├── .github ├── CODEOWNERS ├── ISSUE_TEMPLATE │ └── config.yml └── FUNDING.yml ├── docs ├── img │ └── login-page.png ├── troubleshooting-guide.md ├── production.md └── development.md ├── keycloak-docker-assembly ├── src │ └── main │ │ └── resources │ │ ├── themes │ │ └── czetsuyatech │ │ │ └── login │ │ │ ├── messages │ │ │ └── messages_en.properties │ │ │ ├── theme.properties │ │ │ ├── resources │ │ │ ├── img │ │ │ │ └── ct-logo.svg │ │ │ └── css │ │ │ │ └── styles.css │ │ │ ├── login.ftl │ │ │ └── template.ftl │ │ ├── build │ │ ├── cli │ │ │ └── databases │ │ │ │ └── mysql │ │ │ │ ├── standalone-configuration.cli │ │ │ │ ├── standalone-ha-configuration.cli │ │ │ │ └── set-database.cli │ │ ├── set-database.sh │ │ ├── docker-entrypoint.sh │ │ └── build-keycloak.sh │ │ ├── modules │ │ └── databases │ │ │ └── mysql │ │ │ └── module.xml │ │ ├── verificationsDockerfile.xml │ │ └── realms │ │ └── ct-realm-dev.json ├── downloads │ └── README.md ├── docker │ ├── Dockerfile2 │ ├── docker-compose-dev.yml │ ├── nginx.conf │ └── Dockerfile └── pom.xml ├── .gitmodules ├── .gitignore ├── debug └── docker_compose_logs.sh ├── README.md ├── bin └── standalone_keycloak.sh └── pom.xml /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | * @CzetsuyaTech/platform-backend -------------------------------------------------------------------------------- /docs/img/login-page.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/czetsuyatech/ct-keycloak-iam/HEAD/docs/img/login-page.png -------------------------------------------------------------------------------- /keycloak-docker-assembly/src/main/resources/themes/czetsuyatech/login/messages/messages_en.properties: -------------------------------------------------------------------------------- 1 | signinIntro=Your centralized logging platform. -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "ct-keycloak-spis"] 2 | path = ct-keycloak-spis 3 | url = git@github.com:czetsuya/ct-keycloak-spis.git 4 | branch = main 5 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/config.yml: -------------------------------------------------------------------------------- 1 | blank_issues_enabled: true 2 | 3 | contact_links: 4 | - name: Platform Team 5 | url: 6 | about: Contact on Microsoft Teams -------------------------------------------------------------------------------- /keycloak-docker-assembly/downloads/README.md: -------------------------------------------------------------------------------- 1 | Download Keycloak and MSSQL connector on this folder. 2 | 3 | - keycloak-.tar.gz 4 | - mysql-connector-java-.jar -------------------------------------------------------------------------------- /keycloak-docker-assembly/src/main/resources/themes/czetsuyatech/login/theme.properties: -------------------------------------------------------------------------------- 1 | parent=keycloak 2 | import=common/keycloak 3 | 4 | styles=css/styles.css 5 | 6 | meta=viewport==width=device-width,initial-scale=1 7 | -------------------------------------------------------------------------------- /keycloak-docker-assembly/src/main/resources/build/cli/databases/mysql/standalone-configuration.cli: -------------------------------------------------------------------------------- 1 | embed-server --server-config=standalone.xml --std-out=echo 2 | run-batch --file=/opt/jboss/build/cli/databases/mysql/set-database.cli 3 | stop-embedded-server 4 | -------------------------------------------------------------------------------- /keycloak-docker-assembly/src/main/resources/build/cli/databases/mysql/standalone-ha-configuration.cli: -------------------------------------------------------------------------------- 1 | embed-server --server-config=standalone-ha.xml --std-out=echo 2 | run-batch --file=/opt/jboss/build/cli/databases/mysql/set-database.cli 3 | stop-embedded-server 4 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Settings 2 | .classpath 3 | .project 4 | .settings 5 | .idea 6 | docker-assembly/.settings 7 | 8 | # Submodules 9 | #ct-keycloak-spis 10 | 11 | # Files 12 | docker-assembly/downloads 13 | 14 | # Artifacts 15 | keycloak-*.tar.gz 16 | mysql-connector-java-*.jar 17 | 18 | # Targets 19 | docker-assembly/target 20 | target -------------------------------------------------------------------------------- /keycloak-docker-assembly/src/main/resources/modules/databases/mysql/module.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | -------------------------------------------------------------------------------- /keycloak-docker-assembly/src/main/resources/build/set-database.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | 3 | DB_VENDOR=$1 4 | 5 | cd /opt/jboss/keycloak 6 | 7 | bin/jboss-cli.sh --file=/opt/jboss/build/cli/databases/$DB_VENDOR/standalone-configuration.cli 8 | rm -rf /opt/jboss/keycloak/standalone/configuration/standalone_xml_history 9 | 10 | bin/jboss-cli.sh --file=/opt/jboss/tools/cli/databases/$DB_VENDOR/standalone-ha-configuration.cli 11 | rm -rf standalone/configuration/standalone_xml_history/current/* 12 | -------------------------------------------------------------------------------- /debug/docker_compose_logs.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | mode=$1 4 | expr=$2 5 | 6 | if [ "$mode" != "single" ] && [ "$mode" != "cluster" ]; then 7 | echo "usage: docker_compose_logs.sh single|cluster [expr]" 1>&2 8 | exit 1 9 | fi 10 | 11 | dockerComposeFile="./docker-assembly/docker/docker-compose-$mode.yml" 12 | 13 | while true; 14 | do 15 | 16 | docker-compose -f $dockerComposeFile logs -f | grep $expr 17 | 18 | echo 'Waiting for docker container to start...'; 19 | sleep 5s 20 | 21 | done 22 | -------------------------------------------------------------------------------- /docs/troubleshooting-guide.md: -------------------------------------------------------------------------------- 1 | # Troubleshooting Guide 2 | 3 | In the unfortunate event that the container won't start, for example if connection to the remote sources failed, try 4 | the following fixes. 5 | 6 | 1. Docker container won't start. 7 | 8 | Rebuild the container and start again. 9 | 10 | ``` 11 | // delete the volume 12 | docker-compose -f ./keycloak-docker-assembly/docker/docker-compose-dev.yml down -v 13 | 14 | // rebuild and start the container 15 | docker-compose -f ./keycloak-docker-assembly/docker/docker-compose-dev.yml up --build 16 | ``` -------------------------------------------------------------------------------- /keycloak-docker-assembly/src/main/resources/verificationsDockerfile.xml: -------------------------------------------------------------------------------- 1 | 6 | 7 | 8 | docker/Dockerfile 9 | ENV KEYCLOAK_VERSION ${keycloak.version} 10 | 11 | 12 | docker/Dockerfile 13 | ENV JDBC_MYSQL_VERSION ${mysql-connector.version} 14 | 15 | 16 | -------------------------------------------------------------------------------- /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | # These are supported funding model platforms 2 | 3 | github: czetsuya 4 | patreon: # Replace with a single Patreon username 5 | open_collective: # Replace with a single Open Collective username 6 | ko_fi: # Replace with a single Ko-fi username 7 | tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel 8 | community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry 9 | liberapay: # Replace with a single Liberapay username 10 | issuehunt: # Replace with a single IssueHunt username 11 | otechie: # Replace with a single Otechie username 12 | lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry 13 | custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2'] 14 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # CT Keycloak IAM 2 | 3 | This project extends the Keycloak authentication server to cover complicated enterprise use cases such as 4 | multi-tenancy, custom storage, n-level resellers by extending Keycloak through its SPIs such as storage, 5 | authentication, identity provider, etc. 6 | 7 | This project is using the Pre-Quarkus version of Keycloak. 8 | 9 | ## Features 10 | 11 | ### Custom login page 12 | 13 | A custom theme "czetsuyatech" is configured when you run the container. 14 | 15 | ![Login Page](docs/img/login-page.png) 16 | 17 | The theme is available at keycloak-docker-assembly/src/main/resources/themes/czetsuyatech and can easily be overriden. 18 | 19 | ### Custom storage 20 | 21 | ### Multi-tenant 22 | 23 | ### N-reseller level 24 | 25 | ## WIKI 26 | 27 | - [Development Guide](docs/development.md) 28 | - [Production Guide](docs/production.md) 29 | - [Troubleshooting Guide](docs/troubleshooting-guide.md) 30 | -------------------------------------------------------------------------------- /keycloak-docker-assembly/docker/Dockerfile2: -------------------------------------------------------------------------------- 1 | FROM quay.io/keycloak/keycloak:latest as builder 2 | 3 | # Add configs, resources 4 | 5 | COPY src/main/resources/conf /opt/keycloak/conf 6 | 7 | RUN ls -l /opt/keycloak/conf 8 | 9 | # Install custom providers 10 | #RUN curl -sL https://github.com/aerogear/keycloak-metrics-spi/releases/download/2.5.3/keycloak-metrics-spi-2.5.3.jar -o /opt/keycloak/providers/keycloak-metrics-spi-2.5.3.jar 11 | RUN /opt/keycloak/bin/kc.sh build 12 | 13 | FROM quay.io/keycloak/keycloak:latest 14 | COPY --from=builder /opt/keycloak/ /opt/keycloak/ 15 | WORKDIR /opt/keycloak 16 | 17 | # for demonstration purposes only, please make sure to use proper certificates in production instead 18 | RUN keytool -genkeypair -storepass password -storetype PKCS12 -keyalg RSA -keysize 2048 -dname "CN=server" -alias \ 19 | server -ext "SAN:c=DNS:localhost,IP:127.0.0.1,IP:192.168.1.18" -keystore conf/server.keystore 20 | # change these values to point to a running datastore instance 21 | 22 | ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "-cf keycloak.conf", "start"] -------------------------------------------------------------------------------- /bin/standalone_keycloak.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | $mode=$1 4 | 5 | echo "usage: standalone_keycloak.sh" 6 | 7 | dockerComposeFile="./keycloak-docker-assembly/docker/docker-compose-$mode.yml" 8 | 9 | while true; do 10 | 11 | mvn clean install 12 | if [[ "$?" -ne 0 ]]; then 13 | echo 'Build failed' 14 | read -p "Press any key to continue..." -n1 mavenContinueKey 15 | continue 16 | fi 17 | 18 | docker-compose -f $dockerComposeFile build 19 | 20 | if [ "$mode" == "cluster" ]; then 21 | docker-compose -f $dockerComposeFile up -d --scale ct-keycloak-iam=3 22 | else 23 | // single or dev 24 | docker-compose -f $dockerComposeFile up -d 25 | fi 26 | 27 | while true; do 28 | read -p "Continue (c) or Exit (x): " -n1 inputChar 29 | printf "\n" 30 | if [ "$inputChar" == "c" ] || [ "$inputChar" == "x" ]; then 31 | break 32 | fi 33 | done 34 | 35 | docker-compose -f $dockerComposeFile down -v 36 | 37 | docker container prune --force 38 | 39 | docker image prune --force 40 | 41 | if [ "$inputChar" == "x" ]; then 42 | exit 0 43 | fi 44 | 45 | done 46 | -------------------------------------------------------------------------------- /keycloak-docker-assembly/docker/docker-compose-dev.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | 3 | services: 4 | keycloak-db: 5 | image: mysql:8.0 6 | ports: 7 | - 33066:3306 8 | environment: 9 | MYSQL_ROOT_PASSWORD: root 10 | MYSQL_DATABASE: keycloak 11 | MYSQL_USER: keycloak 12 | MYSQL_PASSWORD: ipiel 13 | command: mysqld --sql_mode="" 14 | 15 | ct-keycloak-iam: 16 | depends_on: 17 | - keycloak-db 18 | build: 19 | context: ../ 20 | dockerfile: docker/Dockerfile 21 | ports: 22 | - 8888:8888 23 | - 8080:8080 24 | - 8443:8443 25 | - 9990:9990 26 | environment: 27 | DB_ADDR: keycloak-db 28 | DB_PORT: 3306 29 | DB_DATABASE: keycloak 30 | DB_USER: keycloak 31 | DB_PASSWORD: ipiel 32 | DB_JDBC_PARAMS: useSSL=false&allowPublicKeyRetrieval=true 33 | 34 | KEYCLOAK_IMPORT: /opt/jboss/keycloak_install_stage/realms/ct-realm-dev.json 35 | KEYCLOAK_USER: keycloak.admin 36 | KEYCLOAK_PASSWORD: keycloak.admin 37 | 38 | KC_HOSTNAME_STRICT: false 39 | 40 | DEBUG_PORT: 8888 41 | PROXY_ADDRESS_FORWARDING: 'true' -------------------------------------------------------------------------------- /docs/production.md: -------------------------------------------------------------------------------- 1 | # Production 2 | 3 | ## Database 4 | 5 | Keycloak supports many databases. This example is for using MySQL. 6 | 7 | ### You can run your database 8 | 9 | ``` 10 | docker run --name mysql_8 -e MYSQL_ROOT_PASSWORD= -e MYSQL_USER= -e MYSQL_PASSWORD= -e 11 | MYSQL_DATABASE=keycloak -p 33306:3306 -d mysql:8.0.29 12 | ``` 13 | 14 | ### Using a hosted database solution 15 | 16 | If you don't want to spin your database, you can use a hosted solution from different cloud providers. For 17 | example AWS RDS. 18 | 19 | ## Custom Keycloak Docker Container 20 | 21 | Start the container. 22 | 23 | ``` 24 | docker-compose -f ./docker-assembly/docker/docker-compose-single.yml up 25 | ``` 26 | 27 | Add the --build parameter to rebuild the images. 28 | 29 | Stop the containers. 30 | 31 | ``` 32 | docker-compose -f ./keycloak-docker-assembly/docker/docker-compose-single.yml down 33 | ``` 34 | 35 | Add the -v parameter to remove the volumes. 36 | 37 | ## Required Environment Variables 38 | 39 | You will need to set the following environment variables correctly. 40 | 41 | - DB_ADDR 42 | - DB_PORT 43 | - DB_DATABASE 44 | - DB_USER 45 | - DB_PASSWORD 46 | - DB_JDBC_PARAMS 47 | -------------------------------------------------------------------------------- /keycloak-docker-assembly/src/main/resources/build/cli/databases/mysql/set-database.cli: -------------------------------------------------------------------------------- 1 | /subsystem=datasources/data-source=KeycloakDS: remove() 2 | /subsystem=datasources/data-source=KeycloakDS: add(jndi-name=java:jboss/datasources/KeycloakDS,enabled=true,use-java-context=true,use-ccm=true, connection-url=jdbc:mysql://${env.DB_ADDR:mysql}:${env.DB_PORT:3306}/${env.DB_DATABASE:keycloak}${env.DB_JDBC_PARAMS:}, driver-name=mysql) 3 | /subsystem=datasources/data-source=KeycloakDS: write-attribute(name=user-name, value=${env.DB_USER:keycloak}) 4 | /subsystem=datasources/data-source=KeycloakDS: write-attribute(name=password, value=${env.DB_PASSWORD:password}) 5 | /subsystem=datasources/data-source=KeycloakDS: write-attribute(name=check-valid-connection-sql, value="SELECT 1") 6 | /subsystem=datasources/data-source=KeycloakDS: write-attribute(name=background-validation, value=true) 7 | /subsystem=datasources/data-source=KeycloakDS: write-attribute(name=background-validation-millis, value=60000) 8 | /subsystem=datasources/data-source=KeycloakDS: write-attribute(name=flush-strategy, value=IdleConnections) 9 | /subsystem=datasources/jdbc-driver=mysql:add(driver-name=mysql, driver-module-name=com.mysql.jdbc,driver-xa-datasource-class-name=com.mysql.cj.jdbc.MysqlXADataSource) 10 | -------------------------------------------------------------------------------- /docs/development.md: -------------------------------------------------------------------------------- 1 | # Development 2 | 3 | This product uses the following versions: 4 | - Keycloak 16.1.1 5 | - MySQL JDBC driver 8.0.29 6 | 7 | **Start MySQL and the custom Keycloak server.** 8 | 9 | ``` 10 | docker-compose -f ./keycloak-docker-assembly/docker/docker-compose-dev.yml up --build 11 | ``` 12 | 13 | The --build parameter ensures that the docker image is rebuilt before launching. 14 | 15 | The default keycloak account is keycloak.admin / keycloak.admin. 16 | 17 | Stop the Keycloak server, and add the -v parameter to delete the volumes. 18 | 19 | ``` 20 | docker-compose -f ./keycloak-docker-assembly/docker/docker-compose-dev.yml down -v 21 | ``` 22 | 23 | ## SubModules 24 | 25 | This project is built such that the main project with customized Keycloak running on Docker is exposed to the public. 26 | Its submodules are hosted on other repositories in private such as Keycloak SPIs, Spring Security, etc. 27 | 28 | **Add the submodules to your project** 29 | 30 | If you have access to the private repositories, you can check them out by running the following command. 31 | 32 | ```shell 33 | git submodule add -b main git@github.com:czetsuya/ct-keycloak-spis.git 34 | ``` 35 | 36 | **If you already downloaded the sub-modules and wanted to get an update** 37 | 38 | ```shell 39 | // pull all the sub-modules for the first time 40 | git submodule update --init --recursive 41 | 42 | // update the submodules 43 | git submodule update --recursive --remote 44 | ``` 45 | -------------------------------------------------------------------------------- /keycloak-docker-assembly/docker/nginx.conf: -------------------------------------------------------------------------------- 1 | user nginx; 2 | 3 | events { 4 | worker_connections 1000; 5 | } 6 | 7 | http { 8 | server { 9 | listen 80; 10 | location / { 11 | proxy_pass http://ct-universal-signon:8080; 12 | proxy_set_header Host $http_host; 13 | proxy_set_header X-Real-IP $remote_addr; 14 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 15 | proxy_set_header X-Forwarded-Host $host; 16 | proxy_set_header X-Forwarded-Server $host; 17 | proxy_set_header X-Forwarded-Port $server_port; 18 | proxy_set_header X-Forwarded-Proto $scheme; 19 | } 20 | } 21 | server { 22 | listen 443; 23 | location / { 24 | proxy_pass http://ct-universal-signon:8443; 25 | proxy_set_header Host $http_host; 26 | proxy_set_header X-Real-IP $remote_addr; 27 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 28 | proxy_set_header X-Forwarded-Host $host; 29 | proxy_set_header X-Forwarded-Server $host; 30 | proxy_set_header X-Forwarded-Port $server_port; 31 | proxy_set_header X-Forwarded-Proto $scheme; 32 | } 33 | } 34 | } -------------------------------------------------------------------------------- /keycloak-docker-assembly/docker/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM registry.access.redhat.com/ubi8-minimal 2 | 3 | # Environment Variables 4 | 5 | ENV KEYCLOAK_VERSION 16.1.1 6 | ENV JDBC_MYSQL_VERSION 8.0.29 7 | 8 | ENV LAUNCH_JBOSS_IN_BACKGROUND 1 9 | ENV PROXY_ADDRESS_FORWARDING false 10 | ENV JBOSS_HOME /opt/jboss/keycloak 11 | ENV LANG en_US.UTF-8 12 | 13 | ENV KEYCLOAK_IMPORT /opt/jboss/keycloak_install_stage/realms/ct-realm-dev.json 14 | 15 | # Bash Variables 16 | 17 | ARG KEYCLOAK_DIST_BASE=https://github.com/keycloak/keycloak/releases/download/$KEYCLOAK_VERSION/ 18 | ARG KEYCLOAK_DIST_FILE=keycloak-$KEYCLOAK_VERSION.tar.gz 19 | 20 | ARG JDBC_MYSQL_JAR_BASE=https://repo1.maven.org/maven2/mysql/mysql-connector-java/$JDBC_MYSQL_VERSION/ 21 | ARG JDBC_MYSQL_JAR_FILE=mysql-connector-java-$JDBC_MYSQL_VERSION.jar 22 | 23 | USER root 24 | 25 | RUN microdnf update -y && microdnf install -y glibc-langpack-en gzip hostname java-11-openjdk-headless openssl tar which && microdnf clean all 26 | 27 | ADD src/main/resources/build /opt/jboss/build 28 | RUN chmod +x /opt/jboss/build/* 29 | 30 | ADD downloads /opt/jboss/keycloak_install_stage/downloads 31 | 32 | ADD src/main/resources/modules /opt/jboss/modules 33 | 34 | ADD src/main/resources/realms /opt/jboss/keycloak_install_stage/realms 35 | 36 | ADD src/main/resources/themes /opt/jboss/keycloak_install_stage/themes 37 | 38 | #ADD src/main/resources/override /opt/jboss/keycloak_install_stage/override 39 | 40 | ADD target/keycloak_providers /opt/jboss/keycloak_install_stage/keycloak_providers 41 | 42 | RUN /opt/jboss/build/build-keycloak.sh 43 | 44 | USER 1000 45 | 46 | EXPOSE 8080 47 | EXPOSE 8443 48 | EXPOSE 9990 49 | 50 | ENTRYPOINT [ "/opt/jboss/build/docker-entrypoint.sh" ] 51 | 52 | CMD ["-b", "0.0.0.0"] -------------------------------------------------------------------------------- /keycloak-docker-assembly/src/main/resources/themes/czetsuyatech/login/resources/img/ct-logo.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 5 | 14 | CT-logo 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 24 | 25 | 27 | 29 | 34 | 35 | 36 | 37 | -------------------------------------------------------------------------------- /keycloak-docker-assembly/src/main/resources/build/docker-entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -eou pipefail 3 | 4 | # Saves the value of an environment variable into a file. Use by Docker's secrets. 5 | # Usage: file_env VAR [DEFAULT] 6 | # ie: file_env 'DB_PASSWORD' 'secret' 7 | # Will save the value 'secret' into DB_PASSWORD_FILE file. 8 | file_env() { 9 | local var="$1" 10 | local fileVar="${var}_FILE" 11 | local def="${2:-}" 12 | 13 | if [[ ${!var:-} && ${!fileVar:-} ]]; then 14 | echo >&2 "error: both $var and $fileVar are set (but are exclusive)" 15 | exit 1 16 | fi 17 | 18 | local val="$def" 19 | if [[ ${!var:-} ]]; then 20 | val="${!var}" 21 | elif [[ ${!fileVar:-} ]]; then 22 | val="$(<"${!fileVar}")" 23 | fi 24 | 25 | if [[ -n $val ]]; then 26 | export "$var"="$val" 27 | fi 28 | 29 | unset "$fileVar" 30 | } 31 | 32 | KEYCLOAK_ARGS="" 33 | 34 | ##################### 35 | # Create Admin User # 36 | ##################### 37 | 38 | file_env 'KEYCLOAK_USER' 39 | file_env 'KEYCLOAK_PASSWORD' 40 | 41 | if [[ -n ${KEYCLOAK_USER:-} && -n ${KEYCLOAK_PASSWORD:-} ]]; then 42 | /opt/jboss/keycloak/bin/add-user-keycloak.sh --user "$KEYCLOAK_USER" --password "$KEYCLOAK_PASSWORD" 43 | fi 44 | 45 | ################## 46 | # Set Debug Port # 47 | ################## 48 | 49 | if [[ -n ${DEBUG_PORT:-} ]]; then 50 | KEYCLOAK_ARGS+=" --debug $DEBUG_PORT" 51 | fi 52 | 53 | ########################## 54 | # Database Configuration # 55 | ########################## 56 | 57 | file_env 'DB_USER' 58 | file_env 'DB_PASSWORD' 59 | 60 | export DB_VENDOR="mysql" 61 | DB_NAME="MySQL" 62 | 63 | DB_JDBC_PARAMS=$(echo "${DB_JDBC_PARAMS:-}" | sed '/^$/! s/^/?/') 64 | export DB_JDBC_PARAMS 65 | 66 | echo "=========================================================================" 67 | echo "" 68 | echo " Using $DB_NAME database with vendor $DB_VENDOR" 69 | echo "" 70 | echo "=========================================================================" 71 | echo "" 72 | 73 | /bin/sh /opt/jboss/build/set-database.sh $DB_VENDOR 74 | 75 | ################ 76 | # Import Realm # 77 | ################ 78 | 79 | if [[ -n ${KEYCLOAK_IMPORT:-} ]]; then 80 | KEYCLOAK_ARGS+=" -Dkeycloak.import=$KEYCLOAK_IMPORT" 81 | fi 82 | 83 | exec /opt/jboss/keycloak/bin/standalone.sh $KEYCLOAK_ARGS $@ 84 | exit $? 85 | -------------------------------------------------------------------------------- /keycloak-docker-assembly/src/main/resources/build/build-keycloak.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | 3 | ############################### 4 | # Download and Build Keycloak # 5 | ############################### 6 | 7 | cd /opt/jboss/ 8 | 9 | keycloakDistLocalFile="/opt/jboss/keycloak_install_stage/downloads/$KEYCLOAK_DIST_FILE" 10 | keycloakDistUrl="$KEYCLOAK_DIST_BASE$KEYCLOAK_DIST_FILE" 11 | 12 | if [ -e $keycloakDistLocalFile ]; 13 | then 14 | echo "Keycloak from downloads folder: $keycloakDistLocalFile" 15 | tar zxf $keycloakDistLocalFile 16 | else 17 | echo "Keycloak from remote source: $keycloakDistUrl" 18 | curl -L $keycloakDistUrl | tar zx 19 | fi 20 | 21 | mv /opt/jboss/keycloak-??.?.?* /opt/jboss/keycloak 22 | 23 | ########################## 24 | # Install Custom Theme/s # 25 | ########################## 26 | 27 | mkdir -p /opt/jboss/keycloak/themes 28 | cp -R /opt/jboss/keycloak_install_stage/themes/* /opt/jboss/keycloak/themes 29 | 30 | ########################### 31 | # Create Database Modules # 32 | ########################### 33 | 34 | mkdir -p /opt/jboss/keycloak/modules/system/layers/base/com/mysql/jdbc/main 35 | cd /opt/jboss/keycloak/modules/system/layers/base/com/mysql/jdbc/main 36 | 37 | mysqlConnectorLocalFile="/opt/jboss/keycloak_install_stage/downloads/$JDBC_MYSQL_JAR_FILE" 38 | mysqlConnectorUrl="$JDBC_MYSQL_JAR_BASE$JDBC_MYSQL_JAR_FILE" 39 | if [ -e $mysqlConnectorLocalFile ]; 40 | then 41 | echo "MySql connector from downloads folder: $mysqlConnectorLocalFile" 42 | cp $mysqlConnectorLocalFile . 43 | else 44 | echo "MySql connector from remote source: $mysqlConnectorUrl" 45 | curl -O "$mysqlConnectorUrl" 46 | fi 47 | 48 | cp /opt/jboss/modules/databases/mysql/module.xml . 49 | 50 | ############################## 51 | # Install Keycloak Providers # 52 | ############################## 53 | 54 | mkdir -p /opt/jboss/keycloak/providers 55 | cp /opt/jboss/keycloak_install_stage/keycloak_providers/*.jar /opt/jboss/keycloak/providers 56 | 57 | echo "Providers installed" 58 | ls -laR /opt/jboss/keycloak/providers 59 | 60 | ################### 61 | # Set Permissions # 62 | ################### 63 | 64 | echo "jboss:x:1000:jboss" >> /etc/group 65 | echo "jboss:x:1000:1000:JBoss user:/opt/jboss:/sbin/nologin" >> /etc/passwd 66 | chown -R jboss:jboss /opt/jboss 67 | chmod -R g+rw /opt/jboss 68 | 69 | rm -rf /opt/jboss/keycloak/standalone/tmp/auth 70 | rm -rf /opt/jboss/keycloak/domain/tmp/auth -------------------------------------------------------------------------------- /keycloak-docker-assembly/src/main/resources/themes/czetsuyatech/login/resources/css/styles.css: -------------------------------------------------------------------------------- 1 | @import url("https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap"); 2 | 3 | :root { 4 | font-size: 14px; 5 | --pf-global--BackgroundColor--light-100: #fff; 6 | --pf-c-button--m-primary--BackgroundColor: #36383a; 7 | --pf-global--primary-color--100: #36383a; 8 | --pf-global--primary-color--200:#f2a92e 9 | } 10 | 11 | .login-pf { 12 | background: none; 13 | height: 100%; 14 | width: 100%; 15 | } 16 | 17 | .login-pf body { 18 | background: #e4e4e4; 19 | font-family: Roboto; 20 | height: 100%; 21 | margin: 0; 22 | } 23 | 24 | #kc-header-wrapper { 25 | display: none; 26 | } 27 | 28 | .login-pf-page { 29 | padding: 50px; 30 | display: flex; 31 | justify-content: center; 32 | align-items: stretch; 33 | height: 100%; 34 | } 35 | 36 | .login-pf-page-header { 37 | height: 100%; 38 | flex: 0 0 35em; 39 | display: flex; 40 | flex-direction: column; 41 | justify-content: space-around; 42 | border-top-left-radius: 50px; 43 | border-bottom-left-radius: 50px; 44 | background-color: #36383a; 45 | } 46 | 47 | .card-pf { 48 | border-top: 0; 49 | margin: 0; 50 | flex: 0 0 35em; 51 | display: flex; 52 | flex-direction: column; 53 | justify-content: center; 54 | border-top-right-radius: 50px; 55 | border-bottom-right-radius: 50px; 56 | } 57 | 58 | .login-pf-page .login-pf-header h1 { 59 | margin: 0; 60 | font-size: 1.8rem; 61 | font-weight: 700; 62 | line-height: 2rem; 63 | text-align: left; 64 | } 65 | 66 | input[type="text"], 67 | input[type="password"], 68 | select { 69 | height: 48px; 70 | width: 100%; 71 | padding: 12px 20px; 72 | margin: 8px 0; 73 | display: inline-block; 74 | border: 1px solid #ccc; 75 | border-radius: 4px; 76 | box-sizing: border-box; 77 | } 78 | 79 | input[type="submit"] { 80 | width: 100%; 81 | background-color: #4caf50; 82 | color: white; 83 | padding: 14px 20px; 84 | margin: 8px 0; 85 | border: none; 86 | border-radius: 4px; 87 | cursor: pointer; 88 | } 89 | 90 | input[type="submit"]:hover { 91 | background-color: #45a049; 92 | } 93 | 94 | #kc-form-options .checkbox { 95 | padding: 0; 96 | margin: 0; 97 | } 98 | 99 | .pf-c-form__label { 100 | font-weight: bolder; 101 | } 102 | 103 | .pf-c-button, 104 | .pf-c-button.pf-m-primary { 105 | color: var(--pf-c-button--m-primary--Color); 106 | background-color: var(--pf-c-button--m-primary--BackgroundColor); 107 | } 108 | 109 | .pf-m-primary:hover { 110 | background-color: #f2a92e !important; 111 | color: #36383a !important; 112 | } 113 | 114 | .login-subtitle { 115 | font-size: 1rem; 116 | line-height: 1.4rem; 117 | padding: 16px 0 16px 0; 118 | color: #3b97d5; 119 | } 120 | 121 | .pf-m-error { 122 | color: #ff0000 !important; 123 | } 124 | 125 | @media (max-width: 750px) { 126 | .login-pf-page-header, 127 | .login-pf body { 128 | background-color: #fff; 129 | } 130 | .login-pf-page { 131 | flex-direction: column; 132 | justify-content: center; 133 | } 134 | .login-pf-page-header { 135 | border-top-left-radius: 0px; 136 | border-bottom-left-radius: 0px; 137 | flex: 0 0 15em; 138 | } 139 | .card-pf { 140 | border-top-right-radius: 0px; 141 | border-bottom-right-radius: 0px; 142 | } 143 | } 144 | -------------------------------------------------------------------------------- /keycloak-docker-assembly/pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 4 | 4.0.0 5 | 6 | com.czetsuyatech 7 | ct-keycloak-iam 8 | LATEST-SNAPSHOT 9 | 10 | 11 | keycloak-docker-assembly 12 | CT Keycloak Docker 13 | CT Keycloak Docker 14 | pom 15 | 16 | 17 | 18 | com.czetsuyatech 19 | ct-keycloak-spis 20 | ${project.version} 21 | 22 | 23 | 24 | 25 | 26 | 27 | org.apache.maven.plugins 28 | maven-dependency-plugin 29 | 30 | 31 | copy-providers 32 | package 33 | 34 | copy 35 | 36 | 37 | 38 | 39 | com.czetsuyatech 40 | ct-keycloak-spis 41 | true 42 | ${project.build.directory}/keycloak_providers 43 | 44 | 45 | false 46 | true 47 | 48 | 49 | 50 | 51 | 52 | com.googlecode.maven-download-plugin 53 | download-maven-plugin 54 | 55 | 56 | download-keycloak-zip 57 | process-resources 58 | 59 | wget 60 | 61 | 62 | https://downloads.jboss.org/keycloak/${keycloak.version}/keycloak-${keycloak.version}.tar.gz 63 | keycloak-${keycloak.version}.tar.gz 64 | ${project.basedir}/downloads/ 65 | 66 | 67 | 68 | download-mysql-connector 69 | process-resources 70 | 71 | wget 72 | 73 | 74 | 75 | https://repo1.maven.org/maven2/mysql/mysql-connector-java/${mysql-connector.version}/mysql-connector-java-${mysql-connector.version}.jar 76 | 77 | mysql-connector-java-${mysql-connector.version}.jar 78 | ${project.basedir}/downloads/ 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | -------------------------------------------------------------------------------- /pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 4 | 4.0.0 5 | 6 | com.czetsuyatech 7 | ct-keycloak-iam 8 | LATEST-SNAPSHOT 9 | CT Keycloak IAM 10 | CT Keycloak IAM 11 | pom 12 | 13 | 14 | 11 15 | 11 16 | 17 | 3.5.0.Final 18 | 16.1.1 19 | 8.0.29 20 | 1.18.24 21 | 2.13.3 22 | 2.7.1 23 | 24 | 25 | 26 | keycloak-docker-assembly 27 | ct-keycloak-spis 28 | 29 | 30 | 31 | 32 | 33 | org.keycloak.bom 34 | keycloak-adapter-bom 35 | ${keycloak.version} 36 | pom 37 | import 38 | 39 | 40 | org.jboss.logging 41 | jboss-logging 42 | ${jboss-logging.version} 43 | 44 | 45 | org.keycloak 46 | keycloak-server-spi 47 | ${keycloak.version} 48 | 49 | 50 | org.keycloak 51 | keycloak-core 52 | ${keycloak.version} 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | org.apache.maven.plugins 62 | maven-compiler-plugin 63 | 64 | UTF-8 65 | ${java.version} 66 | ${java.version} 67 | 68 | 69 | 70 | 71 | org.apache.maven.plugins 72 | maven-javadoc-plugin 73 | 74 | ${javadoc.version} 75 | 76 | 77 | 78 | 79 | org.apache.maven.plugins 80 | maven-jar-plugin 81 | 82 | 83 | 84 | true 85 | true 86 | 87 | 88 | 89 | 90 | 91 | 92 | org.apache.maven.plugins 93 | maven-dependency-plugin 94 | 3.3.0 95 | 96 | 97 | 98 | org.apache.maven.plugins 99 | maven-resources-plugin 100 | 3.2.0 101 | 102 | UTF-8 103 | 104 | 105 | 106 | 107 | org.apache.maven.plugins 108 | maven-verifier-plugin 109 | 1.1 110 | 111 | 112 | 113 | com.googlecode.maven-download-plugin 114 | download-maven-plugin 115 | 1.6.8 116 | 117 | 118 | 119 | 120 | 121 | 122 | -------------------------------------------------------------------------------- /keycloak-docker-assembly/src/main/resources/themes/czetsuyatech/login/login.ftl: -------------------------------------------------------------------------------- 1 | <#import "template.ftl" as layout> 2 | <@layout.registrationLayout displayMessage=!messagesPerField.existsError('username','password') displayInfo=realm.password && realm.registrationAllowed && !registrationDisabled??; section> 3 | <#if section = "header"> 4 | ${msg("loginAccountTitle")} 5 | <#elseif section = "form"> 6 | 7 | 8 | 9 |
10 |
11 | <#if realm.password> 12 |
13 |
14 | 15 | 16 | <#if usernameEditDisabled??> 17 | 18 | <#else> 19 | 22 | 23 | <#if messagesPerField.existsError('username','password')> 24 | 25 | ${kcSanitize(messagesPerField.getFirstError('username','password'))?no_esc} 26 | 27 | 28 | 29 |
30 | 31 |
32 | 33 | 34 | 37 |
38 | 39 |
40 |
41 | <#if realm.rememberMe && !usernameEditDisabled??> 42 |
43 | 50 |
51 | 52 |
53 |
54 | <#if realm.resetPasswordAllowed> 55 | ${msg("doForgotPassword")} 56 | 57 |
58 | 59 |
60 | 61 |
62 | value="${auth.selectedCredential}"/> 63 | 64 |
65 |
66 | 67 |
68 | 69 | <#if realm.password && social.providers??> 70 |
71 |
72 |

${msg("identity-provider-login-label")}

73 | 74 | 87 |
88 | 89 | 90 |
91 | <#elseif section = "info" > 92 | <#if realm.password && realm.registrationAllowed && !registrationDisabled??> 93 |
94 |
95 | ${msg("noAccount")} ${msg("doRegister")} 97 |
98 |
99 | 100 | 101 | 102 | 103 | -------------------------------------------------------------------------------- /keycloak-docker-assembly/src/main/resources/themes/czetsuyatech/login/template.ftl: -------------------------------------------------------------------------------- 1 | <#macro registrationLayout bodyClass="" displayInfo=false displayMessage=true displayRequiredFields=false showAnotherWayIfPresent=true> 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | <#if properties.meta?has_content> 11 | <#list properties.meta?split(' ') as meta> 12 | 13 | 14 | 15 | ${msg("loginTitle",(realm.displayName!''))} 16 | 17 | <#if properties.stylesCommon?has_content> 18 | <#list properties.stylesCommon?split(' ') as style> 19 | 20 | 21 | 22 | <#if properties.styles?has_content> 23 | <#list properties.styles?split(' ') as style> 24 | 25 | 26 | 27 | <#if properties.scripts?has_content> 28 | <#list properties.scripts?split(' ') as script> 29 | 30 | 31 | 32 | <#if scripts??> 33 | <#list scripts as script> 34 | 35 | 36 | 37 | 38 | 39 | 40 |
41 |
42 | 43 | 46 | 47 |
${kcSanitize(msg("loginTitleHtml",(realm.displayNameHtml!'')))?no_esc}
49 |
50 |
51 |
52 | <#if realm.internationalizationEnabled && locale.supported?size gt 1> 53 |
54 |
55 |
56 | ${locale.current} 57 |
    58 | <#list locale.supported as l> 59 |
  • 60 | ${l.label} 61 |
    • 62 | 63 |
64 |
65 |
66 |
67 | 68 | <#if !(auth?has_content && auth.showUsername() && !auth.showResetCredentials())> 69 | <#if displayRequiredFields> 70 |
71 |
72 | * ${msg("requiredFields")} 73 |
74 |
75 |

<#nested "header">

76 |
77 |
78 | <#else> 79 |

<#nested "header">

80 | 81 | <#else> 82 | <#if displayRequiredFields> 83 |
84 |
85 | * ${msg("requiredFields")} 86 |
87 |
88 | <#nested "show-username"> 89 |
90 | 91 | 92 | 96 | 97 |
98 |
99 |
100 | <#else> 101 | <#nested "show-username"> 102 |
103 | 104 | 105 | 109 | 110 |
111 | 112 | 113 |
114 |
115 |
116 | 117 | <#-- App-initiated actions should not see warning messages about the need to complete the action --> 118 | <#-- during login. --> 119 | <#if displayMessage && message?has_content && (message.type != 'warning' || !isAppInitiatedAction??)> 120 |
121 |
122 | <#if message.type = 'success'> 123 | <#if message.type = 'warning'> 124 | <#if message.type = 'error'> 125 | <#if message.type = 'info'> 126 |
127 | ${kcSanitize(message.summary)?no_esc} 128 |
129 | 130 | 131 | <#nested "form"> 132 | 133 | <#if auth?has_content && auth.showTryAnotherWayLink() && showAnotherWayIfPresent> 134 |
135 |
136 | 137 | ${msg("doTryAnotherWay")} 139 |
140 |
141 | 142 | 143 | <#if displayInfo> 144 |
145 |
146 | <#nested "info"> 147 |
148 |
149 | 150 |
151 |
152 | 153 |
154 |
155 | 156 | 157 | 158 | -------------------------------------------------------------------------------- /keycloak-docker-assembly/src/main/resources/realms/ct-realm-dev.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "czetsuyatech", 3 | "realm": "czetsuyatech", 4 | "notBefore": 0, 5 | "defaultSignatureAlgorithm": "RS256", 6 | "revokeRefreshToken": false, 7 | "refreshTokenMaxReuse": 0, 8 | "accessTokenLifespan": 300, 9 | "accessTokenLifespanForImplicitFlow": 900, 10 | "ssoSessionIdleTimeout": 1800, 11 | "ssoSessionMaxLifespan": 36000, 12 | "ssoSessionIdleTimeoutRememberMe": 0, 13 | "ssoSessionMaxLifespanRememberMe": 0, 14 | "offlineSessionIdleTimeout": 2592000, 15 | "offlineSessionMaxLifespanEnabled": false, 16 | "offlineSessionMaxLifespan": 5184000, 17 | "clientSessionIdleTimeout": 0, 18 | "clientSessionMaxLifespan": 0, 19 | "clientOfflineSessionIdleTimeout": 0, 20 | "clientOfflineSessionMaxLifespan": 0, 21 | "accessCodeLifespan": 60, 22 | "accessCodeLifespanUserAction": 300, 23 | "accessCodeLifespanLogin": 1800, 24 | "actionTokenGeneratedByAdminLifespan": 43200, 25 | "actionTokenGeneratedByUserLifespan": 300, 26 | "oauth2DeviceCodeLifespan": 600, 27 | "oauth2DevicePollingInterval": 5, 28 | "enabled": true, 29 | "sslRequired": "external", 30 | "registrationAllowed": false, 31 | "registrationEmailAsUsername": false, 32 | "rememberMe": true, 33 | "verifyEmail": false, 34 | "loginWithEmailAllowed": true, 35 | "duplicateEmailsAllowed": false, 36 | "resetPasswordAllowed": true, 37 | "editUsernameAllowed": false, 38 | "bruteForceProtected": false, 39 | "permanentLockout": false, 40 | "maxFailureWaitSeconds": 900, 41 | "minimumQuickLoginWaitSeconds": 60, 42 | "waitIncrementSeconds": 60, 43 | "quickLoginCheckMilliSeconds": 1000, 44 | "maxDeltaTimeSeconds": 43200, 45 | "failureFactor": 30, 46 | "roles": { 47 | "realm": [ 48 | { 49 | "id": "9a1537d7-c98c-4516-b93f-1c7e24b7ad8c", 50 | "name": "default-roles-czetsuyatech", 51 | "description": "${role_default-roles}", 52 | "composite": true, 53 | "composites": { 54 | "realm": [ 55 | "offline_access", 56 | "uma_authorization" 57 | ], 58 | "client": { 59 | "account": [ 60 | "view-profile", 61 | "manage-account" 62 | ] 63 | } 64 | }, 65 | "clientRole": false, 66 | "containerId": "czetsuyatech", 67 | "attributes": {} 68 | }, 69 | { 70 | "id": "c6f08f09-c4c6-4eb6-91df-c053f6a25faa", 71 | "name": "uma_authorization", 72 | "description": "${role_uma_authorization}", 73 | "composite": false, 74 | "clientRole": false, 75 | "containerId": "czetsuyatech", 76 | "attributes": {} 77 | }, 78 | { 79 | "id": "1f6ed52d-3403-4c2a-a674-31d451642674", 80 | "name": "offline_access", 81 | "description": "${role_offline-access}", 82 | "composite": false, 83 | "clientRole": false, 84 | "containerId": "czetsuyatech", 85 | "attributes": {} 86 | } 87 | ], 88 | "client": { 89 | "realm-management": [ 90 | { 91 | "id": "1262af7c-140c-49ac-8355-5aea3c1bef52", 92 | "name": "query-realms", 93 | "description": "${role_query-realms}", 94 | "composite": false, 95 | "clientRole": true, 96 | "containerId": "013379a8-fdfb-45bf-b716-fd2fb70f6ecb", 97 | "attributes": {} 98 | }, 99 | { 100 | "id": "acf5d4ef-23b5-48a5-b9d9-172a5b616e8c", 101 | "name": "view-clients", 102 | "description": "${role_view-clients}", 103 | "composite": true, 104 | "composites": { 105 | "client": { 106 | "realm-management": [ 107 | "query-clients" 108 | ] 109 | } 110 | }, 111 | "clientRole": true, 112 | "containerId": "013379a8-fdfb-45bf-b716-fd2fb70f6ecb", 113 | "attributes": {} 114 | }, 115 | { 116 | "id": "dbf8d405-ddc4-4f71-9b4f-66c50f601916", 117 | "name": "manage-events", 118 | "description": "${role_manage-events}", 119 | "composite": false, 120 | "clientRole": true, 121 | "containerId": "013379a8-fdfb-45bf-b716-fd2fb70f6ecb", 122 | "attributes": {} 123 | }, 124 | { 125 | "id": "deb32950-3bb9-4f33-bd5c-75cc07032c85", 126 | "name": "view-identity-providers", 127 | "description": "${role_view-identity-providers}", 128 | "composite": false, 129 | "clientRole": true, 130 | "containerId": "013379a8-fdfb-45bf-b716-fd2fb70f6ecb", 131 | "attributes": {} 132 | }, 133 | { 134 | "id": "9705e829-34a7-4f4c-9f69-c2cd1bce2f8c", 135 | "name": "view-authorization", 136 | "description": "${role_view-authorization}", 137 | "composite": false, 138 | "clientRole": true, 139 | "containerId": "013379a8-fdfb-45bf-b716-fd2fb70f6ecb", 140 | "attributes": {} 141 | }, 142 | { 143 | "id": "405bcac9-506c-48c1-834a-39d61ad468f2", 144 | "name": "manage-clients", 145 | "description": "${role_manage-clients}", 146 | "composite": false, 147 | "clientRole": true, 148 | "containerId": "013379a8-fdfb-45bf-b716-fd2fb70f6ecb", 149 | "attributes": {} 150 | }, 151 | { 152 | "id": "f62f67ef-013b-4f37-801c-2497b93f3364", 153 | "name": "manage-users", 154 | "description": "${role_manage-users}", 155 | "composite": false, 156 | "clientRole": true, 157 | "containerId": "013379a8-fdfb-45bf-b716-fd2fb70f6ecb", 158 | "attributes": {} 159 | }, 160 | { 161 | "id": "e2c9d3bd-38a4-4c12-a1ff-ecb7c85bf14d", 162 | "name": "view-events", 163 | "description": "${role_view-events}", 164 | "composite": false, 165 | "clientRole": true, 166 | "containerId": "013379a8-fdfb-45bf-b716-fd2fb70f6ecb", 167 | "attributes": {} 168 | }, 169 | { 170 | "id": "f049b4d1-aff4-48fc-a9df-c98df2a0bcad", 171 | "name": "manage-authorization", 172 | "description": "${role_manage-authorization}", 173 | "composite": false, 174 | "clientRole": true, 175 | "containerId": "013379a8-fdfb-45bf-b716-fd2fb70f6ecb", 176 | "attributes": {} 177 | }, 178 | { 179 | "id": "eea60b80-1dcb-48c1-a228-304c459c75e3", 180 | "name": "manage-realm", 181 | "description": "${role_manage-realm}", 182 | "composite": false, 183 | "clientRole": true, 184 | "containerId": "013379a8-fdfb-45bf-b716-fd2fb70f6ecb", 185 | "attributes": {} 186 | }, 187 | { 188 | "id": "82021a6a-f046-4539-82c8-3b04a8212199", 189 | "name": "query-clients", 190 | "description": "${role_query-clients}", 191 | "composite": false, 192 | "clientRole": true, 193 | "containerId": "013379a8-fdfb-45bf-b716-fd2fb70f6ecb", 194 | "attributes": {} 195 | }, 196 | { 197 | "id": "d75ec29d-aa36-41f5-bdd0-9e56df525e06", 198 | "name": "query-users", 199 | "description": "${role_query-users}", 200 | "composite": false, 201 | "clientRole": true, 202 | "containerId": "013379a8-fdfb-45bf-b716-fd2fb70f6ecb", 203 | "attributes": {} 204 | }, 205 | { 206 | "id": "72b7a2a0-b911-4256-8168-847fe1424a1c", 207 | "name": "view-users", 208 | "description": "${role_view-users}", 209 | "composite": true, 210 | "composites": { 211 | "client": { 212 | "realm-management": [ 213 | "query-users", 214 | "query-groups" 215 | ] 216 | } 217 | }, 218 | "clientRole": true, 219 | "containerId": "013379a8-fdfb-45bf-b716-fd2fb70f6ecb", 220 | "attributes": {} 221 | }, 222 | { 223 | "id": "94b3cdd5-9cc3-4915-8965-fd6397bab4b3", 224 | "name": "create-client", 225 | "description": "${role_create-client}", 226 | "composite": false, 227 | "clientRole": true, 228 | "containerId": "013379a8-fdfb-45bf-b716-fd2fb70f6ecb", 229 | "attributes": {} 230 | }, 231 | { 232 | "id": "8886cc43-882a-46af-aa26-991853a65d81", 233 | "name": "manage-identity-providers", 234 | "description": "${role_manage-identity-providers}", 235 | "composite": false, 236 | "clientRole": true, 237 | "containerId": "013379a8-fdfb-45bf-b716-fd2fb70f6ecb", 238 | "attributes": {} 239 | }, 240 | { 241 | "id": "a940c1e1-4cc6-40e6-8c10-94fe1e980e72", 242 | "name": "query-groups", 243 | "description": "${role_query-groups}", 244 | "composite": false, 245 | "clientRole": true, 246 | "containerId": "013379a8-fdfb-45bf-b716-fd2fb70f6ecb", 247 | "attributes": {} 248 | }, 249 | { 250 | "id": "eb3dad48-6792-4a6f-8297-f44f9d93a696", 251 | "name": "realm-admin", 252 | "description": "${role_realm-admin}", 253 | "composite": true, 254 | "composites": { 255 | "client": { 256 | "realm-management": [ 257 | "query-realms", 258 | "view-clients", 259 | "manage-events", 260 | "view-identity-providers", 261 | "view-authorization", 262 | "manage-clients", 263 | "view-events", 264 | "manage-users", 265 | "manage-realm", 266 | "manage-authorization", 267 | "query-clients", 268 | "query-users", 269 | "view-users", 270 | "manage-identity-providers", 271 | "create-client", 272 | "query-groups", 273 | "view-realm", 274 | "impersonation" 275 | ] 276 | } 277 | }, 278 | "clientRole": true, 279 | "containerId": "013379a8-fdfb-45bf-b716-fd2fb70f6ecb", 280 | "attributes": {} 281 | }, 282 | { 283 | "id": "87268b00-6c80-4a45-8616-47dbd57879a7", 284 | "name": "view-realm", 285 | "description": "${role_view-realm}", 286 | "composite": false, 287 | "clientRole": true, 288 | "containerId": "013379a8-fdfb-45bf-b716-fd2fb70f6ecb", 289 | "attributes": {} 290 | }, 291 | { 292 | "id": "90696cdf-7c88-49ab-ad1c-60adb0239293", 293 | "name": "impersonation", 294 | "description": "${role_impersonation}", 295 | "composite": false, 296 | "clientRole": true, 297 | "containerId": "013379a8-fdfb-45bf-b716-fd2fb70f6ecb", 298 | "attributes": {} 299 | } 300 | ], 301 | "web-front": [], 302 | "security-admin-console": [], 303 | "admin-cli": [], 304 | "account-console": [], 305 | "broker": [ 306 | { 307 | "id": "2694c66c-ea42-4cb7-bce6-a47d6313c08d", 308 | "name": "read-token", 309 | "description": "${role_read-token}", 310 | "composite": false, 311 | "clientRole": true, 312 | "containerId": "56b648ef-c434-4a9a-96f8-6132623f2945", 313 | "attributes": {} 314 | } 315 | ], 316 | "backend-services": [], 317 | "account": [ 318 | { 319 | "id": "a8efc7ab-3691-44f2-83ec-4c7394c3130c", 320 | "name": "view-applications", 321 | "description": "${role_view-applications}", 322 | "composite": false, 323 | "clientRole": true, 324 | "containerId": "a2685c61-7860-4e4b-8fab-67434131011a", 325 | "attributes": {} 326 | }, 327 | { 328 | "id": "f55c9473-4549-4022-88bf-5bd2caaa675b", 329 | "name": "manage-account", 330 | "description": "${role_manage-account}", 331 | "composite": true, 332 | "composites": { 333 | "client": { 334 | "account": [ 335 | "manage-account-links" 336 | ] 337 | } 338 | }, 339 | "clientRole": true, 340 | "containerId": "a2685c61-7860-4e4b-8fab-67434131011a", 341 | "attributes": {} 342 | }, 343 | { 344 | "id": "8ce87e11-0e69-4a94-8141-e24430168df7", 345 | "name": "view-profile", 346 | "description": "${role_view-profile}", 347 | "composite": false, 348 | "clientRole": true, 349 | "containerId": "a2685c61-7860-4e4b-8fab-67434131011a", 350 | "attributes": {} 351 | }, 352 | { 353 | "id": "44d35603-d8ff-4443-965c-6911fe3442e1", 354 | "name": "manage-account-links", 355 | "description": "${role_manage-account-links}", 356 | "composite": false, 357 | "clientRole": true, 358 | "containerId": "a2685c61-7860-4e4b-8fab-67434131011a", 359 | "attributes": {} 360 | }, 361 | { 362 | "id": "f8e0e30d-81e0-40db-ab3e-a99942c02f34", 363 | "name": "manage-consent", 364 | "description": "${role_manage-consent}", 365 | "composite": true, 366 | "composites": { 367 | "client": { 368 | "account": [ 369 | "view-consent" 370 | ] 371 | } 372 | }, 373 | "clientRole": true, 374 | "containerId": "a2685c61-7860-4e4b-8fab-67434131011a", 375 | "attributes": {} 376 | }, 377 | { 378 | "id": "215f43b7-c906-464c-947e-cbbc011b1579", 379 | "name": "delete-account", 380 | "description": "${role_delete-account}", 381 | "composite": false, 382 | "clientRole": true, 383 | "containerId": "a2685c61-7860-4e4b-8fab-67434131011a", 384 | "attributes": {} 385 | }, 386 | { 387 | "id": "abf1ba1a-64f9-4a5c-9b66-7966c1b1f393", 388 | "name": "view-consent", 389 | "description": "${role_view-consent}", 390 | "composite": false, 391 | "clientRole": true, 392 | "containerId": "a2685c61-7860-4e4b-8fab-67434131011a", 393 | "attributes": {} 394 | } 395 | ] 396 | } 397 | }, 398 | "groups": [], 399 | "defaultRole": { 400 | "id": "9a1537d7-c98c-4516-b93f-1c7e24b7ad8c", 401 | "name": "default-roles-czetsuyatech", 402 | "description": "${role_default-roles}", 403 | "composite": true, 404 | "clientRole": false, 405 | "containerId": "czetsuyatech" 406 | }, 407 | "requiredCredentials": [ 408 | "password" 409 | ], 410 | "otpPolicyType": "totp", 411 | "otpPolicyAlgorithm": "HmacSHA1", 412 | "otpPolicyInitialCounter": 0, 413 | "otpPolicyDigits": 6, 414 | "otpPolicyLookAheadWindow": 1, 415 | "otpPolicyPeriod": 30, 416 | "otpSupportedApplications": [ 417 | "FreeOTP", 418 | "Google Authenticator" 419 | ], 420 | "webAuthnPolicyRpEntityName": "keycloak", 421 | "webAuthnPolicySignatureAlgorithms": [ 422 | "ES256" 423 | ], 424 | "webAuthnPolicyRpId": "", 425 | "webAuthnPolicyAttestationConveyancePreference": "not specified", 426 | "webAuthnPolicyAuthenticatorAttachment": "not specified", 427 | "webAuthnPolicyRequireResidentKey": "not specified", 428 | "webAuthnPolicyUserVerificationRequirement": "not specified", 429 | "webAuthnPolicyCreateTimeout": 0, 430 | "webAuthnPolicyAvoidSameAuthenticatorRegister": false, 431 | "webAuthnPolicyAcceptableAaguids": [], 432 | "webAuthnPolicyPasswordlessRpEntityName": "keycloak", 433 | "webAuthnPolicyPasswordlessSignatureAlgorithms": [ 434 | "ES256" 435 | ], 436 | "webAuthnPolicyPasswordlessRpId": "", 437 | "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", 438 | "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", 439 | "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", 440 | "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", 441 | "webAuthnPolicyPasswordlessCreateTimeout": 0, 442 | "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, 443 | "webAuthnPolicyPasswordlessAcceptableAaguids": [], 444 | "scopeMappings": [ 445 | { 446 | "clientScope": "offline_access", 447 | "roles": [ 448 | "offline_access" 449 | ] 450 | } 451 | ], 452 | "clientScopeMappings": { 453 | "account": [ 454 | { 455 | "client": "account-console", 456 | "roles": [ 457 | "manage-account" 458 | ] 459 | } 460 | ] 461 | }, 462 | "clients": [ 463 | { 464 | "id": "a2685c61-7860-4e4b-8fab-67434131011a", 465 | "clientId": "account", 466 | "name": "${client_account}", 467 | "rootUrl": "${authBaseUrl}", 468 | "baseUrl": "/realms/czetsuyatech/account/", 469 | "surrogateAuthRequired": false, 470 | "enabled": true, 471 | "alwaysDisplayInConsole": false, 472 | "clientAuthenticatorType": "client-secret", 473 | "redirectUris": [ 474 | "/realms/czetsuyatech/account/*" 475 | ], 476 | "webOrigins": [], 477 | "notBefore": 0, 478 | "bearerOnly": false, 479 | "consentRequired": false, 480 | "standardFlowEnabled": true, 481 | "implicitFlowEnabled": false, 482 | "directAccessGrantsEnabled": false, 483 | "serviceAccountsEnabled": false, 484 | "publicClient": true, 485 | "frontchannelLogout": false, 486 | "protocol": "openid-connect", 487 | "attributes": {}, 488 | "authenticationFlowBindingOverrides": {}, 489 | "fullScopeAllowed": false, 490 | "nodeReRegistrationTimeout": 0, 491 | "defaultClientScopes": [ 492 | "web-origins", 493 | "profile", 494 | "roles", 495 | "email" 496 | ], 497 | "optionalClientScopes": [ 498 | "address", 499 | "phone", 500 | "offline_access", 501 | "microprofile-jwt" 502 | ] 503 | }, 504 | { 505 | "id": "c1ac5c80-f91a-4f9d-8334-cca481037920", 506 | "clientId": "account-console", 507 | "name": "${client_account-console}", 508 | "rootUrl": "${authBaseUrl}", 509 | "baseUrl": "/realms/czetsuyatech/account/", 510 | "surrogateAuthRequired": false, 511 | "enabled": true, 512 | "alwaysDisplayInConsole": false, 513 | "clientAuthenticatorType": "client-secret", 514 | "redirectUris": [ 515 | "/realms/czetsuyatech/account/*" 516 | ], 517 | "webOrigins": [], 518 | "notBefore": 0, 519 | "bearerOnly": false, 520 | "consentRequired": false, 521 | "standardFlowEnabled": true, 522 | "implicitFlowEnabled": false, 523 | "directAccessGrantsEnabled": false, 524 | "serviceAccountsEnabled": false, 525 | "publicClient": true, 526 | "frontchannelLogout": false, 527 | "protocol": "openid-connect", 528 | "attributes": { 529 | "pkce.code.challenge.method": "S256" 530 | }, 531 | "authenticationFlowBindingOverrides": {}, 532 | "fullScopeAllowed": false, 533 | "nodeReRegistrationTimeout": 0, 534 | "protocolMappers": [ 535 | { 536 | "id": "cc0ca999-96b5-4c35-bd03-0a2fec426fbc", 537 | "name": "audience resolve", 538 | "protocol": "openid-connect", 539 | "protocolMapper": "oidc-audience-resolve-mapper", 540 | "consentRequired": false, 541 | "config": {} 542 | } 543 | ], 544 | "defaultClientScopes": [ 545 | "web-origins", 546 | "profile", 547 | "roles", 548 | "email" 549 | ], 550 | "optionalClientScopes": [ 551 | "address", 552 | "phone", 553 | "offline_access", 554 | "microprofile-jwt" 555 | ] 556 | }, 557 | { 558 | "id": "89130878-4548-47b3-b2e8-63d88cd33918", 559 | "clientId": "admin-cli", 560 | "name": "${client_admin-cli}", 561 | "surrogateAuthRequired": false, 562 | "enabled": true, 563 | "alwaysDisplayInConsole": false, 564 | "clientAuthenticatorType": "client-secret", 565 | "redirectUris": [], 566 | "webOrigins": [], 567 | "notBefore": 0, 568 | "bearerOnly": false, 569 | "consentRequired": false, 570 | "standardFlowEnabled": false, 571 | "implicitFlowEnabled": false, 572 | "directAccessGrantsEnabled": true, 573 | "serviceAccountsEnabled": false, 574 | "publicClient": true, 575 | "frontchannelLogout": false, 576 | "protocol": "openid-connect", 577 | "attributes": {}, 578 | "authenticationFlowBindingOverrides": {}, 579 | "fullScopeAllowed": false, 580 | "nodeReRegistrationTimeout": 0, 581 | "defaultClientScopes": [ 582 | "web-origins", 583 | "profile", 584 | "roles", 585 | "email" 586 | ], 587 | "optionalClientScopes": [ 588 | "address", 589 | "phone", 590 | "offline_access", 591 | "microprofile-jwt" 592 | ] 593 | }, 594 | { 595 | "id": "738a2180-2d09-4171-8d87-969f238329ad", 596 | "clientId": "backend-services", 597 | "surrogateAuthRequired": false, 598 | "enabled": true, 599 | "alwaysDisplayInConsole": false, 600 | "clientAuthenticatorType": "client-secret", 601 | "redirectUris": [], 602 | "webOrigins": [], 603 | "notBefore": 0, 604 | "bearerOnly": true, 605 | "consentRequired": false, 606 | "standardFlowEnabled": true, 607 | "implicitFlowEnabled": false, 608 | "directAccessGrantsEnabled": true, 609 | "serviceAccountsEnabled": false, 610 | "publicClient": false, 611 | "frontchannelLogout": false, 612 | "protocol": "openid-connect", 613 | "attributes": { 614 | "id.token.as.detached.signature": "false", 615 | "saml.assertion.signature": "false", 616 | "saml.force.post.binding": "false", 617 | "saml.multivalued.roles": "false", 618 | "saml.encrypt": "false", 619 | "oauth2.device.authorization.grant.enabled": "false", 620 | "backchannel.logout.revoke.offline.tokens": "false", 621 | "saml.server.signature": "false", 622 | "saml.server.signature.keyinfo.ext": "false", 623 | "use.refresh.tokens": "true", 624 | "exclude.session.state.from.auth.response": "false", 625 | "oidc.ciba.grant.enabled": "false", 626 | "saml.artifact.binding": "false", 627 | "backchannel.logout.session.required": "true", 628 | "client_credentials.use_refresh_token": "false", 629 | "saml_force_name_id_format": "false", 630 | "require.pushed.authorization.requests": "false", 631 | "saml.client.signature": "false", 632 | "tls.client.certificate.bound.access.tokens": "false", 633 | "saml.authnstatement": "false", 634 | "display.on.consent.screen": "false", 635 | "saml.onetimeuse.condition": "false" 636 | }, 637 | "authenticationFlowBindingOverrides": {}, 638 | "fullScopeAllowed": true, 639 | "nodeReRegistrationTimeout": -1, 640 | "defaultClientScopes": [ 641 | "web-origins", 642 | "profile", 643 | "roles", 644 | "email" 645 | ], 646 | "optionalClientScopes": [ 647 | "address", 648 | "phone", 649 | "offline_access", 650 | "microprofile-jwt" 651 | ] 652 | }, 653 | { 654 | "id": "56b648ef-c434-4a9a-96f8-6132623f2945", 655 | "clientId": "broker", 656 | "name": "${client_broker}", 657 | "surrogateAuthRequired": false, 658 | "enabled": true, 659 | "alwaysDisplayInConsole": false, 660 | "clientAuthenticatorType": "client-secret", 661 | "redirectUris": [], 662 | "webOrigins": [], 663 | "notBefore": 0, 664 | "bearerOnly": true, 665 | "consentRequired": false, 666 | "standardFlowEnabled": true, 667 | "implicitFlowEnabled": false, 668 | "directAccessGrantsEnabled": false, 669 | "serviceAccountsEnabled": false, 670 | "publicClient": false, 671 | "frontchannelLogout": false, 672 | "protocol": "openid-connect", 673 | "attributes": {}, 674 | "authenticationFlowBindingOverrides": {}, 675 | "fullScopeAllowed": false, 676 | "nodeReRegistrationTimeout": 0, 677 | "defaultClientScopes": [ 678 | "web-origins", 679 | "profile", 680 | "roles", 681 | "email" 682 | ], 683 | "optionalClientScopes": [ 684 | "address", 685 | "phone", 686 | "offline_access", 687 | "microprofile-jwt" 688 | ] 689 | }, 690 | { 691 | "id": "013379a8-fdfb-45bf-b716-fd2fb70f6ecb", 692 | "clientId": "realm-management", 693 | "name": "${client_realm-management}", 694 | "surrogateAuthRequired": false, 695 | "enabled": true, 696 | "alwaysDisplayInConsole": false, 697 | "clientAuthenticatorType": "client-secret", 698 | "redirectUris": [], 699 | "webOrigins": [], 700 | "notBefore": 0, 701 | "bearerOnly": true, 702 | "consentRequired": false, 703 | "standardFlowEnabled": true, 704 | "implicitFlowEnabled": false, 705 | "directAccessGrantsEnabled": false, 706 | "serviceAccountsEnabled": false, 707 | "publicClient": false, 708 | "frontchannelLogout": false, 709 | "protocol": "openid-connect", 710 | "attributes": {}, 711 | "authenticationFlowBindingOverrides": {}, 712 | "fullScopeAllowed": false, 713 | "nodeReRegistrationTimeout": 0, 714 | "defaultClientScopes": [ 715 | "web-origins", 716 | "profile", 717 | "roles", 718 | "email" 719 | ], 720 | "optionalClientScopes": [ 721 | "address", 722 | "phone", 723 | "offline_access", 724 | "microprofile-jwt" 725 | ] 726 | }, 727 | { 728 | "id": "844aac55-dd11-49fa-985c-6f544e946f35", 729 | "clientId": "security-admin-console", 730 | "name": "${client_security-admin-console}", 731 | "rootUrl": "${authAdminUrl}", 732 | "baseUrl": "/admin/czetsuyatech/console/", 733 | "surrogateAuthRequired": false, 734 | "enabled": true, 735 | "alwaysDisplayInConsole": false, 736 | "clientAuthenticatorType": "client-secret", 737 | "redirectUris": [ 738 | "/admin/czetsuyatech/console/*" 739 | ], 740 | "webOrigins": [ 741 | "+" 742 | ], 743 | "notBefore": 0, 744 | "bearerOnly": false, 745 | "consentRequired": false, 746 | "standardFlowEnabled": true, 747 | "implicitFlowEnabled": false, 748 | "directAccessGrantsEnabled": false, 749 | "serviceAccountsEnabled": false, 750 | "publicClient": true, 751 | "frontchannelLogout": false, 752 | "protocol": "openid-connect", 753 | "attributes": { 754 | "pkce.code.challenge.method": "S256" 755 | }, 756 | "authenticationFlowBindingOverrides": {}, 757 | "fullScopeAllowed": false, 758 | "nodeReRegistrationTimeout": 0, 759 | "protocolMappers": [ 760 | { 761 | "id": "dc55fe6a-7bee-400b-b772-b42061cd1666", 762 | "name": "locale", 763 | "protocol": "openid-connect", 764 | "protocolMapper": "oidc-usermodel-attribute-mapper", 765 | "consentRequired": false, 766 | "config": { 767 | "userinfo.token.claim": "true", 768 | "user.attribute": "locale", 769 | "id.token.claim": "true", 770 | "access.token.claim": "true", 771 | "claim.name": "locale", 772 | "jsonType.label": "String" 773 | } 774 | } 775 | ], 776 | "defaultClientScopes": [ 777 | "web-origins", 778 | "profile", 779 | "roles", 780 | "email" 781 | ], 782 | "optionalClientScopes": [ 783 | "address", 784 | "phone", 785 | "offline_access", 786 | "microprofile-jwt" 787 | ] 788 | }, 789 | { 790 | "id": "17022221-5739-40b2-983b-d7dc9d4f33a0", 791 | "clientId": "web-front", 792 | "surrogateAuthRequired": false, 793 | "enabled": true, 794 | "alwaysDisplayInConsole": false, 795 | "clientAuthenticatorType": "client-secret", 796 | "secret": "**********", 797 | "redirectUris": [ 798 | "*" 799 | ], 800 | "webOrigins": [ 801 | "*" 802 | ], 803 | "notBefore": 0, 804 | "bearerOnly": false, 805 | "consentRequired": false, 806 | "standardFlowEnabled": true, 807 | "implicitFlowEnabled": false, 808 | "directAccessGrantsEnabled": true, 809 | "serviceAccountsEnabled": false, 810 | "publicClient": false, 811 | "frontchannelLogout": false, 812 | "protocol": "openid-connect", 813 | "attributes": { 814 | "id.token.as.detached.signature": "false", 815 | "saml.assertion.signature": "false", 816 | "saml.force.post.binding": "false", 817 | "saml.multivalued.roles": "false", 818 | "saml.encrypt": "false", 819 | "oauth2.device.authorization.grant.enabled": "false", 820 | "backchannel.logout.revoke.offline.tokens": "false", 821 | "saml.server.signature": "false", 822 | "saml.server.signature.keyinfo.ext": "false", 823 | "use.refresh.tokens": "true", 824 | "exclude.session.state.from.auth.response": "false", 825 | "oidc.ciba.grant.enabled": "false", 826 | "saml.artifact.binding": "false", 827 | "backchannel.logout.session.required": "true", 828 | "client_credentials.use_refresh_token": "false", 829 | "saml_force_name_id_format": "false", 830 | "require.pushed.authorization.requests": "false", 831 | "saml.client.signature": "false", 832 | "tls.client.certificate.bound.access.tokens": "false", 833 | "saml.authnstatement": "false", 834 | "display.on.consent.screen": "false", 835 | "saml.onetimeuse.condition": "false" 836 | }, 837 | "authenticationFlowBindingOverrides": {}, 838 | "fullScopeAllowed": true, 839 | "nodeReRegistrationTimeout": -1, 840 | "defaultClientScopes": [ 841 | "web-origins", 842 | "profile", 843 | "roles", 844 | "email" 845 | ], 846 | "optionalClientScopes": [ 847 | "address", 848 | "phone", 849 | "offline_access", 850 | "microprofile-jwt" 851 | ] 852 | } 853 | ], 854 | "clientScopes": [ 855 | { 856 | "id": "e71dc5d9-5538-4493-bc01-1730ebc77a07", 857 | "name": "microprofile-jwt", 858 | "description": "Microprofile - JWT built-in scope", 859 | "protocol": "openid-connect", 860 | "attributes": { 861 | "include.in.token.scope": "true", 862 | "display.on.consent.screen": "false" 863 | }, 864 | "protocolMappers": [ 865 | { 866 | "id": "e3d9ca75-cf8b-4deb-945e-ed988acaa5d3", 867 | "name": "groups", 868 | "protocol": "openid-connect", 869 | "protocolMapper": "oidc-usermodel-realm-role-mapper", 870 | "consentRequired": false, 871 | "config": { 872 | "multivalued": "true", 873 | "userinfo.token.claim": "true", 874 | "user.attribute": "foo", 875 | "id.token.claim": "true", 876 | "access.token.claim": "true", 877 | "claim.name": "groups", 878 | "jsonType.label": "String" 879 | } 880 | }, 881 | { 882 | "id": "8f81bf71-06a8-4541-a90c-7474527931c6", 883 | "name": "upn", 884 | "protocol": "openid-connect", 885 | "protocolMapper": "oidc-usermodel-property-mapper", 886 | "consentRequired": false, 887 | "config": { 888 | "userinfo.token.claim": "true", 889 | "user.attribute": "username", 890 | "id.token.claim": "true", 891 | "access.token.claim": "true", 892 | "claim.name": "upn", 893 | "jsonType.label": "String" 894 | } 895 | } 896 | ] 897 | }, 898 | { 899 | "id": "fcaffa4d-10bb-48d2-9249-45767acc7470", 900 | "name": "profile", 901 | "description": "OpenID Connect built-in scope: profile", 902 | "protocol": "openid-connect", 903 | "attributes": { 904 | "include.in.token.scope": "true", 905 | "display.on.consent.screen": "true", 906 | "consent.screen.text": "${profileScopeConsentText}" 907 | }, 908 | "protocolMappers": [ 909 | { 910 | "id": "12bfad42-be8c-4f29-a865-cf2d590ab501", 911 | "name": "given name", 912 | "protocol": "openid-connect", 913 | "protocolMapper": "oidc-usermodel-property-mapper", 914 | "consentRequired": false, 915 | "config": { 916 | "userinfo.token.claim": "true", 917 | "user.attribute": "firstName", 918 | "id.token.claim": "true", 919 | "access.token.claim": "true", 920 | "claim.name": "given_name", 921 | "jsonType.label": "String" 922 | } 923 | }, 924 | { 925 | "id": "8c846953-28d3-423e-83fc-08fe9de4b741", 926 | "name": "nickname", 927 | "protocol": "openid-connect", 928 | "protocolMapper": "oidc-usermodel-attribute-mapper", 929 | "consentRequired": false, 930 | "config": { 931 | "userinfo.token.claim": "true", 932 | "user.attribute": "nickname", 933 | "id.token.claim": "true", 934 | "access.token.claim": "true", 935 | "claim.name": "nickname", 936 | "jsonType.label": "String" 937 | } 938 | }, 939 | { 940 | "id": "13fc234b-14b2-437e-86fe-4c33ff191f07", 941 | "name": "username", 942 | "protocol": "openid-connect", 943 | "protocolMapper": "oidc-usermodel-property-mapper", 944 | "consentRequired": false, 945 | "config": { 946 | "userinfo.token.claim": "true", 947 | "user.attribute": "username", 948 | "id.token.claim": "true", 949 | "access.token.claim": "true", 950 | "claim.name": "preferred_username", 951 | "jsonType.label": "String" 952 | } 953 | }, 954 | { 955 | "id": "b8ca3bc3-e401-4f87-ad5d-0cf9ea5ece72", 956 | "name": "profile", 957 | "protocol": "openid-connect", 958 | "protocolMapper": "oidc-usermodel-attribute-mapper", 959 | "consentRequired": false, 960 | "config": { 961 | "userinfo.token.claim": "true", 962 | "user.attribute": "profile", 963 | "id.token.claim": "true", 964 | "access.token.claim": "true", 965 | "claim.name": "profile", 966 | "jsonType.label": "String" 967 | } 968 | }, 969 | { 970 | "id": "ce4e851e-cdb5-44dd-a251-b9f2c8a9a3c5", 971 | "name": "middle name", 972 | "protocol": "openid-connect", 973 | "protocolMapper": "oidc-usermodel-attribute-mapper", 974 | "consentRequired": false, 975 | "config": { 976 | "userinfo.token.claim": "true", 977 | "user.attribute": "middleName", 978 | "id.token.claim": "true", 979 | "access.token.claim": "true", 980 | "claim.name": "middle_name", 981 | "jsonType.label": "String" 982 | } 983 | }, 984 | { 985 | "id": "ed5679b3-fe6e-40b4-adcf-cf364a0884ba", 986 | "name": "locale", 987 | "protocol": "openid-connect", 988 | "protocolMapper": "oidc-usermodel-attribute-mapper", 989 | "consentRequired": false, 990 | "config": { 991 | "userinfo.token.claim": "true", 992 | "user.attribute": "locale", 993 | "id.token.claim": "true", 994 | "access.token.claim": "true", 995 | "claim.name": "locale", 996 | "jsonType.label": "String" 997 | } 998 | }, 999 | { 1000 | "id": "2f5f809b-49a0-4188-8bb8-cc5b3f43a734", 1001 | "name": "full name", 1002 | "protocol": "openid-connect", 1003 | "protocolMapper": "oidc-full-name-mapper", 1004 | "consentRequired": false, 1005 | "config": { 1006 | "id.token.claim": "true", 1007 | "access.token.claim": "true", 1008 | "userinfo.token.claim": "true" 1009 | } 1010 | }, 1011 | { 1012 | "id": "053a5f27-eee5-4e08-a25c-c341f3aa82a3", 1013 | "name": "zoneinfo", 1014 | "protocol": "openid-connect", 1015 | "protocolMapper": "oidc-usermodel-attribute-mapper", 1016 | "consentRequired": false, 1017 | "config": { 1018 | "userinfo.token.claim": "true", 1019 | "user.attribute": "zoneinfo", 1020 | "id.token.claim": "true", 1021 | "access.token.claim": "true", 1022 | "claim.name": "zoneinfo", 1023 | "jsonType.label": "String" 1024 | } 1025 | }, 1026 | { 1027 | "id": "bf2b2c09-b07c-460f-be09-8e13c0b7b3bf", 1028 | "name": "picture", 1029 | "protocol": "openid-connect", 1030 | "protocolMapper": "oidc-usermodel-attribute-mapper", 1031 | "consentRequired": false, 1032 | "config": { 1033 | "userinfo.token.claim": "true", 1034 | "user.attribute": "picture", 1035 | "id.token.claim": "true", 1036 | "access.token.claim": "true", 1037 | "claim.name": "picture", 1038 | "jsonType.label": "String" 1039 | } 1040 | }, 1041 | { 1042 | "id": "c260f6c6-265f-45b4-912c-2cda0c745fe1", 1043 | "name": "gender", 1044 | "protocol": "openid-connect", 1045 | "protocolMapper": "oidc-usermodel-attribute-mapper", 1046 | "consentRequired": false, 1047 | "config": { 1048 | "userinfo.token.claim": "true", 1049 | "user.attribute": "gender", 1050 | "id.token.claim": "true", 1051 | "access.token.claim": "true", 1052 | "claim.name": "gender", 1053 | "jsonType.label": "String" 1054 | } 1055 | }, 1056 | { 1057 | "id": "6522f59f-17c4-49ec-9938-3f66184baad7", 1058 | "name": "website", 1059 | "protocol": "openid-connect", 1060 | "protocolMapper": "oidc-usermodel-attribute-mapper", 1061 | "consentRequired": false, 1062 | "config": { 1063 | "userinfo.token.claim": "true", 1064 | "user.attribute": "website", 1065 | "id.token.claim": "true", 1066 | "access.token.claim": "true", 1067 | "claim.name": "website", 1068 | "jsonType.label": "String" 1069 | } 1070 | }, 1071 | { 1072 | "id": "b94f3f7d-1c48-4170-9fed-85eeaef3aadf", 1073 | "name": "birthdate", 1074 | "protocol": "openid-connect", 1075 | "protocolMapper": "oidc-usermodel-attribute-mapper", 1076 | "consentRequired": false, 1077 | "config": { 1078 | "userinfo.token.claim": "true", 1079 | "user.attribute": "birthdate", 1080 | "id.token.claim": "true", 1081 | "access.token.claim": "true", 1082 | "claim.name": "birthdate", 1083 | "jsonType.label": "String" 1084 | } 1085 | }, 1086 | { 1087 | "id": "badd9e82-21eb-4545-a05c-17a8e20fb1da", 1088 | "name": "updated at", 1089 | "protocol": "openid-connect", 1090 | "protocolMapper": "oidc-usermodel-attribute-mapper", 1091 | "consentRequired": false, 1092 | "config": { 1093 | "userinfo.token.claim": "true", 1094 | "user.attribute": "updatedAt", 1095 | "id.token.claim": "true", 1096 | "access.token.claim": "true", 1097 | "claim.name": "updated_at", 1098 | "jsonType.label": "String" 1099 | } 1100 | }, 1101 | { 1102 | "id": "65c5af41-11d6-4b35-ba6b-b343d6fb151b", 1103 | "name": "family name", 1104 | "protocol": "openid-connect", 1105 | "protocolMapper": "oidc-usermodel-property-mapper", 1106 | "consentRequired": false, 1107 | "config": { 1108 | "userinfo.token.claim": "true", 1109 | "user.attribute": "lastName", 1110 | "id.token.claim": "true", 1111 | "access.token.claim": "true", 1112 | "claim.name": "family_name", 1113 | "jsonType.label": "String" 1114 | } 1115 | } 1116 | ] 1117 | }, 1118 | { 1119 | "id": "d721c34d-86e2-45f9-a041-0db85c4dde2b", 1120 | "name": "role_list", 1121 | "description": "SAML role list", 1122 | "protocol": "saml", 1123 | "attributes": { 1124 | "consent.screen.text": "${samlRoleListScopeConsentText}", 1125 | "display.on.consent.screen": "true" 1126 | }, 1127 | "protocolMappers": [ 1128 | { 1129 | "id": "b3439d1b-1e46-4a41-adde-6f8cf7b9d7f0", 1130 | "name": "role list", 1131 | "protocol": "saml", 1132 | "protocolMapper": "saml-role-list-mapper", 1133 | "consentRequired": false, 1134 | "config": { 1135 | "single": "false", 1136 | "attribute.nameformat": "Basic", 1137 | "attribute.name": "Role" 1138 | } 1139 | } 1140 | ] 1141 | }, 1142 | { 1143 | "id": "fc48834b-2aa8-4cfc-b478-3622251d9e8f", 1144 | "name": "web-origins", 1145 | "description": "OpenID Connect scope for add allowed web origins to the access token", 1146 | "protocol": "openid-connect", 1147 | "attributes": { 1148 | "include.in.token.scope": "false", 1149 | "display.on.consent.screen": "false", 1150 | "consent.screen.text": "" 1151 | }, 1152 | "protocolMappers": [ 1153 | { 1154 | "id": "a29b9c56-6bb4-4a78-bb53-131edb77d823", 1155 | "name": "allowed web origins", 1156 | "protocol": "openid-connect", 1157 | "protocolMapper": "oidc-allowed-origins-mapper", 1158 | "consentRequired": false, 1159 | "config": {} 1160 | } 1161 | ] 1162 | }, 1163 | { 1164 | "id": "11a23537-56ad-48e4-913c-dcda752d6899", 1165 | "name": "offline_access", 1166 | "description": "OpenID Connect built-in scope: offline_access", 1167 | "protocol": "openid-connect", 1168 | "attributes": { 1169 | "consent.screen.text": "${offlineAccessScopeConsentText}", 1170 | "display.on.consent.screen": "true" 1171 | } 1172 | }, 1173 | { 1174 | "id": "71e555ee-f931-4846-bfaf-fb3e79337838", 1175 | "name": "phone", 1176 | "description": "OpenID Connect built-in scope: phone", 1177 | "protocol": "openid-connect", 1178 | "attributes": { 1179 | "include.in.token.scope": "true", 1180 | "display.on.consent.screen": "true", 1181 | "consent.screen.text": "${phoneScopeConsentText}" 1182 | }, 1183 | "protocolMappers": [ 1184 | { 1185 | "id": "edde3f4e-011c-4dd9-b980-c60ab2b56a09", 1186 | "name": "phone number verified", 1187 | "protocol": "openid-connect", 1188 | "protocolMapper": "oidc-usermodel-attribute-mapper", 1189 | "consentRequired": false, 1190 | "config": { 1191 | "userinfo.token.claim": "true", 1192 | "user.attribute": "phoneNumberVerified", 1193 | "id.token.claim": "true", 1194 | "access.token.claim": "true", 1195 | "claim.name": "phone_number_verified", 1196 | "jsonType.label": "boolean" 1197 | } 1198 | }, 1199 | { 1200 | "id": "e54d2474-ca51-42cb-9ed3-bb7a85e63fc7", 1201 | "name": "phone number", 1202 | "protocol": "openid-connect", 1203 | "protocolMapper": "oidc-usermodel-attribute-mapper", 1204 | "consentRequired": false, 1205 | "config": { 1206 | "userinfo.token.claim": "true", 1207 | "user.attribute": "phoneNumber", 1208 | "id.token.claim": "true", 1209 | "access.token.claim": "true", 1210 | "claim.name": "phone_number", 1211 | "jsonType.label": "String" 1212 | } 1213 | } 1214 | ] 1215 | }, 1216 | { 1217 | "id": "fbd4a9df-7ab0-4066-a219-726b6d7d87e6", 1218 | "name": "roles", 1219 | "description": "OpenID Connect scope for add user roles to the access token", 1220 | "protocol": "openid-connect", 1221 | "attributes": { 1222 | "include.in.token.scope": "false", 1223 | "display.on.consent.screen": "true", 1224 | "consent.screen.text": "${rolesScopeConsentText}" 1225 | }, 1226 | "protocolMappers": [ 1227 | { 1228 | "id": "c9ab3f28-ab19-42e4-a2a1-0d860409e029", 1229 | "name": "audience resolve", 1230 | "protocol": "openid-connect", 1231 | "protocolMapper": "oidc-audience-resolve-mapper", 1232 | "consentRequired": false, 1233 | "config": {} 1234 | }, 1235 | { 1236 | "id": "630e527b-dd71-4bc1-82dc-c263f5f27050", 1237 | "name": "client roles", 1238 | "protocol": "openid-connect", 1239 | "protocolMapper": "oidc-usermodel-client-role-mapper", 1240 | "consentRequired": false, 1241 | "config": { 1242 | "user.attribute": "foo", 1243 | "access.token.claim": "true", 1244 | "claim.name": "resource_access.${client_id}.roles", 1245 | "jsonType.label": "String", 1246 | "multivalued": "true" 1247 | } 1248 | }, 1249 | { 1250 | "id": "fc3b9782-8d0e-425b-af40-07444aaf08be", 1251 | "name": "realm roles", 1252 | "protocol": "openid-connect", 1253 | "protocolMapper": "oidc-usermodel-realm-role-mapper", 1254 | "consentRequired": false, 1255 | "config": { 1256 | "user.attribute": "foo", 1257 | "access.token.claim": "true", 1258 | "claim.name": "realm_access.roles", 1259 | "jsonType.label": "String", 1260 | "multivalued": "true" 1261 | } 1262 | } 1263 | ] 1264 | }, 1265 | { 1266 | "id": "4f1e07b0-21b9-4d22-a900-9b6766b2c527", 1267 | "name": "address", 1268 | "description": "OpenID Connect built-in scope: address", 1269 | "protocol": "openid-connect", 1270 | "attributes": { 1271 | "include.in.token.scope": "true", 1272 | "display.on.consent.screen": "true", 1273 | "consent.screen.text": "${addressScopeConsentText}" 1274 | }, 1275 | "protocolMappers": [ 1276 | { 1277 | "id": "ab9f3dc2-a4b2-402c-a712-099d88912d85", 1278 | "name": "address", 1279 | "protocol": "openid-connect", 1280 | "protocolMapper": "oidc-address-mapper", 1281 | "consentRequired": false, 1282 | "config": { 1283 | "user.attribute.formatted": "formatted", 1284 | "user.attribute.country": "country", 1285 | "user.attribute.postal_code": "postal_code", 1286 | "userinfo.token.claim": "true", 1287 | "user.attribute.street": "street", 1288 | "id.token.claim": "true", 1289 | "user.attribute.region": "region", 1290 | "access.token.claim": "true", 1291 | "user.attribute.locality": "locality" 1292 | } 1293 | } 1294 | ] 1295 | }, 1296 | { 1297 | "id": "79151c0f-45ad-40e2-bc9f-503d2424a4a7", 1298 | "name": "email", 1299 | "description": "OpenID Connect built-in scope: email", 1300 | "protocol": "openid-connect", 1301 | "attributes": { 1302 | "include.in.token.scope": "true", 1303 | "display.on.consent.screen": "true", 1304 | "consent.screen.text": "${emailScopeConsentText}" 1305 | }, 1306 | "protocolMappers": [ 1307 | { 1308 | "id": "455e8e91-d872-417b-ba00-e2d0d059f25f", 1309 | "name": "email", 1310 | "protocol": "openid-connect", 1311 | "protocolMapper": "oidc-usermodel-property-mapper", 1312 | "consentRequired": false, 1313 | "config": { 1314 | "userinfo.token.claim": "true", 1315 | "user.attribute": "email", 1316 | "id.token.claim": "true", 1317 | "access.token.claim": "true", 1318 | "claim.name": "email", 1319 | "jsonType.label": "String" 1320 | } 1321 | }, 1322 | { 1323 | "id": "eec5dd83-3d7e-4725-b43c-dc9fb0b4295f", 1324 | "name": "email verified", 1325 | "protocol": "openid-connect", 1326 | "protocolMapper": "oidc-usermodel-property-mapper", 1327 | "consentRequired": false, 1328 | "config": { 1329 | "userinfo.token.claim": "true", 1330 | "user.attribute": "emailVerified", 1331 | "id.token.claim": "true", 1332 | "access.token.claim": "true", 1333 | "claim.name": "email_verified", 1334 | "jsonType.label": "boolean" 1335 | } 1336 | } 1337 | ] 1338 | } 1339 | ], 1340 | "defaultDefaultClientScopes": [ 1341 | "email", 1342 | "role_list", 1343 | "roles", 1344 | "web-origins", 1345 | "profile" 1346 | ], 1347 | "defaultOptionalClientScopes": [ 1348 | "offline_access", 1349 | "address", 1350 | "phone", 1351 | "microprofile-jwt" 1352 | ], 1353 | "browserSecurityHeaders": { 1354 | "contentSecurityPolicyReportOnly": "", 1355 | "xContentTypeOptions": "nosniff", 1356 | "xRobotsTag": "none", 1357 | "xFrameOptions": "SAMEORIGIN", 1358 | "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", 1359 | "xXSSProtection": "1; mode=block", 1360 | "strictTransportSecurity": "max-age=31536000; includeSubDomains" 1361 | }, 1362 | "smtpServer": {}, 1363 | "loginTheme": "czetsuyatech", 1364 | "eventsEnabled": false, 1365 | "eventsListeners": [ 1366 | "jboss-logging" 1367 | ], 1368 | "enabledEventTypes": [], 1369 | "adminEventsEnabled": false, 1370 | "adminEventsDetailsEnabled": false, 1371 | "identityProviders": [], 1372 | "identityProviderMappers": [], 1373 | "components": { 1374 | "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ 1375 | { 1376 | "id": "2b73190e-9835-4439-80ad-2c54be02286c", 1377 | "name": "Allowed Client Scopes", 1378 | "providerId": "allowed-client-templates", 1379 | "subType": "authenticated", 1380 | "subComponents": {}, 1381 | "config": { 1382 | "allow-default-scopes": [ 1383 | "true" 1384 | ] 1385 | } 1386 | }, 1387 | { 1388 | "id": "8c180d0f-c558-4327-bc73-03b6e48c7d14", 1389 | "name": "Trusted Hosts", 1390 | "providerId": "trusted-hosts", 1391 | "subType": "anonymous", 1392 | "subComponents": {}, 1393 | "config": { 1394 | "host-sending-registration-request-must-match": [ 1395 | "true" 1396 | ], 1397 | "client-uris-must-match": [ 1398 | "true" 1399 | ] 1400 | } 1401 | }, 1402 | { 1403 | "id": "818b738a-31a5-4c0d-8927-ed92907d7553", 1404 | "name": "Full Scope Disabled", 1405 | "providerId": "scope", 1406 | "subType": "anonymous", 1407 | "subComponents": {}, 1408 | "config": {} 1409 | }, 1410 | { 1411 | "id": "ce5c58d2-4983-46c1-b644-f9654fde8b8c", 1412 | "name": "Allowed Protocol Mapper Types", 1413 | "providerId": "allowed-protocol-mappers", 1414 | "subType": "authenticated", 1415 | "subComponents": {}, 1416 | "config": { 1417 | "allowed-protocol-mapper-types": [ 1418 | "oidc-sha256-pairwise-sub-mapper", 1419 | "oidc-full-name-mapper", 1420 | "oidc-usermodel-attribute-mapper", 1421 | "oidc-usermodel-property-mapper", 1422 | "saml-user-property-mapper", 1423 | "oidc-address-mapper", 1424 | "saml-role-list-mapper", 1425 | "saml-user-attribute-mapper" 1426 | ] 1427 | } 1428 | }, 1429 | { 1430 | "id": "60d4cd8c-a1cb-4c35-b869-01f06244bacd", 1431 | "name": "Max Clients Limit", 1432 | "providerId": "max-clients", 1433 | "subType": "anonymous", 1434 | "subComponents": {}, 1435 | "config": { 1436 | "max-clients": [ 1437 | "200" 1438 | ] 1439 | } 1440 | }, 1441 | { 1442 | "id": "bfb58157-0147-4290-918b-4b566548c9a2", 1443 | "name": "Consent Required", 1444 | "providerId": "consent-required", 1445 | "subType": "anonymous", 1446 | "subComponents": {}, 1447 | "config": {} 1448 | }, 1449 | { 1450 | "id": "001e7484-f8ce-4f22-b1e5-1bcaf1e5d6f5", 1451 | "name": "Allowed Protocol Mapper Types", 1452 | "providerId": "allowed-protocol-mappers", 1453 | "subType": "anonymous", 1454 | "subComponents": {}, 1455 | "config": { 1456 | "allowed-protocol-mapper-types": [ 1457 | "oidc-sha256-pairwise-sub-mapper", 1458 | "oidc-usermodel-attribute-mapper", 1459 | "saml-user-attribute-mapper", 1460 | "oidc-usermodel-property-mapper", 1461 | "saml-user-property-mapper", 1462 | "oidc-full-name-mapper", 1463 | "saml-role-list-mapper", 1464 | "oidc-address-mapper" 1465 | ] 1466 | } 1467 | }, 1468 | { 1469 | "id": "77d032c6-7761-4099-ae4a-a6bbdc50dfdc", 1470 | "name": "Allowed Client Scopes", 1471 | "providerId": "allowed-client-templates", 1472 | "subType": "anonymous", 1473 | "subComponents": {}, 1474 | "config": { 1475 | "allow-default-scopes": [ 1476 | "true" 1477 | ] 1478 | } 1479 | } 1480 | ], 1481 | "org.keycloak.storage.UserStorageProvider": [ 1482 | { 1483 | "id": "cd5b20e0-1563-481b-b0f5-a73576e34960", 1484 | "name": "ct-keycloak-iam", 1485 | "providerId": "ct-keycloak-iam", 1486 | "subComponents": {}, 1487 | "config": { 1488 | "cachePolicy": [ 1489 | "DEFAULT" 1490 | ], 1491 | "priority": [ 1492 | "0" 1493 | ], 1494 | "enabled": [ 1495 | "true" 1496 | ] 1497 | } 1498 | } 1499 | ], 1500 | "org.keycloak.keys.KeyProvider": [ 1501 | { 1502 | "id": "0187ce3b-894c-4119-a64d-2bce9a7f657e", 1503 | "name": "hmac-generated", 1504 | "providerId": "hmac-generated", 1505 | "subComponents": {}, 1506 | "config": { 1507 | "priority": [ 1508 | "100" 1509 | ], 1510 | "algorithm": [ 1511 | "HS256" 1512 | ] 1513 | } 1514 | }, 1515 | { 1516 | "id": "8364241c-945c-40ed-be6e-aff347d93e39", 1517 | "name": "rsa-enc-generated", 1518 | "providerId": "rsa-enc-generated", 1519 | "subComponents": {}, 1520 | "config": { 1521 | "priority": [ 1522 | "100" 1523 | ], 1524 | "algorithm": [ 1525 | "RSA-OAEP" 1526 | ] 1527 | } 1528 | }, 1529 | { 1530 | "id": "a730dcf5-7919-4063-bc09-db53ed9dc3ed", 1531 | "name": "aes-generated", 1532 | "providerId": "aes-generated", 1533 | "subComponents": {}, 1534 | "config": { 1535 | "priority": [ 1536 | "100" 1537 | ] 1538 | } 1539 | }, 1540 | { 1541 | "id": "cae63acc-2fa7-4f51-9cbc-c218e1164f9c", 1542 | "name": "rsa-generated", 1543 | "providerId": "rsa-generated", 1544 | "subComponents": {}, 1545 | "config": { 1546 | "priority": [ 1547 | "100" 1548 | ] 1549 | } 1550 | } 1551 | ] 1552 | }, 1553 | "internationalizationEnabled": false, 1554 | "supportedLocales": [ 1555 | "" 1556 | ], 1557 | "authenticationFlows": [ 1558 | { 1559 | "id": "9b4e1fa9-ba95-468d-9119-75af555837b4", 1560 | "alias": "Account verification options", 1561 | "description": "Method with which to verity the existing account", 1562 | "providerId": "basic-flow", 1563 | "topLevel": false, 1564 | "builtIn": true, 1565 | "authenticationExecutions": [ 1566 | { 1567 | "authenticator": "idp-email-verification", 1568 | "authenticatorFlow": false, 1569 | "requirement": "ALTERNATIVE", 1570 | "priority": 10, 1571 | "userSetupAllowed": false, 1572 | "autheticatorFlow": false 1573 | }, 1574 | { 1575 | "authenticatorFlow": true, 1576 | "requirement": "ALTERNATIVE", 1577 | "priority": 20, 1578 | "flowAlias": "Verify Existing Account by Re-authentication", 1579 | "userSetupAllowed": false, 1580 | "autheticatorFlow": true 1581 | } 1582 | ] 1583 | }, 1584 | { 1585 | "id": "3398bb46-bae5-44b6-9f6d-fc71e543e4a9", 1586 | "alias": "Authentication Options", 1587 | "description": "Authentication options.", 1588 | "providerId": "basic-flow", 1589 | "topLevel": false, 1590 | "builtIn": true, 1591 | "authenticationExecutions": [ 1592 | { 1593 | "authenticator": "basic-auth", 1594 | "authenticatorFlow": false, 1595 | "requirement": "REQUIRED", 1596 | "priority": 10, 1597 | "userSetupAllowed": false, 1598 | "autheticatorFlow": false 1599 | }, 1600 | { 1601 | "authenticator": "basic-auth-otp", 1602 | "authenticatorFlow": false, 1603 | "requirement": "DISABLED", 1604 | "priority": 20, 1605 | "userSetupAllowed": false, 1606 | "autheticatorFlow": false 1607 | }, 1608 | { 1609 | "authenticator": "auth-spnego", 1610 | "authenticatorFlow": false, 1611 | "requirement": "DISABLED", 1612 | "priority": 30, 1613 | "userSetupAllowed": false, 1614 | "autheticatorFlow": false 1615 | } 1616 | ] 1617 | }, 1618 | { 1619 | "id": "9a909203-24e4-4120-b598-33066c13e890", 1620 | "alias": "Browser - Conditional OTP", 1621 | "description": "Flow to determine if the OTP is required for the authentication", 1622 | "providerId": "basic-flow", 1623 | "topLevel": false, 1624 | "builtIn": true, 1625 | "authenticationExecutions": [ 1626 | { 1627 | "authenticator": "conditional-user-configured", 1628 | "authenticatorFlow": false, 1629 | "requirement": "REQUIRED", 1630 | "priority": 10, 1631 | "userSetupAllowed": false, 1632 | "autheticatorFlow": false 1633 | }, 1634 | { 1635 | "authenticator": "auth-otp-form", 1636 | "authenticatorFlow": false, 1637 | "requirement": "REQUIRED", 1638 | "priority": 20, 1639 | "userSetupAllowed": false, 1640 | "autheticatorFlow": false 1641 | } 1642 | ] 1643 | }, 1644 | { 1645 | "id": "c806c870-0871-44a0-9ba2-23a5ae87bd50", 1646 | "alias": "Direct Grant - Conditional OTP", 1647 | "description": "Flow to determine if the OTP is required for the authentication", 1648 | "providerId": "basic-flow", 1649 | "topLevel": false, 1650 | "builtIn": true, 1651 | "authenticationExecutions": [ 1652 | { 1653 | "authenticator": "conditional-user-configured", 1654 | "authenticatorFlow": false, 1655 | "requirement": "REQUIRED", 1656 | "priority": 10, 1657 | "userSetupAllowed": false, 1658 | "autheticatorFlow": false 1659 | }, 1660 | { 1661 | "authenticator": "direct-grant-validate-otp", 1662 | "authenticatorFlow": false, 1663 | "requirement": "REQUIRED", 1664 | "priority": 20, 1665 | "userSetupAllowed": false, 1666 | "autheticatorFlow": false 1667 | } 1668 | ] 1669 | }, 1670 | { 1671 | "id": "e482bd32-a80b-415e-bfb7-46b6f33559a3", 1672 | "alias": "First broker login - Conditional OTP", 1673 | "description": "Flow to determine if the OTP is required for the authentication", 1674 | "providerId": "basic-flow", 1675 | "topLevel": false, 1676 | "builtIn": true, 1677 | "authenticationExecutions": [ 1678 | { 1679 | "authenticator": "conditional-user-configured", 1680 | "authenticatorFlow": false, 1681 | "requirement": "REQUIRED", 1682 | "priority": 10, 1683 | "userSetupAllowed": false, 1684 | "autheticatorFlow": false 1685 | }, 1686 | { 1687 | "authenticator": "auth-otp-form", 1688 | "authenticatorFlow": false, 1689 | "requirement": "REQUIRED", 1690 | "priority": 20, 1691 | "userSetupAllowed": false, 1692 | "autheticatorFlow": false 1693 | } 1694 | ] 1695 | }, 1696 | { 1697 | "id": "a422b49e-30d4-44eb-986b-2858022623d3", 1698 | "alias": "Handle Existing Account", 1699 | "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", 1700 | "providerId": "basic-flow", 1701 | "topLevel": false, 1702 | "builtIn": true, 1703 | "authenticationExecutions": [ 1704 | { 1705 | "authenticator": "idp-confirm-link", 1706 | "authenticatorFlow": false, 1707 | "requirement": "REQUIRED", 1708 | "priority": 10, 1709 | "userSetupAllowed": false, 1710 | "autheticatorFlow": false 1711 | }, 1712 | { 1713 | "authenticatorFlow": true, 1714 | "requirement": "REQUIRED", 1715 | "priority": 20, 1716 | "flowAlias": "Account verification options", 1717 | "userSetupAllowed": false, 1718 | "autheticatorFlow": true 1719 | } 1720 | ] 1721 | }, 1722 | { 1723 | "id": "5f333e8e-c72f-4373-a51c-709fc1714d27", 1724 | "alias": "Reset - Conditional OTP", 1725 | "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", 1726 | "providerId": "basic-flow", 1727 | "topLevel": false, 1728 | "builtIn": true, 1729 | "authenticationExecutions": [ 1730 | { 1731 | "authenticator": "conditional-user-configured", 1732 | "authenticatorFlow": false, 1733 | "requirement": "REQUIRED", 1734 | "priority": 10, 1735 | "userSetupAllowed": false, 1736 | "autheticatorFlow": false 1737 | }, 1738 | { 1739 | "authenticator": "reset-otp", 1740 | "authenticatorFlow": false, 1741 | "requirement": "REQUIRED", 1742 | "priority": 20, 1743 | "userSetupAllowed": false, 1744 | "autheticatorFlow": false 1745 | } 1746 | ] 1747 | }, 1748 | { 1749 | "id": "f9356cac-1446-4af9-b4cf-e33a4f80d76a", 1750 | "alias": "User creation or linking", 1751 | "description": "Flow for the existing/non-existing user alternatives", 1752 | "providerId": "basic-flow", 1753 | "topLevel": false, 1754 | "builtIn": true, 1755 | "authenticationExecutions": [ 1756 | { 1757 | "authenticatorConfig": "create unique user config", 1758 | "authenticator": "idp-create-user-if-unique", 1759 | "authenticatorFlow": false, 1760 | "requirement": "ALTERNATIVE", 1761 | "priority": 10, 1762 | "userSetupAllowed": false, 1763 | "autheticatorFlow": false 1764 | }, 1765 | { 1766 | "authenticatorFlow": true, 1767 | "requirement": "ALTERNATIVE", 1768 | "priority": 20, 1769 | "flowAlias": "Handle Existing Account", 1770 | "userSetupAllowed": false, 1771 | "autheticatorFlow": true 1772 | } 1773 | ] 1774 | }, 1775 | { 1776 | "id": "570b54b2-66fc-49ab-bc46-e73a4bf4e998", 1777 | "alias": "Verify Existing Account by Re-authentication", 1778 | "description": "Reauthentication of existing account", 1779 | "providerId": "basic-flow", 1780 | "topLevel": false, 1781 | "builtIn": true, 1782 | "authenticationExecutions": [ 1783 | { 1784 | "authenticator": "idp-username-password-form", 1785 | "authenticatorFlow": false, 1786 | "requirement": "REQUIRED", 1787 | "priority": 10, 1788 | "userSetupAllowed": false, 1789 | "autheticatorFlow": false 1790 | }, 1791 | { 1792 | "authenticatorFlow": true, 1793 | "requirement": "CONDITIONAL", 1794 | "priority": 20, 1795 | "flowAlias": "First broker login - Conditional OTP", 1796 | "userSetupAllowed": false, 1797 | "autheticatorFlow": true 1798 | } 1799 | ] 1800 | }, 1801 | { 1802 | "id": "46121e9b-7f07-4a39-b9c6-75a91eac3329", 1803 | "alias": "browser", 1804 | "description": "browser based authentication", 1805 | "providerId": "basic-flow", 1806 | "topLevel": true, 1807 | "builtIn": true, 1808 | "authenticationExecutions": [ 1809 | { 1810 | "authenticator": "auth-cookie", 1811 | "authenticatorFlow": false, 1812 | "requirement": "ALTERNATIVE", 1813 | "priority": 10, 1814 | "userSetupAllowed": false, 1815 | "autheticatorFlow": false 1816 | }, 1817 | { 1818 | "authenticator": "auth-spnego", 1819 | "authenticatorFlow": false, 1820 | "requirement": "DISABLED", 1821 | "priority": 20, 1822 | "userSetupAllowed": false, 1823 | "autheticatorFlow": false 1824 | }, 1825 | { 1826 | "authenticator": "identity-provider-redirector", 1827 | "authenticatorFlow": false, 1828 | "requirement": "ALTERNATIVE", 1829 | "priority": 25, 1830 | "userSetupAllowed": false, 1831 | "autheticatorFlow": false 1832 | }, 1833 | { 1834 | "authenticatorFlow": true, 1835 | "requirement": "ALTERNATIVE", 1836 | "priority": 30, 1837 | "flowAlias": "forms", 1838 | "userSetupAllowed": false, 1839 | "autheticatorFlow": true 1840 | } 1841 | ] 1842 | }, 1843 | { 1844 | "id": "d67e0a28-f720-4fbf-a0f0-0c971b223aaf", 1845 | "alias": "clients", 1846 | "description": "Base authentication for clients", 1847 | "providerId": "client-flow", 1848 | "topLevel": true, 1849 | "builtIn": true, 1850 | "authenticationExecutions": [ 1851 | { 1852 | "authenticator": "client-secret", 1853 | "authenticatorFlow": false, 1854 | "requirement": "ALTERNATIVE", 1855 | "priority": 10, 1856 | "userSetupAllowed": false, 1857 | "autheticatorFlow": false 1858 | }, 1859 | { 1860 | "authenticator": "client-jwt", 1861 | "authenticatorFlow": false, 1862 | "requirement": "ALTERNATIVE", 1863 | "priority": 20, 1864 | "userSetupAllowed": false, 1865 | "autheticatorFlow": false 1866 | }, 1867 | { 1868 | "authenticator": "client-secret-jwt", 1869 | "authenticatorFlow": false, 1870 | "requirement": "ALTERNATIVE", 1871 | "priority": 30, 1872 | "userSetupAllowed": false, 1873 | "autheticatorFlow": false 1874 | }, 1875 | { 1876 | "authenticator": "client-x509", 1877 | "authenticatorFlow": false, 1878 | "requirement": "ALTERNATIVE", 1879 | "priority": 40, 1880 | "userSetupAllowed": false, 1881 | "autheticatorFlow": false 1882 | } 1883 | ] 1884 | }, 1885 | { 1886 | "id": "c6e270e5-f23e-49ab-af98-c2fe385e57b8", 1887 | "alias": "direct grant", 1888 | "description": "OpenID Connect Resource Owner Grant", 1889 | "providerId": "basic-flow", 1890 | "topLevel": true, 1891 | "builtIn": true, 1892 | "authenticationExecutions": [ 1893 | { 1894 | "authenticator": "direct-grant-validate-username", 1895 | "authenticatorFlow": false, 1896 | "requirement": "REQUIRED", 1897 | "priority": 10, 1898 | "userSetupAllowed": false, 1899 | "autheticatorFlow": false 1900 | }, 1901 | { 1902 | "authenticator": "direct-grant-validate-password", 1903 | "authenticatorFlow": false, 1904 | "requirement": "REQUIRED", 1905 | "priority": 20, 1906 | "userSetupAllowed": false, 1907 | "autheticatorFlow": false 1908 | }, 1909 | { 1910 | "authenticatorFlow": true, 1911 | "requirement": "CONDITIONAL", 1912 | "priority": 30, 1913 | "flowAlias": "Direct Grant - Conditional OTP", 1914 | "userSetupAllowed": false, 1915 | "autheticatorFlow": true 1916 | } 1917 | ] 1918 | }, 1919 | { 1920 | "id": "e51ed80c-0991-4f67-a731-ceb4149f8b3d", 1921 | "alias": "docker auth", 1922 | "description": "Used by Docker clients to authenticate against the IDP", 1923 | "providerId": "basic-flow", 1924 | "topLevel": true, 1925 | "builtIn": true, 1926 | "authenticationExecutions": [ 1927 | { 1928 | "authenticator": "docker-http-basic-authenticator", 1929 | "authenticatorFlow": false, 1930 | "requirement": "REQUIRED", 1931 | "priority": 10, 1932 | "userSetupAllowed": false, 1933 | "autheticatorFlow": false 1934 | } 1935 | ] 1936 | }, 1937 | { 1938 | "id": "1f2d153b-f3e4-4832-8f03-d54dba626d8f", 1939 | "alias": "first broker login", 1940 | "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", 1941 | "providerId": "basic-flow", 1942 | "topLevel": true, 1943 | "builtIn": true, 1944 | "authenticationExecutions": [ 1945 | { 1946 | "authenticatorConfig": "review profile config", 1947 | "authenticator": "idp-review-profile", 1948 | "authenticatorFlow": false, 1949 | "requirement": "REQUIRED", 1950 | "priority": 10, 1951 | "userSetupAllowed": false, 1952 | "autheticatorFlow": false 1953 | }, 1954 | { 1955 | "authenticatorFlow": true, 1956 | "requirement": "REQUIRED", 1957 | "priority": 20, 1958 | "flowAlias": "User creation or linking", 1959 | "userSetupAllowed": false, 1960 | "autheticatorFlow": true 1961 | } 1962 | ] 1963 | }, 1964 | { 1965 | "id": "ea39be10-fd68-4e3e-bc62-7ae4061e701a", 1966 | "alias": "forms", 1967 | "description": "Username, password, otp and other auth forms.", 1968 | "providerId": "basic-flow", 1969 | "topLevel": false, 1970 | "builtIn": true, 1971 | "authenticationExecutions": [ 1972 | { 1973 | "authenticator": "auth-username-password-form", 1974 | "authenticatorFlow": false, 1975 | "requirement": "REQUIRED", 1976 | "priority": 10, 1977 | "userSetupAllowed": false, 1978 | "autheticatorFlow": false 1979 | }, 1980 | { 1981 | "authenticatorFlow": true, 1982 | "requirement": "CONDITIONAL", 1983 | "priority": 20, 1984 | "flowAlias": "Browser - Conditional OTP", 1985 | "userSetupAllowed": false, 1986 | "autheticatorFlow": true 1987 | } 1988 | ] 1989 | }, 1990 | { 1991 | "id": "90ed6585-db16-41bc-8cb4-14bc9cf0f289", 1992 | "alias": "http challenge", 1993 | "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", 1994 | "providerId": "basic-flow", 1995 | "topLevel": true, 1996 | "builtIn": true, 1997 | "authenticationExecutions": [ 1998 | { 1999 | "authenticator": "no-cookie-redirect", 2000 | "authenticatorFlow": false, 2001 | "requirement": "REQUIRED", 2002 | "priority": 10, 2003 | "userSetupAllowed": false, 2004 | "autheticatorFlow": false 2005 | }, 2006 | { 2007 | "authenticatorFlow": true, 2008 | "requirement": "REQUIRED", 2009 | "priority": 20, 2010 | "flowAlias": "Authentication Options", 2011 | "userSetupAllowed": false, 2012 | "autheticatorFlow": true 2013 | } 2014 | ] 2015 | }, 2016 | { 2017 | "id": "93b6b12c-3a27-421b-9541-0d17e7dc0a77", 2018 | "alias": "registration", 2019 | "description": "registration flow", 2020 | "providerId": "basic-flow", 2021 | "topLevel": true, 2022 | "builtIn": true, 2023 | "authenticationExecutions": [ 2024 | { 2025 | "authenticator": "registration-page-form", 2026 | "authenticatorFlow": true, 2027 | "requirement": "REQUIRED", 2028 | "priority": 10, 2029 | "flowAlias": "registration form", 2030 | "userSetupAllowed": false, 2031 | "autheticatorFlow": true 2032 | } 2033 | ] 2034 | }, 2035 | { 2036 | "id": "2d979914-4f26-4bf8-b064-82923c104746", 2037 | "alias": "registration form", 2038 | "description": "registration form", 2039 | "providerId": "form-flow", 2040 | "topLevel": false, 2041 | "builtIn": true, 2042 | "authenticationExecutions": [ 2043 | { 2044 | "authenticator": "registration-user-creation", 2045 | "authenticatorFlow": false, 2046 | "requirement": "REQUIRED", 2047 | "priority": 20, 2048 | "userSetupAllowed": false, 2049 | "autheticatorFlow": false 2050 | }, 2051 | { 2052 | "authenticator": "registration-profile-action", 2053 | "authenticatorFlow": false, 2054 | "requirement": "REQUIRED", 2055 | "priority": 40, 2056 | "userSetupAllowed": false, 2057 | "autheticatorFlow": false 2058 | }, 2059 | { 2060 | "authenticator": "registration-password-action", 2061 | "authenticatorFlow": false, 2062 | "requirement": "REQUIRED", 2063 | "priority": 50, 2064 | "userSetupAllowed": false, 2065 | "autheticatorFlow": false 2066 | }, 2067 | { 2068 | "authenticator": "registration-recaptcha-action", 2069 | "authenticatorFlow": false, 2070 | "requirement": "DISABLED", 2071 | "priority": 60, 2072 | "userSetupAllowed": false, 2073 | "autheticatorFlow": false 2074 | } 2075 | ] 2076 | }, 2077 | { 2078 | "id": "e68e1d8e-c94d-41ba-a788-4de5dbadbae4", 2079 | "alias": "reset credentials", 2080 | "description": "Reset credentials for a user if they forgot their password or something", 2081 | "providerId": "basic-flow", 2082 | "topLevel": true, 2083 | "builtIn": true, 2084 | "authenticationExecutions": [ 2085 | { 2086 | "authenticator": "reset-credentials-choose-user", 2087 | "authenticatorFlow": false, 2088 | "requirement": "REQUIRED", 2089 | "priority": 10, 2090 | "userSetupAllowed": false, 2091 | "autheticatorFlow": false 2092 | }, 2093 | { 2094 | "authenticator": "reset-credential-email", 2095 | "authenticatorFlow": false, 2096 | "requirement": "REQUIRED", 2097 | "priority": 20, 2098 | "userSetupAllowed": false, 2099 | "autheticatorFlow": false 2100 | }, 2101 | { 2102 | "authenticator": "reset-password", 2103 | "authenticatorFlow": false, 2104 | "requirement": "REQUIRED", 2105 | "priority": 30, 2106 | "userSetupAllowed": false, 2107 | "autheticatorFlow": false 2108 | }, 2109 | { 2110 | "authenticatorFlow": true, 2111 | "requirement": "CONDITIONAL", 2112 | "priority": 40, 2113 | "flowAlias": "Reset - Conditional OTP", 2114 | "userSetupAllowed": false, 2115 | "autheticatorFlow": true 2116 | } 2117 | ] 2118 | }, 2119 | { 2120 | "id": "e22bc9c7-9bd2-4444-b134-031ddc4c5beb", 2121 | "alias": "saml ecp", 2122 | "description": "SAML ECP Profile Authentication Flow", 2123 | "providerId": "basic-flow", 2124 | "topLevel": true, 2125 | "builtIn": true, 2126 | "authenticationExecutions": [ 2127 | { 2128 | "authenticator": "http-basic-authenticator", 2129 | "authenticatorFlow": false, 2130 | "requirement": "REQUIRED", 2131 | "priority": 10, 2132 | "userSetupAllowed": false, 2133 | "autheticatorFlow": false 2134 | } 2135 | ] 2136 | } 2137 | ], 2138 | "authenticatorConfig": [ 2139 | { 2140 | "id": "8b8eebe5-967b-4d02-866e-267839d78551", 2141 | "alias": "create unique user config", 2142 | "config": { 2143 | "require.password.update.after.registration": "false" 2144 | } 2145 | }, 2146 | { 2147 | "id": "9afd34c1-fe7e-4879-9afe-d5cc55d0e283", 2148 | "alias": "review profile config", 2149 | "config": { 2150 | "update.profile.on.first.login": "missing" 2151 | } 2152 | } 2153 | ], 2154 | "requiredActions": [ 2155 | { 2156 | "alias": "CONFIGURE_TOTP", 2157 | "name": "Configure OTP", 2158 | "providerId": "CONFIGURE_TOTP", 2159 | "enabled": true, 2160 | "defaultAction": false, 2161 | "priority": 10, 2162 | "config": {} 2163 | }, 2164 | { 2165 | "alias": "terms_and_conditions", 2166 | "name": "Terms and Conditions", 2167 | "providerId": "terms_and_conditions", 2168 | "enabled": false, 2169 | "defaultAction": false, 2170 | "priority": 20, 2171 | "config": {} 2172 | }, 2173 | { 2174 | "alias": "UPDATE_PASSWORD", 2175 | "name": "Update Password", 2176 | "providerId": "UPDATE_PASSWORD", 2177 | "enabled": true, 2178 | "defaultAction": false, 2179 | "priority": 30, 2180 | "config": {} 2181 | }, 2182 | { 2183 | "alias": "UPDATE_PROFILE", 2184 | "name": "Update Profile", 2185 | "providerId": "UPDATE_PROFILE", 2186 | "enabled": true, 2187 | "defaultAction": false, 2188 | "priority": 40, 2189 | "config": {} 2190 | }, 2191 | { 2192 | "alias": "VERIFY_EMAIL", 2193 | "name": "Verify Email", 2194 | "providerId": "VERIFY_EMAIL", 2195 | "enabled": true, 2196 | "defaultAction": false, 2197 | "priority": 50, 2198 | "config": {} 2199 | }, 2200 | { 2201 | "alias": "delete_account", 2202 | "name": "Delete Account", 2203 | "providerId": "delete_account", 2204 | "enabled": false, 2205 | "defaultAction": false, 2206 | "priority": 60, 2207 | "config": {} 2208 | }, 2209 | { 2210 | "alias": "update_user_locale", 2211 | "name": "Update User Locale", 2212 | "providerId": "update_user_locale", 2213 | "enabled": true, 2214 | "defaultAction": false, 2215 | "priority": 1000, 2216 | "config": {} 2217 | } 2218 | ], 2219 | "browserFlow": "browser", 2220 | "registrationFlow": "registration", 2221 | "directGrantFlow": "direct grant", 2222 | "resetCredentialsFlow": "reset credentials", 2223 | "clientAuthenticationFlow": "clients", 2224 | "dockerAuthenticationFlow": "docker auth", 2225 | "attributes": { 2226 | "cibaBackchannelTokenDeliveryMode": "poll", 2227 | "cibaExpiresIn": "120", 2228 | "cibaAuthRequestedUserHint": "login_hint", 2229 | "oauth2DeviceCodeLifespan": "600", 2230 | "clientOfflineSessionMaxLifespan": "0", 2231 | "oauth2DevicePollingInterval": "5", 2232 | "clientSessionIdleTimeout": "0", 2233 | "parRequestUriLifespan": "60", 2234 | "clientSessionMaxLifespan": "0", 2235 | "clientOfflineSessionIdleTimeout": "0", 2236 | "cibaInterval": "5" 2237 | }, 2238 | "keycloakVersion": "16.1.1", 2239 | "userManagedAccessAllowed": false, 2240 | "clientProfiles": { 2241 | "profiles": [] 2242 | }, 2243 | "clientPolicies": { 2244 | "policies": [] 2245 | } 2246 | } --------------------------------------------------------------------------------