From eb4996272bbc2cac7f502cf550815cd36b8ef569 Mon Sep 17 00:00:00 2001 From: ch4mpy Date: Fri, 19 Apr 2024 23:09:30 -1000 Subject: [PATCH 1/3] BAEL-7704 : (CONFIGURATION) BAEL-7704 : Update to latest spring-addons. Fix conf: authentication converter was no used by the security filter-chain. Add docker compose file for a Keycloak instance with an imported realm. --- .../spring-security-oauth2-testing/.env | 1 + .../compose.yml | 23 + .../keycloak/import/baeldung-realm.json | 1827 +++++++++++++++++ .../keycloak/import/baeldung-users-0.json | 50 + .../spring-security-oauth2-testing/pom.xml | 60 +- .../reactive-resource-server/pom.xml | 1 + .../ReactiveResourceServerApplication.java | 61 +- .../src/main/resources/application.yaml | 6 - .../src/main/resources/application.yml | 11 + .../src/main/resources/banner.txt | 16 + ...ecurityTestGreetingControllerUnitTest.java | 24 +- .../servlet-resource-server/pom.xml | 1 + .../ServletResourceServerApplication.java | 28 +- .../src/main/resources/application.properties | 1 - .../src/main/resources/application.yml | 11 + .../src/main/resources/banner.txt | 16 + ...pringAddonsGreetingControllerUnitTest.java | 4 +- ...ecurityTestGreetingControllerUnitTest.java | 24 +- 18 files changed, 2065 insertions(+), 100 deletions(-) create mode 100644 spring-security-modules/spring-security-oauth2-testing/.env create mode 100644 spring-security-modules/spring-security-oauth2-testing/compose.yml create mode 100644 spring-security-modules/spring-security-oauth2-testing/keycloak/import/baeldung-realm.json create mode 100644 spring-security-modules/spring-security-oauth2-testing/keycloak/import/baeldung-users-0.json delete mode 100644 spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/main/resources/application.yaml create mode 100644 spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/main/resources/application.yml create mode 100644 spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/main/resources/banner.txt delete mode 100644 spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/main/resources/application.properties create mode 100644 spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/main/resources/application.yml create mode 100644 spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/main/resources/banner.txt diff --git a/spring-security-modules/spring-security-oauth2-testing/.env b/spring-security-modules/spring-security-oauth2-testing/.env new file mode 100644 index 0000000000..c4c692acb6 --- /dev/null +++ b/spring-security-modules/spring-security-oauth2-testing/.env @@ -0,0 +1 @@ +KEYCLOAK_ADMIN_PASSWORD=admin \ No newline at end of file diff --git a/spring-security-modules/spring-security-oauth2-testing/compose.yml b/spring-security-modules/spring-security-oauth2-testing/compose.yml new file mode 100644 index 0000000000..aa6b019360 --- /dev/null +++ b/spring-security-modules/spring-security-oauth2-testing/compose.yml @@ -0,0 +1,23 @@ +name: baeldung-testing-oauth2 +services: + + keycloak: + image: quay.io/keycloak/keycloak:24.0.0 + volumes: + - ./keycloak/import/:/opt/keycloak/data/import/ + command: + - start-dev + - --import-realm + ports: + - 8080:8080 + environment: + KEYCLOAK_ADMIN: admin + KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD} + KC_HTTP_PORT: 8080 + KC_HOSTNAME_URL: http://localhost:8080 + KC_HOSTNAME_ADMIN_URL: http://localhost:8080 + KC_HTTP_RELATIVE_PATH: / + #KC_LOG_LEVEL: DEBUG + container_name: baeldung-testing-oauth2 + extra_hosts: + - "host.docker.internal:host-gateway" \ No newline at end of file diff --git a/spring-security-modules/spring-security-oauth2-testing/keycloak/import/baeldung-realm.json b/spring-security-modules/spring-security-oauth2-testing/keycloak/import/baeldung-realm.json new file mode 100644 index 0000000000..616f0c1f74 --- /dev/null +++ b/spring-security-modules/spring-security-oauth2-testing/keycloak/import/baeldung-realm.json @@ -0,0 +1,1827 @@ +{ + "id" : "7a046c8d-77b1-4851-b4a9-e3a25a17e431", + "realm" : "baeldung", + "notBefore" : 0, + "defaultSignatureAlgorithm" : "RS256", + "revokeRefreshToken" : false, + "refreshTokenMaxReuse" : 0, + "accessTokenLifespan" : 300, + "accessTokenLifespanForImplicitFlow" : 900, + "ssoSessionIdleTimeout" : 1800, + "ssoSessionMaxLifespan" : 36000, + "ssoSessionIdleTimeoutRememberMe" : 0, + "ssoSessionMaxLifespanRememberMe" : 0, + "offlineSessionIdleTimeout" : 2592000, + "offlineSessionMaxLifespanEnabled" : false, + "offlineSessionMaxLifespan" : 5184000, + "clientSessionIdleTimeout" : 0, + "clientSessionMaxLifespan" : 0, + "clientOfflineSessionIdleTimeout" : 0, + "clientOfflineSessionMaxLifespan" : 0, + "accessCodeLifespan" : 60, + "accessCodeLifespanUserAction" : 300, + "accessCodeLifespanLogin" : 1800, + "actionTokenGeneratedByAdminLifespan" : 43200, + "actionTokenGeneratedByUserLifespan" : 300, + "oauth2DeviceCodeLifespan" : 600, + "oauth2DevicePollingInterval" : 5, + "enabled" : true, + "sslRequired" : "external", + "registrationAllowed" : false, + "registrationEmailAsUsername" : false, + "rememberMe" : false, + "verifyEmail" : false, + "loginWithEmailAllowed" : true, + "duplicateEmailsAllowed" : false, + "resetPasswordAllowed" : false, + "editUsernameAllowed" : false, + "bruteForceProtected" : false, + "permanentLockout" : false, + "maxTemporaryLockouts" : 0, + "maxFailureWaitSeconds" : 900, + "minimumQuickLoginWaitSeconds" : 60, + "waitIncrementSeconds" : 60, + "quickLoginCheckMilliSeconds" : 1000, + "maxDeltaTimeSeconds" : 43200, + "failureFactor" : 30, + "roles" : { + "realm" : [ { + "id" : "4ad869c1-56f3-45fd-b345-f107f2834de1", + "name" : "AUTHORIZED_PERSONNEL", + "description" : "", + "composite" : false, + "clientRole" : false, + "containerId" : "7a046c8d-77b1-4851-b4a9-e3a25a17e431", + "attributes" : { } + }, { + "id" : "bfdf00fe-5111-404b-858c-50dcb8a63e61", + "name" : "default-roles-baeldung", + "description" : "${role_default-roles}", + "composite" : true, + "composites" : { + "realm" : [ "offline_access", "uma_authorization" ], + "client" : { + "account" : [ "view-profile", "manage-account" ] + } + }, + "clientRole" : false, + "containerId" : "7a046c8d-77b1-4851-b4a9-e3a25a17e431", + "attributes" : { } + }, { + "id" : "96fbbf77-c81e-472b-bb2e-184713dfffde", + "name" : "uma_authorization", + "description" : "${role_uma_authorization}", + "composite" : false, + "clientRole" : false, + "containerId" : "7a046c8d-77b1-4851-b4a9-e3a25a17e431", + "attributes" : { } + }, { + "id" : "cec72467-237c-4ae9-ae1d-ca84ff51b404", + "name" : "offline_access", + "description" : "${role_offline-access}", + "composite" : false, + "clientRole" : false, + "containerId" : "7a046c8d-77b1-4851-b4a9-e3a25a17e431", + "attributes" : { } + } ], + "client" : { + "realm-management" : [ { + "id" : "955d707a-3baa-4462-a53c-83ff73b30a12", + "name" : "view-realm", + "description" : "${role_view-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes" : { } + }, { + "id" : "81cbcb10-8e84-431e-8da8-07219be8d93d", + "name" : "view-clients", + "description" : "${role_view-clients}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "query-clients" ] + } + }, + "clientRole" : true, + "containerId" : "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes" : { } + }, { + "id" : "fa1adc6d-7b86-4dc6-a120-57eee9a4fe93", + "name" : "create-client", + "description" : "${role_create-client}", + "composite" : false, + "clientRole" : true, + "containerId" : "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes" : { } + }, { + "id" : "be5a19cb-fa00-486a-abfa-eb0dc86680fb", + "name" : "view-users", + "description" : "${role_view-users}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "query-users", "query-groups" ] + } + }, + "clientRole" : true, + "containerId" : "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes" : { } + }, { + "id" : "d76de5c9-10f2-4b68-9850-a16d9b2dd35a", + "name" : "manage-identity-providers", + "description" : "${role_manage-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes" : { } + }, { + "id" : "6339f747-4f89-4e67-9c77-420524135d96", + "name" : "manage-authorization", + "description" : "${role_manage-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes" : { } + }, { + "id" : "c9d5af42-6742-49cf-bd01-a730f4c3cc2e", + "name" : "impersonation", + "description" : "${role_impersonation}", + "composite" : false, + "clientRole" : true, + "containerId" : "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes" : { } + }, { + "id" : "56dccfed-9379-4cfb-a720-b9b9e1745048", + "name" : "view-identity-providers", + "description" : "${role_view-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes" : { } + }, { + "id" : "e10c568f-c50f-4ee4-88cf-43f0c4a1dc2c", + "name" : "manage-realm", + "description" : "${role_manage-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes" : { } + }, { + "id" : "d12dcfc2-b649-4c11-ac55-41d6ab10f5c6", + "name" : "query-users", + "description" : "${role_query-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes" : { } + }, { + "id" : "57977d45-f810-400a-81ca-63a9bdddd3b9", + "name" : "query-realms", + "description" : "${role_query-realms}", + "composite" : false, + "clientRole" : true, + "containerId" : "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes" : { } + }, { + "id" : "e14dfabc-3f03-42cf-a716-5261b7002914", + "name" : "query-groups", + "description" : "${role_query-groups}", + "composite" : false, + "clientRole" : true, + "containerId" : "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes" : { } + }, { + "id" : "800d272c-1327-485c-9d2f-576f3d9a0178", + "name" : "view-authorization", + "description" : "${role_view-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes" : { } + }, { + "id" : "fdc10176-42c0-4b58-968a-35bfd5dbce20", + "name" : "view-events", + "description" : "${role_view-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes" : { } + }, { + "id" : "23393ccd-3b70-4de8-9e00-0adbb11851ce", + "name" : "manage-users", + "description" : "${role_manage-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes" : { } + }, { + "id" : "01a3847f-7602-400d-bedd-7545618559f3", + "name" : "manage-clients", + "description" : "${role_manage-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes" : { } + }, { + "id" : "7d8ac9c4-6d1b-4861-a0b9-0479cbd55b14", + "name" : "query-clients", + "description" : "${role_query-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes" : { } + }, { + "id" : "788677b0-3fbf-457d-8b62-25f305b86bcf", + "name" : "manage-events", + "description" : "${role_manage-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes" : { } + }, { + "id" : "642d82d5-1071-47a9-aca9-d0fbd28d0328", + "name" : "realm-admin", + "description" : "${role_realm-admin}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "view-realm", "view-clients", "create-client", "view-users", "manage-identity-providers", "manage-authorization", "impersonation", "view-identity-providers", "manage-realm", "query-users", "query-realms", "view-authorization", "query-groups", "view-events", "manage-users", "manage-clients", "query-clients", "manage-events" ] + } + }, + "clientRole" : true, + "containerId" : "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes" : { } + } ], + "security-admin-console" : [ ], + "admin-cli" : [ ], + "baeldung-confidential" : [ ], + "account-console" : [ ], + "broker" : [ { + "id" : "9043c535-f6d3-44dc-8c48-d3983e04a93b", + "name" : "read-token", + "description" : "${role_read-token}", + "composite" : false, + "clientRole" : true, + "containerId" : "cb2ee74f-fb36-4f21-82bb-4928966ea449", + "attributes" : { } + } ], + "account" : [ { + "id" : "4a188a41-39d9-47e6-b8de-6d9b42c7a414", + "name" : "view-profile", + "description" : "${role_view-profile}", + "composite" : false, + "clientRole" : true, + "containerId" : "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b", + "attributes" : { } + }, { + "id" : "da24f251-0c13-4035-84f1-16c5a3301ea6", + "name" : "view-consent", + "description" : "${role_view-consent}", + "composite" : false, + "clientRole" : true, + "containerId" : "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b", + "attributes" : { } + }, { + "id" : "26edbb7d-dd9f-4dd4-a282-a6e886e38302", + "name" : "manage-account-links", + "description" : "${role_manage-account-links}", + "composite" : false, + "clientRole" : true, + "containerId" : "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b", + "attributes" : { } + }, { + "id" : "b2c98d1e-4a85-4e11-901d-0207e9793acf", + "name" : "manage-consent", + "description" : "${role_manage-consent}", + "composite" : true, + "composites" : { + "client" : { + "account" : [ "view-consent" ] + } + }, + "clientRole" : true, + "containerId" : "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b", + "attributes" : { } + }, { + "id" : "f244eb36-cf20-4e96-8233-fee1ee8da72e", + "name" : "manage-account", + "description" : "${role_manage-account}", + "composite" : true, + "composites" : { + "client" : { + "account" : [ "manage-account-links" ] + } + }, + "clientRole" : true, + "containerId" : "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b", + "attributes" : { } + }, { + "id" : "a5ca4c2f-d8ad-4c8c-bfd4-1173dd7c1338", + "name" : "view-groups", + "description" : "${role_view-groups}", + "composite" : false, + "clientRole" : true, + "containerId" : "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b", + "attributes" : { } + }, { + "id" : "83f4a43c-07cd-43d5-af99-7825ea603ca9", + "name" : "view-applications", + "description" : "${role_view-applications}", + "composite" : false, + "clientRole" : true, + "containerId" : "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b", + "attributes" : { } + }, { + "id" : "18642f4e-1e2a-4023-9947-7a425d8ed76e", + "name" : "delete-account", + "description" : "${role_delete-account}", + "composite" : false, + "clientRole" : true, + "containerId" : "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b", + "attributes" : { } + } ] + } + }, + "groups" : [ ], + "defaultRole" : { + "id" : "bfdf00fe-5111-404b-858c-50dcb8a63e61", + "name" : "default-roles-baeldung", + "description" : "${role_default-roles}", + "composite" : true, + "clientRole" : false, + "containerId" : "7a046c8d-77b1-4851-b4a9-e3a25a17e431" + }, + "requiredCredentials" : [ "password" ], + "otpPolicyType" : "totp", + "otpPolicyAlgorithm" : "HmacSHA1", + "otpPolicyInitialCounter" : 0, + "otpPolicyDigits" : 6, + "otpPolicyLookAheadWindow" : 1, + "otpPolicyPeriod" : 30, + "otpPolicyCodeReusable" : false, + "otpSupportedApplications" : [ "totpAppFreeOTPName", "totpAppGoogleName", "totpAppMicrosoftAuthenticatorName" ], + "localizationTexts" : { }, + "webAuthnPolicyRpEntityName" : "keycloak", + "webAuthnPolicySignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyRpId" : "", + "webAuthnPolicyAttestationConveyancePreference" : "not specified", + "webAuthnPolicyAuthenticatorAttachment" : "not specified", + "webAuthnPolicyRequireResidentKey" : "not specified", + "webAuthnPolicyUserVerificationRequirement" : "not specified", + "webAuthnPolicyCreateTimeout" : 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyAcceptableAaguids" : [ ], + "webAuthnPolicyExtraOrigins" : [ ], + "webAuthnPolicyPasswordlessRpEntityName" : "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyPasswordlessRpId" : "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified", + "webAuthnPolicyPasswordlessCreateTimeout" : 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ], + "webAuthnPolicyPasswordlessExtraOrigins" : [ ], + "scopeMappings" : [ { + "clientScope" : "offline_access", + "roles" : [ "offline_access" ] + } ], + "clientScopeMappings" : { + "account" : [ { + "client" : "account-console", + "roles" : [ "manage-account", "view-groups" ] + } ] + }, + "clients" : [ { + "id" : "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b", + "clientId" : "account", + "name" : "${client_account}", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/baeldung/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/realms/baeldung/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "4beaa749-404c-4a6a-9b04-72df4f9066a4", + "clientId" : "account-console", + "name" : "${client_account-console}", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/baeldung/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/realms/baeldung/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+", + "pkce.code.challenge.method" : "S256" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "84f0fe2c-8381-4cd1-afa7-508c5cd6c83c", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { } + } ], + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "d2a180a9-6ed6-42fd-a476-2ba0948cae8f", + "clientId" : "admin-cli", + "name" : "${client_admin-cli}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : false, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "3172d7e0-ac9f-4728-ba8c-e1d35c6e14a4", + "clientId" : "baeldung-confidential", + "name" : "", + "description" : "", + "rootUrl" : "", + "adminUrl" : "", + "baseUrl" : "", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "secret", + "redirectUris" : ["https://oauth.pstmn.io/v1/callback", "http://localhost:8080/*", "https://localhost:8080/*", "http://localhost:8081/*", "https://localhost:8081/*", "http://localhost:8082/*", "https://localhost:8082/*" ], + "webOrigins" : [ "+" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : true, + "protocol" : "openid-connect", + "attributes" : { + "oidc.ciba.grant.enabled" : "false", + "client.secret.creation.time" : "1713615347", + "backchannel.logout.session.required" : "true", + "post.logout.redirect.uris" : "+", + "oauth2.device.authorization.grant.enabled" : "false", + "backchannel.logout.revoke.offline.tokens" : "false" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : -1, + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "cb2ee74f-fb36-4f21-82bb-4928966ea449", + "clientId" : "broker", + "name" : "${client_broker}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : true, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "4720b673-8d8b-4709-b695-88d6c17e8edf", + "clientId" : "realm-management", + "name" : "${client_realm-management}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : true, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "8c99b1f8-439f-4c01-ac62-bf4b852a3585", + "clientId" : "security-admin-console", + "name" : "${client_security-admin-console}", + "rootUrl" : "${authAdminUrl}", + "baseUrl" : "/admin/baeldung/console/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/admin/baeldung/console/*" ], + "webOrigins" : [ "+" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+", + "pkce.code.challenge.method" : "S256" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "4a39a186-0bc6-46c8-9605-940ab6af0ec4", + "name" : "locale", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "locale", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "locale", + "jsonType.label" : "String" + } + } ], + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + } ], + "clientScopes" : [ { + "id" : "98fd7e67-c4fc-4e6a-bb9c-6e27d99bbbb2", + "name" : "phone", + "description" : "OpenID Connect built-in scope: phone", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${phoneScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "1cdb5d11-fcc5-48ee-9acc-b8d980b607a5", + "name" : "phone number", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "phoneNumber", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "phone_number", + "jsonType.label" : "String" + } + }, { + "id" : "f3258684-171e-47f9-a9d0-96434e91ee6a", + "name" : "phone number verified", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "phoneNumberVerified", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "phone_number_verified", + "jsonType.label" : "boolean" + } + } ] + }, { + "id" : "20843100-3f9b-4c50-8dc6-86e6d64fbc3d", + "name" : "role_list", + "description" : "SAML role list", + "protocol" : "saml", + "attributes" : { + "consent.screen.text" : "${samlRoleListScopeConsentText}", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "fabf3bec-72b8-4035-84a7-f368417446ef", + "name" : "role list", + "protocol" : "saml", + "protocolMapper" : "saml-role-list-mapper", + "consentRequired" : false, + "config" : { + "single" : "false", + "attribute.nameformat" : "Basic", + "attribute.name" : "Role" + } + } ] + }, { + "id" : "3a0949bd-8a64-44b3-8f21-0b8c41cf44d8", + "name" : "address", + "description" : "OpenID Connect built-in scope: address", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${addressScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "38838b81-804d-47d1-9aad-92d5107b1653", + "name" : "address", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-address-mapper", + "consentRequired" : false, + "config" : { + "user.attribute.formatted" : "formatted", + "user.attribute.country" : "country", + "introspection.token.claim" : "true", + "user.attribute.postal_code" : "postal_code", + "userinfo.token.claim" : "true", + "user.attribute.street" : "street", + "id.token.claim" : "true", + "user.attribute.region" : "region", + "access.token.claim" : "true", + "user.attribute.locality" : "locality" + } + } ] + }, { + "id" : "4bc0f7a9-7009-48f4-aeee-198c705d4e90", + "name" : "profile", + "description" : "OpenID Connect built-in scope: profile", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${profileScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "ed2fc2c9-d27e-4d2c-b877-4bc817fd54bf", + "name" : "family name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "lastName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "family_name", + "jsonType.label" : "String" + } + }, { + "id" : "c1278964-7ee9-4619-a8a4-461ef8fce69b", + "name" : "nickname", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "nickname", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "nickname", + "jsonType.label" : "String" + } + }, { + "id" : "bf7b6bfb-0c2a-4826-8ee2-52cc409534f2", + "name" : "picture", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "picture", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "picture", + "jsonType.label" : "String" + } + }, { + "id" : "85bdea58-50c5-4d63-952d-ab0e1e861244", + "name" : "username", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "preferred_username", + "jsonType.label" : "String" + } + }, { + "id" : "c945557c-e480-4f09-b9fa-62c05a26cb05", + "name" : "updated at", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "updatedAt", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "updated_at", + "jsonType.label" : "long" + } + }, { + "id" : "184fc94a-c750-4bc0-be3f-0501365bc1fd", + "name" : "full name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-full-name-mapper", + "consentRequired" : false, + "config" : { + "id.token.claim" : "true", + "introspection.token.claim" : "true", + "access.token.claim" : "true", + "userinfo.token.claim" : "true" + } + }, { + "id" : "40162254-ac26-4b36-a5d5-538d33612c80", + "name" : "zoneinfo", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "zoneinfo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "zoneinfo", + "jsonType.label" : "String" + } + }, { + "id" : "a85df9ca-5a7f-4035-96a1-bd55dcdbe5be", + "name" : "gender", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "gender", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "gender", + "jsonType.label" : "String" + } + }, { + "id" : "8d02d6e1-89b1-4777-8ce6-5bc6a1fb9f30", + "name" : "middle name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "middleName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "middle_name", + "jsonType.label" : "String" + } + }, { + "id" : "bf65a00b-5112-4bd4-b540-de0fa4912c65", + "name" : "website", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "website", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "website", + "jsonType.label" : "String" + } + }, { + "id" : "5eddbe1e-e274-4543-8606-a8fd3d5f793b", + "name" : "locale", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "locale", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "locale", + "jsonType.label" : "String" + } + }, { + "id" : "54300fc6-0c26-42e0-89bb-844955488008", + "name" : "given name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "firstName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "given_name", + "jsonType.label" : "String" + } + }, { + "id" : "89ccaf97-a0a8-4221-9174-17a7e475ebc7", + "name" : "birthdate", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "birthdate", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "birthdate", + "jsonType.label" : "String" + } + }, { + "id" : "58e90cb8-25c5-4e81-a5ed-a9de481fab17", + "name" : "profile", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "profile", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "profile", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "2d434173-8b6e-4959-ad8f-c7185bc9b433", + "name" : "email", + "description" : "OpenID Connect built-in scope: email", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${emailScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "84dad65d-8413-44c0-95f4-f3d64035e7b6", + "name" : "email verified", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "emailVerified", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email_verified", + "jsonType.label" : "boolean" + } + }, { + "id" : "89ac6a7f-9435-41ed-83eb-34a366429a6f", + "name" : "email", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "email", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "51307312-9b48-4ae9-ad92-7cbc0ff4c6c3", + "name" : "web-origins", + "description" : "OpenID Connect scope for add allowed web origins to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false", + "consent.screen.text" : "" + }, + "protocolMappers" : [ { + "id" : "6f6d1690-df96-4774-ae4a-2d349461f02a", + "name" : "allowed web origins", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-allowed-origins-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "access.token.claim" : "true" + } + } ] + }, { + "id" : "3bec9041-170c-4c6d-a35e-be7a51442aef", + "name" : "microprofile-jwt", + "description" : "Microprofile - JWT built-in scope", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "52e647ff-3bb4-47ee-b67d-0cd24bb66c5b", + "name" : "groups", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "multivalued" : "true", + "user.attribute" : "foo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "groups", + "jsonType.label" : "String" + } + }, { + "id" : "027afd1d-3d34-49df-bf43-00adddfec15a", + "name" : "upn", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "upn", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "159dc3dc-a659-4cb8-9271-809834a42d8e", + "name" : "acr", + "description" : "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "5dbfb5d7-c181-4e47-85e8-13ad0610c43b", + "name" : "acr loa level", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-acr-mapper", + "consentRequired" : false, + "config" : { + "id.token.claim" : "true", + "introspection.token.claim" : "true", + "access.token.claim" : "true" + } + } ] + }, { + "id" : "46c52714-3bb6-4db9-a360-0839703c1f8e", + "name" : "roles", + "description" : "OpenID Connect scope for add user roles to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${rolesScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "0b274bf6-89f0-4d3c-a635-eb3943d062ee", + "name" : "realm roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "multivalued" : "true", + "user.attribute" : "foo", + "access.token.claim" : "true", + "claim.name" : "realm_access.roles", + "jsonType.label" : "String" + } + }, { + "id" : "e70cd96f-6d15-4c46-978a-359f1832b7c2", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "access.token.claim" : "true" + } + }, { + "id" : "6a19a6ab-4035-4c43-b9e5-253339bb491b", + "name" : "client roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-client-role-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "multivalued" : "true", + "user.attribute" : "foo", + "access.token.claim" : "true", + "claim.name" : "resource_access.${client_id}.roles", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "4d1dfa4a-c1cc-45ad-ade5-7ac2fabfc5d3", + "name" : "offline_access", + "description" : "OpenID Connect built-in scope: offline_access", + "protocol" : "openid-connect", + "attributes" : { + "consent.screen.text" : "${offlineAccessScopeConsentText}", + "display.on.consent.screen" : "true" + } + } ], + "defaultDefaultClientScopes" : [ "role_list", "profile", "email", "roles", "web-origins", "acr" ], + "defaultOptionalClientScopes" : [ "offline_access", "address", "phone", "microprofile-jwt" ], + "browserSecurityHeaders" : { + "contentSecurityPolicyReportOnly" : "", + "xContentTypeOptions" : "nosniff", + "referrerPolicy" : "no-referrer", + "xRobotsTag" : "none", + "xFrameOptions" : "SAMEORIGIN", + "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "xXSSProtection" : "1; mode=block", + "strictTransportSecurity" : "max-age=31536000; includeSubDomains" + }, + "smtpServer" : { }, + "eventsEnabled" : true, + "eventsExpiration" : 900, + "eventsListeners" : [ "jboss-logging" ], + "enabledEventTypes" : [ "SEND_RESET_PASSWORD", "UPDATE_CONSENT_ERROR", "GRANT_CONSENT", "VERIFY_PROFILE_ERROR", "REMOVE_TOTP", "REVOKE_GRANT", "UPDATE_TOTP", "LOGIN_ERROR", "CLIENT_LOGIN", "RESET_PASSWORD_ERROR", "IMPERSONATE_ERROR", "CODE_TO_TOKEN_ERROR", "CUSTOM_REQUIRED_ACTION", "OAUTH2_DEVICE_CODE_TO_TOKEN_ERROR", "RESTART_AUTHENTICATION", "IMPERSONATE", "UPDATE_PROFILE_ERROR", "LOGIN", "OAUTH2_DEVICE_VERIFY_USER_CODE", "UPDATE_PASSWORD_ERROR", "CLIENT_INITIATED_ACCOUNT_LINKING", "OAUTH2_EXTENSION_GRANT", "USER_DISABLED_BY_PERMANENT_LOCKOUT", "TOKEN_EXCHANGE", "AUTHREQID_TO_TOKEN", "LOGOUT", "REGISTER", "DELETE_ACCOUNT_ERROR", "CLIENT_REGISTER", "IDENTITY_PROVIDER_LINK_ACCOUNT", "USER_DISABLED_BY_TEMPORARY_LOCKOUT", "DELETE_ACCOUNT", "UPDATE_PASSWORD", "CLIENT_DELETE", "FEDERATED_IDENTITY_LINK_ERROR", "IDENTITY_PROVIDER_FIRST_LOGIN", "CLIENT_DELETE_ERROR", "VERIFY_EMAIL", "CLIENT_LOGIN_ERROR", "RESTART_AUTHENTICATION_ERROR", "EXECUTE_ACTIONS", "REMOVE_FEDERATED_IDENTITY_ERROR", "TOKEN_EXCHANGE_ERROR", "PERMISSION_TOKEN", "SEND_IDENTITY_PROVIDER_LINK_ERROR", "EXECUTE_ACTION_TOKEN_ERROR", "OAUTH2_EXTENSION_GRANT_ERROR", "SEND_VERIFY_EMAIL", "OAUTH2_DEVICE_AUTH", "EXECUTE_ACTIONS_ERROR", "REMOVE_FEDERATED_IDENTITY", "OAUTH2_DEVICE_CODE_TO_TOKEN", "IDENTITY_PROVIDER_POST_LOGIN", "IDENTITY_PROVIDER_LINK_ACCOUNT_ERROR", "OAUTH2_DEVICE_VERIFY_USER_CODE_ERROR", "UPDATE_EMAIL", "REGISTER_ERROR", "REVOKE_GRANT_ERROR", "EXECUTE_ACTION_TOKEN", "LOGOUT_ERROR", "UPDATE_EMAIL_ERROR", "CLIENT_UPDATE_ERROR", "AUTHREQID_TO_TOKEN_ERROR", "UPDATE_PROFILE", "CLIENT_REGISTER_ERROR", "FEDERATED_IDENTITY_LINK", "SEND_IDENTITY_PROVIDER_LINK", "SEND_VERIFY_EMAIL_ERROR", "RESET_PASSWORD", "CLIENT_INITIATED_ACCOUNT_LINKING_ERROR", "OAUTH2_DEVICE_AUTH_ERROR", "UPDATE_CONSENT", "REMOVE_TOTP_ERROR", "VERIFY_EMAIL_ERROR", "SEND_RESET_PASSWORD_ERROR", "CLIENT_UPDATE", "CUSTOM_REQUIRED_ACTION_ERROR", "IDENTITY_PROVIDER_POST_LOGIN_ERROR", "UPDATE_TOTP_ERROR", "CODE_TO_TOKEN", "VERIFY_PROFILE", "GRANT_CONSENT_ERROR", "IDENTITY_PROVIDER_FIRST_LOGIN_ERROR" ], + "adminEventsEnabled" : true, + "adminEventsDetailsEnabled" : true, + "identityProviders" : [ ], + "identityProviderMappers" : [ ], + "components" : { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ { + "id" : "c07dff7f-77fc-4381-a458-9c56515c5c98", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "allow-default-scopes" : [ "true" ] + } + }, { + "id" : "d9662eb8-e8bb-4ae5-a625-c8c616d8967a", + "name" : "Consent Required", + "providerId" : "consent-required", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "03f2b651-fdea-4a7a-88e8-f169f5a7f892", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-full-name-mapper", "oidc-address-mapper", "saml-user-attribute-mapper", "saml-user-property-mapper", "saml-role-list-mapper" ] + } + }, { + "id" : "0c7278cb-1e59-407e-9187-fa147ce96f82", + "name" : "Full Scope Disabled", + "providerId" : "scope", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "a3c48cf1-67be-41fb-a852-6efe25560fcf", + "name" : "Max Clients Limit", + "providerId" : "max-clients", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "max-clients" : [ "200" ] + } + }, { + "id" : "b0f72ad6-c65d-4132-912f-6e5ba9c48466", + "name" : "Trusted Hosts", + "providerId" : "trusted-hosts", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "host-sending-registration-request-must-match" : [ "true" ], + "client-uris-must-match" : [ "true" ] + } + }, { + "id" : "717bea7a-bc0a-4d2a-9ea2-cbe670f1833e", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "oidc-full-name-mapper", "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper", "saml-role-list-mapper", "saml-user-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-address-mapper", "saml-user-property-mapper" ] + } + }, { + "id" : "b1fa36d7-8ef0-4501-a495-215b90bd0699", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allow-default-scopes" : [ "true" ] + } + } ], + "org.keycloak.keys.KeyProvider" : [ { + "id" : "04a18d35-45bd-458d-9bc8-939db56e337d", + "name" : "aes-generated", + "providerId" : "aes-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "3eaa2cde-31c2-409e-9e0e-b8f9ecf76704" ], + "secret" : [ "7BdqNadvG1OQs7Z4qJfvaQ" ], + "priority" : [ "100" ] + } + }, { + "id" : "ce00dbf1-1d6d-44da-84c0-1ed88d712801", + "name" : "rsa-generated", + "providerId" : "rsa-generated", + "subComponents" : { }, + "config" : { + "privateKey" : [ "MIIEogIBAAKCAQEAp0WHWge6QpqVZfKr2kg1esRlHsSZfcGX8uu2pyB2NsXPjuaE0HqEN+OMsQsRR/rjbQkpPYG9sGur0nqNXhV/ErHIlMCmV2Hx8RoLWkVvpqrhnKH+0cBwm8dS83ZN0u5Q4xF1i6a/6FdZx0W45UrE/MZzlqB58I/EyaqZ4H6Id8MXp7W2Fuzw+Q2cKc1MxKx6MzhLJZShIXt8PTjueX5rRfYerdPbixq0E1vWA9Xcatt2mn/xIMo8illBk7fSPvzYv7YKsLtg1Cn43fU/mi63oBckb55D1uYzs2SgnzvRUX8eR6ndq/7CvZaGO3e3WN6FbowpE+wAbMZoXjlKRiHtPwIDAQABAoIBAAxcY/swNQB1AfNNsotn6KPQ3ZQffSRA6SSnbJD/Ih08EvGBcXEijKDArQXsRnOmQ6YsFiMYclcWLdVY/xdjyUctYiAz+Fbeww1JGmuqU+ziFdgIVJdVfDzWxvd815VtzQZqpOAUC3x08Ap8yYQQOWxgkewgocI4LZelhseDMjx/TIScOmuUWmFRwQ7HUP93OKV1oWC4lMAC4LTnqCqlnsk2L563+Q7T2jXUpznlJ6UoTSpu1Msllh+AxqkvZXvAwbFeYoDksWVUaY+gHAQkihgWMGIEmiBun9TsP4NUkpQuWXq1OHE6KBldaJPP3OProN2Z/gDgXDmKVVEf718m+YkCgYEA5KoroazEAIAjZ1L+t39DYNhv87eDnz/y2lRboD3InMFtE36rBPBIOTGiK3GKaIXh6b8VPOXXA5By2SnERIMfzdusmdknTREbC9Ca/ix5RyE/MqflGjqhcsEu1vWe/L7LYNrmTeOryR8E3rLSsrfmIFRKC+9ufsWlahttzW3D5ksCgYEAu0SLIqTmLfcwmIEngU044o5OZw7QtHaDJmNEv5n4cKXJHmCa3mK+IIIb7f3YIw4nyRQVKjbppAM1bLKT5RpqvHCxVIwjGbvhJ7l7QlBXmcx6x9n18ZPFdA8exUwm56sgixlrfUIHUMH1TFbGSFqIm5bAJwjFwqz3gXzSVU0rTF0CgYAjrCiCYGFzcooTZG84UTJBuYI9kzOFdIR+awqgRQM28TYDBI/JhXK++W9DN8NP6xMDVDwL9A9HDxHbrxhfV9VuWAblOWtYKoL9pN2JKYcCAb3KOUcUgHEPZfPYtRjIdTtlMMEdBZeXGK+5zkvwdaABCyVCF2g1fr//fafzlFwrYQKBgHtJcvhJ66hTVtDwJpv/xPWSjpdWr5w/cbRyIi6qJV+0JaY0H4FNLLKmNdEHD6Z0iUjeSdjS8hqiaie3oZpxO9f3sSdiYzFr+Z13hWhxEFsWvbaZDkwO5y2zTqTBr9NRXEl3YMbEE6DdMKsjbcLwp4MXSkXohpnV2dSL4sV52omZAoGAFY1w9JGkTwJ0rG/R+Yx3qcRhoHY7YA2PMSYIyB9E5d923L6bi1GRSwhNLO+lW0eWA8ekHiQLnqDmNJl708oJBGUwo/Zr7U9jowsqQIaSE8VgU6dfdhbScMI5vpmSrlQRyV0UveLvCsEAx/Rvl4y+dQneaEoNqEKSd7Hml2tjx7g=" ], + "keyUse" : [ "SIG" ], + "certificate" : [ "MIICnzCCAYcCBgGO+25VozANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDDAhiYWVsZHVuZzAeFw0yNDA0MjAxMjEzMTVaFw0zNDA0MjAxMjE0NTVaMBMxETAPBgNVBAMMCGJhZWxkdW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp0WHWge6QpqVZfKr2kg1esRlHsSZfcGX8uu2pyB2NsXPjuaE0HqEN+OMsQsRR/rjbQkpPYG9sGur0nqNXhV/ErHIlMCmV2Hx8RoLWkVvpqrhnKH+0cBwm8dS83ZN0u5Q4xF1i6a/6FdZx0W45UrE/MZzlqB58I/EyaqZ4H6Id8MXp7W2Fuzw+Q2cKc1MxKx6MzhLJZShIXt8PTjueX5rRfYerdPbixq0E1vWA9Xcatt2mn/xIMo8illBk7fSPvzYv7YKsLtg1Cn43fU/mi63oBckb55D1uYzs2SgnzvRUX8eR6ndq/7CvZaGO3e3WN6FbowpE+wAbMZoXjlKRiHtPwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQB091NLrtrT+JSmLfyv+LvFIPIaOu07kWHbueqjKbOinQ2ouBfMnOA9Ojm/17w8CIt/h6VIBzoi3H9Huq15dnGoiIcQIzvAiq8XSewnVfnyvFeq830LVAiTEEDRQLqKVT1PiRZEj64XGyRM3lX0Xp+CXG8z3Qc4OVFrHdb/nUIbfDAmxsWRymTm5p2E5GTJPlr/gON/AHPAHIzmgk5HD9PqBPpMQRHN9/y8vkeIPh9gEj8oUYsM6MPEKrbQIDBqnr8UaxPaMtJF+cjg36VB0SJ9c1w0DBWeND/UNFq47aNWMSND5O9qX0eJxVTqxFAFia0V2WUZk17Pd6pzLKkZQb94" ], + "priority" : [ "100" ] + } + }, { + "id" : "fa8ee6a3-d95e-4ec9-856a-0962208b6bcc", + "name" : "rsa-enc-generated", + "providerId" : "rsa-enc-generated", + "subComponents" : { }, + "config" : { + "privateKey" : [ "MIIEowIBAAKCAQEAsZNPlXoVvt4RsbkFu3giJB3W3qDxEGsAIvOQqLFKP4o1oFJY4L4K5ljUbGABMiq0fQEVTj1mAZAwqJ/J+mnv5OhkUfTDpAt0LactZRPqz7RyfRwmSTL3r/kCtFZn5WQZA//Z6q3zdm7ARxH3Dq9+cMARIe1k7dblWlX+8A5Qk8Ka9Ie6SfwqlTsv4EMTmIhUjj/UyEAWLhSLrk/gA3PQyw/OUEWJTM946AWmPcMtWJRFDbMsj00G1sgrmRuIa0zmXpLj+Zr1Kby9GBU/x60EKtONtXiX8IvIKFm8mKI40q8va6jI71wqUB7OtDZ1a+iF1h8TJ+X5Q2ARPo0li3iEUQIDAQABAoIBADhe57ovZdzP+TT+Y9P12Hy3nkDRPYV1OjdeM5NhqIzQLqLk0UMTATnLhC+dMHQA+4fdQqqyMgIYCGJXS1J7s8Rqg4JC3aJjYm+lrPLz5iwmf9u4hmzhSaCqv1GJRnUbGBfdbguiSfHUSaSmDtQyIMThK+8lwc8A05EgUIxbNvgYnEOEdavlyCq4HdMiDPSjpdHSdC8NpaQkAVULB3QXofm5SQm4ioED/trVjHyjl80i9ysDKSPPzqpye4lFCqmclni1U78V2w4E/uVOG8+MczZkS4otPG99QoELGuqLaVmq9rAx624owUAY3r7ecCL2lSHyjzJwBkrBFLenlSI4A6sCgYEA7tPcbOYPt2a7ih1nase6aC5rwTk62lpe9cuNpVCRmKKlX9glLLcFjNz+75LSyj4TXvg52vcZv3JmsULUeE30rPVr9hgIeuEnsPCc4HLJ40aVaEyhVVwg5ofy3++/8Ys0PR2blZ674/jFgxbB537t81QxQd5WtD9Zh+w7Tiiw40sCgYEAvlf4qvjKW6kaOpmIe4S7wWY9/FhbgHq3sKLltfzOGY0GTWGFZtJ7uzgDvOkEVAIyopEDKfkBL3Sok5ic8MpQOARCa1HXjm8+dtQ1SkNxDsGC//DpouHefkvwUNeKYPV2n4CckirUMmvSqWz4oWAA5u0C2eg0pwvlavMpRKN1mVMCgYB7Klt09biJNrvk4IEi+lnRvI7pmSAW16A9Vnp4FPLhKo/qu8eAJesA2D/JQYjfr9/BjHYZzHFE4DTBmduFJ37Va8P/qClHZbJYd94PimM/iHkozsws/1QgT2AbyMLOSKHqGsjQAoqXaQZDMotRXY5NfM/iTk2cq0b66AM1rZp7vQKBgQCpBc1XZV2sT1lvN+8uYAuqDXR1pLB8QnzjaYO6Oyd5IPW7uSGQ0M/2zCLlmbWyM9Fq8oJwvyECVwFrL1YNrFnXpFCmpCJZ5Qb+1ioMLB81DzmYtQGDFjdQx3Y7E2tZ9h7EPJzMXyPXMk/7Cz0tb+bdKRIjFkPLIpEyi4LV5KEE6QKBgF7Hs1jnR+/3wVK2NG+Ek5bOwOn7wNtwpfhHpj+Auwk7B9mzoor01L6UTw+LDMtQoohfqOJhM1xZcn2MJdhZhkWvSpavEyuY886A8RVtL44rh/kCHy/M4d9AQoiSz5mIYOdiiskbepG+jaIoweUvWxLmcWLWgV3H8syyqJR/vf30" ], + "keyUse" : [ "ENC" ], + "certificate" : [ "MIICnzCCAYcCBgGO+25WEDANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDDAhiYWVsZHVuZzAeFw0yNDA0MjAxMjEzMTZaFw0zNDA0MjAxMjE0NTZaMBMxETAPBgNVBAMMCGJhZWxkdW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsZNPlXoVvt4RsbkFu3giJB3W3qDxEGsAIvOQqLFKP4o1oFJY4L4K5ljUbGABMiq0fQEVTj1mAZAwqJ/J+mnv5OhkUfTDpAt0LactZRPqz7RyfRwmSTL3r/kCtFZn5WQZA//Z6q3zdm7ARxH3Dq9+cMARIe1k7dblWlX+8A5Qk8Ka9Ie6SfwqlTsv4EMTmIhUjj/UyEAWLhSLrk/gA3PQyw/OUEWJTM946AWmPcMtWJRFDbMsj00G1sgrmRuIa0zmXpLj+Zr1Kby9GBU/x60EKtONtXiX8IvIKFm8mKI40q8va6jI71wqUB7OtDZ1a+iF1h8TJ+X5Q2ARPo0li3iEUQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCT9Jua67qgsClibdgvEfX3BKLl+JXVbFjyYKfBhP85DIk/tzfeYi1UZilWGPWlnprhp5GnwZXPeqVsLCNM+ypdYN8RGBs6K48wVQoetf92GPh9eCQMq2FSAVKShsgkolKifyuZo8oQu6Na92V5EsjUV7hEB4G3jXOisrO/MjN+Ja9eRXru1L2n7bOrKtYRlYeNI8CZvc63jRPkq1fRutcmpqMRPDjMYuM9wUvkZwewqo8WSf51DDKBah5W83XLbTp5jX0bH1NZc3BNHnNerR3iMGPSa6rcKPsC3lL1mZluNVhQExyli1S1f7QmUc1BYxr3zi2uVCKkci5gRenDywws" ], + "priority" : [ "100" ], + "algorithm" : [ "RSA-OAEP" ] + } + }, { + "id" : "0866f9d1-3c22-432c-95d4-65378e739b89", + "name" : "hmac-generated-hs512", + "providerId" : "hmac-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "749eb77a-a3d7-45b2-bc40-3bf80faf2fc7" ], + "secret" : [ "YmaVXh3blZqVaqpgeLyGI5JUzV8Vc41XFb7RcUaChNmAN-f61pqz7nE6edgQj_NS-TVVsvlq9qouKcd-5_oGugmvCXZ-Dp5gzcKe4EA-voOEV4pvJ7VXRWuH6QBDCaXyDiknEVtIx20ycjC4F8Ch10_n8so87mwMuVA6zD8Y-oM" ], + "priority" : [ "100" ], + "algorithm" : [ "HS512" ] + } + } ] + }, + "internationalizationEnabled" : false, + "supportedLocales" : [ ], + "authenticationFlows" : [ { + "id" : "92fc572a-6443-4d62-989d-dc6147aed6a6", + "alias" : "Account verification options", + "description" : "Method with which to verity the existing account", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-email-verification", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Verify Existing Account by Re-authentication", + "userSetupAllowed" : false + } ] + }, { + "id" : "17dce980-92a5-4dab-84b6-29f0ffe91e2f", + "alias" : "Browser - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-otp-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "9fdb023c-7959-4e7c-b745-d0bcfc6e1f87", + "alias" : "Direct Grant - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "direct-grant-validate-otp", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "336dbe24-c5ec-44c0-bf56-1b811b451fdf", + "alias" : "First broker login - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-otp-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "3a87da1e-2fdf-4d15-8c93-8e8d69fc2774", + "alias" : "Handle Existing Account", + "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-confirm-link", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Account verification options", + "userSetupAllowed" : false + } ] + }, { + "id" : "77bd3109-c34e-4165-b9f7-cb6d19aa7fe3", + "alias" : "Reset - Conditional OTP", + "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-otp", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "ee4b2165-c1be-43ca-96c8-b2302d78b38a", + "alias" : "User creation or linking", + "description" : "Flow for the existing/non-existing user alternatives", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "create unique user config", + "authenticator" : "idp-create-user-if-unique", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Handle Existing Account", + "userSetupAllowed" : false + } ] + }, { + "id" : "0116eec2-8a17-4de9-b75f-caa26e52bdf0", + "alias" : "Verify Existing Account by Re-authentication", + "description" : "Reauthentication of existing account", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-username-password-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "First broker login - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "de8794bd-3ad0-42e9-861f-85fcb6cb1db6", + "alias" : "browser", + "description" : "browser based authentication", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-cookie", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-spnego", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "identity-provider-redirector", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 25, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 30, + "autheticatorFlow" : true, + "flowAlias" : "forms", + "userSetupAllowed" : false + } ] + }, { + "id" : "9f6aa9f1-134b-4efe-84c4-ba9b7f4e8368", + "alias" : "clients", + "description" : "Base authentication for clients", + "providerId" : "client-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "client-secret", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-jwt", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-secret-jwt", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 30, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-x509", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 40, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "692ddf3c-2813-46ef-b364-fcba9d70f5a4", + "alias" : "direct grant", + "description" : "OpenID Connect Resource Owner Grant", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "direct-grant-validate-username", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "direct-grant-validate-password", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 30, + "autheticatorFlow" : true, + "flowAlias" : "Direct Grant - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "257e18b2-be1c-4ab2-8dd7-68a83817ca8a", + "alias" : "docker auth", + "description" : "Used by Docker clients to authenticate against the IDP", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "docker-http-basic-authenticator", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "fe879ee4-eec5-4034-9b78-82636f614123", + "alias" : "first broker login", + "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "review profile config", + "authenticator" : "idp-review-profile", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "User creation or linking", + "userSetupAllowed" : false + } ] + }, { + "id" : "2e6f09af-a3f6-415a-8d38-dfc1708e82ff", + "alias" : "forms", + "description" : "Username, password, otp and other auth forms.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-username-password-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Browser - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "cac2a81c-7933-4e1c-a91b-1a5e4d8ba873", + "alias" : "registration", + "description" : "registration flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-page-form", + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : true, + "flowAlias" : "registration form", + "userSetupAllowed" : false + } ] + }, { + "id" : "76b893b1-6b16-4e7c-a945-b86b63c983fb", + "alias" : "registration form", + "description" : "registration form", + "providerId" : "form-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-user-creation", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "registration-password-action", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 50, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "registration-recaptcha-action", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 60, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "registration-terms-and-conditions", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 70, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "8c1ba21b-218d-406d-a936-c935f41e7bef", + "alias" : "reset credentials", + "description" : "Reset credentials for a user if they forgot their password or something", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "reset-credentials-choose-user", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-credential-email", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-password", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 30, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 40, + "autheticatorFlow" : true, + "flowAlias" : "Reset - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "6df47204-9532-4b3e-821f-9a5255b9c305", + "alias" : "saml ecp", + "description" : "SAML ECP Profile Authentication Flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "http-basic-authenticator", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + } ], + "authenticatorConfig" : [ { + "id" : "793b40f2-0912-40f4-b570-a75015fb9eb0", + "alias" : "create unique user config", + "config" : { + "require.password.update.after.registration" : "false" + } + }, { + "id" : "3ff115f7-7108-4b17-8868-1d390ec3a480", + "alias" : "review profile config", + "config" : { + "update.profile.on.first.login" : "missing" + } + } ], + "requiredActions" : [ { + "alias" : "CONFIGURE_TOTP", + "name" : "Configure OTP", + "providerId" : "CONFIGURE_TOTP", + "enabled" : true, + "defaultAction" : false, + "priority" : 10, + "config" : { } + }, { + "alias" : "TERMS_AND_CONDITIONS", + "name" : "Terms and Conditions", + "providerId" : "TERMS_AND_CONDITIONS", + "enabled" : false, + "defaultAction" : false, + "priority" : 20, + "config" : { } + }, { + "alias" : "UPDATE_PASSWORD", + "name" : "Update Password", + "providerId" : "UPDATE_PASSWORD", + "enabled" : true, + "defaultAction" : false, + "priority" : 30, + "config" : { } + }, { + "alias" : "UPDATE_PROFILE", + "name" : "Update Profile", + "providerId" : "UPDATE_PROFILE", + "enabled" : true, + "defaultAction" : false, + "priority" : 40, + "config" : { } + }, { + "alias" : "VERIFY_EMAIL", + "name" : "Verify Email", + "providerId" : "VERIFY_EMAIL", + "enabled" : true, + "defaultAction" : false, + "priority" : 50, + "config" : { } + }, { + "alias" : "delete_account", + "name" : "Delete Account", + "providerId" : "delete_account", + "enabled" : false, + "defaultAction" : false, + "priority" : 60, + "config" : { } + }, { + "alias" : "webauthn-register", + "name" : "Webauthn Register", + "providerId" : "webauthn-register", + "enabled" : true, + "defaultAction" : false, + "priority" : 70, + "config" : { } + }, { + "alias" : "webauthn-register-passwordless", + "name" : "Webauthn Register Passwordless", + "providerId" : "webauthn-register-passwordless", + "enabled" : true, + "defaultAction" : false, + "priority" : 80, + "config" : { } + }, { + "alias" : "VERIFY_PROFILE", + "name" : "Verify Profile", + "providerId" : "VERIFY_PROFILE", + "enabled" : true, + "defaultAction" : false, + "priority" : 90, + "config" : { } + }, { + "alias" : "update_user_locale", + "name" : "Update User Locale", + "providerId" : "update_user_locale", + "enabled" : true, + "defaultAction" : false, + "priority" : 1000, + "config" : { } + } ], + "browserFlow" : "browser", + "registrationFlow" : "registration", + "directGrantFlow" : "direct grant", + "resetCredentialsFlow" : "reset credentials", + "clientAuthenticationFlow" : "clients", + "dockerAuthenticationFlow" : "docker auth", + "firstBrokerLoginFlow" : "first broker login", + "attributes" : { + "cibaBackchannelTokenDeliveryMode" : "poll", + "cibaAuthRequestedUserHint" : "login_hint", + "oauth2DevicePollingInterval" : "5", + "clientOfflineSessionMaxLifespan" : "0", + "clientSessionIdleTimeout" : "0", + "clientOfflineSessionIdleTimeout" : "0", + "cibaInterval" : "5", + "realmReusableOtpCode" : "false", + "cibaExpiresIn" : "120", + "oauth2DeviceCodeLifespan" : "600", + "parRequestUriLifespan" : "60", + "clientSessionMaxLifespan" : "0", + "adminEventsExpiration" : "900" + }, + "keycloakVersion" : "24.0.0", + "userManagedAccessAllowed" : false, + "clientProfiles" : { + "profiles" : [ ] + }, + "clientPolicies" : { + "policies" : [ ] + } +} \ No newline at end of file diff --git a/spring-security-modules/spring-security-oauth2-testing/keycloak/import/baeldung-users-0.json b/spring-security-modules/spring-security-oauth2-testing/keycloak/import/baeldung-users-0.json new file mode 100644 index 0000000000..20a78548df --- /dev/null +++ b/spring-security-modules/spring-security-oauth2-testing/keycloak/import/baeldung-users-0.json @@ -0,0 +1,50 @@ +{ + "realm" : "baeldung", + "users" : [ { + "id" : "bb83bd5b-b895-49aa-b62e-fde8ff8d5e64", + "username" : "authorized", + "firstName" : "authorized", + "lastName" : "user", + "email" : "authorized@baeldung.gg", + "emailVerified" : true, + "createdTimestamp" : 1713615702990, + "enabled" : true, + "totp" : false, + "credentials" : [ { + "id" : "23d3b6ce-fa3c-4f6e-9b09-e7b3cefa00f6", + "type" : "password", + "userLabel" : "My password", + "createdDate" : 1713615715678, + "secretData" : "{\"value\":\"lCZEOiVbCynSkCWiWe67/5/PybB+Om5mhi6SynpGFPB+r2b+QEKNYsB7ibO2f1ur9UB2aMO7jfoBYQdTJMcHbQ==\",\"salt\":\"hrIbqMOt0L7PPEYh/PsLNQ==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":210000,\"algorithm\":\"pbkdf2-sha512\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "AUTHORIZED_PERSONNEL", "default-roles-baeldung" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "d205d854-547c-43cf-a02d-fd6c385b128b", + "username" : "forbidden", + "firstName" : "forbidden", + "lastName" : "user", + "email" : "forbidden@baeldung.gg", + "emailVerified" : true, + "createdTimestamp" : 1713615781285, + "enabled" : true, + "totp" : false, + "credentials" : [ { + "id" : "2fa8244c-fba9-43d9-ab4d-80804ca26f6f", + "type" : "password", + "userLabel" : "My password", + "createdDate" : 1713615795357, + "secretData" : "{\"value\":\"sOUpOdi8yf31YbMEub+tAF7N55QHjrPjg48mO3/C1zGaAxLUYdLodf4upuy6w7eBuRrFaVa1m4mRe6wkWtmLIw==\",\"salt\":\"OMbZn6ojNyZdp6/k/72B/A==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":210000,\"algorithm\":\"pbkdf2-sha512\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-baeldung" ], + "notBefore" : 0, + "groups" : [ ] + } ] +} \ No newline at end of file diff --git a/spring-security-modules/spring-security-oauth2-testing/pom.xml b/spring-security-modules/spring-security-oauth2-testing/pom.xml index 1f1c441cf5..b2c59d5a98 100644 --- a/spring-security-modules/spring-security-oauth2-testing/pom.xml +++ b/spring-security-modules/spring-security-oauth2-testing/pom.xml @@ -1,38 +1,38 @@ - 4.0.0 - spring-security-oauth2-testing - spring-security-oauth2-testing - pom - spring-security 6 oauth testing sample project + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> + 4.0.0 + spring-security-oauth2-testing + spring-security-oauth2-testing + pom + spring-security 6 oauth testing sample project - - com.baeldung - parent-boot-3 - 0.0.1-SNAPSHOT - ../../parent-boot-3 - + + com.baeldung + parent-boot-3 + 0.0.1-SNAPSHOT + ../../parent-boot-3 + - - - - com.c4-soft.springaddons - spring-addons-oauth2-test - ${spring-addons.version} - - - + + + + com.c4-soft.springaddons + spring-addons-oauth2-test + ${spring-addons.version} + + + - - reactive-resource-server - servlet-resource-server - + + reactive-resource-server + servlet-resource-server + - - 7.1.10 - 17 - + + 7.6.12 + 17 + \ No newline at end of file diff --git a/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/pom.xml b/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/pom.xml index c4badf9caa..f22ebd1bd7 100644 --- a/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/pom.xml +++ b/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/pom.xml @@ -12,6 +12,7 @@ com.baeldung spring-security-oauth2-testing 0.0.1-SNAPSHOT + .. diff --git a/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/main/java/com/baeldung/ReactiveResourceServerApplication.java b/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/main/java/com/baeldung/ReactiveResourceServerApplication.java index 5dd9268092..185cdb9f15 100644 --- a/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/main/java/com/baeldung/ReactiveResourceServerApplication.java +++ b/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/main/java/com/baeldung/ReactiveResourceServerApplication.java @@ -1,7 +1,5 @@ package com.baeldung; -import static org.springframework.security.config.Customizer.withDefaults; - import java.nio.charset.Charset; import java.util.List; import java.util.Map; @@ -17,6 +15,7 @@ import org.springframework.http.HttpStatus; import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.security.authentication.AbstractAuthenticationToken; import org.springframework.security.authentication.AnonymousAuthenticationToken; import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException; import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity; @@ -52,22 +51,22 @@ public class ReactiveResourceServerApplication { @EnableReactiveMethodSecurity static class SecurityConfig { @Bean - SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) { - http.oauth2ResourceServer(resourceServer -> resourceServer.jwt(withDefaults())); + SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http, Converter> authenticationConverter) { + http.oauth2ResourceServer(resourceServer -> resourceServer.jwt(jwtResourceServer -> jwtResourceServer.jwtAuthenticationConverter(authenticationConverter))); http.securityContextRepository(NoOpServerSecurityContextRepository.getInstance()); http.csrf(CsrfSpec::disable); - http.exceptionHandling(eh -> eh - .accessDeniedHandler((var exchange, var ex) -> exchange.getPrincipal().flatMap(principal -> { - final var response = exchange.getResponse(); - response.setStatusCode( - principal instanceof AnonymousAuthenticationToken ? HttpStatus.UNAUTHORIZED - : HttpStatus.FORBIDDEN); - response.getHeaders().setContentType(MediaType.TEXT_PLAIN); - final var dataBufferFactory = response.bufferFactory(); - final var buffer = dataBufferFactory.wrap(ex.getMessage().getBytes(Charset.defaultCharset())); - return response.writeWith(Mono.just(buffer)) - .doOnError(error -> DataBufferUtils.release(buffer)); - }))); + http.exceptionHandling(eh -> eh.accessDeniedHandler((var exchange, var ex) -> exchange.getPrincipal() + .flatMap(principal -> { + final var response = exchange.getResponse(); + response.setStatusCode(principal instanceof AnonymousAuthenticationToken ? HttpStatus.UNAUTHORIZED : HttpStatus.FORBIDDEN); + response.getHeaders() + .setContentType(MediaType.TEXT_PLAIN); + final var dataBufferFactory = response.bufferFactory(); + final var buffer = dataBufferFactory.wrap(ex.getMessage() + .getBytes(Charset.defaultCharset())); + return response.writeWith(Mono.just(buffer)) + .doOnError(error -> DataBufferUtils.release(buffer)); + }))); // @formatter:off http.authorizeExchange(req -> req @@ -84,17 +83,18 @@ public class ReactiveResourceServerApplication { @Bean ReactiveJwtAuthoritiesConverter realmRoles2AuthoritiesConverter() { return (Jwt jwt) -> { - final var realmRoles = Optional.of(jwt.getClaimAsMap("realm_access")).orElse(Map.of()); + final var realmRoles = Optional.of(jwt.getClaimAsMap("realm_access")) + .orElse(Map.of()); @SuppressWarnings("unchecked") final var roles = (List) realmRoles.getOrDefault("roles", List.of()); - return Flux.fromStream(roles.stream()).map(SimpleGrantedAuthority::new) - .map(GrantedAuthority.class::cast); + return Flux.fromStream(roles.stream()) + .map(SimpleGrantedAuthority::new) + .map(GrantedAuthority.class::cast); }; } @Bean - ReactiveJwtAuthenticationConverter authenticationConverter( - Converter> authoritiesConverter) { + ReactiveJwtAuthenticationConverter authenticationConverter(Converter> authoritiesConverter) { final var authenticationConverter = new ReactiveJwtAuthenticationConverter(); authenticationConverter.setPrincipalClaimName(StandardClaimNames.PREFERRED_USERNAME); authenticationConverter.setJwtGrantedAuthoritiesConverter(authoritiesConverter); @@ -106,10 +106,12 @@ public class ReactiveResourceServerApplication { public static class MessageService { public Mono greet() { - return ReactiveSecurityContextHolder.getContext().map(ctx -> { - final var who = (JwtAuthenticationToken) ctx.getAuthentication(); - return "Hello %s! You are granted with %s.".formatted(who.getName(), who.getAuthorities()); - }).switchIfEmpty(Mono.error(new AuthenticationCredentialsNotFoundException("Security context is empty"))); + return ReactiveSecurityContextHolder.getContext() + .map(ctx -> { + final var who = (JwtAuthenticationToken) ctx.getAuthentication(); + return "Hello %s! You are granted with %s.".formatted(who.getName(), who.getAuthorities()); + }) + .switchIfEmpty(Mono.error(new AuthenticationCredentialsNotFoundException("Security context is empty"))); } @PreAuthorize("hasRole('AUTHORIZED_PERSONNEL')") @@ -125,18 +127,21 @@ public class ReactiveResourceServerApplication { @GetMapping("/greet") public Mono> greet() { - return messageService.greet().map(ResponseEntity::ok); + return messageService.greet() + .map(ResponseEntity::ok); } @GetMapping("/secured-route") public Mono> securedRoute() { - return messageService.getSecret().map(ResponseEntity::ok); + return messageService.getSecret() + .map(ResponseEntity::ok); } @GetMapping("/secured-method") @PreAuthorize("hasRole('AUTHORIZED_PERSONNEL')") public Mono> securedMethod() { - return messageService.getSecret().map(ResponseEntity::ok); + return messageService.getSecret() + .map(ResponseEntity::ok); } } diff --git a/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/main/resources/application.yaml b/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/main/resources/application.yaml deleted file mode 100644 index 01e655e1b3..0000000000 --- a/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/main/resources/application.yaml +++ /dev/null @@ -1,6 +0,0 @@ -spring: - security: - oauth2: - resourceserver: - jwt: - issuer-uri: https://localhost:8443/realms/master diff --git a/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/main/resources/application.yml b/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/main/resources/application.yml new file mode 100644 index 0000000000..dcda50e07d --- /dev/null +++ b/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/main/resources/application.yml @@ -0,0 +1,11 @@ +server: + port: 8082 + +spring: + application: + name: reactive-resource-server + security: + oauth2: + resourceserver: + jwt: + issuer-uri: http://localhost:8080/realms/baeldung diff --git a/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/main/resources/banner.txt b/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/main/resources/banner.txt new file mode 100644 index 0000000000..cdecee35fb --- /dev/null +++ b/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/main/resources/banner.txt @@ -0,0 +1,16 @@ +${AnsiColor.GREEN} _____ _ _ +${AnsiColor.GREEN} | __ \ | | (_) +${AnsiColor.GREEN} | |__) |___ __ _ ___| |_ ___ _____ _ __ ___ ___ ___ _ _ _ __ ___ ___ ___ ___ _ ____ _____ _ __ +${AnsiColor.GREEN} | _ // _ \/ _` |/ __| __| \ \ / / _ \ | '__/ _ \/ __|/ _ \| | | | '__/ __/ _ \ / __|/ _ \ '__\ \ / / _ \ '__| +${AnsiColor.GREEN} | | \ \ __/ (_| | (__| |_| |\ V / __/ | | | __/\__ \ (_) | |_| | | | (_| __/ \__ \ __/ | \ V / __/ | +${AnsiColor.GREEN} |_| \_\___|\__,_|\___|\__|_| \_/ \___| |_| \___||___/\___/ \__,_|_| \___\___| |___/\___|_| \_/ \___|_| +${AnsiColor.GREEN} +${AnsiColor.GREEN} +${AnsiColor.BLUE} __ __ __ ______ __ __ ______ +${AnsiColor.BLUE} _____/ /_ / // / ____ ___ ____ / ____ \_____/ // / _________ / __/ /_ _________ ____ ___ +${AnsiColor.BLUE} / ___/ __ \/ // /_/ __ `__ \/ __ \/ / __ `/ ___/ // /_______/ ___/ __ \/ /_/ __// ___/ __ \/ __ `__ \ +${AnsiColor.BLUE}/ /__/ / / /__ __/ / / / / / /_/ / / /_/ / /__/__ __/_____(__ ) /_/ / __/ /__/ /__/ /_/ / / / / / / +${AnsiColor.BLUE}\___/_/ /_/ /_/ /_/ /_/ /_/ .___/\ \__,_/\___/ /_/ /____/\____/_/ \__(_)___/\____/_/ /_/ /_/ +${AnsiColor.BLUE} /_/ \____/ +${AnsiColor.RED}Spring Boot ${spring-boot.formatted-version} +${AnsiColor.BLACK} \ No newline at end of file diff --git a/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/test/java/com/baeldung/SpringSecurityTestGreetingControllerUnitTest.java b/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/test/java/com/baeldung/SpringSecurityTestGreetingControllerUnitTest.java index c7a0659cf1..3c1185b826 100644 --- a/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/test/java/com/baeldung/SpringSecurityTestGreetingControllerUnitTest.java +++ b/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/test/java/com/baeldung/SpringSecurityTestGreetingControllerUnitTest.java @@ -3,8 +3,6 @@ package com.baeldung; import static org.mockito.Mockito.times; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; -import static org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.mockAuthentication; -import static org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.mockJwt; import java.util.List; @@ -16,6 +14,7 @@ import org.springframework.security.authentication.AnonymousAuthenticationToken; import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.oauth2.core.oidc.StandardClaimNames; +import org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers; import org.springframework.test.web.reactive.server.WebTestClient; import com.baeldung.ReactiveResourceServerApplication.GreetingController; @@ -40,7 +39,7 @@ class SpringSecurityTestGreetingControllerUnitTest { @Test void givenRequestIsAnonymous_whenGetGreet_thenUnauthorized() { - api.mutateWith(mockAuthentication(ANONYMOUS_AUTHENTICATION)) + api.mutateWith(SecurityMockServerConfigurers.mockAuthentication(ANONYMOUS_AUTHENTICATION)) .get() .uri("/greet") .exchange() @@ -53,7 +52,8 @@ class SpringSecurityTestGreetingControllerUnitTest { final var greeting = "Whatever the service returns"; when(messageService.greet()).thenReturn(Mono.just(greeting)); - api.mutateWith(mockJwt().authorities(List.of(new SimpleGrantedAuthority("admin"), new SimpleGrantedAuthority("ROLE_AUTHORIZED_PERSONNEL"))) + api.mutateWith(SecurityMockServerConfigurers.mockJwt() + .authorities(List.of(new SimpleGrantedAuthority("admin"), new SimpleGrantedAuthority("ROLE_AUTHORIZED_PERSONNEL"))) .jwt(jwt -> jwt.claim(StandardClaimNames.PREFERRED_USERNAME, "ch4mpy"))) .get() .uri("/greet") @@ -73,7 +73,7 @@ class SpringSecurityTestGreetingControllerUnitTest { @Test void givenRequestIsAnonymous_whenGetSecuredRoute_thenUnauthorized() { - api.mutateWith(mockAuthentication(ANONYMOUS_AUTHENTICATION)) + api.mutateWith(SecurityMockServerConfigurers.mockAuthentication(ANONYMOUS_AUTHENTICATION)) .get() .uri("/secured-route") .exchange() @@ -86,7 +86,8 @@ class SpringSecurityTestGreetingControllerUnitTest { final var secret = "Secret!"; when(messageService.getSecret()).thenReturn(Mono.just(secret)); - api.mutateWith(mockJwt().authorities(new SimpleGrantedAuthority("ROLE_AUTHORIZED_PERSONNEL"))) + api.mutateWith(SecurityMockServerConfigurers.mockJwt() + .authorities(new SimpleGrantedAuthority("ROLE_AUTHORIZED_PERSONNEL"))) .get() .uri("/secured-route") .exchange() @@ -98,7 +99,8 @@ class SpringSecurityTestGreetingControllerUnitTest { @Test void givenUserIsNotGrantedWithRoleAuthorizedPersonnel_whenGetSecuredRoute_thenForbidden() { - api.mutateWith(mockJwt().authorities(new SimpleGrantedAuthority("admin"))) + api.mutateWith(SecurityMockServerConfigurers.mockJwt() + .authorities(new SimpleGrantedAuthority("admin"))) .get() .uri("/secured-route") .exchange() @@ -113,7 +115,7 @@ class SpringSecurityTestGreetingControllerUnitTest { @Test void givenRequestIsAnonymous_whenGetSecuredMethod_thenUnauthorized() { - api.mutateWith(mockAuthentication(ANONYMOUS_AUTHENTICATION)) + api.mutateWith(SecurityMockServerConfigurers.mockAuthentication(ANONYMOUS_AUTHENTICATION)) .get() .uri("/secured-method") .exchange() @@ -126,7 +128,8 @@ class SpringSecurityTestGreetingControllerUnitTest { final var secret = "Secret!"; when(messageService.getSecret()).thenReturn(Mono.just(secret)); - api.mutateWith(mockJwt().authorities(new SimpleGrantedAuthority("ROLE_AUTHORIZED_PERSONNEL"))) + api.mutateWith(SecurityMockServerConfigurers.mockJwt() + .authorities(new SimpleGrantedAuthority("ROLE_AUTHORIZED_PERSONNEL"))) .get() .uri("/secured-method") .exchange() @@ -138,7 +141,8 @@ class SpringSecurityTestGreetingControllerUnitTest { @Test void givenUserIsNotGrantedWithRoleAuthorizedPersonnel_whenGetSecuredMethod_thenForbidden() { - api.mutateWith(mockJwt().authorities(new SimpleGrantedAuthority("admin"))) + api.mutateWith(SecurityMockServerConfigurers.mockJwt() + .authorities(new SimpleGrantedAuthority("admin"))) .get() .uri("/secured-method") .exchange() diff --git a/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/pom.xml b/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/pom.xml index 25bd8a396c..ddd6c1d313 100644 --- a/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/pom.xml +++ b/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/pom.xml @@ -12,6 +12,7 @@ com.baeldung spring-security-oauth2-testing 0.0.1-SNAPSHOT + .. diff --git a/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/main/java/com/baeldung/ServletResourceServerApplication.java b/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/main/java/com/baeldung/ServletResourceServerApplication.java index 7887089458..a0928e9149 100644 --- a/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/main/java/com/baeldung/ServletResourceServerApplication.java +++ b/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/main/java/com/baeldung/ServletResourceServerApplication.java @@ -1,7 +1,5 @@ package com.baeldung; -import static org.springframework.security.config.Customizer.withDefaults; - import java.util.Collection; import java.util.List; import java.util.Map; @@ -16,6 +14,7 @@ import org.springframework.http.HttpHeaders; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.security.authentication.AbstractAuthenticationToken; import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; @@ -48,8 +47,8 @@ public class ServletResourceServerApplication { @EnableWebSecurity static class SecurityConf { @Bean - SecurityFilterChain filterChain(HttpSecurity http) throws Exception { - http.oauth2ResourceServer(resourceServer -> resourceServer.jwt(withDefaults())); + SecurityFilterChain filterChain(HttpSecurity http, Converter authenticationConverter) throws Exception { + http.oauth2ResourceServer(resourceServer -> resourceServer.jwt(jwtResourceServer -> jwtResourceServer.jwtAuthenticationConverter(authenticationConverter))); http.sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS)); http.csrf(AbstractHttpConfigurer::disable); http.exceptionHandling(eh -> eh.authenticationEntryPoint((request, response, authException) -> { @@ -57,11 +56,11 @@ public class ServletResourceServerApplication { response.sendError(HttpStatus.UNAUTHORIZED.value(), HttpStatus.UNAUTHORIZED.getReasonPhrase()); })); - // @formatter:off - http.authorizeHttpRequests(req -> req - .requestMatchers(new AntPathRequestMatcher("/secured-route")).hasRole("AUTHORIZED_PERSONNEL") - .anyRequest().authenticated()); - // @formatter:on + // @formatter:off + http.authorizeHttpRequests(req -> req + .requestMatchers(new AntPathRequestMatcher("/secured-route")).hasRole("AUTHORIZED_PERSONNEL") + .anyRequest().authenticated()); + // @formatter:on return http.build(); } @@ -72,10 +71,14 @@ public class ServletResourceServerApplication { @Bean JwtAuthoritiesConverter realmRoles2AuthoritiesConverter() { return (Jwt jwt) -> { - final var realmRoles = Optional.of(jwt.getClaimAsMap("realm_access")).orElse(Map.of()); + final var realmRoles = Optional.of(jwt.getClaimAsMap("realm_access")) + .orElse(Map.of()); @SuppressWarnings("unchecked") final var roles = (List) realmRoles.getOrDefault("roles", List.of()); - return roles.stream().map(SimpleGrantedAuthority::new).map(GrantedAuthority.class::cast).toList(); + return roles.stream() + .map(SimpleGrantedAuthority::new) + .map(GrantedAuthority.class::cast) + .toList(); }; } @@ -92,7 +95,8 @@ public class ServletResourceServerApplication { public static class MessageService { public String greet() { - final var who = (JwtAuthenticationToken) SecurityContextHolder.getContext().getAuthentication(); + final var who = (JwtAuthenticationToken) SecurityContextHolder.getContext() + .getAuthentication(); return "Hello %s! You are granted with %s.".formatted(who.getName(), who.getAuthorities()); } diff --git a/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/main/resources/application.properties b/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/main/resources/application.properties deleted file mode 100644 index 998f6303aa..0000000000 --- a/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/main/resources/application.properties +++ /dev/null @@ -1 +0,0 @@ -spring.security.oauth2.resourceserver.jwt.issuer-uri=https://localhost:8443/realms/master diff --git a/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/main/resources/application.yml b/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/main/resources/application.yml new file mode 100644 index 0000000000..8335931381 --- /dev/null +++ b/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/main/resources/application.yml @@ -0,0 +1,11 @@ +server: + port: 8081 + +spring: + application: + name: servlet-resource-server + security: + oauth2: + resourceserver: + jwt: + issuer-uri: http://localhost:8080/realms/baeldung diff --git a/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/main/resources/banner.txt b/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/main/resources/banner.txt new file mode 100644 index 0000000000..23e0e9c9cd --- /dev/null +++ b/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/main/resources/banner.txt @@ -0,0 +1,16 @@ +${AnsiColor.GREEN} _____ _ _ +${AnsiColor.GREEN} / ____| | | | | +${AnsiColor.GREEN} | (___ ___ _ ____ _| | ___| |_ _ __ ___ ___ ___ _ _ _ __ ___ ___ ___ ___ _ ____ _____ _ __ +${AnsiColor.GREEN} \___ \ / _ \ '__\ \ / / |/ _ \ __| | '__/ _ \/ __|/ _ \| | | | '__/ __/ _ \ / __|/ _ \ '__\ \ / / _ \ '__| +${AnsiColor.GREEN} ____) | __/ | \ V /| | __/ |_ | | | __/\__ \ (_) | |_| | | | (_| __/ \__ \ __/ | \ V / __/ | +${AnsiColor.GREEN} |_____/ \___|_| \_/ |_|\___|\__| |_| \___||___/\___/ \__,_|_| \___\___| |___/\___|_| \_/ \___|_| +${AnsiColor.GREEN} +${AnsiColor.GREEN} +${AnsiColor.BLUE} __ __ __ ______ __ __ ______ +${AnsiColor.BLUE} _____/ /_ / // / ____ ___ ____ / ____ \_____/ // / _________ / __/ /_ _________ ____ ___ +${AnsiColor.BLUE} / ___/ __ \/ // /_/ __ `__ \/ __ \/ / __ `/ ___/ // /_______/ ___/ __ \/ /_/ __// ___/ __ \/ __ `__ \ +${AnsiColor.BLUE}/ /__/ / / /__ __/ / / / / / /_/ / / /_/ / /__/__ __/_____(__ ) /_/ / __/ /__/ /__/ /_/ / / / / / / +${AnsiColor.BLUE}\___/_/ /_/ /_/ /_/ /_/ /_/ .___/\ \__,_/\___/ /_/ /____/\____/_/ \__(_)___/\____/_/ /_/ /_/ +${AnsiColor.BLUE} /_/ \____/ +${AnsiColor.RED}Spring Boot ${spring-boot.formatted-version} +${AnsiColor.BLACK} \ No newline at end of file diff --git a/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/test/java/com/baeldung/SpringAddonsGreetingControllerUnitTest.java b/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/test/java/com/baeldung/SpringAddonsGreetingControllerUnitTest.java index 2534d9919a..2a47a919dd 100644 --- a/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/test/java/com/baeldung/SpringAddonsGreetingControllerUnitTest.java +++ b/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/test/java/com/baeldung/SpringAddonsGreetingControllerUnitTest.java @@ -44,9 +44,7 @@ class SpringAddonsGreetingControllerUnitTest { } @ParameterizedTest - @AuthenticationSource({ - @WithMockAuthentication(authorities = { "admin", "ROLE_AUTHORIZED_PERSONNEL" }, name = "ch4mpy"), - @WithMockAuthentication(authorities = { "uncle", "PIRATE" }, name = "tonton-pirate") }) + @AuthenticationSource({ @WithMockAuthentication(authorities = { "admin", "ROLE_AUTHORIZED_PERSONNEL" }, name = "ch4mpy"), @WithMockAuthentication(authorities = { "uncle", "PIRATE" }, name = "tonton-pirate") }) void givenUserIsAuthenticated_whenGetGreet_thenOk(@ParameterizedAuthentication Authentication auth) throws Exception { final var greeting = "Whatever the service returns"; when(messageService.greet()).thenReturn(greeting); diff --git a/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/test/java/com/baeldung/SpringSecurityTestGreetingControllerUnitTest.java b/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/test/java/com/baeldung/SpringSecurityTestGreetingControllerUnitTest.java index 0e710bcc9f..ce57342ef6 100644 --- a/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/test/java/com/baeldung/SpringSecurityTestGreetingControllerUnitTest.java +++ b/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/test/java/com/baeldung/SpringSecurityTestGreetingControllerUnitTest.java @@ -3,8 +3,6 @@ package com.baeldung; import static org.mockito.Mockito.times; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; -import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.anonymous; -import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.jwt; import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; @@ -17,6 +15,7 @@ import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest; import org.springframework.boot.test.mock.mockito.MockBean; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.oauth2.core.oidc.StandardClaimNames; +import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors; import org.springframework.test.web.servlet.MockMvc; import com.baeldung.ServletResourceServerApplication.GreetingController; @@ -38,7 +37,7 @@ class SpringSecurityTestGreetingControllerUnitTest { @Test void givenRequestIsAnonymous_whenGetGreet_thenUnauthorized() throws Exception { - api.perform(get("/greet").with(anonymous())) + api.perform(get("/greet").with(SecurityMockMvcRequestPostProcessors.anonymous())) .andExpect(status().isUnauthorized()); } @@ -47,7 +46,8 @@ class SpringSecurityTestGreetingControllerUnitTest { final var greeting = "Whatever the service returns"; when(messageService.greet()).thenReturn(greeting); - api.perform(get("/greet").with(jwt().authorities(List.of(new SimpleGrantedAuthority("admin"), new SimpleGrantedAuthority("ROLE_AUTHORIZED_PERSONNEL"))) + api.perform(get("/greet").with(SecurityMockMvcRequestPostProcessors.jwt() + .authorities(List.of(new SimpleGrantedAuthority("admin"), new SimpleGrantedAuthority("ROLE_AUTHORIZED_PERSONNEL"))) .jwt(jwt -> jwt.claim(StandardClaimNames.PREFERRED_USERNAME, "ch4mpy")))) .andExpect(status().isOk()) .andExpect(content().string(greeting)); @@ -62,7 +62,7 @@ class SpringSecurityTestGreetingControllerUnitTest { @Test void givenRequestIsAnonymous_whenGetSecuredRoute_thenUnauthorized() throws Exception { - api.perform(get("/secured-route").with(anonymous())) + api.perform(get("/secured-route").with(SecurityMockMvcRequestPostProcessors.anonymous())) .andExpect(status().isUnauthorized()); } @@ -71,14 +71,16 @@ class SpringSecurityTestGreetingControllerUnitTest { final var secret = "Secret!"; when(messageService.getSecret()).thenReturn(secret); - api.perform(get("/secured-route").with(jwt().authorities(new SimpleGrantedAuthority("ROLE_AUTHORIZED_PERSONNEL")))) + api.perform(get("/secured-route").with(SecurityMockMvcRequestPostProcessors.jwt() + .authorities(new SimpleGrantedAuthority("ROLE_AUTHORIZED_PERSONNEL")))) .andExpect(status().isOk()) .andExpect(content().string(secret)); } @Test void givenUserIsNotGrantedWithRoleAuthorizedPersonnel_whenGetSecuredRoute_thenForbidden() throws Exception { - api.perform(get("/secured-route").with(jwt().authorities(new SimpleGrantedAuthority("admin")))) + api.perform(get("/secured-route").with(SecurityMockMvcRequestPostProcessors.jwt() + .authorities(new SimpleGrantedAuthority("admin")))) .andExpect(status().isForbidden()); } @@ -89,7 +91,7 @@ class SpringSecurityTestGreetingControllerUnitTest { @Test void givenRequestIsAnonymous_whenGetSecuredMethod_thenUnauthorized() throws Exception { - api.perform(get("/secured-method").with(anonymous())) + api.perform(get("/secured-method").with(SecurityMockMvcRequestPostProcessors.anonymous())) .andExpect(status().isUnauthorized()); } @@ -98,14 +100,16 @@ class SpringSecurityTestGreetingControllerUnitTest { final var secret = "Secret!"; when(messageService.getSecret()).thenReturn(secret); - api.perform(get("/secured-method").with(jwt().authorities(new SimpleGrantedAuthority("ROLE_AUTHORIZED_PERSONNEL")))) + api.perform(get("/secured-method").with(SecurityMockMvcRequestPostProcessors.jwt() + .authorities(new SimpleGrantedAuthority("ROLE_AUTHORIZED_PERSONNEL")))) .andExpect(status().isOk()) .andExpect(content().string(secret)); } @Test void givenUserIsNotGrantedWithRoleAuthorizedPersonnel_whenGetSecuredMethod_thenForbidden() throws Exception { - api.perform(get("/secured-method").with(jwt().authorities(new SimpleGrantedAuthority("admin")))) + api.perform(get("/secured-method").with(SecurityMockMvcRequestPostProcessors.jwt() + .authorities(new SimpleGrantedAuthority("admin")))) .andExpect(status().isForbidden()); } From f80faa08c82ea602419f04fc9d37ca41297b4fb3 Mon Sep 17 00:00:00 2001 From: ch4mpy Date: Sun, 21 Apr 2024 16:38:05 -1000 Subject: [PATCH 2/3] BAEL-7704 : (CONFIGURATION) format resources --- .../keycloak/import/baeldung-realm.json | 4158 +++++++++-------- .../keycloak/import/baeldung-users-0.json | 108 +- .../reactive-resource-server/pom.xml | 108 +- .../src/test/resources/ch4mpy.json | 26 +- .../src/test/resources/tonton-pirate.json | 26 +- .../servlet-resource-server/pom.xml | 108 +- .../src/test/resources/ch4mpy.json | 26 +- .../src/test/resources/tonton-pirate.json | 26 +- 8 files changed, 2553 insertions(+), 2033 deletions(-) diff --git a/spring-security-modules/spring-security-oauth2-testing/keycloak/import/baeldung-realm.json b/spring-security-modules/spring-security-oauth2-testing/keycloak/import/baeldung-realm.json index 616f0c1f74..decb2f52b5 100644 --- a/spring-security-modules/spring-security-oauth2-testing/keycloak/import/baeldung-realm.json +++ b/spring-security-modules/spring-security-oauth2-testing/keycloak/import/baeldung-realm.json @@ -1,1827 +1,2335 @@ { - "id" : "7a046c8d-77b1-4851-b4a9-e3a25a17e431", - "realm" : "baeldung", - "notBefore" : 0, - "defaultSignatureAlgorithm" : "RS256", - "revokeRefreshToken" : false, - "refreshTokenMaxReuse" : 0, - "accessTokenLifespan" : 300, - "accessTokenLifespanForImplicitFlow" : 900, - "ssoSessionIdleTimeout" : 1800, - "ssoSessionMaxLifespan" : 36000, - "ssoSessionIdleTimeoutRememberMe" : 0, - "ssoSessionMaxLifespanRememberMe" : 0, - "offlineSessionIdleTimeout" : 2592000, - "offlineSessionMaxLifespanEnabled" : false, - "offlineSessionMaxLifespan" : 5184000, - "clientSessionIdleTimeout" : 0, - "clientSessionMaxLifespan" : 0, - "clientOfflineSessionIdleTimeout" : 0, - "clientOfflineSessionMaxLifespan" : 0, - "accessCodeLifespan" : 60, - "accessCodeLifespanUserAction" : 300, - "accessCodeLifespanLogin" : 1800, - "actionTokenGeneratedByAdminLifespan" : 43200, - "actionTokenGeneratedByUserLifespan" : 300, - "oauth2DeviceCodeLifespan" : 600, - "oauth2DevicePollingInterval" : 5, - "enabled" : true, - "sslRequired" : "external", - "registrationAllowed" : false, - "registrationEmailAsUsername" : false, - "rememberMe" : false, - "verifyEmail" : false, - "loginWithEmailAllowed" : true, - "duplicateEmailsAllowed" : false, - "resetPasswordAllowed" : false, - "editUsernameAllowed" : false, - "bruteForceProtected" : false, - "permanentLockout" : false, - "maxTemporaryLockouts" : 0, - "maxFailureWaitSeconds" : 900, - "minimumQuickLoginWaitSeconds" : 60, - "waitIncrementSeconds" : 60, - "quickLoginCheckMilliSeconds" : 1000, - "maxDeltaTimeSeconds" : 43200, - "failureFactor" : 30, - "roles" : { - "realm" : [ { - "id" : "4ad869c1-56f3-45fd-b345-f107f2834de1", - "name" : "AUTHORIZED_PERSONNEL", - "description" : "", - "composite" : false, - "clientRole" : false, - "containerId" : "7a046c8d-77b1-4851-b4a9-e3a25a17e431", - "attributes" : { } - }, { - "id" : "bfdf00fe-5111-404b-858c-50dcb8a63e61", - "name" : "default-roles-baeldung", - "description" : "${role_default-roles}", - "composite" : true, - "composites" : { - "realm" : [ "offline_access", "uma_authorization" ], - "client" : { - "account" : [ "view-profile", "manage-account" ] - } - }, - "clientRole" : false, - "containerId" : "7a046c8d-77b1-4851-b4a9-e3a25a17e431", - "attributes" : { } - }, { - "id" : "96fbbf77-c81e-472b-bb2e-184713dfffde", - "name" : "uma_authorization", - "description" : "${role_uma_authorization}", - "composite" : false, - "clientRole" : false, - "containerId" : "7a046c8d-77b1-4851-b4a9-e3a25a17e431", - "attributes" : { } - }, { - "id" : "cec72467-237c-4ae9-ae1d-ca84ff51b404", - "name" : "offline_access", - "description" : "${role_offline-access}", - "composite" : false, - "clientRole" : false, - "containerId" : "7a046c8d-77b1-4851-b4a9-e3a25a17e431", - "attributes" : { } - } ], - "client" : { - "realm-management" : [ { - "id" : "955d707a-3baa-4462-a53c-83ff73b30a12", - "name" : "view-realm", - "description" : "${role_view-realm}", - "composite" : false, - "clientRole" : true, - "containerId" : "4720b673-8d8b-4709-b695-88d6c17e8edf", - "attributes" : { } - }, { - "id" : "81cbcb10-8e84-431e-8da8-07219be8d93d", - "name" : "view-clients", - "description" : "${role_view-clients}", - "composite" : true, - "composites" : { - "client" : { - "realm-management" : [ "query-clients" ] - } - }, - "clientRole" : true, - "containerId" : "4720b673-8d8b-4709-b695-88d6c17e8edf", - "attributes" : { } - }, { - "id" : "fa1adc6d-7b86-4dc6-a120-57eee9a4fe93", - "name" : "create-client", - "description" : "${role_create-client}", - "composite" : false, - "clientRole" : true, - "containerId" : "4720b673-8d8b-4709-b695-88d6c17e8edf", - "attributes" : { } - }, { - "id" : "be5a19cb-fa00-486a-abfa-eb0dc86680fb", - "name" : "view-users", - "description" : "${role_view-users}", - "composite" : true, - "composites" : { - "client" : { - "realm-management" : [ "query-users", "query-groups" ] - } - }, - "clientRole" : true, - "containerId" : "4720b673-8d8b-4709-b695-88d6c17e8edf", - "attributes" : { } - }, { - "id" : "d76de5c9-10f2-4b68-9850-a16d9b2dd35a", - "name" : "manage-identity-providers", - "description" : "${role_manage-identity-providers}", - "composite" : false, - "clientRole" : true, - "containerId" : "4720b673-8d8b-4709-b695-88d6c17e8edf", - "attributes" : { } - }, { - "id" : "6339f747-4f89-4e67-9c77-420524135d96", - "name" : "manage-authorization", - "description" : "${role_manage-authorization}", - "composite" : false, - "clientRole" : true, - "containerId" : "4720b673-8d8b-4709-b695-88d6c17e8edf", - "attributes" : { } - }, { - "id" : "c9d5af42-6742-49cf-bd01-a730f4c3cc2e", - "name" : "impersonation", - "description" : "${role_impersonation}", - "composite" : false, - "clientRole" : true, - "containerId" : "4720b673-8d8b-4709-b695-88d6c17e8edf", - "attributes" : { } - }, { - "id" : "56dccfed-9379-4cfb-a720-b9b9e1745048", - "name" : "view-identity-providers", - "description" : "${role_view-identity-providers}", - "composite" : false, - "clientRole" : true, - "containerId" : "4720b673-8d8b-4709-b695-88d6c17e8edf", - "attributes" : { } - }, { - "id" : "e10c568f-c50f-4ee4-88cf-43f0c4a1dc2c", - "name" : "manage-realm", - "description" : "${role_manage-realm}", - "composite" : false, - "clientRole" : true, - "containerId" : "4720b673-8d8b-4709-b695-88d6c17e8edf", - "attributes" : { } - }, { - "id" : "d12dcfc2-b649-4c11-ac55-41d6ab10f5c6", - "name" : "query-users", - "description" : "${role_query-users}", - "composite" : false, - "clientRole" : true, - "containerId" : "4720b673-8d8b-4709-b695-88d6c17e8edf", - "attributes" : { } - }, { - "id" : "57977d45-f810-400a-81ca-63a9bdddd3b9", - "name" : "query-realms", - "description" : "${role_query-realms}", - "composite" : false, - "clientRole" : true, - "containerId" : "4720b673-8d8b-4709-b695-88d6c17e8edf", - "attributes" : { } - }, { - "id" : "e14dfabc-3f03-42cf-a716-5261b7002914", - "name" : "query-groups", - "description" : "${role_query-groups}", - "composite" : false, - "clientRole" : true, - "containerId" : "4720b673-8d8b-4709-b695-88d6c17e8edf", - "attributes" : { } - }, { - "id" : "800d272c-1327-485c-9d2f-576f3d9a0178", - "name" : "view-authorization", - "description" : "${role_view-authorization}", - "composite" : false, - "clientRole" : true, - "containerId" : "4720b673-8d8b-4709-b695-88d6c17e8edf", - "attributes" : { } - }, { - "id" : "fdc10176-42c0-4b58-968a-35bfd5dbce20", - "name" : "view-events", - "description" : "${role_view-events}", - "composite" : false, - "clientRole" : true, - "containerId" : "4720b673-8d8b-4709-b695-88d6c17e8edf", - "attributes" : { } - }, { - "id" : "23393ccd-3b70-4de8-9e00-0adbb11851ce", - "name" : "manage-users", - "description" : "${role_manage-users}", - "composite" : false, - "clientRole" : true, - "containerId" : "4720b673-8d8b-4709-b695-88d6c17e8edf", - "attributes" : { } - }, { - "id" : "01a3847f-7602-400d-bedd-7545618559f3", - "name" : "manage-clients", - "description" : "${role_manage-clients}", - "composite" : false, - "clientRole" : true, - "containerId" : "4720b673-8d8b-4709-b695-88d6c17e8edf", - "attributes" : { } - }, { - "id" : "7d8ac9c4-6d1b-4861-a0b9-0479cbd55b14", - "name" : "query-clients", - "description" : "${role_query-clients}", - "composite" : false, - "clientRole" : true, - "containerId" : "4720b673-8d8b-4709-b695-88d6c17e8edf", - "attributes" : { } - }, { - "id" : "788677b0-3fbf-457d-8b62-25f305b86bcf", - "name" : "manage-events", - "description" : "${role_manage-events}", - "composite" : false, - "clientRole" : true, - "containerId" : "4720b673-8d8b-4709-b695-88d6c17e8edf", - "attributes" : { } - }, { - "id" : "642d82d5-1071-47a9-aca9-d0fbd28d0328", - "name" : "realm-admin", - "description" : "${role_realm-admin}", - "composite" : true, - "composites" : { - "client" : { - "realm-management" : [ "view-realm", "view-clients", "create-client", "view-users", "manage-identity-providers", "manage-authorization", "impersonation", "view-identity-providers", "manage-realm", "query-users", "query-realms", "view-authorization", "query-groups", "view-events", "manage-users", "manage-clients", "query-clients", "manage-events" ] - } - }, - "clientRole" : true, - "containerId" : "4720b673-8d8b-4709-b695-88d6c17e8edf", - "attributes" : { } - } ], - "security-admin-console" : [ ], - "admin-cli" : [ ], - "baeldung-confidential" : [ ], - "account-console" : [ ], - "broker" : [ { - "id" : "9043c535-f6d3-44dc-8c48-d3983e04a93b", - "name" : "read-token", - "description" : "${role_read-token}", - "composite" : false, - "clientRole" : true, - "containerId" : "cb2ee74f-fb36-4f21-82bb-4928966ea449", - "attributes" : { } - } ], - "account" : [ { - "id" : "4a188a41-39d9-47e6-b8de-6d9b42c7a414", - "name" : "view-profile", - "description" : "${role_view-profile}", - "composite" : false, - "clientRole" : true, - "containerId" : "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b", - "attributes" : { } - }, { - "id" : "da24f251-0c13-4035-84f1-16c5a3301ea6", - "name" : "view-consent", - "description" : "${role_view-consent}", - "composite" : false, - "clientRole" : true, - "containerId" : "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b", - "attributes" : { } - }, { - "id" : "26edbb7d-dd9f-4dd4-a282-a6e886e38302", - "name" : "manage-account-links", - "description" : "${role_manage-account-links}", - "composite" : false, - "clientRole" : true, - "containerId" : "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b", - "attributes" : { } - }, { - "id" : "b2c98d1e-4a85-4e11-901d-0207e9793acf", - "name" : "manage-consent", - "description" : "${role_manage-consent}", - "composite" : true, - "composites" : { - "client" : { - "account" : [ "view-consent" ] - } - }, - "clientRole" : true, - "containerId" : "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b", - "attributes" : { } - }, { - "id" : "f244eb36-cf20-4e96-8233-fee1ee8da72e", - "name" : "manage-account", - "description" : "${role_manage-account}", - "composite" : true, - "composites" : { - "client" : { - "account" : [ "manage-account-links" ] - } - }, - "clientRole" : true, - "containerId" : "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b", - "attributes" : { } - }, { - "id" : "a5ca4c2f-d8ad-4c8c-bfd4-1173dd7c1338", - "name" : "view-groups", - "description" : "${role_view-groups}", - "composite" : false, - "clientRole" : true, - "containerId" : "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b", - "attributes" : { } - }, { - "id" : "83f4a43c-07cd-43d5-af99-7825ea603ca9", - "name" : "view-applications", - "description" : "${role_view-applications}", - "composite" : false, - "clientRole" : true, - "containerId" : "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b", - "attributes" : { } - }, { - "id" : "18642f4e-1e2a-4023-9947-7a425d8ed76e", - "name" : "delete-account", - "description" : "${role_delete-account}", - "composite" : false, - "clientRole" : true, - "containerId" : "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b", - "attributes" : { } - } ] - } - }, - "groups" : [ ], - "defaultRole" : { - "id" : "bfdf00fe-5111-404b-858c-50dcb8a63e61", - "name" : "default-roles-baeldung", - "description" : "${role_default-roles}", - "composite" : true, - "clientRole" : false, - "containerId" : "7a046c8d-77b1-4851-b4a9-e3a25a17e431" - }, - "requiredCredentials" : [ "password" ], - "otpPolicyType" : "totp", - "otpPolicyAlgorithm" : "HmacSHA1", - "otpPolicyInitialCounter" : 0, - "otpPolicyDigits" : 6, - "otpPolicyLookAheadWindow" : 1, - "otpPolicyPeriod" : 30, - "otpPolicyCodeReusable" : false, - "otpSupportedApplications" : [ "totpAppFreeOTPName", "totpAppGoogleName", "totpAppMicrosoftAuthenticatorName" ], - "localizationTexts" : { }, - "webAuthnPolicyRpEntityName" : "keycloak", - "webAuthnPolicySignatureAlgorithms" : [ "ES256" ], - "webAuthnPolicyRpId" : "", - "webAuthnPolicyAttestationConveyancePreference" : "not specified", - "webAuthnPolicyAuthenticatorAttachment" : "not specified", - "webAuthnPolicyRequireResidentKey" : "not specified", - "webAuthnPolicyUserVerificationRequirement" : "not specified", - "webAuthnPolicyCreateTimeout" : 0, - "webAuthnPolicyAvoidSameAuthenticatorRegister" : false, - "webAuthnPolicyAcceptableAaguids" : [ ], - "webAuthnPolicyExtraOrigins" : [ ], - "webAuthnPolicyPasswordlessRpEntityName" : "keycloak", - "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ], - "webAuthnPolicyPasswordlessRpId" : "", - "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified", - "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified", - "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified", - "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified", - "webAuthnPolicyPasswordlessCreateTimeout" : 0, - "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false, - "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ], - "webAuthnPolicyPasswordlessExtraOrigins" : [ ], - "scopeMappings" : [ { - "clientScope" : "offline_access", - "roles" : [ "offline_access" ] - } ], - "clientScopeMappings" : { - "account" : [ { - "client" : "account-console", - "roles" : [ "manage-account", "view-groups" ] - } ] - }, - "clients" : [ { - "id" : "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b", - "clientId" : "account", - "name" : "${client_account}", - "rootUrl" : "${authBaseUrl}", - "baseUrl" : "/realms/baeldung/account/", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ "/realms/baeldung/account/*" ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "post.logout.redirect.uris" : "+" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "4beaa749-404c-4a6a-9b04-72df4f9066a4", - "clientId" : "account-console", - "name" : "${client_account-console}", - "rootUrl" : "${authBaseUrl}", - "baseUrl" : "/realms/baeldung/account/", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ "/realms/baeldung/account/*" ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "post.logout.redirect.uris" : "+", - "pkce.code.challenge.method" : "S256" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "protocolMappers" : [ { - "id" : "84f0fe2c-8381-4cd1-afa7-508c5cd6c83c", - "name" : "audience resolve", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-audience-resolve-mapper", - "consentRequired" : false, - "config" : { } - } ], - "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "d2a180a9-6ed6-42fd-a476-2ba0948cae8f", - "clientId" : "admin-cli", - "name" : "${client_admin-cli}", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : false, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : true, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "3172d7e0-ac9f-4728-ba8c-e1d35c6e14a4", - "clientId" : "baeldung-confidential", - "name" : "", - "description" : "", - "rootUrl" : "", - "adminUrl" : "", - "baseUrl" : "", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "secret", - "redirectUris" : ["https://oauth.pstmn.io/v1/callback", "http://localhost:8080/*", "https://localhost:8080/*", "http://localhost:8081/*", "https://localhost:8081/*", "http://localhost:8082/*", "https://localhost:8082/*" ], - "webOrigins" : [ "+" ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : true, - "protocol" : "openid-connect", - "attributes" : { - "oidc.ciba.grant.enabled" : "false", - "client.secret.creation.time" : "1713615347", - "backchannel.logout.session.required" : "true", - "post.logout.redirect.uris" : "+", - "oauth2.device.authorization.grant.enabled" : "false", - "backchannel.logout.revoke.offline.tokens" : "false" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : true, - "nodeReRegistrationTimeout" : -1, - "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "cb2ee74f-fb36-4f21-82bb-4928966ea449", - "clientId" : "broker", - "name" : "${client_broker}", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : true, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "4720b673-8d8b-4709-b695-88d6c17e8edf", - "clientId" : "realm-management", - "name" : "${client_realm-management}", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : true, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "8c99b1f8-439f-4c01-ac62-bf4b852a3585", - "clientId" : "security-admin-console", - "name" : "${client_security-admin-console}", - "rootUrl" : "${authAdminUrl}", - "baseUrl" : "/admin/baeldung/console/", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ "/admin/baeldung/console/*" ], - "webOrigins" : [ "+" ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "post.logout.redirect.uris" : "+", - "pkce.code.challenge.method" : "S256" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "protocolMappers" : [ { - "id" : "4a39a186-0bc6-46c8-9605-940ab6af0ec4", - "name" : "locale", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "locale", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "locale", - "jsonType.label" : "String" - } - } ], - "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - } ], - "clientScopes" : [ { - "id" : "98fd7e67-c4fc-4e6a-bb9c-6e27d99bbbb2", - "name" : "phone", - "description" : "OpenID Connect built-in scope: phone", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${phoneScopeConsentText}" - }, - "protocolMappers" : [ { - "id" : "1cdb5d11-fcc5-48ee-9acc-b8d980b607a5", - "name" : "phone number", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "phoneNumber", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "phone_number", - "jsonType.label" : "String" - } - }, { - "id" : "f3258684-171e-47f9-a9d0-96434e91ee6a", - "name" : "phone number verified", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "phoneNumberVerified", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "phone_number_verified", - "jsonType.label" : "boolean" - } - } ] - }, { - "id" : "20843100-3f9b-4c50-8dc6-86e6d64fbc3d", - "name" : "role_list", - "description" : "SAML role list", - "protocol" : "saml", - "attributes" : { - "consent.screen.text" : "${samlRoleListScopeConsentText}", - "display.on.consent.screen" : "true" - }, - "protocolMappers" : [ { - "id" : "fabf3bec-72b8-4035-84a7-f368417446ef", - "name" : "role list", - "protocol" : "saml", - "protocolMapper" : "saml-role-list-mapper", - "consentRequired" : false, - "config" : { - "single" : "false", - "attribute.nameformat" : "Basic", - "attribute.name" : "Role" - } - } ] - }, { - "id" : "3a0949bd-8a64-44b3-8f21-0b8c41cf44d8", - "name" : "address", - "description" : "OpenID Connect built-in scope: address", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${addressScopeConsentText}" - }, - "protocolMappers" : [ { - "id" : "38838b81-804d-47d1-9aad-92d5107b1653", - "name" : "address", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-address-mapper", - "consentRequired" : false, - "config" : { - "user.attribute.formatted" : "formatted", - "user.attribute.country" : "country", - "introspection.token.claim" : "true", - "user.attribute.postal_code" : "postal_code", - "userinfo.token.claim" : "true", - "user.attribute.street" : "street", - "id.token.claim" : "true", - "user.attribute.region" : "region", - "access.token.claim" : "true", - "user.attribute.locality" : "locality" - } - } ] - }, { - "id" : "4bc0f7a9-7009-48f4-aeee-198c705d4e90", - "name" : "profile", - "description" : "OpenID Connect built-in scope: profile", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${profileScopeConsentText}" - }, - "protocolMappers" : [ { - "id" : "ed2fc2c9-d27e-4d2c-b877-4bc817fd54bf", - "name" : "family name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "lastName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "family_name", - "jsonType.label" : "String" - } - }, { - "id" : "c1278964-7ee9-4619-a8a4-461ef8fce69b", - "name" : "nickname", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "nickname", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "nickname", - "jsonType.label" : "String" - } - }, { - "id" : "bf7b6bfb-0c2a-4826-8ee2-52cc409534f2", - "name" : "picture", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "picture", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "picture", - "jsonType.label" : "String" - } - }, { - "id" : "85bdea58-50c5-4d63-952d-ab0e1e861244", - "name" : "username", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "username", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "preferred_username", - "jsonType.label" : "String" - } - }, { - "id" : "c945557c-e480-4f09-b9fa-62c05a26cb05", - "name" : "updated at", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "updatedAt", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "updated_at", - "jsonType.label" : "long" - } - }, { - "id" : "184fc94a-c750-4bc0-be3f-0501365bc1fd", - "name" : "full name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-full-name-mapper", - "consentRequired" : false, - "config" : { - "id.token.claim" : "true", - "introspection.token.claim" : "true", - "access.token.claim" : "true", - "userinfo.token.claim" : "true" - } - }, { - "id" : "40162254-ac26-4b36-a5d5-538d33612c80", - "name" : "zoneinfo", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "zoneinfo", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "zoneinfo", - "jsonType.label" : "String" - } - }, { - "id" : "a85df9ca-5a7f-4035-96a1-bd55dcdbe5be", - "name" : "gender", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "gender", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "gender", - "jsonType.label" : "String" - } - }, { - "id" : "8d02d6e1-89b1-4777-8ce6-5bc6a1fb9f30", - "name" : "middle name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "middleName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "middle_name", - "jsonType.label" : "String" - } - }, { - "id" : "bf65a00b-5112-4bd4-b540-de0fa4912c65", - "name" : "website", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "website", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "website", - "jsonType.label" : "String" - } - }, { - "id" : "5eddbe1e-e274-4543-8606-a8fd3d5f793b", - "name" : "locale", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "locale", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "locale", - "jsonType.label" : "String" - } - }, { - "id" : "54300fc6-0c26-42e0-89bb-844955488008", - "name" : "given name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "firstName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "given_name", - "jsonType.label" : "String" - } - }, { - "id" : "89ccaf97-a0a8-4221-9174-17a7e475ebc7", - "name" : "birthdate", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "birthdate", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "birthdate", - "jsonType.label" : "String" - } - }, { - "id" : "58e90cb8-25c5-4e81-a5ed-a9de481fab17", - "name" : "profile", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "profile", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "profile", - "jsonType.label" : "String" - } - } ] - }, { - "id" : "2d434173-8b6e-4959-ad8f-c7185bc9b433", - "name" : "email", - "description" : "OpenID Connect built-in scope: email", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${emailScopeConsentText}" - }, - "protocolMappers" : [ { - "id" : "84dad65d-8413-44c0-95f4-f3d64035e7b6", - "name" : "email verified", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "emailVerified", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "email_verified", - "jsonType.label" : "boolean" - } - }, { - "id" : "89ac6a7f-9435-41ed-83eb-34a366429a6f", - "name" : "email", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "email", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "email", - "jsonType.label" : "String" - } - } ] - }, { - "id" : "51307312-9b48-4ae9-ad92-7cbc0ff4c6c3", - "name" : "web-origins", - "description" : "OpenID Connect scope for add allowed web origins to the access token", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "false", - "display.on.consent.screen" : "false", - "consent.screen.text" : "" - }, - "protocolMappers" : [ { - "id" : "6f6d1690-df96-4774-ae4a-2d349461f02a", - "name" : "allowed web origins", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-allowed-origins-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "access.token.claim" : "true" - } - } ] - }, { - "id" : "3bec9041-170c-4c6d-a35e-be7a51442aef", - "name" : "microprofile-jwt", - "description" : "Microprofile - JWT built-in scope", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "false" - }, - "protocolMappers" : [ { - "id" : "52e647ff-3bb4-47ee-b67d-0cd24bb66c5b", - "name" : "groups", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-realm-role-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "multivalued" : "true", - "user.attribute" : "foo", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "groups", - "jsonType.label" : "String" - } - }, { - "id" : "027afd1d-3d34-49df-bf43-00adddfec15a", - "name" : "upn", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "username", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "upn", - "jsonType.label" : "String" - } - } ] - }, { - "id" : "159dc3dc-a659-4cb8-9271-809834a42d8e", - "name" : "acr", - "description" : "OpenID Connect scope for add acr (authentication context class reference) to the token", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "false", - "display.on.consent.screen" : "false" - }, - "protocolMappers" : [ { - "id" : "5dbfb5d7-c181-4e47-85e8-13ad0610c43b", - "name" : "acr loa level", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-acr-mapper", - "consentRequired" : false, - "config" : { - "id.token.claim" : "true", - "introspection.token.claim" : "true", - "access.token.claim" : "true" - } - } ] - }, { - "id" : "46c52714-3bb6-4db9-a360-0839703c1f8e", - "name" : "roles", - "description" : "OpenID Connect scope for add user roles to the access token", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "false", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${rolesScopeConsentText}" - }, - "protocolMappers" : [ { - "id" : "0b274bf6-89f0-4d3c-a635-eb3943d062ee", - "name" : "realm roles", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-realm-role-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "multivalued" : "true", - "user.attribute" : "foo", - "access.token.claim" : "true", - "claim.name" : "realm_access.roles", - "jsonType.label" : "String" - } - }, { - "id" : "e70cd96f-6d15-4c46-978a-359f1832b7c2", - "name" : "audience resolve", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-audience-resolve-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "access.token.claim" : "true" - } - }, { - "id" : "6a19a6ab-4035-4c43-b9e5-253339bb491b", - "name" : "client roles", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-client-role-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "multivalued" : "true", - "user.attribute" : "foo", - "access.token.claim" : "true", - "claim.name" : "resource_access.${client_id}.roles", - "jsonType.label" : "String" - } - } ] - }, { - "id" : "4d1dfa4a-c1cc-45ad-ade5-7ac2fabfc5d3", - "name" : "offline_access", - "description" : "OpenID Connect built-in scope: offline_access", - "protocol" : "openid-connect", - "attributes" : { - "consent.screen.text" : "${offlineAccessScopeConsentText}", - "display.on.consent.screen" : "true" - } - } ], - "defaultDefaultClientScopes" : [ "role_list", "profile", "email", "roles", "web-origins", "acr" ], - "defaultOptionalClientScopes" : [ "offline_access", "address", "phone", "microprofile-jwt" ], - "browserSecurityHeaders" : { - "contentSecurityPolicyReportOnly" : "", - "xContentTypeOptions" : "nosniff", - "referrerPolicy" : "no-referrer", - "xRobotsTag" : "none", - "xFrameOptions" : "SAMEORIGIN", - "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - "xXSSProtection" : "1; mode=block", - "strictTransportSecurity" : "max-age=31536000; includeSubDomains" - }, - "smtpServer" : { }, - "eventsEnabled" : true, - "eventsExpiration" : 900, - "eventsListeners" : [ "jboss-logging" ], - "enabledEventTypes" : [ "SEND_RESET_PASSWORD", "UPDATE_CONSENT_ERROR", "GRANT_CONSENT", "VERIFY_PROFILE_ERROR", "REMOVE_TOTP", "REVOKE_GRANT", "UPDATE_TOTP", "LOGIN_ERROR", "CLIENT_LOGIN", "RESET_PASSWORD_ERROR", "IMPERSONATE_ERROR", "CODE_TO_TOKEN_ERROR", "CUSTOM_REQUIRED_ACTION", "OAUTH2_DEVICE_CODE_TO_TOKEN_ERROR", "RESTART_AUTHENTICATION", "IMPERSONATE", "UPDATE_PROFILE_ERROR", "LOGIN", "OAUTH2_DEVICE_VERIFY_USER_CODE", "UPDATE_PASSWORD_ERROR", "CLIENT_INITIATED_ACCOUNT_LINKING", "OAUTH2_EXTENSION_GRANT", "USER_DISABLED_BY_PERMANENT_LOCKOUT", "TOKEN_EXCHANGE", "AUTHREQID_TO_TOKEN", "LOGOUT", "REGISTER", "DELETE_ACCOUNT_ERROR", "CLIENT_REGISTER", "IDENTITY_PROVIDER_LINK_ACCOUNT", "USER_DISABLED_BY_TEMPORARY_LOCKOUT", "DELETE_ACCOUNT", "UPDATE_PASSWORD", "CLIENT_DELETE", "FEDERATED_IDENTITY_LINK_ERROR", "IDENTITY_PROVIDER_FIRST_LOGIN", "CLIENT_DELETE_ERROR", "VERIFY_EMAIL", "CLIENT_LOGIN_ERROR", "RESTART_AUTHENTICATION_ERROR", "EXECUTE_ACTIONS", "REMOVE_FEDERATED_IDENTITY_ERROR", "TOKEN_EXCHANGE_ERROR", "PERMISSION_TOKEN", "SEND_IDENTITY_PROVIDER_LINK_ERROR", "EXECUTE_ACTION_TOKEN_ERROR", "OAUTH2_EXTENSION_GRANT_ERROR", "SEND_VERIFY_EMAIL", "OAUTH2_DEVICE_AUTH", "EXECUTE_ACTIONS_ERROR", "REMOVE_FEDERATED_IDENTITY", "OAUTH2_DEVICE_CODE_TO_TOKEN", "IDENTITY_PROVIDER_POST_LOGIN", "IDENTITY_PROVIDER_LINK_ACCOUNT_ERROR", "OAUTH2_DEVICE_VERIFY_USER_CODE_ERROR", "UPDATE_EMAIL", "REGISTER_ERROR", "REVOKE_GRANT_ERROR", "EXECUTE_ACTION_TOKEN", "LOGOUT_ERROR", "UPDATE_EMAIL_ERROR", "CLIENT_UPDATE_ERROR", "AUTHREQID_TO_TOKEN_ERROR", "UPDATE_PROFILE", "CLIENT_REGISTER_ERROR", "FEDERATED_IDENTITY_LINK", "SEND_IDENTITY_PROVIDER_LINK", "SEND_VERIFY_EMAIL_ERROR", "RESET_PASSWORD", "CLIENT_INITIATED_ACCOUNT_LINKING_ERROR", "OAUTH2_DEVICE_AUTH_ERROR", "UPDATE_CONSENT", "REMOVE_TOTP_ERROR", "VERIFY_EMAIL_ERROR", "SEND_RESET_PASSWORD_ERROR", "CLIENT_UPDATE", "CUSTOM_REQUIRED_ACTION_ERROR", "IDENTITY_PROVIDER_POST_LOGIN_ERROR", "UPDATE_TOTP_ERROR", "CODE_TO_TOKEN", "VERIFY_PROFILE", "GRANT_CONSENT_ERROR", "IDENTITY_PROVIDER_FIRST_LOGIN_ERROR" ], - "adminEventsEnabled" : true, - "adminEventsDetailsEnabled" : true, - "identityProviders" : [ ], - "identityProviderMappers" : [ ], - "components" : { - "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ { - "id" : "c07dff7f-77fc-4381-a458-9c56515c5c98", - "name" : "Allowed Client Scopes", - "providerId" : "allowed-client-templates", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "allow-default-scopes" : [ "true" ] - } - }, { - "id" : "d9662eb8-e8bb-4ae5-a625-c8c616d8967a", - "name" : "Consent Required", - "providerId" : "consent-required", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { } - }, { - "id" : "03f2b651-fdea-4a7a-88e8-f169f5a7f892", - "name" : "Allowed Protocol Mapper Types", - "providerId" : "allowed-protocol-mappers", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "allowed-protocol-mapper-types" : [ "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-full-name-mapper", "oidc-address-mapper", "saml-user-attribute-mapper", "saml-user-property-mapper", "saml-role-list-mapper" ] - } - }, { - "id" : "0c7278cb-1e59-407e-9187-fa147ce96f82", - "name" : "Full Scope Disabled", - "providerId" : "scope", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { } - }, { - "id" : "a3c48cf1-67be-41fb-a852-6efe25560fcf", - "name" : "Max Clients Limit", - "providerId" : "max-clients", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "max-clients" : [ "200" ] - } - }, { - "id" : "b0f72ad6-c65d-4132-912f-6e5ba9c48466", - "name" : "Trusted Hosts", - "providerId" : "trusted-hosts", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "host-sending-registration-request-must-match" : [ "true" ], - "client-uris-must-match" : [ "true" ] - } - }, { - "id" : "717bea7a-bc0a-4d2a-9ea2-cbe670f1833e", - "name" : "Allowed Protocol Mapper Types", - "providerId" : "allowed-protocol-mappers", - "subType" : "authenticated", - "subComponents" : { }, - "config" : { - "allowed-protocol-mapper-types" : [ "oidc-full-name-mapper", "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper", "saml-role-list-mapper", "saml-user-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-address-mapper", "saml-user-property-mapper" ] - } - }, { - "id" : "b1fa36d7-8ef0-4501-a495-215b90bd0699", - "name" : "Allowed Client Scopes", - "providerId" : "allowed-client-templates", - "subType" : "authenticated", - "subComponents" : { }, - "config" : { - "allow-default-scopes" : [ "true" ] - } - } ], - "org.keycloak.keys.KeyProvider" : [ { - "id" : "04a18d35-45bd-458d-9bc8-939db56e337d", - "name" : "aes-generated", - "providerId" : "aes-generated", - "subComponents" : { }, - "config" : { - "kid" : [ "3eaa2cde-31c2-409e-9e0e-b8f9ecf76704" ], - "secret" : [ "7BdqNadvG1OQs7Z4qJfvaQ" ], - "priority" : [ "100" ] - } - }, { - "id" : "ce00dbf1-1d6d-44da-84c0-1ed88d712801", - "name" : "rsa-generated", - "providerId" : "rsa-generated", - "subComponents" : { }, - "config" : { - "privateKey" : [ "MIIEogIBAAKCAQEAp0WHWge6QpqVZfKr2kg1esRlHsSZfcGX8uu2pyB2NsXPjuaE0HqEN+OMsQsRR/rjbQkpPYG9sGur0nqNXhV/ErHIlMCmV2Hx8RoLWkVvpqrhnKH+0cBwm8dS83ZN0u5Q4xF1i6a/6FdZx0W45UrE/MZzlqB58I/EyaqZ4H6Id8MXp7W2Fuzw+Q2cKc1MxKx6MzhLJZShIXt8PTjueX5rRfYerdPbixq0E1vWA9Xcatt2mn/xIMo8illBk7fSPvzYv7YKsLtg1Cn43fU/mi63oBckb55D1uYzs2SgnzvRUX8eR6ndq/7CvZaGO3e3WN6FbowpE+wAbMZoXjlKRiHtPwIDAQABAoIBAAxcY/swNQB1AfNNsotn6KPQ3ZQffSRA6SSnbJD/Ih08EvGBcXEijKDArQXsRnOmQ6YsFiMYclcWLdVY/xdjyUctYiAz+Fbeww1JGmuqU+ziFdgIVJdVfDzWxvd815VtzQZqpOAUC3x08Ap8yYQQOWxgkewgocI4LZelhseDMjx/TIScOmuUWmFRwQ7HUP93OKV1oWC4lMAC4LTnqCqlnsk2L563+Q7T2jXUpznlJ6UoTSpu1Msllh+AxqkvZXvAwbFeYoDksWVUaY+gHAQkihgWMGIEmiBun9TsP4NUkpQuWXq1OHE6KBldaJPP3OProN2Z/gDgXDmKVVEf718m+YkCgYEA5KoroazEAIAjZ1L+t39DYNhv87eDnz/y2lRboD3InMFtE36rBPBIOTGiK3GKaIXh6b8VPOXXA5By2SnERIMfzdusmdknTREbC9Ca/ix5RyE/MqflGjqhcsEu1vWe/L7LYNrmTeOryR8E3rLSsrfmIFRKC+9ufsWlahttzW3D5ksCgYEAu0SLIqTmLfcwmIEngU044o5OZw7QtHaDJmNEv5n4cKXJHmCa3mK+IIIb7f3YIw4nyRQVKjbppAM1bLKT5RpqvHCxVIwjGbvhJ7l7QlBXmcx6x9n18ZPFdA8exUwm56sgixlrfUIHUMH1TFbGSFqIm5bAJwjFwqz3gXzSVU0rTF0CgYAjrCiCYGFzcooTZG84UTJBuYI9kzOFdIR+awqgRQM28TYDBI/JhXK++W9DN8NP6xMDVDwL9A9HDxHbrxhfV9VuWAblOWtYKoL9pN2JKYcCAb3KOUcUgHEPZfPYtRjIdTtlMMEdBZeXGK+5zkvwdaABCyVCF2g1fr//fafzlFwrYQKBgHtJcvhJ66hTVtDwJpv/xPWSjpdWr5w/cbRyIi6qJV+0JaY0H4FNLLKmNdEHD6Z0iUjeSdjS8hqiaie3oZpxO9f3sSdiYzFr+Z13hWhxEFsWvbaZDkwO5y2zTqTBr9NRXEl3YMbEE6DdMKsjbcLwp4MXSkXohpnV2dSL4sV52omZAoGAFY1w9JGkTwJ0rG/R+Yx3qcRhoHY7YA2PMSYIyB9E5d923L6bi1GRSwhNLO+lW0eWA8ekHiQLnqDmNJl708oJBGUwo/Zr7U9jowsqQIaSE8VgU6dfdhbScMI5vpmSrlQRyV0UveLvCsEAx/Rvl4y+dQneaEoNqEKSd7Hml2tjx7g=" ], - "keyUse" : [ "SIG" ], - "certificate" : [ "MIICnzCCAYcCBgGO+25VozANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDDAhiYWVsZHVuZzAeFw0yNDA0MjAxMjEzMTVaFw0zNDA0MjAxMjE0NTVaMBMxETAPBgNVBAMMCGJhZWxkdW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp0WHWge6QpqVZfKr2kg1esRlHsSZfcGX8uu2pyB2NsXPjuaE0HqEN+OMsQsRR/rjbQkpPYG9sGur0nqNXhV/ErHIlMCmV2Hx8RoLWkVvpqrhnKH+0cBwm8dS83ZN0u5Q4xF1i6a/6FdZx0W45UrE/MZzlqB58I/EyaqZ4H6Id8MXp7W2Fuzw+Q2cKc1MxKx6MzhLJZShIXt8PTjueX5rRfYerdPbixq0E1vWA9Xcatt2mn/xIMo8illBk7fSPvzYv7YKsLtg1Cn43fU/mi63oBckb55D1uYzs2SgnzvRUX8eR6ndq/7CvZaGO3e3WN6FbowpE+wAbMZoXjlKRiHtPwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQB091NLrtrT+JSmLfyv+LvFIPIaOu07kWHbueqjKbOinQ2ouBfMnOA9Ojm/17w8CIt/h6VIBzoi3H9Huq15dnGoiIcQIzvAiq8XSewnVfnyvFeq830LVAiTEEDRQLqKVT1PiRZEj64XGyRM3lX0Xp+CXG8z3Qc4OVFrHdb/nUIbfDAmxsWRymTm5p2E5GTJPlr/gON/AHPAHIzmgk5HD9PqBPpMQRHN9/y8vkeIPh9gEj8oUYsM6MPEKrbQIDBqnr8UaxPaMtJF+cjg36VB0SJ9c1w0DBWeND/UNFq47aNWMSND5O9qX0eJxVTqxFAFia0V2WUZk17Pd6pzLKkZQb94" ], - "priority" : [ "100" ] - } - }, { - "id" : "fa8ee6a3-d95e-4ec9-856a-0962208b6bcc", - "name" : "rsa-enc-generated", - "providerId" : "rsa-enc-generated", - "subComponents" : { }, - "config" : { - "privateKey" : [ "MIIEowIBAAKCAQEAsZNPlXoVvt4RsbkFu3giJB3W3qDxEGsAIvOQqLFKP4o1oFJY4L4K5ljUbGABMiq0fQEVTj1mAZAwqJ/J+mnv5OhkUfTDpAt0LactZRPqz7RyfRwmSTL3r/kCtFZn5WQZA//Z6q3zdm7ARxH3Dq9+cMARIe1k7dblWlX+8A5Qk8Ka9Ie6SfwqlTsv4EMTmIhUjj/UyEAWLhSLrk/gA3PQyw/OUEWJTM946AWmPcMtWJRFDbMsj00G1sgrmRuIa0zmXpLj+Zr1Kby9GBU/x60EKtONtXiX8IvIKFm8mKI40q8va6jI71wqUB7OtDZ1a+iF1h8TJ+X5Q2ARPo0li3iEUQIDAQABAoIBADhe57ovZdzP+TT+Y9P12Hy3nkDRPYV1OjdeM5NhqIzQLqLk0UMTATnLhC+dMHQA+4fdQqqyMgIYCGJXS1J7s8Rqg4JC3aJjYm+lrPLz5iwmf9u4hmzhSaCqv1GJRnUbGBfdbguiSfHUSaSmDtQyIMThK+8lwc8A05EgUIxbNvgYnEOEdavlyCq4HdMiDPSjpdHSdC8NpaQkAVULB3QXofm5SQm4ioED/trVjHyjl80i9ysDKSPPzqpye4lFCqmclni1U78V2w4E/uVOG8+MczZkS4otPG99QoELGuqLaVmq9rAx624owUAY3r7ecCL2lSHyjzJwBkrBFLenlSI4A6sCgYEA7tPcbOYPt2a7ih1nase6aC5rwTk62lpe9cuNpVCRmKKlX9glLLcFjNz+75LSyj4TXvg52vcZv3JmsULUeE30rPVr9hgIeuEnsPCc4HLJ40aVaEyhVVwg5ofy3++/8Ys0PR2blZ674/jFgxbB537t81QxQd5WtD9Zh+w7Tiiw40sCgYEAvlf4qvjKW6kaOpmIe4S7wWY9/FhbgHq3sKLltfzOGY0GTWGFZtJ7uzgDvOkEVAIyopEDKfkBL3Sok5ic8MpQOARCa1HXjm8+dtQ1SkNxDsGC//DpouHefkvwUNeKYPV2n4CckirUMmvSqWz4oWAA5u0C2eg0pwvlavMpRKN1mVMCgYB7Klt09biJNrvk4IEi+lnRvI7pmSAW16A9Vnp4FPLhKo/qu8eAJesA2D/JQYjfr9/BjHYZzHFE4DTBmduFJ37Va8P/qClHZbJYd94PimM/iHkozsws/1QgT2AbyMLOSKHqGsjQAoqXaQZDMotRXY5NfM/iTk2cq0b66AM1rZp7vQKBgQCpBc1XZV2sT1lvN+8uYAuqDXR1pLB8QnzjaYO6Oyd5IPW7uSGQ0M/2zCLlmbWyM9Fq8oJwvyECVwFrL1YNrFnXpFCmpCJZ5Qb+1ioMLB81DzmYtQGDFjdQx3Y7E2tZ9h7EPJzMXyPXMk/7Cz0tb+bdKRIjFkPLIpEyi4LV5KEE6QKBgF7Hs1jnR+/3wVK2NG+Ek5bOwOn7wNtwpfhHpj+Auwk7B9mzoor01L6UTw+LDMtQoohfqOJhM1xZcn2MJdhZhkWvSpavEyuY886A8RVtL44rh/kCHy/M4d9AQoiSz5mIYOdiiskbepG+jaIoweUvWxLmcWLWgV3H8syyqJR/vf30" ], - "keyUse" : [ "ENC" ], - "certificate" : [ "MIICnzCCAYcCBgGO+25WEDANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDDAhiYWVsZHVuZzAeFw0yNDA0MjAxMjEzMTZaFw0zNDA0MjAxMjE0NTZaMBMxETAPBgNVBAMMCGJhZWxkdW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsZNPlXoVvt4RsbkFu3giJB3W3qDxEGsAIvOQqLFKP4o1oFJY4L4K5ljUbGABMiq0fQEVTj1mAZAwqJ/J+mnv5OhkUfTDpAt0LactZRPqz7RyfRwmSTL3r/kCtFZn5WQZA//Z6q3zdm7ARxH3Dq9+cMARIe1k7dblWlX+8A5Qk8Ka9Ie6SfwqlTsv4EMTmIhUjj/UyEAWLhSLrk/gA3PQyw/OUEWJTM946AWmPcMtWJRFDbMsj00G1sgrmRuIa0zmXpLj+Zr1Kby9GBU/x60EKtONtXiX8IvIKFm8mKI40q8va6jI71wqUB7OtDZ1a+iF1h8TJ+X5Q2ARPo0li3iEUQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCT9Jua67qgsClibdgvEfX3BKLl+JXVbFjyYKfBhP85DIk/tzfeYi1UZilWGPWlnprhp5GnwZXPeqVsLCNM+ypdYN8RGBs6K48wVQoetf92GPh9eCQMq2FSAVKShsgkolKifyuZo8oQu6Na92V5EsjUV7hEB4G3jXOisrO/MjN+Ja9eRXru1L2n7bOrKtYRlYeNI8CZvc63jRPkq1fRutcmpqMRPDjMYuM9wUvkZwewqo8WSf51DDKBah5W83XLbTp5jX0bH1NZc3BNHnNerR3iMGPSa6rcKPsC3lL1mZluNVhQExyli1S1f7QmUc1BYxr3zi2uVCKkci5gRenDywws" ], - "priority" : [ "100" ], - "algorithm" : [ "RSA-OAEP" ] - } - }, { - "id" : "0866f9d1-3c22-432c-95d4-65378e739b89", - "name" : "hmac-generated-hs512", - "providerId" : "hmac-generated", - "subComponents" : { }, - "config" : { - "kid" : [ "749eb77a-a3d7-45b2-bc40-3bf80faf2fc7" ], - "secret" : [ "YmaVXh3blZqVaqpgeLyGI5JUzV8Vc41XFb7RcUaChNmAN-f61pqz7nE6edgQj_NS-TVVsvlq9qouKcd-5_oGugmvCXZ-Dp5gzcKe4EA-voOEV4pvJ7VXRWuH6QBDCaXyDiknEVtIx20ycjC4F8Ch10_n8so87mwMuVA6zD8Y-oM" ], - "priority" : [ "100" ], - "algorithm" : [ "HS512" ] - } - } ] - }, - "internationalizationEnabled" : false, - "supportedLocales" : [ ], - "authenticationFlows" : [ { - "id" : "92fc572a-6443-4d62-989d-dc6147aed6a6", - "alias" : "Account verification options", - "description" : "Method with which to verity the existing account", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "idp-email-verification", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "ALTERNATIVE", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "Verify Existing Account by Re-authentication", - "userSetupAllowed" : false - } ] - }, { - "id" : "17dce980-92a5-4dab-84b6-29f0ffe91e2f", - "alias" : "Browser - Conditional OTP", - "description" : "Flow to determine if the OTP is required for the authentication", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "auth-otp-form", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "9fdb023c-7959-4e7c-b745-d0bcfc6e1f87", - "alias" : "Direct Grant - Conditional OTP", - "description" : "Flow to determine if the OTP is required for the authentication", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "direct-grant-validate-otp", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "336dbe24-c5ec-44c0-bf56-1b811b451fdf", - "alias" : "First broker login - Conditional OTP", - "description" : "Flow to determine if the OTP is required for the authentication", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "auth-otp-form", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "3a87da1e-2fdf-4d15-8c93-8e8d69fc2774", - "alias" : "Handle Existing Account", - "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "idp-confirm-link", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "Account verification options", - "userSetupAllowed" : false - } ] - }, { - "id" : "77bd3109-c34e-4165-b9f7-cb6d19aa7fe3", - "alias" : "Reset - Conditional OTP", - "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "reset-otp", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "ee4b2165-c1be-43ca-96c8-b2302d78b38a", - "alias" : "User creation or linking", - "description" : "Flow for the existing/non-existing user alternatives", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticatorConfig" : "create unique user config", - "authenticator" : "idp-create-user-if-unique", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "ALTERNATIVE", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "Handle Existing Account", - "userSetupAllowed" : false - } ] - }, { - "id" : "0116eec2-8a17-4de9-b75f-caa26e52bdf0", - "alias" : "Verify Existing Account by Re-authentication", - "description" : "Reauthentication of existing account", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "idp-username-password-form", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "CONDITIONAL", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "First broker login - Conditional OTP", - "userSetupAllowed" : false - } ] - }, { - "id" : "de8794bd-3ad0-42e9-861f-85fcb6cb1db6", - "alias" : "browser", - "description" : "browser based authentication", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "auth-cookie", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "auth-spnego", - "authenticatorFlow" : false, - "requirement" : "DISABLED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "identity-provider-redirector", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 25, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "ALTERNATIVE", - "priority" : 30, - "autheticatorFlow" : true, - "flowAlias" : "forms", - "userSetupAllowed" : false - } ] - }, { - "id" : "9f6aa9f1-134b-4efe-84c4-ba9b7f4e8368", - "alias" : "clients", - "description" : "Base authentication for clients", - "providerId" : "client-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "client-secret", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "client-jwt", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "client-secret-jwt", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 30, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "client-x509", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 40, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "692ddf3c-2813-46ef-b364-fcba9d70f5a4", - "alias" : "direct grant", - "description" : "OpenID Connect Resource Owner Grant", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "direct-grant-validate-username", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "direct-grant-validate-password", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "CONDITIONAL", - "priority" : 30, - "autheticatorFlow" : true, - "flowAlias" : "Direct Grant - Conditional OTP", - "userSetupAllowed" : false - } ] - }, { - "id" : "257e18b2-be1c-4ab2-8dd7-68a83817ca8a", - "alias" : "docker auth", - "description" : "Used by Docker clients to authenticate against the IDP", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "docker-http-basic-authenticator", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "fe879ee4-eec5-4034-9b78-82636f614123", - "alias" : "first broker login", - "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticatorConfig" : "review profile config", - "authenticator" : "idp-review-profile", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "User creation or linking", - "userSetupAllowed" : false - } ] - }, { - "id" : "2e6f09af-a3f6-415a-8d38-dfc1708e82ff", - "alias" : "forms", - "description" : "Username, password, otp and other auth forms.", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "auth-username-password-form", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "CONDITIONAL", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "Browser - Conditional OTP", - "userSetupAllowed" : false - } ] - }, { - "id" : "cac2a81c-7933-4e1c-a91b-1a5e4d8ba873", - "alias" : "registration", - "description" : "registration flow", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "registration-page-form", - "authenticatorFlow" : true, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : true, - "flowAlias" : "registration form", - "userSetupAllowed" : false - } ] - }, { - "id" : "76b893b1-6b16-4e7c-a945-b86b63c983fb", - "alias" : "registration form", - "description" : "registration form", - "providerId" : "form-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "registration-user-creation", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "registration-password-action", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 50, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "registration-recaptcha-action", - "authenticatorFlow" : false, - "requirement" : "DISABLED", - "priority" : 60, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "registration-terms-and-conditions", - "authenticatorFlow" : false, - "requirement" : "DISABLED", - "priority" : 70, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "8c1ba21b-218d-406d-a936-c935f41e7bef", - "alias" : "reset credentials", - "description" : "Reset credentials for a user if they forgot their password or something", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "reset-credentials-choose-user", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "reset-credential-email", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "reset-password", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 30, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "CONDITIONAL", - "priority" : 40, - "autheticatorFlow" : true, - "flowAlias" : "Reset - Conditional OTP", - "userSetupAllowed" : false - } ] - }, { - "id" : "6df47204-9532-4b3e-821f-9a5255b9c305", - "alias" : "saml ecp", - "description" : "SAML ECP Profile Authentication Flow", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "http-basic-authenticator", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - } ], - "authenticatorConfig" : [ { - "id" : "793b40f2-0912-40f4-b570-a75015fb9eb0", - "alias" : "create unique user config", - "config" : { - "require.password.update.after.registration" : "false" - } - }, { - "id" : "3ff115f7-7108-4b17-8868-1d390ec3a480", - "alias" : "review profile config", - "config" : { - "update.profile.on.first.login" : "missing" - } - } ], - "requiredActions" : [ { - "alias" : "CONFIGURE_TOTP", - "name" : "Configure OTP", - "providerId" : "CONFIGURE_TOTP", - "enabled" : true, - "defaultAction" : false, - "priority" : 10, - "config" : { } - }, { - "alias" : "TERMS_AND_CONDITIONS", - "name" : "Terms and Conditions", - "providerId" : "TERMS_AND_CONDITIONS", - "enabled" : false, - "defaultAction" : false, - "priority" : 20, - "config" : { } - }, { - "alias" : "UPDATE_PASSWORD", - "name" : "Update Password", - "providerId" : "UPDATE_PASSWORD", - "enabled" : true, - "defaultAction" : false, - "priority" : 30, - "config" : { } - }, { - "alias" : "UPDATE_PROFILE", - "name" : "Update Profile", - "providerId" : "UPDATE_PROFILE", - "enabled" : true, - "defaultAction" : false, - "priority" : 40, - "config" : { } - }, { - "alias" : "VERIFY_EMAIL", - "name" : "Verify Email", - "providerId" : "VERIFY_EMAIL", - "enabled" : true, - "defaultAction" : false, - "priority" : 50, - "config" : { } - }, { - "alias" : "delete_account", - "name" : "Delete Account", - "providerId" : "delete_account", - "enabled" : false, - "defaultAction" : false, - "priority" : 60, - "config" : { } - }, { - "alias" : "webauthn-register", - "name" : "Webauthn Register", - "providerId" : "webauthn-register", - "enabled" : true, - "defaultAction" : false, - "priority" : 70, - "config" : { } - }, { - "alias" : "webauthn-register-passwordless", - "name" : "Webauthn Register Passwordless", - "providerId" : "webauthn-register-passwordless", - "enabled" : true, - "defaultAction" : false, - "priority" : 80, - "config" : { } - }, { - "alias" : "VERIFY_PROFILE", - "name" : "Verify Profile", - "providerId" : "VERIFY_PROFILE", - "enabled" : true, - "defaultAction" : false, - "priority" : 90, - "config" : { } - }, { - "alias" : "update_user_locale", - "name" : "Update User Locale", - "providerId" : "update_user_locale", - "enabled" : true, - "defaultAction" : false, - "priority" : 1000, - "config" : { } - } ], - "browserFlow" : "browser", - "registrationFlow" : "registration", - "directGrantFlow" : "direct grant", - "resetCredentialsFlow" : "reset credentials", - "clientAuthenticationFlow" : "clients", - "dockerAuthenticationFlow" : "docker auth", - "firstBrokerLoginFlow" : "first broker login", - "attributes" : { - "cibaBackchannelTokenDeliveryMode" : "poll", - "cibaAuthRequestedUserHint" : "login_hint", - "oauth2DevicePollingInterval" : "5", - "clientOfflineSessionMaxLifespan" : "0", - "clientSessionIdleTimeout" : "0", - "clientOfflineSessionIdleTimeout" : "0", - "cibaInterval" : "5", - "realmReusableOtpCode" : "false", - "cibaExpiresIn" : "120", - "oauth2DeviceCodeLifespan" : "600", - "parRequestUriLifespan" : "60", - "clientSessionMaxLifespan" : "0", - "adminEventsExpiration" : "900" - }, - "keycloakVersion" : "24.0.0", - "userManagedAccessAllowed" : false, - "clientProfiles" : { - "profiles" : [ ] - }, - "clientPolicies" : { - "policies" : [ ] - } + "id": "7a046c8d-77b1-4851-b4a9-e3a25a17e431", + "realm": "baeldung", + "notBefore": 0, + "defaultSignatureAlgorithm": "RS256", + "revokeRefreshToken": false, + "refreshTokenMaxReuse": 0, + "accessTokenLifespan": 300, + "accessTokenLifespanForImplicitFlow": 900, + "ssoSessionIdleTimeout": 1800, + "ssoSessionMaxLifespan": 36000, + "ssoSessionIdleTimeoutRememberMe": 0, + "ssoSessionMaxLifespanRememberMe": 0, + "offlineSessionIdleTimeout": 2592000, + "offlineSessionMaxLifespanEnabled": false, + "offlineSessionMaxLifespan": 5184000, + "clientSessionIdleTimeout": 0, + "clientSessionMaxLifespan": 0, + "clientOfflineSessionIdleTimeout": 0, + "clientOfflineSessionMaxLifespan": 0, + "accessCodeLifespan": 60, + "accessCodeLifespanUserAction": 300, + "accessCodeLifespanLogin": 1800, + "actionTokenGeneratedByAdminLifespan": 43200, + "actionTokenGeneratedByUserLifespan": 300, + "oauth2DeviceCodeLifespan": 600, + "oauth2DevicePollingInterval": 5, + "enabled": true, + "sslRequired": "external", + "registrationAllowed": false, + "registrationEmailAsUsername": false, + "rememberMe": false, + "verifyEmail": false, + "loginWithEmailAllowed": true, + "duplicateEmailsAllowed": false, + "resetPasswordAllowed": false, + "editUsernameAllowed": false, + "bruteForceProtected": false, + "permanentLockout": false, + "maxTemporaryLockouts": 0, + "maxFailureWaitSeconds": 900, + "minimumQuickLoginWaitSeconds": 60, + "waitIncrementSeconds": 60, + "quickLoginCheckMilliSeconds": 1000, + "maxDeltaTimeSeconds": 43200, + "failureFactor": 30, + "roles": { + "realm": [ + { + "id": "4ad869c1-56f3-45fd-b345-f107f2834de1", + "name": "AUTHORIZED_PERSONNEL", + "description": "", + "composite": false, + "clientRole": false, + "containerId": "7a046c8d-77b1-4851-b4a9-e3a25a17e431", + "attributes": {} + }, + { + "id": "bfdf00fe-5111-404b-858c-50dcb8a63e61", + "name": "default-roles-baeldung", + "description": "${role_default-roles}", + "composite": true, + "composites": { + "realm": [ + "offline_access", + "uma_authorization" + ], + "client": { + "account": [ + "view-profile", + "manage-account" + ] + } + }, + "clientRole": false, + "containerId": "7a046c8d-77b1-4851-b4a9-e3a25a17e431", + "attributes": {} + }, + { + "id": "96fbbf77-c81e-472b-bb2e-184713dfffde", + "name": "uma_authorization", + "description": "${role_uma_authorization}", + "composite": false, + "clientRole": false, + "containerId": "7a046c8d-77b1-4851-b4a9-e3a25a17e431", + "attributes": {} + }, + { + "id": "cec72467-237c-4ae9-ae1d-ca84ff51b404", + "name": "offline_access", + "description": "${role_offline-access}", + "composite": false, + "clientRole": false, + "containerId": "7a046c8d-77b1-4851-b4a9-e3a25a17e431", + "attributes": {} + } + ], + "client": { + "realm-management": [ + { + "id": "955d707a-3baa-4462-a53c-83ff73b30a12", + "name": "view-realm", + "description": "${role_view-realm}", + "composite": false, + "clientRole": true, + "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes": {} + }, + { + "id": "81cbcb10-8e84-431e-8da8-07219be8d93d", + "name": "view-clients", + "description": "${role_view-clients}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "query-clients" + ] + } + }, + "clientRole": true, + "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes": {} + }, + { + "id": "fa1adc6d-7b86-4dc6-a120-57eee9a4fe93", + "name": "create-client", + "description": "${role_create-client}", + "composite": false, + "clientRole": true, + "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes": {} + }, + { + "id": "be5a19cb-fa00-486a-abfa-eb0dc86680fb", + "name": "view-users", + "description": "${role_view-users}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "query-users", + "query-groups" + ] + } + }, + "clientRole": true, + "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes": {} + }, + { + "id": "d76de5c9-10f2-4b68-9850-a16d9b2dd35a", + "name": "manage-identity-providers", + "description": "${role_manage-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes": {} + }, + { + "id": "6339f747-4f89-4e67-9c77-420524135d96", + "name": "manage-authorization", + "description": "${role_manage-authorization}", + "composite": false, + "clientRole": true, + "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes": {} + }, + { + "id": "c9d5af42-6742-49cf-bd01-a730f4c3cc2e", + "name": "impersonation", + "description": "${role_impersonation}", + "composite": false, + "clientRole": true, + "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes": {} + }, + { + "id": "56dccfed-9379-4cfb-a720-b9b9e1745048", + "name": "view-identity-providers", + "description": "${role_view-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes": {} + }, + { + "id": "e10c568f-c50f-4ee4-88cf-43f0c4a1dc2c", + "name": "manage-realm", + "description": "${role_manage-realm}", + "composite": false, + "clientRole": true, + "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes": {} + }, + { + "id": "d12dcfc2-b649-4c11-ac55-41d6ab10f5c6", + "name": "query-users", + "description": "${role_query-users}", + "composite": false, + "clientRole": true, + "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes": {} + }, + { + "id": "57977d45-f810-400a-81ca-63a9bdddd3b9", + "name": "query-realms", + "description": "${role_query-realms}", + "composite": false, + "clientRole": true, + "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes": {} + }, + { + "id": "e14dfabc-3f03-42cf-a716-5261b7002914", + "name": "query-groups", + "description": "${role_query-groups}", + "composite": false, + "clientRole": true, + "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes": {} + }, + { + "id": "800d272c-1327-485c-9d2f-576f3d9a0178", + "name": "view-authorization", + "description": "${role_view-authorization}", + "composite": false, + "clientRole": true, + "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes": {} + }, + { + "id": "fdc10176-42c0-4b58-968a-35bfd5dbce20", + "name": "view-events", + "description": "${role_view-events}", + "composite": false, + "clientRole": true, + "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes": {} + }, + { + "id": "23393ccd-3b70-4de8-9e00-0adbb11851ce", + "name": "manage-users", + "description": "${role_manage-users}", + "composite": false, + "clientRole": true, + "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes": {} + }, + { + "id": "01a3847f-7602-400d-bedd-7545618559f3", + "name": "manage-clients", + "description": "${role_manage-clients}", + "composite": false, + "clientRole": true, + "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes": {} + }, + { + "id": "7d8ac9c4-6d1b-4861-a0b9-0479cbd55b14", + "name": "query-clients", + "description": "${role_query-clients}", + "composite": false, + "clientRole": true, + "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes": {} + }, + { + "id": "788677b0-3fbf-457d-8b62-25f305b86bcf", + "name": "manage-events", + "description": "${role_manage-events}", + "composite": false, + "clientRole": true, + "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes": {} + }, + { + "id": "642d82d5-1071-47a9-aca9-d0fbd28d0328", + "name": "realm-admin", + "description": "${role_realm-admin}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "view-realm", + "view-clients", + "create-client", + "view-users", + "manage-identity-providers", + "manage-authorization", + "impersonation", + "view-identity-providers", + "manage-realm", + "query-users", + "query-realms", + "view-authorization", + "query-groups", + "view-events", + "manage-users", + "manage-clients", + "query-clients", + "manage-events" + ] + } + }, + "clientRole": true, + "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes": {} + } + ], + "security-admin-console": [], + "admin-cli": [], + "baeldung-confidential": [], + "account-console": [], + "broker": [ + { + "id": "9043c535-f6d3-44dc-8c48-d3983e04a93b", + "name": "read-token", + "description": "${role_read-token}", + "composite": false, + "clientRole": true, + "containerId": "cb2ee74f-fb36-4f21-82bb-4928966ea449", + "attributes": {} + } + ], + "account": [ + { + "id": "4a188a41-39d9-47e6-b8de-6d9b42c7a414", + "name": "view-profile", + "description": "${role_view-profile}", + "composite": false, + "clientRole": true, + "containerId": "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b", + "attributes": {} + }, + { + "id": "da24f251-0c13-4035-84f1-16c5a3301ea6", + "name": "view-consent", + "description": "${role_view-consent}", + "composite": false, + "clientRole": true, + "containerId": "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b", + "attributes": {} + }, + { + "id": "26edbb7d-dd9f-4dd4-a282-a6e886e38302", + "name": "manage-account-links", + "description": "${role_manage-account-links}", + "composite": false, + "clientRole": true, + "containerId": "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b", + "attributes": {} + }, + { + "id": "b2c98d1e-4a85-4e11-901d-0207e9793acf", + "name": "manage-consent", + "description": "${role_manage-consent}", + "composite": true, + "composites": { + "client": { + "account": [ + "view-consent" + ] + } + }, + "clientRole": true, + "containerId": "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b", + "attributes": {} + }, + { + "id": "f244eb36-cf20-4e96-8233-fee1ee8da72e", + "name": "manage-account", + "description": "${role_manage-account}", + "composite": true, + "composites": { + "client": { + "account": [ + "manage-account-links" + ] + } + }, + "clientRole": true, + "containerId": "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b", + "attributes": {} + }, + { + "id": "a5ca4c2f-d8ad-4c8c-bfd4-1173dd7c1338", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b", + "attributes": {} + }, + { + "id": "83f4a43c-07cd-43d5-af99-7825ea603ca9", + "name": "view-applications", + "description": "${role_view-applications}", + "composite": false, + "clientRole": true, + "containerId": "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b", + "attributes": {} + }, + { + "id": "18642f4e-1e2a-4023-9947-7a425d8ed76e", + "name": "delete-account", + "description": "${role_delete-account}", + "composite": false, + "clientRole": true, + "containerId": "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b", + "attributes": {} + } + ] + } + }, + "groups": [], + "defaultRole": { + "id": "bfdf00fe-5111-404b-858c-50dcb8a63e61", + "name": "default-roles-baeldung", + "description": "${role_default-roles}", + "composite": true, + "clientRole": false, + "containerId": "7a046c8d-77b1-4851-b4a9-e3a25a17e431" + }, + "requiredCredentials": [ + "password" + ], + "otpPolicyType": "totp", + "otpPolicyAlgorithm": "HmacSHA1", + "otpPolicyInitialCounter": 0, + "otpPolicyDigits": 6, + "otpPolicyLookAheadWindow": 1, + "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, + "otpSupportedApplications": [ + "totpAppFreeOTPName", + "totpAppGoogleName", + "totpAppMicrosoftAuthenticatorName" + ], + "localizationTexts": {}, + "webAuthnPolicyRpEntityName": "keycloak", + "webAuthnPolicySignatureAlgorithms": [ + "ES256" + ], + "webAuthnPolicyRpId": "", + "webAuthnPolicyAttestationConveyancePreference": "not specified", + "webAuthnPolicyAuthenticatorAttachment": "not specified", + "webAuthnPolicyRequireResidentKey": "not specified", + "webAuthnPolicyUserVerificationRequirement": "not specified", + "webAuthnPolicyCreateTimeout": 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyAcceptableAaguids": [], + "webAuthnPolicyExtraOrigins": [], + "webAuthnPolicyPasswordlessRpEntityName": "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms": [ + "ES256" + ], + "webAuthnPolicyPasswordlessRpId": "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", + "webAuthnPolicyPasswordlessCreateTimeout": 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyPasswordlessAcceptableAaguids": [], + "webAuthnPolicyPasswordlessExtraOrigins": [], + "scopeMappings": [ + { + "clientScope": "offline_access", + "roles": [ + "offline_access" + ] + } + ], + "clientScopeMappings": { + "account": [ + { + "client": "account-console", + "roles": [ + "manage-account", + "view-groups" + ] + } + ] + }, + "clients": [ + { + "id": "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b", + "clientId": "account", + "name": "${client_account}", + "rootUrl": "${authBaseUrl}", + "baseUrl": "/realms/baeldung/account/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "/realms/baeldung/account/*" + ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "4beaa749-404c-4a6a-9b04-72df4f9066a4", + "clientId": "account-console", + "name": "${client_account-console}", + "rootUrl": "${authBaseUrl}", + "baseUrl": "/realms/baeldung/account/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "/realms/baeldung/account/*" + ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+", + "pkce.code.challenge.method": "S256" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "84f0fe2c-8381-4cd1-afa7-508c5cd6c83c", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": {} + } + ], + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "d2a180a9-6ed6-42fd-a476-2ba0948cae8f", + "clientId": "admin-cli", + "name": "${client_admin-cli}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "3172d7e0-ac9f-4728-ba8c-e1d35c6e14a4", + "clientId": "baeldung-confidential", + "name": "", + "description": "", + "rootUrl": "", + "adminUrl": "", + "baseUrl": "", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "secret", + "redirectUris": [ + "https://oauth.pstmn.io/v1/callback", + "http://localhost:8080/*", + "https://localhost:8080/*", + "http://localhost:8081/*", + "https://localhost:8081/*", + "http://localhost:8082/*", + "https://localhost:8082/*" + ], + "webOrigins": [ + "+" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": true, + "protocol": "openid-connect", + "attributes": { + "oidc.ciba.grant.enabled": "false", + "client.secret.creation.time": "1713615347", + "backchannel.logout.session.required": "true", + "post.logout.redirect.uris": "+", + "oauth2.device.authorization.grant.enabled": "false", + "backchannel.logout.revoke.offline.tokens": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "cb2ee74f-fb36-4f21-82bb-4928966ea449", + "clientId": "broker", + "name": "${client_broker}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "4720b673-8d8b-4709-b695-88d6c17e8edf", + "clientId": "realm-management", + "name": "${client_realm-management}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "8c99b1f8-439f-4c01-ac62-bf4b852a3585", + "clientId": "security-admin-console", + "name": "${client_security-admin-console}", + "rootUrl": "${authAdminUrl}", + "baseUrl": "/admin/baeldung/console/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "/admin/baeldung/console/*" + ], + "webOrigins": [ + "+" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+", + "pkce.code.challenge.method": "S256" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "4a39a186-0bc6-46c8-9605-940ab6af0ec4", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + } + ], + "clientScopes": [ + { + "id": "98fd7e67-c4fc-4e6a-bb9c-6e27d99bbbb2", + "name": "phone", + "description": "OpenID Connect built-in scope: phone", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${phoneScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "1cdb5d11-fcc5-48ee-9acc-b8d980b607a5", + "name": "phone number", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "phoneNumber", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number", + "jsonType.label": "String" + } + }, + { + "id": "f3258684-171e-47f9-a9d0-96434e91ee6a", + "name": "phone number verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "phoneNumberVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number_verified", + "jsonType.label": "boolean" + } + } + ] + }, + { + "id": "20843100-3f9b-4c50-8dc6-86e6d64fbc3d", + "name": "role_list", + "description": "SAML role list", + "protocol": "saml", + "attributes": { + "consent.screen.text": "${samlRoleListScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "fabf3bec-72b8-4035-84a7-f368417446ef", + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", + "consentRequired": false, + "config": { + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" + } + } + ] + }, + { + "id": "3a0949bd-8a64-44b3-8f21-0b8c41cf44d8", + "name": "address", + "description": "OpenID Connect built-in scope: address", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${addressScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "38838b81-804d-47d1-9aad-92d5107b1653", + "name": "address", + "protocol": "openid-connect", + "protocolMapper": "oidc-address-mapper", + "consentRequired": false, + "config": { + "user.attribute.formatted": "formatted", + "user.attribute.country": "country", + "introspection.token.claim": "true", + "user.attribute.postal_code": "postal_code", + "userinfo.token.claim": "true", + "user.attribute.street": "street", + "id.token.claim": "true", + "user.attribute.region": "region", + "access.token.claim": "true", + "user.attribute.locality": "locality" + } + } + ] + }, + { + "id": "4bc0f7a9-7009-48f4-aeee-198c705d4e90", + "name": "profile", + "description": "OpenID Connect built-in scope: profile", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${profileScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "ed2fc2c9-d27e-4d2c-b877-4bc817fd54bf", + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String" + } + }, + { + "id": "c1278964-7ee9-4619-a8a4-461ef8fce69b", + "name": "nickname", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "nickname", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "nickname", + "jsonType.label": "String" + } + }, + { + "id": "bf7b6bfb-0c2a-4826-8ee2-52cc409534f2", + "name": "picture", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "picture", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "picture", + "jsonType.label": "String" + } + }, + { + "id": "85bdea58-50c5-4d63-952d-ab0e1e861244", + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" + } + }, + { + "id": "c945557c-e480-4f09-b9fa-62c05a26cb05", + "name": "updated at", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "updatedAt", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "updated_at", + "jsonType.label": "long" + } + }, + { + "id": "184fc94a-c750-4bc0-be3f-0501365bc1fd", + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "introspection.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + }, + { + "id": "40162254-ac26-4b36-a5d5-538d33612c80", + "name": "zoneinfo", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "zoneinfo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "zoneinfo", + "jsonType.label": "String" + } + }, + { + "id": "a85df9ca-5a7f-4035-96a1-bd55dcdbe5be", + "name": "gender", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "gender", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "gender", + "jsonType.label": "String" + } + }, + { + "id": "8d02d6e1-89b1-4777-8ce6-5bc6a1fb9f30", + "name": "middle name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "middleName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "middle_name", + "jsonType.label": "String" + } + }, + { + "id": "bf65a00b-5112-4bd4-b540-de0fa4912c65", + "name": "website", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "website", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "website", + "jsonType.label": "String" + } + }, + { + "id": "5eddbe1e-e274-4543-8606-a8fd3d5f793b", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + }, + { + "id": "54300fc6-0c26-42e0-89bb-844955488008", + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" + } + }, + { + "id": "89ccaf97-a0a8-4221-9174-17a7e475ebc7", + "name": "birthdate", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "birthdate", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "birthdate", + "jsonType.label": "String" + } + }, + { + "id": "58e90cb8-25c5-4e81-a5ed-a9de481fab17", + "name": "profile", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "profile", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "profile", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "2d434173-8b6e-4959-ad8f-c7185bc9b433", + "name": "email", + "description": "OpenID Connect built-in scope: email", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${emailScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "84dad65d-8413-44c0-95f4-f3d64035e7b6", + "name": "email verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "emailVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email_verified", + "jsonType.label": "boolean" + } + }, + { + "id": "89ac6a7f-9435-41ed-83eb-34a366429a6f", + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "51307312-9b48-4ae9-ad92-7cbc0ff4c6c3", + "name": "web-origins", + "description": "OpenID Connect scope for add allowed web origins to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false", + "consent.screen.text": "" + }, + "protocolMappers": [ + { + "id": "6f6d1690-df96-4774-ae4a-2d349461f02a", + "name": "allowed web origins", + "protocol": "openid-connect", + "protocolMapper": "oidc-allowed-origins-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, + { + "id": "3bec9041-170c-4c6d-a35e-be7a51442aef", + "name": "microprofile-jwt", + "description": "Microprofile - JWT built-in scope", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "52e647ff-3bb4-47ee-b67d-0cd24bb66c5b", + "name": "groups", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "multivalued": "true", + "user.attribute": "foo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "groups", + "jsonType.label": "String" + } + }, + { + "id": "027afd1d-3d34-49df-bf43-00adddfec15a", + "name": "upn", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "upn", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "159dc3dc-a659-4cb8-9271-809834a42d8e", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "5dbfb5d7-c181-4e47-85e8-13ad0610c43b", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "introspection.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, + { + "id": "46c52714-3bb6-4db9-a360-0839703c1f8e", + "name": "roles", + "description": "OpenID Connect scope for add user roles to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "true", + "consent.screen.text": "${rolesScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "0b274bf6-89f0-4d3c-a635-eb3943d062ee", + "name": "realm roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "multivalued": "true", + "user.attribute": "foo", + "access.token.claim": "true", + "claim.name": "realm_access.roles", + "jsonType.label": "String" + } + }, + { + "id": "e70cd96f-6d15-4c46-978a-359f1832b7c2", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "access.token.claim": "true" + } + }, + { + "id": "6a19a6ab-4035-4c43-b9e5-253339bb491b", + "name": "client roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-client-role-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "multivalued": "true", + "user.attribute": "foo", + "access.token.claim": "true", + "claim.name": "resource_access.${client_id}.roles", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "4d1dfa4a-c1cc-45ad-ade5-7ac2fabfc5d3", + "name": "offline_access", + "description": "OpenID Connect built-in scope: offline_access", + "protocol": "openid-connect", + "attributes": { + "consent.screen.text": "${offlineAccessScopeConsentText}", + "display.on.consent.screen": "true" + } + } + ], + "defaultDefaultClientScopes": [ + "role_list", + "profile", + "email", + "roles", + "web-origins", + "acr" + ], + "defaultOptionalClientScopes": [ + "offline_access", + "address", + "phone", + "microprofile-jwt" + ], + "browserSecurityHeaders": { + "contentSecurityPolicyReportOnly": "", + "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", + "xRobotsTag": "none", + "xFrameOptions": "SAMEORIGIN", + "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "xXSSProtection": "1; mode=block", + "strictTransportSecurity": "max-age=31536000; includeSubDomains" + }, + "smtpServer": {}, + "eventsEnabled": true, + "eventsExpiration": 900, + "eventsListeners": [ + "jboss-logging" + ], + "enabledEventTypes": [ + "SEND_RESET_PASSWORD", + "UPDATE_CONSENT_ERROR", + "GRANT_CONSENT", + "VERIFY_PROFILE_ERROR", + "REMOVE_TOTP", + "REVOKE_GRANT", + "UPDATE_TOTP", + "LOGIN_ERROR", + "CLIENT_LOGIN", + "RESET_PASSWORD_ERROR", + "IMPERSONATE_ERROR", + "CODE_TO_TOKEN_ERROR", + "CUSTOM_REQUIRED_ACTION", + "OAUTH2_DEVICE_CODE_TO_TOKEN_ERROR", + "RESTART_AUTHENTICATION", + "IMPERSONATE", + "UPDATE_PROFILE_ERROR", + "LOGIN", + "OAUTH2_DEVICE_VERIFY_USER_CODE", + "UPDATE_PASSWORD_ERROR", + "CLIENT_INITIATED_ACCOUNT_LINKING", + "OAUTH2_EXTENSION_GRANT", + "USER_DISABLED_BY_PERMANENT_LOCKOUT", + "TOKEN_EXCHANGE", + "AUTHREQID_TO_TOKEN", + "LOGOUT", + "REGISTER", + "DELETE_ACCOUNT_ERROR", + "CLIENT_REGISTER", + "IDENTITY_PROVIDER_LINK_ACCOUNT", + "USER_DISABLED_BY_TEMPORARY_LOCKOUT", + "DELETE_ACCOUNT", + "UPDATE_PASSWORD", + "CLIENT_DELETE", + "FEDERATED_IDENTITY_LINK_ERROR", + "IDENTITY_PROVIDER_FIRST_LOGIN", + "CLIENT_DELETE_ERROR", + "VERIFY_EMAIL", + "CLIENT_LOGIN_ERROR", + "RESTART_AUTHENTICATION_ERROR", + "EXECUTE_ACTIONS", + "REMOVE_FEDERATED_IDENTITY_ERROR", + "TOKEN_EXCHANGE_ERROR", + "PERMISSION_TOKEN", + "SEND_IDENTITY_PROVIDER_LINK_ERROR", + "EXECUTE_ACTION_TOKEN_ERROR", + "OAUTH2_EXTENSION_GRANT_ERROR", + "SEND_VERIFY_EMAIL", + "OAUTH2_DEVICE_AUTH", + "EXECUTE_ACTIONS_ERROR", + "REMOVE_FEDERATED_IDENTITY", + "OAUTH2_DEVICE_CODE_TO_TOKEN", + "IDENTITY_PROVIDER_POST_LOGIN", + "IDENTITY_PROVIDER_LINK_ACCOUNT_ERROR", + "OAUTH2_DEVICE_VERIFY_USER_CODE_ERROR", + "UPDATE_EMAIL", + "REGISTER_ERROR", + "REVOKE_GRANT_ERROR", + "EXECUTE_ACTION_TOKEN", + "LOGOUT_ERROR", + "UPDATE_EMAIL_ERROR", + "CLIENT_UPDATE_ERROR", + "AUTHREQID_TO_TOKEN_ERROR", + "UPDATE_PROFILE", + "CLIENT_REGISTER_ERROR", + "FEDERATED_IDENTITY_LINK", + "SEND_IDENTITY_PROVIDER_LINK", + "SEND_VERIFY_EMAIL_ERROR", + "RESET_PASSWORD", + "CLIENT_INITIATED_ACCOUNT_LINKING_ERROR", + "OAUTH2_DEVICE_AUTH_ERROR", + "UPDATE_CONSENT", + "REMOVE_TOTP_ERROR", + "VERIFY_EMAIL_ERROR", + "SEND_RESET_PASSWORD_ERROR", + "CLIENT_UPDATE", + "CUSTOM_REQUIRED_ACTION_ERROR", + "IDENTITY_PROVIDER_POST_LOGIN_ERROR", + "UPDATE_TOTP_ERROR", + "CODE_TO_TOKEN", + "VERIFY_PROFILE", + "GRANT_CONSENT_ERROR", + "IDENTITY_PROVIDER_FIRST_LOGIN_ERROR" + ], + "adminEventsEnabled": true, + "adminEventsDetailsEnabled": true, + "identityProviders": [], + "identityProviderMappers": [], + "components": { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ + { + "id": "c07dff7f-77fc-4381-a458-9c56515c5c98", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } + }, + { + "id": "d9662eb8-e8bb-4ae5-a625-c8c616d8967a", + "name": "Consent Required", + "providerId": "consent-required", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "03f2b651-fdea-4a7a-88e8-f169f5a7f892", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "oidc-usermodel-attribute-mapper", + "oidc-usermodel-property-mapper", + "oidc-sha256-pairwise-sub-mapper", + "oidc-full-name-mapper", + "oidc-address-mapper", + "saml-user-attribute-mapper", + "saml-user-property-mapper", + "saml-role-list-mapper" + ] + } + }, + { + "id": "0c7278cb-1e59-407e-9187-fa147ce96f82", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "a3c48cf1-67be-41fb-a852-6efe25560fcf", + "name": "Max Clients Limit", + "providerId": "max-clients", + "subType": "anonymous", + "subComponents": {}, + "config": { + "max-clients": [ + "200" + ] + } + }, + { + "id": "b0f72ad6-c65d-4132-912f-6e5ba9c48466", + "name": "Trusted Hosts", + "providerId": "trusted-hosts", + "subType": "anonymous", + "subComponents": {}, + "config": { + "host-sending-registration-request-must-match": [ + "true" + ], + "client-uris-must-match": [ + "true" + ] + } + }, + { + "id": "717bea7a-bc0a-4d2a-9ea2-cbe670f1833e", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "oidc-full-name-mapper", + "oidc-usermodel-attribute-mapper", + "oidc-usermodel-property-mapper", + "saml-role-list-mapper", + "saml-user-attribute-mapper", + "oidc-sha256-pairwise-sub-mapper", + "oidc-address-mapper", + "saml-user-property-mapper" + ] + } + }, + { + "id": "b1fa36d7-8ef0-4501-a495-215b90bd0699", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } + } + ], + "org.keycloak.keys.KeyProvider": [ + { + "id": "04a18d35-45bd-458d-9bc8-939db56e337d", + "name": "aes-generated", + "providerId": "aes-generated", + "subComponents": {}, + "config": { + "kid": [ + "3eaa2cde-31c2-409e-9e0e-b8f9ecf76704" + ], + "secret": [ + "7BdqNadvG1OQs7Z4qJfvaQ" + ], + "priority": [ + "100" + ] + } + }, + { + "id": "ce00dbf1-1d6d-44da-84c0-1ed88d712801", + "name": "rsa-generated", + "providerId": "rsa-generated", + "subComponents": {}, + "config": { + "privateKey": [ + "MIIEogIBAAKCAQEAp0WHWge6QpqVZfKr2kg1esRlHsSZfcGX8uu2pyB2NsXPjuaE0HqEN+OMsQsRR/rjbQkpPYG9sGur0nqNXhV/ErHIlMCmV2Hx8RoLWkVvpqrhnKH+0cBwm8dS83ZN0u5Q4xF1i6a/6FdZx0W45UrE/MZzlqB58I/EyaqZ4H6Id8MXp7W2Fuzw+Q2cKc1MxKx6MzhLJZShIXt8PTjueX5rRfYerdPbixq0E1vWA9Xcatt2mn/xIMo8illBk7fSPvzYv7YKsLtg1Cn43fU/mi63oBckb55D1uYzs2SgnzvRUX8eR6ndq/7CvZaGO3e3WN6FbowpE+wAbMZoXjlKRiHtPwIDAQABAoIBAAxcY/swNQB1AfNNsotn6KPQ3ZQffSRA6SSnbJD/Ih08EvGBcXEijKDArQXsRnOmQ6YsFiMYclcWLdVY/xdjyUctYiAz+Fbeww1JGmuqU+ziFdgIVJdVfDzWxvd815VtzQZqpOAUC3x08Ap8yYQQOWxgkewgocI4LZelhseDMjx/TIScOmuUWmFRwQ7HUP93OKV1oWC4lMAC4LTnqCqlnsk2L563+Q7T2jXUpznlJ6UoTSpu1Msllh+AxqkvZXvAwbFeYoDksWVUaY+gHAQkihgWMGIEmiBun9TsP4NUkpQuWXq1OHE6KBldaJPP3OProN2Z/gDgXDmKVVEf718m+YkCgYEA5KoroazEAIAjZ1L+t39DYNhv87eDnz/y2lRboD3InMFtE36rBPBIOTGiK3GKaIXh6b8VPOXXA5By2SnERIMfzdusmdknTREbC9Ca/ix5RyE/MqflGjqhcsEu1vWe/L7LYNrmTeOryR8E3rLSsrfmIFRKC+9ufsWlahttzW3D5ksCgYEAu0SLIqTmLfcwmIEngU044o5OZw7QtHaDJmNEv5n4cKXJHmCa3mK+IIIb7f3YIw4nyRQVKjbppAM1bLKT5RpqvHCxVIwjGbvhJ7l7QlBXmcx6x9n18ZPFdA8exUwm56sgixlrfUIHUMH1TFbGSFqIm5bAJwjFwqz3gXzSVU0rTF0CgYAjrCiCYGFzcooTZG84UTJBuYI9kzOFdIR+awqgRQM28TYDBI/JhXK++W9DN8NP6xMDVDwL9A9HDxHbrxhfV9VuWAblOWtYKoL9pN2JKYcCAb3KOUcUgHEPZfPYtRjIdTtlMMEdBZeXGK+5zkvwdaABCyVCF2g1fr//fafzlFwrYQKBgHtJcvhJ66hTVtDwJpv/xPWSjpdWr5w/cbRyIi6qJV+0JaY0H4FNLLKmNdEHD6Z0iUjeSdjS8hqiaie3oZpxO9f3sSdiYzFr+Z13hWhxEFsWvbaZDkwO5y2zTqTBr9NRXEl3YMbEE6DdMKsjbcLwp4MXSkXohpnV2dSL4sV52omZAoGAFY1w9JGkTwJ0rG/R+Yx3qcRhoHY7YA2PMSYIyB9E5d923L6bi1GRSwhNLO+lW0eWA8ekHiQLnqDmNJl708oJBGUwo/Zr7U9jowsqQIaSE8VgU6dfdhbScMI5vpmSrlQRyV0UveLvCsEAx/Rvl4y+dQneaEoNqEKSd7Hml2tjx7g=" + ], + "keyUse": [ + "SIG" + ], + "certificate": [ + "MIICnzCCAYcCBgGO+25VozANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDDAhiYWVsZHVuZzAeFw0yNDA0MjAxMjEzMTVaFw0zNDA0MjAxMjE0NTVaMBMxETAPBgNVBAMMCGJhZWxkdW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp0WHWge6QpqVZfKr2kg1esRlHsSZfcGX8uu2pyB2NsXPjuaE0HqEN+OMsQsRR/rjbQkpPYG9sGur0nqNXhV/ErHIlMCmV2Hx8RoLWkVvpqrhnKH+0cBwm8dS83ZN0u5Q4xF1i6a/6FdZx0W45UrE/MZzlqB58I/EyaqZ4H6Id8MXp7W2Fuzw+Q2cKc1MxKx6MzhLJZShIXt8PTjueX5rRfYerdPbixq0E1vWA9Xcatt2mn/xIMo8illBk7fSPvzYv7YKsLtg1Cn43fU/mi63oBckb55D1uYzs2SgnzvRUX8eR6ndq/7CvZaGO3e3WN6FbowpE+wAbMZoXjlKRiHtPwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQB091NLrtrT+JSmLfyv+LvFIPIaOu07kWHbueqjKbOinQ2ouBfMnOA9Ojm/17w8CIt/h6VIBzoi3H9Huq15dnGoiIcQIzvAiq8XSewnVfnyvFeq830LVAiTEEDRQLqKVT1PiRZEj64XGyRM3lX0Xp+CXG8z3Qc4OVFrHdb/nUIbfDAmxsWRymTm5p2E5GTJPlr/gON/AHPAHIzmgk5HD9PqBPpMQRHN9/y8vkeIPh9gEj8oUYsM6MPEKrbQIDBqnr8UaxPaMtJF+cjg36VB0SJ9c1w0DBWeND/UNFq47aNWMSND5O9qX0eJxVTqxFAFia0V2WUZk17Pd6pzLKkZQb94" + ], + "priority": [ + "100" + ] + } + }, + { + "id": "fa8ee6a3-d95e-4ec9-856a-0962208b6bcc", + "name": "rsa-enc-generated", + "providerId": "rsa-enc-generated", + "subComponents": {}, + "config": { + "privateKey": [ + "MIIEowIBAAKCAQEAsZNPlXoVvt4RsbkFu3giJB3W3qDxEGsAIvOQqLFKP4o1oFJY4L4K5ljUbGABMiq0fQEVTj1mAZAwqJ/J+mnv5OhkUfTDpAt0LactZRPqz7RyfRwmSTL3r/kCtFZn5WQZA//Z6q3zdm7ARxH3Dq9+cMARIe1k7dblWlX+8A5Qk8Ka9Ie6SfwqlTsv4EMTmIhUjj/UyEAWLhSLrk/gA3PQyw/OUEWJTM946AWmPcMtWJRFDbMsj00G1sgrmRuIa0zmXpLj+Zr1Kby9GBU/x60EKtONtXiX8IvIKFm8mKI40q8va6jI71wqUB7OtDZ1a+iF1h8TJ+X5Q2ARPo0li3iEUQIDAQABAoIBADhe57ovZdzP+TT+Y9P12Hy3nkDRPYV1OjdeM5NhqIzQLqLk0UMTATnLhC+dMHQA+4fdQqqyMgIYCGJXS1J7s8Rqg4JC3aJjYm+lrPLz5iwmf9u4hmzhSaCqv1GJRnUbGBfdbguiSfHUSaSmDtQyIMThK+8lwc8A05EgUIxbNvgYnEOEdavlyCq4HdMiDPSjpdHSdC8NpaQkAVULB3QXofm5SQm4ioED/trVjHyjl80i9ysDKSPPzqpye4lFCqmclni1U78V2w4E/uVOG8+MczZkS4otPG99QoELGuqLaVmq9rAx624owUAY3r7ecCL2lSHyjzJwBkrBFLenlSI4A6sCgYEA7tPcbOYPt2a7ih1nase6aC5rwTk62lpe9cuNpVCRmKKlX9glLLcFjNz+75LSyj4TXvg52vcZv3JmsULUeE30rPVr9hgIeuEnsPCc4HLJ40aVaEyhVVwg5ofy3++/8Ys0PR2blZ674/jFgxbB537t81QxQd5WtD9Zh+w7Tiiw40sCgYEAvlf4qvjKW6kaOpmIe4S7wWY9/FhbgHq3sKLltfzOGY0GTWGFZtJ7uzgDvOkEVAIyopEDKfkBL3Sok5ic8MpQOARCa1HXjm8+dtQ1SkNxDsGC//DpouHefkvwUNeKYPV2n4CckirUMmvSqWz4oWAA5u0C2eg0pwvlavMpRKN1mVMCgYB7Klt09biJNrvk4IEi+lnRvI7pmSAW16A9Vnp4FPLhKo/qu8eAJesA2D/JQYjfr9/BjHYZzHFE4DTBmduFJ37Va8P/qClHZbJYd94PimM/iHkozsws/1QgT2AbyMLOSKHqGsjQAoqXaQZDMotRXY5NfM/iTk2cq0b66AM1rZp7vQKBgQCpBc1XZV2sT1lvN+8uYAuqDXR1pLB8QnzjaYO6Oyd5IPW7uSGQ0M/2zCLlmbWyM9Fq8oJwvyECVwFrL1YNrFnXpFCmpCJZ5Qb+1ioMLB81DzmYtQGDFjdQx3Y7E2tZ9h7EPJzMXyPXMk/7Cz0tb+bdKRIjFkPLIpEyi4LV5KEE6QKBgF7Hs1jnR+/3wVK2NG+Ek5bOwOn7wNtwpfhHpj+Auwk7B9mzoor01L6UTw+LDMtQoohfqOJhM1xZcn2MJdhZhkWvSpavEyuY886A8RVtL44rh/kCHy/M4d9AQoiSz5mIYOdiiskbepG+jaIoweUvWxLmcWLWgV3H8syyqJR/vf30" + ], + "keyUse": [ + "ENC" + ], + "certificate": [ + "MIICnzCCAYcCBgGO+25WEDANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDDAhiYWVsZHVuZzAeFw0yNDA0MjAxMjEzMTZaFw0zNDA0MjAxMjE0NTZaMBMxETAPBgNVBAMMCGJhZWxkdW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsZNPlXoVvt4RsbkFu3giJB3W3qDxEGsAIvOQqLFKP4o1oFJY4L4K5ljUbGABMiq0fQEVTj1mAZAwqJ/J+mnv5OhkUfTDpAt0LactZRPqz7RyfRwmSTL3r/kCtFZn5WQZA//Z6q3zdm7ARxH3Dq9+cMARIe1k7dblWlX+8A5Qk8Ka9Ie6SfwqlTsv4EMTmIhUjj/UyEAWLhSLrk/gA3PQyw/OUEWJTM946AWmPcMtWJRFDbMsj00G1sgrmRuIa0zmXpLj+Zr1Kby9GBU/x60EKtONtXiX8IvIKFm8mKI40q8va6jI71wqUB7OtDZ1a+iF1h8TJ+X5Q2ARPo0li3iEUQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCT9Jua67qgsClibdgvEfX3BKLl+JXVbFjyYKfBhP85DIk/tzfeYi1UZilWGPWlnprhp5GnwZXPeqVsLCNM+ypdYN8RGBs6K48wVQoetf92GPh9eCQMq2FSAVKShsgkolKifyuZo8oQu6Na92V5EsjUV7hEB4G3jXOisrO/MjN+Ja9eRXru1L2n7bOrKtYRlYeNI8CZvc63jRPkq1fRutcmpqMRPDjMYuM9wUvkZwewqo8WSf51DDKBah5W83XLbTp5jX0bH1NZc3BNHnNerR3iMGPSa6rcKPsC3lL1mZluNVhQExyli1S1f7QmUc1BYxr3zi2uVCKkci5gRenDywws" + ], + "priority": [ + "100" + ], + "algorithm": [ + "RSA-OAEP" + ] + } + }, + { + "id": "0866f9d1-3c22-432c-95d4-65378e739b89", + "name": "hmac-generated-hs512", + "providerId": "hmac-generated", + "subComponents": {}, + "config": { + "kid": [ + "749eb77a-a3d7-45b2-bc40-3bf80faf2fc7" + ], + "secret": [ + "YmaVXh3blZqVaqpgeLyGI5JUzV8Vc41XFb7RcUaChNmAN-f61pqz7nE6edgQj_NS-TVVsvlq9qouKcd-5_oGugmvCXZ-Dp5gzcKe4EA-voOEV4pvJ7VXRWuH6QBDCaXyDiknEVtIx20ycjC4F8Ch10_n8so87mwMuVA6zD8Y-oM" + ], + "priority": [ + "100" + ], + "algorithm": [ + "HS512" + ] + } + } + ] + }, + "internationalizationEnabled": false, + "supportedLocales": [], + "authenticationFlows": [ + { + "id": "92fc572a-6443-4d62-989d-dc6147aed6a6", + "alias": "Account verification options", + "description": "Method with which to verity the existing account", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-email-verification", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Verify Existing Account by Re-authentication", + "userSetupAllowed": false + } + ] + }, + { + "id": "17dce980-92a5-4dab-84b6-29f0ffe91e2f", + "alias": "Browser - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-otp-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "9fdb023c-7959-4e7c-b745-d0bcfc6e1f87", + "alias": "Direct Grant - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "direct-grant-validate-otp", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "336dbe24-c5ec-44c0-bf56-1b811b451fdf", + "alias": "First broker login - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-otp-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "3a87da1e-2fdf-4d15-8c93-8e8d69fc2774", + "alias": "Handle Existing Account", + "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-confirm-link", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Account verification options", + "userSetupAllowed": false + } + ] + }, + { + "id": "77bd3109-c34e-4165-b9f7-cb6d19aa7fe3", + "alias": "Reset - Conditional OTP", + "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-otp", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "ee4b2165-c1be-43ca-96c8-b2302d78b38a", + "alias": "User creation or linking", + "description": "Flow for the existing/non-existing user alternatives", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorConfig": "create unique user config", + "authenticator": "idp-create-user-if-unique", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Handle Existing Account", + "userSetupAllowed": false + } + ] + }, + { + "id": "0116eec2-8a17-4de9-b75f-caa26e52bdf0", + "alias": "Verify Existing Account by Re-authentication", + "description": "Reauthentication of existing account", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-username-password-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "First broker login - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "de8794bd-3ad0-42e9-861f-85fcb6cb1db6", + "alias": "browser", + "description": "browser based authentication", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-cookie", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-spnego", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "identity-provider-redirector", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 25, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 30, + "autheticatorFlow": true, + "flowAlias": "forms", + "userSetupAllowed": false + } + ] + }, + { + "id": "9f6aa9f1-134b-4efe-84c4-ba9b7f4e8368", + "alias": "clients", + "description": "Base authentication for clients", + "providerId": "client-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "client-secret", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-jwt", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-secret-jwt", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 30, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-x509", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 40, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "692ddf3c-2813-46ef-b364-fcba9d70f5a4", + "alias": "direct grant", + "description": "OpenID Connect Resource Owner Grant", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "direct-grant-validate-username", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "direct-grant-validate-password", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 30, + "autheticatorFlow": true, + "flowAlias": "Direct Grant - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "257e18b2-be1c-4ab2-8dd7-68a83817ca8a", + "alias": "docker auth", + "description": "Used by Docker clients to authenticate against the IDP", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "docker-http-basic-authenticator", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "fe879ee4-eec5-4034-9b78-82636f614123", + "alias": "first broker login", + "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorConfig": "review profile config", + "authenticator": "idp-review-profile", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "User creation or linking", + "userSetupAllowed": false + } + ] + }, + { + "id": "2e6f09af-a3f6-415a-8d38-dfc1708e82ff", + "alias": "forms", + "description": "Username, password, otp and other auth forms.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-username-password-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Browser - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "cac2a81c-7933-4e1c-a91b-1a5e4d8ba873", + "alias": "registration", + "description": "registration flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-page-form", + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": true, + "flowAlias": "registration form", + "userSetupAllowed": false + } + ] + }, + { + "id": "76b893b1-6b16-4e7c-a945-b86b63c983fb", + "alias": "registration form", + "description": "registration form", + "providerId": "form-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-user-creation", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "registration-password-action", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 50, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "registration-recaptcha-action", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 60, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "registration-terms-and-conditions", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 70, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "8c1ba21b-218d-406d-a936-c935f41e7bef", + "alias": "reset credentials", + "description": "Reset credentials for a user if they forgot their password or something", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "reset-credentials-choose-user", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-credential-email", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-password", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 30, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 40, + "autheticatorFlow": true, + "flowAlias": "Reset - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "6df47204-9532-4b3e-821f-9a5255b9c305", + "alias": "saml ecp", + "description": "SAML ECP Profile Authentication Flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "http-basic-authenticator", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + } + ], + "authenticatorConfig": [ + { + "id": "793b40f2-0912-40f4-b570-a75015fb9eb0", + "alias": "create unique user config", + "config": { + "require.password.update.after.registration": "false" + } + }, + { + "id": "3ff115f7-7108-4b17-8868-1d390ec3a480", + "alias": "review profile config", + "config": { + "update.profile.on.first.login": "missing" + } + } + ], + "requiredActions": [ + { + "alias": "CONFIGURE_TOTP", + "name": "Configure OTP", + "providerId": "CONFIGURE_TOTP", + "enabled": true, + "defaultAction": false, + "priority": 10, + "config": {} + }, + { + "alias": "TERMS_AND_CONDITIONS", + "name": "Terms and Conditions", + "providerId": "TERMS_AND_CONDITIONS", + "enabled": false, + "defaultAction": false, + "priority": 20, + "config": {} + }, + { + "alias": "UPDATE_PASSWORD", + "name": "Update Password", + "providerId": "UPDATE_PASSWORD", + "enabled": true, + "defaultAction": false, + "priority": 30, + "config": {} + }, + { + "alias": "UPDATE_PROFILE", + "name": "Update Profile", + "providerId": "UPDATE_PROFILE", + "enabled": true, + "defaultAction": false, + "priority": 40, + "config": {} + }, + { + "alias": "VERIFY_EMAIL", + "name": "Verify Email", + "providerId": "VERIFY_EMAIL", + "enabled": true, + "defaultAction": false, + "priority": 50, + "config": {} + }, + { + "alias": "delete_account", + "name": "Delete Account", + "providerId": "delete_account", + "enabled": false, + "defaultAction": false, + "priority": 60, + "config": {} + }, + { + "alias": "webauthn-register", + "name": "Webauthn Register", + "providerId": "webauthn-register", + "enabled": true, + "defaultAction": false, + "priority": 70, + "config": {} + }, + { + "alias": "webauthn-register-passwordless", + "name": "Webauthn Register Passwordless", + "providerId": "webauthn-register-passwordless", + "enabled": true, + "defaultAction": false, + "priority": 80, + "config": {} + }, + { + "alias": "VERIFY_PROFILE", + "name": "Verify Profile", + "providerId": "VERIFY_PROFILE", + "enabled": true, + "defaultAction": false, + "priority": 90, + "config": {} + }, + { + "alias": "update_user_locale", + "name": "Update User Locale", + "providerId": "update_user_locale", + "enabled": true, + "defaultAction": false, + "priority": 1000, + "config": {} + } + ], + "browserFlow": "browser", + "registrationFlow": "registration", + "directGrantFlow": "direct grant", + "resetCredentialsFlow": "reset credentials", + "clientAuthenticationFlow": "clients", + "dockerAuthenticationFlow": "docker auth", + "firstBrokerLoginFlow": "first broker login", + "attributes": { + "cibaBackchannelTokenDeliveryMode": "poll", + "cibaAuthRequestedUserHint": "login_hint", + "oauth2DevicePollingInterval": "5", + "clientOfflineSessionMaxLifespan": "0", + "clientSessionIdleTimeout": "0", + "clientOfflineSessionIdleTimeout": "0", + "cibaInterval": "5", + "realmReusableOtpCode": "false", + "cibaExpiresIn": "120", + "oauth2DeviceCodeLifespan": "600", + "parRequestUriLifespan": "60", + "clientSessionMaxLifespan": "0", + "adminEventsExpiration": "900" + }, + "keycloakVersion": "24.0.0", + "userManagedAccessAllowed": false, + "clientProfiles": { + "profiles": [] + }, + "clientPolicies": { + "policies": [] + } } \ No newline at end of file diff --git a/spring-security-modules/spring-security-oauth2-testing/keycloak/import/baeldung-users-0.json b/spring-security-modules/spring-security-oauth2-testing/keycloak/import/baeldung-users-0.json index 20a78548df..1d43a9eecc 100644 --- a/spring-security-modules/spring-security-oauth2-testing/keycloak/import/baeldung-users-0.json +++ b/spring-security-modules/spring-security-oauth2-testing/keycloak/import/baeldung-users-0.json @@ -1,50 +1,62 @@ { - "realm" : "baeldung", - "users" : [ { - "id" : "bb83bd5b-b895-49aa-b62e-fde8ff8d5e64", - "username" : "authorized", - "firstName" : "authorized", - "lastName" : "user", - "email" : "authorized@baeldung.gg", - "emailVerified" : true, - "createdTimestamp" : 1713615702990, - "enabled" : true, - "totp" : false, - "credentials" : [ { - "id" : "23d3b6ce-fa3c-4f6e-9b09-e7b3cefa00f6", - "type" : "password", - "userLabel" : "My password", - "createdDate" : 1713615715678, - "secretData" : "{\"value\":\"lCZEOiVbCynSkCWiWe67/5/PybB+Om5mhi6SynpGFPB+r2b+QEKNYsB7ibO2f1ur9UB2aMO7jfoBYQdTJMcHbQ==\",\"salt\":\"hrIbqMOt0L7PPEYh/PsLNQ==\",\"additionalParameters\":{}}", - "credentialData" : "{\"hashIterations\":210000,\"algorithm\":\"pbkdf2-sha512\",\"additionalParameters\":{}}" - } ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "realmRoles" : [ "AUTHORIZED_PERSONNEL", "default-roles-baeldung" ], - "notBefore" : 0, - "groups" : [ ] - }, { - "id" : "d205d854-547c-43cf-a02d-fd6c385b128b", - "username" : "forbidden", - "firstName" : "forbidden", - "lastName" : "user", - "email" : "forbidden@baeldung.gg", - "emailVerified" : true, - "createdTimestamp" : 1713615781285, - "enabled" : true, - "totp" : false, - "credentials" : [ { - "id" : "2fa8244c-fba9-43d9-ab4d-80804ca26f6f", - "type" : "password", - "userLabel" : "My password", - "createdDate" : 1713615795357, - "secretData" : "{\"value\":\"sOUpOdi8yf31YbMEub+tAF7N55QHjrPjg48mO3/C1zGaAxLUYdLodf4upuy6w7eBuRrFaVa1m4mRe6wkWtmLIw==\",\"salt\":\"OMbZn6ojNyZdp6/k/72B/A==\",\"additionalParameters\":{}}", - "credentialData" : "{\"hashIterations\":210000,\"algorithm\":\"pbkdf2-sha512\",\"additionalParameters\":{}}" - } ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "realmRoles" : [ "default-roles-baeldung" ], - "notBefore" : 0, - "groups" : [ ] - } ] + "realm": "baeldung", + "users": [ + { + "id": "bb83bd5b-b895-49aa-b62e-fde8ff8d5e64", + "username": "authorized", + "firstName": "authorized", + "lastName": "user", + "email": "authorized@baeldung.gg", + "emailVerified": true, + "createdTimestamp": 1713615702990, + "enabled": true, + "totp": false, + "credentials": [ + { + "id": "23d3b6ce-fa3c-4f6e-9b09-e7b3cefa00f6", + "type": "password", + "userLabel": "My password", + "createdDate": 1713615715678, + "secretData": "{\"value\":\"lCZEOiVbCynSkCWiWe67/5/PybB+Om5mhi6SynpGFPB+r2b+QEKNYsB7ibO2f1ur9UB2aMO7jfoBYQdTJMcHbQ==\",\"salt\":\"hrIbqMOt0L7PPEYh/PsLNQ==\",\"additionalParameters\":{}}", + "credentialData": "{\"hashIterations\":210000,\"algorithm\":\"pbkdf2-sha512\",\"additionalParameters\":{}}" + } + ], + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": [ + "AUTHORIZED_PERSONNEL", + "default-roles-baeldung" + ], + "notBefore": 0, + "groups": [] + }, + { + "id": "d205d854-547c-43cf-a02d-fd6c385b128b", + "username": "forbidden", + "firstName": "forbidden", + "lastName": "user", + "email": "forbidden@baeldung.gg", + "emailVerified": true, + "createdTimestamp": 1713615781285, + "enabled": true, + "totp": false, + "credentials": [ + { + "id": "2fa8244c-fba9-43d9-ab4d-80804ca26f6f", + "type": "password", + "userLabel": "My password", + "createdDate": 1713615795357, + "secretData": "{\"value\":\"sOUpOdi8yf31YbMEub+tAF7N55QHjrPjg48mO3/C1zGaAxLUYdLodf4upuy6w7eBuRrFaVa1m4mRe6wkWtmLIw==\",\"salt\":\"OMbZn6ojNyZdp6/k/72B/A==\",\"additionalParameters\":{}}", + "credentialData": "{\"hashIterations\":210000,\"algorithm\":\"pbkdf2-sha512\",\"additionalParameters\":{}}" + } + ], + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": [ + "default-roles-baeldung" + ], + "notBefore": 0, + "groups": [] + } + ] } \ No newline at end of file diff --git a/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/pom.xml b/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/pom.xml index f22ebd1bd7..f284f5bf15 100644 --- a/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/pom.xml +++ b/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/pom.xml @@ -1,61 +1,61 @@ - 4.0.0 - com.baeldung.spring-security-modules.testing - reactive-resource-server - reactive-resource-server - Demo project for Spring Boot reactive resource-server + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"> + 4.0.0 + com.baeldung.spring-security-modules.testing + reactive-resource-server + reactive-resource-server + Demo project for Spring Boot reactive resource-server - - com.baeldung - spring-security-oauth2-testing - 0.0.1-SNAPSHOT - .. - + + com.baeldung + spring-security-oauth2-testing + 0.0.1-SNAPSHOT + .. + - - - org.springframework.boot - spring-boot-starter-oauth2-resource-server - - - org.springframework.boot - spring-boot-starter-webflux - - - org.projectlombok - lombok - true - - - org.springframework.boot - spring-boot-starter-test - test - - - com.c4-soft.springaddons - spring-addons-oauth2-test - test - - + + + org.springframework.boot + spring-boot-starter-oauth2-resource-server + + + org.springframework.boot + spring-boot-starter-webflux + + + org.projectlombok + lombok + true + + + org.springframework.boot + spring-boot-starter-test + test + + + com.c4-soft.springaddons + spring-addons-oauth2-test + test + + - - - - org.springframework.boot - spring-boot-maven-plugin - - - - org.projectlombok - lombok - - - - - - + + + + org.springframework.boot + spring-boot-maven-plugin + + + + org.projectlombok + lombok + + + + + + \ No newline at end of file diff --git a/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/test/resources/ch4mpy.json b/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/test/resources/ch4mpy.json index 22f7bb2cea..5a39971eab 100644 --- a/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/test/resources/ch4mpy.json +++ b/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/test/resources/ch4mpy.json @@ -1,15 +1,15 @@ { - "iss": "https://localhost:8443/realms/master", - "sub": "281c4558-550c-413b-9972-2d2e5bde6b9b", - "iat": 1695992542, - "exp": 1695992642, - "preferred_username": "ch4mpy", - "realm_access": { - "roles": [ - "admin", - "ROLE_AUTHORIZED_PERSONNEL" - ] - }, - "email": "ch4mp@c4-soft.com", - "scope": "openid email" + "iss": "https://localhost:8443/realms/master", + "sub": "281c4558-550c-413b-9972-2d2e5bde6b9b", + "iat": 1695992542, + "exp": 1695992642, + "preferred_username": "ch4mpy", + "realm_access": { + "roles": [ + "admin", + "ROLE_AUTHORIZED_PERSONNEL" + ] + }, + "email": "ch4mp@c4-soft.com", + "scope": "openid email" } \ No newline at end of file diff --git a/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/test/resources/tonton-pirate.json b/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/test/resources/tonton-pirate.json index 13a422f6fd..eff989f2c3 100644 --- a/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/test/resources/tonton-pirate.json +++ b/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/test/resources/tonton-pirate.json @@ -1,15 +1,15 @@ { - "iss": "https://localhost:8443/realms/master", - "sub": "2d2e5bde6b9b-550c-413b-9972-281c4558", - "iat": 1695992551, - "exp": 1695992651, - "preferred_username": "tonton-pirate", - "realm_access": { - "roles": [ - "uncle", - "PIRATE" - ] - }, - "email": "tonton-pirate@c4-soft.com", - "scope": "openid email" + "iss": "https://localhost:8443/realms/master", + "sub": "2d2e5bde6b9b-550c-413b-9972-281c4558", + "iat": 1695992551, + "exp": 1695992651, + "preferred_username": "tonton-pirate", + "realm_access": { + "roles": [ + "uncle", + "PIRATE" + ] + }, + "email": "tonton-pirate@c4-soft.com", + "scope": "openid email" } \ No newline at end of file diff --git a/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/pom.xml b/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/pom.xml index ddd6c1d313..75175fe1aa 100644 --- a/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/pom.xml +++ b/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/pom.xml @@ -1,61 +1,61 @@ - 4.0.0 - com.baeldung.spring-security-modules.testing - servlet-resource-server - servlet-resource-server - Demo project for Spring Boot servlet resource-server + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"> + 4.0.0 + com.baeldung.spring-security-modules.testing + servlet-resource-server + servlet-resource-server + Demo project for Spring Boot servlet resource-server - - com.baeldung - spring-security-oauth2-testing - 0.0.1-SNAPSHOT - .. - + + com.baeldung + spring-security-oauth2-testing + 0.0.1-SNAPSHOT + .. + - - - org.springframework.boot - spring-boot-starter-oauth2-resource-server - - - org.springframework.boot - spring-boot-starter-web - - - org.projectlombok - lombok - true - - - org.springframework.boot - spring-boot-starter-test - test - - - com.c4-soft.springaddons - spring-addons-oauth2-test - test - - + + + org.springframework.boot + spring-boot-starter-oauth2-resource-server + + + org.springframework.boot + spring-boot-starter-web + + + org.projectlombok + lombok + true + + + org.springframework.boot + spring-boot-starter-test + test + + + com.c4-soft.springaddons + spring-addons-oauth2-test + test + + - - - - org.springframework.boot - spring-boot-maven-plugin - - - - org.projectlombok - lombok - - - - - - + + + + org.springframework.boot + spring-boot-maven-plugin + + + + org.projectlombok + lombok + + + + + + diff --git a/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/test/resources/ch4mpy.json b/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/test/resources/ch4mpy.json index 22f7bb2cea..5a39971eab 100644 --- a/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/test/resources/ch4mpy.json +++ b/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/test/resources/ch4mpy.json @@ -1,15 +1,15 @@ { - "iss": "https://localhost:8443/realms/master", - "sub": "281c4558-550c-413b-9972-2d2e5bde6b9b", - "iat": 1695992542, - "exp": 1695992642, - "preferred_username": "ch4mpy", - "realm_access": { - "roles": [ - "admin", - "ROLE_AUTHORIZED_PERSONNEL" - ] - }, - "email": "ch4mp@c4-soft.com", - "scope": "openid email" + "iss": "https://localhost:8443/realms/master", + "sub": "281c4558-550c-413b-9972-2d2e5bde6b9b", + "iat": 1695992542, + "exp": 1695992642, + "preferred_username": "ch4mpy", + "realm_access": { + "roles": [ + "admin", + "ROLE_AUTHORIZED_PERSONNEL" + ] + }, + "email": "ch4mp@c4-soft.com", + "scope": "openid email" } \ No newline at end of file diff --git a/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/test/resources/tonton-pirate.json b/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/test/resources/tonton-pirate.json index 13a422f6fd..eff989f2c3 100644 --- a/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/test/resources/tonton-pirate.json +++ b/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/test/resources/tonton-pirate.json @@ -1,15 +1,15 @@ { - "iss": "https://localhost:8443/realms/master", - "sub": "2d2e5bde6b9b-550c-413b-9972-281c4558", - "iat": 1695992551, - "exp": 1695992651, - "preferred_username": "tonton-pirate", - "realm_access": { - "roles": [ - "uncle", - "PIRATE" - ] - }, - "email": "tonton-pirate@c4-soft.com", - "scope": "openid email" + "iss": "https://localhost:8443/realms/master", + "sub": "2d2e5bde6b9b-550c-413b-9972-281c4558", + "iat": 1695992551, + "exp": 1695992651, + "preferred_username": "tonton-pirate", + "realm_access": { + "roles": [ + "uncle", + "PIRATE" + ] + }, + "email": "tonton-pirate@c4-soft.com", + "scope": "openid email" } \ No newline at end of file From bcd2fb94a46e60ceddcca23cd58be37c4bbb3a36 Mon Sep 17 00:00:00 2001 From: ch4mpy Date: Wed, 24 Apr 2024 02:33:12 -1000 Subject: [PATCH 3/3] spaces instead of tabs in poms & json --- .../keycloak/import/baeldung-realm.json | 4666 ++++++++--------- .../keycloak/import/baeldung-users-0.json | 120 +- .../spring-security-oauth2-testing/pom.xml | 60 +- .../reactive-resource-server/pom.xml | 108 +- .../src/test/resources/ch4mpy.json | 26 +- .../src/test/resources/tonton-pirate.json | 26 +- .../servlet-resource-server/pom.xml | 108 +- .../src/test/resources/ch4mpy.json | 26 +- .../src/test/resources/tonton-pirate.json | 26 +- 9 files changed, 2583 insertions(+), 2583 deletions(-) diff --git a/spring-security-modules/spring-security-oauth2-testing/keycloak/import/baeldung-realm.json b/spring-security-modules/spring-security-oauth2-testing/keycloak/import/baeldung-realm.json index decb2f52b5..44c4948c7a 100644 --- a/spring-security-modules/spring-security-oauth2-testing/keycloak/import/baeldung-realm.json +++ b/spring-security-modules/spring-security-oauth2-testing/keycloak/import/baeldung-realm.json @@ -1,2335 +1,2335 @@ { - "id": "7a046c8d-77b1-4851-b4a9-e3a25a17e431", - "realm": "baeldung", - "notBefore": 0, - "defaultSignatureAlgorithm": "RS256", - "revokeRefreshToken": false, - "refreshTokenMaxReuse": 0, - "accessTokenLifespan": 300, - "accessTokenLifespanForImplicitFlow": 900, - "ssoSessionIdleTimeout": 1800, - "ssoSessionMaxLifespan": 36000, - "ssoSessionIdleTimeoutRememberMe": 0, - "ssoSessionMaxLifespanRememberMe": 0, - "offlineSessionIdleTimeout": 2592000, - "offlineSessionMaxLifespanEnabled": false, - "offlineSessionMaxLifespan": 5184000, - "clientSessionIdleTimeout": 0, - "clientSessionMaxLifespan": 0, - "clientOfflineSessionIdleTimeout": 0, - "clientOfflineSessionMaxLifespan": 0, - "accessCodeLifespan": 60, - "accessCodeLifespanUserAction": 300, - "accessCodeLifespanLogin": 1800, - "actionTokenGeneratedByAdminLifespan": 43200, - "actionTokenGeneratedByUserLifespan": 300, - "oauth2DeviceCodeLifespan": 600, - "oauth2DevicePollingInterval": 5, - "enabled": true, - "sslRequired": "external", - "registrationAllowed": false, - "registrationEmailAsUsername": false, - "rememberMe": false, - "verifyEmail": false, - "loginWithEmailAllowed": true, - "duplicateEmailsAllowed": false, - "resetPasswordAllowed": false, - "editUsernameAllowed": false, - "bruteForceProtected": false, - "permanentLockout": false, - "maxTemporaryLockouts": 0, - "maxFailureWaitSeconds": 900, - "minimumQuickLoginWaitSeconds": 60, - "waitIncrementSeconds": 60, - "quickLoginCheckMilliSeconds": 1000, - "maxDeltaTimeSeconds": 43200, - "failureFactor": 30, - "roles": { - "realm": [ - { - "id": "4ad869c1-56f3-45fd-b345-f107f2834de1", - "name": "AUTHORIZED_PERSONNEL", - "description": "", - "composite": false, - "clientRole": false, - "containerId": "7a046c8d-77b1-4851-b4a9-e3a25a17e431", - "attributes": {} - }, - { - "id": "bfdf00fe-5111-404b-858c-50dcb8a63e61", - "name": "default-roles-baeldung", - "description": "${role_default-roles}", - "composite": true, - "composites": { - "realm": [ - "offline_access", - "uma_authorization" - ], - "client": { - "account": [ - "view-profile", - "manage-account" - ] - } - }, - "clientRole": false, - "containerId": "7a046c8d-77b1-4851-b4a9-e3a25a17e431", - "attributes": {} - }, - { - "id": "96fbbf77-c81e-472b-bb2e-184713dfffde", - "name": "uma_authorization", - "description": "${role_uma_authorization}", - "composite": false, - "clientRole": false, - "containerId": "7a046c8d-77b1-4851-b4a9-e3a25a17e431", - "attributes": {} - }, - { - "id": "cec72467-237c-4ae9-ae1d-ca84ff51b404", - "name": "offline_access", - "description": "${role_offline-access}", - "composite": false, - "clientRole": false, - "containerId": "7a046c8d-77b1-4851-b4a9-e3a25a17e431", - "attributes": {} - } - ], - "client": { - "realm-management": [ - { - "id": "955d707a-3baa-4462-a53c-83ff73b30a12", - "name": "view-realm", - "description": "${role_view-realm}", - "composite": false, - "clientRole": true, - "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf", - "attributes": {} - }, - { - "id": "81cbcb10-8e84-431e-8da8-07219be8d93d", - "name": "view-clients", - "description": "${role_view-clients}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "query-clients" - ] - } - }, - "clientRole": true, - "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf", - "attributes": {} - }, - { - "id": "fa1adc6d-7b86-4dc6-a120-57eee9a4fe93", - "name": "create-client", - "description": "${role_create-client}", - "composite": false, - "clientRole": true, - "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf", - "attributes": {} - }, - { - "id": "be5a19cb-fa00-486a-abfa-eb0dc86680fb", - "name": "view-users", - "description": "${role_view-users}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "query-users", - "query-groups" - ] - } - }, - "clientRole": true, - "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf", - "attributes": {} - }, - { - "id": "d76de5c9-10f2-4b68-9850-a16d9b2dd35a", - "name": "manage-identity-providers", - "description": "${role_manage-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf", - "attributes": {} - }, - { - "id": "6339f747-4f89-4e67-9c77-420524135d96", - "name": "manage-authorization", - "description": "${role_manage-authorization}", - "composite": false, - "clientRole": true, - "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf", - "attributes": {} - }, - { - "id": "c9d5af42-6742-49cf-bd01-a730f4c3cc2e", - "name": "impersonation", - "description": "${role_impersonation}", - "composite": false, - "clientRole": true, - "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf", - "attributes": {} - }, - { - "id": "56dccfed-9379-4cfb-a720-b9b9e1745048", - "name": "view-identity-providers", - "description": "${role_view-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf", - "attributes": {} - }, - { - "id": "e10c568f-c50f-4ee4-88cf-43f0c4a1dc2c", - "name": "manage-realm", - "description": "${role_manage-realm}", - "composite": false, - "clientRole": true, - "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf", - "attributes": {} - }, - { - "id": "d12dcfc2-b649-4c11-ac55-41d6ab10f5c6", - "name": "query-users", - "description": "${role_query-users}", - "composite": false, - "clientRole": true, - "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf", - "attributes": {} - }, - { - "id": "57977d45-f810-400a-81ca-63a9bdddd3b9", - "name": "query-realms", - "description": "${role_query-realms}", - "composite": false, - "clientRole": true, - "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf", - "attributes": {} - }, - { - "id": "e14dfabc-3f03-42cf-a716-5261b7002914", - "name": "query-groups", - "description": "${role_query-groups}", - "composite": false, - "clientRole": true, - "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf", - "attributes": {} - }, - { - "id": "800d272c-1327-485c-9d2f-576f3d9a0178", - "name": "view-authorization", - "description": "${role_view-authorization}", - "composite": false, - "clientRole": true, - "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf", - "attributes": {} - }, - { - "id": "fdc10176-42c0-4b58-968a-35bfd5dbce20", - "name": "view-events", - "description": "${role_view-events}", - "composite": false, - "clientRole": true, - "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf", - "attributes": {} - }, - { - "id": "23393ccd-3b70-4de8-9e00-0adbb11851ce", - "name": "manage-users", - "description": "${role_manage-users}", - "composite": false, - "clientRole": true, - "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf", - "attributes": {} - }, - { - "id": "01a3847f-7602-400d-bedd-7545618559f3", - "name": "manage-clients", - "description": "${role_manage-clients}", - "composite": false, - "clientRole": true, - "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf", - "attributes": {} - }, - { - "id": "7d8ac9c4-6d1b-4861-a0b9-0479cbd55b14", - "name": "query-clients", - "description": "${role_query-clients}", - "composite": false, - "clientRole": true, - "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf", - "attributes": {} - }, - { - "id": "788677b0-3fbf-457d-8b62-25f305b86bcf", - "name": "manage-events", - "description": "${role_manage-events}", - "composite": false, - "clientRole": true, - "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf", - "attributes": {} - }, - { - "id": "642d82d5-1071-47a9-aca9-d0fbd28d0328", - "name": "realm-admin", - "description": "${role_realm-admin}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "view-realm", - "view-clients", - "create-client", - "view-users", - "manage-identity-providers", - "manage-authorization", - "impersonation", - "view-identity-providers", - "manage-realm", - "query-users", - "query-realms", - "view-authorization", - "query-groups", - "view-events", - "manage-users", - "manage-clients", - "query-clients", - "manage-events" - ] - } - }, - "clientRole": true, - "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf", - "attributes": {} - } - ], - "security-admin-console": [], - "admin-cli": [], - "baeldung-confidential": [], - "account-console": [], - "broker": [ - { - "id": "9043c535-f6d3-44dc-8c48-d3983e04a93b", - "name": "read-token", - "description": "${role_read-token}", - "composite": false, - "clientRole": true, - "containerId": "cb2ee74f-fb36-4f21-82bb-4928966ea449", - "attributes": {} - } - ], - "account": [ - { - "id": "4a188a41-39d9-47e6-b8de-6d9b42c7a414", - "name": "view-profile", - "description": "${role_view-profile}", - "composite": false, - "clientRole": true, - "containerId": "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b", - "attributes": {} - }, - { - "id": "da24f251-0c13-4035-84f1-16c5a3301ea6", - "name": "view-consent", - "description": "${role_view-consent}", - "composite": false, - "clientRole": true, - "containerId": "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b", - "attributes": {} - }, - { - "id": "26edbb7d-dd9f-4dd4-a282-a6e886e38302", - "name": "manage-account-links", - "description": "${role_manage-account-links}", - "composite": false, - "clientRole": true, - "containerId": "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b", - "attributes": {} - }, - { - "id": "b2c98d1e-4a85-4e11-901d-0207e9793acf", - "name": "manage-consent", - "description": "${role_manage-consent}", - "composite": true, - "composites": { - "client": { - "account": [ - "view-consent" - ] - } - }, - "clientRole": true, - "containerId": "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b", - "attributes": {} - }, - { - "id": "f244eb36-cf20-4e96-8233-fee1ee8da72e", - "name": "manage-account", - "description": "${role_manage-account}", - "composite": true, - "composites": { - "client": { - "account": [ - "manage-account-links" - ] - } - }, - "clientRole": true, - "containerId": "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b", - "attributes": {} - }, - { - "id": "a5ca4c2f-d8ad-4c8c-bfd4-1173dd7c1338", - "name": "view-groups", - "description": "${role_view-groups}", - "composite": false, - "clientRole": true, - "containerId": "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b", - "attributes": {} - }, - { - "id": "83f4a43c-07cd-43d5-af99-7825ea603ca9", - "name": "view-applications", - "description": "${role_view-applications}", - "composite": false, - "clientRole": true, - "containerId": "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b", - "attributes": {} - }, - { - "id": "18642f4e-1e2a-4023-9947-7a425d8ed76e", - "name": "delete-account", - "description": "${role_delete-account}", - "composite": false, - "clientRole": true, - "containerId": "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b", - "attributes": {} - } - ] - } - }, - "groups": [], - "defaultRole": { - "id": "bfdf00fe-5111-404b-858c-50dcb8a63e61", - "name": "default-roles-baeldung", - "description": "${role_default-roles}", - "composite": true, - "clientRole": false, - "containerId": "7a046c8d-77b1-4851-b4a9-e3a25a17e431" - }, - "requiredCredentials": [ - "password" - ], - "otpPolicyType": "totp", - "otpPolicyAlgorithm": "HmacSHA1", - "otpPolicyInitialCounter": 0, - "otpPolicyDigits": 6, - "otpPolicyLookAheadWindow": 1, - "otpPolicyPeriod": 30, - "otpPolicyCodeReusable": false, - "otpSupportedApplications": [ - "totpAppFreeOTPName", - "totpAppGoogleName", - "totpAppMicrosoftAuthenticatorName" - ], - "localizationTexts": {}, - "webAuthnPolicyRpEntityName": "keycloak", - "webAuthnPolicySignatureAlgorithms": [ - "ES256" - ], - "webAuthnPolicyRpId": "", - "webAuthnPolicyAttestationConveyancePreference": "not specified", - "webAuthnPolicyAuthenticatorAttachment": "not specified", - "webAuthnPolicyRequireResidentKey": "not specified", - "webAuthnPolicyUserVerificationRequirement": "not specified", - "webAuthnPolicyCreateTimeout": 0, - "webAuthnPolicyAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyAcceptableAaguids": [], - "webAuthnPolicyExtraOrigins": [], - "webAuthnPolicyPasswordlessRpEntityName": "keycloak", - "webAuthnPolicyPasswordlessSignatureAlgorithms": [ - "ES256" - ], - "webAuthnPolicyPasswordlessRpId": "", - "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", - "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", - "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", - "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", - "webAuthnPolicyPasswordlessCreateTimeout": 0, - "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyPasswordlessAcceptableAaguids": [], - "webAuthnPolicyPasswordlessExtraOrigins": [], - "scopeMappings": [ - { - "clientScope": "offline_access", - "roles": [ - "offline_access" - ] - } - ], - "clientScopeMappings": { - "account": [ - { - "client": "account-console", - "roles": [ - "manage-account", - "view-groups" - ] - } - ] - }, - "clients": [ - { - "id": "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b", - "clientId": "account", - "name": "${client_account}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/baeldung/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/realms/baeldung/account/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "post.logout.redirect.uris": "+" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "acr", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "4beaa749-404c-4a6a-9b04-72df4f9066a4", - "clientId": "account-console", - "name": "${client_account-console}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/baeldung/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/realms/baeldung/account/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "post.logout.redirect.uris": "+", - "pkce.code.challenge.method": "S256" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "84f0fe2c-8381-4cd1-afa7-508c5cd6c83c", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - } - ], - "defaultClientScopes": [ - "web-origins", - "acr", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "d2a180a9-6ed6-42fd-a476-2ba0948cae8f", - "clientId": "admin-cli", - "name": "${client_admin-cli}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "acr", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "3172d7e0-ac9f-4728-ba8c-e1d35c6e14a4", - "clientId": "baeldung-confidential", - "name": "", - "description": "", - "rootUrl": "", - "adminUrl": "", - "baseUrl": "", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "secret", - "redirectUris": [ - "https://oauth.pstmn.io/v1/callback", - "http://localhost:8080/*", - "https://localhost:8080/*", - "http://localhost:8081/*", - "https://localhost:8081/*", - "http://localhost:8082/*", - "https://localhost:8082/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": true, - "protocol": "openid-connect", - "attributes": { - "oidc.ciba.grant.enabled": "false", - "client.secret.creation.time": "1713615347", - "backchannel.logout.session.required": "true", - "post.logout.redirect.uris": "+", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "acr", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "cb2ee74f-fb36-4f21-82bb-4928966ea449", - "clientId": "broker", - "name": "${client_broker}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "acr", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "4720b673-8d8b-4709-b695-88d6c17e8edf", - "clientId": "realm-management", - "name": "${client_realm-management}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "acr", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "8c99b1f8-439f-4c01-ac62-bf4b852a3585", - "clientId": "security-admin-console", - "name": "${client_security-admin-console}", - "rootUrl": "${authAdminUrl}", - "baseUrl": "/admin/baeldung/console/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/admin/baeldung/console/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "post.logout.redirect.uris": "+", - "pkce.code.challenge.method": "S256" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "4a39a186-0bc6-46c8-9605-940ab6af0ec4", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "acr", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - } - ], - "clientScopes": [ - { - "id": "98fd7e67-c4fc-4e6a-bb9c-6e27d99bbbb2", - "name": "phone", - "description": "OpenID Connect built-in scope: phone", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${phoneScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "1cdb5d11-fcc5-48ee-9acc-b8d980b607a5", - "name": "phone number", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "phoneNumber", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number", - "jsonType.label": "String" - } - }, - { - "id": "f3258684-171e-47f9-a9d0-96434e91ee6a", - "name": "phone number verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "phoneNumberVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number_verified", - "jsonType.label": "boolean" - } - } - ] - }, - { - "id": "20843100-3f9b-4c50-8dc6-86e6d64fbc3d", - "name": "role_list", - "description": "SAML role list", - "protocol": "saml", - "attributes": { - "consent.screen.text": "${samlRoleListScopeConsentText}", - "display.on.consent.screen": "true" - }, - "protocolMappers": [ - { - "id": "fabf3bec-72b8-4035-84a7-f368417446ef", - "name": "role list", - "protocol": "saml", - "protocolMapper": "saml-role-list-mapper", - "consentRequired": false, - "config": { - "single": "false", - "attribute.nameformat": "Basic", - "attribute.name": "Role" - } - } - ] - }, - { - "id": "3a0949bd-8a64-44b3-8f21-0b8c41cf44d8", - "name": "address", - "description": "OpenID Connect built-in scope: address", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${addressScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "38838b81-804d-47d1-9aad-92d5107b1653", - "name": "address", - "protocol": "openid-connect", - "protocolMapper": "oidc-address-mapper", - "consentRequired": false, - "config": { - "user.attribute.formatted": "formatted", - "user.attribute.country": "country", - "introspection.token.claim": "true", - "user.attribute.postal_code": "postal_code", - "userinfo.token.claim": "true", - "user.attribute.street": "street", - "id.token.claim": "true", - "user.attribute.region": "region", - "access.token.claim": "true", - "user.attribute.locality": "locality" - } - } - ] - }, - { - "id": "4bc0f7a9-7009-48f4-aeee-198c705d4e90", - "name": "profile", - "description": "OpenID Connect built-in scope: profile", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${profileScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "ed2fc2c9-d27e-4d2c-b877-4bc817fd54bf", - "name": "family name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "lastName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" - } - }, - { - "id": "c1278964-7ee9-4619-a8a4-461ef8fce69b", - "name": "nickname", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "nickname", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "nickname", - "jsonType.label": "String" - } - }, - { - "id": "bf7b6bfb-0c2a-4826-8ee2-52cc409534f2", - "name": "picture", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "picture", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "picture", - "jsonType.label": "String" - } - }, - { - "id": "85bdea58-50c5-4d63-952d-ab0e1e861244", - "name": "username", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" - } - }, - { - "id": "c945557c-e480-4f09-b9fa-62c05a26cb05", - "name": "updated at", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "updatedAt", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "updated_at", - "jsonType.label": "long" - } - }, - { - "id": "184fc94a-c750-4bc0-be3f-0501365bc1fd", - "name": "full name", - "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "introspection.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "id": "40162254-ac26-4b36-a5d5-538d33612c80", - "name": "zoneinfo", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "zoneinfo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "zoneinfo", - "jsonType.label": "String" - } - }, - { - "id": "a85df9ca-5a7f-4035-96a1-bd55dcdbe5be", - "name": "gender", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "gender", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "gender", - "jsonType.label": "String" - } - }, - { - "id": "8d02d6e1-89b1-4777-8ce6-5bc6a1fb9f30", - "name": "middle name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "middleName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "middle_name", - "jsonType.label": "String" - } - }, - { - "id": "bf65a00b-5112-4bd4-b540-de0fa4912c65", - "name": "website", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "website", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "website", - "jsonType.label": "String" - } - }, - { - "id": "5eddbe1e-e274-4543-8606-a8fd3d5f793b", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - }, - { - "id": "54300fc6-0c26-42e0-89bb-844955488008", - "name": "given name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "firstName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" - } - }, - { - "id": "89ccaf97-a0a8-4221-9174-17a7e475ebc7", - "name": "birthdate", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "birthdate", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "birthdate", - "jsonType.label": "String" - } - }, - { - "id": "58e90cb8-25c5-4e81-a5ed-a9de481fab17", - "name": "profile", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "profile", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "profile", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "2d434173-8b6e-4959-ad8f-c7185bc9b433", - "name": "email", - "description": "OpenID Connect built-in scope: email", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${emailScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "84dad65d-8413-44c0-95f4-f3d64035e7b6", - "name": "email verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "emailVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email_verified", - "jsonType.label": "boolean" - } - }, - { - "id": "89ac6a7f-9435-41ed-83eb-34a366429a6f", - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "51307312-9b48-4ae9-ad92-7cbc0ff4c6c3", - "name": "web-origins", - "description": "OpenID Connect scope for add allowed web origins to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "false", - "consent.screen.text": "" - }, - "protocolMappers": [ - { - "id": "6f6d1690-df96-4774-ae4a-2d349461f02a", - "name": "allowed web origins", - "protocol": "openid-connect", - "protocolMapper": "oidc-allowed-origins-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "access.token.claim": "true" - } - } - ] - }, - { - "id": "3bec9041-170c-4c6d-a35e-be7a51442aef", - "name": "microprofile-jwt", - "description": "Microprofile - JWT built-in scope", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ - { - "id": "52e647ff-3bb4-47ee-b67d-0cd24bb66c5b", - "name": "groups", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "multivalued": "true", - "user.attribute": "foo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "groups", - "jsonType.label": "String" - } - }, - { - "id": "027afd1d-3d34-49df-bf43-00adddfec15a", - "name": "upn", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "upn", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "159dc3dc-a659-4cb8-9271-809834a42d8e", - "name": "acr", - "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ - { - "id": "5dbfb5d7-c181-4e47-85e8-13ad0610c43b", - "name": "acr loa level", - "protocol": "openid-connect", - "protocolMapper": "oidc-acr-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "introspection.token.claim": "true", - "access.token.claim": "true" - } - } - ] - }, - { - "id": "46c52714-3bb6-4db9-a360-0839703c1f8e", - "name": "roles", - "description": "OpenID Connect scope for add user roles to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "true", - "consent.screen.text": "${rolesScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "0b274bf6-89f0-4d3c-a635-eb3943d062ee", - "name": "realm roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "multivalued": "true", - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "realm_access.roles", - "jsonType.label": "String" - } - }, - { - "id": "e70cd96f-6d15-4c46-978a-359f1832b7c2", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "access.token.claim": "true" - } - }, - { - "id": "6a19a6ab-4035-4c43-b9e5-253339bb491b", - "name": "client roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-client-role-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "multivalued": "true", - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "resource_access.${client_id}.roles", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "4d1dfa4a-c1cc-45ad-ade5-7ac2fabfc5d3", - "name": "offline_access", - "description": "OpenID Connect built-in scope: offline_access", - "protocol": "openid-connect", - "attributes": { - "consent.screen.text": "${offlineAccessScopeConsentText}", - "display.on.consent.screen": "true" - } - } - ], - "defaultDefaultClientScopes": [ - "role_list", - "profile", - "email", - "roles", - "web-origins", - "acr" - ], - "defaultOptionalClientScopes": [ - "offline_access", - "address", - "phone", - "microprofile-jwt" - ], - "browserSecurityHeaders": { - "contentSecurityPolicyReportOnly": "", - "xContentTypeOptions": "nosniff", - "referrerPolicy": "no-referrer", - "xRobotsTag": "none", - "xFrameOptions": "SAMEORIGIN", - "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - "xXSSProtection": "1; mode=block", - "strictTransportSecurity": "max-age=31536000; includeSubDomains" - }, - "smtpServer": {}, - "eventsEnabled": true, - "eventsExpiration": 900, - "eventsListeners": [ - "jboss-logging" - ], - "enabledEventTypes": [ - "SEND_RESET_PASSWORD", - "UPDATE_CONSENT_ERROR", - "GRANT_CONSENT", - "VERIFY_PROFILE_ERROR", - "REMOVE_TOTP", - "REVOKE_GRANT", - "UPDATE_TOTP", - "LOGIN_ERROR", - "CLIENT_LOGIN", - "RESET_PASSWORD_ERROR", - "IMPERSONATE_ERROR", - "CODE_TO_TOKEN_ERROR", - "CUSTOM_REQUIRED_ACTION", - "OAUTH2_DEVICE_CODE_TO_TOKEN_ERROR", - "RESTART_AUTHENTICATION", - "IMPERSONATE", - "UPDATE_PROFILE_ERROR", - "LOGIN", - "OAUTH2_DEVICE_VERIFY_USER_CODE", - "UPDATE_PASSWORD_ERROR", - "CLIENT_INITIATED_ACCOUNT_LINKING", - "OAUTH2_EXTENSION_GRANT", - "USER_DISABLED_BY_PERMANENT_LOCKOUT", - "TOKEN_EXCHANGE", - "AUTHREQID_TO_TOKEN", - "LOGOUT", - "REGISTER", - "DELETE_ACCOUNT_ERROR", - "CLIENT_REGISTER", - "IDENTITY_PROVIDER_LINK_ACCOUNT", - "USER_DISABLED_BY_TEMPORARY_LOCKOUT", - "DELETE_ACCOUNT", - "UPDATE_PASSWORD", - "CLIENT_DELETE", - "FEDERATED_IDENTITY_LINK_ERROR", - "IDENTITY_PROVIDER_FIRST_LOGIN", - "CLIENT_DELETE_ERROR", - "VERIFY_EMAIL", - "CLIENT_LOGIN_ERROR", - "RESTART_AUTHENTICATION_ERROR", - "EXECUTE_ACTIONS", - "REMOVE_FEDERATED_IDENTITY_ERROR", - "TOKEN_EXCHANGE_ERROR", - "PERMISSION_TOKEN", - "SEND_IDENTITY_PROVIDER_LINK_ERROR", - "EXECUTE_ACTION_TOKEN_ERROR", - "OAUTH2_EXTENSION_GRANT_ERROR", - "SEND_VERIFY_EMAIL", - "OAUTH2_DEVICE_AUTH", - "EXECUTE_ACTIONS_ERROR", - "REMOVE_FEDERATED_IDENTITY", - "OAUTH2_DEVICE_CODE_TO_TOKEN", - "IDENTITY_PROVIDER_POST_LOGIN", - "IDENTITY_PROVIDER_LINK_ACCOUNT_ERROR", - "OAUTH2_DEVICE_VERIFY_USER_CODE_ERROR", - "UPDATE_EMAIL", - "REGISTER_ERROR", - "REVOKE_GRANT_ERROR", - "EXECUTE_ACTION_TOKEN", - "LOGOUT_ERROR", - "UPDATE_EMAIL_ERROR", - "CLIENT_UPDATE_ERROR", - "AUTHREQID_TO_TOKEN_ERROR", - "UPDATE_PROFILE", - "CLIENT_REGISTER_ERROR", - "FEDERATED_IDENTITY_LINK", - "SEND_IDENTITY_PROVIDER_LINK", - "SEND_VERIFY_EMAIL_ERROR", - "RESET_PASSWORD", - "CLIENT_INITIATED_ACCOUNT_LINKING_ERROR", - "OAUTH2_DEVICE_AUTH_ERROR", - "UPDATE_CONSENT", - "REMOVE_TOTP_ERROR", - "VERIFY_EMAIL_ERROR", - "SEND_RESET_PASSWORD_ERROR", - "CLIENT_UPDATE", - "CUSTOM_REQUIRED_ACTION_ERROR", - "IDENTITY_PROVIDER_POST_LOGIN_ERROR", - "UPDATE_TOTP_ERROR", - "CODE_TO_TOKEN", - "VERIFY_PROFILE", - "GRANT_CONSENT_ERROR", - "IDENTITY_PROVIDER_FIRST_LOGIN_ERROR" - ], - "adminEventsEnabled": true, - "adminEventsDetailsEnabled": true, - "identityProviders": [], - "identityProviderMappers": [], - "components": { - "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ - { - "id": "c07dff7f-77fc-4381-a458-9c56515c5c98", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, - { - "id": "d9662eb8-e8bb-4ae5-a625-c8c616d8967a", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "03f2b651-fdea-4a7a-88e8-f169f5a7f892", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "oidc-usermodel-attribute-mapper", - "oidc-usermodel-property-mapper", - "oidc-sha256-pairwise-sub-mapper", - "oidc-full-name-mapper", - "oidc-address-mapper", - "saml-user-attribute-mapper", - "saml-user-property-mapper", - "saml-role-list-mapper" - ] - } - }, - { - "id": "0c7278cb-1e59-407e-9187-fa147ce96f82", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "a3c48cf1-67be-41fb-a852-6efe25560fcf", - "name": "Max Clients Limit", - "providerId": "max-clients", - "subType": "anonymous", - "subComponents": {}, - "config": { - "max-clients": [ - "200" - ] - } - }, - { - "id": "b0f72ad6-c65d-4132-912f-6e5ba9c48466", - "name": "Trusted Hosts", - "providerId": "trusted-hosts", - "subType": "anonymous", - "subComponents": {}, - "config": { - "host-sending-registration-request-must-match": [ - "true" - ], - "client-uris-must-match": [ - "true" - ] - } - }, - { - "id": "717bea7a-bc0a-4d2a-9ea2-cbe670f1833e", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "oidc-full-name-mapper", - "oidc-usermodel-attribute-mapper", - "oidc-usermodel-property-mapper", - "saml-role-list-mapper", - "saml-user-attribute-mapper", - "oidc-sha256-pairwise-sub-mapper", - "oidc-address-mapper", - "saml-user-property-mapper" - ] - } - }, - { - "id": "b1fa36d7-8ef0-4501-a495-215b90bd0699", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - } - ], - "org.keycloak.keys.KeyProvider": [ - { - "id": "04a18d35-45bd-458d-9bc8-939db56e337d", - "name": "aes-generated", - "providerId": "aes-generated", - "subComponents": {}, - "config": { - "kid": [ - "3eaa2cde-31c2-409e-9e0e-b8f9ecf76704" - ], - "secret": [ - "7BdqNadvG1OQs7Z4qJfvaQ" - ], - "priority": [ - "100" - ] - } - }, - { - "id": "ce00dbf1-1d6d-44da-84c0-1ed88d712801", - "name": "rsa-generated", - "providerId": "rsa-generated", - "subComponents": {}, - "config": { - "privateKey": [ - "MIIEogIBAAKCAQEAp0WHWge6QpqVZfKr2kg1esRlHsSZfcGX8uu2pyB2NsXPjuaE0HqEN+OMsQsRR/rjbQkpPYG9sGur0nqNXhV/ErHIlMCmV2Hx8RoLWkVvpqrhnKH+0cBwm8dS83ZN0u5Q4xF1i6a/6FdZx0W45UrE/MZzlqB58I/EyaqZ4H6Id8MXp7W2Fuzw+Q2cKc1MxKx6MzhLJZShIXt8PTjueX5rRfYerdPbixq0E1vWA9Xcatt2mn/xIMo8illBk7fSPvzYv7YKsLtg1Cn43fU/mi63oBckb55D1uYzs2SgnzvRUX8eR6ndq/7CvZaGO3e3WN6FbowpE+wAbMZoXjlKRiHtPwIDAQABAoIBAAxcY/swNQB1AfNNsotn6KPQ3ZQffSRA6SSnbJD/Ih08EvGBcXEijKDArQXsRnOmQ6YsFiMYclcWLdVY/xdjyUctYiAz+Fbeww1JGmuqU+ziFdgIVJdVfDzWxvd815VtzQZqpOAUC3x08Ap8yYQQOWxgkewgocI4LZelhseDMjx/TIScOmuUWmFRwQ7HUP93OKV1oWC4lMAC4LTnqCqlnsk2L563+Q7T2jXUpznlJ6UoTSpu1Msllh+AxqkvZXvAwbFeYoDksWVUaY+gHAQkihgWMGIEmiBun9TsP4NUkpQuWXq1OHE6KBldaJPP3OProN2Z/gDgXDmKVVEf718m+YkCgYEA5KoroazEAIAjZ1L+t39DYNhv87eDnz/y2lRboD3InMFtE36rBPBIOTGiK3GKaIXh6b8VPOXXA5By2SnERIMfzdusmdknTREbC9Ca/ix5RyE/MqflGjqhcsEu1vWe/L7LYNrmTeOryR8E3rLSsrfmIFRKC+9ufsWlahttzW3D5ksCgYEAu0SLIqTmLfcwmIEngU044o5OZw7QtHaDJmNEv5n4cKXJHmCa3mK+IIIb7f3YIw4nyRQVKjbppAM1bLKT5RpqvHCxVIwjGbvhJ7l7QlBXmcx6x9n18ZPFdA8exUwm56sgixlrfUIHUMH1TFbGSFqIm5bAJwjFwqz3gXzSVU0rTF0CgYAjrCiCYGFzcooTZG84UTJBuYI9kzOFdIR+awqgRQM28TYDBI/JhXK++W9DN8NP6xMDVDwL9A9HDxHbrxhfV9VuWAblOWtYKoL9pN2JKYcCAb3KOUcUgHEPZfPYtRjIdTtlMMEdBZeXGK+5zkvwdaABCyVCF2g1fr//fafzlFwrYQKBgHtJcvhJ66hTVtDwJpv/xPWSjpdWr5w/cbRyIi6qJV+0JaY0H4FNLLKmNdEHD6Z0iUjeSdjS8hqiaie3oZpxO9f3sSdiYzFr+Z13hWhxEFsWvbaZDkwO5y2zTqTBr9NRXEl3YMbEE6DdMKsjbcLwp4MXSkXohpnV2dSL4sV52omZAoGAFY1w9JGkTwJ0rG/R+Yx3qcRhoHY7YA2PMSYIyB9E5d923L6bi1GRSwhNLO+lW0eWA8ekHiQLnqDmNJl708oJBGUwo/Zr7U9jowsqQIaSE8VgU6dfdhbScMI5vpmSrlQRyV0UveLvCsEAx/Rvl4y+dQneaEoNqEKSd7Hml2tjx7g=" - ], - "keyUse": [ - "SIG" - ], - "certificate": [ - "MIICnzCCAYcCBgGO+25VozANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDDAhiYWVsZHVuZzAeFw0yNDA0MjAxMjEzMTVaFw0zNDA0MjAxMjE0NTVaMBMxETAPBgNVBAMMCGJhZWxkdW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp0WHWge6QpqVZfKr2kg1esRlHsSZfcGX8uu2pyB2NsXPjuaE0HqEN+OMsQsRR/rjbQkpPYG9sGur0nqNXhV/ErHIlMCmV2Hx8RoLWkVvpqrhnKH+0cBwm8dS83ZN0u5Q4xF1i6a/6FdZx0W45UrE/MZzlqB58I/EyaqZ4H6Id8MXp7W2Fuzw+Q2cKc1MxKx6MzhLJZShIXt8PTjueX5rRfYerdPbixq0E1vWA9Xcatt2mn/xIMo8illBk7fSPvzYv7YKsLtg1Cn43fU/mi63oBckb55D1uYzs2SgnzvRUX8eR6ndq/7CvZaGO3e3WN6FbowpE+wAbMZoXjlKRiHtPwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQB091NLrtrT+JSmLfyv+LvFIPIaOu07kWHbueqjKbOinQ2ouBfMnOA9Ojm/17w8CIt/h6VIBzoi3H9Huq15dnGoiIcQIzvAiq8XSewnVfnyvFeq830LVAiTEEDRQLqKVT1PiRZEj64XGyRM3lX0Xp+CXG8z3Qc4OVFrHdb/nUIbfDAmxsWRymTm5p2E5GTJPlr/gON/AHPAHIzmgk5HD9PqBPpMQRHN9/y8vkeIPh9gEj8oUYsM6MPEKrbQIDBqnr8UaxPaMtJF+cjg36VB0SJ9c1w0DBWeND/UNFq47aNWMSND5O9qX0eJxVTqxFAFia0V2WUZk17Pd6pzLKkZQb94" - ], - "priority": [ - "100" - ] - } - }, - { - "id": "fa8ee6a3-d95e-4ec9-856a-0962208b6bcc", - "name": "rsa-enc-generated", - "providerId": "rsa-enc-generated", - "subComponents": {}, - "config": { - "privateKey": [ - "MIIEowIBAAKCAQEAsZNPlXoVvt4RsbkFu3giJB3W3qDxEGsAIvOQqLFKP4o1oFJY4L4K5ljUbGABMiq0fQEVTj1mAZAwqJ/J+mnv5OhkUfTDpAt0LactZRPqz7RyfRwmSTL3r/kCtFZn5WQZA//Z6q3zdm7ARxH3Dq9+cMARIe1k7dblWlX+8A5Qk8Ka9Ie6SfwqlTsv4EMTmIhUjj/UyEAWLhSLrk/gA3PQyw/OUEWJTM946AWmPcMtWJRFDbMsj00G1sgrmRuIa0zmXpLj+Zr1Kby9GBU/x60EKtONtXiX8IvIKFm8mKI40q8va6jI71wqUB7OtDZ1a+iF1h8TJ+X5Q2ARPo0li3iEUQIDAQABAoIBADhe57ovZdzP+TT+Y9P12Hy3nkDRPYV1OjdeM5NhqIzQLqLk0UMTATnLhC+dMHQA+4fdQqqyMgIYCGJXS1J7s8Rqg4JC3aJjYm+lrPLz5iwmf9u4hmzhSaCqv1GJRnUbGBfdbguiSfHUSaSmDtQyIMThK+8lwc8A05EgUIxbNvgYnEOEdavlyCq4HdMiDPSjpdHSdC8NpaQkAVULB3QXofm5SQm4ioED/trVjHyjl80i9ysDKSPPzqpye4lFCqmclni1U78V2w4E/uVOG8+MczZkS4otPG99QoELGuqLaVmq9rAx624owUAY3r7ecCL2lSHyjzJwBkrBFLenlSI4A6sCgYEA7tPcbOYPt2a7ih1nase6aC5rwTk62lpe9cuNpVCRmKKlX9glLLcFjNz+75LSyj4TXvg52vcZv3JmsULUeE30rPVr9hgIeuEnsPCc4HLJ40aVaEyhVVwg5ofy3++/8Ys0PR2blZ674/jFgxbB537t81QxQd5WtD9Zh+w7Tiiw40sCgYEAvlf4qvjKW6kaOpmIe4S7wWY9/FhbgHq3sKLltfzOGY0GTWGFZtJ7uzgDvOkEVAIyopEDKfkBL3Sok5ic8MpQOARCa1HXjm8+dtQ1SkNxDsGC//DpouHefkvwUNeKYPV2n4CckirUMmvSqWz4oWAA5u0C2eg0pwvlavMpRKN1mVMCgYB7Klt09biJNrvk4IEi+lnRvI7pmSAW16A9Vnp4FPLhKo/qu8eAJesA2D/JQYjfr9/BjHYZzHFE4DTBmduFJ37Va8P/qClHZbJYd94PimM/iHkozsws/1QgT2AbyMLOSKHqGsjQAoqXaQZDMotRXY5NfM/iTk2cq0b66AM1rZp7vQKBgQCpBc1XZV2sT1lvN+8uYAuqDXR1pLB8QnzjaYO6Oyd5IPW7uSGQ0M/2zCLlmbWyM9Fq8oJwvyECVwFrL1YNrFnXpFCmpCJZ5Qb+1ioMLB81DzmYtQGDFjdQx3Y7E2tZ9h7EPJzMXyPXMk/7Cz0tb+bdKRIjFkPLIpEyi4LV5KEE6QKBgF7Hs1jnR+/3wVK2NG+Ek5bOwOn7wNtwpfhHpj+Auwk7B9mzoor01L6UTw+LDMtQoohfqOJhM1xZcn2MJdhZhkWvSpavEyuY886A8RVtL44rh/kCHy/M4d9AQoiSz5mIYOdiiskbepG+jaIoweUvWxLmcWLWgV3H8syyqJR/vf30" - ], - "keyUse": [ - "ENC" - ], - "certificate": [ - "MIICnzCCAYcCBgGO+25WEDANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDDAhiYWVsZHVuZzAeFw0yNDA0MjAxMjEzMTZaFw0zNDA0MjAxMjE0NTZaMBMxETAPBgNVBAMMCGJhZWxkdW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsZNPlXoVvt4RsbkFu3giJB3W3qDxEGsAIvOQqLFKP4o1oFJY4L4K5ljUbGABMiq0fQEVTj1mAZAwqJ/J+mnv5OhkUfTDpAt0LactZRPqz7RyfRwmSTL3r/kCtFZn5WQZA//Z6q3zdm7ARxH3Dq9+cMARIe1k7dblWlX+8A5Qk8Ka9Ie6SfwqlTsv4EMTmIhUjj/UyEAWLhSLrk/gA3PQyw/OUEWJTM946AWmPcMtWJRFDbMsj00G1sgrmRuIa0zmXpLj+Zr1Kby9GBU/x60EKtONtXiX8IvIKFm8mKI40q8va6jI71wqUB7OtDZ1a+iF1h8TJ+X5Q2ARPo0li3iEUQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCT9Jua67qgsClibdgvEfX3BKLl+JXVbFjyYKfBhP85DIk/tzfeYi1UZilWGPWlnprhp5GnwZXPeqVsLCNM+ypdYN8RGBs6K48wVQoetf92GPh9eCQMq2FSAVKShsgkolKifyuZo8oQu6Na92V5EsjUV7hEB4G3jXOisrO/MjN+Ja9eRXru1L2n7bOrKtYRlYeNI8CZvc63jRPkq1fRutcmpqMRPDjMYuM9wUvkZwewqo8WSf51DDKBah5W83XLbTp5jX0bH1NZc3BNHnNerR3iMGPSa6rcKPsC3lL1mZluNVhQExyli1S1f7QmUc1BYxr3zi2uVCKkci5gRenDywws" - ], - "priority": [ - "100" - ], - "algorithm": [ - "RSA-OAEP" - ] - } - }, - { - "id": "0866f9d1-3c22-432c-95d4-65378e739b89", - "name": "hmac-generated-hs512", - "providerId": "hmac-generated", - "subComponents": {}, - "config": { - "kid": [ - "749eb77a-a3d7-45b2-bc40-3bf80faf2fc7" - ], - "secret": [ - "YmaVXh3blZqVaqpgeLyGI5JUzV8Vc41XFb7RcUaChNmAN-f61pqz7nE6edgQj_NS-TVVsvlq9qouKcd-5_oGugmvCXZ-Dp5gzcKe4EA-voOEV4pvJ7VXRWuH6QBDCaXyDiknEVtIx20ycjC4F8Ch10_n8so87mwMuVA6zD8Y-oM" - ], - "priority": [ - "100" - ], - "algorithm": [ - "HS512" - ] - } - } - ] - }, - "internationalizationEnabled": false, - "supportedLocales": [], - "authenticationFlows": [ - { - "id": "92fc572a-6443-4d62-989d-dc6147aed6a6", - "alias": "Account verification options", - "description": "Method with which to verity the existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-email-verification", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false - } - ] - }, - { - "id": "17dce980-92a5-4dab-84b6-29f0ffe91e2f", - "alias": "Browser - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "9fdb023c-7959-4e7c-b745-d0bcfc6e1f87", - "alias": "Direct Grant - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "direct-grant-validate-otp", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "336dbe24-c5ec-44c0-bf56-1b811b451fdf", - "alias": "First broker login - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "3a87da1e-2fdf-4d15-8c93-8e8d69fc2774", - "alias": "Handle Existing Account", - "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-confirm-link", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "Account verification options", - "userSetupAllowed": false - } - ] - }, - { - "id": "77bd3109-c34e-4165-b9f7-cb6d19aa7fe3", - "alias": "Reset - Conditional OTP", - "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "reset-otp", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "ee4b2165-c1be-43ca-96c8-b2302d78b38a", - "alias": "User creation or linking", - "description": "Flow for the existing/non-existing user alternatives", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "create unique user config", - "authenticator": "idp-create-user-if-unique", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "Handle Existing Account", - "userSetupAllowed": false - } - ] - }, - { - "id": "0116eec2-8a17-4de9-b75f-caa26e52bdf0", - "alias": "Verify Existing Account by Re-authentication", - "description": "Reauthentication of existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false - } - ] - }, - { - "id": "de8794bd-3ad0-42e9-861f-85fcb6cb1db6", - "alias": "browser", - "description": "browser based authentication", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-cookie", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "identity-provider-redirector", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 25, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 30, - "autheticatorFlow": true, - "flowAlias": "forms", - "userSetupAllowed": false - } - ] - }, - { - "id": "9f6aa9f1-134b-4efe-84c4-ba9b7f4e8368", - "alias": "clients", - "description": "Base authentication for clients", - "providerId": "client-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "client-secret", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "client-jwt", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "client-secret-jwt", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 30, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "client-x509", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 40, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "692ddf3c-2813-46ef-b364-fcba9d70f5a4", - "alias": "direct grant", - "description": "OpenID Connect Resource Owner Grant", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "direct-grant-validate-username", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "direct-grant-validate-password", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 30, - "autheticatorFlow": true, - "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false - } - ] - }, - { - "id": "257e18b2-be1c-4ab2-8dd7-68a83817ca8a", - "alias": "docker auth", - "description": "Used by Docker clients to authenticate against the IDP", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "docker-http-basic-authenticator", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "fe879ee4-eec5-4034-9b78-82636f614123", - "alias": "first broker login", - "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "review profile config", - "authenticator": "idp-review-profile", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "User creation or linking", - "userSetupAllowed": false - } - ] - }, - { - "id": "2e6f09af-a3f6-415a-8d38-dfc1708e82ff", - "alias": "forms", - "description": "Username, password, otp and other auth forms.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false - } - ] - }, - { - "id": "cac2a81c-7933-4e1c-a91b-1a5e4d8ba873", - "alias": "registration", - "description": "registration flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-page-form", - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": true, - "flowAlias": "registration form", - "userSetupAllowed": false - } - ] - }, - { - "id": "76b893b1-6b16-4e7c-a945-b86b63c983fb", - "alias": "registration form", - "description": "registration form", - "providerId": "form-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-user-creation", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "registration-password-action", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 50, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "registration-recaptcha-action", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 60, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "registration-terms-and-conditions", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 70, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "8c1ba21b-218d-406d-a936-c935f41e7bef", - "alias": "reset credentials", - "description": "Reset credentials for a user if they forgot their password or something", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "reset-credentials-choose-user", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "reset-credential-email", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "reset-password", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 30, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 40, - "autheticatorFlow": true, - "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false - } - ] - }, - { - "id": "6df47204-9532-4b3e-821f-9a5255b9c305", - "alias": "saml ecp", - "description": "SAML ECP Profile Authentication Flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "http-basic-authenticator", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - } - ], - "authenticatorConfig": [ - { - "id": "793b40f2-0912-40f4-b570-a75015fb9eb0", - "alias": "create unique user config", - "config": { - "require.password.update.after.registration": "false" - } - }, - { - "id": "3ff115f7-7108-4b17-8868-1d390ec3a480", - "alias": "review profile config", - "config": { - "update.profile.on.first.login": "missing" - } - } - ], - "requiredActions": [ - { - "alias": "CONFIGURE_TOTP", - "name": "Configure OTP", - "providerId": "CONFIGURE_TOTP", - "enabled": true, - "defaultAction": false, - "priority": 10, - "config": {} - }, - { - "alias": "TERMS_AND_CONDITIONS", - "name": "Terms and Conditions", - "providerId": "TERMS_AND_CONDITIONS", - "enabled": false, - "defaultAction": false, - "priority": 20, - "config": {} - }, - { - "alias": "UPDATE_PASSWORD", - "name": "Update Password", - "providerId": "UPDATE_PASSWORD", - "enabled": true, - "defaultAction": false, - "priority": 30, - "config": {} - }, - { - "alias": "UPDATE_PROFILE", - "name": "Update Profile", - "providerId": "UPDATE_PROFILE", - "enabled": true, - "defaultAction": false, - "priority": 40, - "config": {} - }, - { - "alias": "VERIFY_EMAIL", - "name": "Verify Email", - "providerId": "VERIFY_EMAIL", - "enabled": true, - "defaultAction": false, - "priority": 50, - "config": {} - }, - { - "alias": "delete_account", - "name": "Delete Account", - "providerId": "delete_account", - "enabled": false, - "defaultAction": false, - "priority": 60, - "config": {} - }, - { - "alias": "webauthn-register", - "name": "Webauthn Register", - "providerId": "webauthn-register", - "enabled": true, - "defaultAction": false, - "priority": 70, - "config": {} - }, - { - "alias": "webauthn-register-passwordless", - "name": "Webauthn Register Passwordless", - "providerId": "webauthn-register-passwordless", - "enabled": true, - "defaultAction": false, - "priority": 80, - "config": {} - }, - { - "alias": "VERIFY_PROFILE", - "name": "Verify Profile", - "providerId": "VERIFY_PROFILE", - "enabled": true, - "defaultAction": false, - "priority": 90, - "config": {} - }, - { - "alias": "update_user_locale", - "name": "Update User Locale", - "providerId": "update_user_locale", - "enabled": true, - "defaultAction": false, - "priority": 1000, - "config": {} - } - ], - "browserFlow": "browser", - "registrationFlow": "registration", - "directGrantFlow": "direct grant", - "resetCredentialsFlow": "reset credentials", - "clientAuthenticationFlow": "clients", - "dockerAuthenticationFlow": "docker auth", - "firstBrokerLoginFlow": "first broker login", - "attributes": { - "cibaBackchannelTokenDeliveryMode": "poll", - "cibaAuthRequestedUserHint": "login_hint", - "oauth2DevicePollingInterval": "5", - "clientOfflineSessionMaxLifespan": "0", - "clientSessionIdleTimeout": "0", - "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5", - "realmReusableOtpCode": "false", - "cibaExpiresIn": "120", - "oauth2DeviceCodeLifespan": "600", - "parRequestUriLifespan": "60", - "clientSessionMaxLifespan": "0", - "adminEventsExpiration": "900" - }, - "keycloakVersion": "24.0.0", - "userManagedAccessAllowed": false, - "clientProfiles": { - "profiles": [] - }, - "clientPolicies": { - "policies": [] - } + "id": "7a046c8d-77b1-4851-b4a9-e3a25a17e431", + "realm": "baeldung", + "notBefore": 0, + "defaultSignatureAlgorithm": "RS256", + "revokeRefreshToken": false, + "refreshTokenMaxReuse": 0, + "accessTokenLifespan": 300, + "accessTokenLifespanForImplicitFlow": 900, + "ssoSessionIdleTimeout": 1800, + "ssoSessionMaxLifespan": 36000, + "ssoSessionIdleTimeoutRememberMe": 0, + "ssoSessionMaxLifespanRememberMe": 0, + "offlineSessionIdleTimeout": 2592000, + "offlineSessionMaxLifespanEnabled": false, + "offlineSessionMaxLifespan": 5184000, + "clientSessionIdleTimeout": 0, + "clientSessionMaxLifespan": 0, + "clientOfflineSessionIdleTimeout": 0, + "clientOfflineSessionMaxLifespan": 0, + "accessCodeLifespan": 60, + "accessCodeLifespanUserAction": 300, + "accessCodeLifespanLogin": 1800, + "actionTokenGeneratedByAdminLifespan": 43200, + "actionTokenGeneratedByUserLifespan": 300, + "oauth2DeviceCodeLifespan": 600, + "oauth2DevicePollingInterval": 5, + "enabled": true, + "sslRequired": "external", + "registrationAllowed": false, + "registrationEmailAsUsername": false, + "rememberMe": false, + "verifyEmail": false, + "loginWithEmailAllowed": true, + "duplicateEmailsAllowed": false, + "resetPasswordAllowed": false, + "editUsernameAllowed": false, + "bruteForceProtected": false, + "permanentLockout": false, + "maxTemporaryLockouts": 0, + "maxFailureWaitSeconds": 900, + "minimumQuickLoginWaitSeconds": 60, + "waitIncrementSeconds": 60, + "quickLoginCheckMilliSeconds": 1000, + "maxDeltaTimeSeconds": 43200, + "failureFactor": 30, + "roles": { + "realm": [ + { + "id": "4ad869c1-56f3-45fd-b345-f107f2834de1", + "name": "AUTHORIZED_PERSONNEL", + "description": "", + "composite": false, + "clientRole": false, + "containerId": "7a046c8d-77b1-4851-b4a9-e3a25a17e431", + "attributes": {} + }, + { + "id": "bfdf00fe-5111-404b-858c-50dcb8a63e61", + "name": "default-roles-baeldung", + "description": "${role_default-roles}", + "composite": true, + "composites": { + "realm": [ + "offline_access", + "uma_authorization" + ], + "client": { + "account": [ + "view-profile", + "manage-account" + ] + } + }, + "clientRole": false, + "containerId": "7a046c8d-77b1-4851-b4a9-e3a25a17e431", + "attributes": {} + }, + { + "id": "96fbbf77-c81e-472b-bb2e-184713dfffde", + "name": "uma_authorization", + "description": "${role_uma_authorization}", + "composite": false, + "clientRole": false, + "containerId": "7a046c8d-77b1-4851-b4a9-e3a25a17e431", + "attributes": {} + }, + { + "id": "cec72467-237c-4ae9-ae1d-ca84ff51b404", + "name": "offline_access", + "description": "${role_offline-access}", + "composite": false, + "clientRole": false, + "containerId": "7a046c8d-77b1-4851-b4a9-e3a25a17e431", + "attributes": {} + } + ], + "client": { + "realm-management": [ + { + "id": "955d707a-3baa-4462-a53c-83ff73b30a12", + "name": "view-realm", + "description": "${role_view-realm}", + "composite": false, + "clientRole": true, + "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes": {} + }, + { + "id": "81cbcb10-8e84-431e-8da8-07219be8d93d", + "name": "view-clients", + "description": "${role_view-clients}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "query-clients" + ] + } + }, + "clientRole": true, + "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes": {} + }, + { + "id": "fa1adc6d-7b86-4dc6-a120-57eee9a4fe93", + "name": "create-client", + "description": "${role_create-client}", + "composite": false, + "clientRole": true, + "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes": {} + }, + { + "id": "be5a19cb-fa00-486a-abfa-eb0dc86680fb", + "name": "view-users", + "description": "${role_view-users}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "query-users", + "query-groups" + ] + } + }, + "clientRole": true, + "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes": {} + }, + { + "id": "d76de5c9-10f2-4b68-9850-a16d9b2dd35a", + "name": "manage-identity-providers", + "description": "${role_manage-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes": {} + }, + { + "id": "6339f747-4f89-4e67-9c77-420524135d96", + "name": "manage-authorization", + "description": "${role_manage-authorization}", + "composite": false, + "clientRole": true, + "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes": {} + }, + { + "id": "c9d5af42-6742-49cf-bd01-a730f4c3cc2e", + "name": "impersonation", + "description": "${role_impersonation}", + "composite": false, + "clientRole": true, + "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes": {} + }, + { + "id": "56dccfed-9379-4cfb-a720-b9b9e1745048", + "name": "view-identity-providers", + "description": "${role_view-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes": {} + }, + { + "id": "e10c568f-c50f-4ee4-88cf-43f0c4a1dc2c", + "name": "manage-realm", + "description": "${role_manage-realm}", + "composite": false, + "clientRole": true, + "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes": {} + }, + { + "id": "d12dcfc2-b649-4c11-ac55-41d6ab10f5c6", + "name": "query-users", + "description": "${role_query-users}", + "composite": false, + "clientRole": true, + "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes": {} + }, + { + "id": "57977d45-f810-400a-81ca-63a9bdddd3b9", + "name": "query-realms", + "description": "${role_query-realms}", + "composite": false, + "clientRole": true, + "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes": {} + }, + { + "id": "e14dfabc-3f03-42cf-a716-5261b7002914", + "name": "query-groups", + "description": "${role_query-groups}", + "composite": false, + "clientRole": true, + "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes": {} + }, + { + "id": "800d272c-1327-485c-9d2f-576f3d9a0178", + "name": "view-authorization", + "description": "${role_view-authorization}", + "composite": false, + "clientRole": true, + "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes": {} + }, + { + "id": "fdc10176-42c0-4b58-968a-35bfd5dbce20", + "name": "view-events", + "description": "${role_view-events}", + "composite": false, + "clientRole": true, + "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes": {} + }, + { + "id": "23393ccd-3b70-4de8-9e00-0adbb11851ce", + "name": "manage-users", + "description": "${role_manage-users}", + "composite": false, + "clientRole": true, + "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes": {} + }, + { + "id": "01a3847f-7602-400d-bedd-7545618559f3", + "name": "manage-clients", + "description": "${role_manage-clients}", + "composite": false, + "clientRole": true, + "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes": {} + }, + { + "id": "7d8ac9c4-6d1b-4861-a0b9-0479cbd55b14", + "name": "query-clients", + "description": "${role_query-clients}", + "composite": false, + "clientRole": true, + "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes": {} + }, + { + "id": "788677b0-3fbf-457d-8b62-25f305b86bcf", + "name": "manage-events", + "description": "${role_manage-events}", + "composite": false, + "clientRole": true, + "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes": {} + }, + { + "id": "642d82d5-1071-47a9-aca9-d0fbd28d0328", + "name": "realm-admin", + "description": "${role_realm-admin}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "view-realm", + "view-clients", + "create-client", + "view-users", + "manage-identity-providers", + "manage-authorization", + "impersonation", + "view-identity-providers", + "manage-realm", + "query-users", + "query-realms", + "view-authorization", + "query-groups", + "view-events", + "manage-users", + "manage-clients", + "query-clients", + "manage-events" + ] + } + }, + "clientRole": true, + "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes": {} + } + ], + "security-admin-console": [], + "admin-cli": [], + "baeldung-confidential": [], + "account-console": [], + "broker": [ + { + "id": "9043c535-f6d3-44dc-8c48-d3983e04a93b", + "name": "read-token", + "description": "${role_read-token}", + "composite": false, + "clientRole": true, + "containerId": "cb2ee74f-fb36-4f21-82bb-4928966ea449", + "attributes": {} + } + ], + "account": [ + { + "id": "4a188a41-39d9-47e6-b8de-6d9b42c7a414", + "name": "view-profile", + "description": "${role_view-profile}", + "composite": false, + "clientRole": true, + "containerId": "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b", + "attributes": {} + }, + { + "id": "da24f251-0c13-4035-84f1-16c5a3301ea6", + "name": "view-consent", + "description": "${role_view-consent}", + "composite": false, + "clientRole": true, + "containerId": "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b", + "attributes": {} + }, + { + "id": "26edbb7d-dd9f-4dd4-a282-a6e886e38302", + "name": "manage-account-links", + "description": "${role_manage-account-links}", + "composite": false, + "clientRole": true, + "containerId": "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b", + "attributes": {} + }, + { + "id": "b2c98d1e-4a85-4e11-901d-0207e9793acf", + "name": "manage-consent", + "description": "${role_manage-consent}", + "composite": true, + "composites": { + "client": { + "account": [ + "view-consent" + ] + } + }, + "clientRole": true, + "containerId": "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b", + "attributes": {} + }, + { + "id": "f244eb36-cf20-4e96-8233-fee1ee8da72e", + "name": "manage-account", + "description": "${role_manage-account}", + "composite": true, + "composites": { + "client": { + "account": [ + "manage-account-links" + ] + } + }, + "clientRole": true, + "containerId": "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b", + "attributes": {} + }, + { + "id": "a5ca4c2f-d8ad-4c8c-bfd4-1173dd7c1338", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b", + "attributes": {} + }, + { + "id": "83f4a43c-07cd-43d5-af99-7825ea603ca9", + "name": "view-applications", + "description": "${role_view-applications}", + "composite": false, + "clientRole": true, + "containerId": "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b", + "attributes": {} + }, + { + "id": "18642f4e-1e2a-4023-9947-7a425d8ed76e", + "name": "delete-account", + "description": "${role_delete-account}", + "composite": false, + "clientRole": true, + "containerId": "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b", + "attributes": {} + } + ] + } + }, + "groups": [], + "defaultRole": { + "id": "bfdf00fe-5111-404b-858c-50dcb8a63e61", + "name": "default-roles-baeldung", + "description": "${role_default-roles}", + "composite": true, + "clientRole": false, + "containerId": "7a046c8d-77b1-4851-b4a9-e3a25a17e431" + }, + "requiredCredentials": [ + "password" + ], + "otpPolicyType": "totp", + "otpPolicyAlgorithm": "HmacSHA1", + "otpPolicyInitialCounter": 0, + "otpPolicyDigits": 6, + "otpPolicyLookAheadWindow": 1, + "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, + "otpSupportedApplications": [ + "totpAppFreeOTPName", + "totpAppGoogleName", + "totpAppMicrosoftAuthenticatorName" + ], + "localizationTexts": {}, + "webAuthnPolicyRpEntityName": "keycloak", + "webAuthnPolicySignatureAlgorithms": [ + "ES256" + ], + "webAuthnPolicyRpId": "", + "webAuthnPolicyAttestationConveyancePreference": "not specified", + "webAuthnPolicyAuthenticatorAttachment": "not specified", + "webAuthnPolicyRequireResidentKey": "not specified", + "webAuthnPolicyUserVerificationRequirement": "not specified", + "webAuthnPolicyCreateTimeout": 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyAcceptableAaguids": [], + "webAuthnPolicyExtraOrigins": [], + "webAuthnPolicyPasswordlessRpEntityName": "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms": [ + "ES256" + ], + "webAuthnPolicyPasswordlessRpId": "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", + "webAuthnPolicyPasswordlessCreateTimeout": 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyPasswordlessAcceptableAaguids": [], + "webAuthnPolicyPasswordlessExtraOrigins": [], + "scopeMappings": [ + { + "clientScope": "offline_access", + "roles": [ + "offline_access" + ] + } + ], + "clientScopeMappings": { + "account": [ + { + "client": "account-console", + "roles": [ + "manage-account", + "view-groups" + ] + } + ] + }, + "clients": [ + { + "id": "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b", + "clientId": "account", + "name": "${client_account}", + "rootUrl": "${authBaseUrl}", + "baseUrl": "/realms/baeldung/account/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "/realms/baeldung/account/*" + ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "4beaa749-404c-4a6a-9b04-72df4f9066a4", + "clientId": "account-console", + "name": "${client_account-console}", + "rootUrl": "${authBaseUrl}", + "baseUrl": "/realms/baeldung/account/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "/realms/baeldung/account/*" + ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+", + "pkce.code.challenge.method": "S256" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "84f0fe2c-8381-4cd1-afa7-508c5cd6c83c", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": {} + } + ], + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "d2a180a9-6ed6-42fd-a476-2ba0948cae8f", + "clientId": "admin-cli", + "name": "${client_admin-cli}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "3172d7e0-ac9f-4728-ba8c-e1d35c6e14a4", + "clientId": "baeldung-confidential", + "name": "", + "description": "", + "rootUrl": "", + "adminUrl": "", + "baseUrl": "", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "secret", + "redirectUris": [ + "https://oauth.pstmn.io/v1/callback", + "http://localhost:8080/*", + "https://localhost:8080/*", + "http://localhost:8081/*", + "https://localhost:8081/*", + "http://localhost:8082/*", + "https://localhost:8082/*" + ], + "webOrigins": [ + "+" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": true, + "protocol": "openid-connect", + "attributes": { + "oidc.ciba.grant.enabled": "false", + "client.secret.creation.time": "1713615347", + "backchannel.logout.session.required": "true", + "post.logout.redirect.uris": "+", + "oauth2.device.authorization.grant.enabled": "false", + "backchannel.logout.revoke.offline.tokens": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "cb2ee74f-fb36-4f21-82bb-4928966ea449", + "clientId": "broker", + "name": "${client_broker}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "4720b673-8d8b-4709-b695-88d6c17e8edf", + "clientId": "realm-management", + "name": "${client_realm-management}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "8c99b1f8-439f-4c01-ac62-bf4b852a3585", + "clientId": "security-admin-console", + "name": "${client_security-admin-console}", + "rootUrl": "${authAdminUrl}", + "baseUrl": "/admin/baeldung/console/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "/admin/baeldung/console/*" + ], + "webOrigins": [ + "+" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+", + "pkce.code.challenge.method": "S256" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "4a39a186-0bc6-46c8-9605-940ab6af0ec4", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + } + ], + "clientScopes": [ + { + "id": "98fd7e67-c4fc-4e6a-bb9c-6e27d99bbbb2", + "name": "phone", + "description": "OpenID Connect built-in scope: phone", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${phoneScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "1cdb5d11-fcc5-48ee-9acc-b8d980b607a5", + "name": "phone number", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "phoneNumber", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number", + "jsonType.label": "String" + } + }, + { + "id": "f3258684-171e-47f9-a9d0-96434e91ee6a", + "name": "phone number verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "phoneNumberVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number_verified", + "jsonType.label": "boolean" + } + } + ] + }, + { + "id": "20843100-3f9b-4c50-8dc6-86e6d64fbc3d", + "name": "role_list", + "description": "SAML role list", + "protocol": "saml", + "attributes": { + "consent.screen.text": "${samlRoleListScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "fabf3bec-72b8-4035-84a7-f368417446ef", + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", + "consentRequired": false, + "config": { + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" + } + } + ] + }, + { + "id": "3a0949bd-8a64-44b3-8f21-0b8c41cf44d8", + "name": "address", + "description": "OpenID Connect built-in scope: address", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${addressScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "38838b81-804d-47d1-9aad-92d5107b1653", + "name": "address", + "protocol": "openid-connect", + "protocolMapper": "oidc-address-mapper", + "consentRequired": false, + "config": { + "user.attribute.formatted": "formatted", + "user.attribute.country": "country", + "introspection.token.claim": "true", + "user.attribute.postal_code": "postal_code", + "userinfo.token.claim": "true", + "user.attribute.street": "street", + "id.token.claim": "true", + "user.attribute.region": "region", + "access.token.claim": "true", + "user.attribute.locality": "locality" + } + } + ] + }, + { + "id": "4bc0f7a9-7009-48f4-aeee-198c705d4e90", + "name": "profile", + "description": "OpenID Connect built-in scope: profile", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${profileScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "ed2fc2c9-d27e-4d2c-b877-4bc817fd54bf", + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String" + } + }, + { + "id": "c1278964-7ee9-4619-a8a4-461ef8fce69b", + "name": "nickname", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "nickname", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "nickname", + "jsonType.label": "String" + } + }, + { + "id": "bf7b6bfb-0c2a-4826-8ee2-52cc409534f2", + "name": "picture", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "picture", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "picture", + "jsonType.label": "String" + } + }, + { + "id": "85bdea58-50c5-4d63-952d-ab0e1e861244", + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" + } + }, + { + "id": "c945557c-e480-4f09-b9fa-62c05a26cb05", + "name": "updated at", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "updatedAt", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "updated_at", + "jsonType.label": "long" + } + }, + { + "id": "184fc94a-c750-4bc0-be3f-0501365bc1fd", + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "introspection.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + }, + { + "id": "40162254-ac26-4b36-a5d5-538d33612c80", + "name": "zoneinfo", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "zoneinfo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "zoneinfo", + "jsonType.label": "String" + } + }, + { + "id": "a85df9ca-5a7f-4035-96a1-bd55dcdbe5be", + "name": "gender", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "gender", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "gender", + "jsonType.label": "String" + } + }, + { + "id": "8d02d6e1-89b1-4777-8ce6-5bc6a1fb9f30", + "name": "middle name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "middleName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "middle_name", + "jsonType.label": "String" + } + }, + { + "id": "bf65a00b-5112-4bd4-b540-de0fa4912c65", + "name": "website", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "website", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "website", + "jsonType.label": "String" + } + }, + { + "id": "5eddbe1e-e274-4543-8606-a8fd3d5f793b", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + }, + { + "id": "54300fc6-0c26-42e0-89bb-844955488008", + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" + } + }, + { + "id": "89ccaf97-a0a8-4221-9174-17a7e475ebc7", + "name": "birthdate", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "birthdate", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "birthdate", + "jsonType.label": "String" + } + }, + { + "id": "58e90cb8-25c5-4e81-a5ed-a9de481fab17", + "name": "profile", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "profile", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "profile", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "2d434173-8b6e-4959-ad8f-c7185bc9b433", + "name": "email", + "description": "OpenID Connect built-in scope: email", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${emailScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "84dad65d-8413-44c0-95f4-f3d64035e7b6", + "name": "email verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "emailVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email_verified", + "jsonType.label": "boolean" + } + }, + { + "id": "89ac6a7f-9435-41ed-83eb-34a366429a6f", + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "51307312-9b48-4ae9-ad92-7cbc0ff4c6c3", + "name": "web-origins", + "description": "OpenID Connect scope for add allowed web origins to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false", + "consent.screen.text": "" + }, + "protocolMappers": [ + { + "id": "6f6d1690-df96-4774-ae4a-2d349461f02a", + "name": "allowed web origins", + "protocol": "openid-connect", + "protocolMapper": "oidc-allowed-origins-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, + { + "id": "3bec9041-170c-4c6d-a35e-be7a51442aef", + "name": "microprofile-jwt", + "description": "Microprofile - JWT built-in scope", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "52e647ff-3bb4-47ee-b67d-0cd24bb66c5b", + "name": "groups", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "multivalued": "true", + "user.attribute": "foo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "groups", + "jsonType.label": "String" + } + }, + { + "id": "027afd1d-3d34-49df-bf43-00adddfec15a", + "name": "upn", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "upn", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "159dc3dc-a659-4cb8-9271-809834a42d8e", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "5dbfb5d7-c181-4e47-85e8-13ad0610c43b", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "introspection.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, + { + "id": "46c52714-3bb6-4db9-a360-0839703c1f8e", + "name": "roles", + "description": "OpenID Connect scope for add user roles to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "true", + "consent.screen.text": "${rolesScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "0b274bf6-89f0-4d3c-a635-eb3943d062ee", + "name": "realm roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "multivalued": "true", + "user.attribute": "foo", + "access.token.claim": "true", + "claim.name": "realm_access.roles", + "jsonType.label": "String" + } + }, + { + "id": "e70cd96f-6d15-4c46-978a-359f1832b7c2", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "access.token.claim": "true" + } + }, + { + "id": "6a19a6ab-4035-4c43-b9e5-253339bb491b", + "name": "client roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-client-role-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "multivalued": "true", + "user.attribute": "foo", + "access.token.claim": "true", + "claim.name": "resource_access.${client_id}.roles", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "4d1dfa4a-c1cc-45ad-ade5-7ac2fabfc5d3", + "name": "offline_access", + "description": "OpenID Connect built-in scope: offline_access", + "protocol": "openid-connect", + "attributes": { + "consent.screen.text": "${offlineAccessScopeConsentText}", + "display.on.consent.screen": "true" + } + } + ], + "defaultDefaultClientScopes": [ + "role_list", + "profile", + "email", + "roles", + "web-origins", + "acr" + ], + "defaultOptionalClientScopes": [ + "offline_access", + "address", + "phone", + "microprofile-jwt" + ], + "browserSecurityHeaders": { + "contentSecurityPolicyReportOnly": "", + "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", + "xRobotsTag": "none", + "xFrameOptions": "SAMEORIGIN", + "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "xXSSProtection": "1; mode=block", + "strictTransportSecurity": "max-age=31536000; includeSubDomains" + }, + "smtpServer": {}, + "eventsEnabled": true, + "eventsExpiration": 900, + "eventsListeners": [ + "jboss-logging" + ], + "enabledEventTypes": [ + "SEND_RESET_PASSWORD", + "UPDATE_CONSENT_ERROR", + "GRANT_CONSENT", + "VERIFY_PROFILE_ERROR", + "REMOVE_TOTP", + "REVOKE_GRANT", + "UPDATE_TOTP", + "LOGIN_ERROR", + "CLIENT_LOGIN", + "RESET_PASSWORD_ERROR", + "IMPERSONATE_ERROR", + "CODE_TO_TOKEN_ERROR", + "CUSTOM_REQUIRED_ACTION", + "OAUTH2_DEVICE_CODE_TO_TOKEN_ERROR", + "RESTART_AUTHENTICATION", + "IMPERSONATE", + "UPDATE_PROFILE_ERROR", + "LOGIN", + "OAUTH2_DEVICE_VERIFY_USER_CODE", + "UPDATE_PASSWORD_ERROR", + "CLIENT_INITIATED_ACCOUNT_LINKING", + "OAUTH2_EXTENSION_GRANT", + "USER_DISABLED_BY_PERMANENT_LOCKOUT", + "TOKEN_EXCHANGE", + "AUTHREQID_TO_TOKEN", + "LOGOUT", + "REGISTER", + "DELETE_ACCOUNT_ERROR", + "CLIENT_REGISTER", + "IDENTITY_PROVIDER_LINK_ACCOUNT", + "USER_DISABLED_BY_TEMPORARY_LOCKOUT", + "DELETE_ACCOUNT", + "UPDATE_PASSWORD", + "CLIENT_DELETE", + "FEDERATED_IDENTITY_LINK_ERROR", + "IDENTITY_PROVIDER_FIRST_LOGIN", + "CLIENT_DELETE_ERROR", + "VERIFY_EMAIL", + "CLIENT_LOGIN_ERROR", + "RESTART_AUTHENTICATION_ERROR", + "EXECUTE_ACTIONS", + "REMOVE_FEDERATED_IDENTITY_ERROR", + "TOKEN_EXCHANGE_ERROR", + "PERMISSION_TOKEN", + "SEND_IDENTITY_PROVIDER_LINK_ERROR", + "EXECUTE_ACTION_TOKEN_ERROR", + "OAUTH2_EXTENSION_GRANT_ERROR", + "SEND_VERIFY_EMAIL", + "OAUTH2_DEVICE_AUTH", + "EXECUTE_ACTIONS_ERROR", + "REMOVE_FEDERATED_IDENTITY", + "OAUTH2_DEVICE_CODE_TO_TOKEN", + "IDENTITY_PROVIDER_POST_LOGIN", + "IDENTITY_PROVIDER_LINK_ACCOUNT_ERROR", + "OAUTH2_DEVICE_VERIFY_USER_CODE_ERROR", + "UPDATE_EMAIL", + "REGISTER_ERROR", + "REVOKE_GRANT_ERROR", + "EXECUTE_ACTION_TOKEN", + "LOGOUT_ERROR", + "UPDATE_EMAIL_ERROR", + "CLIENT_UPDATE_ERROR", + "AUTHREQID_TO_TOKEN_ERROR", + "UPDATE_PROFILE", + "CLIENT_REGISTER_ERROR", + "FEDERATED_IDENTITY_LINK", + "SEND_IDENTITY_PROVIDER_LINK", + "SEND_VERIFY_EMAIL_ERROR", + "RESET_PASSWORD", + "CLIENT_INITIATED_ACCOUNT_LINKING_ERROR", + "OAUTH2_DEVICE_AUTH_ERROR", + "UPDATE_CONSENT", + "REMOVE_TOTP_ERROR", + "VERIFY_EMAIL_ERROR", + "SEND_RESET_PASSWORD_ERROR", + "CLIENT_UPDATE", + "CUSTOM_REQUIRED_ACTION_ERROR", + "IDENTITY_PROVIDER_POST_LOGIN_ERROR", + "UPDATE_TOTP_ERROR", + "CODE_TO_TOKEN", + "VERIFY_PROFILE", + "GRANT_CONSENT_ERROR", + "IDENTITY_PROVIDER_FIRST_LOGIN_ERROR" + ], + "adminEventsEnabled": true, + "adminEventsDetailsEnabled": true, + "identityProviders": [], + "identityProviderMappers": [], + "components": { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ + { + "id": "c07dff7f-77fc-4381-a458-9c56515c5c98", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } + }, + { + "id": "d9662eb8-e8bb-4ae5-a625-c8c616d8967a", + "name": "Consent Required", + "providerId": "consent-required", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "03f2b651-fdea-4a7a-88e8-f169f5a7f892", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "oidc-usermodel-attribute-mapper", + "oidc-usermodel-property-mapper", + "oidc-sha256-pairwise-sub-mapper", + "oidc-full-name-mapper", + "oidc-address-mapper", + "saml-user-attribute-mapper", + "saml-user-property-mapper", + "saml-role-list-mapper" + ] + } + }, + { + "id": "0c7278cb-1e59-407e-9187-fa147ce96f82", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "a3c48cf1-67be-41fb-a852-6efe25560fcf", + "name": "Max Clients Limit", + "providerId": "max-clients", + "subType": "anonymous", + "subComponents": {}, + "config": { + "max-clients": [ + "200" + ] + } + }, + { + "id": "b0f72ad6-c65d-4132-912f-6e5ba9c48466", + "name": "Trusted Hosts", + "providerId": "trusted-hosts", + "subType": "anonymous", + "subComponents": {}, + "config": { + "host-sending-registration-request-must-match": [ + "true" + ], + "client-uris-must-match": [ + "true" + ] + } + }, + { + "id": "717bea7a-bc0a-4d2a-9ea2-cbe670f1833e", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "oidc-full-name-mapper", + "oidc-usermodel-attribute-mapper", + "oidc-usermodel-property-mapper", + "saml-role-list-mapper", + "saml-user-attribute-mapper", + "oidc-sha256-pairwise-sub-mapper", + "oidc-address-mapper", + "saml-user-property-mapper" + ] + } + }, + { + "id": "b1fa36d7-8ef0-4501-a495-215b90bd0699", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } + } + ], + "org.keycloak.keys.KeyProvider": [ + { + "id": "04a18d35-45bd-458d-9bc8-939db56e337d", + "name": "aes-generated", + "providerId": "aes-generated", + "subComponents": {}, + "config": { + "kid": [ + "3eaa2cde-31c2-409e-9e0e-b8f9ecf76704" + ], + "secret": [ + "7BdqNadvG1OQs7Z4qJfvaQ" + ], + "priority": [ + "100" + ] + } + }, + { + "id": "ce00dbf1-1d6d-44da-84c0-1ed88d712801", + "name": "rsa-generated", + "providerId": "rsa-generated", + "subComponents": {}, + "config": { + "privateKey": [ + "MIIEogIBAAKCAQEAp0WHWge6QpqVZfKr2kg1esRlHsSZfcGX8uu2pyB2NsXPjuaE0HqEN+OMsQsRR/rjbQkpPYG9sGur0nqNXhV/ErHIlMCmV2Hx8RoLWkVvpqrhnKH+0cBwm8dS83ZN0u5Q4xF1i6a/6FdZx0W45UrE/MZzlqB58I/EyaqZ4H6Id8MXp7W2Fuzw+Q2cKc1MxKx6MzhLJZShIXt8PTjueX5rRfYerdPbixq0E1vWA9Xcatt2mn/xIMo8illBk7fSPvzYv7YKsLtg1Cn43fU/mi63oBckb55D1uYzs2SgnzvRUX8eR6ndq/7CvZaGO3e3WN6FbowpE+wAbMZoXjlKRiHtPwIDAQABAoIBAAxcY/swNQB1AfNNsotn6KPQ3ZQffSRA6SSnbJD/Ih08EvGBcXEijKDArQXsRnOmQ6YsFiMYclcWLdVY/xdjyUctYiAz+Fbeww1JGmuqU+ziFdgIVJdVfDzWxvd815VtzQZqpOAUC3x08Ap8yYQQOWxgkewgocI4LZelhseDMjx/TIScOmuUWmFRwQ7HUP93OKV1oWC4lMAC4LTnqCqlnsk2L563+Q7T2jXUpznlJ6UoTSpu1Msllh+AxqkvZXvAwbFeYoDksWVUaY+gHAQkihgWMGIEmiBun9TsP4NUkpQuWXq1OHE6KBldaJPP3OProN2Z/gDgXDmKVVEf718m+YkCgYEA5KoroazEAIAjZ1L+t39DYNhv87eDnz/y2lRboD3InMFtE36rBPBIOTGiK3GKaIXh6b8VPOXXA5By2SnERIMfzdusmdknTREbC9Ca/ix5RyE/MqflGjqhcsEu1vWe/L7LYNrmTeOryR8E3rLSsrfmIFRKC+9ufsWlahttzW3D5ksCgYEAu0SLIqTmLfcwmIEngU044o5OZw7QtHaDJmNEv5n4cKXJHmCa3mK+IIIb7f3YIw4nyRQVKjbppAM1bLKT5RpqvHCxVIwjGbvhJ7l7QlBXmcx6x9n18ZPFdA8exUwm56sgixlrfUIHUMH1TFbGSFqIm5bAJwjFwqz3gXzSVU0rTF0CgYAjrCiCYGFzcooTZG84UTJBuYI9kzOFdIR+awqgRQM28TYDBI/JhXK++W9DN8NP6xMDVDwL9A9HDxHbrxhfV9VuWAblOWtYKoL9pN2JKYcCAb3KOUcUgHEPZfPYtRjIdTtlMMEdBZeXGK+5zkvwdaABCyVCF2g1fr//fafzlFwrYQKBgHtJcvhJ66hTVtDwJpv/xPWSjpdWr5w/cbRyIi6qJV+0JaY0H4FNLLKmNdEHD6Z0iUjeSdjS8hqiaie3oZpxO9f3sSdiYzFr+Z13hWhxEFsWvbaZDkwO5y2zTqTBr9NRXEl3YMbEE6DdMKsjbcLwp4MXSkXohpnV2dSL4sV52omZAoGAFY1w9JGkTwJ0rG/R+Yx3qcRhoHY7YA2PMSYIyB9E5d923L6bi1GRSwhNLO+lW0eWA8ekHiQLnqDmNJl708oJBGUwo/Zr7U9jowsqQIaSE8VgU6dfdhbScMI5vpmSrlQRyV0UveLvCsEAx/Rvl4y+dQneaEoNqEKSd7Hml2tjx7g=" + ], + "keyUse": [ + "SIG" + ], + "certificate": [ + "MIICnzCCAYcCBgGO+25VozANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDDAhiYWVsZHVuZzAeFw0yNDA0MjAxMjEzMTVaFw0zNDA0MjAxMjE0NTVaMBMxETAPBgNVBAMMCGJhZWxkdW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp0WHWge6QpqVZfKr2kg1esRlHsSZfcGX8uu2pyB2NsXPjuaE0HqEN+OMsQsRR/rjbQkpPYG9sGur0nqNXhV/ErHIlMCmV2Hx8RoLWkVvpqrhnKH+0cBwm8dS83ZN0u5Q4xF1i6a/6FdZx0W45UrE/MZzlqB58I/EyaqZ4H6Id8MXp7W2Fuzw+Q2cKc1MxKx6MzhLJZShIXt8PTjueX5rRfYerdPbixq0E1vWA9Xcatt2mn/xIMo8illBk7fSPvzYv7YKsLtg1Cn43fU/mi63oBckb55D1uYzs2SgnzvRUX8eR6ndq/7CvZaGO3e3WN6FbowpE+wAbMZoXjlKRiHtPwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQB091NLrtrT+JSmLfyv+LvFIPIaOu07kWHbueqjKbOinQ2ouBfMnOA9Ojm/17w8CIt/h6VIBzoi3H9Huq15dnGoiIcQIzvAiq8XSewnVfnyvFeq830LVAiTEEDRQLqKVT1PiRZEj64XGyRM3lX0Xp+CXG8z3Qc4OVFrHdb/nUIbfDAmxsWRymTm5p2E5GTJPlr/gON/AHPAHIzmgk5HD9PqBPpMQRHN9/y8vkeIPh9gEj8oUYsM6MPEKrbQIDBqnr8UaxPaMtJF+cjg36VB0SJ9c1w0DBWeND/UNFq47aNWMSND5O9qX0eJxVTqxFAFia0V2WUZk17Pd6pzLKkZQb94" + ], + "priority": [ + "100" + ] + } + }, + { + "id": "fa8ee6a3-d95e-4ec9-856a-0962208b6bcc", + "name": "rsa-enc-generated", + "providerId": "rsa-enc-generated", + "subComponents": {}, + "config": { + "privateKey": [ + "MIIEowIBAAKCAQEAsZNPlXoVvt4RsbkFu3giJB3W3qDxEGsAIvOQqLFKP4o1oFJY4L4K5ljUbGABMiq0fQEVTj1mAZAwqJ/J+mnv5OhkUfTDpAt0LactZRPqz7RyfRwmSTL3r/kCtFZn5WQZA//Z6q3zdm7ARxH3Dq9+cMARIe1k7dblWlX+8A5Qk8Ka9Ie6SfwqlTsv4EMTmIhUjj/UyEAWLhSLrk/gA3PQyw/OUEWJTM946AWmPcMtWJRFDbMsj00G1sgrmRuIa0zmXpLj+Zr1Kby9GBU/x60EKtONtXiX8IvIKFm8mKI40q8va6jI71wqUB7OtDZ1a+iF1h8TJ+X5Q2ARPo0li3iEUQIDAQABAoIBADhe57ovZdzP+TT+Y9P12Hy3nkDRPYV1OjdeM5NhqIzQLqLk0UMTATnLhC+dMHQA+4fdQqqyMgIYCGJXS1J7s8Rqg4JC3aJjYm+lrPLz5iwmf9u4hmzhSaCqv1GJRnUbGBfdbguiSfHUSaSmDtQyIMThK+8lwc8A05EgUIxbNvgYnEOEdavlyCq4HdMiDPSjpdHSdC8NpaQkAVULB3QXofm5SQm4ioED/trVjHyjl80i9ysDKSPPzqpye4lFCqmclni1U78V2w4E/uVOG8+MczZkS4otPG99QoELGuqLaVmq9rAx624owUAY3r7ecCL2lSHyjzJwBkrBFLenlSI4A6sCgYEA7tPcbOYPt2a7ih1nase6aC5rwTk62lpe9cuNpVCRmKKlX9glLLcFjNz+75LSyj4TXvg52vcZv3JmsULUeE30rPVr9hgIeuEnsPCc4HLJ40aVaEyhVVwg5ofy3++/8Ys0PR2blZ674/jFgxbB537t81QxQd5WtD9Zh+w7Tiiw40sCgYEAvlf4qvjKW6kaOpmIe4S7wWY9/FhbgHq3sKLltfzOGY0GTWGFZtJ7uzgDvOkEVAIyopEDKfkBL3Sok5ic8MpQOARCa1HXjm8+dtQ1SkNxDsGC//DpouHefkvwUNeKYPV2n4CckirUMmvSqWz4oWAA5u0C2eg0pwvlavMpRKN1mVMCgYB7Klt09biJNrvk4IEi+lnRvI7pmSAW16A9Vnp4FPLhKo/qu8eAJesA2D/JQYjfr9/BjHYZzHFE4DTBmduFJ37Va8P/qClHZbJYd94PimM/iHkozsws/1QgT2AbyMLOSKHqGsjQAoqXaQZDMotRXY5NfM/iTk2cq0b66AM1rZp7vQKBgQCpBc1XZV2sT1lvN+8uYAuqDXR1pLB8QnzjaYO6Oyd5IPW7uSGQ0M/2zCLlmbWyM9Fq8oJwvyECVwFrL1YNrFnXpFCmpCJZ5Qb+1ioMLB81DzmYtQGDFjdQx3Y7E2tZ9h7EPJzMXyPXMk/7Cz0tb+bdKRIjFkPLIpEyi4LV5KEE6QKBgF7Hs1jnR+/3wVK2NG+Ek5bOwOn7wNtwpfhHpj+Auwk7B9mzoor01L6UTw+LDMtQoohfqOJhM1xZcn2MJdhZhkWvSpavEyuY886A8RVtL44rh/kCHy/M4d9AQoiSz5mIYOdiiskbepG+jaIoweUvWxLmcWLWgV3H8syyqJR/vf30" + ], + "keyUse": [ + "ENC" + ], + "certificate": [ + "MIICnzCCAYcCBgGO+25WEDANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDDAhiYWVsZHVuZzAeFw0yNDA0MjAxMjEzMTZaFw0zNDA0MjAxMjE0NTZaMBMxETAPBgNVBAMMCGJhZWxkdW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsZNPlXoVvt4RsbkFu3giJB3W3qDxEGsAIvOQqLFKP4o1oFJY4L4K5ljUbGABMiq0fQEVTj1mAZAwqJ/J+mnv5OhkUfTDpAt0LactZRPqz7RyfRwmSTL3r/kCtFZn5WQZA//Z6q3zdm7ARxH3Dq9+cMARIe1k7dblWlX+8A5Qk8Ka9Ie6SfwqlTsv4EMTmIhUjj/UyEAWLhSLrk/gA3PQyw/OUEWJTM946AWmPcMtWJRFDbMsj00G1sgrmRuIa0zmXpLj+Zr1Kby9GBU/x60EKtONtXiX8IvIKFm8mKI40q8va6jI71wqUB7OtDZ1a+iF1h8TJ+X5Q2ARPo0li3iEUQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCT9Jua67qgsClibdgvEfX3BKLl+JXVbFjyYKfBhP85DIk/tzfeYi1UZilWGPWlnprhp5GnwZXPeqVsLCNM+ypdYN8RGBs6K48wVQoetf92GPh9eCQMq2FSAVKShsgkolKifyuZo8oQu6Na92V5EsjUV7hEB4G3jXOisrO/MjN+Ja9eRXru1L2n7bOrKtYRlYeNI8CZvc63jRPkq1fRutcmpqMRPDjMYuM9wUvkZwewqo8WSf51DDKBah5W83XLbTp5jX0bH1NZc3BNHnNerR3iMGPSa6rcKPsC3lL1mZluNVhQExyli1S1f7QmUc1BYxr3zi2uVCKkci5gRenDywws" + ], + "priority": [ + "100" + ], + "algorithm": [ + "RSA-OAEP" + ] + } + }, + { + "id": "0866f9d1-3c22-432c-95d4-65378e739b89", + "name": "hmac-generated-hs512", + "providerId": "hmac-generated", + "subComponents": {}, + "config": { + "kid": [ + "749eb77a-a3d7-45b2-bc40-3bf80faf2fc7" + ], + "secret": [ + "YmaVXh3blZqVaqpgeLyGI5JUzV8Vc41XFb7RcUaChNmAN-f61pqz7nE6edgQj_NS-TVVsvlq9qouKcd-5_oGugmvCXZ-Dp5gzcKe4EA-voOEV4pvJ7VXRWuH6QBDCaXyDiknEVtIx20ycjC4F8Ch10_n8so87mwMuVA6zD8Y-oM" + ], + "priority": [ + "100" + ], + "algorithm": [ + "HS512" + ] + } + } + ] + }, + "internationalizationEnabled": false, + "supportedLocales": [], + "authenticationFlows": [ + { + "id": "92fc572a-6443-4d62-989d-dc6147aed6a6", + "alias": "Account verification options", + "description": "Method with which to verity the existing account", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-email-verification", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Verify Existing Account by Re-authentication", + "userSetupAllowed": false + } + ] + }, + { + "id": "17dce980-92a5-4dab-84b6-29f0ffe91e2f", + "alias": "Browser - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-otp-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "9fdb023c-7959-4e7c-b745-d0bcfc6e1f87", + "alias": "Direct Grant - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "direct-grant-validate-otp", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "336dbe24-c5ec-44c0-bf56-1b811b451fdf", + "alias": "First broker login - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-otp-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "3a87da1e-2fdf-4d15-8c93-8e8d69fc2774", + "alias": "Handle Existing Account", + "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-confirm-link", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Account verification options", + "userSetupAllowed": false + } + ] + }, + { + "id": "77bd3109-c34e-4165-b9f7-cb6d19aa7fe3", + "alias": "Reset - Conditional OTP", + "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-otp", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "ee4b2165-c1be-43ca-96c8-b2302d78b38a", + "alias": "User creation or linking", + "description": "Flow for the existing/non-existing user alternatives", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorConfig": "create unique user config", + "authenticator": "idp-create-user-if-unique", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Handle Existing Account", + "userSetupAllowed": false + } + ] + }, + { + "id": "0116eec2-8a17-4de9-b75f-caa26e52bdf0", + "alias": "Verify Existing Account by Re-authentication", + "description": "Reauthentication of existing account", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-username-password-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "First broker login - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "de8794bd-3ad0-42e9-861f-85fcb6cb1db6", + "alias": "browser", + "description": "browser based authentication", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-cookie", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-spnego", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "identity-provider-redirector", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 25, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 30, + "autheticatorFlow": true, + "flowAlias": "forms", + "userSetupAllowed": false + } + ] + }, + { + "id": "9f6aa9f1-134b-4efe-84c4-ba9b7f4e8368", + "alias": "clients", + "description": "Base authentication for clients", + "providerId": "client-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "client-secret", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-jwt", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-secret-jwt", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 30, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-x509", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 40, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "692ddf3c-2813-46ef-b364-fcba9d70f5a4", + "alias": "direct grant", + "description": "OpenID Connect Resource Owner Grant", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "direct-grant-validate-username", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "direct-grant-validate-password", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 30, + "autheticatorFlow": true, + "flowAlias": "Direct Grant - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "257e18b2-be1c-4ab2-8dd7-68a83817ca8a", + "alias": "docker auth", + "description": "Used by Docker clients to authenticate against the IDP", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "docker-http-basic-authenticator", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "fe879ee4-eec5-4034-9b78-82636f614123", + "alias": "first broker login", + "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorConfig": "review profile config", + "authenticator": "idp-review-profile", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "User creation or linking", + "userSetupAllowed": false + } + ] + }, + { + "id": "2e6f09af-a3f6-415a-8d38-dfc1708e82ff", + "alias": "forms", + "description": "Username, password, otp and other auth forms.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-username-password-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Browser - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "cac2a81c-7933-4e1c-a91b-1a5e4d8ba873", + "alias": "registration", + "description": "registration flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-page-form", + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": true, + "flowAlias": "registration form", + "userSetupAllowed": false + } + ] + }, + { + "id": "76b893b1-6b16-4e7c-a945-b86b63c983fb", + "alias": "registration form", + "description": "registration form", + "providerId": "form-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-user-creation", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "registration-password-action", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 50, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "registration-recaptcha-action", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 60, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "registration-terms-and-conditions", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 70, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "8c1ba21b-218d-406d-a936-c935f41e7bef", + "alias": "reset credentials", + "description": "Reset credentials for a user if they forgot their password or something", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "reset-credentials-choose-user", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-credential-email", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-password", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 30, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 40, + "autheticatorFlow": true, + "flowAlias": "Reset - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "6df47204-9532-4b3e-821f-9a5255b9c305", + "alias": "saml ecp", + "description": "SAML ECP Profile Authentication Flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "http-basic-authenticator", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + } + ], + "authenticatorConfig": [ + { + "id": "793b40f2-0912-40f4-b570-a75015fb9eb0", + "alias": "create unique user config", + "config": { + "require.password.update.after.registration": "false" + } + }, + { + "id": "3ff115f7-7108-4b17-8868-1d390ec3a480", + "alias": "review profile config", + "config": { + "update.profile.on.first.login": "missing" + } + } + ], + "requiredActions": [ + { + "alias": "CONFIGURE_TOTP", + "name": "Configure OTP", + "providerId": "CONFIGURE_TOTP", + "enabled": true, + "defaultAction": false, + "priority": 10, + "config": {} + }, + { + "alias": "TERMS_AND_CONDITIONS", + "name": "Terms and Conditions", + "providerId": "TERMS_AND_CONDITIONS", + "enabled": false, + "defaultAction": false, + "priority": 20, + "config": {} + }, + { + "alias": "UPDATE_PASSWORD", + "name": "Update Password", + "providerId": "UPDATE_PASSWORD", + "enabled": true, + "defaultAction": false, + "priority": 30, + "config": {} + }, + { + "alias": "UPDATE_PROFILE", + "name": "Update Profile", + "providerId": "UPDATE_PROFILE", + "enabled": true, + "defaultAction": false, + "priority": 40, + "config": {} + }, + { + "alias": "VERIFY_EMAIL", + "name": "Verify Email", + "providerId": "VERIFY_EMAIL", + "enabled": true, + "defaultAction": false, + "priority": 50, + "config": {} + }, + { + "alias": "delete_account", + "name": "Delete Account", + "providerId": "delete_account", + "enabled": false, + "defaultAction": false, + "priority": 60, + "config": {} + }, + { + "alias": "webauthn-register", + "name": "Webauthn Register", + "providerId": "webauthn-register", + "enabled": true, + "defaultAction": false, + "priority": 70, + "config": {} + }, + { + "alias": "webauthn-register-passwordless", + "name": "Webauthn Register Passwordless", + "providerId": "webauthn-register-passwordless", + "enabled": true, + "defaultAction": false, + "priority": 80, + "config": {} + }, + { + "alias": "VERIFY_PROFILE", + "name": "Verify Profile", + "providerId": "VERIFY_PROFILE", + "enabled": true, + "defaultAction": false, + "priority": 90, + "config": {} + }, + { + "alias": "update_user_locale", + "name": "Update User Locale", + "providerId": "update_user_locale", + "enabled": true, + "defaultAction": false, + "priority": 1000, + "config": {} + } + ], + "browserFlow": "browser", + "registrationFlow": "registration", + "directGrantFlow": "direct grant", + "resetCredentialsFlow": "reset credentials", + "clientAuthenticationFlow": "clients", + "dockerAuthenticationFlow": "docker auth", + "firstBrokerLoginFlow": "first broker login", + "attributes": { + "cibaBackchannelTokenDeliveryMode": "poll", + "cibaAuthRequestedUserHint": "login_hint", + "oauth2DevicePollingInterval": "5", + "clientOfflineSessionMaxLifespan": "0", + "clientSessionIdleTimeout": "0", + "clientOfflineSessionIdleTimeout": "0", + "cibaInterval": "5", + "realmReusableOtpCode": "false", + "cibaExpiresIn": "120", + "oauth2DeviceCodeLifespan": "600", + "parRequestUriLifespan": "60", + "clientSessionMaxLifespan": "0", + "adminEventsExpiration": "900" + }, + "keycloakVersion": "24.0.0", + "userManagedAccessAllowed": false, + "clientProfiles": { + "profiles": [] + }, + "clientPolicies": { + "policies": [] + } } \ No newline at end of file diff --git a/spring-security-modules/spring-security-oauth2-testing/keycloak/import/baeldung-users-0.json b/spring-security-modules/spring-security-oauth2-testing/keycloak/import/baeldung-users-0.json index 1d43a9eecc..b013dc6333 100644 --- a/spring-security-modules/spring-security-oauth2-testing/keycloak/import/baeldung-users-0.json +++ b/spring-security-modules/spring-security-oauth2-testing/keycloak/import/baeldung-users-0.json @@ -1,62 +1,62 @@ { - "realm": "baeldung", - "users": [ - { - "id": "bb83bd5b-b895-49aa-b62e-fde8ff8d5e64", - "username": "authorized", - "firstName": "authorized", - "lastName": "user", - "email": "authorized@baeldung.gg", - "emailVerified": true, - "createdTimestamp": 1713615702990, - "enabled": true, - "totp": false, - "credentials": [ - { - "id": "23d3b6ce-fa3c-4f6e-9b09-e7b3cefa00f6", - "type": "password", - "userLabel": "My password", - "createdDate": 1713615715678, - "secretData": "{\"value\":\"lCZEOiVbCynSkCWiWe67/5/PybB+Om5mhi6SynpGFPB+r2b+QEKNYsB7ibO2f1ur9UB2aMO7jfoBYQdTJMcHbQ==\",\"salt\":\"hrIbqMOt0L7PPEYh/PsLNQ==\",\"additionalParameters\":{}}", - "credentialData": "{\"hashIterations\":210000,\"algorithm\":\"pbkdf2-sha512\",\"additionalParameters\":{}}" - } - ], - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "AUTHORIZED_PERSONNEL", - "default-roles-baeldung" - ], - "notBefore": 0, - "groups": [] - }, - { - "id": "d205d854-547c-43cf-a02d-fd6c385b128b", - "username": "forbidden", - "firstName": "forbidden", - "lastName": "user", - "email": "forbidden@baeldung.gg", - "emailVerified": true, - "createdTimestamp": 1713615781285, - "enabled": true, - "totp": false, - "credentials": [ - { - "id": "2fa8244c-fba9-43d9-ab4d-80804ca26f6f", - "type": "password", - "userLabel": "My password", - "createdDate": 1713615795357, - "secretData": "{\"value\":\"sOUpOdi8yf31YbMEub+tAF7N55QHjrPjg48mO3/C1zGaAxLUYdLodf4upuy6w7eBuRrFaVa1m4mRe6wkWtmLIw==\",\"salt\":\"OMbZn6ojNyZdp6/k/72B/A==\",\"additionalParameters\":{}}", - "credentialData": "{\"hashIterations\":210000,\"algorithm\":\"pbkdf2-sha512\",\"additionalParameters\":{}}" - } - ], - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-baeldung" - ], - "notBefore": 0, - "groups": [] - } - ] + "realm": "baeldung", + "users": [ + { + "id": "bb83bd5b-b895-49aa-b62e-fde8ff8d5e64", + "username": "authorized", + "firstName": "authorized", + "lastName": "user", + "email": "authorized@baeldung.gg", + "emailVerified": true, + "createdTimestamp": 1713615702990, + "enabled": true, + "totp": false, + "credentials": [ + { + "id": "23d3b6ce-fa3c-4f6e-9b09-e7b3cefa00f6", + "type": "password", + "userLabel": "My password", + "createdDate": 1713615715678, + "secretData": "{\"value\":\"lCZEOiVbCynSkCWiWe67/5/PybB+Om5mhi6SynpGFPB+r2b+QEKNYsB7ibO2f1ur9UB2aMO7jfoBYQdTJMcHbQ==\",\"salt\":\"hrIbqMOt0L7PPEYh/PsLNQ==\",\"additionalParameters\":{}}", + "credentialData": "{\"hashIterations\":210000,\"algorithm\":\"pbkdf2-sha512\",\"additionalParameters\":{}}" + } + ], + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": [ + "AUTHORIZED_PERSONNEL", + "default-roles-baeldung" + ], + "notBefore": 0, + "groups": [] + }, + { + "id": "d205d854-547c-43cf-a02d-fd6c385b128b", + "username": "forbidden", + "firstName": "forbidden", + "lastName": "user", + "email": "forbidden@baeldung.gg", + "emailVerified": true, + "createdTimestamp": 1713615781285, + "enabled": true, + "totp": false, + "credentials": [ + { + "id": "2fa8244c-fba9-43d9-ab4d-80804ca26f6f", + "type": "password", + "userLabel": "My password", + "createdDate": 1713615795357, + "secretData": "{\"value\":\"sOUpOdi8yf31YbMEub+tAF7N55QHjrPjg48mO3/C1zGaAxLUYdLodf4upuy6w7eBuRrFaVa1m4mRe6wkWtmLIw==\",\"salt\":\"OMbZn6ojNyZdp6/k/72B/A==\",\"additionalParameters\":{}}", + "credentialData": "{\"hashIterations\":210000,\"algorithm\":\"pbkdf2-sha512\",\"additionalParameters\":{}}" + } + ], + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": [ + "default-roles-baeldung" + ], + "notBefore": 0, + "groups": [] + } + ] } \ No newline at end of file diff --git a/spring-security-modules/spring-security-oauth2-testing/pom.xml b/spring-security-modules/spring-security-oauth2-testing/pom.xml index b2c59d5a98..c0241d2d42 100644 --- a/spring-security-modules/spring-security-oauth2-testing/pom.xml +++ b/spring-security-modules/spring-security-oauth2-testing/pom.xml @@ -1,38 +1,38 @@ - 4.0.0 - spring-security-oauth2-testing - spring-security-oauth2-testing - pom - spring-security 6 oauth testing sample project + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> + 4.0.0 + spring-security-oauth2-testing + spring-security-oauth2-testing + pom + spring-security 6 oauth testing sample project - - com.baeldung - parent-boot-3 - 0.0.1-SNAPSHOT - ../../parent-boot-3 - + + com.baeldung + parent-boot-3 + 0.0.1-SNAPSHOT + ../../parent-boot-3 + - - - - com.c4-soft.springaddons - spring-addons-oauth2-test - ${spring-addons.version} - - - + + + + com.c4-soft.springaddons + spring-addons-oauth2-test + ${spring-addons.version} + + + - - reactive-resource-server - servlet-resource-server - + + reactive-resource-server + servlet-resource-server + - - 7.6.12 - 17 - + + 7.6.12 + 17 + \ No newline at end of file diff --git a/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/pom.xml b/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/pom.xml index f284f5bf15..f22ebd1bd7 100644 --- a/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/pom.xml +++ b/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/pom.xml @@ -1,61 +1,61 @@ - 4.0.0 - com.baeldung.spring-security-modules.testing - reactive-resource-server - reactive-resource-server - Demo project for Spring Boot reactive resource-server + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"> + 4.0.0 + com.baeldung.spring-security-modules.testing + reactive-resource-server + reactive-resource-server + Demo project for Spring Boot reactive resource-server - - com.baeldung - spring-security-oauth2-testing - 0.0.1-SNAPSHOT - .. - + + com.baeldung + spring-security-oauth2-testing + 0.0.1-SNAPSHOT + .. + - - - org.springframework.boot - spring-boot-starter-oauth2-resource-server - - - org.springframework.boot - spring-boot-starter-webflux - - - org.projectlombok - lombok - true - - - org.springframework.boot - spring-boot-starter-test - test - - - com.c4-soft.springaddons - spring-addons-oauth2-test - test - - + + + org.springframework.boot + spring-boot-starter-oauth2-resource-server + + + org.springframework.boot + spring-boot-starter-webflux + + + org.projectlombok + lombok + true + + + org.springframework.boot + spring-boot-starter-test + test + + + com.c4-soft.springaddons + spring-addons-oauth2-test + test + + - - - - org.springframework.boot - spring-boot-maven-plugin - - - - org.projectlombok - lombok - - - - - - + + + + org.springframework.boot + spring-boot-maven-plugin + + + + org.projectlombok + lombok + + + + + + \ No newline at end of file diff --git a/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/test/resources/ch4mpy.json b/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/test/resources/ch4mpy.json index 5a39971eab..22f7bb2cea 100644 --- a/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/test/resources/ch4mpy.json +++ b/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/test/resources/ch4mpy.json @@ -1,15 +1,15 @@ { - "iss": "https://localhost:8443/realms/master", - "sub": "281c4558-550c-413b-9972-2d2e5bde6b9b", - "iat": 1695992542, - "exp": 1695992642, - "preferred_username": "ch4mpy", - "realm_access": { - "roles": [ - "admin", - "ROLE_AUTHORIZED_PERSONNEL" - ] - }, - "email": "ch4mp@c4-soft.com", - "scope": "openid email" + "iss": "https://localhost:8443/realms/master", + "sub": "281c4558-550c-413b-9972-2d2e5bde6b9b", + "iat": 1695992542, + "exp": 1695992642, + "preferred_username": "ch4mpy", + "realm_access": { + "roles": [ + "admin", + "ROLE_AUTHORIZED_PERSONNEL" + ] + }, + "email": "ch4mp@c4-soft.com", + "scope": "openid email" } \ No newline at end of file diff --git a/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/test/resources/tonton-pirate.json b/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/test/resources/tonton-pirate.json index eff989f2c3..13a422f6fd 100644 --- a/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/test/resources/tonton-pirate.json +++ b/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/test/resources/tonton-pirate.json @@ -1,15 +1,15 @@ { - "iss": "https://localhost:8443/realms/master", - "sub": "2d2e5bde6b9b-550c-413b-9972-281c4558", - "iat": 1695992551, - "exp": 1695992651, - "preferred_username": "tonton-pirate", - "realm_access": { - "roles": [ - "uncle", - "PIRATE" - ] - }, - "email": "tonton-pirate@c4-soft.com", - "scope": "openid email" + "iss": "https://localhost:8443/realms/master", + "sub": "2d2e5bde6b9b-550c-413b-9972-281c4558", + "iat": 1695992551, + "exp": 1695992651, + "preferred_username": "tonton-pirate", + "realm_access": { + "roles": [ + "uncle", + "PIRATE" + ] + }, + "email": "tonton-pirate@c4-soft.com", + "scope": "openid email" } \ No newline at end of file diff --git a/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/pom.xml b/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/pom.xml index 75175fe1aa..ddd6c1d313 100644 --- a/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/pom.xml +++ b/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/pom.xml @@ -1,61 +1,61 @@ - 4.0.0 - com.baeldung.spring-security-modules.testing - servlet-resource-server - servlet-resource-server - Demo project for Spring Boot servlet resource-server + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"> + 4.0.0 + com.baeldung.spring-security-modules.testing + servlet-resource-server + servlet-resource-server + Demo project for Spring Boot servlet resource-server - - com.baeldung - spring-security-oauth2-testing - 0.0.1-SNAPSHOT - .. - + + com.baeldung + spring-security-oauth2-testing + 0.0.1-SNAPSHOT + .. + - - - org.springframework.boot - spring-boot-starter-oauth2-resource-server - - - org.springframework.boot - spring-boot-starter-web - - - org.projectlombok - lombok - true - - - org.springframework.boot - spring-boot-starter-test - test - - - com.c4-soft.springaddons - spring-addons-oauth2-test - test - - + + + org.springframework.boot + spring-boot-starter-oauth2-resource-server + + + org.springframework.boot + spring-boot-starter-web + + + org.projectlombok + lombok + true + + + org.springframework.boot + spring-boot-starter-test + test + + + com.c4-soft.springaddons + spring-addons-oauth2-test + test + + - - - - org.springframework.boot - spring-boot-maven-plugin - - - - org.projectlombok - lombok - - - - - - + + + + org.springframework.boot + spring-boot-maven-plugin + + + + org.projectlombok + lombok + + + + + + diff --git a/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/test/resources/ch4mpy.json b/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/test/resources/ch4mpy.json index 5a39971eab..22f7bb2cea 100644 --- a/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/test/resources/ch4mpy.json +++ b/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/test/resources/ch4mpy.json @@ -1,15 +1,15 @@ { - "iss": "https://localhost:8443/realms/master", - "sub": "281c4558-550c-413b-9972-2d2e5bde6b9b", - "iat": 1695992542, - "exp": 1695992642, - "preferred_username": "ch4mpy", - "realm_access": { - "roles": [ - "admin", - "ROLE_AUTHORIZED_PERSONNEL" - ] - }, - "email": "ch4mp@c4-soft.com", - "scope": "openid email" + "iss": "https://localhost:8443/realms/master", + "sub": "281c4558-550c-413b-9972-2d2e5bde6b9b", + "iat": 1695992542, + "exp": 1695992642, + "preferred_username": "ch4mpy", + "realm_access": { + "roles": [ + "admin", + "ROLE_AUTHORIZED_PERSONNEL" + ] + }, + "email": "ch4mp@c4-soft.com", + "scope": "openid email" } \ No newline at end of file diff --git a/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/test/resources/tonton-pirate.json b/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/test/resources/tonton-pirate.json index eff989f2c3..13a422f6fd 100644 --- a/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/test/resources/tonton-pirate.json +++ b/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/test/resources/tonton-pirate.json @@ -1,15 +1,15 @@ { - "iss": "https://localhost:8443/realms/master", - "sub": "2d2e5bde6b9b-550c-413b-9972-281c4558", - "iat": 1695992551, - "exp": 1695992651, - "preferred_username": "tonton-pirate", - "realm_access": { - "roles": [ - "uncle", - "PIRATE" - ] - }, - "email": "tonton-pirate@c4-soft.com", - "scope": "openid email" + "iss": "https://localhost:8443/realms/master", + "sub": "2d2e5bde6b9b-550c-413b-9972-281c4558", + "iat": 1695992551, + "exp": 1695992651, + "preferred_username": "tonton-pirate", + "realm_access": { + "roles": [ + "uncle", + "PIRATE" + ] + }, + "email": "tonton-pirate@c4-soft.com", + "scope": "openid email" } \ No newline at end of file