo.token.claim: 'true'
user.attribute: locale
id.token.claim: 'true'
access.token.claim: 'true'
claim.name: locale
jsonType.label: String
- id: 7eaa8ede-9a92-487a-9444-60a5d7355542
name: role_list
description: SAML role list
protocol: saml
attributes:
consent.screen.text: "${samlRoleListScopeConsentText}"
display.on.consent.screen: 'true'
protocolMappers:
- id: e7616dd3-8886-4d47-8645-74e4565d7606
name: role list
protocol: saml
protocolMapper: saml-role-list-mapper
consentRequired: false
config:
single: 'false'
attribute.nameformat: Basic
attribute.name: Role
- id: 83e275f7-b171-45fa-99c7-7c04f91fbe41
name: roles
description: OpenID Connect scope for add user roles to the access token
protocol: openid-connect
attributes:
include.in.token.scope: 'false'
display.on.consent.screen: 'true'
consent.screen.text: "${rolesScopeConsentText}"
protocolMappers:
- id: 9eb470cc-8157-46f2-8233-8cae169c6591
name: realm roles
protocol: openid-connect
protocolMapper: oidc-usermodel-realm-role-mapper
consentRequired: false
config:
multivalued: 'true'
user.attribute: foo
access.token.claim: 'true'
claim.name: realm_access.roles
jsonType.label: String
- id: eebdefd0-c446-4bf3-b945-08db42f0ea92
name: audience resolve
protocol: openid-connect
protocolMapper: oidc-audience-resolve-mapper
consentRequired: false
config: {}
- id: 37c62d93-c670-487c-8c3a-a6329a9924b0
name: client roles
protocol: openid-connect
protocolMapper: oidc-usermodel-client-role-mapper
consentRequired: false
config:
multivalued: 'true'
user.attribute: foo
access.token.claim: 'true'
claim.name: resource_access.${client_id}.roles
jsonType.label: String
- id: 58e57c6f-18bf-4347-9ab0-b8325ef522e0
name: web-origins
description: OpenID Connect scope for add allowed web origins to the access token
protocol: openid-connect
attributes:
include.in.token.scope: 'false'
display.on.consent.screen: 'false'
consent.screen.text: ''
protocolMappers:
- id: 5a4a2c20-fef2-40b5-9406-136475442b47
name: allowed web origins
protocol: openid-connect
protocolMapper: oidc-allowed-origins-mapper
consentRequired: false
config: {}
defaultDefaultClientScopes:
- web-origins
- role_list
- roles
- profile
- email
defaultOptionalClientScopes:
- address
- phone
- microprofile-jwt
- offline_access
browserSecurityHeaders:
contentSecurityPolicyReportOnly: ''
xContentTypeOptions: nosniff
xRobotsTag: none
xFrameOptions: SAMEORIGIN
contentSecurityPolicy: frame-src 'self'; frame-ancestors 'self'; object-src 'none';
xXSSProtection: 1; mode=block
strictTransportSecurity: max-age=31536000; includeSubDomains
smtpServer: {}
eventsEnabled: false
eventsListeners:
- jboss-logging
enabledEventTypes: []
adminEventsEnabled: false
adminEventsDetailsEnabled: false
components:
org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy:
- id: 9b4e5b69-1d07-489b-b8a5-07329c957141
name: Trusted Hosts
providerId: trusted-hosts
subType: anonymous
subComponents: {}
config:
host-sending-registration-request-must-match:
- 'true'
client-uris-must-match:
- 'true'
- id: e2f513d3-44e3-435c-8b2a-68a5d384fd97
name: Full Scope Disabled
providerId: scope
subType: anonymous
subComponents: {}
config: {}
- id: 7ebad719-3c5e-4880-a9f1-3242dd9dbe24
name: Consent Required
providerId: consent-required
subType: anonymous
subComponents: {}
config: {}
- id: 8fe9bd3a-a11c-4c97-948e-90ba7fbe008f
name: Allowed Protocol Mapper Types
providerId: allowed-protocol-mappers
subType: authenticated
subComponents: {}
config:
allowed-protocol-mapper-types:
- oidc-usermodel-attribute-mapper
- oidc-usermodel-property-mapper
- oidc-full-name-mapper
- oidc-sha256-pairwise-sub-mapper
- oidc-address-mapper
- saml-role-list-mapper
- saml-user-property-mapper
- saml-user-attribute-mapper
- id: e9b76eee-365f-4b5f-80cb-316eb07b36fa
name: Max Clients Limit
providerId: max-clients
subType: anonymous
subComponents: {}
config:
max-clients:
- '200'
- id: 8ed9d103-7a79-47b4-9426-9e4a84340d22
name: Allowed Client Scopes
providerId: allowed-client-templates
subType: authenticated
subComponents: {}
config:
allow-default-scopes:
- 'true'
- id: 43a5aac2-b395-4935-94cb-12f4d9b4eb05
name: Allowed Protocol Mapper Types
providerId: allowed-protocol-mappers
subType: anonymous
subComponents: {}
config:
allowed-protocol-mapper-types:
- saml-user-attribute-mapper
- oidc-usermodel-attribute-mapper
- oidc-address-mapper
- saml-user-property-mapper
- oidc-sha256-pairwise-sub-mapper
- saml-role-list-mapper
- oidc-full-name-mapper
- oidc-usermodel-property-mapper
- id: a07e90f1-5662-4344-8529-f284c361a25e
name: Allowed Client Scopes
providerId: allowed-client-templates
subType: anonymous
subComponents: {}
config:
allow-default-scopes:
- 'true'
org.keycloak.keys.KeyProvider:
- id: 4008d665-26c4-4056-a028-232bc0636029
name: aes-generated
providerId: aes-generated
subComponents: {}
config:
kid:
- b04473d3-8395-4016-b455-19a9e951106b
secret:
- x68mMOVdz3qKWzltzReV0g
priority:
- '100'
- id: 066f8625-06ba-4463-995f-93a058d2d800
name: rsa-generated
providerId: rsa-generated
subComponents: {}
config:
privateKey:
- MIIEowIBAAKCAQEAn5T13suF8mlS+pJXp0U1bto41nW55wpcs+Rps8ZVCRyJKWqzwSCYnI7lm0rB2wBpAAO4OPoj1zlmVoFmBPsDU9Xf7rjsJb5LIzIQDCZY44aSDZt6RR+gakPiQvlzHyW/RozYpngDJF7TsTD7rdRF1xQ4RprfBF8fwK/xsU7pxbeom5xDHZhz3fiw8s+7UdbmnazDHfAjU58aUrLGgVRfUsuoHjtsptYlOIXEifaeMetXZE+HhqLYRHQPDap5fbBJl773Trosn7N9nmzN4x1xxGj9So21WC5UboQs9sAIVgizc4omjZ5Y4RN9HLH7G4YwJctNntzmnJhDui9zAO+zSQIDAQABAoIBADi+F7rTtVoft0Cfnok8o6Y58/HVxHdxiMryUd95iy0FN4RBi48FTx6D9QKFz25Ws/8sU2n3D51srIXf1u24b1N0/f39RQKaqk7mcyxOylaEuBQcj5pah4ihgKd92UBfBKdKV5LBo6RgD3e2yhbiHr8+UlBQqzH7vOef6Bm6zIbfmi3N88swAJhP0YizRZFklsbmLsK6nkwyro00CHJvPVKSBbM+ad+/zIBsLw56MvNngB5TuFguUgoljd6M1T2z4utmZGlTUqrfE1onAVLJZoGnRohyIr7dJEg6YxWR70PxsgmkDKyeRvet9P1trO0n+OSprusfrC3cHJStabap1V0CgYEA1A/CtsqTnjdYYsB19eumZgdpzUgNc/YEAzZ/OWb8yTLoB2ncci+63A1rXHUXAqJFY7vtjn5mxv7SuASNbUrzq+6KfZvC1x9XEtnczqT/ypunNfxmIZuj8Nuu6vtURguZ8kPPwdkI8toTizRFeRE5ZDBvoQryiEVYugfHaHT5vzsCgYEAwKWODwquI0Lv9BuwdNVrBXQpkKh3ZfYOA7i9xvhxlM7xUu8OMCwwCPn3r7vrW5APjTqX4h330mJ44SLEs+7gbCUs4BbJBLA6g0ChlHa9PTkxp6tk2nDF/B34fxiZSRkE85L+d+at0Dc3hnlzLCJCzJawGpoPniPU9e4w0p4dN0sCgYAsGnMGjS8SUrRhJWHjGXVr9tK8TOXvXhULjgP7rj2Yoqu7Dvs4DFEyft/7RKbad2EzEtyfLA64CDtO5jN7rYDsGxpWcVSeZPg5BXJ0z8AbJTArfCjJiJMZ/rZsTIUEZFlKF2xYBolj6JLz+pUQTtK+0YwF1D8ItFN1rTR9twZSDQKBgQC6sPXNX+VH6LuPTjIf1x8CxwLs3EXxOpV0R9kp9GRl+HJnk6GlT30xhcThufQo5KAdllXQXIhoiuNoEoCbevhj9Vbax1oBQCNERSMRNEzKAx46xd9TzYwgeo7x5E3QR/3DaoVOfu+cY5ZcrF/PulgP2kxJS1mtQD5GIpGP2oinpwKBgGqiqTFPqRcelx76vBvTU+Jp1zM62T4AotbMrSQR/oUvqHe5Ytj/SbZx+wbbHAiyGgV700Mosyviik83YEAbR3kdOPjgYvAJJW2Y3jEMdQ7MwriXz8XLh5BGmYfVjkSOJXed9ua9WlYLKOJeXXv191BbDvrx5NXuJyVVU4vJx3YZ
certificate:
- MIICnTCCAYUCBgFp4EYIrjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdwcm90ZWFuMB4XDTE5MDQwMjIyNTYxOVoXDTI5MDQwMjIyNTc1OVowEjEQMA4GA1UEAwwHcHJvdGVhbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ+U9d7LhfJpUvqSV6dFNW7aONZ1uecKXLPkabPGVQkciSlqs8EgmJyO5ZtKwdsAaQADuDj6I9c5ZlaBZgT7A1PV3+647CW+SyMyEAwmWOOGkg2bekUfoGpD4kL5cx8lv0aM2KZ4AyRe07Ew+63URdcUOEaa3wRfH8Cv8bFO6cW3qJucQx2Yc934sPLPu1HW5p2swx3wI1OfGlKyxoFUX1LLqB47bKbWJTiFxIn2njHrV2RPh4ai2ER0Dw2qeX2wSZe+9066LJ+zfZ5szeMdccRo/UqNtVguVG6ELPbACFYIs3OKJo2eWOETfRyx+xuGMCXLTZ7c5pyYQ7ovcwDvs0kCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAVtmRKDb4OK5iSA46tagMBkp6L7WuPpCWuHGWwobEP+BecYsShW7zP3s12oA8SNSwbhvu0CRqgzxhuypgf3hKQFVU153Erv4hzkj+8S0s5LR/ZE7tDNY2lzJ3yQKXy3Md7EkuzzvOZ50MTrcSKAanWq/ZW1OTnrtGymj5zGJnTg7mMnJzEIGePxkvPu/QdchiPBLqxfZYm1jsFGY25djOC3N/KmVcRVmPRGuu6D8tBFHlKoPfZYPdbMvsvs24aupHKRcZ+ofTCpK+2Qo8c0pSSqeEYHGmuGqC6lC6ozxtxSABPO9Q1R1tZBU7Kg5HvXUwwmoVS3EGub46YbHqbmWMLg==
priority:
- '100'
- id: 19c225cc-b499-48b1-aed6-3e1dd5bcf04c
name: hmac-generated
providerId: hmac-generated
subComponents: {}
config:
kid:
- 96afd00e-85cf-4d35-b18e-061d3813d8b2
secret:
- qBFGKdUGf6xDgKphnRfoFzIzaFHJW4bYnZ9MinPFzN38X5_ctq-2u1q5RdZzeJukXvk2biHB8_s3DxWmmLZFsA
priority:
- '100'
algorithm:
- HS256
internationalizationEnabled: false
supportedLocales: []
authenticationFlows:
- id: 55f3ddc5-0f36-496d-817f-3aa8f426ee45
alias: Account verification options
description: Method with which to verity the existing account
providerId: basic-flow
topLevel: false
builtIn: true
authenticationExecutions:
- authenticator: idp-email-verification
requirement: ALTERNATIVE
priority: 10
userSetupAllowed: false
autheticatorFlow: false
- requirement: ALTERNATIVE
priority: 20
flowAlias: Verify Existing Account by Re-authentication
userSetupAllowed: false
autheticatorFlow: true
- id: fc632231-21d0-44d5-a730-f6e8e0e2cebc
alias: Authentication Options
description: Authentication options.
providerId: basic-flow
topLevel: false
builtIn: true
authenticationExecutions:
- authenticator: basic-auth
requirement: REQUIRED
priority: 10
userSetupAllowed: false
autheticatorFlow: false
- authenticator: basic-auth-otp
requirement: DISABLED
priority: 20
userSetupAllowed: false
autheticatorFlow: false
- authenticator: auth-spnego
requirement: DISABLED
priority: 30
userSetupAllowed: false
autheticatorFlow: false
- id: 2d0ccc2f-888c-495f-91ae-dfffba572d33
alias: Browser - Conditional OTP
description: Flow to determine if the OTP is required for the authentication
providerId: basic-flow
topLevel: false
builtIn: true
authenticationExecutions:
- authenticator: conditional-user-configured
requirement: REQUIRED
priority: 10
userSetupAllowed: false
autheticatorFlow: false
- authenticator: auth-otp-form
requirement: REQUIRED
priority: 20
userSetupAllowed: false
autheticatorFlow: false
- id: b7ff5812-2bc2-4f8f-9913-bd3b97a08618
alias: Direct Grant - Conditional OTP
description: Flow to determine if the OTP is required for the authentication
providerId: basic-flow
topLevel: false
builtIn: true
authenticationExecutions:
- authenticator: conditional-user-configured
requirement: REQUIRED
priority: 10
userSetupAllowed: false
autheticatorFlow: false
- authenticator: direct-grant-validate-otp
requirement: REQUIRED
priority: 20
userSetupAllowed: false
autheticatorFlow: false
- id: ddbfb446-21d8-44c2-a207-7f83d760e94f
alias: First broker login - Conditional OTP
description: Flow to determine if the OTP is required for the authentication
providerId: basic-flow
topLevel: false
builtIn: true
authenticationExecutions:
- authenticator: conditional-user-configured
requirement: REQUIRED
priority: 10
userSetupAllowed: false
autheticatorFlow: false
- authenticator: auth-otp-form
requirement: REQUIRED
priority: 20
userSetupAllowed: false
autheticatorFlow: false
- id: 21dc8a77-3900-46e7-b1e4-40f5bcbd9b8e
alias: Handle Existing Account
description: Handle what to do if there is existing account with same email/username
like authenticated identity provider
providerId: basic-flow
topLevel: false
builtIn: true
authenticationExecutions:
- authenticator: idp-confirm-link
requirement: REQUIRED
priority: 10
userSetupAllowed: false
autheticatorFlow: false
- requirement: REQUIRED
priority: 20
flowAlias: Account verification options
userSetupAllowed: false
autheticatorFlow: true
- id: 329ed4e1-d3a8-42aa-a9ff-991a0e8f2851
alias: Reset - Conditional OTP
description: Flow to determine if the OTP should be reset or not. Set to REQUIRED
to force.
providerId: basic-flow
topLevel: false
builtIn: true
authenticationExecutions:
- authenticator: conditional-user-configured
requirement: REQUIRED
priority: 10
userSetupAllowed: false
autheticatorFlow: false
- authenticator: reset-otp
requirement: REQUIRED
priority: 20
userSetupAllowed: false
autheticatorFlow: false
- id: 66b4a633-6ba0-41e2-944f-0b13369c1e78
alias: User creation or linking
description: Flow for the existing/non-existing user alternatives
providerId: basic-flow
topLevel: false
builtIn: true
authenticationExecutions:
- authenticatorConfig: create unique user config
authenticator: idp-create-user-if-unique
requirement: ALTERNATIVE
priority: 10
userSetupAllowed: false
autheticatorFlow: false
- requirement: ALTERNATIVE
priority: 20
flowAlias: Handle Existing Account
userSetupAllowed: false
autheticatorFlow: true
- id: fce169a3-c245-4dc8-a3c5-295bfa7057a4
alias: Verify Existing Account by Re-authentication
description: Reauthentication of existing account
providerId: basic-flow
topLevel: false
builtIn: true
authenticationExecutions:
- authenticator: idp-username-password-form
requirement: REQUIRED
priority: 10
userSetupAllowed: false
autheticatorFlow: false
- requirement: CONDITIONAL
priority: 20
flowAlias: First broker login - Conditional OTP
userSetupAllowed: false
autheticatorFlow: true
- id: 4c5476fa-9aef-440b-bd14-25bf8cbfcd16
alias: browser
description: browser based authentication
providerId: basic-flow
topLevel: true
builtIn: true
authenticationExecutions:
- authenticator: auth-cookie
requirement: ALTERNATIVE
priority: 10
userSetupAllowed: false
autheticatorFlow: false
- authenticator: auth-spnego
requirement: DISABLED
priority: 20
userSetupAllowed: false
autheticatorFlow: false
- authenticator: identity-provider-redirector
requirement: ALTERNATIVE
priority: 25
userSetupAllowed: false
autheticatorFlow: false
- requirement: ALTERNATIVE
priority: 30
flowAlias: forms
userSetupAllowed: false
autheticatorFlow: true
- id: 75d65771-3bfb-4def-a539-656de7d1af58
alias: clients
description: Base authentication for clients
providerId: client-flow
topLevel: true
builtIn: true
authenticationExecutions:
- authenticator: client-secret
requirement: ALTERNATIVE
priority: 10
userSetupAllowed: false
autheticatorFlow: false
- authenticator: client-jwt
requirement: ALTERNATIVE
priority: 20
userSetupAllowed: false
autheticatorFlow: false
- authenticator: client-secret-jwt
requirement: ALTERNATIVE
priority: 30
userSetupAllowed: false
autheticatorFlow: false
- authenticator: client-x509
requirement: ALTERNATIVE
priority: 40
userSetupAllowed: false
autheticatorFlow: false
- id: a6a9036b-192e-461f-91c7-d8117435188d
alias: direct grant
description: OpenID Connect Resource Owner Grant
providerId: basic-flow
topLevel: true
builtIn: true
authenticationExecutions:
- authenticator: direct-grant-validate-username
requirement: REQUIRED
priority: 10
userSetupAllowed: false
autheticatorFlow: false
- authenticator: direct-grant-validate-password
requirement: REQUIRED
priority: 20
userSetupAllowed: false
autheticatorFlow: false
- requirement: CONDITIONAL
priority: 30
flowAlias: Direct Grant - Conditional OTP
userSetupAllowed: false
autheticatorFlow: true
- id: f86bdf88-8bee-480b-8e81-67dcd674e46c
alias: docker auth
description: Used by Docker clients to authenticate against the IDP
providerId: basic-flow
topLevel: true
builtIn: true
authenticationExecutions:
- authenticator: docker-http-basic-authenticator
requirement: REQUIRED
priority: 10
userSetupAllowed: false
autheticatorFlow: false
- id: 6f87019e-c995-4049-b8bf-d08a9c3a13f3
alias: first broker login
description: Actions taken after first broker login with identity provider account,
which is not yet linked to any Keycloak account
providerId: basic-flow
topLevel: true
builtIn: true
authenticationExecutions:
- authenticatorConfig: review profile config
authenticator: idp-review-profile
requirement: REQUIRED
priority: 10
userSetupAllowed: false
autheticatorFlow: false
- requirement: REQUIRED
priority: 20
flowAlias: User creation or linking
userSetupAllowed: false
autheticatorFlow: true
- id: fadc7c73-7fae-4c28-ad69-51bb03ba17bf
alias: forms
description: Username, password, otp and other auth forms.
providerId: basic-flow
topLevel: false
builtIn: true
authenticationExecutions:
- authenticator: auth-username-password-form
requirement: REQUIRED
priority: 10
userSetupAllowed: false
autheticatorFlow: false
- requirement: CONDITIONAL
priority: 20
flowAlias: Browser - Conditional OTP
userSetupAllowed: false
autheticatorFlow: true
- id: f961cb3c-c681-4dc7-8151-786a5c50ce08
alias: http challenge
description: An authentication flow based on challenge-response HTTP Authentication
Schemes
providerId: basic-flow
topLevel: true
builtIn: true
authenticationExecutions:
- authenticator: no-cookie-redirect
requirement: REQUIRED
priority: 10
userSetupAllowed: false
autheticatorFlow: false
- requirement: REQUIRED
priority: 20
flowAlias: Authentication Options
userSetupAllowed: false
autheticatorFlow: true
- id: d930f23e-ae58-45b2-9e01-20691200c926
alias: registration
description: registration flow
providerId: basic-flow
topLevel: true
builtIn: true
authenticationExecutions:
- authenticator: registration-page-form
requirement: REQUIRED
priority: 10
flowAlias: registration form
userSetupAllowed: false
autheticatorFlow: true
- id: 8d62b1dd-6066-454d-bc76-f783d50fecaa
alias: registration form
description: registration form
providerId: form-flow
topLevel: false
builtIn: true
authenticationExecutions:
- authenticator: registration-user-creation
requirement: REQUIRED
priority: 20
userSetupAllowed: false
autheticatorFlow: false
- authenticator: registration-profile-action
requirement: REQUIRED
priority: 40
userSetupAllowed: false
autheticatorFlow: false
- authenticator: registration-password-action
requirement: REQUIRED
priority: 50
userSetupAllowed: false
autheticatorFlow: false
- authenticator: registration-recaptcha-action
requirement: DISABLED
priority: 60
userSetupAllowed: false
autheticatorFlow: false
- id: f99be349-ce0b-44a4-9f70-73f57cb8c164
alias: reset credentials
description: Reset credentials for a user if they forgot their password or something
providerId: basic-flow
topLevel: true
builtIn: true
authenticationExecutions:
- authenticator: reset-credentials-choose-user
requirement: REQUIRED
priority: 10
userSetupAllowed: false
autheticatorFlow: false
- authenticator: reset-credential-email
requirement: REQUIRED
priority: 20
userSetupAllowed: false
autheticatorFlow: false
- authenticator: reset-password
requirement: REQUIRED
priority: 30
userSetupAllowed: false
autheticatorFlow: false
- requirement: CONDITIONAL
priority: 40
flowAlias: Reset - Conditional OTP
userSetupAllowed: false
autheticatorFlow: true
- id: 33ee7503-bd12-4e5a-903c-5ae580f48709
alias: saml ecp
description: SAML ECP Profile Authentication Flow
providerId: basic-flow
topLevel: true
builtIn: true
authenticationExecutions:
- authenticator: http-basic-authenticator
requirement: REQUIRED
priority: 10
userSetupAllowed: false
autheticatorFlow: false
authenticatorConfig:
- id: 6970ebc8-0b24-414c-8544-3cc48b1a0e4c
alias: create unique user config
config:
require.password.update.after.registration: 'false'
- id: d14b76f4-b608-4b13-b51c-b9e162ad784b
alias: review profile config
config:
update.profile.on.first.login: missing
requiredActions:
- alias: CONFIGURE_TOTP
name: Configure OTP
providerId: CONFIGURE_TOTP
enabled: true
defaultAction: false
priority: 10
config: {}
- alias: terms_and_conditions
name: Terms and Conditions
providerId: terms_and_conditions
enabled: false
defaultAction: false
priority: 20
config: {}
- alias: UPDATE_PASSWORD
name: Update Password
providerId: UPDATE_PASSWORD
enabled: true
defaultAction: false
priority: 30
config: {}
- alias: UPDATE_PROFILE
name: Update Profile
providerId: UPDATE_PROFILE
enabled: true
defaultAction: false
priority: 40
config: {}
- alias: VERIFY_EMAIL
name: Verify Email
providerId: VERIFY_EMAIL
enabled: true
defaultAction: false
priority: 50
config: {}
browserFlow: browser
registrationFlow: registration
directGrantFlow: direct grant
resetCredentialsFlow: reset credentials
clientAuthenticationFlow: clients
dockerAuthenticationFlow: docker auth
attributes:
webAuthnPolicyAuthenticatorAttachment: not specified
_browser_header.xRobotsTag: none
webAuthnPolicyRpEntityName: keycloak
failureFactor: '30'
actionTokenGeneratedByUserLifespan: '300'
maxDeltaTimeSeconds: '43200'
webAuthnPolicySignatureAlgorithms: ES256
offlineSessionMaxLifespan: '5184000'
_browser_header.contentSecurityPolicyReportOnly: ''
bruteForceProtected: 'false'
_browser_header.contentSecurityPolicy: frame-src 'self'; frame-ancestors 'self';
object-src 'none';
_browser_header.xXSSProtection: 1; mode=block
_browser_header.xFrameOptions: SAMEORIGIN
_browser_header.strictTransportSecurity: max-age=31536000; includeSubDomains
webAuthnPolicyUserVerificationRequirement: not specified
permanentLockout: 'false'
quickLoginCheckMilliSeconds: '1000'
webAuthnPolicyCreateTimeout: '0'
webAuthnPolicyRequireResidentKey: not specified
webAuthnPolicyRpId: ''
webAuthnPolicyAttestationConveyancePreference: not specified
maxFailureWaitSeconds: '900'
minimumQuickLoginWaitSeconds: '60'
webAuthnPolicyAvoidSameAuthenticatorRegister: 'false'
_browser_header.xContentTypeOptions: nosniff
actionTokenGeneratedByAdminLifespan: '43200'
waitIncrementSeconds: '60'
offlineSessionMaxLifespanEnabled: 'false'
users:
- id: af134cab-f41c-4675-b141-205f975db679
username: admin
enabled: true
totp: false
emailVerified: false
credentials:
- type: password
hashedSaltedValue: NICTtwsvSxJ5hL8hLAuleDUv9jwZcuXgxviMXvR++cciyPtiIEStEaJUyfA9DOir59awjPrHOumsclPVjNBplA==
salt: T/2P5o5oxFJUEk68BRURRg==
hashIterations: 27500
counter: 0
algorithm: pbkdf2-sha256
digits: 0
period: 0
createdDate: 1554245879354
config: {}
disableableCredentialTypes:
- password
requiredActions: []
realmRoles:
- admin
- user
notBefore: 0
groups: []
- id: eb4123a3-b722-4798-9af5-8957f823657a
username: alice
enabled: true
totp: false
emailVerified: false
credentials:
- type: password
hashedSaltedValue: A3okqV2T/ybXTVEgKfosoSjP8Yc9IZbFP/SY4cEd6hag7TABQrQ6nUSuwagGt96l8cw1DTijO75PqX6uiTXMzw==
salt: sl4mXx6T9FypPH/s9TngfQ==
hashIterations: 27500
counter: 0
algorithm: pbkdf2-sha256
digits: 0
period: 0
createdDate: 1554245879116
config: {}
disableableCredentialTypes:
- password
requiredActions: []
realmRoles:
- user
notBefore: 0
groups: []
- id: 1eed6a8e-a853-4597-b4c6-c4c2533546a0
username: jdoe
enabled: true
totp: false
emailVerified: false
credentials:
- type: password
hashedSaltedValue: JV3DUNLjqOadjbBOtC4rvacQI553CGaDGAzBS8MR5ReCr7SwF3E6CsW3T7/XO8ITZAsch8+A/6loeuCoVLLJrg==
salt: uCbOH7HZtyDtMd0E9DG/nw==
hashIterations: 27500
counter: 0
algorithm: pbkdf2-sha256
digits: 0
period: 0
createdDate: 1554245879227
config: {}
disableableCredentialTypes:
- password
requiredActions: []
realmRoles:
- confidential
- user
notBefore: 0
groups: []
- id: 948c59ec-46ed-4d99-aa43-02900029b930
createdTimestamp: 1554245880023
username: service-account-backend-service
enabled: true
totp: false
emailVerified: false
email: service-account-backend-service@placeholder.org
serviceAccountClientId: backend-service
credentials: []
disableableCredentialTypes: []
requiredActions: []
realmRoles:
- offline_access
clientRoles:
backend-service:
- uma_protection
account:
- view-profile
- manage-account
notBefore: 0
groups: []
keycloakVersion: 8.0.1
userManagedAccessAllowed: false
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment