{ "id": "8c485c8e-7e4a-4f8b-8e89-8dc74b112637", "realm": "clarity", "notBefore": 0, "defaultSignatureAlgorithm": "RS256", "revokeRefreshToken": false, "refreshTokenMaxReuse": 0, "accessTokenLifespan": 300, "accessTokenLifespanForImplicitFlow": 900, "ssoSessionIdleTimeout": 1800, "ssoSessionMaxLifespan": 36000, "ssoSessionIdleTimeoutRememberMe": 0, "ssoSessionMaxLifespanRememberMe": 0, "offlineSessionIdleTimeout": 2592000, "offlineSessionMaxLifespanEnabled": false, "offlineSessionMaxLifespan": 5184000, "clientSessionIdleTimeout": 0, "clientSessionMaxLifespan": 0, "clientOfflineSessionIdleTimeout": 0, "clientOfflineSessionMaxLifespan": 0, "accessCodeLifespan": 60, "accessCodeLifespanUserAction": 300, "accessCodeLifespanLogin": 1800, "actionTokenGeneratedByAdminLifespan": 43200, "actionTokenGeneratedByUserLifespan": 300, "oauth2DeviceCodeLifespan": 600, "oauth2DevicePollingInterval": 5, "enabled": true, "sslRequired": "external", "registrationAllowed": true, "registrationEmailAsUsername": false, "rememberMe": true, "verifyEmail": false, "loginWithEmailAllowed": true, "duplicateEmailsAllowed": false, "resetPasswordAllowed": true, "editUsernameAllowed": false, "bruteForceProtected": false, "permanentLockout": false, "maxTemporaryLockouts": 0, "bruteForceStrategy": "MULTIPLE", "maxFailureWaitSeconds": 900, "minimumQuickLoginWaitSeconds": 60, "waitIncrementSeconds": 60, "quickLoginCheckMilliSeconds": 1000, "maxDeltaTimeSeconds": 43200, "failureFactor": 30, "roles": { "realm": [ { "id": "1bddf68c-e62e-48ed-81d6-85f886fe4806", "name": "uma_authorization", "description": "${role_uma_authorization}", "composite": false, "clientRole": false, "containerId": "8c485c8e-7e4a-4f8b-8e89-8dc74b112637", "attributes": { } }, { "id": "a5c10a52-665a-407c-a515-81f01d37253e", "name": "offline_access", "description": "${role_offline-access}", "composite": false, "clientRole": false, "containerId": "8c485c8e-7e4a-4f8b-8e89-8dc74b112637", "attributes": { } }, { "id": "6a82b3ab-3414-4887-b604-58a1932f926d", "name": "default-roles-clarity", "description": "${role_default-roles}", "composite": true, "composites": { "realm": [ "offline_access", "uma_authorization" ], "client": { "account": [ "view-profile", "manage-account" ] } }, "clientRole": false, "containerId": "8c485c8e-7e4a-4f8b-8e89-8dc74b112637", "attributes": { } } ], "client": { "clarity-rest-api": [ { "id": "8f219d57-3f56-4ded-8f4a-37704b4768dd", "name": "uma_protection", "composite": false, "clientRole": true, "containerId": "b000e95a-0942-457a-a5d8-c2ca43538e7e", "attributes": { } } ], "realm-management": [ { "id": "eb3c7e4e-fdda-41d6-94ef-b416249a5ec4", "name": "manage-users", "description": "${role_manage-users}", "composite": false, "clientRole": true, "containerId": "cc852506-d301-412c-9715-7a78dfe9e7e1", "attributes": { } }, { "id": "c9d2c02d-9d37-491a-b9d9-cacc3e6baab0", "name": "manage-authorization", "description": "${role_manage-authorization}", "composite": false, "clientRole": true, "containerId": "cc852506-d301-412c-9715-7a78dfe9e7e1", "attributes": { } }, { "id": "0918b2fc-d886-4979-b4a4-c5d9b4d7b279", "name": "manage-identity-providers", "description": "${role_manage-identity-providers}", "composite": false, "clientRole": true, "containerId": "cc852506-d301-412c-9715-7a78dfe9e7e1", "attributes": { } }, { "id": "9a5c3a93-b19f-4e03-81c3-69f2c2a0104b", "name": "query-users", "description": "${role_query-users}", "composite": false, "clientRole": true, "containerId": "cc852506-d301-412c-9715-7a78dfe9e7e1", "attributes": { } }, { "id": "7073eb99-a7fe-431e-9766-c34983217a1f", "name": "manage-events", "description": "${role_manage-events}", "composite": false, "clientRole": true, "containerId": "cc852506-d301-412c-9715-7a78dfe9e7e1", "attributes": { } }, { "id": "84644fe1-3f26-4a83-bf13-03e161846675", "name": "view-users", "description": "${role_view-users}", "composite": true, "composites": { "client": { "realm-management": [ "query-users", "query-groups" ] } }, "clientRole": true, "containerId": "cc852506-d301-412c-9715-7a78dfe9e7e1", "attributes": { } }, { "id": "03f0d98f-8b18-471c-ba47-2aeaaecd4921", "name": "manage-realm", "description": "${role_manage-realm}", "composite": false, "clientRole": true, "containerId": "cc852506-d301-412c-9715-7a78dfe9e7e1", "attributes": { } }, { "id": "d64c6e50-e62f-4867-9b3e-6cee237cf7e8", "name": "query-groups", "description": "${role_query-groups}", "composite": false, "clientRole": true, "containerId": "cc852506-d301-412c-9715-7a78dfe9e7e1", "attributes": { } }, { "id": "10bec3e3-3100-4a25-b0bf-4c68522a96d3", "name": "impersonation", "description": "${role_impersonation}", "composite": false, "clientRole": true, "containerId": "cc852506-d301-412c-9715-7a78dfe9e7e1", "attributes": { } }, { "id": "facc82f1-dac0-4ac5-b98c-414a135c8e07", "name": "view-realm", "description": "${role_view-realm}", "composite": false, "clientRole": true, "containerId": "cc852506-d301-412c-9715-7a78dfe9e7e1", "attributes": { } }, { "id": "211d0741-6948-408d-b051-1d80b68c1129", "name": "create-client", "description": "${role_create-client}", "composite": false, "clientRole": true, "containerId": "cc852506-d301-412c-9715-7a78dfe9e7e1", "attributes": { } }, { "id": "92b417f4-5b7e-443a-854b-24a5a74fac95", "name": "realm-admin", "description": "${role_realm-admin}", "composite": true, "composites": { "client": { "realm-management": [ "manage-users", "manage-identity-providers", "query-users", "manage-authorization", "manage-events", "view-users", "manage-realm", "query-groups", "impersonation", "view-realm", "view-authorization", "create-client", "view-clients", "view-events", "query-realms", "manage-clients", "query-clients", "view-identity-providers" ] } }, "clientRole": true, "containerId": "cc852506-d301-412c-9715-7a78dfe9e7e1", "attributes": { } }, { "id": "11f65781-2669-4218-a746-9f0291e9c574", "name": "view-authorization", "description": "${role_view-authorization}", "composite": false, "clientRole": true, "containerId": "cc852506-d301-412c-9715-7a78dfe9e7e1", "attributes": { } }, { "id": "6503446a-fa80-4d86-8648-3b4cd0dcb70e", "name": "view-clients", "description": "${role_view-clients}", "composite": true, "composites": { "client": { "realm-management": [ "query-clients" ] } }, "clientRole": true, "containerId": "cc852506-d301-412c-9715-7a78dfe9e7e1", "attributes": { } }, { "id": "f3bbad45-f52a-4439-8d69-b0b9afed6054", "name": "view-events", "description": "${role_view-events}", "composite": false, "clientRole": true, "containerId": "cc852506-d301-412c-9715-7a78dfe9e7e1", "attributes": { } }, { "id": "abe22e50-b2a3-4cf8-b64b-c152d089c37a", "name": "manage-clients", "description": "${role_manage-clients}", "composite": false, "clientRole": true, "containerId": "cc852506-d301-412c-9715-7a78dfe9e7e1", "attributes": { } }, { "id": "4a9f686e-1c7d-409e-81c2-d5814ba24a54", "name": "query-realms", "description": "${role_query-realms}", "composite": false, "clientRole": true, "containerId": "cc852506-d301-412c-9715-7a78dfe9e7e1", "attributes": { } }, { "id": "de12dcec-6a35-45eb-b873-c72d9cc03139", "name": "query-clients", "description": "${role_query-clients}", "composite": false, "clientRole": true, "containerId": "cc852506-d301-412c-9715-7a78dfe9e7e1", "attributes": { } }, { "id": "0f3f0e4f-1428-4cb0-a4f0-7256bf80c97c", "name": "view-identity-providers", "description": "${role_view-identity-providers}", "composite": false, "clientRole": true, "containerId": "cc852506-d301-412c-9715-7a78dfe9e7e1", "attributes": { } } ], "security-admin-console": [ ], "clarity-web-app": [ ], "admin-cli": [ ], "account-console": [ ], "broker": [ { "id": "61abaeb6-30de-413e-85ad-05d4f9f2b6e7", "name": "read-token", "description": "${role_read-token}", "composite": false, "clientRole": true, "containerId": "189c04d1-0b77-45f4-8f9a-f0f0aa112edc", "attributes": { } } ], "account": [ { "id": "e343bf4a-108e-49f7-b799-8bbf531913ab", "name": "view-applications", "description": "${role_view-applications}", "composite": false, "clientRole": true, "containerId": "ec622d3d-be6a-4c15-83d4-40ecaab719a3", "attributes": { } }, { "id": "ada0e9b0-6b9c-4d31-b01d-82351977e4c3", "name": "delete-account", "description": "${role_delete-account}", "composite": false, "clientRole": true, "containerId": "ec622d3d-be6a-4c15-83d4-40ecaab719a3", "attributes": { } }, { "id": "0208ca97-318d-4bba-805d-6fa386f94b89", "name": "view-profile", "description": "${role_view-profile}", "composite": false, "clientRole": true, "containerId": "ec622d3d-be6a-4c15-83d4-40ecaab719a3", "attributes": { } }, { "id": "bbece1cf-aa64-44d4-9d7a-81c219323197", "name": "manage-account", "description": "${role_manage-account}", "composite": true, "composites": { "client": { "account": [ "manage-account-links" ] } }, "clientRole": true, "containerId": "ec622d3d-be6a-4c15-83d4-40ecaab719a3", "attributes": { } }, { "id": "c22297f3-f0dd-424d-9bb2-a002363a5db6", "name": "view-groups", "description": "${role_view-groups}", "composite": false, "clientRole": true, "containerId": "ec622d3d-be6a-4c15-83d4-40ecaab719a3", "attributes": { } }, { "id": "576943c3-b750-40c8-8d82-ab4db51cb9da", "name": "manage-consent", "description": "${role_manage-consent}", "composite": true, "composites": { "client": { "account": [ "view-consent" ] } }, "clientRole": true, "containerId": "ec622d3d-be6a-4c15-83d4-40ecaab719a3", "attributes": { } }, { "id": "98162afc-58cd-4204-805d-5ddaa80449db", "name": "manage-account-links", "description": "${role_manage-account-links}", "composite": false, "clientRole": true, "containerId": "ec622d3d-be6a-4c15-83d4-40ecaab719a3", "attributes": { } }, { "id": "4cba4628-9e17-4ab1-8b77-8bb01c55d5f5", "name": "view-consent", "description": "${role_view-consent}", "composite": false, "clientRole": true, "containerId": "ec622d3d-be6a-4c15-83d4-40ecaab719a3", "attributes": { } } ] } }, "groups": [ ], "defaultRole": { "id": "6a82b3ab-3414-4887-b604-58a1932f926d", "name": "default-roles-clarity", "description": "${role_default-roles}", "composite": true, "clientRole": false, "containerId": "8c485c8e-7e4a-4f8b-8e89-8dc74b112637" }, "requiredCredentials": [ "password" ], "otpPolicyType": "totp", "otpPolicyAlgorithm": "HmacSHA1", "otpPolicyInitialCounter": 0, "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, "otpPolicyCodeReusable": false, "otpSupportedApplications": [ "totpAppFreeOTPName", "totpAppGoogleName", "totpAppMicrosoftAuthenticatorName" ], "localizationTexts": { }, "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ "ES256", "RS256" ], "webAuthnPolicyRpId": "", "webAuthnPolicyAttestationConveyancePreference": "not specified", "webAuthnPolicyAuthenticatorAttachment": "not specified", "webAuthnPolicyRequireResidentKey": "not specified", "webAuthnPolicyUserVerificationRequirement": "not specified", "webAuthnPolicyCreateTimeout": 0, "webAuthnPolicyAvoidSameAuthenticatorRegister": false, "webAuthnPolicyAcceptableAaguids": [ ], "webAuthnPolicyExtraOrigins": [ ], "webAuthnPolicyPasswordlessRpEntityName": "keycloak", "webAuthnPolicyPasswordlessSignatureAlgorithms": [ "ES256", "RS256" ], "webAuthnPolicyPasswordlessRpId": "", "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", "webAuthnPolicyPasswordlessRequireResidentKey": "Yes", "webAuthnPolicyPasswordlessUserVerificationRequirement": "required", "webAuthnPolicyPasswordlessCreateTimeout": 0, "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, "webAuthnPolicyPasswordlessAcceptableAaguids": [ ], "webAuthnPolicyPasswordlessExtraOrigins": [ ], "users": [ { "id": "b6abfb59-bc98-4770-807a-f126717754cf", "username": "service-account-clarity-rest-api", "emailVerified": false, "enabled": true, "createdTimestamp": 1776548890416, "totp": false, "serviceAccountClientId": "clarity-rest-api", "disableableCredentialTypes": [ ], "requiredActions": [ ], "realmRoles": [ "default-roles-clarity" ], "clientRoles": { "clarity-rest-api": [ "uma_protection" ] }, "notBefore": 0, "groups": [ ] } ], "scopeMappings": [ { "clientScope": "offline_access", "roles": [ "offline_access" ] } ], "clientScopeMappings": { "account": [ { "client": "account-console", "roles": [ "manage-account", "view-groups" ] } ] }, "clients": [ { "id": "ec622d3d-be6a-4c15-83d4-40ecaab719a3", "clientId": "account", "name": "${client_account}", "rootUrl": "${authBaseUrl}", "baseUrl": "/realms/clarity/account/", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "redirectUris": [ "/realms/clarity/account/*" ], "webOrigins": [ ], "notBefore": 0, "bearerOnly": false, "consentRequired": false, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": false, "serviceAccountsEnabled": false, "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { "realm_client": "false", "post.logout.redirect.uris": "+" }, "authenticationFlowBindingOverrides": { }, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, "defaultClientScopes": [ "web-origins", "acr", "roles", "profile", "basic", "email" ], "optionalClientScopes": [ "address", "phone", "offline_access", "organization", "microprofile-jwt" ] }, { "id": "1d4253e0-e521-4eab-a23f-71caf387b5cf", "clientId": "account-console", "name": "${client_account-console}", "rootUrl": "${authBaseUrl}", "baseUrl": "/realms/clarity/account/", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "redirectUris": [ "/realms/clarity/account/*" ], "webOrigins": [ ], "notBefore": 0, "bearerOnly": false, "consentRequired": false, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": false, "serviceAccountsEnabled": false, "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { "realm_client": "false", "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": { }, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, "protocolMappers": [ { "id": "7e4ac639-0315-4ea6-bc95-58f716a244a2", "name": "audience resolve", "protocol": "openid-connect", "protocolMapper": "oidc-audience-resolve-mapper", "consentRequired": false, "config": { } } ], "defaultClientScopes": [ "web-origins", "acr", "roles", "profile", "basic", "email" ], "optionalClientScopes": [ "address", "phone", "offline_access", "organization", "microprofile-jwt" ] }, { "id": "4693f940-945b-4699-bd4c-2584e3ce575e", "clientId": "admin-cli", "name": "${client_admin-cli}", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "redirectUris": [ ], "webOrigins": [ ], "notBefore": 0, "bearerOnly": false, "consentRequired": false, "standardFlowEnabled": false, "implicitFlowEnabled": false, "directAccessGrantsEnabled": true, "serviceAccountsEnabled": false, "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { "realm_client": "false", "client.use.lightweight.access.token.enabled": "true" }, "authenticationFlowBindingOverrides": { }, "fullScopeAllowed": true, "nodeReRegistrationTimeout": 0, "defaultClientScopes": [ "web-origins", "acr", "roles", "profile", "basic", "email" ], "optionalClientScopes": [ "address", "phone", "offline_access", "organization", "microprofile-jwt" ] }, { "id": "189c04d1-0b77-45f4-8f9a-f0f0aa112edc", "clientId": "broker", "name": "${client_broker}", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "redirectUris": [ ], "webOrigins": [ ], "notBefore": 0, "bearerOnly": true, "consentRequired": false, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": false, "serviceAccountsEnabled": false, "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { "realm_client": "true" }, "authenticationFlowBindingOverrides": { }, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, "defaultClientScopes": [ "web-origins", "acr", "roles", "profile", "basic", "email" ], "optionalClientScopes": [ "address", "phone", "offline_access", "organization", "microprofile-jwt" ] }, { "id": "b000e95a-0942-457a-a5d8-c2ca43538e7e", "clientId": "clarity-rest-api", "name": "", "description": "", "rootUrl": "", "adminUrl": "", "baseUrl": "", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "secret": "**********", "redirectUris": [ "/*" ], "webOrigins": [ "/*" ], "notBefore": 0, "bearerOnly": false, "consentRequired": false, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": false, "serviceAccountsEnabled": true, "authorizationServicesEnabled": true, "publicClient": false, "frontchannelLogout": true, "protocol": "openid-connect", "attributes": { "realm_client": "false", "oidc.ciba.grant.enabled": "false", "client.secret.creation.time": "1776548890", "backchannel.logout.session.required": "true", "standard.token.exchange.enabled": "false", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "dpop.bound.access.tokens": "false" }, "authenticationFlowBindingOverrides": { }, "fullScopeAllowed": true, "nodeReRegistrationTimeout": -1, "defaultClientScopes": [ "web-origins", "service_account", "acr", "roles", "profile", "basic", "clarity_backend.all", "email" ], "optionalClientScopes": [ "address", "phone", "offline_access", "organization", "microprofile-jwt" ], "authorizationSettings": { "allowRemoteResourceManagement": true, "policyEnforcementMode": "ENFORCING", "resources": [ ], "policies": [ ], "scopes": [ ], "decisionStrategy": "UNANIMOUS" } }, { "id": "da5e8861-8ea8-4970-91b9-2ad907c4e373", "clientId": "clarity-web-app", "name": "", "description": "", "rootUrl": "", "adminUrl": "", "baseUrl": "", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "redirectUris": [ "*" ], "webOrigins": [ "*" ], "notBefore": 0, "bearerOnly": false, "consentRequired": false, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": false, "serviceAccountsEnabled": false, "publicClient": true, "frontchannelLogout": true, "protocol": "openid-connect", "attributes": { "realm_client": "false", "oidc.ciba.grant.enabled": "false", "backchannel.logout.session.required": "true", "standard.token.exchange.enabled": "false", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "dpop.bound.access.tokens": "false" }, "authenticationFlowBindingOverrides": { }, "fullScopeAllowed": true, "nodeReRegistrationTimeout": -1, "defaultClientScopes": [ "web-origins", "acr", "roles", "profile", "basic", "clarity_backend.all", "email" ], "optionalClientScopes": [ "address", "phone", "offline_access", "organization", "microprofile-jwt" ] }, { "id": "cc852506-d301-412c-9715-7a78dfe9e7e1", "clientId": "realm-management", "name": "${client_realm-management}", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "redirectUris": [ ], "webOrigins": [ ], "notBefore": 0, "bearerOnly": true, "consentRequired": false, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": false, "serviceAccountsEnabled": false, "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { "realm_client": "true" }, "authenticationFlowBindingOverrides": { }, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, "defaultClientScopes": [ "web-origins", "acr", "roles", "profile", "basic", "email" ], "optionalClientScopes": [ "address", "phone", "offline_access", "organization", "microprofile-jwt" ] }, { "id": "93f8b156-09d2-476f-aea2-b0fe5fcd0020", "clientId": "security-admin-console", "name": "${client_security-admin-console}", "rootUrl": "${authAdminUrl}", "baseUrl": "/admin/clarity/console/", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "redirectUris": [ "/admin/clarity/console/*" ], "webOrigins": [ "+" ], "notBefore": 0, "bearerOnly": false, "consentRequired": false, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": false, "serviceAccountsEnabled": false, "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { "realm_client": "false", "client.use.lightweight.access.token.enabled": "true", "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": { }, "fullScopeAllowed": true, "nodeReRegistrationTimeout": 0, "protocolMappers": [ { "id": "1becd48e-e69c-42b9-a5e3-94f556456888", "name": "locale", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "locale", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "locale", "jsonType.label": "String" } } ], "defaultClientScopes": [ "web-origins", "acr", "roles", "profile", "basic", "email" ], "optionalClientScopes": [ "address", "phone", "offline_access", "organization", "microprofile-jwt" ] } ], "clientScopes": [ { "id": "4ea6dfe8-03ee-4cd4-b30d-135bb9149c17", "name": "email", "description": "OpenID Connect built-in scope: email", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "true", "consent.screen.text": "${emailScopeConsentText}", "display.on.consent.screen": "true" }, "protocolMappers": [ { "id": "fabc2d9d-0c05-4b6e-988b-5aa4d17a6df9", "name": "email verified", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "emailVerified", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "email_verified", "jsonType.label": "boolean" } }, { "id": "0a9dd59c-2c4c-4a1a-b022-c094ca6d60dd", "name": "email", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "email", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "email", "jsonType.label": "String" } } ] }, { "id": "1561a91a-c1ab-4d2f-9646-f5afa4674ccd", "name": "basic", "description": "OpenID Connect scope for add all basic claims to the token", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "false", "display.on.consent.screen": "false" }, "protocolMappers": [ { "id": "f36159fd-2a8c-412c-8115-8c0bfd201707", "name": "auth_time", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "AUTH_TIME", "id.token.claim": "true", "introspection.token.claim": "true", "access.token.claim": "true", "claim.name": "auth_time", "jsonType.label": "long" } }, { "id": "a7756477-6d16-4ede-b8ec-406a23f47870", "name": "sub", "protocol": "openid-connect", "protocolMapper": "oidc-sub-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "access.token.claim": "true" } } ] }, { "id": "8940b00c-ea9d-4cd6-aa7a-4e379de0e8a9", "name": "organization", "description": "Additional claims about the organization a subject belongs to", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "true", "consent.screen.text": "${organizationScopeConsentText}", "display.on.consent.screen": "true" }, "protocolMappers": [ { "id": "630ec548-5183-4a29-87e2-bdf68331d505", "name": "organization", "protocol": "openid-connect", "protocolMapper": "oidc-organization-membership-mapper", "consentRequired": false, "config": { "id.token.claim": "true", "introspection.token.claim": "true", "access.token.claim": "true", "claim.name": "organization", "jsonType.label": "String", "multivalued": "true" } } ] }, { "id": "1d813831-cf38-4e84-8841-252f4b053e98", "name": "roles", "description": "OpenID Connect scope for add user roles to the access token", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "false", "consent.screen.text": "${rolesScopeConsentText}", "display.on.consent.screen": "true" }, "protocolMappers": [ { "id": "a42c24fc-aaee-4d97-bc66-4ff07f3b098d", "name": "audience resolve", "protocol": "openid-connect", "protocolMapper": "oidc-audience-resolve-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "access.token.claim": "true" } }, { "id": "4abeb053-a71e-438e-b2f9-85696286e304", "name": "client roles", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-client-role-mapper", "consentRequired": false, "config": { "user.attribute": "foo", "introspection.token.claim": "true", "access.token.claim": "true", "claim.name": "resource_access.${client_id}.roles", "jsonType.label": "String", "multivalued": "true" } }, { "id": "b411fec7-c740-4826-bbf5-45edb4b91ff2", "name": "realm roles", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-realm-role-mapper", "consentRequired": false, "config": { "user.attribute": "foo", "introspection.token.claim": "true", "access.token.claim": "true", "claim.name": "realm_access.roles", "jsonType.label": "String", "multivalued": "true" } } ] }, { "id": "ce4fefc8-8334-4e19-8a6a-c134dec4e32a", "name": "acr", "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "false", "display.on.consent.screen": "false" }, "protocolMappers": [ { "id": "e0164287-0dc7-4328-a1c4-ee7e10a3c060", "name": "acr loa level", "protocol": "openid-connect", "protocolMapper": "oidc-acr-mapper", "consentRequired": false, "config": { "id.token.claim": "true", "introspection.token.claim": "true", "access.token.claim": "true" } } ] }, { "id": "25e1b57d-3a3f-4261-80a2-65f769d18c34", "name": "address", "description": "OpenID Connect built-in scope: address", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "true", "consent.screen.text": "${addressScopeConsentText}", "display.on.consent.screen": "true" }, "protocolMappers": [ { "id": "ee967a31-d708-4556-b476-fd04a3724cdf", "name": "address", "protocol": "openid-connect", "protocolMapper": "oidc-address-mapper", "consentRequired": false, "config": { "user.attribute.formatted": "formatted", "user.attribute.country": "country", "introspection.token.claim": "true", "user.attribute.postal_code": "postal_code", "userinfo.token.claim": "true", "user.attribute.street": "street", "id.token.claim": "true", "user.attribute.region": "region", "access.token.claim": "true", "user.attribute.locality": "locality" } } ] }, { "id": "3976f143-c48f-4849-acd9-2fdceb516330", "name": "web-origins", "description": "OpenID Connect scope for add allowed web origins to the access token", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "false", "consent.screen.text": "", "display.on.consent.screen": "false" }, "protocolMappers": [ { "id": "38279d20-e994-45f6-969b-b5244050453c", "name": "allowed web origins", "protocol": "openid-connect", "protocolMapper": "oidc-allowed-origins-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "access.token.claim": "true" } } ] }, { "id": "9b717435-cdd7-4583-9bdd-d0f0605e3a96", "name": "clarity_backend.all", "description": "Access to Clarity stack", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "false", "display.on.consent.screen": "true", "gui.order": "", "consent.screen.text": "", "include.in.openid.provider.metadata": "true" }, "protocolMappers": [ { "id": "c35094b2-7196-49b4-87e4-56e591b29a35", "name": "clarity_rest_aud", "protocol": "openid-connect", "protocolMapper": "oidc-audience-mapper", "consentRequired": false, "config": { "included.client.audience": "clarity-rest-api", "id.token.claim": "false", "lightweight.claim": "false", "access.token.claim": "true", "introspection.token.claim": "true" } }, { "id": "ae4e0696-bf5a-43a9-b19a-05b0908c5210", "name": "clarity_web_aud", "protocol": "openid-connect", "protocolMapper": "oidc-audience-mapper", "consentRequired": false, "config": { "included.client.audience": "clarity-web-app", "id.token.claim": "false", "lightweight.claim": "false", "access.token.claim": "true", "introspection.token.claim": "true" } } ] }, { "id": "7d4183a9-57b1-49b4-b675-2cb08ff37fde", "name": "saml_organization", "description": "Organization Membership", "protocol": "saml", "attributes": { "display.on.consent.screen": "false" }, "protocolMappers": [ { "id": "d2f2ffce-7a49-4bfb-ba54-6bf3cbe5665e", "name": "organization", "protocol": "saml", "protocolMapper": "saml-organization-membership-mapper", "consentRequired": false, "config": { } } ] }, { "id": "12e44edb-d148-46a0-a9f6-9085a78f4ec3", "name": "service_account", "description": "Specific scope for a client enabled for service accounts", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "false", "display.on.consent.screen": "false" }, "protocolMappers": [ { "id": "379c8b68-09f3-46c0-bbbd-5a10f28581b0", "name": "Client ID", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "client_id", "id.token.claim": "true", "introspection.token.claim": "true", "access.token.claim": "true", "claim.name": "client_id", "jsonType.label": "String" } }, { "id": "bff131bb-bcd8-4288-b2f1-f9143ece356f", "name": "Client Host", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "clientHost", "id.token.claim": "true", "introspection.token.claim": "true", "access.token.claim": "true", "claim.name": "clientHost", "jsonType.label": "String" } }, { "id": "f75b3cf3-0cc1-47cd-b33f-ea30b4d236ee", "name": "Client IP Address", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "clientAddress", "id.token.claim": "true", "introspection.token.claim": "true", "access.token.claim": "true", "claim.name": "clientAddress", "jsonType.label": "String" } } ] }, { "id": "0dde88fb-2ed8-479c-a584-f74da010d744", "name": "offline_access", "description": "OpenID Connect built-in scope: offline_access", "protocol": "openid-connect", "attributes": { "consent.screen.text": "${offlineAccessScopeConsentText}", "display.on.consent.screen": "true" } }, { "id": "0ed0facd-b943-4fe7-91d1-30f5bff626a6", "name": "shared-api-access", "description": "", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "false", "display.on.consent.screen": "true", "gui.order": "", "consent.screen.text": "", "include.in.openid.provider.metadata": "true" }, "protocolMappers": [ { "id": "9a8cf3b0-4ba2-461c-abf2-6d29d2e22466", "name": "shared_aud", "protocol": "openid-connect", "protocolMapper": "oidc-audience-mapper", "consentRequired": false, "config": { "id.token.claim": "false", "lightweight.claim": "false", "access.token.claim": "true", "introspection.token.claim": "true" } } ] }, { "id": "b355b9a0-9ae5-4771-8170-bb5450ba13f8", "name": "microprofile-jwt", "description": "Microprofile - JWT built-in scope", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "true", "display.on.consent.screen": "false" }, "protocolMappers": [ { "id": "57c7e70b-b4bc-4bf6-bad3-bd4ad2080dda", "name": "upn", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "username", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "upn", "jsonType.label": "String" } }, { "id": "7995a948-cf3f-453e-9117-cbe18c9fc0cf", "name": "groups", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-realm-role-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "multivalued": "true", "user.attribute": "foo", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "groups", "jsonType.label": "String" } } ] }, { "id": "6f8f2a38-487a-437a-9d99-1dce3e70819c", "name": "role_list", "description": "SAML role list", "protocol": "saml", "attributes": { "consent.screen.text": "${samlRoleListScopeConsentText}", "display.on.consent.screen": "true" }, "protocolMappers": [ { "id": "f60c8d5c-caf9-4c51-847f-59eb6da2f6f1", "name": "role list", "protocol": "saml", "protocolMapper": "saml-role-list-mapper", "consentRequired": false, "config": { "single": "false", "attribute.nameformat": "Basic", "attribute.name": "Role" } } ] }, { "id": "a8527d59-ca0e-4dd1-b503-c0b78097e055", "name": "profile", "description": "OpenID Connect built-in scope: profile", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "true", "consent.screen.text": "${profileScopeConsentText}", "display.on.consent.screen": "true" }, "protocolMappers": [ { "id": "7e4b9bf8-cbbc-4f32-abb0-670ca3bcac0d", "name": "profile", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "profile", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "profile", "jsonType.label": "String" } }, { "id": "8ee360d7-6d1a-4343-a314-bcaacb7d1b91", "name": "nickname", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "nickname", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "nickname", "jsonType.label": "String" } }, { "id": "560dd8c1-1074-4074-ad15-a9406215ed0e", "name": "zoneinfo", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "zoneinfo", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "zoneinfo", "jsonType.label": "String" } }, { "id": "32889c06-3ebe-4996-b3c8-12f108576996", "name": "birthdate", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "birthdate", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "birthdate", "jsonType.label": "String" } }, { "id": "f716c90f-126c-4582-9e2e-daba7493bb89", "name": "given name", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "firstName", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "given_name", "jsonType.label": "String" } }, { "id": "2716cbc1-cd06-4268-9483-61982916f377", "name": "website", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "website", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "website", "jsonType.label": "String" } }, { "id": "906cb6e3-1606-497c-9810-3446bcf7597e", "name": "middle name", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "middleName", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "middle_name", "jsonType.label": "String" } }, { "id": "bd99ef34-1b92-468c-9f69-27dbf82b1afd", "name": "updated at", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "updatedAt", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "updated_at", "jsonType.label": "long" } }, { "id": "6329a3f6-f7aa-4d56-ac03-44ff1dd5363d", "name": "full name", "protocol": "openid-connect", "protocolMapper": "oidc-full-name-mapper", "consentRequired": false, "config": { "id.token.claim": "true", "introspection.token.claim": "true", "access.token.claim": "true", "userinfo.token.claim": "true" } }, { "id": "61eca96b-64ee-45bc-a83b-1b69d1dc4e15", "name": "picture", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "picture", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "picture", "jsonType.label": "String" } }, { "id": "d07336e0-a6e3-48e2-9b7b-b5e6f824fdfd", "name": "locale", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "locale", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "locale", "jsonType.label": "String" } }, { "id": "11a1266f-a242-4d10-8eae-82689703b8e0", "name": "gender", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "gender", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "gender", "jsonType.label": "String" } }, { "id": "ac261674-f615-4df0-bf8c-901971264ddb", "name": "family name", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "lastName", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "family_name", "jsonType.label": "String" } }, { "id": "4d6febf3-908e-4f2a-bc94-f9a9bb779e79", "name": "username", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "username", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "preferred_username", "jsonType.label": "String" } } ] }, { "id": "2abf6865-aca1-4f7d-9298-605712443d88", "name": "phone", "description": "OpenID Connect built-in scope: phone", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "true", "consent.screen.text": "${phoneScopeConsentText}", "display.on.consent.screen": "true" }, "protocolMappers": [ { "id": "71236a44-54f9-4abb-b590-0080fc80da86", "name": "phone number verified", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "phoneNumberVerified", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "phone_number_verified", "jsonType.label": "boolean" } }, { "id": "5fd99164-7cca-4211-842b-985a8a81a3c9", "name": "phone number", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "phoneNumber", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "phone_number", "jsonType.label": "String" } } ] } ], "defaultDefaultClientScopes": [ "role_list", "saml_organization", "profile", "email", "roles", "web-origins", "acr", "basic" ], "defaultOptionalClientScopes": [ "offline_access", "address", "phone", "microprofile-jwt", "organization" ], "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src \u0027self\u0027; frame-ancestors \u0027self\u0027; object-src \u0027none\u0027;", "strictTransportSecurity": "max-age=31536000; includeSubDomains" }, "smtpServer": { }, "eventsEnabled": false, "eventsListeners": [ "jboss-logging" ], "enabledEventTypes": [ ], "adminEventsEnabled": false, "adminEventsDetailsEnabled": false, "identityProviders": [ ], "identityProviderMappers": [ ], "components": { "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ { "id": "0ab68402-1a55-483f-81c9-da6180d2a5c5", "name": "Allowed Client Scopes", "providerId": "allowed-client-templates", "subType": "authenticated", "subComponents": { }, "config": { "allow-default-scopes": [ "true" ] } }, { "id": "692a088a-efb4-49cd-bddc-fec12b247647", "name": "Allowed Protocol Mapper Types", "providerId": "allowed-protocol-mappers", "subType": "anonymous", "subComponents": { }, "config": { "allowed-protocol-mapper-types": [ "oidc-full-name-mapper", "oidc-address-mapper", "saml-user-attribute-mapper", "saml-user-property-mapper", "oidc-usermodel-property-mapper", "saml-role-list-mapper", "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper" ] } }, { "id": "f08b92d4-1a52-49cc-b9f1-da3a9b857772", "name": "Full Scope Disabled", "providerId": "scope", "subType": "anonymous", "subComponents": { }, "config": { } }, { "id": "6fe20f5a-b89c-424b-9bf7-140d41290eba", "name": "Allowed Protocol Mapper Types", "providerId": "allowed-protocol-mappers", "subType": "authenticated", "subComponents": { }, "config": { "allowed-protocol-mapper-types": [ "oidc-full-name-mapper", "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", "saml-user-property-mapper", "oidc-address-mapper", "saml-role-list-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-attribute-mapper" ] } }, { "id": "2e4ec9d8-669c-4698-9f58-922540d01bb0", "name": "Trusted Hosts", "providerId": "trusted-hosts", "subType": "anonymous", "subComponents": { }, "config": { "host-sending-registration-request-must-match": [ "true" ], "client-uris-must-match": [ "true" ] } }, { "id": "b32d7682-0274-43be-b7ce-38c0560a119a", "name": "Consent Required", "providerId": "consent-required", "subType": "anonymous", "subComponents": { }, "config": { } }, { "id": "0812c5d0-8827-4875-84c3-2895f2cb8040", "name": "Max Clients Limit", "providerId": "max-clients", "subType": "anonymous", "subComponents": { }, "config": { "max-clients": [ "200" ] } }, { "id": "ee9df5e6-9a03-4a3d-bf55-3a8f5deb14b1", "name": "Allowed Client Scopes", "providerId": "allowed-client-templates", "subType": "anonymous", "subComponents": { }, "config": { "allow-default-scopes": [ "true" ] } } ], "org.keycloak.keys.KeyProvider": [ { "id": "2bbee01a-411a-449c-93fa-dd6f83a37f08", "name": "hmac-generated-hs512", "providerId": "hmac-generated", "subComponents": { }, "config": { "priority": [ "100" ], "algorithm": [ "HS512" ] } }, { "id": "86f2318d-97fe-4956-b5bf-473e6ae972a9", "name": "aes-generated", "providerId": "aes-generated", "subComponents": { }, "config": { "priority": [ "100" ] } }, { "id": "112ddd76-5ed2-4b98-b291-f1357d618dcb", "name": "rsa-enc-generated", "providerId": "rsa-enc-generated", "subComponents": { }, "config": { "priority": [ "100" ], "algorithm": [ "RSA-OAEP" ] } }, { "id": "90926ce3-fe01-4ffa-a5cd-17e992e32ba1", "name": "rsa-generated", "providerId": "rsa-generated", "subComponents": { }, "config": { "priority": [ "100" ] } } ] }, "internationalizationEnabled": false, "authenticationFlows": [ { "id": "a36604e4-2ae2-4c38-b87c-00107e65f6c2", "alias": "Account verification options", "description": "Method with which to verify the existing account", "providerId": "basic-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticator": "idp-email-verification", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", "userSetupAllowed": false } ] }, { "id": "6976b3fa-442c-4b57-9f9c-c5b086375d27", "alias": "Browser - Conditional 2FA", "description": "Flow to determine if any 2FA is required for the authentication", "providerId": "basic-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticator": "conditional-user-configured", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorConfig": "browser-conditional-credential", "authenticator": "conditional-credential", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "webauthn-authenticator", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 40, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "auth-recovery-authn-code-form", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 50, "autheticatorFlow": false, "userSetupAllowed": false } ] }, { "id": "3d878850-eecc-4485-b8ab-3e2d9e2f2f85", "alias": "Browser - Conditional Organization", "description": "Flow to determine if the organization identity-first login is to be used", "providerId": "basic-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticator": "conditional-user-configured", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "organization", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, "autheticatorFlow": false, "userSetupAllowed": false } ] }, { "id": "6fda0b18-74c2-44e5-b3b4-4573e5e1d4fa", "alias": "Direct Grant - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticator": "conditional-user-configured", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, "autheticatorFlow": false, "userSetupAllowed": false } ] }, { "id": "3df385bc-a45f-406a-b474-08fa55f51e41", "alias": "First Broker Login - Conditional Organization", "description": "Flow to determine if the authenticator that adds organization members is to be used", "providerId": "basic-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticator": "conditional-user-configured", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "idp-add-organization-member", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, "autheticatorFlow": false, "userSetupAllowed": false } ] }, { "id": "ae092db7-2527-48a2-92ac-0a0086b00a8f", "alias": "First broker login - Conditional 2FA", "description": "Flow to determine if any 2FA is required for the authentication", "providerId": "basic-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticator": "conditional-user-configured", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorConfig": "first-broker-login-conditional-credential", "authenticator": "conditional-credential", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "webauthn-authenticator", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 40, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "auth-recovery-authn-code-form", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 50, "autheticatorFlow": false, "userSetupAllowed": false } ] }, { "id": "d5725aae-46a0-4779-a1b0-98b4cb3f5c59", "alias": "Handle Existing Account", "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", "providerId": "basic-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticator": "idp-confirm-link", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, "autheticatorFlow": true, "flowAlias": "Account verification options", "userSetupAllowed": false } ] }, { "id": "e470db9a-f706-44bf-83aa-232038b01c36", "alias": "Organization", "providerId": "basic-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 10, "autheticatorFlow": true, "flowAlias": "Browser - Conditional Organization", "userSetupAllowed": false } ] }, { "id": "a7d2b606-af67-493a-8bbb-bf7b41b5a3f2", "alias": "Reset - Conditional OTP", "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", "providerId": "basic-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticator": "conditional-user-configured", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, "autheticatorFlow": false, "userSetupAllowed": false } ] }, { "id": "4cc14ad9-ad8e-4d47-b0d6-fd933ce3a5cb", "alias": "User creation or linking", "description": "Flow for the existing/non-existing user alternatives", "providerId": "basic-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticatorConfig": "create unique user config", "authenticator": "idp-create-user-if-unique", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, "autheticatorFlow": true, "flowAlias": "Handle Existing Account", "userSetupAllowed": false } ] }, { "id": "65822516-68e5-44b4-a129-218e9e6c15bf", "alias": "Verify Existing Account by Re-authentication", "description": "Reauthentication of existing account", "providerId": "basic-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticator": "idp-username-password-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, "autheticatorFlow": true, "flowAlias": "First broker login - Conditional 2FA", "userSetupAllowed": false } ] }, { "id": "5b2a8295-dd5a-4042-9913-f83bae9ced28", "alias": "browser", "description": "Browser based authentication", "providerId": "basic-flow", "topLevel": true, "builtIn": true, "authenticationExecutions": [ { "authenticator": "auth-cookie", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 26, "autheticatorFlow": true, "flowAlias": "Organization", "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, "autheticatorFlow": true, "flowAlias": "forms", "userSetupAllowed": false } ] }, { "id": "ef6d809d-474e-460e-a311-760146e74a3e", "alias": "clients", "description": "Base authentication for clients", "providerId": "client-flow", "topLevel": true, "builtIn": true, "authenticationExecutions": [ { "authenticator": "client-secret", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, "autheticatorFlow": false, "userSetupAllowed": false } ] }, { "id": "c65b90e4-4f80-4a4a-aa72-c6cc35626346", "alias": "direct grant", "description": "OpenID Connect Resource Owner Grant", "providerId": "basic-flow", "topLevel": true, "builtIn": true, "authenticationExecutions": [ { "authenticator": "direct-grant-validate-username", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", "userSetupAllowed": false } ] }, { "id": "c987c37b-a1a8-4436-b615-fc70cc615ae9", "alias": "docker auth", "description": "Used by Docker clients to authenticate against the IDP", "providerId": "basic-flow", "topLevel": true, "builtIn": true, "authenticationExecutions": [ { "authenticator": "docker-http-basic-authenticator", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false } ] }, { "id": "0f1e5942-52cf-40bc-b3bd-4cc04ac1a99e", "alias": "first broker login", "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", "providerId": "basic-flow", "topLevel": true, "builtIn": true, "authenticationExecutions": [ { "authenticatorConfig": "review profile config", "authenticator": "idp-review-profile", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, "autheticatorFlow": true, "flowAlias": "User creation or linking", "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 60, "autheticatorFlow": true, "flowAlias": "First Broker Login - Conditional Organization", "userSetupAllowed": false } ] }, { "id": "b9f30b8b-828c-4062-a130-6cd6477e7811", "alias": "forms", "description": "Username, password, otp and other auth forms.", "providerId": "basic-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticator": "auth-username-password-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, "autheticatorFlow": true, "flowAlias": "Browser - Conditional 2FA", "userSetupAllowed": false } ] }, { "id": "33f0ab17-7ba0-43b0-a337-8dbdf9b31051", "alias": "registration", "description": "Registration flow", "providerId": "basic-flow", "topLevel": true, "builtIn": true, "authenticationExecutions": [ { "authenticator": "registration-page-form", "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": true, "flowAlias": "registration form", "userSetupAllowed": false } ] }, { "id": "2147f4f3-bb3c-4437-ab3a-2bd6bc80c2ea", "alias": "registration form", "description": "Registration form", "providerId": "form-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticator": "registration-user-creation", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "registration-terms-and-conditions", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 70, "autheticatorFlow": false, "userSetupAllowed": false } ] }, { "id": "9b7c7e93-38c3-475f-841e-55adc5a1a9cb", "alias": "reset credentials", "description": "Reset credentials for a user if they forgot their password or something", "providerId": "basic-flow", "topLevel": true, "builtIn": true, "authenticationExecutions": [ { "authenticator": "reset-credentials-choose-user", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", "userSetupAllowed": false } ] }, { "id": "bce18b32-c7b5-4c7b-9006-71f72b44c118", "alias": "saml ecp", "description": "SAML ECP Profile Authentication Flow", "providerId": "basic-flow", "topLevel": true, "builtIn": true, "authenticationExecutions": [ { "authenticator": "http-basic-authenticator", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false } ] } ], "authenticatorConfig": [ { "id": "8407e750-e536-4ba2-ae96-21bf620811ef", "alias": "browser-conditional-credential", "config": { "credentials": "webauthn-passwordless" } }, { "id": "2b21d039-d932-491b-81d2-9f9752ca5bfe", "alias": "create unique user config", "config": { "require.password.update.after.registration": "false" } }, { "id": "b2f08c8b-6a93-410e-9f1d-1f5951c63d22", "alias": "first-broker-login-conditional-credential", "config": { "credentials": "webauthn-passwordless" } }, { "id": "46332c90-0261-4244-9446-f90be6c7e574", "alias": "review profile config", "config": { "update.profile.on.first.login": "missing" } } ], "requiredActions": [ { "alias": "CONFIGURE_TOTP", "name": "Configure OTP", "providerId": "CONFIGURE_TOTP", "enabled": true, "defaultAction": false, "priority": 10, "config": { } }, { "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, "config": { } }, { "alias": "UPDATE_PASSWORD", "name": "Update Password", "providerId": "UPDATE_PASSWORD", "enabled": true, "defaultAction": false, "priority": 30, "config": { } }, { "alias": "UPDATE_PROFILE", "name": "Update Profile", "providerId": "UPDATE_PROFILE", "enabled": true, "defaultAction": false, "priority": 40, "config": { } }, { "alias": "VERIFY_EMAIL", "name": "Verify Email", "providerId": "VERIFY_EMAIL", "enabled": true, "defaultAction": false, "priority": 50, "config": { } }, { "alias": "delete_account", "name": "Delete Account", "providerId": "delete_account", "enabled": false, "defaultAction": false, "priority": 60, "config": { } }, { "alias": "UPDATE_EMAIL", "name": "Update Email", "providerId": "UPDATE_EMAIL", "enabled": false, "defaultAction": false, "priority": 70, "config": { } }, { "alias": "webauthn-register", "name": "Webauthn Register", "providerId": "webauthn-register", "enabled": true, "defaultAction": false, "priority": 80, "config": { } }, { "alias": "webauthn-register-passwordless", "name": "Webauthn Register Passwordless", "providerId": "webauthn-register-passwordless", "enabled": true, "defaultAction": false, "priority": 90, "config": { } }, { "alias": "VERIFY_PROFILE", "name": "Verify Profile", "providerId": "VERIFY_PROFILE", "enabled": true, "defaultAction": false, "priority": 100, "config": { } }, { "alias": "delete_credential", "name": "Delete Credential", "providerId": "delete_credential", "enabled": true, "defaultAction": false, "priority": 110, "config": { } }, { "alias": "idp_link", "name": "Linking Identity Provider", "providerId": "idp_link", "enabled": true, "defaultAction": false, "priority": 120, "config": { } }, { "alias": "CONFIGURE_RECOVERY_AUTHN_CODES", "name": "Recovery Authentication Codes", "providerId": "CONFIGURE_RECOVERY_AUTHN_CODES", "enabled": true, "defaultAction": false, "priority": 130, "config": { } }, { "alias": "update_user_locale", "name": "Update User Locale", "providerId": "update_user_locale", "enabled": true, "defaultAction": false, "priority": 1000, "config": { } } ], "browserFlow": "browser", "registrationFlow": "registration", "directGrantFlow": "direct grant", "resetCredentialsFlow": "reset credentials", "clientAuthenticationFlow": "clients", "dockerAuthenticationFlow": "docker auth", "firstBrokerLoginFlow": "first broker login", "attributes": { "cibaBackchannelTokenDeliveryMode": "poll", "cibaExpiresIn": "120", "cibaAuthRequestedUserHint": "login_hint", "oauth2DeviceCodeLifespan": "600", "oauth2DevicePollingInterval": "5", "clientOfflineSessionMaxLifespan": "0", "clientSessionIdleTimeout": "0", "parRequestUriLifespan": "60", "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", "cibaInterval": "5", "realmReusableOtpCode": "false" }, "keycloakVersion": "26.5.7", "userManagedAccessAllowed": false, "organizationsEnabled": false, "verifiableCredentialsEnabled": false, "adminPermissionsEnabled": false, "clientProfiles": { "profiles": [ ] }, "clientPolicies": { "policies": [ ] } }