1
apiVersion: k8s.keycloak.org/v2alpha1
2
kind: KeycloakRealmImport
4
name: example-token-test-kc
6
keycloakCRName: example-kc
11
defaultSignatureAlgorithm: RS256
12
revokeRefreshToken: false
13
refreshTokenMaxReuse: 0
14
accessTokenLifespan: 300
15
accessTokenLifespanForImplicitFlow: 900
16
ssoSessionIdleTimeout: 1800
17
ssoSessionMaxLifespan: 36000
18
ssoSessionIdleTimeoutRememberMe: 0
19
ssoSessionMaxLifespanRememberMe: 0
20
offlineSessionIdleTimeout: 2592000
21
offlineSessionMaxLifespanEnabled: false
22
offlineSessionMaxLifespan: 5184000
23
clientSessionIdleTimeout: 0
24
clientSessionMaxLifespan: 0
25
clientOfflineSessionIdleTimeout: 0
26
clientOfflineSessionMaxLifespan: 0
27
accessCodeLifespan: 60
28
accessCodeLifespanUserAction: 300
29
accessCodeLifespanLogin: 1800
30
actionTokenGeneratedByAdminLifespan: 43200
31
actionTokenGeneratedByUserLifespan: 300
32
oauth2DeviceCodeLifespan: 600
33
oauth2DevicePollingInterval: 5
36
registrationAllowed: false
37
registrationEmailAsUsername: false
40
loginWithEmailAllowed: true
41
duplicateEmailsAllowed: false
42
resetPasswordAllowed: false
43
editUsernameAllowed: false
44
bruteForceProtected: false
45
permanentLockout: false
46
maxFailureWaitSeconds: 900
47
minimumQuickLoginWaitSeconds: 60
48
waitIncrementSeconds: 60
49
quickLoginCheckMilliSeconds: 1000
50
maxDeltaTimeSeconds: 43200
54
- id: f89e3220-2593-4072-bfc2-f06c49f99b0c
55
name: uma_authorization
56
description: "${role_uma_authorization}"
59
containerId: token-test
61
- id: ce3f3328-a7a7-4098-99bc-e72456680177
63
description: "${role_offline-access}"
66
containerId: token-test
68
- id: 41271c50-8fc7-45ee-a963-a1d3ce881833
69
name: default-roles-token-test
70
description: "${role_default-roles}"
81
containerId: token-test
85
- id: 7de8f53c-8b48-4561-bc53-c23bc02f57b6
87
description: "${role_manage-users}"
90
containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
92
- id: 2120ab3d-5700-4918-ab62-6dca0c7b5f41
94
description: "${role_query-clients}"
97
containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
99
- id: 831793a7-e725-411a-aa2d-42f775f2a6bf
101
description: "${role_manage-events}"
104
containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
106
- id: e7e5c55f-4b0e-4eae-96cc-1acd038cfeeb
108
description: "${role_view-realm}"
111
containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
113
- id: 875a8ee1-96b8-485c-86a2-01105b15daa1
114
name: view-identity-providers
115
description: "${role_view-identity-providers}"
118
containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
120
- id: d5ac72f8-94e9-4e1c-98bf-f688f0558710
122
description: "${role_view-clients}"
129
containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
131
- id: a1a61887-0e5c-464f-890a-64f059dc7ca1
133
description: "${role_create-client}"
136
containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
138
- id: 8b50da86-e52d-45bd-a175-b546d5e76fb3
140
description: "${role_view-events}"
143
containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
145
- id: dede217d-c210-4278-aa58-fb622a88d562
147
description: "${role_realm-admin}"
156
- view-identity-providers
160
- manage-identity-providers
162
- manage-authorization
171
containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
173
- id: 6a789bf5-7adf-4666-8118-37cf3e2b1c44
174
name: manage-identity-providers
175
description: "${role_manage-identity-providers}"
178
containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
180
- id: f549403c-cccd-47a1-bb52-57c80d4ace89
182
description: "${role_manage-realm}"
185
containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
187
- id: 31ddb9c1-1a53-44ec-b67a-a4cc50a760c2
188
name: manage-authorization
189
description: "${role_manage-authorization}"
192
containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
194
- id: fa872842-7037-415a-a69d-c34a05ef0a79
196
description: "${role_impersonation}"
199
containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
201
- id: de291aed-9b84-4622-94cb-f967bb8b8a31
203
description: "${role_query-realms}"
206
containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
208
- id: 28008941-29ac-4693-94f4-0e7a4f6b8e63
210
description: "${role_view-users}"
218
containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
220
- id: 801f5414-67eb-4c92-91b7-34344255b8d5
222
description: "${role_query-groups}"
225
containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
227
- id: 6cc9fb5b-3019-4731-876a-dc5b8d288b8c
228
name: view-authorization
229
description: "${role_view-authorization}"
232
containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
234
- id: e3fa28de-0587-4736-9142-0bc4cfb468a2
236
description: "${role_query-users}"
239
containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
241
- id: 24ba3e2b-ff03-42fd-952e-b60acf4d5aa0
243
description: "${role_manage-clients}"
246
containerId: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
248
token-test-client: []
249
security-admin-console: []
253
- id: c4b2960e-6bf5-4f89-8a35-766d60c16700
255
description: "${role_read-token}"
258
containerId: b93b8aa2-9fbc-48aa-8aa9-5f0c6383330a
261
- id: 66b817f9-130e-477b-addc-64406e9149f1
263
description: "${role_manage-account}"
268
- manage-account-links
270
containerId: 884a5020-265a-47c8-babe-25786fda4650
272
- id: 4068eead-cc5d-49e6-bd0c-93895b019ab3
273
name: manage-account-links
274
description: "${role_manage-account-links}"
277
containerId: 884a5020-265a-47c8-babe-25786fda4650
279
- id: 3d1e7b71-8e37-455a-9d47-3207143b167e
281
description: "${role_view-consent}"
284
containerId: 884a5020-265a-47c8-babe-25786fda4650
286
- id: 617f7c3c-d7e3-4f76-b0f8-27abb06cc6bd
288
description: "${role_view-profile}"
291
containerId: 884a5020-265a-47c8-babe-25786fda4650
293
- id: f7e170f3-5966-4cc1-933d-50a28a2c4603
295
description: "${role_manage-consent}"
302
containerId: 884a5020-265a-47c8-babe-25786fda4650
304
- id: 39ece46a-7d4c-42fe-b4ef-c0b48256f407
305
name: view-applications
306
description: "${role_view-applications}"
309
containerId: 884a5020-265a-47c8-babe-25786fda4650
311
- id: 696abcea-f88f-4319-83d1-dcdba957cc2e
313
description: "${role_delete-account}"
316
containerId: 884a5020-265a-47c8-babe-25786fda4650
320
id: 41271c50-8fc7-45ee-a963-a1d3ce881833
321
name: default-roles-token-test
322
description: "${role_default-roles}"
325
containerId: token-test
329
otpPolicyAlgorithm: HmacSHA1
330
otpPolicyInitialCounter: 0
332
otpPolicyLookAheadWindow: 1
334
otpSupportedApplications:
336
- Google Authenticator
337
webAuthnPolicyRpEntityName: keycloak
338
webAuthnPolicySignatureAlgorithms:
340
webAuthnPolicyRpId: ''
341
webAuthnPolicyAttestationConveyancePreference: not specified
342
webAuthnPolicyAuthenticatorAttachment: not specified
343
webAuthnPolicyRequireResidentKey: not specified
344
webAuthnPolicyUserVerificationRequirement: not specified
345
webAuthnPolicyCreateTimeout: 0
346
webAuthnPolicyAvoidSameAuthenticatorRegister: false
347
webAuthnPolicyAcceptableAaguids: []
348
webAuthnPolicyPasswordlessRpEntityName: keycloak
349
webAuthnPolicyPasswordlessSignatureAlgorithms:
351
webAuthnPolicyPasswordlessRpId: ''
352
webAuthnPolicyPasswordlessAttestationConveyancePreference: not specified
353
webAuthnPolicyPasswordlessAuthenticatorAttachment: not specified
354
webAuthnPolicyPasswordlessRequireResidentKey: not specified
355
webAuthnPolicyPasswordlessUserVerificationRequirement: not specified
356
webAuthnPolicyPasswordlessCreateTimeout: 0
357
webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister: false
358
webAuthnPolicyPasswordlessAcceptableAaguids: []
360
- id: b660eec6-a93b-46fd-abb2-e9fbdff67a63
361
createdTimestamp: 1645713689127
367
- id: 5c2bcf07-204a-4c19-aa40-c652198b289a
369
createdDate: 1645713704041
370
secretData: '{"value":"GbcXn5JEdNpblA2NnXwX60mm614FHjdbxhK1x7v6WwGc0E8ZrNvho7Se8upLt9+/NTHu2NmuWlWM1QwdOWfyHQ==","salt":"YaIEcNqTNMS4fZ2iUKd/wg==","additionalParameters":{}}'
371
credentialData: '{"hashIterations":27500,"algorithm":"pbkdf2-sha256","additionalParameters":{}}'
372
disableableCredentialTypes: []
375
- default-roles-token-test
379
- clientScope: offline_access
384
- client: account-console
388
- id: 884a5020-265a-47c8-babe-25786fda4650
390
name: "${client_account}"
391
rootUrl: "${authBaseUrl}"
392
baseUrl: "/realms/token-test/account/"
393
surrogateAuthRequired: false
395
alwaysDisplayInConsole: false
396
clientAuthenticatorType: client-secret
398
- "/realms/token-test/account/*"
402
consentRequired: false
403
standardFlowEnabled: true
404
implicitFlowEnabled: false
405
directAccessGrantsEnabled: false
406
serviceAccountsEnabled: false
408
frontchannelLogout: false
409
protocol: openid-connect
411
authenticationFlowBindingOverrides: {}
412
fullScopeAllowed: false
413
nodeReRegistrationTimeout: 0
419
optionalClientScopes:
424
- id: 8248ac6a-9940-4fec-a6ad-4b11b4b303c2
425
clientId: account-console
426
name: "${client_account-console}"
427
rootUrl: "${authBaseUrl}"
428
baseUrl: "/realms/token-test/account/"
429
surrogateAuthRequired: false
431
alwaysDisplayInConsole: false
432
clientAuthenticatorType: client-secret
434
- "/realms/token-test/account/*"
438
consentRequired: false
439
standardFlowEnabled: true
440
implicitFlowEnabled: false
441
directAccessGrantsEnabled: false
442
serviceAccountsEnabled: false
444
frontchannelLogout: false
445
protocol: openid-connect
447
pkce.code.challenge.method: S256
448
authenticationFlowBindingOverrides: {}
449
fullScopeAllowed: false
450
nodeReRegistrationTimeout: 0
452
- id: 60bbc11f-acea-4e61-8de7-d6e1a1d9bb0f
453
name: audience resolve
454
protocol: openid-connect
455
protocolMapper: oidc-audience-resolve-mapper
456
consentRequired: false
463
optionalClientScopes:
468
- id: 2333c4da-18a6-4f3d-b37f-b0b57c83c511
470
name: "${client_admin-cli}"
471
surrogateAuthRequired: false
473
alwaysDisplayInConsole: false
474
clientAuthenticatorType: client-secret
479
consentRequired: false
480
standardFlowEnabled: false
481
implicitFlowEnabled: false
482
directAccessGrantsEnabled: true
483
serviceAccountsEnabled: false
485
frontchannelLogout: false
486
protocol: openid-connect
488
authenticationFlowBindingOverrides: {}
489
fullScopeAllowed: false
490
nodeReRegistrationTimeout: 0
496
optionalClientScopes:
501
- id: b93b8aa2-9fbc-48aa-8aa9-5f0c6383330a
503
name: "${client_broker}"
504
surrogateAuthRequired: false
506
alwaysDisplayInConsole: false
507
clientAuthenticatorType: client-secret
512
consentRequired: false
513
standardFlowEnabled: true
514
implicitFlowEnabled: false
515
directAccessGrantsEnabled: false
516
serviceAccountsEnabled: false
518
frontchannelLogout: false
519
protocol: openid-connect
521
authenticationFlowBindingOverrides: {}
522
fullScopeAllowed: false
523
nodeReRegistrationTimeout: 0
529
optionalClientScopes:
534
- id: 59cc4ef9-9e71-4304-89a3-c9aef6d90f24
535
clientId: realm-management
536
name: "${client_realm-management}"
537
surrogateAuthRequired: false
539
alwaysDisplayInConsole: false
540
clientAuthenticatorType: client-secret
545
consentRequired: false
546
standardFlowEnabled: true
547
implicitFlowEnabled: false
548
directAccessGrantsEnabled: false
549
serviceAccountsEnabled: false
551
frontchannelLogout: false
552
protocol: openid-connect
554
authenticationFlowBindingOverrides: {}
555
fullScopeAllowed: false
556
nodeReRegistrationTimeout: 0
562
optionalClientScopes:
567
- id: 79af8215-9c3c-462c-a005-bcf8ad5e3ea5
568
clientId: security-admin-console
569
name: "${client_security-admin-console}"
570
rootUrl: "${authAdminUrl}"
571
baseUrl: "/admin/token-test/console/"
572
surrogateAuthRequired: false
574
alwaysDisplayInConsole: false
575
clientAuthenticatorType: client-secret
577
- "/admin/token-test/console/*"
582
consentRequired: false
583
standardFlowEnabled: true
584
implicitFlowEnabled: false
585
directAccessGrantsEnabled: false
586
serviceAccountsEnabled: false
588
frontchannelLogout: false
589
protocol: openid-connect
591
pkce.code.challenge.method: S256
592
authenticationFlowBindingOverrides: {}
593
fullScopeAllowed: false
594
nodeReRegistrationTimeout: 0
596
- id: 0ff87aba-d404-4ac6-8244-16562aa42340
598
protocol: openid-connect
599
protocolMapper: oidc-usermodel-attribute-mapper
600
consentRequired: false
602
userinfo.token.claim: 'true'
603
user.attribute: locale
604
id.token.claim: 'true'
605
access.token.claim: 'true'
607
jsonType.label: String
613
optionalClientScopes:
618
- id: 723e0da4-e2cc-4b2c-9f40-f42101d3e7a5
619
clientId: token-test-client
620
baseUrl: http://localhost:8080/realms/token-test/account/
621
surrogateAuthRequired: false
623
alwaysDisplayInConsole: false
624
clientAuthenticatorType: client-secret
636
consentRequired: false
637
standardFlowEnabled: true
638
implicitFlowEnabled: false
639
directAccessGrantsEnabled: true
640
serviceAccountsEnabled: false
642
frontchannelLogout: false
643
protocol: openid-connect
645
access.token.lifespan: '6000'
646
saml.force.post.binding: 'false'
647
saml.multivalued.roles: 'false'
648
oauth2.device.authorization.grant.enabled: 'false'
649
backchannel.logout.revoke.offline.tokens: 'false'
650
saml.server.signature.keyinfo.ext: 'false'
651
use.refresh.tokens: 'true'
652
oidc.ciba.grant.enabled: 'false'
653
backchannel.logout.session.required: 'true'
654
client_credentials.use_refresh_token: 'false'
655
require.pushed.authorization.requests: 'false'
656
saml.client.signature: 'false'
657
id.token.as.detached.signature: 'false'
658
saml.assertion.signature: 'false'
659
saml.encrypt: 'false'
660
saml.server.signature: 'false'
661
exclude.session.state.from.auth.response: 'false'
662
saml.artifact.binding: 'false'
663
saml_force_name_id_format: 'false'
665
tls.client.certificate.bound.access.tokens: 'false'
666
saml.authnstatement: 'false'
667
display.on.consent.screen: 'false'
668
token.response.type.bearer.lower-case: 'false'
669
saml.onetimeuse.condition: 'false'
670
authenticationFlowBindingOverrides: {}
671
fullScopeAllowed: true
672
nodeReRegistrationTimeout: -1
678
optionalClientScopes:
684
- id: 83c642d1-0768-487f-9ea9-76f47b6bf308
686
description: 'OpenID Connect built-in scope: email'
687
protocol: openid-connect
689
include.in.token.scope: 'true'
690
display.on.consent.screen: 'true'
691
consent.screen.text: "${emailScopeConsentText}"
693
- id: 3c769676-15e6-40b9-8038-2564a42d2b71
695
protocol: openid-connect
696
protocolMapper: oidc-usermodel-property-mapper
697
consentRequired: false
699
userinfo.token.claim: 'true'
700
user.attribute: email
701
id.token.claim: 'true'
702
access.token.claim: 'true'
704
jsonType.label: String
705
- id: 0d8dd2f6-40b3-4b41-a6f7-b57458932670
707
protocol: openid-connect
708
protocolMapper: oidc-usermodel-property-mapper
709
consentRequired: false
711
userinfo.token.claim: 'true'
712
user.attribute: emailVerified
713
id.token.claim: 'true'
714
access.token.claim: 'true'
715
claim.name: email_verified
716
jsonType.label: boolean
717
- id: 851084f7-5d63-43ee-8599-00e7101e61c3
718
name: microprofile-jwt
719
description: Microprofile - JWT built-in scope
720
protocol: openid-connect
722
include.in.token.scope: 'true'
723
display.on.consent.screen: 'false'
725
- id: 682a2488-36bb-42d3-a6e6-35b9d5e3d4c5
727
protocol: openid-connect
728
protocolMapper: oidc-usermodel-realm-role-mapper
729
consentRequired: false
733
id.token.claim: 'true'
734
access.token.claim: 'true'
736
jsonType.label: String
737
- id: 398e9b68-8327-425a-89d7-e639cadfe784
739
protocol: openid-connect
740
protocolMapper: oidc-usermodel-property-mapper
741
consentRequired: false
743
userinfo.token.claim: 'true'
744
user.attribute: username
745
id.token.claim: 'true'
746
access.token.claim: 'true'
748
jsonType.label: String
749
- id: c6eb0bac-39a0-4a10-839e-98a2d9426a52
751
description: OpenID Connect scope for add user roles to the access token
752
protocol: openid-connect
754
include.in.token.scope: 'false'
755
display.on.consent.screen: 'true'
756
consent.screen.text: "${rolesScopeConsentText}"
758
- id: f8c4efd0-aeaa-4540-a47c-20e04bef4954
759
name: audience resolve
760
protocol: openid-connect
761
protocolMapper: oidc-audience-resolve-mapper
762
consentRequired: false
764
- id: e22bb72a-5fae-4a92-b5e9-1dd57488910f
766
protocol: openid-connect
767
protocolMapper: oidc-usermodel-client-role-mapper
768
consentRequired: false
771
access.token.claim: 'true'
772
claim.name: resource_access.${client_id}.roles
773
jsonType.label: String
775
- id: db34ab22-a6d3-4b7e-8f39-158439375ccb
777
protocol: openid-connect
778
protocolMapper: oidc-usermodel-realm-role-mapper
779
consentRequired: false
782
access.token.claim: 'true'
783
claim.name: realm_access.roles
784
jsonType.label: String
786
- id: 7a52c125-48f0-44fd-8f1a-1809f8b2de36
788
description: SAML role list
791
consent.screen.text: "${samlRoleListScopeConsentText}"
792
display.on.consent.screen: 'true'
794
- id: 9e2e632e-9574-43b1-a51c-9aade0906f3f
797
protocolMapper: saml-role-list-mapper
798
consentRequired: false
801
attribute.nameformat: Basic
803
- id: 3a61fa5e-64ff-45be-aede-2c781ee03541
805
description: 'OpenID Connect built-in scope: phone'
806
protocol: openid-connect
808
include.in.token.scope: 'true'
809
display.on.consent.screen: 'true'
810
consent.screen.text: "${phoneScopeConsentText}"
812
- id: 14579adc-1b3b-42e5-9602-4d8f9fa88e80
813
name: phone number verified
814
protocol: openid-connect
815
protocolMapper: oidc-usermodel-attribute-mapper
816
consentRequired: false
818
userinfo.token.claim: 'true'
819
user.attribute: phoneNumberVerified
820
id.token.claim: 'true'
821
access.token.claim: 'true'
822
claim.name: phone_number_verified
823
jsonType.label: boolean
824
- id: 0d582284-ae4e-4fd6-9e50-555f2dc7d078
826
protocol: openid-connect
827
protocolMapper: oidc-usermodel-attribute-mapper
828
consentRequired: false
830
userinfo.token.claim: 'true'
831
user.attribute: phoneNumber
832
id.token.claim: 'true'
833
access.token.claim: 'true'
834
claim.name: phone_number
835
jsonType.label: String
836
- id: e48bc0ba-24e7-4d91-b0d1-7cc81e9afe5f
838
description: 'OpenID Connect built-in scope: address'
839
protocol: openid-connect
841
include.in.token.scope: 'true'
842
display.on.consent.screen: 'true'
843
consent.screen.text: "${addressScopeConsentText}"
845
- id: bd21105a-0cd4-4c63-ada2-8edc37475d38
847
protocol: openid-connect
848
protocolMapper: oidc-address-mapper
849
consentRequired: false
851
user.attribute.formatted: formatted
852
user.attribute.country: country
853
user.attribute.postal_code: postal_code
854
userinfo.token.claim: 'true'
855
user.attribute.street: street
856
id.token.claim: 'true'
857
user.attribute.region: region
858
access.token.claim: 'true'
859
user.attribute.locality: locality
860
- id: e14c7a2b-c298-40e9-b8e2-01a41b1556b4
862
description: 'OpenID Connect built-in scope: offline_access'
863
protocol: openid-connect
865
consent.screen.text: "${offlineAccessScopeConsentText}"
866
display.on.consent.screen: 'true'
867
- id: aa7fea10-12a7-4a2e-9513-8f449d18bdbd
869
description: OpenID Connect scope for add allowed web origins to the access token
870
protocol: openid-connect
872
include.in.token.scope: 'false'
873
display.on.consent.screen: 'false'
874
consent.screen.text: ''
876
- id: 134b42aa-8eb7-4f17-b468-0a4db3414b07
877
name: allowed web origins
878
protocol: openid-connect
879
protocolMapper: oidc-allowed-origins-mapper
880
consentRequired: false
882
- id: c6c98a14-edcf-4bf7-8b82-4230f8cf7eca
884
description: 'OpenID Connect built-in scope: profile'
885
protocol: openid-connect
887
include.in.token.scope: 'true'
888
display.on.consent.screen: 'true'
889
consent.screen.text: "${profileScopeConsentText}"
891
- id: c07e881a-2715-436b-8e23-738e9eb02304
893
protocol: openid-connect
894
protocolMapper: oidc-usermodel-property-mapper
895
consentRequired: false
897
userinfo.token.claim: 'true'
898
user.attribute: lastName
899
id.token.claim: 'true'
900
access.token.claim: 'true'
901
claim.name: family_name
902
jsonType.label: String
903
- id: 479cafcb-7a00-4c37-a94a-31b7e9622db7
905
protocol: openid-connect
906
protocolMapper: oidc-usermodel-attribute-mapper
907
consentRequired: false
909
userinfo.token.claim: 'true'
910
user.attribute: gender
911
id.token.claim: 'true'
912
access.token.claim: 'true'
914
jsonType.label: String
915
- id: 581d067c-0151-4cfc-9c7b-64ed762e03ae
917
protocol: openid-connect
918
protocolMapper: oidc-full-name-mapper
919
consentRequired: false
921
id.token.claim: 'true'
922
access.token.claim: 'true'
923
userinfo.token.claim: 'true'
924
- id: 87b0ce4b-86b3-4143-926f-301f3afee083
926
protocol: openid-connect
927
protocolMapper: oidc-usermodel-attribute-mapper
928
consentRequired: false
930
userinfo.token.claim: 'true'
931
user.attribute: middleName
932
id.token.claim: 'true'
933
access.token.claim: 'true'
934
claim.name: middle_name
935
jsonType.label: String
936
- id: 2f4f8664-ed76-448e-9814-2bb84b8c8d03
938
protocol: openid-connect
939
protocolMapper: oidc-usermodel-property-mapper
940
consentRequired: false
942
userinfo.token.claim: 'true'
943
user.attribute: username
944
id.token.claim: 'true'
945
access.token.claim: 'true'
946
claim.name: preferred_username
947
jsonType.label: String
948
- id: d1568b1c-5034-429c-b7f0-ef876b4dcef0
950
protocol: openid-connect
951
protocolMapper: oidc-usermodel-attribute-mapper
952
consentRequired: false
954
userinfo.token.claim: 'true'
955
user.attribute: zoneinfo
956
id.token.claim: 'true'
957
access.token.claim: 'true'
959
jsonType.label: String
960
- id: 070b8b25-a1f7-4a61-9786-d5a56bc62a70
962
protocol: openid-connect
963
protocolMapper: oidc-usermodel-attribute-mapper
964
consentRequired: false
966
userinfo.token.claim: 'true'
967
user.attribute: nickname
968
id.token.claim: 'true'
969
access.token.claim: 'true'
971
jsonType.label: String
972
- id: 651d7a9e-d368-464b-8890-1d6d8a383ec4
974
protocol: openid-connect
975
protocolMapper: oidc-usermodel-attribute-mapper
976
consentRequired: false
978
userinfo.token.claim: 'true'
979
user.attribute: profile
980
id.token.claim: 'true'
981
access.token.claim: 'true'
983
jsonType.label: String
984
- id: 650a0ddd-833d-4a31-9c5a-8aa64f6a7d22
986
protocol: openid-connect
987
protocolMapper: oidc-usermodel-property-mapper
988
consentRequired: false
990
userinfo.token.claim: 'true'
991
user.attribute: firstName
992
id.token.claim: 'true'
993
access.token.claim: 'true'
994
claim.name: given_name
995
jsonType.label: String
996
- id: 90b55b69-ac74-448c-ba77-c92e974f90db
998
protocol: openid-connect
999
protocolMapper: oidc-usermodel-attribute-mapper
1000
consentRequired: false
1002
userinfo.token.claim: 'true'
1003
user.attribute: locale
1004
id.token.claim: 'true'
1005
access.token.claim: 'true'
1007
jsonType.label: String
1008
- id: 52fa62e2-24f7-445f-8a1b-0b2c201cad3e
1010
protocol: openid-connect
1011
protocolMapper: oidc-usermodel-attribute-mapper
1012
consentRequired: false
1014
userinfo.token.claim: 'true'
1015
user.attribute: updatedAt
1016
id.token.claim: 'true'
1017
access.token.claim: 'true'
1018
claim.name: updated_at
1019
jsonType.label: String
1020
- id: 510d43fc-bda3-456a-b57b-b1802932975f
1022
protocol: openid-connect
1023
protocolMapper: oidc-usermodel-attribute-mapper
1024
consentRequired: false
1026
userinfo.token.claim: 'true'
1027
user.attribute: website
1028
id.token.claim: 'true'
1029
access.token.claim: 'true'
1031
jsonType.label: String
1032
- id: a9bd191a-7c39-4d5b-a730-8712e61bd047
1034
protocol: openid-connect
1035
protocolMapper: oidc-usermodel-attribute-mapper
1036
consentRequired: false
1038
userinfo.token.claim: 'true'
1039
user.attribute: picture
1040
id.token.claim: 'true'
1041
access.token.claim: 'true'
1043
jsonType.label: String
1044
- id: 267cc28e-498c-414d-9f2c-25a9046e3b21
1046
protocol: openid-connect
1047
protocolMapper: oidc-usermodel-attribute-mapper
1048
consentRequired: false
1050
userinfo.token.claim: 'true'
1051
user.attribute: birthdate
1052
id.token.claim: 'true'
1053
access.token.claim: 'true'
1054
claim.name: birthdate
1055
jsonType.label: String
1056
defaultDefaultClientScopes:
1062
defaultOptionalClientScopes:
1067
browserSecurityHeaders:
1068
contentSecurityPolicyReportOnly: ''
1069
xContentTypeOptions: nosniff
1071
xFrameOptions: SAMEORIGIN
1072
contentSecurityPolicy: frame-src 'self'; frame-ancestors 'self'; object-src 'none';
1073
xXSSProtection: 1; mode=block
1074
strictTransportSecurity: max-age=31536000; includeSubDomains
1076
eventsEnabled: false
1079
enabledEventTypes: []
1080
adminEventsEnabled: false
1081
adminEventsDetailsEnabled: false
1082
identityProviders: []
1083
identityProviderMappers: []
1085
org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy:
1086
- id: 1fa57595-ddd4-4887-ab09-c511a040236f
1087
name: Consent Required
1088
providerId: consent-required
1092
- id: 7063fa94-4f9e-48cd-9659-bb46ccc09764
1093
name: Full Scope Disabled
1098
- id: 02a54f88-b589-47a7-9f05-d3bbdc91f1cc
1099
name: Allowed Protocol Mapper Types
1100
providerId: allowed-protocol-mappers
1104
allowed-protocol-mapper-types:
1105
- oidc-full-name-mapper
1106
- saml-user-attribute-mapper
1107
- oidc-usermodel-attribute-mapper
1108
- saml-user-property-mapper
1109
- oidc-sha256-pairwise-sub-mapper
1110
- saml-role-list-mapper
1111
- oidc-address-mapper
1112
- oidc-usermodel-property-mapper
1113
- id: 773c5f86-5d98-4de9-b671-7c16b6d9edec
1114
name: Allowed Protocol Mapper Types
1115
providerId: allowed-protocol-mappers
1116
subType: authenticated
1119
allowed-protocol-mapper-types:
1120
- oidc-full-name-mapper
1121
- saml-role-list-mapper
1122
- oidc-usermodel-attribute-mapper
1123
- oidc-address-mapper
1124
- oidc-sha256-pairwise-sub-mapper
1125
- saml-user-attribute-mapper
1126
- saml-user-property-mapper
1127
- oidc-usermodel-property-mapper
1128
- id: 295b5e57-10bf-49ea-91af-9f8e3efcbbd2
1129
name: Allowed Client Scopes
1130
providerId: allowed-client-templates
1134
allow-default-scopes:
1136
- id: d40fbdbf-2dfa-4e1a-b16a-a50fc188f8f3
1137
name: Allowed Client Scopes
1138
providerId: allowed-client-templates
1139
subType: authenticated
1142
allow-default-scopes:
1144
- id: 848fadee-77c2-4ec6-9cb1-0a880f8a8ab9
1146
providerId: trusted-hosts
1150
host-sending-registration-request-must-match:
1152
client-uris-must-match:
1154
- id: d9ea7724-fda7-4ff8-80ee-5d404e568e12
1155
name: Max Clients Limit
1156
providerId: max-clients
1162
org.keycloak.keys.KeyProvider:
1163
- id: 2d50d57e-5ba0-400b-901b-fa2885e0b1ea
1165
providerId: rsa-generated
1169
- MIIEpAIBAAKCAQEAy+YQfjoAZZ2uTS0X09R4JMj3CLlrElSjuE+NHi+OU3HOWNl9v+fT2kIswlD7ijn3MeR9qoPZLwIsE6b1SlSw12I1Gc57JIOs++VCZKTG5eMoBsEOntHbVU71LjwbKAqNVE//UeyuTKRv6y9YNX8BoFH/KFNE9unemv5M1DpHiH/bbco+4hXR+BcyhEbP2U8+JHcBdxbD8k8fcRgMGIXFwylHwlzAQwnmOG/tQ1P0/u1frSFq6hNj4phZ0V1JdpjfICk88tKrggMtNG7bEmh7k3ZrXsoyqJ6XKrVaIrvI9zuTz4aIsgEdBR2d7Up6pjANR1oJmXyiNGoMxVo/OdedWwIDAQABAoIBAQCLnXYPqJGbAvRV3hmhr6uwrHcS3zukqpYMX1RmpfOTyaqchhgn7orOuV9CkwcaKATOggFWX7+4A4nAzyLIieMpKBLqH8uMPimVte7XUUjsIrXGoizrrRC9gjo6NWf26/rID5rpMuJKkpIb/SguQVAQwfSwXQws8gi+IoDjFSDkIkbGC/c5M1hPxocIc9hcKN5yTnSiSMY6PtX5YMRoNV2L7hwCnZnAgd9sZSeSi+i39BNT6XYXuBroBWTEc6R3dfG/cRI6jTJZMl43RxgxSCCcdEZvxZXuONpUQVrSDkqwvuDkSYx8d0CkbQha4sHQj8juR9E4ziF57og/WXfaUd1BAoGBAPPk5hsL4Fr+tEcv65L/7tGy3Q2VaFqRNvDM6lHmKZy/WjFGXa3rMdcXyUny5uvN7E+Iqwt7Up0ab4pmvciGBX05wJO6OyXmk3pZuWRSLPT9WmkUCH8HLciGCirlJZPQY3LqR+qcl/MQ4wlLQOMzJUFwwvoOICGEOz1MY6nadSFhAoGBANYE9Bsi1lo7p02SJSQIk4pQEFT7vPqGVaku+2VLFHVzcO/teLNBiO9PimHwibk3r4Gtmv3P6jqvK8Q4D0V0tNnVjWg3vsJ4AAgkY7H5rt7RdNf9uy7QZzy6FgimwjQ4vhJDC4hsNEHuz6noCK+uaG5TarWQ1IXj/M08p4U5RGw7AoGAYMyZk2R8UEFFFffr/LT9eVcPKyQAfemir6H04jqCi4ba6jGuXqe5aVA0gNgaVL6vKsXodS8mE9p5KKosatjedtwkFb3VWe6Q2/+eeDWxSC8B4jCkSp5zymGAyZOW/Xq47dQUZQZvvHYYVgj7IPGcuMNjb1GJ6SONS3/1EmX1FSECgYA0mJ8NFDCtmD9zdtkd0+W+dhKtb/hvcRgYLe2mZR8wBiDZNfkVxKNMfLW7gAu4sxC0w991ROWBao9M96H5JcdUSYEo/Zop3KfVWGwPzxbEt6EJe9fGl3znlavYkHLltpQvlL5+1mi5U2FBlj6cPjZ39pQg7ujrxq3YGnHo8bv5BQKBgQDgTPZG6RXWMSXabWKsWEXM28/6+yh/0wEiuiJpkkiCU9lX2OFLiQ4cMMBbDonZv0fdoXOOxUvP6i43avRinmT6SMrkBRAzsB7WnhfBPHo0H9sYyaUCEmufc7l+/kh44ovX+XAeaTkZoC+zOobGOOuyGw9lZL7ev7JH1K32Y4Ugiw==
1173
- MIICozCCAYsCBgF/LCTfSDANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDDAp0b2tlbi10ZXN0MB4XDTIyMDIyNDE0Mjk0OFoXDTMyMDIyNDE0MzEyOFowFTETMBEGA1UEAwwKdG9rZW4tdGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMvmEH46AGWdrk0tF9PUeCTI9wi5axJUo7hPjR4vjlNxzljZfb/n09pCLMJQ+4o59zHkfaqD2S8CLBOm9UpUsNdiNRnOeySDrPvlQmSkxuXjKAbBDp7R21VO9S48GygKjVRP/1Hsrkykb+svWDV/AaBR/yhTRPbp3pr+TNQ6R4h/223KPuIV0fgXMoRGz9lPPiR3AXcWw/JPH3EYDBiFxcMpR8JcwEMJ5jhv7UNT9P7tX60hauoTY+KYWdFdSXaY3yApPPLSq4IDLTRu2xJoe5N2a17KMqielyq1WiK7yPc7k8+GiLIBHQUdne1KeqYwDUdaCZl8ojRqDMVaPznXnVsCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEANCWowVIZYAplp6qgsp6lkHVwWEDUiN/mjnVaIRZu//rzHOUyGLawZcXgkorKGqu7hrUoWGylicfJopjsuuo6csmtlMKqJoLEJKppwEkQ5O6+NFRHBOPy7ZnfkKjFO8GO9C+npZAZtG9gmEuXyVvO9zahvtql0UqOrMUjrUrB60HoVsHaCBT9mBO3C8a/gp6QmCu1RBcuZv4WamoI7xp32e0GM+tof9zNxyPll8UgrzyRDbDGD/xrX7QOmJKDSUdFTzfkcbMob74e1D6pXIdEHXeQ1XGGDPMcd6pTFO0cmsGoZUjNUGb6ynvIi5cEwwJcPqUGeaYBmk6JpHtdeHiM1w==
1176
- id: 4ba83849-4d31-4754-ba69-68ea6f236a60
1178
providerId: aes-generated
1182
- c1ad49ba-3f84-435a-a5be-822f3e81b0e1
1184
- SZleSSrmV0L92MsR218QnQ
1187
- id: 15036151-75c1-4119-9d9b-05c050c0985f
1188
name: rsa-enc-generated
1189
providerId: rsa-enc-generated
1193
- MIIEowIBAAKCAQEAj0s9q7fl1k/k22sX6HgQqNMgiitptM9uMcL5qAtU+ilPl1gvy/wYUN0s4ZB6+IIoxKjOdabrX+O8BLgqMSh3D+U/SzuIPJqp6ORS/93atU2fzW3wHZybf2a5k5+raC9oQ1TokQ2WzRyGO/8kgHqnYSz9vYoRQ+V2pxjL9Zlldt/D8Hx5kZ/K3psRbMoADlbyi9zsnPME2lvdTTSR2mgBaDxAOc8lm8JO2RRURqUuETLW6ya8MJ+rSO3idqija1vBjKDF+sshZYJzv7/qJLC9J3YpeaS+KL+8TvB7xGoP97uR3jCRqqNo4Fd1CbZalHoT6MeL12Y3Aruxk8RFSRbIgQIDAQABAoIBABlHoueql+fJTIzRRfSDSh0esjzuD8YQWlZ5GWZmKWXA6APBUR1hqkCJ5KMexDMXc23Ogi4LdrcCDGegvgDSLL8nKJVzOUPH3XXy4hm14CHgQfMSFCyFNoGxc8fxgWHuCyzly+nbReGFyMDI8H2iJelk8JcBxq39y4MLQuBfYaEo8BfG8FsRz9Um0nvsgoSMCYPonmkLiNk+eIVLWtUkIAlFdnU9NnKP4xlT7Xz9bEPq5blqX470PHxhnyCe+WRoVK7yUF6B1ZNDu8hjiq9k5DvCfUOJa0LGUudfMMFQ2BptwT5XVVuPgeRNO8wX07QfsILZWixsZHK+qEbjL5WRX+ECgYEA6VVsIWIFNawqXjMHOIAWFlDknsVCc1IgI6TDO6+CryLusdkRgvY9XMaWLnA8z0qtYd7qa9K02pWZyWpnhIsQZLm/wwmXqGy44+mvS7+4NJ682PHdEqVRTrqytqs5s0nj79pozTNY64Z6sNmtKFEj9SqpFQOPB9qtFY3FHH6AA+UCgYEAnTayG3lJewx5p0Cw98z9dc4TOJgZvjJLihpuDo0My7VC7yo8Vf9oCUs9p1hQV05mbDqCWRsCm4wXZZBCfjsrUmOS3f3zN1Hxv2S3JK8cJSYLnS8Fj1haa1POtJHTHWouWKK+V4KQYV5PXloGRzXBRVhywaBfBm9qsgrKimsuoG0CgYAyA/2JqlkziBQM3SNPGSWi4vQelGoKDjCVc1vmD1kT8Yj41m7Kg73jhS3sBmMCjB9eO0pEkoXx1N+CLSzDXIvHC4nvZL79e1CmihDpS89QeDZCypV4ybcECUEFpu5XYB9b6pVMZxVIZyslfYOAgOQUSXC08G5YYKd5V0pJMVR/gQKBgFZqkkx3xuRUXyqIbL5Jd6khtX8OXFgn3U30aTqmXbo70KcWWEQNOGqjaShrav4SokorfyrrpetKfjHdsi8g5xdKlJhh1yc5a+EAw4rullH1L70e87dvoYQNdTncTmeEziT6kBYaNrLO3GHIqlrKOYqcq7ezJ4iqBcQIGn0rnV2hAoGBAL3nhwND0ur7YhR1XAP7ZtPX4QbbdrwEdqCEXkOTTvXFz5Dl7bnZ7K4uJuLx6nKIrP/+w4ZeLLKvlS8QfxhzTRbK44TqwlRlv/QXH0po/URvZioq8mS0ttgb39cAN9NVnBRfrIub3ONDbk5Oxg0JOy6KWHQa/U8oKxC0zj2JlqWL
1197
- MIICozCCAYsCBgF/LCTfyjANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDDAp0b2tlbi10ZXN0MB4XDTIyMDIyNDE0Mjk0OFoXDTMyMDIyNDE0MzEyOFowFTETMBEGA1UEAwwKdG9rZW4tdGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAI9LPau35dZP5NtrF+h4EKjTIIorabTPbjHC+agLVPopT5dYL8v8GFDdLOGQeviCKMSoznWm61/jvAS4KjEodw/lP0s7iDyaqejkUv/d2rVNn81t8B2cm39muZOfq2gvaENU6JENls0chjv/JIB6p2Es/b2KEUPldqcYy/WZZXbfw/B8eZGfyt6bEWzKAA5W8ovc7JzzBNpb3U00kdpoAWg8QDnPJZvCTtkUVEalLhEy1usmvDCfq0jt4naoo2tbwYygxfrLIWWCc7+/6iSwvSd2KXmkvii/vE7we8RqD/e7kd4wkaqjaOBXdQm2WpR6E+jHi9dmNwK7sZPERUkWyIECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEATMNU9g2wXqrkA9DqQJce35eaB/MemlxaGkM4ngD7UXegdCsfTgVZE839ipb2/BIq8fxaPpeGDVve7/dmfqUZQ/fVYF5ZZh8/16I1GCv4UEpveLfQhYF6GkZtY+6EMN8NZ8NDxiBy/NHL92svUlfv7Ry3Ffv52QWJstWHYzNTDTggmyHlBYU044ONqKU/aHOjzzPG0+GAHQdmY/0WFQj5Cd3KQdC2REWJryjo6UbrembLpEmWe5DSesc0NYByVssn/e6Htzb5ivFlzqhUC/h7FgFGPapWFRk1k94T93F5ZvhecB6nO38gPNyQNqTxzNt9astkTxOizuww8/vgnd8MOw==
1202
- id: 30ecba87-6daf-447d-bc8d-21f61cd36f82
1203
name: hmac-generated
1204
providerId: hmac-generated
1208
- e1b9e589-63d5-4919-9672-5c02b27537b9
1210
- Shquog8STeo_a26mKTFXQoMzJeyQprehSO6p9J3HBUAIE86Tk47HXf9TAATfaQZ8N9xTdESlRu9njpV7evbTJg
1215
internationalizationEnabled: false
1216
supportedLocales: []
1217
authenticationFlows:
1218
- id: 83251d05-9245-46b3-9ece-ab5cb0ad3435
1219
alias: Account verification options
1220
description: Method with which to verity the existing account
1221
providerId: basic-flow
1224
authenticationExecutions:
1225
- authenticator: idp-email-verification
1226
authenticatorFlow: false
1227
requirement: ALTERNATIVE
1229
autheticatorFlow: false
1230
userSetupAllowed: false
1231
- authenticatorFlow: true
1232
requirement: ALTERNATIVE
1234
autheticatorFlow: true
1235
flowAlias: Verify Existing Account by Re-authentication
1236
userSetupAllowed: false
1237
- id: 3254f2e7-1256-4f29-b53a-49e1b304b9a1
1238
alias: Authentication Options
1239
description: Authentication options.
1240
providerId: basic-flow
1243
authenticationExecutions:
1244
- authenticator: basic-auth
1245
authenticatorFlow: false
1246
requirement: REQUIRED
1248
autheticatorFlow: false
1249
userSetupAllowed: false
1250
- authenticator: basic-auth-otp
1251
authenticatorFlow: false
1252
requirement: DISABLED
1254
autheticatorFlow: false
1255
userSetupAllowed: false
1256
- authenticator: auth-spnego
1257
authenticatorFlow: false
1258
requirement: DISABLED
1260
autheticatorFlow: false
1261
userSetupAllowed: false
1262
- id: 4b2db265-8c09-4e0e-9d8d-1049ed15270f
1263
alias: Browser - Conditional OTP
1264
description: Flow to determine if the OTP is required for the authentication
1265
providerId: basic-flow
1268
authenticationExecutions:
1269
- authenticator: conditional-user-configured
1270
authenticatorFlow: false
1271
requirement: REQUIRED
1273
autheticatorFlow: false
1274
userSetupAllowed: false
1275
- authenticator: auth-otp-form
1276
authenticatorFlow: false
1277
requirement: REQUIRED
1279
autheticatorFlow: false
1280
userSetupAllowed: false
1281
- id: 6f90621a-570b-4de6-af8c-df0ad24b7d97
1282
alias: Direct Grant - Conditional OTP
1283
description: Flow to determine if the OTP is required for the authentication
1284
providerId: basic-flow
1287
authenticationExecutions:
1288
- authenticator: conditional-user-configured
1289
authenticatorFlow: false
1290
requirement: REQUIRED
1292
autheticatorFlow: false
1293
userSetupAllowed: false
1294
- authenticator: direct-grant-validate-otp
1295
authenticatorFlow: false
1296
requirement: REQUIRED
1298
autheticatorFlow: false
1299
userSetupAllowed: false
1300
- id: 67799bee-a2ce-467e-beb1-afae45336ab2
1301
alias: First broker login - Conditional OTP
1302
description: Flow to determine if the OTP is required for the authentication
1303
providerId: basic-flow
1306
authenticationExecutions:
1307
- authenticator: conditional-user-configured
1308
authenticatorFlow: false
1309
requirement: REQUIRED
1311
autheticatorFlow: false
1312
userSetupAllowed: false
1313
- authenticator: auth-otp-form
1314
authenticatorFlow: false
1315
requirement: REQUIRED
1317
autheticatorFlow: false
1318
userSetupAllowed: false
1319
- id: 50ea02e8-ebb2-4315-91a1-d0d1de53a981
1320
alias: Handle Existing Account
1321
description: Handle what to do if there is existing account with same email/username
1322
like authenticated identity provider
1323
providerId: basic-flow
1326
authenticationExecutions:
1327
- authenticator: idp-confirm-link
1328
authenticatorFlow: false
1329
requirement: REQUIRED
1331
autheticatorFlow: false
1332
userSetupAllowed: false
1333
- authenticatorFlow: true
1334
requirement: REQUIRED
1336
autheticatorFlow: true
1337
flowAlias: Account verification options
1338
userSetupAllowed: false
1339
- id: badc98d1-2c45-4760-8f31-35a014b6a262
1340
alias: Reset - Conditional OTP
1341
description: Flow to determine if the OTP should be reset or not. Set to REQUIRED
1343
providerId: basic-flow
1346
authenticationExecutions:
1347
- authenticator: conditional-user-configured
1348
authenticatorFlow: false
1349
requirement: REQUIRED
1351
autheticatorFlow: false
1352
userSetupAllowed: false
1353
- authenticator: reset-otp
1354
authenticatorFlow: false
1355
requirement: REQUIRED
1357
autheticatorFlow: false
1358
userSetupAllowed: false
1359
- id: 38e9254a-b453-479c-a7c1-ac19f7915f11
1360
alias: User creation or linking
1361
description: Flow for the existing/non-existing user alternatives
1362
providerId: basic-flow
1365
authenticationExecutions:
1366
- authenticatorConfig: create unique user config
1367
authenticator: idp-create-user-if-unique
1368
authenticatorFlow: false
1369
requirement: ALTERNATIVE
1371
autheticatorFlow: false
1372
userSetupAllowed: false
1373
- authenticatorFlow: true
1374
requirement: ALTERNATIVE
1376
autheticatorFlow: true
1377
flowAlias: Handle Existing Account
1378
userSetupAllowed: false
1379
- id: ed4e514c-0102-4c0b-adf5-699757680488
1380
alias: Verify Existing Account by Re-authentication
1381
description: Reauthentication of existing account
1382
providerId: basic-flow
1385
authenticationExecutions:
1386
- authenticator: idp-username-password-form
1387
authenticatorFlow: false
1388
requirement: REQUIRED
1390
autheticatorFlow: false
1391
userSetupAllowed: false
1392
- authenticatorFlow: true
1393
requirement: CONDITIONAL
1395
autheticatorFlow: true
1396
flowAlias: First broker login - Conditional OTP
1397
userSetupAllowed: false
1398
- id: 2770f39c-b2b9-4e3a-990e-fefdd30dedfa
1400
description: browser based authentication
1401
providerId: basic-flow
1404
authenticationExecutions:
1405
- authenticator: auth-cookie
1406
authenticatorFlow: false
1407
requirement: ALTERNATIVE
1409
autheticatorFlow: false
1410
userSetupAllowed: false
1411
- authenticator: auth-spnego
1412
authenticatorFlow: false
1413
requirement: DISABLED
1415
autheticatorFlow: false
1416
userSetupAllowed: false
1417
- authenticator: identity-provider-redirector
1418
authenticatorFlow: false
1419
requirement: ALTERNATIVE
1421
autheticatorFlow: false
1422
userSetupAllowed: false
1423
- authenticatorFlow: true
1424
requirement: ALTERNATIVE
1426
autheticatorFlow: true
1428
userSetupAllowed: false
1429
- id: f23b4ef6-8b24-4416-8c54-503e4a679afc
1431
description: Base authentication for clients
1432
providerId: client-flow
1435
authenticationExecutions:
1436
- authenticator: client-secret
1437
authenticatorFlow: false
1438
requirement: ALTERNATIVE
1440
autheticatorFlow: false
1441
userSetupAllowed: false
1442
- authenticator: client-jwt
1443
authenticatorFlow: false
1444
requirement: ALTERNATIVE
1446
autheticatorFlow: false
1447
userSetupAllowed: false
1448
- authenticator: client-secret-jwt
1449
authenticatorFlow: false
1450
requirement: ALTERNATIVE
1452
autheticatorFlow: false
1453
userSetupAllowed: false
1454
- authenticator: client-x509
1455
authenticatorFlow: false
1456
requirement: ALTERNATIVE
1458
autheticatorFlow: false
1459
userSetupAllowed: false
1460
- id: 8b835a57-4145-49ba-a922-92100aa2ddec
1462
description: OpenID Connect Resource Owner Grant
1463
providerId: basic-flow
1466
authenticationExecutions:
1467
- authenticator: direct-grant-validate-username
1468
authenticatorFlow: false
1469
requirement: REQUIRED
1471
autheticatorFlow: false
1472
userSetupAllowed: false
1473
- authenticator: direct-grant-validate-password
1474
authenticatorFlow: false
1475
requirement: REQUIRED
1477
autheticatorFlow: false
1478
userSetupAllowed: false
1479
- authenticatorFlow: true
1480
requirement: CONDITIONAL
1482
autheticatorFlow: true
1483
flowAlias: Direct Grant - Conditional OTP
1484
userSetupAllowed: false
1485
- id: 8474649e-8e1d-4218-97df-c1edbac87636
1487
description: Used by Docker clients to authenticate against the IDP
1488
providerId: basic-flow
1491
authenticationExecutions:
1492
- authenticator: docker-http-basic-authenticator
1493
authenticatorFlow: false
1494
requirement: REQUIRED
1496
autheticatorFlow: false
1497
userSetupAllowed: false
1498
- id: ede3e69e-cbb5-46fb-8789-e3532e05e9d4
1499
alias: first broker login
1500
description: Actions taken after first broker login with identity provider account,
1501
which is not yet linked to any Keycloak account
1502
providerId: basic-flow
1505
authenticationExecutions:
1506
- authenticatorConfig: review profile config
1507
authenticator: idp-review-profile
1508
authenticatorFlow: false
1509
requirement: REQUIRED
1511
autheticatorFlow: false
1512
userSetupAllowed: false
1513
- authenticatorFlow: true
1514
requirement: REQUIRED
1516
autheticatorFlow: true
1517
flowAlias: User creation or linking
1518
userSetupAllowed: false
1519
- id: 4c207a4f-e46c-4443-a38d-e6cc05708e5f
1521
description: Username, password, otp and other auth forms.
1522
providerId: basic-flow
1525
authenticationExecutions:
1526
- authenticator: auth-username-password-form
1527
authenticatorFlow: false
1528
requirement: REQUIRED
1530
autheticatorFlow: false
1531
userSetupAllowed: false
1532
- authenticatorFlow: true
1533
requirement: CONDITIONAL
1535
autheticatorFlow: true
1536
flowAlias: Browser - Conditional OTP
1537
userSetupAllowed: false
1538
- id: d73c0597-fdd5-44de-a5e9-982033d970d2
1539
alias: http challenge
1540
description: An authentication flow based on challenge-response HTTP Authentication
1542
providerId: basic-flow
1545
authenticationExecutions:
1546
- authenticator: no-cookie-redirect
1547
authenticatorFlow: false
1548
requirement: REQUIRED
1550
autheticatorFlow: false
1551
userSetupAllowed: false
1552
- authenticatorFlow: true
1553
requirement: REQUIRED
1555
autheticatorFlow: true
1556
flowAlias: Authentication Options
1557
userSetupAllowed: false
1558
- id: 15b7b51a-e7d6-4bb2-8204-3bcc1cc8ea67
1560
description: registration flow
1561
providerId: basic-flow
1564
authenticationExecutions:
1565
- authenticator: registration-page-form
1566
authenticatorFlow: true
1567
requirement: REQUIRED
1569
autheticatorFlow: true
1570
flowAlias: registration form
1571
userSetupAllowed: false
1572
- id: 2d517957-80f2-4c66-827a-c6c7ae4413e9
1573
alias: registration form
1574
description: registration form
1575
providerId: form-flow
1578
authenticationExecutions:
1579
- authenticator: registration-user-creation
1580
authenticatorFlow: false
1581
requirement: REQUIRED
1583
autheticatorFlow: false
1584
userSetupAllowed: false
1585
- authenticator: registration-profile-action
1586
authenticatorFlow: false
1587
requirement: REQUIRED
1589
autheticatorFlow: false
1590
userSetupAllowed: false
1591
- authenticator: registration-password-action
1592
authenticatorFlow: false
1593
requirement: REQUIRED
1595
autheticatorFlow: false
1596
userSetupAllowed: false
1597
- authenticator: registration-recaptcha-action
1598
authenticatorFlow: false
1599
requirement: DISABLED
1601
autheticatorFlow: false
1602
userSetupAllowed: false
1603
- id: 88424650-0cad-49a8-9df1-9362a1928375
1604
alias: reset credentials
1605
description: Reset credentials for a user if they forgot their password or something
1606
providerId: basic-flow
1609
authenticationExecutions:
1610
- authenticator: reset-credentials-choose-user
1611
authenticatorFlow: false
1612
requirement: REQUIRED
1614
autheticatorFlow: false
1615
userSetupAllowed: false
1616
- authenticator: reset-credential-email
1617
authenticatorFlow: false
1618
requirement: REQUIRED
1620
autheticatorFlow: false
1621
userSetupAllowed: false
1622
- authenticator: reset-password
1623
authenticatorFlow: false
1624
requirement: REQUIRED
1626
autheticatorFlow: false
1627
userSetupAllowed: false
1628
- authenticatorFlow: true
1629
requirement: CONDITIONAL
1631
autheticatorFlow: true
1632
flowAlias: Reset - Conditional OTP
1633
userSetupAllowed: false
1634
- id: 7e32b05b-7c3d-46d1-a721-b146eb90bbe9
1636
description: SAML ECP Profile Authentication Flow
1637
providerId: basic-flow
1640
authenticationExecutions:
1641
- authenticator: http-basic-authenticator
1642
authenticatorFlow: false
1643
requirement: REQUIRED
1645
autheticatorFlow: false
1646
userSetupAllowed: false
1647
authenticatorConfig:
1648
- id: 7ee30b27-c4c4-4696-8479-4998ecc2cfe3
1649
alias: create unique user config
1651
require.password.update.after.registration: 'false'
1652
- id: b300eb8b-11f4-4163-9843-bf2d2610731d
1653
alias: review profile config
1655
update.profile.on.first.login: missing
1657
- alias: CONFIGURE_TOTP
1659
providerId: CONFIGURE_TOTP
1661
defaultAction: false
1664
- alias: terms_and_conditions
1665
name: Terms and Conditions
1666
providerId: terms_and_conditions
1668
defaultAction: false
1671
- alias: UPDATE_PASSWORD
1672
name: Update Password
1673
providerId: UPDATE_PASSWORD
1675
defaultAction: false
1678
- alias: UPDATE_PROFILE
1679
name: Update Profile
1680
providerId: UPDATE_PROFILE
1682
defaultAction: false
1685
- alias: VERIFY_EMAIL
1687
providerId: VERIFY_EMAIL
1689
defaultAction: false
1692
- alias: delete_account
1693
name: Delete Account
1694
providerId: delete_account
1696
defaultAction: false
1699
- alias: update_user_locale
1700
name: Update User Locale
1701
providerId: update_user_locale
1703
defaultAction: false
1706
browserFlow: browser
1707
registrationFlow: registration
1708
directGrantFlow: direct grant
1709
resetCredentialsFlow: reset credentials
1710
clientAuthenticationFlow: clients
1711
dockerAuthenticationFlow: docker auth
1713
cibaBackchannelTokenDeliveryMode: poll
1714
cibaExpiresIn: '120'
1715
cibaAuthRequestedUserHint: login_hint
1716
oauth2DeviceCodeLifespan: '600'
1717
oauth2DevicePollingInterval: '5'
1718
parRequestUriLifespan: '60'
1720
keycloakVersion: 18.0.0-SNAPSHOT
1721
userManagedAccessAllowed: false