diff --git a/Makefile b/Makefile index 6f4e820..676cf0d 100644 --- a/Makefile +++ b/Makefile @@ -2,6 +2,7 @@ help: @echo "make [clean dev-front prod dev-back dev]" clean: + pkill -9 node @cp config/frontdev.env front/MyINPulse-front/.env @cp config/frontdev.env .env @cp config/frontdev.env MyINPulse-back/.env diff --git a/MyINPulse-back/src/main/java/enseirb/myinpulse/config/WebSecurityCustomConfiguration.java b/MyINPulse-back/src/main/java/enseirb/myinpulse/config/WebSecurityCustomConfiguration.java index 2cbeccb..52e57d6 100644 --- a/MyINPulse-back/src/main/java/enseirb/myinpulse/config/WebSecurityCustomConfiguration.java +++ b/MyINPulse-back/src/main/java/enseirb/myinpulse/config/WebSecurityCustomConfiguration.java @@ -56,12 +56,18 @@ public class WebSecurityCustomConfiguration { http.authorizeHttpRequests( authorize -> authorize - .requestMatchers("/entrepreneur/**", "/shared/**") + .requestMatchers("/entrepreneur/**") .access(hasRole("REALM_MyINPulse-entrepreneur")) - .requestMatchers("/admin/**", "/shared/**") + .requestMatchers("/admin/**") .access(hasRole("REALM_MyINPulse-admin")) + .requestMatchers("/shared/**") + .hasAnyRole( + "REALM_MyINPulse-admin", + "REALM_MyINPulse-entrepreneur") .requestMatchers("/unauth/**") - .authenticated()) + .authenticated() + .anyRequest() + .denyAll()) .oauth2ResourceServer( oauth2 -> oauth2.jwt( diff --git a/MyINPulse-back/src/main/resources/application.properties b/MyINPulse-back/src/main/resources/application.properties index 043c22b..0f12c34 100644 --- a/MyINPulse-back/src/main/resources/application.properties +++ b/MyINPulse-back/src/main/resources/application.properties @@ -1,6 +1,6 @@ spring.application.name=myinpulse -spring.security.oauth2.resourceserver.jwt.jwk-set-uri=http://localhost:7080/realms/test/protocol/openid-connect/certs -spring.security.oauth2.resourceserver.jwt.issuer-uri=http://localhost:7080/realms/test +spring.security.oauth2.resourceserver.jwt.jwk-set-uri=http://localhost:7080/realms/${VITE_KEYCLOAK_REALM}/protocol/openid-connect/certs +spring.security.oauth2.resourceserver.jwt.issuer-uri=http://localhost:7080/realms/${VITE_KEYCLOAK_REALM} spring.datasource.url=jdbc:postgresql://${DATABASE_URL}/${BACKEND_DB} spring.datasource.username=${BACKEND_USER} spring.datasource.password=${BACKEND_PASSWORD} diff --git a/config/dev.env b/config/dev.env index bcd45f3..3b6eeaa 100644 --- a/config/dev.env +++ b/config/dev.env @@ -16,7 +16,7 @@ BACKEND_PASSWORD=backend_db_user_password DATABASE_URL=localhost:5433 VITE_KEYCLOAK_URL=http://localhost:7080 -VITE_KEYCLOAK_CLIENT_ID=myinpulse-dev -VITE_KEYCLOAK_REALM=test +VITE_KEYCLOAK_CLIENT_ID=MyINPulse-vite +VITE_KEYCLOAK_REALM=MyINPulse VITE_APP_URL=http://localhost:5173 VITE_BACKEND_URL=http://localhost:8081/ diff --git a/documentation/openapi/src/adminApi.yaml b/documentation/openapi/src/adminApi.yaml index 3b66cd1..cd3ca12 100644 --- a/documentation/openapi/src/adminApi.yaml +++ b/documentation/openapi/src/adminApi.yaml @@ -22,6 +22,8 @@ paths: description: Bad Request - Invalid project data provided (e.g., missing required fields). "401": description: Unauthorized - Authentication required or invalid token. + "403": + description: Bad Token - Invalid Keycloack configuration. post: operationId: addProjectManually @@ -49,6 +51,8 @@ paths: description: Bad Request - Project already exists. "401": description: Unauthorized. + "403": + description: Bad Token - Invalid Keycloack configuration. /admin/projects/pending: @@ -70,7 +74,9 @@ paths: items: $ref: "./main.yaml#/components/schemas/project" # Assuming pending projects use the same schema "401": - description: Unauthorized. + description: Unauthorized. + "403": + description: Bad Token - Invalid Keycloack configuration. /admin/request-join: get: @@ -92,6 +98,8 @@ paths: $ref: "./main.yaml#/components/schemas/joinRequest" "401": description: Unauthorized. + "403": + description: Bad Token - Invalid Keycloack configuration. /admin/request-join/decision/{joinRequestId}: post: @@ -121,7 +129,9 @@ paths: "400": description: Bad Request - Invalid input (e.g., missing decision). "401": - description: Unauthorized. + description: Unauthorized. + "403": + description: Bad Token - Invalid Keycloack configuration. /admin/projects/pending/decision: @@ -150,6 +160,8 @@ paths: description: Bad Request - Invalid input (e.g., missing decision). "401": description: Unauthorized. + "403": + description: Bad Token - Invalid Keycloack configuration. /admin/pending-accounts: # Path updated @@ -172,6 +184,8 @@ paths: $ref: "./main.yaml#/components/schemas/user-entrepreneur" "401": description: Unauthorized. + "403": + description: Bad Token - Invalid Keycloack configuration. /admin/accounts/validate/{userId}: post: # Changed to POST as it changes state @@ -195,7 +209,8 @@ paths: description: No Content - Account validated successfully. "400": description: Bad Request - Invalid user ID format. - + "403": + description: Bad Token - Invalid Keycloack configuration. "401": description: Unauthorized. @@ -217,6 +232,8 @@ paths: type: array items: $ref: "./main.yaml#/components/schemas/appointment" + "403": + description: Bad Token - Invalid Keycloack configuration. "404": description: no appointments found. "401": @@ -254,6 +271,8 @@ paths: schema: { $ref: "./main.yaml#/components/schemas/report" } "400": description: Bad Request - Invalid input (e.g., missing content, invalid appointment ID format). + "403": + description: Bad Token - Invalid Keycloack configuration. "401": description: Unauthorized. @@ -288,6 +307,8 @@ paths: schema: { $ref: "./main.yaml#/components/schemas/report" } "400": description: Bad Request - Invalid input (e.g., missing content). + "403": + description: Bad Token - Invalid Keycloack configuration. "401": description: Unauthorized. @@ -314,6 +335,8 @@ paths: description: No Content - Project removed successfully. "400": description: Bad Request - Invalid project ID format. + "403": + description: Bad Token - Invalid Keycloack configuration. "401": description: Unauthorized. @@ -340,7 +363,9 @@ paths: "200": # Use 200 No Content description: No Content - Admin rights granted successfully. "400": - description: Bad Request - Invalid user ID format or user is already an admin. + description: Bad Request - Invalid user ID format or user is already an admin. + "403": + description: Bad Token - Invalid Keycloack configuration. "401": description: Unauthorized. @@ -357,4 +382,6 @@ paths: "200": description: No Content - Admin user created successfully. "401": - description: Unauthorized. \ No newline at end of file + description: Unauthorized. + "403": + description: Bad Token - Invalid Keycloack configuration. \ No newline at end of file diff --git a/documentation/openapi/src/bundled.yaml b/documentation/openapi/src/bundled.yaml index d663aac..3d4db60 100644 --- a/documentation/openapi/src/bundled.yaml +++ b/documentation/openapi/src/bundled.yaml @@ -257,6 +257,8 @@ paths: description: Bad Request - Problem processing the token or user data derived from it. '401': description: Unauthorized - Valid authentication token required. + '403': + description: Bad Token - Invalid Keycloack configuration. '/unauth/request-join/{projectId}': post: summary: Request to join an existing project @@ -278,6 +280,8 @@ paths: description: Bad Request - Invalid project ID format '401': description: Unauthorized. + '403': + description: Bad Token - Invalid Keycloack configuration. '409': description: Already member/request pending. /admin/pending-accounts: @@ -301,6 +305,8 @@ paths: $ref: '#/components/schemas/user-entrepreneur' '401': description: Unauthorized. + '403': + description: Bad Token - Invalid Keycloack configuration. '/admin/accounts/validate/{userId}': post: operationId: validateUserAccount @@ -326,6 +332,8 @@ paths: description: Bad Request - Invalid user ID format. '401': description: Unauthorized. + '403': + description: Bad Token - Invalid Keycloack configuration. /admin/request-join: get: operationId: getPendingProjects @@ -347,6 +355,8 @@ paths: $ref: '#/components/schemas/joinRequest' '401': description: Unauthorized. + '403': + description: Bad Token - Invalid Keycloack configuration. '/admin/request-join/decision/{joinRequestId}': post: summary: Approve or reject a pending project join request @@ -376,6 +386,8 @@ paths: description: 'Bad Request - Invalid input (e.g., missing decision).' '401': description: Unauthorized. + '403': + description: Bad Token - Invalid Keycloack configuration. /admin/projects: get: operationId: getAdminProjects @@ -399,6 +411,8 @@ paths: description: 'Bad Request - Invalid project data provided (e.g., missing required fields).' '401': description: Unauthorized - Authentication required or invalid token. + '403': + description: Bad Token - Invalid Keycloack configuration. post: operationId: addProjectManually summary: Manually add a new project @@ -424,6 +438,8 @@ paths: $ref: '#/components/schemas/project' '401': description: Unauthorized. + '403': + description: Bad Token - Invalid Keycloack configuration. '409': description: Bad Request - Project already exists. /admin/projects/pending: @@ -447,6 +463,8 @@ paths: $ref: '#/components/schemas/project' '401': description: Unauthorized. + '403': + description: Bad Token - Invalid Keycloack configuration. /admin/projects/pending/decision: post: operationId: decidePendingProject @@ -474,6 +492,8 @@ paths: description: 'Bad Request - Invalid input (e.g., missing decision).' '401': description: Unauthorized. + '403': + description: Bad Token - Invalid Keycloack configuration. '/admin/appointments/report/{appointmentId}': post: operationId: createAppointmentReport @@ -510,6 +530,8 @@ paths: description: 'Bad Request - Invalid input (e.g., missing content, invalid appointment ID format).' '401': description: Unauthorized. + '403': + description: Bad Token - Invalid Keycloack configuration. put: operationId: updateAppointmentReport summary: Update an existing appointment report @@ -545,6 +567,8 @@ paths: description: 'Bad Request - Invalid input (e.g., missing content).' '401': description: Unauthorized. + '403': + description: Bad Token - Invalid Keycloack configuration. /admin/appointments/upcoming: get: operationId: getUpcomingAppointments @@ -566,6 +590,8 @@ paths: $ref: '#/components/schemas/appointment' '401': description: Unauthorized. + '403': + description: Bad Token - Invalid Keycloack configuration. '404': description: no appointments found. '/admin/projects/{projectId}': @@ -593,6 +619,8 @@ paths: description: Bad Request - Invalid project ID format. '401': description: Unauthorized. + '403': + description: Bad Token - Invalid Keycloack configuration. '/admin/make-admin/{userId}': post: operationId: grantAdminRights @@ -618,6 +646,8 @@ paths: description: Bad Request - Invalid user ID format or user is already an admin. '401': description: Unauthorized. + '403': + description: Bad Token - Invalid Keycloack configuration. /admin/create-account: post: summary: Creates Admin out Jwt Token @@ -632,6 +662,8 @@ paths: description: No Content - Admin user created successfully. '401': description: Unauthorized. + '403': + description: Bad Token - Invalid Keycloack configuration. '/shared/projects/sectionCells/{projectId}/{sectionId}/{date}': get: operationId: getSectionCellsByDate @@ -676,6 +708,8 @@ paths: description: Bad Request - Invalid parameter format. '401': description: Unauthorized. + '403': + description: Bad Token - Invalid Keycloack configuration. '/shared/projects/entrepreneurs/{projectId}': get: operationId: getProjectEntrepreneurs @@ -706,7 +740,7 @@ paths: '401': description: Unauthorized. '403': - description: Forbidden - User does not have access to this project. + description: Forbidden - User does not have access to this project or invalid Keycloack configuration. '404': description: Not Found - Project not found. '/shared/projects/admin/{projectId}': @@ -737,7 +771,7 @@ paths: '401': description: Unauthorized. '403': - description: Forbidden - User does not have access to this project. + description: Forbidden - User does not have access to this project or invalid Keycloack configuration. '404': description: Not Found - Project not found. '/shared/projects/appointments/{projectId}': @@ -769,6 +803,8 @@ paths: $ref: '#/components/schemas/appointment' '401': description: Unauthorized. + '403': + description: Bad Token - Invalid Keycloack configuration. '/shared/appointments/report/{appointmentId}': get: operationId: getAppointmentReport @@ -798,6 +834,8 @@ paths: format: binary '401': description: Unauthorized. + '403': + description: Bad Token - Invalid Keycloack configuration. /shared/appointments/request: post: operationId: requestAppointment @@ -823,6 +861,8 @@ paths: description: Bad Request - Invalid appointment details. '401': description: Unauthorized. + '403': + description: Bad Token - Invalid Keycloack configuration. /entrepreneur/projects: get: summary: gets the projectId of the project associated with the entrepreneur @@ -844,6 +884,8 @@ paths: $ref: '#/components/schemas/project' '401': description: Unauthorized or identity not found + '403': + description: Bad Token - Invalid Keycloack configuration. '404': description: Bad Request - Invalid input or ID mismatch. /entrepreneur/projects/request: @@ -873,6 +915,8 @@ paths: description: 'Bad Request - Invalid input (e.g., missing name).' '401': description: Unauthorized. + '403': + description: Bad Token - Invalid Keycloack configuration. /entrepreneur/sectionCells: post: operationId: addSectionCell @@ -897,6 +941,8 @@ paths: description: 'Bad Request - Invalid input (e.g., missing content or sectionId).' '401': description: Unauthorized. + '403': + description: Bad Token - Invalid Keycloack configuration. '/entrepreneur/sectionCells/{sectionCellId}': put: operationId: modifySectionCell @@ -927,6 +973,8 @@ paths: description: OK - Section cell updated successfully. Returns the updated cell. '401': description: Unauthorized. + '403': + description: Bad Token - Invalid Keycloack configuration. '404': description: Bad Request - Invalid input or ID mismatch. delete: @@ -953,5 +1001,7 @@ paths: description: Bad Request - Invalid ID format. '401': description: Unauthorized. + '403': + description: Bad Token - Invalid Keycloack configuration. '404': description: Bad Request - sectionCell not found. diff --git a/documentation/openapi/src/entrepreneurApi.yaml b/documentation/openapi/src/entrepreneurApi.yaml index 15ddc1f..4857132 100644 --- a/documentation/openapi/src/entrepreneurApi.yaml +++ b/documentation/openapi/src/entrepreneurApi.yaml @@ -27,6 +27,8 @@ paths: description: Bad Request - Invalid input (e.g., missing name). "401": description: Unauthorized. + "403": + description: Bad Token - Invalid Keycloack configuration. /entrepreneur/sectionCells: # Base path post: @@ -52,6 +54,8 @@ paths: description: Bad Request - Invalid input (e.g., missing content or sectionId). "401": description: Unauthorized. + "403": + description: Bad Token - Invalid Keycloack configuration. /entrepreneur/sectionCells/{sectionCellId}: put: @@ -84,6 +88,8 @@ paths: description: Bad Request - Invalid input or ID mismatch. "401": description: Unauthorized. + "403": + description: Bad Token - Invalid Keycloack configuration. delete: operationId: removeSectionCell @@ -110,6 +116,8 @@ paths: description: Bad Request - sectionCell not found. "401": description: Unauthorized. + "403": + description: Bad Token - Invalid Keycloack configuration. /entrepreneur/projects: @@ -133,4 +141,6 @@ paths: "404": description: Bad Request - Invalid input or ID mismatch. "401": - description: Unauthorized or identity not found \ No newline at end of file + description: Unauthorized or identity not found + "403": + description: Bad Token - Invalid Keycloack configuration. \ No newline at end of file diff --git a/documentation/openapi/src/sharedApi.yaml b/documentation/openapi/src/sharedApi.yaml index 15fa7bc..5a21aaa 100644 --- a/documentation/openapi/src/sharedApi.yaml +++ b/documentation/openapi/src/sharedApi.yaml @@ -36,7 +36,9 @@ paths: items: $ref: "./main.yaml#/components/schemas/sectionCell" "400": - description: Bad Request - Invalid parameter format. + description: Bad Request - Invalid parameter format. + "403": + description: Bad Token - Invalid Keycloack configuration. "401": description: Unauthorized. @@ -68,7 +70,7 @@ paths: "401": description: Unauthorized. "403": - description: Forbidden - User does not have access to this project. + description: Forbidden - User does not have access to this project or invalid Keycloack configuration. "404": description: Not Found - Project not found. @@ -97,7 +99,7 @@ paths: "401": description: Unauthorized. "403": - description: Forbidden - User does not have access to this project. + description: Forbidden - User does not have access to this project or invalid Keycloack configuration. "404": description: Not Found - Project not found. @@ -126,6 +128,8 @@ paths: type: array items: $ref: "./main.yaml#/components/schemas/appointment" + "403": + description: Bad Token - Invalid Keycloack configuration. "401": description: Unauthorized. @@ -156,6 +160,8 @@ paths: format: binary "401": description: Unauthorized. + "403": + description: Bad Token - Invalid Keycloack configuration. /shared/appointments/request: @@ -180,7 +186,8 @@ paths: description: Accepted - Appointment request submitted. "400": description: Bad Request - Invalid appointment details. - "401": description: Unauthorized. + "403": + description: Bad Token - Invalid Keycloack configuration. \ No newline at end of file diff --git a/documentation/openapi/src/unauthApi.yaml b/documentation/openapi/src/unauthApi.yaml index 7c5545b..5150d99 100644 --- a/documentation/openapi/src/unauthApi.yaml +++ b/documentation/openapi/src/unauthApi.yaml @@ -24,6 +24,8 @@ paths: description: Bad Request - Problem processing the token or user data derived from it. "401": description: Unauthorized - Valid authentication token required. + "403": + description: Bad Token - Invalid Keycloack configuration. /unauth/request-join/{projectId}: post: summary: Request to join an existing project @@ -47,6 +49,8 @@ paths: description: Already member/request pending. "401": description: Unauthorized. + "403": + description: Bad Token - Invalid Keycloack configuration. /unauth/request-admin-role: post: summary: Request to join an existing project @@ -59,4 +63,6 @@ paths: "400": description: Bad Request - Invalid project ID format or already member/request pending. "401": - description: Unauthorized. \ No newline at end of file + description: Unauthorized. + "403": + description: Bad Token - Invalid Keycloack configuration. \ No newline at end of file diff --git a/front/MyINPulse-front/src/views/testComponent.vue b/front/MyINPulse-front/src/views/testComponent.vue index ec3039a..0b6f20a 100644 --- a/front/MyINPulse-front/src/views/testComponent.vue +++ b/front/MyINPulse-front/src/views/testComponent.vue @@ -58,7 +58,7 @@ const USERID = ref(""); Get Pending Accounts - diff --git a/keycloak/realm.json b/keycloak/realm.json new file mode 100644 index 0000000..0a0810c --- /dev/null +++ b/keycloak/realm.json @@ -0,0 +1,2638 @@ +{ + "id": "cabafe50-534e-4f3d-9eeb-f9ab39ea7902", + "realm": "MyINPulse", + "notBefore": 0, + "defaultSignatureAlgorithm": "RS256", + "revokeRefreshToken": false, + "refreshTokenMaxReuse": 0, + "accessTokenLifespan": 300, + "accessTokenLifespanForImplicitFlow": 900, + "ssoSessionIdleTimeout": 1800, + "ssoSessionMaxLifespan": 36000, + "ssoSessionIdleTimeoutRememberMe": 0, + "ssoSessionMaxLifespanRememberMe": 0, + "offlineSessionIdleTimeout": 2592000, + "offlineSessionMaxLifespanEnabled": false, + "offlineSessionMaxLifespan": 5184000, + "clientSessionIdleTimeout": 0, + "clientSessionMaxLifespan": 0, + "clientOfflineSessionIdleTimeout": 0, + "clientOfflineSessionMaxLifespan": 0, + "accessCodeLifespan": 60, + "accessCodeLifespanUserAction": 300, + "accessCodeLifespanLogin": 1800, + "actionTokenGeneratedByAdminLifespan": 43200, + "actionTokenGeneratedByUserLifespan": 300, + "oauth2DeviceCodeLifespan": 600, + "oauth2DevicePollingInterval": 5, + "enabled": true, + "sslRequired": "external", + "registrationAllowed": true, + "registrationEmailAsUsername": false, + "rememberMe": false, + "verifyEmail": false, + "loginWithEmailAllowed": true, + "duplicateEmailsAllowed": false, + "resetPasswordAllowed": false, + "editUsernameAllowed": false, + "bruteForceProtected": false, + "permanentLockout": false, + "maxTemporaryLockouts": 0, + "bruteForceStrategy": "MULTIPLE", + "maxFailureWaitSeconds": 900, + "minimumQuickLoginWaitSeconds": 60, + "waitIncrementSeconds": 60, + "quickLoginCheckMilliSeconds": 1000, + "maxDeltaTimeSeconds": 43200, + "failureFactor": 30, + "roles": { + "realm": [ + { + "id": "1837cafb-5ab8-4209-8127-d2e094e4f67d", + "name": "default-roles-myinpulse", + "description": "${role_default-roles}", + "composite": true, + "composites": { + "realm": [ + "offline_access", + "uma_authorization" + ], + "client": { + "account": [ + "manage-account", + "view-profile" + ] + } + }, + "clientRole": false, + "containerId": "cabafe50-534e-4f3d-9eeb-f9ab39ea7902", + "attributes": {} + }, + { + "id": "386ec1d5-844c-4eea-9e0f-db636b5eef6e", + "name": "MyINPulse-admin", + "description": "Role for administrators", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "query-users", + "query-groups", + "manage-users", + "view-clients", + "query-clients", + "query-realms", + "realm-admin" + ], + "account": [ + "manage-consent", + "view-consent", + "view-profile", + "view-groups", + "delete-account", + "view-applications", + "manage-account", + "manage-account-links" + ] + } + }, + "clientRole": false, + "containerId": "cabafe50-534e-4f3d-9eeb-f9ab39ea7902", + "attributes": {} + }, + { + "id": "b97b11e5-d3a9-435b-84a9-9606de042566", + "name": "uma_authorization", + "description": "${role_uma_authorization}", + "composite": false, + "clientRole": false, + "containerId": "cabafe50-534e-4f3d-9eeb-f9ab39ea7902", + "attributes": {} + }, + { + "id": "467438de-b701-4e4c-b93a-b321e0590ded", + "name": "MyINPulse-entrepreneur", + "description": "Role for entrepreneurs", + "composite": false, + "clientRole": false, + "containerId": "cabafe50-534e-4f3d-9eeb-f9ab39ea7902", + "attributes": {} + }, + { + "id": "92083400-a769-4446-a826-dc9e670c675a", + "name": "offline_access", + "description": "${role_offline-access}", + "composite": false, + "clientRole": false, + "containerId": "cabafe50-534e-4f3d-9eeb-f9ab39ea7902", + "attributes": {} + } + ], + "client": { + "realm-management": [ + { + "id": "60ae16ca-0b98-455f-982e-bea895166a48", + "name": "view-realm", + "description": "${role_view-realm}", + "composite": false, + "clientRole": true, + "containerId": "563ef2a0-f8db-47b2-803b-dd094aa55b95", + "attributes": {} + }, + { + "id": "74a598d5-b467-4c7d-99b7-0af6ef7d3c46", + "name": "manage-clients", + "description": "${role_manage-clients}", + "composite": false, + "clientRole": true, + "containerId": "563ef2a0-f8db-47b2-803b-dd094aa55b95", + "attributes": {} + }, + { + "id": "7bba5b54-94b9-4175-af50-bcbafb83c59e", + "name": "manage-identity-providers", + "description": "${role_manage-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "563ef2a0-f8db-47b2-803b-dd094aa55b95", + "attributes": {} + }, + { + "id": "d1d601e8-7c89-4dd2-8b8d-a0007209dcca", + "name": "query-users", + "description": "${role_query-users}", + "composite": false, + "clientRole": true, + "containerId": "563ef2a0-f8db-47b2-803b-dd094aa55b95", + "attributes": {} + }, + { + "id": "606a564b-02db-4a53-ab54-bb046b988807", + "name": "query-groups", + "description": "${role_query-groups}", + "composite": false, + "clientRole": true, + "containerId": "563ef2a0-f8db-47b2-803b-dd094aa55b95", + "attributes": {} + }, + { + "id": "6a359238-f612-4739-91c6-68c23293a8b0", + "name": "manage-realm", + "description": "${role_manage-realm}", + "composite": false, + "clientRole": true, + "containerId": "563ef2a0-f8db-47b2-803b-dd094aa55b95", + "attributes": {} + }, + { + "id": "a8691ba4-0830-46f1-927b-50a74c5be67f", + "name": "manage-users", + "description": "${role_manage-users}", + "composite": false, + "clientRole": true, + "containerId": "563ef2a0-f8db-47b2-803b-dd094aa55b95", + "attributes": {} + }, + { + "id": "0c23c803-8c57-4aec-87d0-b63964211284", + "name": "view-authorization", + "description": "${role_view-authorization}", + "composite": false, + "clientRole": true, + "containerId": "563ef2a0-f8db-47b2-803b-dd094aa55b95", + "attributes": {} + }, + { + "id": "b0f288bd-2999-47f6-93dd-96a25625d7b9", + "name": "view-events", + "description": "${role_view-events}", + "composite": false, + "clientRole": true, + "containerId": "563ef2a0-f8db-47b2-803b-dd094aa55b95", + "attributes": {} + }, + { + "id": "eea3d793-85d7-44f3-9aa8-0a6e7a41a0b6", + "name": "view-users", + "description": "${role_view-users}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "query-users", + "query-groups" + ] + } + }, + "clientRole": true, + "containerId": "563ef2a0-f8db-47b2-803b-dd094aa55b95", + "attributes": {} + }, + { + "id": "0fb4be83-230d-4670-ad93-cac3da57f6bf", + "name": "view-identity-providers", + "description": "${role_view-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "563ef2a0-f8db-47b2-803b-dd094aa55b95", + "attributes": {} + }, + { + "id": "fe0fd495-2e68-4316-acc8-d0eb960179f5", + "name": "create-client", + "description": "${role_create-client}", + "composite": false, + "clientRole": true, + "containerId": "563ef2a0-f8db-47b2-803b-dd094aa55b95", + "attributes": {} + }, + { + "id": "417d9e68-03c2-43ef-a290-7c3ac8c91022", + "name": "view-clients", + "description": "${role_view-clients}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "query-clients" + ] + } + }, + "clientRole": true, + "containerId": "563ef2a0-f8db-47b2-803b-dd094aa55b95", + "attributes": {} + }, + { + "id": "fafc293d-4e13-4f6f-8b66-16ac77974e5a", + "name": "query-clients", + "description": "${role_query-clients}", + "composite": false, + "clientRole": true, + "containerId": "563ef2a0-f8db-47b2-803b-dd094aa55b95", + "attributes": {} + }, + { + "id": "2eb53e25-ddbe-4eb8-bcef-660862d5a164", + "name": "query-realms", + "description": "${role_query-realms}", + "composite": false, + "clientRole": true, + "containerId": "563ef2a0-f8db-47b2-803b-dd094aa55b95", + "attributes": {} + }, + { + "id": "9ee1128e-cc63-4188-9cf7-8d44eea2b2d5", + "name": "manage-authorization", + "description": "${role_manage-authorization}", + "composite": false, + "clientRole": true, + "containerId": "563ef2a0-f8db-47b2-803b-dd094aa55b95", + "attributes": {} + }, + { + "id": "319b2f8b-9774-4418-abfa-1b6fed535764", + "name": "realm-admin", + "description": "${role_realm-admin}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "view-realm", + "manage-clients", + "manage-identity-providers", + "query-users", + "query-groups", + "manage-realm", + "view-events", + "view-authorization", + "manage-users", + "view-users", + "view-identity-providers", + "create-client", + "view-clients", + "query-clients", + "query-realms", + "manage-authorization", + "manage-events", + "impersonation" + ] + } + }, + "clientRole": true, + "containerId": "563ef2a0-f8db-47b2-803b-dd094aa55b95", + "attributes": {} + }, + { + "id": "ad8012d3-8437-4654-afb6-2e8246a6c126", + "name": "impersonation", + "description": "${role_impersonation}", + "composite": false, + "clientRole": true, + "containerId": "563ef2a0-f8db-47b2-803b-dd094aa55b95", + "attributes": {} + }, + { + "id": "e8169c25-99e4-4672-af25-3de74c208fb7", + "name": "manage-events", + "description": "${role_manage-events}", + "composite": false, + "clientRole": true, + "containerId": "563ef2a0-f8db-47b2-803b-dd094aa55b95", + "attributes": {} + } + ], + "MyINPulse-vite": [], + "security-admin-console": [], + "admin-cli": [], + "account-console": [], + "broker": [ + { + "id": "ee2f11dd-eda6-4ddd-bf18-da4f57341a6d", + "name": "read-token", + "description": "${role_read-token}", + "composite": false, + "clientRole": true, + "containerId": "465b3874-6a03-4f61-856a-ec92c1a30383", + "attributes": {} + } + ], + "account": [ + { + "id": "5bb734ca-1e84-4efe-a306-f5171ed49246", + "name": "view-applications", + "description": "${role_view-applications}", + "composite": false, + "clientRole": true, + "containerId": "623ff9e2-e2a2-48c9-9efb-7c913cbe395c", + "attributes": {} + }, + { + "id": "617dabe6-6d05-4d70-8c6f-94f3ff664249", + "name": "manage-account", + "description": "${role_manage-account}", + "composite": true, + "composites": { + "client": { + "account": [ + "manage-account-links" + ] + } + }, + "clientRole": true, + "containerId": "623ff9e2-e2a2-48c9-9efb-7c913cbe395c", + "attributes": {} + }, + { + "id": "1da955d8-d827-40ed-a450-ce91db6da729", + "name": "manage-consent", + "description": "${role_manage-consent}", + "composite": true, + "composites": { + "client": { + "account": [ + "view-consent" + ] + } + }, + "clientRole": true, + "containerId": "623ff9e2-e2a2-48c9-9efb-7c913cbe395c", + "attributes": {} + }, + { + "id": "fddbf83f-7c3d-4eec-b26c-39e5f0b6ef50", + "name": "manage-account-links", + "description": "${role_manage-account-links}", + "composite": false, + "clientRole": true, + "containerId": "623ff9e2-e2a2-48c9-9efb-7c913cbe395c", + "attributes": {} + }, + { + "id": "fc2ad906-dadd-472a-8f8f-b8c45a1f68b3", + "name": "view-consent", + "description": "${role_view-consent}", + "composite": false, + "clientRole": true, + "containerId": "623ff9e2-e2a2-48c9-9efb-7c913cbe395c", + "attributes": {} + }, + { + "id": "3bf3af64-b606-450d-bbb6-801f17bcaf5a", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "623ff9e2-e2a2-48c9-9efb-7c913cbe395c", + "attributes": {} + }, + { + "id": "ac2faad4-a292-43e4-b9f1-97155cdfa4b5", + "name": "view-profile", + "description": "${role_view-profile}", + "composite": false, + "clientRole": true, + "containerId": "623ff9e2-e2a2-48c9-9efb-7c913cbe395c", + "attributes": {} + }, + { + "id": "d50bac0f-a103-49c5-949b-68cc607af2cb", + "name": "delete-account", + "description": "${role_delete-account}", + "composite": false, + "clientRole": true, + "containerId": "623ff9e2-e2a2-48c9-9efb-7c913cbe395c", + "attributes": {} + } + ] + } + }, + "groups": [], + "defaultRole": { + "id": "1837cafb-5ab8-4209-8127-d2e094e4f67d", + "name": "default-roles-myinpulse", + "description": "${role_default-roles}", + "composite": true, + "clientRole": false, + "containerId": "cabafe50-534e-4f3d-9eeb-f9ab39ea7902" + }, + "requiredCredentials": [ + "password" + ], + "otpPolicyType": "totp", + "otpPolicyAlgorithm": "HmacSHA1", + "otpPolicyInitialCounter": 0, + "otpPolicyDigits": 6, + "otpPolicyLookAheadWindow": 1, + "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, + "otpSupportedApplications": [ + "totpAppFreeOTPName", + "totpAppGoogleName", + "totpAppMicrosoftAuthenticatorName" + ], + "localizationTexts": {}, + "webAuthnPolicyRpEntityName": "keycloak", + "webAuthnPolicySignatureAlgorithms": [ + "ES256", + "RS256" + ], + "webAuthnPolicyRpId": "", + "webAuthnPolicyAttestationConveyancePreference": "not specified", + "webAuthnPolicyAuthenticatorAttachment": "not specified", + "webAuthnPolicyRequireResidentKey": "not specified", + "webAuthnPolicyUserVerificationRequirement": "not specified", + "webAuthnPolicyCreateTimeout": 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyAcceptableAaguids": [], + "webAuthnPolicyExtraOrigins": [], + "webAuthnPolicyPasswordlessRpEntityName": "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms": [ + "ES256", + "RS256" + ], + "webAuthnPolicyPasswordlessRpId": "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", + "webAuthnPolicyPasswordlessCreateTimeout": 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyPasswordlessAcceptableAaguids": [], + "webAuthnPolicyPasswordlessExtraOrigins": [], + "scopeMappings": [ + { + "clientScope": "offline_access", + "roles": [ + "offline_access" + ] + }, + { + "clientScope": "MyINPulse-client-scope", + "roles": [ + "MyINPulse-entrepreneur", + "MyINPulse-admin" + ] + } + ], + "clientScopeMappings": { + "account": [ + { + "client": "account-console", + "roles": [ + "manage-account", + "view-groups" + ] + } + ] + }, + "clients": [ + { + "id": "623ff9e2-e2a2-48c9-9efb-7c913cbe395c", + "clientId": "account", + "name": "${client_account}", + "rootUrl": "${authBaseUrl}", + "baseUrl": "/realms/MyINPulse/account/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "/realms/MyINPulse/account/*" + ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "realm_client": "false", + "post.logout.redirect.uris": "+" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "acr", + "roles", + "profile", + "basic", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "organization", + "microprofile-jwt" + ] + }, + { + "id": "b6254726-0bb8-4d9c-8656-187959d4ed3f", + "clientId": "account-console", + "name": "${client_account-console}", + "rootUrl": "${authBaseUrl}", + "baseUrl": "/realms/MyINPulse/account/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "/realms/MyINPulse/account/*" + ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "realm_client": "false", + "post.logout.redirect.uris": "+", + "pkce.code.challenge.method": "S256" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "26c2abdb-a1d1-4e05-9746-a99585533e5b", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": {} + } + ], + "defaultClientScopes": [ + "web-origins", + "acr", + "roles", + "profile", + "basic", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "organization", + "microprofile-jwt" + ] + }, + { + "id": "e62d51cd-6ce3-4cf1-b6d9-e183353cfabf", + "clientId": "admin-cli", + "name": "${client_admin-cli}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "realm_client": "false", + "client.use.lightweight.access.token.enabled": "true" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "acr", + "roles", + "profile", + "basic", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "organization", + "microprofile-jwt" + ] + }, + { + "id": "465b3874-6a03-4f61-856a-ec92c1a30383", + "clientId": "broker", + "name": "${client_broker}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "realm_client": "true" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "acr", + "roles", + "profile", + "basic", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "organization", + "microprofile-jwt" + ] + }, + { + "id": "ff7d6d3e-a59a-499a-b65d-891f31f0c990", + "clientId": "MyINPulse-vite", + "name": "MyINPulse", + "description": "client for MyINPulse", + "rootUrl": "http://localhost:5173", + "adminUrl": "http://localhost:5173/test", + "baseUrl": "http://localhost:5173/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "/*" + ], + "webOrigins": [ + "*" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": true, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": true, + "protocol": "openid-connect", + "attributes": { + "realm_client": "false", + "oidc.ciba.grant.enabled": "false", + "backchannel.logout.session.required": "true", + "standard.token.exchange.enabled": "false", + "post.logout.redirect.uris": "+", + "frontchannel.logout.session.required": "true", + "display.on.consent.screen": "false", + "oauth2.device.authorization.grant.enabled": "true", + "backchannel.logout.revoke.offline.tokens": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "protocolMappers": [ + { + "id": "d2431015-fec6-4261-8e40-8b761d0703bb", + "name": "primary mail", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "lightweight.claim": "false", + "access.token.claim": "true", + "claim.name": "PrimaryMail", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "acr", + "roles", + "profile", + "MyINPulse-client-scope", + "basic", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "organization", + "microprofile-jwt" + ] + }, + { + "id": "563ef2a0-f8db-47b2-803b-dd094aa55b95", + "clientId": "realm-management", + "name": "${client_realm-management}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "realm_client": "true" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "acr", + "roles", + "profile", + "basic", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "organization", + "microprofile-jwt" + ] + }, + { + "id": "c642e3d9-9c6d-45f9-86fd-9d6fdbab7b45", + "clientId": "security-admin-console", + "name": "${client_security-admin-console}", + "rootUrl": "${authAdminUrl}", + "baseUrl": "/admin/MyINPulse/console/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "/admin/MyINPulse/console/*" + ], + "webOrigins": [ + "+" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "realm_client": "false", + "client.use.lightweight.access.token.enabled": "true", + "post.logout.redirect.uris": "+", + "pkce.code.challenge.method": "S256" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "3fde52d8-24ec-4d1a-ae13-e0b38431d538", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "acr", + "roles", + "profile", + "basic", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "organization", + "microprofile-jwt" + ] + } + ], + "clientScopes": [ + { + "id": "886b7de1-de76-43e0-a93f-3ff4e048cd3b", + "name": "offline_access", + "description": "OpenID Connect built-in scope: offline_access", + "protocol": "openid-connect", + "attributes": { + "consent.screen.text": "${offlineAccessScopeConsentText}", + "display.on.consent.screen": "true" + } + }, + { + "id": "a5025d85-7485-4cba-a9fe-d9011f75ad52", + "name": "organization", + "description": "Additional claims about the organization a subject belongs to", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "consent.screen.text": "${organizationScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "039e94db-1db4-48c0-9fc9-a88e05d51430", + "name": "organization", + "protocol": "openid-connect", + "protocolMapper": "oidc-organization-membership-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "introspection.token.claim": "true", + "access.token.claim": "true", + "claim.name": "organization", + "jsonType.label": "String", + "multivalued": "true" + } + } + ] + }, + { + "id": "2a529309-6636-4a60-b2f9-febbaeff861c", + "name": "phone", + "description": "OpenID Connect built-in scope: phone", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "consent.screen.text": "${phoneScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "f20583a2-1713-4354-b1b2-835ea57a1e47", + "name": "phone number", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "phoneNumber", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number", + "jsonType.label": "String" + } + }, + { + "id": "be212685-00fd-4ce2-b2af-1c2fe75b2e6b", + "name": "phone number verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "phoneNumberVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number_verified", + "jsonType.label": "boolean" + } + } + ] + }, + { + "id": "50653545-af59-4d52-ad31-3bb040bda10d", + "name": "roles", + "description": "OpenID Connect scope for add user roles to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "consent.screen.text": "${rolesScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "57fb6b23-38de-44fd-a098-737494d9ea71", + "name": "client roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-client-role-mapper", + "consentRequired": false, + "config": { + "user.attribute": "foo", + "introspection.token.claim": "true", + "access.token.claim": "true", + "claim.name": "resource_access.${client_id}.roles", + "jsonType.label": "String", + "multivalued": "true" + } + }, + { + "id": "e136c16d-e651-4d42-b3b8-806c7892d443", + "name": "realm roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "user.attribute": "foo", + "introspection.token.claim": "true", + "access.token.claim": "true", + "claim.name": "realm_access.roles", + "jsonType.label": "String", + "multivalued": "true" + } + }, + { + "id": "3cffe9df-87cb-4532-94a6-6fbb1056c9d0", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, + { + "id": "8b3f56b7-77a3-4fa4-8aad-53ffef3860be", + "name": "address", + "description": "OpenID Connect built-in scope: address", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "consent.screen.text": "${addressScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "ccb3f102-a32c-48fc-bed9-7d52a59bf531", + "name": "address", + "protocol": "openid-connect", + "protocolMapper": "oidc-address-mapper", + "consentRequired": false, + "config": { + "user.attribute.formatted": "formatted", + "user.attribute.country": "country", + "introspection.token.claim": "true", + "user.attribute.postal_code": "postal_code", + "userinfo.token.claim": "true", + "user.attribute.street": "street", + "id.token.claim": "true", + "user.attribute.region": "region", + "access.token.claim": "true", + "user.attribute.locality": "locality" + } + } + ] + }, + { + "id": "64c4ed3c-5335-464c-8570-521879048cfd", + "name": "basic", + "description": "OpenID Connect scope for add all basic claims to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "3c86109d-a7df-4277-b404-fe4c6d842a50", + "name": "auth_time", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "AUTH_TIME", + "id.token.claim": "true", + "introspection.token.claim": "true", + "access.token.claim": "true", + "claim.name": "auth_time", + "jsonType.label": "long" + } + }, + { + "id": "bbb1ea0e-2935-4a5f-b356-974f8bae8631", + "name": "sub", + "protocol": "openid-connect", + "protocolMapper": "oidc-sub-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, + { + "id": "e3d63f68-4228-4092-ba14-d089b74b658a", + "name": "service_account", + "description": "Specific scope for a client enabled for service accounts", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "eb28f794-7c08-4a2f-8999-4c788cc7e438", + "name": "Client Host", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientHost", + "id.token.claim": "true", + "introspection.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientHost", + "jsonType.label": "String" + } + }, + { + "id": "f3033a28-91d3-4604-96ed-0bed93383fc9", + "name": "Client IP Address", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientAddress", + "id.token.claim": "true", + "introspection.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientAddress", + "jsonType.label": "String" + } + }, + { + "id": "49be090a-b8d7-4225-b065-f07a9ff63799", + "name": "Client ID", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "client_id", + "id.token.claim": "true", + "introspection.token.claim": "true", + "access.token.claim": "true", + "claim.name": "client_id", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "00b816a9-2ada-4e34-9007-032b25b614c2", + "name": "saml_organization", + "description": "Organization Membership", + "protocol": "saml", + "attributes": { + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "e0685803-e563-427e-aada-52c9d0706a67", + "name": "organization", + "protocol": "saml", + "protocolMapper": "saml-organization-membership-mapper", + "consentRequired": false, + "config": {} + } + ] + }, + { + "id": "4f666705-023a-4ae7-8548-9b39b4968031", + "name": "microprofile-jwt", + "description": "Microprofile - JWT built-in scope", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "1a31d387-67eb-4322-aa52-e92c9c922166", + "name": "groups", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "multivalued": "true", + "user.attribute": "foo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "groups", + "jsonType.label": "String" + } + }, + { + "id": "e2184dc1-0f35-4946-a6fe-3de41a275b01", + "name": "upn", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "upn", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "46290aad-6ee0-4fb7-a2d1-a66ea984df7e", + "name": "email", + "description": "OpenID Connect built-in scope: email", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "consent.screen.text": "${emailScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "0aadb12d-d57f-4de8-abfa-dd25cedceed7", + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + }, + { + "id": "fb5afb47-7f72-4ce4-a95c-e8ded209c79a", + "name": "email verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "emailVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email_verified", + "jsonType.label": "boolean" + } + } + ] + }, + { + "id": "411dc1bb-cc6c-489d-bbf9-ef0a2a671454", + "name": "role_list", + "description": "SAML role list", + "protocol": "saml", + "attributes": { + "consent.screen.text": "${samlRoleListScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "25701c17-a19e-4987-92f7-cc3ed26206da", + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", + "consentRequired": false, + "config": { + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" + } + } + ] + }, + { + "id": "12cebf93-719e-411d-81bd-b0f47ac0b740", + "name": "web-origins", + "description": "OpenID Connect scope for add allowed web origins to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "consent.screen.text": "", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "296537ae-a112-46fc-a57e-d03412a0627e", + "name": "allowed web origins", + "protocol": "openid-connect", + "protocolMapper": "oidc-allowed-origins-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, + { + "id": "264747a5-d98b-4d35-aff0-896dfa77a44b", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "c309c4e6-5f3b-4b27-942f-9d14be006efb", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "introspection.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, + { + "id": "72746062-a338-4baf-ae55-2e1d33f303f0", + "name": "profile", + "description": "OpenID Connect built-in scope: profile", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "consent.screen.text": "${profileScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "ce8a71f9-8def-4880-89e6-91c3a13126d7", + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "introspection.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + }, + { + "id": "dac1b7ff-84f1-40eb-841b-349e4a3a7908", + "name": "middle name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "middleName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "middle_name", + "jsonType.label": "String" + } + }, + { + "id": "79dca083-6504-4747-8e04-bbb56b932268", + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String" + } + }, + { + "id": "9054750a-5c71-45b6-94f8-b33fac6179c9", + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" + } + }, + { + "id": "8c9c1b96-20b5-4937-9c76-acc9b75233a2", + "name": "gender", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "gender", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "gender", + "jsonType.label": "String" + } + }, + { + "id": "2f65c74b-3763-441d-aa34-d5499a1acfef", + "name": "zoneinfo", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "zoneinfo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "zoneinfo", + "jsonType.label": "String" + } + }, + { + "id": "09189a92-9a8b-4282-b481-fd9e0df72341", + "name": "profile", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "profile", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "profile", + "jsonType.label": "String" + } + }, + { + "id": "4d0d59a1-058f-4a97-bb4c-f819433b567d", + "name": "website", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "website", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "website", + "jsonType.label": "String" + } + }, + { + "id": "2147cf47-f89c-41c6-9a57-5f62bda47ea2", + "name": "picture", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "picture", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "picture", + "jsonType.label": "String" + } + }, + { + "id": "a6a7a6df-d422-44e6-9099-608696a0204a", + "name": "nickname", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "nickname", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "nickname", + "jsonType.label": "String" + } + }, + { + "id": "f6f56c29-7315-471f-8ade-8edc1da8dd4c", + "name": "birthdate", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "birthdate", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "birthdate", + "jsonType.label": "String" + } + }, + { + "id": "9ec3bac4-b247-4fd7-aa9c-86f5ca483626", + "name": "updated at", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "updatedAt", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "updated_at", + "jsonType.label": "long" + } + }, + { + "id": "0a63c24b-a29b-4d67-9fbb-74720074aac1", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + }, + { + "id": "28462b1d-4c41-4dd1-8e66-452b1dd03d34", + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "e3ac3f2f-b148-48de-9ce3-f52a2128f693", + "name": "MyINPulse-client-scope", + "description": "client scope required for MyInpulse", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "gui.order": "", + "consent.screen.text": "" + }, + "protocolMappers": [ + { + "id": "51cf5da6-e24c-449c-8ad6-a1fd3dc2cb12", + "name": "realm roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "user.attribute": "foo", + "introspection.token.claim": "true", + "access.token.claim": "true", + "claim.name": "realm_access.roles", + "jsonType.label": "String", + "multivalued": "true" + } + }, + { + "id": "967097c4-ef5e-41e9-bc3a-7b0f610b8931", + "name": "PrimaryMail", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "PrimaryMail", + "id.token.claim": "true", + "lightweight.claim": "false", + "access.token.claim": "true", + "claim.name": "PrimaryMail", + "jsonType.label": "String" + } + } + ] + } + ], + "defaultDefaultClientScopes": [ + "role_list", + "saml_organization", + "profile", + "email", + "roles", + "web-origins", + "acr", + "basic", + "MyINPulse-client-scope" + ], + "defaultOptionalClientScopes": [ + "offline_access", + "address", + "phone", + "microprofile-jwt", + "organization" + ], + "browserSecurityHeaders": { + "contentSecurityPolicyReportOnly": "", + "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", + "xRobotsTag": "none", + "xFrameOptions": "SAMEORIGIN", + "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "xXSSProtection": "1; mode=block", + "strictTransportSecurity": "max-age=31536000; includeSubDomains" + }, + "smtpServer": {}, + "eventsEnabled": false, + "eventsListeners": [ + "jboss-logging" + ], + "enabledEventTypes": [], + "adminEventsEnabled": false, + "adminEventsDetailsEnabled": false, + "identityProviders": [ + { + "alias": "Mocksaml", + "displayName": "", + "internalId": "63621154-e864-42dd-899e-ecf1e8523522", + "providerId": "saml", + "enabled": true, + "updateProfileFirstLoginMode": "on", + "trustEmail": false, + "storeToken": false, + "addReadTokenRoleOnCreate": false, + "authenticateByDefault": false, + "linkOnly": false, + "hideOnLogin": false, + "config": { + "postBindingLogout": "false", + "postBindingResponse": "true", + "backchannelSupported": "false", + "xmlSigKeyInfoKeyNameTransformer": "KEY_ID", + "idpEntityId": "https://saml.example.com/entityid", + "useMetadataDescriptorUrl": "false", + "loginHint": "false", + "allowCreate": "true", + "enabledFromMetadata": "true", + "syncMode": "LEGACY", + "singleSignOnServiceUrl": "https://mocksaml.com/api/saml/sso", + "wantAuthnRequestsSigned": "true", + "allowedClockSkew": "0", + "artifactBindingResponse": "false", + "validateSignature": "true", + "signingCertificate": "MIIC4jCCAcoCCQC33wnybT5QZDANBgkqhkiG9w0BAQsFADAyMQswCQYDVQQGEwJV\nSzEPMA0GA1UECgwGQm94eUhRMRIwEAYDVQQDDAlNb2NrIFNBTUwwIBcNMjIwMjI4\nMjE0NjM4WhgPMzAyMTA3MDEyMTQ2MzhaMDIxCzAJBgNVBAYTAlVLMQ8wDQYDVQQK\nDAZCb3h5SFExEjAQBgNVBAMMCU1vY2sgU0FNTDCCASIwDQYJKoZIhvcNAQEBBQAD\nggEPADCCAQoCggEBALGfYettMsct1T6tVUwTudNJH5Pnb9GGnkXi9Zw/e6x45DD0\nRuRONbFlJ2T4RjAE/uG+AjXxXQ8o2SZfb9+GgmCHuTJFNgHoZ1nFVXCmb/Hg8Hpd\n4vOAGXndixaReOiq3EH5XvpMjMkJ3+8+9VYMzMZOjkgQtAqO36eAFFfNKX7dTj3V\npwLkvz6/KFCq8OAwY+AUi4eZm5J57D31GzjHwfjH9WTeX0MyndmnNB1qV75qQR3b\n2/W5sGHRv+9AarggJkF+ptUkXoLtVA51wcfYm6hILptpde5FQC8RWY1YrswBWAEZ\nNfyrR4JeSweElNHg4NVOs4TwGjOPwWGqzTfgTlECAwEAATANBgkqhkiG9w0BAQsF\nAAOCAQEAAYRlYflSXAWoZpFfwNiCQVE5d9zZ0DPzNdWhAybXcTyMf0z5mDf6FWBW\n5Gyoi9u3EMEDnzLcJNkwJAAc39Apa4I2/tml+Jy29dk8bTyX6m93ngmCgdLh5Za4\nkhuU3AM3L63g7VexCuO7kwkjh/+LqdcIXsVGO6XDfu2QOs1Xpe9zIzLpwm/RNYeX\nUjbSj5ce/jekpAw7qyVVL4xOyh8AtUW1ek3wIw1MJvEgEPt0d16oshWJpoS1OT8L\nr/22SvYEo3EmSGdTVGgk3x3s+A0qWAqTcyjr7Q4s/GKYRFfomGwz0TZ4Iw1ZN99M\nm0eo2USlSRTVl7QHRTuiuSThHpLKQQ==", + "nameIDPolicyFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "entityId": "ID", + "signSpMetadata": "false", + "wantAssertionsEncrypted": "false", + "signatureAlgorithm": "RSA_SHA256", + "sendClientIdOnLogout": "false", + "wantAssertionsSigned": "false", + "metadataDescriptorUrl": "https://mocksaml.com/api/saml/metadata", + "sendIdTokenOnLogout": "true", + "postBindingAuthnRequest": "true", + "forceAuthn": "false", + "attributeConsumingServiceIndex": "0", + "addExtensionsElementWithKeyInfo": "false", + "principalType": "SUBJECT" + } + } + ], + "identityProviderMappers": [], + "components": { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ + { + "id": "ee761b58-01e2-450c-9aef-f630f1a55e76", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "fabeba3b-31b2-4732-ba78-17e9bb6c2731", + "name": "Consent Required", + "providerId": "consent-required", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "ce7c973d-e64d-43ce-a181-343a40568ed4", + "name": "Trusted Hosts", + "providerId": "trusted-hosts", + "subType": "anonymous", + "subComponents": {}, + "config": { + "host-sending-registration-request-must-match": [ + "true" + ], + "client-uris-must-match": [ + "true" + ] + } + }, + { + "id": "0f27b23c-a67e-4c44-ae9e-78051c50853e", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } + }, + { + "id": "b26bd127-5cc0-4d4d-9a87-c02708f08fd0", + "name": "Max Clients Limit", + "providerId": "max-clients", + "subType": "anonymous", + "subComponents": {}, + "config": { + "max-clients": [ + "200" + ] + } + }, + { + "id": "1cb65b84-c03f-4228-bbec-e3e0cc74d21f", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "saml-user-attribute-mapper", + "oidc-usermodel-attribute-mapper", + "oidc-usermodel-property-mapper", + "saml-user-property-mapper", + "saml-role-list-mapper", + "oidc-address-mapper", + "oidc-sha256-pairwise-sub-mapper", + "oidc-full-name-mapper" + ] + } + }, + { + "id": "26612577-a31f-4b11-b0b9-16c70a170627", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } + }, + { + "id": "1e98f46d-1dc3-4f71-9b72-41f147ce21c9", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "oidc-address-mapper", + "saml-user-attribute-mapper", + "oidc-usermodel-attribute-mapper", + "oidc-usermodel-property-mapper", + "saml-user-property-mapper", + "oidc-full-name-mapper", + "oidc-sha256-pairwise-sub-mapper", + "saml-role-list-mapper" + ] + } + } + ], + "org.keycloak.keys.KeyProvider": [ + { + "id": "122948f1-2b1b-4254-80d0-039a2ab9d307", + "name": "rsa-enc-generated", + "providerId": "rsa-enc-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ], + "algorithm": [ + "RSA-OAEP" + ] + } + }, + { + "id": "2ff74625-d87e-4ae0-8a97-84af55a8d866", + "name": "hmac-generated-hs512", + "providerId": "hmac-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ], + "algorithm": [ + "HS512" + ] + } + }, + { + "id": "3f1efcc8-7490-473f-aef4-df04ed1c9538", + "name": "aes-generated", + "providerId": "aes-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ] + } + }, + { + "id": "b5d0ccc2-67a0-471d-a63b-a76b2d2350f3", + "name": "rsa-generated", + "providerId": "rsa-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ] + } + } + ] + }, + "internationalizationEnabled": false, + "supportedLocales": [], + "authenticationFlows": [ + { + "id": "a886dd02-d43e-4286-b3d0-9c7913d9063e", + "alias": "Account verification options", + "description": "Method with which to verity the existing account", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-email-verification", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Verify Existing Account by Re-authentication", + "userSetupAllowed": false + } + ] + }, + { + "id": "dd5dcb22-ea68-4247-b67a-30eef5c3b0a3", + "alias": "Browser - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-otp-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "ae23dc68-b134-47f7-a627-36b242255906", + "alias": "Browser - Conditional Organization", + "description": "Flow to determine if the organization identity-first login is to be used", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "organization", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "969eccc4-55da-42bb-a601-69b197421a7d", + "alias": "Direct Grant - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "direct-grant-validate-otp", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "8e62386a-e19a-47c3-8918-75223afb824e", + "alias": "First Broker Login - Conditional Organization", + "description": "Flow to determine if the authenticator that adds organization members is to be used", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "idp-add-organization-member", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "de176c7f-48b5-43e8-9a7c-dc023254d4b1", + "alias": "First broker login - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-otp-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "412f420f-e585-45e7-a726-2866263275a1", + "alias": "Handle Existing Account", + "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-confirm-link", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Account verification options", + "userSetupAllowed": false + } + ] + }, + { + "id": "e21e3380-88de-44b3-ad8a-ee9eba5a90af", + "alias": "Organization", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 10, + "autheticatorFlow": true, + "flowAlias": "Browser - Conditional Organization", + "userSetupAllowed": false + } + ] + }, + { + "id": "3d8b4a8b-7b25-46c6-97c4-75ca0bf7a7c1", + "alias": "Reset - Conditional OTP", + "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-otp", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "7043514b-e394-4909-a3f4-9be8f8a6aba7", + "alias": "User creation or linking", + "description": "Flow for the existing/non-existing user alternatives", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorConfig": "create unique user config", + "authenticator": "idp-create-user-if-unique", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Handle Existing Account", + "userSetupAllowed": false + } + ] + }, + { + "id": "2bb4c227-f21a-4432-a77b-0bd0c06f7e02", + "alias": "Verify Existing Account by Re-authentication", + "description": "Reauthentication of existing account", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-username-password-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "First broker login - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "15bcdcaf-0da3-4355-8aa2-955e0798d707", + "alias": "browser", + "description": "Browser based authentication", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-cookie", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-spnego", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "identity-provider-redirector", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 25, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 26, + "autheticatorFlow": true, + "flowAlias": "Organization", + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 30, + "autheticatorFlow": true, + "flowAlias": "forms", + "userSetupAllowed": false + } + ] + }, + { + "id": "644fca52-8bdf-4a3e-9b32-07f69915c062", + "alias": "clients", + "description": "Base authentication for clients", + "providerId": "client-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "client-secret", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-jwt", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-secret-jwt", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 30, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-x509", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 40, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "535a3bfa-71cf-4b62-81d1-72fe700921f0", + "alias": "direct grant", + "description": "OpenID Connect Resource Owner Grant", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "direct-grant-validate-username", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "direct-grant-validate-password", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 30, + "autheticatorFlow": true, + "flowAlias": "Direct Grant - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "dbe35063-63e5-40e8-9e61-586188c6f90e", + "alias": "docker auth", + "description": "Used by Docker clients to authenticate against the IDP", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "docker-http-basic-authenticator", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "b8640b3d-d6d8-47fc-8f0d-f547cf698265", + "alias": "first broker login", + "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorConfig": "review profile config", + "authenticator": "idp-review-profile", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "User creation or linking", + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 50, + "autheticatorFlow": true, + "flowAlias": "First Broker Login - Conditional Organization", + "userSetupAllowed": false + } + ] + }, + { + "id": "ccfaba20-4672-4736-baaa-674bacad6135", + "alias": "forms", + "description": "Username, password, otp and other auth forms.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-username-password-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Browser - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "2d270b74-8c37-4324-978a-58024eb726d0", + "alias": "registration", + "description": "Registration flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-page-form", + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": true, + "flowAlias": "registration form", + "userSetupAllowed": false + } + ] + }, + { + "id": "89437d5e-0bab-41df-b356-c69a0a73ca56", + "alias": "registration form", + "description": "Registration form", + "providerId": "form-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-user-creation", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "registration-password-action", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 50, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "registration-recaptcha-action", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 60, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "registration-terms-and-conditions", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 70, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "c37419f5-37d1-4c7f-9b3a-466c0933ecff", + "alias": "reset credentials", + "description": "Reset credentials for a user if they forgot their password or something", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "reset-credentials-choose-user", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-credential-email", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-password", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 30, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 40, + "autheticatorFlow": true, + "flowAlias": "Reset - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "4fb29e9f-660d-4388-bef9-b14fc2e9175b", + "alias": "saml ecp", + "description": "SAML ECP Profile Authentication Flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "http-basic-authenticator", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + } + ], + "authenticatorConfig": [ + { + "id": "83703e72-2f74-41cb-956b-8824b4607d83", + "alias": "create unique user config", + "config": { + "require.password.update.after.registration": "false" + } + }, + { + "id": "8022fe77-88ec-4026-a4d7-6df976354735", + "alias": "review profile config", + "config": { + "update.profile.on.first.login": "missing" + } + } + ], + "requiredActions": [ + { + "alias": "CONFIGURE_TOTP", + "name": "Configure OTP", + "providerId": "CONFIGURE_TOTP", + "enabled": true, + "defaultAction": false, + "priority": 10, + "config": {} + }, + { + "alias": "TERMS_AND_CONDITIONS", + "name": "Terms and Conditions", + "providerId": "TERMS_AND_CONDITIONS", + "enabled": false, + "defaultAction": false, + "priority": 20, + "config": {} + }, + { + "alias": "UPDATE_PASSWORD", + "name": "Update Password", + "providerId": "UPDATE_PASSWORD", + "enabled": true, + "defaultAction": false, + "priority": 30, + "config": {} + }, + { + "alias": "UPDATE_PROFILE", + "name": "Update Profile", + "providerId": "UPDATE_PROFILE", + "enabled": true, + "defaultAction": false, + "priority": 40, + "config": {} + }, + { + "alias": "VERIFY_EMAIL", + "name": "Verify Email", + "providerId": "VERIFY_EMAIL", + "enabled": true, + "defaultAction": false, + "priority": 50, + "config": {} + }, + { + "alias": "delete_account", + "name": "Delete Account", + "providerId": "delete_account", + "enabled": false, + "defaultAction": false, + "priority": 60, + "config": {} + }, + { + "alias": "webauthn-register", + "name": "Webauthn Register", + "providerId": "webauthn-register", + "enabled": true, + "defaultAction": false, + "priority": 70, + "config": {} + }, + { + "alias": "webauthn-register-passwordless", + "name": "Webauthn Register Passwordless", + "providerId": "webauthn-register-passwordless", + "enabled": true, + "defaultAction": false, + "priority": 80, + "config": {} + }, + { + "alias": "VERIFY_PROFILE", + "name": "Verify Profile", + "providerId": "VERIFY_PROFILE", + "enabled": true, + "defaultAction": false, + "priority": 90, + "config": {} + }, + { + "alias": "delete_credential", + "name": "Delete Credential", + "providerId": "delete_credential", + "enabled": true, + "defaultAction": false, + "priority": 100, + "config": {} + }, + { + "alias": "update_user_locale", + "name": "Update User Locale", + "providerId": "update_user_locale", + "enabled": true, + "defaultAction": false, + "priority": 1000, + "config": {} + } + ], + "browserFlow": "browser", + "registrationFlow": "registration", + "directGrantFlow": "direct grant", + "resetCredentialsFlow": "reset credentials", + "clientAuthenticationFlow": "clients", + "dockerAuthenticationFlow": "docker auth", + "firstBrokerLoginFlow": "first broker login", + "attributes": { + "cibaBackchannelTokenDeliveryMode": "poll", + "cibaExpiresIn": "120", + "cibaAuthRequestedUserHint": "login_hint", + "oauth2DeviceCodeLifespan": "600", + "oauth2DevicePollingInterval": "5", + "clientOfflineSessionMaxLifespan": "0", + "clientSessionIdleTimeout": "0", + "parRequestUriLifespan": "60", + "clientSessionMaxLifespan": "0", + "clientOfflineSessionIdleTimeout": "0", + "cibaInterval": "5", + "realmReusableOtpCode": "false" + }, + "keycloakVersion": "26.2.3", + "userManagedAccessAllowed": false, + "organizationsEnabled": false, + "verifiableCredentialsEnabled": false, + "adminPermissionsEnabled": false, + "clientProfiles": { + "profiles": [] + }, + "clientPolicies": { + "policies": [] + } +} \ No newline at end of file