apiVersion: k8s.keycloak.org/v2alpha1 kind: KeycloakRealmImport metadata: name: example-count0-kc spec: keycloakCRName: example-kc realm: id: count0 realm: count0 notBefore: 0 defaultSignatureAlgorithm: RS256 revokeRefreshToken: false refreshTokenMaxReuse: 0 accessTokenLifespan: 300 accessTokenLifespanForImplicitFlow: 900 ssoSessionIdleTimeout: 1800 ssoSessionMaxLifespan: 36000 ssoSessionIdleTimeoutRememberMe: 0 ssoSessionMaxLifespanRememberMe: 0 offlineSessionIdleTimeout: 3000 offlineSessionMaxLifespanEnabled: false offlineSessionMaxLifespan: 5184000 clientSessionIdleTimeout: 0 clientSessionMaxLifespan: 0 clientOfflineSessionIdleTimeout: 0 clientOfflineSessionMaxLifespan: 0 accessCodeLifespan: 60 accessCodeLifespanUserAction: 300 accessCodeLifespanLogin: 1800 actionTokenGeneratedByAdminLifespan: 43200 actionTokenGeneratedByUserLifespan: 300 oauth2DeviceCodeLifespan: 600 oauth2DevicePollingInterval: 5 enabled: true sslRequired: external registrationAllowed: true registrationEmailAsUsername: false rememberMe: false verifyEmail: false loginWithEmailAllowed: true duplicateEmailsAllowed: false resetPasswordAllowed: false editUsernameAllowed: false bruteForceProtected: false permanentLockout: false maxFailureWaitSeconds: 900 minimumQuickLoginWaitSeconds: 60 waitIncrementSeconds: 60 quickLoginCheckMilliSeconds: 1000 maxDeltaTimeSeconds: 43200 failureFactor: 30 roles: realm: - id: c118f6c0-db44-4b29-a439-573b0d828e61 name: count0 composite: false clientRole: false containerId: count0 attributes: {} - id: 999fa353-a573-4a20-b8b0-07d7e52faf85 name: default-roles-count0 description: "${role_default-roles}" composite: true composites: realm: - offline_access - uma_authorization client: account: - view-profile - manage-account clientRole: false containerId: count0 attributes: {} - id: 62564c32-9ede-401c-9539-b12161c61b9e name: offline_access description: "${role_offline-access}" composite: false clientRole: false containerId: count0 attributes: {} - id: 73322596-197c-4dd6-b15c-e60ee2ae2bf2 name: count1 composite: false clientRole: false containerId: count0 attributes: {} - id: 0aa06753-f4f6-471a-b6c2-90ab65c960fe name: count2 composite: false clientRole: false containerId: count0 attributes: {} - id: bcc954ae-9cae-4e65-8044-757178afb8e7 name: uma_authorization description: "${role_uma_authorization}" composite: false clientRole: false containerId: count0 attributes: {} client: count1: - id: dc85702e-7b9a-4fe3-b508-ba6c2911a553 name: count1-count1 composite: false clientRole: true containerId: 814dc112-4eaa-4d79-b67d-c56ec58b667d attributes: {} - id: 8ca90cc8-5846-4af3-8d67-59637b60aa67 name: count1-count2 composite: false clientRole: true containerId: 814dc112-4eaa-4d79-b67d-c56ec58b667d attributes: {} - id: 026cc9d9-8bec-4598-89b9-07e5cac2d261 name: count1-count0 composite: false clientRole: true containerId: 814dc112-4eaa-4d79-b67d-c56ec58b667d attributes: {} count2: - id: 9b30a355-c544-45f5-8b4d-77c797c518ad name: count2-count1 composite: false clientRole: true containerId: 363a2d11-f108-4601-ac99-1492326fb965 attributes: {} - id: 96c4cf02-60ec-469b-8fb0-cfbd2cdcd668 name: count2-count0 composite: false clientRole: true containerId: 363a2d11-f108-4601-ac99-1492326fb965 attributes: {} - id: e154dc95-c90b-446a-b8a2-ec2acea2b1fa name: count2-count2 composite: false clientRole: true containerId: 363a2d11-f108-4601-ac99-1492326fb965 attributes: {} realm-management: - id: 5b2334dd-fb70-4454-ad6a-9ff9922d05a3 name: manage-users description: "${role_manage-users}" composite: false clientRole: true containerId: a3890d4c-f2ba-41e9-a0a2-ab644681efa6 attributes: {} - id: d2a8141c-bc34-4091-b06d-ae5fe89e7c95 name: impersonation description: "${role_impersonation}" composite: false clientRole: true containerId: a3890d4c-f2ba-41e9-a0a2-ab644681efa6 attributes: {} - id: 480cc091-2ea3-47d9-ac1b-d4b23bceaaf3 name: query-users description: "${role_query-users}" composite: false clientRole: true containerId: a3890d4c-f2ba-41e9-a0a2-ab644681efa6 attributes: {} - id: 55407170-0249-4528-9754-7b2ed0a7e66d name: view-events description: "${role_view-events}" composite: false clientRole: true containerId: a3890d4c-f2ba-41e9-a0a2-ab644681efa6 attributes: {} - id: 4b3ab5d8-f6d8-4e2c-a8f8-73288fd795cd name: view-realm description: "${role_view-realm}" composite: false clientRole: true containerId: a3890d4c-f2ba-41e9-a0a2-ab644681efa6 attributes: {} - id: f891606c-53ca-4016-ac1d-63db511920a3 name: realm-admin description: "${role_realm-admin}" composite: true composites: client: realm-management: - manage-users - query-users - impersonation - view-events - view-realm - query-clients - view-authorization - view-clients - manage-authorization - view-identity-providers - query-groups - manage-identity-providers - manage-events - manage-realm - query-realms - create-client - manage-clients - view-users clientRole: true containerId: a3890d4c-f2ba-41e9-a0a2-ab644681efa6 attributes: {} - id: 364de0ba-8c23-4f3a-a976-baebe67ed214 name: query-clients description: "${role_query-clients}" composite: false clientRole: true containerId: a3890d4c-f2ba-41e9-a0a2-ab644681efa6 attributes: {} - id: 49ffec23-bf9e-42b2-8056-0215e77076d1 name: view-authorization description: "${role_view-authorization}" composite: false clientRole: true containerId: a3890d4c-f2ba-41e9-a0a2-ab644681efa6 attributes: {} - id: 68330c4e-3728-4886-8fb4-f2367b018aa3 name: manage-authorization description: "${role_manage-authorization}" composite: false clientRole: true containerId: a3890d4c-f2ba-41e9-a0a2-ab644681efa6 attributes: {} - id: 41efa448-9770-4e61-a544-a3ff8691cd57 name: view-clients description: "${role_view-clients}" composite: true composites: client: realm-management: - query-clients clientRole: true containerId: a3890d4c-f2ba-41e9-a0a2-ab644681efa6 attributes: {} - id: 7fdcbae6-d073-4ead-a7ec-091d2d84ea4a name: view-identity-providers description: "${role_view-identity-providers}" composite: false clientRole: true containerId: a3890d4c-f2ba-41e9-a0a2-ab644681efa6 attributes: {} - id: 7b890fde-b854-4d90-baf0-5b9c9e0b4ea6 name: manage-identity-providers description: "${role_manage-identity-providers}" composite: false clientRole: true containerId: a3890d4c-f2ba-41e9-a0a2-ab644681efa6 attributes: {} - id: 4adeb720-65b2-4bb2-bfd5-82e10cc09f8e name: query-groups description: "${role_query-groups}" composite: false clientRole: true containerId: a3890d4c-f2ba-41e9-a0a2-ab644681efa6 attributes: {} - id: 52d2867c-ef0d-48d9-81b4-89a9e0f986df name: manage-events description: "${role_manage-events}" composite: false clientRole: true containerId: a3890d4c-f2ba-41e9-a0a2-ab644681efa6 attributes: {} - id: 67d3f7db-131c-44df-ad5a-6b41eaecb835 name: manage-realm description: "${role_manage-realm}" composite: false clientRole: true containerId: a3890d4c-f2ba-41e9-a0a2-ab644681efa6 attributes: {} - id: cbcbcc57-9742-47cb-910b-d795df46327b name: query-realms description: "${role_query-realms}" composite: false clientRole: true containerId: a3890d4c-f2ba-41e9-a0a2-ab644681efa6 attributes: {} - id: 74ff0c3a-90cd-4ad2-8c6e-f024d40d5f0a name: create-client description: "${role_create-client}" composite: false clientRole: true containerId: a3890d4c-f2ba-41e9-a0a2-ab644681efa6 attributes: {} - id: 7e884119-1623-4b56-ae72-e33941f30a46 name: manage-clients description: "${role_manage-clients}" composite: false clientRole: true containerId: a3890d4c-f2ba-41e9-a0a2-ab644681efa6 attributes: {} - id: a0ef6938-57f1-46bd-bf45-b4eb0ee14723 name: view-users description: "${role_view-users}" composite: true composites: client: realm-management: - query-users - query-groups clientRole: true containerId: a3890d4c-f2ba-41e9-a0a2-ab644681efa6 attributes: {} count0: - id: 44e64e53-4bb2-4b51-93f4-7df74ad22168 name: count0-count0 composite: false clientRole: true containerId: 06ff4737-f005-495a-8755-4e7bcdffbc30 attributes: {} - id: 41d429f0-0993-4f00-bf29-8799ddd6af13 name: count0-count2 composite: false clientRole: true containerId: 06ff4737-f005-495a-8755-4e7bcdffbc30 attributes: {} - id: 522ffb44-d76a-4118-9d95-a99e4a6cd4af name: count0-count1 composite: false clientRole: true containerId: 06ff4737-f005-495a-8755-4e7bcdffbc30 attributes: {} security-admin-console: [] admin-cli: [] account-console: [] broker: - id: 77536924-22e3-4f93-9949-e684f5f9df6e name: read-token description: "${role_read-token}" composite: false clientRole: true containerId: 18730050-7e05-432c-93e1-cd758ae6a776 attributes: {} account: - id: 052ec680-28fe-45c6-9013-dd3151cdedc8 name: view-profile description: "${role_view-profile}" composite: false clientRole: true containerId: a3fa25e9-f927-436e-b4ff-32926fd776be attributes: {} - id: 2416518b-f8db-4b7c-a3d5-d97d8a8bb932 name: manage-account-links description: "${role_manage-account-links}" composite: false clientRole: true containerId: a3fa25e9-f927-436e-b4ff-32926fd776be attributes: {} - id: 8b1b17bf-97c7-427a-88f2-9dc9198beb8e name: view-applications description: "${role_view-applications}" composite: false clientRole: true containerId: a3fa25e9-f927-436e-b4ff-32926fd776be attributes: {} - id: 9eef4927-3d35-49de-97c4-93a6c9af0171 name: view-consent description: "${role_view-consent}" composite: false clientRole: true containerId: a3fa25e9-f927-436e-b4ff-32926fd776be attributes: {} - id: ff51791a-0dd9-4d97-90e6-9cb9ad2f4ee2 name: delete-account description: "${role_delete-account}" composite: false clientRole: true containerId: a3fa25e9-f927-436e-b4ff-32926fd776be attributes: {} - id: a3314060-34e6-4596-81f3-f21d81fa8877 name: manage-consent description: "${role_manage-consent}" composite: true composites: client: account: - view-consent clientRole: true containerId: a3fa25e9-f927-436e-b4ff-32926fd776be attributes: {} - id: c2ccc00f-02be-46d5-b52e-6d26ef823615 name: manage-account description: "${role_manage-account}" composite: true composites: client: account: - manage-account-links clientRole: true containerId: a3fa25e9-f927-436e-b4ff-32926fd776be attributes: {} groups: - id: 1f433252-3f96-44a2-95b4-db3ee2c4e224 name: count0 path: "/count0" attributes: {} realmRoles: [] clientRoles: {} subGroups: [] - id: afd4225b-1982-478b-a3ec-0a29ba8e127e name: count1 path: "/count1" attributes: {} realmRoles: [] clientRoles: {} subGroups: [] - id: 3993c319-c7a1-4bd0-b4cc-353ba7318e33 name: count2 path: "/count2" attributes: {} realmRoles: [] clientRoles: {} subGroups: [] defaultRole: id: 999fa353-a573-4a20-b8b0-07d7e52faf85 name: default-roles-count0 description: "${role_default-roles}" composite: true clientRole: false containerId: count0 requiredCredentials: - password passwordPolicy: hashIterations(3) otpPolicyType: totp otpPolicyAlgorithm: HmacSHA1 otpPolicyInitialCounter: 0 otpPolicyDigits: 6 otpPolicyLookAheadWindow: 1 otpPolicyPeriod: 30 otpSupportedApplications: - FreeOTP - Google Authenticator webAuthnPolicyRpEntityName: keycloak webAuthnPolicySignatureAlgorithms: - ES256 webAuthnPolicyRpId: '' webAuthnPolicyAttestationConveyancePreference: not specified webAuthnPolicyAuthenticatorAttachment: not specified webAuthnPolicyRequireResidentKey: not specified webAuthnPolicyUserVerificationRequirement: not specified webAuthnPolicyCreateTimeout: 0 webAuthnPolicyAvoidSameAuthenticatorRegister: false webAuthnPolicyAcceptableAaguids: [] webAuthnPolicyPasswordlessRpEntityName: keycloak webAuthnPolicyPasswordlessSignatureAlgorithms: - ES256 webAuthnPolicyPasswordlessRpId: '' webAuthnPolicyPasswordlessAttestationConveyancePreference: not specified webAuthnPolicyPasswordlessAuthenticatorAttachment: not specified webAuthnPolicyPasswordlessRequireResidentKey: not specified webAuthnPolicyPasswordlessUserVerificationRequirement: not specified webAuthnPolicyPasswordlessCreateTimeout: 0 webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister: false webAuthnPolicyPasswordlessAcceptableAaguids: [] scopeMappings: - clientScope: offline_access roles: - offline_access clientScopeMappings: account: - client: account-console roles: - manage-account clients: - id: a3fa25e9-f927-436e-b4ff-32926fd776be clientId: account name: "${client_account}" rootUrl: "${authBaseUrl}" baseUrl: "/realms/count0/account/" surrogateAuthRequired: false enabled: true alwaysDisplayInConsole: false clientAuthenticatorType: client-secret redirectUris: - "/realms/count0/account/*" webOrigins: [] notBefore: 0 bearerOnly: false consentRequired: false standardFlowEnabled: true implicitFlowEnabled: false directAccessGrantsEnabled: false serviceAccountsEnabled: false publicClient: true frontchannelLogout: false protocol: openid-connect attributes: {} authenticationFlowBindingOverrides: {} fullScopeAllowed: false nodeReRegistrationTimeout: 0 defaultClientScopes: - web-origins - profile - roles - email optionalClientScopes: - address - phone - offline_access - microprofile-jwt - id: 70e036ed-30f1-4a32-bf05-582fe24baa76 clientId: account-console name: "${client_account-console}" rootUrl: "${authBaseUrl}" baseUrl: "/realms/count0/account/" surrogateAuthRequired: false enabled: true alwaysDisplayInConsole: false clientAuthenticatorType: client-secret redirectUris: - "/realms/count0/account/*" webOrigins: [] notBefore: 0 bearerOnly: false consentRequired: false standardFlowEnabled: true implicitFlowEnabled: false directAccessGrantsEnabled: false serviceAccountsEnabled: false publicClient: true frontchannelLogout: false protocol: openid-connect attributes: pkce.code.challenge.method: S256 authenticationFlowBindingOverrides: {} fullScopeAllowed: false nodeReRegistrationTimeout: 0 protocolMappers: - id: 2ae09f01-7ec3-4cef-ac18-81c4749ae4c6 name: audience resolve protocol: openid-connect protocolMapper: oidc-audience-resolve-mapper consentRequired: false config: {} defaultClientScopes: - web-origins - profile - roles - email optionalClientScopes: - address - phone - offline_access - microprofile-jwt - id: 00f48072-5b8b-4e50-b97b-e2dcacabd753 clientId: admin-cli name: "${client_admin-cli}" surrogateAuthRequired: false enabled: true alwaysDisplayInConsole: false clientAuthenticatorType: client-secret redirectUris: [] webOrigins: [] notBefore: 0 bearerOnly: false consentRequired: false standardFlowEnabled: false implicitFlowEnabled: false directAccessGrantsEnabled: true serviceAccountsEnabled: false publicClient: true frontchannelLogout: false protocol: openid-connect attributes: {} authenticationFlowBindingOverrides: {} fullScopeAllowed: false nodeReRegistrationTimeout: 0 defaultClientScopes: - web-origins - profile - roles - email optionalClientScopes: - address - phone - offline_access - microprofile-jwt - id: 18730050-7e05-432c-93e1-cd758ae6a776 clientId: broker name: "${client_broker}" surrogateAuthRequired: false enabled: true alwaysDisplayInConsole: false clientAuthenticatorType: client-secret redirectUris: [] webOrigins: [] notBefore: 0 bearerOnly: true consentRequired: false standardFlowEnabled: true implicitFlowEnabled: false directAccessGrantsEnabled: false serviceAccountsEnabled: false publicClient: false frontchannelLogout: false protocol: openid-connect attributes: {} authenticationFlowBindingOverrides: {} fullScopeAllowed: false nodeReRegistrationTimeout: 0 defaultClientScopes: - web-origins - profile - roles - email optionalClientScopes: - address - phone - offline_access - microprofile-jwt - id: 06ff4737-f005-495a-8755-4e7bcdffbc30 clientId: count0 name: count0 surrogateAuthRequired: false enabled: true alwaysDisplayInConsole: false clientAuthenticatorType: client-secret secret: count0-secret redirectUris: - "*" webOrigins: [] notBefore: 0 bearerOnly: false consentRequired: false standardFlowEnabled: true implicitFlowEnabled: false directAccessGrantsEnabled: true serviceAccountsEnabled: false publicClient: false frontchannelLogout: false protocol: openid-connect attributes: backchannel.logout.session.required: 'true' backchannel.logout.revoke.offline.tokens: 'false' authenticationFlowBindingOverrides: {} fullScopeAllowed: true nodeReRegistrationTimeout: -1 defaultClientScopes: - web-origins - profile - roles - email optionalClientScopes: - address - phone - offline_access - microprofile-jwt - id: 814dc112-4eaa-4d79-b67d-c56ec58b667d clientId: count1 name: count1 surrogateAuthRequired: false enabled: true alwaysDisplayInConsole: false clientAuthenticatorType: client-secret secret: count1-secret redirectUris: - "*" webOrigins: [] notBefore: 0 bearerOnly: false consentRequired: false standardFlowEnabled: true implicitFlowEnabled: false directAccessGrantsEnabled: true serviceAccountsEnabled: false publicClient: false frontchannelLogout: false protocol: openid-connect attributes: backchannel.logout.session.required: 'true' backchannel.logout.revoke.offline.tokens: 'false' authenticationFlowBindingOverrides: {} fullScopeAllowed: true nodeReRegistrationTimeout: -1 defaultClientScopes: - web-origins - profile - roles - email optionalClientScopes: - address - phone - offline_access - microprofile-jwt - id: 363a2d11-f108-4601-ac99-1492326fb965 clientId: count2 name: count2 surrogateAuthRequired: false enabled: true alwaysDisplayInConsole: false clientAuthenticatorType: client-secret secret: count2-secret redirectUris: - "*" webOrigins: [] notBefore: 0 bearerOnly: false consentRequired: false standardFlowEnabled: true implicitFlowEnabled: false directAccessGrantsEnabled: true serviceAccountsEnabled: false publicClient: false frontchannelLogout: false protocol: openid-connect attributes: backchannel.logout.session.required: 'true' backchannel.logout.revoke.offline.tokens: 'false' authenticationFlowBindingOverrides: {} fullScopeAllowed: true nodeReRegistrationTimeout: -1 defaultClientScopes: - web-origins - profile - roles - email optionalClientScopes: - address - phone - offline_access - microprofile-jwt - id: a3890d4c-f2ba-41e9-a0a2-ab644681efa6 clientId: realm-management name: "${client_realm-management}" surrogateAuthRequired: false enabled: true alwaysDisplayInConsole: false clientAuthenticatorType: client-secret redirectUris: [] webOrigins: [] notBefore: 0 bearerOnly: true consentRequired: false standardFlowEnabled: true implicitFlowEnabled: false directAccessGrantsEnabled: false serviceAccountsEnabled: false publicClient: false frontchannelLogout: false protocol: openid-connect attributes: {} authenticationFlowBindingOverrides: {} fullScopeAllowed: false nodeReRegistrationTimeout: 0 defaultClientScopes: - web-origins - profile - roles - email optionalClientScopes: - address - phone - offline_access - microprofile-jwt - id: e267ec9d-feef-427b-85e0-04005e833862 clientId: security-admin-console name: "${client_security-admin-console}" rootUrl: "${authAdminUrl}" baseUrl: "/admin/count0/console/" surrogateAuthRequired: false enabled: true alwaysDisplayInConsole: false clientAuthenticatorType: client-secret redirectUris: - "/admin/count0/console/*" webOrigins: - "+" notBefore: 0 bearerOnly: false consentRequired: false standardFlowEnabled: true implicitFlowEnabled: false directAccessGrantsEnabled: false serviceAccountsEnabled: false publicClient: true frontchannelLogout: false protocol: openid-connect attributes: pkce.code.challenge.method: S256 authenticationFlowBindingOverrides: {} fullScopeAllowed: false nodeReRegistrationTimeout: 0 protocolMappers: - id: 0ddb8d6f-1dc0-4438-9f3f-58b44494ac64 name: locale protocol: openid-connect protocolMapper: oidc-usermodel-attribute-mapper consentRequired: false config: userinfo.token.claim: 'true' user.attribute: locale id.token.claim: 'true' access.token.claim: 'true' claim.name: locale jsonType.label: String defaultClientScopes: - web-origins - profile - roles - email optionalClientScopes: - address - phone - offline_access - microprofile-jwt clientScopes: - id: ecc31530-edfc-4b32-a590-ff2bb3196a2f name: microprofile-jwt description: Microprofile - JWT built-in scope protocol: openid-connect attributes: include.in.token.scope: 'true' display.on.consent.screen: 'false' protocolMappers: - id: ae7b37a8-64ac-4e76-b8ab-506fbbe361db name: upn protocol: openid-connect protocolMapper: oidc-usermodel-property-mapper consentRequired: false config: userinfo.token.claim: 'true' user.attribute: username id.token.claim: 'true' access.token.claim: 'true' claim.name: upn jsonType.label: String - id: 73601a4f-3458-4c5c-b477-2643cba7af69 name: groups protocol: openid-connect protocolMapper: oidc-usermodel-realm-role-mapper consentRequired: false config: multivalued: 'true' user.attribute: foo id.token.claim: 'true' access.token.claim: 'true' claim.name: groups jsonType.label: String - id: fa7ec00a-9b33-41f5-aaf9-40e039c81819 name: offline_access description: 'OpenID Connect built-in scope: offline_access' protocol: openid-connect attributes: consent.screen.text: "${offlineAccessScopeConsentText}" display.on.consent.screen: 'true' - id: aa3ddce8-c8b1-4878-ad5f-8ea1a8751ff5 name: address description: 'OpenID Connect built-in scope: address' protocol: openid-connect attributes: include.in.token.scope: 'true' display.on.consent.screen: 'true' consent.screen.text: "${addressScopeConsentText}" protocolMappers: - id: 82c7b138-ae7c-4106-9e3d-4b8a0febf737 name: address protocol: openid-connect protocolMapper: oidc-address-mapper consentRequired: false config: user.attribute.formatted: formatted user.attribute.country: country user.attribute.postal_code: postal_code userinfo.token.claim: 'true' user.attribute.street: street id.token.claim: 'true' user.attribute.region: region access.token.claim: 'true' user.attribute.locality: locality - id: a4a63ca3-6eba-44ba-acc3-098e3fea5866 name: profile description: 'OpenID Connect built-in scope: profile' protocol: openid-connect attributes: include.in.token.scope: 'true' display.on.consent.screen: 'true' consent.screen.text: "${profileScopeConsentText}" protocolMappers: - id: 3238cfd9-2d1f-4597-8942-063163d61bb6 name: family name protocol: openid-connect protocolMapper: oidc-usermodel-property-mapper consentRequired: false config: userinfo.token.claim: 'true' user.attribute: lastName id.token.claim: 'true' access.token.claim: 'true' claim.name: family_name jsonType.label: String - id: 1b3aa687-e407-4d59-a7b6-987e0cfa7d17 name: username protocol: openid-connect protocolMapper: oidc-usermodel-property-mapper consentRequired: false config: userinfo.token.claim: 'true' user.attribute: username id.token.claim: 'true' access.token.claim: 'true' claim.name: preferred_username jsonType.label: String - id: 7a6f9b34-4c02-4b27-98c4-6f75dca53a9f name: updated at protocol: openid-connect protocolMapper: oidc-usermodel-attribute-mapper consentRequired: false config: userinfo.token.claim: 'true' user.attribute: updatedAt id.token.claim: 'true' access.token.claim: 'true' claim.name: updated_at jsonType.label: String - id: 88303fbe-1894-4db7-8699-334373f288ce name: full name protocol: openid-connect protocolMapper: oidc-full-name-mapper consentRequired: false config: id.token.claim: 'true' access.token.claim: 'true' userinfo.token.claim: 'true' - id: e137e9ac-23cd-4ab9-a00d-7f1eb033d430 name: given name protocol: openid-connect protocolMapper: oidc-usermodel-property-mapper consentRequired: false config: userinfo.token.claim: 'true' user.attribute: firstName id.token.claim: 'true' access.token.claim: 'true' claim.name: given_name jsonType.label: String - id: 5085b73e-6a8a-4564-a942-69869170d707 name: middle name protocol: openid-connect protocolMapper: oidc-usermodel-attribute-mapper consentRequired: false config: userinfo.token.claim: 'true' user.attribute: middleName id.token.claim: 'true' access.token.claim: 'true' claim.name: middle_name jsonType.label: String - id: a381d7e8-0a34-4afa-ad15-fe3a4129e40d name: gender protocol: openid-connect protocolMapper: oidc-usermodel-attribute-mapper consentRequired: false config: userinfo.token.claim: 'true' user.attribute: gender id.token.claim: 'true' access.token.claim: 'true' claim.name: gender jsonType.label: String - id: c617aea6-a25c-4862-8b07-6448b55c863b name: zoneinfo protocol: openid-connect protocolMapper: oidc-usermodel-attribute-mapper consentRequired: false config: userinfo.token.claim: 'true' user.attribute: zoneinfo id.token.claim: 'true' access.token.claim: 'true' claim.name: zoneinfo jsonType.label: String - id: 564e11ea-c489-4100-8ae6-8ac18589a6f7 name: nickname protocol: openid-connect protocolMapper: oidc-usermodel-attribute-mapper consentRequired: false config: userinfo.token.claim: 'true' user.attribute: nickname id.token.claim: 'true' access.token.claim: 'true' claim.name: nickname jsonType.label: String - id: 31d5a631-44a3-4c0b-8f58-a35c59ff27d2 name: profile protocol: openid-connect protocolMapper: oidc-usermodel-attribute-mapper consentRequired: false config: userinfo.token.claim: 'true' user.attribute: profile id.token.claim: 'true' access.token.claim: 'true' claim.name: profile jsonType.label: String - id: 6203f059-62fa-430e-8ad2-3ed5ad9d8a28 name: website protocol: openid-connect protocolMapper: oidc-usermodel-attribute-mapper consentRequired: false config: userinfo.token.claim: 'true' user.attribute: website id.token.claim: 'true' access.token.claim: 'true' claim.name: website jsonType.label: String - id: 4c127c38-28b8-4336-89e0-35817f7de486 name: birthdate protocol: openid-connect protocolMapper: oidc-usermodel-attribute-mapper consentRequired: false config: userinfo.token.claim: 'true' user.attribute: birthdate id.token.claim: 'true' access.token.claim: 'true' claim.name: birthdate jsonType.label: String - id: 9793c2e9-da3c-4ea7-8921-41ac2f342871 name: picture protocol: openid-connect protocolMapper: oidc-usermodel-attribute-mapper consentRequired: false config: userinfo.token.claim: 'true' user.attribute: picture id.token.claim: 'true' access.token.claim: 'true' claim.name: picture jsonType.label: String - id: 8e1a1db5-c0c2-4b80-9482-0bbb0bb6cc44 name: locale protocol: openid-connect protocolMapper: oidc-usermodel-attribute-mapper consentRequired: false config: userinfo.token.claim: 'true' user.attribute: locale id.token.claim: 'true' access.token.claim: 'true' claim.name: locale jsonType.label: String - id: 39625d61-d028-46e5-ab31-ece2729ca40d name: phone description: 'OpenID Connect built-in scope: phone' protocol: openid-connect attributes: include.in.token.scope: 'true' display.on.consent.screen: 'true' consent.screen.text: "${phoneScopeConsentText}" protocolMappers: - id: 224df6d4-4fce-471b-8613-1d8b155d7707 name: phone number verified protocol: openid-connect protocolMapper: oidc-usermodel-attribute-mapper consentRequired: false config: userinfo.token.claim: 'true' user.attribute: phoneNumberVerified id.token.claim: 'true' access.token.claim: 'true' claim.name: phone_number_verified jsonType.label: boolean - id: 737d9256-29fc-4f28-814e-d4b06caf8675 name: phone number protocol: openid-connect protocolMapper: oidc-usermodel-attribute-mapper consentRequired: false config: userinfo.token.claim: 'true' user.attribute: phoneNumber id.token.claim: 'true' access.token.claim: 'true' claim.name: phone_number jsonType.label: String - id: 07d20365-6c6b-4339-bab0-16981d98176c name: role_list description: SAML role list protocol: saml attributes: consent.screen.text: "${samlRoleListScopeConsentText}" display.on.consent.screen: 'true' protocolMappers: - id: 5f557a3c-9286-4d4f-a661-67bd7911ca45 name: role list protocol: saml protocolMapper: saml-role-list-mapper consentRequired: false config: single: 'false' attribute.nameformat: Basic attribute.name: Role - id: 89d71aba-11f1-4ca7-92e2-24d648803ebd name: roles description: OpenID Connect scope for add user roles to the access token protocol: openid-connect attributes: include.in.token.scope: 'false' display.on.consent.screen: 'true' consent.screen.text: "${rolesScopeConsentText}" protocolMappers: - id: 4cc3d1e3-46d9-4f9f-9eca-b8553562233c name: client roles protocol: openid-connect protocolMapper: oidc-usermodel-client-role-mapper consentRequired: false config: user.attribute: foo access.token.claim: 'true' claim.name: resource_access.${client_id}.roles jsonType.label: String multivalued: 'true' - id: b7fa3a7b-e8b5-4f64-aec7-8f6d19d038c9 name: realm roles protocol: openid-connect protocolMapper: oidc-usermodel-realm-role-mapper consentRequired: false config: user.attribute: foo access.token.claim: 'true' claim.name: realm_access.roles jsonType.label: String multivalued: 'true' - id: 77745c36-2d5e-45c9-9a75-aecc4a5ce746 name: audience resolve protocol: openid-connect protocolMapper: oidc-audience-resolve-mapper consentRequired: false config: {} - id: c02a1055-c804-4178-8d7e-29dd5e02960e name: web-origins description: OpenID Connect scope for add allowed web origins to the access token protocol: openid-connect attributes: include.in.token.scope: 'false' display.on.consent.screen: 'false' consent.screen.text: '' protocolMappers: - id: bf82da2c-a436-442d-bb3b-59792a972d5e name: allowed web origins protocol: openid-connect protocolMapper: oidc-allowed-origins-mapper consentRequired: false config: {} - id: c5fc8764-6f26-4116-80bb-58d6d9a2a05d name: email description: 'OpenID Connect built-in scope: email' protocol: openid-connect attributes: include.in.token.scope: 'true' display.on.consent.screen: 'true' consent.screen.text: "${emailScopeConsentText}" protocolMappers: - id: 36c022a6-0f1f-4340-8db2-2fd1ed3a9cc5 name: email verified protocol: openid-connect protocolMapper: oidc-usermodel-property-mapper consentRequired: false config: userinfo.token.claim: 'true' user.attribute: emailVerified id.token.claim: 'true' access.token.claim: 'true' claim.name: email_verified jsonType.label: boolean - id: b1c410b3-d19d-4477-a3cb-2d19e1d2155d name: email protocol: openid-connect protocolMapper: oidc-usermodel-property-mapper consentRequired: false config: userinfo.token.claim: 'true' user.attribute: email id.token.claim: 'true' access.token.claim: 'true' claim.name: email jsonType.label: String defaultDefaultClientScopes: - role_list - profile - email - roles - web-origins defaultOptionalClientScopes: - offline_access - address - phone - microprofile-jwt browserSecurityHeaders: contentSecurityPolicyReportOnly: '' xContentTypeOptions: nosniff xRobotsTag: none xFrameOptions: SAMEORIGIN contentSecurityPolicy: frame-src 'self'; frame-ancestors 'self'; object-src 'none'; xXSSProtection: 1; mode=block strictTransportSecurity: max-age=31536000; includeSubDomains smtpServer: {} eventsEnabled: false eventsListeners: - jboss-logging enabledEventTypes: [] adminEventsEnabled: false adminEventsDetailsEnabled: false identityProviders: [] identityProviderMappers: [] components: org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy: - id: d6442b11-c554-47ef-b6e1-69a5a0000364 name: Consent Required providerId: consent-required subType: anonymous subComponents: {} config: {} - id: 406d8415-c40f-4649-b724-30ba83d09a02 name: Full Scope Disabled providerId: scope subType: anonymous subComponents: {} config: {} - id: 20e9c9db-106e-447c-a193-f8c0d8cf9ed7 name: Trusted Hosts providerId: trusted-hosts subType: anonymous subComponents: {} config: host-sending-registration-request-must-match: - 'true' client-uris-must-match: - 'true' - id: 1a60d807-6ddd-46dc-af19-e674e9f44542 name: Allowed Protocol Mapper Types providerId: allowed-protocol-mappers subType: authenticated subComponents: {} config: allowed-protocol-mapper-types: - oidc-full-name-mapper - oidc-address-mapper - saml-role-list-mapper - saml-user-property-mapper - oidc-sha256-pairwise-sub-mapper - oidc-usermodel-attribute-mapper - oidc-usermodel-property-mapper - saml-user-attribute-mapper - id: 903f4cc5-6c44-4c05-9f9b-984138e60544 name: Allowed Client Scopes providerId: allowed-client-templates subType: authenticated subComponents: {} config: allow-default-scopes: - 'true' - id: 29a13944-475a-477a-977c-6ef89725c085 name: Max Clients Limit providerId: max-clients subType: anonymous subComponents: {} config: max-clients: - '200' - id: 4041fe42-8b4b-4e85-a109-9236fab6b324 name: Allowed Protocol Mapper Types providerId: allowed-protocol-mappers subType: anonymous subComponents: {} config: allowed-protocol-mapper-types: - oidc-usermodel-attribute-mapper - oidc-sha256-pairwise-sub-mapper - oidc-address-mapper - saml-user-attribute-mapper - oidc-usermodel-property-mapper - saml-role-list-mapper - saml-user-property-mapper - oidc-full-name-mapper - id: 77a52ff4-148e-4b06-9dc6-3516d968b2ce name: Allowed Client Scopes providerId: allowed-client-templates subType: anonymous subComponents: {} config: allow-default-scopes: - 'true' org.keycloak.keys.KeyProvider: - id: 8cace249-1435-4621-8108-93341221b28f name: rsa-enc-generated providerId: rsa-enc-generated subComponents: {} config: privateKey: - MIIEpAIBAAKCAQEAj5zfa0uOR1AdSOdbAWt9CN290kSX61pzklP+cu/P2cDNHPS7h+nzrO4Le678bB8Y6u0akFOqtVzv+CR4Yoy/3VH7QnTV7FYGWqBAFhPEGGUtzdjY4xlxjZaBEItcbrzbzDV6GfVhsdK2ckAxcnXRW91ElyTx5VAYJ4s7yC7LSzLFMSwPcdi5KT6emotfi4RWnGfElRgw+YZapr+3jt77QME8vLSHh0OTtsZZUz5RMR67lC/QacN6M8lxJq1ue5S2UwocviZQBkgofZU2WoEwfjVfm0GJeBOuelalG6rds7D3uS0CxxnSPBjYi/lmQy8PPCstJEp0G8fJLc3C+KTLHQIDAQABAoIBABy3oNGCxUurUH/Qi5koFlOci6WtQ7ezWaLsGth+7dA8RofAxHM0LB7rZu5vmlhAi6oGiaZMpLkpgW7cVBpYzNED4Lt0Q4bD2PdsTgRcJX0/Vj5wW0ZmQxet/dcCFxSpvUYDd4wTTlrRqNwFzB14Q8ob3+hdYeWZ84qMxAKOoOZDTmx8BRvi2JU99aEKCGQVK/pnFkY6ImES3MPPYzb5xOCV79ElY4W+PFrkjmAaI35CjBmSMyu1Fsw+YQWjiqaCnCBUsdtnar4dTUsr+qfMsXP8OAd2RBEGCfcaQstwQJk+/JWKS6XpisGtlrKKfCbBrDDtBkS+AwGoZC3TOFWzyX0CgYEA2ftFwZtiAnBTfh5lb5lX61fxLWmxuvRdzjfpaj2J6odIUEppWRGCloIvZO+hbPR2RGodaLsMi/hOLwcuL+xQwt2WU32n2kDVokTLjTXth2rhhOBTwqop6yCQJI8DuNDGnZxhz5cY6kfrbI9oC8aXls/Gex/nDWOqZipvdvVSneMCgYEAqKkWCOv43PgfIV0xTEiQUUF5IuTVYsFKbLIcbjTt7QcqMQzTyvzSAHIWCoJFo4LiR9lycRmVOUIKp/TIl0PRaFrFiNM7ZSgTihmV9Mju+rxxwvGApXkIlrsmjjC99a5lKz0lMRzgIjOUa4jmeK6ugKzBYgceHf+keKI3IIfXQv8CgYEAinz2m4OBqDT/BqB/J4DP98hehNCixzlbo5moJQRF7AfY7JHqDllukvrQ65rG/zbtMJgOaSx1UzQFUCGKuY203aj0ScUKcEJCuB5nCCcb6q3/63CuJn3/tc9xZJir765MkXP6PG4tuSLKMqWFn/2i74DABBeHrt0ENHZ/bJ99xqsCgYEAgs0vY5fuFyDus6dctjaIhhvq4F7sBny1RXsUhXvTEcI+vG+gSYqtKt9PrLK/Y0H8T5CaKpCWpCNNtFgowPc9jlrnW2fGZnsgPDf/jinO/PHsoC0/ghVNzegyzI+Mot6vY0s2btJgGOY7svInG20NtIlGKMowVz+NxGi5rCbtkO0CgYBneU5jFiH0vdL0Hb5AbRynDM+pDCT+4zwG5XuwcaqWDzMlILiF5tb4P6nPnD8zXbRcLAsu1Be24+6hPgyN8zQVJtM9PNSaIN4zgZ9T4oqCDhF5q68bD1zTLPpnopzdRaeZynhqfhPZZj+xx07gIGiqxx94W5EjM2KuIurMA9FYnQ== keyUse: - ENC certificate: - MIICmzCCAYMCBgF+Q5OajjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZjb3VudDAwHhcNMjIwMTEwMTAzOTEzWhcNMzIwMTEwMTA0MDUzWjARMQ8wDQYDVQQDDAZjb3VudDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCPnN9rS45HUB1I51sBa30I3b3SRJfrWnOSU/5y78/ZwM0c9LuH6fOs7gt7rvxsHxjq7RqQU6q1XO/4JHhijL/dUftCdNXsVgZaoEAWE8QYZS3N2NjjGXGNloEQi1xuvNvMNXoZ9WGx0rZyQDFyddFb3USXJPHlUBgnizvILstLMsUxLA9x2LkpPp6ai1+LhFacZ8SVGDD5hlqmv7eO3vtAwTy8tIeHQ5O2xllTPlExHruUL9Bpw3ozyXEmrW57lLZTChy+JlAGSCh9lTZagTB+NV+bQYl4E656VqUbqt2zsPe5LQLHGdI8GNiL+WZDLw88Ky0kSnQbx8ktzcL4pMsdAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAE1dmmhuTDnlV1vDXjmblX43t0Y3MbNIN1xjNgYGT0rWXEAGkbzcc0737//qgkaPJRgB31QYF4Gf96VCrjteccN+9KqVYqmLOxR1t4kvku9d5ngjvu67TpwdRE55ZCtxcQnsc/bWQ2A8dtHzN+t2N7SyGcouwgWgRLdKN3u0/VR2x/CXWfW2oGOn9haqVwPvq1h8hvNppq13hIbIsgk7WszS3mS2S2krwpzT1rCg1NkTwqBCvaknH8xtVW0UPFVXpCbEpLvJpW5Tg960yEzr2COADq2maaOMY0FAlJfSiFIfZeDCaGg7k6fjA+ie2fz/eaC8Umwn81jJ8VwWAuRYpmc= priority: - '100' algorithm: - RSA-OAEP - id: 276936ea-cab7-44f3-a53e-f22b385d4ccf name: hmac-generated providerId: hmac-generated subComponents: {} config: kid: - cf46b046-a67f-4bac-97c2-34734255d684 secret: - S5wpZlTvlK-SP7aq9POCWteEoPLHdMYmylYaszygthd8TgbdP1-ChgxgBsczgNUT9ohnt6no04vooV4WQmJvlQ priority: - '100' algorithm: - HS256 - id: 6cc34748-da8a-41e3-b595-97b7930ca250 name: rsa-generated providerId: rsa-generated subComponents: {} config: privateKey: - MIIEowIBAAKCAQEAs7rVeqkys7yWA3ONKhmamLHOcrem9reOet2dn2G8HFFPDPrRZSvDpWll70AjwYUQEdpEjrKk20vH2ZbCsq++Dt1ewMzmuiZclZBxpDrn7lOjIxuG2pocOtzahAammYBtAtkW6MuGmOgw1WwKNOMfnSukgx+4t1lLSzs55jnikNRycXrm6y5ad7v/vX4fGUs+GRSTO7UCRR6nhlz4DR9RSpQfCONsE8K0a/DAvMGNVKovIPi/7D5reLXxpylr/2ojLBClO0LQqwrC/WAUb7AiJgbKWTlcebZSB9Ei9mh/5B1U7xTPoHdcQInt7vPKKx7TMMmhm1j3m9PMRHzLD2lvlwIDAQABAoIBAAIlApMaHb7DS07zPAX6lDuqM3pu8pETE6Inrs/ODL6Rwc232HPKl+ULYun96+9NNSnhXtwNCaaMOvA/ukcDjdMDlTPbvg0OlCA8vv5krYvMd6/djjhhimCxbfIRWj+Opr5X9MwGUa7VZm/FgEGtTB1F/gqKgFu/twRIyqISor9zpFLnz4luyom65x9AfeoBE4C7vkPynZa2/lH4n6ihhc+1BkDjTyvL5RgI6Z5sNob9hvF0+urBVrm3Y2AxyfMfdgfA2qR/iICKJyAZi8OPls9X6nOmJhTauIeEdNG9GQT2u3HxCgiHL21WYq4hVuVV3JHjGINGw9zaxMT/rd1kifECgYEA+28t/RI0KKy4gpe+G6m042DVzVtFzrXfnAZm6/e7UwTLWzjrVKyvDD1M84vWQbyHdUrywB3kvwcxz7euk0Bb4Uwjr0rUmOwzZBZLNes931EQx6vE2oeYoqmKrRIkd9Gs1E0bltKx5C78F0vtwpHmz5tIwwF3oP/SVG8w57yLcBsCgYEAtv5T+H/Tky1oCd0zhOkLDtVM2Z6sPkEkhE8zto7IrVaInTZAF7IFnbrAEYAyWZq8nA0LxPeDvxXRCImdgA8gNljC7aPE+DZxV54vwgBnAlzoVAG4CH33QfM7OEh3gdT53Lqx3Uh2Qt08pVz1+vAM1S4qUGcMLXxfN77jgMNZTjUCgYEA6iaXxV32hQqUqcl2mXxpoHbFpQCi+eYV3892ebmzEZUdbE6NmcVXHybXStenKIDSBUFO3+r2449nq/F6+latOhsWAGDHq8IL+eFpGUWB0T5FSi2EnZ45XwJUyuhiXdM+CFfmoYaFc+LtkSR8vv3w3NXX5QKwzZZv4YHLIYRMtpECgYA1LBN0OphcxK3dZ+QHc7vd1IbfGScNc9pLg8QQAM845tMNc20ONZFCMriKnUiEFt1FLtlDo3QpuwohQ/N6+WovwHzrllGumgs3HWTdJ0bHPf3YIyO5e/izthx4Dz6CgEMWKz1xghOy/BwaJLfo8YWZEDAFatvz/5afWR08FgdGHQKBgBaAMRn2t++Jdxm0Wk79HRmaVSrOwP6WNpToQWm/PpQouoaEnyfNarf3IPDSNrFYgoeWJc34c00GyFBs7Uljjmk3jYH5EqOdVPiSS/YmhAGS8vo4uyHTDrtIkjWkkZPuRSZd3jeUyn6tgJf2YKY0jciDrnRlsaPy9prZEpLmtIix keyUse: - SIG certificate: - MIICmzCCAYMCBgF+Q5OZ1TANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZjb3VudDAwHhcNMjIwMTEwMTAzOTEzWhcNMzIwMTEwMTA0MDUzWjARMQ8wDQYDVQQDDAZjb3VudDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzutV6qTKzvJYDc40qGZqYsc5yt6b2t4563Z2fYbwcUU8M+tFlK8OlaWXvQCPBhRAR2kSOsqTbS8fZlsKyr74O3V7AzOa6JlyVkHGkOufuU6MjG4bamhw63NqEBqaZgG0C2Rboy4aY6DDVbAo04x+dK6SDH7i3WUtLOznmOeKQ1HJxeubrLlp3u/+9fh8ZSz4ZFJM7tQJFHqeGXPgNH1FKlB8I42wTwrRr8MC8wY1Uqi8g+L/sPmt4tfGnKWv/aiMsEKU7QtCrCsL9YBRvsCImBspZOVx5tlIH0SL2aH/kHVTvFM+gd1xAie3u88orHtMwyaGbWPeb08xEfMsPaW+XAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAKwbmH0289mlqrs6wK6a2uT7PhT+vnB4SL0i1xXKgeWZtd5Uikynxuu0yvV7PKVcG4VtaK1Gz9kcFw9tU+gjyuiebSI4MkiKCGDtot7Jf5MqFsAZOEFjO8dWoYm/XT9kFyP8xGBafWuy3UvvWUvBIkhGmhtIJsOjQ8ab8KsUvRX2xQVEYJVkvHbNw4bZWsRJukiyILLaSV+pVgRf35McczvFD6ZmgJyXlzs3BuO1TxkzGceuWuO2oT0/ygGNBi5D3yBrSbL2sXhTCozf++fqvD8nYLoHxxmjtj8BreDLz4UceeuVQ3eb6pH19AheEL+44oWkoroCh3K+PnRSPvkrsII= priority: - '100' - id: e435e7cb-6d41-47f7-b019-cea2d65cd776 name: aes-generated providerId: aes-generated subComponents: {} config: kid: - 80aec488-3bdc-454f-8113-d7b3d1211bb8 secret: - 8VZ6d3C4um6pyB4jPc9jhw priority: - '100' internationalizationEnabled: false supportedLocales: [] authenticationFlows: - id: faed7652-9765-494a-ba3a-ce7a9d69d0eb alias: Account verification options description: Method with which to verity the existing account providerId: basic-flow topLevel: false builtIn: true authenticationExecutions: - authenticator: idp-email-verification authenticatorFlow: false requirement: ALTERNATIVE priority: 10 userSetupAllowed: false autheticatorFlow: false - authenticatorFlow: true requirement: ALTERNATIVE priority: 20 flowAlias: Verify Existing Account by Re-authentication userSetupAllowed: false autheticatorFlow: true - id: c4bc9194-9ab0-46a3-966f-686c6f39026e alias: Authentication Options description: Authentication options. providerId: basic-flow topLevel: false builtIn: true authenticationExecutions: - authenticator: basic-auth authenticatorFlow: false requirement: REQUIRED priority: 10 userSetupAllowed: false autheticatorFlow: false - authenticator: basic-auth-otp authenticatorFlow: false requirement: DISABLED priority: 20 userSetupAllowed: false autheticatorFlow: false - authenticator: auth-spnego authenticatorFlow: false requirement: DISABLED priority: 30 userSetupAllowed: false autheticatorFlow: false - id: 7d4ed634-e61f-4245-b117-8e64f19f0cbd alias: Browser - Conditional OTP description: Flow to determine if the OTP is required for the authentication providerId: basic-flow topLevel: false builtIn: true authenticationExecutions: - authenticator: conditional-user-configured authenticatorFlow: false requirement: REQUIRED priority: 10 userSetupAllowed: false autheticatorFlow: false - authenticator: auth-otp-form authenticatorFlow: false requirement: REQUIRED priority: 20 userSetupAllowed: false autheticatorFlow: false - id: 79c88077-d077-4b2b-b318-018c71b22f94 alias: Direct Grant - Conditional OTP description: Flow to determine if the OTP is required for the authentication providerId: basic-flow topLevel: false builtIn: true authenticationExecutions: - authenticator: conditional-user-configured authenticatorFlow: false requirement: REQUIRED priority: 10 userSetupAllowed: false autheticatorFlow: false - authenticator: direct-grant-validate-otp authenticatorFlow: false requirement: REQUIRED priority: 20 userSetupAllowed: false autheticatorFlow: false - id: 0711a798-7630-47f2-93a9-4a241883fd10 alias: First broker login - Conditional OTP description: Flow to determine if the OTP is required for the authentication providerId: basic-flow topLevel: false builtIn: true authenticationExecutions: - authenticator: conditional-user-configured authenticatorFlow: false requirement: REQUIRED priority: 10 userSetupAllowed: false autheticatorFlow: false - authenticator: auth-otp-form authenticatorFlow: false requirement: REQUIRED priority: 20 userSetupAllowed: false autheticatorFlow: false - id: 0b526122-b897-4201-8eef-bec54e545d09 alias: Handle Existing Account description: Handle what to do if there is existing account with same email/username like authenticated identity provider providerId: basic-flow topLevel: false builtIn: true authenticationExecutions: - authenticator: idp-confirm-link authenticatorFlow: false requirement: REQUIRED priority: 10 userSetupAllowed: false autheticatorFlow: false - authenticatorFlow: true requirement: REQUIRED priority: 20 flowAlias: Account verification options userSetupAllowed: false autheticatorFlow: true - id: 3453f13a-f65f-4548-acd4-41b113deff4c alias: Reset - Conditional OTP description: Flow to determine if the OTP should be reset or not. Set to REQUIRED to force. providerId: basic-flow topLevel: false builtIn: true authenticationExecutions: - authenticator: conditional-user-configured authenticatorFlow: false requirement: REQUIRED priority: 10 userSetupAllowed: false autheticatorFlow: false - authenticator: reset-otp authenticatorFlow: false requirement: REQUIRED priority: 20 userSetupAllowed: false autheticatorFlow: false - id: 376a76cb-b1ec-476f-8765-1038565e7b07 alias: User creation or linking description: Flow for the existing/non-existing user alternatives providerId: basic-flow topLevel: false builtIn: true authenticationExecutions: - authenticatorConfig: create unique user config authenticator: idp-create-user-if-unique authenticatorFlow: false requirement: ALTERNATIVE priority: 10 userSetupAllowed: false autheticatorFlow: false - authenticatorFlow: true requirement: ALTERNATIVE priority: 20 flowAlias: Handle Existing Account userSetupAllowed: false autheticatorFlow: true - id: 4824971c-53d8-40a4-ad70-2f9c52c58efb alias: Verify Existing Account by Re-authentication description: Reauthentication of existing account providerId: basic-flow topLevel: false builtIn: true authenticationExecutions: - authenticator: idp-username-password-form authenticatorFlow: false requirement: REQUIRED priority: 10 userSetupAllowed: false autheticatorFlow: false - authenticatorFlow: true requirement: CONDITIONAL priority: 20 flowAlias: First broker login - Conditional OTP userSetupAllowed: false autheticatorFlow: true - id: 6fdbec3d-a275-4f3c-ac07-e39186b3c095 alias: browser description: browser based authentication providerId: basic-flow topLevel: true builtIn: true authenticationExecutions: - authenticator: auth-cookie authenticatorFlow: false requirement: ALTERNATIVE priority: 10 userSetupAllowed: false autheticatorFlow: false - authenticator: auth-spnego authenticatorFlow: false requirement: DISABLED priority: 20 userSetupAllowed: false autheticatorFlow: false - authenticator: identity-provider-redirector authenticatorFlow: false requirement: ALTERNATIVE priority: 25 userSetupAllowed: false autheticatorFlow: false - authenticatorFlow: true requirement: ALTERNATIVE priority: 30 flowAlias: forms userSetupAllowed: false autheticatorFlow: true - id: 051a345a-fe24-42e3-9850-17537cdf846d alias: clients description: Base authentication for clients providerId: client-flow topLevel: true builtIn: true authenticationExecutions: - authenticator: client-secret authenticatorFlow: false requirement: ALTERNATIVE priority: 10 userSetupAllowed: false autheticatorFlow: false - authenticator: client-jwt authenticatorFlow: false requirement: ALTERNATIVE priority: 20 userSetupAllowed: false autheticatorFlow: false - authenticator: client-secret-jwt authenticatorFlow: false requirement: ALTERNATIVE priority: 30 userSetupAllowed: false autheticatorFlow: false - authenticator: client-x509 authenticatorFlow: false requirement: ALTERNATIVE priority: 40 userSetupAllowed: false autheticatorFlow: false - id: 4bcfaa9e-e23e-4a49-ae37-d9e635339816 alias: direct grant description: OpenID Connect Resource Owner Grant providerId: basic-flow topLevel: true builtIn: true authenticationExecutions: - authenticator: direct-grant-validate-username authenticatorFlow: false requirement: REQUIRED priority: 10 userSetupAllowed: false autheticatorFlow: false - authenticator: direct-grant-validate-password authenticatorFlow: false requirement: REQUIRED priority: 20 userSetupAllowed: false autheticatorFlow: false - authenticatorFlow: true requirement: CONDITIONAL priority: 30 flowAlias: Direct Grant - Conditional OTP userSetupAllowed: false autheticatorFlow: true - id: 78f4d173-44c2-4dbe-b1b6-2b86f90d836e alias: docker auth description: Used by Docker clients to authenticate against the IDP providerId: basic-flow topLevel: true builtIn: true authenticationExecutions: - authenticator: docker-http-basic-authenticator authenticatorFlow: false requirement: REQUIRED priority: 10 userSetupAllowed: false autheticatorFlow: false - id: 98a30528-5f73-4eb3-b89b-7bf06cbbc47d alias: first broker login description: Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account providerId: basic-flow topLevel: true builtIn: true authenticationExecutions: - authenticatorConfig: review profile config authenticator: idp-review-profile authenticatorFlow: false requirement: REQUIRED priority: 10 userSetupAllowed: false autheticatorFlow: false - authenticatorFlow: true requirement: REQUIRED priority: 20 flowAlias: User creation or linking userSetupAllowed: false autheticatorFlow: true - id: a25ad287-43c1-4dcd-aca5-f7b5e5907780 alias: forms description: Username, password, otp and other auth forms. providerId: basic-flow topLevel: false builtIn: true authenticationExecutions: - authenticator: auth-username-password-form authenticatorFlow: false requirement: REQUIRED priority: 10 userSetupAllowed: false autheticatorFlow: false - authenticatorFlow: true requirement: CONDITIONAL priority: 20 flowAlias: Browser - Conditional OTP userSetupAllowed: false autheticatorFlow: true - id: c23d0e26-4b72-4834-b184-67bb6120115b alias: http challenge description: An authentication flow based on challenge-response HTTP Authentication Schemes providerId: basic-flow topLevel: true builtIn: true authenticationExecutions: - authenticator: no-cookie-redirect authenticatorFlow: false requirement: REQUIRED priority: 10 userSetupAllowed: false autheticatorFlow: false - authenticatorFlow: true requirement: REQUIRED priority: 20 flowAlias: Authentication Options userSetupAllowed: false autheticatorFlow: true - id: fabd90c2-92a2-41a2-bf04-5edf88890f9a alias: registration description: registration flow providerId: basic-flow topLevel: true builtIn: true authenticationExecutions: - authenticator: registration-page-form authenticatorFlow: true requirement: REQUIRED priority: 10 flowAlias: registration form userSetupAllowed: false autheticatorFlow: true - id: 7e271f7e-0275-49b5-9f92-4bd6b4d4ae69 alias: registration form description: registration form providerId: form-flow topLevel: false builtIn: true authenticationExecutions: - authenticator: registration-user-creation authenticatorFlow: false requirement: REQUIRED priority: 20 userSetupAllowed: false autheticatorFlow: false - authenticator: registration-profile-action authenticatorFlow: false requirement: REQUIRED priority: 40 userSetupAllowed: false autheticatorFlow: false - authenticator: registration-password-action authenticatorFlow: false requirement: REQUIRED priority: 50 userSetupAllowed: false autheticatorFlow: false - authenticator: registration-recaptcha-action authenticatorFlow: false requirement: DISABLED priority: 60 userSetupAllowed: false autheticatorFlow: false - id: ad20fc9c-ea61-4fd0-8bda-ada4f4f159e5 alias: reset credentials description: Reset credentials for a user if they forgot their password or something providerId: basic-flow topLevel: true builtIn: true authenticationExecutions: - authenticator: reset-credentials-choose-user authenticatorFlow: false requirement: REQUIRED priority: 10 userSetupAllowed: false autheticatorFlow: false - authenticator: reset-credential-email authenticatorFlow: false requirement: REQUIRED priority: 20 userSetupAllowed: false autheticatorFlow: false - authenticator: reset-password authenticatorFlow: false requirement: REQUIRED priority: 30 userSetupAllowed: false autheticatorFlow: false - authenticatorFlow: true requirement: CONDITIONAL priority: 40 flowAlias: Reset - Conditional OTP userSetupAllowed: false autheticatorFlow: true - id: 1081e874-c7b0-42db-861f-1e4ca34af878 alias: saml ecp description: SAML ECP Profile Authentication Flow providerId: basic-flow topLevel: true builtIn: true authenticationExecutions: - authenticator: http-basic-authenticator authenticatorFlow: false requirement: REQUIRED priority: 10 userSetupAllowed: false autheticatorFlow: false authenticatorConfig: - id: '009d3d66-0a89-4c03-8b15-f031c0afc28c' alias: create unique user config config: require.password.update.after.registration: 'false' - id: a25071db-f600-4e5b-9c0d-dee20f15d1bf alias: review profile config config: update.profile.on.first.login: missing requiredActions: - alias: CONFIGURE_TOTP name: Configure OTP providerId: CONFIGURE_TOTP enabled: true defaultAction: false priority: 10 config: {} - alias: terms_and_conditions name: Terms and Conditions providerId: terms_and_conditions enabled: false defaultAction: false priority: 20 config: {} - alias: UPDATE_PASSWORD name: Update Password providerId: UPDATE_PASSWORD enabled: true defaultAction: false priority: 30 config: {} - alias: UPDATE_PROFILE name: Update Profile providerId: UPDATE_PROFILE enabled: true defaultAction: false priority: 40 config: {} - alias: VERIFY_EMAIL name: Verify Email providerId: VERIFY_EMAIL enabled: true defaultAction: false priority: 50 config: {} - alias: delete_account name: Delete Account providerId: delete_account enabled: false defaultAction: false priority: 60 config: {} - alias: update_user_locale name: Update User Locale providerId: update_user_locale enabled: true defaultAction: false priority: 1000 config: {} browserFlow: browser registrationFlow: registration directGrantFlow: direct grant resetCredentialsFlow: reset credentials clientAuthenticationFlow: clients dockerAuthenticationFlow: docker auth attributes: cibaBackchannelTokenDeliveryMode: poll cibaExpiresIn: '120' cibaAuthRequestedUserHint: login_hint oauth2DeviceCodeLifespan: '600' oauth2DevicePollingInterval: '5' parRequestUriLifespan: '60' cibaInterval: '5' keycloakVersion: 16.1.0 userManagedAccessAllowed: false clientProfiles: profiles: [] clientPolicies: policies: []