{ "realm": "test-realm", "enabled": true, "accessTokenLifespan": 6000, "accessTokenLifespanForImplicitFlow": 1500, "accessCodeLifespan": 30, "accessCodeLifespanUserAction": 600, "offlineSessionIdleTimeout": 3600000, "requiredCredentials": [ "password" ], "defaultRoles": [ "foo", "bar" ], "verifyEmail" : "true", "smtpServer": { "from": "auto@keycloak.org", "host": "localhost", "port":"3025" }, "identityProviders" : [ { "providerId" : "google", "alias" : "google1", "enabled": true, "config": { "clientId": "googleId", "clientSecret": "googleSecret" } }, { "providerId" : "facebook", "alias" : "facebook1", "enabled": true, "config": { "clientId": "facebookId", "clientSecret": "facebookSecret" } }, { "providerId" : "twitter", "alias" : "twitter1", "enabled": true, "config": { "clientId": "twitterId", "clientSecret": "twitterSecret" } } ], "userFederationProviders": [ { "displayName": "MyLDAPProvider1", "providerName": "ldap", "priority": 1, "config": { "connectionUrl": "ldap://foo" } }, { "displayName": "MyLDAPProvider2", "providerName": "ldap", "priority": 2, "config": { "connectionUrl": "ldap://bar" } } ], "userFederationMappers": [ { "name": "FullNameMapper", "federationProviderDisplayName": "MyLDAPProvider1", "federationMapperType": "full-name-ldap-mapper", "config": { "ldap.full.name.attribute": "cn" } } ], "groups": [ { "name": "Group A", "path": "/Group A", "attributes": { "topAttribute": [ "true" ] }, "subGroups": [ { "name": "Group B", "path": "/Group A/Group B", "attributes": { "level2Attribute": [ "true" ] }, "subGroups": [] } ] }, { "name": "Group C", "path": "/Group C", "attributes": { "topAttribute": [ "true" ] }, "subGroups": [ { "name": "Group D", "path": "/Group C/Group D", "attributes": { "level2Attribute": [ "true" ] }, "subGroups": [] } ] } ], "users": [ { "username": "wburke", "enabled": true, "createdTimestamp" : 123654, "attributes": { "email": "bburke@redhat.com" }, "credentials": [ { "type": "password", "value": "userpassword" } ], "applicationRoles": { "Application": [ "app-user" ], "OtherApp": [ "otherapp-user" ] } }, { "username": "loginclient", "createdTimestamp" : "123655", "enabled": true, "credentials": [ { "type": "password", "value": "clientpassword" } ] }, { "username": "admin", "enabled": true, "attributes": { "key1": [ "val1" ], "key2": [ "val21", "val22" ] }, "credentials": [ { "type": "password", "value": "adminpassword" } ], "realmRoles": [ "admin" ], "applicationRoles": { "Application": [ "app-admin" ], "OtherApp": [ "otherapp-admin" ] }, "clientConsents": [ { "clientId": "Application", "grantedRealmRoles": [ "admin" ], "grantedClientRoles": { "Application": [ "app-admin" ] } }, { "clientId": "OtherApp", "grantedRealmRoles": [ "admin" ], "grantedProtocolMappers": { "openid-connect": [ "gss delegation credential" ] } } ] }, { "username": "mySocialUser", "enabled": true, "federatedIdentities": [ { "identityProvider": "facebook1", "userId": "facebook1", "userName": "fbuser1" }, { "identityProvider": "twitter1", "userId": "twitter1", "userName": "twuser1" }, { "identityProvider": "google1", "userId": "google1", "userName": "mySocialUser@gmail.com" } ] }, { "username": "my-service-user", "enabled": true, "serviceAccountClientId": "OtherApp" } ], "clients": [ { "clientId": "Application", "name": "Applicationn", "enabled": true, "implicitFlowEnabled": true, "directAccessGrantsEnabled": true, "nodeReRegistrationTimeout": 50, "registeredNodes": { "node1": 10, "172.10.15.20": 20 } }, { "clientId": "OtherApp", "name": "Other Application", "enabled": true, "standardFlowEnabled": false, "directAccessGrantsEnabled": false, "serviceAccountsEnabled": true, "clientAuthenticatorType": "client-jwt", "protocolMappers" : [ { "name" : "gss delegation credential", "protocol" : "openid-connect", "protocolMapper" : "oidc-usersessionmodel-note-mapper", "consentRequired" : true, "consentText" : "gss delegation credential", "config" : { "user.session.note" : "gss_delegation_credential", "access.token.claim" : "true", "claim.name" : "gss_delegation_credential", "Claim JSON Type" : "String" } } ] }, { "clientId": "test-app-authz", "enabled": true, "baseUrl": "/test-app-authz", "adminUrl": "/test-app-authz", "bearerOnly": false, "authorizationSettings": { "allowRemoteResourceManagement": true, "policyEnforcementMode": "ENFORCING", "resources": [ { "name": "Admin Resource", "uri": "/protected/admin/*", "type": "http://test-app-authz/protected/admin", "icon_uri" : "http://icons.com/icon-admin", "scopes": [ { "name": "admin-access" } ] }, { "name": "Protected Resource", "uri": "/*", "type": "http://test-app-authz/protected/resource", "icon_uri" : "http://icons.com/icon-resource", "scopes": [ { "name": "resource-access" } ] }, { "name": "Premium Resource", "uri": "/protected/premium/*", "type": "urn:test-app-authz:protected:resource", "icon_uri" : "http://icons.com/icon-premium", "scopes": [ { "name": "premium-access" } ] }, { "name": "Main Page", "type": "urn:test-app-authz:protected:resource", "icon_uri" : "http://icons.com/icon-main-page", "scopes": [ { "name": "urn:test-app-authz:page:main:actionForAdmin" }, { "name": "urn:test-app-authz:page:main:actionForUser" }, { "name": "urn:test-app-authz:page:main:actionForPremiumUser" } ] } ], "policies": [ { "name": "Any Admin Policy", "description": "Defines that adminsitrators can do something", "type": "role", "config": { "roles": "[{\"id\":\"admin\"}]" } }, { "name": "Any User Policy", "description": "Defines that any user can do something", "type": "role", "config": { "roles": "[{\"id\":\"user\"}]" } }, { "name": "Client and Realm Role Policy", "type": "role", "config": { "roles": "[{\"id\":\"realm-management/impersonation\",\"required\":false},{\"id\":\"realm-management/manage-authorization\",\"required\":true},{\"id\":\"user\",\"required\":false}]" } }, { "name": "Client Test Policy", "type": "client", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { "clients": "[\"broker\",\"admin-cli\"]" } }, { "name": "Group Policy Test", "type": "group", "config": { "groupsClaim": "groups", "groups": "[{\"path\":\"/Group A\",\"extendChildren\":true},{\"path\":\"/Group A/Group B\",\"extendChildren\":false},{\"path\":\"/Group C/Group D\",\"extendChildren\":true}]" } }, { "name": "Only Premium User Policy", "description": "Defines that only premium users can do something", "type": "role", "logic": "POSITIVE", "config": { "roles": "[{\"id\":\"customer-user-premium\"}]" } }, { "name": "wburke policy", "description": "Defines that only wburke can do something", "type": "user", "logic": "POSITIVE", "config": { "users" : "[\"wburke\"]" } }, { "name": "All Users Policy", "description": "Defines that all users can do something", "type": "aggregate", "decisionStrategy": "AFFIRMATIVE", "config": { "applyPolicies": "[\"Any User Policy\",\"Any Admin Policy\",\"Only Premium User Policy\"]" } }, { "name": "Premium Resource Permission", "description": "A policy that defines access to premium resources", "type": "resource", "decisionStrategy": "UNANIMOUS", "config": { "resources": "[\"Premium Resource\"]", "applyPolicies": "[\"Only Premium User Policy\"]" } }, { "name": "Administrative Resource Permission", "description": "A policy that defines access to administrative resources", "type": "resource", "decisionStrategy": "UNANIMOUS", "config": { "resources": "[\"Admin Resource\"]", "applyPolicies": "[\"Any Admin Policy\"]" } }, { "name": "Protected Resource Permission", "description": "A policy that defines access to any protected resource", "type": "resource", "decisionStrategy": "AFFIRMATIVE", "config": { "resources": "[\"Protected Resource\"]", "applyPolicies": "[\"All Users Policy\"]" } }, { "name": "Action 1 on Main Page Resource Permission", "description": "A policy that defines access to action 1 on the main page", "type": "scope", "decisionStrategy": "AFFIRMATIVE", "config": { "scopes": "[\"urn:test-app-authz:page:main:actionForAdmin\"]", "applyPolicies": "[\"Any Admin Policy\"]" } }, { "name": "Action 2 on Main Page Resource Permission", "description": "A policy that defines access to action 2 on the main page", "type": "scope", "decisionStrategy": "AFFIRMATIVE", "config": { "scopes": "[\"urn:test-app-authz:page:main:actionForUser\"]", "applyPolicies": "[\"Any User Policy\"]" } }, { "name": "Action 3 on Main Page Resource Permission", "description": "A policy that defines access to action 3 on the main page", "type": "scope", "decisionStrategy": "AFFIRMATIVE", "config": { "scopes": "[\"urn:test-app-authz:page:main:actionForPremiumUser\"]", "applyPolicies": "[\"Only Premium User Policy\"]" } } ] }, "redirectUris": [ "/test-app-authz/*" ], "secret": "secret" } ], "oauthClients" : [ { "name" : "oauthclient", "enabled": true, "secret": "clientpassword" } ], "clientTemplates" : [ { "name" : "foo-template", "description" : "foo-template-desc", "protocol" : "openid-connect", "protocolMappers" : [ { "name" : "gss delegation credential", "protocol" : "openid-connect", "protocolMapper" : "oidc-usersessionmodel-note-mapper", "consentRequired" : true, "consentText" : "gss delegation credential", "config" : { "user.session.note" : "gss_delegation_credential", "access.token.claim" : "true", "claim.name" : "gss_delegation_credential", "Claim JSON Type" : "String" } } ] } ], "roles" : { "realm" : [ { "name": "admin" }, { "name": "user" }, { "name": "customer-user-premium", "description": "Have User Premium privileges" } ], "application" : { "Application" : [ { "name": "app-admin", "scopeParamRequired": true }, { "name": "app-user" } ], "OtherApp" : [ { "name": "otherapp-admin", "scopeParamRequired": false }, { "name": "otherapp-user" } ] } }, "scopeMappings": [ { "client": "oauthclient", "roles": ["admin"] }, { "clientTemplate": "foo-template", "roles": ["admin"] } ], "applicationScopeMappings": { "Application": [ { "client": "oauthclient", "roles": ["app-user"] }, { "clientTemplate": "foo-template", "roles": ["app-user", "app-admin" ] } ] } }