Keycloak

Форк
0
/
example-realm.yaml 
1848 строк · 63.7 Кб
1
apiVersion: k8s.keycloak.org/v2alpha1
2
kind: KeycloakRealmImport
3
metadata:
4
  name: example-count0-kc
5
spec:
6
  keycloakCRName: example-kc
7
  realm:
8
    id: count0
9
    realm: count0
10
    notBefore: 0
11
    defaultSignatureAlgorithm: RS256
12
    revokeRefreshToken: false
13
    refreshTokenMaxReuse: 0
14
    accessTokenLifespan: 300
15
    accessTokenLifespanForImplicitFlow: 900
16
    ssoSessionIdleTimeout: 1800
17
    ssoSessionMaxLifespan: 36000
18
    ssoSessionIdleTimeoutRememberMe: 0
19
    ssoSessionMaxLifespanRememberMe: 0
20
    offlineSessionIdleTimeout: 3000
21
    offlineSessionMaxLifespanEnabled: false
22
    offlineSessionMaxLifespan: 5184000
23
    clientSessionIdleTimeout: 0
24
    clientSessionMaxLifespan: 0
25
    clientOfflineSessionIdleTimeout: 0
26
    clientOfflineSessionMaxLifespan: 0
27
    accessCodeLifespan: 60
28
    accessCodeLifespanUserAction: 300
29
    accessCodeLifespanLogin: 1800
30
    actionTokenGeneratedByAdminLifespan: 43200
31
    actionTokenGeneratedByUserLifespan: 300
32
    oauth2DeviceCodeLifespan: 600
33
    oauth2DevicePollingInterval: 5
34
    enabled: true
35
    sslRequired: external
36
    registrationAllowed: true
37
    registrationEmailAsUsername: false
38
    rememberMe: false
39
    verifyEmail: false
40
    loginWithEmailAllowed: true
41
    duplicateEmailsAllowed: false
42
    resetPasswordAllowed: false
43
    editUsernameAllowed: false
44
    bruteForceProtected: false
45
    permanentLockout: false
46
    maxFailureWaitSeconds: 900
47
    minimumQuickLoginWaitSeconds: 60
48
    waitIncrementSeconds: 60
49
    quickLoginCheckMilliSeconds: 1000
50
    maxDeltaTimeSeconds: 43200
51
    failureFactor: 30
52
    roles:
53
      realm:
54
      - id: c118f6c0-db44-4b29-a439-573b0d828e61
55
        name: count0
56
        composite: false
57
        clientRole: false
58
        containerId: count0
59
        attributes: {}
60
      - id: 999fa353-a573-4a20-b8b0-07d7e52faf85
61
        name: default-roles-count0
62
        description: "${role_default-roles}"
63
        composite: true
64
        composites:
65
          realm:
66
          - offline_access
67
          - uma_authorization
68
          client:
69
            account:
70
            - view-profile
71
            - manage-account
72
        clientRole: false
73
        containerId: count0
74
        attributes: {}
75
      - id: 62564c32-9ede-401c-9539-b12161c61b9e
76
        name: offline_access
77
        description: "${role_offline-access}"
78
        composite: false
79
        clientRole: false
80
        containerId: count0
81
        attributes: {}
82
      - id: 73322596-197c-4dd6-b15c-e60ee2ae2bf2
83
        name: count1
84
        composite: false
85
        clientRole: false
86
        containerId: count0
87
        attributes: {}
88
      - id: 0aa06753-f4f6-471a-b6c2-90ab65c960fe
89
        name: count2
90
        composite: false
91
        clientRole: false
92
        containerId: count0
93
        attributes: {}
94
      - id: bcc954ae-9cae-4e65-8044-757178afb8e7
95
        name: uma_authorization
96
        description: "${role_uma_authorization}"
97
        composite: false
98
        clientRole: false
99
        containerId: count0
100
        attributes: {}
101
      client:
102
        count1:
103
        - id: dc85702e-7b9a-4fe3-b508-ba6c2911a553
104
          name: count1-count1
105
          composite: false
106
          clientRole: true
107
          containerId: 814dc112-4eaa-4d79-b67d-c56ec58b667d
108
          attributes: {}
109
        - id: 8ca90cc8-5846-4af3-8d67-59637b60aa67
110
          name: count1-count2
111
          composite: false
112
          clientRole: true
113
          containerId: 814dc112-4eaa-4d79-b67d-c56ec58b667d
114
          attributes: {}
115
        - id: 026cc9d9-8bec-4598-89b9-07e5cac2d261
116
          name: count1-count0
117
          composite: false
118
          clientRole: true
119
          containerId: 814dc112-4eaa-4d79-b67d-c56ec58b667d
120
          attributes: {}
121
        count2:
122
        - id: 9b30a355-c544-45f5-8b4d-77c797c518ad
123
          name: count2-count1
124
          composite: false
125
          clientRole: true
126
          containerId: 363a2d11-f108-4601-ac99-1492326fb965
127
          attributes: {}
128
        - id: 96c4cf02-60ec-469b-8fb0-cfbd2cdcd668
129
          name: count2-count0
130
          composite: false
131
          clientRole: true
132
          containerId: 363a2d11-f108-4601-ac99-1492326fb965
133
          attributes: {}
134
        - id: e154dc95-c90b-446a-b8a2-ec2acea2b1fa
135
          name: count2-count2
136
          composite: false
137
          clientRole: true
138
          containerId: 363a2d11-f108-4601-ac99-1492326fb965
139
          attributes: {}
140
        realm-management:
141
        - id: 5b2334dd-fb70-4454-ad6a-9ff9922d05a3
142
          name: manage-users
143
          description: "${role_manage-users}"
144
          composite: false
145
          clientRole: true
146
          containerId: a3890d4c-f2ba-41e9-a0a2-ab644681efa6
147
          attributes: {}
148
        - id: d2a8141c-bc34-4091-b06d-ae5fe89e7c95
149
          name: impersonation
150
          description: "${role_impersonation}"
151
          composite: false
152
          clientRole: true
153
          containerId: a3890d4c-f2ba-41e9-a0a2-ab644681efa6
154
          attributes: {}
155
        - id: 480cc091-2ea3-47d9-ac1b-d4b23bceaaf3
156
          name: query-users
157
          description: "${role_query-users}"
158
          composite: false
159
          clientRole: true
160
          containerId: a3890d4c-f2ba-41e9-a0a2-ab644681efa6
161
          attributes: {}
162
        - id: 55407170-0249-4528-9754-7b2ed0a7e66d
163
          name: view-events
164
          description: "${role_view-events}"
165
          composite: false
166
          clientRole: true
167
          containerId: a3890d4c-f2ba-41e9-a0a2-ab644681efa6
168
          attributes: {}
169
        - id: 4b3ab5d8-f6d8-4e2c-a8f8-73288fd795cd
170
          name: view-realm
171
          description: "${role_view-realm}"
172
          composite: false
173
          clientRole: true
174
          containerId: a3890d4c-f2ba-41e9-a0a2-ab644681efa6
175
          attributes: {}
176
        - id: f891606c-53ca-4016-ac1d-63db511920a3
177
          name: realm-admin
178
          description: "${role_realm-admin}"
179
          composite: true
180
          composites:
181
            client:
182
              realm-management:
183
              - manage-users
184
              - query-users
185
              - impersonation
186
              - view-events
187
              - view-realm
188
              - query-clients
189
              - view-authorization
190
              - view-clients
191
              - manage-authorization
192
              - view-identity-providers
193
              - query-groups
194
              - manage-identity-providers
195
              - manage-events
196
              - manage-realm
197
              - query-realms
198
              - create-client
199
              - manage-clients
200
              - view-users
201
          clientRole: true
202
          containerId: a3890d4c-f2ba-41e9-a0a2-ab644681efa6
203
          attributes: {}
204
        - id: 364de0ba-8c23-4f3a-a976-baebe67ed214
205
          name: query-clients
206
          description: "${role_query-clients}"
207
          composite: false
208
          clientRole: true
209
          containerId: a3890d4c-f2ba-41e9-a0a2-ab644681efa6
210
          attributes: {}
211
        - id: 49ffec23-bf9e-42b2-8056-0215e77076d1
212
          name: view-authorization
213
          description: "${role_view-authorization}"
214
          composite: false
215
          clientRole: true
216
          containerId: a3890d4c-f2ba-41e9-a0a2-ab644681efa6
217
          attributes: {}
218
        - id: 68330c4e-3728-4886-8fb4-f2367b018aa3
219
          name: manage-authorization
220
          description: "${role_manage-authorization}"
221
          composite: false
222
          clientRole: true
223
          containerId: a3890d4c-f2ba-41e9-a0a2-ab644681efa6
224
          attributes: {}
225
        - id: 41efa448-9770-4e61-a544-a3ff8691cd57
226
          name: view-clients
227
          description: "${role_view-clients}"
228
          composite: true
229
          composites:
230
            client:
231
              realm-management:
232
              - query-clients
233
          clientRole: true
234
          containerId: a3890d4c-f2ba-41e9-a0a2-ab644681efa6
235
          attributes: {}
236
        - id: 7fdcbae6-d073-4ead-a7ec-091d2d84ea4a
237
          name: view-identity-providers
238
          description: "${role_view-identity-providers}"
239
          composite: false
240
          clientRole: true
241
          containerId: a3890d4c-f2ba-41e9-a0a2-ab644681efa6
242
          attributes: {}
243
        - id: 7b890fde-b854-4d90-baf0-5b9c9e0b4ea6
244
          name: manage-identity-providers
245
          description: "${role_manage-identity-providers}"
246
          composite: false
247
          clientRole: true
248
          containerId: a3890d4c-f2ba-41e9-a0a2-ab644681efa6
249
          attributes: {}
250
        - id: 4adeb720-65b2-4bb2-bfd5-82e10cc09f8e
251
          name: query-groups
252
          description: "${role_query-groups}"
253
          composite: false
254
          clientRole: true
255
          containerId: a3890d4c-f2ba-41e9-a0a2-ab644681efa6
256
          attributes: {}
257
        - id: 52d2867c-ef0d-48d9-81b4-89a9e0f986df
258
          name: manage-events
259
          description: "${role_manage-events}"
260
          composite: false
261
          clientRole: true
262
          containerId: a3890d4c-f2ba-41e9-a0a2-ab644681efa6
263
          attributes: {}
264
        - id: 67d3f7db-131c-44df-ad5a-6b41eaecb835
265
          name: manage-realm
266
          description: "${role_manage-realm}"
267
          composite: false
268
          clientRole: true
269
          containerId: a3890d4c-f2ba-41e9-a0a2-ab644681efa6
270
          attributes: {}
271
        - id: cbcbcc57-9742-47cb-910b-d795df46327b
272
          name: query-realms
273
          description: "${role_query-realms}"
274
          composite: false
275
          clientRole: true
276
          containerId: a3890d4c-f2ba-41e9-a0a2-ab644681efa6
277
          attributes: {}
278
        - id: 74ff0c3a-90cd-4ad2-8c6e-f024d40d5f0a
279
          name: create-client
280
          description: "${role_create-client}"
281
          composite: false
282
          clientRole: true
283
          containerId: a3890d4c-f2ba-41e9-a0a2-ab644681efa6
284
          attributes: {}
285
        - id: 7e884119-1623-4b56-ae72-e33941f30a46
286
          name: manage-clients
287
          description: "${role_manage-clients}"
288
          composite: false
289
          clientRole: true
290
          containerId: a3890d4c-f2ba-41e9-a0a2-ab644681efa6
291
          attributes: {}
292
        - id: a0ef6938-57f1-46bd-bf45-b4eb0ee14723
293
          name: view-users
294
          description: "${role_view-users}"
295
          composite: true
296
          composites:
297
            client:
298
              realm-management:
299
              - query-users
300
              - query-groups
301
          clientRole: true
302
          containerId: a3890d4c-f2ba-41e9-a0a2-ab644681efa6
303
          attributes: {}
304
        count0:
305
        - id: 44e64e53-4bb2-4b51-93f4-7df74ad22168
306
          name: count0-count0
307
          composite: false
308
          clientRole: true
309
          containerId: 06ff4737-f005-495a-8755-4e7bcdffbc30
310
          attributes: {}
311
        - id: 41d429f0-0993-4f00-bf29-8799ddd6af13
312
          name: count0-count2
313
          composite: false
314
          clientRole: true
315
          containerId: 06ff4737-f005-495a-8755-4e7bcdffbc30
316
          attributes: {}
317
        - id: 522ffb44-d76a-4118-9d95-a99e4a6cd4af
318
          name: count0-count1
319
          composite: false
320
          clientRole: true
321
          containerId: 06ff4737-f005-495a-8755-4e7bcdffbc30
322
          attributes: {}
323
        security-admin-console: []
324
        admin-cli: []
325
        account-console: []
326
        broker:
327
        - id: 77536924-22e3-4f93-9949-e684f5f9df6e
328
          name: read-token
329
          description: "${role_read-token}"
330
          composite: false
331
          clientRole: true
332
          containerId: 18730050-7e05-432c-93e1-cd758ae6a776
333
          attributes: {}
334
        account:
335
        - id: 052ec680-28fe-45c6-9013-dd3151cdedc8
336
          name: view-profile
337
          description: "${role_view-profile}"
338
          composite: false
339
          clientRole: true
340
          containerId: a3fa25e9-f927-436e-b4ff-32926fd776be
341
          attributes: {}
342
        - id: 2416518b-f8db-4b7c-a3d5-d97d8a8bb932
343
          name: manage-account-links
344
          description: "${role_manage-account-links}"
345
          composite: false
346
          clientRole: true
347
          containerId: a3fa25e9-f927-436e-b4ff-32926fd776be
348
          attributes: {}
349
        - id: 8b1b17bf-97c7-427a-88f2-9dc9198beb8e
350
          name: view-applications
351
          description: "${role_view-applications}"
352
          composite: false
353
          clientRole: true
354
          containerId: a3fa25e9-f927-436e-b4ff-32926fd776be
355
          attributes: {}
356
        - id: 9eef4927-3d35-49de-97c4-93a6c9af0171
357
          name: view-consent
358
          description: "${role_view-consent}"
359
          composite: false
360
          clientRole: true
361
          containerId: a3fa25e9-f927-436e-b4ff-32926fd776be
362
          attributes: {}
363
        - id: ff51791a-0dd9-4d97-90e6-9cb9ad2f4ee2
364
          name: delete-account
365
          description: "${role_delete-account}"
366
          composite: false
367
          clientRole: true
368
          containerId: a3fa25e9-f927-436e-b4ff-32926fd776be
369
          attributes: {}
370
        - id: a3314060-34e6-4596-81f3-f21d81fa8877
371
          name: manage-consent
372
          description: "${role_manage-consent}"
373
          composite: true
374
          composites:
375
            client:
376
              account:
377
              - view-consent
378
          clientRole: true
379
          containerId: a3fa25e9-f927-436e-b4ff-32926fd776be
380
          attributes: {}
381
        - id: c2ccc00f-02be-46d5-b52e-6d26ef823615
382
          name: manage-account
383
          description: "${role_manage-account}"
384
          composite: true
385
          composites:
386
            client:
387
              account:
388
              - manage-account-links
389
          clientRole: true
390
          containerId: a3fa25e9-f927-436e-b4ff-32926fd776be
391
          attributes: {}
392
    groups:
393
    - id: 1f433252-3f96-44a2-95b4-db3ee2c4e224
394
      name: count0
395
      path: "/count0"
396
      attributes: {}
397
      realmRoles: []
398
      clientRoles: {}
399
      subGroups: []
400
    - id: afd4225b-1982-478b-a3ec-0a29ba8e127e
401
      name: count1
402
      path: "/count1"
403
      attributes: {}
404
      realmRoles: []
405
      clientRoles: {}
406
      subGroups: []
407
    - id: 3993c319-c7a1-4bd0-b4cc-353ba7318e33
408
      name: count2
409
      path: "/count2"
410
      attributes: {}
411
      realmRoles: []
412
      clientRoles: {}
413
      subGroups: []
414
    defaultRole:
415
      id: 999fa353-a573-4a20-b8b0-07d7e52faf85
416
      name: default-roles-count0
417
      description: "${role_default-roles}"
418
      composite: true
419
      clientRole: false
420
      containerId: count0
421
    requiredCredentials:
422
    - password
423
    passwordPolicy: hashIterations(3)
424
    otpPolicyType: totp
425
    otpPolicyAlgorithm: HmacSHA1
426
    otpPolicyInitialCounter: 0
427
    otpPolicyDigits: 6
428
    otpPolicyLookAheadWindow: 1
429
    otpPolicyPeriod: 30
430
    otpSupportedApplications:
431
    - FreeOTP
432
    - Google Authenticator
433
    webAuthnPolicyRpEntityName: keycloak
434
    webAuthnPolicySignatureAlgorithms:
435
    - ES256
436
    webAuthnPolicyRpId: ''
437
    webAuthnPolicyAttestationConveyancePreference: not specified
438
    webAuthnPolicyAuthenticatorAttachment: not specified
439
    webAuthnPolicyRequireResidentKey: not specified
440
    webAuthnPolicyUserVerificationRequirement: not specified
441
    webAuthnPolicyCreateTimeout: 0
442
    webAuthnPolicyAvoidSameAuthenticatorRegister: false
443
    webAuthnPolicyAcceptableAaguids: []
444
    webAuthnPolicyPasswordlessRpEntityName: keycloak
445
    webAuthnPolicyPasswordlessSignatureAlgorithms:
446
    - ES256
447
    webAuthnPolicyPasswordlessRpId: ''
448
    webAuthnPolicyPasswordlessAttestationConveyancePreference: not specified
449
    webAuthnPolicyPasswordlessAuthenticatorAttachment: not specified
450
    webAuthnPolicyPasswordlessRequireResidentKey: not specified
451
    webAuthnPolicyPasswordlessUserVerificationRequirement: not specified
452
    webAuthnPolicyPasswordlessCreateTimeout: 0
453
    webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister: false
454
    webAuthnPolicyPasswordlessAcceptableAaguids: []
455
    scopeMappings:
456
    - clientScope: offline_access
457
      roles:
458
      - offline_access
459
    clientScopeMappings:
460
      account:
461
      - client: account-console
462
        roles:
463
        - manage-account
464
    clients:
465
    - id: a3fa25e9-f927-436e-b4ff-32926fd776be
466
      clientId: account
467
      name: "${client_account}"
468
      rootUrl: "${authBaseUrl}"
469
      baseUrl: "/realms/count0/account/"
470
      surrogateAuthRequired: false
471
      enabled: true
472
      alwaysDisplayInConsole: false
473
      clientAuthenticatorType: client-secret
474
      redirectUris:
475
      - "/realms/count0/account/*"
476
      webOrigins: []
477
      notBefore: 0
478
      bearerOnly: false
479
      consentRequired: false
480
      standardFlowEnabled: true
481
      implicitFlowEnabled: false
482
      directAccessGrantsEnabled: false
483
      serviceAccountsEnabled: false
484
      publicClient: true
485
      frontchannelLogout: false
486
      protocol: openid-connect
487
      attributes: {}
488
      authenticationFlowBindingOverrides: {}
489
      fullScopeAllowed: false
490
      nodeReRegistrationTimeout: 0
491
      defaultClientScopes:
492
      - web-origins
493
      - profile
494
      - roles
495
      - email
496
      optionalClientScopes:
497
      - address
498
      - phone
499
      - offline_access
500
      - microprofile-jwt
501
    - id: 70e036ed-30f1-4a32-bf05-582fe24baa76
502
      clientId: account-console
503
      name: "${client_account-console}"
504
      rootUrl: "${authBaseUrl}"
505
      baseUrl: "/realms/count0/account/"
506
      surrogateAuthRequired: false
507
      enabled: true
508
      alwaysDisplayInConsole: false
509
      clientAuthenticatorType: client-secret
510
      redirectUris:
511
      - "/realms/count0/account/*"
512
      webOrigins: []
513
      notBefore: 0
514
      bearerOnly: false
515
      consentRequired: false
516
      standardFlowEnabled: true
517
      implicitFlowEnabled: false
518
      directAccessGrantsEnabled: false
519
      serviceAccountsEnabled: false
520
      publicClient: true
521
      frontchannelLogout: false
522
      protocol: openid-connect
523
      attributes:
524
        pkce.code.challenge.method: S256
525
      authenticationFlowBindingOverrides: {}
526
      fullScopeAllowed: false
527
      nodeReRegistrationTimeout: 0
528
      protocolMappers:
529
      - id: 2ae09f01-7ec3-4cef-ac18-81c4749ae4c6
530
        name: audience resolve
531
        protocol: openid-connect
532
        protocolMapper: oidc-audience-resolve-mapper
533
        consentRequired: false
534
        config: {}
535
      defaultClientScopes:
536
      - web-origins
537
      - profile
538
      - roles
539
      - email
540
      optionalClientScopes:
541
      - address
542
      - phone
543
      - offline_access
544
      - microprofile-jwt
545
    - id: 00f48072-5b8b-4e50-b97b-e2dcacabd753
546
      clientId: admin-cli
547
      name: "${client_admin-cli}"
548
      surrogateAuthRequired: false
549
      enabled: true
550
      alwaysDisplayInConsole: false
551
      clientAuthenticatorType: client-secret
552
      redirectUris: []
553
      webOrigins: []
554
      notBefore: 0
555
      bearerOnly: false
556
      consentRequired: false
557
      standardFlowEnabled: false
558
      implicitFlowEnabled: false
559
      directAccessGrantsEnabled: true
560
      serviceAccountsEnabled: false
561
      publicClient: true
562
      frontchannelLogout: false
563
      protocol: openid-connect
564
      attributes: {}
565
      authenticationFlowBindingOverrides: {}
566
      fullScopeAllowed: false
567
      nodeReRegistrationTimeout: 0
568
      defaultClientScopes:
569
      - web-origins
570
      - profile
571
      - roles
572
      - email
573
      optionalClientScopes:
574
      - address
575
      - phone
576
      - offline_access
577
      - microprofile-jwt
578
    - id: 18730050-7e05-432c-93e1-cd758ae6a776
579
      clientId: broker
580
      name: "${client_broker}"
581
      surrogateAuthRequired: false
582
      enabled: true
583
      alwaysDisplayInConsole: false
584
      clientAuthenticatorType: client-secret
585
      redirectUris: []
586
      webOrigins: []
587
      notBefore: 0
588
      bearerOnly: true
589
      consentRequired: false
590
      standardFlowEnabled: true
591
      implicitFlowEnabled: false
592
      directAccessGrantsEnabled: false
593
      serviceAccountsEnabled: false
594
      publicClient: false
595
      frontchannelLogout: false
596
      protocol: openid-connect
597
      attributes: {}
598
      authenticationFlowBindingOverrides: {}
599
      fullScopeAllowed: false
600
      nodeReRegistrationTimeout: 0
601
      defaultClientScopes:
602
      - web-origins
603
      - profile
604
      - roles
605
      - email
606
      optionalClientScopes:
607
      - address
608
      - phone
609
      - offline_access
610
      - microprofile-jwt
611
    - id: 06ff4737-f005-495a-8755-4e7bcdffbc30
612
      clientId: count0
613
      name: count0
614
      surrogateAuthRequired: false
615
      enabled: true
616
      alwaysDisplayInConsole: false
617
      clientAuthenticatorType: client-secret
618
      secret: count0-secret
619
      redirectUris:
620
      - "*"
621
      webOrigins: []
622
      notBefore: 0
623
      bearerOnly: false
624
      consentRequired: false
625
      standardFlowEnabled: true
626
      implicitFlowEnabled: false
627
      directAccessGrantsEnabled: true
628
      serviceAccountsEnabled: false
629
      publicClient: false
630
      frontchannelLogout: false
631
      protocol: openid-connect
632
      attributes:
633
        backchannel.logout.session.required: 'true'
634
        backchannel.logout.revoke.offline.tokens: 'false'
635
      authenticationFlowBindingOverrides: {}
636
      fullScopeAllowed: true
637
      nodeReRegistrationTimeout: -1
638
      defaultClientScopes:
639
      - web-origins
640
      - profile
641
      - roles
642
      - email
643
      optionalClientScopes:
644
      - address
645
      - phone
646
      - offline_access
647
      - microprofile-jwt
648
    - id: 814dc112-4eaa-4d79-b67d-c56ec58b667d
649
      clientId: count1
650
      name: count1
651
      surrogateAuthRequired: false
652
      enabled: true
653
      alwaysDisplayInConsole: false
654
      clientAuthenticatorType: client-secret
655
      secret: count1-secret
656
      redirectUris:
657
      - "*"
658
      webOrigins: []
659
      notBefore: 0
660
      bearerOnly: false
661
      consentRequired: false
662
      standardFlowEnabled: true
663
      implicitFlowEnabled: false
664
      directAccessGrantsEnabled: true
665
      serviceAccountsEnabled: false
666
      publicClient: false
667
      frontchannelLogout: false
668
      protocol: openid-connect
669
      attributes:
670
        backchannel.logout.session.required: 'true'
671
        backchannel.logout.revoke.offline.tokens: 'false'
672
      authenticationFlowBindingOverrides: {}
673
      fullScopeAllowed: true
674
      nodeReRegistrationTimeout: -1
675
      defaultClientScopes:
676
      - web-origins
677
      - profile
678
      - roles
679
      - email
680
      optionalClientScopes:
681
      - address
682
      - phone
683
      - offline_access
684
      - microprofile-jwt
685
    - id: 363a2d11-f108-4601-ac99-1492326fb965
686
      clientId: count2
687
      name: count2
688
      surrogateAuthRequired: false
689
      enabled: true
690
      alwaysDisplayInConsole: false
691
      clientAuthenticatorType: client-secret
692
      secret: count2-secret
693
      redirectUris:
694
      - "*"
695
      webOrigins: []
696
      notBefore: 0
697
      bearerOnly: false
698
      consentRequired: false
699
      standardFlowEnabled: true
700
      implicitFlowEnabled: false
701
      directAccessGrantsEnabled: true
702
      serviceAccountsEnabled: false
703
      publicClient: false
704
      frontchannelLogout: false
705
      protocol: openid-connect
706
      attributes:
707
        backchannel.logout.session.required: 'true'
708
        backchannel.logout.revoke.offline.tokens: 'false'
709
      authenticationFlowBindingOverrides: {}
710
      fullScopeAllowed: true
711
      nodeReRegistrationTimeout: -1
712
      defaultClientScopes:
713
      - web-origins
714
      - profile
715
      - roles
716
      - email
717
      optionalClientScopes:
718
      - address
719
      - phone
720
      - offline_access
721
      - microprofile-jwt
722
    - id: a3890d4c-f2ba-41e9-a0a2-ab644681efa6
723
      clientId: realm-management
724
      name: "${client_realm-management}"
725
      surrogateAuthRequired: false
726
      enabled: true
727
      alwaysDisplayInConsole: false
728
      clientAuthenticatorType: client-secret
729
      redirectUris: []
730
      webOrigins: []
731
      notBefore: 0
732
      bearerOnly: true
733
      consentRequired: false
734
      standardFlowEnabled: true
735
      implicitFlowEnabled: false
736
      directAccessGrantsEnabled: false
737
      serviceAccountsEnabled: false
738
      publicClient: false
739
      frontchannelLogout: false
740
      protocol: openid-connect
741
      attributes: {}
742
      authenticationFlowBindingOverrides: {}
743
      fullScopeAllowed: false
744
      nodeReRegistrationTimeout: 0
745
      defaultClientScopes:
746
      - web-origins
747
      - profile
748
      - roles
749
      - email
750
      optionalClientScopes:
751
      - address
752
      - phone
753
      - offline_access
754
      - microprofile-jwt
755
    - id: e267ec9d-feef-427b-85e0-04005e833862
756
      clientId: security-admin-console
757
      name: "${client_security-admin-console}"
758
      rootUrl: "${authAdminUrl}"
759
      baseUrl: "/admin/count0/console/"
760
      surrogateAuthRequired: false
761
      enabled: true
762
      alwaysDisplayInConsole: false
763
      clientAuthenticatorType: client-secret
764
      redirectUris:
765
      - "/admin/count0/console/*"
766
      webOrigins:
767
      - "+"
768
      notBefore: 0
769
      bearerOnly: false
770
      consentRequired: false
771
      standardFlowEnabled: true
772
      implicitFlowEnabled: false
773
      directAccessGrantsEnabled: false
774
      serviceAccountsEnabled: false
775
      publicClient: true
776
      frontchannelLogout: false
777
      protocol: openid-connect
778
      attributes:
779
        pkce.code.challenge.method: S256
780
      authenticationFlowBindingOverrides: {}
781
      fullScopeAllowed: false
782
      nodeReRegistrationTimeout: 0
783
      protocolMappers:
784
      - id: 0ddb8d6f-1dc0-4438-9f3f-58b44494ac64
785
        name: locale
786
        protocol: openid-connect
787
        protocolMapper: oidc-usermodel-attribute-mapper
788
        consentRequired: false
789
        config:
790
          userinfo.token.claim: 'true'
791
          user.attribute: locale
792
          id.token.claim: 'true'
793
          access.token.claim: 'true'
794
          claim.name: locale
795
          jsonType.label: String
796
      defaultClientScopes:
797
      - web-origins
798
      - profile
799
      - roles
800
      - email
801
      optionalClientScopes:
802
      - address
803
      - phone
804
      - offline_access
805
      - microprofile-jwt
806
    clientScopes:
807
    - id: ecc31530-edfc-4b32-a590-ff2bb3196a2f
808
      name: microprofile-jwt
809
      description: Microprofile - JWT built-in scope
810
      protocol: openid-connect
811
      attributes:
812
        include.in.token.scope: 'true'
813
        display.on.consent.screen: 'false'
814
      protocolMappers:
815
      - id: ae7b37a8-64ac-4e76-b8ab-506fbbe361db
816
        name: upn
817
        protocol: openid-connect
818
        protocolMapper: oidc-usermodel-property-mapper
819
        consentRequired: false
820
        config:
821
          userinfo.token.claim: 'true'
822
          user.attribute: username
823
          id.token.claim: 'true'
824
          access.token.claim: 'true'
825
          claim.name: upn
826
          jsonType.label: String
827
      - id: 73601a4f-3458-4c5c-b477-2643cba7af69
828
        name: groups
829
        protocol: openid-connect
830
        protocolMapper: oidc-usermodel-realm-role-mapper
831
        consentRequired: false
832
        config:
833
          multivalued: 'true'
834
          user.attribute: foo
835
          id.token.claim: 'true'
836
          access.token.claim: 'true'
837
          claim.name: groups
838
          jsonType.label: String
839
    - id: fa7ec00a-9b33-41f5-aaf9-40e039c81819
840
      name: offline_access
841
      description: 'OpenID Connect built-in scope: offline_access'
842
      protocol: openid-connect
843
      attributes:
844
        consent.screen.text: "${offlineAccessScopeConsentText}"
845
        display.on.consent.screen: 'true'
846
    - id: aa3ddce8-c8b1-4878-ad5f-8ea1a8751ff5
847
      name: address
848
      description: 'OpenID Connect built-in scope: address'
849
      protocol: openid-connect
850
      attributes:
851
        include.in.token.scope: 'true'
852
        display.on.consent.screen: 'true'
853
        consent.screen.text: "${addressScopeConsentText}"
854
      protocolMappers:
855
      - id: 82c7b138-ae7c-4106-9e3d-4b8a0febf737
856
        name: address
857
        protocol: openid-connect
858
        protocolMapper: oidc-address-mapper
859
        consentRequired: false
860
        config:
861
          user.attribute.formatted: formatted
862
          user.attribute.country: country
863
          user.attribute.postal_code: postal_code
864
          userinfo.token.claim: 'true'
865
          user.attribute.street: street
866
          id.token.claim: 'true'
867
          user.attribute.region: region
868
          access.token.claim: 'true'
869
          user.attribute.locality: locality
870
    - id: a4a63ca3-6eba-44ba-acc3-098e3fea5866
871
      name: profile
872
      description: 'OpenID Connect built-in scope: profile'
873
      protocol: openid-connect
874
      attributes:
875
        include.in.token.scope: 'true'
876
        display.on.consent.screen: 'true'
877
        consent.screen.text: "${profileScopeConsentText}"
878
      protocolMappers:
879
      - id: 3238cfd9-2d1f-4597-8942-063163d61bb6
880
        name: family name
881
        protocol: openid-connect
882
        protocolMapper: oidc-usermodel-property-mapper
883
        consentRequired: false
884
        config:
885
          userinfo.token.claim: 'true'
886
          user.attribute: lastName
887
          id.token.claim: 'true'
888
          access.token.claim: 'true'
889
          claim.name: family_name
890
          jsonType.label: String
891
      - id: 1b3aa687-e407-4d59-a7b6-987e0cfa7d17
892
        name: username
893
        protocol: openid-connect
894
        protocolMapper: oidc-usermodel-property-mapper
895
        consentRequired: false
896
        config:
897
          userinfo.token.claim: 'true'
898
          user.attribute: username
899
          id.token.claim: 'true'
900
          access.token.claim: 'true'
901
          claim.name: preferred_username
902
          jsonType.label: String
903
      - id: 7a6f9b34-4c02-4b27-98c4-6f75dca53a9f
904
        name: updated at
905
        protocol: openid-connect
906
        protocolMapper: oidc-usermodel-attribute-mapper
907
        consentRequired: false
908
        config:
909
          userinfo.token.claim: 'true'
910
          user.attribute: updatedAt
911
          id.token.claim: 'true'
912
          access.token.claim: 'true'
913
          claim.name: updated_at
914
          jsonType.label: String
915
      - id: 88303fbe-1894-4db7-8699-334373f288ce
916
        name: full name
917
        protocol: openid-connect
918
        protocolMapper: oidc-full-name-mapper
919
        consentRequired: false
920
        config:
921
          id.token.claim: 'true'
922
          access.token.claim: 'true'
923
          userinfo.token.claim: 'true'
924
      - id: e137e9ac-23cd-4ab9-a00d-7f1eb033d430
925
        name: given name
926
        protocol: openid-connect
927
        protocolMapper: oidc-usermodel-property-mapper
928
        consentRequired: false
929
        config:
930
          userinfo.token.claim: 'true'
931
          user.attribute: firstName
932
          id.token.claim: 'true'
933
          access.token.claim: 'true'
934
          claim.name: given_name
935
          jsonType.label: String
936
      - id: 5085b73e-6a8a-4564-a942-69869170d707
937
        name: middle name
938
        protocol: openid-connect
939
        protocolMapper: oidc-usermodel-attribute-mapper
940
        consentRequired: false
941
        config:
942
          userinfo.token.claim: 'true'
943
          user.attribute: middleName
944
          id.token.claim: 'true'
945
          access.token.claim: 'true'
946
          claim.name: middle_name
947
          jsonType.label: String
948
      - id: a381d7e8-0a34-4afa-ad15-fe3a4129e40d
949
        name: gender
950
        protocol: openid-connect
951
        protocolMapper: oidc-usermodel-attribute-mapper
952
        consentRequired: false
953
        config:
954
          userinfo.token.claim: 'true'
955
          user.attribute: gender
956
          id.token.claim: 'true'
957
          access.token.claim: 'true'
958
          claim.name: gender
959
          jsonType.label: String
960
      - id: c617aea6-a25c-4862-8b07-6448b55c863b
961
        name: zoneinfo
962
        protocol: openid-connect
963
        protocolMapper: oidc-usermodel-attribute-mapper
964
        consentRequired: false
965
        config:
966
          userinfo.token.claim: 'true'
967
          user.attribute: zoneinfo
968
          id.token.claim: 'true'
969
          access.token.claim: 'true'
970
          claim.name: zoneinfo
971
          jsonType.label: String
972
      - id: 564e11ea-c489-4100-8ae6-8ac18589a6f7
973
        name: nickname
974
        protocol: openid-connect
975
        protocolMapper: oidc-usermodel-attribute-mapper
976
        consentRequired: false
977
        config:
978
          userinfo.token.claim: 'true'
979
          user.attribute: nickname
980
          id.token.claim: 'true'
981
          access.token.claim: 'true'
982
          claim.name: nickname
983
          jsonType.label: String
984
      - id: 31d5a631-44a3-4c0b-8f58-a35c59ff27d2
985
        name: profile
986
        protocol: openid-connect
987
        protocolMapper: oidc-usermodel-attribute-mapper
988
        consentRequired: false
989
        config:
990
          userinfo.token.claim: 'true'
991
          user.attribute: profile
992
          id.token.claim: 'true'
993
          access.token.claim: 'true'
994
          claim.name: profile
995
          jsonType.label: String
996
      - id: 6203f059-62fa-430e-8ad2-3ed5ad9d8a28
997
        name: website
998
        protocol: openid-connect
999
        protocolMapper: oidc-usermodel-attribute-mapper
1000
        consentRequired: false
1001
        config:
1002
          userinfo.token.claim: 'true'
1003
          user.attribute: website
1004
          id.token.claim: 'true'
1005
          access.token.claim: 'true'
1006
          claim.name: website
1007
          jsonType.label: String
1008
      - id: 4c127c38-28b8-4336-89e0-35817f7de486
1009
        name: birthdate
1010
        protocol: openid-connect
1011
        protocolMapper: oidc-usermodel-attribute-mapper
1012
        consentRequired: false
1013
        config:
1014
          userinfo.token.claim: 'true'
1015
          user.attribute: birthdate
1016
          id.token.claim: 'true'
1017
          access.token.claim: 'true'
1018
          claim.name: birthdate
1019
          jsonType.label: String
1020
      - id: 9793c2e9-da3c-4ea7-8921-41ac2f342871
1021
        name: picture
1022
        protocol: openid-connect
1023
        protocolMapper: oidc-usermodel-attribute-mapper
1024
        consentRequired: false
1025
        config:
1026
          userinfo.token.claim: 'true'
1027
          user.attribute: picture
1028
          id.token.claim: 'true'
1029
          access.token.claim: 'true'
1030
          claim.name: picture
1031
          jsonType.label: String
1032
      - id: 8e1a1db5-c0c2-4b80-9482-0bbb0bb6cc44
1033
        name: locale
1034
        protocol: openid-connect
1035
        protocolMapper: oidc-usermodel-attribute-mapper
1036
        consentRequired: false
1037
        config:
1038
          userinfo.token.claim: 'true'
1039
          user.attribute: locale
1040
          id.token.claim: 'true'
1041
          access.token.claim: 'true'
1042
          claim.name: locale
1043
          jsonType.label: String
1044
    - id: 39625d61-d028-46e5-ab31-ece2729ca40d
1045
      name: phone
1046
      description: 'OpenID Connect built-in scope: phone'
1047
      protocol: openid-connect
1048
      attributes:
1049
        include.in.token.scope: 'true'
1050
        display.on.consent.screen: 'true'
1051
        consent.screen.text: "${phoneScopeConsentText}"
1052
      protocolMappers:
1053
      - id: 224df6d4-4fce-471b-8613-1d8b155d7707
1054
        name: phone number verified
1055
        protocol: openid-connect
1056
        protocolMapper: oidc-usermodel-attribute-mapper
1057
        consentRequired: false
1058
        config:
1059
          userinfo.token.claim: 'true'
1060
          user.attribute: phoneNumberVerified
1061
          id.token.claim: 'true'
1062
          access.token.claim: 'true'
1063
          claim.name: phone_number_verified
1064
          jsonType.label: boolean
1065
      - id: 737d9256-29fc-4f28-814e-d4b06caf8675
1066
        name: phone number
1067
        protocol: openid-connect
1068
        protocolMapper: oidc-usermodel-attribute-mapper
1069
        consentRequired: false
1070
        config:
1071
          userinfo.token.claim: 'true'
1072
          user.attribute: phoneNumber
1073
          id.token.claim: 'true'
1074
          access.token.claim: 'true'
1075
          claim.name: phone_number
1076
          jsonType.label: String
1077
    - id: 07d20365-6c6b-4339-bab0-16981d98176c
1078
      name: role_list
1079
      description: SAML role list
1080
      protocol: saml
1081
      attributes:
1082
        consent.screen.text: "${samlRoleListScopeConsentText}"
1083
        display.on.consent.screen: 'true'
1084
      protocolMappers:
1085
      - id: 5f557a3c-9286-4d4f-a661-67bd7911ca45
1086
        name: role list
1087
        protocol: saml
1088
        protocolMapper: saml-role-list-mapper
1089
        consentRequired: false
1090
        config:
1091
          single: 'false'
1092
          attribute.nameformat: Basic
1093
          attribute.name: Role
1094
    - id: 89d71aba-11f1-4ca7-92e2-24d648803ebd
1095
      name: roles
1096
      description: OpenID Connect scope for add user roles to the access token
1097
      protocol: openid-connect
1098
      attributes:
1099
        include.in.token.scope: 'false'
1100
        display.on.consent.screen: 'true'
1101
        consent.screen.text: "${rolesScopeConsentText}"
1102
      protocolMappers:
1103
      - id: 4cc3d1e3-46d9-4f9f-9eca-b8553562233c
1104
        name: client roles
1105
        protocol: openid-connect
1106
        protocolMapper: oidc-usermodel-client-role-mapper
1107
        consentRequired: false
1108
        config:
1109
          user.attribute: foo
1110
          access.token.claim: 'true'
1111
          claim.name: resource_access.${client_id}.roles
1112
          jsonType.label: String
1113
          multivalued: 'true'
1114
      - id: b7fa3a7b-e8b5-4f64-aec7-8f6d19d038c9
1115
        name: realm roles
1116
        protocol: openid-connect
1117
        protocolMapper: oidc-usermodel-realm-role-mapper
1118
        consentRequired: false
1119
        config:
1120
          user.attribute: foo
1121
          access.token.claim: 'true'
1122
          claim.name: realm_access.roles
1123
          jsonType.label: String
1124
          multivalued: 'true'
1125
      - id: 77745c36-2d5e-45c9-9a75-aecc4a5ce746
1126
        name: audience resolve
1127
        protocol: openid-connect
1128
        protocolMapper: oidc-audience-resolve-mapper
1129
        consentRequired: false
1130
        config: {}
1131
    - id: c02a1055-c804-4178-8d7e-29dd5e02960e
1132
      name: web-origins
1133
      description: OpenID Connect scope for add allowed web origins to the access token
1134
      protocol: openid-connect
1135
      attributes:
1136
        include.in.token.scope: 'false'
1137
        display.on.consent.screen: 'false'
1138
        consent.screen.text: ''
1139
      protocolMappers:
1140
      - id: bf82da2c-a436-442d-bb3b-59792a972d5e
1141
        name: allowed web origins
1142
        protocol: openid-connect
1143
        protocolMapper: oidc-allowed-origins-mapper
1144
        consentRequired: false
1145
        config: {}
1146
    - id: c5fc8764-6f26-4116-80bb-58d6d9a2a05d
1147
      name: email
1148
      description: 'OpenID Connect built-in scope: email'
1149
      protocol: openid-connect
1150
      attributes:
1151
        include.in.token.scope: 'true'
1152
        display.on.consent.screen: 'true'
1153
        consent.screen.text: "${emailScopeConsentText}"
1154
      protocolMappers:
1155
      - id: 36c022a6-0f1f-4340-8db2-2fd1ed3a9cc5
1156
        name: email verified
1157
        protocol: openid-connect
1158
        protocolMapper: oidc-usermodel-property-mapper
1159
        consentRequired: false
1160
        config:
1161
          userinfo.token.claim: 'true'
1162
          user.attribute: emailVerified
1163
          id.token.claim: 'true'
1164
          access.token.claim: 'true'
1165
          claim.name: email_verified
1166
          jsonType.label: boolean
1167
      - id: b1c410b3-d19d-4477-a3cb-2d19e1d2155d
1168
        name: email
1169
        protocol: openid-connect
1170
        protocolMapper: oidc-usermodel-property-mapper
1171
        consentRequired: false
1172
        config:
1173
          userinfo.token.claim: 'true'
1174
          user.attribute: email
1175
          id.token.claim: 'true'
1176
          access.token.claim: 'true'
1177
          claim.name: email
1178
          jsonType.label: String
1179
    defaultDefaultClientScopes:
1180
    - role_list
1181
    - profile
1182
    - email
1183
    - roles
1184
    - web-origins
1185
    defaultOptionalClientScopes:
1186
    - offline_access
1187
    - address
1188
    - phone
1189
    - microprofile-jwt
1190
    browserSecurityHeaders:
1191
      contentSecurityPolicyReportOnly: ''
1192
      xContentTypeOptions: nosniff
1193
      xRobotsTag: none
1194
      xFrameOptions: SAMEORIGIN
1195
      contentSecurityPolicy: frame-src 'self'; frame-ancestors 'self'; object-src 'none';
1196
      xXSSProtection: 1; mode=block
1197
      strictTransportSecurity: max-age=31536000; includeSubDomains
1198
    smtpServer: {}
1199
    eventsEnabled: false
1200
    eventsListeners:
1201
    - jboss-logging
1202
    enabledEventTypes: []
1203
    adminEventsEnabled: false
1204
    adminEventsDetailsEnabled: false
1205
    identityProviders: []
1206
    identityProviderMappers: []
1207
    components:
1208
      org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy:
1209
      - id: d6442b11-c554-47ef-b6e1-69a5a0000364
1210
        name: Consent Required
1211
        providerId: consent-required
1212
        subType: anonymous
1213
        subComponents: {}
1214
        config: {}
1215
      - id: 406d8415-c40f-4649-b724-30ba83d09a02
1216
        name: Full Scope Disabled
1217
        providerId: scope
1218
        subType: anonymous
1219
        subComponents: {}
1220
        config: {}
1221
      - id: 20e9c9db-106e-447c-a193-f8c0d8cf9ed7
1222
        name: Trusted Hosts
1223
        providerId: trusted-hosts
1224
        subType: anonymous
1225
        subComponents: {}
1226
        config:
1227
          host-sending-registration-request-must-match:
1228
          - 'true'
1229
          client-uris-must-match:
1230
          - 'true'
1231
      - id: 1a60d807-6ddd-46dc-af19-e674e9f44542
1232
        name: Allowed Protocol Mapper Types
1233
        providerId: allowed-protocol-mappers
1234
        subType: authenticated
1235
        subComponents: {}
1236
        config:
1237
          allowed-protocol-mapper-types:
1238
          - oidc-full-name-mapper
1239
          - oidc-address-mapper
1240
          - saml-role-list-mapper
1241
          - saml-user-property-mapper
1242
          - oidc-sha256-pairwise-sub-mapper
1243
          - oidc-usermodel-attribute-mapper
1244
          - oidc-usermodel-property-mapper
1245
          - saml-user-attribute-mapper
1246
      - id: 903f4cc5-6c44-4c05-9f9b-984138e60544
1247
        name: Allowed Client Scopes
1248
        providerId: allowed-client-templates
1249
        subType: authenticated
1250
        subComponents: {}
1251
        config:
1252
          allow-default-scopes:
1253
          - 'true'
1254
      - id: 29a13944-475a-477a-977c-6ef89725c085
1255
        name: Max Clients Limit
1256
        providerId: max-clients
1257
        subType: anonymous
1258
        subComponents: {}
1259
        config:
1260
          max-clients:
1261
          - '200'
1262
      - id: 4041fe42-8b4b-4e85-a109-9236fab6b324
1263
        name: Allowed Protocol Mapper Types
1264
        providerId: allowed-protocol-mappers
1265
        subType: anonymous
1266
        subComponents: {}
1267
        config:
1268
          allowed-protocol-mapper-types:
1269
          - oidc-usermodel-attribute-mapper
1270
          - oidc-sha256-pairwise-sub-mapper
1271
          - oidc-address-mapper
1272
          - saml-user-attribute-mapper
1273
          - oidc-usermodel-property-mapper
1274
          - saml-role-list-mapper
1275
          - saml-user-property-mapper
1276
          - oidc-full-name-mapper
1277
      - id: 77a52ff4-148e-4b06-9dc6-3516d968b2ce
1278
        name: Allowed Client Scopes
1279
        providerId: allowed-client-templates
1280
        subType: anonymous
1281
        subComponents: {}
1282
        config:
1283
          allow-default-scopes:
1284
          - 'true'
1285
      org.keycloak.keys.KeyProvider:
1286
      - id: 8cace249-1435-4621-8108-93341221b28f
1287
        name: rsa-enc-generated
1288
        providerId: rsa-enc-generated
1289
        subComponents: {}
1290
        config:
1291
          privateKey:
1292
          - MIIEpAIBAAKCAQEAj5zfa0uOR1AdSOdbAWt9CN290kSX61pzklP+cu/P2cDNHPS7h+nzrO4Le678bB8Y6u0akFOqtVzv+CR4Yoy/3VH7QnTV7FYGWqBAFhPEGGUtzdjY4xlxjZaBEItcbrzbzDV6GfVhsdK2ckAxcnXRW91ElyTx5VAYJ4s7yC7LSzLFMSwPcdi5KT6emotfi4RWnGfElRgw+YZapr+3jt77QME8vLSHh0OTtsZZUz5RMR67lC/QacN6M8lxJq1ue5S2UwocviZQBkgofZU2WoEwfjVfm0GJeBOuelalG6rds7D3uS0CxxnSPBjYi/lmQy8PPCstJEp0G8fJLc3C+KTLHQIDAQABAoIBABy3oNGCxUurUH/Qi5koFlOci6WtQ7ezWaLsGth+7dA8RofAxHM0LB7rZu5vmlhAi6oGiaZMpLkpgW7cVBpYzNED4Lt0Q4bD2PdsTgRcJX0/Vj5wW0ZmQxet/dcCFxSpvUYDd4wTTlrRqNwFzB14Q8ob3+hdYeWZ84qMxAKOoOZDTmx8BRvi2JU99aEKCGQVK/pnFkY6ImES3MPPYzb5xOCV79ElY4W+PFrkjmAaI35CjBmSMyu1Fsw+YQWjiqaCnCBUsdtnar4dTUsr+qfMsXP8OAd2RBEGCfcaQstwQJk+/JWKS6XpisGtlrKKfCbBrDDtBkS+AwGoZC3TOFWzyX0CgYEA2ftFwZtiAnBTfh5lb5lX61fxLWmxuvRdzjfpaj2J6odIUEppWRGCloIvZO+hbPR2RGodaLsMi/hOLwcuL+xQwt2WU32n2kDVokTLjTXth2rhhOBTwqop6yCQJI8DuNDGnZxhz5cY6kfrbI9oC8aXls/Gex/nDWOqZipvdvVSneMCgYEAqKkWCOv43PgfIV0xTEiQUUF5IuTVYsFKbLIcbjTt7QcqMQzTyvzSAHIWCoJFo4LiR9lycRmVOUIKp/TIl0PRaFrFiNM7ZSgTihmV9Mju+rxxwvGApXkIlrsmjjC99a5lKz0lMRzgIjOUa4jmeK6ugKzBYgceHf+keKI3IIfXQv8CgYEAinz2m4OBqDT/BqB/J4DP98hehNCixzlbo5moJQRF7AfY7JHqDllukvrQ65rG/zbtMJgOaSx1UzQFUCGKuY203aj0ScUKcEJCuB5nCCcb6q3/63CuJn3/tc9xZJir765MkXP6PG4tuSLKMqWFn/2i74DABBeHrt0ENHZ/bJ99xqsCgYEAgs0vY5fuFyDus6dctjaIhhvq4F7sBny1RXsUhXvTEcI+vG+gSYqtKt9PrLK/Y0H8T5CaKpCWpCNNtFgowPc9jlrnW2fGZnsgPDf/jinO/PHsoC0/ghVNzegyzI+Mot6vY0s2btJgGOY7svInG20NtIlGKMowVz+NxGi5rCbtkO0CgYBneU5jFiH0vdL0Hb5AbRynDM+pDCT+4zwG5XuwcaqWDzMlILiF5tb4P6nPnD8zXbRcLAsu1Be24+6hPgyN8zQVJtM9PNSaIN4zgZ9T4oqCDhF5q68bD1zTLPpnopzdRaeZynhqfhPZZj+xx07gIGiqxx94W5EjM2KuIurMA9FYnQ==
1293
          keyUse:
1294
          - ENC
1295
          certificate:
1296
          - MIICmzCCAYMCBgF+Q5OajjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZjb3VudDAwHhcNMjIwMTEwMTAzOTEzWhcNMzIwMTEwMTA0MDUzWjARMQ8wDQYDVQQDDAZjb3VudDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCPnN9rS45HUB1I51sBa30I3b3SRJfrWnOSU/5y78/ZwM0c9LuH6fOs7gt7rvxsHxjq7RqQU6q1XO/4JHhijL/dUftCdNXsVgZaoEAWE8QYZS3N2NjjGXGNloEQi1xuvNvMNXoZ9WGx0rZyQDFyddFb3USXJPHlUBgnizvILstLMsUxLA9x2LkpPp6ai1+LhFacZ8SVGDD5hlqmv7eO3vtAwTy8tIeHQ5O2xllTPlExHruUL9Bpw3ozyXEmrW57lLZTChy+JlAGSCh9lTZagTB+NV+bQYl4E656VqUbqt2zsPe5LQLHGdI8GNiL+WZDLw88Ky0kSnQbx8ktzcL4pMsdAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAE1dmmhuTDnlV1vDXjmblX43t0Y3MbNIN1xjNgYGT0rWXEAGkbzcc0737//qgkaPJRgB31QYF4Gf96VCrjteccN+9KqVYqmLOxR1t4kvku9d5ngjvu67TpwdRE55ZCtxcQnsc/bWQ2A8dtHzN+t2N7SyGcouwgWgRLdKN3u0/VR2x/CXWfW2oGOn9haqVwPvq1h8hvNppq13hIbIsgk7WszS3mS2S2krwpzT1rCg1NkTwqBCvaknH8xtVW0UPFVXpCbEpLvJpW5Tg960yEzr2COADq2maaOMY0FAlJfSiFIfZeDCaGg7k6fjA+ie2fz/eaC8Umwn81jJ8VwWAuRYpmc=
1297
          priority:
1298
          - '100'
1299
          algorithm:
1300
          - RSA-OAEP
1301
      - id: 276936ea-cab7-44f3-a53e-f22b385d4ccf
1302
        name: hmac-generated
1303
        providerId: hmac-generated
1304
        subComponents: {}
1305
        config:
1306
          kid:
1307
          - cf46b046-a67f-4bac-97c2-34734255d684
1308
          secret:
1309
          - S5wpZlTvlK-SP7aq9POCWteEoPLHdMYmylYaszygthd8TgbdP1-ChgxgBsczgNUT9ohnt6no04vooV4WQmJvlQ
1310
          priority:
1311
          - '100'
1312
          algorithm:
1313
          - HS256
1314
      - id: 6cc34748-da8a-41e3-b595-97b7930ca250
1315
        name: rsa-generated
1316
        providerId: rsa-generated
1317
        subComponents: {}
1318
        config:
1319
          privateKey:
1320
          - MIIEowIBAAKCAQEAs7rVeqkys7yWA3ONKhmamLHOcrem9reOet2dn2G8HFFPDPrRZSvDpWll70AjwYUQEdpEjrKk20vH2ZbCsq++Dt1ewMzmuiZclZBxpDrn7lOjIxuG2pocOtzahAammYBtAtkW6MuGmOgw1WwKNOMfnSukgx+4t1lLSzs55jnikNRycXrm6y5ad7v/vX4fGUs+GRSTO7UCRR6nhlz4DR9RSpQfCONsE8K0a/DAvMGNVKovIPi/7D5reLXxpylr/2ojLBClO0LQqwrC/WAUb7AiJgbKWTlcebZSB9Ei9mh/5B1U7xTPoHdcQInt7vPKKx7TMMmhm1j3m9PMRHzLD2lvlwIDAQABAoIBAAIlApMaHb7DS07zPAX6lDuqM3pu8pETE6Inrs/ODL6Rwc232HPKl+ULYun96+9NNSnhXtwNCaaMOvA/ukcDjdMDlTPbvg0OlCA8vv5krYvMd6/djjhhimCxbfIRWj+Opr5X9MwGUa7VZm/FgEGtTB1F/gqKgFu/twRIyqISor9zpFLnz4luyom65x9AfeoBE4C7vkPynZa2/lH4n6ihhc+1BkDjTyvL5RgI6Z5sNob9hvF0+urBVrm3Y2AxyfMfdgfA2qR/iICKJyAZi8OPls9X6nOmJhTauIeEdNG9GQT2u3HxCgiHL21WYq4hVuVV3JHjGINGw9zaxMT/rd1kifECgYEA+28t/RI0KKy4gpe+G6m042DVzVtFzrXfnAZm6/e7UwTLWzjrVKyvDD1M84vWQbyHdUrywB3kvwcxz7euk0Bb4Uwjr0rUmOwzZBZLNes931EQx6vE2oeYoqmKrRIkd9Gs1E0bltKx5C78F0vtwpHmz5tIwwF3oP/SVG8w57yLcBsCgYEAtv5T+H/Tky1oCd0zhOkLDtVM2Z6sPkEkhE8zto7IrVaInTZAF7IFnbrAEYAyWZq8nA0LxPeDvxXRCImdgA8gNljC7aPE+DZxV54vwgBnAlzoVAG4CH33QfM7OEh3gdT53Lqx3Uh2Qt08pVz1+vAM1S4qUGcMLXxfN77jgMNZTjUCgYEA6iaXxV32hQqUqcl2mXxpoHbFpQCi+eYV3892ebmzEZUdbE6NmcVXHybXStenKIDSBUFO3+r2449nq/F6+latOhsWAGDHq8IL+eFpGUWB0T5FSi2EnZ45XwJUyuhiXdM+CFfmoYaFc+LtkSR8vv3w3NXX5QKwzZZv4YHLIYRMtpECgYA1LBN0OphcxK3dZ+QHc7vd1IbfGScNc9pLg8QQAM845tMNc20ONZFCMriKnUiEFt1FLtlDo3QpuwohQ/N6+WovwHzrllGumgs3HWTdJ0bHPf3YIyO5e/izthx4Dz6CgEMWKz1xghOy/BwaJLfo8YWZEDAFatvz/5afWR08FgdGHQKBgBaAMRn2t++Jdxm0Wk79HRmaVSrOwP6WNpToQWm/PpQouoaEnyfNarf3IPDSNrFYgoeWJc34c00GyFBs7Uljjmk3jYH5EqOdVPiSS/YmhAGS8vo4uyHTDrtIkjWkkZPuRSZd3jeUyn6tgJf2YKY0jciDrnRlsaPy9prZEpLmtIix
1321
          keyUse:
1322
          - SIG
1323
          certificate:
1324
          - MIICmzCCAYMCBgF+Q5OZ1TANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZjb3VudDAwHhcNMjIwMTEwMTAzOTEzWhcNMzIwMTEwMTA0MDUzWjARMQ8wDQYDVQQDDAZjb3VudDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzutV6qTKzvJYDc40qGZqYsc5yt6b2t4563Z2fYbwcUU8M+tFlK8OlaWXvQCPBhRAR2kSOsqTbS8fZlsKyr74O3V7AzOa6JlyVkHGkOufuU6MjG4bamhw63NqEBqaZgG0C2Rboy4aY6DDVbAo04x+dK6SDH7i3WUtLOznmOeKQ1HJxeubrLlp3u/+9fh8ZSz4ZFJM7tQJFHqeGXPgNH1FKlB8I42wTwrRr8MC8wY1Uqi8g+L/sPmt4tfGnKWv/aiMsEKU7QtCrCsL9YBRvsCImBspZOVx5tlIH0SL2aH/kHVTvFM+gd1xAie3u88orHtMwyaGbWPeb08xEfMsPaW+XAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAKwbmH0289mlqrs6wK6a2uT7PhT+vnB4SL0i1xXKgeWZtd5Uikynxuu0yvV7PKVcG4VtaK1Gz9kcFw9tU+gjyuiebSI4MkiKCGDtot7Jf5MqFsAZOEFjO8dWoYm/XT9kFyP8xGBafWuy3UvvWUvBIkhGmhtIJsOjQ8ab8KsUvRX2xQVEYJVkvHbNw4bZWsRJukiyILLaSV+pVgRf35McczvFD6ZmgJyXlzs3BuO1TxkzGceuWuO2oT0/ygGNBi5D3yBrSbL2sXhTCozf++fqvD8nYLoHxxmjtj8BreDLz4UceeuVQ3eb6pH19AheEL+44oWkoroCh3K+PnRSPvkrsII=
1325
          priority:
1326
          - '100'
1327
      - id: e435e7cb-6d41-47f7-b019-cea2d65cd776
1328
        name: aes-generated
1329
        providerId: aes-generated
1330
        subComponents: {}
1331
        config:
1332
          kid:
1333
          - 80aec488-3bdc-454f-8113-d7b3d1211bb8
1334
          secret:
1335
          - 8VZ6d3C4um6pyB4jPc9jhw
1336
          priority:
1337
          - '100'
1338
    internationalizationEnabled: false
1339
    supportedLocales: []
1340
    authenticationFlows:
1341
    - id: faed7652-9765-494a-ba3a-ce7a9d69d0eb
1342
      alias: Account verification options
1343
      description: Method with which to verity the existing account
1344
      providerId: basic-flow
1345
      topLevel: false
1346
      builtIn: true
1347
      authenticationExecutions:
1348
      - authenticator: idp-email-verification
1349
        authenticatorFlow: false
1350
        requirement: ALTERNATIVE
1351
        priority: 10
1352
        userSetupAllowed: false
1353
        autheticatorFlow: false
1354
      - authenticatorFlow: true
1355
        requirement: ALTERNATIVE
1356
        priority: 20
1357
        flowAlias: Verify Existing Account by Re-authentication
1358
        userSetupAllowed: false
1359
        autheticatorFlow: true
1360
    - id: c4bc9194-9ab0-46a3-966f-686c6f39026e
1361
      alias: Authentication Options
1362
      description: Authentication options.
1363
      providerId: basic-flow
1364
      topLevel: false
1365
      builtIn: true
1366
      authenticationExecutions:
1367
      - authenticator: basic-auth
1368
        authenticatorFlow: false
1369
        requirement: REQUIRED
1370
        priority: 10
1371
        userSetupAllowed: false
1372
        autheticatorFlow: false
1373
      - authenticator: basic-auth-otp
1374
        authenticatorFlow: false
1375
        requirement: DISABLED
1376
        priority: 20
1377
        userSetupAllowed: false
1378
        autheticatorFlow: false
1379
      - authenticator: auth-spnego
1380
        authenticatorFlow: false
1381
        requirement: DISABLED
1382
        priority: 30
1383
        userSetupAllowed: false
1384
        autheticatorFlow: false
1385
    - id: 7d4ed634-e61f-4245-b117-8e64f19f0cbd
1386
      alias: Browser - Conditional OTP
1387
      description: Flow to determine if the OTP is required for the authentication
1388
      providerId: basic-flow
1389
      topLevel: false
1390
      builtIn: true
1391
      authenticationExecutions:
1392
      - authenticator: conditional-user-configured
1393
        authenticatorFlow: false
1394
        requirement: REQUIRED
1395
        priority: 10
1396
        userSetupAllowed: false
1397
        autheticatorFlow: false
1398
      - authenticator: auth-otp-form
1399
        authenticatorFlow: false
1400
        requirement: REQUIRED
1401
        priority: 20
1402
        userSetupAllowed: false
1403
        autheticatorFlow: false
1404
    - id: 79c88077-d077-4b2b-b318-018c71b22f94
1405
      alias: Direct Grant - Conditional OTP
1406
      description: Flow to determine if the OTP is required for the authentication
1407
      providerId: basic-flow
1408
      topLevel: false
1409
      builtIn: true
1410
      authenticationExecutions:
1411
      - authenticator: conditional-user-configured
1412
        authenticatorFlow: false
1413
        requirement: REQUIRED
1414
        priority: 10
1415
        userSetupAllowed: false
1416
        autheticatorFlow: false
1417
      - authenticator: direct-grant-validate-otp
1418
        authenticatorFlow: false
1419
        requirement: REQUIRED
1420
        priority: 20
1421
        userSetupAllowed: false
1422
        autheticatorFlow: false
1423
    - id: 0711a798-7630-47f2-93a9-4a241883fd10
1424
      alias: First broker login - Conditional OTP
1425
      description: Flow to determine if the OTP is required for the authentication
1426
      providerId: basic-flow
1427
      topLevel: false
1428
      builtIn: true
1429
      authenticationExecutions:
1430
      - authenticator: conditional-user-configured
1431
        authenticatorFlow: false
1432
        requirement: REQUIRED
1433
        priority: 10
1434
        userSetupAllowed: false
1435
        autheticatorFlow: false
1436
      - authenticator: auth-otp-form
1437
        authenticatorFlow: false
1438
        requirement: REQUIRED
1439
        priority: 20
1440
        userSetupAllowed: false
1441
        autheticatorFlow: false
1442
    - id: 0b526122-b897-4201-8eef-bec54e545d09
1443
      alias: Handle Existing Account
1444
      description: Handle what to do if there is existing account with same email/username
1445
        like authenticated identity provider
1446
      providerId: basic-flow
1447
      topLevel: false
1448
      builtIn: true
1449
      authenticationExecutions:
1450
      - authenticator: idp-confirm-link
1451
        authenticatorFlow: false
1452
        requirement: REQUIRED
1453
        priority: 10
1454
        userSetupAllowed: false
1455
        autheticatorFlow: false
1456
      - authenticatorFlow: true
1457
        requirement: REQUIRED
1458
        priority: 20
1459
        flowAlias: Account verification options
1460
        userSetupAllowed: false
1461
        autheticatorFlow: true
1462
    - id: 3453f13a-f65f-4548-acd4-41b113deff4c
1463
      alias: Reset - Conditional OTP
1464
      description: Flow to determine if the OTP should be reset or not. Set to REQUIRED
1465
        to force.
1466
      providerId: basic-flow
1467
      topLevel: false
1468
      builtIn: true
1469
      authenticationExecutions:
1470
      - authenticator: conditional-user-configured
1471
        authenticatorFlow: false
1472
        requirement: REQUIRED
1473
        priority: 10
1474
        userSetupAllowed: false
1475
        autheticatorFlow: false
1476
      - authenticator: reset-otp
1477
        authenticatorFlow: false
1478
        requirement: REQUIRED
1479
        priority: 20
1480
        userSetupAllowed: false
1481
        autheticatorFlow: false
1482
    - id: 376a76cb-b1ec-476f-8765-1038565e7b07
1483
      alias: User creation or linking
1484
      description: Flow for the existing/non-existing user alternatives
1485
      providerId: basic-flow
1486
      topLevel: false
1487
      builtIn: true
1488
      authenticationExecutions:
1489
      - authenticatorConfig: create unique user config
1490
        authenticator: idp-create-user-if-unique
1491
        authenticatorFlow: false
1492
        requirement: ALTERNATIVE
1493
        priority: 10
1494
        userSetupAllowed: false
1495
        autheticatorFlow: false
1496
      - authenticatorFlow: true
1497
        requirement: ALTERNATIVE
1498
        priority: 20
1499
        flowAlias: Handle Existing Account
1500
        userSetupAllowed: false
1501
        autheticatorFlow: true
1502
    - id: 4824971c-53d8-40a4-ad70-2f9c52c58efb
1503
      alias: Verify Existing Account by Re-authentication
1504
      description: Reauthentication of existing account
1505
      providerId: basic-flow
1506
      topLevel: false
1507
      builtIn: true
1508
      authenticationExecutions:
1509
      - authenticator: idp-username-password-form
1510
        authenticatorFlow: false
1511
        requirement: REQUIRED
1512
        priority: 10
1513
        userSetupAllowed: false
1514
        autheticatorFlow: false
1515
      - authenticatorFlow: true
1516
        requirement: CONDITIONAL
1517
        priority: 20
1518
        flowAlias: First broker login - Conditional OTP
1519
        userSetupAllowed: false
1520
        autheticatorFlow: true
1521
    - id: 6fdbec3d-a275-4f3c-ac07-e39186b3c095
1522
      alias: browser
1523
      description: browser based authentication
1524
      providerId: basic-flow
1525
      topLevel: true
1526
      builtIn: true
1527
      authenticationExecutions:
1528
      - authenticator: auth-cookie
1529
        authenticatorFlow: false
1530
        requirement: ALTERNATIVE
1531
        priority: 10
1532
        userSetupAllowed: false
1533
        autheticatorFlow: false
1534
      - authenticator: auth-spnego
1535
        authenticatorFlow: false
1536
        requirement: DISABLED
1537
        priority: 20
1538
        userSetupAllowed: false
1539
        autheticatorFlow: false
1540
      - authenticator: identity-provider-redirector
1541
        authenticatorFlow: false
1542
        requirement: ALTERNATIVE
1543
        priority: 25
1544
        userSetupAllowed: false
1545
        autheticatorFlow: false
1546
      - authenticatorFlow: true
1547
        requirement: ALTERNATIVE
1548
        priority: 30
1549
        flowAlias: forms
1550
        userSetupAllowed: false
1551
        autheticatorFlow: true
1552
    - id: 051a345a-fe24-42e3-9850-17537cdf846d
1553
      alias: clients
1554
      description: Base authentication for clients
1555
      providerId: client-flow
1556
      topLevel: true
1557
      builtIn: true
1558
      authenticationExecutions:
1559
      - authenticator: client-secret
1560
        authenticatorFlow: false
1561
        requirement: ALTERNATIVE
1562
        priority: 10
1563
        userSetupAllowed: false
1564
        autheticatorFlow: false
1565
      - authenticator: client-jwt
1566
        authenticatorFlow: false
1567
        requirement: ALTERNATIVE
1568
        priority: 20
1569
        userSetupAllowed: false
1570
        autheticatorFlow: false
1571
      - authenticator: client-secret-jwt
1572
        authenticatorFlow: false
1573
        requirement: ALTERNATIVE
1574
        priority: 30
1575
        userSetupAllowed: false
1576
        autheticatorFlow: false
1577
      - authenticator: client-x509
1578
        authenticatorFlow: false
1579
        requirement: ALTERNATIVE
1580
        priority: 40
1581
        userSetupAllowed: false
1582
        autheticatorFlow: false
1583
    - id: 4bcfaa9e-e23e-4a49-ae37-d9e635339816
1584
      alias: direct grant
1585
      description: OpenID Connect Resource Owner Grant
1586
      providerId: basic-flow
1587
      topLevel: true
1588
      builtIn: true
1589
      authenticationExecutions:
1590
      - authenticator: direct-grant-validate-username
1591
        authenticatorFlow: false
1592
        requirement: REQUIRED
1593
        priority: 10
1594
        userSetupAllowed: false
1595
        autheticatorFlow: false
1596
      - authenticator: direct-grant-validate-password
1597
        authenticatorFlow: false
1598
        requirement: REQUIRED
1599
        priority: 20
1600
        userSetupAllowed: false
1601
        autheticatorFlow: false
1602
      - authenticatorFlow: true
1603
        requirement: CONDITIONAL
1604
        priority: 30
1605
        flowAlias: Direct Grant - Conditional OTP
1606
        userSetupAllowed: false
1607
        autheticatorFlow: true
1608
    - id: 78f4d173-44c2-4dbe-b1b6-2b86f90d836e
1609
      alias: docker auth
1610
      description: Used by Docker clients to authenticate against the IDP
1611
      providerId: basic-flow
1612
      topLevel: true
1613
      builtIn: true
1614
      authenticationExecutions:
1615
      - authenticator: docker-http-basic-authenticator
1616
        authenticatorFlow: false
1617
        requirement: REQUIRED
1618
        priority: 10
1619
        userSetupAllowed: false
1620
        autheticatorFlow: false
1621
    - id: 98a30528-5f73-4eb3-b89b-7bf06cbbc47d
1622
      alias: first broker login
1623
      description: Actions taken after first broker login with identity provider account,
1624
        which is not yet linked to any Keycloak account
1625
      providerId: basic-flow
1626
      topLevel: true
1627
      builtIn: true
1628
      authenticationExecutions:
1629
      - authenticatorConfig: review profile config
1630
        authenticator: idp-review-profile
1631
        authenticatorFlow: false
1632
        requirement: REQUIRED
1633
        priority: 10
1634
        userSetupAllowed: false
1635
        autheticatorFlow: false
1636
      - authenticatorFlow: true
1637
        requirement: REQUIRED
1638
        priority: 20
1639
        flowAlias: User creation or linking
1640
        userSetupAllowed: false
1641
        autheticatorFlow: true
1642
    - id: a25ad287-43c1-4dcd-aca5-f7b5e5907780
1643
      alias: forms
1644
      description: Username, password, otp and other auth forms.
1645
      providerId: basic-flow
1646
      topLevel: false
1647
      builtIn: true
1648
      authenticationExecutions:
1649
      - authenticator: auth-username-password-form
1650
        authenticatorFlow: false
1651
        requirement: REQUIRED
1652
        priority: 10
1653
        userSetupAllowed: false
1654
        autheticatorFlow: false
1655
      - authenticatorFlow: true
1656
        requirement: CONDITIONAL
1657
        priority: 20
1658
        flowAlias: Browser - Conditional OTP
1659
        userSetupAllowed: false
1660
        autheticatorFlow: true
1661
    - id: c23d0e26-4b72-4834-b184-67bb6120115b
1662
      alias: http challenge
1663
      description: An authentication flow based on challenge-response HTTP Authentication
1664
        Schemes
1665
      providerId: basic-flow
1666
      topLevel: true
1667
      builtIn: true
1668
      authenticationExecutions:
1669
      - authenticator: no-cookie-redirect
1670
        authenticatorFlow: false
1671
        requirement: REQUIRED
1672
        priority: 10
1673
        userSetupAllowed: false
1674
        autheticatorFlow: false
1675
      - authenticatorFlow: true
1676
        requirement: REQUIRED
1677
        priority: 20
1678
        flowAlias: Authentication Options
1679
        userSetupAllowed: false
1680
        autheticatorFlow: true
1681
    - id: fabd90c2-92a2-41a2-bf04-5edf88890f9a
1682
      alias: registration
1683
      description: registration flow
1684
      providerId: basic-flow
1685
      topLevel: true
1686
      builtIn: true
1687
      authenticationExecutions:
1688
      - authenticator: registration-page-form
1689
        authenticatorFlow: true
1690
        requirement: REQUIRED
1691
        priority: 10
1692
        flowAlias: registration form
1693
        userSetupAllowed: false
1694
        autheticatorFlow: true
1695
    - id: 7e271f7e-0275-49b5-9f92-4bd6b4d4ae69
1696
      alias: registration form
1697
      description: registration form
1698
      providerId: form-flow
1699
      topLevel: false
1700
      builtIn: true
1701
      authenticationExecutions:
1702
      - authenticator: registration-user-creation
1703
        authenticatorFlow: false
1704
        requirement: REQUIRED
1705
        priority: 20
1706
        userSetupAllowed: false
1707
        autheticatorFlow: false
1708
      - authenticator: registration-profile-action
1709
        authenticatorFlow: false
1710
        requirement: REQUIRED
1711
        priority: 40
1712
        userSetupAllowed: false
1713
        autheticatorFlow: false
1714
      - authenticator: registration-password-action
1715
        authenticatorFlow: false
1716
        requirement: REQUIRED
1717
        priority: 50
1718
        userSetupAllowed: false
1719
        autheticatorFlow: false
1720
      - authenticator: registration-recaptcha-action
1721
        authenticatorFlow: false
1722
        requirement: DISABLED
1723
        priority: 60
1724
        userSetupAllowed: false
1725
        autheticatorFlow: false
1726
    - id: ad20fc9c-ea61-4fd0-8bda-ada4f4f159e5
1727
      alias: reset credentials
1728
      description: Reset credentials for a user if they forgot their password or something
1729
      providerId: basic-flow
1730
      topLevel: true
1731
      builtIn: true
1732
      authenticationExecutions:
1733
      - authenticator: reset-credentials-choose-user
1734
        authenticatorFlow: false
1735
        requirement: REQUIRED
1736
        priority: 10
1737
        userSetupAllowed: false
1738
        autheticatorFlow: false
1739
      - authenticator: reset-credential-email
1740
        authenticatorFlow: false
1741
        requirement: REQUIRED
1742
        priority: 20
1743
        userSetupAllowed: false
1744
        autheticatorFlow: false
1745
      - authenticator: reset-password
1746
        authenticatorFlow: false
1747
        requirement: REQUIRED
1748
        priority: 30
1749
        userSetupAllowed: false
1750
        autheticatorFlow: false
1751
      - authenticatorFlow: true
1752
        requirement: CONDITIONAL
1753
        priority: 40
1754
        flowAlias: Reset - Conditional OTP
1755
        userSetupAllowed: false
1756
        autheticatorFlow: true
1757
    - id: 1081e874-c7b0-42db-861f-1e4ca34af878
1758
      alias: saml ecp
1759
      description: SAML ECP Profile Authentication Flow
1760
      providerId: basic-flow
1761
      topLevel: true
1762
      builtIn: true
1763
      authenticationExecutions:
1764
      - authenticator: http-basic-authenticator
1765
        authenticatorFlow: false
1766
        requirement: REQUIRED
1767
        priority: 10
1768
        userSetupAllowed: false
1769
        autheticatorFlow: false
1770
    authenticatorConfig:
1771
    - id: '009d3d66-0a89-4c03-8b15-f031c0afc28c'
1772
      alias: create unique user config
1773
      config:
1774
        require.password.update.after.registration: 'false'
1775
    - id: a25071db-f600-4e5b-9c0d-dee20f15d1bf
1776
      alias: review profile config
1777
      config:
1778
        update.profile.on.first.login: missing
1779
    requiredActions:
1780
    - alias: CONFIGURE_TOTP
1781
      name: Configure OTP
1782
      providerId: CONFIGURE_TOTP
1783
      enabled: true
1784
      defaultAction: false
1785
      priority: 10
1786
      config: {}
1787
    - alias: terms_and_conditions
1788
      name: Terms and Conditions
1789
      providerId: terms_and_conditions
1790
      enabled: false
1791
      defaultAction: false
1792
      priority: 20
1793
      config: {}
1794
    - alias: UPDATE_PASSWORD
1795
      name: Update Password
1796
      providerId: UPDATE_PASSWORD
1797
      enabled: true
1798
      defaultAction: false
1799
      priority: 30
1800
      config: {}
1801
    - alias: UPDATE_PROFILE
1802
      name: Update Profile
1803
      providerId: UPDATE_PROFILE
1804
      enabled: true
1805
      defaultAction: false
1806
      priority: 40
1807
      config: {}
1808
    - alias: VERIFY_EMAIL
1809
      name: Verify Email
1810
      providerId: VERIFY_EMAIL
1811
      enabled: true
1812
      defaultAction: false
1813
      priority: 50
1814
      config: {}
1815
    - alias: delete_account
1816
      name: Delete Account
1817
      providerId: delete_account
1818
      enabled: false
1819
      defaultAction: false
1820
      priority: 60
1821
      config: {}
1822
    - alias: update_user_locale
1823
      name: Update User Locale
1824
      providerId: update_user_locale
1825
      enabled: true
1826
      defaultAction: false
1827
      priority: 1000
1828
      config: {}
1829
    browserFlow: browser
1830
    registrationFlow: registration
1831
    directGrantFlow: direct grant
1832
    resetCredentialsFlow: reset credentials
1833
    clientAuthenticationFlow: clients
1834
    dockerAuthenticationFlow: docker auth
1835
    attributes:
1836
      cibaBackchannelTokenDeliveryMode: poll
1837
      cibaExpiresIn: '120'
1838
      cibaAuthRequestedUserHint: login_hint
1839
      oauth2DeviceCodeLifespan: '600'
1840
      oauth2DevicePollingInterval: '5'
1841
      parRequestUriLifespan: '60'
1842
      cibaInterval: '5'
1843
    keycloakVersion: 16.1.0
1844
    userManagedAccessAllowed: false
1845
    clientProfiles:
1846
      profiles: []
1847
    clientPolicies:
1848
      policies: []
1849

Использование cookies

Мы используем файлы cookie в соответствии с Политикой конфиденциальности и Политикой использования cookies.

Нажимая кнопку «Принимаю», Вы даете АО «СберТех» согласие на обработку Ваших персональных данных в целях совершенствования нашего веб-сайта и Сервиса GitVerse, а также повышения удобства их использования.

Запретить использование cookies Вы можете самостоятельно в настройках Вашего браузера.