Keycloak

Форк
0
/
token-test-realm.yaml 
1725 строк · 65.2 Кб
1
apiVersion: k8s.keycloak.org/v2alpha1
2
kind: KeycloakRealmImport
3
metadata:
4
  name: example-token-test-kc
5
spec:
6
  keycloakCRName: example-kc
7
  realm:
8
    id: token-test
9
    realm: token-test
10
    notBefore: 0
11
    defaultSignatureAlgorithm: RS256
12
    revokeRefreshToken: false
13
    refreshTokenMaxReuse: 0
14
    accessTokenLifespan: 300
15
    accessTokenLifespanForImplicitFlow: 900
16
    ssoSessionIdleTimeout: 1800
17
    ssoSessionMaxLifespan: 36000
18
    ssoSessionIdleTimeoutRememberMe: 0
19
    ssoSessionMaxLifespanRememberMe: 0
20
    offlineSessionIdleTimeout: 2592000
21
    offlineSessionMaxLifespanEnabled: false
22
    offlineSessionMaxLifespan: 5184000
23
    clientSessionIdleTimeout: 0
24
    clientSessionMaxLifespan: 0
25
    clientOfflineSessionIdleTimeout: 0
26
    clientOfflineSessionMaxLifespan: 0
27
    accessCodeLifespan: 60
28
    accessCodeLifespanUserAction: 300
29
    accessCodeLifespanLogin: 1800
30
    actionTokenGeneratedByAdminLifespan: 43200
31
    actionTokenGeneratedByUserLifespan: 300
32
    oauth2DeviceCodeLifespan: 600
33
    oauth2DevicePollingInterval: 5
34
    enabled: true
35
    sslRequired: external
36
    registrationAllowed: false
37
    registrationEmailAsUsername: false
38
    rememberMe: false
39
    verifyEmail: false
40
    loginWithEmailAllowed: true
41
    duplicateEmailsAllowed: false
42
    resetPasswordAllowed: false
43
    editUsernameAllowed: false
44
    bruteForceProtected: false
45
    permanentLockout: false
46
    maxFailureWaitSeconds: 900
47
    minimumQuickLoginWaitSeconds: 60
48
    waitIncrementSeconds: 60
49
    quickLoginCheckMilliSeconds: 1000
50
    maxDeltaTimeSeconds: 43200
51
    failureFactor: 30
52
    roles:
53
      realm:
54
        - id: f89e3220-2593-4072-bfc2-f06c49f99b0c
55
          name: uma_authorization
56
          description: "${role_uma_authorization}"
57
          composite: false
58
          clientRole: false
59
          containerId: token-test
60
          attributes: {}
61
        - id: ce3f3328-a7a7-4098-99bc-e72456680177
62
          name: offline_access
63
          description: "${role_offline-access}"
64
          composite: false
65
          clientRole: false
66
          containerId: token-test
67
          attributes: {}
68
        - id: 41271c50-8fc7-45ee-a963-a1d3ce881833
69
          name: default-roles-token-test
70
          description: "${role_default-roles}"
71
          composite: true
72
          composites:
73
            realm:
74
              - offline_access
75
              - uma_authorization
76
            client:
77
              account:
78
                - manage-account
79
                - view-profile
80
          clientRole: false
81
          containerId: token-test
82
          attributes: {}
83
      client:
84
        realm-management:
85
          - id: 7de8f53c-8b48-4561-bc53-c23bc02f57b6
86
            name: manage-users
87
            description: "${role_manage-users}"
88
            composite: false
89
            clientRole: true
90
            containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
91
            attributes: {}
92
          - id: 2120ab3d-5700-4918-ab62-6dca0c7b5f41
93
            name: query-clients
94
            description: "${role_query-clients}"
95
            composite: false
96
            clientRole: true
97
            containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
98
            attributes: {}
99
          - id: 831793a7-e725-411a-aa2d-42f775f2a6bf
100
            name: manage-events
101
            description: "${role_manage-events}"
102
            composite: false
103
            clientRole: true
104
            containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
105
            attributes: {}
106
          - id: e7e5c55f-4b0e-4eae-96cc-1acd038cfeeb
107
            name: view-realm
108
            description: "${role_view-realm}"
109
            composite: false
110
            clientRole: true
111
            containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
112
            attributes: {}
113
          - id: 875a8ee1-96b8-485c-86a2-01105b15daa1
114
            name: view-identity-providers
115
            description: "${role_view-identity-providers}"
116
            composite: false
117
            clientRole: true
118
            containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
119
            attributes: {}
120
          - id: d5ac72f8-94e9-4e1c-98bf-f688f0558710
121
            name: view-clients
122
            description: "${role_view-clients}"
123
            composite: true
124
            composites:
125
              client:
126
                realm-management:
127
                  - query-clients
128
            clientRole: true
129
            containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
130
            attributes: {}
131
          - id: a1a61887-0e5c-464f-890a-64f059dc7ca1
132
            name: create-client
133
            description: "${role_create-client}"
134
            composite: false
135
            clientRole: true
136
            containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
137
            attributes: {}
138
          - id: 8b50da86-e52d-45bd-a175-b546d5e76fb3
139
            name: view-events
140
            description: "${role_view-events}"
141
            composite: false
142
            clientRole: true
143
            containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
144
            attributes: {}
145
          - id: dede217d-c210-4278-aa58-fb622a88d562
146
            name: realm-admin
147
            description: "${role_realm-admin}"
148
            composite: true
149
            composites:
150
              client:
151
                realm-management:
152
                  - manage-users
153
                  - query-clients
154
                  - manage-events
155
                  - view-realm
156
                  - view-identity-providers
157
                  - view-clients
158
                  - view-events
159
                  - create-client
160
                  - manage-identity-providers
161
                  - manage-realm
162
                  - manage-authorization
163
                  - impersonation
164
                  - query-realms
165
                  - view-users
166
                  - view-authorization
167
                  - query-groups
168
                  - query-users
169
                  - manage-clients
170
            clientRole: true
171
            containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
172
            attributes: {}
173
          - id: 6a789bf5-7adf-4666-8118-37cf3e2b1c44
174
            name: manage-identity-providers
175
            description: "${role_manage-identity-providers}"
176
            composite: false
177
            clientRole: true
178
            containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
179
            attributes: {}
180
          - id: f549403c-cccd-47a1-bb52-57c80d4ace89
181
            name: manage-realm
182
            description: "${role_manage-realm}"
183
            composite: false
184
            clientRole: true
185
            containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
186
            attributes: {}
187
          - id: 31ddb9c1-1a53-44ec-b67a-a4cc50a760c2
188
            name: manage-authorization
189
            description: "${role_manage-authorization}"
190
            composite: false
191
            clientRole: true
192
            containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
193
            attributes: {}
194
          - id: fa872842-7037-415a-a69d-c34a05ef0a79
195
            name: impersonation
196
            description: "${role_impersonation}"
197
            composite: false
198
            clientRole: true
199
            containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
200
            attributes: {}
201
          - id: de291aed-9b84-4622-94cb-f967bb8b8a31
202
            name: query-realms
203
            description: "${role_query-realms}"
204
            composite: false
205
            clientRole: true
206
            containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
207
            attributes: {}
208
          - id: 28008941-29ac-4693-94f4-0e7a4f6b8e63
209
            name: view-users
210
            description: "${role_view-users}"
211
            composite: true
212
            composites:
213
              client:
214
                realm-management:
215
                  - query-groups
216
                  - query-users
217
            clientRole: true
218
            containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
219
            attributes: {}
220
          - id: 801f5414-67eb-4c92-91b7-34344255b8d5
221
            name: query-groups
222
            description: "${role_query-groups}"
223
            composite: false
224
            clientRole: true
225
            containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
226
            attributes: {}
227
          - id: 6cc9fb5b-3019-4731-876a-dc5b8d288b8c
228
            name: view-authorization
229
            description: "${role_view-authorization}"
230
            composite: false
231
            clientRole: true
232
            containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
233
            attributes: {}
234
          - id: e3fa28de-0587-4736-9142-0bc4cfb468a2
235
            name: query-users
236
            description: "${role_query-users}"
237
            composite: false
238
            clientRole: true
239
            containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
240
            attributes: {}
241
          - id: 24ba3e2b-ff03-42fd-952e-b60acf4d5aa0
242
            name: manage-clients
243
            description: "${role_manage-clients}"
244
            composite: false
245
            clientRole: true
246
            containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
247
            attributes: {}
248
        token-test-client: []
249
        security-admin-console: []
250
        admin-cli: []
251
        account-console: []
252
        broker:
253
          - id: c4b2960e-6bf5-4f89-8a35-766d60c16700
254
            name: read-token
255
            description: "${role_read-token}"
256
            composite: false
257
            clientRole: true
258
            containerId: b93b8aa2-9fbc-48aa-8aa9-5f0c6383330a
259
            attributes: {}
260
        account:
261
          - id: 66b817f9-130e-477b-addc-64406e9149f1
262
            name: manage-account
263
            description: "${role_manage-account}"
264
            composite: true
265
            composites:
266
              client:
267
                account:
268
                  - manage-account-links
269
            clientRole: true
270
            containerId: 884a5020-265a-47c8-babe-25786fda4650
271
            attributes: {}
272
          - id: 4068eead-cc5d-49e6-bd0c-93895b019ab3
273
            name: manage-account-links
274
            description: "${role_manage-account-links}"
275
            composite: false
276
            clientRole: true
277
            containerId: 884a5020-265a-47c8-babe-25786fda4650
278
            attributes: {}
279
          - id: 3d1e7b71-8e37-455a-9d47-3207143b167e
280
            name: view-consent
281
            description: "${role_view-consent}"
282
            composite: false
283
            clientRole: true
284
            containerId: 884a5020-265a-47c8-babe-25786fda4650
285
            attributes: {}
286
          - id: 617f7c3c-d7e3-4f76-b0f8-27abb06cc6bd
287
            name: view-profile
288
            description: "${role_view-profile}"
289
            composite: false
290
            clientRole: true
291
            containerId: 884a5020-265a-47c8-babe-25786fda4650
292
            attributes: {}
293
          - id: f7e170f3-5966-4cc1-933d-50a28a2c4603
294
            name: manage-consent
295
            description: "${role_manage-consent}"
296
            composite: true
297
            composites:
298
              client:
299
                account:
300
                  - view-consent
301
            clientRole: true
302
            containerId: 884a5020-265a-47c8-babe-25786fda4650
303
            attributes: {}
304
          - id: 39ece46a-7d4c-42fe-b4ef-c0b48256f407
305
            name: view-applications
306
            description: "${role_view-applications}"
307
            composite: false
308
            clientRole: true
309
            containerId: 884a5020-265a-47c8-babe-25786fda4650
310
            attributes: {}
311
          - id: 696abcea-f88f-4319-83d1-dcdba957cc2e
312
            name: delete-account
313
            description: "${role_delete-account}"
314
            composite: false
315
            clientRole: true
316
            containerId: 884a5020-265a-47c8-babe-25786fda4650
317
            attributes: {}
318
    groups: []
319
    defaultRole:
320
      id: 41271c50-8fc7-45ee-a963-a1d3ce881833
321
      name: default-roles-token-test
322
      description: "${role_default-roles}"
323
      composite: true
324
      clientRole: false
325
      containerId: token-test
326
    requiredCredentials:
327
      - password
328
    otpPolicyType: totp
329
    otpPolicyAlgorithm: HmacSHA1
330
    otpPolicyInitialCounter: 0
331
    otpPolicyDigits: 6
332
    otpPolicyLookAheadWindow: 1
333
    otpPolicyPeriod: 30
334
    otpSupportedApplications:
335
      - FreeOTP
336
      - Google Authenticator
337
    webAuthnPolicyRpEntityName: keycloak
338
    webAuthnPolicySignatureAlgorithms:
339
      - ES256
340
    webAuthnPolicyRpId: ''
341
    webAuthnPolicyAttestationConveyancePreference: not specified
342
    webAuthnPolicyAuthenticatorAttachment: not specified
343
    webAuthnPolicyRequireResidentKey: not specified
344
    webAuthnPolicyUserVerificationRequirement: not specified
345
    webAuthnPolicyCreateTimeout: 0
346
    webAuthnPolicyAvoidSameAuthenticatorRegister: false
347
    webAuthnPolicyAcceptableAaguids: []
348
    webAuthnPolicyPasswordlessRpEntityName: keycloak
349
    webAuthnPolicyPasswordlessSignatureAlgorithms:
350
      - ES256
351
    webAuthnPolicyPasswordlessRpId: ''
352
    webAuthnPolicyPasswordlessAttestationConveyancePreference: not specified
353
    webAuthnPolicyPasswordlessAuthenticatorAttachment: not specified
354
    webAuthnPolicyPasswordlessRequireResidentKey: not specified
355
    webAuthnPolicyPasswordlessUserVerificationRequirement: not specified
356
    webAuthnPolicyPasswordlessCreateTimeout: 0
357
    webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister: false
358
    webAuthnPolicyPasswordlessAcceptableAaguids: []
359
    users:
360
      - id: b660eec6-a93b-46fd-abb2-e9fbdff67a63
361
        createdTimestamp: 1645713689127
362
        username: test
363
        enabled: true
364
        totp: false
365
        emailVerified: false
366
        credentials:
367
          - id: 5c2bcf07-204a-4c19-aa40-c652198b289a
368
            type: password
369
            createdDate: 1645713704041
370
            secretData: '{"value":"GbcXn5JEdNpblA2NnXwX60mm614FHjdbxhK1x7v6WwGc0E8ZrNvho7Se8upLt9+/NTHu2NmuWlWM1QwdOWfyHQ==","salt":"YaIEcNqTNMS4fZ2iUKd/wg==","additionalParameters":{}}'
371
            credentialData: '{"hashIterations":27500,"algorithm":"pbkdf2-sha256","additionalParameters":{}}'
372
        disableableCredentialTypes: []
373
        requiredActions: []
374
        realmRoles:
375
          - default-roles-token-test
376
        notBefore: 0
377
        groups: []
378
    scopeMappings:
379
      - clientScope: offline_access
380
        roles:
381
          - offline_access
382
    clientScopeMappings:
383
      account:
384
        - client: account-console
385
          roles:
386
            - manage-account
387
    clients:
388
      - id: 884a5020-265a-47c8-babe-25786fda4650
389
        clientId: account
390
        name: "${client_account}"
391
        rootUrl: "${authBaseUrl}"
392
        baseUrl: "/realms/token-test/account/"
393
        surrogateAuthRequired: false
394
        enabled: true
395
        alwaysDisplayInConsole: false
396
        clientAuthenticatorType: client-secret
397
        redirectUris:
398
          - "/realms/token-test/account/*"
399
        webOrigins: []
400
        notBefore: 0
401
        bearerOnly: false
402
        consentRequired: false
403
        standardFlowEnabled: true
404
        implicitFlowEnabled: false
405
        directAccessGrantsEnabled: false
406
        serviceAccountsEnabled: false
407
        publicClient: true
408
        frontchannelLogout: false
409
        protocol: openid-connect
410
        attributes: {}
411
        authenticationFlowBindingOverrides: {}
412
        fullScopeAllowed: false
413
        nodeReRegistrationTimeout: 0
414
        defaultClientScopes:
415
          - web-origins
416
          - roles
417
          - profile
418
          - email
419
        optionalClientScopes:
420
          - address
421
          - phone
422
          - offline_access
423
          - microprofile-jwt
424
      - id: 8248ac6a-9940-4fec-a6ad-4b11b4b303c2
425
        clientId: account-console
426
        name: "${client_account-console}"
427
        rootUrl: "${authBaseUrl}"
428
        baseUrl: "/realms/token-test/account/"
429
        surrogateAuthRequired: false
430
        enabled: true
431
        alwaysDisplayInConsole: false
432
        clientAuthenticatorType: client-secret
433
        redirectUris:
434
          - "/realms/token-test/account/*"
435
        webOrigins: []
436
        notBefore: 0
437
        bearerOnly: false
438
        consentRequired: false
439
        standardFlowEnabled: true
440
        implicitFlowEnabled: false
441
        directAccessGrantsEnabled: false
442
        serviceAccountsEnabled: false
443
        publicClient: true
444
        frontchannelLogout: false
445
        protocol: openid-connect
446
        attributes:
447
          pkce.code.challenge.method: S256
448
        authenticationFlowBindingOverrides: {}
449
        fullScopeAllowed: false
450
        nodeReRegistrationTimeout: 0
451
        protocolMappers:
452
          - id: 60bbc11f-acea-4e61-8de7-d6e1a1d9bb0f
453
            name: audience resolve
454
            protocol: openid-connect
455
            protocolMapper: oidc-audience-resolve-mapper
456
            consentRequired: false
457
            config: {}
458
        defaultClientScopes:
459
          - web-origins
460
          - roles
461
          - profile
462
          - email
463
        optionalClientScopes:
464
          - address
465
          - phone
466
          - offline_access
467
          - microprofile-jwt
468
      - id: 2333c4da-18a6-4f3d-b37f-b0b57c83c511
469
        clientId: admin-cli
470
        name: "${client_admin-cli}"
471
        surrogateAuthRequired: false
472
        enabled: true
473
        alwaysDisplayInConsole: false
474
        clientAuthenticatorType: client-secret
475
        redirectUris: []
476
        webOrigins: []
477
        notBefore: 0
478
        bearerOnly: false
479
        consentRequired: false
480
        standardFlowEnabled: false
481
        implicitFlowEnabled: false
482
        directAccessGrantsEnabled: true
483
        serviceAccountsEnabled: false
484
        publicClient: true
485
        frontchannelLogout: false
486
        protocol: openid-connect
487
        attributes: {}
488
        authenticationFlowBindingOverrides: {}
489
        fullScopeAllowed: false
490
        nodeReRegistrationTimeout: 0
491
        defaultClientScopes:
492
          - web-origins
493
          - roles
494
          - profile
495
          - email
496
        optionalClientScopes:
497
          - address
498
          - phone
499
          - offline_access
500
          - microprofile-jwt
501
      - id: b93b8aa2-9fbc-48aa-8aa9-5f0c6383330a
502
        clientId: broker
503
        name: "${client_broker}"
504
        surrogateAuthRequired: false
505
        enabled: true
506
        alwaysDisplayInConsole: false
507
        clientAuthenticatorType: client-secret
508
        redirectUris: []
509
        webOrigins: []
510
        notBefore: 0
511
        bearerOnly: true
512
        consentRequired: false
513
        standardFlowEnabled: true
514
        implicitFlowEnabled: false
515
        directAccessGrantsEnabled: false
516
        serviceAccountsEnabled: false
517
        publicClient: false
518
        frontchannelLogout: false
519
        protocol: openid-connect
520
        attributes: {}
521
        authenticationFlowBindingOverrides: {}
522
        fullScopeAllowed: false
523
        nodeReRegistrationTimeout: 0
524
        defaultClientScopes:
525
          - web-origins
526
          - roles
527
          - profile
528
          - email
529
        optionalClientScopes:
530
          - address
531
          - phone
532
          - offline_access
533
          - microprofile-jwt
534
      - id: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
535
        clientId: realm-management
536
        name: "${client_realm-management}"
537
        surrogateAuthRequired: false
538
        enabled: true
539
        alwaysDisplayInConsole: false
540
        clientAuthenticatorType: client-secret
541
        redirectUris: []
542
        webOrigins: []
543
        notBefore: 0
544
        bearerOnly: true
545
        consentRequired: false
546
        standardFlowEnabled: true
547
        implicitFlowEnabled: false
548
        directAccessGrantsEnabled: false
549
        serviceAccountsEnabled: false
550
        publicClient: false
551
        frontchannelLogout: false
552
        protocol: openid-connect
553
        attributes: {}
554
        authenticationFlowBindingOverrides: {}
555
        fullScopeAllowed: false
556
        nodeReRegistrationTimeout: 0
557
        defaultClientScopes:
558
          - web-origins
559
          - roles
560
          - profile
561
          - email
562
        optionalClientScopes:
563
          - address
564
          - phone
565
          - offline_access
566
          - microprofile-jwt
567
      - id: 79af8215-9c3c-462c-a005-bcf8ad5e3ea5
568
        clientId: security-admin-console
569
        name: "${client_security-admin-console}"
570
        rootUrl: "${authAdminUrl}"
571
        baseUrl: "/admin/token-test/console/"
572
        surrogateAuthRequired: false
573
        enabled: true
574
        alwaysDisplayInConsole: false
575
        clientAuthenticatorType: client-secret
576
        redirectUris:
577
          - "/admin/token-test/console/*"
578
        webOrigins:
579
          - "+"
580
        notBefore: 0
581
        bearerOnly: false
582
        consentRequired: false
583
        standardFlowEnabled: true
584
        implicitFlowEnabled: false
585
        directAccessGrantsEnabled: false
586
        serviceAccountsEnabled: false
587
        publicClient: true
588
        frontchannelLogout: false
589
        protocol: openid-connect
590
        attributes:
591
          pkce.code.challenge.method: S256
592
        authenticationFlowBindingOverrides: {}
593
        fullScopeAllowed: false
594
        nodeReRegistrationTimeout: 0
595
        protocolMappers:
596
          - id: 0ff87aba-d404-4ac6-8244-16562aa42340
597
            name: locale
598
            protocol: openid-connect
599
            protocolMapper: oidc-usermodel-attribute-mapper
600
            consentRequired: false
601
            config:
602
              userinfo.token.claim: 'true'
603
              user.attribute: locale
604
              id.token.claim: 'true'
605
              access.token.claim: 'true'
606
              claim.name: locale
607
              jsonType.label: String
608
        defaultClientScopes:
609
          - web-origins
610
          - roles
611
          - profile
612
          - email
613
        optionalClientScopes:
614
          - address
615
          - phone
616
          - offline_access
617
          - microprofile-jwt
618
      - id: 723e0da4-e2cc-4b2c-9f40-f42101d3e7a5
619
        clientId: token-test-client
620
        baseUrl: http://localhost:8080/realms/token-test/account/
621
        surrogateAuthRequired: false
622
        enabled: true
623
        alwaysDisplayInConsole: false
624
        clientAuthenticatorType: client-secret
625
        redirectUris:
626
          - token-test
627
        webOrigins:
628
          - localhost
629
          - 127.0.0.1:8080
630
          - localhost:8443
631
          - 127.0.0.1:8443
632
          - localhost:8080
633
          - 127.0.0.1
634
        notBefore: 0
635
        bearerOnly: false
636
        consentRequired: false
637
        standardFlowEnabled: true
638
        implicitFlowEnabled: false
639
        directAccessGrantsEnabled: true
640
        serviceAccountsEnabled: false
641
        publicClient: true
642
        frontchannelLogout: false
643
        protocol: openid-connect
644
        attributes:
645
          access.token.lifespan: '6000'
646
          saml.force.post.binding: 'false'
647
          saml.multivalued.roles: 'false'
648
          oauth2.device.authorization.grant.enabled: 'false'
649
          backchannel.logout.revoke.offline.tokens: 'false'
650
          saml.server.signature.keyinfo.ext: 'false'
651
          use.refresh.tokens: 'true'
652
          oidc.ciba.grant.enabled: 'false'
653
          backchannel.logout.session.required: 'true'
654
          client_credentials.use_refresh_token: 'false'
655
          require.pushed.authorization.requests: 'false'
656
          saml.client.signature: 'false'
657
          id.token.as.detached.signature: 'false'
658
          saml.assertion.signature: 'false'
659
          saml.encrypt: 'false'
660
          saml.server.signature: 'false'
661
          exclude.session.state.from.auth.response: 'false'
662
          saml.artifact.binding: 'false'
663
          saml_force_name_id_format: 'false'
664
          acr.loa.map: "{}"
665
          tls.client.certificate.bound.access.tokens: 'false'
666
          saml.authnstatement: 'false'
667
          display.on.consent.screen: 'false'
668
          token.response.type.bearer.lower-case: 'false'
669
          saml.onetimeuse.condition: 'false'
670
        authenticationFlowBindingOverrides: {}
671
        fullScopeAllowed: true
672
        nodeReRegistrationTimeout: -1
673
        defaultClientScopes:
674
          - web-origins
675
          - roles
676
          - profile
677
          - email
678
        optionalClientScopes:
679
          - address
680
          - phone
681
          - offline_access
682
          - microprofile-jwt
683
    clientScopes:
684
      - id: 83c642d1-0768-487f-9ea9-76f47b6bf308
685
        name: email
686
        description: 'OpenID Connect built-in scope: email'
687
        protocol: openid-connect
688
        attributes:
689
          include.in.token.scope: 'true'
690
          display.on.consent.screen: 'true'
691
          consent.screen.text: "${emailScopeConsentText}"
692
        protocolMappers:
693
          - id: 3c769676-15e6-40b9-8038-2564a42d2b71
694
            name: email
695
            protocol: openid-connect
696
            protocolMapper: oidc-usermodel-property-mapper
697
            consentRequired: false
698
            config:
699
              userinfo.token.claim: 'true'
700
              user.attribute: email
701
              id.token.claim: 'true'
702
              access.token.claim: 'true'
703
              claim.name: email
704
              jsonType.label: String
705
          - id: 0d8dd2f6-40b3-4b41-a6f7-b57458932670
706
            name: email verified
707
            protocol: openid-connect
708
            protocolMapper: oidc-usermodel-property-mapper
709
            consentRequired: false
710
            config:
711
              userinfo.token.claim: 'true'
712
              user.attribute: emailVerified
713
              id.token.claim: 'true'
714
              access.token.claim: 'true'
715
              claim.name: email_verified
716
              jsonType.label: boolean
717
      - id: 851084f7-5d63-43ee-8599-00e7101e61c3
718
        name: microprofile-jwt
719
        description: Microprofile - JWT built-in scope
720
        protocol: openid-connect
721
        attributes:
722
          include.in.token.scope: 'true'
723
          display.on.consent.screen: 'false'
724
        protocolMappers:
725
          - id: 682a2488-36bb-42d3-a6e6-35b9d5e3d4c5
726
            name: groups
727
            protocol: openid-connect
728
            protocolMapper: oidc-usermodel-realm-role-mapper
729
            consentRequired: false
730
            config:
731
              multivalued: 'true'
732
              user.attribute: foo
733
              id.token.claim: 'true'
734
              access.token.claim: 'true'
735
              claim.name: groups
736
              jsonType.label: String
737
          - id: 398e9b68-8327-425a-89d7-e639cadfe784
738
            name: upn
739
            protocol: openid-connect
740
            protocolMapper: oidc-usermodel-property-mapper
741
            consentRequired: false
742
            config:
743
              userinfo.token.claim: 'true'
744
              user.attribute: username
745
              id.token.claim: 'true'
746
              access.token.claim: 'true'
747
              claim.name: upn
748
              jsonType.label: String
749
      - id: c6eb0bac-39a0-4a10-839e-98a2d9426a52
750
        name: roles
751
        description: OpenID Connect scope for add user roles to the access token
752
        protocol: openid-connect
753
        attributes:
754
          include.in.token.scope: 'false'
755
          display.on.consent.screen: 'true'
756
          consent.screen.text: "${rolesScopeConsentText}"
757
        protocolMappers:
758
          - id: f8c4efd0-aeaa-4540-a47c-20e04bef4954
759
            name: audience resolve
760
            protocol: openid-connect
761
            protocolMapper: oidc-audience-resolve-mapper
762
            consentRequired: false
763
            config: {}
764
          - id: e22bb72a-5fae-4a92-b5e9-1dd57488910f
765
            name: client roles
766
            protocol: openid-connect
767
            protocolMapper: oidc-usermodel-client-role-mapper
768
            consentRequired: false
769
            config:
770
              user.attribute: foo
771
              access.token.claim: 'true'
772
              claim.name: resource_access.${client_id}.roles
773
              jsonType.label: String
774
              multivalued: 'true'
775
          - id: db34ab22-a6d3-4b7e-8f39-158439375ccb
776
            name: realm roles
777
            protocol: openid-connect
778
            protocolMapper: oidc-usermodel-realm-role-mapper
779
            consentRequired: false
780
            config:
781
              user.attribute: foo
782
              access.token.claim: 'true'
783
              claim.name: realm_access.roles
784
              jsonType.label: String
785
              multivalued: 'true'
786
      - id: 7a52c125-48f0-44fd-8f1a-1809f8b2de36
787
        name: role_list
788
        description: SAML role list
789
        protocol: saml
790
        attributes:
791
          consent.screen.text: "${samlRoleListScopeConsentText}"
792
          display.on.consent.screen: 'true'
793
        protocolMappers:
794
          - id: 9e2e632e-9574-43b1-a51c-9aade0906f3f
795
            name: role list
796
            protocol: saml
797
            protocolMapper: saml-role-list-mapper
798
            consentRequired: false
799
            config:
800
              single: 'false'
801
              attribute.nameformat: Basic
802
              attribute.name: Role
803
      - id: 3a61fa5e-64ff-45be-aede-2c781ee03541
804
        name: phone
805
        description: 'OpenID Connect built-in scope: phone'
806
        protocol: openid-connect
807
        attributes:
808
          include.in.token.scope: 'true'
809
          display.on.consent.screen: 'true'
810
          consent.screen.text: "${phoneScopeConsentText}"
811
        protocolMappers:
812
          - id: 14579adc-1b3b-42e5-9602-4d8f9fa88e80
813
            name: phone number verified
814
            protocol: openid-connect
815
            protocolMapper: oidc-usermodel-attribute-mapper
816
            consentRequired: false
817
            config:
818
              userinfo.token.claim: 'true'
819
              user.attribute: phoneNumberVerified
820
              id.token.claim: 'true'
821
              access.token.claim: 'true'
822
              claim.name: phone_number_verified
823
              jsonType.label: boolean
824
          - id: 0d582284-ae4e-4fd6-9e50-555f2dc7d078
825
            name: phone number
826
            protocol: openid-connect
827
            protocolMapper: oidc-usermodel-attribute-mapper
828
            consentRequired: false
829
            config:
830
              userinfo.token.claim: 'true'
831
              user.attribute: phoneNumber
832
              id.token.claim: 'true'
833
              access.token.claim: 'true'
834
              claim.name: phone_number
835
              jsonType.label: String
836
      - id: e48bc0ba-24e7-4d91-b0d1-7cc81e9afe5f
837
        name: address
838
        description: 'OpenID Connect built-in scope: address'
839
        protocol: openid-connect
840
        attributes:
841
          include.in.token.scope: 'true'
842
          display.on.consent.screen: 'true'
843
          consent.screen.text: "${addressScopeConsentText}"
844
        protocolMappers:
845
          - id: bd21105a-0cd4-4c63-ada2-8edc37475d38
846
            name: address
847
            protocol: openid-connect
848
            protocolMapper: oidc-address-mapper
849
            consentRequired: false
850
            config:
851
              user.attribute.formatted: formatted
852
              user.attribute.country: country
853
              user.attribute.postal_code: postal_code
854
              userinfo.token.claim: 'true'
855
              user.attribute.street: street
856
              id.token.claim: 'true'
857
              user.attribute.region: region
858
              access.token.claim: 'true'
859
              user.attribute.locality: locality
860
      - id: e14c7a2b-c298-40e9-b8e2-01a41b1556b4
861
        name: offline_access
862
        description: 'OpenID Connect built-in scope: offline_access'
863
        protocol: openid-connect
864
        attributes:
865
          consent.screen.text: "${offlineAccessScopeConsentText}"
866
          display.on.consent.screen: 'true'
867
      - id: aa7fea10-12a7-4a2e-9513-8f449d18bdbd
868
        name: web-origins
869
        description: OpenID Connect scope for add allowed web origins to the access token
870
        protocol: openid-connect
871
        attributes:
872
          include.in.token.scope: 'false'
873
          display.on.consent.screen: 'false'
874
          consent.screen.text: ''
875
        protocolMappers:
876
          - id: 134b42aa-8eb7-4f17-b468-0a4db3414b07
877
            name: allowed web origins
878
            protocol: openid-connect
879
            protocolMapper: oidc-allowed-origins-mapper
880
            consentRequired: false
881
            config: {}
882
      - id: c6c98a14-edcf-4bf7-8b82-4230f8cf7eca
883
        name: profile
884
        description: 'OpenID Connect built-in scope: profile'
885
        protocol: openid-connect
886
        attributes:
887
          include.in.token.scope: 'true'
888
          display.on.consent.screen: 'true'
889
          consent.screen.text: "${profileScopeConsentText}"
890
        protocolMappers:
891
          - id: c07e881a-2715-436b-8e23-738e9eb02304
892
            name: family name
893
            protocol: openid-connect
894
            protocolMapper: oidc-usermodel-property-mapper
895
            consentRequired: false
896
            config:
897
              userinfo.token.claim: 'true'
898
              user.attribute: lastName
899
              id.token.claim: 'true'
900
              access.token.claim: 'true'
901
              claim.name: family_name
902
              jsonType.label: String
903
          - id: 479cafcb-7a00-4c37-a94a-31b7e9622db7
904
            name: gender
905
            protocol: openid-connect
906
            protocolMapper: oidc-usermodel-attribute-mapper
907
            consentRequired: false
908
            config:
909
              userinfo.token.claim: 'true'
910
              user.attribute: gender
911
              id.token.claim: 'true'
912
              access.token.claim: 'true'
913
              claim.name: gender
914
              jsonType.label: String
915
          - id: 581d067c-0151-4cfc-9c7b-64ed762e03ae
916
            name: full name
917
            protocol: openid-connect
918
            protocolMapper: oidc-full-name-mapper
919
            consentRequired: false
920
            config:
921
              id.token.claim: 'true'
922
              access.token.claim: 'true'
923
              userinfo.token.claim: 'true'
924
          - id: 87b0ce4b-86b3-4143-926f-301f3afee083
925
            name: middle name
926
            protocol: openid-connect
927
            protocolMapper: oidc-usermodel-attribute-mapper
928
            consentRequired: false
929
            config:
930
              userinfo.token.claim: 'true'
931
              user.attribute: middleName
932
              id.token.claim: 'true'
933
              access.token.claim: 'true'
934
              claim.name: middle_name
935
              jsonType.label: String
936
          - id: 2f4f8664-ed76-448e-9814-2bb84b8c8d03
937
            name: username
938
            protocol: openid-connect
939
            protocolMapper: oidc-usermodel-property-mapper
940
            consentRequired: false
941
            config:
942
              userinfo.token.claim: 'true'
943
              user.attribute: username
944
              id.token.claim: 'true'
945
              access.token.claim: 'true'
946
              claim.name: preferred_username
947
              jsonType.label: String
948
          - id: d1568b1c-5034-429c-b7f0-ef876b4dcef0
949
            name: zoneinfo
950
            protocol: openid-connect
951
            protocolMapper: oidc-usermodel-attribute-mapper
952
            consentRequired: false
953
            config:
954
              userinfo.token.claim: 'true'
955
              user.attribute: zoneinfo
956
              id.token.claim: 'true'
957
              access.token.claim: 'true'
958
              claim.name: zoneinfo
959
              jsonType.label: String
960
          - id: 070b8b25-a1f7-4a61-9786-d5a56bc62a70
961
            name: nickname
962
            protocol: openid-connect
963
            protocolMapper: oidc-usermodel-attribute-mapper
964
            consentRequired: false
965
            config:
966
              userinfo.token.claim: 'true'
967
              user.attribute: nickname
968
              id.token.claim: 'true'
969
              access.token.claim: 'true'
970
              claim.name: nickname
971
              jsonType.label: String
972
          - id: 651d7a9e-d368-464b-8890-1d6d8a383ec4
973
            name: profile
974
            protocol: openid-connect
975
            protocolMapper: oidc-usermodel-attribute-mapper
976
            consentRequired: false
977
            config:
978
              userinfo.token.claim: 'true'
979
              user.attribute: profile
980
              id.token.claim: 'true'
981
              access.token.claim: 'true'
982
              claim.name: profile
983
              jsonType.label: String
984
          - id: 650a0ddd-833d-4a31-9c5a-8aa64f6a7d22
985
            name: given name
986
            protocol: openid-connect
987
            protocolMapper: oidc-usermodel-property-mapper
988
            consentRequired: false
989
            config:
990
              userinfo.token.claim: 'true'
991
              user.attribute: firstName
992
              id.token.claim: 'true'
993
              access.token.claim: 'true'
994
              claim.name: given_name
995
              jsonType.label: String
996
          - id: 90b55b69-ac74-448c-ba77-c92e974f90db
997
            name: locale
998
            protocol: openid-connect
999
            protocolMapper: oidc-usermodel-attribute-mapper
1000
            consentRequired: false
1001
            config:
1002
              userinfo.token.claim: 'true'
1003
              user.attribute: locale
1004
              id.token.claim: 'true'
1005
              access.token.claim: 'true'
1006
              claim.name: locale
1007
              jsonType.label: String
1008
          - id: 52fa62e2-24f7-445f-8a1b-0b2c201cad3e
1009
            name: updated at
1010
            protocol: openid-connect
1011
            protocolMapper: oidc-usermodel-attribute-mapper
1012
            consentRequired: false
1013
            config:
1014
              userinfo.token.claim: 'true'
1015
              user.attribute: updatedAt
1016
              id.token.claim: 'true'
1017
              access.token.claim: 'true'
1018
              claim.name: updated_at
1019
              jsonType.label: String
1020
          - id: 510d43fc-bda3-456a-b57b-b1802932975f
1021
            name: website
1022
            protocol: openid-connect
1023
            protocolMapper: oidc-usermodel-attribute-mapper
1024
            consentRequired: false
1025
            config:
1026
              userinfo.token.claim: 'true'
1027
              user.attribute: website
1028
              id.token.claim: 'true'
1029
              access.token.claim: 'true'
1030
              claim.name: website
1031
              jsonType.label: String
1032
          - id: a9bd191a-7c39-4d5b-a730-8712e61bd047
1033
            name: picture
1034
            protocol: openid-connect
1035
            protocolMapper: oidc-usermodel-attribute-mapper
1036
            consentRequired: false
1037
            config:
1038
              userinfo.token.claim: 'true'
1039
              user.attribute: picture
1040
              id.token.claim: 'true'
1041
              access.token.claim: 'true'
1042
              claim.name: picture
1043
              jsonType.label: String
1044
          - id: 267cc28e-498c-414d-9f2c-25a9046e3b21
1045
            name: birthdate
1046
            protocol: openid-connect
1047
            protocolMapper: oidc-usermodel-attribute-mapper
1048
            consentRequired: false
1049
            config:
1050
              userinfo.token.claim: 'true'
1051
              user.attribute: birthdate
1052
              id.token.claim: 'true'
1053
              access.token.claim: 'true'
1054
              claim.name: birthdate
1055
              jsonType.label: String
1056
    defaultDefaultClientScopes:
1057
      - role_list
1058
      - profile
1059
      - email
1060
      - roles
1061
      - web-origins
1062
    defaultOptionalClientScopes:
1063
      - offline_access
1064
      - address
1065
      - phone
1066
      - microprofile-jwt
1067
    browserSecurityHeaders:
1068
      contentSecurityPolicyReportOnly: ''
1069
      xContentTypeOptions: nosniff
1070
      xRobotsTag: none
1071
      xFrameOptions: SAMEORIGIN
1072
      contentSecurityPolicy: frame-src 'self'; frame-ancestors 'self'; object-src 'none';
1073
      xXSSProtection: 1; mode=block
1074
      strictTransportSecurity: max-age=31536000; includeSubDomains
1075
    smtpServer: {}
1076
    eventsEnabled: false
1077
    eventsListeners:
1078
      - jboss-logging
1079
    enabledEventTypes: []
1080
    adminEventsEnabled: false
1081
    adminEventsDetailsEnabled: false
1082
    identityProviders: []
1083
    identityProviderMappers: []
1084
    components:
1085
      org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy:
1086
        - id: 1fa57595-ddd4-4887-ab09-c511a040236f
1087
          name: Consent Required
1088
          providerId: consent-required
1089
          subType: anonymous
1090
          subComponents: {}
1091
          config: {}
1092
        - id: 7063fa94-4f9e-48cd-9659-bb46ccc09764
1093
          name: Full Scope Disabled
1094
          providerId: scope
1095
          subType: anonymous
1096
          subComponents: {}
1097
          config: {}
1098
        - id: 02a54f88-b589-47a7-9f05-d3bbdc91f1cc
1099
          name: Allowed Protocol Mapper Types
1100
          providerId: allowed-protocol-mappers
1101
          subType: anonymous
1102
          subComponents: {}
1103
          config:
1104
            allowed-protocol-mapper-types:
1105
              - oidc-full-name-mapper
1106
              - saml-user-attribute-mapper
1107
              - oidc-usermodel-attribute-mapper
1108
              - saml-user-property-mapper
1109
              - oidc-sha256-pairwise-sub-mapper
1110
              - saml-role-list-mapper
1111
              - oidc-address-mapper
1112
              - oidc-usermodel-property-mapper
1113
        - id: 773c5f86-5d98-4de9-b671-7c16b6d9edec
1114
          name: Allowed Protocol Mapper Types
1115
          providerId: allowed-protocol-mappers
1116
          subType: authenticated
1117
          subComponents: {}
1118
          config:
1119
            allowed-protocol-mapper-types:
1120
              - oidc-full-name-mapper
1121
              - saml-role-list-mapper
1122
              - oidc-usermodel-attribute-mapper
1123
              - oidc-address-mapper
1124
              - oidc-sha256-pairwise-sub-mapper
1125
              - saml-user-attribute-mapper
1126
              - saml-user-property-mapper
1127
              - oidc-usermodel-property-mapper
1128
        - id: 295b5e57-10bf-49ea-91af-9f8e3efcbbd2
1129
          name: Allowed Client Scopes
1130
          providerId: allowed-client-templates
1131
          subType: anonymous
1132
          subComponents: {}
1133
          config:
1134
            allow-default-scopes:
1135
              - 'true'
1136
        - id: d40fbdbf-2dfa-4e1a-b16a-a50fc188f8f3
1137
          name: Allowed Client Scopes
1138
          providerId: allowed-client-templates
1139
          subType: authenticated
1140
          subComponents: {}
1141
          config:
1142
            allow-default-scopes:
1143
              - 'true'
1144
        - id: 848fadee-77c2-4ec6-9cb1-0a880f8a8ab9
1145
          name: Trusted Hosts
1146
          providerId: trusted-hosts
1147
          subType: anonymous
1148
          subComponents: {}
1149
          config:
1150
            host-sending-registration-request-must-match:
1151
              - 'true'
1152
            client-uris-must-match:
1153
              - 'true'
1154
        - id: d9ea7724-fda7-4ff8-80ee-5d404e568e12
1155
          name: Max Clients Limit
1156
          providerId: max-clients
1157
          subType: anonymous
1158
          subComponents: {}
1159
          config:
1160
            max-clients:
1161
              - '200'
1162
      org.keycloak.keys.KeyProvider:
1163
        - id: 2d50d57e-5ba0-400b-901b-fa2885e0b1ea
1164
          name: rsa-generated
1165
          providerId: rsa-generated
1166
          subComponents: {}
1167
          config:
1168
            privateKey:
1169
              - MIIEpAIBAAKCAQEAy+YQfjoAZZ2uTS0X09R4JMj3CLlrElSjuE+NHi+OU3HOWNl9v+fT2kIswlD7ijn3MeR9qoPZLwIsE6b1SlSw12I1Gc57JIOs++VCZKTG5eMoBsEOntHbVU71LjwbKAqNVE//UeyuTKRv6y9YNX8BoFH/KFNE9unemv5M1DpHiH/bbco+4hXR+BcyhEbP2U8+JHcBdxbD8k8fcRgMGIXFwylHwlzAQwnmOG/tQ1P0/u1frSFq6hNj4phZ0V1JdpjfICk88tKrggMtNG7bEmh7k3ZrXsoyqJ6XKrVaIrvI9zuTz4aIsgEdBR2d7Up6pjANR1oJmXyiNGoMxVo/OdedWwIDAQABAoIBAQCLnXYPqJGbAvRV3hmhr6uwrHcS3zukqpYMX1RmpfOTyaqchhgn7orOuV9CkwcaKATOggFWX7+4A4nAzyLIieMpKBLqH8uMPimVte7XUUjsIrXGoizrrRC9gjo6NWf26/rID5rpMuJKkpIb/SguQVAQwfSwXQws8gi+IoDjFSDkIkbGC/c5M1hPxocIc9hcKN5yTnSiSMY6PtX5YMRoNV2L7hwCnZnAgd9sZSeSi+i39BNT6XYXuBroBWTEc6R3dfG/cRI6jTJZMl43RxgxSCCcdEZvxZXuONpUQVrSDkqwvuDkSYx8d0CkbQha4sHQj8juR9E4ziF57og/WXfaUd1BAoGBAPPk5hsL4Fr+tEcv65L/7tGy3Q2VaFqRNvDM6lHmKZy/WjFGXa3rMdcXyUny5uvN7E+Iqwt7Up0ab4pmvciGBX05wJO6OyXmk3pZuWRSLPT9WmkUCH8HLciGCirlJZPQY3LqR+qcl/MQ4wlLQOMzJUFwwvoOICGEOz1MY6nadSFhAoGBANYE9Bsi1lo7p02SJSQIk4pQEFT7vPqGVaku+2VLFHVzcO/teLNBiO9PimHwibk3r4Gtmv3P6jqvK8Q4D0V0tNnVjWg3vsJ4AAgkY7H5rt7RdNf9uy7QZzy6FgimwjQ4vhJDC4hsNEHuz6noCK+uaG5TarWQ1IXj/M08p4U5RGw7AoGAYMyZk2R8UEFFFffr/LT9eVcPKyQAfemir6H04jqCi4ba6jGuXqe5aVA0gNgaVL6vKsXodS8mE9p5KKosatjedtwkFb3VWe6Q2/+eeDWxSC8B4jCkSp5zymGAyZOW/Xq47dQUZQZvvHYYVgj7IPGcuMNjb1GJ6SONS3/1EmX1FSECgYA0mJ8NFDCtmD9zdtkd0+W+dhKtb/hvcRgYLe2mZR8wBiDZNfkVxKNMfLW7gAu4sxC0w991ROWBao9M96H5JcdUSYEo/Zop3KfVWGwPzxbEt6EJe9fGl3znlavYkHLltpQvlL5+1mi5U2FBlj6cPjZ39pQg7ujrxq3YGnHo8bv5BQKBgQDgTPZG6RXWMSXabWKsWEXM28/6+yh/0wEiuiJpkkiCU9lX2OFLiQ4cMMBbDonZv0fdoXOOxUvP6i43avRinmT6SMrkBRAzsB7WnhfBPHo0H9sYyaUCEmufc7l+/kh44ovX+XAeaTkZoC+zOobGOOuyGw9lZL7ev7JH1K32Y4Ugiw==
1170
            keyUse:
1171
              - SIG
1172
            certificate:
1173
              - MIICozCCAYsCBgF/LCTfSDANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDDAp0b2tlbi10ZXN0MB4XDTIyMDIyNDE0Mjk0OFoXDTMyMDIyNDE0MzEyOFowFTETMBEGA1UEAwwKdG9rZW4tdGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMvmEH46AGWdrk0tF9PUeCTI9wi5axJUo7hPjR4vjlNxzljZfb/n09pCLMJQ+4o59zHkfaqD2S8CLBOm9UpUsNdiNRnOeySDrPvlQmSkxuXjKAbBDp7R21VO9S48GygKjVRP/1Hsrkykb+svWDV/AaBR/yhTRPbp3pr+TNQ6R4h/223KPuIV0fgXMoRGz9lPPiR3AXcWw/JPH3EYDBiFxcMpR8JcwEMJ5jhv7UNT9P7tX60hauoTY+KYWdFdSXaY3yApPPLSq4IDLTRu2xJoe5N2a17KMqielyq1WiK7yPc7k8+GiLIBHQUdne1KeqYwDUdaCZl8ojRqDMVaPznXnVsCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEANCWowVIZYAplp6qgsp6lkHVwWEDUiN/mjnVaIRZu//rzHOUyGLawZcXgkorKGqu7hrUoWGylicfJopjsuuo6csmtlMKqJoLEJKppwEkQ5O6+NFRHBOPy7ZnfkKjFO8GO9C+npZAZtG9gmEuXyVvO9zahvtql0UqOrMUjrUrB60HoVsHaCBT9mBO3C8a/gp6QmCu1RBcuZv4WamoI7xp32e0GM+tof9zNxyPll8UgrzyRDbDGD/xrX7QOmJKDSUdFTzfkcbMob74e1D6pXIdEHXeQ1XGGDPMcd6pTFO0cmsGoZUjNUGb6ynvIi5cEwwJcPqUGeaYBmk6JpHtdeHiM1w==
1174
            priority:
1175
              - '100'
1176
        - id: 4ba83849-4d31-4754-ba69-68ea6f236a60
1177
          name: aes-generated
1178
          providerId: aes-generated
1179
          subComponents: {}
1180
          config:
1181
            kid:
1182
              - c1ad49ba-3f84-435a-a5be-822f3e81b0e1
1183
            secret:
1184
              - SZleSSrmV0L92MsR218QnQ
1185
            priority:
1186
              - '100'
1187
        - id: 15036151-75c1-4119-9d9b-05c050c0985f
1188
          name: rsa-enc-generated
1189
          providerId: rsa-enc-generated
1190
          subComponents: {}
1191
          config:
1192
            privateKey:
1193
              - MIIEowIBAAKCAQEAj0s9q7fl1k/k22sX6HgQqNMgiitptM9uMcL5qAtU+ilPl1gvy/wYUN0s4ZB6+IIoxKjOdabrX+O8BLgqMSh3D+U/SzuIPJqp6ORS/93atU2fzW3wHZybf2a5k5+raC9oQ1TokQ2WzRyGO/8kgHqnYSz9vYoRQ+V2pxjL9Zlldt/D8Hx5kZ/K3psRbMoADlbyi9zsnPME2lvdTTSR2mgBaDxAOc8lm8JO2RRURqUuETLW6ya8MJ+rSO3idqija1vBjKDF+sshZYJzv7/qJLC9J3YpeaS+KL+8TvB7xGoP97uR3jCRqqNo4Fd1CbZalHoT6MeL12Y3Aruxk8RFSRbIgQIDAQABAoIBABlHoueql+fJTIzRRfSDSh0esjzuD8YQWlZ5GWZmKWXA6APBUR1hqkCJ5KMexDMXc23Ogi4LdrcCDGegvgDSLL8nKJVzOUPH3XXy4hm14CHgQfMSFCyFNoGxc8fxgWHuCyzly+nbReGFyMDI8H2iJelk8JcBxq39y4MLQuBfYaEo8BfG8FsRz9Um0nvsgoSMCYPonmkLiNk+eIVLWtUkIAlFdnU9NnKP4xlT7Xz9bEPq5blqX470PHxhnyCe+WRoVK7yUF6B1ZNDu8hjiq9k5DvCfUOJa0LGUudfMMFQ2BptwT5XVVuPgeRNO8wX07QfsILZWixsZHK+qEbjL5WRX+ECgYEA6VVsIWIFNawqXjMHOIAWFlDknsVCc1IgI6TDO6+CryLusdkRgvY9XMaWLnA8z0qtYd7qa9K02pWZyWpnhIsQZLm/wwmXqGy44+mvS7+4NJ682PHdEqVRTrqytqs5s0nj79pozTNY64Z6sNmtKFEj9SqpFQOPB9qtFY3FHH6AA+UCgYEAnTayG3lJewx5p0Cw98z9dc4TOJgZvjJLihpuDo0My7VC7yo8Vf9oCUs9p1hQV05mbDqCWRsCm4wXZZBCfjsrUmOS3f3zN1Hxv2S3JK8cJSYLnS8Fj1haa1POtJHTHWouWKK+V4KQYV5PXloGRzXBRVhywaBfBm9qsgrKimsuoG0CgYAyA/2JqlkziBQM3SNPGSWi4vQelGoKDjCVc1vmD1kT8Yj41m7Kg73jhS3sBmMCjB9eO0pEkoXx1N+CLSzDXIvHC4nvZL79e1CmihDpS89QeDZCypV4ybcECUEFpu5XYB9b6pVMZxVIZyslfYOAgOQUSXC08G5YYKd5V0pJMVR/gQKBgFZqkkx3xuRUXyqIbL5Jd6khtX8OXFgn3U30aTqmXbo70KcWWEQNOGqjaShrav4SokorfyrrpetKfjHdsi8g5xdKlJhh1yc5a+EAw4rullH1L70e87dvoYQNdTncTmeEziT6kBYaNrLO3GHIqlrKOYqcq7ezJ4iqBcQIGn0rnV2hAoGBAL3nhwND0ur7YhR1XAP7ZtPX4QbbdrwEdqCEXkOTTvXFz5Dl7bnZ7K4uJuLx6nKIrP/+w4ZeLLKvlS8QfxhzTRbK44TqwlRlv/QXH0po/URvZioq8mS0ttgb39cAN9NVnBRfrIub3ONDbk5Oxg0JOy6KWHQa/U8oKxC0zj2JlqWL
1194
            keyUse:
1195
              - ENC
1196
            certificate:
1197
              - MIICozCCAYsCBgF/LCTfyjANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDDAp0b2tlbi10ZXN0MB4XDTIyMDIyNDE0Mjk0OFoXDTMyMDIyNDE0MzEyOFowFTETMBEGA1UEAwwKdG9rZW4tdGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAI9LPau35dZP5NtrF+h4EKjTIIorabTPbjHC+agLVPopT5dYL8v8GFDdLOGQeviCKMSoznWm61/jvAS4KjEodw/lP0s7iDyaqejkUv/d2rVNn81t8B2cm39muZOfq2gvaENU6JENls0chjv/JIB6p2Es/b2KEUPldqcYy/WZZXbfw/B8eZGfyt6bEWzKAA5W8ovc7JzzBNpb3U00kdpoAWg8QDnPJZvCTtkUVEalLhEy1usmvDCfq0jt4naoo2tbwYygxfrLIWWCc7+/6iSwvSd2KXmkvii/vE7we8RqD/e7kd4wkaqjaOBXdQm2WpR6E+jHi9dmNwK7sZPERUkWyIECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEATMNU9g2wXqrkA9DqQJce35eaB/MemlxaGkM4ngD7UXegdCsfTgVZE839ipb2/BIq8fxaPpeGDVve7/dmfqUZQ/fVYF5ZZh8/16I1GCv4UEpveLfQhYF6GkZtY+6EMN8NZ8NDxiBy/NHL92svUlfv7Ry3Ffv52QWJstWHYzNTDTggmyHlBYU044ONqKU/aHOjzzPG0+GAHQdmY/0WFQj5Cd3KQdC2REWJryjo6UbrembLpEmWe5DSesc0NYByVssn/e6Htzb5ivFlzqhUC/h7FgFGPapWFRk1k94T93F5ZvhecB6nO38gPNyQNqTxzNt9astkTxOizuww8/vgnd8MOw==
1198
            priority:
1199
              - '100'
1200
            algorithm:
1201
              - RSA-OAEP
1202
        - id: 30ecba87-6daf-447d-bc8d-21f61cd36f82
1203
          name: hmac-generated
1204
          providerId: hmac-generated
1205
          subComponents: {}
1206
          config:
1207
            kid:
1208
              - e1b9e589-63d5-4919-9672-5c02b27537b9
1209
            secret:
1210
              - Shquog8STeo_a26mKTFXQoMzJeyQprehSO6p9J3HBUAIE86Tk47HXf9TAATfaQZ8N9xTdESlRu9njpV7evbTJg
1211
            priority:
1212
              - '100'
1213
            algorithm:
1214
              - HS256
1215
    internationalizationEnabled: false
1216
    supportedLocales: []
1217
    authenticationFlows:
1218
      - id: 83251d05-9245-46b3-9ece-ab5cb0ad3435
1219
        alias: Account verification options
1220
        description: Method with which to verity the existing account
1221
        providerId: basic-flow
1222
        topLevel: false
1223
        builtIn: true
1224
        authenticationExecutions:
1225
          - authenticator: idp-email-verification
1226
            authenticatorFlow: false
1227
            requirement: ALTERNATIVE
1228
            priority: 10
1229
            autheticatorFlow: false
1230
            userSetupAllowed: false
1231
          - authenticatorFlow: true
1232
            requirement: ALTERNATIVE
1233
            priority: 20
1234
            autheticatorFlow: true
1235
            flowAlias: Verify Existing Account by Re-authentication
1236
            userSetupAllowed: false
1237
      - id: 3254f2e7-1256-4f29-b53a-49e1b304b9a1
1238
        alias: Authentication Options
1239
        description: Authentication options.
1240
        providerId: basic-flow
1241
        topLevel: false
1242
        builtIn: true
1243
        authenticationExecutions:
1244
          - authenticator: basic-auth
1245
            authenticatorFlow: false
1246
            requirement: REQUIRED
1247
            priority: 10
1248
            autheticatorFlow: false
1249
            userSetupAllowed: false
1250
          - authenticator: basic-auth-otp
1251
            authenticatorFlow: false
1252
            requirement: DISABLED
1253
            priority: 20
1254
            autheticatorFlow: false
1255
            userSetupAllowed: false
1256
          - authenticator: auth-spnego
1257
            authenticatorFlow: false
1258
            requirement: DISABLED
1259
            priority: 30
1260
            autheticatorFlow: false
1261
            userSetupAllowed: false
1262
      - id: 4b2db265-8c09-4e0e-9d8d-1049ed15270f
1263
        alias: Browser - Conditional OTP
1264
        description: Flow to determine if the OTP is required for the authentication
1265
        providerId: basic-flow
1266
        topLevel: false
1267
        builtIn: true
1268
        authenticationExecutions:
1269
          - authenticator: conditional-user-configured
1270
            authenticatorFlow: false
1271
            requirement: REQUIRED
1272
            priority: 10
1273
            autheticatorFlow: false
1274
            userSetupAllowed: false
1275
          - authenticator: auth-otp-form
1276
            authenticatorFlow: false
1277
            requirement: REQUIRED
1278
            priority: 20
1279
            autheticatorFlow: false
1280
            userSetupAllowed: false
1281
      - id: 6f90621a-570b-4de6-af8c-df0ad24b7d97
1282
        alias: Direct Grant - Conditional OTP
1283
        description: Flow to determine if the OTP is required for the authentication
1284
        providerId: basic-flow
1285
        topLevel: false
1286
        builtIn: true
1287
        authenticationExecutions:
1288
          - authenticator: conditional-user-configured
1289
            authenticatorFlow: false
1290
            requirement: REQUIRED
1291
            priority: 10
1292
            autheticatorFlow: false
1293
            userSetupAllowed: false
1294
          - authenticator: direct-grant-validate-otp
1295
            authenticatorFlow: false
1296
            requirement: REQUIRED
1297
            priority: 20
1298
            autheticatorFlow: false
1299
            userSetupAllowed: false
1300
      - id: 67799bee-a2ce-467e-beb1-afae45336ab2
1301
        alias: First broker login - Conditional OTP
1302
        description: Flow to determine if the OTP is required for the authentication
1303
        providerId: basic-flow
1304
        topLevel: false
1305
        builtIn: true
1306
        authenticationExecutions:
1307
          - authenticator: conditional-user-configured
1308
            authenticatorFlow: false
1309
            requirement: REQUIRED
1310
            priority: 10
1311
            autheticatorFlow: false
1312
            userSetupAllowed: false
1313
          - authenticator: auth-otp-form
1314
            authenticatorFlow: false
1315
            requirement: REQUIRED
1316
            priority: 20
1317
            autheticatorFlow: false
1318
            userSetupAllowed: false
1319
      - id: 50ea02e8-ebb2-4315-91a1-d0d1de53a981
1320
        alias: Handle Existing Account
1321
        description: Handle what to do if there is existing account with same email/username
1322
          like authenticated identity provider
1323
        providerId: basic-flow
1324
        topLevel: false
1325
        builtIn: true
1326
        authenticationExecutions:
1327
          - authenticator: idp-confirm-link
1328
            authenticatorFlow: false
1329
            requirement: REQUIRED
1330
            priority: 10
1331
            autheticatorFlow: false
1332
            userSetupAllowed: false
1333
          - authenticatorFlow: true
1334
            requirement: REQUIRED
1335
            priority: 20
1336
            autheticatorFlow: true
1337
            flowAlias: Account verification options
1338
            userSetupAllowed: false
1339
      - id: badc98d1-2c45-4760-8f31-35a014b6a262
1340
        alias: Reset - Conditional OTP
1341
        description: Flow to determine if the OTP should be reset or not. Set to REQUIRED
1342
          to force.
1343
        providerId: basic-flow
1344
        topLevel: false
1345
        builtIn: true
1346
        authenticationExecutions:
1347
          - authenticator: conditional-user-configured
1348
            authenticatorFlow: false
1349
            requirement: REQUIRED
1350
            priority: 10
1351
            autheticatorFlow: false
1352
            userSetupAllowed: false
1353
          - authenticator: reset-otp
1354
            authenticatorFlow: false
1355
            requirement: REQUIRED
1356
            priority: 20
1357
            autheticatorFlow: false
1358
            userSetupAllowed: false
1359
      - id: 38e9254a-b453-479c-a7c1-ac19f7915f11
1360
        alias: User creation or linking
1361
        description: Flow for the existing/non-existing user alternatives
1362
        providerId: basic-flow
1363
        topLevel: false
1364
        builtIn: true
1365
        authenticationExecutions:
1366
          - authenticatorConfig: create unique user config
1367
            authenticator: idp-create-user-if-unique
1368
            authenticatorFlow: false
1369
            requirement: ALTERNATIVE
1370
            priority: 10
1371
            autheticatorFlow: false
1372
            userSetupAllowed: false
1373
          - authenticatorFlow: true
1374
            requirement: ALTERNATIVE
1375
            priority: 20
1376
            autheticatorFlow: true
1377
            flowAlias: Handle Existing Account
1378
            userSetupAllowed: false
1379
      - id: ed4e514c-0102-4c0b-adf5-699757680488
1380
        alias: Verify Existing Account by Re-authentication
1381
        description: Reauthentication of existing account
1382
        providerId: basic-flow
1383
        topLevel: false
1384
        builtIn: true
1385
        authenticationExecutions:
1386
          - authenticator: idp-username-password-form
1387
            authenticatorFlow: false
1388
            requirement: REQUIRED
1389
            priority: 10
1390
            autheticatorFlow: false
1391
            userSetupAllowed: false
1392
          - authenticatorFlow: true
1393
            requirement: CONDITIONAL
1394
            priority: 20
1395
            autheticatorFlow: true
1396
            flowAlias: First broker login - Conditional OTP
1397
            userSetupAllowed: false
1398
      - id: 2770f39c-b2b9-4e3a-990e-fefdd30dedfa
1399
        alias: browser
1400
        description: browser based authentication
1401
        providerId: basic-flow
1402
        topLevel: true
1403
        builtIn: true
1404
        authenticationExecutions:
1405
          - authenticator: auth-cookie
1406
            authenticatorFlow: false
1407
            requirement: ALTERNATIVE
1408
            priority: 10
1409
            autheticatorFlow: false
1410
            userSetupAllowed: false
1411
          - authenticator: auth-spnego
1412
            authenticatorFlow: false
1413
            requirement: DISABLED
1414
            priority: 20
1415
            autheticatorFlow: false
1416
            userSetupAllowed: false
1417
          - authenticator: identity-provider-redirector
1418
            authenticatorFlow: false
1419
            requirement: ALTERNATIVE
1420
            priority: 25
1421
            autheticatorFlow: false
1422
            userSetupAllowed: false
1423
          - authenticatorFlow: true
1424
            requirement: ALTERNATIVE
1425
            priority: 30
1426
            autheticatorFlow: true
1427
            flowAlias: forms
1428
            userSetupAllowed: false
1429
      - id: f23b4ef6-8b24-4416-8c54-503e4a679afc
1430
        alias: clients
1431
        description: Base authentication for clients
1432
        providerId: client-flow
1433
        topLevel: true
1434
        builtIn: true
1435
        authenticationExecutions:
1436
          - authenticator: client-secret
1437
            authenticatorFlow: false
1438
            requirement: ALTERNATIVE
1439
            priority: 10
1440
            autheticatorFlow: false
1441
            userSetupAllowed: false
1442
          - authenticator: client-jwt
1443
            authenticatorFlow: false
1444
            requirement: ALTERNATIVE
1445
            priority: 20
1446
            autheticatorFlow: false
1447
            userSetupAllowed: false
1448
          - authenticator: client-secret-jwt
1449
            authenticatorFlow: false
1450
            requirement: ALTERNATIVE
1451
            priority: 30
1452
            autheticatorFlow: false
1453
            userSetupAllowed: false
1454
          - authenticator: client-x509
1455
            authenticatorFlow: false
1456
            requirement: ALTERNATIVE
1457
            priority: 40
1458
            autheticatorFlow: false
1459
            userSetupAllowed: false
1460
      - id: 8b835a57-4145-49ba-a922-92100aa2ddec
1461
        alias: direct grant
1462
        description: OpenID Connect Resource Owner Grant
1463
        providerId: basic-flow
1464
        topLevel: true
1465
        builtIn: true
1466
        authenticationExecutions:
1467
          - authenticator: direct-grant-validate-username
1468
            authenticatorFlow: false
1469
            requirement: REQUIRED
1470
            priority: 10
1471
            autheticatorFlow: false
1472
            userSetupAllowed: false
1473
          - authenticator: direct-grant-validate-password
1474
            authenticatorFlow: false
1475
            requirement: REQUIRED
1476
            priority: 20
1477
            autheticatorFlow: false
1478
            userSetupAllowed: false
1479
          - authenticatorFlow: true
1480
            requirement: CONDITIONAL
1481
            priority: 30
1482
            autheticatorFlow: true
1483
            flowAlias: Direct Grant - Conditional OTP
1484
            userSetupAllowed: false
1485
      - id: 8474649e-8e1d-4218-97df-c1edbac87636
1486
        alias: docker auth
1487
        description: Used by Docker clients to authenticate against the IDP
1488
        providerId: basic-flow
1489
        topLevel: true
1490
        builtIn: true
1491
        authenticationExecutions:
1492
          - authenticator: docker-http-basic-authenticator
1493
            authenticatorFlow: false
1494
            requirement: REQUIRED
1495
            priority: 10
1496
            autheticatorFlow: false
1497
            userSetupAllowed: false
1498
      - id: ede3e69e-cbb5-46fb-8789-e3532e05e9d4
1499
        alias: first broker login
1500
        description: Actions taken after first broker login with identity provider account,
1501
          which is not yet linked to any Keycloak account
1502
        providerId: basic-flow
1503
        topLevel: true
1504
        builtIn: true
1505
        authenticationExecutions:
1506
          - authenticatorConfig: review profile config
1507
            authenticator: idp-review-profile
1508
            authenticatorFlow: false
1509
            requirement: REQUIRED
1510
            priority: 10
1511
            autheticatorFlow: false
1512
            userSetupAllowed: false
1513
          - authenticatorFlow: true
1514
            requirement: REQUIRED
1515
            priority: 20
1516
            autheticatorFlow: true
1517
            flowAlias: User creation or linking
1518
            userSetupAllowed: false
1519
      - id: 4c207a4f-e46c-4443-a38d-e6cc05708e5f
1520
        alias: forms
1521
        description: Username, password, otp and other auth forms.
1522
        providerId: basic-flow
1523
        topLevel: false
1524
        builtIn: true
1525
        authenticationExecutions:
1526
          - authenticator: auth-username-password-form
1527
            authenticatorFlow: false
1528
            requirement: REQUIRED
1529
            priority: 10
1530
            autheticatorFlow: false
1531
            userSetupAllowed: false
1532
          - authenticatorFlow: true
1533
            requirement: CONDITIONAL
1534
            priority: 20
1535
            autheticatorFlow: true
1536
            flowAlias: Browser - Conditional OTP
1537
            userSetupAllowed: false
1538
      - id: d73c0597-fdd5-44de-a5e9-982033d970d2
1539
        alias: http challenge
1540
        description: An authentication flow based on challenge-response HTTP Authentication
1541
          Schemes
1542
        providerId: basic-flow
1543
        topLevel: true
1544
        builtIn: true
1545
        authenticationExecutions:
1546
          - authenticator: no-cookie-redirect
1547
            authenticatorFlow: false
1548
            requirement: REQUIRED
1549
            priority: 10
1550
            autheticatorFlow: false
1551
            userSetupAllowed: false
1552
          - authenticatorFlow: true
1553
            requirement: REQUIRED
1554
            priority: 20
1555
            autheticatorFlow: true
1556
            flowAlias: Authentication Options
1557
            userSetupAllowed: false
1558
      - id: 15b7b51a-e7d6-4bb2-8204-3bcc1cc8ea67
1559
        alias: registration
1560
        description: registration flow
1561
        providerId: basic-flow
1562
        topLevel: true
1563
        builtIn: true
1564
        authenticationExecutions:
1565
          - authenticator: registration-page-form
1566
            authenticatorFlow: true
1567
            requirement: REQUIRED
1568
            priority: 10
1569
            autheticatorFlow: true
1570
            flowAlias: registration form
1571
            userSetupAllowed: false
1572
      - id: 2d517957-80f2-4c66-827a-c6c7ae4413e9
1573
        alias: registration form
1574
        description: registration form
1575
        providerId: form-flow
1576
        topLevel: false
1577
        builtIn: true
1578
        authenticationExecutions:
1579
          - authenticator: registration-user-creation
1580
            authenticatorFlow: false
1581
            requirement: REQUIRED
1582
            priority: 20
1583
            autheticatorFlow: false
1584
            userSetupAllowed: false
1585
          - authenticator: registration-profile-action
1586
            authenticatorFlow: false
1587
            requirement: REQUIRED
1588
            priority: 40
1589
            autheticatorFlow: false
1590
            userSetupAllowed: false
1591
          - authenticator: registration-password-action
1592
            authenticatorFlow: false
1593
            requirement: REQUIRED
1594
            priority: 50
1595
            autheticatorFlow: false
1596
            userSetupAllowed: false
1597
          - authenticator: registration-recaptcha-action
1598
            authenticatorFlow: false
1599
            requirement: DISABLED
1600
            priority: 60
1601
            autheticatorFlow: false
1602
            userSetupAllowed: false
1603
      - id: 88424650-0cad-49a8-9df1-9362a1928375
1604
        alias: reset credentials
1605
        description: Reset credentials for a user if they forgot their password or something
1606
        providerId: basic-flow
1607
        topLevel: true
1608
        builtIn: true
1609
        authenticationExecutions:
1610
          - authenticator: reset-credentials-choose-user
1611
            authenticatorFlow: false
1612
            requirement: REQUIRED
1613
            priority: 10
1614
            autheticatorFlow: false
1615
            userSetupAllowed: false
1616
          - authenticator: reset-credential-email
1617
            authenticatorFlow: false
1618
            requirement: REQUIRED
1619
            priority: 20
1620
            autheticatorFlow: false
1621
            userSetupAllowed: false
1622
          - authenticator: reset-password
1623
            authenticatorFlow: false
1624
            requirement: REQUIRED
1625
            priority: 30
1626
            autheticatorFlow: false
1627
            userSetupAllowed: false
1628
          - authenticatorFlow: true
1629
            requirement: CONDITIONAL
1630
            priority: 40
1631
            autheticatorFlow: true
1632
            flowAlias: Reset - Conditional OTP
1633
            userSetupAllowed: false
1634
      - id: 7e32b05b-7c3d-46d1-a721-b146eb90bbe9
1635
        alias: saml ecp
1636
        description: SAML ECP Profile Authentication Flow
1637
        providerId: basic-flow
1638
        topLevel: true
1639
        builtIn: true
1640
        authenticationExecutions:
1641
          - authenticator: http-basic-authenticator
1642
            authenticatorFlow: false
1643
            requirement: REQUIRED
1644
            priority: 10
1645
            autheticatorFlow: false
1646
            userSetupAllowed: false
1647
    authenticatorConfig:
1648
      - id: 7ee30b27-c4c4-4696-8479-4998ecc2cfe3
1649
        alias: create unique user config
1650
        config:
1651
          require.password.update.after.registration: 'false'
1652
      - id: b300eb8b-11f4-4163-9843-bf2d2610731d
1653
        alias: review profile config
1654
        config:
1655
          update.profile.on.first.login: missing
1656
    requiredActions:
1657
      - alias: CONFIGURE_TOTP
1658
        name: Configure OTP
1659
        providerId: CONFIGURE_TOTP
1660
        enabled: true
1661
        defaultAction: false
1662
        priority: 10
1663
        config: {}
1664
      - alias: terms_and_conditions
1665
        name: Terms and Conditions
1666
        providerId: terms_and_conditions
1667
        enabled: false
1668
        defaultAction: false
1669
        priority: 20
1670
        config: {}
1671
      - alias: UPDATE_PASSWORD
1672
        name: Update Password
1673
        providerId: UPDATE_PASSWORD
1674
        enabled: true
1675
        defaultAction: false
1676
        priority: 30
1677
        config: {}
1678
      - alias: UPDATE_PROFILE
1679
        name: Update Profile
1680
        providerId: UPDATE_PROFILE
1681
        enabled: true
1682
        defaultAction: false
1683
        priority: 40
1684
        config: {}
1685
      - alias: VERIFY_EMAIL
1686
        name: Verify Email
1687
        providerId: VERIFY_EMAIL
1688
        enabled: true
1689
        defaultAction: false
1690
        priority: 50
1691
        config: {}
1692
      - alias: delete_account
1693
        name: Delete Account
1694
        providerId: delete_account
1695
        enabled: false
1696
        defaultAction: false
1697
        priority: 60
1698
        config: {}
1699
      - alias: update_user_locale
1700
        name: Update User Locale
1701
        providerId: update_user_locale
1702
        enabled: true
1703
        defaultAction: false
1704
        priority: 1000
1705
        config: {}
1706
    browserFlow: browser
1707
    registrationFlow: registration
1708
    directGrantFlow: direct grant
1709
    resetCredentialsFlow: reset credentials
1710
    clientAuthenticationFlow: clients
1711
    dockerAuthenticationFlow: docker auth
1712
    attributes:
1713
      cibaBackchannelTokenDeliveryMode: poll
1714
      cibaExpiresIn: '120'
1715
      cibaAuthRequestedUserHint: login_hint
1716
      oauth2DeviceCodeLifespan: '600'
1717
      oauth2DevicePollingInterval: '5'
1718
      parRequestUriLifespan: '60'
1719
      cibaInterval: '5'
1720
    keycloakVersion: 18.0.0-SNAPSHOT
1721
    userManagedAccessAllowed: false
1722
    clientProfiles:
1723
      profiles: []
1724
    clientPolicies:
1725
      policies: []
1726

Использование cookies

Мы используем файлы cookie в соответствии с Политикой конфиденциальности и Политикой использования cookies.

Нажимая кнопку «Принимаю», Вы даете АО «СберТех» согласие на обработку Ваших персональных данных в целях совершенствования нашего веб-сайта и Сервиса GitVerse, а также повышения удобства их использования.

Запретить использование cookies Вы можете самостоятельно в настройках Вашего браузера.