keycloak-scim/server-spi-private/src/main/java/org/keycloak/models/Constants.java

/*
 * Copyright 2016 Red Hat, Inc. and/or its affiliates
 * and other contributors as indicated by the @author tags.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.keycloak.models;

import org.keycloak.OAuth2Constants;
import org.keycloak.crypto.Algorithm;

import java.util.Arrays;
import java.util.Collection;
import java.util.regex.Pattern;

/**
 * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
 * @version $Revision: 1 $
 */
public final class Constants {
    public static final String ADMIN_CONSOLE_CLIENT_ID = "security-admin-console";
    public static final String ADMIN_CLI_CLIENT_ID = "admin-cli";

    public static final String ACCOUNT_MANAGEMENT_CLIENT_ID = "account";
    public static final String ACCOUNT_CONSOLE_CLIENT_ID = "account-console";
    public static final String BROKER_SERVICE_CLIENT_ID = "broker";
    public static final String REALM_MANAGEMENT_CLIENT_ID = "realm-management";

    public static final String AUTH_BASE_URL_PROP = "${authBaseUrl}";
    public static final String AUTH_ADMIN_URL_PROP = "${authAdminUrl}";

    public static final Collection<String> defaultClients = Arrays.asList(ACCOUNT_MANAGEMENT_CLIENT_ID, ADMIN_CLI_CLIENT_ID, BROKER_SERVICE_CLIENT_ID, REALM_MANAGEMENT_CLIENT_ID, ADMIN_CONSOLE_CLIENT_ID);

    public static final String INSTALLED_APP_URN = "urn:ietf:wg:oauth:2.0:oob";
    public static final String INSTALLED_APP_URL = "http://localhost";
    public static final String INSTALLED_APP_LOOPBACK = "http://127.0.0.1";

    public static final String READ_TOKEN_ROLE = "read-token";
    public static final String[] BROKER_SERVICE_ROLES = {READ_TOKEN_ROLE};
    public static final String OFFLINE_ACCESS_ROLE = OAuth2Constants.OFFLINE_ACCESS;
    public static final String DEFAULT_ROLES_ROLE_PREFIX = "default-roles";

    public static final String AUTHZ_UMA_PROTECTION = "uma_protection";
    public static final String AUTHZ_UMA_AUTHORIZATION = "uma_authorization";
    public static final String[] AUTHZ_DEFAULT_AUTHORIZATION_ROLES = {AUTHZ_UMA_AUTHORIZATION};

    // 15 minutes
    public static final int DEFAULT_ACCESS_TOKEN_LIFESPAN_FOR_IMPLICIT_FLOW_TIMEOUT = 900;
    // 30 days
    public static final int DEFAULT_OFFLINE_SESSION_IDLE_TIMEOUT = 2592000;
    // KEYCLOAK-7688 Offline Session Max for Offline Token
    // 60 days
    public static final int DEFAULT_OFFLINE_SESSION_MAX_LIFESPAN = 5184000;
    public static final String DEFAULT_SIGNATURE_ALGORITHM = Algorithm.RS256;

    public static final int DEFAULT_SESSION_IDLE_TIMEOUT = 1800; // 30 minutes
    public static final int DEFAULT_SESSION_MAX_LIFESPAN = 36000; // 10 hours

    public static final String DEFAULT_WEBAUTHN_POLICY_SIGNATURE_ALGORITHMS = Algorithm.ES256;
    public static final String DEFAULT_WEBAUTHN_POLICY_RP_ENTITY_NAME = "keycloak";
    // it stands for optional parameter not specified in WebAuthn
    public static final String DEFAULT_WEBAUTHN_POLICY_NOT_SPECIFIED = "not specified";

    // Prefix used for the realm attributes and other places
    public static final String WEBAUTHN_PASSWORDLESS_PREFIX = "Passwordless";

    public static final String VERIFY_EMAIL_KEY = "VERIFY_EMAIL_KEY";
    public static final String EXECUTION = "execution";
    public static final String CLIENT_ID = "client_id";
    public static final String TAB_ID = "tab_id";
    public static final String KEY = "key";

    public static final String KC_ACTION = "kc_action";
    public static final String KC_ACTION_STATUS = "kc_action_status";
    public static final String KC_ACTION_EXECUTING = "kc_action_executing";
    public static final int KC_ACTION_MAX_AGE = 300;

    public static final String IS_AIA_REQUEST = "IS_AIA_REQUEST";
    public static final String AIA_SILENT_CANCEL = "silent_cancel";
    public static final String AUTHENTICATION_EXECUTION = "authenticationExecution";
    public static final String CREDENTIAL_ID = "credentialId";

    public static final String SKIP_LINK = "skipLink";
    public static final String TEMPLATE_ATTR_ACTION_URI = "actionUri";
    public static final String TEMPLATE_ATTR_REQUIRED_ACTIONS = "requiredActions";

    // Prefix for user attributes used in various "context"data maps
    public static final String USER_ATTRIBUTES_PREFIX = "user.attributes.";

    // Roles already granted by a mapper when updating brokered users.
    public static final String MAPPER_GRANTED_ROLES = "MAPPER_GRANTED_ROLES";

    // Groups already assigned by a mapper when updating brokered users.
    public static final String MAPPER_GRANTED_GROUPS = "MAPPER_GRANTED_GROUPS";

    // Indication to admin-rest-endpoint that realm keys should be re-generated
    public static final String GENERATE = "GENERATE";

    public static final int DEFAULT_MAX_RESULTS = 100;

    // Delimiter to be used in the configuration of authenticators (and some other components) in case that we need to save
    // multiple values into single string
    public static final String CFG_DELIMITER = "##";

    // Better performance to use this instead of String.split
    public static final Pattern CFG_DELIMITER_PATTERN = Pattern.compile("\\s*" + CFG_DELIMITER + "\\s*");

    public static final String OFFLINE_ACCESS_SCOPE_CONSENT_TEXT = "${offlineAccessScopeConsentText}";

    /**
     * If set as an attribute in the {@link KeycloakSession}, indicates that the storage should batch write operations.
     */
    public static final String STORAGE_BATCH_ENABLED = "org.keycloak.storage.batch_enabled";

    /**
     * If {@code #STORAGE_BATCH_ENABLED} is set, indicates the batch size.
     */
    public static final String STORAGE_BATCH_SIZE = "org.keycloak.storage.batch_size";

    // Client Polices Realm Attributes Keys
    public static final String CLIENT_PROFILES = "client-policies.profiles";
    public static final String CLIENT_POLICIES = "client-policies.policies";


    // Authentication session note, which contains loa of current authentication in progress
    public static final String LEVEL_OF_AUTHENTICATION = "level-of-authentication";

    // Authentication session (and user session) note, which contains map with authenticated levels and the times of their authentications,
    // so it is possible to check when particular level expires and needs to be re-authenticated
    public static final String LOA_MAP = "loa-map";

    public static final String REQUESTED_LEVEL_OF_AUTHENTICATION = "requested-level-of-authentication";
    public static final String FORCE_LEVEL_OF_AUTHENTICATION = "force-level-of-authentication";
    public static final String ACR_LOA_MAP = "acr.loa.map";
    public static final String DEFAULT_ACR_VALUES = "default.acr.values";
    public static final int MINIMUM_LOA = 0;
    public static final int NO_LOA = -1;

    public static final Boolean REALM_ATTR_USERNAME_CASE_SENSITIVE_DEFAULT = Boolean.FALSE;
    public static final String REALM_ATTR_USERNAME_CASE_SENSITIVE = "keycloak.username-search.case-sensitive";

}
KEYCLOAK-1524 Source code headers 2016-02-03 10:20:22 +00:00			`/*`
			`* Copyright 2016 Red Hat, Inc. and/or its affiliates`
			`* and other contributors as indicated by the @author tags.`
			`*`
			`* Licensed under the Apache License, Version 2.0 (the "License");`
			`* you may not use this file except in compliance with the License.`
			`* You may obtain a copy of the License at`
			`*`
			`* http://www.apache.org/licenses/LICENSE-2.0`
			`*`
			`* Unless required by applicable law or agreed to in writing, software`
			`* distributed under the License is distributed on an "AS IS" BASIS,`
			`* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`* See the License for the specific language governing permissions and`
			`* limitations under the License.`
			`*/`

KEYCLOAK-1385 Introduce end-of-line normalization 2015-07-17 11:45:43 +00:00			`package org.keycloak.models;`

KEYCLOAK-904 Consents support. Added scopeParamRequired flag to RoleModel 2015-09-23 10:52:37 +00:00			`import org.keycloak.OAuth2Constants;`
KEYCLOAK-9360 Two factor authentication with W3C Web Authentication - 1st impl phase * KEYCLOAK-9360 Two factor authentication with W3C Web Authentication - 1st impl phase 2019-10-01 13:17:38 +00:00			`import org.keycloak.crypto.Algorithm;`
KEYCLOAK-904 Consents support. Added scopeParamRequired flag to RoleModel 2015-09-23 10:52:37 +00:00
Fix null protocols in default realm applications 2017-03-31 21:11:52 +00:00			`import java.util.Arrays;`
			`import java.util.Collection;`
KEYCLOAK-9572 Support for multiple CRLs with X509 authentication 2019-03-13 20:18:37 +00:00			`import java.util.regex.Pattern;`
Fix null protocols in default realm applications 2017-03-31 21:11:52 +00:00
KEYCLOAK-1385 Introduce end-of-line normalization 2015-07-17 11:45:43 +00:00			`/**`
			`* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>`
			`* @version $Revision: 1 $`
			`*/`
KEYCLOAK-9572 Support for multiple CRLs with X509 authentication 2019-03-13 20:18:37 +00:00			`public final class Constants {`
			`public static final String ADMIN_CONSOLE_CLIENT_ID = "security-admin-console";`
			`public static final String ADMIN_CLI_CLIENT_ID = "admin-cli";`
KEYCLOAK-1385 Introduce end-of-line normalization 2015-07-17 11:45:43 +00:00
KEYCLOAK-9572 Support for multiple CRLs with X509 authentication 2019-03-13 20:18:37 +00:00			`public static final String ACCOUNT_MANAGEMENT_CLIENT_ID = "account";`
KEYCLOAK-12069 Add account-console client for new account console 2019-11-19 08:52:31 +00:00			`public static final String ACCOUNT_CONSOLE_CLIENT_ID = "account-console";`
KEYCLOAK-9572 Support for multiple CRLs with X509 authentication 2019-03-13 20:18:37 +00:00			`public static final String BROKER_SERVICE_CLIENT_ID = "broker";`
			`public static final String REALM_MANAGEMENT_CLIENT_ID = "realm-management";`
KEYCLOAK-1385 Introduce end-of-line normalization 2015-07-17 11:45:43 +00:00
KEYCLOAK-11728 New default hostname provider Co-authored-by: Hynek Mlnarik <hmlnarik@redhat.com> 2019-10-16 08:33:55 +00:00			`public static final String AUTH_BASE_URL_PROP = "${authBaseUrl}";`
			`public static final String AUTH_ADMIN_URL_PROP = "${authAdminUrl}";`

KEYCLOAK-9572 Support for multiple CRLs with X509 authentication 2019-03-13 20:18:37 +00:00			`public static final Collection<String> defaultClients = Arrays.asList(ACCOUNT_MANAGEMENT_CLIENT_ID, ADMIN_CLI_CLIENT_ID, BROKER_SERVICE_CLIENT_ID, REALM_MANAGEMENT_CLIENT_ID, ADMIN_CONSOLE_CLIENT_ID);`
Fix null protocols in default realm applications 2017-03-31 21:11:52 +00:00
KEYCLOAK-9572 Support for multiple CRLs with X509 authentication 2019-03-13 20:18:37 +00:00			`public static final String INSTALLED_APP_URN = "urn:ietf:wg:oauth:2.0:oob";`
			`public static final String INSTALLED_APP_URL = "http://localhost";`
KEYCLOAK-11699 add support for 127.0.0.1 for native app 2020-11-20 08:06:22 +00:00			`public static final String INSTALLED_APP_LOOPBACK = "http://127.0.0.1";`

KEYCLOAK-9572 Support for multiple CRLs with X509 authentication 2019-03-13 20:18:37 +00:00			`public static final String READ_TOKEN_ROLE = "read-token";`
			`public static final String[] BROKER_SERVICE_ROLES = {READ_TOKEN_ROLE};`
			`public static final String OFFLINE_ACCESS_ROLE = OAuth2Constants.OFFLINE_ACCESS;`
KEYCLOAK-14846 Default roles processing 2020-10-27 12:17:26 +00:00			`public static final String DEFAULT_ROLES_ROLE_PREFIX = "default-roles";`
KEYCLOAK-904 Offline session idle timeout + admin console 2015-10-14 15:45:46 +00:00
KEYCLOAK-9572 Support for multiple CRLs with X509 authentication 2019-03-13 20:18:37 +00:00			`public static final String AUTHZ_UMA_PROTECTION = "uma_protection";`
			`public static final String AUTHZ_UMA_AUTHORIZATION = "uma_authorization";`
			`public static final String[] AUTHZ_DEFAULT_AUTHORIZATION_ROLES = {AUTHZ_UMA_AUTHORIZATION};`
[KEYCLOAK-2753] - Fine-grained Authorization Services 2016-06-17 05:07:34 +00:00
KEYCLOAK-1129 Implicit flow: more work 2015-11-27 07:29:50 +00:00			`// 15 minutes`
KEYCLOAK-9572 Support for multiple CRLs with X509 authentication 2019-03-13 20:18:37 +00:00			`public static final int DEFAULT_ACCESS_TOKEN_LIFESPAN_FOR_IMPLICIT_FLOW_TIMEOUT = 900;`
KEYCLOAK-904 Offline session idle timeout + admin console 2015-10-14 15:45:46 +00:00			`// 30 days`
KEYCLOAK-9572 Support for multiple CRLs with X509 authentication 2019-03-13 20:18:37 +00:00			`public static final int DEFAULT_OFFLINE_SESSION_IDLE_TIMEOUT = 2592000;`
KEYCLOAK-7688 Offline Session Max for Offline Token 2018-06-25 00:27:50 +00:00			`// KEYCLOAK-7688 Offline Session Max for Offline Token`
			`// 60 days`
KEYCLOAK-9572 Support for multiple CRLs with X509 authentication 2019-03-13 20:18:37 +00:00			`public static final int DEFAULT_OFFLINE_SESSION_MAX_LIFESPAN = 5184000;`
KEYCLOAK-17342 Make the default value of default signature algorithm show up in the admin console 2021-03-08 00:23:51 +00:00			`public static final String DEFAULT_SIGNATURE_ALGORITHM = Algorithm.RS256;`
KEYCLOAK-2011 2015-10-23 20:05:27 +00:00
Fix and correlate session timeout calculations in legacy and new map implementations Closes https://github.com/keycloak/keycloak/issues/14854 Closes https://github.com/keycloak/keycloak/issues/11990 2023-05-26 15:41:27 +00:00			`public static final int DEFAULT_SESSION_IDLE_TIMEOUT = 1800; // 30 minutes`
			`public static final int DEFAULT_SESSION_MAX_LIFESPAN = 36000; // 10 hours`

KEYCLOAK-9360 Two factor authentication with W3C Web Authentication - 1st impl phase * KEYCLOAK-9360 Two factor authentication with W3C Web Authentication - 1st impl phase 2019-10-01 13:17:38 +00:00			`public static final String DEFAULT_WEBAUTHN_POLICY_SIGNATURE_ALGORITHMS = Algorithm.ES256;`
			`public static final String DEFAULT_WEBAUTHN_POLICY_RP_ENTITY_NAME = "keycloak";`
			`// it stands for optional parameter not specified in WebAuthn`
			`public static final String DEFAULT_WEBAUTHN_POLICY_NOT_SPECIFIED = "not specified";`

KEYCLOAK-12174 WebAuthn: create authenticator, requiredAction and policy for passwordless (#6649) 2020-01-29 08:33:45 +00:00			`// Prefix used for the realm attributes and other places`
			`public static final String WEBAUTHN_PASSWORDLESS_PREFIX = "Passwordless";`

KEYCLOAK-9572 Support for multiple CRLs with X509 authentication 2019-03-13 20:18:37 +00:00			`public static final String VERIFY_EMAIL_KEY = "VERIFY_EMAIL_KEY";`
			`public static final String EXECUTION = "execution";`
			`public static final String CLIENT_ID = "client_id";`
			`public static final String TAB_ID = "tab_id";`
			`public static final String KEY = "key";`
KEYCLOAK-11627 Require users to re-authenticate before invoking AIA 2019-11-04 11:20:58 +00:00
KEYCLOAK-10854: App initiated actions phase I 2019-07-16 19:09:09 +00:00			`public static final String KC_ACTION = "kc_action";`
KEYCLOAK-11898 Refactor AIA implementation 2019-11-04 11:53:29 +00:00			`public static final String KC_ACTION_STATUS = "kc_action_status";`
			`public static final String KC_ACTION_EXECUTING = "kc_action_executing";`
KEYCLOAK-11627 Require users to re-authenticate before invoking AIA 2019-11-04 11:20:58 +00:00			`public static final int KC_ACTION_MAX_AGE = 300;`

KEYCLOAK-10854: App initiated actions phase I 2019-07-16 19:09:09 +00:00			`public static final String IS_AIA_REQUEST = "IS_AIA_REQUEST";`
KEYCLOAK-10854: App-initiated actions Phase I 2019-07-25 22:24:33 +00:00			`public static final String AIA_SILENT_CANCEL = "silent_cancel";`
KEYCLOAK-11745 Multi-factor authentication (#6459) Co-authored-by: Christophe Frattino <christophe.frattino@elca.ch> Co-authored-by: Francis PEROT <francis.perot@elca.ch> Co-authored-by: rpo <harture414@gmail.com> Co-authored-by: mposolda <mposolda@gmail.com> Co-authored-by: Jan Lieskovsky <jlieskov@redhat.com> Co-authored-by: Denis <drichtar@redhat.com> Co-authored-by: Tomas Kyjovsky <tkyjovsk@redhat.com> 2019-11-14 13:45:05 +00:00			`public static final String AUTHENTICATION_EXECUTION = "authenticationExecution";`
			`public static final String CREDENTIAL_ID = "credentialId";`
KEYCLOAK-2172 Make Identity broker User Attribute mappers compatible with First Broker Login flow 2015-12-01 12:15:06 +00:00
KEYCLOAK-9572 Support for multiple CRLs with X509 authentication 2019-03-13 20:18:37 +00:00			`public static final String SKIP_LINK = "skipLink";`
			`public static final String TEMPLATE_ATTR_ACTION_URI = "actionUri";`
			`public static final String TEMPLATE_ATTR_REQUIRED_ACTIONS = "requiredActions";`
KEYCLOAK-4016 Provide a Link to go Back to The Application on a Timeout 2017-05-19 13:28:04 +00:00
KEYCLOAK-2172 Make Identity broker User Attribute mappers compatible with First Broker Login flow 2015-12-01 12:15:06 +00:00			`// Prefix for user attributes used in various "context"data maps`
KEYCLOAK-9572 Support for multiple CRLs with X509 authentication 2019-03-13 20:18:37 +00:00			`public static final String USER_ATTRIBUTES_PREFIX = "user.attributes.";`
KEYCLOAK-905 Realm keys rotation support on adapters 2016-09-06 18:15:00 +00:00
[KEYCLOAK-8730] Ensure role mappers don't remove roles already granted by another mapper when updating a brokered user 2021-05-20 17:54:40 +00:00			`// Roles already granted by a mapper when updating brokered users.`
			`public static final String MAPPER_GRANTED_ROLES = "MAPPER_GRANTED_ROLES";`

KEYCLOAK-19283 Implemented new identity provider mapper "Advanced claim to group mapper" alongside tests. 2021-09-13 11:32:35 +00:00			`// Groups already assigned by a mapper when updating brokered users.`
			`public static final String MAPPER_GRANTED_GROUPS = "MAPPER_GRANTED_GROUPS";`

KEYCLOAK-905 Realm keys rotation support on adapters 2016-09-06 18:15:00 +00:00			`// Indication to admin-rest-endpoint that realm keys should be re-generated`
KEYCLOAK-9572 Support for multiple CRLs with X509 authentication 2019-03-13 20:18:37 +00:00			`public static final String GENERATE = "GENERATE";`
KEYCLOAK-3733 Set default max results for paginated endpoints 2016-10-28 07:15:05 +00:00
KEYCLOAK-9572 Support for multiple CRLs with X509 authentication 2019-03-13 20:18:37 +00:00			`public static final int DEFAULT_MAX_RESULTS = 100;`
KEYCLOAK-6630 Client scopes initial support (#5076) * KEYCLOAK-6630 KEYCLOAK-349 Client Scopes Co-authored-by: vramik <vramik@redhat.com> * KEYCLOAK-6630 Change some clientTemplate occurences to clientScope 2018-06-08 13:38:38 +00:00
KEYCLOAK-9572 Support for multiple CRLs with X509 authentication 2019-03-13 20:18:37 +00:00			`// Delimiter to be used in the configuration of authenticators (and some other components) in case that we need to save`
			`// multiple values into single string`
			`public static final String CFG_DELIMITER = "##";`

			`// Better performance to use this instead of String.split`
			`public static final Pattern CFG_DELIMITER_PATTERN = Pattern.compile("\\s" + CFG_DELIMITER + "\\s");`

			`public static final String OFFLINE_ACCESS_SCOPE_CONSENT_TEXT = "${offlineAccessScopeConsentText}";`
[KEYCLOAK-16780] - Allow batching writes to storage when running migration (#7717) Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> 2021-01-29 12:35:19 +00:00
			`/**`
			`* If set as an attribute in the {@link KeycloakSession}, indicates that the storage should batch write operations.`
			`*/`
			`public static final String STORAGE_BATCH_ENABLED = "org.keycloak.storage.batch_enabled";`

			`/**`
			`* If {@code #STORAGE_BATCH_ENABLED} is set, indicates the batch size.`
			`*/`
			`public static final String STORAGE_BATCH_SIZE = "org.keycloak.storage.batch_size";`
KEYCLOAK-7675 Prototype Implementation of Device Authorization Grant. Author: Hiroyuki Wada <h2-wada@nri.co.jp> Date: Thu May 2 00:22:24 2019 +0900 Signed-off-by: Łukasz Dywicki <luke@code-house.org> 2019-05-01 15:22:24 +00:00
KEYCLOAK-14209 Client policies admin console support. Changing of format of JSON for client policies and profiles. Remove support for default policies (#7969) * KEYCLOAK-14209 KEYCLOAK-17988 Client policies admin console support. Changing of format of JSON for client policies and profiles. Refactoring based on feedback and remove builtin policies 2021-05-12 14:19:55 +00:00			`// Client Polices Realm Attributes Keys`
			`public static final String CLIENT_PROFILES = "client-policies.profiles";`
			`public static final String CLIENT_POLICIES = "client-policies.policies";`

KEYCLOAK-847 Add support for step up authentication (#7897) KEYCLOAK-847 Fix behavior of unknown not essential acr claim Co-authored-by: Georg Romstorfer <georg.romstorfer@gmail.com> Co-authored-by: Marek Posolda <mposolda@gmail.com> 2021-12-22 11:43:12 +00:00
Replace 'Store LoA in User Session' with 'Max Age'. Refactoring of step-up authentications related to that. Closes #10205 2022-02-23 16:25:27 +00:00			`// Authentication session note, which contains loa of current authentication in progress`
KEYCLOAK-847 Add support for step up authentication (#7897) KEYCLOAK-847 Fix behavior of unknown not essential acr claim Co-authored-by: Georg Romstorfer <georg.romstorfer@gmail.com> Co-authored-by: Marek Posolda <mposolda@gmail.com> 2021-12-22 11:43:12 +00:00			`public static final String LEVEL_OF_AUTHENTICATION = "level-of-authentication";`
Replace 'Store LoA in User Session' with 'Max Age'. Refactoring of step-up authentications related to that. Closes #10205 2022-02-23 16:25:27 +00:00
			`// Authentication session (and user session) note, which contains map with authenticated levels and the times of their authentications,`
			`// so it is possible to check when particular level expires and needs to be re-authenticated`
			`public static final String LOA_MAP = "loa-map";`

KEYCLOAK-847 Add support for step up authentication (#7897) KEYCLOAK-847 Fix behavior of unknown not essential acr claim Co-authored-by: Georg Romstorfer <georg.romstorfer@gmail.com> Co-authored-by: Marek Posolda <mposolda@gmail.com> 2021-12-22 11:43:12 +00:00			`public static final String REQUESTED_LEVEL_OF_AUTHENTICATION = "requested-level-of-authentication";`
			`public static final String FORCE_LEVEL_OF_AUTHENTICATION = "force-level-of-authentication";`
			`public static final String ACR_LOA_MAP = "acr.loa.map";`
Option for client to specify default acr level (#10364) Closes #10160 2022-02-22 06:54:30 +00:00			`public static final String DEFAULT_ACR_VALUES = "default.acr.values";`
KEYCLOAK-847 Add support for step up authentication (#7897) KEYCLOAK-847 Fix behavior of unknown not essential acr claim Co-authored-by: Georg Romstorfer <georg.romstorfer@gmail.com> Co-authored-by: Marek Posolda <mposolda@gmail.com> 2021-12-22 11:43:12 +00:00			`public static final int MINIMUM_LOA = 0;`
			`public static final int NO_LOA = -1;`
MapUserProvider in KC20 needs to store username compatible with KC19 to be no-downtime-upgradable Closes #14678 2022-10-05 18:40:31 +00:00
			`public static final Boolean REALM_ATTR_USERNAME_CASE_SENSITIVE_DEFAULT = Boolean.FALSE;`
			`public static final String REALM_ATTR_USERNAME_CASE_SENSITIVE = "keycloak.username-search.case-sensitive";`
Fixing UserFederationLdapConnectionTest,LDAPUserLoginTest to work with FIPS (#15299) closes #14965 2022-11-03 15:35:57 +00:00
KEYCLOAK-1385 Introduce end-of-line normalization 2015-07-17 11:45:43 +00:00			`}`