diff --git a/pom.xml b/pom.xml
index 28be7a0624485bb04fb375e1cfb6c02e54778a04..c8a9a46a6359fe39f8ff1064eb2411c1da96d140 100644
--- a/pom.xml
+++ b/pom.xml
@@ -20,6 +20,7 @@
<api-lib.version>0.13.0</api-lib.version>
<nachrichten-manager.version>2.14.0</nachrichten-manager.version>
<testcontainers-keycloak.version>3.2.0</testcontainers-keycloak.version>
+ <mockserver-client.version>5.15.0</mockserver-client.version>
</properties>
<dependencies>
<!-- OZG-Cloud -->
@@ -36,15 +37,15 @@
<dependency>
<groupId>org.springframework.boot</groupId>
- <artifactId>spring-boot-starter-web</artifactId>
+ <artifactId>spring-boot-starter-validation</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
- <artifactId>spring-boot-starter-validation</artifactId>
+ <artifactId>spring-boot-starter-oauth2-client</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
- <artifactId>spring-boot-starter-oauth2-client</artifactId>
+ <artifactId>spring-boot-starter-webflux</artifactId>
</dependency>
<dependency>
@@ -70,12 +71,24 @@
<groupId>org.testcontainers</groupId>
<artifactId>testcontainers</artifactId>
<version>${testcontainers.version}</version>
+ <scope>test</scope>
</dependency>
<dependency>
<groupId>org.junit.jupiter</groupId>
<artifactId>junit-jupiter-engine</artifactId>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.mock-server</groupId>
+ <artifactId>mockserver-client-java</artifactId>
+ <version>${mockserver-client.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.testcontainers</groupId>
+ <artifactId>mockserver</artifactId>
+ <scope>test</scope>
+ </dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
diff --git a/src/main/java/de/ozgcloud/nachrichten/postfach/osiv2/OsiPostfachRemoteService.java b/src/main/java/de/ozgcloud/nachrichten/postfach/osiv2/OsiPostfachRemoteService.java
index f3c31950924184016b8193ebb8a7a1b6f25044db..3e7704cbece229f55cc21654f4f5eba368d8ac1c 100644
--- a/src/main/java/de/ozgcloud/nachrichten/postfach/osiv2/OsiPostfachRemoteService.java
+++ b/src/main/java/de/ozgcloud/nachrichten/postfach/osiv2/OsiPostfachRemoteService.java
@@ -2,17 +2,26 @@ package de.ozgcloud.nachrichten.postfach.osiv2;
import java.util.stream.Stream;
+import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Service;
+import org.springframework.web.reactive.function.client.WebClient;
import de.ozgcloud.nachrichten.postfach.PostfachNachricht;
import de.ozgcloud.nachrichten.postfach.PostfachRemoteService;
@Service
-public class OsiPostfachRemoteService implements PostfachRemoteService {
+public record OsiPostfachRemoteService(
+ @Qualifier("osi2PostfachWebClient") WebClient webClient
+) implements PostfachRemoteService {
public static final String POSTFACH_TYPE_OSIV2 = "OSIV2";
@Override
public void sendMessage(PostfachNachricht nachricht) {
+ webClient.get()
+ .uri("/dummy")
+ .retrieve()
+ .bodyToMono(String.class)
+ .block();
// TODO
}
diff --git a/src/main/java/de/ozgcloud/nachrichten/postfach/osiv2/config/WebClientConfiguration.java b/src/main/java/de/ozgcloud/nachrichten/postfach/osiv2/config/WebClientConfiguration.java
new file mode 100644
index 0000000000000000000000000000000000000000..454f52e0b89cf51700af6a0ed6a723972c1958e7
--- /dev/null
+++ b/src/main/java/de/ozgcloud/nachrichten/postfach/osiv2/config/WebClientConfiguration.java
@@ -0,0 +1,57 @@
+package de.ozgcloud.nachrichten.postfach.osiv2.config;
+
+import java.util.Objects;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Primary;
+import org.springframework.core.env.Environment;
+import org.springframework.security.oauth2.client.AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager;
+import org.springframework.security.oauth2.client.InMemoryReactiveOAuth2AuthorizedClientService;
+import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder;
+import org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository;
+import org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction;
+import org.springframework.web.reactive.function.client.WebClient;
+
+@Configuration
+public class WebClientConfiguration {
+
+ @Bean("osi2PostfachWebClient")
+ public WebClient osi2PostfachWebClient(
+ ServerOAuth2AuthorizedClientExchangeFilterFunction serverOAuth2AuthorizedClientExchangeFilterFunction,
+ Environment environment) {
+ var url = Objects.requireNonNull(
+ environment.getProperty("ozgcloud.osiv2-postfach.api.url"),
+ "ozgcloud.osiv2-postfach.api.url is not set");
+ return WebClient.builder()
+ .baseUrl(url)
+ .filter(serverOAuth2AuthorizedClientExchangeFilterFunction)
+ .build();
+ }
+
+ @Bean
+ @Primary
+ ServerOAuth2AuthorizedClientExchangeFilterFunction serverOAuth2AuthorizedClientExchangeFilterFunction(
+ ReactiveClientRegistrationRepository clientRegistrations) {
+
+ var oauth = new ServerOAuth2AuthorizedClientExchangeFilterFunction(authorizedClientManager(clientRegistrations));
+ oauth.setDefaultClientRegistrationId("osi2");
+ return oauth;
+ }
+
+ AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager authorizedClientManager(
+ ReactiveClientRegistrationRepository clientRegistrations) {
+ var clientService = new InMemoryReactiveOAuth2AuthorizedClientService(
+ clientRegistrations);
+ var authorizedClientManager = new AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager(
+ clientRegistrations, clientService);
+
+ authorizedClientManager.setAuthorizedClientProvider(
+ ReactiveOAuth2AuthorizedClientProviderBuilder.builder()
+ .clientCredentials()
+ .build());
+
+ return authorizedClientManager;
+ }
+
+}
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
index 065fffe83bf04cd7a435ee3d7a96b347b2f9379e..a93d8dad377c3600a25688a2d493602a3e1ba5d8 100644
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@@ -1,3 +1,21 @@
spring:
+ main:
+ web-application-type: reactive
jackson:
- default-property-inclusion: NON_NULL
\ No newline at end of file
+ default-property-inclusion: NON_NULL
+ security:
+ oauth2:
+ client:
+ registration:
+ osi2:
+ client-id: 'OZG-Kopfstelle'
+ client-secret: 'changeme'
+ scope: default, access_urn:some:scope:for:ozgkopfstelle
+ authorization-grant-type: 'client_credentials'
+ provider:
+ osi2:
+ token-uri: http://localhost:8080/realms/master/protocol/openid-connect/token
+ozgcloud:
+ osiv2-postfach:
+ api:
+ url: 'replaceme'
diff --git a/src/test/java/de/ozgcloud/nachrichten/postfach/osiv2/OsiPostfachRemoteServiceITCase.java b/src/test/java/de/ozgcloud/nachrichten/postfach/osiv2/OsiPostfachRemoteServiceITCase.java
index a9892fd3d7847e4ba2a366859f191a893efa4535..4633ec32a3c03cf9491201380ffdf23ef4e73736 100644
--- a/src/test/java/de/ozgcloud/nachrichten/postfach/osiv2/OsiPostfachRemoteServiceITCase.java
+++ b/src/test/java/de/ozgcloud/nachrichten/postfach/osiv2/OsiPostfachRemoteServiceITCase.java
@@ -1,18 +1,32 @@
package de.ozgcloud.nachrichten.postfach.osiv2;
+import static org.assertj.core.api.Assertions.*;
+import static org.mockserver.model.HttpRequest.*;
+import static org.mockserver.model.HttpResponse.*;
+
+import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.DisplayName;
import org.junit.jupiter.api.Nested;
import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.RegisterExtension;
+import org.mockserver.client.MockServerClient;
+import org.mockserver.matchers.Times;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.context.DynamicPropertyRegistry;
+import org.springframework.test.context.DynamicPropertySource;
-import dasniko.testcontainers.keycloak.KeycloakContainer;
import de.ozgcloud.nachrichten.postfach.PostfachNachricht;
+import de.ozgcloud.nachrichten.postfach.osiv2.extension.JwtParser;
+import de.ozgcloud.nachrichten.postfach.osiv2.extension.OsiMockServerExtension;
-@SpringBootTest(classes = OsiPostfachRemoteService.class)
+@SpringBootTest(classes = TestApplication.class, webEnvironment = SpringBootTest.WebEnvironment.NONE)
public class OsiPostfachRemoteServiceITCase {
- private static final String MESSAGE_ID = "message-id";
+ @RegisterExtension
+ static final OsiMockServerExtension OSI_MOCK_SERVER_EXTENSION = new OsiMockServerExtension();
+
+ private static final String MESSAGE_ID = "message-id";
private final PostfachNachricht postfachNachricht = PostfachNachricht.builder()
.messageId(MESSAGE_ID)
.build();
@@ -20,17 +34,49 @@ public class OsiPostfachRemoteServiceITCase {
@Autowired
private OsiPostfachRemoteService osiPostfachRemoteService;
+ @DynamicPropertySource
+ static void dynamicProperties(DynamicPropertyRegistry registry) {
+ registry.add("spring.security.oauth2.client.provider.osi2.token-uri", OSI_MOCK_SERVER_EXTENSION::getTokenUri);
+ registry.add("ozgcloud.osiv2-postfach.api.url", OSI_MOCK_SERVER_EXTENSION::getPostfachMockServerUrl);
+ }
+
+ private MockServerClient mockServerClient;
+
+ @BeforeEach
+ public void setup() {
+ mockServerClient = OSI_MOCK_SERVER_EXTENSION.getMockServerClient();
+ mockServerClient
+ .when(
+ request()
+ .withMethod("GET")
+ .withPath("/dummy"),
+ Times.exactly(1)
+ )
+ .respond(
+ response()
+ .withStatusCode(200)
+ );
+ }
+
@DisplayName("send message")
@Nested
class TestSendMessage {
- @DisplayName("should not fail")
+ @DisplayName("should send dummy request with jwt")
@Test
- void shouldNotFail() {
- try (var keycloakContainer = new KeycloakContainer("quay.io/keycloak/keycloak:24.0.5")
- .withRealmImportFile("keycloak-realm.json")) {
- keycloakContainer.start();
- osiPostfachRemoteService.sendMessage(postfachNachricht);
- }
+ void shouldSendDummyRequestWithJwt() {
+ osiPostfachRemoteService.sendMessage(postfachNachricht);
+
+ var requests = mockServerClient.retrieveRecordedRequests(
+ request()
+ .withMethod("GET")
+ .withPath("/dummy")
+ );
+ assertThat(requests).hasSize(1);
+ String clientId = JwtParser.parseBody(
+ requests[0].getHeader("Authorization").getFirst()
+ ).read("$.client_id");
+ assertThat(clientId).isEqualTo("OZG-Kopfstelle");
}
+
}
}
diff --git a/src/test/java/de/ozgcloud/nachrichten/postfach/osiv2/TestApplication.java b/src/test/java/de/ozgcloud/nachrichten/postfach/osiv2/TestApplication.java
new file mode 100644
index 0000000000000000000000000000000000000000..afa904e215a5a977eaffd542aadc82e26db44004
--- /dev/null
+++ b/src/test/java/de/ozgcloud/nachrichten/postfach/osiv2/TestApplication.java
@@ -0,0 +1,9 @@
+package de.ozgcloud.nachrichten.postfach.osiv2;
+
+import org.springframework.boot.autoconfigure.AutoConfiguration;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+@AutoConfiguration
+public class TestApplication {
+}
diff --git a/src/test/java/de/ozgcloud/nachrichten/postfach/osiv2/extension/JwtParser.java b/src/test/java/de/ozgcloud/nachrichten/postfach/osiv2/extension/JwtParser.java
new file mode 100644
index 0000000000000000000000000000000000000000..85c18edb1889ecdebdb31dc6f32317df77594ffc
--- /dev/null
+++ b/src/test/java/de/ozgcloud/nachrichten/postfach/osiv2/extension/JwtParser.java
@@ -0,0 +1,47 @@
+package de.ozgcloud.nachrichten.postfach.osiv2.extension;
+
+import org.eclipse.jgit.util.Base64;
+
+import com.jayway.jsonpath.JsonPath;
+import com.jayway.jsonpath.ReadContext;
+
+import lombok.SneakyThrows;
+
+public class JwtParser {
+
+ @SneakyThrows
+ public static ReadContext parseBody(String authorizationHeaderValue) {
+ var jwtParts = splitIntoSignatureAndHeaderAndBody(
+ discardBearerPrefix(authorizationHeaderValue)
+ );
+ var bodyPart = jwtParts[1];
+ return parseJsonPartFromUrlEncodedBase64(bodyPart);
+ }
+
+ private static ReadContext parseJsonPartFromUrlEncodedBase64(String base64EncodedPayload) {
+ return JsonPath.parse(new String(base64UrlDecode(base64EncodedPayload)));
+ }
+
+ private static String discardBearerPrefix(String authorizationHeaderValue) {
+ return authorizationHeaderValue.substring("Bearer ".length());
+ }
+
+ private static String[] splitIntoSignatureAndHeaderAndBody(String jwt) {
+ var jwtParts = jwt.split("\\.");
+ if (jwtParts.length != 3) {
+ throw new IllegalArgumentException("Invalid JWT token");
+ }
+ return jwtParts;
+ }
+
+ private static byte[] base64UrlDecode(String input) {
+ // Replace URL-safe characters
+ String base64 = input.replace('-', '+').replace('_', '/');
+ // Add padding if necessary
+ int padding = 4 - (base64.length() % 4);
+ if (padding < 4) {
+ base64 += "=".repeat(padding);
+ }
+ return Base64.decode(base64);
+ }
+}
diff --git a/src/test/java/de/ozgcloud/nachrichten/postfach/osiv2/extension/JwtParserTest.java b/src/test/java/de/ozgcloud/nachrichten/postfach/osiv2/extension/JwtParserTest.java
new file mode 100644
index 0000000000000000000000000000000000000000..9e5ab356ae8e7447395cecbd7839a42d0bd83820
--- /dev/null
+++ b/src/test/java/de/ozgcloud/nachrichten/postfach/osiv2/extension/JwtParserTest.java
@@ -0,0 +1,19 @@
+package de.ozgcloud.nachrichten.postfach.osiv2.extension;
+
+import static org.assertj.core.api.Assertions.*;
+
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.Test;
+
+class JwtParserTest {
+
+ @DisplayName("should parse")
+ @Test
+ void shouldParse() {
+ var headerValue = "Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJ1aV9EaHVXUzdocFhzV3dZTHRlOHFIRkR4bnNFYldlVmJBZ0pzaWpsWGw4In0.eyJleHAiOjE3MzEwNzA5NTEsImlhdCI6MTczMTA3MDg5MSwianRpIjoiZTFjNWE4YjEtZWEyYS00Mzg5LTkyNDQtZWE5Mjc4M2IyZDA1IiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDozMjkyNy9yZWFsbXMvbWFzdGVyIiwic3ViIjoiNTg1MzdjMGQtMzU3MS00MDExLWIxM2ItZDY1MGZjOGUwZjQ0IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiT1pHLUtvcGZzdGVsbGUiLCJzY29wZSI6ImFjY2Vzc191cm46c29tZTpzY29wZTpmb3I6b3pna29wZnN0ZWxsZSBkZWZhdWx0IiwiY2xpZW50SG9zdCI6IjE3Mi4xNy4wLjEiLCJjbGllbnRBZGRyZXNzIjoiMTcyLjE3LjAuMSIsImNsaWVudF9pZCI6Ik9aRy1Lb3Bmc3RlbGxlIn0.MRGusCVssO-fHRp8-tEcdQWE7QVi3P0iHdmO4rGUwj_17KtHzQAT8ShZEVvE8oL-y-XKAPh7eT9will3oON1qhW6GHbZk5Xds4P5u8D0iHNl8nCSi_YS122v9Q1gwPrwPtVH26AKrdNM_YYv0AzT63gOVUoK4YY4jLhow3Uid2AVr2OMNAtcSPMysHXS1VeQRrhOm33JF_WVlguIHNjRpvRqCULkwywBRXDJm2mHOohkXFf10nM3ORAlmeElJCZa7Lg0zeg3q957Z9Mv5KbZA1X_QiHR5qpaDvimn0R_TTCZTGWM00GfyEHi2UU1s2ZfBeZTLOTNg2MUuDgA1cI7CQ";
+ var context = JwtParser.parseBody(headerValue);
+
+ String value = context.read("$.client_id");
+ assertThat(value).isEqualTo("OZG-Kopfstelle");
+ }
+}
diff --git a/src/test/java/de/ozgcloud/nachrichten/postfach/osiv2/extension/OsiMockServerExtension.java b/src/test/java/de/ozgcloud/nachrichten/postfach/osiv2/extension/OsiMockServerExtension.java
new file mode 100644
index 0000000000000000000000000000000000000000..ad7c5601652fb2bd9ba5d6ab64b67e2636b30734
--- /dev/null
+++ b/src/test/java/de/ozgcloud/nachrichten/postfach/osiv2/extension/OsiMockServerExtension.java
@@ -0,0 +1,107 @@
+package de.ozgcloud.nachrichten.postfach.osiv2.extension;
+
+import static org.assertj.core.api.Assertions.*;
+
+import java.util.List;
+import java.util.function.Supplier;
+
+import jakarta.ws.rs.core.Response;
+
+import org.junit.jupiter.api.extension.AfterAllCallback;
+import org.junit.jupiter.api.extension.AfterEachCallback;
+import org.junit.jupiter.api.extension.BeforeAllCallback;
+import org.junit.jupiter.api.extension.ExtensionContext;
+import org.keycloak.admin.client.resource.RealmResource;
+import org.keycloak.representations.idm.ClientRepresentation;
+import org.keycloak.representations.idm.ClientScopeRepresentation;
+import org.mockserver.client.MockServerClient;
+import org.testcontainers.containers.MockServerContainer;
+import org.testcontainers.utility.DockerImageName;
+
+import dasniko.testcontainers.keycloak.KeycloakContainer;
+import lombok.Getter;
+import lombok.RequiredArgsConstructor;
+
+@Getter
+@RequiredArgsConstructor
+public class OsiMockServerExtension implements BeforeAllCallback, AfterAllCallback, AfterEachCallback {
+
+ private MockServerClient mockServerClient;
+ private MockServerContainer mockServerContainer;
+ private KeycloakContainer keycloakContainer;
+
+ @Override
+ public void beforeAll(ExtensionContext context) {
+ setupPostfachMockServer();
+ setupKeycloak();
+ }
+
+ @Override
+ public void afterEach(ExtensionContext context) {
+ mockServerClient.reset();
+ }
+
+ @Override
+ public void afterAll(ExtensionContext context) {
+ mockServerContainer.stop();
+ mockServerClient.stop();
+ keycloakContainer.stop();
+ }
+
+ private void setupPostfachMockServer() {
+ mockServerContainer = new MockServerContainer(DockerImageName.parse("mockserver/mockserver")
+ .withTag("mockserver-5.15.0"));
+ mockServerContainer.start();
+ mockServerClient = new MockServerClient(mockServerContainer.getHost(), mockServerContainer.getServerPort());
+ }
+
+ private void setupKeycloak() {
+ keycloakContainer = new KeycloakContainer("quay.io/keycloak/keycloak:24.0.5");
+ keycloakContainer.start();
+ try (var keycloak = keycloakContainer.getKeycloakAdminClient()) {
+ keycloak.tokenManager().getAccessToken();
+ var masterRealm = keycloak.realm("master");
+ var clientScopes = List.of("default", "access_urn:some:scope:for:ozgkopfstelle");
+ clientScopes.forEach(scope -> createClientScope(masterRealm, scope));
+ createPostfachClient(masterRealm, clientScopes);
+ }
+ }
+
+ private void createPostfachClient(RealmResource realmResource, List<String> clientScopes) {
+ var clients = realmResource.clients();
+ var postfach = new ClientRepresentation();
+ postfach.setClientId("OZG-Kopfstelle");
+ postfach.setSecret("changeme");
+ postfach.setOptionalClientScopes(clientScopes);
+ postfach.setServiceAccountsEnabled(true);
+ postfach.setEnabled(true);
+ verifyResponseOk(() -> clients.create(postfach));
+ }
+
+ private void createClientScope(RealmResource realmResource, String scopeName) {
+ var clientScopes = realmResource.clientScopes();
+ var clientScopeRepresentation = new ClientScopeRepresentation();
+ clientScopeRepresentation.setName(scopeName);
+ clientScopeRepresentation.setProtocol("openid-connect");
+ verifyResponseOk(() -> clientScopes.create(clientScopeRepresentation));
+ }
+
+ private void verifyResponseOk(Supplier<Response> responseSupplier) {
+ try (var response = responseSupplier.get()) {
+ assertThat(response.getStatus()).isEqualTo(201);
+ }
+ }
+
+ public String getTokenUri() {
+ return getAuthProtocolUrl() + "/token";
+ }
+
+ public String getAuthProtocolUrl() {
+ return keycloakContainer.getAuthServerUrl() + "/realms/master/protocol/openid-connect";
+ }
+
+ public String getPostfachMockServerUrl() {
+ return "http://" + mockServerClient.remoteAddress().getHostName() + ":" + mockServerClient.remoteAddress().getPort();
+ }
+
+}
diff --git a/src/test/resources/keycloak-realm.json b/src/test/resources/keycloak-realm.json
deleted file mode 100644
index b83c942c2f61a1b45dfd68fa13607c00f6b785c5..0000000000000000000000000000000000000000
--- a/src/test/resources/keycloak-realm.json
+++ /dev/null
@@ -1,2596 +0,0 @@
-{
- "id": "9fb3dc08-9cca-427a-b662-e15bbbaf8d41",
- "realm": "by-osiv2-itcase",
- "displayName": "Realm für Osiv2 (integration test)",
- "displayNameHtml": "",
- "notBefore": 0,
- "defaultSignatureAlgorithm": "RS256",
- "revokeRefreshToken": false,
- "refreshTokenMaxReuse": 0,
- "accessTokenLifespan": 300,
- "accessTokenLifespanForImplicitFlow": 900,
- "ssoSessionIdleTimeout": 1800,
- "ssoSessionMaxLifespan": 36000,
- "ssoSessionIdleTimeoutRememberMe": 0,
- "ssoSessionMaxLifespanRememberMe": 0,
- "offlineSessionIdleTimeout": 2592000,
- "offlineSessionMaxLifespanEnabled": false,
- "offlineSessionMaxLifespan": 5184000,
- "clientSessionIdleTimeout": 0,
- "clientSessionMaxLifespan": 0,
- "clientOfflineSessionIdleTimeout": 0,
- "clientOfflineSessionMaxLifespan": 0,
- "accessCodeLifespan": 60,
- "accessCodeLifespanUserAction": 300,
- "accessCodeLifespanLogin": 1800,
- "actionTokenGeneratedByAdminLifespan": 43200,
- "actionTokenGeneratedByUserLifespan": 900,
- "oauth2DeviceCodeLifespan": 600,
- "oauth2DevicePollingInterval": 5,
- "enabled": true,
- "sslRequired": "external",
- "registrationAllowed": false,
- "registrationEmailAsUsername": false,
- "rememberMe": false,
- "verifyEmail": false,
- "loginWithEmailAllowed": true,
- "duplicateEmailsAllowed": false,
- "resetPasswordAllowed": true,
- "editUsernameAllowed": false,
- "bruteForceProtected": false,
- "permanentLockout": false,
- "maxTemporaryLockouts": 0,
- "maxFailureWaitSeconds": 900,
- "minimumQuickLoginWaitSeconds": 60,
- "waitIncrementSeconds": 60,
- "quickLoginCheckMilliSeconds": 1000,
- "maxDeltaTimeSeconds": 43200,
- "failureFactor": 30,
- "roles": {
- "realm": [
- {
- "id": "aa37d676-8aa9-4235-a03d-66b9cceff164",
- "name": "uma_authorization",
- "description": "${role_uma_authorization}",
- "composite": false,
- "clientRole": false,
- "containerId": "9fb3dc08-9cca-427a-b662-e15bbbaf8d41",
- "attributes": {}
- },
- {
- "id": "9d72254c-28ee-44e5-a5c4-99291ab5e204",
- "name": "default-roles-by-kiel-dev",
- "description": "${role_default-roles}",
- "composite": true,
- "composites": {
- "realm": [
- "offline_access",
- "uma_authorization"
- ],
- "client": {
- "account": [
- "view-profile",
- "manage-account"
- ]
- }
- },
- "clientRole": false,
- "containerId": "9fb3dc08-9cca-427a-b662-e15bbbaf8d41",
- "attributes": {}
- },
- {
- "id": "5fa094fb-e72d-451e-bb02-9857ea35e49e",
- "name": "offline_access",
- "description": "${role_offline-access}",
- "composite": false,
- "clientRole": false,
- "containerId": "9fb3dc08-9cca-427a-b662-e15bbbaf8d41",
- "attributes": {}
- }
- ],
- "client": {
- "realm-management": [
- {
- "id": "a95fb9a4-c366-49a8-b866-b54318b7f0ff",
- "name": "query-clients",
- "description": "${role_query-clients}",
- "composite": false,
- "clientRole": true,
- "containerId": "2eaf9e7d-1d90-4b8c-9185-16d3a8dc07f8",
- "attributes": {}
- },
- {
- "id": "9b90b32d-b2b2-4d11-9478-4aad7ce7e7d2",
- "name": "query-realms",
- "description": "${role_query-realms}",
- "composite": false,
- "clientRole": true,
- "containerId": "2eaf9e7d-1d90-4b8c-9185-16d3a8dc07f8",
- "attributes": {}
- },
- {
- "id": "d7ca3e45-1da3-4b5c-b63d-254c72354f66",
- "name": "view-identity-providers",
- "description": "${role_view-identity-providers}",
- "composite": false,
- "clientRole": true,
- "containerId": "2eaf9e7d-1d90-4b8c-9185-16d3a8dc07f8",
- "attributes": {}
- },
- {
- "id": "d0dd95bb-08c1-4bab-8889-e0547fbc7aae",
- "name": "view-authorization",
- "description": "${role_view-authorization}",
- "composite": false,
- "clientRole": true,
- "containerId": "2eaf9e7d-1d90-4b8c-9185-16d3a8dc07f8",
- "attributes": {}
- },
- {
- "id": "b06b2a68-5d05-4261-8adb-e37df4f00051",
- "name": "view-clients",
- "description": "${role_view-clients}",
- "composite": true,
- "composites": {
- "client": {
- "realm-management": [
- "query-clients"
- ]
- }
- },
- "clientRole": true,
- "containerId": "2eaf9e7d-1d90-4b8c-9185-16d3a8dc07f8",
- "attributes": {}
- },
- {
- "id": "f7abcd33-ab8c-403e-b18d-850731521957",
- "name": "manage-clients",
- "description": "${role_manage-clients}",
- "composite": false,
- "clientRole": true,
- "containerId": "2eaf9e7d-1d90-4b8c-9185-16d3a8dc07f8",
- "attributes": {}
- },
- {
- "id": "71c5c353-9dd8-422f-b5af-3c69308144a3",
- "name": "manage-events",
- "description": "${role_manage-events}",
- "composite": false,
- "clientRole": true,
- "containerId": "2eaf9e7d-1d90-4b8c-9185-16d3a8dc07f8",
- "attributes": {}
- },
- {
- "id": "2f585ad5-f969-412b-bcfa-010915f099f1",
- "name": "view-realm",
- "description": "${role_view-realm}",
- "composite": false,
- "clientRole": true,
- "containerId": "2eaf9e7d-1d90-4b8c-9185-16d3a8dc07f8",
- "attributes": {}
- },
- {
- "id": "bd7c5537-1503-4b70-bdc8-ae4750bfc84e",
- "name": "manage-realm",
- "description": "${role_manage-realm}",
- "composite": false,
- "clientRole": true,
- "containerId": "2eaf9e7d-1d90-4b8c-9185-16d3a8dc07f8",
- "attributes": {}
- },
- {
- "id": "d9f279fc-1c03-471e-af08-b1baa9bd4978",
- "name": "query-users",
- "description": "${role_query-users}",
- "composite": false,
- "clientRole": true,
- "containerId": "2eaf9e7d-1d90-4b8c-9185-16d3a8dc07f8",
- "attributes": {}
- },
- {
- "id": "78075d96-9ee9-40af-96d1-4888073c1e18",
- "name": "impersonation",
- "description": "${role_impersonation}",
- "composite": false,
- "clientRole": true,
- "containerId": "2eaf9e7d-1d90-4b8c-9185-16d3a8dc07f8",
- "attributes": {}
- },
- {
- "id": "f3a6fa9f-da98-4d40-8feb-30a2fd388cf4",
- "name": "create-client",
- "description": "${role_create-client}",
- "composite": false,
- "clientRole": true,
- "containerId": "2eaf9e7d-1d90-4b8c-9185-16d3a8dc07f8",
- "attributes": {}
- },
- {
- "id": "295797f7-590b-45d3-b6bb-920f99f50939",
- "name": "realm-admin",
- "description": "${role_realm-admin}",
- "composite": true,
- "composites": {
- "client": {
- "realm-management": [
- "query-realms",
- "query-clients",
- "view-identity-providers",
- "view-clients",
- "view-authorization",
- "manage-clients",
- "manage-events",
- "view-realm",
- "manage-realm",
- "query-users",
- "impersonation",
- "create-client",
- "manage-authorization",
- "view-users",
- "query-groups",
- "manage-identity-providers",
- "view-events",
- "manage-users"
- ]
- }
- },
- "clientRole": true,
- "containerId": "2eaf9e7d-1d90-4b8c-9185-16d3a8dc07f8",
- "attributes": {}
- },
- {
- "id": "176455ae-1887-4dbb-9cf9-1a2ef7388cd4",
- "name": "manage-authorization",
- "description": "${role_manage-authorization}",
- "composite": false,
- "clientRole": true,
- "containerId": "2eaf9e7d-1d90-4b8c-9185-16d3a8dc07f8",
- "attributes": {}
- },
- {
- "id": "8d8da1be-f56a-434c-9043-eca4af5d8653",
- "name": "view-users",
- "description": "${role_view-users}",
- "composite": true,
- "composites": {
- "client": {
- "realm-management": [
- "query-groups",
- "query-users"
- ]
- }
- },
- "clientRole": true,
- "containerId": "2eaf9e7d-1d90-4b8c-9185-16d3a8dc07f8",
- "attributes": {}
- },
- {
- "id": "e1ffddbf-aaba-4d69-bb62-1c451bef2931",
- "name": "query-groups",
- "description": "${role_query-groups}",
- "composite": false,
- "clientRole": true,
- "containerId": "2eaf9e7d-1d90-4b8c-9185-16d3a8dc07f8",
- "attributes": {}
- },
- {
- "id": "a3dde97a-73bc-49a6-8f56-9168c784859c",
- "name": "manage-identity-providers",
- "description": "${role_manage-identity-providers}",
- "composite": false,
- "clientRole": true,
- "containerId": "2eaf9e7d-1d90-4b8c-9185-16d3a8dc07f8",
- "attributes": {}
- },
- {
- "id": "acc417b7-318e-4f1d-81b4-5142df47a314",
- "name": "view-events",
- "description": "${role_view-events}",
- "composite": false,
- "clientRole": true,
- "containerId": "2eaf9e7d-1d90-4b8c-9185-16d3a8dc07f8",
- "attributes": {}
- },
- {
- "id": "a0471c79-649f-419b-9442-246ab2e76497",
- "name": "manage-users",
- "description": "${role_manage-users}",
- "composite": false,
- "clientRole": true,
- "containerId": "2eaf9e7d-1d90-4b8c-9185-16d3a8dc07f8",
- "attributes": {}
- }
- ],
- "security-admin-console": [],
- "admin": [
- {
- "id": "c7782861-cafa-431b-997c-e236fd984c1a",
- "name": "ADMIN_ADMIN",
- "composite": false,
- "clientRole": true,
- "containerId": "eb4bd20c-9a70-47a5-86dc-6367f0aa3d90",
- "attributes": {}
- }
- ],
- "admin-cli": [],
- "account-console": [],
- "alfa": [
- {
- "id": "b33fb35d-ea27-432a-8e41-c29d20109803",
- "name": "VERWALTUNG_USER",
- "composite": false,
- "clientRole": true,
- "containerId": "cfdf3a5f-9cea-41cd-814f-3737601009ec",
- "attributes": {}
- },
- {
- "id": "cfb07d40-f25c-4ef1-84ff-57f75bf44898",
- "name": "VERWALTUNG_POSTSTELLE",
- "composite": false,
- "clientRole": true,
- "containerId": "cfdf3a5f-9cea-41cd-814f-3737601009ec",
- "attributes": {}
- },
- {
- "id": "fe9cc04a-98d5-41ea-9ccf-4573179deb63",
- "name": "VERWALTUNG_LOESCHEN",
- "composite": false,
- "clientRole": true,
- "containerId": "cfdf3a5f-9cea-41cd-814f-3737601009ec",
- "attributes": {}
- },
- {
- "id": "c9d4d4f1-7734-46b9-9284-8081b1fee5ac",
- "name": "ADMIN_ADMIN",
- "composite": false,
- "clientRole": true,
- "containerId": "cfdf3a5f-9cea-41cd-814f-3737601009ec",
- "attributes": {}
- }
- ],
- "broker": [
- {
- "id": "ee46e0b7-a166-4d24-92b2-24798c81d4eb",
- "name": "read-token",
- "description": "${role_read-token}",
- "composite": false,
- "clientRole": true,
- "containerId": "154629af-e006-45e8-bd77-8473230cd233",
- "attributes": {}
- }
- ],
- "account": [
- {
- "id": "c6273575-2e90-48c7-a416-586aaa5be1e4",
- "name": "view-groups",
- "description": "${role_view-groups}",
- "composite": false,
- "clientRole": true,
- "containerId": "c4286607-254b-4174-9aeb-0349b0d29f14",
- "attributes": {}
- },
- {
- "id": "c1377fdf-3ea9-4959-afa0-9aa65d4549e0",
- "name": "delete-account",
- "description": "${role_delete-account}",
- "composite": false,
- "clientRole": true,
- "containerId": "c4286607-254b-4174-9aeb-0349b0d29f14",
- "attributes": {}
- },
- {
- "id": "6da66269-7d6d-4fb2-9e16-887d4beee9dd",
- "name": "view-profile",
- "description": "${role_view-profile}",
- "composite": false,
- "clientRole": true,
- "containerId": "c4286607-254b-4174-9aeb-0349b0d29f14",
- "attributes": {}
- },
- {
- "id": "81f8a4a4-2358-4865-98c9-f4f229cb55ce",
- "name": "view-applications",
- "description": "${role_view-applications}",
- "composite": false,
- "clientRole": true,
- "containerId": "c4286607-254b-4174-9aeb-0349b0d29f14",
- "attributes": {}
- },
- {
- "id": "1610c6a4-d8b7-4a0c-96e7-9bc86f2622dc",
- "name": "manage-account-links",
- "description": "${role_manage-account-links}",
- "composite": false,
- "clientRole": true,
- "containerId": "c4286607-254b-4174-9aeb-0349b0d29f14",
- "attributes": {}
- },
- {
- "id": "1a043c28-ea11-4fb2-b133-dc333f2cdf50",
- "name": "view-consent",
- "description": "${role_view-consent}",
- "composite": false,
- "clientRole": true,
- "containerId": "c4286607-254b-4174-9aeb-0349b0d29f14",
- "attributes": {}
- },
- {
- "id": "0adfe0a0-4cb9-42ce-b7da-112851e6df7b",
- "name": "manage-account",
- "description": "${role_manage-account}",
- "composite": true,
- "composites": {
- "client": {
- "account": [
- "manage-account-links"
- ]
- }
- },
- "clientRole": true,
- "containerId": "c4286607-254b-4174-9aeb-0349b0d29f14",
- "attributes": {}
- },
- {
- "id": "0e3e9863-c429-4bb9-ae05-4c84a96c29cd",
- "name": "manage-consent",
- "description": "${role_manage-consent}",
- "composite": true,
- "composites": {
- "client": {
- "account": [
- "view-consent"
- ]
- }
- },
- "clientRole": true,
- "containerId": "c4286607-254b-4174-9aeb-0349b0d29f14",
- "attributes": {}
- }
- ]
- }
- },
- "groups": [
- {
- "id": "61252ad3-7778-491f-8a37-b4b08595f5cb",
- "name": "Bauamt",
- "path": "/Bauamt",
- "subGroups": [],
- "attributes": {
- "organisationseinheitId": [
- "248240886"
- ]
- },
- "realmRoles": [],
- "clientRoles": {}
- },
- {
- "id": "bfd284be-9d30-4e9a-82d2-daf9ac6593b6",
- "name": "Denkmalpflege",
- "path": "/Denkmalpflege",
- "subGroups": [
- {
- "id": "d7cb65c9-6791-40ac-b869-86befda22da8",
- "name": "Sub-Denkmal",
- "path": "/Denkmalpflege/Sub-Denkmal",
- "parentId": "bfd284be-9d30-4e9a-82d2-daf9ac6593b6",
- "subGroups": [],
- "attributes": {},
- "realmRoles": [],
- "clientRoles": {}
- }
- ],
- "attributes": {
- "organisationseinheitId": [
- "9093371"
- ]
- },
- "realmRoles": [],
- "clientRoles": {}
- },
- {
- "id": "e80b596b-7559-4437-8349-4732ac567d15",
- "name": "Fundstelle",
- "path": "/Fundstelle",
- "subGroups": [],
- "attributes": {
- "organisationseinheitId": [
- "10363455"
- ]
- },
- "realmRoles": [],
- "clientRoles": {}
- },
- {
- "id": "0404d241-c26c-439b-86c5-7d033d1e9c00",
- "name": "MitUnterGruppe",
- "path": "/MitUnterGruppe",
- "subGroups": [
- {
- "id": "64d0a2f8-1bb5-403f-a1b1-fad0fe63f33c",
- "name": "EineUntergruppe",
- "path": "/MitUnterGruppe/EineUntergruppe",
- "parentId": "0404d241-c26c-439b-86c5-7d033d1e9c00",
- "subGroups": [],
- "attributes": {
- "organisationseinheitId": [
- "456"
- ]
- },
- "realmRoles": [],
- "clientRoles": {}
- },
- {
- "id": "f5ae2753-dbac-4baf-bbc7-c2a0b8076f6e",
- "name": "EineUntergruppeOhneAttribute",
- "path": "/MitUnterGruppe/EineUntergruppeOhneAttribute",
- "parentId": "0404d241-c26c-439b-86c5-7d033d1e9c00",
- "subGroups": [],
- "attributes": {},
- "realmRoles": [],
- "clientRoles": {}
- }
- ],
- "attributes": {
- "organisationseinheitId": [
- "123"
- ]
- },
- "realmRoles": [],
- "clientRoles": {}
- },
- {
- "id": "155b4752-bbc3-4c6a-afa7-7769f1b2ea8a",
- "name": "Ordnungsamt",
- "path": "/Ordnungsamt",
- "subGroups": [],
- "attributes": {
- "organisationseinheitId": [
- "9030229"
- ]
- },
- "realmRoles": [],
- "clientRoles": {}
- },
- {
- "id": "53c11c42-9f8e-4cbc-b6da-1c1ff2d46187",
- "name": "Wirtschaftsförderung",
- "path": "/Wirtschaftsförderung",
- "subGroups": [],
- "attributes": {
- "organisationseinheitId": [
- "9797773"
- ]
- },
- "realmRoles": [],
- "clientRoles": {}
- }
- ],
- "defaultRole": {
- "id": "9d72254c-28ee-44e5-a5c4-99291ab5e204",
- "name": "default-roles-by-kiel-dev",
- "description": "${role_default-roles}",
- "composite": true,
- "clientRole": false,
- "containerId": "9fb3dc08-9cca-427a-b662-e15bbbaf8d41"
- },
- "requiredCredentials": [
- "password"
- ],
- "passwordPolicy": "upperCase(1) and lowerCase(1) and length(8) and notUsername",
- "otpPolicyType": "totp",
- "otpPolicyAlgorithm": "HmacSHA1",
- "otpPolicyInitialCounter": 0,
- "otpPolicyDigits": 6,
- "otpPolicyLookAheadWindow": 1,
- "otpPolicyPeriod": 30,
- "otpPolicyCodeReusable": false,
- "otpSupportedApplications": [
- "totpAppFreeOTPName",
- "totpAppGoogleName",
- "totpAppMicrosoftAuthenticatorName"
- ],
- "localizationTexts": {},
- "webAuthnPolicyRpEntityName": "keycloak",
- "webAuthnPolicySignatureAlgorithms": [
- "ES256"
- ],
- "webAuthnPolicyRpId": "",
- "webAuthnPolicyAttestationConveyancePreference": "not specified",
- "webAuthnPolicyAuthenticatorAttachment": "not specified",
- "webAuthnPolicyRequireResidentKey": "not specified",
- "webAuthnPolicyUserVerificationRequirement": "not specified",
- "webAuthnPolicyCreateTimeout": 0,
- "webAuthnPolicyAvoidSameAuthenticatorRegister": false,
- "webAuthnPolicyAcceptableAaguids": [],
- "webAuthnPolicyExtraOrigins": [],
- "webAuthnPolicyPasswordlessRpEntityName": "keycloak",
- "webAuthnPolicyPasswordlessSignatureAlgorithms": [
- "ES256"
- ],
- "webAuthnPolicyPasswordlessRpId": "",
- "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified",
- "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified",
- "webAuthnPolicyPasswordlessRequireResidentKey": "not specified",
- "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified",
- "webAuthnPolicyPasswordlessCreateTimeout": 0,
- "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false,
- "webAuthnPolicyPasswordlessAcceptableAaguids": [],
- "webAuthnPolicyPasswordlessExtraOrigins": [],
- "scopeMappings": [
- {
- "clientScope": "offline_access",
- "roles": [
- "offline_access"
- ]
- }
- ],
- "clientScopeMappings": {
- "account": [
- {
- "client": "account-console",
- "roles": [
- "manage-account",
- "view-groups"
- ]
- }
- ]
- },
- "clients": [
- {
- "id": "c4286607-254b-4174-9aeb-0349b0d29f14",
- "clientId": "account",
- "name": "${client_account}",
- "rootUrl": "${authBaseUrl}",
- "baseUrl": "/realms/by-kiel-dev/account/",
- "surrogateAuthRequired": false,
- "enabled": true,
- "alwaysDisplayInConsole": false,
- "clientAuthenticatorType": "client-secret",
- "redirectUris": [
- "/realms/by-kiel-dev/account/*"
- ],
- "webOrigins": [],
- "notBefore": 0,
- "bearerOnly": false,
- "consentRequired": false,
- "standardFlowEnabled": true,
- "implicitFlowEnabled": false,
- "directAccessGrantsEnabled": false,
- "serviceAccountsEnabled": false,
- "publicClient": true,
- "frontchannelLogout": false,
- "protocol": "openid-connect",
- "attributes": {
- "post.logout.redirect.uris": "+"
- },
- "authenticationFlowBindingOverrides": {},
- "fullScopeAllowed": false,
- "nodeReRegistrationTimeout": 0,
- "defaultClientScopes": [
- "web-origins",
- "acr",
- "roles",
- "profile",
- "email"
- ],
- "optionalClientScopes": [
- "address",
- "phone",
- "offline_access",
- "microprofile-jwt"
- ]
- },
- {
- "id": "42edd91a-5674-4eee-819e-a6563df8d93b",
- "clientId": "account-console",
- "name": "${client_account-console}",
- "rootUrl": "${authBaseUrl}",
- "baseUrl": "/realms/by-kiel-dev/account/",
- "surrogateAuthRequired": false,
- "enabled": true,
- "alwaysDisplayInConsole": false,
- "clientAuthenticatorType": "client-secret",
- "redirectUris": [
- "/realms/by-kiel-dev/account/*"
- ],
- "webOrigins": [],
- "notBefore": 0,
- "bearerOnly": false,
- "consentRequired": false,
- "standardFlowEnabled": true,
- "implicitFlowEnabled": false,
- "directAccessGrantsEnabled": false,
- "serviceAccountsEnabled": false,
- "publicClient": true,
- "frontchannelLogout": false,
- "protocol": "openid-connect",
- "attributes": {
- "post.logout.redirect.uris": "+",
- "pkce.code.challenge.method": "S256"
- },
- "authenticationFlowBindingOverrides": {},
- "fullScopeAllowed": false,
- "nodeReRegistrationTimeout": 0,
- "protocolMappers": [
- {
- "id": "a06adeb3-ca21-4d2d-b2fd-83d8f095a59e",
- "name": "audience resolve",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-audience-resolve-mapper",
- "consentRequired": false,
- "config": {}
- }
- ],
- "defaultClientScopes": [
- "web-origins",
- "acr",
- "roles",
- "profile",
- "email"
- ],
- "optionalClientScopes": [
- "address",
- "phone",
- "offline_access",
- "microprofile-jwt"
- ]
- },
- {
- "id": "eb4bd20c-9a70-47a5-86dc-6367f0aa3d90",
- "clientId": "admin",
- "name": "",
- "description": "",
- "rootUrl": "",
- "adminUrl": "",
- "baseUrl": "https://kiel-admin.dev.by.ozg-cloud.de",
- "surrogateAuthRequired": false,
- "enabled": true,
- "alwaysDisplayInConsole": false,
- "clientAuthenticatorType": "client-secret",
- "redirectUris": [
- "http://localhost:8080/*",
- "http://localadmin:4301",
- "https://kiel-admin.dev.by.ozg-cloud.de",
- "http://localhost:4301",
- "http://localhost:4300",
- "http://localhost:8080",
- "https://kiel-admin.dev.by.ozg-cloud.de/*",
- "http://localadmin:4301/*",
- "http://localhost:4300/*",
- "http://localhost:4301/*"
- ],
- "webOrigins": [
- "https://kiel-admin.dev.by.ozg-cloud.de",
- "+"
- ],
- "notBefore": 0,
- "bearerOnly": false,
- "consentRequired": false,
- "standardFlowEnabled": true,
- "implicitFlowEnabled": true,
- "directAccessGrantsEnabled": true,
- "serviceAccountsEnabled": false,
- "publicClient": true,
- "frontchannelLogout": false,
- "protocol": "openid-connect",
- "attributes": {
- "oidc.ciba.grant.enabled": "false",
- "backchannel.logout.session.required": "true",
- "post.logout.redirect.uris": "+",
- "oauth2.device.authorization.grant.enabled": "false",
- "display.on.consent.screen": "false",
- "backchannel.logout.revoke.offline.tokens": "true"
- },
- "authenticationFlowBindingOverrides": {},
- "fullScopeAllowed": true,
- "nodeReRegistrationTimeout": -1,
- "protocolMappers": [
- {
- "id": "c4d23266-80e2-4017-b33f-519984912c69",
- "name": "organisationseinheitIdLdapMapper",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper",
- "consentRequired": false,
- "config": {
- "aggregate.attrs": "true",
- "multivalued": "true",
- "userinfo.token.claim": "true",
- "user.attribute": "extensionAttribute1",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "organisationseinheitId",
- "jsonType.label": "int"
- }
- },
- {
- "id": "e068b24d-9731-4b81-a49a-8107e3053daa",
- "name": "ozgCloudUserId",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper",
- "consentRequired": false,
- "config": {
- "aggregate.attrs": "false",
- "multivalued": "false",
- "userinfo.token.claim": "true",
- "user.attribute": "ozgCloudUserId",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "ozgCloudUserId"
- }
- },
- {
- "id": "9ed930aa-7dfd-441b-b4c1-829c8abc060e",
- "name": "organisationseinheitIdMapper",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper",
- "consentRequired": false,
- "config": {
- "aggregate.attrs": "true",
- "multivalued": "true",
- "userinfo.token.claim": "true",
- "user.attribute": "organisationseinheitId",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "organisationseinheitId",
- "jsonType.label": "String"
- }
- },
- {
- "id": "8fb48032-25c0-489a-bd24-f13e37e7c285",
- "name": "client roles",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-client-role-mapper",
- "consentRequired": false,
- "config": {
- "id.token.claim": "false",
- "access.token.claim": "true",
- "claim.name": "resource_access.${client_id}.roles",
- "multivalued": "true"
- }
- }
- ],
- "defaultClientScopes": [
- "web-origins",
- "acr",
- "roles",
- "profile",
- "email"
- ],
- "optionalClientScopes": [
- "address",
- "phone",
- "offline_access",
- "microprofile-jwt"
- ]
- },
- {
- "id": "9bf972cc-a9bd-4006-bbb6-eb2b17cdcaf3",
- "clientId": "admin-cli",
- "name": "${client_admin-cli}",
- "surrogateAuthRequired": false,
- "enabled": true,
- "alwaysDisplayInConsole": false,
- "clientAuthenticatorType": "client-secret",
- "redirectUris": [],
- "webOrigins": [],
- "notBefore": 0,
- "bearerOnly": false,
- "consentRequired": false,
- "standardFlowEnabled": false,
- "implicitFlowEnabled": false,
- "directAccessGrantsEnabled": true,
- "serviceAccountsEnabled": false,
- "publicClient": true,
- "frontchannelLogout": false,
- "protocol": "openid-connect",
- "attributes": {},
- "authenticationFlowBindingOverrides": {},
- "fullScopeAllowed": false,
- "nodeReRegistrationTimeout": 0,
- "defaultClientScopes": [
- "web-origins",
- "acr",
- "roles",
- "profile",
- "email"
- ],
- "optionalClientScopes": [
- "address",
- "phone",
- "offline_access",
- "microprofile-jwt"
- ]
- },
- {
- "id": "cfdf3a5f-9cea-41cd-814f-3737601009ec",
- "clientId": "alfa",
- "name": "",
- "description": "",
- "rootUrl": "",
- "adminUrl": "",
- "baseUrl": "https://kiel.dev.by.ozg-cloud.de",
- "surrogateAuthRequired": false,
- "enabled": true,
- "alwaysDisplayInConsole": false,
- "clientAuthenticatorType": "client-secret",
- "redirectUris": [
- "https://kiel.dev.by.ozg-cloud.de",
- "http://localhost:4300",
- "http://192.168.178.20:4300",
- "http://192.168.178.20:4300/*",
- "http://localalfa:4301",
- "http://localhost:4300/*",
- "https://kiel.dev.by.ozg-cloud.de/*",
- "http://localalfa:4301/*"
- ],
- "webOrigins": [
- "+"
- ],
- "notBefore": 0,
- "bearerOnly": false,
- "consentRequired": false,
- "standardFlowEnabled": true,
- "implicitFlowEnabled": true,
- "directAccessGrantsEnabled": true,
- "serviceAccountsEnabled": false,
- "publicClient": true,
- "frontchannelLogout": false,
- "protocol": "openid-connect",
- "attributes": {
- "oidc.ciba.grant.enabled": "false",
- "backchannel.logout.session.required": "true",
- "post.logout.redirect.uris": "+",
- "oauth2.device.authorization.grant.enabled": "false",
- "display.on.consent.screen": "false",
- "backchannel.logout.revoke.offline.tokens": "false"
- },
- "authenticationFlowBindingOverrides": {},
- "fullScopeAllowed": true,
- "nodeReRegistrationTimeout": -1,
- "protocolMappers": [
- {
- "id": "6b331d31-8e18-40d7-b060-07be600a514f",
- "name": "organisationseinheitIdMapper",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper",
- "consentRequired": false,
- "config": {
- "aggregate.attrs": "true",
- "multivalued": "true",
- "userinfo.token.claim": "true",
- "user.attribute": "organisationseinheitId",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "organisationseinheitId",
- "jsonType.label": "String"
- }
- },
- {
- "id": "0be41781-9e05-42a1-a2d0-3121dbdaa7ac",
- "name": "organisationseinheitIdLdapMapper",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper",
- "consentRequired": false,
- "config": {
- "aggregate.attrs": "true",
- "multivalued": "true",
- "userinfo.token.claim": "true",
- "user.attribute": "extensionAttribute1",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "organisationseinheitId",
- "jsonType.label": "int"
- }
- },
- {
- "id": "906cac18-b448-44ba-8107-fb5286be3f0c",
- "name": "client roles",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-client-role-mapper",
- "consentRequired": false,
- "config": {
- "id.token.claim": "false",
- "access.token.claim": "true",
- "claim.name": "resource_access.${client_id}.roles",
- "multivalued": "true"
- }
- },
- {
- "id": "14117f93-bf7a-4c20-a8cf-b46d96598c57",
- "name": "ozgCloudUserId",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper",
- "consentRequired": false,
- "config": {
- "aggregate.attrs": "false",
- "multivalued": "false",
- "userinfo.token.claim": "true",
- "user.attribute": "ozgCloudUserId",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "ozgCloudUserId"
- }
- }
- ],
- "defaultClientScopes": [
- "web-origins",
- "acr",
- "roles",
- "profile",
- "email"
- ],
- "optionalClientScopes": [
- "address",
- "phone",
- "offline_access",
- "microprofile-jwt"
- ]
- },
- {
- "id": "154629af-e006-45e8-bd77-8473230cd233",
- "clientId": "broker",
- "name": "${client_broker}",
- "surrogateAuthRequired": false,
- "enabled": true,
- "alwaysDisplayInConsole": false,
- "clientAuthenticatorType": "client-secret",
- "redirectUris": [],
- "webOrigins": [],
- "notBefore": 0,
- "bearerOnly": true,
- "consentRequired": false,
- "standardFlowEnabled": true,
- "implicitFlowEnabled": false,
- "directAccessGrantsEnabled": false,
- "serviceAccountsEnabled": false,
- "publicClient": false,
- "frontchannelLogout": false,
- "protocol": "openid-connect",
- "attributes": {},
- "authenticationFlowBindingOverrides": {},
- "fullScopeAllowed": false,
- "nodeReRegistrationTimeout": 0,
- "defaultClientScopes": [
- "web-origins",
- "acr",
- "roles",
- "profile",
- "email"
- ],
- "optionalClientScopes": [
- "address",
- "phone",
- "offline_access",
- "microprofile-jwt"
- ]
- },
- {
- "id": "2eaf9e7d-1d90-4b8c-9185-16d3a8dc07f8",
- "clientId": "realm-management",
- "name": "${client_realm-management}",
- "surrogateAuthRequired": false,
- "enabled": true,
- "alwaysDisplayInConsole": false,
- "clientAuthenticatorType": "client-secret",
- "redirectUris": [],
- "webOrigins": [],
- "notBefore": 0,
- "bearerOnly": true,
- "consentRequired": false,
- "standardFlowEnabled": true,
- "implicitFlowEnabled": false,
- "directAccessGrantsEnabled": false,
- "serviceAccountsEnabled": false,
- "publicClient": false,
- "frontchannelLogout": false,
- "protocol": "openid-connect",
- "attributes": {},
- "authenticationFlowBindingOverrides": {},
- "fullScopeAllowed": false,
- "nodeReRegistrationTimeout": 0,
- "defaultClientScopes": [
- "web-origins",
- "acr",
- "roles",
- "profile",
- "email"
- ],
- "optionalClientScopes": [
- "address",
- "phone",
- "offline_access",
- "microprofile-jwt"
- ]
- },
- {
- "id": "791b4dc0-ac09-4cde-b5db-ec733bb3a6e4",
- "clientId": "security-admin-console",
- "name": "${client_security-admin-console}",
- "rootUrl": "${authAdminUrl}",
- "baseUrl": "/admin/by-kiel-dev/console/",
- "surrogateAuthRequired": false,
- "enabled": true,
- "alwaysDisplayInConsole": false,
- "clientAuthenticatorType": "client-secret",
- "redirectUris": [
- "/admin/by-kiel-dev/console/*"
- ],
- "webOrigins": [
- "+"
- ],
- "notBefore": 0,
- "bearerOnly": false,
- "consentRequired": false,
- "standardFlowEnabled": true,
- "implicitFlowEnabled": false,
- "directAccessGrantsEnabled": false,
- "serviceAccountsEnabled": false,
- "publicClient": true,
- "frontchannelLogout": false,
- "protocol": "openid-connect",
- "attributes": {
- "post.logout.redirect.uris": "+",
- "pkce.code.challenge.method": "S256"
- },
- "authenticationFlowBindingOverrides": {},
- "fullScopeAllowed": false,
- "nodeReRegistrationTimeout": 0,
- "protocolMappers": [
- {
- "id": "53c5b15d-fb00-4081-8e8c-3986bc85e22e",
- "name": "locale",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper",
- "consentRequired": false,
- "config": {
- "introspection.token.claim": "true",
- "userinfo.token.claim": "true",
- "user.attribute": "locale",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "locale",
- "jsonType.label": "String"
- }
- }
- ],
- "defaultClientScopes": [
- "web-origins",
- "acr",
- "roles",
- "profile",
- "email"
- ],
- "optionalClientScopes": [
- "address",
- "phone",
- "offline_access",
- "microprofile-jwt"
- ]
- }
- ],
- "clientScopes": [
- {
- "id": "098bb831-26d2-46b6-b598-8488b3a10cb6",
- "name": "role_list",
- "description": "SAML role list",
- "protocol": "saml",
- "attributes": {
- "consent.screen.text": "${samlRoleListScopeConsentText}",
- "display.on.consent.screen": "true"
- },
- "protocolMappers": [
- {
- "id": "b2d3572c-cd67-4950-8387-0dd9d9ae5790",
- "name": "role list",
- "protocol": "saml",
- "protocolMapper": "saml-role-list-mapper",
- "consentRequired": false,
- "config": {
- "single": "false",
- "attribute.nameformat": "Basic",
- "attribute.name": "Role"
- }
- }
- ]
- },
- {
- "id": "3d9cb752-05c9-4e97-bd98-54e4243bceef",
- "name": "roles",
- "description": "OpenID Connect scope for add user roles to the access token",
- "protocol": "openid-connect",
- "attributes": {
- "include.in.token.scope": "false",
- "display.on.consent.screen": "true",
- "consent.screen.text": "${rolesScopeConsentText}"
- },
- "protocolMappers": [
- {
- "id": "7991afb7-b0f6-41cc-9d4c-be1e0b566f9a",
- "name": "realm roles",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-realm-role-mapper",
- "consentRequired": false,
- "config": {
- "introspection.token.claim": "true",
- "multivalued": "true",
- "user.attribute": "foo",
- "access.token.claim": "true",
- "claim.name": "realm_access.roles",
- "jsonType.label": "String"
- }
- },
- {
- "id": "97f3d23d-383c-41f0-93bb-222a9605c322",
- "name": "client roles",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-client-role-mapper",
- "consentRequired": false,
- "config": {
- "introspection.token.claim": "true",
- "multivalued": "true",
- "user.attribute": "foo",
- "access.token.claim": "true",
- "claim.name": "resource_access.${client_id}.roles",
- "jsonType.label": "String"
- }
- },
- {
- "id": "59850e33-3697-44aa-bd7d-7d62d743ec90",
- "name": "audience resolve",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-audience-resolve-mapper",
- "consentRequired": false,
- "config": {
- "introspection.token.claim": "true",
- "access.token.claim": "true"
- }
- }
- ]
- },
- {
- "id": "d0016b43-38b8-446e-a2ee-e13748d58540",
- "name": "offline_access",
- "description": "OpenID Connect built-in scope: offline_access",
- "protocol": "openid-connect",
- "attributes": {
- "consent.screen.text": "${offlineAccessScopeConsentText}",
- "display.on.consent.screen": "true"
- }
- },
- {
- "id": "373a60da-98ff-45ab-a4ac-7d7bed6bea79",
- "name": "microprofile-jwt",
- "description": "Microprofile - JWT built-in scope",
- "protocol": "openid-connect",
- "attributes": {
- "include.in.token.scope": "true",
- "display.on.consent.screen": "false"
- },
- "protocolMappers": [
- {
- "id": "ea806811-00a6-46e1-86c9-3986525d12cc",
- "name": "upn",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper",
- "consentRequired": false,
- "config": {
- "introspection.token.claim": "true",
- "userinfo.token.claim": "true",
- "user.attribute": "username",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "upn",
- "jsonType.label": "String"
- }
- },
- {
- "id": "599bfce4-81d0-448b-a4b6-48dc37c26c6f",
- "name": "groups",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-realm-role-mapper",
- "consentRequired": false,
- "config": {
- "introspection.token.claim": "true",
- "multivalued": "true",
- "user.attribute": "foo",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "groups",
- "jsonType.label": "String"
- }
- }
- ]
- },
- {
- "id": "221cb3f6-a8aa-4dbc-92e9-cc5c74e333f3",
- "name": "acr",
- "description": "OpenID Connect scope for add acr (authentication context class reference) to the token",
- "protocol": "openid-connect",
- "attributes": {
- "include.in.token.scope": "false",
- "display.on.consent.screen": "false"
- },
- "protocolMappers": [
- {
- "id": "b1f822a6-e9d5-41d2-ab74-7145889be2ea",
- "name": "acr loa level",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-acr-mapper",
- "consentRequired": false,
- "config": {
- "id.token.claim": "true",
- "introspection.token.claim": "true",
- "access.token.claim": "true"
- }
- }
- ]
- },
- {
- "id": "d9824d52-35f3-480c-acee-de0f9bbd332a",
- "name": "address",
- "description": "OpenID Connect built-in scope: address",
- "protocol": "openid-connect",
- "attributes": {
- "include.in.token.scope": "true",
- "display.on.consent.screen": "true",
- "consent.screen.text": "${addressScopeConsentText}"
- },
- "protocolMappers": [
- {
- "id": "043959f8-3a9e-46ce-99a4-53454d12b783",
- "name": "address",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-address-mapper",
- "consentRequired": false,
- "config": {
- "user.attribute.formatted": "formatted",
- "user.attribute.country": "country",
- "introspection.token.claim": "true",
- "user.attribute.postal_code": "postal_code",
- "userinfo.token.claim": "true",
- "user.attribute.street": "street",
- "id.token.claim": "true",
- "user.attribute.region": "region",
- "access.token.claim": "true",
- "user.attribute.locality": "locality"
- }
- }
- ]
- },
- {
- "id": "32657f48-d612-4ef3-bb73-631d4fca6301",
- "name": "profile",
- "description": "OpenID Connect built-in scope: profile",
- "protocol": "openid-connect",
- "attributes": {
- "include.in.token.scope": "true",
- "display.on.consent.screen": "true",
- "consent.screen.text": "${profileScopeConsentText}"
- },
- "protocolMappers": [
- {
- "id": "80552443-1934-41f7-8c4e-efe6239d2445",
- "name": "gender",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper",
- "consentRequired": false,
- "config": {
- "introspection.token.claim": "true",
- "userinfo.token.claim": "true",
- "user.attribute": "gender",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "gender",
- "jsonType.label": "String"
- }
- },
- {
- "id": "fcb237ea-0eeb-49ea-85a3-7bbda6c26e8c",
- "name": "username",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper",
- "consentRequired": false,
- "config": {
- "introspection.token.claim": "true",
- "userinfo.token.claim": "true",
- "user.attribute": "username",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "preferred_username",
- "jsonType.label": "String"
- }
- },
- {
- "id": "04815367-eee2-4cb5-a1d1-2b7430cdc6c0",
- "name": "picture",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper",
- "consentRequired": false,
- "config": {
- "introspection.token.claim": "true",
- "userinfo.token.claim": "true",
- "user.attribute": "picture",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "picture",
- "jsonType.label": "String"
- }
- },
- {
- "id": "13896dc7-f986-446a-922e-e68f38cd23a4",
- "name": "family name",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper",
- "consentRequired": false,
- "config": {
- "introspection.token.claim": "true",
- "userinfo.token.claim": "true",
- "user.attribute": "lastName",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "family_name",
- "jsonType.label": "String"
- }
- },
- {
- "id": "b986b4eb-e6a5-44ae-b54f-54b81bb3c724",
- "name": "middle name",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper",
- "consentRequired": false,
- "config": {
- "introspection.token.claim": "true",
- "userinfo.token.claim": "true",
- "user.attribute": "middleName",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "middle_name",
- "jsonType.label": "String"
- }
- },
- {
- "id": "f5d14319-b5d6-4546-90c0-01733ebb6b7c",
- "name": "locale",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper",
- "consentRequired": false,
- "config": {
- "introspection.token.claim": "true",
- "userinfo.token.claim": "true",
- "user.attribute": "locale",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "locale",
- "jsonType.label": "String"
- }
- },
- {
- "id": "ed0a6d54-206d-4b4a-8a7d-59ff10edd6eb",
- "name": "profile",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper",
- "consentRequired": false,
- "config": {
- "introspection.token.claim": "true",
- "userinfo.token.claim": "true",
- "user.attribute": "profile",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "profile",
- "jsonType.label": "String"
- }
- },
- {
- "id": "68c2ec34-8341-478c-bf5f-f216b819872b",
- "name": "nickname",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper",
- "consentRequired": false,
- "config": {
- "introspection.token.claim": "true",
- "userinfo.token.claim": "true",
- "user.attribute": "nickname",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "nickname",
- "jsonType.label": "String"
- }
- },
- {
- "id": "3887b581-ed17-410b-913d-e153ca8a7bab",
- "name": "birthdate",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper",
- "consentRequired": false,
- "config": {
- "introspection.token.claim": "true",
- "userinfo.token.claim": "true",
- "user.attribute": "birthdate",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "birthdate",
- "jsonType.label": "String"
- }
- },
- {
- "id": "2c20a2cf-ff6e-4cf6-895d-94a5ec9327aa",
- "name": "zoneinfo",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper",
- "consentRequired": false,
- "config": {
- "introspection.token.claim": "true",
- "userinfo.token.claim": "true",
- "user.attribute": "zoneinfo",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "zoneinfo",
- "jsonType.label": "String"
- }
- },
- {
- "id": "138dae3a-2c49-4a6d-a6b8-e6cf89fd9401",
- "name": "updated at",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper",
- "consentRequired": false,
- "config": {
- "introspection.token.claim": "true",
- "userinfo.token.claim": "true",
- "user.attribute": "updatedAt",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "updated_at",
- "jsonType.label": "long"
- }
- },
- {
- "id": "ce313b72-9554-484e-8363-7163a5aa37fb",
- "name": "given name",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper",
- "consentRequired": false,
- "config": {
- "introspection.token.claim": "true",
- "userinfo.token.claim": "true",
- "user.attribute": "firstName",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "given_name",
- "jsonType.label": "String"
- }
- },
- {
- "id": "16441849-ff71-46cd-a890-9fd29a8382d6",
- "name": "website",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper",
- "consentRequired": false,
- "config": {
- "introspection.token.claim": "true",
- "userinfo.token.claim": "true",
- "user.attribute": "website",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "website",
- "jsonType.label": "String"
- }
- },
- {
- "id": "80c89419-9a38-4a18-8fa4-d8bfe6171138",
- "name": "full name",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-full-name-mapper",
- "consentRequired": false,
- "config": {
- "id.token.claim": "true",
- "introspection.token.claim": "true",
- "access.token.claim": "true",
- "userinfo.token.claim": "true"
- }
- }
- ]
- },
- {
- "id": "e677eef2-34d0-40f6-af92-deb31a48959f",
- "name": "phone",
- "description": "OpenID Connect built-in scope: phone",
- "protocol": "openid-connect",
- "attributes": {
- "include.in.token.scope": "true",
- "display.on.consent.screen": "true",
- "consent.screen.text": "${phoneScopeConsentText}"
- },
- "protocolMappers": [
- {
- "id": "938622c5-6395-4b7e-b64c-5446cdcddecf",
- "name": "phone number",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper",
- "consentRequired": false,
- "config": {
- "introspection.token.claim": "true",
- "userinfo.token.claim": "true",
- "user.attribute": "phoneNumber",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "phone_number",
- "jsonType.label": "String"
- }
- },
- {
- "id": "ce073411-a4f9-4704-bbb4-0d0e1e86426b",
- "name": "phone number verified",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper",
- "consentRequired": false,
- "config": {
- "introspection.token.claim": "true",
- "userinfo.token.claim": "true",
- "user.attribute": "phoneNumberVerified",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "phone_number_verified",
- "jsonType.label": "boolean"
- }
- }
- ]
- },
- {
- "id": "65011340-d61d-4e1e-9967-b5e0451d8b6a",
- "name": "web-origins",
- "description": "OpenID Connect scope for add allowed web origins to the access token",
- "protocol": "openid-connect",
- "attributes": {
- "include.in.token.scope": "false",
- "display.on.consent.screen": "false",
- "consent.screen.text": ""
- },
- "protocolMappers": [
- {
- "id": "dc16a85a-56ee-4441-8bcb-63a029ab6355",
- "name": "allowed web origins",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-allowed-origins-mapper",
- "consentRequired": false,
- "config": {
- "introspection.token.claim": "true",
- "access.token.claim": "true"
- }
- }
- ]
- },
- {
- "id": "0a04bdc3-07a3-4398-b412-d71e83105a79",
- "name": "email",
- "description": "OpenID Connect built-in scope: email",
- "protocol": "openid-connect",
- "attributes": {
- "include.in.token.scope": "true",
- "display.on.consent.screen": "true",
- "consent.screen.text": "${emailScopeConsentText}"
- },
- "protocolMappers": [
- {
- "id": "63b5236f-b030-47ee-ac4a-ee93311f1729",
- "name": "email verified",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-property-mapper",
- "consentRequired": false,
- "config": {
- "introspection.token.claim": "true",
- "userinfo.token.claim": "true",
- "user.attribute": "emailVerified",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "email_verified",
- "jsonType.label": "boolean"
- }
- },
- {
- "id": "9a6b68cc-2bd6-4ade-a490-7c9e458b54aa",
- "name": "email",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper",
- "consentRequired": false,
- "config": {
- "introspection.token.claim": "true",
- "userinfo.token.claim": "true",
- "user.attribute": "email",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "email",
- "jsonType.label": "String"
- }
- }
- ]
- }
- ],
- "defaultDefaultClientScopes": [
- "role_list",
- "profile",
- "email",
- "roles",
- "web-origins",
- "acr"
- ],
- "defaultOptionalClientScopes": [
- "offline_access",
- "address",
- "phone",
- "microprofile-jwt"
- ],
- "browserSecurityHeaders": {
- "contentSecurityPolicyReportOnly": "",
- "xContentTypeOptions": "nosniff",
- "referrerPolicy": "no-referrer",
- "xRobotsTag": "none",
- "xFrameOptions": "SAMEORIGIN",
- "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
- "xXSSProtection": "1; mode=block",
- "strictTransportSecurity": "max-age=31536000; includeSubDomains"
- },
- "smtpServer": {
- "password": "**********",
- "starttls": "true",
- "port": "25",
- "auth": "true",
- "host": "mail.infra.ozg-cloud.systems",
- "from": "dev-environment@ozg-cloud.de",
- "fromDisplayName": "OZG-Cloud (DEV)",
- "user": "ozg/ozg"
- },
- "eventsEnabled": false,
- "eventsListeners": [
- "jboss-logging"
- ],
- "enabledEventTypes": [],
- "adminEventsEnabled": false,
- "adminEventsDetailsEnabled": false,
- "identityProviders": [],
- "identityProviderMappers": [],
- "components": {
- "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [
- {
- "id": "8daa1dcc-b6ab-453a-945e-71811e690d9d",
- "name": "Full Scope Disabled",
- "providerId": "scope",
- "subType": "anonymous",
- "subComponents": {},
- "config": {}
- },
- {
- "id": "ed178d70-07ad-467e-9cb7-cfc8c80cb764",
- "name": "Max Clients Limit",
- "providerId": "max-clients",
- "subType": "anonymous",
- "subComponents": {},
- "config": {
- "max-clients": [
- "200"
- ]
- }
- },
- {
- "id": "c92466b5-9341-4d75-bcb5-ea604c861b44",
- "name": "Consent Required",
- "providerId": "consent-required",
- "subType": "anonymous",
- "subComponents": {},
- "config": {}
- },
- {
- "id": "3dcd64ed-7c20-41bb-a844-36ec59071619",
- "name": "Allowed Protocol Mapper Types",
- "providerId": "allowed-protocol-mappers",
- "subType": "authenticated",
- "subComponents": {},
- "config": {
- "allowed-protocol-mapper-types": [
- "saml-user-property-mapper",
- "oidc-address-mapper",
- "oidc-sha256-pairwise-sub-mapper",
- "oidc-full-name-mapper",
- "oidc-usermodel-attribute-mapper",
- "saml-role-list-mapper",
- "oidc-usermodel-property-mapper",
- "saml-user-attribute-mapper"
- ]
- }
- },
- {
- "id": "102a4da8-149f-4586-a51f-2844444d5436",
- "name": "Allowed Client Scopes",
- "providerId": "allowed-client-templates",
- "subType": "authenticated",
- "subComponents": {},
- "config": {
- "allow-default-scopes": [
- "true"
- ]
- }
- },
- {
- "id": "123e7c60-2563-428d-b5ce-68a5bdc419e2",
- "name": "Allowed Protocol Mapper Types",
- "providerId": "allowed-protocol-mappers",
- "subType": "anonymous",
- "subComponents": {},
- "config": {
- "allowed-protocol-mapper-types": [
- "oidc-full-name-mapper",
- "saml-user-property-mapper",
- "oidc-usermodel-property-mapper",
- "oidc-sha256-pairwise-sub-mapper",
- "oidc-usermodel-attribute-mapper",
- "saml-role-list-mapper",
- "saml-user-attribute-mapper",
- "oidc-address-mapper"
- ]
- }
- },
- {
- "id": "aa46e47e-8c52-44e1-9d4d-3796f00086b8",
- "name": "Allowed Client Scopes",
- "providerId": "allowed-client-templates",
- "subType": "anonymous",
- "subComponents": {},
- "config": {
- "allow-default-scopes": [
- "true"
- ]
- }
- },
- {
- "id": "52dca2ac-dd78-4f13-a51e-2a434249977b",
- "name": "Trusted Hosts",
- "providerId": "trusted-hosts",
- "subType": "anonymous",
- "subComponents": {},
- "config": {
- "host-sending-registration-request-must-match": [
- "true"
- ],
- "client-uris-must-match": [
- "true"
- ]
- }
- }
- ],
- "org.keycloak.userprofile.UserProfileProvider": [
- {
- "id": "a7b93275-16b4-434f-a9ba-8fa769851f14",
- "providerId": "declarative-user-profile",
- "subComponents": {},
- "config": {
- "kc.user.profile.config": [
- "{\"attributes\":[{\"name\":\"username\",\"displayName\":\"${username}\",\"validations\":{\"length\":{\"min\":3,\"max\":255},\"username-prohibited-characters\":{},\"up-username-not-idn-homograph\":{}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"email\",\"displayName\":\"${email}\",\"validations\":{\"email\":{},\"length\":{\"max\":255}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"firstName\",\"displayName\":\"${firstName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"lastName\",\"displayName\":\"${lastName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"ozgCloudUserId\",\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false}],\"groups\":[{\"name\":\"user-metadata\",\"displayHeader\":\"User metadata\",\"displayDescription\":\"Attributes, which refer to user metadata\"}],\"unmanagedAttributePolicy\":\"ENABLED\"}"
- ]
- }
- }
- ],
- "org.keycloak.keys.KeyProvider": [
- {
- "id": "a3528679-d57a-47d4-bcab-830855c25803",
- "name": "hmac-generated-hs512",
- "providerId": "hmac-generated",
- "subComponents": {},
- "config": {
- "priority": [
- "100"
- ],
- "algorithm": [
- "HS512"
- ]
- }
- },
- {
- "id": "1230a35b-825e-4b3c-9f39-c316d1f9d95f",
- "name": "rsa-enc-generated",
- "providerId": "rsa-enc-generated",
- "subComponents": {},
- "config": {
- "priority": [
- "100"
- ],
- "algorithm": [
- "RSA-OAEP"
- ]
- }
- },
- {
- "id": "08ffc487-a0dd-4989-81e0-f2491681b6a4",
- "name": "aes-generated",
- "providerId": "aes-generated",
- "subComponents": {},
- "config": {
- "priority": [
- "100"
- ]
- }
- },
- {
- "id": "b384dabc-cc3b-414e-81d4-dcf006560143",
- "name": "hmac-generated",
- "providerId": "hmac-generated",
- "subComponents": {},
- "config": {
- "priority": [
- "100"
- ],
- "algorithm": [
- "HS256"
- ]
- }
- },
- {
- "id": "a21ffc83-f617-4e7c-a622-c328b99a0ea0",
- "name": "rsa-generated",
- "providerId": "rsa-generated",
- "subComponents": {},
- "config": {
- "priority": [
- "100"
- ]
- }
- }
- ]
- },
- "internationalizationEnabled": true,
- "supportedLocales": [
- "de"
- ],
- "defaultLocale": "de",
- "authenticationFlows": [
- {
- "id": "ee87f4b5-e590-406e-b2e9-59f137068a67",
- "alias": "Account verification options",
- "description": "Method with which to verity the existing account",
- "providerId": "basic-flow",
- "topLevel": false,
- "builtIn": true,
- "authenticationExecutions": [
- {
- "authenticator": "idp-email-verification",
- "authenticatorFlow": false,
- "requirement": "ALTERNATIVE",
- "priority": 10,
- "autheticatorFlow": false,
- "userSetupAllowed": false
- },
- {
- "authenticatorFlow": true,
- "requirement": "ALTERNATIVE",
- "priority": 20,
- "autheticatorFlow": true,
- "flowAlias": "Verify Existing Account by Re-authentication",
- "userSetupAllowed": false
- }
- ]
- },
- {
- "id": "a6967f77-ebe3-4eb3-9fb9-6c0526e03a00",
- "alias": "Browser - Conditional OTP",
- "description": "Flow to determine if the OTP is required for the authentication",
- "providerId": "basic-flow",
- "topLevel": false,
- "builtIn": true,
- "authenticationExecutions": [
- {
- "authenticator": "conditional-user-configured",
- "authenticatorFlow": false,
- "requirement": "REQUIRED",
- "priority": 10,
- "autheticatorFlow": false,
- "userSetupAllowed": false
- },
- {
- "authenticator": "auth-otp-form",
- "authenticatorFlow": false,
- "requirement": "REQUIRED",
- "priority": 20,
- "autheticatorFlow": false,
- "userSetupAllowed": false
- }
- ]
- },
- {
- "id": "083b0a4f-f49a-4e65-8593-7e3ee9da47ce",
- "alias": "Direct Grant - Conditional OTP",
- "description": "Flow to determine if the OTP is required for the authentication",
- "providerId": "basic-flow",
- "topLevel": false,
- "builtIn": true,
- "authenticationExecutions": [
- {
- "authenticator": "conditional-user-configured",
- "authenticatorFlow": false,
- "requirement": "REQUIRED",
- "priority": 10,
- "autheticatorFlow": false,
- "userSetupAllowed": false
- },
- {
- "authenticator": "direct-grant-validate-otp",
- "authenticatorFlow": false,
- "requirement": "REQUIRED",
- "priority": 20,
- "autheticatorFlow": false,
- "userSetupAllowed": false
- }
- ]
- },
- {
- "id": "fdaa5db8-807c-4142-a9cd-07f2f5b26595",
- "alias": "First broker login - Conditional OTP",
- "description": "Flow to determine if the OTP is required for the authentication",
- "providerId": "basic-flow",
- "topLevel": false,
- "builtIn": true,
- "authenticationExecutions": [
- {
- "authenticator": "conditional-user-configured",
- "authenticatorFlow": false,
- "requirement": "REQUIRED",
- "priority": 10,
- "autheticatorFlow": false,
- "userSetupAllowed": false
- },
- {
- "authenticator": "auth-otp-form",
- "authenticatorFlow": false,
- "requirement": "REQUIRED",
- "priority": 20,
- "autheticatorFlow": false,
- "userSetupAllowed": false
- }
- ]
- },
- {
- "id": "ed32e60e-a92b-40fb-97f1-99efdeaf6a81",
- "alias": "Handle Existing Account",
- "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider",
- "providerId": "basic-flow",
- "topLevel": false,
- "builtIn": true,
- "authenticationExecutions": [
- {
- "authenticator": "idp-confirm-link",
- "authenticatorFlow": false,
- "requirement": "REQUIRED",
- "priority": 10,
- "autheticatorFlow": false,
- "userSetupAllowed": false
- },
- {
- "authenticatorFlow": true,
- "requirement": "REQUIRED",
- "priority": 20,
- "autheticatorFlow": true,
- "flowAlias": "Account verification options",
- "userSetupAllowed": false
- }
- ]
- },
- {
- "id": "56612650-1dc0-42fb-8f34-baa0d20e2fe5",
- "alias": "Reset - Conditional OTP",
- "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.",
- "providerId": "basic-flow",
- "topLevel": false,
- "builtIn": true,
- "authenticationExecutions": [
- {
- "authenticator": "conditional-user-configured",
- "authenticatorFlow": false,
- "requirement": "REQUIRED",
- "priority": 10,
- "autheticatorFlow": false,
- "userSetupAllowed": false
- },
- {
- "authenticator": "reset-otp",
- "authenticatorFlow": false,
- "requirement": "REQUIRED",
- "priority": 20,
- "autheticatorFlow": false,
- "userSetupAllowed": false
- }
- ]
- },
- {
- "id": "1c3fc4b4-78f2-47ad-9ae5-4faa77bcef08",
- "alias": "User creation or linking",
- "description": "Flow for the existing/non-existing user alternatives",
- "providerId": "basic-flow",
- "topLevel": false,
- "builtIn": true,
- "authenticationExecutions": [
- {
- "authenticatorConfig": "create unique user config",
- "authenticator": "idp-create-user-if-unique",
- "authenticatorFlow": false,
- "requirement": "ALTERNATIVE",
- "priority": 10,
- "autheticatorFlow": false,
- "userSetupAllowed": false
- },
- {
- "authenticatorFlow": true,
- "requirement": "ALTERNATIVE",
- "priority": 20,
- "autheticatorFlow": true,
- "flowAlias": "Handle Existing Account",
- "userSetupAllowed": false
- }
- ]
- },
- {
- "id": "e219a9a7-5c70-49cb-99ee-7a86006cf51d",
- "alias": "Verify Existing Account by Re-authentication",
- "description": "Reauthentication of existing account",
- "providerId": "basic-flow",
- "topLevel": false,
- "builtIn": true,
- "authenticationExecutions": [
- {
- "authenticator": "idp-username-password-form",
- "authenticatorFlow": false,
- "requirement": "REQUIRED",
- "priority": 10,
- "autheticatorFlow": false,
- "userSetupAllowed": false
- },
- {
- "authenticatorFlow": true,
- "requirement": "CONDITIONAL",
- "priority": 20,
- "autheticatorFlow": true,
- "flowAlias": "First broker login - Conditional OTP",
- "userSetupAllowed": false
- }
- ]
- },
- {
- "id": "1f465bda-6da1-485c-aa43-311e546681d1",
- "alias": "browser",
- "description": "browser based authentication",
- "providerId": "basic-flow",
- "topLevel": true,
- "builtIn": true,
- "authenticationExecutions": [
- {
- "authenticator": "auth-cookie",
- "authenticatorFlow": false,
- "requirement": "ALTERNATIVE",
- "priority": 10,
- "autheticatorFlow": false,
- "userSetupAllowed": false
- },
- {
- "authenticator": "auth-spnego",
- "authenticatorFlow": false,
- "requirement": "DISABLED",
- "priority": 20,
- "autheticatorFlow": false,
- "userSetupAllowed": false
- },
- {
- "authenticator": "identity-provider-redirector",
- "authenticatorFlow": false,
- "requirement": "ALTERNATIVE",
- "priority": 25,
- "autheticatorFlow": false,
- "userSetupAllowed": false
- },
- {
- "authenticatorFlow": true,
- "requirement": "ALTERNATIVE",
- "priority": 30,
- "autheticatorFlow": true,
- "flowAlias": "forms",
- "userSetupAllowed": false
- }
- ]
- },
- {
- "id": "d7814341-4ea9-4f1d-bb2c-adfa78ef095f",
- "alias": "clients",
- "description": "Base authentication for clients",
- "providerId": "client-flow",
- "topLevel": true,
- "builtIn": true,
- "authenticationExecutions": [
- {
- "authenticator": "client-secret",
- "authenticatorFlow": false,
- "requirement": "ALTERNATIVE",
- "priority": 10,
- "autheticatorFlow": false,
- "userSetupAllowed": false
- },
- {
- "authenticator": "client-jwt",
- "authenticatorFlow": false,
- "requirement": "ALTERNATIVE",
- "priority": 20,
- "autheticatorFlow": false,
- "userSetupAllowed": false
- },
- {
- "authenticator": "client-secret-jwt",
- "authenticatorFlow": false,
- "requirement": "ALTERNATIVE",
- "priority": 30,
- "autheticatorFlow": false,
- "userSetupAllowed": false
- },
- {
- "authenticator": "client-x509",
- "authenticatorFlow": false,
- "requirement": "ALTERNATIVE",
- "priority": 40,
- "autheticatorFlow": false,
- "userSetupAllowed": false
- }
- ]
- },
- {
- "id": "ffa28f72-9f28-4a14-bce9-8b9e44399cb7",
- "alias": "direct grant",
- "description": "OpenID Connect Resource Owner Grant",
- "providerId": "basic-flow",
- "topLevel": true,
- "builtIn": true,
- "authenticationExecutions": [
- {
- "authenticator": "direct-grant-validate-username",
- "authenticatorFlow": false,
- "requirement": "REQUIRED",
- "priority": 10,
- "autheticatorFlow": false,
- "userSetupAllowed": false
- },
- {
- "authenticator": "direct-grant-validate-password",
- "authenticatorFlow": false,
- "requirement": "REQUIRED",
- "priority": 20,
- "autheticatorFlow": false,
- "userSetupAllowed": false
- },
- {
- "authenticatorFlow": true,
- "requirement": "CONDITIONAL",
- "priority": 30,
- "autheticatorFlow": true,
- "flowAlias": "Direct Grant - Conditional OTP",
- "userSetupAllowed": false
- }
- ]
- },
- {
- "id": "e2f11c13-f6e0-4852-9449-6912a36f9296",
- "alias": "docker auth",
- "description": "Used by Docker clients to authenticate against the IDP",
- "providerId": "basic-flow",
- "topLevel": true,
- "builtIn": true,
- "authenticationExecutions": [
- {
- "authenticator": "docker-http-basic-authenticator",
- "authenticatorFlow": false,
- "requirement": "REQUIRED",
- "priority": 10,
- "autheticatorFlow": false,
- "userSetupAllowed": false
- }
- ]
- },
- {
- "id": "97ab627b-fce8-41f3-bdbd-ab287b399add",
- "alias": "first broker login",
- "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
- "providerId": "basic-flow",
- "topLevel": true,
- "builtIn": true,
- "authenticationExecutions": [
- {
- "authenticatorConfig": "review profile config",
- "authenticator": "idp-review-profile",
- "authenticatorFlow": false,
- "requirement": "REQUIRED",
- "priority": 10,
- "autheticatorFlow": false,
- "userSetupAllowed": false
- },
- {
- "authenticatorFlow": true,
- "requirement": "REQUIRED",
- "priority": 20,
- "autheticatorFlow": true,
- "flowAlias": "User creation or linking",
- "userSetupAllowed": false
- }
- ]
- },
- {
- "id": "5e88618f-4c9b-415a-80bc-c874192a898c",
- "alias": "forms",
- "description": "Username, password, otp and other auth forms.",
- "providerId": "basic-flow",
- "topLevel": false,
- "builtIn": true,
- "authenticationExecutions": [
- {
- "authenticator": "auth-username-password-form",
- "authenticatorFlow": false,
- "requirement": "REQUIRED",
- "priority": 10,
- "autheticatorFlow": false,
- "userSetupAllowed": false
- },
- {
- "authenticatorFlow": true,
- "requirement": "CONDITIONAL",
- "priority": 20,
- "autheticatorFlow": true,
- "flowAlias": "Browser - Conditional OTP",
- "userSetupAllowed": false
- }
- ]
- },
- {
- "id": "b048a6fe-31a4-4708-9505-0ce6c552c13b",
- "alias": "registration",
- "description": "registration flow",
- "providerId": "basic-flow",
- "topLevel": true,
- "builtIn": true,
- "authenticationExecutions": [
- {
- "authenticator": "registration-page-form",
- "authenticatorFlow": true,
- "requirement": "REQUIRED",
- "priority": 10,
- "autheticatorFlow": true,
- "flowAlias": "registration form",
- "userSetupAllowed": false
- }
- ]
- },
- {
- "id": "0257b806-81ab-44e4-a18a-89cb3d64cc76",
- "alias": "registration form",
- "description": "registration form",
- "providerId": "form-flow",
- "topLevel": false,
- "builtIn": true,
- "authenticationExecutions": [
- {
- "authenticator": "registration-user-creation",
- "authenticatorFlow": false,
- "requirement": "REQUIRED",
- "priority": 20,
- "autheticatorFlow": false,
- "userSetupAllowed": false
- },
- {
- "authenticator": "registration-password-action",
- "authenticatorFlow": false,
- "requirement": "REQUIRED",
- "priority": 50,
- "autheticatorFlow": false,
- "userSetupAllowed": false
- },
- {
- "authenticator": "registration-recaptcha-action",
- "authenticatorFlow": false,
- "requirement": "DISABLED",
- "priority": 60,
- "autheticatorFlow": false,
- "userSetupAllowed": false
- }
- ]
- },
- {
- "id": "d345f10b-2f00-4757-a970-a2a7394a0da1",
- "alias": "reset credentials",
- "description": "Reset credentials for a user if they forgot their password or something",
- "providerId": "basic-flow",
- "topLevel": true,
- "builtIn": true,
- "authenticationExecutions": [
- {
- "authenticator": "reset-credentials-choose-user",
- "authenticatorFlow": false,
- "requirement": "REQUIRED",
- "priority": 10,
- "autheticatorFlow": false,
- "userSetupAllowed": false
- },
- {
- "authenticator": "reset-credential-email",
- "authenticatorFlow": false,
- "requirement": "REQUIRED",
- "priority": 20,
- "autheticatorFlow": false,
- "userSetupAllowed": false
- },
- {
- "authenticator": "reset-password",
- "authenticatorFlow": false,
- "requirement": "REQUIRED",
- "priority": 30,
- "autheticatorFlow": false,
- "userSetupAllowed": false
- },
- {
- "authenticatorFlow": true,
- "requirement": "CONDITIONAL",
- "priority": 40,
- "autheticatorFlow": true,
- "flowAlias": "Reset - Conditional OTP",
- "userSetupAllowed": false
- }
- ]
- },
- {
- "id": "5a15525b-1579-49b3-8eda-640dc39ccc4b",
- "alias": "saml ecp",
- "description": "SAML ECP Profile Authentication Flow",
- "providerId": "basic-flow",
- "topLevel": true,
- "builtIn": true,
- "authenticationExecutions": [
- {
- "authenticator": "http-basic-authenticator",
- "authenticatorFlow": false,
- "requirement": "REQUIRED",
- "priority": 10,
- "autheticatorFlow": false,
- "userSetupAllowed": false
- }
- ]
- }
- ],
- "authenticatorConfig": [
- {
- "id": "8a604d6e-5a1f-49ee-93d6-45baa0e86d23",
- "alias": "create unique user config",
- "config": {
- "require.password.update.after.registration": "false"
- }
- },
- {
- "id": "9d156e3a-fb6d-4ebc-9911-9419d8f69312",
- "alias": "review profile config",
- "config": {
- "update.profile.on.first.login": "missing"
- }
- }
- ],
- "requiredActions": [
- {
- "alias": "CONFIGURE_TOTP",
- "name": "Configure OTP",
- "providerId": "CONFIGURE_TOTP",
- "enabled": true,
- "defaultAction": false,
- "priority": 10,
- "config": {}
- },
- {
- "alias": "TERMS_AND_CONDITIONS",
- "name": "Terms and Conditions",
- "providerId": "TERMS_AND_CONDITIONS",
- "enabled": false,
- "defaultAction": false,
- "priority": 20,
- "config": {}
- },
- {
- "alias": "UPDATE_PASSWORD",
- "name": "Update Password",
- "providerId": "UPDATE_PASSWORD",
- "enabled": true,
- "defaultAction": false,
- "priority": 30,
- "config": {}
- },
- {
- "alias": "UPDATE_PROFILE",
- "name": "Update Profile",
- "providerId": "UPDATE_PROFILE",
- "enabled": true,
- "defaultAction": false,
- "priority": 40,
- "config": {}
- },
- {
- "alias": "VERIFY_EMAIL",
- "name": "Verify Email",
- "providerId": "VERIFY_EMAIL",
- "enabled": true,
- "defaultAction": false,
- "priority": 50,
- "config": {}
- },
- {
- "alias": "delete_account",
- "name": "Delete Account",
- "providerId": "delete_account",
- "enabled": false,
- "defaultAction": false,
- "priority": 60,
- "config": {}
- },
- {
- "alias": "webauthn-register",
- "name": "Webauthn Register",
- "providerId": "webauthn-register",
- "enabled": true,
- "defaultAction": false,
- "priority": 70,
- "config": {}
- },
- {
- "alias": "webauthn-register-passwordless",
- "name": "Webauthn Register Passwordless",
- "providerId": "webauthn-register-passwordless",
- "enabled": true,
- "defaultAction": false,
- "priority": 80,
- "config": {}
- },
- {
- "alias": "delete_credential",
- "name": "Delete Credential",
- "providerId": "delete_credential",
- "enabled": true,
- "defaultAction": false,
- "priority": 100,
- "config": {}
- },
- {
- "alias": "update_user_locale",
- "name": "Update User Locale",
- "providerId": "update_user_locale",
- "enabled": true,
- "defaultAction": false,
- "priority": 1000,
- "config": {}
- }
- ],
- "browserFlow": "browser",
- "registrationFlow": "registration",
- "directGrantFlow": "direct grant",
- "resetCredentialsFlow": "reset credentials",
- "clientAuthenticationFlow": "clients",
- "dockerAuthenticationFlow": "docker auth",
- "firstBrokerLoginFlow": "first broker login",
- "attributes": {
- "cibaBackchannelTokenDeliveryMode": "poll",
- "cibaAuthRequestedUserHint": "login_hint",
- "oauth2DevicePollingInterval": "5",
- "clientOfflineSessionMaxLifespan": "0",
- "clientSessionIdleTimeout": "0",
- "clientOfflineSessionIdleTimeout": "0",
- "cibaInterval": "5",
- "realmReusableOtpCode": "false",
- "cibaExpiresIn": "120",
- "oauth2DeviceCodeLifespan": "600",
- "parRequestUriLifespan": "60",
- "clientSessionMaxLifespan": "0",
- "frontendUrl": "",
- "acr.loa.map": "{}"
- },
- "keycloakVersion": "24.0.5",
- "userManagedAccessAllowed": false,
- "clientProfiles": {
- "profiles": []
- },
- "clientPolicies": {
- "policies": []
- }
-}
\ No newline at end of file