1
apiVersion: k8s.keycloak.org/v2alpha1
2
kind: KeycloakRealmImport
4
name: example-token-test-kc
6
keycloakCRName: example-kc
15
defaultSignatureAlgorithm: RS256
16
revokeRefreshToken: false
17
refreshTokenMaxReuse: 0
18
accessTokenLifespan: 300
19
accessTokenLifespanForImplicitFlow: 900
20
ssoSessionIdleTimeout: 1800
21
ssoSessionMaxLifespan: 36000
22
ssoSessionIdleTimeoutRememberMe: 0
23
ssoSessionMaxLifespanRememberMe: 0
24
offlineSessionIdleTimeout: 2592000
25
offlineSessionMaxLifespanEnabled: false
26
offlineSessionMaxLifespan: 5184000
27
clientSessionIdleTimeout: 0
28
clientSessionMaxLifespan: 0
29
clientOfflineSessionIdleTimeout: 0
30
clientOfflineSessionMaxLifespan: 0
31
accessCodeLifespan: 60
32
accessCodeLifespanUserAction: 300
33
accessCodeLifespanLogin: 1800
34
actionTokenGeneratedByAdminLifespan: 43200
35
actionTokenGeneratedByUserLifespan: 300
36
oauth2DeviceCodeLifespan: 600
37
oauth2DevicePollingInterval: 5
40
registrationAllowed: false
41
registrationEmailAsUsername: false
44
loginWithEmailAllowed: true
45
duplicateEmailsAllowed: false
46
resetPasswordAllowed: false
47
editUsernameAllowed: false
48
bruteForceProtected: false
49
permanentLockout: false
50
maxFailureWaitSeconds: 900
51
minimumQuickLoginWaitSeconds: 60
52
waitIncrementSeconds: 60
53
quickLoginCheckMilliSeconds: 1000
54
maxDeltaTimeSeconds: 43200
58
- id: f89e3220-2593-4072-bfc2-f06c49f99b0c
59
name: uma_authorization
60
description: "${role_uma_authorization}"
63
containerId: token-test
65
- id: ce3f3328-a7a7-4098-99bc-e72456680177
67
description: "${role_offline-access}"
70
containerId: token-test
72
- id: 41271c50-8fc7-45ee-a963-a1d3ce881833
73
name: default-roles-token-test
74
description: "${role_default-roles}"
85
containerId: token-test
89
- id: 7de8f53c-8b48-4561-bc53-c23bc02f57b6
91
description: "${role_manage-users}"
94
containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
96
- id: 2120ab3d-5700-4918-ab62-6dca0c7b5f41
98
description: "${role_query-clients}"
101
containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
103
- id: 831793a7-e725-411a-aa2d-42f775f2a6bf
105
description: "${role_manage-events}"
108
containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
110
- id: e7e5c55f-4b0e-4eae-96cc-1acd038cfeeb
112
description: "${role_view-realm}"
115
containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
117
- id: 875a8ee1-96b8-485c-86a2-01105b15daa1
118
name: view-identity-providers
119
description: "${role_view-identity-providers}"
122
containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
124
- id: d5ac72f8-94e9-4e1c-98bf-f688f0558710
126
description: "${role_view-clients}"
133
containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
135
- id: a1a61887-0e5c-464f-890a-64f059dc7ca1
137
description: "${role_create-client}"
140
containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
142
- id: 8b50da86-e52d-45bd-a175-b546d5e76fb3
144
description: "${role_view-events}"
147
containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
149
- id: dede217d-c210-4278-aa58-fb622a88d562
151
description: "${role_realm-admin}"
160
- view-identity-providers
164
- manage-identity-providers
166
- manage-authorization
175
containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
177
- id: 6a789bf5-7adf-4666-8118-37cf3e2b1c44
178
name: manage-identity-providers
179
description: "${role_manage-identity-providers}"
182
containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
184
- id: f549403c-cccd-47a1-bb52-57c80d4ace89
186
description: "${role_manage-realm}"
189
containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
191
- id: 31ddb9c1-1a53-44ec-b67a-a4cc50a760c2
192
name: manage-authorization
193
description: "${role_manage-authorization}"
196
containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
198
- id: fa872842-7037-415a-a69d-c34a05ef0a79
200
description: "${role_impersonation}"
203
containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
205
- id: de291aed-9b84-4622-94cb-f967bb8b8a31
207
description: "${role_query-realms}"
210
containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
212
- id: 28008941-29ac-4693-94f4-0e7a4f6b8e63
214
description: "${role_view-users}"
222
containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
224
- id: 801f5414-67eb-4c92-91b7-34344255b8d5
226
description: "${role_query-groups}"
229
containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
231
- id: 6cc9fb5b-3019-4731-876a-dc5b8d288b8c
232
name: view-authorization
233
description: "${role_view-authorization}"
236
containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
238
- id: e3fa28de-0587-4736-9142-0bc4cfb468a2
240
description: "${role_query-users}"
243
containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
245
- id: 24ba3e2b-ff03-42fd-952e-b60acf4d5aa0
247
description: "${role_manage-clients}"
250
containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
252
token-test-client: []
253
security-admin-console: []
257
- id: c4b2960e-6bf5-4f89-8a35-766d60c16700
259
description: "${role_read-token}"
262
containerId: b93b8aa2-9fbc-48aa-8aa9-5f0c6383330a
265
- id: 66b817f9-130e-477b-addc-64406e9149f1
267
description: "${role_manage-account}"
272
- manage-account-links
274
containerId: 884a5020-265a-47c8-babe-25786fda4650
276
- id: 4068eead-cc5d-49e6-bd0c-93895b019ab3
277
name: manage-account-links
278
description: "${role_manage-account-links}"
281
containerId: 884a5020-265a-47c8-babe-25786fda4650
283
- id: 3d1e7b71-8e37-455a-9d47-3207143b167e
285
description: "${role_view-consent}"
288
containerId: 884a5020-265a-47c8-babe-25786fda4650
290
- id: 617f7c3c-d7e3-4f76-b0f8-27abb06cc6bd
292
description: "${role_view-profile}"
295
containerId: 884a5020-265a-47c8-babe-25786fda4650
297
- id: f7e170f3-5966-4cc1-933d-50a28a2c4603
299
description: "${role_manage-consent}"
306
containerId: 884a5020-265a-47c8-babe-25786fda4650
308
- id: 39ece46a-7d4c-42fe-b4ef-c0b48256f407
309
name: view-applications
310
description: "${role_view-applications}"
313
containerId: 884a5020-265a-47c8-babe-25786fda4650
315
- id: 696abcea-f88f-4319-83d1-dcdba957cc2e
317
description: "${role_delete-account}"
320
containerId: 884a5020-265a-47c8-babe-25786fda4650
324
id: 41271c50-8fc7-45ee-a963-a1d3ce881833
325
name: default-roles-token-test
326
description: "${role_default-roles}"
329
containerId: token-test
333
otpPolicyAlgorithm: HmacSHA1
334
otpPolicyInitialCounter: 0
336
otpPolicyLookAheadWindow: 1
338
otpSupportedApplications:
340
- Google Authenticator
341
webAuthnPolicyRpEntityName: keycloak
342
webAuthnPolicySignatureAlgorithms:
344
webAuthnPolicyRpId: ''
345
webAuthnPolicyAttestationConveyancePreference: not specified
346
webAuthnPolicyAuthenticatorAttachment: not specified
347
webAuthnPolicyRequireResidentKey: not specified
348
webAuthnPolicyUserVerificationRequirement: not specified
349
webAuthnPolicyCreateTimeout: 0
350
webAuthnPolicyAvoidSameAuthenticatorRegister: false
351
webAuthnPolicyAcceptableAaguids: []
352
webAuthnPolicyPasswordlessRpEntityName: keycloak
353
webAuthnPolicyPasswordlessSignatureAlgorithms:
355
webAuthnPolicyPasswordlessRpId: ''
356
webAuthnPolicyPasswordlessAttestationConveyancePreference: not specified
357
webAuthnPolicyPasswordlessAuthenticatorAttachment: not specified
358
webAuthnPolicyPasswordlessRequireResidentKey: not specified
359
webAuthnPolicyPasswordlessUserVerificationRequirement: not specified
360
webAuthnPolicyPasswordlessCreateTimeout: 0
361
webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister: false
362
webAuthnPolicyPasswordlessAcceptableAaguids: []
364
- id: b660eec6-a93b-46fd-abb2-e9fbdff67a63
365
createdTimestamp: 1645713689127
371
- id: 5c2bcf07-204a-4c19-aa40-c652198b289a
373
createdDate: 1645713704041
374
secretData: '{"value":"GbcXn5JEdNpblA2NnXwX60mm614FHjdbxhK1x7v6WwGc0E8ZrNvho7Se8upLt9+/NTHu2NmuWlWM1QwdOWfyHQ==","salt":"YaIEcNqTNMS4fZ2iUKd/wg==","additionalParameters":{}}'
375
credentialData: '{"hashIterations":27500,"algorithm":"pbkdf2-sha256","additionalParameters":{}}'
376
disableableCredentialTypes: []
379
- default-roles-token-test
383
- clientScope: offline_access
388
- client: account-console
392
- id: 884a5020-265a-47c8-babe-25786fda4650
394
name: "${client_account}"
395
rootUrl: "${authBaseUrl}"
396
baseUrl: "/realms/token-test/account/"
397
surrogateAuthRequired: false
399
alwaysDisplayInConsole: false
400
clientAuthenticatorType: client-secret
402
- "/realms/token-test/account/*"
406
consentRequired: false
407
standardFlowEnabled: true
408
implicitFlowEnabled: false
409
directAccessGrantsEnabled: false
410
serviceAccountsEnabled: false
412
frontchannelLogout: false
413
protocol: openid-connect
415
authenticationFlowBindingOverrides: {}
416
fullScopeAllowed: false
417
nodeReRegistrationTimeout: 0
423
optionalClientScopes:
428
- id: 8248ac6a-9940-4fec-a6ad-4b11b4b303c2
429
clientId: account-console
430
name: "${client_account-console}"
431
rootUrl: "${authBaseUrl}"
432
baseUrl: "/realms/token-test/account/"
433
surrogateAuthRequired: false
435
alwaysDisplayInConsole: false
436
clientAuthenticatorType: client-secret
438
- "/realms/token-test/account/*"
442
consentRequired: false
443
standardFlowEnabled: true
444
implicitFlowEnabled: false
445
directAccessGrantsEnabled: false
446
serviceAccountsEnabled: false
448
frontchannelLogout: false
449
protocol: openid-connect
451
pkce.code.challenge.method: S256
452
authenticationFlowBindingOverrides: {}
453
fullScopeAllowed: false
454
nodeReRegistrationTimeout: 0
456
- id: 60bbc11f-acea-4e61-8de7-d6e1a1d9bb0f
457
name: audience resolve
458
protocol: openid-connect
459
protocolMapper: oidc-audience-resolve-mapper
460
consentRequired: false
467
optionalClientScopes:
472
- id: 2333c4da-18a6-4f3d-b37f-b0b57c83c511
474
name: "${client_admin-cli}"
475
surrogateAuthRequired: false
477
alwaysDisplayInConsole: false
478
clientAuthenticatorType: client-secret
483
consentRequired: false
484
standardFlowEnabled: false
485
implicitFlowEnabled: false
486
directAccessGrantsEnabled: true
487
serviceAccountsEnabled: false
489
frontchannelLogout: false
490
protocol: openid-connect
492
authenticationFlowBindingOverrides: {}
493
fullScopeAllowed: false
494
nodeReRegistrationTimeout: 0
500
optionalClientScopes:
505
- id: b93b8aa2-9fbc-48aa-8aa9-5f0c6383330a
507
name: "${client_broker}"
508
surrogateAuthRequired: false
510
alwaysDisplayInConsole: false
511
clientAuthenticatorType: client-secret
516
consentRequired: false
517
standardFlowEnabled: true
518
implicitFlowEnabled: false
519
directAccessGrantsEnabled: false
520
serviceAccountsEnabled: false
522
frontchannelLogout: false
523
protocol: openid-connect
525
authenticationFlowBindingOverrides: {}
526
fullScopeAllowed: false
527
nodeReRegistrationTimeout: 0
533
optionalClientScopes:
538
- id: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
539
clientId: realm-management
540
name: "${client_realm-management}"
541
surrogateAuthRequired: false
543
alwaysDisplayInConsole: false
544
clientAuthenticatorType: client-secret
549
consentRequired: false
550
standardFlowEnabled: true
551
implicitFlowEnabled: false
552
directAccessGrantsEnabled: false
553
serviceAccountsEnabled: false
555
frontchannelLogout: false
556
protocol: openid-connect
558
authenticationFlowBindingOverrides: {}
559
fullScopeAllowed: false
560
nodeReRegistrationTimeout: 0
566
optionalClientScopes:
571
- id: 79af8215-9c3c-462c-a005-bcf8ad5e3ea5
572
clientId: security-admin-console
573
name: "${client_security-admin-console}"
574
rootUrl: "${authAdminUrl}"
575
baseUrl: "/admin/token-test/console/"
576
surrogateAuthRequired: false
578
alwaysDisplayInConsole: false
579
clientAuthenticatorType: client-secret
581
- "/admin/token-test/console/*"
586
consentRequired: false
587
standardFlowEnabled: true
588
implicitFlowEnabled: false
589
directAccessGrantsEnabled: false
590
serviceAccountsEnabled: false
592
frontchannelLogout: false
593
protocol: openid-connect
595
pkce.code.challenge.method: S256
596
authenticationFlowBindingOverrides: {}
597
fullScopeAllowed: false
598
nodeReRegistrationTimeout: 0
600
- id: 0ff87aba-d404-4ac6-8244-16562aa42340
602
protocol: openid-connect
603
protocolMapper: oidc-usermodel-attribute-mapper
604
consentRequired: false
606
userinfo.token.claim: 'true'
607
user.attribute: locale
608
id.token.claim: 'true'
609
access.token.claim: 'true'
611
jsonType.label: String
617
optionalClientScopes:
622
- id: 723e0da4-e2cc-4b2c-9f40-f42101d3e7a5
623
clientId: token-test-client
624
baseUrl: http://localhost:8080/realms/token-test/account/
625
surrogateAuthRequired: false
627
alwaysDisplayInConsole: false
628
clientAuthenticatorType: client-secret
640
consentRequired: false
641
standardFlowEnabled: true
642
implicitFlowEnabled: false
643
directAccessGrantsEnabled: true
644
serviceAccountsEnabled: false
646
frontchannelLogout: false
647
protocol: openid-connect
649
access.token.lifespan: '6000'
650
saml.force.post.binding: 'false'
651
saml.multivalued.roles: 'false'
652
oauth2.device.authorization.grant.enabled: 'false'
653
backchannel.logout.revoke.offline.tokens: 'false'
654
saml.server.signature.keyinfo.ext: 'false'
655
use.refresh.tokens: 'true'
656
oidc.ciba.grant.enabled: 'false'
657
backchannel.logout.session.required: 'true'
658
client_credentials.use_refresh_token: 'false'
659
require.pushed.authorization.requests: 'false'
660
saml.client.signature: 'false'
661
id.token.as.detached.signature: 'false'
662
saml.assertion.signature: 'false'
663
saml.encrypt: 'false'
664
saml.server.signature: 'false'
665
exclude.session.state.from.auth.response: 'false'
666
saml.artifact.binding: 'false'
667
saml_force_name_id_format: 'false'
669
tls.client.certificate.bound.access.tokens: 'false'
670
saml.authnstatement: 'false'
671
display.on.consent.screen: 'false'
672
token.response.type.bearer.lower-case: 'false'
673
saml.onetimeuse.condition: 'false'
674
authenticationFlowBindingOverrides: {}
675
fullScopeAllowed: true
676
nodeReRegistrationTimeout: -1
682
optionalClientScopes:
688
- id: 83c642d1-0768-487f-9ea9-76f47b6bf308
690
description: 'OpenID Connect built-in scope: email'
691
protocol: openid-connect
693
include.in.token.scope: 'true'
694
display.on.consent.screen: 'true'
695
consent.screen.text: "${emailScopeConsentText}"
697
- id: 3c769676-15e6-40b9-8038-2564a42d2b71
699
protocol: openid-connect
700
protocolMapper: oidc-usermodel-property-mapper
701
consentRequired: false
703
userinfo.token.claim: 'true'
704
user.attribute: email
705
id.token.claim: 'true'
706
access.token.claim: 'true'
708
jsonType.label: String
709
- id: 0d8dd2f6-40b3-4b41-a6f7-b57458932670
711
protocol: openid-connect
712
protocolMapper: oidc-usermodel-property-mapper
713
consentRequired: false
715
userinfo.token.claim: 'true'
716
user.attribute: emailVerified
717
id.token.claim: 'true'
718
access.token.claim: 'true'
719
claim.name: email_verified
720
jsonType.label: boolean
721
- id: 851084f7-5d63-43ee-8599-00e7101e61c3
722
name: microprofile-jwt
723
description: Microprofile - JWT built-in scope
724
protocol: openid-connect
726
include.in.token.scope: 'true'
727
display.on.consent.screen: 'false'
729
- id: 682a2488-36bb-42d3-a6e6-35b9d5e3d4c5
731
protocol: openid-connect
732
protocolMapper: oidc-usermodel-realm-role-mapper
733
consentRequired: false
737
id.token.claim: 'true'
738
access.token.claim: 'true'
740
jsonType.label: String
741
- id: 398e9b68-8327-425a-89d7-e639cadfe784
743
protocol: openid-connect
744
protocolMapper: oidc-usermodel-property-mapper
745
consentRequired: false
747
userinfo.token.claim: 'true'
748
user.attribute: username
749
id.token.claim: 'true'
750
access.token.claim: 'true'
752
jsonType.label: String
753
- id: c6eb0bac-39a0-4a10-839e-98a2d9426a52
755
description: OpenID Connect scope for add user roles to the access token
756
protocol: openid-connect
758
include.in.token.scope: 'false'
759
display.on.consent.screen: 'true'
760
consent.screen.text: "${rolesScopeConsentText}"
762
- id: f8c4efd0-aeaa-4540-a47c-20e04bef4954
763
name: audience resolve
764
protocol: openid-connect
765
protocolMapper: oidc-audience-resolve-mapper
766
consentRequired: false
768
- id: e22bb72a-5fae-4a92-b5e9-1dd57488910f
770
protocol: openid-connect
771
protocolMapper: oidc-usermodel-client-role-mapper
772
consentRequired: false
775
access.token.claim: 'true'
776
claim.name: resource_access.${client_id}.roles
777
jsonType.label: String
779
- id: db34ab22-a6d3-4b7e-8f39-158439375ccb
781
protocol: openid-connect
782
protocolMapper: oidc-usermodel-realm-role-mapper
783
consentRequired: false
786
access.token.claim: 'true'
787
claim.name: realm_access.roles
788
jsonType.label: String
790
- id: 7a52c125-48f0-44fd-8f1a-1809f8b2de36
792
description: SAML role list
795
consent.screen.text: "${samlRoleListScopeConsentText}"
796
display.on.consent.screen: 'true'
798
- id: 9e2e632e-9574-43b1-a51c-9aade0906f3f
801
protocolMapper: saml-role-list-mapper
802
consentRequired: false
805
attribute.nameformat: Basic
807
- id: 3a61fa5e-64ff-45be-aede-2c781ee03541
809
description: 'OpenID Connect built-in scope: phone'
810
protocol: openid-connect
812
include.in.token.scope: 'true'
813
display.on.consent.screen: 'true'
814
consent.screen.text: "${phoneScopeConsentText}"
816
- id: 14579adc-1b3b-42e5-9602-4d8f9fa88e80
817
name: phone number verified
818
protocol: openid-connect
819
protocolMapper: oidc-usermodel-attribute-mapper
820
consentRequired: false
822
userinfo.token.claim: 'true'
823
user.attribute: phoneNumberVerified
824
id.token.claim: 'true'
825
access.token.claim: 'true'
826
claim.name: phone_number_verified
827
jsonType.label: boolean
828
- id: 0d582284-ae4e-4fd6-9e50-555f2dc7d078
830
protocol: openid-connect
831
protocolMapper: oidc-usermodel-attribute-mapper
832
consentRequired: false
834
userinfo.token.claim: 'true'
835
user.attribute: phoneNumber
836
id.token.claim: 'true'
837
access.token.claim: 'true'
838
claim.name: phone_number
839
jsonType.label: String
840
- id: e48bc0ba-24e7-4d91-b0d1-7cc81e9afe5f
842
description: 'OpenID Connect built-in scope: address'
843
protocol: openid-connect
845
include.in.token.scope: 'true'
846
display.on.consent.screen: 'true'
847
consent.screen.text: "${addressScopeConsentText}"
849
- id: bd21105a-0cd4-4c63-ada2-8edc37475d38
851
protocol: openid-connect
852
protocolMapper: oidc-address-mapper
853
consentRequired: false
855
user.attribute.formatted: formatted
856
user.attribute.country: country
857
user.attribute.postal_code: postal_code
858
userinfo.token.claim: 'true'
859
user.attribute.street: street
860
id.token.claim: 'true'
861
user.attribute.region: region
862
access.token.claim: 'true'
863
user.attribute.locality: locality
864
- id: e14c7a2b-c298-40e9-b8e2-01a41b1556b4
866
description: 'OpenID Connect built-in scope: offline_access'
867
protocol: openid-connect
869
consent.screen.text: "${offlineAccessScopeConsentText}"
870
display.on.consent.screen: 'true'
871
- id: aa7fea10-12a7-4a2e-9513-8f449d18bdbd
873
description: OpenID Connect scope for add allowed web origins to the access token
874
protocol: openid-connect
876
include.in.token.scope: 'false'
877
display.on.consent.screen: 'false'
878
consent.screen.text: ''
880
- id: 134b42aa-8eb7-4f17-b468-0a4db3414b07
881
name: allowed web origins
882
protocol: openid-connect
883
protocolMapper: oidc-allowed-origins-mapper
884
consentRequired: false
886
- id: c6c98a14-edcf-4bf7-8b82-4230f8cf7eca
888
description: 'OpenID Connect built-in scope: profile'
889
protocol: openid-connect
891
include.in.token.scope: 'true'
892
display.on.consent.screen: 'true'
893
consent.screen.text: "${profileScopeConsentText}"
895
- id: c07e881a-2715-436b-8e23-738e9eb02304
897
protocol: openid-connect
898
protocolMapper: oidc-usermodel-property-mapper
899
consentRequired: false
901
userinfo.token.claim: 'true'
902
user.attribute: lastName
903
id.token.claim: 'true'
904
access.token.claim: 'true'
905
claim.name: family_name
906
jsonType.label: String
907
- id: 479cafcb-7a00-4c37-a94a-31b7e9622db7
909
protocol: openid-connect
910
protocolMapper: oidc-usermodel-attribute-mapper
911
consentRequired: false
913
userinfo.token.claim: 'true'
914
user.attribute: gender
915
id.token.claim: 'true'
916
access.token.claim: 'true'
918
jsonType.label: String
919
- id: 581d067c-0151-4cfc-9c7b-64ed762e03ae
921
protocol: openid-connect
922
protocolMapper: oidc-full-name-mapper
923
consentRequired: false
925
id.token.claim: 'true'
926
access.token.claim: 'true'
927
userinfo.token.claim: 'true'
928
- id: 87b0ce4b-86b3-4143-926f-301f3afee083
930
protocol: openid-connect
931
protocolMapper: oidc-usermodel-attribute-mapper
932
consentRequired: false
934
userinfo.token.claim: 'true'
935
user.attribute: middleName
936
id.token.claim: 'true'
937
access.token.claim: 'true'
938
claim.name: middle_name
939
jsonType.label: String
940
- id: 2f4f8664-ed76-448e-9814-2bb84b8c8d03
942
protocol: openid-connect
943
protocolMapper: oidc-usermodel-property-mapper
944
consentRequired: false
946
userinfo.token.claim: 'true'
947
user.attribute: username
948
id.token.claim: 'true'
949
access.token.claim: 'true'
950
claim.name: preferred_username
951
jsonType.label: String
952
- id: d1568b1c-5034-429c-b7f0-ef876b4dcef0
954
protocol: openid-connect
955
protocolMapper: oidc-usermodel-attribute-mapper
956
consentRequired: false
958
userinfo.token.claim: 'true'
959
user.attribute: zoneinfo
960
id.token.claim: 'true'
961
access.token.claim: 'true'
963
jsonType.label: String
964
- id: 070b8b25-a1f7-4a61-9786-d5a56bc62a70
966
protocol: openid-connect
967
protocolMapper: oidc-usermodel-attribute-mapper
968
consentRequired: false
970
userinfo.token.claim: 'true'
971
user.attribute: nickname
972
id.token.claim: 'true'
973
access.token.claim: 'true'
975
jsonType.label: String
976
- id: 651d7a9e-d368-464b-8890-1d6d8a383ec4
978
protocol: openid-connect
979
protocolMapper: oidc-usermodel-attribute-mapper
980
consentRequired: false
982
userinfo.token.claim: 'true'
983
user.attribute: profile
984
id.token.claim: 'true'
985
access.token.claim: 'true'
987
jsonType.label: String
988
- id: 650a0ddd-833d-4a31-9c5a-8aa64f6a7d22
990
protocol: openid-connect
991
protocolMapper: oidc-usermodel-property-mapper
992
consentRequired: false
994
userinfo.token.claim: 'true'
995
user.attribute: firstName
996
id.token.claim: 'true'
997
access.token.claim: 'true'
998
claim.name: given_name
999
jsonType.label: String
1000
- id: 90b55b69-ac74-448c-ba77-c92e974f90db
1002
protocol: openid-connect
1003
protocolMapper: oidc-usermodel-attribute-mapper
1004
consentRequired: false
1006
userinfo.token.claim: 'true'
1007
user.attribute: locale
1008
id.token.claim: 'true'
1009
access.token.claim: 'true'
1011
jsonType.label: String
1012
- id: 52fa62e2-24f7-445f-8a1b-0b2c201cad3e
1014
protocol: openid-connect
1015
protocolMapper: oidc-usermodel-attribute-mapper
1016
consentRequired: false
1018
userinfo.token.claim: 'true'
1019
user.attribute: updatedAt
1020
id.token.claim: 'true'
1021
access.token.claim: 'true'
1022
claim.name: updated_at
1023
jsonType.label: String
1024
- id: 510d43fc-bda3-456a-b57b-b1802932975f
1026
protocol: openid-connect
1027
protocolMapper: oidc-usermodel-attribute-mapper
1028
consentRequired: false
1030
userinfo.token.claim: 'true'
1031
user.attribute: website
1032
id.token.claim: 'true'
1033
access.token.claim: 'true'
1035
jsonType.label: String
1036
- id: a9bd191a-7c39-4d5b-a730-8712e61bd047
1038
protocol: openid-connect
1039
protocolMapper: oidc-usermodel-attribute-mapper
1040
consentRequired: false
1042
userinfo.token.claim: 'true'
1043
user.attribute: picture
1044
id.token.claim: 'true'
1045
access.token.claim: 'true'
1047
jsonType.label: String
1048
- id: 267cc28e-498c-414d-9f2c-25a9046e3b21
1050
protocol: openid-connect
1051
protocolMapper: oidc-usermodel-attribute-mapper
1052
consentRequired: false
1054
userinfo.token.claim: 'true'
1055
user.attribute: birthdate
1056
id.token.claim: 'true'
1057
access.token.claim: 'true'
1058
claim.name: birthdate
1059
jsonType.label: String
1060
defaultDefaultClientScopes:
1066
defaultOptionalClientScopes:
1071
browserSecurityHeaders:
1072
contentSecurityPolicyReportOnly: ''
1073
xContentTypeOptions: nosniff
1075
xFrameOptions: SAMEORIGIN
1076
contentSecurityPolicy: frame-src 'self'; frame-ancestors 'self'; object-src 'none';
1077
xXSSProtection: 1; mode=block
1078
strictTransportSecurity: max-age=31536000; includeSubDomains
1080
eventsEnabled: false
1083
enabledEventTypes: []
1084
adminEventsEnabled: false
1085
adminEventsDetailsEnabled: false
1086
identityProviders: []
1087
identityProviderMappers: []
1089
org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy:
1090
- id: 1fa57595-ddd4-4887-ab09-c511a040236f
1091
name: Consent Required
1092
providerId: consent-required
1097
name: Consent Required
1098
providerId: consent-required
1103
name: Consent Required
1104
providerId: consent-required
1109
- id: 7063fa94-4f9e-48cd-9659-bb46ccc09764
1110
name: Full Scope Disabled
1115
- id: 02a54f88-b589-47a7-9f05-d3bbdc91f1cc
1116
name: Allowed Protocol Mapper Types
1117
providerId: allowed-protocol-mappers
1121
allowed-protocol-mapper-types:
1122
- oidc-full-name-mapper
1123
- saml-user-attribute-mapper
1124
- oidc-usermodel-attribute-mapper
1125
- saml-user-property-mapper
1126
- oidc-sha256-pairwise-sub-mapper
1127
- saml-role-list-mapper
1128
- oidc-address-mapper
1129
- oidc-usermodel-property-mapper
1130
- id: 773c5f86-5d98-4de9-b671-7c16b6d9edec
1131
name: Allowed Protocol Mapper Types
1132
providerId: allowed-protocol-mappers
1133
subType: authenticated
1136
allowed-protocol-mapper-types:
1137
- oidc-full-name-mapper
1138
- saml-role-list-mapper
1139
- oidc-usermodel-attribute-mapper
1140
- oidc-address-mapper
1141
- oidc-sha256-pairwise-sub-mapper
1142
- saml-user-attribute-mapper
1143
- saml-user-property-mapper
1144
- oidc-usermodel-property-mapper
1145
- id: 295b5e57-10bf-49ea-91af-9f8e3efcbbd2
1146
name: Allowed Client Scopes
1147
providerId: allowed-client-templates
1151
allow-default-scopes:
1153
- id: d40fbdbf-2dfa-4e1a-b16a-a50fc188f8f3
1154
name: Allowed Client Scopes
1155
providerId: allowed-client-templates
1156
subType: authenticated
1159
allow-default-scopes:
1161
- id: 848fadee-77c2-4ec6-9cb1-0a880f8a8ab9
1163
providerId: trusted-hosts
1167
host-sending-registration-request-must-match:
1169
client-uris-must-match:
1171
- id: d9ea7724-fda7-4ff8-80ee-5d404e568e12
1172
name: Max Clients Limit
1173
providerId: max-clients
1179
org.keycloak.keys.KeyProvider:
1180
- id: 2d50d57e-5ba0-400b-901b-fa2885e0b1ea
1182
providerId: rsa-generated
1186
- MIIEpAIBAAKCAQEAy+YQfjoAZZ2uTS0X09R4JMj3CLlrElSjuE+NHi+OU3HOWNl9v+fT2kIswlD7ijn3MeR9qoPZLwIsE6b1SlSw12I1Gc57JIOs++VCZKTG5eMoBsEOntHbVU71LjwbKAqNVE//UeyuTKRv6y9YNX8BoFH/KFNE9unemv5M1DpHiH/bbco+4hXR+BcyhEbP2U8+JHcBdxbD8k8fcRgMGIXFwylHwlzAQwnmOG/tQ1P0/u1frSFq6hNj4phZ0V1JdpjfICk88tKrggMtNG7bEmh7k3ZrXsoyqJ6XKrVaIrvI9zuTz4aIsgEdBR2d7Up6pjANR1oJmXyiNGoMxVo/OdedWwIDAQABAoIBAQCLnXYPqJGbAvRV3hmhr6uwrHcS3zukqpYMX1RmpfOTyaqchhgn7orOuV9CkwcaKATOggFWX7+4A4nAzyLIieMpKBLqH8uMPimVte7XUUjsIrXGoizrrRC9gjo6NWf26/rID5rpMuJKkpIb/SguQVAQwfSwXQws8gi+IoDjFSDkIkbGC/c5M1hPxocIc9hcKN5yTnSiSMY6PtX5YMRoNV2L7hwCnZnAgd9sZSeSi+i39BNT6XYXuBroBWTEc6R3dfG/cRI6jTJZMl43RxgxSCCcdEZvxZXuONpUQVrSDkqwvuDkSYx8d0CkbQha4sHQj8juR9E4ziF57og/WXfaUd1BAoGBAPPk5hsL4Fr+tEcv65L/7tGy3Q2VaFqRNvDM6lHmKZy/WjFGXa3rMdcXyUny5uvN7E+Iqwt7Up0ab4pmvciGBX05wJO6OyXmk3pZuWRSLPT9WmkUCH8HLciGCirlJZPQY3LqR+qcl/MQ4wlLQOMzJUFwwvoOICGEOz1MY6nadSFhAoGBANYE9Bsi1lo7p02SJSQIk4pQEFT7vPqGVaku+2VLFHVzcO/teLNBiO9PimHwibk3r4Gtmv3P6jqvK8Q4D0V0tNnVjWg3vsJ4AAgkY7H5rt7RdNf9uy7QZzy6FgimwjQ4vhJDC4hsNEHuz6noCK+uaG5TarWQ1IXj/M08p4U5RGw7AoGAYMyZk2R8UEFFFffr/LT9eVcPKyQAfemir6H04jqCi4ba6jGuXqe5aVA0gNgaVL6vKsXodS8mE9p5KKosatjedtwkFb3VWe6Q2/+eeDWxSC8B4jCkSp5zymGAyZOW/Xq47dQUZQZvvHYYVgj7IPGcuMNjb1GJ6SONS3/1EmX1FSECgYA0mJ8NFDCtmD9zdtkd0+W+dhKtb/hvcRgYLe2mZR8wBiDZNfkVxKNMfLW7gAu4sxC0w991ROWBao9M96H5JcdUSYEo/Zop3KfVWGwPzxbEt6EJe9fGl3znlavYkHLltpQvlL5+1mi5U2FBlj6cPjZ39pQg7ujrxq3YGnHo8bv5BQKBgQDgTPZG6RXWMSXabWKsWEXM28/6+yh/0wEiuiJpkkiCU9lX2OFLiQ4cMMBbDonZv0fdoXOOxUvP6i43avRinmT6SMrkBRAzsB7WnhfBPHo0H9sYyaUCEmufc7l+/kh44ovX+XAeaTkZoC+zOobGOOuyGw9lZL7ev7JH1K32Y4Ugiw==
1190
- MIICozCCAYsCBgF/LCTfSDANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDDAp0b2tlbi10ZXN0MB4XDTIyMDIyNDE0Mjk0OFoXDTMyMDIyNDE0MzEyOFowFTETMBEGA1UEAwwKdG9rZW4tdGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMvmEH46AGWdrk0tF9PUeCTI9wi5axJUo7hPjR4vjlNxzljZfb/n09pCLMJQ+4o59zHkfaqD2S8CLBOm9UpUsNdiNRnOeySDrPvlQmSkxuXjKAbBDp7R21VO9S48GygKjVRP/1Hsrkykb+svWDV/AaBR/yhTRPbp3pr+TNQ6R4h/223KPuIV0fgXMoRGz9lPPiR3AXcWw/JPH3EYDBiFxcMpR8JcwEMJ5jhv7UNT9P7tX60hauoTY+KYWdFdSXaY3yApPPLSq4IDLTRu2xJoe5N2a17KMqielyq1WiK7yPc7k8+GiLIBHQUdne1KeqYwDUdaCZl8ojRqDMVaPznXnVsCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEANCWowVIZYAplp6qgsp6lkHVwWEDUiN/mjnVaIRZu//rzHOUyGLawZcXgkorKGqu7hrUoWGylicfJopjsuuo6csmtlMKqJoLEJKppwEkQ5O6+NFRHBOPy7ZnfkKjFO8GO9C+npZAZtG9gmEuXyVvO9zahvtql0UqOrMUjrUrB60HoVsHaCBT9mBO3C8a/gp6QmCu1RBcuZv4WamoI7xp32e0GM+tof9zNxyPll8UgrzyRDbDGD/xrX7QOmJKDSUdFTzfkcbMob74e1D6pXIdEHXeQ1XGGDPMcd6pTFO0cmsGoZUjNUGb6ynvIi5cEwwJcPqUGeaYBmk6JpHtdeHiM1w==
1193
- id: 4ba83849-4d31-4754-ba69-68ea6f236a60
1195
providerId: aes-generated
1199
- c1ad49ba-3f84-435a-a5be-822f3e81b0e1
1201
- SZleSSrmV0L92MsR218QnQ
1204
- id: 15036151-75c1-4119-9d9b-05c050c0985f
1205
name: rsa-enc-generated
1206
providerId: rsa-enc-generated
1210
- MIIEowIBAAKCAQEAj0s9q7fl1k/k22sX6HgQqNMgiitptM9uMcL5qAtU+ilPl1gvy/wYUN0s4ZB6+IIoxKjOdabrX+O8BLgqMSh3D+U/SzuIPJqp6ORS/93atU2fzW3wHZybf2a5k5+raC9oQ1TokQ2WzRyGO/8kgHqnYSz9vYoRQ+V2pxjL9Zlldt/D8Hx5kZ/K3psRbMoADlbyi9zsnPME2lvdTTSR2mgBaDxAOc8lm8JO2RRURqUuETLW6ya8MJ+rSO3idqija1vBjKDF+sshZYJzv7/qJLC9J3YpeaS+KL+8TvB7xGoP97uR3jCRqqNo4Fd1CbZalHoT6MeL12Y3Aruxk8RFSRbIgQIDAQABAoIBABlHoueql+fJTIzRRfSDSh0esjzuD8YQWlZ5GWZmKWXA6APBUR1hqkCJ5KMexDMXc23Ogi4LdrcCDGegvgDSLL8nKJVzOUPH3XXy4hm14CHgQfMSFCyFNoGxc8fxgWHuCyzly+nbReGFyMDI8H2iJelk8JcBxq39y4MLQuBfYaEo8BfG8FsRz9Um0nvsgoSMCYPonmkLiNk+eIVLWtUkIAlFdnU9NnKP4xlT7Xz9bEPq5blqX470PHxhnyCe+WRoVK7yUF6B1ZNDu8hjiq9k5DvCfUOJa0LGUudfMMFQ2BptwT5XVVuPgeRNO8wX07QfsILZWixsZHK+qEbjL5WRX+ECgYEA6VVsIWIFNawqXjMHOIAWFlDknsVCc1IgI6TDO6+CryLusdkRgvY9XMaWLnA8z0qtYd7qa9K02pWZyWpnhIsQZLm/wwmXqGy44+mvS7+4NJ682PHdEqVRTrqytqs5s0nj79pozTNY64Z6sNmtKFEj9SqpFQOPB9qtFY3FHH6AA+UCgYEAnTayG3lJewx5p0Cw98z9dc4TOJgZvjJLihpuDo0My7VC7yo8Vf9oCUs9p1hQV05mbDqCWRsCm4wXZZBCfjsrUmOS3f3zN1Hxv2S3JK8cJSYLnS8Fj1haa1POtJHTHWouWKK+V4KQYV5PXloGRzXBRVhywaBfBm9qsgrKimsuoG0CgYAyA/2JqlkziBQM3SNPGSWi4vQelGoKDjCVc1vmD1kT8Yj41m7Kg73jhS3sBmMCjB9eO0pEkoXx1N+CLSzDXIvHC4nvZL79e1CmihDpS89QeDZCypV4ybcECUEFpu5XYB9b6pVMZxVIZyslfYOAgOQUSXC08G5YYKd5V0pJMVR/gQKBgFZqkkx3xuRUXyqIbL5Jd6khtX8OXFgn3U30aTqmXbo70KcWWEQNOGqjaShrav4SokorfyrrpetKfjHdsi8g5xdKlJhh1yc5a+EAw4rullH1L70e87dvoYQNdTncTmeEziT6kBYaNrLO3GHIqlrKOYqcq7ezJ4iqBcQIGn0rnV2hAoGBAL3nhwND0ur7YhR1XAP7ZtPX4QbbdrwEdqCEXkOTTvXFz5Dl7bnZ7K4uJuLx6nKIrP/+w4ZeLLKvlS8QfxhzTRbK44TqwlRlv/QXH0po/URvZioq8mS0ttgb39cAN9NVnBRfrIub3ONDbk5Oxg0JOy6KWHQa/U8oKxC0zj2JlqWL
1214
- MIICozCCAYsCBgF/LCTfyjANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDDAp0b2tlbi10ZXN0MB4XDTIyMDIyNDE0Mjk0OFoXDTMyMDIyNDE0MzEyOFowFTETMBEGA1UEAwwKdG9rZW4tdGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAI9LPau35dZP5NtrF+h4EKjTIIorabTPbjHC+agLVPopT5dYL8v8GFDdLOGQeviCKMSoznWm61/jvAS4KjEodw/lP0s7iDyaqejkUv/d2rVNn81t8B2cm39muZOfq2gvaENU6JENls0chjv/JIB6p2Es/b2KEUPldqcYy/WZZXbfw/B8eZGfyt6bEWzKAA5W8ovc7JzzBNpb3U00kdpoAWg8QDnPJZvCTtkUVEalLhEy1usmvDCfq0jt4naoo2tbwYygxfrLIWWCc7+/6iSwvSd2KXmkvii/vE7we8RqD/e7kd4wkaqjaOBXdQm2WpR6E+jHi9dmNwK7sZPERUkWyIECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEATMNU9g2wXqrkA9DqQJce35eaB/MemlxaGkM4ngD7UXegdCsfTgVZE839ipb2/BIq8fxaPpeGDVve7/dmfqUZQ/fVYF5ZZh8/16I1GCv4UEpveLfQhYF6GkZtY+6EMN8NZ8NDxiBy/NHL92svUlfv7Ry3Ffv52QWJstWHYzNTDTggmyHlBYU044ONqKU/aHOjzzPG0+GAHQdmY/0WFQj5Cd3KQdC2REWJryjo6UbrembLpEmWe5DSesc0NYByVssn/e6Htzb5ivFlzqhUC/h7FgFGPapWFRk1k94T93F5ZvhecB6nO38gPNyQNqTxzNt9astkTxOizuww8/vgnd8MOw==
1219
- id: 30ecba87-6daf-447d-bc8d-21f61cd36f82
1220
name: hmac-generated
1221
providerId: hmac-generated
1225
- e1b9e589-63d5-4919-9672-5c02b27537b9
1227
- Shquog8STeo_a26mKTFXQoMzJeyQprehSO6p9J3HBUAIE86Tk47HXf9TAATfaQZ8N9xTdESlRu9njpV7evbTJg
1232
internationalizationEnabled: false
1233
supportedLocales: []
1234
authenticationFlows:
1235
- id: 83251d05-9245-46b3-9ece-ab5cb0ad3435
1236
alias: Account verification options
1237
description: Method with which to verity the existing account
1238
providerId: basic-flow
1241
authenticationExecutions:
1242
- authenticator: idp-email-verification
1243
authenticatorFlow: false
1244
requirement: ALTERNATIVE
1246
autheticatorFlow: false
1247
userSetupAllowed: false
1248
- authenticatorFlow: true
1249
requirement: ALTERNATIVE
1251
autheticatorFlow: true
1252
flowAlias: Verify Existing Account by Re-authentication
1253
userSetupAllowed: false
1254
- id: 3254f2e7-1256-4f29-b53a-49e1b304b9a1
1255
alias: Authentication Options
1256
description: Authentication options.
1257
providerId: basic-flow
1260
authenticationExecutions:
1261
- authenticator: basic-auth
1262
authenticatorFlow: false
1263
requirement: REQUIRED
1265
autheticatorFlow: false
1266
userSetupAllowed: false
1267
- authenticator: basic-auth-otp
1268
authenticatorFlow: false
1269
requirement: DISABLED
1271
autheticatorFlow: false
1272
userSetupAllowed: false
1273
- authenticator: auth-spnego
1274
authenticatorFlow: false
1275
requirement: DISABLED
1277
autheticatorFlow: false
1278
userSetupAllowed: false
1279
- id: 4b2db265-8c09-4e0e-9d8d-1049ed15270f
1280
alias: Browser - Conditional OTP
1281
description: Flow to determine if the OTP is required for the authentication
1282
providerId: basic-flow
1285
authenticationExecutions:
1286
- authenticator: conditional-user-configured
1287
authenticatorFlow: false
1288
requirement: REQUIRED
1290
autheticatorFlow: false
1291
userSetupAllowed: false
1292
- authenticator: auth-otp-form
1293
authenticatorFlow: false
1294
requirement: REQUIRED
1296
autheticatorFlow: false
1297
userSetupAllowed: false
1298
- id: 6f90621a-570b-4de6-af8c-df0ad24b7d97
1299
alias: Direct Grant - Conditional OTP
1300
description: Flow to determine if the OTP is required for the authentication
1301
providerId: basic-flow
1304
authenticationExecutions:
1305
- authenticator: conditional-user-configured
1306
authenticatorFlow: false
1307
requirement: REQUIRED
1309
autheticatorFlow: false
1310
userSetupAllowed: false
1311
- authenticator: direct-grant-validate-otp
1312
authenticatorFlow: false
1313
requirement: REQUIRED
1315
autheticatorFlow: false
1316
userSetupAllowed: false
1317
- id: 67799bee-a2ce-467e-beb1-afae45336ab2
1318
alias: First broker login - Conditional OTP
1319
description: Flow to determine if the OTP is required for the authentication
1320
providerId: basic-flow
1323
authenticationExecutions:
1324
- authenticator: conditional-user-configured
1325
authenticatorFlow: false
1326
requirement: REQUIRED
1328
autheticatorFlow: false
1329
userSetupAllowed: false
1330
- authenticator: auth-otp-form
1331
authenticatorFlow: false
1332
requirement: REQUIRED
1334
autheticatorFlow: false
1335
userSetupAllowed: false
1336
- id: 50ea02e8-ebb2-4315-91a1-d0d1de53a981
1337
alias: Handle Existing Account
1338
description: Handle what to do if there is existing account with same email/username
1339
like authenticated identity provider
1340
providerId: basic-flow
1343
authenticationExecutions:
1344
- authenticator: idp-confirm-link
1345
authenticatorFlow: false
1346
requirement: REQUIRED
1348
autheticatorFlow: false
1349
userSetupAllowed: false
1350
- authenticatorFlow: true
1351
requirement: REQUIRED
1353
autheticatorFlow: true
1354
flowAlias: Account verification options
1355
userSetupAllowed: false
1356
- id: badc98d1-2c45-4760-8f31-35a014b6a262
1357
alias: Reset - Conditional OTP
1358
description: Flow to determine if the OTP should be reset or not. Set to REQUIRED
1360
providerId: basic-flow
1363
authenticationExecutions:
1364
- authenticator: conditional-user-configured
1365
authenticatorFlow: false
1366
requirement: REQUIRED
1368
autheticatorFlow: false
1369
userSetupAllowed: false
1370
- authenticator: reset-otp
1371
authenticatorFlow: false
1372
requirement: REQUIRED
1374
autheticatorFlow: false
1375
userSetupAllowed: false
1376
- id: 38e9254a-b453-479c-a7c1-ac19f7915f11
1377
alias: User creation or linking
1378
description: Flow for the existing/non-existing user alternatives
1379
providerId: basic-flow
1382
authenticationExecutions:
1383
- authenticatorConfig: create unique user config
1384
authenticator: idp-create-user-if-unique
1385
authenticatorFlow: false
1386
requirement: ALTERNATIVE
1388
autheticatorFlow: false
1389
userSetupAllowed: false
1390
- authenticatorFlow: true
1391
requirement: ALTERNATIVE
1393
autheticatorFlow: true
1394
flowAlias: Handle Existing Account
1395
userSetupAllowed: false
1396
- id: ed4e514c-0102-4c0b-adf5-699757680488
1397
alias: Verify Existing Account by Re-authentication
1398
description: Reauthentication of existing account
1399
providerId: basic-flow
1402
authenticationExecutions:
1403
- authenticator: idp-username-password-form
1404
authenticatorFlow: false
1405
requirement: REQUIRED
1407
autheticatorFlow: false
1408
userSetupAllowed: false
1409
- authenticatorFlow: true
1410
requirement: CONDITIONAL
1412
autheticatorFlow: true
1413
flowAlias: First broker login - Conditional OTP
1414
userSetupAllowed: false
1415
- id: 2770f39c-b2b9-4e3a-990e-fefdd30dedfa
1417
description: browser based authentication
1418
providerId: basic-flow
1421
authenticationExecutions:
1422
- authenticator: auth-cookie
1423
authenticatorFlow: false
1424
requirement: ALTERNATIVE
1426
autheticatorFlow: false
1427
userSetupAllowed: false
1428
- authenticator: auth-spnego
1429
authenticatorFlow: false
1430
requirement: DISABLED
1432
autheticatorFlow: false
1433
userSetupAllowed: false
1434
- authenticator: identity-provider-redirector
1435
authenticatorFlow: false
1436
requirement: ALTERNATIVE
1438
autheticatorFlow: false
1439
userSetupAllowed: false
1440
- authenticatorFlow: true
1441
requirement: ALTERNATIVE
1443
autheticatorFlow: true
1445
userSetupAllowed: false
1446
- id: f23b4ef6-8b24-4416-8c54-503e4a679afc
1448
description: Base authentication for clients
1449
providerId: client-flow
1452
authenticationExecutions:
1453
- authenticator: client-secret
1454
authenticatorFlow: false
1455
requirement: ALTERNATIVE
1457
autheticatorFlow: false
1458
userSetupAllowed: false
1459
- authenticator: client-jwt
1460
authenticatorFlow: false
1461
requirement: ALTERNATIVE
1463
autheticatorFlow: false
1464
userSetupAllowed: false
1465
- authenticator: client-secret-jwt
1466
authenticatorFlow: false
1467
requirement: ALTERNATIVE
1469
autheticatorFlow: false
1470
userSetupAllowed: false
1471
- authenticator: client-x509
1472
authenticatorFlow: false
1473
requirement: ALTERNATIVE
1475
autheticatorFlow: false
1476
userSetupAllowed: false
1477
- id: 8b835a57-4145-49ba-a922-92100aa2ddec
1479
description: OpenID Connect Resource Owner Grant
1480
providerId: basic-flow
1483
authenticationExecutions:
1484
- authenticator: direct-grant-validate-username
1485
authenticatorFlow: false
1486
requirement: REQUIRED
1488
autheticatorFlow: false
1489
userSetupAllowed: false
1490
- authenticator: direct-grant-validate-password
1491
authenticatorFlow: false
1492
requirement: REQUIRED
1494
autheticatorFlow: false
1495
userSetupAllowed: false
1496
- authenticatorFlow: true
1497
requirement: CONDITIONAL
1499
autheticatorFlow: true
1500
flowAlias: Direct Grant - Conditional OTP
1501
userSetupAllowed: false
1502
- id: 8474649e-8e1d-4218-97df-c1edbac87636
1504
description: Used by Docker clients to authenticate against the IDP
1505
providerId: basic-flow
1508
authenticationExecutions:
1509
- authenticator: docker-http-basic-authenticator
1510
authenticatorFlow: false
1511
requirement: REQUIRED
1513
autheticatorFlow: false
1514
userSetupAllowed: false
1515
- id: ede3e69e-cbb5-46fb-8789-e3532e05e9d4
1516
alias: first broker login
1517
description: Actions taken after first broker login with identity provider account,
1518
which is not yet linked to any Keycloak account
1519
providerId: basic-flow
1522
authenticationExecutions:
1523
- authenticatorConfig: review profile config
1524
authenticator: idp-review-profile
1525
authenticatorFlow: false
1526
requirement: REQUIRED
1528
autheticatorFlow: false
1529
userSetupAllowed: false
1530
- authenticatorFlow: true
1531
requirement: REQUIRED
1533
autheticatorFlow: true
1534
flowAlias: User creation or linking
1535
userSetupAllowed: false
1536
- id: 4c207a4f-e46c-4443-a38d-e6cc05708e5f
1538
description: Username, password, otp and other auth forms.
1539
providerId: basic-flow
1542
authenticationExecutions:
1543
- authenticator: auth-username-password-form
1544
authenticatorFlow: false
1545
requirement: REQUIRED
1547
autheticatorFlow: false
1548
userSetupAllowed: false
1549
- authenticatorFlow: true
1550
requirement: CONDITIONAL
1552
autheticatorFlow: true
1553
flowAlias: Browser - Conditional OTP
1554
userSetupAllowed: false
1555
- id: d73c0597-fdd5-44de-a5e9-982033d970d2
1556
alias: http challenge
1557
description: An authentication flow based on challenge-response HTTP Authentication
1559
providerId: basic-flow
1562
authenticationExecutions:
1563
- authenticator: no-cookie-redirect
1564
authenticatorFlow: false
1565
requirement: REQUIRED
1567
autheticatorFlow: false
1568
userSetupAllowed: false
1569
- authenticatorFlow: true
1570
requirement: REQUIRED
1572
autheticatorFlow: true
1573
flowAlias: Authentication Options
1574
userSetupAllowed: false
1575
- id: 15b7b51a-e7d6-4bb2-8204-3bcc1cc8ea67
1577
description: registration flow
1578
providerId: basic-flow
1581
authenticationExecutions:
1582
- authenticator: registration-page-form
1583
authenticatorFlow: true
1584
requirement: REQUIRED
1586
autheticatorFlow: true
1587
flowAlias: registration form
1588
userSetupAllowed: false
1589
- id: 2d517957-80f2-4c66-827a-c6c7ae4413e9
1590
alias: registration form
1591
description: registration form
1592
providerId: form-flow
1595
authenticationExecutions:
1596
- authenticator: registration-user-creation
1597
authenticatorFlow: false
1598
requirement: REQUIRED
1600
autheticatorFlow: false
1601
userSetupAllowed: false
1602
- authenticator: registration-profile-action
1603
authenticatorFlow: false
1604
requirement: REQUIRED
1606
autheticatorFlow: false
1607
userSetupAllowed: false
1608
- authenticator: registration-password-action
1609
authenticatorFlow: false
1610
requirement: REQUIRED
1612
autheticatorFlow: false
1613
userSetupAllowed: false
1614
- authenticator: registration-recaptcha-action
1615
authenticatorFlow: false
1616
requirement: DISABLED
1618
autheticatorFlow: false
1619
userSetupAllowed: false
1620
- id: 88424650-0cad-49a8-9df1-9362a1928375
1621
alias: reset credentials
1622
description: Reset credentials for a user if they forgot their password or something
1623
providerId: basic-flow
1626
authenticationExecutions:
1627
- authenticator: reset-credentials-choose-user
1628
authenticatorFlow: false
1629
requirement: REQUIRED
1631
autheticatorFlow: false
1632
userSetupAllowed: false
1633
- authenticator: reset-credential-email
1634
authenticatorFlow: false
1635
requirement: REQUIRED
1637
autheticatorFlow: false
1638
userSetupAllowed: false
1639
- authenticator: reset-password
1640
authenticatorFlow: false
1641
requirement: REQUIRED
1643
autheticatorFlow: false
1644
userSetupAllowed: false
1645
- authenticatorFlow: true
1646
requirement: CONDITIONAL
1648
autheticatorFlow: true
1649
flowAlias: Reset - Conditional OTP
1650
userSetupAllowed: false
1651
- id: 7e32b05b-7c3d-46d1-a721-b146eb90bbe9
1653
description: SAML ECP Profile Authentication Flow
1654
providerId: basic-flow
1657
authenticationExecutions:
1658
- authenticator: http-basic-authenticator
1659
authenticatorFlow: false
1660
requirement: REQUIRED
1662
autheticatorFlow: false
1663
userSetupAllowed: false
1664
authenticatorConfig:
1665
- id: 7ee30b27-c4c4-4696-8479-4998ecc2cfe3
1666
alias: create unique user config
1668
require.password.update.after.registration: 'false'
1669
- id: b300eb8b-11f4-4163-9843-bf2d2610731d
1670
alias: review profile config
1672
update.profile.on.first.login: missing
1674
- alias: CONFIGURE_TOTP
1676
providerId: CONFIGURE_TOTP
1678
defaultAction: false
1681
- alias: terms_and_conditions
1682
name: Terms and Conditions
1683
providerId: terms_and_conditions
1685
defaultAction: false
1688
- alias: UPDATE_PASSWORD
1689
name: Update Password
1690
providerId: UPDATE_PASSWORD
1692
defaultAction: false
1695
- alias: UPDATE_PROFILE
1696
name: Update Profile
1697
providerId: UPDATE_PROFILE
1699
defaultAction: false
1702
- alias: VERIFY_EMAIL
1704
providerId: VERIFY_EMAIL
1706
defaultAction: false
1709
- alias: delete_account
1710
name: Delete Account
1711
providerId: delete_account
1713
defaultAction: false
1716
- alias: update_user_locale
1717
name: Update User Locale
1718
providerId: update_user_locale
1720
defaultAction: false
1723
browserFlow: browser
1724
registrationFlow: registration
1725
directGrantFlow: direct grant
1726
resetCredentialsFlow: reset credentials
1727
clientAuthenticationFlow: clients
1728
dockerAuthenticationFlow: docker auth
1730
cibaBackchannelTokenDeliveryMode: poll
1731
cibaExpiresIn: '120'
1732
cibaAuthRequestedUserHint: login_hint
1733
oauth2DeviceCodeLifespan: '600'
1734
oauth2DevicePollingInterval: '5'
1735
parRequestUriLifespan: '60'
1737
keycloakVersion: 18.0.0-SNAPSHOT
1738
userManagedAccessAllowed: false