├── LICENSE ├── README.md ├── app1 ├── .DS_Store ├── app.js ├── index.html ├── keycloak.json ├── me.html └── silent-check-sso.html ├── app2 ├── .DS_Store ├── app.js ├── index.html └── me.html ├── data └── realm-export.json ├── docker-compose.yml ├── img ├── 1.png ├── 2.png ├── screen1.png ├── screen2.png ├── screen3.png ├── screen4.png └── screen5.png └── run.sh /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2017 Xun Zhou 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | SSO Keycloak POC 2 | ===================== 3 | 4 | This `SSO Demo` uses four container instances: 5 | - keycloak: the OAuth2(OpenID connection) server instance 6 | - db: the mysql server instance for keycloak backend 7 | - app1: simple php web app 8 | - app2: simple php web app 9 | 10 | 11 | ## Pre Install 12 | Be sure that the `docker engine` & `docker-compose` are installed. 13 | 14 | - Install docker engine: https://docs.docker.com/engine/installation/ 15 | - Install docker-compose: https://docs.docker.com/compose/install/ 16 | 17 | --- 18 | 19 | ## Config the `keycloak` server 20 | - import the project config 21 | - add the test user for SSO 22 | - add the password to the test user 23 | 24 | Tutorial on youtube: 25 | 26 | 27 | 28 | 29 | 30 | ## Demostrate the web apps with `sso` 31 | 32 | Tutorial on youtube : 33 | 34 | 35 | 36 | 37 | 38 | 39 | ## Start and clean up 40 | start the container instanc 41 | ```bash 42 | # start the containers 43 | bash run.sh start 44 | 45 | # stop the containers 46 | bash run.sh stop 47 | 48 | # clean up the containers 49 | bash run.sh clean 50 | ``` 51 | 52 | ### Urls 53 | Open the admin console and the apps on the following URLs 54 | ```bash 55 | # Keycloak admin console 56 | http://localhost:8080/auth 57 | 58 | # Web-app-1 59 | http://localhost:8091/ 60 | 61 | # Web-app-2 62 | http://localhost:8092/ 63 | ``` 64 | 65 | ### Keycloak Admin Login 66 | ```bash 67 | user: admin 68 | password: admin 69 | ``` 70 | 71 | ### Screenshots 72 | 73 | 74 | 75 | 76 | 77 | -------------------------------------------------------------------------------- /app1/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vikbert/docker-keycloak-sso/66a5015eeeb4c7c56b58d52edaa5682ceed1d0d2/app1/.DS_Store -------------------------------------------------------------------------------- /app1/app.js: -------------------------------------------------------------------------------- 1 | let keycloakConfig = { 2 | "realm": "myrealm", 3 | "auth-server-url": "http://127.0.0.1:8080/auth", 4 | "ssl-required": "external", 5 | "resource": "web-app1", 6 | "credentials": { 7 | "secret": "90d014fa-89bf-45b5-ab87-bcd8a9028c7f" 8 | }, 9 | "confidential-port": 0, 10 | "enable-cors": true, 11 | "clientId": "web-app1" 12 | }; 13 | window.keycloak = new Keycloak(keycloakConfig); 14 | -------------------------------------------------------------------------------- /app1/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | web-app-1: Home 9 | 10 | 11 |

Web App 1

12 | 25 | 58 | 59 | 60 | -------------------------------------------------------------------------------- /app1/keycloak.json: -------------------------------------------------------------------------------- 1 | { 2 | "realm": "myrealm", 3 | "auth-server-url": "http://localhost:8080/auth/", 4 | "ssl-required": "external", 5 | "resource": "web-app1", 6 | "credentials": { 7 | "secret": "21b21c80-afd3-4d0b-9454-c13e631e8a02" 8 | }, 9 | "confidential-port": 0, 10 | "enable-cors": true, 11 | "clientid": "web-app1" 12 | } 13 | -------------------------------------------------------------------------------- /app1/me.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | web-app-1: user profile 6 | 7 | 8 | 9 | 10 | 11 |

web-app-1: User Info

12 |
13 | 46 | 47 | 48 | -------------------------------------------------------------------------------- /app1/silent-check-sso.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /app2/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vikbert/docker-keycloak-sso/66a5015eeeb4c7c56b58d52edaa5682ceed1d0d2/app2/.DS_Store -------------------------------------------------------------------------------- /app2/app.js: -------------------------------------------------------------------------------- 1 | let keycloakConfig = { 2 | "realm": "myrealm", 3 | "auth-server-url": "http://127.0.0.1:8080/auth", 4 | "ssl-required": "external", 5 | "resource": "web-app2", 6 | "credentials": { 7 | "secret": "90d014fa-89bf-45b5-ab87-bcd8a9028c7f" 8 | }, 9 | "confidential-port": 0, 10 | "enable-cors": true, 11 | "clientId": "web-app2" 12 | }; 13 | window.keycloak = new Keycloak(keycloakConfig); 14 | -------------------------------------------------------------------------------- /app2/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | web-app-2: Home 9 | 10 | 11 |

Web App 2

12 | 25 | 58 | 59 | 60 | -------------------------------------------------------------------------------- /app2/me.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | web-app-2: user profile 7 | 8 | 9 | 10 | 11 | 12 |

web-app-2: User Info

13 |
14 | 47 | 48 | 49 | -------------------------------------------------------------------------------- /data/realm-export.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "myrealm", 3 | "realm": "myrealm", 4 | "displayName": "myrealm", 5 | "notBefore": 0, 6 | "revokeRefreshToken": false, 7 | "refreshTokenMaxReuse": 0, 8 | "accessTokenLifespan": 300, 9 | "accessTokenLifespanForImplicitFlow": 900, 10 | "ssoSessionIdleTimeout": 1800, 11 | "ssoSessionMaxLifespan": 36000, 12 | "ssoSessionIdleTimeoutRememberMe": 0, 13 | "ssoSessionMaxLifespanRememberMe": 0, 14 | "offlineSessionIdleTimeout": 2592000, 15 | "offlineSessionMaxLifespanEnabled": false, 16 | "offlineSessionMaxLifespan": 5184000, 17 | "clientSessionIdleTimeout": 0, 18 | "clientSessionMaxLifespan": 0, 19 | "clientOfflineSessionIdleTimeout": 0, 20 | "clientOfflineSessionMaxLifespan": 0, 21 | "accessCodeLifespan": 60, 22 | "accessCodeLifespanUserAction": 300, 23 | "accessCodeLifespanLogin": 1800, 24 | "actionTokenGeneratedByAdminLifespan": 43200, 25 | "actionTokenGeneratedByUserLifespan": 300, 26 | "enabled": true, 27 | "sslRequired": "external", 28 | "registrationAllowed": false, 29 | "registrationEmailAsUsername": false, 30 | "rememberMe": false, 31 | "verifyEmail": false, 32 | "loginWithEmailAllowed": true, 33 | "duplicateEmailsAllowed": false, 34 | "resetPasswordAllowed": false, 35 | "editUsernameAllowed": false, 36 | "bruteForceProtected": false, 37 | "permanentLockout": false, 38 | "maxFailureWaitSeconds": 900, 39 | "minimumQuickLoginWaitSeconds": 60, 40 | "waitIncrementSeconds": 60, 41 | "quickLoginCheckMilliSeconds": 1000, 42 | "maxDeltaTimeSeconds": 43200, 43 | "failureFactor": 30, 44 | "roles": { 45 | "realm": [ 46 | { 47 | "id": "4b2e3fec-efea-4872-b477-9f378cbbff94", 48 | "name": "offline_access", 49 | "description": "${role_offline-access}", 50 | "composite": false, 51 | "clientRole": false, 52 | "containerId": "myrealm", 53 | "attributes": {} 54 | }, 55 | { 56 | "id": "c549ae8e-412c-49e3-9f88-d4ce35006689", 57 | "name": "uma_authorization", 58 | "description": "${role_uma_authorization}", 59 | "composite": false, 60 | "clientRole": false, 61 | "containerId": "myrealm", 62 | "attributes": {} 63 | } 64 | ], 65 | "client": { 66 | "realm-management": [ 67 | { 68 | "id": "fcf9c3eb-a425-4e75-8a00-1c80638cd078", 69 | "name": "query-groups", 70 | "description": "${role_query-groups}", 71 | "composite": false, 72 | "clientRole": true, 73 | "containerId": "91fed861-c98d-4936-96e2-66cd1894657d", 74 | "attributes": {} 75 | }, 76 | { 77 | "id": "baa3076e-c8b6-4f22-bc78-3a65b184b799", 78 | "name": "manage-realm", 79 | "description": "${role_manage-realm}", 80 | "composite": false, 81 | "clientRole": true, 82 | "containerId": "91fed861-c98d-4936-96e2-66cd1894657d", 83 | "attributes": {} 84 | }, 85 | { 86 | "id": "9e5e6075-a0ec-43e9-9678-d2fa4cec789b", 87 | "name": "view-identity-providers", 88 | "description": "${role_view-identity-providers}", 89 | "composite": false, 90 | "clientRole": true, 91 | "containerId": "91fed861-c98d-4936-96e2-66cd1894657d", 92 | "attributes": {} 93 | }, 94 | { 95 | "id": "c1566b57-b59a-451e-aa9e-d589b563ee87", 96 | "name": "view-users", 97 | "description": "${role_view-users}", 98 | "composite": true, 99 | "composites": { 100 | "client": { 101 | "realm-management": [ 102 | "query-groups", 103 | "query-users" 104 | ] 105 | } 106 | }, 107 | "clientRole": true, 108 | "containerId": "91fed861-c98d-4936-96e2-66cd1894657d", 109 | "attributes": {} 110 | }, 111 | { 112 | "id": "7117ba97-4028-44e8-b692-73225121f687", 113 | "name": "manage-authorization", 114 | "description": "${role_manage-authorization}", 115 | "composite": false, 116 | "clientRole": true, 117 | "containerId": "91fed861-c98d-4936-96e2-66cd1894657d", 118 | "attributes": {} 119 | }, 120 | { 121 | "id": "2f431fb1-287b-4554-a1cc-4114463b6d68", 122 | "name": "query-users", 123 | "description": "${role_query-users}", 124 | "composite": false, 125 | "clientRole": true, 126 | "containerId": "91fed861-c98d-4936-96e2-66cd1894657d", 127 | "attributes": {} 128 | }, 129 | { 130 | "id": "c15ea52d-9b2a-4184-a588-147cc75adeaf", 131 | "name": "view-events", 132 | "description": "${role_view-events}", 133 | "composite": false, 134 | "clientRole": true, 135 | "containerId": "91fed861-c98d-4936-96e2-66cd1894657d", 136 | "attributes": {} 137 | }, 138 | { 139 | "id": "7dd75f95-8207-48d1-8dfe-789d1748d16f", 140 | "name": "manage-events", 141 | "description": "${role_manage-events}", 142 | "composite": false, 143 | "clientRole": true, 144 | "containerId": "91fed861-c98d-4936-96e2-66cd1894657d", 145 | "attributes": {} 146 | }, 147 | { 148 | "id": "b951faee-5021-4c99-81e1-177812c3a83d", 149 | "name": "manage-identity-providers", 150 | "description": "${role_manage-identity-providers}", 151 | "composite": false, 152 | "clientRole": true, 153 | "containerId": "91fed861-c98d-4936-96e2-66cd1894657d", 154 | "attributes": {} 155 | }, 156 | { 157 | "id": "265213d4-5b05-4e25-befc-0e2ee627b51e", 158 | "name": "create-client", 159 | "description": "${role_create-client}", 160 | "composite": false, 161 | "clientRole": true, 162 | "containerId": "91fed861-c98d-4936-96e2-66cd1894657d", 163 | "attributes": {} 164 | }, 165 | { 166 | "id": "f2346a06-8179-4c2e-95c5-7286d10f1188", 167 | "name": "view-clients", 168 | "description": "${role_view-clients}", 169 | "composite": true, 170 | "composites": { 171 | "client": { 172 | "realm-management": [ 173 | "query-clients" 174 | ] 175 | } 176 | }, 177 | "clientRole": true, 178 | "containerId": "91fed861-c98d-4936-96e2-66cd1894657d", 179 | "attributes": {} 180 | }, 181 | { 182 | "id": "7c2fd665-9141-4104-bae3-51e8f8ca0a5f", 183 | "name": "view-authorization", 184 | "description": "${role_view-authorization}", 185 | "composite": false, 186 | "clientRole": true, 187 | "containerId": "91fed861-c98d-4936-96e2-66cd1894657d", 188 | "attributes": {} 189 | }, 190 | { 191 | "id": "62b016e2-fca0-4f0f-8a67-0a62b865758b", 192 | "name": "view-realm", 193 | "description": "${role_view-realm}", 194 | "composite": false, 195 | "clientRole": true, 196 | "containerId": "91fed861-c98d-4936-96e2-66cd1894657d", 197 | "attributes": {} 198 | }, 199 | { 200 | "id": "92ad08ca-6ebf-44bb-968d-33256b8af639", 201 | "name": "realm-admin", 202 | "description": "${role_realm-admin}", 203 | "composite": true, 204 | "composites": { 205 | "client": { 206 | "realm-management": [ 207 | "query-groups", 208 | "manage-realm", 209 | "view-identity-providers", 210 | "view-users", 211 | "query-users", 212 | "manage-authorization", 213 | "view-events", 214 | "manage-events", 215 | "manage-identity-providers", 216 | "create-client", 217 | "view-clients", 218 | "view-realm", 219 | "view-authorization", 220 | "manage-users", 221 | "query-realms", 222 | "impersonation", 223 | "query-clients", 224 | "manage-clients" 225 | ] 226 | } 227 | }, 228 | "clientRole": true, 229 | "containerId": "91fed861-c98d-4936-96e2-66cd1894657d", 230 | "attributes": {} 231 | }, 232 | { 233 | "id": "774797ac-360a-4d65-8125-545c8233c69a", 234 | "name": "manage-users", 235 | "description": "${role_manage-users}", 236 | "composite": false, 237 | "clientRole": true, 238 | "containerId": "91fed861-c98d-4936-96e2-66cd1894657d", 239 | "attributes": {} 240 | }, 241 | { 242 | "id": "e842fd13-3711-4158-8089-d9e9a9ba4b77", 243 | "name": "query-realms", 244 | "description": "${role_query-realms}", 245 | "composite": false, 246 | "clientRole": true, 247 | "containerId": "91fed861-c98d-4936-96e2-66cd1894657d", 248 | "attributes": {} 249 | }, 250 | { 251 | "id": "90e1b1f0-e9df-4885-a733-88c416220909", 252 | "name": "impersonation", 253 | "description": "${role_impersonation}", 254 | "composite": false, 255 | "clientRole": true, 256 | "containerId": "91fed861-c98d-4936-96e2-66cd1894657d", 257 | "attributes": {} 258 | }, 259 | { 260 | "id": "bd63fa10-9c94-49db-9eea-b0eddc77c133", 261 | "name": "query-clients", 262 | "description": "${role_query-clients}", 263 | "composite": false, 264 | "clientRole": true, 265 | "containerId": "91fed861-c98d-4936-96e2-66cd1894657d", 266 | "attributes": {} 267 | }, 268 | { 269 | "id": "93dfd299-4f7a-409e-b568-b7a09d90a221", 270 | "name": "manage-clients", 271 | "description": "${role_manage-clients}", 272 | "composite": false, 273 | "clientRole": true, 274 | "containerId": "91fed861-c98d-4936-96e2-66cd1894657d", 275 | "attributes": {} 276 | } 277 | ], 278 | "security-admin-console": [], 279 | "admin-cli": [], 280 | "account-console": [], 281 | "broker": [ 282 | { 283 | "id": "6fb4ec6f-78a6-493f-8e29-504269b8d0b0", 284 | "name": "read-token", 285 | "description": "${role_read-token}", 286 | "composite": false, 287 | "clientRole": true, 288 | "containerId": "5eba65fa-9151-40e6-8d3e-1225f0ee9f69", 289 | "attributes": {} 290 | } 291 | ], 292 | "web-app1": [], 293 | "account": [ 294 | { 295 | "id": "23e856b7-efd2-43ed-915a-e3081d40e45b", 296 | "name": "view-applications", 297 | "description": "${role_view-applications}", 298 | "composite": false, 299 | "clientRole": true, 300 | "containerId": "27cb7244-eaed-4d29-b32c-4e3da6c11218", 301 | "attributes": {} 302 | }, 303 | { 304 | "id": "b1448063-32cb-43a2-aa13-ac9df35061a8", 305 | "name": "view-profile", 306 | "description": "${role_view-profile}", 307 | "composite": false, 308 | "clientRole": true, 309 | "containerId": "27cb7244-eaed-4d29-b32c-4e3da6c11218", 310 | "attributes": {} 311 | }, 312 | { 313 | "id": "ae3eb29e-4826-4a42-83f0-e7e019fc6a23", 314 | "name": "delete-account", 315 | "description": "${role_delete-account}", 316 | "composite": false, 317 | "clientRole": true, 318 | "containerId": "27cb7244-eaed-4d29-b32c-4e3da6c11218", 319 | "attributes": {} 320 | }, 321 | { 322 | "id": "d1d86270-c7b2-4570-8f45-2f315fe2f95e", 323 | "name": "manage-account", 324 | "description": "${role_manage-account}", 325 | "composite": true, 326 | "composites": { 327 | "client": { 328 | "account": [ 329 | "manage-account-links" 330 | ] 331 | } 332 | }, 333 | "clientRole": true, 334 | "containerId": "27cb7244-eaed-4d29-b32c-4e3da6c11218", 335 | "attributes": {} 336 | }, 337 | { 338 | "id": "16f5b669-7a3a-4b6e-9f9a-117690d07db0", 339 | "name": "manage-consent", 340 | "description": "${role_manage-consent}", 341 | "composite": true, 342 | "composites": { 343 | "client": { 344 | "account": [ 345 | "view-consent" 346 | ] 347 | } 348 | }, 349 | "clientRole": true, 350 | "containerId": "27cb7244-eaed-4d29-b32c-4e3da6c11218", 351 | "attributes": {} 352 | }, 353 | { 354 | "id": "ba3255d4-1bbd-4224-8421-3261d19a603b", 355 | "name": "manage-account-links", 356 | "description": "${role_manage-account-links}", 357 | "composite": false, 358 | "clientRole": true, 359 | "containerId": "27cb7244-eaed-4d29-b32c-4e3da6c11218", 360 | "attributes": {} 361 | }, 362 | { 363 | "id": "d26f6177-84e9-449a-9438-e2d8ffc5b023", 364 | "name": "view-consent", 365 | "description": "${role_view-consent}", 366 | "composite": false, 367 | "clientRole": true, 368 | "containerId": "27cb7244-eaed-4d29-b32c-4e3da6c11218", 369 | "attributes": {} 370 | } 371 | ], 372 | "web-app2": [] 373 | } 374 | }, 375 | "groups": [], 376 | "defaultRoles": [ 377 | "offline_access", 378 | "uma_authorization" 379 | ], 380 | "requiredCredentials": [ 381 | "password" 382 | ], 383 | "otpPolicyType": "totp", 384 | "otpPolicyAlgorithm": "HmacSHA1", 385 | "otpPolicyInitialCounter": 0, 386 | "otpPolicyDigits": 6, 387 | "otpPolicyLookAheadWindow": 1, 388 | "otpPolicyPeriod": 30, 389 | "otpSupportedApplications": [ 390 | "FreeOTP", 391 | "Google Authenticator" 392 | ], 393 | "webAuthnPolicyRpEntityName": "keycloak", 394 | "webAuthnPolicySignatureAlgorithms": [ 395 | "ES256" 396 | ], 397 | "webAuthnPolicyRpId": "", 398 | "webAuthnPolicyAttestationConveyancePreference": "not specified", 399 | "webAuthnPolicyAuthenticatorAttachment": "not specified", 400 | "webAuthnPolicyRequireResidentKey": "not specified", 401 | "webAuthnPolicyUserVerificationRequirement": "not specified", 402 | "webAuthnPolicyCreateTimeout": 0, 403 | "webAuthnPolicyAvoidSameAuthenticatorRegister": false, 404 | "webAuthnPolicyAcceptableAaguids": [], 405 | "webAuthnPolicyPasswordlessRpEntityName": "keycloak", 406 | "webAuthnPolicyPasswordlessSignatureAlgorithms": [ 407 | "ES256" 408 | ], 409 | "webAuthnPolicyPasswordlessRpId": "", 410 | "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", 411 | "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", 412 | "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", 413 | "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", 414 | "webAuthnPolicyPasswordlessCreateTimeout": 0, 415 | "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, 416 | "webAuthnPolicyPasswordlessAcceptableAaguids": [], 417 | "scopeMappings": [ 418 | { 419 | "clientScope": "offline_access", 420 | "roles": [ 421 | "offline_access" 422 | ] 423 | } 424 | ], 425 | "clientScopeMappings": { 426 | "account": [ 427 | { 428 | "client": "account-console", 429 | "roles": [ 430 | "manage-account" 431 | ] 432 | } 433 | ] 434 | }, 435 | "clients": [ 436 | { 437 | "id": "27cb7244-eaed-4d29-b32c-4e3da6c11218", 438 | "clientId": "account", 439 | "name": "${client_account}", 440 | "rootUrl": "${authBaseUrl}", 441 | "baseUrl": "/realms/myrealm/account/", 442 | "surrogateAuthRequired": false, 443 | "enabled": true, 444 | "alwaysDisplayInConsole": false, 445 | "clientAuthenticatorType": "client-secret", 446 | "secret": "**********", 447 | "defaultRoles": [ 448 | "view-profile", 449 | "manage-account" 450 | ], 451 | "redirectUris": [ 452 | "/realms/myrealm/account/*" 453 | ], 454 | "webOrigins": [], 455 | "notBefore": 0, 456 | "bearerOnly": false, 457 | "consentRequired": false, 458 | "standardFlowEnabled": true, 459 | "implicitFlowEnabled": false, 460 | "directAccessGrantsEnabled": false, 461 | "serviceAccountsEnabled": false, 462 | "publicClient": false, 463 | "frontchannelLogout": false, 464 | "protocol": "openid-connect", 465 | "attributes": {}, 466 | "authenticationFlowBindingOverrides": {}, 467 | "fullScopeAllowed": false, 468 | "nodeReRegistrationTimeout": 0, 469 | "defaultClientScopes": [ 470 | "web-origins", 471 | "role_list", 472 | "roles", 473 | "profile", 474 | "email" 475 | ], 476 | "optionalClientScopes": [ 477 | "address", 478 | "phone", 479 | "offline_access", 480 | "microprofile-jwt" 481 | ] 482 | }, 483 | { 484 | "id": "151b7119-e927-4c48-a497-5bf25a610413", 485 | "clientId": "account-console", 486 | "name": "${client_account-console}", 487 | "rootUrl": "${authBaseUrl}", 488 | "baseUrl": "/realms/myrealm/account/", 489 | "surrogateAuthRequired": false, 490 | "enabled": true, 491 | "alwaysDisplayInConsole": false, 492 | "clientAuthenticatorType": "client-secret", 493 | "secret": "**********", 494 | "redirectUris": [ 495 | "/realms/myrealm/account/*" 496 | ], 497 | "webOrigins": [], 498 | "notBefore": 0, 499 | "bearerOnly": false, 500 | "consentRequired": false, 501 | "standardFlowEnabled": true, 502 | "implicitFlowEnabled": false, 503 | "directAccessGrantsEnabled": false, 504 | "serviceAccountsEnabled": false, 505 | "publicClient": true, 506 | "frontchannelLogout": false, 507 | "protocol": "openid-connect", 508 | "attributes": { 509 | "pkce.code.challenge.method": "S256" 510 | }, 511 | "authenticationFlowBindingOverrides": {}, 512 | "fullScopeAllowed": false, 513 | "nodeReRegistrationTimeout": 0, 514 | "protocolMappers": [ 515 | { 516 | "id": "0d045639-f4ed-4a20-92b3-3a9ffda2fba7", 517 | "name": "audience resolve", 518 | "protocol": "openid-connect", 519 | "protocolMapper": "oidc-audience-resolve-mapper", 520 | "consentRequired": false, 521 | "config": {} 522 | } 523 | ], 524 | "defaultClientScopes": [ 525 | "web-origins", 526 | "role_list", 527 | "roles", 528 | "profile", 529 | "email" 530 | ], 531 | "optionalClientScopes": [ 532 | "address", 533 | "phone", 534 | "offline_access", 535 | "microprofile-jwt" 536 | ] 537 | }, 538 | { 539 | "id": "c7f7bb3e-5891-46ce-bb61-79503d6dc8e4", 540 | "clientId": "admin-cli", 541 | "name": "${client_admin-cli}", 542 | "surrogateAuthRequired": false, 543 | "enabled": true, 544 | "alwaysDisplayInConsole": false, 545 | "clientAuthenticatorType": "client-secret", 546 | "secret": "**********", 547 | "redirectUris": [], 548 | "webOrigins": [], 549 | "notBefore": 0, 550 | "bearerOnly": false, 551 | "consentRequired": false, 552 | "standardFlowEnabled": false, 553 | "implicitFlowEnabled": false, 554 | "directAccessGrantsEnabled": true, 555 | "serviceAccountsEnabled": false, 556 | "publicClient": true, 557 | "frontchannelLogout": false, 558 | "protocol": "openid-connect", 559 | "attributes": {}, 560 | "authenticationFlowBindingOverrides": {}, 561 | "fullScopeAllowed": false, 562 | "nodeReRegistrationTimeout": 0, 563 | "defaultClientScopes": [ 564 | "web-origins", 565 | "role_list", 566 | "roles", 567 | "profile", 568 | "email" 569 | ], 570 | "optionalClientScopes": [ 571 | "address", 572 | "phone", 573 | "offline_access", 574 | "microprofile-jwt" 575 | ] 576 | }, 577 | { 578 | "id": "5eba65fa-9151-40e6-8d3e-1225f0ee9f69", 579 | "clientId": "broker", 580 | "name": "${client_broker}", 581 | "surrogateAuthRequired": false, 582 | "enabled": true, 583 | "alwaysDisplayInConsole": false, 584 | "clientAuthenticatorType": "client-secret", 585 | "secret": "**********", 586 | "redirectUris": [], 587 | "webOrigins": [], 588 | "notBefore": 0, 589 | "bearerOnly": false, 590 | "consentRequired": false, 591 | "standardFlowEnabled": true, 592 | "implicitFlowEnabled": false, 593 | "directAccessGrantsEnabled": false, 594 | "serviceAccountsEnabled": false, 595 | "publicClient": false, 596 | "frontchannelLogout": false, 597 | "protocol": "openid-connect", 598 | "attributes": {}, 599 | "authenticationFlowBindingOverrides": {}, 600 | "fullScopeAllowed": false, 601 | "nodeReRegistrationTimeout": 0, 602 | "defaultClientScopes": [ 603 | "web-origins", 604 | "role_list", 605 | "roles", 606 | "profile", 607 | "email" 608 | ], 609 | "optionalClientScopes": [ 610 | "address", 611 | "phone", 612 | "offline_access", 613 | "microprofile-jwt" 614 | ] 615 | }, 616 | { 617 | "id": "91fed861-c98d-4936-96e2-66cd1894657d", 618 | "clientId": "realm-management", 619 | "name": "${client_realm-management}", 620 | "surrogateAuthRequired": false, 621 | "enabled": true, 622 | "alwaysDisplayInConsole": false, 623 | "clientAuthenticatorType": "client-secret", 624 | "secret": "**********", 625 | "redirectUris": [], 626 | "webOrigins": [], 627 | "notBefore": 0, 628 | "bearerOnly": true, 629 | "consentRequired": false, 630 | "standardFlowEnabled": true, 631 | "implicitFlowEnabled": false, 632 | "directAccessGrantsEnabled": false, 633 | "serviceAccountsEnabled": false, 634 | "publicClient": false, 635 | "frontchannelLogout": false, 636 | "protocol": "openid-connect", 637 | "attributes": {}, 638 | "authenticationFlowBindingOverrides": {}, 639 | "fullScopeAllowed": false, 640 | "nodeReRegistrationTimeout": 0, 641 | "defaultClientScopes": [ 642 | "web-origins", 643 | "role_list", 644 | "roles", 645 | "profile", 646 | "email" 647 | ], 648 | "optionalClientScopes": [ 649 | "address", 650 | "phone", 651 | "offline_access", 652 | "microprofile-jwt" 653 | ] 654 | }, 655 | { 656 | "id": "20cc7136-b6e5-4e02-bbd4-e63b393b3def", 657 | "clientId": "security-admin-console", 658 | "name": "${client_security-admin-console}", 659 | "rootUrl": "${authAdminUrl}", 660 | "baseUrl": "/admin/myrealm/console/", 661 | "surrogateAuthRequired": false, 662 | "enabled": true, 663 | "alwaysDisplayInConsole": false, 664 | "clientAuthenticatorType": "client-secret", 665 | "secret": "**********", 666 | "redirectUris": [ 667 | "/admin/myrealm/console/*" 668 | ], 669 | "webOrigins": [ 670 | "+" 671 | ], 672 | "notBefore": 0, 673 | "bearerOnly": false, 674 | "consentRequired": false, 675 | "standardFlowEnabled": true, 676 | "implicitFlowEnabled": false, 677 | "directAccessGrantsEnabled": false, 678 | "serviceAccountsEnabled": false, 679 | "publicClient": true, 680 | "frontchannelLogout": false, 681 | "protocol": "openid-connect", 682 | "attributes": { 683 | "pkce.code.challenge.method": "S256" 684 | }, 685 | "authenticationFlowBindingOverrides": {}, 686 | "fullScopeAllowed": false, 687 | "nodeReRegistrationTimeout": 0, 688 | "protocolMappers": [ 689 | { 690 | "id": "72421577-e82c-4e7a-b7a6-11f644a7bd72", 691 | "name": "locale", 692 | "protocol": "openid-connect", 693 | "protocolMapper": "oidc-usermodel-attribute-mapper", 694 | "consentRequired": false, 695 | "config": { 696 | "userinfo.token.claim": "true", 697 | "user.attribute": "locale", 698 | "id.token.claim": "true", 699 | "access.token.claim": "true", 700 | "claim.name": "locale", 701 | "jsonType.label": "String" 702 | } 703 | } 704 | ], 705 | "defaultClientScopes": [ 706 | "web-origins", 707 | "role_list", 708 | "roles", 709 | "profile", 710 | "email" 711 | ], 712 | "optionalClientScopes": [ 713 | "address", 714 | "phone", 715 | "offline_access", 716 | "microprofile-jwt" 717 | ] 718 | }, 719 | { 720 | "id": "2a1066d2-f43b-46c5-87d5-64279eaf021e", 721 | "clientId": "web-app1", 722 | "rootUrl": "http://localhost:8091", 723 | "adminUrl": "", 724 | "surrogateAuthRequired": false, 725 | "enabled": true, 726 | "alwaysDisplayInConsole": false, 727 | "clientAuthenticatorType": "client-secret", 728 | "secret": "**********", 729 | "redirectUris": [ 730 | "http://localhost:8091/*" 731 | ], 732 | "webOrigins": [ 733 | "+" 734 | ], 735 | "notBefore": 0, 736 | "bearerOnly": false, 737 | "consentRequired": false, 738 | "standardFlowEnabled": true, 739 | "implicitFlowEnabled": true, 740 | "directAccessGrantsEnabled": true, 741 | "serviceAccountsEnabled": false, 742 | "publicClient": false, 743 | "frontchannelLogout": false, 744 | "protocol": "openid-connect", 745 | "attributes": { 746 | "saml.assertion.signature": "false", 747 | "saml.force.post.binding": "false", 748 | "saml.multivalued.roles": "false", 749 | "saml.encrypt": "false", 750 | "backchannel.logout.revoke.offline.tokens": "false", 751 | "saml.server.signature": "false", 752 | "saml.server.signature.keyinfo.ext": "false", 753 | "exclude.session.state.from.auth.response": "false", 754 | "backchannel.logout.session.required": "true", 755 | "client_credentials.use_refresh_token": "false", 756 | "saml_force_name_id_format": "false", 757 | "saml.client.signature": "false", 758 | "tls.client.certificate.bound.access.tokens": "false", 759 | "saml.authnstatement": "false", 760 | "display.on.consent.screen": "false", 761 | "saml.onetimeuse.condition": "false" 762 | }, 763 | "authenticationFlowBindingOverrides": {}, 764 | "fullScopeAllowed": true, 765 | "nodeReRegistrationTimeout": -1, 766 | "defaultClientScopes": [ 767 | "web-origins", 768 | "role_list", 769 | "roles", 770 | "profile", 771 | "email" 772 | ], 773 | "optionalClientScopes": [ 774 | "address", 775 | "phone", 776 | "offline_access", 777 | "microprofile-jwt" 778 | ] 779 | }, 780 | { 781 | "id": "37bcafe8-4d78-4200-aeb3-39a904dde9fe", 782 | "clientId": "web-app2", 783 | "rootUrl": "http://localhost:8092", 784 | "adminUrl": "http://localhost:8092", 785 | "surrogateAuthRequired": false, 786 | "enabled": true, 787 | "alwaysDisplayInConsole": false, 788 | "clientAuthenticatorType": "client-secret", 789 | "secret": "**********", 790 | "redirectUris": [ 791 | "http://localhost:8092/*" 792 | ], 793 | "webOrigins": [ 794 | "+" 795 | ], 796 | "notBefore": 0, 797 | "bearerOnly": false, 798 | "consentRequired": false, 799 | "standardFlowEnabled": true, 800 | "implicitFlowEnabled": true, 801 | "directAccessGrantsEnabled": true, 802 | "serviceAccountsEnabled": false, 803 | "publicClient": true, 804 | "frontchannelLogout": false, 805 | "protocol": "openid-connect", 806 | "attributes": { 807 | "saml.assertion.signature": "false", 808 | "saml.force.post.binding": "false", 809 | "saml.multivalued.roles": "false", 810 | "saml.encrypt": "false", 811 | "backchannel.logout.revoke.offline.tokens": "false", 812 | "saml.server.signature": "false", 813 | "saml.server.signature.keyinfo.ext": "false", 814 | "exclude.session.state.from.auth.response": "false", 815 | "backchannel.logout.session.required": "true", 816 | "client_credentials.use_refresh_token": "false", 817 | "saml_force_name_id_format": "false", 818 | "saml.client.signature": "false", 819 | "tls.client.certificate.bound.access.tokens": "false", 820 | "saml.authnstatement": "false", 821 | "display.on.consent.screen": "false", 822 | "saml.onetimeuse.condition": "false" 823 | }, 824 | "authenticationFlowBindingOverrides": {}, 825 | "fullScopeAllowed": true, 826 | "nodeReRegistrationTimeout": -1, 827 | "defaultClientScopes": [ 828 | "web-origins", 829 | "role_list", 830 | "roles", 831 | "profile", 832 | "email" 833 | ], 834 | "optionalClientScopes": [ 835 | "address", 836 | "phone", 837 | "offline_access", 838 | "microprofile-jwt" 839 | ] 840 | } 841 | ], 842 | "clientScopes": [ 843 | { 844 | "id": "b635cab7-2c6b-4741-ae9b-40b6163c14a7", 845 | "name": "address", 846 | "description": "OpenID Connect built-in scope: address", 847 | "protocol": "openid-connect", 848 | "attributes": { 849 | "include.in.token.scope": "true", 850 | "display.on.consent.screen": "true", 851 | "consent.screen.text": "${addressScopeConsentText}" 852 | }, 853 | "protocolMappers": [ 854 | { 855 | "id": "011a0e89-12b6-47c1-8ba4-ed4a1a9b21fb", 856 | "name": "address", 857 | "protocol": "openid-connect", 858 | "protocolMapper": "oidc-address-mapper", 859 | "consentRequired": false, 860 | "config": { 861 | "user.attribute.formatted": "formatted", 862 | "user.attribute.country": "country", 863 | "user.attribute.postal_code": "postal_code", 864 | "userinfo.token.claim": "true", 865 | "user.attribute.street": "street", 866 | "id.token.claim": "true", 867 | "user.attribute.region": "region", 868 | "access.token.claim": "true", 869 | "user.attribute.locality": "locality" 870 | } 871 | } 872 | ] 873 | }, 874 | { 875 | "id": "3bed3736-8405-41c6-9d27-414811b95527", 876 | "name": "email", 877 | "description": "OpenID Connect built-in scope: email", 878 | "protocol": "openid-connect", 879 | "attributes": { 880 | "include.in.token.scope": "true", 881 | "display.on.consent.screen": "true", 882 | "consent.screen.text": "${emailScopeConsentText}" 883 | }, 884 | "protocolMappers": [ 885 | { 886 | "id": "b4f66dc6-4101-476e-b1fb-228118ca97be", 887 | "name": "email", 888 | "protocol": "openid-connect", 889 | "protocolMapper": "oidc-usermodel-property-mapper", 890 | "consentRequired": false, 891 | "config": { 892 | "userinfo.token.claim": "true", 893 | "user.attribute": "email", 894 | "id.token.claim": "true", 895 | "access.token.claim": "true", 896 | "claim.name": "email", 897 | "jsonType.label": "String" 898 | } 899 | }, 900 | { 901 | "id": "d838a73b-00ac-44e9-9cf3-7fff58e1d5bc", 902 | "name": "email verified", 903 | "protocol": "openid-connect", 904 | "protocolMapper": "oidc-usermodel-property-mapper", 905 | "consentRequired": false, 906 | "config": { 907 | "userinfo.token.claim": "true", 908 | "user.attribute": "emailVerified", 909 | "id.token.claim": "true", 910 | "access.token.claim": "true", 911 | "claim.name": "email_verified", 912 | "jsonType.label": "boolean" 913 | } 914 | } 915 | ] 916 | }, 917 | { 918 | "id": "3782d220-6883-42fc-9c38-67116e91a101", 919 | "name": "microprofile-jwt", 920 | "description": "Microprofile - JWT built-in scope", 921 | "protocol": "openid-connect", 922 | "attributes": { 923 | "include.in.token.scope": "true", 924 | "display.on.consent.screen": "false" 925 | }, 926 | "protocolMappers": [ 927 | { 928 | "id": "fa47e404-40b3-49db-845e-2fe3a83eff5d", 929 | "name": "upn", 930 | "protocol": "openid-connect", 931 | "protocolMapper": "oidc-usermodel-property-mapper", 932 | "consentRequired": false, 933 | "config": { 934 | "userinfo.token.claim": "true", 935 | "user.attribute": "username", 936 | "id.token.claim": "true", 937 | "access.token.claim": "true", 938 | "claim.name": "upn", 939 | "jsonType.label": "String" 940 | } 941 | }, 942 | { 943 | "id": "c8ca78e5-2228-4a36-8141-34130a1fba90", 944 | "name": "groups", 945 | "protocol": "openid-connect", 946 | "protocolMapper": "oidc-usermodel-realm-role-mapper", 947 | "consentRequired": false, 948 | "config": { 949 | "multivalued": "true", 950 | "user.attribute": "foo", 951 | "id.token.claim": "true", 952 | "access.token.claim": "true", 953 | "claim.name": "groups", 954 | "jsonType.label": "String" 955 | } 956 | } 957 | ] 958 | }, 959 | { 960 | "id": "a6630421-ace4-4d35-859e-fbe4f5a6bfe0", 961 | "name": "offline_access", 962 | "description": "OpenID Connect built-in scope: offline_access", 963 | "protocol": "openid-connect", 964 | "attributes": { 965 | "consent.screen.text": "${offlineAccessScopeConsentText}", 966 | "display.on.consent.screen": "true" 967 | } 968 | }, 969 | { 970 | "id": "7412c074-a434-4e9a-be83-a4b02373f58a", 971 | "name": "phone", 972 | "description": "OpenID Connect built-in scope: phone", 973 | "protocol": "openid-connect", 974 | "attributes": { 975 | "include.in.token.scope": "true", 976 | "display.on.consent.screen": "true", 977 | "consent.screen.text": "${phoneScopeConsentText}" 978 | }, 979 | "protocolMappers": [ 980 | { 981 | "id": "6c73cef8-d32c-4318-97d2-f0d2c4a6da60", 982 | "name": "phone number verified", 983 | "protocol": "openid-connect", 984 | "protocolMapper": "oidc-usermodel-attribute-mapper", 985 | "consentRequired": false, 986 | "config": { 987 | "userinfo.token.claim": "true", 988 | "user.attribute": "phoneNumberVerified", 989 | "id.token.claim": "true", 990 | "access.token.claim": "true", 991 | "claim.name": "phone_number_verified", 992 | "jsonType.label": "boolean" 993 | } 994 | }, 995 | { 996 | "id": "cdc7ea32-c30c-47cc-83fb-19b2b2d0b43a", 997 | "name": "phone number", 998 | "protocol": "openid-connect", 999 | "protocolMapper": "oidc-usermodel-attribute-mapper", 1000 | "consentRequired": false, 1001 | "config": { 1002 | "userinfo.token.claim": "true", 1003 | "user.attribute": "phoneNumber", 1004 | "id.token.claim": "true", 1005 | "access.token.claim": "true", 1006 | "claim.name": "phone_number", 1007 | "jsonType.label": "String" 1008 | } 1009 | } 1010 | ] 1011 | }, 1012 | { 1013 | "id": "1abcb22a-9eab-453b-8f8f-978ee0cc9419", 1014 | "name": "profile", 1015 | "description": "OpenID Connect built-in scope: profile", 1016 | "protocol": "openid-connect", 1017 | "attributes": { 1018 | "include.in.token.scope": "true", 1019 | "display.on.consent.screen": "true", 1020 | "consent.screen.text": "${profileScopeConsentText}" 1021 | }, 1022 | "protocolMappers": [ 1023 | { 1024 | "id": "057cc1e1-721f-4694-b146-67d5fbc2d73e", 1025 | "name": "given name", 1026 | "protocol": "openid-connect", 1027 | "protocolMapper": "oidc-usermodel-property-mapper", 1028 | "consentRequired": false, 1029 | "config": { 1030 | "userinfo.token.claim": "true", 1031 | "user.attribute": "firstName", 1032 | "id.token.claim": "true", 1033 | "access.token.claim": "true", 1034 | "claim.name": "given_name", 1035 | "jsonType.label": "String" 1036 | } 1037 | }, 1038 | { 1039 | "id": "aa095d57-6fda-41be-b846-b0b798b52861", 1040 | "name": "website", 1041 | "protocol": "openid-connect", 1042 | "protocolMapper": "oidc-usermodel-attribute-mapper", 1043 | "consentRequired": false, 1044 | "config": { 1045 | "userinfo.token.claim": "true", 1046 | "user.attribute": "website", 1047 | "id.token.claim": "true", 1048 | "access.token.claim": "true", 1049 | "claim.name": "website", 1050 | "jsonType.label": "String" 1051 | } 1052 | }, 1053 | { 1054 | "id": "a70a7b1c-1f12-443a-8470-e1dcd0657f95", 1055 | "name": "family name", 1056 | "protocol": "openid-connect", 1057 | "protocolMapper": "oidc-usermodel-property-mapper", 1058 | "consentRequired": false, 1059 | "config": { 1060 | "userinfo.token.claim": "true", 1061 | "user.attribute": "lastName", 1062 | "id.token.claim": "true", 1063 | "access.token.claim": "true", 1064 | "claim.name": "family_name", 1065 | "jsonType.label": "String" 1066 | } 1067 | }, 1068 | { 1069 | "id": "225c06ce-6d39-4399-bd73-c101677ee108", 1070 | "name": "picture", 1071 | "protocol": "openid-connect", 1072 | "protocolMapper": "oidc-usermodel-attribute-mapper", 1073 | "consentRequired": false, 1074 | "config": { 1075 | "userinfo.token.claim": "true", 1076 | "user.attribute": "picture", 1077 | "id.token.claim": "true", 1078 | "access.token.claim": "true", 1079 | "claim.name": "picture", 1080 | "jsonType.label": "String" 1081 | } 1082 | }, 1083 | { 1084 | "id": "fe1e954a-e025-45fc-a39f-100e6b6bb2bf", 1085 | "name": "username", 1086 | "protocol": "openid-connect", 1087 | "protocolMapper": "oidc-usermodel-property-mapper", 1088 | "consentRequired": false, 1089 | "config": { 1090 | "userinfo.token.claim": "true", 1091 | "user.attribute": "username", 1092 | "id.token.claim": "true", 1093 | "access.token.claim": "true", 1094 | "claim.name": "preferred_username", 1095 | "jsonType.label": "String" 1096 | } 1097 | }, 1098 | { 1099 | "id": "185afc78-f343-4fa1-9d17-996d112be634", 1100 | "name": "updated at", 1101 | "protocol": "openid-connect", 1102 | "protocolMapper": "oidc-usermodel-attribute-mapper", 1103 | "consentRequired": false, 1104 | "config": { 1105 | "userinfo.token.claim": "true", 1106 | "user.attribute": "updatedAt", 1107 | "id.token.claim": "true", 1108 | "access.token.claim": "true", 1109 | "claim.name": "updated_at", 1110 | "jsonType.label": "String" 1111 | } 1112 | }, 1113 | { 1114 | "id": "5f7c0e1f-12e4-4250-8679-c87b588e75d4", 1115 | "name": "profile", 1116 | "protocol": "openid-connect", 1117 | "protocolMapper": "oidc-usermodel-attribute-mapper", 1118 | "consentRequired": false, 1119 | "config": { 1120 | "userinfo.token.claim": "true", 1121 | "user.attribute": "profile", 1122 | "id.token.claim": "true", 1123 | "access.token.claim": "true", 1124 | "claim.name": "profile", 1125 | "jsonType.label": "String" 1126 | } 1127 | }, 1128 | { 1129 | "id": "b99c143f-f404-45ba-8a25-ed2a54faf118", 1130 | "name": "birthdate", 1131 | "protocol": "openid-connect", 1132 | "protocolMapper": "oidc-usermodel-attribute-mapper", 1133 | "consentRequired": false, 1134 | "config": { 1135 | "userinfo.token.claim": "true", 1136 | "user.attribute": "birthdate", 1137 | "id.token.claim": "true", 1138 | "access.token.claim": "true", 1139 | "claim.name": "birthdate", 1140 | "jsonType.label": "String" 1141 | } 1142 | }, 1143 | { 1144 | "id": "664a221f-8c5c-42ad-ba79-1a949f85b35a", 1145 | "name": "locale", 1146 | "protocol": "openid-connect", 1147 | "protocolMapper": "oidc-usermodel-attribute-mapper", 1148 | "consentRequired": false, 1149 | "config": { 1150 | "userinfo.token.claim": "true", 1151 | "user.attribute": "locale", 1152 | "id.token.claim": "true", 1153 | "access.token.claim": "true", 1154 | "claim.name": "locale", 1155 | "jsonType.label": "String" 1156 | } 1157 | }, 1158 | { 1159 | "id": "93955642-b93f-47f7-a6dd-ad40d737e41f", 1160 | "name": "nickname", 1161 | "protocol": "openid-connect", 1162 | "protocolMapper": "oidc-usermodel-attribute-mapper", 1163 | "consentRequired": false, 1164 | "config": { 1165 | "userinfo.token.claim": "true", 1166 | "user.attribute": "nickname", 1167 | "id.token.claim": "true", 1168 | "access.token.claim": "true", 1169 | "claim.name": "nickname", 1170 | "jsonType.label": "String" 1171 | } 1172 | }, 1173 | { 1174 | "id": "8864e77b-9a76-427e-b093-a813387695eb", 1175 | "name": "full name", 1176 | "protocol": "openid-connect", 1177 | "protocolMapper": "oidc-full-name-mapper", 1178 | "consentRequired": false, 1179 | "config": { 1180 | "id.token.claim": "true", 1181 | "access.token.claim": "true", 1182 | "userinfo.token.claim": "true" 1183 | } 1184 | }, 1185 | { 1186 | "id": "e62c329b-402c-4a0a-93d5-188b81eeaffe", 1187 | "name": "middle name", 1188 | "protocol": "openid-connect", 1189 | "protocolMapper": "oidc-usermodel-attribute-mapper", 1190 | "consentRequired": false, 1191 | "config": { 1192 | "userinfo.token.claim": "true", 1193 | "user.attribute": "middleName", 1194 | "id.token.claim": "true", 1195 | "access.token.claim": "true", 1196 | "claim.name": "middle_name", 1197 | "jsonType.label": "String" 1198 | } 1199 | }, 1200 | { 1201 | "id": "a95b014e-ac93-4532-bfbf-0c754b112dce", 1202 | "name": "zoneinfo", 1203 | "protocol": "openid-connect", 1204 | "protocolMapper": "oidc-usermodel-attribute-mapper", 1205 | "consentRequired": false, 1206 | "config": { 1207 | "userinfo.token.claim": "true", 1208 | "user.attribute": "zoneinfo", 1209 | "id.token.claim": "true", 1210 | "access.token.claim": "true", 1211 | "claim.name": "zoneinfo", 1212 | "jsonType.label": "String" 1213 | } 1214 | }, 1215 | { 1216 | "id": "9d1fa1d6-8340-46d4-89c7-51ad2bfb445b", 1217 | "name": "gender", 1218 | "protocol": "openid-connect", 1219 | "protocolMapper": "oidc-usermodel-attribute-mapper", 1220 | "consentRequired": false, 1221 | "config": { 1222 | "userinfo.token.claim": "true", 1223 | "user.attribute": "gender", 1224 | "id.token.claim": "true", 1225 | "access.token.claim": "true", 1226 | "claim.name": "gender", 1227 | "jsonType.label": "String" 1228 | } 1229 | } 1230 | ] 1231 | }, 1232 | { 1233 | "id": "c6c86cd9-95b1-49c6-9bfb-e7a8d6da6e09", 1234 | "name": "role_list", 1235 | "description": "SAML role list", 1236 | "protocol": "saml", 1237 | "attributes": { 1238 | "consent.screen.text": "${samlRoleListScopeConsentText}", 1239 | "display.on.consent.screen": "true" 1240 | }, 1241 | "protocolMappers": [ 1242 | { 1243 | "id": "8f00c076-ebdd-44ef-82f7-83296f81f39d", 1244 | "name": "role list", 1245 | "protocol": "saml", 1246 | "protocolMapper": "saml-role-list-mapper", 1247 | "consentRequired": false, 1248 | "config": { 1249 | "single": "false", 1250 | "attribute.nameformat": "Basic", 1251 | "attribute.name": "Role" 1252 | } 1253 | } 1254 | ] 1255 | }, 1256 | { 1257 | "id": "16b0db22-b28e-4d44-9a5a-1627993ffd92", 1258 | "name": "roles", 1259 | "description": "OpenID Connect scope for add user roles to the access token", 1260 | "protocol": "openid-connect", 1261 | "attributes": { 1262 | "include.in.token.scope": "false", 1263 | "display.on.consent.screen": "true", 1264 | "consent.screen.text": "${rolesScopeConsentText}" 1265 | }, 1266 | "protocolMappers": [ 1267 | { 1268 | "id": "b2b1f9e6-6409-48ba-ab44-d2edc7d704a8", 1269 | "name": "audience resolve", 1270 | "protocol": "openid-connect", 1271 | "protocolMapper": "oidc-audience-resolve-mapper", 1272 | "consentRequired": false, 1273 | "config": {} 1274 | }, 1275 | { 1276 | "id": "119a1eb4-d01d-4c7f-b702-e9be06766c76", 1277 | "name": "realm roles", 1278 | "protocol": "openid-connect", 1279 | "protocolMapper": "oidc-usermodel-realm-role-mapper", 1280 | "consentRequired": false, 1281 | "config": { 1282 | "multivalued": "true", 1283 | "user.attribute": "foo", 1284 | "access.token.claim": "true", 1285 | "claim.name": "realm_access.roles", 1286 | "jsonType.label": "String" 1287 | } 1288 | }, 1289 | { 1290 | "id": "f4942b95-5433-4795-a0f3-34630762d3c8", 1291 | "name": "client roles", 1292 | "protocol": "openid-connect", 1293 | "protocolMapper": "oidc-usermodel-client-role-mapper", 1294 | "consentRequired": false, 1295 | "config": { 1296 | "multivalued": "true", 1297 | "user.attribute": "foo", 1298 | "access.token.claim": "true", 1299 | "claim.name": "resource_access.${client_id}.roles", 1300 | "jsonType.label": "String" 1301 | } 1302 | } 1303 | ] 1304 | }, 1305 | { 1306 | "id": "f393c483-e402-4a98-a1e1-f957a9de3530", 1307 | "name": "web-origins", 1308 | "description": "OpenID Connect scope for add allowed web origins to the access token", 1309 | "protocol": "openid-connect", 1310 | "attributes": { 1311 | "include.in.token.scope": "false", 1312 | "display.on.consent.screen": "false", 1313 | "consent.screen.text": "" 1314 | }, 1315 | "protocolMappers": [ 1316 | { 1317 | "id": "911a83d7-25fe-45f9-ae7f-bdd84112cb93", 1318 | "name": "allowed web origins", 1319 | "protocol": "openid-connect", 1320 | "protocolMapper": "oidc-allowed-origins-mapper", 1321 | "consentRequired": false, 1322 | "config": {} 1323 | } 1324 | ] 1325 | } 1326 | ], 1327 | "defaultDefaultClientScopes": [ 1328 | "roles", 1329 | "profile", 1330 | "email", 1331 | "role_list", 1332 | "web-origins" 1333 | ], 1334 | "defaultOptionalClientScopes": [ 1335 | "microprofile-jwt", 1336 | "phone", 1337 | "offline_access", 1338 | "address" 1339 | ], 1340 | "browserSecurityHeaders": { 1341 | "contentSecurityPolicyReportOnly": "", 1342 | "xContentTypeOptions": "nosniff", 1343 | "xRobotsTag": "none", 1344 | "xFrameOptions": "SAMEORIGIN", 1345 | "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", 1346 | "xXSSProtection": "1; mode=block", 1347 | "strictTransportSecurity": "max-age=31536000; includeSubDomains" 1348 | }, 1349 | "smtpServer": {}, 1350 | "eventsEnabled": false, 1351 | "eventsListeners": [ 1352 | "jboss-logging" 1353 | ], 1354 | "enabledEventTypes": [], 1355 | "adminEventsEnabled": false, 1356 | "adminEventsDetailsEnabled": false, 1357 | "identityProviders": [], 1358 | "identityProviderMappers": [], 1359 | "components": { 1360 | "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ 1361 | { 1362 | "id": "bcefd8e3-1666-43a9-8155-627432b1aa2c", 1363 | "name": "Allowed Protocol Mapper Types", 1364 | "providerId": "allowed-protocol-mappers", 1365 | "subType": "authenticated", 1366 | "subComponents": {}, 1367 | "config": { 1368 | "allowed-protocol-mapper-types": [ 1369 | "oidc-address-mapper", 1370 | "oidc-usermodel-property-mapper", 1371 | "saml-user-property-mapper", 1372 | "oidc-usermodel-attribute-mapper", 1373 | "oidc-full-name-mapper", 1374 | "oidc-sha256-pairwise-sub-mapper", 1375 | "saml-user-attribute-mapper", 1376 | "saml-role-list-mapper" 1377 | ] 1378 | } 1379 | }, 1380 | { 1381 | "id": "56de84ea-03b2-4f1d-83ee-94d3fbb40fec", 1382 | "name": "Allowed Protocol Mapper Types", 1383 | "providerId": "allowed-protocol-mappers", 1384 | "subType": "anonymous", 1385 | "subComponents": {}, 1386 | "config": { 1387 | "allowed-protocol-mapper-types": [ 1388 | "saml-user-attribute-mapper", 1389 | "oidc-address-mapper", 1390 | "oidc-usermodel-property-mapper", 1391 | "oidc-usermodel-attribute-mapper", 1392 | "oidc-full-name-mapper", 1393 | "saml-role-list-mapper", 1394 | "saml-user-property-mapper", 1395 | "oidc-sha256-pairwise-sub-mapper" 1396 | ] 1397 | } 1398 | }, 1399 | { 1400 | "id": "153c85a4-209e-422e-87c8-4f169479bc22", 1401 | "name": "Allowed Client Scopes", 1402 | "providerId": "allowed-client-templates", 1403 | "subType": "authenticated", 1404 | "subComponents": {}, 1405 | "config": { 1406 | "allow-default-scopes": [ 1407 | "true" 1408 | ] 1409 | } 1410 | }, 1411 | { 1412 | "id": "c15a3435-eb32-4ac0-b097-dd283b92c2b4", 1413 | "name": "Trusted Hosts", 1414 | "providerId": "trusted-hosts", 1415 | "subType": "anonymous", 1416 | "subComponents": {}, 1417 | "config": { 1418 | "host-sending-registration-request-must-match": [ 1419 | "true" 1420 | ], 1421 | "client-uris-must-match": [ 1422 | "true" 1423 | ] 1424 | } 1425 | }, 1426 | { 1427 | "id": "a4abd796-2526-4587-bac1-24801f5a9f67", 1428 | "name": "Consent Required", 1429 | "providerId": "consent-required", 1430 | "subType": "anonymous", 1431 | "subComponents": {}, 1432 | "config": {} 1433 | }, 1434 | { 1435 | "id": "dc27cbd0-a75b-4d39-978e-ae42c0b7652e", 1436 | "name": "Max Clients Limit", 1437 | "providerId": "max-clients", 1438 | "subType": "anonymous", 1439 | "subComponents": {}, 1440 | "config": { 1441 | "max-clients": [ 1442 | "200" 1443 | ] 1444 | } 1445 | }, 1446 | { 1447 | "id": "7864df97-4d17-4288-b0d2-82826a17eaa1", 1448 | "name": "Allowed Client Scopes", 1449 | "providerId": "allowed-client-templates", 1450 | "subType": "anonymous", 1451 | "subComponents": {}, 1452 | "config": { 1453 | "allow-default-scopes": [ 1454 | "true" 1455 | ] 1456 | } 1457 | }, 1458 | { 1459 | "id": "052c296c-06b6-4d9d-a6c4-2a5e5c4f8574", 1460 | "name": "Full Scope Disabled", 1461 | "providerId": "scope", 1462 | "subType": "anonymous", 1463 | "subComponents": {}, 1464 | "config": {} 1465 | } 1466 | ], 1467 | "org.keycloak.keys.KeyProvider": [ 1468 | { 1469 | "id": "f505d557-0421-421e-8a89-a1da4ce7b2b3", 1470 | "name": "rsa-generated", 1471 | "providerId": "rsa-generated", 1472 | "subComponents": {}, 1473 | "config": { 1474 | "priority": [ 1475 | "100" 1476 | ] 1477 | } 1478 | }, 1479 | { 1480 | "id": "3c44432c-b6d3-4f11-b745-12c187e95129", 1481 | "name": "hmac-generated", 1482 | "providerId": "hmac-generated", 1483 | "subComponents": {}, 1484 | "config": { 1485 | "priority": [ 1486 | "100" 1487 | ], 1488 | "algorithm": [ 1489 | "HS256" 1490 | ] 1491 | } 1492 | }, 1493 | { 1494 | "id": "eff0e447-9bbf-4bfa-a80a-554a8981ffba", 1495 | "name": "aes-generated", 1496 | "providerId": "aes-generated", 1497 | "subComponents": {}, 1498 | "config": { 1499 | "priority": [ 1500 | "100" 1501 | ] 1502 | } 1503 | } 1504 | ] 1505 | }, 1506 | "internationalizationEnabled": false, 1507 | "supportedLocales": [], 1508 | "authenticationFlows": [ 1509 | { 1510 | "id": "6cafbfe6-c6c7-4cce-81b2-b80765c23205", 1511 | "alias": "Account verification options", 1512 | "description": "Method with which to verity the existing account", 1513 | "providerId": "basic-flow", 1514 | "topLevel": false, 1515 | "builtIn": true, 1516 | "authenticationExecutions": [ 1517 | { 1518 | "authenticator": "idp-email-verification", 1519 | "requirement": "ALTERNATIVE", 1520 | "priority": 10, 1521 | "userSetupAllowed": false, 1522 | "autheticatorFlow": false 1523 | }, 1524 | { 1525 | "requirement": "ALTERNATIVE", 1526 | "priority": 20, 1527 | "flowAlias": "Verify Existing Account by Re-authentication", 1528 | "userSetupAllowed": false, 1529 | "autheticatorFlow": true 1530 | } 1531 | ] 1532 | }, 1533 | { 1534 | "id": "d0a2cbeb-668d-4038-a216-be72a7d597ae", 1535 | "alias": "Authentication Options", 1536 | "description": "Authentication options.", 1537 | "providerId": "basic-flow", 1538 | "topLevel": false, 1539 | "builtIn": true, 1540 | "authenticationExecutions": [ 1541 | { 1542 | "authenticator": "basic-auth", 1543 | "requirement": "REQUIRED", 1544 | "priority": 10, 1545 | "userSetupAllowed": false, 1546 | "autheticatorFlow": false 1547 | }, 1548 | { 1549 | "authenticator": "basic-auth-otp", 1550 | "requirement": "DISABLED", 1551 | "priority": 20, 1552 | "userSetupAllowed": false, 1553 | "autheticatorFlow": false 1554 | }, 1555 | { 1556 | "authenticator": "auth-spnego", 1557 | "requirement": "DISABLED", 1558 | "priority": 30, 1559 | "userSetupAllowed": false, 1560 | "autheticatorFlow": false 1561 | } 1562 | ] 1563 | }, 1564 | { 1565 | "id": "8a85a9db-d1c6-4f25-8956-59961b458bd0", 1566 | "alias": "Browser - Conditional OTP", 1567 | "description": "Flow to determine if the OTP is required for the authentication", 1568 | "providerId": "basic-flow", 1569 | "topLevel": false, 1570 | "builtIn": true, 1571 | "authenticationExecutions": [ 1572 | { 1573 | "authenticator": "conditional-user-configured", 1574 | "requirement": "REQUIRED", 1575 | "priority": 10, 1576 | "userSetupAllowed": false, 1577 | "autheticatorFlow": false 1578 | }, 1579 | { 1580 | "authenticator": "auth-otp-form", 1581 | "requirement": "REQUIRED", 1582 | "priority": 20, 1583 | "userSetupAllowed": false, 1584 | "autheticatorFlow": false 1585 | } 1586 | ] 1587 | }, 1588 | { 1589 | "id": "75edc590-e0a4-4bc8-8b89-a0c903e02221", 1590 | "alias": "Direct Grant - Conditional OTP", 1591 | "description": "Flow to determine if the OTP is required for the authentication", 1592 | "providerId": "basic-flow", 1593 | "topLevel": false, 1594 | "builtIn": true, 1595 | "authenticationExecutions": [ 1596 | { 1597 | "authenticator": "conditional-user-configured", 1598 | "requirement": "REQUIRED", 1599 | "priority": 10, 1600 | "userSetupAllowed": false, 1601 | "autheticatorFlow": false 1602 | }, 1603 | { 1604 | "authenticator": "direct-grant-validate-otp", 1605 | "requirement": "REQUIRED", 1606 | "priority": 20, 1607 | "userSetupAllowed": false, 1608 | "autheticatorFlow": false 1609 | } 1610 | ] 1611 | }, 1612 | { 1613 | "id": "29467b80-817a-46b0-b4f6-b149477dec34", 1614 | "alias": "First broker login - Conditional OTP", 1615 | "description": "Flow to determine if the OTP is required for the authentication", 1616 | "providerId": "basic-flow", 1617 | "topLevel": false, 1618 | "builtIn": true, 1619 | "authenticationExecutions": [ 1620 | { 1621 | "authenticator": "conditional-user-configured", 1622 | "requirement": "REQUIRED", 1623 | "priority": 10, 1624 | "userSetupAllowed": false, 1625 | "autheticatorFlow": false 1626 | }, 1627 | { 1628 | "authenticator": "auth-otp-form", 1629 | "requirement": "REQUIRED", 1630 | "priority": 20, 1631 | "userSetupAllowed": false, 1632 | "autheticatorFlow": false 1633 | } 1634 | ] 1635 | }, 1636 | { 1637 | "id": "6572ad92-6d81-45f3-a137-1e1d844125ae", 1638 | "alias": "Handle Existing Account", 1639 | "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", 1640 | "providerId": "basic-flow", 1641 | "topLevel": false, 1642 | "builtIn": true, 1643 | "authenticationExecutions": [ 1644 | { 1645 | "authenticator": "idp-confirm-link", 1646 | "requirement": "REQUIRED", 1647 | "priority": 10, 1648 | "userSetupAllowed": false, 1649 | "autheticatorFlow": false 1650 | }, 1651 | { 1652 | "requirement": "REQUIRED", 1653 | "priority": 20, 1654 | "flowAlias": "Account verification options", 1655 | "userSetupAllowed": false, 1656 | "autheticatorFlow": true 1657 | } 1658 | ] 1659 | }, 1660 | { 1661 | "id": "2b25d79b-5823-4e68-9d48-eb0b69199194", 1662 | "alias": "Reset - Conditional OTP", 1663 | "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", 1664 | "providerId": "basic-flow", 1665 | "topLevel": false, 1666 | "builtIn": true, 1667 | "authenticationExecutions": [ 1668 | { 1669 | "authenticator": "conditional-user-configured", 1670 | "requirement": "REQUIRED", 1671 | "priority": 10, 1672 | "userSetupAllowed": false, 1673 | "autheticatorFlow": false 1674 | }, 1675 | { 1676 | "authenticator": "reset-otp", 1677 | "requirement": "REQUIRED", 1678 | "priority": 20, 1679 | "userSetupAllowed": false, 1680 | "autheticatorFlow": false 1681 | } 1682 | ] 1683 | }, 1684 | { 1685 | "id": "1c240e83-59b1-4f64-a763-8785f3d87062", 1686 | "alias": "User creation or linking", 1687 | "description": "Flow for the existing/non-existing user alternatives", 1688 | "providerId": "basic-flow", 1689 | "topLevel": false, 1690 | "builtIn": true, 1691 | "authenticationExecutions": [ 1692 | { 1693 | "authenticatorConfig": "create unique user config", 1694 | "authenticator": "idp-create-user-if-unique", 1695 | "requirement": "ALTERNATIVE", 1696 | "priority": 10, 1697 | "userSetupAllowed": false, 1698 | "autheticatorFlow": false 1699 | }, 1700 | { 1701 | "requirement": "ALTERNATIVE", 1702 | "priority": 20, 1703 | "flowAlias": "Handle Existing Account", 1704 | "userSetupAllowed": false, 1705 | "autheticatorFlow": true 1706 | } 1707 | ] 1708 | }, 1709 | { 1710 | "id": "464af795-a2de-4977-8413-aecce2424161", 1711 | "alias": "Verify Existing Account by Re-authentication", 1712 | "description": "Reauthentication of existing account", 1713 | "providerId": "basic-flow", 1714 | "topLevel": false, 1715 | "builtIn": true, 1716 | "authenticationExecutions": [ 1717 | { 1718 | "authenticator": "idp-username-password-form", 1719 | "requirement": "REQUIRED", 1720 | "priority": 10, 1721 | "userSetupAllowed": false, 1722 | "autheticatorFlow": false 1723 | }, 1724 | { 1725 | "requirement": "CONDITIONAL", 1726 | "priority": 20, 1727 | "flowAlias": "First broker login - Conditional OTP", 1728 | "userSetupAllowed": false, 1729 | "autheticatorFlow": true 1730 | } 1731 | ] 1732 | }, 1733 | { 1734 | "id": "5bb36d07-8b6d-4af9-beb1-1e57d0842bcb", 1735 | "alias": "browser", 1736 | "description": "browser based authentication", 1737 | "providerId": "basic-flow", 1738 | "topLevel": true, 1739 | "builtIn": true, 1740 | "authenticationExecutions": [ 1741 | { 1742 | "authenticator": "auth-cookie", 1743 | "requirement": "ALTERNATIVE", 1744 | "priority": 10, 1745 | "userSetupAllowed": false, 1746 | "autheticatorFlow": false 1747 | }, 1748 | { 1749 | "authenticator": "auth-spnego", 1750 | "requirement": "DISABLED", 1751 | "priority": 20, 1752 | "userSetupAllowed": false, 1753 | "autheticatorFlow": false 1754 | }, 1755 | { 1756 | "authenticator": "identity-provider-redirector", 1757 | "requirement": "ALTERNATIVE", 1758 | "priority": 25, 1759 | "userSetupAllowed": false, 1760 | "autheticatorFlow": false 1761 | }, 1762 | { 1763 | "requirement": "ALTERNATIVE", 1764 | "priority": 30, 1765 | "flowAlias": "forms", 1766 | "userSetupAllowed": false, 1767 | "autheticatorFlow": true 1768 | } 1769 | ] 1770 | }, 1771 | { 1772 | "id": "8cdcd89b-17d7-4fcf-b22e-4c97b171740e", 1773 | "alias": "clients", 1774 | "description": "Base authentication for clients", 1775 | "providerId": "client-flow", 1776 | "topLevel": true, 1777 | "builtIn": true, 1778 | "authenticationExecutions": [ 1779 | { 1780 | "authenticator": "client-secret", 1781 | "requirement": "ALTERNATIVE", 1782 | "priority": 10, 1783 | "userSetupAllowed": false, 1784 | "autheticatorFlow": false 1785 | }, 1786 | { 1787 | "authenticator": "client-jwt", 1788 | "requirement": "ALTERNATIVE", 1789 | "priority": 20, 1790 | "userSetupAllowed": false, 1791 | "autheticatorFlow": false 1792 | }, 1793 | { 1794 | "authenticator": "client-secret-jwt", 1795 | "requirement": "ALTERNATIVE", 1796 | "priority": 30, 1797 | "userSetupAllowed": false, 1798 | "autheticatorFlow": false 1799 | }, 1800 | { 1801 | "authenticator": "client-x509", 1802 | "requirement": "ALTERNATIVE", 1803 | "priority": 40, 1804 | "userSetupAllowed": false, 1805 | "autheticatorFlow": false 1806 | } 1807 | ] 1808 | }, 1809 | { 1810 | "id": "b92ea9cc-fe7d-4fa0-94ac-cbc6ee6caf36", 1811 | "alias": "direct grant", 1812 | "description": "OpenID Connect Resource Owner Grant", 1813 | "providerId": "basic-flow", 1814 | "topLevel": true, 1815 | "builtIn": true, 1816 | "authenticationExecutions": [ 1817 | { 1818 | "authenticator": "direct-grant-validate-username", 1819 | "requirement": "REQUIRED", 1820 | "priority": 10, 1821 | "userSetupAllowed": false, 1822 | "autheticatorFlow": false 1823 | }, 1824 | { 1825 | "authenticator": "direct-grant-validate-password", 1826 | "requirement": "REQUIRED", 1827 | "priority": 20, 1828 | "userSetupAllowed": false, 1829 | "autheticatorFlow": false 1830 | }, 1831 | { 1832 | "requirement": "CONDITIONAL", 1833 | "priority": 30, 1834 | "flowAlias": "Direct Grant - Conditional OTP", 1835 | "userSetupAllowed": false, 1836 | "autheticatorFlow": true 1837 | } 1838 | ] 1839 | }, 1840 | { 1841 | "id": "37b83d05-3384-482d-bbc2-2b1d112df582", 1842 | "alias": "docker auth", 1843 | "description": "Used by Docker clients to authenticate against the IDP", 1844 | "providerId": "basic-flow", 1845 | "topLevel": true, 1846 | "builtIn": true, 1847 | "authenticationExecutions": [ 1848 | { 1849 | "authenticator": "docker-http-basic-authenticator", 1850 | "requirement": "REQUIRED", 1851 | "priority": 10, 1852 | "userSetupAllowed": false, 1853 | "autheticatorFlow": false 1854 | } 1855 | ] 1856 | }, 1857 | { 1858 | "id": "c12c8a28-3354-48ee-99d8-62197b508b1b", 1859 | "alias": "first broker login", 1860 | "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", 1861 | "providerId": "basic-flow", 1862 | "topLevel": true, 1863 | "builtIn": true, 1864 | "authenticationExecutions": [ 1865 | { 1866 | "authenticatorConfig": "review profile config", 1867 | "authenticator": "idp-review-profile", 1868 | "requirement": "REQUIRED", 1869 | "priority": 10, 1870 | "userSetupAllowed": false, 1871 | "autheticatorFlow": false 1872 | }, 1873 | { 1874 | "requirement": "REQUIRED", 1875 | "priority": 20, 1876 | "flowAlias": "User creation or linking", 1877 | "userSetupAllowed": false, 1878 | "autheticatorFlow": true 1879 | } 1880 | ] 1881 | }, 1882 | { 1883 | "id": "147b339e-05df-44a1-94a8-d5b5112bce01", 1884 | "alias": "forms", 1885 | "description": "Username, password, otp and other auth forms.", 1886 | "providerId": "basic-flow", 1887 | "topLevel": false, 1888 | "builtIn": true, 1889 | "authenticationExecutions": [ 1890 | { 1891 | "authenticator": "auth-username-password-form", 1892 | "requirement": "REQUIRED", 1893 | "priority": 10, 1894 | "userSetupAllowed": false, 1895 | "autheticatorFlow": false 1896 | }, 1897 | { 1898 | "requirement": "CONDITIONAL", 1899 | "priority": 20, 1900 | "flowAlias": "Browser - Conditional OTP", 1901 | "userSetupAllowed": false, 1902 | "autheticatorFlow": true 1903 | } 1904 | ] 1905 | }, 1906 | { 1907 | "id": "1fc8f582-7c94-4021-a2e0-6915f4a56443", 1908 | "alias": "http challenge", 1909 | "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", 1910 | "providerId": "basic-flow", 1911 | "topLevel": true, 1912 | "builtIn": true, 1913 | "authenticationExecutions": [ 1914 | { 1915 | "authenticator": "no-cookie-redirect", 1916 | "requirement": "REQUIRED", 1917 | "priority": 10, 1918 | "userSetupAllowed": false, 1919 | "autheticatorFlow": false 1920 | }, 1921 | { 1922 | "requirement": "REQUIRED", 1923 | "priority": 20, 1924 | "flowAlias": "Authentication Options", 1925 | "userSetupAllowed": false, 1926 | "autheticatorFlow": true 1927 | } 1928 | ] 1929 | }, 1930 | { 1931 | "id": "893a55f5-cc57-4de2-a98b-4d83643d12e8", 1932 | "alias": "registration", 1933 | "description": "registration flow", 1934 | "providerId": "basic-flow", 1935 | "topLevel": true, 1936 | "builtIn": true, 1937 | "authenticationExecutions": [ 1938 | { 1939 | "authenticator": "registration-page-form", 1940 | "requirement": "REQUIRED", 1941 | "priority": 10, 1942 | "flowAlias": "registration form", 1943 | "userSetupAllowed": false, 1944 | "autheticatorFlow": true 1945 | } 1946 | ] 1947 | }, 1948 | { 1949 | "id": "b68e6bad-af22-40ed-8945-7faf8da2c4f4", 1950 | "alias": "registration form", 1951 | "description": "registration form", 1952 | "providerId": "form-flow", 1953 | "topLevel": false, 1954 | "builtIn": true, 1955 | "authenticationExecutions": [ 1956 | { 1957 | "authenticator": "registration-user-creation", 1958 | "requirement": "REQUIRED", 1959 | "priority": 20, 1960 | "userSetupAllowed": false, 1961 | "autheticatorFlow": false 1962 | }, 1963 | { 1964 | "authenticator": "registration-profile-action", 1965 | "requirement": "REQUIRED", 1966 | "priority": 40, 1967 | "userSetupAllowed": false, 1968 | "autheticatorFlow": false 1969 | }, 1970 | { 1971 | "authenticator": "registration-password-action", 1972 | "requirement": "REQUIRED", 1973 | "priority": 50, 1974 | "userSetupAllowed": false, 1975 | "autheticatorFlow": false 1976 | }, 1977 | { 1978 | "authenticator": "registration-recaptcha-action", 1979 | "requirement": "DISABLED", 1980 | "priority": 60, 1981 | "userSetupAllowed": false, 1982 | "autheticatorFlow": false 1983 | } 1984 | ] 1985 | }, 1986 | { 1987 | "id": "5a460d0f-224f-47cb-af57-8ed73bb2fc7f", 1988 | "alias": "reset credentials", 1989 | "description": "Reset credentials for a user if they forgot their password or something", 1990 | "providerId": "basic-flow", 1991 | "topLevel": true, 1992 | "builtIn": true, 1993 | "authenticationExecutions": [ 1994 | { 1995 | "authenticator": "reset-credentials-choose-user", 1996 | "requirement": "REQUIRED", 1997 | "priority": 10, 1998 | "userSetupAllowed": false, 1999 | "autheticatorFlow": false 2000 | }, 2001 | { 2002 | "authenticator": "reset-credential-email", 2003 | "requirement": "REQUIRED", 2004 | "priority": 20, 2005 | "userSetupAllowed": false, 2006 | "autheticatorFlow": false 2007 | }, 2008 | { 2009 | "authenticator": "reset-password", 2010 | "requirement": "REQUIRED", 2011 | "priority": 30, 2012 | "userSetupAllowed": false, 2013 | "autheticatorFlow": false 2014 | }, 2015 | { 2016 | "requirement": "CONDITIONAL", 2017 | "priority": 40, 2018 | "flowAlias": "Reset - Conditional OTP", 2019 | "userSetupAllowed": false, 2020 | "autheticatorFlow": true 2021 | } 2022 | ] 2023 | }, 2024 | { 2025 | "id": "b2700a6a-aa0f-4868-bb3c-04ec348feb0c", 2026 | "alias": "saml ecp", 2027 | "description": "SAML ECP Profile Authentication Flow", 2028 | "providerId": "basic-flow", 2029 | "topLevel": true, 2030 | "builtIn": true, 2031 | "authenticationExecutions": [ 2032 | { 2033 | "authenticator": "http-basic-authenticator", 2034 | "requirement": "REQUIRED", 2035 | "priority": 10, 2036 | "userSetupAllowed": false, 2037 | "autheticatorFlow": false 2038 | } 2039 | ] 2040 | } 2041 | ], 2042 | "authenticatorConfig": [ 2043 | { 2044 | "id": "9337ea60-1f52-422e-bd73-8f8293d387af", 2045 | "alias": "create unique user config", 2046 | "config": { 2047 | "require.password.update.after.registration": "false" 2048 | } 2049 | }, 2050 | { 2051 | "id": "2de27ea1-d203-4689-811a-c19565ab85f4", 2052 | "alias": "review profile config", 2053 | "config": { 2054 | "update.profile.on.first.login": "missing" 2055 | } 2056 | } 2057 | ], 2058 | "requiredActions": [ 2059 | { 2060 | "alias": "CONFIGURE_TOTP", 2061 | "name": "Configure OTP", 2062 | "providerId": "CONFIGURE_TOTP", 2063 | "enabled": true, 2064 | "defaultAction": false, 2065 | "priority": 10, 2066 | "config": {} 2067 | }, 2068 | { 2069 | "alias": "terms_and_conditions", 2070 | "name": "Terms and Conditions", 2071 | "providerId": "terms_and_conditions", 2072 | "enabled": false, 2073 | "defaultAction": false, 2074 | "priority": 20, 2075 | "config": {} 2076 | }, 2077 | { 2078 | "alias": "UPDATE_PASSWORD", 2079 | "name": "Update Password", 2080 | "providerId": "UPDATE_PASSWORD", 2081 | "enabled": true, 2082 | "defaultAction": false, 2083 | "priority": 30, 2084 | "config": {} 2085 | }, 2086 | { 2087 | "alias": "UPDATE_PROFILE", 2088 | "name": "Update Profile", 2089 | "providerId": "UPDATE_PROFILE", 2090 | "enabled": true, 2091 | "defaultAction": false, 2092 | "priority": 40, 2093 | "config": {} 2094 | }, 2095 | { 2096 | "alias": "VERIFY_EMAIL", 2097 | "name": "Verify Email", 2098 | "providerId": "VERIFY_EMAIL", 2099 | "enabled": true, 2100 | "defaultAction": false, 2101 | "priority": 50, 2102 | "config": {} 2103 | }, 2104 | { 2105 | "alias": "delete_account", 2106 | "name": "Delete Account", 2107 | "providerId": "delete_account", 2108 | "enabled": false, 2109 | "defaultAction": false, 2110 | "priority": 60, 2111 | "config": {} 2112 | }, 2113 | { 2114 | "alias": "update_user_locale", 2115 | "name": "Update User Locale", 2116 | "providerId": "update_user_locale", 2117 | "enabled": true, 2118 | "defaultAction": false, 2119 | "priority": 1000, 2120 | "config": {} 2121 | } 2122 | ], 2123 | "browserFlow": "browser", 2124 | "registrationFlow": "registration", 2125 | "directGrantFlow": "direct grant", 2126 | "resetCredentialsFlow": "reset credentials", 2127 | "clientAuthenticationFlow": "clients", 2128 | "dockerAuthenticationFlow": "docker auth", 2129 | "attributes": { 2130 | "clientOfflineSessionMaxLifespan": "0", 2131 | "clientSessionIdleTimeout": "0", 2132 | "clientSessionMaxLifespan": "0", 2133 | "clientOfflineSessionIdleTimeout": "0" 2134 | }, 2135 | "keycloakVersion": "12.0.4", 2136 | "userManagedAccessAllowed": false 2137 | } -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '2' 2 | 3 | services: 4 | db: 5 | image: mysql 6 | environment: 7 | - MYSQL_DATABASE=keycloak 8 | - MYSQL_USER=keycloak 9 | - MYSQL_PASSWORD=password 10 | - MYSQL_ROOT_PASSWORD=root_password 11 | ports: 12 | - 3306:3306 13 | 14 | keycloak: 15 | image: jboss/keycloak 16 | environment: 17 | - KEYCLOAK_USER=admin 18 | - KEYCLOAK_PASSWORD=admin 19 | - DB_VENDOR=mysql 20 | - DB_ADDR=db 21 | - DB_PORT=3306 22 | links: 23 | - db:db 24 | ports: 25 | - 8080:8080 26 | - 9999:9990 27 | - 443:8443 28 | volumes: 29 | - ./data:/data 30 | 31 | app1: 32 | image: php:7.1-apache 33 | ports: 34 | - 8091:80 35 | volumes: 36 | - ./app1:/var/www/html 37 | 38 | app2: 39 | image: php:7.1-apache 40 | ports: 41 | - 8092:80 42 | volumes: 43 | - ./app2:/var/www/html 44 | -------------------------------------------------------------------------------- /img/1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vikbert/docker-keycloak-sso/66a5015eeeb4c7c56b58d52edaa5682ceed1d0d2/img/1.png -------------------------------------------------------------------------------- /img/2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vikbert/docker-keycloak-sso/66a5015eeeb4c7c56b58d52edaa5682ceed1d0d2/img/2.png -------------------------------------------------------------------------------- /img/screen1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vikbert/docker-keycloak-sso/66a5015eeeb4c7c56b58d52edaa5682ceed1d0d2/img/screen1.png -------------------------------------------------------------------------------- /img/screen2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vikbert/docker-keycloak-sso/66a5015eeeb4c7c56b58d52edaa5682ceed1d0d2/img/screen2.png -------------------------------------------------------------------------------- /img/screen3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vikbert/docker-keycloak-sso/66a5015eeeb4c7c56b58d52edaa5682ceed1d0d2/img/screen3.png -------------------------------------------------------------------------------- /img/screen4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vikbert/docker-keycloak-sso/66a5015eeeb4c7c56b58d52edaa5682ceed1d0d2/img/screen4.png -------------------------------------------------------------------------------- /img/screen5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vikbert/docker-keycloak-sso/66a5015eeeb4c7c56b58d52edaa5682ceed1d0d2/img/screen5.png -------------------------------------------------------------------------------- /run.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | case "$1" in 4 | start) 5 | docker-compose up -d 6 | ;; 7 | stop) 8 | docker-compose stop 9 | ;; 10 | clean) 11 | docker-compose stop 12 | docker rm -f docker-keycloak-sso_keycloak_1 docker-keycloak-sso_db_1 docker-keycloak-sso_app2_1 docker-keycloak-sso_app1_1 13 | ;; 14 | *) 15 | echo 'Parameter not supported.' 16 | ;; 17 | esac 18 | --------------------------------------------------------------------------------