From 22d0f57780bbbb6c339146734c653ed5e3cc5977 Mon Sep 17 00:00:00 2001 From: fiodarsazanavets Date: Mon, 1 Dec 2025 19:24:49 +0000 Subject: [PATCH] Add Keycloak components to the Host app in the Keycloak example --- .../OnlineShop/OnlineShop.AppHost/AppHost.cs | 45 +- .../Extensions/KeycloakHostingExtensions.cs | 86 + .../OnlineShop.AppHost/Keycloak/import.json | 2121 +++++++++++++++++ .../OnlineShop.ServiceDefaults/Extensions.cs | 9 + 4 files changed, 2257 insertions(+), 4 deletions(-) create mode 100644 AppWithKeycloakAuth/OnlineShop/OnlineShop.AppHost/Extensions/KeycloakHostingExtensions.cs create mode 100644 AppWithKeycloakAuth/OnlineShop/OnlineShop.AppHost/Keycloak/import.json diff --git a/AppWithKeycloakAuth/OnlineShop/OnlineShop.AppHost/AppHost.cs b/AppWithKeycloakAuth/OnlineShop/OnlineShop.AppHost/AppHost.cs index 1152f9b..8e8e083 100644 --- a/AppWithKeycloakAuth/OnlineShop/OnlineShop.AppHost/AppHost.cs +++ b/AppWithKeycloakAuth/OnlineShop/OnlineShop.AppHost/AppHost.cs @@ -1,12 +1,49 @@ +using Microsoft.Extensions.Hosting; +using OnlineShop.AppHost.Extensions; + var builder = DistributedApplication.CreateBuilder(args); -var apiService = builder.AddProject("apiservice") - .WithHttpHealthCheck("/health"); +var idp = builder.AddKeycloakContainer( + "idp", tag: "23.0") + .ImportRealms("Keycloak") + .WithExternalHttpEndpoints(); -builder.AddProject("webfrontend") + +var apiService = builder.AddProject("apiservice") + .WithHttpHealthCheck("/health") + .WithReference(idp) + .WaitFor(idp); + + +var webFrontend = builder + .AddProject("webfrontend") .WithExternalHttpEndpoints() .WithHttpHealthCheck("/health") .WithReference(apiService) - .WaitFor(apiService); + .WithReference(idp, env: "Identity__ClientSecret") + .WaitFor(idp); + +if (builder.Environment.IsDevelopment()) +{ + var webAppHttp = webFrontend.GetEndpoint("http"); + var webAppHttps = webFrontend.GetEndpoint("https"); + + idp.WithEnvironment("WEBAPP_HTTP", () => + $"{webAppHttp.Scheme}://{webAppHttp.Host}:{webAppHttp.Port}"); + + if (webAppHttps.Exists) + { + idp.WithEnvironment("WEBAPP_HTTP_CONTAINERHOST", + webAppHttps); + idp.WithEnvironment("WEBAPP_HTTPS", () => + $"{webAppHttps.Scheme}://{webAppHttps.Host}:{webAppHttps.Port}"); + } + else + { + idp.WithEnvironment("WEBAPP_HTTP_CONTAINERHOST", + webAppHttp); + } +} + builder.Build().Run(); diff --git a/AppWithKeycloakAuth/OnlineShop/OnlineShop.AppHost/Extensions/KeycloakHostingExtensions.cs b/AppWithKeycloakAuth/OnlineShop/OnlineShop.AppHost/Extensions/KeycloakHostingExtensions.cs new file mode 100644 index 0000000..6e0468e --- /dev/null +++ b/AppWithKeycloakAuth/OnlineShop/OnlineShop.AppHost/Extensions/KeycloakHostingExtensions.cs @@ -0,0 +1,86 @@ +namespace OnlineShop.AppHost.Extensions; + +internal static class KeycloakHostingExtensions +{ + public static IResourceBuilder WithReference( + this IResourceBuilder builder, + IResourceBuilder keycloakBuilder, + string env) where TResource : IResourceWithEnvironment + { + builder.WithReference(keycloakBuilder); + builder.WithEnvironment( + env, keycloakBuilder.Resource.ClientSecret); + + return builder; + } + + public static IResourceBuilder AddKeycloakContainer( + this IDistributedApplicationBuilder builder, + string name, + int? port = null, + string? tag = null) + { + var keycloakContainer = new KeycloakResource(name) + { + ClientSecret = "some_secret" + }; + + var keycloak = builder.AddResource(keycloakContainer) + .WithAnnotation(new ContainerImageAnnotation + { + Registry = "quay.io", + Image = "keycloak/keycloak", + Tag = tag ?? "latest" + }) + .WithHttpEndpoint(port: port, targetPort: 8080) + .WithEnvironment("KEYCLOAK_ADMIN", "admin") + .WithEnvironment("KEYCLOAK_ADMIN_PASSWORD", "admin") + .WithEnvironment("WEBAPP_CLIENT_SECRET", keycloakContainer.ClientSecret); + + if (builder.ExecutionContext.IsRunMode) + { + keycloak.WithArgs("start-dev"); + } + else + { + keycloak.WithArgs("start"); + } + + return keycloak; + } + + public static IResourceBuilder + ImportRealms(this IResourceBuilder + builder, string source) + { + builder + .WithBindMount(source, + "/opt/keycloak/data/import") + .WithAnnotation( + new CommandLineArgsCallbackAnnotation( + args => + { + args.Clear(); + if (builder.ApplicationBuilder + .ExecutionContext.IsRunMode) + { + args.Add("start-dev"); + } + else + { + args.Add("start"); + } + args.Add("--import-realm"); + })); + + return builder; + } +} + +internal class KeycloakResource(string name) : + ContainerResource(name), + IResourceWithServiceDiscovery +{ + public string? ClientSecret { get; set; } +} + diff --git a/AppWithKeycloakAuth/OnlineShop/OnlineShop.AppHost/Keycloak/import.json b/AppWithKeycloakAuth/OnlineShop/OnlineShop.AppHost/Keycloak/import.json new file mode 100644 index 0000000..649dcf0 --- /dev/null +++ b/AppWithKeycloakAuth/OnlineShop/OnlineShop.AppHost/Keycloak/import.json @@ -0,0 +1,2121 @@ +{ + "id": "e3a46e00-f700-4eaa-b1d3-6aad1045be73", + "realm": "OnlineShop", + "displayName": "", + "displayNameHtml": "", + "notBefore": 0, + "defaultSignatureAlgorithm": "RS256", + "revokeRefreshToken": false, + "refreshTokenMaxReuse": 0, + "accessTokenLifespan": 300, + "accessTokenLifespanForImplicitFlow": 900, + "ssoSessionIdleTimeout": 1800, + "ssoSessionMaxLifespan": 36000, + "ssoSessionIdleTimeoutRememberMe": 0, + "ssoSessionMaxLifespanRememberMe": 0, + "offlineSessionIdleTimeout": 2592000, + "offlineSessionMaxLifespanEnabled": false, + "offlineSessionMaxLifespan": 5184000, + "clientSessionIdleTimeout": 0, + "clientSessionMaxLifespan": 0, + "clientOfflineSessionIdleTimeout": 0, + "clientOfflineSessionMaxLifespan": 0, + "accessCodeLifespan": 60, + "accessCodeLifespanUserAction": 300, + "accessCodeLifespanLogin": 1800, + "actionTokenGeneratedByAdminLifespan": 43200, + "actionTokenGeneratedByUserLifespan": 300, + "oauth2DeviceCodeLifespan": 600, + "oauth2DevicePollingInterval": 5, + "enabled": true, + "sslRequired": "external", + "registrationAllowed": true, + "registrationEmailAsUsername": true, + "rememberMe": false, + "verifyEmail": false, + "loginWithEmailAllowed": true, + "duplicateEmailsAllowed": false, + "resetPasswordAllowed": false, + "editUsernameAllowed": false, + "bruteForceProtected": false, + "permanentLockout": false, + "maxFailureWaitSeconds": 900, + "minimumQuickLoginWaitSeconds": 60, + "waitIncrementSeconds": 60, + "quickLoginCheckMilliSeconds": 1000, + "maxDeltaTimeSeconds": 43200, + "failureFactor": 30, + "roles": { + "realm": [ + { + "id": "fbab7668-d3db-44d7-9c41-f54ef80d1f60", + "name": "uma_authorization", + "description": "${role_uma_authorization}", + "composite": false, + "clientRole": false, + "containerId": "e3a46e00-f700-4eaa-b1d3-6aad1045be73", + "attributes": {} + }, + { + "id": "843ea8cf-34fa-4e7d-a28a-181252a553aa", + "name": "offline_access", + "description": "${role_offline-access}", + "composite": false, + "clientRole": false, + "containerId": "e3a46e00-f700-4eaa-b1d3-6aad1045be73", + "attributes": {} + }, + { + "id": "b2fa8449-be5e-4cde-8771-74e028be70ea", + "name": "default-roles-onlineshop", + "description": "${role_default-roles}", + "composite": true, + "composites": { + "realm": [ "offline_access", "uma_authorization" ], + "client": { + "account": [ "view-profile", "manage-account" ] + } + }, + "clientRole": false, + "containerId": "e3a46e00-f700-4eaa-b1d3-6aad1045be73", + "attributes": {} + } + ], + "client": { + "webapp": [ + { + "id": "7139816d-84aa-427a-b7ca-b020e9b8b6e5", + "name": "uma_protection", + "composite": false, + "clientRole": true, + "containerId": "cc5ff175-d0b3-4759-8b01-49e60dfa9269", + "attributes": {} + } + ], + "realm-management": [ + { + "id": "8175000f-6ed7-4854-8d33-0aefdb634d37", + "name": "manage-users", + "description": "${role_manage-users}", + "composite": false, + "clientRole": true, + "containerId": "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", + "attributes": {} + }, + { + "id": "18ef8a22-f1d4-43e2-aea8-56e464fdcbc1", + "name": "view-users", + "description": "${role_view-users}", + "composite": true, + "composites": { + "client": { + "realm-management": [ "query-groups", "query-users" ] + } + }, + "clientRole": true, + "containerId": "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", + "attributes": {} + }, + { + "id": "34eeeecc-6e38-4fa7-9b9a-5396984beb70", + "name": "create-client", + "description": "${role_create-client}", + "composite": false, + "clientRole": true, + "containerId": "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", + "attributes": {} + }, + { + "id": "1b982c51-ce1d-458a-8f87-dc473dee86c8", + "name": "query-clients", + "description": "${role_query-clients}", + "composite": false, + "clientRole": true, + "containerId": "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", + "attributes": {} + }, + { + "id": "740a92df-796f-4b13-80f1-5d8ddc1234fa", + "name": "view-realm", + "description": "${role_view-realm}", + "composite": false, + "clientRole": true, + "containerId": "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", + "attributes": {} + }, + { + "id": "000b2e2a-4eb2-4d43-b759-1aae49784d41", + "name": "query-realms", + "description": "${role_query-realms}", + "composite": false, + "clientRole": true, + "containerId": "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", + "attributes": {} + }, + { + "id": "daa9c3f8-37b1-4e75-a0b6-714fbc255e7a", + "name": "view-events", + "description": "${role_view-events}", + "composite": false, + "clientRole": true, + "containerId": "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", + "attributes": {} + }, + { + "id": "f3ca11fc-8037-495a-be86-6b0edde4158a", + "name": "query-users", + "description": "${role_query-users}", + "composite": false, + "clientRole": true, + "containerId": "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", + "attributes": {} + }, + { + "id": "4af47186-68b1-4629-8189-ccf2893a5986", + "name": "manage-clients", + "description": "${role_manage-clients}", + "composite": false, + "clientRole": true, + "containerId": "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", + "attributes": {} + }, + { + "id": "30eaf565-6c5e-4173-bed9-66bd676838c5", + "name": "manage-authorization", + "description": "${role_manage-authorization}", + "composite": false, + "clientRole": true, + "containerId": "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", + "attributes": {} + }, + { + "id": "74c174ee-9aad-442a-9497-76aec3ab0c4f", + "name": "manage-realm", + "description": "${role_manage-realm}", + "composite": false, + "clientRole": true, + "containerId": "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", + "attributes": {} + }, + { + "id": "a16beadc-0c9c-4cbe-a31b-a6b33f8a74c0", + "name": "view-identity-providers", + "description": "${role_view-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", + "attributes": {} + }, + { + "id": "1dc381e7-0e24-44d7-92e4-d8edc8892ba3", + "name": "manage-events", + "description": "${role_manage-events}", + "composite": false, + "clientRole": true, + "containerId": "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", + "attributes": {} + }, + { + "id": "7389a745-41fe-4c87-bbd8-b6751e41cb0d", + "name": "manage-identity-providers", + "description": "${role_manage-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", + "attributes": {} + }, + { + "id": "dfcb55ac-6048-4633-8390-76a92dc01ff8", + "name": "view-authorization", + "description": "${role_view-authorization}", + "composite": false, + "clientRole": true, + "containerId": "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", + "attributes": {} + }, + { + "id": "1a7f77d3-ad95-402b-a13a-e99290b120cc", + "name": "impersonation", + "description": "${role_impersonation}", + "composite": false, + "clientRole": true, + "containerId": "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", + "attributes": {} + }, + { + "id": "86f91729-f0a4-474a-828a-783acaa70ee6", + "name": "query-groups", + "description": "${role_query-groups}", + "composite": false, + "clientRole": true, + "containerId": "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", + "attributes": {} + }, + { + "id": "7e77d988-3a49-4f94-b770-36717a3a67a0", + "name": "realm-admin", + "description": "${role_realm-admin}", + "composite": true, + "composites": { + "client": { + "realm-management": [ "manage-users", "view-users", "query-clients", "create-client", "view-realm", "query-realms", "view-events", "query-users", "manage-clients", "manage-authorization", "manage-realm", "view-identity-providers", "manage-events", "manage-identity-providers", "view-authorization", "impersonation", "view-clients", "query-groups" ] + } + }, + "clientRole": true, + "containerId": "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", + "attributes": {} + }, + { + "id": "447bd792-fbfa-4a8d-bbfb-9c8c4fa55bbe", + "name": "view-clients", + "description": "${role_view-clients}", + "composite": true, + "composites": { + "client": { + "realm-management": [ "query-clients" ] + } + }, + "clientRole": true, + "containerId": "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", + "attributes": {} + } + ], + "security-admin-console": [], + "admin-cli": [], + "account-console": [], + "broker": [ + { + "id": "4976b16a-a2e9-4738-b2dc-0e7a28679300", + "name": "read-token", + "description": "${role_read-token}", + "composite": false, + "clientRole": true, + "containerId": "1790c30e-7010-4d4f-bc3b-181a65868873", + "attributes": {} + } + ], + "account": [ + { + "id": "e39429fa-1cec-4595-908d-e0c53e9f9c6c", + "name": "view-applications", + "description": "${role_view-applications}", + "composite": false, + "clientRole": true, + "containerId": "82385f82-f986-49fe-a512-5a8ea45f09ee", + "attributes": {} + }, + { + "id": "61c7e1eb-6fe7-4cf5-9538-4975f4c0321c", + "name": "delete-account", + "description": "${role_delete-account}", + "composite": false, + "clientRole": true, + "containerId": "82385f82-f986-49fe-a512-5a8ea45f09ee", + "attributes": {} + }, + { + "id": "d3d3938b-9c19-4261-9105-c77426dcf984", + "name": "view-consent", + "description": "${role_view-consent}", + "composite": false, + "clientRole": true, + "containerId": "82385f82-f986-49fe-a512-5a8ea45f09ee", + "attributes": {} + }, + { + "id": "de1829b1-0c28-4ef2-b6d6-59d412086da6", + "name": "manage-account-links", + "description": "${role_manage-account-links}", + "composite": false, + "clientRole": true, + "containerId": "82385f82-f986-49fe-a512-5a8ea45f09ee", + "attributes": {} + }, + { + "id": "9a4e43f4-28fe-4182-a916-8b0270dbd5c6", + "name": "manage-consent", + "description": "${role_manage-consent}", + "composite": true, + "composites": { + "client": { + "account": [ "view-consent" ] + } + }, + "clientRole": true, + "containerId": "82385f82-f986-49fe-a512-5a8ea45f09ee", + "attributes": {} + }, + { + "id": "7d24e973-1015-4b85-9246-aaa0fc8ef71e", + "name": "view-profile", + "description": "${role_view-profile}", + "composite": false, + "clientRole": true, + "containerId": "82385f82-f986-49fe-a512-5a8ea45f09ee", + "attributes": {} + }, + { + "id": "8f10d2cc-ccdf-41f0-b5f2-2c1226b2e182", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "82385f82-f986-49fe-a512-5a8ea45f09ee", + "attributes": {} + }, + { + "id": "4497bf44-3add-482d-b081-ce0c8e2c4d55", + "name": "manage-account", + "description": "${role_manage-account}", + "composite": true, + "composites": { + "client": { + "account": [ "manage-account-links" ] + } + }, + "clientRole": true, + "containerId": "82385f82-f986-49fe-a512-5a8ea45f09ee", + "attributes": {} + } + ] + } + }, + "groups": [], + "defaultRole": { + "id": "b2fa8449-be5e-4cde-8771-74e028be70ea", + "name": "default-roles-onlineshop", + "description": "${role_default-roles}", + "composite": true, + "clientRole": false, + "containerId": "e3a46e00-f700-4eaa-b1d3-6aad1045be73" + }, + "requiredCredentials": [ "password" ], + "otpPolicyType": "totp", + "otpPolicyAlgorithm": "HmacSHA1", + "otpPolicyInitialCounter": 0, + "otpPolicyDigits": 6, + "otpPolicyLookAheadWindow": 1, + "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, + "otpSupportedApplications": [ "totpAppFreeOTPName", "totpAppGoogleName", "totpAppMicrosoftAuthenticatorName" ], + "localizationTexts": {}, + "webAuthnPolicyRpEntityName": "keycloak", + "webAuthnPolicySignatureAlgorithms": [ "ES256" ], + "webAuthnPolicyRpId": "", + "webAuthnPolicyAttestationConveyancePreference": "not specified", + "webAuthnPolicyAuthenticatorAttachment": "not specified", + "webAuthnPolicyRequireResidentKey": "not specified", + "webAuthnPolicyUserVerificationRequirement": "not specified", + "webAuthnPolicyCreateTimeout": 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyAcceptableAaguids": [], + "webAuthnPolicyExtraOrigins": [], + "webAuthnPolicyPasswordlessRpEntityName": "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms": [ "ES256" ], + "webAuthnPolicyPasswordlessRpId": "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", + "webAuthnPolicyPasswordlessCreateTimeout": 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyPasswordlessAcceptableAaguids": [], + "webAuthnPolicyPasswordlessExtraOrigins": [], + "users": [ + { + "id": "dacfbd28-991c-43d8-bd9a-36e73095fd73", + "createdTimestamp": 1705700546001, + "username": "service-account-webapp", + "enabled": true, + "totp": false, + "emailVerified": false, + "serviceAccountClientId": "webapp", + "credentials": [], + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": [ "default-roles-onlineshop" ], + "clientRoles": { + "webapp": [ "uma_protection" ] + }, + "notBefore": 0, + "groups": [] + }, + { + "id": "179dc1ef-e1ea-4488-95d8-25966c51dbe7", + "createdTimestamp": 1706043756945, + "username": "test@example.com", + "enabled": true, + "totp": false, + "emailVerified": true, + "firstName": "Test", + "lastName": "User", + "email": "test@example.com", + "credentials": [ + { + "id": "b3303049-ca64-4b2e-8e54-f8ba68cb1dd3", + "type": "password", + "userLabel": "My password", + "createdDate": 1706043767385, + "secretData": "{\"value\":\"yiJD8l5ry2Cod9AUvrkku/W/dYpJrRP3e7AYKw+zFpE=\",\"salt\":\"EJ6jMyRlQOGqUmWDq493qw==\",\"additionalParameters\":{}}", + "credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } + ], + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": [ "default-roles-onlineshop" ], + "notBefore": 0, + "groups": [] + } + ], + "scopeMappings": [ + { + "clientScope": "offline_access", + "roles": [ "offline_access" ] + } + ], + "clientScopeMappings": { + "account": [ + { + "client": "account-console", + "roles": [ "manage-account", "view-groups" ] + } + ] + }, + "clients": [ + { + "id": "82385f82-f986-49fe-a512-5a8ea45f09ee", + "clientId": "account", + "name": "${client_account}", + "rootUrl": "${authBaseUrl}", + "baseUrl": "/realms/onlineshop/account/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ "/realms/onlineshop/account/*" ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ "web-origins", "acr", "profile", "roles", "email" ], + "optionalClientScopes": [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, + { + "id": "d84cf061-eeeb-4675-b0d0-5cd609bc44c6", + "clientId": "account-console", + "name": "${client_account-console}", + "rootUrl": "${authBaseUrl}", + "baseUrl": "/realms/onlineshop/account/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ "/realms/onlineshop/account/*" ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+", + "pkce.code.challenge.method": "S256" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "6abcbb09-2122-4bbb-91f4-4c61c8abff65", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": {} + } + ], + "defaultClientScopes": [ "web-origins", "acr", "profile", "roles", "email" ], + "optionalClientScopes": [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, + { + "id": "f63db859-cf66-42f4-9ce0-1d40ca5c922c", + "clientId": "admin-cli", + "name": "${client_admin-cli}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ "web-origins", "acr", "profile", "roles", "email" ], + "optionalClientScopes": [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, + { + "id": "1790c30e-7010-4d4f-bc3b-181a65868873", + "clientId": "broker", + "name": "${client_broker}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ "web-origins", "acr", "profile", "roles", "email" ], + "optionalClientScopes": [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, + { + "id": "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", + "clientId": "realm-management", + "name": "${client_realm-management}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ "web-origins", "acr", "profile", "roles", "email" ], + "optionalClientScopes": [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, + { + "id": "e6a9aea6-f8d4-40f6-a832-6537fce8791e", + "clientId": "security-admin-console", + "name": "${client_security-admin-console}", + "rootUrl": "${authAdminUrl}", + "baseUrl": "/admin/onlineshop/console/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ "/admin/onlineshop/console/*" ], + "webOrigins": [ "+" ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+", + "pkce.code.challenge.method": "S256" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "ad67051f-d487-417e-9375-f6563ee86ddf", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ "web-origins", "acr", "profile", "roles", "email" ], + "optionalClientScopes": [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, + { + "id": "cc5ff175-d0b3-4759-8b01-49e60dfa9269", + "clientId": "webapp", + "name": "Online Shop Front-end", + "description": "The frontend web site of the online shop.", + "rootUrl": "${WEBAPP_HTTPS}", + "adminUrl": "${WEBAPP_HTTPS_CONTAINERHOST}", + "baseUrl": "${WEBAPP_HTTPS}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "${WEBAPP_CLIENT_SECRET}", + "redirectUris": [ "${WEBAPP_HTTP}/*", "${WEBAPP_HTTPS}/*" ], + "webOrigins": [ "${WEBAPP_HTTPS}", "${WEBAPP_HTTP}" ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": true, + "publicClient": false, + "frontchannelLogout": true, + "protocol": "openid-connect", + "attributes": { + "oidc.ciba.grant.enabled": "false", + "client.secret.creation.time": "1705700546", + "backchannel.logout.session.required": "true", + "post.logout.redirect.uris": "+", + "oauth2.device.authorization.grant.enabled": "false", + "display.on.consent.screen": "false", + "backchannel.logout.revoke.offline.tokens": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "protocolMappers": [ + { + "id": "46526429-fa70-4518-9512-089a9830f179", + "name": "Client Host", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientHost", + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientHost", + "jsonType.label": "String" + } + }, + { + "id": "9eee2065-3d31-4621-be61-b83f05f2c113", + "name": "Client ID", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "client_id", + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "client_id", + "jsonType.label": "String" + } + }, + { + "id": "4951c816-a177-4193-b714-585b0bb23ab5", + "name": "Client IP Address", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientAddress", + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientAddress", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ "web-origins", "acr", "profile", "roles", "email" ], + "optionalClientScopes": [ "address", "phone", "offline_access", "microprofile-jwt" ] + } + ], + "clientScopes": [ + { + "id": "4d6f4264-5a7e-4d41-894c-6b721f14fd1f", + "name": "address", + "description": "OpenID Connect built-in scope: address", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${addressScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "c5d42bda-8b7c-4da7-9ef7-e27b8c5078c6", + "name": "address", + "protocol": "openid-connect", + "protocolMapper": "oidc-address-mapper", + "consentRequired": false, + "config": { + "user.attribute.formatted": "formatted", + "user.attribute.country": "country", + "introspection.token.claim": "true", + "user.attribute.postal_code": "postal_code", + "userinfo.token.claim": "true", + "user.attribute.street": "street", + "id.token.claim": "true", + "user.attribute.region": "region", + "access.token.claim": "true", + "user.attribute.locality": "locality" + } + } + ] + }, + { + "id": "bbb1ecc5-64ba-4013-a020-49b0a9059bb2", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "1230fed0-b7d3-4868-b286-cd25b8158c83", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "introspection.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + } + ] + }, + { + "id": "5ad804f6-d175-4b97-81dd-b9091071b9e4", + "name": "phone", + "description": "OpenID Connect built-in scope: phone", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${phoneScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "f28975dc-48c3-463f-aa6a-e999945d4566", + "name": "phone number verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "phoneNumberVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number_verified", + "jsonType.label": "boolean" + } + }, + { + "id": "d50e7819-b86f-4a84-a8d2-262898f2d672", + "name": "phone number", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "phoneNumber", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "c217f089-d24b-44b0-98b6-6303245f8522", + "name": "microprofile-jwt", + "description": "Microprofile - JWT built-in scope", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "d89fa246-7ba8-45f8-b939-c6d7356a5023", + "name": "groups", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "multivalued": "true", + "userinfo.token.claim": "true", + "user.attribute": "foo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "groups", + "jsonType.label": "String" + } + }, + { + "id": "2954c68d-8cc5-47bb-a9ef-d333dfcf3c77", + "name": "upn", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "upn", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "184dd52a-5636-41fe-85fa-af2da1f7f6b7", + "name": "offline_access", + "description": "OpenID Connect built-in scope: offline_access", + "protocol": "openid-connect", + "attributes": { + "consent.screen.text": "${offlineAccessScopeConsentText}", + "display.on.consent.screen": "true" + } + }, + { + "id": "59aa61dd-72ff-4704-9325-11f6ba53851f", + "name": "profile", + "description": "OpenID Connect built-in scope: profile", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${profileScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "fad20c96-7d8a-463a-8f6a-727773944804", + "name": "website", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "website", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "website", + "jsonType.label": "String" + } + }, + { + "id": "c03a7a4c-b782-46ae-a8ec-9b91025d839d", + "name": "picture", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "picture", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "picture", + "jsonType.label": "String" + } + }, + { + "id": "a0d80a57-d8fa-43ee-82de-767206df9d6b", + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "introspection.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + }, + { + "id": "3fd24bf3-12c3-4cf7-9d94-28062fd680d9", + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String" + } + }, + { + "id": "a19b2bf4-72bb-4f1a-bebb-527e31e9b8b5", + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" + } + }, + { + "id": "bf4408ed-ce03-4f80-9692-d60ef65273c3", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + }, + { + "id": "8889c81d-8b9b-4a2d-8a1b-d1c6c10e8c84", + "name": "updated at", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "updatedAt", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "updated_at", + "jsonType.label": "long" + } + }, + { + "id": "fb83d607-738b-41d6-9c8f-d08071d11464", + "name": "zoneinfo", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "zoneinfo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "zoneinfo", + "jsonType.label": "String" + } + }, + { + "id": "3df5bab8-69b4-44f6-befb-d4001916ddd4", + "name": "nickname", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "nickname", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "nickname", + "jsonType.label": "String" + } + }, + { + "id": "5ae11355-d1be-44cd-b2d8-2537a1e5e984", + "name": "profile", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "profile", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "profile", + "jsonType.label": "String" + } + }, + { + "id": "ae4e1524-c240-4772-a91d-72de9f0b82ed", + "name": "middle name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "middleName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "middle_name", + "jsonType.label": "String" + } + }, + { + "id": "a186371f-41c6-4ee5-9865-b33d4ec4d6ae", + "name": "birthdate", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "birthdate", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "birthdate", + "jsonType.label": "String" + } + }, + { + "id": "9680ed4a-bd76-45ea-975f-b4823f4ea8ea", + "name": "gender", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "gender", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "gender", + "jsonType.label": "String" + } + }, + { + "id": "8d6bc914-cece-48aa-a526-a81ed35fcc31", + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "fef101d5-9102-43b8-9637-305a855b71f0", + "name": "roles", + "description": "OpenID Connect scope for add user roles to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "true", + "consent.screen.text": "${rolesScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "8f8a54b6-84d9-40ca-9c07-7ce88984fc94", + "name": "client roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-client-role-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "multivalued": "true", + "user.attribute": "foo", + "access.token.claim": "true", + "claim.name": "resource_access.${client_id}.roles", + "jsonType.label": "String" + } + }, + { + "id": "56f89059-4148-4da4-93b9-1bbc6ac46582", + "name": "realm roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "multivalued": "true", + "user.attribute": "foo", + "access.token.claim": "true", + "claim.name": "realm_access.roles", + "jsonType.label": "String" + } + }, + { + "id": "f7236b18-36b1-4399-9c97-ddf91eba416c", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, + { + "id": "0a990de4-2a3e-4f1e-99d4-bcb537a3f075", + "name": "role_list", + "description": "SAML role list", + "protocol": "saml", + "attributes": { + "consent.screen.text": "${samlRoleListScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "349bab94-cc2b-4eb7-ac79-feff39fedb23", + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", + "consentRequired": false, + "config": { + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" + } + } + ] + }, + { + "id": "b2b378a9-9281-425e-a999-8dd83c13c2a3", + "name": "web-origins", + "description": "OpenID Connect scope for add allowed web origins to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false", + "consent.screen.text": "" + }, + "protocolMappers": [ + { + "id": "b415ee06-6f2b-445e-b199-4d2a2922517f", + "name": "allowed web origins", + "protocol": "openid-connect", + "protocolMapper": "oidc-allowed-origins-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, + { + "id": "1a2dc2f6-541a-4193-98e4-e5fade1d5aa1", + "name": "email", + "description": "OpenID Connect built-in scope: email", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${emailScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "55dca1fe-9de3-424e-9436-0b14f467278a", + "name": "email verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "emailVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email_verified", + "jsonType.label": "boolean" + } + }, + { + "id": "33d86ba4-b262-4ce2-a799-46295ad42e4b", + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + } + ] + } + ], + "defaultDefaultClientScopes": [ "role_list", "profile", "email", "roles", "web-origins", "acr" ], + "defaultOptionalClientScopes": [ "offline_access", "address", "phone", "microprofile-jwt" ], + "browserSecurityHeaders": { + "contentSecurityPolicyReportOnly": "", + "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", + "xRobotsTag": "none", + "xFrameOptions": "SAMEORIGIN", + "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "xXSSProtection": "1; mode=block", + "strictTransportSecurity": "max-age=31536000; includeSubDomains" + }, + "smtpServer": {}, + "eventsEnabled": false, + "eventsListeners": [ "jboss-logging" ], + "enabledEventTypes": [], + "adminEventsEnabled": false, + "adminEventsDetailsEnabled": false, + "identityProviders": [], + "identityProviderMappers": [], + "components": { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ + { + "id": "d76d70d8-c946-40ef-bc18-3ca80ea8b781", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ "oidc-sha256-pairwise-sub-mapper", "saml-role-list-mapper", "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper", "saml-user-attribute-mapper", "saml-user-property-mapper", "oidc-address-mapper", "oidc-full-name-mapper" ] + } + }, + { + "id": "401f7a9a-dd5e-488c-b0a5-54c57eda7c20", + "name": "Max Clients Limit", + "providerId": "max-clients", + "subType": "anonymous", + "subComponents": {}, + "config": { + "max-clients": [ "200" ] + } + }, + { + "id": "a4f879fb-d9dc-44ff-b1c9-4d8348661e0f", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ "oidc-sha256-pairwise-sub-mapper", "oidc-address-mapper", "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", "saml-role-list-mapper", "saml-user-property-mapper", "oidc-full-name-mapper", "saml-user-attribute-mapper" ] + } + }, + { + "id": "ab7c9148-c423-4d14-bbba-855f66b42f0b", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allow-default-scopes": [ "true" ] + } + }, + { + "id": "ab28a974-5033-4cfb-afc5-4d97eaa77d60", + "name": "Consent Required", + "providerId": "consent-required", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "c9ef1ede-c8c2-4e8e-b642-9c9e845e2934", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "09209618-692e-4096-95a2-4a05fbe1e9b7", + "name": "Trusted Hosts", + "providerId": "trusted-hosts", + "subType": "anonymous", + "subComponents": {}, + "config": { + "host-sending-registration-request-must-match": [ "true" ], + "client-uris-must-match": [ "true" ] + } + }, + { + "id": "926a494c-2953-4438-ad8d-317e8bf3295a", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allow-default-scopes": [ "true" ] + } + } + ], + "org.keycloak.keys.KeyProvider": [ + { + "id": "333de0f6-bb1c-4238-a1dd-e43b65a09581", + "name": "hmac-generated", + "providerId": "hmac-generated", + "subComponents": {}, + "config": { + "kid": [ "ec612b91-0743-4a46-ae8c-33eac6d2789e" ], + "secret": [ "nFxwBormOnVZmZD-ke6celfilCz3_8FH2aJjkAcrjD2Mf2bCToWHfw9UotBDSVAvzFSe48xsFQPcH0RhJuXy5Q" ], + "priority": [ "100" ], + "algorithm": [ "HS256" ] + } + }, + { + "id": "8885abef-6d08-4b9a-86b1-58700debad31", + "name": "aes-generated", + "providerId": "aes-generated", + "subComponents": {}, + "config": { + "kid": [ "212a094b-5982-4d80-abc1-3ab1c01c9e7a" ], + "secret": [ "-lwEU7xr0Fwvf98NT2hpIw" ], + "priority": [ "100" ] + } + }, + { + "id": "b7928cd4-b13c-4f0b-a074-bee92efdc238", + "name": "rsa-enc-generated", + "providerId": "rsa-enc-generated", + "subComponents": {}, + "config": { + "privateKey": [ "MIIEpAIBAAKCAQEA2PKapA1XrBh4GY3LMzGRJUeLzna0K11I5/3MIOnTnkXW2LLOXdn2GnM1rahPmB4/YRHPoOelbKaD5RPu1gpFy7HWpayy6539cjVMB3vG6mAC/nESXB6TIoLe7rbOILSCvmOef/FwkenCco2xEsLTW5XzCgJUE83TtEa3mq9+1ZNNinDXI67UaovaJpdHt08i2RS8fs/5mzVUZTSppUbI4j/SW4cF9iho3RvwTjpMZhUS3tLZYWBiluPdIRTy/Ktg697rzdJ5N0CtM/kEnTM84CxiD6HMMkRRDROI+R9HbkOB4W51Z9oie/IVZiRIyTZFNAE/ZRBuYxx3O+13QYP1UQIDAQABAoIBAAF2JO+M/XW11n1JlMBcCZ/IKxtxdkZCgx64+XqRSLEsxEVCcxxzvvIvq4FnfF3IemHThmQNm3Ivbv0IlNfRSuYT5R/JmYz3zADMdh4oyc7DZdHD/j0roY8edZUDG0FiJe1Va3huLnV1Ly+pX7OCJ31a9b+wA1P803vH7C25F/AlYjeJpMnJ1w3lUGe0DKx30ktmP0ydCsp68Fyizw8o8wjHZwDvbMQhAS2vCVFSMub/4vKTxt96DSb2ePqRtnaCVhjjkdLs/SgUSuIcDDV8fhcH7uViR2zpGIS2wTTObWoYwSwDd/tINkdIvTzq3zvVfYi61Wjrkvrq0BhHW8/5aykCgYEA85BPInjB3Ve//snq5exzuZSNmQuUOuT4QojDGbd5A4SwkM2V+PgB0SD4hgts3tJcTVWJSJb/w4K0vwyZrN08n9CB2NfQw+VRVgtAHlyQPVSSdP+7j3bbZPgaMHKb5o/xP70Ahiz4gNHv/vdNB+Hfd/J7r8JHi2hyOSvFtkr19/0CgYEA5AZjnmIUxoUZ9gZNpjQZ4b8j3tHW6HKNwmEg2eB2ZGZLQDLyrGsBA8QhrLxFCSZBEKWRyONav4qwdL35Xu1ki6GAB/JYowP5zKI9NWGSI3taL49c7OTbMTGEjdXfvC3zlqTIZICj1+GppiSOr4ix6dSWld3wFW4saOsSiWUroOUCgYEAiKCL859fyKU/u1JTJVUleZXedFqtdPgaV2BWaSelh5a4YRIiLb4ZbtGa976S/M9uHad80i56HJdGguEzl2enaVLSc+xkXG9X1/eJqT5tXyoA2gbWlNysp5ARSNoRoB1gzEtebuXtJH4frZvWJzTKYYOxZF+MOKSHZpCqYN7d6ZUCgYAxjJXfF88N6GRgyrPa1t186Y0A4TZC4omdYH/D+Huhi3z0oV2MS+A3kkoDABI8T7y5wlCwh37zuk5nv9RNZWaA1QI+N9I88iM47VRBokcgQLCzPwLhU0WyJeF49K2edZnF9V66QB3aTmYP/UeoKxsGBbUHMef2sC8kSViI1JwrZQKBgQCNc4OuZXq6AFe4q2QAnQh4hNW1hOqDD+q4PB2SJw8JKJINUVwa9JnuheTPuItAdfbdlJzMUKNk39UF/XIBX8+vcvqMdjsHqPlsSpPWGiGn6OvPWohi2Jfmubr1/+o1Y373e4dSRXTsLROQDI0fPe5DeJjQ32J4+LxPg6PMJxQCGg==" ], + "keyUse": [ "ENC" ], + "certificate": [ "MIICmTCCAYECBgGNI6tPDDANBgkqhkiG9w0BAQsFADAQMQ4wDAYDVQQDDAVlU2hvcDAeFw0yNDAxMTkyMTM5MDVaFw0zNDAxMTkyMTQwNDVaMBAxDjAMBgNVBAMMBWVTaG9wMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2PKapA1XrBh4GY3LMzGRJUeLzna0K11I5/3MIOnTnkXW2LLOXdn2GnM1rahPmB4/YRHPoOelbKaD5RPu1gpFy7HWpayy6539cjVMB3vG6mAC/nESXB6TIoLe7rbOILSCvmOef/FwkenCco2xEsLTW5XzCgJUE83TtEa3mq9+1ZNNinDXI67UaovaJpdHt08i2RS8fs/5mzVUZTSppUbI4j/SW4cF9iho3RvwTjpMZhUS3tLZYWBiluPdIRTy/Ktg697rzdJ5N0CtM/kEnTM84CxiD6HMMkRRDROI+R9HbkOB4W51Z9oie/IVZiRIyTZFNAE/ZRBuYxx3O+13QYP1UQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCeVmd/il38EX5zz7Us6PMhiXyFH+I2XioSgK5SQH8CRCq5F7SAJS3qexIE4gbK/gBLneSiEu9fnkalrpJQcEo3QYzMdoLdcoAWcvCg4imskhzb01iLzbUlDF3ozZtI/1tGrkm5WGdKBz36cfcV43mUinifblBALXQgjwdC2r5JModo5ZYcHOJwikJERJYTZXkKgBTYc4otwtNl+mlqGuGerDc7jWIowQ7tEMT5U7eG+MgdCx1+laCIAgPKet8/ybZf/n/tYDet4DGGuCxzYyGyiuxwgLvU697isZkoEBFNODvxz97fVAkgNvO+8j8HvWY4PZ+Kcd1Ssk3TRyC5DNwh" ], + "priority": [ "100" ], + "algorithm": [ "RSA-OAEP" ] + } + }, + { + "id": "52e8f54c-3d85-4ab5-8e9b-c9b231f724dc", + "name": "rsa-generated", + "providerId": "rsa-generated", + "subComponents": {}, + "config": { + "privateKey": [ "MIIEpAIBAAKCAQEAxedua4Y0OZp7ioKJlP/YRrz6Ynv+WJGHcf5n1G7g/rOZoHNIUvz5f3QV+p7+4uXLIwSMvVGmWEuGeo9TVa6kJZP1k1zTVigwa6Fimh1pUnMkYkAAV7nMGpbYDWqP0+6rwYEm7U8TE4YIWa6jYOmoG9n3s42PpMc0EXldI3dCFLkcjmQjPn2lUZIt6TZ7zC8opJKBywIqPWHI3hu3lri/5cPyaloyXBW0c8ydSd3dzhxM8D8EOWaOfTZ/PslVlOsFzJGgTKhB8uw+qP++hIvdIZfsS2texmO37n1O+6LU2DfKKeb8jqkGwWjqGAZywgq2Mg1qtLXEjjKboxUC2dJbewIDAQABAoIBABM7j4aRj0e91J28W+SIDJurR+YESM6QrgoNAEgr0l/OUnK+YVv3S8PwIyatBvZEAL7RdV/8rF7OUC5e+WlNRJSGUYpVrhAkbbg4Ad4aV570o6eMsrvTyZsX570+CuY8vqJai87qLV9rWiplB2mmq3ixcRoY+sm3tj6wfbWxpFFhFClp6KApXxissXv6jEOaq4MMzbUli44TtCxDAP0nwvijjm/lofQjPbTJkSNZVnz3lr/qAC1XTD+J+2Rf4VxDLCeowYsSClP0DafZGHXcQagRZuUmAOCoszc5BT2DkMWu7IZRC/iROmZMrrnJzqAAgNd0yz0Sd74M9DHTD17LVFkCgYEA713g6Cn+sF6HSqcWvj7A5MF6fJg9/4Msfg3FOkdp7T3TG3+uEHrE6Z5vuShcmJxFibaW4buIp2jXwkn5bciLZph3H/epZlto6w/Sh7Y/url+zvNE9UQOqEZkS5RLu9WEea9e/0liOIC+Sj8w0ymIpwiDD+6vbTKp7fEvFEEwS7UCgYEA06f36hW9+MQahF8u9ud4MEiIVYJhvfnJKJG/YzeQGA5gN0kL9mYSIpPLWWHWaME11Z06pAaCeerW9pTGq9zAZNj8WN4oFN6aIfY8wc0Fxd2Lbgh8/Y9KvHTrnWiDgFdSjrC7Gv1wz3o41Qu9XpGCToK/Q1hs9zswe0JtlM6gaG8CgYBw6tRiMQ1Ynf8slE4CSRAt2aeyhw8YLgUbIdvcdjveEsA3xK+UTpX9ryP9MLEdvPqA0IW0zwbUEn1VxhfIVkaMi3gGuIpNIuoHmVszciH2L/NGJTRuj0Bq2WoOzVI8tajczoH949xV00XxOIYL1xgD09wf8/UFilTnTlNrNqVV0QKBgQCXK2jOMCk2/BlUYgdRIZGeKq/1IuJcpYMfDrn7SzwHcn0V/34jxlM9jwG2HULeHuEsaNfxPxUBrtFJ3IjpRwnC/Zd+gW1vOm4rw4sxgBWXdNyZAkcDcsyWPYvrKTKC/9tfPqrkZA+moEznHTNrz9GZ8ZhZqVZqXkQKRS+vEMVQ0QKBgQDYWW8fqW9fTdx5hvZNktNxcawwmR0+/AMMf06qH25W/kLtuMGasGCqtp/4uHTR7XX2Pqkp0sHYwbvP2LG4Ac4dUEGTKtfnB5C2yyBKd0CPI+oij51U5JS2Lg773FpbAJ8AuGo7YV/Jq24HdUmiu7i7GyVwofqHxz6tYOUCn8dlUA==" ], + "keyUse": [ "SIG" ], + "certificate": [ "MIICmTCCAYECBgGNI6tOdDANBgkqhkiG9w0BAQsFADAQMQ4wDAYDVQQDDAVlU2hvcDAeFw0yNDAxMTkyMTM5MDVaFw0zNDAxMTkyMTQwNDVaMBAxDjAMBgNVBAMMBWVTaG9wMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxedua4Y0OZp7ioKJlP/YRrz6Ynv+WJGHcf5n1G7g/rOZoHNIUvz5f3QV+p7+4uXLIwSMvVGmWEuGeo9TVa6kJZP1k1zTVigwa6Fimh1pUnMkYkAAV7nMGpbYDWqP0+6rwYEm7U8TE4YIWa6jYOmoG9n3s42PpMc0EXldI3dCFLkcjmQjPn2lUZIt6TZ7zC8opJKBywIqPWHI3hu3lri/5cPyaloyXBW0c8ydSd3dzhxM8D8EOWaOfTZ/PslVlOsFzJGgTKhB8uw+qP++hIvdIZfsS2texmO37n1O+6LU2DfKKeb8jqkGwWjqGAZywgq2Mg1qtLXEjjKboxUC2dJbewIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBwhFqzlIdo0Cwro0Ax0dJlSmaL3DpVsg28FPTyJohA/63mv1S/J7FjRdxJavc0qIFZiDAaNorQF1JlzJFioW2XJpK8vHzlaYsKXnX6Q2B8V1IlRLHsoWRGrDi5WdxQniETyIRI1jaSq3vqe5kaiNo8YeWD3MkLSa29aIDqmGAV5pr/Pg8NApBptDLQ1wT9ZjvLzZ8Qby0Q91gSyEvzqzMAaRcjMh95dAUljkpP7axBABQl83jIf6EWh2mW4vfvCkLCjUIaAZDD+iA04rO433yrRvZI2Hh1BBuZi/ISLPkgesGm4jj2xbhKNY1yfCgwy8grcBjhB5kFYVbe1DvLcIJI" ], + "priority": [ "100" ] + } + } + ] + }, + "internationalizationEnabled": false, + "supportedLocales": [], + "authenticationFlows": [ + { + "id": "e96cceac-cf11-4d11-9e88-0aec7405aa8e", + "alias": "Account verification options", + "description": "Method with which to verity the existing account", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-email-verification", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Verify Existing Account by Re-authentication", + "userSetupAllowed": false + } + ] + }, + { + "id": "e283ea4e-cefe-45e0-8063-38a50e8f5ac9", + "alias": "Browser - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-otp-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "0effd347-2f02-4f54-bec1-d61640f78411", + "alias": "Direct Grant - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "direct-grant-validate-otp", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "560c1aae-603f-43a2-a282-3b26e34ca7da", + "alias": "First broker login - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-otp-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "e89c4fb9-7cb9-4a5e-9ca0-d615e3963a99", + "alias": "Handle Existing Account", + "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-confirm-link", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Account verification options", + "userSetupAllowed": false + } + ] + }, + { + "id": "476f2bb6-dff6-4a7e-ad8f-0aa5672ea776", + "alias": "Reset - Conditional OTP", + "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-otp", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "43cfa637-9f21-4fbf-8387-0b0535517820", + "alias": "User creation or linking", + "description": "Flow for the existing/non-existing user alternatives", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorConfig": "create unique user config", + "authenticator": "idp-create-user-if-unique", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Handle Existing Account", + "userSetupAllowed": false + } + ] + }, + { + "id": "2534f882-aff2-4827-ab22-a71800060e1f", + "alias": "Verify Existing Account by Re-authentication", + "description": "Reauthentication of existing account", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-username-password-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "First broker login - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "ed2d0ead-7b18-45c2-a0ab-298b355d02c7", + "alias": "browser", + "description": "browser based authentication", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-cookie", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-spnego", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "identity-provider-redirector", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 25, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 30, + "autheticatorFlow": true, + "flowAlias": "forms", + "userSetupAllowed": false + } + ] + }, + { + "id": "b33f293a-4f51-4d38-ab7f-543ed1dc71bf", + "alias": "clients", + "description": "Base authentication for clients", + "providerId": "client-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "client-secret", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-jwt", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-secret-jwt", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 30, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-x509", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 40, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "fe59c24c-7322-4e67-9e82-be0023ab2889", + "alias": "direct grant", + "description": "OpenID Connect Resource Owner Grant", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "direct-grant-validate-username", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "direct-grant-validate-password", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 30, + "autheticatorFlow": true, + "flowAlias": "Direct Grant - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "9bb58e30-8fa6-4ea0-9065-ce61c02ba00d", + "alias": "docker auth", + "description": "Used by Docker clients to authenticate against the IDP", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "docker-http-basic-authenticator", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "42f4d6fb-7a7d-45bc-97be-5a0948d88945", + "alias": "first broker login", + "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorConfig": "review profile config", + "authenticator": "idp-review-profile", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "User creation or linking", + "userSetupAllowed": false + } + ] + }, + { + "id": "4d3d0525-0333-43e8-be62-8fec05753aa3", + "alias": "forms", + "description": "Username, password, otp and other auth forms.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-username-password-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Browser - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "72715113-db54-4ba0-89c0-85422e552a58", + "alias": "registration", + "description": "registration flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-page-form", + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": true, + "flowAlias": "registration form", + "userSetupAllowed": false + } + ] + }, + { + "id": "2777a201-b799-4f0d-8544-759e3aef5454", + "alias": "registration form", + "description": "registration form", + "providerId": "form-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-user-creation", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "registration-password-action", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 50, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "registration-recaptcha-action", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 60, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "7f527e1a-3f5f-4a39-80b3-ad3fe110db15", + "alias": "reset credentials", + "description": "Reset credentials for a user if they forgot their password or something", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "reset-credentials-choose-user", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-credential-email", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-password", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 30, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 40, + "autheticatorFlow": true, + "flowAlias": "Reset - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "c9a052b6-28c6-4b13-8bc3-12958bbe0a68", + "alias": "saml ecp", + "description": "SAML ECP Profile Authentication Flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "http-basic-authenticator", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + } + ], + "authenticatorConfig": [ + { + "id": "b0b50f78-9a3b-4f03-a9bf-07ac56f2ebac", + "alias": "create unique user config", + "config": { + "require.password.update.after.registration": "false" + } + }, + { + "id": "c972ed55-c8f6-426f-965c-1267dc1f68a9", + "alias": "review profile config", + "config": { + "update.profile.on.first.login": "missing" + } + } + ], + "requiredActions": [ + { + "alias": "CONFIGURE_TOTP", + "name": "Configure OTP", + "providerId": "CONFIGURE_TOTP", + "enabled": true, + "defaultAction": false, + "priority": 10, + "config": {} + }, + { + "alias": "TERMS_AND_CONDITIONS", + "name": "Terms and Conditions", + "providerId": "TERMS_AND_CONDITIONS", + "enabled": false, + "defaultAction": false, + "priority": 20, + "config": {} + }, + { + "alias": "UPDATE_PASSWORD", + "name": "Update Password", + "providerId": "UPDATE_PASSWORD", + "enabled": true, + "defaultAction": false, + "priority": 30, + "config": {} + }, + { + "alias": "UPDATE_PROFILE", + "name": "Update Profile", + "providerId": "UPDATE_PROFILE", + "enabled": true, + "defaultAction": false, + "priority": 40, + "config": {} + }, + { + "alias": "VERIFY_EMAIL", + "name": "Verify Email", + "providerId": "VERIFY_EMAIL", + "enabled": true, + "defaultAction": false, + "priority": 50, + "config": {} + }, + { + "alias": "delete_account", + "name": "Delete Account", + "providerId": "delete_account", + "enabled": false, + "defaultAction": false, + "priority": 60, + "config": {} + }, + { + "alias": "webauthn-register", + "name": "Webauthn Register", + "providerId": "webauthn-register", + "enabled": true, + "defaultAction": false, + "priority": 70, + "config": {} + }, + { + "alias": "webauthn-register-passwordless", + "name": "Webauthn Register Passwordless", + "providerId": "webauthn-register-passwordless", + "enabled": true, + "defaultAction": false, + "priority": 80, + "config": {} + }, + { + "alias": "update_user_locale", + "name": "Update User Locale", + "providerId": "update_user_locale", + "enabled": true, + "defaultAction": false, + "priority": 1000, + "config": {} + } + ], + "browserFlow": "browser", + "registrationFlow": "registration", + "directGrantFlow": "direct grant", + "resetCredentialsFlow": "reset credentials", + "clientAuthenticationFlow": "clients", + "dockerAuthenticationFlow": "docker auth", + "attributes": { + "cibaBackchannelTokenDeliveryMode": "poll", + "cibaAuthRequestedUserHint": "login_hint", + "clientOfflineSessionMaxLifespan": "0", + "oauth2DevicePollingInterval": "5", + "clientSessionIdleTimeout": "0", + "clientOfflineSessionIdleTimeout": "0", + "cibaInterval": "5", + "realmReusableOtpCode": "false", + "cibaExpiresIn": "120", + "oauth2DeviceCodeLifespan": "600", + "parRequestUriLifespan": "60", + "clientSessionMaxLifespan": "0", + "frontendUrl": "", + "acr.loa.map": "{}" + }, + "keycloakVersion": "23.0.4", + "userManagedAccessAllowed": false, + "clientProfiles": { + "profiles": [] + }, + "clientPolicies": { + "policies": [] + } +} \ No newline at end of file diff --git a/AppWithKeycloakAuth/OnlineShop/OnlineShop.ServiceDefaults/Extensions.cs b/AppWithKeycloakAuth/OnlineShop/OnlineShop.ServiceDefaults/Extensions.cs index b72c875..f82e495 100644 --- a/AppWithKeycloakAuth/OnlineShop/OnlineShop.ServiceDefaults/Extensions.cs +++ b/AppWithKeycloakAuth/OnlineShop/OnlineShop.ServiceDefaults/Extensions.cs @@ -124,4 +124,13 @@ public static class Extensions return app; } + + public static Uri GetIdpAuthorityUri(this HttpClient httpClient) + { + var idpBaseUri = httpClient.BaseAddress + ?? throw new InvalidOperationException( + $"HttpClient instance does not have a BaseAddress configured."); + return new Uri(idpBaseUri, "realms/OnlineShop/"); + } + }