diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index be2627bc..4b1e78cf 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -42,6 +42,21 @@ jobs: poetry-version: ${{ matrix.poetry-version }} mint-database: ${{ matrix.mint-database }} + tests_keycloak_auth: + strategy: + fail-fast: false + matrix: + os: [ubuntu-latest] + python-version: ["3.10"] + poetry-version: ["1.8.5"] + mint-database: ["./test_data/test_mint", "postgres://cashu:cashu@localhost:5432/cashu"] + uses: ./.github/workflows/tests_keycloak_auth.yml + with: + os: ${{ matrix.os }} + python-version: ${{ matrix.python-version }} + poetry-version: ${{ matrix.poetry-version }} + mint-database: ${{ matrix.mint-database }} + regtest: uses: ./.github/workflows/regtest.yml strategy: diff --git a/.github/workflows/tests_keycloak_auth.yml b/.github/workflows/tests_keycloak_auth.yml new file mode 100644 index 00000000..8a0e45a6 --- /dev/null +++ b/.github/workflows/tests_keycloak_auth.yml @@ -0,0 +1,72 @@ +name: tests_keycloak + +on: + workflow_call: + inputs: + python-version: + default: "3.10.4" + type: string + poetry-version: + default: "1.8.5" + type: string + mint-database: + default: "" + type: string + os: + default: "ubuntu-latest" + type: string + +jobs: + poetry: + name: Run tests with Keycloak (db ${{ inputs.mint-database }}) + runs-on: ${{ inputs.os }} + steps: + - name: Checkout repository + uses: actions/checkout@v2 + + - name: Start PostgreSQL service + if: contains(inputs.mint-database, 'postgres') + run: | + docker run -d --name postgres \ + -e POSTGRES_USER=cashu \ + -e POSTGRES_PASSWORD=cashu \ + -e POSTGRES_DB=cashu \ + -p 5432:5432 postgres:16.4 + until docker exec postgres pg_isready; do sleep 1; done + + - name: Prepare environment + uses: ./.github/actions/prepare + with: + python-version: ${{ inputs.python-version }} + poetry-version: ${{ inputs.poetry-version }} + + - name: Start Keycloak with Backup + run: | + docker compose -f keycloak/docker-compose-restore.yml up -d postgres + docker compose -f keycloak/docker-compose-restore.yml up -d keycloak + until curl -s http://localhost:8080/realms/master; do sleep 1; done + + - name: Verify Keycloak Import + run: | + docker logs $(docker ps -q --filter "ancestor=quay.io/keycloak/keycloak:25.0.6") | grep "Imported" + + - name: Run tests + env: + MINT_BACKEND_BOLT11_SAT: FakeWallet + WALLET_NAME: test_wallet + MINT_HOST: localhost + MINT_PORT: 3337 + MINT_TEST_DATABASE: ${{ inputs.mint-database }} + TOR: false + MINT_REQUIRE_AUTH: TRUE + MINT_AUTH_OICD_DISCOVERY_URL: http://localhost:8080/realms/nutshell/.well-known/openid-configuration + MINT_AUTH_OICD_CLIENT_ID: cashu-client + run: | + poetry run pytest tests/test_wallet_auth.py -v --cov=mint --cov-report=xml + + - name: Stop and clean up Docker Compose + run: | + docker compose -f keycloak/docker-compose-restore.yml down + + - name: Upload coverage to Codecov + uses: codecov/codecov-action@v3 diff --git a/cashu/wallet/auth/auth.py b/cashu/wallet/auth/auth.py index 3732f4cb..a0f98fdb 100644 --- a/cashu/wallet/auth/auth.py +++ b/cashu/wallet/auth/auth.py @@ -68,7 +68,25 @@ def __init__( # overload with_db @classmethod async def with_db(cls, *args, **kwargs) -> "WalletAuth": - """Create a new wallet with a database.""" + """Create a new wallet with a database. + Keyword arguments: + url (str): Mint url. + db (str): Wallet db location. + name (str, optional): Wallet name. Defaults to "auth". + username (str, optional): OpenID username. When set, the username and + password flow will be used to authenticate. If a username is already + stored in the database, it will be used. Will be stored in the + database if not already stored. + password (str, optional): OpenID password. Used if username is set. Will + be read from the database if already stored. Will be stored in the + database if not already stored. + client_id (str, optional): OpenID client id. Defaults to "cashu-client". + client_secret (str, optional): OpenID client secret. Defaults to "". + access_token (str, optional): OpenID access token. Defaults to None. + refresh_token (str, optional): OpenID refresh token. Defaults to None. + Returns: + WalletAuth: WalletAuth instance. + """ url: str = kwargs.get("url", "") db = kwargs.get("db", "") diff --git a/cashu/wallet/auth/openid_connect/openid_client.py b/cashu/wallet/auth/openid_connect/openid_client.py index aecbfec2..0bd104e7 100644 --- a/cashu/wallet/auth/openid_connect/openid_client.py +++ b/cashu/wallet/auth/openid_connect/openid_client.py @@ -33,7 +33,7 @@ def __init__( discovery_url: str, client_id: str, client_secret: str = "", - auth_flow: AuthorizationFlow = AuthorizationFlow.DEVICE_CODE, + auth_flow: Optional[AuthorizationFlow] = None, username: Optional[str] = None, password: Optional[str] = None, access_token: Optional[str] = None, @@ -44,7 +44,7 @@ def __init__( self.discovery_url: str = discovery_url self.client_id: str = client_id self.client_secret: str = client_secret - self.auth_flow: AuthorizationFlow = auth_flow + self.auth_flow: Optional[AuthorizationFlow] = auth_flow self.username: Optional[str] = username self.password: Optional[str] = password self.access_token: Optional[str] = access_token @@ -87,6 +87,14 @@ async def determine_auth_flow(self) -> AuthorizationFlow: supported_flows = self.oidc_config.get("grant_types_supported", []) + # if self.auth_flow is already set, check if it is supported + if self.auth_flow: + if self.auth_flow.value not in supported_flows: + raise ValueError( + f"Authentication flow {self.auth_flow.value} not supported by the OIDC configuration." + ) + return self.auth_flow + if AuthorizationFlow.DEVICE_CODE.value in supported_flows: self.auth_flow = AuthorizationFlow.DEVICE_CODE elif AuthorizationFlow.AUTHORIZATION_CODE.value in supported_flows: diff --git a/keycloak/docker-compose-restore.yml b/keycloak/docker-compose-restore.yml new file mode 100644 index 00000000..31ebb782 --- /dev/null +++ b/keycloak/docker-compose-restore.yml @@ -0,0 +1,45 @@ +services: + postgres: + image: postgres:16.4 + volumes: + - ./postgres_data:/var/lib/postgresql/data + environment: + POSTGRES_DB: ${POSTGRES_DB} + POSTGRES_USER: ${POSTGRES_USER} + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} + networks: + - keycloak_network + + keycloak: + image: quay.io/keycloak/keycloak:25.0.6 + command: start --import-realm + volumes: + - ./keycloak-export:/opt/keycloak/data/import + environment: + KC_HOSTNAME: localhost + KC_HOSTNAME_PORT: 8080 + KC_HOSTNAME_STRICT_BACKCHANNEL: false + KC_HTTP_ENABLED: true + KC_HOSTNAME_STRICT_HTTPS: false + KC_HEALTH_ENABLED: true + KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN} + KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD} + KC_DB: postgres + KC_DB_URL: jdbc:postgresql://postgres/${POSTGRES_DB} + KC_DB_USERNAME: ${POSTGRES_USER} + KC_DB_PASSWORD: ${POSTGRES_PASSWORD} + ports: + - 8080:8080 + restart: always + depends_on: + - postgres + networks: + - keycloak_network + +volumes: + postgres_data: + driver: local + +networks: + keycloak_network: + driver: bridge diff --git a/keycloak/docker-compose.yml b/keycloak/docker-compose.yml index 55b33417..31ebb782 100644 --- a/keycloak/docker-compose.yml +++ b/keycloak/docker-compose.yml @@ -12,7 +12,9 @@ services: keycloak: image: quay.io/keycloak/keycloak:25.0.6 - command: start + command: start --import-realm + volumes: + - ./keycloak-export:/opt/keycloak/data/import environment: KC_HOSTNAME: localhost KC_HOSTNAME_PORT: 8080 diff --git a/keycloak/keycloak-export/master-realm.json b/keycloak/keycloak-export/master-realm.json new file mode 100644 index 00000000..7f65ff7d --- /dev/null +++ b/keycloak/keycloak-export/master-realm.json @@ -0,0 +1,2021 @@ +{ + "id" : "8956870d-d9bc-4ffd-bdec-3685db703215", + "realm" : "master", + "displayName" : "Keycloak", + "displayNameHtml" : "
Keycloak
", + "notBefore" : 0, + "defaultSignatureAlgorithm" : "RS256", + "revokeRefreshToken" : false, + "refreshTokenMaxReuse" : 0, + "accessTokenLifespan" : 60, + "accessTokenLifespanForImplicitFlow" : 900, + "ssoSessionIdleTimeout" : 1800, + "ssoSessionMaxLifespan" : 36000, + "ssoSessionIdleTimeoutRememberMe" : 0, + "ssoSessionMaxLifespanRememberMe" : 0, + "offlineSessionIdleTimeout" : 2592000, + "offlineSessionMaxLifespanEnabled" : false, + "offlineSessionMaxLifespan" : 5184000, + "clientSessionIdleTimeout" : 0, + "clientSessionMaxLifespan" : 0, + "clientOfflineSessionIdleTimeout" : 0, + "clientOfflineSessionMaxLifespan" : 0, + "accessCodeLifespan" : 60, + "accessCodeLifespanUserAction" : 300, + "accessCodeLifespanLogin" : 1800, + "actionTokenGeneratedByAdminLifespan" : 43200, + "actionTokenGeneratedByUserLifespan" : 300, + "oauth2DeviceCodeLifespan" : 600, + "oauth2DevicePollingInterval" : 5, + "enabled" : true, + "sslRequired" : "external", + "registrationAllowed" : false, + "registrationEmailAsUsername" : false, + "rememberMe" : false, + "verifyEmail" : false, + "loginWithEmailAllowed" : true, + "duplicateEmailsAllowed" : false, + "resetPasswordAllowed" : false, + "editUsernameAllowed" : false, + "bruteForceProtected" : false, + "permanentLockout" : false, + "maxTemporaryLockouts" : 0, + "maxFailureWaitSeconds" : 900, + "minimumQuickLoginWaitSeconds" : 60, + "waitIncrementSeconds" : 60, + "quickLoginCheckMilliSeconds" : 1000, + "maxDeltaTimeSeconds" : 43200, + "failureFactor" : 30, + "roles" : { + "realm" : [ { + "id" : "c3b4c96f-6388-46e3-8eb7-9392c7652612", + "name" : "default-roles-master", + "description" : "${role_default-roles}", + "composite" : true, + "composites" : { + "realm" : [ "offline_access", "uma_authorization" ], + "client" : { + "account" : [ "view-profile", "manage-account" ] + } + }, + "clientRole" : false, + "containerId" : "8956870d-d9bc-4ffd-bdec-3685db703215", + "attributes" : { } + }, { + "id" : "81f3c313-ffe4-4b9a-b95f-62210ef4cebb", + "name" : "admin", + "description" : "${role_admin}", + "composite" : true, + "composites" : { + "realm" : [ "create-realm" ], + "client" : { + "nutshell-realm" : [ "query-realms", "query-users", "view-realm", "view-authorization", "manage-realm", "manage-identity-providers", "manage-authorization", "view-identity-providers", "query-clients", "manage-clients", "create-client", "impersonation", "view-events", "manage-events", "manage-users", "view-users", "view-clients", "query-groups" ], + "master-realm" : [ "query-clients", "manage-users", "manage-identity-providers", "manage-authorization", "manage-realm", "view-identity-providers", "create-client", "view-realm", "view-authorization", "manage-events", "query-realms", "query-users", "query-groups", "manage-clients", "view-clients", "impersonation", "view-users", "view-events" ] + } + }, + "clientRole" : false, + "containerId" : "8956870d-d9bc-4ffd-bdec-3685db703215", + "attributes" : { } + }, { + "id" : "9a56b7c9-cd40-4660-8bcc-1e45636f7ef4", + "name" : "create-realm", + "description" : "${role_create-realm}", + "composite" : false, + "clientRole" : false, + "containerId" : "8956870d-d9bc-4ffd-bdec-3685db703215", + "attributes" : { } + }, { + "id" : "60e9bbf2-d65e-4e6e-adff-56abaa59bf94", + "name" : "offline_access", + "description" : "${role_offline-access}", + "composite" : false, + "clientRole" : false, + "containerId" : "8956870d-d9bc-4ffd-bdec-3685db703215", + "attributes" : { } + }, { + "id" : "c8484e33-5729-4a6a-8ae3-05673d7a68e7", + "name" : "uma_authorization", + "description" : "${role_uma_authorization}", + "composite" : false, + "clientRole" : false, + "containerId" : "8956870d-d9bc-4ffd-bdec-3685db703215", + "attributes" : { } + } ], + "client" : { + "security-admin-console" : [ ], + "admin-cli" : [ ], + "nutshell-realm" : [ { + "id" : "8b1a1634-cbf0-49ba-bd9c-9090fb581ee5", + "name" : "query-realms", + "description" : "${role_query-realms}", + "composite" : false, + "clientRole" : true, + "containerId" : "6626bbfa-68fc-46ed-8ec0-fb786ab3f2ee", + "attributes" : { } + }, { + "id" : "2dc5dfc5-c542-450d-9909-b1182734af42", + "name" : "query-users", + "description" : "${role_query-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "6626bbfa-68fc-46ed-8ec0-fb786ab3f2ee", + "attributes" : { } + }, { + "id" : "7922cd7f-584d-4058-954f-13162c968b9e", + "name" : "manage-identity-providers", + "description" : "${role_manage-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "6626bbfa-68fc-46ed-8ec0-fb786ab3f2ee", + "attributes" : { } + }, { + "id" : "ade669fc-632d-4df1-8bfb-90393c7f72d6", + "name" : "manage-authorization", + "description" : "${role_manage-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "6626bbfa-68fc-46ed-8ec0-fb786ab3f2ee", + "attributes" : { } + }, { + "id" : "084b2d03-a9bc-496f-8e1b-a36937b37f96", + "name" : "view-identity-providers", + "description" : "${role_view-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "6626bbfa-68fc-46ed-8ec0-fb786ab3f2ee", + "attributes" : { } + }, { + "id" : "62f050e7-bf89-4c29-a67f-8b5dd348314b", + "name" : "view-realm", + "description" : "${role_view-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "6626bbfa-68fc-46ed-8ec0-fb786ab3f2ee", + "attributes" : { } + }, { + "id" : "0f1c9007-80b3-4586-9f31-78cbde902ccf", + "name" : "query-clients", + "description" : "${role_query-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "6626bbfa-68fc-46ed-8ec0-fb786ab3f2ee", + "attributes" : { } + }, { + "id" : "dfafec9f-15be-493a-bd50-12f98608d2a3", + "name" : "view-authorization", + "description" : "${role_view-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "6626bbfa-68fc-46ed-8ec0-fb786ab3f2ee", + "attributes" : { } + }, { + "id" : "2f76e0d4-2ff8-49e8-a299-926bccc34621", + "name" : "manage-clients", + "description" : "${role_manage-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "6626bbfa-68fc-46ed-8ec0-fb786ab3f2ee", + "attributes" : { } + }, { + "id" : "e991ba94-d7ed-4461-891e-388cb6b77979", + "name" : "create-client", + "description" : "${role_create-client}", + "composite" : false, + "clientRole" : true, + "containerId" : "6626bbfa-68fc-46ed-8ec0-fb786ab3f2ee", + "attributes" : { } + }, { + "id" : "a7437db1-b38c-4270-b999-2e06f78b0748", + "name" : "impersonation", + "description" : "${role_impersonation}", + "composite" : false, + "clientRole" : true, + "containerId" : "6626bbfa-68fc-46ed-8ec0-fb786ab3f2ee", + "attributes" : { } + }, { + "id" : "43d4abb1-e359-4f30-9b77-2b3998abf0ce", + "name" : "manage-events", + "description" : "${role_manage-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "6626bbfa-68fc-46ed-8ec0-fb786ab3f2ee", + "attributes" : { } + }, { + "id" : "70cdddbc-61d6-4485-a308-0a01b76c69e2", + "name" : "view-events", + "description" : "${role_view-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "6626bbfa-68fc-46ed-8ec0-fb786ab3f2ee", + "attributes" : { } + }, { + "id" : "da263533-0421-453d-97d2-1c41d5759376", + "name" : "manage-realm", + "description" : "${role_manage-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "6626bbfa-68fc-46ed-8ec0-fb786ab3f2ee", + "attributes" : { } + }, { + "id" : "07549481-3edd-40ec-b0ca-e97304cff3be", + "name" : "manage-users", + "description" : "${role_manage-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "6626bbfa-68fc-46ed-8ec0-fb786ab3f2ee", + "attributes" : { } + }, { + "id" : "22759f97-5a71-437b-a315-711164eb0cdb", + "name" : "query-groups", + "description" : "${role_query-groups}", + "composite" : false, + "clientRole" : true, + "containerId" : "6626bbfa-68fc-46ed-8ec0-fb786ab3f2ee", + "attributes" : { } + }, { + "id" : "e3ae21ca-062e-4aee-b82a-9a04f6b6413d", + "name" : "view-clients", + "description" : "${role_view-clients}", + "composite" : true, + "composites" : { + "client" : { + "nutshell-realm" : [ "query-clients" ] + } + }, + "clientRole" : true, + "containerId" : "6626bbfa-68fc-46ed-8ec0-fb786ab3f2ee", + "attributes" : { } + }, { + "id" : "12453bfd-7b41-4366-a463-57be800b65b5", + "name" : "view-users", + "description" : "${role_view-users}", + "composite" : true, + "composites" : { + "client" : { + "nutshell-realm" : [ "query-users", "query-groups" ] + } + }, + "clientRole" : true, + "containerId" : "6626bbfa-68fc-46ed-8ec0-fb786ab3f2ee", + "attributes" : { } + } ], + "account-console" : [ ], + "broker" : [ { + "id" : "d288fe63-2c42-47e1-901e-6b36d660061f", + "name" : "read-token", + "description" : "${role_read-token}", + "composite" : false, + "clientRole" : true, + "containerId" : "52f64ef5-8732-4065-858e-2f2580b7ed9c", + "attributes" : { } + } ], + "master-realm" : [ { + "id" : "f117f84c-45e2-4b68-a652-617da6aa749e", + "name" : "create-client", + "description" : "${role_create-client}", + "composite" : false, + "clientRole" : true, + "containerId" : "357078bd-0421-4b14-a0b9-40c25dde5557", + "attributes" : { } + }, { + "id" : "a7974424-c166-4653-a486-5cae0713b57c", + "name" : "view-realm", + "description" : "${role_view-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "357078bd-0421-4b14-a0b9-40c25dde5557", + "attributes" : { } + }, { + "id" : "a8bbbc66-c86f-413e-a0d9-e3035d9bd317", + "name" : "view-authorization", + "description" : "${role_view-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "357078bd-0421-4b14-a0b9-40c25dde5557", + "attributes" : { } + }, { + "id" : "252481be-b124-4cea-875d-b2431eb73429", + "name" : "manage-events", + "description" : "${role_manage-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "357078bd-0421-4b14-a0b9-40c25dde5557", + "attributes" : { } + }, { + "id" : "35d31078-8b0a-482b-b3f9-f8929aa56630", + "name" : "query-clients", + "description" : "${role_query-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "357078bd-0421-4b14-a0b9-40c25dde5557", + "attributes" : { } + }, { + "id" : "c95b6025-b1a9-47bb-9b53-f0e6a625be5f", + "name" : "query-realms", + "description" : "${role_query-realms}", + "composite" : false, + "clientRole" : true, + "containerId" : "357078bd-0421-4b14-a0b9-40c25dde5557", + "attributes" : { } + }, { + "id" : "1214b780-d1bf-40c8-b239-50abb734ca51", + "name" : "manage-users", + "description" : "${role_manage-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "357078bd-0421-4b14-a0b9-40c25dde5557", + "attributes" : { } + }, { + "id" : "5d1999eb-3a8a-4b83-946d-2eb08cd474b4", + "name" : "query-users", + "description" : "${role_query-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "357078bd-0421-4b14-a0b9-40c25dde5557", + "attributes" : { } + }, { + "id" : "4280b1a4-da20-4ec8-a0ec-dd271970a537", + "name" : "query-groups", + "description" : "${role_query-groups}", + "composite" : false, + "clientRole" : true, + "containerId" : "357078bd-0421-4b14-a0b9-40c25dde5557", + "attributes" : { } + }, { + "id" : "77580d97-d2a0-47c7-9862-9df69a237c68", + "name" : "manage-clients", + "description" : "${role_manage-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "357078bd-0421-4b14-a0b9-40c25dde5557", + "attributes" : { } + }, { + "id" : "4944013c-27f2-42b7-8d82-fe39089bf23c", + "name" : "view-clients", + "description" : "${role_view-clients}", + "composite" : true, + "composites" : { + "client" : { + "master-realm" : [ "query-clients" ] + } + }, + "clientRole" : true, + "containerId" : "357078bd-0421-4b14-a0b9-40c25dde5557", + "attributes" : { } + }, { + "id" : "31c9f5d6-93ae-4b60-836b-e19a02d342a4", + "name" : "manage-identity-providers", + "description" : "${role_manage-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "357078bd-0421-4b14-a0b9-40c25dde5557", + "attributes" : { } + }, { + "id" : "1f9a5fe6-f029-4ea2-89ca-e3c3c595aa51", + "name" : "manage-authorization", + "description" : "${role_manage-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "357078bd-0421-4b14-a0b9-40c25dde5557", + "attributes" : { } + }, { + "id" : "9352ff2b-b75b-4cd8-94c2-329847a27126", + "name" : "manage-realm", + "description" : "${role_manage-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "357078bd-0421-4b14-a0b9-40c25dde5557", + "attributes" : { } + }, { + "id" : "70f6059a-d671-4f01-ad9a-255864d1e8e2", + "name" : "impersonation", + "description" : "${role_impersonation}", + "composite" : false, + "clientRole" : true, + "containerId" : "357078bd-0421-4b14-a0b9-40c25dde5557", + "attributes" : { } + }, { + "id" : "0050f16d-b26a-4cca-85b3-b62ff386f36e", + "name" : "view-events", + "description" : "${role_view-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "357078bd-0421-4b14-a0b9-40c25dde5557", + "attributes" : { } + }, { + "id" : "42bcb56c-8798-4f27-848e-cbe2c14cc5c9", + "name" : "view-users", + "description" : "${role_view-users}", + "composite" : true, + "composites" : { + "client" : { + "master-realm" : [ "query-users", "query-groups" ] + } + }, + "clientRole" : true, + "containerId" : "357078bd-0421-4b14-a0b9-40c25dde5557", + "attributes" : { } + }, { + "id" : "8f366846-0bf9-440d-9eab-5fad3ce0200e", + "name" : "view-identity-providers", + "description" : "${role_view-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "357078bd-0421-4b14-a0b9-40c25dde5557", + "attributes" : { } + } ], + "account" : [ { + "id" : "dffdfbeb-a943-4e2b-ad60-017484109595", + "name" : "view-groups", + "description" : "${role_view-groups}", + "composite" : false, + "clientRole" : true, + "containerId" : "fd11a567-b5be-4665-9444-4de133068420", + "attributes" : { } + }, { + "id" : "0c86baf9-e9dd-411f-b084-433d9746bcd4", + "name" : "manage-account-links", + "description" : "${role_manage-account-links}", + "composite" : false, + "clientRole" : true, + "containerId" : "fd11a567-b5be-4665-9444-4de133068420", + "attributes" : { } + }, { + "id" : "88c3c74e-4628-4373-8282-68959e5ed34a", + "name" : "view-consent", + "description" : "${role_view-consent}", + "composite" : false, + "clientRole" : true, + "containerId" : "fd11a567-b5be-4665-9444-4de133068420", + "attributes" : { } + }, { + "id" : "1efff5e8-7324-434d-b010-4fe402400c46", + "name" : "view-applications", + "description" : "${role_view-applications}", + "composite" : false, + "clientRole" : true, + "containerId" : "fd11a567-b5be-4665-9444-4de133068420", + "attributes" : { } + }, { + "id" : "ddc53580-ac83-49c2-b174-717485c6123f", + "name" : "view-profile", + "description" : "${role_view-profile}", + "composite" : false, + "clientRole" : true, + "containerId" : "fd11a567-b5be-4665-9444-4de133068420", + "attributes" : { } + }, { + "id" : "837af15c-5688-4a67-afcc-704b08e83230", + "name" : "delete-account", + "description" : "${role_delete-account}", + "composite" : false, + "clientRole" : true, + "containerId" : "fd11a567-b5be-4665-9444-4de133068420", + "attributes" : { } + }, { + "id" : "ce92fd21-5930-4019-893f-07cee7a32202", + "name" : "manage-account", + "description" : "${role_manage-account}", + "composite" : true, + "composites" : { + "client" : { + "account" : [ "manage-account-links" ] + } + }, + "clientRole" : true, + "containerId" : "fd11a567-b5be-4665-9444-4de133068420", + "attributes" : { } + }, { + "id" : "4ef61025-a2bb-46c7-a773-45479f94c7ea", + "name" : "manage-consent", + "description" : "${role_manage-consent}", + "composite" : true, + "composites" : { + "client" : { + "account" : [ "view-consent" ] + } + }, + "clientRole" : true, + "containerId" : "fd11a567-b5be-4665-9444-4de133068420", + "attributes" : { } + } ] + } + }, + "groups" : [ ], + "defaultRole" : { + "id" : "c3b4c96f-6388-46e3-8eb7-9392c7652612", + "name" : "default-roles-master", + "description" : "${role_default-roles}", + "composite" : true, + "clientRole" : false, + "containerId" : "8956870d-d9bc-4ffd-bdec-3685db703215" + }, + "requiredCredentials" : [ "password" ], + "otpPolicyType" : "totp", + "otpPolicyAlgorithm" : "HmacSHA1", + "otpPolicyInitialCounter" : 0, + "otpPolicyDigits" : 6, + "otpPolicyLookAheadWindow" : 1, + "otpPolicyPeriod" : 30, + "otpPolicyCodeReusable" : false, + "otpSupportedApplications" : [ "totpAppFreeOTPName", "totpAppGoogleName", "totpAppMicrosoftAuthenticatorName" ], + "localizationTexts" : { }, + "webAuthnPolicyRpEntityName" : "keycloak", + "webAuthnPolicySignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyRpId" : "", + "webAuthnPolicyAttestationConveyancePreference" : "not specified", + "webAuthnPolicyAuthenticatorAttachment" : "not specified", + "webAuthnPolicyRequireResidentKey" : "not specified", + "webAuthnPolicyUserVerificationRequirement" : "not specified", + "webAuthnPolicyCreateTimeout" : 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyAcceptableAaguids" : [ ], + "webAuthnPolicyExtraOrigins" : [ ], + "webAuthnPolicyPasswordlessRpEntityName" : "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyPasswordlessRpId" : "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified", + "webAuthnPolicyPasswordlessCreateTimeout" : 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ], + "webAuthnPolicyPasswordlessExtraOrigins" : [ ], + "scopeMappings" : [ { + "clientScope" : "offline_access", + "roles" : [ "offline_access" ] + } ], + "clientScopeMappings" : { + "account" : [ { + "client" : "account-console", + "roles" : [ "manage-account", "view-groups" ] + } ] + }, + "clients" : [ { + "id" : "fd11a567-b5be-4665-9444-4de133068420", + "clientId" : "account", + "name" : "${client_account}", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/master/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/realms/master/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "basic", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "c38fcb7e-0879-4fe0-9818-01eb6dcc0f17", + "clientId" : "account-console", + "name" : "${client_account-console}", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/master/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/realms/master/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+", + "pkce.code.challenge.method" : "S256" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "1a3217d2-aab7-4749-923c-2b1017709c22", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { } + } ], + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "basic", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "92bb82ef-68c9-41f9-ad5e-57e975a4d6ba", + "clientId" : "admin-cli", + "name" : "${client_admin-cli}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : false, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "basic", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "52f64ef5-8732-4065-858e-2f2580b7ed9c", + "clientId" : "broker", + "name" : "${client_broker}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : true, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "basic", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "357078bd-0421-4b14-a0b9-40c25dde5557", + "clientId" : "master-realm", + "name" : "master Realm", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : true, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "basic", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "6626bbfa-68fc-46ed-8ec0-fb786ab3f2ee", + "clientId" : "nutshell-realm", + "name" : "nutshell Realm", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : true, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ ], + "optionalClientScopes" : [ ] + }, { + "id" : "61609810-bd2b-42ac-8168-ab89416b489a", + "clientId" : "security-admin-console", + "name" : "${client_security-admin-console}", + "rootUrl" : "${authAdminUrl}", + "baseUrl" : "/admin/master/console/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/admin/master/console/*" ], + "webOrigins" : [ "+" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+", + "pkce.code.challenge.method" : "S256" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "79920355-25fa-423c-a9ec-2f5ca84da358", + "name" : "locale", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "locale", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "locale", + "jsonType.label" : "String" + } + } ], + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "basic", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + } ], + "clientScopes" : [ { + "id" : "43f68d3e-e543-4684-b324-7d5feda4faec", + "name" : "acr", + "description" : "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "d5a92ece-cd72-48dd-b00d-fff7f57a8203", + "name" : "acr loa level", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-acr-mapper", + "consentRequired" : false, + "config" : { + "id.token.claim" : "true", + "introspection.token.claim" : "true", + "access.token.claim" : "true" + } + } ] + }, { + "id" : "ba7df914-fb24-40aa-abf7-478c373b5b30", + "name" : "roles", + "description" : "OpenID Connect scope for add user roles to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "consent.screen.text" : "${rolesScopeConsentText}", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "2bd2c43e-9dfc-43a9-8132-7476e4f0f88d", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "access.token.claim" : "true" + } + }, { + "id" : "39809465-371a-4b96-9ad9-35248d647a01", + "name" : "client roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-client-role-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "foo", + "introspection.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "resource_access.${client_id}.roles", + "jsonType.label" : "String", + "multivalued" : "true" + } + }, { + "id" : "4468ec06-a16a-44a5-b989-7854bfd53781", + "name" : "realm roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "foo", + "introspection.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "realm_access.roles", + "jsonType.label" : "String", + "multivalued" : "true" + } + } ] + }, { + "id" : "6adb47f8-94c7-4d0c-a50b-623c79a5acbc", + "name" : "web-origins", + "description" : "OpenID Connect scope for add allowed web origins to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "consent.screen.text" : "", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "7edaec4b-7cb1-4889-82da-4608f8a1d893", + "name" : "allowed web origins", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-allowed-origins-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "access.token.claim" : "true" + } + } ] + }, { + "id" : "fe0b07cd-c0fb-4714-a5e0-950e04e082d7", + "name" : "role_list", + "description" : "SAML role list", + "protocol" : "saml", + "attributes" : { + "consent.screen.text" : "${samlRoleListScopeConsentText}", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "6224866e-e0df-48ef-8ba4-a813df0b7fff", + "name" : "role list", + "protocol" : "saml", + "protocolMapper" : "saml-role-list-mapper", + "consentRequired" : false, + "config" : { + "single" : "false", + "attribute.nameformat" : "Basic", + "attribute.name" : "Role" + } + } ] + }, { + "id" : "66043f0a-23d0-4e6e-b0c0-88b127d0e83b", + "name" : "profile", + "description" : "OpenID Connect built-in scope: profile", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "consent.screen.text" : "${profileScopeConsentText}", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "b7410ccb-433b-4383-8c84-9f73934aa40b", + "name" : "family name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "lastName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "family_name", + "jsonType.label" : "String" + } + }, { + "id" : "ce4046db-294e-452f-83d7-57c94bf508a1", + "name" : "nickname", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "nickname", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "nickname", + "jsonType.label" : "String" + } + }, { + "id" : "c1c8c377-46fc-4b80-88c3-1c715c522a54", + "name" : "zoneinfo", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "zoneinfo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "zoneinfo", + "jsonType.label" : "String" + } + }, { + "id" : "f81dc329-9643-47df-a67f-6838aa42c29a", + "name" : "website", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "website", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "website", + "jsonType.label" : "String" + } + }, { + "id" : "78d13844-37f0-47f2-96f7-fc6b04b4c7c6", + "name" : "locale", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "locale", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "locale", + "jsonType.label" : "String" + } + }, { + "id" : "1195910f-7036-4f39-b9aa-4bba3be3ee01", + "name" : "given name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "firstName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "given_name", + "jsonType.label" : "String" + } + }, { + "id" : "19f96415-ee38-4186-b7f4-d7b8fcb24a33", + "name" : "profile", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "profile", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "profile", + "jsonType.label" : "String" + } + }, { + "id" : "26a001b8-0bd6-4631-9174-2522c30c5c88", + "name" : "middle name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "middleName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "middle_name", + "jsonType.label" : "String" + } + }, { + "id" : "bd5859a9-6581-455f-a284-d35f447eff21", + "name" : "updated at", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "updatedAt", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "updated_at", + "jsonType.label" : "long" + } + }, { + "id" : "62e692ce-d578-41f0-bf86-061039fcc555", + "name" : "username", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "preferred_username", + "jsonType.label" : "String" + } + }, { + "id" : "0916a7a3-e8a6-48a7-85eb-be34b9555ac1", + "name" : "full name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-full-name-mapper", + "consentRequired" : false, + "config" : { + "id.token.claim" : "true", + "introspection.token.claim" : "true", + "access.token.claim" : "true", + "userinfo.token.claim" : "true" + } + }, { + "id" : "cd8c2a23-1d0f-4ab1-ba60-88ea8b1396dc", + "name" : "gender", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "gender", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "gender", + "jsonType.label" : "String" + } + }, { + "id" : "6304ea5b-0bd7-439a-974b-aa86ec49d24e", + "name" : "birthdate", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "birthdate", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "birthdate", + "jsonType.label" : "String" + } + }, { + "id" : "85506c77-9b66-40d0-ba4b-a8933a66bd4d", + "name" : "picture", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "picture", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "picture", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "01b5238a-8ebf-47ed-a72e-fd28ee8a2025", + "name" : "address", + "description" : "OpenID Connect built-in scope: address", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "consent.screen.text" : "${addressScopeConsentText}", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "a94b76c9-3abe-4c95-9e91-e4a3729e96f0", + "name" : "address", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-address-mapper", + "consentRequired" : false, + "config" : { + "user.attribute.formatted" : "formatted", + "user.attribute.country" : "country", + "introspection.token.claim" : "true", + "user.attribute.postal_code" : "postal_code", + "userinfo.token.claim" : "true", + "user.attribute.street" : "street", + "id.token.claim" : "true", + "user.attribute.region" : "region", + "access.token.claim" : "true", + "user.attribute.locality" : "locality" + } + } ] + }, { + "id" : "3fa619bd-d3d3-45b4-8898-6657cd1d7801", + "name" : "phone", + "description" : "OpenID Connect built-in scope: phone", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "consent.screen.text" : "${phoneScopeConsentText}", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "c1f359ff-216c-4d77-8dfb-f997faeee2ad", + "name" : "phone number verified", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "phoneNumberVerified", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "phone_number_verified", + "jsonType.label" : "boolean" + } + }, { + "id" : "763142bf-b12e-47f0-ad0b-2d87409b7332", + "name" : "phone number", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "phoneNumber", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "phone_number", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "2c1e962f-4e58-4a42-8e3e-62d392f091b2", + "name" : "email", + "description" : "OpenID Connect built-in scope: email", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "consent.screen.text" : "${emailScopeConsentText}", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "e9a326c5-8a1e-4658-b21a-d98bcfa67177", + "name" : "email", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "email", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email", + "jsonType.label" : "String" + } + }, { + "id" : "cad78fa0-43ef-498a-b2d2-3c0204aa9792", + "name" : "email verified", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "emailVerified", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email_verified", + "jsonType.label" : "boolean" + } + } ] + }, { + "id" : "c9bfad33-ba6a-4803-8734-9f5ae8e97f2d", + "name" : "microprofile-jwt", + "description" : "Microprofile - JWT built-in scope", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "527dfec5-7b13-4d2a-b9d6-1d2a1fbcd4e2", + "name" : "groups", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "multivalued" : "true", + "user.attribute" : "foo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "groups", + "jsonType.label" : "String" + } + }, { + "id" : "a7a2b0c1-9540-473d-b9d2-9c7420b69e51", + "name" : "upn", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "upn", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "4476c340-2396-4f85-97c5-1421c5c3d033", + "name" : "basic", + "description" : "OpenID Connect scope for add all basic claims to the token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "72838032-fffc-4869-aaec-6a10e571b9f5", + "name" : "auth_time", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usersessionmodel-note-mapper", + "consentRequired" : false, + "config" : { + "user.session.note" : "AUTH_TIME", + "id.token.claim" : "true", + "introspection.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "auth_time", + "jsonType.label" : "long" + } + }, { + "id" : "faa805a5-17f7-4852-b12a-3e270c2a3a36", + "name" : "sub", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-sub-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "access.token.claim" : "true" + } + } ] + }, { + "id" : "a557e5d5-341a-4ea0-9d6e-b620e55f8ebc", + "name" : "offline_access", + "description" : "OpenID Connect built-in scope: offline_access", + "protocol" : "openid-connect", + "attributes" : { + "consent.screen.text" : "${offlineAccessScopeConsentText}", + "display.on.consent.screen" : "true" + } + } ], + "defaultDefaultClientScopes" : [ "role_list", "profile", "email", "roles", "web-origins", "acr", "basic" ], + "defaultOptionalClientScopes" : [ "offline_access", "address", "phone", "microprofile-jwt" ], + "browserSecurityHeaders" : { + "contentSecurityPolicyReportOnly" : "", + "xContentTypeOptions" : "nosniff", + "referrerPolicy" : "no-referrer", + "xRobotsTag" : "none", + "xFrameOptions" : "SAMEORIGIN", + "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "xXSSProtection" : "1; mode=block", + "strictTransportSecurity" : "max-age=31536000; includeSubDomains" + }, + "smtpServer" : { }, + "eventsEnabled" : false, + "eventsListeners" : [ "jboss-logging" ], + "enabledEventTypes" : [ ], + "adminEventsEnabled" : false, + "adminEventsDetailsEnabled" : false, + "identityProviders" : [ ], + "identityProviderMappers" : [ ], + "components" : { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ { + "id" : "66e4f611-e6cc-4b78-ab85-f03a0be1c760", + "name" : "Max Clients Limit", + "providerId" : "max-clients", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "max-clients" : [ "200" ] + } + }, { + "id" : "12a23404-e173-44c3-99b2-aa744961d0b7", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "saml-user-attribute-mapper", "oidc-address-mapper", "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-property-mapper", "oidc-full-name-mapper", "saml-role-list-mapper" ] + } + }, { + "id" : "0fe538ad-c9f3-4fea-83ec-d1ec834dd030", + "name" : "Consent Required", + "providerId" : "consent-required", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "a30be1e3-9b74-40b7-b535-ed8daf324ee4", + "name" : "Trusted Hosts", + "providerId" : "trusted-hosts", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "host-sending-registration-request-must-match" : [ "true" ], + "client-uris-must-match" : [ "true" ] + } + }, { + "id" : "0d41044d-ca32-43ce-8bf9-fdbe2b98fdc6", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "saml-user-attribute-mapper", "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper", "oidc-address-mapper", "saml-role-list-mapper", "oidc-full-name-mapper", "oidc-sha256-pairwise-sub-mapper" ] + } + }, { + "id" : "fe5cbf0b-daf0-48e6-98e4-b54fd7a7dd23", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allow-default-scopes" : [ "true" ] + } + }, { + "id" : "c19b8aad-971c-4ea0-8ba1-718db2c5b0b2", + "name" : "Full Scope Disabled", + "providerId" : "scope", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "1d7eddfb-39c1-4aad-b1b2-acc5c645c097", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "allow-default-scopes" : [ "true" ] + } + } ], + "org.keycloak.userprofile.UserProfileProvider" : [ { + "id" : "86baaf71-87fd-4294-9317-651a6a9527dc", + "providerId" : "declarative-user-profile", + "subComponents" : { }, + "config" : { + "kc.user.profile.config" : [ "{\"attributes\":[{\"name\":\"username\",\"displayName\":\"${username}\",\"validations\":{\"length\":{\"min\":3,\"max\":255},\"username-prohibited-characters\":{},\"up-username-not-idn-homograph\":{}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"email\",\"displayName\":\"${email}\",\"validations\":{\"email\":{},\"length\":{\"max\":255}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"firstName\",\"displayName\":\"${firstName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"lastName\",\"displayName\":\"${lastName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false}],\"groups\":[{\"name\":\"user-metadata\",\"displayHeader\":\"User metadata\",\"displayDescription\":\"Attributes, which refer to user metadata\"}]}" ] + } + } ], + "org.keycloak.keys.KeyProvider" : [ { + "id" : "5cadce2d-b2da-4b4f-81f7-a950bd0ce156", + "name" : "rsa-generated", + "providerId" : "rsa-generated", + "subComponents" : { }, + "config" : { + "privateKey" : [ "MIIEogIBAAKCAQEA0qQDrL3Xf+/4io5uKEfkIT4wpx9iIwqM5oI3jJcm2qbhlvFlDsRv6BG1s4syJvDtEXjXR4GEeY8Lhm1DAW00k5aYzdvm63FaV2zw+XbTxEiaIExFlYWHmZTwvm8DnzfGZSrvr0UScKZkRC52/qaY/ye2txv5YSFsuvGmPVhO8+pUzX4BaJIjoBMDV610ojpcey7xlovV75ZpUHGQQFxheeFeTouduH4CwYJ7tOP8caaU2dnqRHPUknYWxE61TGfD9rW1qjYA9mMPYqly+LAZFIx44wFpoisZlD+Z3ufsPeoAdOIk5q+Rt1sTGxy/B+WWKcRxxutqRjbw2PlUkBf72QIDAQABAoIBAF3aP1rp0UmLUhnmQVXIRnC7ZXEpThAf5MzWC0skk+bLgWtATk9InjXwIh4H8MYiBfcJeR4+qpiA8FkqeLb7gfgamyXqC5cvD9oxS6NTWyKzWJz4bu6iqtr23ldzXlFESC0OdvIInCE+OiGY9GMdNsFFYCdxGum4u1oGTpQ5syABIrRV3IUzC4bPszsVhoNoxaDYWY8fC236XiNd9aPidFgtGlZpXekWqlGMAAPILu/nDF1HxKdD1OeWLJfuisJxC+0xI0b47q9rQBN5ptFK3rSEebzQsycr6sGDWOs7sgMmqsUJpCVqGQxqDggMjb8/VXC/fA+136wku9QQU3Rt1psCgYEA/HnGGbdxca5PzzH0FeaBXyE9eeL73jtviuWyFkZAYukOdtXGB3ELTvXJJkPTIWsSYxzsXaTKjNR9aZnHAq2OfSTFlgteWCe1uLRnBYyZ75AJVCIITom0m+ycoEU5gM4hQYw8rPKxwyhX+yiPOZlAEldSTpVR50xZQahW9INl4h8CgYEA1ZS+EKsPdi1DELRSMNEcjSwpi96+QbtZ7lgyORJzNMwMsin/r/Qc6NfHtybIExpW+x8K1yEnaeCDOCXlQdehNodozRmyUcmkG2V92g8DxgJTVcR0QFxXLQROl+5fqM+qvvAKxhIalbRoHaiCtpy/OPFPhdMqsZgh73rfJK+pkwcCgYA8Tz5yEC7qL/BilxUuUhSfS8pqnjz6FgqMDFhhF8Dzn6ZT3rbiOi+wWegF2vfJKNGImXUg3WeBApU+r3wpeJnr7OfB8s9DkaDIEVf2rGJtJmQEE+kWEbDx+jBj3IVi7lplVQF9cq/h5XY2ybaE1MXIW9GOcf7RmJxNoc+7stOYkwKBgAtoAi6JtC2vhSFjP/Bzen7fmOhrYOXJx6e+9g+uOJDdROBO9eTDuLeGrpfNbmn2wiZvJfkPQDebUeaxv2igx29OE/7AHJHZnvYHmY0HuD/e5+xwrXSyecVhsYDTrjApxwijcS/az6inFdhfo3t1K5Ey8fhHqsQJR+auPTSMXRYJAoGAKwrJj9yju5VpWWlNtrRU2o2DXSLinVcJ96HVJ1WRyS2cnNRgpjEiGqka8andmwfyZujdaVaBHZPZlGiRIirxvSZ6ptC8sox7/a7SfIH7+4uXjz7Gr2r/be3RDWtlsmqo4agFDfyfjzT0fnfGNUMR7hUFgyKj+rTWkC7u3/CkqAo=" ], + "keyUse" : [ "SIG" ], + "certificate" : [ "MIICmzCCAYMCBgGSIN8+lTANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZtYXN0ZXIwHhcNMjQwOTIzMjE1MDU0WhcNMzQwOTIzMjE1MjM0WjARMQ8wDQYDVQQDDAZtYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSpAOsvdd/7/iKjm4oR+QhPjCnH2IjCozmgjeMlybapuGW8WUOxG/oEbWzizIm8O0ReNdHgYR5jwuGbUMBbTSTlpjN2+brcVpXbPD5dtPESJogTEWVhYeZlPC+bwOfN8ZlKu+vRRJwpmRELnb+ppj/J7a3G/lhIWy68aY9WE7z6lTNfgFokiOgEwNXrXSiOlx7LvGWi9XvlmlQcZBAXGF54V5Oi524fgLBgnu04/xxppTZ2epEc9SSdhbETrVMZ8P2tbWqNgD2Yw9iqXL4sBkUjHjjAWmiKxmUP5ne5+w96gB04iTmr5G3WxMbHL8H5ZYpxHHG62pGNvDY+VSQF/vZAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAKW3btD4M04m+qMkD9LGxbHITdft4jbupYudyD+QfYVMusQvnZmSx+A/HFlRI9vS5e5XD4orpS6B7LPOXQ674/uzqG3t008BsWdtiH1uF1kNXZ++34nUlOl3taGzGUAucPripxXl3mOHEia/nb6JyUQ6Nl0aS3aC5iaEKKDPVllbbU+ZeHmIbda35RmGrM9PFvrMYQaZEHn9Bou2DDwo8s2SDQFkBwF3HrBnujwb7gZX/BEybxVMt6JPkqjrMKkBGK/8iMm+ezdk+oaRVI44rnkErxF7YQT+Pji9ENVgxhbnNZ4Jjk1eh9OljuBgMdmWpZCP1UQPBHi8MQ2ADYo8fcI=" ], + "priority" : [ "100" ] + } + }, { + "id" : "0d64cac0-4a44-4eb7-becf-d73c4518f49e", + "name" : "hmac-generated-hs512", + "providerId" : "hmac-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "14061cf3-4756-41b2-b5e5-736210176ad5" ], + "secret" : [ "VG8zu3mIi_W-bbxshUZv4iVhjJF67x3NhA7V7Bs3l-IrF2N1onG35kCVeARF89HxOQsiOp09e3cGbfJ2hKhCFPqR-YJ3nBEY-uoUoNskLsr_OjbytC0n1NOMRRsQQfZ1KCiobvFvv6GMbKQrJUhzKoFpsV-W6O5ElhC6053LTf0" ], + "priority" : [ "100" ], + "algorithm" : [ "HS512" ] + } + }, { + "id" : "a999fc53-cb0c-47c0-b0a4-246cf394b1d7", + "name" : "rsa-enc-generated", + "providerId" : "rsa-enc-generated", + "subComponents" : { }, + "config" : { + "privateKey" : [ "MIIEowIBAAKCAQEAgrItfQbra6avo1hWyiATXPvFJLOwiqmJEtieHdfr4/oRj/kqzALEj8P0zmk7jtNNwJIkJ+/BDh4kSmjmGaMQMxwUnS1UrX9CkB6gpTcZgqjYAQYLZMWYqi6w7PCd4wZc3c5ffS0fyipryK/yvBhNjV3FfdgbHpH7tlglAHzaEQiQKx+boAWidb+84ncN9jov0FyYaPerkFPeamiAIhxHQkHBJi+gNZ33jKFfvlAMQcsxT+zB7WeUt/jq9e+Vhci666BLpZJBFrSmTcBiShf3vJT4rIkJAXMDf7vx84EsttzN7KU6NgYKkclhTXof6Uhoe8HBz1YHFtiGQU2TEHnZpwIDAQABAoIBABTzDJmS51+dG2A6g8bod1IbRVGJwA2p+T/dGxM7jiM/7Vq/nN2QwAMvbOk9Mv/E3Ry2EDealb52lGidAe0wFyOqJ5++KWmaEYhacHOrLlqkR+N6HY9soPj+fPut4hEG7xHax7Gf7w2P2TEVCvqdhqjXVBXE8yvmSIvE+0Flweqi0x0U4kizG3IYVF7srNBf4l05/46ieSUafUnr/LwmQzPilF5vfMd42rgSMLjQ1A5UcTs6m0cgvE/mNe/s50PHLoguDmo89KV+F3Ce0B+cUAbcDTpC+qD/6yZHu+afMB7M54KTEeMqL5ef24wn/z0wcp9BMi9iPnoRTG7iztC2PDkCgYEAt6G4PaIdJvkjD55iBVMSUQBriNdvJkPLytXAqbM75VOoHmAhBmLFXsSPRy2GIt25LQVW53RZBofaH7cveSZXW7Hoikmo1Tl9L19GaVJNUiEH1239NXJBHp4nsKyDg4BM9BfY1US6NhDTVldgC15jqOGf0R1QI1TMg7E0jIIogVMCgYEAtjPeD7QI/M9Z93CnD63JwyZ+I+bGyi1SxWsM59qWzYshOH+iFDUcupVotayz3Ez6/5iYeRM3ju2OC0KUjuRkIcHUpJJYCWBtd/yICjYLbfGfNbT558lTqpW4Xa7siR51xKSCM+fdDY6Y02xaYZ5GWi8hlpy2t5GbKvA6nSVVV90CgYAZMIfzfG9/TyGuHM3ZaSHUFripltPabeZgtp2tKbcHqEghkpI1LAtjCpeU7fu+gKfMMzVOnrkvmicjvp82gTnujCMYBS6xwScY/nrMK8wLfhhzRtU7JaclKhDLvX505X6o5TSLXNgmXnx/FZFJPfNx0TF5IApELne3gPFybNBdnQKBgQCUdFJcjR49jl0JZXpZJgqcvQJOEjyqgp9MR1ruloYE13Wr6SKQQG42AIKedCbgOsDP/O9Oxz+fbyMrPYZ5ntGPR7UQmkSs7yqCdvoJB9vsKtDEG777AmjvNqpPerUzS+Q84qVL0YGlCCixKznBDAradEhzxSCDFVpOdAnt/Hs66QKBgD2R3x/5FGrkRWKyxpofIYojgDJA2dVwET87D59LznBOMm4QCE/PNaK9RzcDD6SIYRP2iSBdjE7NIEKOdVlunzqmTFNpr/2FNVcY7hZFsQP7YwDvqESUCFteVVjIPOYN/e4SMbd39ns9tUAiCTvImyD/3lys5kWxJzKfD+kyKl8x" ], + "keyUse" : [ "ENC" ], + "certificate" : [ "MIICmzCCAYMCBgGSIN8/HjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZtYXN0ZXIwHhcNMjQwOTIzMjE1MDU0WhcNMzQwOTIzMjE1MjM0WjARMQ8wDQYDVQQDDAZtYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCCsi19Butrpq+jWFbKIBNc+8Uks7CKqYkS2J4d1+vj+hGP+SrMAsSPw/TOaTuO003AkiQn78EOHiRKaOYZoxAzHBSdLVStf0KQHqClNxmCqNgBBgtkxZiqLrDs8J3jBlzdzl99LR/KKmvIr/K8GE2NXcV92Bsekfu2WCUAfNoRCJArH5ugBaJ1v7zidw32Oi/QXJho96uQU95qaIAiHEdCQcEmL6A1nfeMoV++UAxByzFP7MHtZ5S3+Or175WFyLrroEulkkEWtKZNwGJKF/e8lPisiQkBcwN/u/HzgSy23M3spTo2BgqRyWFNeh/pSGh7wcHPVgcW2IZBTZMQedmnAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGoW/dE0qJt2H4EjlR4tPt9qF5Mg+ZNBJQBtFDOhqX5i/eQA+LVewWk9OfyRr3IDJeC1yjB3LQY580Hl5Z13vnpt/bJosdEVhFEjfUdiKU5qdCo59+tJdVC6VSH3obuAR6lP4xS/Wm+y5/A+88Pllsuxoa0wFm2aAZjNBLh+hxynegVVD2b5vFM280ECQ1cS2ihcPEZqizn0gQiJEm++2Tf6omdq3KDbWBNBqgKemCUYtPuAg93BxQWW2o6D8nGVXwsf86QKgTPWc+QENX4UvFwMl+w178MRcOl6OC8YGLy5I9FT3Kca8hQn6JNIxJDqaeJpoCQ6l6vVJEkcW5Q5ntA=" ], + "priority" : [ "100" ], + "algorithm" : [ "RSA-OAEP" ] + } + }, { + "id" : "41b42694-9f19-473b-a662-25b2de3e6904", + "name" : "aes-generated", + "providerId" : "aes-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "5e2674c9-8bb8-4499-a7bc-6b3ed715cf81" ], + "secret" : [ "MYLTsXNl0Bq10linwSJVyg" ], + "priority" : [ "100" ] + } + } ] + }, + "internationalizationEnabled" : false, + "supportedLocales" : [ ], + "authenticationFlows" : [ { + "id" : "66aa2193-9c24-40c2-8afc-19fc1a96e76a", + "alias" : "Account verification options", + "description" : "Method with which to verity the existing account", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-email-verification", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Verify Existing Account by Re-authentication", + "userSetupAllowed" : false + } ] + }, { + "id" : "8d881e24-d189-4c49-8b93-aa83057bf39e", + "alias" : "Browser - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-otp-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "1ccd8e11-4916-4a8b-bd3d-91eee6ec6de4", + "alias" : "Direct Grant - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "direct-grant-validate-otp", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "bb2e7d7b-3c08-49c9-ada6-5848243e2766", + "alias" : "First broker login - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-otp-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "eb418e73-6109-4967-b651-184a95fc81db", + "alias" : "Handle Existing Account", + "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-confirm-link", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Account verification options", + "userSetupAllowed" : false + } ] + }, { + "id" : "714b575a-da59-4664-9055-7292c4b51d35", + "alias" : "Reset - Conditional OTP", + "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-otp", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "ae0a9437-b908-4554-803f-4de41b6cffb2", + "alias" : "User creation or linking", + "description" : "Flow for the existing/non-existing user alternatives", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "create unique user config", + "authenticator" : "idp-create-user-if-unique", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Handle Existing Account", + "userSetupAllowed" : false + } ] + }, { + "id" : "edb3710b-a6ce-4a5e-a565-554810ab17b8", + "alias" : "Verify Existing Account by Re-authentication", + "description" : "Reauthentication of existing account", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-username-password-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "First broker login - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "506e2c7e-5c64-41b0-a691-fd41a179ec36", + "alias" : "browser", + "description" : "browser based authentication", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-cookie", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-spnego", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "identity-provider-redirector", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 25, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 30, + "autheticatorFlow" : true, + "flowAlias" : "forms", + "userSetupAllowed" : false + } ] + }, { + "id" : "0840c55c-bfa1-48ee-9f7c-80fc2c21260b", + "alias" : "clients", + "description" : "Base authentication for clients", + "providerId" : "client-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "client-secret", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-jwt", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-secret-jwt", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 30, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-x509", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 40, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "02e2c0c0-2183-41fb-889d-45b289371216", + "alias" : "direct grant", + "description" : "OpenID Connect Resource Owner Grant", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "direct-grant-validate-username", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "direct-grant-validate-password", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 30, + "autheticatorFlow" : true, + "flowAlias" : "Direct Grant - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "c74e947e-333d-4a99-b011-4d4291e4413e", + "alias" : "docker auth", + "description" : "Used by Docker clients to authenticate against the IDP", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "docker-http-basic-authenticator", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "7ad8c824-b6c2-45ca-97bc-740366e8e6fa", + "alias" : "first broker login", + "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "review profile config", + "authenticator" : "idp-review-profile", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "User creation or linking", + "userSetupAllowed" : false + } ] + }, { + "id" : "29ea962d-32f3-49cf-a009-76116f0a82e1", + "alias" : "forms", + "description" : "Username, password, otp and other auth forms.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-username-password-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Browser - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "2b8859c2-7ed8-4797-997e-a09dd3aac773", + "alias" : "registration", + "description" : "registration flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-page-form", + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : true, + "flowAlias" : "registration form", + "userSetupAllowed" : false + } ] + }, { + "id" : "7dfe64c5-813f-4288-b685-f3ec7845dc22", + "alias" : "registration form", + "description" : "registration form", + "providerId" : "form-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-user-creation", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "registration-password-action", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 50, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "registration-recaptcha-action", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 60, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "registration-terms-and-conditions", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 70, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "909ce2fa-c6eb-4c87-8812-ef0d6333af28", + "alias" : "reset credentials", + "description" : "Reset credentials for a user if they forgot their password or something", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "reset-credentials-choose-user", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-credential-email", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-password", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 30, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 40, + "autheticatorFlow" : true, + "flowAlias" : "Reset - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "d70fe04b-e680-41a8-ba18-6680b48d30a4", + "alias" : "saml ecp", + "description" : "SAML ECP Profile Authentication Flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "http-basic-authenticator", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + } ], + "authenticatorConfig" : [ { + "id" : "98f7f28a-a395-44d6-a2cc-786090c0c607", + "alias" : "create unique user config", + "config" : { + "require.password.update.after.registration" : "false" + } + }, { + "id" : "07c6a291-51b4-4984-ac2c-57b5ccc954df", + "alias" : "review profile config", + "config" : { + "update.profile.on.first.login" : "missing" + } + } ], + "requiredActions" : [ { + "alias" : "CONFIGURE_TOTP", + "name" : "Configure OTP", + "providerId" : "CONFIGURE_TOTP", + "enabled" : true, + "defaultAction" : false, + "priority" : 10, + "config" : { } + }, { + "alias" : "TERMS_AND_CONDITIONS", + "name" : "Terms and Conditions", + "providerId" : "TERMS_AND_CONDITIONS", + "enabled" : false, + "defaultAction" : false, + "priority" : 20, + "config" : { } + }, { + "alias" : "UPDATE_PASSWORD", + "name" : "Update Password", + "providerId" : "UPDATE_PASSWORD", + "enabled" : true, + "defaultAction" : false, + "priority" : 30, + "config" : { } + }, { + "alias" : "UPDATE_PROFILE", + "name" : "Update Profile", + "providerId" : "UPDATE_PROFILE", + "enabled" : true, + "defaultAction" : false, + "priority" : 40, + "config" : { } + }, { + "alias" : "VERIFY_EMAIL", + "name" : "Verify Email", + "providerId" : "VERIFY_EMAIL", + "enabled" : true, + "defaultAction" : false, + "priority" : 50, + "config" : { } + }, { + "alias" : "delete_account", + "name" : "Delete Account", + "providerId" : "delete_account", + "enabled" : false, + "defaultAction" : false, + "priority" : 60, + "config" : { } + }, { + "alias" : "webauthn-register", + "name" : "Webauthn Register", + "providerId" : "webauthn-register", + "enabled" : true, + "defaultAction" : false, + "priority" : 70, + "config" : { } + }, { + "alias" : "webauthn-register-passwordless", + "name" : "Webauthn Register Passwordless", + "providerId" : "webauthn-register-passwordless", + "enabled" : true, + "defaultAction" : false, + "priority" : 80, + "config" : { } + }, { + "alias" : "VERIFY_PROFILE", + "name" : "Verify Profile", + "providerId" : "VERIFY_PROFILE", + "enabled" : true, + "defaultAction" : false, + "priority" : 90, + "config" : { } + }, { + "alias" : "delete_credential", + "name" : "Delete Credential", + "providerId" : "delete_credential", + "enabled" : true, + "defaultAction" : false, + "priority" : 100, + "config" : { } + }, { + "alias" : "update_user_locale", + "name" : "Update User Locale", + "providerId" : "update_user_locale", + "enabled" : true, + "defaultAction" : false, + "priority" : 1000, + "config" : { } + } ], + "browserFlow" : "browser", + "registrationFlow" : "registration", + "directGrantFlow" : "direct grant", + "resetCredentialsFlow" : "reset credentials", + "clientAuthenticationFlow" : "clients", + "dockerAuthenticationFlow" : "docker auth", + "firstBrokerLoginFlow" : "first broker login", + "attributes" : { + "cibaBackchannelTokenDeliveryMode" : "poll", + "cibaAuthRequestedUserHint" : "login_hint", + "oauth2DevicePollingInterval" : "5", + "clientOfflineSessionMaxLifespan" : "0", + "clientSessionIdleTimeout" : "0", + "clientOfflineSessionIdleTimeout" : "0", + "cibaInterval" : "5", + "realmReusableOtpCode" : "false", + "cibaExpiresIn" : "120", + "oauth2DeviceCodeLifespan" : "600", + "parRequestUriLifespan" : "60", + "clientSessionMaxLifespan" : "0", + "organizationsEnabled" : "false" + }, + "keycloakVersion" : "25.0.6", + "userManagedAccessAllowed" : false, + "organizationsEnabled" : false, + "clientProfiles" : { + "profiles" : [ ] + }, + "clientPolicies" : { + "policies" : [ ] + } +} diff --git a/keycloak/keycloak-export/master-users-0.json b/keycloak/keycloak-export/master-users-0.json new file mode 100644 index 00000000..cd1ab2d6 --- /dev/null +++ b/keycloak/keycloak-export/master-users-0.json @@ -0,0 +1,26 @@ +{ + "realm" : "master", + "users" : [ { + "id" : "0ff227f7-c163-4fca-9ae4-c8751c725421", + "username" : "admin", + "emailVerified" : false, + "createdTimestamp" : 1727128354842, + "enabled" : true, + "totp" : false, + "credentials" : [ { + "id" : "11a5f9ed-19c9-4164-be31-28ce6e23955b", + "type" : "password", + "createdDate" : 1727128354904, + "secretData" : "{\"value\":\"s/6M2/FCFd1fOyHJRMvOLvKM7e2JIOC6LZ3ovFVkGi8=\",\"salt\":\"Zjn7ChOL5688O84xf1ElGA==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":5,\"algorithm\":\"argon2\",\"additionalParameters\":{\"hashLength\":[\"32\"],\"memory\":[\"7168\"],\"type\":[\"id\"],\"version\":[\"1.3\"],\"parallelism\":[\"1\"]}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-master", "admin" ], + "clientRoles" : { + "nutshell-realm" : [ "query-realms", "query-users", "manage-identity-providers", "manage-authorization", "view-identity-providers", "view-realm", "view-authorization", "query-clients", "manage-clients", "create-client", "view-events", "manage-events", "manage-realm", "manage-users", "view-users", "view-clients", "query-groups" ] + }, + "notBefore" : 0, + "groups" : [ ] + } ] +} diff --git a/keycloak/keycloak-export/nutshell-realm.json b/keycloak/keycloak-export/nutshell-realm.json new file mode 100644 index 00000000..2d3e395d --- /dev/null +++ b/keycloak/keycloak-export/nutshell-realm.json @@ -0,0 +1,1902 @@ +{ + "id" : "7ce5df4d-de4c-460c-9623-bf036f5e326d", + "realm" : "nutshell", + "notBefore" : 0, + "defaultSignatureAlgorithm" : "RS256", + "revokeRefreshToken" : false, + "refreshTokenMaxReuse" : 0, + "accessTokenLifespan" : 300, + "accessTokenLifespanForImplicitFlow" : 900, + "ssoSessionIdleTimeout" : 1800, + "ssoSessionMaxLifespan" : 36000, + "ssoSessionIdleTimeoutRememberMe" : 0, + "ssoSessionMaxLifespanRememberMe" : 0, + "offlineSessionIdleTimeout" : 2592000, + "offlineSessionMaxLifespanEnabled" : false, + "offlineSessionMaxLifespan" : 5184000, + "clientSessionIdleTimeout" : 0, + "clientSessionMaxLifespan" : 0, + "clientOfflineSessionIdleTimeout" : 0, + "clientOfflineSessionMaxLifespan" : 0, + "accessCodeLifespan" : 60, + "accessCodeLifespanUserAction" : 300, + "accessCodeLifespanLogin" : 1800, + "actionTokenGeneratedByAdminLifespan" : 43200, + "actionTokenGeneratedByUserLifespan" : 300, + "oauth2DeviceCodeLifespan" : 600, + "oauth2DevicePollingInterval" : 5, + "enabled" : true, + "sslRequired" : "external", + "registrationAllowed" : true, + "registrationEmailAsUsername" : true, + "rememberMe" : true, + "verifyEmail" : false, + "loginWithEmailAllowed" : true, + "duplicateEmailsAllowed" : false, + "resetPasswordAllowed" : true, + "editUsernameAllowed" : false, + "bruteForceProtected" : false, + "permanentLockout" : false, + "maxTemporaryLockouts" : 0, + "maxFailureWaitSeconds" : 900, + "minimumQuickLoginWaitSeconds" : 60, + "waitIncrementSeconds" : 60, + "quickLoginCheckMilliSeconds" : 1000, + "maxDeltaTimeSeconds" : 43200, + "failureFactor" : 30, + "roles" : { + "realm" : [ { + "id" : "cf15df0b-9cb4-443b-bf6b-ef520ecbac2c", + "name" : "default-roles-nutshell", + "description" : "${role_default-roles}", + "composite" : true, + "composites" : { + "realm" : [ "offline_access", "uma_authorization" ], + "client" : { + "account" : [ "view-profile", "manage-account" ] + } + }, + "clientRole" : false, + "containerId" : "7ce5df4d-de4c-460c-9623-bf036f5e326d", + "attributes" : { } + }, { + "id" : "5f3146f9-69e2-4906-8e7d-200a8cc9cf46", + "name" : "offline_access", + "description" : "${role_offline-access}", + "composite" : false, + "clientRole" : false, + "containerId" : "7ce5df4d-de4c-460c-9623-bf036f5e326d", + "attributes" : { } + }, { + "id" : "4b4124b9-3023-4557-8fcb-16937aa4da06", + "name" : "uma_authorization", + "description" : "${role_uma_authorization}", + "composite" : false, + "clientRole" : false, + "containerId" : "7ce5df4d-de4c-460c-9623-bf036f5e326d", + "attributes" : { } + } ], + "client" : { + "realm-management" : [ { + "id" : "c44f22a5-1c57-4404-b450-fb22805345ab", + "name" : "view-events", + "description" : "${role_view-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "b47dc78e-8815-4103-b644-5c8fdd074aae", + "attributes" : { } + }, { + "id" : "94ba1856-e4b6-43f7-bc3d-e586a269fa0d", + "name" : "manage-clients", + "description" : "${role_manage-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "b47dc78e-8815-4103-b644-5c8fdd074aae", + "attributes" : { } + }, { + "id" : "101f63ee-c4c2-4bb1-9865-7239199f90ac", + "name" : "query-users", + "description" : "${role_query-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "b47dc78e-8815-4103-b644-5c8fdd074aae", + "attributes" : { } + }, { + "id" : "1888f762-fbe4-4d3e-b62c-c0ce597c432d", + "name" : "view-clients", + "description" : "${role_view-clients}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "query-clients" ] + } + }, + "clientRole" : true, + "containerId" : "b47dc78e-8815-4103-b644-5c8fdd074aae", + "attributes" : { } + }, { + "id" : "d9e2c1d1-0704-40d8-b3ed-3bd3bd29605e", + "name" : "query-groups", + "description" : "${role_query-groups}", + "composite" : false, + "clientRole" : true, + "containerId" : "b47dc78e-8815-4103-b644-5c8fdd074aae", + "attributes" : { } + }, { + "id" : "7c82add7-89ad-47d3-87f1-dd82f48dee9e", + "name" : "create-client", + "description" : "${role_create-client}", + "composite" : false, + "clientRole" : true, + "containerId" : "b47dc78e-8815-4103-b644-5c8fdd074aae", + "attributes" : { } + }, { + "id" : "632cbe8f-d0a6-45b3-913c-76af11603c92", + "name" : "manage-identity-providers", + "description" : "${role_manage-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "b47dc78e-8815-4103-b644-5c8fdd074aae", + "attributes" : { } + }, { + "id" : "82f54d45-4e58-4a61-b0d2-0e0394c83e36", + "name" : "view-authorization", + "description" : "${role_view-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "b47dc78e-8815-4103-b644-5c8fdd074aae", + "attributes" : { } + }, { + "id" : "63b25859-0fdc-4c59-bae7-967290bed0c9", + "name" : "manage-realm", + "description" : "${role_manage-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "b47dc78e-8815-4103-b644-5c8fdd074aae", + "attributes" : { } + }, { + "id" : "dea2d217-f1c5-43a3-880f-426d3880df78", + "name" : "query-realms", + "description" : "${role_query-realms}", + "composite" : false, + "clientRole" : true, + "containerId" : "b47dc78e-8815-4103-b644-5c8fdd074aae", + "attributes" : { } + }, { + "id" : "b165f311-5daa-4db3-a294-db3951235c54", + "name" : "impersonation", + "description" : "${role_impersonation}", + "composite" : false, + "clientRole" : true, + "containerId" : "b47dc78e-8815-4103-b644-5c8fdd074aae", + "attributes" : { } + }, { + "id" : "76241cad-4291-4b4a-83bb-c94334dd54dd", + "name" : "manage-events", + "description" : "${role_manage-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "b47dc78e-8815-4103-b644-5c8fdd074aae", + "attributes" : { } + }, { + "id" : "f5264002-577b-4ad9-ab9d-a7597709017d", + "name" : "view-realm", + "description" : "${role_view-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "b47dc78e-8815-4103-b644-5c8fdd074aae", + "attributes" : { } + }, { + "id" : "b7d712ed-6589-4f8a-af8c-008ef518747f", + "name" : "query-clients", + "description" : "${role_query-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "b47dc78e-8815-4103-b644-5c8fdd074aae", + "attributes" : { } + }, { + "id" : "081839a0-4fe3-4b3a-9d00-5dca7061b3d4", + "name" : "view-users", + "description" : "${role_view-users}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "query-users", "query-groups" ] + } + }, + "clientRole" : true, + "containerId" : "b47dc78e-8815-4103-b644-5c8fdd074aae", + "attributes" : { } + }, { + "id" : "c9c37fa1-ec54-4615-887d-ec6e149e734a", + "name" : "manage-authorization", + "description" : "${role_manage-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "b47dc78e-8815-4103-b644-5c8fdd074aae", + "attributes" : { } + }, { + "id" : "aa2a6e1d-2e4b-4a32-a50f-b6d77cca66e6", + "name" : "realm-admin", + "description" : "${role_realm-admin}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "view-events", "manage-clients", "query-users", "view-clients", "query-groups", "create-client", "manage-identity-providers", "view-authorization", "manage-realm", "query-realms", "impersonation", "view-realm", "manage-events", "view-users", "query-clients", "manage-authorization", "view-identity-providers", "manage-users" ] + } + }, + "clientRole" : true, + "containerId" : "b47dc78e-8815-4103-b644-5c8fdd074aae", + "attributes" : { } + }, { + "id" : "45bcb41d-d91a-4a91-beaf-16e51f641e76", + "name" : "view-identity-providers", + "description" : "${role_view-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "b47dc78e-8815-4103-b644-5c8fdd074aae", + "attributes" : { } + }, { + "id" : "d970c875-f5c8-42c1-9d51-ff08066d2d3f", + "name" : "manage-users", + "description" : "${role_manage-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "b47dc78e-8815-4103-b644-5c8fdd074aae", + "attributes" : { } + } ], + "security-admin-console" : [ ], + "admin-cli" : [ ], + "account-console" : [ ], + "broker" : [ { + "id" : "b9cd84e5-9fba-4271-833f-b5e255fc94f5", + "name" : "read-token", + "description" : "${role_read-token}", + "composite" : false, + "clientRole" : true, + "containerId" : "4736fd0c-e753-4837-8a6a-74b726caf795", + "attributes" : { } + } ], + "cashu-client" : [ ], + "account" : [ { + "id" : "b752c873-e544-4796-b7ed-9cd59eff5ef8", + "name" : "view-profile", + "description" : "${role_view-profile}", + "composite" : false, + "clientRole" : true, + "containerId" : "8f251366-4a78-4a67-9e1b-1ce337cc5844", + "attributes" : { } + }, { + "id" : "8c1b6cd8-909c-42d5-9de2-bb8c07bec854", + "name" : "delete-account", + "description" : "${role_delete-account}", + "composite" : false, + "clientRole" : true, + "containerId" : "8f251366-4a78-4a67-9e1b-1ce337cc5844", + "attributes" : { } + }, { + "id" : "16c8767b-3bb6-4f16-9f6c-1179c37a77c8", + "name" : "manage-consent", + "description" : "${role_manage-consent}", + "composite" : true, + "composites" : { + "client" : { + "account" : [ "view-consent" ] + } + }, + "clientRole" : true, + "containerId" : "8f251366-4a78-4a67-9e1b-1ce337cc5844", + "attributes" : { } + }, { + "id" : "8bd33ad7-3e3b-48f1-ba3d-4ade3cc6f04c", + "name" : "manage-account-links", + "description" : "${role_manage-account-links}", + "composite" : false, + "clientRole" : true, + "containerId" : "8f251366-4a78-4a67-9e1b-1ce337cc5844", + "attributes" : { } + }, { + "id" : "857a614f-a7ce-49d2-9f2e-6537a9dda21a", + "name" : "view-consent", + "description" : "${role_view-consent}", + "composite" : false, + "clientRole" : true, + "containerId" : "8f251366-4a78-4a67-9e1b-1ce337cc5844", + "attributes" : { } + }, { + "id" : "062e7546-b48d-41cf-b856-236f70f3cd4f", + "name" : "view-groups", + "description" : "${role_view-groups}", + "composite" : false, + "clientRole" : true, + "containerId" : "8f251366-4a78-4a67-9e1b-1ce337cc5844", + "attributes" : { } + }, { + "id" : "d3375327-39f2-4eb9-bb3a-6812c3edf08f", + "name" : "view-applications", + "description" : "${role_view-applications}", + "composite" : false, + "clientRole" : true, + "containerId" : "8f251366-4a78-4a67-9e1b-1ce337cc5844", + "attributes" : { } + }, { + "id" : "47a8218d-3220-4d4d-a894-55e23d7aad8b", + "name" : "manage-account", + "description" : "${role_manage-account}", + "composite" : true, + "composites" : { + "client" : { + "account" : [ "manage-account-links" ] + } + }, + "clientRole" : true, + "containerId" : "8f251366-4a78-4a67-9e1b-1ce337cc5844", + "attributes" : { } + } ] + } + }, + "groups" : [ ], + "defaultRole" : { + "id" : "cf15df0b-9cb4-443b-bf6b-ef520ecbac2c", + "name" : "default-roles-nutshell", + "description" : "${role_default-roles}", + "composite" : true, + "clientRole" : false, + "containerId" : "7ce5df4d-de4c-460c-9623-bf036f5e326d" + }, + "requiredCredentials" : [ "password" ], + "otpPolicyType" : "totp", + "otpPolicyAlgorithm" : "HmacSHA1", + "otpPolicyInitialCounter" : 0, + "otpPolicyDigits" : 6, + "otpPolicyLookAheadWindow" : 1, + "otpPolicyPeriod" : 30, + "otpPolicyCodeReusable" : false, + "otpSupportedApplications" : [ "totpAppFreeOTPName", "totpAppGoogleName", "totpAppMicrosoftAuthenticatorName" ], + "localizationTexts" : { }, + "webAuthnPolicyRpEntityName" : "keycloak", + "webAuthnPolicySignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyRpId" : "", + "webAuthnPolicyAttestationConveyancePreference" : "not specified", + "webAuthnPolicyAuthenticatorAttachment" : "not specified", + "webAuthnPolicyRequireResidentKey" : "not specified", + "webAuthnPolicyUserVerificationRequirement" : "not specified", + "webAuthnPolicyCreateTimeout" : 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyAcceptableAaguids" : [ ], + "webAuthnPolicyExtraOrigins" : [ ], + "webAuthnPolicyPasswordlessRpEntityName" : "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyPasswordlessRpId" : "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified", + "webAuthnPolicyPasswordlessCreateTimeout" : 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ], + "webAuthnPolicyPasswordlessExtraOrigins" : [ ], + "scopeMappings" : [ { + "clientScope" : "offline_access", + "roles" : [ "offline_access" ] + } ], + "clientScopeMappings" : { + "account" : [ { + "client" : "account-console", + "roles" : [ "manage-account", "view-groups" ] + } ] + }, + "clients" : [ { + "id" : "8f251366-4a78-4a67-9e1b-1ce337cc5844", + "clientId" : "account", + "name" : "${client_account}", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/nutshell/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/realms/nutshell/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "basic", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "fb1aaaf7-f061-4704-b61f-5629a8e17f6a", + "clientId" : "account-console", + "name" : "${client_account-console}", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/nutshell/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/realms/nutshell/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+", + "pkce.code.challenge.method" : "S256" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "e8904c38-e37d-4c34-aa52-878ae2c6621d", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { } + } ], + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "basic", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "57f74364-819b-463f-9070-303f665df62c", + "clientId" : "admin-cli", + "name" : "${client_admin-cli}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : false, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "basic", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "4736fd0c-e753-4837-8a6a-74b726caf795", + "clientId" : "broker", + "name" : "${client_broker}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : true, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "basic", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "a1059e89-c42f-4604-b014-22cf41ae8854", + "clientId" : "cashu-client", + "name" : "", + "description" : "", + "rootUrl" : "", + "adminUrl" : "", + "baseUrl" : "", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "*" ], + "webOrigins" : [ "", "*" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : true, + "protocol" : "openid-connect", + "attributes" : { + "client.introspection.response.allow.jwt.claim.enabled" : "false", + "oauth2.device.authorization.grant.enabled" : "true", + "logoUri" : "https://avatars.githubusercontent.com/u/114246592", + "access.token.signed.response.alg" : "ES256", + "backchannel.logout.revoke.offline.tokens" : "false", + "use.refresh.tokens" : "true", + "oidc.ciba.grant.enabled" : "false", + "client.use.lightweight.access.token.enabled" : "false", + "id.token.signed.response.alg" : "ES256", + "backchannel.logout.session.required" : "true", + "client_credentials.use_refresh_token" : "false", + "acr.loa.map" : "{}", + "require.pushed.authorization.requests" : "false", + "tls.client.certificate.bound.access.tokens" : "false", + "authorization.signed.response.alg" : "ES256", + "display.on.consent.screen" : "false", + "token.response.type.bearer.lower-case" : "false" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : -1, + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "basic", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "b47dc78e-8815-4103-b644-5c8fdd074aae", + "clientId" : "realm-management", + "name" : "${client_realm-management}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : true, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "basic", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "c189d33f-84f5-4e73-a508-dd174e2f3fde", + "clientId" : "security-admin-console", + "name" : "${client_security-admin-console}", + "rootUrl" : "${authAdminUrl}", + "baseUrl" : "/admin/nutshell/console/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/admin/nutshell/console/*" ], + "webOrigins" : [ "+" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+", + "pkce.code.challenge.method" : "S256" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "ca69ba5c-3d32-4c29-882a-c2a4b6b93fdc", + "name" : "locale", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "locale", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "locale", + "jsonType.label" : "String" + } + } ], + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "basic", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + } ], + "clientScopes" : [ { + "id" : "5006e7c3-113e-4cc2-a4bb-3460c642dd55", + "name" : "web-origins", + "description" : "OpenID Connect scope for add allowed web origins to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "consent.screen.text" : "", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "43abf5a8-3a7d-4865-a8be-135c7d1065b3", + "name" : "allowed web origins", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-allowed-origins-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "access.token.claim" : "true" + } + } ] + }, { + "id" : "96e1971c-af62-4292-b3a2-86eb600ba1b4", + "name" : "basic", + "description" : "OpenID Connect scope for add all basic claims to the token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "de3be070-4e8d-4600-a102-4efe231f026f", + "name" : "auth_time", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usersessionmodel-note-mapper", + "consentRequired" : false, + "config" : { + "user.session.note" : "AUTH_TIME", + "id.token.claim" : "true", + "introspection.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "auth_time", + "jsonType.label" : "long" + } + }, { + "id" : "68e1cc26-feba-4309-84a2-7ffd246ff092", + "name" : "sub", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-sub-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "access.token.claim" : "true" + } + } ] + }, { + "id" : "7c739599-c2ff-40a7-97f3-e2364e5500fa", + "name" : "email", + "description" : "OpenID Connect built-in scope: email", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "consent.screen.text" : "${emailScopeConsentText}", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "6b4acd6e-e0cc-438d-ac64-555f8cc27b1b", + "name" : "email verified", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "emailVerified", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email_verified", + "jsonType.label" : "boolean" + } + }, { + "id" : "69f98c7a-baf5-4970-a229-1dcb8cdd20f0", + "name" : "email", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "email", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "1d24e6d0-baeb-4eb4-9f52-e0c8e3f3de6a", + "name" : "roles", + "description" : "OpenID Connect scope for add user roles to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "consent.screen.text" : "${rolesScopeConsentText}", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "d36dafb3-3bc8-4eb3-9908-63ead6b7c6f5", + "name" : "realm roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "foo", + "introspection.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "realm_access.roles", + "jsonType.label" : "String", + "multivalued" : "true" + } + }, { + "id" : "89303a1d-2a4f-4179-af11-701218b8d9b4", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "access.token.claim" : "true" + } + }, { + "id" : "ea0a62ef-7e0e-4f73-90ae-03244954bd58", + "name" : "client roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-client-role-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "foo", + "introspection.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "resource_access.${client_id}.roles", + "jsonType.label" : "String", + "multivalued" : "true" + } + } ] + }, { + "id" : "7c081dbc-5838-4b68-8da3-344d9bb5db29", + "name" : "acr", + "description" : "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "48eb8264-69ae-48d1-8e48-aea6a25ffffa", + "name" : "acr loa level", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-acr-mapper", + "consentRequired" : false, + "config" : { + "id.token.claim" : "true", + "introspection.token.claim" : "true", + "access.token.claim" : "true" + } + } ] + }, { + "id" : "7e691276-3a80-4721-a975-5c1e9c0f3d4b", + "name" : "offline_access", + "description" : "OpenID Connect built-in scope: offline_access", + "protocol" : "openid-connect", + "attributes" : { + "consent.screen.text" : "${offlineAccessScopeConsentText}", + "display.on.consent.screen" : "true" + } + }, { + "id" : "a02e25ad-763d-4fc7-8d3e-794ef8a93720", + "name" : "profile", + "description" : "OpenID Connect built-in scope: profile", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "consent.screen.text" : "${profileScopeConsentText}", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "d89569f3-cdcb-4dfa-adee-04f87b286e52", + "name" : "full name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-full-name-mapper", + "consentRequired" : false, + "config" : { + "id.token.claim" : "true", + "introspection.token.claim" : "true", + "access.token.claim" : "true", + "userinfo.token.claim" : "true" + } + }, { + "id" : "dfaa465e-6060-480f-86df-df28b73b121a", + "name" : "picture", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "picture", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "picture", + "jsonType.label" : "String" + } + }, { + "id" : "1ba3807a-7c3f-4cb7-a66d-8c511f8f8225", + "name" : "nickname", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "nickname", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "nickname", + "jsonType.label" : "String" + } + }, { + "id" : "83bf0116-dc01-43d9-aeba-ddd01521eb11", + "name" : "updated at", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "updatedAt", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "updated_at", + "jsonType.label" : "long" + } + }, { + "id" : "fdd112c7-13d4-408f-81f0-8b98cfd4e36b", + "name" : "birthdate", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "birthdate", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "birthdate", + "jsonType.label" : "String" + } + }, { + "id" : "4611118f-0308-4bb9-ab80-39ffe25557e5", + "name" : "zoneinfo", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "zoneinfo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "zoneinfo", + "jsonType.label" : "String" + } + }, { + "id" : "683b369c-53fe-43fd-916d-8897d4d0ec81", + "name" : "locale", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "locale", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "locale", + "jsonType.label" : "String" + } + }, { + "id" : "e520b841-1f22-4d3b-a146-8bcdd1a04d2a", + "name" : "given name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "firstName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "given_name", + "jsonType.label" : "String" + } + }, { + "id" : "0c869236-1de3-495a-835c-c18f2d00f889", + "name" : "gender", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "gender", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "gender", + "jsonType.label" : "String" + } + }, { + "id" : "8bf40003-26d0-4367-987b-7a8eded96141", + "name" : "website", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "website", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "website", + "jsonType.label" : "String" + } + }, { + "id" : "42dbe32f-d15b-4af2-b17e-d0a453a07be2", + "name" : "middle name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "middleName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "middle_name", + "jsonType.label" : "String" + } + }, { + "id" : "ab590bc9-fb2b-41b1-8a6c-133bd561f839", + "name" : "username", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "preferred_username", + "jsonType.label" : "String" + } + }, { + "id" : "66a50932-4849-40d8-8046-be99ffca998c", + "name" : "family name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "lastName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "family_name", + "jsonType.label" : "String" + } + }, { + "id" : "98f48b49-dd40-438e-910a-d5eebe13c359", + "name" : "profile", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "profile", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "profile", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "a7a3a1d9-c6c7-4c94-a592-0a3f2cd80c4b", + "name" : "microprofile-jwt", + "description" : "Microprofile - JWT built-in scope", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "a4ac06bb-75fd-4812-9b18-0224a88b9f73", + "name" : "upn", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "upn", + "jsonType.label" : "String" + } + }, { + "id" : "a208bb47-8c4d-4ef3-8e80-a5040e7d4565", + "name" : "groups", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "multivalued" : "true", + "user.attribute" : "foo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "groups", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "ef3ef615-295f-41f3-a5cc-aac78df7ee62", + "name" : "address", + "description" : "OpenID Connect built-in scope: address", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "consent.screen.text" : "${addressScopeConsentText}", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "55ec0ab8-4236-4eb5-acde-cb1a35c740d1", + "name" : "address", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-address-mapper", + "consentRequired" : false, + "config" : { + "user.attribute.formatted" : "formatted", + "user.attribute.country" : "country", + "introspection.token.claim" : "true", + "user.attribute.postal_code" : "postal_code", + "userinfo.token.claim" : "true", + "user.attribute.street" : "street", + "id.token.claim" : "true", + "user.attribute.region" : "region", + "access.token.claim" : "true", + "user.attribute.locality" : "locality" + } + } ] + }, { + "id" : "9d7c8cf6-9be7-47db-9420-e25040cddc22", + "name" : "phone", + "description" : "OpenID Connect built-in scope: phone", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "consent.screen.text" : "${phoneScopeConsentText}", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "8f53e3a9-433d-41ce-90b9-c58fa65ae97b", + "name" : "phone number verified", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "phoneNumberVerified", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "phone_number_verified", + "jsonType.label" : "boolean" + } + }, { + "id" : "29eca6bc-aff7-464b-88e4-af4533f201d3", + "name" : "phone number", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "phoneNumber", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "phone_number", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "99ac4d72-bdcb-4bd7-9ad7-1fe7813b3c70", + "name" : "role_list", + "description" : "SAML role list", + "protocol" : "saml", + "attributes" : { + "consent.screen.text" : "${samlRoleListScopeConsentText}", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "4edc888c-2930-4a5b-a490-2250dd5c1657", + "name" : "role list", + "protocol" : "saml", + "protocolMapper" : "saml-role-list-mapper", + "consentRequired" : false, + "config" : { + "single" : "false", + "attribute.nameformat" : "Basic", + "attribute.name" : "Role" + } + } ] + } ], + "defaultDefaultClientScopes" : [ "role_list", "profile", "email", "roles", "web-origins", "acr", "basic" ], + "defaultOptionalClientScopes" : [ "offline_access", "address", "phone", "microprofile-jwt" ], + "browserSecurityHeaders" : { + "contentSecurityPolicyReportOnly" : "", + "xContentTypeOptions" : "nosniff", + "referrerPolicy" : "no-referrer", + "xRobotsTag" : "none", + "xFrameOptions" : "SAMEORIGIN", + "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "xXSSProtection" : "1; mode=block", + "strictTransportSecurity" : "max-age=31536000; includeSubDomains" + }, + "smtpServer" : { }, + "loginTheme" : "keycloak", + "accountTheme" : "", + "adminTheme" : "", + "emailTheme" : "", + "eventsEnabled" : false, + "eventsListeners" : [ "jboss-logging" ], + "enabledEventTypes" : [ ], + "adminEventsEnabled" : false, + "adminEventsDetailsEnabled" : false, + "identityProviders" : [ { + "alias" : "github", + "internalId" : "cf02af83-93f3-4a76-9613-c10f93e494f4", + "providerId" : "github", + "enabled" : true, + "updateProfileFirstLoginMode" : "on", + "trustEmail" : false, + "storeToken" : false, + "addReadTokenRoleOnCreate" : false, + "authenticateByDefault" : false, + "linkOnly" : false, + "config" : { + "syncMode" : "LEGACY", + "clientSecret" : "3869f5e38ad5f607ba53e598cfb54a8ae0e7b101", + "clientId" : "Ov23lik5qGjCQ2AP5gtD" + } + } ], + "identityProviderMappers" : [ ], + "components" : { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ { + "id" : "3c22dfa8-2c4d-463f-abd2-b29232d769f0", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allow-default-scopes" : [ "true" ] + } + }, { + "id" : "f6672321-55e1-419c-820e-fd88dcb350a9", + "name" : "Trusted Hosts", + "providerId" : "trusted-hosts", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "host-sending-registration-request-must-match" : [ "true" ], + "client-uris-must-match" : [ "true" ] + } + }, { + "id" : "a9d0bfa2-89f5-47e5-a5fa-b15465162968", + "name" : "Consent Required", + "providerId" : "consent-required", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "d9a7fe92-2b8a-4707-8e78-587f6f912c92", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "oidc-address-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-attribute-mapper", "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", "saml-user-property-mapper", "oidc-full-name-mapper", "saml-role-list-mapper" ] + } + }, { + "id" : "a4e3bcad-ac4b-4db3-a786-8a8fa175c956", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "oidc-usermodel-property-mapper", "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-address-mapper", "saml-role-list-mapper", "oidc-full-name-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-attribute-mapper" ] + } + }, { + "id" : "ab021a5f-7816-4a4a-83ba-2d22402c7317", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "allow-default-scopes" : [ "true" ] + } + }, { + "id" : "3aacbf88-0b04-4528-8fbd-15976d4153a1", + "name" : "Full Scope Disabled", + "providerId" : "scope", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "a10a9820-2ef7-4362-b379-c45406886bed", + "name" : "Max Clients Limit", + "providerId" : "max-clients", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "max-clients" : [ "200" ] + } + } ], + "org.keycloak.keys.KeyProvider" : [ { + "id" : "f079ce52-e623-409b-bf95-adcd7fc71cdd", + "name" : "rsa-enc-generated", + "providerId" : "rsa-enc-generated", + "subComponents" : { }, + "config" : { + "privateKey" : [ "MIIEpAIBAAKCAQEAzPZdUq2F0UP5ehWIssZHG0kDEt7QE5FbJ2iQ3AUfKpVF1hynK0/rLR6cR9jyDzf27YjRMb9iNgzgXqPd2Y23S6vqvnGD8P6WXJvxMZhYkatRvFWPYHCiLiSv++e/1bQNxuAHlP3c9zrba5zzQSyvtVIqLjJyAbwArX/DgetHHYjq9LRw997j/tgRn1EJDp41EogmkKpUsO/uH36yLvoN7ZWko1SytDM/+xQqaxB9vpOMwvq+jHHLnbOCp9y+pOLfAnnRZtJk3UEdktJfP99ganI8ldvvq3rBEfjTqC35STzsOMt17FO6AP4TdisC6WmqazufIMxgLK8xIaiu2pxYEwIDAQABAoIBAAOiGBH41OS14pyDZlmAWSEv1P6wEP8HzSi1GmDVNB+n+SoVUjptLWIKOXCu4qlIHUEAqibvB0TvJqQrZuB7zFSPECme6qYcr3o4NN2/DQUoBNpSXoRERABFZRJaoeIwdlBXmW9g937oIngnllzcQMf1eOaDBmgLv/UKOr6v9rR33LteqPy4jktqPEf+xwILMaEr/AJLg8mSFKtAGiGZ51s8cUMwBNMmFTQYvLDGY9b3zjhyAv/YEhmnEez50Wbum8MIc9PNq5FhtFDNApXzKFkzIjy0A99mPQltwIeWBUYQWCQelUx09Z0ZfIPdZ6NwSGZ9unLe+XhFy35oQg7SzsECgYEA7N45yDqekyEgmxKzz+pxTu6ti3fGvEyNNruQxPF/Sn0LFhPi6iNQixjvA6EKsVHdZ8XvH6lo6LVmhUh0K0dYm0vMoE2z7WeS9tuor4wOqQTeWFlIkRivXtysTfW3z1o+Lzt7rJAOxTu/kA011T/p2XPiOx/blXccYU+672QxqokCgYEA3YRq1xbR2N5a+iZyYKA6MVxqRlpY/+m0EoQ/WIdDJYijAHnBXRX5a772g0K7nutXcN1DBdwwH5mX4WhnzL8gptSZS5yA81MF7D060i61g7CdlfLrIuOs0Haq6QG7/LV4RWMWDbIniakcKJL4b5XfbUEMXvXsb3SiOc1TA0kFFrsCgYEA7M9r82vvt+bJw1/aV4brC2ACL0prbTwXfl3daZiLi3wiRktRdIYj8zzVUMqDdy4CbcpsvDnRwb4CJkR+p/oncvNAPBATT8laG+UV65PZ4E8WwDtbGn0Ub4Gt3i9IOkzdmLkedzJ7IeMPLMSYSoAgmp+J0VSTYwX3YK6mlMmWAgkCgYEA1dnxXwa7vdckE10sjJYCuAaU3qh4RU80NbAQi4HB1Clt25avkxMUwO0RhTTWdpySxPYGr1Cb8NXR551ooCRf/E9AUtubLc0X6bJO5/yJ5cGK0Ok8EWmlO3dklh/DgTscCjiXYM9+Fgr5kT4Zs3gHw6zJqZ9XC16ZAp5zJrfGvuMCgYAQn26aVIDcQT3ijWQ/J4TWRFyy/gjdiOt5lQjMcaB3CT+ZdIKEpj7bCnFeGZ3yai0izCTjverZJ/qEubCIHrmjvmL1/OGwR42DghyIywAQ2R/UFKqawcpHW9RBCw5y2H2+QFi43CKPsik+Vd+lDEj01/sNEOFDtxCSWBHkQ2r9qQ==" ], + "keyUse" : [ "ENC" ], + "certificate" : [ "MIICnzCCAYcCBgGSIOAipDANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDDAhudXRzaGVsbDAeFw0yNDA5MjMyMTUxNTJaFw0zNDA5MjMyMTUzMzJaMBMxETAPBgNVBAMMCG51dHNoZWxsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzPZdUq2F0UP5ehWIssZHG0kDEt7QE5FbJ2iQ3AUfKpVF1hynK0/rLR6cR9jyDzf27YjRMb9iNgzgXqPd2Y23S6vqvnGD8P6WXJvxMZhYkatRvFWPYHCiLiSv++e/1bQNxuAHlP3c9zrba5zzQSyvtVIqLjJyAbwArX/DgetHHYjq9LRw997j/tgRn1EJDp41EogmkKpUsO/uH36yLvoN7ZWko1SytDM/+xQqaxB9vpOMwvq+jHHLnbOCp9y+pOLfAnnRZtJk3UEdktJfP99ganI8ldvvq3rBEfjTqC35STzsOMt17FO6AP4TdisC6WmqazufIMxgLK8xIaiu2pxYEwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQDDrlkC4E1kfzeczBnsiECC1CVxPfT5D9CNdXXAA1OgbaKLe2FvKgfK80Y2wmEWV18QjLBpTlp/Aa3KnYfwzxwigHVBA0i5Z9nHdMw3a68YMtQ4drCrp/XBvS+jT2L/HZGlTH3MNRvMHKcuc78FX/vtd9CZGcA52BUtC0o4vwyOl31Jf117Dc5pxRiBg8WItw2WPpYVnU7x+PRTfeVyRGu28k6saKzoFjMCFroyAUEhwxfEuxt+75ar8vmEkZzodiJU4DYfgzWLUGkxkbFRokwAw/KFMozjgaAR5OUqZcn29yezBMqJ65Bpms6IoNXpiEo4hLwoMmYY4lB7ZxnppxWf" ], + "priority" : [ "100" ], + "algorithm" : [ "RSA-OAEP" ] + } + }, { + "id" : "4a630ed9-db18-45c5-b285-c550fb1c6606", + "name" : "aes-generated", + "providerId" : "aes-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "da49cf04-046f-4721-bd10-bfdceac9cbbd" ], + "secret" : [ "IwAmNIEnrifbve0ZXJzdKg" ], + "priority" : [ "100" ] + } + }, { + "id" : "fd258d82-129a-4d78-a93b-52cc37ae77db", + "name" : "fallback-ES256", + "providerId" : "ecdsa-generated", + "subComponents" : { }, + "config" : { + "ecdsaPublicKey" : [ "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEChyakaf24ospBi9idCQTo2MsSg/oJsiqs3NlJ76SkK2ZVQytSxGKuim3uc70AJvja6qYIE8FkXlQJR3GPr4nMw==" ], + "ecdsaEllipticCurveKey" : [ "P-256" ], + "ecdsaPrivateKey" : [ "MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCCqvLfC1oqsIBBfkI4ySBhR7itPS4MajczCKhnSGn1fkQ==" ], + "priority" : [ "-100" ] + } + }, { + "id" : "bcceacf9-8b3a-4b61-abba-9741cf2589dc", + "name" : "hmac-generated-hs512", + "providerId" : "hmac-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "5009ff4c-6866-4e0d-bd04-d6e6e40fdc15" ], + "secret" : [ "mo8Ctme-HaJwsFx5u2iwopw38pFMnObXrP8Ac4puRzsjH14Myn5Ea-DZeNGkzd5nkj-bxGugqNfHfS7QfzS_8iTPzTkg8rfChH673PMdaS7J5iK1p_nxfhKOpyAW1RMr5JOtVRgxihmiut9ee_UfDvx7zSlSH8K5reS1AvVy1Mk" ], + "priority" : [ "100" ], + "algorithm" : [ "HS512" ] + } + }, { + "id" : "144e7278-2b96-4f75-b79d-e9eb63aa43c0", + "name" : "rsa-generated", + "providerId" : "rsa-generated", + "subComponents" : { }, + "config" : { + "privateKey" : [ "MIIEpAIBAAKCAQEA4uJjlBCZIKX6wWKnOsppXDgfIc4LZCFg5G3tIzXWAfCj23EGkb03f+AWBTXbBDrWQysxC5pWB/0L7w2/OpIWXajf7bTIvYA32AURhW7Z+CtWLI7mUkUI5E4rAMeS48aRdRlXnuHfyCrDvqdXIal93HM1dmfBzh8eQDjUfn+ooxss1TNvsnj6S5bJtPIp/ikAArLXwBkCjQy2aSqokH66DJgJHOhJMR+xLfQ8obfpimj+Ez1nLxnlhvyIbtltWa0vQEYkjK1/CIfya+8DqOrFm0uIOjWhWmQVXZTn12B8FaP4mGjeO4/liAtW7XHQo7WFjB9boyKI2GwXYHX9CamViQIDAQABAoIBABl/lrAhaOo4ySySdyel768h7grFLrXNRAfMHGRyhJeReULcah/3L113XFYv0ipgp+ui1ydeDCjn7R9L0Nfm6u1SAT+ka5KTjkMgd7KCravEyBGoKjWpBUmuSMo0w7sGWhraUyT7ruQevULIKQRTGX5s8r9YxBjTmblfQa9pTrUszp7dSfD31gpFtnjTOPI21xlRhFnNJvUCSsAz2VVBu99KjCv6uOHD/pMgxO+zp0A84BO0KHMEcpB/C0/CvOSSFsGqOAPGMsPbm1Q4/tAKnMp87ENHWubFv3MYccj7hYPiOuxj5eBGlUEkNRlKdjaaeNRjEdT0OM8QnIvCD2tjCnECgYEA9oUYW+9eqjEtRvx+LYEwOzjCiaG+RltwVUkyEA3NIBOW8BV2ZI0alC8ZYoyciEGV/WNaOt0z4xiH1l+n7xHyz7TCh2yC3bhuH999aw130E6k2I6yx5kYyEOrRGQhsi5auJmjnrGIwtkB4bOZvUbn6P5Obc2vsCp5DYqWVwN3M5kCgYEA65v9AGbwTvp97AiZz2JZzelTJPxAzlKhWFGG7gA9Js3BjMCYkdhWlvnhn3p6RfKFoX9PcxjPGOiHM6ZWdx0jVUCaviiFx5MFjFPbPDH2poTH7DtVGpTfogkz09xgDkdP02e0VXpcyyp6gq5wfGWGb3c5HE2pzkpG8EI3hqhbp3ECgYEAhO7Ib+roVUYncDv/nnInnAfDf4wkmrP8I0FRKa8HieCGZ/hq21XrmzS6r5W7Yw5a30SQB2X48ODtfwAeAqDfGnoS3Av7law6Vh2h9/RPQ5jk85IffdpkrrkuxbZpJTgx25Gd1ZlOciOrDBZZNOPjcpSPnk5oCsscc9zjrRBFWyECgYEAzGPMzk1+iLUrCdjIPa0PRN71Xu9p9NKf3zMSf2M7qW7zSfxGHrdzHpP1k9i3O/jQzjHYJXvPJMeLilXxSnG/lhRuaSpUK7ayKHMSjBy34OrtWFR8VovxmOqsyEy0E47vg/DB8yksWJ8oGjfjozabshTWOWRyO2AaPBDlhG6G3DECgYBnQPQLpK4Oz+SwQWNctkdc5sNgaJcgoaNX8lC19+1w8oMPYHQDNph1wTTGJAivF165L95wzfxJvf1Qj5o7FdodmB6YJpMb5U7webDtEygwzSBxce6tkTFD6A6IC/WHilerQ7PbBSamSPFg0BapUEzSO1FxCU69GFe/EQZX91F5wQ==" ], + "keyUse" : [ "SIG" ], + "certificate" : [ "MIICnzCCAYcCBgGSIOAhwjANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDDAhudXRzaGVsbDAeFw0yNDA5MjMyMTUxNTJaFw0zNDA5MjMyMTUzMzJaMBMxETAPBgNVBAMMCG51dHNoZWxsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4uJjlBCZIKX6wWKnOsppXDgfIc4LZCFg5G3tIzXWAfCj23EGkb03f+AWBTXbBDrWQysxC5pWB/0L7w2/OpIWXajf7bTIvYA32AURhW7Z+CtWLI7mUkUI5E4rAMeS48aRdRlXnuHfyCrDvqdXIal93HM1dmfBzh8eQDjUfn+ooxss1TNvsnj6S5bJtPIp/ikAArLXwBkCjQy2aSqokH66DJgJHOhJMR+xLfQ8obfpimj+Ez1nLxnlhvyIbtltWa0vQEYkjK1/CIfya+8DqOrFm0uIOjWhWmQVXZTn12B8FaP4mGjeO4/liAtW7XHQo7WFjB9boyKI2GwXYHX9CamViQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCBNGmP+KzmSjrbXGbEwrOjQjirqi+lxbwBlxKDShpXZMx9e82XJPHwjUWJeBtNnMj8twXYOOGCTvNLGO6/ELTPzmKh5uJq/NAQYPhiieCf6H4dIf4jykMEmC0S2RsJpQCTTz1L+z+9GToTxLB6pkUPnz6rvqvyDtYBgz7EJOHBhwBbP3OTIUPVtXAFj48hXLw4FK7oUn0tSc378Nvtuj3enE/8DZ5EFgHhw9PZjyljLyNSJyf/ihZlVIiy+jxm4yU9mshqF5n1orqpflJpCnIWVPt7//9AdQ120Y/0YnwpGjsTxg39a9grKzsVosrRPY9MsoGnuwOlUKcZi4jj9Ox4" ], + "priority" : [ "100" ] + } + } ] + }, + "internationalizationEnabled" : false, + "supportedLocales" : [ ], + "authenticationFlows" : [ { + "id" : "c552fea2-2cd3-400e-912e-e61b4a759a33", + "alias" : "Account verification options", + "description" : "Method with which to verity the existing account", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-email-verification", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Verify Existing Account by Re-authentication", + "userSetupAllowed" : false + } ] + }, { + "id" : "76c9cb0e-6247-431e-b75d-2569c2c8906e", + "alias" : "Browser - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-otp-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "a13cd0d1-cddd-440c-beeb-c2e36763f0b6", + "alias" : "Direct Grant - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "direct-grant-validate-otp", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "c26dc239-0ee9-4324-bd17-f407b53079e5", + "alias" : "First broker login - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-otp-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "a3fb308b-3159-46c8-be96-91e0c687c2e4", + "alias" : "Handle Existing Account", + "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-confirm-link", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Account verification options", + "userSetupAllowed" : false + } ] + }, { + "id" : "c13b5a6b-01c7-4154-80da-d84ad57ced5a", + "alias" : "Reset - Conditional OTP", + "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-otp", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "04ac72d4-c0a0-429c-bf2a-a26531ebf039", + "alias" : "User creation or linking", + "description" : "Flow for the existing/non-existing user alternatives", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "create unique user config", + "authenticator" : "idp-create-user-if-unique", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Handle Existing Account", + "userSetupAllowed" : false + } ] + }, { + "id" : "ba4af5e1-c841-4313-98c3-747d097929eb", + "alias" : "Verify Existing Account by Re-authentication", + "description" : "Reauthentication of existing account", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-username-password-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "First broker login - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "238a1e24-e7eb-4195-9001-27a3d6116ff0", + "alias" : "browser", + "description" : "browser based authentication", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-cookie", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-spnego", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "identity-provider-redirector", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 25, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 30, + "autheticatorFlow" : true, + "flowAlias" : "forms", + "userSetupAllowed" : false + } ] + }, { + "id" : "59afc123-384a-44ca-859a-73c6bb1208e3", + "alias" : "clients", + "description" : "Base authentication for clients", + "providerId" : "client-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "client-secret", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-jwt", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-secret-jwt", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 30, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-x509", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 40, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "fcf8c8d1-00fe-4d7a-b003-0f97913bd670", + "alias" : "direct grant", + "description" : "OpenID Connect Resource Owner Grant", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "direct-grant-validate-username", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "direct-grant-validate-password", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 30, + "autheticatorFlow" : true, + "flowAlias" : "Direct Grant - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "00521719-1597-454f-a32d-22ab105b6011", + "alias" : "docker auth", + "description" : "Used by Docker clients to authenticate against the IDP", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "docker-http-basic-authenticator", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "15800909-918c-4243-ba50-2e1f2229ea09", + "alias" : "first broker login", + "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "review profile config", + "authenticator" : "idp-review-profile", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "User creation or linking", + "userSetupAllowed" : false + } ] + }, { + "id" : "01616a3f-57bd-4ed7-afc5-f5eae75dac81", + "alias" : "forms", + "description" : "Username, password, otp and other auth forms.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-username-password-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Browser - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "e9bed59b-3077-455f-9f37-abfc17b28e7e", + "alias" : "registration", + "description" : "registration flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-page-form", + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : true, + "flowAlias" : "registration form", + "userSetupAllowed" : false + } ] + }, { + "id" : "dcb5a291-7fff-450f-8495-80535f958bcb", + "alias" : "registration form", + "description" : "registration form", + "providerId" : "form-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-user-creation", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "registration-password-action", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 50, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "registration-recaptcha-action", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 60, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "registration-terms-and-conditions", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 70, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "bd4b9d12-2a46-4f13-913c-2b045ebe2b7c", + "alias" : "reset credentials", + "description" : "Reset credentials for a user if they forgot their password or something", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "reset-credentials-choose-user", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-credential-email", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-password", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 30, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 40, + "autheticatorFlow" : true, + "flowAlias" : "Reset - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "98e4b385-f5df-45c4-bd46-e585700ec414", + "alias" : "saml ecp", + "description" : "SAML ECP Profile Authentication Flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "http-basic-authenticator", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + } ], + "authenticatorConfig" : [ { + "id" : "13f71db7-a606-4ed2-be30-68ee880e05dd", + "alias" : "create unique user config", + "config" : { + "require.password.update.after.registration" : "false" + } + }, { + "id" : "3399153b-e46b-4315-83ef-f669688b38ff", + "alias" : "review profile config", + "config" : { + "update.profile.on.first.login" : "missing" + } + } ], + "requiredActions" : [ { + "alias" : "TERMS_AND_CONDITIONS", + "name" : "Terms and Conditions", + "providerId" : "TERMS_AND_CONDITIONS", + "enabled" : true, + "defaultAction" : false, + "priority" : 10, + "config" : { } + }, { + "alias" : "CONFIGURE_TOTP", + "name" : "Configure OTP", + "providerId" : "CONFIGURE_TOTP", + "enabled" : true, + "defaultAction" : false, + "priority" : 20, + "config" : { } + }, { + "alias" : "UPDATE_PASSWORD", + "name" : "Update Password", + "providerId" : "UPDATE_PASSWORD", + "enabled" : true, + "defaultAction" : false, + "priority" : 30, + "config" : { } + }, { + "alias" : "UPDATE_PROFILE", + "name" : "Update Profile", + "providerId" : "UPDATE_PROFILE", + "enabled" : true, + "defaultAction" : false, + "priority" : 40, + "config" : { } + }, { + "alias" : "VERIFY_EMAIL", + "name" : "Verify Email", + "providerId" : "VERIFY_EMAIL", + "enabled" : true, + "defaultAction" : false, + "priority" : 50, + "config" : { } + }, { + "alias" : "delete_account", + "name" : "Delete Account", + "providerId" : "delete_account", + "enabled" : true, + "defaultAction" : false, + "priority" : 60, + "config" : { } + }, { + "alias" : "webauthn-register", + "name" : "Webauthn Register", + "providerId" : "webauthn-register", + "enabled" : true, + "defaultAction" : false, + "priority" : 70, + "config" : { } + }, { + "alias" : "webauthn-register-passwordless", + "name" : "Webauthn Register Passwordless", + "providerId" : "webauthn-register-passwordless", + "enabled" : true, + "defaultAction" : false, + "priority" : 80, + "config" : { } + }, { + "alias" : "VERIFY_PROFILE", + "name" : "Verify Profile", + "providerId" : "VERIFY_PROFILE", + "enabled" : true, + "defaultAction" : false, + "priority" : 90, + "config" : { } + }, { + "alias" : "delete_credential", + "name" : "Delete Credential", + "providerId" : "delete_credential", + "enabled" : true, + "defaultAction" : false, + "priority" : 100, + "config" : { } + }, { + "alias" : "update_user_locale", + "name" : "Update User Locale", + "providerId" : "update_user_locale", + "enabled" : true, + "defaultAction" : false, + "priority" : 1000, + "config" : { } + } ], + "browserFlow" : "browser", + "registrationFlow" : "registration", + "directGrantFlow" : "direct grant", + "resetCredentialsFlow" : "reset credentials", + "clientAuthenticationFlow" : "clients", + "dockerAuthenticationFlow" : "docker auth", + "firstBrokerLoginFlow" : "first broker login", + "attributes" : { + "cibaBackchannelTokenDeliveryMode" : "poll", + "cibaAuthRequestedUserHint" : "login_hint", + "oauth2DevicePollingInterval" : "5", + "clientOfflineSessionMaxLifespan" : "0", + "clientSessionIdleTimeout" : "0", + "clientOfflineSessionIdleTimeout" : "0", + "cibaInterval" : "5", + "realmReusableOtpCode" : "false", + "cibaExpiresIn" : "120", + "oauth2DeviceCodeLifespan" : "600", + "parRequestUriLifespan" : "60", + "clientSessionMaxLifespan" : "0", + "organizationsEnabled" : "false" + }, + "keycloakVersion" : "25.0.6", + "userManagedAccessAllowed" : false, + "organizationsEnabled" : false, + "clientProfiles" : { + "profiles" : [ ] + }, + "clientPolicies" : { + "policies" : [ ] + } +} diff --git a/keycloak/keycloak-export/nutshell-users-0.json b/keycloak/keycloak-export/nutshell-users-0.json new file mode 100644 index 00000000..9b9183eb --- /dev/null +++ b/keycloak/keycloak-export/nutshell-users-0.json @@ -0,0 +1,53 @@ +{ + "realm" : "nutshell", + "users" : [ { + "id" : "c4fc742a-700f-4c83-96f2-8777c8bb56d1", + "username" : "asd@asd.com", + "firstName" : "asd", + "lastName" : "asd", + "email" : "asd@asd.com", + "emailVerified" : false, + "createdTimestamp" : 1727128876722, + "enabled" : true, + "totp" : false, + "credentials" : [ { + "id" : "23ea2b79-9c09-4133-b53b-2708258da890", + "type" : "password", + "createdDate" : 1727128876754, + "secretData" : "{\"value\":\"fDXqE3IjxS5uIYfn9eYgW5GwokWvGsg2wWY0lOgeYyE=\",\"salt\":\"Wlb5f8yPTh4QreuC99b7Zg==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":5,\"algorithm\":\"argon2\",\"additionalParameters\":{\"hashLength\":[\"32\"],\"memory\":[\"7168\"],\"type\":[\"id\"],\"version\":[\"1.3\"],\"parallelism\":[\"1\"]}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-nutshell" ], + "clientConsents" : [ { + "clientId" : "cashu-client", + "grantedClientScopes" : [ "email", "roles", "profile" ], + "createdDate" : 1732651444894, + "lastUpdatedDate" : 1732651444908 + } ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "43a16bd6-f5c5-4dfa-bcd4-6a5540564797", + "username" : "callebtc@protonmail.com", + "firstName" : "asdasd", + "lastName" : "asdasdasdasd", + "email" : "callebtc@protonmail.com", + "emailVerified" : false, + "createdTimestamp" : 1732639511706, + "enabled" : true, + "totp" : false, + "credentials" : [ ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "federatedIdentities" : [ { + "identityProvider" : "github", + "userId" : "93376500", + "userName" : "callebtc" + } ], + "realmRoles" : [ "default-roles-nutshell" ], + "notBefore" : 0, + "groups" : [ ] + } ] +} diff --git a/tests/conftest.py b/tests/conftest.py index 61f678be..a8f1e169 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -51,7 +51,7 @@ settings.mint_clnrest_enable_mpp = True settings.mint_input_fee_ppk = 0 settings.db_connection_pool = True -settings.mint_require_auth = False +# settings.mint_require_auth = False assert "test" in settings.cashu_dir shutil.rmtree(settings.cashu_dir, ignore_errors=True)