This is an automated email from the ASF dual-hosted git repository.
brusdev pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/activemq-artemis.git
The following commit(s) were added to refs/heads/main by this push:
new 7810a9d686 ARTEMIS-4179 Fix security-keycloak log errors
7810a9d686 is described below
commit 7810a9d6862a26abfca26db985b1e2380235982a
Author: Domenico Francesco Bruscino <[email protected]>
AuthorDate: Sun Feb 26 06:56:31 2023 +0100
ARTEMIS-4179 Fix security-keycloak log errors
---
.../jms/example/KeycloakSecurityExample.java | 19 +-
.../resources/artemis-keycloak-demo-realm.json | 1296 ++++++++++++--------
2 files changed, 795 insertions(+), 520 deletions(-)
diff --git
a/examples/features/standard/security-keycloak/src/main/java/org/apache/activemq/artemis/jms/example/KeycloakSecurityExample.java
b/examples/features/standard/security-keycloak/src/main/java/org/apache/activemq/artemis/jms/example/KeycloakSecurityExample.java
index 36ac0afe9c..2fef778f10 100644
---
a/examples/features/standard/security-keycloak/src/main/java/org/apache/activemq/artemis/jms/example/KeycloakSecurityExample.java
+++
b/examples/features/standard/security-keycloak/src/main/java/org/apache/activemq/artemis/jms/example/KeycloakSecurityExample.java
@@ -25,18 +25,35 @@ import javax.jms.Session;
import javax.jms.Queue;
import javax.naming.InitialContext;
+import java.net.HttpURLConnection;
+import java.net.URL;
import java.util.concurrent.TimeUnit;
+import org.apache.activemq.artemis.utils.Waiter;
+
public class KeycloakSecurityExample {
public static void main(final String[] args) throws Exception {
- boolean result = true;
Connection connection = null;
InitialContext initialContext = null;
try {
+ // Step 0. Wait for artemis-keycloak-demo
+ Waiter.waitFor(() -> {
+ int responseCode = 0;
+ try {
+ URL url = new
URL("http://localhost:8080/realms/artemis-keycloak-demo/.well-known/openid-configuration";);
+ HttpURLConnection con = (HttpURLConnection)
url.openConnection();
+ responseCode = con.getResponseCode();
+ con.disconnect();
+ } catch (Exception expectedTillInfraStarted) {
+ System.out.println("---- expected error on startup till
artemis-keycloak-demo starts: " + expectedTillInfraStarted + ", retry in 5s");
+ }
+ return responseCode == 200;
+ }, TimeUnit.SECONDS, 30, TimeUnit.SECONDS, 5);
+
// Step 1. Create an initial context to perform the JNDI lookup.
initialContext = new InitialContext();
diff --git
a/examples/features/standard/security-keycloak/src/main/resources/artemis-keycloak-demo-realm.json
b/examples/features/standard/security-keycloak/src/main/resources/artemis-keycloak-demo-realm.json
index d7b9ca1f8c..c0a04f5ff9 100644
---
a/examples/features/standard/security-keycloak/src/main/resources/artemis-keycloak-demo-realm.json
+++
b/examples/features/standard/security-keycloak/src/main/resources/artemis-keycloak-demo-realm.json
@@ -2,6 +2,7 @@
"id" : "artemis-keycloak-demo",
"realm" : "artemis-keycloak-demo",
"notBefore" : 0,
+ "defaultSignatureAlgorithm" : "RS256",
"revokeRefreshToken" : false,
"refreshTokenMaxReuse" : 0,
"accessTokenLifespan" : 300,
@@ -22,6 +23,8 @@
"accessCodeLifespanLogin" : 1800,
"actionTokenGeneratedByAdminLifespan" : 43200,
"actionTokenGeneratedByUserLifespan" : 300,
+ "oauth2DeviceCodeLifespan" : 600,
+ "oauth2DevicePollingInterval" : 5,
"enabled" : true,
"sslRequired" : "external",
"registrationAllowed" : false,
@@ -57,6 +60,22 @@
"clientRole" : false,
"containerId" : "artemis-keycloak-demo",
"attributes" : { }
+ }, {
+ "id" : "c9f774ad-de13-4727-b2f4-07db4e51be6d",
+ "name" : "default-roles-artemis-keycloak-demo",
+ "description" : "${role_default-roles}",
+ "composite" : true,
+ "composites" : {
+ "realm" : [ "offline_access", "uma_authorization" ],
+ "client" : {
+ "artemis-broker" : [ "guest" ],
+ "artemis-console" : [ "guest" ],
+ "account" : [ "manage-account", "view-profile" ]
+ }
+ },
+ "clientRole" : false,
+ "containerId" : "artemis-keycloak-demo",
+ "attributes" : { }
} ],
"client" : {
"realm-management" : [ {
@@ -315,6 +334,14 @@
"clientRole" : true,
"containerId" : "f4fade80-b020-4a8f-8ec0-a20dd83b75d5",
"attributes" : { }
+ }, {
+ "id" : "946657c4-1c88-43a8-b72e-e2f6333d822c",
+ "name" : "view-groups",
+ "description" : "${role_view-groups}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "f4fade80-b020-4a8f-8ec0-a20dd83b75d5",
+ "attributes" : { }
}, {
"id" : "858adc6d-4951-4b20-9a2b-d6e2e96ff844",
"name" : "manage-consent",
@@ -332,7 +359,14 @@
}
},
"groups" : [ ],
- "defaultRoles" : [ "offline_access", "uma_authorization" ],
+ "defaultRole" : {
+ "id" : "c9f774ad-de13-4727-b2f4-07db4e51be6d",
+ "name" : "default-roles-artemis-keycloak-demo",
+ "description" : "${role_default-roles}",
+ "composite" : true,
+ "clientRole" : false,
+ "containerId" : "artemis-keycloak-demo"
+ },
"requiredCredentials" : [ "password" ],
"otpPolicyType" : "totp",
"otpPolicyAlgorithm" : "HmacSHA1",
@@ -340,7 +374,8 @@
"otpPolicyDigits" : 6,
"otpPolicyLookAheadWindow" : 1,
"otpPolicyPeriod" : 30,
- "otpSupportedApplications" : [ "FreeOTP", "Google Authenticator" ],
+ "otpPolicyCodeReusable" : false,
+ "otpSupportedApplications" : [ "totpAppMicrosoftAuthenticatorName",
"totpAppFreeOTPName", "totpAppGoogleName" ],
"webAuthnPolicyRpEntityName" : "keycloak",
"webAuthnPolicySignatureAlgorithms" : [ "ES256" ],
"webAuthnPolicyRpId" : "",
@@ -400,7 +435,7 @@
"id" : "c19263d2-c2fc-4cf0-b539-92478b8b6c86",
"type" : "password",
"createdDate" : 1615203229695,
- "secretData" :
"{\"value\":\"rzNO+t2+yVp1y5p8bVeLY5o/0mZjqVqmeKRVnsTUwkOVPld3UnTkdBYDvD9zUtO7zpelwJNK46yoN1hQUDLESw==\",\"salt\":\"5+8HEGa5IDebJ5MxqRD+/A==\",\"additionalParameters\":{}}",
+ "secretData" :
"{\"value\":\"KMO2OT3x4Qjh8FVeQckagXfg1DuktazFPLnPU1loEfg=\",\"salt\":\"cGjYhYoChS9e5hEw+5WuLw==\",\"additionalParameters\":{}}",
"credentialData" :
"{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
} ],
"disableableCredentialTypes" : [ ],
@@ -417,7 +452,7 @@
"clientScopeMappings" : {
"account" : [ {
"client" : "account-console",
- "roles" : [ "manage-account" ]
+ "roles" : [ "manage-account", "view-groups" ]
} ]
},
"clients" : [ {
@@ -431,7 +466,6 @@
"alwaysDisplayInConsole" : false,
"clientAuthenticatorType" : "client-secret",
"secret" : "**********",
- "defaultRoles" : [ "manage-account", "view-profile" ],
"redirectUris" : [ "/realms/artemis-keycloak-demo/account/*" ],
"webOrigins" : [ ],
"notBefore" : 0,
@@ -444,11 +478,13 @@
"publicClient" : false,
"frontchannelLogout" : false,
"protocol" : "openid-connect",
- "attributes" : { },
+ "attributes" : {
+ "post.logout.redirect.uris" : "+"
+ },
"authenticationFlowBindingOverrides" : { },
"fullScopeAllowed" : false,
"nodeReRegistrationTimeout" : 0,
- "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles",
"email" ],
+ "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ],
"optionalClientScopes" : [ "address", "phone", "offline_access",
"microprofile-jwt" ]
}, {
"id" : "f44cbfb0-8969-4dd7-b7b0-9a9a548ac5dd",
@@ -474,6 +510,7 @@
"frontchannelLogout" : false,
"protocol" : "openid-connect",
"attributes" : {
+ "post.logout.redirect.uris" : "+",
"pkce.code.challenge.method" : "S256"
},
"authenticationFlowBindingOverrides" : { },
@@ -487,7 +524,7 @@
"consentRequired" : false,
"config" : { }
} ],
- "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles",
"email" ],
+ "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ],
"optionalClientScopes" : [ "address", "phone", "offline_access",
"microprofile-jwt" ]
}, {
"id" : "258eebbd-ff72-4d93-bd26-1f63e1b8853c",
@@ -510,11 +547,13 @@
"publicClient" : true,
"frontchannelLogout" : false,
"protocol" : "openid-connect",
- "attributes" : { },
+ "attributes" : {
+ "post.logout.redirect.uris" : "+"
+ },
"authenticationFlowBindingOverrides" : { },
"fullScopeAllowed" : false,
"nodeReRegistrationTimeout" : 0,
- "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles",
"email" ],
+ "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ],
"optionalClientScopes" : [ "address", "phone", "offline_access",
"microprofile-jwt" ]
}, {
"id" : "6874f01b-9f64-4f52-bd76-1cf0f66e4d7e",
@@ -524,7 +563,6 @@
"alwaysDisplayInConsole" : false,
"clientAuthenticatorType" : "client-secret",
"secret" : "9699685c-8a30-45cf-bf19-0d38bbac5fdc",
- "defaultRoles" : [ "guest" ],
"redirectUris" : [ ],
"webOrigins" : [ ],
"notBefore" : 0,
@@ -542,6 +580,7 @@
"saml.force.post.binding" : "false",
"saml.multivalued.roles" : "false",
"saml.encrypt" : "false",
+ "post.logout.redirect.uris" : "+",
"backchannel.logout.revoke.offline.tokens" : "false",
"saml.server.signature" : "false",
"saml.server.signature.keyinfo.ext" : "false",
@@ -558,7 +597,7 @@
"authenticationFlowBindingOverrides" : { },
"fullScopeAllowed" : true,
"nodeReRegistrationTimeout" : -1,
- "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles",
"email" ],
+ "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ],
"optionalClientScopes" : [ "address", "phone", "offline_access",
"microprofile-jwt" ]
}, {
"id" : "75f83af0-f4f8-4a25-b6e5-bd331a3306c2",
@@ -569,7 +608,6 @@
"alwaysDisplayInConsole" : false,
"clientAuthenticatorType" : "client-secret",
"secret" : "**********",
- "defaultRoles" : [ "guest" ],
"redirectUris" : [ "http://localhost:8161/console/*"; ],
"webOrigins" : [ "+" ],
"notBefore" : 0,
@@ -587,6 +625,7 @@
"saml.force.post.binding" : "false",
"saml.multivalued.roles" : "false",
"saml.encrypt" : "false",
+ "post.logout.redirect.uris" : "+",
"backchannel.logout.revoke.offline.tokens" : "false",
"saml.server.signature" : "false",
"saml.server.signature.keyinfo.ext" : "false",
@@ -603,7 +642,7 @@
"authenticationFlowBindingOverrides" : { },
"fullScopeAllowed" : true,
"nodeReRegistrationTimeout" : -1,
- "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles",
"email" ],
+ "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ],
"optionalClientScopes" : [ "address", "phone", "offline_access",
"microprofile-jwt" ]
}, {
"id" : "faa915cf-c333-4211-b0e6-8d910143f440",
@@ -626,11 +665,13 @@
"publicClient" : false,
"frontchannelLogout" : false,
"protocol" : "openid-connect",
- "attributes" : { },
+ "attributes" : {
+ "post.logout.redirect.uris" : "+"
+ },
"authenticationFlowBindingOverrides" : { },
"fullScopeAllowed" : false,
"nodeReRegistrationTimeout" : 0,
- "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles",
"email" ],
+ "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ],
"optionalClientScopes" : [ "address", "phone", "offline_access",
"microprofile-jwt" ]
}, {
"id" : "8058e1ae-b137-4fc9-aec4-1a066723c146",
@@ -653,11 +694,13 @@
"publicClient" : false,
"frontchannelLogout" : false,
"protocol" : "openid-connect",
- "attributes" : { },
+ "attributes" : {
+ "post.logout.redirect.uris" : "+"
+ },
"authenticationFlowBindingOverrides" : { },
"fullScopeAllowed" : false,
"nodeReRegistrationTimeout" : 0,
- "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles",
"email" ],
+ "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ],
"optionalClientScopes" : [ "address", "phone", "offline_access",
"microprofile-jwt" ]
}, {
"id" : "c1d70871-976d-4bcf-940f-2d9bd1c84d78",
@@ -683,6 +726,7 @@
"frontchannelLogout" : false,
"protocol" : "openid-connect",
"attributes" : {
+ "post.logout.redirect.uris" : "+",
"pkce.code.challenge.method" : "S256"
},
"authenticationFlowBindingOverrides" : { },
@@ -703,38 +747,10 @@
"jsonType.label" : "String"
}
} ],
- "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles",
"email" ],
+ "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ],
"optionalClientScopes" : [ "address", "phone", "offline_access",
"microprofile-jwt" ]
} ],
"clientScopes" : [ {
- "id" : "740f094b-5d61-4590-a606-321af4d38628",
- "name" : "address",
- "description" : "OpenID Connect built-in scope: address",
- "protocol" : "openid-connect",
- "attributes" : {
- "include.in.token.scope" : "true",
- "display.on.consent.screen" : "true",
- "consent.screen.text" : "${addressScopeConsentText}"
- },
- "protocolMappers" : [ {
- "id" : "3dc49dd4-fff1-42bd-9c59-842c1abba650",
- "name" : "address",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-address-mapper",
- "consentRequired" : false,
- "config" : {
- "user.attribute.formatted" : "formatted",
- "user.attribute.country" : "country",
- "user.attribute.postal_code" : "postal_code",
- "userinfo.token.claim" : "true",
- "user.attribute.street" : "street",
- "id.token.claim" : "true",
- "user.attribute.region" : "region",
- "access.token.claim" : "true",
- "user.attribute.locality" : "locality"
- }
- } ]
- }, {
"id" : "40eb9ce1-0b52-4bce-88cb-2a7b78e48f2b",
"name" : "email",
"description" : "OpenID Connect built-in scope: email",
@@ -773,54 +789,6 @@
"jsonType.label" : "String"
}
} ]
- }, {
- "id" : "912850d8-6d0e-4b4f-b68b-1b2c7b377ac7",
- "name" : "microprofile-jwt",
- "description" : "Microprofile - JWT built-in scope",
- "protocol" : "openid-connect",
- "attributes" : {
- "include.in.token.scope" : "true",
- "display.on.consent.screen" : "false"
- },
- "protocolMappers" : [ {
- "id" : "46e28353-6e20-46b0-b4df-5339522e5612",
- "name" : "upn",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
- "consentRequired" : false,
- "config" : {
- "userinfo.token.claim" : "true",
- "user.attribute" : "username",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "upn",
- "jsonType.label" : "String"
- }
- }, {
- "id" : "2c833b5a-8f08-46bd-b017-29a6483031c9",
- "name" : "groups",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-realm-role-mapper",
- "consentRequired" : false,
- "config" : {
- "multivalued" : "true",
- "userinfo.token.claim" : "true",
- "user.attribute" : "foo",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "groups",
- "jsonType.label" : "String"
- }
- } ]
- }, {
- "id" : "9eb9e8f4-7a40-4b90-ad2d-7b1e6fdcdb5c",
- "name" : "offline_access",
- "description" : "OpenID Connect built-in scope: offline_access",
- "protocol" : "openid-connect",
- "attributes" : {
- "consent.screen.text" : "${offlineAccessScopeConsentText}",
- "display.on.consent.screen" : "true"
- }
}, {
"id" : "7a0fdcf8-abaa-4ecb-827b-b3d05a303cf3",
"name" : "phone",
@@ -860,6 +828,34 @@
"jsonType.label" : "boolean"
}
} ]
+ }, {
+ "id" : "740f094b-5d61-4590-a606-321af4d38628",
+ "name" : "address",
+ "description" : "OpenID Connect built-in scope: address",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "true",
+ "consent.screen.text" : "${addressScopeConsentText}"
+ },
+ "protocolMappers" : [ {
+ "id" : "3dc49dd4-fff1-42bd-9c59-842c1abba650",
+ "name" : "address",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-address-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "user.attribute.formatted" : "formatted",
+ "user.attribute.country" : "country",
+ "user.attribute.postal_code" : "postal_code",
+ "userinfo.token.claim" : "true",
+ "user.attribute.street" : "street",
+ "id.token.claim" : "true",
+ "user.attribute.region" : "region",
+ "access.token.claim" : "true",
+ "user.attribute.locality" : "locality"
+ }
+ } ]
}, {
"id" : "7b2d5b88-9c68-4c55-9c03-1c3e53ec9b52",
"name" : "profile",
@@ -1064,6 +1060,24 @@
"jsonType.label" : "String"
}
} ]
+ }, {
+ "id" : "322674b4-1e3c-4941-b482-1bf593cfaff8",
+ "name" : "web-origins",
+ "description" : "OpenID Connect scope for add allowed web origins to the
access token",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "false",
+ "display.on.consent.screen" : "false",
+ "consent.screen.text" : ""
+ },
+ "protocolMappers" : [ {
+ "id" : "42eac5b2-f1b1-4f1b-bdaf-98b26ddb0545",
+ "name" : "allowed web origins",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-allowed-origins-mapper",
+ "consentRequired" : false,
+ "config" : { }
+ } ]
}, {
"id" : "458ca4d1-7a8f-4c49-b92e-e59eb2a385c1",
"name" : "role_list",
@@ -1085,6 +1099,74 @@
"attribute.name" : "Role"
}
} ]
+ }, {
+ "id" : "0fec63da-7f89-456d-ae3d-76eef8d9428f",
+ "name" : "acr",
+ "description" : "OpenID Connect scope for add acr (authentication context
class reference) to the token",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "false",
+ "display.on.consent.screen" : "false"
+ },
+ "protocolMappers" : [ {
+ "id" : "ddb6f869-75c3-4fd1-9bc1-ebac5a473075",
+ "name" : "acr loa level",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-acr-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "id.token.claim" : "true",
+ "access.token.claim" : "true"
+ }
+ } ]
+ }, {
+ "id" : "912850d8-6d0e-4b4f-b68b-1b2c7b377ac7",
+ "name" : "microprofile-jwt",
+ "description" : "Microprofile - JWT built-in scope",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "false"
+ },
+ "protocolMappers" : [ {
+ "id" : "46e28353-6e20-46b0-b4df-5339522e5612",
+ "name" : "upn",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "username",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "upn",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "2c833b5a-8f08-46bd-b017-29a6483031c9",
+ "name" : "groups",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-realm-role-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "multivalued" : "true",
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "foo",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "groups",
+ "jsonType.label" : "String"
+ }
+ } ]
+ }, {
+ "id" : "9eb9e8f4-7a40-4b90-ad2d-7b1e6fdcdb5c",
+ "name" : "offline_access",
+ "description" : "OpenID Connect built-in scope: offline_access",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "consent.screen.text" : "${offlineAccessScopeConsentText}",
+ "display.on.consent.screen" : "true"
+ }
}, {
"id" : "da5fd7af-acd4-4e69-b6ac-292109b1ed24",
"name" : "roles",
@@ -1129,26 +1211,8 @@
"multivalued" : "true"
}
} ]
- }, {
- "id" : "322674b4-1e3c-4941-b482-1bf593cfaff8",
- "name" : "web-origins",
- "description" : "OpenID Connect scope for add allowed web origins to the
access token",
- "protocol" : "openid-connect",
- "attributes" : {
- "include.in.token.scope" : "false",
- "display.on.consent.screen" : "false",
- "consent.screen.text" : ""
- },
- "protocolMappers" : [ {
- "id" : "42eac5b2-f1b1-4f1b-bdaf-98b26ddb0545",
- "name" : "allowed web origins",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-allowed-origins-mapper",
- "consentRequired" : false,
- "config" : { }
- } ]
} ],
- "defaultDefaultClientScopes" : [ "role_list", "profile", "email", "roles",
"web-origins" ],
+ "defaultDefaultClientScopes" : [ "role_list", "profile", "email", "roles",
"web-origins", "acr" ],
"defaultOptionalClientScopes" : [ "offline_access", "address", "phone",
"microprofile-jwt" ],
"browserSecurityHeaders" : {
"contentSecurityPolicyReportOnly" : "",
@@ -1200,7 +1264,7 @@
"subType" : "authenticated",
"subComponents" : { },
"config" : {
- "allowed-protocol-mapper-types" : [ "oidc-sha256-pairwise-sub-mapper",
"saml-user-attribute-mapper", "oidc-usermodel-attribute-mapper",
"oidc-usermodel-property-mapper", "saml-user-property-mapper",
"oidc-full-name-mapper", "saml-role-list-mapper", "oidc-address-mapper" ]
+ "allowed-protocol-mapper-types" : [ "oidc-usermodel-attribute-mapper",
"oidc-sha256-pairwise-sub-mapper", "saml-user-attribute-mapper",
"oidc-full-name-mapper", "saml-role-list-mapper",
"oidc-usermodel-property-mapper", "oidc-address-mapper",
"saml-user-property-mapper" ]
}
}, {
"id" : "83883c14-513b-4757-a565-715f6d23d166",
@@ -1235,7 +1299,7 @@
"subType" : "anonymous",
"subComponents" : { },
"config" : {
- "allowed-protocol-mapper-types" : [ "oidc-full-name-mapper",
"saml-role-list-mapper", "oidc-usermodel-property-mapper",
"oidc-sha256-pairwise-sub-mapper", "oidc-address-mapper",
"saml-user-property-mapper", "oidc-usermodel-attribute-mapper",
"saml-user-attribute-mapper" ]
+ "allowed-protocol-mapper-types" : [ "oidc-address-mapper",
"oidc-full-name-mapper", "saml-user-attribute-mapper",
"saml-user-property-mapper", "oidc-sha256-pairwise-sub-mapper",
"saml-role-list-mapper", "oidc-usermodel-property-mapper",
"oidc-usermodel-attribute-mapper" ]
}
} ],
"org.keycloak.keys.KeyProvider" : [ {
@@ -1274,7 +1338,7 @@
"internationalizationEnabled" : false,
"supportedLocales" : [ ],
"authenticationFlows" : [ {
- "id" : "b3fc0281-a54f-41bd-b744-d06f38496f90",
+ "id" : "202ab63c-93b3-4b11-a9d7-58130a624c5f",
"alias" : "Account verification options",
"description" : "Method with which to verity the existing account",
"providerId" : "basic-flow",
@@ -1282,19 +1346,21 @@
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "idp-email-verification",
+ "authenticatorFlow" : false,
"requirement" : "ALTERNATIVE",
"priority" : 10,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
}, {
+ "authenticatorFlow" : true,
"requirement" : "ALTERNATIVE",
"priority" : 20,
+ "autheticatorFlow" : true,
"flowAlias" : "Verify Existing Account by Re-authentication",
- "userSetupAllowed" : false,
- "autheticatorFlow" : true
+ "userSetupAllowed" : false
} ]
}, {
- "id" : "90489d0b-d9d7-450b-a3ea-b0d70ce7ff36",
+ "id" : "d1107d3e-cb25-4d68-b672-623cf76e2a89",
"alias" : "Authentication Options",
"description" : "Authentication options.",
"providerId" : "basic-flow",
@@ -1302,25 +1368,28 @@
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "basic-auth",
+ "authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 10,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
}, {
"authenticator" : "basic-auth-otp",
+ "authenticatorFlow" : false,
"requirement" : "DISABLED",
"priority" : 20,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
}, {
"authenticator" : "auth-spnego",
+ "authenticatorFlow" : false,
"requirement" : "DISABLED",
"priority" : 30,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
} ]
}, {
- "id" : "8b42cb4d-a64d-410b-bba8-eb2f4f57d913",
+ "id" : "17d991e5-ecf1-49b1-a176-c9485b049efd",
"alias" : "Browser - Conditional OTP",
"description" : "Flow to determine if the OTP is required for the
authentication",
"providerId" : "basic-flow",
@@ -1328,19 +1397,21 @@
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "conditional-user-configured",
+ "authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 10,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
}, {
"authenticator" : "auth-otp-form",
+ "authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 20,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
} ]
}, {
- "id" : "88cfb2b3-eb8e-4160-8685-1e7daa552889",
+ "id" : "2be43b4b-111b-400c-9ad5-c918c53a7a53",
"alias" : "Direct Grant - Conditional OTP",
"description" : "Flow to determine if the OTP is required for the
authentication",
"providerId" : "basic-flow",
@@ -1348,19 +1419,21 @@
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "conditional-user-configured",
+ "authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 10,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
}, {
"authenticator" : "direct-grant-validate-otp",
+ "authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 20,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
} ]
}, {
- "id" : "af29d994-3b0e-4df0-8105-f4a25d48fae8",
+ "id" : "faf143c0-978e-49c1-a454-c3cd2d8e93fe",
"alias" : "First broker login - Conditional OTP",
"description" : "Flow to determine if the OTP is required for the
authentication",
"providerId" : "basic-flow",
@@ -1368,19 +1441,21 @@
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "conditional-user-configured",
+ "authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 10,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
}, {
"authenticator" : "auth-otp-form",
+ "authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 20,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
} ]
}, {
- "id" : "606ab046-8762-481e-8936-3e06ac1272cb",
+ "id" : "1fcff348-d9aa-4c6e-8238-047dad0c3a52",
"alias" : "Handle Existing Account",
"description" : "Handle what to do if there is existing account with same
email/username like authenticated identity provider",
"providerId" : "basic-flow",
@@ -1388,19 +1463,21 @@
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "idp-confirm-link",
+ "authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 10,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
}, {
+ "authenticatorFlow" : true,
"requirement" : "REQUIRED",
"priority" : 20,
+ "autheticatorFlow" : true,
"flowAlias" : "Account verification options",
- "userSetupAllowed" : false,
- "autheticatorFlow" : true
+ "userSetupAllowed" : false
} ]
}, {
- "id" : "799a2cec-a354-472f-ab97-cd1fd36b7841",
+ "id" : "2853067d-3960-483a-9d6b-05d88fc8317c",
"alias" : "Reset - Conditional OTP",
"description" : "Flow to determine if the OTP should be reset or not. Set
to REQUIRED to force.",
"providerId" : "basic-flow",
@@ -1408,19 +1485,21 @@
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "conditional-user-configured",
+ "authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 10,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
}, {
"authenticator" : "reset-otp",
+ "authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 20,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
} ]
}, {
- "id" : "1b5bb69b-34a5-43c8-8b5f-21822222aadd",
+ "id" : "b380fbf7-be74-459b-accc-47ac0b9c7091",
"alias" : "User creation or linking",
"description" : "Flow for the existing/non-existing user alternatives",
"providerId" : "basic-flow",
@@ -1429,19 +1508,21 @@
"authenticationExecutions" : [ {
"authenticatorConfig" : "create unique user config",
"authenticator" : "idp-create-user-if-unique",
+ "authenticatorFlow" : false,
"requirement" : "ALTERNATIVE",
"priority" : 10,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
}, {
+ "authenticatorFlow" : true,
"requirement" : "ALTERNATIVE",
"priority" : 20,
+ "autheticatorFlow" : true,
"flowAlias" : "Handle Existing Account",
- "userSetupAllowed" : false,
- "autheticatorFlow" : true
+ "userSetupAllowed" : false
} ]
}, {
- "id" : "8facb553-2771-49b0-b170-46037de5e566",
+ "id" : "def098f6-f65c-4adc-ae58-e01b1218333d",
"alias" : "Verify Existing Account by Re-authentication",
"description" : "Reauthentication of existing account",
"providerId" : "basic-flow",
@@ -1449,19 +1530,21 @@
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "idp-username-password-form",
+ "authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 10,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
}, {
+ "authenticatorFlow" : true,
"requirement" : "CONDITIONAL",
"priority" : 20,
+ "autheticatorFlow" : true,
"flowAlias" : "First broker login - Conditional OTP",
- "userSetupAllowed" : false,
- "autheticatorFlow" : true
+ "userSetupAllowed" : false
} ]
}, {
- "id" : "baae710a-592a-40ec-b44a-2be2918c3236",
+ "id" : "2f776c1b-3704-4fa5-a41a-0dfa6bb6ca39",
"alias" : "browser",
"description" : "browser based authentication",
"providerId" : "basic-flow",
@@ -1469,31 +1552,35 @@
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "auth-cookie",
+ "authenticatorFlow" : false,
"requirement" : "ALTERNATIVE",
"priority" : 10,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
}, {
"authenticator" : "auth-spnego",
+ "authenticatorFlow" : false,
"requirement" : "DISABLED",
"priority" : 20,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
}, {
"authenticator" : "identity-provider-redirector",
+ "authenticatorFlow" : false,
"requirement" : "ALTERNATIVE",
"priority" : 25,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
}, {
+ "authenticatorFlow" : true,
"requirement" : "ALTERNATIVE",
"priority" : 30,
+ "autheticatorFlow" : true,
"flowAlias" : "forms",
- "userSetupAllowed" : false,
- "autheticatorFlow" : true
+ "userSetupAllowed" : false
} ]
}, {
- "id" : "d1f2484b-9939-4a90-8540-eb53d941b44d",
+ "id" : "c26e6180-18b0-493e-b202-bdd347e108e7",
"alias" : "clients",
"description" : "Base authentication for clients",
"providerId" : "client-flow",
@@ -1501,31 +1588,35 @@
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "client-secret",
+ "authenticatorFlow" : false,
"requirement" : "ALTERNATIVE",
"priority" : 10,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
}, {
"authenticator" : "client-jwt",
+ "authenticatorFlow" : false,
"requirement" : "ALTERNATIVE",
"priority" : 20,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
}, {
"authenticator" : "client-secret-jwt",
+ "authenticatorFlow" : false,
"requirement" : "ALTERNATIVE",
"priority" : 30,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
}, {
"authenticator" : "client-x509",
+ "authenticatorFlow" : false,
"requirement" : "ALTERNATIVE",
"priority" : 40,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
} ]
}, {
- "id" : "d14461b0-cf44-4d35-97d5-889db738be83",
+ "id" : "ecb65f66-6ba1-4f5e-9299-40dcc8c37ebf",
"alias" : "direct grant",
"description" : "OpenID Connect Resource Owner Grant",
"providerId" : "basic-flow",
@@ -1533,25 +1624,28 @@
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "direct-grant-validate-username",
+ "authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 10,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
}, {
"authenticator" : "direct-grant-validate-password",
+ "authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 20,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
}, {
+ "authenticatorFlow" : true,
"requirement" : "CONDITIONAL",
"priority" : 30,
+ "autheticatorFlow" : true,
"flowAlias" : "Direct Grant - Conditional OTP",
- "userSetupAllowed" : false,
- "autheticatorFlow" : true
+ "userSetupAllowed" : false
} ]
}, {
- "id" : "44ac2d4b-7194-4661-8060-de9c0339c891",
+ "id" : "6fc3966f-77d1-4eea-a2cb-6fb46af47deb",
"alias" : "docker auth",
"description" : "Used by Docker clients to authenticate against the IDP",
"providerId" : "basic-flow",
@@ -1559,13 +1653,14 @@
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "docker-http-basic-authenticator",
+ "authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 10,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
} ]
}, {
- "id" : "28233fd4-c562-4c88-bf54-ad17aff4148d",
+ "id" : "36ac9643-6493-49e6-9841-7f43fcfba50e",
"alias" : "first broker login",
"description" : "Actions taken after first broker login with identity
provider account, which is not yet linked to any Keycloak account",
"providerId" : "basic-flow",
@@ -1574,19 +1669,21 @@
"authenticationExecutions" : [ {
"authenticatorConfig" : "review profile config",
"authenticator" : "idp-review-profile",
+ "authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 10,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
}, {
+ "authenticatorFlow" : true,
"requirement" : "REQUIRED",
"priority" : 20,
+ "autheticatorFlow" : true,
"flowAlias" : "User creation or linking",
- "userSetupAllowed" : false,
- "autheticatorFlow" : true
+ "userSetupAllowed" : false
} ]
}, {
- "id" : "54f0795e-23c5-4cc9-87d7-45b57215cce4",
+ "id" : "98e32cc2-58ce-4c9a-8d16-d93e1a62cc30",
"alias" : "forms",
"description" : "Username, password, otp and other auth forms.",
"providerId" : "basic-flow",
@@ -1594,19 +1691,21 @@
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "auth-username-password-form",
+ "authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 10,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
}, {
+ "authenticatorFlow" : true,
"requirement" : "CONDITIONAL",
"priority" : 20,
+ "autheticatorFlow" : true,
"flowAlias" : "Browser - Conditional OTP",
- "userSetupAllowed" : false,
- "autheticatorFlow" : true
+ "userSetupAllowed" : false
} ]
}, {
- "id" : "afd9b09a-015c-4f44-bd67-a23608e42215",
+ "id" : "90d40a53-c761-409b-8cf8-5c47a2127ca3",
"alias" : "http challenge",
"description" : "An authentication flow based on challenge-response HTTP
Authentication Schemes",
"providerId" : "basic-flow",
@@ -1614,19 +1713,21 @@
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "no-cookie-redirect",
+ "authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 10,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
}, {
+ "authenticatorFlow" : true,
"requirement" : "REQUIRED",
"priority" : 20,
+ "autheticatorFlow" : true,
"flowAlias" : "Authentication Options",
- "userSetupAllowed" : false,
- "autheticatorFlow" : true
+ "userSetupAllowed" : false
} ]
}, {
- "id" : "5d5ab8ab-bf87-48f9-9d4b-35cc43c12763",
+ "id" : "5ed32f7b-0ef6-4132-8ad4-ab5717cdcc32",
"alias" : "registration",
"description" : "registration flow",
"providerId" : "basic-flow",
@@ -1634,14 +1735,15 @@
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "registration-page-form",
+ "authenticatorFlow" : true,
"requirement" : "REQUIRED",
"priority" : 10,
+ "autheticatorFlow" : true,
"flowAlias" : "registration form",
- "userSetupAllowed" : false,
- "autheticatorFlow" : true
+ "userSetupAllowed" : false
} ]
}, {
- "id" : "de771f55-0d04-4bcd-b586-bfa234e09b8b",
+ "id" : "69cb8a4a-9066-479d-8a44-248896c00293",
"alias" : "registration form",
"description" : "registration form",
"providerId" : "form-flow",
@@ -1649,31 +1751,35 @@
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "registration-user-creation",
+ "authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 20,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
}, {
"authenticator" : "registration-profile-action",
+ "authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 40,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
}, {
"authenticator" : "registration-password-action",
+ "authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 50,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
}, {
"authenticator" : "registration-recaptcha-action",
+ "authenticatorFlow" : false,
"requirement" : "DISABLED",
"priority" : 60,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
} ]
}, {
- "id" : "06d7f08e-ee5a-472d-98e0-f6d49d6bdbbe",
+ "id" : "d71d79e5-9443-427d-9157-c38e5dd6e2ac",
"alias" : "reset credentials",
"description" : "Reset credentials for a user if they forgot their
password or something",
"providerId" : "basic-flow",
@@ -1681,31 +1787,35 @@
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "reset-credentials-choose-user",
+ "authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 10,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
}, {
"authenticator" : "reset-credential-email",
+ "authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 20,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
}, {
"authenticator" : "reset-password",
+ "authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 30,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
}, {
+ "authenticatorFlow" : true,
"requirement" : "CONDITIONAL",
"priority" : 40,
+ "autheticatorFlow" : true,
"flowAlias" : "Reset - Conditional OTP",
- "userSetupAllowed" : false,
- "autheticatorFlow" : true
+ "userSetupAllowed" : false
} ]
}, {
- "id" : "e42b5356-bd45-47c9-998f-d64b82424d5c",
+ "id" : "f02d25cd-3d25-41b4-b167-09e05518e7dd",
"alias" : "saml ecp",
"description" : "SAML ECP Profile Authentication Flow",
"providerId" : "basic-flow",
@@ -1713,20 +1823,21 @@
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "http-basic-authenticator",
+ "authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 10,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
} ]
} ],
"authenticatorConfig" : [ {
- "id" : "bdf530ec-e51b-4c7b-9c85-7fd856d0acc8",
+ "id" : "3f77deec-7736-41e1-945c-b4d8b6a5e0c6",
"alias" : "create unique user config",
"config" : {
"require.password.update.after.registration" : "false"
}
}, {
- "id" : "936a360d-981a-4c1b-be9a-c81991a843f3",
+ "id" : "65b65c22-9324-4b67-b8bd-fcdf6a989b27",
"alias" : "review profile config",
"config" : {
"update.profile.on.first.login" : "missing"
@@ -1796,19 +1907,34 @@
"clientAuthenticationFlow" : "clients",
"dockerAuthenticationFlow" : "docker auth",
"attributes" : {
+ "cibaBackchannelTokenDeliveryMode" : "poll",
+ "cibaExpiresIn" : "120",
+ "cibaAuthRequestedUserHint" : "login_hint",
+ "oauth2DeviceCodeLifespan" : "600",
"clientOfflineSessionMaxLifespan" : "0",
+ "oauth2DevicePollingInterval" : "5",
"clientSessionIdleTimeout" : "0",
+ "parRequestUriLifespan" : "60",
"clientSessionMaxLifespan" : "0",
- "clientOfflineSessionIdleTimeout" : "0"
+ "clientOfflineSessionIdleTimeout" : "0",
+ "cibaInterval" : "5",
+ "realmReusableOtpCode" : "false"
},
- "keycloakVersion" : "12.0.3",
- "userManagedAccessAllowed" : false
+ "keycloakVersion" : "21.0.0",
+ "userManagedAccessAllowed" : false,
+ "clientProfiles" : {
+ "profiles" : [ ]
+ },
+ "clientPolicies" : {
+ "policies" : [ ]
+ }
}, {
"id" : "master",
"realm" : "master",
"displayName" : "Keycloak",
"displayNameHtml" : "<div
class=\"kc-logo-text\"><span>Keycloak</span></div>",
"notBefore" : 0,
+ "defaultSignatureAlgorithm" : "RS256",
"revokeRefreshToken" : false,
"refreshTokenMaxReuse" : 0,
"accessTokenLifespan" : 60,
@@ -1829,6 +1955,8 @@
"accessCodeLifespanLogin" : 1800,
"actionTokenGeneratedByAdminLifespan" : 43200,
"actionTokenGeneratedByUserLifespan" : 300,
+ "oauth2DeviceCodeLifespan" : 600,
+ "oauth2DevicePollingInterval" : 5,
"enabled" : true,
"sslRequired" : "external",
"registrationAllowed" : false,
@@ -1887,6 +2015,20 @@
"clientRole" : false,
"containerId" : "master",
"attributes" : { }
+ }, {
+ "id" : "2b9dcd6f-de2c-4fe9-8c2b-0945e99c27b4",
+ "name" : "default-roles-master",
+ "description" : "${role_default-roles}",
+ "composite" : true,
+ "composites" : {
+ "realm" : [ "offline_access", "uma_authorization" ],
+ "client" : {
+ "account" : [ "view-profile", "manage-account" ]
+ }
+ },
+ "clientRole" : false,
+ "containerId" : "master",
+ "attributes" : { }
} ],
"client" : {
"artemis-keycloak-demo-realm" : [ {
@@ -2248,6 +2390,14 @@
"clientRole" : true,
"containerId" : "01870061-242b-4b31-9ce1-42e586acda3e",
"attributes" : { }
+ }, {
+ "id" : "7104a7de-b829-4758-99c3-8c1dab748bed",
+ "name" : "view-groups",
+ "description" : "${role_view-groups}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "01870061-242b-4b31-9ce1-42e586acda3e",
+ "attributes" : { }
}, {
"id" : "fa876b15-3a0c-43f0-9df6-cc71da962c12",
"name" : "view-applications",
@@ -2281,7 +2431,14 @@
}
},
"groups" : [ ],
- "defaultRoles" : [ "uma_authorization", "offline_access" ],
+ "defaultRole" : {
+ "id" : "2b9dcd6f-de2c-4fe9-8c2b-0945e99c27b4",
+ "name" : "default-roles-master",
+ "description" : "${role_default-roles}",
+ "composite" : true,
+ "clientRole" : false,
+ "containerId" : "master"
+ },
"requiredCredentials" : [ "password" ],
"otpPolicyType" : "totp",
"otpPolicyAlgorithm" : "HmacSHA1",
@@ -2289,7 +2446,8 @@
"otpPolicyDigits" : 6,
"otpPolicyLookAheadWindow" : 1,
"otpPolicyPeriod" : 30,
- "otpSupportedApplications" : [ "FreeOTP", "Google Authenticator" ],
+ "otpPolicyCodeReusable" : false,
+ "otpSupportedApplications" : [ "totpAppMicrosoftAuthenticatorName",
"totpAppFreeOTPName", "totpAppGoogleName" ],
"webAuthnPolicyRpEntityName" : "keycloak",
"webAuthnPolicySignatureAlgorithms" : [ "ES256" ],
"webAuthnPolicyRpId" : "",
@@ -2340,7 +2498,7 @@
"clientScopeMappings" : {
"account" : [ {
"client" : "account-console",
- "roles" : [ "manage-account" ]
+ "roles" : [ "manage-account", "view-groups" ]
} ]
},
"clients" : [ {
@@ -2354,7 +2512,6 @@
"alwaysDisplayInConsole" : false,
"clientAuthenticatorType" : "client-secret",
"secret" : "dd4e0fbc-8d02-40d8-8c1e-6ee71f9baf89",
- "defaultRoles" : [ "view-profile", "manage-account" ],
"redirectUris" : [ "/realms/master/account/*" ],
"webOrigins" : [ ],
"notBefore" : 0,
@@ -2367,11 +2524,13 @@
"publicClient" : false,
"frontchannelLogout" : false,
"protocol" : "openid-connect",
- "attributes" : { },
+ "attributes" : {
+ "post.logout.redirect.uris" : "+"
+ },
"authenticationFlowBindingOverrides" : { },
"fullScopeAllowed" : false,
"nodeReRegistrationTimeout" : 0,
- "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles",
"email" ],
+ "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ],
"optionalClientScopes" : [ "address", "phone", "offline_access",
"microprofile-jwt" ]
}, {
"id" : "d007d156-5b9c-444d-8841-5ec020f03dbb",
@@ -2397,6 +2556,7 @@
"frontchannelLogout" : false,
"protocol" : "openid-connect",
"attributes" : {
+ "post.logout.redirect.uris" : "+",
"pkce.code.challenge.method" : "S256"
},
"authenticationFlowBindingOverrides" : { },
@@ -2410,7 +2570,7 @@
"consentRequired" : false,
"config" : { }
} ],
- "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles",
"email" ],
+ "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ],
"optionalClientScopes" : [ "address", "phone", "offline_access",
"microprofile-jwt" ]
}, {
"id" : "9f6c3650-3994-4957-8808-b2154b8c71b5",
@@ -2433,11 +2593,13 @@
"publicClient" : true,
"frontchannelLogout" : false,
"protocol" : "openid-connect",
- "attributes" : { },
+ "attributes" : {
+ "post.logout.redirect.uris" : "+"
+ },
"authenticationFlowBindingOverrides" : { },
"fullScopeAllowed" : false,
"nodeReRegistrationTimeout" : 0,
- "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles",
"email" ],
+ "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ],
"optionalClientScopes" : [ "address", "phone", "offline_access",
"microprofile-jwt" ]
}, {
"id" : "6f7c1789-8d4c-4b8f-a01c-efcca754204b",
@@ -2459,11 +2621,14 @@
"serviceAccountsEnabled" : false,
"publicClient" : false,
"frontchannelLogout" : false,
- "attributes" : { },
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "post.logout.redirect.uris" : "+"
+ },
"authenticationFlowBindingOverrides" : { },
"fullScopeAllowed" : true,
"nodeReRegistrationTimeout" : 0,
- "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles",
"email" ],
+ "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ],
"optionalClientScopes" : [ "address", "phone", "offline_access",
"microprofile-jwt" ]
}, {
"id" : "ab7b25e3-cafe-4e28-bb86-0a5aa8336748",
@@ -2486,11 +2651,13 @@
"publicClient" : false,
"frontchannelLogout" : false,
"protocol" : "openid-connect",
- "attributes" : { },
+ "attributes" : {
+ "post.logout.redirect.uris" : "+"
+ },
"authenticationFlowBindingOverrides" : { },
"fullScopeAllowed" : false,
"nodeReRegistrationTimeout" : 0,
- "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles",
"email" ],
+ "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ],
"optionalClientScopes" : [ "address", "phone", "offline_access",
"microprofile-jwt" ]
}, {
"id" : "59dbb061-956f-49f5-922e-19660f29c608",
@@ -2512,11 +2679,14 @@
"serviceAccountsEnabled" : false,
"publicClient" : false,
"frontchannelLogout" : false,
- "attributes" : { },
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "post.logout.redirect.uris" : "+"
+ },
"authenticationFlowBindingOverrides" : { },
"fullScopeAllowed" : true,
"nodeReRegistrationTimeout" : 0,
- "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles",
"email" ],
+ "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ],
"optionalClientScopes" : [ "address", "phone", "offline_access",
"microprofile-jwt" ]
}, {
"id" : "b4bba21a-4347-4625-8bda-567003ac2fe8",
@@ -2542,6 +2712,7 @@
"frontchannelLogout" : false,
"protocol" : "openid-connect",
"attributes" : {
+ "post.logout.redirect.uris" : "+",
"pkce.code.challenge.method" : "S256"
},
"authenticationFlowBindingOverrides" : { },
@@ -2562,113 +2733,26 @@
"jsonType.label" : "String"
}
} ],
- "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles",
"email" ],
+ "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ],
"optionalClientScopes" : [ "address", "phone", "offline_access",
"microprofile-jwt" ]
} ],
"clientScopes" : [ {
- "id" : "0b32b7ca-77c7-439c-a488-50b210c99356",
- "name" : "address",
- "description" : "OpenID Connect built-in scope: address",
- "protocol" : "openid-connect",
- "attributes" : {
- "include.in.token.scope" : "true",
- "display.on.consent.screen" : "true",
- "consent.screen.text" : "${addressScopeConsentText}"
- },
- "protocolMappers" : [ {
- "id" : "3fae9891-8756-4e6c-87e5-1aed666fdc63",
- "name" : "address",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-address-mapper",
- "consentRequired" : false,
- "config" : {
- "user.attribute.formatted" : "formatted",
- "user.attribute.country" : "country",
- "user.attribute.postal_code" : "postal_code",
- "userinfo.token.claim" : "true",
- "user.attribute.street" : "street",
- "id.token.claim" : "true",
- "user.attribute.region" : "region",
- "access.token.claim" : "true",
- "user.attribute.locality" : "locality"
- }
- } ]
- }, {
- "id" : "d9ee8146-9f43-4f32-be94-537e594edeee",
- "name" : "email",
- "description" : "OpenID Connect built-in scope: email",
- "protocol" : "openid-connect",
- "attributes" : {
- "include.in.token.scope" : "true",
- "display.on.consent.screen" : "true",
- "consent.screen.text" : "${emailScopeConsentText}"
- },
- "protocolMappers" : [ {
- "id" : "b73f8051-c286-4eef-9da7-fbdca988a267",
- "name" : "email",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
- "consentRequired" : false,
- "config" : {
- "userinfo.token.claim" : "true",
- "user.attribute" : "email",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "email",
- "jsonType.label" : "String"
- }
- }, {
- "id" : "d494b4a5-3f95-4ad8-85fb-6ab14c2aba98",
- "name" : "email verified",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
- "consentRequired" : false,
- "config" : {
- "userinfo.token.claim" : "true",
- "user.attribute" : "emailVerified",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "email_verified",
- "jsonType.label" : "boolean"
- }
- } ]
- }, {
- "id" : "73d67ab8-8c2a-4877-bfab-e3f92ea70fc0",
- "name" : "microprofile-jwt",
- "description" : "Microprofile - JWT built-in scope",
+ "id" : "959f7373-6350-4428-8b35-d0d5e85697ac",
+ "name" : "web-origins",
+ "description" : "OpenID Connect scope for add allowed web origins to the
access token",
"protocol" : "openid-connect",
"attributes" : {
- "include.in.token.scope" : "true",
- "display.on.consent.screen" : "false"
+ "include.in.token.scope" : "false",
+ "display.on.consent.screen" : "false",
+ "consent.screen.text" : ""
},
"protocolMappers" : [ {
- "id" : "caab6c80-219e-49a7-b261-623c9dfc39b3",
- "name" : "upn",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
- "consentRequired" : false,
- "config" : {
- "userinfo.token.claim" : "true",
- "user.attribute" : "username",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "upn",
- "jsonType.label" : "String"
- }
- }, {
- "id" : "2657b7c8-acf5-4a00-8f91-e4481e1a2ef9",
- "name" : "groups",
+ "id" : "50e19422-294d-4b66-963d-999d90695a49",
+ "name" : "allowed web origins",
"protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-realm-role-mapper",
+ "protocolMapper" : "oidc-allowed-origins-mapper",
"consentRequired" : false,
- "config" : {
- "multivalued" : "true",
- "user.attribute" : "foo",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "groups",
- "jsonType.label" : "String"
- }
+ "config" : { }
} ]
}, {
"id" : "1b1ec0af-50de-4805-b92e-8517f8ae1ce2",
@@ -2679,45 +2763,6 @@
"consent.screen.text" : "${offlineAccessScopeConsentText}",
"display.on.consent.screen" : "true"
}
- }, {
- "id" : "c0a3fa2d-cbfd-4aed-b784-b2f1d0082e3c",
- "name" : "phone",
- "description" : "OpenID Connect built-in scope: phone",
- "protocol" : "openid-connect",
- "attributes" : {
- "include.in.token.scope" : "true",
- "display.on.consent.screen" : "true",
- "consent.screen.text" : "${phoneScopeConsentText}"
- },
- "protocolMappers" : [ {
- "id" : "22bc4dae-8f6f-4f6b-9c89-122caf10d2d6",
- "name" : "phone number verified",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-attribute-mapper",
- "consentRequired" : false,
- "config" : {
- "userinfo.token.claim" : "true",
- "user.attribute" : "phoneNumberVerified",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "phone_number_verified",
- "jsonType.label" : "boolean"
- }
- }, {
- "id" : "c25dbd18-e59d-4e4a-a7df-7ee7dfe1508b",
- "name" : "phone number",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-attribute-mapper",
- "consentRequired" : false,
- "config" : {
- "userinfo.token.claim" : "true",
- "user.attribute" : "phoneNumber",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "phone_number",
- "jsonType.label" : "String"
- }
- } ]
}, {
"id" : "ab056ba3-d42c-4344-bc44-b7b9f8923882",
"name" : "profile",
@@ -2922,6 +2967,45 @@
"jsonType.label" : "String"
}
} ]
+ }, {
+ "id" : "c0a3fa2d-cbfd-4aed-b784-b2f1d0082e3c",
+ "name" : "phone",
+ "description" : "OpenID Connect built-in scope: phone",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "true",
+ "consent.screen.text" : "${phoneScopeConsentText}"
+ },
+ "protocolMappers" : [ {
+ "id" : "22bc4dae-8f6f-4f6b-9c89-122caf10d2d6",
+ "name" : "phone number verified",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "phoneNumberVerified",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "phone_number_verified",
+ "jsonType.label" : "boolean"
+ }
+ }, {
+ "id" : "c25dbd18-e59d-4e4a-a7df-7ee7dfe1508b",
+ "name" : "phone number",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "phoneNumber",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "phone_number",
+ "jsonType.label" : "String"
+ }
+ } ]
}, {
"id" : "2d955805-8c91-4862-a799-9a35f18c121a",
"name" : "role_list",
@@ -2943,6 +3027,73 @@
"attribute.name" : "Role"
}
} ]
+ }, {
+ "id" : "d9ee8146-9f43-4f32-be94-537e594edeee",
+ "name" : "email",
+ "description" : "OpenID Connect built-in scope: email",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "true",
+ "consent.screen.text" : "${emailScopeConsentText}"
+ },
+ "protocolMappers" : [ {
+ "id" : "b73f8051-c286-4eef-9da7-fbdca988a267",
+ "name" : "email",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "email",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "email",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "d494b4a5-3f95-4ad8-85fb-6ab14c2aba98",
+ "name" : "email verified",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "emailVerified",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "email_verified",
+ "jsonType.label" : "boolean"
+ }
+ } ]
+ }, {
+ "id" : "0b32b7ca-77c7-439c-a488-50b210c99356",
+ "name" : "address",
+ "description" : "OpenID Connect built-in scope: address",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "true",
+ "consent.screen.text" : "${addressScopeConsentText}"
+ },
+ "protocolMappers" : [ {
+ "id" : "3fae9891-8756-4e6c-87e5-1aed666fdc63",
+ "name" : "address",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-address-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "user.attribute.formatted" : "formatted",
+ "user.attribute.country" : "country",
+ "user.attribute.postal_code" : "postal_code",
+ "userinfo.token.claim" : "true",
+ "user.attribute.street" : "street",
+ "id.token.claim" : "true",
+ "user.attribute.region" : "region",
+ "access.token.claim" : "true",
+ "user.attribute.locality" : "locality"
+ }
+ } ]
}, {
"id" : "c6bf08bb-081c-4d9a-9fb1-2fc97bcf37f9",
"name" : "roles",
@@ -2988,33 +3139,74 @@
}
} ]
}, {
- "id" : "959f7373-6350-4428-8b35-d0d5e85697ac",
- "name" : "web-origins",
- "description" : "OpenID Connect scope for add allowed web origins to the
access token",
+ "id" : "73d67ab8-8c2a-4877-bfab-e3f92ea70fc0",
+ "name" : "microprofile-jwt",
+ "description" : "Microprofile - JWT built-in scope",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "false"
+ },
+ "protocolMappers" : [ {
+ "id" : "caab6c80-219e-49a7-b261-623c9dfc39b3",
+ "name" : "upn",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "username",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "upn",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "2657b7c8-acf5-4a00-8f91-e4481e1a2ef9",
+ "name" : "groups",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-realm-role-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "multivalued" : "true",
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "foo",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "groups",
+ "jsonType.label" : "String"
+ }
+ } ]
+ }, {
+ "id" : "1e255b41-327e-4797-9a19-0806078a2469",
+ "name" : "acr",
+ "description" : "OpenID Connect scope for add acr (authentication context
class reference) to the token",
"protocol" : "openid-connect",
"attributes" : {
"include.in.token.scope" : "false",
- "display.on.consent.screen" : "false",
- "consent.screen.text" : ""
+ "display.on.consent.screen" : "false"
},
"protocolMappers" : [ {
- "id" : "50e19422-294d-4b66-963d-999d90695a49",
- "name" : "allowed web origins",
+ "id" : "fadc519b-db6f-488c-8df2-7c310b69d581",
+ "name" : "acr loa level",
"protocol" : "openid-connect",
- "protocolMapper" : "oidc-allowed-origins-mapper",
+ "protocolMapper" : "oidc-acr-mapper",
"consentRequired" : false,
- "config" : { }
+ "config" : {
+ "id.token.claim" : "true",
+ "access.token.claim" : "true"
+ }
} ]
} ],
- "defaultDefaultClientScopes" : [ "role_list", "profile", "email", "roles",
"web-origins" ],
+ "defaultDefaultClientScopes" : [ "role_list", "profile", "email", "roles",
"web-origins", "acr" ],
"defaultOptionalClientScopes" : [ "offline_access", "address", "phone",
"microprofile-jwt" ],
"browserSecurityHeaders" : {
"contentSecurityPolicyReportOnly" : "",
"xContentTypeOptions" : "nosniff",
"xRobotsTag" : "none",
"xFrameOptions" : "SAMEORIGIN",
- "xXSSProtection" : "1; mode=block",
"contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self';
object-src 'none';",
+ "xXSSProtection" : "1; mode=block",
"strictTransportSecurity" : "max-age=31536000; includeSubDomains"
},
"smtpServer" : { },
@@ -3051,7 +3243,7 @@
"subType" : "authenticated",
"subComponents" : { },
"config" : {
- "allowed-protocol-mapper-types" : [ "oidc-usermodel-attribute-mapper",
"saml-user-property-mapper", "oidc-sha256-pairwise-sub-mapper",
"saml-role-list-mapper", "oidc-address-mapper", "saml-user-attribute-mapper",
"oidc-full-name-mapper", "oidc-usermodel-property-mapper" ]
+ "allowed-protocol-mapper-types" : [ "oidc-address-mapper",
"oidc-usermodel-attribute-mapper", "saml-user-attribute-mapper",
"saml-user-property-mapper", "oidc-full-name-mapper",
"oidc-usermodel-property-mapper", "saml-role-list-mapper",
"oidc-sha256-pairwise-sub-mapper" ]
}
}, {
"id" : "68af6607-ca19-4dd7-839b-705e073e218f",
@@ -3067,7 +3259,7 @@
"subType" : "anonymous",
"subComponents" : { },
"config" : {
- "allowed-protocol-mapper-types" : [ "oidc-usermodel-attribute-mapper",
"oidc-address-mapper", "oidc-sha256-pairwise-sub-mapper",
"oidc-full-name-mapper", "saml-user-attribute-mapper", "saml-role-list-mapper",
"oidc-usermodel-property-mapper", "saml-user-property-mapper" ]
+ "allowed-protocol-mapper-types" : [ "saml-user-attribute-mapper",
"oidc-address-mapper", "oidc-sha256-pairwise-sub-mapper",
"saml-role-list-mapper", "oidc-full-name-mapper",
"oidc-usermodel-property-mapper", "saml-user-property-mapper",
"oidc-usermodel-attribute-mapper" ]
}
}, {
"id" : "502222e9-8a6b-494d-95af-297ef1a02339",
@@ -3123,7 +3315,7 @@
"internationalizationEnabled" : false,
"supportedLocales" : [ ],
"authenticationFlows" : [ {
- "id" : "2feb4193-fb1c-472a-bd11-ed98747dfa0c",
+ "id" : "ec53cf3f-6bf9-4864-8c3b-d3b53a72e545",
"alias" : "Account verification options",
"description" : "Method with which to verity the existing account",
"providerId" : "basic-flow",
@@ -3131,19 +3323,21 @@
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "idp-email-verification",
+ "authenticatorFlow" : false,
"requirement" : "ALTERNATIVE",
"priority" : 10,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
}, {
+ "authenticatorFlow" : true,
"requirement" : "ALTERNATIVE",
"priority" : 20,
+ "autheticatorFlow" : true,
"flowAlias" : "Verify Existing Account by Re-authentication",
- "userSetupAllowed" : false,
- "autheticatorFlow" : true
+ "userSetupAllowed" : false
} ]
}, {
- "id" : "366c73d4-99bf-4db2-90ef-8d80829ff5a8",
+ "id" : "20078057-ea06-4868-aaca-f263414df6c6",
"alias" : "Authentication Options",
"description" : "Authentication options.",
"providerId" : "basic-flow",
@@ -3151,25 +3345,28 @@
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "basic-auth",
+ "authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 10,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
}, {
"authenticator" : "basic-auth-otp",
+ "authenticatorFlow" : false,
"requirement" : "DISABLED",
"priority" : 20,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
}, {
"authenticator" : "auth-spnego",
+ "authenticatorFlow" : false,
"requirement" : "DISABLED",
"priority" : 30,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
} ]
}, {
- "id" : "03a9b720-5c0b-4f53-aa1f-985b3788213a",
+ "id" : "a3f45098-aaf2-4a57-8756-5575ae68e699",
"alias" : "Browser - Conditional OTP",
"description" : "Flow to determine if the OTP is required for the
authentication",
"providerId" : "basic-flow",
@@ -3177,19 +3374,21 @@
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "conditional-user-configured",
+ "authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 10,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
}, {
"authenticator" : "auth-otp-form",
+ "authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 20,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
} ]
}, {
- "id" : "71786079-7567-483d-b513-4c37b8b5e1f6",
+ "id" : "7479683d-ef8f-40ad-b0e2-6d9a3a29b422",
"alias" : "Direct Grant - Conditional OTP",
"description" : "Flow to determine if the OTP is required for the
authentication",
"providerId" : "basic-flow",
@@ -3197,19 +3396,21 @@
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "conditional-user-configured",
+ "authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 10,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
}, {
"authenticator" : "direct-grant-validate-otp",
+ "authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 20,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
} ]
}, {
- "id" : "7c590f5e-5d41-43d0-a69f-6b3f55086f0a",
+ "id" : "00083072-d0ed-473c-b716-99a62bfab165",
"alias" : "First broker login - Conditional OTP",
"description" : "Flow to determine if the OTP is required for the
authentication",
"providerId" : "basic-flow",
@@ -3217,19 +3418,21 @@
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "conditional-user-configured",
+ "authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 10,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
}, {
"authenticator" : "auth-otp-form",
+ "authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 20,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
} ]
}, {
- "id" : "18ea43be-bf8d-457d-a256-a857ab1cae0f",
+ "id" : "bb3fbf82-b962-41ba-aec7-b5468e3370a3",
"alias" : "Handle Existing Account",
"description" : "Handle what to do if there is existing account with same
email/username like authenticated identity provider",
"providerId" : "basic-flow",
@@ -3237,19 +3440,21 @@
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "idp-confirm-link",
+ "authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 10,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
}, {
+ "authenticatorFlow" : true,
"requirement" : "REQUIRED",
"priority" : 20,
+ "autheticatorFlow" : true,
"flowAlias" : "Account verification options",
- "userSetupAllowed" : false,
- "autheticatorFlow" : true
+ "userSetupAllowed" : false
} ]
}, {
- "id" : "895a63f7-2f2b-4f69-b1a3-5e136480b4df",
+ "id" : "49d11517-9770-47dc-afa9-a7c77ef2d938",
"alias" : "Reset - Conditional OTP",
"description" : "Flow to determine if the OTP should be reset or not. Set
to REQUIRED to force.",
"providerId" : "basic-flow",
@@ -3257,19 +3462,21 @@
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "conditional-user-configured",
+ "authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 10,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
}, {
"authenticator" : "reset-otp",
+ "authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 20,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
} ]
}, {
- "id" : "5dd8e673-fa4d-49b7-884f-a2514049afaf",
+ "id" : "13f152b3-81cb-483a-a947-a058f0c8e4ea",
"alias" : "User creation or linking",
"description" : "Flow for the existing/non-existing user alternatives",
"providerId" : "basic-flow",
@@ -3278,19 +3485,21 @@
"authenticationExecutions" : [ {
"authenticatorConfig" : "create unique user config",
"authenticator" : "idp-create-user-if-unique",
+ "authenticatorFlow" : false,
"requirement" : "ALTERNATIVE",
"priority" : 10,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
}, {
+ "authenticatorFlow" : true,
"requirement" : "ALTERNATIVE",
"priority" : 20,
+ "autheticatorFlow" : true,
"flowAlias" : "Handle Existing Account",
- "userSetupAllowed" : false,
- "autheticatorFlow" : true
+ "userSetupAllowed" : false
} ]
}, {
- "id" : "501763ae-f35f-47f1-9eac-a5ddbed60b89",
+ "id" : "5850251d-b590-4b05-9802-bde0b81d33c3",
"alias" : "Verify Existing Account by Re-authentication",
"description" : "Reauthentication of existing account",
"providerId" : "basic-flow",
@@ -3298,19 +3507,21 @@
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "idp-username-password-form",
+ "authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 10,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
}, {
+ "authenticatorFlow" : true,
"requirement" : "CONDITIONAL",
"priority" : 20,
+ "autheticatorFlow" : true,
"flowAlias" : "First broker login - Conditional OTP",
- "userSetupAllowed" : false,
- "autheticatorFlow" : true
+ "userSetupAllowed" : false
} ]
}, {
- "id" : "ef7d1a6b-c9c2-4f73-bb8a-0213ef0b0a2a",
+ "id" : "fb2043a4-6985-47f3-a996-c194f6c9e506",
"alias" : "browser",
"description" : "browser based authentication",
"providerId" : "basic-flow",
@@ -3318,31 +3529,35 @@
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "auth-cookie",
+ "authenticatorFlow" : false,
"requirement" : "ALTERNATIVE",
"priority" : 10,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
}, {
"authenticator" : "auth-spnego",
+ "authenticatorFlow" : false,
"requirement" : "DISABLED",
"priority" : 20,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
}, {
"authenticator" : "identity-provider-redirector",
+ "authenticatorFlow" : false,
"requirement" : "ALTERNATIVE",
"priority" : 25,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
}, {
+ "authenticatorFlow" : true,
"requirement" : "ALTERNATIVE",
"priority" : 30,
+ "autheticatorFlow" : true,
"flowAlias" : "forms",
- "userSetupAllowed" : false,
- "autheticatorFlow" : true
+ "userSetupAllowed" : false
} ]
}, {
- "id" : "8752635d-ddcc-46c7-a3bc-769dc507e620",
+ "id" : "65d9cbb3-ab2b-48f6-9743-8591cb7b7ada",
"alias" : "clients",
"description" : "Base authentication for clients",
"providerId" : "client-flow",
@@ -3350,31 +3565,35 @@
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "client-secret",
+ "authenticatorFlow" : false,
"requirement" : "ALTERNATIVE",
"priority" : 10,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
}, {
"authenticator" : "client-jwt",
+ "authenticatorFlow" : false,
"requirement" : "ALTERNATIVE",
"priority" : 20,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
}, {
"authenticator" : "client-secret-jwt",
+ "authenticatorFlow" : false,
"requirement" : "ALTERNATIVE",
"priority" : 30,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
}, {
"authenticator" : "client-x509",
+ "authenticatorFlow" : false,
"requirement" : "ALTERNATIVE",
"priority" : 40,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
} ]
}, {
- "id" : "8f425a62-e76e-48c8-a8ce-954aadc986f7",
+ "id" : "693be46d-26fa-4077-bdc0-6c954f15aab1",
"alias" : "direct grant",
"description" : "OpenID Connect Resource Owner Grant",
"providerId" : "basic-flow",
@@ -3382,25 +3601,28 @@
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "direct-grant-validate-username",
+ "authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 10,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
}, {
"authenticator" : "direct-grant-validate-password",
+ "authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 20,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
}, {
+ "authenticatorFlow" : true,
"requirement" : "CONDITIONAL",
"priority" : 30,
+ "autheticatorFlow" : true,
"flowAlias" : "Direct Grant - Conditional OTP",
- "userSetupAllowed" : false,
- "autheticatorFlow" : true
+ "userSetupAllowed" : false
} ]
}, {
- "id" : "edb4ef4f-5d5f-4055-b61c-fb5d4ad6a880",
+ "id" : "2e5a3d54-597c-4f63-adf4-8ba4378f293c",
"alias" : "docker auth",
"description" : "Used by Docker clients to authenticate against the IDP",
"providerId" : "basic-flow",
@@ -3408,13 +3630,14 @@
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "docker-http-basic-authenticator",
+ "authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 10,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
} ]
}, {
- "id" : "ca33f659-d4dd-49d8-b8e3-1267ef1c15a5",
+ "id" : "ab7f8c26-acd6-4943-948a-14b3b730eba4",
"alias" : "first broker login",
"description" : "Actions taken after first broker login with identity
provider account, which is not yet linked to any Keycloak account",
"providerId" : "basic-flow",
@@ -3423,19 +3646,21 @@
"authenticationExecutions" : [ {
"authenticatorConfig" : "review profile config",
"authenticator" : "idp-review-profile",
+ "authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 10,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
}, {
+ "authenticatorFlow" : true,
"requirement" : "REQUIRED",
"priority" : 20,
+ "autheticatorFlow" : true,
"flowAlias" : "User creation or linking",
- "userSetupAllowed" : false,
- "autheticatorFlow" : true
+ "userSetupAllowed" : false
} ]
}, {
- "id" : "a9731fb0-7fcd-45fc-bbbe-66bf16981e59",
+ "id" : "28d0db1d-ccb0-4f9c-a23c-fb264d4ef78d",
"alias" : "forms",
"description" : "Username, password, otp and other auth forms.",
"providerId" : "basic-flow",
@@ -3443,19 +3668,21 @@
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "auth-username-password-form",
+ "authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 10,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
}, {
+ "authenticatorFlow" : true,
"requirement" : "CONDITIONAL",
"priority" : 20,
+ "autheticatorFlow" : true,
"flowAlias" : "Browser - Conditional OTP",
- "userSetupAllowed" : false,
- "autheticatorFlow" : true
+ "userSetupAllowed" : false
} ]
}, {
- "id" : "de046637-9c0b-4e03-b7fa-4d39cd926787",
+ "id" : "d91cd2d5-9c80-437a-a26e-e4d14232a5e0",
"alias" : "http challenge",
"description" : "An authentication flow based on challenge-response HTTP
Authentication Schemes",
"providerId" : "basic-flow",
@@ -3463,19 +3690,21 @@
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "no-cookie-redirect",
+ "authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 10,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
}, {
+ "authenticatorFlow" : true,
"requirement" : "REQUIRED",
"priority" : 20,
+ "autheticatorFlow" : true,
"flowAlias" : "Authentication Options",
- "userSetupAllowed" : false,
- "autheticatorFlow" : true
+ "userSetupAllowed" : false
} ]
}, {
- "id" : "7507f444-e671-4e8e-a3df-d5414634452d",
+ "id" : "fe659681-a597-4225-8093-0a66a1c8bbb7",
"alias" : "registration",
"description" : "registration flow",
"providerId" : "basic-flow",
@@ -3483,14 +3712,15 @@
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "registration-page-form",
+ "authenticatorFlow" : true,
"requirement" : "REQUIRED",
"priority" : 10,
+ "autheticatorFlow" : true,
"flowAlias" : "registration form",
- "userSetupAllowed" : false,
- "autheticatorFlow" : true
+ "userSetupAllowed" : false
} ]
}, {
- "id" : "767b0c27-0fed-4a56-b398-ca85a9358cfa",
+ "id" : "f9b8e0b9-0530-411d-95db-d2fef37bd6c2",
"alias" : "registration form",
"description" : "registration form",
"providerId" : "form-flow",
@@ -3498,31 +3728,35 @@
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "registration-user-creation",
+ "authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 20,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
}, {
"authenticator" : "registration-profile-action",
+ "authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 40,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
}, {
"authenticator" : "registration-password-action",
+ "authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 50,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
}, {
"authenticator" : "registration-recaptcha-action",
+ "authenticatorFlow" : false,
"requirement" : "DISABLED",
"priority" : 60,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
} ]
}, {
- "id" : "02643bf6-ce97-4d66-80e3-fdc24609a709",
+ "id" : "46e4ab2c-d660-45e6-99f0-62001b73fe1a",
"alias" : "reset credentials",
"description" : "Reset credentials for a user if they forgot their
password or something",
"providerId" : "basic-flow",
@@ -3530,31 +3764,35 @@
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "reset-credentials-choose-user",
+ "authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 10,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
}, {
"authenticator" : "reset-credential-email",
+ "authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 20,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
}, {
"authenticator" : "reset-password",
+ "authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 30,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
}, {
+ "authenticatorFlow" : true,
"requirement" : "CONDITIONAL",
"priority" : 40,
+ "autheticatorFlow" : true,
"flowAlias" : "Reset - Conditional OTP",
- "userSetupAllowed" : false,
- "autheticatorFlow" : true
+ "userSetupAllowed" : false
} ]
}, {
- "id" : "c5344f6b-282f-4385-95c7-63a0e29a9bf3",
+ "id" : "1f2ce665-b5a5-4e99-a64f-b5506cc542da",
"alias" : "saml ecp",
"description" : "SAML ECP Profile Authentication Flow",
"providerId" : "basic-flow",
@@ -3562,20 +3800,21 @@
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "http-basic-authenticator",
+ "authenticatorFlow" : false,
"requirement" : "REQUIRED",
"priority" : 10,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
} ]
} ],
"authenticatorConfig" : [ {
- "id" : "c7f52758-50a8-45e5-8acf-ff8559f446b6",
+ "id" : "395afb8f-575b-45b8-a34c-23c0d3533848",
"alias" : "create unique user config",
"config" : {
"require.password.update.after.registration" : "false"
}
}, {
- "id" : "2037d5f1-7f3e-4cf6-b5b3-7c37a70d3956",
+ "id" : "efea6a5f-d66c-41e9-90fd-4aae49540245",
"alias" : "review profile config",
"config" : {
"update.profile.on.first.login" : "missing"
@@ -3644,7 +3883,26 @@
"resetCredentialsFlow" : "reset credentials",
"clientAuthenticationFlow" : "clients",
"dockerAuthenticationFlow" : "docker auth",
- "attributes" : { },
- "keycloakVersion" : "12.0.3",
- "userManagedAccessAllowed" : false
+ "attributes" : {
+ "cibaBackchannelTokenDeliveryMode" : "poll",
+ "cibaExpiresIn" : "120",
+ "cibaAuthRequestedUserHint" : "login_hint",
+ "oauth2DeviceCodeLifespan" : "600",
+ "clientOfflineSessionMaxLifespan" : "0",
+ "oauth2DevicePollingInterval" : "5",
+ "clientSessionIdleTimeout" : "0",
+ "parRequestUriLifespan" : "60",
+ "clientSessionMaxLifespan" : "0",
+ "clientOfflineSessionIdleTimeout" : "0",
+ "cibaInterval" : "5",
+ "realmReusableOtpCode" : "false"
+ },
+ "keycloakVersion" : "21.0.0",
+ "userManagedAccessAllowed" : false,
+ "clientProfiles" : {
+ "profiles" : [ ]
+ },
+ "clientPolicies" : {
+ "policies" : [ ]
+ }
} ]
\ No newline at end of file
