{ "id": "2407b355-daf8-46ca-bc9d-01d3a1295c2a", "realm": "nine", "notBefore": 0, "defaultSignatureAlgorithm": "RS256", "revokeRefreshToken": false, "refreshTokenMaxReuse": 0, "accessTokenLifespan": 300, "accessTokenLifespanForImplicitFlow": 900, "ssoSessionIdleTimeout": 1800, "ssoSessionMaxLifespan": 36000, "ssoSessionIdleTimeoutRememberMe": 0, "ssoSessionMaxLifespanRememberMe": 0, "offlineSessionIdleTimeout": 2592000, "offlineSessionMaxLifespanEnabled": false, "offlineSessionMaxLifespan": 5184000, "clientSessionIdleTimeout": 0, "clientSessionMaxLifespan": 0, "clientOfflineSessionIdleTimeout": 0, "clientOfflineSessionMaxLifespan": 0, "accessCodeLifespan": 60, "accessCodeLifespanUserAction": 300, "accessCodeLifespanLogin": 1800, "actionTokenGeneratedByAdminLifespan": 43200, "actionTokenGeneratedByUserLifespan": 300, "oauth2DeviceCodeLifespan": 600, "oauth2DevicePollingInterval": 5, "enabled": true, "sslRequired": "external", "registrationAllowed": false, "registrationEmailAsUsername": false, "rememberMe": false, "verifyEmail": false, "loginWithEmailAllowed": true, "duplicateEmailsAllowed": false, "resetPasswordAllowed": false, "editUsernameAllowed": false, "bruteForceProtected": false, "permanentLockout": false, "maxTemporaryLockouts": 0, "maxFailureWaitSeconds": 900, "minimumQuickLoginWaitSeconds": 60, "waitIncrementSeconds": 60, "quickLoginCheckMilliSeconds": 1000, "maxDeltaTimeSeconds": 43200, "failureFactor": 30, "defaultRole": { "id": "6cb908f8-9537-432f-bc7c-fe6c7442b2a9", "name": "default-roles-nine", "description": "${role_default-roles}", "composite": true, "clientRole": false, "containerId": "2407b355-daf8-46ca-bc9d-01d3a1295c2a" }, "requiredCredentials": [ "password" ], "otpPolicyType": "totp", "otpPolicyAlgorithm": "HmacSHA1", "otpPolicyInitialCounter": 0, "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, "otpPolicyCodeReusable": false, "otpSupportedApplications": [ "totpAppFreeOTPName", "totpAppGoogleName", "totpAppMicrosoftAuthenticatorName" ], "localizationTexts": {}, "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ "ES256" ], "webAuthnPolicyRpId": "", "webAuthnPolicyAttestationConveyancePreference": "not specified", "webAuthnPolicyAuthenticatorAttachment": "not specified", "webAuthnPolicyRequireResidentKey": "not specified", "webAuthnPolicyUserVerificationRequirement": "not specified", "webAuthnPolicyCreateTimeout": 0, "webAuthnPolicyAvoidSameAuthenticatorRegister": false, "webAuthnPolicyAcceptableAaguids": [], "webAuthnPolicyExtraOrigins": [], "webAuthnPolicyPasswordlessRpEntityName": "keycloak", "webAuthnPolicyPasswordlessSignatureAlgorithms": [ "ES256" ], "webAuthnPolicyPasswordlessRpId": "", "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", "webAuthnPolicyPasswordlessCreateTimeout": 0, "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, "webAuthnPolicyPasswordlessAcceptableAaguids": [], "webAuthnPolicyPasswordlessExtraOrigins": [], "scopeMappings": [ { "clientScope": "offline_access", "roles": [ "offline_access" ] } ], "clientScopeMappings": { "account": [ { "client": "account-console", "roles": [ "manage-account", "view-groups" ] } ] }, "clients": [ { "id": "3bfae8ab-c16e-4d3f-b2c7-843f364249ec", "clientId": "account", "name": "${client_account}", "rootUrl": "${authBaseUrl}", "baseUrl": "/realms/nine/account/", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "redirectUris": [ "/realms/nine/account/*" ], "webOrigins": [], "notBefore": 0, "bearerOnly": false, "consentRequired": false, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": false, "serviceAccountsEnabled": false, "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { "post.logout.redirect.uris": "+" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, "protocolMappers": [ { "id": "6658a02c-3838-4424-98cc-33bfed17efc0", "name": "family name", "protocol": "cas", "protocolMapper": "cas-usermodel-property-mapper", "consentRequired": false, "config": { "user.attribute": "lastName", "claim.name": "sn", "jsonType.label": "String" } }, { "id": "4eaee96f-23e5-483f-b03b-7b4c69066dcb", "name": "given name", "protocol": "cas", "protocolMapper": "cas-usermodel-property-mapper", "consentRequired": false, "config": { "user.attribute": "firstName", "claim.name": "givenName", "jsonType.label": "String" } }, { "id": "6d3dc826-5cc1-45ed-84b4-db132f7c6276", "name": "email", "protocol": "cas", "protocolMapper": "cas-usermodel-property-mapper", "consentRequired": false, "config": { "user.attribute": "email", "claim.name": "mail", "jsonType.label": "String" } }, { "id": "ccce853f-cee5-4f59-8f3b-6ecc06058759", "name": "full name", "protocol": "cas", "protocolMapper": "cas-full-name-mapper", "consentRequired": false, "config": { "claim.name": "cn", "jsonType.label": "String" } } ], "defaultClientScopes": [ "web-origins", "acr", "roles", "profile", "email" ], "optionalClientScopes": [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { "id": "7a2c1b44-9f42-4cd5-831e-a1c54a0383a1", "clientId": "account-console", "name": "${client_account-console}", "rootUrl": "${authBaseUrl}", "baseUrl": "/realms/nine/account/", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "redirectUris": [ "/realms/nine/account/*" ], "webOrigins": [], "notBefore": 0, "bearerOnly": false, "consentRequired": false, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": false, "serviceAccountsEnabled": false, "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, "protocolMappers": [ { "id": "6701d95e-fb96-4f05-91b7-1eb1558f7307", "name": "email", "protocol": "cas", "protocolMapper": "cas-usermodel-property-mapper", "consentRequired": false, "config": { "user.attribute": "email", "claim.name": "mail", "jsonType.label": "String" } }, { "id": "b8a0eb0e-2eff-4f87-bdad-b8f1c34b488d", "name": "family name", "protocol": "cas", "protocolMapper": "cas-usermodel-property-mapper", "consentRequired": false, "config": { "user.attribute": "lastName", "claim.name": "sn", "jsonType.label": "String" } }, { "id": "5ad3808e-65ce-41e9-8d20-2748ce71d842", "name": "full name", "protocol": "cas", "protocolMapper": "cas-full-name-mapper", "consentRequired": false, "config": { "claim.name": "cn", "jsonType.label": "String" } }, { "id": "491f034b-eeaf-4977-a602-692042506f78", "name": "audience resolve", "protocol": "openid-connect", "protocolMapper": "oidc-audience-resolve-mapper", "consentRequired": false, "config": {} }, { "id": "06083be1-2f2c-4d64-95ff-0203d115bc48", "name": "given name", "protocol": "cas", "protocolMapper": "cas-usermodel-property-mapper", "consentRequired": false, "config": { "user.attribute": "firstName", "claim.name": "givenName", "jsonType.label": "String" } } ], "defaultClientScopes": [ "web-origins", "acr", "roles", "profile", "email" ], "optionalClientScopes": [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { "id": "b4ce76e7-28d2-41c0-9cc4-46ef8f33c01e", "clientId": "admin-cli", "name": "${client_admin-cli}", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "redirectUris": [], "webOrigins": [], "notBefore": 0, "bearerOnly": false, "consentRequired": false, "standardFlowEnabled": false, "implicitFlowEnabled": false, "directAccessGrantsEnabled": true, "serviceAccountsEnabled": false, "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", "attributes": {}, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, "protocolMappers": [ { "id": "989f0899-4b11-4bf2-8c5f-1255a0d90860", "name": "family name", "protocol": "cas", "protocolMapper": "cas-usermodel-property-mapper", "consentRequired": false, "config": { "user.attribute": "lastName", "claim.name": "sn", "jsonType.label": "String" } }, { "id": "12b6500b-b961-4c4c-babc-ea82af98863e", "name": "given name", "protocol": "cas", "protocolMapper": "cas-usermodel-property-mapper", "consentRequired": false, "config": { "user.attribute": "firstName", "claim.name": "givenName", "jsonType.label": "String" } }, { "id": "817bcf8b-13e9-4442-806f-144c95c2b4a4", "name": "full name", "protocol": "cas", "protocolMapper": "cas-full-name-mapper", "consentRequired": false, "config": { "claim.name": "cn", "jsonType.label": "String" } }, { "id": "0b49b7e8-4990-43f5-8986-33e042bbc1dd", "name": "email", "protocol": "cas", "protocolMapper": "cas-usermodel-property-mapper", "consentRequired": false, "config": { "user.attribute": "email", "claim.name": "mail", "jsonType.label": "String" } } ], "defaultClientScopes": [ "web-origins", "acr", "roles", "profile", "email" ], "optionalClientScopes": [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { "id": "ff7a4eed-e7ec-4a70-aa89-55d0554cefc2", "clientId": "broker", "name": "${client_broker}", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "redirectUris": [], "webOrigins": [], "notBefore": 0, "bearerOnly": true, "consentRequired": false, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": false, "serviceAccountsEnabled": false, "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", "attributes": {}, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, "protocolMappers": [ { "id": "c132d347-b150-4f59-aa8f-3ec41dfa127e", "name": "email", "protocol": "cas", "protocolMapper": "cas-usermodel-property-mapper", "consentRequired": false, "config": { "user.attribute": "email", "claim.name": "mail", "jsonType.label": "String" } }, { "id": "d0fe171d-41d9-4099-8d95-2c357c24a6cd", "name": "full name", "protocol": "cas", "protocolMapper": "cas-full-name-mapper", "consentRequired": false, "config": { "claim.name": "cn", "jsonType.label": "String" } }, { "id": "f8036821-0577-458d-b26e-e29711f7ea07", "name": "given name", "protocol": "cas", "protocolMapper": "cas-usermodel-property-mapper", "consentRequired": false, "config": { "user.attribute": "firstName", "claim.name": "givenName", "jsonType.label": "String" } }, { "id": "13f48c67-24db-4f8b-8124-5d42b199accc", "name": "family name", "protocol": "cas", "protocolMapper": "cas-usermodel-property-mapper", "consentRequired": false, "config": { "user.attribute": "lastName", "claim.name": "sn", "jsonType.label": "String" } } ], "defaultClientScopes": [ "web-origins", "acr", "roles", "profile", "email" ], "optionalClientScopes": [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { "id": "88f3fcab-413e-4256-a2ac-b78f2488a225", "clientId": "nine", "name": "Nine", "description": "", "rootUrl": "http://nine.local", "adminUrl": "http://nine.local", "baseUrl": "http://nine.local", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "redirectUris": [ "http://nine.local/*" ], "webOrigins": [], "notBefore": 0, "bearerOnly": false, "consentRequired": false, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": true, "serviceAccountsEnabled": false, "publicClient": true, "frontchannelLogout": true, "protocol": "cas", "attributes": {}, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": true, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { "id": "3e95b580-6c3e-4c62-8594-0ea398e76b7e", "name": "given name", "protocol": "cas", "protocolMapper": "cas-usermodel-property-mapper", "consentRequired": false, "config": { "user.attribute": "firstName", "claim.name": "givenName", "jsonType.label": "String" } }, { "id": "9b39abe8-0747-42c9-ad10-a51fe0bad0db", "name": "email", "protocol": "cas", "protocolMapper": "cas-usermodel-property-mapper", "consentRequired": false, "config": { "user.attribute": "email", "claim.name": "mail", "jsonType.label": "String" } }, { "id": "85346836-de46-40a3-863d-e4d034bbf7f5", "name": "family name", "protocol": "cas", "protocolMapper": "cas-usermodel-property-mapper", "consentRequired": false, "config": { "user.attribute": "lastName", "claim.name": "sn", "jsonType.label": "String" } }, { "id": "b5e2451e-84cd-4c00-8b19-3397982a303f", "name": "full name", "protocol": "cas", "protocolMapper": "cas-full-name-mapper", "consentRequired": false, "config": { "claim.name": "cn", "jsonType.label": "String" } } ], "defaultClientScopes": [], "optionalClientScopes": [] }, { "id": "7d99e3fa-da2f-45af-8b05-0a39220555ff", "clientId": "realm-management", "name": "${client_realm-management}", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "redirectUris": [], "webOrigins": [], "notBefore": 0, "bearerOnly": true, "consentRequired": false, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": false, "serviceAccountsEnabled": false, "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", "attributes": {}, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, "protocolMappers": [ { "id": "ca6197e9-624f-409b-bd7b-221a0cad32d7", "name": "given name", "protocol": "cas", "protocolMapper": "cas-usermodel-property-mapper", "consentRequired": false, "config": { "user.attribute": "firstName", "claim.name": "givenName", "jsonType.label": "String" } }, { "id": "cb37aa49-6b95-4593-b021-f5e0e6f07ac6", "name": "family name", "protocol": "cas", "protocolMapper": "cas-usermodel-property-mapper", "consentRequired": false, "config": { "user.attribute": "lastName", "claim.name": "sn", "jsonType.label": "String" } }, { "id": "4dbe8a0e-4ab5-453e-a304-8a1f7c97a2b9", "name": "email", "protocol": "cas", "protocolMapper": "cas-usermodel-property-mapper", "consentRequired": false, "config": { "user.attribute": "email", "claim.name": "mail", "jsonType.label": "String" } }, { "id": "9fc1e55e-075c-4414-9a6b-4e53d5d28344", "name": "full name", "protocol": "cas", "protocolMapper": "cas-full-name-mapper", "consentRequired": false, "config": { "claim.name": "cn", "jsonType.label": "String" } } ], "defaultClientScopes": [ "web-origins", "acr", "roles", "profile", "email" ], "optionalClientScopes": [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { "id": "282838e8-ecd4-4a42-8734-2c0e2233e8ff", "clientId": "security-admin-console", "name": "${client_security-admin-console}", "rootUrl": "${authAdminUrl}", "baseUrl": "/admin/nine/console/", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "redirectUris": [ "/admin/nine/console/*" ], "webOrigins": [ "+" ], "notBefore": 0, "bearerOnly": false, "consentRequired": false, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": false, "serviceAccountsEnabled": false, "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, "protocolMappers": [ { "id": "ade4d6a5-ce0c-49c9-841c-3898ab933aa4", "name": "locale", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "locale", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "locale", "jsonType.label": "String" } }, { "id": "28a3eeb1-54fa-4157-a56a-7a69817d8a9d", "name": "given name", "protocol": "cas", "protocolMapper": "cas-usermodel-property-mapper", "consentRequired": false, "config": { "user.attribute": "firstName", "claim.name": "givenName", "jsonType.label": "String" } }, { "id": "355343c0-2e5c-4654-ae78-22ca069624f3", "name": "full name", "protocol": "cas", "protocolMapper": "cas-full-name-mapper", "consentRequired": false, "config": { "claim.name": "cn", "jsonType.label": "String" } }, { "id": "e420940d-90fb-4549-9d13-1480d1bee174", "name": "family name", "protocol": "cas", "protocolMapper": "cas-usermodel-property-mapper", "consentRequired": false, "config": { "user.attribute": "lastName", "claim.name": "sn", "jsonType.label": "String" } }, { "id": "fce97a94-3023-494b-931e-ccf85c6aa319", "name": "email", "protocol": "cas", "protocolMapper": "cas-usermodel-property-mapper", "consentRequired": false, "config": { "user.attribute": "email", "claim.name": "mail", "jsonType.label": "String" } } ], "defaultClientScopes": [ "web-origins", "acr", "roles", "profile", "email" ], "optionalClientScopes": [ "address", "phone", "offline_access", "microprofile-jwt" ] } ], "clientScopes": [ { "id": "a56ada84-cd21-49b5-97dd-254d3cb1db69", "name": "address", "description": "OpenID Connect built-in scope: address", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "true", "display.on.consent.screen": "true", "consent.screen.text": "${addressScopeConsentText}" }, "protocolMappers": [ { "id": "e82deda4-9018-4d61-9837-41d886489d9d", "name": "address", "protocol": "openid-connect", "protocolMapper": "oidc-address-mapper", "consentRequired": false, "config": { "user.attribute.formatted": "formatted", "user.attribute.country": "country", "introspection.token.claim": "true", "user.attribute.postal_code": "postal_code", "userinfo.token.claim": "true", "user.attribute.street": "street", "id.token.claim": "true", "user.attribute.region": "region", "access.token.claim": "true", "user.attribute.locality": "locality" } } ] }, { "id": "eae40040-0b60-4611-933f-eff0b19bb49d", "name": "roles", "description": "OpenID Connect scope for add user roles to the access token", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "false", "display.on.consent.screen": "true", "consent.screen.text": "${rolesScopeConsentText}" }, "protocolMappers": [ { "id": "caa781b9-7589-4c64-a4ea-8850b60f86df", "name": "audience resolve", "protocol": "openid-connect", "protocolMapper": "oidc-audience-resolve-mapper", "consentRequired": false, "config": { "access.token.claim": "true", "introspection.token.claim": "true" } }, { "id": "03b6f8e1-22c8-4761-8a8a-d7a47176dd30", "name": "realm roles", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-realm-role-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "multivalued": "true", "user.attribute": "foo", "access.token.claim": "true", "claim.name": "realm_access.roles", "jsonType.label": "String" } }, { "id": "ef72db0f-8062-408a-ad0f-122963c9eaff", "name": "client roles", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-client-role-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "multivalued": "true", "user.attribute": "foo", "access.token.claim": "true", "claim.name": "resource_access.${client_id}.roles", "jsonType.label": "String" } } ] }, { "id": "0a9c9e0f-de25-41c0-b578-038919e121bd", "name": "email", "description": "OpenID Connect built-in scope: email", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "true", "display.on.consent.screen": "true", "consent.screen.text": "${emailScopeConsentText}" }, "protocolMappers": [ { "id": "fb1700ad-1780-4c19-91a7-b21f1b1a1fd8", "name": "email verified", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "emailVerified", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "email_verified", "jsonType.label": "boolean" } }, { "id": "bc18e105-841f-41ed-9cd8-e10e369d9788", "name": "email", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "email", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "email", "jsonType.label": "String" } } ] }, { "id": "158a9c02-d13d-47e1-a415-298893979dff", "name": "microprofile-jwt", "description": "Microprofile - JWT built-in scope", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "true", "display.on.consent.screen": "false" }, "protocolMappers": [ { "id": "990e4a13-91a6-40d5-a100-3650d27fe595", "name": "groups", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-realm-role-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "multivalued": "true", "user.attribute": "foo", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "groups", "jsonType.label": "String" } }, { "id": "0c92d0af-6e2f-407e-9ce3-f5af9b655898", "name": "upn", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "username", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "upn", "jsonType.label": "String" } } ] }, { "id": "720f0cbd-d3ec-48c2-ac5f-7b4a49ed2d52", "name": "role_list", "description": "SAML role list", "protocol": "saml", "attributes": { "consent.screen.text": "${samlRoleListScopeConsentText}", "display.on.consent.screen": "true" }, "protocolMappers": [ { "id": "512f7f7c-6bb9-4b95-b43d-d12e3730ed5f", "name": "role list", "protocol": "saml", "protocolMapper": "saml-role-list-mapper", "consentRequired": false, "config": { "single": "false", "attribute.nameformat": "Basic", "attribute.name": "Role" } } ] }, { "id": "0af35491-1345-46b7-9195-ea295e444e43", "name": "phone", "description": "OpenID Connect built-in scope: phone", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "true", "display.on.consent.screen": "true", "consent.screen.text": "${phoneScopeConsentText}" }, "protocolMappers": [ { "id": "1c535cc4-a6c6-46f7-b961-9bfc4817f278", "name": "phone number verified", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "phoneNumberVerified", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "phone_number_verified", "jsonType.label": "boolean" } }, { "id": "22f5d8af-ca6f-4dbf-9971-6d5cbdf23ea8", "name": "phone number", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "phoneNumber", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "phone_number", "jsonType.label": "String" } } ] }, { "id": "86d78f52-dc07-4b24-ae97-a5a948da9fff", "name": "web-origins", "description": "OpenID Connect scope for add allowed web origins to the access token", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "false", "display.on.consent.screen": "false", "consent.screen.text": "" }, "protocolMappers": [ { "id": "0307a122-1a8d-445c-9583-a3a298a67260", "name": "allowed web origins", "protocol": "openid-connect", "protocolMapper": "oidc-allowed-origins-mapper", "consentRequired": false, "config": { "access.token.claim": "true", "introspection.token.claim": "true" } } ] }, { "id": "ab7945e9-8cf8-4408-9850-53480db1d134", "name": "acr", "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "false", "display.on.consent.screen": "false" }, "protocolMappers": [ { "id": "c0b51de0-c048-4ce0-8cbe-77a7465b4957", "name": "acr loa level", "protocol": "openid-connect", "protocolMapper": "oidc-acr-mapper", "consentRequired": false, "config": { "id.token.claim": "true", "access.token.claim": "true", "introspection.token.claim": "true" } } ] }, { "id": "4777e333-60ef-4bf0-82c6-7f62e48e8675", "name": "profile", "description": "OpenID Connect built-in scope: profile", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "true", "display.on.consent.screen": "true", "consent.screen.text": "${profileScopeConsentText}" }, "protocolMappers": [ { "id": "77ee0eef-5b5e-439c-9414-3172a303a2c2", "name": "profile", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "profile", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "profile", "jsonType.label": "String" } }, { "id": "e46a244a-ee9e-4136-8c0a-35543e8de5c0", "name": "full name", "protocol": "openid-connect", "protocolMapper": "oidc-full-name-mapper", "consentRequired": false, "config": { "id.token.claim": "true", "access.token.claim": "true", "introspection.token.claim": "true", "userinfo.token.claim": "true" } }, { "id": "b07ac049-1eae-440b-a25e-a416412baf84", "name": "picture", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "picture", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "picture", "jsonType.label": "String" } }, { "id": "7780807b-e178-4c7a-92a1-830be878019f", "name": "middle name", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "middleName", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "middle_name", "jsonType.label": "String" } }, { "id": "8d596d47-4323-4ae3-badd-1e0088d2690c", "name": "given name", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "firstName", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "given_name", "jsonType.label": "String" } }, { "id": "d5516484-9a88-4f23-8790-3e9a620c1fa4", "name": "website", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "website", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "website", "jsonType.label": "String" } }, { "id": "5fa66059-fe7c-458b-b8d6-45ab03272aca", "name": "birthdate", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "birthdate", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "birthdate", "jsonType.label": "String" } }, { "id": "f20d9783-ae51-4102-9204-deabd133c14c", "name": "zoneinfo", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "zoneinfo", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "zoneinfo", "jsonType.label": "String" } }, { "id": "7d604bc5-5371-4ed4-93a5-42748c494ad8", "name": "family name", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "lastName", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "family_name", "jsonType.label": "String" } }, { "id": "49588041-39bf-4db8-bef0-3da1a6266fdc", "name": "nickname", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "nickname", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "nickname", "jsonType.label": "String" } }, { "id": "723d1b26-e95c-4081-a500-3fb54110643f", "name": "gender", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "gender", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "gender", "jsonType.label": "String" } }, { "id": "1fd720f8-c6ad-4078-a551-5265ef3c2706", "name": "username", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "username", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "preferred_username", "jsonType.label": "String" } }, { "id": "0cb0ec7e-78b9-416b-9ba4-8de396f54370", "name": "locale", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "locale", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "locale", "jsonType.label": "String" } }, { "id": "018321b8-f748-45f0-ab77-507f90771ba2", "name": "updated at", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "updatedAt", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "updated_at", "jsonType.label": "long" } } ] }, { "id": "b4d66c90-2b7d-4b8c-b0b6-3a1da68fbbe5", "name": "offline_access", "description": "OpenID Connect built-in scope: offline_access", "protocol": "openid-connect", "attributes": { "consent.screen.text": "${offlineAccessScopeConsentText}", "display.on.consent.screen": "true" } } ], "defaultDefaultClientScopes": [ "email", "profile", "role_list", "web-origins", "acr", "roles" ], "defaultOptionalClientScopes": [ "phone", "microprofile-jwt", "address", "offline_access" ], "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", "xXSSProtection": "1; mode=block", "strictTransportSecurity": "max-age=31536000; includeSubDomains" }, "smtpServer": {}, "eventsEnabled": false, "eventsListeners": [ "jboss-logging" ], "enabledEventTypes": [], "adminEventsEnabled": false, "adminEventsDetailsEnabled": false, "identityProviders": [], "identityProviderMappers": [], "components": { "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ { "id": "7d8f07a2-1ad8-437b-a0fb-dddaf6a19609", "name": "Allowed Protocol Mapper Types", "providerId": "allowed-protocol-mappers", "subType": "authenticated", "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ "oidc-full-name-mapper", "oidc-usermodel-property-mapper", "oidc-address-mapper", "saml-role-list-mapper", "saml-user-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-attribute-mapper", "saml-user-property-mapper" ] } }, { "id": "c175b0ed-7573-41e5-abba-369529b07a53", "name": "Full Scope Disabled", "providerId": "scope", "subType": "anonymous", "subComponents": {}, "config": {} }, { "id": "8ebc08e2-228c-496e-b7da-69dc42c92a14", "name": "Max Clients Limit", "providerId": "max-clients", "subType": "anonymous", "subComponents": {}, "config": { "max-clients": [ "200" ] } }, { "id": "d9da6ad4-6e3d-41a1-8c32-1c69cbe57056", "name": "Trusted Hosts", "providerId": "trusted-hosts", "subType": "anonymous", "subComponents": {}, "config": { "host-sending-registration-request-must-match": [ "true" ], "client-uris-must-match": [ "true" ] } }, { "id": "19a31115-929c-4ed8-b283-05f66859950f", "name": "Consent Required", "providerId": "consent-required", "subType": "anonymous", "subComponents": {}, "config": {} }, { "id": "5b81e0dc-b3fc-4321-b528-1230c59ff88a", "name": "Allowed Client Scopes", "providerId": "allowed-client-templates", "subType": "anonymous", "subComponents": {}, "config": { "allow-default-scopes": [ "true" ] } }, { "id": "184f2264-c100-44ac-a834-a90beb294ad8", "name": "Allowed Protocol Mapper Types", "providerId": "allowed-protocol-mappers", "subType": "anonymous", "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ "oidc-usermodel-property-mapper", "oidc-address-mapper", "oidc-usermodel-attribute-mapper", "saml-role-list-mapper", "saml-user-property-mapper", "oidc-full-name-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-attribute-mapper" ] } }, { "id": "a65ea735-a7bd-4ba8-8503-0662f4f4b1b0", "name": "Allowed Client Scopes", "providerId": "allowed-client-templates", "subType": "authenticated", "subComponents": {}, "config": { "allow-default-scopes": [ "true" ] } } ], "org.keycloak.storage.UserStorageProvider": [ { "id": "07d754b4-9a08-42ff-af19-ab7bab41c5bc", "name": "ldap", "providerId": "ldap", "subComponents": { "org.keycloak.storage.ldap.mappers.LDAPStorageMapper": [ { "id": "48289bfe-8856-48ea-855c-0cca71b4b782", "name": "last name", "providerId": "user-attribute-ldap-mapper", "subComponents": {}, "config": { "ldap.attribute": [ "sn" ], "is.mandatory.in.ldap": [ "true" ], "always.read.value.from.ldap": [ "true" ], "read.only": [ "false" ], "user.model.attribute": [ "lastName" ] } }, { "id": "2c89c6af-a7f3-4659-8bf7-48a077dafcb3", "name": "username", "providerId": "user-attribute-ldap-mapper", "subComponents": {}, "config": { "ldap.attribute": [ "uid" ], "is.mandatory.in.ldap": [ "true" ], "always.read.value.from.ldap": [ "false" ], "read.only": [ "false" ], "user.model.attribute": [ "username" ] } }, { "id": "3aa14e04-5eaf-42fe-a5ef-49bdf5014bb7", "name": "first name", "providerId": "user-attribute-ldap-mapper", "subComponents": {}, "config": { "ldap.attribute": [ "cn" ], "is.mandatory.in.ldap": [ "true" ], "read.only": [ "false" ], "always.read.value.from.ldap": [ "true" ], "user.model.attribute": [ "firstName" ] } }, { "id": "e543cb04-35fa-4e22-b0ae-68d49e781771", "name": "modify date", "providerId": "user-attribute-ldap-mapper", "subComponents": {}, "config": { "ldap.attribute": [ "whenChanged" ], "is.mandatory.in.ldap": [ "false" ], "always.read.value.from.ldap": [ "true" ], "read.only": [ "true" ], "user.model.attribute": [ "modifyTimestamp" ] } }, { "id": "1fb68e47-6ea2-4553-92af-8a0be592c5cc", "name": "uid", "providerId": "user-attribute-ldap-mapper", "subComponents": {}, "config": { "ldap.attribute": [ "uid" ], "attribute.force.default": [ "true" ], "is.mandatory.in.ldap": [ "false" ], "is.binary.attribute": [ "false" ], "always.read.value.from.ldap": [ "false" ], "read.only": [ "false" ], "user.model.attribute": [ "uid" ] } }, { "id": "7f9d827d-271e-4c3f-9690-ff22fdd390af", "name": "MSAD account controls", "providerId": "msad-user-account-control-mapper", "subComponents": {}, "config": { "always.read.enabled.value.from.ldap": [ "true" ] } }, { "id": "6c4a9108-74fc-4a0c-90fd-9a3174a8d3bc", "name": "email", "providerId": "user-attribute-ldap-mapper", "subComponents": {}, "config": { "ldap.attribute": [ "mail" ], "is.mandatory.in.ldap": [ "false" ], "read.only": [ "false" ], "always.read.value.from.ldap": [ "false" ], "user.model.attribute": [ "email" ] } }, { "id": "3171dc5b-d99e-4035-a2ff-2f03fe65f2a1", "name": "creation date", "providerId": "user-attribute-ldap-mapper", "subComponents": {}, "config": { "ldap.attribute": [ "whenCreated" ], "is.mandatory.in.ldap": [ "false" ], "always.read.value.from.ldap": [ "true" ], "read.only": [ "true" ], "user.model.attribute": [ "createTimestamp" ] } } ] }, "config": { "pagination": [ "false" ], "fullSyncPeriod": [ "-1" ], "startTls": [ "false" ], "connectionPooling": [ "false" ], "usersDn": [ "ou=users,ou=ninegate,dc=nine,dc=org" ], "cachePolicy": [ "DEFAULT" ], "useKerberosForPasswordAuthentication": [ "false" ], "importEnabled": [ "true" ], "enabled": [ "true" ], "usernameLDAPAttribute": [ "uid" ], "bindCredential": [ "**********" ], "bindDn": [ "cn=admin,dc=nine,dc=org" ], "changedSyncPeriod": [ "-1" ], "vendor": [ "ad" ], "uuidLDAPAttribute": [ "objectGUID" ], "connectionUrl": [ "ldap://openldap:1389" ], "allowKerberosAuthentication": [ "false" ], "syncRegistrations": [ "true" ], "authType": [ "simple" ], "krbPrincipalAttribute": [ "userPrincipalName" ], "customUserSearchFilter": [ "(&(uid=*)(objectClass=person)(!(description=Computer)))" ], "searchScope": [ "2" ], "useTruststoreSpi": [ "always" ], "usePasswordModifyExtendedOp": [ "false" ], "trustEmail": [ "false" ], "userObjectClasses": [ "person, organizationalPerson" ], "rdnLDAPAttribute": [ "uid" ], "editMode": [ "WRITABLE" ], "validatePasswordPolicy": [ "false" ] } } ], "org.keycloak.keys.KeyProvider": [ { "id": "df22ebed-8475-49e4-acd9-4422b395522b", "name": "rsa-enc-generated", "providerId": "rsa-enc-generated", "subComponents": {}, "config": { "priority": [ "100" ], "algorithm": [ "RSA-OAEP" ] } }, { "id": "0e2648f3-0951-45fc-828b-c2eae4f9d61b", "name": "rsa-generated", "providerId": "rsa-generated", "subComponents": {}, "config": { "priority": [ "100" ] } }, { "id": "deb744d6-cae4-46b4-b0ab-35e4ec4c6372", "name": "aes-generated", "providerId": "aes-generated", "subComponents": {}, "config": { "priority": [ "100" ] } }, { "id": "6c9e1c1b-5dd2-4b2f-8053-bf6965ef7814", "name": "hmac-generated-hs512", "providerId": "hmac-generated", "subComponents": {}, "config": { "priority": [ "100" ], "algorithm": [ "HS512" ] } } ] }, "internationalizationEnabled": false, "supportedLocales": [], "authenticationFlows": [ { "id": "24d76edc-f347-411a-be52-7ac99ebeca2d", "alias": "Account verification options", "description": "Method with which to verity the existing account", "providerId": "basic-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticator": "idp-email-verification", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", "userSetupAllowed": false } ] }, { "id": "e8fcb0f3-e1d5-4ba2-9e07-61f99a150fd0", "alias": "Browser - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticator": "conditional-user-configured", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, "autheticatorFlow": false, "userSetupAllowed": false } ] }, { "id": "3c1ab2d9-f204-429d-abf7-1fbb53316fa1", "alias": "Direct Grant - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticator": "conditional-user-configured", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, "autheticatorFlow": false, "userSetupAllowed": false } ] }, { "id": "1c43d63d-8e7c-4c27-bc73-7b852f2799b7", "alias": "First broker login - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticator": "conditional-user-configured", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, "autheticatorFlow": false, "userSetupAllowed": false } ] }, { "id": "665744ab-da23-4646-aa24-8511bc7d0962", "alias": "Handle Existing Account", "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", "providerId": "basic-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticator": "idp-confirm-link", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, "autheticatorFlow": true, "flowAlias": "Account verification options", "userSetupAllowed": false } ] }, { "id": "127b8ccf-7176-4cca-bae6-97e51b0a2279", "alias": "Reset - Conditional OTP", "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", "providerId": "basic-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticator": "conditional-user-configured", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, "autheticatorFlow": false, "userSetupAllowed": false } ] }, { "id": "128b8c42-fddf-4765-af6a-b7ee82c1f8d1", "alias": "User creation or linking", "description": "Flow for the existing/non-existing user alternatives", "providerId": "basic-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticatorConfig": "create unique user config", "authenticator": "idp-create-user-if-unique", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, "autheticatorFlow": true, "flowAlias": "Handle Existing Account", "userSetupAllowed": false } ] }, { "id": "4710f396-71cc-46bd-bbb6-73051af4d20a", "alias": "Verify Existing Account by Re-authentication", "description": "Reauthentication of existing account", "providerId": "basic-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticator": "idp-username-password-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", "userSetupAllowed": false } ] }, { "id": "23a1908a-3d1f-47e2-b222-361e9f872d50", "alias": "browser", "description": "browser based authentication", "providerId": "basic-flow", "topLevel": true, "builtIn": true, "authenticationExecutions": [ { "authenticator": "auth-cookie", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, "autheticatorFlow": true, "flowAlias": "forms", "userSetupAllowed": false } ] }, { "id": "445371a3-c27e-4bdd-94e8-b533e6f7e72d", "alias": "clients", "description": "Base authentication for clients", "providerId": "client-flow", "topLevel": true, "builtIn": true, "authenticationExecutions": [ { "authenticator": "client-secret", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, "autheticatorFlow": false, "userSetupAllowed": false } ] }, { "id": "e6159418-8749-4dff-b018-a456658f54a4", "alias": "direct grant", "description": "OpenID Connect Resource Owner Grant", "providerId": "basic-flow", "topLevel": true, "builtIn": true, "authenticationExecutions": [ { "authenticator": "direct-grant-validate-username", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", "userSetupAllowed": false } ] }, { "id": "ea4d05bb-a6fd-4fc1-8ced-8b89f50b02aa", "alias": "docker auth", "description": "Used by Docker clients to authenticate against the IDP", "providerId": "basic-flow", "topLevel": true, "builtIn": true, "authenticationExecutions": [ { "authenticator": "docker-http-basic-authenticator", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false } ] }, { "id": "c709c861-45a0-4858-bd87-32f5cb72a9f6", "alias": "first broker login", "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", "providerId": "basic-flow", "topLevel": true, "builtIn": true, "authenticationExecutions": [ { "authenticatorConfig": "review profile config", "authenticator": "idp-review-profile", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, "autheticatorFlow": true, "flowAlias": "User creation or linking", "userSetupAllowed": false } ] }, { "id": "f6f99d89-3ac7-4809-b977-d06cf4d9cdea", "alias": "forms", "description": "Username, password, otp and other auth forms.", "providerId": "basic-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticator": "auth-username-password-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", "userSetupAllowed": false } ] }, { "id": "5c880cfe-e105-4a90-8a4f-1c07884746a3", "alias": "registration", "description": "registration flow", "providerId": "basic-flow", "topLevel": true, "builtIn": true, "authenticationExecutions": [ { "authenticator": "registration-page-form", "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": true, "flowAlias": "registration form", "userSetupAllowed": false } ] }, { "id": "aa1bff17-3087-4861-9cfa-952aee95c3b4", "alias": "registration form", "description": "registration form", "providerId": "form-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticator": "registration-user-creation", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "registration-terms-and-conditions", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 70, "autheticatorFlow": false, "userSetupAllowed": false } ] }, { "id": "31c4e4a2-741a-4700-8103-34ffb7f1f988", "alias": "reset credentials", "description": "Reset credentials for a user if they forgot their password or something", "providerId": "basic-flow", "topLevel": true, "builtIn": true, "authenticationExecutions": [ { "authenticator": "reset-credentials-choose-user", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", "userSetupAllowed": false } ] }, { "id": "25006f99-1387-4f85-bbbc-2c855363398a", "alias": "saml ecp", "description": "SAML ECP Profile Authentication Flow", "providerId": "basic-flow", "topLevel": true, "builtIn": true, "authenticationExecutions": [ { "authenticator": "http-basic-authenticator", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false } ] } ], "authenticatorConfig": [ { "id": "8adecce6-e496-4d0c-ab43-bc0ff70e6bab", "alias": "create unique user config", "config": { "require.password.update.after.registration": "false" } }, { "id": "d4fc3141-292a-4542-b3ec-8b872dbc2004", "alias": "review profile config", "config": { "update.profile.on.first.login": "missing" } } ], "requiredActions": [ { "alias": "CONFIGURE_TOTP", "name": "Configure OTP", "providerId": "CONFIGURE_TOTP", "enabled": true, "defaultAction": false, "priority": 10, "config": {} }, { "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, "config": {} }, { "alias": "UPDATE_PASSWORD", "name": "Update Password", "providerId": "UPDATE_PASSWORD", "enabled": true, "defaultAction": false, "priority": 30, "config": {} }, { "alias": "UPDATE_PROFILE", "name": "Update Profile", "providerId": "UPDATE_PROFILE", "enabled": true, "defaultAction": false, "priority": 40, "config": {} }, { "alias": "VERIFY_EMAIL", "name": "Verify Email", "providerId": "VERIFY_EMAIL", "enabled": true, "defaultAction": false, "priority": 50, "config": {} }, { "alias": "delete_account", "name": "Delete Account", "providerId": "delete_account", "enabled": false, "defaultAction": false, "priority": 60, "config": {} }, { "alias": "webauthn-register", "name": "Webauthn Register", "providerId": "webauthn-register", "enabled": true, "defaultAction": false, "priority": 70, "config": {} }, { "alias": "webauthn-register-passwordless", "name": "Webauthn Register Passwordless", "providerId": "webauthn-register-passwordless", "enabled": true, "defaultAction": false, "priority": 80, "config": {} }, { "alias": "VERIFY_PROFILE", "name": "Verify Profile", "providerId": "VERIFY_PROFILE", "enabled": true, "defaultAction": false, "priority": 90, "config": {} }, { "alias": "delete_credential", "name": "Delete Credential", "providerId": "delete_credential", "enabled": true, "defaultAction": false, "priority": 100, "config": {} }, { "alias": "update_user_locale", "name": "Update User Locale", "providerId": "update_user_locale", "enabled": true, "defaultAction": false, "priority": 1000, "config": {} } ], "browserFlow": "browser", "registrationFlow": "registration", "directGrantFlow": "direct grant", "resetCredentialsFlow": "reset credentials", "clientAuthenticationFlow": "clients", "dockerAuthenticationFlow": "docker auth", "firstBrokerLoginFlow": "first broker login", "attributes": { "cibaBackchannelTokenDeliveryMode": "poll", "cibaExpiresIn": "120", "cibaAuthRequestedUserHint": "login_hint", "oauth2DeviceCodeLifespan": "600", "oauth2DevicePollingInterval": "5", "parRequestUriLifespan": "60", "cibaInterval": "5", "realmReusableOtpCode": "false" }, "keycloakVersion": "24.0.5", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] }, "clientPolicies": { "policies": [] } }