1
apiVersion: k8s.keycloak.org/v2alpha1
2
kind: KeycloakRealmImport
4
name: example-count0-kc
6
keycloakCRName: example-kc
11
defaultSignatureAlgorithm: RS256
12
revokeRefreshToken: false
13
refreshTokenMaxReuse: 0
14
accessTokenLifespan: 300
15
accessTokenLifespanForImplicitFlow: 900
16
ssoSessionIdleTimeout: 1800
17
ssoSessionMaxLifespan: 36000
18
ssoSessionIdleTimeoutRememberMe: 0
19
ssoSessionMaxLifespanRememberMe: 0
20
offlineSessionIdleTimeout: 3000
21
offlineSessionMaxLifespanEnabled: false
22
offlineSessionMaxLifespan: 5184000
23
clientSessionIdleTimeout: 0
24
clientSessionMaxLifespan: 0
25
clientOfflineSessionIdleTimeout: 0
26
clientOfflineSessionMaxLifespan: 0
27
accessCodeLifespan: 60
28
accessCodeLifespanUserAction: 300
29
accessCodeLifespanLogin: 1800
30
actionTokenGeneratedByAdminLifespan: 43200
31
actionTokenGeneratedByUserLifespan: 300
32
oauth2DeviceCodeLifespan: 600
33
oauth2DevicePollingInterval: 5
36
registrationAllowed: true
37
registrationEmailAsUsername: false
40
loginWithEmailAllowed: true
41
duplicateEmailsAllowed: false
42
resetPasswordAllowed: false
43
editUsernameAllowed: false
44
bruteForceProtected: false
45
permanentLockout: false
46
maxFailureWaitSeconds: 900
47
minimumQuickLoginWaitSeconds: 60
48
waitIncrementSeconds: 60
49
quickLoginCheckMilliSeconds: 1000
50
maxDeltaTimeSeconds: 43200
54
- id: c118f6c0-db44-4b29-a439-573b0d828e61
60
- id: 999fa353-a573-4a20-b8b0-07d7e52faf85
61
name: default-roles-count0
62
description: "${role_default-roles}"
75
- id: 62564c32-9ede-401c-9539-b12161c61b9e
77
description: "${role_offline-access}"
82
- id: 73322596-197c-4dd6-b15c-e60ee2ae2bf2
88
- id: 0aa06753-f4f6-471a-b6c2-90ab65c960fe
94
- id: bcc954ae-9cae-4e65-8044-757178afb8e7
95
name: uma_authorization
96
description: "${role_uma_authorization}"
103
- id: dc85702e-7b9a-4fe3-b508-ba6c2911a553
107
containerId: 814dc112-4eaa-4d79-b67d-c56ec58b667d
109
- id: 8ca90cc8-5846-4af3-8d67-59637b60aa67
113
containerId: 814dc112-4eaa-4d79-b67d-c56ec58b667d
115
- id: 026cc9d9-8bec-4598-89b9-07e5cac2d261
119
containerId: 814dc112-4eaa-4d79-b67d-c56ec58b667d
122
- id: 9b30a355-c544-45f5-8b4d-77c797c518ad
126
containerId: 363a2d11-f108-4601-ac99-1492326fb965
128
- id: 96c4cf02-60ec-469b-8fb0-cfbd2cdcd668
132
containerId: 363a2d11-f108-4601-ac99-1492326fb965
134
- id: e154dc95-c90b-446a-b8a2-ec2acea2b1fa
138
containerId: 363a2d11-f108-4601-ac99-1492326fb965
141
- id: 5b2334dd-fb70-4454-ad6a-9ff9922d05a3
143
description: "${role_manage-users}"
146
containerId: a3890d4c-f2ba-41e9-a0a2-ab644681efa6
148
- id: d2a8141c-bc34-4091-b06d-ae5fe89e7c95
150
description: "${role_impersonation}"
153
containerId: a3890d4c-f2ba-41e9-a0a2-ab644681efa6
155
- id: 480cc091-2ea3-47d9-ac1b-d4b23bceaaf3
157
description: "${role_query-users}"
160
containerId: a3890d4c-f2ba-41e9-a0a2-ab644681efa6
162
- id: 55407170-0249-4528-9754-7b2ed0a7e66d
164
description: "${role_view-events}"
167
containerId: a3890d4c-f2ba-41e9-a0a2-ab644681efa6
169
- id: 4b3ab5d8-f6d8-4e2c-a8f8-73288fd795cd
171
description: "${role_view-realm}"
174
containerId: a3890d4c-f2ba-41e9-a0a2-ab644681efa6
176
- id: f891606c-53ca-4016-ac1d-63db511920a3
178
description: "${role_realm-admin}"
191
- manage-authorization
192
- view-identity-providers
194
- manage-identity-providers
202
containerId: a3890d4c-f2ba-41e9-a0a2-ab644681efa6
204
- id: 364de0ba-8c23-4f3a-a976-baebe67ed214
206
description: "${role_query-clients}"
209
containerId: a3890d4c-f2ba-41e9-a0a2-ab644681efa6
211
- id: 49ffec23-bf9e-42b2-8056-0215e77076d1
212
name: view-authorization
213
description: "${role_view-authorization}"
216
containerId: a3890d4c-f2ba-41e9-a0a2-ab644681efa6
218
- id: 68330c4e-3728-4886-8fb4-f2367b018aa3
219
name: manage-authorization
220
description: "${role_manage-authorization}"
223
containerId: a3890d4c-f2ba-41e9-a0a2-ab644681efa6
225
- id: 41efa448-9770-4e61-a544-a3ff8691cd57
227
description: "${role_view-clients}"
234
containerId: a3890d4c-f2ba-41e9-a0a2-ab644681efa6
236
- id: 7fdcbae6-d073-4ead-a7ec-091d2d84ea4a
237
name: view-identity-providers
238
description: "${role_view-identity-providers}"
241
containerId: a3890d4c-f2ba-41e9-a0a2-ab644681efa6
243
- id: 7b890fde-b854-4d90-baf0-5b9c9e0b4ea6
244
name: manage-identity-providers
245
description: "${role_manage-identity-providers}"
248
containerId: a3890d4c-f2ba-41e9-a0a2-ab644681efa6
250
- id: 4adeb720-65b2-4bb2-bfd5-82e10cc09f8e
252
description: "${role_query-groups}"
255
containerId: a3890d4c-f2ba-41e9-a0a2-ab644681efa6
257
- id: 52d2867c-ef0d-48d9-81b4-89a9e0f986df
259
description: "${role_manage-events}"
262
containerId: a3890d4c-f2ba-41e9-a0a2-ab644681efa6
264
- id: 67d3f7db-131c-44df-ad5a-6b41eaecb835
266
description: "${role_manage-realm}"
269
containerId: a3890d4c-f2ba-41e9-a0a2-ab644681efa6
271
- id: cbcbcc57-9742-47cb-910b-d795df46327b
273
description: "${role_query-realms}"
276
containerId: a3890d4c-f2ba-41e9-a0a2-ab644681efa6
278
- id: 74ff0c3a-90cd-4ad2-8c6e-f024d40d5f0a
280
description: "${role_create-client}"
283
containerId: a3890d4c-f2ba-41e9-a0a2-ab644681efa6
285
- id: 7e884119-1623-4b56-ae72-e33941f30a46
287
description: "${role_manage-clients}"
290
containerId: a3890d4c-f2ba-41e9-a0a2-ab644681efa6
292
- id: a0ef6938-57f1-46bd-bf45-b4eb0ee14723
294
description: "${role_view-users}"
302
containerId: a3890d4c-f2ba-41e9-a0a2-ab644681efa6
305
- id: 44e64e53-4bb2-4b51-93f4-7df74ad22168
309
containerId: 06ff4737-f005-495a-8755-4e7bcdffbc30
311
- id: 41d429f0-0993-4f00-bf29-8799ddd6af13
315
containerId: 06ff4737-f005-495a-8755-4e7bcdffbc30
317
- id: 522ffb44-d76a-4118-9d95-a99e4a6cd4af
321
containerId: 06ff4737-f005-495a-8755-4e7bcdffbc30
323
security-admin-console: []
327
- id: 77536924-22e3-4f93-9949-e684f5f9df6e
329
description: "${role_read-token}"
332
containerId: 18730050-7e05-432c-93e1-cd758ae6a776
335
- id: 052ec680-28fe-45c6-9013-dd3151cdedc8
337
description: "${role_view-profile}"
340
containerId: a3fa25e9-f927-436e-b4ff-32926fd776be
342
- id: 2416518b-f8db-4b7c-a3d5-d97d8a8bb932
343
name: manage-account-links
344
description: "${role_manage-account-links}"
347
containerId: a3fa25e9-f927-436e-b4ff-32926fd776be
349
- id: 8b1b17bf-97c7-427a-88f2-9dc9198beb8e
350
name: view-applications
351
description: "${role_view-applications}"
354
containerId: a3fa25e9-f927-436e-b4ff-32926fd776be
356
- id: 9eef4927-3d35-49de-97c4-93a6c9af0171
358
description: "${role_view-consent}"
361
containerId: a3fa25e9-f927-436e-b4ff-32926fd776be
363
- id: ff51791a-0dd9-4d97-90e6-9cb9ad2f4ee2
365
description: "${role_delete-account}"
368
containerId: a3fa25e9-f927-436e-b4ff-32926fd776be
370
- id: a3314060-34e6-4596-81f3-f21d81fa8877
372
description: "${role_manage-consent}"
379
containerId: a3fa25e9-f927-436e-b4ff-32926fd776be
381
- id: c2ccc00f-02be-46d5-b52e-6d26ef823615
383
description: "${role_manage-account}"
388
- manage-account-links
390
containerId: a3fa25e9-f927-436e-b4ff-32926fd776be
393
- id: 1f433252-3f96-44a2-95b4-db3ee2c4e224
400
- id: afd4225b-1982-478b-a3ec-0a29ba8e127e
407
- id: 3993c319-c7a1-4bd0-b4cc-353ba7318e33
415
id: 999fa353-a573-4a20-b8b0-07d7e52faf85
416
name: default-roles-count0
417
description: "${role_default-roles}"
423
passwordPolicy: hashIterations(3)
425
otpPolicyAlgorithm: HmacSHA1
426
otpPolicyInitialCounter: 0
428
otpPolicyLookAheadWindow: 1
430
otpSupportedApplications:
432
- Google Authenticator
433
webAuthnPolicyRpEntityName: keycloak
434
webAuthnPolicySignatureAlgorithms:
436
webAuthnPolicyRpId: ''
437
webAuthnPolicyAttestationConveyancePreference: not specified
438
webAuthnPolicyAuthenticatorAttachment: not specified
439
webAuthnPolicyRequireResidentKey: not specified
440
webAuthnPolicyUserVerificationRequirement: not specified
441
webAuthnPolicyCreateTimeout: 0
442
webAuthnPolicyAvoidSameAuthenticatorRegister: false
443
webAuthnPolicyAcceptableAaguids: []
444
webAuthnPolicyPasswordlessRpEntityName: keycloak
445
webAuthnPolicyPasswordlessSignatureAlgorithms:
447
webAuthnPolicyPasswordlessRpId: ''
448
webAuthnPolicyPasswordlessAttestationConveyancePreference: not specified
449
webAuthnPolicyPasswordlessAuthenticatorAttachment: not specified
450
webAuthnPolicyPasswordlessRequireResidentKey: not specified
451
webAuthnPolicyPasswordlessUserVerificationRequirement: not specified
452
webAuthnPolicyPasswordlessCreateTimeout: 0
453
webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister: false
454
webAuthnPolicyPasswordlessAcceptableAaguids: []
456
- clientScope: offline_access
461
- client: account-console
465
- id: a3fa25e9-f927-436e-b4ff-32926fd776be
467
name: "${client_account}"
468
rootUrl: "${authBaseUrl}"
469
baseUrl: "/realms/count0/account/"
470
surrogateAuthRequired: false
472
alwaysDisplayInConsole: false
473
clientAuthenticatorType: client-secret
475
- "/realms/count0/account/*"
479
consentRequired: false
480
standardFlowEnabled: true
481
implicitFlowEnabled: false
482
directAccessGrantsEnabled: false
483
serviceAccountsEnabled: false
485
frontchannelLogout: false
486
protocol: openid-connect
488
authenticationFlowBindingOverrides: {}
489
fullScopeAllowed: false
490
nodeReRegistrationTimeout: 0
496
optionalClientScopes:
501
- id: 70e036ed-30f1-4a32-bf05-582fe24baa76
502
clientId: account-console
503
name: "${client_account-console}"
504
rootUrl: "${authBaseUrl}"
505
baseUrl: "/realms/count0/account/"
506
surrogateAuthRequired: false
508
alwaysDisplayInConsole: false
509
clientAuthenticatorType: client-secret
511
- "/realms/count0/account/*"
515
consentRequired: false
516
standardFlowEnabled: true
517
implicitFlowEnabled: false
518
directAccessGrantsEnabled: false
519
serviceAccountsEnabled: false
521
frontchannelLogout: false
522
protocol: openid-connect
524
pkce.code.challenge.method: S256
525
authenticationFlowBindingOverrides: {}
526
fullScopeAllowed: false
527
nodeReRegistrationTimeout: 0
529
- id: 2ae09f01-7ec3-4cef-ac18-81c4749ae4c6
530
name: audience resolve
531
protocol: openid-connect
532
protocolMapper: oidc-audience-resolve-mapper
533
consentRequired: false
540
optionalClientScopes:
545
- id: 00f48072-5b8b-4e50-b97b-e2dcacabd753
547
name: "${client_admin-cli}"
548
surrogateAuthRequired: false
550
alwaysDisplayInConsole: false
551
clientAuthenticatorType: client-secret
556
consentRequired: false
557
standardFlowEnabled: false
558
implicitFlowEnabled: false
559
directAccessGrantsEnabled: true
560
serviceAccountsEnabled: false
562
frontchannelLogout: false
563
protocol: openid-connect
565
authenticationFlowBindingOverrides: {}
566
fullScopeAllowed: false
567
nodeReRegistrationTimeout: 0
573
optionalClientScopes:
578
- id: 18730050-7e05-432c-93e1-cd758ae6a776
580
name: "${client_broker}"
581
surrogateAuthRequired: false
583
alwaysDisplayInConsole: false
584
clientAuthenticatorType: client-secret
589
consentRequired: false
590
standardFlowEnabled: true
591
implicitFlowEnabled: false
592
directAccessGrantsEnabled: false
593
serviceAccountsEnabled: false
595
frontchannelLogout: false
596
protocol: openid-connect
598
authenticationFlowBindingOverrides: {}
599
fullScopeAllowed: false
600
nodeReRegistrationTimeout: 0
606
optionalClientScopes:
611
- id: 06ff4737-f005-495a-8755-4e7bcdffbc30
614
surrogateAuthRequired: false
616
alwaysDisplayInConsole: false
617
clientAuthenticatorType: client-secret
618
secret: count0-secret
624
consentRequired: false
625
standardFlowEnabled: true
626
implicitFlowEnabled: false
627
directAccessGrantsEnabled: true
628
serviceAccountsEnabled: false
630
frontchannelLogout: false
631
protocol: openid-connect
633
backchannel.logout.session.required: 'true'
634
backchannel.logout.revoke.offline.tokens: 'false'
635
authenticationFlowBindingOverrides: {}
636
fullScopeAllowed: true
637
nodeReRegistrationTimeout: -1
643
optionalClientScopes:
648
- id: 814dc112-4eaa-4d79-b67d-c56ec58b667d
651
surrogateAuthRequired: false
653
alwaysDisplayInConsole: false
654
clientAuthenticatorType: client-secret
655
secret: count1-secret
661
consentRequired: false
662
standardFlowEnabled: true
663
implicitFlowEnabled: false
664
directAccessGrantsEnabled: true
665
serviceAccountsEnabled: false
667
frontchannelLogout: false
668
protocol: openid-connect
670
backchannel.logout.session.required: 'true'
671
backchannel.logout.revoke.offline.tokens: 'false'
672
authenticationFlowBindingOverrides: {}
673
fullScopeAllowed: true
674
nodeReRegistrationTimeout: -1
680
optionalClientScopes:
685
- id: 363a2d11-f108-4601-ac99-1492326fb965
688
surrogateAuthRequired: false
690
alwaysDisplayInConsole: false
691
clientAuthenticatorType: client-secret
692
secret: count2-secret
698
consentRequired: false
699
standardFlowEnabled: true
700
implicitFlowEnabled: false
701
directAccessGrantsEnabled: true
702
serviceAccountsEnabled: false
704
frontchannelLogout: false
705
protocol: openid-connect
707
backchannel.logout.session.required: 'true'
708
backchannel.logout.revoke.offline.tokens: 'false'
709
authenticationFlowBindingOverrides: {}
710
fullScopeAllowed: true
711
nodeReRegistrationTimeout: -1
717
optionalClientScopes:
722
- id: a3890d4c-f2ba-41e9-a0a2-ab644681efa6
723
clientId: realm-management
724
name: "${client_realm-management}"
725
surrogateAuthRequired: false
727
alwaysDisplayInConsole: false
728
clientAuthenticatorType: client-secret
733
consentRequired: false
734
standardFlowEnabled: true
735
implicitFlowEnabled: false
736
directAccessGrantsEnabled: false
737
serviceAccountsEnabled: false
739
frontchannelLogout: false
740
protocol: openid-connect
742
authenticationFlowBindingOverrides: {}
743
fullScopeAllowed: false
744
nodeReRegistrationTimeout: 0
750
optionalClientScopes:
755
- id: e267ec9d-feef-427b-85e0-04005e833862
756
clientId: security-admin-console
757
name: "${client_security-admin-console}"
758
rootUrl: "${authAdminUrl}"
759
baseUrl: "/admin/count0/console/"
760
surrogateAuthRequired: false
762
alwaysDisplayInConsole: false
763
clientAuthenticatorType: client-secret
765
- "/admin/count0/console/*"
770
consentRequired: false
771
standardFlowEnabled: true
772
implicitFlowEnabled: false
773
directAccessGrantsEnabled: false
774
serviceAccountsEnabled: false
776
frontchannelLogout: false
777
protocol: openid-connect
779
pkce.code.challenge.method: S256
780
authenticationFlowBindingOverrides: {}
781
fullScopeAllowed: false
782
nodeReRegistrationTimeout: 0
784
- id: 0ddb8d6f-1dc0-4438-9f3f-58b44494ac64
786
protocol: openid-connect
787
protocolMapper: oidc-usermodel-attribute-mapper
788
consentRequired: false
790
userinfo.token.claim: 'true'
791
user.attribute: locale
792
id.token.claim: 'true'
793
access.token.claim: 'true'
795
jsonType.label: String
801
optionalClientScopes:
807
- id: ecc31530-edfc-4b32-a590-ff2bb3196a2f
808
name: microprofile-jwt
809
description: Microprofile - JWT built-in scope
810
protocol: openid-connect
812
include.in.token.scope: 'true'
813
display.on.consent.screen: 'false'
815
- id: ae7b37a8-64ac-4e76-b8ab-506fbbe361db
817
protocol: openid-connect
818
protocolMapper: oidc-usermodel-property-mapper
819
consentRequired: false
821
userinfo.token.claim: 'true'
822
user.attribute: username
823
id.token.claim: 'true'
824
access.token.claim: 'true'
826
jsonType.label: String
827
- id: 73601a4f-3458-4c5c-b477-2643cba7af69
829
protocol: openid-connect
830
protocolMapper: oidc-usermodel-realm-role-mapper
831
consentRequired: false
835
id.token.claim: 'true'
836
access.token.claim: 'true'
838
jsonType.label: String
839
- id: fa7ec00a-9b33-41f5-aaf9-40e039c81819
841
description: 'OpenID Connect built-in scope: offline_access'
842
protocol: openid-connect
844
consent.screen.text: "${offlineAccessScopeConsentText}"
845
display.on.consent.screen: 'true'
846
- id: aa3ddce8-c8b1-4878-ad5f-8ea1a8751ff5
848
description: 'OpenID Connect built-in scope: address'
849
protocol: openid-connect
851
include.in.token.scope: 'true'
852
display.on.consent.screen: 'true'
853
consent.screen.text: "${addressScopeConsentText}"
855
- id: 82c7b138-ae7c-4106-9e3d-4b8a0febf737
857
protocol: openid-connect
858
protocolMapper: oidc-address-mapper
859
consentRequired: false
861
user.attribute.formatted: formatted
862
user.attribute.country: country
863
user.attribute.postal_code: postal_code
864
userinfo.token.claim: 'true'
865
user.attribute.street: street
866
id.token.claim: 'true'
867
user.attribute.region: region
868
access.token.claim: 'true'
869
user.attribute.locality: locality
870
- id: a4a63ca3-6eba-44ba-acc3-098e3fea5866
872
description: 'OpenID Connect built-in scope: profile'
873
protocol: openid-connect
875
include.in.token.scope: 'true'
876
display.on.consent.screen: 'true'
877
consent.screen.text: "${profileScopeConsentText}"
879
- id: 3238cfd9-2d1f-4597-8942-063163d61bb6
881
protocol: openid-connect
882
protocolMapper: oidc-usermodel-property-mapper
883
consentRequired: false
885
userinfo.token.claim: 'true'
886
user.attribute: lastName
887
id.token.claim: 'true'
888
access.token.claim: 'true'
889
claim.name: family_name
890
jsonType.label: String
891
- id: 1b3aa687-e407-4d59-a7b6-987e0cfa7d17
893
protocol: openid-connect
894
protocolMapper: oidc-usermodel-property-mapper
895
consentRequired: false
897
userinfo.token.claim: 'true'
898
user.attribute: username
899
id.token.claim: 'true'
900
access.token.claim: 'true'
901
claim.name: preferred_username
902
jsonType.label: String
903
- id: 7a6f9b34-4c02-4b27-98c4-6f75dca53a9f
905
protocol: openid-connect
906
protocolMapper: oidc-usermodel-attribute-mapper
907
consentRequired: false
909
userinfo.token.claim: 'true'
910
user.attribute: updatedAt
911
id.token.claim: 'true'
912
access.token.claim: 'true'
913
claim.name: updated_at
914
jsonType.label: String
915
- id: 88303fbe-1894-4db7-8699-334373f288ce
917
protocol: openid-connect
918
protocolMapper: oidc-full-name-mapper
919
consentRequired: false
921
id.token.claim: 'true'
922
access.token.claim: 'true'
923
userinfo.token.claim: 'true'
924
- id: e137e9ac-23cd-4ab9-a00d-7f1eb033d430
926
protocol: openid-connect
927
protocolMapper: oidc-usermodel-property-mapper
928
consentRequired: false
930
userinfo.token.claim: 'true'
931
user.attribute: firstName
932
id.token.claim: 'true'
933
access.token.claim: 'true'
934
claim.name: given_name
935
jsonType.label: String
936
- id: 5085b73e-6a8a-4564-a942-69869170d707
938
protocol: openid-connect
939
protocolMapper: oidc-usermodel-attribute-mapper
940
consentRequired: false
942
userinfo.token.claim: 'true'
943
user.attribute: middleName
944
id.token.claim: 'true'
945
access.token.claim: 'true'
946
claim.name: middle_name
947
jsonType.label: String
948
- id: a381d7e8-0a34-4afa-ad15-fe3a4129e40d
950
protocol: openid-connect
951
protocolMapper: oidc-usermodel-attribute-mapper
952
consentRequired: false
954
userinfo.token.claim: 'true'
955
user.attribute: gender
956
id.token.claim: 'true'
957
access.token.claim: 'true'
959
jsonType.label: String
960
- id: c617aea6-a25c-4862-8b07-6448b55c863b
962
protocol: openid-connect
963
protocolMapper: oidc-usermodel-attribute-mapper
964
consentRequired: false
966
userinfo.token.claim: 'true'
967
user.attribute: zoneinfo
968
id.token.claim: 'true'
969
access.token.claim: 'true'
971
jsonType.label: String
972
- id: 564e11ea-c489-4100-8ae6-8ac18589a6f7
974
protocol: openid-connect
975
protocolMapper: oidc-usermodel-attribute-mapper
976
consentRequired: false
978
userinfo.token.claim: 'true'
979
user.attribute: nickname
980
id.token.claim: 'true'
981
access.token.claim: 'true'
983
jsonType.label: String
984
- id: 31d5a631-44a3-4c0b-8f58-a35c59ff27d2
986
protocol: openid-connect
987
protocolMapper: oidc-usermodel-attribute-mapper
988
consentRequired: false
990
userinfo.token.claim: 'true'
991
user.attribute: profile
992
id.token.claim: 'true'
993
access.token.claim: 'true'
995
jsonType.label: String
996
- id: 6203f059-62fa-430e-8ad2-3ed5ad9d8a28
998
protocol: openid-connect
999
protocolMapper: oidc-usermodel-attribute-mapper
1000
consentRequired: false
1002
userinfo.token.claim: 'true'
1003
user.attribute: website
1004
id.token.claim: 'true'
1005
access.token.claim: 'true'
1007
jsonType.label: String
1008
- id: 4c127c38-28b8-4336-89e0-35817f7de486
1010
protocol: openid-connect
1011
protocolMapper: oidc-usermodel-attribute-mapper
1012
consentRequired: false
1014
userinfo.token.claim: 'true'
1015
user.attribute: birthdate
1016
id.token.claim: 'true'
1017
access.token.claim: 'true'
1018
claim.name: birthdate
1019
jsonType.label: String
1020
- id: 9793c2e9-da3c-4ea7-8921-41ac2f342871
1022
protocol: openid-connect
1023
protocolMapper: oidc-usermodel-attribute-mapper
1024
consentRequired: false
1026
userinfo.token.claim: 'true'
1027
user.attribute: picture
1028
id.token.claim: 'true'
1029
access.token.claim: 'true'
1031
jsonType.label: String
1032
- id: 8e1a1db5-c0c2-4b80-9482-0bbb0bb6cc44
1034
protocol: openid-connect
1035
protocolMapper: oidc-usermodel-attribute-mapper
1036
consentRequired: false
1038
userinfo.token.claim: 'true'
1039
user.attribute: locale
1040
id.token.claim: 'true'
1041
access.token.claim: 'true'
1043
jsonType.label: String
1044
- id: 39625d61-d028-46e5-ab31-ece2729ca40d
1046
description: 'OpenID Connect built-in scope: phone'
1047
protocol: openid-connect
1049
include.in.token.scope: 'true'
1050
display.on.consent.screen: 'true'
1051
consent.screen.text: "${phoneScopeConsentText}"
1053
- id: 224df6d4-4fce-471b-8613-1d8b155d7707
1054
name: phone number verified
1055
protocol: openid-connect
1056
protocolMapper: oidc-usermodel-attribute-mapper
1057
consentRequired: false
1059
userinfo.token.claim: 'true'
1060
user.attribute: phoneNumberVerified
1061
id.token.claim: 'true'
1062
access.token.claim: 'true'
1063
claim.name: phone_number_verified
1064
jsonType.label: boolean
1065
- id: 737d9256-29fc-4f28-814e-d4b06caf8675
1067
protocol: openid-connect
1068
protocolMapper: oidc-usermodel-attribute-mapper
1069
consentRequired: false
1071
userinfo.token.claim: 'true'
1072
user.attribute: phoneNumber
1073
id.token.claim: 'true'
1074
access.token.claim: 'true'
1075
claim.name: phone_number
1076
jsonType.label: String
1077
- id: 07d20365-6c6b-4339-bab0-16981d98176c
1079
description: SAML role list
1082
consent.screen.text: "${samlRoleListScopeConsentText}"
1083
display.on.consent.screen: 'true'
1085
- id: 5f557a3c-9286-4d4f-a661-67bd7911ca45
1088
protocolMapper: saml-role-list-mapper
1089
consentRequired: false
1092
attribute.nameformat: Basic
1093
attribute.name: Role
1094
- id: 89d71aba-11f1-4ca7-92e2-24d648803ebd
1096
description: OpenID Connect scope for add user roles to the access token
1097
protocol: openid-connect
1099
include.in.token.scope: 'false'
1100
display.on.consent.screen: 'true'
1101
consent.screen.text: "${rolesScopeConsentText}"
1103
- id: 4cc3d1e3-46d9-4f9f-9eca-b8553562233c
1105
protocol: openid-connect
1106
protocolMapper: oidc-usermodel-client-role-mapper
1107
consentRequired: false
1110
access.token.claim: 'true'
1111
claim.name: resource_access.${client_id}.roles
1112
jsonType.label: String
1114
- id: b7fa3a7b-e8b5-4f64-aec7-8f6d19d038c9
1116
protocol: openid-connect
1117
protocolMapper: oidc-usermodel-realm-role-mapper
1118
consentRequired: false
1121
access.token.claim: 'true'
1122
claim.name: realm_access.roles
1123
jsonType.label: String
1125
- id: 77745c36-2d5e-45c9-9a75-aecc4a5ce746
1126
name: audience resolve
1127
protocol: openid-connect
1128
protocolMapper: oidc-audience-resolve-mapper
1129
consentRequired: false
1131
- id: c02a1055-c804-4178-8d7e-29dd5e02960e
1133
description: OpenID Connect scope for add allowed web origins to the access token
1134
protocol: openid-connect
1136
include.in.token.scope: 'false'
1137
display.on.consent.screen: 'false'
1138
consent.screen.text: ''
1140
- id: bf82da2c-a436-442d-bb3b-59792a972d5e
1141
name: allowed web origins
1142
protocol: openid-connect
1143
protocolMapper: oidc-allowed-origins-mapper
1144
consentRequired: false
1146
- id: c5fc8764-6f26-4116-80bb-58d6d9a2a05d
1148
description: 'OpenID Connect built-in scope: email'
1149
protocol: openid-connect
1151
include.in.token.scope: 'true'
1152
display.on.consent.screen: 'true'
1153
consent.screen.text: "${emailScopeConsentText}"
1155
- id: 36c022a6-0f1f-4340-8db2-2fd1ed3a9cc5
1156
name: email verified
1157
protocol: openid-connect
1158
protocolMapper: oidc-usermodel-property-mapper
1159
consentRequired: false
1161
userinfo.token.claim: 'true'
1162
user.attribute: emailVerified
1163
id.token.claim: 'true'
1164
access.token.claim: 'true'
1165
claim.name: email_verified
1166
jsonType.label: boolean
1167
- id: b1c410b3-d19d-4477-a3cb-2d19e1d2155d
1169
protocol: openid-connect
1170
protocolMapper: oidc-usermodel-property-mapper
1171
consentRequired: false
1173
userinfo.token.claim: 'true'
1174
user.attribute: email
1175
id.token.claim: 'true'
1176
access.token.claim: 'true'
1178
jsonType.label: String
1179
defaultDefaultClientScopes:
1185
defaultOptionalClientScopes:
1190
browserSecurityHeaders:
1191
contentSecurityPolicyReportOnly: ''
1192
xContentTypeOptions: nosniff
1194
xFrameOptions: SAMEORIGIN
1195
contentSecurityPolicy: frame-src 'self'; frame-ancestors 'self'; object-src 'none';
1196
xXSSProtection: 1; mode=block
1197
strictTransportSecurity: max-age=31536000; includeSubDomains
1199
eventsEnabled: false
1202
enabledEventTypes: []
1203
adminEventsEnabled: false
1204
adminEventsDetailsEnabled: false
1205
identityProviders: []
1206
identityProviderMappers: []
1208
org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy:
1209
- id: d6442b11-c554-47ef-b6e1-69a5a0000364
1210
name: Consent Required
1211
providerId: consent-required
1215
- id: 406d8415-c40f-4649-b724-30ba83d09a02
1216
name: Full Scope Disabled
1221
- id: 20e9c9db-106e-447c-a193-f8c0d8cf9ed7
1223
providerId: trusted-hosts
1227
host-sending-registration-request-must-match:
1229
client-uris-must-match:
1231
- id: 1a60d807-6ddd-46dc-af19-e674e9f44542
1232
name: Allowed Protocol Mapper Types
1233
providerId: allowed-protocol-mappers
1234
subType: authenticated
1237
allowed-protocol-mapper-types:
1238
- oidc-full-name-mapper
1239
- oidc-address-mapper
1240
- saml-role-list-mapper
1241
- saml-user-property-mapper
1242
- oidc-sha256-pairwise-sub-mapper
1243
- oidc-usermodel-attribute-mapper
1244
- oidc-usermodel-property-mapper
1245
- saml-user-attribute-mapper
1246
- id: 903f4cc5-6c44-4c05-9f9b-984138e60544
1247
name: Allowed Client Scopes
1248
providerId: allowed-client-templates
1249
subType: authenticated
1252
allow-default-scopes:
1254
- id: 29a13944-475a-477a-977c-6ef89725c085
1255
name: Max Clients Limit
1256
providerId: max-clients
1262
- id: 4041fe42-8b4b-4e85-a109-9236fab6b324
1263
name: Allowed Protocol Mapper Types
1264
providerId: allowed-protocol-mappers
1268
allowed-protocol-mapper-types:
1269
- oidc-usermodel-attribute-mapper
1270
- oidc-sha256-pairwise-sub-mapper
1271
- oidc-address-mapper
1272
- saml-user-attribute-mapper
1273
- oidc-usermodel-property-mapper
1274
- saml-role-list-mapper
1275
- saml-user-property-mapper
1276
- oidc-full-name-mapper
1277
- id: 77a52ff4-148e-4b06-9dc6-3516d968b2ce
1278
name: Allowed Client Scopes
1279
providerId: allowed-client-templates
1283
allow-default-scopes:
1285
org.keycloak.keys.KeyProvider:
1286
- id: 8cace249-1435-4621-8108-93341221b28f
1287
name: rsa-enc-generated
1288
providerId: rsa-enc-generated
1292
- MIIEpAIBAAKCAQEAj5zfa0uOR1AdSOdbAWt9CN290kSX61pzklP+cu/P2cDNHPS7h+nzrO4Le678bB8Y6u0akFOqtVzv+CR4Yoy/3VH7QnTV7FYGWqBAFhPEGGUtzdjY4xlxjZaBEItcbrzbzDV6GfVhsdK2ckAxcnXRW91ElyTx5VAYJ4s7yC7LSzLFMSwPcdi5KT6emotfi4RWnGfElRgw+YZapr+3jt77QME8vLSHh0OTtsZZUz5RMR67lC/QacN6M8lxJq1ue5S2UwocviZQBkgofZU2WoEwfjVfm0GJeBOuelalG6rds7D3uS0CxxnSPBjYi/lmQy8PPCstJEp0G8fJLc3C+KTLHQIDAQABAoIBABy3oNGCxUurUH/Qi5koFlOci6WtQ7ezWaLsGth+7dA8RofAxHM0LB7rZu5vmlhAi6oGiaZMpLkpgW7cVBpYzNED4Lt0Q4bD2PdsTgRcJX0/Vj5wW0ZmQxet/dcCFxSpvUYDd4wTTlrRqNwFzB14Q8ob3+hdYeWZ84qMxAKOoOZDTmx8BRvi2JU99aEKCGQVK/pnFkY6ImES3MPPYzb5xOCV79ElY4W+PFrkjmAaI35CjBmSMyu1Fsw+YQWjiqaCnCBUsdtnar4dTUsr+qfMsXP8OAd2RBEGCfcaQstwQJk+/JWKS6XpisGtlrKKfCbBrDDtBkS+AwGoZC3TOFWzyX0CgYEA2ftFwZtiAnBTfh5lb5lX61fxLWmxuvRdzjfpaj2J6odIUEppWRGCloIvZO+hbPR2RGodaLsMi/hOLwcuL+xQwt2WU32n2kDVokTLjTXth2rhhOBTwqop6yCQJI8DuNDGnZxhz5cY6kfrbI9oC8aXls/Gex/nDWOqZipvdvVSneMCgYEAqKkWCOv43PgfIV0xTEiQUUF5IuTVYsFKbLIcbjTt7QcqMQzTyvzSAHIWCoJFo4LiR9lycRmVOUIKp/TIl0PRaFrFiNM7ZSgTihmV9Mju+rxxwvGApXkIlrsmjjC99a5lKz0lMRzgIjOUa4jmeK6ugKzBYgceHf+keKI3IIfXQv8CgYEAinz2m4OBqDT/BqB/J4DP98hehNCixzlbo5moJQRF7AfY7JHqDllukvrQ65rG/zbtMJgOaSx1UzQFUCGKuY203aj0ScUKcEJCuB5nCCcb6q3/63CuJn3/tc9xZJir765MkXP6PG4tuSLKMqWFn/2i74DABBeHrt0ENHZ/bJ99xqsCgYEAgs0vY5fuFyDus6dctjaIhhvq4F7sBny1RXsUhXvTEcI+vG+gSYqtKt9PrLK/Y0H8T5CaKpCWpCNNtFgowPc9jlrnW2fGZnsgPDf/jinO/PHsoC0/ghVNzegyzI+Mot6vY0s2btJgGOY7svInG20NtIlGKMowVz+NxGi5rCbtkO0CgYBneU5jFiH0vdL0Hb5AbRynDM+pDCT+4zwG5XuwcaqWDzMlILiF5tb4P6nPnD8zXbRcLAsu1Be24+6hPgyN8zQVJtM9PNSaIN4zgZ9T4oqCDhF5q68bD1zTLPpnopzdRaeZynhqfhPZZj+xx07gIGiqxx94W5EjM2KuIurMA9FYnQ==
1296
- MIICmzCCAYMCBgF+Q5OajjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZjb3VudDAwHhcNMjIwMTEwMTAzOTEzWhcNMzIwMTEwMTA0MDUzWjARMQ8wDQYDVQQDDAZjb3VudDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCPnN9rS45HUB1I51sBa30I3b3SRJfrWnOSU/5y78/ZwM0c9LuH6fOs7gt7rvxsHxjq7RqQU6q1XO/4JHhijL/dUftCdNXsVgZaoEAWE8QYZS3N2NjjGXGNloEQi1xuvNvMNXoZ9WGx0rZyQDFyddFb3USXJPHlUBgnizvILstLMsUxLA9x2LkpPp6ai1+LhFacZ8SVGDD5hlqmv7eO3vtAwTy8tIeHQ5O2xllTPlExHruUL9Bpw3ozyXEmrW57lLZTChy+JlAGSCh9lTZagTB+NV+bQYl4E656VqUbqt2zsPe5LQLHGdI8GNiL+WZDLw88Ky0kSnQbx8ktzcL4pMsdAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAE1dmmhuTDnlV1vDXjmblX43t0Y3MbNIN1xjNgYGT0rWXEAGkbzcc0737//qgkaPJRgB31QYF4Gf96VCrjteccN+9KqVYqmLOxR1t4kvku9d5ngjvu67TpwdRE55ZCtxcQnsc/bWQ2A8dtHzN+t2N7SyGcouwgWgRLdKN3u0/VR2x/CXWfW2oGOn9haqVwPvq1h8hvNppq13hIbIsgk7WszS3mS2S2krwpzT1rCg1NkTwqBCvaknH8xtVW0UPFVXpCbEpLvJpW5Tg960yEzr2COADq2maaOMY0FAlJfSiFIfZeDCaGg7k6fjA+ie2fz/eaC8Umwn81jJ8VwWAuRYpmc=
1301
- id: 276936ea-cab7-44f3-a53e-f22b385d4ccf
1302
name: hmac-generated
1303
providerId: hmac-generated
1307
- cf46b046-a67f-4bac-97c2-34734255d684
1309
- S5wpZlTvlK-SP7aq9POCWteEoPLHdMYmylYaszygthd8TgbdP1-ChgxgBsczgNUT9ohnt6no04vooV4WQmJvlQ
1314
- id: 6cc34748-da8a-41e3-b595-97b7930ca250
1316
providerId: rsa-generated
1320
- MIIEowIBAAKCAQEAs7rVeqkys7yWA3ONKhmamLHOcrem9reOet2dn2G8HFFPDPrRZSvDpWll70AjwYUQEdpEjrKk20vH2ZbCsq++Dt1ewMzmuiZclZBxpDrn7lOjIxuG2pocOtzahAammYBtAtkW6MuGmOgw1WwKNOMfnSukgx+4t1lLSzs55jnikNRycXrm6y5ad7v/vX4fGUs+GRSTO7UCRR6nhlz4DR9RSpQfCONsE8K0a/DAvMGNVKovIPi/7D5reLXxpylr/2ojLBClO0LQqwrC/WAUb7AiJgbKWTlcebZSB9Ei9mh/5B1U7xTPoHdcQInt7vPKKx7TMMmhm1j3m9PMRHzLD2lvlwIDAQABAoIBAAIlApMaHb7DS07zPAX6lDuqM3pu8pETE6Inrs/ODL6Rwc232HPKl+ULYun96+9NNSnhXtwNCaaMOvA/ukcDjdMDlTPbvg0OlCA8vv5krYvMd6/djjhhimCxbfIRWj+Opr5X9MwGUa7VZm/FgEGtTB1F/gqKgFu/twRIyqISor9zpFLnz4luyom65x9AfeoBE4C7vkPynZa2/lH4n6ihhc+1BkDjTyvL5RgI6Z5sNob9hvF0+urBVrm3Y2AxyfMfdgfA2qR/iICKJyAZi8OPls9X6nOmJhTauIeEdNG9GQT2u3HxCgiHL21WYq4hVuVV3JHjGINGw9zaxMT/rd1kifECgYEA+28t/RI0KKy4gpe+G6m042DVzVtFzrXfnAZm6/e7UwTLWzjrVKyvDD1M84vWQbyHdUrywB3kvwcxz7euk0Bb4Uwjr0rUmOwzZBZLNes931EQx6vE2oeYoqmKrRIkd9Gs1E0bltKx5C78F0vtwpHmz5tIwwF3oP/SVG8w57yLcBsCgYEAtv5T+H/Tky1oCd0zhOkLDtVM2Z6sPkEkhE8zto7IrVaInTZAF7IFnbrAEYAyWZq8nA0LxPeDvxXRCImdgA8gNljC7aPE+DZxV54vwgBnAlzoVAG4CH33QfM7OEh3gdT53Lqx3Uh2Qt08pVz1+vAM1S4qUGcMLXxfN77jgMNZTjUCgYEA6iaXxV32hQqUqcl2mXxpoHbFpQCi+eYV3892ebmzEZUdbE6NmcVXHybXStenKIDSBUFO3+r2449nq/F6+latOhsWAGDHq8IL+eFpGUWB0T5FSi2EnZ45XwJUyuhiXdM+CFfmoYaFc+LtkSR8vv3w3NXX5QKwzZZv4YHLIYRMtpECgYA1LBN0OphcxK3dZ+QHc7vd1IbfGScNc9pLg8QQAM845tMNc20ONZFCMriKnUiEFt1FLtlDo3QpuwohQ/N6+WovwHzrllGumgs3HWTdJ0bHPf3YIyO5e/izthx4Dz6CgEMWKz1xghOy/BwaJLfo8YWZEDAFatvz/5afWR08FgdGHQKBgBaAMRn2t++Jdxm0Wk79HRmaVSrOwP6WNpToQWm/PpQouoaEnyfNarf3IPDSNrFYgoeWJc34c00GyFBs7Uljjmk3jYH5EqOdVPiSS/YmhAGS8vo4uyHTDrtIkjWkkZPuRSZd3jeUyn6tgJf2YKY0jciDrnRlsaPy9prZEpLmtIix
1324
- MIICmzCCAYMCBgF+Q5OZ1TANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZjb3VudDAwHhcNMjIwMTEwMTAzOTEzWhcNMzIwMTEwMTA0MDUzWjARMQ8wDQYDVQQDDAZjb3VudDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzutV6qTKzvJYDc40qGZqYsc5yt6b2t4563Z2fYbwcUU8M+tFlK8OlaWXvQCPBhRAR2kSOsqTbS8fZlsKyr74O3V7AzOa6JlyVkHGkOufuU6MjG4bamhw63NqEBqaZgG0C2Rboy4aY6DDVbAo04x+dK6SDH7i3WUtLOznmOeKQ1HJxeubrLlp3u/+9fh8ZSz4ZFJM7tQJFHqeGXPgNH1FKlB8I42wTwrRr8MC8wY1Uqi8g+L/sPmt4tfGnKWv/aiMsEKU7QtCrCsL9YBRvsCImBspZOVx5tlIH0SL2aH/kHVTvFM+gd1xAie3u88orHtMwyaGbWPeb08xEfMsPaW+XAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAKwbmH0289mlqrs6wK6a2uT7PhT+vnB4SL0i1xXKgeWZtd5Uikynxuu0yvV7PKVcG4VtaK1Gz9kcFw9tU+gjyuiebSI4MkiKCGDtot7Jf5MqFsAZOEFjO8dWoYm/XT9kFyP8xGBafWuy3UvvWUvBIkhGmhtIJsOjQ8ab8KsUvRX2xQVEYJVkvHbNw4bZWsRJukiyILLaSV+pVgRf35McczvFD6ZmgJyXlzs3BuO1TxkzGceuWuO2oT0/ygGNBi5D3yBrSbL2sXhTCozf++fqvD8nYLoHxxmjtj8BreDLz4UceeuVQ3eb6pH19AheEL+44oWkoroCh3K+PnRSPvkrsII=
1327
- id: e435e7cb-6d41-47f7-b019-cea2d65cd776
1329
providerId: aes-generated
1333
- 80aec488-3bdc-454f-8113-d7b3d1211bb8
1335
- 8VZ6d3C4um6pyB4jPc9jhw
1338
internationalizationEnabled: false
1339
supportedLocales: []
1340
authenticationFlows:
1341
- id: faed7652-9765-494a-ba3a-ce7a9d69d0eb
1342
alias: Account verification options
1343
description: Method with which to verity the existing account
1344
providerId: basic-flow
1347
authenticationExecutions:
1348
- authenticator: idp-email-verification
1349
authenticatorFlow: false
1350
requirement: ALTERNATIVE
1352
userSetupAllowed: false
1353
autheticatorFlow: false
1354
- authenticatorFlow: true
1355
requirement: ALTERNATIVE
1357
flowAlias: Verify Existing Account by Re-authentication
1358
userSetupAllowed: false
1359
autheticatorFlow: true
1360
- id: c4bc9194-9ab0-46a3-966f-686c6f39026e
1361
alias: Authentication Options
1362
description: Authentication options.
1363
providerId: basic-flow
1366
authenticationExecutions:
1367
- authenticator: basic-auth
1368
authenticatorFlow: false
1369
requirement: REQUIRED
1371
userSetupAllowed: false
1372
autheticatorFlow: false
1373
- authenticator: basic-auth-otp
1374
authenticatorFlow: false
1375
requirement: DISABLED
1377
userSetupAllowed: false
1378
autheticatorFlow: false
1379
- authenticator: auth-spnego
1380
authenticatorFlow: false
1381
requirement: DISABLED
1383
userSetupAllowed: false
1384
autheticatorFlow: false
1385
- id: 7d4ed634-e61f-4245-b117-8e64f19f0cbd
1386
alias: Browser - Conditional OTP
1387
description: Flow to determine if the OTP is required for the authentication
1388
providerId: basic-flow
1391
authenticationExecutions:
1392
- authenticator: conditional-user-configured
1393
authenticatorFlow: false
1394
requirement: REQUIRED
1396
userSetupAllowed: false
1397
autheticatorFlow: false
1398
- authenticator: auth-otp-form
1399
authenticatorFlow: false
1400
requirement: REQUIRED
1402
userSetupAllowed: false
1403
autheticatorFlow: false
1404
- id: 79c88077-d077-4b2b-b318-018c71b22f94
1405
alias: Direct Grant - Conditional OTP
1406
description: Flow to determine if the OTP is required for the authentication
1407
providerId: basic-flow
1410
authenticationExecutions:
1411
- authenticator: conditional-user-configured
1412
authenticatorFlow: false
1413
requirement: REQUIRED
1415
userSetupAllowed: false
1416
autheticatorFlow: false
1417
- authenticator: direct-grant-validate-otp
1418
authenticatorFlow: false
1419
requirement: REQUIRED
1421
userSetupAllowed: false
1422
autheticatorFlow: false
1423
- id: 0711a798-7630-47f2-93a9-4a241883fd10
1424
alias: First broker login - Conditional OTP
1425
description: Flow to determine if the OTP is required for the authentication
1426
providerId: basic-flow
1429
authenticationExecutions:
1430
- authenticator: conditional-user-configured
1431
authenticatorFlow: false
1432
requirement: REQUIRED
1434
userSetupAllowed: false
1435
autheticatorFlow: false
1436
- authenticator: auth-otp-form
1437
authenticatorFlow: false
1438
requirement: REQUIRED
1440
userSetupAllowed: false
1441
autheticatorFlow: false
1442
- id: 0b526122-b897-4201-8eef-bec54e545d09
1443
alias: Handle Existing Account
1444
description: Handle what to do if there is existing account with same email/username
1445
like authenticated identity provider
1446
providerId: basic-flow
1449
authenticationExecutions:
1450
- authenticator: idp-confirm-link
1451
authenticatorFlow: false
1452
requirement: REQUIRED
1454
userSetupAllowed: false
1455
autheticatorFlow: false
1456
- authenticatorFlow: true
1457
requirement: REQUIRED
1459
flowAlias: Account verification options
1460
userSetupAllowed: false
1461
autheticatorFlow: true
1462
- id: 3453f13a-f65f-4548-acd4-41b113deff4c
1463
alias: Reset - Conditional OTP
1464
description: Flow to determine if the OTP should be reset or not. Set to REQUIRED
1466
providerId: basic-flow
1469
authenticationExecutions:
1470
- authenticator: conditional-user-configured
1471
authenticatorFlow: false
1472
requirement: REQUIRED
1474
userSetupAllowed: false
1475
autheticatorFlow: false
1476
- authenticator: reset-otp
1477
authenticatorFlow: false
1478
requirement: REQUIRED
1480
userSetupAllowed: false
1481
autheticatorFlow: false
1482
- id: 376a76cb-b1ec-476f-8765-1038565e7b07
1483
alias: User creation or linking
1484
description: Flow for the existing/non-existing user alternatives
1485
providerId: basic-flow
1488
authenticationExecutions:
1489
- authenticatorConfig: create unique user config
1490
authenticator: idp-create-user-if-unique
1491
authenticatorFlow: false
1492
requirement: ALTERNATIVE
1494
userSetupAllowed: false
1495
autheticatorFlow: false
1496
- authenticatorFlow: true
1497
requirement: ALTERNATIVE
1499
flowAlias: Handle Existing Account
1500
userSetupAllowed: false
1501
autheticatorFlow: true
1502
- id: 4824971c-53d8-40a4-ad70-2f9c52c58efb
1503
alias: Verify Existing Account by Re-authentication
1504
description: Reauthentication of existing account
1505
providerId: basic-flow
1508
authenticationExecutions:
1509
- authenticator: idp-username-password-form
1510
authenticatorFlow: false
1511
requirement: REQUIRED
1513
userSetupAllowed: false
1514
autheticatorFlow: false
1515
- authenticatorFlow: true
1516
requirement: CONDITIONAL
1518
flowAlias: First broker login - Conditional OTP
1519
userSetupAllowed: false
1520
autheticatorFlow: true
1521
- id: 6fdbec3d-a275-4f3c-ac07-e39186b3c095
1523
description: browser based authentication
1524
providerId: basic-flow
1527
authenticationExecutions:
1528
- authenticator: auth-cookie
1529
authenticatorFlow: false
1530
requirement: ALTERNATIVE
1532
userSetupAllowed: false
1533
autheticatorFlow: false
1534
- authenticator: auth-spnego
1535
authenticatorFlow: false
1536
requirement: DISABLED
1538
userSetupAllowed: false
1539
autheticatorFlow: false
1540
- authenticator: identity-provider-redirector
1541
authenticatorFlow: false
1542
requirement: ALTERNATIVE
1544
userSetupAllowed: false
1545
autheticatorFlow: false
1546
- authenticatorFlow: true
1547
requirement: ALTERNATIVE
1550
userSetupAllowed: false
1551
autheticatorFlow: true
1552
- id: 051a345a-fe24-42e3-9850-17537cdf846d
1554
description: Base authentication for clients
1555
providerId: client-flow
1558
authenticationExecutions:
1559
- authenticator: client-secret
1560
authenticatorFlow: false
1561
requirement: ALTERNATIVE
1563
userSetupAllowed: false
1564
autheticatorFlow: false
1565
- authenticator: client-jwt
1566
authenticatorFlow: false
1567
requirement: ALTERNATIVE
1569
userSetupAllowed: false
1570
autheticatorFlow: false
1571
- authenticator: client-secret-jwt
1572
authenticatorFlow: false
1573
requirement: ALTERNATIVE
1575
userSetupAllowed: false
1576
autheticatorFlow: false
1577
- authenticator: client-x509
1578
authenticatorFlow: false
1579
requirement: ALTERNATIVE
1581
userSetupAllowed: false
1582
autheticatorFlow: false
1583
- id: 4bcfaa9e-e23e-4a49-ae37-d9e635339816
1585
description: OpenID Connect Resource Owner Grant
1586
providerId: basic-flow
1589
authenticationExecutions:
1590
- authenticator: direct-grant-validate-username
1591
authenticatorFlow: false
1592
requirement: REQUIRED
1594
userSetupAllowed: false
1595
autheticatorFlow: false
1596
- authenticator: direct-grant-validate-password
1597
authenticatorFlow: false
1598
requirement: REQUIRED
1600
userSetupAllowed: false
1601
autheticatorFlow: false
1602
- authenticatorFlow: true
1603
requirement: CONDITIONAL
1605
flowAlias: Direct Grant - Conditional OTP
1606
userSetupAllowed: false
1607
autheticatorFlow: true
1608
- id: 78f4d173-44c2-4dbe-b1b6-2b86f90d836e
1610
description: Used by Docker clients to authenticate against the IDP
1611
providerId: basic-flow
1614
authenticationExecutions:
1615
- authenticator: docker-http-basic-authenticator
1616
authenticatorFlow: false
1617
requirement: REQUIRED
1619
userSetupAllowed: false
1620
autheticatorFlow: false
1621
- id: 98a30528-5f73-4eb3-b89b-7bf06cbbc47d
1622
alias: first broker login
1623
description: Actions taken after first broker login with identity provider account,
1624
which is not yet linked to any Keycloak account
1625
providerId: basic-flow
1628
authenticationExecutions:
1629
- authenticatorConfig: review profile config
1630
authenticator: idp-review-profile
1631
authenticatorFlow: false
1632
requirement: REQUIRED
1634
userSetupAllowed: false
1635
autheticatorFlow: false
1636
- authenticatorFlow: true
1637
requirement: REQUIRED
1639
flowAlias: User creation or linking
1640
userSetupAllowed: false
1641
autheticatorFlow: true
1642
- id: a25ad287-43c1-4dcd-aca5-f7b5e5907780
1644
description: Username, password, otp and other auth forms.
1645
providerId: basic-flow
1648
authenticationExecutions:
1649
- authenticator: auth-username-password-form
1650
authenticatorFlow: false
1651
requirement: REQUIRED
1653
userSetupAllowed: false
1654
autheticatorFlow: false
1655
- authenticatorFlow: true
1656
requirement: CONDITIONAL
1658
flowAlias: Browser - Conditional OTP
1659
userSetupAllowed: false
1660
autheticatorFlow: true
1661
- id: c23d0e26-4b72-4834-b184-67bb6120115b
1662
alias: http challenge
1663
description: An authentication flow based on challenge-response HTTP Authentication
1665
providerId: basic-flow
1668
authenticationExecutions:
1669
- authenticator: no-cookie-redirect
1670
authenticatorFlow: false
1671
requirement: REQUIRED
1673
userSetupAllowed: false
1674
autheticatorFlow: false
1675
- authenticatorFlow: true
1676
requirement: REQUIRED
1678
flowAlias: Authentication Options
1679
userSetupAllowed: false
1680
autheticatorFlow: true
1681
- id: fabd90c2-92a2-41a2-bf04-5edf88890f9a
1683
description: registration flow
1684
providerId: basic-flow
1687
authenticationExecutions:
1688
- authenticator: registration-page-form
1689
authenticatorFlow: true
1690
requirement: REQUIRED
1692
flowAlias: registration form
1693
userSetupAllowed: false
1694
autheticatorFlow: true
1695
- id: 7e271f7e-0275-49b5-9f92-4bd6b4d4ae69
1696
alias: registration form
1697
description: registration form
1698
providerId: form-flow
1701
authenticationExecutions:
1702
- authenticator: registration-user-creation
1703
authenticatorFlow: false
1704
requirement: REQUIRED
1706
userSetupAllowed: false
1707
autheticatorFlow: false
1708
- authenticator: registration-profile-action
1709
authenticatorFlow: false
1710
requirement: REQUIRED
1712
userSetupAllowed: false
1713
autheticatorFlow: false
1714
- authenticator: registration-password-action
1715
authenticatorFlow: false
1716
requirement: REQUIRED
1718
userSetupAllowed: false
1719
autheticatorFlow: false
1720
- authenticator: registration-recaptcha-action
1721
authenticatorFlow: false
1722
requirement: DISABLED
1724
userSetupAllowed: false
1725
autheticatorFlow: false
1726
- id: ad20fc9c-ea61-4fd0-8bda-ada4f4f159e5
1727
alias: reset credentials
1728
description: Reset credentials for a user if they forgot their password or something
1729
providerId: basic-flow
1732
authenticationExecutions:
1733
- authenticator: reset-credentials-choose-user
1734
authenticatorFlow: false
1735
requirement: REQUIRED
1737
userSetupAllowed: false
1738
autheticatorFlow: false
1739
- authenticator: reset-credential-email
1740
authenticatorFlow: false
1741
requirement: REQUIRED
1743
userSetupAllowed: false
1744
autheticatorFlow: false
1745
- authenticator: reset-password
1746
authenticatorFlow: false
1747
requirement: REQUIRED
1749
userSetupAllowed: false
1750
autheticatorFlow: false
1751
- authenticatorFlow: true
1752
requirement: CONDITIONAL
1754
flowAlias: Reset - Conditional OTP
1755
userSetupAllowed: false
1756
autheticatorFlow: true
1757
- id: 1081e874-c7b0-42db-861f-1e4ca34af878
1759
description: SAML ECP Profile Authentication Flow
1760
providerId: basic-flow
1763
authenticationExecutions:
1764
- authenticator: http-basic-authenticator
1765
authenticatorFlow: false
1766
requirement: REQUIRED
1768
userSetupAllowed: false
1769
autheticatorFlow: false
1770
authenticatorConfig:
1771
- id: '009d3d66-0a89-4c03-8b15-f031c0afc28c'
1772
alias: create unique user config
1774
require.password.update.after.registration: 'false'
1775
- id: a25071db-f600-4e5b-9c0d-dee20f15d1bf
1776
alias: review profile config
1778
update.profile.on.first.login: missing
1780
- alias: CONFIGURE_TOTP
1782
providerId: CONFIGURE_TOTP
1784
defaultAction: false
1787
- alias: terms_and_conditions
1788
name: Terms and Conditions
1789
providerId: terms_and_conditions
1791
defaultAction: false
1794
- alias: UPDATE_PASSWORD
1795
name: Update Password
1796
providerId: UPDATE_PASSWORD
1798
defaultAction: false
1801
- alias: UPDATE_PROFILE
1802
name: Update Profile
1803
providerId: UPDATE_PROFILE
1805
defaultAction: false
1808
- alias: VERIFY_EMAIL
1810
providerId: VERIFY_EMAIL
1812
defaultAction: false
1815
- alias: delete_account
1816
name: Delete Account
1817
providerId: delete_account
1819
defaultAction: false
1822
- alias: update_user_locale
1823
name: Update User Locale
1824
providerId: update_user_locale
1826
defaultAction: false
1829
browserFlow: browser
1830
registrationFlow: registration
1831
directGrantFlow: direct grant
1832
resetCredentialsFlow: reset credentials
1833
clientAuthenticationFlow: clients
1834
dockerAuthenticationFlow: docker auth
1836
cibaBackchannelTokenDeliveryMode: poll
1837
cibaExpiresIn: '120'
1838
cibaAuthRequestedUserHint: login_hint
1839
oauth2DeviceCodeLifespan: '600'
1840
oauth2DevicePollingInterval: '5'
1841
parRequestUriLifespan: '60'
1843
keycloakVersion: 16.1.0
1844
userManagedAccessAllowed: false