You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by gt...@apache.org on 2021/03/23 09:52:04 UTC
[activemq-artemis] 02/02: ARTEMIS-3168 - add example using
authentication delegation to keycloak,
principal conversion for jms clients and oath for the web cosole
This is an automated email from the ASF dual-hosted git repository.
gtully pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/activemq-artemis.git
commit d71d54b38a36109d5a06d536e9895d43f78752d9
Author: gtully <ga...@gmail.com>
AuthorDate: Tue Mar 9 10:23:33 2021 +0000
ARTEMIS-3168 - add example using authentication delegation to keycloak, principal conversion for jms clients and oath for the web cosole
---
.../artemis/cli/commands/etc/artemis.profile | 2 +-
.../artemis/maven/ArtemisCreatePlugin.java | 2 +-
docs/user-manual/en/examples.md | 6 +
examples/features/standard/pom.xml | 1 +
.../features/standard/security-keycloak/pom.xml | 197 ++
.../features/standard/security-keycloak/readme.md | 159 +
.../jms/example/KeycloakSecurityExample.java | 97 +
.../src/main/resources/activemq/server0/broker.xml | 63 +
.../activemq/server0/keycloak-bearer-token.json | 9 +
.../activemq/server0/keycloak-direct-access.json | 11 +
.../activemq/server0/keycloak-js-client.json | 5 +
.../resources/activemq/server0/logging.properties | 81 +
.../main/resources/activemq/server0/login.config | 36 +
.../resources/artemis-keycloak-demo-realm.json | 3650 ++++++++++++++++++++
.../src/main/resources/jndi.properties | 20 +
pom.xml | 1 +
16 files changed, 4338 insertions(+), 2 deletions(-)
diff --git a/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/artemis.profile b/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/artemis.profile
index 9ab1483..9dfb5e7 100644
--- a/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/artemis.profile
+++ b/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/artemis.profile
@@ -37,7 +37,7 @@ HAWTIO_ROLE='${role}'
# Java Opts
if [ -z "$JAVA_ARGS" ]; then
- JAVA_ARGS="${java-opts} -XX:+PrintClassHistogram -XX:+UseG1GC -XX:+UseStringDeduplication -Xms512M -Xmx2G -Dhawtio.disableProxy=true -Dhawtio.realm=activemq -Dhawtio.offline=true -Dhawtio.rolePrincipalClasses=org.apache.activemq.artemis.spi.core.security.jaas.RolePrincipal -Djolokia.policyLocation=${ARTEMIS_INSTANCE_ETC_URI}jolokia-access.xml"
+ JAVA_ARGS="-XX:+PrintClassHistogram -XX:+UseG1GC -XX:+UseStringDeduplication -Xms512M -Xmx2G -Dhawtio.disableProxy=true -Dhawtio.realm=activemq -Dhawtio.offline=true -Dhawtio.rolePrincipalClasses=org.apache.activemq.artemis.spi.core.security.jaas.RolePrincipal -Djolokia.policyLocation=${ARTEMIS_INSTANCE_ETC_URI}jolokia-access.xml ${java-opts}"
fi
#
diff --git a/artemis-maven-plugin/src/main/java/org/apache/activemq/artemis/maven/ArtemisCreatePlugin.java b/artemis-maven-plugin/src/main/java/org/apache/activemq/artemis/maven/ArtemisCreatePlugin.java
index 161d3df..13707e7 100644
--- a/artemis-maven-plugin/src/main/java/org/apache/activemq/artemis/maven/ArtemisCreatePlugin.java
+++ b/artemis-maven-plugin/src/main/java/org/apache/activemq/artemis/maven/ArtemisCreatePlugin.java
@@ -187,7 +187,7 @@ public class ArtemisCreatePlugin extends ArtemisAbstractPlugin {
ArrayList<String> listCommands = new ArrayList<>();
- add(listCommands, "create", "--allow-anonymous", "--silent", "--force", "--user", user, "--password", password, "--role", role, "--port-offset", "" + portOffset, "--data", dataFolder);
+ add(listCommands, "create", "--silent", "--force", "--user", user, "--password", password, "--role", role, "--port-offset", "" + portOffset, "--data", dataFolder);
if (allowAnonymous) {
add(listCommands, "--allow-anonymous");
diff --git a/docs/user-manual/en/examples.md b/docs/user-manual/en/examples.md
index f5ee561..34bf2bd 100644
--- a/docs/user-manual/en/examples.md
+++ b/docs/user-manual/en/examples.md
@@ -724,6 +724,12 @@ The `security-ldap` example shows you how configure and use role based security
with Apache ActiveMQ Artemis & an embedded instance of the Apache DS LDAP
server.
+## Security keycloak
+
+The `security-keycloak` example shows you how to delegate security
+with Apache ActiveMQ Artemis & an external Keycloak. Using
+OAuth of the web console and direct access for JMS clients.
+
## Send Acknowledgements
The `send-acknowledgements` example shows you how to use Apache ActiveMQ
diff --git a/examples/features/standard/pom.xml b/examples/features/standard/pom.xml
index 006ae3a..3e4883c 100644
--- a/examples/features/standard/pom.xml
+++ b/examples/features/standard/pom.xml
@@ -91,6 +91,7 @@ under the License.
<module>request-reply</module>
<module>scheduled-message</module>
<module>security</module>
+ <module>security-keycloak</module>
<module>security-ldap</module>
<module>security-manager</module>
<module>send-acknowledgements</module>
diff --git a/examples/features/standard/security-keycloak/pom.xml b/examples/features/standard/security-keycloak/pom.xml
new file mode 100644
index 0000000..1c4da71
--- /dev/null
+++ b/examples/features/standard/security-keycloak/pom.xml
@@ -0,0 +1,197 @@
+<?xml version='1.0'?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+
+ <parent>
+ <groupId>org.apache.activemq.examples.broker</groupId>
+ <artifactId>jms-examples</artifactId>
+ <version>2.18.0-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>security-keycloak</artifactId>
+ <packaging>jar</packaging>
+ <name>ActiveMQ Artemis JMS Security Keycloak Example</name>
+
+ <properties>
+ <activemq.basedir>${project.basedir}/../../../..</activemq.basedir>
+ <version.org.keycloak>12.0.3</version.org.keycloak>
+ <version.org.apache.httpcomponents>4.5.13</version.org.apache.httpcomponents>
+ </properties>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.activemq</groupId>
+ <artifactId>artemis-jms-client-all</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ </dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>com.googlecode.maven-download-plugin</groupId>
+ <artifactId>download-maven-plugin</artifactId>
+ <version>1.6.1</version>
+ <executions>
+ <execution>
+ <id>install-keycloak</id>
+ <phase>pre-integration-test</phase>
+ <goals>
+ <goal>wget</goal>
+ </goals>
+ <configuration>
+ <url>https://github.com/keycloak/keycloak/releases/download/${version.org.keycloak}/keycloak-${version.org.keycloak}.tar.gz</url>
+ <unpack>true</unpack>
+ <overwrite>false</overwrite>
+ <skip>${noServer}</skip>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.activemq</groupId>
+ <artifactId>artemis-maven-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>create</id>
+ <phase>pre-integration-test</phase>
+ <goals>
+ <goal>create</goal>
+ </goals>
+ <configuration>
+ <ignore>${noServer}</ignore>
+ <noWeb>false</noWeb>
+ <!-- enable keycloak for hawtio via system property overrides, note use of "console" realm in login.config -->
+ <javaOptions>-Dhawtio.keycloakEnabled=true -Dhawtio.keycloakClientConfig=${ARTEMIS_INSTANCE_ETC_URI}keycloak-js-client.json -Dhawtio.authenticationEnabled=true -Dhawtio.realm=console</javaOptions>
+ <libListWithDeps>
+ <!-- allow keycloak login module classloading from the artemis lib dir-->
+ <arg>org.keycloak:keycloak-adapter-core:jar:${version.org.keycloak}</arg>
+ <arg>org.keycloak:keycloak-core:jar:${version.org.keycloak}</arg>
+ <arg>org.apache.httpcomponents:httpclient:jar:${version.org.apache.httpcomponents}</arg>
+ </libListWithDeps>
+ </configuration>
+ </execution>
+ <execution>
+ <id>start</id>
+ <goals>
+ <goal>cli</goal>
+ </goals>
+ <configuration>
+ <ignore>${noServer}</ignore>
+ <spawn>true</spawn>
+ <args>
+ <param>run</param>
+ </args>
+ </configuration>
+ </execution>
+ <execution>
+ <id>runClient</id>
+ <phase>verify</phase>
+ <goals>
+ <goal>runClient</goal>
+ </goals>
+ <configuration>
+ <clientClass>org.apache.activemq.artemis.jms.example.KeycloakSecurityExample</clientClass>
+ </configuration>
+ </execution>
+ <execution>
+ <id>stop</id>
+ <goals>
+ <goal>cli</goal>
+ </goals>
+ <configuration>
+ <ignore>${noServer}</ignore>
+ <args>
+ <param>stop</param>
+ </args>
+ </configuration>
+ </execution>
+ </executions>
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.activemq.examples.broker</groupId>
+ <artifactId>security-keycloak</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-adapter-core</artifactId>
+ <version>${version.org.keycloak}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-core</artifactId>
+ <version>${version.org.keycloak}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.httpcomponents</groupId>
+ <artifactId>httpclient</artifactId>
+ <version>${version.org.apache.httpcomponents}</version>
+ </dependency>
+ </dependencies>
+ </plugin>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>exec-maven-plugin</artifactId>
+ <version>3.0.0</version>
+ <executions>
+ <execution>
+ <id>run-keycloak</id>
+ <phase>integration-test</phase>
+ <goals>
+ <goal>exec</goal>
+ </goals>
+ <configuration>
+ <skip>${noServer}</skip>
+ <async>true</async>
+ <executable>./target/keycloak-${version.org.keycloak}/bin/standalone.sh</executable>
+ <arguments>
+ <argument>-Dkeycloak.migration.action=import</argument>
+ <argument>-Dkeycloak.migration.provider=singleFile</argument>
+ <argument>-Dkeycloak.migration.file=./src/main/resources/artemis-keycloak-demo-realm.json</argument>
+ </arguments>
+ </configuration>
+ </execution>
+ <execution>
+ <id>stop-keycloak</id>
+ <phase>verify</phase>
+ <goals>
+ <goal>exec</goal>
+ </goals>
+ <configuration>
+ <skip>${noServer}</skip>
+ <executable>./target/keycloak-${version.org.keycloak}/bin/jboss-cli.sh</executable>
+ <arguments>
+ <argument>--connect</argument>
+ <argument>command=:shutdown</argument>
+ </arguments>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-clean-plugin</artifactId>
+ </plugin>
+ </plugins>
+ </build>
+</project>
diff --git a/examples/features/standard/security-keycloak/readme.md b/examples/features/standard/security-keycloak/readme.md
new file mode 100644
index 0000000..8d93138
--- /dev/null
+++ b/examples/features/standard/security-keycloak/readme.md
@@ -0,0 +1,159 @@
+# JMS Security Keycloak Example
+
+To run the example, simply type **mvn verify** from this directory, or **mvn -PnoServer verify** if you want to start and create the broker manually.
+
+In this example, broker authentication is delegated to keycloak. A keycloak server is installed and configured with
+a demo realm called "artemis-keycloak-demo".
+
+_NOTE_: The keycloak admin user is admin:admin
+The keycloak admin console is at: http://localhost:8080/auth/admin/master/console/#/realms/artemis-keycloak-demo
+
+Artemis uses JAAS for authentication and authorization, when authentication is delegated to keycloak, JAAS needs a
+way to query keycloak and resolve tokens or authenticate directly.
+
+There are two keycloak clients configured in the "artemis-keycloak-demo" keycloak realm, one each for the two JAAS
+configurations in login.config. Each are considered in turn:
+
+###### console realm
+
+The web console, using client id: "artemis-console" delegates authentication to keycloak using the openid-connect
+protocol and presents a bearer token to JAAS.
+
+The keycloak BearerTokenLoginModule in the "console" JAAS realm, converts the bearer token into the relevant Artemis
+roles for consumption by the management console role based access control(RBAC) defined in management.xml.
+Note: Hawtio does a higher level role check because -Dhawtio.role=guest is configured in the artemis run script.
+The user 'jdoe' has the required "guest" role configured in keycloak.
+
+````
+ org.keycloak.adapters.jaas.BearerTokenLoginModule required
+ keycloak-config-file="${artemis.instance}/etc/keycloak-bearer-token.json"
+````
+The contents of keycloak-bearer-token.json defines the url to connect to keycloak and the relevant keycloak realm.
+Of note are:
+````
+ "use-resource-role-mappings": true,
+````
+which is required because the relevant Artemis roles are intentionally scoped to the keycloak clients.
+
+````
+"principal-attribute": "preferred_username",
+````
+which tells keycloak the attribute to use as the name of the keycloak principal that maps the bearer token. The default
+value 'sub' pulls in the system id of the user which is less human-readable and has no meaning outside keycloak.
+
+
+###### activemq realm
+
+The broker has to support clients that present plain credentials. In the activemq realm, the keycloak
+DirectAccessGrantsLoginModule validates these credentials against keycloak and populates the relevant roles.
+
+````
+org.keycloak.adapters.jaas.DirectAccessGrantsLoginModule required
+ keycloak-config-file="${artemis.instance}/etc/keycloak-direct-access.json"
+ role-principal-class=org.apache.activemq.artemis.spi.core.security.jaas.RolePrincipal
+ ;
+````
+The 'keycloak-direct-access.json' configuration for this keycloak client is different because of the nature of
+the credentials. The "artemis-broker" client must authenticate with keycloak using a secret. TLS may also make
+sense here.
+````
+ "credentials": {
+ "secret": "9699685c-8a30-45cf-bf19-0d38bbac5fdc"
+ }
+````
+
+Further, Artemis sessions will want to verify there is a valid Artemis UserPrincipal such that it can verify
+authentication and potentially populate a message header.
+The PrincipalConversionLoginModule does the necessary transformation on the first KeycloakPrincipal it encounters.
+````
+
+ org.apache.activemq.artemis.spi.core.security.jaas.PrincipalConversionLoginModule required
+ principalClassList=org.keycloak.KeycloakPrincipal
+````
+
+###### Broker authentication configuration
+
+The broker is configured to use the 'activemq' jaas domain via the 'jaas-security' domain in
+bootstrap.xml.
+
+````
+ <jaas-security domain="activemq"/>
+````
+
+The broker.xml security-settings for the Info address, it locks down consumption to users with the "amq" role while
+users with the "guest" role can send messages.
+
+````
+ <!-- only amq role can consume, guest role can send -->
+ <security-setting match="Info">
+ <permission roles="amq" type="createDurableQueue"/>
+ <permission roles="amq" type="deleteDurableQueue"/>
+ <permission roles="amq" type="createNonDurableQueue"/>
+ <permission roles="amq" type="deleteNonDurableQueue"/>
+ <permission roles="guest" type="send"/>
+ <permission roles="amq" type="consume"/>
+ </security-setting>
+````
+
+
+###### Web console delegate authentication configuration
+
+The web console already uses the Artemis rolePrincipalClasses and JAAS to authenticate with the broker. When the console
+delegates authentication to keycloak, the bearer token needs to be resolved to a JAAS subject such that it's roles can
+be queried, this requires the use of the "console" jaas realm.
+This is achieved with system property overrides, passed via the artemis.profile JAVA_ARGS from the pom.xml
+command to create the broker using the artemis-maven-plugin.
+
+ JAVA_ARGS=".. -Dhawtio.rolePrincipalClasses=org.apache.activemq.artemis.spi.core.security.jaas.RolePrincipal
+ -Dhawtio.keycloakEnabled=true -Dhawtio.keycloakClientConfig=keycloak-js-client.json
+ -Dhawtio.authenticationEnabled=true -Dhawtio.realm=console"
+
+Note the 'hawtio.realm=console' and the 'hawtio.keycloakClientConfig' in 'keycloak-js-client.json' which provides the keycloak
+url, keycloak realm and client-id.
+
+The keycloak login modules need access to keycloak jars and dependencies. These are copied into the lib directory of
+the artemis instance in this example as part of broker creation via the pom.xml see: libListWithDeps
+````
+ +- org.keycloak:keycloak-adapter-core:jar
+ +- org.keycloak:keycloak-core:jar
+ | +- org.keycloak:keycloak-common:jar
+ | | \- com.sun.activation:jakarta.activation:jar
+ | +- org.bouncycastle:bcprov-jdk15on:jar
+ | +- org.bouncycastle:bcpkix-jdk15on:jar
+ | +- com.fasterxml.jackson.core:jackson-core:jar
+ | \- com.fasterxml.jackson.core:jackson-databind:jar
+ | \- com.fasterxml.jackson.core:jackson-annotations:jar
+````
+
+###### Keycloak server configuration
+
+In the keycloak realm "artemis-keycloak-demo", described in ./src/main/resources/artemis-keycloak-demo-realm.json
+the user "jdoe" has the 'guest' role while the user "mdoe" has an additional 'amq' role from their relevant keycloak
+client's.
+
+The new keycloak installation is started with a system property indicating that it should import it's state from
+'artemis-keycloak-demo-realm.json'.
+
+
+###### The example client
+
+The example jms client connects as user "mdoe" and expects to consume a message from the "Info" address.
+It will block till it gets a message, so we need to send a message to the Info address from the web console
+(or from another client) to have the jms client exit, allowing the example to complete.
+
+Feel free to explore the realm configuration in keycloak via the keycloak admin console, details at the start
+of this file. Note the two configured clients: 'artemis-broker' and 'artemis-console'.
+
+To send a message to the Info address from the Artemis web console:
+
+ login on to the web console:
+ http://localhost:8161/console
+
+Note: you will be redirected to the keycloak login screen where you will authenticate your browser with keycloak.
+ login in with user/password: jdoe/password
+
+Navigate to the Info address and send a message. The first sent may fail, the user/password are taken from the
+preferences panel and there is no password stored by default. Configure a password for jdoe in your preferences
+and send a message to the Info address.
+
+The client will get this message, print out the user from the message auth header and exit this example.
\ No newline at end of file
diff --git a/examples/features/standard/security-keycloak/src/main/java/org/apache/activemq/artemis/jms/example/KeycloakSecurityExample.java b/examples/features/standard/security-keycloak/src/main/java/org/apache/activemq/artemis/jms/example/KeycloakSecurityExample.java
new file mode 100644
index 0000000..36ac0af
--- /dev/null
+++ b/examples/features/standard/security-keycloak/src/main/java/org/apache/activemq/artemis/jms/example/KeycloakSecurityExample.java
@@ -0,0 +1,97 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.artemis.jms.example;
+
+import javax.jms.Connection;
+import javax.jms.ConnectionFactory;
+import javax.jms.JMSException;
+import javax.jms.Message;
+import javax.jms.MessageConsumer;
+import javax.jms.Session;
+import javax.jms.Queue;
+import javax.naming.InitialContext;
+
+import java.util.concurrent.TimeUnit;
+
+public class KeycloakSecurityExample {
+
+ public static void main(final String[] args) throws Exception {
+
+ boolean result = true;
+ Connection connection = null;
+
+ InitialContext initialContext = null;
+
+ try {
+ // Step 1. Create an initial context to perform the JNDI lookup.
+ initialContext = new InitialContext();
+
+ // Step 2. perform lookup on the topics
+ Queue genericTopic = (Queue) initialContext.lookup("queue/Info");
+
+ // Step 3. perform a lookup on the Connection Factory
+ ConnectionFactory cf = (ConnectionFactory) initialContext.lookup("ConnectionFactory");
+
+
+ // Step 4. block till we make a connection as mdoe
+ System.out.println("------------------------blocking on connection creation----------------");
+
+ while (connection == null) {
+ try {
+ connection = createConnection("mdoe", "password", cf);
+ connection.start();
+ } catch (JMSException expectedTillInfraStarted) {
+ System.out.println("---- expected error on connect till broker starts: " + expectedTillInfraStarted + ", retry in 10s");
+ TimeUnit.SECONDS.sleep(10);
+ }
+ }
+
+ // Step 5. block till we get a message
+ System.out.println("------------------------blocking on message receipt from console----------------");
+ System.out.println("------------------------send to address Info as user: jdoe password: password----------------");
+
+ Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
+ MessageConsumer consumer = session.createConsumer(genericTopic);
+
+ Message receivedMsg = null;
+ while (receivedMsg == null) {
+ receivedMsg = consumer.receive(10000);
+ if (receivedMsg != null) {
+ String validatedUser = receivedMsg.getStringProperty(org.apache.activemq.artemis.api.core.Message.HDR_VALIDATED_USER.toString());
+ System.out.println("---------------------from: " + validatedUser + " -------------------------");
+ System.out.println("---------------------reveived: " + receivedMsg);
+ System.out.println("---------------------all done!------------------------------------------");
+ }
+ }
+
+ session.close();
+
+ System.out.println("-------------------------------------------------------------------------------------");
+
+ } finally {
+ if (connection != null) {
+ connection.close();
+ }
+ }
+ }
+
+ private static Connection createConnection(final String username,
+ final String password,
+ final ConnectionFactory cf) throws JMSException {
+ return cf.createConnection(username, password);
+ }
+}
diff --git a/examples/features/standard/security-keycloak/src/main/resources/activemq/server0/broker.xml b/examples/features/standard/security-keycloak/src/main/resources/activemq/server0/broker.xml
new file mode 100644
index 0000000..3630448
--- /dev/null
+++ b/examples/features/standard/security-keycloak/src/main/resources/activemq/server0/broker.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configuration xmlns="urn:activemq" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:activemq /schema/artemis-configuration.xsd">
+ <core xmlns="urn:activemq:core">
+
+ <bindings-directory>./data/messaging/bindings</bindings-directory>
+
+ <journal-directory>./data/messaging/journal</journal-directory>
+
+ <large-messages-directory>./data/messaging/largemessages</large-messages-directory>
+
+ <paging-directory>./data/messaging/paging</paging-directory>
+
+ <populate-validated-user>true</populate-validated-user>
+
+ <!-- Acceptors -->
+ <acceptors>
+ <acceptor name="netty-acceptor">tcp://localhost:61616</acceptor>
+ </acceptors>
+
+ <!-- Other config -->
+
+ <security-settings>
+ <!-- only amq role can consume, guest role can send -->
+ <security-setting match="Info">
+ <permission roles="amq" type="createDurableQueue"/>
+ <permission roles="amq" type="deleteDurableQueue"/>
+ <permission roles="amq" type="createNonDurableQueue"/>
+ <permission roles="amq" type="deleteNonDurableQueue"/>
+ <permission roles="guest" type="send"/>
+ <permission roles="amq" type="consume"/>
+ </security-setting>
+
+ </security-settings>
+
+ <addresses>
+ <address name="Info">
+ <anycast>
+ <queue name="Info"/>
+ </anycast>
+ </address>
+ </addresses>
+
+
+ </core>
+</configuration>
diff --git a/examples/features/standard/security-keycloak/src/main/resources/activemq/server0/keycloak-bearer-token.json b/examples/features/standard/security-keycloak/src/main/resources/activemq/server0/keycloak-bearer-token.json
new file mode 100644
index 0000000..31fcd5b
--- /dev/null
+++ b/examples/features/standard/security-keycloak/src/main/resources/activemq/server0/keycloak-bearer-token.json
@@ -0,0 +1,9 @@
+{
+ "realm": "artemis-keycloak-demo",
+ "resource": "artemis-console",
+ "auth-server-url": "http://localhost:8080/auth",
+ "principal-attribute": "preferred_username",
+ "use-resource-role-mappings": true,
+ "ssl-required": "external",
+ "confidential-port": 0
+}
\ No newline at end of file
diff --git a/examples/features/standard/security-keycloak/src/main/resources/activemq/server0/keycloak-direct-access.json b/examples/features/standard/security-keycloak/src/main/resources/activemq/server0/keycloak-direct-access.json
new file mode 100644
index 0000000..bd58966
--- /dev/null
+++ b/examples/features/standard/security-keycloak/src/main/resources/activemq/server0/keycloak-direct-access.json
@@ -0,0 +1,11 @@
+{
+ "realm": "artemis-keycloak-demo",
+ "resource": "artemis-broker",
+ "auth-server-url": "http://localhost:8080/auth",
+ "use-resource-role-mappings": true,
+ "principal-attribute": "preferred_username",
+ "ssl-required": "external",
+ "credentials": {
+ "secret": "9699685c-8a30-45cf-bf19-0d38bbac5fdc"
+ }
+}
\ No newline at end of file
diff --git a/examples/features/standard/security-keycloak/src/main/resources/activemq/server0/keycloak-js-client.json b/examples/features/standard/security-keycloak/src/main/resources/activemq/server0/keycloak-js-client.json
new file mode 100644
index 0000000..3d40796
--- /dev/null
+++ b/examples/features/standard/security-keycloak/src/main/resources/activemq/server0/keycloak-js-client.json
@@ -0,0 +1,5 @@
+{
+ "realm" : "artemis-keycloak-demo",
+ "clientId" : "artemis-console",
+ "url" : "http://localhost:8080/auth"
+}
\ No newline at end of file
diff --git a/examples/features/standard/security-keycloak/src/main/resources/activemq/server0/logging.properties b/examples/features/standard/security-keycloak/src/main/resources/activemq/server0/logging.properties
new file mode 100644
index 0000000..cae2127
--- /dev/null
+++ b/examples/features/standard/security-keycloak/src/main/resources/activemq/server0/logging.properties
@@ -0,0 +1,81 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# Additional logger names to configure (root logger is always configured)
+# Root logger option
+loggers=org.eclipse.jetty,org.jboss.logging,org.apache.activemq.artemis.core.server,org.apache.activemq.artemis.utils,org.apache.activemq.artemis.journal,org.apache.activemq.artemis.jms.server,org.apache.activemq.artemis.integration.bootstrap,org.apache.activemq.audit.base,org.apache.activemq.audit.message,org.apache.activemq.audit.resource
+
+# Root logger level
+logger.level=INFO
+# ActiveMQ Artemis logger levels
+logger.org.apache.activemq.artemis.core.server.level=INFO
+logger.org.apache.activemq.artemis.journal.level=INFO
+logger.org.apache.activemq.artemis.utils.level=INFO
+logger.org.apache.activemq.artemis.jms.level=INFO
+logger.org.apache.activemq.artemis.integration.bootstrap.level=INFO
+logger.org.eclipse.jetty.level=WARN
+# Root logger handlers
+logger.handlers=FILE,CONSOLE
+
+# to enable audit change the level to INFO
+logger.org.apache.activemq.audit.base.level=INFO
+logger.org.apache.activemq.audit.base.handlers=AUDIT_FILE
+logger.org.apache.activemq.audit.base.useParentHandlers=false
+
+logger.org.apache.activemq.audit.resource.level=INFO
+logger.org.apache.activemq.audit.resource.handlers=AUDIT_FILE
+logger.org.apache.activemq.audit.resource.useParentHandlers=false
+
+logger.org.apache.activemq.audit.message.level=INFO
+logger.org.apache.activemq.audit.message.handlers=AUDIT_FILE
+logger.org.apache.activemq.audit.message.useParentHandlers=false
+
+# Console handler configuration
+handler.CONSOLE=org.jboss.logmanager.handlers.ConsoleHandler
+handler.CONSOLE.properties=autoFlush
+handler.CONSOLE.level=DEBUG
+handler.CONSOLE.autoFlush=true
+handler.CONSOLE.formatter=PATTERN
+
+# File handler configuration
+handler.FILE=org.jboss.logmanager.handlers.PeriodicRotatingFileHandler
+handler.FILE.level=DEBUG
+handler.FILE.properties=suffix,append,autoFlush,fileName
+handler.FILE.suffix=.yyyy-MM-dd
+handler.FILE.append=true
+handler.FILE.autoFlush=true
+handler.FILE.fileName=${artemis.instance}/log/artemis.log
+handler.FILE.formatter=PATTERN
+
+# Formatter pattern configuration
+formatter.PATTERN=org.jboss.logmanager.formatters.PatternFormatter
+formatter.PATTERN.properties=pattern
+formatter.PATTERN.pattern=%d %-5p [%c] %s%E%n
+
+#Audit logger
+handler.AUDIT_FILE=org.jboss.logmanager.handlers.PeriodicRotatingFileHandler
+handler.AUDIT_FILE.level=INFO
+handler.AUDIT_FILE.properties=suffix,append,autoFlush,fileName
+handler.AUDIT_FILE.suffix=.yyyy-MM-dd
+handler.AUDIT_FILE.append=true
+handler.AUDIT_FILE.autoFlush=true
+handler.AUDIT_FILE.fileName=${artemis.instance}/log/audit.log
+handler.AUDIT_FILE.formatter=AUDIT_PATTERN
+
+formatter.AUDIT_PATTERN=org.jboss.logmanager.formatters.PatternFormatter
+formatter.AUDIT_PATTERN.properties=pattern
+formatter.AUDIT_PATTERN.pattern=%d [AUDIT](%t) %s%E%n
\ No newline at end of file
diff --git a/examples/features/standard/security-keycloak/src/main/resources/activemq/server0/login.config b/examples/features/standard/security-keycloak/src/main/resources/activemq/server0/login.config
new file mode 100644
index 0000000..a6a4955
--- /dev/null
+++ b/examples/features/standard/security-keycloak/src/main/resources/activemq/server0/login.config
@@ -0,0 +1,36 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+console {
+
+ org.keycloak.adapters.jaas.BearerTokenLoginModule required
+ keycloak-config-file="${artemis.instance}/etc/keycloak-bearer-token.json"
+ role-principal-class=org.apache.activemq.artemis.spi.core.security.jaas.RolePrincipal
+ ;
+};
+
+activemq {
+
+ org.keycloak.adapters.jaas.DirectAccessGrantsLoginModule required
+ keycloak-config-file="${artemis.instance}/etc/keycloak-direct-access.json"
+ role-principal-class=org.apache.activemq.artemis.spi.core.security.jaas.RolePrincipal
+ ;
+
+ org.apache.activemq.artemis.spi.core.security.jaas.PrincipalConversionLoginModule required
+ principalClassList=org.keycloak.KeycloakPrincipal
+ ;
+};
\ No newline at end of file
diff --git a/examples/features/standard/security-keycloak/src/main/resources/artemis-keycloak-demo-realm.json b/examples/features/standard/security-keycloak/src/main/resources/artemis-keycloak-demo-realm.json
new file mode 100644
index 0000000..d7b9ca1
--- /dev/null
+++ b/examples/features/standard/security-keycloak/src/main/resources/artemis-keycloak-demo-realm.json
@@ -0,0 +1,3650 @@
+[ {
+ "id" : "artemis-keycloak-demo",
+ "realm" : "artemis-keycloak-demo",
+ "notBefore" : 0,
+ "revokeRefreshToken" : false,
+ "refreshTokenMaxReuse" : 0,
+ "accessTokenLifespan" : 300,
+ "accessTokenLifespanForImplicitFlow" : 900,
+ "ssoSessionIdleTimeout" : 1800,
+ "ssoSessionMaxLifespan" : 36000,
+ "ssoSessionIdleTimeoutRememberMe" : 0,
+ "ssoSessionMaxLifespanRememberMe" : 0,
+ "offlineSessionIdleTimeout" : 2592000,
+ "offlineSessionMaxLifespanEnabled" : false,
+ "offlineSessionMaxLifespan" : 5184000,
+ "clientSessionIdleTimeout" : 0,
+ "clientSessionMaxLifespan" : 0,
+ "clientOfflineSessionIdleTimeout" : 0,
+ "clientOfflineSessionMaxLifespan" : 0,
+ "accessCodeLifespan" : 60,
+ "accessCodeLifespanUserAction" : 300,
+ "accessCodeLifespanLogin" : 1800,
+ "actionTokenGeneratedByAdminLifespan" : 43200,
+ "actionTokenGeneratedByUserLifespan" : 300,
+ "enabled" : true,
+ "sslRequired" : "external",
+ "registrationAllowed" : false,
+ "registrationEmailAsUsername" : false,
+ "rememberMe" : false,
+ "verifyEmail" : false,
+ "loginWithEmailAllowed" : true,
+ "duplicateEmailsAllowed" : false,
+ "resetPasswordAllowed" : false,
+ "editUsernameAllowed" : false,
+ "bruteForceProtected" : false,
+ "permanentLockout" : false,
+ "maxFailureWaitSeconds" : 900,
+ "minimumQuickLoginWaitSeconds" : 60,
+ "waitIncrementSeconds" : 60,
+ "quickLoginCheckMilliSeconds" : 1000,
+ "maxDeltaTimeSeconds" : 43200,
+ "failureFactor" : 30,
+ "roles" : {
+ "realm" : [ {
+ "id" : "d1b23581-16bb-4c33-ba5e-88b2c89d6f6b",
+ "name" : "offline_access",
+ "description" : "${role_offline-access}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "artemis-keycloak-demo",
+ "attributes" : { }
+ }, {
+ "id" : "fde8f0a4-05d4-4845-bb0d-464fd45229ed",
+ "name" : "uma_authorization",
+ "description" : "${role_uma_authorization}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "artemis-keycloak-demo",
+ "attributes" : { }
+ } ],
+ "client" : {
+ "realm-management" : [ {
+ "id" : "58cf8dc3-0dbb-4211-b042-6cb1c42f25de",
+ "name" : "manage-users",
+ "description" : "${role_manage-users}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "8058e1ae-b137-4fc9-aec4-1a066723c146",
+ "attributes" : { }
+ }, {
+ "id" : "c9abd629-4c1c-4c13-8f19-629a620810a3",
+ "name" : "view-clients",
+ "description" : "${role_view-clients}",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "realm-management" : [ "query-clients" ]
+ }
+ },
+ "clientRole" : true,
+ "containerId" : "8058e1ae-b137-4fc9-aec4-1a066723c146",
+ "attributes" : { }
+ }, {
+ "id" : "857116cb-7715-4770-8294-b47102d87c1b",
+ "name" : "manage-events",
+ "description" : "${role_manage-events}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "8058e1ae-b137-4fc9-aec4-1a066723c146",
+ "attributes" : { }
+ }, {
+ "id" : "b58c0043-d73d-4b70-beec-e41e96bfd099",
+ "name" : "view-realm",
+ "description" : "${role_view-realm}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "8058e1ae-b137-4fc9-aec4-1a066723c146",
+ "attributes" : { }
+ }, {
+ "id" : "3cde926c-14eb-468e-9cf3-c27fe799ac6f",
+ "name" : "create-client",
+ "description" : "${role_create-client}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "8058e1ae-b137-4fc9-aec4-1a066723c146",
+ "attributes" : { }
+ }, {
+ "id" : "f864ac38-f0b0-4301-ae90-66353903d8b3",
+ "name" : "query-clients",
+ "description" : "${role_query-clients}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "8058e1ae-b137-4fc9-aec4-1a066723c146",
+ "attributes" : { }
+ }, {
+ "id" : "78487553-997c-4392-a004-35e0ce3f09a5",
+ "name" : "impersonation",
+ "description" : "${role_impersonation}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "8058e1ae-b137-4fc9-aec4-1a066723c146",
+ "attributes" : { }
+ }, {
+ "id" : "34ba46f9-edcb-4b6a-b67d-8d6c96e950ac",
+ "name" : "manage-identity-providers",
+ "description" : "${role_manage-identity-providers}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "8058e1ae-b137-4fc9-aec4-1a066723c146",
+ "attributes" : { }
+ }, {
+ "id" : "0d1e3bde-7d7d-4274-8f69-3ad0ee5b0d2a",
+ "name" : "manage-realm",
+ "description" : "${role_manage-realm}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "8058e1ae-b137-4fc9-aec4-1a066723c146",
+ "attributes" : { }
+ }, {
+ "id" : "b3b5a154-5a49-4aeb-a1bc-6afb1ac0717c",
+ "name" : "query-realms",
+ "description" : "${role_query-realms}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "8058e1ae-b137-4fc9-aec4-1a066723c146",
+ "attributes" : { }
+ }, {
+ "id" : "23bcd4a4-38d2-43c1-b1fc-8924ca4bb345",
+ "name" : "query-groups",
+ "description" : "${role_query-groups}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "8058e1ae-b137-4fc9-aec4-1a066723c146",
+ "attributes" : { }
+ }, {
+ "id" : "d2d5ea92-7993-4874-8f08-a4fba878cfcd",
+ "name" : "manage-clients",
+ "description" : "${role_manage-clients}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "8058e1ae-b137-4fc9-aec4-1a066723c146",
+ "attributes" : { }
+ }, {
+ "id" : "4270eb25-547b-4d5e-9bcf-154e631aae0f",
+ "name" : "view-events",
+ "description" : "${role_view-events}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "8058e1ae-b137-4fc9-aec4-1a066723c146",
+ "attributes" : { }
+ }, {
+ "id" : "5e69ec70-17d7-4247-9363-3823098a1e1a",
+ "name" : "view-users",
+ "description" : "${role_view-users}",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "realm-management" : [ "query-groups", "query-users" ]
+ }
+ },
+ "clientRole" : true,
+ "containerId" : "8058e1ae-b137-4fc9-aec4-1a066723c146",
+ "attributes" : { }
+ }, {
+ "id" : "68b7cc1f-ea61-4deb-9c99-18b9862bba09",
+ "name" : "query-users",
+ "description" : "${role_query-users}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "8058e1ae-b137-4fc9-aec4-1a066723c146",
+ "attributes" : { }
+ }, {
+ "id" : "bb8a0e9d-24b0-424c-b1a6-c7f88655569a",
+ "name" : "view-identity-providers",
+ "description" : "${role_view-identity-providers}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "8058e1ae-b137-4fc9-aec4-1a066723c146",
+ "attributes" : { }
+ }, {
+ "id" : "d4c2191a-d42b-429d-90a5-0c3d0a45f248",
+ "name" : "manage-authorization",
+ "description" : "${role_manage-authorization}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "8058e1ae-b137-4fc9-aec4-1a066723c146",
+ "attributes" : { }
+ }, {
+ "id" : "9496a6a5-5f02-4985-949f-6fcd530a8ecc",
+ "name" : "realm-admin",
+ "description" : "${role_realm-admin}",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "realm-management" : [ "manage-users", "view-clients", "manage-events", "view-realm", "create-client", "query-clients", "impersonation", "manage-realm", "manage-identity-providers", "query-realms", "query-groups", "view-events", "manage-clients", "view-users", "query-users", "view-identity-providers", "view-authorization", "manage-authorization" ]
+ }
+ },
+ "clientRole" : true,
+ "containerId" : "8058e1ae-b137-4fc9-aec4-1a066723c146",
+ "attributes" : { }
+ }, {
+ "id" : "518f4e47-311b-44c9-92f7-1869cf5dd67a",
+ "name" : "view-authorization",
+ "description" : "${role_view-authorization}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "8058e1ae-b137-4fc9-aec4-1a066723c146",
+ "attributes" : { }
+ } ],
+ "artemis-broker" : [ {
+ "id" : "8ec0702b-4a6e-4eb8-b2ea-749365a91f50",
+ "name" : "amq",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "6874f01b-9f64-4f52-bd76-1cf0f66e4d7e",
+ "attributes" : { }
+ }, {
+ "id" : "31dc56ac-5b23-4750-8332-282e6bd6de17",
+ "name" : "guest",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "6874f01b-9f64-4f52-bd76-1cf0f66e4d7e",
+ "attributes" : { }
+ } ],
+ "security-admin-console" : [ ],
+ "admin-cli" : [ ],
+ "artemis-console" : [ {
+ "id" : "bd9a38ad-8044-4675-9363-7dc437468f92",
+ "name" : "guest",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "75f83af0-f4f8-4a25-b6e5-bd331a3306c2",
+ "attributes" : { }
+ } ],
+ "account-console" : [ ],
+ "broker" : [ {
+ "id" : "c560ea46-4122-457d-a7f2-d40e7d3aefde",
+ "name" : "read-token",
+ "description" : "${role_read-token}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "faa915cf-c333-4211-b0e6-8d910143f440",
+ "attributes" : { }
+ } ],
+ "account" : [ {
+ "id" : "2cd09bec-c1d9-411d-97da-c6b4bc4d4766",
+ "name" : "manage-account",
+ "description" : "${role_manage-account}",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "account" : [ "manage-account-links" ]
+ }
+ },
+ "clientRole" : true,
+ "containerId" : "f4fade80-b020-4a8f-8ec0-a20dd83b75d5",
+ "attributes" : { }
+ }, {
+ "id" : "bae3e47d-95a3-4aa3-8f1d-471c22c7b5f8",
+ "name" : "manage-account-links",
+ "description" : "${role_manage-account-links}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "f4fade80-b020-4a8f-8ec0-a20dd83b75d5",
+ "attributes" : { }
+ }, {
+ "id" : "f11f83db-58fa-4c1a-a174-47b899090ca9",
+ "name" : "view-profile",
+ "description" : "${role_view-profile}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "f4fade80-b020-4a8f-8ec0-a20dd83b75d5",
+ "attributes" : { }
+ }, {
+ "id" : "2e77d968-68c2-43fc-b70f-2ee7ba6859ce",
+ "name" : "view-applications",
+ "description" : "${role_view-applications}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "f4fade80-b020-4a8f-8ec0-a20dd83b75d5",
+ "attributes" : { }
+ }, {
+ "id" : "535c165c-3b62-4711-917d-dc463e662109",
+ "name" : "view-consent",
+ "description" : "${role_view-consent}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "f4fade80-b020-4a8f-8ec0-a20dd83b75d5",
+ "attributes" : { }
+ }, {
+ "id" : "7dc5279d-53ed-4cf0-95c7-9ad62b3efd8e",
+ "name" : "delete-account",
+ "description" : "${role_delete-account}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "f4fade80-b020-4a8f-8ec0-a20dd83b75d5",
+ "attributes" : { }
+ }, {
+ "id" : "858adc6d-4951-4b20-9a2b-d6e2e96ff844",
+ "name" : "manage-consent",
+ "description" : "${role_manage-consent}",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "account" : [ "view-consent" ]
+ }
+ },
+ "clientRole" : true,
+ "containerId" : "f4fade80-b020-4a8f-8ec0-a20dd83b75d5",
+ "attributes" : { }
+ } ]
+ }
+ },
+ "groups" : [ ],
+ "defaultRoles" : [ "offline_access", "uma_authorization" ],
+ "requiredCredentials" : [ "password" ],
+ "otpPolicyType" : "totp",
+ "otpPolicyAlgorithm" : "HmacSHA1",
+ "otpPolicyInitialCounter" : 0,
+ "otpPolicyDigits" : 6,
+ "otpPolicyLookAheadWindow" : 1,
+ "otpPolicyPeriod" : 30,
+ "otpSupportedApplications" : [ "FreeOTP", "Google Authenticator" ],
+ "webAuthnPolicyRpEntityName" : "keycloak",
+ "webAuthnPolicySignatureAlgorithms" : [ "ES256" ],
+ "webAuthnPolicyRpId" : "",
+ "webAuthnPolicyAttestationConveyancePreference" : "not specified",
+ "webAuthnPolicyAuthenticatorAttachment" : "not specified",
+ "webAuthnPolicyRequireResidentKey" : "not specified",
+ "webAuthnPolicyUserVerificationRequirement" : "not specified",
+ "webAuthnPolicyCreateTimeout" : 0,
+ "webAuthnPolicyAvoidSameAuthenticatorRegister" : false,
+ "webAuthnPolicyAcceptableAaguids" : [ ],
+ "webAuthnPolicyPasswordlessRpEntityName" : "keycloak",
+ "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ],
+ "webAuthnPolicyPasswordlessRpId" : "",
+ "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified",
+ "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified",
+ "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified",
+ "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified",
+ "webAuthnPolicyPasswordlessCreateTimeout" : 0,
+ "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false,
+ "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ],
+ "users" : [ {
+ "id" : "563d5f9b-9119-430e-8963-89e86c22c855",
+ "createdTimestamp" : 1615203149135,
+ "username" : "jdoe",
+ "enabled" : true,
+ "totp" : false,
+ "emailVerified" : false,
+ "firstName" : "John",
+ "lastName" : "doe",
+ "credentials" : [ {
+ "id" : "16a932c9-0129-4bb1-975f-a2911f0420b5",
+ "type" : "password",
+ "createdDate" : 1615203192238,
+ "secretData" : "{\"value\":\"Fw57FUG3fN5N2XxxE0Qim+2Bp3Lq2jBPFa1pmv/6CboOAyrXb0FwhsruAnA8ztWUAPgvI6hfULjq4SBqQ5EYSA==\",\"salt\":\"BCSIKYNmsqstBG6xAEbakw==\",\"additionalParameters\":{}}",
+ "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
+ } ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "offline_access", "uma_authorization" ],
+ "clientRoles" : {
+ "artemis-broker" : [ "guest" ],
+ "artemis-console" : [ "guest" ],
+ "account" : [ "manage-account", "view-profile" ]
+ },
+ "notBefore" : 0,
+ "groups" : [ ]
+ }, {
+ "id" : "f0274c01-d204-4728-a8c9-a4b8f00c2654",
+ "createdTimestamp" : 1615203216400,
+ "username" : "mdoe",
+ "enabled" : true,
+ "totp" : false,
+ "emailVerified" : false,
+ "firstName" : "mike",
+ "lastName" : "Doe",
+ "credentials" : [ {
+ "id" : "c19263d2-c2fc-4cf0-b539-92478b8b6c86",
+ "type" : "password",
+ "createdDate" : 1615203229695,
+ "secretData" : "{\"value\":\"rzNO+t2+yVp1y5p8bVeLY5o/0mZjqVqmeKRVnsTUwkOVPld3UnTkdBYDvD9zUtO7zpelwJNK46yoN1hQUDLESw==\",\"salt\":\"5+8HEGa5IDebJ5MxqRD+/A==\",\"additionalParameters\":{}}",
+ "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
+ } ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "offline_access", "uma_authorization" ],
+ "clientRoles" : {
+ "artemis-broker" : [ "amq", "guest" ],
+ "artemis-console" : [ "guest" ],
+ "account" : [ "manage-account", "view-profile" ]
+ },
+ "notBefore" : 0,
+ "groups" : [ ]
+ } ],
+ "clientScopeMappings" : {
+ "account" : [ {
+ "client" : "account-console",
+ "roles" : [ "manage-account" ]
+ } ]
+ },
+ "clients" : [ {
+ "id" : "f4fade80-b020-4a8f-8ec0-a20dd83b75d5",
+ "clientId" : "account",
+ "name" : "${client_account}",
+ "rootUrl" : "${authBaseUrl}",
+ "baseUrl" : "/realms/artemis-keycloak-demo/account/",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "secret" : "**********",
+ "defaultRoles" : [ "manage-account", "view-profile" ],
+ "redirectUris" : [ "/realms/artemis-keycloak-demo/account/*" ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : false,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : false,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : { },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "f44cbfb0-8969-4dd7-b7b0-9a9a548ac5dd",
+ "clientId" : "account-console",
+ "name" : "${client_account-console}",
+ "rootUrl" : "${authBaseUrl}",
+ "baseUrl" : "/realms/artemis-keycloak-demo/account/",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "secret" : "**********",
+ "redirectUris" : [ "/realms/artemis-keycloak-demo/account/*" ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : false,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : true,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "pkce.code.challenge.method" : "S256"
+ },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "protocolMappers" : [ {
+ "id" : "c623d1c2-0da6-414c-a345-8e7b2e886814",
+ "name" : "audience resolve",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-audience-resolve-mapper",
+ "consentRequired" : false,
+ "config" : { }
+ } ],
+ "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "258eebbd-ff72-4d93-bd26-1f63e1b8853c",
+ "clientId" : "admin-cli",
+ "name" : "${client_admin-cli}",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "secret" : "**********",
+ "redirectUris" : [ ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : false,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : true,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : true,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : { },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "6874f01b-9f64-4f52-bd76-1cf0f66e4d7e",
+ "clientId" : "artemis-broker",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "secret" : "9699685c-8a30-45cf-bf19-0d38bbac5fdc",
+ "defaultRoles" : [ "guest" ],
+ "redirectUris" : [ ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : false,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : true,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : false,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "saml.assertion.signature" : "false",
+ "saml.force.post.binding" : "false",
+ "saml.multivalued.roles" : "false",
+ "saml.encrypt" : "false",
+ "backchannel.logout.revoke.offline.tokens" : "false",
+ "saml.server.signature" : "false",
+ "saml.server.signature.keyinfo.ext" : "false",
+ "exclude.session.state.from.auth.response" : "false",
+ "backchannel.logout.session.required" : "true",
+ "client_credentials.use_refresh_token" : "false",
+ "saml_force_name_id_format" : "false",
+ "saml.client.signature" : "false",
+ "tls.client.certificate.bound.access.tokens" : "false",
+ "saml.authnstatement" : "false",
+ "display.on.consent.screen" : "false",
+ "saml.onetimeuse.condition" : "false"
+ },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : true,
+ "nodeReRegistrationTimeout" : -1,
+ "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "75f83af0-f4f8-4a25-b6e5-bd331a3306c2",
+ "clientId" : "artemis-console",
+ "name" : "",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "secret" : "**********",
+ "defaultRoles" : [ "guest" ],
+ "redirectUris" : [ "http://localhost:8161/console/*" ],
+ "webOrigins" : [ "+" ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : false,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : true,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "saml.assertion.signature" : "false",
+ "saml.force.post.binding" : "false",
+ "saml.multivalued.roles" : "false",
+ "saml.encrypt" : "false",
+ "backchannel.logout.revoke.offline.tokens" : "false",
+ "saml.server.signature" : "false",
+ "saml.server.signature.keyinfo.ext" : "false",
+ "exclude.session.state.from.auth.response" : "false",
+ "backchannel.logout.session.required" : "true",
+ "client_credentials.use_refresh_token" : "false",
+ "saml_force_name_id_format" : "false",
+ "saml.client.signature" : "false",
+ "tls.client.certificate.bound.access.tokens" : "false",
+ "saml.authnstatement" : "false",
+ "display.on.consent.screen" : "false",
+ "saml.onetimeuse.condition" : "false"
+ },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : true,
+ "nodeReRegistrationTimeout" : -1,
+ "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "faa915cf-c333-4211-b0e6-8d910143f440",
+ "clientId" : "broker",
+ "name" : "${client_broker}",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "secret" : "**********",
+ "redirectUris" : [ ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : false,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : false,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : { },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "8058e1ae-b137-4fc9-aec4-1a066723c146",
+ "clientId" : "realm-management",
+ "name" : "${client_realm-management}",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "secret" : "**********",
+ "redirectUris" : [ ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : true,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : false,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : false,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : { },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "c1d70871-976d-4bcf-940f-2d9bd1c84d78",
+ "clientId" : "security-admin-console",
+ "name" : "${client_security-admin-console}",
+ "rootUrl" : "${authAdminUrl}",
+ "baseUrl" : "/admin/artemis-keycloak-demo/console/",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "secret" : "**********",
+ "redirectUris" : [ "/admin/artemis-keycloak-demo/console/*" ],
+ "webOrigins" : [ "+" ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : false,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : true,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "pkce.code.challenge.method" : "S256"
+ },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "protocolMappers" : [ {
+ "id" : "db9f92c0-05d1-4c88-b4ef-af696f00a272",
+ "name" : "locale",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "locale",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "locale",
+ "jsonType.label" : "String"
+ }
+ } ],
+ "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ } ],
+ "clientScopes" : [ {
+ "id" : "740f094b-5d61-4590-a606-321af4d38628",
+ "name" : "address",
+ "description" : "OpenID Connect built-in scope: address",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "true",
+ "consent.screen.text" : "${addressScopeConsentText}"
+ },
+ "protocolMappers" : [ {
+ "id" : "3dc49dd4-fff1-42bd-9c59-842c1abba650",
+ "name" : "address",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-address-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "user.attribute.formatted" : "formatted",
+ "user.attribute.country" : "country",
+ "user.attribute.postal_code" : "postal_code",
+ "userinfo.token.claim" : "true",
+ "user.attribute.street" : "street",
+ "id.token.claim" : "true",
+ "user.attribute.region" : "region",
+ "access.token.claim" : "true",
+ "user.attribute.locality" : "locality"
+ }
+ } ]
+ }, {
+ "id" : "40eb9ce1-0b52-4bce-88cb-2a7b78e48f2b",
+ "name" : "email",
+ "description" : "OpenID Connect built-in scope: email",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "true",
+ "consent.screen.text" : "${emailScopeConsentText}"
+ },
+ "protocolMappers" : [ {
+ "id" : "17dd39c1-5083-4a65-a62e-1f72a3f7b8aa",
+ "name" : "email verified",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "emailVerified",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "email_verified",
+ "jsonType.label" : "boolean"
+ }
+ }, {
+ "id" : "33a66318-0b43-4184-9768-51d1e9e77560",
+ "name" : "email",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "email",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "email",
+ "jsonType.label" : "String"
+ }
+ } ]
+ }, {
+ "id" : "912850d8-6d0e-4b4f-b68b-1b2c7b377ac7",
+ "name" : "microprofile-jwt",
+ "description" : "Microprofile - JWT built-in scope",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "false"
+ },
+ "protocolMappers" : [ {
+ "id" : "46e28353-6e20-46b0-b4df-5339522e5612",
+ "name" : "upn",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "username",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "upn",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "2c833b5a-8f08-46bd-b017-29a6483031c9",
+ "name" : "groups",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-realm-role-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "multivalued" : "true",
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "foo",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "groups",
+ "jsonType.label" : "String"
+ }
+ } ]
+ }, {
+ "id" : "9eb9e8f4-7a40-4b90-ad2d-7b1e6fdcdb5c",
+ "name" : "offline_access",
+ "description" : "OpenID Connect built-in scope: offline_access",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "consent.screen.text" : "${offlineAccessScopeConsentText}",
+ "display.on.consent.screen" : "true"
+ }
+ }, {
+ "id" : "7a0fdcf8-abaa-4ecb-827b-b3d05a303cf3",
+ "name" : "phone",
+ "description" : "OpenID Connect built-in scope: phone",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "true",
+ "consent.screen.text" : "${phoneScopeConsentText}"
+ },
+ "protocolMappers" : [ {
+ "id" : "d4e34712-9ee7-43de-9adb-0e6341170d30",
+ "name" : "phone number",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "phoneNumber",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "phone_number",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "989dfe94-e505-4c0f-8c00-81bf7e9c6d7f",
+ "name" : "phone number verified",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "phoneNumberVerified",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "phone_number_verified",
+ "jsonType.label" : "boolean"
+ }
+ } ]
+ }, {
+ "id" : "7b2d5b88-9c68-4c55-9c03-1c3e53ec9b52",
+ "name" : "profile",
+ "description" : "OpenID Connect built-in scope: profile",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "true",
+ "consent.screen.text" : "${profileScopeConsentText}"
+ },
+ "protocolMappers" : [ {
+ "id" : "9184f0e7-22d4-4be1-b3a0-65388b1450b5",
+ "name" : "middle name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "middleName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "middle_name",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "6f1b0f20-ef8c-47c8-9f8d-b84454ceb1a2",
+ "name" : "website",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "website",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "website",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "35d3f33b-1112-41c4-88dd-9d8b987ef118",
+ "name" : "zoneinfo",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "zoneinfo",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "zoneinfo",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "e834e444-1364-4c22-9eb0-1f28b6ef73ae",
+ "name" : "family name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "lastName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "family_name",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "d5846532-20c8-40de-840d-44abbce69a8f",
+ "name" : "birthdate",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "birthdate",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "birthdate",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "76f040c6-f48c-4c96-a3e8-6d9c6b36b1fd",
+ "name" : "username",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "username",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "preferred_username",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "c605bab0-fefd-459b-9354-9718a906948c",
+ "name" : "picture",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "picture",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "picture",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "3ad99911-64c4-4242-99ea-ff739066cdd1",
+ "name" : "updated at",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "updatedAt",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "updated_at",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "7b123845-53c5-4795-b70e-d403004294ad",
+ "name" : "locale",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "locale",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "locale",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "835a77fa-16d7-4693-ac44-e6a18afbac27",
+ "name" : "profile",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "profile",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "profile",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "4630db0a-19cd-4675-9910-e04d649e424b",
+ "name" : "full name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-full-name-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "userinfo.token.claim" : "true"
+ }
+ }, {
+ "id" : "7dffa1b3-02ae-447b-b455-d65b4eb569dd",
+ "name" : "given name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "firstName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "given_name",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "dae818dc-87a3-4d78-b54b-17a99d021f9b",
+ "name" : "nickname",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "nickname",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "nickname",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "9da1a6dc-8668-4d1c-a651-e62b23e37832",
+ "name" : "gender",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "gender",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "gender",
+ "jsonType.label" : "String"
+ }
+ } ]
+ }, {
+ "id" : "458ca4d1-7a8f-4c49-b92e-e59eb2a385c1",
+ "name" : "role_list",
+ "description" : "SAML role list",
+ "protocol" : "saml",
+ "attributes" : {
+ "consent.screen.text" : "${samlRoleListScopeConsentText}",
+ "display.on.consent.screen" : "true"
+ },
+ "protocolMappers" : [ {
+ "id" : "046d2a27-bbd1-4d16-b3d2-043548a948e3",
+ "name" : "role list",
+ "protocol" : "saml",
+ "protocolMapper" : "saml-role-list-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "single" : "false",
+ "attribute.nameformat" : "Basic",
+ "attribute.name" : "Role"
+ }
+ } ]
+ }, {
+ "id" : "da5fd7af-acd4-4e69-b6ac-292109b1ed24",
+ "name" : "roles",
+ "description" : "OpenID Connect scope for add user roles to the access token",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "false",
+ "display.on.consent.screen" : "true",
+ "consent.screen.text" : "${rolesScopeConsentText}"
+ },
+ "protocolMappers" : [ {
+ "id" : "179f0d74-fb3f-4c1a-a6c1-04eaf42b5ec5",
+ "name" : "realm roles",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-realm-role-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "user.attribute" : "foo",
+ "access.token.claim" : "true",
+ "claim.name" : "realm_access.roles",
+ "jsonType.label" : "String",
+ "multivalued" : "true"
+ }
+ }, {
+ "id" : "63ed3e3a-2821-4d6b-9860-8b661fff647d",
+ "name" : "audience resolve",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-audience-resolve-mapper",
+ "consentRequired" : false,
+ "config" : { }
+ }, {
+ "id" : "0a953f7a-a2af-4802-8059-5c277472679f",
+ "name" : "client roles",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-client-role-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "user.attribute" : "foo",
+ "access.token.claim" : "true",
+ "claim.name" : "resource_access.${client_id}.roles",
+ "jsonType.label" : "String",
+ "multivalued" : "true"
+ }
+ } ]
+ }, {
+ "id" : "322674b4-1e3c-4941-b482-1bf593cfaff8",
+ "name" : "web-origins",
+ "description" : "OpenID Connect scope for add allowed web origins to the access token",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "false",
+ "display.on.consent.screen" : "false",
+ "consent.screen.text" : ""
+ },
+ "protocolMappers" : [ {
+ "id" : "42eac5b2-f1b1-4f1b-bdaf-98b26ddb0545",
+ "name" : "allowed web origins",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-allowed-origins-mapper",
+ "consentRequired" : false,
+ "config" : { }
+ } ]
+ } ],
+ "defaultDefaultClientScopes" : [ "role_list", "profile", "email", "roles", "web-origins" ],
+ "defaultOptionalClientScopes" : [ "offline_access", "address", "phone", "microprofile-jwt" ],
+ "browserSecurityHeaders" : {
+ "contentSecurityPolicyReportOnly" : "",
+ "xContentTypeOptions" : "nosniff",
+ "xRobotsTag" : "none",
+ "xFrameOptions" : "SAMEORIGIN",
+ "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
+ "xXSSProtection" : "1; mode=block",
+ "strictTransportSecurity" : "max-age=31536000; includeSubDomains"
+ },
+ "smtpServer" : { },
+ "eventsEnabled" : false,
+ "eventsListeners" : [ "jboss-logging" ],
+ "enabledEventTypes" : [ ],
+ "adminEventsEnabled" : false,
+ "adminEventsDetailsEnabled" : false,
+ "identityProviders" : [ ],
+ "identityProviderMappers" : [ ],
+ "components" : {
+ "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ {
+ "id" : "4cef99f2-d42a-42b9-8987-24f79cf7e1a1",
+ "name" : "Allowed Client Scopes",
+ "providerId" : "allowed-client-templates",
+ "subType" : "authenticated",
+ "subComponents" : { },
+ "config" : {
+ "allow-default-scopes" : [ "true" ]
+ }
+ }, {
+ "id" : "2e20f5bb-002d-48bd-979a-4bdd1ba9f8eb",
+ "name" : "Full Scope Disabled",
+ "providerId" : "scope",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : { }
+ }, {
+ "id" : "6f455b82-b7b4-40ee-8c1e-4eb560ef8638",
+ "name" : "Max Clients Limit",
+ "providerId" : "max-clients",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : {
+ "max-clients" : [ "200" ]
+ }
+ }, {
+ "id" : "6b702a28-0234-4025-b82f-16d54e6edded",
+ "name" : "Allowed Protocol Mapper Types",
+ "providerId" : "allowed-protocol-mappers",
+ "subType" : "authenticated",
+ "subComponents" : { },
+ "config" : {
+ "allowed-protocol-mapper-types" : [ "oidc-sha256-pairwise-sub-mapper", "saml-user-attribute-mapper", "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper", "saml-user-property-mapper", "oidc-full-name-mapper", "saml-role-list-mapper", "oidc-address-mapper" ]
+ }
+ }, {
+ "id" : "83883c14-513b-4757-a565-715f6d23d166",
+ "name" : "Trusted Hosts",
+ "providerId" : "trusted-hosts",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : {
+ "host-sending-registration-request-must-match" : [ "true" ],
+ "client-uris-must-match" : [ "true" ]
+ }
+ }, {
+ "id" : "4fd0d21b-2767-41cf-815d-1aeaabf03870",
+ "name" : "Allowed Client Scopes",
+ "providerId" : "allowed-client-templates",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : {
+ "allow-default-scopes" : [ "true" ]
+ }
+ }, {
+ "id" : "e1f56894-1e2b-4c06-a8ca-0d4204b9c3fe",
+ "name" : "Consent Required",
+ "providerId" : "consent-required",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : { }
+ }, {
+ "id" : "2b62bc0c-21e3-4992-b382-24915508dc9f",
+ "name" : "Allowed Protocol Mapper Types",
+ "providerId" : "allowed-protocol-mappers",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : {
+ "allowed-protocol-mapper-types" : [ "oidc-full-name-mapper", "saml-role-list-mapper", "oidc-usermodel-property-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-address-mapper", "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", "saml-user-attribute-mapper" ]
+ }
+ } ],
+ "org.keycloak.keys.KeyProvider" : [ {
+ "id" : "b431de88-4985-4365-88a5-0343dea2600b",
+ "name" : "hmac-generated",
+ "providerId" : "hmac-generated",
+ "subComponents" : { },
+ "config" : {
+ "kid" : [ "9c4c782b-bd40-4d6f-91d2-0b8eeabadb99" ],
+ "secret" : [ "44yfy_txXD8hYqnndbkl3yqT5YNVQDG3DR89RbWRgHrdczQVnwo-d-sVNdxZjjK2yS8HOFxTpX_JwrR7lKfZoQ" ],
+ "priority" : [ "100" ],
+ "algorithm" : [ "HS256" ]
+ }
+ }, {
+ "id" : "01ac506e-bee1-414b-9a4c-15e1f8cf3395",
+ "name" : "rsa-generated",
+ "providerId" : "rsa-generated",
+ "subComponents" : { },
+ "config" : {
+ "privateKey" : [ "MIIEpAIBAAKCAQEAn2Hf3x29JJ2gWap9pEgIHl0Pg0r4I5m7+tx48XyIUDU4tq46eGgEwplr4w2nJC4/YlD8eTBydeBnL61GVMmZHOW8bHfq2eyu6PF127KDca98Gyb3b1cB1f8RhWSAEQRnJJM+ThV9N3MnPBYC/+5eJyQKysb5Knqp8HdljyP+b3syav+jHS+L9PqFWs4qCPyOMDdIWuyOW22A0uCaNCQjZcNEkz7t3sUj5MlZvT7y3cRYoeMwFndT4oMhr3sDC+8KkwLKmu7095+97jDSlkC/y+i4Ktd+bJEhEfbzYVzqRR8tcWbKYqsuI7Ugtclq75EfTnfPqNQ9Yw4J//iC/Zr5qQIDAQABAoIBAQCb2KWC0t6HNkZ8RxSyFekyX4byt9TpYsMIKptsbnwQCeqZ3sW3xOaarlBrZYdA/qPl7BDkI7ZYgwQC/6jc8X/xXMchPST80M [...]
+ "certificate" : [ "MIICuTCCAaECBgF4EZjEkDANBgkqhkiG9w0BAQsFADAgMR4wHAYDVQQDDBVhcnRlbWlzLWtleWNsb2FrLWRlbW8wHhcNMjEwMzA4MTEyNzA3WhcNMzEwMzA4MTEyODQ3WjAgMR4wHAYDVQQDDBVhcnRlbWlzLWtleWNsb2FrLWRlbW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfYd/fHb0knaBZqn2kSAgeXQ+DSvgjmbv63HjxfIhQNTi2rjp4aATCmWvjDackLj9iUPx5MHJ14GcvrUZUyZkc5bxsd+rZ7K7o8XXbsoNxr3wbJvdvVwHV/xGFZIARBGckkz5OFX03cyc8FgL/7l4nJArKxvkqeqnwd2WPI/5vezJq/6MdL4v0+oVazioI/I4wN0ha7I5bbYDS4Jo0JCNlw0STPu3exSPkyVm9PvLdxFih4zAWd1Pig [...]
+ "priority" : [ "100" ]
+ }
+ }, {
+ "id" : "64f5a97a-5fa0-4dba-a12f-208cdc870b34",
+ "name" : "aes-generated",
+ "providerId" : "aes-generated",
+ "subComponents" : { },
+ "config" : {
+ "kid" : [ "4acad273-718e-46b2-99fa-6aef9af6f6a8" ],
+ "secret" : [ "KqzAvCKUIVcbqC_UYV2-YQ" ],
+ "priority" : [ "100" ]
+ }
+ } ]
+ },
+ "internationalizationEnabled" : false,
+ "supportedLocales" : [ ],
+ "authenticationFlows" : [ {
+ "id" : "b3fc0281-a54f-41bd-b744-d06f38496f90",
+ "alias" : "Account verification options",
+ "description" : "Method with which to verity the existing account",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "idp-email-verification",
+ "requirement" : "ALTERNATIVE",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "requirement" : "ALTERNATIVE",
+ "priority" : 20,
+ "flowAlias" : "Verify Existing Account by Re-authentication",
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : true
+ } ]
+ }, {
+ "id" : "90489d0b-d9d7-450b-a3ea-b0d70ce7ff36",
+ "alias" : "Authentication Options",
+ "description" : "Authentication options.",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "basic-auth",
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "basic-auth-otp",
+ "requirement" : "DISABLED",
+ "priority" : 20,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "auth-spnego",
+ "requirement" : "DISABLED",
+ "priority" : 30,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ } ]
+ }, {
+ "id" : "8b42cb4d-a64d-410b-bba8-eb2f4f57d913",
+ "alias" : "Browser - Conditional OTP",
+ "description" : "Flow to determine if the OTP is required for the authentication",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "conditional-user-configured",
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "auth-otp-form",
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ } ]
+ }, {
+ "id" : "88cfb2b3-eb8e-4160-8685-1e7daa552889",
+ "alias" : "Direct Grant - Conditional OTP",
+ "description" : "Flow to determine if the OTP is required for the authentication",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "conditional-user-configured",
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "direct-grant-validate-otp",
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ } ]
+ }, {
+ "id" : "af29d994-3b0e-4df0-8105-f4a25d48fae8",
+ "alias" : "First broker login - Conditional OTP",
+ "description" : "Flow to determine if the OTP is required for the authentication",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "conditional-user-configured",
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "auth-otp-form",
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ } ]
+ }, {
+ "id" : "606ab046-8762-481e-8936-3e06ac1272cb",
+ "alias" : "Handle Existing Account",
+ "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "idp-confirm-link",
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "flowAlias" : "Account verification options",
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : true
+ } ]
+ }, {
+ "id" : "799a2cec-a354-472f-ab97-cd1fd36b7841",
+ "alias" : "Reset - Conditional OTP",
+ "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "conditional-user-configured",
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "reset-otp",
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ } ]
+ }, {
+ "id" : "1b5bb69b-34a5-43c8-8b5f-21822222aadd",
+ "alias" : "User creation or linking",
+ "description" : "Flow for the existing/non-existing user alternatives",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticatorConfig" : "create unique user config",
+ "authenticator" : "idp-create-user-if-unique",
+ "requirement" : "ALTERNATIVE",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "requirement" : "ALTERNATIVE",
+ "priority" : 20,
+ "flowAlias" : "Handle Existing Account",
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : true
+ } ]
+ }, {
+ "id" : "8facb553-2771-49b0-b170-46037de5e566",
+ "alias" : "Verify Existing Account by Re-authentication",
+ "description" : "Reauthentication of existing account",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "idp-username-password-form",
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "requirement" : "CONDITIONAL",
+ "priority" : 20,
+ "flowAlias" : "First broker login - Conditional OTP",
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : true
+ } ]
+ }, {
+ "id" : "baae710a-592a-40ec-b44a-2be2918c3236",
+ "alias" : "browser",
+ "description" : "browser based authentication",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "auth-cookie",
+ "requirement" : "ALTERNATIVE",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "auth-spnego",
+ "requirement" : "DISABLED",
+ "priority" : 20,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "identity-provider-redirector",
+ "requirement" : "ALTERNATIVE",
+ "priority" : 25,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "requirement" : "ALTERNATIVE",
+ "priority" : 30,
+ "flowAlias" : "forms",
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : true
+ } ]
+ }, {
+ "id" : "d1f2484b-9939-4a90-8540-eb53d941b44d",
+ "alias" : "clients",
+ "description" : "Base authentication for clients",
+ "providerId" : "client-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "client-secret",
+ "requirement" : "ALTERNATIVE",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "client-jwt",
+ "requirement" : "ALTERNATIVE",
+ "priority" : 20,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "client-secret-jwt",
+ "requirement" : "ALTERNATIVE",
+ "priority" : 30,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "client-x509",
+ "requirement" : "ALTERNATIVE",
+ "priority" : 40,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ } ]
+ }, {
+ "id" : "d14461b0-cf44-4d35-97d5-889db738be83",
+ "alias" : "direct grant",
+ "description" : "OpenID Connect Resource Owner Grant",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "direct-grant-validate-username",
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "direct-grant-validate-password",
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "requirement" : "CONDITIONAL",
+ "priority" : 30,
+ "flowAlias" : "Direct Grant - Conditional OTP",
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : true
+ } ]
+ }, {
+ "id" : "44ac2d4b-7194-4661-8060-de9c0339c891",
+ "alias" : "docker auth",
+ "description" : "Used by Docker clients to authenticate against the IDP",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "docker-http-basic-authenticator",
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ } ]
+ }, {
+ "id" : "28233fd4-c562-4c88-bf54-ad17aff4148d",
+ "alias" : "first broker login",
+ "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticatorConfig" : "review profile config",
+ "authenticator" : "idp-review-profile",
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "flowAlias" : "User creation or linking",
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : true
+ } ]
+ }, {
+ "id" : "54f0795e-23c5-4cc9-87d7-45b57215cce4",
+ "alias" : "forms",
+ "description" : "Username, password, otp and other auth forms.",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "auth-username-password-form",
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "requirement" : "CONDITIONAL",
+ "priority" : 20,
+ "flowAlias" : "Browser - Conditional OTP",
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : true
+ } ]
+ }, {
+ "id" : "afd9b09a-015c-4f44-bd67-a23608e42215",
+ "alias" : "http challenge",
+ "description" : "An authentication flow based on challenge-response HTTP Authentication Schemes",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "no-cookie-redirect",
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "flowAlias" : "Authentication Options",
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : true
+ } ]
+ }, {
+ "id" : "5d5ab8ab-bf87-48f9-9d4b-35cc43c12763",
+ "alias" : "registration",
+ "description" : "registration flow",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "registration-page-form",
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "flowAlias" : "registration form",
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : true
+ } ]
+ }, {
+ "id" : "de771f55-0d04-4bcd-b586-bfa234e09b8b",
+ "alias" : "registration form",
+ "description" : "registration form",
+ "providerId" : "form-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "registration-user-creation",
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "registration-profile-action",
+ "requirement" : "REQUIRED",
+ "priority" : 40,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "registration-password-action",
+ "requirement" : "REQUIRED",
+ "priority" : 50,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "registration-recaptcha-action",
+ "requirement" : "DISABLED",
+ "priority" : 60,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ } ]
+ }, {
+ "id" : "06d7f08e-ee5a-472d-98e0-f6d49d6bdbbe",
+ "alias" : "reset credentials",
+ "description" : "Reset credentials for a user if they forgot their password or something",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "reset-credentials-choose-user",
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "reset-credential-email",
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "reset-password",
+ "requirement" : "REQUIRED",
+ "priority" : 30,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "requirement" : "CONDITIONAL",
+ "priority" : 40,
+ "flowAlias" : "Reset - Conditional OTP",
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : true
+ } ]
+ }, {
+ "id" : "e42b5356-bd45-47c9-998f-d64b82424d5c",
+ "alias" : "saml ecp",
+ "description" : "SAML ECP Profile Authentication Flow",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "http-basic-authenticator",
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ } ]
+ } ],
+ "authenticatorConfig" : [ {
+ "id" : "bdf530ec-e51b-4c7b-9c85-7fd856d0acc8",
+ "alias" : "create unique user config",
+ "config" : {
+ "require.password.update.after.registration" : "false"
+ }
+ }, {
+ "id" : "936a360d-981a-4c1b-be9a-c81991a843f3",
+ "alias" : "review profile config",
+ "config" : {
+ "update.profile.on.first.login" : "missing"
+ }
+ } ],
+ "requiredActions" : [ {
+ "alias" : "CONFIGURE_TOTP",
+ "name" : "Configure OTP",
+ "providerId" : "CONFIGURE_TOTP",
+ "enabled" : true,
+ "defaultAction" : false,
+ "priority" : 10,
+ "config" : { }
+ }, {
+ "alias" : "terms_and_conditions",
+ "name" : "Terms and Conditions",
+ "providerId" : "terms_and_conditions",
+ "enabled" : false,
+ "defaultAction" : false,
+ "priority" : 20,
+ "config" : { }
+ }, {
+ "alias" : "UPDATE_PASSWORD",
+ "name" : "Update Password",
+ "providerId" : "UPDATE_PASSWORD",
+ "enabled" : true,
+ "defaultAction" : false,
+ "priority" : 30,
+ "config" : { }
+ }, {
+ "alias" : "UPDATE_PROFILE",
+ "name" : "Update Profile",
+ "providerId" : "UPDATE_PROFILE",
+ "enabled" : true,
+ "defaultAction" : false,
+ "priority" : 40,
+ "config" : { }
+ }, {
+ "alias" : "VERIFY_EMAIL",
+ "name" : "Verify Email",
+ "providerId" : "VERIFY_EMAIL",
+ "enabled" : true,
+ "defaultAction" : false,
+ "priority" : 50,
+ "config" : { }
+ }, {
+ "alias" : "delete_account",
+ "name" : "Delete Account",
+ "providerId" : "delete_account",
+ "enabled" : false,
+ "defaultAction" : false,
+ "priority" : 60,
+ "config" : { }
+ }, {
+ "alias" : "update_user_locale",
+ "name" : "Update User Locale",
+ "providerId" : "update_user_locale",
+ "enabled" : true,
+ "defaultAction" : false,
+ "priority" : 1000,
+ "config" : { }
+ } ],
+ "browserFlow" : "browser",
+ "registrationFlow" : "registration",
+ "directGrantFlow" : "direct grant",
+ "resetCredentialsFlow" : "reset credentials",
+ "clientAuthenticationFlow" : "clients",
+ "dockerAuthenticationFlow" : "docker auth",
+ "attributes" : {
+ "clientOfflineSessionMaxLifespan" : "0",
+ "clientSessionIdleTimeout" : "0",
+ "clientSessionMaxLifespan" : "0",
+ "clientOfflineSessionIdleTimeout" : "0"
+ },
+ "keycloakVersion" : "12.0.3",
+ "userManagedAccessAllowed" : false
+}, {
+ "id" : "master",
+ "realm" : "master",
+ "displayName" : "Keycloak",
+ "displayNameHtml" : "<div class=\"kc-logo-text\"><span>Keycloak</span></div>",
+ "notBefore" : 0,
+ "revokeRefreshToken" : false,
+ "refreshTokenMaxReuse" : 0,
+ "accessTokenLifespan" : 60,
+ "accessTokenLifespanForImplicitFlow" : 900,
+ "ssoSessionIdleTimeout" : 1800,
+ "ssoSessionMaxLifespan" : 36000,
+ "ssoSessionIdleTimeoutRememberMe" : 0,
+ "ssoSessionMaxLifespanRememberMe" : 0,
+ "offlineSessionIdleTimeout" : 2592000,
+ "offlineSessionMaxLifespanEnabled" : false,
+ "offlineSessionMaxLifespan" : 5184000,
+ "clientSessionIdleTimeout" : 0,
+ "clientSessionMaxLifespan" : 0,
+ "clientOfflineSessionIdleTimeout" : 0,
+ "clientOfflineSessionMaxLifespan" : 0,
+ "accessCodeLifespan" : 60,
+ "accessCodeLifespanUserAction" : 300,
+ "accessCodeLifespanLogin" : 1800,
+ "actionTokenGeneratedByAdminLifespan" : 43200,
+ "actionTokenGeneratedByUserLifespan" : 300,
+ "enabled" : true,
+ "sslRequired" : "external",
+ "registrationAllowed" : false,
+ "registrationEmailAsUsername" : false,
+ "rememberMe" : false,
+ "verifyEmail" : false,
+ "loginWithEmailAllowed" : true,
+ "duplicateEmailsAllowed" : false,
+ "resetPasswordAllowed" : false,
+ "editUsernameAllowed" : false,
+ "bruteForceProtected" : false,
+ "permanentLockout" : false,
+ "maxFailureWaitSeconds" : 900,
+ "minimumQuickLoginWaitSeconds" : 60,
+ "waitIncrementSeconds" : 60,
+ "quickLoginCheckMilliSeconds" : 1000,
+ "maxDeltaTimeSeconds" : 43200,
+ "failureFactor" : 30,
+ "roles" : {
+ "realm" : [ {
+ "id" : "d987a2e0-921f-4a9e-897e-4434036616eb",
+ "name" : "offline_access",
+ "description" : "${role_offline-access}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "master",
+ "attributes" : { }
+ }, {
+ "id" : "1cc59933-010e-416a-be79-9bb2bce10536",
+ "name" : "uma_authorization",
+ "description" : "${role_uma_authorization}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "master",
+ "attributes" : { }
+ }, {
+ "id" : "e2f5bd9d-4978-4103-8233-e88fd264044b",
+ "name" : "admin",
+ "description" : "${role_admin}",
+ "composite" : true,
+ "composites" : {
+ "realm" : [ "create-realm" ],
+ "client" : {
+ "artemis-keycloak-demo-realm" : [ "view-users", "manage-authorization", "manage-events", "impersonation", "query-clients", "view-events", "manage-clients", "create-client", "view-authorization", "manage-users", "query-users", "manage-identity-providers", "query-realms", "view-realm", "query-groups", "view-clients", "manage-realm", "view-identity-providers" ],
+ "master-realm" : [ "view-realm", "view-events", "query-groups", "impersonation", "manage-identity-providers", "create-client", "manage-authorization", "view-users", "view-authorization", "manage-events", "query-clients", "manage-clients", "view-identity-providers", "query-realms", "manage-users", "query-users", "view-clients", "manage-realm" ]
+ }
+ },
+ "clientRole" : false,
+ "containerId" : "master",
+ "attributes" : { }
+ }, {
+ "id" : "d3db6222-9502-4cf9-8ff7-14528bd29f16",
+ "name" : "create-realm",
+ "description" : "${role_create-realm}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "master",
+ "attributes" : { }
+ } ],
+ "client" : {
+ "artemis-keycloak-demo-realm" : [ {
+ "id" : "34f2dbc1-8cb8-4c22-8510-4bdee2cf2dfb",
+ "name" : "query-users",
+ "description" : "${role_query-users}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "6f7c1789-8d4c-4b8f-a01c-efcca754204b",
+ "attributes" : { }
+ }, {
+ "id" : "9ce6efa0-4d01-4301-b40f-2be16b68edfc",
+ "name" : "view-users",
+ "description" : "${role_view-users}",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "artemis-keycloak-demo-realm" : [ "query-users", "query-groups" ]
+ }
+ },
+ "clientRole" : true,
+ "containerId" : "6f7c1789-8d4c-4b8f-a01c-efcca754204b",
+ "attributes" : { }
+ }, {
+ "id" : "7b348429-19bf-4a55-9462-01996d6c3fd1",
+ "name" : "manage-authorization",
+ "description" : "${role_manage-authorization}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "6f7c1789-8d4c-4b8f-a01c-efcca754204b",
+ "attributes" : { }
+ }, {
+ "id" : "cf825d1d-8f46-4d6a-8f6c-c5164e2b5668",
+ "name" : "manage-events",
+ "description" : "${role_manage-events}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "6f7c1789-8d4c-4b8f-a01c-efcca754204b",
+ "attributes" : { }
+ }, {
+ "id" : "198562c1-7731-486a-a573-3beae2f9a816",
+ "name" : "manage-identity-providers",
+ "description" : "${role_manage-identity-providers}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "6f7c1789-8d4c-4b8f-a01c-efcca754204b",
+ "attributes" : { }
+ }, {
+ "id" : "9197780d-8760-48b4-b6d8-fcf2263eb3fa",
+ "name" : "impersonation",
+ "description" : "${role_impersonation}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "6f7c1789-8d4c-4b8f-a01c-efcca754204b",
+ "attributes" : { }
+ }, {
+ "id" : "93dcc4e1-b556-4bda-9fda-acba438ac7b5",
+ "name" : "query-realms",
+ "description" : "${role_query-realms}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "6f7c1789-8d4c-4b8f-a01c-efcca754204b",
+ "attributes" : { }
+ }, {
+ "id" : "5bc0a7ed-638b-4f89-b790-b5ee6bf860aa",
+ "name" : "query-clients",
+ "description" : "${role_query-clients}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "6f7c1789-8d4c-4b8f-a01c-efcca754204b",
+ "attributes" : { }
+ }, {
+ "id" : "d6295b0d-7f05-4734-82e4-0e5885a2b236",
+ "name" : "view-events",
+ "description" : "${role_view-events}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "6f7c1789-8d4c-4b8f-a01c-efcca754204b",
+ "attributes" : { }
+ }, {
+ "id" : "8cbee38b-555e-44f3-b326-2b8de7e9ac93",
+ "name" : "view-realm",
+ "description" : "${role_view-realm}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "6f7c1789-8d4c-4b8f-a01c-efcca754204b",
+ "attributes" : { }
+ }, {
+ "id" : "65f1a303-eb8b-49db-b459-a36a363037ea",
+ "name" : "query-groups",
+ "description" : "${role_query-groups}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "6f7c1789-8d4c-4b8f-a01c-efcca754204b",
+ "attributes" : { }
+ }, {
+ "id" : "66b3eeb6-cea6-4a8b-b5a7-04819b4faaa7",
+ "name" : "create-client",
+ "description" : "${role_create-client}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "6f7c1789-8d4c-4b8f-a01c-efcca754204b",
+ "attributes" : { }
+ }, {
+ "id" : "017d7535-a3e2-4fde-b5c1-8be214384524",
+ "name" : "manage-clients",
+ "description" : "${role_manage-clients}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "6f7c1789-8d4c-4b8f-a01c-efcca754204b",
+ "attributes" : { }
+ }, {
+ "id" : "10422b6e-0720-4670-92cb-f783a34a7d47",
+ "name" : "view-clients",
+ "description" : "${role_view-clients}",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "artemis-keycloak-demo-realm" : [ "query-clients" ]
+ }
+ },
+ "clientRole" : true,
+ "containerId" : "6f7c1789-8d4c-4b8f-a01c-efcca754204b",
+ "attributes" : { }
+ }, {
+ "id" : "391780df-30aa-43aa-a82e-2a4766c47871",
+ "name" : "manage-realm",
+ "description" : "${role_manage-realm}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "6f7c1789-8d4c-4b8f-a01c-efcca754204b",
+ "attributes" : { }
+ }, {
+ "id" : "55048f6c-885a-4c30-80f8-b1a178b288eb",
+ "name" : "view-authorization",
+ "description" : "${role_view-authorization}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "6f7c1789-8d4c-4b8f-a01c-efcca754204b",
+ "attributes" : { }
+ }, {
+ "id" : "fbbcfede-f729-4cee-b089-4fce91f9ec80",
+ "name" : "manage-users",
+ "description" : "${role_manage-users}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "6f7c1789-8d4c-4b8f-a01c-efcca754204b",
+ "attributes" : { }
+ }, {
+ "id" : "cbbc1e1b-b334-4fe1-96ff-cd1745c7f73e",
+ "name" : "view-identity-providers",
+ "description" : "${role_view-identity-providers}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "6f7c1789-8d4c-4b8f-a01c-efcca754204b",
+ "attributes" : { }
+ } ],
+ "security-admin-console" : [ ],
+ "admin-cli" : [ ],
+ "account-console" : [ ],
+ "broker" : [ {
+ "id" : "3e208e5d-3286-48b9-b9c8-81636ec76c36",
+ "name" : "read-token",
+ "description" : "${role_read-token}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "ab7b25e3-cafe-4e28-bb86-0a5aa8336748",
+ "attributes" : { }
+ } ],
+ "master-realm" : [ {
+ "id" : "7c6b1224-e501-44f2-8bb1-d20f16398de7",
+ "name" : "manage-clients",
+ "description" : "${role_manage-clients}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "59dbb061-956f-49f5-922e-19660f29c608",
+ "attributes" : { }
+ }, {
+ "id" : "359d5b3d-0c9f-4080-942f-85e5539fac01",
+ "name" : "view-realm",
+ "description" : "${role_view-realm}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "59dbb061-956f-49f5-922e-19660f29c608",
+ "attributes" : { }
+ }, {
+ "id" : "6ac9793f-8dc7-4113-a77c-a53233b41647",
+ "name" : "view-events",
+ "description" : "${role_view-events}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "59dbb061-956f-49f5-922e-19660f29c608",
+ "attributes" : { }
+ }, {
+ "id" : "1fc98c0b-cf29-4c74-8a26-70c47cfa30da",
+ "name" : "query-groups",
+ "description" : "${role_query-groups}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "59dbb061-956f-49f5-922e-19660f29c608",
+ "attributes" : { }
+ }, {
+ "id" : "91d6f137-1e94-477c-a82c-0bdf2d76b80b",
+ "name" : "view-identity-providers",
+ "description" : "${role_view-identity-providers}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "59dbb061-956f-49f5-922e-19660f29c608",
+ "attributes" : { }
+ }, {
+ "id" : "2f781939-a4d0-4db5-8132-eb0843b7fb68",
+ "name" : "query-realms",
+ "description" : "${role_query-realms}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "59dbb061-956f-49f5-922e-19660f29c608",
+ "attributes" : { }
+ }, {
+ "id" : "67726a5e-6f0e-486e-8fd5-77beb612fc1b",
+ "name" : "manage-users",
+ "description" : "${role_manage-users}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "59dbb061-956f-49f5-922e-19660f29c608",
+ "attributes" : { }
+ }, {
+ "id" : "8b444e09-30a8-47b2-96a9-7a98df67e05c",
+ "name" : "impersonation",
+ "description" : "${role_impersonation}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "59dbb061-956f-49f5-922e-19660f29c608",
+ "attributes" : { }
+ }, {
+ "id" : "e7e42ff3-db25-49f0-8765-ccf65e1ec095",
+ "name" : "manage-identity-providers",
+ "description" : "${role_manage-identity-providers}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "59dbb061-956f-49f5-922e-19660f29c608",
+ "attributes" : { }
+ }, {
+ "id" : "cfdb9a6c-d2ad-40a1-a3aa-ba176871fcd5",
+ "name" : "query-users",
+ "description" : "${role_query-users}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "59dbb061-956f-49f5-922e-19660f29c608",
+ "attributes" : { }
+ }, {
+ "id" : "2fab2ef8-00f8-4412-a10f-41fd21b165aa",
+ "name" : "create-client",
+ "description" : "${role_create-client}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "59dbb061-956f-49f5-922e-19660f29c608",
+ "attributes" : { }
+ }, {
+ "id" : "36a8ae16-b16c-43d1-a77e-fecbd24cda83",
+ "name" : "manage-authorization",
+ "description" : "${role_manage-authorization}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "59dbb061-956f-49f5-922e-19660f29c608",
+ "attributes" : { }
+ }, {
+ "id" : "6b0e8b92-8b58-400b-b066-8c4c23b80a16",
+ "name" : "view-users",
+ "description" : "${role_view-users}",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "master-realm" : [ "query-users", "query-groups" ]
+ }
+ },
+ "clientRole" : true,
+ "containerId" : "59dbb061-956f-49f5-922e-19660f29c608",
+ "attributes" : { }
+ }, {
+ "id" : "4e44df1b-95a1-497f-a6dd-1e83ecce8a26",
+ "name" : "view-authorization",
+ "description" : "${role_view-authorization}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "59dbb061-956f-49f5-922e-19660f29c608",
+ "attributes" : { }
+ }, {
+ "id" : "263f5ce0-d2ba-4eed-96c0-0f41cfc0a583",
+ "name" : "manage-events",
+ "description" : "${role_manage-events}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "59dbb061-956f-49f5-922e-19660f29c608",
+ "attributes" : { }
+ }, {
+ "id" : "40898264-6ca2-4a1c-8be8-8a34dd4128f7",
+ "name" : "view-clients",
+ "description" : "${role_view-clients}",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "master-realm" : [ "query-clients" ]
+ }
+ },
+ "clientRole" : true,
+ "containerId" : "59dbb061-956f-49f5-922e-19660f29c608",
+ "attributes" : { }
+ }, {
+ "id" : "1d75ea3a-d1f5-4fa5-8bbc-65dd7ee482e6",
+ "name" : "query-clients",
+ "description" : "${role_query-clients}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "59dbb061-956f-49f5-922e-19660f29c608",
+ "attributes" : { }
+ }, {
+ "id" : "70d27c11-ff4a-46f5-a931-ffdaef79b709",
+ "name" : "manage-realm",
+ "description" : "${role_manage-realm}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "59dbb061-956f-49f5-922e-19660f29c608",
+ "attributes" : { }
+ } ],
+ "account" : [ {
+ "id" : "59b9e0f8-3510-41fc-a802-a351863bec0b",
+ "name" : "manage-account-links",
+ "description" : "${role_manage-account-links}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "01870061-242b-4b31-9ce1-42e586acda3e",
+ "attributes" : { }
+ }, {
+ "id" : "01444474-f6e7-4f50-b9b0-44024b300561",
+ "name" : "view-profile",
+ "description" : "${role_view-profile}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "01870061-242b-4b31-9ce1-42e586acda3e",
+ "attributes" : { }
+ }, {
+ "id" : "c4dd0a8c-4833-4057-b016-d3533ac2e7ee",
+ "name" : "delete-account",
+ "description" : "${role_delete-account}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "01870061-242b-4b31-9ce1-42e586acda3e",
+ "attributes" : { }
+ }, {
+ "id" : "51555d66-eefb-4ca9-9acc-7f2a58d990b1",
+ "name" : "manage-consent",
+ "description" : "${role_manage-consent}",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "account" : [ "view-consent" ]
+ }
+ },
+ "clientRole" : true,
+ "containerId" : "01870061-242b-4b31-9ce1-42e586acda3e",
+ "attributes" : { }
+ }, {
+ "id" : "fa876b15-3a0c-43f0-9df6-cc71da962c12",
+ "name" : "view-applications",
+ "description" : "${role_view-applications}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "01870061-242b-4b31-9ce1-42e586acda3e",
+ "attributes" : { }
+ }, {
+ "id" : "e8fd620f-b3f7-40ad-ab4e-1d69421b6bd8",
+ "name" : "manage-account",
+ "description" : "${role_manage-account}",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "account" : [ "manage-account-links" ]
+ }
+ },
+ "clientRole" : true,
+ "containerId" : "01870061-242b-4b31-9ce1-42e586acda3e",
+ "attributes" : { }
+ }, {
+ "id" : "24b5987f-d1ba-4ee0-a6b4-ee54eaf03404",
+ "name" : "view-consent",
+ "description" : "${role_view-consent}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "01870061-242b-4b31-9ce1-42e586acda3e",
+ "attributes" : { }
+ } ]
+ }
+ },
+ "groups" : [ ],
+ "defaultRoles" : [ "uma_authorization", "offline_access" ],
+ "requiredCredentials" : [ "password" ],
+ "otpPolicyType" : "totp",
+ "otpPolicyAlgorithm" : "HmacSHA1",
+ "otpPolicyInitialCounter" : 0,
+ "otpPolicyDigits" : 6,
+ "otpPolicyLookAheadWindow" : 1,
+ "otpPolicyPeriod" : 30,
+ "otpSupportedApplications" : [ "FreeOTP", "Google Authenticator" ],
+ "webAuthnPolicyRpEntityName" : "keycloak",
+ "webAuthnPolicySignatureAlgorithms" : [ "ES256" ],
+ "webAuthnPolicyRpId" : "",
+ "webAuthnPolicyAttestationConveyancePreference" : "not specified",
+ "webAuthnPolicyAuthenticatorAttachment" : "not specified",
+ "webAuthnPolicyRequireResidentKey" : "not specified",
+ "webAuthnPolicyUserVerificationRequirement" : "not specified",
+ "webAuthnPolicyCreateTimeout" : 0,
+ "webAuthnPolicyAvoidSameAuthenticatorRegister" : false,
+ "webAuthnPolicyAcceptableAaguids" : [ ],
+ "webAuthnPolicyPasswordlessRpEntityName" : "keycloak",
+ "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ],
+ "webAuthnPolicyPasswordlessRpId" : "",
+ "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified",
+ "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified",
+ "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified",
+ "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified",
+ "webAuthnPolicyPasswordlessCreateTimeout" : 0,
+ "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false,
+ "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ],
+ "users" : [ {
+ "id" : "2e91494d-8b6f-40a4-96cb-fd563e2dd018",
+ "createdTimestamp" : 1615203040281,
+ "username" : "admin",
+ "enabled" : true,
+ "totp" : false,
+ "emailVerified" : false,
+ "credentials" : [ {
+ "id" : "1036bf4f-82e8-41c8-8fdd-0de76673430d",
+ "type" : "password",
+ "createdDate" : 1615203040462,
+ "secretData" : "{\"value\":\"MrTtgQljx2ai8E12PO8TvQdhv6WV2pIfw+4mN3y5ATSNjOXGvHtY0a6L2VUp8AAQxyCYIxMXnvm8vLAGgB5iIg==\",\"salt\":\"RkVYbaK2sAIh41P023t+sQ==\",\"additionalParameters\":{}}",
+ "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
+ } ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "uma_authorization", "offline_access", "admin" ],
+ "clientRoles" : {
+ "account" : [ "view-profile", "manage-account" ]
+ },
+ "notBefore" : 0,
+ "groups" : [ ]
+ } ],
+ "scopeMappings" : [ {
+ "clientScope" : "offline_access",
+ "roles" : [ "offline_access" ]
+ } ],
+ "clientScopeMappings" : {
+ "account" : [ {
+ "client" : "account-console",
+ "roles" : [ "manage-account" ]
+ } ]
+ },
+ "clients" : [ {
+ "id" : "01870061-242b-4b31-9ce1-42e586acda3e",
+ "clientId" : "account",
+ "name" : "${client_account}",
+ "rootUrl" : "${authBaseUrl}",
+ "baseUrl" : "/realms/master/account/",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "secret" : "dd4e0fbc-8d02-40d8-8c1e-6ee71f9baf89",
+ "defaultRoles" : [ "view-profile", "manage-account" ],
+ "redirectUris" : [ "/realms/master/account/*" ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : false,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : false,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : { },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "d007d156-5b9c-444d-8841-5ec020f03dbb",
+ "clientId" : "account-console",
+ "name" : "${client_account-console}",
+ "rootUrl" : "${authBaseUrl}",
+ "baseUrl" : "/realms/master/account/",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "secret" : "efdefca4-007e-4205-b00b-3c462e07f7a9",
+ "redirectUris" : [ "/realms/master/account/*" ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : false,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : true,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "pkce.code.challenge.method" : "S256"
+ },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "protocolMappers" : [ {
+ "id" : "1275aa74-3005-4a3b-a15d-72ec70d7a6c1",
+ "name" : "audience resolve",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-audience-resolve-mapper",
+ "consentRequired" : false,
+ "config" : { }
+ } ],
+ "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "9f6c3650-3994-4957-8808-b2154b8c71b5",
+ "clientId" : "admin-cli",
+ "name" : "${client_admin-cli}",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "secret" : "d2f0478e-c9d9-4305-9a72-7f3bc051ce89",
+ "redirectUris" : [ ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : false,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : true,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : true,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : { },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "6f7c1789-8d4c-4b8f-a01c-efcca754204b",
+ "clientId" : "artemis-keycloak-demo-realm",
+ "name" : "artemis-keycloak-demo Realm",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "secret" : "8e96f5b7-1077-416c-a116-f9e1eb9368db",
+ "redirectUris" : [ ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : true,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : false,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : false,
+ "frontchannelLogout" : false,
+ "attributes" : { },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : true,
+ "nodeReRegistrationTimeout" : 0,
+ "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "ab7b25e3-cafe-4e28-bb86-0a5aa8336748",
+ "clientId" : "broker",
+ "name" : "${client_broker}",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "secret" : "43ae2cf4-1334-4e45-9065-2b9ecea15e42",
+ "redirectUris" : [ ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : false,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : false,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : { },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "59dbb061-956f-49f5-922e-19660f29c608",
+ "clientId" : "master-realm",
+ "name" : "master Realm",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "secret" : "cf4afa23-81ea-41fc-869e-5d798018d812",
+ "redirectUris" : [ ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : true,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : false,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : false,
+ "frontchannelLogout" : false,
+ "attributes" : { },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : true,
+ "nodeReRegistrationTimeout" : 0,
+ "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "b4bba21a-4347-4625-8bda-567003ac2fe8",
+ "clientId" : "security-admin-console",
+ "name" : "${client_security-admin-console}",
+ "rootUrl" : "${authAdminUrl}",
+ "baseUrl" : "/admin/master/console/",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "secret" : "e675c52e-18c8-4efc-9c16-ab9a60f166c4",
+ "redirectUris" : [ "/admin/master/console/*" ],
+ "webOrigins" : [ "+" ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : false,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : true,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "pkce.code.challenge.method" : "S256"
+ },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "protocolMappers" : [ {
+ "id" : "6a6f44de-236c-42aa-8800-8b87d7512784",
+ "name" : "locale",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "locale",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "locale",
+ "jsonType.label" : "String"
+ }
+ } ],
+ "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ } ],
+ "clientScopes" : [ {
+ "id" : "0b32b7ca-77c7-439c-a488-50b210c99356",
+ "name" : "address",
+ "description" : "OpenID Connect built-in scope: address",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "true",
+ "consent.screen.text" : "${addressScopeConsentText}"
+ },
+ "protocolMappers" : [ {
+ "id" : "3fae9891-8756-4e6c-87e5-1aed666fdc63",
+ "name" : "address",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-address-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "user.attribute.formatted" : "formatted",
+ "user.attribute.country" : "country",
+ "user.attribute.postal_code" : "postal_code",
+ "userinfo.token.claim" : "true",
+ "user.attribute.street" : "street",
+ "id.token.claim" : "true",
+ "user.attribute.region" : "region",
+ "access.token.claim" : "true",
+ "user.attribute.locality" : "locality"
+ }
+ } ]
+ }, {
+ "id" : "d9ee8146-9f43-4f32-be94-537e594edeee",
+ "name" : "email",
+ "description" : "OpenID Connect built-in scope: email",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "true",
+ "consent.screen.text" : "${emailScopeConsentText}"
+ },
+ "protocolMappers" : [ {
+ "id" : "b73f8051-c286-4eef-9da7-fbdca988a267",
+ "name" : "email",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "email",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "email",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "d494b4a5-3f95-4ad8-85fb-6ab14c2aba98",
+ "name" : "email verified",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "emailVerified",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "email_verified",
+ "jsonType.label" : "boolean"
+ }
+ } ]
+ }, {
+ "id" : "73d67ab8-8c2a-4877-bfab-e3f92ea70fc0",
+ "name" : "microprofile-jwt",
+ "description" : "Microprofile - JWT built-in scope",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "false"
+ },
+ "protocolMappers" : [ {
+ "id" : "caab6c80-219e-49a7-b261-623c9dfc39b3",
+ "name" : "upn",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "username",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "upn",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "2657b7c8-acf5-4a00-8f91-e4481e1a2ef9",
+ "name" : "groups",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-realm-role-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "multivalued" : "true",
+ "user.attribute" : "foo",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "groups",
+ "jsonType.label" : "String"
+ }
+ } ]
+ }, {
+ "id" : "1b1ec0af-50de-4805-b92e-8517f8ae1ce2",
+ "name" : "offline_access",
+ "description" : "OpenID Connect built-in scope: offline_access",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "consent.screen.text" : "${offlineAccessScopeConsentText}",
+ "display.on.consent.screen" : "true"
+ }
+ }, {
+ "id" : "c0a3fa2d-cbfd-4aed-b784-b2f1d0082e3c",
+ "name" : "phone",
+ "description" : "OpenID Connect built-in scope: phone",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "true",
+ "consent.screen.text" : "${phoneScopeConsentText}"
+ },
+ "protocolMappers" : [ {
+ "id" : "22bc4dae-8f6f-4f6b-9c89-122caf10d2d6",
+ "name" : "phone number verified",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "phoneNumberVerified",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "phone_number_verified",
+ "jsonType.label" : "boolean"
+ }
+ }, {
+ "id" : "c25dbd18-e59d-4e4a-a7df-7ee7dfe1508b",
+ "name" : "phone number",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "phoneNumber",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "phone_number",
+ "jsonType.label" : "String"
+ }
+ } ]
+ }, {
+ "id" : "ab056ba3-d42c-4344-bc44-b7b9f8923882",
+ "name" : "profile",
+ "description" : "OpenID Connect built-in scope: profile",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "true",
+ "consent.screen.text" : "${profileScopeConsentText}"
+ },
+ "protocolMappers" : [ {
+ "id" : "c92dce7a-a3ff-43f0-afb5-f07e719f03e0",
+ "name" : "gender",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "gender",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "gender",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "c2674c3f-1c1a-4b53-aacd-06b0c3761c02",
+ "name" : "birthdate",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "birthdate",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "birthdate",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "5f6af788-0d1a-4271-9e36-ef011c9e933b",
+ "name" : "username",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "username",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "preferred_username",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "bcb25417-25a7-4249-b56e-617d5891ca35",
+ "name" : "updated at",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "updatedAt",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "updated_at",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "9a1d6975-25f5-47c6-8060-249c36e9d3cb",
+ "name" : "given name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "firstName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "given_name",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "aa327392-ead9-42be-a856-f000276aa555",
+ "name" : "family name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "lastName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "family_name",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "cfe1e06d-00e0-4fd1-961b-eefdf32af1e1",
+ "name" : "picture",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "picture",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "picture",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "76ba40bf-3d5d-4e47-a59c-5c7156eb2621",
+ "name" : "nickname",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "nickname",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "nickname",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "2c9b21bb-8a15-44d3-9096-7a7d98eb2412",
+ "name" : "locale",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "locale",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "locale",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "4ee31460-a698-4fe0-9035-b90621e03148",
+ "name" : "full name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-full-name-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "userinfo.token.claim" : "true"
+ }
+ }, {
+ "id" : "50026ab8-3e66-49ed-913f-0bb48240237f",
+ "name" : "middle name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "middleName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "middle_name",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "f57fef92-fd0b-41d7-9715-c244c9994029",
+ "name" : "zoneinfo",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "zoneinfo",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "zoneinfo",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "4b79c8a0-a6c6-4fec-a413-8a19436bfb82",
+ "name" : "profile",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "profile",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "profile",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "a700659d-9715-4d53-acb8-077ecb5bdde1",
+ "name" : "website",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "website",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "website",
+ "jsonType.label" : "String"
+ }
+ } ]
+ }, {
+ "id" : "2d955805-8c91-4862-a799-9a35f18c121a",
+ "name" : "role_list",
+ "description" : "SAML role list",
+ "protocol" : "saml",
+ "attributes" : {
+ "consent.screen.text" : "${samlRoleListScopeConsentText}",
+ "display.on.consent.screen" : "true"
+ },
+ "protocolMappers" : [ {
+ "id" : "201c3fa6-47bd-4a87-b0db-23683b20f514",
+ "name" : "role list",
+ "protocol" : "saml",
+ "protocolMapper" : "saml-role-list-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "single" : "false",
+ "attribute.nameformat" : "Basic",
+ "attribute.name" : "Role"
+ }
+ } ]
+ }, {
+ "id" : "c6bf08bb-081c-4d9a-9fb1-2fc97bcf37f9",
+ "name" : "roles",
+ "description" : "OpenID Connect scope for add user roles to the access token",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "false",
+ "display.on.consent.screen" : "true",
+ "consent.screen.text" : "${rolesScopeConsentText}"
+ },
+ "protocolMappers" : [ {
+ "id" : "db4db305-fe70-44b4-a4ec-9094b7a3f185",
+ "name" : "client roles",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-client-role-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "user.attribute" : "foo",
+ "access.token.claim" : "true",
+ "claim.name" : "resource_access.${client_id}.roles",
+ "jsonType.label" : "String",
+ "multivalued" : "true"
+ }
+ }, {
+ "id" : "eee0d8b6-754c-4c71-9ae8-8a85e87d09c0",
+ "name" : "audience resolve",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-audience-resolve-mapper",
+ "consentRequired" : false,
+ "config" : { }
+ }, {
+ "id" : "3bab040e-4846-4712-baac-65f66aca29e7",
+ "name" : "realm roles",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-realm-role-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "user.attribute" : "foo",
+ "access.token.claim" : "true",
+ "claim.name" : "realm_access.roles",
+ "jsonType.label" : "String",
+ "multivalued" : "true"
+ }
+ } ]
+ }, {
+ "id" : "959f7373-6350-4428-8b35-d0d5e85697ac",
+ "name" : "web-origins",
+ "description" : "OpenID Connect scope for add allowed web origins to the access token",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "false",
+ "display.on.consent.screen" : "false",
+ "consent.screen.text" : ""
+ },
+ "protocolMappers" : [ {
+ "id" : "50e19422-294d-4b66-963d-999d90695a49",
+ "name" : "allowed web origins",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-allowed-origins-mapper",
+ "consentRequired" : false,
+ "config" : { }
+ } ]
+ } ],
+ "defaultDefaultClientScopes" : [ "role_list", "profile", "email", "roles", "web-origins" ],
+ "defaultOptionalClientScopes" : [ "offline_access", "address", "phone", "microprofile-jwt" ],
+ "browserSecurityHeaders" : {
+ "contentSecurityPolicyReportOnly" : "",
+ "xContentTypeOptions" : "nosniff",
+ "xRobotsTag" : "none",
+ "xFrameOptions" : "SAMEORIGIN",
+ "xXSSProtection" : "1; mode=block",
+ "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
+ "strictTransportSecurity" : "max-age=31536000; includeSubDomains"
+ },
+ "smtpServer" : { },
+ "eventsEnabled" : false,
+ "eventsListeners" : [ "jboss-logging" ],
+ "enabledEventTypes" : [ ],
+ "adminEventsEnabled" : false,
+ "adminEventsDetailsEnabled" : false,
+ "identityProviders" : [ ],
+ "identityProviderMappers" : [ ],
+ "components" : {
+ "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ {
+ "id" : "19f20c21-e51d-4374-8ab0-581a1caf138f",
+ "name" : "Max Clients Limit",
+ "providerId" : "max-clients",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : {
+ "max-clients" : [ "200" ]
+ }
+ }, {
+ "id" : "eb2a0210-e75e-49d8-b7b6-85478e48c32a",
+ "name" : "Allowed Client Scopes",
+ "providerId" : "allowed-client-templates",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : {
+ "allow-default-scopes" : [ "true" ]
+ }
+ }, {
+ "id" : "c36a2ef4-bc7e-4ccf-b086-3a0e63d48bce",
+ "name" : "Allowed Protocol Mapper Types",
+ "providerId" : "allowed-protocol-mappers",
+ "subType" : "authenticated",
+ "subComponents" : { },
+ "config" : {
+ "allowed-protocol-mapper-types" : [ "oidc-usermodel-attribute-mapper", "saml-user-property-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-role-list-mapper", "oidc-address-mapper", "saml-user-attribute-mapper", "oidc-full-name-mapper", "oidc-usermodel-property-mapper" ]
+ }
+ }, {
+ "id" : "68af6607-ca19-4dd7-839b-705e073e218f",
+ "name" : "Full Scope Disabled",
+ "providerId" : "scope",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : { }
+ }, {
+ "id" : "f7b2cf8c-38b3-4ca3-b72e-dbbdb4385c95",
+ "name" : "Allowed Protocol Mapper Types",
+ "providerId" : "allowed-protocol-mappers",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : {
+ "allowed-protocol-mapper-types" : [ "oidc-usermodel-attribute-mapper", "oidc-address-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-full-name-mapper", "saml-user-attribute-mapper", "saml-role-list-mapper", "oidc-usermodel-property-mapper", "saml-user-property-mapper" ]
+ }
+ }, {
+ "id" : "502222e9-8a6b-494d-95af-297ef1a02339",
+ "name" : "Trusted Hosts",
+ "providerId" : "trusted-hosts",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : {
+ "host-sending-registration-request-must-match" : [ "true" ],
+ "client-uris-must-match" : [ "true" ]
+ }
+ }, {
+ "id" : "5498a928-14a9-40c0-a39d-6a223664fe3e",
+ "name" : "Consent Required",
+ "providerId" : "consent-required",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : { }
+ }, {
+ "id" : "acd5a341-a9f0-4118-8a60-f71a7f7450e9",
+ "name" : "Allowed Client Scopes",
+ "providerId" : "allowed-client-templates",
+ "subType" : "authenticated",
+ "subComponents" : { },
+ "config" : {
+ "allow-default-scopes" : [ "true" ]
+ }
+ } ],
+ "org.keycloak.keys.KeyProvider" : [ {
+ "id" : "b8acaf81-dbce-4fd4-8192-f8f3432f31a9",
+ "name" : "fallback-RS256",
+ "providerId" : "rsa-generated",
+ "subComponents" : { },
+ "config" : {
+ "privateKey" : [ "MIIEpAIBAAKCAQEA0+rTbR0e5EoDyP1F1PWKCcy+N2mZBcuWRrWLeFFk6FiYIV9bsGBv/UFgewp2cRemT+Xt6ODY4ZMrUwZoFYTOZVTugSq7Y06a356bdMSIsNybGJg9KneswmKdzNFda2J9UbQOjqMkAbKgrnN2ojYylLqquM633vUKAbsXktOR4T1c3WlpQGA9zWY0Y8uz9bfANGZ9mEowd+Y3IyVhUYCtXp869COfb3qevO2VOSQLF5qdbf3wUZKLKJjhbs/yh/+gqAv5aJQSNxPLWN0s1agoaqC3BjRXB9MyAbem0B6dhn0TnoP/BMAcYcJOpRU3JSGIMJPmBvEIA6XtMYzFYU5muQIDAQABAoIBAE7RXReNKCsyWBwOD0X4mQGyE+FaNh7QrLDZ3ui+JTDBmrt20wxTofNouHCq4IiJikLXOthNoHytlwSHMnkmbvmDUD3cXdu+pZ [...]
+ "certificate" : [ "MIICmzCCAYMCBgF4EZqkKTANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZtYXN0ZXIwHhcNMjEwMzA4MTEyOTEwWhcNMzEwMzA4MTEzMDUwWjARMQ8wDQYDVQQDDAZtYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDT6tNtHR7kSgPI/UXU9YoJzL43aZkFy5ZGtYt4UWToWJghX1uwYG/9QWB7CnZxF6ZP5e3o4NjhkytTBmgVhM5lVO6BKrtjTprfnpt0xIiw3JsYmD0qd6zCYp3M0V1rYn1RtA6OoyQBsqCuc3aiNjKUuqq4zrfe9QoBuxeS05HhPVzdaWlAYD3NZjRjy7P1t8A0Zn2YSjB35jcjJWFRgK1enzr0I59vep687ZU5JAsXmp1t/fBRkosomOFuz/KH/6CoC/lolBI3E8tY3SzVqChqoLcGNFcH0 [...]
+ "priority" : [ "-100" ],
+ "algorithm" : [ "RS256" ]
+ }
+ }, {
+ "id" : "282931c7-919f-4ce9-b2b9-16bf8a1d1c25",
+ "name" : "fallback-HS256",
+ "providerId" : "hmac-generated",
+ "subComponents" : { },
+ "config" : {
+ "kid" : [ "6633eb56-eedd-4de7-aadc-23c1a67ae17f" ],
+ "secret" : [ "XVu0uzhk7Zzw1laElR4cRoW-SoyvBkFtK6HszJCVOVIJqQdiCq9AGs6oNqZ7nfKXL206yF8hkVGAgQlrpwtiDQ" ],
+ "priority" : [ "-100" ],
+ "algorithm" : [ "HS256" ]
+ }
+ } ]
+ },
+ "internationalizationEnabled" : false,
+ "supportedLocales" : [ ],
+ "authenticationFlows" : [ {
+ "id" : "2feb4193-fb1c-472a-bd11-ed98747dfa0c",
+ "alias" : "Account verification options",
+ "description" : "Method with which to verity the existing account",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "idp-email-verification",
+ "requirement" : "ALTERNATIVE",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "requirement" : "ALTERNATIVE",
+ "priority" : 20,
+ "flowAlias" : "Verify Existing Account by Re-authentication",
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : true
+ } ]
+ }, {
+ "id" : "366c73d4-99bf-4db2-90ef-8d80829ff5a8",
+ "alias" : "Authentication Options",
+ "description" : "Authentication options.",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "basic-auth",
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "basic-auth-otp",
+ "requirement" : "DISABLED",
+ "priority" : 20,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "auth-spnego",
+ "requirement" : "DISABLED",
+ "priority" : 30,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ } ]
+ }, {
+ "id" : "03a9b720-5c0b-4f53-aa1f-985b3788213a",
+ "alias" : "Browser - Conditional OTP",
+ "description" : "Flow to determine if the OTP is required for the authentication",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "conditional-user-configured",
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "auth-otp-form",
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ } ]
+ }, {
+ "id" : "71786079-7567-483d-b513-4c37b8b5e1f6",
+ "alias" : "Direct Grant - Conditional OTP",
+ "description" : "Flow to determine if the OTP is required for the authentication",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "conditional-user-configured",
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "direct-grant-validate-otp",
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ } ]
+ }, {
+ "id" : "7c590f5e-5d41-43d0-a69f-6b3f55086f0a",
+ "alias" : "First broker login - Conditional OTP",
+ "description" : "Flow to determine if the OTP is required for the authentication",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "conditional-user-configured",
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "auth-otp-form",
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ } ]
+ }, {
+ "id" : "18ea43be-bf8d-457d-a256-a857ab1cae0f",
+ "alias" : "Handle Existing Account",
+ "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "idp-confirm-link",
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "flowAlias" : "Account verification options",
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : true
+ } ]
+ }, {
+ "id" : "895a63f7-2f2b-4f69-b1a3-5e136480b4df",
+ "alias" : "Reset - Conditional OTP",
+ "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "conditional-user-configured",
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "reset-otp",
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ } ]
+ }, {
+ "id" : "5dd8e673-fa4d-49b7-884f-a2514049afaf",
+ "alias" : "User creation or linking",
+ "description" : "Flow for the existing/non-existing user alternatives",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticatorConfig" : "create unique user config",
+ "authenticator" : "idp-create-user-if-unique",
+ "requirement" : "ALTERNATIVE",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "requirement" : "ALTERNATIVE",
+ "priority" : 20,
+ "flowAlias" : "Handle Existing Account",
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : true
+ } ]
+ }, {
+ "id" : "501763ae-f35f-47f1-9eac-a5ddbed60b89",
+ "alias" : "Verify Existing Account by Re-authentication",
+ "description" : "Reauthentication of existing account",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "idp-username-password-form",
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "requirement" : "CONDITIONAL",
+ "priority" : 20,
+ "flowAlias" : "First broker login - Conditional OTP",
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : true
+ } ]
+ }, {
+ "id" : "ef7d1a6b-c9c2-4f73-bb8a-0213ef0b0a2a",
+ "alias" : "browser",
+ "description" : "browser based authentication",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "auth-cookie",
+ "requirement" : "ALTERNATIVE",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "auth-spnego",
+ "requirement" : "DISABLED",
+ "priority" : 20,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "identity-provider-redirector",
+ "requirement" : "ALTERNATIVE",
+ "priority" : 25,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "requirement" : "ALTERNATIVE",
+ "priority" : 30,
+ "flowAlias" : "forms",
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : true
+ } ]
+ }, {
+ "id" : "8752635d-ddcc-46c7-a3bc-769dc507e620",
+ "alias" : "clients",
+ "description" : "Base authentication for clients",
+ "providerId" : "client-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "client-secret",
+ "requirement" : "ALTERNATIVE",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "client-jwt",
+ "requirement" : "ALTERNATIVE",
+ "priority" : 20,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "client-secret-jwt",
+ "requirement" : "ALTERNATIVE",
+ "priority" : 30,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "client-x509",
+ "requirement" : "ALTERNATIVE",
+ "priority" : 40,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ } ]
+ }, {
+ "id" : "8f425a62-e76e-48c8-a8ce-954aadc986f7",
+ "alias" : "direct grant",
+ "description" : "OpenID Connect Resource Owner Grant",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "direct-grant-validate-username",
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "direct-grant-validate-password",
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "requirement" : "CONDITIONAL",
+ "priority" : 30,
+ "flowAlias" : "Direct Grant - Conditional OTP",
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : true
+ } ]
+ }, {
+ "id" : "edb4ef4f-5d5f-4055-b61c-fb5d4ad6a880",
+ "alias" : "docker auth",
+ "description" : "Used by Docker clients to authenticate against the IDP",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "docker-http-basic-authenticator",
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ } ]
+ }, {
+ "id" : "ca33f659-d4dd-49d8-b8e3-1267ef1c15a5",
+ "alias" : "first broker login",
+ "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticatorConfig" : "review profile config",
+ "authenticator" : "idp-review-profile",
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "flowAlias" : "User creation or linking",
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : true
+ } ]
+ }, {
+ "id" : "a9731fb0-7fcd-45fc-bbbe-66bf16981e59",
+ "alias" : "forms",
+ "description" : "Username, password, otp and other auth forms.",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "auth-username-password-form",
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "requirement" : "CONDITIONAL",
+ "priority" : 20,
+ "flowAlias" : "Browser - Conditional OTP",
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : true
+ } ]
+ }, {
+ "id" : "de046637-9c0b-4e03-b7fa-4d39cd926787",
+ "alias" : "http challenge",
+ "description" : "An authentication flow based on challenge-response HTTP Authentication Schemes",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "no-cookie-redirect",
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "flowAlias" : "Authentication Options",
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : true
+ } ]
+ }, {
+ "id" : "7507f444-e671-4e8e-a3df-d5414634452d",
+ "alias" : "registration",
+ "description" : "registration flow",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "registration-page-form",
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "flowAlias" : "registration form",
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : true
+ } ]
+ }, {
+ "id" : "767b0c27-0fed-4a56-b398-ca85a9358cfa",
+ "alias" : "registration form",
+ "description" : "registration form",
+ "providerId" : "form-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "registration-user-creation",
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "registration-profile-action",
+ "requirement" : "REQUIRED",
+ "priority" : 40,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "registration-password-action",
+ "requirement" : "REQUIRED",
+ "priority" : 50,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "registration-recaptcha-action",
+ "requirement" : "DISABLED",
+ "priority" : 60,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ } ]
+ }, {
+ "id" : "02643bf6-ce97-4d66-80e3-fdc24609a709",
+ "alias" : "reset credentials",
+ "description" : "Reset credentials for a user if they forgot their password or something",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "reset-credentials-choose-user",
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "reset-credential-email",
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "reset-password",
+ "requirement" : "REQUIRED",
+ "priority" : 30,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "requirement" : "CONDITIONAL",
+ "priority" : 40,
+ "flowAlias" : "Reset - Conditional OTP",
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : true
+ } ]
+ }, {
+ "id" : "c5344f6b-282f-4385-95c7-63a0e29a9bf3",
+ "alias" : "saml ecp",
+ "description" : "SAML ECP Profile Authentication Flow",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "http-basic-authenticator",
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ } ]
+ } ],
+ "authenticatorConfig" : [ {
+ "id" : "c7f52758-50a8-45e5-8acf-ff8559f446b6",
+ "alias" : "create unique user config",
+ "config" : {
+ "require.password.update.after.registration" : "false"
+ }
+ }, {
+ "id" : "2037d5f1-7f3e-4cf6-b5b3-7c37a70d3956",
+ "alias" : "review profile config",
+ "config" : {
+ "update.profile.on.first.login" : "missing"
+ }
+ } ],
+ "requiredActions" : [ {
+ "alias" : "CONFIGURE_TOTP",
+ "name" : "Configure OTP",
+ "providerId" : "CONFIGURE_TOTP",
+ "enabled" : true,
+ "defaultAction" : false,
+ "priority" : 10,
+ "config" : { }
+ }, {
+ "alias" : "terms_and_conditions",
+ "name" : "Terms and Conditions",
+ "providerId" : "terms_and_conditions",
+ "enabled" : false,
+ "defaultAction" : false,
+ "priority" : 20,
+ "config" : { }
+ }, {
+ "alias" : "UPDATE_PASSWORD",
+ "name" : "Update Password",
+ "providerId" : "UPDATE_PASSWORD",
+ "enabled" : true,
+ "defaultAction" : false,
+ "priority" : 30,
+ "config" : { }
+ }, {
+ "alias" : "UPDATE_PROFILE",
+ "name" : "Update Profile",
+ "providerId" : "UPDATE_PROFILE",
+ "enabled" : true,
+ "defaultAction" : false,
+ "priority" : 40,
+ "config" : { }
+ }, {
+ "alias" : "VERIFY_EMAIL",
+ "name" : "Verify Email",
+ "providerId" : "VERIFY_EMAIL",
+ "enabled" : true,
+ "defaultAction" : false,
+ "priority" : 50,
+ "config" : { }
+ }, {
+ "alias" : "delete_account",
+ "name" : "Delete Account",
+ "providerId" : "delete_account",
+ "enabled" : false,
+ "defaultAction" : false,
+ "priority" : 60,
+ "config" : { }
+ }, {
+ "alias" : "update_user_locale",
+ "name" : "Update User Locale",
+ "providerId" : "update_user_locale",
+ "enabled" : true,
+ "defaultAction" : false,
+ "priority" : 1000,
+ "config" : { }
+ } ],
+ "browserFlow" : "browser",
+ "registrationFlow" : "registration",
+ "directGrantFlow" : "direct grant",
+ "resetCredentialsFlow" : "reset credentials",
+ "clientAuthenticationFlow" : "clients",
+ "dockerAuthenticationFlow" : "docker auth",
+ "attributes" : { },
+ "keycloakVersion" : "12.0.3",
+ "userManagedAccessAllowed" : false
+} ]
\ No newline at end of file
diff --git a/examples/features/standard/security-keycloak/src/main/resources/jndi.properties b/examples/features/standard/security-keycloak/src/main/resources/jndi.properties
new file mode 100644
index 0000000..271bcf2
--- /dev/null
+++ b/examples/features/standard/security-keycloak/src/main/resources/jndi.properties
@@ -0,0 +1,20 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+java.naming.factory.initial=org.apache.activemq.artemis.jndi.ActiveMQInitialContextFactory
+connectionFactory.ConnectionFactory=tcp://localhost:61616
+queue.queue/Info=Info
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index 2aab82d..7aef79e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1752,6 +1752,7 @@
<exclude>**/*.txt</exclude>
<exclude>**/*.md</exclude>
<exclude>etc/ide-settings/**</exclude>
+ <exclude>**/*.json</exclude>
<exclude>docs/**/*.json</exclude>
<exclude>docs/**/_book/</exclude>
<exclude>docs/**/_layouts/</exclude>