From 0a74dca7c25cb8206a7acb69be0f24a402d43a20 Mon Sep 17 00:00:00 2001 From: Joseph Garrone Date: Thu, 12 Dec 2024 11:16:01 +0100 Subject: [PATCH 01/24] Prettier ignore realm default config --- .prettierignore | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.prettierignore b/.prettierignore index 6cc2f1d3..95725db6 100644 --- a/.prettierignore +++ b/.prettierignore @@ -12,4 +12,5 @@ node_modules/ /sample_react_project/ /sample_custom_react_project/ /keycloakify_starter_test/ -/.storybook/static/keycloak-resources/ \ No newline at end of file +/.storybook/static/keycloak-resources/ +/src/bin/start-keycloak/*.json \ No newline at end of file From 1e43343529f58857e802ed900763c0a702dde4dd Mon Sep 17 00:00:00 2001 From: Joseph Garrone Date: Thu, 12 Dec 2024 11:19:06 +0100 Subject: [PATCH 02/24] Update keycloak 26 realm default config (fmt) --- src/bin/start-keycloak/myrealm-realm-26.json | 4434 ++++++++---------- 1 file changed, 2040 insertions(+), 2394 deletions(-) diff --git a/src/bin/start-keycloak/myrealm-realm-26.json b/src/bin/start-keycloak/myrealm-realm-26.json index 25169a75..3bd75116 100644 --- a/src/bin/start-keycloak/myrealm-realm-26.json +++ b/src/bin/start-keycloak/myrealm-realm-26.json @@ -1,2397 +1,2043 @@ { - "id": "5d0dd960-0478-4ca6-b64a-810a3f6f4071", - "realm": "myrealm", - "notBefore": 0, - "defaultSignatureAlgorithm": "RS256", - "revokeRefreshToken": false, - "refreshTokenMaxReuse": 0, - "accessTokenLifespan": 300, - "accessTokenLifespanForImplicitFlow": 900, - "ssoSessionIdleTimeout": 1800, - "ssoSessionMaxLifespan": 36000, - "ssoSessionIdleTimeoutRememberMe": 0, - "ssoSessionMaxLifespanRememberMe": 0, - "offlineSessionIdleTimeout": 2592000, - "offlineSessionMaxLifespanEnabled": false, - "offlineSessionMaxLifespan": 5184000, - "clientSessionIdleTimeout": 0, - "clientSessionMaxLifespan": 0, - "clientOfflineSessionIdleTimeout": 0, - "clientOfflineSessionMaxLifespan": 0, - "accessCodeLifespan": 60, - "accessCodeLifespanUserAction": 300, - "accessCodeLifespanLogin": 1800, - "actionTokenGeneratedByAdminLifespan": 43200, - "actionTokenGeneratedByUserLifespan": 300, - "oauth2DeviceCodeLifespan": 600, - "oauth2DevicePollingInterval": 5, - "enabled": true, - "sslRequired": "external", - "registrationAllowed": true, - "registrationEmailAsUsername": false, - "rememberMe": true, - "verifyEmail": false, - "loginWithEmailAllowed": true, - "duplicateEmailsAllowed": false, - "resetPasswordAllowed": true, - "editUsernameAllowed": false, - "bruteForceProtected": false, - "permanentLockout": false, - "maxTemporaryLockouts": 0, - "bruteForceStrategy": "MULTIPLE", - "maxFailureWaitSeconds": 900, - "minimumQuickLoginWaitSeconds": 60, - "waitIncrementSeconds": 60, - "quickLoginCheckMilliSeconds": 1000, - "maxDeltaTimeSeconds": 43200, - "failureFactor": 30, - "roles": { - "realm": [ - { - "id": "cc4b5045-3bff-4aa7-889e-1492630c3002", - "name": "uma_authorization", - "description": "${role_uma_authorization}", - "composite": false, - "clientRole": false, - "containerId": "5d0dd960-0478-4ca6-b64a-810a3f6f4071", - "attributes": {} - }, - { - "id": "e92017b2-18a0-49cd-956c-fad64f16b26b", - "name": "default-roles-myrealm", - "description": "${role_default-roles}", - "composite": true, - "composites": { - "realm": ["offline_access", "uma_authorization"], - "client": { - "account": ["delete-account", "manage-account", "view-profile"] - } - }, - "clientRole": false, - "containerId": "5d0dd960-0478-4ca6-b64a-810a3f6f4071", - "attributes": {} - }, - { - "id": "e8616113-e302-4abe-bd5c-d51f8221046b", - "name": "offline_access", - "description": "${role_offline-access}", - "composite": false, - "clientRole": false, - "containerId": "5d0dd960-0478-4ca6-b64a-810a3f6f4071", - "attributes": {} - } - ], - "client": { - "myclient": [], - "realm-management": [ - { - "id": "b27b272d-d153-4ae7-9fe7-fd96582f057d", - "name": "manage-events", - "description": "${role_manage-events}", - "composite": false, - "clientRole": true, - "containerId": "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", - "attributes": {} - }, - { - "id": "40fdfec8-f1b9-4c2b-81c5-a775bc047840", - "name": "manage-users", - "description": "${role_manage-users}", - "composite": false, - "clientRole": true, - "containerId": "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", - "attributes": {} - }, - { - "id": "5f446f9a-d008-4067-8325-f4658a32d964", - "name": "view-authorization", - "description": "${role_view-authorization}", - "composite": false, - "clientRole": true, - "containerId": "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", - "attributes": {} - }, - { - "id": "82bf956d-1fd1-4d20-a5a9-62b3e77e9d88", - "name": "create-client", - "description": "${role_create-client}", - "composite": false, - "clientRole": true, - "containerId": "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", - "attributes": {} - }, - { - "id": "b41e1ce8-d63f-4cf4-9966-e6c9eab5da11", - "name": "manage-clients", - "description": "${role_manage-clients}", - "composite": false, - "clientRole": true, - "containerId": "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", - "attributes": {} - }, - { - "id": "3198743d-fdfa-4a9c-a229-5fb979847ec2", - "name": "view-users", - "description": "${role_view-users}", - "composite": true, - "composites": { - "client": { - "realm-management": ["query-users", "query-groups"] - } - }, - "clientRole": true, - "containerId": "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", - "attributes": {} - }, - { - "id": "e83c21cb-c84c-4824-9f7d-ce3574921800", - "name": "query-users", - "description": "${role_query-users}", - "composite": false, - "clientRole": true, - "containerId": "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", - "attributes": {} - }, - { - "id": "3f6e2e81-e40d-40ff-a5f3-12ba2614fba5", - "name": "query-groups", - "description": "${role_query-groups}", - "composite": false, - "clientRole": true, - "containerId": "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", - "attributes": {} - }, - { - "id": "63111288-7f3d-4570-838f-48405d70e212", - "name": "view-realm", - "description": "${role_view-realm}", - "composite": false, - "clientRole": true, - "containerId": "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", - "attributes": {} - }, - { - "id": "a7f8f8ad-057b-485e-abfa-8a98e5e0c4ea", - "name": "manage-realm", - "description": "${role_manage-realm}", - "composite": false, - "clientRole": true, - "containerId": "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", - "attributes": {} - }, - { - "id": "7783b160-2f1a-48c9-89fb-623a29f26c9a", - "name": "query-realms", - "description": "${role_query-realms}", - "composite": false, - "clientRole": true, - "containerId": "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", - "attributes": {} - }, - { - "id": "b8b5341f-f44f-40a2-9ba4-e2d621b11b2f", - "name": "impersonation", - "description": "${role_impersonation}", - "composite": false, - "clientRole": true, - "containerId": "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", - "attributes": {} - }, - { - "id": "6b9d72e9-949f-4897-b11a-c8aa9252f3f2", - "name": "query-clients", - "description": "${role_query-clients}", - "composite": false, - "clientRole": true, - "containerId": "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", - "attributes": {} - }, - { - "id": "bfa94ba9-1d70-4259-b928-906e8bb815b2", - "name": "view-events", - "description": "${role_view-events}", - "composite": false, - "clientRole": true, - "containerId": "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", - "attributes": {} - }, - { - "id": "96bb9322-5c1f-48f0-aa05-65521c77e742", - "name": "realm-admin", - "description": "${role_realm-admin}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "manage-users", - "view-authorization", - "manage-events", - "create-client", - "view-users", - "manage-clients", - "query-users", - "query-groups", - "view-realm", - "manage-realm", - "query-realms", - "query-clients", - "impersonation", - "view-events", - "manage-authorization", - "manage-identity-providers", - "view-identity-providers", - "view-clients" - ] - } - }, - "clientRole": true, - "containerId": "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", - "attributes": {} - }, - { - "id": "6e0ca5ce-f5db-4580-90e5-27c35804fc34", - "name": "manage-authorization", - "description": "${role_manage-authorization}", - "composite": false, - "clientRole": true, - "containerId": "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", - "attributes": {} - }, - { - "id": "7499eb46-cf4a-4813-9bf9-42b1bbcadc0d", - "name": "manage-identity-providers", - "description": "${role_manage-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", - "attributes": {} - }, - { - "id": "fcc99ef9-347d-4c21-b25c-8229e906a1a3", - "name": "view-clients", - "description": "${role_view-clients}", - "composite": true, - "composites": { - "client": { - "realm-management": ["query-clients"] - } - }, - "clientRole": true, - "containerId": "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", - "attributes": {} - }, - { - "id": "7b024069-57d8-4368-9942-8790507c156d", - "name": "view-identity-providers", - "description": "${role_view-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", - "attributes": {} - } - ], - "security-admin-console": [], - "admin-cli": [], - "account-console": [], - "broker": [ - { - "id": "3050eb8a-9a47-4a27-aece-be2e60fc7f73", - "name": "read-token", - "description": "${role_read-token}", - "composite": false, - "clientRole": true, - "containerId": "f5e032da-c8ab-48c2-959c-8466ad1e6a09", - "attributes": {} - } - ], - "account": [ - { - "id": "d554d15b-d098-47a0-bdd5-d656b20f5643", - "name": "delete-account", - "description": "${role_delete-account}", - "composite": false, - "clientRole": true, - "containerId": "7221ef76-9d96-49ad-88a6-9f72eeeb0aa7", - "attributes": {} - }, - { - "id": "aaf4946d-2cd4-43ba-ad7d-86be56b9ad2c", - "name": "view-applications", - "description": "${role_view-applications}", - "composite": false, - "clientRole": true, - "containerId": "7221ef76-9d96-49ad-88a6-9f72eeeb0aa7", - "attributes": {} - }, - { - "id": "b417b187-18b7-41fa-9537-3313cf9b8ed4", - "name": "manage-account", - "description": "${role_manage-account}", - "composite": true, - "composites": { - "client": { - "account": ["manage-account-links"] - } - }, - "clientRole": true, - "containerId": "7221ef76-9d96-49ad-88a6-9f72eeeb0aa7", - "attributes": {} - }, - { - "id": "8bb5480d-83a3-4ea2-8e91-237b8870acec", - "name": "view-consent", - "description": "${role_view-consent}", - "composite": false, - "clientRole": true, - "containerId": "7221ef76-9d96-49ad-88a6-9f72eeeb0aa7", - "attributes": {} - }, - { - "id": "e341c1b8-eaf7-467d-9986-d3f2356a60b9", - "name": "view-profile", - "description": "${role_view-profile}", - "composite": false, - "clientRole": true, - "containerId": "7221ef76-9d96-49ad-88a6-9f72eeeb0aa7", - "attributes": {} - }, - { - "id": "98ccac20-3906-436f-8dc3-ae8d8ae25cbc", - "name": "view-groups", - "description": "${role_view-groups}", - "composite": false, - "clientRole": true, - "containerId": "7221ef76-9d96-49ad-88a6-9f72eeeb0aa7", - "attributes": {} - }, - { - "id": "adfba539-826f-4fa7-86f5-8c1287152ed6", - "name": "manage-account-links", - "description": "${role_manage-account-links}", - "composite": false, - "clientRole": true, - "containerId": "7221ef76-9d96-49ad-88a6-9f72eeeb0aa7", - "attributes": {} - }, - { - "id": "2516ab58-490c-444c-9e7d-0dd8b87a69f0", - "name": "manage-consent", - "description": "${role_manage-consent}", - "composite": true, - "composites": { - "client": { - "account": ["view-consent"] - } - }, - "clientRole": true, - "containerId": "7221ef76-9d96-49ad-88a6-9f72eeeb0aa7", - "attributes": {} - } - ] + "id" : "5d0dd960-0478-4ca6-b64a-810a3f6f4071", + "realm" : "myrealm", + "notBefore" : 0, + "defaultSignatureAlgorithm" : "RS256", + "revokeRefreshToken" : false, + "refreshTokenMaxReuse" : 0, + "accessTokenLifespan" : 300, + "accessTokenLifespanForImplicitFlow" : 900, + "ssoSessionIdleTimeout" : 1800, + "ssoSessionMaxLifespan" : 36000, + "ssoSessionIdleTimeoutRememberMe" : 0, + "ssoSessionMaxLifespanRememberMe" : 0, + "offlineSessionIdleTimeout" : 2592000, + "offlineSessionMaxLifespanEnabled" : false, + "offlineSessionMaxLifespan" : 5184000, + "clientSessionIdleTimeout" : 0, + "clientSessionMaxLifespan" : 0, + "clientOfflineSessionIdleTimeout" : 0, + "clientOfflineSessionMaxLifespan" : 0, + "accessCodeLifespan" : 60, + "accessCodeLifespanUserAction" : 300, + "accessCodeLifespanLogin" : 1800, + "actionTokenGeneratedByAdminLifespan" : 43200, + "actionTokenGeneratedByUserLifespan" : 300, + "oauth2DeviceCodeLifespan" : 600, + "oauth2DevicePollingInterval" : 5, + "enabled" : true, + "sslRequired" : "external", + "registrationAllowed" : true, + "registrationEmailAsUsername" : false, + "rememberMe" : true, + "verifyEmail" : false, + "loginWithEmailAllowed" : true, + "duplicateEmailsAllowed" : false, + "resetPasswordAllowed" : true, + "editUsernameAllowed" : false, + "bruteForceProtected" : false, + "permanentLockout" : false, + "maxTemporaryLockouts" : 0, + "bruteForceStrategy" : "MULTIPLE", + "maxFailureWaitSeconds" : 900, + "minimumQuickLoginWaitSeconds" : 60, + "waitIncrementSeconds" : 60, + "quickLoginCheckMilliSeconds" : 1000, + "maxDeltaTimeSeconds" : 43200, + "failureFactor" : 30, + "roles" : { + "realm" : [ { + "id" : "cc4b5045-3bff-4aa7-889e-1492630c3002", + "name" : "uma_authorization", + "description" : "${role_uma_authorization}", + "composite" : false, + "clientRole" : false, + "containerId" : "5d0dd960-0478-4ca6-b64a-810a3f6f4071", + "attributes" : { } + }, { + "id" : "e92017b2-18a0-49cd-956c-fad64f16b26b", + "name" : "default-roles-myrealm", + "description" : "${role_default-roles}", + "composite" : true, + "composites" : { + "realm" : [ "offline_access", "uma_authorization" ], + "client" : { + "account" : [ "delete-account", "manage-account", "view-profile" ] } - }, - "groups": [], - "defaultRole": { - "id": "e92017b2-18a0-49cd-956c-fad64f16b26b", - "name": "default-roles-myrealm", - "description": "${role_default-roles}", - "composite": true, - "clientRole": false, - "containerId": "5d0dd960-0478-4ca6-b64a-810a3f6f4071" - }, - "requiredCredentials": ["password"], - "otpPolicyType": "totp", - "otpPolicyAlgorithm": "HmacSHA1", - "otpPolicyInitialCounter": 0, - "otpPolicyDigits": 6, - "otpPolicyLookAheadWindow": 1, - "otpPolicyPeriod": 30, - "otpPolicyCodeReusable": false, - "otpSupportedApplications": [ - "totpAppFreeOTPName", - "totpAppGoogleName", - "totpAppMicrosoftAuthenticatorName" - ], - "localizationTexts": { - "de": { - "profile.attributes.favourite_pet": "" - }, - "no": { - "profile.attributes.favourite_pet": "" - }, - "fi": { - "profile.attributes.favourite_pet": "" - }, - "ru": { - "profile.attributes.favourite_pet": "" - }, - "pt": { - "profile.attributes.favourite_pet": "" - }, - "lt": { - "profile.attributes.favourite_pet": "" - }, - "lv": { - "profile.attributes.favourite_pet": "" - }, - "fr": { - "profile.attributes.favourite_pet": "Animal de compagnie préféré", - "profile.attributes.favourite_pet.cat": "Chat", - "profile.attributes.favourite_pet.dog": "Chien", - "profile.attributes.favourite_pet.bird": "Oiseau" - }, - "hu": { - "profile.attributes.favourite_pet": "" - }, - "zh-CN": { - "profile.attributes.favourite_pet": "" - }, - "uk": { - "profile.attributes.favourite_pet": "" - }, - "sk": { - "profile.attributes.favourite_pet": "" - }, - "ca": { - "profile.attributes.favourite_pet": "" - }, - "sv": { - "profile.attributes.favourite_pet": "" - }, - "zh-TW": { - "profile.attributes.favourite_pet": "" - }, - "pt-BR": { - "profile.attributes.favourite_pet": "" - }, - "en": { - "profile.attributes.favourite_pet": "Favourite Pet", - "profile.attributes.favourite_pet.cat": "Cat", - "profile.attributes.favourite_pet.dog": "Dog", - "profile.attributes.favourite_pet.bird": "Bird" - }, - "it": { - "profile.attributes.favourite_pet": "" - }, - "es": { - "profile.attributes.favourite_pet": "Mascota favorita", - "profile.attributes.favourite_pet.cat": "Gato", - "profile.attributes.favourite_pet.dog": "Perro", - "profile.attributes.favourite_pet.bird": "Pájaro" - }, - "cs": { - "profile.attributes.favourite_pet": "" - }, - "ar": { - "profile.attributes.favourite_pet": "" - }, - "th": { - "profile.attributes.favourite_pet": "" - }, - "ja": { - "profile.attributes.favourite_pet": "" - }, - "fa": { - "profile.attributes.favourite_pet": "" - }, - "pl": { - "profile.attributes.favourite_pet": "" - }, - "da": { - "profile.attributes.favourite_pet": "" - }, - "nl": { - "profile.attributes.favourite_pet": "" - }, - "tr": { - "profile.attributes.favourite_pet": "" - } - }, - "webAuthnPolicyRpEntityName": "keycloak", - "webAuthnPolicySignatureAlgorithms": ["ES256"], - "webAuthnPolicyRpId": "", - "webAuthnPolicyAttestationConveyancePreference": "not specified", - "webAuthnPolicyAuthenticatorAttachment": "not specified", - "webAuthnPolicyRequireResidentKey": "not specified", - "webAuthnPolicyUserVerificationRequirement": "not specified", - "webAuthnPolicyCreateTimeout": 0, - "webAuthnPolicyAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyAcceptableAaguids": [], - "webAuthnPolicyExtraOrigins": [], - "webAuthnPolicyPasswordlessRpEntityName": "keycloak", - "webAuthnPolicyPasswordlessSignatureAlgorithms": ["ES256"], - "webAuthnPolicyPasswordlessRpId": "", - "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", - "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", - "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", - "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", - "webAuthnPolicyPasswordlessCreateTimeout": 0, - "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyPasswordlessAcceptableAaguids": [], - "webAuthnPolicyPasswordlessExtraOrigins": [], - "users": [ - { - "id": "d93e1772-4916-4243-850f-a6d9b2615716", - "username": "testuser", - "firstName": "Test", - "lastName": "User", - "email": "testuser@gmail.com", - "emailVerified": true, - "attributes": { - "additional_emails": ["test.user@protonmail.com", "testuser@hotmail.com"], - "gender": ["prefer_not_to_say"], - "favorite_pet": ["cats"], - "favourite_pet": ["cat"], - "bio": ["Hello I'm Test User and I do not exist."], - "phone_number": ["1111111111"], - "locale": ["en"], - "favorite_media": ["movies", "series"] - }, - "createdTimestamp": 1716183898408, - "enabled": true, - "totp": false, - "credentials": [ - { - "id": "576982e2-6fb3-4752-8724-5ff390ea8301", - "type": "password", - "userLabel": "My password", - "createdDate": 1716183916529, - "secretData": "{\"value\":\"9hwJ989FAr0UgT0MfffNYSI6Zf/3qT/y17DTUcwbiEM=\",\"salt\":\"C3ZnHzgPd+0Lemw4olCOgA==\",\"additionalParameters\":{}}", - "credentialData": "{\"hashIterations\":5,\"algorithm\":\"argon2\",\"additionalParameters\":{\"hashLength\":[\"32\"],\"memory\":[\"7168\"],\"type\":[\"id\"],\"version\":[\"1.3\"],\"parallelism\":[\"1\"]}}" - } - ], - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": ["default-roles-myrealm"], - "notBefore": 0, - "groups": [] - } - ], - "scopeMappings": [ - { - "clientScope": "offline_access", - "roles": ["offline_access"] - } - ], - "clientScopeMappings": { - "account": [ - { - "client": "account-console", - "roles": ["manage-account", "view-groups"] - } - ] - }, - "clients": [ - { - "id": "7221ef76-9d96-49ad-88a6-9f72eeeb0aa7", - "clientId": "account", - "name": "${client_account}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/myrealm/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": ["/realms/myrealm/account/*"], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "realm_client": "false", - "post.logout.redirect.uris": "+" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "acr", - "profile", - "roles", - "basic", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "d8f14dc4-5f0f-4a1d-8c0b-cfe78ee55cb3", - "clientId": "account-console", - "name": "${client_account-console}", - "description": "", - "rootUrl": "${authBaseUrl}", - "adminUrl": "", - "baseUrl": "/realms/myrealm/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": ["*"], - "webOrigins": ["*"], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "realm_client": "false", - "oidc.ciba.grant.enabled": "false", - "backchannel.logout.session.required": "true", - "post.logout.redirect.uris": "+", - "oauth2.device.authorization.grant.enabled": "false", - "display.on.consent.screen": "false", - "pkce.code.challenge.method": "S256", - "backchannel.logout.revoke.offline.tokens": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "08d7bc08-2ff3-44ea-9d65-fa1c4ca35646", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - } - ], - "defaultClientScopes": [ - "web-origins", - "acr", - "profile", - "roles", - "basic", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "953c597f-faef-4abc-88dc-4fbc9501170c", - "clientId": "admin-cli", - "name": "${client_admin-cli}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "realm_client": "false", - "client.use.lightweight.access.token.enabled": "true", - "post.logout.redirect.uris": "+" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "acr", - "profile", - "roles", - "basic", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "f5e032da-c8ab-48c2-959c-8466ad1e6a09", - "clientId": "broker", - "name": "${client_broker}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "realm_client": "true", - "post.logout.redirect.uris": "+" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "acr", - "profile", - "roles", - "basic", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "8fba88fa-61e9-45a4-893d-ab102973ebf6", - "clientId": "myclient", - "name": "", - "description": "", - "rootUrl": "https://my-theme.keycloakify.dev", - "adminUrl": "https://my-theme.keycloakify.dev", - "baseUrl": "https://my-theme.keycloakify.dev", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "https://my-theme.keycloakify.dev/*", - "http://localhost*", - "http://127.0.0.1*" - ], - "webOrigins": ["*"], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": true, - "protocol": "openid-connect", - "attributes": { - "realm_client": "false", - "oidc.ciba.grant.enabled": "false", - "backchannel.logout.session.required": "true", - "login_theme": "keycloakify-starter", - "post.logout.redirect.uris": "https://my-theme.keycloakify.dev/*##http://localhost*##http://127.0.0.1*", - "oauth2.device.authorization.grant.enabled": "false", - "display.on.consent.screen": "false", - "backchannel.logout.revoke.offline.tokens": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "91a196c1-f93c-48a5-aced-b8d60fb09b62", - "name": "Favourite Pet", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "favourite_pet", - "id.token.claim": "true", - "lightweight.claim": "false", - "access.token.claim": "true", - "claim.name": "favourite_pet", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "acr", - "profile", - "roles", - "basic", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", - "clientId": "realm-management", - "name": "${client_realm-management}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "realm_client": "true", - "post.logout.redirect.uris": "+" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "acr", - "profile", - "roles", - "basic", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "fce8a109-6f32-4814-9a20-2ff2435d2da6", - "clientId": "security-admin-console", - "name": "${client_security-admin-console}", - "rootUrl": "${authAdminUrl}", - "baseUrl": "/admin/myrealm/console/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": ["/admin/myrealm/console/*"], - "webOrigins": ["+"], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "realm_client": "false", - "client.use.lightweight.access.token.enabled": "true", - "post.logout.redirect.uris": "+", - "pkce.code.challenge.method": "S256" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "52192d19-0406-41b7-b995-b099bdbaa448", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "acr", - "profile", - "roles", - "basic", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - } - ], - "clientScopes": [ - { - "id": "6a955b1e-f0e2-49fa-b3c9-bd59ed1fcd4f", - "name": "web-origins", - "description": "OpenID Connect scope for add allowed web origins to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "consent.screen.text": "", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ - { - "id": "3a392f70-ed70-424a-b60b-82db32b83df8", - "name": "allowed web origins", - "protocol": "openid-connect", - "protocolMapper": "oidc-allowed-origins-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "access.token.claim": "true" - } - } - ] - }, - { - "id": "9cda058d-9935-4c8b-844d-c163d10f7c3c", - "name": "address", - "description": "OpenID Connect built-in scope: address", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "consent.screen.text": "${addressScopeConsentText}", - "display.on.consent.screen": "true" - }, - "protocolMappers": [ - { - "id": "a053d8ec-b267-4e5a-a424-3b14bef9cd15", - "name": "address", - "protocol": "openid-connect", - "protocolMapper": "oidc-address-mapper", - "consentRequired": false, - "config": { - "user.attribute.formatted": "formatted", - "user.attribute.country": "country", - "introspection.token.claim": "true", - "user.attribute.postal_code": "postal_code", - "userinfo.token.claim": "true", - "user.attribute.street": "street", - "id.token.claim": "true", - "user.attribute.region": "region", - "access.token.claim": "true", - "user.attribute.locality": "locality" - } - } - ] - }, - { - "id": "6225f4c7-ad5c-42ea-b7d4-5bb4e7c77459", - "name": "phone", - "description": "OpenID Connect built-in scope: phone", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "consent.screen.text": "${phoneScopeConsentText}", - "display.on.consent.screen": "true" - }, - "protocolMappers": [ - { - "id": "5052be82-243f-41b0-a214-4f01935180e5", - "name": "phone number", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "phoneNumber", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number", - "jsonType.label": "String" - } - }, - { - "id": "4d31d278-e6ef-4b8b-97cb-4da9626d0e93", - "name": "phone number verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "phoneNumberVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number_verified", - "jsonType.label": "boolean" - } - } - ] - }, - { - "id": "9357440c-6200-41a1-a447-0ec97895763e", - "name": "basic", - "description": "OpenID Connect scope for add all basic claims to the token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ - { - "id": "bf9cb6c6-71a4-4bf9-8c60-ed58adcc2258", - "name": "auth_time", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "AUTH_TIME", - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "auth_time", - "jsonType.label": "long" - } - }, - { - "id": "679c8292-1abb-4d96-bacc-671303765f9b", - "name": "sub", - "protocol": "openid-connect", - "protocolMapper": "oidc-sub-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "access.token.claim": "true" - } - } - ] - }, - { - "id": "0ec225e7-253b-4a01-85e1-68daf3df3eba", - "name": "role_list", - "description": "SAML role list", - "protocol": "saml", - "attributes": { - "consent.screen.text": "${samlRoleListScopeConsentText}", - "display.on.consent.screen": "true" - }, - "protocolMappers": [ - { - "id": "a55cf74e-ce68-4ebd-9c24-dc3fd6a9cfa5", - "name": "role list", - "protocol": "saml", - "protocolMapper": "saml-role-list-mapper", - "consentRequired": false, - "config": { - "single": "false", - "attribute.nameformat": "Basic", - "attribute.name": "Role" - } - } - ] - }, - { - "id": "e2f1dd86-00a2-4374-b888-7211f748c58d", - "name": "offline_access", - "description": "OpenID Connect built-in scope: offline_access", - "protocol": "openid-connect", - "attributes": { - "consent.screen.text": "${offlineAccessScopeConsentText}", - "display.on.consent.screen": "true" - } - }, - { - "id": "e86456b8-0663-448e-ad16-7d520d0c448e", - "name": "profile", - "description": "OpenID Connect built-in scope: profile", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "consent.screen.text": "${profileScopeConsentText}", - "display.on.consent.screen": "true" - }, - "protocolMappers": [ - { - "id": "569c799d-79f2-4b2b-a1ec-3661e3d8d433", - "name": "gender", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "gender", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "gender", - "jsonType.label": "String" - } - }, - { - "id": "2d01eb48-77c3-4c83-a864-755699cb7e7c", - "name": "updated at", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "updatedAt", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "updated_at", - "jsonType.label": "long" - } - }, - { - "id": "a9700270-006f-4a85-8458-f39644659029", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - }, - { - "id": "3a7bca96-0839-4d1e-b37d-6e624f37facb", - "name": "profile", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "profile", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "profile", - "jsonType.label": "String" - } - }, - { - "id": "2a41be1c-872a-4b3e-9051-71ebd5d140c1", - "name": "website", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "website", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "website", - "jsonType.label": "String" - } - }, - { - "id": "9fe5e57d-ee79-4b8b-9ab2-345093a1fdbf", - "name": "full name", - "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "introspection.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "id": "bda9e4e7-4de0-455d-bace-4e94b1dab5ad", - "name": "nickname", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "nickname", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "nickname", - "jsonType.label": "String" - } - }, - { - "id": "312a0b4d-46b8-42e0-b162-e5869b317b36", - "name": "zoneinfo", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "zoneinfo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "zoneinfo", - "jsonType.label": "String" - } - }, - { - "id": "4f8ac9bc-e32d-4ebb-bb85-b9a94a459aa1", - "name": "username", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" - } - }, - { - "id": "bebdf0c7-6f0f-4b08-a327-50af837c82b9", - "name": "family name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "lastName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" - } - }, - { - "id": "d96d9686-f4e0-479a-9855-cfc526a35294", - "name": "middle name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "middleName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "middle_name", - "jsonType.label": "String" - } - }, - { - "id": "66ad8239-e1df-4f9d-9cb7-d35f23f95f37", - "name": "given name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "firstName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" - } - }, - { - "id": "ece8245b-16ae-4322-bc78-f8d5f671640a", - "name": "picture", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "picture", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "picture", - "jsonType.label": "String" - } - }, - { - "id": "384cf049-0fed-47e2-8b11-06cf6c03465d", - "name": "birthdate", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "birthdate", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "birthdate", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "49e85de9-edd1-4a9e-a2b0-e9c663d4dd9a", - "name": "email", - "description": "OpenID Connect built-in scope: email", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "consent.screen.text": "${emailScopeConsentText}", - "display.on.consent.screen": "true" - }, - "protocolMappers": [ - { - "id": "d458e6fc-b414-4b45-b9e1-99342d7d2bba", - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" - } - }, - { - "id": "2b73ce63-0443-46dc-b35c-1148edb976ab", - "name": "email verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "emailVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email_verified", - "jsonType.label": "boolean" - } - } - ] - }, - { - "id": "71303f6d-348a-4892-9d6f-dc9a2d2e4b14", - "name": "microprofile-jwt", - "description": "Microprofile - JWT built-in scope", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ - { - "id": "498cbff6-a650-4a09-8192-5defaa50f33b", - "name": "upn", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "upn", - "jsonType.label": "String" - } - }, - { - "id": "eb8585bc-ca30-410e-9f92-0d63665f5ed6", - "name": "groups", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "multivalued": "true", - "userinfo.token.claim": "true", - "user.attribute": "foo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "groups", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "62b8c264-2c10-48c6-803f-b7606a89e0d9", - "name": "roles", - "description": "OpenID Connect scope for add user roles to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "consent.screen.text": "${rolesScopeConsentText}", - "display.on.consent.screen": "true" - }, - "protocolMappers": [ - { - "id": "0c18ca55-df63-4071-81f9-43f5d077c015", - "name": "realm roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "introspection.token.claim": "true", - "access.token.claim": "true", - "claim.name": "realm_access.roles", - "jsonType.label": "String", - "multivalued": "true" - } - }, - { - "id": "6de6510d-d7f3-4289-a10f-4c21289313a4", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "access.token.claim": "true" - } - }, - { - "id": "a5851eb2-bfc5-4a0a-8a49-92f4fc8c5041", - "name": "client roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-client-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "introspection.token.claim": "true", - "access.token.claim": "true", - "claim.name": "resource_access.${client_id}.roles", - "jsonType.label": "String", - "multivalued": "true" - } - } - ] - }, - { - "id": "bfc69775-83af-4816-82fd-d1c42687fb5e", - "name": "acr", - "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ - { - "id": "8e2027d5-32dd-4a87-a7ec-00e5316c5617", - "name": "acr loa level", - "protocol": "openid-connect", - "protocolMapper": "oidc-acr-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "introspection.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - } - ] - } - ], - "defaultDefaultClientScopes": [ - "role_list", - "profile", - "email", - "roles", - "web-origins", - "acr", - "basic" - ], - "defaultOptionalClientScopes": [ - "offline_access", - "address", - "phone", - "microprofile-jwt" - ], - "browserSecurityHeaders": { - "contentSecurityPolicyReportOnly": "", - "xContentTypeOptions": "nosniff", - "referrerPolicy": "no-referrer", - "xRobotsTag": "none", - "xFrameOptions": "SAMEORIGIN", - "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - "xXSSProtection": "1; mode=block", - "strictTransportSecurity": "max-age=31536000; includeSubDomains" - }, - "smtpServer": {}, - "loginTheme": "keycloakify-starter", - "accountTheme": "keycloakify-starter", - "adminTheme": "", - "emailTheme": "", - "eventsEnabled": false, - "eventsListeners": ["jboss-logging"], - "enabledEventTypes": [], - "adminEventsEnabled": false, - "adminEventsDetailsEnabled": false, - "identityProviders": [], - "identityProviderMappers": [], - "components": { - "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ - { - "id": "67526992-f0ce-42ff-a0fb-af267192ff70", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allow-default-scopes": ["true"] - } - }, - { - "id": "64a2f718-da10-45d9-a75a-69c156a7ccd8", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "saml-user-attribute-mapper", - "oidc-sha256-pairwise-sub-mapper", - "oidc-full-name-mapper", - "saml-user-property-mapper", - "oidc-address-mapper", - "oidc-usermodel-property-mapper", - "saml-role-list-mapper", - "oidc-usermodel-attribute-mapper" - ] - } - }, - { - "id": "4d3e104f-6fdf-45eb-b756-5fef6840fbed", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "c647e85f-6700-4d66-84f2-4a869e467735", - "name": "Max Clients Limit", - "providerId": "max-clients", - "subType": "anonymous", - "subComponents": {}, - "config": { - "max-clients": ["200"] - } - }, - { - "id": "51f41974-f7e5-4e7d-b486-5bd652a98e93", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "oidc-usermodel-attribute-mapper", - "oidc-full-name-mapper", - "oidc-usermodel-property-mapper", - "oidc-address-mapper", - "saml-user-property-mapper", - "saml-role-list-mapper", - "saml-user-attribute-mapper", - "oidc-sha256-pairwise-sub-mapper" - ] - } - }, - { - "id": "8f7d6ece-e956-4e48-95ab-5ab72b2b7c9a", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allow-default-scopes": ["true"] - } - }, - { - "id": "e60b1167-cdee-4173-be99-3dad6a536b4a", - "name": "Trusted Hosts", - "providerId": "trusted-hosts", - "subType": "anonymous", - "subComponents": {}, - "config": { - "host-sending-registration-request-must-match": ["true"], - "client-uris-must-match": ["true"] - } - }, - { - "id": "5ba8b893-ab01-430b-9092-32646a50a662", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} - } - ], - "org.keycloak.userprofile.UserProfileProvider": [ - { - "id": "237022c6-9443-46b3-902e-210e14c3c9a8", - "providerId": "declarative-user-profile", - "subComponents": {}, - "config": { - "kc.user.profile.config": [ - "{\"attributes\":[{\"name\":\"username\",\"displayName\":\"${username}\",\"validations\":{\"length\":{\"min\":3,\"max\":255},\"username-prohibited-characters\":{},\"up-username-not-idn-homograph\":{}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"email\",\"displayName\":\"${email}\",\"validations\":{\"email\":{},\"length\":{\"max\":255}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"firstName\",\"displayName\":\"${firstName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"lastName\",\"displayName\":\"${lastName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"favourite_pet\",\"displayName\":\"${profile.attributes.favourite_pet}\",\"validations\":{\"options\":{\"options\":[\"cat\",\"dog\",\"bird\"]}},\"annotations\":{\"inputType\":\"select\",\"inputOptionLabelsI18nPrefix\":\"profile.attributes.favourite_pet\"},\"required\":{\"roles\":[\"admin\",\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false}],\"groups\":[{\"name\":\"user-metadata\",\"displayHeader\":\"User metadata\",\"displayDescription\":\"Attributes, which refer to user metadata\"}]}" - ] - } - } - ], - "org.keycloak.keys.KeyProvider": [ - { - "id": "5f3c1765-8810-419f-9c18-4a2db0e874e7", - "name": "rsa-generated", - "providerId": "rsa-generated", - "subComponents": {}, - "config": { - "priority": ["100"] - } - }, - { - "id": "e586f825-a25a-4833-a38e-4c6484ad17fd", - "name": "rsa-enc-generated", - "providerId": "rsa-enc-generated", - "subComponents": {}, - "config": { - "priority": ["100"], - "algorithm": ["RSA-OAEP"] - } - }, - { - "id": "d85dae25-3728-46a0-980b-46171ba50cdd", - "name": "aes-generated", - "providerId": "aes-generated", - "subComponents": {}, - "config": { - "priority": ["100"] - } - }, - { - "id": "8c3bb039-6f5b-4bdc-9faa-e0f6038d9e6b", - "name": "hmac-generated-hs512", - "providerId": "hmac-generated", - "subComponents": {}, - "config": { - "priority": ["100"], - "algorithm": ["HS512"] - } - } - ] - }, - "internationalizationEnabled": true, - "supportedLocales": ["en", "fr", "es"], - "defaultLocale": "en", - "authenticationFlows": [ - { - "id": "0e1abbbe-40e3-4754-9fe2-8a7d1f82354e", - "alias": "Account verification options", - "description": "Method with which to verity the existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-email-verification", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false - } - ] - }, - { - "id": "f279cc4d-ebed-4390-a5d4-0cbb6dd662ae", - "alias": "Browser - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "6926f455-0fd0-4ac6-9fc1-333b86c4150f", - "alias": "Direct Grant - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "direct-grant-validate-otp", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "b11840e7-21ec-4200-bf3c-c7853646a908", - "alias": "First broker login - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "615b4d0e-e71e-4c96-aed3-b03b34b61808", - "alias": "Handle Existing Account", - "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-confirm-link", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "Account verification options", - "userSetupAllowed": false - } - ] - }, - { - "id": "36958ec5-62d7-4d51-8b30-7a6709476aec", - "alias": "Reset - Conditional OTP", - "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "reset-otp", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "aa4a7ac2-ec63-48ea-a70f-b3f18992b99a", - "alias": "User creation or linking", - "description": "Flow for the existing/non-existing user alternatives", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "create unique user config", - "authenticator": "idp-create-user-if-unique", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "Handle Existing Account", - "userSetupAllowed": false - } - ] - }, - { - "id": "dafdfc68-72eb-49b2-a8f4-495ee25fba21", - "alias": "Verify Existing Account by Re-authentication", - "description": "Reauthentication of existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false - } - ] - }, - { - "id": "6a39b6db-c81e-4de4-92a8-a9e504593f2e", - "alias": "browser", - "description": "browser based authentication", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-cookie", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "identity-provider-redirector", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 25, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 30, - "autheticatorFlow": true, - "flowAlias": "forms", - "userSetupAllowed": false - } - ] - }, - { - "id": "6fa840df-bc04-4045-9e33-8901d183b165", - "alias": "clients", - "description": "Base authentication for clients", - "providerId": "client-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "client-secret", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "client-jwt", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "client-secret-jwt", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 30, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "client-x509", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 40, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "4aa24ca0-ad09-4f30-806b-4c699724d731", - "alias": "direct grant", - "description": "OpenID Connect Resource Owner Grant", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "direct-grant-validate-username", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "direct-grant-validate-password", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 30, - "autheticatorFlow": true, - "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false - } - ] - }, - { - "id": "0a914ba4-f662-4b85-af64-74738a222b7f", - "alias": "docker auth", - "description": "Used by Docker clients to authenticate against the IDP", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "docker-http-basic-authenticator", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "9b40f15f-b690-4fe2-9fe8-07e77d965297", - "alias": "first broker login", - "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "review profile config", - "authenticator": "idp-review-profile", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "User creation or linking", - "userSetupAllowed": false - } - ] - }, - { - "id": "c8a9848f-8dd8-4e13-b521-0a537d92ec36", - "alias": "forms", - "description": "Username, password, otp and other auth forms.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false - } - ] - }, - { - "id": "603957f8-b0a5-4885-aafd-e2757e431954", - "alias": "registration", - "description": "registration flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-page-form", - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": true, - "flowAlias": "registration form", - "userSetupAllowed": false - } - ] - }, - { - "id": "f41632f9-7fad-427d-ae7a-78ac9b1f51d0", - "alias": "registration form", - "description": "registration form", - "providerId": "form-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-user-creation", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "registration-password-action", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 50, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "registration-recaptcha-action", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 60, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "registration-terms-and-conditions", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 70, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "27a133ca-e05e-4c93-a3b7-ffe14b4e62ec", - "alias": "reset credentials", - "description": "Reset credentials for a user if they forgot their password or something", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "reset-credentials-choose-user", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "reset-credential-email", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "reset-password", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 30, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 40, - "autheticatorFlow": true, - "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false - } - ] - }, - { - "id": "06cd7382-4944-4499-94dc-9908544e291b", - "alias": "saml ecp", - "description": "SAML ECP Profile Authentication Flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "http-basic-authenticator", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - } - ], - "authenticatorConfig": [ - { - "id": "5f953def-6f7c-430f-a33f-440ec2d2dddd", - "alias": "create unique user config", - "config": { - "require.password.update.after.registration": "false" - } - }, - { - "id": "b3dad9a1-5b82-4e91-a250-157a45694e24", - "alias": "review profile config", - "config": { - "update.profile.on.first.login": "missing" - } - } - ], - "requiredActions": [ - { - "alias": "CONFIGURE_TOTP", - "name": "Configure OTP", - "providerId": "CONFIGURE_TOTP", - "enabled": true, - "defaultAction": false, - "priority": 10, - "config": {} - }, - { - "alias": "TERMS_AND_CONDITIONS", - "name": "Terms and Conditions", - "providerId": "TERMS_AND_CONDITIONS", - "enabled": true, - "defaultAction": true, - "priority": 20, - "config": {} - }, - { - "alias": "UPDATE_PASSWORD", - "name": "Update Password", - "providerId": "UPDATE_PASSWORD", - "enabled": true, - "defaultAction": false, - "priority": 30, - "config": {} - }, - { - "alias": "UPDATE_PROFILE", - "name": "Update Profile", - "providerId": "UPDATE_PROFILE", - "enabled": true, - "defaultAction": false, - "priority": 40, - "config": {} - }, - { - "alias": "VERIFY_EMAIL", - "name": "Verify Email", - "providerId": "VERIFY_EMAIL", - "enabled": true, - "defaultAction": false, - "priority": 50, - "config": {} - }, - { - "alias": "delete_account", - "name": "Delete Account", - "providerId": "delete_account", - "enabled": true, - "defaultAction": false, - "priority": 60, - "config": {} - }, - { - "alias": "webauthn-register", - "name": "Webauthn Register", - "providerId": "webauthn-register", - "enabled": true, - "defaultAction": false, - "priority": 70, - "config": {} - }, - { - "alias": "webauthn-register-passwordless", - "name": "Webauthn Register Passwordless", - "providerId": "webauthn-register-passwordless", - "enabled": true, - "defaultAction": false, - "priority": 80, - "config": {} - }, - { - "alias": "VERIFY_PROFILE", - "name": "Verify Profile", - "providerId": "VERIFY_PROFILE", - "enabled": true, - "defaultAction": false, - "priority": 90, - "config": {} - }, - { - "alias": "delete_credential", - "name": "Delete Credential", - "providerId": "delete_credential", - "enabled": true, - "defaultAction": false, - "priority": 100, - "config": {} - }, - { - "alias": "update_user_locale", - "name": "Update User Locale", - "providerId": "update_user_locale", - "enabled": true, - "defaultAction": false, - "priority": 1000, - "config": {} - } - ], - "browserFlow": "browser", - "registrationFlow": "registration", - "directGrantFlow": "direct grant", - "resetCredentialsFlow": "reset credentials", - "clientAuthenticationFlow": "clients", - "dockerAuthenticationFlow": "docker auth", - "firstBrokerLoginFlow": "first broker login", - "attributes": { - "cibaBackchannelTokenDeliveryMode": "poll", - "cibaAuthRequestedUserHint": "login_hint", - "clientOfflineSessionMaxLifespan": "0", - "oauth2DevicePollingInterval": "5", - "clientSessionIdleTimeout": "0", - "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5", - "realmReusableOtpCode": "false", - "cibaExpiresIn": "120", - "oauth2DeviceCodeLifespan": "600", - "parRequestUriLifespan": "60", - "clientSessionMaxLifespan": "0", - "organizationsEnabled": "false" - }, - "keycloakVersion": "26.0.6", - "userManagedAccessAllowed": false, - "organizationsEnabled": false, - "clientProfiles": { - "profiles": [] - }, - "clientPolicies": { - "policies": [] + }, + "clientRole" : false, + "containerId" : "5d0dd960-0478-4ca6-b64a-810a3f6f4071", + "attributes" : { } + }, { + "id" : "e8616113-e302-4abe-bd5c-d51f8221046b", + "name" : "offline_access", + "description" : "${role_offline-access}", + "composite" : false, + "clientRole" : false, + "containerId" : "5d0dd960-0478-4ca6-b64a-810a3f6f4071", + "attributes" : { } + } ], + "client" : { + "myclient" : [ ], + "realm-management" : [ { + "id" : "b27b272d-d153-4ae7-9fe7-fd96582f057d", + "name" : "manage-events", + "description" : "${role_manage-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", + "attributes" : { } + }, { + "id" : "40fdfec8-f1b9-4c2b-81c5-a775bc047840", + "name" : "manage-users", + "description" : "${role_manage-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", + "attributes" : { } + }, { + "id" : "5f446f9a-d008-4067-8325-f4658a32d964", + "name" : "view-authorization", + "description" : "${role_view-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", + "attributes" : { } + }, { + "id" : "82bf956d-1fd1-4d20-a5a9-62b3e77e9d88", + "name" : "create-client", + "description" : "${role_create-client}", + "composite" : false, + "clientRole" : true, + "containerId" : "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", + "attributes" : { } + }, { + "id" : "b41e1ce8-d63f-4cf4-9966-e6c9eab5da11", + "name" : "manage-clients", + "description" : "${role_manage-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", + "attributes" : { } + }, { + "id" : "3198743d-fdfa-4a9c-a229-5fb979847ec2", + "name" : "view-users", + "description" : "${role_view-users}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "query-users", "query-groups" ] + } + }, + "clientRole" : true, + "containerId" : "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", + "attributes" : { } + }, { + "id" : "e83c21cb-c84c-4824-9f7d-ce3574921800", + "name" : "query-users", + "description" : "${role_query-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", + "attributes" : { } + }, { + "id" : "3f6e2e81-e40d-40ff-a5f3-12ba2614fba5", + "name" : "query-groups", + "description" : "${role_query-groups}", + "composite" : false, + "clientRole" : true, + "containerId" : "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", + "attributes" : { } + }, { + "id" : "63111288-7f3d-4570-838f-48405d70e212", + "name" : "view-realm", + "description" : "${role_view-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", + "attributes" : { } + }, { + "id" : "a7f8f8ad-057b-485e-abfa-8a98e5e0c4ea", + "name" : "manage-realm", + "description" : "${role_manage-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", + "attributes" : { } + }, { + "id" : "7783b160-2f1a-48c9-89fb-623a29f26c9a", + "name" : "query-realms", + "description" : "${role_query-realms}", + "composite" : false, + "clientRole" : true, + "containerId" : "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", + "attributes" : { } + }, { + "id" : "b8b5341f-f44f-40a2-9ba4-e2d621b11b2f", + "name" : "impersonation", + "description" : "${role_impersonation}", + "composite" : false, + "clientRole" : true, + "containerId" : "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", + "attributes" : { } + }, { + "id" : "6b9d72e9-949f-4897-b11a-c8aa9252f3f2", + "name" : "query-clients", + "description" : "${role_query-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", + "attributes" : { } + }, { + "id" : "bfa94ba9-1d70-4259-b928-906e8bb815b2", + "name" : "view-events", + "description" : "${role_view-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", + "attributes" : { } + }, { + "id" : "96bb9322-5c1f-48f0-aa05-65521c77e742", + "name" : "realm-admin", + "description" : "${role_realm-admin}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "manage-users", "view-authorization", "manage-events", "create-client", "view-users", "manage-clients", "query-users", "query-groups", "view-realm", "manage-realm", "query-realms", "query-clients", "impersonation", "view-events", "manage-authorization", "manage-identity-providers", "view-identity-providers", "view-clients" ] + } + }, + "clientRole" : true, + "containerId" : "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", + "attributes" : { } + }, { + "id" : "6e0ca5ce-f5db-4580-90e5-27c35804fc34", + "name" : "manage-authorization", + "description" : "${role_manage-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", + "attributes" : { } + }, { + "id" : "7499eb46-cf4a-4813-9bf9-42b1bbcadc0d", + "name" : "manage-identity-providers", + "description" : "${role_manage-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", + "attributes" : { } + }, { + "id" : "fcc99ef9-347d-4c21-b25c-8229e906a1a3", + "name" : "view-clients", + "description" : "${role_view-clients}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "query-clients" ] + } + }, + "clientRole" : true, + "containerId" : "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", + "attributes" : { } + }, { + "id" : "7b024069-57d8-4368-9942-8790507c156d", + "name" : "view-identity-providers", + "description" : "${role_view-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", + "attributes" : { } + } ], + "security-admin-console" : [ ], + "admin-cli" : [ ], + "account-console" : [ ], + "broker" : [ { + "id" : "3050eb8a-9a47-4a27-aece-be2e60fc7f73", + "name" : "read-token", + "description" : "${role_read-token}", + "composite" : false, + "clientRole" : true, + "containerId" : "f5e032da-c8ab-48c2-959c-8466ad1e6a09", + "attributes" : { } + } ], + "account" : [ { + "id" : "d554d15b-d098-47a0-bdd5-d656b20f5643", + "name" : "delete-account", + "description" : "${role_delete-account}", + "composite" : false, + "clientRole" : true, + "containerId" : "7221ef76-9d96-49ad-88a6-9f72eeeb0aa7", + "attributes" : { } + }, { + "id" : "aaf4946d-2cd4-43ba-ad7d-86be56b9ad2c", + "name" : "view-applications", + "description" : "${role_view-applications}", + "composite" : false, + "clientRole" : true, + "containerId" : "7221ef76-9d96-49ad-88a6-9f72eeeb0aa7", + "attributes" : { } + }, { + "id" : "b417b187-18b7-41fa-9537-3313cf9b8ed4", + "name" : "manage-account", + "description" : "${role_manage-account}", + "composite" : true, + "composites" : { + "client" : { + "account" : [ "manage-account-links" ] + } + }, + "clientRole" : true, + "containerId" : "7221ef76-9d96-49ad-88a6-9f72eeeb0aa7", + "attributes" : { } + }, { + "id" : "8bb5480d-83a3-4ea2-8e91-237b8870acec", + "name" : "view-consent", + "description" : "${role_view-consent}", + "composite" : false, + "clientRole" : true, + "containerId" : "7221ef76-9d96-49ad-88a6-9f72eeeb0aa7", + "attributes" : { } + }, { + "id" : "e341c1b8-eaf7-467d-9986-d3f2356a60b9", + "name" : "view-profile", + "description" : "${role_view-profile}", + "composite" : false, + "clientRole" : true, + "containerId" : "7221ef76-9d96-49ad-88a6-9f72eeeb0aa7", + "attributes" : { } + }, { + "id" : "98ccac20-3906-436f-8dc3-ae8d8ae25cbc", + "name" : "view-groups", + "description" : "${role_view-groups}", + "composite" : false, + "clientRole" : true, + "containerId" : "7221ef76-9d96-49ad-88a6-9f72eeeb0aa7", + "attributes" : { } + }, { + "id" : "adfba539-826f-4fa7-86f5-8c1287152ed6", + "name" : "manage-account-links", + "description" : "${role_manage-account-links}", + "composite" : false, + "clientRole" : true, + "containerId" : "7221ef76-9d96-49ad-88a6-9f72eeeb0aa7", + "attributes" : { } + }, { + "id" : "2516ab58-490c-444c-9e7d-0dd8b87a69f0", + "name" : "manage-consent", + "description" : "${role_manage-consent}", + "composite" : true, + "composites" : { + "client" : { + "account" : [ "view-consent" ] + } + }, + "clientRole" : true, + "containerId" : "7221ef76-9d96-49ad-88a6-9f72eeeb0aa7", + "attributes" : { } + } ] } -} + }, + "groups" : [ ], + "defaultRole" : { + "id" : "e92017b2-18a0-49cd-956c-fad64f16b26b", + "name" : "default-roles-myrealm", + "description" : "${role_default-roles}", + "composite" : true, + "clientRole" : false, + "containerId" : "5d0dd960-0478-4ca6-b64a-810a3f6f4071" + }, + "requiredCredentials" : [ "password" ], + "otpPolicyType" : "totp", + "otpPolicyAlgorithm" : "HmacSHA1", + "otpPolicyInitialCounter" : 0, + "otpPolicyDigits" : 6, + "otpPolicyLookAheadWindow" : 1, + "otpPolicyPeriod" : 30, + "otpPolicyCodeReusable" : false, + "otpSupportedApplications" : [ "totpAppFreeOTPName", "totpAppGoogleName", "totpAppMicrosoftAuthenticatorName" ], + "localizationTexts" : { + "de" : { + "profile.attributes.favourite_pet" : "" + }, + "no" : { + "profile.attributes.favourite_pet" : "" + }, + "fi" : { + "profile.attributes.favourite_pet" : "" + }, + "ru" : { + "profile.attributes.favourite_pet" : "" + }, + "pt" : { + "profile.attributes.favourite_pet" : "" + }, + "lt" : { + "profile.attributes.favourite_pet" : "" + }, + "lv" : { + "profile.attributes.favourite_pet" : "" + }, + "fr" : { + "profile.attributes.favourite_pet" : "Animal de compagnie préféré", + "profile.attributes.favourite_pet.cat" : "Chat", + "profile.attributes.favourite_pet.dog" : "Chien", + "profile.attributes.favourite_pet.bird" : "Oiseau" + }, + "hu" : { + "profile.attributes.favourite_pet" : "" + }, + "zh-CN" : { + "profile.attributes.favourite_pet" : "" + }, + "uk" : { + "profile.attributes.favourite_pet" : "" + }, + "sk" : { + "profile.attributes.favourite_pet" : "" + }, + "ca" : { + "profile.attributes.favourite_pet" : "" + }, + "sv" : { + "profile.attributes.favourite_pet" : "" + }, + "zh-TW" : { + "profile.attributes.favourite_pet" : "" + }, + "pt-BR" : { + "profile.attributes.favourite_pet" : "" + }, + "en" : { + "profile.attributes.favourite_pet" : "Favourite Pet", + "profile.attributes.favourite_pet.cat" : "Cat", + "profile.attributes.favourite_pet.dog" : "Dog", + "profile.attributes.favourite_pet.bird" : "Bird" + }, + "it" : { + "profile.attributes.favourite_pet" : "" + }, + "es" : { + "profile.attributes.favourite_pet" : "Mascota favorita", + "profile.attributes.favourite_pet.cat" : "Gato", + "profile.attributes.favourite_pet.dog" : "Perro", + "profile.attributes.favourite_pet.bird" : "Pájaro" + }, + "cs" : { + "profile.attributes.favourite_pet" : "" + }, + "ar" : { + "profile.attributes.favourite_pet" : "" + }, + "th" : { + "profile.attributes.favourite_pet" : "" + }, + "ja" : { + "profile.attributes.favourite_pet" : "" + }, + "fa" : { + "profile.attributes.favourite_pet" : "" + }, + "pl" : { + "profile.attributes.favourite_pet" : "" + }, + "da" : { + "profile.attributes.favourite_pet" : "" + }, + "nl" : { + "profile.attributes.favourite_pet" : "" + }, + "tr" : { + "profile.attributes.favourite_pet" : "" + } + }, + "webAuthnPolicyRpEntityName" : "keycloak", + "webAuthnPolicySignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyRpId" : "", + "webAuthnPolicyAttestationConveyancePreference" : "not specified", + "webAuthnPolicyAuthenticatorAttachment" : "not specified", + "webAuthnPolicyRequireResidentKey" : "not specified", + "webAuthnPolicyUserVerificationRequirement" : "not specified", + "webAuthnPolicyCreateTimeout" : 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyAcceptableAaguids" : [ ], + "webAuthnPolicyExtraOrigins" : [ ], + "webAuthnPolicyPasswordlessRpEntityName" : "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyPasswordlessRpId" : "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified", + "webAuthnPolicyPasswordlessCreateTimeout" : 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ], + "webAuthnPolicyPasswordlessExtraOrigins" : [ ], + "users" : [ { + "id" : "d93e1772-4916-4243-850f-a6d9b2615716", + "username" : "testuser", + "firstName" : "Test", + "lastName" : "User", + "email" : "testuser@gmail.com", + "emailVerified" : true, + "attributes" : { + "additional_emails" : [ "test.user@protonmail.com", "testuser@hotmail.com" ], + "gender" : [ "prefer_not_to_say" ], + "favorite_pet" : [ "cats" ], + "favourite_pet" : [ "cat" ], + "bio" : [ "Hello I'm Test User and I do not exist." ], + "phone_number" : [ "1111111111" ], + "locale" : [ "en" ], + "favorite_media" : [ "movies", "series" ] + }, + "createdTimestamp" : 1716183898408, + "enabled" : true, + "totp" : false, + "credentials" : [ { + "id" : "576982e2-6fb3-4752-8724-5ff390ea8301", + "type" : "password", + "userLabel" : "My password", + "createdDate" : 1716183916529, + "secretData" : "{\"value\":\"9hwJ989FAr0UgT0MfffNYSI6Zf/3qT/y17DTUcwbiEM=\",\"salt\":\"C3ZnHzgPd+0Lemw4olCOgA==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":5,\"algorithm\":\"argon2\",\"additionalParameters\":{\"hashLength\":[\"32\"],\"memory\":[\"7168\"],\"type\":[\"id\"],\"version\":[\"1.3\"],\"parallelism\":[\"1\"]}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-myrealm" ], + "notBefore" : 0, + "groups" : [ ] + } ], + "scopeMappings" : [ { + "clientScope" : "offline_access", + "roles" : [ "offline_access" ] + } ], + "clientScopeMappings" : { + "account" : [ { + "client" : "account-console", + "roles" : [ "manage-account", "view-groups" ] + } ] + }, + "clients" : [ { + "id" : "7221ef76-9d96-49ad-88a6-9f72eeeb0aa7", + "clientId" : "account", + "name" : "${client_account}", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/myrealm/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/realms/myrealm/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "realm_client" : "false", + "post.logout.redirect.uris" : "+" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "basic", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "d8f14dc4-5f0f-4a1d-8c0b-cfe78ee55cb3", + "clientId" : "account-console", + "name" : "${client_account-console}", + "description" : "", + "rootUrl" : "${authBaseUrl}", + "adminUrl" : "", + "baseUrl" : "/realms/myrealm/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "*" ], + "webOrigins" : [ "*" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "realm_client" : "false", + "oidc.ciba.grant.enabled" : "false", + "backchannel.logout.session.required" : "true", + "post.logout.redirect.uris" : "+", + "oauth2.device.authorization.grant.enabled" : "false", + "display.on.consent.screen" : "false", + "pkce.code.challenge.method" : "S256", + "backchannel.logout.revoke.offline.tokens" : "false" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "08d7bc08-2ff3-44ea-9d65-fa1c4ca35646", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { } + } ], + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "basic", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "953c597f-faef-4abc-88dc-4fbc9501170c", + "clientId" : "admin-cli", + "name" : "${client_admin-cli}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : false, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "realm_client" : "false", + "client.use.lightweight.access.token.enabled" : "true", + "post.logout.redirect.uris" : "+" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "basic", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "f5e032da-c8ab-48c2-959c-8466ad1e6a09", + "clientId" : "broker", + "name" : "${client_broker}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : true, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "realm_client" : "true", + "post.logout.redirect.uris" : "+" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "basic", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "8fba88fa-61e9-45a4-893d-ab102973ebf6", + "clientId" : "myclient", + "name" : "", + "description" : "", + "rootUrl" : "https://my-theme.keycloakify.dev", + "adminUrl" : "https://my-theme.keycloakify.dev", + "baseUrl" : "https://my-theme.keycloakify.dev", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "https://my-theme.keycloakify.dev/*", "http://localhost*", "http://127.0.0.1*" ], + "webOrigins" : [ "*" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : true, + "protocol" : "openid-connect", + "attributes" : { + "realm_client" : "false", + "oidc.ciba.grant.enabled" : "false", + "backchannel.logout.session.required" : "true", + "login_theme" : "keycloakify-starter", + "post.logout.redirect.uris" : "https://my-theme.keycloakify.dev/*##http://localhost*##http://127.0.0.1*", + "oauth2.device.authorization.grant.enabled" : "false", + "display.on.consent.screen" : "false", + "backchannel.logout.revoke.offline.tokens" : "false" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : -1, + "protocolMappers" : [ { + "id" : "91a196c1-f93c-48a5-aced-b8d60fb09b62", + "name" : "Favourite Pet", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "favourite_pet", + "id.token.claim" : "true", + "lightweight.claim" : "false", + "access.token.claim" : "true", + "claim.name" : "favourite_pet", + "jsonType.label" : "String" + } + } ], + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "basic", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", + "clientId" : "realm-management", + "name" : "${client_realm-management}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : true, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "realm_client" : "true", + "post.logout.redirect.uris" : "+" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "basic", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "fce8a109-6f32-4814-9a20-2ff2435d2da6", + "clientId" : "security-admin-console", + "name" : "${client_security-admin-console}", + "rootUrl" : "${authAdminUrl}", + "baseUrl" : "/admin/myrealm/console/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/admin/myrealm/console/*" ], + "webOrigins" : [ "+" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "realm_client" : "false", + "client.use.lightweight.access.token.enabled" : "true", + "post.logout.redirect.uris" : "+", + "pkce.code.challenge.method" : "S256" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "52192d19-0406-41b7-b995-b099bdbaa448", + "name" : "locale", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "locale", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "locale", + "jsonType.label" : "String" + } + } ], + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "basic", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + } ], + "clientScopes" : [ { + "id" : "6a955b1e-f0e2-49fa-b3c9-bd59ed1fcd4f", + "name" : "web-origins", + "description" : "OpenID Connect scope for add allowed web origins to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "consent.screen.text" : "", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "3a392f70-ed70-424a-b60b-82db32b83df8", + "name" : "allowed web origins", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-allowed-origins-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "access.token.claim" : "true" + } + } ] + }, { + "id" : "9cda058d-9935-4c8b-844d-c163d10f7c3c", + "name" : "address", + "description" : "OpenID Connect built-in scope: address", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "consent.screen.text" : "${addressScopeConsentText}", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "a053d8ec-b267-4e5a-a424-3b14bef9cd15", + "name" : "address", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-address-mapper", + "consentRequired" : false, + "config" : { + "user.attribute.formatted" : "formatted", + "user.attribute.country" : "country", + "introspection.token.claim" : "true", + "user.attribute.postal_code" : "postal_code", + "userinfo.token.claim" : "true", + "user.attribute.street" : "street", + "id.token.claim" : "true", + "user.attribute.region" : "region", + "access.token.claim" : "true", + "user.attribute.locality" : "locality" + } + } ] + }, { + "id" : "6225f4c7-ad5c-42ea-b7d4-5bb4e7c77459", + "name" : "phone", + "description" : "OpenID Connect built-in scope: phone", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "consent.screen.text" : "${phoneScopeConsentText}", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "5052be82-243f-41b0-a214-4f01935180e5", + "name" : "phone number", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "phoneNumber", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "phone_number", + "jsonType.label" : "String" + } + }, { + "id" : "4d31d278-e6ef-4b8b-97cb-4da9626d0e93", + "name" : "phone number verified", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "phoneNumberVerified", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "phone_number_verified", + "jsonType.label" : "boolean" + } + } ] + }, { + "id" : "9357440c-6200-41a1-a447-0ec97895763e", + "name" : "basic", + "description" : "OpenID Connect scope for add all basic claims to the token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "bf9cb6c6-71a4-4bf9-8c60-ed58adcc2258", + "name" : "auth_time", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usersessionmodel-note-mapper", + "consentRequired" : false, + "config" : { + "user.session.note" : "AUTH_TIME", + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "auth_time", + "jsonType.label" : "long" + } + }, { + "id" : "679c8292-1abb-4d96-bacc-671303765f9b", + "name" : "sub", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-sub-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "access.token.claim" : "true" + } + } ] + }, { + "id" : "0ec225e7-253b-4a01-85e1-68daf3df3eba", + "name" : "role_list", + "description" : "SAML role list", + "protocol" : "saml", + "attributes" : { + "consent.screen.text" : "${samlRoleListScopeConsentText}", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "a55cf74e-ce68-4ebd-9c24-dc3fd6a9cfa5", + "name" : "role list", + "protocol" : "saml", + "protocolMapper" : "saml-role-list-mapper", + "consentRequired" : false, + "config" : { + "single" : "false", + "attribute.nameformat" : "Basic", + "attribute.name" : "Role" + } + } ] + }, { + "id" : "e2f1dd86-00a2-4374-b888-7211f748c58d", + "name" : "offline_access", + "description" : "OpenID Connect built-in scope: offline_access", + "protocol" : "openid-connect", + "attributes" : { + "consent.screen.text" : "${offlineAccessScopeConsentText}", + "display.on.consent.screen" : "true" + } + }, { + "id" : "e86456b8-0663-448e-ad16-7d520d0c448e", + "name" : "profile", + "description" : "OpenID Connect built-in scope: profile", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "consent.screen.text" : "${profileScopeConsentText}", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "569c799d-79f2-4b2b-a1ec-3661e3d8d433", + "name" : "gender", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "gender", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "gender", + "jsonType.label" : "String" + } + }, { + "id" : "2d01eb48-77c3-4c83-a864-755699cb7e7c", + "name" : "updated at", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "updatedAt", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "updated_at", + "jsonType.label" : "long" + } + }, { + "id" : "a9700270-006f-4a85-8458-f39644659029", + "name" : "locale", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "locale", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "locale", + "jsonType.label" : "String" + } + }, { + "id" : "3a7bca96-0839-4d1e-b37d-6e624f37facb", + "name" : "profile", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "profile", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "profile", + "jsonType.label" : "String" + } + }, { + "id" : "2a41be1c-872a-4b3e-9051-71ebd5d140c1", + "name" : "website", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "website", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "website", + "jsonType.label" : "String" + } + }, { + "id" : "9fe5e57d-ee79-4b8b-9ab2-345093a1fdbf", + "name" : "full name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-full-name-mapper", + "consentRequired" : false, + "config" : { + "id.token.claim" : "true", + "introspection.token.claim" : "true", + "access.token.claim" : "true", + "userinfo.token.claim" : "true" + } + }, { + "id" : "bda9e4e7-4de0-455d-bace-4e94b1dab5ad", + "name" : "nickname", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "nickname", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "nickname", + "jsonType.label" : "String" + } + }, { + "id" : "312a0b4d-46b8-42e0-b162-e5869b317b36", + "name" : "zoneinfo", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "zoneinfo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "zoneinfo", + "jsonType.label" : "String" + } + }, { + "id" : "4f8ac9bc-e32d-4ebb-bb85-b9a94a459aa1", + "name" : "username", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "preferred_username", + "jsonType.label" : "String" + } + }, { + "id" : "bebdf0c7-6f0f-4b08-a327-50af837c82b9", + "name" : "family name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "lastName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "family_name", + "jsonType.label" : "String" + } + }, { + "id" : "d96d9686-f4e0-479a-9855-cfc526a35294", + "name" : "middle name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "middleName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "middle_name", + "jsonType.label" : "String" + } + }, { + "id" : "66ad8239-e1df-4f9d-9cb7-d35f23f95f37", + "name" : "given name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "firstName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "given_name", + "jsonType.label" : "String" + } + }, { + "id" : "ece8245b-16ae-4322-bc78-f8d5f671640a", + "name" : "picture", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "picture", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "picture", + "jsonType.label" : "String" + } + }, { + "id" : "384cf049-0fed-47e2-8b11-06cf6c03465d", + "name" : "birthdate", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "birthdate", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "birthdate", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "49e85de9-edd1-4a9e-a2b0-e9c663d4dd9a", + "name" : "email", + "description" : "OpenID Connect built-in scope: email", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "consent.screen.text" : "${emailScopeConsentText}", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "d458e6fc-b414-4b45-b9e1-99342d7d2bba", + "name" : "email", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "email", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email", + "jsonType.label" : "String" + } + }, { + "id" : "2b73ce63-0443-46dc-b35c-1148edb976ab", + "name" : "email verified", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "emailVerified", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email_verified", + "jsonType.label" : "boolean" + } + } ] + }, { + "id" : "71303f6d-348a-4892-9d6f-dc9a2d2e4b14", + "name" : "microprofile-jwt", + "description" : "Microprofile - JWT built-in scope", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "498cbff6-a650-4a09-8192-5defaa50f33b", + "name" : "upn", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "upn", + "jsonType.label" : "String" + } + }, { + "id" : "eb8585bc-ca30-410e-9f92-0d63665f5ed6", + "name" : "groups", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "multivalued" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "foo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "groups", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "62b8c264-2c10-48c6-803f-b7606a89e0d9", + "name" : "roles", + "description" : "OpenID Connect scope for add user roles to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "consent.screen.text" : "${rolesScopeConsentText}", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "0c18ca55-df63-4071-81f9-43f5d077c015", + "name" : "realm roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "foo", + "introspection.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "realm_access.roles", + "jsonType.label" : "String", + "multivalued" : "true" + } + }, { + "id" : "6de6510d-d7f3-4289-a10f-4c21289313a4", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "access.token.claim" : "true" + } + }, { + "id" : "a5851eb2-bfc5-4a0a-8a49-92f4fc8c5041", + "name" : "client roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-client-role-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "foo", + "introspection.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "resource_access.${client_id}.roles", + "jsonType.label" : "String", + "multivalued" : "true" + } + } ] + }, { + "id" : "bfc69775-83af-4816-82fd-d1c42687fb5e", + "name" : "acr", + "description" : "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "8e2027d5-32dd-4a87-a7ec-00e5316c5617", + "name" : "acr loa level", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-acr-mapper", + "consentRequired" : false, + "config" : { + "id.token.claim" : "true", + "introspection.token.claim" : "true", + "access.token.claim" : "true", + "userinfo.token.claim" : "true" + } + } ] + } ], + "defaultDefaultClientScopes" : [ "role_list", "profile", "email", "roles", "web-origins", "acr", "basic" ], + "defaultOptionalClientScopes" : [ "offline_access", "address", "phone", "microprofile-jwt" ], + "browserSecurityHeaders" : { + "contentSecurityPolicyReportOnly" : "", + "xContentTypeOptions" : "nosniff", + "referrerPolicy" : "no-referrer", + "xRobotsTag" : "none", + "xFrameOptions" : "SAMEORIGIN", + "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "xXSSProtection" : "1; mode=block", + "strictTransportSecurity" : "max-age=31536000; includeSubDomains" + }, + "smtpServer" : { }, + "loginTheme" : "keycloakify-starter", + "accountTheme" : "keycloakify-starter", + "adminTheme" : "", + "emailTheme" : "", + "eventsEnabled" : false, + "eventsListeners" : [ "jboss-logging" ], + "enabledEventTypes" : [ ], + "adminEventsEnabled" : false, + "adminEventsDetailsEnabled" : false, + "identityProviders" : [ ], + "identityProviderMappers" : [ ], + "components" : { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ { + "id" : "67526992-f0ce-42ff-a0fb-af267192ff70", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allow-default-scopes" : [ "true" ] + } + }, { + "id" : "64a2f718-da10-45d9-a75a-69c156a7ccd8", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "saml-user-property-mapper", "saml-role-list-mapper", "saml-user-attribute-mapper", "oidc-address-mapper", "oidc-full-name-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper" ] + } + }, { + "id" : "4d3e104f-6fdf-45eb-b756-5fef6840fbed", + "name" : "Consent Required", + "providerId" : "consent-required", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "c647e85f-6700-4d66-84f2-4a869e467735", + "name" : "Max Clients Limit", + "providerId" : "max-clients", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "max-clients" : [ "200" ] + } + }, { + "id" : "51f41974-f7e5-4e7d-b486-5bd652a98e93", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "oidc-usermodel-attribute-mapper", "oidc-address-mapper", "saml-role-list-mapper", "oidc-full-name-mapper", "oidc-usermodel-property-mapper", "saml-user-property-mapper", "saml-user-attribute-mapper", "oidc-sha256-pairwise-sub-mapper" ] + } + }, { + "id" : "8f7d6ece-e956-4e48-95ab-5ab72b2b7c9a", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "allow-default-scopes" : [ "true" ] + } + }, { + "id" : "e60b1167-cdee-4173-be99-3dad6a536b4a", + "name" : "Trusted Hosts", + "providerId" : "trusted-hosts", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "host-sending-registration-request-must-match" : [ "true" ], + "client-uris-must-match" : [ "true" ] + } + }, { + "id" : "5ba8b893-ab01-430b-9092-32646a50a662", + "name" : "Full Scope Disabled", + "providerId" : "scope", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + } ], + "org.keycloak.userprofile.UserProfileProvider" : [ { + "id" : "237022c6-9443-46b3-902e-210e14c3c9a8", + "providerId" : "declarative-user-profile", + "subComponents" : { }, + "config" : { + "kc.user.profile.config" : [ "{\"attributes\":[{\"name\":\"username\",\"displayName\":\"${username}\",\"validations\":{\"length\":{\"min\":3,\"max\":255},\"username-prohibited-characters\":{},\"up-username-not-idn-homograph\":{}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"email\",\"displayName\":\"${email}\",\"validations\":{\"email\":{},\"length\":{\"max\":255}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"firstName\",\"displayName\":\"${firstName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"lastName\",\"displayName\":\"${lastName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"favourite_pet\",\"displayName\":\"${profile.attributes.favourite_pet}\",\"validations\":{\"options\":{\"options\":[\"cat\",\"dog\",\"bird\"]}},\"annotations\":{\"inputType\":\"select\",\"inputOptionLabelsI18nPrefix\":\"profile.attributes.favourite_pet\"},\"required\":{\"roles\":[\"admin\",\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false}],\"groups\":[{\"name\":\"user-metadata\",\"displayHeader\":\"User metadata\",\"displayDescription\":\"Attributes, which refer to user metadata\"}]}" ] + } + } ], + "org.keycloak.keys.KeyProvider" : [ { + "id" : "5f3c1765-8810-419f-9c18-4a2db0e874e7", + "name" : "rsa-generated", + "providerId" : "rsa-generated", + "subComponents" : { }, + "config" : { + "privateKey" : [ "MIIEogIBAAKCAQEA2mfownRnTfANePqv6MfBRedJZE/u/tDreYJzHnsLZ6zAWGDZv/Pj6qZmOdhmkGYAMpuxboQ8EVwn+5u+NPYKP6XaeU2uKMszdVVlZ0wqdAamN0XoWtZQ0xwWI9gAdqv90ZWyX6iqo6QpxdlbvAL96nQz8jXUZebs8ddQSWnOwkMUFhKeRnjWhpTC+UzW8PzrD9OY2vhS+82eZHMJw8cvpAMXvsxdW608wm997y7/upbYgw8jcFqZQXMQjF63pvDwnKIITxR0kuwuR9Hiq2s7D8oNGVMIDze8gBpz9ictebdTmt80GGcxQTUbzexRVFxUXI4D7EbGjuu8/edhayiIXQIDAQABAoIBAAyCGZ5+tCaOh6GqGcZRymE1LHWGQ8BsOVAthxJJJw9k9rnDsjTVbvQoBirB7f3PGavMUY5sHFSSMT1ZChJWak0tiSRGrUwWIc2nz7WUHcpPUdhQifd0gWSAc0l85r86fRWHu+jRQWnlzk6lHXqDDAUQFU7bLl2NACee69uIfRg69sM/XGcZZCflWJT3T4bIxTjaeZtrq6K7OtWM3wmJ8QHYXJrnwitqGvrGT7fR+z0gAA7ZCtFDgeBeiH7RErBKv+vepP8VCx3xNHYLygNEx2kXjew5D3zz/vT7X9u2HkNl7ZgMdxebha5w8IazSZ0lEkHqk7+bhu+G0u1G2e7wjwECgYEA/FlNy569IYsIn6VQn8TVxftWpz4i4N2gLikVPWm65wzxkYVDDyvqJZ1ovzw1w4QEZ6aUHrjLVnP61gQt+DGPJ+7rvDnDlCvW99Wj2/3uvV7OQn73ffQs39eHUb/SokRX4z/ht53eVPnyQq4GHGxBSFa4o4Jb2Ju8F2oFAdxVqRECgYEA3ZDhlY6C1BZ0XqVilPjXetFk27+Twm/rlLy0hClrJMYVLT49kaFriE5/ni24L3ON/reqSQnih+0uJLR2fPpsC7ShaZzFOPUzyXVYfeAKimLvfZc+dTvRB4QhTwSKnDO5ChfquFAo1FLQVRouwaeJN75jOPphzF29h6atxadjyo0CgYBw7UXzKUZaDG3/g2thFCTWRHOyxAu3tXZJMflfUkFhxFkWVhx8XZqa2qZVbgxhQmL2P4VpeikEt0I5JAWuW/9ET5cO1IrBdBzvK5v4htqfxB1phIgcxXiPc1QLMVyBYTQzbhMEqJEmVfQkAtyZO5i7VpOqGFwhww+ZKsiy3Hc5AQKBgCHVth04nhH1O+AYMW2+cml3AIfuQYo3vSoBhy+Hg60h8qnuD0jl9Z3jHunw4Wedpdl4ArEUqVtIhPtl85IyS72d3+hY4GVKTJY/LTxLslBfu2LabddJQyp6qvt+HgyseV1pOZbb5uBFpTrZvLol83ZnxI827ShgSEkm0vKUFVEhAoGAbut8nONPSNR7H9zqww2IOzIY2CUQEDaUqnjKLBpvc8Jszo2vW3HbFH/eWfh5Gmah3H/wIlXEwd5TPzMxO8IuM97VTWFPUkX6Y9qwqBPYncmGioL1uq9ogwHsfmlacS2IBrAlyfKFRNfVzlkUKqzYvRROCxVVVnJDGg9KIwYWqBk=" ], + "certificate" : [ "MIICnTCCAYUCBgGTumCK8TANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdteXJlYWxtMB4XDTI0MTIxMjEwMTY0OVoXDTM0MTIxMjEwMTgyOVowEjEQMA4GA1UEAwwHbXlyZWFsbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANpn6MJ0Z03wDXj6r+jHwUXnSWRP7v7Q63mCcx57C2eswFhg2b/z4+qmZjnYZpBmADKbsW6EPBFcJ/ubvjT2Cj+l2nlNrijLM3VVZWdMKnQGpjdF6FrWUNMcFiPYAHar/dGVsl+oqqOkKcXZW7wC/ep0M/I11GXm7PHXUElpzsJDFBYSnkZ41oaUwvlM1vD86w/TmNr4UvvNnmRzCcPHL6QDF77MXVutPMJvfe8u/7qW2IMPI3BamUFzEIxet6bw8JyiCE8UdJLsLkfR4qtrOw/KDRlTCA83vIAac/YnLXm3U5rfNBhnMUE1G83sUVRcVFyOA+xGxo7rvP3nYWsoiF0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAkiufTKtcxcf8AA8eP31R12Kc+OzyqXlm72Ga7Rbq3p9TwnMDcAsV01zQU48GQcVkQNCXtu8ldePat/Nug6BcuVqdaT9Uez5EvZcC8lPqTMnW9m3Rg6ynL3b+o3GMIE1keAGW38zvIT1Z/YSBAUJH724bSD4yZCG2HbGok8lRH575TqgkLrNrLCBHHUr9cktEh8ENZgJRrKeUBU4r6EJ7D7gItqEoyAEKy37KRQyyE+s7LMTtQYvSSuM4teJfSON7lNXveWffbPbpbirb9K8Me3rYLGCLT0FX6nhdPiQcKpoNFDPmzDrFXD97KSBJUsvMQ2LaBHV9hWo9BSeVl8Lkqg==" ], + "priority" : [ "100" ] + } + }, { + "id" : "e586f825-a25a-4833-a38e-4c6484ad17fd", + "name" : "rsa-enc-generated", + "providerId" : "rsa-enc-generated", + "subComponents" : { }, + "config" : { + "privateKey" : [ "MIIEowIBAAKCAQEAuFPumVkEu26jQZ3+lI0Ipkflg25RKOfW9reECSScPo33syk7YstukJbtjabrBb6OwNS8sz3xoQg4oW0UzQXCeyA5PzDmQuQK/uNyF9CJJm5LUu7uaVz77Kcsv5+zz14t4+PMQVl39xFTB41KPs26AqXY2LOtkM2fXH9Hrr0psIGUYvDBp9vn/Q2OILARMD5jw8Oa843jADUo0qYHIHJy7XmmXkAjj7vWLu6LJdSUhn7J+YJ8Mf+E4uS347OMNAawqnEyb/sh5jhSJ9j6utZUI/r1KLNNFrwSJjF1Ahm9oaKS3p/fr9WuzKvbMughSb4uLRV28IYULeqwFJwWahF33QIDAQABAoIBACvxlohoeIBWuAUErZSsqss5iLX0rtSZsN3QkmG7oKQpJExKICZFaW5/DNMgYBdWfqHqFbKFqf1CAH47iyH1pY/E9uDhv4Ni6lwpzSFwTcIjuUFkROJJkKWylTB52lwtj7Mss51AvyDfuHOsc27VjOrkrvW6oD5NRxi+H1DBOBcj5Mpm9dMDcTAZ446gJo7R7qlq/4SCgiegdgw7K7XGYzecxGtPbQIZn8HJb8R6G4FvO54StN/YwGu4bbe/ociPgzPg+AknptqMRWbejlleikZXSEqeoRUBUVWB/mDmL5V6qTipf1WKbOp6gvFfHFbPaBOMqpQiQMdVH4OXeWdPfAECgYEA99MN5irsPk3FLWPslugbM9IYlDpnxpQpqCALLq3OcuisPcv/bBjsKyPkwV35xJet951ILVDn+1OMcucP/nxlRam3n3L0T+0k5i4hAoUX9Eg5cXTLvIDHFineCDRxDRwTdzbTknfLo0MFowqrRB83GqDjDAOctQaCZBa2aOMHfj0CgYEAvmihtOsF4K4vBPj/863ZCXuJld7/dtUg6Cye6PLNiUruPly1gQpuHSiDAxjU6fW31WtUWEZ0uyqHsm+jymeE6XCZZTTfO9mQvEa6owJHr95aHUw81mReh/+t8Bk3sLlMil0rNDLEZrB1Xl54rJHB8x9SkCOfwU6ig/OO86zoGiECgYBco0ZEzbK1r3iPeRTNbEIO4vBRKGv2bRgNQr0rW8kaZyNLjmASVlah4a73IVvmQxTCxMZgOigdaKPNp9XwuStaGREMx3nQDsOGT6QDPyEvLXhbkt89vZ2uCUR4KLJBxkb4f0QjMiirBLiss6ZFtq1whMeajBceDCrdoyfYmVUJuQKBgBr/4TYzQVEbweUVnc2i8CytDNRom5bxH8psUVg83bJDIsdLBB25KeYOkY1F3yMRybCEmKAv1WuY20cNF4+i4DDt24KDXcgx0Jkx+lMVBq9Ee0i+P74y20izk6mBGemATP8tuOuc60aYbPwlrzzhKjxcS6vOsV+K0/ab+cBJ21uhAoGBAMyoy7slbcRrcqGLApTqamXqsYdu5SzHyHInQPInW7ZPCyuQ98n6XsWpgRFUp/EPbXDqppRusvBiTQ+clNOZeuvCDO/cW4oaBwPvBi4zaTU7iNaM59jmtswGmO40tR0DEYP50O9I77uFKsy8xLxv0AhtyecDgrn8lW6QSPAhFsqy" ], + "certificate" : [ "MIICnTCCAYUCBgGTumCMMTANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdteXJlYWxtMB4XDTI0MTIxMjEwMTY0OVoXDTM0MTIxMjEwMTgyOVowEjEQMA4GA1UEAwwHbXlyZWFsbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALhT7plZBLtuo0Gd/pSNCKZH5YNuUSjn1va3hAkknD6N97MpO2LLbpCW7Y2m6wW+jsDUvLM98aEIOKFtFM0FwnsgOT8w5kLkCv7jchfQiSZuS1Lu7mlc++ynLL+fs89eLePjzEFZd/cRUweNSj7NugKl2NizrZDNn1x/R669KbCBlGLwwafb5/0NjiCwETA+Y8PDmvON4wA1KNKmByBycu15pl5AI4+71i7uiyXUlIZ+yfmCfDH/hOLkt+OzjDQGsKpxMm/7IeY4UifY+rrWVCP69SizTRa8EiYxdQIZvaGikt6f36/Vrsyr2zLoIUm+Li0VdvCGFC3qsBScFmoRd90CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAUjXK1g0j5VqmG+5YwGrvuLT4FwRXf9pDKGhWbRQRk8OTyLv5UkWhYy8owoNyLUYPLTY0ELBKbAPxA+uggHwNX+6I8pb01zirpTLtTtFLsmsGRhFeHNeaUKVseFz09CLXQTmS9kGcdMvwgd/yMEe0VLVt+V0Bw8u5BZk/J8Lv6ArjkKaX8PhJYFv35N+WkHkcW9GM4WlrTxnthpraDVeTjY49aWSSkLSE+hQv3fLG5VIj0j0/2lijBJ3xtP4adBlab32k6Kvw4ywQoaMi0iUeEHX10+4dZ6VEnObjNmX0r2FS+0XE8KjE1yus1r/XBovYltf5AiMVyJISwVWqtpctig==" ], + "priority" : [ "100" ], + "algorithm" : [ "RSA-OAEP" ] + } + }, { + "id" : "d85dae25-3728-46a0-980b-46171ba50cdd", + "name" : "aes-generated", + "providerId" : "aes-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "a564ea32-7bf8-4983-a1e3-d427815b5e65" ], + "secret" : [ "nGQV8nxA1MTSxdbQ4O1inw" ], + "priority" : [ "100" ] + } + }, { + "id" : "8c3bb039-6f5b-4bdc-9faa-e0f6038d9e6b", + "name" : "hmac-generated-hs512", + "providerId" : "hmac-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "029772e3-eb42-4338-a15e-b20c068f787e" ], + "secret" : [ "rHz9EUPQsdU8Uzn9Mm2n_H6YzPJJQmXN3XiD9SrYXCsOQ2Gii2eZdWM6sfP2i736V2pV2XAZvklYWQeLPn62mzBsim_CiTjXcLOuScvLCEuORxM5w6p50h7ph8GYXRQK05MSPWzkvQgjG48E05zlZcMAFvNc86yWFVLbuPrI-nw" ], + "priority" : [ "100" ], + "algorithm" : [ "HS512" ] + } + } ] + }, + "internationalizationEnabled" : true, + "supportedLocales" : [ "en", "fr", "es" ], + "defaultLocale" : "en", + "authenticationFlows" : [ { + "id" : "0e1abbbe-40e3-4754-9fe2-8a7d1f82354e", + "alias" : "Account verification options", + "description" : "Method with which to verity the existing account", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-email-verification", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Verify Existing Account by Re-authentication", + "userSetupAllowed" : false + } ] + }, { + "id" : "f279cc4d-ebed-4390-a5d4-0cbb6dd662ae", + "alias" : "Browser - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-otp-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "6926f455-0fd0-4ac6-9fc1-333b86c4150f", + "alias" : "Direct Grant - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "direct-grant-validate-otp", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "b11840e7-21ec-4200-bf3c-c7853646a908", + "alias" : "First broker login - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-otp-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "615b4d0e-e71e-4c96-aed3-b03b34b61808", + "alias" : "Handle Existing Account", + "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-confirm-link", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Account verification options", + "userSetupAllowed" : false + } ] + }, { + "id" : "36958ec5-62d7-4d51-8b30-7a6709476aec", + "alias" : "Reset - Conditional OTP", + "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-otp", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "aa4a7ac2-ec63-48ea-a70f-b3f18992b99a", + "alias" : "User creation or linking", + "description" : "Flow for the existing/non-existing user alternatives", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "create unique user config", + "authenticator" : "idp-create-user-if-unique", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Handle Existing Account", + "userSetupAllowed" : false + } ] + }, { + "id" : "dafdfc68-72eb-49b2-a8f4-495ee25fba21", + "alias" : "Verify Existing Account by Re-authentication", + "description" : "Reauthentication of existing account", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-username-password-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "First broker login - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "6a39b6db-c81e-4de4-92a8-a9e504593f2e", + "alias" : "browser", + "description" : "browser based authentication", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-cookie", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-spnego", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "identity-provider-redirector", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 25, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 30, + "autheticatorFlow" : true, + "flowAlias" : "forms", + "userSetupAllowed" : false + } ] + }, { + "id" : "6fa840df-bc04-4045-9e33-8901d183b165", + "alias" : "clients", + "description" : "Base authentication for clients", + "providerId" : "client-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "client-secret", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-jwt", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-secret-jwt", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 30, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-x509", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 40, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "4aa24ca0-ad09-4f30-806b-4c699724d731", + "alias" : "direct grant", + "description" : "OpenID Connect Resource Owner Grant", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "direct-grant-validate-username", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "direct-grant-validate-password", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 30, + "autheticatorFlow" : true, + "flowAlias" : "Direct Grant - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "0a914ba4-f662-4b85-af64-74738a222b7f", + "alias" : "docker auth", + "description" : "Used by Docker clients to authenticate against the IDP", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "docker-http-basic-authenticator", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "9b40f15f-b690-4fe2-9fe8-07e77d965297", + "alias" : "first broker login", + "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "review profile config", + "authenticator" : "idp-review-profile", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "User creation or linking", + "userSetupAllowed" : false + } ] + }, { + "id" : "c8a9848f-8dd8-4e13-b521-0a537d92ec36", + "alias" : "forms", + "description" : "Username, password, otp and other auth forms.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-username-password-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Browser - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "603957f8-b0a5-4885-aafd-e2757e431954", + "alias" : "registration", + "description" : "registration flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-page-form", + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : true, + "flowAlias" : "registration form", + "userSetupAllowed" : false + } ] + }, { + "id" : "f41632f9-7fad-427d-ae7a-78ac9b1f51d0", + "alias" : "registration form", + "description" : "registration form", + "providerId" : "form-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-user-creation", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "registration-password-action", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 50, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "registration-recaptcha-action", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 60, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "registration-terms-and-conditions", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 70, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "27a133ca-e05e-4c93-a3b7-ffe14b4e62ec", + "alias" : "reset credentials", + "description" : "Reset credentials for a user if they forgot their password or something", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "reset-credentials-choose-user", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-credential-email", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-password", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 30, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 40, + "autheticatorFlow" : true, + "flowAlias" : "Reset - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "06cd7382-4944-4499-94dc-9908544e291b", + "alias" : "saml ecp", + "description" : "SAML ECP Profile Authentication Flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "http-basic-authenticator", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + } ], + "authenticatorConfig" : [ { + "id" : "5f953def-6f7c-430f-a33f-440ec2d2dddd", + "alias" : "create unique user config", + "config" : { + "require.password.update.after.registration" : "false" + } + }, { + "id" : "b3dad9a1-5b82-4e91-a250-157a45694e24", + "alias" : "review profile config", + "config" : { + "update.profile.on.first.login" : "missing" + } + } ], + "requiredActions" : [ { + "alias" : "CONFIGURE_TOTP", + "name" : "Configure OTP", + "providerId" : "CONFIGURE_TOTP", + "enabled" : true, + "defaultAction" : false, + "priority" : 10, + "config" : { } + }, { + "alias" : "TERMS_AND_CONDITIONS", + "name" : "Terms and Conditions", + "providerId" : "TERMS_AND_CONDITIONS", + "enabled" : true, + "defaultAction" : true, + "priority" : 20, + "config" : { } + }, { + "alias" : "UPDATE_PASSWORD", + "name" : "Update Password", + "providerId" : "UPDATE_PASSWORD", + "enabled" : true, + "defaultAction" : false, + "priority" : 30, + "config" : { } + }, { + "alias" : "UPDATE_PROFILE", + "name" : "Update Profile", + "providerId" : "UPDATE_PROFILE", + "enabled" : true, + "defaultAction" : false, + "priority" : 40, + "config" : { } + }, { + "alias" : "VERIFY_EMAIL", + "name" : "Verify Email", + "providerId" : "VERIFY_EMAIL", + "enabled" : true, + "defaultAction" : false, + "priority" : 50, + "config" : { } + }, { + "alias" : "delete_account", + "name" : "Delete Account", + "providerId" : "delete_account", + "enabled" : true, + "defaultAction" : false, + "priority" : 60, + "config" : { } + }, { + "alias" : "webauthn-register", + "name" : "Webauthn Register", + "providerId" : "webauthn-register", + "enabled" : true, + "defaultAction" : false, + "priority" : 70, + "config" : { } + }, { + "alias" : "webauthn-register-passwordless", + "name" : "Webauthn Register Passwordless", + "providerId" : "webauthn-register-passwordless", + "enabled" : true, + "defaultAction" : false, + "priority" : 80, + "config" : { } + }, { + "alias" : "VERIFY_PROFILE", + "name" : "Verify Profile", + "providerId" : "VERIFY_PROFILE", + "enabled" : true, + "defaultAction" : false, + "priority" : 90, + "config" : { } + }, { + "alias" : "delete_credential", + "name" : "Delete Credential", + "providerId" : "delete_credential", + "enabled" : true, + "defaultAction" : false, + "priority" : 100, + "config" : { } + }, { + "alias" : "update_user_locale", + "name" : "Update User Locale", + "providerId" : "update_user_locale", + "enabled" : true, + "defaultAction" : false, + "priority" : 1000, + "config" : { } + } ], + "browserFlow" : "browser", + "registrationFlow" : "registration", + "directGrantFlow" : "direct grant", + "resetCredentialsFlow" : "reset credentials", + "clientAuthenticationFlow" : "clients", + "dockerAuthenticationFlow" : "docker auth", + "firstBrokerLoginFlow" : "first broker login", + "attributes" : { + "cibaBackchannelTokenDeliveryMode" : "poll", + "cibaAuthRequestedUserHint" : "login_hint", + "clientOfflineSessionMaxLifespan" : "0", + "oauth2DevicePollingInterval" : "5", + "clientSessionIdleTimeout" : "0", + "clientOfflineSessionIdleTimeout" : "0", + "cibaInterval" : "5", + "realmReusableOtpCode" : "false", + "cibaExpiresIn" : "120", + "oauth2DeviceCodeLifespan" : "600", + "parRequestUriLifespan" : "60", + "clientSessionMaxLifespan" : "0", + "organizationsEnabled" : "false" + }, + "keycloakVersion" : "26.0.7", + "userManagedAccessAllowed" : false, + "organizationsEnabled" : false, + "clientProfiles" : { + "profiles" : [ ] + }, + "clientPolicies" : { + "policies" : [ ] + } +} \ No newline at end of file From 0cae2c68d829586b575e902513a17d54639307e4 Mon Sep 17 00:00:00 2001 From: Joseph Garrone Date: Fri, 13 Dec 2024 09:07:11 +0100 Subject: [PATCH 03/24] Add utils to edit the realm --- src/bin/start-keycloak/ParsedRealmJson.ts | 123 ++++++++ .../start-keycloak/makeRealmConfigTestable.ts | 271 ++++++++++++++++++ src/bin/start-keycloak/myrealm-realm-26.json | 46 +-- 3 files changed, 423 insertions(+), 17 deletions(-) create mode 100644 src/bin/start-keycloak/ParsedRealmJson.ts create mode 100644 src/bin/start-keycloak/makeRealmConfigTestable.ts diff --git a/src/bin/start-keycloak/ParsedRealmJson.ts b/src/bin/start-keycloak/ParsedRealmJson.ts new file mode 100644 index 00000000..e136ae8b --- /dev/null +++ b/src/bin/start-keycloak/ParsedRealmJson.ts @@ -0,0 +1,123 @@ +import { z } from "zod"; +import { assert, type Equals } from "tsafe/assert"; +import { is } from "tsafe/is"; +import { id } from "tsafe/id"; +import * as fs from "fs"; +import { join as pathJoin } from "path"; +import { getThisCodebaseRootDirPath } from "../tools/getThisCodebaseRootDirPath"; + +export type ParsedRealmJson = { + name: string; + users: { + id: string; + email: string; + username: string; + attributes: Record; + credentials: { + type: string /* "password" or something else */; + }[]; + clientRoles: Record; + }[]; + roles: { + client: { + name: string; + containerId: string; // client id + }[]; + }; + clients: { + id: string; + clientId: string; // example: realm-management + baseUrl?: string; + redirectUris?: string[]; + webOrigins?: string[]; + attributes?: { + "post.logout.redirect.uris"?: string; + }; + protocol?: string; + protocolMappers?: unknown[]; + }[]; +}; + +export function readRealmJsonFile(params: { + realmJsonFilePath: string; +}): ParsedRealmJson { + const { realmJsonFilePath } = params; + + const parsedRealmJson = JSON.parse( + fs.readFileSync(realmJsonFilePath).toString("utf8") + ) as unknown; + + const zParsedRealmJson = (() => { + type TargetType = ParsedRealmJson; + + const zTargetType = z.object({ + name: z.string(), + users: z.array( + z.object({ + id: z.string(), + email: z.string(), + username: z.string(), + attributes: z.record(z.unknown()), + credentials: z.array( + z.object({ + type: z.string() + }) + ), + clientRoles: z.record(z.array(z.string())) + }) + ), + roles: z.object({ + client: z.array( + z.object({ + name: z.string(), + containerId: z.string() + }) + ) + }), + clients: z.array( + z.object({ + id: z.string(), + clientId: z.string(), + baseUrl: z.string().optional(), + redirectUris: z.array(z.string()).optional(), + webOrigins: z.array(z.string()).optional(), + attributes: z + .object({ + "post.logout.redirect.uris": z.string().optional() + }) + .optional(), + protocol: z.string().optional(), + protocolMappers: z.array(z.unknown()).optional() + }) + ) + }); + + type InferredType = z.infer; + + assert>; + + return id>(zTargetType); + })(); + + zParsedRealmJson.parse(parsedRealmJson); + + assert(is(parsedRealmJson)); + + return parsedRealmJson; +} + +export function getDefaultConfig(params: { + keycloakMajorVersionNumber: number; +}): ParsedRealmJson { + const { keycloakMajorVersionNumber } = params; + + const realmJsonFilePath = pathJoin( + getThisCodebaseRootDirPath(), + "src", + "bin", + "start-keycloak", + `myrealm-realm-${keycloakMajorVersionNumber}.json` + ); + + return readRealmJsonFile({ realmJsonFilePath }); +} diff --git a/src/bin/start-keycloak/makeRealmConfigTestable.ts b/src/bin/start-keycloak/makeRealmConfigTestable.ts new file mode 100644 index 00000000..c43572f3 --- /dev/null +++ b/src/bin/start-keycloak/makeRealmConfigTestable.ts @@ -0,0 +1,271 @@ +import { assert } from "tsafe/assert"; +import { getDefaultConfig, type ParsedRealmJson } from "./ParsedRealmJson"; + +function addOrEditTestUser(params: { + parsedRealmJson: ParsedRealmJson; + keycloakMajorVersionNumber: number; +}): { username: string } { + const { parsedRealmJson, keycloakMajorVersionNumber } = params; + + const parsedRealmJson_default = getDefaultConfig({ keycloakMajorVersionNumber }); + + const [defaultUser_default] = parsedRealmJson_default.users; + + assert(defaultUser_default !== undefined); + + const defaultUser_preexisting = parsedRealmJson.users.find( + user => user.username === defaultUser_default.username + ); + + const newUser = structuredClone( + defaultUser_preexisting ?? + (() => { + const firstUser = parsedRealmJson.users[0]; + + if (firstUser === undefined) { + return undefined; + } + + const firstUserCopy = structuredClone(firstUser); + + firstUserCopy.id = defaultUser_default.id; + + return firstUserCopy; + })() ?? + defaultUser_default + ); + + newUser.username = defaultUser_default.username; + newUser.email = defaultUser_default.email; + + delete_existing_password_credential_if_any: { + const i = newUser.credentials.findIndex( + credential => credential.type === "password" + ); + + if (i === -1) { + break delete_existing_password_credential_if_any; + } + + newUser.credentials.splice(i, 1); + } + + { + const credential = defaultUser_default.credentials.find( + credential => credential.type === "password" + ); + + assert(credential !== undefined); + + newUser.credentials.push(credential); + } + + { + const nameByClientId = Object.fromEntries( + parsedRealmJson.clients.map(client => [client.id, client.clientId] as const) + ); + + newUser.clientRoles = {}; + + for (const clientRole of parsedRealmJson.roles.client) { + const clientName = nameByClientId[clientRole.containerId]; + + assert(clientName !== undefined); + + (newUser.clientRoles[clientName] ??= []).push(clientRole.name); + } + } + + if (defaultUser_preexisting === undefined) { + parsedRealmJson.users.push(newUser); + } else { + const i = parsedRealmJson.users.indexOf(defaultUser_preexisting); + assert(i !== -1); + parsedRealmJson.users[i] = newUser; + } + + return { username: newUser.username }; +} + +const TEST_APP_URL = "https://my-theme.keycloakify.dev"; + +function addOrEditClient(params: { + parsedRealmJson: ParsedRealmJson; + keycloakMajorVersionNumber: number; +}): { clientId: string } { + const { parsedRealmJson, keycloakMajorVersionNumber } = params; + + const parsedRealmJson_default = getDefaultConfig({ keycloakMajorVersionNumber }); + + const testClient_default = (() => { + const clients = parsedRealmJson_default.clients.filter(client => { + return JSON.stringify(client).includes(TEST_APP_URL); + }); + + assert(clients.length === 1); + + return clients[0]; + })(); + + const clientIds_builtIn = parsedRealmJson_default.clients + .map(client => client.clientId) + .filter(clientId => clientId !== testClient_default.clientId); + + const testClient_preexisting = (() => { + const clients = parsedRealmJson.clients + .filter(client => !clientIds_builtIn.includes(client.clientId)) + .filter(client => client.protocol === "openid-connect"); + + { + const client = clients.find( + client => client.clientId === testClient_default.clientId + ); + + if (client !== undefined) { + return client; + } + } + + { + const client = clients.find( + client => + client.redirectUris?.find(redirectUri => + redirectUri.startsWith(TEST_APP_URL) + ) !== undefined + ); + + if (client !== undefined) { + return client; + } + } + + const [client] = clients; + + if (client === undefined) { + return undefined; + } + + return client; + })(); + + let testClient: typeof testClient_default; + + if (testClient_preexisting !== undefined) { + testClient = testClient_preexisting; + } else { + testClient = structuredClone(testClient_default); + delete testClient.protocolMappers; + parsedRealmJson.clients.push(testClient); + } + + { + for (const redirectUri of [ + `${TEST_APP_URL}/*`, + "http://localhost*", + "http://127.0.0.1*" + ]) { + for (const propertyName of ["webOrigins", "redirectUris"] as const) { + const arr = (testClient[propertyName] ??= []); + + if (arr.includes(redirectUri)) { + continue; + } + + arr.push(redirectUri); + } + + { + if (testClient.attributes === undefined) { + testClient.attributes = {}; + } + + const arr = (testClient.attributes["post.logout.redirect.uris"] ?? "") + .split("##") + .map(s => s.trim()); + + if (!arr.includes(redirectUri)) { + arr.push(redirectUri); + testClient.attributes["post.logout.redirect.uris"] = arr.join("##"); + } + } + } + } + + return { clientId: testClient.clientId }; +} + +function editAccountConsoleAndSecurityAdminConsole(params: { + parsedRealmJson: ParsedRealmJson; +}) { + const { parsedRealmJson } = params; + + for (const clientId of ["account-console", "security-admin-console"]) { + const client = parsedRealmJson.clients.find( + client => client.clientId === clientId + ); + + assert(client !== undefined); + + { + for (const redirectUri of [ + `${TEST_APP_URL}/*`, + "http://localhost*", + "http://127.0.0.1*" + ]) { + for (const propertyName of ["webOrigins", "redirectUris"] as const) { + const arr = (client[propertyName] ??= []); + + if (arr.includes(redirectUri)) { + continue; + } + + arr.push(redirectUri); + } + + { + if (client.attributes === undefined) { + client.attributes = {}; + } + + const arr = (client.attributes["post.logout.redirect.uris"] ?? "") + .split("##") + .map(s => s.trim()); + + if (!arr.includes(redirectUri)) { + arr.push(redirectUri); + client.attributes["post.logout.redirect.uris"] = arr.join("##"); + } + } + } + } + } +} + +export function makeRealmConfigTestable(params: { + parsedRealmJson: ParsedRealmJson; + keycloakMajorVersionNumber: number; +}): { + realmName: string; + clientName: string; + username: string; +} { + const { parsedRealmJson, keycloakMajorVersionNumber } = params; + + const { username } = addOrEditTestUser({ + parsedRealmJson, + keycloakMajorVersionNumber + }); + + const { clientId } = addOrEditClient({ + parsedRealmJson, + keycloakMajorVersionNumber + }); + + editAccountConsoleAndSecurityAdminConsole({ parsedRealmJson }); + + return { + realmName: parsedRealmJson.name, + clientName: clientId, + username + }; +} diff --git a/src/bin/start-keycloak/myrealm-realm-26.json b/src/bin/start-keycloak/myrealm-realm-26.json index 3bd75116..6e5ee4bc 100644 --- a/src/bin/start-keycloak/myrealm-realm-26.json +++ b/src/bin/start-keycloak/myrealm-realm-26.json @@ -502,6 +502,11 @@ "disableableCredentialTypes" : [ ], "requiredActions" : [ ], "realmRoles" : [ "default-roles-myrealm" ], + "clientRoles" : { + "realm-management" : [ "manage-users", "create-client", "view-users", "view-realm", "query-realms", "impersonation", "view-events", "realm-admin", "manage-authorization", "manage-events", "view-authorization", "manage-clients", "query-users", "query-groups", "manage-realm", "query-clients", "manage-identity-providers", "view-identity-providers", "view-clients" ], + "broker" : [ "read-token" ], + "account" : [ "delete-account", "view-applications", "manage-account", "view-consent", "view-groups", "view-profile", "manage-account-links", "manage-consent" ] + }, "notBefore" : 0, "groups" : [ ] } ], @@ -574,7 +579,7 @@ "realm_client" : "false", "oidc.ciba.grant.enabled" : "false", "backchannel.logout.session.required" : "true", - "post.logout.redirect.uris" : "+", + "post.logout.redirect.uris" : "*", "oauth2.device.authorization.grant.enabled" : "false", "display.on.consent.screen" : "false", "pkce.code.challenge.method" : "S256", @@ -741,14 +746,16 @@ "id" : "fce8a109-6f32-4814-9a20-2ff2435d2da6", "clientId" : "security-admin-console", "name" : "${client_security-admin-console}", + "description" : "", "rootUrl" : "${authAdminUrl}", + "adminUrl" : "", "baseUrl" : "/admin/myrealm/console/", "surrogateAuthRequired" : false, "enabled" : true, "alwaysDisplayInConsole" : false, "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ "/admin/myrealm/console/*" ], - "webOrigins" : [ "+" ], + "redirectUris" : [ "*" ], + "webOrigins" : [ "*" ], "notBefore" : 0, "bearerOnly" : false, "consentRequired" : false, @@ -761,9 +768,14 @@ "protocol" : "openid-connect", "attributes" : { "realm_client" : "false", + "oidc.ciba.grant.enabled" : "false", "client.use.lightweight.access.token.enabled" : "true", - "post.logout.redirect.uris" : "+", - "pkce.code.challenge.method" : "S256" + "backchannel.logout.session.required" : "true", + "post.logout.redirect.uris" : "*", + "oauth2.device.authorization.grant.enabled" : "false", + "display.on.consent.screen" : "false", + "pkce.code.challenge.method" : "S256", + "backchannel.logout.revoke.offline.tokens" : "false" }, "authenticationFlowBindingOverrides" : { }, "fullScopeAllowed" : true, @@ -1333,8 +1345,8 @@ "adminTheme" : "", "emailTheme" : "", "eventsEnabled" : false, - "eventsListeners" : [ "jboss-logging" ], - "enabledEventTypes" : [ ], + "eventsListeners" : [ "keycloakify-logging", "jboss-logging" ], + "enabledEventTypes" : [ "SEND_RESET_PASSWORD", "UPDATE_CONSENT_ERROR", "GRANT_CONSENT", "VERIFY_PROFILE_ERROR", "REMOVE_TOTP", "REVOKE_GRANT", "UPDATE_TOTP", "LOGIN_ERROR", "CLIENT_LOGIN", "RESET_PASSWORD_ERROR", "UPDATE_CREDENTIAL", "IMPERSONATE_ERROR", "CODE_TO_TOKEN_ERROR", "CUSTOM_REQUIRED_ACTION", "OAUTH2_DEVICE_CODE_TO_TOKEN_ERROR", "RESTART_AUTHENTICATION", "IMPERSONATE", "UPDATE_PROFILE_ERROR", "LOGIN", "OAUTH2_DEVICE_VERIFY_USER_CODE", "UPDATE_PASSWORD_ERROR", "CLIENT_INITIATED_ACCOUNT_LINKING", "OAUTH2_EXTENSION_GRANT", "USER_DISABLED_BY_PERMANENT_LOCKOUT", "REMOVE_CREDENTIAL_ERROR", "TOKEN_EXCHANGE", "AUTHREQID_TO_TOKEN", "LOGOUT", "REGISTER", "DELETE_ACCOUNT_ERROR", "CLIENT_REGISTER", "IDENTITY_PROVIDER_LINK_ACCOUNT", "USER_DISABLED_BY_TEMPORARY_LOCKOUT", "DELETE_ACCOUNT", "UPDATE_PASSWORD", "CLIENT_DELETE", "FEDERATED_IDENTITY_LINK_ERROR", "IDENTITY_PROVIDER_FIRST_LOGIN", "CLIENT_DELETE_ERROR", "VERIFY_EMAIL", "CLIENT_LOGIN_ERROR", "RESTART_AUTHENTICATION_ERROR", "EXECUTE_ACTIONS", "REMOVE_FEDERATED_IDENTITY_ERROR", "TOKEN_EXCHANGE_ERROR", "PERMISSION_TOKEN", "FEDERATED_IDENTITY_OVERRIDE_LINK", "SEND_IDENTITY_PROVIDER_LINK_ERROR", "UPDATE_CREDENTIAL_ERROR", "EXECUTE_ACTION_TOKEN_ERROR", "OAUTH2_EXTENSION_GRANT_ERROR", "SEND_VERIFY_EMAIL", "OAUTH2_DEVICE_AUTH", "EXECUTE_ACTIONS_ERROR", "REMOVE_FEDERATED_IDENTITY", "OAUTH2_DEVICE_CODE_TO_TOKEN", "IDENTITY_PROVIDER_POST_LOGIN", "IDENTITY_PROVIDER_LINK_ACCOUNT_ERROR", "FEDERATED_IDENTITY_OVERRIDE_LINK_ERROR", "OAUTH2_DEVICE_VERIFY_USER_CODE_ERROR", "UPDATE_EMAIL", "REGISTER_ERROR", "REVOKE_GRANT_ERROR", "EXECUTE_ACTION_TOKEN", "LOGOUT_ERROR", "UPDATE_EMAIL_ERROR", "CLIENT_UPDATE_ERROR", "AUTHREQID_TO_TOKEN_ERROR", "INVITE_ORG_ERROR", "UPDATE_PROFILE", "CLIENT_REGISTER_ERROR", "FEDERATED_IDENTITY_LINK", "INVITE_ORG", "SEND_IDENTITY_PROVIDER_LINK", "SEND_VERIFY_EMAIL_ERROR", "RESET_PASSWORD", "CLIENT_INITIATED_ACCOUNT_LINKING_ERROR", "OAUTH2_DEVICE_AUTH_ERROR", "REMOVE_CREDENTIAL", "UPDATE_CONSENT", "REMOVE_TOTP_ERROR", "VERIFY_EMAIL_ERROR", "SEND_RESET_PASSWORD_ERROR", "CLIENT_UPDATE", "CUSTOM_REQUIRED_ACTION_ERROR", "IDENTITY_PROVIDER_POST_LOGIN_ERROR", "UPDATE_TOTP_ERROR", "CODE_TO_TOKEN", "VERIFY_PROFILE", "GRANT_CONSENT_ERROR", "IDENTITY_PROVIDER_FIRST_LOGIN_ERROR" ], "adminEventsEnabled" : false, "adminEventsDetailsEnabled" : false, "identityProviders" : [ ], @@ -1356,7 +1368,7 @@ "subType" : "authenticated", "subComponents" : { }, "config" : { - "allowed-protocol-mapper-types" : [ "saml-user-property-mapper", "saml-role-list-mapper", "saml-user-attribute-mapper", "oidc-address-mapper", "oidc-full-name-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper" ] + "allowed-protocol-mapper-types" : [ "oidc-full-name-mapper", "saml-user-property-mapper", "saml-role-list-mapper", "oidc-usermodel-attribute-mapper", "oidc-address-mapper", "oidc-usermodel-property-mapper", "saml-user-attribute-mapper", "oidc-sha256-pairwise-sub-mapper" ] } }, { "id" : "4d3e104f-6fdf-45eb-b756-5fef6840fbed", @@ -1381,7 +1393,7 @@ "subType" : "anonymous", "subComponents" : { }, "config" : { - "allowed-protocol-mapper-types" : [ "oidc-usermodel-attribute-mapper", "oidc-address-mapper", "saml-role-list-mapper", "oidc-full-name-mapper", "oidc-usermodel-property-mapper", "saml-user-property-mapper", "saml-user-attribute-mapper", "oidc-sha256-pairwise-sub-mapper" ] + "allowed-protocol-mapper-types" : [ "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", "saml-user-property-mapper", "saml-user-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-address-mapper", "saml-role-list-mapper", "oidc-full-name-mapper" ] } }, { "id" : "8f7d6ece-e956-4e48-95ab-5ab72b2b7c9a", @@ -1424,8 +1436,8 @@ "providerId" : "rsa-generated", "subComponents" : { }, "config" : { - "privateKey" : [ "MIIEogIBAAKCAQEA2mfownRnTfANePqv6MfBRedJZE/u/tDreYJzHnsLZ6zAWGDZv/Pj6qZmOdhmkGYAMpuxboQ8EVwn+5u+NPYKP6XaeU2uKMszdVVlZ0wqdAamN0XoWtZQ0xwWI9gAdqv90ZWyX6iqo6QpxdlbvAL96nQz8jXUZebs8ddQSWnOwkMUFhKeRnjWhpTC+UzW8PzrD9OY2vhS+82eZHMJw8cvpAMXvsxdW608wm997y7/upbYgw8jcFqZQXMQjF63pvDwnKIITxR0kuwuR9Hiq2s7D8oNGVMIDze8gBpz9ictebdTmt80GGcxQTUbzexRVFxUXI4D7EbGjuu8/edhayiIXQIDAQABAoIBAAyCGZ5+tCaOh6GqGcZRymE1LHWGQ8BsOVAthxJJJw9k9rnDsjTVbvQoBirB7f3PGavMUY5sHFSSMT1ZChJWak0tiSRGrUwWIc2nz7WUHcpPUdhQifd0gWSAc0l85r86fRWHu+jRQWnlzk6lHXqDDAUQFU7bLl2NACee69uIfRg69sM/XGcZZCflWJT3T4bIxTjaeZtrq6K7OtWM3wmJ8QHYXJrnwitqGvrGT7fR+z0gAA7ZCtFDgeBeiH7RErBKv+vepP8VCx3xNHYLygNEx2kXjew5D3zz/vT7X9u2HkNl7ZgMdxebha5w8IazSZ0lEkHqk7+bhu+G0u1G2e7wjwECgYEA/FlNy569IYsIn6VQn8TVxftWpz4i4N2gLikVPWm65wzxkYVDDyvqJZ1ovzw1w4QEZ6aUHrjLVnP61gQt+DGPJ+7rvDnDlCvW99Wj2/3uvV7OQn73ffQs39eHUb/SokRX4z/ht53eVPnyQq4GHGxBSFa4o4Jb2Ju8F2oFAdxVqRECgYEA3ZDhlY6C1BZ0XqVilPjXetFk27+Twm/rlLy0hClrJMYVLT49kaFriE5/ni24L3ON/reqSQnih+0uJLR2fPpsC7ShaZzFOPUzyXVYfeAKimLvfZc+dTvRB4QhTwSKnDO5ChfquFAo1FLQVRouwaeJN75jOPphzF29h6atxadjyo0CgYBw7UXzKUZaDG3/g2thFCTWRHOyxAu3tXZJMflfUkFhxFkWVhx8XZqa2qZVbgxhQmL2P4VpeikEt0I5JAWuW/9ET5cO1IrBdBzvK5v4htqfxB1phIgcxXiPc1QLMVyBYTQzbhMEqJEmVfQkAtyZO5i7VpOqGFwhww+ZKsiy3Hc5AQKBgCHVth04nhH1O+AYMW2+cml3AIfuQYo3vSoBhy+Hg60h8qnuD0jl9Z3jHunw4Wedpdl4ArEUqVtIhPtl85IyS72d3+hY4GVKTJY/LTxLslBfu2LabddJQyp6qvt+HgyseV1pOZbb5uBFpTrZvLol83ZnxI827ShgSEkm0vKUFVEhAoGAbut8nONPSNR7H9zqww2IOzIY2CUQEDaUqnjKLBpvc8Jszo2vW3HbFH/eWfh5Gmah3H/wIlXEwd5TPzMxO8IuM97VTWFPUkX6Y9qwqBPYncmGioL1uq9ogwHsfmlacS2IBrAlyfKFRNfVzlkUKqzYvRROCxVVVnJDGg9KIwYWqBk=" ], - "certificate" : [ "MIICnTCCAYUCBgGTumCK8TANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdteXJlYWxtMB4XDTI0MTIxMjEwMTY0OVoXDTM0MTIxMjEwMTgyOVowEjEQMA4GA1UEAwwHbXlyZWFsbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANpn6MJ0Z03wDXj6r+jHwUXnSWRP7v7Q63mCcx57C2eswFhg2b/z4+qmZjnYZpBmADKbsW6EPBFcJ/ubvjT2Cj+l2nlNrijLM3VVZWdMKnQGpjdF6FrWUNMcFiPYAHar/dGVsl+oqqOkKcXZW7wC/ep0M/I11GXm7PHXUElpzsJDFBYSnkZ41oaUwvlM1vD86w/TmNr4UvvNnmRzCcPHL6QDF77MXVutPMJvfe8u/7qW2IMPI3BamUFzEIxet6bw8JyiCE8UdJLsLkfR4qtrOw/KDRlTCA83vIAac/YnLXm3U5rfNBhnMUE1G83sUVRcVFyOA+xGxo7rvP3nYWsoiF0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAkiufTKtcxcf8AA8eP31R12Kc+OzyqXlm72Ga7Rbq3p9TwnMDcAsV01zQU48GQcVkQNCXtu8ldePat/Nug6BcuVqdaT9Uez5EvZcC8lPqTMnW9m3Rg6ynL3b+o3GMIE1keAGW38zvIT1Z/YSBAUJH724bSD4yZCG2HbGok8lRH575TqgkLrNrLCBHHUr9cktEh8ENZgJRrKeUBU4r6EJ7D7gItqEoyAEKy37KRQyyE+s7LMTtQYvSSuM4teJfSON7lNXveWffbPbpbirb9K8Me3rYLGCLT0FX6nhdPiQcKpoNFDPmzDrFXD97KSBJUsvMQ2LaBHV9hWo9BSeVl8Lkqg==" ], + "privateKey" : [ "MIIEoQIBAAKCAQEAxTFMvRiNiQjY9zajvLsah6Vy4pn8U7smsnBcHS9SkLJ1j9O8+90B90tIZk4IqEE4gdJA/mbbeUnou1vWuc0k69diQMFelzdIaDqJaFFeOS+J1DoApjThjGIz7FIgmGi6qoN8xnrPVD/6oMYAuxTvQaJH7mENiIG0198dvaufV1mFPg+krTsh7Womo2CJeZmNuAXv7RDQYxwPYDCFZLbppez48D7+2D+1V6Stk6Xwz8IDQZvljxDF6W2P9rhPWV1C5tcJpC/9RPyGDo+ke8UN3fM6X7YOgpbMztVrg8J0aTqPXZ7dt6QFUqVOufo+5wYL2jCafpYNV8cmaGlY+Q3d5QIDAQABAoH/DIPcaZaJTLG4FeUKGOaT40nesEiINRY99aeIkp+hdGj1EgTEn49TyLENGnhrrdbIvOJDeD6Z6dbpJBDvfFevxa589EnVKaGaaW5U91FDyVYH2YPU411dAeOp0z1xwxXzlJqX3h42ZJnvLAp/2l1Xo64vGCoTJtYlppAvpe2MjANxPNObAc65Phdi/sConAlwMeBylWXJ574uryFrJ64W/sUuIUMSunGGz0db4Y1hfkX9U2YnxB3DdXCBH09jQJyKDSj6feNXR87+1KhqcFMd5DUiGSAOqRBzuBMsDf1QDJd8A/DDlK7e/PA1Yk/Dii4hsf+LCeOdmhlifuyROqJBAoGBAOEm4gLvaBWwnUhmr4sW8xywIhGGbU+MX6vm/KkGtScres7pPhmfy6ARUzCxxyBqIE+nhCRNBpOEPhP7dv8naJhZZ4fRvNzuXpUMT2X3bc5yNzdhaOxBJl95YQbrYUHhjcIw2kdXnIkpdbB/RqmY0F5BUTYECrd0tKWbjuL5RIRNAoGBAOA1wTXrYyVorouxV+mGNb62Py+utHJQKSa5cxF9nbbwWJd+FdreiBOJddjATmH8ovKjueQFVqK7koDveOb+pgRY2bpT88/NW8UF6a2wMiI0p6pxrR+hgzas480YiOCWr6XlsprqsSKBbEu4W97GicleZ6P5Iso/gBr9aHj9EWv5AoGAYhRzHj42RESUr4Zz8A5GR3f+z02U7rNCtfrAk80lOvP44ou+jqEKrib961d2XAt/GdPqf3nCZJ6WAFRp6Qq8yKkhrYvTTxbTwvAC4nNftTASF6DqeQiEc9DHUKFW08Ey5KYtYCitOx8BcqpvGNBF7NldTD+Ef5hqXT4fh4Z4r30CgYEAy2OYGMymTRowNKK06C+Kc62plhy6rnRPUESswLIeLwTKqOqE8t4pvOdWk0CoGjVusAOcLuA03jyfwvz5xTo96fWb1W4w31IgLJOXjqsmX2c6reCfNvFyMVgW8keOa4XmYu0C34uFEpMrZWkhVe7usVBFXjczuxptoI4+hnqzoikCgYBICBVR9Z7n2LvmWH19/Nnns8dsMn5peL7H6Mey76Lo9RMEMp4qhiJTqVZzWgxEyVjr0KFCHmdmwkTOm6A1yYmkqqXDdiJ9v4J4fXe0lRAoUoYPTOWynrCyd6uqq+3zlzTKW8jY9luywHq6msn07D636PvveeZ93DNCcO8Whw36rQ==" ], + "certificate" : [ "MIICnTCCAYUCBgGTulJBzTANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdteXJlYWxtMB4XDTI0MTIxMjEwMDExM1oXDTM0MTIxMjEwMDI1M1owEjEQMA4GA1UEAwwHbXlyZWFsbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMUxTL0YjYkI2Pc2o7y7GoelcuKZ/FO7JrJwXB0vUpCydY/TvPvdAfdLSGZOCKhBOIHSQP5m23lJ6Ltb1rnNJOvXYkDBXpc3SGg6iWhRXjkvidQ6AKY04YxiM+xSIJhouqqDfMZ6z1Q/+qDGALsU70GiR+5hDYiBtNffHb2rn1dZhT4PpK07Ie1qJqNgiXmZjbgF7+0Q0GMcD2AwhWS26aXs+PA+/tg/tVekrZOl8M/CA0Gb5Y8Qxeltj/a4T1ldQubXCaQv/UT8hg6PpHvFDd3zOl+2DoKWzM7Va4PCdGk6j12e3bekBVKlTrn6PucGC9owmn6WDVfHJmhpWPkN3eUCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEATZXyOluloTj6Q/Mv0JjstfdvPQbzGFzWtULB1ttOJqQVL+IJoF8V79HIvfP9U5OYaOdYk9dDurQcd2hXvEtX+zQlLYGniRfJlFI7d+m6MDXa7/g1r+OmcvaiXX7O3ol7eJdymPKS79+PSWFsHk0JjfgRJ11jajOscYPoQ+IvxXgwuy6v7VHigsLnGnmmo+KWiKO6Cna6eilm6/awYXaoym4ky9S4T5+WaJwd/tH/n5VY77zyXaXfANd1hU/+4Ux/eaGVnoMAM4ud2emd4qCN2tQQ3HusIVl+5V+S8Uq1y54mBpXv6CAODDGDJeFa+cGPJUSLdv/ZT2F8yfDlDc4J6g==" ], "priority" : [ "100" ] } }, { @@ -1434,8 +1446,8 @@ "providerId" : "rsa-enc-generated", "subComponents" : { }, "config" : { - "privateKey" : [ "MIIEowIBAAKCAQEAuFPumVkEu26jQZ3+lI0Ipkflg25RKOfW9reECSScPo33syk7YstukJbtjabrBb6OwNS8sz3xoQg4oW0UzQXCeyA5PzDmQuQK/uNyF9CJJm5LUu7uaVz77Kcsv5+zz14t4+PMQVl39xFTB41KPs26AqXY2LOtkM2fXH9Hrr0psIGUYvDBp9vn/Q2OILARMD5jw8Oa843jADUo0qYHIHJy7XmmXkAjj7vWLu6LJdSUhn7J+YJ8Mf+E4uS347OMNAawqnEyb/sh5jhSJ9j6utZUI/r1KLNNFrwSJjF1Ahm9oaKS3p/fr9WuzKvbMughSb4uLRV28IYULeqwFJwWahF33QIDAQABAoIBACvxlohoeIBWuAUErZSsqss5iLX0rtSZsN3QkmG7oKQpJExKICZFaW5/DNMgYBdWfqHqFbKFqf1CAH47iyH1pY/E9uDhv4Ni6lwpzSFwTcIjuUFkROJJkKWylTB52lwtj7Mss51AvyDfuHOsc27VjOrkrvW6oD5NRxi+H1DBOBcj5Mpm9dMDcTAZ446gJo7R7qlq/4SCgiegdgw7K7XGYzecxGtPbQIZn8HJb8R6G4FvO54StN/YwGu4bbe/ociPgzPg+AknptqMRWbejlleikZXSEqeoRUBUVWB/mDmL5V6qTipf1WKbOp6gvFfHFbPaBOMqpQiQMdVH4OXeWdPfAECgYEA99MN5irsPk3FLWPslugbM9IYlDpnxpQpqCALLq3OcuisPcv/bBjsKyPkwV35xJet951ILVDn+1OMcucP/nxlRam3n3L0T+0k5i4hAoUX9Eg5cXTLvIDHFineCDRxDRwTdzbTknfLo0MFowqrRB83GqDjDAOctQaCZBa2aOMHfj0CgYEAvmihtOsF4K4vBPj/863ZCXuJld7/dtUg6Cye6PLNiUruPly1gQpuHSiDAxjU6fW31WtUWEZ0uyqHsm+jymeE6XCZZTTfO9mQvEa6owJHr95aHUw81mReh/+t8Bk3sLlMil0rNDLEZrB1Xl54rJHB8x9SkCOfwU6ig/OO86zoGiECgYBco0ZEzbK1r3iPeRTNbEIO4vBRKGv2bRgNQr0rW8kaZyNLjmASVlah4a73IVvmQxTCxMZgOigdaKPNp9XwuStaGREMx3nQDsOGT6QDPyEvLXhbkt89vZ2uCUR4KLJBxkb4f0QjMiirBLiss6ZFtq1whMeajBceDCrdoyfYmVUJuQKBgBr/4TYzQVEbweUVnc2i8CytDNRom5bxH8psUVg83bJDIsdLBB25KeYOkY1F3yMRybCEmKAv1WuY20cNF4+i4DDt24KDXcgx0Jkx+lMVBq9Ee0i+P74y20izk6mBGemATP8tuOuc60aYbPwlrzzhKjxcS6vOsV+K0/ab+cBJ21uhAoGBAMyoy7slbcRrcqGLApTqamXqsYdu5SzHyHInQPInW7ZPCyuQ98n6XsWpgRFUp/EPbXDqppRusvBiTQ+clNOZeuvCDO/cW4oaBwPvBi4zaTU7iNaM59jmtswGmO40tR0DEYP50O9I77uFKsy8xLxv0AhtyecDgrn8lW6QSPAhFsqy" ], - "certificate" : [ "MIICnTCCAYUCBgGTumCMMTANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdteXJlYWxtMB4XDTI0MTIxMjEwMTY0OVoXDTM0MTIxMjEwMTgyOVowEjEQMA4GA1UEAwwHbXlyZWFsbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALhT7plZBLtuo0Gd/pSNCKZH5YNuUSjn1va3hAkknD6N97MpO2LLbpCW7Y2m6wW+jsDUvLM98aEIOKFtFM0FwnsgOT8w5kLkCv7jchfQiSZuS1Lu7mlc++ynLL+fs89eLePjzEFZd/cRUweNSj7NugKl2NizrZDNn1x/R669KbCBlGLwwafb5/0NjiCwETA+Y8PDmvON4wA1KNKmByBycu15pl5AI4+71i7uiyXUlIZ+yfmCfDH/hOLkt+OzjDQGsKpxMm/7IeY4UifY+rrWVCP69SizTRa8EiYxdQIZvaGikt6f36/Vrsyr2zLoIUm+Li0VdvCGFC3qsBScFmoRd90CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAUjXK1g0j5VqmG+5YwGrvuLT4FwRXf9pDKGhWbRQRk8OTyLv5UkWhYy8owoNyLUYPLTY0ELBKbAPxA+uggHwNX+6I8pb01zirpTLtTtFLsmsGRhFeHNeaUKVseFz09CLXQTmS9kGcdMvwgd/yMEe0VLVt+V0Bw8u5BZk/J8Lv6ArjkKaX8PhJYFv35N+WkHkcW9GM4WlrTxnthpraDVeTjY49aWSSkLSE+hQv3fLG5VIj0j0/2lijBJ3xtP4adBlab32k6Kvw4ywQoaMi0iUeEHX10+4dZ6VEnObjNmX0r2FS+0XE8KjE1yus1r/XBovYltf5AiMVyJISwVWqtpctig==" ], + "privateKey" : [ "MIIEogIBAAKCAQEAungL4osLyP8bE6MSKj8ZMJTG8WBh3K2/xB5BJYCYc7P1CIORZI9o/vKQx1QnP+CXkIKnnR2kzIzC0rnTqlIOkaZfhmSn50jG5vNBS9qPT+WU7Ue3qKxuWJFwcaFU5SEJawJHqnDPK+pktkkxkudeMHz6iaKPs+wKcbfrRJ6+3a3FqQQdHEQg4IjVU8pBZmag1c7JHayiM56OT5y6jmE5JvY60959iPrZPXSTMU3hNoiVwdyK6QwdK+/0wrO681VhIP+u2pe92nQ+hsgMSSQJegLx1UsEEyU87syblG+p3zAKSS+kt2nviV/a2cYiiME0LdlQ3lnKsQ4t1Y6yZBiS2QIDAQABAoIBABhozI18TC+kjWPVrfQPzHlakGxahJUBvZ+rojWJjutefE4AAxFZ4JG3KRKexoCLIuwM3monzkHkj0BMiRO7qCKS1+Bc3snc8gSbhUmrs6Tu1b7162nOIKfBainFx7oyx+vVIZKDL+t8xHBERpQHa4IHajiIKi2QUZGvVMHn0e5srkPK0eSMjb5Z5j61aFb8InQzs7tczr99ke4VavOPT1gmRWGnbTavUbw/zIQ9sxAuMiD2v0nrGlOLZrMhaqzsT6PjIWVCSZrWex1pin9gA4XwGZ39E7+zFWgg+2OX0dEvehVDluAQR0K4PBUknuL1LFFW8dpvCrUSTmGGQOSVuB0CgYEA+bQjbjTNiMTEfoxx/WvVDgtLRL/x9RVyeYTPia2TGNBwpEcU64lLMOwUt5X/QuGXayPr0EGAxMA8kwq/E8Wj2t9+SuqkGK9SIwvghi2fOh0KWghuQbKYMogG5hsJAI8+/mBIOJJ8pyh0RX58vaTlYctbThO22aVahhZQ2weaW58CgYEAvyu4vIe44/7F19Hjh2BW+9lHsHA2zwHvC5T1kFaEdBYEwGsLMW6leCsiEMfpc2Uq3k9+buZgVpTE5APs9cSJX1aUXEG5QHQmYDxAAMiTyvpj0o2cKbDi1A5QZCRo23lC+uDyR7g2zLDJuHek0uyCtd83hbgyxIVFUnfvI9EmfocCgYBtpcZxHEqspgrKrw1XBMTXl+oDVG4A+tv7tHAVutx+5vivim8LRox3/RLT0s/2JG2DJJDmL/1FaEyxHOTu37il4cHpT8Oi+0mMDikXgm0K7bmf81fHDY97kPPGk1SOpFg7BzhvbxPBqyfzZCmOdRwsp0l+rXV7ePqZKq9ynpIPbQKBgFO/LZC5zE9k/vrK4egeVjzCNNugbQJGkJf8S49Nt3y7YJ2Cx0aCeE6qZqP/T8/Tk/IL1RF0LuP/DDnvVlFcJen0Hc5EpIkN2Pnzqv4s4EHdavmEO9MvwE6xbppQMPdkqekJvlmY47jMAbKkBzq3jZNrFAGqbeMVlwbHr6V7LGflAoGANFbzOnUMJwUfIdoI9uEG2QOTAcBb7vzt9MurO67wiTexOYadOSlcV1lQX3RKR9mCFJwy4kud0TN0gD++Ggl10eNB6f8JOF95e5+tWrtz88xZ5EalBOMfh+ATdKq8Q9MBSWZvO9bizhW1dhZZds/QmHgEItdwsTKDAq1PEiXhD0c=" ], + "certificate" : [ "MIICnTCCAYUCBgGTulJDCDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdteXJlYWxtMB4XDTI0MTIxMjEwMDExM1oXDTM0MTIxMjEwMDI1M1owEjEQMA4GA1UEAwwHbXlyZWFsbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALp4C+KLC8j/GxOjEio/GTCUxvFgYdytv8QeQSWAmHOz9QiDkWSPaP7ykMdUJz/gl5CCp50dpMyMwtK506pSDpGmX4Zkp+dIxubzQUvaj0/llO1Ht6isbliRcHGhVOUhCWsCR6pwzyvqZLZJMZLnXjB8+omij7PsCnG360Sevt2txakEHRxEIOCI1VPKQWZmoNXOyR2sojOejk+cuo5hOSb2OtPefYj62T10kzFN4TaIlcHciukMHSvv9MKzuvNVYSD/rtqXvdp0PobIDEkkCXoC8dVLBBMlPO7Mm5Rvqd8wCkkvpLdp74lf2tnGIojBNC3ZUN5ZyrEOLdWOsmQYktkCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAPhPdLFcXdQT4k06oXB06ZSJ8AkZNXLvQFWCHXI34OmrS2yTse+dLqrqehnC3kPwxElVmawoUVc1sbsk7fUnspfM+Xw20PaABZu4MO2m5TB98f1hEkezP9fSqgPeuWJgTL8ZW5kkZyiD3IaZoqyxzYXaFxKHhU455g+k2+DO+N6FreVKcYz12Q5EMaxZ6U1neZAo3vicNxM3/TA5V8sPK8+oKvon7v5OyjpOH0goJo9v/klKeUk36h4u2h1S67IhVSU7tfzVFYrpns1JhrwGZ2xavVqEoqX8zFp3GKz3yVXkwHRHlrzYkZoGn21rm5boXIP3wEB7yXZbXWTiUko/IFw==" ], "priority" : [ "100" ], "algorithm" : [ "RSA-OAEP" ] } @@ -1445,8 +1457,8 @@ "providerId" : "aes-generated", "subComponents" : { }, "config" : { - "kid" : [ "a564ea32-7bf8-4983-a1e3-d427815b5e65" ], - "secret" : [ "nGQV8nxA1MTSxdbQ4O1inw" ], + "kid" : [ "c36222c6-6a43-4d32-9d44-d5d355e5cabd" ], + "secret" : [ "rzL4qUQ7wTEkZDbgt595VA" ], "priority" : [ "100" ] } }, { @@ -1455,8 +1467,8 @@ "providerId" : "hmac-generated", "subComponents" : { }, "config" : { - "kid" : [ "029772e3-eb42-4338-a15e-b20c068f787e" ], - "secret" : [ "rHz9EUPQsdU8Uzn9Mm2n_H6YzPJJQmXN3XiD9SrYXCsOQ2Gii2eZdWM6sfP2i736V2pV2XAZvklYWQeLPn62mzBsim_CiTjXcLOuScvLCEuORxM5w6p50h7ph8GYXRQK05MSPWzkvQgjG48E05zlZcMAFvNc86yWFVLbuPrI-nw" ], + "kid" : [ "06532a54-c310-41c1-829c-58776ce2ab4a" ], + "secret" : [ "9v1ZjFhEFH6UpY6ncFkaCbqJYHMyI4tA0cvx4GuQ5KtMXYbimitSSVDqxIKwa-gBC_8bY2O4FQfpmp1Qn1-L4fFmPFfIF3ZKsO16263BwpADo_FNSBTte8Le4gJLylqFULdsn3ye17FHyq5Jjms_OTt3opzcDLNduCuK22GBBsU" ], "priority" : [ "100" ], "algorithm" : [ "HS512" ] } From c0e6661d3dffcca5ff5286a91a5f09ce6f417bab Mon Sep 17 00:00:00 2001 From: Joseph Garrone Date: Fri, 13 Dec 2024 11:31:01 +0100 Subject: [PATCH 04/24] Add function to dump the realm config --- src/bin/start-keycloak/dumpRealmConfig.ts | 167 ++++++++++++++++++++++ 1 file changed, 167 insertions(+) create mode 100644 src/bin/start-keycloak/dumpRealmConfig.ts diff --git a/src/bin/start-keycloak/dumpRealmConfig.ts b/src/bin/start-keycloak/dumpRealmConfig.ts new file mode 100644 index 00000000..4c464915 --- /dev/null +++ b/src/bin/start-keycloak/dumpRealmConfig.ts @@ -0,0 +1,167 @@ +import { runPrettier, getIsPrettierAvailable } from "../tools/runPrettier"; +import { CONTAINER_NAME } from "../shared/constants"; +import child_process from "child_process"; +import { join as pathJoin } from "path"; +import chalk from "chalk"; +import { Deferred } from "evt/tools/Deferred"; +import { assert, is } from "tsafe/assert"; +import type { BuildContext } from "../shared/buildContext"; +import * as fs from "fs/promises"; + +export type BuildContextLike = { + cacheDirPath: string; +}; + +assert(); + +export async function dumpRealmConfig(params: { + realmName: string; + keycloakMajorVersionNumber: number; + targetRealmConfigJsonFilePath: string; + buildContext: BuildContextLike; +}) { + const { + realmName, + keycloakMajorVersionNumber, + targetRealmConfigJsonFilePath, + buildContext + } = params; + + { + // https://github.com/keycloak/keycloak/issues/33800 + const doesUseLockedH2Database = keycloakMajorVersionNumber >= 26; + + if (doesUseLockedH2Database) { + child_process.execSync( + `docker exec ${CONTAINER_NAME} sh -c "cp -rp /opt/keycloak/data/h2 /tmp"` + ); + } + + const dCompleted = new Deferred(); + + const child = child_process.spawn( + "docker", + [ + ...["exec", CONTAINER_NAME], + ...["/opt/keycloak/bin/kc.sh", "export"], + ...["--dir", "/tmp"], + ...["--realm", realmName], + ...["--users", "realm_file"], + ...(!doesUseLockedH2Database + ? [] + : [ + ...["--db", "dev-file"], + ...[ + "--db-url", + "'jdbc:h2:file:/tmp/h2/keycloakdb;NON_KEYWORDS=VALUE'" + ] + ]) + ], + { shell: true } + ); + + let output = ""; + + const onExit = (code: number | null) => { + dCompleted.reject(new Error(`Exited with code ${code}`)); + }; + + child.once("exit", onExit); + + child.stdout.on("data", data => { + const outputStr = data.toString("utf8"); + + if (outputStr.includes("Export finished successfully")) { + child.removeListener("exit", onExit); + + // NOTE: On older Keycloak versions the process keeps running after the export is done. + const timer = setTimeout(() => { + child.removeListener("exit", onExit2); + child.kill(); + dCompleted.resolve(); + }, 1500); + + const onExit2 = () => { + clearTimeout(timer); + dCompleted.resolve(); + }; + + child.once("exit", onExit2); + } + + output += outputStr; + }); + + child.stderr.on("data", data => (output += chalk.red(data.toString("utf8")))); + + try { + await dCompleted.pr; + } catch (error) { + assert(is(error)); + + console.log(chalk.red(error.message)); + + console.log(output); + + process.exit(1); + } + + if (doesUseLockedH2Database) { + const dCompleted = new Deferred(); + + child_process.exec( + `docker exec ${CONTAINER_NAME} sh -c "rm -rf /tmp/h2"`, + error => { + if (error !== null) { + dCompleted.reject(error); + return; + } + + dCompleted.resolve(); + } + ); + + await dCompleted.pr; + } + } + + const targetRealmConfigJsonFilePath_tmp = pathJoin( + buildContext.cacheDirPath, + "realm.json" + ); + + { + const dCompleted = new Deferred(); + + child_process.exec( + `docker cp ${CONTAINER_NAME}:/tmp/${realmName}-realm.json ${targetRealmConfigJsonFilePath_tmp}`, + error => { + if (error !== null) { + dCompleted.reject(error); + return; + } + + dCompleted.resolve(); + } + ); + + await dCompleted.pr; + } + + let sourceCode = (await fs.readFile(targetRealmConfigJsonFilePath_tmp)).toString( + "utf8" + ); + + run_prettier: { + if (!(await getIsPrettierAvailable())) { + break run_prettier; + } + + sourceCode = await runPrettier({ + filePath: targetRealmConfigJsonFilePath, + sourceCode: sourceCode + }); + } + + await fs.writeFile(targetRealmConfigJsonFilePath, Buffer.from(sourceCode, "utf8")); +} From 92b505dd56a4e62c922b9258a4a33d642aeb732c Mon Sep 17 00:00:00 2001 From: Joseph Garrone Date: Fri, 13 Dec 2024 12:07:21 +0100 Subject: [PATCH 05/24] Load custom extention for logging realm change --- scripts/build/downloadKeycloakifyLogging.ts | 39 +++++++++++++++++++++ scripts/build/main.ts | 10 ++++-- src/bin/shared/constants.ts | 4 +++ src/bin/start-keycloak/start-keycloak.ts | 24 ++++++++----- 4 files changed, 65 insertions(+), 12 deletions(-) create mode 100644 scripts/build/downloadKeycloakifyLogging.ts diff --git a/scripts/build/downloadKeycloakifyLogging.ts b/scripts/build/downloadKeycloakifyLogging.ts new file mode 100644 index 00000000..bfd77b84 --- /dev/null +++ b/scripts/build/downloadKeycloakifyLogging.ts @@ -0,0 +1,39 @@ +import { downloadAndExtractArchive } from "../../src/bin/tools/downloadAndExtractArchive"; +import { cacheDirPath } from "../shared/cacheDirPath"; +import { getProxyFetchOptions } from "../../src/bin/tools/fetchProxyOptions"; +import { getThisCodebaseRootDirPath } from "../../src/bin/tools/getThisCodebaseRootDirPath"; +import { existsAsync } from "../../src/bin/tools/fs.existsAsync"; +import * as fs from "fs/promises"; +import { + KEYCLOAKIFY_LOGGING_VERSION, + KEYCLOAKIFY_LOGIN_JAR_BASENAME +} from "../../src/bin/shared/constants"; +import { join as pathJoin } from "path"; + +export async function downloadKeycloakifyLogging(params: { distDirPath: string }) { + const { distDirPath } = params; + + const jarFilePath = pathJoin( + distDirPath, + "src", + "bin", + "start-keycloak", + KEYCLOAKIFY_LOGIN_JAR_BASENAME + ); + + if (await existsAsync(jarFilePath)) { + return; + } + + const { archiveFilePath } = await downloadAndExtractArchive({ + cacheDirPath, + fetchOptions: getProxyFetchOptions({ + npmConfigGetCwd: getThisCodebaseRootDirPath() + }), + url: `https://github.com/keycloakify/keycloakify-logging/releases/download/${KEYCLOAKIFY_LOGGING_VERSION}/keycloakify-logging-${KEYCLOAKIFY_LOGGING_VERSION}.jar`, + uniqueIdOfOnArchiveFile: "no extraction", + onArchiveFile: async () => {} + }); + + await fs.cp(archiveFilePath, jarFilePath); +} diff --git a/scripts/build/main.ts b/scripts/build/main.ts index 2fdcdbc6..937c06db 100644 --- a/scripts/build/main.ts +++ b/scripts/build/main.ts @@ -7,6 +7,7 @@ import { createAccountV1Dir } from "./createAccountV1Dir"; import chalk from "chalk"; import { run } from "../shared/run"; import { vendorFrontendDependencies } from "./vendorFrontendDependencies"; +import { downloadKeycloakifyLogging } from "./downloadKeycloakifyLogging"; (async () => { console.log(chalk.cyan("Building Keycloakify...")); @@ -148,9 +149,6 @@ import { vendorFrontendDependencies } from "./vendorFrontendDependencies"; fs.cpSync(dirBasename, destDirPath, { recursive: true }); } - await createPublicKeycloakifyDevResourcesDir(); - await createAccountV1Dir(); - transformCodebase({ srcDirPath: join("stories"), destDirPath: join("dist", "stories"), @@ -163,6 +161,12 @@ import { vendorFrontendDependencies } from "./vendorFrontendDependencies"; } }); + await createPublicKeycloakifyDevResourcesDir(); + await createAccountV1Dir(); + await downloadKeycloakifyLogging({ + distDirPath: join(process.cwd(), "dist") + }); + console.log( chalk.green(`✓ built in ${((Date.now() - startTime) / 1000).toFixed(2)}s`) ); diff --git a/src/bin/shared/constants.ts b/src/bin/shared/constants.ts index 56433dd4..0084e9d3 100644 --- a/src/bin/shared/constants.ts +++ b/src/bin/shared/constants.ts @@ -81,3 +81,7 @@ export const CUSTOM_HANDLER_ENV_NAMES = { export const KEYCLOAK_THEME = "keycloak-theme"; export const KEYCLOAKIFY_SPA_DEV_SERVER_PORT = "KEYCLOAKIFY_SPA_DEV_SERVER_PORT"; + +export const KEYCLOAKIFY_LOGGING_VERSION = "1.0.1"; + +export const KEYCLOAKIFY_LOGIN_JAR_BASENAME = `keycloakify-login-${KEYCLOAKIFY_LOGGING_VERSION}.jar`; diff --git a/src/bin/start-keycloak/start-keycloak.ts b/src/bin/start-keycloak/start-keycloak.ts index 42326c93..a70ba002 100644 --- a/src/bin/start-keycloak/start-keycloak.ts +++ b/src/bin/start-keycloak/start-keycloak.ts @@ -1,7 +1,11 @@ import type { BuildContext } from "../shared/buildContext"; import { exclude } from "tsafe/exclude"; import { promptKeycloakVersion } from "../shared/promptKeycloakVersion"; -import { CONTAINER_NAME, KEYCLOAKIFY_SPA_DEV_SERVER_PORT } from "../shared/constants"; +import { + CONTAINER_NAME, + KEYCLOAKIFY_SPA_DEV_SERVER_PORT, + KEYCLOAKIFY_LOGIN_JAR_BASENAME +} from "../shared/constants"; import { SemVer } from "../tools/SemVer"; import { assert, type Equals } from "tsafe/assert"; import * as fs from "fs"; @@ -214,16 +218,18 @@ export async function command(params: { }) ); + const thisDirPath = pathJoin( + getThisCodebaseRootDirPath(), + "src", + "bin", + "start-keycloak" + ); + + extensionJarFilePaths.unshift(pathJoin(thisDirPath, KEYCLOAKIFY_LOGIN_JAR_BASENAME)); + const getRealmJsonFilePath_defaultForKeycloakMajor = ( keycloakMajorVersionNumber: number - ) => - pathJoin( - getThisCodebaseRootDirPath(), - "src", - "bin", - "start-keycloak", - `myrealm-realm-${keycloakMajorVersionNumber}.json` - ); + ) => pathJoin(thisDirPath, `myrealm-realm-${keycloakMajorVersionNumber}.json`); const realmJsonFilePath = await (async () => { if (cliCommandOptions.realmJsonFilePath !== undefined) { From 8d59fe7b675eac2ff38f108fc061081fe024ac5b Mon Sep 17 00:00:00 2001 From: Joseph Garrone Date: Fri, 13 Dec 2024 12:16:41 +0100 Subject: [PATCH 06/24] Change structure --- src/bin/start-keycloak/myrealm-realm-26.json | 2055 ------------- .../realmConfig/ParsedRealmJson.ts | 123 + .../dumpContainerConfig.ts} | 8 +- .../prepareRealmConfig.ts} | 58 +- .../realm-kc-18.json} | 0 .../realm-kc-19.json} | 0 .../realm-kc-20.json} | 0 .../realm-kc-21.json} | 0 .../realm-kc-23.json} | 0 .../realm-kc-24.json} | 0 .../realm-kc-25.json} | 0 .../realmConfig/realm-kc-26.json | 2548 +++++++++++++++++ 12 files changed, 2704 insertions(+), 2088 deletions(-) delete mode 100644 src/bin/start-keycloak/myrealm-realm-26.json create mode 100644 src/bin/start-keycloak/realmConfig/ParsedRealmJson.ts rename src/bin/start-keycloak/{dumpRealmConfig.ts => realmConfig/dumpContainerConfig.ts} (94%) rename src/bin/start-keycloak/{makeRealmConfigTestable.ts => realmConfig/prepareRealmConfig.ts} (99%) rename src/bin/start-keycloak/{myrealm-realm-18.json => realmConfig/realm-kc-18.json} (100%) rename src/bin/start-keycloak/{myrealm-realm-19.json => realmConfig/realm-kc-19.json} (100%) rename src/bin/start-keycloak/{myrealm-realm-20.json => realmConfig/realm-kc-20.json} (100%) rename src/bin/start-keycloak/{myrealm-realm-21.json => realmConfig/realm-kc-21.json} (100%) rename src/bin/start-keycloak/{myrealm-realm-23.json => realmConfig/realm-kc-23.json} (100%) rename src/bin/start-keycloak/{myrealm-realm-24.json => realmConfig/realm-kc-24.json} (100%) rename src/bin/start-keycloak/{myrealm-realm-25.json => realmConfig/realm-kc-25.json} (100%) create mode 100644 src/bin/start-keycloak/realmConfig/realm-kc-26.json diff --git a/src/bin/start-keycloak/myrealm-realm-26.json b/src/bin/start-keycloak/myrealm-realm-26.json deleted file mode 100644 index 6e5ee4bc..00000000 --- a/src/bin/start-keycloak/myrealm-realm-26.json +++ /dev/null @@ -1,2055 +0,0 @@ -{ - "id" : "5d0dd960-0478-4ca6-b64a-810a3f6f4071", - "realm" : "myrealm", - "notBefore" : 0, - "defaultSignatureAlgorithm" : "RS256", - "revokeRefreshToken" : false, - "refreshTokenMaxReuse" : 0, - "accessTokenLifespan" : 300, - "accessTokenLifespanForImplicitFlow" : 900, - "ssoSessionIdleTimeout" : 1800, - "ssoSessionMaxLifespan" : 36000, - "ssoSessionIdleTimeoutRememberMe" : 0, - "ssoSessionMaxLifespanRememberMe" : 0, - "offlineSessionIdleTimeout" : 2592000, - "offlineSessionMaxLifespanEnabled" : false, - "offlineSessionMaxLifespan" : 5184000, - "clientSessionIdleTimeout" : 0, - "clientSessionMaxLifespan" : 0, - "clientOfflineSessionIdleTimeout" : 0, - "clientOfflineSessionMaxLifespan" : 0, - "accessCodeLifespan" : 60, - "accessCodeLifespanUserAction" : 300, - "accessCodeLifespanLogin" : 1800, - "actionTokenGeneratedByAdminLifespan" : 43200, - "actionTokenGeneratedByUserLifespan" : 300, - "oauth2DeviceCodeLifespan" : 600, - "oauth2DevicePollingInterval" : 5, - "enabled" : true, - "sslRequired" : "external", - "registrationAllowed" : true, - "registrationEmailAsUsername" : false, - "rememberMe" : true, - "verifyEmail" : false, - "loginWithEmailAllowed" : true, - "duplicateEmailsAllowed" : false, - "resetPasswordAllowed" : true, - "editUsernameAllowed" : false, - "bruteForceProtected" : false, - "permanentLockout" : false, - "maxTemporaryLockouts" : 0, - "bruteForceStrategy" : "MULTIPLE", - "maxFailureWaitSeconds" : 900, - "minimumQuickLoginWaitSeconds" : 60, - "waitIncrementSeconds" : 60, - "quickLoginCheckMilliSeconds" : 1000, - "maxDeltaTimeSeconds" : 43200, - "failureFactor" : 30, - "roles" : { - "realm" : [ { - "id" : "cc4b5045-3bff-4aa7-889e-1492630c3002", - "name" : "uma_authorization", - "description" : "${role_uma_authorization}", - "composite" : false, - "clientRole" : false, - "containerId" : "5d0dd960-0478-4ca6-b64a-810a3f6f4071", - "attributes" : { } - }, { - "id" : "e92017b2-18a0-49cd-956c-fad64f16b26b", - "name" : "default-roles-myrealm", - "description" : "${role_default-roles}", - "composite" : true, - "composites" : { - "realm" : [ "offline_access", "uma_authorization" ], - "client" : { - "account" : [ "delete-account", "manage-account", "view-profile" ] - } - }, - "clientRole" : false, - "containerId" : "5d0dd960-0478-4ca6-b64a-810a3f6f4071", - "attributes" : { } - }, { - "id" : "e8616113-e302-4abe-bd5c-d51f8221046b", - "name" : "offline_access", - "description" : "${role_offline-access}", - "composite" : false, - "clientRole" : false, - "containerId" : "5d0dd960-0478-4ca6-b64a-810a3f6f4071", - "attributes" : { } - } ], - "client" : { - "myclient" : [ ], - "realm-management" : [ { - "id" : "b27b272d-d153-4ae7-9fe7-fd96582f057d", - "name" : "manage-events", - "description" : "${role_manage-events}", - "composite" : false, - "clientRole" : true, - "containerId" : "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", - "attributes" : { } - }, { - "id" : "40fdfec8-f1b9-4c2b-81c5-a775bc047840", - "name" : "manage-users", - "description" : "${role_manage-users}", - "composite" : false, - "clientRole" : true, - "containerId" : "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", - "attributes" : { } - }, { - "id" : "5f446f9a-d008-4067-8325-f4658a32d964", - "name" : "view-authorization", - "description" : "${role_view-authorization}", - "composite" : false, - "clientRole" : true, - "containerId" : "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", - "attributes" : { } - }, { - "id" : "82bf956d-1fd1-4d20-a5a9-62b3e77e9d88", - "name" : "create-client", - "description" : "${role_create-client}", - "composite" : false, - "clientRole" : true, - "containerId" : "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", - "attributes" : { } - }, { - "id" : "b41e1ce8-d63f-4cf4-9966-e6c9eab5da11", - "name" : "manage-clients", - "description" : "${role_manage-clients}", - "composite" : false, - "clientRole" : true, - "containerId" : "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", - "attributes" : { } - }, { - "id" : "3198743d-fdfa-4a9c-a229-5fb979847ec2", - "name" : "view-users", - "description" : "${role_view-users}", - "composite" : true, - "composites" : { - "client" : { - "realm-management" : [ "query-users", "query-groups" ] - } - }, - "clientRole" : true, - "containerId" : "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", - "attributes" : { } - }, { - "id" : "e83c21cb-c84c-4824-9f7d-ce3574921800", - "name" : "query-users", - "description" : "${role_query-users}", - "composite" : false, - "clientRole" : true, - "containerId" : "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", - "attributes" : { } - }, { - "id" : "3f6e2e81-e40d-40ff-a5f3-12ba2614fba5", - "name" : "query-groups", - "description" : "${role_query-groups}", - "composite" : false, - "clientRole" : true, - "containerId" : "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", - "attributes" : { } - }, { - "id" : "63111288-7f3d-4570-838f-48405d70e212", - "name" : "view-realm", - "description" : "${role_view-realm}", - "composite" : false, - "clientRole" : true, - "containerId" : "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", - "attributes" : { } - }, { - "id" : "a7f8f8ad-057b-485e-abfa-8a98e5e0c4ea", - "name" : "manage-realm", - "description" : "${role_manage-realm}", - "composite" : false, - "clientRole" : true, - "containerId" : "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", - "attributes" : { } - }, { - "id" : "7783b160-2f1a-48c9-89fb-623a29f26c9a", - "name" : "query-realms", - "description" : "${role_query-realms}", - "composite" : false, - "clientRole" : true, - "containerId" : "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", - "attributes" : { } - }, { - "id" : "b8b5341f-f44f-40a2-9ba4-e2d621b11b2f", - "name" : "impersonation", - "description" : "${role_impersonation}", - "composite" : false, - "clientRole" : true, - "containerId" : "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", - "attributes" : { } - }, { - "id" : "6b9d72e9-949f-4897-b11a-c8aa9252f3f2", - "name" : "query-clients", - "description" : "${role_query-clients}", - "composite" : false, - "clientRole" : true, - "containerId" : "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", - "attributes" : { } - }, { - "id" : "bfa94ba9-1d70-4259-b928-906e8bb815b2", - "name" : "view-events", - "description" : "${role_view-events}", - "composite" : false, - "clientRole" : true, - "containerId" : "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", - "attributes" : { } - }, { - "id" : "96bb9322-5c1f-48f0-aa05-65521c77e742", - "name" : "realm-admin", - "description" : "${role_realm-admin}", - "composite" : true, - "composites" : { - "client" : { - "realm-management" : [ "manage-users", "view-authorization", "manage-events", "create-client", "view-users", "manage-clients", "query-users", "query-groups", "view-realm", "manage-realm", "query-realms", "query-clients", "impersonation", "view-events", "manage-authorization", "manage-identity-providers", "view-identity-providers", "view-clients" ] - } - }, - "clientRole" : true, - "containerId" : "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", - "attributes" : { } - }, { - "id" : "6e0ca5ce-f5db-4580-90e5-27c35804fc34", - "name" : "manage-authorization", - "description" : "${role_manage-authorization}", - "composite" : false, - "clientRole" : true, - "containerId" : "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", - "attributes" : { } - }, { - "id" : "7499eb46-cf4a-4813-9bf9-42b1bbcadc0d", - "name" : "manage-identity-providers", - "description" : "${role_manage-identity-providers}", - "composite" : false, - "clientRole" : true, - "containerId" : "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", - "attributes" : { } - }, { - "id" : "fcc99ef9-347d-4c21-b25c-8229e906a1a3", - "name" : "view-clients", - "description" : "${role_view-clients}", - "composite" : true, - "composites" : { - "client" : { - "realm-management" : [ "query-clients" ] - } - }, - "clientRole" : true, - "containerId" : "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", - "attributes" : { } - }, { - "id" : "7b024069-57d8-4368-9942-8790507c156d", - "name" : "view-identity-providers", - "description" : "${role_view-identity-providers}", - "composite" : false, - "clientRole" : true, - "containerId" : "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", - "attributes" : { } - } ], - "security-admin-console" : [ ], - "admin-cli" : [ ], - "account-console" : [ ], - "broker" : [ { - "id" : "3050eb8a-9a47-4a27-aece-be2e60fc7f73", - "name" : "read-token", - "description" : "${role_read-token}", - "composite" : false, - "clientRole" : true, - "containerId" : "f5e032da-c8ab-48c2-959c-8466ad1e6a09", - "attributes" : { } - } ], - "account" : [ { - "id" : "d554d15b-d098-47a0-bdd5-d656b20f5643", - "name" : "delete-account", - "description" : "${role_delete-account}", - "composite" : false, - "clientRole" : true, - "containerId" : "7221ef76-9d96-49ad-88a6-9f72eeeb0aa7", - "attributes" : { } - }, { - "id" : "aaf4946d-2cd4-43ba-ad7d-86be56b9ad2c", - "name" : "view-applications", - "description" : "${role_view-applications}", - "composite" : false, - "clientRole" : true, - "containerId" : "7221ef76-9d96-49ad-88a6-9f72eeeb0aa7", - "attributes" : { } - }, { - "id" : "b417b187-18b7-41fa-9537-3313cf9b8ed4", - "name" : "manage-account", - "description" : "${role_manage-account}", - "composite" : true, - "composites" : { - "client" : { - "account" : [ "manage-account-links" ] - } - }, - "clientRole" : true, - "containerId" : "7221ef76-9d96-49ad-88a6-9f72eeeb0aa7", - "attributes" : { } - }, { - "id" : "8bb5480d-83a3-4ea2-8e91-237b8870acec", - "name" : "view-consent", - "description" : "${role_view-consent}", - "composite" : false, - "clientRole" : true, - "containerId" : "7221ef76-9d96-49ad-88a6-9f72eeeb0aa7", - "attributes" : { } - }, { - "id" : "e341c1b8-eaf7-467d-9986-d3f2356a60b9", - "name" : "view-profile", - "description" : "${role_view-profile}", - "composite" : false, - "clientRole" : true, - "containerId" : "7221ef76-9d96-49ad-88a6-9f72eeeb0aa7", - "attributes" : { } - }, { - "id" : "98ccac20-3906-436f-8dc3-ae8d8ae25cbc", - "name" : "view-groups", - "description" : "${role_view-groups}", - "composite" : false, - "clientRole" : true, - "containerId" : "7221ef76-9d96-49ad-88a6-9f72eeeb0aa7", - "attributes" : { } - }, { - "id" : "adfba539-826f-4fa7-86f5-8c1287152ed6", - "name" : "manage-account-links", - "description" : "${role_manage-account-links}", - "composite" : false, - "clientRole" : true, - "containerId" : "7221ef76-9d96-49ad-88a6-9f72eeeb0aa7", - "attributes" : { } - }, { - "id" : "2516ab58-490c-444c-9e7d-0dd8b87a69f0", - "name" : "manage-consent", - "description" : "${role_manage-consent}", - "composite" : true, - "composites" : { - "client" : { - "account" : [ "view-consent" ] - } - }, - "clientRole" : true, - "containerId" : "7221ef76-9d96-49ad-88a6-9f72eeeb0aa7", - "attributes" : { } - } ] - } - }, - "groups" : [ ], - "defaultRole" : { - "id" : "e92017b2-18a0-49cd-956c-fad64f16b26b", - "name" : "default-roles-myrealm", - "description" : "${role_default-roles}", - "composite" : true, - "clientRole" : false, - "containerId" : "5d0dd960-0478-4ca6-b64a-810a3f6f4071" - }, - "requiredCredentials" : [ "password" ], - "otpPolicyType" : "totp", - "otpPolicyAlgorithm" : "HmacSHA1", - "otpPolicyInitialCounter" : 0, - "otpPolicyDigits" : 6, - "otpPolicyLookAheadWindow" : 1, - "otpPolicyPeriod" : 30, - "otpPolicyCodeReusable" : false, - "otpSupportedApplications" : [ "totpAppFreeOTPName", "totpAppGoogleName", "totpAppMicrosoftAuthenticatorName" ], - "localizationTexts" : { - "de" : { - "profile.attributes.favourite_pet" : "" - }, - "no" : { - "profile.attributes.favourite_pet" : "" - }, - "fi" : { - "profile.attributes.favourite_pet" : "" - }, - "ru" : { - "profile.attributes.favourite_pet" : "" - }, - "pt" : { - "profile.attributes.favourite_pet" : "" - }, - "lt" : { - "profile.attributes.favourite_pet" : "" - }, - "lv" : { - "profile.attributes.favourite_pet" : "" - }, - "fr" : { - "profile.attributes.favourite_pet" : "Animal de compagnie préféré", - "profile.attributes.favourite_pet.cat" : "Chat", - "profile.attributes.favourite_pet.dog" : "Chien", - "profile.attributes.favourite_pet.bird" : "Oiseau" - }, - "hu" : { - "profile.attributes.favourite_pet" : "" - }, - "zh-CN" : { - "profile.attributes.favourite_pet" : "" - }, - "uk" : { - "profile.attributes.favourite_pet" : "" - }, - "sk" : { - "profile.attributes.favourite_pet" : "" - }, - "ca" : { - "profile.attributes.favourite_pet" : "" - }, - "sv" : { - "profile.attributes.favourite_pet" : "" - }, - "zh-TW" : { - "profile.attributes.favourite_pet" : "" - }, - "pt-BR" : { - "profile.attributes.favourite_pet" : "" - }, - "en" : { - "profile.attributes.favourite_pet" : "Favourite Pet", - "profile.attributes.favourite_pet.cat" : "Cat", - "profile.attributes.favourite_pet.dog" : "Dog", - "profile.attributes.favourite_pet.bird" : "Bird" - }, - "it" : { - "profile.attributes.favourite_pet" : "" - }, - "es" : { - "profile.attributes.favourite_pet" : "Mascota favorita", - "profile.attributes.favourite_pet.cat" : "Gato", - "profile.attributes.favourite_pet.dog" : "Perro", - "profile.attributes.favourite_pet.bird" : "Pájaro" - }, - "cs" : { - "profile.attributes.favourite_pet" : "" - }, - "ar" : { - "profile.attributes.favourite_pet" : "" - }, - "th" : { - "profile.attributes.favourite_pet" : "" - }, - "ja" : { - "profile.attributes.favourite_pet" : "" - }, - "fa" : { - "profile.attributes.favourite_pet" : "" - }, - "pl" : { - "profile.attributes.favourite_pet" : "" - }, - "da" : { - "profile.attributes.favourite_pet" : "" - }, - "nl" : { - "profile.attributes.favourite_pet" : "" - }, - "tr" : { - "profile.attributes.favourite_pet" : "" - } - }, - "webAuthnPolicyRpEntityName" : "keycloak", - "webAuthnPolicySignatureAlgorithms" : [ "ES256" ], - "webAuthnPolicyRpId" : "", - "webAuthnPolicyAttestationConveyancePreference" : "not specified", - "webAuthnPolicyAuthenticatorAttachment" : "not specified", - "webAuthnPolicyRequireResidentKey" : "not specified", - "webAuthnPolicyUserVerificationRequirement" : "not specified", - "webAuthnPolicyCreateTimeout" : 0, - "webAuthnPolicyAvoidSameAuthenticatorRegister" : false, - "webAuthnPolicyAcceptableAaguids" : [ ], - "webAuthnPolicyExtraOrigins" : [ ], - "webAuthnPolicyPasswordlessRpEntityName" : "keycloak", - "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ], - "webAuthnPolicyPasswordlessRpId" : "", - "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified", - "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified", - "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified", - "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified", - "webAuthnPolicyPasswordlessCreateTimeout" : 0, - "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false, - "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ], - "webAuthnPolicyPasswordlessExtraOrigins" : [ ], - "users" : [ { - "id" : "d93e1772-4916-4243-850f-a6d9b2615716", - "username" : "testuser", - "firstName" : "Test", - "lastName" : "User", - "email" : "testuser@gmail.com", - "emailVerified" : true, - "attributes" : { - "additional_emails" : [ "test.user@protonmail.com", "testuser@hotmail.com" ], - "gender" : [ "prefer_not_to_say" ], - "favorite_pet" : [ "cats" ], - "favourite_pet" : [ "cat" ], - "bio" : [ "Hello I'm Test User and I do not exist." ], - "phone_number" : [ "1111111111" ], - "locale" : [ "en" ], - "favorite_media" : [ "movies", "series" ] - }, - "createdTimestamp" : 1716183898408, - "enabled" : true, - "totp" : false, - "credentials" : [ { - "id" : "576982e2-6fb3-4752-8724-5ff390ea8301", - "type" : "password", - "userLabel" : "My password", - "createdDate" : 1716183916529, - "secretData" : "{\"value\":\"9hwJ989FAr0UgT0MfffNYSI6Zf/3qT/y17DTUcwbiEM=\",\"salt\":\"C3ZnHzgPd+0Lemw4olCOgA==\",\"additionalParameters\":{}}", - "credentialData" : "{\"hashIterations\":5,\"algorithm\":\"argon2\",\"additionalParameters\":{\"hashLength\":[\"32\"],\"memory\":[\"7168\"],\"type\":[\"id\"],\"version\":[\"1.3\"],\"parallelism\":[\"1\"]}}" - } ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "realmRoles" : [ "default-roles-myrealm" ], - "clientRoles" : { - "realm-management" : [ "manage-users", "create-client", "view-users", "view-realm", "query-realms", "impersonation", "view-events", "realm-admin", "manage-authorization", "manage-events", "view-authorization", "manage-clients", "query-users", "query-groups", "manage-realm", "query-clients", "manage-identity-providers", "view-identity-providers", "view-clients" ], - "broker" : [ "read-token" ], - "account" : [ "delete-account", "view-applications", "manage-account", "view-consent", "view-groups", "view-profile", "manage-account-links", "manage-consent" ] - }, - "notBefore" : 0, - "groups" : [ ] - } ], - "scopeMappings" : [ { - "clientScope" : "offline_access", - "roles" : [ "offline_access" ] - } ], - "clientScopeMappings" : { - "account" : [ { - "client" : "account-console", - "roles" : [ "manage-account", "view-groups" ] - } ] - }, - "clients" : [ { - "id" : "7221ef76-9d96-49ad-88a6-9f72eeeb0aa7", - "clientId" : "account", - "name" : "${client_account}", - "rootUrl" : "${authBaseUrl}", - "baseUrl" : "/realms/myrealm/account/", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ "/realms/myrealm/account/*" ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "realm_client" : "false", - "post.logout.redirect.uris" : "+" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "basic", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "d8f14dc4-5f0f-4a1d-8c0b-cfe78ee55cb3", - "clientId" : "account-console", - "name" : "${client_account-console}", - "description" : "", - "rootUrl" : "${authBaseUrl}", - "adminUrl" : "", - "baseUrl" : "/realms/myrealm/account/", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ "*" ], - "webOrigins" : [ "*" ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "realm_client" : "false", - "oidc.ciba.grant.enabled" : "false", - "backchannel.logout.session.required" : "true", - "post.logout.redirect.uris" : "*", - "oauth2.device.authorization.grant.enabled" : "false", - "display.on.consent.screen" : "false", - "pkce.code.challenge.method" : "S256", - "backchannel.logout.revoke.offline.tokens" : "false" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "protocolMappers" : [ { - "id" : "08d7bc08-2ff3-44ea-9d65-fa1c4ca35646", - "name" : "audience resolve", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-audience-resolve-mapper", - "consentRequired" : false, - "config" : { } - } ], - "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "basic", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "953c597f-faef-4abc-88dc-4fbc9501170c", - "clientId" : "admin-cli", - "name" : "${client_admin-cli}", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : false, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : true, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "realm_client" : "false", - "client.use.lightweight.access.token.enabled" : "true", - "post.logout.redirect.uris" : "+" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : true, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "basic", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "f5e032da-c8ab-48c2-959c-8466ad1e6a09", - "clientId" : "broker", - "name" : "${client_broker}", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : true, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "realm_client" : "true", - "post.logout.redirect.uris" : "+" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "basic", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "8fba88fa-61e9-45a4-893d-ab102973ebf6", - "clientId" : "myclient", - "name" : "", - "description" : "", - "rootUrl" : "https://my-theme.keycloakify.dev", - "adminUrl" : "https://my-theme.keycloakify.dev", - "baseUrl" : "https://my-theme.keycloakify.dev", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ "https://my-theme.keycloakify.dev/*", "http://localhost*", "http://127.0.0.1*" ], - "webOrigins" : [ "*" ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : true, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : true, - "protocol" : "openid-connect", - "attributes" : { - "realm_client" : "false", - "oidc.ciba.grant.enabled" : "false", - "backchannel.logout.session.required" : "true", - "login_theme" : "keycloakify-starter", - "post.logout.redirect.uris" : "https://my-theme.keycloakify.dev/*##http://localhost*##http://127.0.0.1*", - "oauth2.device.authorization.grant.enabled" : "false", - "display.on.consent.screen" : "false", - "backchannel.logout.revoke.offline.tokens" : "false" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : true, - "nodeReRegistrationTimeout" : -1, - "protocolMappers" : [ { - "id" : "91a196c1-f93c-48a5-aced-b8d60fb09b62", - "name" : "Favourite Pet", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "favourite_pet", - "id.token.claim" : "true", - "lightweight.claim" : "false", - "access.token.claim" : "true", - "claim.name" : "favourite_pet", - "jsonType.label" : "String" - } - } ], - "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "basic", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", - "clientId" : "realm-management", - "name" : "${client_realm-management}", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : true, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "realm_client" : "true", - "post.logout.redirect.uris" : "+" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "basic", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "fce8a109-6f32-4814-9a20-2ff2435d2da6", - "clientId" : "security-admin-console", - "name" : "${client_security-admin-console}", - "description" : "", - "rootUrl" : "${authAdminUrl}", - "adminUrl" : "", - "baseUrl" : "/admin/myrealm/console/", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ "*" ], - "webOrigins" : [ "*" ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "realm_client" : "false", - "oidc.ciba.grant.enabled" : "false", - "client.use.lightweight.access.token.enabled" : "true", - "backchannel.logout.session.required" : "true", - "post.logout.redirect.uris" : "*", - "oauth2.device.authorization.grant.enabled" : "false", - "display.on.consent.screen" : "false", - "pkce.code.challenge.method" : "S256", - "backchannel.logout.revoke.offline.tokens" : "false" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : true, - "nodeReRegistrationTimeout" : 0, - "protocolMappers" : [ { - "id" : "52192d19-0406-41b7-b995-b099bdbaa448", - "name" : "locale", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "locale", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "locale", - "jsonType.label" : "String" - } - } ], - "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "basic", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - } ], - "clientScopes" : [ { - "id" : "6a955b1e-f0e2-49fa-b3c9-bd59ed1fcd4f", - "name" : "web-origins", - "description" : "OpenID Connect scope for add allowed web origins to the access token", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "false", - "consent.screen.text" : "", - "display.on.consent.screen" : "false" - }, - "protocolMappers" : [ { - "id" : "3a392f70-ed70-424a-b60b-82db32b83df8", - "name" : "allowed web origins", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-allowed-origins-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "access.token.claim" : "true" - } - } ] - }, { - "id" : "9cda058d-9935-4c8b-844d-c163d10f7c3c", - "name" : "address", - "description" : "OpenID Connect built-in scope: address", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "consent.screen.text" : "${addressScopeConsentText}", - "display.on.consent.screen" : "true" - }, - "protocolMappers" : [ { - "id" : "a053d8ec-b267-4e5a-a424-3b14bef9cd15", - "name" : "address", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-address-mapper", - "consentRequired" : false, - "config" : { - "user.attribute.formatted" : "formatted", - "user.attribute.country" : "country", - "introspection.token.claim" : "true", - "user.attribute.postal_code" : "postal_code", - "userinfo.token.claim" : "true", - "user.attribute.street" : "street", - "id.token.claim" : "true", - "user.attribute.region" : "region", - "access.token.claim" : "true", - "user.attribute.locality" : "locality" - } - } ] - }, { - "id" : "6225f4c7-ad5c-42ea-b7d4-5bb4e7c77459", - "name" : "phone", - "description" : "OpenID Connect built-in scope: phone", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "consent.screen.text" : "${phoneScopeConsentText}", - "display.on.consent.screen" : "true" - }, - "protocolMappers" : [ { - "id" : "5052be82-243f-41b0-a214-4f01935180e5", - "name" : "phone number", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "phoneNumber", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "phone_number", - "jsonType.label" : "String" - } - }, { - "id" : "4d31d278-e6ef-4b8b-97cb-4da9626d0e93", - "name" : "phone number verified", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "phoneNumberVerified", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "phone_number_verified", - "jsonType.label" : "boolean" - } - } ] - }, { - "id" : "9357440c-6200-41a1-a447-0ec97895763e", - "name" : "basic", - "description" : "OpenID Connect scope for add all basic claims to the token", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "false", - "display.on.consent.screen" : "false" - }, - "protocolMappers" : [ { - "id" : "bf9cb6c6-71a4-4bf9-8c60-ed58adcc2258", - "name" : "auth_time", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usersessionmodel-note-mapper", - "consentRequired" : false, - "config" : { - "user.session.note" : "AUTH_TIME", - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "auth_time", - "jsonType.label" : "long" - } - }, { - "id" : "679c8292-1abb-4d96-bacc-671303765f9b", - "name" : "sub", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-sub-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "access.token.claim" : "true" - } - } ] - }, { - "id" : "0ec225e7-253b-4a01-85e1-68daf3df3eba", - "name" : "role_list", - "description" : "SAML role list", - "protocol" : "saml", - "attributes" : { - "consent.screen.text" : "${samlRoleListScopeConsentText}", - "display.on.consent.screen" : "true" - }, - "protocolMappers" : [ { - "id" : "a55cf74e-ce68-4ebd-9c24-dc3fd6a9cfa5", - "name" : "role list", - "protocol" : "saml", - "protocolMapper" : "saml-role-list-mapper", - "consentRequired" : false, - "config" : { - "single" : "false", - "attribute.nameformat" : "Basic", - "attribute.name" : "Role" - } - } ] - }, { - "id" : "e2f1dd86-00a2-4374-b888-7211f748c58d", - "name" : "offline_access", - "description" : "OpenID Connect built-in scope: offline_access", - "protocol" : "openid-connect", - "attributes" : { - "consent.screen.text" : "${offlineAccessScopeConsentText}", - "display.on.consent.screen" : "true" - } - }, { - "id" : "e86456b8-0663-448e-ad16-7d520d0c448e", - "name" : "profile", - "description" : "OpenID Connect built-in scope: profile", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "consent.screen.text" : "${profileScopeConsentText}", - "display.on.consent.screen" : "true" - }, - "protocolMappers" : [ { - "id" : "569c799d-79f2-4b2b-a1ec-3661e3d8d433", - "name" : "gender", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "gender", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "gender", - "jsonType.label" : "String" - } - }, { - "id" : "2d01eb48-77c3-4c83-a864-755699cb7e7c", - "name" : "updated at", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "updatedAt", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "updated_at", - "jsonType.label" : "long" - } - }, { - "id" : "a9700270-006f-4a85-8458-f39644659029", - "name" : "locale", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "locale", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "locale", - "jsonType.label" : "String" - } - }, { - "id" : "3a7bca96-0839-4d1e-b37d-6e624f37facb", - "name" : "profile", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "profile", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "profile", - "jsonType.label" : "String" - } - }, { - "id" : "2a41be1c-872a-4b3e-9051-71ebd5d140c1", - "name" : "website", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "website", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "website", - "jsonType.label" : "String" - } - }, { - "id" : "9fe5e57d-ee79-4b8b-9ab2-345093a1fdbf", - "name" : "full name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-full-name-mapper", - "consentRequired" : false, - "config" : { - "id.token.claim" : "true", - "introspection.token.claim" : "true", - "access.token.claim" : "true", - "userinfo.token.claim" : "true" - } - }, { - "id" : "bda9e4e7-4de0-455d-bace-4e94b1dab5ad", - "name" : "nickname", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "nickname", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "nickname", - "jsonType.label" : "String" - } - }, { - "id" : "312a0b4d-46b8-42e0-b162-e5869b317b36", - "name" : "zoneinfo", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "zoneinfo", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "zoneinfo", - "jsonType.label" : "String" - } - }, { - "id" : "4f8ac9bc-e32d-4ebb-bb85-b9a94a459aa1", - "name" : "username", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "username", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "preferred_username", - "jsonType.label" : "String" - } - }, { - "id" : "bebdf0c7-6f0f-4b08-a327-50af837c82b9", - "name" : "family name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "lastName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "family_name", - "jsonType.label" : "String" - } - }, { - "id" : "d96d9686-f4e0-479a-9855-cfc526a35294", - "name" : "middle name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "middleName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "middle_name", - "jsonType.label" : "String" - } - }, { - "id" : "66ad8239-e1df-4f9d-9cb7-d35f23f95f37", - "name" : "given name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "firstName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "given_name", - "jsonType.label" : "String" - } - }, { - "id" : "ece8245b-16ae-4322-bc78-f8d5f671640a", - "name" : "picture", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "picture", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "picture", - "jsonType.label" : "String" - } - }, { - "id" : "384cf049-0fed-47e2-8b11-06cf6c03465d", - "name" : "birthdate", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "birthdate", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "birthdate", - "jsonType.label" : "String" - } - } ] - }, { - "id" : "49e85de9-edd1-4a9e-a2b0-e9c663d4dd9a", - "name" : "email", - "description" : "OpenID Connect built-in scope: email", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "consent.screen.text" : "${emailScopeConsentText}", - "display.on.consent.screen" : "true" - }, - "protocolMappers" : [ { - "id" : "d458e6fc-b414-4b45-b9e1-99342d7d2bba", - "name" : "email", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "email", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "email", - "jsonType.label" : "String" - } - }, { - "id" : "2b73ce63-0443-46dc-b35c-1148edb976ab", - "name" : "email verified", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "emailVerified", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "email_verified", - "jsonType.label" : "boolean" - } - } ] - }, { - "id" : "71303f6d-348a-4892-9d6f-dc9a2d2e4b14", - "name" : "microprofile-jwt", - "description" : "Microprofile - JWT built-in scope", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "false" - }, - "protocolMappers" : [ { - "id" : "498cbff6-a650-4a09-8192-5defaa50f33b", - "name" : "upn", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "username", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "upn", - "jsonType.label" : "String" - } - }, { - "id" : "eb8585bc-ca30-410e-9f92-0d63665f5ed6", - "name" : "groups", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-realm-role-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "multivalued" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "foo", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "groups", - "jsonType.label" : "String" - } - } ] - }, { - "id" : "62b8c264-2c10-48c6-803f-b7606a89e0d9", - "name" : "roles", - "description" : "OpenID Connect scope for add user roles to the access token", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "false", - "consent.screen.text" : "${rolesScopeConsentText}", - "display.on.consent.screen" : "true" - }, - "protocolMappers" : [ { - "id" : "0c18ca55-df63-4071-81f9-43f5d077c015", - "name" : "realm roles", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-realm-role-mapper", - "consentRequired" : false, - "config" : { - "user.attribute" : "foo", - "introspection.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "realm_access.roles", - "jsonType.label" : "String", - "multivalued" : "true" - } - }, { - "id" : "6de6510d-d7f3-4289-a10f-4c21289313a4", - "name" : "audience resolve", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-audience-resolve-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "access.token.claim" : "true" - } - }, { - "id" : "a5851eb2-bfc5-4a0a-8a49-92f4fc8c5041", - "name" : "client roles", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-client-role-mapper", - "consentRequired" : false, - "config" : { - "user.attribute" : "foo", - "introspection.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "resource_access.${client_id}.roles", - "jsonType.label" : "String", - "multivalued" : "true" - } - } ] - }, { - "id" : "bfc69775-83af-4816-82fd-d1c42687fb5e", - "name" : "acr", - "description" : "OpenID Connect scope for add acr (authentication context class reference) to the token", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "false", - "display.on.consent.screen" : "false" - }, - "protocolMappers" : [ { - "id" : "8e2027d5-32dd-4a87-a7ec-00e5316c5617", - "name" : "acr loa level", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-acr-mapper", - "consentRequired" : false, - "config" : { - "id.token.claim" : "true", - "introspection.token.claim" : "true", - "access.token.claim" : "true", - "userinfo.token.claim" : "true" - } - } ] - } ], - "defaultDefaultClientScopes" : [ "role_list", "profile", "email", "roles", "web-origins", "acr", "basic" ], - "defaultOptionalClientScopes" : [ "offline_access", "address", "phone", "microprofile-jwt" ], - "browserSecurityHeaders" : { - "contentSecurityPolicyReportOnly" : "", - "xContentTypeOptions" : "nosniff", - "referrerPolicy" : "no-referrer", - "xRobotsTag" : "none", - "xFrameOptions" : "SAMEORIGIN", - "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - "xXSSProtection" : "1; mode=block", - "strictTransportSecurity" : "max-age=31536000; includeSubDomains" - }, - "smtpServer" : { }, - "loginTheme" : "keycloakify-starter", - "accountTheme" : "keycloakify-starter", - "adminTheme" : "", - "emailTheme" : "", - "eventsEnabled" : false, - "eventsListeners" : [ "keycloakify-logging", "jboss-logging" ], - "enabledEventTypes" : [ "SEND_RESET_PASSWORD", "UPDATE_CONSENT_ERROR", "GRANT_CONSENT", "VERIFY_PROFILE_ERROR", "REMOVE_TOTP", "REVOKE_GRANT", "UPDATE_TOTP", "LOGIN_ERROR", "CLIENT_LOGIN", "RESET_PASSWORD_ERROR", "UPDATE_CREDENTIAL", "IMPERSONATE_ERROR", "CODE_TO_TOKEN_ERROR", "CUSTOM_REQUIRED_ACTION", "OAUTH2_DEVICE_CODE_TO_TOKEN_ERROR", "RESTART_AUTHENTICATION", "IMPERSONATE", "UPDATE_PROFILE_ERROR", "LOGIN", "OAUTH2_DEVICE_VERIFY_USER_CODE", "UPDATE_PASSWORD_ERROR", "CLIENT_INITIATED_ACCOUNT_LINKING", "OAUTH2_EXTENSION_GRANT", "USER_DISABLED_BY_PERMANENT_LOCKOUT", "REMOVE_CREDENTIAL_ERROR", "TOKEN_EXCHANGE", "AUTHREQID_TO_TOKEN", "LOGOUT", "REGISTER", "DELETE_ACCOUNT_ERROR", "CLIENT_REGISTER", "IDENTITY_PROVIDER_LINK_ACCOUNT", "USER_DISABLED_BY_TEMPORARY_LOCKOUT", "DELETE_ACCOUNT", "UPDATE_PASSWORD", "CLIENT_DELETE", "FEDERATED_IDENTITY_LINK_ERROR", "IDENTITY_PROVIDER_FIRST_LOGIN", "CLIENT_DELETE_ERROR", "VERIFY_EMAIL", "CLIENT_LOGIN_ERROR", "RESTART_AUTHENTICATION_ERROR", "EXECUTE_ACTIONS", "REMOVE_FEDERATED_IDENTITY_ERROR", "TOKEN_EXCHANGE_ERROR", "PERMISSION_TOKEN", "FEDERATED_IDENTITY_OVERRIDE_LINK", "SEND_IDENTITY_PROVIDER_LINK_ERROR", "UPDATE_CREDENTIAL_ERROR", "EXECUTE_ACTION_TOKEN_ERROR", "OAUTH2_EXTENSION_GRANT_ERROR", "SEND_VERIFY_EMAIL", "OAUTH2_DEVICE_AUTH", "EXECUTE_ACTIONS_ERROR", "REMOVE_FEDERATED_IDENTITY", "OAUTH2_DEVICE_CODE_TO_TOKEN", "IDENTITY_PROVIDER_POST_LOGIN", "IDENTITY_PROVIDER_LINK_ACCOUNT_ERROR", "FEDERATED_IDENTITY_OVERRIDE_LINK_ERROR", "OAUTH2_DEVICE_VERIFY_USER_CODE_ERROR", "UPDATE_EMAIL", "REGISTER_ERROR", "REVOKE_GRANT_ERROR", "EXECUTE_ACTION_TOKEN", "LOGOUT_ERROR", "UPDATE_EMAIL_ERROR", "CLIENT_UPDATE_ERROR", "AUTHREQID_TO_TOKEN_ERROR", "INVITE_ORG_ERROR", "UPDATE_PROFILE", "CLIENT_REGISTER_ERROR", "FEDERATED_IDENTITY_LINK", "INVITE_ORG", "SEND_IDENTITY_PROVIDER_LINK", "SEND_VERIFY_EMAIL_ERROR", "RESET_PASSWORD", "CLIENT_INITIATED_ACCOUNT_LINKING_ERROR", "OAUTH2_DEVICE_AUTH_ERROR", "REMOVE_CREDENTIAL", "UPDATE_CONSENT", "REMOVE_TOTP_ERROR", "VERIFY_EMAIL_ERROR", "SEND_RESET_PASSWORD_ERROR", "CLIENT_UPDATE", "CUSTOM_REQUIRED_ACTION_ERROR", "IDENTITY_PROVIDER_POST_LOGIN_ERROR", "UPDATE_TOTP_ERROR", "CODE_TO_TOKEN", "VERIFY_PROFILE", "GRANT_CONSENT_ERROR", "IDENTITY_PROVIDER_FIRST_LOGIN_ERROR" ], - "adminEventsEnabled" : false, - "adminEventsDetailsEnabled" : false, - "identityProviders" : [ ], - "identityProviderMappers" : [ ], - "components" : { - "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ { - "id" : "67526992-f0ce-42ff-a0fb-af267192ff70", - "name" : "Allowed Client Scopes", - "providerId" : "allowed-client-templates", - "subType" : "authenticated", - "subComponents" : { }, - "config" : { - "allow-default-scopes" : [ "true" ] - } - }, { - "id" : "64a2f718-da10-45d9-a75a-69c156a7ccd8", - "name" : "Allowed Protocol Mapper Types", - "providerId" : "allowed-protocol-mappers", - "subType" : "authenticated", - "subComponents" : { }, - "config" : { - "allowed-protocol-mapper-types" : [ "oidc-full-name-mapper", "saml-user-property-mapper", "saml-role-list-mapper", "oidc-usermodel-attribute-mapper", "oidc-address-mapper", "oidc-usermodel-property-mapper", "saml-user-attribute-mapper", "oidc-sha256-pairwise-sub-mapper" ] - } - }, { - "id" : "4d3e104f-6fdf-45eb-b756-5fef6840fbed", - "name" : "Consent Required", - "providerId" : "consent-required", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { } - }, { - "id" : "c647e85f-6700-4d66-84f2-4a869e467735", - "name" : "Max Clients Limit", - "providerId" : "max-clients", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "max-clients" : [ "200" ] - } - }, { - "id" : "51f41974-f7e5-4e7d-b486-5bd652a98e93", - "name" : "Allowed Protocol Mapper Types", - "providerId" : "allowed-protocol-mappers", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "allowed-protocol-mapper-types" : [ "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", "saml-user-property-mapper", "saml-user-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-address-mapper", "saml-role-list-mapper", "oidc-full-name-mapper" ] - } - }, { - "id" : "8f7d6ece-e956-4e48-95ab-5ab72b2b7c9a", - "name" : "Allowed Client Scopes", - "providerId" : "allowed-client-templates", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "allow-default-scopes" : [ "true" ] - } - }, { - "id" : "e60b1167-cdee-4173-be99-3dad6a536b4a", - "name" : "Trusted Hosts", - "providerId" : "trusted-hosts", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "host-sending-registration-request-must-match" : [ "true" ], - "client-uris-must-match" : [ "true" ] - } - }, { - "id" : "5ba8b893-ab01-430b-9092-32646a50a662", - "name" : "Full Scope Disabled", - "providerId" : "scope", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { } - } ], - "org.keycloak.userprofile.UserProfileProvider" : [ { - "id" : "237022c6-9443-46b3-902e-210e14c3c9a8", - "providerId" : "declarative-user-profile", - "subComponents" : { }, - "config" : { - "kc.user.profile.config" : [ "{\"attributes\":[{\"name\":\"username\",\"displayName\":\"${username}\",\"validations\":{\"length\":{\"min\":3,\"max\":255},\"username-prohibited-characters\":{},\"up-username-not-idn-homograph\":{}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"email\",\"displayName\":\"${email}\",\"validations\":{\"email\":{},\"length\":{\"max\":255}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"firstName\",\"displayName\":\"${firstName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"lastName\",\"displayName\":\"${lastName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"favourite_pet\",\"displayName\":\"${profile.attributes.favourite_pet}\",\"validations\":{\"options\":{\"options\":[\"cat\",\"dog\",\"bird\"]}},\"annotations\":{\"inputType\":\"select\",\"inputOptionLabelsI18nPrefix\":\"profile.attributes.favourite_pet\"},\"required\":{\"roles\":[\"admin\",\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false}],\"groups\":[{\"name\":\"user-metadata\",\"displayHeader\":\"User metadata\",\"displayDescription\":\"Attributes, which refer to user metadata\"}]}" ] - } - } ], - "org.keycloak.keys.KeyProvider" : [ { - "id" : "5f3c1765-8810-419f-9c18-4a2db0e874e7", - "name" : "rsa-generated", - "providerId" : "rsa-generated", - "subComponents" : { }, - "config" : { - "privateKey" : [ "MIIEoQIBAAKCAQEAxTFMvRiNiQjY9zajvLsah6Vy4pn8U7smsnBcHS9SkLJ1j9O8+90B90tIZk4IqEE4gdJA/mbbeUnou1vWuc0k69diQMFelzdIaDqJaFFeOS+J1DoApjThjGIz7FIgmGi6qoN8xnrPVD/6oMYAuxTvQaJH7mENiIG0198dvaufV1mFPg+krTsh7Womo2CJeZmNuAXv7RDQYxwPYDCFZLbppez48D7+2D+1V6Stk6Xwz8IDQZvljxDF6W2P9rhPWV1C5tcJpC/9RPyGDo+ke8UN3fM6X7YOgpbMztVrg8J0aTqPXZ7dt6QFUqVOufo+5wYL2jCafpYNV8cmaGlY+Q3d5QIDAQABAoH/DIPcaZaJTLG4FeUKGOaT40nesEiINRY99aeIkp+hdGj1EgTEn49TyLENGnhrrdbIvOJDeD6Z6dbpJBDvfFevxa589EnVKaGaaW5U91FDyVYH2YPU411dAeOp0z1xwxXzlJqX3h42ZJnvLAp/2l1Xo64vGCoTJtYlppAvpe2MjANxPNObAc65Phdi/sConAlwMeBylWXJ574uryFrJ64W/sUuIUMSunGGz0db4Y1hfkX9U2YnxB3DdXCBH09jQJyKDSj6feNXR87+1KhqcFMd5DUiGSAOqRBzuBMsDf1QDJd8A/DDlK7e/PA1Yk/Dii4hsf+LCeOdmhlifuyROqJBAoGBAOEm4gLvaBWwnUhmr4sW8xywIhGGbU+MX6vm/KkGtScres7pPhmfy6ARUzCxxyBqIE+nhCRNBpOEPhP7dv8naJhZZ4fRvNzuXpUMT2X3bc5yNzdhaOxBJl95YQbrYUHhjcIw2kdXnIkpdbB/RqmY0F5BUTYECrd0tKWbjuL5RIRNAoGBAOA1wTXrYyVorouxV+mGNb62Py+utHJQKSa5cxF9nbbwWJd+FdreiBOJddjATmH8ovKjueQFVqK7koDveOb+pgRY2bpT88/NW8UF6a2wMiI0p6pxrR+hgzas480YiOCWr6XlsprqsSKBbEu4W97GicleZ6P5Iso/gBr9aHj9EWv5AoGAYhRzHj42RESUr4Zz8A5GR3f+z02U7rNCtfrAk80lOvP44ou+jqEKrib961d2XAt/GdPqf3nCZJ6WAFRp6Qq8yKkhrYvTTxbTwvAC4nNftTASF6DqeQiEc9DHUKFW08Ey5KYtYCitOx8BcqpvGNBF7NldTD+Ef5hqXT4fh4Z4r30CgYEAy2OYGMymTRowNKK06C+Kc62plhy6rnRPUESswLIeLwTKqOqE8t4pvOdWk0CoGjVusAOcLuA03jyfwvz5xTo96fWb1W4w31IgLJOXjqsmX2c6reCfNvFyMVgW8keOa4XmYu0C34uFEpMrZWkhVe7usVBFXjczuxptoI4+hnqzoikCgYBICBVR9Z7n2LvmWH19/Nnns8dsMn5peL7H6Mey76Lo9RMEMp4qhiJTqVZzWgxEyVjr0KFCHmdmwkTOm6A1yYmkqqXDdiJ9v4J4fXe0lRAoUoYPTOWynrCyd6uqq+3zlzTKW8jY9luywHq6msn07D636PvveeZ93DNCcO8Whw36rQ==" ], - "certificate" : [ "MIICnTCCAYUCBgGTulJBzTANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdteXJlYWxtMB4XDTI0MTIxMjEwMDExM1oXDTM0MTIxMjEwMDI1M1owEjEQMA4GA1UEAwwHbXlyZWFsbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMUxTL0YjYkI2Pc2o7y7GoelcuKZ/FO7JrJwXB0vUpCydY/TvPvdAfdLSGZOCKhBOIHSQP5m23lJ6Ltb1rnNJOvXYkDBXpc3SGg6iWhRXjkvidQ6AKY04YxiM+xSIJhouqqDfMZ6z1Q/+qDGALsU70GiR+5hDYiBtNffHb2rn1dZhT4PpK07Ie1qJqNgiXmZjbgF7+0Q0GMcD2AwhWS26aXs+PA+/tg/tVekrZOl8M/CA0Gb5Y8Qxeltj/a4T1ldQubXCaQv/UT8hg6PpHvFDd3zOl+2DoKWzM7Va4PCdGk6j12e3bekBVKlTrn6PucGC9owmn6WDVfHJmhpWPkN3eUCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEATZXyOluloTj6Q/Mv0JjstfdvPQbzGFzWtULB1ttOJqQVL+IJoF8V79HIvfP9U5OYaOdYk9dDurQcd2hXvEtX+zQlLYGniRfJlFI7d+m6MDXa7/g1r+OmcvaiXX7O3ol7eJdymPKS79+PSWFsHk0JjfgRJ11jajOscYPoQ+IvxXgwuy6v7VHigsLnGnmmo+KWiKO6Cna6eilm6/awYXaoym4ky9S4T5+WaJwd/tH/n5VY77zyXaXfANd1hU/+4Ux/eaGVnoMAM4ud2emd4qCN2tQQ3HusIVl+5V+S8Uq1y54mBpXv6CAODDGDJeFa+cGPJUSLdv/ZT2F8yfDlDc4J6g==" ], - "priority" : [ "100" ] - } - }, { - "id" : "e586f825-a25a-4833-a38e-4c6484ad17fd", - "name" : "rsa-enc-generated", - "providerId" : "rsa-enc-generated", - "subComponents" : { }, - "config" : { - "privateKey" : [ "MIIEogIBAAKCAQEAungL4osLyP8bE6MSKj8ZMJTG8WBh3K2/xB5BJYCYc7P1CIORZI9o/vKQx1QnP+CXkIKnnR2kzIzC0rnTqlIOkaZfhmSn50jG5vNBS9qPT+WU7Ue3qKxuWJFwcaFU5SEJawJHqnDPK+pktkkxkudeMHz6iaKPs+wKcbfrRJ6+3a3FqQQdHEQg4IjVU8pBZmag1c7JHayiM56OT5y6jmE5JvY60959iPrZPXSTMU3hNoiVwdyK6QwdK+/0wrO681VhIP+u2pe92nQ+hsgMSSQJegLx1UsEEyU87syblG+p3zAKSS+kt2nviV/a2cYiiME0LdlQ3lnKsQ4t1Y6yZBiS2QIDAQABAoIBABhozI18TC+kjWPVrfQPzHlakGxahJUBvZ+rojWJjutefE4AAxFZ4JG3KRKexoCLIuwM3monzkHkj0BMiRO7qCKS1+Bc3snc8gSbhUmrs6Tu1b7162nOIKfBainFx7oyx+vVIZKDL+t8xHBERpQHa4IHajiIKi2QUZGvVMHn0e5srkPK0eSMjb5Z5j61aFb8InQzs7tczr99ke4VavOPT1gmRWGnbTavUbw/zIQ9sxAuMiD2v0nrGlOLZrMhaqzsT6PjIWVCSZrWex1pin9gA4XwGZ39E7+zFWgg+2OX0dEvehVDluAQR0K4PBUknuL1LFFW8dpvCrUSTmGGQOSVuB0CgYEA+bQjbjTNiMTEfoxx/WvVDgtLRL/x9RVyeYTPia2TGNBwpEcU64lLMOwUt5X/QuGXayPr0EGAxMA8kwq/E8Wj2t9+SuqkGK9SIwvghi2fOh0KWghuQbKYMogG5hsJAI8+/mBIOJJ8pyh0RX58vaTlYctbThO22aVahhZQ2weaW58CgYEAvyu4vIe44/7F19Hjh2BW+9lHsHA2zwHvC5T1kFaEdBYEwGsLMW6leCsiEMfpc2Uq3k9+buZgVpTE5APs9cSJX1aUXEG5QHQmYDxAAMiTyvpj0o2cKbDi1A5QZCRo23lC+uDyR7g2zLDJuHek0uyCtd83hbgyxIVFUnfvI9EmfocCgYBtpcZxHEqspgrKrw1XBMTXl+oDVG4A+tv7tHAVutx+5vivim8LRox3/RLT0s/2JG2DJJDmL/1FaEyxHOTu37il4cHpT8Oi+0mMDikXgm0K7bmf81fHDY97kPPGk1SOpFg7BzhvbxPBqyfzZCmOdRwsp0l+rXV7ePqZKq9ynpIPbQKBgFO/LZC5zE9k/vrK4egeVjzCNNugbQJGkJf8S49Nt3y7YJ2Cx0aCeE6qZqP/T8/Tk/IL1RF0LuP/DDnvVlFcJen0Hc5EpIkN2Pnzqv4s4EHdavmEO9MvwE6xbppQMPdkqekJvlmY47jMAbKkBzq3jZNrFAGqbeMVlwbHr6V7LGflAoGANFbzOnUMJwUfIdoI9uEG2QOTAcBb7vzt9MurO67wiTexOYadOSlcV1lQX3RKR9mCFJwy4kud0TN0gD++Ggl10eNB6f8JOF95e5+tWrtz88xZ5EalBOMfh+ATdKq8Q9MBSWZvO9bizhW1dhZZds/QmHgEItdwsTKDAq1PEiXhD0c=" ], - "certificate" : [ "MIICnTCCAYUCBgGTulJDCDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdteXJlYWxtMB4XDTI0MTIxMjEwMDExM1oXDTM0MTIxMjEwMDI1M1owEjEQMA4GA1UEAwwHbXlyZWFsbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALp4C+KLC8j/GxOjEio/GTCUxvFgYdytv8QeQSWAmHOz9QiDkWSPaP7ykMdUJz/gl5CCp50dpMyMwtK506pSDpGmX4Zkp+dIxubzQUvaj0/llO1Ht6isbliRcHGhVOUhCWsCR6pwzyvqZLZJMZLnXjB8+omij7PsCnG360Sevt2txakEHRxEIOCI1VPKQWZmoNXOyR2sojOejk+cuo5hOSb2OtPefYj62T10kzFN4TaIlcHciukMHSvv9MKzuvNVYSD/rtqXvdp0PobIDEkkCXoC8dVLBBMlPO7Mm5Rvqd8wCkkvpLdp74lf2tnGIojBNC3ZUN5ZyrEOLdWOsmQYktkCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAPhPdLFcXdQT4k06oXB06ZSJ8AkZNXLvQFWCHXI34OmrS2yTse+dLqrqehnC3kPwxElVmawoUVc1sbsk7fUnspfM+Xw20PaABZu4MO2m5TB98f1hEkezP9fSqgPeuWJgTL8ZW5kkZyiD3IaZoqyxzYXaFxKHhU455g+k2+DO+N6FreVKcYz12Q5EMaxZ6U1neZAo3vicNxM3/TA5V8sPK8+oKvon7v5OyjpOH0goJo9v/klKeUk36h4u2h1S67IhVSU7tfzVFYrpns1JhrwGZ2xavVqEoqX8zFp3GKz3yVXkwHRHlrzYkZoGn21rm5boXIP3wEB7yXZbXWTiUko/IFw==" ], - "priority" : [ "100" ], - "algorithm" : [ "RSA-OAEP" ] - } - }, { - "id" : "d85dae25-3728-46a0-980b-46171ba50cdd", - "name" : "aes-generated", - "providerId" : "aes-generated", - "subComponents" : { }, - "config" : { - "kid" : [ "c36222c6-6a43-4d32-9d44-d5d355e5cabd" ], - "secret" : [ "rzL4qUQ7wTEkZDbgt595VA" ], - "priority" : [ "100" ] - } - }, { - "id" : "8c3bb039-6f5b-4bdc-9faa-e0f6038d9e6b", - "name" : "hmac-generated-hs512", - "providerId" : "hmac-generated", - "subComponents" : { }, - "config" : { - "kid" : [ "06532a54-c310-41c1-829c-58776ce2ab4a" ], - "secret" : [ "9v1ZjFhEFH6UpY6ncFkaCbqJYHMyI4tA0cvx4GuQ5KtMXYbimitSSVDqxIKwa-gBC_8bY2O4FQfpmp1Qn1-L4fFmPFfIF3ZKsO16263BwpADo_FNSBTte8Le4gJLylqFULdsn3ye17FHyq5Jjms_OTt3opzcDLNduCuK22GBBsU" ], - "priority" : [ "100" ], - "algorithm" : [ "HS512" ] - } - } ] - }, - "internationalizationEnabled" : true, - "supportedLocales" : [ "en", "fr", "es" ], - "defaultLocale" : "en", - "authenticationFlows" : [ { - "id" : "0e1abbbe-40e3-4754-9fe2-8a7d1f82354e", - "alias" : "Account verification options", - "description" : "Method with which to verity the existing account", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "idp-email-verification", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "ALTERNATIVE", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "Verify Existing Account by Re-authentication", - "userSetupAllowed" : false - } ] - }, { - "id" : "f279cc4d-ebed-4390-a5d4-0cbb6dd662ae", - "alias" : "Browser - Conditional OTP", - "description" : "Flow to determine if the OTP is required for the authentication", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "auth-otp-form", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "6926f455-0fd0-4ac6-9fc1-333b86c4150f", - "alias" : "Direct Grant - Conditional OTP", - "description" : "Flow to determine if the OTP is required for the authentication", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "direct-grant-validate-otp", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "b11840e7-21ec-4200-bf3c-c7853646a908", - "alias" : "First broker login - Conditional OTP", - "description" : "Flow to determine if the OTP is required for the authentication", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "auth-otp-form", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "615b4d0e-e71e-4c96-aed3-b03b34b61808", - "alias" : "Handle Existing Account", - "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "idp-confirm-link", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "Account verification options", - "userSetupAllowed" : false - } ] - }, { - "id" : "36958ec5-62d7-4d51-8b30-7a6709476aec", - "alias" : "Reset - Conditional OTP", - "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "reset-otp", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "aa4a7ac2-ec63-48ea-a70f-b3f18992b99a", - "alias" : "User creation or linking", - "description" : "Flow for the existing/non-existing user alternatives", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticatorConfig" : "create unique user config", - "authenticator" : "idp-create-user-if-unique", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "ALTERNATIVE", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "Handle Existing Account", - "userSetupAllowed" : false - } ] - }, { - "id" : "dafdfc68-72eb-49b2-a8f4-495ee25fba21", - "alias" : "Verify Existing Account by Re-authentication", - "description" : "Reauthentication of existing account", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "idp-username-password-form", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "CONDITIONAL", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "First broker login - Conditional OTP", - "userSetupAllowed" : false - } ] - }, { - "id" : "6a39b6db-c81e-4de4-92a8-a9e504593f2e", - "alias" : "browser", - "description" : "browser based authentication", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "auth-cookie", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "auth-spnego", - "authenticatorFlow" : false, - "requirement" : "DISABLED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "identity-provider-redirector", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 25, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "ALTERNATIVE", - "priority" : 30, - "autheticatorFlow" : true, - "flowAlias" : "forms", - "userSetupAllowed" : false - } ] - }, { - "id" : "6fa840df-bc04-4045-9e33-8901d183b165", - "alias" : "clients", - "description" : "Base authentication for clients", - "providerId" : "client-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "client-secret", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "client-jwt", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "client-secret-jwt", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 30, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "client-x509", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 40, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "4aa24ca0-ad09-4f30-806b-4c699724d731", - "alias" : "direct grant", - "description" : "OpenID Connect Resource Owner Grant", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "direct-grant-validate-username", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "direct-grant-validate-password", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "CONDITIONAL", - "priority" : 30, - "autheticatorFlow" : true, - "flowAlias" : "Direct Grant - Conditional OTP", - "userSetupAllowed" : false - } ] - }, { - "id" : "0a914ba4-f662-4b85-af64-74738a222b7f", - "alias" : "docker auth", - "description" : "Used by Docker clients to authenticate against the IDP", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "docker-http-basic-authenticator", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "9b40f15f-b690-4fe2-9fe8-07e77d965297", - "alias" : "first broker login", - "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticatorConfig" : "review profile config", - "authenticator" : "idp-review-profile", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "User creation or linking", - "userSetupAllowed" : false - } ] - }, { - "id" : "c8a9848f-8dd8-4e13-b521-0a537d92ec36", - "alias" : "forms", - "description" : "Username, password, otp and other auth forms.", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "auth-username-password-form", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "CONDITIONAL", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "Browser - Conditional OTP", - "userSetupAllowed" : false - } ] - }, { - "id" : "603957f8-b0a5-4885-aafd-e2757e431954", - "alias" : "registration", - "description" : "registration flow", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "registration-page-form", - "authenticatorFlow" : true, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : true, - "flowAlias" : "registration form", - "userSetupAllowed" : false - } ] - }, { - "id" : "f41632f9-7fad-427d-ae7a-78ac9b1f51d0", - "alias" : "registration form", - "description" : "registration form", - "providerId" : "form-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "registration-user-creation", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "registration-password-action", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 50, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "registration-recaptcha-action", - "authenticatorFlow" : false, - "requirement" : "DISABLED", - "priority" : 60, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "registration-terms-and-conditions", - "authenticatorFlow" : false, - "requirement" : "DISABLED", - "priority" : 70, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "27a133ca-e05e-4c93-a3b7-ffe14b4e62ec", - "alias" : "reset credentials", - "description" : "Reset credentials for a user if they forgot their password or something", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "reset-credentials-choose-user", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "reset-credential-email", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "reset-password", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 30, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "CONDITIONAL", - "priority" : 40, - "autheticatorFlow" : true, - "flowAlias" : "Reset - Conditional OTP", - "userSetupAllowed" : false - } ] - }, { - "id" : "06cd7382-4944-4499-94dc-9908544e291b", - "alias" : "saml ecp", - "description" : "SAML ECP Profile Authentication Flow", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "http-basic-authenticator", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - } ], - "authenticatorConfig" : [ { - "id" : "5f953def-6f7c-430f-a33f-440ec2d2dddd", - "alias" : "create unique user config", - "config" : { - "require.password.update.after.registration" : "false" - } - }, { - "id" : "b3dad9a1-5b82-4e91-a250-157a45694e24", - "alias" : "review profile config", - "config" : { - "update.profile.on.first.login" : "missing" - } - } ], - "requiredActions" : [ { - "alias" : "CONFIGURE_TOTP", - "name" : "Configure OTP", - "providerId" : "CONFIGURE_TOTP", - "enabled" : true, - "defaultAction" : false, - "priority" : 10, - "config" : { } - }, { - "alias" : "TERMS_AND_CONDITIONS", - "name" : "Terms and Conditions", - "providerId" : "TERMS_AND_CONDITIONS", - "enabled" : true, - "defaultAction" : true, - "priority" : 20, - "config" : { } - }, { - "alias" : "UPDATE_PASSWORD", - "name" : "Update Password", - "providerId" : "UPDATE_PASSWORD", - "enabled" : true, - "defaultAction" : false, - "priority" : 30, - "config" : { } - }, { - "alias" : "UPDATE_PROFILE", - "name" : "Update Profile", - "providerId" : "UPDATE_PROFILE", - "enabled" : true, - "defaultAction" : false, - "priority" : 40, - "config" : { } - }, { - "alias" : "VERIFY_EMAIL", - "name" : "Verify Email", - "providerId" : "VERIFY_EMAIL", - "enabled" : true, - "defaultAction" : false, - "priority" : 50, - "config" : { } - }, { - "alias" : "delete_account", - "name" : "Delete Account", - "providerId" : "delete_account", - "enabled" : true, - "defaultAction" : false, - "priority" : 60, - "config" : { } - }, { - "alias" : "webauthn-register", - "name" : "Webauthn Register", - "providerId" : "webauthn-register", - "enabled" : true, - "defaultAction" : false, - "priority" : 70, - "config" : { } - }, { - "alias" : "webauthn-register-passwordless", - "name" : "Webauthn Register Passwordless", - "providerId" : "webauthn-register-passwordless", - "enabled" : true, - "defaultAction" : false, - "priority" : 80, - "config" : { } - }, { - "alias" : "VERIFY_PROFILE", - "name" : "Verify Profile", - "providerId" : "VERIFY_PROFILE", - "enabled" : true, - "defaultAction" : false, - "priority" : 90, - "config" : { } - }, { - "alias" : "delete_credential", - "name" : "Delete Credential", - "providerId" : "delete_credential", - "enabled" : true, - "defaultAction" : false, - "priority" : 100, - "config" : { } - }, { - "alias" : "update_user_locale", - "name" : "Update User Locale", - "providerId" : "update_user_locale", - "enabled" : true, - "defaultAction" : false, - "priority" : 1000, - "config" : { } - } ], - "browserFlow" : "browser", - "registrationFlow" : "registration", - "directGrantFlow" : "direct grant", - "resetCredentialsFlow" : "reset credentials", - "clientAuthenticationFlow" : "clients", - "dockerAuthenticationFlow" : "docker auth", - "firstBrokerLoginFlow" : "first broker login", - "attributes" : { - "cibaBackchannelTokenDeliveryMode" : "poll", - "cibaAuthRequestedUserHint" : "login_hint", - "clientOfflineSessionMaxLifespan" : "0", - "oauth2DevicePollingInterval" : "5", - "clientSessionIdleTimeout" : "0", - "clientOfflineSessionIdleTimeout" : "0", - "cibaInterval" : "5", - "realmReusableOtpCode" : "false", - "cibaExpiresIn" : "120", - "oauth2DeviceCodeLifespan" : "600", - "parRequestUriLifespan" : "60", - "clientSessionMaxLifespan" : "0", - "organizationsEnabled" : "false" - }, - "keycloakVersion" : "26.0.7", - "userManagedAccessAllowed" : false, - "organizationsEnabled" : false, - "clientProfiles" : { - "profiles" : [ ] - }, - "clientPolicies" : { - "policies" : [ ] - } -} \ No newline at end of file diff --git a/src/bin/start-keycloak/realmConfig/ParsedRealmJson.ts b/src/bin/start-keycloak/realmConfig/ParsedRealmJson.ts new file mode 100644 index 00000000..ebb6354e --- /dev/null +++ b/src/bin/start-keycloak/realmConfig/ParsedRealmJson.ts @@ -0,0 +1,123 @@ +import { z } from "zod"; +import { assert, type Equals } from "tsafe/assert"; +import { is } from "tsafe/is"; +import { id } from "tsafe/id"; +import * as fs from "fs"; +import { join as pathJoin } from "path"; +import { getThisCodebaseRootDirPath } from "../../tools/getThisCodebaseRootDirPath"; + +export type ParsedRealmJson = { + name: string; + users: { + id: string; + email: string; + username: string; + attributes: Record; + credentials: { + type: string /* "password" or something else */; + }[]; + clientRoles: Record; + }[]; + roles: { + client: { + name: string; + containerId: string; // client id + }[]; + }; + clients: { + id: string; + clientId: string; // example: realm-management + baseUrl?: string; + redirectUris?: string[]; + webOrigins?: string[]; + attributes?: { + "post.logout.redirect.uris"?: string; + }; + protocol?: string; + protocolMappers?: unknown[]; + }[]; +}; + +export function readRealmJsonFile(params: { + realmJsonFilePath: string; +}): ParsedRealmJson { + const { realmJsonFilePath } = params; + + const parsedRealmJson = JSON.parse( + fs.readFileSync(realmJsonFilePath).toString("utf8") + ) as unknown; + + const zParsedRealmJson = (() => { + type TargetType = ParsedRealmJson; + + const zTargetType = z.object({ + name: z.string(), + users: z.array( + z.object({ + id: z.string(), + email: z.string(), + username: z.string(), + attributes: z.record(z.unknown()), + credentials: z.array( + z.object({ + type: z.string() + }) + ), + clientRoles: z.record(z.array(z.string())) + }) + ), + roles: z.object({ + client: z.array( + z.object({ + name: z.string(), + containerId: z.string() + }) + ) + }), + clients: z.array( + z.object({ + id: z.string(), + clientId: z.string(), + baseUrl: z.string().optional(), + redirectUris: z.array(z.string()).optional(), + webOrigins: z.array(z.string()).optional(), + attributes: z + .object({ + "post.logout.redirect.uris": z.string().optional() + }) + .optional(), + protocol: z.string().optional(), + protocolMappers: z.array(z.unknown()).optional() + }) + ) + }); + + type InferredType = z.infer; + + assert>; + + return id>(zTargetType); + })(); + + zParsedRealmJson.parse(parsedRealmJson); + + assert(is(parsedRealmJson)); + + return parsedRealmJson; +} + +export function getDefaultConfig(params: { + keycloakMajorVersionNumber: number; +}): ParsedRealmJson { + const { keycloakMajorVersionNumber } = params; + + const realmJsonFilePath = pathJoin( + getThisCodebaseRootDirPath(), + "src", + "bin", + "start-keycloak", + `myrealm-realm-${keycloakMajorVersionNumber}.json` + ); + + return readRealmJsonFile({ realmJsonFilePath }); +} diff --git a/src/bin/start-keycloak/dumpRealmConfig.ts b/src/bin/start-keycloak/realmConfig/dumpContainerConfig.ts similarity index 94% rename from src/bin/start-keycloak/dumpRealmConfig.ts rename to src/bin/start-keycloak/realmConfig/dumpContainerConfig.ts index 4c464915..b32d7879 100644 --- a/src/bin/start-keycloak/dumpRealmConfig.ts +++ b/src/bin/start-keycloak/realmConfig/dumpContainerConfig.ts @@ -1,11 +1,11 @@ -import { runPrettier, getIsPrettierAvailable } from "../tools/runPrettier"; -import { CONTAINER_NAME } from "../shared/constants"; +import { runPrettier, getIsPrettierAvailable } from "../../tools/runPrettier"; +import { CONTAINER_NAME } from "../../shared/constants"; import child_process from "child_process"; import { join as pathJoin } from "path"; import chalk from "chalk"; import { Deferred } from "evt/tools/Deferred"; import { assert, is } from "tsafe/assert"; -import type { BuildContext } from "../shared/buildContext"; +import type { BuildContext } from "../../shared/buildContext"; import * as fs from "fs/promises"; export type BuildContextLike = { @@ -14,7 +14,7 @@ export type BuildContextLike = { assert(); -export async function dumpRealmConfig(params: { +export async function dumpContainerConfig(params: { realmName: string; keycloakMajorVersionNumber: number; targetRealmConfigJsonFilePath: string; diff --git a/src/bin/start-keycloak/makeRealmConfigTestable.ts b/src/bin/start-keycloak/realmConfig/prepareRealmConfig.ts similarity index 99% rename from src/bin/start-keycloak/makeRealmConfigTestable.ts rename to src/bin/start-keycloak/realmConfig/prepareRealmConfig.ts index c43572f3..37bda1ad 100644 --- a/src/bin/start-keycloak/makeRealmConfigTestable.ts +++ b/src/bin/start-keycloak/realmConfig/prepareRealmConfig.ts @@ -1,6 +1,35 @@ import { assert } from "tsafe/assert"; import { getDefaultConfig, type ParsedRealmJson } from "./ParsedRealmJson"; +export function prepareRealmConfig(params: { + parsedRealmJson: ParsedRealmJson; + keycloakMajorVersionNumber: number; +}): { + realmName: string; + clientName: string; + username: string; +} { + const { parsedRealmJson, keycloakMajorVersionNumber } = params; + + const { username } = addOrEditTestUser({ + parsedRealmJson, + keycloakMajorVersionNumber + }); + + const { clientId } = addOrEditClient({ + parsedRealmJson, + keycloakMajorVersionNumber + }); + + editAccountConsoleAndSecurityAdminConsole({ parsedRealmJson }); + + return { + realmName: parsedRealmJson.name, + clientName: clientId, + username + }; +} + function addOrEditTestUser(params: { parsedRealmJson: ParsedRealmJson; keycloakMajorVersionNumber: number; @@ -240,32 +269,3 @@ function editAccountConsoleAndSecurityAdminConsole(params: { } } } - -export function makeRealmConfigTestable(params: { - parsedRealmJson: ParsedRealmJson; - keycloakMajorVersionNumber: number; -}): { - realmName: string; - clientName: string; - username: string; -} { - const { parsedRealmJson, keycloakMajorVersionNumber } = params; - - const { username } = addOrEditTestUser({ - parsedRealmJson, - keycloakMajorVersionNumber - }); - - const { clientId } = addOrEditClient({ - parsedRealmJson, - keycloakMajorVersionNumber - }); - - editAccountConsoleAndSecurityAdminConsole({ parsedRealmJson }); - - return { - realmName: parsedRealmJson.name, - clientName: clientId, - username - }; -} diff --git a/src/bin/start-keycloak/myrealm-realm-18.json b/src/bin/start-keycloak/realmConfig/realm-kc-18.json similarity index 100% rename from src/bin/start-keycloak/myrealm-realm-18.json rename to src/bin/start-keycloak/realmConfig/realm-kc-18.json diff --git a/src/bin/start-keycloak/myrealm-realm-19.json b/src/bin/start-keycloak/realmConfig/realm-kc-19.json similarity index 100% rename from src/bin/start-keycloak/myrealm-realm-19.json rename to src/bin/start-keycloak/realmConfig/realm-kc-19.json diff --git a/src/bin/start-keycloak/myrealm-realm-20.json b/src/bin/start-keycloak/realmConfig/realm-kc-20.json similarity index 100% rename from src/bin/start-keycloak/myrealm-realm-20.json rename to src/bin/start-keycloak/realmConfig/realm-kc-20.json diff --git a/src/bin/start-keycloak/myrealm-realm-21.json b/src/bin/start-keycloak/realmConfig/realm-kc-21.json similarity index 100% rename from src/bin/start-keycloak/myrealm-realm-21.json rename to src/bin/start-keycloak/realmConfig/realm-kc-21.json diff --git a/src/bin/start-keycloak/myrealm-realm-23.json b/src/bin/start-keycloak/realmConfig/realm-kc-23.json similarity index 100% rename from src/bin/start-keycloak/myrealm-realm-23.json rename to src/bin/start-keycloak/realmConfig/realm-kc-23.json diff --git a/src/bin/start-keycloak/myrealm-realm-24.json b/src/bin/start-keycloak/realmConfig/realm-kc-24.json similarity index 100% rename from src/bin/start-keycloak/myrealm-realm-24.json rename to src/bin/start-keycloak/realmConfig/realm-kc-24.json diff --git a/src/bin/start-keycloak/myrealm-realm-25.json b/src/bin/start-keycloak/realmConfig/realm-kc-25.json similarity index 100% rename from src/bin/start-keycloak/myrealm-realm-25.json rename to src/bin/start-keycloak/realmConfig/realm-kc-25.json diff --git a/src/bin/start-keycloak/realmConfig/realm-kc-26.json b/src/bin/start-keycloak/realmConfig/realm-kc-26.json new file mode 100644 index 00000000..471affd3 --- /dev/null +++ b/src/bin/start-keycloak/realmConfig/realm-kc-26.json @@ -0,0 +1,2548 @@ +{ + "id": "5d0dd960-0478-4ca6-b64a-810a3f6f4071", + "realm": "myrealm", + "notBefore": 0, + "defaultSignatureAlgorithm": "RS256", + "revokeRefreshToken": false, + "refreshTokenMaxReuse": 0, + "accessTokenLifespan": 300, + "accessTokenLifespanForImplicitFlow": 900, + "ssoSessionIdleTimeout": 1800, + "ssoSessionMaxLifespan": 36000, + "ssoSessionIdleTimeoutRememberMe": 0, + "ssoSessionMaxLifespanRememberMe": 0, + "offlineSessionIdleTimeout": 2592000, + "offlineSessionMaxLifespanEnabled": false, + "offlineSessionMaxLifespan": 5184000, + "clientSessionIdleTimeout": 0, + "clientSessionMaxLifespan": 0, + "clientOfflineSessionIdleTimeout": 0, + "clientOfflineSessionMaxLifespan": 0, + "accessCodeLifespan": 60, + "accessCodeLifespanUserAction": 300, + "accessCodeLifespanLogin": 1800, + "actionTokenGeneratedByAdminLifespan": 43200, + "actionTokenGeneratedByUserLifespan": 300, + "oauth2DeviceCodeLifespan": 600, + "oauth2DevicePollingInterval": 5, + "enabled": true, + "sslRequired": "external", + "registrationAllowed": true, + "registrationEmailAsUsername": false, + "rememberMe": true, + "verifyEmail": false, + "loginWithEmailAllowed": true, + "duplicateEmailsAllowed": false, + "resetPasswordAllowed": true, + "editUsernameAllowed": false, + "bruteForceProtected": false, + "permanentLockout": false, + "maxTemporaryLockouts": 0, + "bruteForceStrategy": "MULTIPLE", + "maxFailureWaitSeconds": 900, + "minimumQuickLoginWaitSeconds": 60, + "waitIncrementSeconds": 60, + "quickLoginCheckMilliSeconds": 1000, + "maxDeltaTimeSeconds": 43200, + "failureFactor": 30, + "roles": { + "realm": [ + { + "id": "cc4b5045-3bff-4aa7-889e-1492630c3002", + "name": "uma_authorization", + "description": "${role_uma_authorization}", + "composite": false, + "clientRole": false, + "containerId": "5d0dd960-0478-4ca6-b64a-810a3f6f4071", + "attributes": {} + }, + { + "id": "e92017b2-18a0-49cd-956c-fad64f16b26b", + "name": "default-roles-myrealm", + "description": "${role_default-roles}", + "composite": true, + "composites": { + "realm": ["offline_access", "uma_authorization"], + "client": { + "account": ["delete-account", "manage-account", "view-profile"] + } + }, + "clientRole": false, + "containerId": "5d0dd960-0478-4ca6-b64a-810a3f6f4071", + "attributes": {} + }, + { + "id": "e8616113-e302-4abe-bd5c-d51f8221046b", + "name": "offline_access", + "description": "${role_offline-access}", + "composite": false, + "clientRole": false, + "containerId": "5d0dd960-0478-4ca6-b64a-810a3f6f4071", + "attributes": {} + } + ], + "client": { + "myclient": [], + "realm-management": [ + { + "id": "b27b272d-d153-4ae7-9fe7-fd96582f057d", + "name": "manage-events", + "description": "${role_manage-events}", + "composite": false, + "clientRole": true, + "containerId": "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", + "attributes": {} + }, + { + "id": "40fdfec8-f1b9-4c2b-81c5-a775bc047840", + "name": "manage-users", + "description": "${role_manage-users}", + "composite": false, + "clientRole": true, + "containerId": "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", + "attributes": {} + }, + { + "id": "5f446f9a-d008-4067-8325-f4658a32d964", + "name": "view-authorization", + "description": "${role_view-authorization}", + "composite": false, + "clientRole": true, + "containerId": "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", + "attributes": {} + }, + { + "id": "82bf956d-1fd1-4d20-a5a9-62b3e77e9d88", + "name": "create-client", + "description": "${role_create-client}", + "composite": false, + "clientRole": true, + "containerId": "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", + "attributes": {} + }, + { + "id": "b41e1ce8-d63f-4cf4-9966-e6c9eab5da11", + "name": "manage-clients", + "description": "${role_manage-clients}", + "composite": false, + "clientRole": true, + "containerId": "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", + "attributes": {} + }, + { + "id": "3198743d-fdfa-4a9c-a229-5fb979847ec2", + "name": "view-users", + "description": "${role_view-users}", + "composite": true, + "composites": { + "client": { + "realm-management": ["query-users", "query-groups"] + } + }, + "clientRole": true, + "containerId": "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", + "attributes": {} + }, + { + "id": "e83c21cb-c84c-4824-9f7d-ce3574921800", + "name": "query-users", + "description": "${role_query-users}", + "composite": false, + "clientRole": true, + "containerId": "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", + "attributes": {} + }, + { + "id": "3f6e2e81-e40d-40ff-a5f3-12ba2614fba5", + "name": "query-groups", + "description": "${role_query-groups}", + "composite": false, + "clientRole": true, + "containerId": "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", + "attributes": {} + }, + { + "id": "63111288-7f3d-4570-838f-48405d70e212", + "name": "view-realm", + "description": "${role_view-realm}", + "composite": false, + "clientRole": true, + "containerId": "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", + "attributes": {} + }, + { + "id": "a7f8f8ad-057b-485e-abfa-8a98e5e0c4ea", + "name": "manage-realm", + "description": "${role_manage-realm}", + "composite": false, + "clientRole": true, + "containerId": "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", + "attributes": {} + }, + { + "id": "7783b160-2f1a-48c9-89fb-623a29f26c9a", + "name": "query-realms", + "description": "${role_query-realms}", + "composite": false, + "clientRole": true, + "containerId": "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", + "attributes": {} + }, + { + "id": "b8b5341f-f44f-40a2-9ba4-e2d621b11b2f", + "name": "impersonation", + "description": "${role_impersonation}", + "composite": false, + "clientRole": true, + "containerId": "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", + "attributes": {} + }, + { + "id": "6b9d72e9-949f-4897-b11a-c8aa9252f3f2", + "name": "query-clients", + "description": "${role_query-clients}", + "composite": false, + "clientRole": true, + "containerId": "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", + "attributes": {} + }, + { + "id": "bfa94ba9-1d70-4259-b928-906e8bb815b2", + "name": "view-events", + "description": "${role_view-events}", + "composite": false, + "clientRole": true, + "containerId": "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", + "attributes": {} + }, + { + "id": "96bb9322-5c1f-48f0-aa05-65521c77e742", + "name": "realm-admin", + "description": "${role_realm-admin}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "manage-users", + "view-authorization", + "manage-events", + "create-client", + "view-users", + "manage-clients", + "query-users", + "query-groups", + "view-realm", + "manage-realm", + "query-realms", + "query-clients", + "impersonation", + "view-events", + "manage-authorization", + "manage-identity-providers", + "view-identity-providers", + "view-clients" + ] + } + }, + "clientRole": true, + "containerId": "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", + "attributes": {} + }, + { + "id": "6e0ca5ce-f5db-4580-90e5-27c35804fc34", + "name": "manage-authorization", + "description": "${role_manage-authorization}", + "composite": false, + "clientRole": true, + "containerId": "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", + "attributes": {} + }, + { + "id": "7499eb46-cf4a-4813-9bf9-42b1bbcadc0d", + "name": "manage-identity-providers", + "description": "${role_manage-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", + "attributes": {} + }, + { + "id": "fcc99ef9-347d-4c21-b25c-8229e906a1a3", + "name": "view-clients", + "description": "${role_view-clients}", + "composite": true, + "composites": { + "client": { + "realm-management": ["query-clients"] + } + }, + "clientRole": true, + "containerId": "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", + "attributes": {} + }, + { + "id": "7b024069-57d8-4368-9942-8790507c156d", + "name": "view-identity-providers", + "description": "${role_view-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", + "attributes": {} + } + ], + "security-admin-console": [], + "admin-cli": [], + "account-console": [], + "broker": [ + { + "id": "3050eb8a-9a47-4a27-aece-be2e60fc7f73", + "name": "read-token", + "description": "${role_read-token}", + "composite": false, + "clientRole": true, + "containerId": "f5e032da-c8ab-48c2-959c-8466ad1e6a09", + "attributes": {} + } + ], + "account": [ + { + "id": "d554d15b-d098-47a0-bdd5-d656b20f5643", + "name": "delete-account", + "description": "${role_delete-account}", + "composite": false, + "clientRole": true, + "containerId": "7221ef76-9d96-49ad-88a6-9f72eeeb0aa7", + "attributes": {} + }, + { + "id": "aaf4946d-2cd4-43ba-ad7d-86be56b9ad2c", + "name": "view-applications", + "description": "${role_view-applications}", + "composite": false, + "clientRole": true, + "containerId": "7221ef76-9d96-49ad-88a6-9f72eeeb0aa7", + "attributes": {} + }, + { + "id": "b417b187-18b7-41fa-9537-3313cf9b8ed4", + "name": "manage-account", + "description": "${role_manage-account}", + "composite": true, + "composites": { + "client": { + "account": ["manage-account-links"] + } + }, + "clientRole": true, + "containerId": "7221ef76-9d96-49ad-88a6-9f72eeeb0aa7", + "attributes": {} + }, + { + "id": "8bb5480d-83a3-4ea2-8e91-237b8870acec", + "name": "view-consent", + "description": "${role_view-consent}", + "composite": false, + "clientRole": true, + "containerId": "7221ef76-9d96-49ad-88a6-9f72eeeb0aa7", + "attributes": {} + }, + { + "id": "e341c1b8-eaf7-467d-9986-d3f2356a60b9", + "name": "view-profile", + "description": "${role_view-profile}", + "composite": false, + "clientRole": true, + "containerId": "7221ef76-9d96-49ad-88a6-9f72eeeb0aa7", + "attributes": {} + }, + { + "id": "98ccac20-3906-436f-8dc3-ae8d8ae25cbc", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "7221ef76-9d96-49ad-88a6-9f72eeeb0aa7", + "attributes": {} + }, + { + "id": "adfba539-826f-4fa7-86f5-8c1287152ed6", + "name": "manage-account-links", + "description": "${role_manage-account-links}", + "composite": false, + "clientRole": true, + "containerId": "7221ef76-9d96-49ad-88a6-9f72eeeb0aa7", + "attributes": {} + }, + { + "id": "2516ab58-490c-444c-9e7d-0dd8b87a69f0", + "name": "manage-consent", + "description": "${role_manage-consent}", + "composite": true, + "composites": { + "client": { + "account": ["view-consent"] + } + }, + "clientRole": true, + "containerId": "7221ef76-9d96-49ad-88a6-9f72eeeb0aa7", + "attributes": {} + } + ] + } + }, + "groups": [], + "defaultRole": { + "id": "e92017b2-18a0-49cd-956c-fad64f16b26b", + "name": "default-roles-myrealm", + "description": "${role_default-roles}", + "composite": true, + "clientRole": false, + "containerId": "5d0dd960-0478-4ca6-b64a-810a3f6f4071" + }, + "requiredCredentials": ["password"], + "otpPolicyType": "totp", + "otpPolicyAlgorithm": "HmacSHA1", + "otpPolicyInitialCounter": 0, + "otpPolicyDigits": 6, + "otpPolicyLookAheadWindow": 1, + "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, + "otpSupportedApplications": [ + "totpAppFreeOTPName", + "totpAppGoogleName", + "totpAppMicrosoftAuthenticatorName" + ], + "localizationTexts": { + "de": { + "profile.attributes.favourite_pet": "" + }, + "no": { + "profile.attributes.favourite_pet": "" + }, + "fi": { + "profile.attributes.favourite_pet": "" + }, + "ru": { + "profile.attributes.favourite_pet": "" + }, + "pt": { + "profile.attributes.favourite_pet": "" + }, + "lt": { + "profile.attributes.favourite_pet": "" + }, + "lv": { + "profile.attributes.favourite_pet": "" + }, + "fr": { + "profile.attributes.favourite_pet": "Animal de compagnie préféré", + "profile.attributes.favourite_pet.cat": "Chat", + "profile.attributes.favourite_pet.dog": "Chien", + "profile.attributes.favourite_pet.bird": "Oiseau" + }, + "hu": { + "profile.attributes.favourite_pet": "" + }, + "zh-CN": { + "profile.attributes.favourite_pet": "" + }, + "uk": { + "profile.attributes.favourite_pet": "" + }, + "sk": { + "profile.attributes.favourite_pet": "" + }, + "ca": { + "profile.attributes.favourite_pet": "" + }, + "sv": { + "profile.attributes.favourite_pet": "" + }, + "zh-TW": { + "profile.attributes.favourite_pet": "" + }, + "pt-BR": { + "profile.attributes.favourite_pet": "" + }, + "en": { + "profile.attributes.favourite_pet": "Favourite Pet", + "profile.attributes.favourite_pet.cat": "Cat", + "profile.attributes.favourite_pet.dog": "Dog", + "profile.attributes.favourite_pet.bird": "Bird" + }, + "it": { + "profile.attributes.favourite_pet": "" + }, + "es": { + "profile.attributes.favourite_pet": "Mascota favorita", + "profile.attributes.favourite_pet.cat": "Gato", + "profile.attributes.favourite_pet.dog": "Perro", + "profile.attributes.favourite_pet.bird": "Pájaro" + }, + "cs": { + "profile.attributes.favourite_pet": "" + }, + "ar": { + "profile.attributes.favourite_pet": "" + }, + "th": { + "profile.attributes.favourite_pet": "" + }, + "ja": { + "profile.attributes.favourite_pet": "" + }, + "fa": { + "profile.attributes.favourite_pet": "" + }, + "pl": { + "profile.attributes.favourite_pet": "" + }, + "da": { + "profile.attributes.favourite_pet": "" + }, + "nl": { + "profile.attributes.favourite_pet": "" + }, + "tr": { + "profile.attributes.favourite_pet": "" + } + }, + "webAuthnPolicyRpEntityName": "keycloak", + "webAuthnPolicySignatureAlgorithms": ["ES256"], + "webAuthnPolicyRpId": "", + "webAuthnPolicyAttestationConveyancePreference": "not specified", + "webAuthnPolicyAuthenticatorAttachment": "not specified", + "webAuthnPolicyRequireResidentKey": "not specified", + "webAuthnPolicyUserVerificationRequirement": "not specified", + "webAuthnPolicyCreateTimeout": 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyAcceptableAaguids": [], + "webAuthnPolicyExtraOrigins": [], + "webAuthnPolicyPasswordlessRpEntityName": "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms": ["ES256"], + "webAuthnPolicyPasswordlessRpId": "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", + "webAuthnPolicyPasswordlessCreateTimeout": 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyPasswordlessAcceptableAaguids": [], + "webAuthnPolicyPasswordlessExtraOrigins": [], + "users": [ + { + "id": "d93e1772-4916-4243-850f-a6d9b2615716", + "username": "testuser", + "firstName": "Test", + "lastName": "User", + "email": "testuser@gmail.com", + "emailVerified": true, + "attributes": { + "additional_emails": ["test.user@protonmail.com", "testuser@hotmail.com"], + "gender": ["prefer_not_to_say"], + "favorite_pet": ["cats"], + "favourite_pet": ["cat"], + "bio": ["Hello I'm Test User and I do not exist."], + "phone_number": ["1111111111"], + "locale": ["en"], + "favorite_media": ["movies", "series"] + }, + "createdTimestamp": 1716183898408, + "enabled": true, + "totp": false, + "credentials": [ + { + "id": "576982e2-6fb3-4752-8724-5ff390ea8301", + "type": "password", + "userLabel": "My password", + "createdDate": 1716183916529, + "secretData": "{\"value\":\"9hwJ989FAr0UgT0MfffNYSI6Zf/3qT/y17DTUcwbiEM=\",\"salt\":\"C3ZnHzgPd+0Lemw4olCOgA==\",\"additionalParameters\":{}}", + "credentialData": "{\"hashIterations\":5,\"algorithm\":\"argon2\",\"additionalParameters\":{\"hashLength\":[\"32\"],\"memory\":[\"7168\"],\"type\":[\"id\"],\"version\":[\"1.3\"],\"parallelism\":[\"1\"]}}" + } + ], + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": ["default-roles-myrealm"], + "clientRoles": { + "realm-management": [ + "manage-users", + "create-client", + "view-users", + "view-realm", + "query-realms", + "impersonation", + "view-events", + "realm-admin", + "manage-authorization", + "manage-events", + "view-authorization", + "manage-clients", + "query-users", + "query-groups", + "manage-realm", + "query-clients", + "manage-identity-providers", + "view-identity-providers", + "view-clients" + ], + "broker": ["read-token"], + "account": [ + "delete-account", + "view-applications", + "manage-account", + "view-consent", + "view-groups", + "view-profile", + "manage-account-links", + "manage-consent" + ] + }, + "notBefore": 0, + "groups": [] + } + ], + "scopeMappings": [ + { + "clientScope": "offline_access", + "roles": ["offline_access"] + } + ], + "clientScopeMappings": { + "account": [ + { + "client": "account-console", + "roles": ["manage-account", "view-groups"] + } + ] + }, + "clients": [ + { + "id": "7221ef76-9d96-49ad-88a6-9f72eeeb0aa7", + "clientId": "account", + "name": "${client_account}", + "rootUrl": "${authBaseUrl}", + "baseUrl": "/realms/myrealm/account/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": ["/realms/myrealm/account/*"], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "realm_client": "false", + "post.logout.redirect.uris": "+" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "basic", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "d8f14dc4-5f0f-4a1d-8c0b-cfe78ee55cb3", + "clientId": "account-console", + "name": "${client_account-console}", + "description": "", + "rootUrl": "${authBaseUrl}", + "adminUrl": "", + "baseUrl": "/realms/myrealm/account/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": ["*"], + "webOrigins": ["*"], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "realm_client": "false", + "oidc.ciba.grant.enabled": "false", + "backchannel.logout.session.required": "true", + "post.logout.redirect.uris": "*", + "oauth2.device.authorization.grant.enabled": "false", + "display.on.consent.screen": "false", + "pkce.code.challenge.method": "S256", + "backchannel.logout.revoke.offline.tokens": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "08d7bc08-2ff3-44ea-9d65-fa1c4ca35646", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": {} + } + ], + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "basic", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "953c597f-faef-4abc-88dc-4fbc9501170c", + "clientId": "admin-cli", + "name": "${client_admin-cli}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "realm_client": "false", + "client.use.lightweight.access.token.enabled": "true", + "post.logout.redirect.uris": "+" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "basic", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "f5e032da-c8ab-48c2-959c-8466ad1e6a09", + "clientId": "broker", + "name": "${client_broker}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "realm_client": "true", + "post.logout.redirect.uris": "+" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "basic", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "8fba88fa-61e9-45a4-893d-ab102973ebf6", + "clientId": "myclient", + "name": "", + "description": "", + "rootUrl": "https://my-theme.keycloakify.dev", + "adminUrl": "https://my-theme.keycloakify.dev", + "baseUrl": "https://my-theme.keycloakify.dev", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "https://my-theme.keycloakify.dev/*", + "http://localhost*", + "http://127.0.0.1*" + ], + "webOrigins": ["*"], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": true, + "protocol": "openid-connect", + "attributes": { + "realm_client": "false", + "oidc.ciba.grant.enabled": "false", + "backchannel.logout.session.required": "true", + "login_theme": "keycloakify-starter", + "post.logout.redirect.uris": "https://my-theme.keycloakify.dev/*##http://localhost*##http://127.0.0.1*", + "oauth2.device.authorization.grant.enabled": "false", + "display.on.consent.screen": "false", + "backchannel.logout.revoke.offline.tokens": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "protocolMappers": [ + { + "id": "91a196c1-f93c-48a5-aced-b8d60fb09b62", + "name": "Favourite Pet", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "favourite_pet", + "id.token.claim": "true", + "lightweight.claim": "false", + "access.token.claim": "true", + "claim.name": "favourite_pet", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "basic", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "e05cc68c-5e53-4796-ae3a-a1bfbf5c51bb", + "clientId": "realm-management", + "name": "${client_realm-management}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "realm_client": "true", + "post.logout.redirect.uris": "+" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "basic", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "fce8a109-6f32-4814-9a20-2ff2435d2da6", + "clientId": "security-admin-console", + "name": "${client_security-admin-console}", + "description": "", + "rootUrl": "${authAdminUrl}", + "adminUrl": "", + "baseUrl": "/admin/myrealm/console/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": ["*"], + "webOrigins": ["*"], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "realm_client": "false", + "oidc.ciba.grant.enabled": "false", + "client.use.lightweight.access.token.enabled": "true", + "backchannel.logout.session.required": "true", + "post.logout.redirect.uris": "*", + "oauth2.device.authorization.grant.enabled": "false", + "display.on.consent.screen": "false", + "pkce.code.challenge.method": "S256", + "backchannel.logout.revoke.offline.tokens": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "52192d19-0406-41b7-b995-b099bdbaa448", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "basic", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + } + ], + "clientScopes": [ + { + "id": "6a955b1e-f0e2-49fa-b3c9-bd59ed1fcd4f", + "name": "web-origins", + "description": "OpenID Connect scope for add allowed web origins to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "consent.screen.text": "", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "3a392f70-ed70-424a-b60b-82db32b83df8", + "name": "allowed web origins", + "protocol": "openid-connect", + "protocolMapper": "oidc-allowed-origins-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, + { + "id": "9cda058d-9935-4c8b-844d-c163d10f7c3c", + "name": "address", + "description": "OpenID Connect built-in scope: address", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "consent.screen.text": "${addressScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "a053d8ec-b267-4e5a-a424-3b14bef9cd15", + "name": "address", + "protocol": "openid-connect", + "protocolMapper": "oidc-address-mapper", + "consentRequired": false, + "config": { + "user.attribute.formatted": "formatted", + "user.attribute.country": "country", + "introspection.token.claim": "true", + "user.attribute.postal_code": "postal_code", + "userinfo.token.claim": "true", + "user.attribute.street": "street", + "id.token.claim": "true", + "user.attribute.region": "region", + "access.token.claim": "true", + "user.attribute.locality": "locality" + } + } + ] + }, + { + "id": "6225f4c7-ad5c-42ea-b7d4-5bb4e7c77459", + "name": "phone", + "description": "OpenID Connect built-in scope: phone", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "consent.screen.text": "${phoneScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "5052be82-243f-41b0-a214-4f01935180e5", + "name": "phone number", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "phoneNumber", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number", + "jsonType.label": "String" + } + }, + { + "id": "4d31d278-e6ef-4b8b-97cb-4da9626d0e93", + "name": "phone number verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "phoneNumberVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number_verified", + "jsonType.label": "boolean" + } + } + ] + }, + { + "id": "9357440c-6200-41a1-a447-0ec97895763e", + "name": "basic", + "description": "OpenID Connect scope for add all basic claims to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "bf9cb6c6-71a4-4bf9-8c60-ed58adcc2258", + "name": "auth_time", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "AUTH_TIME", + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "auth_time", + "jsonType.label": "long" + } + }, + { + "id": "679c8292-1abb-4d96-bacc-671303765f9b", + "name": "sub", + "protocol": "openid-connect", + "protocolMapper": "oidc-sub-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, + { + "id": "0ec225e7-253b-4a01-85e1-68daf3df3eba", + "name": "role_list", + "description": "SAML role list", + "protocol": "saml", + "attributes": { + "consent.screen.text": "${samlRoleListScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "a55cf74e-ce68-4ebd-9c24-dc3fd6a9cfa5", + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", + "consentRequired": false, + "config": { + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" + } + } + ] + }, + { + "id": "e2f1dd86-00a2-4374-b888-7211f748c58d", + "name": "offline_access", + "description": "OpenID Connect built-in scope: offline_access", + "protocol": "openid-connect", + "attributes": { + "consent.screen.text": "${offlineAccessScopeConsentText}", + "display.on.consent.screen": "true" + } + }, + { + "id": "e86456b8-0663-448e-ad16-7d520d0c448e", + "name": "profile", + "description": "OpenID Connect built-in scope: profile", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "consent.screen.text": "${profileScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "569c799d-79f2-4b2b-a1ec-3661e3d8d433", + "name": "gender", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "gender", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "gender", + "jsonType.label": "String" + } + }, + { + "id": "2d01eb48-77c3-4c83-a864-755699cb7e7c", + "name": "updated at", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "updatedAt", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "updated_at", + "jsonType.label": "long" + } + }, + { + "id": "a9700270-006f-4a85-8458-f39644659029", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + }, + { + "id": "3a7bca96-0839-4d1e-b37d-6e624f37facb", + "name": "profile", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "profile", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "profile", + "jsonType.label": "String" + } + }, + { + "id": "2a41be1c-872a-4b3e-9051-71ebd5d140c1", + "name": "website", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "website", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "website", + "jsonType.label": "String" + } + }, + { + "id": "9fe5e57d-ee79-4b8b-9ab2-345093a1fdbf", + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "introspection.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + }, + { + "id": "bda9e4e7-4de0-455d-bace-4e94b1dab5ad", + "name": "nickname", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "nickname", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "nickname", + "jsonType.label": "String" + } + }, + { + "id": "312a0b4d-46b8-42e0-b162-e5869b317b36", + "name": "zoneinfo", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "zoneinfo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "zoneinfo", + "jsonType.label": "String" + } + }, + { + "id": "4f8ac9bc-e32d-4ebb-bb85-b9a94a459aa1", + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" + } + }, + { + "id": "bebdf0c7-6f0f-4b08-a327-50af837c82b9", + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String" + } + }, + { + "id": "d96d9686-f4e0-479a-9855-cfc526a35294", + "name": "middle name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "middleName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "middle_name", + "jsonType.label": "String" + } + }, + { + "id": "66ad8239-e1df-4f9d-9cb7-d35f23f95f37", + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" + } + }, + { + "id": "ece8245b-16ae-4322-bc78-f8d5f671640a", + "name": "picture", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "picture", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "picture", + "jsonType.label": "String" + } + }, + { + "id": "384cf049-0fed-47e2-8b11-06cf6c03465d", + "name": "birthdate", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "birthdate", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "birthdate", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "49e85de9-edd1-4a9e-a2b0-e9c663d4dd9a", + "name": "email", + "description": "OpenID Connect built-in scope: email", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "consent.screen.text": "${emailScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "d458e6fc-b414-4b45-b9e1-99342d7d2bba", + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + }, + { + "id": "2b73ce63-0443-46dc-b35c-1148edb976ab", + "name": "email verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "emailVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email_verified", + "jsonType.label": "boolean" + } + } + ] + }, + { + "id": "71303f6d-348a-4892-9d6f-dc9a2d2e4b14", + "name": "microprofile-jwt", + "description": "Microprofile - JWT built-in scope", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "498cbff6-a650-4a09-8192-5defaa50f33b", + "name": "upn", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "upn", + "jsonType.label": "String" + } + }, + { + "id": "eb8585bc-ca30-410e-9f92-0d63665f5ed6", + "name": "groups", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "multivalued": "true", + "userinfo.token.claim": "true", + "user.attribute": "foo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "groups", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "62b8c264-2c10-48c6-803f-b7606a89e0d9", + "name": "roles", + "description": "OpenID Connect scope for add user roles to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "consent.screen.text": "${rolesScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "0c18ca55-df63-4071-81f9-43f5d077c015", + "name": "realm roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "user.attribute": "foo", + "introspection.token.claim": "true", + "access.token.claim": "true", + "claim.name": "realm_access.roles", + "jsonType.label": "String", + "multivalued": "true" + } + }, + { + "id": "6de6510d-d7f3-4289-a10f-4c21289313a4", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "access.token.claim": "true" + } + }, + { + "id": "a5851eb2-bfc5-4a0a-8a49-92f4fc8c5041", + "name": "client roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-client-role-mapper", + "consentRequired": false, + "config": { + "user.attribute": "foo", + "introspection.token.claim": "true", + "access.token.claim": "true", + "claim.name": "resource_access.${client_id}.roles", + "jsonType.label": "String", + "multivalued": "true" + } + } + ] + }, + { + "id": "bfc69775-83af-4816-82fd-d1c42687fb5e", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "8e2027d5-32dd-4a87-a7ec-00e5316c5617", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "introspection.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + } + ] + } + ], + "defaultDefaultClientScopes": [ + "role_list", + "profile", + "email", + "roles", + "web-origins", + "acr", + "basic" + ], + "defaultOptionalClientScopes": [ + "offline_access", + "address", + "phone", + "microprofile-jwt" + ], + "browserSecurityHeaders": { + "contentSecurityPolicyReportOnly": "", + "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", + "xRobotsTag": "none", + "xFrameOptions": "SAMEORIGIN", + "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "xXSSProtection": "1; mode=block", + "strictTransportSecurity": "max-age=31536000; includeSubDomains" + }, + "smtpServer": {}, + "loginTheme": "keycloakify-starter", + "accountTheme": "keycloakify-starter", + "adminTheme": "", + "emailTheme": "", + "eventsEnabled": false, + "eventsListeners": ["keycloakify-logging", "jboss-logging"], + "enabledEventTypes": [ + "SEND_RESET_PASSWORD", + "UPDATE_CONSENT_ERROR", + "GRANT_CONSENT", + "VERIFY_PROFILE_ERROR", + "REMOVE_TOTP", + "REVOKE_GRANT", + "UPDATE_TOTP", + "LOGIN_ERROR", + "CLIENT_LOGIN", + "RESET_PASSWORD_ERROR", + "UPDATE_CREDENTIAL", + "IMPERSONATE_ERROR", + "CODE_TO_TOKEN_ERROR", + "CUSTOM_REQUIRED_ACTION", + "OAUTH2_DEVICE_CODE_TO_TOKEN_ERROR", + "RESTART_AUTHENTICATION", + "IMPERSONATE", + "UPDATE_PROFILE_ERROR", + "LOGIN", + "OAUTH2_DEVICE_VERIFY_USER_CODE", + "UPDATE_PASSWORD_ERROR", + "CLIENT_INITIATED_ACCOUNT_LINKING", + "OAUTH2_EXTENSION_GRANT", + "USER_DISABLED_BY_PERMANENT_LOCKOUT", + "REMOVE_CREDENTIAL_ERROR", + "TOKEN_EXCHANGE", + "AUTHREQID_TO_TOKEN", + "LOGOUT", + "REGISTER", + "DELETE_ACCOUNT_ERROR", + "CLIENT_REGISTER", + "IDENTITY_PROVIDER_LINK_ACCOUNT", + "USER_DISABLED_BY_TEMPORARY_LOCKOUT", + "DELETE_ACCOUNT", + "UPDATE_PASSWORD", + "CLIENT_DELETE", + "FEDERATED_IDENTITY_LINK_ERROR", + "IDENTITY_PROVIDER_FIRST_LOGIN", + "CLIENT_DELETE_ERROR", + "VERIFY_EMAIL", + "CLIENT_LOGIN_ERROR", + "RESTART_AUTHENTICATION_ERROR", + "EXECUTE_ACTIONS", + "REMOVE_FEDERATED_IDENTITY_ERROR", + "TOKEN_EXCHANGE_ERROR", + "PERMISSION_TOKEN", + "FEDERATED_IDENTITY_OVERRIDE_LINK", + "SEND_IDENTITY_PROVIDER_LINK_ERROR", + "UPDATE_CREDENTIAL_ERROR", + "EXECUTE_ACTION_TOKEN_ERROR", + "OAUTH2_EXTENSION_GRANT_ERROR", + "SEND_VERIFY_EMAIL", + "OAUTH2_DEVICE_AUTH", + "EXECUTE_ACTIONS_ERROR", + "REMOVE_FEDERATED_IDENTITY", + "OAUTH2_DEVICE_CODE_TO_TOKEN", + "IDENTITY_PROVIDER_POST_LOGIN", + "IDENTITY_PROVIDER_LINK_ACCOUNT_ERROR", + "FEDERATED_IDENTITY_OVERRIDE_LINK_ERROR", + "OAUTH2_DEVICE_VERIFY_USER_CODE_ERROR", + "UPDATE_EMAIL", + "REGISTER_ERROR", + "REVOKE_GRANT_ERROR", + "EXECUTE_ACTION_TOKEN", + "LOGOUT_ERROR", + "UPDATE_EMAIL_ERROR", + "CLIENT_UPDATE_ERROR", + "AUTHREQID_TO_TOKEN_ERROR", + "INVITE_ORG_ERROR", + "UPDATE_PROFILE", + "CLIENT_REGISTER_ERROR", + "FEDERATED_IDENTITY_LINK", + "INVITE_ORG", + "SEND_IDENTITY_PROVIDER_LINK", + "SEND_VERIFY_EMAIL_ERROR", + "RESET_PASSWORD", + "CLIENT_INITIATED_ACCOUNT_LINKING_ERROR", + "OAUTH2_DEVICE_AUTH_ERROR", + "REMOVE_CREDENTIAL", + "UPDATE_CONSENT", + "REMOVE_TOTP_ERROR", + "VERIFY_EMAIL_ERROR", + "SEND_RESET_PASSWORD_ERROR", + "CLIENT_UPDATE", + "CUSTOM_REQUIRED_ACTION_ERROR", + "IDENTITY_PROVIDER_POST_LOGIN_ERROR", + "UPDATE_TOTP_ERROR", + "CODE_TO_TOKEN", + "VERIFY_PROFILE", + "GRANT_CONSENT_ERROR", + "IDENTITY_PROVIDER_FIRST_LOGIN_ERROR" + ], + "adminEventsEnabled": false, + "adminEventsDetailsEnabled": false, + "identityProviders": [], + "identityProviderMappers": [], + "components": { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ + { + "id": "67526992-f0ce-42ff-a0fb-af267192ff70", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allow-default-scopes": ["true"] + } + }, + { + "id": "64a2f718-da10-45d9-a75a-69c156a7ccd8", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "oidc-full-name-mapper", + "saml-user-property-mapper", + "saml-role-list-mapper", + "oidc-usermodel-attribute-mapper", + "oidc-address-mapper", + "oidc-usermodel-property-mapper", + "saml-user-attribute-mapper", + "oidc-sha256-pairwise-sub-mapper" + ] + } + }, + { + "id": "4d3e104f-6fdf-45eb-b756-5fef6840fbed", + "name": "Consent Required", + "providerId": "consent-required", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "c647e85f-6700-4d66-84f2-4a869e467735", + "name": "Max Clients Limit", + "providerId": "max-clients", + "subType": "anonymous", + "subComponents": {}, + "config": { + "max-clients": ["200"] + } + }, + { + "id": "51f41974-f7e5-4e7d-b486-5bd652a98e93", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "oidc-usermodel-property-mapper", + "oidc-usermodel-attribute-mapper", + "saml-user-property-mapper", + "saml-user-attribute-mapper", + "oidc-sha256-pairwise-sub-mapper", + "oidc-address-mapper", + "saml-role-list-mapper", + "oidc-full-name-mapper" + ] + } + }, + { + "id": "8f7d6ece-e956-4e48-95ab-5ab72b2b7c9a", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allow-default-scopes": ["true"] + } + }, + { + "id": "e60b1167-cdee-4173-be99-3dad6a536b4a", + "name": "Trusted Hosts", + "providerId": "trusted-hosts", + "subType": "anonymous", + "subComponents": {}, + "config": { + "host-sending-registration-request-must-match": ["true"], + "client-uris-must-match": ["true"] + } + }, + { + "id": "5ba8b893-ab01-430b-9092-32646a50a662", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} + } + ], + "org.keycloak.userprofile.UserProfileProvider": [ + { + "id": "237022c6-9443-46b3-902e-210e14c3c9a8", + "providerId": "declarative-user-profile", + "subComponents": {}, + "config": { + "kc.user.profile.config": [ + "{\"attributes\":[{\"name\":\"username\",\"displayName\":\"${username}\",\"validations\":{\"length\":{\"min\":3,\"max\":255},\"username-prohibited-characters\":{},\"up-username-not-idn-homograph\":{}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"email\",\"displayName\":\"${email}\",\"validations\":{\"email\":{},\"length\":{\"max\":255}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"firstName\",\"displayName\":\"${firstName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"lastName\",\"displayName\":\"${lastName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"favourite_pet\",\"displayName\":\"${profile.attributes.favourite_pet}\",\"validations\":{\"options\":{\"options\":[\"cat\",\"dog\",\"bird\"]}},\"annotations\":{\"inputType\":\"select\",\"inputOptionLabelsI18nPrefix\":\"profile.attributes.favourite_pet\"},\"required\":{\"roles\":[\"admin\",\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false}],\"groups\":[{\"name\":\"user-metadata\",\"displayHeader\":\"User metadata\",\"displayDescription\":\"Attributes, which refer to user metadata\"}]}" + ] + } + } + ], + "org.keycloak.keys.KeyProvider": [ + { + "id": "5f3c1765-8810-419f-9c18-4a2db0e874e7", + "name": "rsa-generated", + "providerId": "rsa-generated", + "subComponents": {}, + "config": { + "privateKey": [ + "MIIEoQIBAAKCAQEAxTFMvRiNiQjY9zajvLsah6Vy4pn8U7smsnBcHS9SkLJ1j9O8+90B90tIZk4IqEE4gdJA/mbbeUnou1vWuc0k69diQMFelzdIaDqJaFFeOS+J1DoApjThjGIz7FIgmGi6qoN8xnrPVD/6oMYAuxTvQaJH7mENiIG0198dvaufV1mFPg+krTsh7Womo2CJeZmNuAXv7RDQYxwPYDCFZLbppez48D7+2D+1V6Stk6Xwz8IDQZvljxDF6W2P9rhPWV1C5tcJpC/9RPyGDo+ke8UN3fM6X7YOgpbMztVrg8J0aTqPXZ7dt6QFUqVOufo+5wYL2jCafpYNV8cmaGlY+Q3d5QIDAQABAoH/DIPcaZaJTLG4FeUKGOaT40nesEiINRY99aeIkp+hdGj1EgTEn49TyLENGnhrrdbIvOJDeD6Z6dbpJBDvfFevxa589EnVKaGaaW5U91FDyVYH2YPU411dAeOp0z1xwxXzlJqX3h42ZJnvLAp/2l1Xo64vGCoTJtYlppAvpe2MjANxPNObAc65Phdi/sConAlwMeBylWXJ574uryFrJ64W/sUuIUMSunGGz0db4Y1hfkX9U2YnxB3DdXCBH09jQJyKDSj6feNXR87+1KhqcFMd5DUiGSAOqRBzuBMsDf1QDJd8A/DDlK7e/PA1Yk/Dii4hsf+LCeOdmhlifuyROqJBAoGBAOEm4gLvaBWwnUhmr4sW8xywIhGGbU+MX6vm/KkGtScres7pPhmfy6ARUzCxxyBqIE+nhCRNBpOEPhP7dv8naJhZZ4fRvNzuXpUMT2X3bc5yNzdhaOxBJl95YQbrYUHhjcIw2kdXnIkpdbB/RqmY0F5BUTYECrd0tKWbjuL5RIRNAoGBAOA1wTXrYyVorouxV+mGNb62Py+utHJQKSa5cxF9nbbwWJd+FdreiBOJddjATmH8ovKjueQFVqK7koDveOb+pgRY2bpT88/NW8UF6a2wMiI0p6pxrR+hgzas480YiOCWr6XlsprqsSKBbEu4W97GicleZ6P5Iso/gBr9aHj9EWv5AoGAYhRzHj42RESUr4Zz8A5GR3f+z02U7rNCtfrAk80lOvP44ou+jqEKrib961d2XAt/GdPqf3nCZJ6WAFRp6Qq8yKkhrYvTTxbTwvAC4nNftTASF6DqeQiEc9DHUKFW08Ey5KYtYCitOx8BcqpvGNBF7NldTD+Ef5hqXT4fh4Z4r30CgYEAy2OYGMymTRowNKK06C+Kc62plhy6rnRPUESswLIeLwTKqOqE8t4pvOdWk0CoGjVusAOcLuA03jyfwvz5xTo96fWb1W4w31IgLJOXjqsmX2c6reCfNvFyMVgW8keOa4XmYu0C34uFEpMrZWkhVe7usVBFXjczuxptoI4+hnqzoikCgYBICBVR9Z7n2LvmWH19/Nnns8dsMn5peL7H6Mey76Lo9RMEMp4qhiJTqVZzWgxEyVjr0KFCHmdmwkTOm6A1yYmkqqXDdiJ9v4J4fXe0lRAoUoYPTOWynrCyd6uqq+3zlzTKW8jY9luywHq6msn07D636PvveeZ93DNCcO8Whw36rQ==" + ], + "certificate": [ + "MIICnTCCAYUCBgGTulJBzTANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdteXJlYWxtMB4XDTI0MTIxMjEwMDExM1oXDTM0MTIxMjEwMDI1M1owEjEQMA4GA1UEAwwHbXlyZWFsbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMUxTL0YjYkI2Pc2o7y7GoelcuKZ/FO7JrJwXB0vUpCydY/TvPvdAfdLSGZOCKhBOIHSQP5m23lJ6Ltb1rnNJOvXYkDBXpc3SGg6iWhRXjkvidQ6AKY04YxiM+xSIJhouqqDfMZ6z1Q/+qDGALsU70GiR+5hDYiBtNffHb2rn1dZhT4PpK07Ie1qJqNgiXmZjbgF7+0Q0GMcD2AwhWS26aXs+PA+/tg/tVekrZOl8M/CA0Gb5Y8Qxeltj/a4T1ldQubXCaQv/UT8hg6PpHvFDd3zOl+2DoKWzM7Va4PCdGk6j12e3bekBVKlTrn6PucGC9owmn6WDVfHJmhpWPkN3eUCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEATZXyOluloTj6Q/Mv0JjstfdvPQbzGFzWtULB1ttOJqQVL+IJoF8V79HIvfP9U5OYaOdYk9dDurQcd2hXvEtX+zQlLYGniRfJlFI7d+m6MDXa7/g1r+OmcvaiXX7O3ol7eJdymPKS79+PSWFsHk0JjfgRJ11jajOscYPoQ+IvxXgwuy6v7VHigsLnGnmmo+KWiKO6Cna6eilm6/awYXaoym4ky9S4T5+WaJwd/tH/n5VY77zyXaXfANd1hU/+4Ux/eaGVnoMAM4ud2emd4qCN2tQQ3HusIVl+5V+S8Uq1y54mBpXv6CAODDGDJeFa+cGPJUSLdv/ZT2F8yfDlDc4J6g==" + ], + "priority": ["100"] + } + }, + { + "id": "e586f825-a25a-4833-a38e-4c6484ad17fd", + "name": "rsa-enc-generated", + "providerId": "rsa-enc-generated", + "subComponents": {}, + "config": { + "privateKey": [ + "MIIEogIBAAKCAQEAungL4osLyP8bE6MSKj8ZMJTG8WBh3K2/xB5BJYCYc7P1CIORZI9o/vKQx1QnP+CXkIKnnR2kzIzC0rnTqlIOkaZfhmSn50jG5vNBS9qPT+WU7Ue3qKxuWJFwcaFU5SEJawJHqnDPK+pktkkxkudeMHz6iaKPs+wKcbfrRJ6+3a3FqQQdHEQg4IjVU8pBZmag1c7JHayiM56OT5y6jmE5JvY60959iPrZPXSTMU3hNoiVwdyK6QwdK+/0wrO681VhIP+u2pe92nQ+hsgMSSQJegLx1UsEEyU87syblG+p3zAKSS+kt2nviV/a2cYiiME0LdlQ3lnKsQ4t1Y6yZBiS2QIDAQABAoIBABhozI18TC+kjWPVrfQPzHlakGxahJUBvZ+rojWJjutefE4AAxFZ4JG3KRKexoCLIuwM3monzkHkj0BMiRO7qCKS1+Bc3snc8gSbhUmrs6Tu1b7162nOIKfBainFx7oyx+vVIZKDL+t8xHBERpQHa4IHajiIKi2QUZGvVMHn0e5srkPK0eSMjb5Z5j61aFb8InQzs7tczr99ke4VavOPT1gmRWGnbTavUbw/zIQ9sxAuMiD2v0nrGlOLZrMhaqzsT6PjIWVCSZrWex1pin9gA4XwGZ39E7+zFWgg+2OX0dEvehVDluAQR0K4PBUknuL1LFFW8dpvCrUSTmGGQOSVuB0CgYEA+bQjbjTNiMTEfoxx/WvVDgtLRL/x9RVyeYTPia2TGNBwpEcU64lLMOwUt5X/QuGXayPr0EGAxMA8kwq/E8Wj2t9+SuqkGK9SIwvghi2fOh0KWghuQbKYMogG5hsJAI8+/mBIOJJ8pyh0RX58vaTlYctbThO22aVahhZQ2weaW58CgYEAvyu4vIe44/7F19Hjh2BW+9lHsHA2zwHvC5T1kFaEdBYEwGsLMW6leCsiEMfpc2Uq3k9+buZgVpTE5APs9cSJX1aUXEG5QHQmYDxAAMiTyvpj0o2cKbDi1A5QZCRo23lC+uDyR7g2zLDJuHek0uyCtd83hbgyxIVFUnfvI9EmfocCgYBtpcZxHEqspgrKrw1XBMTXl+oDVG4A+tv7tHAVutx+5vivim8LRox3/RLT0s/2JG2DJJDmL/1FaEyxHOTu37il4cHpT8Oi+0mMDikXgm0K7bmf81fHDY97kPPGk1SOpFg7BzhvbxPBqyfzZCmOdRwsp0l+rXV7ePqZKq9ynpIPbQKBgFO/LZC5zE9k/vrK4egeVjzCNNugbQJGkJf8S49Nt3y7YJ2Cx0aCeE6qZqP/T8/Tk/IL1RF0LuP/DDnvVlFcJen0Hc5EpIkN2Pnzqv4s4EHdavmEO9MvwE6xbppQMPdkqekJvlmY47jMAbKkBzq3jZNrFAGqbeMVlwbHr6V7LGflAoGANFbzOnUMJwUfIdoI9uEG2QOTAcBb7vzt9MurO67wiTexOYadOSlcV1lQX3RKR9mCFJwy4kud0TN0gD++Ggl10eNB6f8JOF95e5+tWrtz88xZ5EalBOMfh+ATdKq8Q9MBSWZvO9bizhW1dhZZds/QmHgEItdwsTKDAq1PEiXhD0c=" + ], + "certificate": [ + "MIICnTCCAYUCBgGTulJDCDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdteXJlYWxtMB4XDTI0MTIxMjEwMDExM1oXDTM0MTIxMjEwMDI1M1owEjEQMA4GA1UEAwwHbXlyZWFsbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALp4C+KLC8j/GxOjEio/GTCUxvFgYdytv8QeQSWAmHOz9QiDkWSPaP7ykMdUJz/gl5CCp50dpMyMwtK506pSDpGmX4Zkp+dIxubzQUvaj0/llO1Ht6isbliRcHGhVOUhCWsCR6pwzyvqZLZJMZLnXjB8+omij7PsCnG360Sevt2txakEHRxEIOCI1VPKQWZmoNXOyR2sojOejk+cuo5hOSb2OtPefYj62T10kzFN4TaIlcHciukMHSvv9MKzuvNVYSD/rtqXvdp0PobIDEkkCXoC8dVLBBMlPO7Mm5Rvqd8wCkkvpLdp74lf2tnGIojBNC3ZUN5ZyrEOLdWOsmQYktkCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAPhPdLFcXdQT4k06oXB06ZSJ8AkZNXLvQFWCHXI34OmrS2yTse+dLqrqehnC3kPwxElVmawoUVc1sbsk7fUnspfM+Xw20PaABZu4MO2m5TB98f1hEkezP9fSqgPeuWJgTL8ZW5kkZyiD3IaZoqyxzYXaFxKHhU455g+k2+DO+N6FreVKcYz12Q5EMaxZ6U1neZAo3vicNxM3/TA5V8sPK8+oKvon7v5OyjpOH0goJo9v/klKeUk36h4u2h1S67IhVSU7tfzVFYrpns1JhrwGZ2xavVqEoqX8zFp3GKz3yVXkwHRHlrzYkZoGn21rm5boXIP3wEB7yXZbXWTiUko/IFw==" + ], + "priority": ["100"], + "algorithm": ["RSA-OAEP"] + } + }, + { + "id": "d85dae25-3728-46a0-980b-46171ba50cdd", + "name": "aes-generated", + "providerId": "aes-generated", + "subComponents": {}, + "config": { + "kid": ["c36222c6-6a43-4d32-9d44-d5d355e5cabd"], + "secret": ["rzL4qUQ7wTEkZDbgt595VA"], + "priority": ["100"] + } + }, + { + "id": "8c3bb039-6f5b-4bdc-9faa-e0f6038d9e6b", + "name": "hmac-generated-hs512", + "providerId": "hmac-generated", + "subComponents": {}, + "config": { + "kid": ["06532a54-c310-41c1-829c-58776ce2ab4a"], + "secret": [ + "9v1ZjFhEFH6UpY6ncFkaCbqJYHMyI4tA0cvx4GuQ5KtMXYbimitSSVDqxIKwa-gBC_8bY2O4FQfpmp1Qn1-L4fFmPFfIF3ZKsO16263BwpADo_FNSBTte8Le4gJLylqFULdsn3ye17FHyq5Jjms_OTt3opzcDLNduCuK22GBBsU" + ], + "priority": ["100"], + "algorithm": ["HS512"] + } + } + ] + }, + "internationalizationEnabled": true, + "supportedLocales": ["en", "fr", "es"], + "defaultLocale": "en", + "authenticationFlows": [ + { + "id": "0e1abbbe-40e3-4754-9fe2-8a7d1f82354e", + "alias": "Account verification options", + "description": "Method with which to verity the existing account", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-email-verification", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Verify Existing Account by Re-authentication", + "userSetupAllowed": false + } + ] + }, + { + "id": "f279cc4d-ebed-4390-a5d4-0cbb6dd662ae", + "alias": "Browser - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-otp-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "6926f455-0fd0-4ac6-9fc1-333b86c4150f", + "alias": "Direct Grant - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "direct-grant-validate-otp", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "b11840e7-21ec-4200-bf3c-c7853646a908", + "alias": "First broker login - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-otp-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "615b4d0e-e71e-4c96-aed3-b03b34b61808", + "alias": "Handle Existing Account", + "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-confirm-link", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Account verification options", + "userSetupAllowed": false + } + ] + }, + { + "id": "36958ec5-62d7-4d51-8b30-7a6709476aec", + "alias": "Reset - Conditional OTP", + "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-otp", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "aa4a7ac2-ec63-48ea-a70f-b3f18992b99a", + "alias": "User creation or linking", + "description": "Flow for the existing/non-existing user alternatives", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorConfig": "create unique user config", + "authenticator": "idp-create-user-if-unique", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Handle Existing Account", + "userSetupAllowed": false + } + ] + }, + { + "id": "dafdfc68-72eb-49b2-a8f4-495ee25fba21", + "alias": "Verify Existing Account by Re-authentication", + "description": "Reauthentication of existing account", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-username-password-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "First broker login - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "6a39b6db-c81e-4de4-92a8-a9e504593f2e", + "alias": "browser", + "description": "browser based authentication", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-cookie", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-spnego", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "identity-provider-redirector", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 25, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 30, + "autheticatorFlow": true, + "flowAlias": "forms", + "userSetupAllowed": false + } + ] + }, + { + "id": "6fa840df-bc04-4045-9e33-8901d183b165", + "alias": "clients", + "description": "Base authentication for clients", + "providerId": "client-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "client-secret", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-jwt", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-secret-jwt", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 30, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-x509", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 40, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "4aa24ca0-ad09-4f30-806b-4c699724d731", + "alias": "direct grant", + "description": "OpenID Connect Resource Owner Grant", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "direct-grant-validate-username", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "direct-grant-validate-password", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 30, + "autheticatorFlow": true, + "flowAlias": "Direct Grant - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "0a914ba4-f662-4b85-af64-74738a222b7f", + "alias": "docker auth", + "description": "Used by Docker clients to authenticate against the IDP", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "docker-http-basic-authenticator", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "9b40f15f-b690-4fe2-9fe8-07e77d965297", + "alias": "first broker login", + "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorConfig": "review profile config", + "authenticator": "idp-review-profile", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "User creation or linking", + "userSetupAllowed": false + } + ] + }, + { + "id": "c8a9848f-8dd8-4e13-b521-0a537d92ec36", + "alias": "forms", + "description": "Username, password, otp and other auth forms.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-username-password-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Browser - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "603957f8-b0a5-4885-aafd-e2757e431954", + "alias": "registration", + "description": "registration flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-page-form", + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": true, + "flowAlias": "registration form", + "userSetupAllowed": false + } + ] + }, + { + "id": "f41632f9-7fad-427d-ae7a-78ac9b1f51d0", + "alias": "registration form", + "description": "registration form", + "providerId": "form-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-user-creation", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "registration-password-action", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 50, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "registration-recaptcha-action", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 60, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "registration-terms-and-conditions", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 70, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "27a133ca-e05e-4c93-a3b7-ffe14b4e62ec", + "alias": "reset credentials", + "description": "Reset credentials for a user if they forgot their password or something", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "reset-credentials-choose-user", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-credential-email", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-password", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 30, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 40, + "autheticatorFlow": true, + "flowAlias": "Reset - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "06cd7382-4944-4499-94dc-9908544e291b", + "alias": "saml ecp", + "description": "SAML ECP Profile Authentication Flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "http-basic-authenticator", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + } + ], + "authenticatorConfig": [ + { + "id": "5f953def-6f7c-430f-a33f-440ec2d2dddd", + "alias": "create unique user config", + "config": { + "require.password.update.after.registration": "false" + } + }, + { + "id": "b3dad9a1-5b82-4e91-a250-157a45694e24", + "alias": "review profile config", + "config": { + "update.profile.on.first.login": "missing" + } + } + ], + "requiredActions": [ + { + "alias": "CONFIGURE_TOTP", + "name": "Configure OTP", + "providerId": "CONFIGURE_TOTP", + "enabled": true, + "defaultAction": false, + "priority": 10, + "config": {} + }, + { + "alias": "TERMS_AND_CONDITIONS", + "name": "Terms and Conditions", + "providerId": "TERMS_AND_CONDITIONS", + "enabled": true, + "defaultAction": true, + "priority": 20, + "config": {} + }, + { + "alias": "UPDATE_PASSWORD", + "name": "Update Password", + "providerId": "UPDATE_PASSWORD", + "enabled": true, + "defaultAction": false, + "priority": 30, + "config": {} + }, + { + "alias": "UPDATE_PROFILE", + "name": "Update Profile", + "providerId": "UPDATE_PROFILE", + "enabled": true, + "defaultAction": false, + "priority": 40, + "config": {} + }, + { + "alias": "VERIFY_EMAIL", + "name": "Verify Email", + "providerId": "VERIFY_EMAIL", + "enabled": true, + "defaultAction": false, + "priority": 50, + "config": {} + }, + { + "alias": "delete_account", + "name": "Delete Account", + "providerId": "delete_account", + "enabled": true, + "defaultAction": false, + "priority": 60, + "config": {} + }, + { + "alias": "webauthn-register", + "name": "Webauthn Register", + "providerId": "webauthn-register", + "enabled": true, + "defaultAction": false, + "priority": 70, + "config": {} + }, + { + "alias": "webauthn-register-passwordless", + "name": "Webauthn Register Passwordless", + "providerId": "webauthn-register-passwordless", + "enabled": true, + "defaultAction": false, + "priority": 80, + "config": {} + }, + { + "alias": "VERIFY_PROFILE", + "name": "Verify Profile", + "providerId": "VERIFY_PROFILE", + "enabled": true, + "defaultAction": false, + "priority": 90, + "config": {} + }, + { + "alias": "delete_credential", + "name": "Delete Credential", + "providerId": "delete_credential", + "enabled": true, + "defaultAction": false, + "priority": 100, + "config": {} + }, + { + "alias": "update_user_locale", + "name": "Update User Locale", + "providerId": "update_user_locale", + "enabled": true, + "defaultAction": false, + "priority": 1000, + "config": {} + } + ], + "browserFlow": "browser", + "registrationFlow": "registration", + "directGrantFlow": "direct grant", + "resetCredentialsFlow": "reset credentials", + "clientAuthenticationFlow": "clients", + "dockerAuthenticationFlow": "docker auth", + "firstBrokerLoginFlow": "first broker login", + "attributes": { + "cibaBackchannelTokenDeliveryMode": "poll", + "cibaAuthRequestedUserHint": "login_hint", + "clientOfflineSessionMaxLifespan": "0", + "oauth2DevicePollingInterval": "5", + "clientSessionIdleTimeout": "0", + "clientOfflineSessionIdleTimeout": "0", + "cibaInterval": "5", + "realmReusableOtpCode": "false", + "cibaExpiresIn": "120", + "oauth2DeviceCodeLifespan": "600", + "parRequestUriLifespan": "60", + "clientSessionMaxLifespan": "0", + "organizationsEnabled": "false" + }, + "keycloakVersion": "26.0.7", + "userManagedAccessAllowed": false, + "organizationsEnabled": false, + "clientProfiles": { + "profiles": [] + }, + "clientPolicies": { + "policies": [] + } +} From 9185740d354f4847b94f34f34f2ed68bb49a1a69 Mon Sep 17 00:00:00 2001 From: Joseph Garrone Date: Sat, 14 Dec 2024 14:36:11 +0100 Subject: [PATCH 07/24] Keycloak config persistance implemented (to test) --- .../getQuayIoKeycloakDockerImageTags.ts | 89 +++++ .../realmConfig/ParsedRealmJson.ts | 28 +- .../defaultConfig/defaultConfig.ts | 74 +++++ .../realmConfig/defaultConfig/index.ts | 1 + .../{ => defaultConfig}/realm-kc-18.json | 0 .../{ => defaultConfig}/realm-kc-19.json | 0 .../{ => defaultConfig}/realm-kc-20.json | 0 .../{ => defaultConfig}/realm-kc-21.json | 0 .../{ => defaultConfig}/realm-kc-23.json | 0 .../{ => defaultConfig}/realm-kc-24.json | 0 .../{ => defaultConfig}/realm-kc-25.json | 0 .../{ => defaultConfig}/realm-kc-26.json | 0 .../realmConfig/dumpContainerConfig.ts | 32 +- src/bin/start-keycloak/realmConfig/index.ts | 1 + .../realmConfig/prepareRealmConfig.ts | 46 ++- .../start-keycloak/realmConfig/realmConfig.ts | 108 ++++++ src/bin/start-keycloak/start-keycloak.ts | 314 ++++++++---------- 17 files changed, 465 insertions(+), 228 deletions(-) create mode 100644 src/bin/start-keycloak/getQuayIoKeycloakDockerImageTags.ts create mode 100644 src/bin/start-keycloak/realmConfig/defaultConfig/defaultConfig.ts create mode 100644 src/bin/start-keycloak/realmConfig/defaultConfig/index.ts rename src/bin/start-keycloak/realmConfig/{ => defaultConfig}/realm-kc-18.json (100%) rename src/bin/start-keycloak/realmConfig/{ => defaultConfig}/realm-kc-19.json (100%) rename src/bin/start-keycloak/realmConfig/{ => defaultConfig}/realm-kc-20.json (100%) rename src/bin/start-keycloak/realmConfig/{ => defaultConfig}/realm-kc-21.json (100%) rename src/bin/start-keycloak/realmConfig/{ => defaultConfig}/realm-kc-23.json (100%) rename src/bin/start-keycloak/realmConfig/{ => defaultConfig}/realm-kc-24.json (100%) rename src/bin/start-keycloak/realmConfig/{ => defaultConfig}/realm-kc-25.json (100%) rename src/bin/start-keycloak/realmConfig/{ => defaultConfig}/realm-kc-26.json (100%) create mode 100644 src/bin/start-keycloak/realmConfig/index.ts create mode 100644 src/bin/start-keycloak/realmConfig/realmConfig.ts diff --git a/src/bin/start-keycloak/getQuayIoKeycloakDockerImageTags.ts b/src/bin/start-keycloak/getQuayIoKeycloakDockerImageTags.ts new file mode 100644 index 00000000..e36e7ae8 --- /dev/null +++ b/src/bin/start-keycloak/getQuayIoKeycloakDockerImageTags.ts @@ -0,0 +1,89 @@ +import fetch from "make-fetch-happen"; +import type { BuildContext } from "../shared/buildContext"; +import { assert } from "tsafe/assert"; +import { z } from "zod"; +import { SemVer } from "../tools/SemVer"; +import { exclude } from "tsafe/exclude"; +import { getSupportedKeycloakMajorVersions } from "./realmConfig/defaultConfig"; + +export type BuildContextLike = { + fetchOptions: BuildContext["fetchOptions"]; +}; + +assert; + +let cache: string[] | undefined = undefined; + +export async function getKeycloakDockerImageLatestSemVerTagsForEveryMajors(params: { + buildContext: BuildContextLike; +}) { + if (cache !== undefined) { + return cache; + } + + const { buildContext } = params; + + const { tags } = await fetch( + "https://quay.io/v2/keycloak/keycloak/tags/list", + buildContext.fetchOptions + ) + .then(r => r.json()) + .then(j => + z + .object({ + tags: z.array(z.string()) + }) + .parse(j) + ); + + const arr = tags + .map(tag => ({ + tag, + version: (() => { + if (tag.includes("-")) { + return undefined; + } + + let version: SemVer; + + try { + version = SemVer.parse(tag); + } catch { + return undefined; + } + + return version; + })() + })) + .map(({ tag, version }) => (version === undefined ? undefined : { tag, version })) + .filter(exclude(undefined)); + + const versionByMajor: Record = {}; + + for (const { version } of arr) { + const version_current = versionByMajor[version.major]; + + if ( + version_current === undefined || + SemVer.compare(version_current, version) === -1 + ) { + versionByMajor[version.major] = version; + } + } + + const supportedKeycloakMajorVersions = getSupportedKeycloakMajorVersions(); + + cache = Object.values(versionByMajor) + .map(version => { + assert(version !== undefined); + + if (!supportedKeycloakMajorVersions.includes(version.major)) { + return undefined; + } + + return SemVer.stringify(version); + }) + .filter(exclude(undefined)); + + return cache; +} diff --git a/src/bin/start-keycloak/realmConfig/ParsedRealmJson.ts b/src/bin/start-keycloak/realmConfig/ParsedRealmJson.ts index ebb6354e..d92141c7 100644 --- a/src/bin/start-keycloak/realmConfig/ParsedRealmJson.ts +++ b/src/bin/start-keycloak/realmConfig/ParsedRealmJson.ts @@ -3,11 +3,14 @@ import { assert, type Equals } from "tsafe/assert"; import { is } from "tsafe/is"; import { id } from "tsafe/id"; import * as fs from "fs"; -import { join as pathJoin } from "path"; -import { getThisCodebaseRootDirPath } from "../../tools/getThisCodebaseRootDirPath"; export type ParsedRealmJson = { name: string; + loginTheme?: string; + accountTheme?: string; + adminTheme?: string; + emailTheme?: string; + eventsListeners: string[]; users: { id: string; email: string; @@ -52,6 +55,11 @@ export function readRealmJsonFile(params: { const zTargetType = z.object({ name: z.string(), + loginTheme: z.string().optional(), + accountTheme: z.string().optional(), + adminTheme: z.string().optional(), + emailTheme: z.string().optional(), + eventsListeners: z.array(z.string()), users: z.array( z.object({ id: z.string(), @@ -105,19 +113,3 @@ export function readRealmJsonFile(params: { return parsedRealmJson; } - -export function getDefaultConfig(params: { - keycloakMajorVersionNumber: number; -}): ParsedRealmJson { - const { keycloakMajorVersionNumber } = params; - - const realmJsonFilePath = pathJoin( - getThisCodebaseRootDirPath(), - "src", - "bin", - "start-keycloak", - `myrealm-realm-${keycloakMajorVersionNumber}.json` - ); - - return readRealmJsonFile({ realmJsonFilePath }); -} diff --git a/src/bin/start-keycloak/realmConfig/defaultConfig/defaultConfig.ts b/src/bin/start-keycloak/realmConfig/defaultConfig/defaultConfig.ts new file mode 100644 index 00000000..220f4ac3 --- /dev/null +++ b/src/bin/start-keycloak/realmConfig/defaultConfig/defaultConfig.ts @@ -0,0 +1,74 @@ +import { join as pathJoin, dirname as pathDirname } from "path"; +import { getThisCodebaseRootDirPath } from "../../../tools/getThisCodebaseRootDirPath"; +import * as fs from "fs"; +import { exclude } from "tsafe/exclude"; +import { assert } from "tsafe/assert"; +import { type ParsedRealmJson, readRealmJsonFile } from "../ParsedRealmJson"; + +export function getDefaultRealmJsonFilePath(params: { + keycloakMajorVersionNumber: number; +}) { + const { keycloakMajorVersionNumber } = params; + + return pathJoin( + getThisCodebaseRootDirPath(), + "src", + "bin", + "start-keycloak", + "realmConfig", + "defaultConfig", + `realm-kc-${keycloakMajorVersionNumber}.json` + ); +} + +export const { getSupportedKeycloakMajorVersions } = (() => { + let cache: number[] | undefined = undefined; + + function getSupportedKeycloakMajorVersions(): number[] { + if (cache !== undefined) { + return cache; + } + + cache = fs + .readdirSync( + pathDirname( + getDefaultRealmJsonFilePath({ keycloakMajorVersionNumber: 0 }) + ) + ) + .map(fileBasename => { + const match = fileBasename.match(/^realm-kc-(\d+)\.json$/); + + if (match === null) { + return undefined; + } + + const n = parseInt(match[1]); + + assert(!isNaN(n)); + + return n; + }) + .filter(exclude(undefined)); + + return cache; + } + + return { getSupportedKeycloakMajorVersions }; +})(); + +export function getDefaultConfig(params: { + keycloakMajorVersionNumber: number; +}): ParsedRealmJson { + const { keycloakMajorVersionNumber } = params; + + assert( + getSupportedKeycloakMajorVersions().includes(keycloakMajorVersionNumber), + `We do not have a default config for Keycloak ${keycloakMajorVersionNumber}` + ); + + return readRealmJsonFile({ + realmJsonFilePath: getDefaultRealmJsonFilePath({ + keycloakMajorVersionNumber + }) + }); +} diff --git a/src/bin/start-keycloak/realmConfig/defaultConfig/index.ts b/src/bin/start-keycloak/realmConfig/defaultConfig/index.ts new file mode 100644 index 00000000..a067247f --- /dev/null +++ b/src/bin/start-keycloak/realmConfig/defaultConfig/index.ts @@ -0,0 +1 @@ +export * from "./defaultConfig"; diff --git a/src/bin/start-keycloak/realmConfig/realm-kc-18.json b/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-18.json similarity index 100% rename from src/bin/start-keycloak/realmConfig/realm-kc-18.json rename to src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-18.json diff --git a/src/bin/start-keycloak/realmConfig/realm-kc-19.json b/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-19.json similarity index 100% rename from src/bin/start-keycloak/realmConfig/realm-kc-19.json rename to src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-19.json diff --git a/src/bin/start-keycloak/realmConfig/realm-kc-20.json b/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-20.json similarity index 100% rename from src/bin/start-keycloak/realmConfig/realm-kc-20.json rename to src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-20.json diff --git a/src/bin/start-keycloak/realmConfig/realm-kc-21.json b/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-21.json similarity index 100% rename from src/bin/start-keycloak/realmConfig/realm-kc-21.json rename to src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-21.json diff --git a/src/bin/start-keycloak/realmConfig/realm-kc-23.json b/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-23.json similarity index 100% rename from src/bin/start-keycloak/realmConfig/realm-kc-23.json rename to src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-23.json diff --git a/src/bin/start-keycloak/realmConfig/realm-kc-24.json b/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-24.json similarity index 100% rename from src/bin/start-keycloak/realmConfig/realm-kc-24.json rename to src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-24.json diff --git a/src/bin/start-keycloak/realmConfig/realm-kc-25.json b/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-25.json similarity index 100% rename from src/bin/start-keycloak/realmConfig/realm-kc-25.json rename to src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-25.json diff --git a/src/bin/start-keycloak/realmConfig/realm-kc-26.json b/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-26.json similarity index 100% rename from src/bin/start-keycloak/realmConfig/realm-kc-26.json rename to src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-26.json diff --git a/src/bin/start-keycloak/realmConfig/dumpContainerConfig.ts b/src/bin/start-keycloak/realmConfig/dumpContainerConfig.ts index b32d7879..81fb4443 100644 --- a/src/bin/start-keycloak/realmConfig/dumpContainerConfig.ts +++ b/src/bin/start-keycloak/realmConfig/dumpContainerConfig.ts @@ -1,4 +1,3 @@ -import { runPrettier, getIsPrettierAvailable } from "../../tools/runPrettier"; import { CONTAINER_NAME } from "../../shared/constants"; import child_process from "child_process"; import { join as pathJoin } from "path"; @@ -6,7 +5,7 @@ import chalk from "chalk"; import { Deferred } from "evt/tools/Deferred"; import { assert, is } from "tsafe/assert"; import type { BuildContext } from "../../shared/buildContext"; -import * as fs from "fs/promises"; +import { type ParsedRealmJson, readRealmJsonFile } from "./ParsedRealmJson"; export type BuildContextLike = { cacheDirPath: string; @@ -17,15 +16,9 @@ assert(); export async function dumpContainerConfig(params: { realmName: string; keycloakMajorVersionNumber: number; - targetRealmConfigJsonFilePath: string; buildContext: BuildContextLike; -}) { - const { - realmName, - keycloakMajorVersionNumber, - targetRealmConfigJsonFilePath, - buildContext - } = params; +}): Promise { + const { realmName, keycloakMajorVersionNumber, buildContext } = params; { // https://github.com/keycloak/keycloak/issues/33800 @@ -148,20 +141,7 @@ export async function dumpContainerConfig(params: { await dCompleted.pr; } - let sourceCode = (await fs.readFile(targetRealmConfigJsonFilePath_tmp)).toString( - "utf8" - ); - - run_prettier: { - if (!(await getIsPrettierAvailable())) { - break run_prettier; - } - - sourceCode = await runPrettier({ - filePath: targetRealmConfigJsonFilePath, - sourceCode: sourceCode - }); - } - - await fs.writeFile(targetRealmConfigJsonFilePath, Buffer.from(sourceCode, "utf8")); + return readRealmJsonFile({ + realmJsonFilePath: targetRealmConfigJsonFilePath_tmp + }); } diff --git a/src/bin/start-keycloak/realmConfig/index.ts b/src/bin/start-keycloak/realmConfig/index.ts new file mode 100644 index 00000000..09a46a68 --- /dev/null +++ b/src/bin/start-keycloak/realmConfig/index.ts @@ -0,0 +1 @@ +export * from "./realmConfig"; diff --git a/src/bin/start-keycloak/realmConfig/prepareRealmConfig.ts b/src/bin/start-keycloak/realmConfig/prepareRealmConfig.ts index 37bda1ad..afe79572 100644 --- a/src/bin/start-keycloak/realmConfig/prepareRealmConfig.ts +++ b/src/bin/start-keycloak/realmConfig/prepareRealmConfig.ts @@ -1,15 +1,26 @@ import { assert } from "tsafe/assert"; -import { getDefaultConfig, type ParsedRealmJson } from "./ParsedRealmJson"; +import type { ParsedRealmJson } from "./ParsedRealmJson"; +import { getDefaultConfig } from "./defaultConfig"; +import type { BuildContext } from "../../shared/buildContext"; +import { objectKeys } from "tsafe/objectKeys"; + +export type BuildContextLike = { + themeNames: BuildContext["themeNames"]; + implementedThemeTypes: BuildContext["implementedThemeTypes"]; +}; + +assert; export function prepareRealmConfig(params: { parsedRealmJson: ParsedRealmJson; keycloakMajorVersionNumber: number; + buildContext: BuildContextLike; }): { realmName: string; clientName: string; username: string; } { - const { parsedRealmJson, keycloakMajorVersionNumber } = params; + const { parsedRealmJson, keycloakMajorVersionNumber, buildContext } = params; const { username } = addOrEditTestUser({ parsedRealmJson, @@ -23,6 +34,22 @@ export function prepareRealmConfig(params: { editAccountConsoleAndSecurityAdminConsole({ parsedRealmJson }); + enableCustomThemes({ + parsedRealmJson, + themeName: buildContext.themeNames[0], + implementedThemeTypes: buildContext.implementedThemeTypes + }); + + enable_custom_events_listeners: { + const name = "keycloakify-logging"; + + if (parsedRealmJson.eventsListeners.includes(name)) { + break enable_custom_events_listeners; + } + + parsedRealmJson.eventsListeners.push(name); + } + return { realmName: parsedRealmJson.name, clientName: clientId, @@ -30,6 +57,21 @@ export function prepareRealmConfig(params: { }; } +function enableCustomThemes(params: { + parsedRealmJson: ParsedRealmJson; + themeName: string; + implementedThemeTypes: BuildContextLike["implementedThemeTypes"]; +}) { + const { parsedRealmJson, themeName, implementedThemeTypes } = params; + + for (const themeType of objectKeys(implementedThemeTypes)) { + parsedRealmJson[`${themeType}Theme` as const] = implementedThemeTypes[themeType] + .isImplemented + ? themeName + : ""; + } +} + function addOrEditTestUser(params: { parsedRealmJson: ParsedRealmJson; keycloakMajorVersionNumber: number; diff --git a/src/bin/start-keycloak/realmConfig/realmConfig.ts b/src/bin/start-keycloak/realmConfig/realmConfig.ts new file mode 100644 index 00000000..b7793ec7 --- /dev/null +++ b/src/bin/start-keycloak/realmConfig/realmConfig.ts @@ -0,0 +1,108 @@ +import type { BuildContext } from "../../shared/buildContext"; +import { assert } from "tsafe/assert"; +import { runPrettier, getIsPrettierAvailable } from "../../tools/runPrettier"; +import { getDefaultConfig } from "./defaultConfig"; +import { + prepareRealmConfig, + type BuildContextLike as BuildContextLike_prepareRealmConfig +} from "./prepareRealmConfig"; +import * as fs from "fs"; +import { join as pathJoin, dirname as pathDirname } from "path"; +import { existsAsync } from "../../tools/fs.existsAsync"; +import { readRealmJsonFile, type ParsedRealmJson } from "./ParsedRealmJson"; +import { + dumpContainerConfig, + type BuildContextLike as BuildContextLike_dumpContainerConfig +} from "./dumpContainerConfig"; + +export type BuildContextLike = BuildContextLike_dumpContainerConfig & + BuildContextLike_prepareRealmConfig & { + projectDirPath: string; + }; + +assert; + +export async function getRealmConfig(params: { + keycloakMajorVersionNumber: number; + realmJsonFilePath_userProvided: string | undefined; + buildContext: BuildContextLike; +}): Promise<{ + realmJsonFilePath: string; + clientName: string; + realmName: string; + username: string; + onRealmConfigChange: () => Promise; +}> { + const { keycloakMajorVersionNumber, realmJsonFilePath_userProvided, buildContext } = + params; + + const realmJsonFilePath = pathJoin( + buildContext.projectDirPath, + `realm-kc-${keycloakMajorVersionNumber}.json` + ); + + const parsedRealmJson = await (async () => { + if (realmJsonFilePath_userProvided !== undefined) { + return readRealmJsonFile({ + realmJsonFilePath: realmJsonFilePath_userProvided + }); + } + + if (await existsAsync(realmJsonFilePath)) { + return readRealmJsonFile({ + realmJsonFilePath + }); + } + + return getDefaultConfig({ keycloakMajorVersionNumber }); + })(); + + const { clientName, realmName, username } = prepareRealmConfig({ + parsedRealmJson, + buildContext, + keycloakMajorVersionNumber + }); + + { + const dirPath = pathDirname(realmJsonFilePath); + + if (!(await existsAsync(dirPath))) { + fs.mkdirSync(dirPath, { recursive: true }); + } + } + + const writeRealmJsonFile = async (params: { parsedRealmJson: ParsedRealmJson }) => { + const { parsedRealmJson } = params; + + let sourceCode = JSON.stringify(parsedRealmJson, null, 2); + + if (await getIsPrettierAvailable()) { + sourceCode = await runPrettier({ + sourceCode, + filePath: realmJsonFilePath + }); + } + + fs.writeFileSync(realmJsonFilePath, sourceCode); + }; + + await writeRealmJsonFile({ parsedRealmJson }); + + async function onRealmConfigChange() { + const parsedRealmJson = await dumpContainerConfig({ + buildContext, + realmName, + keycloakMajorVersionNumber + }); + + await writeRealmJsonFile({ parsedRealmJson }); + } + + return { + realmJsonFilePath, + clientName, + realmName, + username, + onRealmConfigChange + }; +} diff --git a/src/bin/start-keycloak/start-keycloak.ts b/src/bin/start-keycloak/start-keycloak.ts index a70ba002..7d2adcad 100644 --- a/src/bin/start-keycloak/start-keycloak.ts +++ b/src/bin/start-keycloak/start-keycloak.ts @@ -1,6 +1,5 @@ import type { BuildContext } from "../shared/buildContext"; import { exclude } from "tsafe/exclude"; -import { promptKeycloakVersion } from "../shared/promptKeycloakVersion"; import { CONTAINER_NAME, KEYCLOAKIFY_SPA_DEV_SERVER_PORT, @@ -13,8 +12,7 @@ import { join as pathJoin, relative as pathRelative, sep as pathSep, - basename as pathBasename, - dirname as pathDirname + basename as pathBasename } from "path"; import * as child_process from "child_process"; import chalk from "chalk"; @@ -32,6 +30,9 @@ import { existsAsync } from "../tools/fs.existsAsync"; import { rm } from "../tools/fs.rm"; import { downloadAndExtractArchive } from "../tools/downloadAndExtractArchive"; import { startViteDevServer } from "./startViteDevServer"; +import { getSupportedKeycloakMajorVersions } from "./realmConfig/defaultConfig"; +import { getKeycloakDockerImageLatestSemVerTagsForEveryMajors } from "./getQuayIoKeycloakDockerImageTags"; +import { getRealmConfig } from "./realmConfig"; export async function command(params: { buildContext: BuildContext; @@ -95,9 +96,32 @@ export async function command(params: { const { cliCommandOptions, buildContext } = params; + const availableTags = await getKeycloakDockerImageLatestSemVerTagsForEveryMajors({ + buildContext + }); + const { dockerImageTag } = await (async () => { if (cliCommandOptions.keycloakVersion !== undefined) { - return { dockerImageTag: cliCommandOptions.keycloakVersion }; + const cliCommandOptions_keycloakVersion = cliCommandOptions.keycloakVersion; + + const tag = availableTags.find(tag => + tag.startsWith(cliCommandOptions_keycloakVersion) + ); + + if (tag === undefined) { + console.log( + chalk.red( + [ + `We could not find a Keycloak Docker image for ${cliCommandOptions_keycloakVersion}`, + `Example of valid values: --keycloak-version 26, --keycloak-version 26.0.7` + ].join("\n") + ) + ); + + process.exit(1); + } + + return { dockerImageTag: tag }; } if (buildContext.startKeycloakOptions.dockerImage !== undefined) { @@ -112,50 +136,81 @@ export async function command(params: { "On which version of Keycloak do you want to test your theme?" ), chalk.gray( - "You can also explicitly provide the version with `npx keycloakify start-keycloak --keycloak-version 25.0.2` (or any other version)" + "You can also explicitly provide the version with `npx keycloakify start-keycloak --keycloak-version 26` (or any other version)" ) ].join("\n") ); - const { keycloakVersion } = await promptKeycloakVersion({ - startingFromMajor: 18, - excludeMajorVersions: [22], - doOmitPatch: true, - buildContext + const { value: tag } = await cliSelect({ + values: availableTags + }).catch(() => { + process.exit(-1); }); - console.log(`→ ${keycloakVersion}`); + console.log(`→ ${tag}`); - return { dockerImageTag: keycloakVersion }; + return { dockerImageTag: tag }; })(); const keycloakMajorVersionNumber = (() => { - if (buildContext.startKeycloakOptions.dockerImage === undefined) { - return SemVer.parse(dockerImageTag).major; - } - - const { tag } = buildContext.startKeycloakOptions.dockerImage; - - const [wrap] = [18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28] + const [wrap] = getSupportedKeycloakMajorVersions() .map(majorVersionNumber => ({ majorVersionNumber, - index: tag.indexOf(`${majorVersionNumber}`) + index: dockerImageTag.indexOf(`${majorVersionNumber}`) })) .filter(({ index }) => index !== -1) .sort((a, b) => a.index - b.index); if (wrap === undefined) { - console.warn( - chalk.yellow( - `Could not determine the major Keycloak version number from the docker image tag ${tag}. Assuming 25` - ) - ); - return 25; + try { + const version = SemVer.parse(dockerImageTag); + + console.error( + chalk.yellow( + `Keycloak version ${version.major} is not supported, supported versions are ${getSupportedKeycloakMajorVersions().join(", ")}` + ) + ); + + process.exit(1); + } catch { + console.warn( + chalk.yellow( + `Could not determine the major Keycloak version number from the docker image tag ${dockerImageTag}. Assuming 26` + ) + ); + return 26; + } } return wrap.majorVersionNumber; })(); + const { clientName, onRealmConfigChange, realmJsonFilePath, realmName, username } = + await getRealmConfig({ + keycloakMajorVersionNumber, + realmJsonFilePath_userProvided: await (async () => { + if (cliCommandOptions.realmJsonFilePath !== undefined) { + return getAbsoluteAndInOsFormatPath({ + pathIsh: cliCommandOptions.realmJsonFilePath, + cwd: process.cwd() + }); + } + + if (buildContext.startKeycloakOptions.realmJsonFilePath !== undefined) { + assert( + await existsAsync( + buildContext.startKeycloakOptions.realmJsonFilePath + ), + `${pathRelative(process.cwd(), buildContext.startKeycloakOptions.realmJsonFilePath)} does not exist` + ); + return buildContext.startKeycloakOptions.realmJsonFilePath; + } + + return undefined; + })(), + buildContext + }); + { const { isAppBuildSuccess } = await appBuild({ buildContext @@ -193,156 +248,39 @@ export async function command(params: { assert(jarFilePath !== undefined); - const extensionJarFilePaths = await Promise.all( - buildContext.startKeycloakOptions.extensionJars.map(async extensionJar => { - switch (extensionJar.type) { - case "path": { - assert( - await existsAsync(extensionJar.path), - `${extensionJar.path} does not exist` - ); - return extensionJar.path; + const extensionJarFilePaths = [ + pathJoin( + getThisCodebaseRootDirPath(), + "src", + "bin", + "start-keycloak", + KEYCLOAKIFY_LOGIN_JAR_BASENAME + ), + ...(await Promise.all( + buildContext.startKeycloakOptions.extensionJars.map(async extensionJar => { + switch (extensionJar.type) { + case "path": { + assert( + await existsAsync(extensionJar.path), + `${extensionJar.path} does not exist` + ); + return extensionJar.path; + } + case "url": { + const { archiveFilePath } = await downloadAndExtractArchive({ + cacheDirPath: buildContext.cacheDirPath, + fetchOptions: buildContext.fetchOptions, + url: extensionJar.url, + uniqueIdOfOnArchiveFile: "no extraction", + onArchiveFile: async () => {} + }); + return archiveFilePath; + } } - case "url": { - const { archiveFilePath } = await downloadAndExtractArchive({ - cacheDirPath: buildContext.cacheDirPath, - fetchOptions: buildContext.fetchOptions, - url: extensionJar.url, - uniqueIdOfOnArchiveFile: "no extraction", - onArchiveFile: async () => {} - }); - return archiveFilePath; - } - } - assert>(false); - }) - ); - - const thisDirPath = pathJoin( - getThisCodebaseRootDirPath(), - "src", - "bin", - "start-keycloak" - ); - - extensionJarFilePaths.unshift(pathJoin(thisDirPath, KEYCLOAKIFY_LOGIN_JAR_BASENAME)); - - const getRealmJsonFilePath_defaultForKeycloakMajor = ( - keycloakMajorVersionNumber: number - ) => pathJoin(thisDirPath, `myrealm-realm-${keycloakMajorVersionNumber}.json`); - - const realmJsonFilePath = await (async () => { - if (cliCommandOptions.realmJsonFilePath !== undefined) { - if (cliCommandOptions.realmJsonFilePath === "none") { - return undefined; - } - return getAbsoluteAndInOsFormatPath({ - pathIsh: cliCommandOptions.realmJsonFilePath, - cwd: process.cwd() - }); - } - - if (buildContext.startKeycloakOptions.realmJsonFilePath !== undefined) { - assert( - await existsAsync(buildContext.startKeycloakOptions.realmJsonFilePath), - `${pathRelative(process.cwd(), buildContext.startKeycloakOptions.realmJsonFilePath)} does not exist` - ); - return buildContext.startKeycloakOptions.realmJsonFilePath; - } - - const internalFilePath = await (async () => { - const defaultFilePath = getRealmJsonFilePath_defaultForKeycloakMajor( - keycloakMajorVersionNumber - ); - - if (fs.existsSync(defaultFilePath)) { - return defaultFilePath; - } - - console.log( - `${chalk.yellow( - `Keycloakify do not have a realm configuration for Keycloak ${keycloakMajorVersionNumber} yet.` - )}` - ); - - console.log(chalk.cyan("Select what configuration to use:")); - - const dirPath = pathDirname(defaultFilePath); - - const { value } = await cliSelect({ - values: [ - ...fs - .readdirSync(dirPath) - .filter(fileBasename => fileBasename.endsWith(".json")), - "none" - ] - }).catch(() => { - process.exit(-1); - }); - - if (value === "none") { - return undefined; - } - - return pathJoin(dirPath, value); - })(); - - if (internalFilePath === undefined) { - return undefined; - } - - const filePath = pathJoin( - buildContext.cacheDirPath, - pathBasename(internalFilePath) - ); - - fs.writeFileSync( - filePath, - Buffer.from( - fs - .readFileSync(internalFilePath) - .toString("utf8") - .replace(/keycloakify\-starter/g, buildContext.themeNames[0]) - ), - "utf8" - ); - - return filePath; - })(); - - add_test_user_if_missing: { - if (realmJsonFilePath === undefined) { - break add_test_user_if_missing; - } - - const realm: Record = JSON.parse( - fs.readFileSync(realmJsonFilePath).toString("utf8") - ); - - if (realm.users !== undefined) { - break add_test_user_if_missing; - } - - const realmJsonFilePath_internal = (() => { - const filePath = getRealmJsonFilePath_defaultForKeycloakMajor( - keycloakMajorVersionNumber - ); - - if (!fs.existsSync(filePath)) { - return getRealmJsonFilePath_defaultForKeycloakMajor(25); - } - - return filePath; - })(); - - const users = JSON.parse( - fs.readFileSync(realmJsonFilePath_internal).toString("utf8") - ).users; - - realm.users = users; - - fs.writeFileSync(realmJsonFilePath, JSON.stringify(realm, null, 2), "utf8"); - } + assert>(false); + }) + )) + ]; async function extractThemeResourcesFromJar() { await extractArchive({ @@ -382,9 +320,7 @@ export async function command(params: { }); } catch {} - const DEFAULT_PORT = 8080; - const port = - cliCommandOptions.port ?? buildContext.startKeycloakOptions.port ?? DEFAULT_PORT; + const port = cliCommandOptions.port ?? buildContext.startKeycloakOptions.port ?? 8080; const doStartDevServer = (() => { const hasSpaUi = @@ -457,7 +393,7 @@ export async function command(params: { ...(realmJsonFilePath === undefined ? [] : [ - `-v${SPACE_PLACEHOLDER}"${realmJsonFilePath}":/opt/keycloak/data/import/myrealm-realm.json` + `-v${SPACE_PLACEHOLDER}"${realmJsonFilePath}":/opt/keycloak/data/import/${realmName}-realm.json` ]), `-v${SPACE_PLACEHOLDER}"${jarFilePath_cacheDir}":/opt/keycloak/providers/keycloak-theme.jar`, ...extensionJarFilePaths.map( @@ -532,7 +468,14 @@ export async function command(params: { { shell: true } ); - child.stdout.on("data", data => process.stdout.write(data)); + child.stdout.on("data", async data => { + if (data.toString("utf8").includes("keycloakify-logging: REALM_CONFIG_CHANGED")) { + await onRealmConfigChange(); + return; + } + + process.stdout.write(data); + }); child.stderr.on("data", data => process.stderr.write(data)); @@ -581,7 +524,7 @@ export async function command(params: { (() => { const url = new URL("https://my-theme.keycloakify.dev"); - if (port !== DEFAULT_PORT) { + if (port !== 8080) { url.searchParams.set("port", `${port}`); } if (kcHttpRelativePath !== undefined) { @@ -590,13 +533,20 @@ export async function command(params: { kcHttpRelativePath ); } + if (realmName !== "myrealm") { + url.searchParams.set("realm", realmName); + } + + if (clientName !== "myclient") { + url.searchParams.set("client", clientName); + } return url.href; })() )}`, "", "You can login with the following credentials:", - `- username: ${chalk.cyan.bold("testuser")}`, + `- username: ${chalk.cyan.bold(username)}`, `- password: ${chalk.cyan.bold("password123")}`, "", `Watching for changes in ${chalk.bold( From b1b6919395305a91aa177ef40ceea0e757c4d2bc Mon Sep 17 00:00:00 2001 From: Joseph Garrone Date: Sat, 14 Dec 2024 14:44:30 +0100 Subject: [PATCH 08/24] Assuming latest supported --- .../realmConfig/defaultConfig/defaultConfig.ts | 3 ++- src/bin/start-keycloak/start-keycloak.ts | 7 +++++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/src/bin/start-keycloak/realmConfig/defaultConfig/defaultConfig.ts b/src/bin/start-keycloak/realmConfig/defaultConfig/defaultConfig.ts index 220f4ac3..2fd970bf 100644 --- a/src/bin/start-keycloak/realmConfig/defaultConfig/defaultConfig.ts +++ b/src/bin/start-keycloak/realmConfig/defaultConfig/defaultConfig.ts @@ -48,7 +48,8 @@ export const { getSupportedKeycloakMajorVersions } = (() => { return n; }) - .filter(exclude(undefined)); + .filter(exclude(undefined)) + .sort((a, b) => b - a); return cache; } diff --git a/src/bin/start-keycloak/start-keycloak.ts b/src/bin/start-keycloak/start-keycloak.ts index 7d2adcad..69b9d175 100644 --- a/src/bin/start-keycloak/start-keycloak.ts +++ b/src/bin/start-keycloak/start-keycloak.ts @@ -173,12 +173,15 @@ export async function command(params: { process.exit(1); } catch { + // NOTE: Latest version + const [n] = getSupportedKeycloakMajorVersions(); + console.warn( chalk.yellow( - `Could not determine the major Keycloak version number from the docker image tag ${dockerImageTag}. Assuming 26` + `Could not determine the major Keycloak version number from the docker image tag ${dockerImageTag}. Assuming ${n}` ) ); - return 26; + return n; } } From 029cfcb591ee4173468e7ebae3b37806e676993f Mon Sep 17 00:00:00 2001 From: Joseph Garrone Date: Sat, 14 Dec 2024 18:37:54 +0100 Subject: [PATCH 09/24] Fix fetching of keycloak versions --- .../getQuayIoKeycloakDockerImageTags.ts | 54 ++++++++++++++----- 1 file changed, 41 insertions(+), 13 deletions(-) diff --git a/src/bin/start-keycloak/getQuayIoKeycloakDockerImageTags.ts b/src/bin/start-keycloak/getQuayIoKeycloakDockerImageTags.ts index e36e7ae8..95ea50e0 100644 --- a/src/bin/start-keycloak/getQuayIoKeycloakDockerImageTags.ts +++ b/src/bin/start-keycloak/getQuayIoKeycloakDockerImageTags.ts @@ -23,18 +23,44 @@ export async function getKeycloakDockerImageLatestSemVerTagsForEveryMajors(param const { buildContext } = params; - const { tags } = await fetch( - "https://quay.io/v2/keycloak/keycloak/tags/list", - buildContext.fetchOptions - ) - .then(r => r.json()) - .then(j => - z - .object({ - tags: z.array(z.string()) - }) - .parse(j) - ); + const tags: string[] = []; + + await (async function callee(url: string) { + const r = await fetch(url, buildContext.fetchOptions); + + await Promise.all([ + (async () => { + tags.push( + ...z + .object({ + tags: z.array(z.string()) + }) + .parse(await r.json()).tags + ); + })(), + (async () => { + const link = r.headers.get("link"); + + if (link === null) { + return; + } + + const split = link.split(";").map(s => s.trim()); + + assert(split.length === 2); + + assert(split[1] === 'rel="next"'); + + const match = split[0].match(/^<(.+)>$/); + + assert(match !== null); + + const nextUrl = new URL(url).origin + match[1]; + + await callee(nextUrl); + })() + ]); + })("https://quay.io/v2/keycloak/keycloak/tags/list"); const arr = tags .map(tag => ({ @@ -73,7 +99,9 @@ export async function getKeycloakDockerImageLatestSemVerTagsForEveryMajors(param const supportedKeycloakMajorVersions = getSupportedKeycloakMajorVersions(); - cache = Object.values(versionByMajor) + cache = Object.entries(versionByMajor) + .sort(([a], [b]) => parseInt(b) - parseInt(a)) + .map(([, version]) => version) .map(version => { assert(version !== undefined); From dc942aa5dec057bff9f11f5100458637ce3b8270 Mon Sep 17 00:00:00 2001 From: Joseph Garrone Date: Sun, 15 Dec 2024 08:53:54 +0100 Subject: [PATCH 10/24] Implement cache for fetching available docker images tags --- .../getQuayIoKeycloakDockerImageTags.ts | 117 --------- .../getSupportedDockerImageTags.ts | 230 ++++++++++++++++++ src/bin/start-keycloak/start-keycloak.ts | 4 +- 3 files changed, 232 insertions(+), 119 deletions(-) delete mode 100644 src/bin/start-keycloak/getQuayIoKeycloakDockerImageTags.ts create mode 100644 src/bin/start-keycloak/getSupportedDockerImageTags.ts diff --git a/src/bin/start-keycloak/getQuayIoKeycloakDockerImageTags.ts b/src/bin/start-keycloak/getQuayIoKeycloakDockerImageTags.ts deleted file mode 100644 index 95ea50e0..00000000 --- a/src/bin/start-keycloak/getQuayIoKeycloakDockerImageTags.ts +++ /dev/null @@ -1,117 +0,0 @@ -import fetch from "make-fetch-happen"; -import type { BuildContext } from "../shared/buildContext"; -import { assert } from "tsafe/assert"; -import { z } from "zod"; -import { SemVer } from "../tools/SemVer"; -import { exclude } from "tsafe/exclude"; -import { getSupportedKeycloakMajorVersions } from "./realmConfig/defaultConfig"; - -export type BuildContextLike = { - fetchOptions: BuildContext["fetchOptions"]; -}; - -assert; - -let cache: string[] | undefined = undefined; - -export async function getKeycloakDockerImageLatestSemVerTagsForEveryMajors(params: { - buildContext: BuildContextLike; -}) { - if (cache !== undefined) { - return cache; - } - - const { buildContext } = params; - - const tags: string[] = []; - - await (async function callee(url: string) { - const r = await fetch(url, buildContext.fetchOptions); - - await Promise.all([ - (async () => { - tags.push( - ...z - .object({ - tags: z.array(z.string()) - }) - .parse(await r.json()).tags - ); - })(), - (async () => { - const link = r.headers.get("link"); - - if (link === null) { - return; - } - - const split = link.split(";").map(s => s.trim()); - - assert(split.length === 2); - - assert(split[1] === 'rel="next"'); - - const match = split[0].match(/^<(.+)>$/); - - assert(match !== null); - - const nextUrl = new URL(url).origin + match[1]; - - await callee(nextUrl); - })() - ]); - })("https://quay.io/v2/keycloak/keycloak/tags/list"); - - const arr = tags - .map(tag => ({ - tag, - version: (() => { - if (tag.includes("-")) { - return undefined; - } - - let version: SemVer; - - try { - version = SemVer.parse(tag); - } catch { - return undefined; - } - - return version; - })() - })) - .map(({ tag, version }) => (version === undefined ? undefined : { tag, version })) - .filter(exclude(undefined)); - - const versionByMajor: Record = {}; - - for (const { version } of arr) { - const version_current = versionByMajor[version.major]; - - if ( - version_current === undefined || - SemVer.compare(version_current, version) === -1 - ) { - versionByMajor[version.major] = version; - } - } - - const supportedKeycloakMajorVersions = getSupportedKeycloakMajorVersions(); - - cache = Object.entries(versionByMajor) - .sort(([a], [b]) => parseInt(b) - parseInt(a)) - .map(([, version]) => version) - .map(version => { - assert(version !== undefined); - - if (!supportedKeycloakMajorVersions.includes(version.major)) { - return undefined; - } - - return SemVer.stringify(version); - }) - .filter(exclude(undefined)); - - return cache; -} diff --git a/src/bin/start-keycloak/getSupportedDockerImageTags.ts b/src/bin/start-keycloak/getSupportedDockerImageTags.ts new file mode 100644 index 00000000..fdc33cb1 --- /dev/null +++ b/src/bin/start-keycloak/getSupportedDockerImageTags.ts @@ -0,0 +1,230 @@ +import fetch from "make-fetch-happen"; +import type { BuildContext } from "../shared/buildContext"; +import { assert, type Equals } from "tsafe/assert"; +import { id } from "tsafe/id"; +import { z } from "zod"; +import { SemVer } from "../tools/SemVer"; +import { exclude } from "tsafe/exclude"; +import { getSupportedKeycloakMajorVersions } from "./realmConfig/defaultConfig"; +import { join as pathJoin, dirname as pathDirname } from "path"; +import * as fs from "fs/promises"; +import { existsAsync } from "../tools/fs.existsAsync"; +import { readThisNpmPackageVersion } from "../tools/readThisNpmPackageVersion"; + +export type BuildContextLike = { + fetchOptions: BuildContext["fetchOptions"]; + cacheDirPath: string; +}; + +assert; + +export async function getSupportedDockerImageTags(params: { + buildContext: BuildContextLike; +}) { + const { buildContext } = params; + + { + const result = await getCachedValue({ cacheDirPath: buildContext.cacheDirPath }); + + if (result !== undefined) { + return result; + } + } + + const tags: string[] = []; + + await (async function callee(url: string) { + const r = await fetch(url, buildContext.fetchOptions); + + await Promise.all([ + (async () => { + tags.push( + ...z + .object({ + tags: z.array(z.string()) + }) + .parse(await r.json()).tags + ); + })(), + (async () => { + const link = r.headers.get("link"); + + if (link === null) { + return; + } + + const split = link.split(";").map(s => s.trim()); + + assert(split.length === 2); + + assert(split[1] === 'rel="next"'); + + const match = split[0].match(/^<(.+)>$/); + + assert(match !== null); + + const nextUrl = new URL(url).origin + match[1]; + + await callee(nextUrl); + })() + ]); + })("https://quay.io/v2/keycloak/keycloak/tags/list"); + + const arr = tags + .map(tag => ({ + tag, + version: (() => { + if (tag.includes("-")) { + return undefined; + } + + let version: SemVer; + + try { + version = SemVer.parse(tag); + } catch { + return undefined; + } + + return version; + })() + })) + .map(({ tag, version }) => (version === undefined ? undefined : { tag, version })) + .filter(exclude(undefined)); + + const versionByMajor: Record = {}; + + for (const { version } of arr) { + const version_current = versionByMajor[version.major]; + + if ( + version_current === undefined || + SemVer.compare(version_current, version) === -1 + ) { + versionByMajor[version.major] = version; + } + } + + const supportedKeycloakMajorVersions = getSupportedKeycloakMajorVersions(); + + const result = Object.entries(versionByMajor) + .sort(([a], [b]) => parseInt(b) - parseInt(a)) + .map(([, version]) => version) + .map(version => { + assert(version !== undefined); + + if (!supportedKeycloakMajorVersions.includes(version.major)) { + return undefined; + } + + return SemVer.stringify(version); + }) + .filter(exclude(undefined)); + + await setCachedValue({ cacheDirPath: buildContext.cacheDirPath, result }); + + return result; +} + +const { getCachedValue, setCachedValue } = (() => { + type Cache = { + keycloakifyVersion: string; + time: number; + result: string[]; + }; + + const zCache = (() => { + type TargetType = Cache; + + const zTargetType = z.object({ + keycloakifyVersion: z.string(), + time: z.number(), + result: z.array(z.string()) + }); + + type InferredType = z.infer; + + assert>; + + return id>(zTargetType); + })(); + + let inMemoryCachedResult: Cache["result"] | undefined = undefined; + + function getCacheFilePath(params: { cacheDirPath: string }) { + const { cacheDirPath } = params; + + return pathJoin(cacheDirPath, "supportedDockerImageTags.json"); + } + + async function getCachedValue(params: { cacheDirPath: string }) { + const { cacheDirPath } = params; + + if (inMemoryCachedResult !== undefined) { + return inMemoryCachedResult; + } + + const cacheFilePath = getCacheFilePath({ cacheDirPath }); + + if (!(await existsAsync(cacheFilePath))) { + return undefined; + } + + let cache: Cache | undefined; + + try { + cache = zCache.parse(JSON.parse(await fs.readFile(cacheFilePath, "utf8"))); + } catch { + return undefined; + } + + if (cache.keycloakifyVersion !== readThisNpmPackageVersion()) { + return undefined; + } + + if (Date.now() - cache.time > 3_600 * 24) { + return undefined; + } + + inMemoryCachedResult = cache.result; + + return cache.result; + } + + async function setCachedValue(params: { + cacheDirPath: string; + result: Cache["result"]; + }) { + const { cacheDirPath, result } = params; + + inMemoryCachedResult = result; + + const cacheFilePath = getCacheFilePath({ cacheDirPath }); + + { + const dirPath = pathDirname(cacheFilePath); + + if (!(await existsAsync(dirPath))) { + await fs.mkdir(dirPath, { recursive: true }); + } + } + + await fs.writeFile( + cacheFilePath, + JSON.stringify( + zCache.parse({ + keycloakifyVersion: readThisNpmPackageVersion(), + time: Date.now(), + result + }), + null, + 2 + ) + ); + } + + return { + getCachedValue, + setCachedValue + }; +})(); diff --git a/src/bin/start-keycloak/start-keycloak.ts b/src/bin/start-keycloak/start-keycloak.ts index 69b9d175..3116fb71 100644 --- a/src/bin/start-keycloak/start-keycloak.ts +++ b/src/bin/start-keycloak/start-keycloak.ts @@ -31,7 +31,7 @@ import { rm } from "../tools/fs.rm"; import { downloadAndExtractArchive } from "../tools/downloadAndExtractArchive"; import { startViteDevServer } from "./startViteDevServer"; import { getSupportedKeycloakMajorVersions } from "./realmConfig/defaultConfig"; -import { getKeycloakDockerImageLatestSemVerTagsForEveryMajors } from "./getQuayIoKeycloakDockerImageTags"; +import { getSupportedDockerImageTags } from "./getSupportedDockerImageTags"; import { getRealmConfig } from "./realmConfig"; export async function command(params: { @@ -96,7 +96,7 @@ export async function command(params: { const { cliCommandOptions, buildContext } = params; - const availableTags = await getKeycloakDockerImageLatestSemVerTagsForEveryMajors({ + const availableTags = await getSupportedDockerImageTags({ buildContext }); From db0ec954df004952224a84244dcab026c0b61192 Mon Sep 17 00:00:00 2001 From: Joseph Garrone Date: Sun, 15 Dec 2024 11:34:41 +0100 Subject: [PATCH 11/24] Fix zod schema error --- src/bin/start-keycloak/ParsedRealmJson.ts | 123 ----------------- .../realmConfig/ParsedRealmJson.ts | 129 +++++++++--------- .../realmConfig/prepareRealmConfig.ts | 4 +- 3 files changed, 69 insertions(+), 187 deletions(-) delete mode 100644 src/bin/start-keycloak/ParsedRealmJson.ts diff --git a/src/bin/start-keycloak/ParsedRealmJson.ts b/src/bin/start-keycloak/ParsedRealmJson.ts deleted file mode 100644 index e136ae8b..00000000 --- a/src/bin/start-keycloak/ParsedRealmJson.ts +++ /dev/null @@ -1,123 +0,0 @@ -import { z } from "zod"; -import { assert, type Equals } from "tsafe/assert"; -import { is } from "tsafe/is"; -import { id } from "tsafe/id"; -import * as fs from "fs"; -import { join as pathJoin } from "path"; -import { getThisCodebaseRootDirPath } from "../tools/getThisCodebaseRootDirPath"; - -export type ParsedRealmJson = { - name: string; - users: { - id: string; - email: string; - username: string; - attributes: Record; - credentials: { - type: string /* "password" or something else */; - }[]; - clientRoles: Record; - }[]; - roles: { - client: { - name: string; - containerId: string; // client id - }[]; - }; - clients: { - id: string; - clientId: string; // example: realm-management - baseUrl?: string; - redirectUris?: string[]; - webOrigins?: string[]; - attributes?: { - "post.logout.redirect.uris"?: string; - }; - protocol?: string; - protocolMappers?: unknown[]; - }[]; -}; - -export function readRealmJsonFile(params: { - realmJsonFilePath: string; -}): ParsedRealmJson { - const { realmJsonFilePath } = params; - - const parsedRealmJson = JSON.parse( - fs.readFileSync(realmJsonFilePath).toString("utf8") - ) as unknown; - - const zParsedRealmJson = (() => { - type TargetType = ParsedRealmJson; - - const zTargetType = z.object({ - name: z.string(), - users: z.array( - z.object({ - id: z.string(), - email: z.string(), - username: z.string(), - attributes: z.record(z.unknown()), - credentials: z.array( - z.object({ - type: z.string() - }) - ), - clientRoles: z.record(z.array(z.string())) - }) - ), - roles: z.object({ - client: z.array( - z.object({ - name: z.string(), - containerId: z.string() - }) - ) - }), - clients: z.array( - z.object({ - id: z.string(), - clientId: z.string(), - baseUrl: z.string().optional(), - redirectUris: z.array(z.string()).optional(), - webOrigins: z.array(z.string()).optional(), - attributes: z - .object({ - "post.logout.redirect.uris": z.string().optional() - }) - .optional(), - protocol: z.string().optional(), - protocolMappers: z.array(z.unknown()).optional() - }) - ) - }); - - type InferredType = z.infer; - - assert>; - - return id>(zTargetType); - })(); - - zParsedRealmJson.parse(parsedRealmJson); - - assert(is(parsedRealmJson)); - - return parsedRealmJson; -} - -export function getDefaultConfig(params: { - keycloakMajorVersionNumber: number; -}): ParsedRealmJson { - const { keycloakMajorVersionNumber } = params; - - const realmJsonFilePath = pathJoin( - getThisCodebaseRootDirPath(), - "src", - "bin", - "start-keycloak", - `myrealm-realm-${keycloakMajorVersionNumber}.json` - ); - - return readRealmJsonFile({ realmJsonFilePath }); -} diff --git a/src/bin/start-keycloak/realmConfig/ParsedRealmJson.ts b/src/bin/start-keycloak/realmConfig/ParsedRealmJson.ts index d92141c7..4dcbc09f 100644 --- a/src/bin/start-keycloak/realmConfig/ParsedRealmJson.ts +++ b/src/bin/start-keycloak/realmConfig/ParsedRealmJson.ts @@ -5,7 +5,7 @@ import { id } from "tsafe/id"; import * as fs from "fs"; export type ParsedRealmJson = { - name: string; + realm: string; loginTheme?: string; accountTheme?: string; adminTheme?: string; @@ -22,10 +22,13 @@ export type ParsedRealmJson = { clientRoles: Record; }[]; roles: { - client: { - name: string; - containerId: string; // client id - }[]; + client: Record< + string, + { + name: string; + containerId: string; // client id + }[] + >; }; clients: { id: string; @@ -41,6 +44,65 @@ export type ParsedRealmJson = { }[]; }; +const zParsedRealmJson = (() => { + type TargetType = ParsedRealmJson; + + const zTargetType = z.object({ + realm: z.string(), + loginTheme: z.string().optional(), + accountTheme: z.string().optional(), + adminTheme: z.string().optional(), + emailTheme: z.string().optional(), + eventsListeners: z.array(z.string()), + users: z.array( + z.object({ + id: z.string(), + email: z.string(), + username: z.string(), + attributes: z.record(z.unknown()), + credentials: z.array( + z.object({ + type: z.string() + }) + ), + clientRoles: z.record(z.array(z.string())) + }) + ), + roles: z.object({ + client: z.record( + z.array( + z.object({ + name: z.string(), + containerId: z.string() + }) + ) + ) + }), + clients: z.array( + z.object({ + id: z.string(), + clientId: z.string(), + baseUrl: z.string().optional(), + redirectUris: z.array(z.string()).optional(), + webOrigins: z.array(z.string()).optional(), + attributes: z + .object({ + "post.logout.redirect.uris": z.string().optional() + }) + .optional(), + protocol: z.string().optional(), + protocolMappers: z.array(z.unknown()).optional() + }) + ) + }); + + type InferredType = z.infer; + + assert>; + + return id>(zTargetType); +})(); + export function readRealmJsonFile(params: { realmJsonFilePath: string; }): ParsedRealmJson { @@ -50,63 +112,6 @@ export function readRealmJsonFile(params: { fs.readFileSync(realmJsonFilePath).toString("utf8") ) as unknown; - const zParsedRealmJson = (() => { - type TargetType = ParsedRealmJson; - - const zTargetType = z.object({ - name: z.string(), - loginTheme: z.string().optional(), - accountTheme: z.string().optional(), - adminTheme: z.string().optional(), - emailTheme: z.string().optional(), - eventsListeners: z.array(z.string()), - users: z.array( - z.object({ - id: z.string(), - email: z.string(), - username: z.string(), - attributes: z.record(z.unknown()), - credentials: z.array( - z.object({ - type: z.string() - }) - ), - clientRoles: z.record(z.array(z.string())) - }) - ), - roles: z.object({ - client: z.array( - z.object({ - name: z.string(), - containerId: z.string() - }) - ) - }), - clients: z.array( - z.object({ - id: z.string(), - clientId: z.string(), - baseUrl: z.string().optional(), - redirectUris: z.array(z.string()).optional(), - webOrigins: z.array(z.string()).optional(), - attributes: z - .object({ - "post.logout.redirect.uris": z.string().optional() - }) - .optional(), - protocol: z.string().optional(), - protocolMappers: z.array(z.unknown()).optional() - }) - ) - }); - - type InferredType = z.infer; - - assert>; - - return id>(zTargetType); - })(); - zParsedRealmJson.parse(parsedRealmJson); assert(is(parsedRealmJson)); diff --git a/src/bin/start-keycloak/realmConfig/prepareRealmConfig.ts b/src/bin/start-keycloak/realmConfig/prepareRealmConfig.ts index afe79572..bf1481dc 100644 --- a/src/bin/start-keycloak/realmConfig/prepareRealmConfig.ts +++ b/src/bin/start-keycloak/realmConfig/prepareRealmConfig.ts @@ -51,7 +51,7 @@ export function prepareRealmConfig(params: { } return { - realmName: parsedRealmJson.name, + realmName: parsedRealmJson.realm, clientName: clientId, username }; @@ -138,7 +138,7 @@ function addOrEditTestUser(params: { newUser.clientRoles = {}; - for (const clientRole of parsedRealmJson.roles.client) { + for (const clientRole of Object.values(parsedRealmJson.roles.client).flat()) { const clientName = nameByClientId[clientRole.containerId]; assert(clientName !== undefined); From 8e8a0ccf547491b41f081d88bf2b24a31deb5f57 Mon Sep 17 00:00:00 2001 From: Joseph Garrone Date: Sun, 15 Dec 2024 11:38:50 +0100 Subject: [PATCH 12/24] Store https://my-theme.keycloakify.dev as a constant --- src/bin/shared/constants.ts | 2 ++ src/bin/start-keycloak/realmConfig/prepareRealmConfig.ts | 3 +-- src/bin/start-keycloak/start-keycloak.ts | 5 +++-- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/src/bin/shared/constants.ts b/src/bin/shared/constants.ts index 0084e9d3..24f2278b 100644 --- a/src/bin/shared/constants.ts +++ b/src/bin/shared/constants.ts @@ -85,3 +85,5 @@ export const KEYCLOAKIFY_SPA_DEV_SERVER_PORT = "KEYCLOAKIFY_SPA_DEV_SERVER_PORT" export const KEYCLOAKIFY_LOGGING_VERSION = "1.0.1"; export const KEYCLOAKIFY_LOGIN_JAR_BASENAME = `keycloakify-login-${KEYCLOAKIFY_LOGGING_VERSION}.jar`; + +export const TEST_APP_URL = "https://my-theme.keycloakify.dev"; diff --git a/src/bin/start-keycloak/realmConfig/prepareRealmConfig.ts b/src/bin/start-keycloak/realmConfig/prepareRealmConfig.ts index bf1481dc..4ff026f7 100644 --- a/src/bin/start-keycloak/realmConfig/prepareRealmConfig.ts +++ b/src/bin/start-keycloak/realmConfig/prepareRealmConfig.ts @@ -3,6 +3,7 @@ import type { ParsedRealmJson } from "./ParsedRealmJson"; import { getDefaultConfig } from "./defaultConfig"; import type { BuildContext } from "../../shared/buildContext"; import { objectKeys } from "tsafe/objectKeys"; +import { TEST_APP_URL } from "../../shared/constants"; export type BuildContextLike = { themeNames: BuildContext["themeNames"]; @@ -158,8 +159,6 @@ function addOrEditTestUser(params: { return { username: newUser.username }; } -const TEST_APP_URL = "https://my-theme.keycloakify.dev"; - function addOrEditClient(params: { parsedRealmJson: ParsedRealmJson; keycloakMajorVersionNumber: number; diff --git a/src/bin/start-keycloak/start-keycloak.ts b/src/bin/start-keycloak/start-keycloak.ts index 3116fb71..98c91f0e 100644 --- a/src/bin/start-keycloak/start-keycloak.ts +++ b/src/bin/start-keycloak/start-keycloak.ts @@ -3,7 +3,8 @@ import { exclude } from "tsafe/exclude"; import { CONTAINER_NAME, KEYCLOAKIFY_SPA_DEV_SERVER_PORT, - KEYCLOAKIFY_LOGIN_JAR_BASENAME + KEYCLOAKIFY_LOGIN_JAR_BASENAME, + TEST_APP_URL } from "../shared/constants"; import { SemVer } from "../tools/SemVer"; import { assert, type Equals } from "tsafe/assert"; @@ -525,7 +526,7 @@ export async function command(params: { `${chalk.green("Your theme is accessible at:")}`, `${chalk.green("➜")} ${chalk.cyan.bold( (() => { - const url = new URL("https://my-theme.keycloakify.dev"); + const url = new URL(TEST_APP_URL); if (port !== 8080) { url.searchParams.set("port", `${port}`); From 76416ddd5b5c816b2105ae46b9fb783820897d8c Mon Sep 17 00:00:00 2001 From: Joseph Garrone Date: Sun, 15 Dec 2024 11:45:00 +0100 Subject: [PATCH 13/24] Put persisted realm configs in .keycloakify --- src/bin/start-keycloak/realmConfig/realmConfig.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/src/bin/start-keycloak/realmConfig/realmConfig.ts b/src/bin/start-keycloak/realmConfig/realmConfig.ts index b7793ec7..cd7e689e 100644 --- a/src/bin/start-keycloak/realmConfig/realmConfig.ts +++ b/src/bin/start-keycloak/realmConfig/realmConfig.ts @@ -38,6 +38,7 @@ export async function getRealmConfig(params: { const realmJsonFilePath = pathJoin( buildContext.projectDirPath, + ".keycloakify", `realm-kc-${keycloakMajorVersionNumber}.json` ); From 2659cf391ce2edd296b2fe4e212d4e2d30ede4d0 Mon Sep 17 00:00:00 2001 From: Joseph Garrone Date: Sun, 15 Dec 2024 11:47:59 +0100 Subject: [PATCH 14/24] Fix schema validation error --- src/bin/start-keycloak/realmConfig/ParsedRealmJson.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/bin/start-keycloak/realmConfig/ParsedRealmJson.ts b/src/bin/start-keycloak/realmConfig/ParsedRealmJson.ts index 4dcbc09f..35eeff6a 100644 --- a/src/bin/start-keycloak/realmConfig/ParsedRealmJson.ts +++ b/src/bin/start-keycloak/realmConfig/ParsedRealmJson.ts @@ -19,7 +19,7 @@ export type ParsedRealmJson = { credentials: { type: string /* "password" or something else */; }[]; - clientRoles: Record; + clientRoles?: Record; }[]; roles: { client: Record< @@ -65,7 +65,7 @@ const zParsedRealmJson = (() => { type: z.string() }) ), - clientRoles: z.record(z.array(z.string())) + clientRoles: z.record(z.array(z.string())).optional() }) ), roles: z.object({ From f9e15f93c4e93b7ac6b657f881b471666b9a7d82 Mon Sep 17 00:00:00 2001 From: Joseph Garrone Date: Sun, 15 Dec 2024 11:49:33 +0100 Subject: [PATCH 15/24] Fix spelling mistake --- src/bin/shared/constants.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/bin/shared/constants.ts b/src/bin/shared/constants.ts index 24f2278b..9aaaae0e 100644 --- a/src/bin/shared/constants.ts +++ b/src/bin/shared/constants.ts @@ -84,6 +84,6 @@ export const KEYCLOAKIFY_SPA_DEV_SERVER_PORT = "KEYCLOAKIFY_SPA_DEV_SERVER_PORT" export const KEYCLOAKIFY_LOGGING_VERSION = "1.0.1"; -export const KEYCLOAKIFY_LOGIN_JAR_BASENAME = `keycloakify-login-${KEYCLOAKIFY_LOGGING_VERSION}.jar`; +export const KEYCLOAKIFY_LOGIN_JAR_BASENAME = `keycloakify-logging-${KEYCLOAKIFY_LOGGING_VERSION}.jar`; export const TEST_APP_URL = "https://my-theme.keycloakify.dev"; From 295994d02a3d5364e206c58b755de23879e368e2 Mon Sep 17 00:00:00 2001 From: Joseph Garrone Date: Sun, 15 Dec 2024 11:57:45 +0100 Subject: [PATCH 16/24] Use KC_BOOTSTRAP_ADMIN_ in newer keycloak --- src/bin/start-keycloak/start-keycloak.ts | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/src/bin/start-keycloak/start-keycloak.ts b/src/bin/start-keycloak/start-keycloak.ts index 98c91f0e..64739285 100644 --- a/src/bin/start-keycloak/start-keycloak.ts +++ b/src/bin/start-keycloak/start-keycloak.ts @@ -380,8 +380,15 @@ export async function command(params: { const dockerRunArgs: string[] = [ `-p${SPACE_PLACEHOLDER}${port}:8080`, `--name${SPACE_PLACEHOLDER}${CONTAINER_NAME}`, - `-e${SPACE_PLACEHOLDER}KEYCLOAK_ADMIN=admin`, - `-e${SPACE_PLACEHOLDER}KEYCLOAK_ADMIN_PASSWORD=admin`, + ...(keycloakMajorVersionNumber >= 25 + ? [ + `-e${SPACE_PLACEHOLDER}KC_BOOTSTRAP_ADMIN_USERNAME=admin`, + `-e${SPACE_PLACEHOLDER}KC_BOOTSTRAP_ADMIN_PASSWORD=admin` + ] + : [ + `-e${SPACE_PLACEHOLDER}KEYCLOAK_ADMIN=admin`, + `-e${SPACE_PLACEHOLDER}KEYCLOAK_ADMIN_PASSWORD=admin` + ]), ...(devServerPort === undefined ? [] : [ From df338ed6a06ec66dceb239b49ef4a01117f1745f Mon Sep 17 00:00:00 2001 From: Joseph Garrone Date: Sun, 15 Dec 2024 12:28:09 +0100 Subject: [PATCH 17/24] Improve ordering to minimize diff --- .../realmConfig/prepareRealmConfig.ts | 104 ++++++++++-------- 1 file changed, 56 insertions(+), 48 deletions(-) diff --git a/src/bin/start-keycloak/realmConfig/prepareRealmConfig.ts b/src/bin/start-keycloak/realmConfig/prepareRealmConfig.ts index 4ff026f7..af9b07f1 100644 --- a/src/bin/start-keycloak/realmConfig/prepareRealmConfig.ts +++ b/src/bin/start-keycloak/realmConfig/prepareRealmConfig.ts @@ -49,6 +49,8 @@ export function prepareRealmConfig(params: { } parsedRealmJson.eventsListeners.push(name); + + parsedRealmJson.eventsListeners.sort(); } return { @@ -146,6 +148,10 @@ function addOrEditTestUser(params: { (newUser.clientRoles[clientName] ??= []).push(clientRole.name); } + + for (const clientName of Object.keys(newUser.clientRoles)) { + newUser.clientRoles[clientName].sort().reverse(); + } } if (defaultUser_preexisting === undefined) { @@ -228,39 +234,40 @@ function addOrEditClient(params: { parsedRealmJson.clients.push(testClient); } - { - for (const redirectUri of [ - `${TEST_APP_URL}/*`, - "http://localhost*", - "http://127.0.0.1*" - ]) { - for (const propertyName of ["webOrigins", "redirectUris"] as const) { - const arr = (testClient[propertyName] ??= []); + for (const redirectUri of [ + `${TEST_APP_URL}/*`, + "http://localhost*", + "http://127.0.0.1*" + ]) { + for (const propertyName of ["webOrigins", "redirectUris"] as const) { + const arr = (testClient[propertyName] ??= []); - if (arr.includes(redirectUri)) { - continue; - } - - arr.push(redirectUri); + if (arr.includes(redirectUri)) { + continue; } - { - if (testClient.attributes === undefined) { - testClient.attributes = {}; - } + arr.push(redirectUri); + } - const arr = (testClient.attributes["post.logout.redirect.uris"] ?? "") - .split("##") - .map(s => s.trim()); + { + if (testClient.attributes === undefined) { + testClient.attributes = {}; + } - if (!arr.includes(redirectUri)) { - arr.push(redirectUri); - testClient.attributes["post.logout.redirect.uris"] = arr.join("##"); - } + const arr = (testClient.attributes["post.logout.redirect.uris"] ?? "") + .split("##") + .map(s => s.trim()); + + if (!arr.includes(redirectUri)) { + arr.push(redirectUri); + testClient.attributes["post.logout.redirect.uris"] = arr.join("##"); } } } + testClient.webOrigins?.sort().reverse(); + testClient.redirectUris?.sort().reverse(); + return { clientId: testClient.clientId }; } @@ -276,37 +283,38 @@ function editAccountConsoleAndSecurityAdminConsole(params: { assert(client !== undefined); - { - for (const redirectUri of [ - `${TEST_APP_URL}/*`, - "http://localhost*", - "http://127.0.0.1*" - ]) { - for (const propertyName of ["webOrigins", "redirectUris"] as const) { - const arr = (client[propertyName] ??= []); + for (const redirectUri of [ + `${TEST_APP_URL}/*`, + "http://localhost*", + "http://127.0.0.1*" + ]) { + for (const propertyName of ["webOrigins", "redirectUris"] as const) { + const arr = (client[propertyName] ??= []); - if (arr.includes(redirectUri)) { - continue; - } - - arr.push(redirectUri); + if (arr.includes(redirectUri)) { + continue; } - { - if (client.attributes === undefined) { - client.attributes = {}; - } + arr.push(redirectUri); + } - const arr = (client.attributes["post.logout.redirect.uris"] ?? "") - .split("##") - .map(s => s.trim()); + { + if (client.attributes === undefined) { + client.attributes = {}; + } - if (!arr.includes(redirectUri)) { - arr.push(redirectUri); - client.attributes["post.logout.redirect.uris"] = arr.join("##"); - } + const arr = (client.attributes["post.logout.redirect.uris"] ?? "") + .split("##") + .map(s => s.trim()); + + if (!arr.includes(redirectUri)) { + arr.push(redirectUri); + client.attributes["post.logout.redirect.uris"] = arr.join("##"); } } } + + client.webOrigins?.sort().reverse(); + client.redirectUris?.sort().reverse(); } } From d0f43b63181278ae3d0cb8068108c001f7101f9a Mon Sep 17 00:00:00 2001 From: Joseph Garrone Date: Sun, 15 Dec 2024 13:11:01 +0100 Subject: [PATCH 18/24] Add logging and debug for backup configuration process --- .../start-keycloak/realmConfig/realmConfig.ts | 58 ++++++++++++++++--- 1 file changed, 50 insertions(+), 8 deletions(-) diff --git a/src/bin/start-keycloak/realmConfig/realmConfig.ts b/src/bin/start-keycloak/realmConfig/realmConfig.ts index cd7e689e..f704d69d 100644 --- a/src/bin/start-keycloak/realmConfig/realmConfig.ts +++ b/src/bin/start-keycloak/realmConfig/realmConfig.ts @@ -7,13 +7,21 @@ import { type BuildContextLike as BuildContextLike_prepareRealmConfig } from "./prepareRealmConfig"; import * as fs from "fs"; -import { join as pathJoin, dirname as pathDirname } from "path"; +import { + join as pathJoin, + dirname as pathDirname, + relative as pathRelative, + sep as pathSep +} from "path"; import { existsAsync } from "../../tools/fs.existsAsync"; import { readRealmJsonFile, type ParsedRealmJson } from "./ParsedRealmJson"; import { dumpContainerConfig, type BuildContextLike as BuildContextLike_dumpContainerConfig } from "./dumpContainerConfig"; +import * as runExclusive from "run-exclusive"; +import { waitForDebounceFactory } from "powerhooks/tools/waitForDebounce"; +import chalk from "chalk"; export type BuildContextLike = BuildContextLike_dumpContainerConfig & BuildContextLike_prepareRealmConfig & { @@ -89,15 +97,49 @@ export async function getRealmConfig(params: { await writeRealmJsonFile({ parsedRealmJson }); - async function onRealmConfigChange() { - const parsedRealmJson = await dumpContainerConfig({ - buildContext, - realmName, - keycloakMajorVersionNumber + const { onRealmConfigChange } = (() => { + const run = runExclusive.build(async () => { + const start = Date.now(); + + console.log( + chalk.grey(`Changes detected to the '${realmName}' config, backing up...`) + ); + + const parsedRealmJson = await dumpContainerConfig({ + buildContext, + realmName, + keycloakMajorVersionNumber + }); + + await writeRealmJsonFile({ parsedRealmJson }); + + console.log( + [ + chalk.green( + `✓ '${realmName}' config backed up completed in ${Date.now() - start}ms` + ), + chalk.grey( + `Save changed to \`.${pathSep}${pathRelative(buildContext.projectDirPath, realmJsonFilePath)}\`` + ), + chalk.grey( + `Next time you'll be running \`keycloakify start-keycloak\`, the realm '${realmName}' will be restored to this state.` + ) + ].join("\n") + ); }); - await writeRealmJsonFile({ parsedRealmJson }); - } + const { waitForDebounce } = waitForDebounceFactory({ + delay: 1_000 + }); + + async function onRealmConfigChange() { + await waitForDebounce(); + + run(); + } + + return { onRealmConfigChange }; + })(); return { realmJsonFilePath, From 5b83bd8fa92b964c57968f0a7595addf2d59a07b Mon Sep 17 00:00:00 2001 From: Joseph Garrone Date: Sun, 15 Dec 2024 13:27:49 +0100 Subject: [PATCH 19/24] Update dump realm local script --- scripts/dump-keycloak-realm.ts | 127 ++++++++------------------------- 1 file changed, 29 insertions(+), 98 deletions(-) diff --git a/scripts/dump-keycloak-realm.ts b/scripts/dump-keycloak-realm.ts index adf4e20a..95b740b3 100644 --- a/scripts/dump-keycloak-realm.ts +++ b/scripts/dump-keycloak-realm.ts @@ -1,11 +1,13 @@ import { CONTAINER_NAME } from "../src/bin/shared/constants"; import child_process from "child_process"; import { SemVer } from "../src/bin/tools/SemVer"; -import { join as pathJoin, relative as pathRelative } from "path"; +import { dumpContainerConfig } from "../src/bin/start-keycloak/realmConfig/dumpContainerConfig"; +import { cacheDirPath } from "./shared/cacheDirPath"; +import { runPrettier } from "../src/bin/tools/runPrettier"; +import { getThisCodebaseRootDirPath } from "../src/bin/tools/getThisCodebaseRootDirPath"; +import { join as pathJoin } from "path"; +import * as fs from "fs"; import chalk from "chalk"; -import { Deferred } from "evt/tools/Deferred"; -import { assert, is } from "tsafe/assert"; -import { run } from "./shared/run"; (async () => { const keycloakMajorVersionNumber = SemVer.parse( @@ -16,103 +18,32 @@ import { run } from "./shared/run"; .split(":")[1] ).major; - { - // https://github.com/keycloak/keycloak/issues/33800 - const doesUseLockedH2Database = keycloakMajorVersionNumber >= 26; + const parsedRealmJson = await dumpContainerConfig({ + buildContext: { + cacheDirPath + }, + keycloakMajorVersionNumber, + realmName: "myrealm" + }); - if (doesUseLockedH2Database) { - child_process.execSync( - `docker exec ${CONTAINER_NAME} sh -c "cp -rp /opt/keycloak/data/h2 /tmp"` - ); - } + let sourceCode = JSON.stringify(parsedRealmJson, null, 2); - const dCompleted = new Deferred(); - - const child = child_process.spawn( - "docker", - [ - ...["exec", CONTAINER_NAME], - ...["/opt/keycloak/bin/kc.sh", "export"], - ...["--dir", "/tmp"], - ...["--realm", "myrealm"], - ...["--users", "realm_file"], - ...(!doesUseLockedH2Database - ? [] - : [ - ...["--db", "dev-file"], - ...[ - "--db-url", - "'jdbc:h2:file:/tmp/h2/keycloakdb;NON_KEYWORDS=VALUE'" - ] - ]) - ], - { shell: true } - ); - - let output = ""; - - const onExit = (code: number | null) => { - dCompleted.reject(new Error(`Exited with code ${code}`)); - }; - - child.once("exit", onExit); - - child.stdout.on("data", data => { - const outputStr = data.toString("utf8"); - - if (outputStr.includes("Export finished successfully")) { - child.removeListener("exit", onExit); - - // NOTE: On older Keycloak versions the process keeps running after the export is done. - const timer = setTimeout(() => { - child.removeListener("exit", onExit2); - child.kill(); - dCompleted.resolve(); - }, 1500); - - const onExit2 = () => { - clearTimeout(timer); - dCompleted.resolve(); - }; - - child.once("exit", onExit2); - } - - output += outputStr; - }); - - child.stderr.on("data", data => (output += chalk.red(data.toString("utf8")))); - - try { - await dCompleted.pr; - } catch (error) { - assert(is(error)); - - console.log(chalk.red(error.message)); - - console.log(output); - - process.exit(1); - } - - if (doesUseLockedH2Database) { - run(`docker exec ${CONTAINER_NAME} sh -c "rm -rf /tmp/h2"`); - } - } - - const targetFilePath = pathRelative( - process.cwd(), - pathJoin( - __dirname, - "..", - "src", - "bin", - "start-keycloak", - `myrealm-realm-${keycloakMajorVersionNumber}.json` - ) + const filePath = pathJoin( + getThisCodebaseRootDirPath(), + "src", + "bin", + "start-keycloak", + "realmConfig", + "defaultConfig", + `realm-kc-${keycloakMajorVersionNumber}.json` ); - run(`docker cp ${CONTAINER_NAME}:/tmp/myrealm-realm.json ${targetFilePath}`); + sourceCode = await runPrettier({ + sourceCode, + filePath + }); - console.log(`${chalk.green(`✓ Exported realm to`)} ${chalk.bold(targetFilePath)}`); + fs.writeFileSync(filePath, Buffer.from(sourceCode, "utf8")); + + console.log(chalk.green(`Realm config dumped to ${filePath}`)); })(); From b6e9fe258591291edd6c4e1ee08f42b367ea7e97 Mon Sep 17 00:00:00 2001 From: Joseph Garrone Date: Sun, 15 Dec 2024 13:28:05 +0100 Subject: [PATCH 20/24] Update default realm config for kc 26 --- .../defaultConfig/realm-kc-26.json | 65 +++++++++++++------ 1 file changed, 45 insertions(+), 20 deletions(-) diff --git a/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-26.json b/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-26.json index 471affd3..12582bfe 100644 --- a/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-26.json +++ b/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-26.json @@ -574,8 +574,8 @@ "view-events", "realm-admin", "manage-authorization", - "manage-events", "view-authorization", + "manage-events", "manage-clients", "query-users", "query-groups", @@ -672,8 +672,18 @@ "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "redirectUris": ["*"], - "webOrigins": ["*"], + "redirectUris": [ + "https://my-theme.keycloakify.dev/*", + "http://localhost*", + "http://127.0.0.1*", + "*" + ], + "webOrigins": [ + "https://my-theme.keycloakify.dev/*", + "http://localhost*", + "http://127.0.0.1*", + "*" + ], "notBefore": 0, "bearerOnly": false, "consentRequired": false, @@ -688,7 +698,7 @@ "realm_client": "false", "oidc.ciba.grant.enabled": "false", "backchannel.logout.session.required": "true", - "post.logout.redirect.uris": "*", + "post.logout.redirect.uris": "*##https://my-theme.keycloakify.dev/*##http://localhost*##http://127.0.0.1*", "oauth2.device.authorization.grant.enabled": "false", "display.on.consent.screen": "false", "pkce.code.challenge.method": "S256", @@ -824,7 +834,12 @@ "http://localhost*", "http://127.0.0.1*" ], - "webOrigins": ["*"], + "webOrigins": [ + "https://my-theme.keycloakify.dev/*", + "http://localhost*", + "http://127.0.0.1*", + "*" + ], "notBefore": 0, "bearerOnly": false, "consentRequired": false, @@ -936,8 +951,18 @@ "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "redirectUris": ["*"], - "webOrigins": ["*"], + "redirectUris": [ + "https://my-theme.keycloakify.dev/*", + "http://localhost*", + "http://127.0.0.1*", + "*" + ], + "webOrigins": [ + "https://my-theme.keycloakify.dev/*", + "http://localhost*", + "http://127.0.0.1*", + "*" + ], "notBefore": 0, "bearerOnly": false, "consentRequired": false, @@ -953,7 +978,7 @@ "oidc.ciba.grant.enabled": "false", "client.use.lightweight.access.token.enabled": "true", "backchannel.logout.session.required": "true", - "post.logout.redirect.uris": "*", + "post.logout.redirect.uris": "*##https://my-theme.keycloakify.dev/*##http://localhost*##http://127.0.0.1*", "oauth2.device.authorization.grant.enabled": "false", "display.on.consent.screen": "false", "pkce.code.challenge.method": "S256", @@ -1602,7 +1627,7 @@ }, "smtpServer": {}, "loginTheme": "keycloakify-starter", - "accountTheme": "keycloakify-starter", + "accountTheme": "", "adminTheme": "", "emailTheme": "", "eventsEnabled": false, @@ -1724,14 +1749,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-full-name-mapper", - "saml-user-property-mapper", - "saml-role-list-mapper", - "oidc-usermodel-attribute-mapper", + "oidc-sha256-pairwise-sub-mapper", "oidc-address-mapper", "oidc-usermodel-property-mapper", + "saml-role-list-mapper", + "oidc-usermodel-attribute-mapper", + "saml-user-property-mapper", "saml-user-attribute-mapper", - "oidc-sha256-pairwise-sub-mapper" + "oidc-full-name-mapper" ] } }, @@ -1761,14 +1786,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-usermodel-property-mapper", - "oidc-usermodel-attribute-mapper", "saml-user-property-mapper", - "saml-user-attribute-mapper", - "oidc-sha256-pairwise-sub-mapper", - "oidc-address-mapper", "saml-role-list-mapper", - "oidc-full-name-mapper" + "oidc-sha256-pairwise-sub-mapper", + "oidc-full-name-mapper", + "saml-user-attribute-mapper", + "oidc-address-mapper", + "oidc-usermodel-attribute-mapper", + "oidc-usermodel-property-mapper" ] } }, From 67f8ae41fcc43c94d640af5abe28fcd968a28463 Mon Sep 17 00:00:00 2001 From: Joseph Garrone Date: Sun, 15 Dec 2024 17:42:45 +0100 Subject: [PATCH 21/24] Update prepare realm script --- .../defaultConfig/realm-kc-26.json | 54 ++++------ .../realmConfig/prepareRealmConfig.ts | 101 +++++++----------- 2 files changed, 59 insertions(+), 96 deletions(-) diff --git a/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-26.json b/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-26.json index 12582bfe..a0d3e1b9 100644 --- a/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-26.json +++ b/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-26.json @@ -673,17 +673,11 @@ "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "redirectUris": [ - "https://my-theme.keycloakify.dev/*", - "http://localhost*", - "http://127.0.0.1*", - "*" - ], - "webOrigins": [ - "https://my-theme.keycloakify.dev/*", - "http://localhost*", - "http://127.0.0.1*", - "*" + "/realms/myrealm/account/*", + "http://localhost/*", + "http://127.0.0.1/*" ], + "webOrigins": ["*"], "notBefore": 0, "bearerOnly": false, "consentRequired": false, @@ -698,7 +692,7 @@ "realm_client": "false", "oidc.ciba.grant.enabled": "false", "backchannel.logout.session.required": "true", - "post.logout.redirect.uris": "*##https://my-theme.keycloakify.dev/*##http://localhost*##http://127.0.0.1*", + "post.logout.redirect.uris": "+##http://localhost/*##http://127.0.0.1/*", "oauth2.device.authorization.grant.enabled": "false", "display.on.consent.screen": "false", "pkce.code.challenge.method": "S256", @@ -834,12 +828,7 @@ "http://localhost*", "http://127.0.0.1*" ], - "webOrigins": [ - "https://my-theme.keycloakify.dev/*", - "http://localhost*", - "http://127.0.0.1*", - "*" - ], + "webOrigins": ["*"], "notBefore": 0, "bearerOnly": false, "consentRequired": false, @@ -854,7 +843,6 @@ "realm_client": "false", "oidc.ciba.grant.enabled": "false", "backchannel.logout.session.required": "true", - "login_theme": "keycloakify-starter", "post.logout.redirect.uris": "https://my-theme.keycloakify.dev/*##http://localhost*##http://127.0.0.1*", "oauth2.device.authorization.grant.enabled": "false", "display.on.consent.screen": "false", @@ -952,17 +940,11 @@ "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "redirectUris": [ - "https://my-theme.keycloakify.dev/*", "http://localhost*", "http://127.0.0.1*", - "*" - ], - "webOrigins": [ - "https://my-theme.keycloakify.dev/*", - "http://localhost*", - "http://127.0.0.1*", - "*" + "/admin/myrealm/console/*" ], + "webOrigins": ["*"], "notBefore": 0, "bearerOnly": false, "consentRequired": false, @@ -978,7 +960,7 @@ "oidc.ciba.grant.enabled": "false", "client.use.lightweight.access.token.enabled": "true", "backchannel.logout.session.required": "true", - "post.logout.redirect.uris": "*##https://my-theme.keycloakify.dev/*##http://localhost*##http://127.0.0.1*", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "display.on.consent.screen": "false", "pkce.code.challenge.method": "S256", @@ -1749,14 +1731,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-sha256-pairwise-sub-mapper", - "oidc-address-mapper", - "oidc-usermodel-property-mapper", - "saml-role-list-mapper", "oidc-usermodel-attribute-mapper", + "oidc-usermodel-property-mapper", + "oidc-address-mapper", + "oidc-sha256-pairwise-sub-mapper", "saml-user-property-mapper", "saml-user-attribute-mapper", - "oidc-full-name-mapper" + "oidc-full-name-mapper", + "saml-role-list-mapper" ] } }, @@ -1786,14 +1768,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ + "saml-user-attribute-mapper", "saml-user-property-mapper", "saml-role-list-mapper", - "oidc-sha256-pairwise-sub-mapper", + "oidc-usermodel-property-mapper", "oidc-full-name-mapper", - "saml-user-attribute-mapper", - "oidc-address-mapper", "oidc-usermodel-attribute-mapper", - "oidc-usermodel-property-mapper" + "oidc-sha256-pairwise-sub-mapper", + "oidc-address-mapper" ] } }, diff --git a/src/bin/start-keycloak/realmConfig/prepareRealmConfig.ts b/src/bin/start-keycloak/realmConfig/prepareRealmConfig.ts index af9b07f1..46cbf531 100644 --- a/src/bin/start-keycloak/realmConfig/prepareRealmConfig.ts +++ b/src/bin/start-keycloak/realmConfig/prepareRealmConfig.ts @@ -4,6 +4,7 @@ import { getDefaultConfig } from "./defaultConfig"; import type { BuildContext } from "../../shared/buildContext"; import { objectKeys } from "tsafe/objectKeys"; import { TEST_APP_URL } from "../../shared/constants"; +import { sameFactory } from "evt/tools/inDepth/same"; export type BuildContextLike = { themeNames: BuildContext["themeNames"]; @@ -139,18 +140,38 @@ function addOrEditTestUser(params: { parsedRealmJson.clients.map(client => [client.id, client.clientId] as const) ); - newUser.clientRoles = {}; + const newClientRoles: NonNullable< + ParsedRealmJson["users"][number]["clientRoles"] + > = {}; for (const clientRole of Object.values(parsedRealmJson.roles.client).flat()) { const clientName = nameByClientId[clientRole.containerId]; assert(clientName !== undefined); - (newUser.clientRoles[clientName] ??= []).push(clientRole.name); + (newClientRoles[clientName] ??= []).push(clientRole.name); } - for (const clientName of Object.keys(newUser.clientRoles)) { - newUser.clientRoles[clientName].sort().reverse(); + const { same: sameSet } = sameFactory({ + takeIntoAccountArraysOrdering: false + }); + + for (const [clientName, roles] of Object.entries(newClientRoles)) { + keep_previous_ordering_if_possible: { + const roles_previous = newUser.clientRoles?.[clientName]; + + if (roles_previous === undefined) { + break keep_previous_ordering_if_possible; + } + + if (!sameSet(roles_previous, roles)) { + break keep_previous_ordering_if_possible; + } + + continue; + } + + (newUser.clientRoles ??= {})[clientName] = roles; } } @@ -234,39 +255,17 @@ function addOrEditClient(params: { parsedRealmJson.clients.push(testClient); } - for (const redirectUri of [ + testClient.redirectUris = [ `${TEST_APP_URL}/*`, "http://localhost*", "http://127.0.0.1*" - ]) { - for (const propertyName of ["webOrigins", "redirectUris"] as const) { - const arr = (testClient[propertyName] ??= []); + ] + .sort() + .reverse(); - if (arr.includes(redirectUri)) { - continue; - } + (testClient.attributes ??= {})["post.logout.redirect.uris"] = "+"; - arr.push(redirectUri); - } - - { - if (testClient.attributes === undefined) { - testClient.attributes = {}; - } - - const arr = (testClient.attributes["post.logout.redirect.uris"] ?? "") - .split("##") - .map(s => s.trim()); - - if (!arr.includes(redirectUri)) { - arr.push(redirectUri); - testClient.attributes["post.logout.redirect.uris"] = arr.join("##"); - } - } - } - - testClient.webOrigins?.sort().reverse(); - testClient.redirectUris?.sort().reverse(); + testClient.webOrigins = ["*"]; return { clientId: testClient.clientId }; } @@ -283,38 +282,20 @@ function editAccountConsoleAndSecurityAdminConsole(params: { assert(client !== undefined); - for (const redirectUri of [ - `${TEST_APP_URL}/*`, - "http://localhost*", - "http://127.0.0.1*" - ]) { - for (const propertyName of ["webOrigins", "redirectUris"] as const) { - const arr = (client[propertyName] ??= []); + { + const arr = (client.redirectUris ??= []); - if (arr.includes(redirectUri)) { - continue; - } - - arr.push(redirectUri); - } - - { - if (client.attributes === undefined) { - client.attributes = {}; - } - - const arr = (client.attributes["post.logout.redirect.uris"] ?? "") - .split("##") - .map(s => s.trim()); - - if (!arr.includes(redirectUri)) { - arr.push(redirectUri); - client.attributes["post.logout.redirect.uris"] = arr.join("##"); + for (const value of ["http://localhost*", "http://127.0.0.1*"]) { + if (!arr.includes(value)) { + arr.push(value); } } + + client.redirectUris?.sort().reverse(); } - client.webOrigins?.sort().reverse(); - client.redirectUris?.sort().reverse(); + (client.attributes ??= {})["post.logout.redirect.uris"] = "+"; + + client.webOrigins = ["*"]; } } From 163b060dc56df7b3e3ca7a3a9ea35a8fc61974e9 Mon Sep 17 00:00:00 2001 From: Joseph Garrone Date: Sun, 15 Dec 2024 18:15:36 +0100 Subject: [PATCH 22/24] Additional teaks --- src/bin/shared/constants.ts | 2 +- src/bin/start-keycloak/realmConfig/prepareRealmConfig.ts | 9 +++++---- src/bin/start-keycloak/start-keycloak.ts | 2 +- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/src/bin/shared/constants.ts b/src/bin/shared/constants.ts index 9aaaae0e..b31b434e 100644 --- a/src/bin/shared/constants.ts +++ b/src/bin/shared/constants.ts @@ -82,7 +82,7 @@ export const KEYCLOAK_THEME = "keycloak-theme"; export const KEYCLOAKIFY_SPA_DEV_SERVER_PORT = "KEYCLOAKIFY_SPA_DEV_SERVER_PORT"; -export const KEYCLOAKIFY_LOGGING_VERSION = "1.0.1"; +export const KEYCLOAKIFY_LOGGING_VERSION = "1.0.3"; export const KEYCLOAKIFY_LOGIN_JAR_BASENAME = `keycloakify-logging-${KEYCLOAKIFY_LOGGING_VERSION}.jar`; diff --git a/src/bin/start-keycloak/realmConfig/prepareRealmConfig.ts b/src/bin/start-keycloak/realmConfig/prepareRealmConfig.ts index 46cbf531..e97bf3ca 100644 --- a/src/bin/start-keycloak/realmConfig/prepareRealmConfig.ts +++ b/src/bin/start-keycloak/realmConfig/prepareRealmConfig.ts @@ -69,10 +69,11 @@ function enableCustomThemes(params: { const { parsedRealmJson, themeName, implementedThemeTypes } = params; for (const themeType of objectKeys(implementedThemeTypes)) { - parsedRealmJson[`${themeType}Theme` as const] = implementedThemeTypes[themeType] - .isImplemented - ? themeName - : ""; + if (!implementedThemeTypes[themeType].isImplemented) { + continue; + } + + parsedRealmJson[`${themeType}Theme` as const] = themeName; } } diff --git a/src/bin/start-keycloak/start-keycloak.ts b/src/bin/start-keycloak/start-keycloak.ts index 64739285..5794e74f 100644 --- a/src/bin/start-keycloak/start-keycloak.ts +++ b/src/bin/start-keycloak/start-keycloak.ts @@ -380,7 +380,7 @@ export async function command(params: { const dockerRunArgs: string[] = [ `-p${SPACE_PLACEHOLDER}${port}:8080`, `--name${SPACE_PLACEHOLDER}${CONTAINER_NAME}`, - ...(keycloakMajorVersionNumber >= 25 + ...(keycloakMajorVersionNumber >= 26 ? [ `-e${SPACE_PLACEHOLDER}KC_BOOTSTRAP_ADMIN_USERNAME=admin`, `-e${SPACE_PLACEHOLDER}KC_BOOTSTRAP_ADMIN_PASSWORD=admin` From 3938584aeb4613299eab0d35bfbc0701627b1c90 Mon Sep 17 00:00:00 2001 From: Joseph Garrone Date: Sun, 15 Dec 2024 18:43:53 +0100 Subject: [PATCH 23/24] Update default realm configs --- .../defaultConfig/realm-kc-24.json | 80 ++++++++++++---- .../defaultConfig/realm-kc-25.json | 93 +++++++++++++++---- .../defaultConfig/realm-kc-26.json | 24 ++--- .../realmConfig/dumpContainerConfig.ts | 2 +- .../start-keycloak/realmConfig/realmConfig.ts | 6 +- 5 files changed, 152 insertions(+), 53 deletions(-) diff --git a/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-24.json b/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-24.json index 1269d783..9b1de90a 100644 --- a/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-24.json +++ b/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-24.json @@ -468,6 +468,40 @@ "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": ["default-roles-myrealm"], + "clientRoles": { + "realm-management": [ + "manage-clients", + "manage-users", + "view-identity-providers", + "view-users", + "impersonation", + "manage-identity-providers", + "query-users", + "query-realms", + "realm-admin", + "view-events", + "view-realm", + "manage-events", + "manage-authorization", + "manage-realm", + "query-clients", + "query-groups", + "view-clients", + "create-client", + "view-authorization" + ], + "broker": ["read-token"], + "account": [ + "manage-consent", + "manage-account-links", + "view-applications", + "view-consent", + "manage-account", + "view-profile", + "view-groups", + "delete-account" + ] + }, "notBefore": 0, "groups": [] } @@ -514,7 +548,6 @@ "attributes": { "oidc.ciba.grant.enabled": "false", "backchannel.logout.session.required": "true", - "login_theme": "keycloakify-starter", "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "display.on.consent.screen": "false", @@ -541,8 +574,12 @@ "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "redirectUris": ["/realms/myrealm/account/*"], - "webOrigins": [], + "redirectUris": [ + "http://localhost*", + "http://127.0.0.1*", + "/realms/myrealm/account/*" + ], + "webOrigins": ["*"], "notBefore": 0, "bearerOnly": false, "consentRequired": false, @@ -658,7 +695,11 @@ "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "redirectUris": ["https://my-theme.keycloakify.dev/*", "http://localhost*"], + "redirectUris": [ + "https://my-theme.keycloakify.dev/*", + "http://localhost*", + "http://127.0.0.1*" + ], "webOrigins": ["*"], "notBefore": 0, "bearerOnly": false, @@ -673,8 +714,7 @@ "attributes": { "oidc.ciba.grant.enabled": "false", "backchannel.logout.session.required": "true", - "login_theme": "keycloakify-starter", - "post.logout.redirect.uris": "https://my-theme.keycloakify.dev/*##http://localhost*", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "display.on.consent.screen": "false", "backchannel.logout.revoke.offline.tokens": "false" @@ -840,8 +880,12 @@ "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "redirectUris": ["/admin/myrealm/console/*"], - "webOrigins": ["+"], + "redirectUris": [ + "http://localhost*", + "http://127.0.0.1*", + "/admin/myrealm/console/*" + ], + "webOrigins": ["*"], "notBefore": 0, "bearerOnly": false, "consentRequired": false, @@ -1451,12 +1495,12 @@ "strictTransportSecurity": "max-age=31536000; includeSubDomains" }, "smtpServer": {}, - "loginTheme": "keycloak", + "loginTheme": "keycloakify-starter", "accountTheme": "keycloakify-starter", "adminTheme": "", "emailTheme": "", "eventsEnabled": false, - "eventsListeners": ["jboss-logging"], + "eventsListeners": ["keycloakify-logging", "jboss-logging"], "enabledEventTypes": [], "adminEventsEnabled": false, "adminEventsDetailsEnabled": false, @@ -1504,11 +1548,11 @@ "saml-role-list-mapper", "oidc-address-mapper", "oidc-usermodel-property-mapper", - "oidc-sha256-pairwise-sub-mapper", "saml-user-attribute-mapper", + "saml-user-property-mapper", + "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-attribute-mapper", - "oidc-full-name-mapper", - "saml-user-property-mapper" + "oidc-full-name-mapper" ] } }, @@ -1540,14 +1584,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-sha256-pairwise-sub-mapper", - "oidc-usermodel-property-mapper", "oidc-full-name-mapper", + "oidc-usermodel-property-mapper", + "saml-user-attribute-mapper", + "oidc-sha256-pairwise-sub-mapper", + "saml-role-list-mapper", "oidc-address-mapper", "oidc-usermodel-attribute-mapper", - "saml-user-property-mapper", - "saml-role-list-mapper", - "saml-user-attribute-mapper" + "saml-user-property-mapper" ] } }, diff --git a/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-25.json b/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-25.json index 89153229..9a4e83be 100644 --- a/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-25.json +++ b/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-25.json @@ -538,10 +538,10 @@ "emailVerified": true, "attributes": { "additional_emails": ["test.user@protonmail.com", "testuser@hotmail.com"], - "gender": ["prefer_not_to_say"], "favorite_pet": ["cats"], - "favourite_pet": ["cat"], + "gender": ["prefer_not_to_say"], "bio": ["Hello I'm Test User and I do not exist."], + "favourite_pet": ["cat"], "phone_number": ["1111111111"], "locale": ["en"], "favorite_media": ["movies", "series"] @@ -562,6 +562,40 @@ "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": ["default-roles-myrealm"], + "clientRoles": { + "realm-management": [ + "manage-users", + "create-client", + "view-users", + "view-realm", + "query-realms", + "impersonation", + "view-events", + "realm-admin", + "manage-authorization", + "manage-events", + "view-authorization", + "manage-clients", + "query-users", + "query-groups", + "manage-realm", + "query-clients", + "manage-identity-providers", + "view-clients", + "view-identity-providers" + ], + "broker": ["read-token"], + "account": [ + "delete-account", + "view-applications", + "manage-account", + "view-consent", + "view-groups", + "view-profile", + "manage-account-links", + "manage-consent" + ] + }, "notBefore": 0, "groups": [] } @@ -636,7 +670,7 @@ "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "redirectUris": ["*"], + "redirectUris": ["http://localhost*", "http://127.0.0.1*", "*"], "webOrigins": ["*"], "notBefore": 0, "bearerOnly": false, @@ -798,8 +832,7 @@ "attributes": { "oidc.ciba.grant.enabled": "false", "backchannel.logout.session.required": "true", - "login_theme": "keycloakify-starter", - "post.logout.redirect.uris": "https://my-theme.keycloakify.dev/*##http://localhost*##http://127.0.0.1*", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "display.on.consent.screen": "false", "backchannel.logout.revoke.offline.tokens": "false" @@ -892,8 +925,12 @@ "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "redirectUris": ["/admin/myrealm/console/*"], - "webOrigins": ["+"], + "redirectUris": [ + "http://localhost*", + "http://127.0.0.1*", + "/admin/myrealm/console/*" + ], + "webOrigins": ["*"], "notBefore": 0, "bearerOnly": false, "consentRequired": false, @@ -1555,7 +1592,7 @@ "adminTheme": "", "emailTheme": "", "eventsEnabled": false, - "eventsListeners": ["jboss-logging"], + "eventsListeners": ["keycloakify-logging", "jboss-logging"], "enabledEventTypes": [], "adminEventsEnabled": false, "adminEventsDetailsEnabled": false, @@ -1581,14 +1618,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-sha256-pairwise-sub-mapper", - "oidc-full-name-mapper", - "oidc-usermodel-property-mapper", "saml-role-list-mapper", - "saml-user-attribute-mapper", + "oidc-full-name-mapper", "saml-user-property-mapper", + "saml-user-attribute-mapper", "oidc-usermodel-attribute-mapper", - "oidc-address-mapper" + "oidc-address-mapper", + "oidc-sha256-pairwise-sub-mapper", + "oidc-usermodel-property-mapper" ] } }, @@ -1618,14 +1655,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-sha256-pairwise-sub-mapper", - "saml-user-property-mapper", - "oidc-usermodel-attribute-mapper", "oidc-address-mapper", - "saml-role-list-mapper", - "oidc-usermodel-property-mapper", "saml-user-attribute-mapper", - "oidc-full-name-mapper" + "oidc-full-name-mapper", + "saml-role-list-mapper", + "oidc-sha256-pairwise-sub-mapper", + "oidc-usermodel-attribute-mapper", + "saml-user-property-mapper", + "oidc-usermodel-property-mapper" ] } }, @@ -1678,6 +1715,12 @@ "providerId": "rsa-generated", "subComponents": {}, "config": { + "privateKey": [ + "MIIEowIBAAKCAQEAso89qpvLhf9DIcCb2JAbxItRLSIvP/NCZhMdAExTHyrhM5B27ZQ6MZ7dJQbnMu7QJ7yiClsD1XnDN7Wlj07sY2As3lY3v9kjODBeADYlPuN1m7/fXFHX3qfRT+PwVSaAhMykmqvWp86UTg7t7rNjVBnXPPXItmRLIF+jZUMWQduwNznr6Jh54ZdIwEy4hvX1bpNw0nPl4KXiOi2elvg+rk7BhFywGwQ/HUCGkrcq0XS/aNOy1ChmqDbtq817mYpVeteCDe8xP3MPrZ/s2LiEt4Ip1cNo0dY+a4JwOzwL42h3GaR+80iK3pZNo+Mr0KBOY9GXvdV/MvcPHLQ7VujUGQIDAQABAoIBAAHV0OQwmDxUazqiVGe61Bzmcqs5q03SC1K/FmCi/YVikdskvGLaOmk5UQa4+1uDEq7J30onH9ML8+qeFRQek0rn2ZDfxtBpDqsx7LwTUmQtqc8z6buKQs37db5ctnhlk34UmAotQyDz5wMmCkzWWVUWCT02PdMev5qW/mKuIxaCWLHUFiMJaGrYCCwB/Ra8KLcadKgRbytSUth9qILC4krFfmWtzIx1P6nM1pzQ1nydxNnNPJKjoWtLRJ5b701Y5/h2vAAg6Mr+jKe1DPa9QmAqhQudjGbZ31av+0f1/I+XkflpZfokfU+MrAqNYRTYkevRYgc3wakK5mfVYUiMuOECgYEA7fk55O2OJFsR0Vjy4Dx4eSIwgwobvwEuHxlyWn0RC7nFb00eh6OPuc5sHrOk8bK3P367q67sEhxGyBF16nwxgX/T+c8gTC8QRuwNymosA4Je/zJHbKvyzLGOouCP5gYwq/wUmVWzNApVC7LBfxbsqYyivHABc5xgPmTgecY0VWkCgYEAwBXcUKoyq1KZegyNJcTuwuvBXoYVveFGm6QKKKwzojCCKaR3XXtdSon1qYfuKT0MLxgEDyyBks9DgfCodSsTmajX90Yolhyz3ptcOmRURqTRoJhM4g6qA+Ybd3uy8vAz32RdS+4rCTgnMG/5Xpn5B4ojOnhRcnA2TPCJgWz6QzECgYEAhj1FjD75JMb+mRJNB3L1HpfLt8+28RsQUli/ag4M1Il5txxQsYDxbYXk9biuvezrc/Tglqs43cp3nxpCYwClyIA8KjnN5UvTKb601M7pfx1GyzwokEO61f7/ECAO7FnnkMzFLe3rBdsiOFQg1LkwzT/Y+OVR3E6E+A1dlzPYh6kCgYBIP3CwfnO0cMr9Vv8394x+kEIZFYHT+4mdPOP9TFfXZztuAkhLRv1d7eoSq+fuZuHQTM4qDullmMOhei1CdMNYhmNExIS7gWw+DF1yMQ5py9B1ARPZ6v4TnVczZ7l1GtfH7G4TAy/4tcA3vcYjyPIb3d9GPL8VthMWeVqe7ahr4QKBgEwA7ASbs4NxfBsStEGQYQYAeWOoKnTc50FeYz38O4KrOirtTFPNsJcyCiTE0o4cqu/OebSA5irrauV7SEDl/gfH54g3ZWusQbLt2uMnZYtkd2+Ka3T9XM0QfQW/vYl3eJtdQj89TqzLzyP0AgvAyIgeG3RMH8ojqCh3YKY0FTv/" + ], + "certificate": [ + "MIICnTCCAYUCBgGTy2TGBjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdteXJlYWxtMB4XDTI0MTIxNTE3MzQ1OVoXDTM0MTIxNTE3MzYzOVowEjEQMA4GA1UEAwwHbXlyZWFsbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALKPPaqby4X/QyHAm9iQG8SLUS0iLz/zQmYTHQBMUx8q4TOQdu2UOjGe3SUG5zLu0Ce8ogpbA9V5wze1pY9O7GNgLN5WN7/ZIzgwXgA2JT7jdZu/31xR196n0U/j8FUmgITMpJqr1qfOlE4O7e6zY1QZ1zz1yLZkSyBfo2VDFkHbsDc56+iYeeGXSMBMuIb19W6TcNJz5eCl4jotnpb4Pq5OwYRcsBsEPx1AhpK3KtF0v2jTstQoZqg27avNe5mKVXrXgg3vMT9zD62f7Ni4hLeCKdXDaNHWPmuCcDs8C+NodxmkfvNIit6WTaPjK9CgTmPRl73VfzL3Dxy0O1bo1BkCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAggzxmYvHqUaCPLxxSidLQMgpu1pTozg3rTq8dcxhcHINI//A/z7qQyDA/QQN5cuSpYvdt2MRWoNop+uRNKqSr3C8aRErbY0j4acl7yG/ghNfQUZ9KxDBxKrd0HLFUibdZobg10+Ih/qXo3Mi2VtkqyZQRl/iy0O3ITgqb7YJUEx5tuEWyGbn+SerFvqZNcmsLziOJefm1n4uqroHgIfmgY6Deh+wZK0DwO3WZ6ThjhMp5GFi1oNeZ9xoExNEXrYp07b2xTQFF57oypc7prf733lqGjPRLfoVJP6qcsjvAlOA7f8TG9sKwGuRsPfadYY9PxmdHxl2k7PHDJeDhA7VdQ==" + ], "priority": ["100"] } }, @@ -1687,6 +1730,12 @@ "providerId": "rsa-enc-generated", "subComponents": {}, "config": { + "privateKey": [ + "MIIEowIBAAKCAQEAxoEvnv+YHCqUWANGuku5QYscAZyUE0WHSlcAzZ0bQugPow63piQsuxPz0cpPIuLab6adssXUqKEFheT1H0BqtmT9L/7iOKB6MRuInN4aRzzTH9q02TKPkcpSAzAHTGcsJBMMawlbnIdMu5+mevMPxqeVVxvrnKG27S8H3W5jqIkQw8bo646Hr3l5Dxq/jY7slcSXXXe4ZdefeCvnSqea+fy5c+r/r546nX4FTGiklu6KLQaDc9SfGccrZDmljY7DX1kHrmvIdLShcuukTHc0hi2qbgMcUte/7/svSJLUWOZObKxetd4y1OA49v36xrMqGhwGDdwrWf0VuMBN8eHOCQIDAQABAoIBABz/hUXnFRZURWHKxLvKpnBZPTOiZzfzfxfl4tOmq54CtDoVQyXNq2J+6oOPWC/X+ky3hy+1BQ5x9hJrx+qTU04m2EfOe8da8M7DX28kZlauyjF2loG+MvP7ctn4BluWcip+RTZOYn2DfxBPpRcunR409V+JesoMY7fSwtrfA/Gm0PrXgBK7OuE0nxqFFWnsLOc+HxZECS5r0n1MHEBHe774HkqGcK91j8S+QU+/diTnK+N/ClnKWnabMK8bUO5wAUuKwf2deYkGP91pCEJlVnVZyaXshEM+uxTuMRUlq9h1QAIUatvdQwfOKqZ9XvmTVC8b79qLwmezjoDxNCKbaMMCgYEA71WDpMnA2uS2wCJ/MVwzWGSBDjfeKUPRy33BeUfwLGp4Dro+S1sTrLHgi1HGmvmC8ReZrifUlUHUi3ZHauR6vbNsEoSQ3hplO013kj12EfcBpvKYFg1ODCwevb/JtBTWbDG1P+E9DGiF/2u0aicoJoPolNeNVzgO6YK1OI/S/LMCgYEA1FPTqFPulXxcOK12LgYap8typqJ7zu4fByr42010yrKM+LLNA3bT/i/oRkKc7J1ztKSqlVckADWgK4Y27lI4j1tSgTOxFzwxnTZOeF7ZwGSxq9iy9A84nDiW+m6Hj5RDyBjTSoP2Qqv6d5kTUx+pczZvOVTWRlIEnFETbbxOoFMCgYEA0r1etHx+V4AqtxXpH6KLB5s/1DA3a+hu1BrAgLVqcwGxA27VKW9h7J+YE7UHBzELLpVUWfhyhJa5u6+DhUj4Fw/k6o1WLmvZlZVJ4zhBPeJczw8wAcLnZWp4CybUScBLamt+qGgBZGqpCtZgv1QJU5i09FK0/wa6grz4K3zhEGcCgYAlnGe8xIlZr3rCi2+IvYoROQepHtUhlaqnYWRNrI3IrhIsp7eLKoxo1WGmuHwFqepqEFUrORFmfBlQPGkUlDnyovGdc2OmQwJi39DMn7igzPVwBGXGt7+GZLvRxqx6sX/EPSmIZJHFw6MNdm8m5U/l2bmgBTgjormwWug/IwEmgwKBgEouISIuXsjGxeLmhrOXHKXb6IfKglNJeBM6lTQ6MLaVOso7KdelIntwZNtZwMIi3hlwaUb1X1QmztFbnrvnPhWwJR4ZgMEWanRHthtm0SHzg8EHKT40S91oKabsgHk3wpOvq/iWs+k8qWN4HYp6UO603uLMOfxPYJCFxRtg2TsJ" + ], + "certificate": [ + "MIICnTCCAYUCBgGTy2TG/jANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdteXJlYWxtMB4XDTI0MTIxNTE3MzQ1OVoXDTM0MTIxNTE3MzYzOVowEjEQMA4GA1UEAwwHbXlyZWFsbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMaBL57/mBwqlFgDRrpLuUGLHAGclBNFh0pXAM2dG0LoD6MOt6YkLLsT89HKTyLi2m+mnbLF1KihBYXk9R9AarZk/S/+4jigejEbiJzeGkc80x/atNkyj5HKUgMwB0xnLCQTDGsJW5yHTLufpnrzD8anlVcb65yhtu0vB91uY6iJEMPG6OuOh695eQ8av42O7JXEl113uGXXn3gr50qnmvn8uXPq/6+eOp1+BUxopJbuii0Gg3PUnxnHK2Q5pY2Ow19ZB65ryHS0oXLrpEx3NIYtqm4DHFLXv+/7L0iS1FjmTmysXrXeMtTgOPb9+sazKhocBg3cK1n9FbjATfHhzgkCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAdUIlJ91E0UkFS45AByjFufRnQbAi1smnHkC3WSN39bhcFT7Hgip97qtABODR58zVHSTS0XcMiL4mMObH3Vyz9J3gmwWZnbokAuo9tYeyrhPh/gqXv3LGtGhTpWlUJ7JEJxH7RVI4UZZyG6Y6FR+3zwiZ0j1p3QsZclfcNmacoi/Ano+4TfloOnY4k8yP7G6LWUTJHpcRNWVVozM3RwekYgpJRAtXDoYfm9p2hRQ090e7NvbblSuVQ/FXhUn4g0wz91WdCWlwXZfvNaRjbynPCHejJpszqiyjPkx3aRKTWqer0ZocKNmY8+RO27XIsXmwOYcjdpX2TCFDv6O+VLfNdw==" + ], "priority": ["100"], "algorithm": ["RSA-OAEP"] } @@ -1697,6 +1746,8 @@ "providerId": "aes-generated", "subComponents": {}, "config": { + "kid": ["95db7eb8-b57b-475e-90cd-58841a9388d3"], + "secret": ["dp6bv53YrC2PZuJCxa3aNA"], "priority": ["100"] } }, @@ -1706,6 +1757,10 @@ "providerId": "hmac-generated", "subComponents": {}, "config": { + "kid": ["d0254883-059e-4fdd-bf03-704c76650aab"], + "secret": [ + "bcW7E4rcbgSKZIQysWOSuhezRGYs5Kzmp3ZESthdTUMyFivK8RbBAdBE4PhFPk5B9TuByDO2RWvd8F7F5YhGJitf6cfYB1BfDuAk-2iBAtdZA98g7a2h4jpwzh-GIgtoRbGbH9qnquUn52f5qteo34g5WifKE2bWjOELza9FrTo" + ], "priority": ["100"], "algorithm": ["HS512"] } diff --git a/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-26.json b/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-26.json index a0d3e1b9..10ca6d51 100644 --- a/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-26.json +++ b/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-26.json @@ -673,9 +673,9 @@ "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "redirectUris": [ - "/realms/myrealm/account/*", - "http://localhost/*", - "http://127.0.0.1/*" + "http://localhost*", + "http://127.0.0.1*", + "/realms/myrealm/account/*" ], "webOrigins": ["*"], "notBefore": 0, @@ -692,7 +692,7 @@ "realm_client": "false", "oidc.ciba.grant.enabled": "false", "backchannel.logout.session.required": "true", - "post.logout.redirect.uris": "+##http://localhost/*##http://127.0.0.1/*", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "display.on.consent.screen": "false", "pkce.code.challenge.method": "S256", @@ -843,7 +843,7 @@ "realm_client": "false", "oidc.ciba.grant.enabled": "false", "backchannel.logout.session.required": "true", - "post.logout.redirect.uris": "https://my-theme.keycloakify.dev/*##http://localhost*##http://127.0.0.1*", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "display.on.consent.screen": "false", "backchannel.logout.revoke.offline.tokens": "false" @@ -1731,13 +1731,13 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper", - "oidc-address-mapper", - "oidc-sha256-pairwise-sub-mapper", - "saml-user-property-mapper", "saml-user-attribute-mapper", + "saml-user-property-mapper", "oidc-full-name-mapper", + "oidc-sha256-pairwise-sub-mapper", + "oidc-address-mapper", + "oidc-usermodel-attribute-mapper", "saml-role-list-mapper" ] } @@ -1768,13 +1768,13 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ + "oidc-sha256-pairwise-sub-mapper", "saml-user-attribute-mapper", - "saml-user-property-mapper", - "saml-role-list-mapper", "oidc-usermodel-property-mapper", "oidc-full-name-mapper", + "saml-role-list-mapper", + "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", - "oidc-sha256-pairwise-sub-mapper", "oidc-address-mapper" ] } diff --git a/src/bin/start-keycloak/realmConfig/dumpContainerConfig.ts b/src/bin/start-keycloak/realmConfig/dumpContainerConfig.ts index 81fb4443..59e68d1b 100644 --- a/src/bin/start-keycloak/realmConfig/dumpContainerConfig.ts +++ b/src/bin/start-keycloak/realmConfig/dumpContainerConfig.ts @@ -22,7 +22,7 @@ export async function dumpContainerConfig(params: { { // https://github.com/keycloak/keycloak/issues/33800 - const doesUseLockedH2Database = keycloakMajorVersionNumber >= 26; + const doesUseLockedH2Database = keycloakMajorVersionNumber >= 25; if (doesUseLockedH2Database) { child_process.execSync( diff --git a/src/bin/start-keycloak/realmConfig/realmConfig.ts b/src/bin/start-keycloak/realmConfig/realmConfig.ts index f704d69d..930df9a2 100644 --- a/src/bin/start-keycloak/realmConfig/realmConfig.ts +++ b/src/bin/start-keycloak/realmConfig/realmConfig.ts @@ -115,14 +115,14 @@ export async function getRealmConfig(params: { console.log( [ - chalk.green( - `✓ '${realmName}' config backed up completed in ${Date.now() - start}ms` - ), chalk.grey( `Save changed to \`.${pathSep}${pathRelative(buildContext.projectDirPath, realmJsonFilePath)}\`` ), chalk.grey( `Next time you'll be running \`keycloakify start-keycloak\`, the realm '${realmName}' will be restored to this state.` + ), + chalk.green( + `✓ '${realmName}' config backed up completed in ${Date.now() - start}ms` ) ].join("\n") ); From 10cfa1cf41a2a02cb861ae228adc47315875dfaf Mon Sep 17 00:00:00 2001 From: Joseph Garrone Date: Sun, 15 Dec 2024 19:45:05 +0100 Subject: [PATCH 24/24] Update default realm configs --- .../realmConfig/ParsedRealmJson.ts | 2 - .../defaultConfig/realm-kc-18.json | 183 ++++++++++++------ .../defaultConfig/realm-kc-19.json | 124 ++++++++---- .../defaultConfig/realm-kc-20.json | 125 ++++++++---- .../defaultConfig/realm-kc-21.json | 75 +++++-- .../defaultConfig/realm-kc-23.json | 84 ++++++-- .../defaultConfig/realm-kc-24.json | 2 +- .../defaultConfig/realm-kc-25.json | 2 +- .../defaultConfig/realm-kc-26.json | 94 +-------- src/bin/start-keycloak/start-keycloak.ts | 23 ++- 10 files changed, 429 insertions(+), 285 deletions(-) diff --git a/src/bin/start-keycloak/realmConfig/ParsedRealmJson.ts b/src/bin/start-keycloak/realmConfig/ParsedRealmJson.ts index 35eeff6a..ed67d501 100644 --- a/src/bin/start-keycloak/realmConfig/ParsedRealmJson.ts +++ b/src/bin/start-keycloak/realmConfig/ParsedRealmJson.ts @@ -15,7 +15,6 @@ export type ParsedRealmJson = { id: string; email: string; username: string; - attributes: Record; credentials: { type: string /* "password" or something else */; }[]; @@ -59,7 +58,6 @@ const zParsedRealmJson = (() => { id: z.string(), email: z.string(), username: z.string(), - attributes: z.record(z.unknown()), credentials: z.array( z.object({ type: z.string() diff --git a/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-18.json b/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-18.json index a438eb64..7b46daf1 100644 --- a/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-18.json +++ b/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-18.json @@ -73,7 +73,7 @@ "composites": { "realm": ["offline_access", "uma_authorization"], "client": { - "account": ["delete-account", "view-profile", "manage-account"] + "account": ["view-profile", "manage-account", "delete-account"] } }, "clientRole": false, @@ -398,6 +398,26 @@ "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, "otpSupportedApplications": ["FreeOTP", "Google Authenticator"], + "webAuthnPolicyRpEntityName": "keycloak", + "webAuthnPolicySignatureAlgorithms": ["ES256"], + "webAuthnPolicyRpId": "", + "webAuthnPolicyAttestationConveyancePreference": "not specified", + "webAuthnPolicyAuthenticatorAttachment": "not specified", + "webAuthnPolicyRequireResidentKey": "not specified", + "webAuthnPolicyUserVerificationRequirement": "not specified", + "webAuthnPolicyCreateTimeout": 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyAcceptableAaguids": [], + "webAuthnPolicyPasswordlessRpEntityName": "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms": ["ES256"], + "webAuthnPolicyPasswordlessRpId": "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", + "webAuthnPolicyPasswordlessCreateTimeout": 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyPasswordlessAcceptableAaguids": [], "users": [ { "id": "00a62e75-bcc1-419a-a292-63ee5d161ed3", @@ -422,30 +442,43 @@ "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": ["default-roles-myrealm"], + "clientRoles": { + "realm-management": [ + "create-client", + "view-identity-providers", + "manage-realm", + "query-groups", + "manage-clients", + "query-users", + "realm-admin", + "view-authorization", + "view-events", + "view-clients", + "view-realm", + "manage-events", + "query-realms", + "query-clients", + "manage-identity-providers", + "manage-users", + "view-users", + "impersonation", + "manage-authorization" + ], + "broker": ["read-token"], + "account": [ + "view-profile", + "manage-account-links", + "view-applications", + "manage-consent", + "delete-account", + "manage-account", + "view-consent" + ] + }, "notBefore": 0, "groups": [] } ], - "webAuthnPolicyRpEntityName": "keycloak", - "webAuthnPolicySignatureAlgorithms": ["ES256"], - "webAuthnPolicyRpId": "", - "webAuthnPolicyAttestationConveyancePreference": "not specified", - "webAuthnPolicyAuthenticatorAttachment": "not specified", - "webAuthnPolicyRequireResidentKey": "not specified", - "webAuthnPolicyUserVerificationRequirement": "not specified", - "webAuthnPolicyCreateTimeout": 0, - "webAuthnPolicyAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyAcceptableAaguids": [], - "webAuthnPolicyPasswordlessRpEntityName": "keycloak", - "webAuthnPolicyPasswordlessSignatureAlgorithms": ["ES256"], - "webAuthnPolicyPasswordlessRpId": "", - "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", - "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", - "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", - "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", - "webAuthnPolicyPasswordlessCreateTimeout": 0, - "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyPasswordlessAcceptableAaguids": [], "scopeMappings": [ { "clientScope": "offline_access", @@ -505,8 +538,12 @@ "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "redirectUris": ["/realms/myrealm/account/*"], - "webOrigins": [], + "redirectUris": [ + "http://localhost*", + "http://127.0.0.1*", + "/realms/myrealm/account/*" + ], + "webOrigins": ["*"], "notBefore": 0, "bearerOnly": false, "consentRequired": false, @@ -518,6 +555,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -636,7 +674,7 @@ "attributes": { "oidc.ciba.grant.enabled": "false", "backchannel.logout.session.required": "true", - "login_theme": "keycloakify-starter", + "post.logout.redirect.uris": "+", "display.on.consent.screen": "false", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false" @@ -694,8 +732,12 @@ "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "redirectUris": ["/admin/myrealm/console/*"], - "webOrigins": ["+"], + "redirectUris": [ + "http://localhost*", + "http://127.0.0.1*", + "/admin/myrealm/console/*" + ], + "webOrigins": ["*"], "notBefore": 0, "bearerOnly": false, "consentRequired": false, @@ -707,6 +749,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -757,7 +800,8 @@ "consentRequired": false, "config": { "id.token.claim": "true", - "access.token.claim": "true" + "access.token.claim": "true", + "userinfo.token.claim": "true" } } ] @@ -1205,6 +1249,7 @@ "consentRequired": false, "config": { "multivalued": "true", + "userinfo.token.claim": "true", "user.attribute": "foo", "id.token.claim": "true", "access.token.claim": "true", @@ -1271,11 +1316,11 @@ }, "smtpServer": {}, "loginTheme": "keycloakify-starter", - "accountTheme": "keycloakify-starter", + "accountTheme": "", "adminTheme": "", "emailTheme": "", "eventsEnabled": false, - "eventsListeners": ["jboss-logging"], + "eventsListeners": ["keycloakify-logging", "jboss-logging"], "enabledEventTypes": [], "adminEventsEnabled": false, "adminEventsDetailsEnabled": false, @@ -1291,14 +1336,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ + "saml-user-attribute-mapper", + "oidc-usermodel-property-mapper", "oidc-full-name-mapper", "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", - "saml-user-attribute-mapper", "oidc-address-mapper", "oidc-sha256-pairwise-sub-mapper", - "saml-role-list-mapper", - "oidc-usermodel-property-mapper" + "saml-role-list-mapper" ] } }, @@ -1347,14 +1392,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-usermodel-property-mapper", - "oidc-address-mapper", "oidc-full-name-mapper", + "oidc-usermodel-property-mapper", "saml-user-property-mapper", - "saml-user-attribute-mapper", - "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-attribute-mapper", - "saml-role-list-mapper" + "oidc-sha256-pairwise-sub-mapper", + "saml-role-list-mapper", + "oidc-address-mapper", + "saml-user-attribute-mapper" ] } }, @@ -1394,6 +1439,12 @@ "providerId": "rsa-generated", "subComponents": {}, "config": { + "privateKey": [ + "MIIEpAIBAAKCAQEA+VQAcuaRivrzLVI8H/tt8PKbtRznTQKmmxOdLRR37leY/ph7sFnEmZt6K02Rvut7R0dxUFtTdiEHUKxhyM8CADMznGUjDYj/EXQzLfZ3LEwbwmR39zp+fZL/H24UDO03zt23Ov9C8Aly0ufXZ1Ic1c33KW6UtUEK/3M52pU8Y0daWdjx7nBj1eRlzWfVG+BYotTTWEnFJuEoZPFQMiXqeA5ob1zZdXjL5JDuGEiBsYjtiiaKbKL5545+FmEBnoCmWXqGu0qWxI2TzvV2dohxfl5KjNzRoKt40ydraiVk5rtBpoNDpeEApuphbokH5dJVwJ5cvWu1CSTnYPW2jXeG4wIDAQABAoIBAQDHV6AcPbhz8/xlafBkabQXBwHzJi7QZaQrLN1n44uX5jWOqP+LmdoULjjZUmWKzd98t+QjKUFrmzCsEYcE9G1XF5jWHA6Qjc3ReKRKxVm28wrmu0knQ39KizKrQGmLhEYwgRg0dU5heExzz6VrGD2xu8E3QRBocp6GauwAlXz4qcnTPHOl8OBPeDHAc0RUdaL5+jRLgKQzf9nnnKB19imBKP++zwrwFrkOZti2ZPs1I7j/ym27mHUbi8TDI2VepDX4QwjjC5a+v3vTsVAGE+1tUAZtqpxpIP9hiUkLH3ajyvp3typhnmZHklqsSZdwtRcK94WiMzL3TkiY70y8abMhAoGBAP8I4EQRXxcKfBn23eaRw8Cd4PFrOouz4zFbYLrBODsvXfku/jnQOMFD0If4IzT6y0FGgBd+t/yqnFJi98oZOKm3P8w+NZBXTbFLH8rgmsElXyS0+9LVMjVa7+UlqZB1eRZbUeLREp03Fsz1y2rflnoWgUnpDIlyhmJqGhCsJdebAoGBAPpFmJ9P42mUTeDWpCyCxgg0zpp6rlpAP8StqZkcvr7kYjhbWrJfJuxrTXtzTTA1zZ59L9EvEAxuug/gl9BkuZ11Uzg8ZLOr4gSuAJZlAORaxJlcoylmNMYIL1fP/K0dxhdO0eHZOpPVpBmGctgev2HBtWp9ZwzQ3DddKimZfNZZAoGAfNOOWSKbhT6HgXnYIHtl8YgUynUuYaR5ZfYQwTfDWwyTFVzP5+IndUjI71Qff1XlWBy2o0lNqmijPJveJlfz6PWdT01/kBd7GnTnqbgHZtPw3pmKzCW3fm/1DRZDCUbGLpAh4z9rufF1wnnnx3aKQ1VykId1sGySo+bEvTZVC1MCgYAlv6uWk/ksKpdYi2d14z+1aymieVClAj3cD4meM4y9xDrgXz8d2mZHkKO+NBT3aZYbCqzUs3GLPoRH8stTPm4UxuaHe+yAgTN1Gz2xcYih6OLwct2VV/oryH5Dk3Z8Mhp314amtxozxCydQP8/g9vABfS0HDgX4cTlgOLkJWeD+QKBgQDuRtsstQ4Q3yK44himPi1JQMMvbYAqyGgRxWH8G1Kr41DV2sQ4wt9CbYxeh6RwMsE+YYNMkTAw1kksUTugWdcDnYpcSVG7xHLJk8WMti0WTqI/7KlkoRehXXv18WJNEXaCr5mJTtJL9wuQcd8nhkEDrrCZubZiJzX9IDnEqZc4Mg==" + ], + "certificate": [ + "MIICnTCCAYUCBgGTy58etTANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdteXJlYWxtMB4XDTI0MTIxNTE4Mzg0M1oXDTM0MTIxNTE4NDAyM1owEjEQMA4GA1UEAwwHbXlyZWFsbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPlUAHLmkYr68y1SPB/7bfDym7Uc500CppsTnS0Ud+5XmP6Ye7BZxJmbeitNkb7re0dHcVBbU3YhB1CsYcjPAgAzM5xlIw2I/xF0My32dyxMG8Jkd/c6fn2S/x9uFAztN87dtzr/QvAJctLn12dSHNXN9ylulLVBCv9zOdqVPGNHWlnY8e5wY9XkZc1n1RvgWKLU01hJxSbhKGTxUDIl6ngOaG9c2XV4y+SQ7hhIgbGI7Yomimyi+eeOfhZhAZ6Apll6hrtKlsSNk871dnaIcX5eSozc0aCreNMna2olZOa7QaaDQ6XhAKbqYW6JB+XSVcCeXL1rtQkk52D1to13huMCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAH/nsEi88hFiNPCWYvTB3lERZpeUCbpDzAXQT/4TONmOw8zi7Cd2OlX8BGBFqjh/fESHv+adlzsY1mUdMvpVaYgHr3gYi8sBSrq5TMUfSYaWp4WCD7utiXXGprG08GCdbye1lpyyNnniWp12Bgjao+rtGamL/M1d6+WZTC+XL+H30u4VHURAiFBsAEoX6tlGV8ynhYOr/b8B43jy0/R0JfrzLjwSKEcA6RfKM7ozbZ0QZuQDALULymPIesrV4mvZ2Qwg4YgpAKaki9Sse45yiIhsIY0p5RnuNZRZnCbukyeBzIyDJobEBGhpui/KT2dqXBlRgRuOhCUf7OGCcPVHKNQ==" + ], "priority": ["100"] } }, @@ -1403,6 +1454,12 @@ "providerId": "rsa-enc-generated", "subComponents": {}, "config": { + "privateKey": [ + "MIIEogIBAAKCAQEAn82AU+InXwYlE8u9lMwhQghZB7oQ71Hg3PdFqS9ICGzw1u1JcENooCsZse55V6nqptdYF1oZA8QrxnhHzCVCGIqFHtXSoPGHVtozO3Fe1cVIVFm1D9TNS3JHe1C8SBQQT4hGItO5cjDyfGdK3x09RkoAcelrzH5uQ78zd0FKHkzbsTMsP2V8V94c35+ViIUjyGhH2T2BpIyGRLignL+6d0wHbw463L1Ewj/J9z8BtNLCH9PaVLWiGQARjlWyL9vtWBig9XXL0Z9tZUuoLihjh4StkXt2lQ++DKxUklsAjyenRAG5d72T2rY8MO5a1Z2ZSt8+s86D5esrAEIFZc9mqwIDAQABAoIBAAmmCcqGzCPDpjd0xMSYMqXfBSkfReh9RBtzXqRhc3L2yO/hMd7yYv3QvGNu56qwWreqJup6CSqeDJqWJpef5EbBDlqXRHltO+O1lwROyxATMlPNes4y5hZZFxHOBSBA/d8fdkSiDf9kDzANuIqSJGH7E93M3zJgq92xTLU1nvkHR/VYJQv+j+Pjye7MWvjIePfhwFeBqEWlWPTlw/080Mpfp8Hhbl6JeKjx2inkSphp43v4wR1Wmp+E2JIHF4P4sVXPPuPf3JDwg5uGOrROw1ziloD3jTI+LnQ+kRm6R2EbqRqqVsehXT7mZy2puQNqVc4vVqWQdxIErMBazYEpZOECgYEA+8PEcDiIPr2PTYZk+/jErRVYwsxyLgDJexPak7onLxLBJRNRnp1Uk6b1LXM6af5qp+Y510kyAe1k+9xkQLx1gW8rMka9rvVsM+1A2ACvF99V23sRw29CVxeFV/zNn83MinYPX5biUl6MkOX2PvWUhdwRGhKByjiYcAeBOsXkz3ECgYEAon2yYXGzph8Vb8Fetv0wFFbjQOixuL02OjVp/nU1XVE8Aw9BJ7uzA6GQ7akPG0HsaUq7AEHP1uUOsJWQTNQ8WYD9LDuDOl/JFqkG+zrmdUdm0mAIYyH1/GBqgaTLvMq78qqosua8BBJojEyoXDz69UBHpu7cwtUgmzRNQSYqgdsCgYASvD3JEBvrd1XLsh2ftqKEMtt5G5e/nqVfuFmCts6lrSKcbLSdNh4OItWJ/VIygxFSz0osoDDNfeoO6Ba5zox8BlbTlfoVpAPaVWSG7n4ZK7CK9bybq5LnQkPVCWYP51O6VhDMz0CmWozhV4ucoc/cqkTHiOsJrm6Bn71ZL1LYsQKBgFNb8qgk4YnGhoPHiuSLbR/yFzGUbqAciXZBMrg0vwS5iPT03XMZytOBDk2uHi7YmgTGLrsKCCrxZaDXiaiwdKliD/+iJEdNHmc+nXNDGzltQOWKGKNqp7wqZllOBqs6wkLSpCrrTec03mejZ/ex3Pj2WgvcnGpjVg/pO/zBLKtjAoGACzGQNEF93fabHQJTsHmb/g+jO2iumjF6ZIWzdFh2KzQABONcoBvy1MJNASFQj3iVy/8kEo4SfmexvMWLBW9igi2z1pHeHY32EuImzuc4xnVDm6dkmDdsO43Ex6CFBx8lM40H4l27mXu+EZRzGClUY8TnmV/FBGmX+LPtOiiwT7s=" + ], + "certificate": [ + "MIICnTCCAYUCBgGTy58fHjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdteXJlYWxtMB4XDTI0MTIxNTE4Mzg0M1oXDTM0MTIxNTE4NDAyM1owEjEQMA4GA1UEAwwHbXlyZWFsbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ/NgFPiJ18GJRPLvZTMIUIIWQe6EO9R4Nz3RakvSAhs8NbtSXBDaKArGbHueVep6qbXWBdaGQPEK8Z4R8wlQhiKhR7V0qDxh1baMztxXtXFSFRZtQ/UzUtyR3tQvEgUEE+IRiLTuXIw8nxnSt8dPUZKAHHpa8x+bkO/M3dBSh5M27EzLD9lfFfeHN+flYiFI8hoR9k9gaSMhkS4oJy/undMB28OOty9RMI/yfc/AbTSwh/T2lS1ohkAEY5Vsi/b7VgYoPV1y9GfbWVLqC4oY4eErZF7dpUPvgysVJJbAI8np0QBuXe9k9q2PDDuWtWdmUrfPrPOg+XrKwBCBWXPZqsCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEATwmKBzLiZiUjyB9BWUR4BCXh46DxsiM0BCublewlUFY6FBTn7ea6q3G+X3QP2WM6xa0oAmQz9dq1KChbIoC2WPbceAbwd5XZZfziWsRCv6+xPswtpHPIrsenz8TR4K4P73aeCC+vTVs/y+2tGPEVbnSkcNnOP71hRQGlt0LvjKlEetJSRyYz5depSdJOjl4F3ehpxQtTK/48xUVAytu9ZotJj6AUA7jWFlP5GHgoB+mPk6QTHNWddnc7BQx2FMvg151vxu722ywLh5Dh7WzgFhJNwkX4xpwzhfo0Q1gSygGTdZaJCGj5jfF+KwdiKpN04UxJ8OrRgJqklQgrSVnsgQ==" + ], "priority": ["100"], "algorithm": ["RSA-OAEP"] } @@ -1413,6 +1470,8 @@ "providerId": "aes-generated", "subComponents": {}, "config": { + "kid": ["132fb843-59e9-4f36-ad55-5ce2d3a13fb3"], + "secret": ["ETyyqapnrkUsNXLQ-tBVKw"], "priority": ["100"] } }, @@ -1422,6 +1481,10 @@ "providerId": "hmac-generated", "subComponents": {}, "config": { + "kid": ["5110d380-c930-49d9-b91b-87f338f6170b"], + "secret": [ + "uCpQrJvP5OBuTxXfDb4JRL0bCKpXUgfGn5vb8UvL-Sfs_sZ9rtvBmd6vuFWARqyezjJQtpoNlMv7sXgxkN-yxQ" + ], "priority": ["100"], "algorithm": ["HS256"] } @@ -1454,7 +1517,7 @@ "defaultLocale": "en", "authenticationFlows": [ { - "id": "f7f2b89b-43cb-491d-8e7c-f1814024a6da", + "id": "223ce532-2038-4f24-a606-2a5c73f7bd65", "alias": "Account verification options", "description": "Method with which to verity the existing account", "providerId": "basic-flow", @@ -1480,7 +1543,7 @@ ] }, { - "id": "17cdac6f-d2a3-4907-8d44-a42827610b63", + "id": "57e47732-79cc-4d60-bee7-4f0b8fd44540", "alias": "Authentication Options", "description": "Authentication options.", "providerId": "basic-flow", @@ -1514,7 +1577,7 @@ ] }, { - "id": "53a3e43f-9468-401f-8051-40f982d12f85", + "id": "c2735d89-60c0-45a4-9b3c-ae5df17df395", "alias": "Browser - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -1540,7 +1603,7 @@ ] }, { - "id": "26286808-3b7b-43df-b32e-af55a37af2e9", + "id": "11a5a507-2b9a-443f-961b-dffd66f4318d", "alias": "Direct Grant - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -1566,7 +1629,7 @@ ] }, { - "id": "8a6a752a-9a9a-4d38-b1f8-edf0a9433490", + "id": "963bd753-6ea7-4d93-ab56-30f9ab59d597", "alias": "First broker login - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -1592,7 +1655,7 @@ ] }, { - "id": "a6f6804c-4160-4a84-8a1f-c2747a2d3f27", + "id": "1db6a489-a3b4-44c4-b480-1d1e8c123d20", "alias": "Handle Existing Account", "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", "providerId": "basic-flow", @@ -1618,7 +1681,7 @@ ] }, { - "id": "740baa9e-8328-4035-9e1a-8fc1616d1f0f", + "id": "7a38f32d-4f34-450f-8f03-64802d7cb8f1", "alias": "Reset - Conditional OTP", "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", "providerId": "basic-flow", @@ -1644,7 +1707,7 @@ ] }, { - "id": "e60187a8-3e16-4a0c-9daa-f3a4a1fcfdba", + "id": "0df88739-3739-4d70-8893-47c546f19003", "alias": "User creation or linking", "description": "Flow for the existing/non-existing user alternatives", "providerId": "basic-flow", @@ -1671,7 +1734,7 @@ ] }, { - "id": "d959d0c2-4004-4633-b280-f80d6423f574", + "id": "35025424-e291-4c54-8a29-70aadba549ce", "alias": "Verify Existing Account by Re-authentication", "description": "Reauthentication of existing account", "providerId": "basic-flow", @@ -1697,7 +1760,7 @@ ] }, { - "id": "ba02689d-b9e8-4a4b-8fdd-0d1386b198fc", + "id": "1813b7f2-c3c2-4b92-8ffc-9ff2d12186c6", "alias": "browser", "description": "browser based authentication", "providerId": "basic-flow", @@ -1739,7 +1802,7 @@ ] }, { - "id": "f09ac92a-e091-4e84-9cd1-cb905ca57b89", + "id": "954283ac-f1c2-40b6-a39f-bf23ff9f3ce8", "alias": "clients", "description": "Base authentication for clients", "providerId": "client-flow", @@ -1781,7 +1844,7 @@ ] }, { - "id": "aaf72b22-cec4-4714-93d6-f54d5a986ab8", + "id": "52a789ce-2cad-4f0f-93b2-295b7fd519f0", "alias": "direct grant", "description": "OpenID Connect Resource Owner Grant", "providerId": "basic-flow", @@ -1815,7 +1878,7 @@ ] }, { - "id": "c4a54bb3-f009-4231-a82b-376c2515e07e", + "id": "5a6a71e1-9105-45b6-b5f0-52538461357b", "alias": "docker auth", "description": "Used by Docker clients to authenticate against the IDP", "providerId": "basic-flow", @@ -1833,7 +1896,7 @@ ] }, { - "id": "f55ded54-683a-4f5a-a101-9cfbd7b96781", + "id": "8392b6e7-bdbf-4d7f-97b6-885761c200db", "alias": "first broker login", "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", "providerId": "basic-flow", @@ -1860,7 +1923,7 @@ ] }, { - "id": "931d5a82-378f-4533-8c69-2239a4acd047", + "id": "52136d70-8d08-42ea-b04b-cf40ea2807aa", "alias": "forms", "description": "Username, password, otp and other auth forms.", "providerId": "basic-flow", @@ -1886,7 +1949,7 @@ ] }, { - "id": "22b05374-f480-4ca8-aca8-9db8b6dd1729", + "id": "26bbc7e6-ef01-4cdb-9dba-520e2f3f8993", "alias": "http challenge", "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", "providerId": "basic-flow", @@ -1912,7 +1975,7 @@ ] }, { - "id": "c0371832-e4b7-485e-bf23-6babe4c6ac83", + "id": "f0887979-04eb-4033-8f19-0ffd8c8b7f6a", "alias": "registration", "description": "registration flow", "providerId": "basic-flow", @@ -1931,7 +1994,7 @@ ] }, { - "id": "4d0445da-073e-465e-b25b-af522915c73f", + "id": "a3b7b94b-bfbf-4760-a8c9-7d9cd98d262e", "alias": "registration form", "description": "registration form", "providerId": "form-flow", @@ -1973,7 +2036,7 @@ ] }, { - "id": "740d467f-4203-425b-8203-9bfd3eed25ae", + "id": "dc68a665-2e51-4a22-aaad-bd693ddc77cc", "alias": "reset credentials", "description": "Reset credentials for a user if they forgot their password or something", "providerId": "basic-flow", @@ -2015,7 +2078,7 @@ ] }, { - "id": "cf1a9af9-dadd-4cb9-a26e-fbbba216f8e1", + "id": "ae6b73aa-1318-4ae8-a3d9-d01b5e7d957e", "alias": "saml ecp", "description": "SAML ECP Profile Authentication Flow", "providerId": "basic-flow", @@ -2035,14 +2098,14 @@ ], "authenticatorConfig": [ { - "id": "4e65eb4b-9f0a-4ab8-98b2-6daf50cd1bf8", + "id": "0c18de7f-0714-41f4-9a3f-ed4edd53ae9c", "alias": "create unique user config", "config": { "require.password.update.after.registration": "false" } }, { - "id": "5e8dc1c5-1489-4d39-bb75-9c499583b91b", + "id": "65b3c8bb-34a4-4d19-b578-245dc8ff53ea", "alias": "review profile config", "config": { "update.profile.on.first.login": "missing" @@ -2132,8 +2195,8 @@ "attributes": { "cibaBackchannelTokenDeliveryMode": "poll", "cibaAuthRequestedUserHint": "login_hint", - "oauth2DevicePollingInterval": "5", "clientOfflineSessionMaxLifespan": "0", + "oauth2DevicePollingInterval": "5", "clientSessionIdleTimeout": "0", "userProfileEnabled": "true", "clientOfflineSessionIdleTimeout": "0", diff --git a/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-19.json b/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-19.json index e71ef276..136f1321 100644 --- a/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-19.json +++ b/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-19.json @@ -73,7 +73,7 @@ "composites": { "realm": ["offline_access", "uma_authorization"], "client": { - "account": ["delete-account", "view-profile", "manage-account"] + "account": ["view-profile", "manage-account", "delete-account"] } }, "clientRole": false, @@ -435,13 +435,46 @@ "type": "password", "userLabel": "My password", "createdDate": 1716214710762, - "secretData": "{\"value\":\"OaI4sKqQn+NZtS6N/bcqoZ8Q+ucpBby1n4XmzVmioKw=\",\"salt\":\"temixVCSbpA7Genml2KTAw==\",\"additionalParameters\":{}}", + "secretData": "{\"value\":\"QzJjOdXU0L9Pdxdx1V5xUs7BY9beGlmN8NpR2qiWxbkjrQ434Q1GwSiJKekZQ/zrLDtNZ7sAbVu+SS+XIe9Zaw==\",\"salt\":\"x8cABpa0Hk/nJ2BPKdFXTg==\",\"additionalParameters\":{}}", "credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" } ], "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": ["default-roles-myrealm"], + "clientRoles": { + "realm-management": [ + "create-client", + "view-identity-providers", + "manage-realm", + "query-groups", + "manage-clients", + "query-users", + "realm-admin", + "view-authorization", + "view-events", + "view-clients", + "view-realm", + "manage-events", + "query-realms", + "query-clients", + "manage-identity-providers", + "manage-users", + "view-users", + "impersonation", + "manage-authorization" + ], + "broker": ["read-token"], + "account": [ + "view-profile", + "manage-account-links", + "view-applications", + "manage-consent", + "delete-account", + "manage-account", + "view-consent" + ] + }, "notBefore": 0, "groups": [] } @@ -507,8 +540,12 @@ "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "redirectUris": ["/realms/myrealm/account/*"], - "webOrigins": [], + "redirectUris": [ + "http://localhost*", + "http://127.0.0.1*", + "/realms/myrealm/account/*" + ], + "webOrigins": ["*"], "notBefore": 0, "bearerOnly": false, "consentRequired": false, @@ -643,7 +680,6 @@ "attributes": { "oidc.ciba.grant.enabled": "false", "backchannel.logout.session.required": "true", - "login_theme": "keycloakify-starter", "post.logout.redirect.uris": "+", "display.on.consent.screen": "false", "oauth2.device.authorization.grant.enabled": "false", @@ -704,8 +740,12 @@ "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "redirectUris": ["/admin/myrealm/console/*"], - "webOrigins": ["+"], + "redirectUris": [ + "http://localhost*", + "http://127.0.0.1*", + "/admin/myrealm/console/*" + ], + "webOrigins": ["*"], "notBefore": 0, "bearerOnly": false, "consentRequired": false, @@ -1284,11 +1324,11 @@ }, "smtpServer": {}, "loginTheme": "keycloakify-starter", - "accountTheme": "keycloakify-starter", + "accountTheme": "", "adminTheme": "", "emailTheme": "", "eventsEnabled": false, - "eventsListeners": ["jboss-logging"], + "eventsListeners": ["keycloakify-logging", "jboss-logging"], "enabledEventTypes": [], "adminEventsEnabled": false, "adminEventsDetailsEnabled": false, @@ -1304,14 +1344,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-full-name-mapper", - "oidc-sha256-pairwise-sub-mapper", - "oidc-usermodel-property-mapper", - "oidc-address-mapper", "saml-user-property-mapper", - "oidc-usermodel-attribute-mapper", "saml-user-attribute-mapper", - "saml-role-list-mapper" + "oidc-full-name-mapper", + "oidc-usermodel-property-mapper", + "oidc-usermodel-attribute-mapper", + "oidc-address-mapper", + "saml-role-list-mapper", + "oidc-sha256-pairwise-sub-mapper" ] } }, @@ -1360,14 +1400,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "saml-user-property-mapper", - "saml-user-attribute-mapper", - "oidc-full-name-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-attribute-mapper", - "oidc-address-mapper", + "oidc-usermodel-property-mapper", "saml-role-list-mapper", - "oidc-usermodel-property-mapper" + "oidc-full-name-mapper", + "saml-user-property-mapper", + "oidc-address-mapper", + "saml-user-attribute-mapper" ] } }, @@ -1485,7 +1525,7 @@ "defaultLocale": "en", "authenticationFlows": [ { - "id": "e134634e-f219-4df4-867c-8110688d8e56", + "id": "1f4d4e13-1591-4751-8985-17886a8c98a9", "alias": "Account verification options", "description": "Method with which to verity the existing account", "providerId": "basic-flow", @@ -1511,7 +1551,7 @@ ] }, { - "id": "a611a8eb-9626-4aa4-8b54-ee565ea6e5dc", + "id": "126f07c3-1bcb-4a02-bf16-bb44674bf55d", "alias": "Authentication Options", "description": "Authentication options.", "providerId": "basic-flow", @@ -1545,7 +1585,7 @@ ] }, { - "id": "d87cbb31-5c69-45c8-888d-f9649ebbbf97", + "id": "eb3a08c8-5f99-49b6-b02b-16b62571f273", "alias": "Browser - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -1571,7 +1611,7 @@ ] }, { - "id": "752ba282-a369-4592-92e8-b4287192dbbf", + "id": "3dc19838-5025-4bbb-b569-b574bd5a8d90", "alias": "Direct Grant - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -1597,7 +1637,7 @@ ] }, { - "id": "2349282e-40ff-431a-984d-53911511e3d3", + "id": "70d6fd40-d740-4dae-b0e6-350f8e9d4a1c", "alias": "First broker login - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -1623,7 +1663,7 @@ ] }, { - "id": "4ff5463d-26d9-4219-ba85-41464401098f", + "id": "6e24dcb3-5818-483c-8e44-883858171901", "alias": "Handle Existing Account", "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", "providerId": "basic-flow", @@ -1649,7 +1689,7 @@ ] }, { - "id": "87bb6c6d-cca8-4832-b5ab-67ecb9454a42", + "id": "ac6254cd-403b-457b-b308-22a2a0e4f99d", "alias": "Reset - Conditional OTP", "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", "providerId": "basic-flow", @@ -1675,7 +1715,7 @@ ] }, { - "id": "1fc3d028-0e0a-43a4-aaf9-ba7f7d60b409", + "id": "485e74e6-9b3e-4b2c-a9b9-927802dc4f06", "alias": "User creation or linking", "description": "Flow for the existing/non-existing user alternatives", "providerId": "basic-flow", @@ -1702,7 +1742,7 @@ ] }, { - "id": "036aae59-641f-4799-9124-c7e5034af6c1", + "id": "ff9bb879-1d6a-4d1c-9836-1e4fab6f8997", "alias": "Verify Existing Account by Re-authentication", "description": "Reauthentication of existing account", "providerId": "basic-flow", @@ -1728,7 +1768,7 @@ ] }, { - "id": "2e8b9f28-93b8-4368-84b0-1a8326daafe0", + "id": "af8b2470-d581-401c-9984-762b966ebcc2", "alias": "browser", "description": "browser based authentication", "providerId": "basic-flow", @@ -1770,7 +1810,7 @@ ] }, { - "id": "0b826105-8493-45ce-87b3-7d917d190b39", + "id": "414dbda4-eb3f-4baa-b23a-d3423af1eae6", "alias": "clients", "description": "Base authentication for clients", "providerId": "client-flow", @@ -1812,7 +1852,7 @@ ] }, { - "id": "bf6d9edd-48d8-4392-bbc8-4b17a6866074", + "id": "1cae0c4b-8dfb-4f5d-a781-e74d0a13c940", "alias": "direct grant", "description": "OpenID Connect Resource Owner Grant", "providerId": "basic-flow", @@ -1846,7 +1886,7 @@ ] }, { - "id": "97e31722-dd11-42be-aa99-88788fa2dde6", + "id": "e798b655-7d85-4b6b-aee7-1448a3e1e0ea", "alias": "docker auth", "description": "Used by Docker clients to authenticate against the IDP", "providerId": "basic-flow", @@ -1864,7 +1904,7 @@ ] }, { - "id": "3f45cf34-231f-4ea1-8e58-d636c451a76b", + "id": "eb94b723-1041-426a-87bf-f7b4bd2f485d", "alias": "first broker login", "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", "providerId": "basic-flow", @@ -1891,7 +1931,7 @@ ] }, { - "id": "9bef2f7c-f989-4871-aaa7-18e2cfa73f22", + "id": "452d1d5f-7632-44d7-bc89-77ff2b209b3e", "alias": "forms", "description": "Username, password, otp and other auth forms.", "providerId": "basic-flow", @@ -1917,7 +1957,7 @@ ] }, { - "id": "0bfaa325-acde-4443-8bd8-1dc2ae759c5f", + "id": "7c1b9e8f-6b57-49d1-a9a7-494862f93c0f", "alias": "http challenge", "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", "providerId": "basic-flow", @@ -1943,7 +1983,7 @@ ] }, { - "id": "37ddbe8c-abf3-4654-bd6d-ffabbeefbb98", + "id": "2b38f34a-1739-499e-bb24-1dff96f32009", "alias": "registration", "description": "registration flow", "providerId": "basic-flow", @@ -1962,7 +2002,7 @@ ] }, { - "id": "5d7b4bc9-e93b-40da-aeb6-ba0c38392f1a", + "id": "d26ae72b-a933-44dc-9927-1c82757004b2", "alias": "registration form", "description": "registration form", "providerId": "form-flow", @@ -2004,7 +2044,7 @@ ] }, { - "id": "ee7a56e4-c827-4f24-8b8b-8476050b0b64", + "id": "222ee8d6-1892-4768-9ada-720274b6bf9a", "alias": "reset credentials", "description": "Reset credentials for a user if they forgot their password or something", "providerId": "basic-flow", @@ -2046,7 +2086,7 @@ ] }, { - "id": "360f0031-4c3b-4272-84ca-2172d430b4bc", + "id": "e8b4d92c-27c1-4a9b-9b16-7ceb810fa230", "alias": "saml ecp", "description": "SAML ECP Profile Authentication Flow", "providerId": "basic-flow", @@ -2066,14 +2106,14 @@ ], "authenticatorConfig": [ { - "id": "53630acd-a33a-40e3-8786-cf85464c6f9e", + "id": "e5847a0b-855d-4d93-85fd-94714be3ed92", "alias": "create unique user config", "config": { "require.password.update.after.registration": "false" } }, { - "id": "c0d2b6a0-caad-4e90-b040-17cacdaf70bb", + "id": "a2a18aa4-bd4c-4c2a-9286-e9d6c64f4812", "alias": "review profile config", "config": { "update.profile.on.first.login": "missing" diff --git a/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-20.json b/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-20.json index 56d0c4c7..c30db8f6 100644 --- a/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-20.json +++ b/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-20.json @@ -73,7 +73,7 @@ "composites": { "realm": ["offline_access", "uma_authorization"], "client": { - "account": ["delete-account", "view-profile", "manage-account"] + "account": ["view-profile", "manage-account", "delete-account"] } }, "clientRole": false, @@ -407,7 +407,7 @@ "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, "otpPolicyCodeReusable": false, - "otpSupportedApplications": ["totpAppGoogleName", "totpAppFreeOTPName"], + "otpSupportedApplications": ["totpAppFreeOTPName", "totpAppGoogleName"], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": ["ES256"], "webAuthnPolicyRpId": "", @@ -452,6 +452,40 @@ "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": ["default-roles-myrealm"], + "clientRoles": { + "realm-management": [ + "create-client", + "view-identity-providers", + "manage-realm", + "query-groups", + "manage-clients", + "query-users", + "realm-admin", + "view-authorization", + "view-events", + "view-clients", + "view-realm", + "manage-events", + "query-realms", + "query-clients", + "manage-identity-providers", + "manage-users", + "view-users", + "impersonation", + "manage-authorization" + ], + "broker": ["read-token"], + "account": [ + "view-profile", + "manage-account-links", + "view-applications", + "manage-consent", + "delete-account", + "manage-account", + "view-groups", + "view-consent" + ] + }, "notBefore": 0, "groups": [] } @@ -517,8 +551,12 @@ "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "redirectUris": ["/realms/myrealm/account/*"], - "webOrigins": [], + "redirectUris": [ + "http://localhost*", + "http://127.0.0.1*", + "/realms/myrealm/account/*" + ], + "webOrigins": ["*"], "notBefore": 0, "bearerOnly": false, "consentRequired": false, @@ -653,7 +691,6 @@ "attributes": { "oidc.ciba.grant.enabled": "false", "backchannel.logout.session.required": "true", - "login_theme": "keycloakify-starter", "post.logout.redirect.uris": "+", "display.on.consent.screen": "false", "oauth2.device.authorization.grant.enabled": "false", @@ -714,8 +751,12 @@ "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "redirectUris": ["/admin/myrealm/console/*"], - "webOrigins": ["+"], + "redirectUris": [ + "http://localhost*", + "http://127.0.0.1*", + "/admin/myrealm/console/*" + ], + "webOrigins": ["*"], "notBefore": 0, "bearerOnly": false, "consentRequired": false, @@ -1294,11 +1335,11 @@ }, "smtpServer": {}, "loginTheme": "keycloakify-starter", - "accountTheme": "keycloakify-starter", + "accountTheme": "", "adminTheme": "", "emailTheme": "", "eventsEnabled": false, - "eventsListeners": ["jboss-logging"], + "eventsListeners": ["keycloakify-logging", "jboss-logging"], "enabledEventTypes": [], "adminEventsEnabled": false, "adminEventsDetailsEnabled": false, @@ -1314,14 +1355,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "saml-user-property-mapper", - "oidc-sha256-pairwise-sub-mapper", - "oidc-usermodel-attribute-mapper", - "saml-user-attribute-mapper", "oidc-address-mapper", - "saml-role-list-mapper", "oidc-full-name-mapper", - "oidc-usermodel-property-mapper" + "saml-role-list-mapper", + "oidc-sha256-pairwise-sub-mapper", + "oidc-usermodel-property-mapper", + "oidc-usermodel-attribute-mapper", + "saml-user-property-mapper", + "saml-user-attribute-mapper" ] } }, @@ -1370,14 +1411,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-sha256-pairwise-sub-mapper", - "oidc-address-mapper", - "saml-role-list-mapper", "saml-user-attribute-mapper", - "oidc-usermodel-attribute-mapper", + "saml-role-list-mapper", + "oidc-sha256-pairwise-sub-mapper", "oidc-full-name-mapper", + "oidc-usermodel-property-mapper", + "oidc-address-mapper", "saml-user-property-mapper", - "oidc-usermodel-property-mapper" + "oidc-usermodel-attribute-mapper" ] } }, @@ -1495,7 +1536,7 @@ "defaultLocale": "en", "authenticationFlows": [ { - "id": "19317acb-fe8e-4c79-82bc-90e159273075", + "id": "c40791b4-4d59-4df2-bebd-2b71e793704f", "alias": "Account verification options", "description": "Method with which to verity the existing account", "providerId": "basic-flow", @@ -1521,7 +1562,7 @@ ] }, { - "id": "122857d2-33da-4086-8acb-cb0e303aaf1b", + "id": "8813b6d1-8b88-4672-b29b-8420ce3f3975", "alias": "Authentication Options", "description": "Authentication options.", "providerId": "basic-flow", @@ -1555,7 +1596,7 @@ ] }, { - "id": "abf5dd35-4791-4268-a10c-5f4b6a06b84a", + "id": "a9937c40-a1ee-4c57-adf7-ede0a9983953", "alias": "Browser - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -1581,7 +1622,7 @@ ] }, { - "id": "a18daeec-a33c-4a43-b014-10c84ec69b81", + "id": "2d494b5a-eb73-40d0-94d3-a8d8024a7db4", "alias": "Direct Grant - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -1607,7 +1648,7 @@ ] }, { - "id": "e9f032a7-32f7-457c-becf-011a1a35cc6a", + "id": "2e977f5a-8110-412b-b704-3e15164dbb1b", "alias": "First broker login - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -1633,7 +1674,7 @@ ] }, { - "id": "9db65b7c-98ca-4003-beea-611038831ffe", + "id": "6f171b4b-8723-4e6d-bb1e-6b4293a7bb3f", "alias": "Handle Existing Account", "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", "providerId": "basic-flow", @@ -1659,7 +1700,7 @@ ] }, { - "id": "7bd0854c-d7ae-43d7-a1ae-7b759a34cb1d", + "id": "2dbb7f27-757d-4178-8217-4a24fdb0163c", "alias": "Reset - Conditional OTP", "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", "providerId": "basic-flow", @@ -1685,7 +1726,7 @@ ] }, { - "id": "2de1a450-fe98-443a-9c6c-d24d8a7ebcb3", + "id": "7295aaf7-acf4-4b78-8186-d2415ea4ede0", "alias": "User creation or linking", "description": "Flow for the existing/non-existing user alternatives", "providerId": "basic-flow", @@ -1712,7 +1753,7 @@ ] }, { - "id": "7b3efad5-4b7d-4385-a41c-fecc73afdcc4", + "id": "e0d34d7c-7bbb-4847-8864-fbd97a1f3e89", "alias": "Verify Existing Account by Re-authentication", "description": "Reauthentication of existing account", "providerId": "basic-flow", @@ -1738,7 +1779,7 @@ ] }, { - "id": "de93418e-8f28-4099-b15e-ad36ec194796", + "id": "5f3d0fb0-d95e-4841-89d3-a27d0cdbbcb4", "alias": "browser", "description": "browser based authentication", "providerId": "basic-flow", @@ -1780,7 +1821,7 @@ ] }, { - "id": "0dd3345c-6e82-4c3a-a39a-d49ae1f5c409", + "id": "c246380d-af25-4151-ab19-1f1e5b553008", "alias": "clients", "description": "Base authentication for clients", "providerId": "client-flow", @@ -1822,7 +1863,7 @@ ] }, { - "id": "87fb4dd0-5326-47a1-b670-982f4872ff89", + "id": "abacf398-0f1f-4f28-a310-8d306d588048", "alias": "direct grant", "description": "OpenID Connect Resource Owner Grant", "providerId": "basic-flow", @@ -1856,7 +1897,7 @@ ] }, { - "id": "344723b3-4ab1-4999-abdd-32398e82327b", + "id": "a0f87683-619a-44d4-8b4f-4b053bba2346", "alias": "docker auth", "description": "Used by Docker clients to authenticate against the IDP", "providerId": "basic-flow", @@ -1874,7 +1915,7 @@ ] }, { - "id": "f3341938-caf9-4c8a-9cd5-eb34609809ab", + "id": "e8820c7c-22a7-4618-beb7-3e09be72c00c", "alias": "first broker login", "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", "providerId": "basic-flow", @@ -1901,7 +1942,7 @@ ] }, { - "id": "ba7b7357-e324-4b71-9bda-f8512a760e02", + "id": "cac00c38-ee44-44c9-b95e-cc755bab36ef", "alias": "forms", "description": "Username, password, otp and other auth forms.", "providerId": "basic-flow", @@ -1927,7 +1968,7 @@ ] }, { - "id": "134971e6-bf63-432c-806e-74ca4fb09963", + "id": "688cde36-507e-4a68-afdf-18ec4ad626a7", "alias": "http challenge", "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", "providerId": "basic-flow", @@ -1953,7 +1994,7 @@ ] }, { - "id": "6ea9e2cf-5684-4c65-8c07-930d1cbb0b46", + "id": "e058697c-f450-4f14-ae64-04e9299fa24f", "alias": "registration", "description": "registration flow", "providerId": "basic-flow", @@ -1972,7 +2013,7 @@ ] }, { - "id": "67e3c8c7-1b5e-4119-84a2-e90876293150", + "id": "ad768088-32c9-4979-90dd-61bf111fd72e", "alias": "registration form", "description": "registration form", "providerId": "form-flow", @@ -2014,7 +2055,7 @@ ] }, { - "id": "fc6d48ec-a1f1-41b1-9310-54f58861d5aa", + "id": "47d4b090-f965-4588-b5bc-029ccb59876f", "alias": "reset credentials", "description": "Reset credentials for a user if they forgot their password or something", "providerId": "basic-flow", @@ -2056,7 +2097,7 @@ ] }, { - "id": "80b1d464-c2ec-4eb1-82e8-32cbede779a8", + "id": "1f68feec-7f99-4c49-afe6-45d46684ca21", "alias": "saml ecp", "description": "SAML ECP Profile Authentication Flow", "providerId": "basic-flow", @@ -2076,14 +2117,14 @@ ], "authenticatorConfig": [ { - "id": "86b1d5fa-450c-40d8-899c-725861ac39fc", + "id": "bd7365c7-842b-4bc6-a4ca-498cf025c210", "alias": "create unique user config", "config": { "require.password.update.after.registration": "false" } }, { - "id": "ea724f02-029a-493d-b4d3-08972be21cfb", + "id": "b929192d-f650-4a09-9701-3d3216547552", "alias": "review profile config", "config": { "update.profile.on.first.login": "missing" diff --git a/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-21.json b/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-21.json index adfc1e78..a4e9f84b 100644 --- a/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-21.json +++ b/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-21.json @@ -73,7 +73,7 @@ "composites": { "realm": ["offline_access", "uma_authorization"], "client": { - "account": ["delete-account", "view-profile", "manage-account"] + "account": ["view-profile", "manage-account", "delete-account"] } }, "clientRole": false, @@ -456,6 +456,40 @@ "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": ["default-roles-myrealm"], + "clientRoles": { + "realm-management": [ + "create-client", + "view-identity-providers", + "manage-realm", + "query-groups", + "manage-clients", + "query-users", + "realm-admin", + "view-authorization", + "view-events", + "view-clients", + "view-realm", + "manage-events", + "query-realms", + "query-clients", + "manage-identity-providers", + "manage-users", + "view-users", + "impersonation", + "manage-authorization" + ], + "broker": ["read-token"], + "account": [ + "view-profile", + "manage-account-links", + "view-applications", + "manage-consent", + "delete-account", + "manage-account", + "view-groups", + "view-consent" + ] + }, "notBefore": 0, "groups": [] } @@ -521,8 +555,12 @@ "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "redirectUris": ["/realms/myrealm/account/*"], - "webOrigins": [], + "redirectUris": [ + "http://localhost*", + "http://127.0.0.1*", + "/realms/myrealm/account/*" + ], + "webOrigins": ["*"], "notBefore": 0, "bearerOnly": false, "consentRequired": false, @@ -657,7 +695,6 @@ "attributes": { "oidc.ciba.grant.enabled": "false", "backchannel.logout.session.required": "true", - "login_theme": "keycloakify-starter", "post.logout.redirect.uris": "+", "display.on.consent.screen": "false", "oauth2.device.authorization.grant.enabled": "false", @@ -718,8 +755,12 @@ "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "redirectUris": ["/admin/myrealm/console/*"], - "webOrigins": ["+"], + "redirectUris": [ + "http://localhost*", + "http://127.0.0.1*", + "/admin/myrealm/console/*" + ], + "webOrigins": ["*"], "notBefore": 0, "bearerOnly": false, "consentRequired": false, @@ -1298,11 +1339,11 @@ }, "smtpServer": {}, "loginTheme": "keycloakify-starter", - "accountTheme": "keycloakify-starter", + "accountTheme": "", "adminTheme": "", "emailTheme": "", "eventsEnabled": false, - "eventsListeners": ["jboss-logging"], + "eventsListeners": ["keycloakify-logging", "jboss-logging"], "enabledEventTypes": [], "adminEventsEnabled": false, "adminEventsDetailsEnabled": false, @@ -1318,13 +1359,13 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-usermodel-property-mapper", + "saml-user-attribute-mapper", + "saml-user-property-mapper", + "oidc-sha256-pairwise-sub-mapper", + "saml-role-list-mapper", "oidc-usermodel-attribute-mapper", "oidc-full-name-mapper", - "saml-user-property-mapper", - "saml-role-list-mapper", - "saml-user-attribute-mapper", - "oidc-sha256-pairwise-sub-mapper", + "oidc-usermodel-property-mapper", "oidc-address-mapper" ] } @@ -1374,14 +1415,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-sha256-pairwise-sub-mapper", "oidc-address-mapper", - "oidc-full-name-mapper", "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", - "saml-user-attribute-mapper", + "oidc-full-name-mapper", + "oidc-sha256-pairwise-sub-mapper", + "saml-user-property-mapper", "saml-role-list-mapper", - "saml-user-property-mapper" + "saml-user-attribute-mapper" ] } }, diff --git a/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-23.json b/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-23.json index 6b498de1..8e720d31 100644 --- a/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-23.json +++ b/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-23.json @@ -55,7 +55,7 @@ "composites": { "realm": ["offline_access", "uma_authorization"], "client": { - "account": ["delete-account", "view-profile", "manage-account"] + "account": ["view-profile", "delete-account", "manage-account"] } }, "clientRole": false, @@ -459,6 +459,40 @@ "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": ["default-roles-myrealm"], + "clientRoles": { + "realm-management": [ + "query-clients", + "manage-identity-providers", + "create-client", + "view-users", + "query-groups", + "view-realm", + "manage-authorization", + "view-authorization", + "query-users", + "impersonation", + "realm-admin", + "manage-users", + "view-identity-providers", + "manage-realm", + "manage-clients", + "query-realms", + "view-events", + "manage-events", + "view-clients" + ], + "broker": ["read-token"], + "account": [ + "manage-account", + "view-consent", + "view-groups", + "delete-account", + "view-applications", + "manage-account-links", + "view-profile", + "manage-consent" + ] + }, "notBefore": 0, "groups": [] } @@ -505,7 +539,6 @@ "attributes": { "oidc.ciba.grant.enabled": "false", "backchannel.logout.session.required": "true", - "login_theme": "keycloakify-starter", "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "display.on.consent.screen": "false", @@ -532,8 +565,12 @@ "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "redirectUris": ["/realms/myrealm/account/*"], - "webOrigins": [], + "redirectUris": [ + "http://localhost*", + "http://127.0.0.1*", + "/realms/myrealm/account/*" + ], + "webOrigins": ["*"], "notBefore": 0, "bearerOnly": false, "consentRequired": false, @@ -649,7 +686,11 @@ "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "redirectUris": ["https://my-theme.keycloakify.dev/*", "http://localhost*"], + "redirectUris": [ + "https://my-theme.keycloakify.dev/*", + "http://localhost*", + "http://127.0.0.1*" + ], "webOrigins": ["*"], "notBefore": 0, "bearerOnly": false, @@ -664,8 +705,7 @@ "attributes": { "oidc.ciba.grant.enabled": "false", "backchannel.logout.session.required": "true", - "login_theme": "keycloakify-starter", - "post.logout.redirect.uris": "https://my-theme.keycloakify.dev/*", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "display.on.consent.screen": "false", "backchannel.logout.revoke.offline.tokens": "false" @@ -725,8 +765,12 @@ "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "redirectUris": ["/admin/myrealm/console/*"], - "webOrigins": ["+"], + "redirectUris": [ + "http://localhost*", + "http://127.0.0.1*", + "/admin/myrealm/console/*" + ], + "webOrigins": ["*"], "notBefore": 0, "bearerOnly": false, "consentRequired": false, @@ -1336,12 +1380,12 @@ "strictTransportSecurity": "max-age=31536000; includeSubDomains" }, "smtpServer": {}, - "loginTheme": "", - "accountTheme": "keycloakify-starter", + "loginTheme": "keycloakify-starter", + "accountTheme": "", "adminTheme": "", "emailTheme": "", "eventsEnabled": false, - "eventsListeners": ["jboss-logging"], + "eventsListeners": ["keycloakify-logging", "jboss-logging"], "enabledEventTypes": [], "adminEventsEnabled": false, "adminEventsDetailsEnabled": false, @@ -1357,13 +1401,13 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-sha256-pairwise-sub-mapper", - "saml-user-property-mapper", - "oidc-address-mapper", - "oidc-full-name-mapper", "saml-role-list-mapper", + "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-attribute-mapper", "saml-user-attribute-mapper", + "oidc-full-name-mapper", + "oidc-address-mapper", + "saml-user-property-mapper", "oidc-usermodel-property-mapper" ] } @@ -1433,13 +1477,13 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "saml-role-list-mapper", - "oidc-full-name-mapper", - "oidc-address-mapper", "saml-user-attribute-mapper", - "oidc-sha256-pairwise-sub-mapper", + "saml-role-list-mapper", "oidc-usermodel-attribute-mapper", + "oidc-address-mapper", "saml-user-property-mapper", + "oidc-full-name-mapper", + "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-property-mapper" ] } diff --git a/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-24.json b/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-24.json index 9b1de90a..73793582 100644 --- a/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-24.json +++ b/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-24.json @@ -1496,7 +1496,7 @@ }, "smtpServer": {}, "loginTheme": "keycloakify-starter", - "accountTheme": "keycloakify-starter", + "accountTheme": "", "adminTheme": "", "emailTheme": "", "eventsEnabled": false, diff --git a/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-25.json b/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-25.json index 9a4e83be..969f3bc9 100644 --- a/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-25.json +++ b/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-25.json @@ -1588,7 +1588,7 @@ }, "smtpServer": {}, "loginTheme": "keycloakify-starter", - "accountTheme": "keycloakify-starter", + "accountTheme": "", "adminTheme": "", "emailTheme": "", "eventsEnabled": false, diff --git a/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-26.json b/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-26.json index 10ca6d51..1ae0dcd7 100644 --- a/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-26.json +++ b/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-26.json @@ -1614,99 +1614,7 @@ "emailTheme": "", "eventsEnabled": false, "eventsListeners": ["keycloakify-logging", "jboss-logging"], - "enabledEventTypes": [ - "SEND_RESET_PASSWORD", - "UPDATE_CONSENT_ERROR", - "GRANT_CONSENT", - "VERIFY_PROFILE_ERROR", - "REMOVE_TOTP", - "REVOKE_GRANT", - "UPDATE_TOTP", - "LOGIN_ERROR", - "CLIENT_LOGIN", - "RESET_PASSWORD_ERROR", - "UPDATE_CREDENTIAL", - "IMPERSONATE_ERROR", - "CODE_TO_TOKEN_ERROR", - "CUSTOM_REQUIRED_ACTION", - "OAUTH2_DEVICE_CODE_TO_TOKEN_ERROR", - "RESTART_AUTHENTICATION", - "IMPERSONATE", - "UPDATE_PROFILE_ERROR", - "LOGIN", - "OAUTH2_DEVICE_VERIFY_USER_CODE", - "UPDATE_PASSWORD_ERROR", - "CLIENT_INITIATED_ACCOUNT_LINKING", - "OAUTH2_EXTENSION_GRANT", - "USER_DISABLED_BY_PERMANENT_LOCKOUT", - "REMOVE_CREDENTIAL_ERROR", - "TOKEN_EXCHANGE", - "AUTHREQID_TO_TOKEN", - "LOGOUT", - "REGISTER", - "DELETE_ACCOUNT_ERROR", - "CLIENT_REGISTER", - "IDENTITY_PROVIDER_LINK_ACCOUNT", - "USER_DISABLED_BY_TEMPORARY_LOCKOUT", - "DELETE_ACCOUNT", - "UPDATE_PASSWORD", - "CLIENT_DELETE", - "FEDERATED_IDENTITY_LINK_ERROR", - "IDENTITY_PROVIDER_FIRST_LOGIN", - "CLIENT_DELETE_ERROR", - "VERIFY_EMAIL", - "CLIENT_LOGIN_ERROR", - "RESTART_AUTHENTICATION_ERROR", - "EXECUTE_ACTIONS", - "REMOVE_FEDERATED_IDENTITY_ERROR", - "TOKEN_EXCHANGE_ERROR", - "PERMISSION_TOKEN", - "FEDERATED_IDENTITY_OVERRIDE_LINK", - "SEND_IDENTITY_PROVIDER_LINK_ERROR", - "UPDATE_CREDENTIAL_ERROR", - "EXECUTE_ACTION_TOKEN_ERROR", - "OAUTH2_EXTENSION_GRANT_ERROR", - "SEND_VERIFY_EMAIL", - "OAUTH2_DEVICE_AUTH", - "EXECUTE_ACTIONS_ERROR", - "REMOVE_FEDERATED_IDENTITY", - "OAUTH2_DEVICE_CODE_TO_TOKEN", - "IDENTITY_PROVIDER_POST_LOGIN", - "IDENTITY_PROVIDER_LINK_ACCOUNT_ERROR", - "FEDERATED_IDENTITY_OVERRIDE_LINK_ERROR", - "OAUTH2_DEVICE_VERIFY_USER_CODE_ERROR", - "UPDATE_EMAIL", - "REGISTER_ERROR", - "REVOKE_GRANT_ERROR", - "EXECUTE_ACTION_TOKEN", - "LOGOUT_ERROR", - "UPDATE_EMAIL_ERROR", - "CLIENT_UPDATE_ERROR", - "AUTHREQID_TO_TOKEN_ERROR", - "INVITE_ORG_ERROR", - "UPDATE_PROFILE", - "CLIENT_REGISTER_ERROR", - "FEDERATED_IDENTITY_LINK", - "INVITE_ORG", - "SEND_IDENTITY_PROVIDER_LINK", - "SEND_VERIFY_EMAIL_ERROR", - "RESET_PASSWORD", - "CLIENT_INITIATED_ACCOUNT_LINKING_ERROR", - "OAUTH2_DEVICE_AUTH_ERROR", - "REMOVE_CREDENTIAL", - "UPDATE_CONSENT", - "REMOVE_TOTP_ERROR", - "VERIFY_EMAIL_ERROR", - "SEND_RESET_PASSWORD_ERROR", - "CLIENT_UPDATE", - "CUSTOM_REQUIRED_ACTION_ERROR", - "IDENTITY_PROVIDER_POST_LOGIN_ERROR", - "UPDATE_TOTP_ERROR", - "CODE_TO_TOKEN", - "VERIFY_PROFILE", - "GRANT_CONSENT_ERROR", - "IDENTITY_PROVIDER_FIRST_LOGIN_ERROR" - ], + "enabledEventTypes": [], "adminEventsEnabled": false, "adminEventsDetailsEnabled": false, "identityProviders": [], diff --git a/src/bin/start-keycloak/start-keycloak.ts b/src/bin/start-keycloak/start-keycloak.ts index 5794e74f..a4b88a58 100644 --- a/src/bin/start-keycloak/start-keycloak.ts +++ b/src/bin/start-keycloak/start-keycloak.ts @@ -253,13 +253,22 @@ export async function command(params: { assert(jarFilePath !== undefined); const extensionJarFilePaths = [ - pathJoin( - getThisCodebaseRootDirPath(), - "src", - "bin", - "start-keycloak", - KEYCLOAKIFY_LOGIN_JAR_BASENAME - ), + ...(keycloakMajorVersionNumber <= 20 + ? (console.log( + chalk.yellow( + "WARNING: With older version of keycloak your changes to the realm configuration are not persisted" + ) + ), + []) + : [ + pathJoin( + getThisCodebaseRootDirPath(), + "src", + "bin", + "start-keycloak", + KEYCLOAKIFY_LOGIN_JAR_BASENAME + ) + ]), ...(await Promise.all( buildContext.startKeycloakOptions.extensionJars.map(async extensionJar => { switch (extensionJar.type) {