From c16de013bf84ed80690fe266a8215b724be933f6 Mon Sep 17 00:00:00 2001 From: Lazar Bulic Date: Sun, 9 Mar 2025 01:33:54 +0100 Subject: [PATCH 1/3] Included client_assertion_type and client_assertion when other auth methods are not set --- .../vertx/ext/auth/oauth2/impl/OAuth2API.java | 22 ++++++++----------- 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/vertx-auth-oauth2/src/main/java/io/vertx/ext/auth/oauth2/impl/OAuth2API.java b/vertx-auth-oauth2/src/main/java/io/vertx/ext/auth/oauth2/impl/OAuth2API.java index e8582def9..f1d10a396 100644 --- a/vertx-auth-oauth2/src/main/java/io/vertx/ext/auth/oauth2/impl/OAuth2API.java +++ b/vertx-auth-oauth2/src/main/java/io/vertx/ext/auth/oauth2/impl/OAuth2API.java @@ -180,19 +180,7 @@ public Future token(String grantType, JsonObject params) { form.put("grant_type", grantType); - if (!clientAuthentication(headers, form)) { - String clientId = config.getClientId(); - if (clientId == null) { - if (config.getClientAssertionType() != null) { - form - .put("client_assertion_type", config.getClientAssertionType()); - } - if (config.getClientAssertion() != null) { - form - .put("client_assertion", config.getClientAssertion()); - } - } - } + clientAuthentication(headers, form); headers.put("Content-Type", "application/x-www-form-urlencoded"); final Buffer payload = SimpleHttpClient.jsonToQuery(form); @@ -428,6 +416,14 @@ private boolean clientAuthentication(JsonObject headers, JsonObject form) { if (config.getClientId() != null) { form.put("client_id", config.getClientId()); } + if (config.getClientAssertionType() != null) { + form + .put("client_assertion_type", config.getClientAssertionType()); + } + if (config.getClientAssertion() != null) { + form + .put("client_assertion", config.getClientAssertion()); + } } return confidentialClient; From b97026ae209e0de7ac7b8d42ab803abbc98a35cc Mon Sep 17 00:00:00 2001 From: Lazar Bulic Date: Tue, 25 Mar 2025 01:25:12 +0100 Subject: [PATCH 2/3] Add tests to verify client authentication via client assertion --- .../src/main/java/module-info.java | 2 +- .../src/main/java/module-info.java | 2 + .../io/vertx/tests/OAuth2AuthCodeTest.java | 62 +- .../io/vertx/tests/OAuth2Keycloak14IT.java | 49 + .../src/test/java/module-info.java | 17 + .../src/test/resources/vertx-it-realm.json | 7164 +++++------------ 6 files changed, 2305 insertions(+), 4991 deletions(-) create mode 100644 vertx-auth-oauth2/src/test/java/module-info.java diff --git a/vertx-auth-common/src/main/java/module-info.java b/vertx-auth-common/src/main/java/module-info.java index 374936ce2..e9b4374b1 100644 --- a/vertx-auth-common/src/main/java/module-info.java +++ b/vertx-auth-common/src/main/java/module-info.java @@ -39,6 +39,6 @@ exports io.vertx.ext.auth.impl.cose to io.vertx.auth.webauthn, io.vertx.auth.webauthn4j, io.vertx.tests; exports io.vertx.ext.auth.impl.asn to io.vertx.auth.webauthn, io.vertx.auth.webauthn4j; exports io.vertx.ext.auth.authorization.impl to io.vertx.auth.abac; - exports io.vertx.ext.auth.impl.http to io.vertx.auth.oauth2, io.vertx.auth.webauthn, io.vertx.auth.webauthn4j; + exports io.vertx.ext.auth.impl.http to io.vertx.auth.oauth2, io.vertx.auth.webauthn, io.vertx.auth.webauthn4j, io.vertx.tests; } diff --git a/vertx-auth-oauth2/src/main/java/module-info.java b/vertx-auth-oauth2/src/main/java/module-info.java index ce45a2566..b9329cd11 100644 --- a/vertx-auth-oauth2/src/main/java/module-info.java +++ b/vertx-auth-oauth2/src/main/java/module-info.java @@ -21,4 +21,6 @@ requires static io.vertx.codegen.json; requires static io.vertx.docgen; + exports io.vertx.ext.auth.oauth2.impl to io.vertx.tests; + } diff --git a/vertx-auth-oauth2/src/test/java/io/vertx/tests/OAuth2AuthCodeTest.java b/vertx-auth-oauth2/src/test/java/io/vertx/tests/OAuth2AuthCodeTest.java index 7e2f16275..849411073 100644 --- a/vertx-auth-oauth2/src/test/java/io/vertx/tests/OAuth2AuthCodeTest.java +++ b/vertx-auth-oauth2/src/test/java/io/vertx/tests/OAuth2AuthCodeTest.java @@ -56,6 +56,20 @@ public class OAuth2AuthCodeTest { .put("redirect_uri", "http://callback.com") .put("grant_type", "authorization_code"); + private static final Credentials tokenConfigSecretJwt = new Oauth2Credentials() + .setFlow(OAuth2FlowType.AUTH_CODE) + .setCode("code") + .setRedirectUri("http://callback.com") + .setAssertion("eyJhb"); + + private static final JsonObject oauthConfigSecretJwt = new JsonObject() + .put("code", "code") + .put("redirect_uri", "http://callback.com") + .put("client_assertion", "eyJhb") + .put("grant_type", "authorization_code") + .put("client_id", "client-id") + .put("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"); + private static final OAuth2AuthorizationURL authorizeConfig = new OAuth2AuthorizationURL() .setRedirectUri("http://localhost:3000/callback") .addScope("user") @@ -75,15 +89,26 @@ public void setUp(TestContext should) throws Exception { .connectionHandler(c -> connectionCounter++) .requestHandler(req -> { if (req.method() == HttpMethod.POST && "/oauth/token".equals(req.path())) { - should.assertEquals("Basic Y2xpZW50LWlkOmNsaWVudC1zZWNyZXQ=", req.getHeader("Authorization")); - req.setExpectMultipart(true).bodyHandler(buffer -> { - try { - should.assertEquals(config, SimpleHttpClient.queryToJson(buffer)); - req.response().putHeader("Content-Type", "application/json").end(fixtureTokens.encode()); - } catch (UnsupportedEncodingException e) { - should.fail(e); - } - }); + if (req.getHeader("Authorization") != null) { + should.assertEquals("Basic Y2xpZW50LWlkOmNsaWVudC1zZWNyZXQ=", req.getHeader("Authorization")); + req.setExpectMultipart(true).bodyHandler(buffer -> { + try { + should.assertEquals(config, SimpleHttpClient.queryToJson(buffer)); + req.response().putHeader("Content-Type", "application/json").end(fixtureTokens.encode()); + } catch (UnsupportedEncodingException e) { + should.fail(e); + } + }); + } else { + req.setExpectMultipart(true).bodyHandler(buffer -> { + try { + should.assertEquals(config, SimpleHttpClient.queryToJson(buffer)); + req.response().putHeader("Content-Type", "application/json").end(fixtureTokens.encode()); + } catch (UnsupportedEncodingException e) { + should.fail(e); + } + }); + } } else if (req.method() == HttpMethod.GET && "/oauth/jwks".equals(req.path())) { req.bodyHandler(buffer -> { req.response().putHeader("Content-Type", "application/json").end(fixtureJwks.encode()); @@ -152,6 +177,25 @@ public void getToken(TestContext should) { }); } + @Test + public void getTokenWithClientSecretJwt(TestContext should) { + final Async test = should.async(); + + config = oauthConfigSecretJwt; + oauth2 = OAuth2Auth.create(rule.vertx(), new OAuth2Options() + .setClientId(oauthConfigSecretJwt.getString("client_id")) + .setClientAssertionType(oauthConfigSecretJwt.getString("client_assertion_type")) + .setSite("http://localhost:" + currentPort)); + oauth2.authenticate(tokenConfigSecretJwt) + .onFailure(should::fail) + .onSuccess(token -> { + should.assertNotNull(token); + should.assertNotNull(token.principal()); + should.assertNotNull(token.principal().getString("access_token")); + test.complete(); + }); + } + @Test public void testConnectionReuse(TestContext should) { final Async test = should.async(); diff --git a/vertx-auth-oauth2/src/test/java/io/vertx/tests/OAuth2Keycloak14IT.java b/vertx-auth-oauth2/src/test/java/io/vertx/tests/OAuth2Keycloak14IT.java index c2c630b96..38fd694d0 100644 --- a/vertx-auth-oauth2/src/test/java/io/vertx/tests/OAuth2Keycloak14IT.java +++ b/vertx-auth-oauth2/src/test/java/io/vertx/tests/OAuth2Keycloak14IT.java @@ -2,10 +2,15 @@ import io.vertx.core.Future; import io.vertx.core.Promise; +import io.vertx.core.json.JsonObject; import io.vertx.ext.auth.JWTOptions; +import io.vertx.ext.auth.PubSecKeyOptions; import io.vertx.ext.auth.User; import io.vertx.ext.auth.authentication.TokenCredentials; import io.vertx.ext.auth.authorization.RoleBasedAuthorization; +import io.vertx.ext.auth.impl.jose.JWT; +import io.vertx.ext.auth.jwt.JWTAuth; +import io.vertx.ext.auth.jwt.JWTAuthOptions; import io.vertx.ext.auth.jwt.authorization.MicroProfileAuthorization; import io.vertx.ext.auth.oauth2.OAuth2Auth; import io.vertx.ext.auth.oauth2.OAuth2FlowType; @@ -27,9 +32,12 @@ import org.testcontainers.containers.GenericContainer; import org.testcontainers.containers.wait.strategy.Wait; +import java.time.Instant; +import java.time.temporal.ChronoUnit; import java.util.Arrays; import java.util.Collections; import java.util.List; +import java.util.UUID; @RunWith(Parameterized.class) @Parameterized.UseParametersRunnerFactory(VertxUnitRunnerWithParametersFactory.class) @@ -453,6 +461,47 @@ public void discoverGetTokenFromFrontEndPerformAuthWithBorkendWillFail(TestConte }); } + @Test + public void hardTest(TestContext should) { + final Async test = should.async(); + + OAuth2Options options = new OAuth2Options() + .setClientId("confidential-client-authenticator-signed-jwt") + .setTenant("vertx-it") + .setClientAssertionType("urn:ietf:params:oauth:client-assertion-type:jwt-bearer") + .setSite(site + "/auth/realms/{tenant}"); + + options.getHttpClientOptions().setTrustAll(true); + + KeycloakAuth.discover(rule.vertx(), options) + .onFailure(should::fail) + .onSuccess(oauth2 -> { + + JWTAuth provider = JWTAuth.create(rule.vertx(), new JWTAuthOptions() + .addPubSecKey(new PubSecKeyOptions() + .setAlgorithm("HS256") + .setBuffer("4120c155-7cd0-4c62-9dff-cfd36a1244f6")) + .setJWTOptions(new JWTOptions() + .addAudience(String.format("%s/auth/realms/%s/protocol/openid-connect/token", site, "vertx-it")) + .setSubject("confidential-client-authenticator-signed-jwt") + .setIssuer("confidential-client-authenticator-signed-jwt") + .setExpiresInSeconds(60))); + String token = provider.generateToken(new JsonObject().put("jti", UUID.randomUUID().toString())); + + oauth2.authenticate(new Oauth2Credentials() + .setFlow(OAuth2FlowType.AUTH_CODE) + .setCode("testCode") + .setAssertion(token)) + .onFailure(exception -> { + //this is a hacky way to check if authentication was successful without performing complicated code flow inside test + //if we get invalid code exception, it means that authentication was successful but code is invalid as expected + should.assertEquals("invalid_grant: Code not valid", exception.getMessage()); + test.complete(); + }) + .onSuccess(result -> should.fail("This test should not succeed as we sent invalid code")) ; + }); + } + private Future loginAs(OAuth2Auth oauth2, TestContext should, String username, String audience, List scopes) { final Promise promise = Promise.promise(); diff --git a/vertx-auth-oauth2/src/test/java/module-info.java b/vertx-auth-oauth2/src/test/java/module-info.java new file mode 100644 index 000000000..694f041da --- /dev/null +++ b/vertx-auth-oauth2/src/test/java/module-info.java @@ -0,0 +1,17 @@ +/* + * Copyright (c) 2011-2024 Contributors to the Eclipse Foundation + * + * This program and the accompanying materials are made available under the + * terms of the Eclipse Public License 2.0 which is available at + * http://www.eclipse.org/legal/epl-2.0, or the Apache License, Version 2.0 + * which is available at https://www.apache.org/licenses/LICENSE-2.0. + * + * SPDX-License-Identifier: EPL-2.0 OR Apache-2.0 + */ +open module io.vertx.tests { + requires io.vertx.auth.oauth2; + requires io.vertx.auth.jwt; + requires io.vertx.auth.common; + requires io.vertx.testing.unit; + requires junit; +} diff --git a/vertx-auth-oauth2/src/test/resources/vertx-it-realm.json b/vertx-auth-oauth2/src/test/resources/vertx-it-realm.json index 1860a956a..33d48ff82 100644 --- a/vertx-auth-oauth2/src/test/resources/vertx-it-realm.json +++ b/vertx-auth-oauth2/src/test/resources/vertx-it-realm.json @@ -1,5016 +1,2218 @@ -[ - { - "id": "master", - "realm": "master", - "displayName": "Keycloak", - "displayNameHtml": "
Keycloak
", - "notBefore": 0, - "defaultSignatureAlgorithm": "RS256", - "revokeRefreshToken": false, - "refreshTokenMaxReuse": 0, - "accessTokenLifespan": 60, - "accessTokenLifespanForImplicitFlow": 900, - "ssoSessionIdleTimeout": 1800, - "ssoSessionMaxLifespan": 36000, - "ssoSessionIdleTimeoutRememberMe": 0, - "ssoSessionMaxLifespanRememberMe": 0, - "offlineSessionIdleTimeout": 2592000, - "offlineSessionMaxLifespanEnabled": false, - "offlineSessionMaxLifespan": 5184000, - "clientSessionIdleTimeout": 0, - "clientSessionMaxLifespan": 0, - "clientOfflineSessionIdleTimeout": 0, - "clientOfflineSessionMaxLifespan": 0, - "accessCodeLifespan": 60, - "accessCodeLifespanUserAction": 300, - "accessCodeLifespanLogin": 1800, - "actionTokenGeneratedByAdminLifespan": 43200, - "actionTokenGeneratedByUserLifespan": 300, - "oauth2DeviceCodeLifespan": 600, - "oauth2DevicePollingInterval": 600, - "enabled": true, - "sslRequired": "external", - "registrationAllowed": false, - "registrationEmailAsUsername": false, - "rememberMe": false, - "verifyEmail": false, - "loginWithEmailAllowed": true, - "duplicateEmailsAllowed": false, - "resetPasswordAllowed": false, - "editUsernameAllowed": false, - "bruteForceProtected": false, - "permanentLockout": false, - "maxFailureWaitSeconds": 900, - "minimumQuickLoginWaitSeconds": 60, - "waitIncrementSeconds": 60, - "quickLoginCheckMilliSeconds": 1000, - "maxDeltaTimeSeconds": 43200, - "failureFactor": 30, - "roles": { - "realm": [ - { - "id": "5aadcaa0-131c-4e88-a999-2d8c76a1c6aa", - "name": "admin", - "description": "${role_admin}", - "composite": true, - "composites": { - "realm": [ - "create-realm" - ], - "client": { - "vertx-it-realm": [ - "create-client", - "manage-realm", - "manage-events", - "view-authorization", - "manage-identity-providers", - "view-events", - "impersonation", - "query-users", - "view-users", - "manage-authorization", - "view-identity-providers", - "query-realms", - "manage-clients", - "query-groups", - "view-clients", - "view-realm", - "manage-users", - "query-clients" - ], - "master-realm": [ - "view-users", - "view-realm", - "query-groups", - "manage-identity-providers", - "query-clients", - "manage-realm", - "manage-events", - "view-clients", - "query-realms", - "view-identity-providers", - "impersonation", - "query-users", - "manage-authorization", - "view-events", - "manage-clients", - "manage-users", - "view-authorization", - "create-client" - ] - } - }, - "clientRole": false, - "containerId": "master", - "attributes": {} - }, - { - "id": "df59381f-c61f-497d-9189-fcc35385c674", - "name": "offline_access", - "description": "${role_offline-access}", - "composite": false, - "clientRole": false, - "containerId": "master", - "attributes": {} - }, - { - "id": "72f30d4f-10b8-49d9-afa9-5d5eee6a80b0", - "name": "create-realm", - "description": "${role_create-realm}", - "composite": false, - "clientRole": false, - "containerId": "master", - "attributes": {} - }, - { - "id": "4828ec89-5ff7-4e9b-8149-5793a591614a", - "name": "uma_authorization", - "description": "${role_uma_authorization}", - "composite": false, - "clientRole": false, - "containerId": "master", - "attributes": {} - }, - { - "id": "334cce89-9f6c-4333-a6bb-d6fe64bf6eec", - "name": "default-roles-master", - "description": "${role_default-roles}", - "composite": true, - "composites": { - "realm": [ - "offline_access", - "uma_authorization" - ], - "client": { - "account": [ - "view-profile", - "manage-account" - ] - } - }, - "clientRole": false, - "containerId": "master", - "attributes": {} +{ + "id" : "vertx-it", + "realm" : "vertx-it", + "notBefore" : 0, + "defaultSignatureAlgorithm" : "RS256", + "revokeRefreshToken" : false, + "refreshTokenMaxReuse" : 0, + "accessTokenLifespan" : 300, + "accessTokenLifespanForImplicitFlow" : 900, + "ssoSessionIdleTimeout" : 1800, + "ssoSessionMaxLifespan" : 36000, + "ssoSessionIdleTimeoutRememberMe" : 0, + "ssoSessionMaxLifespanRememberMe" : 0, + "offlineSessionIdleTimeout" : 2592000, + "offlineSessionMaxLifespanEnabled" : false, + "offlineSessionMaxLifespan" : 5184000, + "clientSessionIdleTimeout" : 0, + "clientSessionMaxLifespan" : 0, + "clientOfflineSessionIdleTimeout" : 0, + "clientOfflineSessionMaxLifespan" : 0, + "accessCodeLifespan" : 60, + "accessCodeLifespanUserAction" : 300, + "accessCodeLifespanLogin" : 1800, + "actionTokenGeneratedByAdminLifespan" : 43200, + "actionTokenGeneratedByUserLifespan" : 300, + "oauth2DeviceCodeLifespan" : 600, + "oauth2DevicePollingInterval" : 5, + "enabled" : true, + "sslRequired" : "external", + "registrationAllowed" : false, + "registrationEmailAsUsername" : false, + "rememberMe" : false, + "verifyEmail" : false, + "loginWithEmailAllowed" : true, + "duplicateEmailsAllowed" : false, + "resetPasswordAllowed" : false, + "editUsernameAllowed" : false, + "bruteForceProtected" : false, + "permanentLockout" : false, + "maxFailureWaitSeconds" : 900, + "minimumQuickLoginWaitSeconds" : 60, + "waitIncrementSeconds" : 60, + "quickLoginCheckMilliSeconds" : 1000, + "maxDeltaTimeSeconds" : 43200, + "failureFactor" : 30, + "roles" : { + "realm" : [ { + "id" : "d407f537-b5c4-43a5-8c57-748b37f077fd", + "name" : "uma_authorization", + "description" : "${role_uma_authorization}", + "composite" : false, + "clientRole" : false, + "containerId" : "vertx-it", + "attributes" : { } + }, { + "id" : "5d9c6f56-fcf4-457f-a35b-cc325fb1f5d2", + "name" : "offline_access", + "description" : "${role_offline-access}", + "composite" : false, + "clientRole" : false, + "containerId" : "vertx-it", + "attributes" : { } + }, { + "id" : "08e4592d-5790-46d9-9a78-b96c95a4d02d", + "name" : "default-roles-vertx-it", + "description" : "${role_default-roles}", + "composite" : true, + "composites" : { + "realm" : [ "offline_access", "uma_authorization" ], + "client" : { + "account" : [ "manage-account", "view-profile" ] } - ], - "client": { - "security-admin-console": [], - "vertx-it-realm": [ - { - "id": "86d7535f-210a-463b-b5e5-ceeb00d00be9", - "name": "create-client", - "description": "${role_create-client}", - "composite": false, - "clientRole": true, - "containerId": "e077db7e-2fc4-4f4c-9f33-0bacdbdbefde", - "attributes": {} - }, - { - "id": "9be80c8d-3149-439b-80af-a4a7d2583585", - "name": "manage-realm", - "description": "${role_manage-realm}", - "composite": false, - "clientRole": true, - "containerId": "e077db7e-2fc4-4f4c-9f33-0bacdbdbefde", - "attributes": {} - }, - { - "id": "2c0b5a30-5bbc-4907-8e40-a966fc139cd7", - "name": "manage-events", - "description": "${role_manage-events}", - "composite": false, - "clientRole": true, - "containerId": "e077db7e-2fc4-4f4c-9f33-0bacdbdbefde", - "attributes": {} - }, - { - "id": "19d79fb1-edac-4661-8eaf-091ca4e6cb24", - "name": "manage-clients", - "description": "${role_manage-clients}", - "composite": false, - "clientRole": true, - "containerId": "e077db7e-2fc4-4f4c-9f33-0bacdbdbefde", - "attributes": {} - }, - { - "id": "8b952035-ed45-4c1b-a9d9-f6fc0bd8ec15", - "name": "view-authorization", - "description": "${role_view-authorization}", - "composite": false, - "clientRole": true, - "containerId": "e077db7e-2fc4-4f4c-9f33-0bacdbdbefde", - "attributes": {} - }, - { - "id": "875870d7-07d0-4bf8-a272-1cea22f6bc89", - "name": "manage-identity-providers", - "description": "${role_manage-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "e077db7e-2fc4-4f4c-9f33-0bacdbdbefde", - "attributes": {} - }, - { - "id": "951baa31-146e-4ca8-adb4-28361c1d0661", - "name": "query-groups", - "description": "${role_query-groups}", - "composite": false, - "clientRole": true, - "containerId": "e077db7e-2fc4-4f4c-9f33-0bacdbdbefde", - "attributes": {} - }, - { - "id": "b7dca8be-89f5-40ed-bfe8-1ab36aae598b", - "name": "impersonation", - "description": "${role_impersonation}", - "composite": false, - "clientRole": true, - "containerId": "e077db7e-2fc4-4f4c-9f33-0bacdbdbefde", - "attributes": {} - }, - { - "id": "e96734a8-9c5f-4220-a3bc-d3e6f2b52085", - "name": "view-clients", - "description": "${role_view-clients}", - "composite": true, - "composites": { - "client": { - "vertx-it-realm": [ - "query-clients" - ] - } - }, - "clientRole": true, - "containerId": "e077db7e-2fc4-4f4c-9f33-0bacdbdbefde", - "attributes": {} - }, - { - "id": "1f690a6a-32c0-48be-86ac-216a50e3aaf4", - "name": "view-events", - "description": "${role_view-events}", - "composite": false, - "clientRole": true, - "containerId": "e077db7e-2fc4-4f4c-9f33-0bacdbdbefde", - "attributes": {} - }, - { - "id": "05d26725-e22a-435d-a1a3-abe3ac172a0e", - "name": "query-users", - "description": "${role_query-users}", - "composite": false, - "clientRole": true, - "containerId": "e077db7e-2fc4-4f4c-9f33-0bacdbdbefde", - "attributes": {} - }, - { - "id": "d9f5e3fd-3871-4405-9cd1-60c9dba04474", - "name": "manage-users", - "description": "${role_manage-users}", - "composite": false, - "clientRole": true, - "containerId": "e077db7e-2fc4-4f4c-9f33-0bacdbdbefde", - "attributes": {} - }, - { - "id": "2320bb68-09bd-4209-a6ad-9d4f21007f63", - "name": "view-realm", - "description": "${role_view-realm}", - "composite": false, - "clientRole": true, - "containerId": "e077db7e-2fc4-4f4c-9f33-0bacdbdbefde", - "attributes": {} - }, - { - "id": "f66f2e2b-7922-48fb-8fb1-6c1468adf030", - "name": "view-users", - "description": "${role_view-users}", - "composite": true, - "composites": { - "client": { - "vertx-it-realm": [ - "query-groups", - "query-users" - ] - } - }, - "clientRole": true, - "containerId": "e077db7e-2fc4-4f4c-9f33-0bacdbdbefde", - "attributes": {} - }, - { - "id": "9dceb9f4-9ade-4f77-ac22-bd1ffbe56625", - "name": "manage-authorization", - "description": "${role_manage-authorization}", - "composite": false, - "clientRole": true, - "containerId": "e077db7e-2fc4-4f4c-9f33-0bacdbdbefde", - "attributes": {} - }, - { - "id": "6a8360e3-1325-4461-bedc-a5cd86f67e93", - "name": "query-clients", - "description": "${role_query-clients}", - "composite": false, - "clientRole": true, - "containerId": "e077db7e-2fc4-4f4c-9f33-0bacdbdbefde", - "attributes": {} - }, - { - "id": "74cd94db-a79b-4856-9d17-ffe0aad0741d", - "name": "view-identity-providers", - "description": "${role_view-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "e077db7e-2fc4-4f4c-9f33-0bacdbdbefde", - "attributes": {} - }, - { - "id": "f95ed11f-26e4-48a1-b7b8-4f568a949f47", - "name": "query-realms", - "description": "${role_query-realms}", - "composite": false, - "clientRole": true, - "containerId": "e077db7e-2fc4-4f4c-9f33-0bacdbdbefde", - "attributes": {} - } - ], - "admin-cli": [], - "account-console": [], - "broker": [ - { - "id": "c26dc901-a1f2-4305-a433-11e795840f1e", - "name": "read-token", - "description": "${role_read-token}", - "composite": false, - "clientRole": true, - "containerId": "0fa48e28-b8b5-4a0d-985b-c3ea66cc7e52", - "attributes": {} - } - ], - "master-realm": [ - { - "id": "f248192d-cd90-478d-83a2-b3686f82e764", - "name": "manage-authorization", - "description": "${role_manage-authorization}", - "composite": false, - "clientRole": true, - "containerId": "fe7c5726-2512-4111-b635-c65ef02fb467", - "attributes": {} - }, - { - "id": "9382ad42-fef2-4ded-83e7-acbd32192a1d", - "name": "view-users", - "description": "${role_view-users}", - "composite": true, - "composites": { - "client": { - "master-realm": [ - "query-users", - "query-groups" - ] - } - }, - "clientRole": true, - "containerId": "fe7c5726-2512-4111-b635-c65ef02fb467", - "attributes": {} - }, - { - "id": "1c7c15b3-9317-494e-a3d2-234fdbc7650c", - "name": "view-events", - "description": "${role_view-events}", - "composite": false, - "clientRole": true, - "containerId": "fe7c5726-2512-4111-b635-c65ef02fb467", - "attributes": {} - }, - { - "id": "97461c91-de3e-4f39-86da-a647b44f7c9c", - "name": "view-realm", - "description": "${role_view-realm}", - "composite": false, - "clientRole": true, - "containerId": "fe7c5726-2512-4111-b635-c65ef02fb467", - "attributes": {} - }, - { - "id": "3319d0c4-4de1-465e-89bd-ec07c1936eef", - "name": "manage-clients", - "description": "${role_manage-clients}", - "composite": false, - "clientRole": true, - "containerId": "fe7c5726-2512-4111-b635-c65ef02fb467", - "attributes": {} - }, - { - "id": "f3e9f5ed-4a77-48f9-9ba1-bb01d0c6b94e", - "name": "query-groups", - "description": "${role_query-groups}", - "composite": false, - "clientRole": true, - "containerId": "fe7c5726-2512-4111-b635-c65ef02fb467", - "attributes": {} - }, - { - "id": "b6059912-27e8-464a-ac36-3af61f5bd3ab", - "name": "manage-identity-providers", - "description": "${role_manage-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "fe7c5726-2512-4111-b635-c65ef02fb467", - "attributes": {} - }, - { - "id": "47ecc909-a856-4ec1-9290-72d32f794426", - "name": "query-clients", - "description": "${role_query-clients}", - "composite": false, - "clientRole": true, - "containerId": "fe7c5726-2512-4111-b635-c65ef02fb467", - "attributes": {} - }, - { - "id": "266694bf-9484-462d-be32-fcd101c2f861", - "name": "manage-realm", - "description": "${role_manage-realm}", - "composite": false, - "clientRole": true, - "containerId": "fe7c5726-2512-4111-b635-c65ef02fb467", - "attributes": {} - }, - { - "id": "5032cc35-0057-4bba-be33-96f516007f7b", - "name": "manage-events", - "description": "${role_manage-events}", - "composite": false, - "clientRole": true, - "containerId": "fe7c5726-2512-4111-b635-c65ef02fb467", - "attributes": {} - }, - { - "id": "45551864-dad4-4591-a9ff-3f628955210d", - "name": "view-clients", - "description": "${role_view-clients}", - "composite": true, - "composites": { - "client": { - "master-realm": [ - "query-clients" - ] - } - }, - "clientRole": true, - "containerId": "fe7c5726-2512-4111-b635-c65ef02fb467", - "attributes": {} - }, - { - "id": "94978aa9-c670-4e63-a09d-2a790cb7cfad", - "name": "manage-users", - "description": "${role_manage-users}", - "composite": false, - "clientRole": true, - "containerId": "fe7c5726-2512-4111-b635-c65ef02fb467", - "attributes": {} - }, - { - "id": "6ce9a0fa-3dec-4420-81e6-4fac722b8e3d", - "name": "query-realms", - "description": "${role_query-realms}", - "composite": false, - "clientRole": true, - "containerId": "fe7c5726-2512-4111-b635-c65ef02fb467", - "attributes": {} - }, - { - "id": "b10e5789-bfc9-4fe7-ab72-5acf435270a0", - "name": "view-authorization", - "description": "${role_view-authorization}", - "composite": false, - "clientRole": true, - "containerId": "fe7c5726-2512-4111-b635-c65ef02fb467", - "attributes": {} - }, - { - "id": "ab638d91-c7dd-4a50-b28a-501b16a6072a", - "name": "view-identity-providers", - "description": "${role_view-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "fe7c5726-2512-4111-b635-c65ef02fb467", - "attributes": {} - }, - { - "id": "3c1054fe-406d-4fb1-9568-9ea999b8a8aa", - "name": "create-client", - "description": "${role_create-client}", - "composite": false, - "clientRole": true, - "containerId": "fe7c5726-2512-4111-b635-c65ef02fb467", - "attributes": {} - }, - { - "id": "1b407854-c393-4237-b4be-4b55ab5e3ca2", - "name": "impersonation", - "description": "${role_impersonation}", - "composite": false, - "clientRole": true, - "containerId": "fe7c5726-2512-4111-b635-c65ef02fb467", - "attributes": {} - }, - { - "id": "98cad916-e21b-47ea-b127-edfee3f6a8f2", - "name": "query-users", - "description": "${role_query-users}", - "composite": false, - "clientRole": true, - "containerId": "fe7c5726-2512-4111-b635-c65ef02fb467", - "attributes": {} - } - ], - "account": [ - { - "id": "d1d80f82-64b1-4175-9db1-d7ee0583f9dd", - "name": "manage-account-links", - "description": "${role_manage-account-links}", - "composite": false, - "clientRole": true, - "containerId": "897f04a6-78d6-4480-8215-8eaadf073923", - "attributes": {} - }, - { - "id": "078aa398-6d02-456f-8cb6-c7bc8bf70205", - "name": "view-consent", - "description": "${role_view-consent}", - "composite": false, - "clientRole": true, - "containerId": "897f04a6-78d6-4480-8215-8eaadf073923", - "attributes": {} - }, - { - "id": "49896f1a-215e-4719-af69-b6062c311712", - "name": "delete-account", - "description": "${role_delete-account}", - "composite": false, - "clientRole": true, - "containerId": "897f04a6-78d6-4480-8215-8eaadf073923", - "attributes": {} - }, - { - "id": "3925e4f8-0d40-4079-b07f-d92373890ff3", - "name": "view-applications", - "description": "${role_view-applications}", - "composite": false, - "clientRole": true, - "containerId": "897f04a6-78d6-4480-8215-8eaadf073923", - "attributes": {} - }, - { - "id": "d8cb470c-ad2a-410f-8506-7641659bde68", - "name": "view-profile", - "description": "${role_view-profile}", - "composite": false, - "clientRole": true, - "containerId": "897f04a6-78d6-4480-8215-8eaadf073923", - "attributes": {} - }, - { - "id": "6abc6f5d-b190-47de-9e97-e70d03d05c2b", - "name": "manage-consent", - "description": "${role_manage-consent}", - "composite": true, - "composites": { - "client": { - "account": [ - "view-consent" - ] - } - }, - "clientRole": true, - "containerId": "897f04a6-78d6-4480-8215-8eaadf073923", - "attributes": {} - }, - { - "id": "27f6ca40-3467-4b3d-8e0c-c91cececcb7d", - "name": "manage-account", - "description": "${role_manage-account}", - "composite": true, - "composites": { - "client": { - "account": [ - "manage-account-links" - ] - } - }, - "clientRole": true, - "containerId": "897f04a6-78d6-4480-8215-8eaadf073923", - "attributes": {} - } - ] - } - }, - "groups": [], - "defaultRole": { - "id": "334cce89-9f6c-4333-a6bb-d6fe64bf6eec", - "name": "default-roles-master", - "description": "${role_default-roles}", - "composite": true, - "clientRole": false, - "containerId": "master" - }, - "requiredCredentials": [ - "password" - ], - "otpPolicyType": "totp", - "otpPolicyAlgorithm": "HmacSHA1", - "otpPolicyInitialCounter": 0, - "otpPolicyDigits": 6, - "otpPolicyLookAheadWindow": 1, - "otpPolicyPeriod": 30, - "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" - ], - "webAuthnPolicyRpEntityName": "keycloak", - "webAuthnPolicySignatureAlgorithms": [ - "ES256" - ], - "webAuthnPolicyRpId": "", - "webAuthnPolicyAttestationConveyancePreference": "not specified", - "webAuthnPolicyAuthenticatorAttachment": "not specified", - "webAuthnPolicyRequireResidentKey": "not specified", - "webAuthnPolicyUserVerificationRequirement": "not specified", - "webAuthnPolicyCreateTimeout": 0, - "webAuthnPolicyAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyAcceptableAaguids": [], - "webAuthnPolicyPasswordlessRpEntityName": "keycloak", - "webAuthnPolicyPasswordlessSignatureAlgorithms": [ - "ES256" - ], - "webAuthnPolicyPasswordlessRpId": "", - "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", - "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", - "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", - "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", - "webAuthnPolicyPasswordlessCreateTimeout": 0, - "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyPasswordlessAcceptableAaguids": [], - "users": [ - { - "id": "5b730a4c-3bc7-412a-b33d-3a39e9b5c21f", - "createdTimestamp": 1625559343134, - "username": "admin", - "enabled": true, - "totp": false, - "emailVerified": false, - "credentials": [ - { - "id": "c366d090-2567-4e10-bfbb-39c6ab2b71e9", - "type": "password", - "createdDate": 1625559343308, - "secretData": "{\"value\":\"jw36XEjWzPfsNwBdl/IUoMJ8Qlm17TqJDn7BEQfYZIAK5Sjd7J9xXIMERHncLN1hLov5pqNnBCvj0o4/Mgx00Q==\",\"salt\":\"VG1on8OjwGatFvjG2+T2lg==\",\"additionalParameters\":{}}", - "credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" - } - ], - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "admin", - "default-roles-master" - ], - "notBefore": 0, - "groups": [] - } - ], - "scopeMappings": [ - { - "clientScope": "offline_access", - "roles": [ - "offline_access" - ] - } - ], - "clientScopeMappings": { - "account": [ - { - "client": "account-console", - "roles": [ - "manage-account" - ] - } - ] - }, - "clients": [ - { - "id": "897f04a6-78d6-4480-8215-8eaadf073923", - "clientId": "account", - "name": "${client_account}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/master/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/realms/master/account/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] }, - { - "id": "d1f9c5c8-ef2e-4708-9c9d-056c1f81b56c", - "clientId": "account-console", - "name": "${client_account-console}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/master/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/realms/master/account/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "pkce.code.challenge.method": "S256" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "5057e1c8-a47b-4c10-abb4-221303e224df", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} + "clientRole" : false, + "containerId" : "vertx-it", + "attributes" : { } + } ], + "client" : { + "realm-management" : [ { + "id" : "b2b0a019-42d7-4870-befe-8d80d2b7be7d", + "name" : "manage-users", + "description" : "${role_manage-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "1b7ee6cc-ba13-4547-981e-816e2a96bff7", + "attributes" : { } + }, { + "id" : "5b289337-ee54-4bd8-b812-4a5e73de763d", + "name" : "query-groups", + "description" : "${role_query-groups}", + "composite" : false, + "clientRole" : true, + "containerId" : "1b7ee6cc-ba13-4547-981e-816e2a96bff7", + "attributes" : { } + }, { + "id" : "a08d8850-237c-46eb-981f-db3944dc5148", + "name" : "query-realms", + "description" : "${role_query-realms}", + "composite" : false, + "clientRole" : true, + "containerId" : "1b7ee6cc-ba13-4547-981e-816e2a96bff7", + "attributes" : { } + }, { + "id" : "7e12cef9-f153-4cea-8727-d19c638ce393", + "name" : "view-users", + "description" : "${role_view-users}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "query-groups", "query-users" ] } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "7e62382a-47b8-40dd-ad9a-2de27662f2cd", - "clientId": "admin-cli", - "name": "${client_admin-cli}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "0fa48e28-b8b5-4a0d-985b-c3ea66cc7e52", - "clientId": "broker", - "name": "${client_broker}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "fe7c5726-2512-4111-b635-c65ef02fb467", - "clientId": "master-realm", - "name": "master Realm", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "a2898146-5604-476d-97f5-700d63663723", - "clientId": "security-admin-console", - "name": "${client_security-admin-console}", - "rootUrl": "${authAdminUrl}", - "baseUrl": "/admin/master/console/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/admin/master/console/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "pkce.code.challenge.method": "S256" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "7e2ed4b4-b227-4a5c-805d-1653a6bb277f", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "e077db7e-2fc4-4f4c-9f33-0bacdbdbefde", - "clientId": "vertx-it-realm", - "name": "vertx-it Realm", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [], - "optionalClientScopes": [] - } - ], - "clientScopes": [ - { - "id": "2b8075da-0f7e-4090-93da-49caaa7ea939", - "name": "microprofile-jwt", - "description": "Microprofile - JWT built-in scope", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ - { - "id": "6dffd0fe-c985-4258-9c1d-6413a1e10181", - "name": "groups", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "multivalued": "true", - "user.attribute": "foo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "groups", - "jsonType.label": "String" - } - }, - { - "id": "c76c4294-0621-4985-83fe-a74595f2a41f", - "name": "upn", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "upn", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "1d2a543a-a294-4d09-8dc0-5154cd0bded2", - "name": "offline_access", - "description": "OpenID Connect built-in scope: offline_access", - "protocol": "openid-connect", - "attributes": { - "consent.screen.text": "${offlineAccessScopeConsentText}", - "display.on.consent.screen": "true" - } - }, - { - "id": "a2e0ed76-3d00-4b85-b97e-7e91f51ab8cd", - "name": "role_list", - "description": "SAML role list", - "protocol": "saml", - "attributes": { - "consent.screen.text": "${samlRoleListScopeConsentText}", - "display.on.consent.screen": "true" }, - "protocolMappers": [ - { - "id": "af10f5a9-6756-4386-b3b5-413fa30f57f5", - "name": "role list", - "protocol": "saml", - "protocolMapper": "saml-role-list-mapper", - "consentRequired": false, - "config": { - "single": "false", - "attribute.nameformat": "Basic", - "attribute.name": "Role" - } + "clientRole" : true, + "containerId" : "1b7ee6cc-ba13-4547-981e-816e2a96bff7", + "attributes" : { } + }, { + "id" : "2681a1f5-cd7c-4f8c-b1d4-1cc245212d25", + "name" : "manage-realm", + "description" : "${role_manage-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "1b7ee6cc-ba13-4547-981e-816e2a96bff7", + "attributes" : { } + }, { + "id" : "9158bd18-fcf2-4857-b5cc-7fecc1ef3a7b", + "name" : "view-events", + "description" : "${role_view-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "1b7ee6cc-ba13-4547-981e-816e2a96bff7", + "attributes" : { } + }, { + "id" : "8ff4a738-90b0-4479-a9f3-0bd63c3df60d", + "name" : "manage-clients", + "description" : "${role_manage-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "1b7ee6cc-ba13-4547-981e-816e2a96bff7", + "attributes" : { } + }, { + "id" : "fcf680ca-858c-4b46-82b6-a19cb7f32fc4", + "name" : "view-authorization", + "description" : "${role_view-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "1b7ee6cc-ba13-4547-981e-816e2a96bff7", + "attributes" : { } + }, { + "id" : "bb7e2754-1978-42e0-9743-24fc958e0782", + "name" : "manage-identity-providers", + "description" : "${role_manage-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "1b7ee6cc-ba13-4547-981e-816e2a96bff7", + "attributes" : { } + }, { + "id" : "bfe784ca-d235-4fbd-a3a3-fa9be00c252c", + "name" : "realm-admin", + "description" : "${role_realm-admin}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "manage-users", "query-groups", "query-realms", "view-users", "manage-realm", "view-events", "manage-clients", "view-authorization", "manage-identity-providers", "manage-events", "view-identity-providers", "create-client", "manage-authorization", "query-clients", "query-users", "impersonation", "view-realm", "view-clients" ] } - ] - }, - { - "id": "c5015782-c293-43f4-b383-96d237f3ac5a", - "name": "address", - "description": "OpenID Connect built-in scope: address", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${addressScopeConsentText}" }, - "protocolMappers": [ - { - "id": "f86f8c17-d46b-4bef-a01f-29a7363f1ea0", - "name": "address", - "protocol": "openid-connect", - "protocolMapper": "oidc-address-mapper", - "consentRequired": false, - "config": { - "user.attribute.formatted": "formatted", - "user.attribute.country": "country", - "user.attribute.postal_code": "postal_code", - "userinfo.token.claim": "true", - "user.attribute.street": "street", - "id.token.claim": "true", - "user.attribute.region": "region", - "access.token.claim": "true", - "user.attribute.locality": "locality" - } + "clientRole" : true, + "containerId" : "1b7ee6cc-ba13-4547-981e-816e2a96bff7", + "attributes" : { } + }, { + "id" : "91f0473b-ca79-4b02-9e6d-2e36ce0b2e55", + "name" : "manage-events", + "description" : "${role_manage-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "1b7ee6cc-ba13-4547-981e-816e2a96bff7", + "attributes" : { } + }, { + "id" : "a6aa08ad-dcbf-49d9-b8e6-5cb42903558b", + "name" : "view-identity-providers", + "description" : "${role_view-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "1b7ee6cc-ba13-4547-981e-816e2a96bff7", + "attributes" : { } + }, { + "id" : "9c93d761-8eb7-401d-99b0-98b20e5c6106", + "name" : "create-client", + "description" : "${role_create-client}", + "composite" : false, + "clientRole" : true, + "containerId" : "1b7ee6cc-ba13-4547-981e-816e2a96bff7", + "attributes" : { } + }, { + "id" : "a798135a-b3d3-42af-8580-35e5d2b6ade5", + "name" : "manage-authorization", + "description" : "${role_manage-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "1b7ee6cc-ba13-4547-981e-816e2a96bff7", + "attributes" : { } + }, { + "id" : "5cd207f5-422f-4a03-a8bf-95285614c6f2", + "name" : "query-clients", + "description" : "${role_query-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "1b7ee6cc-ba13-4547-981e-816e2a96bff7", + "attributes" : { } + }, { + "id" : "e54be0cb-6173-4091-8fe7-607f1768482a", + "name" : "impersonation", + "description" : "${role_impersonation}", + "composite" : false, + "clientRole" : true, + "containerId" : "1b7ee6cc-ba13-4547-981e-816e2a96bff7", + "attributes" : { } + }, { + "id" : "84a32b8c-bd8d-4a7b-b77c-f41d50d13e74", + "name" : "query-users", + "description" : "${role_query-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "1b7ee6cc-ba13-4547-981e-816e2a96bff7", + "attributes" : { } + }, { + "id" : "41a94652-63e5-48a9-822e-bf61bf7d16af", + "name" : "view-realm", + "description" : "${role_view-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "1b7ee6cc-ba13-4547-981e-816e2a96bff7", + "attributes" : { } + }, { + "id" : "13857718-ea83-4d1b-8bf3-b3a2f7c2039d", + "name" : "view-clients", + "description" : "${role_view-clients}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "query-clients" ] } - ] - }, - { - "id": "9ab18d3c-3ac2-47d3-94d4-059dee94191d", - "name": "roles", - "description": "OpenID Connect scope for add user roles to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "true", - "consent.screen.text": "${rolesScopeConsentText}" }, - "protocolMappers": [ - { - "id": "64c5b224-2716-4655-9f8d-67dbdce5c21d", - "name": "realm roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "realm_access.roles", - "jsonType.label": "String", - "multivalued": "true" - } - }, - { - "id": "488e4542-a365-44a5-ac2a-1b8e3ae87252", - "name": "client roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-client-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "resource_access.${client_id}.roles", - "jsonType.label": "String", - "multivalued": "true" - } - }, - { - "id": "c74fc4b9-dca9-4da9-8221-4b2f5456742e", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} + "clientRole" : true, + "containerId" : "1b7ee6cc-ba13-4547-981e-816e2a96bff7", + "attributes" : { } + } ], + "multiple-audience" : [ ], + "security-admin-console" : [ ], + "account-console" : [ ], + "broker" : [ { + "id" : "e84355d3-04a6-4f14-b1b4-8edff6cd2b5b", + "name" : "read-token", + "description" : "${role_read-token}", + "composite" : false, + "clientRole" : true, + "containerId" : "9866df35-9f4c-4e3a-887c-6795fa8dd85c", + "attributes" : { } + } ], + "borkend" : [ ], + "public" : [ ], + "admin-cli" : [ ], + "own-audience" : [ ], + "backend" : [ ], + "confidential-client-authenticator-signed-jwt" : [ ], + "account" : [ { + "id" : "d0dac19a-0d88-43b1-881f-91a5197ff5cd", + "name" : "manage-account", + "description" : "${role_manage-account}", + "composite" : true, + "composites" : { + "client" : { + "account" : [ "manage-account-links" ] } - ] - }, - { - "id": "30652e34-0bbd-4ca2-833a-7bac0c5d3fe8", - "name": "web-origins", - "description": "OpenID Connect scope for add allowed web origins to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "false", - "consent.screen.text": "" }, - "protocolMappers": [ - { - "id": "f4e6356a-2011-4fbf-bf3d-280ca7a7b131", - "name": "allowed web origins", - "protocol": "openid-connect", - "protocolMapper": "oidc-allowed-origins-mapper", - "consentRequired": false, - "config": {} + "clientRole" : true, + "containerId" : "4067ebe9-b992-4fa7-86ad-cdcc65fd42fa", + "attributes" : { } + }, { + "id" : "946b48e5-5675-45cd-9741-ce3568701a3d", + "name" : "manage-consent", + "description" : "${role_manage-consent}", + "composite" : true, + "composites" : { + "client" : { + "account" : [ "view-consent" ] } - ] - }, - { - "id": "6eae91da-c382-4de4-9946-c701ad69ee13", - "name": "email", - "description": "OpenID Connect built-in scope: email", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${emailScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "c916d673-0211-4343-ac35-4ad1150a3c26", - "name": "email verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "emailVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email_verified", - "jsonType.label": "boolean" - } - }, - { - "id": "d9888f6b-88ba-4951-b4a6-62d80e930a6e", - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "d50d94e5-7ddd-46c9-9f08-54e1c7e80ff4", - "name": "phone", - "description": "OpenID Connect built-in scope: phone", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${phoneScopeConsentText}" }, - "protocolMappers": [ - { - "id": "f628fa29-c82f-4eba-9e95-23ff22677aa1", - "name": "phone number verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumberVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number_verified", - "jsonType.label": "boolean" - } - }, - { - "id": "fd22a5f4-2d50-4be4-aaf1-ad3e88d1f309", - "name": "phone number", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumber", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "6469b570-cdcd-4273-9875-3c8dd8e46149", - "name": "profile", - "description": "OpenID Connect built-in scope: profile", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${profileScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "d63964ba-fdbc-4df0-b21e-a1f24e371f65", - "name": "nickname", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "nickname", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "nickname", - "jsonType.label": "String" - } - }, - { - "id": "3076fbea-1eab-41e8-b961-1005f4e0ca65", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - }, - { - "id": "dd6d250f-c554-461a-8811-14de968add05", - "name": "full name", - "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "id": "f3257035-343b-446e-9928-5328a39157b9", - "name": "profile", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "profile", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "profile", - "jsonType.label": "String" - } - }, - { - "id": "9f0717be-0ead-41a5-b565-0d3ac68ef932", - "name": "birthdate", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "birthdate", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "birthdate", - "jsonType.label": "String" - } - }, - { - "id": "5796d7f6-e90b-4bab-b8c0-9e3bd0c5bcca", - "name": "username", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" - } - }, - { - "id": "43e91683-9676-41d0-9243-ed6db077004c", - "name": "gender", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "gender", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "gender", - "jsonType.label": "String" - } - }, - { - "id": "228103f8-880e-4636-87c7-c52396635838", - "name": "website", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "website", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "website", - "jsonType.label": "String" - } - }, - { - "id": "16be6de1-0f35-43d0-b775-ee522ec169c2", - "name": "middle name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "middleName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "middle_name", - "jsonType.label": "String" - } - }, - { - "id": "fcdebd15-a5b9-440b-be3d-bdc4f5ca077e", - "name": "family name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "lastName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" - } - }, - { - "id": "9f8491b6-7056-416b-8018-c5c7ee2cf713", - "name": "zoneinfo", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "zoneinfo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "zoneinfo", - "jsonType.label": "String" - } - }, - { - "id": "81d19232-0fb0-4678-837f-5ecf84c7cd7d", - "name": "updated at", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "updatedAt", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "updated_at", - "jsonType.label": "String" - } - }, - { - "id": "16e9daa1-149e-4112-bd4d-c3aad778a4eb", - "name": "given name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "firstName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" - } - }, - { - "id": "1ab21ec6-8be1-4f0e-b472-6e61c520c908", - "name": "picture", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "picture", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "picture", - "jsonType.label": "String" - } - } - ] + "clientRole" : true, + "containerId" : "4067ebe9-b992-4fa7-86ad-cdcc65fd42fa", + "attributes" : { } + }, { + "id" : "64b38e2c-6aa4-4d0e-af2f-381e455a9059", + "name" : "view-applications", + "description" : "${role_view-applications}", + "composite" : false, + "clientRole" : true, + "containerId" : "4067ebe9-b992-4fa7-86ad-cdcc65fd42fa", + "attributes" : { } + }, { + "id" : "183a00ef-93e0-49b2-af8f-9ec2d586fcec", + "name" : "view-consent", + "description" : "${role_view-consent}", + "composite" : false, + "clientRole" : true, + "containerId" : "4067ebe9-b992-4fa7-86ad-cdcc65fd42fa", + "attributes" : { } + }, { + "id" : "56269f9a-6ce8-4de6-ad62-38949492591b", + "name" : "delete-account", + "description" : "${role_delete-account}", + "composite" : false, + "clientRole" : true, + "containerId" : "4067ebe9-b992-4fa7-86ad-cdcc65fd42fa", + "attributes" : { } + }, { + "id" : "5a148095-47f1-4dd5-be2f-bfb764d19a55", + "name" : "manage-account-links", + "description" : "${role_manage-account-links}", + "composite" : false, + "clientRole" : true, + "containerId" : "4067ebe9-b992-4fa7-86ad-cdcc65fd42fa", + "attributes" : { } + }, { + "id" : "a3a0b944-412d-4edd-9489-2a117624d25d", + "name" : "view-profile", + "description" : "${role_view-profile}", + "composite" : false, + "clientRole" : true, + "containerId" : "4067ebe9-b992-4fa7-86ad-cdcc65fd42fa", + "attributes" : { } + } ], + "frontend" : [ ], + "confidential" : [ ] + } + }, + "groups" : [ { + "id" : "884354eb-31a5-4289-bf73-825ea21a24a8", + "name" : "post-sales", + "path" : "/post-sales", + "attributes" : { }, + "realmRoles" : [ ], + "clientRoles" : { }, + "subGroups" : [ ] + }, { + "id" : "67c90f84-f4af-4731-a724-4ab111f91324", + "name" : "pre-sales", + "path" : "/pre-sales", + "attributes" : { }, + "realmRoles" : [ ], + "clientRoles" : { }, + "subGroups" : [ ] + }, { + "id" : "e5c3cd8b-0d9a-4dc7-a64d-7ae8d83d0daa", + "name" : "team", + "path" : "/team", + "attributes" : { }, + "realmRoles" : [ ], + "clientRoles" : { }, + "subGroups" : [ ] + } ], + "defaultRole" : { + "id" : "08e4592d-5790-46d9-9a78-b96c95a4d02d", + "name" : "default-roles-vertx-it", + "description" : "${role_default-roles}", + "composite" : true, + "clientRole" : false, + "containerId" : "vertx-it" + }, + "requiredCredentials" : [ "password" ], + "otpPolicyType" : "totp", + "otpPolicyAlgorithm" : "HmacSHA1", + "otpPolicyInitialCounter" : 0, + "otpPolicyDigits" : 6, + "otpPolicyLookAheadWindow" : 1, + "otpPolicyPeriod" : 30, + "otpSupportedApplications" : [ "FreeOTP", "Google Authenticator" ], + "webAuthnPolicyRpEntityName" : "keycloak", + "webAuthnPolicySignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyRpId" : "", + "webAuthnPolicyAttestationConveyancePreference" : "not specified", + "webAuthnPolicyAuthenticatorAttachment" : "not specified", + "webAuthnPolicyRequireResidentKey" : "not specified", + "webAuthnPolicyUserVerificationRequirement" : "not specified", + "webAuthnPolicyCreateTimeout" : 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyAcceptableAaguids" : [ ], + "webAuthnPolicyPasswordlessRpEntityName" : "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyPasswordlessRpId" : "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified", + "webAuthnPolicyPasswordlessCreateTimeout" : 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ], + "users" : [ { + "id" : "d6ed0ba2-01b9-4082-b8b5-6b6aba569ae3", + "createdTimestamp" : 1625559396384, + "username" : "alice", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "credentials" : [ { + "id" : "21087aee-12c1-4e99-a99a-85d141ef5ce5", + "type" : "password", + "createdDate" : 1625559406285, + "secretData" : "{\"value\":\"LhB+2p+cB7k7xCx0j1rI5DY9tWxq80yLeaFbmLPyypTQJ72Fom6erZd0kyITQQOtD5NnDS2fIXTxHrS/TZsCOA==\",\"salt\":\"MsvI3h/HJ3g6aso00ulw/A==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-vertx-it" ], + "notBefore" : 0, + "groups" : [ "/pre-sales", "/team" ] + }, { + "id" : "32036cab-75fb-4491-a7b3-e4b39c0d2cc5", + "createdTimestamp" : 1625559415723, + "username" : "bob", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "credentials" : [ { + "id" : "b17e3df0-6f8f-4b46-bb44-b21bd44b0868", + "type" : "password", + "createdDate" : 1625561296783, + "secretData" : "{\"value\":\"c8JUkF1OjRY5sASxF6td+HKecx0oTX5Qf6bbungjWxv5I2r2uPq7jSwmBli0z3/BqVtzsCV7mMUuyez+zkz4hA==\",\"salt\":\"h3dczr6gHg7tChOSXICMlg==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-vertx-it" ], + "notBefore" : 0, + "groups" : [ "/post-sales", "/team" ] + } ], + "scopeMappings" : [ { + "clientScope" : "offline_access", + "roles" : [ "offline_access" ] + } ], + "clientScopeMappings" : { + "account" : [ { + "client" : "account-console", + "roles" : [ "manage-account" ] + } ] + }, + "clients" : [ { + "id" : "4067ebe9-b992-4fa7-86ad-cdcc65fd42fa", + "clientId" : "account", + "name" : "${client_account}", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/vertx-it/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/realms/vertx-it/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "64749d6c-24eb-46ff-9231-541777954315", + "clientId" : "account-console", + "name" : "${client_account-console}", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/vertx-it/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/realms/vertx-it/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "pkce.code.challenge.method" : "S256" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "51a3ae0b-dbce-463f-9f9b-7425b422d6b9", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { } + } ], + "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "d59a2b46-33a8-4712-b6f9-05a8130316c2", + "clientId" : "admin-cli", + "name" : "${client_admin-cli}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : false, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "7d294d0b-13ee-4a73-bd98-0f90d72845e1", + "clientId" : "backend", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "http://*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : true, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "id.token.as.detached.signature" : "false", + "saml.assertion.signature" : "false", + "saml.force.post.binding" : "false", + "saml.multivalued.roles" : "false", + "saml.encrypt" : "false", + "oauth2.device.authorization.grant.enabled" : "false", + "backchannel.logout.revoke.offline.tokens" : "false", + "saml.server.signature" : "false", + "saml.server.signature.keyinfo.ext" : "false", + "use.refresh.tokens" : "true", + "exclude.session.state.from.auth.response" : "false", + "oidc.ciba.grant.enabled" : "false", + "saml.artifact.binding" : "false", + "backchannel.logout.session.required" : "true", + "client_credentials.use_refresh_token" : "false", + "saml_force_name_id_format" : "false", + "saml.client.signature" : "false", + "tls.client.certificate.bound.access.tokens" : "false", + "saml.authnstatement" : "false", + "display.on.consent.screen" : "false", + "saml.onetimeuse.condition" : "false" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : -1, + "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "5c964175-4608-4227-ac1f-5613a8b2618e", + "clientId" : "borkend", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : true, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "id.token.as.detached.signature" : "false", + "saml.assertion.signature" : "false", + "saml.force.post.binding" : "false", + "saml.multivalued.roles" : "false", + "saml.encrypt" : "false", + "oauth2.device.authorization.grant.enabled" : "false", + "backchannel.logout.revoke.offline.tokens" : "false", + "saml.server.signature" : "false", + "saml.server.signature.keyinfo.ext" : "false", + "use.refresh.tokens" : "true", + "exclude.session.state.from.auth.response" : "false", + "oidc.ciba.grant.enabled" : "false", + "saml.artifact.binding" : "false", + "backchannel.logout.session.required" : "true", + "client_credentials.use_refresh_token" : "false", + "saml_force_name_id_format" : "false", + "saml.client.signature" : "false", + "tls.client.certificate.bound.access.tokens" : "false", + "saml.authnstatement" : "false", + "display.on.consent.screen" : "false", + "saml.onetimeuse.condition" : "false" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : -1, + "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "9866df35-9f4c-4e3a-887c-6795fa8dd85c", + "clientId" : "broker", + "name" : "${client_broker}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : true, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "4b92583b-7035-46ff-8a1e-2fce1358e346", + "clientId" : "confidential", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "51321e70-b1f3-45bf-aec2-d6bfbb9327e3", + "redirectUris" : [ "http://*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "id.token.as.detached.signature" : "false", + "saml.assertion.signature" : "false", + "saml.force.post.binding" : "false", + "saml.multivalued.roles" : "false", + "saml.encrypt" : "false", + "oauth2.device.authorization.grant.enabled" : "false", + "backchannel.logout.revoke.offline.tokens" : "false", + "saml.server.signature" : "false", + "saml.server.signature.keyinfo.ext" : "false", + "use.refresh.tokens" : "true", + "exclude.session.state.from.auth.response" : "false", + "oidc.ciba.grant.enabled" : "false", + "saml.artifact.binding" : "false", + "backchannel.logout.session.required" : "true", + "client_credentials.use_refresh_token" : "false", + "saml_force_name_id_format" : "false", + "saml.client.signature" : "false", + "tls.client.certificate.bound.access.tokens" : "false", + "saml.authnstatement" : "false", + "display.on.consent.screen" : "false", + "saml.onetimeuse.condition" : "false" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : -1, + "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "23c6c984-ac09-4d32-9b64-54a8a9534da4", + "clientId" : "confidential-client-authenticator-signed-jwt", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret-jwt", + "secret" : "4120c155-7cd0-4c62-9dff-cfd36a1244f6", + "redirectUris" : [ "http://*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "id.token.as.detached.signature" : "false", + "saml.assertion.signature" : "false", + "saml.force.post.binding" : "false", + "saml.multivalued.roles" : "false", + "saml.encrypt" : "false", + "token.endpoint.auth.signing.alg" : "HS256", + "oauth2.device.authorization.grant.enabled" : "false", + "backchannel.logout.revoke.offline.tokens" : "false", + "saml.server.signature" : "false", + "saml.server.signature.keyinfo.ext" : "false", + "use.refresh.tokens" : "true", + "exclude.session.state.from.auth.response" : "false", + "oidc.ciba.grant.enabled" : "false", + "saml.artifact.binding" : "false", + "backchannel.logout.session.required" : "true", + "client_credentials.use_refresh_token" : "false", + "saml_force_name_id_format" : "false", + "saml.client.signature" : "false", + "tls.client.certificate.bound.access.tokens" : "false", + "saml.authnstatement" : "false", + "display.on.consent.screen" : "false", + "saml.onetimeuse.condition" : "false" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : -1, + "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "2a601ec8-f451-452a-9d60-a92f9d8da3c3", + "clientId" : "frontend", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "http://*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "id.token.as.detached.signature" : "false", + "saml.assertion.signature" : "false", + "saml.force.post.binding" : "false", + "saml.multivalued.roles" : "false", + "saml.encrypt" : "false", + "oauth2.device.authorization.grant.enabled" : "false", + "backchannel.logout.revoke.offline.tokens" : "false", + "saml.server.signature" : "false", + "saml.server.signature.keyinfo.ext" : "false", + "use.refresh.tokens" : "true", + "exclude.session.state.from.auth.response" : "false", + "oidc.ciba.grant.enabled" : "false", + "saml.artifact.binding" : "false", + "backchannel.logout.session.required" : "true", + "client_credentials.use_refresh_token" : "false", + "saml_force_name_id_format" : "false", + "saml.client.signature" : "false", + "tls.client.certificate.bound.access.tokens" : "false", + "saml.authnstatement" : "false", + "display.on.consent.screen" : "false", + "saml.onetimeuse.condition" : "false" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : -1, + "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "backend", "microprofile-jwt" ] + }, { + "id" : "f4134143-5eb7-4c36-a168-df9f044bd042", + "clientId" : "multiple-audience", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "http://*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "id.token.as.detached.signature" : "false", + "saml.assertion.signature" : "false", + "saml.force.post.binding" : "false", + "saml.multivalued.roles" : "false", + "saml.encrypt" : "false", + "oauth2.device.authorization.grant.enabled" : "false", + "backchannel.logout.revoke.offline.tokens" : "false", + "saml.server.signature" : "false", + "saml.server.signature.keyinfo.ext" : "false", + "use.refresh.tokens" : "true", + "exclude.session.state.from.auth.response" : "false", + "oidc.ciba.grant.enabled" : "false", + "saml.artifact.binding" : "false", + "backchannel.logout.session.required" : "true", + "client_credentials.use_refresh_token" : "false", + "saml_force_name_id_format" : "false", + "saml.client.signature" : "false", + "tls.client.certificate.bound.access.tokens" : "false", + "saml.authnstatement" : "false", + "display.on.consent.screen" : "false", + "saml.onetimeuse.condition" : "false" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : -1, + "protocolMappers" : [ { + "id" : "a690f45d-7b9d-4fe0-8e05-bd432f3702aa", + "name" : "audience", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-mapper", + "consentRequired" : false, + "config" : { + "included.client.audience" : "multiple-audience", + "id.token.claim" : "false", + "access.token.claim" : "true", + "userinfo.token.claim" : "false" } - ], - "defaultDefaultClientScopes": [ - "role_list", - "profile", - "email", - "roles", - "web-origins" - ], - "defaultOptionalClientScopes": [ - "offline_access", - "address", - "phone", - "microprofile-jwt" - ], - "browserSecurityHeaders": { - "contentSecurityPolicyReportOnly": "", - "xContentTypeOptions": "nosniff", - "xRobotsTag": "none", - "xFrameOptions": "SAMEORIGIN", - "xXSSProtection": "1; mode=block", - "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - "strictTransportSecurity": "max-age=31536000; includeSubDomains" + } ], + "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "755c4441-6ee1-4576-b8c9-93dd4faaa0dd", + "clientId" : "own-audience", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "http://*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "id.token.as.detached.signature" : "false", + "saml.assertion.signature" : "false", + "saml.force.post.binding" : "false", + "saml.multivalued.roles" : "false", + "saml.encrypt" : "false", + "oauth2.device.authorization.grant.enabled" : "false", + "backchannel.logout.revoke.offline.tokens" : "false", + "saml.server.signature" : "false", + "saml.server.signature.keyinfo.ext" : "false", + "use.refresh.tokens" : "true", + "exclude.session.state.from.auth.response" : "false", + "oidc.ciba.grant.enabled" : "false", + "saml.artifact.binding" : "false", + "backchannel.logout.session.required" : "true", + "client_credentials.use_refresh_token" : "false", + "saml_force_name_id_format" : "false", + "saml.client.signature" : "false", + "tls.client.certificate.bound.access.tokens" : "false", + "saml.authnstatement" : "false", + "display.on.consent.screen" : "false", + "saml.onetimeuse.condition" : "false" }, - "smtpServer": {}, - "eventsEnabled": false, - "eventsListeners": [ - "jboss-logging" - ], - "enabledEventTypes": [], - "adminEventsEnabled": false, - "adminEventsDetailsEnabled": false, - "identityProviders": [], - "identityProviderMappers": [], - "components": { - "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ - { - "id": "e9bc1cdd-310e-4730-b293-2de9299ff2b6", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "oidc-address-mapper", - "oidc-sha256-pairwise-sub-mapper", - "saml-role-list-mapper", - "saml-user-property-mapper", - "oidc-usermodel-property-mapper", - "oidc-usermodel-attribute-mapper", - "oidc-full-name-mapper", - "saml-user-attribute-mapper" - ] - } - }, - { - "id": "2e47b521-f92e-4235-91b3-06f23ec3260f", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "oidc-address-mapper", - "oidc-full-name-mapper", - "saml-user-attribute-mapper", - "saml-role-list-mapper", - "oidc-sha256-pairwise-sub-mapper", - "oidc-usermodel-attribute-mapper", - "saml-user-property-mapper", - "oidc-usermodel-property-mapper" - ] - } - }, - { - "id": "2db7e875-d6ea-445c-a75e-1e8dbc0db0ee", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, - { - "id": "e9b5afb8-0f22-4392-96ae-551adbaa011f", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "9ed4ca1d-830d-42ee-b34d-d5f72224ea8c", - "name": "Trusted Hosts", - "providerId": "trusted-hosts", - "subType": "anonymous", - "subComponents": {}, - "config": { - "host-sending-registration-request-must-match": [ - "true" - ], - "client-uris-must-match": [ - "true" - ] - } - }, - { - "id": "45703a7e-6d17-4950-9ab5-e548ae2f221f", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, - { - "id": "d0b1fb89-580a-4802-ba5a-755b89fc1c32", - "name": "Max Clients Limit", - "providerId": "max-clients", - "subType": "anonymous", - "subComponents": {}, - "config": { - "max-clients": [ - "200" - ] - } - }, - { - "id": "dec3809b-a6f2-40a4-a07e-307817e9d477", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} - } - ], - "org.keycloak.keys.KeyProvider": [ - { - "id": "077d3955-e2b6-4a07-8a0b-34489255b0e4", - "name": "aes-generated", - "providerId": "aes-generated", - "subComponents": {}, - "config": { - "kid": [ - "467f28f0-4bee-4c03-bc5b-e441ca5b0f86" - ], - "secret": [ - "weH88FVT3gBQ0d6j4JmOfQ" - ], - "priority": [ - "100" - ] - } - }, - { - "id": "81d5da63-9d47-4bd1-ba89-2a15824d5818", - "name": "rsa-generated", - "providerId": "rsa-generated", - "subComponents": {}, - "config": { - "privateKey": [ - "MIIEpAIBAAKCAQEAoLwWjRkmC+GoIs5cuI7/IwdQjfIr73ldF7DX1kSONgxEpJ1q+TPL0xYniU9pdhZNJ66qTCJ4g2YCYJTTmmjpS6trzgUDoP24iAoMswIWKOPOXuHmCC9XG1pS1vViIguk2ebjBPBrhLX1dw014E0nL7yNPQ5+zlQE9Qs7sxcBpkKwelESRZ+hkLiZVuvKcIuGmTFPdcB75c2HFlpMvwi/rV4RZEUi2EqsX0IYexO86elR6/bjCnCz9FKuOxjwejbG9v9Gn+VPLnEbnR/yPbUH3WwqLFgW3ntpp4Di4SwYoBHEu9OTyUEJ40DDI6MJTKMNMpn7MLWJx9vsgkiLAXn7JQIDAQABAoIBAHr98bOeHsLQtTuM9N40bX58RmOXf48LKvTJ2R6X7snksVHVMtnljH3FYhNrtKMrhXZr7Nu9NMI2+HK27wQkav//98n5hEFYZC+UoQsI+bPoPS3VZZO1xc2kW+codSLgDhC+39ATt/Ig2edzMFqmLuoUOW8S/G0dVX28Tr5HSHfTL1ispt1KMHAh99cg3dayTMtaMQ6VdXVm5hzHNsmIzWcVe5rnqPf2Uo3/HbrHWcmup1YGQvZwz7LjvMXv4OA2QJrTQuufsqKUfvunjf+o2c2/I/pbkBPrFwDJXHrXr2joY72xre7xbXb86dU3ZOdwN5jXtrmJaKv37I9cOwrGGzECgYEA5Io7IemCj32SzQiAEUmwpX0Z1YmE22anky6ptv+31DKa48xeaNG/AXahQxCyOLX3VwDe35R9nJ6q9m6MDAzqVXO5mamU1EhHidbJenz4y3ePVBCc0XDrQWJeBILPouNqzujo7kw/LquT36e3Zs0LXykHfPn/YGa+Cy2YOEx1mucCgYEAtAw0FJ1zZUsGEPOHnIaaAk2yLDjvtPFFdm2yUqUUPQPyWp3TopC/rw1f+4d5KMy43IfTgDh85E7Bl109ciNiXq4x3BigVFXXZKWSZAgWTJPNRJILd3/XxjIP/pbxY3/NjMZpnf28Q66LvlR76JWUIbqssYrHOJr2WGFn9t1xJBMCgYEAh635RTzYok+u48L0JU9WbClFOR0Xnxnmyt6dK2PNw1D3293s/tXnS/sd6i7zX+/IFAMUTjBeEqmwXfVrd4wDYw/9VFj1XsI6ln7JxsqC+mjU0te6Ai3DvWGk55CxrMbPFl/4SeFCcXazp8hufb2lzq0RIQVas+TLVt+Oy325JGkCgYA3tjr7UgkeA8v5vNFunrvTEKWcR3Xs4GdlEOaH6irMAoeggIu3FuEpUpMrqqzT8h0VqDXKzC/hGXmP07sqsUZEE9S7zSb3UaSXsSAOMe5sfaObnzFLJdTnsCAA4EYLSsWY1OBjkdsKel0lZND+lCJFGZVMTqv8mP63NFTOL5FN3wKBgQCTUzO5R4HqEEqRYs6FDfbWpzFvCmyOXdzefw5i+KXTZ0CCL53ChyBTS5HbGwHxCSwilWGEUKgBjk5/jyugAjGQjnzxI4d/Otxzo5eZ2rt1+9T6VBy1VvrdZL2YzmFzEMOwR2Pab2jrSpD/8YCXVpqnXJSbF1oBPZp7m9iSSf/YRw==" - ], - "certificate": [ - "MIICmzCCAYMCBgF6euLYfDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZtYXN0ZXIwHhcNMjEwNzA2MDgxMzQ0WhcNMzEwNzA2MDgxNTI0WjARMQ8wDQYDVQQDDAZtYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgvBaNGSYL4agizly4jv8jB1CN8ivveV0XsNfWRI42DESknWr5M8vTFieJT2l2Fk0nrqpMIniDZgJglNOaaOlLq2vOBQOg/biICgyzAhYo485e4eYIL1cbWlLW9WIiC6TZ5uME8GuEtfV3DTXgTScvvI09Dn7OVAT1CzuzFwGmQrB6URJFn6GQuJlW68pwi4aZMU91wHvlzYcWWky/CL+tXhFkRSLYSqxfQhh7E7zp6VHr9uMKcLP0Uq47GPB6Nsb2/0af5U8ucRudH/I9tQfdbCosWBbee2mngOLhLBigEcS705PJQQnjQMMjowlMow0ymfswtYnH2+yCSIsBefslAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAJfK20TlJErDpYsSLnDcejEC15Zp6ilhZjXY3fZaVwlESEnX0Ok7hUqjTYIj8I/5WPcqWtwJf0mZ3wt1TYxLRB6Yom4dUl/nv/8iRxnHyudm+wVaby/MEQGFelUnkVPzJk9NKsoRjan9CGkHtYN1ESEQAtRyPJvWW4s0ExEsCjUNP3+gWr+AQnWvPBCssmqfZGDvgcjNaC2jOAcdqHSJWyTj1T+WYpOL8kbVHs8iHy+UGGoetA0lcLKR68oit7TcRumrBtOIkj2FjAolchoKxmS7Qg3oxf5/Ls7SBlJ9HIbH03+x3Z6P1PzPYzbqrbazFkSwPrh5Gxx6A5vB7nTBvrk=" - ], - "priority": [ - "100" - ] - } - }, - { - "id": "394d317f-72f5-443e-934d-886b1b77bfaa", - "name": "hmac-generated", - "providerId": "hmac-generated", - "subComponents": {}, - "config": { - "kid": [ - "c600ee70-9356-4390-9ea7-d006cfdfd0a5" - ], - "secret": [ - "wkFKw4IQqFoHd8XvxKIxBPuCBczrEDqRAU_brZ689fiXY_sFV8vthfS3HHj_NkdRCnjfYpf9HoovZj7khnHmNg" - ], - "priority": [ - "100" - ], - "algorithm": [ - "HS256" - ] - } - } - ] + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : -1, + "protocolMappers" : [ { + "id" : "639317ee-a2dd-48a6-925e-d21fe259b00d", + "name" : "audience", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-mapper", + "consentRequired" : false, + "config" : { + "included.client.audience" : "own-audience", + "id.token.claim" : "false", + "access.token.claim" : "true", + "userinfo.token.claim" : "false" + } + } ], + "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "a0bdd909-406d-4ee2-8294-0ba760dd2a84", + "clientId" : "public", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "http://*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "id.token.as.detached.signature" : "false", + "saml.assertion.signature" : "false", + "saml.force.post.binding" : "false", + "saml.multivalued.roles" : "false", + "saml.encrypt" : "false", + "oauth2.device.authorization.grant.enabled" : "false", + "backchannel.logout.revoke.offline.tokens" : "false", + "saml.server.signature" : "false", + "saml.server.signature.keyinfo.ext" : "false", + "use.refresh.tokens" : "true", + "exclude.session.state.from.auth.response" : "false", + "oidc.ciba.grant.enabled" : "false", + "saml.artifact.binding" : "false", + "backchannel.logout.session.required" : "true", + "client_credentials.use_refresh_token" : "false", + "saml_force_name_id_format" : "false", + "saml.client.signature" : "false", + "tls.client.certificate.bound.access.tokens" : "false", + "saml.authnstatement" : "false", + "display.on.consent.screen" : "false", + "saml.onetimeuse.condition" : "false" }, - "internationalizationEnabled": false, - "supportedLocales": [], - "authenticationFlows": [ - { - "id": "a538f93d-e534-4a47-8a4b-c0c8a37a9733", - "alias": "Account verification options", - "description": "Method with which to verity the existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-email-verification", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "ce318672-5bf1-426d-ac37-5075304e4fae", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "d7225fc4-6e91-4ff0-bef2-8d679f1158ab", - "alias": "Browser - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "1eda3ca7-15ad-4f14-aeba-fdae71eb734b", - "alias": "Direct Grant - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "direct-grant-validate-otp", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "a863d8c8-6f7a-44a2-a8d9-a8e2fd9fa033", - "alias": "First broker login - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "890e1fe5-b787-465e-ac35-e57c13925ef1", - "alias": "Handle Existing Account", - "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-confirm-link", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "a28c6bdd-7e13-4bef-a37a-6b943514915a", - "alias": "Reset - Conditional OTP", - "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-otp", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "c6375ae2-c9e9-4dd6-a488-8e120ab7bfba", - "alias": "User creation or linking", - "description": "Flow for the existing/non-existing user alternatives", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "create unique user config", - "authenticator": "idp-create-user-if-unique", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "5b3748f4-2318-4976-bc21-7d8787adf1f3", - "alias": "Verify Existing Account by Re-authentication", - "description": "Reauthentication of existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "d9e9c449-8442-4168-8ef0-7758fc2bec51", - "alias": "browser", - "description": "browser based authentication", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-cookie", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "identity-provider-redirector", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 30, - "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "097b05a7-a6c1-40eb-9902-2af95998c682", - "alias": "clients", - "description": "Base authentication for clients", - "providerId": "client-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "client-secret", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-jwt", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-secret-jwt", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-x509", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "47d6ea78-63f7-4c0a-aaac-71dd8d105b65", - "alias": "direct grant", - "description": "OpenID Connect Resource Owner Grant", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "direct-grant-validate-username", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "direct-grant-validate-password", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 30, - "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "48b59124-a454-4308-a6d7-f9aeaa923d0e", - "alias": "docker auth", - "description": "Used by Docker clients to authenticate against the IDP", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "docker-http-basic-authenticator", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "93bc4bf2-c128-4f6c-a2d7-5d53e606e48a", - "alias": "first broker login", - "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "review profile config", - "authenticator": "idp-review-profile", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "3cf8bde2-e45b-46e0-a5e3-3bda5049d0af", - "alias": "forms", - "description": "Username, password, otp and other auth forms.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "cbeef923-636d-4c22-83ec-c8ca53882cc1", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "7cb5699e-6d2d-408d-b664-041fcd3b9706", - "alias": "registration", - "description": "registration flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-page-form", - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 10, - "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "6b87a744-5aaf-4cf6-bd83-9b44fab21d17", - "alias": "registration form", - "description": "registration form", - "providerId": "form-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-user-creation", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-profile-action", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-password-action", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-recaptcha-action", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "2ebbb064-4d9c-403a-a885-9fc1843f39a5", - "alias": "reset credentials", - "description": "Reset credentials for a user if they forgot their password or something", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "reset-credentials-choose-user", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-credential-email", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-password", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 40, - "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "133c4acc-e34a-4b7e-8891-d221731aaf9c", - "alias": "saml ecp", - "description": "SAML ECP Profile Authentication Flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "http-basic-authenticator", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : -1, + "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "1b7ee6cc-ba13-4547-981e-816e2a96bff7", + "clientId" : "realm-management", + "name" : "${client_realm-management}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : true, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "095103db-778f-4e7b-8ec5-3a949d321add", + "clientId" : "security-admin-console", + "name" : "${client_security-admin-console}", + "rootUrl" : "${authAdminUrl}", + "baseUrl" : "/admin/vertx-it/console/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/admin/vertx-it/console/*" ], + "webOrigins" : [ "+" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "pkce.code.challenge.method" : "S256" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "9a5d349f-cea0-49d2-acc6-67609b3b8417", + "name" : "locale", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "locale", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "locale", + "jsonType.label" : "String", + "userinfo.token.claim" : "true" } - ], - "authenticatorConfig": [ - { - "id": "df99a308-682e-402c-83f4-2549faf80e89", - "alias": "create unique user config", - "config": { - "require.password.update.after.registration": "false" - } - }, - { - "id": "7ffde712-5359-4bc1-841c-5190467e6073", - "alias": "review profile config", - "config": { - "update.profile.on.first.login": "missing" - } + } ], + "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + } ], + "clientScopes" : [ { + "id" : "03e41853-66e8-4196-b335-f8c8d578c5c8", + "name" : "offline_access", + "description" : "OpenID Connect built-in scope: offline_access", + "protocol" : "openid-connect", + "attributes" : { + "consent.screen.text" : "${offlineAccessScopeConsentText}", + "display.on.consent.screen" : "true" + } + }, { + "id" : "e635c6b6-fdad-4f5c-a8cd-a98db74c2f50", + "name" : "profile", + "description" : "OpenID Connect built-in scope: profile", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "consent.screen.text" : "${profileScopeConsentText}", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "59992d47-c906-481f-88f1-109192df1059", + "name" : "given name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "firstName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "given_name", + "jsonType.label" : "String", + "userinfo.token.claim" : "true" } - ], - "requiredActions": [ - { - "alias": "CONFIGURE_TOTP", - "name": "Configure OTP", - "providerId": "CONFIGURE_TOTP", - "enabled": true, - "defaultAction": false, - "priority": 10, - "config": {} - }, - { - "alias": "terms_and_conditions", - "name": "Terms and Conditions", - "providerId": "terms_and_conditions", - "enabled": false, - "defaultAction": false, - "priority": 20, - "config": {} - }, - { - "alias": "UPDATE_PASSWORD", - "name": "Update Password", - "providerId": "UPDATE_PASSWORD", - "enabled": true, - "defaultAction": false, - "priority": 30, - "config": {} - }, - { - "alias": "UPDATE_PROFILE", - "name": "Update Profile", - "providerId": "UPDATE_PROFILE", - "enabled": true, - "defaultAction": false, - "priority": 40, - "config": {} - }, - { - "alias": "VERIFY_EMAIL", - "name": "Verify Email", - "providerId": "VERIFY_EMAIL", - "enabled": true, - "defaultAction": false, - "priority": 50, - "config": {} - }, - { - "alias": "delete_account", - "name": "Delete Account", - "providerId": "delete_account", - "enabled": false, - "defaultAction": false, - "priority": 60, - "config": {} - }, - { - "alias": "update_user_locale", - "name": "Update User Locale", - "providerId": "update_user_locale", - "enabled": true, - "defaultAction": false, - "priority": 1000, - "config": {} + }, { + "id" : "a73d32b9-7505-4b27-b868-446fb285c864", + "name" : "profile", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "profile", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "profile", + "jsonType.label" : "String", + "userinfo.token.claim" : "true" + } + }, { + "id" : "6ad53d49-fec3-4fad-8617-7a006572f2ed", + "name" : "zoneinfo", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "zoneinfo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "zoneinfo", + "jsonType.label" : "String", + "userinfo.token.claim" : "true" + } + }, { + "id" : "e59d36bd-bfba-490a-8faa-a9c3cfa3f606", + "name" : "birthdate", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "birthdate", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "birthdate", + "jsonType.label" : "String", + "userinfo.token.claim" : "true" + } + }, { + "id" : "5cd84f45-52f7-45f4-a1c0-d1b1418a3bf7", + "name" : "username", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "preferred_username", + "jsonType.label" : "String", + "userinfo.token.claim" : "true" + } + }, { + "id" : "e53f451f-a299-4ce3-9ac5-b6a09a6cbfaf", + "name" : "locale", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "locale", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "locale", + "jsonType.label" : "String", + "userinfo.token.claim" : "true" } - ], - "browserFlow": "browser", - "registrationFlow": "registration", - "directGrantFlow": "direct grant", - "resetCredentialsFlow": "reset credentials", - "clientAuthenticationFlow": "clients", - "dockerAuthenticationFlow": "docker auth", - "attributes": {}, - "keycloakVersion": "14.0.0", - "userManagedAccessAllowed": false, - "clientProfiles": { - "profiles": [] + }, { + "id" : "2a7d5971-cef8-4388-88ac-239e9623ad33", + "name" : "updated at", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "updatedAt", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "updated_at", + "jsonType.label" : "String", + "userinfo.token.claim" : "true" + } + }, { + "id" : "409d9979-1faa-443d-9aee-04fdd03f2916", + "name" : "family name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "lastName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "family_name", + "jsonType.label" : "String", + "userinfo.token.claim" : "true" + } + }, { + "id" : "6d53ced9-dd41-4e59-914b-4733875e5065", + "name" : "nickname", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "nickname", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "nickname", + "jsonType.label" : "String", + "userinfo.token.claim" : "true" + } + }, { + "id" : "36446663-e25c-45b8-a009-9cf1906b0ff4", + "name" : "full name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-full-name-mapper", + "consentRequired" : false, + "config" : { + "id.token.claim" : "true", + "userinfo.token.claim" : "true", + "access.token.claim" : "true" + } + }, { + "id" : "b97aea42-6c69-4221-ba62-89cfdaa80e00", + "name" : "gender", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "gender", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "gender", + "jsonType.label" : "String", + "userinfo.token.claim" : "true" + } + }, { + "id" : "9afb45a4-5102-4712-a09c-d5bff293cb72", + "name" : "middle name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "middleName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "middle_name", + "jsonType.label" : "String", + "userinfo.token.claim" : "true" + } + }, { + "id" : "97098f41-f818-42e9-be5f-4bd002012fcb", + "name" : "picture", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "picture", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "picture", + "jsonType.label" : "String", + "userinfo.token.claim" : "true" + } + }, { + "id" : "81191b98-8889-4213-b9dd-a38019f5b6a3", + "name" : "website", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "website", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "website", + "jsonType.label" : "String", + "userinfo.token.claim" : "true" + } + } ] + }, { + "id" : "7dbb1e7c-781e-494f-8e1d-c3fd7ea82a77", + "name" : "web-origins", + "description" : "OpenID Connect scope for add allowed web origins to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "consent.screen.text" : "", + "display.on.consent.screen" : "false" }, - "clientPolicies": { - "policies": [] - } - }, - { - "id": "vertx-it", - "realm": "vertx-it", - "notBefore": 0, - "defaultSignatureAlgorithm": "RS256", - "revokeRefreshToken": false, - "refreshTokenMaxReuse": 0, - "accessTokenLifespan": 300, - "accessTokenLifespanForImplicitFlow": 900, - "ssoSessionIdleTimeout": 1800, - "ssoSessionMaxLifespan": 36000, - "ssoSessionIdleTimeoutRememberMe": 0, - "ssoSessionMaxLifespanRememberMe": 0, - "offlineSessionIdleTimeout": 2592000, - "offlineSessionMaxLifespanEnabled": false, - "offlineSessionMaxLifespan": 5184000, - "clientSessionIdleTimeout": 0, - "clientSessionMaxLifespan": 0, - "clientOfflineSessionIdleTimeout": 0, - "clientOfflineSessionMaxLifespan": 0, - "accessCodeLifespan": 60, - "accessCodeLifespanUserAction": 300, - "accessCodeLifespanLogin": 1800, - "actionTokenGeneratedByAdminLifespan": 43200, - "actionTokenGeneratedByUserLifespan": 300, - "oauth2DeviceCodeLifespan": 600, - "oauth2DevicePollingInterval": 5, - "enabled": true, - "sslRequired": "external", - "registrationAllowed": false, - "registrationEmailAsUsername": false, - "rememberMe": false, - "verifyEmail": false, - "loginWithEmailAllowed": true, - "duplicateEmailsAllowed": false, - "resetPasswordAllowed": false, - "editUsernameAllowed": false, - "bruteForceProtected": false, - "permanentLockout": false, - "maxFailureWaitSeconds": 900, - "minimumQuickLoginWaitSeconds": 60, - "waitIncrementSeconds": 60, - "quickLoginCheckMilliSeconds": 1000, - "maxDeltaTimeSeconds": 43200, - "failureFactor": 30, - "roles": { - "realm": [ - { - "id": "d407f537-b5c4-43a5-8c57-748b37f077fd", - "name": "uma_authorization", - "description": "${role_uma_authorization}", - "composite": false, - "clientRole": false, - "containerId": "vertx-it", - "attributes": {} - }, - { - "id": "5d9c6f56-fcf4-457f-a35b-cc325fb1f5d2", - "name": "offline_access", - "description": "${role_offline-access}", - "composite": false, - "clientRole": false, - "containerId": "vertx-it", - "attributes": {} - }, - { - "id": "08e4592d-5790-46d9-9a78-b96c95a4d02d", - "name": "default-roles-vertx-it", - "description": "${role_default-roles}", - "composite": true, - "composites": { - "realm": [ - "offline_access", - "uma_authorization" - ], - "client": { - "account": [ - "manage-account", - "view-profile" - ] - } - }, - "clientRole": false, - "containerId": "vertx-it", - "attributes": {} - } - ], - "client": { - "realm-management": [ - { - "id": "b2b0a019-42d7-4870-befe-8d80d2b7be7d", - "name": "manage-users", - "description": "${role_manage-users}", - "composite": false, - "clientRole": true, - "containerId": "1b7ee6cc-ba13-4547-981e-816e2a96bff7", - "attributes": {} - }, - { - "id": "5b289337-ee54-4bd8-b812-4a5e73de763d", - "name": "query-groups", - "description": "${role_query-groups}", - "composite": false, - "clientRole": true, - "containerId": "1b7ee6cc-ba13-4547-981e-816e2a96bff7", - "attributes": {} - }, - { - "id": "a08d8850-237c-46eb-981f-db3944dc5148", - "name": "query-realms", - "description": "${role_query-realms}", - "composite": false, - "clientRole": true, - "containerId": "1b7ee6cc-ba13-4547-981e-816e2a96bff7", - "attributes": {} - }, - { - "id": "7e12cef9-f153-4cea-8727-d19c638ce393", - "name": "view-users", - "description": "${role_view-users}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "query-groups", - "query-users" - ] - } - }, - "clientRole": true, - "containerId": "1b7ee6cc-ba13-4547-981e-816e2a96bff7", - "attributes": {} - }, - { - "id": "2681a1f5-cd7c-4f8c-b1d4-1cc245212d25", - "name": "manage-realm", - "description": "${role_manage-realm}", - "composite": false, - "clientRole": true, - "containerId": "1b7ee6cc-ba13-4547-981e-816e2a96bff7", - "attributes": {} - }, - { - "id": "9158bd18-fcf2-4857-b5cc-7fecc1ef3a7b", - "name": "view-events", - "description": "${role_view-events}", - "composite": false, - "clientRole": true, - "containerId": "1b7ee6cc-ba13-4547-981e-816e2a96bff7", - "attributes": {} - }, - { - "id": "8ff4a738-90b0-4479-a9f3-0bd63c3df60d", - "name": "manage-clients", - "description": "${role_manage-clients}", - "composite": false, - "clientRole": true, - "containerId": "1b7ee6cc-ba13-4547-981e-816e2a96bff7", - "attributes": {} - }, - { - "id": "fcf680ca-858c-4b46-82b6-a19cb7f32fc4", - "name": "view-authorization", - "description": "${role_view-authorization}", - "composite": false, - "clientRole": true, - "containerId": "1b7ee6cc-ba13-4547-981e-816e2a96bff7", - "attributes": {} - }, - { - "id": "bb7e2754-1978-42e0-9743-24fc958e0782", - "name": "manage-identity-providers", - "description": "${role_manage-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "1b7ee6cc-ba13-4547-981e-816e2a96bff7", - "attributes": {} - }, - { - "id": "bfe784ca-d235-4fbd-a3a3-fa9be00c252c", - "name": "realm-admin", - "description": "${role_realm-admin}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "manage-users", - "query-groups", - "query-realms", - "view-users", - "manage-realm", - "view-events", - "manage-clients", - "view-authorization", - "manage-identity-providers", - "manage-events", - "view-identity-providers", - "create-client", - "manage-authorization", - "query-clients", - "query-users", - "impersonation", - "view-realm", - "view-clients" - ] - } - }, - "clientRole": true, - "containerId": "1b7ee6cc-ba13-4547-981e-816e2a96bff7", - "attributes": {} - }, - { - "id": "91f0473b-ca79-4b02-9e6d-2e36ce0b2e55", - "name": "manage-events", - "description": "${role_manage-events}", - "composite": false, - "clientRole": true, - "containerId": "1b7ee6cc-ba13-4547-981e-816e2a96bff7", - "attributes": {} - }, - { - "id": "a6aa08ad-dcbf-49d9-b8e6-5cb42903558b", - "name": "view-identity-providers", - "description": "${role_view-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "1b7ee6cc-ba13-4547-981e-816e2a96bff7", - "attributes": {} - }, - { - "id": "9c93d761-8eb7-401d-99b0-98b20e5c6106", - "name": "create-client", - "description": "${role_create-client}", - "composite": false, - "clientRole": true, - "containerId": "1b7ee6cc-ba13-4547-981e-816e2a96bff7", - "attributes": {} - }, - { - "id": "a798135a-b3d3-42af-8580-35e5d2b6ade5", - "name": "manage-authorization", - "description": "${role_manage-authorization}", - "composite": false, - "clientRole": true, - "containerId": "1b7ee6cc-ba13-4547-981e-816e2a96bff7", - "attributes": {} - }, - { - "id": "5cd207f5-422f-4a03-a8bf-95285614c6f2", - "name": "query-clients", - "description": "${role_query-clients}", - "composite": false, - "clientRole": true, - "containerId": "1b7ee6cc-ba13-4547-981e-816e2a96bff7", - "attributes": {} - }, - { - "id": "e54be0cb-6173-4091-8fe7-607f1768482a", - "name": "impersonation", - "description": "${role_impersonation}", - "composite": false, - "clientRole": true, - "containerId": "1b7ee6cc-ba13-4547-981e-816e2a96bff7", - "attributes": {} - }, - { - "id": "84a32b8c-bd8d-4a7b-b77c-f41d50d13e74", - "name": "query-users", - "description": "${role_query-users}", - "composite": false, - "clientRole": true, - "containerId": "1b7ee6cc-ba13-4547-981e-816e2a96bff7", - "attributes": {} - }, - { - "id": "41a94652-63e5-48a9-822e-bf61bf7d16af", - "name": "view-realm", - "description": "${role_view-realm}", - "composite": false, - "clientRole": true, - "containerId": "1b7ee6cc-ba13-4547-981e-816e2a96bff7", - "attributes": {} - }, - { - "id": "13857718-ea83-4d1b-8bf3-b3a2f7c2039d", - "name": "view-clients", - "description": "${role_view-clients}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "query-clients" - ] - } - }, - "clientRole": true, - "containerId": "1b7ee6cc-ba13-4547-981e-816e2a96bff7", - "attributes": {} - } - ], - "multiple-audience": [], - "security-admin-console": [], - "account-console": [], - "broker": [ - { - "id": "e84355d3-04a6-4f14-b1b4-8edff6cd2b5b", - "name": "read-token", - "description": "${role_read-token}", - "composite": false, - "clientRole": true, - "containerId": "9866df35-9f4c-4e3a-887c-6795fa8dd85c", - "attributes": {} - } - ], - "borkend": [], - "public": [], - "admin-cli": [], - "own-audience": [], - "backend": [], - "account": [ - { - "id": "d0dac19a-0d88-43b1-881f-91a5197ff5cd", - "name": "manage-account", - "description": "${role_manage-account}", - "composite": true, - "composites": { - "client": { - "account": [ - "manage-account-links" - ] - } - }, - "clientRole": true, - "containerId": "4067ebe9-b992-4fa7-86ad-cdcc65fd42fa", - "attributes": {} - }, - { - "id": "946b48e5-5675-45cd-9741-ce3568701a3d", - "name": "manage-consent", - "description": "${role_manage-consent}", - "composite": true, - "composites": { - "client": { - "account": [ - "view-consent" - ] - } - }, - "clientRole": true, - "containerId": "4067ebe9-b992-4fa7-86ad-cdcc65fd42fa", - "attributes": {} - }, - { - "id": "64b38e2c-6aa4-4d0e-af2f-381e455a9059", - "name": "view-applications", - "description": "${role_view-applications}", - "composite": false, - "clientRole": true, - "containerId": "4067ebe9-b992-4fa7-86ad-cdcc65fd42fa", - "attributes": {} - }, - { - "id": "183a00ef-93e0-49b2-af8f-9ec2d586fcec", - "name": "view-consent", - "description": "${role_view-consent}", - "composite": false, - "clientRole": true, - "containerId": "4067ebe9-b992-4fa7-86ad-cdcc65fd42fa", - "attributes": {} - }, - { - "id": "56269f9a-6ce8-4de6-ad62-38949492591b", - "name": "delete-account", - "description": "${role_delete-account}", - "composite": false, - "clientRole": true, - "containerId": "4067ebe9-b992-4fa7-86ad-cdcc65fd42fa", - "attributes": {} - }, - { - "id": "5a148095-47f1-4dd5-be2f-bfb764d19a55", - "name": "manage-account-links", - "description": "${role_manage-account-links}", - "composite": false, - "clientRole": true, - "containerId": "4067ebe9-b992-4fa7-86ad-cdcc65fd42fa", - "attributes": {} - }, - { - "id": "a3a0b944-412d-4edd-9489-2a117624d25d", - "name": "view-profile", - "description": "${role_view-profile}", - "composite": false, - "clientRole": true, - "containerId": "4067ebe9-b992-4fa7-86ad-cdcc65fd42fa", - "attributes": {} - } - ], - "frontend": [], - "confidential": [] + "protocolMappers" : [ { + "id" : "04d11580-7b18-4e11-a302-f65f19a59b98", + "name" : "allowed web origins", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-allowed-origins-mapper", + "consentRequired" : false, + "config" : { } + } ] + }, { + "id" : "674caf11-8a7e-4851-be77-bff51b2bec5a", + "name" : "roles", + "description" : "OpenID Connect scope for add user roles to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "consent.screen.text" : "${rolesScopeConsentText}", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "1d212240-03d0-4d11-83c4-a3fa5a433a27", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { } + }, { + "id" : "6e9724e8-2e4e-4b1f-bc13-0dfb329b044f", + "name" : "client roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-client-role-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "foo", + "access.token.claim" : "true", + "claim.name" : "resource_access.${client_id}.roles", + "jsonType.label" : "String", + "multivalued" : "true" + } + }, { + "id" : "e080bb6b-5a3d-4119-8751-9c6d2932afa3", + "name" : "realm roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "foo", + "access.token.claim" : "true", + "claim.name" : "realm_access.roles", + "jsonType.label" : "String", + "multivalued" : "true" } + } ] + }, { + "id" : "0fab2bdd-8b13-4b5a-a7c3-a8a2b0ffe8c4", + "name" : "address", + "description" : "OpenID Connect built-in scope: address", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "consent.screen.text" : "${addressScopeConsentText}", + "display.on.consent.screen" : "true" }, - "groups": [ - { - "id": "884354eb-31a5-4289-bf73-825ea21a24a8", - "name": "post-sales", - "path": "/post-sales", - "attributes": {}, - "realmRoles": [], - "clientRoles": {}, - "subGroups": [] - }, - { - "id": "67c90f84-f4af-4731-a724-4ab111f91324", - "name": "pre-sales", - "path": "/pre-sales", - "attributes": {}, - "realmRoles": [], - "clientRoles": {}, - "subGroups": [] - }, - { - "id": "e5c3cd8b-0d9a-4dc7-a64d-7ae8d83d0daa", - "name": "team", - "path": "/team", - "attributes": {}, - "realmRoles": [], - "clientRoles": {}, - "subGroups": [] + "protocolMappers" : [ { + "id" : "1a8a3203-78f9-465f-9da0-0e10eacd7655", + "name" : "address", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-address-mapper", + "consentRequired" : false, + "config" : { + "user.attribute.formatted" : "formatted", + "user.attribute.country" : "country", + "user.attribute.postal_code" : "postal_code", + "userinfo.token.claim" : "true", + "user.attribute.street" : "street", + "id.token.claim" : "true", + "user.attribute.region" : "region", + "access.token.claim" : "true", + "user.attribute.locality" : "locality" } - ], - "defaultRole": { - "id": "08e4592d-5790-46d9-9a78-b96c95a4d02d", - "name": "default-roles-vertx-it", - "description": "${role_default-roles}", - "composite": true, - "clientRole": false, - "containerId": "vertx-it" + } ] + }, { + "id" : "4e887c53-5cb3-4988-92a1-efb2f3721401", + "name" : "microprofile-jwt", + "description" : "Microprofile - JWT built-in scope", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "false" }, - "requiredCredentials": [ - "password" - ], - "otpPolicyType": "totp", - "otpPolicyAlgorithm": "HmacSHA1", - "otpPolicyInitialCounter": 0, - "otpPolicyDigits": 6, - "otpPolicyLookAheadWindow": 1, - "otpPolicyPeriod": 30, - "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" - ], - "webAuthnPolicyRpEntityName": "keycloak", - "webAuthnPolicySignatureAlgorithms": [ - "ES256" - ], - "webAuthnPolicyRpId": "", - "webAuthnPolicyAttestationConveyancePreference": "not specified", - "webAuthnPolicyAuthenticatorAttachment": "not specified", - "webAuthnPolicyRequireResidentKey": "not specified", - "webAuthnPolicyUserVerificationRequirement": "not specified", - "webAuthnPolicyCreateTimeout": 0, - "webAuthnPolicyAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyAcceptableAaguids": [], - "webAuthnPolicyPasswordlessRpEntityName": "keycloak", - "webAuthnPolicyPasswordlessSignatureAlgorithms": [ - "ES256" - ], - "webAuthnPolicyPasswordlessRpId": "", - "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", - "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", - "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", - "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", - "webAuthnPolicyPasswordlessCreateTimeout": 0, - "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyPasswordlessAcceptableAaguids": [], - "users": [ - { - "id": "d6ed0ba2-01b9-4082-b8b5-6b6aba569ae3", - "createdTimestamp": 1625559396384, - "username": "alice", - "enabled": true, - "totp": false, - "emailVerified": false, - "credentials": [ - { - "id": "21087aee-12c1-4e99-a99a-85d141ef5ce5", - "type": "password", - "createdDate": 1625559406285, - "secretData": "{\"value\":\"LhB+2p+cB7k7xCx0j1rI5DY9tWxq80yLeaFbmLPyypTQJ72Fom6erZd0kyITQQOtD5NnDS2fIXTxHrS/TZsCOA==\",\"salt\":\"MsvI3h/HJ3g6aso00ulw/A==\",\"additionalParameters\":{}}", - "credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" - } - ], - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-vertx-it" - ], - "notBefore": 0, - "groups": [ - "/pre-sales", - "/team" - ] - }, - { - "id": "32036cab-75fb-4491-a7b3-e4b39c0d2cc5", - "createdTimestamp": 1625559415723, - "username": "bob", - "enabled": true, - "totp": false, - "emailVerified": false, - "credentials": [ - { - "id": "b17e3df0-6f8f-4b46-bb44-b21bd44b0868", - "type": "password", - "createdDate": 1625561296783, - "secretData": "{\"value\":\"c8JUkF1OjRY5sASxF6td+HKecx0oTX5Qf6bbungjWxv5I2r2uPq7jSwmBli0z3/BqVtzsCV7mMUuyez+zkz4hA==\",\"salt\":\"h3dczr6gHg7tChOSXICMlg==\",\"additionalParameters\":{}}", - "credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" - } - ], - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-vertx-it" - ], - "notBefore": 0, - "groups": [ - "/post-sales", - "/team" - ] + "protocolMappers" : [ { + "id" : "f5d849d8-e025-4d46-9df8-4d7f1fe5b20a", + "name" : "upn", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "upn", + "jsonType.label" : "String", + "userinfo.token.claim" : "true" } - ], - "scopeMappings": [ - { - "clientScope": "offline_access", - "roles": [ - "offline_access" - ] + }, { + "id" : "072ca5e8-b507-4eac-a7e8-d3623452ce01", + "name" : "groups", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "multivalued" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "foo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "groups", + "jsonType.label" : "String" } - ], - "clientScopeMappings": { - "account": [ - { - "client": "account-console", - "roles": [ - "manage-account" - ] - } - ] + } ] + }, { + "id" : "4867f3ad-d26b-4cca-9902-6de530abe80a", + "name" : "email", + "description" : "OpenID Connect built-in scope: email", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "consent.screen.text" : "${emailScopeConsentText}", + "display.on.consent.screen" : "true" }, - "clients": [ - { - "id": "4067ebe9-b992-4fa7-86ad-cdcc65fd42fa", - "clientId": "account", - "name": "${client_account}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/vertx-it/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/realms/vertx-it/account/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "64749d6c-24eb-46ff-9231-541777954315", - "clientId": "account-console", - "name": "${client_account-console}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/vertx-it/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/realms/vertx-it/account/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "pkce.code.challenge.method": "S256" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "51a3ae0b-dbce-463f-9f9b-7425b422d6b9", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - } - ], - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "d59a2b46-33a8-4712-b6f9-05a8130316c2", - "clientId": "admin-cli", - "name": "${client_admin-cli}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "7d294d0b-13ee-4a73-bd98-0f90d72845e1", - "clientId": "backend", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "http://*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "5c964175-4608-4227-ac1f-5613a8b2618e", - "clientId": "borkend", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "9866df35-9f4c-4e3a-887c-6795fa8dd85c", - "clientId": "broker", - "name": "${client_broker}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "4b92583b-7035-46ff-8a1e-2fce1358e346", - "clientId": "confidential", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "51321e70-b1f3-45bf-aec2-d6bfbb9327e3", - "redirectUris": [ - "http://*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "2a601ec8-f451-452a-9d60-a92f9d8da3c3", - "clientId": "frontend", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "http://*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "backend", - "microprofile-jwt" - ] - }, - { - "id": "f4134143-5eb7-4c36-a168-df9f044bd042", - "clientId": "multiple-audience", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "http://*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "a690f45d-7b9d-4fe0-8e05-bd432f3702aa", - "name": "audience", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-mapper", - "consentRequired": false, - "config": { - "included.client.audience": "multiple-audience", - "id.token.claim": "false", - "access.token.claim": "true" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "755c4441-6ee1-4576-b8c9-93dd4faaa0dd", - "clientId": "own-audience", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "http://*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "639317ee-a2dd-48a6-925e-d21fe259b00d", - "name": "audience", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-mapper", - "consentRequired": false, - "config": { - "included.client.audience": "own-audience", - "id.token.claim": "false", - "access.token.claim": "true" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "a0bdd909-406d-4ee2-8294-0ba760dd2a84", - "clientId": "public", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "http://*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "1b7ee6cc-ba13-4547-981e-816e2a96bff7", - "clientId": "realm-management", - "name": "${client_realm-management}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "095103db-778f-4e7b-8ec5-3a949d321add", - "clientId": "security-admin-console", - "name": "${client_security-admin-console}", - "rootUrl": "${authAdminUrl}", - "baseUrl": "/admin/vertx-it/console/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/admin/vertx-it/console/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "pkce.code.challenge.method": "S256" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "9a5d349f-cea0-49d2-acc6-67609b3b8417", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] + "protocolMappers" : [ { + "id" : "20104166-3ca2-49a7-abcd-a9eb3b2e1a1e", + "name" : "email", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "email", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email", + "jsonType.label" : "String", + "userinfo.token.claim" : "true" } - ], - "clientScopes": [ - { - "id": "03e41853-66e8-4196-b335-f8c8d578c5c8", - "name": "offline_access", - "description": "OpenID Connect built-in scope: offline_access", - "protocol": "openid-connect", - "attributes": { - "consent.screen.text": "${offlineAccessScopeConsentText}", - "display.on.consent.screen": "true" - } - }, - { - "id": "e635c6b6-fdad-4f5c-a8cd-a98db74c2f50", - "name": "profile", - "description": "OpenID Connect built-in scope: profile", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${profileScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "59992d47-c906-481f-88f1-109192df1059", - "name": "given name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "firstName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" - } - }, - { - "id": "a73d32b9-7505-4b27-b868-446fb285c864", - "name": "profile", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "profile", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "profile", - "jsonType.label": "String" - } - }, - { - "id": "6ad53d49-fec3-4fad-8617-7a006572f2ed", - "name": "zoneinfo", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "zoneinfo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "zoneinfo", - "jsonType.label": "String" - } - }, - { - "id": "e59d36bd-bfba-490a-8faa-a9c3cfa3f606", - "name": "birthdate", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "birthdate", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "birthdate", - "jsonType.label": "String" - } - }, - { - "id": "5cd84f45-52f7-45f4-a1c0-d1b1418a3bf7", - "name": "username", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" - } - }, - { - "id": "e53f451f-a299-4ce3-9ac5-b6a09a6cbfaf", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - }, - { - "id": "2a7d5971-cef8-4388-88ac-239e9623ad33", - "name": "updated at", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "updatedAt", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "updated_at", - "jsonType.label": "String" - } - }, - { - "id": "409d9979-1faa-443d-9aee-04fdd03f2916", - "name": "family name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "lastName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" - } - }, - { - "id": "6d53ced9-dd41-4e59-914b-4733875e5065", - "name": "nickname", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "nickname", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "nickname", - "jsonType.label": "String" - } - }, - { - "id": "36446663-e25c-45b8-a009-9cf1906b0ff4", - "name": "full name", - "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "id": "b97aea42-6c69-4221-ba62-89cfdaa80e00", - "name": "gender", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "gender", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "gender", - "jsonType.label": "String" - } - }, - { - "id": "9afb45a4-5102-4712-a09c-d5bff293cb72", - "name": "middle name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "middleName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "middle_name", - "jsonType.label": "String" - } - }, - { - "id": "97098f41-f818-42e9-be5f-4bd002012fcb", - "name": "picture", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "picture", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "picture", - "jsonType.label": "String" - } - }, - { - "id": "81191b98-8889-4213-b9dd-a38019f5b6a3", - "name": "website", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "website", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "website", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "7dbb1e7c-781e-494f-8e1d-c3fd7ea82a77", - "name": "web-origins", - "description": "OpenID Connect scope for add allowed web origins to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "false", - "consent.screen.text": "" - }, - "protocolMappers": [ - { - "id": "04d11580-7b18-4e11-a302-f65f19a59b98", - "name": "allowed web origins", - "protocol": "openid-connect", - "protocolMapper": "oidc-allowed-origins-mapper", - "consentRequired": false, - "config": {} - } - ] - }, - { - "id": "674caf11-8a7e-4851-be77-bff51b2bec5a", - "name": "roles", - "description": "OpenID Connect scope for add user roles to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "true", - "consent.screen.text": "${rolesScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "1d212240-03d0-4d11-83c4-a3fa5a433a27", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - }, - { - "id": "6e9724e8-2e4e-4b1f-bc13-0dfb329b044f", - "name": "client roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-client-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "resource_access.${client_id}.roles", - "jsonType.label": "String", - "multivalued": "true" - } - }, - { - "id": "e080bb6b-5a3d-4119-8751-9c6d2932afa3", - "name": "realm roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "realm_access.roles", - "jsonType.label": "String", - "multivalued": "true" - } - } - ] - }, - { - "id": "0fab2bdd-8b13-4b5a-a7c3-a8a2b0ffe8c4", - "name": "address", - "description": "OpenID Connect built-in scope: address", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${addressScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "1a8a3203-78f9-465f-9da0-0e10eacd7655", - "name": "address", - "protocol": "openid-connect", - "protocolMapper": "oidc-address-mapper", - "consentRequired": false, - "config": { - "user.attribute.formatted": "formatted", - "user.attribute.country": "country", - "user.attribute.postal_code": "postal_code", - "userinfo.token.claim": "true", - "user.attribute.street": "street", - "id.token.claim": "true", - "user.attribute.region": "region", - "access.token.claim": "true", - "user.attribute.locality": "locality" - } - } - ] - }, - { - "id": "4e887c53-5cb3-4988-92a1-efb2f3721401", - "name": "microprofile-jwt", - "description": "Microprofile - JWT built-in scope", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ - { - "id": "f5d849d8-e025-4d46-9df8-4d7f1fe5b20a", - "name": "upn", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "upn", - "jsonType.label": "String" - } - }, - { - "id": "072ca5e8-b507-4eac-a7e8-d3623452ce01", - "name": "groups", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "multivalued": "true", - "user.attribute": "foo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "groups", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "4867f3ad-d26b-4cca-9902-6de530abe80a", - "name": "email", - "description": "OpenID Connect built-in scope: email", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${emailScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "20104166-3ca2-49a7-abcd-a9eb3b2e1a1e", - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" - } - }, - { - "id": "74ba036e-25fd-47aa-a871-018436a0a0b8", - "name": "email verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "emailVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email_verified", - "jsonType.label": "boolean" - } - } - ] - }, - { - "id": "ba9f2745-df7a-40f3-b753-d658fcf8949f", - "name": "role_list", - "description": "SAML role list", - "protocol": "saml", - "attributes": { - "consent.screen.text": "${samlRoleListScopeConsentText}", - "display.on.consent.screen": "true" - }, - "protocolMappers": [ - { - "id": "b05e81c2-104c-43b2-875e-c8ee5147fe03", - "name": "role list", - "protocol": "saml", - "protocolMapper": "saml-role-list-mapper", - "consentRequired": false, - "config": { - "single": "false", - "attribute.nameformat": "Basic", - "attribute.name": "Role" - } - } - ] - }, - { - "id": "b6107fd3-11ab-434b-9cd6-79a8b6c95cd3", - "name": "backend", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true" - }, - "protocolMappers": [ - { - "id": "0903190a-69c4-40c8-bed5-977643a3565c", - "name": "aud-backend", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-mapper", - "consentRequired": false, - "config": { - "included.client.audience": "backend", - "id.token.claim": "false", - "access.token.claim": "true" - } - } - ] - }, - { - "id": "99cc9396-9e9d-4a3b-970b-a26851c2a042", - "name": "phone", - "description": "OpenID Connect built-in scope: phone", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${phoneScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "cab1b0f2-dd7e-43d9-ae84-407667729a46", - "name": "phone number", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumber", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number", - "jsonType.label": "String" - } - }, - { - "id": "637df78f-d2c5-400e-898b-22ea6bb90021", - "name": "phone number verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumberVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number_verified", - "jsonType.label": "boolean" - } - } - ] + }, { + "id" : "74ba036e-25fd-47aa-a871-018436a0a0b8", + "name" : "email verified", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "emailVerified", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email_verified", + "jsonType.label" : "boolean", + "userinfo.token.claim" : "true" } - ], - "defaultDefaultClientScopes": [ - "role_list", - "profile", - "email", - "roles", - "web-origins" - ], - "defaultOptionalClientScopes": [ - "offline_access", - "address", - "phone", - "microprofile-jwt" - ], - "browserSecurityHeaders": { - "contentSecurityPolicyReportOnly": "", - "xContentTypeOptions": "nosniff", - "xRobotsTag": "none", - "xFrameOptions": "SAMEORIGIN", - "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - "xXSSProtection": "1; mode=block", - "strictTransportSecurity": "max-age=31536000; includeSubDomains" + } ] + }, { + "id" : "ba9f2745-df7a-40f3-b753-d658fcf8949f", + "name" : "role_list", + "description" : "SAML role list", + "protocol" : "saml", + "attributes" : { + "consent.screen.text" : "${samlRoleListScopeConsentText}", + "display.on.consent.screen" : "true" }, - "smtpServer": {}, - "eventsEnabled": false, - "eventsListeners": [ - "jboss-logging" - ], - "enabledEventTypes": [], - "adminEventsEnabled": false, - "adminEventsDetailsEnabled": false, - "identityProviders": [], - "identityProviderMappers": [], - "components": { - "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ - { - "id": "7c7a2193-d6da-4e24-b6ff-4b8b8584ce2f", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "oidc-usermodel-attribute-mapper", - "oidc-full-name-mapper", - "saml-role-list-mapper", - "oidc-usermodel-property-mapper", - "oidc-address-mapper", - "oidc-sha256-pairwise-sub-mapper", - "saml-user-property-mapper", - "saml-user-attribute-mapper" - ] - } - }, - { - "id": "c2c64ff6-d244-4669-8fc6-1b999ee131e6", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "3e5389ff-4a66-4cbb-8466-a3740a556343", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, - { - "id": "fb8bcf88-bd92-49b1-8235-99baa46402c1", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "saml-user-attribute-mapper", - "oidc-usermodel-attribute-mapper", - "saml-user-property-mapper", - "oidc-usermodel-property-mapper", - "oidc-full-name-mapper", - "oidc-address-mapper", - "oidc-sha256-pairwise-sub-mapper", - "saml-role-list-mapper" - ] - } - }, - { - "id": "87f48f56-5dc1-4d32-8121-865ec7ab5891", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "78b31931-052c-4d6e-ba10-d817be1502e1", - "name": "Max Clients Limit", - "providerId": "max-clients", - "subType": "anonymous", - "subComponents": {}, - "config": { - "max-clients": [ - "200" - ] - } - }, - { - "id": "caff883d-116f-4735-9d01-61a1297470ac", - "name": "Trusted Hosts", - "providerId": "trusted-hosts", - "subType": "anonymous", - "subComponents": {}, - "config": { - "host-sending-registration-request-must-match": [ - "true" - ], - "client-uris-must-match": [ - "true" - ] - } - }, - { - "id": "21fc7f6c-f1d9-42e9-9b21-453e743b5577", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - } - ], - "org.keycloak.keys.KeyProvider": [ - { - "id": "c12fda72-5599-40c0-8f26-e4915a2f13a6", - "name": "rsa-generated", - "providerId": "rsa-generated", - "subComponents": {}, - "config": { - "privateKey": [ - "MIIEpAIBAAKCAQEArqLQCZWW8Brc1LBMwoJtVTtjMkqrFp67XRdVhCgsCxerDYZs1bXBzNkD4FVAX7oUhbPTgic8h6hm7TzHnY6WZScof+L35hmwnBj/lTjIWHQ2k0ZVYv1RA3tqB9eqvADjkfYizP0+46HDRhhz0050pxbGvb3netuw2KHVQH7qWz4IgZprbhanuX+HfJTDM59X6VXEcSScezylaCOcyWlhk1fjs1PQS3QFbXarKGRSG4ZoSbQB4YA4sBhubdG1AspU7+zeLzYUcmy7kqJWRRgExW1mHAwWiv6yj6xuXRR2AlexUR25oysmfAJGqiD0juZSPSUC+PtPWJ2Hj5uD7YXMjQIDAQABAoIBAGCefaE/3SF8iz81R1K6XIkycUBq5Vt/eMQZW9vhafS9JIs4G1Dl3ZJbYvSj1hjgV+hdRKEW2jtn5YJOBVbbg8P1NUgEKAlrnzXN8uH5Z4bgzS0QVb+NzVuy1Uf/f1vC1iV0W260ki3Y2rQWZUa8enfTdyOVRNPJZn+Ekfq7/Sd7MLja4put0jxgJI34RHLGrISaJXj9OROki3AfMfv9fGX3hquqHfJUzY58DDKETzCfDRLG8leaRTLa2gpr1vXIhdr9FW/qXLyiZPATQ9APV4kZ3qdWjW3OfsLw/YUSz/ZdvntCPQHbwPa05lw65xaLYsQIjedfGrmAH4oYXEXeonUCgYEA6A7JNHMa+ZgbmTRWKbupIYuItQ4OqAYPBrf/YmF5es20cLKPJ8Zf/FELRZ6B5DZT6Je9YPfEP5aPQH6T9b2lsQ6JiDSMYT0RfQdRkYeY6DiBVMZIUgQD809/K+aFsUbTxg3cQ+/OA3OVra2cXFAAJQHgzkHQRKH5Sz0PuzXCSrcCgYEAwKdgg8V/ig0C+NKM4Z4fNaTxcP62HiK+n8N5qg5497pLB0Su0QAiYDnpyuu3OOMOaJvxLykPnGdq+BVlX78mJ1NmAGwYaIKjQWhJsBRWWuzcplPQipvkhjUSmopEiwqXya1BE544SINLvQkTjoqqxqufPfjbdRDWkX8eVuk1LtsCgYEArDs1KIF59t/nM+k9PhIzMFuApmh9hkWg52qu2FTiNbvw/Wf5ihrY6Ms5430GiNutoUbl3s9lz5AuWD7aEBymmmfgub/OpOkPTs2cw7dxTIGLs+DKkly6ld5d07ZvaajYyvlEjwOv0q353IKrN3SE9vKS6GK+cgIJpcb3Iwp+XrcCgYEAql5aN62cEBVZn3lzJMKUjvgCnA5kN1o6gUZ4fS63Qzv3xcGzZxhbTgVo/w5cxW3l/BSLwUzqhUHfkuw47ec4cmaKOa1eGG4OuXTkVVZm15nHtz8/mJQsD5M3lHraCqufd7ZDanntBBM4Ez/Hj7KJO4/iDwfX6zqsxZZI2kr5wSkCgYBsy5aDwcbYmAZALomrpsAD8RO70QdFlz+zJ/oZ5sdk2HrxUAVukDSsDfHi7z5S12soLYbGkkQmGgvILwEzwMhFVu66NXfftPQK3FTPQIMQEUmd2soZEqoWB7eENaVlyzkiEAZabW1ANGW1o3uj/hbnFgvwBq1T6D+6xSuddlZTtw==" - ], - "certificate": [ - "MIICnzCCAYcCBgF6euOwzTANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDDAh2ZXJ0eC1pdDAeFw0yMTA3MDYwODE0NDBaFw0zMTA3MDYwODE2MjBaMBMxETAPBgNVBAMMCHZlcnR4LWl0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArqLQCZWW8Brc1LBMwoJtVTtjMkqrFp67XRdVhCgsCxerDYZs1bXBzNkD4FVAX7oUhbPTgic8h6hm7TzHnY6WZScof+L35hmwnBj/lTjIWHQ2k0ZVYv1RA3tqB9eqvADjkfYizP0+46HDRhhz0050pxbGvb3netuw2KHVQH7qWz4IgZprbhanuX+HfJTDM59X6VXEcSScezylaCOcyWlhk1fjs1PQS3QFbXarKGRSG4ZoSbQB4YA4sBhubdG1AspU7+zeLzYUcmy7kqJWRRgExW1mHAwWiv6yj6xuXRR2AlexUR25oysmfAJGqiD0juZSPSUC+PtPWJ2Hj5uD7YXMjQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAJlTDRQdq6KlLwOP4oXFKFtcmObRdldpZMDBQFEkQ0k5uZhibhBC20bbdqTEstw1dHQetG40oXfyEOnj9j9ezdlgyVPd61N4RjC1L3NUhQBEACjotOXyoJCBrMGHcCSD9ISFEvXziVzO3qCNgcMPnsafE4Z/AjDKyay6vLFBtVhfrOYBwml+o4o7Mg3lVtHfRLDe8oDaS7kgO7eKxdGLXj8FW3w+jHpxKvBZBPMGTB2d90kIE1j6a6W4bT/s3zB6ZC2Zy4x9QvOQtAfSzEaTM7oB3gDzaeLq00v+pEg0lTwPb/ppLSs6i07vPaReNolUwHSTHN8Ftodk8IcrvL4Ma9" - ], - "priority": [ - "100" - ] - } - }, - { - "id": "8f84eed4-58a8-4fbd-82b0-a0b9bca33994", - "name": "aes-generated", - "providerId": "aes-generated", - "subComponents": {}, - "config": { - "kid": [ - "141ada99-1838-4ac2-bca4-43f043e068d3" - ], - "secret": [ - "RimDTSMMvQ5wMwg-z9Es1A" - ], - "priority": [ - "100" - ] - } - }, - { - "id": "b3629f23-b53b-4569-8e34-8389026625d9", - "name": "hmac-generated", - "providerId": "hmac-generated", - "subComponents": {}, - "config": { - "kid": [ - "05576c0c-44f9-4e8e-983c-74886f088b72" - ], - "secret": [ - "16j1rt1KfBKwTfGSz7O7uQxxUwiVCPrPUaqJTrvxIEC5wv4VrLn1AHa8V4Qls5FXTu7PQuEBgqiJ2CQgEtSvFg" - ], - "priority": [ - "100" - ], - "algorithm": [ - "HS256" - ] - } - } - ] + "protocolMappers" : [ { + "id" : "b05e81c2-104c-43b2-875e-c8ee5147fe03", + "name" : "role list", + "protocol" : "saml", + "protocolMapper" : "saml-role-list-mapper", + "consentRequired" : false, + "config" : { + "single" : "false", + "attribute.nameformat" : "Basic", + "attribute.name" : "Role" + } + } ] + }, { + "id" : "b6107fd3-11ab-434b-9cd6-79a8b6c95cd3", + "name" : "backend", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true" }, - "internationalizationEnabled": false, - "supportedLocales": [], - "authenticationFlows": [ - { - "id": "8d1ab02d-d0c7-45a2-b31e-38943f080b49", - "alias": "Account verification options", - "description": "Method with which to verity the existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-email-verification", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "48353101-5e59-4eaf-9eaf-d50fd1e63c56", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "c8b3e53c-0116-4878-abfd-a11d9ee86ba7", - "alias": "Browser - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "68ab387f-6aac-49aa-9543-d8d38a6e2bf1", - "alias": "Direct Grant - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "direct-grant-validate-otp", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "5a713816-ddbf-4fb8-9192-813beffc5039", - "alias": "First broker login - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "59f99ff4-bc80-4f82-8028-1a443dd281f2", - "alias": "Handle Existing Account", - "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-confirm-link", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "61805144-43b0-447d-a443-f4af8c869c2f", - "alias": "Reset - Conditional OTP", - "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-otp", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "4d9220eb-a647-4bf2-be00-d0382bb9a66d", - "alias": "User creation or linking", - "description": "Flow for the existing/non-existing user alternatives", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "create unique user config", - "authenticator": "idp-create-user-if-unique", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "756313fd-ea65-4133-b0b2-262706027bb6", - "alias": "Verify Existing Account by Re-authentication", - "description": "Reauthentication of existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "591a962b-195f-427d-bc2c-c6eef105ec51", - "alias": "browser", - "description": "browser based authentication", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-cookie", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "identity-provider-redirector", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 30, - "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "53f57097-47d8-44b2-83da-4c74785a907d", - "alias": "clients", - "description": "Base authentication for clients", - "providerId": "client-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "client-secret", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-jwt", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-secret-jwt", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-x509", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "b28f6bcd-be2d-46c1-9770-0644f6998392", - "alias": "direct grant", - "description": "OpenID Connect Resource Owner Grant", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "direct-grant-validate-username", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "direct-grant-validate-password", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 30, - "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "589d3c7c-994f-4eca-bd3c-623ac4bd8b0d", - "alias": "docker auth", - "description": "Used by Docker clients to authenticate against the IDP", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "docker-http-basic-authenticator", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "c4e0fbf9-acc9-4388-88a7-de5e5f090f68", - "alias": "first broker login", - "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "review profile config", - "authenticator": "idp-review-profile", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "7449cc60-6dd4-4f03-a2e7-32de5b37f102", - "alias": "forms", - "description": "Username, password, otp and other auth forms.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "377a30d9-7070-4553-ab63-a65fd02d02c0", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "a47b40b5-895d-48b8-a802-d642a86db728", - "alias": "registration", - "description": "registration flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-page-form", - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 10, - "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "8c30ab59-cba0-460b-b591-6296391b4f28", - "alias": "registration form", - "description": "registration form", - "providerId": "form-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-user-creation", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-profile-action", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-password-action", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-recaptcha-action", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "e861f182-302d-4d04-aeec-514f64e57d5f", - "alias": "reset credentials", - "description": "Reset credentials for a user if they forgot their password or something", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "reset-credentials-choose-user", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-credential-email", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-password", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 40, - "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "c8e01923-c5d9-48c5-9242-fa620a9a6388", - "alias": "saml ecp", - "description": "SAML ECP Profile Authentication Flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "http-basic-authenticator", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] + "protocolMappers" : [ { + "id" : "0903190a-69c4-40c8-bed5-977643a3565c", + "name" : "aud-backend", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-mapper", + "consentRequired" : false, + "config" : { + "included.client.audience" : "backend", + "id.token.claim" : "false", + "access.token.claim" : "true", + "userinfo.token.claim" : "false" } - ], - "authenticatorConfig": [ - { - "id": "250e1788-a5c8-4806-b5fe-9f8785717340", - "alias": "create unique user config", - "config": { - "require.password.update.after.registration": "false" - } - }, - { - "id": "9cec2a3d-cd71-4e30-9744-c350f58bacab", - "alias": "review profile config", - "config": { - "update.profile.on.first.login": "missing" - } + } ] + }, { + "id" : "99cc9396-9e9d-4a3b-970b-a26851c2a042", + "name" : "phone", + "description" : "OpenID Connect built-in scope: phone", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "consent.screen.text" : "${phoneScopeConsentText}", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "cab1b0f2-dd7e-43d9-ae84-407667729a46", + "name" : "phone number", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "phoneNumber", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "phone_number", + "jsonType.label" : "String", + "userinfo.token.claim" : "true" } - ], - "requiredActions": [ - { - "alias": "CONFIGURE_TOTP", - "name": "Configure OTP", - "providerId": "CONFIGURE_TOTP", - "enabled": true, - "defaultAction": false, - "priority": 10, - "config": {} - }, - { - "alias": "terms_and_conditions", - "name": "Terms and Conditions", - "providerId": "terms_and_conditions", - "enabled": false, - "defaultAction": false, - "priority": 20, - "config": {} - }, - { - "alias": "UPDATE_PASSWORD", - "name": "Update Password", - "providerId": "UPDATE_PASSWORD", - "enabled": true, - "defaultAction": false, - "priority": 30, - "config": {} - }, - { - "alias": "UPDATE_PROFILE", - "name": "Update Profile", - "providerId": "UPDATE_PROFILE", - "enabled": true, - "defaultAction": false, - "priority": 40, - "config": {} - }, - { - "alias": "VERIFY_EMAIL", - "name": "Verify Email", - "providerId": "VERIFY_EMAIL", - "enabled": true, - "defaultAction": false, - "priority": 50, - "config": {} - }, - { - "alias": "delete_account", - "name": "Delete Account", - "providerId": "delete_account", - "enabled": false, - "defaultAction": false, - "priority": 60, - "config": {} - }, - { - "alias": "update_user_locale", - "name": "Update User Locale", - "providerId": "update_user_locale", - "enabled": true, - "defaultAction": false, - "priority": 1000, - "config": {} + }, { + "id" : "637df78f-d2c5-400e-898b-22ea6bb90021", + "name" : "phone number verified", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "phoneNumberVerified", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "phone_number_verified", + "jsonType.label" : "boolean", + "userinfo.token.claim" : "true" } - ], - "browserFlow": "browser", - "registrationFlow": "registration", - "directGrantFlow": "direct grant", - "resetCredentialsFlow": "reset credentials", - "clientAuthenticationFlow": "clients", - "dockerAuthenticationFlow": "docker auth", - "attributes": { - "cibaBackchannelTokenDeliveryMode": "poll", - "cibaExpiresIn": "120", - "cibaAuthRequestedUserHint": "login_hint", - "oauth2DeviceCodeLifespan": "600", - "oauth2DevicePollingInterval": "5", - "cibaInterval": "5" - }, - "keycloakVersion": "14.0.0", - "userManagedAccessAllowed": false, - "clientProfiles": { - "profiles": [] - }, - "clientPolicies": { - "policies": [] + } ] + } ], + "defaultDefaultClientScopes" : [ "role_list", "profile", "email", "roles", "web-origins" ], + "defaultOptionalClientScopes" : [ "offline_access", "address", "phone", "microprofile-jwt" ], + "browserSecurityHeaders" : { + "contentSecurityPolicyReportOnly" : "", + "xContentTypeOptions" : "nosniff", + "xRobotsTag" : "none", + "xFrameOptions" : "SAMEORIGIN", + "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "xXSSProtection" : "1; mode=block", + "strictTransportSecurity" : "max-age=31536000; includeSubDomains" + }, + "smtpServer" : { }, + "eventsEnabled" : false, + "eventsListeners" : [ "jboss-logging" ], + "enabledEventTypes" : [ ], + "adminEventsEnabled" : false, + "adminEventsDetailsEnabled" : false, + "identityProviders" : [ ], + "identityProviderMappers" : [ ], + "components" : { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ { + "id" : "7c7a2193-d6da-4e24-b6ff-4b8b8584ce2f", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "oidc-full-name-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-property-mapper", "saml-user-attribute-mapper", "saml-role-list-mapper", "oidc-address-mapper", "oidc-usermodel-attribute-mapper", "saml-user-property-mapper" ] + } + }, { + "id" : "c2c64ff6-d244-4669-8fc6-1b999ee131e6", + "name" : "Consent Required", + "providerId" : "consent-required", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "3e5389ff-4a66-4cbb-8466-a3740a556343", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allow-default-scopes" : [ "true" ] + } + }, { + "id" : "fb8bcf88-bd92-49b1-8235-99baa46402c1", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "saml-role-list-mapper", "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-address-mapper", "oidc-full-name-mapper", "saml-user-property-mapper", "saml-user-attribute-mapper", "oidc-sha256-pairwise-sub-mapper" ] + } + }, { + "id" : "87f48f56-5dc1-4d32-8121-865ec7ab5891", + "name" : "Full Scope Disabled", + "providerId" : "scope", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "78b31931-052c-4d6e-ba10-d817be1502e1", + "name" : "Max Clients Limit", + "providerId" : "max-clients", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "max-clients" : [ "200" ] + } + }, { + "id" : "caff883d-116f-4735-9d01-61a1297470ac", + "name" : "Trusted Hosts", + "providerId" : "trusted-hosts", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "host-sending-registration-request-must-match" : [ "true" ], + "client-uris-must-match" : [ "true" ] + } + }, { + "id" : "21fc7f6c-f1d9-42e9-9b21-453e743b5577", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "allow-default-scopes" : [ "true" ] + } + } ], + "org.keycloak.keys.KeyProvider" : [ { + "id" : "c12fda72-5599-40c0-8f26-e4915a2f13a6", + "name" : "rsa-generated", + "providerId" : "rsa-generated", + "subComponents" : { }, + "config" : { + "privateKey" : [ "MIIEpAIBAAKCAQEArqLQCZWW8Brc1LBMwoJtVTtjMkqrFp67XRdVhCgsCxerDYZs1bXBzNkD4FVAX7oUhbPTgic8h6hm7TzHnY6WZScof+L35hmwnBj/lTjIWHQ2k0ZVYv1RA3tqB9eqvADjkfYizP0+46HDRhhz0050pxbGvb3netuw2KHVQH7qWz4IgZprbhanuX+HfJTDM59X6VXEcSScezylaCOcyWlhk1fjs1PQS3QFbXarKGRSG4ZoSbQB4YA4sBhubdG1AspU7+zeLzYUcmy7kqJWRRgExW1mHAwWiv6yj6xuXRR2AlexUR25oysmfAJGqiD0juZSPSUC+PtPWJ2Hj5uD7YXMjQIDAQABAoIBAGCefaE/3SF8iz81R1K6XIkycUBq5Vt/eMQZW9vhafS9JIs4G1Dl3ZJbYvSj1hjgV+hdRKEW2jtn5YJOBVbbg8P1NUgEKAlrnzXN8uH5Z4bgzS0QVb+NzVuy1Uf/f1vC1iV0W260ki3Y2rQWZUa8enfTdyOVRNPJZn+Ekfq7/Sd7MLja4put0jxgJI34RHLGrISaJXj9OROki3AfMfv9fGX3hquqHfJUzY58DDKETzCfDRLG8leaRTLa2gpr1vXIhdr9FW/qXLyiZPATQ9APV4kZ3qdWjW3OfsLw/YUSz/ZdvntCPQHbwPa05lw65xaLYsQIjedfGrmAH4oYXEXeonUCgYEA6A7JNHMa+ZgbmTRWKbupIYuItQ4OqAYPBrf/YmF5es20cLKPJ8Zf/FELRZ6B5DZT6Je9YPfEP5aPQH6T9b2lsQ6JiDSMYT0RfQdRkYeY6DiBVMZIUgQD809/K+aFsUbTxg3cQ+/OA3OVra2cXFAAJQHgzkHQRKH5Sz0PuzXCSrcCgYEAwKdgg8V/ig0C+NKM4Z4fNaTxcP62HiK+n8N5qg5497pLB0Su0QAiYDnpyuu3OOMOaJvxLykPnGdq+BVlX78mJ1NmAGwYaIKjQWhJsBRWWuzcplPQipvkhjUSmopEiwqXya1BE544SINLvQkTjoqqxqufPfjbdRDWkX8eVuk1LtsCgYEArDs1KIF59t/nM+k9PhIzMFuApmh9hkWg52qu2FTiNbvw/Wf5ihrY6Ms5430GiNutoUbl3s9lz5AuWD7aEBymmmfgub/OpOkPTs2cw7dxTIGLs+DKkly6ld5d07ZvaajYyvlEjwOv0q353IKrN3SE9vKS6GK+cgIJpcb3Iwp+XrcCgYEAql5aN62cEBVZn3lzJMKUjvgCnA5kN1o6gUZ4fS63Qzv3xcGzZxhbTgVo/w5cxW3l/BSLwUzqhUHfkuw47ec4cmaKOa1eGG4OuXTkVVZm15nHtz8/mJQsD5M3lHraCqufd7ZDanntBBM4Ez/Hj7KJO4/iDwfX6zqsxZZI2kr5wSkCgYBsy5aDwcbYmAZALomrpsAD8RO70QdFlz+zJ/oZ5sdk2HrxUAVukDSsDfHi7z5S12soLYbGkkQmGgvILwEzwMhFVu66NXfftPQK3FTPQIMQEUmd2soZEqoWB7eENaVlyzkiEAZabW1ANGW1o3uj/hbnFgvwBq1T6D+6xSuddlZTtw==" ], + "certificate" : [ "MIICnzCCAYcCBgF6euOwzTANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDDAh2ZXJ0eC1pdDAeFw0yMTA3MDYwODE0NDBaFw0zMTA3MDYwODE2MjBaMBMxETAPBgNVBAMMCHZlcnR4LWl0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArqLQCZWW8Brc1LBMwoJtVTtjMkqrFp67XRdVhCgsCxerDYZs1bXBzNkD4FVAX7oUhbPTgic8h6hm7TzHnY6WZScof+L35hmwnBj/lTjIWHQ2k0ZVYv1RA3tqB9eqvADjkfYizP0+46HDRhhz0050pxbGvb3netuw2KHVQH7qWz4IgZprbhanuX+HfJTDM59X6VXEcSScezylaCOcyWlhk1fjs1PQS3QFbXarKGRSG4ZoSbQB4YA4sBhubdG1AspU7+zeLzYUcmy7kqJWRRgExW1mHAwWiv6yj6xuXRR2AlexUR25oysmfAJGqiD0juZSPSUC+PtPWJ2Hj5uD7YXMjQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAJlTDRQdq6KlLwOP4oXFKFtcmObRdldpZMDBQFEkQ0k5uZhibhBC20bbdqTEstw1dHQetG40oXfyEOnj9j9ezdlgyVPd61N4RjC1L3NUhQBEACjotOXyoJCBrMGHcCSD9ISFEvXziVzO3qCNgcMPnsafE4Z/AjDKyay6vLFBtVhfrOYBwml+o4o7Mg3lVtHfRLDe8oDaS7kgO7eKxdGLXj8FW3w+jHpxKvBZBPMGTB2d90kIE1j6a6W4bT/s3zB6ZC2Zy4x9QvOQtAfSzEaTM7oB3gDzaeLq00v+pEg0lTwPb/ppLSs6i07vPaReNolUwHSTHN8Ftodk8IcrvL4Ma9" ], + "priority" : [ "100" ] + } + }, { + "id" : "8f84eed4-58a8-4fbd-82b0-a0b9bca33994", + "name" : "aes-generated", + "providerId" : "aes-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "141ada99-1838-4ac2-bca4-43f043e068d3" ], + "secret" : [ "RimDTSMMvQ5wMwg-z9Es1A" ], + "priority" : [ "100" ] + } + }, { + "id" : "b3629f23-b53b-4569-8e34-8389026625d9", + "name" : "hmac-generated", + "providerId" : "hmac-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "05576c0c-44f9-4e8e-983c-74886f088b72" ], + "secret" : [ "16j1rt1KfBKwTfGSz7O7uQxxUwiVCPrPUaqJTrvxIEC5wv4VrLn1AHa8V4Qls5FXTu7PQuEBgqiJ2CQgEtSvFg" ], + "priority" : [ "100" ], + "algorithm" : [ "HS256" ] + } + } ] + }, + "internationalizationEnabled" : false, + "supportedLocales" : [ ], + "authenticationFlows" : [ { + "id" : "4edc4705-e344-464f-92fa-83f46488611b", + "alias" : "Account verification options", + "description" : "Method with which to verity the existing account", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-email-verification", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "flowAlias" : "Verify Existing Account by Re-authentication", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "11dd3173-bfef-44c4-ba5e-20f7ca5e3639", + "alias" : "Authentication Options", + "description" : "Authentication options.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "basic-auth", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "basic-auth-otp", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "auth-spnego", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 30, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "ae2727ba-9552-4681-80b3-65061d5970c1", + "alias" : "Browser - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "auth-otp-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "a846e3ef-4d0e-430c-8a2f-bd02f4621289", + "alias" : "Direct Grant - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "direct-grant-validate-otp", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "3dc28228-ee05-4ce9-93e6-34993e4cf4b6", + "alias" : "First broker login - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "auth-otp-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "05cdb92c-9380-4ce3-af12-54a9f7ae9727", + "alias" : "Handle Existing Account", + "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-confirm-link", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "flowAlias" : "Account verification options", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "021eaf83-5c19-4b6b-8663-e4e1e36b300f", + "alias" : "Reset - Conditional OTP", + "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "reset-otp", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "7dc2a195-7faf-49bb-b65c-4b8c8c80be22", + "alias" : "User creation or linking", + "description" : "Flow for the existing/non-existing user alternatives", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "create unique user config", + "authenticator" : "idp-create-user-if-unique", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "flowAlias" : "Handle Existing Account", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "9a1c471e-cbc6-4e08-8b3c-262abe4ee384", + "alias" : "Verify Existing Account by Re-authentication", + "description" : "Reauthentication of existing account", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-username-password-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 20, + "flowAlias" : "First broker login - Conditional OTP", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "e2c79404-68b7-42cd-8e09-a7b0e7cb8ba9", + "alias" : "browser", + "description" : "browser based authentication", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-cookie", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "auth-spnego", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "identity-provider-redirector", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 25, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 30, + "flowAlias" : "forms", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "4ba570b8-17e5-4126-89fb-418e33e8d351", + "alias" : "clients", + "description" : "Base authentication for clients", + "providerId" : "client-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "client-secret", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "client-jwt", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "client-secret-jwt", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 30, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "client-x509", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 40, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "5fbbb8da-a0df-406c-94be-43dc440481bb", + "alias" : "direct grant", + "description" : "OpenID Connect Resource Owner Grant", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "direct-grant-validate-username", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "direct-grant-validate-password", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 30, + "flowAlias" : "Direct Grant - Conditional OTP", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "e232b954-67ee-4b63-bb9a-ab895dd45bc6", + "alias" : "docker auth", + "description" : "Used by Docker clients to authenticate against the IDP", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "docker-http-basic-authenticator", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "b04acbee-1c50-44e2-a57e-f1a42a318f06", + "alias" : "first broker login", + "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "review profile config", + "authenticator" : "idp-review-profile", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "flowAlias" : "User creation or linking", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "a023905a-8891-450e-b3a2-fb714db373d2", + "alias" : "forms", + "description" : "Username, password, otp and other auth forms.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-username-password-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 20, + "flowAlias" : "Browser - Conditional OTP", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "4bfc38d8-3c72-4be7-9147-f83712b7fd6e", + "alias" : "http challenge", + "description" : "An authentication flow based on challenge-response HTTP Authentication Schemes", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "no-cookie-redirect", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "flowAlias" : "Authentication Options", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "7daa2e7a-c5e0-4107-a0c3-3448a2e41162", + "alias" : "registration", + "description" : "registration flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-page-form", + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 10, + "flowAlias" : "registration form", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "1142f2e4-39e5-4e9e-89c7-ff9d216bcc4c", + "alias" : "registration form", + "description" : "registration form", + "providerId" : "form-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-user-creation", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "registration-profile-action", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 40, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "registration-password-action", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 50, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "registration-recaptcha-action", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 60, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "1494a9d1-d670-421d-8001-9a6e5ef2f945", + "alias" : "reset credentials", + "description" : "Reset credentials for a user if they forgot their password or something", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "reset-credentials-choose-user", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "reset-credential-email", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "reset-password", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 30, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 40, + "flowAlias" : "Reset - Conditional OTP", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "ca8a12fa-cd6b-41fb-9168-553086f65f46", + "alias" : "saml ecp", + "description" : "SAML ECP Profile Authentication Flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "http-basic-authenticator", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + } ], + "authenticatorConfig" : [ { + "id" : "03eef6d1-8e53-4019-b99c-20b58a9ad2c7", + "alias" : "create unique user config", + "config" : { + "require.password.update.after.registration" : "false" + } + }, { + "id" : "7af38b7c-9029-4456-9688-4656798d5a4c", + "alias" : "review profile config", + "config" : { + "update.profile.on.first.login" : "missing" } + } ], + "requiredActions" : [ { + "alias" : "CONFIGURE_TOTP", + "name" : "Configure OTP", + "providerId" : "CONFIGURE_TOTP", + "enabled" : true, + "defaultAction" : false, + "priority" : 10, + "config" : { } + }, { + "alias" : "terms_and_conditions", + "name" : "Terms and Conditions", + "providerId" : "terms_and_conditions", + "enabled" : false, + "defaultAction" : false, + "priority" : 20, + "config" : { } + }, { + "alias" : "UPDATE_PASSWORD", + "name" : "Update Password", + "providerId" : "UPDATE_PASSWORD", + "enabled" : true, + "defaultAction" : false, + "priority" : 30, + "config" : { } + }, { + "alias" : "UPDATE_PROFILE", + "name" : "Update Profile", + "providerId" : "UPDATE_PROFILE", + "enabled" : true, + "defaultAction" : false, + "priority" : 40, + "config" : { } + }, { + "alias" : "VERIFY_EMAIL", + "name" : "Verify Email", + "providerId" : "VERIFY_EMAIL", + "enabled" : true, + "defaultAction" : false, + "priority" : 50, + "config" : { } + }, { + "alias" : "delete_account", + "name" : "Delete Account", + "providerId" : "delete_account", + "enabled" : false, + "defaultAction" : false, + "priority" : 60, + "config" : { } + }, { + "alias" : "update_user_locale", + "name" : "Update User Locale", + "providerId" : "update_user_locale", + "enabled" : true, + "defaultAction" : false, + "priority" : 1000, + "config" : { } + } ], + "browserFlow" : "browser", + "registrationFlow" : "registration", + "directGrantFlow" : "direct grant", + "resetCredentialsFlow" : "reset credentials", + "clientAuthenticationFlow" : "clients", + "dockerAuthenticationFlow" : "docker auth", + "attributes" : { + "cibaBackchannelTokenDeliveryMode" : "poll", + "cibaExpiresIn" : "120", + "cibaAuthRequestedUserHint" : "login_hint", + "oauth2DeviceCodeLifespan" : "600", + "clientOfflineSessionMaxLifespan" : "0", + "oauth2DevicePollingInterval" : "5", + "clientSessionIdleTimeout" : "0", + "clientSessionMaxLifespan" : "0", + "clientOfflineSessionIdleTimeout" : "0", + "cibaInterval" : "5" + }, + "keycloakVersion" : "14.0.0", + "userManagedAccessAllowed" : false, + "clientProfiles" : { + "profiles" : [ ] + }, + "clientPolicies" : { + "policies" : [ ] } -] +} From d5de1adb1bdef9ac9b520043fb04dbfcc19cf5eb Mon Sep 17 00:00:00 2001 From: Lazar Bulic Date: Tue, 25 Mar 2025 01:26:39 +0100 Subject: [PATCH 3/3] Cleaned client authentication process via client assertion --- .../vertx/ext/auth/oauth2/OAuth2Options.java | 15 +++-------- .../vertx/ext/auth/oauth2/impl/OAuth2API.java | 25 +++++++++++-------- .../oauth2/impl/OAuth2AuthProviderImpl.java | 3 +++ 3 files changed, 21 insertions(+), 22 deletions(-) diff --git a/vertx-auth-oauth2/src/main/java/io/vertx/ext/auth/oauth2/OAuth2Options.java b/vertx-auth-oauth2/src/main/java/io/vertx/ext/auth/oauth2/OAuth2Options.java index b7d94a0c4..1a331899e 100644 --- a/vertx-auth-oauth2/src/main/java/io/vertx/ext/auth/oauth2/OAuth2Options.java +++ b/vertx-auth-oauth2/src/main/java/io/vertx/ext/auth/oauth2/OAuth2Options.java @@ -296,6 +296,7 @@ public String getClientAssertionType() { public OAuth2Options setClientAssertionType(String clientAssertionType) { this.clientAssertionType = clientAssertionType; + this.useBasicAuthorization = false; return this; } @@ -623,29 +624,19 @@ public void validate() throws IllegalStateException { case AUTH_CODE: case AUTH_JWT: case AAD_OBO: - if (clientAssertion == null && clientAssertionType == null) { + if (clientAssertionType == null) { // not using client assertions if (clientId == null) { throw new IllegalStateException("Configuration missing. You need to specify [clientId]"); } - } else { - if (clientAssertion == null || clientAssertionType == null) { - throw new IllegalStateException( - "Configuration missing. You need to specify [clientAssertion] AND [clientAssertionType]"); - } } break; case PASSWORD: - if (clientAssertion == null && clientAssertionType == null) { + if (clientAssertionType == null) { // not using client assertions if (clientId == null) { LOG.debug("If you are using Client Oauth2 Resource Owner flow. You need to specify [clientId]"); } - } else { - if (clientAssertion == null || clientAssertionType == null) { - throw new IllegalStateException( - "Configuration missing. You need to specify [clientAssertion] AND [clientAssertionType]"); - } } break; } diff --git a/vertx-auth-oauth2/src/main/java/io/vertx/ext/auth/oauth2/impl/OAuth2API.java b/vertx-auth-oauth2/src/main/java/io/vertx/ext/auth/oauth2/impl/OAuth2API.java index f1d10a396..868727f3b 100644 --- a/vertx-auth-oauth2/src/main/java/io/vertx/ext/auth/oauth2/impl/OAuth2API.java +++ b/vertx-auth-oauth2/src/main/java/io/vertx/ext/auth/oauth2/impl/OAuth2API.java @@ -402,7 +402,8 @@ public Future userInfo(String accessToken, JWT jwt) { } private boolean clientAuthentication(JsonObject headers, JsonObject form) { - final boolean confidentialClient = config.getClientId() != null && config.getClientSecret() != null; + final boolean confidentialClient = config.getClientId() != null && + (config.getClientSecret() != null || config.getClientAssertionType() != null); if (confidentialClient) { if (config.isUseBasicAuthorization()) { @@ -410,20 +411,24 @@ private boolean clientAuthentication(JsonObject headers, JsonObject form) { headers.put("Authorization", "Basic " + base64Encode(basic.getBytes(StandardCharsets.UTF_8))); } else { form.put("client_id", config.getClientId()); - form.put("client_secret", config.getClientSecret()); + + if (config.getClientAssertionType() != null) { + form.put("client_assertion_type", config.getClientAssertionType()); + if (form.getString("client_assertion") == null) { + if (config.getClientAssertion() != null) { + form.put("client_assertion", config.getClientAssertion()); + } else { + throw new RuntimeException(String.format("Can not authenticate client, client_assertion_type is set to %s but client_assertion is not configured", config.getClientAssertionType())); + } + } + } else { + form.put("client_secret", config.getClientSecret()); + } } } else { if (config.getClientId() != null) { form.put("client_id", config.getClientId()); } - if (config.getClientAssertionType() != null) { - form - .put("client_assertion_type", config.getClientAssertionType()); - } - if (config.getClientAssertion() != null) { - form - .put("client_assertion", config.getClientAssertion()); - } } return confidentialClient; diff --git a/vertx-auth-oauth2/src/main/java/io/vertx/ext/auth/oauth2/impl/OAuth2AuthProviderImpl.java b/vertx-auth-oauth2/src/main/java/io/vertx/ext/auth/oauth2/impl/OAuth2AuthProviderImpl.java index 9df27164a..b00fd090d 100644 --- a/vertx-auth-oauth2/src/main/java/io/vertx/ext/auth/oauth2/impl/OAuth2AuthProviderImpl.java +++ b/vertx-auth-oauth2/src/main/java/io/vertx/ext/auth/oauth2/impl/OAuth2AuthProviderImpl.java @@ -368,6 +368,9 @@ public Future authenticate(Credentials credentials) { if (oauth2Credentials.getCodeVerifier() != null) { params.put("code_verifier", oauth2Credentials.getCodeVerifier()); } + if (oauth2Credentials.getAssertion() != null) { + params.put("client_assertion", oauth2Credentials.getAssertion()); + } break; case PASSWORD: