diff --git a/user-manager-server/pom.xml b/user-manager-server/pom.xml
index 63bbe52e7ae5caf94d153c345016644a37ff252e..4390f334b03710f1fecf10683d65d1297d2eaefb 100644
--- a/user-manager-server/pom.xml
+++ b/user-manager-server/pom.xml
@@ -1,30 +1,29 @@
<?xml version="1.0"?>
<!--
-
- Copyright (C) 2022 Das Land Schleswig-Holstein vertreten durch den
- Ministerpräsidenten des Landes Schleswig-Holstein
- Staatskanzlei
- Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
-
- Lizenziert unter der EUPL, Version 1.2 oder - sobald
- diese von der Europäischen Kommission genehmigt wurden -
- Folgeversionen der EUPL ("Lizenz");
- Sie dürfen dieses Werk ausschließlich gemäß
- dieser Lizenz nutzen.
- Eine Kopie der Lizenz finden Sie hier:
-
- https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
-
- Sofern nicht durch anwendbare Rechtsvorschriften
- gefordert oder in schriftlicher Form vereinbart, wird
- die unter der Lizenz verbreitete Software "so wie sie
- ist", OHNE JEGLICHE GEWÄHRLEISTUNG ODER BEDINGUNGEN -
- ausdrücklich oder stillschweigend - verbreitet.
- Die sprachspezifischen Genehmigungen und Beschränkungen
- unter der Lizenz sind dem Lizenztext zu entnehmen.
-
--->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+ ~ Copyright (c) 2022-2024. Das Land Schleswig-Holstein vertreten durch den
+ ~ Ministerpräsidenten des Landes Schleswig-Holstein
+ ~ Staatskanzlei
+ ~ Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
+ ~
+ ~ Lizenziert unter der EUPL, Version 1.2 oder - sobald
+ ~ diese von der Europäischen Kommission genehmigt wurden -
+ ~ Folgeversionen der EUPL ("Lizenz");
+ ~ Sie dürfen dieses Werk ausschließlich gemäß
+ ~ dieser Lizenz nutzen.
+ ~ Eine Kopie der Lizenz finden Sie hier:
+ ~
+ ~ https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
+ ~
+ ~ Sofern nicht durch anwendbare Rechtsvorschriften
+ ~ gefordert oder in schriftlicher Form vereinbart, wird
+ ~ die unter der Lizenz verbreitete Software "so wie sie
+ ~ ist", OHNE JEGLICHE GEWÄHRLEISTUNG ODER BEDINGUNGEN -
+ ~ ausdrücklich oder stillschweigend - verbreitet.
+ ~ Die sprachspezifischen Genehmigungen und Beschränkungen
+ ~ unter der Lizenz sind dem Lizenztext zu entnehmen.
+ -->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
@@ -41,11 +40,11 @@
</properties>
<dependencies>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-admin-client</artifactId>
- <version>24.0.5</version>
- </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-admin-client</artifactId>
+ <version>24.0.5</version>
+ </dependency>
<dependency>
<groupId>de.ozgcloud.user</groupId>
<artifactId>user-manager-interface</artifactId>
@@ -239,6 +238,11 @@
<artifactId>mockito-junit-jupiter</artifactId>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>com.github.dasniko</groupId>
+ <artifactId>testcontainers-keycloak</artifactId>
+ <version>3.1.0</version>
+ </dependency>
</dependencies>
<build>
@@ -320,7 +324,8 @@
</goals>
<configuration>
<systemPropertyVariables>
- <native.image.path>${project.build.directory}/${project.build.finalName}-runner</native.image.path>
+ <native.image.path>${project.build.directory}/${project.build.finalName}-runner
+ </native.image.path>
<java.util.logging.manager>org.jboss.logmanager.LogManager</java.util.logging.manager>
<maven.home>${maven.home}</maven.home>
</systemPropertyVariables>
diff --git a/user-manager-server/src/main/java/de/ozgcloud/user/UserService.java b/user-manager-server/src/main/java/de/ozgcloud/user/UserService.java
index b3ec71cd83f23369acf075fcb09e087bad98e5f8..39cb377cf1aacab074da8b781f958d0b93dea88d 100644
--- a/user-manager-server/src/main/java/de/ozgcloud/user/UserService.java
+++ b/user-manager-server/src/main/java/de/ozgcloud/user/UserService.java
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2022 Das Land Schleswig-Holstein vertreten durch den
+ * Copyright (c) 2022-2024. Das Land Schleswig-Holstein vertreten durch den
* Ministerpräsidenten des Landes Schleswig-Holstein
* Staatskanzlei
* Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
@@ -31,10 +31,10 @@ import jakarta.enterprise.context.ApplicationScoped;
import org.apache.commons.lang3.StringUtils;
-import de.ozgcloud.common.logging.OzgCloudLogging;
import de.ozgcloud.user.common.errorhandling.FunctionalException;
import de.ozgcloud.user.common.errorhandling.ResourceNotFoundException;
import de.ozgcloud.user.common.errorhandling.TechnicalException;
+import de.ozgcloud.user.common.logging.OzgCloudLogging;
import de.ozgcloud.user.keycloak.KeycloakUserRemoteService;
import de.ozgcloud.user.settings.UserSettings;
import io.smallrye.mutiny.Uni;
@@ -53,7 +53,7 @@ public class UserService {
public User save(User user) {
findUser(user).ifPresentOrElse(persistedUser -> repository.updateUser(addIdUser(user, persistedUser)),
- () -> saveNewUser(user));
+ () -> saveNewUser(user));
return repository.refresh(user);
}
@@ -71,10 +71,10 @@ public class UserService {
public Stream<User> findActiveUsers(FindUserProfilesQuery query) {
if (StringUtils.isNotBlank(query.getOrganisationsEinheitId())) {
return repository.findUsersByDeletedAndOrganisationsEinheitId(
- query.getSearchBy(),
- false,
- query.getOrganisationsEinheitId(),
- query.getLimit());
+ query.getSearchBy(),
+ false,
+ query.getOrganisationsEinheitId(),
+ query.getLimit());
}
return repository.findUsersByDeleted(query.getSearchBy(), false, query.getLimit());
}
@@ -82,10 +82,10 @@ public class UserService {
public Stream<User> findInactiveUsers(FindUserProfilesQuery query) {
if (StringUtils.isNotBlank(query.getOrganisationsEinheitId())) {
return repository.findUsersByDeletedAndOrganisationsEinheitId(
- query.getSearchBy(),
- true,
- query.getOrganisationsEinheitId(),
- query.getLimit());
+ query.getSearchBy(),
+ true,
+ query.getOrganisationsEinheitId(),
+ query.getLimit());
}
return repository.findUsersByDeleted(query.getSearchBy(), true, query.getLimit());
}
@@ -115,8 +115,8 @@ public class UserService {
public User findByExternalId(String externalId) {
return repository.findByKeycloakId(externalId)
- .or(() -> findInKeycloakAndSave(externalId))
- .orElseThrow(() -> new ResourceNotFoundException(User.class, externalId));
+ .or(() -> findInKeycloakAndSave(externalId))
+ .orElseThrow(() -> new ResourceNotFoundException(User.class, externalId));
}
private Optional<User> findInKeycloakAndSave(String externalId) {
@@ -126,10 +126,10 @@ public class UserService {
public User saveAndSync(User user) {
var saved = save(user);
Uni.createFrom()
- .item(user)
- .runSubscriptionOn(Infrastructure.getDefaultWorkerPool())
- .subscribe()
- .with(u -> keycloakUserRemoteService.updateOzgCloudUserId(saved));
+ .item(user)
+ .runSubscriptionOn(Infrastructure.getDefaultWorkerPool())
+ .subscribe()
+ .with(u -> keycloakUserRemoteService.updateOzgCloudUserId(saved));
return saved;
}
@@ -155,4 +155,5 @@ public class UserService {
}
return repository.findAllActiveByOrganisationsEinheitId(organisationsEinheitId);
}
+
}
\ No newline at end of file
diff --git a/user-manager-server/src/main/java/de/ozgcloud/user/common/logging/OzgCloudLogging.java b/user-manager-server/src/main/java/de/ozgcloud/user/common/logging/OzgCloudLogging.java
new file mode 100644
index 0000000000000000000000000000000000000000..d70dc9fa08e6bed81ebb3de992bda66d807a9fc0
--- /dev/null
+++ b/user-manager-server/src/main/java/de/ozgcloud/user/common/logging/OzgCloudLogging.java
@@ -0,0 +1,41 @@
+/*
+ * Copyright (c) 2024. Das Land Schleswig-Holstein vertreten durch den
+ * Ministerpräsidenten des Landes Schleswig-Holstein
+ * Staatskanzlei
+ * Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
+ *
+ * Lizenziert unter der EUPL, Version 1.2 oder - sobald
+ * diese von der Europäischen Kommission genehmigt wurden -
+ * Folgeversionen der EUPL ("Lizenz");
+ * Sie dürfen dieses Werk ausschließlich gemäß
+ * dieser Lizenz nutzen.
+ * Eine Kopie der Lizenz finden Sie hier:
+ *
+ * https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
+ *
+ * Sofern nicht durch anwendbare Rechtsvorschriften
+ * gefordert oder in schriftlicher Form vereinbart, wird
+ * die unter der Lizenz verbreitete Software "so wie sie
+ * ist", OHNE JEGLICHE GEWÄHRLEISTUNG ODER BEDINGUNGEN -
+ * ausdrücklich oder stillschweigend - verbreitet.
+ * Die sprachspezifischen Genehmigungen und Beschränkungen
+ * unter der Lizenz sind dem Lizenztext zu entnehmen.
+ */
+package de.ozgcloud.user.common.logging;
+
+import static java.lang.annotation.ElementType.*;
+import static java.lang.annotation.RetentionPolicy.*;
+
+import java.lang.annotation.Documented;
+import java.lang.annotation.Retention;
+import java.lang.annotation.Target;
+
+import jakarta.interceptor.InterceptorBinding;
+
+@Target({ TYPE, METHOD })
+@Retention(RUNTIME)
+@Documented
+@InterceptorBinding
+public @interface OzgCloudLogging {
+
+}
diff --git a/user-manager-server/src/main/java/de/ozgcloud/user/common/logging/OzgCloudLoggingInterceptor.java b/user-manager-server/src/main/java/de/ozgcloud/user/common/logging/OzgCloudLoggingInterceptor.java
new file mode 100644
index 0000000000000000000000000000000000000000..393e4c172fb74cd6f681ecad970732523c28816f
--- /dev/null
+++ b/user-manager-server/src/main/java/de/ozgcloud/user/common/logging/OzgCloudLoggingInterceptor.java
@@ -0,0 +1,53 @@
+/*
+ * Copyright (c) 2024. Das Land Schleswig-Holstein vertreten durch den
+ * Ministerpräsidenten des Landes Schleswig-Holstein
+ * Staatskanzlei
+ * Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
+ *
+ * Lizenziert unter der EUPL, Version 1.2 oder - sobald
+ * diese von der Europäischen Kommission genehmigt wurden -
+ * Folgeversionen der EUPL ("Lizenz");
+ * Sie dürfen dieses Werk ausschließlich gemäß
+ * dieser Lizenz nutzen.
+ * Eine Kopie der Lizenz finden Sie hier:
+ *
+ * https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
+ *
+ * Sofern nicht durch anwendbare Rechtsvorschriften
+ * gefordert oder in schriftlicher Form vereinbart, wird
+ * die unter der Lizenz verbreitete Software "so wie sie
+ * ist", OHNE JEGLICHE GEWÄHRLEISTUNG ODER BEDINGUNGEN -
+ * ausdrücklich oder stillschweigend - verbreitet.
+ * Die sprachspezifischen Genehmigungen und Beschränkungen
+ * unter der Lizenz sind dem Lizenztext zu entnehmen.
+ */
+package de.ozgcloud.user.common.logging;
+
+import jakarta.annotation.Priority;
+import jakarta.interceptor.AroundInvoke;
+import jakarta.interceptor.Interceptor;
+import jakarta.interceptor.InvocationContext;
+
+import de.ozgcloud.common.logging.AspectLoggingUtils;
+
+@OzgCloudLogging
+@Priority(10)
+@Interceptor
+public class OzgCloudLoggingInterceptor {
+
+ @AroundInvoke
+ Object logging(InvocationContext context) throws Exception {
+ try {
+ AspectLoggingUtils.log(context);
+
+ var nextChainMethod = context.proceed();
+
+ AspectLoggingUtils.logReturnValue(context, nextChainMethod);
+ return nextChainMethod;
+ } catch (Exception e) {
+ AspectLoggingUtils.logException(context, e);
+ throw e;
+ }
+ }
+
+}
\ No newline at end of file
diff --git a/user-manager-server/src/main/java/de/ozgcloud/user/keycloak/KeycloakApiService.java b/user-manager-server/src/main/java/de/ozgcloud/user/keycloak/KeycloakApiService.java
index 5855bd35e91611282b3e279b313024a474132d38..12619d9bf446b24bf72faadbbcd08679ad474c13 100644
--- a/user-manager-server/src/main/java/de/ozgcloud/user/keycloak/KeycloakApiService.java
+++ b/user-manager-server/src/main/java/de/ozgcloud/user/keycloak/KeycloakApiService.java
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2022 Das Land Schleswig-Holstein vertreten durch den
+ * Copyright (c) 2022-2024. Das Land Schleswig-Holstein vertreten durch den
* Ministerpräsidenten des Landes Schleswig-Holstein
* Staatskanzlei
* Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
@@ -29,23 +29,24 @@ import java.util.function.Supplier;
import java.util.stream.Stream;
import java.util.stream.StreamSupport;
+import jakarta.enterprise.context.ApplicationScoped;
+import jakarta.inject.Inject;
+import jakarta.ws.rs.BadRequestException;
+import jakarta.ws.rs.ClientErrorException;
+import jakarta.ws.rs.NotFoundException;
+import jakarta.ws.rs.ProcessingException;
+
import org.apache.commons.lang3.ObjectUtils;
import org.eclipse.microprofile.config.inject.ConfigProperty;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.admin.client.resource.UserResource;
import org.keycloak.representations.idm.UserRepresentation;
-import de.ozgcloud.common.logging.OzgCloudLogging;
import de.ozgcloud.user.RemoteUserIterator;
import de.ozgcloud.user.User;
import de.ozgcloud.user.UserResourceMapper;
import de.ozgcloud.user.common.errorhandling.KeycloakUnavailableException;
-import jakarta.enterprise.context.ApplicationScoped;
-import jakarta.inject.Inject;
-import jakarta.ws.rs.BadRequestException;
-import jakarta.ws.rs.ClientErrorException;
-import jakarta.ws.rs.NotFoundException;
-import jakarta.ws.rs.ProcessingException;
+import de.ozgcloud.user.common.logging.OzgCloudLogging;
import lombok.extern.log4j.Log4j2;
@ApplicationScoped
@@ -113,4 +114,5 @@ class KeycloakApiService {
LOG.warn("Could not update user attribute {} in Keycloak.", attributeName, e);
}
}
+
}
\ No newline at end of file
diff --git a/user-manager-server/src/main/java/de/ozgcloud/user/keycloak/KeycloakUserRemoteService.java b/user-manager-server/src/main/java/de/ozgcloud/user/keycloak/KeycloakUserRemoteService.java
index 555b33c141b6d1b097db972028e25248bf9eeb68..d0c97f7fa2a312165887347c648e36e9405d0279 100644
--- a/user-manager-server/src/main/java/de/ozgcloud/user/keycloak/KeycloakUserRemoteService.java
+++ b/user-manager-server/src/main/java/de/ozgcloud/user/keycloak/KeycloakUserRemoteService.java
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2022 Das Land Schleswig-Holstein vertreten durch den
+ * Copyright (c) 2024. Das Land Schleswig-Holstein vertreten durch den
* Ministerpräsidenten des Landes Schleswig-Holstein
* Staatskanzlei
* Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
@@ -26,16 +26,17 @@ package de.ozgcloud.user.keycloak;
import java.util.Optional;
import java.util.stream.Stream;
-import de.ozgcloud.common.logging.OzgCloudLogging;
-import de.ozgcloud.user.User;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;
+import de.ozgcloud.user.User;
+import de.ozgcloud.user.common.logging.OzgCloudLogging;
+
@ApplicationScoped
@OzgCloudLogging
public class KeycloakUserRemoteService {
- static final String ATTRIBUTE_NAME_OZG_CLOUD_USER_ID = "ozgCloudUserId";
+ public static final String ATTRIBUTE_NAME_OZG_CLOUD_USER_ID = "ozgCloudUserId";
@Inject
KeycloakApiService apiService;
@@ -51,4 +52,5 @@ public class KeycloakUserRemoteService {
public Optional<User> findUserById(String id) {
return apiService.findUserById(id);
}
+
}
\ No newline at end of file
diff --git a/user-manager-server/src/main/java/de/ozgcloud/user/organisationseinheit/OrganisationsEinheitService.java b/user-manager-server/src/main/java/de/ozgcloud/user/organisationseinheit/OrganisationsEinheitService.java
index bf096522d044ba6afd27d536e3d786e80a3039c4..f2590f54ce0436741927082e0d5b078174c8e825 100644
--- a/user-manager-server/src/main/java/de/ozgcloud/user/organisationseinheit/OrganisationsEinheitService.java
+++ b/user-manager-server/src/main/java/de/ozgcloud/user/organisationseinheit/OrganisationsEinheitService.java
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2023 Das Land Schleswig-Holstein vertreten durch den
+ * Copyright (c) 2023-2024. Das Land Schleswig-Holstein vertreten durch den
* Ministerpräsidenten des Landes Schleswig-Holstein
* Staatskanzlei
* Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
@@ -28,6 +28,9 @@ import java.util.Collection;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;
+import de.ozgcloud.user.common.logging.OzgCloudLogging;
+
+@OzgCloudLogging
@ApplicationScoped
class OrganisationsEinheitService {
@@ -37,4 +40,5 @@ class OrganisationsEinheitService {
public Collection<String> findAllOrganisationsEinheitIds() {
return repository.findAllOrganisationsEinheitIds();
}
+
}
diff --git a/user-manager-server/src/main/java/de/ozgcloud/user/settings/UserSettingsService.java b/user-manager-server/src/main/java/de/ozgcloud/user/settings/UserSettingsService.java
index d7aa65b6ecb7546f5a70a42555e417124dcd8a46..aa308ed0e60f113e50776df3e13224f7fcf6bbf1 100644
--- a/user-manager-server/src/main/java/de/ozgcloud/user/settings/UserSettingsService.java
+++ b/user-manager-server/src/main/java/de/ozgcloud/user/settings/UserSettingsService.java
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2022 Das Land Schleswig-Holstein vertreten durch den
+ * Copyright (c) 2022-2024. Das Land Schleswig-Holstein vertreten durch den
* Ministerpräsidenten des Landes Schleswig-Holstein
* Staatskanzlei
* Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
@@ -30,7 +30,9 @@ import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;
import de.ozgcloud.user.UserService;
+import de.ozgcloud.user.common.logging.OzgCloudLogging;
+@OzgCloudLogging
@ApplicationScoped
class UserSettingsService {
@@ -58,4 +60,5 @@ class UserSettingsService {
private UserSettings buildInitialUserSettings() {
return UserSettings.builder().notificationsSendFor(NotificationsSendFor.NONE).build();
}
+
}
diff --git a/user-manager-server/src/main/java/de/ozgcloud/user/sync/SyncService.java b/user-manager-server/src/main/java/de/ozgcloud/user/sync/SyncService.java
index 498cde4566d1679d0f6ade9aa89ad8c9d5c22129..cab23cf7c314b7e90ac100ada5fb0e3d866eafc4 100644
--- a/user-manager-server/src/main/java/de/ozgcloud/user/sync/SyncService.java
+++ b/user-manager-server/src/main/java/de/ozgcloud/user/sync/SyncService.java
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2022-2023 Das Land Schleswig-Holstein vertreten durch den
+ * Copyright (c) 2022-2024. Das Land Schleswig-Holstein vertreten durch den
* Ministerpräsidenten des Landes Schleswig-Holstein
* Staatskanzlei
* Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
@@ -25,14 +25,15 @@ package de.ozgcloud.user.sync;
import java.util.function.Predicate;
+import jakarta.enterprise.context.ApplicationScoped;
+import jakarta.inject.Inject;
+
import org.apache.commons.collections4.CollectionUtils;
-import de.ozgcloud.common.logging.OzgCloudLogging;
import de.ozgcloud.user.User;
import de.ozgcloud.user.UserService;
+import de.ozgcloud.user.common.logging.OzgCloudLogging;
import de.ozgcloud.user.keycloak.KeycloakUserRemoteService;
-import jakarta.enterprise.context.ApplicationScoped;
-import jakarta.inject.Inject;
@ApplicationScoped
@OzgCloudLogging
@@ -47,8 +48,8 @@ class SyncService {
void sync(long syncTimestamp) {
keycloakService.getAllUsers()
- .filter(HAS_ANY_ROLE)
- .forEach(user -> userService.saveAndSync(addLastSyncTimestamp(user, syncTimestamp)));
+ .filter(HAS_ANY_ROLE)
+ .forEach(user -> userService.saveAndSync(addLastSyncTimestamp(user, syncTimestamp)));
userService.markUnsyncedUsersAsDeleted(syncTimestamp);
}
diff --git a/user-manager-server/src/test/java/de/ozgcloud/user/keycloak/KeycloakTestProfile.java b/user-manager-server/src/test/java/de/ozgcloud/user/keycloak/KeycloakTestProfile.java
index 847849343657d89b3841b4348be7173a2d6518ff..e1b8eac4bf94cc6f9b66e9ada41935a7e10bb1d1 100644
--- a/user-manager-server/src/test/java/de/ozgcloud/user/keycloak/KeycloakTestProfile.java
+++ b/user-manager-server/src/test/java/de/ozgcloud/user/keycloak/KeycloakTestProfile.java
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2022 Das Land Schleswig-Holstein vertreten durch den
+ * Copyright (c) 2024. Das Land Schleswig-Holstein vertreten durch den
* Ministerpräsidenten des Landes Schleswig-Holstein
* Staatskanzlei
* Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
@@ -25,27 +25,27 @@ package de.ozgcloud.user.keycloak;
import java.util.Map;
+import dasniko.testcontainers.keycloak.KeycloakContainer;
import io.quarkus.test.junit.QuarkusTestProfile;
public class KeycloakTestProfile implements QuarkusTestProfile {
- private final String userKey = "ozgcloud.keycloak.api.user";
- private final String userValue = "userManagerApiUser";
+ private final KeycloakContainer keycloak;
- private final String passwordKey = "ozgcloud.keycloak.api.password";
- private final String passwordValue = "hlc_j1I1Ji0trC0";
-
- private final String realmKey = "ozgcloud.keycloak.api.realm";
- private final String realmValue = "by-kiel-dev";
-
- private final String urlKey = "keycloak.url";
- private final String urlValue = "https://sso.dev.by.ozg-cloud.de";
+ public KeycloakTestProfile() {
+ keycloak = new KeycloakContainer("quay.io/keycloak/keycloak:24.0.5")
+ .withEnv(Map.of("KEYCLOAK_ADMIN", "admin", "KEYCLOAK_ADMIN_PASSWORD", "admin"))
+ .withRealmImportFile("keycloak/realm-export.json");
+ keycloak.start();
+ }
@Override
public Map<String, String> getConfigOverrides() {
- return Map.of(userKey, userValue,
- passwordKey, passwordValue,
- realmKey, realmValue,
- urlKey, urlValue);
+ return Map.of(
+ "ozgcloud.keycloak.api.password", "administrationApiUser",
+ "ozgcloud.keycloak.api.user", "administrationApiUser",
+ "ozgcloud.keycloak.api.realm", "by-kiel-dev",
+ "keycloak.url", keycloak.getAuthServerUrl());
}
+
}
\ No newline at end of file
diff --git a/user-manager-server/src/test/java/de/ozgcloud/user/keycloak/KeycloakUserRemoteServiceITCase.java b/user-manager-server/src/test/java/de/ozgcloud/user/keycloak/KeycloakUserRemoteServiceITCase.java
index 75bd03fd37279a22afefab4779655924ae1c3833..b175008ee28bf1e760c201231797534e6c8c63c6 100644
--- a/user-manager-server/src/test/java/de/ozgcloud/user/keycloak/KeycloakUserRemoteServiceITCase.java
+++ b/user-manager-server/src/test/java/de/ozgcloud/user/keycloak/KeycloakUserRemoteServiceITCase.java
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2022 Das Land Schleswig-Holstein vertreten durch den
+ * Copyright (c) 2024. Das Land Schleswig-Holstein vertreten durch den
* Ministerpräsidenten des Landes Schleswig-Holstein
* Staatskanzlei
* Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
@@ -23,21 +23,39 @@
*/
package de.ozgcloud.user.keycloak;
+import static de.ozgcloud.user.keycloak.KeycloakUserRemoteService.*;
+import static org.assertj.core.api.Assertions.*;
import static org.mockito.Mockito.*;
+import java.util.List;
+
+import jakarta.inject.Inject;
+
+import org.bson.types.ObjectId;
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.MethodOrderer;
+import org.junit.jupiter.api.Nested;
+import org.junit.jupiter.api.Order;
import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.TestMethodOrder;
+import org.keycloak.admin.client.resource.RealmResource;
-import io.quarkus.test.InjectMock;
+import de.ozgcloud.user.User;
+import de.ozgcloud.user.UserTestFactory;
import io.quarkus.test.junit.QuarkusTest;
+import io.quarkus.test.junit.TestProfile;
import io.quarkus.test.junit.mockito.InjectSpy;
@QuarkusTest
+@TestProfile(KeycloakTestProfile.class)
class KeycloakUserRemoteServiceITCase {
@InjectSpy
KeycloakUserRemoteService service;
- @InjectMock
+ @InjectSpy
KeycloakApiService apiService;
+ @Inject
+ RealmResource realmResource;
@Test
void shouldCallGetAllUsers() {
@@ -45,4 +63,57 @@ class KeycloakUserRemoteServiceITCase {
verify(apiService).findAllUser();
}
+
+ @Nested
+ @TestMethodOrder(MethodOrderer.OrderAnnotation.class)
+ class TestUpdateOzgCloudUserId {
+
+ private static final String KEYCLOAK_USER_ID = "90748555-7894-4854-8292-1f6106826962";
+
+ @DisplayName("Set ozgCloudUserId attribute in keycloak on new user")
+ @Test
+ @Order(1)
+ void shouldSetOzgCloudUserId() {
+ User user = prepareUser();
+ service.updateOzgCloudUserId(user);
+
+ var ozgCloudUserId = getOzgCloudUserIdFromKeycloak();
+
+ assertThat(user.getId().toString()).isEqualTo(ozgCloudUserId);
+ }
+
+ @DisplayName("Update ozgCloudUserId attribute in keycloak on existing user")
+ @Test
+ @Order(2)
+ void shouldUpdateOzgCloudUserId() {
+ var oldCloudUserId = getOzgCloudUserIdFromKeycloak();
+ service.updateOzgCloudUserId(prepareUser());
+
+ var newCloudUserId = getOzgCloudUserIdFromKeycloak();
+
+ assertThat(oldCloudUserId).isNotEqualTo(newCloudUserId);
+ }
+
+ private User prepareUser() {
+ return UserTestFactory.createBuilder()
+ .id(new ObjectId())
+ .externalId(KEYCLOAK_USER_ID)
+ .keycloakUserId(KEYCLOAK_USER_ID)
+ .email("dorothea@test.local")
+ .firstName("Dorothea")
+ .lastName("Doe")
+ .fullName("Dorothea Doe")
+ .fullNameReversed("Doe Dorothea")
+ .username("dorothea")
+ .organisationsEinheitIds(List.of("248240886", "9030229", "10363455"))
+ .build();
+ }
+
+ private String getOzgCloudUserIdFromKeycloak() {
+ var userResource = realmResource.users().get(KEYCLOAK_USER_ID);
+ return userResource.toRepresentation().getAttributes().get(ATTRIBUTE_NAME_OZG_CLOUD_USER_ID).getFirst();
+ }
+
+ }
+
}
\ No newline at end of file
diff --git a/user-manager-server/src/test/resources/keycloak/realm-export.json b/user-manager-server/src/test/resources/keycloak/realm-export.json
new file mode 100755
index 0000000000000000000000000000000000000000..570206097ccd6e220f94da720c8d35cce979873f
--- /dev/null
+++ b/user-manager-server/src/test/resources/keycloak/realm-export.json
@@ -0,0 +1,2640 @@
+{
+ "id": "9fb3dc08-9cca-427a-b662-e15bbbaf8d41",
+ "realm": "by-kiel-dev",
+ "displayName": "Realm für Kiel (dev)",
+ "displayNameHtml": "",
+ "notBefore": 0,
+ "defaultSignatureAlgorithm": "RS256",
+ "revokeRefreshToken": false,
+ "refreshTokenMaxReuse": 0,
+ "accessTokenLifespan": 300,
+ "accessTokenLifespanForImplicitFlow": 900,
+ "ssoSessionIdleTimeout": 1800,
+ "ssoSessionMaxLifespan": 36000,
+ "ssoSessionIdleTimeoutRememberMe": 0,
+ "ssoSessionMaxLifespanRememberMe": 0,
+ "offlineSessionIdleTimeout": 2592000,
+ "offlineSessionMaxLifespanEnabled": false,
+ "offlineSessionMaxLifespan": 5184000,
+ "clientSessionIdleTimeout": 0,
+ "clientSessionMaxLifespan": 0,
+ "clientOfflineSessionIdleTimeout": 0,
+ "clientOfflineSessionMaxLifespan": 0,
+ "accessCodeLifespan": 60,
+ "accessCodeLifespanUserAction": 300,
+ "accessCodeLifespanLogin": 1800,
+ "actionTokenGeneratedByAdminLifespan": 43200,
+ "actionTokenGeneratedByUserLifespan": 900,
+ "oauth2DeviceCodeLifespan": 600,
+ "oauth2DevicePollingInterval": 5,
+ "enabled": true,
+ "sslRequired": "external",
+ "registrationAllowed": false,
+ "registrationEmailAsUsername": false,
+ "rememberMe": false,
+ "verifyEmail": false,
+ "loginWithEmailAllowed": true,
+ "duplicateEmailsAllowed": false,
+ "resetPasswordAllowed": true,
+ "editUsernameAllowed": false,
+ "bruteForceProtected": false,
+ "permanentLockout": false,
+ "maxTemporaryLockouts": 0,
+ "maxFailureWaitSeconds": 900,
+ "minimumQuickLoginWaitSeconds": 60,
+ "waitIncrementSeconds": 60,
+ "quickLoginCheckMilliSeconds": 1000,
+ "maxDeltaTimeSeconds": 43200,
+ "failureFactor": 30,
+ "roles": {
+ "realm": [
+ {
+ "id": "aa37d676-8aa9-4235-a03d-66b9cceff164",
+ "name": "uma_authorization",
+ "description": "${role_uma_authorization}",
+ "composite": false,
+ "clientRole": false,
+ "containerId": "9fb3dc08-9cca-427a-b662-e15bbbaf8d41",
+ "attributes": {}
+ },
+ {
+ "id": "9d72254c-28ee-44e5-a5c4-99291ab5e204",
+ "name": "default-roles-by-kiel-dev",
+ "description": "${role_default-roles}",
+ "composite": true,
+ "composites": {
+ "realm": [
+ "offline_access",
+ "uma_authorization"
+ ],
+ "client": {
+ "account": [
+ "view-profile",
+ "manage-account"
+ ]
+ }
+ },
+ "clientRole": false,
+ "containerId": "9fb3dc08-9cca-427a-b662-e15bbbaf8d41",
+ "attributes": {}
+ },
+ {
+ "id": "5fa094fb-e72d-451e-bb02-9857ea35e49e",
+ "name": "offline_access",
+ "description": "${role_offline-access}",
+ "composite": false,
+ "clientRole": false,
+ "containerId": "9fb3dc08-9cca-427a-b662-e15bbbaf8d41",
+ "attributes": {}
+ }
+ ],
+ "client": {
+ "realm-management": [
+ {
+ "id": "a95fb9a4-c366-49a8-b866-b54318b7f0ff",
+ "name": "query-clients",
+ "description": "${role_query-clients}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "2eaf9e7d-1d90-4b8c-9185-16d3a8dc07f8",
+ "attributes": {}
+ },
+ {
+ "id": "9b90b32d-b2b2-4d11-9478-4aad7ce7e7d2",
+ "name": "query-realms",
+ "description": "${role_query-realms}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "2eaf9e7d-1d90-4b8c-9185-16d3a8dc07f8",
+ "attributes": {}
+ },
+ {
+ "id": "d7ca3e45-1da3-4b5c-b63d-254c72354f66",
+ "name": "view-identity-providers",
+ "description": "${role_view-identity-providers}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "2eaf9e7d-1d90-4b8c-9185-16d3a8dc07f8",
+ "attributes": {}
+ },
+ {
+ "id": "d0dd95bb-08c1-4bab-8889-e0547fbc7aae",
+ "name": "view-authorization",
+ "description": "${role_view-authorization}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "2eaf9e7d-1d90-4b8c-9185-16d3a8dc07f8",
+ "attributes": {}
+ },
+ {
+ "id": "b06b2a68-5d05-4261-8adb-e37df4f00051",
+ "name": "view-clients",
+ "description": "${role_view-clients}",
+ "composite": true,
+ "composites": {
+ "client": {
+ "realm-management": [
+ "query-clients"
+ ]
+ }
+ },
+ "clientRole": true,
+ "containerId": "2eaf9e7d-1d90-4b8c-9185-16d3a8dc07f8",
+ "attributes": {}
+ },
+ {
+ "id": "f7abcd33-ab8c-403e-b18d-850731521957",
+ "name": "manage-clients",
+ "description": "${role_manage-clients}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "2eaf9e7d-1d90-4b8c-9185-16d3a8dc07f8",
+ "attributes": {}
+ },
+ {
+ "id": "71c5c353-9dd8-422f-b5af-3c69308144a3",
+ "name": "manage-events",
+ "description": "${role_manage-events}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "2eaf9e7d-1d90-4b8c-9185-16d3a8dc07f8",
+ "attributes": {}
+ },
+ {
+ "id": "2f585ad5-f969-412b-bcfa-010915f099f1",
+ "name": "view-realm",
+ "description": "${role_view-realm}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "2eaf9e7d-1d90-4b8c-9185-16d3a8dc07f8",
+ "attributes": {}
+ },
+ {
+ "id": "bd7c5537-1503-4b70-bdc8-ae4750bfc84e",
+ "name": "manage-realm",
+ "description": "${role_manage-realm}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "2eaf9e7d-1d90-4b8c-9185-16d3a8dc07f8",
+ "attributes": {}
+ },
+ {
+ "id": "d9f279fc-1c03-471e-af08-b1baa9bd4978",
+ "name": "query-users",
+ "description": "${role_query-users}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "2eaf9e7d-1d90-4b8c-9185-16d3a8dc07f8",
+ "attributes": {}
+ },
+ {
+ "id": "78075d96-9ee9-40af-96d1-4888073c1e18",
+ "name": "impersonation",
+ "description": "${role_impersonation}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "2eaf9e7d-1d90-4b8c-9185-16d3a8dc07f8",
+ "attributes": {}
+ },
+ {
+ "id": "f3a6fa9f-da98-4d40-8feb-30a2fd388cf4",
+ "name": "create-client",
+ "description": "${role_create-client}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "2eaf9e7d-1d90-4b8c-9185-16d3a8dc07f8",
+ "attributes": {}
+ },
+ {
+ "id": "295797f7-590b-45d3-b6bb-920f99f50939",
+ "name": "realm-admin",
+ "description": "${role_realm-admin}",
+ "composite": true,
+ "composites": {
+ "client": {
+ "realm-management": [
+ "query-realms",
+ "query-clients",
+ "view-identity-providers",
+ "view-clients",
+ "view-authorization",
+ "manage-clients",
+ "manage-events",
+ "view-realm",
+ "manage-realm",
+ "query-users",
+ "impersonation",
+ "create-client",
+ "manage-authorization",
+ "view-users",
+ "query-groups",
+ "manage-identity-providers",
+ "view-events",
+ "manage-users"
+ ]
+ }
+ },
+ "clientRole": true,
+ "containerId": "2eaf9e7d-1d90-4b8c-9185-16d3a8dc07f8",
+ "attributes": {}
+ },
+ {
+ "id": "176455ae-1887-4dbb-9cf9-1a2ef7388cd4",
+ "name": "manage-authorization",
+ "description": "${role_manage-authorization}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "2eaf9e7d-1d90-4b8c-9185-16d3a8dc07f8",
+ "attributes": {}
+ },
+ {
+ "id": "8d8da1be-f56a-434c-9043-eca4af5d8653",
+ "name": "view-users",
+ "description": "${role_view-users}",
+ "composite": true,
+ "composites": {
+ "client": {
+ "realm-management": [
+ "query-groups",
+ "query-users"
+ ]
+ }
+ },
+ "clientRole": true,
+ "containerId": "2eaf9e7d-1d90-4b8c-9185-16d3a8dc07f8",
+ "attributes": {}
+ },
+ {
+ "id": "e1ffddbf-aaba-4d69-bb62-1c451bef2931",
+ "name": "query-groups",
+ "description": "${role_query-groups}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "2eaf9e7d-1d90-4b8c-9185-16d3a8dc07f8",
+ "attributes": {}
+ },
+ {
+ "id": "a3dde97a-73bc-49a6-8f56-9168c784859c",
+ "name": "manage-identity-providers",
+ "description": "${role_manage-identity-providers}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "2eaf9e7d-1d90-4b8c-9185-16d3a8dc07f8",
+ "attributes": {}
+ },
+ {
+ "id": "acc417b7-318e-4f1d-81b4-5142df47a314",
+ "name": "view-events",
+ "description": "${role_view-events}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "2eaf9e7d-1d90-4b8c-9185-16d3a8dc07f8",
+ "attributes": {}
+ },
+ {
+ "id": "a0471c79-649f-419b-9442-246ab2e76497",
+ "name": "manage-users",
+ "description": "${role_manage-users}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "2eaf9e7d-1d90-4b8c-9185-16d3a8dc07f8",
+ "attributes": {}
+ }
+ ],
+ "security-admin-console": [],
+ "admin": [
+ {
+ "id": "c7782861-cafa-431b-997c-e236fd984c1a",
+ "name": "ADMIN_ADMIN",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "eb4bd20c-9a70-47a5-86dc-6367f0aa3d90",
+ "attributes": {}
+ }
+ ],
+ "admin-cli": [],
+ "account-console": [],
+ "alfa": [
+ {
+ "id": "b33fb35d-ea27-432a-8e41-c29d20109803",
+ "name": "VERWALTUNG_USER",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "cfdf3a5f-9cea-41cd-814f-3737601009ec",
+ "attributes": {}
+ },
+ {
+ "id": "cfb07d40-f25c-4ef1-84ff-57f75bf44898",
+ "name": "VERWALTUNG_POSTSTELLE",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "cfdf3a5f-9cea-41cd-814f-3737601009ec",
+ "attributes": {}
+ },
+ {
+ "id": "fe9cc04a-98d5-41ea-9ccf-4573179deb63",
+ "name": "VERWALTUNG_LOESCHEN",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "cfdf3a5f-9cea-41cd-814f-3737601009ec",
+ "attributes": {}
+ },
+ {
+ "id": "c9d4d4f1-7734-46b9-9284-8081b1fee5ac",
+ "name": "ADMIN_ADMIN",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "cfdf3a5f-9cea-41cd-814f-3737601009ec",
+ "attributes": {}
+ }
+ ],
+ "broker": [
+ {
+ "id": "ee46e0b7-a166-4d24-92b2-24798c81d4eb",
+ "name": "read-token",
+ "description": "${role_read-token}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "154629af-e006-45e8-bd77-8473230cd233",
+ "attributes": {}
+ }
+ ],
+ "account": [
+ {
+ "id": "c6273575-2e90-48c7-a416-586aaa5be1e4",
+ "name": "view-groups",
+ "description": "${role_view-groups}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "c4286607-254b-4174-9aeb-0349b0d29f14",
+ "attributes": {}
+ },
+ {
+ "id": "c1377fdf-3ea9-4959-afa0-9aa65d4549e0",
+ "name": "delete-account",
+ "description": "${role_delete-account}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "c4286607-254b-4174-9aeb-0349b0d29f14",
+ "attributes": {}
+ },
+ {
+ "id": "6da66269-7d6d-4fb2-9e16-887d4beee9dd",
+ "name": "view-profile",
+ "description": "${role_view-profile}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "c4286607-254b-4174-9aeb-0349b0d29f14",
+ "attributes": {}
+ },
+ {
+ "id": "81f8a4a4-2358-4865-98c9-f4f229cb55ce",
+ "name": "view-applications",
+ "description": "${role_view-applications}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "c4286607-254b-4174-9aeb-0349b0d29f14",
+ "attributes": {}
+ },
+ {
+ "id": "1610c6a4-d8b7-4a0c-96e7-9bc86f2622dc",
+ "name": "manage-account-links",
+ "description": "${role_manage-account-links}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "c4286607-254b-4174-9aeb-0349b0d29f14",
+ "attributes": {}
+ },
+ {
+ "id": "1a043c28-ea11-4fb2-b133-dc333f2cdf50",
+ "name": "view-consent",
+ "description": "${role_view-consent}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "c4286607-254b-4174-9aeb-0349b0d29f14",
+ "attributes": {}
+ },
+ {
+ "id": "0adfe0a0-4cb9-42ce-b7da-112851e6df7b",
+ "name": "manage-account",
+ "description": "${role_manage-account}",
+ "composite": true,
+ "composites": {
+ "client": {
+ "account": [
+ "manage-account-links"
+ ]
+ }
+ },
+ "clientRole": true,
+ "containerId": "c4286607-254b-4174-9aeb-0349b0d29f14",
+ "attributes": {}
+ },
+ {
+ "id": "0e3e9863-c429-4bb9-ae05-4c84a96c29cd",
+ "name": "manage-consent",
+ "description": "${role_manage-consent}",
+ "composite": true,
+ "composites": {
+ "client": {
+ "account": [
+ "view-consent"
+ ]
+ }
+ },
+ "clientRole": true,
+ "containerId": "c4286607-254b-4174-9aeb-0349b0d29f14",
+ "attributes": {}
+ }
+ ]
+ }
+ },
+ "groups": [
+ {
+ "id": "61252ad3-7778-491f-8a37-b4b08595f5cb",
+ "name": "Bauamt",
+ "path": "/Bauamt",
+ "subGroups": [],
+ "attributes": {
+ "organisationseinheitId": [
+ "248240886"
+ ]
+ },
+ "realmRoles": [],
+ "clientRoles": {}
+ },
+ {
+ "id": "bfd284be-9d30-4e9a-82d2-daf9ac6593b6",
+ "name": "Denkmalpflege",
+ "path": "/Denkmalpflege",
+ "subGroups": [
+ {
+ "id": "d7cb65c9-6791-40ac-b869-86befda22da8",
+ "name": "Sub-Denkmal",
+ "path": "/Denkmalpflege/Sub-Denkmal",
+ "parentId": "bfd284be-9d30-4e9a-82d2-daf9ac6593b6",
+ "subGroups": [],
+ "attributes": {},
+ "realmRoles": [],
+ "clientRoles": {}
+ }
+ ],
+ "attributes": {
+ "organisationseinheitId": [
+ "9093371"
+ ]
+ },
+ "realmRoles": [],
+ "clientRoles": {}
+ },
+ {
+ "id": "e80b596b-7559-4437-8349-4732ac567d15",
+ "name": "Fundstelle",
+ "path": "/Fundstelle",
+ "subGroups": [],
+ "attributes": {
+ "organisationseinheitId": [
+ "10363455"
+ ]
+ },
+ "realmRoles": [],
+ "clientRoles": {}
+ },
+ {
+ "id": "0404d241-c26c-439b-86c5-7d033d1e9c00",
+ "name": "MitUnterGruppe",
+ "path": "/MitUnterGruppe",
+ "subGroups": [
+ {
+ "id": "64d0a2f8-1bb5-403f-a1b1-fad0fe63f33c",
+ "name": "EineUntergruppe",
+ "path": "/MitUnterGruppe/EineUntergruppe",
+ "parentId": "0404d241-c26c-439b-86c5-7d033d1e9c00",
+ "subGroups": [],
+ "attributes": {
+ "organisationseinheitId": [
+ "456"
+ ]
+ },
+ "realmRoles": [],
+ "clientRoles": {}
+ },
+ {
+ "id": "f5ae2753-dbac-4baf-bbc7-c2a0b8076f6e",
+ "name": "EineUntergruppeOhneAttribute",
+ "path": "/MitUnterGruppe/EineUntergruppeOhneAttribute",
+ "parentId": "0404d241-c26c-439b-86c5-7d033d1e9c00",
+ "subGroups": [],
+ "attributes": {},
+ "realmRoles": [],
+ "clientRoles": {}
+ }
+ ],
+ "attributes": {
+ "organisationseinheitId": [
+ "123"
+ ]
+ },
+ "realmRoles": [],
+ "clientRoles": {}
+ },
+ {
+ "id": "f2b038bf-7fe9-4bfd-9268-f728cff2bebf",
+ "name": "Ohne OEID",
+ "path": "/Ohne OEID",
+ "subGroups": [],
+ "attributes": {},
+ "realmRoles": [],
+ "clientRoles": {}
+ },
+ {
+ "id": "155b4752-bbc3-4c6a-afa7-7769f1b2ea8a",
+ "name": "Ordnungsamt",
+ "path": "/Ordnungsamt",
+ "subGroups": [],
+ "attributes": {
+ "organisationseinheitId": [
+ "9030229"
+ ]
+ },
+ "realmRoles": [],
+ "clientRoles": {}
+ },
+ {
+ "id": "53c11c42-9f8e-4cbc-b6da-1c1ff2d46187",
+ "name": "Wirtschaftsförderung",
+ "path": "/Wirtschaftsförderung",
+ "subGroups": [],
+ "attributes": {
+ "organisationseinheitId": [
+ "9797773"
+ ]
+ },
+ "realmRoles": [],
+ "clientRoles": {}
+ }
+ ],
+ "defaultRole": {
+ "id": "9d72254c-28ee-44e5-a5c4-99291ab5e204",
+ "name": "default-roles-by-kiel-dev",
+ "description": "${role_default-roles}",
+ "composite": true,
+ "clientRole": false,
+ "containerId": "9fb3dc08-9cca-427a-b662-e15bbbaf8d41"
+ },
+ "requiredCredentials": [
+ "password"
+ ],
+ "passwordPolicy": "upperCase(1) and lowerCase(1) and length(8) and notUsername",
+ "otpPolicyType": "totp",
+ "otpPolicyAlgorithm": "HmacSHA1",
+ "otpPolicyInitialCounter": 0,
+ "otpPolicyDigits": 6,
+ "otpPolicyLookAheadWindow": 1,
+ "otpPolicyPeriod": 30,
+ "otpPolicyCodeReusable": false,
+ "otpSupportedApplications": [
+ "totpAppFreeOTPName",
+ "totpAppGoogleName",
+ "totpAppMicrosoftAuthenticatorName"
+ ],
+ "localizationTexts": {},
+ "webAuthnPolicyRpEntityName": "keycloak",
+ "webAuthnPolicySignatureAlgorithms": [
+ "ES256"
+ ],
+ "webAuthnPolicyRpId": "",
+ "webAuthnPolicyAttestationConveyancePreference": "not specified",
+ "webAuthnPolicyAuthenticatorAttachment": "not specified",
+ "webAuthnPolicyRequireResidentKey": "not specified",
+ "webAuthnPolicyUserVerificationRequirement": "not specified",
+ "webAuthnPolicyCreateTimeout": 0,
+ "webAuthnPolicyAvoidSameAuthenticatorRegister": false,
+ "webAuthnPolicyAcceptableAaguids": [],
+ "webAuthnPolicyExtraOrigins": [],
+ "webAuthnPolicyPasswordlessRpEntityName": "keycloak",
+ "webAuthnPolicyPasswordlessSignatureAlgorithms": [
+ "ES256"
+ ],
+ "webAuthnPolicyPasswordlessRpId": "",
+ "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified",
+ "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified",
+ "webAuthnPolicyPasswordlessRequireResidentKey": "not specified",
+ "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified",
+ "webAuthnPolicyPasswordlessCreateTimeout": 0,
+ "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false,
+ "webAuthnPolicyPasswordlessAcceptableAaguids": [],
+ "webAuthnPolicyPasswordlessExtraOrigins": [],
+ "scopeMappings": [
+ {
+ "clientScope": "offline_access",
+ "roles": [
+ "offline_access"
+ ]
+ }
+ ],
+ "clientScopeMappings": {
+ "account": [
+ {
+ "client": "account-console",
+ "roles": [
+ "manage-account",
+ "view-groups"
+ ]
+ }
+ ]
+ },
+ "clients": [
+ {
+ "id": "c4286607-254b-4174-9aeb-0349b0d29f14",
+ "clientId": "account",
+ "name": "${client_account}",
+ "rootUrl": "${authBaseUrl}",
+ "baseUrl": "/realms/by-kiel-dev/account/",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "redirectUris": [
+ "/realms/by-kiel-dev/account/*"
+ ],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": false,
+ "serviceAccountsEnabled": false,
+ "publicClient": true,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {
+ "post.logout.redirect.uris": "+"
+ },
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": false,
+ "nodeReRegistrationTimeout": 0,
+ "defaultClientScopes": [
+ "web-origins",
+ "acr",
+ "roles",
+ "profile",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "offline_access",
+ "microprofile-jwt"
+ ]
+ },
+ {
+ "id": "42edd91a-5674-4eee-819e-a6563df8d93b",
+ "clientId": "account-console",
+ "name": "${client_account-console}",
+ "rootUrl": "${authBaseUrl}",
+ "baseUrl": "/realms/by-kiel-dev/account/",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "redirectUris": [
+ "/realms/by-kiel-dev/account/*"
+ ],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": false,
+ "serviceAccountsEnabled": false,
+ "publicClient": true,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {
+ "post.logout.redirect.uris": "+",
+ "pkce.code.challenge.method": "S256"
+ },
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": false,
+ "nodeReRegistrationTimeout": 0,
+ "protocolMappers": [
+ {
+ "id": "a06adeb3-ca21-4d2d-b2fd-83d8f095a59e",
+ "name": "audience resolve",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-audience-resolve-mapper",
+ "consentRequired": false,
+ "config": {}
+ }
+ ],
+ "defaultClientScopes": [
+ "web-origins",
+ "acr",
+ "roles",
+ "profile",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "offline_access",
+ "microprofile-jwt"
+ ]
+ },
+ {
+ "id": "eb4bd20c-9a70-47a5-86dc-6367f0aa3d90",
+ "clientId": "admin",
+ "name": "",
+ "description": "",
+ "rootUrl": "",
+ "adminUrl": "",
+ "baseUrl": "https://kiel-admin.dev.by.ozg-cloud.de",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "redirectUris": [
+ "http://localadmin:4301",
+ "http://localhost:8080/*",
+ "http://localhost:4301",
+ "https://kiel-admin.dev.by.ozg-cloud.de",
+ "http://localhost:4300",
+ "http://localhost:8080",
+ "https://kiel-admin.dev.by.ozg-cloud.de/*",
+ "http://localadmin:4301/*",
+ "http://localhost:4300/*",
+ "http://localhost:4301/*"
+ ],
+ "webOrigins": [
+ "https://kiel-admin.dev.by.ozg-cloud.de",
+ "+"
+ ],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": true,
+ "directAccessGrantsEnabled": true,
+ "serviceAccountsEnabled": false,
+ "publicClient": true,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {
+ "oidc.ciba.grant.enabled": "false",
+ "backchannel.logout.session.required": "true",
+ "post.logout.redirect.uris": "+",
+ "oauth2.device.authorization.grant.enabled": "false",
+ "display.on.consent.screen": "false",
+ "backchannel.logout.revoke.offline.tokens": "true"
+ },
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": true,
+ "nodeReRegistrationTimeout": -1,
+ "protocolMappers": [
+ {
+ "id": "c4d23266-80e2-4017-b33f-519984912c69",
+ "name": "organisationseinheitIdLdapMapper",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "aggregate.attrs": "true",
+ "multivalued": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "extensionAttribute1",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "organisationseinheitId",
+ "jsonType.label": "int"
+ }
+ },
+ {
+ "id": "e068b24d-9731-4b81-a49a-8107e3053daa",
+ "name": "ozgCloudUserId",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "aggregate.attrs": "false",
+ "multivalued": "false",
+ "userinfo.token.claim": "true",
+ "user.attribute": "ozgCloudUserId",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "ozgCloudUserId"
+ }
+ },
+ {
+ "id": "9ed930aa-7dfd-441b-b4c1-829c8abc060e",
+ "name": "organisationseinheitIdMapper",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "aggregate.attrs": "true",
+ "multivalued": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "organisationseinheitId",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "organisationseinheitId",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "8fb48032-25c0-489a-bd24-f13e37e7c285",
+ "name": "client roles",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-client-role-mapper",
+ "consentRequired": false,
+ "config": {
+ "id.token.claim": "false",
+ "access.token.claim": "true",
+ "claim.name": "resource_access.${client_id}.roles",
+ "multivalued": "true"
+ }
+ }
+ ],
+ "defaultClientScopes": [
+ "web-origins",
+ "acr",
+ "roles",
+ "profile",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "offline_access",
+ "microprofile-jwt"
+ ]
+ },
+ {
+ "id": "9bf972cc-a9bd-4006-bbb6-eb2b17cdcaf3",
+ "clientId": "admin-cli",
+ "name": "${client_admin-cli}",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "redirectUris": [],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": false,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": true,
+ "serviceAccountsEnabled": false,
+ "publicClient": true,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {},
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": false,
+ "nodeReRegistrationTimeout": 0,
+ "defaultClientScopes": [
+ "web-origins",
+ "acr",
+ "roles",
+ "profile",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "offline_access",
+ "microprofile-jwt"
+ ]
+ },
+ {
+ "id": "cfdf3a5f-9cea-41cd-814f-3737601009ec",
+ "clientId": "alfa",
+ "name": "",
+ "description": "",
+ "rootUrl": "",
+ "adminUrl": "",
+ "baseUrl": "https://kiel.dev.by.ozg-cloud.de",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "redirectUris": [
+ "https://kiel.dev.by.ozg-cloud.de",
+ "http://localhost:4300",
+ "http://192.168.178.20:4300",
+ "http://192.168.178.20:4300/*",
+ "http://localalfa:4301",
+ "http://localhost:4300/*",
+ "https://kiel.dev.by.ozg-cloud.de/*",
+ "http://localalfa:4301/*"
+ ],
+ "webOrigins": [
+ "+"
+ ],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": true,
+ "directAccessGrantsEnabled": true,
+ "serviceAccountsEnabled": false,
+ "publicClient": true,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {
+ "oidc.ciba.grant.enabled": "false",
+ "backchannel.logout.session.required": "true",
+ "post.logout.redirect.uris": "+",
+ "oauth2.device.authorization.grant.enabled": "false",
+ "display.on.consent.screen": "false",
+ "backchannel.logout.revoke.offline.tokens": "false"
+ },
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": true,
+ "nodeReRegistrationTimeout": -1,
+ "protocolMappers": [
+ {
+ "id": "6b331d31-8e18-40d7-b060-07be600a514f",
+ "name": "organisationseinheitIdMapper",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "aggregate.attrs": "true",
+ "multivalued": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "organisationseinheitId",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "organisationseinheitId",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "0be41781-9e05-42a1-a2d0-3121dbdaa7ac",
+ "name": "organisationseinheitIdLdapMapper",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "aggregate.attrs": "true",
+ "multivalued": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "extensionAttribute1",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "organisationseinheitId",
+ "jsonType.label": "int"
+ }
+ },
+ {
+ "id": "906cac18-b448-44ba-8107-fb5286be3f0c",
+ "name": "client roles",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-client-role-mapper",
+ "consentRequired": false,
+ "config": {
+ "id.token.claim": "false",
+ "access.token.claim": "true",
+ "claim.name": "resource_access.${client_id}.roles",
+ "multivalued": "true"
+ }
+ },
+ {
+ "id": "14117f93-bf7a-4c20-a8cf-b46d96598c57",
+ "name": "ozgCloudUserId",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "aggregate.attrs": "false",
+ "multivalued": "false",
+ "userinfo.token.claim": "true",
+ "user.attribute": "ozgCloudUserId",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "ozgCloudUserId"
+ }
+ }
+ ],
+ "defaultClientScopes": [
+ "web-origins",
+ "acr",
+ "roles",
+ "profile",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "offline_access",
+ "microprofile-jwt"
+ ]
+ },
+ {
+ "id": "154629af-e006-45e8-bd77-8473230cd233",
+ "clientId": "broker",
+ "name": "${client_broker}",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "redirectUris": [],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": true,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": false,
+ "serviceAccountsEnabled": false,
+ "publicClient": false,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {},
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": false,
+ "nodeReRegistrationTimeout": 0,
+ "defaultClientScopes": [
+ "web-origins",
+ "acr",
+ "roles",
+ "profile",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "offline_access",
+ "microprofile-jwt"
+ ]
+ },
+ {
+ "id": "2eaf9e7d-1d90-4b8c-9185-16d3a8dc07f8",
+ "clientId": "realm-management",
+ "name": "${client_realm-management}",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "redirectUris": [],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": true,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": false,
+ "serviceAccountsEnabled": false,
+ "publicClient": false,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {},
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": false,
+ "nodeReRegistrationTimeout": 0,
+ "defaultClientScopes": [
+ "web-origins",
+ "acr",
+ "roles",
+ "profile",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "offline_access",
+ "microprofile-jwt"
+ ]
+ },
+ {
+ "id": "791b4dc0-ac09-4cde-b5db-ec733bb3a6e4",
+ "clientId": "security-admin-console",
+ "name": "${client_security-admin-console}",
+ "rootUrl": "${authAdminUrl}",
+ "baseUrl": "/admin/by-kiel-dev/console/",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "redirectUris": [
+ "/admin/by-kiel-dev/console/*"
+ ],
+ "webOrigins": [
+ "+"
+ ],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": false,
+ "serviceAccountsEnabled": false,
+ "publicClient": true,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {
+ "post.logout.redirect.uris": "+",
+ "pkce.code.challenge.method": "S256"
+ },
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": false,
+ "nodeReRegistrationTimeout": 0,
+ "protocolMappers": [
+ {
+ "id": "53c5b15d-fb00-4081-8e8c-3986bc85e22e",
+ "name": "locale",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "locale",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "locale",
+ "jsonType.label": "String"
+ }
+ }
+ ],
+ "defaultClientScopes": [
+ "web-origins",
+ "acr",
+ "roles",
+ "profile",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "offline_access",
+ "microprofile-jwt"
+ ]
+ }
+ ],
+ "clientScopes": [
+ {
+ "id": "098bb831-26d2-46b6-b598-8488b3a10cb6",
+ "name": "role_list",
+ "description": "SAML role list",
+ "protocol": "saml",
+ "attributes": {
+ "consent.screen.text": "${samlRoleListScopeConsentText}",
+ "display.on.consent.screen": "true"
+ },
+ "protocolMappers": [
+ {
+ "id": "b2d3572c-cd67-4950-8387-0dd9d9ae5790",
+ "name": "role list",
+ "protocol": "saml",
+ "protocolMapper": "saml-role-list-mapper",
+ "consentRequired": false,
+ "config": {
+ "single": "false",
+ "attribute.nameformat": "Basic",
+ "attribute.name": "Role"
+ }
+ }
+ ]
+ },
+ {
+ "id": "3d9cb752-05c9-4e97-bd98-54e4243bceef",
+ "name": "roles",
+ "description": "OpenID Connect scope for add user roles to the access token",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "false",
+ "display.on.consent.screen": "true",
+ "consent.screen.text": "${rolesScopeConsentText}"
+ },
+ "protocolMappers": [
+ {
+ "id": "7991afb7-b0f6-41cc-9d4c-be1e0b566f9a",
+ "name": "realm roles",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-realm-role-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "multivalued": "true",
+ "user.attribute": "foo",
+ "access.token.claim": "true",
+ "claim.name": "realm_access.roles",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "97f3d23d-383c-41f0-93bb-222a9605c322",
+ "name": "client roles",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-client-role-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "multivalued": "true",
+ "user.attribute": "foo",
+ "access.token.claim": "true",
+ "claim.name": "resource_access.${client_id}.roles",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "59850e33-3697-44aa-bd7d-7d62d743ec90",
+ "name": "audience resolve",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-audience-resolve-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "access.token.claim": "true"
+ }
+ }
+ ]
+ },
+ {
+ "id": "d0016b43-38b8-446e-a2ee-e13748d58540",
+ "name": "offline_access",
+ "description": "OpenID Connect built-in scope: offline_access",
+ "protocol": "openid-connect",
+ "attributes": {
+ "consent.screen.text": "${offlineAccessScopeConsentText}",
+ "display.on.consent.screen": "true"
+ }
+ },
+ {
+ "id": "373a60da-98ff-45ab-a4ac-7d7bed6bea79",
+ "name": "microprofile-jwt",
+ "description": "Microprofile - JWT built-in scope",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "true",
+ "display.on.consent.screen": "false"
+ },
+ "protocolMappers": [
+ {
+ "id": "ea806811-00a6-46e1-86c9-3986525d12cc",
+ "name": "upn",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "username",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "upn",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "599bfce4-81d0-448b-a4b6-48dc37c26c6f",
+ "name": "groups",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-realm-role-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "multivalued": "true",
+ "user.attribute": "foo",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "groups",
+ "jsonType.label": "String"
+ }
+ }
+ ]
+ },
+ {
+ "id": "221cb3f6-a8aa-4dbc-92e9-cc5c74e333f3",
+ "name": "acr",
+ "description": "OpenID Connect scope for add acr (authentication context class reference) to the token",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "false",
+ "display.on.consent.screen": "false"
+ },
+ "protocolMappers": [
+ {
+ "id": "b1f822a6-e9d5-41d2-ab74-7145889be2ea",
+ "name": "acr loa level",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-acr-mapper",
+ "consentRequired": false,
+ "config": {
+ "id.token.claim": "true",
+ "introspection.token.claim": "true",
+ "access.token.claim": "true"
+ }
+ }
+ ]
+ },
+ {
+ "id": "d9824d52-35f3-480c-acee-de0f9bbd332a",
+ "name": "address",
+ "description": "OpenID Connect built-in scope: address",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "true",
+ "display.on.consent.screen": "true",
+ "consent.screen.text": "${addressScopeConsentText}"
+ },
+ "protocolMappers": [
+ {
+ "id": "043959f8-3a9e-46ce-99a4-53454d12b783",
+ "name": "address",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-address-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.attribute.formatted": "formatted",
+ "user.attribute.country": "country",
+ "introspection.token.claim": "true",
+ "user.attribute.postal_code": "postal_code",
+ "userinfo.token.claim": "true",
+ "user.attribute.street": "street",
+ "id.token.claim": "true",
+ "user.attribute.region": "region",
+ "access.token.claim": "true",
+ "user.attribute.locality": "locality"
+ }
+ }
+ ]
+ },
+ {
+ "id": "32657f48-d612-4ef3-bb73-631d4fca6301",
+ "name": "profile",
+ "description": "OpenID Connect built-in scope: profile",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "true",
+ "display.on.consent.screen": "true",
+ "consent.screen.text": "${profileScopeConsentText}"
+ },
+ "protocolMappers": [
+ {
+ "id": "80552443-1934-41f7-8c4e-efe6239d2445",
+ "name": "gender",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "gender",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "gender",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "fcb237ea-0eeb-49ea-85a3-7bbda6c26e8c",
+ "name": "username",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "username",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "preferred_username",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "04815367-eee2-4cb5-a1d1-2b7430cdc6c0",
+ "name": "picture",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "picture",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "picture",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "13896dc7-f986-446a-922e-e68f38cd23a4",
+ "name": "family name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "lastName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "family_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "b986b4eb-e6a5-44ae-b54f-54b81bb3c724",
+ "name": "middle name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "middleName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "middle_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "f5d14319-b5d6-4546-90c0-01733ebb6b7c",
+ "name": "locale",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "locale",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "locale",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "ed0a6d54-206d-4b4a-8a7d-59ff10edd6eb",
+ "name": "profile",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "profile",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "profile",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "68c2ec34-8341-478c-bf5f-f216b819872b",
+ "name": "nickname",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "nickname",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "nickname",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "3887b581-ed17-410b-913d-e153ca8a7bab",
+ "name": "birthdate",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "birthdate",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "birthdate",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "2c20a2cf-ff6e-4cf6-895d-94a5ec9327aa",
+ "name": "zoneinfo",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "zoneinfo",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "zoneinfo",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "138dae3a-2c49-4a6d-a6b8-e6cf89fd9401",
+ "name": "updated at",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "updatedAt",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "updated_at",
+ "jsonType.label": "long"
+ }
+ },
+ {
+ "id": "ce313b72-9554-484e-8363-7163a5aa37fb",
+ "name": "given name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "firstName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "given_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "16441849-ff71-46cd-a890-9fd29a8382d6",
+ "name": "website",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "website",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "website",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "80c89419-9a38-4a18-8fa4-d8bfe6171138",
+ "name": "full name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-full-name-mapper",
+ "consentRequired": false,
+ "config": {
+ "id.token.claim": "true",
+ "introspection.token.claim": "true",
+ "access.token.claim": "true",
+ "userinfo.token.claim": "true"
+ }
+ }
+ ]
+ },
+ {
+ "id": "e677eef2-34d0-40f6-af92-deb31a48959f",
+ "name": "phone",
+ "description": "OpenID Connect built-in scope: phone",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "true",
+ "display.on.consent.screen": "true",
+ "consent.screen.text": "${phoneScopeConsentText}"
+ },
+ "protocolMappers": [
+ {
+ "id": "938622c5-6395-4b7e-b64c-5446cdcddecf",
+ "name": "phone number",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "phoneNumber",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "phone_number",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "ce073411-a4f9-4704-bbb4-0d0e1e86426b",
+ "name": "phone number verified",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "phoneNumberVerified",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "phone_number_verified",
+ "jsonType.label": "boolean"
+ }
+ }
+ ]
+ },
+ {
+ "id": "65011340-d61d-4e1e-9967-b5e0451d8b6a",
+ "name": "web-origins",
+ "description": "OpenID Connect scope for add allowed web origins to the access token",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "false",
+ "display.on.consent.screen": "false",
+ "consent.screen.text": ""
+ },
+ "protocolMappers": [
+ {
+ "id": "dc16a85a-56ee-4441-8bcb-63a029ab6355",
+ "name": "allowed web origins",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-allowed-origins-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "access.token.claim": "true"
+ }
+ }
+ ]
+ },
+ {
+ "id": "0a04bdc3-07a3-4398-b412-d71e83105a79",
+ "name": "email",
+ "description": "OpenID Connect built-in scope: email",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "true",
+ "display.on.consent.screen": "true",
+ "consent.screen.text": "${emailScopeConsentText}"
+ },
+ "protocolMappers": [
+ {
+ "id": "63b5236f-b030-47ee-ac4a-ee93311f1729",
+ "name": "email verified",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "emailVerified",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "email_verified",
+ "jsonType.label": "boolean"
+ }
+ },
+ {
+ "id": "9a6b68cc-2bd6-4ade-a490-7c9e458b54aa",
+ "name": "email",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "email",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "email",
+ "jsonType.label": "String"
+ }
+ }
+ ]
+ }
+ ],
+ "defaultDefaultClientScopes": [
+ "role_list",
+ "profile",
+ "email",
+ "roles",
+ "web-origins",
+ "acr"
+ ],
+ "defaultOptionalClientScopes": [
+ "offline_access",
+ "address",
+ "phone",
+ "microprofile-jwt"
+ ],
+ "browserSecurityHeaders": {
+ "contentSecurityPolicyReportOnly": "",
+ "xContentTypeOptions": "nosniff",
+ "referrerPolicy": "no-referrer",
+ "xRobotsTag": "none",
+ "xFrameOptions": "SAMEORIGIN",
+ "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
+ "xXSSProtection": "1; mode=block",
+ "strictTransportSecurity": "max-age=31536000; includeSubDomains"
+ },
+ "smtpServer": {
+ "password": "**********",
+ "starttls": "true",
+ "port": "25",
+ "auth": "true",
+ "host": "mail.infra.ozg-cloud.systems",
+ "from": "dev-environment@ozg-cloud.de",
+ "fromDisplayName": "OZG-Cloud (DEV)",
+ "user": "ozg/ozg"
+ },
+ "eventsEnabled": false,
+ "eventsListeners": [
+ "jboss-logging"
+ ],
+ "enabledEventTypes": [],
+ "adminEventsEnabled": false,
+ "adminEventsDetailsEnabled": false,
+ "identityProviders": [],
+ "identityProviderMappers": [],
+ "components": {
+ "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [
+ {
+ "id": "8daa1dcc-b6ab-453a-945e-71811e690d9d",
+ "name": "Full Scope Disabled",
+ "providerId": "scope",
+ "subType": "anonymous",
+ "subComponents": {},
+ "config": {}
+ },
+ {
+ "id": "ed178d70-07ad-467e-9cb7-cfc8c80cb764",
+ "name": "Max Clients Limit",
+ "providerId": "max-clients",
+ "subType": "anonymous",
+ "subComponents": {},
+ "config": {
+ "max-clients": [
+ "200"
+ ]
+ }
+ },
+ {
+ "id": "c92466b5-9341-4d75-bcb5-ea604c861b44",
+ "name": "Consent Required",
+ "providerId": "consent-required",
+ "subType": "anonymous",
+ "subComponents": {},
+ "config": {}
+ },
+ {
+ "id": "3dcd64ed-7c20-41bb-a844-36ec59071619",
+ "name": "Allowed Protocol Mapper Types",
+ "providerId": "allowed-protocol-mappers",
+ "subType": "authenticated",
+ "subComponents": {},
+ "config": {
+ "allowed-protocol-mapper-types": [
+ "saml-user-property-mapper",
+ "oidc-address-mapper",
+ "oidc-sha256-pairwise-sub-mapper",
+ "oidc-full-name-mapper",
+ "oidc-usermodel-attribute-mapper",
+ "saml-role-list-mapper",
+ "oidc-usermodel-property-mapper",
+ "saml-user-attribute-mapper"
+ ]
+ }
+ },
+ {
+ "id": "102a4da8-149f-4586-a51f-2844444d5436",
+ "name": "Allowed Client Scopes",
+ "providerId": "allowed-client-templates",
+ "subType": "authenticated",
+ "subComponents": {},
+ "config": {
+ "allow-default-scopes": [
+ "true"
+ ]
+ }
+ },
+ {
+ "id": "123e7c60-2563-428d-b5ce-68a5bdc419e2",
+ "name": "Allowed Protocol Mapper Types",
+ "providerId": "allowed-protocol-mappers",
+ "subType": "anonymous",
+ "subComponents": {},
+ "config": {
+ "allowed-protocol-mapper-types": [
+ "oidc-full-name-mapper",
+ "saml-user-property-mapper",
+ "oidc-usermodel-property-mapper",
+ "oidc-sha256-pairwise-sub-mapper",
+ "oidc-usermodel-attribute-mapper",
+ "saml-role-list-mapper",
+ "saml-user-attribute-mapper",
+ "oidc-address-mapper"
+ ]
+ }
+ },
+ {
+ "id": "aa46e47e-8c52-44e1-9d4d-3796f00086b8",
+ "name": "Allowed Client Scopes",
+ "providerId": "allowed-client-templates",
+ "subType": "anonymous",
+ "subComponents": {},
+ "config": {
+ "allow-default-scopes": [
+ "true"
+ ]
+ }
+ },
+ {
+ "id": "52dca2ac-dd78-4f13-a51e-2a434249977b",
+ "name": "Trusted Hosts",
+ "providerId": "trusted-hosts",
+ "subType": "anonymous",
+ "subComponents": {},
+ "config": {
+ "host-sending-registration-request-must-match": [
+ "true"
+ ],
+ "client-uris-must-match": [
+ "true"
+ ]
+ }
+ }
+ ],
+ "org.keycloak.userprofile.UserProfileProvider": [
+ {
+ "id": "a7b93275-16b4-434f-a9ba-8fa769851f14",
+ "providerId": "declarative-user-profile",
+ "subComponents": {},
+ "config": {
+ "kc.user.profile.config": [
+ "{\"attributes\":[{\"name\":\"username\",\"displayName\":\"${username}\",\"validations\":{\"length\":{\"min\":3,\"max\":255},\"username-prohibited-characters\":{},\"up-username-not-idn-homograph\":{}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"email\",\"displayName\":\"${email}\",\"validations\":{\"email\":{},\"length\":{\"max\":255}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"firstName\",\"displayName\":\"${firstName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"lastName\",\"displayName\":\"${lastName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"ozgCloudUserId\",\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false}],\"groups\":[{\"name\":\"user-metadata\",\"displayHeader\":\"User metadata\",\"displayDescription\":\"Attributes, which refer to user metadata\"}],\"unmanagedAttributePolicy\":\"ENABLED\"}"
+ ]
+ }
+ }
+ ],
+ "org.keycloak.keys.KeyProvider": [
+ {
+ "id": "a3528679-d57a-47d4-bcab-830855c25803",
+ "name": "hmac-generated-hs512",
+ "providerId": "hmac-generated",
+ "subComponents": {},
+ "config": {
+ "priority": [
+ "100"
+ ],
+ "algorithm": [
+ "HS512"
+ ]
+ }
+ },
+ {
+ "id": "1230a35b-825e-4b3c-9f39-c316d1f9d95f",
+ "name": "rsa-enc-generated",
+ "providerId": "rsa-enc-generated",
+ "subComponents": {},
+ "config": {
+ "priority": [
+ "100"
+ ],
+ "algorithm": [
+ "RSA-OAEP"
+ ]
+ }
+ },
+ {
+ "id": "08ffc487-a0dd-4989-81e0-f2491681b6a4",
+ "name": "aes-generated",
+ "providerId": "aes-generated",
+ "subComponents": {},
+ "config": {
+ "priority": [
+ "100"
+ ]
+ }
+ },
+ {
+ "id": "b384dabc-cc3b-414e-81d4-dcf006560143",
+ "name": "hmac-generated",
+ "providerId": "hmac-generated",
+ "subComponents": {},
+ "config": {
+ "priority": [
+ "100"
+ ],
+ "algorithm": [
+ "HS256"
+ ]
+ }
+ },
+ {
+ "id": "a21ffc83-f617-4e7c-a622-c328b99a0ea0",
+ "name": "rsa-generated",
+ "providerId": "rsa-generated",
+ "subComponents": {},
+ "config": {
+ "priority": [
+ "100"
+ ]
+ }
+ }
+ ]
+ },
+ "internationalizationEnabled": true,
+ "supportedLocales": [
+ "de"
+ ],
+ "defaultLocale": "de",
+ "authenticationFlows": [
+ {
+ "id": "ee87f4b5-e590-406e-b2e9-59f137068a67",
+ "alias": "Account verification options",
+ "description": "Method with which to verity the existing account",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "idp-email-verification",
+ "authenticatorFlow": false,
+ "requirement": "ALTERNATIVE",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticatorFlow": true,
+ "requirement": "ALTERNATIVE",
+ "priority": 20,
+ "autheticatorFlow": true,
+ "flowAlias": "Verify Existing Account by Re-authentication",
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "a6967f77-ebe3-4eb3-9fb9-6c0526e03a00",
+ "alias": "Browser - Conditional OTP",
+ "description": "Flow to determine if the OTP is required for the authentication",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "conditional-user-configured",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "auth-otp-form",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "083b0a4f-f49a-4e65-8593-7e3ee9da47ce",
+ "alias": "Direct Grant - Conditional OTP",
+ "description": "Flow to determine if the OTP is required for the authentication",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "conditional-user-configured",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "direct-grant-validate-otp",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "fdaa5db8-807c-4142-a9cd-07f2f5b26595",
+ "alias": "First broker login - Conditional OTP",
+ "description": "Flow to determine if the OTP is required for the authentication",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "conditional-user-configured",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "auth-otp-form",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "ed32e60e-a92b-40fb-97f1-99efdeaf6a81",
+ "alias": "Handle Existing Account",
+ "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "idp-confirm-link",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticatorFlow": true,
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "autheticatorFlow": true,
+ "flowAlias": "Account verification options",
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "56612650-1dc0-42fb-8f34-baa0d20e2fe5",
+ "alias": "Reset - Conditional OTP",
+ "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "conditional-user-configured",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "reset-otp",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "1c3fc4b4-78f2-47ad-9ae5-4faa77bcef08",
+ "alias": "User creation or linking",
+ "description": "Flow for the existing/non-existing user alternatives",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticatorConfig": "create unique user config",
+ "authenticator": "idp-create-user-if-unique",
+ "authenticatorFlow": false,
+ "requirement": "ALTERNATIVE",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticatorFlow": true,
+ "requirement": "ALTERNATIVE",
+ "priority": 20,
+ "autheticatorFlow": true,
+ "flowAlias": "Handle Existing Account",
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "e219a9a7-5c70-49cb-99ee-7a86006cf51d",
+ "alias": "Verify Existing Account by Re-authentication",
+ "description": "Reauthentication of existing account",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "idp-username-password-form",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticatorFlow": true,
+ "requirement": "CONDITIONAL",
+ "priority": 20,
+ "autheticatorFlow": true,
+ "flowAlias": "First broker login - Conditional OTP",
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "1f465bda-6da1-485c-aa43-311e546681d1",
+ "alias": "browser",
+ "description": "browser based authentication",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "auth-cookie",
+ "authenticatorFlow": false,
+ "requirement": "ALTERNATIVE",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "auth-spnego",
+ "authenticatorFlow": false,
+ "requirement": "DISABLED",
+ "priority": 20,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "identity-provider-redirector",
+ "authenticatorFlow": false,
+ "requirement": "ALTERNATIVE",
+ "priority": 25,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticatorFlow": true,
+ "requirement": "ALTERNATIVE",
+ "priority": 30,
+ "autheticatorFlow": true,
+ "flowAlias": "forms",
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "d7814341-4ea9-4f1d-bb2c-adfa78ef095f",
+ "alias": "clients",
+ "description": "Base authentication for clients",
+ "providerId": "client-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "client-secret",
+ "authenticatorFlow": false,
+ "requirement": "ALTERNATIVE",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "client-jwt",
+ "authenticatorFlow": false,
+ "requirement": "ALTERNATIVE",
+ "priority": 20,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "client-secret-jwt",
+ "authenticatorFlow": false,
+ "requirement": "ALTERNATIVE",
+ "priority": 30,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "client-x509",
+ "authenticatorFlow": false,
+ "requirement": "ALTERNATIVE",
+ "priority": 40,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "ffa28f72-9f28-4a14-bce9-8b9e44399cb7",
+ "alias": "direct grant",
+ "description": "OpenID Connect Resource Owner Grant",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "direct-grant-validate-username",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "direct-grant-validate-password",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticatorFlow": true,
+ "requirement": "CONDITIONAL",
+ "priority": 30,
+ "autheticatorFlow": true,
+ "flowAlias": "Direct Grant - Conditional OTP",
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "e2f11c13-f6e0-4852-9449-6912a36f9296",
+ "alias": "docker auth",
+ "description": "Used by Docker clients to authenticate against the IDP",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "docker-http-basic-authenticator",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "97ab627b-fce8-41f3-bdbd-ab287b399add",
+ "alias": "first broker login",
+ "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticatorConfig": "review profile config",
+ "authenticator": "idp-review-profile",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticatorFlow": true,
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "autheticatorFlow": true,
+ "flowAlias": "User creation or linking",
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "5e88618f-4c9b-415a-80bc-c874192a898c",
+ "alias": "forms",
+ "description": "Username, password, otp and other auth forms.",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "auth-username-password-form",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticatorFlow": true,
+ "requirement": "CONDITIONAL",
+ "priority": 20,
+ "autheticatorFlow": true,
+ "flowAlias": "Browser - Conditional OTP",
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "b048a6fe-31a4-4708-9505-0ce6c552c13b",
+ "alias": "registration",
+ "description": "registration flow",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "registration-page-form",
+ "authenticatorFlow": true,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": true,
+ "flowAlias": "registration form",
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "0257b806-81ab-44e4-a18a-89cb3d64cc76",
+ "alias": "registration form",
+ "description": "registration form",
+ "providerId": "form-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "registration-user-creation",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "registration-password-action",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 50,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "registration-recaptcha-action",
+ "authenticatorFlow": false,
+ "requirement": "DISABLED",
+ "priority": 60,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "d345f10b-2f00-4757-a970-a2a7394a0da1",
+ "alias": "reset credentials",
+ "description": "Reset credentials for a user if they forgot their password or something",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "reset-credentials-choose-user",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "reset-credential-email",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "reset-password",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 30,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticatorFlow": true,
+ "requirement": "CONDITIONAL",
+ "priority": 40,
+ "autheticatorFlow": true,
+ "flowAlias": "Reset - Conditional OTP",
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "5a15525b-1579-49b3-8eda-640dc39ccc4b",
+ "alias": "saml ecp",
+ "description": "SAML ECP Profile Authentication Flow",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "http-basic-authenticator",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ }
+ ]
+ }
+ ],
+ "authenticatorConfig": [
+ {
+ "id": "8a604d6e-5a1f-49ee-93d6-45baa0e86d23",
+ "alias": "create unique user config",
+ "config": {
+ "require.password.update.after.registration": "false"
+ }
+ },
+ {
+ "id": "9d156e3a-fb6d-4ebc-9911-9419d8f69312",
+ "alias": "review profile config",
+ "config": {
+ "update.profile.on.first.login": "missing"
+ }
+ }
+ ],
+ "requiredActions": [
+ {
+ "alias": "CONFIGURE_TOTP",
+ "name": "Configure OTP",
+ "providerId": "CONFIGURE_TOTP",
+ "enabled": true,
+ "defaultAction": false,
+ "priority": 10,
+ "config": {}
+ },
+ {
+ "alias": "TERMS_AND_CONDITIONS",
+ "name": "Terms and Conditions",
+ "providerId": "TERMS_AND_CONDITIONS",
+ "enabled": false,
+ "defaultAction": false,
+ "priority": 20,
+ "config": {}
+ },
+ {
+ "alias": "UPDATE_PASSWORD",
+ "name": "Update Password",
+ "providerId": "UPDATE_PASSWORD",
+ "enabled": true,
+ "defaultAction": false,
+ "priority": 30,
+ "config": {}
+ },
+ {
+ "alias": "UPDATE_PROFILE",
+ "name": "Update Profile",
+ "providerId": "UPDATE_PROFILE",
+ "enabled": true,
+ "defaultAction": false,
+ "priority": 40,
+ "config": {}
+ },
+ {
+ "alias": "VERIFY_EMAIL",
+ "name": "Verify Email",
+ "providerId": "VERIFY_EMAIL",
+ "enabled": true,
+ "defaultAction": false,
+ "priority": 50,
+ "config": {}
+ },
+ {
+ "alias": "delete_account",
+ "name": "Delete Account",
+ "providerId": "delete_account",
+ "enabled": false,
+ "defaultAction": false,
+ "priority": 60,
+ "config": {}
+ },
+ {
+ "alias": "webauthn-register",
+ "name": "Webauthn Register",
+ "providerId": "webauthn-register",
+ "enabled": true,
+ "defaultAction": false,
+ "priority": 70,
+ "config": {}
+ },
+ {
+ "alias": "webauthn-register-passwordless",
+ "name": "Webauthn Register Passwordless",
+ "providerId": "webauthn-register-passwordless",
+ "enabled": true,
+ "defaultAction": false,
+ "priority": 80,
+ "config": {}
+ },
+ {
+ "alias": "delete_credential",
+ "name": "Delete Credential",
+ "providerId": "delete_credential",
+ "enabled": true,
+ "defaultAction": false,
+ "priority": 100,
+ "config": {}
+ },
+ {
+ "alias": "update_user_locale",
+ "name": "Update User Locale",
+ "providerId": "update_user_locale",
+ "enabled": true,
+ "defaultAction": false,
+ "priority": 1000,
+ "config": {}
+ }
+ ],
+ "browserFlow": "browser",
+ "registrationFlow": "registration",
+ "directGrantFlow": "direct grant",
+ "resetCredentialsFlow": "reset credentials",
+ "clientAuthenticationFlow": "clients",
+ "dockerAuthenticationFlow": "docker auth",
+ "firstBrokerLoginFlow": "first broker login",
+ "attributes": {
+ "cibaBackchannelTokenDeliveryMode": "poll",
+ "cibaAuthRequestedUserHint": "login_hint",
+ "oauth2DevicePollingInterval": "5",
+ "clientOfflineSessionMaxLifespan": "0",
+ "clientSessionIdleTimeout": "0",
+ "clientOfflineSessionIdleTimeout": "0",
+ "cibaInterval": "5",
+ "realmReusableOtpCode": "false",
+ "cibaExpiresIn": "120",
+ "oauth2DeviceCodeLifespan": "600",
+ "parRequestUriLifespan": "60",
+ "clientSessionMaxLifespan": "0",
+ "frontendUrl": "",
+ "acr.loa.map": "{}"
+ },
+ "keycloakVersion": "24.0.5",
+ "userManagedAccessAllowed": false,
+ "clientProfiles": {
+ "profiles": []
+ },
+ "clientPolicies": {
+ "policies": []
+ },
+ "users": [
+ {
+ "id": "b46def26-a599-4940-a32f-e070c478750d",
+ "username": "administrationApiUser",
+ "firstName": "Vorname",
+ "lastName": "Nachname",
+ "enabled": true,
+ "credentials": [
+ {
+ "type": "password",
+ "value": "administrationApiUser"
+ }
+ ],
+ "clientRoles": {
+ "realm-management": [
+ "view-users",
+ "manage-users"
+ ]
+ }
+ },
+ {
+ "id": "90748555-7894-4854-8292-1f6106826962",
+ "username": "dorothea",
+ "firstName": "Dorothea",
+ "lastName": "Doe",
+ "email": "dorothea@test.local",
+ "enabled": true,
+ "credentials": [
+ {
+ "type": "password",
+ "value": "localTestUser"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file