Keycloak

Форк
0
/
test-serialization-realmimport-cr.yml 
1742 строки · 65.7 Кб
1
apiVersion: k8s.keycloak.org/v2alpha1
2
kind: KeycloakRealmImport
3
metadata:
4
  name: example-token-test-kc
5
spec:
6
  keycloakCRName: example-kc
7
  resources:
8
    limits:
9
      cpu: 4
10
      memory: 8Gi
11
  realm:
12
    id: token-test
13
    realm: token-test
14
    notBefore: 0
15
    defaultSignatureAlgorithm: RS256
16
    revokeRefreshToken: false
17
    refreshTokenMaxReuse: 0
18
    accessTokenLifespan: 300
19
    accessTokenLifespanForImplicitFlow: 900
20
    ssoSessionIdleTimeout: 1800
21
    ssoSessionMaxLifespan: 36000
22
    ssoSessionIdleTimeoutRememberMe: 0
23
    ssoSessionMaxLifespanRememberMe: 0
24
    offlineSessionIdleTimeout: 2592000
25
    offlineSessionMaxLifespanEnabled: false
26
    offlineSessionMaxLifespan: 5184000
27
    clientSessionIdleTimeout: 0
28
    clientSessionMaxLifespan: 0
29
    clientOfflineSessionIdleTimeout: 0
30
    clientOfflineSessionMaxLifespan: 0
31
    accessCodeLifespan: 60
32
    accessCodeLifespanUserAction: 300
33
    accessCodeLifespanLogin: 1800
34
    actionTokenGeneratedByAdminLifespan: 43200
35
    actionTokenGeneratedByUserLifespan: 300
36
    oauth2DeviceCodeLifespan: 600
37
    oauth2DevicePollingInterval: 5
38
    enabled: true
39
    sslRequired: external
40
    registrationAllowed: false
41
    registrationEmailAsUsername: false
42
    rememberMe: false
43
    verifyEmail: false
44
    loginWithEmailAllowed: true
45
    duplicateEmailsAllowed: false
46
    resetPasswordAllowed: false
47
    editUsernameAllowed: false
48
    bruteForceProtected: false
49
    permanentLockout: false
50
    maxFailureWaitSeconds: 900
51
    minimumQuickLoginWaitSeconds: 60
52
    waitIncrementSeconds: 60
53
    quickLoginCheckMilliSeconds: 1000
54
    maxDeltaTimeSeconds: 43200
55
    failureFactor: 30
56
    roles:
57
      realm:
58
        - id: f89e3220-2593-4072-bfc2-f06c49f99b0c
59
          name: uma_authorization
60
          description: "${role_uma_authorization}"
61
          composite: false
62
          clientRole: false
63
          containerId: token-test
64
          attributes: {}
65
        - id: ce3f3328-a7a7-4098-99bc-e72456680177
66
          name: offline_access
67
          description: "${role_offline-access}"
68
          composite: false
69
          clientRole: false
70
          containerId: token-test
71
          attributes: {}
72
        - id: 41271c50-8fc7-45ee-a963-a1d3ce881833
73
          name: default-roles-token-test
74
          description: "${role_default-roles}"
75
          composite: true
76
          composites:
77
            realm:
78
              - offline_access
79
              - uma_authorization
80
            client:
81
              account:
82
                - manage-account
83
                - view-profile
84
          clientRole: false
85
          containerId: token-test
86
          attributes: {}
87
      client:
88
        realm-management:
89
          - id: 7de8f53c-8b48-4561-bc53-c23bc02f57b6
90
            name: manage-users
91
            description: "${role_manage-users}"
92
            composite: false
93
            clientRole: true
94
            containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
95
            attributes: {}
96
          - id: 2120ab3d-5700-4918-ab62-6dca0c7b5f41
97
            name: query-clients
98
            description: "${role_query-clients}"
99
            composite: false
100
            clientRole: true
101
            containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
102
            attributes: {}
103
          - id: 831793a7-e725-411a-aa2d-42f775f2a6bf
104
            name: manage-events
105
            description: "${role_manage-events}"
106
            composite: false
107
            clientRole: true
108
            containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
109
            attributes: {}
110
          - id: e7e5c55f-4b0e-4eae-96cc-1acd038cfeeb
111
            name: view-realm
112
            description: "${role_view-realm}"
113
            composite: false
114
            clientRole: true
115
            containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
116
            attributes: {}
117
          - id: 875a8ee1-96b8-485c-86a2-01105b15daa1
118
            name: view-identity-providers
119
            description: "${role_view-identity-providers}"
120
            composite: false
121
            clientRole: true
122
            containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
123
            attributes: {}
124
          - id: d5ac72f8-94e9-4e1c-98bf-f688f0558710
125
            name: view-clients
126
            description: "${role_view-clients}"
127
            composite: true
128
            composites:
129
              client:
130
                realm-management:
131
                  - query-clients
132
            clientRole: true
133
            containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
134
            attributes: {}
135
          - id: a1a61887-0e5c-464f-890a-64f059dc7ca1
136
            name: create-client
137
            description: "${role_create-client}"
138
            composite: false
139
            clientRole: true
140
            containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
141
            attributes: {}
142
          - id: 8b50da86-e52d-45bd-a175-b546d5e76fb3
143
            name: view-events
144
            description: "${role_view-events}"
145
            composite: false
146
            clientRole: true
147
            containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
148
            attributes: {}
149
          - id: dede217d-c210-4278-aa58-fb622a88d562
150
            name: realm-admin
151
            description: "${role_realm-admin}"
152
            composite: true
153
            composites:
154
              client:
155
                realm-management:
156
                  - manage-users
157
                  - query-clients
158
                  - manage-events
159
                  - view-realm
160
                  - view-identity-providers
161
                  - view-clients
162
                  - view-events
163
                  - create-client
164
                  - manage-identity-providers
165
                  - manage-realm
166
                  - manage-authorization
167
                  - impersonation
168
                  - query-realms
169
                  - view-users
170
                  - view-authorization
171
                  - query-groups
172
                  - query-users
173
                  - manage-clients
174
            clientRole: true
175
            containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
176
            attributes: {}
177
          - id: 6a789bf5-7adf-4666-8118-37cf3e2b1c44
178
            name: manage-identity-providers
179
            description: "${role_manage-identity-providers}"
180
            composite: false
181
            clientRole: true
182
            containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
183
            attributes: {}
184
          - id: f549403c-cccd-47a1-bb52-57c80d4ace89
185
            name: manage-realm
186
            description: "${role_manage-realm}"
187
            composite: false
188
            clientRole: true
189
            containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
190
            attributes: {}
191
          - id: 31ddb9c1-1a53-44ec-b67a-a4cc50a760c2
192
            name: manage-authorization
193
            description: "${role_manage-authorization}"
194
            composite: false
195
            clientRole: true
196
            containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
197
            attributes: {}
198
          - id: fa872842-7037-415a-a69d-c34a05ef0a79
199
            name: impersonation
200
            description: "${role_impersonation}"
201
            composite: false
202
            clientRole: true
203
            containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
204
            attributes: {}
205
          - id: de291aed-9b84-4622-94cb-f967bb8b8a31
206
            name: query-realms
207
            description: "${role_query-realms}"
208
            composite: false
209
            clientRole: true
210
            containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
211
            attributes: {}
212
          - id: 28008941-29ac-4693-94f4-0e7a4f6b8e63
213
            name: view-users
214
            description: "${role_view-users}"
215
            composite: true
216
            composites:
217
              client:
218
                realm-management:
219
                  - query-groups
220
                  - query-users
221
            clientRole: true
222
            containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
223
            attributes: {}
224
          - id: 801f5414-67eb-4c92-91b7-34344255b8d5
225
            name: query-groups
226
            description: "${role_query-groups}"
227
            composite: false
228
            clientRole: true
229
            containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
230
            attributes: {}
231
          - id: 6cc9fb5b-3019-4731-876a-dc5b8d288b8c
232
            name: view-authorization
233
            description: "${role_view-authorization}"
234
            composite: false
235
            clientRole: true
236
            containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
237
            attributes: {}
238
          - id: e3fa28de-0587-4736-9142-0bc4cfb468a2
239
            name: query-users
240
            description: "${role_query-users}"
241
            composite: false
242
            clientRole: true
243
            containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
244
            attributes: {}
245
          - id: 24ba3e2b-ff03-42fd-952e-b60acf4d5aa0
246
            name: manage-clients
247
            description: "${role_manage-clients}"
248
            composite: false
249
            clientRole: true
250
            containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
251
            attributes: {}
252
        token-test-client: []
253
        security-admin-console: []
254
        admin-cli: []
255
        account-console: []
256
        broker:
257
          - id: c4b2960e-6bf5-4f89-8a35-766d60c16700
258
            name: read-token
259
            description: "${role_read-token}"
260
            composite: false
261
            clientRole: true
262
            containerId: b93b8aa2-9fbc-48aa-8aa9-5f0c6383330a
263
            attributes: {}
264
        account:
265
          - id: 66b817f9-130e-477b-addc-64406e9149f1
266
            name: manage-account
267
            description: "${role_manage-account}"
268
            composite: true
269
            composites:
270
              client:
271
                account:
272
                  - manage-account-links
273
            clientRole: true
274
            containerId: 884a5020-265a-47c8-babe-25786fda4650
275
            attributes: {}
276
          - id: 4068eead-cc5d-49e6-bd0c-93895b019ab3
277
            name: manage-account-links
278
            description: "${role_manage-account-links}"
279
            composite: false
280
            clientRole: true
281
            containerId: 884a5020-265a-47c8-babe-25786fda4650
282
            attributes: {}
283
          - id: 3d1e7b71-8e37-455a-9d47-3207143b167e
284
            name: view-consent
285
            description: "${role_view-consent}"
286
            composite: false
287
            clientRole: true
288
            containerId: 884a5020-265a-47c8-babe-25786fda4650
289
            attributes: {}
290
          - id: 617f7c3c-d7e3-4f76-b0f8-27abb06cc6bd
291
            name: view-profile
292
            description: "${role_view-profile}"
293
            composite: false
294
            clientRole: true
295
            containerId: 884a5020-265a-47c8-babe-25786fda4650
296
            attributes: {}
297
          - id: f7e170f3-5966-4cc1-933d-50a28a2c4603
298
            name: manage-consent
299
            description: "${role_manage-consent}"
300
            composite: true
301
            composites:
302
              client:
303
                account:
304
                  - view-consent
305
            clientRole: true
306
            containerId: 884a5020-265a-47c8-babe-25786fda4650
307
            attributes: {}
308
          - id: 39ece46a-7d4c-42fe-b4ef-c0b48256f407
309
            name: view-applications
310
            description: "${role_view-applications}"
311
            composite: false
312
            clientRole: true
313
            containerId: 884a5020-265a-47c8-babe-25786fda4650
314
            attributes: {}
315
          - id: 696abcea-f88f-4319-83d1-dcdba957cc2e
316
            name: delete-account
317
            description: "${role_delete-account}"
318
            composite: false
319
            clientRole: true
320
            containerId: 884a5020-265a-47c8-babe-25786fda4650
321
            attributes: {}
322
    groups: []
323
    defaultRole:
324
      id: 41271c50-8fc7-45ee-a963-a1d3ce881833
325
      name: default-roles-token-test
326
      description: "${role_default-roles}"
327
      composite: true
328
      clientRole: false
329
      containerId: token-test
330
    requiredCredentials:
331
      - password
332
    otpPolicyType: totp
333
    otpPolicyAlgorithm: HmacSHA1
334
    otpPolicyInitialCounter: 0
335
    otpPolicyDigits: 6
336
    otpPolicyLookAheadWindow: 1
337
    otpPolicyPeriod: 30
338
    otpSupportedApplications:
339
      - FreeOTP
340
      - Google Authenticator
341
    webAuthnPolicyRpEntityName: keycloak
342
    webAuthnPolicySignatureAlgorithms:
343
      - ES256
344
    webAuthnPolicyRpId: ''
345
    webAuthnPolicyAttestationConveyancePreference: not specified
346
    webAuthnPolicyAuthenticatorAttachment: not specified
347
    webAuthnPolicyRequireResidentKey: not specified
348
    webAuthnPolicyUserVerificationRequirement: not specified
349
    webAuthnPolicyCreateTimeout: 0
350
    webAuthnPolicyAvoidSameAuthenticatorRegister: false
351
    webAuthnPolicyAcceptableAaguids: []
352
    webAuthnPolicyPasswordlessRpEntityName: keycloak
353
    webAuthnPolicyPasswordlessSignatureAlgorithms:
354
      - ES256
355
    webAuthnPolicyPasswordlessRpId: ''
356
    webAuthnPolicyPasswordlessAttestationConveyancePreference: not specified
357
    webAuthnPolicyPasswordlessAuthenticatorAttachment: not specified
358
    webAuthnPolicyPasswordlessRequireResidentKey: not specified
359
    webAuthnPolicyPasswordlessUserVerificationRequirement: not specified
360
    webAuthnPolicyPasswordlessCreateTimeout: 0
361
    webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister: false
362
    webAuthnPolicyPasswordlessAcceptableAaguids: []
363
    users:
364
      - id: b660eec6-a93b-46fd-abb2-e9fbdff67a63
365
        createdTimestamp: 1645713689127
366
        username: test
367
        enabled: true
368
        totp: false
369
        emailVerified: false
370
        credentials:
371
          - id: 5c2bcf07-204a-4c19-aa40-c652198b289a
372
            type: password
373
            createdDate: 1645713704041
374
            secretData: '{"value":"GbcXn5JEdNpblA2NnXwX60mm614FHjdbxhK1x7v6WwGc0E8ZrNvho7Se8upLt9+/NTHu2NmuWlWM1QwdOWfyHQ==","salt":"YaIEcNqTNMS4fZ2iUKd/wg==","additionalParameters":{}}'
375
            credentialData: '{"hashIterations":27500,"algorithm":"pbkdf2-sha256","additionalParameters":{}}'
376
        disableableCredentialTypes: []
377
        requiredActions: []
378
        realmRoles:
379
          - default-roles-token-test
380
        notBefore: 0
381
        groups: []
382
    scopeMappings:
383
      - clientScope: offline_access
384
        roles:
385
          - offline_access
386
    clientScopeMappings:
387
      account:
388
        - client: account-console
389
          roles:
390
            - manage-account
391
    clients:
392
      - id: 884a5020-265a-47c8-babe-25786fda4650
393
        clientId: account
394
        name: "${client_account}"
395
        rootUrl: "${authBaseUrl}"
396
        baseUrl: "/realms/token-test/account/"
397
        surrogateAuthRequired: false
398
        enabled: true
399
        alwaysDisplayInConsole: false
400
        clientAuthenticatorType: client-secret
401
        redirectUris:
402
          - "/realms/token-test/account/*"
403
        webOrigins: []
404
        notBefore: 0
405
        bearerOnly: false
406
        consentRequired: false
407
        standardFlowEnabled: true
408
        implicitFlowEnabled: false
409
        directAccessGrantsEnabled: false
410
        serviceAccountsEnabled: false
411
        publicClient: true
412
        frontchannelLogout: false
413
        protocol: openid-connect
414
        attributes: {}
415
        authenticationFlowBindingOverrides: {}
416
        fullScopeAllowed: false
417
        nodeReRegistrationTimeout: 0
418
        defaultClientScopes:
419
          - web-origins
420
          - roles
421
          - profile
422
          - email
423
        optionalClientScopes:
424
          - address
425
          - phone
426
          - offline_access
427
          - microprofile-jwt
428
      - id: 8248ac6a-9940-4fec-a6ad-4b11b4b303c2
429
        clientId: account-console
430
        name: "${client_account-console}"
431
        rootUrl: "${authBaseUrl}"
432
        baseUrl: "/realms/token-test/account/"
433
        surrogateAuthRequired: false
434
        enabled: true
435
        alwaysDisplayInConsole: false
436
        clientAuthenticatorType: client-secret
437
        redirectUris:
438
          - "/realms/token-test/account/*"
439
        webOrigins: []
440
        notBefore: 0
441
        bearerOnly: false
442
        consentRequired: false
443
        standardFlowEnabled: true
444
        implicitFlowEnabled: false
445
        directAccessGrantsEnabled: false
446
        serviceAccountsEnabled: false
447
        publicClient: true
448
        frontchannelLogout: false
449
        protocol: openid-connect
450
        attributes:
451
          pkce.code.challenge.method: S256
452
        authenticationFlowBindingOverrides: {}
453
        fullScopeAllowed: false
454
        nodeReRegistrationTimeout: 0
455
        protocolMappers:
456
          - id: 60bbc11f-acea-4e61-8de7-d6e1a1d9bb0f
457
            name: audience resolve
458
            protocol: openid-connect
459
            protocolMapper: oidc-audience-resolve-mapper
460
            consentRequired: false
461
            config: {}
462
        defaultClientScopes:
463
          - web-origins
464
          - roles
465
          - profile
466
          - email
467
        optionalClientScopes:
468
          - address
469
          - phone
470
          - offline_access
471
          - microprofile-jwt
472
      - id: 2333c4da-18a6-4f3d-b37f-b0b57c83c511
473
        clientId: admin-cli
474
        name: "${client_admin-cli}"
475
        surrogateAuthRequired: false
476
        enabled: true
477
        alwaysDisplayInConsole: false
478
        clientAuthenticatorType: client-secret
479
        redirectUris: []
480
        webOrigins: []
481
        notBefore: 0
482
        bearerOnly: false
483
        consentRequired: false
484
        standardFlowEnabled: false
485
        implicitFlowEnabled: false
486
        directAccessGrantsEnabled: true
487
        serviceAccountsEnabled: false
488
        publicClient: true
489
        frontchannelLogout: false
490
        protocol: openid-connect
491
        attributes: {}
492
        authenticationFlowBindingOverrides: {}
493
        fullScopeAllowed: false
494
        nodeReRegistrationTimeout: 0
495
        defaultClientScopes:
496
          - web-origins
497
          - roles
498
          - profile
499
          - email
500
        optionalClientScopes:
501
          - address
502
          - phone
503
          - offline_access
504
          - microprofile-jwt
505
      - id: b93b8aa2-9fbc-48aa-8aa9-5f0c6383330a
506
        clientId: broker
507
        name: "${client_broker}"
508
        surrogateAuthRequired: false
509
        enabled: true
510
        alwaysDisplayInConsole: false
511
        clientAuthenticatorType: client-secret
512
        redirectUris: []
513
        webOrigins: []
514
        notBefore: 0
515
        bearerOnly: true
516
        consentRequired: false
517
        standardFlowEnabled: true
518
        implicitFlowEnabled: false
519
        directAccessGrantsEnabled: false
520
        serviceAccountsEnabled: false
521
        publicClient: false
522
        frontchannelLogout: false
523
        protocol: openid-connect
524
        attributes: {}
525
        authenticationFlowBindingOverrides: {}
526
        fullScopeAllowed: false
527
        nodeReRegistrationTimeout: 0
528
        defaultClientScopes:
529
          - web-origins
530
          - roles
531
          - profile
532
          - email
533
        optionalClientScopes:
534
          - address
535
          - phone
536
          - offline_access
537
          - microprofile-jwt
538
      - id: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
539
        clientId: realm-management
540
        name: "${client_realm-management}"
541
        surrogateAuthRequired: false
542
        enabled: true
543
        alwaysDisplayInConsole: false
544
        clientAuthenticatorType: client-secret
545
        redirectUris: []
546
        webOrigins: []
547
        notBefore: 0
548
        bearerOnly: true
549
        consentRequired: false
550
        standardFlowEnabled: true
551
        implicitFlowEnabled: false
552
        directAccessGrantsEnabled: false
553
        serviceAccountsEnabled: false
554
        publicClient: false
555
        frontchannelLogout: false
556
        protocol: openid-connect
557
        attributes: {}
558
        authenticationFlowBindingOverrides: {}
559
        fullScopeAllowed: false
560
        nodeReRegistrationTimeout: 0
561
        defaultClientScopes:
562
          - web-origins
563
          - roles
564
          - profile
565
          - email
566
        optionalClientScopes:
567
          - address
568
          - phone
569
          - offline_access
570
          - microprofile-jwt
571
      - id: 79af8215-9c3c-462c-a005-bcf8ad5e3ea5
572
        clientId: security-admin-console
573
        name: "${client_security-admin-console}"
574
        rootUrl: "${authAdminUrl}"
575
        baseUrl: "/admin/token-test/console/"
576
        surrogateAuthRequired: false
577
        enabled: true
578
        alwaysDisplayInConsole: false
579
        clientAuthenticatorType: client-secret
580
        redirectUris:
581
          - "/admin/token-test/console/*"
582
        webOrigins:
583
          - "+"
584
        notBefore: 0
585
        bearerOnly: false
586
        consentRequired: false
587
        standardFlowEnabled: true
588
        implicitFlowEnabled: false
589
        directAccessGrantsEnabled: false
590
        serviceAccountsEnabled: false
591
        publicClient: true
592
        frontchannelLogout: false
593
        protocol: openid-connect
594
        attributes:
595
          pkce.code.challenge.method: S256
596
        authenticationFlowBindingOverrides: {}
597
        fullScopeAllowed: false
598
        nodeReRegistrationTimeout: 0
599
        protocolMappers:
600
          - id: 0ff87aba-d404-4ac6-8244-16562aa42340
601
            name: locale
602
            protocol: openid-connect
603
            protocolMapper: oidc-usermodel-attribute-mapper
604
            consentRequired: false
605
            config:
606
              userinfo.token.claim: 'true'
607
              user.attribute: locale
608
              id.token.claim: 'true'
609
              access.token.claim: 'true'
610
              claim.name: locale
611
              jsonType.label: String
612
        defaultClientScopes:
613
          - web-origins
614
          - roles
615
          - profile
616
          - email
617
        optionalClientScopes:
618
          - address
619
          - phone
620
          - offline_access
621
          - microprofile-jwt
622
      - id: 723e0da4-e2cc-4b2c-9f40-f42101d3e7a5
623
        clientId: token-test-client
624
        baseUrl: http://localhost:8080/realms/token-test/account/
625
        surrogateAuthRequired: false
626
        enabled: true
627
        alwaysDisplayInConsole: false
628
        clientAuthenticatorType: client-secret
629
        redirectUris:
630
          - token-test
631
        webOrigins:
632
          - localhost
633
          - 127.0.0.1:8080
634
          - localhost:8443
635
          - 127.0.0.1:8443
636
          - localhost:8080
637
          - 127.0.0.1
638
        notBefore: 0
639
        bearerOnly: false
640
        consentRequired: false
641
        standardFlowEnabled: true
642
        implicitFlowEnabled: false
643
        directAccessGrantsEnabled: true
644
        serviceAccountsEnabled: false
645
        publicClient: true
646
        frontchannelLogout: false
647
        protocol: openid-connect
648
        attributes:
649
          access.token.lifespan: '6000'
650
          saml.force.post.binding: 'false'
651
          saml.multivalued.roles: 'false'
652
          oauth2.device.authorization.grant.enabled: 'false'
653
          backchannel.logout.revoke.offline.tokens: 'false'
654
          saml.server.signature.keyinfo.ext: 'false'
655
          use.refresh.tokens: 'true'
656
          oidc.ciba.grant.enabled: 'false'
657
          backchannel.logout.session.required: 'true'
658
          client_credentials.use_refresh_token: 'false'
659
          require.pushed.authorization.requests: 'false'
660
          saml.client.signature: 'false'
661
          id.token.as.detached.signature: 'false'
662
          saml.assertion.signature: 'false'
663
          saml.encrypt: 'false'
664
          saml.server.signature: 'false'
665
          exclude.session.state.from.auth.response: 'false'
666
          saml.artifact.binding: 'false'
667
          saml_force_name_id_format: 'false'
668
          acr.loa.map: "{}"
669
          tls.client.certificate.bound.access.tokens: 'false'
670
          saml.authnstatement: 'false'
671
          display.on.consent.screen: 'false'
672
          token.response.type.bearer.lower-case: 'false'
673
          saml.onetimeuse.condition: 'false'
674
        authenticationFlowBindingOverrides: {}
675
        fullScopeAllowed: true
676
        nodeReRegistrationTimeout: -1
677
        defaultClientScopes:
678
          - web-origins
679
          - roles
680
          - profile
681
          - email
682
        optionalClientScopes:
683
          - address
684
          - phone
685
          - offline_access
686
          - microprofile-jwt
687
    clientScopes:
688
      - id: 83c642d1-0768-487f-9ea9-76f47b6bf308
689
        name: email
690
        description: 'OpenID Connect built-in scope: email'
691
        protocol: openid-connect
692
        attributes:
693
          include.in.token.scope: 'true'
694
          display.on.consent.screen: 'true'
695
          consent.screen.text: "${emailScopeConsentText}"
696
        protocolMappers:
697
          - id: 3c769676-15e6-40b9-8038-2564a42d2b71
698
            name: email
699
            protocol: openid-connect
700
            protocolMapper: oidc-usermodel-property-mapper
701
            consentRequired: false
702
            config:
703
              userinfo.token.claim: 'true'
704
              user.attribute: email
705
              id.token.claim: 'true'
706
              access.token.claim: 'true'
707
              claim.name: email
708
              jsonType.label: String
709
          - id: 0d8dd2f6-40b3-4b41-a6f7-b57458932670
710
            name: email verified
711
            protocol: openid-connect
712
            protocolMapper: oidc-usermodel-property-mapper
713
            consentRequired: false
714
            config:
715
              userinfo.token.claim: 'true'
716
              user.attribute: emailVerified
717
              id.token.claim: 'true'
718
              access.token.claim: 'true'
719
              claim.name: email_verified
720
              jsonType.label: boolean
721
      - id: 851084f7-5d63-43ee-8599-00e7101e61c3
722
        name: microprofile-jwt
723
        description: Microprofile - JWT built-in scope
724
        protocol: openid-connect
725
        attributes:
726
          include.in.token.scope: 'true'
727
          display.on.consent.screen: 'false'
728
        protocolMappers:
729
          - id: 682a2488-36bb-42d3-a6e6-35b9d5e3d4c5
730
            name: groups
731
            protocol: openid-connect
732
            protocolMapper: oidc-usermodel-realm-role-mapper
733
            consentRequired: false
734
            config:
735
              multivalued: 'true'
736
              user.attribute: foo
737
              id.token.claim: 'true'
738
              access.token.claim: 'true'
739
              claim.name: groups
740
              jsonType.label: String
741
          - id: 398e9b68-8327-425a-89d7-e639cadfe784
742
            name: upn
743
            protocol: openid-connect
744
            protocolMapper: oidc-usermodel-property-mapper
745
            consentRequired: false
746
            config:
747
              userinfo.token.claim: 'true'
748
              user.attribute: username
749
              id.token.claim: 'true'
750
              access.token.claim: 'true'
751
              claim.name: upn
752
              jsonType.label: String
753
      - id: c6eb0bac-39a0-4a10-839e-98a2d9426a52
754
        name: roles
755
        description: OpenID Connect scope for add user roles to the access token
756
        protocol: openid-connect
757
        attributes:
758
          include.in.token.scope: 'false'
759
          display.on.consent.screen: 'true'
760
          consent.screen.text: "${rolesScopeConsentText}"
761
        protocolMappers:
762
          - id: f8c4efd0-aeaa-4540-a47c-20e04bef4954
763
            name: audience resolve
764
            protocol: openid-connect
765
            protocolMapper: oidc-audience-resolve-mapper
766
            consentRequired: false
767
            config: {}
768
          - id: e22bb72a-5fae-4a92-b5e9-1dd57488910f
769
            name: client roles
770
            protocol: openid-connect
771
            protocolMapper: oidc-usermodel-client-role-mapper
772
            consentRequired: false
773
            config:
774
              user.attribute: foo
775
              access.token.claim: 'true'
776
              claim.name: resource_access.${client_id}.roles
777
              jsonType.label: String
778
              multivalued: 'true'
779
          - id: db34ab22-a6d3-4b7e-8f39-158439375ccb
780
            name: realm roles
781
            protocol: openid-connect
782
            protocolMapper: oidc-usermodel-realm-role-mapper
783
            consentRequired: false
784
            config:
785
              user.attribute: foo
786
              access.token.claim: 'true'
787
              claim.name: realm_access.roles
788
              jsonType.label: String
789
              multivalued: 'true'
790
      - id: 7a52c125-48f0-44fd-8f1a-1809f8b2de36
791
        name: role_list
792
        description: SAML role list
793
        protocol: saml
794
        attributes:
795
          consent.screen.text: "${samlRoleListScopeConsentText}"
796
          display.on.consent.screen: 'true'
797
        protocolMappers:
798
          - id: 9e2e632e-9574-43b1-a51c-9aade0906f3f
799
            name: role list
800
            protocol: saml
801
            protocolMapper: saml-role-list-mapper
802
            consentRequired: false
803
            config:
804
              single: 'false'
805
              attribute.nameformat: Basic
806
              attribute.name: Role
807
      - id: 3a61fa5e-64ff-45be-aede-2c781ee03541
808
        name: phone
809
        description: 'OpenID Connect built-in scope: phone'
810
        protocol: openid-connect
811
        attributes:
812
          include.in.token.scope: 'true'
813
          display.on.consent.screen: 'true'
814
          consent.screen.text: "${phoneScopeConsentText}"
815
        protocolMappers:
816
          - id: 14579adc-1b3b-42e5-9602-4d8f9fa88e80
817
            name: phone number verified
818
            protocol: openid-connect
819
            protocolMapper: oidc-usermodel-attribute-mapper
820
            consentRequired: false
821
            config:
822
              userinfo.token.claim: 'true'
823
              user.attribute: phoneNumberVerified
824
              id.token.claim: 'true'
825
              access.token.claim: 'true'
826
              claim.name: phone_number_verified
827
              jsonType.label: boolean
828
          - id: 0d582284-ae4e-4fd6-9e50-555f2dc7d078
829
            name: phone number
830
            protocol: openid-connect
831
            protocolMapper: oidc-usermodel-attribute-mapper
832
            consentRequired: false
833
            config:
834
              userinfo.token.claim: 'true'
835
              user.attribute: phoneNumber
836
              id.token.claim: 'true'
837
              access.token.claim: 'true'
838
              claim.name: phone_number
839
              jsonType.label: String
840
      - id: e48bc0ba-24e7-4d91-b0d1-7cc81e9afe5f
841
        name: address
842
        description: 'OpenID Connect built-in scope: address'
843
        protocol: openid-connect
844
        attributes:
845
          include.in.token.scope: 'true'
846
          display.on.consent.screen: 'true'
847
          consent.screen.text: "${addressScopeConsentText}"
848
        protocolMappers:
849
          - id: bd21105a-0cd4-4c63-ada2-8edc37475d38
850
            name: address
851
            protocol: openid-connect
852
            protocolMapper: oidc-address-mapper
853
            consentRequired: false
854
            config:
855
              user.attribute.formatted: formatted
856
              user.attribute.country: country
857
              user.attribute.postal_code: postal_code
858
              userinfo.token.claim: 'true'
859
              user.attribute.street: street
860
              id.token.claim: 'true'
861
              user.attribute.region: region
862
              access.token.claim: 'true'
863
              user.attribute.locality: locality
864
      - id: e14c7a2b-c298-40e9-b8e2-01a41b1556b4
865
        name: offline_access
866
        description: 'OpenID Connect built-in scope: offline_access'
867
        protocol: openid-connect
868
        attributes:
869
          consent.screen.text: "${offlineAccessScopeConsentText}"
870
          display.on.consent.screen: 'true'
871
      - id: aa7fea10-12a7-4a2e-9513-8f449d18bdbd
872
        name: web-origins
873
        description: OpenID Connect scope for add allowed web origins to the access token
874
        protocol: openid-connect
875
        attributes:
876
          include.in.token.scope: 'false'
877
          display.on.consent.screen: 'false'
878
          consent.screen.text: ''
879
        protocolMappers:
880
          - id: 134b42aa-8eb7-4f17-b468-0a4db3414b07
881
            name: allowed web origins
882
            protocol: openid-connect
883
            protocolMapper: oidc-allowed-origins-mapper
884
            consentRequired: false
885
            config: {}
886
      - id: c6c98a14-edcf-4bf7-8b82-4230f8cf7eca
887
        name: profile
888
        description: 'OpenID Connect built-in scope: profile'
889
        protocol: openid-connect
890
        attributes:
891
          include.in.token.scope: 'true'
892
          display.on.consent.screen: 'true'
893
          consent.screen.text: "${profileScopeConsentText}"
894
        protocolMappers:
895
          - id: c07e881a-2715-436b-8e23-738e9eb02304
896
            name: family name
897
            protocol: openid-connect
898
            protocolMapper: oidc-usermodel-property-mapper
899
            consentRequired: false
900
            config:
901
              userinfo.token.claim: 'true'
902
              user.attribute: lastName
903
              id.token.claim: 'true'
904
              access.token.claim: 'true'
905
              claim.name: family_name
906
              jsonType.label: String
907
          - id: 479cafcb-7a00-4c37-a94a-31b7e9622db7
908
            name: gender
909
            protocol: openid-connect
910
            protocolMapper: oidc-usermodel-attribute-mapper
911
            consentRequired: false
912
            config:
913
              userinfo.token.claim: 'true'
914
              user.attribute: gender
915
              id.token.claim: 'true'
916
              access.token.claim: 'true'
917
              claim.name: gender
918
              jsonType.label: String
919
          - id: 581d067c-0151-4cfc-9c7b-64ed762e03ae
920
            name: full name
921
            protocol: openid-connect
922
            protocolMapper: oidc-full-name-mapper
923
            consentRequired: false
924
            config:
925
              id.token.claim: 'true'
926
              access.token.claim: 'true'
927
              userinfo.token.claim: 'true'
928
          - id: 87b0ce4b-86b3-4143-926f-301f3afee083
929
            name: middle name
930
            protocol: openid-connect
931
            protocolMapper: oidc-usermodel-attribute-mapper
932
            consentRequired: false
933
            config:
934
              userinfo.token.claim: 'true'
935
              user.attribute: middleName
936
              id.token.claim: 'true'
937
              access.token.claim: 'true'
938
              claim.name: middle_name
939
              jsonType.label: String
940
          - id: 2f4f8664-ed76-448e-9814-2bb84b8c8d03
941
            name: username
942
            protocol: openid-connect
943
            protocolMapper: oidc-usermodel-property-mapper
944
            consentRequired: false
945
            config:
946
              userinfo.token.claim: 'true'
947
              user.attribute: username
948
              id.token.claim: 'true'
949
              access.token.claim: 'true'
950
              claim.name: preferred_username
951
              jsonType.label: String
952
          - id: d1568b1c-5034-429c-b7f0-ef876b4dcef0
953
            name: zoneinfo
954
            protocol: openid-connect
955
            protocolMapper: oidc-usermodel-attribute-mapper
956
            consentRequired: false
957
            config:
958
              userinfo.token.claim: 'true'
959
              user.attribute: zoneinfo
960
              id.token.claim: 'true'
961
              access.token.claim: 'true'
962
              claim.name: zoneinfo
963
              jsonType.label: String
964
          - id: 070b8b25-a1f7-4a61-9786-d5a56bc62a70
965
            name: nickname
966
            protocol: openid-connect
967
            protocolMapper: oidc-usermodel-attribute-mapper
968
            consentRequired: false
969
            config:
970
              userinfo.token.claim: 'true'
971
              user.attribute: nickname
972
              id.token.claim: 'true'
973
              access.token.claim: 'true'
974
              claim.name: nickname
975
              jsonType.label: String
976
          - id: 651d7a9e-d368-464b-8890-1d6d8a383ec4
977
            name: profile
978
            protocol: openid-connect
979
            protocolMapper: oidc-usermodel-attribute-mapper
980
            consentRequired: false
981
            config:
982
              userinfo.token.claim: 'true'
983
              user.attribute: profile
984
              id.token.claim: 'true'
985
              access.token.claim: 'true'
986
              claim.name: profile
987
              jsonType.label: String
988
          - id: 650a0ddd-833d-4a31-9c5a-8aa64f6a7d22
989
            name: given name
990
            protocol: openid-connect
991
            protocolMapper: oidc-usermodel-property-mapper
992
            consentRequired: false
993
            config:
994
              userinfo.token.claim: 'true'
995
              user.attribute: firstName
996
              id.token.claim: 'true'
997
              access.token.claim: 'true'
998
              claim.name: given_name
999
              jsonType.label: String
1000
          - id: 90b55b69-ac74-448c-ba77-c92e974f90db
1001
            name: locale
1002
            protocol: openid-connect
1003
            protocolMapper: oidc-usermodel-attribute-mapper
1004
            consentRequired: false
1005
            config:
1006
              userinfo.token.claim: 'true'
1007
              user.attribute: locale
1008
              id.token.claim: 'true'
1009
              access.token.claim: 'true'
1010
              claim.name: locale
1011
              jsonType.label: String
1012
          - id: 52fa62e2-24f7-445f-8a1b-0b2c201cad3e
1013
            name: updated at
1014
            protocol: openid-connect
1015
            protocolMapper: oidc-usermodel-attribute-mapper
1016
            consentRequired: false
1017
            config:
1018
              userinfo.token.claim: 'true'
1019
              user.attribute: updatedAt
1020
              id.token.claim: 'true'
1021
              access.token.claim: 'true'
1022
              claim.name: updated_at
1023
              jsonType.label: String
1024
          - id: 510d43fc-bda3-456a-b57b-b1802932975f
1025
            name: website
1026
            protocol: openid-connect
1027
            protocolMapper: oidc-usermodel-attribute-mapper
1028
            consentRequired: false
1029
            config:
1030
              userinfo.token.claim: 'true'
1031
              user.attribute: website
1032
              id.token.claim: 'true'
1033
              access.token.claim: 'true'
1034
              claim.name: website
1035
              jsonType.label: String
1036
          - id: a9bd191a-7c39-4d5b-a730-8712e61bd047
1037
            name: picture
1038
            protocol: openid-connect
1039
            protocolMapper: oidc-usermodel-attribute-mapper
1040
            consentRequired: false
1041
            config:
1042
              userinfo.token.claim: 'true'
1043
              user.attribute: picture
1044
              id.token.claim: 'true'
1045
              access.token.claim: 'true'
1046
              claim.name: picture
1047
              jsonType.label: String
1048
          - id: 267cc28e-498c-414d-9f2c-25a9046e3b21
1049
            name: birthdate
1050
            protocol: openid-connect
1051
            protocolMapper: oidc-usermodel-attribute-mapper
1052
            consentRequired: false
1053
            config:
1054
              userinfo.token.claim: 'true'
1055
              user.attribute: birthdate
1056
              id.token.claim: 'true'
1057
              access.token.claim: 'true'
1058
              claim.name: birthdate
1059
              jsonType.label: String
1060
    defaultDefaultClientScopes:
1061
      - role_list
1062
      - profile
1063
      - email
1064
      - roles
1065
      - web-origins
1066
    defaultOptionalClientScopes:
1067
      - offline_access
1068
      - address
1069
      - phone
1070
      - microprofile-jwt
1071
    browserSecurityHeaders:
1072
      contentSecurityPolicyReportOnly: ''
1073
      xContentTypeOptions: nosniff
1074
      xRobotsTag: none
1075
      xFrameOptions: SAMEORIGIN
1076
      contentSecurityPolicy: frame-src 'self'; frame-ancestors 'self'; object-src 'none';
1077
      xXSSProtection: 1; mode=block
1078
      strictTransportSecurity: max-age=31536000; includeSubDomains
1079
    smtpServer: {}
1080
    eventsEnabled: false
1081
    eventsListeners:
1082
      - jboss-logging
1083
    enabledEventTypes: []
1084
    adminEventsEnabled: false
1085
    adminEventsDetailsEnabled: false
1086
    identityProviders: []
1087
    identityProviderMappers: []
1088
    components:
1089
      org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy:
1090
        - id: 1fa57595-ddd4-4887-ab09-c511a040236f
1091
          name: Consent Required
1092
          providerId: consent-required
1093
          subType: anonymous
1094
          subComponents: 
1095
            level1:
1096
              - id: id1
1097
                name: Consent Required
1098
                providerId: consent-required
1099
                subType: anonymous
1100
                subComponents:
1101
                  level2:
1102
                    - id: id2
1103
                      name: Consent Required
1104
                      providerId: consent-required
1105
                      subType: anonymous
1106
                      config: {}    
1107
                config: {}
1108
          config: {}
1109
        - id: 7063fa94-4f9e-48cd-9659-bb46ccc09764
1110
          name: Full Scope Disabled
1111
          providerId: scope
1112
          subType: anonymous
1113
          subComponents: {}
1114
          config: {}
1115
        - id: 02a54f88-b589-47a7-9f05-d3bbdc91f1cc
1116
          name: Allowed Protocol Mapper Types
1117
          providerId: allowed-protocol-mappers
1118
          subType: anonymous
1119
          subComponents: {}
1120
          config:
1121
            allowed-protocol-mapper-types:
1122
              - oidc-full-name-mapper
1123
              - saml-user-attribute-mapper
1124
              - oidc-usermodel-attribute-mapper
1125
              - saml-user-property-mapper
1126
              - oidc-sha256-pairwise-sub-mapper
1127
              - saml-role-list-mapper
1128
              - oidc-address-mapper
1129
              - oidc-usermodel-property-mapper
1130
        - id: 773c5f86-5d98-4de9-b671-7c16b6d9edec
1131
          name: Allowed Protocol Mapper Types
1132
          providerId: allowed-protocol-mappers
1133
          subType: authenticated
1134
          subComponents: {}
1135
          config:
1136
            allowed-protocol-mapper-types:
1137
              - oidc-full-name-mapper
1138
              - saml-role-list-mapper
1139
              - oidc-usermodel-attribute-mapper
1140
              - oidc-address-mapper
1141
              - oidc-sha256-pairwise-sub-mapper
1142
              - saml-user-attribute-mapper
1143
              - saml-user-property-mapper
1144
              - oidc-usermodel-property-mapper
1145
        - id: 295b5e57-10bf-49ea-91af-9f8e3efcbbd2
1146
          name: Allowed Client Scopes
1147
          providerId: allowed-client-templates
1148
          subType: anonymous
1149
          subComponents: {}
1150
          config:
1151
            allow-default-scopes:
1152
              - 'true'
1153
        - id: d40fbdbf-2dfa-4e1a-b16a-a50fc188f8f3
1154
          name: Allowed Client Scopes
1155
          providerId: allowed-client-templates
1156
          subType: authenticated
1157
          subComponents: {}
1158
          config:
1159
            allow-default-scopes:
1160
              - 'true'
1161
        - id: 848fadee-77c2-4ec6-9cb1-0a880f8a8ab9
1162
          name: Trusted Hosts
1163
          providerId: trusted-hosts
1164
          subType: anonymous
1165
          subComponents: {}
1166
          config:
1167
            host-sending-registration-request-must-match:
1168
              - 'true'
1169
            client-uris-must-match:
1170
              - 'true'
1171
        - id: d9ea7724-fda7-4ff8-80ee-5d404e568e12
1172
          name: Max Clients Limit
1173
          providerId: max-clients
1174
          subType: anonymous
1175
          subComponents: {}
1176
          config:
1177
            max-clients:
1178
              - '200'
1179
      org.keycloak.keys.KeyProvider:
1180
        - id: 2d50d57e-5ba0-400b-901b-fa2885e0b1ea
1181
          name: rsa-generated
1182
          providerId: rsa-generated
1183
          subComponents: {}
1184
          config:
1185
            privateKey:
1186
              - MIIEpAIBAAKCAQEAy+YQfjoAZZ2uTS0X09R4JMj3CLlrElSjuE+NHi+OU3HOWNl9v+fT2kIswlD7ijn3MeR9qoPZLwIsE6b1SlSw12I1Gc57JIOs++VCZKTG5eMoBsEOntHbVU71LjwbKAqNVE//UeyuTKRv6y9YNX8BoFH/KFNE9unemv5M1DpHiH/bbco+4hXR+BcyhEbP2U8+JHcBdxbD8k8fcRgMGIXFwylHwlzAQwnmOG/tQ1P0/u1frSFq6hNj4phZ0V1JdpjfICk88tKrggMtNG7bEmh7k3ZrXsoyqJ6XKrVaIrvI9zuTz4aIsgEdBR2d7Up6pjANR1oJmXyiNGoMxVo/OdedWwIDAQABAoIBAQCLnXYPqJGbAvRV3hmhr6uwrHcS3zukqpYMX1RmpfOTyaqchhgn7orOuV9CkwcaKATOggFWX7+4A4nAzyLIieMpKBLqH8uMPimVte7XUUjsIrXGoizrrRC9gjo6NWf26/rID5rpMuJKkpIb/SguQVAQwfSwXQws8gi+IoDjFSDkIkbGC/c5M1hPxocIc9hcKN5yTnSiSMY6PtX5YMRoNV2L7hwCnZnAgd9sZSeSi+i39BNT6XYXuBroBWTEc6R3dfG/cRI6jTJZMl43RxgxSCCcdEZvxZXuONpUQVrSDkqwvuDkSYx8d0CkbQha4sHQj8juR9E4ziF57og/WXfaUd1BAoGBAPPk5hsL4Fr+tEcv65L/7tGy3Q2VaFqRNvDM6lHmKZy/WjFGXa3rMdcXyUny5uvN7E+Iqwt7Up0ab4pmvciGBX05wJO6OyXmk3pZuWRSLPT9WmkUCH8HLciGCirlJZPQY3LqR+qcl/MQ4wlLQOMzJUFwwvoOICGEOz1MY6nadSFhAoGBANYE9Bsi1lo7p02SJSQIk4pQEFT7vPqGVaku+2VLFHVzcO/teLNBiO9PimHwibk3r4Gtmv3P6jqvK8Q4D0V0tNnVjWg3vsJ4AAgkY7H5rt7RdNf9uy7QZzy6FgimwjQ4vhJDC4hsNEHuz6noCK+uaG5TarWQ1IXj/M08p4U5RGw7AoGAYMyZk2R8UEFFFffr/LT9eVcPKyQAfemir6H04jqCi4ba6jGuXqe5aVA0gNgaVL6vKsXodS8mE9p5KKosatjedtwkFb3VWe6Q2/+eeDWxSC8B4jCkSp5zymGAyZOW/Xq47dQUZQZvvHYYVgj7IPGcuMNjb1GJ6SONS3/1EmX1FSECgYA0mJ8NFDCtmD9zdtkd0+W+dhKtb/hvcRgYLe2mZR8wBiDZNfkVxKNMfLW7gAu4sxC0w991ROWBao9M96H5JcdUSYEo/Zop3KfVWGwPzxbEt6EJe9fGl3znlavYkHLltpQvlL5+1mi5U2FBlj6cPjZ39pQg7ujrxq3YGnHo8bv5BQKBgQDgTPZG6RXWMSXabWKsWEXM28/6+yh/0wEiuiJpkkiCU9lX2OFLiQ4cMMBbDonZv0fdoXOOxUvP6i43avRinmT6SMrkBRAzsB7WnhfBPHo0H9sYyaUCEmufc7l+/kh44ovX+XAeaTkZoC+zOobGOOuyGw9lZL7ev7JH1K32Y4Ugiw==
1187
            keyUse:
1188
              - SIG
1189
            certificate:
1190
              - MIICozCCAYsCBgF/LCTfSDANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDDAp0b2tlbi10ZXN0MB4XDTIyMDIyNDE0Mjk0OFoXDTMyMDIyNDE0MzEyOFowFTETMBEGA1UEAwwKdG9rZW4tdGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMvmEH46AGWdrk0tF9PUeCTI9wi5axJUo7hPjR4vjlNxzljZfb/n09pCLMJQ+4o59zHkfaqD2S8CLBOm9UpUsNdiNRnOeySDrPvlQmSkxuXjKAbBDp7R21VO9S48GygKjVRP/1Hsrkykb+svWDV/AaBR/yhTRPbp3pr+TNQ6R4h/223KPuIV0fgXMoRGz9lPPiR3AXcWw/JPH3EYDBiFxcMpR8JcwEMJ5jhv7UNT9P7tX60hauoTY+KYWdFdSXaY3yApPPLSq4IDLTRu2xJoe5N2a17KMqielyq1WiK7yPc7k8+GiLIBHQUdne1KeqYwDUdaCZl8ojRqDMVaPznXnVsCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEANCWowVIZYAplp6qgsp6lkHVwWEDUiN/mjnVaIRZu//rzHOUyGLawZcXgkorKGqu7hrUoWGylicfJopjsuuo6csmtlMKqJoLEJKppwEkQ5O6+NFRHBOPy7ZnfkKjFO8GO9C+npZAZtG9gmEuXyVvO9zahvtql0UqOrMUjrUrB60HoVsHaCBT9mBO3C8a/gp6QmCu1RBcuZv4WamoI7xp32e0GM+tof9zNxyPll8UgrzyRDbDGD/xrX7QOmJKDSUdFTzfkcbMob74e1D6pXIdEHXeQ1XGGDPMcd6pTFO0cmsGoZUjNUGb6ynvIi5cEwwJcPqUGeaYBmk6JpHtdeHiM1w==
1191
            priority:
1192
              - '100'
1193
        - id: 4ba83849-4d31-4754-ba69-68ea6f236a60
1194
          name: aes-generated
1195
          providerId: aes-generated
1196
          subComponents: {}
1197
          config:
1198
            kid:
1199
              - c1ad49ba-3f84-435a-a5be-822f3e81b0e1
1200
            secret:
1201
              - SZleSSrmV0L92MsR218QnQ
1202
            priority:
1203
              - '100'
1204
        - id: 15036151-75c1-4119-9d9b-05c050c0985f
1205
          name: rsa-enc-generated
1206
          providerId: rsa-enc-generated
1207
          subComponents: {}
1208
          config:
1209
            privateKey:
1210
              - MIIEowIBAAKCAQEAj0s9q7fl1k/k22sX6HgQqNMgiitptM9uMcL5qAtU+ilPl1gvy/wYUN0s4ZB6+IIoxKjOdabrX+O8BLgqMSh3D+U/SzuIPJqp6ORS/93atU2fzW3wHZybf2a5k5+raC9oQ1TokQ2WzRyGO/8kgHqnYSz9vYoRQ+V2pxjL9Zlldt/D8Hx5kZ/K3psRbMoADlbyi9zsnPME2lvdTTSR2mgBaDxAOc8lm8JO2RRURqUuETLW6ya8MJ+rSO3idqija1vBjKDF+sshZYJzv7/qJLC9J3YpeaS+KL+8TvB7xGoP97uR3jCRqqNo4Fd1CbZalHoT6MeL12Y3Aruxk8RFSRbIgQIDAQABAoIBABlHoueql+fJTIzRRfSDSh0esjzuD8YQWlZ5GWZmKWXA6APBUR1hqkCJ5KMexDMXc23Ogi4LdrcCDGegvgDSLL8nKJVzOUPH3XXy4hm14CHgQfMSFCyFNoGxc8fxgWHuCyzly+nbReGFyMDI8H2iJelk8JcBxq39y4MLQuBfYaEo8BfG8FsRz9Um0nvsgoSMCYPonmkLiNk+eIVLWtUkIAlFdnU9NnKP4xlT7Xz9bEPq5blqX470PHxhnyCe+WRoVK7yUF6B1ZNDu8hjiq9k5DvCfUOJa0LGUudfMMFQ2BptwT5XVVuPgeRNO8wX07QfsILZWixsZHK+qEbjL5WRX+ECgYEA6VVsIWIFNawqXjMHOIAWFlDknsVCc1IgI6TDO6+CryLusdkRgvY9XMaWLnA8z0qtYd7qa9K02pWZyWpnhIsQZLm/wwmXqGy44+mvS7+4NJ682PHdEqVRTrqytqs5s0nj79pozTNY64Z6sNmtKFEj9SqpFQOPB9qtFY3FHH6AA+UCgYEAnTayG3lJewx5p0Cw98z9dc4TOJgZvjJLihpuDo0My7VC7yo8Vf9oCUs9p1hQV05mbDqCWRsCm4wXZZBCfjsrUmOS3f3zN1Hxv2S3JK8cJSYLnS8Fj1haa1POtJHTHWouWKK+V4KQYV5PXloGRzXBRVhywaBfBm9qsgrKimsuoG0CgYAyA/2JqlkziBQM3SNPGSWi4vQelGoKDjCVc1vmD1kT8Yj41m7Kg73jhS3sBmMCjB9eO0pEkoXx1N+CLSzDXIvHC4nvZL79e1CmihDpS89QeDZCypV4ybcECUEFpu5XYB9b6pVMZxVIZyslfYOAgOQUSXC08G5YYKd5V0pJMVR/gQKBgFZqkkx3xuRUXyqIbL5Jd6khtX8OXFgn3U30aTqmXbo70KcWWEQNOGqjaShrav4SokorfyrrpetKfjHdsi8g5xdKlJhh1yc5a+EAw4rullH1L70e87dvoYQNdTncTmeEziT6kBYaNrLO3GHIqlrKOYqcq7ezJ4iqBcQIGn0rnV2hAoGBAL3nhwND0ur7YhR1XAP7ZtPX4QbbdrwEdqCEXkOTTvXFz5Dl7bnZ7K4uJuLx6nKIrP/+w4ZeLLKvlS8QfxhzTRbK44TqwlRlv/QXH0po/URvZioq8mS0ttgb39cAN9NVnBRfrIub3ONDbk5Oxg0JOy6KWHQa/U8oKxC0zj2JlqWL
1211
            keyUse:
1212
              - ENC
1213
            certificate:
1214
              - MIICozCCAYsCBgF/LCTfyjANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDDAp0b2tlbi10ZXN0MB4XDTIyMDIyNDE0Mjk0OFoXDTMyMDIyNDE0MzEyOFowFTETMBEGA1UEAwwKdG9rZW4tdGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAI9LPau35dZP5NtrF+h4EKjTIIorabTPbjHC+agLVPopT5dYL8v8GFDdLOGQeviCKMSoznWm61/jvAS4KjEodw/lP0s7iDyaqejkUv/d2rVNn81t8B2cm39muZOfq2gvaENU6JENls0chjv/JIB6p2Es/b2KEUPldqcYy/WZZXbfw/B8eZGfyt6bEWzKAA5W8ovc7JzzBNpb3U00kdpoAWg8QDnPJZvCTtkUVEalLhEy1usmvDCfq0jt4naoo2tbwYygxfrLIWWCc7+/6iSwvSd2KXmkvii/vE7we8RqD/e7kd4wkaqjaOBXdQm2WpR6E+jHi9dmNwK7sZPERUkWyIECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEATMNU9g2wXqrkA9DqQJce35eaB/MemlxaGkM4ngD7UXegdCsfTgVZE839ipb2/BIq8fxaPpeGDVve7/dmfqUZQ/fVYF5ZZh8/16I1GCv4UEpveLfQhYF6GkZtY+6EMN8NZ8NDxiBy/NHL92svUlfv7Ry3Ffv52QWJstWHYzNTDTggmyHlBYU044ONqKU/aHOjzzPG0+GAHQdmY/0WFQj5Cd3KQdC2REWJryjo6UbrembLpEmWe5DSesc0NYByVssn/e6Htzb5ivFlzqhUC/h7FgFGPapWFRk1k94T93F5ZvhecB6nO38gPNyQNqTxzNt9astkTxOizuww8/vgnd8MOw==
1215
            priority:
1216
              - '100'
1217
            algorithm:
1218
              - RSA-OAEP
1219
        - id: 30ecba87-6daf-447d-bc8d-21f61cd36f82
1220
          name: hmac-generated
1221
          providerId: hmac-generated
1222
          subComponents: {}
1223
          config:
1224
            kid:
1225
              - e1b9e589-63d5-4919-9672-5c02b27537b9
1226
            secret:
1227
              - Shquog8STeo_a26mKTFXQoMzJeyQprehSO6p9J3HBUAIE86Tk47HXf9TAATfaQZ8N9xTdESlRu9njpV7evbTJg
1228
            priority:
1229
              - '100'
1230
            algorithm:
1231
              - HS256
1232
    internationalizationEnabled: false
1233
    supportedLocales: []
1234
    authenticationFlows:
1235
      - id: 83251d05-9245-46b3-9ece-ab5cb0ad3435
1236
        alias: Account verification options
1237
        description: Method with which to verity the existing account
1238
        providerId: basic-flow
1239
        topLevel: false
1240
        builtIn: true
1241
        authenticationExecutions:
1242
          - authenticator: idp-email-verification
1243
            authenticatorFlow: false
1244
            requirement: ALTERNATIVE
1245
            priority: 10
1246
            autheticatorFlow: false
1247
            userSetupAllowed: false
1248
          - authenticatorFlow: true
1249
            requirement: ALTERNATIVE
1250
            priority: 20
1251
            autheticatorFlow: true
1252
            flowAlias: Verify Existing Account by Re-authentication
1253
            userSetupAllowed: false
1254
      - id: 3254f2e7-1256-4f29-b53a-49e1b304b9a1
1255
        alias: Authentication Options
1256
        description: Authentication options.
1257
        providerId: basic-flow
1258
        topLevel: false
1259
        builtIn: true
1260
        authenticationExecutions:
1261
          - authenticator: basic-auth
1262
            authenticatorFlow: false
1263
            requirement: REQUIRED
1264
            priority: 10
1265
            autheticatorFlow: false
1266
            userSetupAllowed: false
1267
          - authenticator: basic-auth-otp
1268
            authenticatorFlow: false
1269
            requirement: DISABLED
1270
            priority: 20
1271
            autheticatorFlow: false
1272
            userSetupAllowed: false
1273
          - authenticator: auth-spnego
1274
            authenticatorFlow: false
1275
            requirement: DISABLED
1276
            priority: 30
1277
            autheticatorFlow: false
1278
            userSetupAllowed: false
1279
      - id: 4b2db265-8c09-4e0e-9d8d-1049ed15270f
1280
        alias: Browser - Conditional OTP
1281
        description: Flow to determine if the OTP is required for the authentication
1282
        providerId: basic-flow
1283
        topLevel: false
1284
        builtIn: true
1285
        authenticationExecutions:
1286
          - authenticator: conditional-user-configured
1287
            authenticatorFlow: false
1288
            requirement: REQUIRED
1289
            priority: 10
1290
            autheticatorFlow: false
1291
            userSetupAllowed: false
1292
          - authenticator: auth-otp-form
1293
            authenticatorFlow: false
1294
            requirement: REQUIRED
1295
            priority: 20
1296
            autheticatorFlow: false
1297
            userSetupAllowed: false
1298
      - id: 6f90621a-570b-4de6-af8c-df0ad24b7d97
1299
        alias: Direct Grant - Conditional OTP
1300
        description: Flow to determine if the OTP is required for the authentication
1301
        providerId: basic-flow
1302
        topLevel: false
1303
        builtIn: true
1304
        authenticationExecutions:
1305
          - authenticator: conditional-user-configured
1306
            authenticatorFlow: false
1307
            requirement: REQUIRED
1308
            priority: 10
1309
            autheticatorFlow: false
1310
            userSetupAllowed: false
1311
          - authenticator: direct-grant-validate-otp
1312
            authenticatorFlow: false
1313
            requirement: REQUIRED
1314
            priority: 20
1315
            autheticatorFlow: false
1316
            userSetupAllowed: false
1317
      - id: 67799bee-a2ce-467e-beb1-afae45336ab2
1318
        alias: First broker login - Conditional OTP
1319
        description: Flow to determine if the OTP is required for the authentication
1320
        providerId: basic-flow
1321
        topLevel: false
1322
        builtIn: true
1323
        authenticationExecutions:
1324
          - authenticator: conditional-user-configured
1325
            authenticatorFlow: false
1326
            requirement: REQUIRED
1327
            priority: 10
1328
            autheticatorFlow: false
1329
            userSetupAllowed: false
1330
          - authenticator: auth-otp-form
1331
            authenticatorFlow: false
1332
            requirement: REQUIRED
1333
            priority: 20
1334
            autheticatorFlow: false
1335
            userSetupAllowed: false
1336
      - id: 50ea02e8-ebb2-4315-91a1-d0d1de53a981
1337
        alias: Handle Existing Account
1338
        description: Handle what to do if there is existing account with same email/username
1339
          like authenticated identity provider
1340
        providerId: basic-flow
1341
        topLevel: false
1342
        builtIn: true
1343
        authenticationExecutions:
1344
          - authenticator: idp-confirm-link
1345
            authenticatorFlow: false
1346
            requirement: REQUIRED
1347
            priority: 10
1348
            autheticatorFlow: false
1349
            userSetupAllowed: false
1350
          - authenticatorFlow: true
1351
            requirement: REQUIRED
1352
            priority: 20
1353
            autheticatorFlow: true
1354
            flowAlias: Account verification options
1355
            userSetupAllowed: false
1356
      - id: badc98d1-2c45-4760-8f31-35a014b6a262
1357
        alias: Reset - Conditional OTP
1358
        description: Flow to determine if the OTP should be reset or not. Set to REQUIRED
1359
          to force.
1360
        providerId: basic-flow
1361
        topLevel: false
1362
        builtIn: true
1363
        authenticationExecutions:
1364
          - authenticator: conditional-user-configured
1365
            authenticatorFlow: false
1366
            requirement: REQUIRED
1367
            priority: 10
1368
            autheticatorFlow: false
1369
            userSetupAllowed: false
1370
          - authenticator: reset-otp
1371
            authenticatorFlow: false
1372
            requirement: REQUIRED
1373
            priority: 20
1374
            autheticatorFlow: false
1375
            userSetupAllowed: false
1376
      - id: 38e9254a-b453-479c-a7c1-ac19f7915f11
1377
        alias: User creation or linking
1378
        description: Flow for the existing/non-existing user alternatives
1379
        providerId: basic-flow
1380
        topLevel: false
1381
        builtIn: true
1382
        authenticationExecutions:
1383
          - authenticatorConfig: create unique user config
1384
            authenticator: idp-create-user-if-unique
1385
            authenticatorFlow: false
1386
            requirement: ALTERNATIVE
1387
            priority: 10
1388
            autheticatorFlow: false
1389
            userSetupAllowed: false
1390
          - authenticatorFlow: true
1391
            requirement: ALTERNATIVE
1392
            priority: 20
1393
            autheticatorFlow: true
1394
            flowAlias: Handle Existing Account
1395
            userSetupAllowed: false
1396
      - id: ed4e514c-0102-4c0b-adf5-699757680488
1397
        alias: Verify Existing Account by Re-authentication
1398
        description: Reauthentication of existing account
1399
        providerId: basic-flow
1400
        topLevel: false
1401
        builtIn: true
1402
        authenticationExecutions:
1403
          - authenticator: idp-username-password-form
1404
            authenticatorFlow: false
1405
            requirement: REQUIRED
1406
            priority: 10
1407
            autheticatorFlow: false
1408
            userSetupAllowed: false
1409
          - authenticatorFlow: true
1410
            requirement: CONDITIONAL
1411
            priority: 20
1412
            autheticatorFlow: true
1413
            flowAlias: First broker login - Conditional OTP
1414
            userSetupAllowed: false
1415
      - id: 2770f39c-b2b9-4e3a-990e-fefdd30dedfa
1416
        alias: browser
1417
        description: browser based authentication
1418
        providerId: basic-flow
1419
        topLevel: true
1420
        builtIn: true
1421
        authenticationExecutions:
1422
          - authenticator: auth-cookie
1423
            authenticatorFlow: false
1424
            requirement: ALTERNATIVE
1425
            priority: 10
1426
            autheticatorFlow: false
1427
            userSetupAllowed: false
1428
          - authenticator: auth-spnego
1429
            authenticatorFlow: false
1430
            requirement: DISABLED
1431
            priority: 20
1432
            autheticatorFlow: false
1433
            userSetupAllowed: false
1434
          - authenticator: identity-provider-redirector
1435
            authenticatorFlow: false
1436
            requirement: ALTERNATIVE
1437
            priority: 25
1438
            autheticatorFlow: false
1439
            userSetupAllowed: false
1440
          - authenticatorFlow: true
1441
            requirement: ALTERNATIVE
1442
            priority: 30
1443
            autheticatorFlow: true
1444
            flowAlias: forms
1445
            userSetupAllowed: false
1446
      - id: f23b4ef6-8b24-4416-8c54-503e4a679afc
1447
        alias: clients
1448
        description: Base authentication for clients
1449
        providerId: client-flow
1450
        topLevel: true
1451
        builtIn: true
1452
        authenticationExecutions:
1453
          - authenticator: client-secret
1454
            authenticatorFlow: false
1455
            requirement: ALTERNATIVE
1456
            priority: 10
1457
            autheticatorFlow: false
1458
            userSetupAllowed: false
1459
          - authenticator: client-jwt
1460
            authenticatorFlow: false
1461
            requirement: ALTERNATIVE
1462
            priority: 20
1463
            autheticatorFlow: false
1464
            userSetupAllowed: false
1465
          - authenticator: client-secret-jwt
1466
            authenticatorFlow: false
1467
            requirement: ALTERNATIVE
1468
            priority: 30
1469
            autheticatorFlow: false
1470
            userSetupAllowed: false
1471
          - authenticator: client-x509
1472
            authenticatorFlow: false
1473
            requirement: ALTERNATIVE
1474
            priority: 40
1475
            autheticatorFlow: false
1476
            userSetupAllowed: false
1477
      - id: 8b835a57-4145-49ba-a922-92100aa2ddec
1478
        alias: direct grant
1479
        description: OpenID Connect Resource Owner Grant
1480
        providerId: basic-flow
1481
        topLevel: true
1482
        builtIn: true
1483
        authenticationExecutions:
1484
          - authenticator: direct-grant-validate-username
1485
            authenticatorFlow: false
1486
            requirement: REQUIRED
1487
            priority: 10
1488
            autheticatorFlow: false
1489
            userSetupAllowed: false
1490
          - authenticator: direct-grant-validate-password
1491
            authenticatorFlow: false
1492
            requirement: REQUIRED
1493
            priority: 20
1494
            autheticatorFlow: false
1495
            userSetupAllowed: false
1496
          - authenticatorFlow: true
1497
            requirement: CONDITIONAL
1498
            priority: 30
1499
            autheticatorFlow: true
1500
            flowAlias: Direct Grant - Conditional OTP
1501
            userSetupAllowed: false
1502
      - id: 8474649e-8e1d-4218-97df-c1edbac87636
1503
        alias: docker auth
1504
        description: Used by Docker clients to authenticate against the IDP
1505
        providerId: basic-flow
1506
        topLevel: true
1507
        builtIn: true
1508
        authenticationExecutions:
1509
          - authenticator: docker-http-basic-authenticator
1510
            authenticatorFlow: false
1511
            requirement: REQUIRED
1512
            priority: 10
1513
            autheticatorFlow: false
1514
            userSetupAllowed: false
1515
      - id: ede3e69e-cbb5-46fb-8789-e3532e05e9d4
1516
        alias: first broker login
1517
        description: Actions taken after first broker login with identity provider account,
1518
          which is not yet linked to any Keycloak account
1519
        providerId: basic-flow
1520
        topLevel: true
1521
        builtIn: true
1522
        authenticationExecutions:
1523
          - authenticatorConfig: review profile config
1524
            authenticator: idp-review-profile
1525
            authenticatorFlow: false
1526
            requirement: REQUIRED
1527
            priority: 10
1528
            autheticatorFlow: false
1529
            userSetupAllowed: false
1530
          - authenticatorFlow: true
1531
            requirement: REQUIRED
1532
            priority: 20
1533
            autheticatorFlow: true
1534
            flowAlias: User creation or linking
1535
            userSetupAllowed: false
1536
      - id: 4c207a4f-e46c-4443-a38d-e6cc05708e5f
1537
        alias: forms
1538
        description: Username, password, otp and other auth forms.
1539
        providerId: basic-flow
1540
        topLevel: false
1541
        builtIn: true
1542
        authenticationExecutions:
1543
          - authenticator: auth-username-password-form
1544
            authenticatorFlow: false
1545
            requirement: REQUIRED
1546
            priority: 10
1547
            autheticatorFlow: false
1548
            userSetupAllowed: false
1549
          - authenticatorFlow: true
1550
            requirement: CONDITIONAL
1551
            priority: 20
1552
            autheticatorFlow: true
1553
            flowAlias: Browser - Conditional OTP
1554
            userSetupAllowed: false
1555
      - id: d73c0597-fdd5-44de-a5e9-982033d970d2
1556
        alias: http challenge
1557
        description: An authentication flow based on challenge-response HTTP Authentication
1558
          Schemes
1559
        providerId: basic-flow
1560
        topLevel: true
1561
        builtIn: true
1562
        authenticationExecutions:
1563
          - authenticator: no-cookie-redirect
1564
            authenticatorFlow: false
1565
            requirement: REQUIRED
1566
            priority: 10
1567
            autheticatorFlow: false
1568
            userSetupAllowed: false
1569
          - authenticatorFlow: true
1570
            requirement: REQUIRED
1571
            priority: 20
1572
            autheticatorFlow: true
1573
            flowAlias: Authentication Options
1574
            userSetupAllowed: false
1575
      - id: 15b7b51a-e7d6-4bb2-8204-3bcc1cc8ea67
1576
        alias: registration
1577
        description: registration flow
1578
        providerId: basic-flow
1579
        topLevel: true
1580
        builtIn: true
1581
        authenticationExecutions:
1582
          - authenticator: registration-page-form
1583
            authenticatorFlow: true
1584
            requirement: REQUIRED
1585
            priority: 10
1586
            autheticatorFlow: true
1587
            flowAlias: registration form
1588
            userSetupAllowed: false
1589
      - id: 2d517957-80f2-4c66-827a-c6c7ae4413e9
1590
        alias: registration form
1591
        description: registration form
1592
        providerId: form-flow
1593
        topLevel: false
1594
        builtIn: true
1595
        authenticationExecutions:
1596
          - authenticator: registration-user-creation
1597
            authenticatorFlow: false
1598
            requirement: REQUIRED
1599
            priority: 20
1600
            autheticatorFlow: false
1601
            userSetupAllowed: false
1602
          - authenticator: registration-profile-action
1603
            authenticatorFlow: false
1604
            requirement: REQUIRED
1605
            priority: 40
1606
            autheticatorFlow: false
1607
            userSetupAllowed: false
1608
          - authenticator: registration-password-action
1609
            authenticatorFlow: false
1610
            requirement: REQUIRED
1611
            priority: 50
1612
            autheticatorFlow: false
1613
            userSetupAllowed: false
1614
          - authenticator: registration-recaptcha-action
1615
            authenticatorFlow: false
1616
            requirement: DISABLED
1617
            priority: 60
1618
            autheticatorFlow: false
1619
            userSetupAllowed: false
1620
      - id: 88424650-0cad-49a8-9df1-9362a1928375
1621
        alias: reset credentials
1622
        description: Reset credentials for a user if they forgot their password or something
1623
        providerId: basic-flow
1624
        topLevel: true
1625
        builtIn: true
1626
        authenticationExecutions:
1627
          - authenticator: reset-credentials-choose-user
1628
            authenticatorFlow: false
1629
            requirement: REQUIRED
1630
            priority: 10
1631
            autheticatorFlow: false
1632
            userSetupAllowed: false
1633
          - authenticator: reset-credential-email
1634
            authenticatorFlow: false
1635
            requirement: REQUIRED
1636
            priority: 20
1637
            autheticatorFlow: false
1638
            userSetupAllowed: false
1639
          - authenticator: reset-password
1640
            authenticatorFlow: false
1641
            requirement: REQUIRED
1642
            priority: 30
1643
            autheticatorFlow: false
1644
            userSetupAllowed: false
1645
          - authenticatorFlow: true
1646
            requirement: CONDITIONAL
1647
            priority: 40
1648
            autheticatorFlow: true
1649
            flowAlias: Reset - Conditional OTP
1650
            userSetupAllowed: false
1651
      - id: 7e32b05b-7c3d-46d1-a721-b146eb90bbe9
1652
        alias: saml ecp
1653
        description: SAML ECP Profile Authentication Flow
1654
        providerId: basic-flow
1655
        topLevel: true
1656
        builtIn: true
1657
        authenticationExecutions:
1658
          - authenticator: http-basic-authenticator
1659
            authenticatorFlow: false
1660
            requirement: REQUIRED
1661
            priority: 10
1662
            autheticatorFlow: false
1663
            userSetupAllowed: false
1664
    authenticatorConfig:
1665
      - id: 7ee30b27-c4c4-4696-8479-4998ecc2cfe3
1666
        alias: create unique user config
1667
        config:
1668
          require.password.update.after.registration: 'false'
1669
      - id: b300eb8b-11f4-4163-9843-bf2d2610731d
1670
        alias: review profile config
1671
        config:
1672
          update.profile.on.first.login: missing
1673
    requiredActions:
1674
      - alias: CONFIGURE_TOTP
1675
        name: Configure OTP
1676
        providerId: CONFIGURE_TOTP
1677
        enabled: true
1678
        defaultAction: false
1679
        priority: 10
1680
        config: {}
1681
      - alias: terms_and_conditions
1682
        name: Terms and Conditions
1683
        providerId: terms_and_conditions
1684
        enabled: false
1685
        defaultAction: false
1686
        priority: 20
1687
        config: {}
1688
      - alias: UPDATE_PASSWORD
1689
        name: Update Password
1690
        providerId: UPDATE_PASSWORD
1691
        enabled: true
1692
        defaultAction: false
1693
        priority: 30
1694
        config: {}
1695
      - alias: UPDATE_PROFILE
1696
        name: Update Profile
1697
        providerId: UPDATE_PROFILE
1698
        enabled: true
1699
        defaultAction: false
1700
        priority: 40
1701
        config: {}
1702
      - alias: VERIFY_EMAIL
1703
        name: Verify Email
1704
        providerId: VERIFY_EMAIL
1705
        enabled: true
1706
        defaultAction: false
1707
        priority: 50
1708
        config: {}
1709
      - alias: delete_account
1710
        name: Delete Account
1711
        providerId: delete_account
1712
        enabled: false
1713
        defaultAction: false
1714
        priority: 60
1715
        config: {}
1716
      - alias: update_user_locale
1717
        name: Update User Locale
1718
        providerId: update_user_locale
1719
        enabled: true
1720
        defaultAction: false
1721
        priority: 1000
1722
        config: {}
1723
    browserFlow: browser
1724
    registrationFlow: registration
1725
    directGrantFlow: direct grant
1726
    resetCredentialsFlow: reset credentials
1727
    clientAuthenticationFlow: clients
1728
    dockerAuthenticationFlow: docker auth
1729
    attributes:
1730
      cibaBackchannelTokenDeliveryMode: poll
1731
      cibaExpiresIn: '120'
1732
      cibaAuthRequestedUserHint: login_hint
1733
      oauth2DeviceCodeLifespan: '600'
1734
      oauth2DevicePollingInterval: '5'
1735
      parRequestUriLifespan: '60'
1736
      cibaInterval: '5'
1737
    keycloakVersion: 18.0.0-SNAPSHOT
1738
    userManagedAccessAllowed: false
1739
    clientProfiles:
1740
      profiles: []
1741
    clientPolicies:
1742
      policies: []
1743

Использование cookies

Мы используем файлы cookie в соответствии с Политикой конфиденциальности и Политикой использования cookies.

Нажимая кнопку «Принимаю», Вы даете АО «СберТех» согласие на обработку Ваших персональных данных в целях совершенствования нашего веб-сайта и Сервиса GitVerse, а также повышения удобства их использования.

Запретить использование cookies Вы можете самостоятельно в настройках Вашего браузера.