-
-
Save sshaaf/7b5a0fc6c81289440cb797e049b99472 to your computer and use it in GitHub Desktop.
Keycloak example quarkus realm export CR
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: k8s.keycloak.org/v2alpha1 | |
kind: KeycloakRealmImport | |
metadata: | |
name: quarkus | |
spec: | |
keycloakCRName: example-kc | |
realm: | |
id: quarkus | |
realm: quarkus | |
notBefore: 0 | |
revokeRefreshToken: false | |
refreshTokenMaxReuse: 0 | |
accessTokenLifespan: 300 | |
accessTokenLifespanForImplicitFlow: 900 | |
ssoSessionIdleTimeout: 1800 | |
ssoSessionMaxLifespan: 36000 | |
ssoSessionIdleTimeoutRememberMe: 0 | |
ssoSessionMaxLifespanRememberMe: 0 | |
offlineSessionIdleTimeout: 2592000 | |
offlineSessionMaxLifespanEnabled: false | |
offlineSessionMaxLifespan: 5184000 | |
accessCodeLifespan: 60 | |
accessCodeLifespanUserAction: 300 | |
accessCodeLifespanLogin: 1800 | |
actionTokenGeneratedByAdminLifespan: 43200 | |
actionTokenGeneratedByUserLifespan: 300 | |
enabled: true | |
sslRequired: external | |
registrationAllowed: false | |
registrationEmailAsUsername: false | |
rememberMe: false | |
verifyEmail: false | |
loginWithEmailAllowed: true | |
duplicateEmailsAllowed: false | |
resetPasswordAllowed: false | |
editUsernameAllowed: false | |
bruteForceProtected: false | |
permanentLockout: false | |
maxFailureWaitSeconds: 900 | |
minimumQuickLoginWaitSeconds: 60 | |
waitIncrementSeconds: 60 | |
quickLoginCheckMilliSeconds: 1000 | |
maxDeltaTimeSeconds: 43200 | |
failureFactor: 30 | |
roles: | |
realm: | |
- id: 3ce83241-464b-4ca0-8f0f-17002a797aab | |
name: admin | |
composite: false | |
clientRole: false | |
containerId: quarkus | |
attributes: {} | |
- id: 68615956-51ca-49ca-865a-f9cb2571b027 | |
name: confidential | |
composite: false | |
clientRole: false | |
containerId: quarkus | |
attributes: {} | |
- id: c6d57a00-eb97-460d-91b0-89e6a94a7aa5 | |
name: offline_access | |
description: "${role_offline-access}" | |
composite: false | |
clientRole: false | |
containerId: quarkus | |
attributes: {} | |
- id: c50286f6-3562-473f-ad45-9767b982ff45 | |
name: uma_authorization | |
description: "${role_uma_authorization}" | |
composite: false | |
clientRole: false | |
containerId: quarkus | |
attributes: {} | |
- id: d3246456-8f5d-4722-8364-a46a8d25dc7c | |
name: user | |
composite: false | |
clientRole: false | |
containerId: quarkus | |
attributes: {} | |
client: | |
realm-management: | |
- id: 4b24739e-3a0a-48d2-b202-713430d775d2 | |
name: manage-identity-providers | |
description: "${role_manage-identity-providers}" | |
composite: false | |
clientRole: true | |
containerId: dd29e998-54e9-4067-884e-4f986e990c1d | |
attributes: {} | |
- id: bcc6637a-294c-4529-a706-33b8c49f40fc | |
name: view-users | |
description: "${role_view-users}" | |
composite: true | |
composites: | |
client: | |
realm-management: | |
- query-groups | |
- query-users | |
clientRole: true | |
containerId: dd29e998-54e9-4067-884e-4f986e990c1d | |
attributes: {} | |
- id: 1238e880-907f-4e8b-a032-4d09a922adf8 | |
name: query-clients | |
description: "${role_query-clients}" | |
composite: false | |
clientRole: true | |
containerId: dd29e998-54e9-4067-884e-4f986e990c1d | |
attributes: {} | |
- id: 183e58f4-136b-4c91-b20a-5c76857a671e | |
name: view-identity-providers | |
description: "${role_view-identity-providers}" | |
composite: false | |
clientRole: true | |
containerId: dd29e998-54e9-4067-884e-4f986e990c1d | |
attributes: {} | |
- id: f65a9a54-d689-4c45-87cd-f177babdeaef | |
name: view-events | |
description: "${role_view-events}" | |
composite: false | |
clientRole: true | |
containerId: dd29e998-54e9-4067-884e-4f986e990c1d | |
attributes: {} | |
- id: 9aec187f-d623-45c7-a8b3-5aa32d115f50 | |
name: manage-events | |
description: "${role_manage-events}" | |
composite: false | |
clientRole: true | |
containerId: dd29e998-54e9-4067-884e-4f986e990c1d | |
attributes: {} | |
- id: 52521d81-e7d6-4929-95cb-0a084c5bacb8 | |
name: view-clients | |
description: "${role_view-clients}" | |
composite: true | |
composites: | |
client: | |
realm-management: | |
- query-clients | |
clientRole: true | |
containerId: dd29e998-54e9-4067-884e-4f986e990c1d | |
attributes: {} | |
- id: e92c753a-7b17-4adc-9962-04f24040e404 | |
name: query-realms | |
description: "${role_query-realms}" | |
composite: false | |
clientRole: true | |
containerId: dd29e998-54e9-4067-884e-4f986e990c1d | |
attributes: {} | |
- id: 1285d11d-08f4-4753-b27e-d5f7b0e76fca | |
name: manage-clients | |
description: "${role_manage-clients}" | |
composite: false | |
clientRole: true | |
containerId: dd29e998-54e9-4067-884e-4f986e990c1d | |
attributes: {} | |
- id: b0ee027f-5aa6-48eb-837f-4635590576ec | |
name: view-authorization | |
description: "${role_view-authorization}" | |
composite: false | |
clientRole: true | |
containerId: dd29e998-54e9-4067-884e-4f986e990c1d | |
attributes: {} | |
- id: f1176efb-e24b-4fab-8b37-8265aefd10e1 | |
name: query-users | |
description: "${role_query-users}" | |
composite: false | |
clientRole: true | |
containerId: dd29e998-54e9-4067-884e-4f986e990c1d | |
attributes: {} | |
- id: 61ac3405-ccbd-4cdf-8cac-c918e1d77e1f | |
name: query-groups | |
description: "${role_query-groups}" | |
composite: false | |
clientRole: true | |
containerId: dd29e998-54e9-4067-884e-4f986e990c1d | |
attributes: {} | |
- id: 968be265-6868-416a-91a1-e5bd882349ab | |
name: manage-authorization | |
description: "${role_manage-authorization}" | |
composite: false | |
clientRole: true | |
containerId: dd29e998-54e9-4067-884e-4f986e990c1d | |
attributes: {} | |
- id: e77611fc-5ec5-4438-96c3-b291aae78d0c | |
name: manage-users | |
description: "${role_manage-users}" | |
composite: false | |
clientRole: true | |
containerId: dd29e998-54e9-4067-884e-4f986e990c1d | |
attributes: {} | |
- id: f5163480-f5fc-4355-8be1-8cc96ff7d99d | |
name: realm-admin | |
description: "${role_realm-admin}" | |
composite: true | |
composites: | |
client: | |
realm-management: | |
- manage-identity-providers | |
- query-clients | |
- view-users | |
- view-identity-providers | |
- view-events | |
- view-clients | |
- manage-events | |
- query-realms | |
- manage-clients | |
- view-authorization | |
- query-groups | |
- query-users | |
- manage-authorization | |
- manage-users | |
- manage-realm | |
- create-client | |
- view-realm | |
- impersonation | |
clientRole: true | |
containerId: dd29e998-54e9-4067-884e-4f986e990c1d | |
attributes: {} | |
- id: 165b24e1-9488-4cc7-87cd-e74b1cdc5619 | |
name: manage-realm | |
description: "${role_manage-realm}" | |
composite: false | |
clientRole: true | |
containerId: dd29e998-54e9-4067-884e-4f986e990c1d | |
attributes: {} | |
- id: 6e633885-b1fb-4ca8-9ef9-7c4c8f8732e8 | |
name: view-realm | |
description: "${role_view-realm}" | |
composite: false | |
clientRole: true | |
containerId: dd29e998-54e9-4067-884e-4f986e990c1d | |
attributes: {} | |
- id: 64ec1233-2cee-4d9b-ab6f-0bd06702c684 | |
name: create-client | |
description: "${role_create-client}" | |
composite: false | |
clientRole: true | |
containerId: dd29e998-54e9-4067-884e-4f986e990c1d | |
attributes: {} | |
- id: 683bddad-81c6-4dca-87b6-e14b0b2ae524 | |
name: impersonation | |
description: "${role_impersonation}" | |
composite: false | |
clientRole: true | |
containerId: dd29e998-54e9-4067-884e-4f986e990c1d | |
attributes: {} | |
security-admin-console: [] | |
admin-cli: [] | |
backend-service: | |
- id: 5b9947c6-eb74-4de6-8623-0285720993f3 | |
name: uma_protection | |
composite: false | |
clientRole: true | |
containerId: 302430aa-3929-42cf-8ba2-2b9d2e71dc3a | |
attributes: {} | |
broker: | |
- id: bee1f77b-34a9-4386-9eca-eb19db248394 | |
name: read-token | |
description: "${role_read-token}" | |
composite: false | |
clientRole: true | |
containerId: 2a02328b-6aa6-49a8-b56c-7036c273c70b | |
attributes: {} | |
account: | |
- id: 1ffcc7fe-50a8-4300-b172-10f651e5a5bd | |
name: view-profile | |
description: "${role_view-profile}" | |
composite: false | |
clientRole: true | |
containerId: 35b5a50f-a32a-4bd1-b4b3-50f0ade135c7 | |
attributes: {} | |
- id: d3ffeda8-8d57-4b63-ae1d-90f88bc4b068 | |
name: manage-account-links | |
description: "${role_manage-account-links}" | |
composite: false | |
clientRole: true | |
containerId: 35b5a50f-a32a-4bd1-b4b3-50f0ade135c7 | |
attributes: {} | |
- id: 74f86380-8e18-407f-ad16-529044f9c7dc | |
name: manage-account | |
description: "${role_manage-account}" | |
composite: true | |
composites: | |
client: | |
account: | |
- manage-account-links | |
clientRole: true | |
containerId: 35b5a50f-a32a-4bd1-b4b3-50f0ade135c7 | |
attributes: {} | |
groups: [] | |
requiredCredentials: | |
- password | |
otpPolicyType: totp | |
otpPolicyAlgorithm: HmacSHA1 | |
otpPolicyInitialCounter: 0 | |
otpPolicyDigits: 6 | |
otpPolicyLookAheadWindow: 1 | |
otpPolicyPeriod: 30 | |
otpSupportedApplications: | |
- FreeOTP | |
- Google Authenticator | |
webAuthnPolicyRpEntityName: keycloak | |
webAuthnPolicySignatureAlgorithms: | |
- ES256 | |
webAuthnPolicyRpId: '' | |
webAuthnPolicyAttestationConveyancePreference: not specified | |
webAuthnPolicyAuthenticatorAttachment: not specified | |
webAuthnPolicyRequireResidentKey: not specified | |
webAuthnPolicyUserVerificationRequirement: not specified | |
webAuthnPolicyCreateTimeout: 0 | |
webAuthnPolicyAvoidSameAuthenticatorRegister: false | |
webAuthnPolicyAcceptableAaguids: [] | |
clients: | |
- id: 302430aa-3929-42cf-8ba2-2b9d2e71dc3a | |
clientId: backend-service | |
surrogateAuthRequired: false | |
enabled: true | |
clientAuthenticatorType: client-secret | |
secret: secret | |
redirectUris: | |
- "*" | |
webOrigins: [] | |
notBefore: 0 | |
bearerOnly: false | |
consentRequired: false | |
standardFlowEnabled: true | |
implicitFlowEnabled: false | |
directAccessGrantsEnabled: true | |
serviceAccountsEnabled: true | |
publicClient: false | |
frontchannelLogout: false | |
protocol: openid-connect | |
attributes: {} | |
authenticationFlowBindingOverrides: {} | |
fullScopeAllowed: true | |
nodeReRegistrationTimeout: -1 | |
protocolMappers: | |
- id: 1390addb-ba10-4455-a1ea-8455c3770cf1 | |
name: Client ID | |
protocol: openid-connect | |
protocolMapper: oidc-usersessionmodel-note-mapper | |
consentRequired: false | |
config: | |
user.session.note: clientId | |
userinfo.token.claim: 'true' | |
id.token.claim: 'true' | |
access.token.claim: 'true' | |
claim.name: clientId | |
jsonType.label: String | |
- id: cdafda09-f6d9-41e3-87ef-6789e861689a | |
name: Client Host | |
protocol: openid-connect | |
protocolMapper: oidc-usersessionmodel-note-mapper | |
consentRequired: false | |
config: | |
user.session.note: clientHost | |
userinfo.token.claim: 'true' | |
id.token.claim: 'true' | |
access.token.claim: 'true' | |
claim.name: clientHost | |
jsonType.label: String | |
- id: 95b47211-912c-43f5-84ce-5bfbc761325d | |
name: Client IP Address | |
protocol: openid-connect | |
protocolMapper: oidc-usersessionmodel-note-mapper | |
consentRequired: false | |
config: | |
user.session.note: clientAddress | |
userinfo.token.claim: 'true' | |
id.token.claim: 'true' | |
access.token.claim: 'true' | |
claim.name: clientAddress | |
jsonType.label: String | |
defaultClientScopes: | |
- web-origins | |
- role_list | |
- roles | |
- profile | |
optionalClientScopes: | |
- address | |
- phone | |
- offline_access | |
- microprofile-jwt | |
- id: dd29e998-54e9-4067-884e-4f986e990c1d | |
clientId: realm-management | |
name: "${client_realm-management}" | |
surrogateAuthRequired: false | |
enabled: true | |
clientAuthenticatorType: client-secret | |
secret: c41b709a-a012-4c69-89d7-4f926dba0619 | |
redirectUris: [] | |
webOrigins: [] | |
notBefore: 0 | |
bearerOnly: true | |
consentRequired: false | |
standardFlowEnabled: true | |
implicitFlowEnabled: false | |
directAccessGrantsEnabled: false | |
serviceAccountsEnabled: false | |
publicClient: false | |
frontchannelLogout: false | |
protocol: openid-connect | |
attributes: {} | |
authenticationFlowBindingOverrides: {} | |
fullScopeAllowed: false | |
nodeReRegistrationTimeout: 0 | |
defaultClientScopes: | |
- web-origins | |
- role_list | |
- roles | |
- profile | |
optionalClientScopes: | |
- address | |
- phone | |
- offline_access | |
- microprofile-jwt | |
- id: c6e812f9-326b-4e66-9197-157a5d43b172 | |
clientId: admin-cli | |
name: "${client_admin-cli}" | |
surrogateAuthRequired: false | |
enabled: true | |
clientAuthenticatorType: client-secret | |
secret: a951803a-79c7-46a6-8197-e32835286971 | |
redirectUris: [] | |
webOrigins: [] | |
notBefore: 0 | |
bearerOnly: false | |
consentRequired: false | |
standardFlowEnabled: false | |
implicitFlowEnabled: false | |
directAccessGrantsEnabled: true | |
serviceAccountsEnabled: false | |
publicClient: true | |
frontchannelLogout: false | |
protocol: openid-connect | |
attributes: {} | |
authenticationFlowBindingOverrides: {} | |
fullScopeAllowed: false | |
nodeReRegistrationTimeout: 0 | |
defaultClientScopes: | |
- web-origins | |
- role_list | |
- roles | |
- profile | |
optionalClientScopes: | |
- address | |
- phone | |
- offline_access | |
- microprofile-jwt | |
- id: 35b5a50f-a32a-4bd1-b4b3-50f0ade135c7 | |
clientId: account | |
name: "${client_account}" | |
rootUrl: "${authBaseUrl}" | |
baseUrl: "/realms/quarkus/account/" | |
surrogateAuthRequired: false | |
enabled: true | |
clientAuthenticatorType: client-secret | |
secret: 0136c3ef-0dfd-4b13-a6d0-2c8b6358edec | |
redirectUris: | |
- "/realms/quarkus/account/*" | |
webOrigins: [] | |
notBefore: 0 | |
bearerOnly: false | |
consentRequired: false | |
standardFlowEnabled: true | |
implicitFlowEnabled: false | |
directAccessGrantsEnabled: false | |
serviceAccountsEnabled: false | |
publicClient: false | |
frontchannelLogout: false | |
protocol: openid-connect | |
attributes: {} | |
authenticationFlowBindingOverrides: {} | |
fullScopeAllowed: false | |
nodeReRegistrationTimeout: 0 | |
defaultClientScopes: | |
- web-origins | |
- role_list | |
- roles | |
- profile | |
optionalClientScopes: | |
- address | |
- phone | |
- offline_access | |
- microprofile-jwt | |
- id: 2a02328b-6aa6-49a8-b56c-7036c273c70b | |
clientId: broker | |
name: "${client_broker}" | |
surrogateAuthRequired: false | |
enabled: true | |
clientAuthenticatorType: client-secret | |
secret: e1f7edd7-e15c-43b4-8736-ff8204d16836 | |
redirectUris: [] | |
webOrigins: [] | |
notBefore: 0 | |
bearerOnly: false | |
consentRequired: false | |
standardFlowEnabled: true | |
implicitFlowEnabled: false | |
directAccessGrantsEnabled: false | |
serviceAccountsEnabled: false | |
publicClient: false | |
frontchannelLogout: false | |
protocol: openid-connect | |
attributes: {} | |
authenticationFlowBindingOverrides: {} | |
fullScopeAllowed: false | |
nodeReRegistrationTimeout: 0 | |
defaultClientScopes: | |
- web-origins | |
- role_list | |
- roles | |
- profile | |
optionalClientScopes: | |
- address | |
- phone | |
- offline_access | |
- microprofile-jwt | |
- id: 6517b152-0693-4b28-a798-a0deea3e8644 | |
clientId: security-admin-console | |
name: "${client_security-admin-console}" | |
rootUrl: "${authAdminUrl}" | |
baseUrl: "/admin/quarkus/console/" | |
surrogateAuthRequired: false | |
enabled: true | |
clientAuthenticatorType: client-secret | |
secret: e571b211-2550-475d-b87f-116ff54091ee | |
redirectUris: | |
- "/admin/quarkus/console/*" | |
webOrigins: | |
- "+" | |
notBefore: 0 | |
bearerOnly: false | |
consentRequired: false | |
standardFlowEnabled: true | |
implicitFlowEnabled: false | |
directAccessGrantsEnabled: false | |
serviceAccountsEnabled: false | |
publicClient: true | |
frontchannelLogout: false | |
protocol: openid-connect | |
attributes: {} | |
authenticationFlowBindingOverrides: {} | |
fullScopeAllowed: false | |
nodeReRegistrationTimeout: 0 | |
protocolMappers: | |
- id: 9c7093a9-4da1-47e4-b2a5-afe180782220 | |
name: locale | |
protocol: openid-connect | |
protocolMapper: oidc-usermodel-attribute-mapper | |
consentRequired: false | |
config: | |
userinfo.token.claim: 'true' | |
user.attribute: locale | |
id.token.claim: 'true' | |
access.token.claim: 'true' | |
claim.name: locale | |
jsonType.label: String | |
defaultClientScopes: | |
- web-origins | |
- role_list | |
- roles | |
- profile | |
optionalClientScopes: | |
- address | |
- phone | |
- offline_access | |
- microprofile-jwt | |
clientScopes: | |
- id: 35bfd94e-681f-456a-bca0-0d0d8d986a96 | |
name: address | |
description: 'OpenID Connect built-in scope: address' | |
protocol: openid-connect | |
attributes: | |
include.in.token.scope: 'true' | |
display.on.consent.screen: 'true' | |
consent.screen.text: "${addressScopeConsentText}" | |
protocolMappers: | |
- id: 1f710637-5a3c-45f3-b4d3-74046993e0eb | |
name: address | |
protocol: openid-connect | |
protocolMapper: oidc-address-mapper | |
consentRequired: false | |
config: | |
user.attribute.formatted: formatted | |
user.attribute.country: country | |
user.attribute.postal_code: postal_code | |
userinfo.token.claim: 'true' | |
user.attribute.street: street | |
id.token.claim: 'true' | |
user.attribute.region: region | |
access.token.claim: 'true' | |
user.attribute.locality: locality | |
- id: eb0bdf87-6cda-4684-89a8-f7bd6f0c7bba | |
name: email | |
description: 'OpenID Connect built-in scope: email' | |
protocol: openid-connect | |
attributes: | |
include.in.token.scope: 'true' | |
display.on.consent.screen: 'true' | |
consent.screen.text: "${emailScopeConsentText}" | |
protocolMappers: | |
- id: 1ea39fbb-c692-4a1d-a143-a05b030889cb | |
name: email | |
protocol: openid-connect | |
protocolMapper: oidc-usermodel-property-mapper | |
consentRequired: false | |
config: | |
userinfo.token.claim: 'true' | |
user.attribute: email | |
id.token.claim: 'true' | |
access.token.claim: 'true' | |
claim.name: email | |
jsonType.label: String | |
- id: f97bd1de-6c95-4c5b-804c-f8b354457453 | |
name: email verified | |
protocol: openid-connect | |
protocolMapper: oidc-usermodel-property-mapper | |
consentRequired: false | |
config: | |
userinfo.token.claim: 'true' | |
user.attribute: emailVerified | |
id.token.claim: 'true' | |
access.token.claim: 'true' | |
claim.name: email_verified | |
jsonType.label: boolean | |
- id: 55621a1e-cd6b-45a7-9f06-a678e0801b9c | |
name: microprofile-jwt | |
description: Microprofile - JWT built-in scope | |
protocol: openid-connect | |
attributes: | |
include.in.token.scope: 'true' | |
display.on.consent.screen: 'false' | |
protocolMappers: | |
- id: 6c4f32b0-8ae4-4b4b-b4fa-a053df0bbb3a | |
name: groups | |
protocol: openid-connect | |
protocolMapper: oidc-usermodel-realm-role-mapper | |
consentRequired: false | |
config: | |
multivalued: 'true' | |
user.attribute: foo | |
id.token.claim: 'true' | |
access.token.claim: 'true' | |
claim.name: groups | |
jsonType.label: String | |
- id: 2687cb87-1dbf-435c-8ef9-f2fe38127405 | |
name: upn | |
protocol: openid-connect | |
protocolMapper: oidc-usermodel-property-mapper | |
consentRequired: false | |
config: | |
userinfo.token.claim: 'true' | |
user.attribute: username | |
id.token.claim: 'true' | |
access.token.claim: 'true' | |
claim.name: upn | |
jsonType.label: String | |
- id: 97aca0c9-7f14-4783-bb48-681de54f0b31 | |
name: offline_access | |
description: 'OpenID Connect built-in scope: offline_access' | |
protocol: openid-connect | |
attributes: | |
consent.screen.text: "${offlineAccessScopeConsentText}" | |
display.on.consent.screen: 'true' | |
- id: 541f2eae-d481-4d00-be30-89f4f60d169f | |
name: phone | |
description: 'OpenID Connect built-in scope: phone' | |
protocol: openid-connect | |
attributes: | |
include.in.token.scope: 'true' | |
display.on.consent.screen: 'true' | |
consent.screen.text: "${phoneScopeConsentText}" | |
protocolMappers: | |
- id: eda935c3-7294-403c-85bd-fee7216af822 | |
name: phone number | |
protocol: openid-connect | |
protocolMapper: oidc-usermodel-attribute-mapper | |
consentRequired: false | |
config: | |
userinfo.token.claim: 'true' | |
user.attribute: phoneNumber | |
id.token.claim: 'true' | |
access.token.claim: 'true' | |
claim.name: phone_number | |
jsonType.label: String | |
- id: 0b8c0161-5042-4912-a753-c262569ed5bc | |
name: phone number verified | |
protocol: openid-connect | |
protocolMapper: oidc-usermodel-attribute-mapper | |
consentRequired: false | |
config: | |
userinfo.token.claim: 'true' | |
user.attribute: phoneNumberVerified | |
id.token.claim: 'true' | |
access.token.claim: 'true' | |
claim.name: phone_number_verified | |
jsonType.label: boolean | |
- id: d20498e8-4ec8-4496-9d8f-c09131dd5d15 | |
name: profile | |
description: 'OpenID Connect built-in scope: profile' | |
protocol: openid-connect | |
attributes: | |
include.in.token.scope: 'true' | |
display.on.consent.screen: 'true' | |
consent.screen.text: "${profileScopeConsentText}" | |
protocolMappers: | |
- id: 7da35ca7-5c93-4d23-b6b7-761d80c966c8 | |
name: given name | |
protocol: openid-connect | |
protocolMapper: oidc-usermodel-property-mapper | |
consentRequired: false | |
config: | |
userinfo.token.claim: 'true' | |
user.attribute: firstName | |
id.token.claim: 'true' | |
access.token.claim: 'true' | |
claim.name: given_name | |
jsonType.label: String | |
- id: a443a633-7cd2-406d-85f1-6e3d3173eff9 | |
name: profile | |
protocol: openid-connect | |
protocolMapper: oidc-usermodel-attribute-mapper | |
consentRequired: false | |
config: | |
userinfo.token.claim: 'true' | |
user.attribute: profile | |
id.token.claim: 'true' | |
access.token.claim: 'true' | |
claim.name: profile | |
jsonType.label: String | |
- id: d04d2dd6-04fc-4230-90eb-7074056cfdee | |
name: family name | |
protocol: openid-connect | |
protocolMapper: oidc-usermodel-property-mapper | |
consentRequired: false | |
config: | |
userinfo.token.claim: 'true' | |
user.attribute: lastName | |
id.token.claim: 'true' | |
access.token.claim: 'true' | |
claim.name: family_name | |
jsonType.label: String | |
- id: ef68a07b-ed0a-418b-9c6d-7ecd58946813 | |
name: updated at | |
protocol: openid-connect | |
protocolMapper: oidc-usermodel-attribute-mapper | |
consentRequired: false | |
config: | |
userinfo.token.claim: 'true' | |
user.attribute: updatedAt | |
id.token.claim: 'true' | |
access.token.claim: 'true' | |
claim.name: updated_at | |
jsonType.label: String | |
- id: 144acdba-ee08-4349-b806-a4394bd5f351 | |
name: website | |
protocol: openid-connect | |
protocolMapper: oidc-usermodel-attribute-mapper | |
consentRequired: false | |
config: | |
userinfo.token.claim: 'true' | |
user.attribute: website | |
id.token.claim: 'true' | |
access.token.claim: 'true' | |
claim.name: website | |
jsonType.label: String | |
- id: 4b435d62-1f62-4513-a131-208318731d7b | |
name: gender | |
protocol: openid-connect | |
protocolMapper: oidc-usermodel-attribute-mapper | |
consentRequired: false | |
config: | |
userinfo.token.claim: 'true' | |
user.attribute: gender | |
id.token.claim: 'true' | |
access.token.claim: 'true' | |
claim.name: gender | |
jsonType.label: String | |
- id: 794b162d-460a-4465-b90d-66dabc4b3cce | |
name: middle name | |
protocol: openid-connect | |
protocolMapper: oidc-usermodel-attribute-mapper | |
consentRequired: false | |
config: | |
userinfo.token.claim: 'true' | |
user.attribute: middleName | |
id.token.claim: 'true' | |
access.token.claim: 'true' | |
claim.name: middle_name | |
jsonType.label: String | |
- id: 779b131a-d0cc-420d-90b3-075b19210379 | |
name: picture | |
protocol: openid-connect | |
protocolMapper: oidc-usermodel-attribute-mapper | |
consentRequired: false | |
config: | |
userinfo.token.claim: 'true' | |
user.attribute: picture | |
id.token.claim: 'true' | |
access.token.claim: 'true' | |
claim.name: picture | |
jsonType.label: String | |
- id: 0e0f1e8d-60f9-4435-b753-136d70e56af8 | |
name: username | |
protocol: openid-connect | |
protocolMapper: oidc-usermodel-property-mapper | |
consentRequired: false | |
config: | |
userinfo.token.claim: 'true' | |
user.attribute: username | |
id.token.claim: 'true' | |
access.token.claim: 'true' | |
claim.name: preferred_username | |
jsonType.label: String | |
- id: 8451d26b-904d-4858-9db1-87fe137c1172 | |
name: birthdate | |
protocol: openid-connect | |
protocolMapper: oidc-usermodel-attribute-mapper | |
consentRequired: false | |
config: | |
userinfo.token.claim: 'true' | |
user.attribute: birthdate | |
id.token.claim: 'true' | |
access.token.claim: 'true' | |
claim.name: birthdate | |
jsonType.label: String | |
- id: 011fe224-355f-4e3c-a3d4-6a325eec561d | |
name: nickname | |
protocol: openid-connect | |
protocolMapper: oidc-usermodel-attribute-mapper | |
consentRequired: false | |
config: | |
userinfo.token.claim: 'true' | |
user.attribute: nickname | |
id.token.claim: 'true' | |
access.token.claim: 'true' | |
claim.name: nickname | |
jsonType.label: String | |
- id: 06f656a1-67f1-4c53-92df-9e5823853191 | |
name: full name | |
protocol: openid-connect | |
protocolMapper: oidc-full-name-mapper | |
consentRequired: false | |
config: | |
id.token.claim: 'true' | |
access.token.claim: 'true' | |
userinfo.token.claim: 'true' | |
- id: '03293b81-5599-4163-81b8-eb05c3d14ed2' | |
name: zoneinfo | |
protocol: openid-connect | |
protocolMapper: oidc-usermodel-attribute-mapper | |
consentRequired: false | |
config: | |
userinfo.token.claim: 'true' | |
user.attribute: zoneinfo | |
id.token.claim: 'true' | |
access.token.claim: 'true' | |
claim.name: zoneinfo | |
jsonType.label: String | |
- id: d21642b7-8190-4de4-8d0d-09b0e505c02c | |
name: locale | |
protocol: openid-connect | |
protocolMapper: oidc-usermodel-attribute-mapper | |
consentRequired: false | |
config: | |
userinfo.token.claim: 'true' | |
user.attribute: locale | |
id.token.claim: 'true' | |
access.token.claim: 'true' | |
claim.name: locale | |
jsonType.label: String | |
- id: 7eaa8ede-9a92-487a-9444-60a5d7355542 | |
name: role_list | |
description: SAML role list | |
protocol: saml | |
attributes: | |
consent.screen.text: "${samlRoleListScopeConsentText}" | |
display.on.consent.screen: 'true' | |
protocolMappers: | |
- id: e7616dd3-8886-4d47-8645-74e4565d7606 | |
name: role list | |
protocol: saml | |
protocolMapper: saml-role-list-mapper | |
consentRequired: false | |
config: | |
single: 'false' | |
attribute.nameformat: Basic | |
attribute.name: Role | |
- id: 83e275f7-b171-45fa-99c7-7c04f91fbe41 | |
name: roles | |
description: OpenID Connect scope for add user roles to the access token | |
protocol: openid-connect | |
attributes: | |
include.in.token.scope: 'false' | |
display.on.consent.screen: 'true' | |
consent.screen.text: "${rolesScopeConsentText}" | |
protocolMappers: | |
- id: 9eb470cc-8157-46f2-8233-8cae169c6591 | |
name: realm roles | |
protocol: openid-connect | |
protocolMapper: oidc-usermodel-realm-role-mapper | |
consentRequired: false | |
config: | |
multivalued: 'true' | |
user.attribute: foo | |
access.token.claim: 'true' | |
claim.name: realm_access.roles | |
jsonType.label: String | |
- id: eebdefd0-c446-4bf3-b945-08db42f0ea92 | |
name: audience resolve | |
protocol: openid-connect | |
protocolMapper: oidc-audience-resolve-mapper | |
consentRequired: false | |
config: {} | |
- id: 37c62d93-c670-487c-8c3a-a6329a9924b0 | |
name: client roles | |
protocol: openid-connect | |
protocolMapper: oidc-usermodel-client-role-mapper | |
consentRequired: false | |
config: | |
multivalued: 'true' | |
user.attribute: foo | |
access.token.claim: 'true' | |
claim.name: resource_access.${client_id}.roles | |
jsonType.label: String | |
- id: 58e57c6f-18bf-4347-9ab0-b8325ef522e0 | |
name: web-origins | |
description: OpenID Connect scope for add allowed web origins to the access token | |
protocol: openid-connect | |
attributes: | |
include.in.token.scope: 'false' | |
display.on.consent.screen: 'false' | |
consent.screen.text: '' | |
protocolMappers: | |
- id: 5a4a2c20-fef2-40b5-9406-136475442b47 | |
name: allowed web origins | |
protocol: openid-connect | |
protocolMapper: oidc-allowed-origins-mapper | |
consentRequired: false | |
config: {} | |
defaultDefaultClientScopes: | |
- web-origins | |
- role_list | |
- roles | |
- profile | |
defaultOptionalClientScopes: | |
- address | |
- phone | |
- microprofile-jwt | |
- offline_access | |
browserSecurityHeaders: | |
contentSecurityPolicyReportOnly: '' | |
xContentTypeOptions: nosniff | |
xRobotsTag: none | |
xFrameOptions: SAMEORIGIN | |
contentSecurityPolicy: frame-src 'self'; frame-ancestors 'self'; object-src 'none'; | |
xXSSProtection: 1; mode=block | |
strictTransportSecurity: max-age=31536000; includeSubDomains | |
smtpServer: {} | |
eventsEnabled: false | |
eventsListeners: | |
- jboss-logging | |
enabledEventTypes: [] | |
adminEventsEnabled: false | |
adminEventsDetailsEnabled: false | |
components: | |
org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy: | |
- id: 9b4e5b69-1d07-489b-b8a5-07329c957141 | |
name: Trusted Hosts | |
providerId: trusted-hosts | |
subType: anonymous | |
subComponents: {} | |
config: | |
host-sending-registration-request-must-match: | |
- 'true' | |
client-uris-must-match: | |
- 'true' | |
- id: e2f513d3-44e3-435c-8b2a-68a5d384fd97 | |
name: Full Scope Disabled | |
providerId: scope | |
subType: anonymous | |
subComponents: {} | |
config: {} | |
- id: 7ebad719-3c5e-4880-a9f1-3242dd9dbe24 | |
name: Consent Required | |
providerId: consent-required | |
subType: anonymous | |
subComponents: {} | |
config: {} | |
- id: 8fe9bd3a-a11c-4c97-948e-90ba7fbe008f | |
name: Allowed Protocol Mapper Types | |
providerId: allowed-protocol-mappers | |
subType: authenticated | |
subComponents: {} | |
config: | |
allowed-protocol-mapper-types: | |
- oidc-usermodel-attribute-mapper | |
- oidc-usermodel-property-mapper | |
- oidc-full-name-mapper | |
- oidc-sha256-pairwise-sub-mapper | |
- oidc-address-mapper | |
- saml-role-list-mapper | |
- saml-user-property-mapper | |
- saml-user-attribute-mapper | |
- id: e9b76eee-365f-4b5f-80cb-316eb07b36fa | |
name: Max Clients Limit | |
providerId: max-clients | |
subType: anonymous | |
subComponents: {} | |
config: | |
max-clients: | |
- '200' | |
- id: 8ed9d103-7a79-47b4-9426-9e4a84340d22 | |
name: Allowed Client Scopes | |
providerId: allowed-client-templates | |
subType: authenticated | |
subComponents: {} | |
config: | |
allow-default-scopes: | |
- 'true' | |
- id: 43a5aac2-b395-4935-94cb-12f4d9b4eb05 | |
name: Allowed Protocol Mapper Types | |
providerId: allowed-protocol-mappers | |
subType: anonymous | |
subComponents: {} | |
config: | |
allowed-protocol-mapper-types: | |
- saml-user-attribute-mapper | |
- oidc-usermodel-attribute-mapper | |
- oidc-address-mapper | |
- saml-user-property-mapper | |
- oidc-sha256-pairwise-sub-mapper | |
- saml-role-list-mapper | |
- oidc-full-name-mapper | |
- oidc-usermodel-property-mapper | |
- id: a07e90f1-5662-4344-8529-f284c361a25e | |
name: Allowed Client Scopes | |
providerId: allowed-client-templates | |
subType: anonymous | |
subComponents: {} | |
config: | |
allow-default-scopes: | |
- 'true' | |
org.keycloak.keys.KeyProvider: | |
- id: 4008d665-26c4-4056-a028-232bc0636029 | |
name: aes-generated | |
providerId: aes-generated | |
subComponents: {} | |
config: | |
kid: | |
- b04473d3-8395-4016-b455-19a9e951106b | |
secret: | |
- x68mMOVdz3qKWzltzReV0g | |
priority: | |
- '100' | |
- id: 066f8625-06ba-4463-995f-93a058d2d800 | |
name: rsa-generated | |
providerId: rsa-generated | |
subComponents: {} | |
config: | |
privateKey: | |
- MIIEowIBAAKCAQEAn5T13suF8mlS+pJXp0U1bto41nW55wpcs+Rps8ZVCRyJKWqzwSCYnI7lm0rB2wBpAAO4OPoj1zlmVoFmBPsDU9Xf7rjsJb5LIzIQDCZY44aSDZt6RR+gakPiQvlzHyW/RozYpngDJF7TsTD7rdRF1xQ4RprfBF8fwK/xsU7pxbeom5xDHZhz3fiw8s+7UdbmnazDHfAjU58aUrLGgVRfUsuoHjtsptYlOIXEifaeMetXZE+HhqLYRHQPDap5fbBJl773Trosn7N9nmzN4x1xxGj9So21WC5UboQs9sAIVgizc4omjZ5Y4RN9HLH7G4YwJctNntzmnJhDui9zAO+zSQIDAQABAoIBADi+F7rTtVoft0Cfnok8o6Y58/HVxHdxiMryUd95iy0FN4RBi48FTx6D9QKFz25Ws/8sU2n3D51srIXf1u24b1N0/f39RQKaqk7mcyxOylaEuBQcj5pah4ihgKd92UBfBKdKV5LBo6RgD3e2yhbiHr8+UlBQqzH7vOef6Bm6zIbfmi3N88swAJhP0YizRZFklsbmLsK6nkwyro00CHJvPVKSBbM+ad+/zIBsLw56MvNngB5TuFguUgoljd6M1T2z4utmZGlTUqrfE1onAVLJZoGnRohyIr7dJEg6YxWR70PxsgmkDKyeRvet9P1trO0n+OSprusfrC3cHJStabap1V0CgYEA1A/CtsqTnjdYYsB19eumZgdpzUgNc/YEAzZ/OWb8yTLoB2ncci+63A1rXHUXAqJFY7vtjn5mxv7SuASNbUrzq+6KfZvC1x9XEtnczqT/ypunNfxmIZuj8Nuu6vtURguZ8kPPwdkI8toTizRFeRE5ZDBvoQryiEVYugfHaHT5vzsCgYEAwKWODwquI0Lv9BuwdNVrBXQpkKh3ZfYOA7i9xvhxlM7xUu8OMCwwCPn3r7vrW5APjTqX4h330mJ44SLEs+7gbCUs4BbJBLA6g0ChlHa9PTkxp6tk2nDF/B34fxiZSRkE85L+d+at0Dc3hnlzLCJCzJawGpoPniPU9e4w0p4dN0sCgYAsGnMGjS8SUrRhJWHjGXVr9tK8TOXvXhULjgP7rj2Yoqu7Dvs4DFEyft/7RKbad2EzEtyfLA64CDtO5jN7rYDsGxpWcVSeZPg5BXJ0z8AbJTArfCjJiJMZ/rZsTIUEZFlKF2xYBolj6JLz+pUQTtK+0YwF1D8ItFN1rTR9twZSDQKBgQC6sPXNX+VH6LuPTjIf1x8CxwLs3EXxOpV0R9kp9GRl+HJnk6GlT30xhcThufQo5KAdllXQXIhoiuNoEoCbevhj9Vbax1oBQCNERSMRNEzKAx46xd9TzYwgeo7x5E3QR/3DaoVOfu+cY5ZcrF/PulgP2kxJS1mtQD5GIpGP2oinpwKBgGqiqTFPqRcelx76vBvTU+Jp1zM62T4AotbMrSQR/oUvqHe5Ytj/SbZx+wbbHAiyGgV700Mosyviik83YEAbR3kdOPjgYvAJJW2Y3jEMdQ7MwriXz8XLh5BGmYfVjkSOJXed9ua9WlYLKOJeXXv191BbDvrx5NXuJyVVU4vJx3YZ | |
certificate: | |
- MIICnTCCAYUCBgFp4EYIrjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdwcm90ZWFuMB4XDTE5MDQwMjIyNTYxOVoXDTI5MDQwMjIyNTc1OVowEjEQMA4GA1UEAwwHcHJvdGVhbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ+U9d7LhfJpUvqSV6dFNW7aONZ1uecKXLPkabPGVQkciSlqs8EgmJyO5ZtKwdsAaQADuDj6I9c5ZlaBZgT7A1PV3+647CW+SyMyEAwmWOOGkg2bekUfoGpD4kL5cx8lv0aM2KZ4AyRe07Ew+63URdcUOEaa3wRfH8Cv8bFO6cW3qJucQx2Yc934sPLPu1HW5p2swx3wI1OfGlKyxoFUX1LLqB47bKbWJTiFxIn2njHrV2RPh4ai2ER0Dw2qeX2wSZe+9066LJ+zfZ5szeMdccRo/UqNtVguVG6ELPbACFYIs3OKJo2eWOETfRyx+xuGMCXLTZ7c5pyYQ7ovcwDvs0kCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAVtmRKDb4OK5iSA46tagMBkp6L7WuPpCWuHGWwobEP+BecYsShW7zP3s12oA8SNSwbhvu0CRqgzxhuypgf3hKQFVU153Erv4hzkj+8S0s5LR/ZE7tDNY2lzJ3yQKXy3Md7EkuzzvOZ50MTrcSKAanWq/ZW1OTnrtGymj5zGJnTg7mMnJzEIGePxkvPu/QdchiPBLqxfZYm1jsFGY25djOC3N/KmVcRVmPRGuu6D8tBFHlKoPfZYPdbMvsvs24aupHKRcZ+ofTCpK+2Qo8c0pSSqeEYHGmuGqC6lC6ozxtxSABPO9Q1R1tZBU7Kg5HvXUwwmoVS3EGub46YbHqbmWMLg== | |
priority: | |
- '100' | |
- id: 19c225cc-b499-48b1-aed6-3e1dd5bcf04c | |
name: hmac-generated | |
providerId: hmac-generated | |
subComponents: {} | |
config: | |
kid: | |
- 96afd00e-85cf-4d35-b18e-061d3813d8b2 | |
secret: | |
- qBFGKdUGf6xDgKphnRfoFzIzaFHJW4bYnZ9MinPFzN38X5_ctq-2u1q5RdZzeJukXvk2biHB8_s3DxWmmLZFsA | |
priority: | |
- '100' | |
algorithm: | |
- HS256 | |
internationalizationEnabled: false | |
supportedLocales: [] | |
authenticationFlows: | |
- id: 55f3ddc5-0f36-496d-817f-3aa8f426ee45 | |
alias: Account verification options | |
description: Method with which to verity the existing account | |
providerId: basic-flow | |
topLevel: false | |
builtIn: true | |
authenticationExecutions: | |
- authenticator: idp-email-verification | |
requirement: ALTERNATIVE | |
priority: 10 | |
userSetupAllowed: false | |
autheticatorFlow: false | |
- requirement: ALTERNATIVE | |
priority: 20 | |
flowAlias: Verify Existing Account by Re-authentication | |
userSetupAllowed: false | |
autheticatorFlow: true | |
- id: fc632231-21d0-44d5-a730-f6e8e0e2cebc | |
alias: Authentication Options | |
description: Authentication options. | |
providerId: basic-flow | |
topLevel: false | |
builtIn: true | |
authenticationExecutions: | |
- authenticator: basic-auth | |
requirement: REQUIRED | |
priority: 10 | |
userSetupAllowed: false | |
autheticatorFlow: false | |
- authenticator: basic-auth-otp | |
requirement: DISABLED | |
priority: 20 | |
userSetupAllowed: false | |
autheticatorFlow: false | |
- authenticator: auth-spnego | |
requirement: DISABLED | |
priority: 30 | |
userSetupAllowed: false | |
autheticatorFlow: false | |
- id: 2d0ccc2f-888c-495f-91ae-dfffba572d33 | |
alias: Browser - Conditional OTP | |
description: Flow to determine if the OTP is required for the authentication | |
providerId: basic-flow | |
topLevel: false | |
builtIn: true | |
authenticationExecutions: | |
- authenticator: conditional-user-configured | |
requirement: REQUIRED | |
priority: 10 | |
userSetupAllowed: false | |
autheticatorFlow: false | |
- authenticator: auth-otp-form | |
requirement: REQUIRED | |
priority: 20 | |
userSetupAllowed: false | |
autheticatorFlow: false | |
- id: b7ff5812-2bc2-4f8f-9913-bd3b97a08618 | |
alias: Direct Grant - Conditional OTP | |
description: Flow to determine if the OTP is required for the authentication | |
providerId: basic-flow | |
topLevel: false | |
builtIn: true | |
authenticationExecutions: | |
- authenticator: conditional-user-configured | |
requirement: REQUIRED | |
priority: 10 | |
userSetupAllowed: false | |
autheticatorFlow: false | |
- authenticator: direct-grant-validate-otp | |
requirement: REQUIRED | |
priority: 20 | |
userSetupAllowed: false | |
autheticatorFlow: false | |
- id: ddbfb446-21d8-44c2-a207-7f83d760e94f | |
alias: First broker login - Conditional OTP | |
description: Flow to determine if the OTP is required for the authentication | |
providerId: basic-flow | |
topLevel: false | |
builtIn: true | |
authenticationExecutions: | |
- authenticator: conditional-user-configured | |
requirement: REQUIRED | |
priority: 10 | |
userSetupAllowed: false | |
autheticatorFlow: false | |
- authenticator: auth-otp-form | |
requirement: REQUIRED | |
priority: 20 | |
userSetupAllowed: false | |
autheticatorFlow: false | |
- id: 21dc8a77-3900-46e7-b1e4-40f5bcbd9b8e | |
alias: Handle Existing Account | |
description: Handle what to do if there is existing account with same email/username | |
like authenticated identity provider | |
providerId: basic-flow | |
topLevel: false | |
builtIn: true | |
authenticationExecutions: | |
- authenticator: idp-confirm-link | |
requirement: REQUIRED | |
priority: 10 | |
userSetupAllowed: false | |
autheticatorFlow: false | |
- requirement: REQUIRED | |
priority: 20 | |
flowAlias: Account verification options | |
userSetupAllowed: false | |
autheticatorFlow: true | |
- id: 329ed4e1-d3a8-42aa-a9ff-991a0e8f2851 | |
alias: Reset - Conditional OTP | |
description: Flow to determine if the OTP should be reset or not. Set to REQUIRED | |
to force. | |
providerId: basic-flow | |
topLevel: false | |
builtIn: true | |
authenticationExecutions: | |
- authenticator: conditional-user-configured | |
requirement: REQUIRED | |
priority: 10 | |
userSetupAllowed: false | |
autheticatorFlow: false | |
- authenticator: reset-otp | |
requirement: REQUIRED | |
priority: 20 | |
userSetupAllowed: false | |
autheticatorFlow: false | |
- id: 66b4a633-6ba0-41e2-944f-0b13369c1e78 | |
alias: User creation or linking | |
description: Flow for the existing/non-existing user alternatives | |
providerId: basic-flow | |
topLevel: false | |
builtIn: true | |
authenticationExecutions: | |
- authenticatorConfig: create unique user config | |
authenticator: idp-create-user-if-unique | |
requirement: ALTERNATIVE | |
priority: 10 | |
userSetupAllowed: false | |
autheticatorFlow: false | |
- requirement: ALTERNATIVE | |
priority: 20 | |
flowAlias: Handle Existing Account | |
userSetupAllowed: false | |
autheticatorFlow: true | |
- id: fce169a3-c245-4dc8-a3c5-295bfa7057a4 | |
alias: Verify Existing Account by Re-authentication | |
description: Reauthentication of existing account | |
providerId: basic-flow | |
topLevel: false | |
builtIn: true | |
authenticationExecutions: | |
- authenticator: idp-username-password-form | |
requirement: REQUIRED | |
priority: 10 | |
userSetupAllowed: false | |
autheticatorFlow: false | |
- requirement: CONDITIONAL | |
priority: 20 | |
flowAlias: First broker login - Conditional OTP | |
userSetupAllowed: false | |
autheticatorFlow: true | |
- id: 4c5476fa-9aef-440b-bd14-25bf8cbfcd16 | |
alias: browser | |
description: browser based authentication | |
providerId: basic-flow | |
topLevel: true | |
builtIn: true | |
authenticationExecutions: | |
- authenticator: auth-cookie | |
requirement: ALTERNATIVE | |
priority: 10 | |
userSetupAllowed: false | |
autheticatorFlow: false | |
- authenticator: auth-spnego | |
requirement: DISABLED | |
priority: 20 | |
userSetupAllowed: false | |
autheticatorFlow: false | |
- authenticator: identity-provider-redirector | |
requirement: ALTERNATIVE | |
priority: 25 | |
userSetupAllowed: false | |
autheticatorFlow: false | |
- requirement: ALTERNATIVE | |
priority: 30 | |
flowAlias: forms | |
userSetupAllowed: false | |
autheticatorFlow: true | |
- id: 75d65771-3bfb-4def-a539-656de7d1af58 | |
alias: clients | |
description: Base authentication for clients | |
providerId: client-flow | |
topLevel: true | |
builtIn: true | |
authenticationExecutions: | |
- authenticator: client-secret | |
requirement: ALTERNATIVE | |
priority: 10 | |
userSetupAllowed: false | |
autheticatorFlow: false | |
- authenticator: client-jwt | |
requirement: ALTERNATIVE | |
priority: 20 | |
userSetupAllowed: false | |
autheticatorFlow: false | |
- authenticator: client-secret-jwt | |
requirement: ALTERNATIVE | |
priority: 30 | |
userSetupAllowed: false | |
autheticatorFlow: false | |
- authenticator: client-x509 | |
requirement: ALTERNATIVE | |
priority: 40 | |
userSetupAllowed: false | |
autheticatorFlow: false | |
- id: a6a9036b-192e-461f-91c7-d8117435188d | |
alias: direct grant | |
description: OpenID Connect Resource Owner Grant | |
providerId: basic-flow | |
topLevel: true | |
builtIn: true | |
authenticationExecutions: | |
- authenticator: direct-grant-validate-username | |
requirement: REQUIRED | |
priority: 10 | |
userSetupAllowed: false | |
autheticatorFlow: false | |
- authenticator: direct-grant-validate-password | |
requirement: REQUIRED | |
priority: 20 | |
userSetupAllowed: false | |
autheticatorFlow: false | |
- requirement: CONDITIONAL | |
priority: 30 | |
flowAlias: Direct Grant - Conditional OTP | |
userSetupAllowed: false | |
autheticatorFlow: true | |
- id: f86bdf88-8bee-480b-8e81-67dcd674e46c | |
alias: docker auth | |
description: Used by Docker clients to authenticate against the IDP | |
providerId: basic-flow | |
topLevel: true | |
builtIn: true | |
authenticationExecutions: | |
- authenticator: docker-http-basic-authenticator | |
requirement: REQUIRED | |
priority: 10 | |
userSetupAllowed: false | |
autheticatorFlow: false | |
- id: 6f87019e-c995-4049-b8bf-d08a9c3a13f3 | |
alias: first broker login | |
description: Actions taken after first broker login with identity provider account, | |
which is not yet linked to any Keycloak account | |
providerId: basic-flow | |
topLevel: true | |
builtIn: true | |
authenticationExecutions: | |
- authenticatorConfig: review profile config | |
authenticator: idp-review-profile | |
requirement: REQUIRED | |
priority: 10 | |
userSetupAllowed: false | |
autheticatorFlow: false | |
- requirement: REQUIRED | |
priority: 20 | |
flowAlias: User creation or linking | |
userSetupAllowed: false | |
autheticatorFlow: true | |
- id: fadc7c73-7fae-4c28-ad69-51bb03ba17bf | |
alias: forms | |
description: Username, password, otp and other auth forms. | |
providerId: basic-flow | |
topLevel: false | |
builtIn: true | |
authenticationExecutions: | |
- authenticator: auth-username-password-form | |
requirement: REQUIRED | |
priority: 10 | |
userSetupAllowed: false | |
autheticatorFlow: false | |
- requirement: CONDITIONAL | |
priority: 20 | |
flowAlias: Browser - Conditional OTP | |
userSetupAllowed: false | |
autheticatorFlow: true | |
- id: f961cb3c-c681-4dc7-8151-786a5c50ce08 | |
alias: http challenge | |
description: An authentication flow based on challenge-response HTTP Authentication | |
Schemes | |
providerId: basic-flow | |
topLevel: true | |
builtIn: true | |
authenticationExecutions: | |
- authenticator: no-cookie-redirect | |
requirement: REQUIRED | |
priority: 10 | |
userSetupAllowed: false | |
autheticatorFlow: false | |
- requirement: REQUIRED | |
priority: 20 | |
flowAlias: Authentication Options | |
userSetupAllowed: false | |
autheticatorFlow: true | |
- id: d930f23e-ae58-45b2-9e01-20691200c926 | |
alias: registration | |
description: registration flow | |
providerId: basic-flow | |
topLevel: true | |
builtIn: true | |
authenticationExecutions: | |
- authenticator: registration-page-form | |
requirement: REQUIRED | |
priority: 10 | |
flowAlias: registration form | |
userSetupAllowed: false | |
autheticatorFlow: true | |
- id: 8d62b1dd-6066-454d-bc76-f783d50fecaa | |
alias: registration form | |
description: registration form | |
providerId: form-flow | |
topLevel: false | |
builtIn: true | |
authenticationExecutions: | |
- authenticator: registration-user-creation | |
requirement: REQUIRED | |
priority: 20 | |
userSetupAllowed: false | |
autheticatorFlow: false | |
- authenticator: registration-profile-action | |
requirement: REQUIRED | |
priority: 40 | |
userSetupAllowed: false | |
autheticatorFlow: false | |
- authenticator: registration-password-action | |
requirement: REQUIRED | |
priority: 50 | |
userSetupAllowed: false | |
autheticatorFlow: false | |
- authenticator: registration-recaptcha-action | |
requirement: DISABLED | |
priority: 60 | |
userSetupAllowed: false | |
autheticatorFlow: false | |
- id: f99be349-ce0b-44a4-9f70-73f57cb8c164 | |
alias: reset credentials | |
description: Reset credentials for a user if they forgot their password or something | |
providerId: basic-flow | |
topLevel: true | |
builtIn: true | |
authenticationExecutions: | |
- authenticator: reset-credentials-choose-user | |
requirement: REQUIRED | |
priority: 10 | |
userSetupAllowed: false | |
autheticatorFlow: false | |
- authenticator: reset-credential-email | |
requirement: REQUIRED | |
priority: 20 | |
userSetupAllowed: false | |
autheticatorFlow: false | |
- authenticator: reset-password | |
requirement: REQUIRED | |
priority: 30 | |
userSetupAllowed: false | |
autheticatorFlow: false | |
- requirement: CONDITIONAL | |
priority: 40 | |
flowAlias: Reset - Conditional OTP | |
userSetupAllowed: false | |
autheticatorFlow: true | |
- id: 33ee7503-bd12-4e5a-903c-5ae580f48709 | |
alias: saml ecp | |
description: SAML ECP Profile Authentication Flow | |
providerId: basic-flow | |
topLevel: true | |
builtIn: true | |
authenticationExecutions: | |
- authenticator: http-basic-authenticator | |
requirement: REQUIRED | |
priority: 10 | |
userSetupAllowed: false | |
autheticatorFlow: false | |
authenticatorConfig: | |
- id: 6970ebc8-0b24-414c-8544-3cc48b1a0e4c | |
alias: create unique user config | |
config: | |
require.password.update.after.registration: 'false' | |
- id: d14b76f4-b608-4b13-b51c-b9e162ad784b | |
alias: review profile config | |
config: | |
update.profile.on.first.login: missing | |
requiredActions: | |
- alias: CONFIGURE_TOTP | |
name: Configure OTP | |
providerId: CONFIGURE_TOTP | |
enabled: true | |
defaultAction: false | |
priority: 10 | |
config: {} | |
- alias: terms_and_conditions | |
name: Terms and Conditions | |
providerId: terms_and_conditions | |
enabled: false | |
defaultAction: false | |
priority: 20 | |
config: {} | |
- alias: UPDATE_PASSWORD | |
name: Update Password | |
providerId: UPDATE_PASSWORD | |
enabled: true | |
defaultAction: false | |
priority: 30 | |
config: {} | |
- alias: UPDATE_PROFILE | |
name: Update Profile | |
providerId: UPDATE_PROFILE | |
enabled: true | |
defaultAction: false | |
priority: 40 | |
config: {} | |
- alias: VERIFY_EMAIL | |
name: Verify Email | |
providerId: VERIFY_EMAIL | |
enabled: true | |
defaultAction: false | |
priority: 50 | |
config: {} | |
browserFlow: browser | |
registrationFlow: registration | |
directGrantFlow: direct grant | |
resetCredentialsFlow: reset credentials | |
clientAuthenticationFlow: clients | |
dockerAuthenticationFlow: docker auth | |
attributes: | |
webAuthnPolicyAuthenticatorAttachment: not specified | |
_browser_header.xRobotsTag: none | |
webAuthnPolicyRpEntityName: keycloak | |
failureFactor: '30' | |
actionTokenGeneratedByUserLifespan: '300' | |
maxDeltaTimeSeconds: '43200' | |
webAuthnPolicySignatureAlgorithms: ES256 | |
offlineSessionMaxLifespan: '5184000' | |
_browser_header.contentSecurityPolicyReportOnly: '' | |
bruteForceProtected: 'false' | |
_browser_header.contentSecurityPolicy: frame-src 'self'; frame-ancestors 'self'; | |
object-src 'none'; | |
_browser_header.xXSSProtection: 1; mode=block | |
_browser_header.xFrameOptions: SAMEORIGIN | |
_browser_header.strictTransportSecurity: max-age=31536000; includeSubDomains | |
webAuthnPolicyUserVerificationRequirement: not specified | |
permanentLockout: 'false' | |
quickLoginCheckMilliSeconds: '1000' | |
webAuthnPolicyCreateTimeout: '0' | |
webAuthnPolicyRequireResidentKey: not specified | |
webAuthnPolicyRpId: '' | |
webAuthnPolicyAttestationConveyancePreference: not specified | |
maxFailureWaitSeconds: '900' | |
minimumQuickLoginWaitSeconds: '60' | |
webAuthnPolicyAvoidSameAuthenticatorRegister: 'false' | |
_browser_header.xContentTypeOptions: nosniff | |
actionTokenGeneratedByAdminLifespan: '43200' | |
waitIncrementSeconds: '60' | |
offlineSessionMaxLifespanEnabled: 'false' | |
users: | |
- id: af134cab-f41c-4675-b141-205f975db679 | |
username: admin | |
enabled: true | |
totp: false | |
emailVerified: false | |
credentials: | |
- type: password | |
hashedSaltedValue: NICTtwsvSxJ5hL8hLAuleDUv9jwZcuXgxviMXvR++cciyPtiIEStEaJUyfA9DOir59awjPrHOumsclPVjNBplA== | |
salt: T/2P5o5oxFJUEk68BRURRg== | |
hashIterations: 27500 | |
counter: 0 | |
algorithm: pbkdf2-sha256 | |
digits: 0 | |
period: 0 | |
createdDate: 1554245879354 | |
config: {} | |
disableableCredentialTypes: | |
- password | |
requiredActions: [] | |
realmRoles: | |
- admin | |
- user | |
notBefore: 0 | |
groups: [] | |
- id: eb4123a3-b722-4798-9af5-8957f823657a | |
username: alice | |
enabled: true | |
totp: false | |
emailVerified: false | |
credentials: | |
- type: password | |
hashedSaltedValue: A3okqV2T/ybXTVEgKfosoSjP8Yc9IZbFP/SY4cEd6hag7TABQrQ6nUSuwagGt96l8cw1DTijO75PqX6uiTXMzw== | |
salt: sl4mXx6T9FypPH/s9TngfQ== | |
hashIterations: 27500 | |
counter: 0 | |
algorithm: pbkdf2-sha256 | |
digits: 0 | |
period: 0 | |
createdDate: 1554245879116 | |
config: {} | |
disableableCredentialTypes: | |
- password | |
requiredActions: [] | |
realmRoles: | |
- user | |
notBefore: 0 | |
groups: [] | |
- id: 1eed6a8e-a853-4597-b4c6-c4c2533546a0 | |
username: jdoe | |
enabled: true | |
totp: false | |
emailVerified: false | |
credentials: | |
- type: password | |
hashedSaltedValue: JV3DUNLjqOadjbBOtC4rvacQI553CGaDGAzBS8MR5ReCr7SwF3E6CsW3T7/XO8ITZAsch8+A/6loeuCoVLLJrg== | |
salt: uCbOH7HZtyDtMd0E9DG/nw== | |
hashIterations: 27500 | |
counter: 0 | |
algorithm: pbkdf2-sha256 | |
digits: 0 | |
period: 0 | |
createdDate: 1554245879227 | |
config: {} | |
disableableCredentialTypes: | |
- password | |
requiredActions: [] | |
realmRoles: | |
- confidential | |
- user | |
notBefore: 0 | |
groups: [] | |
- id: 948c59ec-46ed-4d99-aa43-02900029b930 | |
createdTimestamp: 1554245880023 | |
username: service-account-backend-service | |
enabled: true | |
totp: false | |
emailVerified: false | |
email: service-account-backend-service@placeholder.org | |
serviceAccountClientId: backend-service | |
credentials: [] | |
disableableCredentialTypes: [] | |
requiredActions: [] | |
realmRoles: | |
- offline_access | |
clientRoles: | |
backend-service: | |
- uma_protection | |
account: | |
- view-profile | |
- manage-account | |
notBefore: 0 | |
groups: [] | |
keycloakVersion: 8.0.1 | |
userManagedAccessAllowed: false |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment