├── images ├── first_login.png ├── docker_memory.png ├── docker_settings.png ├── keycloak_console.png ├── keycloak_users.png ├── keycloak_registration.png ├── keycloak_user_details.png └── keycloak_user_credentials.png ├── check-ports.sh ├── docker-compose.yml ├── README.md └── realm_properties.json /images/first_login.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/logicahealth/sandbox-community-edition/HEAD/images/first_login.png -------------------------------------------------------------------------------- /images/docker_memory.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/logicahealth/sandbox-community-edition/HEAD/images/docker_memory.png -------------------------------------------------------------------------------- /images/docker_settings.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/logicahealth/sandbox-community-edition/HEAD/images/docker_settings.png -------------------------------------------------------------------------------- /images/keycloak_console.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/logicahealth/sandbox-community-edition/HEAD/images/keycloak_console.png -------------------------------------------------------------------------------- /images/keycloak_users.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/logicahealth/sandbox-community-edition/HEAD/images/keycloak_users.png -------------------------------------------------------------------------------- /images/keycloak_registration.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/logicahealth/sandbox-community-edition/HEAD/images/keycloak_registration.png -------------------------------------------------------------------------------- /images/keycloak_user_details.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/logicahealth/sandbox-community-edition/HEAD/images/keycloak_user_details.png -------------------------------------------------------------------------------- /images/keycloak_user_credentials.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/logicahealth/sandbox-community-edition/HEAD/images/keycloak_user_credentials.png -------------------------------------------------------------------------------- /check-ports.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # check to see if anything is running on required ports 4 | # 5 | for x in 3000 3001 3306 8060 8070 8078 8079 8080 8086 8090 8096 12000; do 6 | lsof -nP -iTCP -sTCP:LISTEN | grep $x 7 | done 8 | -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3" 2 | 3 | volumes: 4 | logica-sandbox-volume: 5 | 6 | services: 7 | 8 | keycloak: 9 | image: sleighzy/keycloak 10 | 11 | volumes: 12 | - "./realm_properties.json:/etc/security/realm_properties.json" 13 | ports: 14 | - "8080:8080" 15 | environment: 16 | - KEYCLOAK_USER=admin 17 | - KEYCLOAK_PASSWORD=admin 18 | - KEYCLOAK_IMPORT=/etc/security/realm_properties.json 19 | command: 20 | [ 21 | "-Djboss.http.port=8080", 22 | "-Dkeycloak.profile.feature.upload_scripts=enabled", 23 | ] 24 | 25 | sandbox-mysql: 26 | image: logicahealth/sandbox-mysql:latest 27 | ports: 28 | - "3306:3306" 29 | volumes: 30 | - logica-sandbox-volume:/var/lib/mysql57 31 | environment: 32 | - MYSQL_PASSWORD=password 33 | - MYSQL_ROOT_PASSWORD=password 34 | command: ['mysqld', '--default-authentication-plugin=mysql_native_password'] 35 | healthcheck: 36 | test: ["CMD-SHELL", "/wait-for-db.sh"] 37 | interval: 10s 38 | timeout: 60s 39 | retries: 50 40 | 41 | sandbox-manager-api: 42 | image: logicahealth/sandbox-manager-api:latest 43 | ports: 44 | - "12000:12000" 45 | environment: 46 | - DB_HOST=sandbox-mysql 47 | - DB_PORT=3306 48 | - DB_NAME=sandman 49 | - DB_USER=root 50 | - DB_PASSWORD=password 51 | - AUTH_HOST=sandbox 52 | - AUTH_PORT=8060 53 | # - API_DSTU2_HOST=dstu2 54 | # - API_STU3_HOST=stu3 55 | - API_R4_HOST=r4 56 | - API_R5_HOST=r5 57 | restart: unless-stopped 58 | depends_on: 59 | - sandbox-mysql 60 | 61 | sandbox: 62 | image: logicahealth/sandbox:latest 63 | ports: 64 | - "3000:3000" 65 | - "3001:3001" 66 | - "8060:8060" 67 | environment: 68 | - AUTH_HOST=sandbox 69 | - AUTH_PORT=8060 70 | - DB_NAME=oic 71 | - DB_HOST=sandbox-mysql 72 | - DB_USER=root 73 | - DB_PASSWORD=password 74 | - SHOW_SQL=true 75 | - API_DSTU2_HOST=dstu2 76 | - API_DSTU2_PORT=8078 77 | - API_STU3_HOST=stu3 78 | - API_STU3_PORT=8079 79 | - API_R4_HOST=r4 80 | - API_R4_PORT=8070 81 | - PATIENT_PICKER_HOST=localhost 82 | - PATIENT_PICKER_PORT=8094 83 | - SANDMAN_API_HOST=sandbox-manager-api 84 | - SANDMAN_API_PORT=12000 85 | - SPRING_PROFILES_ACTIVE=users-keycloak,local 86 | - KEYCLOAK_REALM=Development 87 | - KEYCLOAK_AUTH_SERVER_URL=http://keycloak:8080/auth 88 | - KEYCLOAK_SSL_REQUIRED=none 89 | - KEYCLOAK_CREDENTIALS=593ada9c-b1dc-444f-a2e6-30cc4add8146 90 | - KEYCLOAK_LOGOUT_SUCCESS_URL=http://keycloak:8080/auth/realms/Development/protocol/openid-connect/logout?redirect_uri=http://localhost:3001 91 | - JAVA_OPTS="-agentlib:jdwp=transport=dt_socket,address=5060,server=y,suspend=n" 92 | restart: unless-stopped 93 | depends_on: 94 | - sandbox-mysql 95 | 96 | # dstu2: 97 | # image: logicahealth/api:latest 98 | # ports: 99 | # - "8078:8078" 100 | # environment: 101 | # - SPRING_PROFILES_ACTIVE=dstu2,multitenant 102 | # - API_PORT=8078 103 | # - SANDBOX_NAME=hspc8 104 | # - SBMA_HOST=sandbox-manager-api 105 | # - SBMA_PORT=12000 106 | # - DB_HOST=sandbox-mysql 107 | # - DB_PORT=3306 108 | # - DB_USER=root 109 | # - DB_PASSWORD=password 110 | # - AUTH_HOST=sandbox 111 | # - AUTH_PORT=8060 112 | # - MANIFEST_OVERRIDE=false 113 | # depends_on: 114 | # sandbox-mysql: 115 | # condition: service_healthy 116 | 117 | stu3: 118 | image: logicahealth/api:latest 119 | ports: 120 | - "8079:8079" 121 | environment: 122 | - SPRING_PROFILES_ACTIVE=stu3,multitenant 123 | - API_PORT=8079 124 | - SANDBOX_NAME=hspc9 125 | - SBMA_HOST=sandbox-manager-api 126 | - SBMA_PORT=12000 127 | - DB_HOST=sandbox-mysql 128 | - DB_PORT=3306 129 | - DB_USER=root 130 | - DB_PASSWORD=password 131 | - AUTH_HOST=sandbox 132 | - AUTH_PORT=8060 133 | - MANIFEST_OVERRIDE=false 134 | restart: unless-stopped 135 | depends_on: 136 | - sandbox-mysql 137 | 138 | r4: 139 | image: logicahealth/api:latest 140 | ports: 141 | - "8070:8070" 142 | environment: 143 | - SPRING_PROFILES_ACTIVE=r4,multitenant 144 | - API_PORT=8070 145 | - SANDBOX_NAME=hspc10 146 | - SBMA_HOST=sandbox-manager-api 147 | - SBMA_PORT=12000 148 | - DB_HOST=sandbox-mysql 149 | - DB_PORT=3306 150 | - DB_USER=root 151 | - DB_PASSWORD=password 152 | - AUTH_HOST=sandbox 153 | - AUTH_PORT=8060 154 | - MANIFEST_OVERRIDE=false 155 | restart: unless-stopped 156 | depends_on: 157 | - sandbox-mysql 158 | 159 | r5: 160 | image: logicahealth/api:latest 161 | ports: 162 | - "8071:8071" 163 | environment: 164 | - SPRING_PROFILES_ACTIVE=r5,multitenant 165 | - API_PORT=8071 166 | - SANDBOX_NAME=hspc11 167 | - SBMA_HOST=sandbox-manager-api 168 | - SBMA_PORT=12000 169 | - DB_HOST=sandbox-mysql 170 | - DB_PORT=3306 171 | - DB_USER=root 172 | - DB_PASSWORD=password 173 | - AUTH_HOST=sandbox 174 | - AUTH_PORT=8060 175 | - MANIFEST_OVERRIDE=false 176 | restart: unless-stopped 177 | depends_on: 178 | - sandbox-mysql 179 | 180 | static-content: 181 | image: logicahealth/sandbox-ce-static-content:latest 182 | ports: 183 | - "8090:80" 184 | 185 | bilirubin-risk-chart: 186 | image: logicahealth/bilirubin-risk-chart-app:latest 187 | ports: 188 | - "8086:8086" 189 | 190 | patient-data-manager: 191 | image: logicahealth/patient-data-manager:latest 192 | ports: 193 | - "8096:8096" 194 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Sandbox Community Edition 2 | Repository for the free community edition of the sandbox 3 | 4 | ## Introduction 5 | This document outlines downloading and installing the Logica Sandbox Community Edition and getting it running. It is broken into four sections. An *Overview* section detailing the prerequisites to getting the system running as well as three installation sections… one each for *MacOS*, *Linux*, and *Windows* installations. Versions of the operating systems used and tested and the versions of any tools will be explicitly stated where appropriate. We recognize tools change over time and the content of this document may be out-of-date by the time you read this. We hope to give you enough information to adjust to new versions as needed. Some of the information in this document may seem remedial but we are including it anyway for those who may not be as familiar with the command line and other tools involved in the setup. 6 | 7 | The community edition is currently at HAPI 5.2.0. 8 | 9 | **WARNING:** Follow these instructions VERY carefully. If you miss a step… you will likely get pages and pages of errors. 10 | 11 | ## Overview 12 | Running the sandbox locally on any OS requires the following: 13 | * git 14 | * Docker 15 | * MySQL container 16 | * Keycloak server container 17 | * Sandbox containers 18 | * FHIR server containers 19 | * Application containers 20 | 21 | In the current configuration there will be a total of 11 containers. These containers listen on specific network TCP ports as described in the next section. 22 | 23 | ### Setting up the networking environment on your machine 24 | 25 | The sandbox makes use of the following TCP ports and may conflict with services already running on your system: 26 | * 3000 - EHR Simulator 27 | * 3001 - http (user interface) server 28 | * 3306 - MySQL 5.7 database server 29 | * 8060 - OAuth server 30 | * 8070 - FHIR R4 server 31 | * 8071 - FHIR R5 server 32 | * 8078 - FHIR DSTU2 server 33 | * 8079 - FHIR STU3 server 34 | * 8080 - Keycloak authentication server 35 | * 8086 - Bilirubin Risk Chart sample app 36 | * 8090 - Static content server 37 | * 8096 - Patient Data Manager sample app 38 | * 12000 - Sandbox Manager server 39 | 40 | Stop any current services running on these ports before running the containers. A script to check for anything listening on these ports (`check-ports.sh` and `check-ports.bat`) is included in the community edition. Most conflicts will occur when a developer has something running on one of these ports. For example, if you have a MySQL server running you will likely get a conflict on port 3306. 41 | 42 | **IMPORTANT: (YOU MUST DO THIS!)** The sandbox also uses a number of internal redirects built into the user interface that require the following DNS entries to be added to your operating systems hosts file (/etc/hosts on macOS and linux): 43 | ``` 44 | 127.0.0.1 keycloak 45 | 127.0.0.1 sandbox-mysql 46 | 127.0.0.1 sandbox-manager-api 47 | 127.0.0.1 sandbox 48 | 127.0.0.1 dstu2 49 | 127.0.0.1 stu3 50 | 127.0.0.1 r4 51 | 127.0.0.1 r5 52 | 127.0.0.1 static-content 53 | ``` 54 | **WITHOUT THESE, THE SYSTEM WILL START UP BUT WILL ENTER A REDIRECT LOOP ON LOGIN** These tells the web browser on the local machine that, for example, “http://r4/” will be found listening on the local machine instead of a real domain name over the Internet. 55 | 56 | ## Mac OS Install 57 | 58 | OSX Install (tested under macOS Catalina 10.15.7): 59 | 60 | There are two options to install Docker Desktop. Either install it by going to the website, downloading it, and running the dmg file… or install “homebrew” and then use homebrew to install it. For the minimum… just install Docker Desktop. Homebrew is a package manager for installing all sorts of tools and utilities… but you may not want it. If docker is already installed please skip ahead to setting it up to give the containers enough memory. 61 | 62 | *NOTE:* If you want to install docker using homebrew you’ll find installation instructions in the appendix. 63 | 64 | ### Install Docker Desktop from the Docker website: 65 | 66 | Browse to: https://www.docker.com/products/docker-desktop 67 | Download and run the installer 68 | 69 | ### Configuring Docker Desktop 70 | 71 | Run the Docker Desktop app and set the memory allocation requirements by clicking on the gear in the top right corner of the main dialog… then Resources… then ADVANCED: 72 | ![Docker Settings](./images/docker_settings.png) 73 | 74 | Set Memory to a minimum of 8.00 GB: 75 | ![Docker Memory](./images/docker_memory.png) 76 | Now instances will get the memory they require to run correctly. If you are running into memory issues with the containers this is most likely the culprit. 77 | 78 | The community edition was tested on Docker Desktop v3.1.0 and docker compose version 1.27.4. The docker version may be checked using the About menu option. The docker compose version may be checked using the command ```docker compose -v```. 79 | 80 | ### Download and Install 81 | 1. Clone this project 82 | ```sh 83 | git clone https://github.com/logicahealth/sandbox-community-edition.git 84 | ``` 85 | 2. Change to the new directory 86 | ```sh 87 | cd sandbox-community-edition 88 | ``` 89 | ### Starting the sandbox 90 | Make sure there are no port conflicts by running check-ports.sh. In the same terminal window or another terminal window run the following: 91 | ```sh 92 | docker compose up 93 | ``` 94 | 95 | This will start the services for the sandbox. At first, you will see something like the following 96 | 97 | ```sh 98 | Creating network "sandbox-community-edition_default" with the default driver 99 | Creating sandbox-community-edition_sandbox-mysql_1 ... done 100 | Creating sandbox-community-edition_keycloak_1 ... done 101 | Creating sandbox-community-edition_bilirubin-risk-chart_1 ... done 102 | Creating sandbox-community-edition_static-content_1 ... done 103 | Creating sandbox-community-edition_patient-data-manager_1 ... done 104 | ``` 105 | The output will stay unchanged while the database is being seeded. After the database seeding is completed, you will see other services that depend on the database start up. Images for the containers will be downloaded from docker hub. This process may take a while the first time and produce a lot of logging output. Wait until the logging output stops. 106 | 107 | To check if things are running open another terminal window and run: 108 | ```sh 109 | docker compose ps 110 | ``` 111 | 112 | You should see output like this showing the running instances and the ports they are listening on. All the states should say “Up”: 113 | ``` 114 | Name Command State Ports 115 | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 116 | sandbox-community-edition_bilirubin-risk-chart_1 docker-entrypoint.sh npm r ... Up 0.0.0.0:8086->8086/tcp 117 | sandbox-community-edition_dstu2_1 sh -c java $JAVA_OPTS -jar ... Up 0.0.0.0:8078->8078/tcp 118 | sandbox-community-edition_keycloak_1 /opt/jboss/tools/docker-en ... Up 0.0.0.0:8080->8080/tcp, 8443/tcp 119 | sandbox-community-edition_patient-data-manager_1 docker-entrypoint.sh npm r ... Up 0.0.0.0:8096->8096/tcp 120 | sandbox-community-edition_r4_1 sh -c java $JAVA_OPTS -jar ... Up 0.0.0.0:8070->8070/tcp 121 | sandbox-community-edition_r5_1 sh -c java $JAVA_OPTS -jar ... Up 0.0.0.0:8071->8071/tcp 122 | sandbox-community-edition_sandbox-manager-api_1 sh -c java $JAVA_OPTS -jar ... Up 0.0.0.0:12000->12000/tcp 123 | sandbox-community-edition_sandbox-mysql_1 docker-entrypoint.sh mysqld Up (healthy) 0.0.0.0:3306->3306/tcp, 33060/tcp 124 | sandbox-community-edition_sandbox_1 /bin/sh -c sh start.sh Up 0.0.0.0:3000->3000/tcp, 0.0.0.0:3001->3001/tcp, 0.0.0.0:8060->8060/tcp 125 | sandbox-community-edition_static-content_1 /docker-entrypoint.sh ngin ... Up 0.0.0.0:8090->80/tcp 126 | sandbox-community-edition_stu3_1 sh -c java $JAVA_OPTS -jar ... Up 0.0.0.0:8079->8079/tcp 127 | ``` 128 | 129 | In a web browser (preferably Chrome) go to http://sandbox:3001. You should see a Keycloak login screen like the following. Click on register and fill in your details. 130 | ![Keycloak registration](./images/keycloak_registration.png) 131 | You will be able to use this username and password to login to the sandbox from now on whenever you run it. 132 | 133 | *NOTE:* If you ever lose or forget this password, look in the appendices to find out how to reset it. 134 | After logging in, you should see the following screen with no sandboxes. Click the NEW SANDBOX button to create a sandbox. 135 | 136 | After you have created a sandbox you will see it listed: 137 | ![First Login](./images/first_login.png) 138 | 139 | ### Starting and stopping the sandbox 140 | To start the services 141 | ```sh 142 | docker compose up 143 | ``` 144 | In another terminal window show the running services 145 | ```sh 146 | docker compose ps 147 | ``` 148 | Run the `check-ports.sh` shell script to see the services listening on ports. If you get an error saying permission is denied, then run the command `chmod +x check-ports.sh`. 149 | ``` 150 | com.docke 811 gopalmenon 91u IPv6 0xf1b6ae35fee19aa7 0t0 TCP *:3000 (LISTEN) 151 | com.docke 811 gopalmenon 92u IPv6 0xf1b6ae35fee18de7 0t0 TCP *:3001 (LISTEN) 152 | com.docke 811 gopalmenon 82u IPv6 0xf1b6ae3606694aa7 0t0 TCP *:3306 (LISTEN) 153 | com.docke 811 gopalmenon 94u IPv6 0xf1b6ae35fee19447 0t0 TCP *:8060 (LISTEN) 154 | com.docke 811 gopalmenon 89u IPv6 0xf1b6ae3608c46447 0t0 TCP *:8070 (LISTEN) 155 | com.docke 811 gopalmenon 88u IPv6 0xf1b6ae3608c46aa7 0t0 TCP *:8078 (LISTEN) 156 | com.docke 811 gopalmenon 87u IPv6 0xf1b6ae35fd26cde7 0t0 TCP *:8079 (LISTEN) 157 | com.docke 811 gopalmenon 85u IPv6 0xf1b6ae360bfaeaa7 0t0 TCP *:8080 (LISTEN) 158 | com.docke 811 gopalmenon 83u IPv6 0xf1b6ae3606695767 0t0 TCP *:8086 (LISTEN) 159 | com.docke 811 gopalmenon 84u IPv6 0xf1b6ae3609554767 0t0 TCP *:8090 (LISTEN) 160 | com.docke 811 gopalmenon 81u IPv6 0xf1b6ae3623986aa7 0t0 TCP *:8096 (LISTEN) 161 | com.docke 811 gopalmenon 90u IPv6 0xf1b6ae3608c45de7 0t0 TCP *:12000 (LISTEN) 162 | ``` 163 | Use the following command to stop the services. 164 | ```sh 165 | docker compose stop 166 | ``` 167 | You will see something like this as the containers are stopped: 168 | ``` 169 | Stopping sandbox-community-edition_sandbox_1 ... done 170 | Stopping sandbox-community-edition_sandbox-manager-api_1 ... done 171 | Stopping sandbox-community-edition_r4_1 ... done 172 | Stopping sandbox-community-edition_stu3_1 ... done 173 | Stopping sandbox-community-edition_r5_1 ... done 174 | Stopping sandbox-community-edition_dstu2_1 ... done 175 | Stopping sandbox-community-edition_keycloak_1 ... done 176 | Stopping sandbox-community-edition_patient-data-manager_1 ... done 177 | Stopping sandbox-community-edition_static-content_1 ... done 178 | Stopping sandbox-community-edition_bilirubin-risk-chart_1 ... done 179 | Stopping sandbox-community-edition_sandbox-mysql_1 ... done 180 | ``` 181 | 182 | If you run the `check-ports.sh` shell script… you will see no output once the containers are stopped. 183 | 184 | Running `docker compose ps` will show something like the following: 185 | ``` 186 | Name Command State Ports 187 | ---------------------------------------------------------------------------------------------------- 188 | sandbox-community-edition_bilirubin-risk-chart_1 docker-entrypoint.sh npm r ... Exit 0 189 | sandbox-community-edition_dstu2_1 sh -c java $JAVA_OPTS -jar ... Exit 137 190 | sandbox-community-edition_keycloak_1 /opt/jboss/tools/docker-en ... Exit 0 191 | sandbox-community-edition_patient-data-manager_1 docker-entrypoint.sh npm r ... Exit 0 192 | sandbox-community-edition_r4_1 sh -c java $JAVA_OPTS -jar ... Exit 137 193 | sandbox-community-edition_r5_1 sh -c java $JAVA_OPTS -jar ... Exit 137 194 | sandbox-community-edition_sandbox-manager-api_1 sh -c java $JAVA_OPTS -jar ... Exit 137 195 | sandbox-community-edition_sandbox-mysql_1 docker-entrypoint.sh mysqld Exit 0 196 | sandbox-community-edition_sandbox_1 /bin/sh -c sh start.sh Exit 137 197 | sandbox-community-edition_static-content_1 /docker-entrypoint.sh ngin ... Exit 0 198 | sandbox-community-edition_stu3_1 sh -c java $JAVA_OPTS -jar ... Exit 137 199 | ``` 200 | ## Linux Install 201 | Install Docker for your distribution of Linux. The community edition was tested on docker compose version 1.26.0. The docker compose version may be checked using the command ```docker compose -v```. 202 | 203 | 1. Clone this project 204 | ```sh 205 | git clone https://github.com/logicahealth/sandbox-community-edition.git 206 | ``` 207 | 2. Change to the new directory 208 | ```sh 209 | cd sandbox-community-edition 210 | ``` 211 | 3. Add the following rows to the file /etc/hosts using a text editor 212 | ``` 213 | 127.0.0.1 keycloak 214 | 127.0.0.1 sandbox-mysql 215 | 127.0.0.1 sandbox-manager-api 216 | 127.0.0.1 sandbox 217 | 127.0.0.1 dstu2 218 | 127.0.0.1 stu3 219 | 127.0.0.1 r4 220 | 127.0.0.1 r5 221 | 127.0.0.1 static-content 222 | ``` 223 | 224 | Here is an example of using nano to edit `/etc/hosts` 225 | 226 | ```sh 227 | sudo nano /etc/hosts 228 | ``` 229 | 4. Start the database seeding by running the following command 230 | ```sh 231 | sudo docker compose up -d sandbox-mysql 232 | ``` 233 | 5. Run the following command to see a list of docker processes that are running. 234 | ```sh 235 | sudo docker compose ps 236 | ``` 237 | You should see something similar to the screen print below showing the database starting up. 238 | ``` 239 | Name Command State Ports 240 | ----------------------------------------------------------------------------------------------------------------------------------- 241 | sandbox-community-edition_sandbox-mysql_1   docker-entrypoint.sh mysqld   Up (health: starting)   0.0.0.0:3306->3306/tcp, 33060/tcp 242 | ``` 243 | Run the command to see the status of the process. Before changing state to healthy, the process status will be as shown below. 244 | ``` 245 | Name Command State Ports 246 | ----------------------------------------------------------------------------------------------------------------------------------- 247 | sandbox-community-edition_sandbox-mysql_1   docker-entrypoint.sh mysqld   Up (unhealthy)   0.0.0.0:3306->3306/tcp, 33060/tcp 248 | ``` 249 | Wait until the process shows up as healthy as shown below. You will need to check by running the command to list out the docker processes. 250 | ``` 251 | Name Command State Ports 252 | ----------------------------------------------------------------------------------------------------------------------------------- 253 | sandbox-community-edition_sandbox-mysql_1   docker-entrypoint.sh mysqld   Up (healthy)   0.0.0.0:3306->3306/tcp, 33060/tcp 254 | ``` 255 | 6. Run the following command to bring up the rest of the processes for the sandbox. 256 | ``` 257 | sudo docker compose up 258 | ``` 259 | 7. List out the processes and you should see something like the following. 260 | ``` 261 | Name Command State Ports 262 | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 263 | sandbox-community-edition_bilirubin-risk-chart_1 docker-entrypoint.sh npm r ... Up 0.0.0.0:8086->8086/tcp 264 | sandbox-community-edition_dstu2_1 sh -c java $JAVA_OPTS -jar ... Up 0.0.0.0:8078->8078/tcp 265 | sandbox-community-edition_keycloak_1 /opt/jboss/tools/docker-en ... Up 0.0.0.0:8080->8080/tcp, 8443/tcp 266 | sandbox-community-edition_patient-data-manager_1 docker-entrypoint.sh npm r ... Up 0.0.0.0:8096->8096/tcp 267 | sandbox-community-edition_r4_1 sh -c java $JAVA_OPTS -jar ... Up 0.0.0.0:8070->8070/tcp 268 | sandbox-community-edition_r5_1 sh -c java $JAVA_OPTS -jar ... Up 0.0.0.0:8071->8071/tcp 269 | sandbox-community-edition_sandbox-manager-api_1 sh -c java $JAVA_OPTS -jar ... Up 0.0.0.0:12000->12000/tcp 270 | sandbox-community-edition_sandbox-mysql_1 docker-entrypoint.sh mysqld Up (healthy) 0.0.0.0:3306->3306/tcp, 33060/tcp 271 | sandbox-community-edition_sandbox_1 /bin/sh -c sh start.sh Up 0.0.0.0:3000->3000/tcp, 0.0.0.0:3001->3001/tcp, 0.0.0.0:8060->8060/tcp 272 | sandbox-community-edition_static-content_1 /docker-entrypoint.sh ngin ... Up 0.0.0.0:8090->80/tcp 273 | sandbox-community-edition_stu3_1 sh -c java $JAVA_OPTS -jar ... Up 0.0.0.0:8079->8079/tcp 274 | ``` 275 | 8. Go to http://sandbox:3001 on a browser to go to the sandbox. You will need to register the first time you are there. Save your user and password information. 276 | 9. To stop the sandbox 277 | ```sh 278 | sudo docker compose stop 279 | ``` 280 | ### Running the sandbox on Linux 281 | 1. After the install, run the following command to start the sandbox 282 | ``` 283 | sudo docker compose up 284 | ``` 285 | 2. Run this to stop the sandbox 286 | ``` 287 | sudo docker compose stop 288 | ``` 289 | ## Windows Install 290 | 291 | Windows Install (tested under Windows 10): 292 | 293 | ### Install Docker Desktop from the Docker website: 294 | 295 | Browse to: https://www.docker.com/products/docker-desktop 296 | Download and run the installer 297 | 298 | The community edition was tested on Docker Desktop v3.1.0 and docker compose version 1.27.4. The docker version may be checked using the About menu option. The docker compose version may be checked using the command ```docker compose -v```. 299 | 300 | ### Download and Install 301 | 302 | The command line instructions below should be executed in a console with administrative privileges ("Run as Administrator"). 303 | 304 | 1. Clone this project 305 | ``` 306 | git clone https://github.com/logicahealth/sandbox-community-edition.git 307 | ``` 308 | 2. Change to the new directory 309 | ``` 310 | cd sandbox-community-edition 311 | ``` 312 | 3. Add the following rows to the file `C:\Windows\System32\drivers\etc\hosts` using a text editor with administrative priviles 313 | ``` 314 | 127.0.0.1 keycloak 315 | 127.0.0.1 sandbox-mysql 316 | 127.0.0.1 sandbox-manager-api 317 | 127.0.0.1 sandbox 318 | 127.0.0.1 dstu2 319 | 127.0.0.1 stu3 320 | 127.0.0.1 r4 321 | 127.0.0.1 r5 322 | 127.0.0.1 static-content 323 | ``` 324 | 325 | *Note:* Restart Docker Desktop after saving the changes above to make sure that it picks up the host substitutions. 326 | 4. Start the database seeding by running the following command 327 | ``` 328 | docker compose up -d sandbox-mysql 329 | ``` 330 | 5. Run the following command to see a list of docker processes that are running. 331 | ``` 332 | docker compose ps 333 | ``` 334 | You should see something similar to the screen print below showing the database starting up. 335 | ``` 336 | Name Command State Ports 337 | ----------------------------------------------------------------------------------------------------------------------------------- 338 | sandbox-community-edition_sandbox-mysql_1   docker-entrypoint.sh mysqld   Up (health: starting)   0.0.0.0:3306->3306/tcp, 33060/tcp 339 | ``` 340 | Run the command to see the status of the process. Before changing state to healthy, the process status will be as shown below. 341 | ``` 342 | Name Command State Ports 343 | ----------------------------------------------------------------------------------------------------------------------------------- 344 | sandbox-community-edition_sandbox-mysql_1   docker-entrypoint.sh mysqld   Up (unhealthy)   0.0.0.0:3306->3306/tcp, 33060/tcp 345 | ``` 346 | Wait until the process shows up as healthy as shown below. You will need to check by running the command to list out the docker processes. 347 | ``` 348 | Name Command State Ports 349 | ----------------------------------------------------------------------------------------------------------------------------------- 350 | sandbox-community-edition_sandbox-mysql_1   docker-entrypoint.sh mysqld   Up (healthy)   0.0.0.0:3306->3306/tcp, 33060/tcp 351 | ``` 352 | 6. Run the following command to bring up the rest of the processes for the sandbox. 353 | ``` 354 | docker compose up 355 | ``` 356 | 357 | *Note:* Wait a couple minutes for the containers to stabilize before proceeding (when they stop producing startup output in the cosole log) 358 | 7. List out the processes and you should see something like the following. 359 | ``` 360 | Name Command State Ports 361 | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 362 | sandbox-community-edition_bilirubin-risk-chart_1 docker-entrypoint.sh npm r ... Up 0.0.0.0:8086->8086/tcp 363 | sandbox-community-edition_dstu2_1 sh -c java $JAVA_OPTS -jar ... Up 0.0.0.0:8078->8078/tcp 364 | sandbox-community-edition_keycloak_1 /opt/jboss/tools/docker-en ... Up 0.0.0.0:8080->8080/tcp, 8443/tcp 365 | sandbox-community-edition_patient-data-manager_1 docker-entrypoint.sh npm r ... Up 0.0.0.0:8096->8096/tcp 366 | sandbox-community-edition_r4_1 sh -c java $JAVA_OPTS -jar ... Up 0.0.0.0:8070->8070/tcp 367 | sandbox-community-edition_r5_1 sh -c java $JAVA_OPTS -jar ... Up 0.0.0.0:8071->8071/tcp 368 | sandbox-community-edition_sandbox-manager-api_1 sh -c java $JAVA_OPTS -jar ... Up 0.0.0.0:12000->12000/tcp 369 | sandbox-community-edition_sandbox-mysql_1 docker-entrypoint.sh mysqld Up (healthy) 0.0.0.0:3306->3306/tcp, 33060/tcp 370 | sandbox-community-edition_sandbox_1 /bin/sh -c sh start.sh Up 0.0.0.0:3000->3000/tcp, 0.0.0.0:3001->3001/tcp, 0.0.0.0:8060->8060/tcp 371 | sandbox-community-edition_static-content_1 /docker-entrypoint.sh ngin ... Up 0.0.0.0:8090->80/tcp 372 | sandbox-community-edition_stu3_1 sh -c java $JAVA_OPTS -jar ... Up 0.0.0.0:8079->8079/tcp 373 | ``` 374 | 8. Go to http://sandbox:3001 on a browser to go to the sandbox. You will need to register the first time you are there. Save your user and password information. 375 | 9. To stop the sandbox 376 | ``` 377 | docker compose stop 378 | ``` 379 | ### Running the sandbox on Windows 380 | 1. After the install, run the following command to start the sandbox 381 | ``` 382 | docker compose up 383 | ``` 384 | 2. Run this to stop the sandbox 385 | ``` 386 | docker compose stop 387 | ``` 388 | 389 | ## FAQ 390 | ### Something is listening on a port, and I don’t know how to kill it 391 | *TODO* 392 | 393 | ### Lost or forgotten password 394 | 395 | If you do not remember your username or password, you will need to go to the Keycloak server and login as an administrator. Go to http://keycloak:8080 on a browser and you will see the following screen. 396 | ![Keycloak Console](./images/keycloak_console.png) 397 | 398 | Click on Administration Console and login with user `admin` and password `admin`. 399 | 400 | Now click on Users and View all users. 401 | ![Keycloak Users](./images/keycloak_users.png) 402 | 403 | Click on the ID of your user and you will be able to see the username you need to login. 404 | ![Keycloak User Details](./images/keycloak_user_details.png) 405 | 406 | To reset your password, go to the Credentials tab. 407 | ![Keycloak User Credentials](./images/keycloak_user_credentials.png) 408 | Key in your new preferred password into Password and Password Confirmation. Toggle the Temporary setting to OFF. Click on Reset Password and press Reset password on the confirmation screen that pops up asking if you are sure. Now you can logoff as Keycloak administrator by clicking on the Admin drop down on the top right. 409 | 410 | Go http://sandbox:3001 and login with your new password. 411 | 412 | 413 | ### Containers won’t start up 414 | *TODO* 415 | 416 | ### How do I install homebrew 417 | 418 | Homebrew is a package manager for macOS and Linux. It turns out macOS comes with a minimal and fairly outdated set of command line tools… and no easy way to update and manage new versions. This provides a stable enough base for macOS. However, anyone who lives/eats/breathes command line… or is curious about all things UNIX… will want more. Installing Homebrew gives easy access to thousands of command line tools… and also regular macOS applications… like Docker Desktop. 419 | 420 | #### Install homebrew 421 | For information about Homebrew browse to https://brew.sh 422 | To just skip to the chase and get it done, open a terminal and cut and paste the following commands and hit return: 423 | This command will install homebrew: 424 | ```sh 425 | /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" 426 | ``` 427 | 428 | This command will install docker: 429 | ```sh 430 | brew install --cask docker-toolbox 431 | ``` 432 | This command will install a VERY handy tool called curl: 433 | ```sh 434 | brew install curl 435 | ``` 436 | 437 | ### Memory issues: 438 | 439 | If you are running into memory issues with the containers you need to double check you have allocated enough memory in Docker Desktop for the containers. 440 | -------------------------------------------------------------------------------- /realm_properties.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "Development", 3 | "realm": "Development", 4 | "notBefore": 0, 5 | "revokeRefreshToken": false, 6 | "refreshTokenMaxReuse": 0, 7 | "accessTokenLifespan": 300, 8 | "accessTokenLifespanForImplicitFlow": 900, 9 | "ssoSessionIdleTimeout": 1800, 10 | "ssoSessionMaxLifespan": 36000, 11 | "ssoSessionIdleTimeoutRememberMe": 0, 12 | "ssoSessionMaxLifespanRememberMe": 0, 13 | "offlineSessionIdleTimeout": 2592000, 14 | "offlineSessionMaxLifespanEnabled": false, 15 | "offlineSessionMaxLifespan": 5184000, 16 | "clientSessionIdleTimeout": 0, 17 | "clientSessionMaxLifespan": 0, 18 | "clientOfflineSessionIdleTimeout": 0, 19 | "clientOfflineSessionMaxLifespan": 0, 20 | "accessCodeLifespan": 60, 21 | "accessCodeLifespanUserAction": 300, 22 | "accessCodeLifespanLogin": 1800, 23 | "actionTokenGeneratedByAdminLifespan": 43200, 24 | "actionTokenGeneratedByUserLifespan": 300, 25 | "enabled": true, 26 | "sslRequired": "external", 27 | "registrationAllowed": true, 28 | "registrationEmailAsUsername": false, 29 | "rememberMe": false, 30 | "verifyEmail": false, 31 | "loginWithEmailAllowed": true, 32 | "duplicateEmailsAllowed": false, 33 | "resetPasswordAllowed": false, 34 | "editUsernameAllowed": false, 35 | "bruteForceProtected": false, 36 | "permanentLockout": false, 37 | "maxFailureWaitSeconds": 900, 38 | "minimumQuickLoginWaitSeconds": 60, 39 | "waitIncrementSeconds": 60, 40 | "quickLoginCheckMilliSeconds": 1000, 41 | "maxDeltaTimeSeconds": 43200, 42 | "failureFactor": 30, 43 | "roles": { 44 | "realm": [ 45 | { 46 | "id": "1324059c-3d33-4ace-a54f-7a67c19f183d", 47 | "name": "member", 48 | "composite": false, 49 | "clientRole": false, 50 | "containerId": "Development", 51 | "attributes": {} 52 | }, 53 | { 54 | "id": "c3170e3a-fb05-42ce-b5b9-1d566d267812", 55 | "name": "uma_authorization", 56 | "description": "${role_uma_authorization}", 57 | "composite": false, 58 | "clientRole": false, 59 | "containerId": "Development", 60 | "attributes": {} 61 | }, 62 | { 63 | "id": "2e5d968f-7722-4a13-a0e7-df5a287dd871", 64 | "name": "offline_access", 65 | "description": "${role_offline-access}", 66 | "composite": false, 67 | "clientRole": false, 68 | "containerId": "Development", 69 | "attributes": {} 70 | } 71 | ], 72 | "client": { 73 | "realm-management": [ 74 | { 75 | "id": "95a9de72-237d-4b27-ae6e-41e284136b0c", 76 | "name": "manage-identity-providers", 77 | "description": "${role_manage-identity-providers}", 78 | "composite": false, 79 | "clientRole": true, 80 | "containerId": "962df3c7-34b6-49a6-977b-21e820d49d65", 81 | "attributes": {} 82 | }, 83 | { 84 | "id": "e6bb0f6e-3117-4457-8cf7-2dcecee5840c", 85 | "name": "manage-users", 86 | "description": "${role_manage-users}", 87 | "composite": false, 88 | "clientRole": true, 89 | "containerId": "962df3c7-34b6-49a6-977b-21e820d49d65", 90 | "attributes": {} 91 | }, 92 | { 93 | "id": "8a7fd67f-a72e-4ad4-9a59-ae62c3047dfe", 94 | "name": "query-users", 95 | "description": "${role_query-users}", 96 | "composite": false, 97 | "clientRole": true, 98 | "containerId": "962df3c7-34b6-49a6-977b-21e820d49d65", 99 | "attributes": {} 100 | }, 101 | { 102 | "id": "791e1da8-6009-45ed-8354-1a1d7c50c9db", 103 | "name": "realm-admin", 104 | "description": "${role_realm-admin}", 105 | "composite": true, 106 | "composites": { 107 | "client": { 108 | "realm-management": [ 109 | "manage-identity-providers", 110 | "manage-users", 111 | "query-users", 112 | "view-events", 113 | "view-clients", 114 | "manage-events", 115 | "view-users", 116 | "impersonation", 117 | "query-realms", 118 | "view-identity-providers", 119 | "query-groups", 120 | "create-client", 121 | "query-clients", 122 | "view-authorization", 123 | "manage-authorization", 124 | "manage-clients", 125 | "view-realm", 126 | "manage-realm" 127 | ] 128 | } 129 | }, 130 | "clientRole": true, 131 | "containerId": "962df3c7-34b6-49a6-977b-21e820d49d65", 132 | "attributes": {} 133 | }, 134 | { 135 | "id": "180f36f7-3a67-44cb-a947-0b121f01323e", 136 | "name": "view-events", 137 | "description": "${role_view-events}", 138 | "composite": false, 139 | "clientRole": true, 140 | "containerId": "962df3c7-34b6-49a6-977b-21e820d49d65", 141 | "attributes": {} 142 | }, 143 | { 144 | "id": "6b39aef1-6453-4249-8dec-0f94eff882f5", 145 | "name": "view-clients", 146 | "description": "${role_view-clients}", 147 | "composite": true, 148 | "composites": { 149 | "client": { 150 | "realm-management": [ 151 | "query-clients" 152 | ] 153 | } 154 | }, 155 | "clientRole": true, 156 | "containerId": "962df3c7-34b6-49a6-977b-21e820d49d65", 157 | "attributes": {} 158 | }, 159 | { 160 | "id": "e4f651a0-cb0a-4661-965c-59227575a05c", 161 | "name": "manage-events", 162 | "description": "${role_manage-events}", 163 | "composite": false, 164 | "clientRole": true, 165 | "containerId": "962df3c7-34b6-49a6-977b-21e820d49d65", 166 | "attributes": {} 167 | }, 168 | { 169 | "id": "a121aab4-b9a8-4d77-afc4-497c395237b6", 170 | "name": "view-users", 171 | "description": "${role_view-users}", 172 | "composite": true, 173 | "composites": { 174 | "client": { 175 | "realm-management": [ 176 | "query-groups", 177 | "query-users" 178 | ] 179 | } 180 | }, 181 | "clientRole": true, 182 | "containerId": "962df3c7-34b6-49a6-977b-21e820d49d65", 183 | "attributes": {} 184 | }, 185 | { 186 | "id": "7df80110-a5ec-4683-92c3-9c9d82733b64", 187 | "name": "impersonation", 188 | "description": "${role_impersonation}", 189 | "composite": false, 190 | "clientRole": true, 191 | "containerId": "962df3c7-34b6-49a6-977b-21e820d49d65", 192 | "attributes": {} 193 | }, 194 | { 195 | "id": "77282cdc-9fd6-4a3f-a060-a6dbac681b73", 196 | "name": "query-realms", 197 | "description": "${role_query-realms}", 198 | "composite": false, 199 | "clientRole": true, 200 | "containerId": "962df3c7-34b6-49a6-977b-21e820d49d65", 201 | "attributes": {} 202 | }, 203 | { 204 | "id": "afa8be55-f28b-45c2-9d35-6a3027980ba3", 205 | "name": "view-identity-providers", 206 | "description": "${role_view-identity-providers}", 207 | "composite": false, 208 | "clientRole": true, 209 | "containerId": "962df3c7-34b6-49a6-977b-21e820d49d65", 210 | "attributes": {} 211 | }, 212 | { 213 | "id": "2255c746-9015-4391-98e0-cfbd76827b2a", 214 | "name": "query-groups", 215 | "description": "${role_query-groups}", 216 | "composite": false, 217 | "clientRole": true, 218 | "containerId": "962df3c7-34b6-49a6-977b-21e820d49d65", 219 | "attributes": {} 220 | }, 221 | { 222 | "id": "9b8c0cb4-0d33-4d54-94df-2efc4f127598", 223 | "name": "create-client", 224 | "description": "${role_create-client}", 225 | "composite": false, 226 | "clientRole": true, 227 | "containerId": "962df3c7-34b6-49a6-977b-21e820d49d65", 228 | "attributes": {} 229 | }, 230 | { 231 | "id": "c42e08f5-b4f0-43c0-a110-487aca1395d1", 232 | "name": "query-clients", 233 | "description": "${role_query-clients}", 234 | "composite": false, 235 | "clientRole": true, 236 | "containerId": "962df3c7-34b6-49a6-977b-21e820d49d65", 237 | "attributes": {} 238 | }, 239 | { 240 | "id": "89145fe2-eff6-47a2-97bf-6e9c3cbddcc6", 241 | "name": "view-authorization", 242 | "description": "${role_view-authorization}", 243 | "composite": false, 244 | "clientRole": true, 245 | "containerId": "962df3c7-34b6-49a6-977b-21e820d49d65", 246 | "attributes": {} 247 | }, 248 | { 249 | "id": "ba4b5515-bfeb-42e9-a972-3dff914a25f3", 250 | "name": "manage-authorization", 251 | "description": "${role_manage-authorization}", 252 | "composite": false, 253 | "clientRole": true, 254 | "containerId": "962df3c7-34b6-49a6-977b-21e820d49d65", 255 | "attributes": {} 256 | }, 257 | { 258 | "id": "dca756a5-789e-49d0-b21f-b21ff28cd71a", 259 | "name": "manage-clients", 260 | "description": "${role_manage-clients}", 261 | "composite": false, 262 | "clientRole": true, 263 | "containerId": "962df3c7-34b6-49a6-977b-21e820d49d65", 264 | "attributes": {} 265 | }, 266 | { 267 | "id": "76207671-9f20-4acd-b29b-9dad3c06460a", 268 | "name": "view-realm", 269 | "description": "${role_view-realm}", 270 | "composite": false, 271 | "clientRole": true, 272 | "containerId": "962df3c7-34b6-49a6-977b-21e820d49d65", 273 | "attributes": {} 274 | }, 275 | { 276 | "id": "f8387623-e50c-4dda-b6f5-dcab77dad435", 277 | "name": "manage-realm", 278 | "description": "${role_manage-realm}", 279 | "composite": false, 280 | "clientRole": true, 281 | "containerId": "962df3c7-34b6-49a6-977b-21e820d49d65", 282 | "attributes": {} 283 | } 284 | ], 285 | "security-admin-console": [], 286 | "admin-cli": [], 287 | "account-console": [], 288 | "broker": [ 289 | { 290 | "id": "3e78a9af-c994-49a0-9f76-c06eae3e0786", 291 | "name": "read-token", 292 | "description": "${role_read-token}", 293 | "composite": false, 294 | "clientRole": true, 295 | "containerId": "1c9d5dae-f3d0-4f17-94ef-6b8a8f481c06", 296 | "attributes": {} 297 | } 298 | ], 299 | "reference-auth": [ 300 | { 301 | "id": "81b9d551-3b5a-4c56-9dee-ee56e72beb3b", 302 | "name": "uma_protection", 303 | "composite": false, 304 | "clientRole": true, 305 | "containerId": "b0aa1970-e558-4014-8f56-9086d2a6cebd", 306 | "attributes": {} 307 | } 308 | ], 309 | "account": [ 310 | { 311 | "id": "015831f3-642e-4a88-bfc9-6391ea26d4fa", 312 | "name": "manage-consent", 313 | "description": "${role_manage-consent}", 314 | "composite": true, 315 | "composites": { 316 | "client": { 317 | "account": [ 318 | "view-consent" 319 | ] 320 | } 321 | }, 322 | "clientRole": true, 323 | "containerId": "5f33679a-e5bf-46b6-9cb1-75ec3c14d9eb", 324 | "attributes": {} 325 | }, 326 | { 327 | "id": "0f127baa-2a38-4db8-a611-dee48bc62d86", 328 | "name": "view-consent", 329 | "description": "${role_view-consent}", 330 | "composite": false, 331 | "clientRole": true, 332 | "containerId": "5f33679a-e5bf-46b6-9cb1-75ec3c14d9eb", 333 | "attributes": {} 334 | }, 335 | { 336 | "id": "a2a697e2-447f-410a-9c90-dd24dab996d6", 337 | "name": "manage-account", 338 | "description": "${role_manage-account}", 339 | "composite": true, 340 | "composites": { 341 | "client": { 342 | "account": [ 343 | "manage-account-links" 344 | ] 345 | } 346 | }, 347 | "clientRole": true, 348 | "containerId": "5f33679a-e5bf-46b6-9cb1-75ec3c14d9eb", 349 | "attributes": {} 350 | }, 351 | { 352 | "id": "b36ea10d-02fb-4c39-89be-f54d0c452042", 353 | "name": "view-applications", 354 | "description": "${role_view-applications}", 355 | "composite": false, 356 | "clientRole": true, 357 | "containerId": "5f33679a-e5bf-46b6-9cb1-75ec3c14d9eb", 358 | "attributes": {} 359 | }, 360 | { 361 | "id": "308a5da2-b123-4966-ae33-e5c56b21a0d5", 362 | "name": "manage-account-links", 363 | "description": "${role_manage-account-links}", 364 | "composite": false, 365 | "clientRole": true, 366 | "containerId": "5f33679a-e5bf-46b6-9cb1-75ec3c14d9eb", 367 | "attributes": {} 368 | }, 369 | { 370 | "id": "6b0276cf-349d-452e-8fe8-5e500e32d881", 371 | "name": "view-profile", 372 | "description": "${role_view-profile}", 373 | "composite": false, 374 | "clientRole": true, 375 | "containerId": "5f33679a-e5bf-46b6-9cb1-75ec3c14d9eb", 376 | "attributes": {} 377 | } 378 | ] 379 | } 380 | }, 381 | "groups": [ 382 | { 383 | "id": "a3ac901c-a83b-4674-8097-2e5a9b3fe754", 384 | "name": "Members", 385 | "path": "/Members", 386 | "attributes": {}, 387 | "realmRoles": [ 388 | "member" 389 | ], 390 | "clientRoles": {}, 391 | "subGroups": [] 392 | } 393 | ], 394 | "defaultRoles": [ 395 | "offline_access", 396 | "uma_authorization" 397 | ], 398 | "requiredCredentials": [ 399 | "password" 400 | ], 401 | "otpPolicyType": "totp", 402 | "otpPolicyAlgorithm": "HmacSHA1", 403 | "otpPolicyInitialCounter": 0, 404 | "otpPolicyDigits": 6, 405 | "otpPolicyLookAheadWindow": 1, 406 | "otpPolicyPeriod": 30, 407 | "otpSupportedApplications": [ 408 | "FreeOTP", 409 | "Google Authenticator" 410 | ], 411 | "webAuthnPolicyRpEntityName": "keycloak", 412 | "webAuthnPolicySignatureAlgorithms": [ 413 | "ES256" 414 | ], 415 | "webAuthnPolicyRpId": "", 416 | "webAuthnPolicyAttestationConveyancePreference": "not specified", 417 | "webAuthnPolicyAuthenticatorAttachment": "not specified", 418 | "webAuthnPolicyRequireResidentKey": "not specified", 419 | "webAuthnPolicyUserVerificationRequirement": "not specified", 420 | "webAuthnPolicyCreateTimeout": 0, 421 | "webAuthnPolicyAvoidSameAuthenticatorRegister": false, 422 | "webAuthnPolicyAcceptableAaguids": [], 423 | "webAuthnPolicyPasswordlessRpEntityName": "keycloak", 424 | "webAuthnPolicyPasswordlessSignatureAlgorithms": [ 425 | "ES256" 426 | ], 427 | "webAuthnPolicyPasswordlessRpId": "", 428 | "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", 429 | "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", 430 | "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", 431 | "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", 432 | "webAuthnPolicyPasswordlessCreateTimeout": 0, 433 | "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, 434 | "webAuthnPolicyPasswordlessAcceptableAaguids": [], 435 | "users": [ 436 | { 437 | "id": "5c2af765-8558-4a4e-8011-0d224ef681ae", 438 | "createdTimestamp": 1587752663139, 439 | "username": "service-account-reference-auth", 440 | "enabled": true, 441 | "totp": false, 442 | "emailVerified": false, 443 | "serviceAccountClientId": "reference-auth", 444 | "disableableCredentialTypes": [], 445 | "requiredActions": [], 446 | "realmRoles": [ 447 | "uma_authorization", 448 | "offline_access" 449 | ], 450 | "clientRoles": { 451 | "reference-auth": [ 452 | "uma_protection" 453 | ], 454 | "account": [ 455 | "manage-account", 456 | "view-profile" 457 | ] 458 | }, 459 | "notBefore": 0, 460 | "groups": [] 461 | } 462 | ], 463 | "scopeMappings": [ 464 | { 465 | "clientScope": "offline_access", 466 | "roles": [ 467 | "offline_access" 468 | ] 469 | } 470 | ], 471 | "clientScopeMappings": { 472 | "account": [ 473 | { 474 | "client": "account-console", 475 | "roles": [ 476 | "manage-account" 477 | ] 478 | } 479 | ] 480 | }, 481 | "clients": [ 482 | { 483 | "id": "5f33679a-e5bf-46b6-9cb1-75ec3c14d9eb", 484 | "clientId": "account", 485 | "name": "${client_account}", 486 | "rootUrl": "${authBaseUrl}", 487 | "baseUrl": "/realms/Development/account/", 488 | "surrogateAuthRequired": false, 489 | "enabled": true, 490 | "alwaysDisplayInConsole": false, 491 | "clientAuthenticatorType": "client-secret", 492 | "secret": "**********", 493 | "defaultRoles": [ 494 | "view-profile", 495 | "manage-account" 496 | ], 497 | "redirectUris": [ 498 | "/realms/Development/account/*" 499 | ], 500 | "webOrigins": [], 501 | "notBefore": 0, 502 | "bearerOnly": false, 503 | "consentRequired": false, 504 | "standardFlowEnabled": true, 505 | "implicitFlowEnabled": false, 506 | "directAccessGrantsEnabled": false, 507 | "serviceAccountsEnabled": false, 508 | "publicClient": false, 509 | "frontchannelLogout": false, 510 | "protocol": "openid-connect", 511 | "attributes": {}, 512 | "authenticationFlowBindingOverrides": {}, 513 | "fullScopeAllowed": false, 514 | "nodeReRegistrationTimeout": 0, 515 | "defaultClientScopes": [ 516 | "web-origins", 517 | "role_list", 518 | "profile", 519 | "roles", 520 | "email" 521 | ], 522 | "optionalClientScopes": [ 523 | "address", 524 | "phone", 525 | "offline_access", 526 | "microprofile-jwt" 527 | ] 528 | }, 529 | { 530 | "id": "321c27d5-f3c5-407a-9832-006a86070cc2", 531 | "clientId": "account-console", 532 | "name": "${client_account-console}", 533 | "rootUrl": "${authBaseUrl}", 534 | "baseUrl": "/realms/Development/account/", 535 | "surrogateAuthRequired": false, 536 | "enabled": true, 537 | "alwaysDisplayInConsole": false, 538 | "clientAuthenticatorType": "client-secret", 539 | "secret": "**********", 540 | "redirectUris": [ 541 | "/realms/Development/account/*" 542 | ], 543 | "webOrigins": [], 544 | "notBefore": 0, 545 | "bearerOnly": false, 546 | "consentRequired": false, 547 | "standardFlowEnabled": true, 548 | "implicitFlowEnabled": false, 549 | "directAccessGrantsEnabled": false, 550 | "serviceAccountsEnabled": false, 551 | "publicClient": true, 552 | "frontchannelLogout": false, 553 | "protocol": "openid-connect", 554 | "attributes": { 555 | "pkce.code.challenge.method": "S256" 556 | }, 557 | "authenticationFlowBindingOverrides": {}, 558 | "fullScopeAllowed": false, 559 | "nodeReRegistrationTimeout": 0, 560 | "protocolMappers": [ 561 | { 562 | "id": "4b7e7bc1-bf3c-47f0-8f08-62c8cb1f98d2", 563 | "name": "audience resolve", 564 | "protocol": "openid-connect", 565 | "protocolMapper": "oidc-audience-resolve-mapper", 566 | "consentRequired": false, 567 | "config": {} 568 | } 569 | ], 570 | "defaultClientScopes": [ 571 | "web-origins", 572 | "role_list", 573 | "profile", 574 | "roles", 575 | "email" 576 | ], 577 | "optionalClientScopes": [ 578 | "address", 579 | "phone", 580 | "offline_access", 581 | "microprofile-jwt" 582 | ] 583 | }, 584 | { 585 | "id": "8bd89bf9-1cde-49ce-8b4e-270e13cf1a44", 586 | "clientId": "admin-cli", 587 | "name": "${client_admin-cli}", 588 | "surrogateAuthRequired": false, 589 | "enabled": true, 590 | "alwaysDisplayInConsole": false, 591 | "clientAuthenticatorType": "client-secret", 592 | "secret": "**********", 593 | "redirectUris": [], 594 | "webOrigins": [], 595 | "notBefore": 0, 596 | "bearerOnly": false, 597 | "consentRequired": false, 598 | "standardFlowEnabled": false, 599 | "implicitFlowEnabled": false, 600 | "directAccessGrantsEnabled": true, 601 | "serviceAccountsEnabled": false, 602 | "publicClient": true, 603 | "frontchannelLogout": false, 604 | "protocol": "openid-connect", 605 | "attributes": {}, 606 | "authenticationFlowBindingOverrides": {}, 607 | "fullScopeAllowed": false, 608 | "nodeReRegistrationTimeout": 0, 609 | "defaultClientScopes": [ 610 | "web-origins", 611 | "role_list", 612 | "profile", 613 | "roles", 614 | "email" 615 | ], 616 | "optionalClientScopes": [ 617 | "address", 618 | "phone", 619 | "offline_access", 620 | "microprofile-jwt" 621 | ] 622 | }, 623 | { 624 | "id": "1c9d5dae-f3d0-4f17-94ef-6b8a8f481c06", 625 | "clientId": "broker", 626 | "name": "${client_broker}", 627 | "surrogateAuthRequired": false, 628 | "enabled": true, 629 | "alwaysDisplayInConsole": false, 630 | "clientAuthenticatorType": "client-secret", 631 | "secret": "**********", 632 | "redirectUris": [], 633 | "webOrigins": [], 634 | "notBefore": 0, 635 | "bearerOnly": false, 636 | "consentRequired": false, 637 | "standardFlowEnabled": true, 638 | "implicitFlowEnabled": false, 639 | "directAccessGrantsEnabled": false, 640 | "serviceAccountsEnabled": false, 641 | "publicClient": false, 642 | "frontchannelLogout": false, 643 | "protocol": "openid-connect", 644 | "attributes": {}, 645 | "authenticationFlowBindingOverrides": {}, 646 | "fullScopeAllowed": false, 647 | "nodeReRegistrationTimeout": 0, 648 | "defaultClientScopes": [ 649 | "web-origins", 650 | "role_list", 651 | "profile", 652 | "roles", 653 | "email" 654 | ], 655 | "optionalClientScopes": [ 656 | "address", 657 | "phone", 658 | "offline_access", 659 | "microprofile-jwt" 660 | ] 661 | }, 662 | { 663 | "id": "962df3c7-34b6-49a6-977b-21e820d49d65", 664 | "clientId": "realm-management", 665 | "name": "${client_realm-management}", 666 | "surrogateAuthRequired": false, 667 | "enabled": true, 668 | "alwaysDisplayInConsole": false, 669 | "clientAuthenticatorType": "client-secret", 670 | "secret": "**********", 671 | "redirectUris": [], 672 | "webOrigins": [], 673 | "notBefore": 0, 674 | "bearerOnly": true, 675 | "consentRequired": false, 676 | "standardFlowEnabled": true, 677 | "implicitFlowEnabled": false, 678 | "directAccessGrantsEnabled": false, 679 | "serviceAccountsEnabled": false, 680 | "publicClient": false, 681 | "frontchannelLogout": false, 682 | "protocol": "openid-connect", 683 | "attributes": {}, 684 | "authenticationFlowBindingOverrides": {}, 685 | "fullScopeAllowed": false, 686 | "nodeReRegistrationTimeout": 0, 687 | "defaultClientScopes": [ 688 | "web-origins", 689 | "role_list", 690 | "profile", 691 | "roles", 692 | "email" 693 | ], 694 | "optionalClientScopes": [ 695 | "address", 696 | "phone", 697 | "offline_access", 698 | "microprofile-jwt" 699 | ] 700 | }, 701 | { 702 | "id": "b0aa1970-e558-4014-8f56-9086d2a6cebd", 703 | "clientId": "reference-auth", 704 | "rootUrl": "", 705 | "adminUrl": "http://sandbox:8060/*", 706 | "baseUrl": "http://sandbox:8060/authorize", 707 | "surrogateAuthRequired": false, 708 | "enabled": true, 709 | "alwaysDisplayInConsole": false, 710 | "clientAuthenticatorType": "client-secret", 711 | "secret": "593ada9c-b1dc-444f-a2e6-30cc4add8146", 712 | "redirectUris": [ 713 | "http://sandbox:8060/*", 714 | "http://localhost:3001/*" 715 | ], 716 | "webOrigins": [ 717 | "http://sandbox:8060/" 718 | ], 719 | "notBefore": 0, 720 | "bearerOnly": false, 721 | "consentRequired": false, 722 | "standardFlowEnabled": true, 723 | "implicitFlowEnabled": false, 724 | "directAccessGrantsEnabled": true, 725 | "serviceAccountsEnabled": true, 726 | "authorizationServicesEnabled": true, 727 | "publicClient": false, 728 | "frontchannelLogout": false, 729 | "protocol": "openid-connect", 730 | "attributes": { 731 | "saml.assertion.signature": "false", 732 | "access.token.lifespan": "28800", 733 | "saml.force.post.binding": "false", 734 | "saml.multivalued.roles": "false", 735 | "saml.encrypt": "false", 736 | "saml.server.signature": "false", 737 | "saml.server.signature.keyinfo.ext": "false", 738 | "exclude.session.state.from.auth.response": "false", 739 | "saml_force_name_id_format": "false", 740 | "saml.client.signature": "false", 741 | "tls.client.certificate.bound.access.tokens": "false", 742 | "saml.authnstatement": "false", 743 | "display.on.consent.screen": "false", 744 | "saml.onetimeuse.condition": "false" 745 | }, 746 | "authenticationFlowBindingOverrides": {}, 747 | "fullScopeAllowed": true, 748 | "nodeReRegistrationTimeout": -1, 749 | "protocolMappers": [ 750 | { 751 | "id": "33a5f7f3-0cb5-4ced-8e80-3a708dd78ffd", 752 | "name": "Client ID", 753 | "protocol": "openid-connect", 754 | "protocolMapper": "oidc-usersessionmodel-note-mapper", 755 | "consentRequired": false, 756 | "config": { 757 | "user.session.note": "clientId", 758 | "userinfo.token.claim": "true", 759 | "id.token.claim": "true", 760 | "access.token.claim": "true", 761 | "claim.name": "clientId", 762 | "jsonType.label": "String" 763 | } 764 | }, 765 | { 766 | "id": "32f06648-d8a5-4891-8188-99633ea3e8ef", 767 | "name": "Client Host", 768 | "protocol": "openid-connect", 769 | "protocolMapper": "oidc-usersessionmodel-note-mapper", 770 | "consentRequired": false, 771 | "config": { 772 | "user.session.note": "clientHost", 773 | "userinfo.token.claim": "true", 774 | "id.token.claim": "true", 775 | "access.token.claim": "true", 776 | "claim.name": "clientHost", 777 | "jsonType.label": "String" 778 | } 779 | }, 780 | { 781 | "id": "a4bff786-61d9-4629-a5b2-d37ed3d69692", 782 | "name": "Client IP Address", 783 | "protocol": "openid-connect", 784 | "protocolMapper": "oidc-usersessionmodel-note-mapper", 785 | "consentRequired": false, 786 | "config": { 787 | "user.session.note": "clientAddress", 788 | "userinfo.token.claim": "true", 789 | "id.token.claim": "true", 790 | "access.token.claim": "true", 791 | "claim.name": "clientAddress", 792 | "jsonType.label": "String" 793 | } 794 | } 795 | ], 796 | "defaultClientScopes": [ 797 | "web-origins", 798 | "role_list", 799 | "profile", 800 | "roles", 801 | "email" 802 | ], 803 | "optionalClientScopes": [ 804 | "address", 805 | "phone", 806 | "offline_access", 807 | "microprofile-jwt" 808 | ], 809 | "authorizationSettings": { 810 | "allowRemoteResourceManagement": true, 811 | "policyEnforcementMode": "ENFORCING", 812 | "resources": [ 813 | { 814 | "name": "Default Resource", 815 | "type": "urn:reference-auth:resources:default", 816 | "ownerManagedAccess": false, 817 | "attributes": {}, 818 | "_id": "6b47f73e-fa2a-4c41-88db-032d82e15d3c", 819 | "uris": [ 820 | "/*" 821 | ] 822 | } 823 | ], 824 | "policies": [ 825 | { 826 | "id": "79d4a3f6-7695-4882-96ac-9ee675b3e8c1", 827 | "name": "Default Policy", 828 | "description": "A policy that grants access only for users within this realm", 829 | "type": "js", 830 | "logic": "POSITIVE", 831 | "decisionStrategy": "AFFIRMATIVE", 832 | "config": { 833 | "code": "// by default, grants any permission associated with this policy\n$evaluation.grant();\n" 834 | } 835 | }, 836 | { 837 | "id": "ff0a0e08-266e-488f-beb5-2fe04275188e", 838 | "name": "Default Permission", 839 | "description": "A permission that applies to the default resource type", 840 | "type": "resource", 841 | "logic": "POSITIVE", 842 | "decisionStrategy": "UNANIMOUS", 843 | "config": { 844 | "defaultResourceType": "urn:reference-auth:resources:default", 845 | "applyPolicies": "[\"Default Policy\"]" 846 | } 847 | } 848 | ], 849 | "scopes": [], 850 | "decisionStrategy": "UNANIMOUS" 851 | } 852 | }, 853 | { 854 | "id": "596372dd-e55d-4b73-b324-e18847c0d57f", 855 | "clientId": "security-admin-console", 856 | "name": "${client_security-admin-console}", 857 | "rootUrl": "${authAdminUrl}", 858 | "baseUrl": "/admin/Development/console/", 859 | "surrogateAuthRequired": false, 860 | "enabled": true, 861 | "alwaysDisplayInConsole": false, 862 | "clientAuthenticatorType": "client-secret", 863 | "secret": "**********", 864 | "redirectUris": [ 865 | "/admin/Development/console/*" 866 | ], 867 | "webOrigins": [ 868 | "+" 869 | ], 870 | "notBefore": 0, 871 | "bearerOnly": false, 872 | "consentRequired": false, 873 | "standardFlowEnabled": true, 874 | "implicitFlowEnabled": false, 875 | "directAccessGrantsEnabled": false, 876 | "serviceAccountsEnabled": false, 877 | "publicClient": true, 878 | "frontchannelLogout": false, 879 | "protocol": "openid-connect", 880 | "attributes": { 881 | "pkce.code.challenge.method": "S256" 882 | }, 883 | "authenticationFlowBindingOverrides": {}, 884 | "fullScopeAllowed": false, 885 | "nodeReRegistrationTimeout": 0, 886 | "protocolMappers": [ 887 | { 888 | "id": "4055927d-4fb3-4e0f-9a8b-65f448f89b06", 889 | "name": "locale", 890 | "protocol": "openid-connect", 891 | "protocolMapper": "oidc-usermodel-attribute-mapper", 892 | "consentRequired": false, 893 | "config": { 894 | "userinfo.token.claim": "true", 895 | "user.attribute": "locale", 896 | "id.token.claim": "true", 897 | "access.token.claim": "true", 898 | "claim.name": "locale", 899 | "jsonType.label": "String" 900 | } 901 | } 902 | ], 903 | "defaultClientScopes": [ 904 | "web-origins", 905 | "role_list", 906 | "profile", 907 | "roles", 908 | "email" 909 | ], 910 | "optionalClientScopes": [ 911 | "address", 912 | "phone", 913 | "offline_access", 914 | "microprofile-jwt" 915 | ] 916 | } 917 | ], 918 | "clientScopes": [ 919 | { 920 | "id": "3f053da8-b1eb-45af-8ca3-82b97e572149", 921 | "name": "address", 922 | "description": "OpenID Connect built-in scope: address", 923 | "protocol": "openid-connect", 924 | "attributes": { 925 | "include.in.token.scope": "true", 926 | "display.on.consent.screen": "true", 927 | "consent.screen.text": "${addressScopeConsentText}" 928 | }, 929 | "protocolMappers": [ 930 | { 931 | "id": "133fb27d-4575-4569-9a4a-8372066282aa", 932 | "name": "address", 933 | "protocol": "openid-connect", 934 | "protocolMapper": "oidc-address-mapper", 935 | "consentRequired": false, 936 | "config": { 937 | "user.attribute.formatted": "formatted", 938 | "user.attribute.country": "country", 939 | "user.attribute.postal_code": "postal_code", 940 | "userinfo.token.claim": "true", 941 | "user.attribute.street": "street", 942 | "id.token.claim": "true", 943 | "user.attribute.region": "region", 944 | "access.token.claim": "true", 945 | "user.attribute.locality": "locality" 946 | } 947 | } 948 | ] 949 | }, 950 | { 951 | "id": "25129e87-3873-4424-9b7e-df0d881e71ca", 952 | "name": "email", 953 | "description": "OpenID Connect built-in scope: email", 954 | "protocol": "openid-connect", 955 | "attributes": { 956 | "include.in.token.scope": "true", 957 | "display.on.consent.screen": "true", 958 | "consent.screen.text": "${emailScopeConsentText}" 959 | }, 960 | "protocolMappers": [ 961 | { 962 | "id": "10fafdad-616b-4041-9a1a-365c0a989bbc", 963 | "name": "email verified", 964 | "protocol": "openid-connect", 965 | "protocolMapper": "oidc-usermodel-property-mapper", 966 | "consentRequired": false, 967 | "config": { 968 | "userinfo.token.claim": "true", 969 | "user.attribute": "emailVerified", 970 | "id.token.claim": "true", 971 | "access.token.claim": "true", 972 | "claim.name": "email_verified", 973 | "jsonType.label": "boolean" 974 | } 975 | }, 976 | { 977 | "id": "1589d244-2e46-4e06-88ed-01092cc2cb6e", 978 | "name": "email", 979 | "protocol": "openid-connect", 980 | "protocolMapper": "oidc-usermodel-property-mapper", 981 | "consentRequired": false, 982 | "config": { 983 | "userinfo.token.claim": "true", 984 | "user.attribute": "email", 985 | "id.token.claim": "true", 986 | "access.token.claim": "true", 987 | "claim.name": "email", 988 | "jsonType.label": "String" 989 | } 990 | } 991 | ] 992 | }, 993 | { 994 | "id": "acbbf1e5-9234-4cf1-ba5a-cd319d46a9a7", 995 | "name": "microprofile-jwt", 996 | "description": "Microprofile - JWT built-in scope", 997 | "protocol": "openid-connect", 998 | "attributes": { 999 | "include.in.token.scope": "true", 1000 | "display.on.consent.screen": "false" 1001 | }, 1002 | "protocolMappers": [ 1003 | { 1004 | "id": "25df1477-e0bb-4b72-975a-4efe994efe53", 1005 | "name": "groups", 1006 | "protocol": "openid-connect", 1007 | "protocolMapper": "oidc-usermodel-realm-role-mapper", 1008 | "consentRequired": false, 1009 | "config": { 1010 | "multivalued": "true", 1011 | "userinfo.token.claim": "true", 1012 | "user.attribute": "foo", 1013 | "id.token.claim": "true", 1014 | "access.token.claim": "true", 1015 | "claim.name": "groups", 1016 | "jsonType.label": "String" 1017 | } 1018 | }, 1019 | { 1020 | "id": "cd4a1df5-c276-4594-a5ce-6384f0b8654e", 1021 | "name": "upn", 1022 | "protocol": "openid-connect", 1023 | "protocolMapper": "oidc-usermodel-property-mapper", 1024 | "consentRequired": false, 1025 | "config": { 1026 | "userinfo.token.claim": "true", 1027 | "user.attribute": "username", 1028 | "id.token.claim": "true", 1029 | "access.token.claim": "true", 1030 | "claim.name": "upn", 1031 | "jsonType.label": "String" 1032 | } 1033 | } 1034 | ] 1035 | }, 1036 | { 1037 | "id": "46b6b9ce-9ff9-403e-afe5-459d6b5777db", 1038 | "name": "offline_access", 1039 | "description": "OpenID Connect built-in scope: offline_access", 1040 | "protocol": "openid-connect", 1041 | "attributes": { 1042 | "consent.screen.text": "${offlineAccessScopeConsentText}", 1043 | "display.on.consent.screen": "true" 1044 | } 1045 | }, 1046 | { 1047 | "id": "f99f3aff-0cf3-449a-9e9c-858e126640f3", 1048 | "name": "phone", 1049 | "description": "OpenID Connect built-in scope: phone", 1050 | "protocol": "openid-connect", 1051 | "attributes": { 1052 | "include.in.token.scope": "true", 1053 | "display.on.consent.screen": "true", 1054 | "consent.screen.text": "${phoneScopeConsentText}" 1055 | }, 1056 | "protocolMappers": [ 1057 | { 1058 | "id": "9143da83-c31f-402d-ae94-466502f07c90", 1059 | "name": "phone number", 1060 | "protocol": "openid-connect", 1061 | "protocolMapper": "oidc-usermodel-attribute-mapper", 1062 | "consentRequired": false, 1063 | "config": { 1064 | "userinfo.token.claim": "true", 1065 | "user.attribute": "phoneNumber", 1066 | "id.token.claim": "true", 1067 | "access.token.claim": "true", 1068 | "claim.name": "phone_number", 1069 | "jsonType.label": "String" 1070 | } 1071 | }, 1072 | { 1073 | "id": "a6c1a263-bd19-4286-a6b7-502dd28edc23", 1074 | "name": "phone number verified", 1075 | "protocol": "openid-connect", 1076 | "protocolMapper": "oidc-usermodel-attribute-mapper", 1077 | "consentRequired": false, 1078 | "config": { 1079 | "userinfo.token.claim": "true", 1080 | "user.attribute": "phoneNumberVerified", 1081 | "id.token.claim": "true", 1082 | "access.token.claim": "true", 1083 | "claim.name": "phone_number_verified", 1084 | "jsonType.label": "boolean" 1085 | } 1086 | } 1087 | ] 1088 | }, 1089 | { 1090 | "id": "c745fc8f-e6f0-4993-b6e8-df4c0d15b09c", 1091 | "name": "profile", 1092 | "description": "OpenID Connect built-in scope: profile", 1093 | "protocol": "openid-connect", 1094 | "attributes": { 1095 | "include.in.token.scope": "true", 1096 | "display.on.consent.screen": "true", 1097 | "consent.screen.text": "${profileScopeConsentText}" 1098 | }, 1099 | "protocolMappers": [ 1100 | { 1101 | "id": "7a8c8738-61c7-4380-9b95-bda169d2b7d1", 1102 | "name": "family name", 1103 | "protocol": "openid-connect", 1104 | "protocolMapper": "oidc-usermodel-property-mapper", 1105 | "consentRequired": false, 1106 | "config": { 1107 | "userinfo.token.claim": "true", 1108 | "user.attribute": "lastName", 1109 | "id.token.claim": "true", 1110 | "access.token.claim": "true", 1111 | "claim.name": "family_name", 1112 | "jsonType.label": "String" 1113 | } 1114 | }, 1115 | { 1116 | "id": "2c9e3ddb-a42a-43bf-a99e-164c56dababd", 1117 | "name": "username", 1118 | "protocol": "openid-connect", 1119 | "protocolMapper": "oidc-usermodel-property-mapper", 1120 | "consentRequired": false, 1121 | "config": { 1122 | "userinfo.token.claim": "true", 1123 | "user.attribute": "username", 1124 | "id.token.claim": "true", 1125 | "access.token.claim": "true", 1126 | "claim.name": "preferred_username", 1127 | "jsonType.label": "String" 1128 | } 1129 | }, 1130 | { 1131 | "id": "f1894343-5a7e-47ec-8c65-8010c7893c7f", 1132 | "name": "website", 1133 | "protocol": "openid-connect", 1134 | "protocolMapper": "oidc-usermodel-attribute-mapper", 1135 | "consentRequired": false, 1136 | "config": { 1137 | "userinfo.token.claim": "true", 1138 | "user.attribute": "website", 1139 | "id.token.claim": "true", 1140 | "access.token.claim": "true", 1141 | "claim.name": "website", 1142 | "jsonType.label": "String" 1143 | } 1144 | }, 1145 | { 1146 | "id": "62a8d6af-f6d9-44fe-8cf5-cf5c1833e7d3", 1147 | "name": "given name", 1148 | "protocol": "openid-connect", 1149 | "protocolMapper": "oidc-usermodel-property-mapper", 1150 | "consentRequired": false, 1151 | "config": { 1152 | "userinfo.token.claim": "true", 1153 | "user.attribute": "firstName", 1154 | "id.token.claim": "true", 1155 | "access.token.claim": "true", 1156 | "claim.name": "given_name", 1157 | "jsonType.label": "String" 1158 | } 1159 | }, 1160 | { 1161 | "id": "e1752e6b-558d-4668-a222-a2a10deea79c", 1162 | "name": "profile", 1163 | "protocol": "openid-connect", 1164 | "protocolMapper": "oidc-usermodel-attribute-mapper", 1165 | "consentRequired": false, 1166 | "config": { 1167 | "userinfo.token.claim": "true", 1168 | "user.attribute": "profile", 1169 | "id.token.claim": "true", 1170 | "access.token.claim": "true", 1171 | "claim.name": "profile", 1172 | "jsonType.label": "String" 1173 | } 1174 | }, 1175 | { 1176 | "id": "67a2898a-d867-46ad-b9da-d8914102162a", 1177 | "name": "gender", 1178 | "protocol": "openid-connect", 1179 | "protocolMapper": "oidc-usermodel-attribute-mapper", 1180 | "consentRequired": false, 1181 | "config": { 1182 | "userinfo.token.claim": "true", 1183 | "user.attribute": "gender", 1184 | "id.token.claim": "true", 1185 | "access.token.claim": "true", 1186 | "claim.name": "gender", 1187 | "jsonType.label": "String" 1188 | } 1189 | }, 1190 | { 1191 | "id": "eff5e430-5e18-4022-8699-be5855448c56", 1192 | "name": "birthdate", 1193 | "protocol": "openid-connect", 1194 | "protocolMapper": "oidc-usermodel-attribute-mapper", 1195 | "consentRequired": false, 1196 | "config": { 1197 | "userinfo.token.claim": "true", 1198 | "user.attribute": "birthdate", 1199 | "id.token.claim": "true", 1200 | "access.token.claim": "true", 1201 | "claim.name": "birthdate", 1202 | "jsonType.label": "String" 1203 | } 1204 | }, 1205 | { 1206 | "id": "a1ccca97-570d-460e-b43c-958a51e411dc", 1207 | "name": "middle name", 1208 | "protocol": "openid-connect", 1209 | "protocolMapper": "oidc-usermodel-attribute-mapper", 1210 | "consentRequired": false, 1211 | "config": { 1212 | "userinfo.token.claim": "true", 1213 | "user.attribute": "middleName", 1214 | "id.token.claim": "true", 1215 | "access.token.claim": "true", 1216 | "claim.name": "middle_name", 1217 | "jsonType.label": "String" 1218 | } 1219 | }, 1220 | { 1221 | "id": "d27570aa-132b-49fe-a4a1-973d02434db3", 1222 | "name": "picture", 1223 | "protocol": "openid-connect", 1224 | "protocolMapper": "oidc-usermodel-attribute-mapper", 1225 | "consentRequired": false, 1226 | "config": { 1227 | "userinfo.token.claim": "true", 1228 | "user.attribute": "picture", 1229 | "id.token.claim": "true", 1230 | "access.token.claim": "true", 1231 | "claim.name": "picture", 1232 | "jsonType.label": "String" 1233 | } 1234 | }, 1235 | { 1236 | "id": "f7122343-1976-4af5-83f1-050d45a37e2a", 1237 | "name": "zoneinfo", 1238 | "protocol": "openid-connect", 1239 | "protocolMapper": "oidc-usermodel-attribute-mapper", 1240 | "consentRequired": false, 1241 | "config": { 1242 | "userinfo.token.claim": "true", 1243 | "user.attribute": "zoneinfo", 1244 | "id.token.claim": "true", 1245 | "access.token.claim": "true", 1246 | "claim.name": "zoneinfo", 1247 | "jsonType.label": "String" 1248 | } 1249 | }, 1250 | { 1251 | "id": "e90e935f-b581-4af6-8f75-b59231a6ffbc", 1252 | "name": "updated at", 1253 | "protocol": "openid-connect", 1254 | "protocolMapper": "oidc-usermodel-attribute-mapper", 1255 | "consentRequired": false, 1256 | "config": { 1257 | "userinfo.token.claim": "true", 1258 | "user.attribute": "updatedAt", 1259 | "id.token.claim": "true", 1260 | "access.token.claim": "true", 1261 | "claim.name": "updated_at", 1262 | "jsonType.label": "String" 1263 | } 1264 | }, 1265 | { 1266 | "id": "5b0d2161-a099-4526-ba52-951ea8211937", 1267 | "name": "locale", 1268 | "protocol": "openid-connect", 1269 | "protocolMapper": "oidc-usermodel-attribute-mapper", 1270 | "consentRequired": false, 1271 | "config": { 1272 | "userinfo.token.claim": "true", 1273 | "user.attribute": "locale", 1274 | "id.token.claim": "true", 1275 | "access.token.claim": "true", 1276 | "claim.name": "locale", 1277 | "jsonType.label": "String" 1278 | } 1279 | }, 1280 | { 1281 | "id": "767b1809-7074-468f-a37d-242768fee503", 1282 | "name": "full name", 1283 | "protocol": "openid-connect", 1284 | "protocolMapper": "oidc-full-name-mapper", 1285 | "consentRequired": false, 1286 | "config": { 1287 | "id.token.claim": "true", 1288 | "access.token.claim": "true", 1289 | "userinfo.token.claim": "true" 1290 | } 1291 | }, 1292 | { 1293 | "id": "a1c3e991-4471-461c-b9dc-696d12b890f8", 1294 | "name": "nickname", 1295 | "protocol": "openid-connect", 1296 | "protocolMapper": "oidc-usermodel-attribute-mapper", 1297 | "consentRequired": false, 1298 | "config": { 1299 | "userinfo.token.claim": "true", 1300 | "user.attribute": "nickname", 1301 | "id.token.claim": "true", 1302 | "access.token.claim": "true", 1303 | "claim.name": "nickname", 1304 | "jsonType.label": "String" 1305 | } 1306 | } 1307 | ] 1308 | }, 1309 | { 1310 | "id": "fb556c63-9a66-432b-b722-dc17474660b4", 1311 | "name": "roles", 1312 | "description": "OpenID Connect scope for add user roles to the access token", 1313 | "protocol": "openid-connect", 1314 | "attributes": { 1315 | "include.in.token.scope": "false", 1316 | "display.on.consent.screen": "true", 1317 | "consent.screen.text": "${rolesScopeConsentText}" 1318 | }, 1319 | "protocolMappers": [ 1320 | { 1321 | "id": "5eb435d4-b6fc-448d-a37b-cf1e1bd26bec", 1322 | "name": "realm roles", 1323 | "protocol": "openid-connect", 1324 | "protocolMapper": "oidc-usermodel-realm-role-mapper", 1325 | "consentRequired": false, 1326 | "config": { 1327 | "user.attribute": "foo", 1328 | "access.token.claim": "true", 1329 | "claim.name": "realm_access.roles", 1330 | "jsonType.label": "String", 1331 | "multivalued": "true" 1332 | } 1333 | }, 1334 | { 1335 | "id": "d236e278-e757-46ef-937e-bae517498b55", 1336 | "name": "client roles", 1337 | "protocol": "openid-connect", 1338 | "protocolMapper": "oidc-usermodel-client-role-mapper", 1339 | "consentRequired": false, 1340 | "config": { 1341 | "user.attribute": "foo", 1342 | "access.token.claim": "true", 1343 | "claim.name": "resource_access.${client_id}.roles", 1344 | "jsonType.label": "String", 1345 | "multivalued": "true" 1346 | } 1347 | }, 1348 | { 1349 | "id": "72552149-1fff-4e8a-90cd-38ea0f806d5b", 1350 | "name": "audience resolve", 1351 | "protocol": "openid-connect", 1352 | "protocolMapper": "oidc-audience-resolve-mapper", 1353 | "consentRequired": false, 1354 | "config": {} 1355 | } 1356 | ] 1357 | }, 1358 | { 1359 | "id": "ea0af24d-22aa-4ba0-bd52-52a2ba30d2a9", 1360 | "name": "role_list", 1361 | "description": "SAML role list", 1362 | "protocol": "saml", 1363 | "attributes": { 1364 | "consent.screen.text": "${samlRoleListScopeConsentText}", 1365 | "display.on.consent.screen": "true" 1366 | }, 1367 | "protocolMappers": [ 1368 | { 1369 | "id": "9c35da8d-ecb9-4847-9703-56cb87674a42", 1370 | "name": "role list", 1371 | "protocol": "saml", 1372 | "protocolMapper": "saml-role-list-mapper", 1373 | "consentRequired": false, 1374 | "config": { 1375 | "single": "false", 1376 | "attribute.nameformat": "Basic", 1377 | "attribute.name": "Role" 1378 | } 1379 | } 1380 | ] 1381 | }, 1382 | { 1383 | "id": "f5f24bf7-1361-49f5-bb85-6b3b1e0923d5", 1384 | "name": "web-origins", 1385 | "description": "OpenID Connect scope for add allowed web origins to the access token", 1386 | "protocol": "openid-connect", 1387 | "attributes": { 1388 | "include.in.token.scope": "false", 1389 | "display.on.consent.screen": "false", 1390 | "consent.screen.text": "" 1391 | }, 1392 | "protocolMappers": [ 1393 | { 1394 | "id": "461baa96-6d59-4f73-a4b2-a04ef24c35c7", 1395 | "name": "allowed web origins", 1396 | "protocol": "openid-connect", 1397 | "protocolMapper": "oidc-allowed-origins-mapper", 1398 | "consentRequired": false, 1399 | "config": {} 1400 | } 1401 | ] 1402 | } 1403 | ], 1404 | "defaultDefaultClientScopes": [ 1405 | "email", 1406 | "profile", 1407 | "role_list", 1408 | "web-origins", 1409 | "roles" 1410 | ], 1411 | "defaultOptionalClientScopes": [ 1412 | "address", 1413 | "offline_access", 1414 | "microprofile-jwt", 1415 | "phone" 1416 | ], 1417 | "browserSecurityHeaders": { 1418 | "contentSecurityPolicyReportOnly": "", 1419 | "xContentTypeOptions": "nosniff", 1420 | "xRobotsTag": "none", 1421 | "xFrameOptions": "SAMEORIGIN", 1422 | "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", 1423 | "xXSSProtection": "1; mode=block", 1424 | "strictTransportSecurity": "max-age=31536000; includeSubDomains" 1425 | }, 1426 | "smtpServer": {}, 1427 | "eventsEnabled": false, 1428 | "eventsListeners": [ 1429 | "jboss-logging" 1430 | ], 1431 | "enabledEventTypes": [], 1432 | "adminEventsEnabled": false, 1433 | "adminEventsDetailsEnabled": false, 1434 | "components": { 1435 | "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ 1436 | { 1437 | "id": "5be52e7b-aa3d-42de-8850-a54068db72aa", 1438 | "name": "Allowed Protocol Mapper Types", 1439 | "providerId": "allowed-protocol-mappers", 1440 | "subType": "authenticated", 1441 | "subComponents": {}, 1442 | "config": { 1443 | "allowed-protocol-mapper-types": [ 1444 | "saml-user-property-mapper", 1445 | "oidc-address-mapper", 1446 | "saml-user-attribute-mapper", 1447 | "oidc-usermodel-attribute-mapper", 1448 | "oidc-usermodel-property-mapper", 1449 | "oidc-sha256-pairwise-sub-mapper", 1450 | "oidc-full-name-mapper", 1451 | "saml-role-list-mapper" 1452 | ] 1453 | } 1454 | }, 1455 | { 1456 | "id": "d01eeb25-b06e-4ec2-b429-ff00c42a3d66", 1457 | "name": "Max Clients Limit", 1458 | "providerId": "max-clients", 1459 | "subType": "anonymous", 1460 | "subComponents": {}, 1461 | "config": { 1462 | "max-clients": [ 1463 | "200" 1464 | ] 1465 | } 1466 | }, 1467 | { 1468 | "id": "e8f1f7cf-6117-4ddf-98ae-d78676771a2c", 1469 | "name": "Consent Required", 1470 | "providerId": "consent-required", 1471 | "subType": "anonymous", 1472 | "subComponents": {}, 1473 | "config": {} 1474 | }, 1475 | { 1476 | "id": "9379990f-d224-4d0b-b8a7-77ea1063708f", 1477 | "name": "Full Scope Disabled", 1478 | "providerId": "scope", 1479 | "subType": "anonymous", 1480 | "subComponents": {}, 1481 | "config": {} 1482 | }, 1483 | { 1484 | "id": "aae8f753-2b38-4db1-b294-cbc8f7cabe10", 1485 | "name": "Allowed Client Scopes", 1486 | "providerId": "allowed-client-templates", 1487 | "subType": "anonymous", 1488 | "subComponents": {}, 1489 | "config": { 1490 | "allow-default-scopes": [ 1491 | "true" 1492 | ] 1493 | } 1494 | }, 1495 | { 1496 | "id": "6d70e3b1-00e7-4a26-b8de-ef3409828f99", 1497 | "name": "Trusted Hosts", 1498 | "providerId": "trusted-hosts", 1499 | "subType": "anonymous", 1500 | "subComponents": {}, 1501 | "config": { 1502 | "host-sending-registration-request-must-match": [ 1503 | "true" 1504 | ], 1505 | "client-uris-must-match": [ 1506 | "true" 1507 | ] 1508 | } 1509 | }, 1510 | { 1511 | "id": "65757ce6-bd08-47a6-9c4b-31ee673c5d32", 1512 | "name": "Allowed Protocol Mapper Types", 1513 | "providerId": "allowed-protocol-mappers", 1514 | "subType": "anonymous", 1515 | "subComponents": {}, 1516 | "config": { 1517 | "allowed-protocol-mapper-types": [ 1518 | "saml-role-list-mapper", 1519 | "oidc-full-name-mapper", 1520 | "saml-user-property-mapper", 1521 | "oidc-usermodel-attribute-mapper", 1522 | "saml-user-attribute-mapper", 1523 | "oidc-address-mapper", 1524 | "oidc-sha256-pairwise-sub-mapper", 1525 | "oidc-usermodel-property-mapper" 1526 | ] 1527 | } 1528 | }, 1529 | { 1530 | "id": "ec9f242a-4fe2-454c-9435-9823b3c66865", 1531 | "name": "Allowed Client Scopes", 1532 | "providerId": "allowed-client-templates", 1533 | "subType": "authenticated", 1534 | "subComponents": {}, 1535 | "config": { 1536 | "allow-default-scopes": [ 1537 | "true" 1538 | ] 1539 | } 1540 | } 1541 | ], 1542 | "org.keycloak.keys.KeyProvider": [ 1543 | { 1544 | "id": "8e501928-e141-45c1-8a71-913ffd9ab513", 1545 | "name": "hmac-generated", 1546 | "providerId": "hmac-generated", 1547 | "subComponents": {}, 1548 | "config": { 1549 | "priority": [ 1550 | "100" 1551 | ], 1552 | "algorithm": [ 1553 | "HS256" 1554 | ] 1555 | } 1556 | }, 1557 | { 1558 | "id": "41a85e5c-0c1a-4e7e-987d-e97c712370d6", 1559 | "name": "aes-generated", 1560 | "providerId": "aes-generated", 1561 | "subComponents": {}, 1562 | "config": { 1563 | "priority": [ 1564 | "100" 1565 | ] 1566 | } 1567 | }, 1568 | { 1569 | "id": "230a4d75-570e-411f-b242-ea57f0980518", 1570 | "name": "rsa-generated", 1571 | "providerId": "rsa-generated", 1572 | "subComponents": {}, 1573 | "config": { 1574 | "priority": [ 1575 | "100" 1576 | ] 1577 | } 1578 | } 1579 | ] 1580 | }, 1581 | "internationalizationEnabled": false, 1582 | "supportedLocales": [], 1583 | "authenticationFlows": [ 1584 | { 1585 | "id": "25082c02-8bca-4893-82db-57bd28b9c781", 1586 | "alias": "Account verification options", 1587 | "description": "Method with which to verity the existing account", 1588 | "providerId": "basic-flow", 1589 | "topLevel": false, 1590 | "builtIn": true, 1591 | "authenticationExecutions": [ 1592 | { 1593 | "authenticator": "idp-email-verification", 1594 | "requirement": "ALTERNATIVE", 1595 | "priority": 10, 1596 | "userSetupAllowed": false, 1597 | "autheticatorFlow": false 1598 | }, 1599 | { 1600 | "requirement": "ALTERNATIVE", 1601 | "priority": 20, 1602 | "flowAlias": "Verify Existing Account by Re-authentication", 1603 | "userSetupAllowed": false, 1604 | "autheticatorFlow": true 1605 | } 1606 | ] 1607 | }, 1608 | { 1609 | "id": "9907f922-b3c4-469c-bc98-10ff092b050b", 1610 | "alias": "Authentication Options", 1611 | "description": "Authentication options.", 1612 | "providerId": "basic-flow", 1613 | "topLevel": false, 1614 | "builtIn": true, 1615 | "authenticationExecutions": [ 1616 | { 1617 | "authenticator": "basic-auth", 1618 | "requirement": "REQUIRED", 1619 | "priority": 10, 1620 | "userSetupAllowed": false, 1621 | "autheticatorFlow": false 1622 | }, 1623 | { 1624 | "authenticator": "basic-auth-otp", 1625 | "requirement": "DISABLED", 1626 | "priority": 20, 1627 | "userSetupAllowed": false, 1628 | "autheticatorFlow": false 1629 | }, 1630 | { 1631 | "authenticator": "auth-spnego", 1632 | "requirement": "DISABLED", 1633 | "priority": 30, 1634 | "userSetupAllowed": false, 1635 | "autheticatorFlow": false 1636 | } 1637 | ] 1638 | }, 1639 | { 1640 | "id": "e4b7a8b7-6312-4cbd-bc48-33b8af95de14", 1641 | "alias": "Browser - Conditional OTP", 1642 | "description": "Flow to determine if the OTP is required for the authentication", 1643 | "providerId": "basic-flow", 1644 | "topLevel": false, 1645 | "builtIn": true, 1646 | "authenticationExecutions": [ 1647 | { 1648 | "authenticator": "conditional-user-configured", 1649 | "requirement": "REQUIRED", 1650 | "priority": 10, 1651 | "userSetupAllowed": false, 1652 | "autheticatorFlow": false 1653 | }, 1654 | { 1655 | "authenticator": "auth-otp-form", 1656 | "requirement": "REQUIRED", 1657 | "priority": 20, 1658 | "userSetupAllowed": false, 1659 | "autheticatorFlow": false 1660 | } 1661 | ] 1662 | }, 1663 | { 1664 | "id": "1b63b9d2-3cce-4967-aa65-8e550507880e", 1665 | "alias": "Direct Grant - Conditional OTP", 1666 | "description": "Flow to determine if the OTP is required for the authentication", 1667 | "providerId": "basic-flow", 1668 | "topLevel": false, 1669 | "builtIn": true, 1670 | "authenticationExecutions": [ 1671 | { 1672 | "authenticator": "conditional-user-configured", 1673 | "requirement": "REQUIRED", 1674 | "priority": 10, 1675 | "userSetupAllowed": false, 1676 | "autheticatorFlow": false 1677 | }, 1678 | { 1679 | "authenticator": "direct-grant-validate-otp", 1680 | "requirement": "REQUIRED", 1681 | "priority": 20, 1682 | "userSetupAllowed": false, 1683 | "autheticatorFlow": false 1684 | } 1685 | ] 1686 | }, 1687 | { 1688 | "id": "20b7953b-ddee-4355-9017-ab93f3e796e7", 1689 | "alias": "First broker login - Conditional OTP", 1690 | "description": "Flow to determine if the OTP is required for the authentication", 1691 | "providerId": "basic-flow", 1692 | "topLevel": false, 1693 | "builtIn": true, 1694 | "authenticationExecutions": [ 1695 | { 1696 | "authenticator": "conditional-user-configured", 1697 | "requirement": "REQUIRED", 1698 | "priority": 10, 1699 | "userSetupAllowed": false, 1700 | "autheticatorFlow": false 1701 | }, 1702 | { 1703 | "authenticator": "auth-otp-form", 1704 | "requirement": "REQUIRED", 1705 | "priority": 20, 1706 | "userSetupAllowed": false, 1707 | "autheticatorFlow": false 1708 | } 1709 | ] 1710 | }, 1711 | { 1712 | "id": "a38ba67b-6be8-493f-b501-ca7c8aff6815", 1713 | "alias": "Handle Existing Account", 1714 | "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", 1715 | "providerId": "basic-flow", 1716 | "topLevel": false, 1717 | "builtIn": true, 1718 | "authenticationExecutions": [ 1719 | { 1720 | "authenticator": "idp-confirm-link", 1721 | "requirement": "REQUIRED", 1722 | "priority": 10, 1723 | "userSetupAllowed": false, 1724 | "autheticatorFlow": false 1725 | }, 1726 | { 1727 | "requirement": "REQUIRED", 1728 | "priority": 20, 1729 | "flowAlias": "Account verification options", 1730 | "userSetupAllowed": false, 1731 | "autheticatorFlow": true 1732 | } 1733 | ] 1734 | }, 1735 | { 1736 | "id": "be3bacf9-3247-4afa-a5ba-b6fb1e51cf3c", 1737 | "alias": "Reset - Conditional OTP", 1738 | "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", 1739 | "providerId": "basic-flow", 1740 | "topLevel": false, 1741 | "builtIn": true, 1742 | "authenticationExecutions": [ 1743 | { 1744 | "authenticator": "conditional-user-configured", 1745 | "requirement": "REQUIRED", 1746 | "priority": 10, 1747 | "userSetupAllowed": false, 1748 | "autheticatorFlow": false 1749 | }, 1750 | { 1751 | "authenticator": "reset-otp", 1752 | "requirement": "REQUIRED", 1753 | "priority": 20, 1754 | "userSetupAllowed": false, 1755 | "autheticatorFlow": false 1756 | } 1757 | ] 1758 | }, 1759 | { 1760 | "id": "35abd197-e6b6-48cf-95d9-296acf4e5d7b", 1761 | "alias": "User creation or linking", 1762 | "description": "Flow for the existing/non-existing user alternatives", 1763 | "providerId": "basic-flow", 1764 | "topLevel": false, 1765 | "builtIn": true, 1766 | "authenticationExecutions": [ 1767 | { 1768 | "authenticatorConfig": "create unique user config", 1769 | "authenticator": "idp-create-user-if-unique", 1770 | "requirement": "ALTERNATIVE", 1771 | "priority": 10, 1772 | "userSetupAllowed": false, 1773 | "autheticatorFlow": false 1774 | }, 1775 | { 1776 | "requirement": "ALTERNATIVE", 1777 | "priority": 20, 1778 | "flowAlias": "Handle Existing Account", 1779 | "userSetupAllowed": false, 1780 | "autheticatorFlow": true 1781 | } 1782 | ] 1783 | }, 1784 | { 1785 | "id": "6cd505f4-de27-4fa2-b3dc-e04b1e26aec8", 1786 | "alias": "Verify Existing Account by Re-authentication", 1787 | "description": "Reauthentication of existing account", 1788 | "providerId": "basic-flow", 1789 | "topLevel": false, 1790 | "builtIn": true, 1791 | "authenticationExecutions": [ 1792 | { 1793 | "authenticator": "idp-username-password-form", 1794 | "requirement": "REQUIRED", 1795 | "priority": 10, 1796 | "userSetupAllowed": false, 1797 | "autheticatorFlow": false 1798 | }, 1799 | { 1800 | "requirement": "CONDITIONAL", 1801 | "priority": 20, 1802 | "flowAlias": "First broker login - Conditional OTP", 1803 | "userSetupAllowed": false, 1804 | "autheticatorFlow": true 1805 | } 1806 | ] 1807 | }, 1808 | { 1809 | "id": "c1e99675-dd38-4e26-b9a2-cde490dd68d2", 1810 | "alias": "browser", 1811 | "description": "browser based authentication", 1812 | "providerId": "basic-flow", 1813 | "topLevel": true, 1814 | "builtIn": true, 1815 | "authenticationExecutions": [ 1816 | { 1817 | "authenticator": "auth-cookie", 1818 | "requirement": "ALTERNATIVE", 1819 | "priority": 10, 1820 | "userSetupAllowed": false, 1821 | "autheticatorFlow": false 1822 | }, 1823 | { 1824 | "authenticator": "auth-spnego", 1825 | "requirement": "DISABLED", 1826 | "priority": 20, 1827 | "userSetupAllowed": false, 1828 | "autheticatorFlow": false 1829 | }, 1830 | { 1831 | "authenticator": "identity-provider-redirector", 1832 | "requirement": "ALTERNATIVE", 1833 | "priority": 25, 1834 | "userSetupAllowed": false, 1835 | "autheticatorFlow": false 1836 | }, 1837 | { 1838 | "requirement": "ALTERNATIVE", 1839 | "priority": 30, 1840 | "flowAlias": "forms", 1841 | "userSetupAllowed": false, 1842 | "autheticatorFlow": true 1843 | } 1844 | ] 1845 | }, 1846 | { 1847 | "id": "88302753-e69b-45c0-b763-60969f97a8ee", 1848 | "alias": "clients", 1849 | "description": "Base authentication for clients", 1850 | "providerId": "client-flow", 1851 | "topLevel": true, 1852 | "builtIn": true, 1853 | "authenticationExecutions": [ 1854 | { 1855 | "authenticator": "client-secret", 1856 | "requirement": "ALTERNATIVE", 1857 | "priority": 10, 1858 | "userSetupAllowed": false, 1859 | "autheticatorFlow": false 1860 | }, 1861 | { 1862 | "authenticator": "client-jwt", 1863 | "requirement": "ALTERNATIVE", 1864 | "priority": 20, 1865 | "userSetupAllowed": false, 1866 | "autheticatorFlow": false 1867 | }, 1868 | { 1869 | "authenticator": "client-secret-jwt", 1870 | "requirement": "ALTERNATIVE", 1871 | "priority": 30, 1872 | "userSetupAllowed": false, 1873 | "autheticatorFlow": false 1874 | }, 1875 | { 1876 | "authenticator": "client-x509", 1877 | "requirement": "ALTERNATIVE", 1878 | "priority": 40, 1879 | "userSetupAllowed": false, 1880 | "autheticatorFlow": false 1881 | } 1882 | ] 1883 | }, 1884 | { 1885 | "id": "106fc2cd-a974-4cb4-9172-3946f7013bd7", 1886 | "alias": "direct grant", 1887 | "description": "OpenID Connect Resource Owner Grant", 1888 | "providerId": "basic-flow", 1889 | "topLevel": true, 1890 | "builtIn": true, 1891 | "authenticationExecutions": [ 1892 | { 1893 | "authenticator": "direct-grant-validate-username", 1894 | "requirement": "REQUIRED", 1895 | "priority": 10, 1896 | "userSetupAllowed": false, 1897 | "autheticatorFlow": false 1898 | }, 1899 | { 1900 | "authenticator": "direct-grant-validate-password", 1901 | "requirement": "REQUIRED", 1902 | "priority": 20, 1903 | "userSetupAllowed": false, 1904 | "autheticatorFlow": false 1905 | }, 1906 | { 1907 | "requirement": "CONDITIONAL", 1908 | "priority": 30, 1909 | "flowAlias": "Direct Grant - Conditional OTP", 1910 | "userSetupAllowed": false, 1911 | "autheticatorFlow": true 1912 | } 1913 | ] 1914 | }, 1915 | { 1916 | "id": "b2d6fee7-440e-49f0-8d6a-a826c97a5075", 1917 | "alias": "docker auth", 1918 | "description": "Used by Docker clients to authenticate against the IDP", 1919 | "providerId": "basic-flow", 1920 | "topLevel": true, 1921 | "builtIn": true, 1922 | "authenticationExecutions": [ 1923 | { 1924 | "authenticator": "docker-http-basic-authenticator", 1925 | "requirement": "REQUIRED", 1926 | "priority": 10, 1927 | "userSetupAllowed": false, 1928 | "autheticatorFlow": false 1929 | } 1930 | ] 1931 | }, 1932 | { 1933 | "id": "abea1573-bcdc-4a13-913b-4e54804d079a", 1934 | "alias": "first broker login", 1935 | "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", 1936 | "providerId": "basic-flow", 1937 | "topLevel": true, 1938 | "builtIn": true, 1939 | "authenticationExecutions": [ 1940 | { 1941 | "authenticatorConfig": "review profile config", 1942 | "authenticator": "idp-review-profile", 1943 | "requirement": "REQUIRED", 1944 | "priority": 10, 1945 | "userSetupAllowed": false, 1946 | "autheticatorFlow": false 1947 | }, 1948 | { 1949 | "requirement": "REQUIRED", 1950 | "priority": 20, 1951 | "flowAlias": "User creation or linking", 1952 | "userSetupAllowed": false, 1953 | "autheticatorFlow": true 1954 | } 1955 | ] 1956 | }, 1957 | { 1958 | "id": "db075537-c5d0-4c20-9078-ee396d5159dc", 1959 | "alias": "forms", 1960 | "description": "Username, password, otp and other auth forms.", 1961 | "providerId": "basic-flow", 1962 | "topLevel": false, 1963 | "builtIn": true, 1964 | "authenticationExecutions": [ 1965 | { 1966 | "authenticator": "auth-username-password-form", 1967 | "requirement": "REQUIRED", 1968 | "priority": 10, 1969 | "userSetupAllowed": false, 1970 | "autheticatorFlow": false 1971 | }, 1972 | { 1973 | "requirement": "CONDITIONAL", 1974 | "priority": 20, 1975 | "flowAlias": "Browser - Conditional OTP", 1976 | "userSetupAllowed": false, 1977 | "autheticatorFlow": true 1978 | } 1979 | ] 1980 | }, 1981 | { 1982 | "id": "822c31f4-c00d-4be9-84df-5cd033ade27f", 1983 | "alias": "http challenge", 1984 | "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", 1985 | "providerId": "basic-flow", 1986 | "topLevel": true, 1987 | "builtIn": true, 1988 | "authenticationExecutions": [ 1989 | { 1990 | "authenticator": "no-cookie-redirect", 1991 | "requirement": "REQUIRED", 1992 | "priority": 10, 1993 | "userSetupAllowed": false, 1994 | "autheticatorFlow": false 1995 | }, 1996 | { 1997 | "requirement": "REQUIRED", 1998 | "priority": 20, 1999 | "flowAlias": "Authentication Options", 2000 | "userSetupAllowed": false, 2001 | "autheticatorFlow": true 2002 | } 2003 | ] 2004 | }, 2005 | { 2006 | "id": "96d67e92-28d6-45b5-94ee-2fbfa2f1e974", 2007 | "alias": "registration", 2008 | "description": "registration flow", 2009 | "providerId": "basic-flow", 2010 | "topLevel": true, 2011 | "builtIn": true, 2012 | "authenticationExecutions": [ 2013 | { 2014 | "authenticator": "registration-page-form", 2015 | "requirement": "REQUIRED", 2016 | "priority": 10, 2017 | "flowAlias": "registration form", 2018 | "userSetupAllowed": false, 2019 | "autheticatorFlow": true 2020 | } 2021 | ] 2022 | }, 2023 | { 2024 | "id": "9b1c6ea0-8534-440d-b012-816469034c38", 2025 | "alias": "registration form", 2026 | "description": "registration form", 2027 | "providerId": "form-flow", 2028 | "topLevel": false, 2029 | "builtIn": true, 2030 | "authenticationExecutions": [ 2031 | { 2032 | "authenticator": "registration-user-creation", 2033 | "requirement": "REQUIRED", 2034 | "priority": 20, 2035 | "userSetupAllowed": false, 2036 | "autheticatorFlow": false 2037 | }, 2038 | { 2039 | "authenticator": "registration-profile-action", 2040 | "requirement": "REQUIRED", 2041 | "priority": 40, 2042 | "userSetupAllowed": false, 2043 | "autheticatorFlow": false 2044 | }, 2045 | { 2046 | "authenticator": "registration-password-action", 2047 | "requirement": "REQUIRED", 2048 | "priority": 50, 2049 | "userSetupAllowed": false, 2050 | "autheticatorFlow": false 2051 | }, 2052 | { 2053 | "authenticator": "registration-recaptcha-action", 2054 | "requirement": "DISABLED", 2055 | "priority": 60, 2056 | "userSetupAllowed": false, 2057 | "autheticatorFlow": false 2058 | } 2059 | ] 2060 | }, 2061 | { 2062 | "id": "11b8da85-88e1-4fd4-b983-8e99e9564d93", 2063 | "alias": "reset credentials", 2064 | "description": "Reset credentials for a user if they forgot their password or something", 2065 | "providerId": "basic-flow", 2066 | "topLevel": true, 2067 | "builtIn": true, 2068 | "authenticationExecutions": [ 2069 | { 2070 | "authenticator": "reset-credentials-choose-user", 2071 | "requirement": "REQUIRED", 2072 | "priority": 10, 2073 | "userSetupAllowed": false, 2074 | "autheticatorFlow": false 2075 | }, 2076 | { 2077 | "authenticator": "reset-credential-email", 2078 | "requirement": "REQUIRED", 2079 | "priority": 20, 2080 | "userSetupAllowed": false, 2081 | "autheticatorFlow": false 2082 | }, 2083 | { 2084 | "authenticator": "reset-password", 2085 | "requirement": "REQUIRED", 2086 | "priority": 30, 2087 | "userSetupAllowed": false, 2088 | "autheticatorFlow": false 2089 | }, 2090 | { 2091 | "requirement": "CONDITIONAL", 2092 | "priority": 40, 2093 | "flowAlias": "Reset - Conditional OTP", 2094 | "userSetupAllowed": false, 2095 | "autheticatorFlow": true 2096 | } 2097 | ] 2098 | }, 2099 | { 2100 | "id": "c36bdc20-dfaa-4f37-87be-fcdf997e3635", 2101 | "alias": "saml ecp", 2102 | "description": "SAML ECP Profile Authentication Flow", 2103 | "providerId": "basic-flow", 2104 | "topLevel": true, 2105 | "builtIn": true, 2106 | "authenticationExecutions": [ 2107 | { 2108 | "authenticator": "http-basic-authenticator", 2109 | "requirement": "REQUIRED", 2110 | "priority": 10, 2111 | "userSetupAllowed": false, 2112 | "autheticatorFlow": false 2113 | } 2114 | ] 2115 | } 2116 | ], 2117 | "authenticatorConfig": [ 2118 | { 2119 | "id": "85eeac77-e753-4c11-9367-2d36449ce555", 2120 | "alias": "create unique user config", 2121 | "config": { 2122 | "require.password.update.after.registration": "false" 2123 | } 2124 | }, 2125 | { 2126 | "id": "be96d1db-9bb8-4822-8259-3642748b7264", 2127 | "alias": "review profile config", 2128 | "config": { 2129 | "update.profile.on.first.login": "missing" 2130 | } 2131 | } 2132 | ], 2133 | "requiredActions": [ 2134 | { 2135 | "alias": "CONFIGURE_TOTP", 2136 | "name": "Configure OTP", 2137 | "providerId": "CONFIGURE_TOTP", 2138 | "enabled": true, 2139 | "defaultAction": false, 2140 | "priority": 10, 2141 | "config": {} 2142 | }, 2143 | { 2144 | "alias": "terms_and_conditions", 2145 | "name": "Terms and Conditions", 2146 | "providerId": "terms_and_conditions", 2147 | "enabled": false, 2148 | "defaultAction": false, 2149 | "priority": 20, 2150 | "config": {} 2151 | }, 2152 | { 2153 | "alias": "UPDATE_PASSWORD", 2154 | "name": "Update Password", 2155 | "providerId": "UPDATE_PASSWORD", 2156 | "enabled": true, 2157 | "defaultAction": false, 2158 | "priority": 30, 2159 | "config": {} 2160 | }, 2161 | { 2162 | "alias": "UPDATE_PROFILE", 2163 | "name": "Update Profile", 2164 | "providerId": "UPDATE_PROFILE", 2165 | "enabled": true, 2166 | "defaultAction": false, 2167 | "priority": 40, 2168 | "config": {} 2169 | }, 2170 | { 2171 | "alias": "VERIFY_EMAIL", 2172 | "name": "Verify Email", 2173 | "providerId": "VERIFY_EMAIL", 2174 | "enabled": true, 2175 | "defaultAction": false, 2176 | "priority": 50, 2177 | "config": {} 2178 | }, 2179 | { 2180 | "alias": "update_user_locale", 2181 | "name": "Update User Locale", 2182 | "providerId": "update_user_locale", 2183 | "enabled": true, 2184 | "defaultAction": false, 2185 | "priority": 1000, 2186 | "config": {} 2187 | } 2188 | ], 2189 | "browserFlow": "browser", 2190 | "registrationFlow": "registration", 2191 | "directGrantFlow": "direct grant", 2192 | "resetCredentialsFlow": "reset credentials", 2193 | "clientAuthenticationFlow": "clients", 2194 | "dockerAuthenticationFlow": "docker auth", 2195 | "attributes": { 2196 | "clientOfflineSessionMaxLifespan": "0", 2197 | "clientSessionIdleTimeout": "0", 2198 | "clientSessionMaxLifespan": "0", 2199 | "clientOfflineSessionIdleTimeout": "0" 2200 | }, 2201 | "keycloakVersion": "11.0.3", 2202 | "userManagedAccessAllowed": false 2203 | } 2204 | --------------------------------------------------------------------------------