Skip to content

Instantly share code, notes, and snippets.

@thomasdarimont

thomasdarimont/readme.md

Last active March 19, 2025 13:17
Show Gist options
  • Save thomasdarimont/0ccab1238d3824a84a37a16a086cf890 to your computer and use it in GitHub Desktop.
Save thomasdarimont/0ccab1238d3824a84a37a16a086cf890 to your computer and use it in GitHub Desktop.
Download ZIP
Example Realm with a Configuration for OAuth2 Resource Indicators based on https://github.com/keycloak/keycloak/pull/35711
Raw
readme.md

This import creates a new resource-indicators realm with a photoz client. The photoz client defines available resource-indicators via the authorization-services resources.

Create a user tester with password test in the resource-indicators realm.

Then you should be able to execute the following requests via curl.

Note the resource parameter which enables the client to select which resources should be associated with the authorization.

KC_ISSUER="http://localhost:8081/auth/realms/resource-indicators"
KC_CLIENT_ID=photoz
KC_CLIENT_SECRET=I5TkulMR7zW0rjXY0hTLSoPnyc9kgVrr
KC_USERNAME="tester"
KC_PASSWORD="test"

# Obtain Token via grant_type=password
KC_AT_RESPONSE=$(curl -v \
-d "grant_type=password" \
-d "client_id=$KC_CLIENT_ID" \
-d "client_secret=$KC_CLIENT_SECRET" \
-d "username=$KC_USERNAME" \
-d "password=$KC_PASSWORD" \
-d "resource=https://api.acme.com/galleries" \
-d "resource=https://api.acme.com/photos" \
$KC_ISSUER/protocol/openid-connect/token)
echo "$KC_AT_RESPONSE"

KC_REFRESH_TOKEN=$(echo $KC_AT_RESPONSE | jq -r ".refresh_token")
echo "$KC_REFRESH_TOKEN"

# Obtain Token via grant_type=password V2
KC_AT_RESPONSE=$(curl -v \
-d "grant_type=password" \
-d "client_id=$KC_CLIENT_ID" \
-d "client_secret=$KC_CLIENT_SECRET" \
-d "username=$KC_USERNAME" \
-d "password=$KC_PASSWORD" \
-d "resource=https://api.acme.com/galleries" \
-d "resource=https://api.acme.com/photos" \
-d "resource=https://api.acme.com/accounts" \
$KC_ISSUER/protocol/openid-connect/token)
echo "$KC_AT_RESPONSE"

KC_REFRESH_TOKEN=$(echo $KC_AT_RESPONSE | jq -r ".refresh_token")
echo "$KC_REFRESH_TOKEN"

# Refresh Token with photos resource
KC_RT_RESPONSE=$(curl -v \
-d "grant_type=refresh_token" \
-d "client_id=$KC_CLIENT_ID" \
-d "client_secret=$KC_CLIENT_SECRET" \
-d "refresh_token=$KC_REFRESH_TOKEN" \
-d "resource=https://api.acme.com/photos" \
$KC_ISSUER/protocol/openid-connect/token)
echo "$KC_RT_RESPONSE"



# Refresh Token with galleries resource
KC_RT_RESPONSE=$(curl -v \
-d "grant_type=refresh_token" \
-d "client_id=$KC_CLIENT_ID" \
-d "client_secret=$KC_CLIENT_SECRET" \
-d "refresh_token=$KC_REFRESH_TOKEN" \
-d "resource=https://api.acme.com/galleries" \
$KC_ISSUER/protocol/openid-connect/token)
echo "$KC_RT_RESPONSE"

# Refresh Token with invalid resource
KC_RT_RESPONSE=$(curl -v \
-d "grant_type=refresh_token" \
-d "client_id=$KC_CLIENT_ID" \
-d "client_secret=$KC_CLIENT_SECRET" \
-d "refresh_token=$KC_REFRESH_TOKEN" \
-d "resource=https://api.acme.com/invalid" \
$KC_ISSUER/protocol/openid-connect/token)
echo "$KC_RT_RESPONSE"

# Refresh Token without resources
KC_RT_RESPONSE=$(curl -v \
-d "grant_type=refresh_token" \
-d "client_id=$KC_CLIENT_ID" \
-d "client_secret=$KC_CLIENT_SECRET" \
-d "refresh_token=$KC_REFRESH_TOKEN" \
$KC_ISSUER/protocol/openid-connect/token)
echo "$KC_RT_RESPONSE"


# Refresh Token with new not initially requested resource
KC_RT_RESPONSE=$(curl -v \
-d "grant_type=refresh_token" \
-d "client_id=$KC_CLIENT_ID" \
-d "client_secret=$KC_CLIENT_SECRET" \
-d "refresh_token=$KC_REFRESH_TOKEN" \
-d "resource=https://api.acme.com/accounts" \
$KC_ISSUER/protocol/openid-connect/token)
echo "$KC_RT_RESPONSE"


---

# Obtain Token via grant_type=client_credentials
KC_AT_RESPONSE=$(curl -v \
-d "grant_type=client_credentials" \
-d "client_id=$KC_CLIENT_ID" \
-d "client_secret=$KC_CLIENT_SECRET" \
-d "resource=https://api.acme.com/galleries" \
-d "resource=https://api.acme.com/photos" \
$KC_ISSUER/protocol/openid-connect/token)
echo "$KC_AT_RESPONSE"


# Obtain Token with resource https://api.acme.com/galleries
KC_AT_RESPONSE=$(curl -v \
-d "grant_type=client_credentials" \
-d "client_id=$KC_CLIENT_ID" \
-d "client_secret=$KC_CLIENT_SECRET" \
-d "resource=https://api.acme.com/galleries" \
$KC_ISSUER/protocol/openid-connect/token)
echo "$KC_AT_RESPONSE"


# Obtain Token with resource https://api.acme.com/photos
KC_AT_RESPONSE=$(curl -v \
-d "grant_type=client_credentials" \
-d "client_id=$KC_CLIENT_ID" \
-d "client_secret=$KC_CLIENT_SECRET" \
-d "resource=https://api.acme.com/photos" \
$KC_ISSUER/protocol/openid-connect/token)
echo "$KC_AT_RESPONSE"


# Attempt to obtain Token with resource https://api.acme.com/invalid
KC_AT_RESPONSE=$(curl -v \
-d "grant_type=client_credentials" \
-d "client_id=$KC_CLIENT_ID" \
-d "client_secret=$KC_CLIENT_SECRET" \
-d "resource=https://api.acme.com/invalid" \
$KC_ISSUER/protocol/openid-connect/token)
echo "$KC_AT_RESPONSE"
Raw
resource-indicators-realm-export.json
{
"id": "f658d917-a8a0-434c-b9aa-d88c1bfa3819",
"realm": "resource-indicators",
"notBefore": 0,
"defaultSignatureAlgorithm": "RS256",
"revokeRefreshToken": false,
"refreshTokenMaxReuse": 0,
"accessTokenLifespan": 300,
"accessTokenLifespanForImplicitFlow": 900,
"ssoSessionIdleTimeout": 1800,
"ssoSessionMaxLifespan": 36000,
"ssoSessionIdleTimeoutRememberMe": 0,
"ssoSessionMaxLifespanRememberMe": 0,
"offlineSessionIdleTimeout": 2592000,
"offlineSessionMaxLifespanEnabled": false,
"offlineSessionMaxLifespan": 5184000,
"clientSessionIdleTimeout": 0,
"clientSessionMaxLifespan": 0,
"clientOfflineSessionIdleTimeout": 0,
"clientOfflineSessionMaxLifespan": 0,
"accessCodeLifespan": 60,
"accessCodeLifespanUserAction": 300,
"accessCodeLifespanLogin": 1800,
"actionTokenGeneratedByAdminLifespan": 43200,
"actionTokenGeneratedByUserLifespan": 300,
"oauth2DeviceCodeLifespan": 600,
"oauth2DevicePollingInterval": 5,
"enabled": true,
"sslRequired": "external",
"registrationAllowed": false,
"registrationEmailAsUsername": false,
"rememberMe": false,
"verifyEmail": false,
"loginWithEmailAllowed": true,
"duplicateEmailsAllowed": false,
"resetPasswordAllowed": false,
"editUsernameAllowed": false,
"bruteForceProtected": false,
"permanentLockout": false,
"maxTemporaryLockouts": 0,
"bruteForceStrategy": "MULTIPLE",
"maxFailureWaitSeconds": 900,
"minimumQuickLoginWaitSeconds": 60,
"waitIncrementSeconds": 60,
"quickLoginCheckMilliSeconds": 1000,
"maxDeltaTimeSeconds": 43200,
"failureFactor": 30,
"roles": {
"realm": [
{
"id": "3ef174fc-6c41-4a66-991b-856d6f9c67e1",
"name": "offline_access",
"description": "${role_offline-access}",
"composite": false,
"clientRole": false,
"containerId": "f658d917-a8a0-434c-b9aa-d88c1bfa3819",
"attributes": {}
},
{
"id": "87d98522-0e7d-476b-b24d-ec1cbd1ee5fc",
"name": "uma_authorization",
"description": "${role_uma_authorization}",
"composite": false,
"clientRole": false,
"containerId": "f658d917-a8a0-434c-b9aa-d88c1bfa3819",
"attributes": {}
},
{
"id": "880375a6-df79-48cc-aa61-ab9eea3d2d21",
"name": "default-roles-resource-indicators",
"description": "${role_default-roles}",
"composite": true,
"composites": {
"realm": [
"offline_access",
"uma_authorization"
],
"client": {
"account": [
"view-profile",
"manage-account"
]
}
},
"clientRole": false,
"containerId": "f658d917-a8a0-434c-b9aa-d88c1bfa3819",
"attributes": {}
}
],
"client": {
"realm-management": [
{
"id": "6b449bba-f8f7-4642-b1a1-d55cc52d42ea",
"name": "create-client",
"description": "${role_create-client}",
"composite": false,
"clientRole": true,
"containerId": "3a4d8051-bc11-4b11-ab22-a687a8277c2a",
"attributes": {}
},
{
"id": "e7fcd068-fd75-418b-8944-e240a68f3946",
"name": "query-clients",
"description": "${role_query-clients}",
"composite": false,
"clientRole": true,
"containerId": "3a4d8051-bc11-4b11-ab22-a687a8277c2a",
"attributes": {}
},
{
"id": "cf472049-c72f-4970-9801-cf84294a82e1",
"name": "realm-admin",
"description": "${role_realm-admin}",
"composite": true,
"composites": {
"client": {
"realm-management": [
"create-client",
"query-clients",
"view-authorization",
"manage-authorization",
"view-clients",
"query-users",
"query-realms",
"view-users",
"impersonation",
"query-groups",
"manage-realm",
"view-identity-providers",
"manage-identity-providers",
"manage-users",
"view-realm",
"manage-clients",
"view-events",
"manage-events"
]
}
},
"clientRole": true,
"containerId": "3a4d8051-bc11-4b11-ab22-a687a8277c2a",
"attributes": {}
},
{
"id": "6338cfa7-6ba2-4247-b8fc-b8e451be0368",
"name": "view-authorization",
"description": "${role_view-authorization}",
"composite": false,
"clientRole": true,
"containerId": "3a4d8051-bc11-4b11-ab22-a687a8277c2a",
"attributes": {}
},
{
"id": "77f3e5fa-5e72-4b98-a17b-202c5fc8e781",
"name": "manage-authorization",
"description": "${role_manage-authorization}",
"composite": false,
"clientRole": true,
"containerId": "3a4d8051-bc11-4b11-ab22-a687a8277c2a",
"attributes": {}
},
{
"id": "f8d4211f-97d0-48c4-b261-0678c2714242",
"name": "view-clients",
"description": "${role_view-clients}",
"composite": true,
"composites": {
"client": {
"realm-management": [
"query-clients"
]
}
},
"clientRole": true,
"containerId": "3a4d8051-bc11-4b11-ab22-a687a8277c2a",
"attributes": {}
},
{
"id": "d4df0d86-4f65-4919-a7a8-cbe1196abc37",
"name": "query-users",
"description": "${role_query-users}",
"composite": false,
"clientRole": true,
"containerId": "3a4d8051-bc11-4b11-ab22-a687a8277c2a",
"attributes": {}
},
{
"id": "febfac23-6b01-43bc-be1c-733190b5bde3",
"name": "query-realms",
"description": "${role_query-realms}",
"composite": false,
"clientRole": true,
"containerId": "3a4d8051-bc11-4b11-ab22-a687a8277c2a",
"attributes": {}
},
{
"id": "f37a7e82-001a-49ca-82b1-58ab9be37fff",
"name": "impersonation",
"description": "${role_impersonation}",
"composite": false,
"clientRole": true,
"containerId": "3a4d8051-bc11-4b11-ab22-a687a8277c2a",
"attributes": {}
},
{
"id": "91bde6c7-f356-45e1-84c0-e04a594b9e82",
"name": "view-users",
"description": "${role_view-users}",
"composite": true,
"composites": {
"client": {
"realm-management": [
"query-groups",
"query-users"
]
}
},
"clientRole": true,
"containerId": "3a4d8051-bc11-4b11-ab22-a687a8277c2a",
"attributes": {}
},
{
"id": "9e77c203-3fc9-41af-808e-ef01d8546c38",
"name": "manage-realm",
"description": "${role_manage-realm}",
"composite": false,
"clientRole": true,
"containerId": "3a4d8051-bc11-4b11-ab22-a687a8277c2a",
"attributes": {}
},
{
"id": "75195d50-7d8b-415f-8ef3-4ed70e22667f",
"name": "query-groups",
"description": "${role_query-groups}",
"composite": false,
"clientRole": true,
"containerId": "3a4d8051-bc11-4b11-ab22-a687a8277c2a",
"attributes": {}
},
{
"id": "0cc8a316-ee27-4ae3-91b3-d13b12a68939",
"name": "view-identity-providers",
"description": "${role_view-identity-providers}",
"composite": false,
"clientRole": true,
"containerId": "3a4d8051-bc11-4b11-ab22-a687a8277c2a",
"attributes": {}
},
{
"id": "b86bd791-0743-4f49-8002-949f6edd2e01",
"name": "manage-identity-providers",
"description": "${role_manage-identity-providers}",
"composite": false,
"clientRole": true,
"containerId": "3a4d8051-bc11-4b11-ab22-a687a8277c2a",
"attributes": {}
},
{
"id": "93597868-f48f-4269-ae42-09273f827185",
"name": "manage-users",
"description": "${role_manage-users}",
"composite": false,
"clientRole": true,
"containerId": "3a4d8051-bc11-4b11-ab22-a687a8277c2a",
"attributes": {}
},
{
"id": "bc475411-4ec7-40c2-8041-71cfd16f876f",
"name": "view-realm",
"description": "${role_view-realm}",
"composite": false,
"clientRole": true,
"containerId": "3a4d8051-bc11-4b11-ab22-a687a8277c2a",
"attributes": {}
},
{
"id": "2778c055-d107-4c8d-b454-28ed8f1bbd96",
"name": "manage-clients",
"description": "${role_manage-clients}",
"composite": false,
"clientRole": true,
"containerId": "3a4d8051-bc11-4b11-ab22-a687a8277c2a",
"attributes": {}
},
{
"id": "5c3ec605-b6ee-426e-831f-84a41d0d8d6e",
"name": "view-events",
"description": "${role_view-events}",
"composite": false,
"clientRole": true,
"containerId": "3a4d8051-bc11-4b11-ab22-a687a8277c2a",
"attributes": {}
},
{
"id": "e9041a24-b198-4c9f-9728-382de98a6750",
"name": "manage-events",
"description": "${role_manage-events}",
"composite": false,
"clientRole": true,
"containerId": "3a4d8051-bc11-4b11-ab22-a687a8277c2a",
"attributes": {}
}
],
"photoz": [
{
"id": "0820f8dc-a758-43a9-9989-e12d4257add9",
"name": "uma_protection",
"composite": false,
"clientRole": true,
"containerId": "eb4082e4-04eb-4b76-9a7c-c7616eadcbe5",
"attributes": {}
}
],
"security-admin-console": [],
"admin-cli": [],
"account-console": [],
"broker": [
{
"id": "58012bca-d35e-4d29-874d-cfc08908b889",
"name": "read-token",
"description": "${role_read-token}",
"composite": false,
"clientRole": true,
"containerId": "e4aeb285-4180-4a43-9947-d9692f878ccb",
"attributes": {}
}
],
"account": [
{
"id": "81709963-89bd-4995-9462-6e1bce69e694",
"name": "view-profile",
"description": "${role_view-profile}",
"composite": false,
"clientRole": true,
"containerId": "498547f4-d91a-4abf-af3f-bf098fc58124",
"attributes": {}
},
{
"id": "362eda08-c7dc-4b14-819d-20931b1841cd",
"name": "manage-account",
"description": "${role_manage-account}",
"composite": true,
"composites": {
"client": {
"account": [
"manage-account-links"
]
}
},
"clientRole": true,
"containerId": "498547f4-d91a-4abf-af3f-bf098fc58124",
"attributes": {}
},
{
"id": "7262329e-75ab-45be-8e94-5d228111791d",
"name": "manage-account-links",
"description": "${role_manage-account-links}",
"composite": false,
"clientRole": true,
"containerId": "498547f4-d91a-4abf-af3f-bf098fc58124",
"attributes": {}
},
{
"id": "384d6bb5-3d3b-49c9-bf6c-ea248dd89860",
"name": "view-groups",
"description": "${role_view-groups}",
"composite": false,
"clientRole": true,
"containerId": "498547f4-d91a-4abf-af3f-bf098fc58124",
"attributes": {}
},
{
"id": "3d459479-a47c-462c-b599-1ff698cdfcca",
"name": "view-consent",
"description": "${role_view-consent}",
"composite": false,
"clientRole": true,
"containerId": "498547f4-d91a-4abf-af3f-bf098fc58124",
"attributes": {}
},
{
"id": "aa1062be-f1bb-4b5e-9de7-abec211de787",
"name": "delete-account",
"description": "${role_delete-account}",
"composite": false,
"clientRole": true,
"containerId": "498547f4-d91a-4abf-af3f-bf098fc58124",
"attributes": {}
},
{
"id": "377807e5-0d08-49a6-ba6f-6451761c78a0",
"name": "manage-consent",
"description": "${role_manage-consent}",
"composite": true,
"composites": {
"client": {
"account": [
"view-consent"
]
}
},
"clientRole": true,
"containerId": "498547f4-d91a-4abf-af3f-bf098fc58124",
"attributes": {}
},
{
"id": "d0e3fcab-08bb-400a-aa80-55de83fd4017",
"name": "view-applications",
"description": "${role_view-applications}",
"composite": false,
"clientRole": true,
"containerId": "498547f4-d91a-4abf-af3f-bf098fc58124",
"attributes": {}
}
]
}
},
"groups": [],
"defaultRole": {
"id": "880375a6-df79-48cc-aa61-ab9eea3d2d21",
"name": "default-roles-resource-indicators",
"description": "${role_default-roles}",
"composite": true,
"clientRole": false,
"containerId": "f658d917-a8a0-434c-b9aa-d88c1bfa3819"
},
"requiredCredentials": [
"password"
],
"otpPolicyType": "totp",
"otpPolicyAlgorithm": "HmacSHA1",
"otpPolicyInitialCounter": 0,
"otpPolicyDigits": 6,
"otpPolicyLookAheadWindow": 1,
"otpPolicyPeriod": 30,
"otpPolicyCodeReusable": false,
"otpSupportedApplications": [
"totpAppFreeOTPName",
"totpAppGoogleName",
"totpAppMicrosoftAuthenticatorName"
],
"localizationTexts": {},
"webAuthnPolicyRpEntityName": "keycloak",
"webAuthnPolicySignatureAlgorithms": [
"ES256",
"RS256"
],
"webAuthnPolicyRpId": "",
"webAuthnPolicyAttestationConveyancePreference": "not specified",
"webAuthnPolicyAuthenticatorAttachment": "not specified",
"webAuthnPolicyRequireResidentKey": "not specified",
"webAuthnPolicyUserVerificationRequirement": "not specified",
"webAuthnPolicyCreateTimeout": 0,
"webAuthnPolicyAvoidSameAuthenticatorRegister": false,
"webAuthnPolicyAcceptableAaguids": [],
"webAuthnPolicyExtraOrigins": [],
"webAuthnPolicyPasswordlessRpEntityName": "keycloak",
"webAuthnPolicyPasswordlessSignatureAlgorithms": [
"ES256",
"RS256"
],
"webAuthnPolicyPasswordlessRpId": "",
"webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified",
"webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified",
"webAuthnPolicyPasswordlessRequireResidentKey": "not specified",
"webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified",
"webAuthnPolicyPasswordlessCreateTimeout": 0,
"webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false,
"webAuthnPolicyPasswordlessAcceptableAaguids": [],
"webAuthnPolicyPasswordlessExtraOrigins": [],
"users": [
{
"id": "2e37663e-cb92-46ca-8bff-fb91c26d4ad5",
"username": "service-account-photoz",
"emailVerified": false,
"createdTimestamp": 1742389295842,
"enabled": true,
"totp": false,
"serviceAccountClientId": "photoz",
"disableableCredentialTypes": [],
"requiredActions": [],
"realmRoles": [
"default-roles-resource-indicators"
],
"clientRoles": {
"photoz": [
"uma_protection"
]
},
"notBefore": 0,
"groups": []
}
],
"scopeMappings": [
{
"clientScope": "offline_access",
"roles": [
"offline_access"
]
}
],
"clientScopeMappings": {
"account": [
{
"client": "account-console",
"roles": [
"manage-account",
"view-groups"
]
}
]
},
"clients": [
{
"id": "498547f4-d91a-4abf-af3f-bf098fc58124",
"clientId": "account",
"name": "${client_account}",
"rootUrl": "${authBaseUrl}",
"baseUrl": "/realms/resource-indicators/account/",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"redirectUris": [
"/realms/resource-indicators/account/*"
],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": false,
"serviceAccountsEnabled": false,
"publicClient": true,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {
"realm_client": "false",
"post.logout.redirect.uris": "+"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": false,
"nodeReRegistrationTimeout": 0,
"defaultClientScopes": [
"web-origins",
"acr",
"profile",
"roles",
"basic",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"organization",
"offline_access",
"microprofile-jwt"
]
},
{
"id": "e1815510-4f58-465d-b7e7-ce628b53b18a",
"clientId": "account-console",
"name": "${client_account-console}",
"rootUrl": "${authBaseUrl}",
"baseUrl": "/realms/resource-indicators/account/",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"redirectUris": [
"/realms/resource-indicators/account/*"
],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": false,
"serviceAccountsEnabled": false,
"publicClient": true,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {
"realm_client": "false",
"post.logout.redirect.uris": "+",
"pkce.code.challenge.method": "S256"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": false,
"nodeReRegistrationTimeout": 0,
"protocolMappers": [
{
"id": "49c6e576-4986-4c6d-8fc0-a35c29b1cf78",
"name": "audience resolve",
"protocol": "openid-connect",
"protocolMapper": "oidc-audience-resolve-mapper",
"consentRequired": false,
"config": {}
}
],
"defaultClientScopes": [
"web-origins",
"acr",
"profile",
"roles",
"basic",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"organization",
"offline_access",
"microprofile-jwt"
]
},
{
"id": "85fe9740-8c00-4e74-a18e-a32d4f4b9e67",
"clientId": "admin-cli",
"name": "${client_admin-cli}",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"redirectUris": [],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": false,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": false,
"publicClient": true,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {
"realm_client": "false",
"client.use.lightweight.access.token.enabled": "true"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": true,
"nodeReRegistrationTimeout": 0,
"defaultClientScopes": [
"web-origins",
"acr",
"profile",
"roles",
"basic",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"organization",
"offline_access",
"microprofile-jwt"
]
},
{
"id": "e4aeb285-4180-4a43-9947-d9692f878ccb",
"clientId": "broker",
"name": "${client_broker}",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"redirectUris": [],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": true,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": false,
"serviceAccountsEnabled": false,
"publicClient": false,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {
"realm_client": "true"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": false,
"nodeReRegistrationTimeout": 0,
"defaultClientScopes": [
"web-origins",
"acr",
"profile",
"roles",
"basic",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"organization",
"offline_access",
"microprofile-jwt"
]
},
{
"id": "eb4082e4-04eb-4b76-9a7c-c7616eadcbe5",
"clientId": "photoz",
"name": "",
"description": "",
"rootUrl": "",
"adminUrl": "",
"baseUrl": "",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"secret": "I5TkulMR7zW0rjXY0hTLSoPnyc9kgVrr",
"redirectUris": [
"/*"
],
"webOrigins": [
"/*"
],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": true,
"authorizationServicesEnabled": true,
"publicClient": false,
"frontchannelLogout": true,
"protocol": "openid-connect",
"attributes": {
"realm_client": "false",
"oidc.ciba.grant.enabled": "false",
"client.secret.creation.time": "1742389295",
"backchannel.logout.session.required": "true",
"standard.token.exchange.enabled": "false",
"frontchannel.logout.session.required": "true",
"oauth2.device.authorization.grant.enabled": "false",
"display.on.consent.screen": "false",
"backchannel.logout.revoke.offline.tokens": "false"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": true,
"nodeReRegistrationTimeout": -1,
"protocolMappers": [
{
"id": "699f308b-591c-4d9b-bd20-de0ebb2c82c7",
"name": "resource-indicator-mapper",
"protocol": "openid-connect",
"protocolMapper": "oidc-resource-indicator-mapper",
"consentRequired": false,
"config": {
"lightweight.claim": "false",
"access.token.claim": "true",
"introspection.token.claim": "true"
}
}
],
"defaultClientScopes": [
"web-origins",
"service_account",
"acr",
"profile",
"roles",
"basic",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"organization",
"offline_access",
"microprofile-jwt"
],
"authorizationSettings": {
"allowRemoteResourceManagement": true,
"policyEnforcementMode": "ENFORCING",
"resources": [
{
"name": "Default Resource",
"type": "urn:photoz:resources:default",
"ownerManagedAccess": false,
"attributes": {},
"uris": [
"/*"
]
},
{
"name": "photos",
"type": "urn:keycloak:oauth2:resource-indicator",
"ownerManagedAccess": false,
"displayName": "Photos",
"attributes": {},
"uris": [
"https://api.acme.com/photos"
],
"icon_uri": ""
},
{
"name": "galleries",
"type": "urn:keycloak:oauth2:resource-indicator",
"ownerManagedAccess": false,
"displayName": "Galleries",
"attributes": {},
"uris": [
"https://api.acme.com/galleries"
],
"icon_uri": ""
},
{
"name": "accounts",
"type": "urn:keycloak:oauth2:resource-indicator",
"ownerManagedAccess": false,
"displayName": "Accounts",
"attributes": {},
"uris": [
"https://api.acme.com/accounts"
],
"icon_uri": ""
}
],
"policies": [
{
"name": "Default Policy",
"description": "A policy that grants access only for users within this realm",
"type": "js",
"logic": "POSITIVE",
"decisionStrategy": "AFFIRMATIVE",
"config": {
"code": "// by default, grants any permission associated with this policy\n$evaluation.grant();\n"
}
},
{
"name": "Default Permission",
"description": "A permission that applies to the default resource type",
"type": "resource",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"config": {
"defaultResourceType": "urn:photoz:resources:default",
"applyPolicies": "[\"Default Policy\"]"
}
}
],
"scopes": [],
"decisionStrategy": "UNANIMOUS"
}
},
{
"id": "3a4d8051-bc11-4b11-ab22-a687a8277c2a",
"clientId": "realm-management",
"name": "${client_realm-management}",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"redirectUris": [],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": true,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": false,
"serviceAccountsEnabled": false,
"publicClient": false,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {
"realm_client": "true"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": false,
"nodeReRegistrationTimeout": 0,
"defaultClientScopes": [
"web-origins",
"acr",
"profile",
"roles",
"basic",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"organization",
"offline_access",
"microprofile-jwt"
]
},
{
"id": "bdab72cc-c3c5-4c55-af49-9765419ba226",
"clientId": "security-admin-console",
"name": "${client_security-admin-console}",
"rootUrl": "${authAdminUrl}",
"baseUrl": "/admin/resource-indicators/console/",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"redirectUris": [
"/admin/resource-indicators/console/*"
],
"webOrigins": [
"+"
],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": false,
"serviceAccountsEnabled": false,
"publicClient": true,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {
"realm_client": "false",
"client.use.lightweight.access.token.enabled": "true",
"post.logout.redirect.uris": "+",
"pkce.code.challenge.method": "S256"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": true,
"nodeReRegistrationTimeout": 0,
"protocolMappers": [
{
"id": "ee56a192-eb54-4a4f-9854-9c28dedf6df5",
"name": "locale",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"userinfo.token.claim": "true",
"user.attribute": "locale",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "locale",
"jsonType.label": "String"
}
}
],
"defaultClientScopes": [
"web-origins",
"acr",
"profile",
"roles",
"basic",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"organization",
"offline_access",
"microprofile-jwt"
]
}
],
"clientScopes": [
{
"id": "ab658d76-b3cc-4f4f-b082-832aaf4947a6",
"name": "saml_organization",
"description": "Organization Membership",
"protocol": "saml",
"attributes": {
"display.on.consent.screen": "false"
},
"protocolMappers": [
{
"id": "15a242d4-fe3f-44b0-9cf1-d590be1005df",
"name": "organization",
"protocol": "saml",
"protocolMapper": "saml-organization-membership-mapper",
"consentRequired": false,
"config": {}
}
]
},
{
"id": "859f75ff-a193-4555-93a6-80e3cb6b3a00",
"name": "microprofile-jwt",
"description": "Microprofile - JWT built-in scope",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"display.on.consent.screen": "false"
},
"protocolMappers": [
{
"id": "160c3b86-872a-4f1c-bb0c-2a01f62e8a17",
"name": "upn",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"userinfo.token.claim": "true",
"user.attribute": "username",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "upn",
"jsonType.label": "String"
}
},
{
"id": "0cf66e00-aedb-4c81-88b0-2ed7c83e00e0",
"name": "groups",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-realm-role-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"multivalued": "true",
"user.attribute": "foo",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "groups",
"jsonType.label": "String"
}
}
]
},
{
"id": "f45f6cd5-659c-4f0e-81f4-79afe5545408",
"name": "profile",
"description": "OpenID Connect built-in scope: profile",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"display.on.consent.screen": "true",
"consent.screen.text": "${profileScopeConsentText}"
},
"protocolMappers": [
{
"id": "4372191c-09b8-40d4-8d9b-712d903fdb67",
"name": "profile",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"userinfo.token.claim": "true",
"user.attribute": "profile",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "profile",
"jsonType.label": "String"
}
},
{
"id": "454ef0a1-d539-4ffe-bf6e-8c872f03e757",
"name": "zoneinfo",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"userinfo.token.claim": "true",
"user.attribute": "zoneinfo",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "zoneinfo",
"jsonType.label": "String"
}
},
{
"id": "19cb8d9a-c595-48b9-87b9-c642400c2606",
"name": "middle name",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"userinfo.token.claim": "true",
"user.attribute": "middleName",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "middle_name",
"jsonType.label": "String"
}
},
{
"id": "672e1fd5-877f-4ff3-bbbb-af10b17bcbf6",
"name": "birthdate",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"userinfo.token.claim": "true",
"user.attribute": "birthdate",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "birthdate",
"jsonType.label": "String"
}
},
{
"id": "2259ab87-fc6a-4ee1-9ed3-ce451c1d74e9",
"name": "picture",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"userinfo.token.claim": "true",
"user.attribute": "picture",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "picture",
"jsonType.label": "String"
}
},
{
"id": "d1144c8d-9d13-40ab-a7ca-73ecf64099a6",
"name": "locale",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"userinfo.token.claim": "true",
"user.attribute": "locale",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "locale",
"jsonType.label": "String"
}
},
{
"id": "5f0e78c0-d8da-43ac-a2ce-dfabad42e04c",
"name": "gender",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"userinfo.token.claim": "true",
"user.attribute": "gender",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "gender",
"jsonType.label": "String"
}
},
{
"id": "e2bd7e91-8bbb-407e-a148-7781ac108538",
"name": "full name",
"protocol": "openid-connect",
"protocolMapper": "oidc-full-name-mapper",
"consentRequired": false,
"config": {
"id.token.claim": "true",
"introspection.token.claim": "true",
"access.token.claim": "true",
"userinfo.token.claim": "true"
}
},
{
"id": "6306e4ac-0c4b-4f04-a652-b8329f7e9a03",
"name": "given name",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"userinfo.token.claim": "true",
"user.attribute": "firstName",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "given_name",
"jsonType.label": "String"
}
},
{
"id": "55e5b76e-bc04-4fb9-a2ac-e73dcaa83a06",
"name": "family name",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"userinfo.token.claim": "true",
"user.attribute": "lastName",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "family_name",
"jsonType.label": "String"
}
},
{
"id": "486fbdfa-dc85-4d1d-8a06-5e3bb6cf155d",
"name": "updated at",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"userinfo.token.claim": "true",
"user.attribute": "updatedAt",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "updated_at",
"jsonType.label": "long"
}
},
{
"id": "ed5d396e-9cf8-4acf-b054-e8cd63c648a4",
"name": "username",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"userinfo.token.claim": "true",
"user.attribute": "username",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "preferred_username",
"jsonType.label": "String"
}
},
{
"id": "5e73c230-3a23-4e03-a3ad-c9ee9f46b5ed",
"name": "nickname",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"userinfo.token.claim": "true",
"user.attribute": "nickname",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "nickname",
"jsonType.label": "String"
}
},
{
"id": "a32677bb-1385-4308-9488-b50cc3e3a51b",
"name": "website",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"userinfo.token.claim": "true",
"user.attribute": "website",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "website",
"jsonType.label": "String"
}
}
]
},
{
"id": "bcfada18-bde5-4be2-ba06-f5ad13387d76",
"name": "web-origins",
"description": "OpenID Connect scope for add allowed web origins to the access token",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "false",
"display.on.consent.screen": "false",
"consent.screen.text": ""
},
"protocolMappers": [
{
"id": "3ebf5d54-2a05-4050-8772-09ffd6d65646",
"name": "allowed web origins",
"protocol": "openid-connect",
"protocolMapper": "oidc-allowed-origins-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"access.token.claim": "true"
}
}
]
},
{
"id": "1de63adb-d0c9-4a09-8dd1-5ff5f9d91884",
"name": "acr",
"description": "OpenID Connect scope for add acr (authentication context class reference) to the token",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "false",
"display.on.consent.screen": "false"
},
"protocolMappers": [
{
"id": "3fba57f0-863e-48f5-bc57-da43b35116e5",
"name": "acr loa level",
"protocol": "openid-connect",
"protocolMapper": "oidc-acr-mapper",
"consentRequired": false,
"config": {
"id.token.claim": "true",
"introspection.token.claim": "true",
"access.token.claim": "true"
}
}
]
},
{
"id": "a72fc4ab-4ad5-4684-ac3b-b3fc699b2c3a",
"name": "roles",
"description": "OpenID Connect scope for add user roles to the access token",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "false",
"display.on.consent.screen": "true",
"consent.screen.text": "${rolesScopeConsentText}"
},
"protocolMappers": [
{
"id": "6246a124-8916-4c63-801d-2e0ce472659b",
"name": "realm roles",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-realm-role-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"multivalued": "true",
"user.attribute": "foo",
"access.token.claim": "true",
"claim.name": "realm_access.roles",
"jsonType.label": "String"
}
},
{
"id": "69e43cd0-344d-4872-accc-9ff27fedd29a",
"name": "client roles",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-client-role-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"multivalued": "true",
"user.attribute": "foo",
"access.token.claim": "true",
"claim.name": "resource_access.${client_id}.roles",
"jsonType.label": "String"
}
},
{
"id": "3676f9bb-5725-45b7-a80f-40e0df07690e",
"name": "audience resolve",
"protocol": "openid-connect",
"protocolMapper": "oidc-audience-resolve-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"access.token.claim": "true"
}
}
]
},
{
"id": "6616110c-0657-4850-a839-c75e2a0fcaa9",
"name": "oid4vc_natural_person",
"description": "OIDC$VP Scope, that adds all properties required for a natural person.",
"protocol": "oid4vc",
"attributes": {},
"protocolMappers": [
{
"id": "725fb240-df1b-4fd4-ae5b-d098a3c80faa",
"name": "client roles",
"protocol": "oid4vc",
"protocolMapper": "oid4vc-target-role-mapper",
"consentRequired": false,
"config": {
"subjectProperty": "roles",
"clientId": "id"
}
},
{
"id": "8877c32b-dcda-456e-b80e-489caefcd5d8",
"name": "subject id",
"protocol": "oid4vc",
"protocolMapper": "oid4vc-subject-id-mapper",
"consentRequired": false,
"config": {
"supportedCredentialTypes": "VerifiableCredential",
"subjectIdProperty": "id"
}
},
{
"id": "3a1b990a-c0cc-410f-9d4a-1eeac28cc215",
"name": "email",
"protocol": "oid4vc",
"protocolMapper": "oid4vc-user-attribute-mapper",
"consentRequired": false,
"config": {
"subjectProperty": "email",
"userAttribute": "email",
"aggregateAttributes": "false"
}
},
{
"id": "dc0cdd9f-e03b-4c9b-b63d-fd367e3f1420",
"name": "last-name",
"protocol": "oid4vc",
"protocolMapper": "oid4vc-user-attribute-mapper",
"consentRequired": false,
"config": {
"subjectProperty": "familyName",
"userAttribute": "lastName",
"aggregateAttributes": "false"
}
},
{
"id": "aef5e238-44d0-46e7-97ea-fe68ec07e6a8",
"name": "first-name",
"protocol": "oid4vc",
"protocolMapper": "oid4vc-user-attribute-mapper",
"consentRequired": false,
"config": {
"subjectProperty": "firstName",
"userAttribute": "firstName",
"aggregateAttributes": "false"
}
}
]
},
{
"id": "03c327b1-b247-4eea-b899-98a1691a57e5",
"name": "email",
"description": "OpenID Connect built-in scope: email",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"display.on.consent.screen": "true",
"consent.screen.text": "${emailScopeConsentText}"
},
"protocolMappers": [
{
"id": "aef79676-5158-47e7-b227-a818c55fbbf0",
"name": "email",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"userinfo.token.claim": "true",
"user.attribute": "email",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "email",
"jsonType.label": "String"
}
},
{
"id": "119f67af-bd35-466a-9747-3f46b2f420b9",
"name": "email verified",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"userinfo.token.claim": "true",
"user.attribute": "emailVerified",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "email_verified",
"jsonType.label": "boolean"
}
}
]
},
{
"id": "7e204538-b913-4b6b-8cd7-bfb8b9b36629",
"name": "organization",
"description": "Additional claims about the organization a subject belongs to",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"display.on.consent.screen": "true",
"consent.screen.text": "${organizationScopeConsentText}"
},
"protocolMappers": [
{
"id": "28c0c074-d5d0-4a3a-85bd-bb572aac2b47",
"name": "organization",
"protocol": "openid-connect",
"protocolMapper": "oidc-organization-membership-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"multivalued": "true",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "organization",
"jsonType.label": "String"
}
}
]
},
{
"id": "d23fc0b5-05cc-4a3b-9d34-f407c3363032",
"name": "phone",
"description": "OpenID Connect built-in scope: phone",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"display.on.consent.screen": "true",
"consent.screen.text": "${phoneScopeConsentText}"
},
"protocolMappers": [
{
"id": "5708efd8-8bc9-46bc-91ba-b4f5f3b1c2df",
"name": "phone number verified",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"userinfo.token.claim": "true",
"user.attribute": "phoneNumberVerified",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "phone_number_verified",
"jsonType.label": "boolean"
}
},
{
"id": "084c4cc9-d4ff-416e-b395-07b3adf9391d",
"name": "phone number",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"userinfo.token.claim": "true",
"user.attribute": "phoneNumber",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "phone_number",
"jsonType.label": "String"
}
}
]
},
{
"id": "148e62c4-277a-4d2c-8c4f-0e8ced6b353c",
"name": "basic",
"description": "OpenID Connect scope for add all basic claims to the token",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "false",
"display.on.consent.screen": "false"
},
"protocolMappers": [
{
"id": "c5e03919-9ef3-4a37-96f2-4fbacf11a55b",
"name": "sub",
"protocol": "openid-connect",
"protocolMapper": "oidc-sub-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"access.token.claim": "true"
}
},
{
"id": "f3952032-64c7-4bf2-8cd5-291d355f961e",
"name": "auth_time",
"protocol": "openid-connect",
"protocolMapper": "oidc-usersessionmodel-note-mapper",
"consentRequired": false,
"config": {
"user.session.note": "AUTH_TIME",
"introspection.token.claim": "true",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "auth_time",
"jsonType.label": "long"
}
}
]
},
{
"id": "ffa544d4-b333-42ef-8443-16342c3d2c47",
"name": "offline_access",
"description": "OpenID Connect built-in scope: offline_access",
"protocol": "openid-connect",
"attributes": {
"consent.screen.text": "${offlineAccessScopeConsentText}",
"display.on.consent.screen": "true"
}
},
{
"id": "9cdc5f34-2bc4-4a25-8b26-6802828f84f3",
"name": "role_list",
"description": "SAML role list",
"protocol": "saml",
"attributes": {
"consent.screen.text": "${samlRoleListScopeConsentText}",
"display.on.consent.screen": "true"
},
"protocolMappers": [
{
"id": "31e72a92-124f-4c0e-9e60-294ddc5518b8",
"name": "role list",
"protocol": "saml",
"protocolMapper": "saml-role-list-mapper",
"consentRequired": false,
"config": {
"single": "false",
"attribute.nameformat": "Basic",
"attribute.name": "Role"
}
}
]
},
{
"id": "03777820-445b-41f8-b8b8-baa3a6b57285",
"name": "service_account",
"description": "Specific scope for a client enabled for service accounts",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "false",
"display.on.consent.screen": "false"
},
"protocolMappers": [
{
"id": "4ba8f72a-3958-4b12-8d41-9881b04d1828",
"name": "Client Host",
"protocol": "openid-connect",
"protocolMapper": "oidc-usersessionmodel-note-mapper",
"consentRequired": false,
"config": {
"user.session.note": "clientHost",
"introspection.token.claim": "true",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "clientHost",
"jsonType.label": "String"
}
},
{
"id": "2b24d54e-f463-4420-9cf4-6bc363cd96f9",
"name": "Client ID",
"protocol": "openid-connect",
"protocolMapper": "oidc-usersessionmodel-note-mapper",
"consentRequired": false,
"config": {
"user.session.note": "client_id",
"introspection.token.claim": "true",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "client_id",
"jsonType.label": "String"
}
},
{
"id": "5931671b-18a8-4e8c-bcae-fafbb5bb6ca0",
"name": "Client IP Address",
"protocol": "openid-connect",
"protocolMapper": "oidc-usersessionmodel-note-mapper",
"consentRequired": false,
"config": {
"user.session.note": "clientAddress",
"introspection.token.claim": "true",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "clientAddress",
"jsonType.label": "String"
}
}
]
},
{
"id": "f54bd7cc-00dd-4fad-a915-ea3cd76578ed",
"name": "address",
"description": "OpenID Connect built-in scope: address",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"display.on.consent.screen": "true",
"consent.screen.text": "${addressScopeConsentText}"
},
"protocolMappers": [
{
"id": "d318435b-a4e1-4ba0-b014-6856a0a467c1",
"name": "address",
"protocol": "openid-connect",
"protocolMapper": "oidc-address-mapper",
"consentRequired": false,
"config": {
"user.attribute.formatted": "formatted",
"user.attribute.country": "country",
"introspection.token.claim": "true",
"user.attribute.postal_code": "postal_code",
"userinfo.token.claim": "true",
"user.attribute.street": "street",
"id.token.claim": "true",
"user.attribute.region": "region",
"access.token.claim": "true",
"user.attribute.locality": "locality"
}
}
]
}
],
"defaultDefaultClientScopes": [
"oid4vc_natural_person",
"role_list",
"saml_organization",
"profile",
"email",
"roles",
"web-origins",
"acr",
"basic"
],
"defaultOptionalClientScopes": [
"offline_access",
"address",
"phone",
"microprofile-jwt",
"organization"
],
"browserSecurityHeaders": {
"contentSecurityPolicyReportOnly": "",
"xContentTypeOptions": "nosniff",
"referrerPolicy": "no-referrer",
"xRobotsTag": "none",
"xFrameOptions": "SAMEORIGIN",
"contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
"strictTransportSecurity": "max-age=31536000; includeSubDomains"
},
"smtpServer": {},
"eventsEnabled": false,
"eventsListeners": [
"jboss-logging"
],
"enabledEventTypes": [],
"adminEventsEnabled": false,
"adminEventsDetailsEnabled": false,
"identityProviders": [],
"identityProviderMappers": [],
"components": {
"org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [
{
"id": "74b90dc9-6432-4d8a-86e0-934e9f185155",
"name": "Trusted Hosts",
"providerId": "trusted-hosts",
"subType": "anonymous",
"subComponents": {},
"config": {
"host-sending-registration-request-must-match": [
"true"
],
"client-uris-must-match": [
"true"
]
}
},
{
"id": "1fd6a08d-5d97-4c27-b398-f5f075635b03",
"name": "Allowed Client Scopes",
"providerId": "allowed-client-templates",
"subType": "authenticated",
"subComponents": {},
"config": {
"allow-default-scopes": [
"true"
]
}
},
{
"id": "1a58aca1-ffcb-4711-8111-8ed6b3ed58c5",
"name": "Full Scope Disabled",
"providerId": "scope",
"subType": "anonymous",
"subComponents": {},
"config": {}
},
{
"id": "0fff13f6-644f-4ad4-a8a4-e8186be014c1",
"name": "Allowed Client Scopes",
"providerId": "allowed-client-templates",
"subType": "anonymous",
"subComponents": {},
"config": {
"allow-default-scopes": [
"true"
]
}
},
{
"id": "8ec87ce2-b3e4-4a59-a57d-02dd1a57c9b7",
"name": "Allowed Protocol Mapper Types",
"providerId": "allowed-protocol-mappers",
"subType": "authenticated",
"subComponents": {},
"config": {
"allowed-protocol-mapper-types": [
"oidc-full-name-mapper",
"oidc-usermodel-property-mapper",
"oidc-usermodel-attribute-mapper",
"saml-role-list-mapper",
"saml-user-property-mapper",
"oidc-sha256-pairwise-sub-mapper",
"saml-user-attribute-mapper",
"oidc-address-mapper"
]
}
},
{
"id": "7737ce80-c767-4717-b1c5-cdc92360c8bd",
"name": "Max Clients Limit",
"providerId": "max-clients",
"subType": "anonymous",
"subComponents": {},
"config": {
"max-clients": [
"200"
]
}
},
{
"id": "fbade400-c078-418d-90bb-ad31d47fc895",
"name": "Consent Required",
"providerId": "consent-required",
"subType": "anonymous",
"subComponents": {},
"config": {}
},
{
"id": "b1dec055-3616-49c6-ac9b-2a4cd02b1845",
"name": "Allowed Protocol Mapper Types",
"providerId": "allowed-protocol-mappers",
"subType": "anonymous",
"subComponents": {},
"config": {
"allowed-protocol-mapper-types": [
"saml-role-list-mapper",
"oidc-usermodel-attribute-mapper",
"oidc-address-mapper",
"saml-user-property-mapper",
"oidc-sha256-pairwise-sub-mapper",
"saml-user-attribute-mapper",
"oidc-full-name-mapper",
"oidc-usermodel-property-mapper"
]
}
}
],
"org.keycloak.keys.KeyProvider": [
{
"id": "50b36aa6-478e-4583-b73e-2018a092c00f",
"name": "rsa-enc-generated",
"providerId": "rsa-enc-generated",
"subComponents": {},
"config": {
"priority": [
"100"
],
"algorithm": [
"RSA-OAEP"
]
}
},
{
"id": "bb24e4b8-ec7b-4a58-b333-7736dbbce540",
"name": "rsa-generated",
"providerId": "rsa-generated",
"subComponents": {},
"config": {
"priority": [
"100"
]
}
},
{
"id": "0090abaa-5c49-4889-9e36-f040464f6fff",
"name": "hmac-generated-hs512",
"providerId": "hmac-generated",
"subComponents": {},
"config": {
"priority": [
"100"
],
"algorithm": [
"HS512"
]
}
},
{
"id": "3e70404d-cea8-4b33-9687-40106f443276",
"name": "aes-generated",
"providerId": "aes-generated",
"subComponents": {},
"config": {
"priority": [
"100"
]
}
}
]
},
"internationalizationEnabled": false,
"supportedLocales": [],
"authenticationFlows": [
{
"id": "3cb73f9e-5e38-4e57-9be6-f24cf874dd76",
"alias": "Account verification options",
"description": "Method with which to verity the existing account",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "idp-email-verification",
"authenticatorFlow": false,
"requirement": "ALTERNATIVE",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticatorFlow": true,
"requirement": "ALTERNATIVE",
"priority": 20,
"autheticatorFlow": true,
"flowAlias": "Verify Existing Account by Re-authentication",
"userSetupAllowed": false
}
]
},
{
"id": "b4b417e1-23ef-458d-9244-a47be9244409",
"alias": "Browser - Conditional OTP",
"description": "Flow to determine if the OTP is required for the authentication",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "conditional-user-configured",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "auth-otp-form",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 20,
"autheticatorFlow": false,
"userSetupAllowed": false
}
]
},
{
"id": "62828a8b-3dd7-45f6-922c-c9127f46b141",
"alias": "Browser - Conditional Organization",
"description": "Flow to determine if the organization identity-first login is to be used",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "conditional-user-configured",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "organization",
"authenticatorFlow": false,
"requirement": "ALTERNATIVE",
"priority": 20,
"autheticatorFlow": false,
"userSetupAllowed": false
}
]
},
{
"id": "0d2518fa-e56d-4fb0-a377-632e161bca8a",
"alias": "Direct Grant - Conditional OTP",
"description": "Flow to determine if the OTP is required for the authentication",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "conditional-user-configured",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "direct-grant-validate-otp",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 20,
"autheticatorFlow": false,
"userSetupAllowed": false
}
]
},
{
"id": "d066a2a6-6bb2-4a51-86b2-d81cb47e95eb",
"alias": "First Broker Login - Conditional Organization",
"description": "Flow to determine if the authenticator that adds organization members is to be used",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "conditional-user-configured",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "idp-add-organization-member",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 20,
"autheticatorFlow": false,
"userSetupAllowed": false
}
]
},
{
"id": "3bccaf8c-77fc-448d-ba84-eb312bb962e6",
"alias": "First broker login - Conditional OTP",
"description": "Flow to determine if the OTP is required for the authentication",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "conditional-user-configured",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "auth-otp-form",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 20,
"autheticatorFlow": false,
"userSetupAllowed": false
}
]
},
{
"id": "d7437734-0e4b-4a75-8fe1-b52e1d5929c3",
"alias": "Handle Existing Account",
"description": "Handle what to do if there is existing account with same email/username like authenticated identity provider",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "idp-confirm-link",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticatorFlow": true,
"requirement": "REQUIRED",
"priority": 20,
"autheticatorFlow": true,
"flowAlias": "Account verification options",
"userSetupAllowed": false
}
]
},
{
"id": "4b4ae76a-a5b5-4e14-a8e6-22a6d5288df2",
"alias": "Organization",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticatorFlow": true,
"requirement": "CONDITIONAL",
"priority": 10,
"autheticatorFlow": true,
"flowAlias": "Browser - Conditional Organization",
"userSetupAllowed": false
}
]
},
{
"id": "610489a8-5249-43c2-959c-a72230d07be4",
"alias": "Reset - Conditional OTP",
"description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "conditional-user-configured",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "reset-otp",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 20,
"autheticatorFlow": false,
"userSetupAllowed": false
}
]
},
{
"id": "e100fd29-e691-4e1b-927a-31895bf1b069",
"alias": "User creation or linking",
"description": "Flow for the existing/non-existing user alternatives",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticatorConfig": "create unique user config",
"authenticator": "idp-create-user-if-unique",
"authenticatorFlow": false,
"requirement": "ALTERNATIVE",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticatorFlow": true,
"requirement": "ALTERNATIVE",
"priority": 20,
"autheticatorFlow": true,
"flowAlias": "Handle Existing Account",
"userSetupAllowed": false
}
]
},
{
"id": "aee5c5ca-067c-4e27-b25a-70e1f11f0cf8",
"alias": "Verify Existing Account by Re-authentication",
"description": "Reauthentication of existing account",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "idp-username-password-form",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticatorFlow": true,
"requirement": "CONDITIONAL",
"priority": 20,
"autheticatorFlow": true,
"flowAlias": "First broker login - Conditional OTP",
"userSetupAllowed": false
}
]
},
{
"id": "98af8623-f6a7-42d5-bc2f-a84608ee109e",
"alias": "browser",
"description": "Browser based authentication",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "auth-cookie",
"authenticatorFlow": false,
"requirement": "ALTERNATIVE",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "auth-spnego",
"authenticatorFlow": false,
"requirement": "DISABLED",
"priority": 20,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "identity-provider-redirector",
"authenticatorFlow": false,
"requirement": "ALTERNATIVE",
"priority": 25,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticatorFlow": true,
"requirement": "ALTERNATIVE",
"priority": 26,
"autheticatorFlow": true,
"flowAlias": "Organization",
"userSetupAllowed": false
},
{
"authenticatorFlow": true,
"requirement": "ALTERNATIVE",
"priority": 30,
"autheticatorFlow": true,
"flowAlias": "forms",
"userSetupAllowed": false
}
]
},
{
"id": "566d27a2-ccf3-4ef5-a8f6-f8ad468dc709",
"alias": "clients",
"description": "Base authentication for clients",
"providerId": "client-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "client-secret",
"authenticatorFlow": false,
"requirement": "ALTERNATIVE",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "client-jwt",
"authenticatorFlow": false,
"requirement": "ALTERNATIVE",
"priority": 20,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "client-secret-jwt",
"authenticatorFlow": false,
"requirement": "ALTERNATIVE",
"priority": 30,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "client-x509",
"authenticatorFlow": false,
"requirement": "ALTERNATIVE",
"priority": 40,
"autheticatorFlow": false,
"userSetupAllowed": false
}
]
},
{
"id": "9d0102d3-28b7-48e7-8eca-ceb040a21384",
"alias": "direct grant",
"description": "OpenID Connect Resource Owner Grant",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "direct-grant-validate-username",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "direct-grant-validate-password",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 20,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticatorFlow": true,
"requirement": "CONDITIONAL",
"priority": 30,
"autheticatorFlow": true,
"flowAlias": "Direct Grant - Conditional OTP",
"userSetupAllowed": false
}
]
},
{
"id": "43d40998-42e3-46d1-b2bc-069dc22abd1d",
"alias": "docker auth",
"description": "Used by Docker clients to authenticate against the IDP",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "docker-http-basic-authenticator",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
}
]
},
{
"id": "1e38e4e6-0b61-4009-aaa9-0d2fba87d339",
"alias": "first broker login",
"description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticatorConfig": "review profile config",
"authenticator": "idp-review-profile",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticatorFlow": true,
"requirement": "REQUIRED",
"priority": 20,
"autheticatorFlow": true,
"flowAlias": "User creation or linking",
"userSetupAllowed": false
},
{
"authenticatorFlow": true,
"requirement": "CONDITIONAL",
"priority": 50,
"autheticatorFlow": true,
"flowAlias": "First Broker Login - Conditional Organization",
"userSetupAllowed": false
}
]
},
{
"id": "3ed873ce-305f-474b-9dd3-ea4259ce9a24",
"alias": "forms",
"description": "Username, password, otp and other auth forms.",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "auth-username-password-form",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticatorFlow": true,
"requirement": "CONDITIONAL",
"priority": 20,
"autheticatorFlow": true,
"flowAlias": "Browser - Conditional OTP",
"userSetupAllowed": false
}
]
},
{
"id": "472130f2-fcf8-49d2-ba2d-38afbda6cb41",
"alias": "registration",
"description": "Registration flow",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "registration-page-form",
"authenticatorFlow": true,
"requirement": "REQUIRED",
"priority": 10,
"autheticatorFlow": true,
"flowAlias": "registration form",
"userSetupAllowed": false
}
]
},
{
"id": "ebb96f30-0bd9-4c69-8214-71ed29c0b0bd",
"alias": "registration form",
"description": "Registration form",
"providerId": "form-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "registration-user-creation",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 20,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "registration-password-action",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 50,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "registration-recaptcha-action",
"authenticatorFlow": false,
"requirement": "DISABLED",
"priority": 60,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "registration-terms-and-conditions",
"authenticatorFlow": false,
"requirement": "DISABLED",
"priority": 70,
"autheticatorFlow": false,
"userSetupAllowed": false
}
]
},
{
"id": "26914b01-aea8-45c8-97b2-404dc0be1043",
"alias": "reset credentials",
"description": "Reset credentials for a user if they forgot their password or something",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "reset-credentials-choose-user",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "reset-credential-email",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 20,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "reset-password",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 30,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticatorFlow": true,
"requirement": "CONDITIONAL",
"priority": 40,
"autheticatorFlow": true,
"flowAlias": "Reset - Conditional OTP",
"userSetupAllowed": false
}
]
},
{
"id": "b20cd233-1b1d-489e-abc9-3cc93cc6d18e",
"alias": "saml ecp",
"description": "SAML ECP Profile Authentication Flow",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "http-basic-authenticator",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
}
]
}
],
"authenticatorConfig": [
{
"id": "ec55e958-ea79-4673-8fa5-dcdc0bac16bd",
"alias": "create unique user config",
"config": {
"require.password.update.after.registration": "false"
}
},
{
"id": "21a8354d-6bcd-448e-8c31-9694d7efeff8",
"alias": "review profile config",
"config": {
"update.profile.on.first.login": "missing"
}
}
],
"requiredActions": [
{
"alias": "CONFIGURE_TOTP",
"name": "Configure OTP",
"providerId": "CONFIGURE_TOTP",
"enabled": true,
"defaultAction": false,
"priority": 10,
"config": {}
},
{
"alias": "TERMS_AND_CONDITIONS",
"name": "Terms and Conditions",
"providerId": "TERMS_AND_CONDITIONS",
"enabled": false,
"defaultAction": false,
"priority": 20,
"config": {}
},
{
"alias": "UPDATE_PASSWORD",
"name": "Update Password",
"providerId": "UPDATE_PASSWORD",
"enabled": true,
"defaultAction": false,
"priority": 30,
"config": {}
},
{
"alias": "UPDATE_PROFILE",
"name": "Update Profile",
"providerId": "UPDATE_PROFILE",
"enabled": true,
"defaultAction": false,
"priority": 40,
"config": {}
},
{
"alias": "VERIFY_EMAIL",
"name": "Verify Email",
"providerId": "VERIFY_EMAIL",
"enabled": true,
"defaultAction": false,
"priority": 50,
"config": {}
},
{
"alias": "delete_account",
"name": "Delete Account",
"providerId": "delete_account",
"enabled": false,
"defaultAction": false,
"priority": 60,
"config": {}
},
{
"alias": "CONFIGURE_RECOVERY_AUTHN_CODES",
"name": "Recovery Authentication Codes",
"providerId": "CONFIGURE_RECOVERY_AUTHN_CODES",
"enabled": true,
"defaultAction": false,
"priority": 70,
"config": {}
},
{
"alias": "UPDATE_EMAIL",
"name": "Update Email",
"providerId": "UPDATE_EMAIL",
"enabled": true,
"defaultAction": false,
"priority": 70,
"config": {}
},
{
"alias": "webauthn-register",
"name": "Webauthn Register",
"providerId": "webauthn-register",
"enabled": true,
"defaultAction": false,
"priority": 70,
"config": {}
},
{
"alias": "webauthn-register-passwordless",
"name": "Webauthn Register Passwordless",
"providerId": "webauthn-register-passwordless",
"enabled": true,
"defaultAction": false,
"priority": 80,
"config": {}
},
{
"alias": "VERIFY_PROFILE",
"name": "Verify Profile",
"providerId": "VERIFY_PROFILE",
"enabled": true,
"defaultAction": false,
"priority": 90,
"config": {}
},
{
"alias": "delete_credential",
"name": "Delete Credential",
"providerId": "delete_credential",
"enabled": true,
"defaultAction": false,
"priority": 100,
"config": {}
},
{
"alias": "update_user_locale",
"name": "Update User Locale",
"providerId": "update_user_locale",
"enabled": true,
"defaultAction": false,
"priority": 1000,
"config": {}
}
],
"browserFlow": "browser",
"registrationFlow": "registration",
"directGrantFlow": "direct grant",
"resetCredentialsFlow": "reset credentials",
"clientAuthenticationFlow": "clients",
"dockerAuthenticationFlow": "docker auth",
"firstBrokerLoginFlow": "first broker login",
"attributes": {
"cibaBackchannelTokenDeliveryMode": "poll",
"cibaExpiresIn": "120",
"cibaAuthRequestedUserHint": "login_hint",
"oauth2DeviceCodeLifespan": "600",
"oauth2DevicePollingInterval": "5",
"parRequestUriLifespan": "60",
"cibaInterval": "5",
"realmReusableOtpCode": "false"
},
"keycloakVersion": "999.0.0-SNAPSHOT",
"userManagedAccessAllowed": false,
"organizationsEnabled": false,
"verifiableCredentialsEnabled": false,
"adminPermissionsEnabled": false,
"clientProfiles": {
"profiles": []
},
"clientPolicies": {
"policies": []
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment