{
    "id": "kerberos-demo",
    "realm": "kerberos-demo",
    "enabled": true,
    "sslRequired": "external",
    "privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
    "publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
    "requiredCredentials": [ "password", "kerberos" ],
    "defaultRoles": [ "user" ],
    "scopeMappings": [
        {
            "client": "kerberos-app",
            "roles": [ "user" ]
        }
    ],
    "clients": [
        {
            "clientId": "kerberos-app",
            "enabled": true,
            "baseUrl": "/kerberos-portal",
            "redirectUris": [
                "/kerberos-portal/*"
            ],
            "adminUrl": "/kerberos-portal",
            "secret": "password",
            "protocolMappers": [
        		{
		        	"protocolMapper" : "oidc-usermodel-property-mapper",
			        "protocol" : "openid-connect",
			        "name" : "username",
			        "config" : {
				        "Claim JSON Type" : "String",
				        "user.attribute" : "username",
				        "claim.name" : "preferred_username",
				        "id.token.claim" : "true",
				        "access.token.claim" : "true"
			        }
		        },
                {
			        "protocolMapper" : "oidc-usersessionmodel-note-mapper",
			        "protocol" : "openid-connect",
			        "name" : "gss delegation credential",
			        "config" : {
				        "user.session.note" : "gss_delegation_credential",
				        "claim.name" : "gss_delegation_credential",
                        "id.token.claim" : "false",
                        "access.token.claim" : "true"
			        }
		        }
            ]
        }
    ],
    "roles" : {
        "realm" : [
            {
                "name": "user",
                "description": "Have User privileges"
            }
        ]
    },
    "userFederationProviders": [
        {
            "displayName": "kerberos-ldap-provider",
            "providerName": "ldap",
            "priority": 1,
            "fullSyncPeriod": -1,
            "changedSyncPeriod": -1,
            "config": {
                "syncRegistrations" : "false",
                "connectionPooling" : "true",
                "pagination" : "true",
                "allowKerberosAuthentication" : "true",
                "debug" : "true",
                "editMode" : "WRITABLE",
                "vendor" : "other",
                "usernameLDAPAttribute" : "uid",
                "rdnLDAPAttribute" : "uid",
                "uuidLDAPAttribute" : "entryUUID",
                "userObjectClasses" : "inetOrgPerson, organizationalPerson",
                "connectionUrl" : "ldap://localhost:10389",
                "usersDn" : "ou=People,dc=keycloak,dc=org",
                "bindDn" : "uid=admin,ou=system",
                "bindCredential" : "secret",
                "kerberosRealm" : "KEYCLOAK.ORG",
                "serverPrincipal" : "HTTP/localhost@KEYCLOAK.ORG",
                "useKerberosForPasswordAuthentication": "true",
                "keyTab" : "http.keytab"
            }
        }
    ]
}