diff --git a/apps/server/doc/keycloak.md b/apps/server/doc/keycloak.md index 48fb3a2f0f5..1bcfe735c71 100644 --- a/apps/server/doc/keycloak.md +++ b/apps/server/doc/keycloak.md @@ -18,9 +18,11 @@ docker run \ --name erwinidm \ -p 8080:8080 \ -p 8443:8443 \ - -v "$PWD/backup/idm/keycloak:/tmp/realms" \ + -e KEYCLOAK_ADMIN=keycloak + -e KEYCLOAK_ADMIN_PASSWORD=keycloak + -v "$PWD/backup/idm/keycloak:/opt/keycloak/data/import" \ ghcr.io/hpi-schul-cloud/erwin-idm/dev:latest \ - "&& /opt/keycloak/bin/kc.sh import --dir /tmp/realms" + "--import-realm" ``` **PowerShell:** @@ -30,9 +32,11 @@ docker run ` --name erwinidm ` -p 8080:8080 ` -p 8443:8443 ` - -v "$PWD/backup/idm/keycloak:/tmp/realms" ` + -e KEYCLOAK_ADMIN=keycloak ` + -e KEYCLOAK_ADMIN_PASSWORD=keycloak ` + -v "$PWD/backup/idm/keycloak:/opt/keycloak/data/import" ` ghcr.io/hpi-schul-cloud/erwin-idm/dev:latest ` - "&& /opt/keycloak/bin/kc.sh import --dir /tmp/realms" + "--import-realm" ``` ### Setup OpenID Connect Identity Provider mock for ErWIn-IDM brokering diff --git a/backup/idm/keycloak/master-realm.json b/backup/idm/keycloak/master-realm.json deleted file mode 100644 index 6e10276f75e..00000000000 --- a/backup/idm/keycloak/master-realm.json +++ /dev/null @@ -1,1928 +0,0 @@ -{ - "id" : "master", - "realm" : "master", - "displayName" : "Keycloak", - "displayNameHtml" : "
Keycloak
", - "notBefore" : 0, - "defaultSignatureAlgorithm" : "RS256", - "revokeRefreshToken" : false, - "refreshTokenMaxReuse" : 0, - "accessTokenLifespan" : 60, - "accessTokenLifespanForImplicitFlow" : 900, - "ssoSessionIdleTimeout" : 1800, - "ssoSessionMaxLifespan" : 36000, - "ssoSessionIdleTimeoutRememberMe" : 0, - "ssoSessionMaxLifespanRememberMe" : 0, - "offlineSessionIdleTimeout" : 2592000, - "offlineSessionMaxLifespanEnabled" : false, - "offlineSessionMaxLifespan" : 5184000, - "clientSessionIdleTimeout" : 0, - "clientSessionMaxLifespan" : 0, - "clientOfflineSessionIdleTimeout" : 0, - "clientOfflineSessionMaxLifespan" : 0, - "accessCodeLifespan" : 60, - "accessCodeLifespanUserAction" : 300, - "accessCodeLifespanLogin" : 1800, - "actionTokenGeneratedByAdminLifespan" : 43200, - "actionTokenGeneratedByUserLifespan" : 300, - "oauth2DeviceCodeLifespan" : 600, - "oauth2DevicePollingInterval" : 600, - "enabled" : true, - "sslRequired" : "external", - "registrationAllowed" : false, - "registrationEmailAsUsername" : false, - "rememberMe" : false, - "verifyEmail" : false, - "loginWithEmailAllowed" : true, - "duplicateEmailsAllowed" : false, - "resetPasswordAllowed" : false, - "editUsernameAllowed" : false, - "bruteForceProtected" : false, - "permanentLockout" : false, - "maxFailureWaitSeconds" : 900, - "minimumQuickLoginWaitSeconds" : 60, - "waitIncrementSeconds" : 60, - "quickLoginCheckMilliSeconds" : 1000, - "maxDeltaTimeSeconds" : 43200, - "failureFactor" : 30, - "roles" : { - "realm" : [ { - "id" : "1df0b4c6-9b41-46dd-9ee2-cac0b9938adb", - "name" : "create-realm", - "description" : "${role_create-realm}", - "composite" : false, - "clientRole" : false, - "containerId" : "master", - "attributes" : { } - }, { - "id" : "87852c6d-dfe7-40a0-8c0d-ca2bffc7e701", - "name" : "uma_authorization", - "description" : "${role_uma_authorization}", - "composite" : false, - "clientRole" : false, - "containerId" : "master", - "attributes" : { } - }, { - "id" : "bf56632f-1c5f-4f9d-bb34-c76e86201d11", - "name" : "offline_access", - "description" : "${role_offline-access}", - "composite" : false, - "clientRole" : false, - "containerId" : "master", - "attributes" : { } - }, { - "id" : "4edb59eb-913f-41f8-833e-785940413e30", - "name" : "admin", - "description" : "${role_admin}", - "composite" : true, - "composites" : { - "realm" : [ "create-realm" ], - "client" : { - "dBildungscloud-realm" : [ "view-clients", "view-events", "query-clients", "manage-clients", "view-identity-providers", "manage-users", "view-realm", "manage-identity-providers", "query-groups", "manage-authorization", "impersonation", "view-users", "create-client", "manage-realm", "view-authorization", "manage-events", "query-users", "query-realms" ], - "master-realm" : [ "view-events", "create-client", "manage-authorization", "manage-users", "view-clients", "manage-events", "impersonation", "manage-clients", "query-clients", "view-authorization", "query-realms", "view-users", "query-users", "view-realm", "manage-realm", "view-identity-providers", "manage-identity-providers", "query-groups" ] - } - }, - "clientRole" : false, - "containerId" : "master", - "attributes" : { } - }, { - "id" : "720468e6-5e01-4468-8671-0be80d1bb7ec", - "name" : "default-roles-master", - "description" : "${role_default-roles}", - "composite" : true, - "composites" : { - "realm" : [ "offline_access", "uma_authorization" ], - "client" : { - "account" : [ "manage-account", "view-profile" ] - } - }, - "clientRole" : false, - "containerId" : "master", - "attributes" : { } - } ], - "client" : { - "dBildungscloud-realm" : [ { - "id" : "8fa83a08-0d67-4eba-8bb5-fe99b7cf0ce0", - "name" : "view-clients", - "description" : "${role_view-clients}", - "composite" : true, - "composites" : { - "client" : { - "dBildungscloud-realm" : [ "query-clients" ] - } - }, - "clientRole" : true, - "containerId" : "3b4d9f3b-92b0-4854-9f9e-9788233bd0c4", - "attributes" : { } - }, { - "id" : "0531fdaa-d8ae-4ba7-9561-0d83b43dbd62", - "name" : "manage-identity-providers", - "description" : "${role_manage-identity-providers}", - "composite" : false, - "clientRole" : true, - "containerId" : "3b4d9f3b-92b0-4854-9f9e-9788233bd0c4", - "attributes" : { } - }, { - "id" : "14b49a82-2c7e-448d-a73b-d45eafc2920c", - "name" : "view-events", - "description" : "${role_view-events}", - "composite" : false, - "clientRole" : true, - "containerId" : "3b4d9f3b-92b0-4854-9f9e-9788233bd0c4", - "attributes" : { } - }, { - "id" : "b00fe3ff-9d64-4f41-8230-2928da0f4630", - "name" : "query-clients", - "description" : "${role_query-clients}", - "composite" : false, - "clientRole" : true, - "containerId" : "3b4d9f3b-92b0-4854-9f9e-9788233bd0c4", - "attributes" : { } - }, { - "id" : "73d280fa-af50-4a7e-81e9-ff4a3a899a56", - "name" : "query-groups", - "description" : "${role_query-groups}", - "composite" : false, - "clientRole" : true, - "containerId" : "3b4d9f3b-92b0-4854-9f9e-9788233bd0c4", - "attributes" : { } - }, { - "id" : "abcf8659-832e-4c5d-8c56-5bc5a998f7de", - "name" : "manage-authorization", - "description" : "${role_manage-authorization}", - "composite" : false, - "clientRole" : true, - "containerId" : "3b4d9f3b-92b0-4854-9f9e-9788233bd0c4", - "attributes" : { } - }, { - "id" : "3ab5b9c3-a0c8-4f41-a31b-b7ec6f2f690f", - "name" : "manage-clients", - "description" : "${role_manage-clients}", - "composite" : false, - "clientRole" : true, - "containerId" : "3b4d9f3b-92b0-4854-9f9e-9788233bd0c4", - "attributes" : { } - }, { - "id" : "69d81787-895d-4383-8f53-1b6c01198e94", - "name" : "view-identity-providers", - "description" : "${role_view-identity-providers}", - "composite" : false, - "clientRole" : true, - "containerId" : "3b4d9f3b-92b0-4854-9f9e-9788233bd0c4", - "attributes" : { } - }, { - "id" : "a3c74f44-5ba1-442e-9832-a38798565972", - "name" : "impersonation", - "description" : "${role_impersonation}", - "composite" : false, - "clientRole" : true, - "containerId" : "3b4d9f3b-92b0-4854-9f9e-9788233bd0c4", - "attributes" : { } - }, { - "id" : "e493b287-7a5d-4270-975c-937c7c8349c5", - "name" : "manage-users", - "description" : "${role_manage-users}", - "composite" : false, - "clientRole" : true, - "containerId" : "3b4d9f3b-92b0-4854-9f9e-9788233bd0c4", - "attributes" : { } - }, { - "id" : "983ed116-0fbd-43c8-be45-3115301e7109", - "name" : "view-users", - "description" : "${role_view-users}", - "composite" : true, - "composites" : { - "client" : { - "dBildungscloud-realm" : [ "query-groups", "query-users" ] - } - }, - "clientRole" : true, - "containerId" : "3b4d9f3b-92b0-4854-9f9e-9788233bd0c4", - "attributes" : { } - }, { - "id" : "577e2baa-d4ef-4ecd-9baf-dbb67f96c1dd", - "name" : "create-client", - "description" : "${role_create-client}", - "composite" : false, - "clientRole" : true, - "containerId" : "3b4d9f3b-92b0-4854-9f9e-9788233bd0c4", - "attributes" : { } - }, { - "id" : "98066aee-295b-428f-9ee9-96c2f6142641", - "name" : "manage-realm", - "description" : "${role_manage-realm}", - "composite" : false, - "clientRole" : true, - "containerId" : "3b4d9f3b-92b0-4854-9f9e-9788233bd0c4", - "attributes" : { } - }, { - "id" : "fd35ca0e-5e0d-4ad0-b875-b8c944b7b023", - "name" : "view-authorization", - "description" : "${role_view-authorization}", - "composite" : false, - "clientRole" : true, - "containerId" : "3b4d9f3b-92b0-4854-9f9e-9788233bd0c4", - "attributes" : { } - }, { - "id" : "0f5e0f49-819b-4786-b2e4-0c04b51dbfde", - "name" : "manage-events", - "description" : "${role_manage-events}", - "composite" : false, - "clientRole" : true, - "containerId" : "3b4d9f3b-92b0-4854-9f9e-9788233bd0c4", - "attributes" : { } - }, { - "id" : "846cabe2-5109-4cf1-a2b3-e9e3c3ca1ee3", - "name" : "query-users", - "description" : "${role_query-users}", - "composite" : false, - "clientRole" : true, - "containerId" : "3b4d9f3b-92b0-4854-9f9e-9788233bd0c4", - "attributes" : { } - }, { - "id" : "e9064531-71fc-4d4c-82d1-1d2a2db1e172", - "name" : "view-realm", - "description" : "${role_view-realm}", - "composite" : false, - "clientRole" : true, - "containerId" : "3b4d9f3b-92b0-4854-9f9e-9788233bd0c4", - "attributes" : { } - }, { - "id" : "ddcad824-05d5-47ff-b2b0-75dc8fce12b1", - "name" : "query-realms", - "description" : "${role_query-realms}", - "composite" : false, - "clientRole" : true, - "containerId" : "3b4d9f3b-92b0-4854-9f9e-9788233bd0c4", - "attributes" : { } - } ], - "security-admin-console" : [ ], - "admin-cli" : [ ], - "account-console" : [ ], - "broker" : [ { - "id" : "7641da68-f6d2-4497-bc27-d0b7f6a9acc7", - "name" : "read-token", - "description" : "${role_read-token}", - "composite" : false, - "clientRole" : true, - "containerId" : "a4398605-9033-4d1f-a60a-68ff81c5dd39", - "attributes" : { } - } ], - "master-realm" : [ { - "id" : "19c0798c-8352-49a8-ac9c-941016cfd721", - "name" : "view-events", - "description" : "${role_view-events}", - "composite" : false, - "clientRole" : true, - "containerId" : "be568537-6ad3-4225-b38f-bccb273ae423", - "attributes" : { } - }, { - "id" : "9c6aa981-5a7a-4931-9ce5-f497c4125fa9", - "name" : "query-realms", - "description" : "${role_query-realms}", - "composite" : false, - "clientRole" : true, - "containerId" : "be568537-6ad3-4225-b38f-bccb273ae423", - "attributes" : { } - }, { - "id" : "5e0e4cba-43ef-4d4d-a0b4-e6bd3cc6fe6a", - "name" : "create-client", - "description" : "${role_create-client}", - "composite" : false, - "clientRole" : true, - "containerId" : "be568537-6ad3-4225-b38f-bccb273ae423", - "attributes" : { } - }, { - "id" : "3d20f387-6e26-4ff2-a0a9-a242f2165b93", - "name" : "view-users", - "description" : "${role_view-users}", - "composite" : true, - "composites" : { - "client" : { - "master-realm" : [ "query-users", "query-groups" ] - } - }, - "clientRole" : true, - "containerId" : "be568537-6ad3-4225-b38f-bccb273ae423", - "attributes" : { } - }, { - "id" : "149b1345-9a7d-498e-a088-be2e663db449", - "name" : "query-users", - "description" : "${role_query-users}", - "composite" : false, - "clientRole" : true, - "containerId" : "be568537-6ad3-4225-b38f-bccb273ae423", - "attributes" : { } - }, { - "id" : "a686bece-b1aa-4286-ba99-c9db9ffddc58", - "name" : "manage-authorization", - "description" : "${role_manage-authorization}", - "composite" : false, - "clientRole" : true, - "containerId" : "be568537-6ad3-4225-b38f-bccb273ae423", - "attributes" : { } - }, { - "id" : "42790011-fef0-48e6-8456-91c89cb33026", - "name" : "view-realm", - "description" : "${role_view-realm}", - "composite" : false, - "clientRole" : true, - "containerId" : "be568537-6ad3-4225-b38f-bccb273ae423", - "attributes" : { } - }, { - "id" : "2405938f-7027-4aa1-a97d-847dc8d1a2e1", - "name" : "manage-realm", - "description" : "${role_manage-realm}", - "composite" : false, - "clientRole" : true, - "containerId" : "be568537-6ad3-4225-b38f-bccb273ae423", - "attributes" : { } - }, { - "id" : "da4e805f-44a5-4ebc-975f-9ae87b2b5199", - "name" : "manage-users", - "description" : "${role_manage-users}", - "composite" : false, - "clientRole" : true, - "containerId" : "be568537-6ad3-4225-b38f-bccb273ae423", - "attributes" : { } - }, { - "id" : "3befd913-9479-4607-bf2e-531592c198b9", - "name" : "view-identity-providers", - "description" : "${role_view-identity-providers}", - "composite" : false, - "clientRole" : true, - "containerId" : "be568537-6ad3-4225-b38f-bccb273ae423", - "attributes" : { } - }, { - "id" : "0b890555-7a13-4b15-88c9-f90d01205b4d", - "name" : "view-clients", - "description" : "${role_view-clients}", - "composite" : true, - "composites" : { - "client" : { - "master-realm" : [ "query-clients" ] - } - }, - "clientRole" : true, - "containerId" : "be568537-6ad3-4225-b38f-bccb273ae423", - "attributes" : { } - }, { - "id" : "887c1aa6-f825-45be-91a2-814ab4d8e4af", - "name" : "manage-events", - "description" : "${role_manage-events}", - "composite" : false, - "clientRole" : true, - "containerId" : "be568537-6ad3-4225-b38f-bccb273ae423", - "attributes" : { } - }, { - "id" : "1cc2e2d6-72f2-49ba-9411-6b6c74e34800", - "name" : "manage-identity-providers", - "description" : "${role_manage-identity-providers}", - "composite" : false, - "clientRole" : true, - "containerId" : "be568537-6ad3-4225-b38f-bccb273ae423", - "attributes" : { } - }, { - "id" : "88ef4688-7b52-40fc-924b-eff60d1f1656", - "name" : "impersonation", - "description" : "${role_impersonation}", - "composite" : false, - "clientRole" : true, - "containerId" : "be568537-6ad3-4225-b38f-bccb273ae423", - "attributes" : { } - }, { - "id" : "1dd026ad-e700-4744-ab0a-513775153eab", - "name" : "manage-clients", - "description" : "${role_manage-clients}", - "composite" : false, - "clientRole" : true, - "containerId" : "be568537-6ad3-4225-b38f-bccb273ae423", - "attributes" : { } - }, { - "id" : "27298b96-4e69-4410-9e25-641a37ff561b", - "name" : "query-groups", - "description" : "${role_query-groups}", - "composite" : false, - "clientRole" : true, - "containerId" : "be568537-6ad3-4225-b38f-bccb273ae423", - "attributes" : { } - }, { - "id" : "b89b9223-9b5e-4546-b51f-dd24b51f27d6", - "name" : "query-clients", - "description" : "${role_query-clients}", - "composite" : false, - "clientRole" : true, - "containerId" : "be568537-6ad3-4225-b38f-bccb273ae423", - "attributes" : { } - }, { - "id" : "df765f61-5aa0-41fa-a74e-e8d2362677cf", - "name" : "view-authorization", - "description" : "${role_view-authorization}", - "composite" : false, - "clientRole" : true, - "containerId" : "be568537-6ad3-4225-b38f-bccb273ae423", - "attributes" : { } - } ], - "account" : [ { - "id" : "8cf7c72a-8ba6-4a72-9d03-6930cb5558e0", - "name" : "view-consent", - "description" : "${role_view-consent}", - "composite" : false, - "clientRole" : true, - "containerId" : "82be929f-0267-4c8e-b56e-c0cf8d9332c7", - "attributes" : { } - }, { - "id" : "35d3f591-22fd-4995-a035-02a5d80f3608", - "name" : "manage-consent", - "description" : "${role_manage-consent}", - "composite" : true, - "composites" : { - "client" : { - "account" : [ "view-consent" ] - } - }, - "clientRole" : true, - "containerId" : "82be929f-0267-4c8e-b56e-c0cf8d9332c7", - "attributes" : { } - }, { - "id" : "f9933eea-c0e6-413a-b8a4-6aaa3f61263a", - "name" : "view-applications", - "description" : "${role_view-applications}", - "composite" : false, - "clientRole" : true, - "containerId" : "82be929f-0267-4c8e-b56e-c0cf8d9332c7", - "attributes" : { } - }, { - "id" : "7d601ef1-9073-46ce-8242-a8fe1550175d", - "name" : "delete-account", - "description" : "${role_delete-account}", - "composite" : false, - "clientRole" : true, - "containerId" : "82be929f-0267-4c8e-b56e-c0cf8d9332c7", - "attributes" : { } - }, { - "id" : "3d4aefce-4299-4c7a-b3f1-21c6ed60e977", - "name" : "manage-account", - "description" : "${role_manage-account}", - "composite" : true, - "composites" : { - "client" : { - "account" : [ "manage-account-links" ] - } - }, - "clientRole" : true, - "containerId" : "82be929f-0267-4c8e-b56e-c0cf8d9332c7", - "attributes" : { } - }, { - "id" : "d76f581e-8e5b-4702-9340-2f370eb9a066", - "name" : "view-profile", - "description" : "${role_view-profile}", - "composite" : false, - "clientRole" : true, - "containerId" : "82be929f-0267-4c8e-b56e-c0cf8d9332c7", - "attributes" : { } - }, { - "id" : "65876619-eb42-4815-9d80-bdf761418a46", - "name" : "manage-account-links", - "description" : "${role_manage-account-links}", - "composite" : false, - "clientRole" : true, - "containerId" : "82be929f-0267-4c8e-b56e-c0cf8d9332c7", - "attributes" : { } - } ] - } - }, - "groups" : [ ], - "defaultRole" : { - "id" : "720468e6-5e01-4468-8671-0be80d1bb7ec", - "name" : "default-roles-master", - "description" : "${role_default-roles}", - "composite" : true, - "clientRole" : false, - "containerId" : "master" - }, - "requiredCredentials" : [ "password" ], - "otpPolicyType" : "totp", - "otpPolicyAlgorithm" : "HmacSHA1", - "otpPolicyInitialCounter" : 0, - "otpPolicyDigits" : 6, - "otpPolicyLookAheadWindow" : 1, - "otpPolicyPeriod" : 30, - "otpSupportedApplications" : [ "FreeOTP", "Google Authenticator" ], - "webAuthnPolicyRpEntityName" : "keycloak", - "webAuthnPolicySignatureAlgorithms" : [ "ES256" ], - "webAuthnPolicyRpId" : "", - "webAuthnPolicyAttestationConveyancePreference" : "not specified", - "webAuthnPolicyAuthenticatorAttachment" : "not specified", - "webAuthnPolicyRequireResidentKey" : "not specified", - "webAuthnPolicyUserVerificationRequirement" : "not specified", - "webAuthnPolicyCreateTimeout" : 0, - "webAuthnPolicyAvoidSameAuthenticatorRegister" : false, - "webAuthnPolicyAcceptableAaguids" : [ ], - "webAuthnPolicyPasswordlessRpEntityName" : "keycloak", - "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ], - "webAuthnPolicyPasswordlessRpId" : "", - "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified", - "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified", - "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified", - "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified", - "webAuthnPolicyPasswordlessCreateTimeout" : 0, - "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false, - "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ], - "scopeMappings" : [ { - "clientScope" : "offline_access", - "roles" : [ "offline_access" ] - } ], - "clientScopeMappings" : { - "account" : [ { - "client" : "account-console", - "roles" : [ "manage-account" ] - } ] - }, - "clients" : [ { - "id" : "82be929f-0267-4c8e-b56e-c0cf8d9332c7", - "clientId" : "account", - "name" : "${client_account}", - "rootUrl" : "${authBaseUrl}", - "baseUrl" : "/realms/master/account/", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ "/realms/master/account/*" ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "002cc876-2df6-4aaf-b492-f95623d0508c", - "clientId" : "account-console", - "name" : "${client_account-console}", - "rootUrl" : "${authBaseUrl}", - "baseUrl" : "/realms/master/account/", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ "/realms/master/account/*" ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "pkce.code.challenge.method" : "S256" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "protocolMappers" : [ { - "id" : "d430eb5e-f0aa-4aeb-999d-294fe695a44c", - "name" : "audience resolve", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-audience-resolve-mapper", - "consentRequired" : false, - "config" : { } - } ], - "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "b2e59089-e9e6-4621-86d0-e3af5cfa35eb", - "clientId" : "admin-cli", - "name" : "${client_admin-cli}", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : false, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : true, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "a4398605-9033-4d1f-a60a-68ff81c5dd39", - "clientId" : "broker", - "name" : "${client_broker}", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : true, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "3b4d9f3b-92b0-4854-9f9e-9788233bd0c4", - "clientId" : "dBildungscloud-realm", - "name" : "dBildungscloud Realm", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : true, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ ], - "optionalClientScopes" : [ ] - }, { - "id" : "be568537-6ad3-4225-b38f-bccb273ae423", - "clientId" : "master-realm", - "name" : "master Realm", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : true, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "76756568-7aaf-4f5f-891a-f2b744445438", - "clientId" : "security-admin-console", - "name" : "${client_security-admin-console}", - "rootUrl" : "${authAdminUrl}", - "baseUrl" : "/admin/master/console/", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ "/admin/master/console/*" ], - "webOrigins" : [ "+" ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "pkce.code.challenge.method" : "S256" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "protocolMappers" : [ { - "id" : "349bdd3c-e34c-4111-8ce0-1de5f9c0eb42", - "name" : "locale", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "locale", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "locale", - "jsonType.label" : "String" - } - } ], - "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - } ], - "clientScopes" : [ { - "id" : "bb61fea1-3471-4b1a-8d79-56cfe2c4ec2e", - "name" : "profile", - "description" : "OpenID Connect built-in scope: profile", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${profileScopeConsentText}" - }, - "protocolMappers" : [ { - "id" : "fa27b382-f9b7-4073-b5db-e1c5b00666f4", - "name" : "profile", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "profile", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "profile", - "jsonType.label" : "String" - } - }, { - "id" : "d9d8965a-fba4-4de6-9eab-aa881a97b804", - "name" : "zoneinfo", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "zoneinfo", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "zoneinfo", - "jsonType.label" : "String" - } - }, { - "id" : "c3b8d15b-c22d-47a2-a662-ed40d906b497", - "name" : "picture", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "picture", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "picture", - "jsonType.label" : "String" - } - }, { - "id" : "ef3fad68-1b0b-416e-840d-710a8dc59a3b", - "name" : "username", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "username", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "preferred_username", - "jsonType.label" : "String" - } - }, { - "id" : "9296a5c3-204c-47f4-a9e8-040ffcae579e", - "name" : "full name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-full-name-mapper", - "consentRequired" : false, - "config" : { - "id.token.claim" : "true", - "access.token.claim" : "true", - "userinfo.token.claim" : "true" - } - }, { - "id" : "3260e672-fbca-4d8c-b940-1bd40a52a0ac", - "name" : "birthdate", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "birthdate", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "birthdate", - "jsonType.label" : "String" - } - }, { - "id" : "bc3c20d0-985d-48ba-a8ae-1a4bcf871457", - "name" : "nickname", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "nickname", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "nickname", - "jsonType.label" : "String" - } - }, { - "id" : "2c39ba65-b76e-4093-bdba-19ea91eb9b24", - "name" : "given name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "firstName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "given_name", - "jsonType.label" : "String" - } - }, { - "id" : "4ebbde3e-17d9-42dd-a425-c3bf21ba5c81", - "name" : "website", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "website", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "website", - "jsonType.label" : "String" - } - }, { - "id" : "d9c1e6dd-40be-4cb8-95c0-4b15da35c480", - "name" : "gender", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "gender", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "gender", - "jsonType.label" : "String" - } - }, { - "id" : "bb68e5e9-62a1-4cdf-b8e6-3dac7aae39f7", - "name" : "updated at", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "updatedAt", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "updated_at", - "jsonType.label" : "String" - } - }, { - "id" : "3d7dddcf-618f-4f92-8cca-3f3b6972e1c6", - "name" : "family name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "lastName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "family_name", - "jsonType.label" : "String" - } - }, { - "id" : "58bfb7c6-85bc-4370-a2ba-e83827c67cb6", - "name" : "middle name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "middleName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "middle_name", - "jsonType.label" : "String" - } - }, { - "id" : "1ed7862c-b273-4c8f-8777-9dae9ed3590d", - "name" : "locale", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "locale", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "locale", - "jsonType.label" : "String" - } - } ] - }, { - "id" : "9d0030ca-291f-487f-a40f-e5033c416c7a", - "name" : "phone", - "description" : "OpenID Connect built-in scope: phone", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${phoneScopeConsentText}" - }, - "protocolMappers" : [ { - "id" : "5b2c02b2-c4e8-4d32-baa4-0750c139a3a4", - "name" : "phone number verified", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "phoneNumberVerified", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "phone_number_verified", - "jsonType.label" : "boolean" - } - }, { - "id" : "709b91c7-b761-4979-af40-05fc1f55884b", - "name" : "phone number", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "phoneNumber", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "phone_number", - "jsonType.label" : "String" - } - } ] - }, { - "id" : "937fc1cc-99cc-4d99-b252-1f8780cf2ff9", - "name" : "web-origins", - "description" : "OpenID Connect scope for add allowed web origins to the access token", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "false", - "display.on.consent.screen" : "false", - "consent.screen.text" : "" - }, - "protocolMappers" : [ { - "id" : "14772618-80b8-45ca-ad9a-1c11bd32bd5e", - "name" : "allowed web origins", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-allowed-origins-mapper", - "consentRequired" : false, - "config" : { } - } ] - }, { - "id" : "a5b82afa-cf5d-4691-837b-eb94731fbd36", - "name" : "email", - "description" : "OpenID Connect built-in scope: email", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${emailScopeConsentText}" - }, - "protocolMappers" : [ { - "id" : "eda4decd-dac1-4184-b93c-f333f11b06a0", - "name" : "email", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "email", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "email", - "jsonType.label" : "String" - } - }, { - "id" : "2e7570b0-2ad2-4668-a216-ef7fd527772f", - "name" : "email verified", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "emailVerified", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "email_verified", - "jsonType.label" : "boolean" - } - } ] - }, { - "id" : "fab9143f-ec63-4fc8-9368-11d40bddfe73", - "name" : "roles", - "description" : "OpenID Connect scope for add user roles to the access token", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "false", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${rolesScopeConsentText}" - }, - "protocolMappers" : [ { - "id" : "ff923cab-6c85-41ba-9156-288e79d98f97", - "name" : "audience resolve", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-audience-resolve-mapper", - "consentRequired" : false, - "config" : { } - }, { - "id" : "357305cb-2ee2-4ab9-a810-06c4fcd9b68e", - "name" : "client roles", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-client-role-mapper", - "consentRequired" : false, - "config" : { - "user.attribute" : "foo", - "access.token.claim" : "true", - "claim.name" : "resource_access.${client_id}.roles", - "jsonType.label" : "String", - "multivalued" : "true" - } - }, { - "id" : "4b00fa50-0acf-474b-995a-b6b5d75000d0", - "name" : "realm roles", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-realm-role-mapper", - "consentRequired" : false, - "config" : { - "user.attribute" : "foo", - "access.token.claim" : "true", - "claim.name" : "realm_access.roles", - "jsonType.label" : "String", - "multivalued" : "true" - } - } ] - }, { - "id" : "3aa50723-7180-4ee9-95ba-f8bfab5d878e", - "name" : "microprofile-jwt", - "description" : "Microprofile - JWT built-in scope", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "false" - }, - "protocolMappers" : [ { - "id" : "c3cb6099-3080-4d56-bdbe-35f7dede2432", - "name" : "upn", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "username", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "upn", - "jsonType.label" : "String" - } - }, { - "id" : "e2a08cd5-925f-4ef4-8997-532768ed0a39", - "name" : "groups", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-realm-role-mapper", - "consentRequired" : false, - "config" : { - "multivalued" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "foo", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "groups", - "jsonType.label" : "String" - } - } ] - }, { - "id" : "2078604a-54f9-4898-ae03-7cb7f3004be6", - "name" : "offline_access", - "description" : "OpenID Connect built-in scope: offline_access", - "protocol" : "openid-connect", - "attributes" : { - "consent.screen.text" : "${offlineAccessScopeConsentText}", - "display.on.consent.screen" : "true" - } - }, { - "id" : "a03f59a7-222e-4fa1-89ed-260be237dc9c", - "name" : "role_list", - "description" : "SAML role list", - "protocol" : "saml", - "attributes" : { - "consent.screen.text" : "${samlRoleListScopeConsentText}", - "display.on.consent.screen" : "true" - }, - "protocolMappers" : [ { - "id" : "32b510ab-d7cf-4bb5-9677-4b1628fd7d11", - "name" : "role list", - "protocol" : "saml", - "protocolMapper" : "saml-role-list-mapper", - "consentRequired" : false, - "config" : { - "single" : "false", - "attribute.nameformat" : "Basic", - "attribute.name" : "Role" - } - } ] - }, { - "id" : "45b8c619-c7e9-40ca-ba32-1f29289d55ac", - "name" : "address", - "description" : "OpenID Connect built-in scope: address", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${addressScopeConsentText}" - }, - "protocolMappers" : [ { - "id" : "f0356ad5-3eef-4143-93a3-836d3160e67c", - "name" : "address", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-address-mapper", - "consentRequired" : false, - "config" : { - "user.attribute.formatted" : "formatted", - "user.attribute.country" : "country", - "user.attribute.postal_code" : "postal_code", - "userinfo.token.claim" : "true", - "user.attribute.street" : "street", - "id.token.claim" : "true", - "user.attribute.region" : "region", - "access.token.claim" : "true", - "user.attribute.locality" : "locality" - } - } ] - } ], - "defaultDefaultClientScopes" : [ "web-origins", "role_list", "email", "profile", "roles" ], - "defaultOptionalClientScopes" : [ "offline_access", "microprofile-jwt", "address", "phone" ], - "browserSecurityHeaders" : { - "contentSecurityPolicyReportOnly" : "", - "xContentTypeOptions" : "nosniff", - "xRobotsTag" : "none", - "xFrameOptions" : "SAMEORIGIN", - "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - "xXSSProtection" : "1; mode=block", - "strictTransportSecurity" : "max-age=31536000; includeSubDomains" - }, - "smtpServer" : { }, - "eventsEnabled" : false, - "eventsListeners" : [ "jboss-logging" ], - "enabledEventTypes" : [ ], - "adminEventsEnabled" : false, - "adminEventsDetailsEnabled" : false, - "identityProviders" : [ ], - "identityProviderMappers" : [ ], - "components" : { - "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ { - "id" : "8a33c8ac-2232-4358-a005-fc105ce47ce7", - "name" : "Allowed Client Scopes", - "providerId" : "allowed-client-templates", - "subType" : "authenticated", - "subComponents" : { }, - "config" : { - "allow-default-scopes" : [ "true" ] - } - }, { - "id" : "b2086572-185e-47be-baf2-e6ec74cc9f15", - "name" : "Consent Required", - "providerId" : "consent-required", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { } - }, { - "id" : "123c5a54-9363-4432-b923-153ac1f7967e", - "name" : "Allowed Protocol Mapper Types", - "providerId" : "allowed-protocol-mappers", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "allowed-protocol-mapper-types" : [ "oidc-full-name-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-property-mapper", "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", "saml-user-attribute-mapper", "saml-role-list-mapper", "oidc-address-mapper" ] - } - }, { - "id" : "148c3c97-29a6-41ee-b32f-d65f6176dca3", - "name" : "Trusted Hosts", - "providerId" : "trusted-hosts", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "host-sending-registration-request-must-match" : [ "true" ], - "client-uris-must-match" : [ "true" ] - } - }, { - "id" : "753add1c-0637-44f2-a51a-0c4afc3a2d20", - "name" : "Full Scope Disabled", - "providerId" : "scope", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { } - }, { - "id" : "51683c7f-b448-4bca-8125-1e8eb73abcea", - "name" : "Max Clients Limit", - "providerId" : "max-clients", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "max-clients" : [ "200" ] - } - }, { - "id" : "e7661c92-40e0-449f-bd23-ebc2b719f28e", - "name" : "Allowed Client Scopes", - "providerId" : "allowed-client-templates", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "allow-default-scopes" : [ "true" ] - } - }, { - "id" : "4c276ee0-a2f5-4a94-9e72-edc59ffed597", - "name" : "Allowed Protocol Mapper Types", - "providerId" : "allowed-protocol-mappers", - "subType" : "authenticated", - "subComponents" : { }, - "config" : { - "allowed-protocol-mapper-types" : [ "saml-user-attribute-mapper", "oidc-address-mapper", "saml-user-property-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", "saml-role-list-mapper", "oidc-full-name-mapper" ] - } - } ], - "org.keycloak.keys.KeyProvider" : [ { - "id" : "c87eace1-d7ef-4f0a-8434-0830c652a087", - "name" : "hmac-generated", - "providerId" : "hmac-generated", - "subComponents" : { }, - "config" : { - "kid" : [ "aedc231b-baec-4406-8de1-c190b2277404" ], - "secret" : [ "z-ryHZ_OxUav5N2-Wp9bruisIOQieQdBj5WjQvZi7LnFiSunNb_jP0oYmrQ5JEfhJiiD9aVAxZusSiVJp5qEgw" ], - "priority" : [ "100" ], - "algorithm" : [ "HS256" ] - } - }, { - "id" : "dedcbe2f-14d7-481a-a3bf-5ce8618732b8", - "name" : "rsa-generated", - "providerId" : "rsa-generated", - "subComponents" : { }, - "config" : { - "privateKey" : [ "MIIEowIBAAKCAQEAxvU1kUdQ5PGfak+sc9g99tIDTY26GWbhuu0nRks5XJw2wb0I6V3vyRYUF5sMvEmQzbQi2aILy/HXGT3g72Kd6mxNbHUkcUI0nK7zzq9FOqQFEs5wrpv4OsWlLQCcvm+Sf3aB9OiXA2yd+tyB9KvaE/5CBTJwzHNMeUepvIoQTgc88lfqNtc7zG7hwfHAK923nqtOpb1YhR4xg3Evv4NxI1pajZg071+R3uR3S/XYUjnSc0xaTWYX7sVSeCPHOgVDbeqiWALrMhoHkeSUu5fOXRITklAd2gPxKBPAfqt1l+stKaPbSxSB6gP8V/0mE8cK1U/9eyort0c014EMUv3cjQIDAQABAoIBAESmFS6kkdf9Owk+pn1uTqscecFHtr/PDPInpBaQHCHFUOt2Y13KaNNUh+hBOpq5M3qWvjOjwzhCoPp3rGZM+7oIVoqmvMVLl8W8ZCmbtmJud8Wub5j//h2hVsX5YRwgeUb7yAmOO5UV5EjLzxdyOJQPdg4/Aka5PdjXDk0cwlV5c6i5lorjRZ69xYodJz0v6nC8fH55Wgq8dwzXLr0WOoQ+miQpxWoJKdS9uUE0Hq3gV3bVT6/I8f6MhhVJOvrLkDfaFsi/CZOs+qVn7DM9YMa6xF7KNMWjydRthO0kvyTqmsSW+RMwQEDT0aNC0cabmb2W5UeJFc1gp+6p5kGxVw0CgYEA9A2+YnGzgJQLGRmBqrHr3boedUkh2v1zA2hgITS0j5ac6B86k9RyABcJiydwIadjrTjXWp1MY8h2XrSpTk7vCzY4fH1DNI8QpKd7ZWEhC4gvVDca8D8yChk9F2weZ5hp+3YHlPRDbWWi6yOba/xxtUVv7F7AnOESYWQYfA8zw6MCgYEA0LJdsj2kPZ1PtWnnj5ddtbQncelfm7AZ7Hx4HazcoQ95AfXd6VW46tfsskJ2QCBBwhyYUG14OX5BOV3kaRdkBzRgGRM1VYpifV5JD4dG4nvRYUu21I5fNHqzR08Nv2aVocmwbgdIlxGvo/TyCMctTKxFsjydwUFAddttTtK7Yg8CgYBqd2xsqcly+CJ3SqdEfeW1jrIm3EaGsDZycCAvnDyAv2Wn5ae6Qd2RqHsjV4sVQ166fKeGAkUG6raozgtl/A1QSNEPjd25mgfarK2qJlsyGrD6/ickU41S1nvOMf55lwX1CyJ3mq+nk8Uk6x2sWC6Ks8YFybghOBa6od4EkOU2HQKBgQC/iGNreR0qGx0TXu3RH9c2Mu/coJVJenZgTt+iRIp8GooxHWgbhLvgdGjcNRj3w2L2dm3nqoAjK9dKgfxl4ry/y/bCLJnPNuErNAQTh1Cr/XztMaLLMxr3PAEbWddBKTH8uPD+Ghsp4mZzMBONsNbHPnf8m5sgyPUS9V49cDPfSwKBgHQUNrFmH+tcy5WVjI+TmrcZmrl3Cj/QFOK3HPYxUxRTKlIxbcQRurejwB86I5VWiZk79TSKG20S5C2FDIXjJhlZuxiZj5ZPM1WUC8q24IYtxNiTrJkfKqhHmbmL3gllkBsK72wK+No+KAecUSc6c31Hk3YDzOoLGASCsLKf1Hn6" ], - "keyUse" : [ "SIG" ], - "certificate" : [ "MIICmzCCAYMCBgF/iIX2JDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZtYXN0ZXIwHhcNMjIwMzE0MTMwMDU1WhcNMzIwMzE0MTMwMjM1WjARMQ8wDQYDVQQDDAZtYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDG9TWRR1Dk8Z9qT6xz2D320gNNjboZZuG67SdGSzlcnDbBvQjpXe/JFhQXmwy8SZDNtCLZogvL8dcZPeDvYp3qbE1sdSRxQjScrvPOr0U6pAUSznCum/g6xaUtAJy+b5J/doH06JcDbJ363IH0q9oT/kIFMnDMc0x5R6m8ihBOBzzyV+o21zvMbuHB8cAr3beeq06lvViFHjGDcS+/g3EjWlqNmDTvX5He5HdL9dhSOdJzTFpNZhfuxVJ4I8c6BUNt6qJYAusyGgeR5JS7l85dEhOSUB3aA/EoE8B+q3WX6y0po9tLFIHqA/xX/SYTxwrVT/17Kiu3RzTXgQxS/dyNAgMBAAEwDQYJKoZIhvcNAQELBQADggEBABYkv0ocCpPihaX79NrsAvn0whWu1XrNuSG6imZQBAgj6HDJ4CYow88CO1YDj+HYcq/7QlDcKDR9H5rw+f3twYDKf3OOYQXk0pIB6YN79DqkHosdQsacx6X0aCvpOnjh1R2DTTawCXOoCm9aBLfvo+vOHAhMPAN8lpURBHsMl9uh0BI/Bksx0iB4NKKILZOz6vHA0wNxwKASwiCj//y2Lp3toLeCptP4ks75IFddnyexwcHZaiwDnlBgXJ6s2Hk6p9OUTyUwXav0GUtoJwkgy6RUNICZa+7PfmNJNjcWkw1wTwhgz4khBi177UBSSjVxfrN88lheUb5xFFLFtXkR1DQ=" ], - "priority" : [ "100" ] - } - }, { - "id" : "8341905f-e69f-4d59-bd6a-c10c95b7b4eb", - "name" : "aes-generated", - "providerId" : "aes-generated", - "subComponents" : { }, - "config" : { - "kid" : [ "eda62a72-cbd1-4a50-ab08-1a0b0d35e825" ], - "secret" : [ "58m1dth-z3s0EBF92YduDg" ], - "priority" : [ "100" ] - } - }, { - "id" : "a2e15ebf-ed75-4b19-88d7-42b9626d78b7", - "name" : "rsa-enc-generated", - "providerId" : "rsa-enc-generated", - "subComponents" : { }, - "config" : { - "privateKey" : [ "MIIEogIBAAKCAQEAiDpWzK/AwRqBhkLXvTIgz99hRkxzLJ9n+AgFIR5veIO00e2uzcAIxGdMf+zFPAMwFEACE0jqsa0TR4DQ84P6+RJJOBgvrwB/CsCF6ZFjw7N/9Sr86gUV2eleU1L7nh6ooQU+6heB6Tq+gSeTaABOkhkt2j820iYEoKMQJ4Uh/dnuRkv2UoDAaurf69KPI0bYrUeHfqK4uXR20HrrgKWSkuN8H/U8qE5MrFkNTziHDiRTBSjXX8eiJk6sVG/QrhvK3WVxw6XSbu53J1i2zsG2WUO20XUV7CHSN4SZ2ESlGKkqxipKF8z+wz6Mr43MgEw3JMiPrelBbgv4zpObQKaOQQIDAQABAoIBAFZOH4+uCUBNuqGE14lVqNQJgWc4J/+tPgE1k4pX7ec8CeK14nkXoHZNu3mQV6SdoGgz5RyypX3LWNuEEN02UFpb62dOa2dDuTjmn/BJ3BqwLfD1OyZH8oAMCWZgvGiAo/Tfjexg2D0aqnbIy+qnxx9oNFSAmAqra2MZ67Id9lsMOe/6Wb9KYRcUEpaaHOPRnHaiXFUuQ1yEvKhtVcCnvuzD8ffcWV0ZQ1ax/ZnmYxJbf6RRPmXck+du4qCoZ9BVmPMjltzZ6uic9gPRPrPHHZuKSyD70TeyZRX8NjdKFkQp6vbYzi3shjlQcKq5cKlbD8Ff5zyYPTvfazODebf5f8ECgYEAvf3XjmVTNAKzUpAg9ry1PiXIfQ79fIpRABk27Q4nNd6EN/njVZSGLeFH8xZuCucxmwX4HJEbIHlnEjHOEe/DKEIBjUZt5fDo4uSgwUkaV587du518oJp9ZwFWe5fdGwcqSOZdS43+gAU3INSdwgM32RAtiSlrqaK7O7cxjANHEsCgYEAt46q/7D5p9K6gF557zn81fcT/GGSVwyoyJ0o+YbuCbYIEPl9bMpFNRazD7EFscO2ufiTQ/zGZECqxVjrrmmFqVwtFFUQBVY3gVCVamSR2wLJwx86zwtipZtj8loolYGiaY809NV9alZPNneJ/MPXNaQFxjjdzaYU+soE4erlECMCgYAn5WAYdMqOB2skkUN6zJG6pTB+omE0f88WmDTifrBZLYrSPlUwqWmrxLzZHQKqo3XVOeGqDgaGQTgVqAO/3Hs8vu+YfQui133v91aSgAlaEQPpq5V1AVHC06qEAfxldDZohiM5aiUzCEVZMPJmMHiTiHfWR8fK7woJSvdtXrXCFQKBgHDiXGdC/0YmYmvvri1hDAzKFpBvsP+32VUG0dwjDuEKAYvu4yO0gTtU6moMA+R+6DEWnfqBycB9xIf5V3e7jWfKOC744RFnJFtyo3D6yHhYDpzg59nMtq4CEkVJDQxk3OzuFTM82BQ9YBmvCj1Yc1GZvbNZ5Y5DRUO2WapWOujhAoGAVrz6UN6y2dIBduJija+mFxKdLyPC/MrFn1dZpQX8gVBCYU8QnkLnN2Sh/ePWdZR+MJ9K6BdZLel2D3+f2U5rxyKg7PoN8NGQevjOMLdn5nIc2jSHEw84M8fVCi7rWT9vLNnOs/Qzyp+f2ajcTDo9atxC4gUbilmZ/0qk0z6OS8E=" ], - "keyUse" : [ "ENC" ], - "certificate" : [ "MIICmzCCAYMCBgF/iIX2jzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZtYXN0ZXIwHhcNMjIwMzE0MTMwMDU1WhcNMzIwMzE0MTMwMjM1WjARMQ8wDQYDVQQDDAZtYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCIOlbMr8DBGoGGQte9MiDP32FGTHMsn2f4CAUhHm94g7TR7a7NwAjEZ0x/7MU8AzAUQAITSOqxrRNHgNDzg/r5Ekk4GC+vAH8KwIXpkWPDs3/1KvzqBRXZ6V5TUvueHqihBT7qF4HpOr6BJ5NoAE6SGS3aPzbSJgSgoxAnhSH92e5GS/ZSgMBq6t/r0o8jRtitR4d+ori5dHbQeuuApZKS43wf9TyoTkysWQ1POIcOJFMFKNdfx6ImTqxUb9CuG8rdZXHDpdJu7ncnWLbOwbZZQ7bRdRXsIdI3hJnYRKUYqSrGKkoXzP7DPoyvjcyATDckyI+t6UFuC/jOk5tApo5BAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIFdnuUANtUZKrsIh75g+rT47fvHVC8Zrr1zsNNHRRkQ4YTyL9XLEaIP7hCTsDsLpnoA+P0rn95Yt1HfNtqnVHtwIRVneCEmTKRN32U97dZHBOP9rXhUVj5l8GXQuUBvjBIvgDUndRwRm/43sdmQWF/rwHLnUV9Pao8uzbtDKaPp1o8lNObSxBGNrySPQsuyGwDvv62p39IoGbYRgSUJdpR8OVKQjVzfOrcpZ2x7HA7HAsOWBxFhAWfLF4F4kCWrOPL79/NNureyw2OSsgQJtsF55E3riPOMwwemU/BMZZ1hbsGqE4RPJ+RIYdKj1ru3w391fU/pN19CV3qtI1c88YY=" ], - "priority" : [ "100" ], - "algorithm" : [ "RSA-OAEP" ] - } - } ] - }, - "internationalizationEnabled" : false, - "supportedLocales" : [ ], - "authenticationFlows" : [ { - "id" : "e1677184-55f9-497b-a6bc-04bd5c9ad198", - "alias" : "Account verification options", - "description" : "Method with which to verity the existing account", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "idp-email-verification", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "ALTERNATIVE", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "Verify Existing Account by Re-authentication", - "userSetupAllowed" : false - } ] - }, { - "id" : "0539ee73-a7ac-4b9e-af01-85344bd18522", - "alias" : "Authentication Options", - "description" : "Authentication options.", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "basic-auth", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "basic-auth-otp", - "authenticatorFlow" : false, - "requirement" : "DISABLED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "auth-spnego", - "authenticatorFlow" : false, - "requirement" : "DISABLED", - "priority" : 30, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "0fc53086-ef0f-4783-91b0-208f60cc265f", - "alias" : "Browser - Conditional OTP", - "description" : "Flow to determine if the OTP is required for the authentication", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "auth-otp-form", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "521b24fb-744a-4b2b-ac62-233a3c29e3cd", - "alias" : "Direct Grant - Conditional OTP", - "description" : "Flow to determine if the OTP is required for the authentication", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "direct-grant-validate-otp", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "88173607-ca78-414e-8083-4c46cf2dbccb", - "alias" : "First broker login - Conditional OTP", - "description" : "Flow to determine if the OTP is required for the authentication", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "auth-otp-form", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "1b5aae46-92b1-4ea7-8770-3e4354f5933d", - "alias" : "Handle Existing Account", - "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "idp-confirm-link", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "Account verification options", - "userSetupAllowed" : false - } ] - }, { - "id" : "cbd1a732-6308-4b8b-9a73-887694df869e", - "alias" : "Reset - Conditional OTP", - "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "reset-otp", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "2ee042ea-08d0-4618-a139-49764549183c", - "alias" : "User creation or linking", - "description" : "Flow for the existing/non-existing user alternatives", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticatorConfig" : "create unique user config", - "authenticator" : "idp-create-user-if-unique", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "ALTERNATIVE", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "Handle Existing Account", - "userSetupAllowed" : false - } ] - }, { - "id" : "b309a1fb-36ba-448e-9021-1c07db423178", - "alias" : "Verify Existing Account by Re-authentication", - "description" : "Reauthentication of existing account", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "idp-username-password-form", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "CONDITIONAL", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "First broker login - Conditional OTP", - "userSetupAllowed" : false - } ] - }, { - "id" : "06d7ef33-afaa-48ce-94bd-cff7a0b2d1e2", - "alias" : "browser", - "description" : "browser based authentication", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "auth-cookie", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "auth-spnego", - "authenticatorFlow" : false, - "requirement" : "DISABLED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "identity-provider-redirector", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 25, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "ALTERNATIVE", - "priority" : 30, - "autheticatorFlow" : true, - "flowAlias" : "forms", - "userSetupAllowed" : false - } ] - }, { - "id" : "6907dc44-f855-40c5-8081-8bf052d224d8", - "alias" : "clients", - "description" : "Base authentication for clients", - "providerId" : "client-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "client-secret", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "client-jwt", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "client-secret-jwt", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 30, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "client-x509", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 40, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "541eaafd-7e02-4a3b-8784-13af764191ab", - "alias" : "direct grant", - "description" : "OpenID Connect Resource Owner Grant", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "direct-grant-validate-username", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "direct-grant-validate-password", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "CONDITIONAL", - "priority" : 30, - "autheticatorFlow" : true, - "flowAlias" : "Direct Grant - Conditional OTP", - "userSetupAllowed" : false - } ] - }, { - "id" : "f1adb89c-398d-4413-9430-b5e29cc5908c", - "alias" : "docker auth", - "description" : "Used by Docker clients to authenticate against the IDP", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "docker-http-basic-authenticator", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "1211d2a3-cc90-40d2-8be0-f687b45ef448", - "alias" : "first broker login", - "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticatorConfig" : "review profile config", - "authenticator" : "idp-review-profile", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "User creation or linking", - "userSetupAllowed" : false - } ] - }, { - "id" : "0268f2c0-2590-4569-91fc-5623f1565f7f", - "alias" : "forms", - "description" : "Username, password, otp and other auth forms.", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "auth-username-password-form", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "CONDITIONAL", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "Browser - Conditional OTP", - "userSetupAllowed" : false - } ] - }, { - "id" : "18d6bc1b-cda0-4ec8-a0c5-78a2d7d64d15", - "alias" : "http challenge", - "description" : "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "no-cookie-redirect", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "Authentication Options", - "userSetupAllowed" : false - } ] - }, { - "id" : "560191f8-0541-4e0a-9713-e37296914ec3", - "alias" : "registration", - "description" : "registration flow", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "registration-page-form", - "authenticatorFlow" : true, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : true, - "flowAlias" : "registration form", - "userSetupAllowed" : false - } ] - }, { - "id" : "18ce583f-948a-4c8a-9c42-f99dce2e95a4", - "alias" : "registration form", - "description" : "registration form", - "providerId" : "form-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "registration-user-creation", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "registration-profile-action", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 40, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "registration-password-action", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 50, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "registration-recaptcha-action", - "authenticatorFlow" : false, - "requirement" : "DISABLED", - "priority" : 60, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "2251f338-56c6-4529-aeb5-d6b3b2164903", - "alias" : "reset credentials", - "description" : "Reset credentials for a user if they forgot their password or something", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "reset-credentials-choose-user", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "reset-credential-email", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "reset-password", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 30, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "CONDITIONAL", - "priority" : 40, - "autheticatorFlow" : true, - "flowAlias" : "Reset - Conditional OTP", - "userSetupAllowed" : false - } ] - }, { - "id" : "1d4732bc-7987-4ce9-a481-fb125d164eac", - "alias" : "saml ecp", - "description" : "SAML ECP Profile Authentication Flow", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "http-basic-authenticator", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - } ], - "authenticatorConfig" : [ { - "id" : "4854a3fc-d11b-4754-bee9-58f064c78992", - "alias" : "create unique user config", - "config" : { - "require.password.update.after.registration" : "false" - } - }, { - "id" : "0fb5aa2c-1334-4fc8-b03d-3e0365f30cc3", - "alias" : "review profile config", - "config" : { - "update.profile.on.first.login" : "missing" - } - } ], - "requiredActions" : [ { - "alias" : "CONFIGURE_TOTP", - "name" : "Configure OTP", - "providerId" : "CONFIGURE_TOTP", - "enabled" : true, - "defaultAction" : false, - "priority" : 10, - "config" : { } - }, { - "alias" : "terms_and_conditions", - "name" : "Terms and Conditions", - "providerId" : "terms_and_conditions", - "enabled" : false, - "defaultAction" : false, - "priority" : 20, - "config" : { } - }, { - "alias" : "UPDATE_PASSWORD", - "name" : "Update Password", - "providerId" : "UPDATE_PASSWORD", - "enabled" : true, - "defaultAction" : false, - "priority" : 30, - "config" : { } - }, { - "alias" : "UPDATE_PROFILE", - "name" : "Update Profile", - "providerId" : "UPDATE_PROFILE", - "enabled" : true, - "defaultAction" : false, - "priority" : 40, - "config" : { } - }, { - "alias" : "VERIFY_EMAIL", - "name" : "Verify Email", - "providerId" : "VERIFY_EMAIL", - "enabled" : true, - "defaultAction" : false, - "priority" : 50, - "config" : { } - }, { - "alias" : "delete_account", - "name" : "Delete Account", - "providerId" : "delete_account", - "enabled" : false, - "defaultAction" : false, - "priority" : 60, - "config" : { } - }, { - "alias" : "update_user_locale", - "name" : "Update User Locale", - "providerId" : "update_user_locale", - "enabled" : true, - "defaultAction" : false, - "priority" : 1000, - "config" : { } - } ], - "browserFlow" : "browser", - "registrationFlow" : "registration", - "directGrantFlow" : "direct grant", - "resetCredentialsFlow" : "reset credentials", - "clientAuthenticationFlow" : "clients", - "dockerAuthenticationFlow" : "docker auth", - "attributes" : { - "cibaBackchannelTokenDeliveryMode" : "poll", - "cibaExpiresIn" : "120", - "cibaAuthRequestedUserHint" : "login_hint", - "oauth2DeviceCodeLifespan" : "600", - "clientOfflineSessionMaxLifespan" : "0", - "oauth2DevicePollingInterval" : "600", - "clientSessionIdleTimeout" : "0", - "parRequestUriLifespan" : "60", - "clientSessionMaxLifespan" : "0", - "clientOfflineSessionIdleTimeout" : "0", - "cibaInterval" : "5" - }, - "keycloakVersion" : "17.0.0", - "userManagedAccessAllowed" : false, - "clientProfiles" : { - "profiles" : [ ] - }, - "clientPolicies" : { - "policies" : [ ] - } -} diff --git a/backup/idm/keycloak/master-users-0.json b/backup/idm/keycloak/master-users-0.json deleted file mode 100644 index 5d61d4bdb27..00000000000 --- a/backup/idm/keycloak/master-users-0.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "realm": "master", - "users": [ { - "id": "eb1b06ec-2d2b-4695-ba7f-32c864c8452e", - "createdTimestamp": 1647262955423, - "username": "keycloak", - "enabled": true, - "totp": false, - "emailVerified": false, - "credentials": [ { - "id": "4236e883-299c-46ee-8c7d-341ba8b6980b", - "type": "password", - "createdDate": 1647262955573, - "secretData": "{\"value\":\"fMXY5mUf4aYh+7yKJfzKwdVlcwJE8hMpSlwuJnrBe2g8uv5LGcVmCTIXCyBsNb7llATdoYZDYj/2JCeIS3x1PA==\",\"salt\":\"GK7fqnYfafN+pA06aYZKSg==\",\"additionalParameters\":{}}", - "credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" - } ], - "disableableCredentialTypes": [ ], - "requiredActions": [ ], - "realmRoles": [ "admin", "default-roles-master" ], - "clientRoles": { - "dBildungscloud-realm": [ "view-clients", "manage-identity-providers", "view-events", "query-clients", "query-groups", "manage-clients", "manage-authorization", "view-identity-providers", "manage-users", "view-users", "create-client", "view-authorization", "manage-realm", "manage-events", "query-users", "view-realm", "query-realms" ] - }, - "notBefore": 0, - "groups": [ ] - } ] -} diff --git a/src/services/passwordRecovery/model.js b/src/services/passwordRecovery/model.js index 60f4438e761..dcde6926873 100644 --- a/src/services/passwordRecovery/model.js +++ b/src/services/passwordRecovery/model.js @@ -8,7 +8,7 @@ const mongoose = require('mongoose'); const { Schema } = mongoose; const passwordRecoverySchema = new Schema({ - account: { type: Schema.Types.ObjectId, ref: 'account' }, + account: { type: String, required: true }, changed: { type: Boolean, default: false }, token: { type: String, required: true, index: true }, createdAt: { type: Date, default: Date.now }, diff --git a/test/services/passwordRecovery/index.test.js b/test/services/passwordRecovery/index.test.js index 8def38ea07b..155a4a10e40 100644 --- a/test/services/passwordRecovery/index.test.js +++ b/test/services/passwordRecovery/index.test.js @@ -69,7 +69,7 @@ describe('passwordRecovery service', () => { const result = await passwordRecovery.findOne({ account: savedAccount.id, }); - assert.equal(result.account.toHexString(), savedAccount.id); + assert.equal(result.account.toString(), savedAccount.id); }); it('registered the passwordRecovery service', () => {