keycloak-scim/services/src/main/resources/keycloak-default-client-profiles.json

{
  "profiles": [
    {
      "name": "fapi-1-baseline",
      "description": "Client profile, which enforce clients to conform 'Financial-grade API Security Profile 1.0 - Part 1: Baseline' specification.",
      "executors": [
        {
          "executor": "secure-session",
          "configuration": {}
        },
        {
          "executor": "pkce-enforcer",
          "configuration": {
            "auto-configure": true
          }
        },
        {
          "executor": "secure-client-authenticator",
          "configuration": {
            "allowed-client-authenticators": [
              "client-jwt",
              "client-secret-jwt",
              "client-x509"
            ],
            "default-client-authenticator": "client-jwt"
          }
        },
        {
          "executor": "secure-client-uris",
          "configuration": {}
        },
        {
          "executor": "consent-required",
          "configuration": {}
        },
        {
          "executor": "full-scope-disabled",
          "configuration": {
            "auto-configure": true
          }
        }
      ]
    },
    {
      "name": "fapi-1-advanced",
      "description": "Client profile, which enforce clients to conform 'Financial-grade API Security Profile 1.0 - Part 2: Advanced' specification.",
      "executors": [
        {
          "executor": "secure-session",
          "configuration": {}
        },
        {
          "executor": "confidential-client",
          "configuration": {}
        },
        {
          "executor": "secure-client-authenticator",
          "configuration": {
            "allowed-client-authenticators": [
              "client-jwt",
              "client-x509"
            ],
            "default-client-authenticator": "client-jwt"
          }
        },
        {
          "executor": "secure-client-uris",
          "configuration": {}
        },
        {
          "executor": "secure-request-object",
          "configuration": {
            "available-period": "3600",
            "verify-nbf": true
          }
        },
        {
          "executor": "secure-response-type",
          "configuration": {
            "auto-configure": true,
            "allow-token-response-type": false
          }
        },
        {
          "executor": "secure-signature-algorithm",
          "configuration": {
            "default-algorithm": "PS256"
          }
        },
        {
          "executor": "secure-signature-algorithm-signed-jwt",
          "configuration": {
            "require-client-assertion": false
          }
        },
        {
          "executor": "consent-required",
          "configuration": {}
        },
        {
          "executor": "full-scope-disabled",
          "configuration": {
            "auto-configure": true
          }
        },
        {
          "executor": "holder-of-key-enforcer",
          "configuration": {
            "auto-configure": true
          }
        }
      ]
    },
    {
      "name" : "fapi-ciba",
      "description" : "Client profile, which enforce clients to conform 'Financial-grade API: Client Initiated Backchannel Authentication Profile' specification (Implementer's Draft ver1'). To satisfy FAPI-CIBA, both this profile and fapi-1-advanced global profile need to be used.",
      "executors" : [
        {
          "executor": "secure-ciba-req-sig-algorithm",
          "configuration": {
            "default-algorithm": "PS256"
          }
        },
        {
          "executor" : "secure-ciba-session",
          "configuration" : {}
        },
        {
          "executor" : "secure-ciba-signed-authn-req",
          "configuration" : {
            "available-period" : "3600"
          }
        }
      ]
    }
  ]
}
KEYCLOAK-16805 Client Policy : Support New Admin REST API (Implementation) (#7780) * KEYCLOAK-16805 Client Policy : Support New Admin REST API (Implementation) * support tests using auth-server-quarkus * Configuration changes for ClientPolicyExecutorProvider * Change VALUE of table REALM_ATTRIBUTES to NCLOB * add author tag * incorporate all review comments Co-authored-by: mposolda <mposolda@gmail.com> 2021-04-06 14:31:10 +00:00			`{`
			`"profiles": [`
			`{`
KEYCLOAK-14208 Default client profiles for FAPI 2021-05-13 14:11:52 +00:00			`"name": "fapi-1-baseline",`
			`"description": "Client profile, which enforce clients to conform 'Financial-grade API Security Profile 1.0 - Part 1: Baseline' specification.",`
KEYCLOAK-16805 Client Policy : Support New Admin REST API (Implementation) (#7780) * KEYCLOAK-16805 Client Policy : Support New Admin REST API (Implementation) * support tests using auth-server-quarkus * Configuration changes for ClientPolicyExecutorProvider * Change VALUE of table REALM_ATTRIBUTES to NCLOB * add author tag * incorporate all review comments Co-authored-by: mposolda <mposolda@gmail.com> 2021-04-06 14:31:10 +00:00			`"executors": [`
			`{`
KEYCLOAK-18113 Refactor some executor/condition provider IDs 2021-05-14 14:16:38 +00:00			`"executor": "secure-session",`
KEYCLOAK-14209 Client policies admin console support. Changing of format of JSON for client policies and profiles. Remove support for default policies (#7969) * KEYCLOAK-14209 KEYCLOAK-17988 Client policies admin console support. Changing of format of JSON for client policies and profiles. Refactoring based on feedback and remove builtin policies 2021-05-12 14:19:55 +00:00			`"configuration": {}`
KEYCLOAK-14208 Default client profiles for FAPI 2021-05-13 14:11:52 +00:00			`},`
			`{`
			`"executor": "pkce-enforcer",`
			`"configuration": {`
			`"auto-configure": true`
			`}`
			`},`
			`{`
			`"executor": "secure-client-authenticator",`
			`"configuration": {`
			`"allowed-client-authenticators": [`
			`"client-jwt",`
			`"client-secret-jwt",`
			`"client-x509"`
			`],`
			`"default-client-authenticator": "client-jwt"`
			`}`
			`},`
			`{`
			`"executor": "secure-client-uris",`
			`"configuration": {}`
			`},`
			`{`
			`"executor": "consent-required",`
			`"configuration": {}`
KEYCLOAK-16811 Add executor for disable 'Full Scope Allowed' and add it to FAPI profiles 2021-06-03 18:46:02 +00:00			`},`
			`{`
			`"executor": "full-scope-disabled",`
			`"configuration": {`
			`"auto-configure": true`
			`}`
KEYCLOAK-14208 Default client profiles for FAPI 2021-05-13 14:11:52 +00:00			`}`
			`]`
			`},`
			`{`
			`"name": "fapi-1-advanced",`
			`"description": "Client profile, which enforce clients to conform 'Financial-grade API Security Profile 1.0 - Part 2: Advanced' specification.",`
			`"executors": [`
			`{`
			`"executor": "secure-session",`
			`"configuration": {}`
			`},`
			`{`
			`"executor": "confidential-client",`
			`"configuration": {}`
			`},`
			`{`
			`"executor": "secure-client-authenticator",`
			`"configuration": {`
			`"allowed-client-authenticators": [`
			`"client-jwt",`
			`"client-x509"`
			`],`
			`"default-client-authenticator": "client-jwt"`
			`}`
			`},`
			`{`
			`"executor": "secure-client-uris",`
			`"configuration": {}`
			`},`
			`{`
			`"executor": "secure-request-object",`
			`"configuration": {`
			`"available-period": "3600",`
			`"verify-nbf": true`
			`}`
			`},`
			`{`
			`"executor": "secure-response-type",`
			`"configuration": {`
			`"auto-configure": true,`
			`"allow-token-response-type": false`
			`}`
			`},`
			`{`
			`"executor": "secure-signature-algorithm",`
			`"configuration": {`
			`"default-algorithm": "PS256"`
			`}`
			`},`
			`{`
			`"executor": "secure-signature-algorithm-signed-jwt",`
			`"configuration": {`
			`"require-client-assertion": false`
			`}`
			`},`
			`{`
			`"executor": "consent-required",`
			`"configuration": {}`
			`},`
KEYCLOAK-16811 Add executor for disable 'Full Scope Allowed' and add it to FAPI profiles 2021-06-03 18:46:02 +00:00			`{`
			`"executor": "full-scope-disabled",`
			`"configuration": {`
			`"auto-configure": true`
			`}`
			`},`
KEYCLOAK-14208 Default client profiles for FAPI 2021-05-13 14:11:52 +00:00			`{`
			`"executor": "holder-of-key-enforcer",`
			`"configuration": {`
			`"auto-configure": true`
			`}`
KEYCLOAK-16805 Client Policy : Support New Admin REST API (Implementation) (#7780) * KEYCLOAK-16805 Client Policy : Support New Admin REST API (Implementation) * support tests using auth-server-quarkus * Configuration changes for ClientPolicyExecutorProvider * Change VALUE of table REALM_ATTRIBUTES to NCLOB * add author tag * incorporate all review comments Co-authored-by: mposolda <mposolda@gmail.com> 2021-04-06 14:31:10 +00:00			`}`
			`]`
KEYCLOAK-18863 Global client profile for FAPI CIBA 2021-07-22 04:19:11 +00:00			`},`
			`{`
			`"name" : "fapi-ciba",`
			`"description" : "Client profile, which enforce clients to conform 'Financial-grade API: Client Initiated Backchannel Authentication Profile' specification (Implementer's Draft ver1'). To satisfy FAPI-CIBA, both this profile and fapi-1-advanced global profile need to be used.",`
			`"executors" : [`
			`{`
			`"executor": "secure-ciba-req-sig-algorithm",`
			`"configuration": {`
			`"default-algorithm": "PS256"`
			`}`
			`},`
			`{`
			`"executor" : "secure-ciba-session",`
			`"configuration" : {}`
			`},`
			`{`
			`"executor" : "secure-ciba-signed-authn-req",`
			`"configuration" : {`
			`"available-period" : "3600"`
			`}`
			`}`
			`]`
KEYCLOAK-16805 Client Policy : Support New Admin REST API (Implementation) (#7780) * KEYCLOAK-16805 Client Policy : Support New Admin REST API (Implementation) * support tests using auth-server-quarkus * Configuration changes for ClientPolicyExecutorProvider * Change VALUE of table REALM_ATTRIBUTES to NCLOB * add author tag * incorporate all review comments Co-authored-by: mposolda <mposolda@gmail.com> 2021-04-06 14:31:10 +00:00			`}`
			`]`
			`}`